Hi guys, Our commit hooks in mesos have been traditionally quite strict (something many people here will have experienced when "quickly" commiting some work in progress before changing branches). However, when I rebased a branch today I was surprised to learn that I had to wait more than 5 minutes while something was downloaded from the internet.
Indeed, it turns out that the pre-commit hook is installing both a pip package and an npm package, eslint, along with all of its 1450 dependencies. (https://pastebin.com/hTZWRxcy) Aside from the security implications (these are unsigned, and every single one gets to execute custom javascript) I feel like there is something fundamentally wrong here - a git commit is supposed to be a local operation, it should not need internet access: bevers@poincare:~/mesos$ git commit -m "Dummy commit on cleaned worktree." Virtualenv not detected... building Rebuilding virtualenv... Retrying (Retry(total=4, connect=None, read=None, redirect=None)) after connection broken by 'NewConnectionError('<pip._vendor.requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7fea82eb11d0>: Failed to establish a new connection: [Errno -2] Name or service not known',)': /simple/pip/ [...] Retrying (Retry(total=0, connect=None, read=None, redirect=None)) after connection broken by 'NewConnectionError('<pip._vendor.requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7f2e627456d0>: Failed to establish a new connection: [Errno -2] Name or service not known',)': /simple/nodeenv/ Could not find a version that satisfies the requirement nodeenv==1.1.2 (from -r /home/bevers/mesos/support/pip-requirements.txt (line 1)) (from versions: ) No matching distribution found for nodeenv==1.1.2 (from -r /home/bevers/mesos/support/pip-requirements.txt (line 1)) I'm sure running various linters improves code quality, but there must be a better way to implement this. My proposal would be to move most checks to post-reviews.py, which is a slow operation anyways and which actually marks the point in time where the commits should be cleaned up enough to pass all checks. What do you think? Best regards, -- Benno Evers Software Engineer, Mesosphere
