mirror of
https://github.com/git/git.git
synced 2024-10-30 13:57:54 +01:00
77a9745d19
The environment variable GIT_PUSH_OPTION_COUNT is set to the number of push options sent, and GIT_PUSH_OPTION_{0,1,..} is set to the transmitted option. The code is not executed as the push options are set to NULL, nor is the new capability advertised. There was some discussion back and forth how to present these push options to the user as there are some ways to do it: Keep all options in one environment variable ============================================ + easiest way to implement in Git - This would make things hard to parse correctly in the hook. Put the options in files instead, filenames are in GIT_PUSH_OPTION_FILES ====================================== + After a discussion about environment variables and shells, we may not want to put user data into an environment variable (see [1] for example). + We could transmit binaries, i.e. we're not bound to C strings as we are when using environment variables to the user. + Maybe easier to parse than constructing environment variable names GIT_PUSH_OPTION_{0,1,..} yourself - cleanup of the temporary files is hard to do reliably - we have race conditions with multiple clients pushing, hence we'd need to use mkstemp. That's not too bad, but still. Use environment variables, but restrict to key/value pairs ========================================================== (When the user pushes a push option `foo=bar`, we'd GIT_PUSH_OPTION_foo=bar) + very easy to parse for a simple model of push options - it's not sufficient for more elaborate models, e.g. it doesn't allow doubles (e.g. cc=reviewer@email) Present the options in different environment variables ====================================================== (This is implemented) * harder to parse as a user, but we have a sample hook for that. - doesn't allow binary files + allows the same option twice, i.e. is not restrictive about options, except for binary files. + doesn't clutter a remote directory with (possibly stale) temporary files As we first want to focus on getting simple strings to work reliably, we go with the last option for now. If we want to do transmission of binaries later, we can just attach a 'side-channel', e.g. "any push option that contains a '\0' is put into a file instead of the environment variable and we'd have new GIT_PUSH_OPTION_FILES, GIT_PUSH_OPTION_FILENAME_{0,1,..} environment variables". [1] 'Shellshock' https://lwn.net/Articles/614218/ Signed-off-by: Stefan Beller <sbeller@google.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
448 lines
16 KiB
Text
448 lines
16 KiB
Text
githooks(5)
|
|
===========
|
|
|
|
NAME
|
|
----
|
|
githooks - Hooks used by Git
|
|
|
|
SYNOPSIS
|
|
--------
|
|
$GIT_DIR/hooks/* (or \`git config core.hooksPath`/*)
|
|
|
|
|
|
DESCRIPTION
|
|
-----------
|
|
|
|
Hooks are programs you can place in a hooks directory to trigger
|
|
actions at certain points in git's execution. Hooks that don't have
|
|
the executable bit set are ignored.
|
|
|
|
By default the hooks directory is `$GIT_DIR/hooks`, but that can be
|
|
changed via the `core.hooksPath` configuration variable (see
|
|
linkgit:git-config[1]).
|
|
|
|
Before Git invokes a hook, it changes its working directory to either
|
|
the root of the working tree in a non-bare repository, or to the
|
|
$GIT_DIR in a bare repository.
|
|
|
|
Hooks can get their arguments via the environment, command-line
|
|
arguments, and stdin. See the documentation for each hook below for
|
|
details.
|
|
|
|
'git init' may copy hooks to the new repository, depending on its
|
|
configuration. See the "TEMPLATE DIRECTORY" section in
|
|
linkgit:git-init[1] for details. When the rest of this document refers
|
|
to "default hooks" it's talking about the default template shipped
|
|
with Git.
|
|
|
|
The currently supported hooks are described below.
|
|
|
|
HOOKS
|
|
-----
|
|
|
|
applypatch-msg
|
|
~~~~~~~~~~~~~~
|
|
|
|
This hook is invoked by 'git am'. It takes a single
|
|
parameter, the name of the file that holds the proposed commit
|
|
log message. Exiting with a non-zero status causes 'git am' to abort
|
|
before applying the patch.
|
|
|
|
The hook is allowed to edit the message file in place, and can
|
|
be used to normalize the message into some project standard
|
|
format. It can also be used to refuse the commit after inspecting
|
|
the message file.
|
|
|
|
The default 'applypatch-msg' hook, when enabled, runs the
|
|
'commit-msg' hook, if the latter is enabled.
