diff options
| author | Craig Jennings <c@cjennings.net> | 2026-07-01 21:42:11 -0400 |
|---|---|---|
| committer | Craig Jennings <c@cjennings.net> | 2026-07-01 21:42:11 -0400 |
| commit | bac3fe480753bf61fbd483090219a45d4eb7b285 (patch) | |
| tree | 33871afb86927b25da9790b157aa7af277443050 /scripts/sweep-gitignore-tooling.sh | |
| parent | 909b21be04865da56f76b1ac5416c1bc97ba73d2 (diff) | |
| download | rulesets-bac3fe480753bf61fbd483090219a45d4eb7b285.tar.gz rulesets-bac3fe480753bf61fbd483090219a45d4eb7b285.zip | |
fix(sweep): treat the bare cjennings ssh-alias remote as private
The public-reachability check excluded only the literal cjennings.net host, so a remote addressed through the ~/.ssh/config alias (git@cjennings:repo.git) read as public and drew a false WARN on rulesets itself.
Diffstat (limited to 'scripts/sweep-gitignore-tooling.sh')
| -rwxr-xr-x | scripts/sweep-gitignore-tooling.sh | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/scripts/sweep-gitignore-tooling.sh b/scripts/sweep-gitignore-tooling.sh index f04d3cd..68bfe2d 100755 --- a/scripts/sweep-gitignore-tooling.sh +++ b/scripts/sweep-gitignore-tooling.sh @@ -99,8 +99,10 @@ for project in "${projects[@]}"; do tracked_tooling+=("$path") fi done + # Private = the cjennings.net server, whether addressed by FQDN or by the + # bare `cjennings` ssh-config alias (git@cjennings:repo.git). public_remote="$(git -C "$project" remote -v 2>/dev/null \ - | awk '{print $2}' | grep -v 'cjennings\.net' | sort -u | head -1 || true)" + | awk '{print $2}' | grep -vE '(@|://)cjennings(\.net)?[:/]' | sort -u | head -1 || true)" if [ "${#tracked_tooling[@]}" -gt 0 ] && [ -n "$public_remote" ]; then echo "skip $name — track-mode (.ai/ not gitignored)" echo " WARN $name: tracked tooling (${tracked_tooling[*]}) is publicly reachable via $public_remote — gitignore the set and 'git -C $project rm --cached -r <path>' unless this is a deliberate team-shared config" |
