# prek.toml - Git hooks configuration
# Run: prek run --all-files
# Install: prek install && prek install --hook-type commit-msg

# Built-in hooks (fast, Rust-native — no external dependencies)
[[repos]]
repo = "builtin"
hooks = [
  { id = "trailing-whitespace" },
  { id = "end-of-file-fixer" },
  { id = "check-added-large-files", args = [
    "--maxkb=1000",
  ] },
  { id = "check-merge-conflict" },
  { id = "check-json" },
  { id = "check-toml" },
  { id = "check-case-conflict" },
  { id = "detect-private-key" },
  { id = "check-executables-have-shebangs" },
]

# check-yaml with --unsafe (builtin fast path doesn't support --unsafe yet)
[[repos]]
repo = "https://github.com/pre-commit/pre-commit-hooks"
rev = "3e8a8703264a2f4a69428a0aa4dcb512790b2c8c"        # v6.0.0
hooks = [{ id = "check-yaml", args = ["--unsafe"] }]

# Secret detection (running both tools in parallel to compare coverage)
[[repos]]
repo = "https://github.com/trufflesecurity/trufflehog"
rev = "37b77001d0174ebec2fcca2bd83ff83a6d45a3ab" # v3.95.3
hooks = [
  { id = "trufflehog", entry = "trufflehog git file://. --since-commit HEAD --no-verification --fail", stages = [
    "pre-commit",
    "pre-push",
  ] },
]

[[repos]]
repo = "https://github.com/mongodb/kingfisher"
rev = "6f560103cc6ea082ef4b80a9098e3f3111afb8bc" # v1.101.0
hooks = [
  { id = "kingfisher", args = [
    "scan",
    ".",
    "--staged",
    "--quiet",
    "--no-update-check",
    "--no-validate",
  ], stages = [
    "pre-commit",
    "pre-push",
  ] },
]

# YAML linting
[[repos]]
repo = "https://github.com/adrienverge/yamllint"
rev = "cba56bcde1fdd01c1deb3f945e69764c291a6530"               # v1.38.0
hooks = [{ id = "yamllint", args = ["-c", ".yamllint.yaml"] }]

# Ansible linting
[[repos]]
repo = "local"

[[repos.hooks]]
id = "ansible-lint"
name = "ansible-lint"
entry = "env ANSIBLE_ROLES_PATH=ansible/roles ansible-lint"
language = "python"
files = "^ansible/"
additional_dependencies = ["ansible-lint==26.4.0", "ansible-core==2.21.0"]

# Python - ruff for linting and formatting
[[repos]]
repo = "https://github.com/astral-sh/ruff-pre-commit"
rev = "0c7b6c989466a93942def1f84baf36ddfcd60c83"                    # v0.15.14
hooks = [{ id = "ruff", args = ["--fix"] }, { id = "ruff-format" }]

# Python - ty type checker
[[repos]]
repo = "local"

[[repos.hooks]]
id = "ty-check"
name = "ty type check"
entry = "ty check"
language = "system"
types = ["python"]
pass_filenames = false

# Shell scripts - shellcheck and shfmt
[[repos]]
repo = "https://github.com/shellcheck-py/shellcheck-py"
rev = "745eface02aef23e168a8afb6b5737818efbea95"               # v0.11.0.1
hooks = [{ id = "shellcheck", args = ["--severity=warning"] }]

[[repos]]
repo = "https://github.com/scop/pre-commit-shfmt"
rev = "05c1426671b9237fb5e1444dd63aa5731bec0dfb"             # v3.13.1-1
hooks = [{ id = "shfmt", args = ["-i", "2", "-ci", "-bn"] }]

# TOML - taplo
[[repos]]
repo = "https://github.com/ComPWA/taplo-pre-commit"
rev = "23eab0f0eedcbedebff420f5fdfb284744adc7b3"                                 # v0.9.3
hooks = [{ id = "taplo-format" }, { id = "taplo-lint", args = ["--no-schema"] }]

# JSON formatting (prettier for consistent style)
[[repos]]
repo = "https://github.com/rbubley/mirrors-prettier"
rev = "515f543f5718ebfd6ce22e16708bb32c68ff96e1"                                # v3.8.3
hooks = [{ id = "prettier", types_or = ["json"], args = ["--tab-width", "2"] }]

# GitHub/Forgejo Actions workflow linting
[[repos]]
repo = "https://github.com/rhysd/actionlint"
rev = "914e7df21a07ef503a81201c76d2b11c789d3fca" # v1.7.12
hooks = [
  { id = "actionlint-system", args = [
    "-config-file",
    ".github/actionlint.yaml",
  ], files = '\.forgejo/workflows/' },
]

# Custom local hooks

# Forgejo workflow schema validation (via Dagger + forgejo-runner validate)
[[repos]]
repo = "local"

[[repos.hooks]]
id = "validate-workflows"
name = "validate-workflows"
entry = "mise run validate-workflows"
language = "system"
files = '\.forgejo/workflows/'
pass_filenames = false

# Container version consistency
[[repos]]
repo = "local"

[[repos.hooks]]
id = "container-version-check"
name = "container-version-check"
entry = "mise run container-version-check"
language = "system"
files = "^(containers/|service-versions\\.yaml)"
pass_filenames = false

# Changelog fragment validation (no subdirectories)
[[repos]]
repo = "local"

[[repos.hooks]]
id = "changelog-check"
name = "changelog-check"
entry = "mise run changelog-check"
language = "system"
files = '^docs/changelog\.d/'
pass_filenames = false

# Mikado Branch Invariant (C2 changes)
[[repos]]
repo = "local"

[[repos.hooks]]
id = "mikado-branch-invariant-check"
name = "mikado-branch-invariant-check"
entry = "mise run mikado-branch-invariant-check"
language = "system"
always_run = true
stages = ["commit-msg"]

# Documentation validation
[[repos]]
repo = "local"

[[repos.hooks]]
id = "docs-check-links"
name = "docs-check-links"
entry = "mise run docs-check-links"
language = "system"
files = '^docs/.*\.md$'
pass_filenames = false

[[repos.hooks]]
id = "docs-check-frontmatter"
name = "docs-check-frontmatter"
entry = "mise run docs-check-frontmatter"
language = "system"
files = '^docs/.*\.md$'
pass_filenames = false