49 lines
1.1 KiB
Markdown
49 lines
1.1 KiB
Markdown
# circuitforge-hooks
|
|
|
|
Centralised git hooks for all CircuitForge repos.
|
|
|
|
## What it does
|
|
|
|
- **pre-commit** — scans staged changes for secrets and PII via gitleaks
|
|
- **commit-msg** — enforces conventional commit format
|
|
- **pre-push** — scans full branch history as a safety net before push
|
|
|
|
## Install
|
|
|
|
From any CircuitForge product repo root:
|
|
|
|
```bash
|
|
bash /Library/Development/CircuitForge/circuitforge-hooks/install.sh
|
|
```
|
|
|
|
On Heimdall live deploys (`/devl/<repo>/`), add the same line to the deploy script.
|
|
|
|
## Per-repo allowlists
|
|
|
|
Create `.gitleaks.toml` at the repo root to extend the base config:
|
|
|
|
```toml
|
|
[extend]
|
|
path = "/Library/Development/CircuitForge/circuitforge-hooks/gitleaks.toml"
|
|
|
|
[allowlist]
|
|
regexes = [
|
|
'\d{10}\.html', # example: Craigslist listing IDs
|
|
]
|
|
```
|
|
|
|
## Testing
|
|
|
|
```bash
|
|
bash tests/test_hooks.sh
|
|
```
|
|
|
|
## Requirements
|
|
|
|
- `gitleaks` binary: `sudo apt-get install gitleaks`
|
|
- bash 4+
|
|
|
|
## Adding a new rule
|
|
|
|
Edit `gitleaks.toml`. Follow the pattern of the existing `[[rules]]` blocks.
|
|
Add tests to `tests/test_hooks.sh` covering both the blocked and allowed cases.
|