curo/Business-Management
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: curo/Business-Management:e2c55556ac21476ecea0702b9d05147acdabc526
Branches Tags
curo/Business-Management:main
...
compare: curo/Business-Management:5f306d7edca262931c721a9a33e12af6f2120349
Branches Tags
curo/Business-Management:main

2 Commits
e2c55556ac ... 5f306d7edc

Author SHA1 Message Date
curo1305 5f306d7edc Suppress noisy pip warnings in pre-commit hook 
--no-warn-script-location: bandit scripts go to /tmp/.local/bin which is
not on PATH, but we invoke via 'python -m bandit' so this is harmless.
PIP_DISABLE_PIP_VERSION_CHECK=1: silence the version upgrade notice.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-13 23:05:00 +02:00
curo1305 fd95459fc9 Run pre-commit security check as non-root (UID 1001) 
docker run was using python:3.12-slim's default root user, causing pip
to warn about running as root. Fix: add -u 1001:1001, set HOME=/tmp so
pip --user has a writable install location, and pass --user to pip.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-13 23:04:32 +02:00
1 changed files with 4 additions and 1 deletions
Expand all files Collapse all files
.githooks/pre-commit
+4 -1
View File
@@ -19,8 +19,11 @@ docker run --rm \
-v "$REPO_ROOT":/repo \
-w /repo \
-e STAGED_FILES="$STAGED" \
-u 1001:1001 \
-e HOME=/tmp \
-e PIP_DISABLE_PIP_VERSION_CHECK=1 \
python:3.12-slim \
sh -c "pip install --quiet bandit && python scripts/security_check.py"
sh -c "pip install --quiet --user --no-warn-script-location bandit && python scripts/security_check.py"
EXIT_CODE=$?