mirror of https://github.com/go-gitea/gitea
Only check at least one email gpg key (#2266)
* Only require one email (possibly not yet validated) * Update message error and check validation of commit * Add integrations tests * Complete integration for import * Add pre-check/optimization * Add some test (not finished) * Finish * Fix fixtures * Fix typo * Don't guess key IDpull/2467/head
parent
5f4210a9b0
commit
7c417bbb0d
@ -0,0 +1,260 @@ |
||||
// Copyright 2017 The Gogs Authors. All rights reserved.
|
||||
// Use of this source code is governed by a MIT-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package integrations |
||||
|
||||
import ( |
||||
"net/http" |
||||
"strconv" |
||||
"testing" |
||||
|
||||
"github.com/stretchr/testify/assert" |
||||
|
||||
api "code.gitea.io/sdk/gitea" |
||||
) |
||||
|
||||
func TestGPGKeys(t *testing.T) { |
||||
prepareTestEnv(t) |
||||
session := loginUser(t, "user2") |
||||
|
||||
tt := []struct { |
||||
name string |
||||
reqBuilder func(testing.TB, *http.Request, int) *TestResponse |
||||
results []int |
||||
}{ |
||||
{name: "NoLogin", reqBuilder: MakeRequest, |
||||
results: []int{http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized}, |
||||
}, |
||||
{name: "LoggedAsUser2", reqBuilder: session.MakeRequest, |
||||
results: []int{http.StatusOK, http.StatusOK, http.StatusNotFound, http.StatusNoContent, http.StatusInternalServerError, http.StatusInternalServerError, http.StatusCreated, http.StatusCreated}}, |
||||
} |
||||
|
||||
for _, tc := range tt { |
||||
|
||||
//Basic test on result code
|
||||
t.Run(tc.name, func(t *testing.T) { |
||||
t.Run("ViewOwnGPGKeys", func(t *testing.T) { |
||||
testViewOwnGPGKeys(t, tc.reqBuilder, tc.results[0]) |
||||
}) |
||||
t.Run("ViewGPGKeys", func(t *testing.T) { |
||||
testViewGPGKeys(t, tc.reqBuilder, tc.results[1]) |
||||
}) |
||||
t.Run("GetGPGKey", func(t *testing.T) { |
||||
testGetGPGKey(t, tc.reqBuilder, tc.results[2]) |
||||
}) |
||||
t.Run("DeleteGPGKey", func(t *testing.T) { |
||||
testDeleteGPGKey(t, tc.reqBuilder, tc.results[3]) |
||||
}) |
||||
|
||||
t.Run("CreateInvalidGPGKey", func(t *testing.T) { |
||||
testCreateInvalidGPGKey(t, tc.reqBuilder, tc.results[4]) |
||||
}) |
||||
t.Run("CreateNoneRegistredEmailGPGKey", func(t *testing.T) { |
||||
testCreateNoneRegistredEmailGPGKey(t, tc.reqBuilder, tc.results[5]) |
||||
}) |
||||
t.Run("CreateValidGPGKey", func(t *testing.T) { |
||||
testCreateValidGPGKey(t, tc.reqBuilder, tc.results[6]) |
||||
}) |
||||
t.Run("CreateValidSecondaryEmailGPGKey", func(t *testing.T) { |
||||
testCreateValidSecondaryEmailGPGKey(t, tc.reqBuilder, tc.results[7]) |
||||
}) |
||||
}) |
||||
} |
||||
|
||||
//Check state after basic add
|
||||
t.Run("CheckState", func(t *testing.T) { |
||||
|
||||
var keys []*api.GPGKey |
||||
|
||||
req := NewRequest(t, "GET", "/api/v1/user/gpg_keys") //GET all keys
|
||||
resp := session.MakeRequest(t, req, http.StatusOK) |
||||
DecodeJSON(t, resp, &keys) |
||||
|
||||
primaryKey1 := keys[0] //Primary key 1
|
||||
assert.EqualValues(t, "38EA3BCED732982C", primaryKey1.KeyID) |
||||
assert.EqualValues(t, 1, len(primaryKey1.Emails)) |
||||
assert.EqualValues(t, "user2@example.com", primaryKey1.Emails[0].Email) |
||||
assert.EqualValues(t, true, primaryKey1.Emails[0].Verified) |
||||
|
||||
subKey := primaryKey1.SubsKey[0] //Subkey of 38EA3BCED732982C
|
||||
assert.EqualValues(t, "70D7C694D17D03AD", subKey.KeyID) |
||||
assert.EqualValues(t, 0, len(subKey.Emails)) |
||||
|
||||
primaryKey2 := keys[1] //Primary key 2
|
||||
assert.EqualValues(t, "FABF39739FE1E927", primaryKey2.KeyID) |
||||
assert.EqualValues(t, 1, len(primaryKey2.Emails)) |
||||
assert.EqualValues(t, "user21@example.com", primaryKey2.Emails[0].Email) |
||||
assert.EqualValues(t, false, primaryKey2.Emails[0].Verified) |
||||
|
||||
var key api.GPGKey |
||||
req = NewRequest(t, "GET", "/api/v1/user/gpg_keys/"+strconv.FormatInt(primaryKey1.ID, 10)) //Primary key 1
|
||||
resp = session.MakeRequest(t, req, http.StatusOK) |
||||
DecodeJSON(t, resp, &key) |
||||
assert.EqualValues(t, "38EA3BCED732982C", key.KeyID) |
||||
assert.EqualValues(t, 1, len(key.Emails)) |
||||
assert.EqualValues(t, "user2@example.com", key.Emails[0].Email) |
||||
assert.EqualValues(t, true, key.Emails[0].Verified) |
||||
|
||||
req = NewRequest(t, "GET", "/api/v1/user/gpg_keys/"+strconv.FormatInt(subKey.ID, 10)) //Subkey of 38EA3BCED732982C
|
||||
resp = session.MakeRequest(t, req, http.StatusOK) |
||||
DecodeJSON(t, resp, &key) |
||||
assert.EqualValues(t, "70D7C694D17D03AD", key.KeyID) |
||||
assert.EqualValues(t, 0, len(key.Emails)) |
||||
|
||||
req = NewRequest(t, "GET", "/api/v1/user/gpg_keys/"+strconv.FormatInt(primaryKey2.ID, 10)) //Primary key 2
|
||||
resp = session.MakeRequest(t, req, http.StatusOK) |
||||
DecodeJSON(t, resp, &key) |
||||
assert.EqualValues(t, "FABF39739FE1E927", key.KeyID) |
||||
assert.EqualValues(t, 1, len(key.Emails)) |
||||
assert.EqualValues(t, "user21@example.com", key.Emails[0].Email) |
||||
assert.EqualValues(t, false, key.Emails[0].Verified) |
||||
|
||||
}) |
||||
|
||||
//Check state after basic add
|
||||
t.Run("CheckCommits", func(t *testing.T) { |
||||
t.Run("NotSigned", func(t *testing.T) { |
||||
var branch api.Branch |
||||
req := NewRequest(t, "GET", "/api/v1/repos/user2/repo16/branches/not-signed") |
||||
resp := session.MakeRequest(t, req, http.StatusOK) |
||||
DecodeJSON(t, resp, &branch) |
||||
assert.EqualValues(t, false, branch.Commit.Verification.Verified) |
||||
}) |
||||
|
||||
t.Run("SignedWithNotValidatedEmail", func(t *testing.T) { |
||||
var branch api.Branch |
||||
req := NewRequest(t, "GET", "/api/v1/repos/user2/repo16/branches/good-sign-not-yet-validated") |
||||
resp := session.MakeRequest(t, req, http.StatusOK) |
||||
DecodeJSON(t, resp, &branch) |
||||
assert.EqualValues(t, false, branch.Commit.Verification.Verified) |
||||
}) |
||||
|
||||
t.Run("SignedWithValidEmail", func(t *testing.T) { |
||||
var branch api.Branch |
||||
req := NewRequest(t, "GET", "/api/v1/repos/user2/repo16/branches/good-sign") |
||||
resp := session.MakeRequest(t, req, http.StatusOK) |
||||
DecodeJSON(t, resp, &branch) |
||||
assert.EqualValues(t, true, branch.Commit.Verification.Verified) |
||||
}) |
||||
}) |
||||
} |
||||
|
||||
func testViewOwnGPGKeys(t *testing.T, reqBuilder func(testing.TB, *http.Request, int) *TestResponse, expected int) { |
||||
req := NewRequest(t, "GET", "/api/v1/user/gpg_keys") |
||||
reqBuilder(t, req, expected) |
||||
} |
||||
|
||||
func testViewGPGKeys(t *testing.T, reqBuilder func(testing.TB, *http.Request, int) *TestResponse, expected int) { |
||||
req := NewRequest(t, "GET", "/api/v1/users/user2/gpg_keys") |
||||
reqBuilder(t, req, expected) |
||||
} |
||||
|
||||
func testGetGPGKey(t *testing.T, reqBuilder func(testing.TB, *http.Request, int) *TestResponse, expected int) { |
||||
req := NewRequest(t, "GET", "/api/v1/user/gpg_keys/1") |
||||
reqBuilder(t, req, expected) |
||||
} |
||||
|
||||
func testDeleteGPGKey(t *testing.T, reqBuilder func(testing.TB, *http.Request, int) *TestResponse, expected int) { |
||||
req := NewRequest(t, "DELETE", "/api/v1/user/gpg_keys/1") |
||||
reqBuilder(t, req, expected) |
||||
} |
||||
|
||||
func testCreateGPGKey(t *testing.T, reqBuilder func(testing.TB, *http.Request, int) *TestResponse, expected int, publicKey string) { |
||||
req := NewRequestWithJSON(t, "POST", "/api/v1/user/gpg_keys", api.CreateGPGKeyOption{ |
||||
ArmoredKey: publicKey, |
||||
}) |
||||
reqBuilder(t, req, expected) |
||||
} |
||||
|
||||
func testCreateInvalidGPGKey(t *testing.T, reqBuilder func(testing.TB, *http.Request, int) *TestResponse, expected int) { |
||||
testCreateGPGKey(t, reqBuilder, expected, "invalid_key") |
||||
} |
||||
|
||||
func testCreateNoneRegistredEmailGPGKey(t *testing.T, reqBuilder func(testing.TB, *http.Request, int) *TestResponse, expected int) { |
||||
testCreateGPGKey(t, reqBuilder, expected, `-----BEGIN PGP PUBLIC KEY BLOCK----- |
||||
|
||||
mQENBFmGUygBCACjCNbKvMGgp0fd5vyFW9olE1CLCSyyF9gQN2hSuzmZLuAZF2Kh |
||||
dCMCG2T1UwzUB/yWUFWJ2BtCwSjuaRv+cGohqEy6bhEBV90peGA33lHfjx7wP25O |
||||
7moAphDOTZtDj1AZfCh/PTcJut8Lc0eRDMhNyp/bYtO7SHNT1Hr6rrCV/xEtSAvR |
