forked from CodesWhat/drydock
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathlefthook.yml
More file actions
108 lines (100 loc) · 3.86 KB
/
lefthook.yml
File metadata and controls
108 lines (100 loc) · 3.86 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
---
# Lefthook configuration — mirrors CI pipeline for local/CI parity.
#
# Pre-push pipeline (piped = sequential, fail-fast):
# 0. Clean tree gate — rejects untracked/uncommitted/stashed files
# 1. Lint gate (~20s) — catches formatting/lint before burning CPU
# 2. Coverage (sharded app+ui parallel) — tests run here, gap report on fail
# 3. Build (sharded app+ui parallel) — tsc/vite only, no tests
# 4. E2E + Playwright + zizmor (blocking)
#
# Coverage runs BEFORE build because it's the most common failure mode and
# it already exercises the code. Splitting it out of the build step means
# tests run exactly once per push instead of once embedded in build-and-test
# plus again if we ever add a standalone coverage gate.
#
# Snyk scans are CI-only (release workflow) to preserve the 200/month quota.
#
# Biome runs directly (not via qlty) because qlty's biome integration
# does not reliably apply fixes. Qlty handles all other linters.
pre-commit:
piped: true
commands:
biome-fix:
glob: '*.{ts,js,json,vue,css}'
run: npx biome check --fix --no-errors-on-unmatched {staged_files} && git add {staged_files}
priority: 1
biome-format:
glob: '*.{ts,js,json,vue,css}'
run: npx biome format --write --no-errors-on-unmatched {staged_files} && git add {staged_files}
priority: 2
coverage:
glob: '*.{ts,vue}'
run: ./scripts/pre-commit-coverage.sh
priority: 3
timeout: 2m
pre-push:
piped: true
commands:
# ── Clean tree gate: block push if uncommitted changes exist ───────
# CI only sees committed state. Hard-fail so you don't push code
# that hasn't been tested in its committed form.
clean-tree:
run: |
dirty=$(git status --porcelain 2>/dev/null)
if [ -n "$dirty" ]; then
echo "❌ Working tree has uncommitted changes (CI won't see these):"
echo ""
echo "$dirty"
echo ""
echo "What do we want to do with these files?"
exit 1
fi
fail_text: "Uncommitted changes detected — decide what to do with them before pushing"
priority: 1
timeout: 10s
# ── Lint gate: fast checks that catch formatting/lint issues ──────
ts-nocheck:
run: node scripts/check-ts-nocheck-allowlist.mjs
priority: 2
timeout: 15s
biome:
run: npx biome check .
priority: 3
timeout: 30s
qlty:
run: ./scripts/qlty-check-gate.sh all
priority: 4
timeout: 4m
# ── Coverage: sharded app+ui parallel, 100% threshold ────────────
# Runs tests with coverage. On failure, writes .coverage-gaps.json
# with exact files + uncovered lines/branches (parsed from lcov.info).
# Honors DD_COVERAGE_FAIL_FAST=1 for sequential first-failure mode.
coverage:
run: ./scripts/pre-push-coverage.sh
priority: 5
timeout: 6m
# ── Build: sharded app+ui parallel, no tests ─────────────────────
# Tests already ran in the coverage step, so this is tsc/vite only.
build:
run: ./scripts/pre-push-build.sh
priority: 6
timeout: 4m
# ── E2E: mirrors CI "E2E Tests" job ──────────────────────────────
e2e:
run: ./scripts/run-e2e-tests.sh
priority: 7
timeout: 10m
# ── Playwright: mirrors CI "Playwright E2E" job ────────────────
e2e-playwright:
run: ./scripts/run-playwright-qa.sh
priority: 8
timeout: 15m
# ── Zizmor: GitHub Actions security scanner (blocking) ───────────
zizmor:
glob: '.github/workflows/*.yml'
run: zizmor .github/workflows/
skip:
- run: '! command -v zizmor >/dev/null 2>&1'
priority: 9
timeout: 30s