sdk/.pre-commit-config.yaml at main · dreadnode/sdk · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
---
exclude: "^(data/|dreadnode/data/)"
repos:
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v6.0.0
    hooks:
      - id: check-added-large-files
        args: [--maxkb=10240]
      - id: check-case-conflict
      - id: check-merge-conflict
      - id: check-executables-have-shebangs
      - id: check-json
      - id: check-shebang-scripts-are-executable
      - id: check-symlinks
      - id: check-yaml
      - id: detect-private-key
      - id: end-of-file-fixer
      - id: trailing-whitespace

  - repo: https://github.com/rhysd/actionlint
    rev: v1.7.12
    hooks:
      - id: actionlint

  - repo: https://github.com/adrienverge/yamllint.git
    rev: v1.38.0
    hooks:
      - id: yamllint
        entry: yamllint --strict -c .hooks/linters/yamllint.yaml

  - repo: https://github.com/codespell-project/codespell
    rev: v2.4.2
    hooks:
      - id: codespell
        entry: codespell -q 3 -f --skip=".git,.github,README.md,poetry.lock,uv.lock" -L astroid,braket,te,ROUGE,lief,punctuations,asend,beng,teh,hte,adn,yuo,fro,ofr

  # Python code security
  - repo: https://github.com/PyCQA/bandit
    rev: 1.9.4
    hooks:
      - id: bandit
        name: Code security checks
        args: ["-c", "pyproject.toml"]
        additional_dependencies: ["bandit[toml]"]
        exclude: ^tests/

  - repo: https://github.com/Yelp/detect-secrets
    rev: v1.5.0
    hooks:
      - id: detect-secrets
        args: ["--baseline", ".secrets.baseline"]
        exclude: .secrets.baseline

  # Clean jupyter notebook outputs
  - repo: https://github.com/kynan/nbstripout
    rev: 0.9.1
    hooks:
      - id: nbstripout
        args: [--keep-id]

  - repo: local
    hooks:
      # Ensure our GH actions are pinned to a specific hash
      - id: check-github-actions
        name: Check GitHub Actions for Pinned Dependencies
        entry: .hooks/check_pinned_hash_dependencies.py
        language: python
        files: \.github/.*\.yml$

      # Format JSON and YAML files
      - id: prettier
        name: Run prettier
        entry: .hooks/prettier.sh
        language: script
        types: [json, yaml]

      # Post-merge hook to refresh dependencies
      - id: refresh-dependencies
        name: Refresh Dependencies
        entry: .hooks/refresh_dependencies.sh
        language: script
        stages: [post-merge]
        always_run: true

      # Run typing and linting on every commit
      - id: typing-and-linting
        name: Typing and Linting
        entry: .hooks/typing_and_linting.sh
        language: script
        types: [python]
        pass_filenames: false