Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hook configuration through filenames #31058

Open
wants to merge 15 commits into
base: main
Choose a base branch
from
Open

Hook configuration through filenames #31058

wants to merge 15 commits into from

Conversation

jozseffenyes
Copy link

Allow hooks to run under different filenames set in app.ini

Resolves #30985

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label May 23, 2024
@pull-request-size pull-request-size bot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label May 23, 2024
@github-actions github-actions bot added modifies/translation modifies/go Pull requests that update Go code modifies/templates This PR modifies the template files labels May 23, 2024
@pull-request-size pull-request-size bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels May 23, 2024
delvh
delvh requested changes May 23, 2024
View reviewed changes
custom/conf/app.example.ini Outdated Show resolved Hide resolved
templates/admin/config.tmpl Outdated Show resolved Hide resolved
modules/templates/helper.go Outdated Show resolved Hide resolved
modules/git/hook.go Outdated Show resolved Hide resolved
modules/git/hook.go Outdated Show resolved Hide resolved
modules/git/hook.go Outdated Show resolved Hide resolved
modules/git/hook.go Outdated Show resolved Hide resolved
@GiteaBot GiteaBot added lgtm/blocked A maintainer has reservations with the PR and thus it cannot be merged and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels May 23, 2024
@jozseffenyes jozseffenyes requested a review from delvh May 24, 2024 09:19
delvh
delvh reviewed May 24, 2024
View reviewed changes
modules/setting/hooks.go Outdated Show resolved Hide resolved
modules/setting/hooks.go Outdated Show resolved Hide resolved
modules/setting/hooks.go Outdated Show resolved Hide resolved
@jozseffenyes jozseffenyes requested a review from delvh May 24, 2024 13:15
@GiteaBot GiteaBot removed the lgtm/blocked A maintainer has reservations with the PR and thus it cannot be merged label May 24, 2024
@GiteaBot GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label May 24, 2024
@wxiaoguang
Copy link
Contributor

wxiaoguang commented May 24, 2024
edited
Loading

TBH I am not sure whether this change is necessary or safe enough.

By design, the git hooks must be managed by Gitea, otherwise there might be "access bypass" if the hooks are wrong.

And, the current "hook" script looks like this, it already has the ability to run anything in hooks directory like {my-script}.{ext}.

image

@jozseffenyes
Copy link
Author

TBH I am not sure whether this change is necessary or safe enough.

By design, the git hooks must be managed by Gitea, otherwise there might be "access bypass" if the hooks are wrong.

And, the current "hook" script looks like this, it already has the ability to run anything in hooks directory like {my-script}.{ext}.

image

Thank you for your input. This capability remains necessary for our organization, as we need to modify our scripts directly from the frontend. Changing the file extension from the bash script does not make it available through the UI. We understand the risks involved but have determined that this approach is safe enough.

@wxiaoguang
Copy link
Contributor

Since the script is executed by git bash, so I would suppose you could use shebang line directly for your PowerShell scripts without extension?

https://stackoverflow.com/questions/48216173/how-can-i-use-a-shebang-in-a-powershell-script

@jozseffenyes
Copy link
Author

Since the script is executed by git bash, so I would suppose you could use shebang line directly for your PowerShell scripts without extension?

https://stackoverflow.com/questions/48216173/how-can-i-use-a-shebang-in-a-powershell-script

Sadly this approach doesn't work anymore on windows since Powershell's 7.2 release.
PowerShell/PowerShell#16480

@wxiaoguang
Copy link
Contributor

wxiaoguang commented May 25, 2024
edited
Loading

Hmm, it seems to be a bad design from PowerShell side.

I think we should still do the best to follow the posix-standard / shebangline, instead of introducing too many options or workarounds, since it isn't a widely-requested feature -- until there are many end users need such "customized hook extension name".

For your case, I think it could be resolved by some of these approaches:

  1. use the -Command argument, like this:
#!/usr/bin/env bash
PWCODE=$(cat <<'CODEBLOCK'

Write-Host "the powershell script"

CODEBLOCK
)
# or, use EncodedCommand (base64)
exec powershell -Command "$PWCODE"
  1. use a pwsh-wrapper.sh, like this:
#!/usr/bin/env bash
fn="$1"
shift
# it could be fine-tuned by "flock" or writing to a tmp directory
cp "$fn" ".$fn.ps1"
exec powershell -File ".$fn.ps1" "$@"

Then use it as your hook script's shebang line:

#!/usr/bin/env pwsh-wrapper.sh
Write-Host "the powershell script"

silverwind
silverwind reviewed May 28, 2024
View reviewed changes
modules/setting/hooks.go
return fmt.Errorf("can only contain filenames, not other directories")
}
return nil
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is already a very similar function in routers/api/packages/generic/generic.go:65, move it to modules/util and share from there.

silverwind
silverwind reviewed May 28, 2024
View reviewed changes
templates/admin/config.tmpl

<dt>{{ctx.Locale.Tr "admin.config.git_hookprereceivename"}}</dt>
<dd>{{.GitHookPrereceiveName}}</dd>

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change

silverwind
silverwind reviewed May 28, 2024
View reviewed changes
templates/admin/config.tmpl

<dt>{{ctx.Locale.Tr "admin.config.git_hookupdatename"}}</dt>
<dd>{{.GitHookUpdateName}}</dd>

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change

silverwind
silverwind reviewed May 28, 2024
View reviewed changes
templates/admin/config.tmpl

<dt>{{ctx.Locale.Tr "admin.config.git_postreceivename"}}</dt>
<dd>{{.GitHookPostreceiveName}}</dd>

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change

@wxiaoguang
Copy link
Contributor

Thanks to the author's work and thanks to reviewers' suggestions.

However, I think this change is not good enough and I do not think it could be merged.

  1. The root problem is the bad design from PowerShell side (it strictly requires "ps1" ext name and no way to bypass)
  2. There could be some workarounds without introducing the "customized file name" (Hook configuration through filenames #31058 (comment))
  3. The "customized file name" feature is not a widely-requested feature, and it makes the system unnecessarily complex and brings some maintainability problems:
    • For example, if an end user had some content in the default hook file, and then changed the hook file name, then the old hook file is left there forever and unmanageable, it would cause more problems.

So I will put a "blocked" label, and leave the final decision to the @go-gitea/technical-oversight-committee

wxiaoguang
wxiaoguang requested changes May 28, 2024
View reviewed changes
Copy link
Contributor

@wxiaoguang wxiaoguang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#31058 (comment)

@GiteaBot GiteaBot added lgtm/blocked A maintainer has reservations with the PR and thus it cannot be merged and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels May 28, 2024
@wxiaoguang wxiaoguang mentioned this pull request Nov 7, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@silverwind silverwind silverwind left review comments

@wxiaoguang wxiaoguang wxiaoguang requested changes

@delvh delvh delvh approved these changes

Assignees
No one assigned
Labels
lgtm/blocked A maintainer has reservations with the PR and thus it cannot be merged modifies/docs modifies/go Pull requests that update Go code modifies/templates This PR modifies the template files modifies/translation size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Revise server side hook configuration to support dynamic hook file extensions.
6 participants
@jozseffenyes @wxiaoguang @silverwind @delvh @GiteaBot @pingvin12