espressif/esp-idf-sbom
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf-sbom.git synced 2025-08-06 15:18:59 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
esp-idf-sbom/.pre-commit-hooks.yaml
Frantisek Hrbata e8e56d6cfd fix: skip manifest validation in pre-commit if a git rebase is in progress 
Currently, manifest validation is initiated in the post-commit git-hook
using the pre-commit tool. Unfortunately, the post-commit git-hook
cannot be easily bypassed with the --no-verify option and runs during
each commit in a rebase, which can be annoying and time-consuming for
larger rebases. The process can be sped up by skipping the check if a
rebase is in progress. This introduces a new option --skip-on-rebase,
which is used only when manifest validation is started through
pre-commit and skips the validation. This makes the process about five
times faster, though still slower than when the hook is completely
disabled due to the time required to spawn pre-commit and esp-idf-sbom.

If needed, the post-commit hook can be temporarily disabled with:

pre-commit uninstall -t pre-commit or chmod -x .git/hooks/post-commit

Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
2024-09-05 11:20:38 +02:00

23 lines
1.2 KiB
YAML
Raw Permalink Blame History

- id: validate-sbom-manifest
name: Validate ESP-IDF SBOM Manifest Files
description: This hook validates ESP-IDF SBOM Manifest files
entry: python -m esp_idf_sbom --no-progress manifest validate --skip-on-rebase
language: python
stages: [post-commit]
# Always run against the whole repository, ignoring any files
# passed in by pre-commit. While we can limit this to manifest
# files only, e.g. sbom.yml, idf_component.yml or .gitmodules,
# it would not properly handle submodule updates. For example
# if submodule is updated, we want to make sure that the sbom
# information in .gitmodules is updated too and that the hash
# recorded in .gitmodules is updated. Meaning submodule update
# would not trigger this plugin, because no manifest was changed.
# There could also be a problem with referenced manifests, which
# do not have any fixed names. This could be probably handled by
# checking all modified yml files, even if they are not manifest
# files for sbom. So to be on the safe path, let's just check
# all possible manifest files explicitly every time this plugin
# is used. It's quite fast and hopefully should not cause any problems.
files: '^$'
always_run: True
Reference in New Issue View Git Blame Copy Permalink