Git pre-commit hook: Prevent commits that change particular files
Question
I have a few .json files under my project that contain several keys. These keys must not be under version control. I replaced those actual keys with fake ones in my project in order to prevent build fails on continuous integration.
However, developers need to copy/paste these files on their laptop before they are able to test the app.
Now, the problem is a developer might forget and mistakenly commit them into git. I want to run a pre-commit script that checks modified files and fails the commit if one of them is being added.
Is there any way I can do that?
2 answers
solution1
0 2019-09-16 17:02:55
You can do something like this in pre-commit hook:
FILES_PATTERN='<regexp_to_match_file_names>'
if git diff --cached --name-only | grep -qE $FILES_PATTERN; then
exit 1;
else
exit 0;
fi
The idea is based on these references:
- https://unix.stackexchange.com/questions/48535/can-grep-return-true-false-or-are-there-alternative-methods
- https://codeinthehole.com/tips/tips-for-using-a-git-pre-commit-hook/
Beware that I did not test this.
solution2
0 ACCPTED 2019-09-16 18:12:03
Prevent it on the developer side with a pre-commit hook. Note that git commit --no-verify will bypass this safety mechanism.
The code below blocks any changes at all to files dir/key1.json and key2.json .
#!/bin/sh
# full paths from the repo root separated by newlines
MUST_NOT_CHANGE='dir/key1.json
key2.json'
if git rev-parse --verify HEAD >/dev/null 2>&1
then
against=HEAD
else
# Initial commit: diff against an empty tree object
against=4b825dc642cb6eb9a060e54bf8d69288fbee4904
fi
exec 1>&2
if git diff --cached --name-only $against |
grep --quiet --line-regexp --fixed-strings "$MUST_NOT_CHANGE"
then
echo Commit would modify one or more files that must not change.
exit 1
else
exit 0
fi
The pre-receive hook below that must be installed on your central repository rejects any push that would modify the protected files.
#!/bin/sh
# full paths from the repo root separated by newlines
MUST_NOT_CHANGE='dir/key1.json
key2.json'
z40=0000000000000000000000000000000000000000
while read old_value new_value ref_name
do
if [ "$old_value" = $z40 ]; then
# New branch: diff against an empty tree object
against=4b825dc642cb6eb9a060e54bf8d69288fbee4904
else
against=$old_value
fi
if git diff --name-only $against..$new_value |
grep --quiet --line-regexp --fixed-strings "$MUST_NOT_CHANGE"
then
echo "$ref_name" may commit key, rejected ... >&2
exit 1
fi
done
In action:
$ git push origin master
Counting objects: 10, done.
Delta compression using up to 40 threads.
Compressing objects: 100% (6/6), done.
Writing objects: 100% (10/10), 820 bytes | 410.00 KiB/s, done.
Total 10 (delta 1), reused 0 (delta 0)
remote: refs/heads/master may commit key, rejected ...
To '<URL>'
! [remote rejected] master -> master (pre-receive hook declined)
error: failed to push some refs to '<URL>'
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.