.pre-commit-config.yaml

exclude: (bin/(activate-)?hermit)|(scripts/make/gimme/.*)
repos:
  ## General
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v5.0.0
    hooks:
      - id: check-merge-conflict
      - id: check-added-large-files
      - id: check-yaml
        args: [--allow-multiple-documents, --unsafe]
        exclude: (^tests/test_environments/k8s-cloudbeat-tests/templates/.*)$
      - id: check-json
      - id: check-executables-have-shebangs
      - id: end-of-file-fixer
        exclude: (cloudbeat.yml|cloudbeat.reference.yml|security-policies/bundle/.*)
      - id: trailing-whitespace
        exclude: (cloudbeat.reference.yml|security-policies/bundle/.*)

      ## Security
      - id: detect-private-key

  - repo: https://github.com/asottile/add-trailing-comma
    rev: v3.1.0
    hooks:
      - id: add-trailing-comma

  - repo: local
    hooks:
      - id: golangci-lint
        name: Run golangci-lint
        entry: bash -c 'golangci-lint run'
        language: system
        files: .*.go
        pass_filenames: false

  ## Python
  - repo: https://github.com/PyCQA/flake8
    rev: 7.1.1
    hooks:
      - id: flake8
        name: flake8 ./tests/ ./.ci/scripts ./github/actions
        files: ^(.ci/scripts|.github/actions|tests)/

  - repo: https://github.com/pycqa/pylint
    rev: v3.3.3
    hooks:
      - id: pylint
        args: [
            "-rn", # Only display messages
            "--rcfile=tests/pylintrc", # Link to your config file
          ]
        # TODO: Apply pylint in security-policies
        exclude: security-policies.*

  - repo: https://github.com/pycqa/isort
    rev: 5.13.2
    hooks:
      - id: isort
        name: isort (python)
        args: ["--profile", "black"]

  - repo: https://github.com/psf/black
    rev: 24.10.0
    hooks:
      - id: black

  - repo: local
    hooks:
      - id: rain
        name: format with rain
        language: system
        entry: rain
        args: [
          "fmt",
          "-w",
        ]
        files: deploy/cloudformation/.*yml

  - repo: https://github.com/aws-cloudformation/cfn-lint
    rev: v1.22.4
    hooks:
      - id: cfn-python-lint
        files: deploy/cloudformation/.*.yml

  - repo: https://github.com/jumanjihouse/pre-commit-hooks
    rev: 3.0.0
    hooks:
      - id: shfmt
        args: ["-i", "4"]
      - id: shellcheck
        exclude: (deploy/deployment-manager/deploy.sh|deploy/deployment-manager/set_env.sh|.buildkite/scripts/publish.sh|scripts/packaging/docker/elastic-agent/build.sh|scripts/common.sh|scripts/make/common.bash)

  - repo: local
    hooks:
      - id: mage-config
        name: mage config
        entry: bash -c 'mage config'
        language: system
        files: (^_meta\/.*|^cloudbeat.*yml)$
        pass_filenames: false
      - id: mage-license-headers
        name: mage AddLicenseHeaders
        entry: bash -c 'mage AddLicenseHeaders'
        language: system
        files: .*.go
        pass_filenames: false
      - id: go-test
        name: Run short unit tests
        entry: bash -c 'go test -short -timeout 100ms ./...'
        language: system
        files: .*.go
        pass_filenames: false
      - id: go-mod-tidy
        name: Run go mod tidy
        entry: bash -c 'go mod tidy'
        language: system
        files: (go.mod|go.sum)
        pass_filenames: false
      - id: generate-arm-dev-templates
        name: Generate ARM dev templates
        entry: bash -c 'deploy/azure/generate_dev_template.py --template-type single-account && deploy/azure/generate_dev_template.py --template-type organization-account'
        language: python
        files: deploy/azure/.*
        pass_filenames: false

  - repo: local
    hooks:
      - id: opa-fmt
        name: OPA fmt
        description: Formats Rego policy using opa fmt
        entry: opa fmt
        args: [ -w ]
        language: system
        files: (\.rego)$

      - id: opa-check
        name: OPA check
        description: Check syntax of staged Rego files
        entry: opa check
        args: [ -S, './security-policies/bundle/compliance' ]
        pass_filenames: false
        language: system
        files: (\.rego)$

      - id: opa-test
        name: OPA test
        description: Runs OPA unit tests on rego source files
        entry: opa test
        args: [ -b, './security-policies/bundle' ]
        pass_filenames: false
        language: system
        files: (\.rego)$

      - id: update-rules-status
        name: Update rule status
        description: Update rule status in rules_table.md
        require_serial: true
        entry: poetry run -C security-policies python dev/update_rule_status.py
        pass_filenames: false
        language: system
        files: (.*\.rego|tests\/product\/.*\.py)$

      - id: update-rule-metadata
        name: Update rule metadata
        description: Update rule status in rules_table.md
        require_serial: true
        entry: poetry run -C security-policies python dev/generate_rule_metadata.py
        pass_filenames: false
        language: system
        files: (\.rego)$

  - repo: https://github.com/igorshubovych/markdownlint-cli
    rev: v0.43.0
    hooks:
      - id: markdownlint
        args: [ '--disable',
                MD013,  # Line length can be ignored for now
                MD033,  # Allow inline HTML
                MD046,  # Allow code blocks to be fenced with backticks
                MD041,  # Allow multiple top level headers
                MD058,  # Allow tables without blank lines around
                '--' ]
        # TODO: Apply makrdownlint in other files
        files: security-policies/.*\.(md|markdown)$

  - repo: https://github.com/StyraInc/regal
    rev: v0.29.2
    hooks:
      - id: regal-lint
        args: [security-policies/bundle]
        pass_filenames: false

  - repo: local
    hooks:
      - id: update-assets-md
        name: Update Asset Inventory's ASSETS.md
        description: Update implemented resources' status in internal/inventory/ASSETS.md
        entry: bash
        args: ['-c', 'cd scripts/update_assets_md && go run main.go']
        language: system
        pass_filenames: false
        files: internal/inventory/asset.go