||||
3b148/tmIBiSadaLwc558KU3ucjnW5RVGins3AjBZ+TuT4XXVH/oeLSeXPSJ5rt1 |
||||
rHwaseslMqZ4AbvwFLx5qn1OC9rEQv/F548QsA8m0IntLjoPon+6wcubA9Gra21c |
||||
Fp6aRYl9x7fiqXDLg8i3s2nKdV7+e6as6Tp9ABEBAAG0FG5vdGtub3duQGV4YW1w |
||||
bGUuY29tiQEcBBABAgAGBQJZhlMoAAoJEC8+pvYULDtte/wH/2JNrhmHwDY+hMj0 |
||||
batIK4HICnkKxjIgbha80P2Ao08NkzSge58fsxiKDFYAQjHui+ZAw4dq79Ax9AOO |
||||
Iv2GS9+DUfWhrb6RF+vNuJldFzcI0rTW/z2q+XGKrUCwN3khJY5XngHfQQrdBtMK |
||||
qsoUXz/5B8g422RTbo/SdPsyYAV6HeLLeV3rdgjI1fpaW0seZKHeTXQb/HvNeuPg |
||||
qz+XV1g6Gdqa1RjDOaX7A8elVKxrYq3LBtc93FW+grBde8n7JL0zPM3DY+vJ0IJZ |
||||
INx/MmBfmtCq05FqNclvU+sj2R3N1JJOtBOjZrJHQbJhzoILou8AkxeX1A+q9OAz |
||||
1geiY5E= |
||||
=TkP3 |
||||
-----END PGP PUBLIC KEY BLOCK-----`) |
||||
} |
||||
|
||||
func testCreateValidGPGKey(t *testing.T, reqBuilder func(testing.TB, *http.Request, int) *TestResponse, expected int) { |
||||
//User2 <user2@example.com> //primary & activated
|
||||
testCreateGPGKey(t, reqBuilder, expected, `-----BEGIN PGP PUBLIC KEY BLOCK----- |
||||
|
||||
mQENBFmGVsMBCACuxgZ7W7rI9xN08Y4M7B8yx/6/I4Slm94+wXf8YNRvAyqj30dW |
||||
VJhyBcnfNRDLKSQp5o/hhfDkCgdqBjLa1PnHlGS3PXJc0hP/FyYPD2BFvNMPpCYS |
||||
eu3T1qKSNXm6X0XOWD2LIrdiDC8HaI9FqZVMI/srMK2CF8XCL2m67W1FuoPlWzod |
||||
5ORy0IZB7spoF0xihmcgnEGElRmdo5w/vkGH8U7Zyn9Eb57UVFeafgeskf4wqB23 |
||||
BjbMdW2YaB+yzMRwYgOnD5lnBD4uqSmvjaV9C0kxn7x+oJkkiRV8/z1cNcO+BaeQ |
||||
Akh/yTTeTzYGSc/ZOqCX1O+NOPgSeixVlqenABEBAAG0GVVzZXIyIDx1c2VyMkBl |
||||
eGFtcGxlLmNvbT6JAVQEEwEIAD4WIQRXgbSh0TtGbgRd7XI46jvO1zKYLAUCWYZW |
||||
wwIbAwUJA8JnAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRA46jvO1zKYLF/e |
||||
B/91wm2KLMIQBZBA9WA2/+9rQWTo9EqgYrXN60rEzX3cYJWXZiE4DrKR1oWDGNLi |
||||
KXOCW62snvJldolBqq0ZqaKvPKzl0Y5TRqbYEc9AjUSqgRin1b+G2DevLGT4ibq+ |
||||
7ocQvz0XkASEUAgHahp0Ubiiib1521WwT/duL+AG8Gg0+DK09RfV3eX5/EOkQCKv |
||||
8cutqgsd2Smz40A8wXuJkRcipZBtrB/GkUaZ/eJdwEeSYZjEA9GWF61LJT2stvRN |
||||
HCk7C3z3pVEek1PluiFs/4VN8BG8yDzW4c0tLty4Fj3VwPqwIbB5AJbquVfhQCb4 |
||||
Eep2lm3Lc9b1OwO5N3coPJkouQENBFmGVsMBCADAGba2L6NCOE1i3WIP6CPzbdOo |
||||
N3gdTfTgccAx9fNeon9jor+3tgEjlo9/6cXiRoksOV6W4wFab/ZwWgwN6JO4CGvZ |
||||
Wi7EQwMMMp1E36YTojKQJrcA9UvMnTHulqQQ88F5E845DhzFQM3erv42QZZMBAX3 |
||||
kXCgy1GNFocl6tLUvJdEqs+VcJGGANMpmzE4WLa8KhSYnxipwuQ62JBy9R+cHyKT |
||||
OARk8znRqSu5bT3LtlrZ/HXu+6Oy4+2uCdNzZIh5J5tPS7CPA6ptl88iGVBte/CJ |
||||
7cjgJWSQqeYp2Y5QvsWAivkQ4Ww9plHbbwV0A2eaHsjjWzlUl3HoJ/snMOhBABEB |
||||
AAGJATwEGAEIACYWIQRXgbSh0TtGbgRd7XI46jvO1zKYLAUCWYZWwwIbDAUJA8Jn |
||||
AAAKCRA46jvO1zKYLBwLCACQOpeRVrwIKVaWcPMYjVHHJsGscaLKpgpARAUgbiG6 |
||||
Cbc2WI8Sm3fRwrY0VAfN+u9QwrtvxANcyB3vTgTzw7FimfhOimxiTSO8HQCfjDZF |
||||
Xly8rq+Fua7+ClWUpy21IekW41VvZYjH2sL6EVP+UcEOaGAyN53XfhaRVZPhNtZN |
||||
NKAE9N5EG3rbsZ33LzJj40rEKlzFSseAAPft8qA3IXjzFBx+PQXHMpNCagL79he6 |
||||
lqockTJ+oPmta4CF/J0U5LUr1tOZXheL3TP6m8d08gDrtn0YuGOPk87i9sJz+jR9 |
||||
uy6MA3VSB99SK9ducGmE1Jv8mcziREroz2TEGr0zPs6h |
||||
=J59D |
||||
-----END PGP PUBLIC KEY BLOCK-----`) |
||||
} |
||||
|
||||
func testCreateValidSecondaryEmailGPGKey(t *testing.T, reqBuilder func(testing.TB, *http.Request, int) *TestResponse, expected int) { |
||||
//User2 <user21@example.com> //secondary and not activated
|
||||
testCreateGPGKey(t, reqBuilder, expected, `-----BEGIN PGP PUBLIC KEY BLOCK----- |
||||
|
||||
mQENBFmGWN4BCAC18V4tVGO65VLCV7p14FuXJlUtZ5CuYMvgEkcOqrvRaBSW9ao4 |
||||
PGESOhJpfWpnW3QgJniYndLzPpsmdHEclEER6aZjiNgReWPOjHD5tykWocZAJqXD |
||||
eY1ym59gvVMLcfbV2yQsyR2hbJlc+dJsl16tigSEe3nwxZSw2IsW92pgEzT9JNUr |
||||
Q+mC8dw4dqY0tYmFazYUGNxufUc/twgQT/Or1aNs0az5Q6Jft4rrTRsh/S7We0VB |
||||
COKGkdcQyYgAls7HJBuPjQRi6DM9VhgBSHLAgSLyaUcZvhZBJr8Qe/q4PP3/kYDJ |
||||
wm4RMnjOLz2pFZPgtRqgcAwpmFtLrACbEB3JABEBAAG0GlVzZXIyIDx1c2VyMjFA |
||||
ZXhhbXBsZS5jb20+iQFUBBMBCAA+FiEEPOLHOjPSO42DWM57+r85c5/h6ScFAlmG |
||||
WN4CGwMFCQPCZwAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQ+r85c5/h6Sfx |
||||
Lgf/dq64NBV8+X9an3seaLxePRviva48e4K67/wV/JxtXNO5Z/DhMGz5kHXCsG9D |
||||
CXuWYO8ehlTjEnMZ6qqdDnY+H6bQsb2OS5oPn4RwpPXslAjEKtojPAr0dDsMS2DB |
||||
dUuIm1AoOnewOVO0OFRf1EqX1bivxnN0FVMcO0m8AczfnKDaGb0y/qg/Y9JAsKqp |
