---
default_install_hook_types: ["pre-commit", "pre-push"]
default_stages: ["commit"]
minimum_pre_commit_version: 2.18.0
repos:
  # Security
  - repo: https://github.com/Yelp/detect-secrets
    rev: v1.5.0
    hooks:
      - id: detect-secrets
        stages: ["commit", "push"]
  - repo: https://github.com/gitleaks/gitleaks
    rev: v8.18.4
    hooks:
      - id: gitleaks
        stages: ["commit", "push"]
  - repo: https://github.com/fabasoad/pre-commit-grype
    rev: v0.4.0
    hooks:
      - id: grype-dir
        args:
          - --grype-args=--by-cve --fail-on=low
          - --hook-args=--log-level debug
        stages: ["push"]
  # Markdown
  - repo: https://github.com/igorshubovych/markdownlint-cli
    rev: v0.41.0
    hooks:
      - id: markdownlint-fix
  # Shell
  - repo: https://github.com/openstack/bashate
    rev: 2.1.1
    hooks:
      - id: bashate
        args: ["-i", "E003,E006"]
        stages: ["commit"]
  # Yaml
  - repo: https://github.com/adrienverge/yamllint
    rev: v1.35.1
    hooks:
      - id: yamllint
        stages: ["push"]
  # GitHub Actions
  - repo: https://github.com/rhysd/actionlint
    rev: v1.7.1
    hooks:
      - id: actionlint
        args: ["-pyflakes="]
        stages: ["commit"]
  # Other
  - repo: https://github.com/pre-commit/mirrors-prettier
    rev: v3.1.0
    hooks:
      - id: prettier
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v4.6.0
    hooks:
      - id: check-executables-have-shebangs
        stages: ["commit"]
      - id: check-shebang-scripts-are-executable
        stages: ["commit"]
      - id: check-merge-conflict
      - id: check-json
        stages: ["push"]
      - id: detect-private-key
        stages: ["commit", "push"]
      - id: end-of-file-fixer
      - id: mixed-line-ending
        args: ["--fix=lf"]
      - id: no-commit-to-branch
      - id: trailing-whitespace