e23153cf03
- Add .githooks/pre-commit that blocks files >2MB (configurable via GIT_MAX_FILE_SIZE). Activate with: git config core.hooksPath .githooks - Expand .gitignore to block common binary/archive patterns (*.tar.gz, *.tgz, *.iso, *.img, *.bin, *.exe, *.dmg) - Add explicit root-level terraform.tfstate ignore rules - Remove stale redis-25.3.2.tgz helm chart (unreferenced) Prevents re-accumulation of large blobs after git history cleanup that reduced .git from 2.6GB to 128MB. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
100 lines
2.1 KiB
Text
Executable file
100 lines
2.1 KiB
Text
Executable file
|
|
# Created by https://www.toptal.com/developers/gitignore/api/terraform
|
|
# Edit at https://www.toptal.com/developers/gitignore?templates=terraform
|
|
|
|
### Terraform ###
|
|
# Local .terraform directories
|
|
**/.terraform/*
|
|
|
|
# .tfstate files
|
|
*.tfstate
|
|
*.tfstate.backup
|
|
|
|
# Crash log files
|
|
crash.log
|
|
|
|
# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
|
|
# .tfvars files are managed as part of configuration and so should be included in
|
|
# version control.
|
|
#
|
|
# example.tfvars
|
|
#*.tfvars
|
|
|
|
# Ignore override files as they are usually used to override resources locally and so
|
|
# are not checked in
|
|
override.tf
|
|
override.tf.json
|
|
*_override.tf
|
|
*_override.tf.json
|
|
|
|
# Include override files you do wish to add to version control using negated pattern
|
|
# !example_override.tf
|
|
|
|
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
|
|
# example: *tfplan*
|
|
|
|
git_crypt.key
|
|
|
|
# SOPS — decrypted secrets (temporary, never commit)
|
|
/secrets.auto.tfvars.json
|
|
/secrets.auto.tfvars.json.*
|
|
|
|
# Claude Code - temporary/sensitive files
|
|
.claude/cmd_input.txt
|
|
.claude/cmd_output.txt
|
|
.claude/cmd_status.txt
|
|
.claude/settings.local.json
|
|
.claude/._*
|
|
|
|
._*
|
|
|
|
# Terragrunt
|
|
.terragrunt-cache/
|
|
|
|
# Terraform state — plaintext is ignored, encrypted is committed
|
|
state/stacks/*/terraform.tfstate
|
|
state/stacks/*/terraform.tfstate.backup
|
|
state/stacks/*/*.backup
|
|
state/backups/
|
|
state/terraform.tfstate
|
|
state/infra/
|
|
# Allow encrypted state
|
|
!state/stacks/*/terraform.tfstate.enc
|
|
|
|
# Terragrunt-generated files (providers, backend config)
|
|
backend.tf
|
|
providers.tf
|
|
.terraform.lock.hcl
|
|
|
|
# Kubernetes config (sensitive)
|
|
config
|
|
|
|
# Node.js (not part of infra)
|
|
node_modules/
|
|
package-lock.json
|
|
package.json
|
|
|
|
# Archived - secrets now in SOPS (secrets.auto.tfvars.json)
|
|
terraform.tfvars
|
|
|
|
# Beads / Dolt files (added by bd init)
|
|
.dolt/
|
|
*.db
|
|
.beads-credential-key
|
|
|
|
# Build artifacts — binaries should be built by CI, not committed
|
|
cli/cli
|
|
cli/infra_cli
|
|
stacks/terminal/clipboard-upload/clipboard-upload
|
|
*.zip
|
|
*.tar.gz
|
|
*.tgz
|
|
*.iso
|
|
*.img
|
|
*.bin
|
|
*.exe
|
|
*.dmg
|
|
|
|
# Plaintext terraform state — NEVER commit (use SOPS-encrypted .tfstate.enc only)
|
|
terraform.tfstate
|
|
terraform.tfstate.backup
|