Feature/more pre commit checks (#7)

* Added pre-commit enforced branch protection.

* added a lot of new pre-commit checks

The following checks were added:
- name: flake-checker
  description: Run health checks on your flake-powered Nix projects.
- name: check-shebang-scripts-are-executable
  description: Ensure that all (non-binary) files with a shebang are executable
- name: detect-private-keys
  description: Detect the presence of private keys.
- name: check-symlinks
  description: Checks for broken symlinks in the repository.
- name: gitlint
  description: Linting for your git commit messages

The following checks were not added:
- name: lychee
  description: Checks for broken links in Markdown files.
  because: (is broken) checking links is not possible in the sandbox.
- name: editorconfig-checker
  description: Verify that the files are in harmony with the  .editorconfig.
  because: (is clunky) might cause formatters to fight

Author: Tygo-van-den-Hurk

.config/pre-commit.nix

@@ -1,7 +1,17 @@
+# See https://github.com/cachix/git-hooks.nix/blob/fa466640195d38ec97cf0493d6d6882bc4d14969/modules/hooks.nix
 {
   src = ./..;
   hooks = {
 
+    # Run health checks on your flake-powered Nix projects.
+    flake-checker = {
+      enable = true;
+      stages = [
+        "pre-push"
+        "manual"
+      ];
+    };
+
     # Check if the flake passes all it's checks. (takes a long time)
     nix-flake-check = {
       enable = true;
@@ -14,6 +24,44 @@
       ];
     };
 
+    # Ensure that all (non-binary) files with a shebang are executable.
+    check-shebang-scripts-are-executable = {
+      enable = true;
+      stages = [
+        "pre-commit"
+        "pre-push"
+        "manual"
+      ];
+    };
+
+    # Detect the presence of private keys.
+    detect-private-keys = {
+      enable = true;
+      stages = [
+        "pre-commit"
+        "pre-push"
+        "manual"
+      ];
+    };
+
+    # Checks for broken symlinks in the repository.
+    check-symlinks = {
+      enable = true;
+      stages = [
+        "pre-commit"
+        "pre-push"
+        "manual"
+      ];
+    };
+
+    # Linting for your git commit messages"
+    gitlint = {
+      enable = true;
+      stages = [
+        "commit-msg"
+      ];
+    };
+
     # disallows commits to certain branches.
     no-commit-to-branch = {
       enable = true;
@@ -77,5 +125,26 @@
       ];
     };
 
+    #! Requires an internet connection while in sandbox, thus does not work.
+    # # Checks for broken links in Markdown files.
+    # lychee = {
+    #   enable = true;
+    #   stages = [
+    #     "pre-commit"
+    #     "pre-push"
+    #     "manual"
+    #   ];
+    # };
+
+    #! Does not work properly, especially because formatters fight.
+    # # Verify that the files are in harmony with the `.editorconfig`.
+    # editorconfig-checker = {
+    #   enable = true;
+    #   stages = [
+    #     "pre-commit"
+    #     "pre-push"
+    #     "manual"
+    #   ];
+    # };
   };
 }

.devcontainer/devcontainer.json

@@ -22,4 +22,4 @@
       }
     }
   }
-}
+}

.editorconfig

@@ -13,7 +13,6 @@ indent_style = space
 trim_trailing_whitespace = true
 indent_size = 4
 
-
 #| Markdown – 2-space is typical and trailing whitespace must be kept
 
 [*.md]
@@ -103,3 +102,22 @@ indent_size = 2
 
 [*.nix]
 indent_size = 2
+
+
+#| Lock files and Licence files are generated and should not be checked
+
+[*.lock]
+charset = unset
+end_of_line = unset
+insert_final_newline = unset
+trim_trailing_whitespace = unset
+
+[LICENSE]
+end_of_line = unset
+insert_final_newline = unset
+trim_trailing_whitespace = unset
+
+[LICENSE*]
+end_of_line = unset
+insert_final_newline = unset
+trim_trailing_whitespace = unset

.envrc

@@ -1,4 +1,4 @@
 # automatically loads a Nix Development environment if nix is installed.
-if has nix; then 
-    use flake . 
+if has nix; then
+    use flake .
 fi

