production-stack/.pre-commit-config.yaml

repos:
  - repo: https://github.com/rhysd/actionlint
    rev: v1.7.7
    hooks:
      - id: actionlint
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v5.0.0
    hooks:
      - id: check-json
      - id: check-toml
      - id: check-yaml
        args: ["--allow-multiple-documents"]
        exclude: |
          (?x)(
              ^helm/templates/|
              .github/deployment-router.yaml
          )          
      - id: end-of-file-fixer
      - id: requirements-txt-fixer
      - id: trailing-whitespace
  - repo: https://github.com/hadolint/hadolint
    rev: v2.12.0
    hooks:
      - id: hadolint-docker
        stages: [manual] # Only run in CI, add to .github/workflows/pre-commit.yml
        exclude: "src/gateway_inference_extension/Dockerfile"
  - repo: https://github.com/gruntwork-io/pre-commit
    rev: v0.1.25
    hooks:
      - id: helmlint
        stages: [manual] # Only run in CI, add to .github/workflows/pre-commit.yml
  - repo: https://github.com/psf/black
    rev: "25.1.0"
    hooks:
      - id: black
  - repo: https://github.com/pycqa/isort
    rev: "6.0.0"
    hooks:
      - id: isort
  - repo: https://github.com/astral-sh/ruff-pre-commit
    rev: v0.12.0
    hooks:
      - id: ruff
        files: ^src/tests/
  # TODO: Enable this hook when environment issues are resolved
  - repo: https://github.com/koalaman/shellcheck-precommit
    rev: v0.10.0
    hooks:
      - id: shellcheck
        stages: [manual] # Only run in CI, add to .github/workflows/pre-commit.yml
  - repo: https://github.com/igorshubovych/markdownlint-cli
    rev: v0.44.0
    hooks:
      - id: markdownlint
        exclude: "(\\.github/PULL_REQUEST_TEMPLATE\\.md|CODE_OF_CONDUCT\\.md)"
  - repo: https://github.com/codespell-project/codespell
    rev: v2.4.1
    hooks:
      - id: codespell
        args: ["--ignore-words", ".codespell-ignore"]
  - repo: https://github.com/bridgecrewio/checkov
    rev: 3.2.446  # Update as needed
    hooks:
      - id: checkov
        name: "Checkov security scan for infra and config"
        args:
          - --soft-fail
          - --quiet
          - --framework
          - github_configuration,github_actions,sast_python,sast_golang,helm,dockerfile,yaml
        stages: [manual] # Only run manually and soft-fail for infomation for now, remove it once we have solve the issues