{"id":37030182,"url":"https://github.com/arthinking/git-hook-maven-plugin","last_synced_at":"2026-01-14T03:40:25.938Z","repository":{"id":57725442,"uuid":"142766288","full_name":"arthinking/git-hook-maven-plugin","owner":"arthinking","description":"Git hook maven plugin \u0026 validate-commit-message for Java","archived":false,"fork":false,"pushed_at":"2018-08-29T07:17:55.000Z","size":36,"stargazers_count":15,"open_issues_count":0,"forks_count":6,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-08-05T03:24:25.840Z","etag":null,"topics":["githooks-plugin","maven-plugin","validate-commit-msg"],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/arthinking.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-07-29T14:08:13.000Z","updated_at":"2024-09-29T08:29:04.000Z","dependencies_parsed_at":"2022-09-08T16:51:23.431Z","dependency_job_id":null,"html_url":"https://github.com/arthinking/git-hook-maven-plugin","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/arthinking/git-hook-maven-plugin","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arthinking%2Fgit-hook-maven-plugin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arthinking%2Fgit-hook-maven-plugin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arthinking%2Fgit-hook-maven-plugin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arthinking%2Fgit-hook-maven-plugin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/arthinking","download_url":"https://codeload.github.com/arthinking/git-hook-maven-plugin/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arthinking%2Fgit-hook-maven-plugin/sbom","scorecard":{"id":209216,"data":{"date":"2025-08-11","repo":{"name":"github.com/arthinking/git-hook-maven-plugin","commit":"8f589e0998d3409beafaea790ef38347d1d4c8fa"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.2,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Code-Review","score":0,"reason":"Found 0/14 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":0,"reason":"license file not detected","details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":7,"reason":"3 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-8vhq-qq4p-grq3","Warn: Project is vulnerable to: GHSA-g6ph-x5wf-g337","Warn: Project is vulnerable to: GHSA-jcwr-x25h-x5fh"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-17T00:25:19.066Z","repository_id":57725442,"created_at":"2025-08-17T00:25:19.066Z","updated_at":"2025-08-17T00:25:19.066Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28408854,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T01:52:23.358Z","status":"online","status_checked_at":"2026-01-14T02:00:06.678Z","response_time":107,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["githooks-plugin","maven-plugin","validate-commit-msg"],"created_at":"2026-01-14T03:40:25.281Z","updated_at":"2026-01-14T03:40:25.926Z","avatar_url":"https://github.com/arthinking.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Git hook maven plugin\n\nGit可以在特定动作执行时触发自定义钩子脚本, 包括服务端脚本和客户端脚本。具体的钩子脚本编写说明可以参考: [自定义 Git - Git 钩子](https://www.git-scm.com/book/zh/v2/%E8%87%AA%E5%AE%9A%E4%B9%89-Git-Git-%E9%92%A9%E5%AD%90)\n\n其中服务端钩子脚本可以统一在服务端配置, 针对所有用户都生效。而客户端脚本存在以下问题:\n\n* 脚本存储于客户端, 并且无法纳入git管理, 每个人的脚本可以随意修改, 无法做到团队某些规范的推行;\n* 一些优秀的脚本很难推广, 通过一种业界标准形式集成到项目中。