Radon8472 · July 28, 2023 11:14 · Radon8472 · Sep 1, 2020 · Radon8472 · Sep 2, 2020
diff --git a/post-checkout.sh b/post-checkout.sh
 #!/bin/sh
 #
 # This hook is invoked when a git-checkout is run after having updated the worktree. The hook is given three parameters:
 # the ref of the previous HEAD, the ref of the new HEAD (which may or may not have changed), and a flag indicating
 # whether the checkout was a branch checkout (changing branches, flag=1) or a file checkout
 # (retrieving a file from the index, flag=0). This hook cannot affect the outcome of git-checkout.
 #
 #
 # @see: https://stackoverflow.com/a/35182000/2377961
 # @see: https://gist.github.com/lyrixx/5867424
 #
 # in git hooks the file should have no extension
 #

 echo "Git-Hook: "$0
 echo "Arguments: "$@

 PREV_COMMIT=$1
 POST_COMMIT=$2
 flag=$3

 [[ $flag == 1 ]] && checkoutType='branch' ||
                    checkoutType='file' ;

 if [ "$flag" == "0" ]; then exit; fi # File-Checkout
 if [ "$PREV_COMMIT" == "$POST_COMMIT" ]; then echo "New branch created. (Probably)."; fi

 #
 # Debug-Infos
 #
 echo 'Checkout type: '$checkoutType
 # Detect branch-names
 echo '    prev HEAD: '`git name-rev --name-only $PREV_COMMIT`
 echo '     new HEAD: '`git name-rev --name-only $POST_COMMIT`



diff --git a/update.sh b/update.sh
 #!/bin/sh
 #
 # An example hook script to block unannotated tags from entering.
 # Called by "git receive-pack" with arguments: refname sha1-old sha1-new
 #
 # To enable this hook, rename this file to "update".
 #
 # Config
 # ------
 # hooks.allowunannotated
 #   This boolean sets whether unannotated tags will be allowed into the
 #   repository.  By default they won't be.
 # hooks.allowdeletetag
 #   This boolean sets whether deleting tags will be allowed in the
 #   repository.  By default they won't be.
 # hooks.allowmodifytag
 #   This boolean sets whether a tag may be modified after creation. By default
 #   it won't be.
 # hooks.allowdeletebranch
 #   This boolean sets whether deleting branches will be allowed in the
 #   repository.  By default they won't be.
 # hooks.denycreatebranch
 #   This boolean sets whether remotely creating branches will be denied
 #   in the repository.  By default this is allowed.
 #
 # hook.protectedbranches
 #   This array sets which branches will be protected from being deleted.
 #   This option is still experimental, use it carefully
 #
 # @since 2023-07-28
 # @version 2023-07-28
 # @author Radon8472
 #

 # --- Command line
 refname="$1"
 oldrev="$2"
 newrev="$3"
 refnameshort=$(basename $refname)

 echo "DEBUG: Response from update hook"
 # Show Current Config, with indent of a few spaces
 echo "  Show Config"
 git config --get-regexp hooks'\.' | sed  's/^/     /'

 # --- Safety check
 if [ -z "$GIT_DIR" ]; then
 	echo "Don't run this script from the command line." >&2
 	echo " (if you want, you could supply GIT_DIR then run" >&2
 	echo "  $0 <ref> <oldrev> <newrev>)" >&2
 	exit 1
 fi

 if [ -z "$refname" -o -z "$oldrev" -o -z "$newrev" ]; then
 	echo "usage: $0 <ref> <oldrev> <newrev>" >&2
 	exit 1
 fi

 # --- Config
 # shellcheck disable=SC2039
 #protectedbranches=(master main _hooks-test) # --  TODO: find a way to use a list of branches via git config (maybe as csv-list)
 protectedbranches=( $(git config hooks.protectedbranches) ) # Make sure this results in empty array wenn option is not set

 allowunannotated=$(git config --type=bool hooks.allowunannotated)
 allowdeletebranch=$(git config --type=bool hooks.allowdeletebranch)
 denycreatebranch=$(git config --type=bool hooks.denycreatebranch)
 allowdeletetag=$(git config --type=bool hooks.allowdeletetag)
 allowmodifytag=$(git config --type=bool hooks.allowmodifytag)


 # check for no description
 projectdesc=$(sed -e '1q' "$GIT_DIR/description")
 case "$projectdesc" in
 "Unnamed repository"* | "")
 	echo "*** Project description file hasn't been set" >&2
 	exit 1
 	;;
 esac