||||
j5pZNMWUkntRtGySeJ4CVJMmkVKJAHsa1Qj6MKdFeid4h4y94cBJ4ZdyBxNdpQOx |
||||
ydf0doicovfeqGNO4oWzsGP4RBK2CqGPCUT+EFl20jPvMkKwOjxgqc8p0z3b2UT9 |
||||
+9bnmCGHgF/fW1HJ3iKmfFPqnLkBDQRZhljeAQgA5AirU/NJGgm19ZJYFOiHftjS |
||||
azbrPxGeD3cSqmvDPIMc1DNZGfQV5D4EVumnVbQBtL6xHFoGKz9KisUMbe4a/X2J |
||||
S8JmIphQWG0vMJX1DaZIzr2gT71MnPD7JMGsSUCh5dIKpTNTZX4w+oGPGOu0/UlL |
||||
x0448AryKwp30J2p6D4GeI0nb03n35S2lTOpnHDn1wj7Jl/8LS2fdFOdNaNHXSZe |
||||
twdSwJKhyBEiScgeHBDyKqo8zWkYoSb9eA2HiYlbVaiNtp24KP1mIEpiUdrRjWno |
||||
zauYSZGHZlOFMgF4dKWuetPiuH9m7UYZGKyMLfQ9vYFb+xcPh2bLCQHJ1OEmMQAR |
||||
AQABiQE8BBgBCAAmFiEEPOLHOjPSO42DWM57+r85c5/h6ScFAlmGWN4CGwwFCQPC |
||||
ZwAACgkQ+r85c5/h6Sfjfwf+O4WEjRdvPJLxNy7mfAGoAqDMHIwyH/tVzYgyVhnG |
||||
h/+cfRxJbGc3rpjYdr8dmvghzjEAout8uibPWaIqs63RCAPGPqgWLfxNO5c8+y8V |
||||
LZMVOTV26l2olkkdBWAuhLqKTNh6TiQva03yhOgHWj4XDvFfxICWPFXVd6t5ELpD |
||||
iApGu1OAj8JfhmzbG03Yzx+Ku7bWDxMonx3V/IDEu5LS5zrboHYDKCA53bXXghoi |
||||
Aceqql+PKrDwEjoY4bptwMHLmcjGjdCQ//Qx1neho7nZcS7xjTucY8gQuulwCyXF
|
||||
y6wM+wMz8dunIG9gw4+Re6c4Rz9tX1kzxLrU7Pl21tMqfg== |
||||
=0N/9 |
||||
-----END PGP PUBLIC KEY BLOCK-----`) |
||||
} |
@ -0,0 +1 @@ |
||||
ref: refs/heads/master |
@ -0,0 +1,4 @@ |
||||
[core] |
||||
repositoryformatversion = 0 |
||||
filemode = true |
||||
bare = true |
@ -0,0 +1 @@ |
||||
Unnamed repository; edit this file 'description' to name the repository. |
@ -0,0 +1,15 @@ |
||||
#!/bin/sh |
||||
# |
||||
# An example hook script to check the commit log message taken by |
||||
# applypatch from an e-mail message. |
||||
# |
||||
# The hook should exit with non-zero status after issuing an |
||||
# appropriate message if it wants to stop the commit. The hook is |
||||
# allowed to edit the commit message file. |
||||
# |
||||
# To enable this hook, rename this file to "applypatch-msg". |
||||
|
||||
. git-sh-setup |
||||
commitmsg="$(git rev-parse --git-path hooks/commit-msg)" |
||||
test -x "$commitmsg" && exec "$commitmsg" ${1+"$@"} |
||||
: |
@ -0,0 +1,24 @@ |
||||
#!/bin/sh |
||||
# |
||||
# An example hook script to check the commit log message. |
||||
# Called by "git commit" with one argument, the name of the file |
||||
# that has the commit message. The hook should exit with non-zero |
||||
# status after issuing an appropriate message if it wants to stop the |
||||
# commit. The hook is allowed to edit the commit message file. |
||||
# |
||||
# To enable this hook, rename this file to "commit-msg". |
||||
|
||||
# Uncomment the below to add a Signed-off-by line to the message. |
||||
# Doing this in a hook is a bad idea in general, but the prepare-commit-msg |
||||
# hook is more suited to it. |
||||
# |
||||
# SOB=$(git var GIT_AUTHOR_IDENT | sed -n 's/^\(.*>\).*$/Signed-off-by: \1/p') |
||||
# grep -qs "^$SOB" "$1" || echo "$SOB" >> "$1" |
||||
|
||||
# This example catches duplicate Signed-off-by lines. |
||||
|
||||
test "" = "$(grep '^Signed-off-by: ' "$1" | |
||||
sort | uniq -c | sed -e '/^[ ]*1[ ]/d')" || { |
||||
echo >&2 Duplicate Signed-off-by lines. |
||||
exit 1 |
||||
} |
@ -0,0 +1,8 @@ |
||||
#!/bin/sh |
||||
# |
||||
# An example hook script to prepare a packed repository for use over |
||||
# dumb transports. |
||||
# |
||||
# To enable this hook, rename this file to "post-update". |
||||
|
||||
exec git update-server-info |
@ -0,0 +1,14 @@ |
||||
#!/bin/sh |
||||
# |
||||
# An example hook script to verify what is about to be committed |
||||
# by applypatch from an e-mail message. |
||||
# |
||||
# The hook should exit with non-zero status after issuing an |
||||
# appropriate message if it wants to stop the commit. |
||||
# |
||||
# To enable this hook, rename this file to "pre-applypatch". |
||||
|
||||
. git-sh-setup |
||||
precommit="$(git rev-parse --git-path hooks/pre-commit)" |
||||
test -x "$precommit" && exec "$precommit" ${1+"$@"} |
||||
: |
@ -0,0 +1,49 @@ |
||||
#!/bin/sh |
||||
# |
||||
# An example hook script to verify what is about to be committed. |
||||
# Called by "git commit" with no arguments. The hook should |
||||
# exit with non-zero status after issuing an appropriate message if |
||||
