From 116914aec4432663d96e4373a8a98ebc815987d4 Mon Sep 17 00:00:00 2001
From: Jeremy Roman <jbroman@chromium.org>
Date: Mon, 15 Jan 2024 19:39:27 +0000
Subject: [PATCH] Exclude the CT log list from git-secrets hooks.

Some Chromium developers have global git-secrets enforcement on in their
environments, but this detects certificate transparency log list changes
as potential secrets whenever they try to make a commit which includes
them (most often, due to git-merge including it).

This excludes this particular case from that protection, to avoid these
false positives.

The syntax for this file is that every non-blank non-comment line is a
regular expression which is matched against
"filename:linenumber:linecontents" strings, where the filename is
generally but not always relative to the repository root.

Change-Id: Ib7974bad8067cccb6892d1f6e106ab5421775e3d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5186635
Reviewed-by: Rick Byers <rbyers@chromium.org>
Commit-Queue: Jeremy Roman <jbroman@chromium.org>
Reviewed-by: Carlos IL <carlosil@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1247272}
---
 .gitallowed | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 .gitallowed

diff --git a/.gitallowed b/.gitallowed
new file mode 100644
index 00000000000000..25934adbf022c3
--- /dev/null
+++ b/.gitallowed
@@ -0,0 +1,5 @@
+# This file contains patterns which are excluded from git-secrets matching.
+# Only add patterns where this is extremely likely to be a false positive.
+
+# This directory contains publicly available keys and is updated frequently.
+^([^:]*/)?components/certificate_transparency/data/