Add precommit for secret scanning, formatting and license header checking. (#2938)

* Add precommit for secret scanning, formatting and license header checking. * Turn off bash debug logging. * Skip precommit checks that apply to all files. There are too many violations to run against all files.
2025-07-24 17:32:48 +00:00 · 2024-09-25 10:35:39 +01:00
parent 02254b2ac4
commit b00e11cb6f
7 changed files with 2451 additions and 23 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -43,8 +43,16 @@ jobs:
    steps:
      - uses: actions/checkout@v4
      - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
-      - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v7.0.0      
+      - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v7.0.0
      - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - id: changed-files
+        uses: Alfresco/alfresco-build-tools/.github/actions/github-list-changes@v6.1.0
+        with:
+          write-list-to-env: true
+      - uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@v6.1.0
      - name: "Init"
        run: bash ./scripts/ci/init.sh
      - name: "Prepare maven cache and check compilation"
@@ -63,7 +71,7 @@ jobs:
    steps:
      - uses: actions/checkout@v4
      - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
-      - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v7.0.0      
+      - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v7.0.0
      - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
      - name: "Init"
        run: bash ./scripts/ci/init.sh
@@ -169,7 +177,7 @@ jobs:
    steps:
      - uses: actions/checkout@v4
      - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
-      - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v7.0.0      
+      - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v7.0.0
      - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
      - name: "Init"
        run: bash ./scripts/ci/init.sh
@@ -249,7 +257,7 @@ jobs:
    steps:
      - uses: actions/checkout@v4
      - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
-      - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v7.0.0      
+      - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v7.0.0
      - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
      - name: "Build"
        timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
@@ -283,7 +291,7 @@ jobs:
        env:
          RP_OPTS: ${{ github.ref_name == 'master' && steps.rp-prepare.outputs.mvn-opts || '' }}
        run: |
-          eval "args=($RP_OPTS)"  
+          eval "args=($RP_OPTS)"
          mvn -B test -pl remote-api -Dtest=${{ matrix.testSuite }} -Ddb.driver=org.postgresql.Driver -Ddb.name=alfresco -Ddb.url=jdbc:postgresql://localhost:5433/alfresco -Ddb.username=alfresco -Ddb.password=alfresco "${args[@]}"
        continue-on-error: true
      - name: "Update GitHub Step Summary"
@@ -327,7 +335,7 @@ jobs:
    steps:
      - uses: actions/checkout@v4
      - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
-      - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v7.0.0      
+      - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v7.0.0
      - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
      - name: "Init"
        run: bash ./scripts/ci/init.sh
@@ -398,7 +406,7 @@ jobs:
    steps:
      - uses: actions/checkout@v4
      - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
-      - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v7.0.0      
+      - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v7.0.0
      - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
      - name: "Init"
        run: bash ./scripts/ci/init.sh
@@ -469,7 +477,7 @@ jobs:
    steps:
      - uses: actions/checkout@v4
      - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
-      - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v7.0.0      
+      - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v7.0.0
      - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
      - name: "Init"
        run: bash ./scripts/ci/init.sh
@@ -500,7 +508,7 @@ jobs:
        env:
          RP_OPTS: ${{ github.ref_name == 'master' && steps.rp-prepare.outputs.mvn-opts || '' }}
        run: |
-          eval "args=($RP_OPTS)" 
+          eval "args=($RP_OPTS)"
          mvn -B test -pl repository -am -Dtest=AllDBTestsTestSuite -DfailIfNoTests=false -Ddb.driver=com.mysql.jdbc.Driver -Ddb.name=alfresco -Ddb.url=jdbc:mysql://localhost:3307/alfresco -Ddb.username=alfresco -Ddb.password=alfresco "${args[@]}"
        continue-on-error: true
      - name: "Update GitHub Step Summary"
@@ -539,7 +547,7 @@ jobs:
    steps:
      - uses: actions/checkout@v4
      - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
-      - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v7.0.0      
+      - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v7.0.0
      - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
      - name: "Init"
        run: bash ./scripts/ci/init.sh
@@ -570,7 +578,7 @@ jobs:
        env:
          RP_OPTS: ${{ github.ref_name == 'master' && steps.rp-prepare.outputs.mvn-opts || '' }}
        run: |
-          eval "args=($RP_OPTS)" 
+          eval "args=($RP_OPTS)"
          mvn -B test -pl repository -am -Dtest=AllDBTestsTestSuite -DfailIfNoTests=false -Ddb.driver=org.postgresql.Driver -Ddb.name=alfresco -Ddb.url=jdbc:postgresql://localhost:5433/alfresco -Ddb.username=alfresco -Ddb.password=alfresco "${args[@]}"
