.gitlab-ci.yml

 ---
 include:
-  - project: shore/ci-templates
+  - project: shore/ci-stuff
     file: templates/pre-commit.yml
-  - project: shore/ci-templates
+  - project: shore/ci-stuff
     file: templates/docker.yml
 
 stages:
@@ -10,7 +10,7 @@ stages:
   - build
   - deploy
 
-build:
+docker-build:
   extends: .docker-build-shore
 
 push:

.pre-commit-config.yaml

 ---
 repos:
-  - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v3.4.0
+  - repo: https://github.com/pre-commit/pre-commit-hooks.git
+    rev: v4.3.0
     hooks:
-      - id: check-executables-have-shebangs
       - id: check-merge-conflict
-      - id: check-toml
-        files: Pipfile
+      - id: check-yaml
+      - id: detect-private-key
+      - id: end-of-file-fixer
       - id: trailing-whitespace
+        exclude: \.diff$
 
-  - repo: https://github.com/Yelp/detect-secrets
-    rev: v0.14.3
+  - repo: https://github.com/codespell-project/codespell.git
+    rev: v2.1.0
     hooks:
-      - id: detect-secrets
+      - id: codespell
 
-  - repo: https://github.com/adrienverge/yamllint
-    rev: v1.25.0
+  - repo: https://github.com/Yelp/detect-secrets.git
+    rev: v1.2.0
     hooks:
-      - id: yamllint
+      - id: detect-secrets
 
-  - repo: https://github.com/amperser/proselint/
+  - repo: https://github.com/amperser/proselint.git
     rev: 0.10.2
     hooks:
       - id: proselint
         types: [plain-text]
         exclude: LICENSE
 
-  - repo: https://github.com/ambv/black
-    rev: 20.8b1
+  - repo: https://gitlab.com/devopshq/gitlab-ci-linter.git
+    rev: v1.0.3
+    hooks:
+      - id: gitlab-ci-linter
+        args:
+          - "--server"
+          - https://git.shore.co.il
+
+  - repo: https://git.shore.co.il/nimrod/yamltool.git
+    rev: v0.1.2
+    hooks:
+      - id: yamltool
+
+  - repo: https://github.com/adrienverge/yamllint.git
+    rev: v1.27.1
+    hooks:
+      - id: yamllint
+
+  - repo: https://github.com/executablebooks/mdformat.git
+    rev: 0.7.14
+    hooks:
+      - id: mdformat
+
+  - repo: https://github.com/AleksaC/hadolint-py.git
+    rev: v2.10.0
+    hooks:
+      - id: hadolint
+
+  - repo: https://github.com/ambv/black.git
+    rev: 22.6.0
     hooks:
       - id: black
         args:
           - |
             --line-length=79
 
-  - repo: https://github.com/PyCQA/prospector
-    rev: 1.3.1
+  - repo: https://github.com/PyCQA/isort
+    rev: 5.10.1
+    hooks:
+      - id: isort
+        args: ["--filter-files", "--profile", "black"]
+
+  - repo: https://github.com/PyCQA/prospector.git
+    rev: 1.7.7
     hooks:
       - id: prospector
         args:
@@ -62,7 +97,7 @@ repos:
           - pyroma
 
   - repo: https://gitlab.com/pycqa/flake8.git
-    rev: 3.8.4
+    rev: 3.9.2
     hooks:
       - id: flake8
         args:
@@ -70,13 +105,29 @@ repos:
             --doctests
         additional_dependencies:
           - flake8-bugbear
+          - flake8-builtins
+          - flake8-comprehensions
+          - flake8-loopy
+          - flake8-pie
+          - flake8-tuple
+          - flake8-warnings
 
-  - repo: https://github.com/executablebooks/mdformat.git
-    rev: 0.5.3
+  - repo: https://github.com/Lucas-C/pre-commit-hooks-safety.git
+    rev: v1.3.0
     hooks:
-      - id: mdformat
+      - id: python-safety-dependencies-check
 
-  - repo: https://git.shore.co.il/nimrod/docker-pre-commit.git/
-    rev: v0.3.0
+  - repo: https://github.com/asottile/pyupgrade.git
+    rev: v2.37.1
     hooks:
-      - id: hadolint
+      - id: pyupgrade
+
+  - repo: https://github.com/hadialqattan/pycln.git
+    rev: v2.0.2
+    hooks:
+      - id: pycln
+
+  - repo: https://github.com/PyCQA/docformatter.git
+    rev: v1.4
+    hooks:
+      - id: docformatter

Dockerfile

-FROM registry.hub.docker.com/library/python:3.9-slim-buster as wheels
+FROM docker.io/library/python:3.10-slim-bullseye as wheels
 # hadolint ignore=DL3008,DL3015
 RUN apt-get update && \
     DEBIAN_FRONTEND=noninteractive apt-get install -y \
@@ -9,9 +9,10 @@ RUN apt-get update && \
     ;
 WORKDIR /wheels
 RUN python3 -m pip wheel https://github.com/python-ldap/python-ldap/releases/download/python-ldap-3.3.1/python-ldap-3.3.1.tar.gz
+# hadolint ignore=DL3059
 RUN python3 -m pip wheel git+https://github.com/adarnimrod/flask-simpleldap.git@ldapi-support#egg=flask-simpleldap
 
-FROM registry.hub.docker.com/library/python:3.9-slim-buster
+FROM docker.io/library/python:3.10-slim-bullseye
 # hadolint ignore=DL3008
 RUN apt-get update && \
     DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
@@ -21,6 +22,7 @@ RUN apt-get update && \
     && \
     rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/*
 COPY --from=wheels /wheels/*.whl /wheels/
+# hadolint ignore=DL3042
 RUN pip install /wheels/*.whl
 WORKDIR /app
 COPY requirements.txt ./

README.md

@@ -2,7 +2,7 @@
 
 [![pipeline status](https://git.shore.co.il/shore/ldap-auth/badges/master/pipeline.svg)](https://git.shore.co.il/shore/ldap-auth/-/commits/master)
 
-LDAP authentication webserver to use with Nginx' auth\_request. See this [blog
+LDAP authentication webserver to use with Nginx' auth_request. See this [blog
 post](https://www.shore.co.il/blog/ldap-auth/) for further explanation.
 
 ## Configuration

app.py

@@ -2,6 +2,7 @@
 # pylint: disable=import-error
 
 import os
+
 from flask import Flask
 from flask_simpleldap import LDAP
 
@@ -44,6 +45,7 @@ def ping():
 @app.route("/validate")
 @ldap.basic_auth_required
 def login():
+    """Login to the app, requires LDAP authentication."""
     return "OK"