From 942c0dc98f605282fdf3c0ac6b9a549647f89f41 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Tue, 13 Aug 2024 06:17:33 -0400 Subject: [PATCH 01/11] Add a new trigger for the sync-labels GitHub Actions workflow Add a `workflow_dispatch` trigger so we can manually run the workflow if needed. --- .github/workflows/sync-labels.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index e83bd41..59aefe4 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -6,6 +6,7 @@ on: paths: - '.github/labels.yml' - '.github/workflows/sync-labels.yml' + workflow_dispatch: permissions: contents: read From a267662455c30986086d4ca14173cc20af7161d4 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Tue, 13 Aug 2024 06:19:38 -0400 Subject: [PATCH 02/11] Remove unnecessary quotes in the sync-labels workflow --- .github/workflows/sync-labels.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index 59aefe4..5d5ab41 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -4,8 +4,8 @@ name: sync-labels on: push: paths: - - '.github/labels.yml' - - '.github/workflows/sync-labels.yml' + - .github/labels.yml + - .github/workflows/sync-labels.yml workflow_dispatch: permissions: From dc7f09e29b8466af0fa2f788761e22dd2fcbd0ce Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Sat, 14 Sep 2024 18:44:01 -0400 Subject: [PATCH 03/11] Add four new hooks from pre-commit/pre-commit-hooks --- .pre-commit-config.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 3cb1f85..c98ded8 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -16,9 +16,13 @@ repos: - id: check-executables-have-shebangs - id: check-json - id: check-merge-conflict + - id: check-shebang-scripts-are-executable + - id: check-symlinks - id: check-toml + - id: check-vcs-permalinks - id: check-xml - id: debug-statements + - id: destroyed-symlinks - id: detect-aws-credentials args: - --allow-missing-credentials From 343d2ccbd1cd983374235e5d3bfcecd3187c00d5 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Mon, 28 Oct 2024 17:47:53 -0400 Subject: [PATCH 04/11] Add the GitHubSecurityLab/actions-permissions/monitor Action This Action will provide information about the usage of GITHUB_TOKEN in the workflow. It should be added to _every_ job in _any_ workflow to provide information for analysis. --- .github/dependabot.yml | 1 + .github/workflows/build.yml | 10 ++++++++++ .github/workflows/sync-labels.yml | 10 ++++++++++ 3 files changed, 21 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 17220c6..4a6667f 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -16,6 +16,7 @@ updates: # - dependency-name: crazy-max/ghaction-dump-context # - dependency-name: crazy-max/ghaction-github-labeler # - dependency-name: crazy-max/ghaction-github-status + # - dependency-name: GitHubSecurityLab/actions-permissions # - dependency-name: hashicorp/setup-terraform # - dependency-name: mxschmitt/action-tmate # - dependency-name: step-security/harden-runner diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e7a60b2..2cdd921 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -34,6 +34,12 @@ jobs: steps: # Note that a duplicate of this step must be added at the top of # each job. + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + # Uses the organization variable unless overridden + config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }} + # Note that a duplicate of this step must be added at the top of + # each job. - id: harden-runner name: Harden the runner uses: step-security/harden-runner@v2 @@ -50,6 +56,10 @@ jobs: - diagnostics runs-on: ubuntu-latest steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + # Uses the organization variable unless overridden + config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }} - id: harden-runner name: Harden the runner uses: step-security/harden-runner@v2 diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index e83bd41..d2458d1 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -17,6 +17,12 @@ jobs: steps: # Note that a duplicate of this step must be added at the top of # each job. + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + # Uses the organization variable unless overridden + config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }} + # Note that a duplicate of this step must be added at the top of + # each job. - id: harden-runner name: Harden the runner uses: step-security/harden-runner@v2 @@ -38,6 +44,10 @@ jobs: issues: write runs-on: ubuntu-latest steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + # Uses the organization variable unless overridden + config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }} - id: harden-runner name: Harden the runner uses: step-security/harden-runner@v2 From 8a77a8b77a7d5e5247e8ff563d93a14510e09b9a Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Mon, 28 Oct 2024 17:09:15 -0400 Subject: [PATCH 05/11] Restrict permissions of GITHUB_TOKEN This changes the default permissions for the GITHUB_TOKEN used in our GitHub Actions configuration to the minimum required to successfully run. --- .github/workflows/build.yml | 5 +++++ .github/workflows/sync-labels.yml | 2 ++ 2 files changed, 7 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e7a60b2..d4340af 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -30,6 +30,8 @@ env: jobs: diagnostics: name: Run diagnostics + # This job does not need any permissions + permissions: {} runs-on: ubuntu-latest steps: # Note that a duplicate of this step must be added at the top of @@ -48,6 +50,9 @@ jobs: lint: needs: - diagnostics + permissions: + # actions/checkout needs this to fetch code + contents: read runs-on: ubuntu-latest steps: - id: harden-runner diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index e83bd41..39e7379 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -13,6 +13,8 @@ permissions: jobs: diagnostics: name: Run diagnostics + # This job does not need any permissions + permissions: {} runs-on: ubuntu-latest steps: # Note that a duplicate of this step must be added at the top of From 3b1d4ef0fae08e6444e9b414ce1315841e681322 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Wed, 16 Oct 2024 12:53:42 -0400 Subject: [PATCH 06/11] Update pre-commit hook versions This is done automatically with the `pre-commit autoupdate` command. --- .pre-commit-config.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 3cb1f85..26b399d 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -10,7 +10,7 @@ repos: - id: check-useless-excludes - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.6.0 + rev: v5.0.0 hooks: - id: check-case-conflict - id: check-executables-have-shebangs @@ -53,14 +53,14 @@ repos: # GitHub Actions hooks - repo: https://github.com/python-jsonschema/check-jsonschema - rev: 0.29.2 + rev: 0.29.4 hooks: - id: check-github-actions - id: check-github-workflows # pre-commit hooks - repo: https://github.com/pre-commit/pre-commit - rev: v3.8.0 + rev: v4.0.1 hooks: - id: validate_manifest @@ -95,7 +95,7 @@ repos: # Shell script hooks - repo: https://github.com/scop/pre-commit-shfmt - rev: v3.9.0-1 + rev: v3.10.0-1 hooks: - id: shfmt args: @@ -125,7 +125,7 @@ repos: args: - --config=.bandit.yml - repo: https://github.com/psf/black-pre-commit-mirror - rev: 24.8.0 + rev: 24.10.0 hooks: - id: black - repo: https://github.com/PyCQA/flake8 @@ -139,7 +139,7 @@ repos: hooks: - id: isort - repo: https://github.com/pre-commit/mirrors-mypy - rev: v1.11.2 + rev: v1.13.0 hooks: - id: mypy - repo: https://github.com/pypa/pip-audit @@ -155,7 +155,7 @@ repos: - --requirement - requirements.txt - repo: https://github.com/asottile/pyupgrade - rev: v3.17.0 + rev: v3.19.0 hooks: - id: pyupgrade @@ -199,7 +199,7 @@ repos: # Packer hooks - repo: https://github.com/cisagov/pre-commit-packer - rev: v0.1.0 + rev: v0.3.0 hooks: - id: packer_validate - id: packer_fmt From 1d285f2d851926effdbfbdcf58853ce70d1bf016 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Tue, 29 Oct 2024 16:36:27 -0400 Subject: [PATCH 07/11] Sort hook ids in each pre-commit hook entry Ensure that all hook ids are sorted alphabetically in each hook entry in our pre-commit configuration. --- .pre-commit-config.yaml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 3cb1f85..0fd3234 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -68,25 +68,25 @@ repos: - repo: https://github.com/TekWizely/pre-commit-golang rev: v1.0.0-rc.1 hooks: - # Style Checkers - - id: go-critic - # StaticCheck - - id: go-staticcheck-repo-mod # Go Build - id: go-build-repo-mod + # Style Checkers + - id: go-critic + # goimports + - id: go-imports-repo + args: + # Write changes to files + - -w # Go Mod Tidy - id: go-mod-tidy-repo + # GoSec + - id: go-sec-repo-mod + # StaticCheck + - id: go-staticcheck-repo-mod # Go Test - id: go-test-repo-mod # Go Vet - id: go-vet-repo-mod - # GoSec - - id: go-sec-repo-mod - # goimports - - id: go-imports-repo - args: - # Write changes to files - - -w # Nix hooks - repo: https://github.com/nix-community/nixpkgs-fmt rev: v1.3.0 @@ -201,5 +201,5 @@ repos: - repo: https://github.com/cisagov/pre-commit-packer rev: v0.1.0 hooks: - - id: packer_validate - id: packer_fmt + - id: packer_validate From 2b756e9d10bd5e8a04813709a14ae481ab73c449 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Wed, 30 Oct 2024 16:23:18 -0400 Subject: [PATCH 08/11] Uncomment new Dependabot ignore directive from upstream --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 84e1f42..532e648 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -16,7 +16,7 @@ updates: - dependency-name: crazy-max/ghaction-dump-context - dependency-name: crazy-max/ghaction-github-labeler - dependency-name: crazy-max/ghaction-github-status - # - dependency-name: GitHubSecurityLab/actions-permissions + - dependency-name: GitHubSecurityLab/actions-permissions - dependency-name: hashicorp/setup-terraform - dependency-name: mxschmitt/action-tmate - dependency-name: step-security/harden-runner From da5f9d165ee522ef216c2034ed69e378ae2c834a Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Thu, 31 Oct 2024 11:17:02 -0400 Subject: [PATCH 09/11] Remove needless shebangs --- bash/.bash_greeter | 1 - bash/.bash_logout | 1 - bash/.bash_profile | 2 -- bash/.bashrc | 2 -- bash/.bashrc.d/aliases | 2 -- bash/.bashrc.d/aws | 2 -- bash/.bashrc.d/cyhy | 2 -- bash/.bashrc.d/gpg | 2 -- bash/.bashrc.d/kerberos | 2 -- bash/.bashrc.d/pip | 2 -- bash/.bashrc.d/prompt | 2 -- bash/.bashrc.d/pyenv | 2 -- bash/.bashrc.d/rsync | 2 -- zsh/.p10k.zsh | 1 - zsh/.zshrc | 2 -- zsh/.zshrc.d/aliases | 2 -- zsh/.zshrc.d/aws | 2 -- zsh/.zshrc.d/cyhy | 2 -- zsh/.zshrc.d/gnu-sed | 2 -- zsh/.zshrc.d/gpg | 2 -- zsh/.zshrc.d/kerberos | 2 -- zsh/.zshrc.d/nvm | 2 -- zsh/.zshrc.d/pip | 2 -- zsh/.zshrc.d/prompt | 2 -- zsh/.zshrc.d/pyenv | 2 -- zsh/.zshrc.d/rsync | 2 -- 26 files changed, 49 deletions(-) diff --git a/bash/.bash_greeter b/bash/.bash_greeter index e08f1b7..b715d5e 100755 --- a/bash/.bash_greeter +++ b/bash/.bash_greeter @@ -1,4 +1,3 @@ -#!