geckoforge/lefthook.yml at main · jaelliot/geckoforge · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
# @file lefthook.yml
# @description Git hooks configuration for geckoforge quality gates
# @update-policy Update when adding new validation rules or checks
# @version 0.4.1 - Added OPA policy checks

pre-commit:
  parallel: true
  commands:
    shellcheck:
      glob: "**/*.sh"
      run: |
        if command -v shellcheck >/dev/null 2>&1; then
          shellcheck {staged_files} || {
            echo "❌ ShellCheck failed"
            echo "Fix errors or add # shellcheck disable=SCXXXX with justification"
            exit 1
          }
        else
          echo "⚠️  shellcheck not installed - skipping"
        fi

    bash-syntax:
      glob: "**/*.sh"
      run: |
        for file in {staged_files}; do
          bash -n "$file" || {
            echo "❌ Bash syntax error in $file"
            exit 1
          }
        done

    nix-check:
      glob: "home/**/*.nix"
      run: |
        if command -v nix-instantiate >/dev/null 2>&1; then
          for file in {staged_files}; do
            nix-instantiate --parse "$file" > /dev/null || {
              echo "❌ Nix syntax error in $file"
              exit 1
            }
          done
        else
          echo "⚠️  nix-instantiate not available - skipping"
        fi

    xml-validate:
      glob: "profile/config.xml"
      run: |
        if command -v xmllint >/dev/null 2>&1; then
          xmllint --noout {staged_files} || {
            echo "❌ KIWI XML validation failed"
            exit 1
          }
        else
          echo "⚠️  xmllint not installed - skipping"
        fi

    anti-patterns:
      glob: "**/*.{sh,nix,md,xml}"
      run: tools/check-anti-patterns.sh

    opa-policy:
      glob: "**/*.{sh,nix,xml,service}"
      run: tools/opa-check.sh --staged

    executable-check:
      glob: "scripts/**/*.sh"
      run: |
        for file in {staged_files}; do
          if [ ! -x "$file" ]; then
            echo "❌ Script not executable: $file"
            echo "Run: chmod +x $file"
            exit 1
          fi
        done

pre-push:
  parallel: false
  commands:
    opa-full-check:
      run: tools/opa-check.sh --all

    validate-layers:
      run: tools/check-layer-assignments.sh

    docs-check:
      run: |
        today=$(date +%Y-%m-%d)
        month=$(date +%Y-%m)
        summary="docs/daily-summaries/$month/$today.md"

        if [ ! -f "$summary" ]; then
          echo "⚠️  Consider creating daily summary: $summary"
          echo "💡 Create with: touch $summary"
        fi