From 3e64b0a4661bf311d8e0dbbeb7b59af4aa1a7911 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Fri, 21 Oct 2022 17:40:11 +0100 Subject: [PATCH] pre-commit hook can be run without installing git-secrets At present if you want to use the git-secrets pre-commit hook you must first follow the git-secrets installation instructions. In contrast many other pre-commit hooks are designed to be self-contained, they automatically install themselves to a directory controlled by pre-commit when `pre-commit run` is called. This improves the developer experience of projects using this hook, since new developers can just run `pre-commit ...` without any pre-requisite setup. This PR changes the pre-commit hook `entry` to a wrapper script that detects the location of the cloned git-secrets directory, and adds it to `PATH` so `git secrets` can be run without any manual setup. A further benefit is that the version of git-secrets used will match the git revision specified in the `.pre-commit-config.yaml` instead of whatever version the user has installed. --- .pre-commit-hooks.yaml | 2 +- pre-commit-hook-exec.sh | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) create mode 100755 pre-commit-hook-exec.sh diff --git a/.pre-commit-hooks.yaml b/.pre-commit-hooks.yaml index d313836..991ff5b 100644 --- a/.pre-commit-hooks.yaml +++ b/.pre-commit-hooks.yaml @@ -1,5 +1,5 @@ - id: git-secrets name: Git Secrets description: git-secrets scans commits, commit messages, and --no-ff merges to prevent adding secrets into your git repositories. - entry: 'git-secrets --pre_commit_hook' + entry: pre-commit-hook-exec.sh language: script diff --git a/pre-commit-hook-exec.sh b/pre-commit-hook-exec.sh new file mode 100755 index 0000000..89ed79a --- /dev/null +++ b/pre-commit-hook-exec.sh @@ -0,0 +1,11 @@ +#!/usr/bin/env bash +# pre-commit clones the git repo to a cache-directory that it manages. +# The entry script is executed using the absolute path to this cache-directory +# so we can use this to locate the git-secrets script and add it to PATH +# without requiring the user to manually install it. + +set -eu + +PARENTDIR=$(dirname "${BASH_SOURCE}") +export PATH="$PARENTDIR:$PATH" +exec git secrets --pre_commit_hook "$@"