30 lines
806 B
Makefile
30 lines
806 B
Makefile
export MAKEFLAGS :=
|
|
|
|
all:
|
|
@echo 'no default action, available actions:'
|
|
@for n in check-git-history setup-git-hooks empty-out-secrets; do echo " - $$n"; done
|
|
@echo
|
|
@exit 1
|
|
|
|
check-git-history:
|
|
f() { \
|
|
local result=0; \
|
|
local ret; \
|
|
for h in $$(git log --format=%h | tac); do \
|
|
git verify-commit --raw $$h 2>&1 | grep -qP '^\[GNUPG:\] VALIDSIG (\S+ )+9C561D6430B28D6BDCBC9CEB73D5E7FDEE3DE49A$$'; \
|
|
ret=$$?; \
|
|
if [ $$ret -ne 0 ]; then \
|
|
echo "[!] found unsigned commit: $$h"; \
|
|
result=1; \
|
|
fi; \
|
|
done; \
|
|
exit $$result; \
|
|
}; f
|
|
|
|
setup-git-hooks:
|
|
echo -e '#!/usr/bin/env sh\nmake check-git-history && exec nix flake check' >.git/hooks/pre-commit
|
|
chmod +x .git/hooks/pre-commit
|
|
|
|
empty-out-secrets:
|
|
for f in $$(find secrets -type f -name '*.nix'); do echo '{ }' > $$f; done
|