3

I need to set up a series of Gitlab hooks within a Docker image that will be triggered on pre-commit. I have a Docker file and a pre-commit-config.yaml which builds successfully with the exception of one hook which I cannot seem to get working.

.pre-commit-config.yaml

---
repos:
  - repo: local
    hooks:
      - id: check-merge-conflict
        name: Check for merge conflicts
        description: Check for files that contain merge conflict strings.
        entry: check-merge-conflict
        language: python
        types: [text]

      - id: epp-validate
        additional_dependencies: ['puppet']
        description: Validate syntax of Puppet EPP templates
        entry: /puppet-pre-commit-hooks/epp-validate
        files: \.epp$
        language: ruby
        name: Validate EPP templates

      - id: erb-validate
        description: Validate syntax of Ruby ERB templates
        entry: /puppet-pre-commit-hooks/erb-validate
        files: \.erb$
        language: ruby
        name: Validate ERB templates

      - id: puppet-lint
        additional_dependencies: ['puppet-lint']
        description: Check Puppet manifests for stylistic problems
        entry: /puppet-pre-commit-hooks/puppet-lint
        files: \.pp$
        language: ruby
        name: puppet-lint
        args:
          - --fail-on-warnings

      - id: puppet-validate
        additional_dependencies: ['puppet']
        description: Validate syntax of Puppet manifests
        entry: /puppet-pre-commit-hooks/puppet-validate
        files: \.pp$
        language: ruby
        name: Validate Puppet manifests

      - id: r10k-validate
        additional_dependencies: ['r10k']
        description: Validate syntax of Puppetfile using r10k
        entry: /puppet-pre-commit-hooks/r10k-validate
        files: ^Puppetfile$
        language: ruby
        name: Validate r10k Puppetfile

      - id: ruby-validate
        additional_dependencies: ['ruby']
        description: Validate syntax of ruby code
        entry: /puppet-pre-commit-hooks/ruby-validate
        files: \.rb$
        language: ruby
        name: Validate ruby syntax

I have had to set up the hooks as local hooks because the environment that this is being used on has an airgap which prevents access to the internet. To overcome this I have cloned some repos which have the appropriate hooks.

This builds successfully with the exception of the check-merge-conflict hook which it fails to find. In the docker container, the python code for this hook is located in /pre-commit-hooks/pre_commit_hooks/check_merge_commit.py.

I have tried amending the entry: value to '''/pre-commit-hooks/pre_commit_hooks/check_merge_commit pre_commit_hooks/check-merge-commit check_merge_commit'''

...but none of these worked.

Docker file

FROM ruby:2.5.0

SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN source ~/.profile
RUN curl https://pre-commit.com/install-local.py | python -
COPY pre-commit/.pre-commit-config.yaml .
RUN git clone https://github.com/pre-commit/pre-commit-hooks.git
RUN git clone https://github.com/chriskuehl/puppet-pre-commit-hooks.git
RUN git clone https://github.com/adrienverge/yamllint.git
WORKDIR /jumanjihouse
RUN git clone https://github.com/jumanjihouse/pre-commit-hooks.git
RUN rm -rf /jumanjihouse/pre-commit-hooks/.git* /yamllint/.git* /puppet-pre-commit-hooks/.git* /pre-commit-hooks/.git* /usr/local/lib/ruby/gems/2.5.0/gems/*/.git*
WORKDIR /
RUN git init
RUN /root/bin/pre-commit run -a

Does anyone know what I am missing/doing wrong?

The hook is from Github

anthony sottile
  • 61,815
  • 15
  • 148
  • 207
MmmmDonuts
  • 33
  • 1
  • 3
  • you mention you have an air gap but still clone from github -- can you use a normal configuration and run [`pre-commit install-hooks`](https://pre-commit.com/#pre-commit-install-hooks) inside your docker image? that way you can use that image across your air gap without needing to install anything at runtime – anthony sottile Jan 30 '20 at 19:56
  • No, I have to build the docker image outside of the system that will be using it and then transfer the docker image into the secured area. That allows me to clone into the image before it is handed over to the secured system. If that makes sense. – MmmmDonuts Jan 30 '20 at 20:12
  • yep! we do the same thing at lyft -- you can run `pre-commit install-hooks` outside with any normal configuration -- at runtime it won't use the network at all – anthony sottile Jan 30 '20 at 20:24
  • So if I put ```RUN /root/bin/pre-commit install-hooks``` That should work should it? Sorry if this is basic stuff but I'm pretty new to writing pipelines. – MmmmDonuts Jan 30 '20 at 20:32
  • yep! -- and go back to the original configuration (no need for `local` or manual cloning) – anthony sottile Jan 30 '20 at 20:32
  • You're a legend, Thanks Anthony, really appreciated. – MmmmDonuts Jan 30 '20 at 20:33
  • no problem, let me write some of this up in an answer which is more permanent – anthony sottile Jan 30 '20 at 20:34

1 Answers1

3

You shouldn't need to clone each repository manually and use local hooks in the way you're doing -- if you have clone access during build time you should be able to do the normal installation approach

To ensure all of the hooks are pre-installed, you'll want to run pre-commit install-hooks as one of the commands in your dockerfile

This will ensure that all of the hook executables are properly cached in your image and then will be available later when you run pre-commit run ...

disclaimer: I'm the author of pre-commit

anthony sottile
  • 61,815
  • 15
  • 148
  • 207