.pre-commit-config.yaml

# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements.  See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership.  The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License.  You may obtain a copy of the License at
#
#   http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied.  See the License for the
# specific language governing permissions and limitations
# under the License.

---
# https://pre-commit.com/#installation
default_stages: [pre-commit, pre-push]
default_language_version:
  python: python3
  node: 24.13.0
minimum_pre_commit_version: '3.2.0'
repos:
  - repo: meta
    hooks:
      - id: identity
        name: run identity check
        description: a simple hook which prints all arguments passed to it, useful for debugging
      - id: check-hooks-apply
        name: run check hooks apply
        description: check that all the hooks apply to the repository
  - repo: https://github.com/thlorenz/doctoc.git
    rev: v2.3.0
    hooks:
      - id: doctoc
        name: add TOC for Markdown files
        description: automatically keeps your table of contents up to date
        files: ^README\.md$
  - repo: local
    hooks:
      - id: npm-install
        name: Install Zeppelin Node dependencies
        entry: bash -c "cd zeppelin && npm install"
        language: system
        pass_filenames: false
        files: ^zeppelin/(package\.json|package-lock\.json)$
        description: Ensures local node_modules match the lockfile
        stages: [manual]
      - id: prettier
        name: run prettier
        description: format files with prettier
        entry: prettier --write '**/*.js' '**/*.yaml' '**/*.yml'
        files: \.(js|ya?ml)$
        language: node
        additional_dependencies: ['prettier@3.8.1']
        pass_filenames: false
      - id: maven-spotless-apply
        name: maven spotless apply
        description: automatically formats Java and Scala code using mvn spotless:apply.
        entry: mvn spotless:apply
        language: system # Indicates that the 'entry' command should be run directly as a system command.
        types: [java, scala] # Specifies that this hook should run on Java and Scala files.
        pass_filenames:
          false # Crucial: tells pre-commit NOT to pass filenames as arguments to 'mvn spotless:apply'.
          # Spotless typically scans the whole project based on its configuration.
        always_run:
          true # Ensures this hook runs even if no Java files are changed.
          # This is useful for spotless:apply which might affect files not staged.
        stages: [manual]
      - id: check-zip-file-is-not-committed
        name: check no zip files are committed
        description: Zip files are not allowed in the repository
        language: fail
        entry: |
          Zip files are not allowed in the repository as they are hard to
          track and have security implications. Please remove the zip file from the repository.
        files: (?i)\.zip$
      - id: check-makefiles-tabs
        name: check Makefiles files for tabs
        description: ensures that Makefiles are indented with tabs
        entry: ./scripts/pre-commit/check_makefiles_for_tabs.sh # Path to your script
        language: system
        files: '(?i)makefile$'
        pass_filenames: true # <-- Crucial change: pass filenames to the script
        types: [file] # Ensure only regular files are passed, not directories
        stages: [manual]
      - id: validate-dependabot-yml
        name: validate dependabot.yml
        description: ensures the dependabot config file is valid
        entry: validate-dependabot-yaml
        language: node
        additional_dependencies: ['@bugron/validate-dependabot-yaml@0.3.3']
        files: ^\.github/dependabot\.yml$
  - repo: https://github.com/Lucas-C/pre-commit-hooks
    rev: v1.5.6
    hooks:
      - id: chmod
        name: set file permissions
        description: manual hook to be run by macOS or Linux users for a full repository clean up
        args: ['644']
        files: \.md$
        stages: [manual]
      - id: insert-license
        name: add license for all Batch files
        description: automatically adds a licence header to all Batch files that don't have a license header