.github/workflows/automerge-dependabot.yml

@@ -10,7 +10,7 @@ on:
 permissions:
   contents: write       # To push merges
   pull-requests: write  # To comment, approve, or merge PRs
-  
+
 jobs:
   automerge:
     runs-on: ubuntu-latest
@@ -30,28 +30,28 @@ jobs:
             echo "Invalid PR title: expected exactly two semantic versions" >&2
             exit 1
           fi
-          
+
           VERSION_FROM="${VERSIONS[0]}"
           VERSION_TO="${VERSIONS[1]}"
-          
+
           IFS='.' read -r MAJOR_FROM MINOR_FROM PATCH_FROM <<< "$VERSION_FROM"
           IFS='.' read -r MAJOR_TO MINOR_TO PATCH_TO <<< "$VERSION_TO"
-          
+
           MAJOR_FROM=$(echo $VERSION_FROM | cut -d. -f1)
           MINOR_FROM=$(echo $VERSION_FROM | cut -d. -f2)
           PATCH_FROM=$(echo $VERSION_FROM | cut -d. -f3)
-          
+
           echo "MAJOR_FROM: $MAJOR_FROM, MINOR_FROM: $MINOR_FROM, PATCH_FROM: $PATCH_FROM"
-          
+
           MAJOR_TO=$(echo $VERSION_TO | cut -d. -f1)
           MINOR_TO=$(echo $VERSION_TO | cut -d. -f2)
           PATCH_TO=$(echo $VERSION_TO | cut -d. -f3)
-          
+
           echo "MAJOR_TO: $MAJOR_TO, MINOR_TO: $MINOR_TO, PATCH_TO: $PATCH_TO"
-          
-          if [ "$MAJOR_FROM" = "$MAJOR_TO" ] && [ "$MINOR_FROM" = "$MINOR_TO" ]; then 
+
+          if [ "$MAJOR_FROM" = "$MAJOR_TO" ] && [ "$MINOR_FROM" = "$MINOR_TO" ]; then
               echo "patch_update=true"
-          else 
+          else
               echo "patch_update=false"
           fi
       - name: Auto-merge PR (by bypassing status checks)

.github/workflows/deploy-github-pages.yml

@@ -5,9 +5,9 @@ on:
   push:
     branches: ["main"]
     paths:
-        - "**/.MD" 
-        - "**/.md" 
-        
+        - "**/.MD"
+        - "**/.md"
+
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
 

.github/workflows/nix-flake-check.yml

@@ -7,7 +7,7 @@ on:
       - main
   push:
     branches:
-      - main 
+      - main
 
 jobs:
   nix-flake-check:

