curo/Business-Management
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: curo/Business-Management:5f306d7edca262931c721a9a33e12af6f2120349
Branches Tags
curo/Business-Management:main
..
compare: curo/Business-Management:e443ea4d395b36a9d64ddfad2d805b4fa59a1b92
Branches Tags
curo/Business-Management:main

2 Commits
5f306d7edc .. e443ea4d39

Author SHA1 Message Date
curo1305 e443ea4d39 Disable pip cache in pre-commit container 
/.cache/pip is owned by root; as UID 1001 pip emits a cache-permission
warning. Container is ephemeral so caching has no value — disable it
with PIP_NO_CACHE_DIR=1.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-13 23:08:37 +02:00
curo1305 8ac1d8223b Use venv inside pre-commit container instead of pip --user 
Creates /tmp/venv inside the ephemeral container, installs bandit there,
and runs the security check via the venv's Python. No --user installs,
no script-location warnings, no writes outside the container's /tmp.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-13 23:08:02 +02:00
1 changed files with 2 additions and 2 deletions
Expand all files Collapse all files
.githooks/pre-commit
+2 -2
View File
@@ -20,10 +20,10 @@ docker run --rm \
-w /repo \
-e STAGED_FILES="$STAGED" \
-u 1001:1001 \
-e HOME=/tmp \
-e PIP_DISABLE_PIP_VERSION_CHECK=1 \
-e PIP_NO_CACHE_DIR=1 \
python:3.12-slim \
sh -c "pip install --quiet --user --no-warn-script-location bandit && python scripts/security_check.py"
sh -c "python -m venv /tmp/venv && /tmp/venv/bin/pip install --quiet bandit && /tmp/venv/bin/python scripts/security_check.py"
EXIT_CODE=$?