run some lint and security check before pushing code
This commit is contained in:
Executable
+30
@@ -0,0 +1,30 @@
|
||||
#!/bin/bash
|
||||
# Pre-commit hook that runs rubocop on staged Ruby files
|
||||
|
||||
echo "Running rubocop on staged files..."
|
||||
|
||||
# Get list of staged Ruby files
|
||||
STAGED_FILES=$(git diff --cached --name-only --diff-filter=ACM | grep -E '\.rb$|\.rake$')
|
||||
|
||||
# If no Ruby files are staged, exit successfully
|
||||
if [ -z "$STAGED_FILES" ]; then
|
||||
echo "No Ruby files staged, skipping rubocop."
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Run rubocop on staged files
|
||||
echo "$STAGED_FILES" | xargs bundle exec rubocop --force-exclusion
|
||||
|
||||
RUBOCOP_EXIT=$?
|
||||
|
||||
# If rubocop failed, prevent commit
|
||||
if [ $RUBOCOP_EXIT -ne 0 ]; then
|
||||
echo ""
|
||||
echo "❌ Rubocop found issues. Please fix them before committing."
|
||||
echo " You can run 'bundle exec rubocop -A' to auto-fix some issues."
|
||||
echo " To skip this hook, use 'git commit --no-verify'"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "✅ Rubocop passed!"
|
||||
exit 0
|
||||
Executable
+42
@@ -0,0 +1,42 @@
|
||||
#!/bin/bash
|
||||
# Pre-push hook that runs security scans (brakeman + bundler-audit)
|
||||
|
||||
echo "Running security scans..."
|
||||
echo ""
|
||||
|
||||
# Run brakeman
|
||||
echo "🔍 Running brakeman..."
|
||||
bundle exec brakeman --no-pager --quiet
|
||||
|
||||
BRAKEMAN_EXIT=$?
|
||||
|
||||
if [ $BRAKEMAN_EXIT -ne 0 ]; then
|
||||
echo ""
|
||||
echo "❌ Brakeman found security issues."
|
||||
echo " Run 'bundle exec brakeman' for detailed output."
|
||||
echo ""
|
||||
fi
|
||||
|
||||
# Run bundler-audit
|
||||
echo "🔍 Running bundler-audit..."
|
||||
bundle exec bundler-audit check --update
|
||||
|
||||
BUNDLER_AUDIT_EXIT=$?
|
||||
|
||||
if [ $BUNDLER_AUDIT_EXIT -ne 0 ]; then
|
||||
echo ""
|
||||
echo "❌ Bundler-audit found vulnerable dependencies."
|
||||
echo " Run 'bundle exec bundler-audit check' for detailed output."
|
||||
echo ""
|
||||
fi
|
||||
|
||||
# If either scan failed, prevent push
|
||||
if [ $BRAKEMAN_EXIT -ne 0 ] || [ $BUNDLER_AUDIT_EXIT -ne 0 ]; then
|
||||
echo "❌ Security scans failed. Please fix the issues before pushing."
|
||||
echo " To skip this hook, use 'git push --no-verify'"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "✅ All security scans passed!"
|
||||
exit 0
|
||||
@@ -0,0 +1,16 @@
|
||||
#!/bin/bash
|
||||
# Setup script to install git hooks via symlinks
|
||||
|
||||
echo "Installing git hooks..."
|
||||
|
||||
# Create symlinks from .git/hooks to docs/hooks
|
||||
ln -sf ../../docs/hooks/pre-commit .git/hooks/pre-commit
|
||||
ln -sf ../../docs/hooks/pre-push .git/hooks/pre-push
|
||||
|
||||
echo "✅ Git hooks installed successfully!"
|
||||
echo ""
|
||||
echo "Installed hooks (via symlinks):"
|
||||
echo " • pre-commit: Runs rubocop on staged files"
|
||||
echo " • pre-push: Runs brakeman + bundler-audit security scans"
|
||||
echo ""
|
||||
echo "See docs/GIT_HOOKS.md for more information."
|
||||
Reference in New Issue
Block a user