Introduction to Git hooks

  • 3 minutes

Git hooks can change how teams approach code quality, security, and following company rules. Instead of checking these things later in the process, Git hooks let teams add automatic checks directly into the development workflow. This creates quality standards that work automatically across teams and projects.

Why automation matters

Modern software development needs automation that works precisely at every stage. Git hooks provide the foundation for this automation. They let teams implement quality checks, security validations, and rule compliance that run automatically without slowing down developers.

  • Check problems early: Git hooks help teams use "shift-left" strategies that catch problems at the earliest possible point. This reduces the cost of fixing issues and improves overall software quality.
  • Security first model: In business environments, Git hooks work as automatic security guards. They check every code change against security policies before allowing it to continue through the development process.
  • Automatic rule checking: For companies that must follow strict regulations, Git hooks provide automatic compliance checking. This ensures every code change meets necessary standards without requiring manual review.

Hooks on developer computers

Client-side hooks run on each developer's computer. They provide immediate feedback and prevent bad code from entering shared code repositories.

Pre-commit hook features

  • Code quality checks: Automatically check code formatting, linting rules, and company coding standards before allowing commits.
  • Security scanning: Run automatic security scans to find passwords, API keys, and vulnerable dependencies before they enter the code.
  • Test running: Run specific test suites to make sure code changes don't break existing functionality.
  • Documentation checks: Verify that code changes include proper documentation updates and maintain documentation standards.

Commit message hook automation

  • prepare-commit-msg: Automatically create or modify commit messages to ensure consistency with company standards and include necessary information.
  • commit-msg: Check commit message format, enforce naming rules, and ensure proper links to work items or issue tracking systems.

Post-commit integration features

  • Notification automation: Send automatic notifications to team members, project management systems, or collaboration platforms.
  • Documentation creation: Automatically update project documentation, API references, or change logs based on commit content.
  • Metrics collection: Gather development metrics and analytics to support continuous improvement efforts.

Advanced hook implementation patterns

Security-focused hook strategies

Password and secret detection:

#!/bin/bash
# Check for passwords and secrets in code changes
if git diff --cached --name-only | xargs grep -l -E "(password|secret|api[_-]?key|token|credential)" 2>/dev/null; then
    echo "Security Alert: Found potential passwords or secrets in your changes"
    echo "Please review and remove sensitive information before committing"
    exit 1
fi

Checking for vulnerable dependencies:

#!/bin/bash
# Check for security vulnerabilities in dependencies
if command -v npm &> /dev/null && [ -f package.json ]; then
    npm audit --audit-level=high
    if [ $? -ne 0 ]; then
        echo "Found security vulnerabilities in dependencies"
        echo "Please fix high-severity vulnerabilities before committing"
        exit 1
    fi
fi

Quality checking hook automation

Complete code quality checking:

#!/bin/bash
# Check code quality for multiple programming languages
for file in $(git diff --cached --name-only --diff-filter=ACM); do
    case "$file" in
        *.js|*.ts)
            npx eslint "$file" || exit 1
            ;;
        *.py)
            python -m flake8 "$file" || exit 1
            python -m mypy "$file" || exit 1
            ;;
        *.cs)
            dotnet format --verify-no-changes --include "$file" || exit 1
            ;;
    esac
done

Automatic test running strategy:

#!/bin/bash
# Smart test running based on what changed
changed_files=$(git diff --cached --name-only)
if echo "$changed_files" | grep -q "src/"; then
    echo "Running unit tests for changed components..."
    npm test -- --findRelatedTests $changed_files
    if [ $? -ne 0 ]; then
        echo "Tests failed. Please fix failing tests before committing"
        exit 1
    fi
fi

Integration with development tools

Azure DevOps integration

Work item link checking:

#!/bin/bash
# Make sure commit messages include Azure DevOps work item references
commit_message=$(cat "$1")
if ! echo "$commit_message" | grep -qE "#[0-9]+|AB#[0-9]+"; then
    echo "Commit message must reference a work item (e.g., #1234 or AB#1234)"
    exit 1
fi

Branch name checking:

#!/bin/bash
# Check branch naming rules align with Azure DevOps policies
current_branch=$(git branch --show-current)
if ! echo "$current_branch" | grep -qE "^(feature|bugfix|hotfix)/[a-z0-9-]+$"; then
    echo "Branch name must follow convention: feature/description, bugfix/description, or hotfix/description"
    exit 1
fi

Pipeline integration automation

Note

You need to install the Azure DevOps CLI extension to use these commands.

Build validation triggers:

#!/bin/bash
# Trigger Azure Pipelines validation builds for significant changes
if git diff --cached --name-only | grep -qE "\.(cs|js|ts|py)$"; then
    echo "Triggering validation build for code changes..."
    az pipelines build queue --definition-name "PR-Validation" --branch $(git branch --show-current)
fi

Hook categories and use cases

Quality gate automation

Pre-commit quality gates:

  • Code formatting and style checking
  • Static analysis and linting
  • Unit test running for changed code
  • Documentation completeness checking
  • Performance impact checking

Pre-push validation:

  • Integration test running
  • Security vulnerability scanning
  • Dependency license compliance checking
  • Build validation and artifact creation
  • Deployment readiness checking

Security and compliance automation

Security hook implementation:

  • Password and secret detection
  • Dependency vulnerability checking
  • Code security pattern validation
  • Compliance rule checking
  • Audit trail creation

Compliance validation hooks:

  • Regulatory requirement checking
  • Code signing and verification
  • Change approval validation
  • Documentation requirement checking
  • Audit log creation

Development workflow enhancement

Developer experience optimization:

  • Automatic commit message creation
  • Branch naming rule checking
  • Work item linking automation
  • Code review assignment automation
  • Progress tracking and reporting

Team collaboration enhancement:

  • Notification and communication automation
  • Knowledge sharing help
  • Metrics collection and reporting
  • Process compliance monitoring
  • Continuous improvement data gathering

Git hooks provide the essential automation foundation for development teams. They help organizations add quality, security, and compliance directly into the development workflow while keeping developers productive and happy.