Closed aRustyDev closed 2 months ago
Ok so I'm still not clear on the "Why" here, but I do have a fix/workaround
It seems that NixOS stores the op bin in a weird way that changes the permissions on it? (still not entirely clear on this part)
But my solution ended up being to do the following in my .pre-commit-config.yaml
- repo: https://github.com/gitguardian/ggshield
rev: v1.29.0
hooks:
- id: ggshield
language_version: python3
stages: [commit]
entry: bash -c 'op run --env-file="./op.env" -- ggshield secret scan pre-commit'
It might also have been that when pre-commit runs it tries to start a shell from python, so that might have funked up the permissions? Either way, spinning up the new shell fixed my errors.
Describe the bug
Trying to run
git commit ...
w/ a.pre-commit-config.yaml
that has anentry
field containingop run -- <binary>
is resulting in a PermissionsError, even though this will work fine from my macOS.Not sure which package is to blame for it? From what I can gather it seems it may simply be a file permissions issue? But its not clear what the fix would be, since it seems 1PW intentionally restricts the
onepassword-cli
group membership. I tried viewing it, but it doesn't show w/groups
orsudo groups
, but trying to add it yields a "group already exists" error. So not clear how I could allow pre-commit to access it, and just runningop read "op://<VAULT>/<ITEM>/<ITEM_FIELD>"
works just fine, so I have 1PW configured correctly.I'm still really new to NixOS too, so I'm probably just forgetting/missing some very simple step. But I couldn't find any good resources covering this combo of pkgs, and
pre-commit
doesn't support any NixOS issues.Steps To Reproduce
Steps to reproduce the behavior:
pre-commit install --install-hooks
(to create the git hooks)git add .
(w/ a change)git commit -m "testing permissionsError"
(Also have commit signing enabled)output
Expected behavior
Pre-Commit should be able to run the
op
binary w/o error, and any hooks fail/succeed based on they're internalsScreenshots
If applicable, add screenshots to help explain your problem.
Additional context
/path/to/repo/.pre-commit-config.yaml
/path/to/repo/op.env
/etc/nixos/configuration.nix
(only packages & program settings)OUTPUT
ls -al /run/wrappers/bin/op
~/.cache/pre-commit/pre-commit.log
version information
error information
Notify maintainers
@borisbabic @joelburget
Metadata
Add a :+1: reaction to issues you find important.