curo/Business-Management
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use venv inside pre-commit container instead of pip --user

Browse Source 
Creates /tmp/venv inside the ephemeral container, installs bandit there,
and runs the security check via the venv's Python. No --user installs,
no script-location warnings, no writes outside the container's /tmp.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
curo1305
2026-04-13 23:08:02 +02:00
parent 5f306d7edc
commit 8ac1d8223b
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.githooks/pre-commit
+1 -2
View File
@@ -20,10 +20,9 @@ docker run --rm \
-w /repo \ -w /repo \
-e STAGED_FILES="$STAGED" \ -e STAGED_FILES="$STAGED" \
-u 1001:1001 \ -u 1001:1001 \
-e HOME=/tmp \
-e PIP_DISABLE_PIP_VERSION_CHECK=1 \ -e PIP_DISABLE_PIP_VERSION_CHECK=1 \
python:3.12-slim \ python:3.12-slim \
sh -c "pip install --quiet --user --no-warn-script-location bandit && python scripts/security_check.py" sh -c "python -m venv /tmp/venv && /tmp/venv/bin/pip install --quiet bandit && /tmp/venv/bin/python scripts/security_check.py"
EXIT_CODE=$? EXIT_CODE=$?