Stefan Tauner has uploaded this change for review. ( https://review.coreboot.org/21834
Change subject: fixup! Convert flashrom to git ......................................................................
fixup! Convert flashrom to git
refine the pre-push hook: - refine wording as discussed in an earlier review(!) - get rid of the concept of precious brances - all of them on the upstream repos are precious (this is a change in the face of using gerrit instead of a native git repository for staging purposes) - likewise, only allow new versioned stable branches and no feature branches there
Change-Id: I1d4b4a7ef2673cabee980ec4a7d7d5fbebdcaed1 --- M util/git-hooks/pre-push 1 file changed, 18 insertions(+), 21 deletions(-)
git pull ssh://review.coreboot.org:29418/flashrom refs/changes/34/21834/1
diff --git a/util/git-hooks/pre-push b/util/git-hooks/pre-push index 5bae8d2..e3df0c5 100755 --- a/util/git-hooks/pre-push +++ b/util/git-hooks/pre-push @@ -22,15 +22,17 @@ zero=0000000000000000000000000000000000000000
upstream_pattern="github.com.flashrom/flashrom(.git)?|flashrom.org.git/flashrom(.git)?" -precious_branches="stable staging"
-# Only care about the upstream repository +# Only care about the upstream repositories if echo "$url" | grep -q -v -E "$upstream_pattern" ; then exit 0 fi
while read local_ref local_sha remote_ref remote_sha ; do - if [ "$remote_ref" != "refs/heads/staging" -a "$remote_ref" != "refs/heads/stable" ]; then + + # only allow the stable and staging branches as well as versioned stable branches... + version=$(expr ${remote_ref#*refs/heads/} : '(([0-9]+.)+([0-9]+))$') + if [ "$remote_ref" != "refs/heads/staging" -a "$remote_ref" != "refs/heads/stable" -a -z "$version" ]; then echo "Feature branches not allowed ($remote_ref)." >&2 exit 1 fi @@ -40,32 +42,27 @@ exit 1 fi
- if [ "$remote_sha" = "$zero" ]; then - echo "No new branches allowed." >&2 - exit 1 - fi - # Check for Signed-off-by and Acked-by commit=$(git rev-list -n 1 --all-match --invert-grep -E \ - --grep '^Signed-off-by: .+ <.+@.+..+>$' --grep '^Acked-by: .+ <.+@.+..+>$' \ + --grep '^Signed-off-by: .+ <.+@.+..+>$' \ + --grep '^Acked-by: .+ <.+@.+..+>$' \ "$remote_sha..$local_sha") if [ -n "$commit" ]; then - echo "Commit $local_sha in $local_ref is missing either "Signed-off-by"" \ - " or "Acked-by" lines, not pushing." >&2 + echo "Neither "Signed-off-by" nor "Acked-by" were found in commit $local_sha in " \ + "$local_ref, not pushing." >&2 exit 1 fi
- # Make _really_ sure we do not rewrite precious history - for lbranch in $precious_branches ; do - if [ "$remote_ref" = "refs/heads/$lbranch" ]; then - nonreachable=$(git rev-list $remote_sha ^$local_sha | head -1) - if [ -n "$nonreachable" ]; then - echo "Only fast-forward pushes are allowed on $lbranch." >&2 - echo "$nonreachable is not included in $remote_sha while pushing to $remote_ref" >&2 - exit 1 - fi + # Make _really_ sure we do not rewrite history of any head/branch + if [ "${remote_ref#*refs/heads/}" != "$remote_ref" ]; then + nonreachable=$(git rev-list $remote_sha ^$local_sha | head -1) + if [ -n "$nonreachable" ]; then + echo "Only fast-forward pushes are allowed on branches." >&2 + echo "At least $nonreachable is not included in $remote_sha while pushing to " \ + "$remote_ref" >&2 + exit 1 fi - done + fi
# FIXME: check commit log format (subject without full stop at the end etc). # FIXME: do buildbot checks if authorized?