mycelium/hooks/pre-commit at main · openprose/mycelium · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
#!/usr/bin/env bash
# Example pre-commit hook — tests + secret scan.
# Copy to .git/hooks/pre-commit and chmod +x.
set -euo pipefail

REPO_ROOT=$(git rev-parse --show-toplevel)

# Run tests if runtime, workflow scripts, hooks/, or anything under test/ is staged
if git diff --cached --name-only | grep -qE '^(install\.sh|mycelium\.sh|scripts/|hooks/|test/)' 2>/dev/null; then
  echo "running tests..."
  # Hooks inherit git-local env vars (GIT_DIR, GIT_WORK_TREE, etc.).
  # Clear them before running the inner temp repos created by the test suite.
  while read -r var; do unset "$var"; done < <(git rev-parse --local-env-vars)

  if [[ -x "$REPO_ROOT/test/test.sh" ]]; then
    "$REPO_ROOT/test/test.sh" >/dev/null || { echo "test/test.sh failed"; exit 1; }
  fi
  for suite in "$REPO_ROOT"/test/test-multi-repo-*.sh; do
    [[ -x "$suite" ]] || continue
    "$suite" >/dev/null || { echo "$(basename "$suite") failed"; exit 1; }
  done

  echo "tests passed"
fi

# Version: verify git describe works (catches detached HEAD with no tags)
if git diff --cached --name-only | grep -q '^mycelium\.sh$' 2>/dev/null; then
  VERSION=$(git describe --tags --always 2>/dev/null || echo "")
  if [[ -z "$VERSION" ]]; then
    echo "Warning: git describe failed — no tags? Run: git tag -a v0.1.0 -m 'release'" >&2
  fi
fi

# Secret scan
if command -v gitleaks &>/dev/null; then
  gitleaks git --staged --no-banner --redact -l warn
fi

# UBS scan (if installed)
if command -v ubs &>/dev/null; then
  ubs --ci --fail-on-warning "$REPO_ROOT" >/dev/null 2>&1 || {
    echo "ubs found warnings — run 'ubs .' to see details"
    exit 1
  }
fi