feat: 154 Prompt User to Install Code Linters for each Detected Langu…

…age (#332)

closes #154 

**Overview**

Adds functionality to prompt the user to determine if linter based
pre-commit hooks should be added to the code repository. The user will
be prompted for each detected language during `init`.

An example messages will be `Add lint pre-commit(s) for JavaScript?
[Y/n]`

adding the `--yes` option will bypass the prompting to install linter
pre-commit hooks and will automatically add them.

**Technical Approach**

This pr includes reorganizing the pre-commit templates into a new
folder/file structure. Templates will be located under
`resources/pre-commit` and will be split into separate folders and files
based on if they are linter hooks or not. The user responses and code
will determine whether or not the hooks should be combined and saved to
the user's repository. Splitting these files out ensures a simple way of
knowing which hooks are linters.

**Testing**
1. run `secureli init`
2. follow flow to add/ignore linters for each detected language
3. Verify pre-commit linters are added or not added to pre-commit.yaml
depending on prompt response

Regression testing:
Testing `scan` and `update` to ensure both are working as normal.

.coveragerc

@@ -4,6 +4,7 @@ source = secureli
 
 [report]
 fail_under = 90
+show_missing = true
 omit =
     tests/*
     */__init__.py

CONTRIBUTING.md

@@ -300,3 +300,4 @@ A special thanks to everyone that has contributed to seCureLI so far:
 - Jeff Schumacher
 - Caleb Tonn
 - Josh Werner
+- Kevin Orlando

secureli/actions/action.py

@@ -148,7 +148,19 @@ def _install_secureli(self, folder_path: Path, always_yes: bool) -> VerifyResult
             languages = list(analyze_result.language_proportions.keys())
             self.action_deps.echo.print(f"Overall Detected Languages: {languages}")
 
-            metadata = self.action_deps.language_support.apply_support(languages)
+            lint_languages = self._prompt_get_lint_config_languages(
+                languages, always_yes
+            )
+
+            language_config_result = (
+                self.action_deps.language_support._build_pre_commit_config(
+                    languages, lint_languages
+                )
+            )
+
+            metadata = self.action_deps.language_support.apply_support(
+                languages, language_config_result
+            )
 
         except (ValueError, LanguageNotSupportedError, InstallFailedError) as e:
             self.action_deps.echo.error(
@@ -160,6 +172,7 @@ def _install_secureli(self, folder_path: Path, always_yes: bool) -> VerifyResult
 
         config = SecureliConfig(
             languages=languages,
+            lint_languages=lint_languages,
             version_installed=metadata.version,
         )
         self.action_deps.secureli_config.save(config)
@@ -193,6 +206,30 @@ def _install_secureli(self, folder_path: Path, always_yes: bool) -> VerifyResult
             analyze_result=analyze_result,
         )
 
+    def _prompt_get_lint_config_languages(
+        self, languages: list[str], always_yes: bool
+    ) -> list[str]:
+        """
+        Prompts user to add lint pre-commit hooks for each detected language
+        :param languages: list of detected languages
+        :param always_yes: Assume "Yes" to all prompts
+        :return: set of filtered languages to add lint pre-commit hooks for
+        """
+        if always_yes:
+            return [*languages]
+
+        lint_languages: list[str] = []
+
+        for language in languages:
+            add_linter = self.action_deps.echo.confirm(
+                f"Add lint pre-commit hook(s) for {language}?", default_response=True
+            )
+
+            if add_linter:
+                lint_languages.append(language)
+
+        return lint_languages
+
     def _update_secureli(self, always_yes: bool):
         """
         Prompts the user to update to the latest secureli install.

secureli/repositories/secureli_config.py

@@ -10,6 +10,7 @@
 
 class SecureliConfig(BaseModel):
     languages: Optional[list[str]]
+    lint_languages: Optional[list[str]]
     version_installed: Optional[str]
 
 
@@ -96,6 +97,7 @@ def update(self) -> SecureliConfig:
 
         return SecureliConfig(
             languages=[old_config.overall_language],
+            lint_languages=[old_config.overall_language],
             version_installed=old_config.version_installed,
         )
 

secureli/resources/files/pre-commit/base/base-pre-commit.yaml

@@ -0,0 +1,27 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.3.0
+    hooks:
+      - id: check-added-large-files
+      - id: check-ast
+      - id: check-docstring-first
+      - id: check-executables-have-shebangs
+      - id: check-shebang-scripts-are-executable
+      - id: check-merge-conflict
+      - id: check-toml
+      - id: check-json
+      - id: check-xml
+      - id: check-yaml
+      - id: debug-statements
+      - id: detect-aws-credentials
+        args: [--allow-missing-credentials]
+      - id: detect-private-key
+      - id: name-tests-test
+        args: [--pytest-test-first]
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+  - repo: https://github.com/Yelp/detect-secrets
+    rev: v1.4.0
+    hooks:
+      - id: detect-secrets

secureli/resources/files/pre-commit/base/csharp-pre-commit.yaml

@@ -0,0 +1 @@
+repos:

secureli/resources/files/pre-commit/base/go-pre-commit.yaml

@@ -0,0 +1 @@
+repos:

