refactor(lefthook): slice config file into dedicated config files

.commitlintrc.js

@@ -1 +1,5 @@
-module.exports = {extends: ['@commitlint/config-conventional']}
+module.exports = {
+  extends: [
+    '@commitlint/config-conventional'
+  ]
+}

.gitignore

@@ -10,6 +10,7 @@
 /node_modules/
 /package-lock.json
 
+venv/
 .venv/
 __pycache__/
 

.lefthook.yml

@@ -6,104 +6,37 @@ skip_output:
   - skips
 
 
+extends:
+  - lefthook/ansible.yml
+  - lefthook/commitlint.yml
+  - lefthook/docker.yml
+  - lefthook/json.yml
+  - lefthook/kics.yml
+  - lefthook/markdown.yml
+  - lefthook/yaml.yml
+
+
 bootstrap:
   parallel: true
   commands:
-    commitlint:
-      run: npm install --save-dev '@commitlint/cli' '@commitlint/config-conventional'
     venv:
       run: make create-venv
 
 debug:
   parallel: true
-  commands:
-    commitlint-config:
-      glob: '.commitlintrc.js'
-      run: node_modules/.bin/commitlint --print-config
-
 
 lint:
   parallel: true
-  commands:
-    ansible: &ansible-lint
-      files: find . -type f -path "*ansible*" -not -path "*venv*"
-      glob: '*.{yaml,yml}'
-      run: .venv/bin/ansible-lint {files}
-    docker: &hadolint
-      # The official docker image is based on scratch and only takes only one
-      # input file at a time. I have no clue how to fix that for now so let's
-      # just use the local command.
-      glob: "*Dockerfile*"
-      run: hadolint {all_files}
-    # ini: &pyinilint  # FIXME
-    #   run: pyinilint 'file'
-    md: &markdownlint
-      files: >-
-        find . -type 'f'
-        \( -name '*.md' -or -name '*.markdown' \)
-        -not \( -path '*/node_modules/*' -or -path '*/venv/*' \)
-      run: >-
-        docker run --rm -v "$PWD:/workdir" 'ghcr.io/igorshubovych/markdownlint-cli:latest'
-        {files}
-    yaml: &yamllint
-      glob: "*.{yaml,yml}"
-      run: >-
-        docker run --rm -v "$PWD:/code" 'registry.gitlab.com/pipeline-components/yamllint:latest'
-        yamllint {all_files}
+  # commands:
+  #   ini: &pyinilint  # FIXME
+  #     run: pyinilint 'file'
 
 validate:
   parallel: true
   commands:
-    ansible-playbook: &ansible-playbook-syntax-check
+    ansible-playbook:
       glob: "*ansible*/play*.{yaml,yml}"
-      run: .venv/bin/ansible-playbook -i localhost, --syntax-check {all_files}
-    json: &jq
-      # No official docker image available for now, falling back to the local
-      # command.
-      glob: '*.json'
-      run: jq -r 'input_filename' {all_files}
-    yaml: &yq
-      # Python's one, not mikefarah's.
-      # No official docker image available for now, falling back to the local
-      # command.
-      glob: '*.{yaml,yml}'
-      run: >-
-        echo '{all_files}'
-        | xargs -t .venv/bin/yq '.'
 
 
 pre-commit:
   parallel: true
-  commands:
-    validate-json:
-      <<: *jq
-      run: jq -r 'input_filename' {staged_files}
-    validate-yaml:
-      <<: *yq
-      run: >-
-        .venv/bin/yq '.' {staged_files} > /dev/null
-        && echo 'All YAML files are readable'
-    validate-ansible-playbooks:
-      <<: *ansible-playbook-syntax-check
-    lint-ansible:
-      <<: *ansible-lint
-    lint-docker:
-      <<: *hadolint
-      run: hadolint {staged_files}
-    lint-md:
-      glob: '*.{markdown,md}'
-      run: >-
-        docker run --rm -v "$PWD:/workdir" 'ghcr.io/igorshubovych/markdownlint-cli:latest'
-        {staged_files}
-    lint-yaml:
-      <<: *yamllint
-      run: >-
-        docker run --rm -v "$PWD:/code" 'registry.gitlab.com/pipeline-components/yamllint:latest'
-        yamllint {staged_files}
-
-commit-msg:
-  commands:
-    lint: &commitlint
-      # No official docker image available for now, falling back to the local
-      # command.
-      run: node_modules/.bin/commitlint --edit

