38 lines
1.7 KiB
Bash
Executable File
38 lines
1.7 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# pre-push hook: runs quality checks before every `git push`.
|
|
# Install with: make setup (sets core.hooksPath = .githooks)
|
|
set -euo pipefail
|
|
|
|
REPO_ROOT=$(git rev-parse --show-toplevel)
|
|
# shellcheck source=../tools.versions
|
|
source "${REPO_ROOT}/tools.versions"
|
|
|
|
echo "pre-push: running checks..."
|
|
|
|
# ── 1. gofmt ──────────────────────────────────────────────────────────────────
|
|
echo " → gofmt"
|
|
UNFORMATTED=$(gofmt -l $(git ls-files '*.go'))
|
|
if [ -n "$UNFORMATTED" ]; then
|
|
echo " FAIL: the following files are not gofmt-formatted:"
|
|
echo "$UNFORMATTED" | sed 's/^/ /'
|
|
echo " Fix with: make lint-fix"
|
|
exit 1
|
|
fi
|
|
|
|
# ── 2. go vet ─────────────────────────────────────────────────────────────────
|
|
echo " → go vet"
|
|
go vet ./...
|
|
|
|
# ── 3. golangci-lint ──────────────────────────────────────────────────────────
|
|
echo " → golangci-lint"
|
|
go run github.com/golangci/golangci-lint/cmd/golangci-lint@${GOLANGCI_LINT_VERSION} run ./...
|
|
|
|
# ── 4. gosec (security scan) ──────────────────────────────────────────────────
|
|
echo " → gosec"
|
|
go run github.com/securego/gosec/v2/cmd/gosec@${GOSEC_VERSION} -quiet ./...
|
|
|
|
# govulncheck is intentionally omitted (network + slow).
|
|
# Run it manually with: make security
|
|
|
|
echo "pre-push: all checks passed."
|