Enabling syntax checking for puppet via a git update hook

Thu Jun 25 03:06:34 UTC 2009

I was talking with Ricky on IRC about enabling some syntax checking
for puppet *.pp files in a git update hook for the infra puppet repo.
The goal would be to help catch typos before they ever get pushed into
the main /git/puppet repository.

I've tested this a bit on puppet1 with local repos and it appears to
work well.  But obviously, we'd want to enable this when there were
plenty of folks around to revert it should it cause and prevent work
from getting done.

While testing, I noticed that the update hook in /git/puppet is pretty
much identical to the fedora-git-commit-mail-hook in use on hosted.
Perhaps we'd want to be guinea pigs for converting from that older
update hook to the more current update hook and have mail
notifications handled via the post-receive-email hook?  That would
allow us to work out any issues before we enable that on hosted.

I think we would probably want to make this change first, ensure it
doesn't cause any problems, and then add the puppet syntax checking to
the update hook.

Assuming we make the above changes and use the post-receive-email hook
for mail notification, the changes I'd like to make to the current
git-1.5.5.6 update hook to enable puppet syntax checking are:

--- /usr/share/git-core/templates/hooks/update	2008-12-20 06:10:22.000000000 +0000
+++ /home/fedora/tmz/puppet.git/hooks/update	2009-06-25 01:34:14.000000000 +0000
@@ -103,5 +103,40 @@
 		;;
 esac
 
+# Check syntax of puppet files
+# Taken from http://reductivelabs.com/trac/puppet/wiki/PuppetVersionControl
+
+check="puppet --color=false --confdir=/tmp --vardir=/tmp --parseonly --ignoreimport"
+tmp=$(mktemp /tmp/git.update.XXXXXX)
+log=$(mktemp /tmp/git.update.log.XXXXXX)
+tree=$(mktemp /tmp/git.diff-tree.XXXXXX)
+
+git diff-tree -r "$2" "$3" > $tree
+
+exit_status=0
+
+while read old_mode new_mode old_sha1 new_sha1 status name
+do
+    # skip lines showing parent commit
+    test -z "$new_sha1" && continue
+    # Only test .pp files
+    if [[ $name =~ [.]pp$ ]]
+    then
+        git cat-file blob $new_sha1 > $tmp
+        set -o pipefail
+        $check $tmp 2>&1 | sed "s|/tmp/git.update.*:\([0-9]*\)$|${name}:\1|" > $log
+        if [[ $? != 0 ]]
+        then
+            echo
+            cat $log >&2
+            echo -e "For details run: git diff ${old_sha1:0:7} ${new_sha1:0:7}" >&2
+            echo
+            exit_status=1
+        fi
+    fi
+done < $tree
+
+rm -f $log $tmp $tree
+
 # --- Finished
-exit 0
+exit $exit_status

When pushing an update with a syntax errors, the output looks like
this:

$ git push ~/puppet.git test-hooks 
Counting objects: 14, done.
Compressing objects: 100% (9/9), done.
Writing objects: 100% (9/9), 767 bytes, done.
Total 9 (delta 7), reused 0 (delta 0)
Unpacking objects: 100% (9/9), done.

err: Could not parse for environment production: Syntax error at 'source'; expected '}' at manifests/filetypes/standard.pp:11
For details run: git diff 3d15e34 d71d226


err: Could not parse for environment production: Syntax error at 'group'; expected '}' at manifests/site.pp:12
For details run: git diff 22d6265 62e516f

error: hooks/update exited with error code 1
error: hook declined to update refs/heads/test-hooks
To /home/fedora/tmz/puppet.git
 ! [remote rejected] test-hooks -> test-hooks (hook declined)
error: failed to push some refs to '/home/fedora/tmz/puppet.git'

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Nothing is wrong with California that a rise in the ocean level
wouldn't cure.
    -- Ross MacDonald (1915-1983)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-infrastructure-list/attachments/20090624/cbad7686/attachment.sig>
