Merge pull request #702 from GSA-TTS/pre-commit-no-env

Add a basic check to look for .env files
GSA-TTS · Dec 18, 2024 · fb27f4e · fb27f4e
2 parents f776ad8 + c73fb93
commit fb27f4e
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -41,3 +41,20 @@ repos:
         description: Detect hardcoded secrets using Gitleaks
         language: docker_image
         entry: zricethezav/gitleaks:v8.15.0 protect --verbose --redact --staged
+
+  # fail if a commit includes a file named '.env'
+  # BAD:
+  #   .env
+  #   foo/.env
+  #
+  # Good:
+  # sample.env
+  # env.sample
+  # share/examples/sample.env
+  - repo: local
+    hooks:
+      - id: no-dotenv-files
+        name: "Files named .env are not allowed."
+        entry: "Files may not be named .env"
+        language: fail
+        files: "^(.*[/])?[.]env$"