Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore: install secret detection on pre-commit hooks
Browse files Browse the repository at this point in the history
Primary Changes
----------------
1. Installed gitleaks for secret detection.
2. This pre-commit checker detects any secrets
or crypto so that it doesn't get pushed to
the github repo.
3. Added script to run install and uninstall
the pre-commit hooks in package.json

Fixes #2290

Signed-off-by: bado <[email protected]>
zondervancalvez authored and petermetz committed Dec 5, 2024

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
1 parent a7d9746 commit f3bb85a
Showing 3 changed files with 15 additions and 3 deletions.
5 changes: 5 additions & 0 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
repos:
- repo: https://github.com/gitleaks/gitleaks
rev: v8.21.2
hooks:
- id: gitleaks
11 changes: 8 additions & 3 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
@@ -170,15 +170,20 @@ To protect the Hyperledger Cacti source code, GitHub pull requests are accepted
git rebase main
# Happy coding !
```
5. Commit changes to your branch.
5. Install the git hook scripts. (This command should only be run once)
```
yarn run tools:install-pre-commit-secret-detection
# Now pre-commit will run automatically on git commit
```
6. Commit changes to your branch.
```
# Commit and push your changes to your fork
git add -A
git commit -s -m "<type>[optional scope]: <description>"
git push origin <newfeature>
```
6. Once you've committed and pushed all of your changes to GitHub, go to the page for your fork on GitHub, select your development branch, and click the pull request button.
7. Repeat step 3 to 6 when you need to prepare posting new pull request.
7. Once you've committed and pushed all of your changes to GitHub, go to the page for your fork on GitHub, select your development branch, and click the pull request button.
8. Repeat step 3 to 7 when you need to prepare posting new pull request.

NOTE: Once you submitted pull request to Cacti repository, step 6 is not necessary when you made further changes with `git commit --amend` since your amends will be sent automatically.

2 changes: 2 additions & 0 deletions package.json
Original file line number Diff line number Diff line change
@@ -33,6 +33,8 @@
"set-yarn-version": "yarn set version stable",
"enable-corepack": "npm i -g corepack && corepack enable && corepack prepare [email protected] --activate",
"custom-checks": "TS_NODE_PROJECT=./tools/tsconfig.json node --trace-deprecation --experimental-modules --abort-on-uncaught-exception --loader ts-node/esm --experimental-specifier-resolution=node ./tools/custom-checks/run-custom-checks.ts",
"tools:install-pre-commit-secret-detection": "pre-commit install && pre-commit autoupdate",
"tools:uninstall-pre-commit-secret-detection": "pre-commit uninstall",
"tools:validate-bundle-names": "TS_NODE_PROJECT=./tools/tsconfig.json node --trace-deprecation --experimental-modules --abort-on-uncaught-exception --loader ts-node/esm --experimental-specifier-resolution=node ./tools/validate-bundle-names.js",
"tools:bump-openapi-spec-dep-versions": "TS_NODE_PROJECT=./tools/tsconfig.json node --trace-deprecation --experimental-modules --abort-on-uncaught-exception --loader ts-node/esm --experimental-specifier-resolution=node ./tools/bump-openapi-spec-dep-versions.ts",
"tools:bundle-open-api-tpl-files": "TS_NODE_PROJECT=./tools/tsconfig.json node --trace-deprecation --experimental-modules --abort-on-uncaught-exception --loader ts-node/esm --experimental-specifier-resolution=node ./tools/bundle-open-api-tpl-files.ts",

0 comments on commit f3bb85a

Please sign in to comment.