Update gitleaks to use native hook #30
4 changed files with 39 additions and 23 deletions
2
.markdown-style.rb
Normal file
2
.markdown-style.rb
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
all # Import all rules
|
||||||
|
exclude_rule "MD013" # Ignore Line length
|
2
.mdlrc
Normal file
2
.mdlrc
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
style "#{File.dirname(__FILE__)}/.markdown-style.rb"
|
||||||
|
git_recurse true
|
|
@ -1,13 +1,3 @@
|
||||||
exclude: |
|
|
||||||
(?x)
|
|
||||||
.drawio$|
|
|
||||||
^test/.*.json$|
|
|
||||||
tsconfig.json$|
|
|
||||||
.diff$|
|
|
||||||
.patch$|
|
|
||||||
.min.|
|
|
||||||
^states/common/setup/files/01-netzbegruenung.sh$|
|
|
||||||
^states/common/setup/files/01-verdigado.sh$
|
|
||||||
repos:
|
repos:
|
||||||
- repo: https://github.com/pre-commit/pre-commit-hooks
|
- repo: https://github.com/pre-commit/pre-commit-hooks
|
||||||
rev: v4.6.0
|
rev: v4.6.0
|
||||||
|
@ -40,6 +30,10 @@ repos:
|
||||||
rev: v0.9.0.5
|
rev: v0.9.0.5
|
||||||
hooks:
|
hooks:
|
||||||
- id: shellcheck
|
- id: shellcheck
|
||||||
|
- repo: https://github.com/gitleaks/gitleaks
|
||||||
|
rev: v8.16.1
|
||||||
|
hooks:
|
||||||
|
- id: gitleaks
|
||||||
- repo: local
|
- repo: local
|
||||||
hooks:
|
hooks:
|
||||||
- id: check-ssh-keys
|
- id: check-ssh-keys
|
||||||
|
@ -49,12 +43,6 @@ repos:
|
||||||
files: ^pillars/users/.+\.sls$
|
files: ^pillars/users/.+\.sls$
|
||||||
additional_dependencies: ['pyyaml==6.0.1'] # Renovate can't parse it, yet https://github.com/renovatebot/renovate/issues/20780 # TODO
|
additional_dependencies: ['pyyaml==6.0.1'] # Renovate can't parse it, yet https://github.com/renovatebot/renovate/issues/20780 # TODO
|
||||||
|
|
||||||
- id: check-codeowners
|
|
||||||
name: check CODEOWNERS for alphabetical comment order
|
|
||||||
entry: python build/check-alphabetical-comments.py
|
|
||||||
language: python
|
|
||||||
files: CODEOWNERS
|
|
||||||
|
|
||||||
- id: prettier # Copied from https://github.com/pre-commit/mirrors-prettier/ instead of referencing it to not rely on their published Prettier versions
|
- id: prettier # Copied from https://github.com/pre-commit/mirrors-prettier/ instead of referencing it to not rely on their published Prettier versions
|
||||||
name: Prettier
|
name: Prettier
|
||||||
description: ''
|
description: ''
|
||||||
|
@ -65,10 +53,3 @@ repos:
|
||||||
require_serial: false
|
require_serial: false
|
||||||
additional_dependencies: ['prettier@3'] # Renovate can't parse this, either. Unspecific to prevent local installs, when global installations are available
|
additional_dependencies: ['prettier@3'] # Renovate can't parse this, either. Unspecific to prevent local installs, when global installations are available
|
||||||
minimum_pre_commit_version: '0'
|
minimum_pre_commit_version: '0'
|
||||||
|
|
||||||
- id: git-diff
|
|
||||||
name: git diff
|
|
||||||
entry: git diff --exit-code
|
|
||||||
language: system
|
|
||||||
pass_filenames: false
|
|
||||||
always_run: true
|
|
||||||
|
|
31
README.md
Normal file
31
README.md
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
# verdigado pre-commit container
|
||||||
|
|
||||||
|
A container image to include all dependencies (and a warmed up cache) used in our [`pre-commit`](https://pre-commit.com/) hooks/CI steps to speed up execution.
|
||||||
|
|
||||||
|
If you see any pre-commit CI jobs installing dependencies:
|
||||||
|
|
||||||
|
- Make sure to execute `pre-commit` using this container
|
||||||
|
- Add the hook to this repo's `.pre-commit-config.yaml`
|
||||||
|
- Optionally install dependencies in the `Dockerfile` with the versions set up for `Renovate`
|
||||||
|
|
||||||
|
## Usage
|
||||||
|
|
||||||
|
In your `.woodpecker.yaml`, adapt and add the following block:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
steps:
|
||||||
|
check-pre-commit:
|
||||||
|
image: git.verdigado.com/verdigado-images/container-pre-commit:latest
|
||||||
|
environment:
|
||||||
|
- SKIP=no-commit-to-branch # Ignore "don't commit to protected branch" check
|
||||||
|
commands:
|
||||||
|
- pre-commit run --all-files
|
||||||
|
```
|
||||||
|
|
||||||
|
If renovate is set up, it'll add and update the pinned digest/hash of the image.
|
||||||
|
|
||||||
|
## Development
|
||||||
|
|
||||||
|
If you need to copy files into the container, don't forget to add exclusions to the general _exclude all_ in `.dockerignore`.
|
||||||
|
|
||||||
|
To update the base image (like `3.12.4-alpine3.20` to a newer Alpine version), manual work is still required. In the `Dockerfile`, update the Alpine version for the image, the renovate comments (`# renovate: datasource=repology depName=alpine_3_20/gcc versioning=loose`), and the package versions for that OS version from the repo (Like on the [Alpine Package Page for gcc](https://pkgs.alpinelinux.org/packages?name=gcc&branch=v3.20&repo=&arch=x86_64)).
|
Loading…
Reference in a new issue