eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
kingfisher/install-precommit-hook.sh
Mick Grove d3fbffcb84 Fixed broken windows build script
2025-07-29 10:12:40 -07:00

78 lines
2.3 KiB
Bash
Executable file
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/usr/bin/env bash
#
# Install a Git precommit hook that runs `kingfisher scan`.
#
# --global → install once for all repos via core.hooksPath
# --force → overwrite an existing precommit hook
#
set -euo pipefail
MODE="local"
FORCE=0
while [[ $# -gt 0 ]]; do
case "$1" in
-g|--global) MODE="global" ;;
-f|--force) FORCE=1 ;;
-h|--help)
echo "Usage: $0 [--global] [--force]" && exit 0
;;
*) echo "Unknown flag: $1" >&2; exit 1 ;;
esac
shift
done
if [[ "$MODE" == "local" ]]; then
# ensure we're inside a Git repo
REPO_ROOT=$(git rev-parse --show-toplevel 2>/dev/null) \
|| { echo "Not inside a Git repository" >&2; exit 1; }
HOOK_DIR="$(git rev-parse --git-dir)/hooks"
else
# global: honour existing core.hooksPath or default to ~/.git-hooks
HOOK_DIR=$(git config --global --get core.hooksPath || echo "$HOME/.git-hooks")
mkdir -p "$HOOK_DIR"
# if the user hasnt set core.hooksPath, do it now
if ! git config --global --get core.hooksPath >/dev/null; then
git config --global core.hooksPath "$HOOK_DIR"
echo "Set git config --global core.hooksPath to $HOOK_DIR"
fi
fi
HOOK_PATH="$HOOK_DIR/pre-commit"
if [[ -e "$HOOK_PATH" && $FORCE -eq 0 ]]; then
echo "Error: $HOOK_PATH already exists. Use --force to overwrite." >&2
exit 1
fi
cat >"$HOOK_PATH" <<'HOOK'
#!/usr/bin/env bash
# Git precommit hook to run Kingfisher on staged changes
set -euo pipefail
if ! command -v kingfisher >/dev/null 2>&1; then
echo "kingfisher not found in PATH" >&2
exit 1
fi
git diff --cached --name-only -z | \
xargs -0 --no-run-if-empty kingfisher scan --only-valid --no-update-check
status=$?
# ────────────────────────────────────────────────────────────────
# Treat Kingfisher exitcode 200 as success (map → 0)
# ────────────────────────────────────────────────────────────────
if [[ $status -eq 200 ]]; then
status=0
fi
if [[ $status -ne 0 ]]; then
echo "Kingfisher detected secrets in staged files. Commit aborted." >&2
exit $status
fi
HOOK
chmod +x "$HOOK_PATH"
echo "Precommit hook installed to $HOOK_PATH ($MODE mode)"
View git blame Copy permalink