Automatically add DCO signoff with commit hooks#2283
Automatically add DCO signoff with commit hooks#2283htuch merged 7 commits intoenvoyproxy:masterfrom
Conversation
Fixes envoyproxy#2281. DCO signoff is mandatory for all contributors. Currently this is enforced via CI. This commit smoothes this process somewhat by introducing: 1. A git commit hook, which will check the commit message for a signoff, and if not present, add one to the bottom of the message. 2. A script, `support/bootstrap`, which will symlink these commit hooks into the Envoy root `.git` directory, to minimize the effort it takes to use them. Signed-off-by: Alex Clemmer <[email protected]>
|
Sweet! Can we potentially merge https://github.com/envoyproxy/envoy/blob/master/tools/pre-commit.sh into this commit also? That one sets up a hook to check format, but it has never been well documented (I use it locally). |
|
@mattklein123 Done. Two more things:
|
|
Oh I've noticed that moving the commit hook causes it to not work. Oops. That's what I get for copy+paste'ing. Let me fix that. |
|
Ok that should be fixed. I went ahead and just rebased the commit because it looks like no one had gotten around to reviewing it. |
An undocumented pre-commit hook that runs the format checker on all changed files exists in `tools/pre-commit.sh`. We're transitioning to a model where commit hooks are installed with `support/bootstrap`, so this commit will: 1. Move this file to `support/hooks` 2. Cause `support/bootstrap` to actually install it. Signed-off-by: Alex Clemmer <[email protected]>
mattklein123
left a comment
mattklein123
left a comment
There was a problem hiding this comment.
This is really awesome. Thank you. Just a few doc comments. I will defer to @htuch on the script review as he is a bash master.
support/README.md
Outdated
| # Support tools | ||
|
|
||
| A collection of helper scripts meant to be used by the Envoy developers. For | ||
| example, scripts executed as post-commit hooks would go here. |
There was a problem hiding this comment.
Would it be worth it to add a little more text here of which things are installed and roughly what they do? I might mention that when the check format script is installed the developer can use the -n flag with git commit to avoid checking if they don't want to temporarily. Some people might get annoyed if they don't know this.
Also, perhaps we should link to here from the top level developer guide? https://github.com/envoyproxy/envoy/blob/master/DEVELOPER.md or even https://github.com/envoyproxy/envoy#contributing?
There was a problem hiding this comment.
@mattklein123 Sounds good, let's do all of those things. I'll take another pass later today.
Signed-off-by: Alex Clemmer <[email protected]>
|
@mattklein123 ok, I believe all of those comments should be addressed. |
htuch
left a comment
htuch
left a comment
There was a problem hiding this comment.
This is awesome. A few design/flow related comments, I think any improvement here is a good direction.
| so: | ||
|
|
||
| ```bash | ||
| git commit --no-verify |
There was a problem hiding this comment.
Before getting into too much review depth, I'm wondering if we really want this to be opt-out on commit vs. push. My common workflow (and I'm sure is the case for many devs) is that we commit early-and-often locally, without caring about format or DCO (which happens via my git aliases anyway). I later squash down in a rebase and then push. I rather that any additional latency is added on the remote push rather than the local commit.
Of course, these are just my preferences and I don't need to actually use these hooks, but I think they may be shared by others as well.
| # copying project-standard git commit hooks that do things like ensure DCO | ||
| # signoff is present during commit. | ||
|
|
||
| # Best-effort check that we're in the envoy root directory. |
There was a problem hiding this comment.
Can't you figure out the exact root using git rev-parse --show-toplevel?
There was a problem hiding this comment.
I'm not 100% sure that works in all the corner cases, but it looks like it works for submodules, which does seem to be a case we care about, so I'm ok doing this.
support/bootstrap
Outdated
| # Try to find the `.git` directory, even if it's not in Envoy project root (as | ||
| # it wouldn't be if, say, this were in a submodule). The "blessed" but fairly | ||
| # new way to do this is to use `--git-common-dir`. | ||
| dotGitDir=`git rev-parse --git-common-dir` |
There was a problem hiding this comment.
We tend to prefer $(some subshell) style in Envoy.
support/bootstrap
Outdated
| dotGitDir=`git rev-parse --git-common-dir` | ||
| if test ! -d "${_gitdir}"; then | ||
| # If `--git-common-dir` is not available, fall back to older way of doing it. | ||
| dotGitDir=`git rev-parse --git-dir` |
There was a problem hiding this comment.
