From ca7c2472f21bcc2296a0a11a4c4a04b7a0ab672a Mon Sep 17 00:00:00 2001 From: derwentx Date: Tue, 8 Sep 2020 18:25:51 +1000 Subject: [PATCH 1/7] [Resolves thoughtworks/talisman#170] Add pre-commit option in install.sh --- install.sh | 48 ++++++++++++++++++++++++++++++------------------ 1 file changed, 30 insertions(+), 18 deletions(-) diff --git a/install.sh b/install.sh index 1841c13f..7fd316aa 100755 --- a/install.sh +++ b/install.sh @@ -1,6 +1,16 @@ #!/bin/bash set -euo pipefail +HOOK_NAME="${1:-pre-push}" +case "$HOOK_NAME" in +pre-commit | pre-push) REPO_HOOK_TARGET=".git/hooks/${HOOK_NAME}" ;; +*) + echo "Unknown Hook name '${HOOK_NAME}'. Please check parameters" + exit 1 + ;; +esac + + # we call run() at the end of the script to prevent inconsistent state in case # user runs with curl|bash and curl fails in the middle of the download # (https://www.seancassidy.me/dont-pipe-to-your-shell.html) @@ -10,7 +20,7 @@ run() { VERSION="v0.3.2" GITHUB_URL="https://github.com/thoughtworks/talisman" BINARY_BASE_URL="$GITHUB_URL/releases/download/$VERSION/talisman" - REPO_PRE_PUSH_HOOK=".git/hooks/pre-push" + DEFAULT_GLOBAL_TEMPLATE_DIR="$HOME/.git-templates" EXPECTED_BINARY_SHA_LINUX_AMD64="8c0ba72fb018892b48c8e63f5e579b5bd72ec5f9d284f31c35a5382f77685834" @@ -32,6 +42,12 @@ run() { echo -ne $(tput sgr0) >&2 } + echo_success() { + echo -ne $(tput setaf 2) + echo "$1" >&2 + echo -ne $(tput sgr0) + } + binary_arch_suffix() { declare ARCHITECTURE if [[ "$(uname -s)" == "Linux" ]]; then @@ -105,8 +121,8 @@ run() { } install_to_repo() { - if [[ -x "$REPO_PRE_PUSH_HOOK" ]]; then - echo_error "Oops, it looks like you already have a pre-push hook installed at '$REPO_PRE_PUSH_HOOK'." + if [[ -x "$REPO_HOOK_TARGET" ]]; then + echo_error "Oops, it looks like you already have a ${HOOK_NAME} hook installed at '${REPO_HOOK_TARGET}'." echo_error "Talisman is not compatible with other hooks right now, sorry." echo_error "If this is a problem for you, please open an issue: https://github.com/thoughtworks/talisman/issues/new" exit $E_HOOK_ALREADY_PRESENT @@ -114,13 +130,11 @@ run() { download_and_verify - mkdir -p $(dirname $REPO_PRE_PUSH_HOOK) - cp $DOWNLOADED_BINARY $REPO_PRE_PUSH_HOOK - chmod +x $REPO_PRE_PUSH_HOOK + mkdir -p $(dirname $REPO_HOOK_TARGET) + cp $DOWNLOADED_BINARY $REPO_HOOK_TARGET + chmod +x $REPO_HOOK_TARGET - echo -ne $(tput setaf 2) - echo "Talisman successfully installed to '$REPO_PRE_PUSH_HOOK'." - echo -ne $(tput sgr0) + echo_success "Talisman successfully installed to '$REPO_HOOK_TARGET'." } install_to_git_templates() { @@ -170,23 +184,21 @@ run() { # Support '~' in path TEMPLATE_DIR=${TEMPLATE_DIR/#\~/$HOME} - if [ -f "$TEMPLATE_DIR/hooks/pre-push" ]; then - echo_error "Oops, it looks like you already have a pre-push hook installed at '$TEMPLATE_DIR/hooks/pre-push'." + if [ -f "$TEMPLATE_DIR/hooks/${HOOK_NAME}" ]; then + echo_error "Oops, it looks like you already have a ${HOOK_NAME} hook installed at '$TEMPLATE_DIR/hooks/${HOOK_NAME}'." echo_error "Talisman is not compatible with other hooks right now, sorry." echo_error "If this is a problem for you, please open an issue: https://github.com/thoughtworks/talisman/issues/new" exit $E_HOOK_ALREADY_PRESENT fi - + mkdir -p "$TEMPLATE_DIR/hooks" download_and_verify - cp $DOWNLOADED_BINARY "$TEMPLATE_DIR/hooks/pre-push" - chmod +x "$TEMPLATE_DIR/hooks/pre-push" - - echo -ne $(tput setaf 2) - echo "Talisman successfully installed." - echo -ne $(tput sgr0) + cp $DOWNLOADED_BINARY "$TEMPLATE_DIR/hooks/${HOOK_NAME}" + chmod +x "$TEMPLATE_DIR/hooks/${HOOK_NAME}" + + echo_success "Talisman successfully installed." } if [ ! -d "./.git" ]; then From 60a8bc22309ad7bdccff97e45cf80120ec84ebc5 Mon Sep 17 00:00:00 2001 From: derwentx Date: Tue, 8 Sep 2020 18:56:53 +1000 Subject: [PATCH 2/7] [Issue thoughtworks/talisman#247] update VERSION and SHAs to v1.8.0 --- .talismanrc | 2 ++ install.sh | 9 +++++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/.talismanrc b/.talismanrc index 029c9257..de99f965 100644 --- a/.talismanrc +++ b/.talismanrc @@ -23,5 +23,7 @@ fileignoreconfig: checksum: 7e5442d7ee07a6fad12cf636c5dc2880c69b9593fd286e44d567e178ffdd0194 - filename: global_install_scripts/install.bash checksum: 5d659125ecbe619ea99f5bc71c2d761b586ce3ec9ccab7683ee54f4ebde9f748 +- filename: install.sh + checksum: 871261b64e3321d1e15c02e7fcb84b7f31ff18dabd7b8d6459d8c1f6fc443c3a scopeconfig: - scope: go diff --git a/install.sh b/install.sh index 7fd316aa..ef910a8f 100755 --- a/install.sh +++ b/install.sh @@ -17,15 +17,16 @@ esac run() { IFS=$'\n' - VERSION="v0.3.2" + VERSION="v1.8.0" GITHUB_URL="https://github.com/thoughtworks/talisman" + GITHUB_RAW_URL="https://raw.githubusercontent.com/thoughtworks/talisman" BINARY_BASE_URL="$GITHUB_URL/releases/download/$VERSION/talisman" DEFAULT_GLOBAL_TEMPLATE_DIR="$HOME/.git-templates" - EXPECTED_BINARY_SHA_LINUX_AMD64="8c0ba72fb018892b48c8e63f5e579b5bd72ec5f9d284f31c35a5382f77685834" - EXPECTED_BINARY_SHA_LINUX_X86="332bb7a1295f45d2efaac48757f4f8c513a4cca563ebc86f964c985be7aaed51" - EXPECTED_BINARY_SHA_DARWIN_AMD64="e66c2b21b69ab80f4474d3cc3f591f6ca68e2b76a96337e7eb807fc305e518f1" + EXPECTED_BINARY_SHA_LINUX_AMD64="22b1aaee860b27306bdf345a0670f138830bcf7fbe16c75be186fe119e9d54b4" + EXPECTED_BINARY_SHA_LINUX_X86="d0558d626a4ee1e90d2c2a5f3c69372a30b8f2c8e390a59cedc15585b0731bc4" + EXPECTED_BINARY_SHA_DARWIN_AMD64="f30e1ec6fb3e1fc33928622f17d6a96933ca63d5ab322f9ba869044a3075ffda" declare DOWNLOADED_BINARY From 1b7707be5b032c75d0625e7485336eccacf47cbe Mon Sep 17 00:00:00 2001 From: derwentx Date: Tue, 8 Sep 2020 18:59:34 +1000 Subject: [PATCH 3/7] [Issue thoughtworks/talisman#247] download talisman_hook_script.bash along with talisman into .git/hooks/bin --- install.sh | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/install.sh b/install.sh index ef910a8f..09821a7c 100755 --- a/install.sh +++ b/install.sh @@ -21,6 +21,8 @@ run() { GITHUB_URL="https://github.com/thoughtworks/talisman" GITHUB_RAW_URL="https://raw.githubusercontent.com/thoughtworks/talisman" BINARY_BASE_URL="$GITHUB_URL/releases/download/$VERSION/talisman" + HOOK_SCRIPT_URL="$GITHUB_RAW_URL/master/global_install_scripts/talisman_hook_script.bash" + REPO_HOOK_BIN_DIR=".git/hooks/bin" DEFAULT_GLOBAL_TEMPLATE_DIR="$HOME/.git-templates" @@ -94,7 +96,8 @@ run() { ARCH_SUFFIX=$(binary_arch_suffix) - curl --location --silent "${BINARY_BASE_URL}_${ARCH_SUFFIX}" > $TMP_DIR/talisman + curl --location --silent "${BINARY_BASE_URL}_${ARCH_SUFFIX}" >"${TMP_DIR}/talisman" + curl --location --silent "$HOOK_SCRIPT_URL" >"${TMP_DIR}/talisman_hook_script.bash" DOWNLOAD_SHA=$(shasum -b -a256 $TMP_DIR/talisman | cut -d' ' -f1) @@ -119,6 +122,7 @@ run() { fi DOWNLOADED_BINARY="$TMP_DIR/talisman" + DOWNLOADED_HOOK_SCRIPT="${TMP_DIR}/talisman_hook_script.bash" } install_to_repo() { @@ -131,9 +135,17 @@ run() { download_and_verify - mkdir -p $(dirname $REPO_HOOK_TARGET) - cp $DOWNLOADED_BINARY $REPO_HOOK_TARGET - chmod +x $REPO_HOOK_TARGET + mkdir -p "$REPO_HOOK_BIN_DIR" + TALISMAN_BIN_TARGET="${REPO_HOOK_BIN_DIR}/talisman" + cp "$DOWNLOADED_BINARY" "$TALISMAN_BIN_TARGET" + chmod +x "$TALISMAN_BIN_TARGET" + + HOOK_SCRIPT_TARGET="${REPO_HOOK_BIN_DIR}/pre-commit" + cp "$DOWNLOADED_HOOK_SCRIPT" "$HOOK_SCRIPT_TARGET" + chmod +x "$HOOK_SCRIPT_TARGET" + + echo "TALISMAN_BINARY=\"${TALISMAN_BIN_TARGET}\" ${HOOK_SCRIPT_TARGET}" >"$REPO_HOOK_TARGET" + chmod +x "$REPO_HOOK_TARGET" echo_success "Talisman successfully installed to '$REPO_HOOK_TARGET'." } From 14a679b5b05999b987ae4f1978f563408681596e Mon Sep 17 00:00:00 2001 From: derwentx Date: Tue, 8 Sep 2020 19:01:27 +1000 Subject: [PATCH 4/7] =?UTF-8?q?[Issue=20thoughtworks/talisman#247]=20?= =?UTF-8?q?=F0=9F=9A=A8=20Fix=20shellcheck=20warnings?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- install.sh | 52 +++++++++++++++++++++++++--------------------------- 1 file changed, 25 insertions(+), 27 deletions(-) diff --git a/install.sh b/install.sh index 09821a7c..4afc3cb6 100755 --- a/install.sh +++ b/install.sh @@ -10,7 +10,6 @@ pre-commit | pre-push) REPO_HOOK_TARGET=".git/hooks/${HOOK_NAME}" ;; ;; esac - # we call run() at the end of the script to prevent inconsistent state in case # user runs with curl|bash and curl fails in the middle of the download # (https://www.seancassidy.me/dont-pipe-to-your-shell.html) @@ -29,16 +28,16 @@ run() { EXPECTED_BINARY_SHA_LINUX_AMD64="22b1aaee860b27306bdf345a0670f138830bcf7fbe16c75be186fe119e9d54b4" EXPECTED_BINARY_SHA_LINUX_X86="d0558d626a4ee1e90d2c2a5f3c69372a30b8f2c8e390a59cedc15585b0731bc4" EXPECTED_BINARY_SHA_DARWIN_AMD64="f30e1ec6fb3e1fc33928622f17d6a96933ca63d5ab322f9ba869044a3075ffda" - + declare DOWNLOADED_BINARY - + E_HOOK_ALREADY_PRESENT=1 E_CHECKSUM_MISMATCH=2 E_USER_CANCEL=3 E_HEADLESS=4 E_UNSUPPORTED_ARCH=5 E_DEPENDENCY_NOT_FOUND=6 - + echo_error() { echo -ne $(tput setaf 1) >&2 echo "$1" >&2 @@ -72,11 +71,10 @@ run() { echo_error "If this is a problem for you, please open an issue: https://github.com/thoughtworks/talisman/issues/new" exit $E_UNSUPPORTED_ARCH fi - + echo $ARCHITECTURE } - download_and_verify() { if [[ ! -x "$(which curl 2>/dev/null)" ]]; then echo_error "This script requires 'curl' to download the Talisman binary." @@ -86,32 +84,32 @@ run() { echo_error "This script requires 'shasum' to verify the Talisman binary." exit $E_DEPENDENCY_NOT_FOUND fi - + echo 'Downloading and verifying binary...' echo - + TMP_DIR=$(mktemp -d 2>/dev/null || mktemp -d -t 'talisman') trap 'rm -r $TMP_DIR' EXIT chmod 0700 $TMP_DIR ARCH_SUFFIX=$(binary_arch_suffix) - + curl --location --silent "${BINARY_BASE_URL}_${ARCH_SUFFIX}" >"${TMP_DIR}/talisman" curl --location --silent "$HOOK_SCRIPT_URL" >"${TMP_DIR}/talisman_hook_script.bash" - DOWNLOAD_SHA=$(shasum -b -a256 $TMP_DIR/talisman | cut -d' ' -f1) + DOWNLOAD_SHA=$(shasum -b -a256 "${TMP_DIR}/talisman" | cut -d' ' -f1) declare EXPECTED_BINARY_SHA case "$ARCH_SUFFIX" in - linux_386) - EXPECTED_BINARY_SHA="$EXPECTED_BINARY_SHA_LINUX_X86" - ;; - linux_amd64) - EXPECTED_BINARY_SHA="$EXPECTED_BINARY_SHA_LINUX_AMD64" - ;; - darwin_amd64) - EXPECTED_BINARY_SHA="$EXPECTED_BINARY_SHA_DARWIN_AMD64" - ;; + linux_386) + EXPECTED_BINARY_SHA="$EXPECTED_BINARY_SHA_LINUX_X86" + ;; + linux_amd64) + EXPECTED_BINARY_SHA="$EXPECTED_BINARY_SHA_LINUX_AMD64" + ;; + darwin_amd64) + EXPECTED_BINARY_SHA="$EXPECTED_BINARY_SHA_DARWIN_AMD64" + ;; esac if [[ ! "$DOWNLOAD_SHA" == "$EXPECTED_BINARY_SHA" ]]; then @@ -184,13 +182,13 @@ run() { echo case "$USE_EXISTING" in - Y|y|"") ;; # okay, continue - *) - echo_error "Not installing Talisman." - echo_error "If you were trying to install into a single git repo, re-run this command from that repo." - echo_error "You can always download/compile manually from our Github page: $GITHUB_URL" - exit $E_USER_CANCEL - ;; + Y | y | "") ;; # okay, continue + *) + echo_error "Not installing Talisman." + echo_error "If you were trying to install into a single git repo, re-run this command from that repo." + echo_error "You can always download/compile manually from our Github page: $GITHUB_URL" + exit $E_USER_CANCEL + ;; esac fi @@ -208,7 +206,7 @@ run() { download_and_verify - cp $DOWNLOADED_BINARY "$TEMPLATE_DIR/hooks/${HOOK_NAME}" + cp "$DOWNLOADED_BINARY" "$TEMPLATE_DIR/hooks/${HOOK_NAME}" chmod +x "$TEMPLATE_DIR/hooks/${HOOK_NAME}" echo_success "Talisman successfully installed." From 2456f71c45b89a867d2abfaae5f7b95ba469b192 Mon Sep 17 00:00:00 2001 From: derwentx Date: Tue, 8 Sep 2020 19:07:12 +1000 Subject: [PATCH 5/7] =?UTF-8?q?[Issue=20thoughtworks/talisman#247]=20?= =?UTF-8?q?=F0=9F=93=9D=20update=20doc,=20single=20project=20install?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 3cb8fd45..699c62d4 100644 --- a/README.md +++ b/README.md @@ -162,9 +162,12 @@ chmod +x ~/install-talisman.sh ``` ```bash -# Install to a single project (as pre-push hook) +# Install to a single project cd my-git-project +# as a pre-push hook ~/install-talisman.sh +# or as a pre-commit hook +~/install-talisman.sh pre-commit ``` ### Handling existing hooks From d9e67efaea517a00edfc5d0d7457aca75af065fa Mon Sep 17 00:00:00 2001 From: derwentx Date: Tue, 8 Sep 2020 19:27:50 +1000 Subject: [PATCH 6/7] =?UTF-8?q?=F0=9F=93=9D=20fix=20inaccuracy=20in=20docu?= =?UTF-8?q?mentation?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 43 +++++++++++++++++++++++++++++-------------- 1 file changed, 29 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 699c62d4..1c6299bd 100644 --- a/README.md +++ b/README.md @@ -10,23 +10,38 @@ ## Table of Contents - [What is Talisman?](#what-is-talisman) - [Installation](#installation) - - [As a global hook template (Recommended)](#installation-as-a-global-hook-template) - - [To a single repository](#installation-to-a-single-project) -- [Upgrading Talisman](#Upgrading) + - [[Recommended approach]](#recommended-approach) + - [Installation as a global hook template](#installation-as-a-global-hook-template) + - [Handling existing hooks](#handling-existing-hooks) + - [1. Pre-commit (Linux/Unix)](#1-pre-commit-linuxunix) + - [2. Husky (Linux/Unix/Windows)](#2-husky-linuxunixwindows) + - [Windows](#windows) + - [Linux/Unix](#linuxunix) + - [Windows](#windows-1) + - [Linux/Unix](#linuxunix-1) + - [Installation to