        files: \.bat$
        args:
          - --comment-style
          - '|REM|'
          - --license-filepath
          - .github/workflows/license-templates/LICENSE.txt
          - --fuzzy-match-generates-todo
      - id: insert-license
        name: add license for all .c files
        description: automatically adds a licence header to all C files that don't have a license header
        files: \.c$
        args:
          - --comment-style
          - '/*|*|*/'
          - --license-filepath
          - .github/workflows/license-templates/LICENSE.txt
          - --fuzzy-match-generates-todo
      - id: insert-license
        name: add license for all .h files
        description: automatically adds a licence header to all header files that don't have a license header
        files: \.h$
        args:
          - --comment-style
          - '/*| *| */'
          - --license-filepath
          - .github/workflows/license-templates/LICENSE.txt
          - --fuzzy-match-generates-todo
      - id: insert-license
        name: add license for all ini files
        description: automatically adds a licence header to all ini files that don't have a license header
        files: \.ini$
        args:
          - --comment-style
          - '|;|'
          - --license-filepath
          - .github/workflows/license-templates/LICENSE.txt
          - --fuzzy-match-generates-todo
      - id: insert-license
        name: add license for all Java files
        description: automatically adds a licence header to all Java files that don't have a license header
        files: \.java$
        args:
          - --comment-style
          - '/*|*|*/'
          - --license-filepath
          - .github/workflows/license-templates/LICENSE.txt
          - --fuzzy-match-generates-todo
      - id: insert-license
        name: add license for all Markdown files
        description: automatically adds a licence header to all Markdown files that don't have a license header
        files: \.md$
        args:
          - --comment-style
          - '<!--|| -->'
          - --license-filepath
          - .github/workflows/license-templates/LICENSE.txt
          - --fuzzy-match-generates-todo
        exclude: |
          (?x)^(
            \.github/issue_template\.md|
            \.github/pull_request_template\.md|
            docs/blog/.*\.md|
            docs/index\.md
          )$
      - id: insert-license
        name: add license for all R Markdown files
        description: automatically adds a licence header to all R Markdown files that don't have a license header
        files: \.Rmd$
        args:
          - --comment-style
          - '<!--||-->'
          - --license-filepath
          - .github/workflows/license-templates/LICENSE.txt
          - --fuzzy-match-generates-todo
      - id: insert-license
        name: add license for all Makefile files
        description: automatically adds a licence header to all Makefiles that don't have a license header
        files: ^Makefile$
        args:
          - --comment-style
          - '|#|'
          - --license-filepath
          - .github/workflows/license-templates/LICENSE.txt
          - --fuzzy-match-generates-todo
      - id: insert-license
        name: add license for all R files
        description: automatically adds a licence header to all R files that don't have a license header
        files: \.R$
        args:
          - --comment-style
          - '|#|'
          - --license-filepath
          - .github/workflows/license-templates/LICENSE.txt
          - --fuzzy-match-generates-todo
      - id: insert-license
        name: add license for all Scala files
        description: automatically adds a licence header to all Scala files that don't have a license header
        files: \.scala$
        args:
          - --comment-style
          - '/*| *| */'
          - --license-filepath
          - .github/workflows/license-templates/LICENSE.txt
          - --fuzzy-match-generates-todo
      - id: insert-license
        name: add license for all Shell files
        description: automatically adds a licence header to all Shell files that don't have a license header
        files: \.sh$
        args:
          - --comment-style
          - '|#|'
          - --license-filepath
