forked from mirrors/kingfisher
32 lines
790 B
Bash
32 lines
790 B
Bash
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
HOOK_DIR="$(git rev-parse --git-dir)/hooks"
|
|
HOOK_PATH="$HOOK_DIR/pre-commit"
|
|
|
|
if [ -e "$HOOK_PATH" ]; then
|
|
echo "Error: $HOOK_PATH already exists. Move or remove the existing hook to continue." >&2
|
|
exit 1
|
|
fi
|
|
|
|
cat > "$HOOK_PATH" <<'HOOK'
|
|
#!/usr/bin/env bash
|
|
# Pre-commit hook to run Kingfisher scan on staged changes
|
|
set -euo pipefail
|
|
|
|
if ! command -v kingfisher >/dev/null 2>&1; then
|
|
echo "kingfisher not found in PATH" >&2
|
|
exit 1
|
|
fi
|
|
|
|
git diff --cached --name-only -z | \
|
|
xargs -0 --no-run-if-empty kingfisher scan --no-update-check
|
|
status=$?
|
|
if [ "$status" -ne 0 ]; then
|
|
echo "Kingfisher detected secrets in staged files. Commit aborted." >&2
|
|
exit "$status"
|
|
fi
|
|
HOOK
|
|
|
|
chmod +x "$HOOK_PATH"
|
|
echo "Pre-commit hook installed to $HOOK_PATH"
|