Test for release script dependency

Creating a release draft, so that I can manually add release notes.

.talismanrc

@@ -1,3 +1,3 @@
 fileignoreconfig:
-- filename: README.md
-  checksum: c3f98d2e445a0fdfe9348f79c794aa4269edfea7f2c834d0b64f7bd88f9bd105
+  - filename: README.md
+    checksum: 6645dc4ac99294dd313e0c696499112aa0efc455627d7b9982e791559d727ada

Dockerfile

@@ -1,8 +1,12 @@
 FROM ubuntu:20.04
 
-RUN apt update && apt install -y git
+ENV DEBIAN_FRONTEND=noninteractive
 
-ADD ["https://github.com/thoughtworks/talisman/releases/download/v1.26.0/talisman_linux_amd64", "/talisman"]
+RUN apt update && apt install software-properties-common -y \
+  && add-apt-repository ppa:git-core/ppa -y \
+  && apt install -y git
+
+ADD ["https://github.com/thoughtworks/talisman/releases/download/v1.30.0/talisman_linux_amd64", "/talisman"]
 RUN chmod +x /talisman
 
 COPY entrypoint.sh /entrypoint.sh

README.md

@@ -7,7 +7,7 @@ This action uses [Talisman](https://thoughtworks.github.io/talisman/) to scan th
 ```yml
 steps:
   - name: Detect secrets with Talisman in incoming commits
-    uses: carhartl/talisman-secrets-scan-action@v1.2.0
+    uses: carhartl/talisman-secrets-scan-action@v1.4.0
 ```
 
 ## Caveat

entrypoint.sh

@@ -2,4 +2,5 @@
 
 set -e
 
+sh -c "git config --global --add safe.directory $PWD"
 sh -c "echo $* | /talisman --githook pre-push"

lefthook.yml

@@ -0,0 +1,8 @@
+pre-commit:
+  parallel: true
+  commands:
+    shellcheck:
+      glob: "*.sh"
+      run: shellcheck {staged_files}
+    prettier:
+      run: prettier --check .

run.sh

@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -eu
+
+_user() {
+  printf "\033[0;33m%s\033[0m" "$1"
+}
+
+_fail() {
+  printf "\033[0;31m==> %s\033[0m\n\n" "$1"
+}
+
+prep_release() {
+  if ! git diff-index --quiet HEAD --; then
+    _fail "Repo must not be dirty"
+    exit 1
+  fi
+
+  grep -rlZE 'v\d+\.\d+\.\d+' --exclude=Dockerfile --exclude-dir=.git . | xargs sed -i '' 's/v[0-9]\{1,\}\.[0-9]\{1,\}\.[0-9]\{1,\}/'"$1"'/g'
+
+  _user "Prepare release draft on GitHub? "
+  read -r answer
+  if [ "$answer" = "y" ]; then
+    if ! command -v gh > /dev/null 2>&1; then
+      _fail "Script requires GitHub CLI: \`brew install gh\`"
+      exit 1
+    fi
+    git add --update
+    git commit -S -m "Prepare for $1 release"
+    git push origin main
+    git tag -s "$1" -m "Release $1"
+    git push --tags
+    gh release create --draft --latest --title "$1" --verify-tag
+    gh release view "$1" --web
+  fi
+}
+
+_help() {
+  echo "Usage: ./run.sh [command]"
+  echo ""
+  echo "Available commands:"
+  echo "prep-release <version>                Prepare new release draft"
+}
+
+cmd="${1:-}"
+case "$cmd" in
+  "prep-release")
+    shift
+    prep_release "$@"
+    ;;
+  *) _help ;;
+esac