-
Notifications
You must be signed in to change notification settings - Fork 7
/
.pre-commit-config.yaml
108 lines (106 loc) · 3.43 KB
/
.pre-commit-config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
---
# See https://pre-commit.com for more information
# See https://pre-commit.com/hooks.html for more hooks
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.6.0
hooks:
# Git style
- id: check-added-large-files
args: ['--maxkb=1024']
- id: check-merge-conflict
- id: check-vcs-permalinks
- id: forbid-new-submodules
# - id: no-commit-to-branch
# exclude: 'main'
# Common errors
- id: end-of-file-fixer
- id: trailing-whitespace
args: [--markdown-linebreak-ext=md]
exclude: .gitlab-ci.yml
# exclude: |
# (?x)^(
# README.md|
# .gitlab-ci.yml
# )$
- id: check-yaml
- id: check-merge-conflict
# BUG: Currently detects README.md as executable
# - id: check-executables-have-shebangs
- id: check-symlinks
- id: check-json
# Cross platform
- id: check-case-conflict
- id: mixed-line-ending
args: [--fix=lf]
# Security
- id: detect-aws-credentials
args: ['--allow-missing-credentials']
- id: detect-private-key
- repo: https://github.com/antonbabenko/pre-commit-terraform
rev: v1.91.0
hooks:
# - id: terraform_docs
# args:
# - --hook-config=--path-to-file=docs/README.md # Valid UNIX path. I.e. ../TFDOC.md or docs/README.md etc.
# - --hook-config=--add-to-existing-file=true # Boolean. true or false
# - --hook-config=--create-file-if-not-exist=true
# - id: terraform_tfsec
# - id: terraform_trivy
# files: ^aws/
# # args:
# # - --args=--ignorefile=.trivyignore
# # - --args=--skip-dirs="**/.terraform"
- id: terraform_checkov
args:
- --args=--skip-check CKV2_GHA_1
- --args=--skip-check CKV_TF_2
- id: terraform_fmt
args:
- --args=-no-color
- --args=-diff
- --args=-write=false
# - repo: https://github.com/gruntwork-io/pre-commit
# rev: v0.1.23
# hooks:
# - id: tflint
# args:
# - "--module"
# - "--config=.tflint.hcl"
# - id: terraform-validate
# - id: terraform-fmt
# Dockerfile linter
- repo: https://github.com/hadolint/hadolint
rev: v2.10.0
hooks:
- id: hadolint
args: [
# Ignore Do not use apt
'--ignore', 'DL3027',
# Ignore Using latest
'--ignore', 'DL3007',
# Ignore Not related to alpine
'--ignore', 'DL4006',
# Ignore Useless check
'--ignore', 'SC1091',
# Ignore Useless check
'--ignore', 'SC2015',
# Ignore Not related to alpine
'--ignore', 'SC3037',
# Ignore Pin versions in pip
'--ignore', 'DL3013',
# Ignore Pin versions in apt get install
'--ignore', 'DL3008',
# Ignore Delete the apt-get lists after installing something
'--ignore', 'DL3009',
# Ignore Avoid additional packages by specifying
# `--no-install-recommends`
'--ignore', 'DL3015',
# Ignore WORKSPACE to switch directory
'--ignore', 'DL3003',
# Ignore Multiple RUN Commands
'--ignore', 'DL3059',
# Ignore Declare and assign separately to avoid
# masking return values.
'--ignore', 'SC2155',
]