testsAndMisc/.pre-commit-config.yaml

465 lines
18 KiB
YAML
Raw Normal View History

# ==============================================================================
2026-02-20 00:37:32 +01:00
# Pre-commit Configuration - Multi-language Linting & Formatting
# ==============================================================================
# Install: pre-commit install && pre-commit install --hook-type pre-push
# Fast lint: pre-commit run --all-files (linters only, ~10 s)
# Full suite: pre-commit run --all-files --hook-stage pre-push (+ tests)
# Update hooks: pre-commit autoupdate
# ==============================================================================
# Global settings
default_language_version:
python: python3
# Fail fast on first error (set to false to see all errors)
fail_fast: false
# Configuration
ci:
autofix_commit_msg: "style: auto-fix by pre-commit hooks"
autoupdate_commit_msg: "chore: update pre-commit hooks"
repos:
# ===========================================================================
# GENERAL HOOKS - File formatting and validation
# ===========================================================================
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.6.0
hooks:
- id: trailing-whitespace
args: [--markdown-linebreak-ext=md]
- id: end-of-file-fixer
- id: check-yaml
args: [--unsafe]
- id: check-json
# Exclude JSONC files (VS Code configs, TypeScript configs) and compile_commands.json
exclude: ^(\.vscode/|.*/\.vscode/|C/compile_commands\.json|.*tsconfig.*\.json)
- id: check-toml
- id: check-xml
- id: check-added-large-files
args: [--maxkb=2000]
- id: check-merge-conflict
- id: check-case-conflict
- id: check-symlinks
- id: check-executables-have-shebangs
- id: check-shebang-scripts-are-executable
- id: detect-private-key
- id: debug-statements
- id: name-tests-test
args: [--pytest-test-first]
exclude: python_pkg/word_frequency/tests/_translator_helpers\.py
- id: check-ast
- id: check-builtin-literals
- id: check-docstring-first
- id: fix-byte-order-marker
- id: mixed-line-ending
args: [--fix=lf]
- id: requirements-txt-fixer
# ===========================================================================
# BINARY BLOCKER - Prevent binary/image files from being committed
# ===========================================================================
- repo: local
hooks:
- id: no-binaries
name: Block binary/image files
entry: scripts/check_no_binaries.sh
language: script
always_run: false
# ===========================================================================
# NOQA BLOCKER - Zero tolerance for noqa/type:ignore suppression comments
# ===========================================================================
- repo: local
hooks:
- id: no-noqa
name: Block noqa comments
entry: '(?i)#\s*(noqa|type:\s*ignore)'
language: pygrep
types: [python]
- id: no-ruff-noqa
name: Block ruff noqa file-level comments
entry: '(?i)#\s*ruff:\s*noqa'
language: pygrep
types: [python]
# ===========================================================================
# RUFF - Fast Python linter and formatter (replaces black, isort, flake8, etc.)
# ===========================================================================
- repo: https://github.com/astral-sh/ruff-pre-commit
rev: v0.15.2
hooks:
# Linter - run first to catch issues
- id: ruff
args:
- --fix
2026-03-02 20:29:32 +01:00
- --unsafe-fixes
- --exit-non-zero-on-fix
- --show-fixes
types_or: [python, pyi]
# Formatter - run after linting
- id: ruff-format
types_or: [python, pyi]
# ===========================================================================
# MYPY - Static type checking (runs on push only for speed)
# ===========================================================================
- repo: https://github.com/pre-commit/mirrors-mypy
rev: v1.13.0
hooks:
- id: mypy
stages: [pre-push]
args:
- --ignore-missing-imports
- --no-error-summary
- --disable-error-code=no-untyped-def
- --disable-error-code=no-untyped-call
- --disable-error-code=var-annotated
- --disable-error-code=no-any-unimported
- --disable-error-code=type-arg
- --disable-error-code=no-any-return
- --disable-error-code=misc
- --disable-error-code=unused-ignore
- --disable-error-code=unreachable
- --disable-error-code=assignment
- --disable-error-code=no-redef
- --disable-error-code=attr-defined
- --disable-error-code=arg-type
- --disable-error-code=union-attr
- --disable-error-code=call-overload
- --disable-error-code=return-value
- --disable-error-code=redundant-cast
- --disable-error-code=empty-body
- --disable-error-code=list-item
exclude: >-
(?x)^(
Bash/.*|
\.venv/.*|
python_pkg/music_gen/.*|
python_pkg/praca_magisterska_video/.*|
pomodoro_app/tools/.*|
linux_configuration/scripts/misc/testsAndMisc-bash/tools/.*
)$
additional_dependencies:
- types-requests
- types-PyYAML
- types-python-dateutil
# ===========================================================================
# PYLINT - Comprehensive Python linter (runs on push only for speed)
# ===========================================================================
- repo: https://github.com/pylint-dev/pylint
rev: v3.3.2
hooks:
- id: pylint
stages: [pre-push]
args:
- --rcfile=pyproject.toml
- --fail-under=8.0
- --jobs=0
additional_dependencies:
- pytest
- python-chess
- requests
- pygame
exclude: ^(Bash/|\.venv/)
# ===========================================================================
# BANDIT - Security linter (runs on push only for speed)
# ===========================================================================
- repo: https://github.com/PyCQA/bandit
rev: 1.7.10
hooks:
- id: bandit
stages: [pre-push]
args:
- -c
- pyproject.toml
- --severity-level=high
- --confidence-level=medium
- --skip=B113
additional_dependencies: ["bandit[toml]"]
exclude: ^(Bash/|\.venv/|tests/|.*test.*\.py$)