# it wants to stop the commit. |
||||
# |
||||
# To enable this hook, rename this file to "pre-commit". |
||||
|
||||
if git rev-parse --verify HEAD >/dev/null 2>&1 |
||||
then |
||||
against=HEAD |
||||
else |
||||
# Initial commit: diff against an empty tree object |
||||
against=4b825dc642cb6eb9a060e54bf8d69288fbee4904 |
||||
fi |
||||
|
||||
# If you want to allow non-ASCII filenames set this variable to true. |
||||
allownonascii=$(git config --bool hooks.allownonascii) |
||||
|
||||
# Redirect output to stderr. |
||||
exec 1>&2 |
||||
|
||||
# Cross platform projects tend to avoid non-ASCII filenames; prevent |
||||
# them from being added to the repository. We exploit the fact that the |
||||
# printable range starts at the space character and ends with tilde. |
||||
if [ "$allownonascii" != "true" ] && |
||||
# Note that the use of brackets around a tr range is ok here, (it's |
||||
# even required, for portability to Solaris 10's /usr/bin/tr), since |
||||
# the square bracket bytes happen to fall in the designated range. |
||||
test $(git diff --cached --name-only --diff-filter=A -z $against | |
||||
LC_ALL=C tr -d '[ -~]\0' | wc -c) != 0 |
||||
then |
||||
cat <<\EOF |
||||
Error: Attempt to add a non-ASCII file name. |
||||
|
||||
This can cause problems if you want to work with people on other platforms. |
||||
|
||||
To be portable it is advisable to rename the file. |
||||
|
||||
If you know what you are doing you can disable this check using: |
||||
|
||||
git config hooks.allownonascii true |
||||
EOF |
||||
exit 1 |
||||
fi |
||||
|
||||
# If there are whitespace errors, print the offending file names and fail. |
||||
exec git diff-index --check --cached $against -- |
@ -0,0 +1,53 @@ |
||||
#!/bin/sh |
||||
|
||||
# An example hook script to verify what is about to be pushed. Called by "git |
||||
# push" after it has checked the remote status, but before anything has been |
||||
# pushed. If this script exits with a non-zero status nothing will be pushed. |
||||
# |
||||
# This hook is called with the following parameters: |
||||
# |
||||
# $1 -- Name of the remote to which the push is being done |
||||
# $2 -- URL to which the push is being done |
||||
# |
||||
# If pushing without using a named remote those arguments will be equal. |
||||
# |
||||
# Information about the commits which are being pushed is supplied as lines to |
||||
# the standard input in the form: |
||||
# |
||||
# <local ref> <local sha1> <remote ref> <remote sha1> |
||||
# |
||||
# This sample shows how to prevent push of commits where the log message starts |
||||
# with "WIP" (work in progress). |
||||
|
||||
remote="$1" |
||||
url="$2" |
||||
|
||||
z40=0000000000000000000000000000000000000000 |
||||
|
||||
while read local_ref local_sha remote_ref remote_sha |
||||
do |
||||
if [ "$local_sha" = $z40 ] |
||||
then |
||||
# Handle delete |
||||
: |
||||
else |
||||
if [ "$remote_sha" = $z40 ] |
||||
then |
||||
# New branch, examine all commits |
||||
range="$local_sha" |
||||
else |
||||
# Update to existing branch, examine new commits |
||||
range="$remote_sha..$local_sha" |
||||
fi |
||||
|
||||
# Check for WIP commit |
||||
commit=`git rev-list -n 1 --grep '^WIP' "$range"` |
||||
if [ -n "$commit" ] |
||||
then |
||||
echo >&2 "Found WIP commit in $local_ref, not pushing" |
||||
exit 1 |
||||
fi |
||||
fi |
||||
done |
||||
|
||||
exit 0 |
@ -0,0 +1,169 @@ |
||||
#!/bin/sh |
||||
# |
||||
# Copyright (c) 2006, 2008 Junio C Hamano |
||||
# |
||||
# The "pre-rebase" hook is run just before "git rebase" starts doing |
||||
# its job, and can prevent the command from running by exiting with |
||||
# non-zero status. |
||||
# |
||||
# The hook is called with the following parameters: |
||||
# |
||||
# $1 -- the upstream the series was forked from. |
||||
# $2 -- the branch being rebased (or empty when rebasing the current branch). |
||||
# |
||||
# This sample shows how to prevent topic branches that are already |
||||
# merged to 'next' branch from getting rebased, because allowing it |
||||
