From 6eed18850e2e1d31a932b882d4be42cf77ba3db9 Mon Sep 17 00:00:00 2001
From: Francisco Perez <francisco.perez@eclipse-foundation.org>
Date: Fri, 6 Oct 2023 10:50:17 +0200
Subject: [PATCH] Adding a small pre-commit script to check out a presence of
 secrets using ggshield, if it is not installed will run a custom list of grep
 expressions

---
 git_hooks/pre-commit | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100755 git_hooks/pre-commit

diff --git a/git_hooks/pre-commit b/git_hooks/pre-commit
new file mode 100755
index 0000000..6c25fe3
--- /dev/null
+++ b/git_hooks/pre-commit
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+### This is a small pre-commit script that checks for the presence of secrets using ggshield. 
+### If ggshield is not installed, it will run a custom list of grep expressions to perform the secret check
+
+set -ep
+
+# Function to check if a command is available
+command_exists() {
+  command -v "$1" >/dev/null 2>&1
+}
+
+# Check if ggshield is installed
+if command_exists ggshield; then
+  # Run ggshield to scan for sensitive information
+  ggshield secret scan pre-commit "$@"
+else
+  # Display a warning if ggshield is not installed
+  echo "WARNING: ggshield is not installed."
+  echo
+  echo "INFO: Please consider to installing by following the steps below:" 
+  echo "pip install --user -U ggshield"
+  echo "ggshield auth login"
+  echo
+  echo "INFO: Running a custom lit of grep to check for common passwords patterns."
+  # Run grep to search for potential passwords (modify this command as needed)
+  if grep -r -I -E '(?:ghp|gho|ghu|ghs|ghr)_[0-9a-zA-Z]{36,}' . >/dev/null; then
+    echo "WARNING: Potential Github passwords found. Commit blocked."
+    exit 1
+  fi
+fi
+
+# If everything is fine, allow the commit to proceed
+echo
+echo "INFO: No issues found out"
+exit 0
\ No newline at end of file
-- 
GitLab