Merge pull request #133 from srijanone/git-secrets

[WIP]: checkin install script for git-secrets

README.md

@@ -18,43 +18,29 @@ Several options to install:
 - Via released binaries:
   - [releases](https://github.com/srijanone/vega/releases)
 
----
-
 ## Requirements
 
 - git
 - [tilt](https://docs.tilt.dev/install.html)
 - [Docker](https://docs.docker.com/install/)
+- [docker-compose](https://docs.docker.com/compose/install/)
 
----
 
 ## Getting Started
 
-- `vega`: Vega usage
-
-![vega usage](.screenshots/vega_usage.png)
+- `vega`: vega usage
 
 - `vega init`: Initializes vega
 
-![vega init](.screenshots/vega_init.png)
-
 - `vega starterkit list`: List all available starterkits
 
-![vega starterkit list](.screenshots/vega_starterkit_list.png)
-
-- `vega create awesome-app --starterkit nodejs+redis`
-
-![vega create](.screenshots/vega_create.png)
-
-- `vega up`
+- `vega create my-drupal-app --starterkit drupal8-php-fpm-apache`: Bootload a new app using starterkit
 
-![vega down](.screenshots/vega_up.png)
+- `vega up`: Get your docker containers up & running.
 
-- `vega down`
+- `vega down`: Stop all docker containers.
 
-![vega down](.screenshots/vega_down.png)
-
----
+The above commands are mostly used commands, please refer commands table for further details.
 
 ## Commands
 
@@ -64,7 +50,7 @@ Several options to install:
 | `vega version`                                 | Prints out version                                                                    |                                                 | Vega 1.0.0 |
 | `vega home`                                    | Prints out home vega home                                                             |                                                 |            |
 | `vega init`                                    | Initializes vega                                                                      |                                                 |            |
-| `vega starterkit list`                         | List all available starterkits                                                        |                                                 | drupal8<br>nodejs    |
+| `vega starterkit list`                         | List all available starterkits                                                        |                                                 | drupal9-php-fpm-apache<br>react    |
 | `vega create [path] --starterkit <name>`       | Creates the starter kit at provided directory                                         | \--starterkit <name><br>\--repo <repo>          |            |
 | `vega install [path]`                          | Install a starterkit to existing project                                              | \--repo <repo>                                   |            |
 | `vega repo add <repo-name> <url>`              | Add another starterkit repo, Can choose local folder as well                          |                                                 |            |
@@ -80,8 +66,6 @@ Several options to install:
     1. `vega repo add globe git@github.com:vs4vijay/vega-starterkits.git`
     2. `vega repo add new /Users/viz/SrijanX/custom`
 
----
-
 ## Development
 
 - Run Vega: `go run main.go`
@@ -91,15 +75,26 @@ Several options to install:
     - `make release-dry-run`        # to test and verify on local machine
     - `make release-using-gorelease`
 
----
+
+## Secrets
+vega has been integrated with [git-secrets](https://github.com/awslabs/git-secrets) which adds following hooks to your repositories when ```vega hooks install``` is executed.
+
+  1. ```pre-commit```: Used to check if any of the files changed in the commit
+       use prohibited patterns.
+  2. ```commit-msg```: Used to determine if a commit message contains a
+       prohibited patterns.
+  3. ```prepare-commit-msg```: Used to determine if a merge commit will
+       introduce a history that contains a prohibited pattern at any point.
+       Please note that this hook is only invoked for non fast-forward merges.
+
+```vega hooks install``` overrides any current git hooks if you have added any. In case you would like to have multiple
+hooks please refer: https://gist.github.com/carlos-jenkins/89da9dcf9e0d528ac978311938aade43
 
 ## Credits
 
-- Srijan Team (https://srijan.net)
 - Inspiration from Draft (https://draft.sh)
-- Utilized Tilt (https://tilt.dev) for running the application 
-
----
+- Tilt (https://tilt.dev) is used for running the applications
+- git-secrets
 
 ## LICENSE
 

cmd/init.go

@@ -5,6 +5,8 @@ import (
 	"fmt"
 	"io"
 
+	"github.com/srijanone/vega/pkg/git_secrets"
+
 	"github.com/spf13/cobra"
 
 	common "github.com/srijanone/vega/pkg/common"
@@ -57,6 +59,11 @@ func (iCmd *initCmd) execute() error {
 		}
 	}
 
+	if !iCmd.dryRun {
+		if err := iCmd.setupGitSecrets(); err != nil {
+			return err
+		}
+	}
 	fmt.Fprintln(iCmd.out, "$VEGA_HOME has been initialized at", vegaHome)
 	return nil
 }
@@ -65,7 +72,7 @@ func (iCmd *initCmd) setupVegaHome() error {
 	directories := []string{
 		iCmd.home.String(),
 		iCmd.home.StarterKits(),
-		iCmd.home.GitHooks(),
+		// iCmd.home.GitHooks(),
 		iCmd.home.Logs(),
 	}
 