        continue-on-error: true
      - name: "Update GitHub Step Summary"
@@ -609,7 +617,7 @@ jobs:
    steps:
      - uses: actions/checkout@v4
      - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
-      - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v7.0.0      
+      - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v7.0.0
      - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
      - name: "Init"
        run: bash ./scripts/ci/init.sh
@@ -640,7 +648,7 @@ jobs:
        env:
          RP_OPTS: ${{ github.ref_name == 'master' && steps.rp-prepare.outputs.mvn-opts || '' }}
        run: |
-          eval "args=($RP_OPTS)" 
+          eval "args=($RP_OPTS)"
          mvn -B test -pl repository -am -Dtest=AllDBTestsTestSuite -DfailIfNoTests=false -Ddb.driver=org.postgresql.Driver -Ddb.name=alfresco -Ddb.url=jdbc:postgresql://localhost:5433/alfresco -Ddb.username=alfresco -Ddb.password=alfresco "${args[@]}"
        continue-on-error: true
      - name: "Update GitHub Step Summary"
@@ -679,7 +687,7 @@ jobs:
    steps:
      - uses: actions/checkout@v4
      - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
-      - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v7.0.0      
+      - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v7.0.0
      - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
      - name: "Init"
        run: bash ./scripts/ci/init.sh
@@ -710,7 +718,7 @@ jobs:
        env:
          RP_OPTS: ${{ github.ref_name == 'master' && steps.rp-prepare.outputs.mvn-opts || '' }}
        run: |
-          eval "args=($RP_OPTS)" 
+          eval "args=($RP_OPTS)"
          mvn -B test -pl repository -am -Dtest=AllDBTestsTestSuite -DfailIfNoTests=false -Ddb.driver=org.postgresql.Driver -Ddb.name=alfresco -Ddb.url=jdbc:postgresql://localhost:5433/alfresco -Ddb.username=alfresco -Ddb.password=alfresco "${args[@]}"
        continue-on-error: true
      - name: "Update GitHub Step Summary"
@@ -747,7 +755,7 @@ jobs:
    steps:
      - uses: actions/checkout@v4
      - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
-      - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v7.0.0      
+      - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v7.0.0
      - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
      - name: "Init"
        run: bash ./scripts/ci/init.sh
@@ -847,7 +855,7 @@ jobs:
    steps:
      - uses: actions/checkout@v4
      - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
-      - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v7.0.0      
+      - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v7.0.0
      - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
      - name: "Init"
        run: bash ./scripts/ci/init.sh
@@ -960,7 +968,7 @@ jobs:
    steps:
      - uses: actions/checkout@v4
      - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
-      - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v7.0.0      
+      - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v7.0.0
      - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
      - name: "Build"
        timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
@@ -1041,7 +1049,7 @@ jobs:
    steps:
      - uses: actions/checkout@v4
      - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
-      - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v7.0.0      
+      - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v7.0.0
      - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
      - name: "Init"
        run: bash ./scripts/ci/init.sh
@@ -1115,7 +1123,7 @@ jobs:
    steps:
      - uses: actions/checkout@v4
      - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
-      - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v7.0.0      
+      - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v7.0.0
      - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
      - name: "Build"
        timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
@@ -1161,7 +1169,7 @@ jobs:
    steps:
      - uses: actions/checkout@v4
      - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
-      - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v7.0.0      
+      - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v7.0.0
      - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
      - name: "Build"
        timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
@@ -1203,7 +1211,7 @@ jobs:
    steps:
      - uses: actions/checkout@v4
      - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
-      - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v7.0.0      
+      - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v7.0.0
      - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
      - name: "Build"
        timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
@@ -1293,7 +1301,7 @@ jobs:
    steps:
      - uses: actions/checkout@v4
      - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
-      - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v7.0.0      
+      - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v7.0.0
      - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
      - name: "Build"
        timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}