media_preview_generator/.pre-commit-config.yaml at dev · stevezau/media_preview_generator · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
repos:
  - repo: https://github.com/astral-sh/ruff-pre-commit
    rev: v0.9.6
    hooks:
      - id: ruff
        args: [--fix]
      - id: ruff-format

  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v6.0.0
    hooks:
      - id: trailing-whitespace
      - id: end-of-file-fixer
      - id: check-yaml
      - id: check-json
      - id: check-added-large-files
        args: [--maxkb=500]
      - id: detect-private-key
      - id: check-merge-conflict

  - repo: https://github.com/pre-commit/pygrep-hooks
    rev: v1.10.0
    hooks:
      - id: python-check-blanket-noqa
      - id: python-no-eval

  - repo: https://github.com/PyCQA/bandit
    # 1.9.4: 1.8.0 built as version 0.0.0 under Python 3.14 and its test-ID
    # registry broke, so it rejected the --skip profile ("Unknown test found
    # in profile: B608") and blocked every commit. 1.9.4 supports 3.14.
    rev: 1.9.4
    hooks:
      - id: bandit
        args: ["-ll", "--skip", "B101,B404,B603,B607,B608"]
        # B101 assert_used (fine in tests)
        # B404 import_subprocess / B603 subprocess_without_shell_equals_true /
        # B607 start_process_with_partial_path (we call FFmpeg by name on $PATH by design)
        # B608 hardcoded_sql_expressions (the jobs.db SQLite store uses static,
        #      non-user-interpolated SQL — skip to avoid false positives)
        exclude: ^(tests/|media_preview_generator/_version\.py$)