ci(hooks): pre-commit security check (mirror of fai/platform)
Mirrors the hook + script from `fai/platform`@1ebf893 verbatim so commits to fai_dart_sdk go through the same gate: secrets, forbidden filenames, confidentiality references, marketing- speak, DCO sign-off, Conventional Commits subject, no Claude co-author trailer. No `.security-allow` needed here — the SDK has no banned-words gate or policy doc that mentions the filtered terms verbatim. A full-history dry-run came back clean. Activate once per clone with `bash tools/install-hooks.sh`. Signed-off-by: flemming-it <stefan.a.flemming@googlemail.com>
This commit is contained in:
parent
5c96d74744
commit
99ef83ccf0
4 changed files with 275 additions and 0 deletions
5
.githooks/commit-msg
Executable file
5
.githooks/commit-msg
Executable file
|
|
@ -0,0 +1,5 @@
|
|||
#!/usr/bin/env bash
|
||||
# F∆I Platform — commit-msg hook.
|
||||
# Validates the commit message: Conventional Commits subject, DCO
|
||||
# sign-off, no Claude co-author trailer, no banned phrases.
|
||||
exec "$(git rev-parse --show-toplevel)/tools/security/check-staged.sh" message "$1"
|
||||
6
.githooks/pre-commit
Executable file
6
.githooks/pre-commit
Executable file
|
|
@ -0,0 +1,6 @@
|
|||
#!/usr/bin/env bash
|
||||
# F∆I Platform — pre-commit hook.
|
||||
# Activated via `tools/install-hooks.sh` (sets core.hooksPath=.githooks).
|
||||
# Scans staged files for secrets, banned phrases, forbidden filenames.
|
||||
# Same script runs in Forgejo CI — see .forgejo/workflows/ci.yml.
|
||||
exec "$(git rev-parse --show-toplevel)/tools/security/check-staged.sh" content
|
||||
Loading…
Add table
Add a link
Reference in a new issue