README.md

@@ -3,52 +3,52 @@
 <br>
 <div align="center">
     <a href="https://nixos.org">
-        <img src="https://img.shields.io/badge/Built_With-Nix-5277C3.svg?style=flat&logo=nixos&labelColor=73C3D5" alt="Built with Nix"/>
+      <img src="https://img.shields.io/badge/Built_With-Nix-5277C3.svg?style=flat&logo=nixos&labelColor=73C3D5" alt="Built with Nix"/>
     </a>
     <a href="https://containers.dev/">
-        <img src="https://img.shields.io/badge/devcontainer-provided-green?style=flat" alt="devcontainer provided"/>
+      <img src="https://img.shields.io/badge/devcontainer-provided-green?style=flat" alt="devcontainer provided"/>
     </a>
     <!--~ Repository CI/CD ~-->
     <a href="https://github.com/school-Tygo-van-den-Hurk/template/actions/workflows/deploy-github-pages.yml">
-        <img src="https://github.com/school-Tygo-van-den-Hurk/template/workflows/Deploy%20GitHub%20Pages/badge.svg?style=flat" alt="GitHub deployment status" />
+      <img src="https://github.com/school-Tygo-van-den-Hurk/template/workflows/Deploy%20GitHub%20Pages/badge.svg?style=flat" alt="GitHub deployment status" />
     </a>
     <a href="https://github.com/school-Tygo-van-den-Hurk/template/actions/workflows/nix-flake-check.yml">
-        <img src="https://github.com/school-Tygo-van-den-Hurk/template/workflows/Nix%20Flake%20Checks/badge.svg?style=flat" alt="GitHub tests status" />
+      <img src="https://github.com/school-Tygo-van-den-Hurk/template/workflows/Nix%20Flake%20Checks/badge.svg?style=flat" alt="GitHub tests status" />
     </a>
     <a href="https://github.com/school-Tygo-van-den-Hurk/template/actions/workflows/automerge-dependabot.yml">
-        <img src="https://github.com/school-Tygo-van-den-Hurk/template/workflows/Automerge%20Dependabot/badge.svg?style=flat" alt="GitHub dependabot automerge status" />
+      <img src="https://github.com/school-Tygo-van-den-Hurk/template/workflows/Automerge%20Dependabot/badge.svg?style=flat" alt="GitHub dependabot automerge status" />
     </a>
     <!--~ Repository Statistics ~-->
     <a href="https://github.com/school-Tygo-van-den-Hurk/template/graphs/contributors">
-        <img src="https://img.shields.io/github/contributors/school-Tygo-van-den-Hurk/template?style=flat" alt="Contributors"/>
+      <img src="https://img.shields.io/github/contributors/school-Tygo-van-den-Hurk/template?style=flat" alt="Contributors"/>
     </a>
     <a href="https://github.com/school-Tygo-van-den-Hurk/template/blob/main/LICENSE">
-        <img src="https://img.shields.io/github/license/school-Tygo-van-den-Hurk/template?style=flat" alt="The Eclipse Public License v2.0 badge" />
+      <img src="https://img.shields.io/github/license/school-Tygo-van-den-Hurk/template?style=flat" alt="The Eclipse Public License v2.0 badge" />
     </a>
     <a href="https://github.com/school-Tygo-van-den-Hurk/template/commit">
-        <img src="https://badgen.net/github/commits/school-Tygo-van-den-Hurk/template?style=flat" alt="GitHub commits" />
+      <img src="https://badgen.net/github/commits/school-Tygo-van-den-Hurk/template?style=flat" alt="GitHub commits" />
     </a>
-     <a href="https://github.com/school-Tygo-van-den-Hurk/template/commit">
-        <img src="https://badgen.net/github/last-commit/school-Tygo-van-den-Hurk/template?style=flat" alt="GitHub latest commit" />
+    <a href="https://github.com/school-Tygo-van-den-Hurk/template/commit">
+      <img src="https://badgen.net/github/last-commit/school-Tygo-van-den-Hurk/template?style=flat" alt="GitHub latest commit" />
     </a>
     <a href="https://github.com/school-Tygo-van-den-Hurk/template/network/">
-        <img src="https://badgen.net/github/forks/school-Tygo-van-den-Hurk/template?style=flat" alt="GitHub forks" />
+      <img src="https://badgen.net/github/forks/school-Tygo-van-den-Hurk/template?style=flat" alt="GitHub forks" />
     </a>
     <a href="https://github.com/school-Tygo-van-den-Hurk/template/">
-        <img src="https://img.shields.io/github/languages/count/school-Tygo-van-den-Hurk/template?style=flat" alt="amount of languages in the repository" />
+      <img src="https://img.shields.io/github/languages/count/school-Tygo-van-den-Hurk/template?style=flat" alt="amount of languages in the repository" />
     </a>   
     <a href="https://github.com/school-Tygo-van-den-Hurk/template/stargazers">
-        <img src="https://img.shields.io/github/stars/school-Tygo-van-den-Hurk/template?style=flat" alt="amount of stars" />
+      <img src="https://img.shields.io/github/stars/school-Tygo-van-den-Hurk/template?style=flat" alt="amount of stars" />
     </a>
     <!--~ Repository Updates ~-->
     <a href="https://github.com/school-Tygo-van-den-Hurk/template/pulse">
-        <img src="https://img.shields.io/github/created-at/school-Tygo-van-den-Hurk/template?style=flat" alt="created at badge" />
+      <img src="https://img.shields.io/github/created-at/school-Tygo-van-den-Hurk/template?style=flat" alt="created at badge" />
     </a>
     <a href="https://github.com/school-Tygo-van-den-Hurk/template/release">
-        <img src="https://img.shields.io/github/release/school-Tygo-van-den-Hurk/template?style=flat&display_name=release" alt="newest release" />
+      <img src="https://img.shields.io/github/release/school-Tygo-van-den-Hurk/template?style=flat&display_name=release" alt="newest release" />
     </a>
     <a href="https://github.com/school-Tygo-van-den-Hurk/template/">
-        <img src="https://img.shields.io/github/repo-size/school-Tygo-van-den-Hurk/template?style=flat" alt="the size of the repository" />
+      <img src="https://img.shields.io/github/repo-size/school-Tygo-van-den-Hurk/template?style=flat" alt="the size of the repository" />
     </a>   
 </div>
 <br>