`pre-commit` hook should use pre-built binaries instead of requiring `cargo install`

Question

`pre-commit` hook should use pre-built binaries instead of requiring `cargo install`

bgianfo opened this issue a year ago · comments

Since there are already pre-built binaries for each release, it would be nice if we could utilize them in the pre-commit hook instead of requiring a dependency on cargo install, which isn't necessarily available in all environments you would want to check for secrets.

Brian Gianforcaro · Answer 1 · Sat May 20 2023 04:33:55 GMT+0800 (China Standard Time)

Seems like there is some discussion about previous solutions: pre-commit/pre-commit#1453

Sander Maijers · Answer 2 · Wed Jun 14 2023 20:10:21 GMT+0800 (China Standard Time)

If @sirwart were to list this crate on crates.io, we could use cargo binstall and use a system language pre-commit hook. This would considerably reduce dev container image build time or complexity of fetching pre-build binaries.

  cargo binstall ripsecrets

 INFO resolve: Resolving package: 'ripsecrets'
ERROR Fatal error:

  × For crate ripsecrets: crates.io API error for ripsecrets: could not GET https://crates.io/api/v1/crates/ripsecrets: HTTP status client error (404 Not Found) for url (https://crates.io/api/v1/crates/ripsecrets)
  ├─▶ crates.io API error for ripsecrets: could not GET https://crates.io/api/v1/crates/ripsecrets: HTTP status client error (404 Not Found) for url (https://crates.io/api/v1/crates/ripsecrets)
  ├─▶ could not GET https://crates.io/api/v1/crates/ripsecrets: HTTP status client error (404 Not Found) for url (https://crates.io/api/v1/crates/ripsecrets)
  ╰─▶ HTTP status client error (404 Not Found) for url (https://crates.io/api/v1/crates/ripsecrets)

Sander Maijers · Answer 3 · Wed Jun 14 2023 20:18:08 GMT+0800 (China Standard Time)

See also: cargo-bins/cargo-binstall#3

Colin Dean · Answer 4 · Sun Sep 17 2023 15:21:06 GMT+0800 (China Standard Time)

Another thought: something I see as a rough edge of the pre-commit workflow is having to either have a Rust setup or have installed ripsecrets through something else, e.g. Homebrew. Pre-commit knows how to setup a Python environment. What if there was a simple PyO3 wrapper around ripsecrets as a library, and ripsecrets published Python packages to PyPI? That would eliminate the Rust compile step and alleviate the prerequisite. The exchange would be more setup and care for ripsecrets, but automatable.

Brian Gianforcaro · Answer 5 · Tue Sep 19 2023 08:29:35 GMT+0800 (China Standard Time)

That's a good point, I think you could even just publish the existing rust binary as a python wheel.

Brian Smith · Answer 6 · Tue Sep 19 2023 12:16:14 GMT+0800 (China Standard Time)

@bgianfo does publishing the binary to crates.io + system hook solve the problem for you? I have a visceral reaction to publishing as a Python library since one of the reasons I created ripsecrets was because at my previous job I couldn't commit because my system Python install was borked that was preventing the secret detector from running.

Joseph LaFreniere · Answer 7 · Sun Feb 25 2024 05:39:45 GMT+0800 (China Standard Time)

@sirwart Following #85, the release Actions workflow now includes publishing to crates.io. Would you be willing to release a patch version to make the crate available?

Joseph LaFreniere · Answer 8 · Sat Jun 01 2024 11:33:59 GMT+0800 (China Standard Time)

@bgianfo, @colindean sirwart has published ripsecrets to crates.io as ripsecrets. You should be unblocked if you want to use cargo binstall.