Skip to content

feat: block force pushes via pre-push hook#412

Merged
shenxianpeng merged 8 commits into
mainfrom
feat/block-force-pushes
May 15, 2026
Merged

feat: block force pushes via pre-push hook#412
shenxianpeng merged 8 commits into
mainfrom
feat/block-force-pushes

Conversation

@shenxianpeng
Copy link
Copy Markdown
Member

@shenxianpeng shenxianpeng commented May 15, 2026
edited
Loading

Supersedes #410 with the same branch now hosted directly in commit-check/commit-check instead of the fork.

Includes the force-push blocking pre-push hook, CLI/API support, configuration handling, docs, and tests from the original PR.

Closes #203

@shenxianpeng
feat: block force pushes via pre-push hook
2c53614 
Adds a `check-no-force-push` pre-push hook that detects and blocks
`git push --force` / `git push -f` by inspecting pushed ref ancestry
via `git merge-base --is-ancestor`.

## Detection logic

Reads git's pre-push stdin (<local ref> <local sha> <remote ref> <remote sha>)
and evaluates:

- Remote SHA is zero -> new branch push -> pass
- merge-base returns 0 -> fast-forward -> pass
- Returns 1 -> force push detected -> fail
- Returns 128 -> git error, pass (safe default)

## Standalone mode

When run without stdin, --no-force-push checks whether pushing HEAD to its
configured upstream would require force, using git ls-remote and optional
git fetch to resolve the remote commit.

Closes #203
@shenxianpeng
docs: add push safety section to README and examples
d04a25b
@shenxianpeng
test: add coverage for validate_push API and push rule fallback
2fff414
@shenxianpeng
Add force option to documentation for next version
aa10484
@shenxianpeng
fix: fetch remote ref before force-push check
a60289b
@shenxianpeng
chore: revert labeler.yml changes
f35edd2
@shenxianpeng shenxianpeng requested a review from a team as a code owner May 15, 2026 23:03
@netlify
Copy link
Copy Markdown

netlify Bot commented May 15, 2026
edited
Loading

Deploy Preview for commit-check ready!

Name Link
🔨 Latest commit f8c20a3
🔍 Latest deploy log https://app.netlify.com/projects/commit-check/deploys/6a07acefb535080008654be1
😎 Deploy Preview https://deploy-preview-412--commit-check.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented May 15, 2026
edited
Loading

Warning

Rate limit exceeded

@shenxianpeng has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 20 minutes and 24 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b74794a8-6895-4d72-a9cb-8c22b20b2876

📥 Commits

Reviewing files that changed from the base of the PR and between 505c9eb and f8c20a3.

📒 Files selected for processing (19)
  • .pre-commit-hooks.yaml
  • README.rst
  • commit_check/__init__.py
  • commit_check/api.py
  • commit_check/config_merger.py
  • commit_check/engine.py
  • commit_check/main.py
  • commit_check/rule_builder.py
  • commit_check/rules_catalog.py
  • commit_check/util.py
  • docs/changelog.rst
  • docs/configuration.rst
  • docs/example.rst
  • docs/what-is-new.rst
  • tests/api_test.py
  • tests/engine_test.py
  • tests/main_test.py
  • tests/rule_builder_test.py
  • tests/util_test.py
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/block-force-pushes

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions github-actions Bot added the documentation Improvements or additions to documentation label May 15, 2026
@shenxianpeng shenxianpeng mentioned this pull request May 15, 2026
Closed
@codspeed-hq
Copy link
Copy Markdown

codspeed-hq Bot commented May 15, 2026
edited
Loading

Merging this PR will not alter performance

✅ 245 untouched benchmarks
🆕 57 new benchmarks
⏩ 108 skipped benchmarks1

Performance Changes

Benchmark BASE HEAD Efficiency
🆕 test_custom_config_is_merged N/A 315.5 µs N/A
🆕 test_fast_forward_push_passes N/A 710.5 µs N/A
🆕 test_force_push_fails N/A 719 µs N/A
🆕 test_none_push_refs_passes N/A 281.4 µs N/A
🆕 test_result_has_expected_structure N/A 290.8 µs N/A
🆕 test_new_branch_push_passes N/A 297.7 µs N/A
🆕 test_empty_lines_in_stdin_are_skipped N/A 561.4 µs N/A
🆕 test_fast_forward_push_is_allowed N/A 558.8 µs N/A
🆕 test_force_push_is_blocked N/A 1.1 ms N/A
🆕 test_git_error_allows_push N/A 1.6 ms N/A
🆕 test_malformed_push_line_is_skipped N/A 132 µs N/A
🆕 test_missing_remote_sha_fetch_prefers_matching_upstream_remote N/A 1.6 ms N/A
🆕 test_missing_remote_sha_is_fetched_then_force_push_is_blocked N/A 2.2 ms N/A
🆕 test_missing_remote_sha_tries_next_remote_until_resolved N/A 2.2 ms N/A
🆕 test_multiple_refs_one_force_push_blocks N/A 1.2 ms N/A
🆕 test_new_branch_push_is_allowed N/A 135.2 µs N/A
🆕 test_no_stdin_skips_validation N/A 124 µs N/A
🆕 test_no_stdin_with_upstream_fallback_blocks_force_push N/A 2.2 ms N/A
🆕 test_no_stdin_with_upstream_fallback_fetches_remote_commit_when_needed N/A 2.5 ms N/A
🆕 test_no_stdin_with_upstream_fallback_passes_fast_forward N/A 1.2 ms N/A
... ... ... ... ...

ℹ️ Only the first 20 benchmarks are displayed. Go to the app to view all benchmarks.

Comparing feat/block-force-pushes (f8c20a3) with main (505c9eb)

Open in CodSpeed

Footnotes

  1. 108 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports.

@codecov
Copy link
Copy Markdown

codecov Bot commented May 15, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 97.36842% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 95.74%. Comparing base (505c9eb) to head (f8c20a3).

Files with missing lines Patch % Lines
commit_check/main.py 93.54% 2 Missing ⚠️
commit_check/api.py 85.71% 1 Missing ⚠️
commit_check/engine.py 98.24% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #412      +/-   ##
==========================================
+ Coverage   95.51%   95.74%   +0.22%     
==========================================
  Files          10       10              
  Lines        1004     1152     +148     
==========================================
+ Hits          959     1103     +144     
- Misses         45       49       +4

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@shenxianpeng
fix: ensure pre-push hook always runs and remove -p short flag
f8c20a3 
- Add always_run: true to check-no-force-push hook in .pre-commit-hooks.yaml
  to prevent pre-commit from skipping the hook when zero files changed
  (e.g. force push with identical tree, different history)
- Remove -p short flag from --no-force-push CLI argument; the flag is
  exclusively used in pre-commit hooks, not interactive CLI use
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 15, 2026

Quality Gate Passed Quality Gate passed

Issues
5 New issues
9 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@shenxianpeng shenxianpeng added major-rfe For changelog: Major enhancement. Will be highlighted on the top minor A minor version bump and removed documentation Improvements or additions to documentation labels May 15, 2026
@shenxianpeng shenxianpeng merged commit 657d391 into main May 15, 2026
35 checks passed
@shenxianpeng shenxianpeng deleted the feat/block-force-pushes branch May 15, 2026 23:34
@shenxianpeng shenxianpeng mentioned this pull request May 18, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

major-rfe For changelog: Major enhancement. Will be highlighted on the top minor A minor version bump

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[FR] Block force pushes

1 participant

@shenxianpeng