Makefile

@@ -3,7 +3,11 @@
 override venv ?= ${shell git rev-parse --show-toplevel}/.venv
 
 create-venv: override python_version ?= 3.11
-create-venv: override python_executable ?= ${shell which --tty-only --show-dot --show-tilde 'python${python_version}'}
+ifeq "${shell uname}" "Darwin"
+create-venv: python_executable = ${shell which 'python${python_version}'}
+else
+create-venv: python_executable = ${shell which --tty-only --show-dot --show-tilde 'python${python_version}'}
+endif
 create-venv: ${python_executable}
 	@${python_executable} -m 'venv' '${venv}'
 	@${venv}/bin/pip --require-virtualenv install -r 'requirements.txt'

lefthook/ansible.yml

@@ -0,0 +1,32 @@
+---
+# No official docker images are available at the time of writing, falling back to the local command.
+
+
+bootstrap:
+  commands:
+    ansible-lint:
+      run: >-
+        python3 -m 'venv' '.venv'
+        && .venv/bin/pip install --require-virtualenv 'ansible-lint'
+
+lint:
+  commands:
+    ansible: &ansible-lint
+      files: find . -type f -path "*ansible*" -not -path "*venv*"
+      glob: '*.{yaml,yml}'
+      run: .venv/bin/ansible-lint {files}
+
+validate:
+  commands:
+    ansible-playbook: &ansible-playbook-syntax-check
+      glob: "*.{yaml,yml}"
+      run: .venv/bin/ansible-playbook -i 'localhost,' --syntax-check {all_files}
+
+
+pre-commit:
+  commands:
+    lint-ansible:
+      <<: *ansible-lint
+    validate-ansible:
+      <<: *ansible-playbook-syntax-check
+      run: .venv/bin/ansible-playbook -i 'localhost,' --syntax-check {staged_files}

lefthook/commitlint.yml

@@ -0,0 +1,28 @@
+---
+# No official docker images are available at the time of writing, falling back to the local command.
+
+
+bootstrap:
+  commands:
+    commitlint:
+      run: |-
+        npm install --save-dev '@commitlint/cli' '@commitlint/config-conventional'
+        cat <<EOF > '.commitlintrc.js'
+        module.exports = {
+          extends: [
+            '@commitlint/config-conventional'
+          ]
+        }
+        EOF
+
+debug:
+  commands:
+    commitlint-config:
+      glob: '.commitlintrc.js'
+      run: node_modules/.bin/commitlint --print-config
+
+
+commit-msg:
+  commands:
+    lint: &commitlint
+      run: node_modules/.bin/commitlint --edit

lefthook/docker.yml

@@ -0,0 +1,22 @@
+---
+# Hadolint's official docker image is based on 'scratch', and takes only one input file at a time.
+# I have no clue how to fix that at the time of writing so let's just use the local command.
+
+
+bootstrap:
+  commands:
+    hadolint:
+      run: brew install 'hadolint'
+
+lint:
+  commands:
+    docker: &hadolint
+      glob: "*[Dd]ockerfile*"
+      run: hadolint {all_files}
+
+
+pre-commit:
+  commands:
+    lint-docker:
+      <<: *hadolint
+      run: hadolint {staged_files}