          - .github/workflows/license-templates/LICENSE.txt
          - --fuzzy-match-generates-todo
      - id: insert-license
        name: add license for all TOML files
        description: automatically adds a licence header to all TOML files that don't have a license header
        files: \.toml$
        args:
          - --comment-style
          - '|#|'
          - --license-filepath
          - .github/workflows/license-templates/LICENSE.txt
          - --fuzzy-match-generates-todo
      - id: insert-license
        name: add license for all XML files
        description: automatically adds a licence header to all XML files that don't have a license header
        files: \.xml$
        exclude: |
          (?x)(
            scalastyle_config\.xml|
            ^docker/zeppelin/conf/zeppelin-site\.xml|
            ^spark/common/src/test/resources/.*
          )$
        args:
          - --comment-style
          - '<!--||-->'
          - --license-filepath
          - .github/workflows/license-templates/LICENSE.txt
          - --fuzzy-match-generates-todo
      - id: insert-license
        name: add license for all YAML files
        description: automatically adds a licence header to all YAML files that don't have a license header
        files: \.ya?ml$
        args:
          - --comment-style
          - '|#|'
          - --license-filepath
          - .github/workflows/license-templates/LICENSE.txt
          - --fuzzy-match-generates-todo
      - id: insert-license
        name: add license for all properties files
        description: automatically adds a licence header to all properties files that don't have a license header
        files: \.properties$
        exclude: ^spark/common/src/test/resources
        args:
          - --comment-style
          - '|#|'
          - --license-filepath
          - .github/workflows/license-templates/LICENSE.txt
          - --fuzzy-match-generates-todo
      - id: insert-license
        name: add license for all Python files
        description: automatically adds a licence header to all Python files that don't have a license header
        files: \.py$
        args:
          - --comment-style
          - '|#|'
          - --license-filepath
          - .github/workflows/license-templates/LICENSE.txt
          - --fuzzy-match-generates-todo
      - id: insert-license
        name: add license for all other files
        description: automatically adds a licence header to all other files that don't have a license header
        files: |
          (?x)^(
            \.editorconfig|
            \.gitattributes|
            \.prettierignore|
            \.prettierrc|
            \.github/linters/\.clang-format|
            \.github/linters/\.shellcheckrc|
            \.github/CODEOWNERS|
            .*/\.gitignore|
            tools/maven/scalafmt\.conf|
            CITATION\.cff
          )$
        args:
          - --comment-style
          - '|#|'
          - --license-filepath
          - .github/workflows/license-templates/LICENSE.txt
          - --fuzzy-match-generates-todo
      - id: forbid-tabs
        name: run forbid-tabs
        description: check the codebase for tabs
        exclude: ^python/sedona/doc/make\.bat$|^spark/common/src/test/resources/.*$|(^|/)Makefile$|\.csv$|\.md$|\.tsv$
      - id: remove-tabs
        name: run remove-tabs
        description: find and convert tabs to spaces
        args: [--whitespaces-count, '2']
        exclude: ^python/sedona/doc/make\.bat$|^spark/common/src/test/resources/.*$|(^|/)Makefile$|\.csv$|\.md$|\.tsv$
  - repo: https://github.com/asottile/pyupgrade
    rev: v3.21.2
    hooks:
      - id: pyupgrade
        name: run pyupgrade
        description: a tool (and pre-commit hook) to automatically upgrade syntax for newer versions of the language
        args: [--py37-plus]
  - repo: https://github.com/psf/black-pre-commit-mirror
    rev: 26.3.1
    hooks:
      - id: black-jupyter
        name: run black-jupyter
        description: format Python files and Jupyter Notebooks with black
  - repo: https://github.com/pypa/pip-audit
    rev: v2.10.0
    hooks:
      - id: pip-audit
        name: run pip-audit
        description: audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them
        args: ['.']
