From 77c1323ae5a3a02825b97284b721d7f6434a7f37 Mon Sep 17 00:00:00 2001 From: Bernd Worsch Date: Sat, 13 Sep 2025 21:58:19 +0000 Subject: [PATCH] fix: Makefile target hooks makes precommit work finally --- .githooks/pre-commit | 0 Makefile | 7 +++++-- secrets/example.enc.txt | 15 --------------- secrets/example.txt | 1 - secrets/test.txt | 1 - secrets/testagain.txt | 1 - 6 files changed, 5 insertions(+), 20 deletions(-) mode change 100644 => 100755 .githooks/pre-commit delete mode 100644 secrets/example.enc.txt delete mode 100644 secrets/example.txt delete mode 100644 secrets/test.txt delete mode 100644 secrets/testagain.txt diff --git a/.githooks/pre-commit b/.githooks/pre-commit old mode 100644 new mode 100755 diff --git a/Makefile b/Makefile index 2f9b25b..6eaee0a 100644 --- a/Makefile +++ b/Makefile @@ -23,9 +23,12 @@ help: ## Show this help grep -E '^[a-zA-Z0-9_-]+:.*?## ' $(MAKEFILE_LIST) | sort | sed 's/:.*##/: /' # ---- Git hooks ---- -hooks: ## Configure git to use repo-local hooks (.githooks) +hooks: ## Configure git to use repo-local hooks (.githooks) and ensure executables + @mkdir -p .githooks git config core.hooksPath .githooks - @echo "✔ hooks enabled (core.hooksPath=.githooks)" + @test -f .githooks/pre-commit || (echo "❌ Missing .githooks/pre-commit"; exit 1) + chmod +x .githooks/pre-commit + @echo "✔ hooks enabled and pre-commit is executable" hooks-test: ## Test secrets hook blocks plaintext in secrets/ @mkdir -p secrets && echo 'PLAINTEXT_TEST=true' > secrets/_hook_test.yaml diff --git a/secrets/example.enc.txt b/secrets/example.enc.txt deleted file mode 100644 index 214df68..0000000 --- a/secrets/example.enc.txt +++ /dev/null @@ -1,15 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:KgBAa9cBWuARxDsXHu/2O86F2g==,iv:XUQZUlVFEO7JHgD7v6uVfB+T18vk82k/aCHZ62HTclE=,tag:2aEUnU16YUCfy1pUxumLVw==,type:str]", - "sops": { - "age": [ - { - "recipient": "age1aq8twfd78wvpra0had8cezcnj96tj4q0068edrz5jez8d6xwmflqdepsh4", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWSnpvZzhTNnZqOENkOVp2\nbG5QbUYvckdjYXFlaXFpbjBGcjNUeW9PRjNZCmkrQjFJdlNKdE1GQWNlSHhYYjd6\nZVQ4M2hRelI2R1dyZnE2dlBRRkcyVjAKLS0tIDRSdmQ4QWt6dlE2bTJHMDlQYS9n\ndCtqMUV2RWJCTmhFaXJkSndnU0FGR3MK4vuIpBDg8LiTEsWC8GpAYYNeNpih+3DC\nPHqb6jZwngIoxm1BI/Bpd3HwaFeznueSQFy4THsV4N8baKqdDj01YQ==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2025-09-13T20:16:58Z", - "mac": "ENC[AES256_GCM,data:09hU95lN4ZCiR6Ag/7Ref/cSfEzLDuEk9OKGQVG9V+rnkSkxlJnOBmAxixP96C7HNIPnamo48oOFzSam107ulzG9aQCfUV4QsT3LtFEBLkrU6r259A/i6/INxAERASGl91MLiO6JhfKoHTlZWx17Vb57Pg2rTef6eBrz708Y4Pc=,iv:9yToNT/XYjlytts9YJM6uASQNBruXc5H1Wqtn9oES7E=,tag:TgD0DN8kQggcmP4S11bXFw==,type:str]", - "unencrypted_suffix": "_unencrypted", - "version": "3.10.2" - } -} diff --git a/secrets/example.txt b/secrets/example.txt deleted file mode 100644 index 343a085..0000000 --- a/secrets/example.txt +++ /dev/null @@ -1 +0,0 @@ -This is as secret! diff --git a/secrets/test.txt b/secrets/test.txt deleted file mode 100644 index ea28018..0000000 --- a/secrets/test.txt +++ /dev/null @@ -1 +0,0 @@ -This should not commit! diff --git a/secrets/testagain.txt b/secrets/testagain.txt deleted file mode 100644 index 0ea089f..0000000 --- a/secrets/testagain.txt +++ /dev/null @@ -1 +0,0 @@ -Another don't accept plaintext in secrets test!