-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpre-push
executable file
·118 lines (96 loc) · 3.28 KB
/
pre-push
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
#!/bin/bash
# This script is used by the pre-push hook to check the pushed
# commits and branches to block the push if needed.
if [[ ${BASH_SOURCE[0]} -ef "$0" ]]; then
# source config and common file
source "${0%/*}/components/config"
source "${0%/*}/components/common"
else
# source from unit test
source "./components/config"
source "./components/common"
fi
# prevent_wip is a function to prevent the push of WIP commits
prevent_wip() {
# check if this flag is enabled
if [[ $WIP_PREVENT_PUSH -eq $FALSE ]]; then
warning "Pushing WIP commits are allowed !"
return $SUCCESS
fi
local IFS=$'\n'
local _commit
local _as_wip=$FALSE
# Check if the commit message has the WIP tag
for _commit in $(git log origin/HEAD..HEAD --pretty=format:"%H"); do
local _message
_message="$(git log -1 --pretty=format:"%s" "$_commit")"
if grep -q -Ei 'WIP ?(\([^)]\) ?)?:' <<<"$_message"; then
warning "Commit '$_commit' is a WIP commit '$_message'"
_as_wip=$TRUE
fi
done
if [[ $_as_wip -eq $TRUE ]]; then
error "Pushing WIP commits are not allowed, please fix it !"
return $FAILURE
fi
return $SUCCESS
}
# secure_branch_push is a function to check if the branch is protected
secure_branch_push() {
# check if this flag is disabled
if [[ $BRANCH_PROTECTED_PUSH -eq $FALSE ]]; then
warning "Protecting branch are not enabled to prevent pushing by mistake 😱"
return $SUCCESS
fi
# check argument
if [[ $# -ne 1 ]]; then
error "secure_branch_push function require one argument"
return $FAILURE
fi
local _branch="$1"
# check if the branch name is empty
if [[ -z "$_branch" ]]; then
warning "Branch name is empty, that's strange 🤔"
return $SUCCESS
fi
# check if there is a regex to match the branch name
if [[ -z "$BRANCH_PROTECTED_NAME" ]]; then
info "No regex to match a protected branch name"
return $SUCCESS
fi
# check if the branch regex match the branch name
if grep -q -E "$BRANCH_PROTECTED_NAME" <<<"$_branch"; then
error "Pushing on protected branch '$_branch' is not allowed"
return $FAILURE
fi
return $SUCCESS
}
## MAIN
# do not execute if this script is sourced required for unit testing
if [[ ${BASH_SOURCE[0]} -ef "$0" ]]; then
# This assignation part comes from the default git hooks--pre-push.sample
null_hash=$(git hash-object --stdin </dev/null | tr '0-9a-f' '0')
remote_name="$1" # Nom du dépôt distant
remote_url="$2" # URL du dépôt distant
local_ref=() # Local reference (branche) qui est poussée
local_oid=() # OID (hash) de la référence locale
remote_ref=() # Référence (branche) distante
remote_oid=() # OID (hash) de la référence distante
while read lref loid rref roid; do
local_ref+=("$lref")
local_oid+=("$loid")
remote_ref+=("$rref")
remote_oid+=("$roid")
done
# Preventing WIP commits
if ! prevent_wip; then
exit $FAILURE
fi
# Check if the branch is protected
for ref in "${remote_ref[@]}"; do
if ! secure_branch_push "$ref"; then
exit $FAILURE
fi
done
exit $SUCCESS
fi