  - repo: https://github.com/pre-commit/mirrors-clang-format
    rev: v22.1.1
    hooks:
      - id: clang-format
        name: run clang-format
        description: format C files with clang-format
        args: ['--style=file:.github/linters/.clang-format']
        types_or: [c]
  - repo: https://github.com/PyCQA/bandit
    rev: 1.9.4
    hooks:
      - id: bandit
        name: run bandit
        description: check Python code for security issues
        args: ['-c=pyproject.toml', '-r']
        additional_dependencies: ['bandit[toml]']
  - repo: https://github.com/codespell-project/codespell
    rev: v2.4.2
    hooks:
      - id: codespell
        name: run codespell
        description: check spelling with codespell
  - repo: https://github.com/gitleaks/gitleaks
    rev: v8.30.1
    hooks:
      - id: gitleaks
        name: run gitleaks
        description: check for secrets with gitleaks
  - repo: https://github.com/zizmorcore/zizmor-pre-commit
    rev: v1.23.1
    hooks:
      - id: zizmor
        name: run zizmor
        description: zizmor is a static analysis tool for GitHub Actions
        args: [--config=.github/linters/zizmor.yml]
        files: ^\.github/workflows/.*$
        types: [yaml]
  - repo: https://github.com/pre-commit/pygrep-hooks
    rev: v1.10.0
    hooks:
      - id: python-check-mock-methods
        name: run check for not-real mock methods
        description: Prevent common mistakes of assert mck.not_called(), assert mck.called_once_with(...) and mck.assert_called
      - id: python-no-eval
        name: run check for eval()
        description: A quick check for the eval() built-in function
        exclude: ^python/tests/flink/test_flink_registration\.py$
      - id: python-no-log-warn
        name: run check for use logger.warning(
        description: A quick check for the deprecated .warn() method of python loggers
      - id: python-use-type-annotations
        name: run check for type annotations not comments
        description: Enforce that python3.6+ type annotations are used instead of type comments
      - id: rst-backticks
        name: run rst-backticks
        description: detect common mistake of using single backticks when writing rst
      - id: rst-directive-colons
        name: run rst-directive-colons
        description: detect mistake of rst directive not ending with double colon or space before the double colon
      - id: rst-inline-touching-normal
        name: run rst-inline-touching-normal
        description: detect mistake of inline code touching normal text in rst
      - id: text-unicode-replacement-char
        name: run check for no unicode replacement char
        description: Forbid files which have a UTF-8 Unicode replacement character
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v6.0.0
    hooks:
      - id: check-ast
        name: run check-ast
        description: check Python files for syntax errors
      - id: check-builtin-literals
        name: run check-builtin-literals
        description: check Python files for proper use of built-in literals
      - id: check-case-conflict
        name: run check-case-conflict
        description: check for case conflicts in file names
      - id: check-docstring-first
        name: run check-docstring-first
        description: check that docstrings are at the start of functions
      - id: check-executables-have-shebangs
        name: run check-executables-have-shebangs
        description: check that executable scripts have shebang lines
      - id: check-illegal-windows-names
        name: run check-illegal-windows-names
        description: check for Windows-illegal file names
      - id: check-json
        name: run check-json
        description: check JSON files for syntax errors
        exclude: ^docs/usecases/data/testPolygon\.json$|^spark/common/src/test/resources/.*\.json$
      - id: check-merge-conflict
        name: run check-merge-conflict
        description: check for merge conflict markers
      - id: check-shebang-scripts-are-executable
        name: run check-shebang-scripts-are-executable
        description: check that scripts with shebangs are executable
      - id: check-toml
        name: run check-toml
        description: check TOML files for syntax errors
      - id: check-vcs-permalinks
        name: run check-vcs-permalinks
        description: ensures that links to vcs websites are permalinks
      - id: check-xml
        name: run check-xml
        description: attempts to load all xml files to verify syntax
      - id: check-yaml
        name: run check-yaml
        description: attempts to load all yaml files to verify syntax
        exclude: ^mkdocs\.yml$
      - id: debug-statements
        name: run debug-statements
        description: check for debugger imports and py37+ `breakpoint()` calls in python source.