@@ -86,16 +93,10 @@ func (iCmd *initCmd) setupVegaHome() error {
 	}
 	defaultStarterKit.Add()
 
-	// Adding Git Hooks to Vega Home
-	gitHooks := vega.GitHooks{
-		Home: iCmd.home,
-		URL:  gitHooksRepoName,
-		Dir:  gitHooksDirName,
-		Out:  iCmd.out,
-	}
-	gitHooks.Add()
+	return nil
+}
 
-	// Installing Git Hooks as Global hooks
-	gitHooks.InstallGlobally()
+func (iCmd *initCmd) setupGitSecrets() error {
+	git_secrets.Configure(iCmd.out)
 	return nil
 }

pkg/core/git_hooks.go

@@ -3,12 +3,10 @@ package vega
 import (
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 
 	common "github.com/srijanone/vega/pkg/common"
-	downloader "github.com/srijanone/vega/pkg/downloader"
 	git "github.com/srijanone/vega/pkg/git"
 )
 
@@ -23,33 +21,6 @@ type GitHooks struct {
 	Out  io.Writer
 }
 
-// Add downloads git hooks to vega home
-func (gitHook *GitHooks) Add() {
-	d := downloader.Downloader{}
-	if gitHook.Dir == "" {
-		gitHook.Dir = Home("").GitHooks()
-	}
-	sourceRepo := fmt.Sprintf("%s//%s", gitHook.URL, gitHook.Dir)
-	fmt.Println("Downloading git hooks...")
-	d.Download(sourceRepo, gitHook.Home.GitHooks())
-}
-
-// InstallGlobally installs Git Hooks as Global Git Hooks
-func (gitHook *GitHooks) InstallGlobally() {
-	globalHooksDir := filepath.Join(common.DefaultHome(), ".git", "hooks")
-
-	fmt.Fprintf(gitHook.Out, "Creating Global Hooks Directory\n")
-	if err := common.EnsureDir(globalHooksDir); err != nil {
-		fmt.Fprintf(gitHook.Out, "Error in global hook directory: %v\n", err)
-	}
-
-	gitHook.createHook("pre-commit", globalHooksDir)
-
-	fmt.Fprintf(gitHook.Out, "Setting Global Git Hooks: %v\n", globalHooksDir)
-	args := []string{"config", "--global", "core.hooksPath", globalHooksDir}
-	git.Execute(gitHook.Out, args...)
-}
-
 // Install installs Git Hooks to a git based project path
 func (gitHook *GitHooks) Install(path string) {
 	gitHooksPath := filepath.Join(path, ".git", "hooks")
@@ -64,29 +35,10 @@ func (gitHook *GitHooks) Install(path string) {
 		return
 	}
 
-	gitHook.createHook("pre-commit", gitHooksPath)
+	// gitHook.createHook("pre-commit", gitHooksPath)
 
-	fmt.Fprintf(gitHook.Out, "Setting Up Local Git Hooks \n")
+	fmt.Fprintf(gitHook.Out, "Setting up Git Hooks \n")
 	os.Chdir(path) // change directory to project path if user is not in current directory
-	args := []string{"config", "core.hooksPath", ".git/hooks"}
+	args := []string{"secrets", "--install", "-f"}
 	git.Execute(gitHook.Out, args...)
 }
-
-func (gitHook *GitHooks) createHook(hookName string, path string) {
-	fmt.Fprintf(gitHook.Out, "Installing %v hooks\n", hookName)
-	var shellScripts []string
-
-	preCommitHooksDir := filepath.Join(gitHook.Home.GitHooks(), "generic", hookName)
-	preCommitScriptBody := scriptHeader + "\n"
-
-	shellScripts = common.ListFiles(preCommitHooksDir)
-	for _, shellScript := range shellScripts {
-		fmt.Fprintf(gitHook.Out, "Adding hook: %v\n", shellScript)
-		preCommitScriptBody = preCommitScriptBody + "\n" + shellScript
-	}
-
-	err := ioutil.WriteFile(filepath.Join(path, hookName), []byte(preCommitScriptBody), 0755)
-	if err != nil {
-		fmt.Fprintf(gitHook.Out, "couldn't create %v hook: %v\n", hookName, err)
-	}
-}

