Support worktrees in lefthook/security harness
What does this MR do?
Support worktrees in lefthook/security harness
Our scripts/security-harness
script did not work with GitLab repositories using
worktrees because:
- It relies on lefthook, which only added support for worktrees in 0.7.5
- It makes an assumption about the location of the pre-push hook path, which is invalid in general (e.g., if worktrees are being used, or if the git repository layout is non-standard for any other reason)
This change bumps the lefthook gem to 0.7.5 to fix the first problem, and uses a more robust way to get the pre-push hook path to fix the second problem.
Before this, the script would fail with something like:
$ scripts/security-harness
/home/markrian/.asdf/installs/ruby/2.7.2/lib/ruby/2.7.0/fileutils.rb:250:in `mkdir': File exists @ dir_s_mkdir - /home/markrian/dev/gdk-ee-2020-05-06/gitlab/.git (Errno::EEXIST)
from /home/markrian/.asdf/installs/ruby/2.7.2/lib/ruby/2.7.0/fileutils.rb:250:in `fu_mkdir'
from /home/markrian/.asdf/installs/ruby/2.7.2/lib/ruby/2.7.0/fileutils.rb:228:in `block (2 levels) in mkdir_p'
from /home/markrian/.asdf/installs/ruby/2.7.2/lib/ruby/2.7.0/fileutils.rb:226:in `reverse_each'
from /home/markrian/.asdf/installs/ruby/2.7.2/lib/ruby/2.7.0/fileutils.rb:226:in `block in mkdir_p'
from /home/markrian/.asdf/installs/ruby/2.7.2/lib/ruby/2.7.0/fileutils.rb:211:in `each'
from /home/markrian/.asdf/installs/ruby/2.7.2/lib/ruby/2.7.0/fileutils.rb:211:in `mkdir_p'
from scripts/security-harness:68:in `write_hook'
from scripts/security-harness:128:in `<main>'
Now, it succeeds:
$ scripts/security-harness
/home/markrian/dev/gdk-ee-2020-05-06/gitlab/lefthook.yml removed
Lefthook was uninstalled to let the security harness work properly.
Security harness installed -- you will only be able to push to gitlab.com/gitlab-org/security!
$ scripts/security-harness
Security harness removed -- you can now push to all remotes.
SYNCING lefthook.yml
SERVED HOOKS: pre-push, prepare-commit-msg
Lefthook was re-installed.
Screenshots (strongly suggested)
n/a
Does this MR meet the acceptance criteria?
Conformity
-
I have included a changelog entry, or it's not needed. (Does this MR need a changelog?) -
I have added/updated documentation, or it's not needed. (Is documentation required?) -
I have properly separated EE content from FOSS, or this MR is FOSS only. (Where should EE code go?) -
I have added information for database reviewers in the MR description, or it's not needed. (Does this MR have database related changes?) -
I have self-reviewed this MR per code review guidelines. -
This MR does not harm performance, or I have asked a reviewer to help assess the performance impact. (Merge request performance guidelines) -
I have followed the style guides.
Availability and Testing
- [-] I have added/updated tests following the Testing Guide, or it's not needed. (Consider all test levels. See the Test Planning Process.)
- [-] I have tested this MR in all supported browsers, or it's not needed.
- [-] I have informed the Infrastructure department of a default or new setting change per definition of done, or it's not needed.
Edited by Mark Florian