Krow/Krow-workspace
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add git pre-push hook to prevent direct pushes to protected branches

Browse Source 
This commit introduces a pre-push Git hook that prevents direct
pushes to the `main` and `dev` branches. This enforces the use of
pull requests for merging changes into these protected branches,
promoting code review and maintaining branch stability.

The changes include:
- Adding a `install-git-hooks` target to the Makefile to symlink
 the pre-push script into the `.git/hooks/` directory.
- Creating the `scripts/git-hooks/pre-push` script that checks the
 target branch and aborts the push if it matches a protected branch.
- Updating the `CONTRIBUTING.md` file to instruct developers to
 install the Git hooks after setting up their development
 environment.
This commit is contained in:
bwnyasse
2025-11-13 11:44:01 -05:00
parent 6540d01175
commit 0f9ca9eb15
3 changed files with 30 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CONTRIBUTING.md
View File

@@ -33,6 +33,9 @@ Follow these steps to set up your development environment and gain access to all
* Install web frontend dependencies: `make install` * Install web frontend dependencies: `make install`
* *(Mobile app dependencies will be installed within their respective directories later.)* * *(Mobile app dependencies will be installed within their respective directories later.)*
- **Install Git Hooks:**
- Run `make install-git-hooks` to set up local safeguards that prevent direct pushes to protected branches (`main` and `dev`). **This is a mandatory step.**
7. **Firebase Project Access Validation (CTO will provide access):** 7. **Firebase Project Access Validation (CTO will provide access):**
* Confirm you have access to the `dev` Firebase/GCP project. * Confirm you have access to the `dev` Firebase/GCP project.
* Verify you can run `firebase login` and `gcloud auth login` successfully. * Verify you can run `firebase login` and `gcloud auth login` successfully.

6
Makefile
View File

@@ -74,3 +74,9 @@ create-issues-from-file:
@echo "--> Creating GitHub issues from file..." @echo "--> Creating GitHub issues from file..."
@./scripts/create_issues.py @./scripts/create_issues.py
# --- Development Tools ---
install-git-hooks:
@echo "--> Installing Git hooks..."
@ln -sf ../../scripts/git-hooks/pre-push .git/hooks/pre-push
@echo "✅ pre-push hook installed successfully. Direct pushes to 'main' and 'dev' are now blocked."

21
scripts/git-hooks/pre-push Executable file
View File

@@ -0,0 +1,21 @@
#!/bin/sh
# --- Protected Branches ---
PROTECTED_BRANCHES="^(main|dev)$"
# Read stdin to get push details
while read local_ref local_sha remote_ref remote_sha; do
# Extract the branch name from the remote ref (e.g., refs/heads/branch-name)
branch_name=$(echo "$remote_ref" | sed 's!refs/heads/!!')
# Check if the pushed branch matches our protected branches
if echo "$branch_name" | grep -qE "$PROTECTED_BRANCHES"; then
echo "----------------------------------------------------------------"
echo "❌ ERROR: Direct pushes to the '$branch_name' branch are forbidden."
echo "Please use a pull request to merge your changes."
echo "----------------------------------------------------------------"
exit 1 # Abort the push
fi
done
exit 0 # Allow the push