pkg/git_secrets/git_secrets.go

@@ -0,0 +1,65 @@
+package git_secrets
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"os"
+	"os/exec"
+	"path/filepath"
+
+	"github.com/srijanone/vega/pkg/common"
+	"github.com/srijanone/vega/pkg/git"
+)
+
+const (
+	commandName  = "git-secrets"
+	RequiredText = `
+		git-secrets is not installed, which is required to run the application. 
+	`
+	InstallInstructions = `
+		Install using: curl -fsSL https://raw.githubusercontent.com/srijanone/vega/develop/scripts/install_git_secrets.sh| bash
+	`
+)
+
+func IsInstalled() bool {
+	_, err := exec.LookPath(commandName)
+	return err == nil
+}
+
+func Configure(out io.Writer) {
+	templateDir := filepath.Join(common.DefaultHome(), ".git-templates", "git-secrets")
+	// This is a very rudimentary check, it checks if host, port, password etc in the database
+	// array in settings.php(drupal) is written in plain text. In case these are written in plain
+	// text the developer might write them in "", or '' and in case these are externalise typically
+	// developers would use https://www.php.net/manual/en/function.getenv.php or some other function.
+	drupalSecretRegex := "(\"|')?(host|port|password|username)(\"|')?\\s*(=>)\\s*(\"|')+(.*)(\"|')+\\s*"
+
+	fmt.Print("Adding common AWS patterns to the git config...\n")
+	execute(out, "--register-aws", "--global")
+
+	fmt.Printf("Adding hooks to all local repositories...\n")
+	execute(out, "--install", "-f", templateDir)
+	args := []string{"config", "--global", "init.templateDir", templateDir}
+	git.Execute(out, args...)
+
+	fmt.Printf("Registering Drupal secrets patters...\n")
+	execute(out, "--add", "--global", drupalSecretRegex)
+}
+
+func execute(out io.Writer, arguments ...string) error {
+	if !IsInstalled() {
+		fmt.Fprintf(out, RequiredText)
+		fmt.Fprintf(out, InstallInstructions)
+		return errors.New("git-secrets is not installed on system")
+	}
+
+	command := exec.Command(commandName, arguments...)
+	command.Stdout = out
+	command.Stderr = os.Stderr
+	err := command.Run()
+	if err != nil {
+		return err
+	}
+	return nil
+}

scripts/install.sh

@@ -33,7 +33,7 @@ function shell_rc() {
 }
 
 function next_step_message() {
-  local name="Vega"
+  local name="vega"
   echo -e "${yellow}${name} is installed to \$HOME/.local/bin, Please add following line to your $(shell_rc) file and reload it using: ${bold}source $(shell_rc) ${reset}"
   echo ""
   echo -e "${bold}export PATH=\"\$PATH:\$HOME/.local/bin\"${reset}"
@@ -63,7 +63,7 @@ function install_vega() {
       copy_binary "vega"
     fi
   else
-    echo -e "${red}The Vega installer does not work for your platform: ${OS} ${reset}"
+    echo -e "${red}The Vega installer is not supported for your platform ${OS} ${reset}"
     echo -e "${red}Please file an issue at https://github.com/srijanone/vega/issues/new ${reset}"
     exit 1
   fi
@@ -81,20 +81,33 @@ function install_tilt() {
       copy_binary "tilt"
     fi
   else
-    echo -e "${red}The Tilt installer does not work for your platform: ${OS} ${reset}"
+    echo -e "${red}The Tilt installer is not supported for your platform: ${OS} ${reset}"
     echo -e "${red}Please file an issue at https://github.com/tilt-dev/tilt/issues/new ${reset}"
     exit 1
   fi
 }
 
+function install_git_secrets() {
+  if [[ "$OSTYPE" == "linux-gnu" ]] || [[ "$OSTYPE" == "darwin"* ]]; then
+    curl -sSL -o git-secrets -D - -L -s 'https://raw.githubusercontent.com/awslabs/git-secrets/master/git-secrets'
+    chmod +x git-secrets
+    copy_binary "git-secrets"
+  else
+    echo -e "${red}git-secrets installer is not supported for your platform: ${OS} ${reset}"
+    echo -e "${red}Please file an issue at https://github.com/awslabs/git-secrets/issues/new ${reset}"
+    exit 1
+  fi
+}
+
 function install() {
   VEGA_PATH=$(command -v vega 2>&1 || true)
   TILT_PATH=$(command -v tilt 2>&1 || true)
+  GIT_SECRETS_PATH=$(command -v git-secrets 2>&1 || true)
 
   if [[ -z $VEGA_PATH ]]; then
     echo -e "${green}Installing Vega${reset}"
     install_vega
-  else
+  else  
     echo -e "${green}Vega already installed, Please run 'vega' for details${reset}"
   fi
 
@@ -104,6 +117,13 @@ function install() {
     install_tilt
   fi
 
+  if [[ -z $GIT_SECRETS_PATH ]]; then
+    echo -e "${green}Installing git-secrets${reset}"
+    install_git_secrets
+  else
+    echo -e "${green}git-secrets already installed, Please run 'git-secrets for details${reset}"
+  fi
+
   if [[ "${show_next_step_message}" == "YES" ]]; then
     next_step_message
   fi