Skip to content

chore: add pre-commit hooks [MCP-284] #727

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 11 commits into from
Nov 12, 2025
+73 −1
Merged

chore: add pre-commit hooks [MCP-284] #727

Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
c940a4b
chore: add pre-commit hooks [MCP-284]
fmenezes Nov 12, 2025
d182dee
fix
fmenezes Nov 12, 2025
5bad587
fix
fmenezes Nov 12, 2025
db0999d
fix
fmenezes Nov 12, 2025
d2bf0ad
fix
fmenezes Nov 12, 2025
c07215b
add tests
fmenezes Nov 12, 2025
d19055a
fix
fmenezes Nov 12, 2025
042e0c9
fix
fmenezes Nov 12, 2025
7a7b79d
fix
fmenezes Nov 12, 2025
f3de062
fix
fmenezes Nov 12, 2025
f0a27ec
fix
fmenezes Nov 12, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 20 additions & 0 deletions .github/workflows/code-health.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -136,3 +136,23 @@ jobs:
uses: coverallsapp/github-action@v2.3.6
with:
file: coverage/lcov.info

run-git-hooks:
name: Run git hooks
if: github.event_name == 'push' || (github.event.pull_request.user.login != 'dependabot[bot]' && github.event.pull_request.head.repo.full_name == github.repository)
runs-on: ubuntu-latest
steps:
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
- uses: actions/checkout@v5
with:
persist-credentials: false
- uses: actions/setup-node@v6
with:
node-version-file: package.json
cache: "npm"
- name: Install dependencies
run: |
sudo apt-get install -y git-secrets
npm ci
Copy link
Collaborator

@nirinchev nirinchev Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to install npm packages? I don't expect we want to scan for secrets in node_modules anyway?

Copy link
Collaborator Author

@fmenezes fmenezes Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

will remove

- name: Run pre-commit and pre-push hooks
Copy link
Collaborator

@gagik gagik Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I understand the idea behind having those aligned but beyond git-secret, isn't the rest redundant and handled by other runs? We can turn this into a git-secrets check instead

Copy link
Collaborator Author

@fmenezes fmenezes Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sure

Copy link
Collaborator Author

@fmenezes fmenezes Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done!

run: ./.husky/_/pre-commit && ./.husky/_/pre-push
10 changes: 10 additions & 0 deletions .husky/pre-commit
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
#!/bin/bash

if [ ! "$(which git-secrets)" ]
then
echo "git-secrets is not installed. Please run 'brew install git-secrets' or visit https://github.com/awslabs/git-secrets#installing-git-secrets"
exit 1
fi

git-secrets --register-aws > /dev/null
git-secrets --scan
2 changes: 2 additions & 0 deletions .husky/pre-push
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
npm run check
npm test -- --run tests/unit
40 changes: 40 additions & 0 deletions package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 2 additions & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@
"scripts": {
"start": "node dist/index.js --transport http --loggers stderr mcp",
"start:stdio": "node dist/index.js --transport stdio --loggers stderr mcp",
"prepare": "npm run build",
"prepare": "husky && npm run build",
"build:clean": "rm -rf dist",
"build:update-package-version": "tsx scripts/updatePackageVersion.ts",
"build:esm": "tsc --project tsconfig.esm.json && chmod +x dist/esm/index.js",
Expand Down Expand Up @@ -84,6 +84,7 @@
"eslint-config-prettier": "^10.1.8",
"eslint-plugin-prettier": "^5.5.4",
"globals": "^16.3.0",
"husky": "^9.1.7",
"knip": "^5.63.1",
"mongodb": "^6.19.0",
"mongodb-runner": "^5.9.2",
Expand Down
2 changes: 2 additions & 0 deletions tests/integration/fixtures/httpsServerProxyTest.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,8 @@ export class HTTPServerProxyTestSetup {
}

requests: IncomingMessage[];

// note: these are self-signed certs for testing purposes, DO NOT use in production
Copy link
Collaborator Author

@fmenezes fmenezes Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@blva is this enough?

tlsOptions = Object.freeze({
key: readFileSync(path.resolve(__dirname, "server.key")),
cert: readFileSync(path.resolve(__dirname, "server.pem")),
Expand Down
Loading