eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/prek.toml
Erich Blume 138e23d525
All checks were successful
Build Container / detect (push) Successful in 3s
Details
Build Container / build-dagger (miniflux) (push) Successful in 1m3s
Details
Miniflux 2.2.19 + container.py migration + ty typechecker (#331) 
## Summary

- Upgrade miniflux from 2.2.17 to 2.2.19 (security hardening, performance improvements)
- Migrate miniflux from Dockerfile to native Dagger container.py build
- Refactor `alpine_runtime()` helper to support existing users (nobody/65534)
- Add `ty` (Astral) Python typechecker to prek hooks

## Test plan

- [ ] `dagger call build --src=. --container-name=miniflux` succeeds
- [ ] `dagger call container-version --container-name=miniflux` returns 2.2.19
- [ ] `mise run container-version-check` passes
- [ ] `ty check` passes cleanly
- [ ] `prek run --all-files` passes
- [ ] CI builds container successfully
- [ ] Miniflux healthcheck passes after deploy from branch

Reviewed-on: #331
2026-04-12 08:54:32 -07:00

194 lines
4.5 KiB
TOML
Raw Blame History

# prek.toml - Git hooks configuration
# Run: prek run --all-files
# Install: prek install && prek install --hook-type commit-msg
# Built-in hooks (fast, Rust-native — no external dependencies)
[[repos]]
repo = "builtin"
hooks = [
{ id = "trailing-whitespace" },
{ id = "end-of-file-fixer" },
{ id = "check-added-large-files", args = [
"--maxkb=1000",
] },
{ id = "check-merge-conflict" },
{ id = "check-json" },
{ id = "check-toml" },
{ id = "check-case-conflict" },
{ id = "detect-private-key" },
{ id = "check-executables-have-shebangs" },
]
# check-yaml with --unsafe (builtin fast path doesn't support --unsafe yet)
[[repos]]
repo = "https://github.com/pre-commit/pre-commit-hooks"
rev = "v6.0.0"
hooks = [{ id = "check-yaml", args = ["--unsafe"] }]
# Secret detection (running both tools in parallel to compare coverage)
[[repos]]
repo = "https://github.com/trufflesecurity/trufflehog"
rev = "v3.94.0"
hooks = [
{ id = "trufflehog", entry = "trufflehog git file://. --since-commit HEAD --no-verification --fail", stages = [
"pre-commit",
"pre-push",
] },
]
[[repos]]
repo = "https://github.com/mongodb/kingfisher"
rev = "v1.91.0"
hooks = [
{ id = "kingfisher", args = [
"scan",
".",
"--staged",
"--quiet",
"--no-update-check",
"--no-validate",
], stages = [
"pre-commit",
"pre-push",
] },
]
# YAML linting
[[repos]]
repo = "https://github.com/adrienverge/yamllint"
rev = "v1.38.0"
hooks = [{ id = "yamllint", args = ["-c", ".yamllint.yaml"] }]
# Ansible linting
[[repos]]
repo = "local"
[[repos.hooks]]
id = "ansible-lint"
name = "ansible-lint"
entry = "env ANSIBLE_ROLES_PATH=ansible/roles ansible-lint"
language = "python"
files = "^ansible/"
additional_dependencies = ["ansible-lint>=26.3.0", "ansible-core>=2.18"]
# Python - ruff for linting and formatting
[[repos]]
repo = "https://github.com/astral-sh/ruff-pre-commit"
rev = "v0.15.7"
hooks = [{ id = "ruff", args = ["--fix"] }, { id = "ruff-format" }]
# Python - ty type checker
[[repos]]
repo = "local"
[[repos.hooks]]
id = "ty-check"
name = "ty type check"
entry = "ty check"
language = "system"
types = ["python"]
pass_filenames = false
# Shell scripts - shellcheck and shfmt
[[repos]]
repo = "https://github.com/shellcheck-py/shellcheck-py"
rev = "v0.11.0.1"
hooks = [{ id = "shellcheck", args = ["--severity=warning"] }]
[[repos]]
repo = "https://github.com/scop/pre-commit-shfmt"
rev = "v3.13.0-1"
hooks = [{ id = "shfmt", args = ["-i", "2", "-ci", "-bn"] }]
# TOML - taplo
[[repos]]
repo = "https://github.com/ComPWA/taplo-pre-commit"
rev = "v0.9.3"
hooks = [{ id = "taplo-format" }, { id = "taplo-lint" }]
# JSON formatting (prettier for consistent style)
[[repos]]
repo = "https://github.com/rbubley/mirrors-prettier"
rev = "v3.8.1"
hooks = [{ id = "prettier", types_or = ["json"], args = ["--tab-width", "2"] }]
# GitHub/Forgejo Actions workflow linting
[[repos]]
repo = "https://github.com/rhysd/actionlint"
rev = "v1.7.11"
hooks = [
{ id = "actionlint-system", args = [
"-config-file",
".github/actionlint.yaml",
], files = '\.forgejo/workflows/' },
]
# Custom local hooks
# Forgejo workflow schema validation (via Dagger + forgejo-runner validate)
[[repos]]
repo = "local"
[[repos.hooks]]
id = "validate-workflows"
name = "validate-workflows"
entry = "mise run validate-workflows"
language = "system"
files = '\.forgejo/workflows/'
pass_filenames = false
# Container version consistency
[[repos]]
repo = "local"
[[repos.hooks]]
id = "container-version-check"
name = "container-version-check"
entry = "mise run container-version-check"
language = "system"
files = "^(containers/|service-versions\\.yaml)"
pass_filenames = false
# Changelog fragment validation (no subdirectories)
[[repos]]
repo = "local"
[[repos.hooks]]
id = "changelog-check"
name = "changelog-check"
entry = "mise run changelog-check"
language = "system"
files = '^docs/changelog\.d/'
pass_filenames = false
# Mikado Branch Invariant (C2 changes)
[[repos]]
repo = "local"
[[repos.hooks]]
id = "mikado-branch-invariant-check"
name = "mikado-branch-invariant-check"
entry = "mise run mikado-branch-invariant-check"
language = "system"
always_run = true
stages = ["commit-msg"]
# Documentation validation
[[repos]]
repo = "local"
[[repos.hooks]]
id = "docs-check-links"
name = "docs-check-links"
entry = "mise run docs-check-links"
language = "system"
files = '^docs/.*\.md$'
pass_filenames = false
[[repos.hooks]]
id = "docs-check-frontmatter"
name = "docs-check-frontmatter"
entry = "mise run docs-check-frontmatter"
language = "system"
files = '^docs/.*\.md$'
pass_filenames = false
Reference in a new issue View git blame Copy permalink