-
Notifications
You must be signed in to change notification settings - Fork 10
/
install-git-secrets-hook.sh
executable file
·81 lines (68 loc) · 2.38 KB
/
install-git-secrets-hook.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
#!/usr/bin/env bash
VERSION="1.2.1"
BIN_DIRECTORY=$(dirname $(which git))
BIN_PATH="$BIN_DIRECTORY/git-secrets"
DOWNLOAD_URL="https://raw.githubusercontent.com/awslabs/git-secrets/$VERSION/git-secrets"
ME="tools/$(basename "$0")"
install_binaries()
{
wget $DOWNLOAD_URL -O $BIN_PATH
RETCODE=$?
if [ "$RETCODE" -ne "0" ]; then
echo "Please run this script in privileged mode or install git-secrets v. $VERSION manually"
echo "wget $DOWNLOAD_URL -O $BIN_PATH"
echo "chmod a+x $BIN_PATH"
exit 1
fi
chmod a+x $BIN_PATH
}
install_hooks()
{
echo "Checking git-secrets existence in PATH"
git secrets > /dev/null 2>&1
CALL_RESULT=$?
if [ "$CALL_RESULT" -ne "0" ]; then
echo "Install git secrets first"
echo "To do in call (as priveleged user): $0 install_binaries"
exit 1
fi
DIR=$(dirname "$(readlink "$0")")
echo "Working in directory $DIR"
echo "Flushing git-secrets configuration"
git config --remove-section secrets || true
cat "$DIR/.gitforbidden" | while read line
do
if [[ ! "$line" =~ ^#.* ]]; then
echo "Adding forbidden regex pattern: $line"
git secrets --add "$line"
fi
done
cat "$DIR/.gitwhitelisted" | while read line
do
if [[ ! "$line" =~ ^#.* ]]; then
echo "Adding allowed regex pattern: $line"
git secrets --add -a "$line"
fi
done
echo "Adding aws patterns"
git secrets --register-aws
echo "Registering hook"
git secrets --install -f
echo "Git secrets have been configured"
echo "To see the configuration please run: git secrets --list"
echo "Adding to post-checkout & post-merge hooks script invoking of $ME with argument install_hooks"
echo "#!/usr/bin/env bash" > .git/hooks/post-checkout
echo "bash $ME install_hooks || true" >> .git/hooks/post-checkout
chmod a+x .git/hooks/post-checkout
echo "#!/usr/bin/env bash" > .git/hooks/post-merge
echo "bash $ME install_hooks || true" >> .git/hooks/post-merge
chmod a+x .git/hooks/post-merge
}
if [ -z "$1" ]; then
echo "Please run this script with required action."
echo "Actions:"
echo "$0 install_binaries -- to install git secrets binary in system. Should be runned in privileged mode"
echo "$0 install_hooks -- to install git secrets hooks and actual regexpes"
else
$1
fi