From 713546e8bd9d1a697fb15b3daf55a32a537d7044 Mon Sep 17 00:00:00 2001
From: Frantisek Hrbata <frantisek.hrbata@espressif.com>
Date: Tue, 2 Jan 2024 09:35:37 +0100
Subject: [PATCH] ci: add sbom validation using pre-commit's post-commit stage

With 09ba070b7e7a ("fix: allow to use older pre-commit hook version")
and b93cc581a5d6 ("fix: set default pre-commit hook stages to pre-commit..")
we set the default pre-commit hook stage to commit/pre-commit, which avoids
running the pre-commit plugins/hooks multiple times for different stages.
Unfortunately this also affects "pre-commit run" used in CI and
now it runs only plugins which are by default using the
commit/pre-commit stage. Meaning the sbom validation, which uses
post-commit, is not run at all. This adds an explicit pre-commit command
for validate-sbom-manifest plugin, which needs to be started in
post-commit stage.

Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
---
 .gitlab/ci/pre_check.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitlab/ci/pre_check.yml b/.gitlab/ci/pre_check.yml
index 78892a5cdf..fe19bad39b 100644
--- a/.gitlab/ci/pre_check.yml
+++ b/.gitlab/ci/pre_check.yml
@@ -15,6 +15,7 @@ check_pre_commit:
   script:
     - fetch_submodules
     - pre-commit run --files $MODIFIED_FILES
+    - pre-commit run --hook-stage post-commit validate-sbom-manifest
 
 check_MR_style_dangerjs:
   extends: