diff options
| author | Craig Jennings <c@cjennings.net> | 2026-07-01 21:42:11 -0400 |
|---|---|---|
| committer | Craig Jennings <c@cjennings.net> | 2026-07-01 21:42:11 -0400 |
| commit | bac3fe480753bf61fbd483090219a45d4eb7b285 (patch) | |
| tree | 33871afb86927b25da9790b157aa7af277443050 /scripts | |
| parent | 909b21be04865da56f76b1ac5416c1bc97ba73d2 (diff) | |
| download | rulesets-bac3fe480753bf61fbd483090219a45d4eb7b285.tar.gz rulesets-bac3fe480753bf61fbd483090219a45d4eb7b285.zip | |
fix(sweep): treat the bare cjennings ssh-alias remote as private
The public-reachability check excluded only the literal cjennings.net host, so a remote addressed through the ~/.ssh/config alias (git@cjennings:repo.git) read as public and drew a false WARN on rulesets itself.
Diffstat (limited to 'scripts')
| -rwxr-xr-x | scripts/sweep-gitignore-tooling.sh | 4 | ||||
| -rw-r--r-- | scripts/tests/sweep-gitignore-tooling.bats | 14 |
2 files changed, 17 insertions, 1 deletions
diff --git a/scripts/sweep-gitignore-tooling.sh b/scripts/sweep-gitignore-tooling.sh index f04d3cd..68bfe2d 100755 --- a/scripts/sweep-gitignore-tooling.sh +++ b/scripts/sweep-gitignore-tooling.sh @@ -99,8 +99,10 @@ for project in "${projects[@]}"; do tracked_tooling+=("$path") fi done + # Private = the cjennings.net server, whether addressed by FQDN or by the + # bare `cjennings` ssh-config alias (git@cjennings:repo.git). public_remote="$(git -C "$project" remote -v 2>/dev/null \ - | awk '{print $2}' | grep -v 'cjennings\.net' | sort -u | head -1 || true)" + | awk '{print $2}' | grep -vE '(@|://)cjennings(\.net)?[:/]' | sort -u | head -1 || true)" if [ "${#tracked_tooling[@]}" -gt 0 ] && [ -n "$public_remote" ]; then echo "skip $name — track-mode (.ai/ not gitignored)" echo " WARN $name: tracked tooling (${tracked_tooling[*]}) is publicly reachable via $public_remote — gitignore the set and 'git -C $project rm --cached -r <path>' unless this is a deliberate team-shared config" diff --git a/scripts/tests/sweep-gitignore-tooling.bats b/scripts/tests/sweep-gitignore-tooling.bats index 6dc46ee..f18eac5 100644 --- a/scripts/tests/sweep-gitignore-tooling.bats +++ b/scripts/tests/sweep-gitignore-tooling.bats @@ -176,3 +176,17 @@ make_project() { [ "$status" -eq 0 ] [[ "$output" != *"publicly reachable"* ]] } + +@test "sweep: the bare cjennings ssh-alias remote counts as private too" { + make_project aliastrack $'out/\n' + echo "# project rules" > "$ROOT/aliastrack/CLAUDE.md" + (cd "$ROOT/aliastrack" \ + && git add CLAUDE.md \ + && git -c user.email=t@t -c user.name=t commit -qm seed \ + && git remote add origin git@cjennings:aliastrack.git) + + run bash "$SWEEP" "$ROOT" + + [ "$status" -eq 0 ] + [[ "$output" != *"publicly reachable"* ]] +} |
