update
This commit is contained in:
Haitao Pan
parent
cb4e34f3e8
commit
47fe2ee1ab
43
scripts/auto-fix-gitleaks.sh
Normal file
43
scripts/auto-fix-gitleaks.sh
Normal file
@ -0,0 +1,43 @@
|
||||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
|
||||
REMOTE_URL="git@github.com:svc-design/Modern-Container-Application-Reference-Architecture.git"
|
||||
|
||||
echo "[*] Step 1: 使用 Gitleaks 扫描泄露路径..."
|
||||
LEAKED_PATHS=$(gitleaks detect -v --report-format json \
|
||||
| jq -r '.[].File // .file' \
|
||||
| sort -u)
|
||||
|
||||
if [ -z "$LEAKED_PATHS" ]; then
|
||||
echo "[✓] 没有泄露路径,无需清理。"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
echo "[*] Step 2: 即将清理以下敏感文件路径:"
|
||||
echo "$LEAKED_PATHS"
|
||||
echo
|
||||
|
||||
# 构建参数列表
|
||||
ARGS=()
|
||||
while read -r path; do
|
||||
[ -n "$path" ] && ARGS+=(--path "$path")
|
||||
done <<< "$LEAKED_PATHS"
|
||||
|
||||
echo "[*] Step 3: 使用 git filter-repo 删除历史路径..."
|
||||
git filter-repo --force "${ARGS[@]}" --invert-paths
|
||||
|
||||
echo "[*] Step 4: 检查并配置远程仓库 origin..."
|
||||
if ! git remote get-url origin &>/dev/null; then
|
||||
echo "[!] 未检测到 origin,正在添加远程仓库:$REMOTE_URL"
|
||||
git remote add origin "$REMOTE_URL"
|
||||
else
|
||||
echo "[✓] 已配置 origin -> $(git remote get-url origin)"
|
||||
fi
|
||||
|
||||
echo "[*] Step 5: 强制推送全部历史..."
|
||||
git push origin --force --all
|
||||
git push origin --force --tags
|
||||
|
||||
echo
|
||||
echo "[✓] 历史清理完毕 ✅"
|
||||
echo "[*] 可选:运行 gitleaks detect 再次验证无泄露"
|
||||
50
scripts/clean_git_binaries_fixed.sh
Normal file
50
scripts/clean_git_binaries_fixed.sh
Normal file
@ -0,0 +1,50 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
echo "📦 自动扫描 Git 中最大的历史文件并清理..."
|
||||
|
||||
# 检查 git-filter-repo 是否存在
|
||||
if ! command -v git-filter-repo &> /dev/null; then
|
||||
echo "❌ 请先安装 git-filter-repo(https://github.com/newren/git-filter-repo)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# 提取前 20 个最大文件路径(唯一化)
|
||||
echo "🔍 获取 Git 历史中前 20 个大文件路径..."
|
||||
LARGE_PATHS=$(git rev-list --objects --all | \
|
||||
git cat-file --batch-check='%(objecttype) %(objectname) %(objectsize) %(rest)' | \
|
||||
grep '^blob' | \
|
||||
sort -k3 -n -r | \
|
||||
head -20 | \
|
||||
awk '{print $4}' | sort | uniq)
|
||||
|
||||
echo "🗑️ 以下路径将被从 Git 历史中永久删除:"
|
||||
echo "$LARGE_PATHS"
|
||||
|
||||
# 确认清理
|
||||
read -p "⚠️ 确定要执行清理吗?此操作将重写历史 (y/n): " confirm
|
||||
if [[ "$confirm" != "y" && "$confirm" != "Y" ]]; then
|
||||
echo "❎ 已取消"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# 构造参数数组并执行 git-filter-repo
|
||||
echo "🚨 正在清理..."
|
||||
git filter-repo \
|
||||
$(echo "$LARGE_PATHS" | awk '{print "--path " $1}') \
|
||||
--invert-paths
|
||||
|
||||
echo "✅ 清理完成!你现在可以检查仓库大小:du -sh .git"
|
||||
|
||||
# 可选推送
|
||||
read -p "🚀 是否强制推送更改到远程?(y/n): " pushconfirm
|
||||
if [[ "$pushconfirm" == "y" || "$pushconfirm" == "Y" ]]; then
|
||||
git push origin --force --all
|
||||
git push origin --force --tags
|
||||
echo "✅ 已强推完成"
|
||||
else
|
||||
echo "⚠️ 请手动执行以下命令推送:"
|
||||
echo " git push origin --force --all"
|
||||
echo " git push origin --force --tags"
|
||||
fi
|
||||
|
||||
Loading…
Reference in New Issue
Block a user