testsAndMisc/meta/scripts/check_no_secrets.sh
Krzysztof kuhy Rudnicki db6276b3ff refactor(linux_configuration): move remaining dirs + scripts/ to meta/
- Move fresh-install/ → scripts/single_use/fresh-install/
- Move hosts/ → scripts/periodic_background/hosts/
- Move i3-configuration/ → scripts/periodic_background/i3-configuration/
- Delete linux_configuration/LaTeX/, nix-poc/, report/ (dead dirs)
- Move repo-root scripts/ → meta/scripts/
- Update root .pre-commit-config.yaml: scripts/ → meta/scripts/ (9 entries)
- Update run.sh ARTIFACT_INIT_SCRIPT to meta/scripts/
- Update fresh-install/main.sh: hosts/install.sh + i3-configuration/install.sh paths
- Update check_python_location.sh: add meta/scripts/ to exception list
- Fix midnight flakiness in test_recent_workout_returns_true: use timezone-aware
  local noon instead of now-1h to avoid SQL date() boundary issues
2026-05-15 00:53:01 +02:00

47 lines
1.4 KiB
Bash
Executable File

#!/bin/bash
# Pre-commit hook: check that no staged file contains a secret pattern.
# Patterns are read from .secret-patterns (one regex per line, # = comment).
set -euo pipefail
PATTERNS_FILE=".secret-patterns"
if [ ! -f "$PATTERNS_FILE" ]; then
# Try finding it relative to the git root
GIT_ROOT="$(git rev-parse --show-toplevel 2>/dev/null || true)"
if [ -n "$GIT_ROOT" ] && [ -f "$GIT_ROOT/$PATTERNS_FILE" ]; then
PATTERNS_FILE="$GIT_ROOT/$PATTERNS_FILE"
else
echo "Warning: $PATTERNS_FILE not found, skipping secret check."
exit 0
fi
fi
found=0
# Build a temp file with non-comment, non-empty patterns
TMPPATTERNS="$(mktemp)"
trap 'rm -f "$TMPPATTERNS"' EXIT
grep -v '^\s*#' "$PATTERNS_FILE" | grep -v '^\s*$' > "$TMPPATTERNS"
if [ ! -s "$TMPPATTERNS" ]; then
echo "No secret patterns defined in $PATTERNS_FILE, skipping."
exit 0
fi
for file in "$@"; do
# Skip binary files
if file --brief --mime-encoding "$file" 2>/dev/null | grep -q binary; then
continue
fi
if grep -En -f "$TMPPATTERNS" "$file" 2>/dev/null; then
echo "^^^ SECRET PATTERN found in: $file"
found=1
fi
done
if [ "$found" -eq 1 ]; then
echo ""
echo "ERROR: Committed files contain secret patterns from $PATTERNS_FILE"
echo "Either remove the sensitive data or update $PATTERNS_FILE if this is a false positive."
exit 1
fi