Kevin Veen-Birkenbach
62523ba6b0
Ship the two maintainer workflow helpers as installable Python CLIs so
any fork-based OSS project can reuse them without vendoring shell
scripts:
* git-setup-remotes configures origin/fork/main-tracking/pushDefault
for a fork-based clone. URLs are parameterized (--canonical / --fork
or CANONICAL_URL / FORK_URL) so the same binary bootstraps any
maintainer's repo. Idempotent.
* git-sign-push GPG-signs every unpushed commit on the current branch
and pushes, resolving the target remote from remote.pushDefault
(falling back to origin) for branches without upstream.
Both refuse to run when CLAUDE_CODE/CLAUDECODE is set, since the Claude
sandbox blocks .git/config writes and access to ~/.gnupg: failing fast
beats failing late.
Other additions:
* Makefile: install / install-dev / test / lint / clean targets.
* .github/workflows/test.yml: pytest + ruff matrix for py 3.10/11/12.
* MIRRORS: github, git.veen.world:2201, code.infinito.nexus:2201, pypi.
* LICENSE switched to MIT; README records the extraction origin
(s.infinito.nexus/code) and adds author + license sections.
* Tests cover sandbox-refusal guards and the fork-URL resolution
preference order (CLI arg > env var > existing fork remote > origin
when not canonical).
39 lines
1.2 KiB
Python
39 lines
1.2 KiB
Python
"""Both CLIs must refuse to run inside the Claude sandbox."""
|
|
|
|
from __future__ import annotations
|
|
|
|
import pytest
|
|
|
|
from git_maintainer_tools import setup_remotes, sign_push
|
|
|
|
|
|
@pytest.mark.parametrize(
|
|
"module,env",
|
|
[
|
|
(setup_remotes, "CLAUDE_CODE"),
|
|
(setup_remotes, "CLAUDECODE"),
|
|
(sign_push, "CLAUDE_CODE"),
|
|
(sign_push, "CLAUDECODE"),
|
|
],
|
|
)
|
|
def test_refuses_in_sandbox(monkeypatch, capsys, module, env):
|
|
monkeypatch.setenv(env, "1")
|
|
with pytest.raises(SystemExit) as exc:
|
|
module.main([])
|
|
assert exc.value.code == 1
|
|
err = capsys.readouterr().err
|
|
assert "must run outside the Claude sandbox" in err
|
|
|
|
|
|
def test_setup_remotes_missing_canonical(monkeypatch, capsys):
|
|
monkeypatch.delenv("CLAUDE_CODE", raising=False)
|
|
monkeypatch.delenv("CLAUDECODE", raising=False)
|
|
monkeypatch.delenv("CANONICAL_URL", raising=False)
|
|
# Guard against any ambient FORK_URL that would let the CLI get past
|
|
# the canonical check before hitting the canonical error path.
|
|
monkeypatch.delenv("FORK_URL", raising=False)
|
|
|
|
rc = setup_remotes.main([])
|
|
assert rc == 1
|
|
assert "missing canonical URL" in capsys.readouterr().err
|