[英]How to use this git pre-commit hook
Yelp detect secrets is a system that prevents secrets from entering your code base. Yelp 检测机密是一个防止机密进入您的代码库的系统。 I would like to install the pre-commit hook it provides.
我想安装它提供的预提交钩子。
I've never used git hooks before, but all the example files I see in .git/hooks/
are in bash, while the example given in the readme of yelp is a yaml file.我以前从未使用过 git 挂钩,但我在
.git/hooks/
中看到的所有示例文件都在 bash 中,而在 yelp的自述文件中给出的示例是 Z6EEDC03A68A692933C763E2FC44 文件。
They link to the pre-commit.com ;它们链接到pre-commit.com ; "a framework for managing and maintaining multi-language pre-commit hooks".
“用于管理和维护多语言预提交挂钩的框架”。
Does this mean the yelp pre-commit hook can only be used by first installing the pre-commit framework?这是否意味着 yelp pre-commit 钩子只能通过首先安装pre-commit框架才能使用?
If so, I'm kinda lost in the usage of pre-commit.如果是这样,我有点迷失了预提交的使用。 I've installed it and I can call it.
我已经安装了它,我可以调用它。 So in an existing repo I've run
pre-commit install
.因此,在现有的存储库中,我运行了
pre-commit install
。 But how can I now add the yelp detect secrets pre commit hook?但是我现在如何添加 yelp 检测秘密预提交挂钩?
Of course I've looked over the documentation on pre-commit.com , but I'm kinda lost in it.当然,我已经查看了pre-commit.com上的文档,但我有点迷失了。 Any tips are welcome.
欢迎任何提示。
to use pre-commit you'll set up a .pre-commit-config.yaml
which includes the tools you'd like to use (such as whitespace fixers, linters, black, flake8, etc.)要使用预提交,您将设置一个
.pre-commit-config.yaml
,其中包括您想要使用的工具(例如空白修复程序、短绒、黑色、flake8 等)
detect-secrets also provides a hook using this mechanism and you can include it using the snippet they provide : detect-secrets 还提供了一个使用这种机制的钩子,你可以使用它们提供的代码片段来包含它:
- repo: https://github.com/Yelp/detect-secrets
rev: v0.13.0
hooks:
- id: detect-secrets
args: ['--baseline', '.secrets.baseline']
exclude: .*/tests/.*
(note: I edited the snippet to use https clone urls which are much more portable) (注意:我编辑了片段以使用更便携的 https 克隆网址)
there's also more standard tools for handling this such as bandit (which also have pre-commit integration) if you find detect-secrets to be difficult to work with如果您发现难以使用检测秘密,还有更多标准工具可以处理此问题,例如 bandit(也具有预提交集成)
(disclaimer: I'm the author of pre-commit) (免责声明:我是 pre-commit 的作者)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.