ci(hooks): pre-commit security check (mirror of fai/platform)
Mirrors the hook + script from `fai/platform`@1ebf893 verbatim so commits to fai_dart_sdk go through the same gate: secrets, forbidden filenames, confidentiality references, marketing- speak, DCO sign-off, Conventional Commits subject, no Claude co-author trailer. No `.security-allow` needed here — the SDK has no banned-words gate or policy doc that mentions the filtered terms verbatim. A full-history dry-run came back clean. Activate once per clone with `bash tools/install-hooks.sh`. Signed-off-by: flemming-it <stefan.a.flemming@googlemail.com>
This commit is contained in:
parent
5c96d74744
commit
99ef83ccf0
4 changed files with 275 additions and 0 deletions
18
tools/install-hooks.sh
Executable file
18
tools/install-hooks.sh
Executable file
|
|
@ -0,0 +1,18 @@
|
|||
#!/usr/bin/env bash
|
||||
# F∆I Platform — one-time hook activation for this clone.
|
||||
# Points git at the versioned `.githooks/` directory so pre-commit and
|
||||
# commit-msg checks run on every commit (including amends and rebases).
|
||||
#
|
||||
# Run once after cloning:
|
||||
# bash tools/install-hooks.sh
|
||||
set -euo pipefail
|
||||
cd "$(git rev-parse --show-toplevel)"
|
||||
|
||||
git config core.hooksPath .githooks
|
||||
chmod +x .githooks/* tools/security/*.sh tools/install-hooks.sh
|
||||
|
||||
echo "✓ core.hooksPath = .githooks"
|
||||
echo " Active hooks:"
|
||||
ls -1 .githooks/ | sed 's/^/ /'
|
||||
echo ""
|
||||
echo "Next commit will be gated by tools/security/check-staged.sh."
|
||||
Loading…
Add table
Add a link
Reference in a new issue