redbox/.pre-commit-config.yaml at dev · uktrade/redbox · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
# See https://pre-commit.com for more information
# See https://pre-commit.com/hooks.html for more hooks
repos:
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v6.0.0
    hooks:
      - id: check-added-large-files
        name: Check for files larger than 5 MB
        args: ["--maxkb=5120"]
      - id: end-of-file-fixer
        name: Check for a blank line at the end of scripts (auto-fixes)
        exclude: '\.Rd'
      - id: trailing-whitespace
        args: ["--markdown-linebreak-ext=md,markdown"]
        name: Check for trailing whitespaces (auto-fixes)
      - id: check-yaml
        name: Check yaml files
      - id: check-ast
        name: Check whether files parse as valid python
      - id: check-merge-conflict
        name: Check for files that contain merge conflicts
      - id: debug-statements
        name: Check for debugger imports and breakpoint calls in python source
      - id: detect-private-key
        name: Check for existence of private keys
      - id: detect-aws-credentials
        args: ["--allow-missing-credentials"]
        name: Check for existence of AWS secrets
      - id: check-executables-have-shebangs
        name: Check for executable files without shebangs
      - id: check-json
        name: Check JSON files for syntax errors
        exclude: 'tests/data/csv/user_update.json'
      - id: check-case-conflict

  - repo: https://github.com/kynan/nbstripout
    rev: 0.9.1
    hooks:
      - id: nbstripout

  - repo: https://github.com/Yelp/detect-secrets
    rev: v1.5.0
    hooks:
      - id: detect-secrets
        exclude: poetry.lock
        args:
          - --baseline
          - .secrets.baseline
        name: Detect sensitive data (passwords, keys, etc.)

  - repo: https://github.com/uktrade/github-standards
    rev: v1.4.0
    hooks:
      - id: validate-security-scan
      - id: run-security-scan
        name: run-security-scan
        stages: [pre-commit]
        verbose: true
        require_serial: true

  - repo: local
    hooks:
      - id: detect-ip
        name: Detect IP addresses
        entry: '^(?!0\.0\.0\.|127\.0\.0\.1)\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}'
        language: pygrep
        exclude: ^static/|\.lock
        files: .
      - id: detect-aws-account
        name: Detect AWS account numbers
        language: pygrep
        entry: ':\d{12}:'
      - id: make-format
        name: Run make format
        entry: make format
        language: system
        pass_filenames: false
      - id: no-files
        stages: [pre-commit]
        name: Prevent data files
        entry: '\.(docx|doc|pdf|xlsx|csv|txt|log)$'
        language: fail
        description: Prevent committing data files (.docx, .pdf, .xlsx, .csv, .txt, .log)
        exclude: '\.(txt|md|png|gif|woff|woff2|ico|baseline|lock|toml|py|js|css|scss|html|sh|ipynb|svg|env|example|yml|yaml|gitkeep|env\.notebook|jsonl)$|^(Make|Proc)file$|^\.vscode/|^(unstructured|django_app)/Dockerfile$|^tests/|^django_app/tests/|^(redbox|django_app)/.vscode/|^django_app/(frontend|static|files)/.*\.(json|lottie|parcelrc|pdf)$|devcontainer.json$|^notebooks/evaluation/data_results/.*\.json$|^\.editorconfig$|^\.gitattributes$|^\.gitignore$|^\.tool-versions$|^LICENCE$|^CODEOWNERS'