johno/beads
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(lint): add nosec and nolint annotations to hooks.go

Browse Source
This commit is contained in:
Steve Yegge
2025-12-20 17:03:02 -08:00
parent 89e7b54f73
commit 74af8733f1
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
cmd/bd/hooks.go
View File

@@ -407,6 +407,8 @@ func uninstallHooks() error {
// runPreCommitHook flushes pending changes to JSONL before commit. // runPreCommitHook flushes pending changes to JSONL before commit.
// Returns 0 on success (or if not applicable), non-zero on error. // Returns 0 on success (or if not applicable), non-zero on error.
//
//nolint:unparam // Always returns 0 by design - warnings don't block commits
func runPreCommitHook() int { func runPreCommitHook() int {
// Check if we're in a bd workspace // Check if we're in a bd workspace
if _, err := os.Stat(".beads"); os.IsNotExist(err) { if _, err := os.Stat(".beads"); os.IsNotExist(err) {
@@ -430,6 +432,7 @@ func runPreCommitHook() int {
// Stage all tracked JSONL files // Stage all tracked JSONL files
for _, f := range []string{".beads/beads.jsonl", ".beads/issues.jsonl", ".beads/deletions.jsonl", ".beads/interactions.jsonl"} { for _, f := range []string{".beads/beads.jsonl", ".beads/issues.jsonl", ".beads/deletions.jsonl", ".beads/interactions.jsonl"} {
if _, err := os.Stat(f); err == nil { if _, err := os.Stat(f); err == nil {
// #nosec G204 - f is from hardcoded list above, not user input
gitAdd := exec.Command("git", "add", f) gitAdd := exec.Command("git", "add", f)
_ = gitAdd.Run() // Ignore errors - file may not exist _ = gitAdd.Run() // Ignore errors - file may not exist
} }
@@ -440,6 +443,8 @@ func runPreCommitHook() int {
// runPostMergeHook imports JSONL after pull/merge. // runPostMergeHook imports JSONL after pull/merge.
// Returns 0 on success (or if not applicable), non-zero on error. // Returns 0 on success (or if not applicable), non-zero on error.
//
//nolint:unparam // Always returns 0 by design - warnings don't block merges
func runPostMergeHook() int { func runPostMergeHook() int {
// Skip during rebase // Skip during rebase
if isRebaseInProgress() { if isRebaseInProgress() {
@@ -504,6 +509,7 @@ func runPrePushHook() int {
files = append(files, f) files = append(files, f)
} else { } else {
// Check if tracked by git // Check if tracked by git
// #nosec G204 - f is from hardcoded list above, not user input
checkCmd := exec.Command("git", "ls-files", "--error-unmatch", f) checkCmd := exec.Command("git", "ls-files", "--error-unmatch", f)
if checkCmd.Run() == nil { if checkCmd.Run() == nil {
files = append(files, f) files = append(files, f)
@@ -517,6 +523,7 @@ func runPrePushHook() int {
// Check for uncommitted changes using git status // Check for uncommitted changes using git status
args := append([]string{"status", "--porcelain", "--"}, files...) args := append([]string{"status", "--porcelain", "--"}, files...)
// #nosec G204 - args built from hardcoded list and git subcommands
statusCmd := exec.Command("git", args...) statusCmd := exec.Command("git", args...)
output, _ := statusCmd.Output() output, _ := statusCmd.Output()
if len(output) > 0 { if len(output) > 0 {
@@ -539,6 +546,8 @@ func runPrePushHook() int {
// runPostCheckoutHook imports JSONL after branch checkout. // runPostCheckoutHook imports JSONL after branch checkout.
// args: [previous-HEAD, new-HEAD, flag] where flag=1 for branch checkout // args: [previous-HEAD, new-HEAD, flag] where flag=1 for branch checkout
// Returns 0 on success (or if not applicable), non-zero on error. // Returns 0 on success (or if not applicable), non-zero on error.
//
//nolint:unparam // Always returns 0 by design - warnings don't block checkouts
func runPostCheckoutHook(args []string) int { func runPostCheckoutHook(args []string) int {
// Only run on branch checkouts (flag=1) // Only run on branch checkouts (flag=1)
if len(args) >= 3 && args[2] != "1" { if len(args) >= 3 && args[2] != "1" {