# would result in rebasing already published history. |
||||
|
||||
publish=next |
||||
basebranch="$1" |
||||
if test "$#" = 2 |
||||
then |
||||
topic="refs/heads/$2" |
||||
else |
||||
topic=`git symbolic-ref HEAD` || |
||||
exit 0 ;# we do not interrupt rebasing detached HEAD |
||||
fi |
||||
|
||||
case "$topic" in |
||||
refs/heads/??/*) |
||||
;; |
||||
*) |
||||
exit 0 ;# we do not interrupt others. |
||||
;; |
||||
esac |
||||
|
||||
# Now we are dealing with a topic branch being rebased |
||||
# on top of master. Is it OK to rebase it? |
||||
|
||||
# Does the topic really exist? |
||||
git show-ref -q "$topic" || { |
||||
echo >&2 "No such branch $topic" |
||||
exit 1 |
||||
} |
||||
|
||||
# Is topic fully merged to master? |
||||
not_in_master=`git rev-list --pretty=oneline ^master "$topic"` |
||||
if test -z "$not_in_master" |
||||
then |
||||
echo >&2 "$topic is fully merged to master; better remove it." |
||||
exit 1 ;# we could allow it, but there is no point. |
||||
fi |
||||
|
||||
# Is topic ever merged to next? If so you should not be rebasing it. |
||||
only_next_1=`git rev-list ^master "^$topic" ${publish} | sort` |
||||
only_next_2=`git rev-list ^master ${publish} | sort` |
||||
if test "$only_next_1" = "$only_next_2" |
||||
then |
||||
not_in_topic=`git rev-list "^$topic" master` |
||||
if test -z "$not_in_topic" |
||||
then |
||||
echo >&2 "$topic is already up-to-date with master" |
||||
exit 1 ;# we could allow it, but there is no point. |
||||
else |
||||
exit 0 |
||||
fi |
||||
else |
||||
not_in_next=`git rev-list --pretty=oneline ^${publish} "$topic"` |
||||
/usr/bin/perl -e ' |
||||
my $topic = $ARGV[0]; |
||||
my $msg = "* $topic has commits already merged to public branch:\n"; |
||||
my (%not_in_next) = map { |
||||
/^([0-9a-f]+) /; |
||||
($1 => 1); |
||||
} split(/\n/, $ARGV[1]); |
||||
for my $elem (map { |
||||
/^([0-9a-f]+) (.*)$/; |
||||
[$1 => $2]; |
||||
} split(/\n/, $ARGV[2])) { |
||||
if (!exists $not_in_next{$elem->[0]}) { |
||||
if ($msg) { |
||||
print STDERR $msg; |
||||
undef $msg; |
||||
} |
||||
print STDERR " $elem->[1]\n"; |
||||
} |
||||
} |
||||
' "$topic" "$not_in_next" "$not_in_master" |
||||
exit 1 |
||||
fi |
||||
|
||||
exit 0 |
||||
|
||||
################################################################ |
||||
|
||||
This sample hook safeguards topic branches that have been |
||||
published from being rewound. |
||||
|
||||
The workflow assumed here is: |
||||
|
||||
* Once a topic branch forks from "master", "master" is never |
||||
merged into it again (either directly or indirectly). |
||||
|
||||
* Once a topic branch is fully cooked and merged into "master", |
||||
it is deleted. If you need to build on top of it to correct |
||||
earlier mistakes, a new topic branch is created by forking at |
||||
the tip of the "master". This is not strictly necessary, but |
||||
it makes it easier to keep your history simple. |
||||
|
||||
* Whenever you need to test or publish your changes to topic |
||||
branches, merge them into "next" branch. |
||||
|
||||
The script, being an example, hardcodes the publish branch name |
||||
to be "next", but it is trivial to make it configurable via |
||||
$GIT_DIR/config mechanism. |
||||
|
||||
With this workflow, you would want to know: |
||||
|
||||
(1) ... if a topic branch has ever been merged to "next". Young |
||||
topic branches can have stupid mistakes you would rather |
||||
clean up before publishing, and things that have not been |
||||
merged into other branches can be easily rebased without |
||||
affecting other people. But once it is published, you would |
||||
not want to rewind it. |
||||
|
||||
(2) ... if a topic branch has been fully merged to "master". |
||||
Then you can delete it. More importantly, you should not |
||||
build on top of it -- other people may already want to |
||||
change things related to the topic as patches against your |
||||
"master", so if you need further changes, it is better to |
||||
fork the topic (perhaps with the same name) afresh from the |
||||
tip of "master". |
||||
|
||||
