From 49eab23ad2e9657d520c96828f2744838371ac86 Mon Sep 17 00:00:00 2001
From: Adam Ruberti <adam.ruberti@sbb.ch>
Date: Thu, 24 Oct 2024 09:43:31 +0200
Subject: [PATCH] chore: add hadolint into pre-commit (#83)

additionally:
- pre-commit autoupdate
- added sensitive-data-leak
---
 .github/workflows/ci.yml |  2 +-
 .github/workflows/pr.yml |  4 ++--
 .pre-commit-config.yaml  | 27 +++++++++++++++++++++++----
 .yamlfix.toml            |  2 +-
 CONTRIBUTING.md          |  1 -
 RELEASE.md               |  2 +-
 app/SvgUtils.py          |  2 +-
 entrypoint.sh            |  2 +-
 8 files changed, 30 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 9320d5f..2f37911 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -63,7 +63,7 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db  # v3
       - name: Build and push
-        uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6
+        uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85  # v6
         with:
           context: .
           provenance: false
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
index 2cc256a..06b69cd 100644
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@@ -10,12 +10,12 @@ jobs:
     name: Check commit messages
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332  # v4
         with:
           ref: ${{ github.event.pull_request.head.ref }}
           repository: ${{ github.event.pull_request.head.repo.full_name }}
           fetch-depth: 0
-      - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5
+      - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f  # v5
         with:
           cache: pip  # caching pip dependencies
       - run: pip install commitizen
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 70554c9..9ded80f 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -2,13 +2,15 @@
 default_install_hook_types: [pre-commit, commit-msg]
 repos:
   - repo: https://github.com/lyz-code/yamlfix
-    rev: 1.16.0
+    rev: 1.17.0
     hooks:
       - id: yamlfix
         args: [-c, .yamlfix.toml]
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.6.0
+    rev: v5.0.0
     hooks:
+      - id: check-added-large-files
+      - id: check-case-conflict
       - id: check-merge-conflict
       - id: trailing-whitespace
       - id: check-xml
@@ -16,8 +18,21 @@ repos:
       - id: check-yaml
       - id: no-commit-to-branch
       - id: mixed-line-ending
+      - id: end-of-file-fixer
+  - repo: local
+    hooks:
+      - id: sensitive-data-leak-urls
+        name: Sensitive data leak - URLs
+        entry: (?<!polarion-opensource@)(?<!www\.)sbb\.ch
+        language: pygrep
+        types: [text]
+      - id: sensitive-data-leak-ue-numbers
+        name: Sensitive data leak - UE numbers
+        entry: \b([uUeE]{1,2})\d{5,6}\b
+        language: pygrep
+        types: [text]
   - repo: https://github.com/zricethezav/gitleaks
-    rev: v8.18.4
+    rev: v8.21.1
     hooks:
       - id: gitleaks
   - repo: https://github.com/grigoriev/pre-commit-check-git-user
@@ -26,6 +41,10 @@ repos:
       - id: check-git-config-user-email
         args: [--templates, ^\S+\.\S+@sbb\.ch$]
   - repo: https://github.com/commitizen-tools/commitizen
-    rev: v3.29.0
+    rev: v3.30.0
     hooks:
       - id: commitizen
+  - repo: https://github.com/hadolint/hadolint
+    rev: v2.12.0
+    hooks:
+      - id: hadolint
diff --git a/.yamlfix.toml b/.yamlfix.toml
index 4d8e209..192b583 100644
--- a/.yamlfix.toml
+++ b/.yamlfix.toml
@@ -1,3 +1,3 @@
 allow_duplicate_keys = false
 line_length = 180
-sequence_style = "flow_style"
\ No newline at end of file
+sequence_style = "flow_style"
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index fbeaf36..f60bc7d 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -104,4 +104,3 @@ To ensure consistency throughout the source code, keep these rules in mind as yo
 * All features or bug fixes **must be tested** by one or more specs (unit-tests).
 * All API methods **must be documented**.
 * Also see [CODING_STANDARDS.md](./CODING_STANDARDS.md)
-
diff --git a/RELEASE.md b/RELEASE.md
index d2f26ce..5f80e7d 100644
--- a/RELEASE.md
+++ b/RELEASE.md
@@ -22,4 +22,4 @@ Releases within our project are exclusively overseen by designated code owners,
     ```
     - Then, create a pull request from this branch and merge it manually.
 
-For comprehensive information, please consult the [Release Please documentation](https://github.com/googleapis/release-please).
\ No newline at end of file
+For comprehensive information, please consult the [Release Please documentation](https://github.com/googleapis/release-please).
diff --git a/app/SvgUtils.py b/app/SvgUtils.py
index 08b8e2a..41d90a4 100644
--- a/app/SvgUtils.py
+++ b/app/SvgUtils.py
@@ -199,4 +199,4 @@ def convert_to_px(value, unit):
     elif unit == 'pc':
         return math.ceil(value * 16)
     else:
-        return math.ceil(value) # Unknown unit, assume px
\ No newline at end of file
+        return math.ceil(value) # Unknown unit, assume px
diff --git a/entrypoint.sh b/entrypoint.sh
index d6c137e..5e0aaf4 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -19,4 +19,4 @@ python app/WeasyprintServiceApplication.py &
 
 wait -n
 
-exit $?
\ No newline at end of file
+exit $?