38 lines
1.5 KiB
Bash
Executable File
38 lines
1.5 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# pre-commit hook: runs on every `git commit`
|
|
# Install with: make setup (sets core.hooksPath = .githooks)
|
|
set -euo pipefail
|
|
|
|
# Collect staged Go files only — avoids re-checking untouched code.
|
|
STAGED=$(git diff --cached --name-only --diff-filter=ACM | grep '\.go$' || true)
|
|
|
|
if [ -z "$STAGED" ]; then
|
|
echo "pre-commit: no Go files staged — skipping."
|
|
exit 0
|
|
fi
|
|
|
|
echo "pre-commit: running checks on staged Go files..."
|
|
|
|
# ── 1. gofmt ──────────────────────────────────────────────────────────────────
|
|
echo " → gofmt"
|
|
UNFORMATTED=$(gofmt -l $STAGED)
|
|
if [ -n "$UNFORMATTED" ]; then
|
|
echo " FAIL: the following files are not gofmt-formatted:"
|
|
echo "$UNFORMATTED" | sed 's/^/ /'
|
|
echo " Fix with: gofmt -w <file> or make lint-fix"
|
|
exit 1
|
|
fi
|
|
|
|
# ── 2. golangci-lint ──────────────────────────────────────────────────────────
|
|
echo " → golangci-lint"
|
|
golangci-lint run ./...
|
|
|
|
# ── 3. gosec (security scan) ──────────────────────────────────────────────────
|
|
echo " → gosec"
|
|
gosec -quiet ./...
|
|
|
|
# govulncheck is intentionally omitted from pre-commit (network + slow).
|
|
# Run it manually with: make security
|
|
|
|
echo "pre-commit: all checks passed."
|