---
# Pre-commit hooks for Homelab repository
# Ensures code quality and prevents broken deployments

repos:
  # Basic file checks
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v4.5.0
    hooks:
      - id: trailing-whitespace
        exclude: '\.md$'
      - id: end-of-file-fixer
        exclude: '\.md$'
      - id: check-yaml
        args: ['--allow-multiple-documents']
        # log_rotation.yml contains a shell heredoc at column 0 inside a YAML
        # block scalar - PyYAML incorrectly parses the embedded logrotate config
        # content as YAML rather than treating it as opaque string data.
        exclude: '^(archive/|\.git/|ansible/automation/playbooks/log_rotation\.yml)'
      - id: check-added-large-files
        args: ['--maxkb=10240']  # 10MB limit
      - id: check-merge-conflict
      - id: check-case-conflict

  # YAML linting
  - repo: https://github.com/adrienverge/yamllint
    rev: v1.35.1
    hooks:
      - id: yamllint
        args: [-c=.yamllint]

  # Docker Compose validation
  - repo: local
    hooks:
      - id: docker-compose-check
        name: Docker Compose Syntax Check
        entry: scripts/validate-compose.sh
        language: script
        files: '\.ya?ml$'
        exclude: '^(archive/|ansible/|\.git/|docker/monitoring/prometheus/|prometheus/)'
        pass_filenames: true

  # Secret detection - blocks commits containing passwords, tokens, API keys
  - repo: https://github.com/Yelp/detect-secrets
    rev: v1.5.0
    hooks:
      - id: detect-secrets
        args: ['--baseline', '.secrets.baseline']
        exclude: '^(archive/|\.git/|\.secrets\.baseline$)'

  # Ansible playbook validation
  # Disabled: playbooks use {{.Names}} Docker Go template syntax in shell tasks
  # which ansible-lint's Jinja2 parser chokes on (false positives, not real errors).
  # To lint manually: ansible-lint --skip-list=yaml[line-length] ansible/
  # - repo: https://github.com/ansible/ansible-lint
  #   rev: v25.1.3
  #   hooks:
  #     - id: ansible-lint
  #       files: '^ansible/.*\.(yml|yaml)$'
  #       exclude: '^(archive/|\.git/)'
  #       args:
  #         - --exclude=ansible/archive/
  #         - --skip-list=yaml[line-length]
  #       additional_dependencies: ["ansible-core>=2.16,<2.17"]

# Global settings
default_stages: [pre-commit]
fail_fast: false
minimum_pre_commit_version: '3.0.0'