|
|
|
|
pre-applypatch
|
|
~~~~~~~~~~~~~~
|
|
|
|
This hook is invoked by 'git am'. It takes no parameter, and is
|
|
invoked after the patch is applied, but before a commit is made.
|
|
|
|
If it exits with non-zero status, then the working tree will not be
|
|
committed after applying the patch.
|
|
|
|
It can be used to inspect the current working tree and refuse to
|
|
make a commit if it does not pass certain test.
|
|
|
|
The default 'pre-applypatch' hook, when enabled, runs the
|
|
'pre-commit' hook, if the latter is enabled.
|
|
|
|
post-applypatch
|
|
~~~~~~~~~~~~~~~
|
|
|
|
This hook is invoked by 'git am'. It takes no parameter,
|
|
and is invoked after the patch is applied and a commit is made.
|
|
|
|
This hook is meant primarily for notification, and cannot affect
|
|
the outcome of 'git am'.
|
|
|
|
pre-commit
|
|
~~~~~~~~~~
|
|
|
|
This hook is invoked by 'git commit', and can be bypassed
|
|
with the `--no-verify` option. It takes no parameters, and is
|
|
invoked before obtaining the proposed commit log message and
|
|
making a commit. Exiting with a non-zero status from this script
|
|
causes the 'git commit' command to abort before creating a commit.
|
|
|
|
The default 'pre-commit' hook, when enabled, catches introduction
|
|
of lines with trailing whitespaces and aborts the commit when
|
|
such a line is found.
|
|
|
|
All the 'git commit' hooks are invoked with the environment
|
|
variable `GIT_EDITOR=:` if the command will not bring up an editor
|
|
to modify the commit message.
|
|
|
|
prepare-commit-msg
|
|
~~~~~~~~~~~~~~~~~~
|
|
|
|
This hook is invoked by 'git commit' right after preparing the
|
|
default log message, and before the editor is started.
|
|
|
|
It takes one to three parameters. The first is the name of the file
|
|
that contains the commit log message. The second is the source of the commit
|
|
message, and can be: `message` (if a `-m` or `-F` option was
|
|
given); `template` (if a `-t` option was given or the
|
|
configuration option `commit.template` is set); `merge` (if the
|
|
commit is a merge or a `.git/MERGE_MSG` file exists); `squash`
|
|
(if a `.git/SQUASH_MSG` file exists); or `commit`, followed by
|
|
a commit SHA-1 (if a `-c`, `-C` or `--amend` option was given).
|
|
|
|
If the exit status is non-zero, 'git commit' will abort.
|
|
|
|
The purpose of the hook is to edit the message file in place, and
|
|
it is not suppressed by the `--no-verify` option. A non-zero exit
|
|
means a failure of the hook and aborts the commit. It should not
|
|
be used as replacement for pre-commit hook.
|
|
|
|
The sample `prepare-commit-msg` hook that comes with Git comments
|
|
out the `Conflicts:` part of a merge's commit message.
|
|
|
|
commit-msg
|
|
~~~~~~~~~~
|
|
|
|
This hook is invoked by 'git commit', and can be bypassed
|
|
with the `--no-verify` option. It takes a single parameter, the
|
|
name of the file that holds the proposed commit log message.
|
|
Exiting with a non-zero status causes the 'git commit' to
|
|
abort.
|
|
|
|
The hook is allowed to edit the message file in place, and can be used
|
|
to normalize the message into some project standard format. It
|
|
can also be used to refuse the commit after inspecting the message
|
|
file.
|
|
|
|
The default 'commit-msg' hook, when enabled, detects duplicate
|
|
"Signed-off-by" lines, and aborts the commit if one is found.
|
|
|
|
post-commit
|
|
~~~~~~~~~~~
|
|
|
|
This hook is invoked by 'git commit'. It takes no parameters, and is
|
|
invoked after a commit is made.
|
|
|
|
This hook is meant primarily for notification, and cannot affect
|
|
the outcome of 'git commit'.
|
|
|
|
pre-rebase
|
|
~~~~~~~~~~
|
|
|
|
This hook is called by 'git rebase' and can be used to prevent a
|
|
branch from getting rebased. The hook may be called with one or
|
|
two parameters. The first parameter is the upstream from which
|
|
the series was forked. The second parameter is the branch being
|
|
rebased, and is not set when rebasing the current branch.
