Skip to content

Commit

Permalink
chore: install secret detection on pre-commit hooks
Browse files Browse the repository at this point in the history
Primary Changes
----------------
1. Installed gitleaks for secret detection.
2. This pre-commit checker detects any secrets
or crypto so that it doesn't get pushed to
the github repo.
3. Added script to run install and uninstall
the pre-commit hooks in package.json

Fixes #2290

Signed-off-by: bado <zondervan.v.calvez@accenture.com>
  • Loading branch information
zondervancalvez authored and petermetz committed Dec 5, 2024
1 parent a7d9746 commit d0b9d23
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 3 deletions.
5 changes: 5 additions & 0 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
repos:
- repo: https://github.com/gitleaks/gitleaks
rev: v8.21.2
hooks:
- id: gitleaks
11 changes: 8 additions & 3 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -170,15 +170,20 @@ To protect the Hyperledger Cacti source code, GitHub pull requests are accepted
git rebase main
# Happy coding !
```
5. Commit changes to your branch.
5. Install the git hook scripts. (This command should only be run once)
```
yarn run tools:install-pre-commit-secret-detection
# Now pre-commit will run automatically on git commit
```
6. Commit changes to your branch.
```
# Commit and push your changes to your fork
git add -A
git commit -s -m "<type>[optional scope]: <description>"
git push origin <newfeature>
```
6. Once you've committed and pushed all of your changes to GitHub, go to the page for your fork on GitHub, select your development branch, and click the pull request button.
7. Repeat step 3 to 6 when you need to prepare posting new pull request.
7. Once you've committed and pushed all of your changes to GitHub, go to the page for your fork on GitHub, select your development branch, and click the pull request button.
8. Repeat step 3 to 7 when you need to prepare posting new pull request.

NOTE: Once you submitted pull request to Cacti repository, step 6 is not necessary when you made further changes with `git commit --amend` since your amends will be sent automatically.

Expand Down
2 changes: 2 additions & 0 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,8 @@
"set-yarn-version": "yarn set version stable",
"enable-corepack": "npm i -g corepack && corepack enable && corepack prepare yarn@4.3.1 --activate",
"custom-checks": "TS_NODE_PROJECT=./tools/tsconfig.json node --trace-deprecation --experimental-modules --abort-on-uncaught-exception --loader ts-node/esm --experimental-specifier-resolution=node ./tools/custom-checks/run-custom-checks.ts",
"tools:install-pre-commit-secret-detection": "pre-commit install && pre-commit autoupdate",
"tools:uninstall-pre-commit-secret-detection": "pre-commit uninstall",
"tools:validate-bundle-names": "TS_NODE_PROJECT=./tools/tsconfig.json node --trace-deprecation --experimental-modules --abort-on-uncaught-exception --loader ts-node/esm --experimental-specifier-resolution=node ./tools/validate-bundle-names.js",
"tools:bump-openapi-spec-dep-versions": "TS_NODE_PROJECT=./tools/tsconfig.json node --trace-deprecation --experimental-modules --abort-on-uncaught-exception --loader ts-node/esm --experimental-specifier-resolution=node ./tools/bump-openapi-spec-dep-versions.ts",
"tools:bundle-open-api-tpl-files": "TS_NODE_PROJECT=./tools/tsconfig.json node --trace-deprecation --experimental-modules --abort-on-uncaught-exception --loader ts-node/esm --experimental-specifier-resolution=node ./tools/bundle-open-api-tpl-files.ts",
Expand Down

0 comments on commit d0b9d23

Please sign in to comment.