From b8fafdec45b0846ba970377a269322f33cd541a0 Mon Sep 17 00:00:00 2001 From: "Patrick C." <3180910+therealpxc@users.noreply.github.com> Date: Mon, 29 Apr 2024 20:07:23 -0700 Subject: [PATCH 1/3] modules/hooks.nix: restore alphabetical order --- modules/hooks.nix | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/modules/hooks.nix b/modules/hooks.nix index b686e61b..3aba636a 100644 --- a/modules/hooks.nix +++ b/modules/hooks.nix @@ -3462,15 +3462,6 @@ lib.escapeShellArgs (lib.concatMap (ext: [ "--ghc-opt" "-X${ext}" ]) hooks.ormol ); files = "(\\.json$)|(\\.toml$)|(\\.mli?$)"; }; - trim-trailing-whitespace = - { - name = "trim-trailing-whitespace"; - description = "Trim trailing whitespace."; - types = [ "text" ]; - stages = [ "commit" "push" "manual" ]; - package = tools.pre-commit-hooks; - entry = "${hooks.trim-trailing-whitespace.package}/bin/trailing-whitespace-fixer"; - }; treefmt = let inherit (hooks.treefmt) packageOverrides settings; @@ -3496,6 +3487,15 @@ lib.escapeShellArgs (lib.concatMap (ext: [ "--ghc-opt" "-X${ext}" ]) hooks.ormol packageOverrides = { treefmt = tools.treefmt; }; entry = "${hooks.treefmt.package}/bin/treefmt --fail-on-change"; }; + trim-trailing-whitespace = + { + name = "trim-trailing-whitespace"; + description = "Trim trailing whitespace."; + types = [ "text" ]; + stages = [ "commit" "push" "manual" ]; + package = tools.pre-commit-hooks; + entry = "${hooks.trim-trailing-whitespace.package}/bin/trailing-whitespace-fixer"; + }; typos = { name = "typos"; From 0b4048d9b7da3e1ded5d3e5fbc2e8250efd51d0e Mon Sep 17 00:00:00 2001 From: Patrick C <3180910+therealpxc@users.noreply.github.com> Date: Mon, 29 Apr 2024 20:07:42 -0700 Subject: [PATCH 2/3] add working but unconfigurable trufflehog module --- modules/hooks.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/modules/hooks.nix b/modules/hooks.nix index 3aba636a..45c91aa4 100644 --- a/modules/hooks.nix +++ b/modules/hooks.nix @@ -3496,6 +3496,23 @@ lib.escapeShellArgs (lib.concatMap (ext: [ "--ghc-opt" "-X${ext}" ]) hooks.ormol package = tools.pre-commit-hooks; entry = "${hooks.trim-trailing-whitespace.package}/bin/trailing-whitespace-fixer"; }; + trufflehog = + { + name = "trufflehog"; + description = "Secrets scanner"; + entry = + let + script = pkgs.writeShellScript "precommit-trufflehog" '' + set -e + ${hooks.trufflehog.package}/bin/trufflehog --no-update git "file://$(git rev-parse --show-top-level)" --since-commit HEAD --only-verified --fail + ''; + in + builtins.toString script; + package = pkgs.trufflehog; + + # trufflehog expects to run across the whole repo, not particular files + pass_filenames = false; + }; typos = { name = "typos"; From 0ec644cee9abdf81ea1b3ce9303d59e6c9764b0b Mon Sep 17 00:00:00 2001 From: Sander Date: Thu, 19 Sep 2024 10:53:25 +0000 Subject: [PATCH 3/3] add trufflehog to tools --- modules/hooks.nix | 2 +- nix/tools.nix | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/hooks.nix b/modules/hooks.nix index 45c91aa4..10d2c577 100644 --- a/modules/hooks.nix +++ b/modules/hooks.nix @@ -3508,7 +3508,7 @@ lib.escapeShellArgs (lib.concatMap (ext: [ "--ghc-opt" "-X${ext}" ]) hooks.ormol ''; in builtins.toString script; - package = pkgs.trufflehog; + package = tools.trufflehog; # trufflehog expects to run across the whole repo, not particular files pass_filenames = false; diff --git a/nix/tools.nix b/nix/tools.nix index c3eb9d92..10d97fc3 100644 --- a/nix/tools.nix +++ b/nix/tools.nix @@ -74,6 +74,7 @@ , texlive , topiary ? null ## Added in nixpkgs on Dec 2, 2022 , treefmt +, trufflehog , typos , typstfmt , typstyle ? null ## Add in nixpkgs added on commit 800ca60 @@ -152,6 +153,7 @@ in taplo topiary treefmt + trufflehog typos typstfmt typstyle