|
|
|
|
post-checkout
|
|
~~~~~~~~~~~~~
|
|
|
|
This hook is invoked when a 'git checkout' is run after having updated the
|
|
worktree. The hook is given three parameters: the ref of the previous HEAD,
|
|
the ref of the new HEAD (which may or may not have changed), and a flag
|
|
indicating whether the checkout was a branch checkout (changing branches,
|
|
flag=1) or a file checkout (retrieving a file from the index, flag=0).
|
|
This hook cannot affect the outcome of 'git checkout'.
|
|
|
|
It is also run after 'git clone', unless the --no-checkout (-n) option is
|
|
used. The first parameter given to the hook is the null-ref, the second the
|
|
ref of the new HEAD and the flag is always 1.
|
|
|
|
This hook can be used to perform repository validity checks, auto-display
|
|
differences from the previous HEAD if different, or set working dir metadata
|
|
properties.
|
|
|
|
post-merge
|
|
~~~~~~~~~~
|
|
|
|
This hook is invoked by 'git merge', which happens when a 'git pull'
|
|
is done on a local repository. The hook takes a single parameter, a status
|
|
flag specifying whether or not the merge being done was a squash merge.
|
|
This hook cannot affect the outcome of 'git merge' and is not executed,
|
|
if the merge failed due to conflicts.
|
|
|
|
This hook can be used in conjunction with a corresponding pre-commit hook to
|
|
save and restore any form of metadata associated with the working tree
|
|
(e.g.: permissions/ownership, ACLS, etc). See contrib/hooks/setgitperms.perl
|
|
for an example of how to do this.
|
|
|
|
pre-push
|
|
~~~~~~~~
|
|
|
|
This hook is called by 'git push' and can be used to prevent a push from taking
|
|
place. The hook is called with two parameters which provide the name and
|
|
location of the destination remote, if a named remote is not being used both
|
|
values will be the same.
|
|
|
|
Information about what is to be pushed is provided on the hook's standard
|
|
input with lines of the form:
|
|
|
|
<local ref> SP <local sha1> SP <remote ref> SP <remote sha1> LF
|
|
|
|
For instance, if the command +git push origin master:foreign+ were run the
|
|
hook would receive a line like the following:
|
|
|
|
refs/heads/master 67890 refs/heads/foreign 12345
|
|
|
|
although the full, 40-character SHA-1s would be supplied. If the foreign ref
|
|
does not yet exist the `<remote SHA-1>` will be 40 `0`. If a ref is to be
|
|
deleted, the `<local ref>` will be supplied as `(delete)` and the `<local
|
|
SHA-1>` will be 40 `0`. If the local commit was specified by something other
|
|
than a name which could be expanded (such as `HEAD~`, or a SHA-1) it will be
|
|
supplied as it was originally given.
|
|
|
|
If this hook exits with a non-zero status, 'git push' will abort without
|
|
pushing anything. Information about why the push is rejected may be sent
|
|
to the user by writing to standard error.
|
|
|
|
[[pre-receive]]
|
|
pre-receive
|
|
~~~~~~~~~~~
|
|
|
|
This hook is invoked by 'git-receive-pack' on the remote repository,
|
|
which happens when a 'git push' is done on a local repository.
|
|
Just before starting to update refs on the remote repository, the
|
|
pre-receive hook is invoked. Its exit status determines the success
|
|
or failure of the update.
|
|
|
|
This hook executes once for the receive operation. It takes no
|
|
arguments, but for each ref to be updated it receives on standard
|
|
input a line of the format:
|
|
|
|
<old-value> SP <new-value> SP <ref-name> LF
|
|
|
|
where `<old-value>` is the old object name stored in the ref,
|
|
`<new-value>` is the new object name to be stored in the ref and
|
|
`<ref-name>` is the full name of the ref.
|
|
When creating a new ref, `<old-value>` is 40 `0`.
|
|
|
|
If the hook exits with non-zero status, none of the refs will be
|
|
updated. If the hook exits with zero, updating of individual refs can
|
|
still be prevented by the <<update,'update'>> hook.
|
|
|
|
Both standard output and standard error output are forwarded to
|
|
'git send-pack' on the other end, so you can simply `echo` messages
|
|
for the user.
