From 4f6e01b0cb4514c4f06499d8d8c07e19484e6278 Mon Sep 17 00:00:00 2001
From: Tom Young <39765193+t-young31@users.noreply.github.com>
Date: Tue, 30 Jan 2024 09:51:54 +0000
Subject: [PATCH] feat: Add pre-commit (#8)

* pre-commit

* rm mdl workflow
---
 .github/.secrets.baseline             | 112 ++++++++++++++++++++++++++
 .github/workflows/mdl.yaml            |  12 ---
 .github/workflows/pr-title.yaml       |   2 +-
 .github/workflows/pre-commit.yml      |  26 ++++++
 .github/workflows/terraform-docs.yaml |   2 +-
 .mdlrc                                |   1 -
 .pre-commit-config.yaml               |  24 ++++++
 LICENSE                               |   2 +-
 main.tf                               |   2 +-
 output.tf                             |   2 +-
 variables.tf                          |   2 +-
 versions.tf                           |   2 +-
 12 files changed, 169 insertions(+), 20 deletions(-)
 create mode 100644 .github/.secrets.baseline
 delete mode 100644 .github/workflows/mdl.yaml
 create mode 100644 .github/workflows/pre-commit.yml
 delete mode 100644 .mdlrc
 create mode 100644 .pre-commit-config.yaml

diff --git a/.github/.secrets.baseline b/.github/.secrets.baseline
new file mode 100644
index 0000000..c72a6c2
--- /dev/null
+++ b/.github/.secrets.baseline
@@ -0,0 +1,112 @@
+{
+  "version": "1.4.0",
+  "plugins_used": [
+    {
+      "name": "ArtifactoryDetector"
+    },
+    {
+      "name": "AWSKeyDetector"
+    },
+    {
+      "name": "AzureStorageKeyDetector"
+    },
+    {
+      "name": "Base64HighEntropyString",
+      "limit": 4.5
+    },
+    {
+      "name": "BasicAuthDetector"
+    },
+    {
+      "name": "CloudantDetector"
+    },
+    {
+      "name": "DiscordBotTokenDetector"
+    },
+    {
+      "name": "GitHubTokenDetector"
+    },
+    {
+      "name": "HexHighEntropyString",
+      "limit": 3.0
+    },
+    {
+      "name": "IbmCloudIamDetector"
+    },
+    {
+      "name": "IbmCosHmacDetector"
+    },
+    {
+      "name": "JwtTokenDetector"
+    },
+    {
+      "name": "KeywordDetector",
+      "keyword_exclude": ""
+    },
+    {
+      "name": "MailchimpDetector"
+    },
+    {
+      "name": "NpmDetector"
+    },
+    {
+      "name": "PrivateKeyDetector"
+    },
+    {
+      "name": "SendGridDetector"
+    },
+    {
+      "name": "SlackDetector"
+    },
+    {
+      "name": "SoftlayerDetector"
+    },
+    {
+      "name": "SquareOAuthDetector"
+    },
+    {
+      "name": "StripeDetector"
+    },
+    {
+      "name": "TwilioKeyDetector"
+    }
+  ],
+  "filters_used": [
+    {
+      "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
+    },
+    {
+      "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
+      "min_level": 2
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_indirect_reference"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_likely_id_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_lock_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_potential_uuid"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_sequential_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_swagger_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_templated_secret"
+    }
+  ],
+  "results": {},
+  "generated_at": "2024-01-30T09:43:18Z"
+}
diff --git a/.github/workflows/mdl.yaml b/.github/workflows/mdl.yaml
deleted file mode 100644
index 22ca4ef..0000000
--- a/.github/workflows/mdl.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-name: markdownlint
-
-on: [push, pull_request]
-
-jobs:
-  markdown-lint:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Check out code
-      uses: actions/checkout@v2
-    - name: Run mdl
-      uses: actionshub/markdownlint@v2.1.2
\ No newline at end of file
diff --git a/.github/workflows/pr-title.yaml b/.github/workflows/pr-title.yaml
index c1e7a6d..1cf91af 100644
--- a/.github/workflows/pr-title.yaml
+++ b/.github/workflows/pr-title.yaml
@@ -51,4 +51,4 @@ jobs:
           # to also validate the commit message for one commit PRs.
           validateSingleCommit: false
           ignoreLabels: |
-            bot
\ No newline at end of file
+            bot
diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
new file mode 100644
index 0000000..01a33d0
--- /dev/null
+++ b/.github/workflows/pre-commit.yml
@@ -0,0 +1,26 @@
+---
+name: Lint
+
+on:
+  pull_request:
+  push:
+    branches:
+      - "main"
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.11"
+
+      - name: Run pre-commit
+        uses: pre-commit/action@v3.0.0
+        with:
+          extra_args: --all-files
diff --git a/.github/workflows/terraform-docs.yaml b/.github/workflows/terraform-docs.yaml
index 9d4a73e..996d045 100644
--- a/.github/workflows/terraform-docs.yaml
+++ b/.github/workflows/terraform-docs.yaml
@@ -19,7 +19,7 @@ jobs:
         template: |-
           <!-- BEGIN_TF_DOCS -->
           {{ .Content }}
-          
+
           ---
           <!-- END_TF_DOCS -->
         git-push: "true"
diff --git a/.mdlrc b/.mdlrc
deleted file mode 100644
index c28b2f9..0000000
--- a/.mdlrc
+++ /dev/null
@@ -1 +0,0 @@
-style './.github/workflows/style.rb'
\ No newline at end of file
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 0000000..36fa56c
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,24 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.4.0
+    hooks:
+      - id: end-of-file-fixer
+      - id: mixed-line-ending
+      - id: trailing-whitespace
+
+  - repo: https://github.com/markdownlint/markdownlint
+    rev: v0.13.0
+    hooks:
+      - id: markdownlint_docker
+        args: ["--style", "./.github/workflows/style.rb"]
+
+  - repo: https://github.com/Yelp/detect-secrets
+    rev: v1.4.0
+    hooks:
+      - id: detect-secrets
+        args: ['--baseline', '.github/.secrets.baseline']
+
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.83.4
+    hooks:
+      - id: terraform_fmt
diff --git a/LICENSE b/LICENSE
index acdba20..c56637a 100644
--- a/LICENSE
+++ b/LICENSE
@@ -18,4 +18,4 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
\ No newline at end of file
+SOFTWARE.
diff --git a/main.tf b/main.tf
index 3fb6bac..79c027e 100644
--- a/main.tf
+++ b/main.tf
@@ -7,4 +7,4 @@ resource "random_id" "this" {
 
 locals {
   my_output = "${var.prefix}-${random_id.this.id}"
-}
\ No newline at end of file
+}
diff --git a/output.tf b/output.tf
index 105e750..c977433 100644
--- a/output.tf
+++ b/output.tf
@@ -1,4 +1,4 @@
 # List your outputs here.
 output "random_val" {
   value = local.my_output
-}
\ No newline at end of file
+}
diff --git a/variables.tf b/variables.tf
index 3c1a688..e673720 100644
--- a/variables.tf
+++ b/variables.tf
@@ -3,4 +3,4 @@ variable "prefix" {
   type        = string
   description = "A dummy prefix."
   default     = "my-test"
-}
\ No newline at end of file
+}
diff --git a/versions.tf b/versions.tf
index 9e2a1bc..0a3127b 100644
--- a/versions.tf
+++ b/versions.tf
@@ -13,4 +13,4 @@ terraform {
   }
 
   required_version = ">= 1.1.4"
-}
\ No newline at end of file
+}