From 33f52b0fafd3d244bbcefeb97964f459ebb3f5b9 Mon Sep 17 00:00:00 2001 From: Eduardo Teles Date: Wed, 31 Dec 2025 07:52:41 -0300 Subject: [PATCH 1/9] Adicionado o script de entrypoint --- entrypoint.ts | 115 +++++++++++++++++++++++++++++++++++++++++++++++++- mise.toml | 5 +++ 2 files changed, 119 insertions(+), 1 deletion(-) diff --git a/entrypoint.ts b/entrypoint.ts index f67b2c6..118bdac 100644 --- a/entrypoint.ts +++ b/entrypoint.ts @@ -1 +1,114 @@ -console.log("Hello via Bun!"); \ No newline at end of file +import {$} from "bun"; +import * as path from "node:path"; + +// Utilitários de cor para o terminal +const col = { + red: (txt: string) => `\x1b[31m${txt}\x1b[0m`, + green: (txt: string) => `\x1b[32m${txt}\x1b[0m`, + yellow: (txt: string) => `\x1b[33m${txt}\x1b[0m`, + blue: (txt: string) => `\x1b[34m${txt}\x1b[0m`, + dim: (txt: string) => `\x1b[2m${txt}\x1b[0m`, +}; + +enum HookName { + KtLint = "KtLint", + OpenTofu = "OpenTofu", +} + +interface Hook { + include: RegExp; + + run(filePaths: string[]): Promise; +} + +const hooks: Record = { + [HookName.KtLint]: { + include: /\.kts?$/, + async run(filePaths: string[]): Promise { + if (filePaths.length === 0) return 0; + + console.log(col.blue(`ℹ️ Rodando KtLint em ${filePaths.length} arquivos...`)); + // Adicionado --relative para output mais limpo, se suportado, ou mantenha paths absolutos + const {exitCode} = await $`ktlint -F ${filePaths}`.nothrow(); + return exitCode; + }, + }, + [HookName.OpenTofu]: { + // Melhorado regex para pegar extensões corretamente e fixado o fim da string ($) + include: /\.(tf|tofu|tfvars|tftest\.hcl)$/, + async run(filePaths: string[]): Promise { + if (filePaths.length === 0) return 0; + + console.log(col.blue(`ℹ️ Rodando OpenTofu fmt em ${filePaths.length} arquivos...`)); + // Removido -recursive, pois estamos passando arquivos específicos + const {exitCode} = await $`tofu fmt ${filePaths}`.nothrow(); + return exitCode; + }, + }, +}; + +async function runGitLeaks(): Promise { + console.log(col.dim("🔒 Verificando segredos com Gitleaks...")); + + // 2. Uso do comando 'git' e captura de output (.quiet()) + // O .quiet() impede que o stdout vazie no terminal a menos que a gente mande + const {exitCode, stdout, stderr} = await $`gitleaks git --pre-commit --redact --staged --verbose --no-banner`.quiet().nothrow(); + + if (exitCode !== 0) { + console.error(col.red("\n❌ Gitleaks detectou segredos no código!")); + // Só mostramos o log se houver erro + console.log(stdout.toString()); + console.log(stderr.toString()); + return false; + } + + return true; +} + +async function main(args: string[]) { + // slice é mais seguro que splice para não mutar o argv original, embora splice funcione + const sources = args.slice(2); + + if (sources.length === 0) { + // Se não houver arquivos na staged area passados pelo lint-staged ou similar + console.log(col.dim("⏭️ Nenhum arquivo para verificar.")); + process.exit(0); + } + + // 1. Segurança Primeiro + const isSecure = await runGitLeaks(); + if (!isSecure) { + // Segurança é prioridade: se falhar, aborta tudo imediatamente. + process.exit(1); + } + + const filesPaths = sources.map((source) => path.resolve(source)); + let hasFailure = false; + + // 2. Execução dos Hooks + for (const [name, hook] of Object.entries(hooks)) { + const parsedFiles = filesPaths.filter((filePath) => hook.include.test(filePath)); + + // Pula se não houver arquivos para este hook + if (parsedFiles.length === 0) continue; + + const exitCode = await hook.run(parsedFiles); + + if (exitCode !== 0) { + console.error(col.red(`❌ Falha na execução do hook: ${name}`)); + hasFailure = true; + } else { + console.log(col.green(`✅ ${name} executado com sucesso.