repos:
  - repo: https://github.com/astral-sh/ruff-pre-commit
    rev: v0.4.4          # latest Ruff tag that ships hooks file
    hooks:
      - id: ruff
        stages: [pre-commit]

  - repo: https://github.com/markdownlint/markdownlint
    rev: v0.12.0
    hooks:
      - id: markdownlint
        stages: [pre-commit]
        files: \.(md|markdown)$
        exclude: \.venv/ 

  - repo: https://github.com/aquasecurity/tfsec
    rev: v1.28.4
    hooks:
      - id: tfsec
        args: ["--no-colour"]
        stages: [pre-commit]

  - repo: https://github.com/mxab/pre-commit-trivy
    rev: v0.15.0           # latest tag as of June 2025
    hooks:
      - id: trivyfs-docker     # scan source tree for vulns/secrets
        stages: [pre-push]
        args:
          - --skip-dirs
          - .git
          - .forgejo