devops/.pre-commit-config.yaml at main · netxs2000/devops · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
# Pre-commit configuration for DevOps Platform (Full Local & Lightning Fast)
# All tools are managed by 'uv' and executed locally to avoid network dependencies.

repos:
  - repo: local
    hooks:
      # 代码格式化与 Linting (Ruff)
      - id: ruff
        name: Ruff Lint
        entry: uv run ruff check --fix
        language: system
        types: [python]

      - id: ruff-format
        name: Ruff Format
        entry: uv run ruff format
        language: system
        types: [python]

      # 敏感信息扫描 (Left-shifted to Host)
      - id: detect-secrets
        name: Detect Secrets
        entry: uv run detect-secrets-hook --baseline .secrets.baseline
        language: system
        types: [text]
        exclude: '.*\.lock|tests/.*'

      # SAST 静态安全扫描 (Bandit)
      - id: bandit
        name: Bandit Security Scan
        entry: uv run bandit -ll -r devops_collector/ devops_portal/
        language: system
        types: [python]
        pass_filenames: false

      # 极速单元测试防线 (L1)
      - id: pytest-unit
        name: Fast Unit Tests
        entry: uv run pytest tests/unit/ --picked
        language: system
        types: [python]
        pass_filenames: false

      # 数据字典新鲜度检查
      - id: check-data-dict
        name: Check Data Dictionary Freshness
        entry: uv run python scripts/check_data_dict_freshness.py
        language: python
        files: 'devops_collector/models/.*\.py$|devops_collector/plugins/.*/models\.py$'
        pass_filenames: false

      # 禁止提交包含表情符号的文件
      - id: check-no-emoji
        name: Check No Emoji in Code
        entry: uv run python -c "import sys; sys.exit(1 if any(ord(c) > 127 and ord(c) in range(0x1F600, 0x1F64F) for c in open(sys.argv[1], encoding='utf-8').read()) else 0)"
        language: python
        types: [python, markdown, html, css, javascript]
        exclude: '^(tests/|archived/)'

      # 检查中文注释规范
      - id: check-docstrings
        name: Check Docstrings Exist
        entry: >
          uv run python -c "import sys, ast; tree = ast.parse(open(sys.argv[1], encoding='utf-8').read()); [print(f'Missing docstring: {n.name} in {sys.argv[1]}') for n in ast.walk(tree) if isinstance(n, (ast.FunctionDef, ast.ClassDef)) and not ast.get_docstring(n)]"
        language: system
        types: [python]
        exclude: '^(tests/|archived/|scripts/)'

      # 渐进式静态类型检查 (MyPy)
      - id: mypy-check
        name: MyPy Type Check (Core Domains)
        entry: uv run mypy
        language: system
        types: [python]
        files: 'devops_collector/(models|schemas|auth|plugins/.*?/models)\.py$'
        pass_filenames: true

      # HTML/Jinja2 缩进规范 (djHTML)
      - id: djhtml
        name: djHTML Formatter
        entry: uv run djhtml --tabwidth 2
        language: system
        files: '\.(html|j2)$'
        pass_filenames: true

      # Markdown 文档对齐 (mdformat)
      - id: mdformat
        name: Markdown Formatter
        entry: uv run mdformat
        language: system
        types: [markdown]
        pass_filenames: true