Last active
February 4, 2024 14:47
-
-
Save wastrachan/d50615cb3358dc1c55ae37bf8c566f10 to your computer and use it in GitHub Desktop.
Git hooks for a repository with git-secret
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Check for required project dependencies and install | |
| # git hooks bundled with this project | |
| echo "" | |
| echo "Checking dependencies..." | |
| if [ -z "$(command -v git-secret)" ]; then | |
| cat <<\EOF | |
| Error: git-secret is not installed | |
| It is not possible to lock up or reveal secret files. Ensure that git-secret | |
| (https://sobolevn.me/git-secret/) is installed and available on your path. | |
| EOF | |
| exit 1 | |
| fi | |
| if [ -z "$(command -v docker)" ]; then | |
| cat <<\EOF | |
| Error: docker is not installed | |
| Docker is required to run this project. Ensure that docker | |
| (https://www.docker.com/) is installed and available on your path. | |
| EOF | |
| exit 1 | |
| fi | |
| echo "Copying git hooks into .git/hooks..." | |
| HOOK_SOURCE="$(git rev-parse --show-toplevel)/.scripts/git-hooks" | |
| HOOK_DIR="$(git rev-parse --show-toplevel)/.git/hooks" | |
| HOOK_NAMES="pre-commit post-update" | |
| for hook in $HOOK_NAMES; do | |
| rm -rf $HOOK_DIR/$hook | |
| ln -s -f $HOOK_SOURCE/$hook $HOOK_DIR/$hook | |
| done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Git hook to reveal secret files after checkout | |
| # Requires git-secret (https://sobolevn.me/git-secret/) | |
| if [ -z "$(command -v git-secret)" ]; then | |
| cat <<\EOF | |
| Error: git-secret is not installed | |
| It is not possible to lock up or reveal secret files. Ensure that git-secret | |
| (https://sobolevn.me/git-secret/) is installed and available on your path. | |
| EOF | |
| exit 1 | |
| fi | |
| echo "Revealing secret files after checkout" | |
| git-secret reveal -f |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Git hook to prevent a commit if secret files have been changed | |
| # Requires git-secret (https://sobolevn.me/git-secret/) | |
| if [ -z "$(command -v git-secret)" ]; then | |
| cat <<\EOF | |
| Error: git-secret is not installed | |
| It is not possible to lock up or reveal secret files. Ensure that git-secret | |
| (https://sobolevn.me/git-secret/) is installed and available on your path. | |
| EOF | |
| exit 1 | |
| fi | |
| if git-secret changes | grep -q "@@"; then | |
| cat <<\EOF | |
| Error: There are secret files with un-hidden changes. | |
| If you do not hide your secrets, they will not be available to other users. | |
| Hide secrets and try again: | |
| make secrets-hide | |
| If you would like to view the pending changes: | |
| git-secret changes | |
| EOF | |
| exit 1 | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment