#!/bin/sh
# Helper hook to prevent folk from accidentally committing broken Puppet
# manifests to the repository.
#
# You must have Ruby and Puppet installed on your workstation. If a
# local copy of the `puppet' program is not available, and you know what
# you are doing, you may bypass this hook script at your own peril with:
#
# $ git config anchor.im_a_puppet_master true
#
# or, for a once-off display of intrepidity, `git commit --no-verify'.
derp() {
echo "[$(basename ${0})] ${@}"
exit 1
}
if git rev-parse --verify HEAD >/dev/null 2>&1; then
against=HEAD
else
# Initial commit: diff against an empty tree object
against=4b825dc642cb6eb9a060e54bf8d69288fbee4904
fi
if [ "$(git config anchor.im_a_puppet_master)" = 'true' ]; then
# User has opted out of manifest verification
exit 0
fi
if which puppet >/dev/null 2>&1; then
# Find the root of the Git repository. The paths `git diff' spits
# out will be relative to this root.
OLD_PWD="$PWD"
while [ \! -d .git ]; do
if [ "$PWD" = "/" ]; then
cd "$OLD_PWD"
derp "I could not find the root of your Git repo."
fi
cd ..
done
IFS='
'
boned=0
for MANIFEST in $(git diff --cached --name-only --diff-filter=AM \
$against | grep '\.pp$'); do
puppet --parseonly "$MANIFEST" || boned=1
done
cd "$OLD_PWD"
if [ $boned -ne 0 ]; then
derp "Aborting on broken manifest. See feedback above."
fi
else
cat - <<EOF
Hey! You don't have Puppet installed on your workstation!
Installing Puppet will allow me to automatically check your work for
common typographical errors. Without this check, your (potentially)
broken manifests will make it out into the wild. You will be left to
waste your own time following-up with a correction, a new commit, and
another roll-out.
If you would like to proceed anyway, punch this into your shell, and
commit again:
git config anchor.im_a_puppet_master true
EOF
derp "Aborting your commit because I could not find puppet."
fi