.markdown-style.rb

@@ -0,0 +1,2 @@
+all # Import all rules
+exclude_rule "MD013" # Ignore Line length

.mdlrc

@@ -0,0 +1,2 @@
+style "#{File.dirname(__FILE__)}/.markdown-style.rb"
+git_recurse true

.pre-commit-config.yaml

@@ -1,13 +1,3 @@
-exclude: |
-  (?x)
-  .drawio$|
-  ^test/.*.json$|
-  tsconfig.json$|
-  .diff$|
-  .patch$|
-  .min.|
-  ^states/common/setup/files/01-netzbegruenung.sh$|
-  ^states/common/setup/files/01-verdigado.sh$
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v4.6.0
@@ -40,6 +30,10 @@ repos:
     rev: v0.9.0.5
     hooks:
       - id: shellcheck
+  - repo: https://github.com/gitleaks/gitleaks
+    rev: v8.16.1
+    hooks:
+      - id: gitleaks
   - repo: local
     hooks:
       - id: check-ssh-keys
@@ -49,12 +43,6 @@ repos:
         files: ^pillars/users/.+\.sls$
         additional_dependencies: ['pyyaml==6.0.1'] # Renovate can't parse it, yet https://github.com/renovatebot/renovate/issues/20780 # TODO
 
-      - id: check-codeowners
-        name: check CODEOWNERS for alphabetical comment order
-        entry: python build/check-alphabetical-comments.py
-        language: python
-        files: CODEOWNERS
-
       - id: prettier # Copied from https://github.com/pre-commit/mirrors-prettier/ instead of referencing it to not rely on their published Prettier versions
         name: Prettier
         description: ''
@@ -65,10 +53,3 @@ repos:
         require_serial: false
         additional_dependencies: ['prettier@3'] # Renovate can't parse this, either. Unspecific to prevent local installs, when global installations are available
         minimum_pre_commit_version: '0'
-
-      - id: git-diff
-        name: git diff
-        entry: git diff --exit-code
-        language: system
-        pass_filenames: false
-        always_run: true

README.md

@@ -0,0 +1,31 @@
+# verdigado pre-commit container
+
+A container image to include all dependencies (and a warmed up cache) used in our [`pre-commit`](https://pre-commit.com/) hooks/CI steps to speed up execution.
+
+If you see any pre-commit CI jobs installing dependencies:
+
+- Make sure to execute `pre-commit` using this container
+- Add the hook to this repo's `.pre-commit-config.yaml`
+- Optionally install dependencies in the `Dockerfile` with the versions set up for `Renovate`
+
+## Usage
+
+In your `.woodpecker.yaml`, adapt and add the following block:
+
+```yaml
+steps:
+  check-pre-commit:
+    image: git.verdigado.com/verdigado-images/container-pre-commit:latest
+    environment:
+      - SKIP=no-commit-to-branch # Ignore "don't commit to protected branch" check
+    commands:
+      - pre-commit run --all-files
+```
+
+If renovate is set up, it'll add and update the pinned digest/hash of the image.
+
+## Development
+
+If you need to copy files into the container, don't forget to add exclusions to the general _exclude all_ in `.dockerignore`.
+
+To update the base image (like `3.12.4-alpine3.20` to a newer Alpine version), manual work is still required. In the `Dockerfile`, update the Alpine version for the image, the renovate comments (`# renovate: datasource=repology depName=alpine_3_20/gcc versioning=loose`), and the package versions for that OS version from the repo (Like on the [Alpine Package Page for gcc](https://pkgs.alpinelinux.org/packages?name=gcc&branch=v3.20&repo=&arch=x86_64)).