cmd/vulnreport: use git tool for "vulnreport commit"
Use the git tool rather than direct repo access via go-git,
so as to run commit hooks and give the user a chance to edit
the commit message.
Change-Id: I2e564b334d71bf9cda8a57bc7869119cd896d1ff
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/414576
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Tatiana Bradley <tatiana@golang.org>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
Run-TryBot: Damien Neil <dneil@google.com>
diff --git a/cmd/vulnreport/main.go b/cmd/vulnreport/main.go
index 976b4f6..97f1a95 100644
--- a/cmd/vulnreport/main.go
+++ b/cmd/vulnreport/main.go
@@ -24,7 +24,6 @@
"strings"
"time"
- "github.com/go-git/go-git/v5"
"golang.org/x/exp/slices"
"golang.org/x/tools/go/packages"
"golang.org/x/vulndb/internal/cvelistrepo"
@@ -89,11 +88,7 @@
log.Fatal(err)
}
case "commit":
- repo, err := gitrepo.Open(ctx, ".")
- if err != nil {
- log.Fatal(err)
- }
- f := func(name string) error { return commit(ctx, repo, name, *githubToken) }
+ f := func(name string) error { return commit(ctx, name, *githubToken) }
if err := multi(f, names); err != nil {
log.Fatal(err)
}
@@ -388,7 +383,7 @@
var reportRegexp = regexp.MustCompile(`^reports/GO-\d\d\d\d-(\d+)\.yaml$`)
-func commit(ctx context.Context, repo *git.Repository, filename, accessToken string) (err error) {
+func commit(ctx context.Context, filename, accessToken string) (err error) {
defer derrors.Wrap(&err, "commit(%q)", filename)
m := reportRegexp.FindStringSubmatch(filename)
if len(m) != 2 {
@@ -413,27 +408,27 @@
return nil
}
- tree, err := repo.Worktree()
- if err != nil {
- return err
+ // Exec the git command rather than using go-git so as to run commit hooks
+ // and give the user a chance to edit the commit message.
+ irun := func(name string, arg ...string) error {
+ cmd := exec.Command(name, arg...)
+ cmd.Stdin = os.Stdin
+ cmd.Stdout = os.Stdout
+ cmd.Stderr = os.Stderr
+ return cmd.Run()
}
- _, err = tree.Add(filename)
- if err != nil {
- return err
- }
- st, err := tree.Status()
- if err != nil {
- return err
- }
- if _, ok := st[filename]; !ok {
- // Trying to commit a file that hasn't changed from HEAD.
- fmt.Printf("%v: unmodified\n", filename)
+ if err := irun("git", "add", filename); err != nil {
+ fmt.Fprintf(os.Stderr, "git add: %v\n", err)
return nil
}
msg := fmt.Sprintf("x/vulndb: add %v for %v\n\nFixes golang/vulndb#%v\n",
filename, strings.Join(r.CVEs, ", "), issueID)
- _, err = tree.Commit(msg, &git.CommitOptions{})
- return err
+ if err := irun("git", "commit", "-m", msg, "-e", filename); err != nil {
+ fmt.Fprintf(os.Stderr, "git commit: %v\n", err)
+ return nil
+ }
+
+ return nil
}
// Regexp for matching go tags. The groups are:
diff --git a/go.sum b/go.sum
index 4f32947..49e2a5a 100644
--- a/go.sum
+++ b/go.sum
@@ -191,7 +191,6 @@
github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o=
github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=