1  # .pre-commit-config.yaml
 2  repos:
 3    # Shell script checks
 4    - repo: https://github.com/koalaman/shellcheck-precommit
 5      rev: v0.7.2
 6      hooks:
 7        - id: shellcheck
 8          files: ^cloud-init/.*\.sh$
 9  
10    - repo: https://github.com/adrienverge/yamllint.git
11      rev: v1.29.0
12      hooks:
13        - id: yamllint
14          args: [--strict]
15          files: ^cloud-init/(templates|generated)/.*\.ya?ml$
16  
17    # Detect secrets (SSH keys, passwords)
18    - repo: https://github.com/pre-commit/pre-commit-hooks
19      rev: v6.0.0
20      hooks:
21        - id: detect-private-key
22          files: ^cloud-init/keys/.*
23        - id: end-of-file-fixer
24        - id: trailing-whitespace
25        - id: check-added-large-files
26          args: ["--maxkb=10240"]  # 10 MB limit
27  
28    - repo: local
29      hooks:
30        - id: git-secrets
31          name: "Git secrets scan"
32          entry: "./scripts/git-secrets-wrapper.sh"
33          language: script
34          types: [text]