Merge branch 'master' into upx_fix

.talismanrc

@@ -25,5 +25,7 @@ fileignoreconfig:
   checksum: 5d659125ecbe619ea99f5bc71c2d761b586ce3ec9ccab7683ee54f4ebde9f748
 - filename: upx_compress.sh
   checksum: 1a5d9b0ebd627646650c86236f4a21df5b4a2bcf26d77c439dd81c7b28ff9aa0
+- filename: install.sh
+  checksum: 871261b64e3321d1e15c02e7fcb84b7f31ff18dabd7b8d6459d8c1f6fc443c3a
 scopeconfig:
 - scope: go

README.md

@@ -10,23 +10,38 @@
 ## Table of Contents
 - [What is Talisman?](#what-is-talisman)
 - [Installation](#installation)
-	- [As a global hook template (Recommended)](#installation-as-a-global-hook-template)
-	- [To a single repository](#installation-to-a-single-project)
-- [Upgrading Talisman](#Upgrading)
+  - [[Recommended approach]](#recommended-approach)
+  - [Installation as a global hook template](#installation-as-a-global-hook-template)
+    - [Handling existing hooks](#handling-existing-hooks)
+      - [1. Pre-commit (Linux/Unix)](#1-pre-commit-linuxunix)
+      - [2. Husky (Linux/Unix/Windows)](#2-husky-linuxunixwindows)
+          - [Windows](#windows)
+          - [Linux/Unix](#linuxunix)
+          - [Windows](#windows-1)
+          - [Linux/Unix](#linuxunix-1)
+  - [Installation to a single project](#installation-to-a-single-project)
+    - [Handling existing hooks](#handling-existing-hooks-1)
+- [Upgrading](#upgrading)
 - [Talisman in action](#talisman-in-action)
-	- [Validations](#validations)
-	- [Ignoring files](#ignoring-files)
-	- [Configuring severity threshold](#configuring-severity-threshold)
+  - [Validations](#validations)
+  - [Ignoring Files](#ignoring-files)
+    - [Interactive mode](#interactive-mode)
+    - [Ignoring specific detectors](#ignoring-specific-detectors)
+    - [Ignoring specific keywords](#ignoring-specific-keywords)
+    - [Ignoring multiple files of same type (with wildcards)](#ignoring-multiple-files-of-same-type-with-wildcards)
+    - [Ignoring files by specifying language scope](#ignoring-files-by-specifying-language-scope)
+    - [Custom search patterns](#custom-search-patterns)
+  - [Configuring severity threshold](#configuring-severity-threshold)
   - [Talisman as a CLI utility](#talisman-as-a-cli-utility)
-    - [Git History Scanner](#git-history-scanner)
+    - [Interactive mode](#interactive-mode-1)
+    - [Git history Scanner](#git-history-scanner)
     - [Checksum Calculator](#checksum-calculator)
-	- [Talisman HTML Reporting](#talisman-html-reporting)
+- [Talisman HTML Reporting](#talisman-html-reporting)
+  - [Sample Screenshots](#sample-screenshots)
 - [Uninstallation](#uninstallation)
-	- [From a global hook template](#uninstallation-from-a-global-hook-template)
-	- [From a single repository](#uninstallation-from-a-single-repository)
-- [Contributing to Talisman](#contributing-to-talisman)
-	- [Developing locally](https://github.com/thoughtworks/talisman/blob/master/contributing.md#developing-locally)
-	- [Releasing](https://github.com/thoughtworks/talisman/blob/master/contributing.md#releasing)
+  - [Uninstallation from a global hook template](#uninstallation-from-a-global-hook-template)
+  - [Uninstallation from a single repository](#uninstallation-from-a-single-repository)
+  - [Contributing to Talisman](#contributing-to-talisman)
 
