diff --git a/.github/hooks/pre-commit b/.github/hooks/pre-commit new file mode 100755 index 00000000..366d020e --- /dev/null +++ b/.github/hooks/pre-commit @@ -0,0 +1,54 @@ +#!/usr/bin/env bash +# File generated by pre-commit: https://pre-commit.com +# ID: 138fd403232d2ddd5efb44317e38bf03 + + +# check ak leak +echo "Check for sensitive information leak:" +projectUrl=`git config --get remote.origin.url` +user=`git config --get user.name` +user_email=`git config --get user.email` +STAGE_FILES=$(git diff --cached --name-only) +stage_files=(${STAGE_FILES/ // }) +keywords=("LTAI[a-zA-Z0-9]{20}" "LTAI[a-zA-Z0-9]{12}" "acs:ram::[0-9]{16}:role/") + +result=0 +for i in "${!stage_files[@]}"; do + if [ ! -e "${stage_files[i]}" ] + then + continue + fi + for index in "${!keywords[@]}"; do + grep -E -q ${keywords[index]} ${stage_files[i]} + if [ $? -eq 0 ] + then + echo "Check Failed, ${stage_files[i]} contain sensitive info: pattern=${keywords[index]}, details: " + grep -E ${keywords[index]} ${stage_files[i]} + result=1 + break + fi + done +done +if [ $result -eq 0 ];then + echo "Sensitive Information Leak Check Passed." +else + echo "Sensitive Information Leak Check Failed" + exit 1 +fi + +# start templated +INSTALL_PYTHON=python +ARGS=(hook-impl --config=.pre-commit-config.yaml --hook-type=pre-commit) +# end templated + +HERE="$(cd "$(dirname "$0")" && pwd)" +ARGS+=(--hook-dir "$HERE" -- "$@") + +if [ -x "$INSTALL_PYTHON" ]; then + exec "$INSTALL_PYTHON" -mpre_commit "${ARGS[@]}" +elif command -v pre-commit > /dev/null; then + exec pre-commit "${ARGS[@]}" +else + echo '`pre-commit` not found. Did you forget to activate your virtualenv?' 1>&2 + exit 1 +fi diff --git a/.github/workflows/citest.yaml b/.github/workflows/citest.yaml index 87a0bd5a..9618ed9b 100644 --- a/.github/workflows/citest.yaml +++ b/.github/workflows/citest.yaml @@ -31,12 +31,6 @@ jobs: steps: - name: Checkout uses: actions/checkout@v2 - - name: lint - shell: bash - run: | - pip install -r requirements/tests.txt - pre-commit install - pre-commit run --all-files - name: Run unittest shell: bash run: | diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml new file mode 100644 index 00000000..13cd0fbd --- /dev/null +++ b/.github/workflows/lint.yaml @@ -0,0 +1,23 @@ +name: Lint test + +on: [push, pull_request] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + lint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Set up Python 3.6 + uses: actions/setup-python@v2 + with: + python-version: 3.6 + - name: Install pre-commit hook + run: | + pip install pre-commit + cp .github/hooks/pre-commit .git/hooks/ + - name: Linting + run: pre-commit run --all-files