diff --git a/bin/pre-commit b/bin/pre-commit new file mode 100755 index 000000000..d25aaa059 --- /dev/null +++ b/bin/pre-commit @@ -0,0 +1,28 @@ +#!/usr/bin/env bash + +staged_files=$(git diff --cached --name-only --diff-filter=d) +staged_rb_files=$(echo "$staged_files" | grep '\.rb$' || true) + +# Check for debug statements +if [ -n "$staged_rb_files" ]; then + if echo "$staged_rb_files" | xargs grep -n 'binding\.pry\|binding\.irb\|byebug\|debugger' 2>/dev/null; then + echo "ERROR: Debug statements found in staged files. Remove them before committing." + exit 1 + fi +fi + +# Check for merge conflict markers +if [ -n "$staged_files" ]; then + if echo "$staged_files" | xargs grep -n '<<<<<<<\|>>>>>>>\|=======' 2>/dev/null; then + echo "ERROR: Merge conflict markers found in staged files. Resolve them before committing." + exit 1 + fi +fi + +# Check for secrets/env files (allow .env.example) +if echo "$staged_files" | grep '\.env$\|\.env\.\|master\.key' | grep -qv '\.env\.example$'; then + echo "ERROR: Potentially sensitive files staged for commit:" + echo "$staged_files" | grep '\.env$\|\.env\.\|master\.key' | grep -v '\.env\.example$' + echo "Remove them from staging before committing." + exit 1 +fi diff --git a/bin/pre-push b/bin/pre-push new file mode 100755 index 000000000..efed4868d --- /dev/null +++ b/bin/pre-push @@ -0,0 +1,11 @@ +#!/usr/bin/env bash + +eval "$(command /opt/homebrew/bin/mise activate zsh)" + +# Run rubocop on all Ruby files +echo "Running rubocop..." +bundle exec rubocop || exit 1 + +# Run brakeman security scan +echo "Running brakeman security scan..." +bundle exec brakeman --no-pager -q || exit 1 diff --git a/bin/setup b/bin/setup index 5773cd675..5cf27e56c 100755 --- a/bin/setup +++ b/bin/setup @@ -70,6 +70,11 @@ FileUtils.chdir APP_ROOT do puts "\n== Building Vite test assets ==" system! "RAILS_ENV=test npx vite build --mode test" + puts "\n== Installing git hooks ==" + system! 'cp bin/pre-commit .git/hooks/pre-commit' + system! 'chmod +x .git/hooks/pre-commit' + system! 'cp bin/pre-push .git/hooks/pre-push' + system! 'chmod +x .git/hooks/pre-push' puts "\n== Cleaning logs and tempfiles ==" system! "bin/rails log:clear tmp:clear"