forked from ansible-lockdown/RHEL9-CIS
added pre-commit files
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell
parent
2d222fbc49
commit
495f942b7d
2 changed files with 241 additions and 0 deletions
69
.pre-commit-config.yaml
Normal file
69
.pre-commit-config.yaml
Normal file
|
|
@ -0,0 +1,69 @@
|
|||
---
|
||||
|
||||
repos:
|
||||
- repo: https://github.com/pre-commit/pre-commit-hooks
|
||||
rev: v3.2.0
|
||||
hooks:
|
||||
# Safety
|
||||
- id: detect-aws-credentials
|
||||
- id: detect-private-key
|
||||
|
||||
# git checks
|
||||
- id: check-merge-conflict
|
||||
- id: check-added-large-files
|
||||
- id: check-case-conflict
|
||||
|
||||
# General checks
|
||||
- id: trailing-whitespace
|
||||
name: Trim Trailing Whitespace
|
||||
description: This hook trims trailing whitespace.
|
||||
entry: trailing-whitespace-fixer
|
||||
language: python
|
||||
types: [text]
|
||||
args: [--markdown-linebreak-ext=md]
|
||||
- id: end-of-file-fixer
|
||||
|
||||
# Scan for passwords
|
||||
- repo: https://github.com/Yelp/detect-secrets
|
||||
rev: v1.4.0
|
||||
hooks:
|
||||
- id: detect-secrets
|
||||
args: ['--baseline', '.secrets.baseline']
|
||||
exclude: package.lock.json
|
||||
|
||||
- repo: https://github.com/ansible-community/ansible-lint
|
||||
rev: v6.17.2
|
||||
hooks:
|
||||
- id: ansible-lint
|
||||
name: Ansible-lint
|
||||
description: This hook runs ansible-lint.
|
||||
entry: python3 -m ansiblelint --force-color site.yml -c .ansible-lint
|
||||
language: python
|
||||
# do not pass files to ansible-lint, see:
|
||||
# https://github.com/ansible/ansible-lint/issues/611
|
||||
pass_filenames: false
|
||||
always_run: true
|
||||
additional_dependencies:
|
||||
# https://github.com/pre-commit/pre-commit/issues/1526
|
||||
# If you want to use specific version of ansible-core or ansible, feel
|
||||
# free to override `additional_dependencies` in your own hook config
|
||||
# file.
|
||||
- ansible-core>=2.10.1
|
||||
|
||||
- repo: https://github.com/adrienverge/yamllint.git
|
||||
rev: v1.32.0 # or higher tag
|
||||
hooks:
|
||||
- id: yamllint
|
||||
|
||||
## To be moved to main link when PR approved - https://github.com/ansible/ansible-sign.git
|
||||
- repo: https://github.com/ansible-lockdown/ansible-sign.git
|
||||
rev: v0.1.1b
|
||||
hooks:
|
||||
- id: ansible-sign
|
||||
name: Verify Ansible-sign signature
|
||||
description: This hook runs ansible-sign.
|
||||
entry: ansible-sign project gpg-verify .
|
||||
language: python
|
||||
# do not pass files as we need to scan the directory with the MANIFEST.in
|
||||
pass_filenames: false
|
||||
always_run: true
|
||||
Loading…
Add table
Add a link
Reference in a new issue