`)); + } + } + + // 3. Saída Final + if (hasFailure) { + console.error(col.red("\n⛔ O commit foi abortado devido a erros nos hooks.")); + process.exit(1); + } + + console.log(col.green("\n✨ Todos as verificações passaram!")); +} + +await main(process.argv); diff --git a/mise.toml b/mise.toml index f6db502..1b4ef54 100644 --- a/mise.toml +++ b/mise.toml @@ -1,2 +1,7 @@ [tools] bun = "1.3.5" +gitleaks = "8.30.0" +java = "temurin-21.0.9+10.0.LTS" +ktlint = "1.8.0" +opentofu = "1.11.2" +task = "3.46.4" From b31b6f7f378919cfde73b819e5ca0a41bd57ab9f Mon Sep 17 00:00:00 2001 From: Eduardo Teles Date: Wed, 31 Dec 2025 07:56:29 -0300 Subject: [PATCH 2/9] Adicionado Dockerfile --- .dockerignore | 145 ++++++++++++++++++++++++++++++++++++++++++++++++++ Dockerfile | 30 +++++++++++ 2 files changed, 175 insertions(+) create mode 100644 .dockerignore create mode 100644 Dockerfile diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..50bfb1e --- /dev/null +++ b/.dockerignore @@ -0,0 +1,145 @@ +### Projeto +test + +### IDE's template + +# JetBrains +.idea +.iml + +# Visual Studio Code +.code + + +### Node template +# Logs +logs +*.log +npm-debug.log* +yarn-debug.log* +yarn-error.log* +lerna-debug.log* +.pnpm-debug.log* + +# Diagnostic reports (https://nodejs.org/api/report.html) +report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json + +# Runtime data +pids +*.pid +*.seed +*.pid.lock + +# Directory for instrumented libs generated by jscoverage/JSCover +lib-cov + +# Coverage directory used by tools like istanbul +coverage +*.lcov + +# nyc test coverage +.nyc_output + +# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files) +.grunt + +# Bower dependency directory (https://bower.io/) +bower_components + +# node-waf configuration +.lock-wscript + +# Compiled binary addons (https://nodejs.org/api/addons.html) +build/Release + +# Dependency directories +node_modules/ +jspm_packages/ + +# Snowpack dependency directory (https://snowpack.dev/) +web_modules/ + +# TypeScript cache +*.tsbuildinfo + +# Optional npm cache directory +.npm + +# Optional eslint cache +.eslintcache + +# Optional stylelint cache +.stylelintcache + +# Microbundle cache +.rpt2_cache/ +.rts2_cache_cjs/ +.rts2_cache_es/ +.rts2_cache_umd/ + +# Optional REPL history +.node_repl_history + +# Output of 'npm pack' +*.tgz + +# Yarn Integrity file +.yarn-integrity + +# dotenv environment variable files +.env +.env.development.local +.env.test.local +.env.production.local +.env.local + +# parcel-bundler cache (https://parceljs.org/) +.cache +.parcel-cache + +# Next.js build output +.next +out + +# Nuxt.js build / generate output +.nuxt +dist + +# Gatsby files +.cache/ +# Comment in the public line in if your project uses Gatsby and not Next.js +# https://nextjs.org/blog/next-9-1#public-directory-support +# public + +# vuepress build output +.vuepress/dist + +# vuepress v2.x temp and cache directory +.temp +.cache + +# Docusaurus cache and generated files +.docusaurus + +# Serverless directories +.serverless/ + +# FuseBox cache +.fusebox/ + +# DynamoDB Local files +.dynamodb/ + +# TernJS port file +.tern-port + +# Stores VSCode versions used for testing VSCode extensions +.vscode-test + +# yarn v2 +.yarn/cache +.yarn/unplugged +.yarn/build-state.yml +.yarn/install-state.gz +.pnp.* + diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..4369446 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,30 @@ +FROM docker.io/library/almalinux:10 AS base + +ENV USER=cod3rocket +ENV HOME=/home/$USER +ENV PATH="$PATH:$HOME/.local/bin:$HOME/.local/share/mise/shims" + +RUN dnf install -y curl ca-certificates tar freetype dejavu-sans-fonts fontconfig \ + && dnf clean all \ + && rm -rf /var/cache/yum \ + && useradd -m -s /bin/bash $USER + +USER $USER +WORKDIR $HOME + +RUN curl https://mise.run | sh \ + && mise settings set experimental true \ + && echo "eval \"\$(~/.local/bin/mise activate bash)\"" >> ~/.bashrc \ + && eval "$(~/.local/bin/mise activate bash)" + +COPY mise.toml /etc/mise/config.toml + +RUN mise trust && mise install --yes && mise reshim + +COPY --chown=$USER:$USER package.json bun.lock entrypoint.ts /opt/cod3rocket/pre-commit-hooks/ + +WORKDIR /opt/cod3rocket/pre-commit-hooks + +RUN bun i + +ENTRYPOINT [ "bun", "run", "entrypoint.ts" ] From ae79b2e2bdb3e33ab4c883791da939410e1c9e7a Mon Sep 17 00:00:00 2001 From: Eduardo Teles Date: Wed, 31 Dec 2025 07:57:10 -0300 Subject: [PATCH 3/9] Adicionado taskfile para build da imagem de dev --- Taskfile.yaml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 Taskfile.yaml diff --git a/Taskfile.yaml b/Taskfile.yaml new file mode 100644 index 0000000..2583530 --- /dev/null +++ b/Taskfile.yaml @@ -0,0 +1,5 @@ +version: "3" + +tasks: + build:dev: + cmd: docker buildx build -t ghcr.io/cod3rocket/pre-commit-hooks:dev . From f2de979dac629d66b4e7a1d88349673f4e7e5633 Mon Sep 17 00:00:00 2001 From: Eduardo Teles Date: Wed, 31 Dec 2025 08:04:03 -0300 Subject: [PATCH 4/9] =?UTF-8?q?Adicionado=20action=20para=20build=20e=20pu?= =?UTF-8?q?blica=C3=A7=C3=A3o=20da=20imagem=20docker?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/build.yml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 .github/workflows/build.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..beb0d0a --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,33 @@ +name: Build +on: + push: + branches: + - dev + tags: + - 'v*' +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v6 + + - name: Setup QEMU + uses: docker/setup-qemu-action@v3 + + - name: Setup docker buildx + uses: docker/setup-buildx-action@v3 + + - name: Login no GHCR + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build e push multi-arch + uses: docker/build-push-action@v6 + with: + push: true + platforms: linux/amd64,linux/arm64 + tags: ghcr.io/${{ github.repository }}:${{ github.ref_name }} From ddd7863e850d016aaa5bffbcf853f38161cadfb4 Mon Sep 17 00:00:00 2001 From: Eduardo Teles Date: Wed, 31 Dec 2025 08:16:43 -0300 Subject: [PATCH 5/9] Adicionado labels na imagem --- Dockerfile | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/Dockerfile b/Dockerfile index 4369446..921401e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,21 @@ FROM docker.io/library/almalinux:10 AS base +ARG BUILD_DATE +ARG BUILD_VERSION + +LABEL maintainer="contato@cod3rocket.com" +LABEL org.opencontainers.image.created=$BUILD_DATE +LABEL org.opencontainers.image.authors="Cod3Rocket" +LABEL org.opencontainers.image.url="https://github.com/cod3rocket/pre-commit-hooks" +LABEL org.opencontainers.image.documentation="https://github.com/cod3rocket/pre-commit-hooks" +LABEL org.opencontainers.image.source="https://github.com/cod3rocket/pre-commit-hooks" +LABEL org.opencontainers.image.version=$BUILD_VERSION +LABEL org.opencontainers.image.vendor="Cod3Rocket" +LABEL org.opencontainers.image.licenses="MIT" +LABEL org.opencontainers.image.title="pre-commit-hooks" +LABEL org.opencontainers.image.description="Hooks de pre commit da cod3Rocket" +LABEL org.opencontainers.image.base.name="docker.io/library/almalinux:10" + ENV USER=cod3rocket ENV HOME=/home/$USER ENV PATH="$PATH:$HOME/.local/bin:$HOME/.local/share/mise/shims" From 409086b90a858db14698c4569dd95bab28e9e644 Mon Sep 17 00:00:00 2001 From: Eduardo Teles Date: Wed, 31 Dec 2025 08:17:08 -0300 Subject: [PATCH 6/9] =?UTF-8?q?Adicionado=20os=20build=20args=20necess?