aboutsummaryrefslogtreecommitdiff
path: root/scripts/sweep-gitignore-tooling.sh
diff options
context:
space:
mode:
authorCraig Jennings <c@cjennings.net>2026-07-01 21:42:11 -0400
committerCraig Jennings <c@cjennings.net>2026-07-01 21:42:11 -0400
commitbac3fe480753bf61fbd483090219a45d4eb7b285 (patch)
tree33871afb86927b25da9790b157aa7af277443050 /scripts/sweep-gitignore-tooling.sh
parent909b21be04865da56f76b1ac5416c1bc97ba73d2 (diff)
downloadrulesets-bac3fe480753bf61fbd483090219a45d4eb7b285.tar.gz
rulesets-bac3fe480753bf61fbd483090219a45d4eb7b285.zip
fix(sweep): treat the bare cjennings ssh-alias remote as private
The public-reachability check excluded only the literal cjennings.net host, so a remote addressed through the ~/.ssh/config alias (git@cjennings:repo.git) read as public and drew a false WARN on rulesets itself.
Diffstat (limited to 'scripts/sweep-gitignore-tooling.sh')
-rwxr-xr-xscripts/sweep-gitignore-tooling.sh4
1 files changed, 3 insertions, 1 deletions
diff --git a/scripts/sweep-gitignore-tooling.sh b/scripts/sweep-gitignore-tooling.sh
index f04d3cd..68bfe2d 100755
--- a/scripts/sweep-gitignore-tooling.sh
+++ b/scripts/sweep-gitignore-tooling.sh
@@ -99,8 +99,10 @@ for project in "${projects[@]}"; do
tracked_tooling+=("$path")
fi
done
+ # Private = the cjennings.net server, whether addressed by FQDN or by the
+ # bare `cjennings` ssh-config alias (git@cjennings:repo.git).
public_remote="$(git -C "$project" remote -v 2>/dev/null \
- | awk '{print $2}' | grep -v 'cjennings\.net' | sort -u | head -1 || true)"
+ | awk '{print $2}' | grep -vE '(@|://)cjennings(\.net)?[:/]' | sort -u | head -1 || true)"
if [ "${#tracked_tooling[@]}" -gt 0 ] && [ -n "$public_remote" ]; then
echo "skip $name — track-mode (.ai/ not gitignored)"
echo " WARN $name: tracked tooling (${tracked_tooling[*]}) is publicly reachable via $public_remote — gitignore the set and 'git -C $project rm --cached -r <path>' unless this is a deliberate team-shared config"