sketch: "git push" button
Ultimately, we want to allow users to push their changes to github, and
thereby do a good chunk of work without resorting to the terminal (and
figuring out how to move the git references around, which requires a
bunch of esotiric and annoying expertise).
This commit introduces:
1. For outtie's HTTP server (which is now comically Go HTTP ->
CGI-effing-bin -> git -> shell script -> git in this case), there's a
custom git hook that forwards changes to refs/remotes/origin/foo to
origin/foo. This is a git proxy of sorts. By forwarding the
SSH_AUTH_SOCK, we can use outtie's auth options without giving innie
the actual credentials. This works by creating a temporary directory
for git hooks (for outtie).
2. Innie sets up a new remote, "upstream" when a "passthrough-upstream"
flag is pasksed. This remote kind of looks like the real upstream (so
upstream/foo) is fetched. This will let the agent handle rebases
better.
3. Innie exposes a /pushinfo handler that returns the list of remotes
and the current commit and such. These have nice display names for
the outtie's machine and github if useful.
There's also a /push handler. This is the thing that knows about the
refs/remotes/origin/foo thing. There's no magic git push refspec that
makes this all work without that, I think. (Maybe there is? I don't
think there is.)
Note that there's been some changes about what the remotes look like,
and when we use the remotes and when we use agent.GitOrigin().
We may be able to simplify this by using git's insteadof
configurations, but I think it's fine.
4. The web UI exposes a button to push, choose the remote and branch,
and such. If it can't do the push, you'll get a button to try to get
the agent to rebase.
We don't allow force pushes in the UI. We're treating those
as an advanced feature, and, if you need to do that, you can
figure it out.
This was collaboration with a gazillion sketch sessions.
diff --git a/dockerimg/githttp.go b/dockerimg/githttp.go
index ecd46a1..acb099b 100644
--- a/dockerimg/githttp.go
+++ b/dockerimg/githttp.go
@@ -3,6 +3,7 @@
import (
"context"
"crypto/subtle"
+ _ "embed"
"fmt"
"log/slog"
"net/http"
@@ -15,12 +16,45 @@
"time"
)
+//go:embed pre-receive.sh
+var preReceiveScript string
+
type gitHTTP struct {
gitRepoRoot string
+ hooksDir string
pass []byte
browserC chan bool // browser launch requests
}
+// setupHooksDir creates a temporary directory with git hooks for this session.
+//
+// This automatically forwards pushes from refs/remotes/origin/Y to origin/Y
+// when users push to remote tracking refs through the git HTTP backend.
+//
+// How it works:
+// 1. User pushes to refs/remotes/origin/feature-branch
+// 2. Pre-receive hook detects the pattern and extracts branch name
+// 3. Hook checks if it's a force push (declined if so)
+// 4. Hook runs "git push origin <commit>:feature-branch"
+// 5. If origin push fails, user's push also fails
+//
+// Note:
+// - Error propagation from origin push to user push
+// - Session isolation with temporary hooks directory
+func setupHooksDir(gitRepoRoot string) (string, error) {
+ hooksDir, err := os.MkdirTemp("", "sketch-git-hooks-*")
+ if err != nil {
+ return "", fmt.Errorf("failed to create hooks directory: %w", err)
+ }
+
+ preReceiveHook := filepath.Join(hooksDir, "pre-receive")
+ if err := os.WriteFile(preReceiveHook, []byte(preReceiveScript), 0o755); err != nil {
+ return "", fmt.Errorf("failed to write pre-receive hook: %w", err)
+ }
+
+ return hooksDir, nil
+}
+
func (g *gitHTTP) ServeHTTP(w http.ResponseWriter, r *http.Request) {
defer func() {
if err := recover(); err != nil {
@@ -116,9 +150,16 @@
}
w.Header().Set("Cache-Control", "no-cache")
+
+ args := []string{"http-backend"}
+ if g.hooksDir != "" {
+ // Use -c flag to set core.hooksPath for this git command only
+ args = []string{"-c", "core.hooksPath=" + g.hooksDir, "http-backend"}
+ }
+
h := &cgi.Handler{
Path: gitBin,
- Args: []string{"http-backend"},
+ Args: args,
Dir: g.gitRepoRoot,
Env: []string{
"GIT_PROJECT_ROOT=" + g.gitRepoRoot,
@@ -129,6 +170,9 @@
"GIT_HTTP_ALLOW_REPACK=true",
"GIT_HTTP_ALLOW_PUSH=true",
"GIT_HTTP_VERBOSE=1",
+ // We need to pass through the SSH auth sock to the CGI script
+ // so that we can use the user's existing SSH key infra to authenticate.
+ "SSH_AUTH_SOCK=" + os.Getenv("SSH_AUTH_SOCK"),
},
}
h.ServeHTTP(w, r)