Discuss continuous delivery of infrastructure Archive: https://archive.sweetops.com/gitops/
Question: How do you use Git pre-hooks for identifying secrets on organization-level? I’m looking for ideas to detect sensitive commits before it’s committed and pushed to Github. Any ideas how would you approach this on org level?
@ Right now I’m just using lefthook and setting up a gitleaks hook to run on precommit and pre-push. It’s not perfect. I’ve not centralized anything. You can use plugins in whatever CI tool you use to do more widescale work, but for now it’s a way I’ve taken to get a small step towards quick code checks and pushing folks away from even dev certs and keys in the repos
you need a solid dev workflow
runbook, make sure you automate everything with
chocolatey its all about setting up developers machine, for me I would move over by offloading all of these checks into CI instead of developers machines.
@ for the sake of discussion, I don’t look at this as shifting from dev to CI checks. I’d rather “shift left” by having the same checks on the devs that CI runs. This improves the feedback cycle dramatically.
Brew and choco is for dev machine setup, and yes the task init i use leverages those for apps needed if required.
I totally agree with you, been there, found lot of developers dose not care about pre-checks or what so ever, so you force everything with CI and PR reviews.
@ that’s why I use
task init or equivalent in the setup of the project and it self-registers all the hooks and linting tools. Then CI does the exact same thing as manual run.
this means immediate feedback loop before I even open PR having resolved all linting and test failures before it even gets to this point. IMO that quick feedback loop is key to a good trunk based dev workflow and making PR’s less intrusive.