screen-locker/.pre-commit-config.yaml
Krzysztof kuhy Rudnicki 70cf6f5425 Migrate to the shared gatelock backend
ScreenLocker now composes gatelock.GateRoot + gatelock.LockWindow for the
actual lock window instead of the inline WindowSetupMixin mechanics; the
verify/relaxed-day auxiliary windows (never the lock itself) stay as
plain Tk windows. The hand-copied _log_integrity.py is deleted in favor
of gatelock.log_integrity (the canonical, non-duplicated module). This
is the second of three migrations (diet_guard done, wake_alarm next).

Two deliberate behavior changes, both confirmed:
- dependencies = [] (pure stdlib) now includes gatelock, a documented
  departure from the prior zero-deps stance.
- production grab upgraded from single-attempt-then-local-fallback to
  diet_guard's retry-forever (robust to e.g. a fullscreen game holding
  the grab).

Net hardening as a side effect: run()/close() now go through gatelock's
signal-safe lifecycle, so SIGTERM/SIGINT restore VT switching on every
exit path -- previously only a clean close() did, leaving VT switching
disabled if the service was killed mid-lock.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01XCdT46zV8hESDvbgYMGDLt
2026-06-21 20:11:16 +02:00

152 lines
4.8 KiB
YAML

# Pre-commit Configuration for screen-locker
# Install: pre-commit install && pre-commit install --hook-type pre-push
# Run: pre-commit run --all-files
# Update: pre-commit autoupdate
default_language_version:
python: python3
default_stages: [pre-commit]
fail_fast: false
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.6.0
hooks:
- id: trailing-whitespace
args: [--markdown-linebreak-ext=md]
- id: end-of-file-fixer
- id: check-yaml
- id: check-json
- id: check-toml
- id: check-added-large-files
args: [--maxkb=2000]
- id: check-merge-conflict
- id: detect-private-key
- id: debug-statements
- id: name-tests-test
args: [--pytest-test-first]
- id: check-ast
- id: mixed-line-ending
args: [--fix=lf]
- id: requirements-txt-fixer
- repo: local
hooks:
- id: no-noqa
name: Block noqa comments
entry: '(?i)#\s*(noqa|type:\s*ignore)'
language: pygrep
types: [python]
- id: no-ruff-noqa
name: Block ruff noqa file-level comments
entry: '(?i)#\s*ruff:\s*noqa'
language: pygrep
types: [python]
- repo: https://github.com/astral-sh/ruff-pre-commit
rev: v0.15.2
hooks:
- id: ruff
args: [--fix, --unsafe-fixes, --exit-non-zero-on-fix, --show-fixes]
types_or: [python, pyi]
- id: ruff-format
types_or: [python, pyi]
- repo: https://github.com/pre-commit/mirrors-mypy
rev: v1.13.0
hooks:
- id: mypy
args:
- --ignore-missing-imports
- --no-error-summary
- --disable-error-code=no-untyped-def
- --disable-error-code=no-untyped-call
- --disable-error-code=var-annotated
- --disable-error-code=no-any-unimported
- --disable-error-code=type-arg
- --disable-error-code=no-any-return
- --disable-error-code=misc
- --disable-error-code=unused-ignore
- --disable-error-code=unreachable
- --disable-error-code=assignment
- --disable-error-code=no-redef
- --disable-error-code=attr-defined
- --disable-error-code=arg-type
- --disable-error-code=union-attr
- --disable-error-code=call-overload
- --disable-error-code=return-value
- --disable-error-code=redundant-cast
- --disable-error-code=empty-body
- --disable-error-code=list-item
- repo: https://github.com/pylint-dev/pylint
rev: v3.3.2
hooks:
- id: pylint
args:
- --rcfile=pyproject.toml
- --fail-under=8.0
- --jobs=4
additional_dependencies:
- pytest
- gatelock @ git+https://github.com/kuhyx/gatelock@v0.1.0
- repo: https://github.com/PyCQA/bandit
rev: 1.7.10
hooks:
- id: bandit
args:
- -c
- pyproject.toml
- --severity-level=high
- --confidence-level=medium
- --skip=B113
additional_dependencies: ["bandit[toml]"]
exclude: ^(tests/|.*test.*\.py$)
- repo: local
hooks:
- id: pytest-coverage
name: pytest with coverage enforcement
entry: python -m pytest
language: system
types: [python]
pass_filenames: false
require_serial: true
stages: [pre-push]
- repo: https://github.com/codespell-project/codespell
rev: v2.3.0
hooks:
- id: codespell
args:
- --skip=*.json,*.lock,.git,__pycache__,.venv
- --ignore-words-list=als,ans,ect,nd,som,sur,te,nam,numer,lew,sie,wil,postion,clen,ther,folow,derrive,ony,tje,noe,theses,crate,doubleclick,wile,tabel,pary,blok,bloc,proces,serwer,parametr,adres,hart,dout,metod,tekst,synonim,grup,mosty,lokal,skalar,milion,nowe,tre,hel,alph
- repo: local
hooks:
- id: shellcheck
name: shellcheck
entry: bash -c 'printf "%s\0" "$@" | xargs -0 -n 40 shellcheck --severity=warning' --
language: system
types: [shell]
- id: max-file-length
name: Max file length (400 lines)
entry: python3 scripts/check_file_length.py
language: system
types_or: [python, shell]
- id: flutter-analyze
name: flutter analyze (workout app)
entry: bash -c 'cd stronglift_replacement/workout_app && flutter analyze'
language: system
files: '^stronglift_replacement/workout_app/.*\.(dart|yaml)$'
pass_filenames: false
- id: flutter-test-coverage
name: flutter test --coverage 100% (workout app)
entry: bash scripts/check_flutter_coverage.sh
language: system
files: '^stronglift_replacement/workout_app/.*\.dart$'
pass_filenames: false
require_serial: true
stages: [pre-push]