.pre-commit-config.yaml

# See https://pre-commit.com for more information
# See https://pre-commit.com/hooks.html for more hooks
repos:
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v4.4.0
    hooks:
      - id: check-added-large-files
        name: Check for files larger than 5 MB
        args: [ "--maxkb=5120" ]
      - id: end-of-file-fixer
        name: Check for a blank line at the end of scripts (auto-fixes)
        exclude: '\.Rd'
      - id: trailing-whitespace
        name: Check for trailing whitespaces (auto-fixes)

  - repo: https://github.com/Yelp/detect-secrets
    rev: v1.4.0
    hooks:
    -   id: detect-secrets
        exclude: poetry.lock

  - repo: local
    hooks:
    -   id: detect-ip
        name: Detect IP addresses
        entry: '^(?!0\.0\.0\.0$)(?!127\.0\.0\.1$)\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}'
        language: pygrep
        exclude: '^static/|\.lock'
        files: .

  - repo: local
    hooks:
    -   id: detect-aws-account
        name: Detect AWS account numbers
        language: pygrep
        entry: ':\d{12}:'

  - repo: https://github.com/mxab/pre-commit-trivy.git
    rev: v0.3.0
    hooks:
      - id: trivyfs-docker
        args:
          - --skip-dirs
          - ./tests
          - --skip-dirs
          - ./.idea
          - --skip-files
          - ./.env
          - --skip-files
          - ./.env.backup
          - --skip-dirs
          - ./models
          - --skip-dirs
          - ./.vscode
          - --skip-dirs
          - ./data
          - --skip-dirs
          - ./.pre-commit-trivy-cache
          - --skip-dirs
          - ./infrastructure
          - --ignore-unfixed
          - . # last arg indicates the path/file to scan