 # --- Check types
 # if $newrev is 0000...0000, it's a commit to delete a ref.
 zero=$(git hash-object --stdin </dev/null | tr '[0-9a-f]' '0')
 if [ "$newrev" = "$zero" ]; then
 	newrev_type=delete
 else
 	newrev_type=$(git cat-file -t $newrev)
 fi

 case "$refname","$newrev_type" in
 	refs/tags/*,commit)
 		# un-annotated tag
 		short_refname=${refname##refs/tags/}
 		if [ "$allowunannotated" != "true" ]; then
 			echo "*** The un-annotated tag, $short_refname, is not allowed in this repository" >&2
 			echo "*** Use 'git tag [ -a | -s ]' for tags you want to propagate." >&2
 			exit 1
 		fi
 		;;
 	refs/tags/*,delete)
 		# delete tag
 		if [ "$allowdeletetag" != "true" ]; then
 			echo "*** Deleting a tag is not allowed in this repository" >&2
 			exit 1
 		fi
 		;;
 	refs/tags/*,tag)
 		# annotated tag
 		if [ "$allowmodifytag" != "true" ] && git rev-parse $refname > /dev/null 2>&1
 		then
 			echo "*** Tag '$refname' already exists." >&2
 			echo "*** Modifying a tag is not allowed in this repository." >&2
 			exit 1
 		fi
 		;;
 	refs/heads/*,commit)
 		# branch
 		if [ "$oldrev" = "$zero" -a "$denycreatebranch" = "true" ]; then
 			echo "*** Creating a branch is not allowed in this repository" >&2
 			exit 1
 		fi
 		;;
 	refs/heads/*,delete)
 		# delete branch

 		if [ "$allowdeletebranch" != "true" ]; then
 			echo "*** Deleting a branch is not allowed in this repository" >&2
 			exit 1
 		else

 			##
 			## Protect specific branches from being deleted
 			## @see https://stackoverflow.com/questions/40462111/prevent-commits-in-master-branch
 			##

 			#echo "  Attempt to delete branch $refname"
 			#echo "  Attempt to delete branch $refnameshort"

 			# shellcheck disable=SC2039
 			for protected in "${protectedbranches[@]}"
 			do
 				#echo "  Protected branch: $protected";
 				if [ "$refnameshort" == "$protected" ]; then
 					echo "*** Deleting protected branch '$protected' is not allowed in this repository" >&2
 					exit 1
 				fi
 			done

 		fi
 		;;
 	refs/remotes/*,commit)
 		# tracking branch
 		;;
 	refs/remotes/*,delete)
 		# delete tracking branch
 		if [ "$allowdeletebranch" != "true" ]; then
 			echo "*** Deleting a tracking branch is not allowed in this repository" >&2
 			exit 1
 		fi
 		;;
 	*)
 		# Anything else (is there anything else?)
 		echo "*** Update hook: unknown type of update to ref $refname of type $newrev_type" >&2
 		exit 1
 		;;
 esac

 # --- Finished
 exit 0
	#!/bin/sh
	#
	# This hook is invoked when a git-checkout is run after having updated the worktree. The hook is given three parameters:
	# the ref of the previous HEAD, the ref of the new HEAD (which may or may not have changed), and a flag indicating
	# whether the checkout was a branch checkout (changing branches, flag=1) or a file checkout
	# (retrieving a file from the index, flag=0). This hook cannot affect the outcome of git-checkout.
	#
	#
	# @see: https://stackoverflow.com/a/35182000/2377961
	# @see: https://gist.github.com/lyrixx/5867424
	#
	# in git hooks the file should have no extension
	#

	echo "Git-Hook: "$0
	echo "Arguments: "$@

	PREV_COMMIT=$1
	POST_COMMIT=$2
	flag=$3

	[[ $flag == 1 ]] && checkoutType='branch' \|\|
	checkoutType='file' ;

	if [ "$flag" == "0" ]; then exit; fi # File-Checkout
	if [ "$PREV_COMMIT" == "$POST_COMMIT" ]; then echo "New branch created. (Probably)."; fi

	#
	# Debug-Infos
	#
	echo 'Checkout type: '$checkoutType
	# Detect branch-names
	echo ' prev HEAD: '`git name-rev --name-only $PREV_COMMIT`
	echo ' new HEAD: '`git name-rev --name-only $POST_COMMIT`
	#!/bin/sh
	#
	# An example hook script to block unannotated tags from entering.
	# Called by "git receive-pack" with arguments: refname sha1-old sha1-new
	#
	# To enable this hook, rename this file to "update".
	#
	# Config
	# ------
	# hooks.allowunannotated
	# This boolean sets whether unannotated tags will be allowed into the
	# repository. By default they won't be.
	# hooks.allowdeletetag
	# This boolean sets whether deleting tags will be allowed in the
	# repository. By default they won't be.
	# hooks.allowmodifytag
	# This boolean sets whether a tag may be modified after creation. By default
	# it won't be.
	# hooks.allowdeletebranch
	# This boolean sets whether deleting branches will be allowed in the
	# repository. By default they won't be.
	# hooks.denycreatebranch
	# This boolean sets whether remotely creating branches will be denied
	# in the repository. By default this is allowed.
	#
	# hook.protectedbranches
	# This array sets which branches will be protected from being deleted.
	# This option is still experimental, use it carefully
	#
	# @since 2023-07-28
	# @version 2023-07-28
	# @author Radon8472
	#

