feat: pre-commit & sops

2025-09-17 18:24:14 +02:00 · 2021-04-16 09:18:28 +02:00
parent f4c0ae3a26
commit f81a4cbfea
3 changed files with 35 additions and 31 deletions
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -3,31 +3,35 @@
 # See https://pre-commit.com/hooks.html for more hooks
 fail_fast: false
 repos:
- repo: https://github.com/adrienverge/yamllint.git
-  rev: v1.25.0
-  hooks:
-  - id: yamllint
-    args:
-    - -c
-    - ".github/yamllint.config.yaml"
- repo: https://github.com/pre-commit/pre-commit-hooks
-  rev: v3.4.0
-  hooks:
-  - id: trailing-whitespace
-  - id: check-added-large-files
-    args: [--maxkb=2048]
-  - id: check-merge-conflict
- repo: https://github.com/Lucas-C/pre-commit-hooks
-  rev: v1.1.9
-  hooks:
-  - id: forbid-crlf
-  - id: forbid-tabs
- repo: https://github.com/jumanjihouse/pre-commit-hooks
-  rev: 2.1.5
-  hooks:
-  - id: shellcheck
-    args: [--severity=error]
- repo: https://github.com/k8s-at-home/sops-pre-commit
-  rev: v2.0.1
-  hooks:
-  - id: sops-encrypted-check
+  - repo: https://github.com/adrienverge/yamllint.git
+    rev: v1.26.1
+    hooks:
+      - id: yamllint
+        args:
+          - -c
+          - ".github/yamllint.config.yaml"
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v3.4.0
+    hooks:
+      - id: trailing-whitespace
+      - id: check-added-large-files
+        args: [--maxkb=2048]
+      - id: check-merge-conflict
+  - repo: https://github.com/Lucas-C/pre-commit-hooks
+    rev: v1.1.9
+    hooks:
+      - id: forbid-crlf
+      - id: forbid-tabs
+  - repo: https://github.com/jumanjihouse/pre-commit-hooks
+    rev: 2.1.5
+    hooks:
+      - id: shellcheck
+        args: [--severity=error]
+  - repo: https://github.com/sirosen/fix-smartquotes
+    rev: 0.2.0
+    hooks:
+      - id: fix-smartquotes
+  - repo: https://github.com/k8s-at-home/sops-pre-commit
+    rev: v2.0.1
+    hooks:
+      - id: forbid-secrets
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,6 +1,5 @@
 ---
 creation_rules:
-  - encrypted_regex: "((?i)(pass|secret($|[^N])|key|token|^data$|^stringData))"
+  - encrypted_regex: "^(data|stringData)$"
    pgp: >-
-      $FLUX_KEY_FP,
-      $PERSONAL_KEY_FP
+      C8F8A49D04A1AB639F8EA21CDBA4B1DCB1FA5BDD
--- a/cluster/apps/development/drone/helm-release.yaml
+++ b/cluster/apps/development/drone/helm-release.yaml
@@ -32,6 +32,7 @@ spec:
      DRONE_GITEA_CLIENT_ID: ${SECRET_DRONE_GITEA_CLIENT_ID}
      DRONE_GITEA_CLIENT_SECRET: ${SECRET_DRONE_GITEA_CLIENT_SECRET}
      DRONE_GITEA_SERVER: https://gitea.${SECRET_CLUSTER_DOMAIN}
+      DRONE_GIT_ALWAYS_AUTH: true
      DRONE_LOGS_TEXT: true
      DRONE_LOGS_PRETTY: true
      DRONE_LOGS_COLOR: true