|
|
|
|
The number of push options given on the command line of
|
|
`git push --push-option=...` can be read from the environment
|
|
variable `GIT_PUSH_OPTION_COUNT`, and the options themselves are
|
|
found in `GIT_PUSH_OPTION_0`, `GIT_PUSH_OPTION_1`,...
|
|
If it is negotiated to not use the push options phase, the
|
|
environment variables will not be set. If the client selects
|
|
to use push options, but doesn't transmit any, the count variable
|
|
will be set to zero, `GIT_PUSH_OPTION_COUNT=0`.
|
|
|
|
[[update]]
|
|
update
|
|
~~~~~~
|
|
|
|
This hook is invoked by 'git-receive-pack' on the remote repository,
|
|
which happens when a 'git push' is done on a local repository.
|
|
Just before updating the ref on the remote repository, the update hook
|
|
is invoked. Its exit status determines the success or failure of
|
|
the ref update.
|
|
|
|
The hook executes once for each ref to be updated, and takes
|
|
three parameters:
|
|
|
|
- the name of the ref being updated,
|
|
- the old object name stored in the ref,
|
|
- and the new object name to be stored in the ref.
|
|
|
|
A zero exit from the update hook allows the ref to be updated.
|
|
Exiting with a non-zero status prevents 'git-receive-pack'
|
|
from updating that ref.
|
|
|
|
This hook can be used to prevent 'forced' update on certain refs by
|
|
making sure that the object name is a commit object that is a
|
|
descendant of the commit object named by the old object name.
|
|
That is, to enforce a "fast-forward only" policy.
|
|
|
|
It could also be used to log the old..new status. However, it
|
|
does not know the entire set of branches, so it would end up
|
|
firing one e-mail per ref when used naively, though. The
|
|
<<post-receive,'post-receive'>> hook is more suited to that.
|
|
|
|
In an environment that restricts the users' access only to git
|
|
commands over the wire, this hook can be used to implement access
|
|
control without relying on filesystem ownership and group
|
|
membership. See linkgit:git-shell[1] for how you might use the login
|
|
shell to restrict the user's access to only git commands.
|
|
|
|
Both standard output and standard error output are forwarded to
|
|
'git send-pack' on the other end, so you can simply `echo` messages
|
|
for the user.
|
|
|
|
The default 'update' hook, when enabled--and with
|
|
`hooks.allowunannotated` config option unset or set to false--prevents
|
|
unannotated tags to be pushed.
|
|
|
|
[[post-receive]]
|
|
post-receive
|
|
~~~~~~~~~~~~
|
|
|
|
This hook is invoked by 'git-receive-pack' on the remote repository,
|
|
which happens when a 'git push' is done on a local repository.
|
|
It executes on the remote repository once after all the refs have
|
|
been updated.
|
|
|
|
This hook executes once for the receive operation. It takes no
|
|
arguments, but gets the same information as the
|
|
<<pre-receive,'pre-receive'>>
|
|
hook does on its standard input.
|
|
|
|
This hook does not affect the outcome of 'git-receive-pack', as it
|
|
is called after the real work is done.
|
|
|
|
This supersedes the <<post-update,'post-update'>> hook in that it gets
|
|
both old and new values of all the refs in addition to their
|
|
names.
|
|
|
|
Both standard output and standard error output are forwarded to
|
|
'git send-pack' on the other end, so you can simply `echo` messages
|
|
for the user.
|
|
|
|
The default 'post-receive' hook is empty, but there is
|
|
a sample script `post-receive-email` provided in the `contrib/hooks`
|
|
directory in Git distribution, which implements sending commit
|
|
emails.
|
|
|
|
The number of push options given on the command line of
|
|
`git push --push-option=...` can be read from the environment
|
|
variable `GIT_PUSH_OPTION_COUNT`, and the options themselves are
|
|
found in `GIT_PUSH_OPTION_0`, `GIT_PUSH_OPTION_1`,...
|
|
If it is negotiated to not use the push options phase, the
|
|
environment variables will not be set. If the client selects
|
|
to use push options, but doesn't transmit any, the count variable
|
|
will be set to zero, `GIT_PUSH_OPTION_COUNT=0`.
|
|
|
|
[[post-update]]
|
|
post-update
|
|
~~~~~~~~~~~
|
|
|
|
This hook is invoked by 'git-receive-pack' on the remote repository,
|
|
which happens when a 'git push' is done on a local repository.