secureli/resources/files/pre-commit/base/java-pre-commit.yaml

@@ -0,0 +1 @@
+repos:

secureli/resources/files/pre-commit/base/javascript-pre-commit.yaml

@@ -0,0 +1 @@
+repos:

secureli/resources/files/pre-commit/base/python-pre-commit.yaml

@@ -0,0 +1,10 @@
+repos:
+  - repo: https://github.com/pre-commit/pygrep-hooks
+    rev: v1.9.0
+    hooks:
+      - id: python-use-type-annotations
+  - repo: https://github.com/PyCQA/bandit
+    rev: 1.7.4
+    hooks:
+      - id: bandit
+        args: ["--exclude", "tests/", "--severity-level", "medium"]

secureli/resources/files/pre-commit/base/swift-pre-commit.yaml

@@ -0,0 +1,6 @@
+repos:
+  - repo: https://github.com/Yelp/detect-secrets
+    rev: v1.4.0
+    hooks:
+      - id: detect-secrets
+        exclude: .xcscheme$

secureli/resources/files/pre-commit/base/terraform-pre-commit.yaml

@@ -0,0 +1,5 @@
+repos:
+  - repo: https://github.com/Yelp/detect-secrets
+    rev: v1.4.0
+    hooks:
+      - id: detect-secrets

secureli/resources/files/pre-commit/base/typescript-pre-commit.yaml

@@ -0,0 +1 @@
+repos:

secureli/resources/files/pre-commit/lint/base-pre-commit.yaml

@@ -0,0 +1 @@
+repos:

secureli/resources/files/pre-commit/lint/csharp-pre-commit.yaml

@@ -0,0 +1,14 @@
+repos:
+  - repo: local
+    hooks:
+      # Note: The dotnet format pre-commit setup combines poorly to be tightly coupled with
+      # a pre-release version of .net that is old and no one has installed. dotnet format has
+      # since become a part of .net! So we can use dotnet format already installed on your
+      # simply. This runs the risk that different folks will run different versions, but
+      # this is better than nothing.
+      # see https://github.com/dotnet/format/issues/1350 and the resolution PR at the bottom.
+      - id: dotnet-format
+        name: dotnet-format
+        language: system
+        entry: dotnet format --include
+        types: ["c#"]

secureli/resources/files/go-pre-commit.yaml → secureli/resources/files/pre-commit/lint/go-pre-commit.yaml

@@ -1,4 +1,4 @@
-  repos:
+repos:
   - repo: https://github.com/golangci/golangci-lint
     rev: v1.53.3
     hooks:

secureli/resources/files/pre-commit/lint/java-pre-commit.yaml

@@ -0,0 +1,5 @@
+repos:
+  - repo: https://github.com/slalombuild/pre-commit-mirror-checkstyle
+    rev: v0.1.1
+    hooks:
+      - id: checkstyle-java

secureli/resources/files/pre-commit/lint/javascript-pre-commit.yaml

@@ -0,0 +1,21 @@
+repos:
+  - repo: https://github.com/pre-commit/mirrors-eslint
+    rev: "v8.42.0"
+    hooks:
+      - id: eslint
+        files: \.[j]sx?$ # *.js and *.jsx
+        types: [file]
+        args: ["--config", ".secureli/javascript.eslintrc.yaml", "--fix"]
+        additional_dependencies:
+          - [email protected]
+          - [email protected]
+          - [email protected]
+  - repo: https://github.com/pre-commit/mirrors-prettier
+    rev: "v2.7.1"
+    hooks:
+      - id: prettier
+        args:
+          - --single-quote
+          - --trailing-comma
+          - all
+        types_or: [css, javascript]

secureli/resources/files/pre-commit/lint/python-pre-commit.yaml

@@ -0,0 +1,5 @@
+repos:
+  - repo: https://github.com/psf/black
+    rev: 22.10.0
+    hooks:
+      - id: black

secureli/resources/files/pre-commit/lint/swift-pre-commit.yaml

@@ -0,0 +1,5 @@
+repos:
+  - repo: https://github.com/realm/SwiftLint
+    rev: 0.52.2
+    hooks:
+      - id: swiftlint

secureli/resources/files/pre-commit/lint/terraform-pre-commit.yaml

@@ -0,0 +1,5 @@
+repos:
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.77.0
+    hooks:
+      - id: terraform_tflint

secureli/resources/files/pre-commit/lint/typescript-pre-commit.yaml

@@ -0,0 +1,23 @@
+repos:
+  - repo: https://github.com/pre-commit/mirrors-eslint
+    rev: "v8.42.0"
+    hooks:
+      - id: eslint
+        files: \.[t]sx?$ # *.ts and *.tsx
+        types: [file]
+        args: ["--config", ".secureli/typescript.eslintrc.yaml", "--fix"]
+        additional_dependencies:
+          - [email protected]
+          - [email protected]
+          - "@typescript-eslint/[email protected]"
+          - "@typescript-eslint/[email protected]"
+          - [email protected]
+          - [email protected]
+  - repo: https://github.com/pre-commit/mirrors-prettier
+    rev: "v2.7.1"
+    hooks:
+      - id: prettier
+        args:
+          - --single-quote
+          - --trailing-comma
+          - all