From 2fd071bb7827d940dded421791d2a4e7d588136e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Henrik=20H=C3=BCttemann?= Date: Thu, 20 Jun 2024 11:35:33 +0200 Subject: [PATCH 1/2] Update gitleaks to use native hook --- .pre-commit-config.yaml | 27 ++++----------------------- 1 file changed, 4 insertions(+), 23 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index ecadcac..91c892e 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,13 +1,3 @@ -exclude: | - (?x) - .drawio$| - ^test/.*.json$| - tsconfig.json$| - .diff$| - .patch$| - .min.| - ^states/common/setup/files/01-netzbegruenung.sh$| - ^states/common/setup/files/01-verdigado.sh$ repos: - repo: https://github.com/pre-commit/pre-commit-hooks rev: v4.6.0 @@ -40,6 +30,10 @@ repos: rev: v0.9.0.5 hooks: - id: shellcheck + - repo: https://github.com/gitleaks/gitleaks + rev: v8.16.1 + hooks: + - id: gitleaks - repo: local hooks: - id: check-ssh-keys @@ -49,12 +43,6 @@ repos: files: ^pillars/users/.+\.sls$ additional_dependencies: ['pyyaml==6.0.1'] # Renovate can't parse it, yet https://github.com/renovatebot/renovate/issues/20780 # TODO - - id: check-codeowners - name: check CODEOWNERS for alphabetical comment order - entry: python build/check-alphabetical-comments.py - language: python - files: CODEOWNERS - - id: prettier # Copied from https://github.com/pre-commit/mirrors-prettier/ instead of referencing it to not rely on their published Prettier versions name: Prettier description: '' @@ -65,10 +53,3 @@ repos: require_serial: false additional_dependencies: ['prettier@3'] # Renovate can't parse this, either. Unspecific to prevent local installs, when global installations are available minimum_pre_commit_version: '0' - - - id: git-diff - name: git diff - entry: git diff --exit-code - language: system - pass_filenames: false - always_run: true -- 2.39.5 From 4e449c56a7c982e5ae47a661a546977c11604893 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Henrik=20H=C3=BCttemann?= Date: Thu, 20 Jun 2024 12:00:53 +0200 Subject: [PATCH 2/2] Add README --- .markdown-style.rb | 2 ++ .mdlrc | 2 ++ README.md | 31 +++++++++++++++++++++++++++++++ 3 files changed, 35 insertions(+) create mode 100644 .markdown-style.rb create mode 100644 .mdlrc create mode 100644 README.md diff --git a/.markdown-style.rb b/.markdown-style.rb new file mode 100644 index 0000000..c4366da --- /dev/null +++ b/.markdown-style.rb @@ -0,0 +1,2 @@ +all # Import all rules +exclude_rule "MD013" # Ignore Line length diff --git a/.mdlrc b/.mdlrc new file mode 100644 index 0000000..7cc7d12 --- /dev/null +++ b/.mdlrc @@ -0,0 +1,2 @@ +style "#{File.dirname(__FILE__)}/.markdown-style.rb" +git_recurse true diff --git a/README.md b/README.md new file mode 100644 index 0000000..4e0c04a --- /dev/null +++ b/README.md @@ -0,0 +1,31 @@ +# verdigado pre-commit container + +A container image to include all dependencies (and a warmed up cache) used in our [`pre-commit`](https://pre-commit.com/) hooks/CI steps to speed up execution. + +If you see any pre-commit CI jobs installing dependencies: + +- Make sure to execute `pre-commit` using this container +- Add the hook to this repo's `.pre-commit-config.yaml` +- Optionally install dependencies in the `Dockerfile` with the versions set up for `Renovate` + +## Usage + +In your `.woodpecker.yaml`, adapt and add the following block: + +```yaml +steps: + check-pre-commit: + image: git.verdigado.com/verdigado-images/container-pre-commit:latest + environment: + - SKIP=no-commit-to-branch # Ignore "don't commit to protected branch" check + commands: + - pre-commit run --all-files +``` + +If renovate is set up, it'll add and update the pinned digest/hash of the image. + +## Development + +If you need to copy files into the container, don't forget to add exclusions to the general _exclude all_ in `.dockerignore`. + +To update the base image (like `3.12.4-alpine3.20` to a newer Alpine version), manual work is still required. In the `Dockerfile`, update the Alpine version for the image, the renovate comments (`# renovate: datasource=repology depName=alpine_3_20/gcc versioning=loose`), and the package versions for that OS version from the repo (Like on the [Alpine Package Page for gcc](https://pkgs.alpinelinux.org/packages?name=gcc&branch=v3.20&repo=&arch=x86_64)). -- 2.39.5