Prefer DOT_GIT_DIR style in Envoy scripts.
support/bootstrap
Outdated
| fi | ||
|
|
||
| hooksDir="${dotGitDir}/hooks" | ||
| hooksDirRelpath=`relpath "${hooksDir}" "${PWD}"` |
There was a problem hiding this comment.
Why do we need relative path here? Can't we just symlink from the absolute path?
There was a problem hiding this comment.
I'm not an expert in how this works -- my understanding is that if the repostitory is mv'd, the absolute path strategy would fail. Am I wrong?
Either way, in general it just seems nicer to me to have a symlink between two things whose relative path is well-defined, vs. having that knowledge depend on the directory they could sit in.
| @@ -0,0 +1,23 @@ | |||
| #!/usr/bin/env bash | |||
| # | |||
| # A git commit hook that will automatically append a DCO signoff to the bottom | |||
There was a problem hiding this comment.
Could we just enforce that a DCO is present? This would allow flows where the user automatically appends DCO (which I have already) but ensures that there are no mistakes made (trust but verify).
There was a problem hiding this comment.
(Handled in the discussion below.)
|
@htuch Ok, so, to recap, it sounds like we have two main questions:
For the first, I think you're right that it's more annoying to run as a pre-commit hook, but I suspect that making it a pre-push hook is noticably more complex. (i.e., it's not yet clear to me whether there's an easy way to deal with all the cases of For the second, I actually prefer to have it just auto-append if missing, but I'm only about a 6/10 in my conviction this is the way to go, so if you feel strongly about it we can do it your way. My rationale was, firstly, in general I prefer to solve the problem if we can, rather than haranguing people to solve it themselves. But secondly, I wrote this code to work well with other popular workflows I know about: specifically, I wrote it to be compatible with |
BTW, I think this whole PR is a really useful contribution and don't want perfect to get in the way of good, so please only do what is low hanging fruit. |
|
|
The format check doesn't happen on a per-commit basis. It just looks at the entire state of the tree when you run it, without looking at version control history, so I don't think you have a per-commit validation worry there. |
Signed-off-by: Alex Clemmer <[email protected]>
htuch
left a comment
htuch
left a comment
There was a problem hiding this comment.
Looks great, thanks for polishing this up.
support/hooks/pre-push
Outdated
| for i in $(git diff --name-only $RANGE --diff-filter=ACMR 2>&1); do | ||
| echo " Checking format for $i" | ||
| "$SCRIPT_DIR"/check_format.py check $i | ||
| if [[ $? -ne 0 ]]; then |
There was a problem hiding this comment.
Can just run set +e, that will catch other badness.
support/hooks/pre-push
Outdated
| do | ||
| if [ "$LOCAL_SHA" = $DUMMY_SHA ] | ||
| then | ||
| # Branch deleted. Do nothing. |
There was a problem hiding this comment.
Can you use two space indents? That's what we've been doing in general across most languages and shell scripts in the Envoy code base. Thanks.
|
@htuch Alright, we're really starting to strain my knowledge of bash, so if it looks like we're doing something dumb, we probably are. I am pretty sure |
Signed-off-by: Alex Clemmer <[email protected]>
Signed-off-by: Alex Clemmer <[email protected]>
|
@htuch I actually fixed that as you typed that message. I think we're good now. |
Signed-off-by: Alex Clemmer <[email protected]>
mattklein123
left a comment
mattklein123
left a comment
There was a problem hiding this comment.
Sweet, thanks! Will let @htuch merge assuming everything is satisfactory.
Signed-off-by: Alyssa Wilk <[email protected]> Signed-off-by: JP Simard <[email protected]>
Signed-off-by: Alyssa Wilk <[email protected]> Signed-off-by: JP Simard <[email protected]>
3 participants
Fixes #2281. DCO signoff is mandatory for all contributors. Currently
this is enforced via CI.
This commit smoothes this process somewhat by introducing:
signoff, and if not present, add one to the bottom of the message.
support/bootstrap, which will symlink these commithooks into the Envoy root
.gitdirectory, to minimize the effortit takes to use them.
Signed-off-by: Alex Clemmer [email protected]