chore: add pre-commit size guard and harden .gitignore
- Add .githooks/pre-commit that blocks files >2MB (configurable via GIT_MAX_FILE_SIZE). Activate with: git config core.hooksPath .githooks - Expand .gitignore to block common binary/archive patterns (*.tar.gz, *.tgz, *.iso, *.img, *.bin, *.exe, *.dmg) - Add explicit root-level terraform.tfstate ignore rules - Remove stale redis-25.3.2.tgz helm chart (unreferenced) Prevents re-accumulation of large blobs after git history cleanup that reduced .git from 2.6GB to 128MB. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
b0192d9545
commit
e23153cf03
3 changed files with 43 additions and 0 deletions
32
.githooks/pre-commit
Executable file
32
.githooks/pre-commit
Executable file
|
|
@ -0,0 +1,32 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
# Pre-commit hook: block large files from being committed.
|
||||||
|
# Install: git config core.hooksPath .githooks
|
||||||
|
#
|
||||||
|
# Max allowed file size (bytes). Override with GIT_MAX_FILE_SIZE env var.
|
||||||
|
MAX_SIZE="${GIT_MAX_FILE_SIZE:-2097152}" # 2 MB default
|
||||||
|
|
||||||
|
errors=0
|
||||||
|
|
||||||
|
while IFS= read -r line; do
|
||||||
|
# Format: :old_mode new_mode old_sha new_sha status\tpath
|
||||||
|
status=$(echo "$line" | awk '{print $5}' | cut -c1)
|
||||||
|
file=$(echo "$line" | awk '{print $6}')
|
||||||
|
|
||||||
|
# Skip deleted files
|
||||||
|
[ "$status" = "D" ] && continue
|
||||||
|
|
||||||
|
sha=$(echo "$line" | awk '{print $4}')
|
||||||
|
size=$(git cat-file -s "$sha" 2>/dev/null || echo 0)
|
||||||
|
|
||||||
|
if [ "$size" -gt "$MAX_SIZE" ]; then
|
||||||
|
printf "BLOCKED: %s is %s bytes (max %s)\n" "$file" "$size" "$MAX_SIZE" >&2
|
||||||
|
errors=$((errors + 1))
|
||||||
|
fi
|
||||||
|
done < <(git diff --cached --raw)
|
||||||
|
|
||||||
|
if [ "$errors" -gt 0 ]; then
|
||||||
|
echo >&2
|
||||||
|
echo "Commit blocked: $errors file(s) exceed the ${MAX_SIZE}-byte limit." >&2
|
||||||
|
echo "If intentional, bypass with: git commit --no-verify" >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
11
.gitignore
vendored
11
.gitignore
vendored
|
|
@ -87,3 +87,14 @@ cli/cli
|
||||||
cli/infra_cli
|
cli/infra_cli
|
||||||
stacks/terminal/clipboard-upload/clipboard-upload
|
stacks/terminal/clipboard-upload/clipboard-upload
|
||||||
*.zip
|
*.zip
|
||||||
|
*.tar.gz
|
||||||
|
*.tgz
|
||||||
|
*.iso
|
||||||
|
*.img
|
||||||
|
*.bin
|
||||||
|
*.exe
|
||||||
|
*.dmg
|
||||||
|
|
||||||
|
# Plaintext terraform state — NEVER commit (use SOPS-encrypted .tfstate.enc only)
|
||||||
|
terraform.tfstate
|
||||||
|
terraform.tfstate.backup
|
||||||
|
|
|
||||||
Binary file not shown.
Loading…
Add table
Add a link
Reference in a new issue