-
Notifications
You must be signed in to change notification settings - Fork 824
/
verify-commit.ts
31 lines (30 loc) · 1.08 KB
/
verify-commit.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
import * as execa from 'execa';
function main(): void {
if (process.env.CIRCLECI) {
console.log('Skipping config verification since this is already running in a CCI environment.');
return;
}
try {
execa.commandSync('which git-secrets');
} catch {
console.error(
"Please install awslabs git-secrets plugin to validate you've not checked in any application secrets. Installation information can be found at https://github.com/awslabs/git-secrets#installing-git-secrets",
);
process.exit(1);
}
execa.commandSync(`git secrets --register-aws`);
const allowedSecrets = ['123456789012', 'undefined'];
const allowed = execa.commandSync('git config --get secrets.allowed').stdout;
allowedSecrets.forEach((allowedSecret) => {
if (!allowed.includes(allowedSecret)) {
execa.commandSync(`git config --add secrets.allowed ${allowedSecret}`);
}
});
try {
execa.commandSync(`git secrets --scan`);
} catch {
console.error(`"git secrets --scan" command failed. Please check your project for application secrets.`);
process.exit(1);
}
}
main();