{CI} Fix file name space when iterating git diffs for secret scan task (#30434)

evelyn-ys · web-flow · commit 8c341081dbb7 · 2024-12-02T16:08:34.000+08:00
* fix file name space when iterating git diffs

* fix

* revert double quote
diff --git a/.githooks/pre-commit.sh b/.githooks/pre-commit.sh
@@ -20,6 +20,9 @@ else
     against=$(git hash-object -t tree /dev/null)
 fi
 has_secrets=0
+
+IFS_OLD=${IFS}
+IFS=$'\n'
 for FILE in `git diff --cached --name-only --diff-filter=AM $against` ; do
     # Check if the file contains secrets
     detected=$(azdev scan -f "$FILE" | python -c "import sys, json; print(json.load(sys.stdin)['secrets_detected'])")
@@ -28,6 +31,7 @@ for FILE in `git diff --cached --name-only --diff-filter=AM $against` ; do
       has_secrets=1
     fi
 done
+IFS=${IFS_OLD}
 
 if [ $has_secrets -eq 1 ]; then
     printf "\033[0;31mSecret detected. If you want to skip that, run add '--no-verify' in the end of 'git commit' command.\033[0m\n"
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
@@ -1137,13 +1137,17 @@ jobs:
         . env/bin/activate
         git fetch origin --depth=1 $(System.PullRequest.TargetBranch)
         declare -A secret_files
+        IFS_OLD=${IFS}
+        IFS=$'\n'
         for FILE in `git diff --name-only --diff-filter=AM origin/$(System.PullRequest.TargetBranch)` ; do
+          echo $FILE
           detected=$(azdev scan -f "$FILE" | python -c "import sys, json; print(json.load(sys.stdin)['secrets_detected'])")
           if [ $detected == 'True' ]; then
             printf "\033[0;31mDetected secrets from %s, You can run 'azdev mask' to remove secrets.\033[0m\n" "$FILE"
             secret_files+=$FILE
           fi
         done
+        IFS=${IFS_OLD}
         if [ "${#secret_files[@]}" -gt 0 ]; then
           exit 1
         fi