Let's look at this example: |
||||
|
||||
o---o---o---o---o---o---o---o---o---o "next" |
||||
/ / / / |
||||
/ a---a---b A / / |
||||
/ / / / |
||||
/ / c---c---c---c B / |
||||
/ / / \ / |
||||
/ / / b---b C \ / |
||||
/ / / / \ / |
||||
---o---o---o---o---o---o---o---o---o---o---o "master" |
||||
|
||||
|
||||
A, B and C are topic branches. |
||||
|
||||
* A has one fix since it was merged up to "next". |
||||
|
||||
* B has finished. It has been fully merged up to "master" and "next", |
||||
and is ready to be deleted. |
||||
|
||||
* C has not merged to "next" at all. |
||||
|
||||
We would want to allow C to be rebased, refuse A, and encourage |
||||
B to be deleted. |
||||
|
||||
To compute (1): |
||||
|
||||
git rev-list ^master ^topic next |
||||
git rev-list ^master next |
||||
|
||||
if these match, topic has not merged in next at all. |
||||
|
||||
To compute (2): |
||||
|
||||
git rev-list master..topic |
||||
|
||||
if this is empty, it is fully merged to "master". |
@ -0,0 +1,24 @@ |
||||
#!/bin/sh |
||||
# |
||||
# An example hook script to make use of push options. |
||||
# The example simply echoes all push options that start with 'echoback=' |
||||
# and rejects all pushes when the "reject" push option is used. |
||||
# |
||||
# To enable this hook, rename this file to "pre-receive". |
||||
|
||||
if test -n "$GIT_PUSH_OPTION_COUNT" |
||||
then |
||||
i=0 |
||||
while test "$i" -lt "$GIT_PUSH_OPTION_COUNT" |
||||
do |
||||
eval "value=\$GIT_PUSH_OPTION_$i" |
||||
case "$value" in |
||||
echoback=*) |
||||
echo "echo from the pre-receive-hook: ${value#*=}" >&2 |
||||
;; |
||||
reject) |
||||
exit 1 |
||||
esac |
||||
i=$((i + 1)) |
||||
done |
||||
fi |
@ -0,0 +1,36 @@ |
||||
#!/bin/sh |
||||
# |
||||
# An example hook script to prepare the commit log message. |
||||
# Called by "git commit" with the name of the file that has the |
||||
# commit message, followed by the description of the commit |
||||
# message's source. The hook's purpose is to edit the commit |
||||
# message file. If the hook fails with a non-zero status, |
||||
# the commit is aborted. |
||||
# |
||||
# To enable this hook, rename this file to "prepare-commit-msg". |
||||
|
||||
# This hook includes three examples. The first comments out the |
||||
# "Conflicts:" part of a merge commit. |
||||
# |
||||
# The second includes the output of "git diff --name-status -r" |
||||
# into the message, just before the "git status" output. It is |
||||
# commented because it doesn't cope with --amend or with squashed |
||||
# commits. |
||||
# |
||||
# The third example adds a Signed-off-by line to the message, that can |
||||
# still be edited. This is rarely a good idea. |
||||
|
||||
case "$2,$3" in |
||||
merge,) |
||||
/usr/bin/perl -i.bak -ne 's/^/# /, s/^# #/#/ if /^Conflicts/ .. /#/; print' "$1" ;; |
||||
|
||||
# ,|template,) |
||||
# /usr/bin/perl -i.bak -pe ' |
||||
# print "\n" . `git diff --cached --name-status -r` |
||||
# if /^#/ && $first++ == 0' "$1" ;; |
||||
|
||||
*) ;; |
||||
esac |
||||
|
||||
# SOB=$(git var GIT_AUTHOR_IDENT | sed -n 's/^\(.*>\).*$/Signed-off-by: \1/p') |
||||
# grep -qs "^$SOB" "$1" || echo "$SOB" >> "$1" |
@ -0,0 +1,128 @@ |
||||
#!/bin/sh |
||||
# |
||||
# An example hook script to block unannotated tags from entering. |
||||
# Called by "git receive-pack" with arguments: refname sha1-old sha1-new |
||||
# |
||||
# To enable this hook, rename this file to "update". |
||||
# |
||||
# Config |
||||
# ------ |
||||
# hooks.allowunannotated |
||||
# This boolean sets whether unannotated tags will be allowed into the |
||||
# repository. By default they won't be. |
||||
# hooks.allowdeletetag |
||||
# This boolean sets whether deleting tags will be allowed in the |
||||
# repository. By default they won't be. |
||||
# hooks.allowmodifytag |
||||
# This boolean sets whether a tag may be modified after creation. By default |
||||
# it won't be. |
||||
# hooks.allowdeletebranch |
||||
# This boolean sets whether deleting branches will be allowed in the |
||||
# repository. By default they won't be. |
||||
