From c9e323ac37be65ad931483ee1f83e88a15b561e7 Mon Sep 17 00:00:00 2001 From: Michael Date: Mon, 23 Jun 2025 15:32:00 -0700 Subject: [PATCH 1/3] add pre-commit configuration --- .gitignore | 4 +++ .pre-commit-config.yaml | 51 ++++++++++++++++++++++++++++++++++++ Makefile | 14 +++++++++- README.md | 48 +++++++++++++++++++++++++++++++++ development-requirements.txt | 2 ++ 5 files changed, 118 insertions(+), 1 deletion(-) create mode 100644 .pre-commit-config.yaml diff --git a/.gitignore b/.gitignore index 82f9275..56406e5 100644 --- a/.gitignore +++ b/.gitignore @@ -160,3 +160,7 @@ cython_debug/ # and can be added to the global gitignore or merged into this file. For a more nuclear # option (not recommended) you can uncomment the following to ignore the entire idea folder. #.idea/ + +# Pre-commit and security tools +bandit-report.json +.secrets.baseline diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..67a8bfc --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,51 @@ +repos: + # Code formatting + - repo: https://github.com/psf/black + rev: 23.12.1 + hooks: + - id: black + language_version: python3 + args: [--line-length=88] + + # Import sorting + - repo: https://github.com/pycqa/isort + rev: 6.0.1 + hooks: + - id: isort + args: [--profile=black, --line-length=88] + + # Linting + - repo: https://github.com/pycqa/flake8 + rev: 7.0.0 + hooks: + - id: flake8 + + # Security checks + - repo: https://github.com/PyCQA/bandit + rev: 1.7.5 + hooks: + - id: bandit + args: [-f, json, -o, bandit-report.json] + exclude: ^tests/ + + # Check for merge conflicts + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v5.0.0 + hooks: + - id: check-merge-conflict + - id: check-yaml + - id: check-added-large-files + - id: check-ast + - id: check-json + - id: debug-statements + - id: end-of-file-fixer + - id: trailing-whitespace + - id: check-docstring-first + - id: check-case-conflict + + # Check for secrets in code + - repo: https://github.com/Yelp/detect-secrets + rev: v1.4.0 + hooks: + - id: detect-secrets + args: [--baseline, .secrets.baseline] diff --git a/Makefile b/Makefile index 3db2590..c0cb011 100644 --- a/Makefile +++ b/Makefile @@ -9,6 +9,9 @@ help: @echo " all - run requirements, lint, test, and build" @echo " requirements - install runtime dependencies" @echo " development-requirements - install development dependencies" + @echo " pre-commit-install - install pre-commit hooks" + @echo " pre-commit-run - run pre-commit on all files" + @echo " pre-commit-clean - remove pre-commit hooks" @echo " lint - run flake8, pylint, black, and isort checks" @echo " black - format code with black" @echo " isort - sort imports with isort" @@ -25,6 +28,15 @@ requirements: pip install --upgrade pip pip install --quiet --upgrade --requirement requirements.txt +pre-commit-install: development-requirements + pre-commit install + +pre-commit-run: development-requirements + pre-commit run --all-files + +pre-commit-clean: + pre-commit uninstall + lint: flake8 --ignore=E501,E231 *.py pylint --errors-only --disable=C0301 *.py @@ -51,4 +63,4 @@ clean: @rm -rf ./__pycache__ ./tests/__pycache__ @rm -f .*~ *.pyc -.PHONY: help requirements lint black isort test build clean development-requirements +.PHONY: help requirements lint black isort test build clean development-requirements pre-commit-install pre-commit-run pre-commit-clean diff --git a/README.md b/README.md index 08e13f5..59faa35 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,50 @@ # python-container-template + A template repo for container-ized Python applications. + +## Development Setup + +This template includes pre-commit hooks for code quality and security checks. To set up the development environment: + +1. Install development dependencies: + + ```bash + make development-requirements + ``` + +2. Install