Re-add build reproducibility and gitleaks-docker hook and use docker for all pre-commit hooks

.pre-commit-hooks.yaml

@@ -1,44 +1,44 @@
 -   id: check-added-large-files
     name: check for added large files
     description: prevents giant files from being committed.
-    entry: check-added-large-files
-    language: python
+    entry: artifactory.adtran.com/docker/pre-commit-hooks:5.0.0-1 check-added-large-files
+    language: docker_image
     stages: [pre-commit, pre-push, manual]
     minimum_pre_commit_version: 3.2.0
 -   id: check-ast
     name: check python ast
     description: simply checks whether the files parse as valid python.
-    entry: check-ast
-    language: python
+    entry: artifactory.adtran.com/docker/pre-commit-hooks:5.0.0-1 check-ast
+    language: docker_image
     types: [python]
 -   id: check-byte-order-marker
     name: 'check BOM - deprecated: use fix-byte-order-marker'
     description: forbids files which have a utf-8 byte-order marker.
-    entry: check-byte-order-marker
-    language: python
+    entry: artifactory.adtran.com/docker/pre-commit-hooks:5.0.0-1 check-byte-order-marker
+    language: docker_image
     types: [text]
 -   id: check-builtin-literals
     name: check builtin type constructor use
     description: requires literal syntax when initializing empty or zero python builtin types.
-    entry: check-builtin-literals
-    language: python
+    entry: artifactory.adtran.com/docker/pre-commit-hooks:5.0.0-1 check-builtin-literals
+    language: docker_image
     types: [python]
 -   id: check-case-conflict
     name: check for case conflicts
     description: checks for files that would conflict in case-insensitive filesystems.
-    entry: check-case-conflict
-    language: python
+    entry: artifactory.adtran.com/docker/pre-commit-hooks:5.0.0-1 check-case-conflict
+    language: docker_image
 -   id: check-docstring-first
     name: check docstring is first
     description: checks a common error of defining a docstring after code.
-    entry: check-docstring-first
-    language: python
+    entry: artifactory.adtran.com/docker/pre-commit-hooks:5.0.0-1 check-docstring-first
+    language: docker_image
     types: [python]
 -   id: check-executables-have-shebangs
     name: check that executables have shebangs
     description: ensures that (non-binary) executables have a shebang.
-    entry: check-executables-have-shebangs
-    language: python
+    entry: artifactory.adtran.com/docker/pre-commit-hooks:5.0.0-1 check-executables-have-shebangs
+    language: docker_image
     types: [text, executable]
     stages: [pre-commit, pre-push, manual]
     minimum_pre_commit_version: 3.2.0
@@ -50,121 +50,121 @@
 -   id: check-json
     name: check json
     description: checks json files for parseable syntax.
-    entry: check-json
-    language: python
+    entry: artifactory.adtran.com/docker/pre-commit-hooks:5.0.0-1 check-json
+    language: docker_image
     types: [json]
 -   id: check-shebang-scripts-are-executable
     name: check that scripts with shebangs are executable
     description: ensures that (non-binary) files with a shebang are executable.
-    entry: check-shebang-scripts-are-executable
-    language: python
+    entry: artifactory.adtran.com/docker/pre-commit-hooks:5.0.0-1 check-shebang-scripts-are-executable
+    language: docker_image
     types: [text]
     stages: [pre-commit, pre-push, manual]
     minimum_pre_commit_version: 3.2.0
 -   id: pretty-format-json
     name: pretty format json
     description: sets a standard for formatting json files.
-    entry: pretty-format-json
-    language: python
+    entry: artifactory.adtran.com/docker/pre-commit-hooks:5.0.0-1 pretty-format-json
+    language: docker_image
     types: [json]
 -   id: check-merge-conflict
     name: check for merge conflicts
     description: checks for files that contain merge conflict strings.
-    entry: check-merge-conflict
-    language: python
+    entry: artifactory.adtran.com/docker/pre-commit-hooks:5.0.0-1 check-merge-conflict
+    language: docker_image
     types: [text]
 -   id: check-symlinks
     name: check for broken symlinks
     description: checks for symlinks which do not point to anything.
-    entry: check-symlinks
-    language: python
+    entry: artifactory.adtran.com/docker/pre-commit-hooks:5.0.0-1 check-symlinks
+    language: docker_image
     types: [symlink]
 -   id: check-toml
     name: check toml
     description: checks toml files for parseable syntax.
-    entry: check-toml
-    language: python
+    entry: artifactory.adtran.com/docker/pre-commit-hooks:5.0.0-1 check-toml
+    language: docker_image
     types: [toml]
 -   id: check-vcs-permalinks
     name: check vcs permalinks
     description: ensures that links to vcs websites are permalinks.
-    entry: check-vcs-permalinks
-    language: python
+    entry: artifactory.adtran.com/docker/pre-commit-hooks:5.0.0-1 check-vcs-permalinks
+    language: docker_image
     types: [text]
 -   id: check-xml
     name: check xml
     description: checks xml files for parseable syntax.
-    entry: check-xml
-    language: python
+    entry: artifactory.adtran.com/docker/pre-commit-hooks:5.0.0-1 check-xml
+    language: docker_image
     types: [xml]
 -   id: check-yaml
     name: check yaml
     description: checks yaml files for parseable syntax.
-    entry: check-yaml
-    language: python
+    entry: artifactory.adtran.com/docker/pre-commit-hooks:5.0.0-1 check-yaml
+    language: docker_image
     types: [yaml]
 -   id: debug-statements
     name: debug statements (python)
     description: checks for debugger imports and py37+ `breakpoint()` calls in python source.
-    entry: debug-statement-hook
-    language: python
+    entry: artifactory.adtran.com/docker/pre-commit-hooks:5.0.0-1 debug-statement-hook
+    language: docker_image
     types: [python]
 -   id: destroyed-symlinks
     name: detect destroyed symlinks
     description: detects symlinks which are changed to regular files with a content of a path which that symlink was pointing to.
-    entry: destroyed-symlinks
-    language: python
+    entry: artifactory.adtran.com/docker/pre-commit-hooks:5.0.0-1 destroyed-symlinks
+    language: docker_image
     types: [file]
     stages: [pre-commit, pre-push, manual]
 -   id: detect-aws-credentials
     name: detect aws credentials
     description: detects *your* aws credentials from the aws cli credentials file.
-    entry: detect-aws-credentials
-    language: python
+    entry: artifactory.adtran.com/docker/pre-commit-hooks:5.0.0-1 detect-aws-credentials
+    language: docker_image
     types: [text]
 -   id: detect-private-key
     name: detect private key
     description: detects the presence of private keys.
-    entry: detect-private-key
-    language: python
+    entry: artifactory.adtran.com/docker/pre-commit-hooks:5.0.0-1 detect-private-key
+    language: docker_image
     types: [text]
 -   id: double-quote-string-fixer
     name: fix double quoted strings
     description: replaces double quoted strings with single quoted strings.
-    entry: double-quote-string-fixer
-    language: python
+    entry: artifactory.adtran.com/docker/pre-commit-hooks:5.0.0-1 string-fixer
+    language: docker_image
     types: [python]
 -   id: end-of-file-fixer
     name: fix end of files
     description: ensures that a file is either empty, or ends with one newline.
-    entry: end-of-file-fixer
-    language: python
+    entry: artifactory.adtran.com/docker/pre-commit-hooks:5.0.0-1 end-of-file-fixer
+    language: docker_image
     types: [text]
     stages: [pre-commit, pre-push, manual]
     minimum_pre_commit_version: 3.2.0
 -   id: file-contents-sorter
     name: file contents sorter
     description: sorts the lines in specified files (defaults to alphabetical). you must provide list of target files as input in your .pre-commit-config.yaml file.
-    entry: file-contents-sorter
-    language: python
+    entry: artifactory.adtran.com/docker/pre-commit-hooks:5.0.0-1 file-contents-sorter
+    language: docker_image
     files: '^$'
 -   id: fix-byte-order-marker
     name: fix utf-8 byte order marker
     description: removes utf-8 byte order marker.
-    entry: fix-byte-order-marker
-    language: python
+    entry: artifactory.adtran.com/docker/pre-commit-hooks:5.0.0-1 fix-byte-order-marker
+    language: docker_image
     types: [text]
 -   id: fix-encoding-pragma
     name: fix python encoding pragma (deprecated)
     description: 'adds # -*- coding: utf-8 -*- to the top of python files.'
-    language: python
-    entry: fix-encoding-pragma
+    language: docker_image
+    entry: artifactory.adtran.com/docker/pre-commit-hooks:5.0.0-1 fix-encoding-pragma
     types: [python]
 -   id: forbid-new-submodules
     name: forbid new submodules
     description: prevents addition of new git submodules.
-    language: python
-    entry: forbid-new-submodules
+    language: docker_image
+    entry: artifactory.adtran.com/docker/pre-commit-hooks:5.0.0-1 forbid-new-submodules
     types: [directory]
 -   id: forbid-submodules
     name: forbid submodules
@@ -175,38 +175,45 @@
 -   id: mixed-line-ending
     name: mixed line ending
     description: replaces or checks mixed line ending.
-    entry: mixed-line-ending
-    language: python
+    entry: artifactory.adtran.com/docker/pre-commit-hooks:5.0.0-1 mixed-line-ending
+    language: docker_image
     types: [text]
 -   id: name-tests-test
     name: python tests naming
     description: verifies that test files are named correctly.
-    entry: name-tests-test
-    language: python
+    entry: artifactory.adtran.com/docker/pre-commit-hooks:5.0.0-1 tests-should-end-in-test
+    language: docker_image
     files: (^|/)tests/.+\.py$
 -   id: no-commit-to-branch
     name: "don't commit to branch"
-    entry: no-commit-to-branch
-    language: python
+    entry: artifactory.adtran.com/docker/pre-commit-hooks:5.0.0-1 no-commit-to-branch
+    language: docker_image
     pass_filenames: false
     always_run: true
 -   id: requirements-txt-fixer
     name: fix requirements.txt
     description: sorts entries in requirements.txt.
-    entry: requirements-txt-fixer
-    language: python
+    entry: artifactory.adtran.com/docker/pre-commit-hooks:5.0.0-1 requirements-txt-fixer
+    language: docker_image
     files: (requirements|constraints).*\.txt$
 -   id: sort-simple-yaml
     name: sort simple yaml files
     description: sorts simple yaml files which consist only of top-level keys, preserving comments and blocks.
-    language: python
-    entry: sort-simple-yaml
+    language: docker_image
+    entry: artifactory.adtran.com/docker/pre-commit-hooks:5.0.0-1 sort-simple-yaml
     files: '^$'
 -   id: trailing-whitespace
     name: trim trailing whitespace
     description: trims trailing whitespace.
-    entry: trailing-whitespace-fixer
-    language: python
+    entry: artifactory.adtran.com/docker/pre-commit-hooks:5.0.0-1 trailing-whitespace-fixer
+    language: docker_image
     types: [text]
     stages: [pre-commit, pre-push, manual]
     minimum_pre_commit_version: 3.2.0
+
+# Adtran-specific hook
+-   id: gitleaks-docker
+    name: Detect hardcoded secrets
+    description: Detect hardcoded secrets using Gitleaks
+    entry: artifactory.adtran.com/docker/gitleaks/gitleaks:v8.24.0 dir --verbose --redact
+    language: docker_image

CHANGELOG.md

@@ -1,3 +1,11 @@
+5.0.0.1 - 2025-03-24
+====================
+
+### Features
+
+- All hooks should be build reproducible
+- Add Adtran-specific `gitleaks-docker` hook
+
 5.0.0 - 2024-10-05
 ==================
 

DEVELOPER.md

@@ -1,24 +1,26 @@
 # Developing
 
+## Dependencies
+
+Remove any `install_requires` dependencies in `setup.cfg` and add/replace them
+in `requirements-dev.txt`.
+
 ## Installing
 
-You will need to install `tox` like this:
+You will need to install `tox` like this (if it is not already installed):
 
 ```
-python3 -m pip install --user tox
+./install-tox.sh
 ```
 
 ## Testing
 
+### Run All Tests
+
 ```
-tox -e pre-commit
-tox -e py36
-tox -e py37
-tox -e py38
+./run-tests.sh
 ```
 
-## Update requirements in setup.cfg
+### Run Specific Tests
 
-```
-tox -e py36-update-requirements
-```
+See the commands in `run-tests.sh` and run one or more of them manually.

README.md

@@ -211,6 +211,11 @@ Trims trailing whitespace.
   - By default, this hook trims all whitespace from the ends of lines.
     To specify a custom set of characters to trim instead, use `args: [--chars,"<chars to trim>"]`.
 
+### Adtran-specific hooks
+
+#### `gitleaks-docker`
+Detects hardcoded secrets.
+
 ### Deprecated / replaced hooks
 
 - `check-byte-order-marker`: instead use fix-byte-order-marker

install-tox.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+set -e
+if command -V tox >/dev/null
+then
+    echo "tox is already installed"
+else
+    echo "Installing tox"
+    mkdir -p ~/.local/bin/ ~/virtualenvs
+    virtualenv ~/virtualenvs/tox
+    . ~/virtualenvs/tox/bin/activate
+    pip install tox
+    deactivate
+    ln -s ~/virtualenvs/tox/bin/tox ~/.local/bin/tox
+fi

requirements-dev.txt

@@ -1,3 +1,7 @@
 covdefaults
 coverage
 pytest
+
+# Removed from setup.cfg
+ruamel.yaml>=0.15
+tomli>=1.1.0;python_version<"3.11"

run-tests.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+set -ex
+tox -e pre-commit
+tox -e check
+tox -e py38 -- -vvl
+tox -e py39 -- -vvl
+tox -e py310 -- -vvl
+tox -e py311 -- -vvl
+tox -e py312 -- -vvl

setup.cfg

@@ -1,6 +1,6 @@
 [metadata]
 name = pre_commit_hooks
-version = 5.0.0
+version = 5.0.0.1
 description = Some out-of-the-box hooks for pre-commit.
 long_description = file: README.md
 long_description_content_type = text/markdown
@@ -18,9 +18,6 @@ classifiers =
 
 [options]
 packages = find:
-install_requires =
-    ruamel.yaml>=0.15
-    tomli>=1.1.0;python_version<"3.11"
 python_requires = >=3.8
 
 [options.packages.find]