# ===========================================================================
# PYTEST + COVERAGE - Run tests and enforce 100% code coverage
# Only tests for subpackages with changed files are run (see script).
# Runs on push only (slow); use --hook-stage pre-push to run manually.
# ===========================================================================
- repo: local
hooks:
- id: pytest-coverage
name: pytest with coverage enforcement
entry: python scripts/pytest_changed_packages.py
language: system
types: [python]
pass_filenames: true
stages: [pre-push]
# ===========================================================================
# VULTURE - Dead code detection (disabled - doesn't work well with pre-commit)
# ===========================================================================
# - repo: https://github.com/jendrikseipp/vulture
# rev: v2.13
# hooks:
# - id: vulture
# args:
# - --min-confidence=80
# - --exclude=.venv,Bash,__pycache__
# exclude: ^(Bash/|\.venv/)
# ===========================================================================
# PYUPGRADE - Upgrade Python syntax (disabled - incompatible with Python 3.14)
# ===========================================================================
# - repo: https://github.com/asottile/pyupgrade
# rev: v3.19.0
# hooks:
# - id: pyupgrade
# args:
# - --py310-plus
# ===========================================================================
# CODESPELL - Spell checking in code (expanded ignore list for non-English)
# ===========================================================================
- repo: https://github.com/codespell-project/codespell
rev: v2.3.0
hooks:
- id: codespell
args:
- --skip=*.json,*.lock,*.min.js,*.min.css,.git,__pycache__,.venv,*.txt
- --ignore-words-list=als,ans,ect,nd,som,sur,te,nam,numer,lew,sie,wil,postion,clen,ther,folow,derrive,ony,tje,noe,theses,crate,doubleclick,wile,tabel,pary,blok,bloc,proces,serwer,parametr,adres,hart,dout,metod,tekst,synonim,grup,mosty,lokal,skalar,milion,nowe,tre,hel,alph
2026-02-20 01:17:53 +01:00
exclude: ^(Bash/ffmpeg-build/|LaTeX/|CPP/|.*\.geojson$)
# ===========================================================================
# DOCFORMATTER - Format docstrings (disabled - causes recursion errors)
# ===========================================================================
# - repo: local
# hooks:
# - id: docformatter
# name: docformatter
# entry: docformatter
# language: system
# types: [python]
# args:
# - --in-place
# - --wrap-summaries=88
# - --wrap-descriptions=88
# ===========================================================================
# INTERROGATE - Docstring coverage (disabled - causes recursion on large files)
# ===========================================================================
# - repo: https://github.com/econchick/interrogate
# rev: 1.7.0
# hooks:
# - id: interrogate
# args:
# - --fail-under=0
# - --verbose
# - --ignore-init-method
# - --ignore-init-module
# - --ignore-magic
# - --ignore-private
# - --ignore-semiprivate
# - --exclude=Bash,.venv,__pycache__
# pass_filenames: false
# ===========================================================================
# AUTOFLAKE - Remove unused imports/variables
# Disabled: fully redundant with ruff (F401, F841, F811) + --fix
# ===========================================================================
# - repo: https://github.com/PyCQA/autoflake
# rev: v2.3.1
# hooks:
# - id: autoflake
# args:
# - --in-place
# - --remove-all-unused-imports
# - --remove-unused-variables
# - --remove-duplicate-keys
# - --expand-star-imports
# ===========================================================================
# SAFETY - Check for security vulnerabilities in dependencies
# ===========================================================================
# Note: Safety requires API key for full functionality, disabled by default
# - repo: https://github.com/Lucas-C/pre-commit-hooks-safety
# rev: v1.3.2
# hooks:
# - id: python-safety-dependencies-check
# files: requirements.*\.txt$
# ===========================================================================
# PYRIGHT - Microsoft's type checker (very strict, optional)
# ===========================================================================
# Uncomment to enable - can be slow and very strict
# - repo: https://github.com/RobertCraiworthy/pyright-action
# rev: v1.1.350
# hooks:
# - id: pyright
# ===========================================================================
# CHECK JSON/YAML/TOML formatting (runs on push only — slow Node.js startup)
# ===========================================================================
- repo: https://github.com/pre-commit/mirrors-prettier
rev: v4.0.0-alpha.8
hooks:
- id: prettier
types_or: [yaml, json, markdown]
exclude: ^(Bash/|\.venv/|.*\.lock$|C/compile_commands\.json)
stages: [pre-push]
