From 83d4f3f27d07154c825826d8bbec86d32ae6037b Mon Sep 17 00:00:00 2001 From: Honest Bot Date: Fri, 24 Jan 2025 10:15:17 +0000 Subject: [PATCH] chore: synced file(s) with honestbank/.github --- .pre-commit-config.yaml | 10 ++++ append-ticket-id.sh | 50 +++++++++++++++++ spell-check.sh | 121 ++++++++++++++++++++++++++++++++++++++++ trivy.yaml | 19 +++++++ 4 files changed, 200 insertions(+) create mode 100755 append-ticket-id.sh create mode 100755 spell-check.sh create mode 100644 trivy.yaml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 435b969f..b0163bb5 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -60,6 +60,16 @@ repos: args: ["docs"] language: system pass_filenames: false + - id: commit-msg-spell-check + name: commit-msg-spell-check + entry: ./spell-check.sh + language: script + stages: [ "commit-msg" ] + - id: append-ticket-id + name: Append Ticket ID to Commit Message + entry: ./append-ticket-id.sh + language: script + stages: [ commit-msg ] # Run this at the end so that we don't end up in infinite loop # where the end of line fixer runs first and then the docs and fmt # and other hooks that modify files will break it again. diff --git a/append-ticket-id.sh b/append-ticket-id.sh new file mode 100755 index 00000000..339c5a16 --- /dev/null +++ b/append-ticket-id.sh @@ -0,0 +1,50 @@ +#!/bin/bash + +# Function to get the current branch name +get_current_branch() { + git branch --show-current +} + +# Function to get the commit message +get_commit_message() { + cat "$1" +} + +# Function to write the commit message +write_commit_message() { + echo "$2" > "$1" +} + +# Function to extract the ticket ID from the branch name +extract_ticket_id() { + echo "$1" | grep -o -E '(acq|da|data|dec|devop|ds|it|mlops|nerds|qa|sec|spe|ss)-[0-9]+' | tr '[:lower:]' '[:upper:]' +} + +# Main script +main() { + if [ $# -eq 0 ]; then + echo "commit message file not found, are you sure you set the stage for this hook to be in stages: [ commit-msg ]?" + exit 1 + fi + + commit_message_file="$1" + branch_name=$(get_current_branch) + ticket_id=$(extract_ticket_id "$branch_name") + + if [ -z "$ticket_id" ]; then + echo "Warning: No ticket ID found in branch name '$branch_name'" + exit 0 + fi + + commit_message=$(get_commit_message "$commit_message_file") + first_line=$(echo "$commit_message" | head -n 1) + + # Check if the first line already contains the ticket_id + if ! echo "$first_line" | grep -qi "$ticket_id"; then + first_line="$first_line [$ticket_id]" + commit_message="$first_line$(echo "$commit_message" | tail -n +2)" + write_commit_message "$commit_message_file" "$commit_message" + fi +} + +main "$@" diff --git a/spell-check.sh b/spell-check.sh new file mode 100755 index 00000000..e1419b40 --- /dev/null +++ b/spell-check.sh @@ -0,0 +1,121 @@ +#!/bin/bash + +# Function to check if Aspell is installed +check_aspell() { + if command -v aspell > /dev/null; then + return 1 + else + echo "Aspell is not installed. Automatically installing" + return 0 + fi +} + +# Function to install Aspell on Debian-based systems +install_aspell_debian() { + echo "Attempting to install Aspell on Debian-based system..." + sudo apt-get update && sudo apt-get install -y aspell +} + +# Function to install Aspell on macOS +install_aspell_mac() { + echo "Attempting to install Aspell on macOS..." + brew install aspell +} + +# Main logic +if check_aspell; then + # Identify the platform + case "$(uname -s)" in + Linux) + if [ -f /etc/debian_version ]; then + install_aspell_debian + else + echo "Unsupported Linux distribution." + fi + ;; + Darwin) + install_aspell_mac + ;; + *) + echo "Unsupported operating system." + ;; + esac +fi + + +read -r -d '' dictionary <<'EOF' +personal_ws-1.1 en 2 +anteraja +argocd +artajasa +bersama +bigquery +brankas +brankass +cardmember +checkly +checkov +ci +cloudkms +confluentinc +coreapi +deadletter +deadletters +decrypter +ekyc +encrypter +finexus +freshchat +goka +golang +hnst +honestbank +honestcard +jq +json +kafdrop +menubook +mst +nonk8s +noti +opentracing +perf +perso +pushgateway +rclone +resc +roleset +rolesets +rtrw +rudderstack +schemaregistry +snyk +strimzi +terratest +ulid +usecase +waitlist +waitlisted +yaml +EOF + +echo "$dictionary" > dictionary.text + +# Your string to check +string=$(cat "$1") + +echo "$string" + +# Check spelling +misspelled=$(echo "$string" | aspell --personal ./dictionary.text list) + +rm dictionary.text + +# If the misspelled variable is not empty, there are spelling errors +if [ -n "$misspelled" ]; then + echo "Spelling errors found:" + echo "$misspelled" + exit 1 +else + exit 0 +fi diff --git a/trivy.yaml b/trivy.yaml new file mode 100644 index 00000000..a93de9fa --- /dev/null +++ b/trivy.yaml @@ -0,0 +1,19 @@ +scan: + skip-dirs: + - test + - .terraform + + misconfiguration: + exclude-downloaded-modules: true # Exclude third-party downloaded modules from scanning + +# Specify the ignore file for ignored checks or vulnerabilities +ignoreFile: .trivyignore + +# Define the severities to focus on (UNKNOWN, LOW, MEDIUM, HIGH, CRITICAL) +severity: + - HIGH + - CRITICAL + - MEDIUM + +# Exit with code 1 if vulnerabilities or misconfigurations are found default to 0 +exit-code: 1