Sanitized mirror from private repository - 2026-04-04 03:48:45 UTC

.pre-commit-config.yaml

@@ -0,0 +1,69 @@
+---
+# Pre-commit hooks for Homelab repository
+# Ensures code quality and prevents broken deployments
+
+repos:
+  # Basic file checks
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.5.0
+    hooks:
+      - id: trailing-whitespace
+        exclude: '\.md$'
+      - id: end-of-file-fixer
+        exclude: '\.md$'
+      - id: check-yaml
+        args: ['--allow-multiple-documents']
+        # log_rotation.yml contains a shell heredoc at column 0 inside a YAML
+        # block scalar - PyYAML incorrectly parses the embedded logrotate config
+        # content as YAML rather than treating it as opaque string data.
+        exclude: '^(archive/|\.git/|ansible/automation/playbooks/log_rotation\.yml)'
+      - id: check-added-large-files
+        args: ['--maxkb=10240']  # 10MB limit
+      - id: check-merge-conflict
+      - id: check-case-conflict
+
+  # YAML linting
+  - repo: https://github.com/adrienverge/yamllint
+    rev: v1.35.1
+    hooks:
+      - id: yamllint
+        args: [-c=.yamllint]
+
+  # Docker Compose validation
+  - repo: local
+    hooks:
+      - id: docker-compose-check
+        name: Docker Compose Syntax Check
+        entry: scripts/validate-compose.sh
+        language: script
+        files: '\.ya?ml$'
+        exclude: '^(archive/|ansible/|\.git/|docker/monitoring/prometheus/|prometheus/)'
+        pass_filenames: true
+
+  # Secret detection - blocks commits containing passwords, tokens, API keys
+  - repo: https://github.com/Yelp/detect-secrets
+    rev: v1.5.0
+    hooks:
+      - id: detect-secrets
+        args: ['--baseline', '.secrets.baseline']
+        exclude: '^(archive/|\.git/|\.secrets\.baseline$)'
+
+  # Ansible playbook validation
+  # Disabled: playbooks use {{.Names}} Docker Go template syntax in shell tasks
+  # which ansible-lint's Jinja2 parser chokes on (false positives, not real errors).
+  # To lint manually: ansible-lint --skip-list=yaml[line-length] ansible/
+  # - repo: https://github.com/ansible/ansible-lint
+  #   rev: v25.1.3
+  #   hooks:
+  #     - id: ansible-lint
+  #       files: '^ansible/.*\.(yml|yaml)$'
+  #       exclude: '^(archive/|\.git/)'
+  #       args:
+  #         - --exclude=ansible/archive/
+  #         - --skip-list=yaml[line-length]
+  #       additional_dependencies: ["ansible-core>=2.16,<2.17"]
+
+# Global settings
+default_stages: [pre-commit]
+fail_fast: false
+minimum_pre_commit_version: '3.0.0'