# ===========================================================================
# SHELLCHECK - Shell script linting
# Wrapper batches files to avoid OOM on large repos.
# ===========================================================================
- repo: local
hooks:
- id: shellcheck
name: shellcheck
entry: bash -c 'printf "%s\0" "$@" | xargs -0 -n 40 shellcheck --severity=warning' --
language: system
types: [shell]
2026-02-20 01:17:53 +01:00
exclude: ^pomodoro_app/
2026-02-20 00:37:32 +01:00
# ===========================================================================
# CLANG-FORMAT - C/C++ code formatting
# ===========================================================================
- repo: https://github.com/pre-commit/mirrors-clang-format
rev: v19.1.6
hooks:
- id: clang-format
types_or: [c, c++]
# ===========================================================================
# CPPCHECK - C/C++ static analysis
# ===========================================================================
- repo: local
hooks:
- id: cppcheck
name: cppcheck
entry: cppcheck
language: system
types_or: [c, c++]
exclude: ^(pomodoro_app/|horatio/)
2026-02-20 00:37:32 +01:00
args:
2026-02-20 01:17:53 +01:00
- --enable=warning,portability
2026-02-20 00:37:32 +01:00
- --force
- --quiet
- --error-exitcode=1
- --inline-suppr
- --suppress=missingIncludeSystem
2026-02-20 01:17:53 +01:00
- --suppress=syntaxError
- --suppress=nullPointerOutOfResources
- --suppress=ctunullpointerOutOfResources
- --suppress=ctunullpointerOutOfMemory
2026-02-20 00:37:32 +01:00
- --std=c11
# ===========================================================================
# FLAWFINDER - C/C++ security scanner
# ===========================================================================
- repo: local
hooks:
- id: flawfinder
name: flawfinder
entry: flawfinder
language: system
types_or: [c, c++]
args:
2026-02-20 01:17:53 +01:00
- --error-level=5
2026-02-20 00:37:32 +01:00
- --quiet
- --columns
# ===========================================================================
# ESLINT - TypeScript/JavaScript linting
# ===========================================================================
- repo: local
hooks:
- id: eslint
name: eslint
entry: npx eslint --no-warn-ignored
language: system
types_or: [ts, tsx]
files: ^TS/
# ===========================================================================
# CHECK C/C++ BUILD FILES - Ensure every C/C++ dir has Makefile and run.sh
# ===========================================================================
- repo: local
hooks:
- id: check-c-cpp-build-files
name: check C/C++ dirs have Makefile and run.sh
entry: scripts/check_c_cpp_build_files.sh
language: script
types_or: [c, c++]
exclude: ^(CPP/mini_browser/|horatio/)
# ===========================================================================
# CHECK PYTHON LOCATION - All Python files must be under python_pkg/
# ===========================================================================
- repo: local
hooks:
- id: check-python-location
name: check Python files are under python_pkg/
entry: scripts/check_python_location.sh
language: script
types: [python]
# ===========================================================================
# REMOVE EMPTY DIRECTORIES - Clean up empty folders in the repo
# ===========================================================================
- repo: local
hooks:
- id: remove-empty-dirs
name: remove empty directories
entry: find . -type d -empty -not -path './.git/*' -delete -print
language: system
pass_filenames: false
always_run: true
# ===========================================================================
# SECRET PATTERNS - Block commits containing sensitive data
# ===========================================================================
- repo: local
hooks:
- id: check-no-secrets
name: check for leaked secrets
entry: scripts/check_no_secrets.sh
language: script
exclude: ^(\.secret-patterns|\.pre-commit-config\.yaml|.*\.geojson)$
# ===========================================================================
# COMMITIZEN - Conventional commits (optional)
# ===========================================================================
# - repo: https://github.com/commitizen-tools/commitizen
# rev: v3.13.0
# hooks:
# - id: commitizen
# - id: commitizen-branch
# stages: [push]
# ===========================================================================
# POMODORO APP - Flutter analyze + test (push only)
# ===========================================================================
- repo: local
hooks:
- id: pomodoro-app-flutter
name: pomodoro_app flutter analyze & test
entry: bash -c 'cd pomodoro_app && flutter pub get --enforce-lockfile && flutter analyze && flutter test'
language: system
files: ^pomodoro_app/
pass_filenames: false
stages: [pre-push]
# ===========================================================================
# HORATIO - Dart/Flutter tests with coverage enforcement (push only)
# ===========================================================================
- repo: local
hooks:
- id: horatio-tests
name: horatio test coverage
entry: bash -c 'cd horatio && bash run.sh test'
language: system
files: ^horatio/
stages: [pre-push]
pass_filenames: false