fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands - CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround - CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check - NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere - MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates - LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference Co-authored-by: Cursor <cursoragent@cursor.com>
179 lines
6.1 KiB
Bash
Executable File
179 lines
6.1 KiB
Bash
Executable File
#!/bin/bash
|
|
# Verify .gitignore coverage for all .env files and secrets
|
|
# Identifies .env files that may not be properly ignored
|
|
|
|
set -euo pipefail
|
|
|
|
# Colors
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
YELLOW='\033[1;33m'
|
|
BLUE='\033[0;34m'
|
|
NC='\033[0m'
|
|
|
|
log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }
|
|
log_success() { echo -e "${GREEN}[✓]${NC} $1"; }
|
|
log_warn() { echo -e "${YELLOW}[⚠]${NC} $1"; }
|
|
log_error() { echo -e "${RED}[✗]${NC} $1"; }
|
|
|
|
PROJECT_ROOT="${PROJECT_ROOT:-/home/intlc/projects}"
|
|
FIX_MODE="${FIX_MODE:-false}"
|
|
|
|
echo "═══════════════════════════════════════════════════════════"
|
|
echo " .gitignore Coverage Verification"
|
|
echo "═══════════════════════════════════════════════════════════"
|
|
echo ""
|
|
|
|
# Find all .env files
|
|
log_info "Scanning for .env files..."
|
|
ENV_FILES=$(find "$PROJECT_ROOT" -type f -name ".env" ! -name "*.example" ! -path "*/node_modules/*" ! -path "*/.git/*" 2>/dev/null)
|
|
|
|
ISSUES=0
|
|
FIXED=0
|
|
|
|
while IFS= read -r env_file; do
|
|
if [ -z "$env_file" ]; then
|
|
continue
|
|
fi
|
|
|
|
dir=$(dirname "$env_file")
|
|
gitignore="$dir/.gitignore"
|
|
root_gitignore="$PROJECT_ROOT/.gitignore"
|
|
|
|
# Check if .env is ignored
|
|
ignored=false
|
|
|
|
# Check local .gitignore
|
|
if [ -f "$gitignore" ]; then
|
|
if grep -qE "^\.env$|^\.env\.|^\*\.env" "$gitignore" 2>/dev/null; then
|
|
ignored=true
|
|
fi
|
|
fi
|
|
|
|
# Check root .gitignore
|
|
if [ "$ignored" = false ] && [ -f "$root_gitignore" ]; then
|
|
if grep -qE "^\.env$|^\.env\.|^\*\.env" "$root_gitignore" 2>/dev/null; then
|
|
ignored=true
|
|
fi
|
|
fi
|
|
|
|
# Check if file is in a git repo
|
|
git_repo=false
|
|
if git -C "$dir" rev-parse --git-dir &>/dev/null 2>&1; then
|
|
git_repo=true
|
|
fi
|
|
|
|
if [ "$ignored" = false ]; then
|
|
ISSUES=$((ISSUES + 1))
|
|
log_warn "⚠️ $env_file"
|
|
log_warn " Not properly ignored in .gitignore"
|
|
|
|
if [ "$FIX_MODE" = "true" ]; then
|
|
# Create or update .gitignore
|
|
if [ ! -f "$gitignore" ]; then
|
|
echo "# Environment files" >> "$gitignore"
|
|
echo ".env" >> "$gitignore"
|
|
echo ".env.local" >> "$gitignore"
|
|
echo ".env.*.local" >> "$gitignore"
|
|
echo "*.env.backup" >> "$gitignore"
|
|
echo ".env.backup.*" >> "$gitignore"
|
|
log_success " Created $gitignore"
|
|
FIXED=$((FIXED + 1))
|
|