/bin/bash # shellcheck disable=SC2034 # Disabled SC2034 to allow colors not currently in use to remain diff --git a/bash/.bash_logout b/bash/.bash_logout index 2c92cf0..06f48a0 100644 --- a/bash/.bash_logout +++ b/bash/.bash_logout @@ -1,2 +1 @@ -#!/bin/bash echo END OF LINE diff --git a/bash/.bash_profile b/bash/.bash_profile index f72a58d..54926de 100644 --- a/bash/.bash_profile +++ b/bash/.bash_profile @@ -1,5 +1,3 @@ -#!/bin/bash - # Workaround to get macOS to use .bashrc if [[ "$OSTYPE" == "darwin"* ]] && [ -r "$HOME/.bashrc" ]; then # shellcheck source=/dev/null diff --git a/bash/.bashrc b/bash/.bashrc index f245148..d44a9c7 100644 --- a/bash/.bashrc +++ b/bash/.bashrc @@ -1,5 +1,3 @@ -#!/bin/bash - # If not running interactively, don't do anything [[ $- != *i* ]] && return diff --git a/bash/.bashrc.d/aliases b/bash/.bashrc.d/aliases index 84817a7..9cc1c05 100755 --- a/bash/.bashrc.d/aliases +++ b/bash/.bashrc.d/aliases @@ -1,5 +1,3 @@ -#!/bin/bash - # Make some possibly destructive commands more interactive. if [ ${UID} -eq 0 ]; then alias rm='rm -i' diff --git a/bash/.bashrc.d/aws b/bash/.bashrc.d/aws index 29c6a30..a1f53ad 100755 --- a/bash/.bashrc.d/aws +++ b/bash/.bashrc.d/aws @@ -1,3 +1 @@ -#!/bin/bash - export AWS_PROFILE="cool-user" diff --git a/bash/.bashrc.d/cyhy b/bash/.bashrc.d/cyhy index b07c982..a767a28 100755 --- a/bash/.bashrc.d/cyhy +++ b/bash/.bashrc.d/cyhy @@ -1,3 +1 @@ -#!/bin/bash - export CYHY_CONF_DIR=/private/etc/cyhy diff --git a/bash/.bashrc.d/gpg b/bash/.bashrc.d/gpg index 105a345..a02dda8 100755 --- a/bash/.bashrc.d/gpg +++ b/bash/.bashrc.d/gpg @@ -1,5 +1,3 @@ -#!/bin/bash - # From gpg-agent manpage GPG_TTY=$(tty) export GPG_TTY diff --git a/bash/.bashrc.d/kerberos b/bash/.bashrc.d/kerberos index eb5eed9..540537d 100644 --- a/bash/.bashrc.d/kerberos +++ b/bash/.bashrc.d/kerberos @@ -1,4 +1,2 @@ -#!/bin/bash - # Load MIT Kerberos (installed via brew) before the default export PATH="/usr/local/opt/krb5/bin:/usr/local/opt/krb5/sbin:$PATH" diff --git a/bash/.bashrc.d/pip b/bash/.bashrc.d/pip index d0f9199..07193d6 100755 --- a/bash/.bashrc.d/pip +++ b/bash/.bashrc.d/pip @@ -1,4 +1,2 @@ -#!/bin/bash - # pip cache export PIP_DOWNLOAD_CACHE=$HOME/Library/Caches/pip-downloads diff --git a/bash/.bashrc.d/prompt b/bash/.bashrc.d/prompt index 07b934f..8e22251 100755 --- a/bash/.bashrc.d/prompt +++ b/bash/.bashrc.d/prompt @@ -1,5 +1,3 @@ -#!/bin/bash - # Disable SC2034 to allow colors not currently in use to remain # shellcheck disable=SC2034 BLUE=$(tput setaf 4) diff --git a/bash/.bashrc.d/pyenv b/bash/.bashrc.d/pyenv index 58fdd64..2c1fba1 100755 --- a/bash/.bashrc.d/pyenv +++ b/bash/.bashrc.d/pyenv @@ -1,5 +1,3 @@ -#!/bin/bash - # Add pyenv to PATH export PATH="$PATH:$HOME/.pyenv/bin" diff --git a/bash/.bashrc.d/rsync b/bash/.bashrc.d/rsync index adc150d..c6ee3c0 100755 --- a/bash/.bashrc.d/rsync +++ b/bash/.bashrc.d/rsync @@ -1,3 +1 @@ -#!/bin/bash - export RSYNC_RSH=ssh diff --git a/zsh/.p10k.zsh b/zsh/.p10k.zsh index 287b25a..fd4e0f3 100644 --- a/zsh/.p10k.zsh +++ b/zsh/.p10k.zsh @@ -1,4 +1,3 @@ -#!