It should warn if user creates plaintext '.yml' secret file #25
Description
Hey!
I have currently configured this into my repo using devenv:
pre-commit.hooks.pre-commit-hook-ensure-sops = {
enable = true;
# FIXME: doesn't support env file
files = "secret.*\\.(yaml|yml|json)$";
};When I try to accidentally add .yml secret file it will give me a weird error about json encoding:
$ echo 'password: "battery horse staple"' > secrets/test.yml
$ git add secrets
$ git commit -m "Test git hooks"
...
pre-commit-hook-ensure-sops..............................................Failed
- hook id: pre-commit-hook-ensure-sops
- exit code: 1
Traceback (most recent call last):
File "/nix/store/h7vngkj2m8aik2kq7prgn8vgb7ika8pb-pre-commit-hook-ensure-sops-1.1/bin/.pre-commit-hook-ensure-sops-wrapped", line 9, in <module>
sys.exit(main())
^^^^^^
File "/nix/store/h7vngkj2m8aik2kq7prgn8vgb7ika8pb-pre-commit-hook-ensure-sops-1.1/lib/python3.12/site-packages/pre_commit_hook_ensure_sops/__main__.py", line 85, in main
is_valid, message = check_file(f)
^^^^^^^^^^^^^
File "/nix/store/h7vngkj2m8aik2kq7prgn8vgb7ika8pb-pre-commit-hook-ensure-sops-1.1/lib/python3.12/site-packages/pre_commit_hook_ensure_sops/__main__.py", line 53, in check_file
doc = loader_func(f)
^^^^^^^^^^^^^^
File "/nix/store/7c494qcmh62av43zsxr3wvzh8hcpy1vl-python3-3.12.7/lib/python3.12/json/__init__.py", line 293, in load
return loads(fp.read(),
^^^^^^^^^^^^^^^^
File "/nix/store/7c494qcmh62av43zsxr3wvzh8hcpy1vl-python3-3.12.7/lib/python3.12/json/__init__.py", line 346, in loads
return _default_decoder.decode(s)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/nix/store/7c494qcmh62av43zsxr3wvzh8hcpy1vl-python3-3.12.7/lib/python3.12/json/decoder.py", line 337, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/nix/store/7c494qcmh62av43zsxr3wvzh8hcpy1vl-python3-3.12.7/lib/python3.12/json/decoder.py", line 355, in raw_decode
raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
I understand that .yml extensions are not recommended by sops but I seem to have involuntary habit of doing this and wish that I will not expose any secrets because of this.