| |
| import argparse |
| import re |
| from pathlib import Path |
|
|
|
|
| FORBIDDEN = [ |
| ("/picassox", re.compile(r"/picassox")), |
| ("intelligent-cpfs", re.compile(r"intelligent-cpfs")), |
| ("intern_beauty", re.compile(r"intern_beauty")), |
| ("10.70.2.17", re.compile(r"10\.70\.2\.17")), |
| ("/Users/whynotmeitu", re.compile(r"/Users/whynotmeitu")), |
| ("/opt/tiger", re.compile(r"/opt/tiger")), |
| ("PointVIS", re.compile(r"PointVIS")), |
| ("hf token", re.compile(r"hf_[A-Za-z0-9]{20,}")), |
| ("path_to_", re.compile(r"path_to_")), |
| ("your-repo", re.compile(r"your-repo")), |
| ("PATH_TO_", re.compile(r"PATH_TO_")), |
| ("v137", re.compile(r"v137")), |
| ] |
|
|
| SKIP_FILES = { |
| Path("scripts/check_release.py"), |
| Path(".gitignore"), |
| } |
|
|
|
|
| def main(): |
| parser = argparse.ArgumentParser(description="Check release tree for private paths and secrets.") |
| parser.add_argument("root", nargs="?", default=".") |
| args = parser.parse_args() |
|
|
| root = Path(args.root).resolve() |
| bad = [] |
| for path in root.rglob("*"): |
| if not path.is_file(): |
| continue |
| if any(part in {".git", "__pycache__", ".cache"} for part in path.parts): |
| continue |
| rel_path = path.relative_to(root) |
| if rel_path in SKIP_FILES: |
| continue |
| if path.suffix.lower() in {".png", ".jpg", ".jpeg", ".bin", ".pt", ".pth", ".model"}: |
| continue |
| text = path.read_text(encoding="utf-8", errors="ignore") |
| for i, line in enumerate(text.splitlines(), 1): |
| for label, pattern in FORBIDDEN: |
| if pattern.search(line): |
| bad.append(f"{rel_path}:{i}: [{label}] {line[:180]}") |
| break |
|
|
| if bad: |
| print("Release check failed:") |
| print("\n".join(bad)) |
| raise SystemExit(1) |
| print(f"Release check passed: {root}") |
|
|
|
|
| if __name__ == "__main__": |
| main() |
|
|