/bin/zsh # Generated by Powerlevel10k configuration wizard on 2020-05-12 at 09:58 EDT. # Based on romkatv/powerlevel10k/config/p10k-lean.zsh, checksum 28636. # Wizard options: compatible, unicode, lean, 1 line, compact, fluent, transient_prompt, diff --git a/zsh/.zshrc b/zsh/.zshrc index acec42c..02850cf 100644 --- a/zsh/.zshrc +++ b/zsh/.zshrc @@ -1,5 +1,3 @@ -#!/bin/zsh - # Enable Powerlevel10k instant prompt. Should stay close to the top of ~/.zshrc. # Initialization code that may require console input (password prompts, [y/n] # confirmations, etc.) must go above this block; everything else may go below. diff --git a/zsh/.zshrc.d/aliases b/zsh/.zshrc.d/aliases index c054f4d..e79c064 100755 --- a/zsh/.zshrc.d/aliases +++ b/zsh/.zshrc.d/aliases @@ -1,5 +1,3 @@ -#!/bin/zsh - # Make some possibly destructive commands more interactive. if [ ${UID} -eq 0 ]; then alias rm='rm -i' diff --git a/zsh/.zshrc.d/aws b/zsh/.zshrc.d/aws index c1db081..a1f53ad 100755 --- a/zsh/.zshrc.d/aws +++ b/zsh/.zshrc.d/aws @@ -1,3 +1 @@ -#!/bin/zsh - export AWS_PROFILE="cool-user" diff --git a/zsh/.zshrc.d/cyhy b/zsh/.zshrc.d/cyhy index 735ca9d..63e37c4 100755 --- a/zsh/.zshrc.d/cyhy +++ b/zsh/.zshrc.d/cyhy @@ -1,5 +1,3 @@ -#!/bin/zsh - # Set up CyHy docker environment variables export CYHY_CONF_DIR=/private/etc/cyhy export CYHY_CORE_IMAGE=ncats/cyhy-core diff --git a/zsh/.zshrc.d/gnu-sed b/zsh/.zshrc.d/gnu-sed index 8fbfed6..7982a49 100644 --- a/zsh/.zshrc.d/gnu-sed +++ b/zsh/.zshrc.d/gnu-sed @@ -1,5 +1,3 @@ -#!/bin/zsh - # Make it so gnu-sed replaces the MacOS version of sed # If not installed, brew install gnu-sed first diff --git a/zsh/.zshrc.d/gpg b/zsh/.zshrc.d/gpg index c0c792c..a02dda8 100755 --- a/zsh/.zshrc.d/gpg +++ b/zsh/.zshrc.d/gpg @@ -1,5 +1,3 @@ -#!/bin/zsh - # From gpg-agent manpage GPG_TTY=$(tty) export GPG_TTY diff --git a/zsh/.zshrc.d/kerberos b/zsh/.zshrc.d/kerberos index cdb50eb..540537d 100644 --- a/zsh/.zshrc.d/kerberos +++ b/zsh/.zshrc.d/kerberos @@ -1,4 +1,2 @@ -#!/bin/zsh - # Load MIT Kerberos (installed via brew) before the default export PATH="/usr/local/opt/krb5/bin:/usr/local/opt/krb5/sbin:$PATH" diff --git a/zsh/.zshrc.d/nvm b/zsh/.zshrc.d/nvm index 91a1751..c7b54aa 100644 --- a/zsh/.zshrc.d/nvm +++ b/zsh/.zshrc.d/nvm @@ -1,5 +1,3 @@ -#!/bin/zsh - # Set up node/NVM export NVM_DIR="$HOME/.nvm" [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" diff --git a/zsh/.zshrc.d/pip b/zsh/.zshrc.d/pip index 8853493..905c517 100755 --- a/zsh/.zshrc.d/pip +++ b/zsh/.zshrc.d/pip @@ -1,5 +1,3 @@ -#!/bin/zsh - # Set pip cache export PIP_DOWNLOAD_CACHE=$HOME/Library/Caches/pip-downloads diff --git a/zsh/.zshrc.d/prompt b/zsh/.zshrc.d/prompt index b6e002e..f9c25ae 100755 --- a/zsh/.zshrc.d/prompt +++ b/zsh/.zshrc.d/prompt @@ -1,5 +1,3 @@ -#!/bin/zsh - BLUE=$(tput setaf 4) BRIGHT_GREEN=$(tput setaf 10) BRIGHT_RED=$(tput setaf 196) diff --git a/zsh/.zshrc.d/pyenv b/zsh/.zshrc.d/pyenv index 2ae698e..793e407 100755 --- a/zsh/.zshrc.d/pyenv +++ b/zsh/.zshrc.d/pyenv @@ -1,5 +1,3 @@ -#!/bin/zsh - # Add pyenv to PATH export PATH="$PATH:$HOME/.pyenv/bin" diff --git a/zsh/.zshrc.d/rsync b/zsh/.zshrc.d/rsync index 9fa0d75..c6ee3c0 100755 --- a/zsh/.zshrc.d/rsync +++ b/zsh/.zshrc.d/rsync @@ -1,3 +1 @@ -#!