@ministryofjustice/hmpps-precommit-hooks 2.0.0-beta.3 → 2.0.0-beta.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +5 -5
  2. package/bin/prepare.sh +11 -6
  3. package/default-hooks.yaml +11 -4
  4. package/package.json +1 -4
package/README.md CHANGED
@@ -45,10 +45,10 @@ HMPPS_HOOKS_VERSION: 1
45
45
  repos:
46
46
  - repo: local
47
47
  hooks:
48
- - repo: https://github.com/ministryofjustice/devsecops-hooks
49
- rev: v1.x.x
50
- hooks:
51
- - id: baseline
48
+ - id: gitleaks
49
+ name: Scan commit for secrets
50
+ language: system
51
+ entry: gitleaks git --pre-commit --redact --staged --verbose --config .gitleaks/config.toml --gitleaks-ignore-path .gitleaks/.gitleaksignore
52
52
  - id: lint
53
53
  name: linting code
54
54
  language: system
@@ -111,7 +111,7 @@ See the gitleaks documentation for how to create rules and [examples](https://gi
111
111
 
112
112
  ### Keeping up to date
113
113
 
114
- `prek auto-update` can be used to pull in later versions of hooks including the devsecops-hooks.
114
+ `prek auto-update` can be used to pull in later versions of hooks.
115
115
 
116
116
  Also, a manager can be added to your renovate.json config to allow renovate to raise PRs to keep hooks up to date:
117
117
 
package/bin/prepare.sh CHANGED
@@ -24,16 +24,14 @@ fi
24
24
 
25
25
 
26
26
  # Remove husky if installed
27
- if [ -f "node_modules/.bin/husky" ]; then
27
+ if [ -f ".husky/pre-commit" ]; then
28
28
  startStage "Removing husky"
29
29
  npm uninstall husky
30
30
  endStage " ✅ "
31
31
 
32
- if [ -f ".husky/pre-commit" ]; then
33
- startStage "Deleting existing husky pre-commit hooks"
34
- rm -Rf .husky
35
- endStage " ✅ "
36
- fi
32
+ startStage "Deleting existing husky pre-commit hooks"
33
+ rm -Rf .husky
34
+ endStage " ✅ "
37
35
  fi
38
36
 
39
37
  # Check brew exists
@@ -42,6 +40,13 @@ if ! command -v brew > /dev/null 2> /dev/null; then
42
40
  exit 0
43
41
  fi
44
42
 
43
+ # Install gitleaks if not present - this will be used by prek for secret scanning until we move over to devsecops hooks
44
+ if ! command -v gitleaks > /dev/null 2> /dev/null; then
45
+ startStage "Installing gitleaks"
46
+ brew install gitleaks
47
+ endStage " ✅ "
48
+ fi
49
+
45
50
  # Install prek
46
51
  if ! command -v prek > /dev/null 2> /dev/null; then
47
52
  startStage "Installing prek"
package/default-hooks.yaml CHANGED
@@ -5,12 +5,19 @@
5
5
  # Other hooks maybe added or removed as needed to suit individual project requirements.
6
6
 
7
7
  repos:
8
- - repo: https://github.com/ministryofjustice/devsecops-hooks
9
- rev: v1.3.0
10
- hooks:
11
- - id: baseline
8
+ #. Temporary disabled while we investigate issues with it
9
+ # - repo: https://github.com/ministryofjustice/devsecops-hooks
10
+ # rev: v1.1.0
11
+ # hooks:
12
+ # - id: baseline
12
13
  - repo: local
13
14
  hooks:
15
+ - id: gitleaks
16
+ name: Scan commit for secrets
17
+ language: system
18
+ entry: gitleaks git --pre-commit --redact --staged --verbose --config .gitleaks/config.toml --gitleaks-ignore-path .gitleaks/.gitleaksignore
19
+ require_serial: true
20
+ pass_filenames: false
14
21
  - id: lint
15
22
  name: linting code
16
23
  language: system
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@ministryofjustice/hmpps-precommit-hooks",
3
- "version": "2.0.0-beta.3",
3
+ "version": "2.0.0-beta.5",
4
4
  "description": "Precommit hooks for HMPPS typescript projects",
5
5
  "keywords": [
6
6
  "precommit"
@@ -32,8 +32,5 @@
32
32
  ],
33
33
  "engines": {
34
34
  "node": "20 || 22 || 24"
35
- },
36
- "dependencies": {
37
- "husky": "^9.1.7"
38
35
  }
39
36
  }