-
Notifications
You must be signed in to change notification settings - Fork 140
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add pre-commit configuration that catches common issues with preference manifests #495
Conversation
Elliot, this is great; lots of ground covered there. Would you mind if we embed I'm finding it hard getting over the script being on a separate repository, both from security and flexibility standpoints. What do you think? |
I wouldn't recommend that, for two reasons:
The pre-commit framework itself does all the work of checking out the correct repositories at the correct |
@relgit are you OK with the changes here given the most recent comments? |
Tags can be reassigned so I'd like to see Also, I have two more questions because otherwise that would be too easy -
|
I adjusted the PR to use a frozen commit hash per your request: bd607b5 Other hooks I've found beneficial for this type of repository (which includes primarily plist and python files) would include:
As the maintainer of the pre-commit-macadmin repo I'll be open to PRs adding checks for unofficial extensions or modifying existing checks. For the current hook, I've focused the checks around the most common issues I've seen in the wild (and made myself). |
Also worth saying: I'm not aware of any other large repository of preference manifest files, so feedback from the team maintaining this repo will be weighted heavily. Additional checks for the check-preference-manifests hook would likely be added somewhere in the |
After thinking it over, here's an alternative: you could create a new repository containing this pre-commit hook within the ProfileCreator GitHub organization. I'd be happy to contribute the necessary code to get started, but then you'd be on the hook for maintaining and fielding PRs (many probably from me). Does that appeal to you? |
@homebysix Know you're a busy guy, but wondered if a short web call might help clear up the desired changes and ensure that works for all contributing parties. I know I personally greatly appreciate your efforts here! |
Sure, I'm up for that! Let's coordinate on Slack. |
@homebysix the first option seems satisfactory to me especially now that You've got my 👍 |
Since @relgit 's concerns were addressed, I'm going to update our documentation for contributing to indicate how this is to be used. Once that's done and you give me 👍 on it @homebysix I'll merge this in. Thanks again for this! |
Let me know what you think: https://github.com/ProfileCreator/ProfileManifests/wiki/Contribute-to-an-Existing-Manifest |
I was testing how I could break the pre-commit hooks ... very impressed :) One thing I did discover is that while it will fail to let me commit if I remove the |
@homebysix Sorry meant to tag you on ^^ |
That's a worthwhile adjustment. I've created an issue here to track progress: homebysix/pre-commit-macadmin#54 |
I've added the requested For testing, I'll use this section of the MunkiReport.plist manifest, which includes
First, I removed the diff --git a/Manifests/ManagedPreferencesApplications/MunkiReport.plist b/Manifests/ManagedPreferencesApplications/MunkiReport.plist
index 8b0d588..8e81a59 100644
--- a/Manifests/ManagedPreferencesApplications/MunkiReport.plist
+++ b/Manifests/ManagedPreferencesApplications/MunkiReport.plist
@@ -140,8 +140,6 @@
<dict>
<key>pfm_description</key>
<string></string>
- <key>pfm_name</key>
- <string>{{key}}</string>
<key>pfm_title</key>
<string>MunkiReport Module</string>
<key>pfm_type</key> The hook fails as expected:
And if instead I remove the diff --git a/Manifests/ManagedPreferencesApplications/MunkiReport.plist b/Manifests/ManagedPreferencesApplications/MunkiReport.plist
index 8b0d588..ea2e7a8 100644
--- a/Manifests/ManagedPreferencesApplications/MunkiReport.plist
+++ b/Manifests/ManagedPreferencesApplications/MunkiReport.plist
@@ -144,8 +144,6 @@
<string>{{key}}</string>
<key>pfm_title</key>
<string>MunkiReport Module</string>
- <key>pfm_type</key>
- <string>string</string>
<key>pfm_value_placeholder</key>
<string>ex. localadmin</string>
</dict> The hook also fails as expected. (Note that
If I put both
|
Looks great! Can you review the wiki page I updated around the pre-commit install steps for contributing? If @relgit is ok with this will get this merged. |
Thanks so much for all your work on this, @homebysix :) |
Yes, this looks good. |
Summary
This PR adds a configuration used by the pre-commit framework, meant for catching common issues before they get committed and pushed. The configured
check-preference-manifests
hook is hosted in my pre-commit-macadmin repository, and the source code for the hook can be found here.Installation
Upon merging this PR, frequent contributors should be encouraged to do the following in order to use the pre-commit configuration.
From that point on, every commit will be checked automatically.
The hooks will not run unless the above actions are taken, so this PR will not affect automated processes or the GitHub Actions configuration.
Benefits
I've found pre-commit to be extremely helpful when managing repositories with large numbers of files in the same format (e.g. AutoPkg recipes, Munki pkginfo files, Python files, etc). I gave an introduction to pre-commit at this 2019 PSU MacAdmins session and in this post.
Here are a few examples of errors that my pre-commit hook can catch:
Plist syntax issues
A manifest with this syntax error:
Will produce this error when a commit attempt is made:
Missing required keys
A manifest with missing title, domain, or description keys at the top level:
Will produce this error when a commit attempt is made:
Incorrect manifest format version
A manifest with
pfm_format_version
other than1
:Will produce this error when a commit attempt is made:
Incorrect key types
A manifest with an incorrect key type:
Will produce this error when a commit attempt is made:
Incorrect list item types
A manifest with an incorrectly typed list item:
Will produce this error when a commit attempt is made:
Default value doesn't match setting type
A manifest with an incorrectly typed default item:
Will produce this error when a commit attempt is made:
Successful check output
When a commit is done and all tests pass, the output will look similar to this:
Forcing a check of all files
For troubleshooting or quality control purposes, you can initiate a check of all manifests using
pre-commit run --all-files
.Opting out per-commit
If you need to intentionally bypass the checks for a single commit, you can use
git commit -n
orgit commit --no-verify
.Hook contributions welcome
My pre-commit-macadmin repo is still evolving, and I'd love feedback and/or contributions if anybody is interested in adding more tests that manifest files should pass in order to be committed.