61 lines
1.3 KiB
Markdown
61 lines
1.3 KiB
Markdown
---
|
|
description: Check git status, verify .gitignore, stage everything safe, commit and push
|
|
argument-hint: <commit message>
|
|
allowed-tools: Bash, Read, Write, Edit, Glob, Grep
|
|
---
|
|
|
|
Commit and push all changes with message: $ARGUMENTS
|
|
|
|
## Instructions
|
|
|
|
### Phase 1: Audit What's Changed
|
|
|
|
```bash
|
|
git status
|
|
git diff --stat
|
|
git diff --cached --stat
|
|
```
|
|
|
|
### Phase 2: Security Check
|
|
|
|
Scan for files that should NEVER be committed:
|
|
|
|
- `.env` files (except `.env.example`)
|
|
- `*.pem`, `*.key`, `*.p12`, `*.pfx`
|
|
- `credentials.json`, `service-account*.json`
|
|
- `.envault/` directory
|
|
|
|
```bash
|
|
git diff --cached --name-only | xargs grep -l -E "(api_key|apikey|secret|password|token)\s*[:=]\s*['\"][^'\"]+['\"]" 2>/dev/null || true
|
|
```
|
|
|
|
### Phase 3: Verify .gitignore
|
|
|
|
Check that .gitignore covers secrets, dependencies, build artifacts.
|
|
|
|
### Phase 4: Stage and Commit
|
|
|
|
```bash
|
|
git add -A
|
|
git diff --cached --name-only | grep -E "\.(env|pem|key)$" && echo "WARNING: Sensitive files staged!" || true
|
|
git commit -m "$ARGUMENTS"
|
|
```
|
|
|
|
### Phase 5: If Commit Fails
|
|
|
|
If pre-commit hooks fail:
|
|
1. Fix the issues
|
|
2. Re-stage: `git add -A`
|
|
3. Retry commit (max 3 times)
|
|
|
|
### Phase 6: Push
|
|
|
|
```bash
|
|
git push origin HEAD
|
|
```
|
|
|
|
## Safety Rules
|
|
|
|
**NEVER commit:** `.env` with real values, private keys, credentials, files > 50MB.
|
|
**ALWAYS verify** .gitignore before staging.
|