Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

  •  
     
    story #31077 deploy a WebAssembly module to validate incoming references as a pre-receive hook
Summary
Git administrator
deploy a WebAssembly module to validate incoming references as a pre-receive hook

new references pushed to a git repository can be validated on the spot by custom code (in the form of a WebAssembly module)

This is the continuation of story #28845, it consist of doing the same actions as the tuleap git:pre-receive-analyze command, but instead of performing the reference analysis retroactively, to do it right away when new references are pushed, like a Git pre-receive hook

  • a git pre-receive hook installed on every git repository is in charge of calling PHP code to check if a WASM module is setup for the repository where a push is happening, if that's the case it executes the WASM module
  • when a WASM module is executed, it either exits without any output with the exit code 0 if everything is expected or with a message and an exit code 1 if the objects should be rejected
  • If no module is setup for a repository the pre-receive hook systematically return 0 to accept the incoming changes
  • there is no way to upload a WASM module at this time, the files must be put at a specific path on the filesystem (/var/lib/tuleap/untrusted-code/git/pre-receive-hook/<repo-id>.wasm)
  • when all of the above is functional, the tuleap git:pre-receive-analyze is removed as this feature supersedes the command
Empty
Empty
Status
SCM/Git
Done
Development
  • [ ] Does it involves User Interface? 
  • [ ] Are there any mockups?
  • [ ] Are permissions checked?
  • [ ] Does it need Javascript development?
  • [ ] Does it need a forge upgrade bucket?
  • [ ] Does it need to execute things in system events?
  • [ ] Does it impact project creation (templates)?
  • [ ] Is it exploratory?
Empty
Details
#31077
Thomas Piras (tpiras)
2023-06-14 14:47
2023-02-17 10:22
32714

References
Referencing story #31077

Artifact

epic #31078 Run user defined validations on Git Commit
rel #31539 14.10
Display settings

Follow-ups

User avatar
Thomas Gerbet (tgerbet)2023-06-14 14:47

Closing this as all the points listed in the acceptance criteria have been dealt with. A new user story can be created to add the ability the repositories content in read only.

  • Status changed from On going to Done