如何使用这个 git 预提交钩子

Question

Yelp detect secrets is a system that prevents secrets from entering your code base. I would like to install the pre-commit hook it provides.

I've never used git hooks before, but all the example files I see in .git/hooks/ are in bash, while the example given in the readme of yelp is a yaml file.

They link to the pre-commit.com ; "a framework for managing and maintaining multi-language pre-commit hooks".

Does this mean the yelp pre-commit hook can only be used by first installing the pre-commit framework?

If so, I'm kinda lost in the usage of pre-commit. I've installed it and I can call it. So in an existing repo I've run pre-commit install . But how can I now add the yelp detect secrets pre commit hook?

Of course I've looked over the documentation on pre-commit.com , but I'm kinda lost in it. Any tips are welcome.

Answer 1

to use pre-commit you'll set up a .pre-commit-config.yaml which includes the tools you'd like to use (such as whitespace fixers, linters, black, flake8, etc.)

detect-secrets also provides a hook using this mechanism and you can include it using the snippet they provide :

-   repo: https://github.com/Yelp/detect-secrets
    rev: v0.13.0
    hooks:
    -   id: detect-secrets
        args: ['--baseline', '.secrets.baseline']
        exclude: .*/tests/.*

(note: I edited the snippet to use https clone urls which are much more portable)

there's also more standard tools for handling this such as bandit (which also have pre-commit integration) if you find detect-secrets to be difficult to work with

(disclaimer: I'm the author of pre-commit)