git

Overview ¶

Package git provides Git repository operations and utilities for Hitch.

Overview ¶

This package wraps the go-git library with Hitch-specific functionality, providing a higher-level interface for Git operations with enhanced safety, validation, and conflict handling.

Core Types ¶

The main type is Repo, which wraps go-git's Repository:

type Repo struct {
    *git.Repository
    workdir string
}

Repo provides convenient methods for common Git operations while maintaining access to the underlying go-git functionality.

Key Components ¶

The package consists of several focused components:

• repo.go: Core repository operations (branch, checkout, merge, commit)
• operations.go: Higher-level operations (force-with-lease push)
• validator.go: Repository validation and health checks
• sanitizer.go: Input sanitization for branch names and user input
• conflict_handler.go: Merge conflict detection and handling

Repository Operations ¶

Common repository operations:

// Open a repository
repo, err := git.OpenRepo(".")
if err != nil {
    return err
}

// Get current branch
branch, err := repo.CurrentBranch()

// Create and checkout a branch
err = repo.CreateBranch("feature/new", "main")
err = repo.Checkout("feature/new")

// Check for uncommitted changes
hasChanges, err := repo.HasUncommittedChanges("HEAD")

// Merge branches
err = repo.Merge("feature/branch", "Merge feature branch")

Input Sanitization ¶

The InputSanitizer protects against command injection and invalid input:

sanitizer := git.NewInputSanitizer()

// Validate branch names
if !sanitizer.IsValidBranchName("feature/login") {
    return errors.New("invalid branch name")
}

// Sanitize environment names
env := sanitizer.SanitizeEnvironmentName("dev-123")

// Validate email addresses
if !sanitizer.IsValidEmail("user@example.com") {
    return errors.New("invalid email")
}

The sanitizer blocks:

• Branch names with special characters (, ', ", `, ;, $, etc.)
• Environment names with path traversal attempts (../)
• Invalid email addresses
• Command injection attempts

Repository Validation ¶

The RepositoryValidator performs comprehensive health checks:

validator := git.NewRepositoryValidator(repo)
result := validator.ValidateRepository()

if !result.IsValid {
    for _, err := range result.Errors {
        fmt.Println("Error:", err)
    }
    for _, warn := range result.Warnings {
        fmt.Println("Warning:", warn)
    }
}

Validation checks include:

• Repository exists and is accessible
• .git directory is present and valid
• HEAD reference exists
• Working directory is clean (for operations requiring it)
• No corrupted objects
• Metadata branch (hitch-metadata) is properly configured

Conflict Handling ¶

The ConflictHandler detects and reports merge conflicts:

handler := git.NewConflictHandler(repo)
result := handler.CheckForConflicts("feature/branch", "main")

if result.HasConflicts {
    fmt.Println("Conflicts detected:")
    for _, file := range result.ConflictingFiles {
        fmt.Printf("  - %s\n", file)
    }
}

Force-with-Lease ¶

Safe force pushing with lease validation:

err := repo.ForcePushWithLease("dev", "origin/dev", "abc123")

This ensures:

• Remote branch hasn't been updated by others
• Local changes won't overwrite unexpected commits
• Safe force push for environment rebuilds

Branch Operations ¶

Comprehensive branch management:

// Check if branch exists
exists := repo.BranchExists("feature/login")

// Get all branches
branches, err := repo.Branches()

// Delete branch
err = repo.DeleteBranch("feature/old", false) // safe delete
err = repo.DeleteBranch("feature/old", true)  // force delete

// Get branch creation time
createdAt, err := repo.BranchCreatedAt("feature/login")

// Check if branch is merged
merged, err := repo.IsBranchMerged("feature/login", "main")

User Information ¶

Extract Git user configuration:

name, err := repo.UserName()
email, err := repo.UserEmail()

Working Directory ¶

Access to repository paths:

workdir := repo.WorkingTree()
gitDir := filepath.Join(workdir, ".git")

Safety Features ¶

The package implements multiple safety mechanisms:

• Input validation before any git commands
• Sanitization of all user-provided strings
• Pre-flight checks for repository state
• Conflict detection before merges
• Force-with-lease for safe force pushes
• Comprehensive error messages

Error Handling ¶

All functions return descriptive errors:

err := repo.Merge("feature/branch", "Merge message")
if err != nil {
    // Error includes context about what failed
    return fmt.Errorf("merge failed: %w", err)
}

Testing ¶

The package includes extensive tests:

• sanitizer_test.go: Input sanitization tests
• sanitizer_edge_cases_test.go: Edge cases and attack vectors
• conflict_handler_test.go: Merge conflict detection
• validator_test.go: Repository validation
• force_with_lease_test.go: Safe force push operations
• repo_test.go: Core repository operations

All tests use isolated Docker environments with the dockertest build tag.

Dependencies ¶

External dependencies:

• github.com/go-git/go-git/v5: Pure Go Git implementation

Internal dependencies:

• None (this is a foundational package)

Example: Complete Workflow ¶

// Open repository
repo, err := git.OpenRepo(".")
if err != nil {
    return err
}

// Validate repository state
validator := git.NewRepositoryValidator(repo)
if result := validator.ValidateRepository(); !result.IsValid {
    return fmt.Errorf("repository validation failed")
}

// Sanitize input
sanitizer := git.NewInputSanitizer()
if !sanitizer.IsValidBranchName(branchName) {
    return fmt.Errorf("invalid branch name: %s", branchName)
}

// Check for conflicts
conflictHandler := git.NewConflictHandler(repo)
result := conflictHandler.CheckForConflicts(branchName, "main")
if result.HasConflicts {
    return fmt.Errorf("merge conflicts detected")
}

// Perform operation
err = repo.Merge(branchName, "Merge feature branch")
if err != nil {
    return err
}