ci(hooks): pre-commit security check (mirror of fai/platform)
Mirrors the hook + script from `fai/platform`@1ebf893 verbatim so commits to fai_studio go through the same gate: secrets, forbidden filenames, confidentiality references, marketing- speak, DCO sign-off, Conventional Commits subject, no Claude co-author trailer. A `.security-allow` file at the repo root extends the script's universal excludes with three Studio-specific paths whose content legitimately includes the filtered terms — the Today-Hero proposal pipeline (LLM prompt + accept gate), its runtime loader equivalent, and its operator-facing policy doc. No CI mirror yet — Studio doesn't have a Forgejo workflow (Flutter-on-DinD is a chunk of work). The local hook is the gate for now; CI mirror follows when Flutter CI lands. Activate once with `bash tools/install-hooks.sh`. Signed-off-by: flemming-it <stefan.a.flemming@googlemail.com>
This commit is contained in:
parent
c389876a2f
commit
01f3f773cf
5 changed files with 290 additions and 0 deletions
6
.githooks/pre-commit
Executable file
6
.githooks/pre-commit
Executable file
|
|
@ -0,0 +1,6 @@
|
|||
#!/usr/bin/env bash
|
||||
# F∆I Platform — pre-commit hook.
|
||||
# Activated via `tools/install-hooks.sh` (sets core.hooksPath=.githooks).
|
||||
# Scans staged files for secrets, banned phrases, forbidden filenames.
|
||||
# Same script runs in Forgejo CI — see .forgejo/workflows/ci.yml.
|
||||
exec "$(git rev-parse --show-toplevel)/tools/security/check-staged.sh" content
|
||||
Loading…
Add table
Add a link
Reference in a new issue