forked from wikimedia/operations-mediawiki-config
-
Notifications
You must be signed in to change notification settings - Fork 0
/
logmsg-git-hook
executable file
·44 lines (32 loc) · 1.61 KB
/
logmsg-git-hook
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
#!/bin/bash
# Script to log repository modification on deployment hosts, so we have some
# notion of what each sync and scap in the log pushed out.
# If invoked with "--install", configure the hook for /a/common and its php-*
# subdirectories.
[[ "$1" == --install ]] && {
. /usr/local/lib/mw-deployment-vars.sh
SCRIPT="$( readlink -f $0 )"
for HOOK in 'post-commit' 'post-merge' 'post-rewrite'; do
ln -fs $SCRIPT $MW_COMMON_SOURCE/.git/hooks/$HOOK
find $MW_COMMON_SOURCE -maxdepth 3 -path '*/php-*/.git/hooks' -execdir ln -fs $SCRIPT hooks/$HOOK \;
done
echo "Ok."
exit
}
{
# Exit unconditionally if the NOLOGMSG environment variable is set.
# Security engineers should set this variable in their ~/.profile.
[[ "$NOLOGMSG" ]] && exit;
REPO_ROOT="$( git rev-parse --show-toplevel )" || exit
# Exclude security patches by determining the latest common commit between
# the local branch and upstream. Exclude merge commits to get a Change-Id.
COMMIT="$( git rev-list -1 --no-merges @{upstream} )" || exit
SUBJECT="$( git log -1 --format=%s ${COMMIT} )" || exit
CHANGE="$( git log -1 --format=%B ${COMMIT} | grep -Po '(?<=Change-Id: ).{10}' )" || exit
# If the Change-Id has already been logged, no change has occurred that
# should be publicly visible. Perhaps someone is committing a security fix.
# If it hasn't been logged, add it to the log file.
[[ -r "/var/log/logmsg" ]] && ! grep -q "${CHANGE}" /var/log/logmsg || exit
echo "${CHANGE}" >> /var/log/logmsg || exit
dologmsg "!log ${USER} updated ${REPO_ROOT} to {{Gerrit|${CHANGE:0:10}}}: ${SUBJECT}"
} &>/dev/null