Radon8472/post-checkout.sh

## post-checkout.sh
#!/bin/sh
#
# This hook is invoked when a git-checkout is run after having updated the worktree. The hook is given three parameters:
# the ref of the previous HEAD, the ref of the new HEAD (which may or may not have changed), and a flag indicating
# whether the checkout was a branch checkout (changing branches, flag=1) or a file checkout
# (retrieving a file from the index, flag=0). This hook cannot affect the outcome of git-checkout.
#
#
# @see: https://stackoverflow.com/a/35182000/2377961
# @see: https://gist.github.com/lyrixx/5867424
#
# in git hooks the file should have no extension
#

echo "Git-Hook: "$0
echo "Arguments: "$@

PREV_COMMIT=$1
POST_COMMIT=$2
flag=$3

[[ $flag == 1 ]] && checkoutType='branch' ||
                    checkoutType='file' ;

if [ "$flag" == "0" ]; then exit; fi # File-Checkout
if [ "$PREV_COMMIT" == "$POST_COMMIT" ]; then echo "New branch created. (Probably)."; fi

#
# Debug-Infos
#
echo 'Checkout type: '$checkoutType
# Detect branch-names
echo '    prev HEAD: '`git name-rev --name-only $PREV_COMMIT`
echo '     new HEAD: '`git name-rev --name-only $POST_COMMIT`


## update.sh
#!/bin/sh
#
# An example hook script to block unannotated tags from entering.
# Called by "git receive-pack" with arguments: refname sha1-old sha1-new
#
# To enable this hook, rename this file to "update".
#
# Config
# ------
# hooks.allowunannotated
#   This boolean sets whether unannotated tags will be allowed into the
#   repository.  By default they won't be.
# hooks.allowdeletetag
#   This boolean sets whether deleting tags will be allowed in the
#   repository.  By default they won't be.
# hooks.allowmodifytag
#   This boolean sets whether a tag may be modified after creation. By default
#   it won't be.
# hooks.allowdeletebranch
#   This boolean sets whether deleting branches will be allowed in the
#   repository.  By default they won't be.
# hooks.denycreatebranch
#   This boolean sets whether remotely creating branches will be denied
#   in the repository.  By default this is allowed.
#
# hook.protectedbranches
#   This array sets which branches will be protected from being deleted.
#   This option is still experimental, use it carefully
#
# @since 2023-07-28
# @version 2023-07-28
# @author Radon8472
#

# --- Command line
refname="$1"
oldrev="$2"
newrev="$3"
refnameshort=$(basename $refname)

echo "DEBUG: Response from update hook"
# Show Current Config, with indent of a few spaces
echo "  Show Config"
git config --get-regexp hooks'\.' | sed  's/^/     /'

# --- Safety check
if [ -z "$GIT_DIR" ]; then
	echo "Don't run this script from the command line." >&2
	echo " (if you want, you could supply GIT_DIR then run" >&2
	echo "  $0 <ref> <oldrev> <newrev>)" >&2
	exit 1
fi

if [ -z "$refname" -o -z "$oldrev" -o -z "$newrev" ]; then
	echo "usage: $0 <ref> <oldrev> <newrev>" >&2
	exit 1
fi

# --- Config
# shellcheck disable=SC2039
#protectedbranches=(master main _hooks-test) # --  TODO: find a way to use a list of branches via git config (maybe as csv-list)
protectedbranches=( $(git config hooks.protectedbranches) ) # Make sure this results in empty array wenn option is not set

allowunannotated=$(git config --type=bool hooks.allowunannotated)
allowdeletebranch=$(git config --type=bool hooks.allowdeletebranch)
denycreatebranch=$(git config --type=bool hooks.denycreatebranch)
allowdeletetag=$(git config --type=bool hooks.allowdeletetag)
allowmodifytag=$(git config --type=bool hooks.allowmodifytag)


# check for no description
projectdesc=$(sed -e '1q' "$GIT_DIR/description")
case "$projectdesc" in
"Unnamed repository"* | "")
	echo "*** Project description file hasn't been set" >&2
	exit 1
	;;
esac

# --- Check types
# if $newrev is 0000...0000, it's a commit to delete a ref.
zero=$(git hash-object --stdin </dev/null | tr '[0-9a-f]' '0')
if [ "$newrev" = "$zero" ]; then
	newrev_type=delete
else
	newrev_type=$(git cat-file -t $newrev)
fi

case "$refname","$newrev_type" in
	refs/tags/*,commit)
		# un-annotated tag
		short_refname=${refname##refs/tags/}
		if [ "$allowunannotated" != "true" ]; then
			echo "*** The un-annotated tag, $short_refname, is not allowed in this repository" >&2
			echo "*** Use 'git tag [ -a | -s ]' for tags you want to propagate." >&2
			exit 1
		fi
		;;
	refs/tags/*,delete)
		# delete tag
		if [ "$allowdeletetag" != "true" ]; then
			echo "*** Deleting a tag is not allowed in this repository" >&2
			exit 1
		fi
		;;
	refs/tags/*,tag)
		# annotated tag
		if [ "$allowmodifytag" != "true" ] && git rev-parse $refname > /dev/null 2>&1
		then
			echo "*** Tag '$refname' already exists." >&2
			echo "*** Modifying a tag is not allowed in this repository." >&2
			exit 1
		fi
		;;
	refs/heads/*,commit)
		# branch
		if [ "$oldrev" = "$zero" -a "$denycreatebranch" = "true" ]; then
			echo "*** Creating a branch is not allowed in this repository" >&2
			exit 1
		fi
		;;
	refs/heads/*,delete)
		# delete branch

		if [ "$allowdeletebranch" != "true" ]; then
			echo "*** Deleting a branch is not allowed in this repository" >&2
			exit 1
		else

			##
			## Protect specific branches from being deleted
			## @see https://stackoverflow.com/questions/40462111/prevent-commits-in-master-branch
			##

			#echo "  Attempt to delete branch $refname"
			#echo "  Attempt to delete branch $refnameshort"

			# shellcheck disable=SC2039
			for protected in "${protectedbranches[@]}"
			do
				#echo "  Protected branch: $protected";
				if [ "$refnameshort" == "$protected" ]; then
					echo "*** Deleting protected branch '$protected' is not allowed in this repository" >&2
					exit 1
				fi
			done

		fi
		;;
	refs/remotes/*,commit)
		# tracking branch
		;;
	refs/remotes/*,delete)
		# delete tracking branch
		if [ "$allowdeletebranch" != "true" ]; then
			echo "*** Deleting a tracking branch is not allowed in this repository" >&2
			exit 1
		fi
		;;
	*)
		# Anything else (is there anything else?)
		echo "*** Update hook: unknown type of update to ref $refname of type $newrev_type" >&2
		exit 1
		;;
esac

# --- Finished
exit 0
	#!/bin/sh
	#
	# This hook is invoked when a git-checkout is run after having updated the worktree. The hook is given three parameters:
	# the ref of the previous HEAD, the ref of the new HEAD (which may or may not have changed), and a flag indicating
	# whether the checkout was a branch checkout (changing branches, flag=1) or a file checkout
	# (retrieving a file from the index, flag=0). This hook cannot affect the outcome of git-checkout.
	#
	#
	# @see: https://stackoverflow.com/a/35182000/2377961
	# @see: https://gist.github.com/lyrixx/5867424
	#
	# in git hooks the file should have no extension
	#

	echo "Git-Hook: "$0
	echo "Arguments: "$@

	PREV_COMMIT=$1
	POST_COMMIT=$2
	flag=$3

	[[ $flag == 1 ]] && checkoutType='branch' \|\|
	checkoutType='file' ;

	if [ "$flag" == "0" ]; then exit; fi # File-Checkout
	if [ "$PREV_COMMIT" == "$POST_COMMIT" ]; then echo "New branch created. (Probably)."; fi

	#
	# Debug-Infos
	#
	echo 'Checkout type: '$checkoutType
	# Detect branch-names
	echo ' prev HEAD: '`git name-rev --name-only $PREV_COMMIT`
	echo ' new HEAD: '`git name-rev --name-only $POST_COMMIT`
	#!/bin/sh
	#
	# An example hook script to block unannotated tags from entering.
	# Called by "git receive-pack" with arguments: refname sha1-old sha1-new
	#
	# To enable this hook, rename this file to "update".
	#
	# Config
	# ------
	# hooks.allowunannotated
	# This boolean sets whether unannotated tags will be allowed into the
	# repository. By default they won't be.
	# hooks.allowdeletetag
	# This boolean sets whether deleting tags will be allowed in the
	# repository. By default they won't be.
	# hooks.allowmodifytag
	# This boolean sets whether a tag may be modified after creation. By default
	# it won't be.
	# hooks.allowdeletebranch
	# This boolean sets whether deleting branches will be allowed in the
	# repository. By default they won't be.
	# hooks.denycreatebranch
	# This boolean sets whether remotely creating branches will be denied
	# in the repository. By default this is allowed.
	#
	# hook.protectedbranches
	# This array sets which branches will be protected from being deleted.
	# This option is still experimental, use it carefully
	#
	# @since 2023-07-28
	# @version 2023-07-28
	# @author Radon8472
	#

