mirror of
https://github.com/ivuorinen/dotfiles.git
synced 2026-02-08 05:50:38 +00:00
Ismo Vuorinen
6d72003446
* fix(ci): replace broad permissions with specific scopes in workflows
Replace read-all/write-all with minimum required permission scopes
across all GitHub Actions workflows to follow the principle of least
privilege (SonarCloud rule githubactions:S8234).
* fix(shell): use [[ instead of [ for conditional tests
Replace single brackets with double brackets in bash conditional
expressions across 14 files (28 changes). All scripts use bash
shebangs so [[ is safe everywhere (SonarCloud rule shelldre:S7688).
* fix(shell): add explicit return statements to functions
Add return 0 as the last statement in ~46 shell functions across
17 files that previously relied on implicit return codes
(SonarCloud rule shelldre:S7682).
* fix(shell): assign positional parameters to local variables
Replace direct $1/$2/$3 usage with named local variables in _log(),
msg(), msg_err(), msg_done(), msg_run(), msg_ok(), and array_diff()
(SonarCloud rule shelldre:S7679).
* fix(python): replace dict() constructor with literal
Use {} instead of dict() for empty dictionary initialization
(SonarCloud rule python:S7498).
* fix(shell): fix husky shebang and tolerate npm outdated exit code
* docs(shell): add function docstring comments
* fix(shell): fix heredoc indentation in x-sonarcloud
* feat(python): add ruff linter and formatter configuration
* fix(ci): align megalinter config with biome, ruff, and shfmt settings
* fix(ci): disable black and yaml-prettier in megalinter config
* chore(ci): update ruff-pre-commit to v0.15.0 and fix hook name
* fix(scripts): check for .git dir before skipping clone in install-fonts
* fix(shell): address code review issues in scripts and shared.sh
- Guard wezterm show-keys failure in create-wezterm-keymaps.sh
- Stop masking git failures with return 0 in install-cheat-purebashbible.sh
- Add missing shared.sh source in install-xcode-cli-tools.sh
- Replace exit 1 with return 1 in sourced shared.sh
* fix(scripts): address code review and security findings
- Guard wezterm show-keys failure in create-wezterm-keymaps.sh
- Stop masking git failures with return 0 in install-cheat-purebashbible.sh
- Add missing shared.sh source in install-xcode-cli-tools.sh
- Replace exit 1 with return 1 in sourced shared.sh
- Remove shell=True subprocess calls in x-git-largest-files.py
* style(shell): apply shfmt formatting and add args to pre-commit hook
* fix(python): suppress bandit false positives in x-git-largest-files
* fix(python): add nosemgrep suppression for check_output call
* feat(format): add prettier for YAML formatting
Install prettier, add .prettierrc.json config (200-char width, 2-space
indent, LF endings), .prettierignore, yarn scripts (lint:prettier,
fix:prettier, format:yaml), and pre-commit hook scoped to YAML files.
* style(yaml): apply prettier formatting
* fix(scripts): address remaining code review findings
- Python: use list comprehension to filter empty strings instead of
slicing off the last element
- create-wezterm-keymaps: write to temp file and mv for atomic updates
- install-xcode-cli-tools: fix shellcheck source directive path
* fix(python): sort imports alphabetically in x-git-largest-files
* fix(lint): disable PYTHON_ISORT in MegaLinter, ruff handles it
* chore(git): add __pycache__ to gitignore
* fix(python): rename ambiguous variable l to line (E741)
* style: remove trailing whitespace and blank lines
* style(fzf): apply shfmt formatting
* style(shell): apply shfmt formatting
* docs(plans): add design documents
* style(docs): add language specifier to fenced code block
* feat(lint): add markdown-table-formatter to dev tooling
Add markdown-table-formatter as a dev dependency with yarn scripts
(lint:md-table, fix:md-table) and a local pre-commit hook to
automatically format markdown tables on commit.
84 lines
2.1 KiB
YAML
84 lines
2.1 KiB
YAML
---
|
|
repos:
|
|
- repo: https://github.com/pre-commit/pre-commit-hooks
|
|
rev: v6.0.0
|
|
hooks:
|
|
- id: requirements-txt-fixer
|
|
- id: detect-aws-credentials
|
|
- id: detect-private-key
|
|
- id: trailing-whitespace
|
|
args: [--markdown-linebreak-ext=md]
|
|
- id: check-case-conflict
|
|
- id: check-merge-conflict
|
|
- id: check-executables-have-shebangs
|
|
- id: check-shebang-scripts-are-executable
|
|
- id: check-symlinks
|
|
- id: check-toml
|
|
- id: check-xml
|
|
- id: check-yaml
|
|
args: [--allow-multiple-documents]
|
|
- id: end-of-file-fixer
|
|
- id: mixed-line-ending
|
|
args: [--fix=auto]
|
|
|
|
- repo: local
|
|
hooks:
|
|
- id: biome-check
|
|
name: Biome Check
|
|
entry: yarn biome check --write --files-ignore-unknown=true --no-errors-on-unmatched
|
|
language: system
|
|
files: \.(js|ts|jsx|tsx|json|md)$
|
|
- id: markdown-table-formatter
|
|
name: Markdown Table Formatter
|
|
entry: yarn markdown-table-formatter
|
|
language: system
|
|
types: [markdown]
|
|
|
|
- repo: https://github.com/adrienverge/yamllint
|
|
rev: v1.38.0
|
|
hooks:
|
|
- id: yamllint
|
|
|
|
- repo: https://github.com/pre-commit/mirrors-prettier
|
|
rev: v4.0.0-alpha.8
|
|
hooks:
|
|
- id: prettier
|
|
types_or: [yaml]
|
|
additional_dependencies:
|
|
- prettier@3.8.1
|
|
|
|
- repo: https://github.com/shellcheck-py/shellcheck-py
|
|
rev: v0.11.0.1
|
|
hooks:
|
|
- id: shellcheck
|
|
|
|
- repo: https://github.com/scop/pre-commit-shfmt
|
|
rev: v3.12.0-2
|
|
hooks:
|
|
- id: shfmt
|
|
args: [-i, "2", -bn, -ci, -sr, -fn, -w]
|
|
|
|
- repo: https://github.com/rhysd/actionlint
|
|
rev: v1.7.10
|
|
hooks:
|
|
- id: actionlint
|
|
|
|
- repo: https://github.com/JohnnyMorganz/StyLua
|
|
rev: v2.3.1
|
|
hooks:
|
|
- id: stylua # or stylua-system / stylua-github
|
|
exclude: hammerspoon\.types\.lua$
|
|
|
|
- repo: https://github.com/hugoh/pre-commit-fish.git
|
|
rev: v1.2
|
|
hooks:
|
|
- id: fish_syntax
|
|
- id: fish_indent
|
|
|
|
- repo: https://github.com/astral-sh/ruff-pre-commit
|
|
rev: v0.15.0
|
|
hooks:
|
|
- id: ruff-check
|
|
args: [--fix]
|
|
- id: ruff-format
|