From f0a6443883aa4b2d284c50932c55b46bdb9b1665 Mon Sep 17 00:00:00 2001
From: Stephen Finucane <stephenfin@redhat.com>
Date: Tue, 30 Jul 2024 13:58:24 +0100
Subject: [PATCH] Add pre-commit

This is helpful to automate code style checks at runtime. Some of these
are currently disabled since fixing them requires some work. Those fixes
will come separately.

Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Change-Id: I0eb7bdfe527722b012981a1d6bd15580b6adfe6e
---
 .pre-commit-config.yaml | 53 +++++++++++++++++++++++++++++++++++++++++
 tox.ini                 | 21 ++++++++++------
 2 files changed, 67 insertions(+), 7 deletions(-)
 create mode 100644 .pre-commit-config.yaml

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 00000000..8ca998ed
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,53 @@
+---
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.6.0
+    hooks:
+      - id: trailing-whitespace
+      - id: mixed-line-ending
+        args: ['--fix', 'lf']
+        exclude: '.*\.(svg)$'
+      - id: check-byte-order-marker
+      - id: check-executables-have-shebangs
+      - id: check-merge-conflict
+      - id: debug-statements
+      - id: check-yaml
+        files: .*\.(yaml|yml)$
+        exclude: '^zuul.d/.*$'
+  # - repo: https://github.com/astral-sh/ruff-pre-commit
+  #   rev: v0.5.5
+  #   hooks:
+  #     - id: ruff
+  #       args: ['--fix', '--unsafe-fixes']
+  #     - id: ruff-format
+  - repo: https://github.com/PyCQA/bandit
+    rev: 1.7.9
+    hooks:
+      - id: bandit
+        # We ignore the following:
+        #   B110: except: pass
+        #   B410: importing etree
+        args: ['-x', 'tests', '-s', 'B110,B410']
+  - repo: https://opendev.org/openstack/hacking
+    rev: 6.1.0
+    hooks:
+      - id: hacking
+        additional_dependencies:
+          - flake8-import-order~=0.18.2
+        exclude: '^(doc|releasenotes|tools)/.*$'
+  # - repo: https://github.com/pre-commit/mirrors-mypy
+  #   rev: v1.10.1
+  #   hooks:
+  #     - id: mypy
+  #       additional_dependencies:
+  #         - types-decorator
+  #         - types-PyYAML
+  #         - types-requests
+  #         - types-simplejson
+  #       # keep this in-sync with '[mypy] exclude' in 'setup.cfg'
+  #       exclude: |
+  #         (?x)(
+  #           doc/.*
+  #           | examples/.*
+  #           | releasenotes/.*
+  #         )
diff --git a/tox.ini b/tox.ini
index 6ad63811..ec72534b 100644
--- a/tox.ini
+++ b/tox.ini
@@ -17,17 +17,24 @@ commands =
     stestr run {posargs}
 
 [testenv:pep8]
+description =
+    Run style checks.
+skip_install = true
+deps =
+    pre-commit
 commands =
-    flake8
-    # Run security linter
-    # B110: except: pass
-    # B410: importing etree
-    bandit -r keystoneauth1 -x tests -s B110,B410
+    pre-commit run --all-files --show-diff-on-failure
 
-[testenv:bandit]
 # NOTE(browne): This is required for the integration test job of the bandit
 # project. Please do not remove.
-commands = bandit -r keystoneauth1 -x tests -s B110,B410
+[testenv:bandit]
+description =
+    Run bandit security checks.
+skip_install = true
+deps =
+    pre-commit
+commands =
+    pre-commit run --all-files --show-diff-on-failure bandit
 
 [testenv:venv]
 commands = {posargs}