41 lines
1.1 KiB
YAML
41 lines
1.1 KiB
YAML
|
---
|
||
|
|
repos:
|
||
|
|
- repo: https://github.com/pre-commit/pre-commit-hooks
|
||
|
|
rev: v4.6.0
|
||
|
|
hooks:
|
||
|
|
- id: trailing-whitespace
|
||
|
|
- id: end-of-file-fixer
|
||
|
|
- id: check-merge-conflict
|
||
|
|
- id: check-yaml
|
||
|
|
args: [--unsafe] # allow custom YAML tags used by Ansible
|
||
|
|
|
||
|
|
- repo: https://github.com/adrienverge/yamllint
|
||
|
|
rev: v1.35.1
|
||
|
|
hooks:
|
||
|
|
- id: yamllint
|
||
|
|
args: [-c, .yamllint]
|
||
|
|
|
||
|
|
- repo: https://github.com/ansible/ansible-lint
|
||
|
|
rev: v24.9.2
|
||
|
|
hooks:
|
||
|
|
- id: ansible-lint
|
||
|
|
additional_dependencies:
|
||
|
|
- ansible-core>=2.17
|
||
|
|
|
||
|
|
# Secret scanning — catches plaintext credentials before they are committed.
|
||
|
|
# Bump `rev` as new gitleaks releases land.
|
||
|
|
- repo: https://github.com/gitleaks/gitleaks
|
||
|
|
rev: v8.18.4
|
||
|
|
hooks:
|
||
|
|
- id: gitleaks
|
||
|
|
|
||
|
|
# Local guard: any file named vault.yml must be ansible-vault encrypted
|
||
|
|
# (or contain only comments — a documented placeholder). See scripts/.
|
||
|
|
- repo: local
|
||
|
|
hooks:
|
||
|
|
- id: vault-encrypted
|
||
|
|
name: vault.yml must be ansible-vault encrypted
|
||
|
|
entry: scripts/check-vault-encrypted.sh
|
||
|
|
language: script
|
||
|
|
files: (^|/)vault\.yml$
|