-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.pre-commit-config.yaml
More file actions
133 lines (120 loc) · 3.87 KB
/
.pre-commit-config.yaml
File metadata and controls
133 lines (120 loc) · 3.87 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
# MarkGo Engine - Pre-commit Configuration
# Ensures code quality, security, and consistency across commits
#
# Installation:
# pip install pre-commit
# pre-commit install
#
# Manual run:
# pre-commit run --all-files
repos:
# General file checks
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.6.0
hooks:
- id: trailing-whitespace
exclude: \.md$
- id: end-of-file-fixer
- id: check-yaml
args: ['--unsafe']
- id: check-json
- id: check-toml
- id: check-added-large-files
args: ['--maxkb=1000']
- id: check-case-conflict
- id: check-merge-conflict
- id: check-symlinks
- id: detect-private-key
- id: mixed-line-ending
args: ['--fix=lf']
# Go formatting and imports
- repo: https://github.com/dnephin/pre-commit-golang
rev: v0.5.1
hooks:
- id: go-fmt
- id: go-imports
- id: go-mod-tidy
- id: go-vet-mod
- id: go-unit-tests-mod
args: [-timeout=60s, -race]
- id: go-build-mod
- id: go-cyclo
args: [-over=15]
# Security scanning
- repo: https://github.com/securecodewarrior/github-action-add-sarif
rev: v1
hooks:
- id: gosec
name: gosec (security audit)
entry: gosec
language: golang
pass_filenames: false
args: [-fmt=json, -out=gosec-report.json, -stdout, -verbose=text, ./...]
# Static analysis
- repo: local
hooks:
- id: golangci-lint
name: golangci-lint
entry: golangci-lint
language: golang
types: [go]
require_serial: true
args: [run, --fix]
pass_filenames: false
# Ensure no debug prints
- id: no-go-debugging
name: Check for debugging statements
entry: sh -c 'if grep -r "fmt\.Print\|log\.Print\|println" --include="*.go" --exclude-dir=cmd .; then echo "Found debugging statements in non-CLI code"; exit 1; fi'
language: system
files: \.go$
# Check for TODO/FIXME in production
- id: no-todos-in-prod
name: Check for TODOs/FIXMEs
entry: sh -c 'if grep -r "TODO\|FIXME\|XXX\|HACK" --include="*.go" .; then echo "Found TODO/FIXME comments - resolve before commit"; exit 1; fi'
language: system
files: \.go$
# Version consistency check
- id: version-consistency
name: Check version consistency
entry: scripts/check-version-consistency.sh
language: script
files: (constants\.go|main\.go)$
# Build verification
- id: build-all
name: Build all binaries
entry: make
args: [build-all]
language: system
pass_filenames: false
files: \.go$
# Test coverage check
- id: test-coverage
name: Test coverage check
entry: sh -c 'make coverage && if [ -f coverage.out ]; then COVERAGE=$(go tool cover -func=coverage.out | grep total | grep -o "[0-9.]*%"); echo "Coverage: $COVERAGE"; if [ ${COVERAGE%.*} -lt 80 ]; then echo "Coverage below 80%: $COVERAGE"; exit 1; fi; fi'
language: system
pass_filenames: false
files: \.go$
# Commit message validation
- repo: https://github.com/compilerla/conventional-pre-commit
rev: v3.2.0
hooks:
- id: conventional-pre-commit
stages: [commit-msg]
args: [optional-scope]
# Documentation checks
- repo: https://github.com/igorshubovych/markdownlint-cli
rev: v0.41.0
hooks:
- id: markdownlint
args: [--config=.markdownlint.yaml, --fix]
# Configuration
ci:
autofix_commit_msg: |
[pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
autofix_prs: true
autoupdate_branch: ''
autoupdate_commit_msg: '[pre-commit.ci] pre-commit autoupdate'
autoupdate_schedule: weekly
skip: [golangci-lint, build-all, test-coverage]
submodules: false