Enabling syntax checking for puppet via a git update hook

Mike McGrath mmcgrath at redhat.com
Thu Jun 25 06:15:01 UTC 2009 

On Wed, 24 Jun 2009, Todd Zullinger wrote:

> I was talking with Ricky on IRC about enabling some syntax checking
> for puppet *.pp files in a git update hook for the infra puppet repo.
> The goal would be to help catch typos before they ever get pushed into
> the main /git/puppet repository.
>
> I've tested this a bit on puppet1 with local repos and it appears to
> work well.  But obviously, we'd want to enable this when there were
> plenty of folks around to revert it should it cause and prevent work
> from getting done.
>
> While testing, I noticed that the update hook in /git/puppet is pretty
> much identical to the fedora-git-commit-mail-hook in use on hosted.
> Perhaps we'd want to be guinea pigs for converting from that older
> update hook to the more current update hook and have mail
> notifications handled via the post-receive-email hook?  That would
> allow us to work out any issues before we enable that on hosted.
>
> I think we would probably want to make this change first, ensure it
> doesn't cause any problems, and then add the puppet syntax checking to
> the update hook.
>
> Assuming we make the above changes and use the post-receive-email hook
> for mail notification, the changes I'd like to make to the current
> git-1.5.5.6 update hook to enable puppet syntax checking are:
>

I'll take a look at this tomorrow, we've got a git check in there now that
does a syntax and notify.  I think the only reason it prevents commits is
because I didn't know how to do that :)  so all it does is throw errors.

Here's the only got'cha.  We mix a private and public repo together.  IE:
in our public repo we reference $someDbPassword, and then in the private
repo we create that password.  The only time they're together is after a
push has happened.  Does this account for that?  Does that problem not
even exist anymore?

	-Mike


> --- /usr/share/git-core/templates/hooks/update	2008-12-20 06:10:22.000000000 +0000
> +++ /home/fedora/tmz/puppet.git/hooks/update	2009-06-25 01:34:14.000000000 +0000
> @@ -103,5 +103,40 @@
>  		;;
>  esac
>
> +# Check syntax of puppet files
> +# Taken from http://reductivelabs.com/trac/puppet/wiki/PuppetVersionControl
> +
> +check="puppet --color=false --confdir=/tmp --vardir=/tmp --parseonly --ignoreimport"
> +tmp=$(mktemp /tmp/git.update.XXXXXX)
> +log=$(mktemp /tmp/git.update.log.XXXXXX)
> +tree=$(mktemp /tmp/git.diff-tree.XXXXXX)
> +
> +git diff-tree -r "$2" "$3" > $tree
> +
> +exit_status=0
> +
> +while read old_mode new_mode old_sha1 new_sha1 status name
> +do
> +    # skip lines showing parent commit
> +    test -z "$new_sha1" && continue
> +    # Only test .pp files
> +    if [[ $name =~ [.]pp$ ]]
> +    then
> +        git cat-file blob $new_sha1 > $tmp
> +        set -o pipefail
> +        $check $tmp 2>&1 | sed "s|/tmp/git.update.*:\([0-9]*\)$|${name}:\1|" > $log
> +        if [[ $? != 0 ]]
> +        then
> +            echo
> +            cat $log >&2
> +            echo -e "For details run: git diff ${old_sha1:0:7} ${new_sha1:0:7}" >&2
> +            echo
> +            exit_status=1
> +        fi
> +    fi
> +done < $tree
> +
> +rm -f $log $tmp $tree
> +
>  # --- Finished
> -exit 0
> +exit $exit_status
>
> When pushing an update with a syntax errors, the output looks like
> this:
>
> $ git push ~/puppet.git test-hooks
> Counting objects: 14, done.
> Compressing objects: 100% (9/9), done.
> Writing objects: 100% (9/9), 767 bytes, done.
> Total 9 (delta 7), reused 0 (delta 0)
> Unpacking objects: 100% (9/9), done.
>
> err: Could not parse for environment production: Syntax error at 'source'; expected '}' at manifests/filetypes/standard.pp:11
> For details run: git diff 3d15e34 d71d226
>
>
> err: Could not parse for environment production: Syntax error at 'group'; expected '}' at manifests/site.pp:12
> For details run: git diff 22d6265 62e516f
>
> error: hooks/update exited with error code 1
> error: hook declined to update refs/heads/test-hooks
> To /home/fedora/tmz/puppet.git
>  ! [remote rejected] test-hooks -> test-hooks (hook declined)
> error: failed to push some refs to '/home/fedora/tmz/puppet.git'
>
> --
> Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Nothing is wrong with California that a rise in the ocean level
> wouldn't cure.
>     -- Ross MacDonald (1915-1983)
>
>

More information about the Fedora-infrastructure-list mailing list