repos: - repo: https://github.com/pre-commit/pre-commit-hooks rev: v4.6.0 hooks: - id: end-of-file-fixer exclude: '^(frontend/(coverage|dist|node_modules|\.vite)/|.*\.tsbuildinfo$)' - id: trailing-whitespace exclude: '^(frontend/(coverage|dist|node_modules|\.vite)/|.*\.tsbuildinfo$)' - id: check-yaml - id: check-added-large-files args: ['--maxkb=2500'] - repo: local hooks: - id: dockerfile-check name: dockerfile validation entry: tools/dockerfile_check.sh language: script files: "Dockerfile.*" pass_filenames: true - id: go-test-coverage name: Go Test Coverage entry: scripts/go-test-coverage.sh language: script pass_filenames: false verbose: true always_run: true - id: go-vet name: Go Vet entry: bash -c 'cd backend && go vet ./...' language: system files: '\.go$' pass_filenames: false - id: check-version-match name: Check .version matches latest Git tag entry: bash -c 'scripts/check-version-match-tag.sh' language: system files: '\.version$' pass_filenames: false - id: check-lfs-large-files name: Prevent large files that are not tracked by LFS entry: bash scripts/pre-commit-hooks/check-lfs-for-large-files.sh language: system pass_filenames: false verbose: true always_run: true - id: block-codeql-db-commits name: Prevent committing CodeQL DB artifacts entry: bash scripts/pre-commit-hooks/block-codeql-db-commits.sh language: system pass_filenames: false verbose: true always_run: true - id: block-data-backups-commit name: Prevent committing data/backups files entry: bash scripts/pre-commit-hooks/block-data-backups-commit.sh language: system pass_filenames: false verbose: true always_run: true # === MANUAL/CI-ONLY HOOKS === # These are slow and should only run on-demand or in CI # Run manually with: pre-commit run golangci-lint --all-files - id: go-test-race name: Go Test Race (Manual) entry: bash -c 'cd backend && go test -race ./...' language: system files: '\.go$' pass_filenames: false stages: [manual] # Only runs when explicitly called - id: golangci-lint name: GolangCI-Lint (Manual) entry: bash -c 'cd backend && docker run --rm -v $(pwd):/app:ro -w /app golangci/golangci-lint:latest golangci-lint run -v' language: system files: '\.go$' pass_filenames: false stages: [manual] # Only runs when explicitly called - id: hadolint name: Hadolint Dockerfile Check (Manual) entry: bash -c 'docker run --rm -i hadolint/hadolint < Dockerfile' language: system files: 'Dockerfile' pass_filenames: false stages: [manual] # Only runs when explicitly called - id: frontend-type-check name: Frontend TypeScript Check entry: bash -c 'cd frontend && npm run type-check' language: system files: '^frontend/.*\.(ts|tsx)$' pass_filenames: false - id: frontend-lint name: Frontend Lint (Fix) entry: bash -c 'cd frontend && npm run lint -- --fix' language: system files: '^frontend/.*\.(ts|tsx|js|jsx)$' pass_filenames: false - id: frontend-test-coverage name: Frontend Test Coverage (Manual) entry: scripts/frontend-test-coverage.sh language: script files: '^frontend/.*\\.(ts|tsx|js|jsx)$' pass_filenames: false verbose: true stages: [manual] - id: security-scan name: Security Vulnerability Scan (Manual) entry: scripts/security-scan.sh language: script files: '(\.go$|go\.mod$|go\.sum$)' pass_filenames: false verbose: true stages: [manual] # Only runs when explicitly called - repo: https://github.com/igorshubovych/markdownlint-cli rev: v0.43.0 hooks: - id: markdownlint args: ["--fix"] exclude: '^(node_modules|\.venv|test-results|codeql-db|codeql-agent-results)/' stages: [manual]