pre-commit hook can be run without installing git-secrets #225
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
At present if you want to use the git-secrets pre-commit hook you must first follow the git-secrets installation instructions. In contrast many other pre-commit hooks are designed to be self-contained, they automatically install themselves to a directory controlled by pre-commit when `pre-commit run` is called. This improves the developer experience of projects using this hook, since new developers can just run `pre-commit ...` without any pre-requisite setup. This PR changes the pre-commit hook `entry` to a wrapper script that detects the location of the cloned git-secrets directory, and adds it to `PATH` so `git secrets` can be run without any manual setup. A further benefit is that the version of git-secrets used will match the git revision specified in the `.pre-commit-config.yaml` instead of whatever version the user has installed.
dilip640
approved these changes
Dec 1, 2022
sparr
reviewed
Jun 20, 2023
| @@ -1,5 +1,5 @@ | |||
| - id: git-secrets | |||
| name: Git Secrets | |||
| description: git-secrets scans commits, commit messages, and --no-ff merges to prevent adding secrets into your git repositories. | |||
| entry: 'git-secrets --pre_commit_hook' | |||
| entry: pre-commit-hook-exec.sh | |||
There was a problem hiding this comment.
Could we instead just do entry: './git-secrets --pre-commit-hook' (possibly even minus the quotes)?
I am not too familiar with pre-commit so I understand I might be missing some context here.
That said, your solution may also be preferable if your use of git secrets causes existing git configuration to be honored in a way that directly calling the git-secrets script does not.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue #, if available: -
Description of changes:
At present if you want to use the git-secrets pre-commit hook you must first follow the git-secrets installation instructions. In contrast many other pre-commit hooks are designed to be self-contained, they automatically install themselves to a directory controlled by pre-commit when
pre-commit runis called. This improves the developer experience of projects using this hook, since new developers can just runpre-commit ...without any pre-requisite setup.This PR changes the pre-commit hook
entryto a wrapper script that detects the location of the cloned git-secrets directory, and adds it toPATHsogit secretscan be run without any manual setup.A further benefit is that the version of git-secrets used will match the git revision specified in the
.pre-commit-config.yamlinstead of whatever version the user has installed.By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.