romtuck/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: prep pre-commit runner

Browse Source
This commit is contained in:
Peter Steinberger 2026-01-25 10:45:04 +00:00
parent e0a3063ad7
commit d7eace87ae
4 changed files with 59 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.detect-secrets.cfg
View File

@ -7,6 +7,10 @@
[exclude-files] [exclude-files]
# pnpm lockfiles contain lots of high-entropy package integrity blobs. # pnpm lockfiles contain lots of high-entropy package integrity blobs.
pattern = (^|/)pnpm-lock\.yaml$ pattern = (^|/)pnpm-lock\.yaml$
# Generated output and vendored assets.
pattern = (^|/)(dist|vendor)/
# Local config file with allowlist patterns.
pattern = (^|/)\.detect-secrets\.cfg$
[exclude-lines] [exclude-lines]
# Fastlane checks for private key marker; not a real key. # Fastlane checks for private key marker; not a real key.

26
.pre-commit-config.yaml
View File

@ -24,7 +24,27 @@ repos:
rev: v1.5.0 rev: v1.5.0
hooks: hooks:
- id: detect-secrets - id: detect-secrets
args: [--baseline, .secrets.baseline] args:
- --baseline
- .secrets.baseline
- --exclude-files
- '(^|/)(dist/|vendor/|pnpm-lock\.yaml$|\.detect-secrets\.cfg$)'
- --exclude-lines
- 'key_content\.include\?\("BEGIN PRIVATE KEY"\)'
- --exclude-lines
- 'case \.apiKeyEnv: "API key \(env var\)"'
- --exclude-lines
- 'case apikey = "apiKey"'
- --exclude-lines
- '"gateway\.remote\.password"'
- --exclude-lines
- '"gateway\.auth\.password"'
- --exclude-lines
- '"talk\.apiKey"'
- --exclude-lines
- '=== "string"'
- --exclude-lines
- 'typeof remote\?\.password === "string"'
# Shell script linting # Shell script linting
- repo: https://github.com/koalaman/shellcheck-precommit - repo: https://github.com/koalaman/shellcheck-precommit
@ -55,7 +75,7 @@ repos:
# oxlint --type-aware src test # oxlint --type-aware src test
- id: oxlint - id: oxlint
name: oxlint name: oxlint
entry: npx oxlint --type-aware src test entry: scripts/pre-commit/run-node-tool.sh oxlint --type-aware src test
language: system language: system
pass_filenames: false pass_filenames: false
types_or: [javascript, jsx, ts, tsx] types_or: [javascript, jsx, ts, tsx]
@ -63,7 +83,7 @@ repos:
# oxfmt --check src test # oxfmt --check src test
- id: oxfmt - id: oxfmt
name: oxfmt name: oxfmt
entry: npx oxfmt --check src test entry: scripts/pre-commit/run-node-tool.sh oxfmt --check src test
language: system language: system
pass_filenames: false pass_filenames: false
types_or: [javascript, jsx, ts, tsx] types_or: [javascript, jsx, ts, tsx]

11
.secrets.baseline
View File

@ -2210,16 +2210,7 @@
"is_verified": false, "is_verified": false,
"line_number": 182 "line_number": 182
} }
],
"vendor/a2ui/README.md": [
{
"type": "Secret Keyword",
"filename": "vendor/a2ui/README.md",
"hashed_secret": "2619a5397a5d054dab3fe24e6a8da1fbd76ec3a6",
"is_verified": false,
"line_number": 123
}
] ]
}, },
"generated_at": "2026-01-25T06:57:20Z" "generated_at": "2026-01-25T10:46:40Z"
} }

31
scripts/pre-commit/run-node-tool.sh Executable file
View File

@ -0,0 +1,31 @@
#!/usr/bin/env bash
set -euo pipefail
ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
if [[ $# -lt 1 ]]; then
echo "usage: run-node-tool.sh <tool> [args...]" >&2
exit 2
fi
tool="$1"
shift
if [[ -f "$ROOT_DIR/pnpm-lock.yaml" ]] && command -v pnpm >/dev/null 2>&1; then
exec pnpm exec "$tool" "$@"
fi
if { [[ -f "$ROOT_DIR/bun.lockb" ]] || [[ -f "$ROOT_DIR/bun.lock" ]]; } && command -v bun >/dev/null 2>&1; then
exec bunx --bun "$tool" "$@"
fi
if command -v npm >/dev/null 2>&1; then
exec npm exec -- "$tool" "$@"
fi
if command -v npx >/dev/null 2>&1; then
exec npx "$tool" "$@"
fi
echo "Missing package manager: pnpm, bun, or npm required." >&2
exit 1