forked from semgrep/semgrep
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.pre-commit-config.yaml
182 lines (168 loc) · 5.82 KB
/
.pre-commit-config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
exclude: "^cli/tests/e2e/(targets|snapshots|rules/syntax)|^semgrep-core/tests|^cli/src/semgrep/external|\\binvalid\\b|^cli/.test_durations"
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.3.0
hooks:
- id: check-added-large-files
- id: check-ast
- id: check-builtin-literals
- id: check-case-conflict
- id: check-docstring-first
- id: check-executables-have-shebangs
- id: check-json
exclude: ".devcontainer/devcontainer.json"
- id: check-merge-conflict
- id: check-shebang-scripts-are-executable
- id: check-symlinks
- id: check-toml
- id: check-vcs-permalinks
- id: check-xml
- id: check-yaml
args: [--allow-multiple-documents]
- id: debug-statements
- id: destroyed-symlinks
- id: detect-private-key
- id: end-of-file-fixer
- id: fix-byte-order-marker
- id: fix-encoding-pragma
args: [--remove]
- id: mixed-line-ending
args: [--fix=lf]
- id: no-commit-to-branch
- id: requirements-txt-fixer
- id: trailing-whitespace
args: [--markdown-linebreak-ext=md]
- repo: https://github.com/myint/autoflake
rev: v1.4
hooks:
- id: autoflake
args:
- --in-place
- --remove-unused-variables
- --remove-duplicate-keys
- --remove-all-unused-imports
- --ignore-init-module-imports
- --exclude=/cli/src/semgrep/output_from_core.py
- repo: https://github.com/psf/black
rev: 22.6.0
hooks:
- id: black
args: [--exclude=/cli/src/semgrep/output_from_core.py]
- repo: https://github.com/asottile/reorder_python_imports
rev: v3.1.0
hooks:
- id: reorder-python-imports
args: ["--application-directories=cli/src", --py37-plus]
- repo: https://github.com/asottile/pyupgrade
rev: v2.34.0
hooks:
- id: pyupgrade
args: ["--py37-plus"]
- repo: https://github.com/pre-commit/mirrors-mypy
rev: "v0.961"
hooks:
- id: mypy
exclude: ^cli/tests/.+$|^setup.py$|^scripts/.+$|^parsing-stats/.+$|^perf/.+$$
args: [--config, mypy.ini, --show-error-codes]
additional_dependencies: &mypy-deps
# versions must be manually synced:
# - cli/setup.py lists dependencies
# - cli/Pipfile lists type hint packages for dev env
# - .pre-commit-config.yaml's mypy hooks also list type hint packages
# some packages ship with type definitions
- attrs~=21.3
- click~=8.0
- packaging~=21.0
- requests~=2.22
- defusedxml~=0.7.1
# other packages have separate typings published
- types-colorama~=0.4.0
- types-jsonschema~=4.6.0
- types-requests
- types-setuptools
- types-freezegun
- types-python-dateutil
- types-Jinja2
- id: mypy
alias: mypy-test
name: mypy (test files)
files: ^cli/tests/.+$
args: [--config, mypy-tests.ini, --show-error-codes]
additional_dependencies: *mypy-deps
- repo: https://gitlab.com/pycqa/flake8
rev: "3.9.2"
hooks:
- id: flake8
additional_dependencies: ["flake8-bugbear==22.1.11"]
args: ["--select=B,E9,F4,F63,F7,F82"]
- repo: https://github.com/returntocorp/semgrep
rev: "v0.100.0"
hooks:
- id: semgrep
name: Semgrep Python
types: [python]
exclude: "^cli/tests/.+$|^scripts/.+$|^cli/setup.py$"
args: ["--config", "https://semgrep.dev/p/python", "--error"]
- id: semgrep
name: Semgrep Bandit
types: [python]
exclude: "^cli/tests/.+$|^scripts/.+$|^cli/setup.py$"
args: ["--config", "https://semgrep.dev/p/bandit", "--error"]
- repo: local
hooks:
- id: shellcheck
name: shellcheck
language: docker_image
entry: koalaman/shellcheck:v0.8.0
files: "[.]sh$"
- repo: local
hooks:
- id: hadolint
name: hadolint
language: docker_image
types:
- dockerfile
exclude: "^dockerfiles/linuxbrew[.]Dockerfile$"
entry: hadolint/hadolint:v2.8.0-alpine hadolint
args: ["--ignore", "DL3008", "--ignore", "DL3018"]
# Run develop semgrep. Only used in CI
# To run locally use `pre-commit run --hook-stage manual semgrep-docker-develop`
- repo: https://github.com/returntocorp/semgrep
rev: "v0.100.0"
hooks:
- id: semgrep-docker-develop
name: Semgrep Develop Python
types: [python]
exclude: "^cli/tests/.+$|^scripts/.+$|^cli/setup.py$"
args: ["--config", "p/python", "--error"]
stages: [manual]
- id: semgrep-docker-develop
name: Semgrep Develop Bandit
types: [python]
exclude: "^cli/tests/.+$|^scripts/.+$|^cli/setup.py$"
args: ["--config", "p/bandit", "--error"]
stages: [manual]
# Reformat OCaml code (ml, mli) with ocamlformat if ocamlformat is
# present. If ocamlformat is missing, this step will succeed.
# This allows pure python users to run 'pre-commit run --all' without
# installing opam and ocamlformat.
#
- repo: local
hooks:
- id: lint-ocaml
name: Reformat OCaml code
entry: ./scripts/lint-ocaml
language: script
files: "\\.mli?$"
- id: gitignore-to-dockerignore
name: Convert .gitignore to .dockerignore
language: node
entry: gitignore-to-dockerignore
files: ^.(git|docker)ignore$
additional_dependencies: ["[email protected]"]
# Reformat YAML, JSON, and Markdown files
- repo: https://github.com/pre-commit/mirrors-prettier
rev: v2.7.1
hooks:
- id: prettier
exclude: "^perf/bench/dummy/.+$|^cli/tests/e2e/rules/.+$|^.+/Pipfile.lock$|^.devcontainer/devcontainer.json$"