elif ! grep -qE "^\.env$|^\.env\.|^\*\.env" "$gitignore" 2>/dev/null; then
|
|
echo "" >> "$gitignore"
|
|
echo "# Environment files" >> "$gitignore"
|
|
echo ".env" >> "$gitignore"
|
|
echo ".env.local" >> "$gitignore"
|
|
echo ".env.*.local" >> "$gitignore"
|
|
echo "*.env.backup" >> "$gitignore"
|
|
echo ".env.backup.*" >> "$gitignore"
|
|
log_success " Updated $gitignore"
|
|
FIXED=$((FIXED + 1))
|
|
fi
|
|
fi
|
|
else
|
|
if [ "$git_repo" = true ]; then
|
|
log_success "✓ $env_file (properly ignored)"
|
|
fi
|
|
fi
|
|
done <<< "$ENV_FILES"
|
|
|
|
echo ""
|
|
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|
|
echo " Backup Files Check"
|
|
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|
|
echo ""
|
|
|
|
# Check for backup files
|
|
BACKUP_FILES=$(find "$PROJECT_ROOT" -type f \( -name "*.env.backup*" -o -name ".env.backup*" \) ! -path "*/node_modules/*" ! -path "*/.git/*" 2>/dev/null)
|
|
|
|
BACKUP_ISSUES=0
|
|
while IFS= read -r backup_file; do
|
|
if [ -z "$backup_file" ]; then
|
|
continue
|
|
fi
|
|
|
|
dir=$(dirname "$backup_file")
|
|
gitignore="$dir/.gitignore"
|
|
root_gitignore="$PROJECT_ROOT/.gitignore"
|
|
|
|
ignored=false
|
|
|
|
if [ -f "$gitignore" ]; then
|
|
if grep -qE "\.env\.backup|env\.backup" "$gitignore" 2>/dev/null; then
|
|
ignored=true
|
|
fi
|
|
fi
|
|
|
|
if [ "$ignored" = false ] && [ -f "$root_gitignore" ]; then
|
|
if grep -qE "\.env\.backup|env\.backup" "$root_gitignore" 2>/dev/null; then
|
|
ignored=true
|
|
fi
|
|
fi
|
|
|
|
# Check if file contains secrets
|
|
has_secrets=false
|
|
if grep -qE "^(PRIVATE_KEY|API_KEY|SECRET|PASSWORD|TOKEN|CLOUDFLARE)" "$backup_file" 2>/dev/null; then
|
|
has_secrets=true
|
|
fi
|
|
|
|
if [ "$has_secrets" = true ]; then
|
|
BACKUP_ISSUES=$((BACKUP_ISSUES + 1))
|
|
if [ "$ignored" = false ]; then
|
|
log_error "🔴 $backup_file"
|
|
log_error " Contains secrets and is NOT ignored!"
|
|
else
|
|
log_warn "⚠️ $backup_file"
|
|
log_warn " Contains secrets (properly ignored, but should be removed)"
|
|
fi
|
|
fi
|
|
done <<< "$BACKUP_FILES"
|
|
|
|
echo ""
|
|
echo "═══════════════════════════════════════════════════════════"
|
|
echo " Summary"
|
|
echo "═══════════════════════════════════════════════════════════"
|
|
echo ""
|
|
|
|
if [ "$ISSUES" -eq 0 ] && [ "$BACKUP_ISSUES" -eq 0 ]; then
|
|
log_success "✅ All .env files are properly ignored!"
|
|
else
|
|
log_warn "Found $ISSUES .env file(s) not properly ignored"
|
|
log_warn "Found $BACKUP_ISSUES backup file(s) with secrets"
|
|
|
|
if [ "$FIX_MODE" = "true" ]; then
|
|
log_info "Fixed $FIXED .gitignore file(s)"
|
|
echo ""
|
|
log_info "Next steps:"
|
|
log_info " 1. Review the changes"
|
|
log_info " 2. Commit .gitignore updates"
|
|
log_info " 3. Handle backup files with secrets"
|
|
else
|
|
echo ""
|
|
log_info "To automatically fix .gitignore files, run:"
|
|
log_info " FIX_MODE=true $0"
|
|
fi
|
|
fi
|
|
|
|
echo ""
|