-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Check compatibility with overcommit #72
Comments
Relevant overcommit issue: sds/overcommit#405 |
First impressions on a project with hooks set up (jQuery Core, actually):
at this point overcommit backs up all existing hooks. The two hooks from husky that jQuery uses (precommit and commitmsg) are moved to A very interesting command is Ok, the way to get called by
That fails with:
I am investigating further |
I have tried several combinations of setting the
Since jQuery Core also has a dedicated script in its
Then I came across a very nice file in overcommit that shows how other npm modules are supported. It looks like the expected way is to support global install.
@jzaefferer do you think we should:
@lencioni do you perhaps see any obvious thing that I am doing wrong? |
We typically set up the overcommit hooks to be able to run globally by default. People in their own projects can override the required_executable to be the local version if they happen to be using npm and have it in their devDependencies. For example, a project's .overcomm.yml file might include the following configuration for eslint: EsLint:
enabled: true
flags: ['--ext=.js,.jsx', '--format=compact']
required_executable: './node_modules/.bin/eslint'
include:
- '**/*.js'
- '**/*.jsx' Borrowing from the ESLint default config, I think this might make sense for commitplease: Commitplease:
enabled: false
description: 'Analyze with Commitplease'
required_executable: 'commitplease'
install_command: 'npm install -g commitplease' And then allow folks to specify the local version if they want, when they enable it, like this: Commitplease:
enabled: true
required_executable: './node_modules/.bin/commitplease' Of course, you would need to make commitplease able to be installed globally for this setup to work. If you don't want to do that, you could probably roll with something like this for the default: Commitplease:
enabled: false
description: 'Analyze with Commitplease'
required_executable: './node_modules/.bin/commitplease'
install_command: 'npm install --save-dev commitplease' I hope this helps. Let me know if you have any more questions. |
@lencioni thank you! My issue appears to have been security-related and here is what worked for me: Create a project and install the two packages:
At this point, I have to begin the security dance [remember these two lines for later]:
Now I configure
And continue the security dance:
And at this point it starts to work! Thanks! Usability problem:It does not look like I can skip the "add commitplease hook into git" lines that I have marked above. If I just skip straight into configuring Since I must add the hook to source control, I have to have it pre-installed before I configure overcommit. So, overcommit does not automatically install the missing hooks for me. Am I doing something wrong? |
It's really unusual to be checking in things from node_modules to source control. Generally for hooks that depend on npm packages, we default to using a globally installed version and allow for people to specify a locally installed version in their own overcommit configuration--which works well for teams who want to lock down a specific version of the tool. Ideally, the locally installed version shouldn't be the default, so it would be really great if you could get a globally installed version working. I think this is how folks will expect it to work anyway. Even if you can't get the global one to work, there shouldn't be any reason that you need to check in the commitplease binary into your repo. I think the missing link might be that most hooks have a Ruby file in the overcommit repo that process the command's output and generates useful information for Overcommit. You can see the commit message files here. https://github.com/brigade/overcommit/tree/master/lib/overcommit/hook/commit_msg Here's a simple one that is written entirely in Ruby that checks for hard tabs: https://github.com/brigade/overcommit/blob/master/lib/overcommit/hook/commit_msg/hard_tabs.rb Here's one that executes a command to check for spelling mistakes: https://github.com/brigade/overcommit/blob/master/lib/overcommit/hook/commit_msg/spell_check.rb (the configuration for the command that is run can be found at https://github.com/brigade/overcommit/blob/master/config/default.yml#L101) And here's the eslint one that runs eslint and parses the output for overcommit: https://github.com/brigade/overcommit/blob/master/lib/overcommit/hook/pre_commit/es_lint.rb To add a hook, you'll probably want to add a ruby file like one of these along with the default configuration. I hope this helps make sense of it all! |
It's not supposed to. Regarding security, we added a check to ensure that custom hooks are tracked by git in sds/overcommit@7443529. This provides stronger protection against accidentally executing a malicious script outside the repository. As @lencioni said above, you could contribute a Commitplease hook to the repo to avoid this process (thanks!). Alternatively, you could write a custom Overcommit hook (docs here) and add it to your repo as |
|
My mistake, I thought On Sat, Jul 30, 2016, 8:24 AM Joe Lencioni notifications@github.com wrote:
|
It does, but only for commands inside of scripts. For example, if you had the eslint package installed, |
Once that lands, is there anything left to do here? |
@jzaefferer I think that PR is missing a ruby script based on this:
Basically, @lencioni and @jawshooah have described the process of creating that Ruby script really well. Unfortunately, I do not know Ruby, so the simple action of "try out a locally modified ruby gem" is rather slow and painful (that is what I am doing right now --- figuring out how to locally modify overcommit and run it). So, I am finishing that PR. @lencioni's guess is that this missing Ruby script is causing the usability problem and forcing me to check |
See https://github.com/brigade/overcommit
Sounds similar to husky.
The text was updated successfully, but these errors were encountered: