Skip to content

Commit

Permalink
Exclude the CT log list from git-secrets hooks.
Browse files Browse the repository at this point in the history 
Some Chromium developers have global git-secrets enforcement on in their
environments, but this detects certificate transparency log list changes
as potential secrets whenever they try to make a commit which includes
them (most often, due to git-merge including it).

This excludes this particular case from that protection, to avoid these
false positives.

The syntax for this file is that every non-blank non-comment line is a
regular expression which is matched against
"filename:linenumber:linecontents" strings, where the filename is
generally but not always relative to the repository root.

Change-Id: Ib7974bad8067cccb6892d1f6e106ab5421775e3d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5186635
Reviewed-by: Rick Byers <[email protected]>
Commit-Queue: Jeremy Roman <[email protected]>
Reviewed-by: Carlos IL <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1247272}
  • Loading branch information
@jeremyroman
jeremyroman authored and Chromium LUCI CQ committed Jan 15, 2024
1 parent d009713 commit 116914a
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions .gitallowed
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# This file contains patterns which are excluded from git-secrets matching.
# Only add patterns where this is extremely likely to be a false positive.

# This directory contains publicly available keys and is updated frequently.
^([^:]*/)?components/certificate_transparency/data/

0 comments on commit 116914a

Please sign in to comment.