pre-commit hooks: + + ```bash + make pre-commit-install + ``` + +3. Run pre-commit on all files (optional): + + ```bash + make pre-commit-run + ``` + +## Pre-commit Hooks + +The following hooks are configured to run automatically on commit: + +- **Black**: Code formatting with consistent style +- **isort**: Import sorting and organization +- **flake8**: Linting for code quality +- **bandit**: Security vulnerability scanning +- **detect-secrets**: Secret detection in code +- **pre-commit-hooks**: Various checks including: + - Merge conflict detection + - YAML/JSON validation + - Large file detection + - Trailing whitespace removal + - End-of-file fixes + +## Available Make Targets + +- `make development-requirements` - Install development dependencies +- `make pre-commit-install` - Install pre-commit hooks +- `make pre-commit-run` - Run pre-commit on all files +- `make pre-commit-clean` - Remove pre-commit hooks +- `make lint` - Run linting tools manually +- `make fmt` - Format code with black and isort diff --git a/development-requirements.txt b/development-requirements.txt index 85072f9..0762147 100644 --- a/development-requirements.txt +++ b/development-requirements.txt @@ -3,3 +3,5 @@ flake8 pylint black isort +pre-commit +bandit From 91fbfd55938c2b98cf6acb6a983bc128db76365e Mon Sep 17 00:00:00 2001 From: Michael Date: Mon, 23 Jun 2025 15:41:50 -0700 Subject: [PATCH 2/3] update plugin versions --- .pre-commit-config.yaml | 8 ++++---- Makefile | 9 +++++---- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 67a8bfc..1436c4a 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,7 +1,7 @@ repos: # Code formatting - repo: https://github.com/psf/black - rev: 23.12.1 + rev: 25.1.0 hooks: - id: black language_version: python3 @@ -16,13 +16,13 @@ repos: # Linting - repo: https://github.com/pycqa/flake8 - rev: 7.0.0 + rev: 7.3.0 hooks: - id: flake8 # Security checks - repo: https://github.com/PyCQA/bandit - rev: 1.7.5 + rev: 1.8.5 hooks: - id: bandit args: [-f, json, -o, bandit-report.json] @@ -45,7 +45,7 @@ repos: # Check for secrets in code - repo: https://github.com/Yelp/detect-secrets - rev: v1.4.0 + rev: v1.5.0 hooks: - id: detect-secrets args: [--baseline, .secrets.baseline] diff --git a/Makefile b/Makefile index c0cb011..aa02579 100644 --- a/Makefile +++ b/Makefile @@ -10,6 +10,7 @@ help: @echo " requirements - install runtime dependencies" @echo " development-requirements - install development dependencies" @echo " pre-commit-install - install pre-commit hooks" + @echo " pre-commit-update - update pre-commit hooks" @echo " pre-commit-run - run pre-commit on all files" @echo " pre-commit-clean - remove pre-commit hooks" @echo " lint - run flake8, pylint, black, and isort checks" @@ -24,13 +25,13 @@ all: requirements lint test build development-requirements: requirements pip install --quiet --upgrade --requirement development-requirements.txt -requirements: - pip install --upgrade pip - pip install --quiet --upgrade --requirement requirements.txt - pre-commit-install: development-requirements pre-commit install +pre-commit-update: development-requirements + pre-commit autoupdate + $(MAKE) pre-commit-run + pre-commit-run: development-requirements pre-commit run --all-files From c029c765fb3f036cab2249fc8c71b60cb7beb2d8 Mon Sep 17 00:00:00 2001 From: Michael Date: Mon, 23 Jun 2025 16:10:57 -0700 Subject: [PATCH 3/3] Adds `x_` as a prefix to the `pre-commit-clean` target to prevent pre-commit from accidentally being uninstalled. --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index aa02579..7b420ed 100644 --- a/Makefile +++ b/Makefile @@ -35,7 +35,7 @@ pre-commit-update: development-requirements pre-commit-run: development-requirements pre-commit run --all-files -pre-commit-clean: +x_pre-commit-clean: pre-commit uninstall lint: