.pre-commit-config.yaml

default_language_version:
  python: python3

default_stages: [pre-commit, pre-push]

ci:
  autofix_prs: true
  autoupdate_commit_msg: "[pre-commit.ci] pre-commit suggestions"
  autoupdate_schedule: weekly

repos:
  # https://github.com/python-poetry/poetry/pull/9716
  - repo: https://gitlab.com/vojko.pribudic.foss/pre-commit-update
    rev: v0.6.0post1
    hooks:
      - id: pre-commit-update

  - repo: https://github.com/python-poetry/poetry
    rev: 1.8.4
    hooks:
      - id: poetry-check
      - id: poetry-lock

  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v5.0.0
    hooks:
      - id: check-merge-conflict
        args: [--assume-in-merge]
      - id: mixed-line-ending
        args: [--fix=lf]
      - id: end-of-file-fixer
      - id: trailing-whitespace
      - id: check-json
        exclude: devcontainer.json
      - id: check-yaml
        args: [--unsafe]
      - id: check-toml
      - id: check-docstring-first
      - id: check-executables-have-shebangs
      - id: check-case-conflict
      - id: check-added-large-files
        args: [--maxkb=500, --enforce-all]
      - id: detect-private-key

  - repo: https://github.com/PyCQA/bandit
    rev: 1.8.0
    hooks:
      - id: bandit
        args: [-c, pyproject.toml]
        additional_dependencies: ["bandit[toml]"]

  - repo: https://github.com/kynan/nbstripout
    rev: 0.8.1
    hooks:
      - id: nbstripout

  - repo: https://github.com/astral-sh/ruff-pre-commit
    rev: v0.8.1
    hooks:
      - id: ruff
        args: [--fix, -v]

  - repo: https://github.com/RobertCraigie/pyright-python
    rev: v1.1.389
    hooks:
      - id: pyright
        args: [--verbose, --project=.]
        entry: poetry run pyright
        language: system
        types: [python]

  - repo: https://github.com/gitleaks/gitleaks
    rev: v8.21.2
    hooks:
      - id: gitleaks