55# Based on git-secrets update-all-repos.sh
66
77# Usage examples:
8- # ./update-all-repos.sh # Updates all repos in current directory (recursively)
8+ # ./update-all-repos.sh # Smart mode: scans current dir + common locations
9+ # ./update-all-repos.sh --all # Scans home + system dirs (auto-sudo if needed)
910# ./update-all-repos.sh ~/Projects # Updates all repos in ~/Projects (recursively)
1011# ./update-all-repos.sh ~/Sites ~/Projects # Updates repos in multiple directories
1112# sudo ./update-all-repos.sh /var # Updates repos in system directories (requires root)
@@ -24,6 +25,7 @@ NORMAL='\e[00m'
2425
2526# Configuration
2627MAX_DEPTH=" ${MAX_DEPTH:- } " # Default: unlimited depth
28+ DRY_RUN=" ${DRY_RUN:- false} " # Set to true to only show what would be updated
2729
2830# Temporary files for tracking stats across subshells
2931STATS_DIR=$( mktemp -d)
@@ -270,7 +272,14 @@ function process_repo {
270272 }
271273
272274 increment_stat " found"
273- printf " %b\n" " ${HIGHLIGHT} Installing gitleaks hooks in $( pwd) ${NORMAL} "
275+ printf " %b\n" " ${HIGHLIGHT} Found git repository: $( pwd) ${NORMAL} "
276+
277+ # Dry run mode - just show what would be updated
278+ if [ " $DRY_RUN " = " true" ; then
279+ echo -e " ${HIGHLIGHT} →${NORMAL} [DRY RUN] Would install hooks here"
280+ increment_stat " updated"
281+ return 0
282+ fi
274283
275284 # Check if .git directory is writable
276285 if [ ! -w " .git" ; then
@@ -429,7 +438,16 @@ function update_directory {
429438 done < <( find " $target_dir "
430439 ${MAX_DEPTH: +-maxdepth $MAX_DEPTH } \
431440 -type d \
432- \( -name " node_modules" " .npm" " .cache" " __pycache__" " .venv" " venv" " .local" " .cargo" " .rustup" " .m2" " .gradle" " target" " build" " dist" " vendor" " .bundle" \) -prune -o \
441+ \( \
442+ -name " node_modules" " .npm" " .cache" " __pycache__"
443+ -o -name " .venv" " venv" " .local" " .cargo"
444+ -o -name " .rustup" " .m2" " .gradle" " target"
445+ -o -name " build" " dist" " vendor" " .bundle"
446+ -o -path " */var/lib/*" " */var/cache/*" " */var/log/*"
447+ -o -path " */var/run/*" " */var/lock/*" " */var/spool/*"
448+ -o -path " */var/mail/*" " */var/backups/*" " */var/crash/*"
449+ -o -path " */var/snap/*" " */var/metrics/*"
450+ \) -prune -o \
433451 -type d -name " .git" 2> /dev/null)
434452}
435453
@@ -438,21 +456,92 @@ echo -e "${HIGHLIGHT}========================================${NORMAL}"
438456echo -e " ${HIGHLIGHT} Gitleaks Hook Installer${NORMAL} "
439457echo -e " ${HIGHLIGHT} ========================================${NORMAL} \n"
440458
459+ # Check for --all flag (treat it same as passing home directory)
460+ if [ " $1 " = " --all" ; then
461+ # Replace --all with home directory
462+ if [ " $EUID " -eq 0 ] && [ -n " $SUDO_USER " ; then
463+ # Running as root, use SUDO_USER's home
464+ set -- " $( eval echo ~ $SUDO_USER ) "
465+ else
466+ set -- " $HOME "
467+ fi
468+ fi
469+
441470if [ " $EUID " -eq 0 ]; then
442471 echo -e " ${WARNING} ⚠${NORMAL} Running as root (sudo)"
