Tracking changes to hooks in .git/hooks

Is there a way to track git hook changes? I have three hooks that only show up on my machine, not when my other developers fetch. Trying to git add doesn't work.

http://benjamin-meyer.blogspot.com/2008/10/git-hooks.html

> Files in the .git/hooks directory are not part of the repository and so they are not tracked. A workaround is to have a git_hooks directory at the top of your repository like done in Arora and symlink .git/hooks to git_hooks whenever you clone. This way the hooks will be part of the project, under revision control and accessible to everyone.

I realise this question is years old, but I feel this needs to be said for travellers like myself who wind up here: Hooks are not tracked by design! Brian's answer will work, but the deal with that is that you are effectively trusting everyone else you are working with to not put malicious code in the repository, which your hooks then execute without question; this is the very definition of a security hole.

Reviving this old thread, you could have a separate version controlled directory which contains your hooks then use the git config core.hooksPath to target that directory.

Modifying Brian's answer to take into account Philip's important point:

If you have any user with write access that creates a hook (say, post-commit) with '#!/bin/sh rm -rf ~' there goes your home directory. (Or maybe something more benign but still stupid.)

To protect against this, it would be best not to symlink the directory, but copy them manually to and from a git_hooks directory. Yes, you have to remember to manually copy theses files when you update them, but better than nothing, and still you don't give someone user-level access to commands on your machine.

UPDATE: As mentioned below, if you plan on changing your hooks a bunch, you could make a wrapper script which copies the files and then runs the commit. However automating a commit (with git add and inputting an automated message) is really messy. A better idea would be to have one of your hooks do the copy to this 'git_hooks' directory, before the commit. This way malicious user wouldn't be able to commit a file that will run on the next hook call.

Another solution (which is not related to tracking / versioning) could be the usage of a plugin that will handle hooks for you.

For example: In the case of a web app, imagine that you can add one script in package json that will configure pre commit hooks !

Here is a good example: https://github.com/typicode/husky

In the end, this script can be under version control and you don't have to deal with hooks folder inside .git

Use template dirs. From a git clone, you can us the flag --template=<template_directory> to add files to the $GIT_DIR. You will also need to create a dir that holds your template or use gits provided location /usr/share/git-core/templates. By using a template dir you can have an active hook ready to run in the hooks dir from creation.

I'm not sure how often your people will be making edits, but you could save this template in a repo that all have access to. Really this should be one hook that runs a file in the repo that contains all of the code you need to automatically run.

Like others have mentioned, as soon as you're executing unknown code automatically you open yourself up to risk.