apunkt/SurfSense
1
0
Fork 0
mirror of https://github.com/MODSetter/SurfSense.git synced 2026-04-24 16:26:32 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

chore: add pre-commit

Browse source
This commit is contained in:
Sabin Shrestha 2025-07-21 22:46:12 +05:45
parent dd7768206c
commit b82c24ad07
3 changed files with 278 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

33
.github/workflows/pre-commit.yml vendored Normal file
View file

@ -0,0 +1,33 @@
name: pre-commit
on:
push:
pull_request:
branches: [main]
jobs:
pre-commit:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0 # Required for detecting diffs
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Install pre-commit
run: |
pip install pre-commit
- name: Run pre-commit on changed files
run: |
CHANGED_FILES=$(git diff --name-only origin/main...HEAD | tr '\n' ' ')
if [ -n "$CHANGED_FILES" ]; then
pre-commit run --files $CHANGED_FILES
else
echo "No changed files to check."
fi

130
.pre-commit-config.yaml Normal file
View file

@ -0,0 +1,130 @@
# Pre-commit configuration for SurfSense
# See https://pre-commit.com for more information
repos:
# General file quality hooks
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v5.0.0
hooks:
- id: trailing-whitespace
exclude: '\.md$'
- id: check-yaml
args: [--multi, --unsafe]
- id: check-json
exclude: '(tsconfig\.json|\.vscode/.*\.json)$'
- id: check-toml
- id: check-merge-conflict
- id: check-added-large-files
args: [--maxkb=10240] # 10MB limit
- id: debug-statements
- id: check-case-conflict
# Security - detect secrets across all file types
- repo: https://github.com/Yelp/detect-secrets
rev: v1.5.0
hooks:
- id: detect-secrets
args: ['--baseline', '.secrets.baseline']
exclude: |
(?x)^(
.*\.env\.example|
.*\.env\.template|
.*/tests/.*|
.*test.*\.py|
.github/workflows/.*\.yml|
.github/workflows/.*\.yaml|
.*pnpm-lock\.yaml|
.*alembic\.ini|
.*\.mdx$
)$
# Python Backend Hooks (surfsense_backend)
- repo: https://github.com/psf/black
rev: 25.1.0
hooks:
- id: black
files: ^surfsense_backend/
language_version: python3
- repo: https://github.com/pycqa/isort
rev: 6.0.1
hooks:
- id: isort
files: ^surfsense_backend/
args: ["--profile", "black", "--line-length", "88"]
- repo: https://github.com/astral-sh/ruff-pre-commit
rev: v0.12.4
hooks:
- id: ruff
files: ^surfsense_backend/
args: [--fix, --exit-non-zero-on-fix]
- id: ruff-format
files: ^surfsense_backend/
- repo: https://github.com/pre-commit/mirrors-mypy
rev: v1.17.0
hooks:
- id: mypy
files: ^surfsense_backend/
additional_dependencies: []
args: [--ignore-missing-imports, --disallow-untyped-defs]
- repo: https://github.com/PyCQA/bandit
rev: 1.8.6
hooks:
- id: bandit
files: ^surfsense_backend/
args: ['-r', '.', '-f', 'json']
exclude: ^surfsense_backend/(tests/|alembic/)
# Frontend/Extension Hooks (TypeScript/JavaScript)
- repo: https://github.com/pre-commit/mirrors-prettier
rev: v4.0.0-alpha.8
hooks:
- id: prettier
files: ^(surfsense_web|surfsense_browser_extension)/
types_or: [javascript, jsx, ts, tsx, json, yaml, markdown]
exclude: '(package-lock\.json|\.next/|build/|dist/)'
- repo: https://github.com/pre-commit/mirrors-eslint
rev: v9.31.0
hooks:
- id: eslint
files: ^surfsense_web/
types: [file]
types_or: [javascript, jsx, ts, tsx]
additional_dependencies:
- 'eslint@^9'
- 'eslint-config-next@15.2.0'
- '@eslint/eslintrc@^3'
args: [--fix]
exclude: '(\.next/|build/|dist/)'
# TypeScript compilation check
- repo: local
hooks:
- id: typescript-check-web
name: TypeScript Check (Web)
entry: bash -c 'cd surfsense_web && (command -v pnpm >/dev/null 2>&1 && pnpm build --dry-run || npx next build --dry-run)'
language: system
files: ^surfsense_web/.*\.(ts|tsx)$
pass_filenames: false
- id: typescript-check-extension
name: TypeScript Check (Browser Extension)
entry: bash -c 'cd surfsense_browser_extension && npx tsc --noEmit'
language: system
files: ^surfsense_browser_extension/.*\.(ts|tsx)$
pass_filenames: false
# Commit message linting
- repo: https://github.com/commitizen-tools/commitizen
rev: v4.8.3
hooks:
- id: commitizen
stages: [commit-msg]
# Global configuration
default_stages: [pre-commit]
fail_fast: false

115
.secrets.baseline Normal file
View file

@ -0,0 +1,115 @@
{
"version": "1.5.0",
"plugins_used": [
{
"name": "ArtifactoryDetector"
},
{
"name": "AWSKeyDetector"
},
{
"name": "AzureStorageKeyDetector"
},
{
"name": "Base64HighEntropyString",
"limit": 4.5
},
{
"name": "BasicAuthDetector"
},
{
"name": "CloudantDetector"
},
{
"name": "DiscordBotTokenDetector"
},
{
"name": "GitHubTokenDetector"
},
{
"name": "HexHighEntropyString",
"limit": 3.0
},
{
"name": "IbmCloudIamDetector"
},
{
"name": "IbmCosHmacDetector"
},
{
"name": "JwtTokenDetector"
},
{
"name": "KeywordDetector",
"keyword_exclude": ""
},
{
"name": "MailchimpDetector"
},
{
"name": "NpmDetector"
},
{
"name": "PrivateKeyDetector"
},
{
"name": "SendGridDetector"
},
{
"name": "SlackDetector"
},
{
"name": "SoftlayerDetector"
},
{
"name": "SquareOAuthDetector"
},
{
"name": "StripeDetector"
},
{
"name": "TwilioKeyDetector"
}
],
"filters_used": [
{
"path": "detect_secrets.filters.allowlist.is_line_allowlisted"
},
{
"path": "detect_secrets.filters.common.is_baseline_file"
},
{
"path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
"min_level": 2
},
{
"path": "detect_secrets.filters.heuristic.is_indirect_reference"
},
{
"path": "detect_secrets.filters.heuristic.is_likely_id_string"
},
{
"path": "detect_secrets.filters.heuristic.is_lock_file"
},
{
"path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
},
{
"path": "detect_secrets.filters.heuristic.is_potential_uuid"
},
{
"path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
},
{
"path": "detect_secrets.filters.heuristic.is_sequential_string"
},
{
"path": "detect_secrets.filters.heuristic.is_swagger_file"
},
{
"path": "detect_secrets.filters.heuristic.is_templated_secret"
}
],
"results": {},
"generated_at": "2025-01-20T12:00:00Z"
}