 # What is Talisman?
 Talisman is a tool that installs a hook to your repository to ensure that potential secrets or sensitive information do not leave the developer's workstation.
@@ -156,15 +171,18 @@ In order to use husky, make sure you have already set TALISMAN_HOME to `$PATH`.
 ## Installation to a single project
 
 ```bash
-# Download the talisman binary
+# Download the talisman installer script
 curl https://thoughtworks.github.io/talisman/install.sh > ~/install-talisman.sh
 chmod +x ~/install-talisman.sh
 ```
 
 ```bash
-# Install to a single project (as pre-push hook)
+# Install to a single project
 cd my-git-project
+# as a pre-push hook
 ~/install-talisman.sh
+# or as a pre-commit hook
+~/install-talisman.sh pre-commit
 ```
 
 ### Handling existing hooks

install.sh

@@ -1,37 +1,55 @@
 #!/bin/bash
 set -euo pipefail
 
+HOOK_NAME="${1:-pre-push}"
+case "$HOOK_NAME" in
+pre-commit | pre-push) REPO_HOOK_TARGET=".git/hooks/${HOOK_NAME}" ;;
+*)
+  echo "Unknown Hook name '${HOOK_NAME}'. Please check parameters"
+  exit 1
+  ;;
+esac
+
 # we call run() at the end of the script to prevent inconsistent state in case
 # user runs with curl|bash and curl fails in the middle of the download
 # (https://www.seancassidy.me/dont-pipe-to-your-shell.html)
 run() {
   IFS=$'\n'
 
-  VERSION="v0.3.2"
+  VERSION="v1.8.0"
   GITHUB_URL="https://github.com/thoughtworks/talisman"
+  GITHUB_RAW_URL="https://raw.githubusercontent.com/thoughtworks/talisman"
   BINARY_BASE_URL="$GITHUB_URL/releases/download/$VERSION/talisman"
-  REPO_PRE_PUSH_HOOK=".git/hooks/pre-push"
+  HOOK_SCRIPT_URL="$GITHUB_RAW_URL/master/global_install_scripts/talisman_hook_script.bash"
+  REPO_HOOK_BIN_DIR=".git/hooks/bin"
+
   DEFAULT_GLOBAL_TEMPLATE_DIR="$HOME/.git-templates"
 
-  EXPECTED_BINARY_SHA_LINUX_AMD64="8c0ba72fb018892b48c8e63f5e579b5bd72ec5f9d284f31c35a5382f77685834"
-  EXPECTED_BINARY_SHA_LINUX_X86="332bb7a1295f45d2efaac48757f4f8c513a4cca563ebc86f964c985be7aaed51"
-  EXPECTED_BINARY_SHA_DARWIN_AMD64="e66c2b21b69ab80f4474d3cc3f591f6ca68e2b76a96337e7eb807fc305e518f1"
-  
+  EXPECTED_BINARY_SHA_LINUX_AMD64="22b1aaee860b27306bdf345a0670f138830bcf7fbe16c75be186fe119e9d54b4"
+  EXPECTED_BINARY_SHA_LINUX_X86="d0558d626a4ee1e90d2c2a5f3c69372a30b8f2c8e390a59cedc15585b0731bc4"
+  EXPECTED_BINARY_SHA_DARWIN_AMD64="f30e1ec6fb3e1fc33928622f17d6a96933ca63d5ab322f9ba869044a3075ffda"
+
   declare DOWNLOADED_BINARY
-  
+
   E_HOOK_ALREADY_PRESENT=1
   E_CHECKSUM_MISMATCH=2
   E_USER_CANCEL=3
   E_HEADLESS=4
   E_UNSUPPORTED_ARCH=5
   E_DEPENDENCY_NOT_FOUND=6
-  
+
   echo_error() {
     echo -ne $(tput setaf 1) >&2
     echo "$1" >&2
     echo -ne $(tput sgr0) >&2
   }
 
