Using environment variable in pre-commit hook arguments

Question

I am struggling to use an environment variable into the arguments section of pre-commit hooks config

following is an example spinet to show what I am trying to do

 - repo: https://github.com/returntocorp/semgrep
   rev: "v0.1.2"
   hooks:
     - id: semgrep
       name: semgrep my_custom_rule
       args:
         [
           "--config",
           "https://PRIVATE-TOKEN:{$TOKEN}@gitlab.com/api/proj/packages/test-rule.yml",
           "--error",
         ]

I have already set the value of TOKEN into environment variable. But still in processing the URL is taken as https://PRIVATE-TOKEN:{$TOKEN}@gitlab.com/api/proj/packages/test-rule.yml instead of with actual token value. I want to avoid putting actual token into config for security reasons.

score 8 · Answer 1 · answered Jul 18 '22 at 14:08

8

there is no substitution in the configuration -- your best bet is to use a shell or shell script which substitutes variables -- for instance:

    entry: ./run-semgrep

and then perform your custom substitution inside that shell script

disclaimer: I wrote pre-commit

answered Jul 18 '22 at 14:08

anthony sottile

61,815
15
148
207

Ah funny stuff ... you really wrote pre-commit ... Thanks by the way :) :) – Michael Ababio Oct 16 '22 at 17:02

Using environment variable in pre-commit hook arguments

1 Answers1