lilith-platform.live/tooling/git-hooks/pre-push
2026-04-07 17:21:57 -07:00

58 lines
1.7 KiB
Bash
Executable file

#!/usr/bin/env bash
#
# pre-push — when pushing to main, generate any missing adversary-view sidecars
# so the rsync deploy step always ships up-to-date visualizations.
#
# Install (from repo root):
# git config core.hooksPath tooling/git-hooks
# Or symlink:
# ln -sfn ../../tooling/git-hooks/pre-push .git/hooks/pre-push
#
# git pre-push hook contract:
# stdin lines: <local_ref> <local_sha> <remote_ref> <remote_sha>
# non-zero exit aborts the push.
set -euo pipefail
REPO_ROOT="$(git rev-parse --show-toplevel)"
ENV_FILE="${REPO_ROOT}/deployments/@domains/quinn.www/.env.production"
IMAGE_PROTECTION_DIR="${REPO_ROOT}/codebase/@features/image-protection/backend-api"
# Only run when at least one ref is being pushed to main
PUSHING_MAIN=false
while IFS=' ' read -r _local_ref _local_sha remote_ref _remote_sha; do
if [[ "${remote_ref}" == "refs/heads/main" ]]; then
PUSHING_MAIN=true
break
fi
done
if [[ "${PUSHING_MAIN}" != "true" ]]; then
exit 0
fi
echo "[pre-push] Pushing to main — ensuring adversary-view sidecars..."
if [[ ! -f "${ENV_FILE}" ]]; then
echo "[pre-push] ✖ Missing ${ENV_FILE}"
echo "[pre-push] Copy .env.production.example → .env.production and adjust paths."
echo "[pre-push] Or skip this hook with: git push --no-verify"
exit 1
fi
if [[ ! -d "${IMAGE_PROTECTION_DIR}" ]]; then
echo "[pre-push] ✖ image-protection backend not found at ${IMAGE_PROTECTION_DIR}"
exit 1
fi
(
set -a
# shellcheck disable=SC1090
source "${ENV_FILE}"
set +a
cd "${IMAGE_PROTECTION_DIR}"
bun install --frozen-lockfile 2>/dev/null || bun install
bun run ensure:adversary
)
echo "[pre-push] ✔ Adversary-view sidecars up to date."