443472 echo -e " ${HIGHLIGHT} →${NORMAL} Will be able to update system-owned repositories"
444473 echo " "
445474fi
446475
447476if [ " $# " -eq 0 ]; then
477+ # No arguments provided - use smart defaults
478+ echo -e " ${HIGHLIGHT} No directory specified - using smart detection${NORMAL} \n"
479+
480+ # Always scan current directory first
448481 update_directory " $PWD "
482+ echo " "
483+
484+ # Auto-scan system directories
485+ AUTO_SCAN_SYSTEM=true
449486else
487+ # Check if user provided home directory or similar
488+ AUTO_SCAN_SYSTEM=false
489+ for arg in " $@ " ; do
490+ # Expand ~ to actual home path
491+ expanded_arg=$( eval echo " $arg " )
492+
493+ # If user specified home directory, also scan system dirs
494+ if [ " $expanded_arg " = " $HOME " || [ " $expanded_arg " = " ~" ; then
495+ AUTO_SCAN_SYSTEM=true
496+ fi
497+ done
498+
499+ # Process specified directories first
450500 for dir in " $@ " ; do
451501 update_directory " $dir "
452502 echo " "
453503 done
454504fi
455505
506+ # Auto-scan system directories if enabled
507+ if [ " $AUTO_SCAN_SYSTEM " = true ]; then
508+ echo -e " ${HIGHLIGHT} Auto-detecting system project directories...${NORMAL} "
509+
510+ # Check if common project directories exist and scan them
511+ SYSTEM_DIRS=(" /var" " /opt" " /srv"
512+
513+ DIRS_TO_SCAN=()
514+ for dir in " ${SYSTEM_DIRS[@]} " ; do
515+ if [ -d " $dir " && [ -r " $dir " ; then
516+ DIRS_TO_SCAN+=(" $dir "
517+ fi
518+ done
519+
520+ if [ ${# DIRS_TO_SCAN[@]} -eq 0 ]; then
521+ echo -e " ${HIGHLIGHT} →${NORMAL} No system directories found"
522+ echo " "
523+ else
524+ echo -e " ${HIGHLIGHT} →${NORMAL} Found system directories: ${DIRS_TO_SCAN[*]} "
525+ echo " "
526+
527+ for dir in " ${DIRS_TO_SCAN[@]} " ; do
528+ echo -e " ${HIGHLIGHT} Scanning $dir for repositories...${NORMAL} "
529+
530+ # Check if we're already root
531+ if [ " $EUID " -eq 0 ]; then
532+ update_directory " $dir "
533+ else
534+ # Not root, need to run this part with sudo
535+ echo -e " ${WARNING} ⚠${NORMAL} System directory requires root privileges"
536+ echo -e " ${HIGHLIGHT} →${NORMAL} Running with sudo for $dir ..."
537+ echo -e " ${HIGHLIGHT} →${NORMAL} You may be prompted for your password..."
538+ sudo -E bash " $0 " " $dir "
539+ fi
540+ echo " "
541+ done
542+ fi
543+ fi
544+
456545# Get final statistics
457546REPOS_FOUND=$( get_stat " found" )
458547REPOS_UPDATED=$( get_stat " updated" )
@@ -485,6 +574,11 @@ if [ "$REPOS_FAILED" -gt 0 ] || [ "$REPOS_SKIPPED" -gt 0 ]; then
485574 echo " "
486575fi
487576
577+ echo -e " ${HIGHLIGHT} Next time, you can use:${NORMAL} "
578+ echo " • ${HIGHLIGHT} ./update-all-repos.sh --all${NORMAL} (scans home + /var/systango, auto-handles sudo)"
579+ echo " • ${HIGHLIGHT} ./update-all-repos.sh ~/Projects${NORMAL} (specific directory)"
580+ echo " • ${HIGHLIGHT} MAX_DEPTH=3 ./update-all-repos.sh ~${NORMAL} (limit depth for faster scan)"
581+ echo " "
488582echo -e " ${HIGHLIGHT} Test the hooks:${NORMAL} "
489583echo " cd /path/to/any/repo"
490584echo " echo 'const key = \" abc\" ' > test.js"
0 commit comments