a single project](#installation-to-a-single-project) + - [Handling existing hooks](#handling-existing-hooks-1) +- [Upgrading](#upgrading) - [Talisman in action](#talisman-in-action) - - [Validations](#validations) - - [Ignoring files](#ignoring-files) - - [Configuring severity threshold](#configuring-severity-threshold) + - [Validations](#validations) + - [Ignoring Files](#ignoring-files) + - [Interactive mode](#interactive-mode) + - [Ignoring specific detectors](#ignoring-specific-detectors) + - [Ignoring specific keywords](#ignoring-specific-keywords) + - [Ignoring multiple files of same type (with wildcards)](#ignoring-multiple-files-of-same-type-with-wildcards) + - [Ignoring files by specifying language scope](#ignoring-files-by-specifying-language-scope) + - [Custom search patterns](#custom-search-patterns) + - [Configuring severity threshold](#configuring-severity-threshold) - [Talisman as a CLI utility](#talisman-as-a-cli-utility) - - [Git History Scanner](#git-history-scanner) + - [Interactive mode](#interactive-mode-1) + - [Git history Scanner](#git-history-scanner) - [Checksum Calculator](#checksum-calculator) - - [Talisman HTML Reporting](#talisman-html-reporting) +- [Talisman HTML Reporting](#talisman-html-reporting) + - [Sample Screenshots](#sample-screenshots) - [Uninstallation](#uninstallation) - - [From a global hook template](#uninstallation-from-a-global-hook-template) - - [From a single repository](#uninstallation-from-a-single-repository) -- [Contributing to Talisman](#contributing-to-talisman) - - [Developing locally](https://github.com/thoughtworks/talisman/blob/master/contributing.md#developing-locally) - - [Releasing](https://github.com/thoughtworks/talisman/blob/master/contributing.md#releasing) + - [Uninstallation from a global hook template](#uninstallation-from-a-global-hook-template) + - [Uninstallation from a single repository](#uninstallation-from-a-single-repository) + - [Contributing to Talisman](#contributing-to-talisman) # What is Talisman? Talisman is a tool that installs a hook to your repository to ensure that potential secrets or sensitive information do not leave the developer's workstation. @@ -156,7 +171,7 @@ In order to use husky, make sure you have already set TALISMAN_HOME to `$PATH`. ## Installation to a single project ```bash -# Download the talisman binary +# Download the talisman installer script curl https://thoughtworks.github.io/talisman/install.sh > ~/install-talisman.sh chmod +x ~/install-talisman.sh ``` From 911776e522dda2a62f48551d57fbf3058635f262 Mon Sep 17 00:00:00 2001 From: derwentx Date: Tue, 8 Sep 2020 19:50:43 +1000 Subject: [PATCH 7/7] =?UTF-8?q?=F0=9F=90=9B=20Handle=20bug=20introduced=20?= =?UTF-8?q?in=20thoughtworks#246?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install.sh b/install.sh index 4afc3cb6..7344697d 100755 --- a/install.sh +++ b/install.sh @@ -142,7 +142,7 @@ run() { cp "$DOWNLOADED_HOOK_SCRIPT" "$HOOK_SCRIPT_TARGET" chmod +x "$HOOK_SCRIPT_TARGET" - echo "TALISMAN_BINARY=\"${TALISMAN_BIN_TARGET}\" ${HOOK_SCRIPT_TARGET}" >"$REPO_HOOK_TARGET" + echo "TALISMAN_BINARY=\"${TALISMAN_BIN_TARGET}\" TALISMAN_INTERACTIVE=\"false\" ${HOOK_SCRIPT_TARGET}" >"$REPO_HOOK_TARGET" chmod +x "$REPO_HOOK_TARGET" echo_success "Talisman successfully installed to '$REPO_HOOK_TARGET'."