feat(git): Use gitleaks in pre-commit git hook

2026-02-04 08:41:43 +05:30 · 2024-12-16 21:40:00 +05:30
parent 4a1715446c
commit cb7053fdce
5 changed files with 30 additions and 1 deletions
--- a/common/.config/shell/aliases.sh
+++ b/common/.config/shell/aliases.sh
@@ -8,6 +8,7 @@ alias type="type -a"
 alias grep='grep --color=auto'
 alias egrep='egrep --color=auto'
 alias fgrep='fgrep --color=auto'
+# shellcheck disable=SC2142
 alias usersearch="awk -F: '{print \"UserName: \" \$1 \", UserID: \" \$3 \", Home Dir: \" \$6 \", Shell Used: \" \$7}' /etc/passwd | grep"
 alias untar='tar -zxvf '

--- a/common/.config/templates/pre-commit
+++ b/common/.config/templates/pre-commit
@@ -0,0 +1,25 @@
+#!/bin/sh
+#
+# An example hook script to verify what is about to be committed.
+# Called by "git commit" with no arguments.  The hook should
+# exit with non-zero status after issuing an appropriate message if
+# it wants to stop the commit.
+#
+# To enable this hook, rename this file to "pre-commit".
+
+# Check if Gitleaks is installed
+if ! command -v gitleaks > /dev/null 2>&1; then
+    echo "Gitleaks is not installed. Skipping leak check."
+    echo "Please install Gitleaks for enhanced security."
+    exit 0
+fi
+
+# Run Gitleaks & check the exit code
+if ! gitleaks protect --staged -v; then
+    echo "Gitleaks has detected potential secrets in your changes."
+    echo "Please remove any sensitive information before committing."
+    exit 1
+fi
+
+# If Gitleaks passes, allow the commit
+exit 0
--- a/common/.profile
+++ b/common/.profile
@@ -37,6 +37,7 @@ ulimit -n 10240
 [ ! -f "${XDG_CONFIG_HOME}/templates/.gitignore" ] || export GITIGNORE_TEMPLATE="${XDG_CONFIG_HOME}/templates/.gitignore"
 [ ! -f "${XDG_CONFIG_HOME}/templates/.prettierrc" ] || export PRETTIER_TEMPLATE="${XDG_CONFIG_HOME}/templates/.prettierrc"
 [ ! -f "${XDG_CONFIG_HOME}/templates/.prettierignore" ] || export PRETTIER_IGNORE_TEMPLATE="${XDG_CONFIG_HOME}/templates/.prettierignore"
+[ ! -f "${XDG_CONFIG_HOME}/templates/pre-commit" ] || export GIT_PRECOMMIT_TEMPLATE="${XDG_CONFIG_HOME}/templates/pre-commit"

 EDITOR=$(command -v nvim 2>/dev/null || command -v vim 2>/dev/null)
 export EDITOR
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -33,7 +33,8 @@ post_install() {
 }

 pre_install() {
-    export INSTALL_LOG_FILE="$(basename "$0")_$(date +"%Y%m%d_%H%M%S")_log.txt"
+    export INSTALL_LOG_FILE
+    INSTALL_LOG_FILE="$(basename "$0")_$(date +"%Y%m%d_%H%M%S")_log.txt"
    echo
    echo "Starting Installation..."
    echo "Use the following command to view the list of software that was NOT installed:"
--- a/scripts/package-list-brew
+++ b/scripts/package-list-brew
@@ -7,6 +7,7 @@ docker
 docker-compose
 fd
 fzf
+gitleaks
 go
 htop
 jq