later on Git administrators can deploy custom code to validate incoming references as a pre-receive hook

This is a first step towards the execution of untrusted code provided by the users as described in this blogpost.

• an hidden command is created tuleap git:pre-receive-analyze, this command expects the same input than Git pre-receive hook
• when this command is called with the appropriate arguments, it either exit without any output with the exit code 0 if everything is expected or with a message and an exit code 1 if the objects should have been rejected
• to verify if the objects are "valid", custom code provided as a WASM module is called
• there is no way to upload a WASM module at this time, the files must be put at a specific path on the filesystem

• we do not expect the WASM module to do some direct interactions with the Git repository (no I/O at this point), Tuleap will give per-processed information to the WASM modules, it could be something like this:

{
    "refname": "<given_refname>",
    "objects": [
        {"type": "<type of object as given by git cat-file -t <ref>>", "content": "<content of the object as given by git cat-file <type> <ref>>"},
        ...
    ]
}

• when everything if fine the WASM module should return

{"rejection_message": null}

• when rejecting something the WASM module should return

{"rejection_message": "some string explaining why this should be rejected"}

• WASM modules needs to be put under /var/lib/tuleap/wasm/git/pre-receive-<repository_id>.wasm to be found
• parts of the infrastructure loading and executing WASM code must be put in the Tuleap core (i.e. under src/common/), parts specific to Git must be put in the Git plugin