-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathupdate
executable file
·66 lines (49 loc) · 3.14 KB
/
update
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
#!/bin/sh
set -o noclobber
set -o errexit
set -o nounset
# don't run the hook for @ci-bot’s actions only
[ "$GL_ID" = "user-7" ] && exit 0 || true
# don't run the hook for anything other than ssh
#echo "$GL_ID" | grep -q '^key-' || exit 0
[ $# -lt 3 ] && { echo >&2 "$0: not meant to be run manually" ; exit 1 ; }
d="$(dirname "$(readlink -f "$0")")"
repo_dir="$(pwd)"
project_name="$(basename "$repo_dir" ".git")"
project_namespace="$(basename "$(dirname "$repo_dir")")"
project_id="$(psql -A -t -d gitlab -c "SELECT p.id FROM projects AS p, namespaces AS n WHERE n.name = '$project_namespace' AND p.namespace_id = n.id AND p.name='$project_name'")"
[ -n "$project_id" ] || { echo >&2 "[POLICY] no such project: $project_namespace/$project_name" ; exit 1 ; }
# check branch naming
if echo "$1" | grep -q '^refs/heads/' ; then
short_ref="$(echo "$1" | sed -re 's/^refs\/heads\///')"
[ "$1" != 'refs/heads/master' ] || { echo >&2 "[POLICY] branch-name: \`$short_ref': nobody (apart from machines) is allowed to update \`master'" ; exit 1 ; }
# always allow branch deletion
[ "$3" = "0000000000000000000000000000000000000000" ] && exit 0
echo "$1" | grep -qE '^refs/heads/#[1-9][0-9]*/.+$' || { echo >&2 "[POLICY] branch-name: \`$short_ref': must be like \`#NNN/anything-really' (#NNN being an issue number)" ; exit 1 ; }
iid="$(echo "$1" | sed -re 's/^refs\/heads\/#([0-9]+)\/.+$/\1/')"
db_iid="$(psql -A -t -d gitlab -c "SELECT iid FROM issues WHERE project_id = $project_id AND iid = $iid AND (state = 'opened' OR state = 'reopened')")"
[ "$iid" = "$db_iid" ] || { echo >&2 "[POLICY] branch-name: \`$short_ref': #$iid is not an open issue" ; exit 1 ; }
fi
# check each new revision
"$d"/list-new-revs "$@" | {
FAIL=0
while IFS= read -r rev ; do
short_rev="$(git rev-parse --short "$rev")"
commit_msg_file="$(mktemp)"
git log --format='%B' -n 1 "$rev" >>"$commit_msg_file"
tmp="$(mktemp)" ; "$d"/commit-msg-issue "$iid" "$commit_msg_file" "$project_id" >>"$tmp" || FAIL=1 ; cat "$tmp" | while IFS= read -r ln ; do echo >&2 "[POLICY] commit-msg: $short_rev: line $ln" ; done ; rm "$tmp"
tmp="$(mktemp)" ; "$d"/commit-msg-time-tracking "$commit_msg_file" "$project_id" >>"$tmp" || FAIL=1 ; cat "$tmp" | while IFS= read -r ln ; do echo >&2 "[POLICY] commit-msg: $short_rev: line $ln" ; done ; rm "$tmp"
tmp="$(mktemp)" ; "$d"/nazi-git/commit-msg "$commit_msg_file" "$project_id" >>"$tmp" || FAIL=1 ; cat "$tmp" | while IFS= read -r ln ; do echo >&2 "[POLICY] commit-msg: $short_rev: line $ln" ; done ; rm "$tmp"
rm "$commit_msg_file"
git show --pretty=format: --name-status "$rev" | {
LFAIL=0
while IFS= read -r st_name ; do
status="$(echo "$st_name" | sed -re 's/^(\S+).*$/\1/')"
name="$( echo "$st_name" | sed -re 's/^\S+\s*(.*)$/\1/')"
tmp="$(mktemp)" ; "$d"/nazi-git/file-check "$rev" "$status" "$name" >>"$tmp" || LFAIL=1 ; cat "$tmp" | while IFS= read -r ln ; do echo >&2 "[POLICY] file-check: $short_rev: \`$name': $ln" ; done ; rm "$tmp"
done
exit $LFAIL
} || FAIL=1
done
exit $FAIL
}