= =?UTF-8?q?=C3=A1rios=20para=20o=20build=20da=20imagem?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/build.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index beb0d0a..761b9f2 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -25,9 +25,16 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Get current date + id: date + run: echo "date=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT + - name: Build e push multi-arch uses: docker/build-push-action@v6 with: push: true platforms: linux/amd64,linux/arm64 tags: ghcr.io/${{ github.repository }}:${{ github.ref_name }} + build-args: | + BUILD_DATE=${{ steps.date.outputs.date }} + BUILD_VERSION=${{ github.ref_name }} From 037d047b09a049499f3ffb3709ec24d20ba7738f Mon Sep 17 00:00:00 2001 From: Eduardo Teles Date: Wed, 31 Dec 2025 08:19:35 -0300 Subject: [PATCH 7/9] =?UTF-8?q?Adicionado=20os=20arquivos=20de=20configura?= =?UTF-8?q?=C3=A7=C3=A3o=20do=20pre-commit=20com=20vers=C3=B5es=20de=20pla?= =?UTF-8?q?ceholder?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .pre-commit-config.yaml | 6 ++++++ .pre-commit-hooks.yaml | 9 +++++++++ 2 files changed, 15 insertions(+) create mode 100644 .pre-commit-config.yaml create mode 100644 .pre-commit-hooks.yaml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..6fe7f55 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,6 @@ +repos: + - repo: . + rev: v0.0.0 + hooks: + - id: cod3rocket + exclude: test/ diff --git a/.pre-commit-hooks.yaml b/.pre-commit-hooks.yaml new file mode 100644 index 0000000..ff38227 --- /dev/null +++ b/.pre-commit-hooks.yaml @@ -0,0 +1,9 @@ +- id: cod3rocket + name: Cod3Rocket + entry: ghcr.io/cod3rocker/pre-commit-hooks:v0.0.0 + language: docker_image + +- id: cod3rocket-dev + name: Cod3Rocket + entry: ghcr.io/cod3rocker/pre-commit-hooks:dev + language: docker_image From 2dd80362d9b6b323811e8124714d776dfaf485fb Mon Sep 17 00:00:00 2001 From: Eduardo Teles Date: Wed, 31 Dec 2025 08:28:39 -0300 Subject: [PATCH 8/9] Atualizado o README.md --- README.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/README.md b/README.md index c7d547a..d247635 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,12 @@ # Pre Commit Hooks Hooks de pre commit da cod3Rocket + +## Ferramentas + +- [bun](https://bun/com) v1.3.5 +- [gitleaks](https://gitleaks.io) v8.30.0 +- [java (temurin)](https://adoptium.net) v21.0.9+10.0.LTS +- [ktlint](https://pinterest.github.io/ktlint) v1.8.0 +- [opentofu](https://opentofu.org) v1.11.2 +- [task](https://taskfile.dev) v3.46.4 From 74364c9a4642c8703c979851cb5bc5a083a77835 Mon Sep 17 00:00:00 2001 From: Eduardo Teles Date: Wed, 31 Dec 2025 08:28:51 -0300 Subject: [PATCH 9/9] =?UTF-8?q?Vers=C3=A3o=201.0.0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .pre-commit-config.yaml | 2 +- .pre-commit-hooks.yaml | 2 +- package.json | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 6fe7f55..37c56ee 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: . - rev: v0.0.0 + rev: v1.0.0 hooks: - id: cod3rocket exclude: test/ diff --git a/.pre-commit-hooks.yaml b/.pre-commit-hooks.yaml index ff38227..06b4c7c 100644 --- a/.pre-commit-hooks.yaml +++ b/.pre-commit-hooks.yaml @@ -1,6 +1,6 @@ - id: cod3rocket name: Cod3Rocket - entry: ghcr.io/cod3rocker/pre-commit-hooks:v0.0.0 + entry: ghcr.io/cod3rocker/pre-commit-hooks:v1.0.0 language: docker_image - id: cod3rocket-dev diff --git a/package.json b/package.json index 4fe9c0b..4a68766 100644 --- a/package.json +++ b/package.json @@ -1,5 +1,6 @@ { "name": "pre-commit-hooks", + "version": "1.0.0", "module": "entrypoint.ts", "type": "module", "private": true,