Git::Hooks::CheckCommit - Git::Hooks plugin to enforce commit policies
version 1.10.0
This Git::Hooks plugin hooks itself to the hooks below to enforce commit policies.
This hook is invoked before a commit is made to check the author and committer identities.
This hook is invoked after a commit is made to check its signature. Note that the commit is checked after is has been made and any errors must be fixed with a
git-commit --amend
command afterwards.update
This hook is invoked multiple times in the remote repository during
git push
, once per branch being updated, to check if all commits being pushed comply.pre-receive
This hook is invoked once in the remote repository during
git push
, to check if all commits being pushed comply.ref-update
This hook is invoked when a push request is received by Gerrit Code Review, to check if all commits being pushed comply.
This hook is invoked when a push request is received by Gerrit Code Review for a virtual branch (refs/for/*), to check if all commits being pushed comply.
Projects using Git, probably more than projects using any other version control system, have a tradition of establishing policies on several aspects of commits, such as those relating to author and committer identities and commit signatures.
To enable this plugin you should add it to the githooks.plugin configuration option:
git config --add githooks.plugin CheckCommit
Git::Hooks::CheckCommit - Git::Hooks plugin to enforce commit policies.
The plugin is configured by the following git options. [!]REGEXP
This multi-valued option impose restrictions on the valid author and committer names using regular expressions.
The names must match at least one of the "positive" regular expressions (the ones not prefixed by "!") and they must not match any one of the negative regular expressions (the ones prefixed by "!").
This check is performed by the pre-commit
local hook. [!]REGEXP
This multi-valued option impose restrictions on the valid author and committer emails using regular expressions.
The emails must match at least one of the "positive" regular expressions (the ones not prefixed by "!") and they must not match any one of the negative regular expressions (the ones prefixed by "!").
This check is performed by the pre-commit
local hook. [01]
This option uses the Email::Valid module' address
method to validade author and committer email addresses.
These checks are performed by the pre-commit
local hook.
Note that the Email::Valid module isn't required to install Git::Hooks. If it's not found or if there's an error in the construction of the Email::Valid
object the check fails with a suitable message.
The Email::Valid
constructor (new) accepts some parameters. You can pass the boolean parameters to change their default values by means of the following sub-options. For more information, please consult the Email::Valid documentation. [01]
Specifies whether addresses should be checked for a valid DNS entry. The default is false. [01]
Specifies whether addresses should be checked for valid top level domains. The default is false. [01]
Species whether addresses must contain a fully qualified domain name (FQDN). The default is true. [01]
Specifies whether a "domain literal" is acceptable as the domain part. That means addresses like: rjbs@[]
. The default is true.
githooks.checkcommit.canonical MAILMAP
This option requires the use of cannonical names and emails for authors and committers, as configured in a MAILMAP file and checked by the git-check-mailmap
command. Please, read that command's documentation to know how to configure a mailmap file for name and email canonicalization.
This check is only able to detect known non-canonical names and emails that are converted to their canonical forms by the git-check-mailmap
command. This means that if an unknown email is used it won't be considered an error.
Note that the git-check-mailmap
command is available since Git 1.8.4. Older Gits don't have it and Git::Hooks will complain accordingly.
Note that you should not have Git configured to use a default mailmap file, either by placing one named .mailmap at the top level of the repository or by setting the configuration options mailmap.file
and mailmap.blob
. That's because if Git is configured to use a mailmap it will convert non-canonical to canonical names and emails before passing them to the hooks. This will invoke git-check-mailmap
using the -c
option to temporarily configure it to use the MAILMAP file.
These checks are performed by the pre-commit
local hook.
githooks.checkcommit.signature {nocheck|optional|good|trusted}
This option allows one to check commit signatures according to these values:
By default, or if this value is specified, no check is performed. This value is useful to disable checks in a repository when they are enabled globally.
This value does not require commits to be signed but if they are their signatures must be valid (i.e. good or untrusted, but not bad).
This value requires that all commits be signed with good signatures.
This value requires that all commits be signed with good and trusted signatures.
This check is performed by the post-commit
local hook.
Email::Valid Module used to check validity of email addresses.
A Git Horror Story: Repository Integrity With Signed Commits
Gustavo L. de M. Chaves <>
This software is copyright (c) 2015 by CPqD <>.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.