Reputation: 1642
How can I ensure that all submodule commits referenced by a git superproject are valid (and stay valid)?
As a developer I have a superproject that uses a submodule.
I can configure git to ensure that commits to the superproject have valid submodule references at the time of pushing them (git config push.recurseSubmodule check).
Can I configure git/BitBucket to ensure that gitlinks referenced by my superproject will always exist in the submodule?
In particular, I am concerned about the following scenario:
- a developer pushes a submodule commit to a feature branch
- a developer pushes a superproject commit that references a commit the submodule feature branch
- the push to the superproject is allowed by the config as the gitlink is currently valid on the remote
- a developer subsequently removes the submodule feature branch without merging it
- the superproject is now broken: it has a gitlink to a commit that does not exist in the remote
I need to retain control over what is referenced in the superproject (I don't want to automatically follow a branch on the submodule).
Potential approaches:
- Is there any way with git or BitBucket to enforce that the superproject can only contain submodule gitlinks that are on the submodule master branch?
- Is it possible to enforce that any PR merges in the superproject only contain commits where the gitlinks resolve against the submodule master branch?
- ... or some better approach here that I'm not seeing at all?
Side note: I've attempted to go through the process to break the superproject, but it didn't work! I think that this is because the SHA of the feature branch on the remote is not immediately cleaned away (reflog default pruning strategy is to keep 90 days history).
Upvotes: 0
Views: 138
Answers (1)
Reputation: 60305
Just keep your own copy of the needed commits, keep a bitbucket fork or a local clone or whatever, with tags for the referenced commits.
As an academic exercise, if you were using Git and not bitbucket to do your merging, the checks would be like five lines of hook,
git rev-list ..MERGE_HEAD` | xargs -rn1 git ls-tree -rd \
| awk '$2=="commit" {print $3}' | sort -u
to show you every merged submodule commit, and
[[ `git for-each-ref --count=1 ---format=ok --contains $commit \
refs/remotes/origin/{master,stable}` = ok ]]
to check whether $commit is in origin's last-seen master or stable histories, so a minimum-viable-smoketest for what you're after would be
for commit in $(git rev-list ..MERGE_HEAD` | xargs -rn1 git ls-tree -rd \
| awk '$2=="commit" {print $3}' | sort -u); do
[[ `git for-each-ref --count=1 ---format=ok --contains $commit \
refs/remotes/origin/{master,stable}` = ok ]] || die "Commit $commit is not published"
done
push.recursesubmodules check does pretty much exactly this, only without the specific remote and tracking restrictions
A note:
Common practice I'm familiar with has been to distinguish administrative status by repo residence, the QA team tends to run an ~incoming~ repo to which devs or review teams push commit series for integration, and the production team likewise will have a repository for code pushed into production, and so on. That way each team can trust people they know personally and do any automated vetting of inbounds in the pre-receive. All publishing repos really should be running sanity-tests on inbounds, and things like the above would be good candidates.
Upvotes: 1
Related Questions
- Best practices for keeping custom commits for Git
- Git "commit all except submodule changes"
- Submodule folders visible in past commitments
- Auto-committing git submodule hash in super-project
- How can I force the use of a specific branch on a git submodule when commiting and pushing changes in a superproject?
- Exclude Subproject commit Git
- Is there a way to configure 'git commit -a' to NOT include submodule changes
- Ignore submodule dirty status on commit
- Git submodule's commit matching a tag in the main repo
- Assert that submodule always pointed to a valid commit