Skip to content

✨ Add curl | sh self-installer and clean up documentation #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
jsamuel1 wants to merge 2 commits into
base: main
Choose a base branch
from
Open

✨ Add curl | sh self-installer and clean up documentation #4

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
26a740c
✨ Add curl | sh installer and remove MIGRATION.md
kiro-agent Dec 2, 2025
a5265cd
Merge remote-tracking branch 'origin/main' into clone-setup-20251130-…
kiro-agent Dec 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
176 changes: 0 additions & 176 deletions MIGRATION.md
View file
Open in desktop

This file was deleted.

33 changes: 29 additions & 4 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,28 @@ A Git plugin that generates descriptive commit messages using kiro-cli AI assist

## Installation

### Quick Install (Recommended)

Run the following command to automatically install git-qcommit:

```bash
curl -fsSL https://raw.githubusercontent.com/jsamuel1/git-qcommit/main/install.sh | sh
```

This will:
- Download the git-qcommit script
- Install it to `~/.local/bin/`
- Make it executable
- Check if `~/.local/bin` is in your PATH

If `~/.local/bin` is not in your PATH, add this line to your shell configuration file (`~/.bashrc`, `~/.zshrc`, or similar):

```bash
export PATH="$HOME/.local/bin:$PATH"
```

### Manual Installation

1. Clone or download this repository
2. Make the script executable:
```bash
Expand All @@ -26,10 +48,13 @@ A Git plugin that generates descriptive commit messages using kiro-cli AI assist
```bash
sudo cp git-qcommit /usr/local/bin/
```
4. Copy the commit prompts file to your home directory:
```bash
cp commitprompts ~/.commitprompts
```

### Optional: Install Commit Prompts

Optionally, copy the commit prompts file to your home directory to enable various prompt styles:
```bash
curl -fsSL https://raw.githubusercontent.com/jsamuel1/git-qcommit/main/commitprompts -o ~/.commitprompts
```

## Usage

Expand Down
69 changes: 69 additions & 0 deletions install.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
#!/bin/bash
#
# git-qcommit installer
# Usage: curl https://raw.githubusercontent.com/jsamuel1/git-qcommit/main/install.sh | sh
#

set -e

# Configuration
INSTALL_DIR="$HOME/.local/bin"
SCRIPT_NAME="git-qcommit"
REPO_OWNER="jsamuel1"
REPO_NAME="git-qcommit"
Copy link

@amazon-q-developer amazon-q-developer bot Dec 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The hardcoded branch reference "main" could cause issues if the repository's default branch changes or if users want to install from a specific version. Consider making the branch configurable via environment variable or use a more stable reference like a release tag.

Suggested change
REPO_NAME="git-qcommit"
REPO_BRANCH="${GIT_QCOMMIT_BRANCH:-main}"

REPO_BRANCH="main"
SCRIPT_URL="https://raw.githubusercontent.com/${REPO_OWNER}/${REPO_NAME}/${REPO_BRANCH}/${SCRIPT_NAME}"

echo "====================================="
echo " git-qcommit Installer"
echo "====================================="
echo ""

Comment on lines +18 to +21
Copy link

@amazon-q-developer amazon-q-developer bot Dec 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The mkdir -p command could fail due to permission issues or filesystem problems, but the script continues execution without verifying the directory was actually created. Add error checking to ensure the installation directory exists before proceeding.

Suggested change
echo " git-qcommit Installer"
echo "====================================="
echo ""
# Create installation directory if it doesn't exist
if [ ! -d "$INSTALL_DIR" ]; then
echo "Creating directory: $INSTALL_DIR"
if ! mkdir -p "$INSTALL_DIR"; then
echo "Error: Failed to create directory $INSTALL_DIR"
echo "Please check permissions and try again."
exit 1
fi
fi

# Create installation directory if it doesn't exist
if [ ! -d "$INSTALL_DIR" ]; then
echo "Creating directory: $INSTALL_DIR"
mkdir -p "$INSTALL_DIR"
fi

# Download the script
echo "Downloading git-qcommit from $SCRIPT_URL"
if command -v curl >/dev/null 2>&1; then
curl -fsSL "$SCRIPT_URL" -o "$INSTALL_DIR/$SCRIPT_NAME"
Comment on lines +25 to +31
Copy link

