Git::Hooks::CheckReference - Git::Hooks plugin for checking references
version 2.9.2
As a Git::Hooks plugin you don't use this Perl module directly. Instead, you may configure it in a Git configuration file like this:
Git::Hooks
[githooks] # Enable the plugin plugin = CheckReference # These users are exempt from all checks admin = joe molly # This group is used in a ACL spec below groups = cms = mhelena tiago juliana [githooks "checkreference"] # Deny changes on any references by default acl = deny CRUD ^refs/ # Only users in the @cms group may create, change, or delete tags acl = allow CRUD ^refs/tags/ by @cms # Users may maintain personal branches under user/<username>/ acl = allow CRUD ^refs/heads/user/{USER}/ # Users may only update the vetted branch names acl = allow U ^refs/heads/(?:feature|release|hotfix)/ # Users in the @cms group may create, rewrite, update, and delete the vetted # branch names acl = allow CRUD ^refs/heads/(?:feature|release|hotfix)/ by @cms # Reject lightweight tags require-annotated-tags = true
This Git::Hooks plugin hooks itself to the hooks below to check if the names of references added to or renamed in the repository meet specified constraints. If they don't, the commit/push is aborted.
update
pre-receive
ref-update
To enable it you should add it to the githooks.plugin configuration option:
[githooks] plugin = CheckReference
CheckReference - Git::Hooks plugin for checking references
The plugin is configured by the following git options under the githooks.checkacls subsection.
githooks.checkacls
It can be disabled for specific references via the githooks.ref and githooks.noref options about which you can read in the Git::Hooks documentation.
githooks.ref
githooks.noref
This multi-valued option specifies rules allowing or denying specific users to perform specific actions on specific references. (Common references are branches and tags, but an ACL may refer to any reference under the refs/ namespace.) By default any user can perform any action on any reference. So, the rules are used to impose restrictions.
The acls are grokked by the Git::Repository::Plugin::GitHooks's grok_acls method. Please read its documentation for the general documentation.
grok_acls
A RULE takes three or four parts, like this:
(allow|deny) [CRUD]+ <refspec> (by <userspec>)?
Some parts are described below:
[CRUD]+
The second part specifies which actions are being considered by a combination of letters: (C) create a reference, (R) rewrite a reference (a non fast-forward change), (U) update a reference (a fast-forward change), or (D) delete a reference. You can specify one, two, three, or the four letters.
<refspec>
The third part specifies which references are being considered. In its simplest form, a refspec is a complete name starting with refs/ (e.g. refs/heads/master). These refspecs match a single file exactly.
refspec
If the refspec starts with a caret (^) it's interpreted as a Perl regular expression, the caret being kept as part of the regexp. These refspecs match potentially many references (e.g. ^refs/heads/feature/).
Before being interpreted as a string or as a regexp, any substring of it in the form {VAR} is replaced by $ENV{VAR}. This is useful, for example, to interpolate the committer's username in the refspec, in order to create reference namespaces for users.
{VAR}
$ENV{VAR}
See the "SYNOPSIS" section for some examples.
By default one can push lightweight or annotated tags but if you want to require that only annotated tags be pushed to the repository you can set this option to true.
This option is deprecated. Please, use an acl option like this instead:
acl
[githooks "checkreference"] acl = deny C ^<REGEXP>
This directive denies references with names matching REGEXP.
[githooks "checkreference"] acl = allow C ^<REGEXP>
This directive allows references with names matching REGEXP. Since by default all names are allowed this directive is useful only to prevent a githooks.checkreference.deny directive to deny the same name.
The checks are evaluated so that a reference is denied only if it's name matches any deny directive and none of the allow directives. So, for instance, you would apply it like this to allow only the creation of branches with names prefixed by feature/, release/, and hotfix/, denying all others.
[githooks "checkreference"] deny = ^refs/heads/ allow = ^refs/heads/(?:feature|release|hotfix)/
Note that the order of the directives is irrelevant.
update-paranoid
This module is inspired from the example hook which comes with the Git distribution.
Gustavo L. de M. Chaves <gnustavo@cpan.org>
This software is copyright (c) 2018 by CPqD <www.cpqd.com.br>.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.
To install Git::Hooks, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Git::Hooks
CPAN shell
perl -MCPAN -e shell install Git::Hooks
For more information on module installation, please visit the detailed CPAN module installation guide.