+  echo_success() {
+    echo -ne $(tput setaf 2)
+    echo "$1" >&2
+    echo -ne $(tput sgr0)
+  }
+
   binary_arch_suffix() {
     declare ARCHITECTURE
     if [[ "$(uname -s)" == "Linux" ]]; then
@@ -53,11 +71,10 @@ run() {
       echo_error "If this is a problem for you, please open an issue: https://github.com/thoughtworks/talisman/issues/new"
       exit $E_UNSUPPORTED_ARCH
     fi
-    
+
     echo $ARCHITECTURE
   }
 
-
   download_and_verify() {
     if [[ ! -x "$(which curl 2>/dev/null)" ]]; then
       echo_error "This script requires 'curl' to download the Talisman binary."
@@ -67,31 +84,32 @@ run() {
       echo_error "This script requires 'shasum' to verify the Talisman binary."
       exit $E_DEPENDENCY_NOT_FOUND
     fi
-    
+
     echo 'Downloading and verifying binary...'
     echo
-    
+
     TMP_DIR=$(mktemp -d 2>/dev/null || mktemp -d -t 'talisman')
     trap 'rm -r $TMP_DIR' EXIT
     chmod 0700 $TMP_DIR
 
     ARCH_SUFFIX=$(binary_arch_suffix)
-
-    curl --location --silent "${BINARY_BASE_URL}_${ARCH_SUFFIX}" > $TMP_DIR/talisman
 
-    DOWNLOAD_SHA=$(shasum -b -a256 $TMP_DIR/talisman | cut -d' ' -f1)
+    curl --location --silent "${BINARY_BASE_URL}_${ARCH_SUFFIX}" >"${TMP_DIR}/talisman"
+    curl --location --silent "$HOOK_SCRIPT_URL" >"${TMP_DIR}/talisman_hook_script.bash"
+
+    DOWNLOAD_SHA=$(shasum -b -a256 "${TMP_DIR}/talisman" | cut -d' ' -f1)
 
     declare EXPECTED_BINARY_SHA
     case "$ARCH_SUFFIX" in
-      linux_386)
-        EXPECTED_BINARY_SHA="$EXPECTED_BINARY_SHA_LINUX_X86"
-        ;;
-      linux_amd64)
-        EXPECTED_BINARY_SHA="$EXPECTED_BINARY_SHA_LINUX_AMD64"
-        ;;
-      darwin_amd64)
-        EXPECTED_BINARY_SHA="$EXPECTED_BINARY_SHA_DARWIN_AMD64"
-        ;;
+    linux_386)
+      EXPECTED_BINARY_SHA="$EXPECTED_BINARY_SHA_LINUX_X86"
+      ;;
+    linux_amd64)
+      EXPECTED_BINARY_SHA="$EXPECTED_BINARY_SHA_LINUX_AMD64"
+      ;;
+    darwin_amd64)
+      EXPECTED_BINARY_SHA="$EXPECTED_BINARY_SHA_DARWIN_AMD64"
+      ;;
     esac
 
     if [[ ! "$DOWNLOAD_SHA" == "$EXPECTED_BINARY_SHA" ]]; then
@@ -102,25 +120,32 @@ run() {
     fi
 
     DOWNLOADED_BINARY="$TMP_DIR/talisman"
+    DOWNLOADED_HOOK_SCRIPT="${TMP_DIR}/talisman_hook_script.bash"
   }
 
   install_to_repo() {
-    if [[ -x "$REPO_PRE_PUSH_HOOK" ]]; then
-      echo_error "Oops, it looks like you already have a pre-push hook installed at '$REPO_PRE_PUSH_HOOK'."
+    if [[ -x "$REPO_HOOK_TARGET" ]]; then
+      echo_error "Oops, it looks like you already have a ${HOOK_NAME} hook installed at '${REPO_HOOK_TARGET}'."
       echo_error "Talisman is not compatible with other hooks right now, sorry."
       echo_error "If this is a problem for you, please open an issue: https://github.com/thoughtworks/talisman/issues/new"
       exit $E_HOOK_ALREADY_PRESENT
     fi
 
