Update gitleaks to use native hook #30

Merged
HueHe merged 2 commits from update-gitleaks-hook into main 2024-06-20 12:02:26 +02:00
4 changed files with 39 additions and 23 deletions

2
.markdown-style.rb Normal file
View file

@ -0,0 +1,2 @@
all # Import all rules
exclude_rule "MD013" # Ignore Line length

2
.mdlrc Normal file
View file

@ -0,0 +1,2 @@
style "#{File.dirname(__FILE__)}/.markdown-style.rb"
git_recurse true

View file

@ -1,13 +1,3 @@
exclude: |
(?x)
.drawio$|
^test/.*.json$|
tsconfig.json$|
.diff$|
.patch$|
.min.|
^states/common/setup/files/01-netzbegruenung.sh$|
^states/common/setup/files/01-verdigado.sh$
repos: repos:
- repo: https://github.com/pre-commit/pre-commit-hooks - repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.6.0 rev: v4.6.0
@ -40,6 +30,10 @@ repos:
rev: v0.9.0.5 rev: v0.9.0.5
hooks: hooks:
- id: shellcheck - id: shellcheck
- repo: https://github.com/gitleaks/gitleaks
rev: v8.16.1
hooks:
- id: gitleaks
- repo: local - repo: local
hooks: hooks:
- id: check-ssh-keys - id: check-ssh-keys
@ -49,12 +43,6 @@ repos:
files: ^pillars/users/.+\.sls$ files: ^pillars/users/.+\.sls$
additional_dependencies: ['pyyaml==6.0.1'] # Renovate can't parse it, yet https://github.com/renovatebot/renovate/issues/20780 # TODO additional_dependencies: ['pyyaml==6.0.1'] # Renovate can't parse it, yet https://github.com/renovatebot/renovate/issues/20780 # TODO
- id: check-codeowners
name: check CODEOWNERS for alphabetical comment order
entry: python build/check-alphabetical-comments.py
language: python
files: CODEOWNERS
- id: prettier # Copied from https://github.com/pre-commit/mirrors-prettier/ instead of referencing it to not rely on their published Prettier versions - id: prettier # Copied from https://github.com/pre-commit/mirrors-prettier/ instead of referencing it to not rely on their published Prettier versions
name: Prettier name: Prettier
description: '' description: ''
@ -65,10 +53,3 @@ repos:
require_serial: false require_serial: false
additional_dependencies: ['prettier@3'] # Renovate can't parse this, either. Unspecific to prevent local installs, when global installations are available additional_dependencies: ['prettier@3'] # Renovate can't parse this, either. Unspecific to prevent local installs, when global installations are available
minimum_pre_commit_version: '0' minimum_pre_commit_version: '0'
- id: git-diff
name: git diff
entry: git diff --exit-code
language: system
pass_filenames: false
always_run: true

31
README.md Normal file
View file

@ -0,0 +1,31 @@
# verdigado pre-commit container
A container image to include all dependencies (and a warmed up cache) used in our [`pre-commit`](https://pre-commit.com/) hooks/CI steps to speed up execution.
If you see any pre-commit CI jobs installing dependencies:
- Make sure to execute `pre-commit` using this container
- Add the hook to this repo's `.pre-commit-config.yaml`
- Optionally install dependencies in the `Dockerfile` with the versions set up for `Renovate`
## Usage
In your `.woodpecker.yaml`, adapt and add the following block:
```yaml
steps:
check-pre-commit:
image: git.verdigado.com/verdigado-images/container-pre-commit:latest
environment:
- SKIP=no-commit-to-branch # Ignore "don't commit to protected branch" check
commands:
- pre-commit run --all-files
```
If renovate is set up, it'll add and update the pinned digest/hash of the image.
## Development
If you need to copy files into the container, don't forget to add exclusions to the general _exclude all_ in `.dockerignore`.
To update the base image (like `3.12.4-alpine3.20` to a newer Alpine version), manual work is still required. In the `Dockerfile`, update the Alpine version for the image, the renovate comments (`# renovate: datasource=repology depName=alpine_3_20/gcc versioning=loose`), and the package versions for that OS version from the repo (Like on the [Alpine Package Page for gcc](https://pkgs.alpinelinux.org/packages?name=gcc&branch=v3.20&repo=&arch=x86_64)).