config: Add various pre-commit hooks (#33)

SocialGouv · Dec 12, 2024 · 40fb7e6 · 40fb7e6
1 parent c59ab99
commit 40fb7e6
Show file tree

Hide file tree

Showing 5 changed files with 194 additions and 2 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,33 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+      - id: check-added-large-files
+        description: Prevents adding large files to the repository
+      - id: check-merge-conflict
+        description: Prevents adding files with merge conflict markers
+      - id: check-toml
+        description: Checks TOML files for syntax errors
+      - id: name-tests-test
+        description: Checks that test files are named correctly
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.8.2
+    hooks:
+      # Run the linter.
+      - id: ruff
+        types_or: [python, pyi]
+        args: [--fix]
+      # Run the formatter.
+      - id: ruff-format
+        types_or: [python, pyi]
+  - repo: https://github.com/PyCQA/bandit
+    rev: 1.8.0
+    hooks:
+      - id: bandit
+        description: Checks Python code for security issues
+  - repo: https://github.com/Yelp/detect-secrets
+    rev: v1.5.0
+    hooks:
+      - id: detect-secrets
+        args: ["--baseline", ".secrets.baseline"]
+        # exclude: some_file.py
diff --git a/.secrets.baseline b/.secrets.baseline
@@ -0,0 +1,153 @@
+{
+  "version": "1.5.0",
+  "plugins_used": [
+    {
+      "name": "ArtifactoryDetector"
+    },
+    {
+      "name": "AWSKeyDetector"
+    },
+    {
+      "name": "AzureStorageKeyDetector"
+    },
+    {
+      "name": "Base64HighEntropyString",
+      "limit": 4.5
+    },
+    {
+      "name": "BasicAuthDetector"
+    },
+    {
+      "name": "CloudantDetector"
+    },
+    {
+      "name": "DiscordBotTokenDetector"
+    },
+    {
+      "name": "GitHubTokenDetector"
+    },
+    {
+      "name": "GitLabTokenDetector"
+    },
+    {
+      "name": "HexHighEntropyString",
+      "limit": 3.0
+    },
+    {
+      "name": "IbmCloudIamDetector"
+    },
+    {
+      "name": "IbmCosHmacDetector"
+    },
+    {
+      "name": "IPPublicDetector"
+    },
+    {
+      "name": "JwtTokenDetector"
+    },
+    {
+      "name": "KeywordDetector",
+      "keyword_exclude": ""
+    },
+    {
+      "name": "MailchimpDetector"
+    },
+    {
+      "name": "NpmDetector"
+    },
+    {
+      "name": "OpenAIDetector"
+    },
+    {
+      "name": "PrivateKeyDetector"
+    },
+    {
+      "name": "PypiTokenDetector"
+    },
+    {
+      "name": "SendGridDetector"
+    },
+    {
+      "name": "SlackDetector"
+    },
+    {
+      "name": "SoftlayerDetector"
+    },
+    {
+      "name": "SquareOAuthDetector"
+    },
+    {
+      "name": "StripeDetector"
+    },
+    {
+      "name": "TelegramBotTokenDetector"
+    },
+    {
+      "name": "TwilioKeyDetector"
+    }
+  ],
+  "filters_used": [
+    {
+      "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
+    },
+    {
+      "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
+      "min_level": 2
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_indirect_reference"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_likely_id_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_lock_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_potential_uuid"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_sequential_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_swagger_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_templated_secret"
+    }
+  ],
+  "results": {
+    ".env.sample": [
+      {
+        "type": "Secret Keyword",
+        "filename": ".env.sample",
+        "hashed_secret": "57f319532cf4f5f2f506b9d546524ce8d1fed6e9",
+        "is_verified": false,
+        "line_number": 2
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": ".env.sample",
+        "hashed_secret": "b60d121b438a380c343d5ec3c2037564b82ffef3",
+        "is_verified": false,
+        "line_number": 5
+      }
+    ],
+    "docker-compose.yml": [
+      {
+        "type": "Secret Keyword",
+        "filename": "docker-compose.yml",
+        "hashed_secret": "57f319532cf4f5f2f506b9d546524ce8d1fed6e9",
+        "is_verified": false,
+        "line_number": 11
+      }
+    ]
+  },
+  "generated_at": "2024-12-10T17:38:23Z"
+}
diff --git a/README.md b/README.md
@@ -3,8 +3,8 @@
 ## Installation et lancement
 
 ```sh
-poetry shell
-poetry install
+make install
+pre-commit run --all-files
 poetry run start # or poetry run python -m srdt_analysis
 ruff check --fix
 ruff format

diff --git a/makefile b/makefile
@@ -0,0 +1,4 @@
+install:
+	poetry install
+	poetry run pre-commit install --allow-missing-config -f
+	poetry run detect-secrets scan > .secrets.baseline
diff --git a/pyproject.toml b/pyproject.toml
@@ -12,6 +12,8 @@ python-dotenv = "^1.0.1"
 httpx = "^0.27.2"
 pandas = "^2.2.3"
 langchain-text-splitters = "^0.3.2"
+detect-secrets = "^1.5.0"
+pre-commit = "^4.0.1"
 
 [tool.poetry.group.dev.dependencies]
 pyright = "^1.1.389"