revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-01-07 13:21:02 +01:00
Code Issues Releases Wiki Activity
phorge-phorge/src/docs/user/userguide/diffusion_hooks.diviner
epriestley 2e0301d647 Update repository hosting documentation for all the issues users have hit 
Summary:
Ref T4151. Addresses these issues:

  - Mentions `diffusion.ssh-user`.
  - Mentions `/etc/shadow` and `!!`.
  - Mentions `/etc/passwd` and shell.
  - Mentions `sshd -d -d -d`.
  - Mentions `Defaults requiretty`.
  - Adds `AllowUsers` to default configuration.
  - Mentions `sudo -E ...` as a troubleshooting step.
  - Mentions multiple VCS binaries.
  - Fixes `sshd` paths to be absolute.
  - Fixes example path in `sshd_config` template.
  - Mentions `GIT_CURL_VERBOSE`.
  - Walks users through cloning.
  - Adds documentation for custom hooks.
  - Mentions that only `daemon-user` interacts with repositories.
  - Added general troubleshooting guide.

I didn't fix these:

  - Weird one-time issue with `sudoers.d/`. We tell you to edit `/etc/sudoers` directly anyway.
  - Insane `#includedir` magic, as above.
  - Confusion around `vcs-user` for HTTP, since I think this is fairly clear.
  - Confusion around parent directory permissions -- not sure about this one, `sshd` normally runs as root?

I added an `ssh-shell` as a safer alternative to `/bin/sh`. I need to test this a bit more.

Test Plan:
  - Read documentation.
  - Will test `ssh-shell`.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: bluehawk, mbishopim3, epriestley

Maniphest Tasks: T4151

Differential Revision: https://secure.phabricator.com/D8586
2014-03-26 06:44:18 -07:00

52 lines
2.2 KiB
Text
Raw Blame History

@title Diffusion User Guide: Commit Hooks
@group userguide
Guide to commit hooks in hosted repositories.
= Overview =
Phabricator installs pre-receive/pre-commit hooks in hosted repositories
automatically. They enforce a few rules automatically (like preventing
dangerous changes unless a repository is configured to allow them). They can
also enforce more complex rules via Herald, using the "Commit Hook:
Branches/Tags/Bookmarks" and "Commit Hook: Commit Content" rule types.
Herald rules are flexible, and can express many of the most common hooks that
are often installed on repositories (like protecting branches, restricting
access to repositories, and requiring review).
However, if Herald isn't powerful enough to enforce everything you want to
check, you can install additional custom hooks. These work mostly like normal
hooks, but with a few differences.
= Installing Custom Hooks =
With hosted repositories, you can install hooks by dropping them into the
relevant directory of the repository on disk:
- **SVN** Put hooks in `hooks/pre-commit-phabricator.d/`.
- **Git** Put hooks in `hooks/pre-receive-phabricator.d/`.
- **Mercurial** Phabricator does not currently support custom hooks in
Mercurial.
These hooks act like normal `pre-commit` or `pre-receive` hooks:
- Executables in these directories will be run one at a time, in alphabetical
order.
- They'll be passed the arguments and environment that normal hooks are
passed.
- They should emit output and return codes like normal hooks do.
- These hooks will run only after all the Herald rules have passed and
Phabricator is otherwise ready to accept the commit or push.
These additional variables will be available in the environment, in addition
to the variables the VCS normally provides:
- `PHABRICATOR_REPOSITORY` The callsign of the repository the hook is
executing for.
- `PHABRICATOR_USER` The Phabricator username that the session is
authenticated under.
- `PHABRICATOR_REMOTE_ADDRESS` The connection's remote address (that is,
the IP address of whoever is pushing or committing).
- `PHABRICATOR_REMOTE_PROTOCOL` The protocol the connection is using (for
example, "ssh" or "http").
View git blame Copy permalink