@amazon-q-developer amazon-q-developer bot Dec 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛑 Security Vulnerability: The installer downloads and executes code from a hardcoded GitHub URL without any integrity verification. This creates a significant security risk as the script could be compromised or intercepted during download1. Add checksum verification or use signed releases to ensure the downloaded script hasn't been tampered with.

Suggested change
mkdir -p "$INSTALL_DIR"
fi
# Download the script
echo "Downloading git-qcommit from $SCRIPT_URL"
if command -v curl >/dev/null 2>&1; then
curl -fsSL "$SCRIPT_URL" -o "$INSTALL_DIR/$SCRIPT_NAME"
# Download the script with integrity verification
echo "Downloading git-qcommit from $SCRIPT_URL"
if command -v curl >/dev/null 2>&1; then
curl -fsSL "$SCRIPT_URL" -o "$INSTALL_DIR/$SCRIPT_NAME"
# TODO: Add checksum verification here
# Expected checksum should be provided via a separate endpoint or release
elif command -v wget >/dev/null 2>&1; then
wget -qO "$INSTALL_DIR/$SCRIPT_NAME" "$SCRIPT_URL"
# TODO: Add checksum verification here
else
echo "Error: Neither curl nor wget found. Please install one of them and try again."
exit 1
fi

Footnotes

  1. CWE-494: Download of Code Without Integrity Check - https://cwe.mitre.org/data/definitions/494.html

Comment on lines +25 to +31
Copy link

@amazon-q-developer amazon-q-developer bot Dec 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The curl and wget commands use flags that suppress error output (-s in curl, -q in wget), which could hide important error messages from users. If the download fails, users won't see helpful error information. Consider using more verbose error reporting.

Suggested change
mkdir -p "$INSTALL_DIR"
fi
# Download the script
echo "Downloading git-qcommit from $SCRIPT_URL"
if command -v curl >/dev/null 2>&1; then
curl -fsSL "$SCRIPT_URL" -o "$INSTALL_DIR/$SCRIPT_NAME"
echo "Downloading git-qcommit from $SCRIPT_URL"
if command -v curl >/dev/null 2>&1; then
if ! curl -fL "$SCRIPT_URL" -o "$INSTALL_DIR/$SCRIPT_NAME"; then
echo "Error: Failed to download script from $SCRIPT_URL"
exit 1
fi
elif command -v wget >/dev/null 2>&1; then
if ! wget -O "$INSTALL_DIR/$SCRIPT_NAME" "$SCRIPT_URL"; then
echo "Error: Failed to download script from $SCRIPT_URL"
exit 1
fi
else
echo "Error: Neither curl nor wget found. Please install one of them and try again."
exit 1
fi

elif command -v wget >/dev/null 2>&1; then
wget -qO "$INSTALL_DIR/$SCRIPT_NAME" "$SCRIPT_URL"
else
echo "Error: Neither curl nor wget found. Please install one of them and try again."
Comment on lines +34 to +35
Copy link

@amazon-q-developer amazon-q-developer bot Dec 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The script doesn't verify that the download was successful before attempting to make the file executable. If the download fails silently, chmod +x will be applied to a non-existent or empty file. Add verification that the downloaded file exists and has content.

Suggested change
else
echo "Error: Neither curl nor wget found. Please install one of them and try again."
# Verify the download was successful
if [ ! -f "$INSTALL_DIR/$SCRIPT_NAME" ] || [ ! -s "$INSTALL_DIR/$SCRIPT_NAME" ]; then
echo "Error: Download failed or file is empty"
exit 1
fi
# Make the script executable
echo "Making script executable"
chmod +x "$INSTALL_DIR/$SCRIPT_NAME"

exit 1
fi

# Make the script executable
echo "Making script executable"
chmod +x "$INSTALL_DIR/$SCRIPT_NAME"

echo ""
echo "====================================="
echo " Installation Complete!"
echo "====================================="
echo ""
echo "git-qcommit has been installed to: $INSTALL_DIR/$SCRIPT_NAME"
echo ""

# Check if ~/.local/bin is in PATH
if [[ ":$PATH:" != *":$INSTALL_DIR:"* ]]; then
echo "⚠️ WARNING: $INSTALL_DIR is not in your PATH"
echo ""
echo "To use git-qcommit, add the following line to your shell configuration file"
echo "(~/.bashrc, ~/.zshrc, ~/.profile, or similar):"
echo ""
echo " export PATH=\"\$HOME/.local/bin:\$PATH\""
echo ""
echo "Then reload your shell configuration or restart your terminal."
else
echo "✓ $INSTALL_DIR is in your PATH"
echo ""
echo "You can now use git-qcommit by running:"
echo " git qcommit"
fi

echo ""
echo "For more information, visit: https://github.com/${REPO_OWNER}/${REPO_NAME}"