tenseleyflow/shithub / baa7e44

Browse files

S35: hook lint-secret-logs into make ci

Authored by espadonne
SHA
baa7e442730dd45e0011dcec5cac8fa3988c8201
Parents
a894fbb
Tree
2380be2

1 changed file

StatusFile+-
M Makefile 5 2
Makefilemodified
@@ -2,7 +2,7 @@
22
 # Targets mirror what CI runs. The Makefile is the source of truth.
33
44
 .DEFAULT_GOAL := help
5
-.PHONY: help dev build test test-race lint lint-policy fmt tidy clean ci assets install-tools version
5
+.PHONY: help dev build test test-race lint lint-policy lint-markdown lint-secret-logs fmt tidy clean ci assets install-tools version
66
77
 # Build metadata embedded into the binary via -ldflags.
88
 VERSION := $(shell git describe --tags --always --dirty 2>/dev/null || echo dev)
@@ -70,7 +70,7 @@ assets: ## Copy Primer CSS into internal/web/static/ for embedding.
7070
 		echo "warn: .refs/primer-css/dist not found; run 'git clone https://github.com/primer/css .refs/primer-css' first"; \
7171
 	fi
7272
73
-ci: lint lint-policy lint-markdown test build ## Full CI pipeline (matches .github/workflows/ci.yml).
73
+ci: lint lint-policy lint-markdown lint-secret-logs test build ## Full CI pipeline (matches .github/workflows/ci.yml).
7474
 	@echo "ci: ok"
7575
7676
 lint-policy: ## Enforce policy-package boundary (no inline auth checks in handlers/git/cmd).
@@ -79,6 +79,9 @@ lint-policy: ## Enforce policy-package boundary (no inline auth checks in handle
7979
 lint-markdown: ## Enforce markdown-package boundary (no goldmark/bluemonday outside internal/markdown).
8080
 	@scripts/lint-markdown-boundary.sh
8181
82
+lint-secret-logs: ## Fail when source emits log lines containing token-prefix patterns.
83
+	@scripts/lint-secret-logs.sh
84
+
8285
 install-tools: ## Install development tools via 'go install'.
8386
 	go install mvdan.cc/gofumpt@latest
8487
 	go install golang.org/x/tools/cmd/goimports@latest