	# --- Command line
	refname="$1"
	oldrev="$2"
	newrev="$3"
	refnameshort=$(basename $refname)

	echo "DEBUG: Response from update hook"
	# Show Current Config, with indent of a few spaces
	echo " Show Config"
	git config --get-regexp hooks'\.' \| sed 's/^/ /'

	# --- Safety check
	if [ -z "$GIT_DIR" ]; then
	echo "Don't run this script from the command line." >&2
	echo " (if you want, you could supply GIT_DIR then run" >&2
	echo " $0 <ref> <oldrev> <newrev>)" >&2
	exit 1
	fi

	if [ -z "$refname" -o -z "$oldrev" -o -z "$newrev" ]; then
	echo "usage: $0 <ref> <oldrev> <newrev>" >&2
	exit 1
	fi

	# --- Config
	# shellcheck disable=SC2039
	#protectedbranches=(master main _hooks-test) # -- TODO: find a way to use a list of branches via git config (maybe as csv-list)
	protectedbranches=( $(git config hooks.protectedbranches) ) # Make sure this results in empty array wenn option is not set

	allowunannotated=$(git config --type=bool hooks.allowunannotated)
	allowdeletebranch=$(git config --type=bool hooks.allowdeletebranch)
	denycreatebranch=$(git config --type=bool hooks.denycreatebranch)
	allowdeletetag=$(git config --type=bool hooks.allowdeletetag)
	allowmodifytag=$(git config --type=bool hooks.allowmodifytag)


	# check for no description
	projectdesc=$(sed -e '1q' "$GIT_DIR/description")
	case "$projectdesc" in
	"Unnamed repository"* \| "")
	echo "*** Project description file hasn't been set" >&2
	exit 1
	;;
	esac

	# --- Check types
	# if $newrev is 0000...0000, it's a commit to delete a ref.
	zero=$(git hash-object --stdin </dev/null \| tr '[0-9a-f]' '0')
	if [ "$newrev" = "$zero" ]; then
	newrev_type=delete
	else
	newrev_type=$(git cat-file -t $newrev)
	fi

	case "$refname","$newrev_type" in
	refs/tags/*,commit)
	# un-annotated tag
	short_refname=${refname##refs/tags/}
	if [ "$allowunannotated" != "true" ]; then
	echo "*** The un-annotated tag, $short_refname, is not allowed in this repository" >&2
	echo "*** Use 'git tag [ -a \| -s ]' for tags you want to propagate." >&2
	exit 1
	fi
	;;
	refs/tags/*,delete)
	# delete tag
	if [ "$allowdeletetag" != "true" ]; then
	echo "*** Deleting a tag is not allowed in this repository" >&2
	exit 1
	fi
	;;
	refs/tags/*,tag)
	# annotated tag
	if [ "$allowmodifytag" != "true" ] && git rev-parse $refname > /dev/null 2>&1
	then
	echo "*** Tag '$refname' already exists." >&2
	echo "*** Modifying a tag is not allowed in this repository." >&2
	exit 1
	fi
	;;
	refs/heads/*,commit)
	# branch
	if [ "$oldrev" = "$zero" -a "$denycreatebranch" = "true" ]; then
	echo "*** Creating a branch is not allowed in this repository" >&2
	exit 1
	fi
	;;
	refs/heads/*,delete)
	# delete branch

	if [ "$allowdeletebranch" != "true" ]; then
	echo "*** Deleting a branch is not allowed in this repository" >&2
	exit 1
	else

	##
	## Protect specific branches from being deleted
	## @see https://stackoverflow.com/questions/40462111/prevent-commits-in-master-branch
	##

	#echo " Attempt to delete branch $refname"
	#echo " Attempt to delete branch $refnameshort"

	# shellcheck disable=SC2039
	for protected in "${protectedbranches[@]}"
	do
	#echo " Protected branch: $protected";
	if [ "$refnameshort" == "$protected" ]; then
	echo "*** Deleting protected branch '$protected' is not allowed in this repository" >&2
	exit 1
	fi
	done

	fi
	;;
	refs/remotes/*,commit)
	# tracking branch
	;;
	refs/remotes/*,delete)
	# delete tracking branch
	if [ "$allowdeletebranch" != "true" ]; then
	echo "*** Deleting a tracking branch is not allowed in this repository" >&2
	exit 1
	fi
	;;
	*)
	# Anything else (is there anything else?)
	echo "*** Update hook: unknown type of update to ref $refname of type $newrev_type" >&2
	exit 1
	;;
	esac

	# --- Finished
	exit 0