ANDROID: drm_hwcomposer: Add pre-push hook
Add a pre-push hook to detect commits that are prefixed with ANDROID:,
and prevent them from being pushed to a potentially public remote.
Add a script to install the pre-push hook.
Add a PREUPLOAD hook that checks that the pre-push hook has been
installed. Since this hook needs to be installed manually, the PREUPLOAD
hook will remind contributors to install the next time they attempt to
`repo upload`.
Test: `git push -n $gitlab-remote`
Test: `git push -n aosp`
Test: repo upload
Bug: 371583224
Change-Id: I4a07c2938417e5983b66ce67e375c8fced5a4007
diff --git a/hooks/check-hooks-installed b/hooks/check-hooks-installed
new file mode 100755
index 0000000..45e5c73
--- /dev/null
+++ b/hooks/check-hooks-installed
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+# Gerrit hook that runs on repo upload. Checks to ensure that the pre-upload hook
+# has been installed.
+
+cmd=$(git config hookcmd.check-non-public-commits.command)
+if [ -z "$cmd" ]; then
+ echo "Please install hooks by running: hooks/install-hooks.sh"
+ exit 1
+fi
\ No newline at end of file
diff --git a/hooks/check-non-public-commits b/hooks/check-non-public-commits
new file mode 100755
index 0000000..fc20795
--- /dev/null
+++ b/hooks/check-non-public-commits
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+# git pre-push hook to detect whether a developer is attempting to push
+# non-public commits to a public repository.
+
+remote="$1"
+url="$2"
+
+# Don't bother checking if this is being pushed to gerrit.
+if [[ "$url" = "sso://googleplex-android/platform/external/drm_hwcomposer" ]] ||
+ [[ "$url" = "sso://android.googlesource.com/platform/external/drm_hwcomposer" ]]
+then
+ exit 0
+fi
+
+while read local_ref local_sha remote_ref remote_sha
+do
+ # Gather a list of all commits that are to be pushed to the remote.
+ # remote_sha will be 000000 if there is no corresponding remote branch.
+ if [[ "$remote_sha" =~ "0000000000" ]]; then
+ commits=$(git rev-list $local_sha --not --remotes=$remote)
+ else
+ commits=$(git rev-list $remote_sha..$local_sha)
+ fi
+
+ # Check each commit message for the prohibited prefix.
+ for commit in $commits; do
+ # Get the commit message.
+ message=$(git log -1 --pretty=%B $commit)
+
+ # Check if the commit message starts with "ANDROID:"
+ if [[ "$message" == "ANDROID"* ]] ||
+ [[ "$message" == "INTERNAL"* ]] ||
+ [[ "$message" == "DO NOT MERGE"* ]]; then
+ echo "Error: Commit message starts with downstream tag:"
+ echo "$message"
+ echo "It looks like you're trying to push internal changes to an externally "
+ echo "visible repository: $url"
+ exit 1
+ fi
+ done
+done
+
+exit 0
diff --git a/hooks/install-hooks.sh b/hooks/install-hooks.sh
new file mode 100755
index 0000000..d19a3c8
--- /dev/null
+++ b/hooks/install-hooks.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+# Install hooks.
+git config --add hookcmd.check-non-public-commits.command hooks/check-non-public-commits
+git config --add hook.pre-push.command check-non-public-commits
\ No newline at end of file