-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy path.pre-commit-config.yaml
37 lines (34 loc) · 1.14 KB
/
.pre-commit-config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
repos:
# Standard pre-commit hooks
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: cef0300fd0fc4d2a87a85fa2093c6b283ea36f4b #v5.0.0
hooks:
- id: check-added-large-files
args: [--maxkb=36000]
- id: check-executables-have-shebangs
- id: check-shebang-scripts-are-executable
- id: check-json
- id: check-yaml
- id: trailing-whitespace
# Github actions
- repo: https://github.com/rhysd/actionlint
rev: 5db9d9cde2f3deb5035dea3e45f0a9fff2f29448 #v1.7.4
hooks:
- id: actionlint
name: Check Github Actions
args: ["--ignore", "SC2102"]
# Python code security
- repo: https://github.com/PyCQA/bandit
rev: 8fd258abbac759d62863779f946d6a88e8eabb0f #1.8.0
hooks:
- id: bandit
name: Code security checks
args: ["-r", "--level", "2", "./"]
- repo: local
hooks:
# Ensure our GH actions are pinned to a specific hash
- id: check-github-actions
name: Check GitHub Actions for Pinned Dependencies
entry: python .scripts/check_pinned_hash_dependencies.py
language: python
files: \.github/.*\.yml$