894e7241f1
- Add speckit workflow infrastructure (.claude, .specify) - Create NixOS configuration skeleton (flake.nix, configuration.nix, hosts/ops-jrz1.nix) - Add sanitization scripts with 22 rules for personal info removal - Add validation scripts with gitleaks integration - Configure git hooks (pre-commit, pre-push) for security validation - Add project documentation (README, LICENSE) - Add comprehensive .gitignore for Nix, secrets, staging Phase 1 and Phase 2 complete. Foundation ready for module extraction from ops-base.
55 lines
1.5 KiB
YAML
55 lines
1.5 KiB
YAML
# Pre-commit hooks for ops-jrz1 Matrix platform repository
|
|
# Install: pre-commit install
|
|
# Run manually: pre-commit run --all-files
|
|
|
|
repos:
|
|
# Nix formatting and linting
|
|
- repo: https://github.com/nix-community/nixpkgs-fmt
|
|
rev: v1.3.0
|
|
hooks:
|
|
- id: nixpkgs-fmt
|
|
|
|
# Secret scanning with gitleaks
|
|
- repo: https://github.com/gitleaks/gitleaks
|
|
rev: v8.18.0
|
|
hooks:
|
|
- id: gitleaks
|
|
|
|
# General file checks
|
|
- repo: https://github.com/pre-commit/pre-commit-hooks
|
|
rev: v4.5.0
|
|
hooks:
|
|
- id: trailing-whitespace
|
|
- id: end-of-file-fixer
|
|
- id: check-yaml
|
|
- id: check-added-large-files
|
|
args: ['--maxkb=500']
|
|
- id: check-merge-conflict
|
|
|
|
# Custom hooks for ops-jrz1
|
|
- repo: local
|
|
hooks:
|
|
# Validate sanitization before commit
|
|
- id: validate-sanitization
|
|
name: Validate sanitization rules
|
|
entry: scripts/hooks/validate-sanitization-hook.sh
|
|
language: script
|
|
files: '\.(nix|md)$'
|
|
pass_filenames: false
|
|
|
|
# Nix flake check (expensive, runs on pre-push)
|
|
- id: nix-flake-check
|
|
name: Nix flake check
|
|
entry: scripts/hooks/nix-flake-check-hook.sh
|
|
language: script
|
|
stages: [push]
|
|
pass_filenames: false
|
|
|
|
# Build validation (expensive, runs on pre-push)
|
|
- id: nix-build-validation
|
|
name: Nix build validation
|
|
entry: scripts/hooks/nix-build-hook.sh
|
|
language: script
|
|
stages: [push]
|
|
pass_filenames: false
|