Making the pre-push faster?

2026-02-11 18:21:26 +01:00 · 2026-02-11 18:21:26 +01:00 · 118160c4b9
commit 118160c4b9
parent 53bc2b0e0c
1 changed files with 75 additions and 71 deletions
--- a/.checks/pre-push
+++ b/.checks/pre-push
@ -15,98 +15,102 @@ CONTENT_DIR="$REPO_ROOT/content"
 ZENSICAL_CFG_PATH="$REPO_ROOT/zensical.toml"
 SITE_DIR="$REPO_ROOT/deploy"
 LOG_DIR="$REPO_ROOT/logs"
+mkdir -p "$LOG_DIR"

-# Removing the old logs and recreating logs folder
-rm -rf "$LOG_DIR"; mkdir -p "$LOG_DIR"
+# Cleanup old logs
+rm -f "$LOG_DIR/*"

-SERVER_PID=""
+# Cleanup function
 cleanup() {
+     trap - EXIT INT TERM
     if [[ -n "${SERVER_PID:-}" ]] && ps -p "$SERVER_PID" >/dev/null 2>&1; then
          kill "$SERVER_PID" >/dev/null 2>&1 || true
-     for _ in {1..30}; do ps -p "$SERVER_PID" >/dev/null 2>&1 || break; sleep 0.1; done
+          for _ in {1..30}; do ps -p "$SERVER_PID" >/dev/null 2>&1 || break; sleep 0.1; done
     fi
 }
 trap cleanup EXIT INT TERM

-# Trivy check for vulnerabilities in dependencies
-if command -v trivy &>/dev/null; then
-     echo -e "${GREEN}Running Trivy scan...${NC}"
-     trivy fs . --exit-code 1 --severity CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN --no-progress --scanners vuln \
-     >"$LOG_DIR/trivy.log" 2>&1 || { echo -e "${RED}Trivy failed. See $LOG_DIR/trivy.log${NC}"; exit 1; }
-else
-     echo -e "${YELLOW}Trivy not installed. Skipping vulnerability scan.${NC}"
-fi
+# Function to run commands and log output
+run_command() {
+    local cmd="$1"
+    local logfile="$2"
+    echo -e "${GREEN}Running ${cmd}...${NC}"
+    $cmd >"$logfile" 2>&1 || { echo -e "${RED}${cmd} failed. See $logfile${NC}"; exit 1; }
+}

-# Trufflehog check for passwords and secrets
-if command -v trufflehog &>/dev/null && command -v jq &>/dev/null; then
-     echo -e "${GREEN}Running TruffleHog (verified only)...${NC}"
-     TMPF="$(mktemp)"
-     trufflehog filesystem . --json >"$TMPF" 2>"$LOG_DIR/trufflehog.log" || true
-     VERIFIED="$(jq 'select(.verified==true)' "$TMPF" | wc -l | tr -d ' ')"
-     if [[ "$VERIFIED" -gt 0 ]]; then
-          cp "$TMPF" "$LOG_DIR/trufflehog-findings.json"
-          echo -e "${RED}Verified secrets found. See $LOG_DIR/trufflehog-findings.json${NC}"
-          rm -f "$TMPF"; exit 1
-     fi
-     rm -f "$TMPF"
-else
-     echo -e "${YELLOW}TruffleHog or jq not installed. Skipping secrets scan.${NC}"
-fi
+# Running independent checks in parallel
+{
+    # Trivy check for vulnerabilities
+    if command -v trivy &>/dev/null; then
+        run_command "trivy fs . --exit-code 1 --severity CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN --no-progress --scanners vuln" "$LOG_DIR/trivy.log"
+    else
+        echo -e "${YELLOW}Trivy not installed. Skipping vulnerability scan.${NC}"
+    fi
+} &

-# Dependabot dependency vulnerability check
-if command -v npm &>/dev/null && [[ -f package.json ]]; then
-     echo -e "${GREEN}Running npm audit...${NC}"
-     npm audit --audit-level=high >"$LOG_DIR/npm-audit.log" 2>&1 || {
-          echo -e "${RED}npm audit found vulnerabilities. See $LOG_DIR/npm-audit.log${NC}"
-          exit 1
-     }
-elif command -v pip &>/dev/null && [[ -f requirements.txt ]]; then
-     echo -e "${GREEN}Running pip dependency check...${NC}"
-     pip list --outdated >"$LOG_DIR/pip-outdated.log" 2>&1 || true
-     if grep -q "upgradable" "$LOG_DIR/pip-outdated.log"; then
-          echo -e "${YELLOW}Outdated Python dependencies found. See $LOG_DIR/pip-outdated.log${NC}"
-     fi
-else
-     echo -e "${YELLOW}No dependency management files found. Skipping dependency checks.${NC}"
-fi
+{
+    # Trufflehog check for passwords and secrets
+    if command -v trufflehog &>/dev/null && command -v jq &>/dev/null; then
+        TMPF="$(mktemp)"
+        trufflehog filesystem . --json >"$TMPF" 2>"$LOG_DIR/trufflehog.log" || true
+        if jq -e 'select(.verified==true)' "$TMPF" | grep -q .; then
+            cp "$TMPF" "$LOG_DIR/trufflehog-findings.json"
+            echo -e "${RED}Verified secrets found. See $LOG_DIR/trufflehog-findings.json${NC}"
+            rm -f "$TMPF"; exit 1
+        fi
+        rm -f "$TMPF"
+    else
+        echo -e "${YELLOW}TruffleHog or jq not installed. Skipping secrets scan.${NC}"
+    fi
+} &

