Adds pre-commit configuration

[colindean]

This enables using the repository with pre-commit.

I tested this with

pre-commit try-repo https://github.com/colindean/secrets.git secrets --verbose --all-files

And the output:

===============================================================================
Using config:
===============================================================================
repos:
-   repo: https://github.com/colindean/secrets.git
    rev: 3fe8bf59a62e00fbbdf7de47f57c32058bd5f2ee
    hooks:
    -   id: secrets
===============================================================================
[INFO] Initializing environment for https://github.com/colindean/secrets.git.
[INFO] Installing environment for https://github.com/colindean/secrets.git.
[INFO] Once installed this environment will be reused.
[INFO] This may take a few minutes...
secrets..................................................................Failed
- hook id: secrets
- duration: 0.07s
- exit code: 1

test/one_per_line/random:1:APP_KEY = "iftkeq2y4qj0nbt"
test/one_per_line/npm:2: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
test/one_per_line/mailchimp:1:343ea45721923ed956e2b38c31db76aa-us30
test/one_per_line/square:1:sq0csp-ABCDEFGHIJK_LMNOPQRSTUVWXYZ-0123456789\\abcd
test/one_per_line/twilio:1:ACxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
test/one_per_line/twilio:2:SKxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
test/one_per_line/slack:1:xoxp-523423-234243-234233-e039d02840a0b9379c
test/one_per_line/slack:2:https://hooks.slack.com/services/Txxxxxxxx/Bxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx
test/one_per_line/aws:1:secret_access_key = '1W0T1eqNpAk3imtH8mJtkSf2AQ3eNMrPqe3u3Tf6'
test/one_per_line/aws:2:secretAccessKey = "wrmDCcpolP3yg9l7o9dJragXbj2wFFzWgiN5FBZN"
test/one_per_line/aws:3:SECRET_ACCESS_KEY: 2OYzBCp/+N9pUJ3a8JA5lOLYL/iKBFYVlif3pIHl
test/one_per_line/azure:1:AccountKey=lJzRc1YdHaAA2KCNJJ1tkYwF/+mKK6Ygw0NGe170Xu592euJv2wYUtBlV8z+qnlcNQSnIYVTkLWntUO1F8j8rQ==
test/one_per_line/azure:2:client_secret = GN.7Q~4AkLZBNEbz4Jxlm~O5G6SsyFxYg6zNR
test/one_per_line/azure:3:api_key = 2N87Q~4m2Bkq.tjC7pDkGksXPutGkChIGNqYc
test/one_per_line/stripe:1:sk_live_ReTllpYQYfIZu2Jnf2lAPFjD
test/one_per_line/stripe:2:rk_live_5TcWfjKmJgpql9hjpRnwRXbT
test/one_per_line/jwt:1:eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
test/one_per_line/jwt:2:eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ
test/one_per_line/sendgrid:1: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
test/one_per_line/github:1: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
test/one/private_key:2:-----BEGIN RSA PRIVATE KEY-----
test/one_per_line/gcp:1:key=AIzaSyCw8XmxlGXVRySZxKiuZhFCALuXbLqqHBI
test/one_per_line/gcp:2:AIzaSyBYvIR5fRdK_ZUw4baMjUanLRTA7iopW-I
test/one_per_line/gcp:3:AIzaSyBsk5f14YtkTQr-hIbMjMOMSXIV2KdZlrU

[colindean]

Once this is merged, someone (me?) could put a PR on https://github.com/pre-commit/pre-commit.com/blob/main/all-repos.yaml that adds https://github.com/sirwart/secrets to it.

[sirwart]

@colindean Thanks for creating this PR! The output implies that the command is scanning the test directory and failing, which means it's not respecting the .secretsignore file. I suspect this is because pre-commit is running secrets in a directory that's not the git root, but not sure the best way to confirm. How did you test your changes before pushing them to your fork?

[colindean]

I tested with

pre-commit try-repo https://github.com/colindean/secrets.git secrets --verbose --all-files

and just again by writing the config output by the try-repo command as a local test with

pre-commit run --all-files

and I think you're right: I think pre-commit is cd'ing elsewhere. pre-commit's --verbose isn't showing any additional information in this context, though :-/

I'll troubleshoot when I get a chance; greatest risk of merging this now is that the ignore file will be… ignored. Inconvenient but could be noted in the README until we/I get this ironed out.

[sirwart]

I've been able to reproduce the lack of ignoring locally, and it's not related to pre-commit at all. Basically if you pass a file as an argument that will override the ignorefile. I need to figure out the best solution but agree it's unrelated to this change.