OpenProcessor/.pre-commit-config.yaml at main · davidamacey/OpenProcessor · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
# Pre-commit configuration for Triton API
# Install: pip install pre-commit && pre-commit install
# Run manually: pre-commit run --all-files

repos:
  # Standard pre-commit hooks (basic file checks)
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v5.0.0
    hooks:
      - id: trailing-whitespace
        exclude: ^(.*\.md|.*\.txt|security-reports/)$
      - id: end-of-file-fixer
        exclude: ^(.*\.md|.*\.txt|security-reports/)$
      - id: check-yaml
        args: [--unsafe]  # Allow custom YAML tags for docker-compose
      - id: check-json
        exclude: ^security-reports/
      - id: check-toml
      - id: check-added-large-files
        args: [--maxkb=10240]  # Allow model files up to 10MB
      - id: check-merge-conflict
      - id: check-case-conflict
      - id: mixed-line-ending
        args: [--fix=lf]
        exclude: ^security-reports/
      - id: check-executables-have-shebangs
      - id: check-shebang-scripts-are-executable
      - id: detect-private-key

  # Ruff: Fast Python linter and formatter (replaces black, isort, flake8)
  - repo: https://github.com/astral-sh/ruff-pre-commit
    rev: v0.14.0
    hooks:
      - id: ruff
        args: [--fix, --show-fixes]
        types_or: [python, pyi]
      - id: ruff-format
        types_or: [python, pyi]

  # Python type checking with mypy
  - repo: https://github.com/pre-commit/mirrors-mypy
    rev: v1.13.0
    hooks:
      - id: mypy
        additional_dependencies:
          - types-requests
          - types-pyyaml
          - types-tabulate
          - types-tqdm
        args: [--ignore-missing-imports, --check-untyped-defs]
        exclude: ^(src/ultralytics_patches/|export/|scripts/|reference_repos/)

  # Additional Python checks
  - repo: https://github.com/pre-commit/pygrep-hooks
    rev: v1.10.0
    hooks:
      - id: python-check-blanket-noqa
        exclude: ^src/ultralytics_patches/
      - id: python-check-blanket-type-ignore
        exclude: ^src/ultralytics_patches/
      - id: python-no-eval
        exclude: ^(src/ultralytics_patches/|export/)  # PyTorch model.eval() is safe
      - id: python-use-type-annotations

  # Dockerfile linting with hadolint
  - repo: https://github.com/hadolint/hadolint
    rev: v2.12.0
    hooks:
      - id: hadolint-docker
        name: Lint Dockerfiles
        files: Dockerfile.*
        entry: hadolint
        language: system

  # Secret detection with gitleaks
  - repo: https://github.com/gitleaks/gitleaks
    rev: v8.21.2
    hooks:
      - id: gitleaks
        args: [--verbose, --no-banner]
        exclude: ^security-reports/

  # Python security linting with bandit
  - repo: https://github.com/PyCQA/bandit
    rev: 1.8.0
    hooks:
      - id: bandit
        args: [-c, pyproject.toml]
        additional_dependencies: ["bandit[toml]"]
        exclude: ^(src/ultralytics_patches/|tests/|export/|scripts/)

  # Shell script linting with shellcheck
  - repo: https://github.com/shellcheck-py/shellcheck-py
    rev: v0.10.0.1
    hooks:
      - id: shellcheck
        args: [--severity=warning]

  # Go linting with golangci-lint
  # Uses local hook since benchmark scripts are standalone with build tags
  # Requires: go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
  - repo: local
    hooks:
      - id: golangci-lint
        name: golangci-lint
        entry: bash -c 'export PATH="$HOME/go/bin:$PATH" && cd benchmarks && for f in "$@"; do fname=$(basename "$f"); if [[ "$fname" == *"_batch"* ]]; then tag="batch"; else tag="single"; fi; golangci-lint run --build-tags "$tag" --config .golangci.yml "$fname" || exit 1; done' --
        language: system
        files: ^benchmarks/.*\.go$
        types: [go]
      - id: go-build
        name: go-build
        entry: bash -c 'cd benchmarks && for f in "$@"; do fname=$(basename "$f"); if [[ "$fname" == *"_batch"* ]]; then tag="batch"; else tag="single"; fi; go build -tags "$tag" -o /dev/null "$fname" || exit 1; done' --
        language: system
        files: ^benchmarks/.*\.go$
        types: [go]

  # Commit message linting (conventional commits)
  # Note: Disabled for now - requires separate hook installation with:
  # pre-commit install --hook-type commit-msg
  # - repo: https://github.com/compilerla/conventional-pre-commit
  #   rev: v3.6.0
  #   hooks:
  #     - id: conventional-pre-commit
  #       stages: [commit-msg]
  #       args: [--force-scope]

# Global configuration
default_language_version:
  python: python3.12

default_stages: [pre-commit]
fail_fast: false

# Files to exclude
exclude: |
  (?x)^(
      \.git/|
      \.venv/|
      __pycache__/|
      \.pytest_cache/|
      \.mypy_cache/|
      \.ruff_cache/|
      reference_repos/|
      pytorch_models/|
      models/|
      cache/|
      benchmarks/results/|
      outputs/|
      test_images/|
      security-reports/|
      .*\.egg-info/
  )