From 8ec8f1585776db1a519b5ef2941cdaa54ba35ddc Mon Sep 17 00:00:00 2001 From: Runar Ingebrigtsen Date: Sat, 31 Jan 2026 11:49:25 +0100 Subject: [PATCH] run some lint and security check before pushing code --- docs/hooks/pre-commit | 30 ++++++++++++++++++++++++++++++ docs/hooks/pre-push | 42 ++++++++++++++++++++++++++++++++++++++++++ script/setup-hooks.sh | 16 ++++++++++++++++ 3 files changed, 88 insertions(+) create mode 100755 docs/hooks/pre-commit create mode 100755 docs/hooks/pre-push create mode 100644 script/setup-hooks.sh diff --git a/docs/hooks/pre-commit b/docs/hooks/pre-commit new file mode 100755 index 0000000..363c7a6 --- /dev/null +++ b/docs/hooks/pre-commit @@ -0,0 +1,30 @@ +#!/bin/bash +# Pre-commit hook that runs rubocop on staged Ruby files + +echo "Running rubocop on staged files..." + +# Get list of staged Ruby files +STAGED_FILES=$(git diff --cached --name-only --diff-filter=ACM | grep -E '\.rb$|\.rake$') + +# If no Ruby files are staged, exit successfully +if [ -z "$STAGED_FILES" ]; then + echo "No Ruby files staged, skipping rubocop." + exit 0 +fi + +# Run rubocop on staged files +echo "$STAGED_FILES" | xargs bundle exec rubocop --force-exclusion + +RUBOCOP_EXIT=$? + +# If rubocop failed, prevent commit +if [ $RUBOCOP_EXIT -ne 0 ]; then + echo "" + echo "❌ Rubocop found issues. Please fix them before committing." + echo " You can run 'bundle exec rubocop -A' to auto-fix some issues." + echo " To skip this hook, use 'git commit --no-verify'" + exit 1 +fi + +echo "✅ Rubocop passed!" +exit 0 diff --git a/docs/hooks/pre-push b/docs/hooks/pre-push new file mode 100755 index 0000000..73c9130 --- /dev/null +++ b/docs/hooks/pre-push @@ -0,0 +1,42 @@ +#!/bin/bash +# Pre-push hook that runs security scans (brakeman + bundler-audit) + +echo "Running security scans..." +echo "" + +# Run brakeman +echo "🔍 Running brakeman..." +bundle exec brakeman --no-pager --quiet + +BRAKEMAN_EXIT=$? + +if [ $BRAKEMAN_EXIT -ne 0 ]; then + echo "" + echo "❌ Brakeman found security issues." + echo " Run 'bundle exec brakeman' for detailed output." + echo "" +fi + +# Run bundler-audit +echo "🔍 Running bundler-audit..." +bundle exec bundler-audit check --update + +BUNDLER_AUDIT_EXIT=$? + +if [ $BUNDLER_AUDIT_EXIT -ne 0 ]; then + echo "" + echo "❌ Bundler-audit found vulnerable dependencies." + echo " Run 'bundle exec bundler-audit check' for detailed output." + echo "" +fi + +# If either scan failed, prevent push +if [ $BRAKEMAN_EXIT -ne 0 ] || [ $BUNDLER_AUDIT_EXIT -ne 0 ]; then + echo "❌ Security scans failed. Please fix the issues before pushing." + echo " To skip this hook, use 'git push --no-verify'" + exit 1 +fi + +echo "" +echo "✅ All security scans passed!" +exit 0 diff --git a/script/setup-hooks.sh b/script/setup-hooks.sh new file mode 100644 index 0000000..4cafd45 --- /dev/null +++ b/script/setup-hooks.sh @@ -0,0 +1,16 @@ +#!/bin/bash +# Setup script to install git hooks via symlinks + +echo "Installing git hooks..." + +# Create symlinks from .git/hooks to docs/hooks +ln -sf ../../docs/hooks/pre-commit .git/hooks/pre-commit +ln -sf ../../docs/hooks/pre-push .git/hooks/pre-push + +echo "✅ Git hooks installed successfully!" +echo "" +echo "Installed hooks (via symlinks):" +echo " • pre-commit: Runs rubocop on staged files" +echo " • pre-push: Runs brakeman + bundler-audit security scans" +echo "" +echo "See docs/GIT_HOOKS.md for more information."