.pre-commit-config.yaml

default_language_version:
  # this should match the version in .node-version at the root of this project
  node: 14.17.1

repos:
  - repo: local
    hooks:
      - id: go-version
        name: go version
        entry: scripts/check-go-version
        language: script
        types: [go]

  - repo: git://github.com/pre-commit/pre-commit-hooks
    rev: v4.0.1
    hooks:
      - id: check-json
      - id: check-merge-conflict
      - id: check-yaml
      - id: detect-private-key
        #RA Summary: detect-private-key - Private key found
        #RA: detect-private-key detected a private key in source control
        #RA: config/tls/devlocal-*.key files are used in devlocal testing environments only.
        #RA: pkg/server/testdata*.key files are used for testing purposes only.
        #RA: pkg/auth/authentication/auth_test.go contains a static key, used for unit tests in devlocal and pipeline only.
        #RA: pkg/cli/auth.go is a false positive; this code generates a keyfile at runtime, and its heuristics resemble an encoded key.
        #RA: .envrc.local.template is used in devlocal environments only.
        #RA: The risk of a production key being introduced is mitigated by this detect-private-key hook failing, and
        #RA: the PR requiring approval by a team designated to gate changes to this file, specifically attempts to exclude
        #RA: new key additions.
        #RA Developer Status: Mitigated
        #RA Validator Status: Mitigated
        #RA Modified Severity: CAT III
        exclude: >
          (?x)^(
            config/tls/devlocal-ca.key$|
            config/tls/devlocal-client_auth_secret.key$|
            config/tls/devlocal-faux-air-force-orders.key$|
            config/tls/devlocal-faux-all-orders.key$|
            config/tls/devlocal-faux-army-hrc-orders.key$|
            config/tls/devlocal-faux-coast-guard-orders.key$|
            config/tls/devlocal-faux-marine-corps-orders.key$|
            config/tls/devlocal-faux-navy-orders.key$|
            config/tls/devlocal-https.key$|
            config/tls/devlocal-mtls.key$|
            config/tls/devlocal-not-dps.key$|
            pkg/server/testdata/localhost.key$|
            pkg/server/testdata/localhost-invalid.key$|
            pkg/server/testdata/officelocal.key$|
            pkg/auth/authentication/auth_test.go$|
            .envrc.local.template|
            pkg/cli/auth.go$|
          )$
      - id: trailing-whitespace
        exclude: ^public/swagger-ui/

  - repo: git://github.com/golangci/golangci-lint
    rev: v1.42.0
    hooks:
      - id: golangci-lint
        entry: bash -c 'exec golangci-lint run -v ${GOLANGCI_LINT_VERBOSE} -j=${GOLANGCI_LINT_CONCURRENCY:-1}' # custom bash so we can override concurrency for faster dev runs

  - repo: https://github.com/igorshubovych/markdownlint-cli
    rev: v0.28.1
    hooks:
      - id: markdownlint
        entry: markdownlint --ignore .github/*.md

  - repo: git://github.com/detailyang/pre-commit-shell
    rev: 1.0.5
    hooks:
      - id: shell-lint
        args: [-x]

  - repo: local
    hooks:
      - id: prettier
        name: prettier
        entry: node_modules/.bin/prettier --write
        language: node
        files: \.(js|jsx)$

  - repo: local
    hooks:
      - id: eslint
        name: eslint
        entry: node_modules/.bin/eslint --ext .js,.jsx --max-warnings=0
        language: node
        files: \.(js|jsx)$
        exclude: >
          (?x)^(
            cypress/|
            .storybook/|
            wallaby.js|
            config-overrides.js|
            .happo.js
          )

  - repo: local
    hooks:
      - id: swagger
        name: Swagger
        entry: scripts/pre-commit-swagger-validate
        language: script
        files: swagger/*
        types: [yaml]
        exclude: swagger-def/* # These are partial swagger files that are compiled into the ones in swagger/*.
                               # They will be checked unless explicitly excluded, but they will fail.
                               # By only validating the compiled files, we are effectively checking these files as well.

  - repo: local
    hooks:
      - id: gomod
        name: gomod
        entry: scripts/pre-commit-go-mod
        language: script
        files: go.mod
        pass_filenames: false

  - repo: git://github.com/trussworks/pre-commit-hooks
    rev: v1.1.0
    hooks:
      - id: gen-docs
        args: ['docs/adr']
      - id: circleci-validate
      - id: markdown-toc
      - id: mdspell
        exclude: >
          (?x)^(
            node_modules/|
            vendor/|
            docs/adr/index.md
          )$
      - id: hadolint

  - repo: local
    hooks:
      - id: migrations-manifest
        name: migrations manifest
        entry: scripts/update-migrations-manifest
        language: script
        pass_filenames: false

  - repo: local
    hooks:
      - id: scripts-docs
        name: scripts are documented
        entry: scripts/find-scripts-missing-in-readme
        language: script
        pass_filenames: false

  - repo: local
    hooks:
      - id: spectral
        name: Spectral yaml linter
        entry: scripts/lint-yaml-with-spectral
        language: script
        files: swagger/(support|prime).yaml
        types: [yaml]

  - repo: local
    hooks:
      - id: post-merge-migrate
        name: post-merge checker
        entry: scripts/check-changes
        language: script
        stages: [post-merge]
        pass_filenames: false