/bin/zsh - export RSYNC_RSH=ssh From 2375b3aa78c24aeddca09bd8aa4063f6153b8307 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Thu, 31 Oct 2024 11:27:29 -0400 Subject: [PATCH 10/11] Add shellcheck shell directives where necessary --- bash/.bash_profile | 2 ++ bash/.bashrc | 2 ++ 2 files changed, 4 insertions(+) diff --git a/bash/.bash_profile b/bash/.bash_profile index 54926de..d20f58f 100644 --- a/bash/.bash_profile +++ b/bash/.bash_profile @@ -1,3 +1,5 @@ +# shellcheck shell=bash + # Workaround to get macOS to use .bashrc if [[ "$OSTYPE" == "darwin"* ]] && [ -r "$HOME/.bashrc" ]; then # shellcheck source=/dev/null diff --git a/bash/.bashrc b/bash/.bashrc index d44a9c7..483d181 100644 --- a/bash/.bashrc +++ b/bash/.bashrc @@ -1,3 +1,5 @@ +# shellcheck shell=bash + # If not running interactively, don't do anything [[ $- != *i* ]] && return From 1b206f4a9b9e7a556ce7e258fd9557185f725b74 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Thu, 31 Oct 2024 11:34:50 -0400 Subject: [PATCH 11/11] Remove executable permissions --- bash/.bash_greeter | 0 bash/.bashrc.d/aliases | 0 bash/.bashrc.d/aws | 0 bash/.bashrc.d/cyhy | 0 bash/.bashrc.d/gpg | 0 bash/.bashrc.d/pip | 0 bash/.bashrc.d/prompt | 0 bash/.bashrc.d/pyenv | 0 bash/.bashrc.d/rsync | 0 zsh/.zshrc.d/aliases | 0 zsh/.zshrc.d/aws | 0 zsh/.zshrc.d/cyhy | 0 zsh/.zshrc.d/gpg | 0 zsh/.zshrc.d/pip | 0 zsh/.zshrc.d/prompt | 0 zsh/.zshrc.d/pyenv | 0 zsh/.zshrc.d/rsync | 0 17 files changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 bash/.bash_greeter mode change 100755 => 100644 bash/.bashrc.d/aliases mode change 100755 => 100644 bash/.bashrc.d/aws mode change 100755 => 100644 bash/.bashrc.d/cyhy mode change 100755 => 100644 bash/.bashrc.d/gpg mode change 100755 => 100644 bash/.bashrc.d/pip mode change 100755 => 100644 bash/.bashrc.d/prompt mode change 100755 => 100644 bash/.bashrc.d/pyenv mode change 100755 => 100644 bash/.bashrc.d/rsync mode change 100755 => 100644 zsh/.zshrc.d/aliases mode change 100755 => 100644 zsh/.zshrc.d/aws mode change 100755 => 100644 zsh/.zshrc.d/cyhy mode change 100755 => 100644 zsh/.zshrc.d/gpg mode change 100755 => 100644 zsh/.zshrc.d/pip mode change 100755 => 100644 zsh/.zshrc.d/prompt mode change 100755 => 100644 zsh/.zshrc.d/pyenv mode change 100755 => 100644 zsh/.zshrc.d/rsync diff --git a/bash/.bash_greeter b/bash/.bash_greeter old mode 100755 new mode 100644 diff --git a/bash/.bashrc.d/aliases b/bash/.bashrc.d/aliases old mode 100755 new mode 100644 diff --git a/bash/.bashrc.d/aws b/bash/.bashrc.d/aws old mode 100755 new mode 100644 diff --git a/bash/.bashrc.d/cyhy b/bash/.bashrc.d/cyhy old mode 100755 new mode 100644 diff --git a/bash/.bashrc.d/gpg b/bash/.bashrc.d/gpg old mode 100755 new mode 100644 diff --git a/bash/.bashrc.d/pip b/bash/.bashrc.d/pip old mode 100755 new mode 100644 diff --git a/bash/.bashrc.d/prompt b/bash/.bashrc.d/prompt old mode 100755 new mode 100644 diff --git a/bash/.bashrc.d/pyenv b/bash/.bashrc.d/pyenv old mode 100755 new mode 100644 diff --git a/bash/.bashrc.d/rsync b/bash/.bashrc.d/rsync old mode 100755 new mode 100644 diff --git a/zsh/.zshrc.d/aliases b/zsh/.zshrc.d/aliases old mode 100755 new mode 100644 diff --git a/zsh/.zshrc.d/aws b/zsh/.zshrc.d/aws old mode 100755 new mode 100644 diff --git a/zsh/.zshrc.d/cyhy b/zsh/.zshrc.d/cyhy old mode 100755 new mode 100644 diff --git a/zsh/.zshrc.d/gpg b/zsh/.zshrc.d/gpg old mode 100755 new mode 100644 diff --git a/zsh/.zshrc.d/pip b/zsh/.zshrc.d/pip old mode 100755 new mode 100644 diff --git a/zsh/.zshrc.d/prompt b/zsh/.zshrc.d/prompt old mode 100755 new mode 100644 diff --git a/zsh/.zshrc.d/pyenv b/zsh/.zshrc.d/pyenv old mode 100755 new mode 100644 diff --git a/zsh/.zshrc.d/rsync b/zsh/.zshrc.d/rsync old mode 100755 new mode 100644