dan/ops-jrz1
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
ops-jrz1/scripts/hooks/validate-sanitization-hook.sh
Dan 894e7241f1 Initialize ops-jrz1 repository with Matrix platform extraction foundation 
- Add speckit workflow infrastructure (.claude, .specify)
- Create NixOS configuration skeleton (flake.nix, configuration.nix, hosts/ops-jrz1.nix)
- Add sanitization scripts with 22 rules for personal info removal
- Add validation scripts with gitleaks integration
- Configure git hooks (pre-commit, pre-push) for security validation
- Add project documentation (README, LICENSE)
- Add comprehensive .gitignore for Nix, secrets, staging

Phase 1 and Phase 2 complete. Foundation ready for module extraction from ops-base.
2025-10-13 13:37:17 -07:00

67 lines
2.3 KiB
Bash
Executable file
Raw Blame History

#!/usr/bin/env bash
#
# Pre-commit hook: Validate that no personal information is being committed
#
# This hook checks staged files for personal domains, IPs, and paths
# to prevent accidental leakage of sensitive information.
set -euo pipefail
# Get repository root
REPO_ROOT="$(git rev-parse --show-toplevel)"
# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
NC='\033[0m'
# Get list of staged Nix and Markdown files
STAGED_FILES=$(git diff --cached --name-only --diff-filter=ACM | grep -E '\.(nix|md)$' || true)
if [ -z "$STAGED_FILES" ]; then
# No Nix or Markdown files staged, skip validation
exit 0
fi
echo "==> Validating staged files for personal information..."
VALIDATION_FAILED=0
# Check for personal domains
if echo "$STAGED_FILES" | xargs git diff --cached | grep -E 'clarun\.xyz|talu\.uno' >/dev/null 2>&1; then
echo -e "${RED}✗ ERROR: Staged changes contain personal domains (clarun.xyz or talu.uno)${NC}"
echo " These domains must be replaced with example.com or matrix.example.org"
VALIDATION_FAILED=1
fi
# Check for personal IPs
if echo "$STAGED_FILES" | xargs git diff --cached | grep -E '192\.168\.1\.|45\.77\.205\.49' >/dev/null 2>&1; then
echo -e "${RED}✗ ERROR: Staged changes contain personal IP addresses${NC}"
echo " Replace 192.168.1.x with 10.0.0.x and 45.77.205.49 with 203.0.113.10"
VALIDATION_FAILED=1
fi
# Check for personal paths
if echo "$STAGED_FILES" | xargs git diff --cached | grep -E '/home/dan' >/dev/null 2>&1; then
echo -e "${RED}✗ ERROR: Staged changes contain personal paths (/home/dan)${NC}"
echo " Replace with /home/user or generic paths"
VALIDATION_FAILED=1
fi
# Check for hostname jrz1 (but allow ops-jrz1 since that's the server name)
if echo "$STAGED_FILES" | xargs git diff --cached | grep -E '\bjrz1\b' | grep -v 'ops-jrz1' >/dev/null 2>&1; then
echo -e "${RED}✗ ERROR: Staged changes contain personal hostname (jrz1)${NC}"
echo " Replace with 'matrix' or generic hostname (ops-jrz1 is allowed)"
VALIDATION_FAILED=1
fi
if [ $VALIDATION_FAILED -eq 1 ]; then
echo ""
echo "Commit blocked. Please fix the issues above and try again."
echo "Run './scripts/sanitize-files.sh <dir> <dir>' to apply sanitization rules."
exit 1
fi
echo -e "${GREEN}✓ Sanitization validation passed${NC}"
exit 0
Reference in a new issue View git blame Copy permalink