From cb7053fdce21e14973b9bd9326c85f2679609003 Mon Sep 17 00:00:00 2001 From: Pratik Tripathy Date: Mon, 16 Dec 2024 21:40:00 +0530 Subject: [PATCH] feat(git): Use gitleaks in pre-commit git hook --- common/.config/shell/aliases.sh | 1 + common/.config/templates/pre-commit | 25 +++++++++++++++++++++++++ common/.profile | 1 + scripts/install.sh | 3 ++- scripts/package-list-brew | 1 + 5 files changed, 30 insertions(+), 1 deletion(-) create mode 100755 common/.config/templates/pre-commit diff --git a/common/.config/shell/aliases.sh b/common/.config/shell/aliases.sh index d831359..4552ac9 100644 --- a/common/.config/shell/aliases.sh +++ b/common/.config/shell/aliases.sh @@ -8,6 +8,7 @@ alias type="type -a" alias grep='grep --color=auto' alias egrep='egrep --color=auto' alias fgrep='fgrep --color=auto' +# shellcheck disable=SC2142 alias usersearch="awk -F: '{print \"UserName: \" \$1 \", UserID: \" \$3 \", Home Dir: \" \$6 \", Shell Used: \" \$7}' /etc/passwd | grep" alias untar='tar -zxvf ' diff --git a/common/.config/templates/pre-commit b/common/.config/templates/pre-commit new file mode 100755 index 0000000..69e9e1f --- /dev/null +++ b/common/.config/templates/pre-commit @@ -0,0 +1,25 @@ +#!/bin/sh +# +# An example hook script to verify what is about to be committed. +# Called by "git commit" with no arguments. The hook should +# exit with non-zero status after issuing an appropriate message if +# it wants to stop the commit. +# +# To enable this hook, rename this file to "pre-commit". + +# Check if Gitleaks is installed +if ! command -v gitleaks > /dev/null 2>&1; then + echo "Gitleaks is not installed. Skipping leak check." + echo "Please install Gitleaks for enhanced security." + exit 0 +fi + +# Run Gitleaks & check the exit code +if ! gitleaks protect --staged -v; then + echo "Gitleaks has detected potential secrets in your changes." + echo "Please remove any sensitive information before committing." + exit 1 +fi + +# If Gitleaks passes, allow the commit +exit 0 diff --git a/common/.profile b/common/.profile index 0f74172..9eb6fa3 100644 --- a/common/.profile +++ b/common/.profile @@ -37,6 +37,7 @@ ulimit -n 10240 [ ! -f "${XDG_CONFIG_HOME}/templates/.gitignore" ] || export GITIGNORE_TEMPLATE="${XDG_CONFIG_HOME}/templates/.gitignore" [ ! -f "${XDG_CONFIG_HOME}/templates/.prettierrc" ] || export PRETTIER_TEMPLATE="${XDG_CONFIG_HOME}/templates/.prettierrc" [ ! -f "${XDG_CONFIG_HOME}/templates/.prettierignore" ] || export PRETTIER_IGNORE_TEMPLATE="${XDG_CONFIG_HOME}/templates/.prettierignore" +[ ! -f "${XDG_CONFIG_HOME}/templates/pre-commit" ] || export GIT_PRECOMMIT_TEMPLATE="${XDG_CONFIG_HOME}/templates/pre-commit" EDITOR=$(command -v nvim 2>/dev/null || command -v vim 2>/dev/null) export EDITOR diff --git a/scripts/install.sh b/scripts/install.sh index fec1a2b..668ef8c 100755 --- a/scripts/install.sh +++ b/scripts/install.sh @@ -33,7 +33,8 @@ post_install() { } pre_install() { - export INSTALL_LOG_FILE="$(basename "$0")_$(date +"%Y%m%d_%H%M%S")_log.txt" + export INSTALL_LOG_FILE + INSTALL_LOG_FILE="$(basename "$0")_$(date +"%Y%m%d_%H%M%S")_log.txt" echo echo "Starting Installation..." echo "Use the following command to view the list of software that was NOT installed:" diff --git a/scripts/package-list-brew b/scripts/package-list-brew index 735f45e..d5c8858 100644 --- a/scripts/package-list-brew +++ b/scripts/package-list-brew @@ -7,6 +7,7 @@ docker docker-compose fd fzf +gitleaks go htop jq