     download_and_verify
 
-    mkdir -p $(dirname $REPO_PRE_PUSH_HOOK)
-    cp $DOWNLOADED_BINARY $REPO_PRE_PUSH_HOOK
-    chmod +x $REPO_PRE_PUSH_HOOK
+    mkdir -p "$REPO_HOOK_BIN_DIR"
+    TALISMAN_BIN_TARGET="${REPO_HOOK_BIN_DIR}/talisman"
+    cp "$DOWNLOADED_BINARY" "$TALISMAN_BIN_TARGET"
+    chmod +x "$TALISMAN_BIN_TARGET"
 
-    echo -ne $(tput setaf 2)
-    echo "Talisman successfully installed to '$REPO_PRE_PUSH_HOOK'."
-    echo -ne $(tput sgr0)
+    HOOK_SCRIPT_TARGET="${REPO_HOOK_BIN_DIR}/pre-commit"
+    cp "$DOWNLOADED_HOOK_SCRIPT" "$HOOK_SCRIPT_TARGET"
+    chmod +x "$HOOK_SCRIPT_TARGET"
+
+    echo "TALISMAN_BINARY=\"${TALISMAN_BIN_TARGET}\" TALISMAN_INTERACTIVE=\"false\" ${HOOK_SCRIPT_TARGET}" >"$REPO_HOOK_TARGET"
+    chmod +x "$REPO_HOOK_TARGET"
+
+    echo_success "Talisman successfully installed to '$REPO_HOOK_TARGET'."
   }
 
   install_to_git_templates() {
@@ -157,36 +182,34 @@ run() {
       echo
 
       case "$USE_EXISTING" in
-	Y|y|"") ;; # okay, continue
-	*)
-	  echo_error "Not installing Talisman."
-	  echo_error "If you were trying to install into a single git repo, re-run this command from that repo."
-	  echo_error "You can always download/compile manually from our Github page: $GITHUB_URL"
-	  exit $E_USER_CANCEL
-	  ;;
+      Y | y | "") ;; # okay, continue
+      *)
+        echo_error "Not installing Talisman."
+        echo_error "If you were trying to install into a single git repo, re-run this command from that repo."
+        echo_error "You can always download/compile manually from our Github page: $GITHUB_URL"
+        exit $E_USER_CANCEL
+        ;;
       esac
     fi
 
     # Support '~' in path
     TEMPLATE_DIR=${TEMPLATE_DIR/#\~/$HOME}
 
-    if [ -f "$TEMPLATE_DIR/hooks/pre-push" ]; then
-      echo_error "Oops, it looks like you already have a pre-push hook installed at '$TEMPLATE_DIR/hooks/pre-push'."
+    if [ -f "$TEMPLATE_DIR/hooks/${HOOK_NAME}" ]; then
+      echo_error "Oops, it looks like you already have a ${HOOK_NAME} hook installed at '$TEMPLATE_DIR/hooks/${HOOK_NAME}'."
       echo_error "Talisman is not compatible with other hooks right now, sorry."
       echo_error "If this is a problem for you, please open an issue: https://github.com/thoughtworks/talisman/issues/new"
       exit $E_HOOK_ALREADY_PRESENT
     fi
-    
+
     mkdir -p "$TEMPLATE_DIR/hooks"
 
     download_and_verify
 
-    cp $DOWNLOADED_BINARY "$TEMPLATE_DIR/hooks/pre-push"
-    chmod +x "$TEMPLATE_DIR/hooks/pre-push"
-
-    echo -ne $(tput setaf 2)
-    echo "Talisman successfully installed."
-    echo -ne $(tput sgr0)
+    cp "$DOWNLOADED_BINARY" "$TEMPLATE_DIR/hooks/${HOOK_NAME}"
+    chmod +x "$TEMPLATE_DIR/hooks/${HOOK_NAME}"
+
+    echo_success "Talisman successfully installed."
   }
 
   if [ ! -d "./.git" ]; then