eps-spine-shared/.pre-commit-config.yaml at main · NHSDigital/eps-spine-shared · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
fail_fast: true
default_stages: [pre-commit]
repos:
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: cef0300fd0fc4d2a87a85fa2093c6b283ea36f4b  # v5.0.0
    hooks:
      - id: trailing-whitespace
      - id: end-of-file-fixer
      - id: check-yaml
      - id: check-added-large-files
      - id: check-merge-conflict
      - id: check-case-conflict
      - id: check-json
        exclude: '\.devcontainer/devcontainer\.json$|tsconfig.*\.json$'
      - id: check-toml
      - id: detect-private-key
      - id: check-shebang-scripts-are-executable

  - repo: local
    hooks:
      - id: grype-scan-local
        name: Grype scan local changes
        entry: make
        args: ["grype-scan-local"]
        language: system
        pass_filenames: false
        always_run: true

      - id: check-commit-signing
        name: Check commit signing
        description: Ensures that commits are GPG signed
        entry: bash
        args:
          - -c
          - |
            if ! git config --get commit.gpgsign | grep -q "true" > /dev/null 2>&1; then
              echo "Error: Commit signing is not enabled."
              echo "Please enable commit signing with:"
              echo "  git config commit.gpgsign true"
              echo ""
              echo "For more information, see: https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits"
              exit 1
            fi
            echo "Commit signing is properly configured."
        language: system
        pass_filenames: false
        always_run: true

      - id: gitleaks
        name: Git Leaks
        description: gitleaks scans commits, commit messages, and --no-ff merges to prevent adding secrets into your git repositories.
        entry: bash
        args:
          - -c
          - "gitleaks git --pre-commit --redact --staged --verbose"
        language: system

      - id: python-pre-commit
        name: Python Pre Commit
        description: Run Python linting and poetry checks
        entry: bash
        args:
          - -c
          - make python-pre-commit
        language: system