chore: pre-commit secrets scanner #1170
Conversation
vuhuucuong
changed the title
auto-assign
bot
requested review from
ant066,
nphivu414,
phmngocnghia,
duong-se,
trankhacvy and
willmcvay
scripts/utils/git-secrets.js
Outdated
| const { error: errorAddProvider, stdout: stdoutAddProvider, stderr: stderrAddProvider } = shell.exec( | ||
| `git secrets --add-provider -- git secrets --aws-provider ${TEMP_CRED_FILE}`, | ||
| { | ||
| stdio: 'inherit', | ||
| }, | ||
| ) | ||
| if (errorAddProvider) throw errorAddProvider | ||
| if (stderrAddProvider) throw stderrAddProvider | ||
| console.log('Added AWS provider\n', stdoutAddProvider) | ||
|
|
||
| // scan for secrets | ||
| const { error: errorScan, stdout: stdoutScan, stderr: stderrScan } = shell.exec('git secrets --scan --cached', { | ||
| stdio: 'inherit', | ||
| }) | ||
| if (errorScan) throw errorScan | ||
| if (stderrScan) throw stderrScan | ||
| console.log('No secrets found in staged files!\n', stdoutScan) |
There was a problem hiding this comment.
I tried to chain these two commands using &&, but it doesn't work as expected, need to separate into two commands
chore: update comment
vuhuucuong
force-pushed
the
chore/precommit-secrets-scanner
branch
from
017fd7f to
eb65b84
Compare
| removeTempCredFile() | ||
| } catch (err) { | ||
| console.error(err) | ||
| removeTempCredFile() |
There was a problem hiding this comment.
I thinks this part could result unhandled error if unlinksync is fail to execute and throws error
LGTM. Nice 👍
There was a problem hiding this comment.
Yes if it throws an error, then just let it does, the script will auto exit with an error code.
If all things go well, then no error is returned.
@tanphamhaiduong I've already checked both authentication mechanisms. If you use bash profile, it means you're exporting Just updated comment on that function to avoid confusing |
Add pre-commit hook to scan for secrets before commit
FLOW:
~/.aws/credentialsgit secrets --scan