Add QA test outputs, build scripts, and Dockerfile validation

- Created `qa-test-output-after-fix.txt` and `qa-test-output.txt` to log results of certificate page authentication tests. - Added `build.sh` for deterministic backend builds in CI, utilizing `go list` for efficiency. - Introduced `codeql_scan.sh` for CodeQL database creation and analysis for Go and JavaScript/TypeScript. - Implemented `dockerfile_check.sh` to validate Dockerfiles for base image and package manager mismatches. - Added `sourcery_precommit_wrapper.sh` to facilitate Sourcery CLI usage in pre-commit hooks.
2025-12-11 18:26:24 +00:00
parent 65d837a13f
commit 8294d6ee49
609 changed files with 111623 additions and 0 deletions
--- a/scripts/pre-commit-hooks/block-codeql-db-commits.sh
+++ b/scripts/pre-commit-hooks/block-codeql-db-commits.sh
@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+set -euo pipefail
+staged=$(git diff --cached --name-only | tr '\r' '\n' || true)
+if [ -n "${staged}" ]; then
+  # Exclude the pre-commit-hooks directory and this script itself
+  filtered=$(echo "$staged" | grep -v '^scripts/pre-commit-hooks/' | grep -v '^data/backups/' || true)
+  if echo "$filtered" | grep -q "codeql-db"; then
+    echo "Error: Attempting to commit CodeQL database artifacts (codeql-db)." >&2
+    echo "These should not be committed. Remove them or add to .gitignore and try again." >&2
+    echo "Tip: Use 'scripts/repo_health_check.sh' to validate repository health." >&2
+    exit 1
+  fi
+fi
+exit 0
--- a/scripts/pre-commit-hooks/block-data-backups-commit.sh
+++ b/scripts/pre-commit-hooks/block-data-backups-commit.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+
+# Prevent committing any files under data/backups/ accidentally
+staged_files=$(git diff --cached --name-only || true)
+if [ -z "$staged_files" ]; then
+  exit 0
+fi
+
+for f in $staged_files; do
+  case "$f" in
+    data/backups/*)
+      echo "Error: Committing files under data/backups/ is blocked. Remove them from the commit and re-run." >&2
+      exit 1
+      ;;
+  esac
+done
+
+exit 0
--- a/scripts/pre-commit-hooks/check-lfs-for-large-files.sh
+++ b/scripts/pre-commit-hooks/check-lfs-for-large-files.sh
@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# pre-commit hook: ensure large files added to git are tracked by Git LFS
+MAX_BYTES=$((50 * 1024 * 1024))
+FAILED=0
+
+STAGED_FILES=$(git diff --cached --name-only --diff-filter=ACM)
+if [ -z "$STAGED_FILES" ]; then
+  exit 0
+fi
+
+while read -r f; do
+  [ -z "$f" ] && continue
+  if [ -f "$f" ]; then
+    size=$(stat -c%s "$f")
+    if [ "$size" -gt "$MAX_BYTES" ]; then
+      # check if tracked by LFS via git check-attr
+      filter_attr=$(git check-attr --stdin filter <<<"$f" | awk '{print $3}' || true)
+      if [ "$filter_attr" != "lfs" ]; then
+        echo "ERROR: Large file not tracked by Git LFS: $f ($size bytes)" >&2
+        FAILED=1
+      fi
+    fi
+  fi
+done <<<"$STAGED_FILES"
+
+if [ $FAILED -ne 0 ]; then
+  echo "You must track large files in Git LFS. Aborting commit." >&2
+  exit 1
+fi
+
+exit 0