      - id: destroyed-symlinks
        name: run destroyed-symlinks
        description: detects symlinks which are changed to regular files with a content of a path which that symlink was pointing to
      - id: detect-aws-credentials
        name: run detect-aws-credentials
        description: checks for the existence of AWS secrets that you have set up with the AWS CLI
        args: [--allow-missing-credentials]
      - id: detect-private-key
        name: run detect-private-key
        description: checks for the existence of private keys
      - id: end-of-file-fixer
        name: run end-of-file-fixer
        description: makes sure files end in a newline and only a newline
        exclude: \.svg$|^docs/image|^spark/common/src/test/resources
      - id: file-contents-sorter
        name: run file-contents-sorter
        description: sort the lines in specified files (defaults to alphabetical)
        args: [--unique]
        files: ^\.github/linters/codespell\.txt$
      - id: fix-byte-order-marker
        name: run fix-byte-order-marker
        description: removes UTF-8 byte order marker
      - id: forbid-submodules
        name: run forbid-submodules
        description: forbids any submodules in the repository
      - id: mixed-line-ending
        name: run mixed-line-ending
        description: replaces or checks mixed line ending
        exclude: \.csv$
      - id: name-tests-test
        name: run name-tests-test
        description: verifies that test files are named correctly
        args: [--pytest-test-first]
        exclude: |
          (?x)^(
            python/tests/properties/crs_transform\.py|
            python/tests/properties/linestring_properties\.py|
            python/tests/properties/point_properties\.py|
            python/tests/properties/polygon_properties\.py|
            python/tests/sql/resource/sample_data\.py|
            python/tests/streaming/spark/cases_builder\.py|
            python/tests/tools\.py
          )$
      - id: requirements-txt-fixer
        name: run requirements-txt-fixer
        description: sorts entries in the Python requirements files and removes incorrect entry for pkg-resources==0.0.0
        files: ^docker/requirements\.txt$
      - id: trailing-whitespace
        name: run trailing-whitespace
        description: trims trailing whitespace
        args: [--markdown-linebreak-ext=md]
        exclude: ^docs-overrides/main\.html$|\.Rd$
  - repo: https://github.com/igorshubovych/markdownlint-cli
    rev: v0.48.0
    hooks:
      - id: markdownlint
        name: run markdownlint
        description: check Markdown files with markdownlint
        args: [--config=.github/linters/.markdown-lint.yml]
        exclude: ^\.github/.*$
        types: [markdown]
        files: \.md$
  - repo: https://github.com/shellcheck-py/shellcheck-py
    rev: v0.11.0.1
    hooks:
      - id: shellcheck
        name: run shellcheck
        description: check Shell scripts with shellcheck
        args: [--rcfile=.github/linters/.shellcheckrc]
  - repo: https://github.com/adrienverge/yamllint
    rev: v1.38.0
    hooks:
      - id: yamllint
        name: run yamllint
        description: check YAML files with yamllint
        args: [--strict, -c=.github/linters/.yaml-lint.yml]
        types: [yaml]
        files: \.ya?ml$
  - repo: https://github.com/oxipng/oxipng
    rev: v10.1.0
    hooks:
      - id: oxipng
        name: run oxipng
        description: check PNG files with oxipng
        args: ['--fix', '-o', '4', '--strip', 'safe', '--alpha']
        stages: [manual]
  - repo: https://github.com/adamchainz/blacken-docs
    rev: 1.20.0
    hooks:
      - id: blacken-docs
        name: run blacken-docs
        description: run `black` on python code blocks in documentation files
        additional_dependencies: [black==26.3.1]
  - repo: https://github.com/editorconfig-checker/editorconfig-checker.python
    rev: 3.6.1
    hooks:
      - id: editorconfig-checker
        name: run editorconfig-checker
        description: a tool to verify that your files are in harmony with your .editorconfig
        exclude: ^docs/image/.*$|^R/man/.*\.Rd$|^spark/common/src/test/resources/.*$
        alias: ec
  - repo: https://github.com/rhysd/actionlint
    rev: v1.7.11
    hooks:
      - id: actionlint
        name: run actionlint
        description: actionlint is a static checker for GitHub Actions workflow files
        args:
          - -ignore
          - 'SC2015'
          - -ignore
          - 'SC2061'
          - -ignore
          - 'SC2072'
          - -ignore
          - 'SC2086'
          - -ignore
          - 'SC2102'
          - -ignore
          - 'SC2155'
  - repo: https://github.com/checkmake/checkmake.git
    rev: v0.3.2
    hooks:
      - id: checkmake
        name: run checkmake (root)
        description: checkmake is a linter for Makefiles
        files: ^Makefile$
        args: ['--config=checkmake.ini']
      - id: checkmake
        name: run checkmake (python/sedona/doc)
        description: checkmake is a linter for Makefiles
        files: ^python/sedona/doc/Makefile$
        args: ['--config=python/sedona/doc/checkmake.ini']