|
|
It executes on the remote repository once after all the refs have
|
|
been updated.
|
|
|
|
It takes a variable number of parameters, each of which is the
|
|
name of ref that was actually updated.
|
|
|
|
This hook is meant primarily for notification, and cannot affect
|
|
the outcome of 'git-receive-pack'.
|
|
|
|
The 'post-update' hook can tell what are the heads that were pushed,
|
|
but it does not know what their original and updated values are,
|
|
so it is a poor place to do log old..new. The
|
|
<<post-receive,'post-receive'>> hook does get both original and
|
|
updated values of the refs. You might consider it instead if you need
|
|
them.
|
|
|
|
When enabled, the default 'post-update' hook runs
|
|
'git update-server-info' to keep the information used by dumb
|
|
transports (e.g., HTTP) up-to-date. If you are publishing
|
|
a Git repository that is accessible via HTTP, you should
|
|
probably enable this hook.
|
|
|
|
Both standard output and standard error output are forwarded to
|
|
'git send-pack' on the other end, so you can simply `echo` messages
|
|
for the user.
|
|
|
|
push-to-checkout
|
|
~~~~~~~~~~~~~~~~
|
|
|
|
This hook is invoked by 'git-receive-pack' on the remote repository,
|
|
which happens when a 'git push' is done on a local repository, when
|
|
the push tries to update the branch that is currently checked out
|
|
and the `receive.denyCurrentBranch` configuration variable is set to
|
|
`updateInstead`. Such a push by default is refused if the working
|
|
tree and the index of the remote repository has any difference from
|
|
the currently checked out commit; when both the working tree and the
|
|
index match the current commit, they are updated to match the newly
|
|
pushed tip of the branch. This hook is to be used to override the
|
|
default behaviour.
|
|
|
|
The hook receives the commit with which the tip of the current
|
|
branch is going to be updated. It can exit with a non-zero status
|
|
to refuse the push (when it does so, it must not modify the index or
|
|
the working tree). Or it can make any necessary changes to the
|
|
working tree and to the index to bring them to the desired state
|
|
when the tip of the current branch is updated to the new commit, and
|
|
exit with a zero status.
|
|
|
|
For example, the hook can simply run `git read-tree -u -m HEAD "$1"`
|
|
in order to emulate 'git fetch' that is run in the reverse direction
|
|
with `git push`, as the two-tree form of `read-tree -u -m` is
|
|
essentially the same as `git checkout` that switches branches while
|
|
keeping the local changes in the working tree that do not interfere
|
|
with the difference between the branches.
|
|
|
|
|
|
pre-auto-gc
|
|
~~~~~~~~~~~
|
|
|
|
This hook is invoked by 'git gc --auto'. It takes no parameter, and
|
|
exiting with non-zero status from this script causes the 'git gc --auto'
|
|
to abort.
|
|
|
|
post-rewrite
|
|
~~~~~~~~~~~~
|
|
|
|
This hook is invoked by commands that rewrite commits (`git commit
|
|
--amend`, 'git-rebase'; currently 'git-filter-branch' does 'not' call
|
|
it!). Its first argument denotes the command it was invoked by:
|
|
currently one of `amend` or `rebase`. Further command-dependent
|
|
arguments may be passed in the future.
|
|
|
|
The hook receives a list of the rewritten commits on stdin, in the
|
|
format
|
|
|
|
<old-sha1> SP <new-sha1> [ SP <extra-info> ] LF
|
|
|
|
The 'extra-info' is again command-dependent. If it is empty, the
|
|
preceding SP is also omitted. Currently, no commands pass any
|
|
'extra-info'.
|
|
|
|
The hook always runs after the automatic note copying (see
|
|
"notes.rewrite.<command>" in linkgit:git-config[1]) has happened, and
|
|
thus has access to these notes.
|
|
|
|
The following command-specific comments apply:
|
|
|
|
rebase::
|
|
For the 'squash' and 'fixup' operation, all commits that were
|
|
squashed are listed as being rewritten to the squashed commit.
|
|
This means that there will be several lines sharing the same
|
|
'new-sha1'.
|
|
+
|
|
The commits are guaranteed to be listed in the order that they were
|
|
processed by rebase.
|
|
|
|
|
|
GIT
|
|
---
|
|
Part of the linkgit:git[1] suite
|