Erich Blume
834c9fa57b
All checks were successful
Deploy Fly.io Proxy / deploy (push) Successful in 1m37s
## Summary - Bump Fly.io proxy VM memory from 256MB to 512MB — Alloy was OOM-killed, causing the Grafana Fly.io dashboard to lose metrics - Fix TruffleHog pre-commit hook to scan only staged changes (`--since-commit HEAD`) instead of full repo history - Sanitize example credential URL in Reolink camera plan doc ## Deployment and Testing - [ ] Fly.io deploy triggers automatically on merge (workflow watches `fly/**`) - [ ] After deploy, verify Alloy is running: `fly ssh console -a blumeops-proxy -C "ps aux"` should show alloy process - [ ] Grafana Fly.io dashboard should start populating within ~1 minute Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/152
112 lines
3 KiB
YAML
112 lines
3 KiB
YAML
---
|
|
# See https://pre-commit.com for more information
|
|
# Run: uvx pre-commit run --all-files
|
|
# Install: uvx pre-commit install
|
|
|
|
repos:
|
|
# General file hygiene
|
|
- repo: https://github.com/pre-commit/pre-commit-hooks
|
|
rev: v6.0.0
|
|
hooks:
|
|
- id: trailing-whitespace
|
|
- id: end-of-file-fixer
|
|
- id: check-added-large-files
|
|
args: ['--maxkb=1000']
|
|
- id: check-merge-conflict
|
|
- id: check-json
|
|
- id: check-yaml
|
|
args: ['--unsafe'] # Allow custom tags (ansible uses them)
|
|
- id: check-toml
|
|
|
|
# Secret detection
|
|
- repo: https://github.com/trufflesecurity/trufflehog
|
|
rev: v3.92.5
|
|
hooks:
|
|
- id: trufflehog
|
|
entry: trufflehog git file://. --since-commit HEAD --no-verification --fail
|
|
stages: [pre-commit, pre-push]
|
|
|
|
# YAML linting
|
|
- repo: https://github.com/adrienverge/yamllint
|
|
rev: v1.38.0
|
|
hooks:
|
|
- id: yamllint
|
|
args: ['-c', '.yamllint.yaml']
|
|
|
|
# Ansible linting
|
|
- repo: local
|
|
hooks:
|
|
- id: ansible-lint
|
|
name: ansible-lint
|
|
entry: env ANSIBLE_ROLES_PATH=ansible/roles ansible-lint
|
|
language: python
|
|
files: ^ansible/
|
|
additional_dependencies:
|
|
- ansible-lint>=26.1.1
|
|
- ansible-core>=2.15
|
|
|
|
# Python - ruff for linting and formatting
|
|
- repo: https://github.com/astral-sh/ruff-pre-commit
|
|
rev: v0.14.13
|
|
hooks:
|
|
- id: ruff
|
|
args: ['--fix']
|
|
- id: ruff-format
|
|
|
|
# Shell scripts - shellcheck and shfmt
|
|
- repo: https://github.com/shellcheck-py/shellcheck-py
|
|
rev: v0.10.0.1
|
|
hooks:
|
|
- id: shellcheck
|
|
args: ['--severity=warning']
|
|
|
|
- repo: https://github.com/scop/pre-commit-shfmt
|
|
rev: v3.12.0-2
|
|
hooks:
|
|
- id: shfmt
|
|
args: ['-i', '2', '-ci', '-bn'] # 2-space indent, case indent, binary newline
|
|
|
|
# TOML - taplo
|
|
- repo: https://github.com/ComPWA/taplo-pre-commit
|
|
rev: v0.9.3
|
|
hooks:
|
|
- id: taplo-format
|
|
- id: taplo-lint
|
|
|
|
# JSON formatting (prettier for consistent style)
|
|
- repo: https://github.com/rbubley/mirrors-prettier
|
|
rev: v3.8.0
|
|
hooks:
|
|
- id: prettier
|
|
types_or: [json]
|
|
args: ['--tab-width', '2']
|
|
|
|
# GitHub/Forgejo Actions workflow linting
|
|
- repo: https://github.com/rhysd/actionlint
|
|
rev: v1.7.10
|
|
hooks:
|
|
- id: actionlint-system
|
|
args: ['-config-file', '.github/actionlint.yaml']
|
|
files: ^\.forgejo/workflows/
|
|
|
|
# Documentation validation
|
|
- repo: local
|
|
hooks:
|
|
- id: docs-check-filenames
|
|
name: docs-check-filenames
|
|
entry: mise run docs-check-filenames
|
|
language: system
|
|
files: ^docs/.*\.md$
|
|
pass_filenames: false
|
|
- id: docs-check-links
|
|
name: docs-check-links
|
|
entry: mise run docs-check-links
|
|
language: system
|
|
files: ^docs/.*\.md$
|
|
pass_filenames: false
|
|
- id: docs-check-index
|
|
name: docs-check-index
|
|
entry: mise run docs-check-index
|
|
language: system
|
|
files: ^docs/.*\.md$
|
|
pass_filenames: false
|