#!/usr/bin/env bash # git pre-push hook script to: # 0) Call the pre-commit hook, if it is available # 1) prevent "fixup!" and "squash!" commit from ending up in master, release-* # or maint-* # 2) Disallow pushing branches other than master, release-* # and maint-* to origin (e.g. gitweb.torproject.org) # # To install this script, copy it into .git/hooks/pre-push path in your # local copy of git repository. Make sure it has permission to execute. # Furthermore, make sure that TOR_UPSTREAM_REMOTE_NAME environment # variable is set to local name of git remote that corresponds to upstream # repository on e.g. git.torproject.org. # # The following sample script was used as starting point: # https://github.com/git/git/blob/master/templates/hooks--pre-push.sample # Are you adding a new check to the git hooks? # - Common checks belong in the pre-commit hook # - Push-only checks belong in the pre-push hook echo "Running pre-push hook" z40=0000000000000000000000000000000000000000 upstream_name=${TOR_UPSTREAM_REMOTE_NAME:-"upstream"} # The working directory workdir=$(git rev-parse --show-toplevel) # The .git directory # If $workdir is a worktree, then $gitdir is not $workdir/.git gitdir=$(git rev-parse --git-dir) cd "$workdir" || exit 1 remote="$1" remote_name=$(git remote --verbose | grep "$2" | awk '{print $1}' | head -n 1) ref_is_upstream_branch() { if [ "$1" == "refs/heads/master" ] || [[ "$1" == refs/heads/release-* ]] || [[ "$1" == refs/heads/maint-* ]]; then return 1 fi } # shellcheck disable=SC2034 while read -r local_ref local_sha remote_ref remote_sha do if [ "$local_sha" = $z40 ]; then # Handle delete : else if [ "$remote_sha" = $z40 ]; then # New branch, examine commits not in master range="master...$local_sha" else # Update to existing branch, examine new commits range="$remote_sha..$local_sha" fi # Call the pre-commit hook for the common checks, if it is executable pre_commit=${gitdir}/hooks/pre-commit if [ -x "$pre_commit" ]; then # Only check the files newly modified in this branch CHECK_FILTER="git diff --name-only --diff-filter=ACMR $range" # Use the appropriate owned tor source list to filter the changed # files # This is the layout in 0.3.5 # Keep these lists consistent: # - OWNED_TOR_C_FILES in Makefile.am # - CHECK_FILES in pre-commit.git-hook and pre-push.git-hook # - try_parse in check_cocci_parse.sh CHECK_FILES="$($CHECK_FILTER \ src/lib/*/*.[ch] \ src/core/*/*.[ch] \ src/feature/*/*.[ch] \ src/app/*/*.[ch] \ src/test/*.[ch] \ src/test/*/*.[ch] \ src/tools/*.[ch] \ )" # We want word splitting here, because file names are space # separated # shellcheck disable=SC2086 if ! "$pre_commit" $CHECK_FILES ; then exit 1 fi fi if [[ "$remote_name" != "$upstream_name" ]]; then echo "Not pushing to upstream - refraining from further checks" continue fi if (ref_is_upstream_branch "$local_ref" == 0 || ref_is_upstream_branch "$remote_ref" == 0) && [ "$local_ref" != "$remote_ref" ]; then if [ "$remote" == "origin" ]; then echo >&2 "Not pushing: $local_ref to $remote_ref" echo >&2 "If you really want to push this, use --no-verify." exit 1 else continue fi fi # Check for fixup! commit commit=$(git rev-list -n 1 --grep '^fixup!' "$range") if [ -n "$commit" ]; then echo >&2 "Found fixup! commit in $local_ref, not pushing" echo >&2 "If you really want to push this, use --no-verify." exit 1 fi # Check for squash! commit commit=$(git rev-list -n 1 --grep '^squash!' "$range") if [ -n "$commit" ]; then echo >&2 "Found squash! commit in $local_ref, not pushing" echo >&2 "If you really want to push this, use --no-verify." exit 1 fi fi done exit 0