-# Lint all the markdown files using markdownlint-cli2
+{
+    # Dependabot dependency vulnerability check
+    if command -v npm &>/dev/null && [[ -f package.json ]]; then
+        run_command "npm audit --audit-level=high" "$LOG_DIR/npm-audit.log"
+    elif command -v pip &>/dev/null && [[ -f requirements.txt ]]; then
+        run_command "pip list --outdated" "$LOG_DIR/pip-outdated.log"
+        if grep -q "upgradable" "$LOG_DIR/pip-outdated.log"; then
+            echo -e "${YELLOW}Outdated Python dependencies found. See $LOG_DIR/pip-outdated.log${NC}"
+        fi
+    else
+        echo -e "${YELLOW}No dependency management files found. Skipping dependency checks.${NC}"
+    fi
+} &
+
+# Wait for all background jobs to finish
+wait
+
+# Lint markdown files using markdownlint-cli2
 if command -v markdownlint-cli2 &>/dev/null; then
-     echo -e "${GREEN}Running markdownlint...${NC}"
-     # Check committed Markdown files instead of staged ones
-     MD_FILES="$(git diff HEAD~1 HEAD --name-only --diff-filter=ACM | grep -E '\.md$' || true)"
-     if [[ -n "$MD_FILES" ]]; then
-          # shellcheck disable=SC2086
-          echo $MD_FILES | xargs markdownlint-cli2 >"$LOG_DIR/markdownlint.log" 2>&1 || {
-          echo -e "${RED}markdownlint-cli2 failed. See $LOG_DIR/markdownlint.log${NC}"; exit 1; }
-     else
-          echo -e "${YELLOW}No committed Markdown files found. Skipping markdown check.${NC}"
-     fi
+    MD_FILES="$(git diff HEAD~1 HEAD --name-only --diff-filter=ACM | grep -E '\.md$' || true)"
+    if [[ -n "$MD_FILES" ]]; then
+        echo -e "${GREEN}Running markdownlint...${NC}"
+        echo $MD_FILES | xargs markdownlint-cli2 >"$LOG_DIR/markdownlint.log" 2>&1 || {
+            echo -e "${RED}markdownlint-cli2 failed. See $LOG_DIR/markdownlint.log${NC}"; exit 1; }
+    else
+        echo -e "${YELLOW}No committed Markdown files found. Skipping markdown check.${NC}"
+    fi
 else
-     echo -e "${YELLOW}markdownlint-cli2 not installed. Skipping markdown check.${NC}"
+    echo -e "${YELLOW}markdownlint-cli2 not installed. Skipping markdown check.${NC}"
 fi

 # Lint language using Vale
 if command -v vale &>/dev/null && [[ -f "$REPO_ROOT/.vale.ini" ]]; then
-     echo -e "${GREEN}Running Vale...${NC}"
-     # Check committed Markdown files instead of staged ones
-     VALE_FILES="$(git diff HEAD~1 HEAD --name-only --diff-filter=ACM | grep -E '\.md$' || true)"
-     if [[ -n "$VALE_FILES" ]]; then
-          # shellcheck disable=SC2086
-          echo $VALE_FILES | xargs vale >"$LOG_DIR/vale.log" 2>&1 || {
-          echo -e "${RED}Vale issues. See $LOG_DIR/vale.log${NC}"; exit 1; }
-     else
-          echo -e "${YELLOW}No committed Markdown files found. Skipping Vale check.${NC}"
-     fi
+    echo -e "${GREEN}Running Vale...${NC}"
+    VALE_FILES="$(git diff HEAD~1 HEAD --name-only --diff-filter=ACM | grep -E '\.md$' || true)"
+    if [[ -n "$VALE_FILES" ]]; then
+        echo $VALE_FILES | xargs vale >"$LOG_DIR/vale.log" 2>&1 || {
+            echo -e "${RED}Vale issues. See $LOG_DIR/vale.log${NC}"; exit 1; }
+    else
+        echo -e "${YELLOW}No committed Markdown files found. Skipping Vale check.${NC}"
+    fi
 else
-     echo -e "${YELLOW}Vale not installed or .vale.ini missing. Skipping Vale.${NC}"
+    echo -e "${YELLOW}Vale not installed or .vale.ini missing. Skipping Vale.${NC}"
 fi

 # Build the site using Zensical to check for build errors
 if ! command -v zensical >/dev/null 2>&1; then
-     echo -e "${RED}Zensical not installed; cannot build docs.${NC}"; exit 1
+    echo -e "${RED}Zensical not installed; cannot build docs.${NC}"; exit 1
 fi
-echo -e "${GREEN}Building documentation (strict)…${NC}"
-zensical build --clean >"$LOG_DIR/zensical-build.log" 2>&1 || {
-     echo -e "${RED}Zensical build failed. See $LOG_DIR/zensical-build.log${NC}"; exit 1;
-}
+run_command "zensical build --clean" "$LOG_DIR/zensical-build.log"