diff options
| author | Yuqian Yang <crupest@crupest.life> | 2025-02-27 01:02:08 +0800 |
|---|---|---|
| committer | Yuqian Yang <crupest@crupest.life> | 2025-02-27 01:02:08 +0800 |
| commit | d201f6ef9c4b937f0ae8ee98dc291d7cfa10da92 (patch) | |
| tree | be5feb6ccfdb11e6fbbdd8558bb9692f63e8611d /services/docker/git-server/hooks/update | |
| parent | c8a3b2b88977de59ab565610ea83cc7220d04ed2 (diff) | |
| download | crupest-d201f6ef9c4b937f0ae8ee98dc291d7cfa10da92.tar.gz crupest-d201f6ef9c4b937f0ae8ee98dc291d7cfa10da92.tar.bz2 crupest-d201f6ef9c4b937f0ae8ee98dc291d7cfa10da92.zip | |
fix(git): protected branch.
Diffstat (limited to 'services/docker/git-server/hooks/update')
| -rw-r--r-- | services/docker/git-server/hooks/update | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/services/docker/git-server/hooks/update b/services/docker/git-server/hooks/update new file mode 100644 index 0000000..4cfcacc --- /dev/null +++ b/services/docker/git-server/hooks/update @@ -0,0 +1,38 @@ +#!/usr/bin/bash + +set -e -o pipefail + +ref="$1" +old="$2" +new="$3" +protected_file="$GIT_DIR/protected" + +die() { + echo "error: $*" > /dev/stderr + exit 1 +} + +if [[ -f "$protected_file" ]]; then + while read -r line; do + if grep -q -E "$line" - <<< "$ref" ; then + if grep -q -E "^0+$" <<< "$new"; then + die "protected branch $ref (rule: $line) cannot be deleted" + fi + + if ! git merge-base --is-ancestor "$old" "$new"; then + die "protected branch $ref (rule: $line) is not fast-forward $(expr substr "$old" 1 8) -> $(expr substr "$new" 1 8)" + fi + fi + done <"$protected_file" +fi + +global_hook="/git/private/git/hooks/update" +local_hook="$GIT_DIR/hooks/update" + +if [[ -x "$global_hook" ]]; then + "$global_hook" "$ref" "$old" "$new" +fi + +if [[ -x "$local_hook" ]]; then + "$local_hook" "$ref" "$old" "$new" +fi |