	# --- Command line
	refname="$1"
	oldrev="$2"
	newrev="$3"
	refnameshort=$(basename $refname)

	echo "DEBUG: Response from update hook"
	# Show Current Config, with indent of a few spaces
	echo " Show Config"
	git config --get-regexp hooks'\.' \| sed 's/^/ /'

	# --- Safety check
	if [ -z "$GIT_DIR" ]; then
	echo "Don't run this script from the command line." >&2
	echo " (if you want, you could supply GIT_DIR then run" >&2
	echo " $0 <ref> <oldrev> <newrev>)" >&2
	exit 1
	fi

	if [ -z "$refname" -o -z "$oldrev" -o -z "$newrev" ]; then
	echo "usage: $0 <ref> <oldrev> <newrev>" >&2
	exit 1
	fi

	# --- Config
	# shellcheck disable=SC2039
	#protectedbranches=(master main _hooks-test) # -- TODO: find a way to use a list of branches via git config (maybe as csv-list)
	protectedbranches=( $(git config hooks.protectedbranches) ) # Make sure this results in empty array wenn option is not set

	allowunannotated=$(git config --type=bool hooks.allowunannotated)
	allowdeletebranch=$(git config --type=bool hooks.allowdeletebranch)
	denycreatebranch=$(git config --type=bool hooks.denycreatebranch)
	allowdeletetag=$(git config --type=bool hooks.allowdeletetag)
	allowmodifytag=$(git config --type=bool hooks.allowmodifytag)


	# check for no description
	projectdesc=$(sed -e '1q' "$GIT_DIR/description")
	case "$projectdesc" in
	"Unnamed repository"* \| "")
	echo "*** Project description file hasn't been set" >&2
	exit 1
	;;
	esac

	# --- Check types
	# if $newrev is 0000...0000, it's a commit to delete a ref.
	zero=$(git hash-object --stdin </dev/null \| tr '[0-9a-f]' '0')
	if [ "$newrev" = "$zero" ]; then
	newrev_type=delete
	else
	newrev_type=$(git cat-file -t $newrev)
	fi

	case "$refname","$newrev_type" in
	refs/tags/*,commit)
	# un-annotated tag
	short_refname=${refname##refs/tags/}
	if [ "$allowunannotated" != "true" ]; then
	echo "*** The un-annotated tag, $short_refname, is not allowed in this repository" >&2
	echo "*** Use 'git tag [ -a \| -s ]' for tags you want to propagate." >&2
	exit 1
	fi
	;;
	refs/tags/*,delete)
	# delete tag
	if [ "$allowdeletetag" != "true" ]; then
	echo "*** Deleting a tag is not allowed in this repository" >&2
	exit 1
	fi
	;;
	refs/tags/*,tag)
	# annotated tag
	if [ "$allowmodifytag" != "true" ] && git rev-parse $refname > /dev/null 2>&1
	then
	echo "*** Tag '$refname' already exists." >&2
	echo "*** Modifying a tag is not allowed in this repository." >&2
	exit 1
	fi
	;;
	refs/heads/*,commit)
	# branch
	if [ "$oldrev" = "$zero" -a "$denycreatebranch" = "true" ]; then
	echo "*** Creating a branch is not allowed in this repository" >&2
	exit 1
	fi
	;;
	refs/heads/*,delete)
	# delete branch

	if [ "$allowdeletebranch" != "true" ]; then
	echo "*** Deleting a branch is not allowed in this repository" >&2
	exit 1
	else

	##
	## Protect specific branches from being deleted
	## @see https://stackoverflow.com/questions/40462111/prevent-commits-in-master-branch
	##

	#echo " Attempt to delete branch $refname"
	#echo " Attempt to delete branch $refnameshort"

	# shellcheck disable=SC2039
	for protected in "${protectedbranches[@]}"
	do
	#echo " Protected branch: $protected";
	if [ "$refnameshort" == "$protected" ]; then
	echo "*** Deleting protected branch '$protected' is not allowed in this repository" >&2
	exit 1
	fi
	done

	fi
	;;
	refs/remotes/*,commit)
	# tracking branch
	;;
	refs/remotes/*,delete)
	# delete tracking branch
	if [ "$allowdeletebranch" != "true" ]; then
	echo "*** Deleting a tracking branch is not allowed in this repository" >&2
	exit 1
	fi
	;;
	*)
	# Anything else (is there anything else?)
	echo "*** Update hook: unknown type of update to ref $refname of type $newrev_type" >&2
	exit 1
	;;
	esac

	# --- Finished
	exit 0