Sil*_*ior 5 git hook gitlab sonar-runner
目前我们已经为声纳运行器配置了预提交挂钩以进行颠覆。现在我们的项目正在迁移到 Git (Gitlab),因此我们需要将预提交挂钩移动到 Git 预提交和预推送挂钩。
我们有两个要求
对于每次提交/推送,它应该运行声纳(使用本地安装的声纳运行器)进行静态代码分析并发现任何违规,然后它应该拒绝提交/推送。
对于每次提交/推送,都应该有有效的 jira id,并将其分配给将代码推送到 git 的人。Jira id 应该是提交消息的一部分。
有人已经实现了 hook 吗?
我仍在寻找声纳的钩子。但我可以给你 JIRA 号码检查钩子。该挂钩仅检查 JIRA 服务器中的 JIRA 编号是否有效。
JIRA 号码检查挂钩客户端commig-msg:
#!/bin/bash
JIRA_API_ISSUE_URL=http://jira7.{xxxxx}.org/rest/api/latest/issue/
HARD_MODE="false"
TIME_OUT=3
$(grep -i 'merge' "$1")
result=$?
if [ $result -eq 0 ];then
# echo "INFO : can commit because 'merge' keyword exists."
exit 0
fi
jira_num=$(grep -ohE -m 1 '[ABCDEFGHIJKLMNOPQRSTUVWXYZ0-9]+-[0-9]+' "$1" | head -1)
if [ "${jira_num}" == "" ];then
echo "ERROR : commit does not contains JIRA_NUM. for example: PROJ-123"
exit 1
fi
check_url=${JIRA_API_ISSUE_URL}${jira_num}
http_response=$(curl -m ${TIME_OUT} --write-out %{http_code} --silent --output /dev/null ${check_url})
if [ ${HARD_MODE} == "true" ];then
if [ "$http_response" -eq "401" ]; then
# echo "INFO : can find jira issue number, allow commit";
exit 0;
else
echo "ERROR : can not find the jira issue num:${jira_num}, please check: ${check_url}";
exit 1;
fi
else
if [ "$http_response" -eq "404" ]; then
echo "ERROR : can not find the jira issue num:${jira_num}, please check: ${check_url}";
exit 2;
elif [ "$http_response" -eq "000" ]; then
echo "WARN : request time out or error occured, url:${check_url}, but allow commit in loose mode.";
exit 0;
else
# echo "INFO : http response:${http_response}, not 404, allow commit. url: ${check_url}";
exit 0;
fi
fi
服务器端update:
#!/bin/bash
JIRA_API_ISSUE_URL=http://jira7.{xxxxx}.org/rest/api/latest/issue/
TIME_OUT=5
# --- Command line
refname="$1"
oldrev="$2"
newrev="$3"
# --- Safety check
# if [ -z "$GIT_DIR" ]; then
# echo "Don't run this script from the command line." >&2
# echo " (if you want, you could supply GIT_DIR then run" >&2
# echo " $0 <ref> <oldrev> <newrev>)" >&2
# exit 1
# fi
if [ -z "$refname" -o -z "$oldrev" -o -z "$newrev" ]; then
echo "usage: $0 <ref> <oldrev> <newrev>" >&2
exit 1
fi
hashStrs=""
if [[ "$oldrev" =~ ^0+$ ]]; then
# list everything reachable from newrev but not any heads
hashStrs=$(git rev-list $(git for-each-ref --format='%(refname)' refs/heads/* | sed 's/^/\^/') "$newrev")
else
hashStrs=$(git rev-list "$oldrev..$newrev")
fi
# echo ${hashStrs}
hashArr=($hashStrs)
for hash in "${hashArr[@]}"; do
message=$(git cat-file commit ${hash} | sed '1,/^$/d')
if grep -i 'merge'<<<"$message";then
# echo "INFO : branch: ${refname}, hash: ${hash}, 'merge' keyword exists. continue check other commit.."
continue
fi
jira_num=$(grep -ohE -m 1 '[ABCDEFGHIJKLMNOPQRSTUVWXYZ0-9]+-[0-9]+' <<< "$message" | head -1)
if [ "${jira_num}" == "" ];then
echo "ERROR : branch: ${refname}, hash commit (${hash}) does not contains JIRA_NUM. for example: PROJ-123"
exit 1
fi
check_url=${JIRA_API_ISSUE_URL}${jira_num}
http_response=$(curl -m ${TIME_OUT} --write-out %{http_code} --silent --output /dev/null ${check_url})
if [ "$http_response" -eq "401" ]; then
# echo "INFO : branch: ${refname}, hash commit (${hash}) can find jira issue number, continue check other commit..";
continue;
else
echo "ERROR : branch: ${refname}, hash commit (${hash}) can not find the jira issue num:${jira_num}, http code return:"${http_response}", please check: ${check_url}";
exit 1;
fi
done
# --- Finished
# echo "INFO : branch: ${refname}, all commits with JIRA numbers, allow commit."
exit 0
参考:
http://note.youdao.com/noteshare ?id=6cfe6bd7da2f5c009ac04061e24c4991