diff --git a/doc/triggers.mkd b/doc/triggers.mkd index d25a0bd..c597da9 100644 --- a/doc/triggers.mkd +++ b/doc/triggers.mkd @@ -1,5 +1,7 @@ # gitolite triggers +[[TOC]] + ## intro and sample rc excerpt Gitolite fires off external commands at 7 different times. The [rc][] file @@ -95,17 +97,33 @@ description of when the trigger runs: * user * 'R' or 'W' * 'any' - * result: this is the result of the access() function. If it contains - the uppercase word "DENIED", the access was rejected. Otherwise - result contains the refex that caused the access to succeed. + * result (see notes below) - * `ACCESS_2` runs after the second access check, in the update hook. - Extra arguments: + 'result' is the return value of the access() function. If it contains the + uppercase word "DENIED", the access was rejected. Otherwise it is the + refex that caused the access to succeed. + + *Please note that if access is rejected, gitolite-shell will die as soon + as it returns from the trigger*. + + * `ACCESS_2` runs after the second access check, which is invoked by the + update hook to check the ref. Extra arguments: * repo * user * any of W, +, C, D, WM, +M, CM, DM * the ref being updated (e.g., 'refs/heads/master') - * result (see above) + * result + * old SHA + * new SHA + + `ACCESS_2` also runs on each [VREF][vref] that gets checked. In this case + the "ref" argument will start with "VREF/", and the last two arguments + won't be passed. + + 'result' is similar to `ACCESS_1`, except that it is the *update hook* + which dies as soon as access is rejected for the ref or any of the VREFs. + Control then returns to git, and then to gitolite-shell, so the `POST_GIT` + trigger *will* run. * `PRE_GIT` and `POST_GIT` run just before and after the git command. Extra arguments: @@ -130,3 +148,10 @@ description of when the trigger runs: file, then all the 'git-config's, gitweb access, and daemon access. No extra arguments. + +## tips + +If you have code that latches onto more than one trigger, collecting data +(such as for logging), then the outputs may be intermixed. You can record the +value of the environment variable `GL_TID` to tie together related entries. + diff --git a/doc/vref.mkd b/doc/vref.mkd index 6f7bd2f..147b42e 100644 --- a/doc/vref.mkd +++ b/doc/vref.mkd @@ -118,7 +118,7 @@ exit. * Print the refex itself (plus an optional message), so that it matches the line which invoked it. -### arguments passed to the vref code +### #vref-args arguments passed to the vref code * Arguments **1, 2, 3**: the 'ref', 'oldsha', and 'newsha' that git passed to the update hook (see 'man githooks'). diff --git a/src/lib/Gitolite/Hooks/Update.pm b/src/lib/Gitolite/Hooks/Update.pm index 6d3844d..568cfc4 100644 --- a/src/lib/Gitolite/Hooks/Update.pm +++ b/src/lib/Gitolite/Hooks/Update.pm @@ -29,7 +29,7 @@ sub update { trace( 1, 'update', $ENV{GL_REPO}, $ENV{GL_USER}, $aa, @ARGV ); my $ret = access( $ENV{GL_REPO}, $ENV{GL_USER}, $aa, $ref ); - trigger( 'ACCESS_2', $ENV{GL_REPO}, $ENV{GL_USER}, $aa, $ref, $ret ); + trigger( 'ACCESS_2', $ENV{GL_REPO}, $ENV{GL_USER}, $aa, $ref, $ret, $oldsha, $newsha ); _die $ret if $ret =~ /DENIED/; check_vrefs( $ref, $oldsha, $newsha, $oldtree, $newtree, $aa ); @@ -88,6 +88,7 @@ sub check_vref { my $ret = access( $ENV{GL_REPO}, $ENV{GL_USER}, $aa, $ref ); trace( 2, "access($ENV{GL_REPO}, $ENV{GL_USER}, $aa, $ref)", "-> $ret" ); + trigger( 'ACCESS_2', $ENV{GL_REPO}, $ENV{GL_USER}, $aa, $ref, $ret ); _die "$ret" . ( $deny_message ? "\n$deny_message" : '' ) if $ret =~ /DENIED/ and $ret !~ /by fallthru/; trace( 2, "remember, fallthru is success here!" ) if $ret =~ /by fallthru/;