From 930cbd50c8758c7e7470fec844b26e9d7ac5f7a4 Mon Sep 17 00:00:00 2001 From: "google-labs-jules[bot]" <161369871+google-labs-jules[bot]@users.noreply.github.com> Date: Sun, 8 Mar 2026 03:27:23 +0000 Subject: [PATCH] build: harden pre-commit hooks - Replace `detect-private-key` with `gitleaks` for robust secret scanning - Add `codespell` to catch typos in code and documentation globally - Add `actionlint` to lint GitHub Actions workflows - Configure `codespell` to ignore the author's name "noe" to prevent false positives Co-authored-by: NoeFontana <33232437+NoeFontana@users.noreply.github.com> --- .pre-commit-config.yaml | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 9d67b8b..c79303a 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -11,7 +11,22 @@ repos: - id: check-case-conflict - id: check-merge-conflict - id: debug-statements - - id: detect-private-key + + - repo: https://github.com/codespell-project/codespell + rev: v2.4.2 + hooks: + - id: codespell + args: ["--ignore-words-list", "noe"] + + - repo: https://github.com/rhysd/actionlint + rev: v1.7.11 + hooks: + - id: actionlint + + - repo: https://github.com/gitleaks/gitleaks + rev: v8.30.0 + hooks: + - id: gitleaks - repo: https://github.com/astral-sh/ruff-pre-commit rev: v0.14.1