phorge-phorge/src/docs/user/userguide/diffusion_hooks.diviner

@title Diffusion User Guide: Commit Hooks
@group userguide

Guide to commit hooks in hosted repositories.

= Overview =

Phabricator installs pre-receive/pre-commit hooks in hosted repositories
automatically. They enforce a few rules automatically (like preventing
dangerous changes unless a repository is configured to allow them). They can
also enforce more complex rules via Herald, using the "Commit Hook:
Branches/Tags/Bookmarks" and "Commit Hook: Commit Content" rule types.

Herald rules are flexible, and can express many of the most common hooks that
are often installed on repositories (like protecting branches, restricting
access to repositories, and requiring review).

However, if Herald isn't powerful enough to enforce everything you want to
check, you can install additional custom hooks. These work mostly like normal
hooks, but with a few differences.

= Installing Custom Hooks =

With hosted repositories, you can install hooks by dropping them into the
relevant directory of the repository on disk:

  - **SVN** Put hooks in `hooks/pre-commit-phabricator.d/`.
  - **Git** Put hooks in `hooks/pre-receive-phabricator.d/`.
  - **Mercurial** Phabricator does not currently support custom hooks in
    Mercurial.

These hooks act like normal `pre-commit` or `pre-receive` hooks:

  - Executables in these directories will be run one at a time, in alphabetical
    order.
  - They'll be passed the arguments and environment that normal hooks are
    passed.
  - They should emit output and return codes like normal hooks do.
  - These hooks will run only after all the Herald rules have passed and
    Phabricator is otherwise ready to accept the commit or push.

These additional variables will be available in the environment, in addition
to the variables the VCS normally provides:

  - `PHABRICATOR_REPOSITORY` The callsign of the repository the hook is
    executing for.
  - `PHABRICATOR_USER` The Phabricator username that the session is
    authenticated under.
  - `PHABRICATOR_REMOTE_ADDRESS` The connection's remote address (that is,
    the IP address of whoever is pushing or committing).
  - `PHABRICATOR_REMOTE_PROTOCOL` The protocol the connection is using (for
    example, "ssh" or "http").
Update repository hosting documentation for all the issues users have hit Summary: Ref T4151. Addresses these issues: - Mentions `diffusion.ssh-user`. - Mentions `/etc/shadow` and `!!`. - Mentions `/etc/passwd` and shell. - Mentions `sshd -d -d -d`. - Mentions `Defaults requiretty`. - Adds `AllowUsers` to default configuration. - Mentions `sudo -E ...` as a troubleshooting step. - Mentions multiple VCS binaries. - Fixes `sshd` paths to be absolute. - Fixes example path in `sshd_config` template. - Mentions `GIT_CURL_VERBOSE`. - Walks users through cloning. - Adds documentation for custom hooks. - Mentions that only `daemon-user` interacts with repositories. - Added general troubleshooting guide. I didn't fix these: - Weird one-time issue with `sudoers.d/`. We tell you to edit `/etc/sudoers` directly anyway. - Insane `#includedir` magic, as above. - Confusion around `vcs-user` for HTTP, since I think this is fairly clear. - Confusion around parent directory permissions -- not sure about this one, `sshd` normally runs as root? I added an `ssh-shell` as a safer alternative to `/bin/sh`. I need to test this a bit more. Test Plan: - Read documentation. - Will test `ssh-shell`. Reviewers: btrahan, chad Reviewed By: chad Subscribers: bluehawk, mbishopim3, epriestley Maniphest Tasks: T4151 Differential Revision: https://secure.phabricator.com/D8586 2014-03-26 14:44:18 +01:00			`@title Diffusion User Guide: Commit Hooks`
			`@group userguide`

			`Guide to commit hooks in hosted repositories.`

			`= Overview =`

			`Phabricator installs pre-receive/pre-commit hooks in hosted repositories`
			`automatically. They enforce a few rules automatically (like preventing`
			`dangerous changes unless a repository is configured to allow them). They can`
			`also enforce more complex rules via Herald, using the "Commit Hook:`
			`Branches/Tags/Bookmarks" and "Commit Hook: Commit Content" rule types.`

			`Herald rules are flexible, and can express many of the most common hooks that`
			`are often installed on repositories (like protecting branches, restricting`
			`access to repositories, and requiring review).`

			`However, if Herald isn't powerful enough to enforce everything you want to`
			`check, you can install additional custom hooks. These work mostly like normal`
			`hooks, but with a few differences.`

			`= Installing Custom Hooks =`

			`With hosted repositories, you can install hooks by dropping them into the`
			`relevant directory of the repository on disk:`

			- SVN Put hooks in `hooks/pre-commit-phabricator.d/`.
			- Git Put hooks in `hooks/pre-receive-phabricator.d/`.
			`- Mercurial Phabricator does not currently support custom hooks in`
			`Mercurial.`

			These hooks act like normal `pre-commit` or `pre-receive` hooks:

			`- Executables in these directories will be run one at a time, in alphabetical`
			`order.`
			`- They'll be passed the arguments and environment that normal hooks are`
			`passed.`
			`- They should emit output and return codes like normal hooks do.`
			`- These hooks will run only after all the Herald rules have passed and`
			`Phabricator is otherwise ready to accept the commit or push.`

			`These additional variables will be available in the environment, in addition`
			`to the variables the VCS normally provides:`

			- `PHABRICATOR_REPOSITORY` The callsign of the repository the hook is
			`executing for.`
			- `PHABRICATOR_USER` The Phabricator username that the session is
			`authenticated under.`
			- `PHABRICATOR_REMOTE_ADDRESS` The connection's remote address (that is,
			`the IP address of whoever is pushing or committing).`
			- `PHABRICATOR_REMOTE_PROTOCOL` The protocol the connection is using (for
			`example, "ssh" or "http").`