From a67bf27b67c4d22c044856f6e0469ab3850649cf Mon Sep 17 00:00:00 2001
From: naman-contentstack <naman.dembla@cotentstack.com>
Date: Mon, 12 May 2025 15:35:28 +0530
Subject: [PATCH] added husky

---
 .husky/pre-commit | 69 +++++++++++++++++++++++++++++++++++++++++++++++
 .talismanrc       |  5 ++--
 package-lock.json | 17 ++++++++++++
 package.json      |  4 ++-
 4 files changed, 92 insertions(+), 3 deletions(-)
 create mode 100755 .husky/pre-commit

diff --git a/.husky/pre-commit b/.husky/pre-commit
new file mode 100755
index 0000000..825b860
--- /dev/null
+++ b/.husky/pre-commit
@@ -0,0 +1,69 @@
+#!/usr/bin/env sh
+# Pre-commit hook to run Talisman and Snyk scans, completing both before deciding to commit
+
+# Function to check if a command exists
+command_exists() {
+  command -v "$1" >/dev/null 2>&1
+}
+
+# Check if Talisman is installed
+if ! command_exists talisman; then
+  echo "Error: Talisman is not installed. Please install it and try again."
+  exit 1
+fi
+
+# Check if Snyk is installed
+if ! command_exists snyk; then
+  echo "Error: Snyk is not installed. Please install it and try again."
+  exit 1
+fi
+
+# Allow bypassing the hook with an environment variable
+if [ "$SKIP_HOOK" = "1" ]; then
+  echo "Skipping Talisman and Snyk scans (SKIP_HOOK=1)."
+  exit 0
+fi
+
+# Initialize variables to track scan results
+talisman_failed=false
+snyk_failed=false
+
+# Run Talisman secret scan
+echo "Running Talisman secret scan..."
+talisman --githook pre-commit > talisman_output.log 2>&1
+talisman_exit_code=$?
+
+if [ $talisman_exit_code -eq 0 ]; then
+  echo "Talisman scan passed: No secrets found."
+else
+  echo "Talisman scan failed (exit code $talisman_exit_code). See talisman_output.log for details."
+  talisman_failed=true
+fi
+
+# Run Snyk vulnerability scan (continues even if Talisman failed)
+echo "Running Snyk vulnerability scan..."
+snyk test --all-projects --fail-on=all > snyk_output.log 2>&1
+snyk_exit_code=$?
+
+if [ $snyk_exit_code -eq 0 ]; then
+  echo "Snyk scan passed: No vulnerabilities found."
+elif [ $snyk_exit_code -eq 1 ]; then
+  echo "Snyk found vulnerabilities. See snyk_output.log for details."
+  snyk_failed=true
+else
+  echo "Snyk scan failed with error (exit code $snyk_exit_code). See snyk_output.log for details."
+  snyk_failed=true
+fi
+
+# Evaluate results after both scans
+if [ "$talisman_failed" = true ] || [ "$snyk_failed" = true ]; then
+  echo "Commit aborted due to issues found in one or both scans."
+  [ "$talisman_failed" = true ] && echo "- Talisman issues: Check talisman_output.log"
+  [ "$snyk_failed" = true ] && echo "- Snyk issues: Check snyk_output.log"
+  exit 1
+fi
+
+# If both scans pass, allow the commit
+echo "All scans passed. Proceeding with commit."
+rm -f talisman_output.log snyk_output.log
+exit 0
\ No newline at end of file
diff --git a/.talismanrc b/.talismanrc
index 249214d..6d2a878 100644
--- a/.talismanrc
+++ b/.talismanrc
@@ -1,8 +1,9 @@
 fileignoreconfig:
   - filename: package-lock.json
-    checksum: 4dc3e113527983251f6351c3fbfb9bc6129331c3ee85a78f10d72cdcc9de8186
+    checksum: f5ee5780b8631eb4cfc7186057e47683089a38d45baa7208488d3e5f702c7bf5
   - filename: src/commands/cm/stacks/validate-regex.ts
-    checksum: 883813675c599a981450130bcd377eb44aad27bf86628c56bfc89a7f1ac47d5e
+  - filename: .husky/pre-commit
+    checksum: 1b9367d219802de2e3a8af9c5c698e0c255c00af89339d73bdbb8acf5275079f
   - filename: messages/index.json
     checksum: 01e9c9b943bfa1ebe6e7d6bede86b55b08641d64b9cc8af6cedea5c0a6273468
 version: ""
diff --git a/package-lock.json b/package-lock.json
index 7a14b4e..b812193 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -35,6 +35,7 @@
         "eslint-config-oclif": "^4.0.0",
         "eslint-config-oclif-typescript": "^1.0.3",
         "globby": "^10.0.2",
+        "husky": "^9.1.7",
         "mocha": "^10.8.2",
         "nyc": "^15.1.0",
         "oclif": "^3.17.2",
@@ -8468,6 +8469,22 @@
         "ms": "^2.0.0"
       }
     },
+    "node_modules/husky": {
+      "version": "9.1.7",
+      "resolved": "https://registry.npmjs.org/husky/-/husky-9.1.7.tgz",
+      "integrity": "sha512-5gs5ytaNjBrh5Ow3zrvdUUY+0VxIuWVL4i9irt6friV+BqdCfmV11CQTWMiBYWHbXhco+J1kHfTOUkePhCDvMA==",
+      "dev": true,
+      "license": "MIT",
+      "bin": {
+        "husky": "bin.js"
+      },
+      "engines": {
+        "node": ">=18"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/typicode"
+      }
+    },
     "node_modules/hyperlinker": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/hyperlinker/-/hyperlinker-1.0.0.tgz",
diff --git a/package.json b/package.json
index 1eb777f..b9f3680 100644
--- a/package.json
+++ b/package.json
@@ -19,6 +19,7 @@
     "eslint-config-oclif": "^4.0.0",
     "eslint-config-oclif-typescript": "^1.0.3",
     "globby": "^10.0.2",
+    "husky": "^9.1.7",
     "mocha": "^10.8.2",
     "nyc": "^15.1.0",
     "oclif": "^3.17.2",
@@ -58,7 +59,8 @@
     "posttest": "eslint . --ext .ts --config .eslintrc",
     "prepack": "rm -rf lib && tsc -b && oclif manifest && oclif readme",
     "test": "jest --detectOpenHandles --silent",
-    "version": "oclif-dev readme && git add README.md"
+    "version": "oclif-dev readme && git add README.md",
+    "prepare": "npx husky && chmod +x .husky/pre-commit"
   },
   "dependencies": {
     "@contentstack/cli-command": "^1.5.0",