add scripts/auto-fix-gitleaks.sh

This commit is contained in:
Haitao Pan 2025-04-05 13:44:17 +08:00
parent 39bc469246
commit 7a1b15416f
4 changed files with 43 additions and 5 deletions

@ -1 +0,0 @@
Subproject commit d3672141cbe841efd755834587bfed10b31ab81b

@ -1 +0,0 @@
Subproject commit 7c682a3ae5107b61fe5d7e68cfe282b7f86cf0c5

View File

@ -1,3 +0,0 @@
name: multi-cloud-iaas
runtime: python
description: Multi-Cloud IaaS Infrastructure with Pulumi (AWS, Azure, GCP, Alibaba)

View File

@ -0,0 +1,43 @@
#!/bin/bash
set -euo pipefail
REMOTE_URL="git@github.com:svc-design/Modern-Container-Application-Reference-Architecture.git"
echo "[*] Step 1: 使用 Gitleaks 扫描泄露路径..."
LEAKED_PATHS=$(gitleaks detect -v --report-format json \
| jq -r '.[].File // .file' \
| sort -u)
if [ -z "$LEAKED_PATHS" ]; then
echo "[✓] 没有泄露路径,无需清理。"
exit 0
fi
echo "[*] Step 2: 即将清理以下敏感文件路径:"
echo "$LEAKED_PATHS"
echo
# 构建参数列表
ARGS=()
while read -r path; do
[ -n "$path" ] && ARGS+=(--path "$path")
done <<< "$LEAKED_PATHS"
echo "[*] Step 3: 使用 git filter-repo 删除历史路径..."
git filter-repo --force "${ARGS[@]}" --invert-paths
echo "[*] Step 4: 检查并配置远程仓库 origin..."
if ! git remote get-url origin &>/dev/null; then
echo "[!] 未检测到 origin正在添加远程仓库$REMOTE_URL"
git remote add origin "$REMOTE_URL"
else
echo "[✓] 已配置 origin -> $(git remote get-url origin)"
fi
echo "[*] Step 5: 强制推送全部历史..."
git push origin --force --all
git push origin --force --tags
echo
echo "[✓] 历史清理完毕 ✅"
echo "[*] 可选:运行 gitleaks detect 再次验证无泄露"