Skip to content

joevin-slq-docto/remote-hk-hooks

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
custom-package
custom-package
 
 
scripts
scripts
 
 
server
server
 
 
README.md
README.md
 
 
hk.pkl
hk.pkl
 
 
mise.toml
mise.toml
 
 

Repository files navigation

Remote HK Hooks

Development environment for testing remote custom hk hooks. A python script serves pkl packages locally, allowing test package configurations like a remote registry.

Project Structure

.
├── custom-package/       # Custom Pkl package source code
│   ├── Config.pkl
│   └── PklProject
├── scripts/              # Utility scripts
│   └── ggshield.sh
├── server/               # Local HTTPS package server
│   └── server.py
├── target/               # Build output directory
├── hk.pkl                # Hook configuration that imports the custom package
└── mise.toml

Quick Start

1. Generate SSL Certificate as Pkl requires HTTPS

# Generate certificate + private key in one file
openssl req -x509 -newkey rsa:4096 -keyout server/localhost.pem \
  -out server/localhost.pem -days 365 -nodes -subj '/CN=localhost'

# Extract the certificate portion only (without the private key)
openssl x509 -in server/localhost.pem -out server/localhost-cert.pem

2. Configure Pkl to trust self-signed certificate

# Create Pkl CA certificates directory
mkdir -p ~/.pkl/cacerts

# Copy your certificate
cp server/localhost-cert.pem ~/.pkl/cacerts/

# Append system CAs (without this, Pkl can't download public packages)
cat /etc/ssl/certs/ca-certificates.crt >> ~/.pkl/cacerts/localhost-cert.pem

3. Build the Package

cd custom-package/ && pkl project package --output-path ../target --skip-publish-check

Note: Pkl caches packages. You must either:

  • Increment the version (in custom-package/PklProject and then hk.pkl)
  • Clear the cache: rm -rf ~/.pkl/cache && rm -rf ~/.cache/hk/

4. Start the HTTPS server

python3 server/server.py

5. Run hk

mise trust
mise install
hk install
$ hk run pre-commit
hk 1.20.0 by @jdx – pre-commit – check  [==============] 3/3
✔ files - Fetching modified files (13 files)
✔ ggshield
✔ prettier

Limitations

custom-config/Config.pkl successfully overrides the default project configuration to provide an evolutive secret detection mechanism to multiple repositories, however :

  1. Neither hk nor pkl provides a mechanism to pass authentication tokens when fetching packages from private registries.

  2. Pkl packages can include script files (like ggshield.sh if moved to custom-package/), but these scripts cannot be executed because they are trapped in ZIP archives: ~/.pkl/cache/package-2/localhost(3a)8443/[email protected]/[email protected]

Obviously we can:

  • Call commands directly without wrapper scripts: check = "ggshield secret scan pre-commit". But we lose configurability.
  • Commit scripts to each project repository (like here). But it defeats the purpose of centralized configuration.

About

Remote configuration for hk.pkl

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages