Support worktrees in lefthook/security harness (!62491) · Merge requests · GitLab.org / GitLab

Mark Florian requested to merge lefthook-worktree-support into master May 25, 2021

What does this MR do?

Support worktrees in lefthook/security harness

Our scripts/security-harness script did not work with GitLab repositories using worktrees because:

It relies on lefthook, which only added support for worktrees in 0.7.5
It makes an assumption about the location of the pre-push hook path, which is invalid in general (e.g., if worktrees are being used, or if the git repository layout is non-standard for any other reason)

This change bumps the lefthook gem to 0.7.5 to fix the first problem, and uses a more robust way to get the pre-push hook path to fix the second problem.

Before this, the script would fail with something like:

$ scripts/security-harness
/home/markrian/.asdf/installs/ruby/2.7.2/lib/ruby/2.7.0/fileutils.rb:250:in `mkdir': File exists @ dir_s_mkdir - /home/markrian/dev/gdk-ee-2020-05-06/gitlab/.git (Errno::EEXIST)
	from /home/markrian/.asdf/installs/ruby/2.7.2/lib/ruby/2.7.0/fileutils.rb:250:in `fu_mkdir'
	from /home/markrian/.asdf/installs/ruby/2.7.2/lib/ruby/2.7.0/fileutils.rb:228:in `block (2 levels) in mkdir_p'
	from /home/markrian/.asdf/installs/ruby/2.7.2/lib/ruby/2.7.0/fileutils.rb:226:in `reverse_each'
	from /home/markrian/.asdf/installs/ruby/2.7.2/lib/ruby/2.7.0/fileutils.rb:226:in `block in mkdir_p'
	from /home/markrian/.asdf/installs/ruby/2.7.2/lib/ruby/2.7.0/fileutils.rb:211:in `each'
	from /home/markrian/.asdf/installs/ruby/2.7.2/lib/ruby/2.7.0/fileutils.rb:211:in `mkdir_p'
	from scripts/security-harness:68:in `write_hook'
	from scripts/security-harness:128:in `<main>'

Now, it succeeds:

$ scripts/security-harness
/home/markrian/dev/gdk-ee-2020-05-06/gitlab/lefthook.yml removed
Lefthook was uninstalled to let the security harness work properly.
Security harness installed -- you will only be able to push to gitlab.com/gitlab-org/security!

$ scripts/security-harness
Security harness removed -- you can now push to all remotes.
SYNCING lefthook.yml
SERVED HOOKS: pre-push, prepare-commit-msg
Lefthook was re-installed.

Screenshots (strongly suggested)

n/a

Does this MR meet the acceptance criteria?

Conformity

I have included a changelog entry, or it's not needed. (Does this MR need a changelog?)
I have added/updated documentation, or it's not needed. (Is documentation required?)
I have properly separated EE content from FOSS, or this MR is FOSS only. (Where should EE code go?)
I have added information for database reviewers in the MR description, or it's not needed. (Does this MR have database related changes?)
I have self-reviewed this MR per code review guidelines.
This MR does not harm performance, or I have asked a reviewer to help assess the performance impact. (Merge request performance guidelines)
I have followed the style guides.

Availability and Testing

[-] I have added/updated tests following the Testing Guide, or it's not needed. (Consider all test levels. See the Test Planning Process.)
[-] I have tested this MR in all supported browsers, or it's not needed.
[-] I have informed the Infrastructure department of a default or new setting change per definition of done, or it's not needed.

Edited May 25, 2021 by Mark Florian