284313f908
Some checks are pending
Bidi Control Character Guard / bidi-control-guard (push) Waiting to run
Circular Dependency Check / Check for new circular dependencies (push) Waiting to run
Citus Migration Smoke / Combined migrations on single-node Citus (push) Waiting to run
E2E Fresh Install Tests / fresh-install-e2e (push) Waiting to run
ext-v2 guardrails / Run ext-v2 guard and ESLint (push) Waiting to run
Integration Tests / Check for relevant changes (push) Waiting to run
Integration Tests / ${{ (github.event_name == 'schedule' || github.event.inputs.suite == 'full') && 'Full integration suite' || 'Tier-1 integration subset' }} (push) Blocked by required conditions
Mobile checks / Mobile lint + typecheck (push) Waiting to run
Mobile checks / Mobile unit tests (push) Waiting to run
Mobile checks / Mobile dependency audit (report) (push) Waiting to run
Mobile checks / Mobile reproducibility checks (push) Waiting to run
Secrets guard (env backups) / Ensure no tracked env backup files (push) Waiting to run
Temporal Readiness / fast-readiness (push) Waiting to run
Temporal Readiness / docker-parity (push) Waiting to run
TypeScript Type Check / Nx affected typecheck (push) Waiting to run
Unit Tests / Skipped-test budget (push) Waiting to run
Unit Tests / Nx affected unit tests (push) Waiting to run
Unit Tests / Server unit coverage (informational) (push) Waiting to run
Validate Tenant Management Schema / Check for relevant changes (push) Waiting to run
Validate Tenant Management Schema / Validate Tenant Management Schema (push) Blocked by required conditions
EE Workflows Build Guard / ee-workflows-build-guard (push) Waiting to run
Excluded: .git, node_modules, secrets/, compose.env, assemblyscript tgz Source: /opt/alga-psa on psa.joliet.tech
38 lines
1.0 KiB
JavaScript
38 lines
1.0 KiB
JavaScript
#!/usr/bin/env node
|
|
import { execFileSync } from 'node:child_process';
|
|
|
|
const ENV_BACKUP_REGEXES = [
|
|
// Matches `.env*.bak*` (ex: `.env.local.bak`, `.env.local.bak.20260213`, `.env.bak~`)
|
|
/(^|\/)\.env[^/]*\.bak[^/]*$/i,
|
|
];
|
|
|
|
const lsFilesZ = () => {
|
|
const out = execFileSync('git', ['ls-files', '-z'], { stdio: ['ignore', 'pipe', 'inherit'] });
|
|
return out
|
|
.toString('utf8')
|
|
.split('\0')
|
|
.map((s) => s.trim())
|
|
.filter(Boolean);
|
|
};
|
|
|
|
const main = () => {
|
|
const tracked = lsFilesZ();
|
|
const offenders = tracked.filter((file) => ENV_BACKUP_REGEXES.some((re) => re.test(file)));
|
|
|
|
if (offenders.length === 0) {
|
|
process.exit(0);
|
|
}
|
|
|
|
// Keep this output tight so GitHub logs are readable.
|
|
console.error('ERROR: Tracked env-backup files detected (these often contain credentials).');
|
|
for (const file of offenders) {
|
|
console.error(`- ${file}`);
|
|
}
|
|
console.error('');
|
|
console.error('Fix: delete these from git history (or at least untrack them) and rely on .gitignore to keep them unstaged.');
|
|
process.exit(1);
|
|
};
|
|
|
|
main();
|
|
|