# hooks.denycreatebranch |
||||
# This boolean sets whether remotely creating branches will be denied |
||||
# in the repository. By default this is allowed. |
||||
# |
||||
|
||||
# --- Command line |
||||
refname="$1" |
||||
oldrev="$2" |
||||
newrev="$3" |
||||
|
||||
# --- Safety check |
||||
if [ -z "$GIT_DIR" ]; then |
||||
echo "Don't run this script from the command line." >&2 |
||||
echo " (if you want, you could supply GIT_DIR then run" >&2 |
||||
echo " $0 <ref> <oldrev> <newrev>)" >&2 |
||||
exit 1 |
||||
fi |
||||
|
||||
if [ -z "$refname" -o -z "$oldrev" -o -z "$newrev" ]; then |
||||
echo "usage: $0 <ref> <oldrev> <newrev>" >&2 |
||||
exit 1 |
||||
fi |
||||
|
||||
# --- Config |
||||
allowunannotated=$(git config --bool hooks.allowunannotated) |
||||
allowdeletebranch=$(git config --bool hooks.allowdeletebranch) |
||||
denycreatebranch=$(git config --bool hooks.denycreatebranch) |
||||
allowdeletetag=$(git config --bool hooks.allowdeletetag) |
||||
allowmodifytag=$(git config --bool hooks.allowmodifytag) |
||||
|
||||
# check for no description |
||||
projectdesc=$(sed -e '1q' "$GIT_DIR/description") |
||||
case "$projectdesc" in |
||||
"Unnamed repository"* | "") |
||||
echo "*** Project description file hasn't been set" >&2 |
||||
exit 1 |
||||
;; |
||||
esac |
||||
|
||||
# --- Check types |
||||
# if $newrev is 0000...0000, it's a commit to delete a ref. |
||||
zero="0000000000000000000000000000000000000000" |
||||
if [ "$newrev" = "$zero" ]; then |
||||
newrev_type=delete |
||||
else |
||||
newrev_type=$(git cat-file -t $newrev) |
||||
fi |
||||
|
||||
case "$refname","$newrev_type" in |
||||
refs/tags/*,commit) |
||||
# un-annotated tag |
||||
short_refname=${refname##refs/tags/} |
||||
if [ "$allowunannotated" != "true" ]; then |
||||
echo "*** The un-annotated tag, $short_refname, is not allowed in this repository" >&2 |
||||
echo "*** Use 'git tag [ -a | -s ]' for tags you want to propagate." >&2 |
||||
exit 1 |
||||
fi |
||||
;; |
||||
refs/tags/*,delete) |
||||
# delete tag |
||||
if [ "$allowdeletetag" != "true" ]; then |
||||
echo "*** Deleting a tag is not allowed in this repository" >&2 |
||||
exit 1 |
||||
fi |
||||
;; |
||||
refs/tags/*,tag) |
||||
# annotated tag |
||||
if [ "$allowmodifytag" != "true" ] && git rev-parse $refname > /dev/null 2>&1 |
||||
then |
||||
echo "*** Tag '$refname' already exists." >&2 |
||||
echo "*** Modifying a tag is not allowed in this repository." >&2 |
||||
exit 1 |
||||
fi |
||||
;; |
||||
refs/heads/*,commit) |
||||
# branch |
||||
if [ "$oldrev" = "$zero" -a "$denycreatebranch" = "true" ]; then |
||||
echo "*** Creating a branch is not allowed in this repository" >&2 |
||||
exit 1 |
||||
fi |
||||
;; |
||||
refs/heads/*,delete) |
||||
# delete branch |
||||
if [ "$allowdeletebranch" != "true" ]; then |
||||
echo "*** Deleting a branch is not allowed in this repository" >&2 |
||||
exit 1 |
||||
fi |
||||
;; |
||||
refs/remotes/*,commit) |
||||
# tracking branch |
||||
;; |
||||
refs/remotes/*,delete) |
||||
# delete tracking branch |
||||
if [ "$allowdeletebranch" != "true" ]; then |
||||
echo "*** Deleting a tracking branch is not allowed in this repository" >&2 |
||||
exit 1 |
||||
fi |
||||
;; |
||||
*) |
||||
# Anything else (is there anything else?) |
||||
echo "*** Update hook: unknown type of update to ref $refname of type $newrev_type" >&2 |
||||
exit 1 |
||||
;; |
||||
esac |
||||
|
||||
# --- Finished |
||||
exit 0 |
@ -0,0 +1,6 @@ |
||||
# git ls-files --others --exclude-from=.git/info/exclude |
||||
# Lines that start with '#' are comments. |
||||
# For a project mostly in C, the following would be a good set of |
||||
# exclude patterns (uncomment them if you want to use them): |
||||
# *.[oa] |
||||
# *~ |
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -0,0 +1 @@ |
||||
f27c2b2b03dcab38beaf89b0ab4ff61f6de63441 |
@ -0,0 +1 @@ |
||||
27566bd5738fc8b4e3fef3c5e72cce608537bd95 |
@ -0,0 +1 @@ |
||||
69554a64c1e6030f051e5c3f94bfbd773cd6a324 |
@ -0,0 +1 @@ |
||||
69554a64c1e6030f051e5c3f94bfbd773cd6a324 |
Loading…
Reference in new issue