mirror of
https://github.com/kuhyx/testsAndMisc.git
synced 2026-07-04 16:43:05 +02:00
- Move fresh-install/ → scripts/single_use/fresh-install/ - Move hosts/ → scripts/periodic_background/hosts/ - Move i3-configuration/ → scripts/periodic_background/i3-configuration/ - Delete linux_configuration/LaTeX/, nix-poc/, report/ (dead dirs) - Move repo-root scripts/ → meta/scripts/ - Update root .pre-commit-config.yaml: scripts/ → meta/scripts/ (9 entries) - Update run.sh ARTIFACT_INIT_SCRIPT to meta/scripts/ - Update fresh-install/main.sh: hosts/install.sh + i3-configuration/install.sh paths - Update check_python_location.sh: add meta/scripts/ to exception list - Fix midnight flakiness in test_recent_workout_returns_true: use timezone-aware local noon instead of now-1h to avoid SQL date() boundary issues
47 lines
1.4 KiB
Bash
Executable File
47 lines
1.4 KiB
Bash
Executable File
#!/bin/bash
|
|
# Pre-commit hook: check that no staged file contains a secret pattern.
|
|
# Patterns are read from .secret-patterns (one regex per line, # = comment).
|
|
set -euo pipefail
|
|
|
|
PATTERNS_FILE=".secret-patterns"
|
|
|
|
if [ ! -f "$PATTERNS_FILE" ]; then
|
|
# Try finding it relative to the git root
|
|
GIT_ROOT="$(git rev-parse --show-toplevel 2>/dev/null || true)"
|
|
if [ -n "$GIT_ROOT" ] && [ -f "$GIT_ROOT/$PATTERNS_FILE" ]; then
|
|
PATTERNS_FILE="$GIT_ROOT/$PATTERNS_FILE"
|
|
else
|
|
echo "Warning: $PATTERNS_FILE not found, skipping secret check."
|
|
exit 0
|
|
fi
|
|
fi
|
|
|
|
found=0
|
|
# Build a temp file with non-comment, non-empty patterns
|
|
TMPPATTERNS="$(mktemp)"
|
|
trap 'rm -f "$TMPPATTERNS"' EXIT
|
|
grep -v '^\s*#' "$PATTERNS_FILE" | grep -v '^\s*$' > "$TMPPATTERNS"
|
|
|
|
if [ ! -s "$TMPPATTERNS" ]; then
|
|
echo "No secret patterns defined in $PATTERNS_FILE, skipping."
|
|
exit 0
|
|
fi
|
|
|
|
for file in "$@"; do
|
|
# Skip binary files
|
|
if file --brief --mime-encoding "$file" 2>/dev/null | grep -q binary; then
|
|
continue
|
|
fi
|
|
if grep -En -f "$TMPPATTERNS" "$file" 2>/dev/null; then
|
|
echo "^^^ SECRET PATTERN found in: $file"
|
|
found=1
|
|
fi
|
|
done
|
|
|
|
if [ "$found" -eq 1 ]; then
|
|
echo ""
|
|
echo "ERROR: Committed files contain secret patterns from $PATTERNS_FILE"
|
|
echo "Either remove the sensitive data or update $PATTERNS_FILE if this is a false positive."
|
|
exit 1
|
|
fi
|