lefthook/json.yml

@@ -0,0 +1,24 @@
+---
+
+
+bootstrap:
+  commands:
+    jq:
+      run: docker pull 'ghcr.io/jqlang/jq'
+
+validate:
+  commands:
+    json: &jq
+      glob: '*.json'
+      run: >-
+        docker run -i --rm -v "${PWD}:/workdir:ro" --workdir '/workdir' 'ghcr.io/jqlang/jq'
+        -r 'input_filename' {all_files}
+
+
+pre-commit:
+  commands:
+    validate-json:
+      <<: *jq
+      run: >-
+        docker run -i --rm -v "${PWD}:/workdir:ro" --workdir '/workdir' 'ghcr.io/jqlang/jq'
+        -r 'input_filename' {staged_files}

lefthook/kics.yml

@@ -0,0 +1,20 @@
+---
+
+
+bootstrap:
+  commands:
+    kics:
+      run: docker pull 'checkmarx/kics'
+
+check-compliance:
+  commands:
+    kics: &kics
+      run: >-
+        docker run --rm --name 'kics' -v "$PWD:/app/bin/repository" 'checkmarx/kics'
+        scan -p 'repository'
+
+
+pre-commit:
+  commands:
+    check-compliance:
+      <<: *kics

lefthook/markdown.yml

@@ -0,0 +1,27 @@
+---
+
+
+bootstrap:
+  commands:
+    markdownlint:
+      run: docker pull 'ghcr.io/igorshubovych/markdownlint-cli:latest'
+
+lint:
+  commands:
+    md: &markdownlint
+      files: >-
+        find . -type 'f'
+        \( -name '*.md' -or -name '*.markdown' \)
+        -not \( -path '*/node_modules/*' -or -path '*/*venv/*' \)
+      run: >-
+        docker run --rm -v "$PWD:/workdir:ro" 'ghcr.io/igorshubovych/markdownlint-cli:latest'
+        {files}
+
+
+pre-commit:
+  commands:
+    lint-md:
+      glob: '*.{markdown,md}'
+      run: >-
+        docker run --rm -v "$PWD:/workdir:ro" 'ghcr.io/igorshubovych/markdownlint-cli:latest'
+        {staged_files}

lefthook/yaml.yml

@@ -0,0 +1,43 @@
+---
+# Using the 'yq' flavour available from Python's Pipy, not mikefarah's.
+# No official docker images are available for 'yq' at the time of writing, falling back to the local command.
+
+
+bootstrap:
+  commands:
+    yamllint:
+      run: docker pull 'registry.gitlab.com/pipeline-components/yamllint:latest'
+    yq:
+      run: >-
+        python3 -m 'venv' '.venv'
+        && .venv/bin/pip install --require-virtualenv 'yq'
+
+lint:
+  commands:
+    yaml: &yamllint
+      glob: '*.{yaml,yml}'
+      run: >-
+        docker run --rm -v "$PWD:/code:ro" 'registry.gitlab.com/pipeline-components/yamllint:latest'
+        yamllint {all_files}
+
+validate:
+  commands:
+    yaml: &yq
+      glob: '*.{yaml,yml}'
+      run: >-
+        echo '{all_files}'
+        | xargs -t .venv/bin/yq '.'
+
+
+pre-commit:
+  commands:
+    validate-yaml:
+      <<: *yq
+      run: >-
+        .venv/bin/yq '.' {staged_files} > /dev/null
+        && echo 'All YAML files are readable'
+    lint-yaml:
+      <<: *yamllint
+      run: >-
+        docker run --rm -v "$PWD:/code:ro" 'registry.gitlab.com/pipeline-components/yamllint:latest'
+        yamllint {staged_files}

package.json

@@ -1,6 +1,6 @@
 {
     "devDependencies": {
-        "@commitlint/cli": "^19.3.0",
+        "@commitlint/cli": "^19.4.0",
         "@commitlint/config-conventional": "^19.2.2"
     }
 }

requirements.txt

@@ -1,4 +1,4 @@
-ansible==10.1.0
+ansible==10.3.0
 ansible-lint==24.7.0
 click==8.1.7
 pyinilint==0.17