@@ -34,35 +34,65 @@ if command -v gitleaks &> /dev/null; then
3434fi
3535
3636if [ " $SKIP_BINARY_INSTALL " != " true" ; then
37- echo -e " ${HIGHLIGHT} Downloading gitleaks v${GITLEAKS_VERSION} ...${NORMAL} "
37+ # Detect OS and architecture for correct binary
38+ OS=$( uname -s)
39+ ARCH=$( uname -m)
40+ case " $OS " in
41+ Linux)
42+ case " $ARCH " in
43+ x86_64) GITLEAKS_ARCH=" linux_x64"
44+ arm64|aarch64) GITLEAKS_ARCH=" linux_arm64"
45+ * ) echo -e " ${ERROR} ✗${NORMAL} Unsupported architecture: $ARCH " ; exit 1 ;;
46+ esac ;;
47+ Darwin)
48+ case " $ARCH " in
49+ x86_64) GITLEAKS_ARCH=" darwin_x64"
50+ arm64) GITLEAKS_ARCH=" darwin_arm64"
51+ * ) echo -e " ${ERROR} ✗${NORMAL} Unsupported architecture: $ARCH " ; exit 1 ;;
52+ esac ;;
53+ * )
54+ echo -e " ${ERROR} ✗${NORMAL} Unsupported OS: $OS " ; exit 1 ;;
55+ esac
56+ GITLEAKS_ARCHIVE=" gitleaks_${GITLEAKS_VERSION} _${GITLEAKS_ARCH} .tar.gz"
57+ echo -e " ${HIGHLIGHT} Downloading gitleaks v${GITLEAKS_VERSION} (${GITLEAKS_ARCH} )...${NORMAL} "
3858
3959 # Create temp directory
4060 TEMP_DIR=$( mktemp -d)
4161 cd " $TEMP_DIR "
4262
4363 # Download and extract
44- if curl -sSfL " https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION} /gitleaks_ ${GITLEAKS_VERSION} _linux_x64.tar.gz " ; then
64+ if curl -sSfL " https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION} /${GITLEAKS_ARCHIVE} " ; then
4565 echo -e " ${SUCCESS} ✓${NORMAL} Downloaded gitleaks"
4666 else
4767 echo -e " ${ERROR} ✗${NORMAL} Failed to download gitleaks"
4868 exit 1
4969 fi
5070
5171 tar -xzf gitleaks.tar.gz
52- chmod +x gitleaks
72+ # Handle both flat (./gitleaks) and nested (./subdir/gitleaks) tarball layout (Linux vs Darwin releases)
73+ if [ -f " ./gitleaks" ; then
74+ GITLEAKS_BIN=" ./gitleaks"
75+ else
76+ GITLEAKS_BIN=$( find . -name gitleaks -type f 2> /dev/null | head -1)
77+ fi
78+ if [ -z " $GITLEAKS_BIN " || [ ! -f " $GITLEAKS_BIN " ; then
79+ echo -e " ${ERROR} ✗${NORMAL} gitleaks binary not found in archive"
80+ exit 1
81+ fi
82+ chmod +x " $GITLEAKS_BIN "
5383
5484 # Test the binary
55- if ./gitleaks version > /dev/null 2>&1 ; then
56- DOWNLOADED_VERSION=$( ./gitleaks version)
85+ if " $GITLEAKS_BIN " > /dev/null 2>&1 ; then
86+ DOWNLOADED_VERSION=$( " $GITLEAKS_BIN " )
5787 echo -e " ${SUCCESS} ✓${NORMAL} Verified gitleaks binary: $DOWNLOADED_VERSION "
5888 else
5989 echo -e " ${ERROR} ✗${NORMAL} Downloaded binary is not working"
6090 exit 1
6191 fi
6292
63- # Install to /usr/local/bin (requires sudo)
93+ # Install to /usr/local/bin (requires sudo); ensure directory exists (e.g. on fresh macOS)
6494 echo -e " ${HIGHLIGHT} Installing to /usr/local/bin/ (requires sudo)...${NORMAL} "
65- if sudo mv gitleaks /usr/local/bin/gitleaks; then
95+ if sudo mkdir -p /usr/local/bin && sudo mv " $GITLEAKS_BIN " ; then
6696 echo -e " ${SUCCESS} ✓${NORMAL} Installed gitleaks to /usr/local/bin/gitleaks"
6797
6898 # Verify installation
@@ -107,6 +137,9 @@ cat > "$TEMPLATE_DIR/hooks/pre-commit" << 'EOF'
107137# Prevents committing secrets to git repository
108138# Automatically detects and adapts to Husky or native Git hooks
109139
140+ # Ensure gitleaks is on PATH (Linux: /usr/local/bin, macOS: /usr/local/bin or Homebrew /opt/homebrew/bin)
141+ export PATH="/usr/local/bin:/opt/homebrew/bin:$PATH"
142+
110143# Colors
111144RED='\033[0;31m'
112145GREEN='\033[0;32m'
@@ -174,6 +207,9 @@ cat > "$TEMPLATE_DIR/hooks/commit-msg" << 'EOF'
174207# Gitleaks commit-msg hook (Smart Auto-Detecting)
175208# This is a secondary check in case pre-commit was bypassed
176209
210+ # Ensure gitleaks is on PATH (Linux: /usr/local/bin, macOS: /usr/local/bin or Homebrew /opt/homebrew/bin)
211+ export PATH="/usr/local/bin:/opt/homebrew/bin:$PATH"
212+
177213# Skip if gitleaks not installed
178214if ! command -v gitleaks &> /dev/null; then
179215 exit 0
0 commit comments