diff options
author | Sean Whitton <spwhitton@spwhitton.name> | 2020-02-02 11:37:54 -0700 |
---|---|---|
committer | Sean Whitton <spwhitton@spwhitton.name> | 2020-02-02 11:37:54 -0700 |
commit | bc687302753c78c8acdffbf89aa4b3a0ba3fb466 (patch) | |
tree | 6782835c4b48810ef0d73e16ed16aeb927bd7bfb /hooks | |
parent | 38e0c240f4eeba591131b59298c82dc16158e7ac (diff) | |
download | dotfiles-bc687302753c78c8acdffbf89aa4b3a0ba3fb466.tar.gz |
stop stowing git hooks into $HOME
No use for those symlinks.
Diffstat (limited to 'hooks')
l--------- | hooks/git/dgit/pre-push | 1 | ||||
-rwxr-xr-x | hooks/git/dotfiles/post-checkout | 23 | ||||
-rwxr-xr-x | hooks/git/dotfiles/pre-push | 26 | ||||
l--------- | hooks/git/git-remote-gcrypt/pre-push | 1 | ||||
l--------- | hooks/git/mailscripts/pre-push | 1 | ||||
l--------- | hooks/git/org-d20/pre-push | 1 | ||||
l--------- | hooks/git/pandoc-citeproc-preamble/pre-push | 1 | ||||
-rwxr-xr-x | hooks/git/pre-push_signed-off-by | 57 | ||||
-rwxr-xr-x | hooks/git/propellor/post-checkout | 29 |
9 files changed, 140 insertions, 0 deletions
diff --git a/hooks/git/dgit/pre-push b/hooks/git/dgit/pre-push new file mode 120000 index 00000000..9ba9f82a --- /dev/null +++ b/hooks/git/dgit/pre-push @@ -0,0 +1 @@ +../pre-push_signed-off-by
\ No newline at end of file diff --git a/hooks/git/dotfiles/post-checkout b/hooks/git/dotfiles/post-checkout new file mode 100755 index 00000000..21b007cc --- /dev/null +++ b/hooks/git/dotfiles/post-checkout @@ -0,0 +1,23 @@ +#!/bin/sh + +branch="$(git symbolic-ref --quiet --short HEAD)" +if ! [ $? = 0 ]; then # detached HEAD + git config commit.gpgsign false + exit 0 +fi + +# Check that signing is likely to succeed before setting +# commit.gpgsign, by looking for presence of a secret key with the +# signing capability. +# +# The reason this is needed is that this post-checkout hook will get +# called during a rebase onto master, and I want to do that on hosts +# which don't have access to my secret key. If commit.gpgsign gets +# set to true on those hosts, the rebase will be interrupted +if [ "$branch" = "master" ] \ + && gpg --list-secret-keys $(git config user.signingKey) 2>/dev/null \ + | grep -Eq '^(ssb|sec)[^#].*\[[A-Z]*S[A-Z]*\]$'; then + git config commit.gpgsign true +else + git config commit.gpgsign false +fi diff --git a/hooks/git/dotfiles/pre-push b/hooks/git/dotfiles/pre-push new file mode 100755 index 00000000..a3f048dc --- /dev/null +++ b/hooks/git/dotfiles/pre-push @@ -0,0 +1,26 @@ +#!/bin/sh + +remote="$1" +url="$2" + +z40=0000000000000000000000000000000000000000 + +while read local_ref local_sha remote_ref remote_sha; do + if [ "$local_sha" = $z40 ]; then + # Permit deletion of branches + : + else + if [ "$remote_ref" = "refs/heads/master" ]; then + if git verify-commit-by-fp \ + 8DC2487E51ABDD90B5C4753F0F56D0553B6D411B "$local_sha" + then + echo "Proposed new master has been signed by Sean" + else + echo >&2 "Proposed new master has not been PGP-signed by Sean" + exit 1 + fi + fi + fi +done + +exit 0 diff --git a/hooks/git/git-remote-gcrypt/pre-push b/hooks/git/git-remote-gcrypt/pre-push new file mode 120000 index 00000000..9ba9f82a --- /dev/null +++ b/hooks/git/git-remote-gcrypt/pre-push @@ -0,0 +1 @@ +../pre-push_signed-off-by
