As part of discussions around task runners for Radicle, just became a candidate over make and a few others due to its focus solely on task running and no build system.
This patch introduces just as a git hook task runner and manager. We previously managed hooks with the flake.nix which is great for nix users but not the wider community.
Further discussion was had around pre-commit as the flake.nix could be converted to a pre-commit config, however it was decided this would prevent non-nix users from
contributing to the git hooks system easily.
In this patch we introduce a justfile with commands for all previous git hook checks from flake.nix.
We also introduce a git-hook-template.sh which is a thin shim over the just commands for each hook: pre-commit, post-checkout, pre-push.
The shim checks a set of ‘sensitive’ files against master and if there are changes, warns the users and has them explicitly consent to running hook commands.
This should provide a safety barrier for smuggled git hook overrides in large patches that may cause arbitrary code execution on reviewers machines.
As part of discussions around task runners for Radicle, just became a candidate over make and a few others due to its focus solely on task running and no build system.
This patch introduces just as a git hook task runner and manager. We previously managed hooks with the flake.nix which is great for nix users but not the wider community.
Further discussion was had around pre-commit as the flake.nix could be converted to a pre-commit config, however it was decided this would prevent non-nix users from
contributing to the git hooks system easily.
In this patch we introduce a justfile with commands for all previous git hook checks from flake.nix.
We also introduce a git-hook-template.sh which is a thin shim over the just commands for each hook: pre-commit, post-checkout, pre-push.
The shim checks a set of ‘sensitive’ files against master and if there are changes, warns the users and has them explicitly consent to running hook commands.
This should provide a safety barrier for smuggled git hook overrides in large patches that may cause arbitrary code execution on reviewers machines.
I’ve a couple of nits (see line comments in justfile)
REVIEW
Added review commits with a few improvements.
Also added codespell to the flake.nix.
just: Use full argument names for codespell
just: Expand shellcheck glob to all shell scripts
just: Check for file before removing in install-hooks
The rm command would fail if the hook did not exist.
First check for existence and then remove.
just: Add minimum version to CONTRIBUTING and HACKING
Changes:
- Added confirmation via
bash - Added back the change for
flake.nix
just: Use bash to perform install-hook confirmation
The [confirm()] tag had issues on linux with string interpolation,
switches to using a bash based read for confirmation.
flake: Add codespell
Nix users may not have codespell installed globally.
Introduce it in the devShell so they have it locally in heartwood.
Review
REVIEW
Add rule for elipses in codespell and typos
Changes:
- Use
BASE_BRANCHin checking for changed files - There were conflict markers in ade’s previous revision, him and I fixed this interactively.
Changes:
- Add check for conflict markers
Rebase