On Thu, 25 Jun 2009, Todd Zullinger wrote:
Mike McGrath wrote:
> I'll take a look at this tomorrow, we've got a git check in there
> now that does a syntax and notify. I think the only reason it
> prevents commits is because I didn't know how to do that :) so all
> it does is throw errors.
That's in syncPuppetMaster.sh, called from the post-update hook,
right? By then, there is no chance to deny the push, as the refs have
been updated by git. :)
> Here's the only got'cha. We mix a private and public repo together.
> IE: in our public repo we reference $someDbPassword, and then in the
> private repo we create that password. The only time they're
> together is after a push has happened. Does this account for that?
> Does that problem not even exist anymore?
Using the code for the update hook in my previous mail, I don't think
is should be a problem. That should only check the files that are
being modified by the push for syntax errors. Puppet is called with
--parseonly and --ignoreimport. That should prevent problems caused
by a manifest in puppet relying on something in private. Of course,
testing it on a manifest that uses a variable define in private would
be a good idea. :)
Keeping the syntax check in syncPuppetMaster.sh is probably a good
backup, as it might catch things that the check on individual .pp
files misses.
Works for me, patch seems resonable (if it does work like it seems it
should :)
Ping me on irc and we'll get this in and ready and tested.
-Mike