\ No newline at end of file diff --git a/hooks/git/mailscripts/pre-push b/hooks/git/mailscripts/pre-push new file mode 120000 index 00000000..9ba9f82a --- /dev/null +++ b/hooks/git/mailscripts/pre-push @@ -0,0 +1 @@ +../pre-push_signed-off-by
\ No newline at end of file diff --git a/hooks/git/org-d20/pre-push b/hooks/git/org-d20/pre-push new file mode 120000 index 00000000..9ba9f82a --- /dev/null +++ b/hooks/git/org-d20/pre-push @@ -0,0 +1 @@ +../pre-push_signed-off-by
\ No newline at end of file diff --git a/hooks/git/pandoc-citeproc-preamble/pre-push b/hooks/git/pandoc-citeproc-preamble/pre-push new file mode 120000 index 00000000..9ba9f82a --- /dev/null +++ b/hooks/git/pandoc-citeproc-preamble/pre-push @@ -0,0 +1 @@ +../pre-push_signed-off-by
\ No newline at end of file diff --git a/hooks/git/pre-push_signed-off-by b/hooks/git/pre-push_signed-off-by new file mode 100755 index 00000000..775f505c --- /dev/null +++ b/hooks/git/pre-push_signed-off-by @@ -0,0 +1,57 @@ +#!/bin/bash + +# some of this is from +# https://lubomir.github.io/en/2016-05-04-signoff-hooks.html + +remote="$1" +url="$2" + +z40=0000000000000000000000000000000000000000 + +while read local_ref local_sha remote_ref remote_sha; do + if [ "$local_sha" = $z40 ]; then + # Permit deletion of branches + : + elif echo "$remote_ref" | grep -Eq "^refs/heads/(wip|tmp)/"; then + # wip/ branches may contain commits which are not signed off + : + else + if [ "$remote_sha" = $z40 ] + then + # New branch, examine all commits + range="$local_sha" + else + # Update to existing branch, examine new commits + range="$remote_sha..$local_sha" + fi + + # Check for WIP commit + commit=$(git rev-list -n 1 --grep '^WIP' "$range") + if [ -n "$commit" ] + then + echo >&2 "Found WIP commit in $local_ref, not pushing" + exit 1 + fi + + # Check for commits without sign-off + if [ "$remote_sha" = $z40 ]; then + # New branch is pushed, we only want to check commits that are not + # on master. + range="$(git merge-base master "$local_sha")..$local_sha" + fi + while read ref; do + msg=$(git log -n 1 --format=%B "$ref") + if ! grep -q '^Signed-off-by: ' <<<"$msg"; then + # allow merge commits through + if [ -z "$(git rev-list -1 --merges $ref~1..$ref)" ]; then + echo >&2 "Unsigned-off non-merge commit $ref" + exit 1 + fi + fi + done < <(git rev-list "$range") + # The process substitution above is a hack to make sure loop runs in + # the same shell and can actually exit the whole script. + fi +done + +exit 0 diff --git a/hooks/git/propellor/post-checkout b/hooks/git/propellor/post-checkout new file mode 100755 index 00000000..5118e81a --- /dev/null +++ b/hooks/git/propellor/post-checkout @@ -0,0 +1,29 @@ +#!/usr/bin/perl + +use strict; +use warnings; + +use Path::Class; +use autodie; + +(undef, my $head, my $flag) = @ARGV; +my $branch = `git name-rev --name-only $head`; +chomp $branch; + +if ( $flag && "$branch" ne "debian" ) { + # We create a cabal sandbox so that Emacs' haskell-mode ignores + # stack.yaml. We don't need to use stack because Propellor's deps + # are always installed as system packages + unless ( -d ".cabal-sandbox" ) { + system "cabal sandbox init"; + } + open my $fh, ">", ".dir-locals.el"; + print $fh <<'END'; +((nil . ((indent-tabs-mode . t) + (tab-width . 8) + (fill-column . 80))) + ;; Warn about spaces used for indentation: + (haskell-mode . ((eval . (highlight-regexp "^ +"))))) +END + close $fh; +} |