jfraeysd/fetch_ml
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
fetch_ml/scripts/release/sanitize.sh
Jeremie Fraeys 8b75f71a6a
refactor: reorganize scripts into categorized structure 
Consolidate 26+ scattered scripts into maintainable hierarchy:

New Structure:
- ci/          CI/CD validation (checks.sh, test.sh, verify-paths.sh)
- dev/         Development workflow (smoke-test.sh, manage-artifacts.sh)
- release/     Release preparation (cleanup.sh, prepare.sh, sanitize.sh, verify.sh, verify-checksums.sh)
- testing/     Test infrastructure (unchanged)
- benchmarks/  Performance tools (track-performance.sh)
- maintenance/ System cleanup (unchanged)
- lib/         Shared functions (unchanged)

Key Changes:
- Unified 6 cleanup-*.sh scripts into release/cleanup.sh with targets
- Merged smoke-test-native.sh into dev/smoke-test.sh --native flag
- Renamed scripts to follow lowercase-hyphen convention
- Moved root-level scripts to appropriate categories
- Updated all Makefile references
- Updated scripts/README.md with new structure

Script count: 26 → 17 (35% reduction)

Breaking Changes:
- Old paths no longer exist, update any direct script calls
- Use make targets (e.g., make ci-checks) for stability
2026-02-18 17:56:59 -05:00

24 lines
1 KiB
Bash
Executable file
Raw Blame History

#!/bin/bash
set -euo pipefail
echo "=== Config File Sanitization ==="
# Remove any accidentally committed passwords/keys (check only, don't auto-fix)
echo "Checking for potential passwords in configs..."
if grep -r "password:.*[^*]" configs/ --include="*.yaml" --include="*.yml" 2>/dev/null | grep -v "example\|dummy\|changeme\|your_\|\[REDACTED\]"; then
echo "WARNING: Potential passwords found in configs (review above)"
fi
# Ensure all non-example configs have secure permissions
find configs/ -type f \( -name "*.yaml" -o -name "*.yml" -o -name "*.toml" \) ! -name "*example*" ! -name "*schema*" -exec chmod 600 {} \; 2>/dev/null || true
# Remove temp config files
rm -f configs/.tmp.* 2>/dev/null || true
rm -f configs/api/.local.* 2>/dev/null || true
# Validate no real credentials in examples
if grep -rE "(sk-[a-zA-Z0-9]{20,}|password: [^\"'*]+[^*])" configs/examples/ 2>/dev/null | grep -v "example\|dummy\|changeme\|your_"; then
echo "WARNING: Potential real credentials found in example configs!"
fi
echo "✓ Config sanitization complete"
Reference in a new issue View git blame Copy permalink