Erich Blume
66b5b32f1d
## Summary - **C0 (Quick Fix):** Now explicitly allows direct-to-main commits with no PR required — for low-risk, fix-forward-safe changes - **C1 (Human Review):** New docs-first workflow with branch deployment (ArgoCD `--revision`, Ansible from checkout). Includes upgrade criteria for escalation to C2 - **C2 (Mikado Chain):** Introduces the **Mikado Branch Invariant** — strict commit ordering where card-introducing commits come first, followed by code progress, followed by card closures. Branch resets required when new prerequisites are discovered Updates CLAUDE.md rules (3, 4, 8, 9) to reflect that C0 bypasses branching/PR requirements. Also updates ai-assistance-guide, how-to index, and docs-mikado task description. ## Files changed - `CLAUDE.md` — rules and classification table - `docs/how-to/agent-change-process.md` — full process rewrite - `docs/tutorials/ai-assistance-guide.md` — branching and pitfalls sections - `docs/how-to/how-to.md` — index description - `mise-tasks/docs-mikado` — task description - `docs/changelog.d/formalize-change-classification.doc.md` — changelog fragment Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/259
149 lines
4.1 KiB
YAML
149 lines
4.1 KiB
YAML
---
|
|
# See https://pre-commit.com for more information
|
|
# Run: uvx pre-commit run --all-files
|
|
# Install: uvx pre-commit install && uvx pre-commit install --hook-type commit-msg
|
|
|
|
repos:
|
|
# General file hygiene
|
|
- repo: https://github.com/pre-commit/pre-commit-hooks
|
|
rev: v6.0.0
|
|
hooks:
|
|
- id: trailing-whitespace
|
|
- id: end-of-file-fixer
|
|
- id: check-added-large-files
|
|
args: ['--maxkb=1000']
|
|
- id: check-merge-conflict
|
|
- id: check-json
|
|
- id: check-yaml
|
|
args: ['--unsafe'] # Allow custom tags (ansible uses them)
|
|
- id: check-toml
|
|
|
|
# Secret detection
|
|
- repo: https://github.com/trufflesecurity/trufflehog
|
|
rev: v3.93.4
|
|
hooks:
|
|
- id: trufflehog
|
|
entry: trufflehog git file://. --since-commit HEAD --no-verification --fail
|
|
stages: [pre-commit, pre-push]
|
|
|
|
# YAML linting
|
|
- repo: https://github.com/adrienverge/yamllint
|
|
rev: v1.38.0
|
|
hooks:
|
|
- id: yamllint
|
|
args: ['-c', '.yamllint.yaml']
|
|
|
|
# Ansible linting
|
|
- repo: local
|
|
hooks:
|
|
- id: ansible-lint
|
|
name: ansible-lint
|
|
entry: env ANSIBLE_ROLES_PATH=ansible/roles ansible-lint
|
|
language: python
|
|
files: ^ansible/
|
|
additional_dependencies:
|
|
- ansible-lint>=26.1.1
|
|
- ansible-core>=2.15
|
|
|
|
# Python - ruff for linting and formatting
|
|
- repo: https://github.com/astral-sh/ruff-pre-commit
|
|
rev: v0.15.2
|
|
hooks:
|
|
- id: ruff
|
|
args: ['--fix']
|
|
- id: ruff-format
|
|
|
|
# Shell scripts - shellcheck and shfmt
|
|
- repo: https://github.com/shellcheck-py/shellcheck-py
|
|
rev: v0.11.0.1
|
|
hooks:
|
|
- id: shellcheck
|
|
args: ['--severity=warning']
|
|
|
|
- repo: https://github.com/scop/pre-commit-shfmt
|
|
rev: v3.12.0-2
|
|
hooks:
|
|
- id: shfmt
|
|
args: ['-i', '2', '-ci', '-bn'] # 2-space indent, case indent, binary newline
|
|
|
|
# TOML - taplo
|
|
- repo: https://github.com/ComPWA/taplo-pre-commit
|
|
rev: v0.9.3
|
|
hooks:
|
|
- id: taplo-format
|
|
- id: taplo-lint
|
|
|
|
# JSON formatting (prettier for consistent style)
|
|
- repo: https://github.com/rbubley/mirrors-prettier
|
|
rev: v3.8.1
|
|
hooks:
|
|
- id: prettier
|
|
types_or: [json]
|
|
args: ['--tab-width', '2']
|
|
|
|
# GitHub/Forgejo Actions workflow linting
|
|
- repo: https://github.com/rhysd/actionlint
|
|
rev: v1.7.11
|
|
hooks:
|
|
- id: actionlint-system
|
|
args: ['-config-file', '.github/actionlint.yaml']
|
|
files: ^\.forgejo/workflows/
|
|
|
|
# Forgejo workflow schema validation (via Dagger + forgejo-runner validate)
|
|
- repo: local
|
|
hooks:
|
|
- id: validate-workflows
|
|
name: validate-workflows
|
|
entry: mise run validate-workflows
|
|
language: system
|
|
files: ^\.forgejo/workflows/
|
|
pass_filenames: false
|
|
|
|
# Container version consistency
|
|
- repo: local
|
|
hooks:
|
|
- id: container-version-check
|
|
name: container-version-check
|
|
entry: mise run container-version-check
|
|
language: system
|
|
files: ^(containers/|service-versions\.yaml)
|
|
pass_filenames: false
|
|
|
|
# Mikado Branch Invariant (C2 changes)
|
|
- repo: local
|
|
hooks:
|
|
- id: mikado-branch-invariant-check
|
|
name: mikado-branch-invariant-check
|
|
entry: mise run mikado-branch-invariant-check
|
|
language: system
|
|
always_run: true
|
|
pass_filenames: false
|
|
stages: [commit-msg]
|
|
|
|
# Documentation validation
|
|
- repo: local
|
|
hooks:
|
|
- id: docs-check-filenames
|
|
name: docs-check-filenames
|
|
entry: mise run docs-check-filenames
|
|
language: system
|
|
files: ^docs/.*\.md$
|
|
pass_filenames: false
|
|
- id: docs-check-links
|
|
name: docs-check-links
|
|
entry: mise run docs-check-links
|
|
language: system
|
|
files: ^docs/.*\.md$
|
|
pass_filenames: false
|
|
- id: docs-check-index
|
|
name: docs-check-index
|
|
entry: mise run docs-check-index
|
|
language: system
|
|
files: ^docs/.*\.md$
|
|
pass_filenames: false
|
|
- id: docs-check-frontmatter
|
|
name: docs-check-frontmatter
|
|
entry: mise run docs-check-frontmatter
|
|
language: system
|
|
files: ^docs/.*\.md$
|
|
pass_filenames: false
|