48aea87028
* feat: add prek pre-commit hooks and dependabot Pre-commit hooks (via prek): - Basic hygiene: trailing-whitespace, end-of-file-fixer, check-yaml, check-added-large-files, check-merge-conflict - Security: detect-secrets, zizmor (GitHub Actions audit) - Linting: shellcheck, actionlint, oxlint, swiftlint - Formatting: oxfmt, swiftformat Dependabot: - npm and GitHub Actions ecosystems - Grouped updates (production/development/actions) - 7-day cooldown for supply chain protection Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: add prek install instruction to AGENTS.md --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
86 lines
2.4 KiB
YAML
86 lines
2.4 KiB
YAML
# Pre-commit hooks for clawdbot
|
|
# Install: prek install
|
|
# Run manually: prek run --all-files
|
|
#
|
|
# See https://pre-commit.com for more information
|
|
|
|
repos:
|
|
# Basic file hygiene
|
|
- repo: https://github.com/pre-commit/pre-commit-hooks
|
|
rev: v6.0.0
|
|
hooks:
|
|
- id: trailing-whitespace
|
|
exclude: '^(docs/|dist/|vendor/|.*\.snap$)'
|
|
- id: end-of-file-fixer
|
|
exclude: '^(docs/|dist/|vendor/|.*\.snap$)'
|
|
- id: check-yaml
|
|
args: [--allow-multiple-documents]
|
|
- id: check-added-large-files
|
|
args: [--maxkb=500]
|
|
- id: check-merge-conflict
|
|
|
|
# Secret detection (same as CI)
|
|
- repo: https://github.com/Yelp/detect-secrets
|
|
rev: v1.5.0
|
|
hooks:
|
|
- id: detect-secrets
|
|
args: [--baseline, .secrets.baseline]
|
|
|
|
# Shell script linting
|
|
- repo: https://github.com/koalaman/shellcheck-precommit
|
|
rev: v0.11.0
|
|
hooks:
|
|
- id: shellcheck
|
|
args: [--severity=error] # Only fail on errors, not warnings/info
|
|
# Exclude vendor and scripts with embedded code or known issues
|
|
exclude: '^(vendor/|scripts/e2e/)'
|
|
|
|
# GitHub Actions linting
|
|
- repo: https://github.com/rhysd/actionlint
|
|
rev: v1.7.10
|
|
hooks:
|
|
- id: actionlint
|
|
|
|
# GitHub Actions security audit
|
|
- repo: https://github.com/zizmorcore/zizmor-pre-commit
|
|
rev: v1.22.0
|
|
hooks:
|
|
- id: zizmor
|
|
args: [--persona=regular, --min-severity=medium, --min-confidence=medium]
|
|
exclude: '^(vendor/|Swabble/)'
|
|
|
|
# Project checks (same commands as CI)
|
|
- repo: local
|
|
hooks:
|
|
# oxlint --type-aware src test
|
|
- id: oxlint
|
|
name: oxlint
|
|
entry: npx oxlint --type-aware src test
|
|
language: system
|
|
pass_filenames: false
|
|
types_or: [javascript, jsx, ts, tsx]
|
|
|
|
# oxfmt --check src test
|
|
- id: oxfmt
|
|
name: oxfmt
|
|
entry: npx oxfmt --check src test
|
|
language: system
|
|
pass_filenames: false
|
|
types_or: [javascript, jsx, ts, tsx]
|
|
|
|
# swiftlint (same as CI)
|
|
- id: swiftlint
|
|
name: swiftlint
|
|
entry: swiftlint --config .swiftlint.yml
|
|
language: system
|
|
pass_filenames: false
|
|
types: [swift]
|
|
|
|
# swiftformat --lint (same as CI)
|
|
- id: swiftformat
|
|
name: swiftformat
|
|
entry: swiftformat --lint apps/macos/Sources --config .swiftformat
|
|
language: system
|
|
pass_filenames: false
|
|
types: [swift]
|