infrastructure/.pre-commit-config-maintainer.yaml at main · testing-farm/infrastructure · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
---
repos:
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v4.6.0
    hooks:
      - id: check-added-large-files
      - id: check-ast
      - id: check-docstring-first
      - id: check-executables-have-shebangs
      - id: check-merge-conflict
      - id: check-symlinks
      - id: check-yaml
        args:
          - "--allow-multiple-documents"
          # https://github.com/pre-commit/pre-commit-hooks/issues/273
          - "--unsafe"
        exclude: ^images/bootc/goss.yaml
      - id: detect-private-key
      - id: end-of-file-fixer
      - id: mixed-line-ending
      - id: no-commit-to-branch
        args:
          - "--branch"
          - "main"
      - id: trailing-whitespace

  - repo: https://github.com/ansible-community/ansible-lint.git
    rev: v24.2.2
    hooks:
      - id: ansible-lint
        args: ["--profile", "min"]
        additional_dependencies:
          - ansible-core<2.19

  - repo: https://github.com/gitleaks/gitleaks
    rev: v8.23.3
    hooks:
      - id: gitleaks

  - repo: https://gitlab.com/testing-farm/gitlab-ci-linter
    rev: c3e3ef34b513caf9bf484e4046074e1cd3020379
    hooks:
      - id: gitlab-ci-linter
        args:
          - "--project"
          - "testing-farm/infrastructure"

  # Disallow `.yml` files in the repo, i.e. assume usage of `.yaml` for YAML
  - repo: local
    hooks:
      - id: no-yml-extension
        name: no-yml-extension
        language: fail
        files: \.yml$
        entry: "bash -c 'find . -ina'"
        exclude: .gitlab-ci.yml

  # Terraform linters
  - repo: https://github.com/antonbabenko/pre-commit-terraform
    rev: v1.89.0
    hooks:
      - id: terraform_fmt
        args:
          - --args=-diff
          - --hook-config=--parallelism-ci-cpu-cores=4
      - id: terraform_tflint
      - id: terraform_tfsec
        exclude: |
          (?x)^(
            # well, tfsec does know nothing about terragrunt inputs :(
            terragrunt/environments/.*/server/ec2/.*
          )$
      - id: terragrunt_fmt

  # Generate Artemis pool configs from FMF definitions
  - repo: local
    hooks:
      - id: generate-artemis-pools
        name: generate-artemis-pools
        entry: generate-artemis-pools generate --all
        language: system
        pass_filenames: false
        files: (pools/.*\.fmf|server-header\.yaml\.tftpl)$

  # Validate ansible-vault encrypted JSON secrets
  - repo: local
    hooks:
      - id: check-json-secrets
        name: check-json-secrets
        entry: setup/check_json_secrets.sh
        language: script
        pass_filenames: false
        files: ^ansible/secrets/.*\.json$

  # Generate Public Ranch compose tests
  - repo: local
    hooks:
      - id: generate-public-compose-tests
        name: generate-public-compose-tests
        entry: make generate/public/tests/compose
        language: system
        pass_filenames: false