/watchdog

Watchdog allows to define custom hooks in YAML format. When attached to the official repository, some of these can serve as a way to enforce policy by rejecting certain commits or branches.

Primary LanguageGoGNU General Public License v3.0GPL-3.0

Watchdog - Git server-side custom hooks

Actions Status Codecov Go Report Card CII Best Practices

Watchdog allows to define custom hooks in YAML format. When attached to the official repository, some of these can serve as a way to enforce policy by rejecting certain commits or branches.

Example

version: "1.0.0"
hooks:
  - name: global
    rules:
      - type: branch
        conditions:
        - type: pattern
          condition: ^(develop|master|revert-[a-z0-9-]+)|(feature|release|hotfix)/[a-z0-9-]+
      - type: commit
        conditions:
        - type: email
          condition: (?m)^[a-zA-Z.\-]+@gmail.com$
        - type: length
          condition: lt 120
          rejection_message: Commit message longer than {{ .Operand }}
      - type: file
        conditions:
        - type: size
          condition: lt 1mb
        - type: extension
          condition: exe
      - type: security
        conditions:
        - type: secret
          skip: docs/.*|.*.json|tests/.*
      - type: tag
        conditions:
        - type: semver

Features

  • Accept or reject commits message
  • Check files size and extension
  • Scan for secrets
  • Check branch and tags names
  • JSON reporting
  • Public git repository scans

Installation

Please refer to Documentation

From source

$ go get -ldflags="-X github.com/groupe-edf/watchdog/internal/version.Version=$(cat VERSION)" github.com/groupe-edf/watchdog

Or

$ git clone https://github.com/groupe-edf/watchdog && cd watchdog
$ go install -ldflags="-X github.com/groupe-edf/watchdog/internal/version.Version=$(cat VERSION)"

Usage

First of all, you must create a .githooks.yml with some rules. See Configuration

Usage:
  watchdog [command]

Available Commands:
  analyze     Run analysis
  help        Help about any command
  version     Print the version number of watchdog

Flags:
      --auth-basic-token string       authentication token used to fetch remote repositories
      --concurrent int                concurrent worker used to run analysus
  -c, --config string                 path to watchdog configuration file
      --docs-link string              link to documentation
  -h, --help                          help for watchdog
  -f, --hook-file string              path to external .githooks.yml file
      --hook-input string             standard input <old-value> SP <new-value> SP <ref-name> LF
      --hook-type string              git server-side hook pre-receive, update or post-receive
      --logs-format string            logging level (default "json")
      --logs-level string             logging level (default "info")
      --logs-path string              path to logs (default "/var/log/watchdog/watchdog.log")
      --output string                 path to output file
      --output-format string          report format (default "text")
      --plugins-directory string      path to plugins directory (default "plugins")
      --profile                       collect the profile to hercules.pprof.
      --security.reveal-secrets int   full or partial reveal of secrets in report and logs
      --uri string                    path to working directory
      --verbose                       make the operation more talkative (default true)

Local git repository

$ watchdog analyze \
  --hook-file=".githooks.yml"

Remote git repository

$ watchdog analyze \
  --hook-file=".githooks.yml" \
  --uri="https://github.com/{group}/{repository}"

Roadmap

Watchdog roadmap uses Github milestones to track the progress of the project.

Contributing

We would love you to contribute to groupe-edf/watchdog, pull requests are welcome! Please see the CONTRIBUTING.md for more information.

License

The scripts and documentation in this project are released under the GPL License