run some lint and security check before pushing code
This commit is contained in:
Executable
+30
@@ -0,0 +1,30 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# Pre-commit hook that runs rubocop on staged Ruby files
|
||||||
|
|
||||||
|
echo "Running rubocop on staged files..."
|
||||||
|
|
||||||
|
# Get list of staged Ruby files
|
||||||
|
STAGED_FILES=$(git diff --cached --name-only --diff-filter=ACM | grep -E '\.rb$|\.rake$')
|
||||||
|
|
||||||
|
# If no Ruby files are staged, exit successfully
|
||||||
|
if [ -z "$STAGED_FILES" ]; then
|
||||||
|
echo "No Ruby files staged, skipping rubocop."
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Run rubocop on staged files
|
||||||
|
echo "$STAGED_FILES" | xargs bundle exec rubocop --force-exclusion
|
||||||
|
|
||||||
|
RUBOCOP_EXIT=$?
|
||||||
|
|
||||||
|
# If rubocop failed, prevent commit
|
||||||
|
if [ $RUBOCOP_EXIT -ne 0 ]; then
|
||||||
|
echo ""
|
||||||
|
echo "❌ Rubocop found issues. Please fix them before committing."
|
||||||
|
echo " You can run 'bundle exec rubocop -A' to auto-fix some issues."
|
||||||
|
echo " To skip this hook, use 'git commit --no-verify'"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "✅ Rubocop passed!"
|
||||||
|
exit 0
|
||||||
Executable
+42
@@ -0,0 +1,42 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# Pre-push hook that runs security scans (brakeman + bundler-audit)
|
||||||
|
|
||||||
|
echo "Running security scans..."
|
||||||
|
echo ""
|
||||||
|
|
||||||
|
# Run brakeman
|
||||||
|
echo "🔍 Running brakeman..."
|
||||||
|
bundle exec brakeman --no-pager --quiet
|
||||||
|
|
||||||
|
BRAKEMAN_EXIT=$?
|
||||||
|
|
||||||
|
if [ $BRAKEMAN_EXIT -ne 0 ]; then
|
||||||
|
echo ""
|
||||||
|
echo "❌ Brakeman found security issues."
|
||||||
|
echo " Run 'bundle exec brakeman' for detailed output."
|
||||||
|
echo ""
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Run bundler-audit
|
||||||
|
echo "🔍 Running bundler-audit..."
|
||||||
|
bundle exec bundler-audit check --update
|
||||||
|
|
||||||
|
BUNDLER_AUDIT_EXIT=$?
|
||||||
|
|
||||||
|
if [ $BUNDLER_AUDIT_EXIT -ne 0 ]; then
|
||||||
|
echo ""
|
||||||
|
echo "❌ Bundler-audit found vulnerable dependencies."
|
||||||
|
echo " Run 'bundle exec bundler-audit check' for detailed output."
|
||||||
|
echo ""
|
||||||
|
fi
|
||||||
|
|
||||||
|
# If either scan failed, prevent push
|
||||||
|
if [ $BRAKEMAN_EXIT -ne 0 ] || [ $BUNDLER_AUDIT_EXIT -ne 0 ]; then
|
||||||
|
echo "❌ Security scans failed. Please fix the issues before pushing."
|
||||||
|
echo " To skip this hook, use 'git push --no-verify'"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo ""
|
||||||
|
echo "✅ All security scans passed!"
|
||||||
|
exit 0
|
||||||
@@ -0,0 +1,16 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# Setup script to install git hooks via symlinks
|
||||||
|
|
||||||
|
echo "Installing git hooks..."
|
||||||
|
|
||||||
|
# Create symlinks from .git/hooks to docs/hooks
|
||||||
|
ln -sf ../../docs/hooks/pre-commit .git/hooks/pre-commit
|
||||||
|
ln -sf ../../docs/hooks/pre-push .git/hooks/pre-push
|
||||||
|
|
||||||
|
echo "✅ Git hooks installed successfully!"
|
||||||
|
echo ""
|
||||||
|
echo "Installed hooks (via symlinks):"
|
||||||
|
echo " • pre-commit: Runs rubocop on staged files"
|
||||||
|
echo " • pre-push: Runs brakeman + bundler-audit security scans"
|
||||||
|
echo ""
|
||||||
|
echo "See docs/GIT_HOOKS.md for more information."
|
||||||
Reference in New Issue
Block a user