kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-01 16:05:42 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
df4e97dc9488ce22efb99bade039db7b209ac654
nomad/dev/hooks/pre-push
Tim Gross ff8ca8a4c5 tools: filter Nomad Enterprise tags in pre-push hook (#24452) 
Our git pre-push hook already prevents Nomad Enterprise code from getting pushed
anywhere but its own repo. But this hook only works for files on the current
worktree (checkout). Were you to fetch an Enterprise tag into your local
Community Edition repo but not have it checked out, and then `git push --tags`,
you'd push that tag and the associated commit history.

Add tag filtering to the pre-push hook to prevent Enterprise tags (and the older
`+pro` SKU) tags from getting pushed to the Community Edition repo.
2024-11-13 09:50:43 -05:00

59 lines
1.7 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
set -euo pipefail
fail () {
echo "pre-push hook: $@" >&2
echo " --no-verify to bypass this hook" >&2
exit 1
}
if ! git rev-parse --show-toplevel > /dev/null; then
fail "this hook must be run from a worktree."
fi
# only push to oss when the enterprise sentinel file is absent
# ====================
if [ -f version/version_ent.go ]; then
# isEnterprise exits with a 0 when its first parameter matches the
# nomad-enterprise repo, regardless of additional optional and variable
# components of the remote URL, like the terminal ".git" extension
isEnterprise () {
local ent="hashicorp/nomad-enterprise"
local remote_url="${1}"
echo "${remote_url}" | grep -q -E "^((https://|((ssh://)?git@))?(www\.)?github\.com[:/])?hashicorp/nomad-enterprise(.git)?$"
}
if ! isEnterprise "${2}"; then
fail "found version/version_ent.go pushing to non-enterprise remote \"${2}\""
fi
fi
# do not push directly to main, stable-*, release/*
# do not push Enterprise tags
# ====================
while read local_ref local_sha remote_ref remote_sha
do
if [ "$remote_ref" = "refs/heads/main" ]; then
fail "refusing to push directly to main"
fi
if echo "$remote_ref"|grep -q 'refs/heads/stable-.*'; then
fail "refusing to push directly to a branch prefixed \`stable-\`"
fi
if echo "$remote_ref"|grep -q 'refs/heads/release/.*'; then
fail "refusing to push directly to a branch prefixed \`release/\`"
fi
if echo "$remote_ref" | grep -q 'refs/tags/v.*\+ent'; then
fail "refusing to push Nomad Enterprise tag"
fi
if echo "$remote_ref" | grep -q 'refs/tags/v.*\+pro'; then
fail "refusing to push Nomad Enterprise (pro) tag"
fi
done
Reference in New Issue View Git Blame Copy Permalink