docs(README): update pre-receive docs

GitGuardian · Oct 12, 2021 · 2bcccf2 · 2bcccf2
1 parent fb9d8ff
commit 2bcccf2
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 39 deletions.
diff --git a/README.md b/README.md
@@ -605,11 +605,11 @@ Now you're good to go!
 
 A pre-receive hook allows you to reject commits from being pushed to a git repository if they do not validate every check.
 
-You can find **ggshield**'s pre-receive hook samples in the [doc/pre-receive.sample](doc/pre-receive.sample) and [doc/pre-receive-python.sample](doc/pre-receive-python.sample).
+You can find **ggshield**'s pre-receive hook samples in the [doc/pre-receive.sample](doc/pre-receive.sample) and [doc/pre-receive-docker.sample](doc/pre-receive-docker.sample).
 
 **ggshield**'s pre-receive hook can be skipped if the developer passes the option `breakglass` to the git push.
 
-For this setting to work the remote must have push options enabled. (`git config receive.advertisePushOptions true`)
+For this setting to work the remote must have push options enabled. (`git config receive.advertisePushOptions true`).
 
 Examples:
 
@@ -618,13 +618,16 @@ $ git push -o breakglass
 $ git push --push-option=breakglass
 ```
 
-## Install ggshield git pre-receive hook locally
+## Install ggshield git pre-receive hook
 
-[**pre-receive-python.sample**](doc/pre-receive-python.sample)
+[**pre-receive.sample**](doc/pre-receive.sample)
 
 1. This pre-receive hook requires the host machine to have python>=3.8 and pip installed
 1. Install ggshield from pip: `pip install ggshield`
-1. Move `pre-receive-python.sample` to `.git/hooks/pre-receive`
+1. Move `pre-receive-python.sample` to `.git/hooks/pre-receive` or to your provider's git hook directory
+
+   - https://docs.gitlab.com/ee/administration/server_hooks.html
+
 1. Do not forget to `chmod +x .git/hooks/pre-receive`
 1. either set an environment variable machine wide `GITGUARDIAN_API_KEY` or set it in the `.git/hooks/pre-receive` as instructed in the sample file.
 
@@ -633,34 +636,25 @@ $ git push --push-option=breakglass
 - Create a `gitguardian.yaml` somewhere in the system. An example config file is available [here](.gitguardian.example.yml)
 - Replace in the pre-receive hook
   ```shell
-  ggshield scan commit-range "${span}" && continue
+  ggshield scan pre-receive
   ```
   with:
   ```shell
-  ggshield -c <INSERT path to gitguardian.yaml> scan commit-range "${span}" && continue
+  ggshield -c <INSERT path to gitguardian.yaml> scan pre-receive
   ```
 
 ## Install ggshield git pre-receive hook with docker
 
-[**pre-receive.sample**](doc/pre-receive.sample)
+> For the pre-receive hook to work, the directory where the repositories are stored
+> must also be mounted on the container.
+
+[**pre-receive-docker.sample**](doc/pre-receive-docker.sample)
 
 1. This pre-receive hook requires the host machine to have docker installed.
 1. Move `pre-receive.sample` to `.git/hooks/pre-receive`
 1. Do not forget to `chmod +x .git/hooks/pre-receive`
 1. either set an environment variable machine wide `GITGUARDIAN_API_KEY` or set it in the `.git/hooks/pre-receive` as instructed in the sample file.
 
-**How do I add ignored matches and use a custom config in this pre-receive hook?**
-
-- Create a `gitguardian.yaml` somewhere in the system. An example config file is available [here](.gitguardian.example.yml)
-- Replace in the pre-receive hook
-  ```shell
-  docker run --rm -v $(pwd):/data -e GITGUARDIAN_API_KEY gitguardian/ggshield:latest ggshield scan commit-range "${span}" && continue
-  ```
-  with:
-  ```shell
-  docker run --rm -v $(pwd):/data -v <INSERT path of gitguardian.yaml directory>:/config -e GITGUARDIAN_API_KEY gitguardian/ggshield:latest ggshield -c /config/gitguardian.yaml scan commit-range "${span}" && continue
-  ```
-
 # Docker
 
 The GitGuardian Shield docker scanning tool (`ggshield scan docker`) is used to

diff --git a/doc/pre-receive-docker.sample b/doc/pre-receive-docker.sample
@@ -0,0 +1,12 @@
+#!/bin/sh
+# ggshield as a pre-commit hook
+# Move `pre-receive.sample` to `.git/hooks/pre-receive`
+# Do not forget to `chmod +x .git/hooks/pre-receive`
+# either set an environment variable machine wide `GITGUARDIAN_API_KEY`
+# or uncomment and insert your key in the following line
+# if you use more than 2 push options, be sure to export them to the container
+
+#export GITGUARDIAN_API_KEY=<INSERT YOUR KEY>
+
+set -x
+docker run -i --rm -v $(pwd):/data ggshield -e GIT_PUSH_OPTION_COUNT -e GIT_PUSH_OPTION_0 -e GIT_PUSH_OPTION_1 -e GITGUARDIAN_API_KEY gitguardian/ggshield:latest ggshield scan pre-receive
diff --git a/doc/pre-receive-python.sample b/doc/pre-receive-python.sample
diff --git a/doc/pre-receive.sample b/doc/pre-receive.sample
@@ -1,12 +1,15 @@
 #!/bin/sh
 # ggshield as a pre-commit hook
-# Move `pre-receive.sample` to `.git/hooks/pre-receive`
+# Prequirements:
+# python >= 3.6, pip
+# Installation instructions:
+# Run: pip install ggshield
+# Move `pre-receive-python.sample` to `.git/hooks/pre-receive`
 # Do not forget to `chmod +x .git/hooks/pre-receive`
 # either set an environment variable machine wide `GITGUARDIAN_API_KEY`
 # or uncomment and insert your key in the following line
-# if you use more than 2 push options, be sure to export them to the container
 
 #export GITGUARDIAN_API_KEY=<INSERT YOUR KEY>
 
-set -x
-docker run -i --rm -v $(pwd):/data ggshield -e GIT_PUSH_OPTION_COUNT -e GIT_PUSH_OPTION_0 -e GIT_PUSH_OPTION_1 -e GITGUARDIAN_API_KEY gitguardian/ggshield:latest ggshield scan pre-receive
+set -e
+ggshield scan pre-receive