nix-dotfiles/checks.nix

{
  inputs,
  forEachSystem,
  formatter,
  ...
}:
forEachSystem (system: {
  pre-commit-check = inputs.pre-commit-hooks.lib.${system}.run {
    src = ./.;
    hooks = {
      # nix checks
      # Example custom hook for nix formatting
      fmt-check = {
        enable = true;

        # The command to execute (mandatory):
        entry = "${formatter.${system}}/bin/nixfmt --check";

        # The pattern of files to run on (default: "" (all))
        # see also https://pre-commit.com/#hooks-files
        files = "\\.nix$";
      };
      ## static analysis checks for nix
      nil.enable = true;
      statix.enable = true;

      # json hooks
      check-json = {
        enable = true;
        # exclude vscode json files as they allow comments and check-json doesn't
        excludes = [ "settings.json$" ];
      };

      # toml hooks
      check-toml.enable = true;

      # git hooks
      check-merge-conflicts.enable = true;
      ## prevents committing to main
      no-commit-to-branch.enable = true;

      # misc hooks
      check-added-large-files.enable = true;
      ## prevents two similarly named files for case sensitive systems
      check-case-conflicts.enable = true;
      detect-private-keys.enable = true;
    };
  };
})
Full rewrite of devshell migrates pre-commit to cachix's pre-commit-hooks adds a ton of new hooks: - check-added-large-files - check-case-conflicts - check-json - check-merge-conflicts - detect-private-keys - fmt-check - nil - no-commit-to-branch - statix (disabled for now) migrates devshell to new devshells, set up modularly to have separate functionality for sops, pre-commit-hooks, and our custom packages Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-05-19 23:32:52 -04:00			`{`
			`inputs,`
			`forEachSystem,`
			`formatter,`
			`...`
			`}:`
			`forEachSystem (system: {`
			`pre-commit-check = inputs.pre-commit-hooks.lib.${system}.run {`
			`src = ./.;`
			`hooks = {`
			`# nix checks`
adds comments for pre-commit checks Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-05-20 01:06:40 -04:00			`# Example custom hook for nix formatting`
Full rewrite of devshell migrates pre-commit to cachix's pre-commit-hooks adds a ton of new hooks: - check-added-large-files - check-case-conflicts - check-json - check-merge-conflicts - detect-private-keys - fmt-check - nil - no-commit-to-branch - statix (disabled for now) migrates devshell to new devshells, set up modularly to have separate functionality for sops, pre-commit-hooks, and our custom packages Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-05-19 23:32:52 -04:00			`fmt-check = {`
			`enable = true;`

			`# The command to execute (mandatory):`
			`entry = "${formatter.${system}}/bin/nixfmt --check";`

			`# The pattern of files to run on (default: "" (all))`
			`# see also https://pre-commit.com/#hooks-files`
			`files = "\\.nix$";`
			`};`
adds comments for pre-commit checks Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-05-20 01:06:40 -04:00			`## static analysis checks for nix`
Full rewrite of devshell migrates pre-commit to cachix's pre-commit-hooks adds a ton of new hooks: - check-added-large-files - check-case-conflicts - check-json - check-merge-conflicts - detect-private-keys - fmt-check - nil - no-commit-to-branch - statix (disabled for now) migrates devshell to new devshells, set up modularly to have separate functionality for sops, pre-commit-hooks, and our custom packages Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-05-19 23:32:52 -04:00			`nil.enable = true;`
fix all statix warnings and re-enable statix pre-commit Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-05-21 19:43:57 -04:00			`statix.enable = true;`
Full rewrite of devshell migrates pre-commit to cachix's pre-commit-hooks adds a ton of new hooks: - check-added-large-files - check-case-conflicts - check-json - check-merge-conflicts - detect-private-keys - fmt-check - nil - no-commit-to-branch - statix (disabled for now) migrates devshell to new devshells, set up modularly to have separate functionality for sops, pre-commit-hooks, and our custom packages Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-05-19 23:32:52 -04:00
			`# json hooks`
fix erroneous output warning, remove vscode json file from check vscode json files allow comments, but check-json only allows regular json. the check now ignores settings.json moves inherit for outputs to the let, as it was attempting to output the outputs variable. Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-05-19 23:44:59 -04:00			`check-json = {`
			`enable = true;`
			`# exclude vscode json files as they allow comments and check-json doesn't`
			`excludes = [ "settings.json$" ];`
			`};`
Full rewrite of devshell migrates pre-commit to cachix's pre-commit-hooks adds a ton of new hooks: - check-added-large-files - check-case-conflicts - check-json - check-merge-conflicts - detect-private-keys - fmt-check - nil - no-commit-to-branch - statix (disabled for now) migrates devshell to new devshells, set up modularly to have separate functionality for sops, pre-commit-hooks, and our custom packages Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-05-19 23:32:52 -04:00
revert statix fixes for empty_pattern empty_pattern forces {...} to be converted to {_}, which breaks situations where an import is done multiple ways with the same attributes, and only some of the imported files use those attributes (ex. systems/<host>/default.nix) Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-05-20 00:07:52 -04:00			`# toml hooks`
			`check-toml.enable = true;`

Full rewrite of devshell migrates pre-commit to cachix's pre-commit-hooks adds a ton of new hooks: - check-added-large-files - check-case-conflicts - check-json - check-merge-conflicts - detect-private-keys - fmt-check - nil - no-commit-to-branch - statix (disabled for now) migrates devshell to new devshells, set up modularly to have separate functionality for sops, pre-commit-hooks, and our custom packages Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-05-19 23:32:52 -04:00			`# git hooks`
			`check-merge-conflicts.enable = true;`
adds comments for pre-commit checks Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-05-20 01:06:40 -04:00			`## prevents committing to main`
Full rewrite of devshell migrates pre-commit to cachix's pre-commit-hooks adds a ton of new hooks: - check-added-large-files - check-case-conflicts - check-json - check-merge-conflicts - detect-private-keys - fmt-check - nil - no-commit-to-branch - statix (disabled for now) migrates devshell to new devshells, set up modularly to have separate functionality for sops, pre-commit-hooks, and our custom packages Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-05-19 23:32:52 -04:00			`no-commit-to-branch.enable = true;`

			`# misc hooks`
			`check-added-large-files.enable = true;`
adds comments for pre-commit checks Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-05-20 01:06:40 -04:00			`## prevents two similarly named files for case sensitive systems`
Full rewrite of devshell migrates pre-commit to cachix's pre-commit-hooks adds a ton of new hooks: - check-added-large-files - check-case-conflicts - check-json - check-merge-conflicts - detect-private-keys - fmt-check - nil - no-commit-to-branch - statix (disabled for now) migrates devshell to new devshells, set up modularly to have separate functionality for sops, pre-commit-hooks, and our custom packages Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-05-19 23:32:52 -04:00			`check-case-conflicts.enable = true;`
			`detect-private-keys.enable = true;`
			`};`
			`};`
			`})`