\n\n为此, 推出了该插件, 包括以下特点:\n\n* 很方便的在项目中自定义团队的工作流, 把自定义钩子钩子脚本纳入git管理类, 方便团队共享;\n* 把钩子脚本的安装集成到`Maven`的生命周期中的某个阶段, 方便的通过项目编译自动安装或者升级脚本;\n* 提供通用的内置脚本, 方便钩子的配置, 目前只提供了`validate-commit-message`钩子脚本, 用于提交日志的规范, 遵循[AngularJS Git Commit Message Conventions](https://docs.google.com/document/d/1QrDFcIiPjSLDn3EL15IJygNPiHORgU1_OOAqWjiDU5Y/edit#)的格式。\n\n## 1、安装\n\n在项目中引入插件即可:\n\n```xml\n  \u003cbuild\u003e\n    \u003cplugins\u003e\n      \u003cplugin\u003e\n        \u003cgroupId\u003ecom.itzhai.tools\u003c/groupId\u003e\n        \u003cartifactId\u003egit-hook-maven-plugin\u003c/artifactId\u003e\n        \u003cversion\u003e1.0.0\u003c/version\u003e\n        \u003cexecutions\u003e\n          \u003cexecution\u003e\n            \u003cgoals\u003e\n              \u003cgoal\u003egit-hooks\u003c/goal\u003e\n            \u003c/goals\u003e\n\n            \u003cconfiguration\u003e\n              \u003cghooks\u003e\n                \u003ccommit-msg\u003evalidate-commit-message/validate-commit-message.sh\u003c/commit-msg\u003e\n                \u003cpre-commit\u003evalidate-code/validate-code.sh\u003c/pre-commit\u003e\n              \u003c/ghooks\u003e\n            \u003c/configuration\u003e\n\n            \u003cphase\u003ecompile\u003c/phase\u003e\n\n          \u003c/execution\u003e\n\n        \u003c/executions\u003e\n      \u003c/plugin\u003e\n      ...\n    \u003c/plugins\u003e\n  \u003c/build\u003e\n```\n\n当然, 您也可以下载项目, deploy 插件到本地仓库或者私服:\n\n从github上面下载该maven插件:\n\n\u003e git clone https://github.com/arthinking/git-hook-maven-plugin.git\n\n该仓库包含两个项目:\n\n\u003e git-hook-maven-plugin\n\u003e git-hook-maven-plugin-demo\n\n第一个项目是插件项目, 第二个项目是插件使用demo项目\n\n通过`maven`安装`git-hook-maven-plugin`插件项目到本地仓库:\n\n\u003e mvn install\n\n或者,您也可以推送到私服:\n\n\u003e mvn deploy\n\n注意：deploy的时候，记得在项目的pom文件中配置私服地址：\n\n```\n\u003cdistributionManagement\u003e\n\t\t\u003crepository\u003e\n\t\t\t\u003cid\u003emy-releases\u003c/id\u003e\n\t\t\t\u003cname\u003eNexus Release Repository\u003c/name\u003e\n\t\t\t\u003curl\u003ehttp://localhost/nexus/content/repositories/thirdparty\u003c/url\u003e\n\t\t\u003c/repository\u003e\n\t\t\u003csnapshotRepository\u003e\n\t\t\t\u003cid\u003emy-snapshots\u003c/id\u003e\n\t\t\t\u003cname\u003eNexus Snapshot Repository\u003c/name\u003e\n\t\t\t\u003curl\u003ehttp://localhost/nexus/content/repositories/snapshots\u003c/url\u003e\n\t\t\u003c/snapshotRepository\u003e\n\t\u003c/distributionManagement\u003e\n```\n\n## 2、设置\n\n### 2.1、在Maven项目中引入插件\n\n在maven项目中引入插件:\n\n```xml\n  \u003cbuild\u003e\n    \u003cplugins\u003e\n      \u003cplugin\u003e\n        \u003cgroupId\u003ecom.itzhai.tools\u003c/groupId\u003e\n        \u003cartifactId\u003egit-hook-maven-plugin\u003c/artifactId\u003e\n        \u003cversion\u003e1.0-SNAPSHOT\u003c/version\u003e\n        \u003cexecutions\u003e\n          \u003cexecution\u003e\n            \u003cgoals\u003e\n              \u003cgoal\u003egit-hooks\u003c/goal\u003e\n            \u003c/goals\u003e\n\n            \u003cconfiguration\u003e\n              \u003cghooks\u003e\n                \u003ccommit-msg\u003evalidate-commit-message/validate-commit-message.sh\u003c/commit-msg\u003e\n                \u003cpre-commit\u003evalidate-code/validate-code.sh\u003c/pre-commit\u003e\n              \u003c/ghooks\u003e\n            \u003c/configuration\u003e\n\n            \u003cphase\u003ecompile\u003c/phase\u003e\n\n          \u003c/execution\u003e\n\n        \u003c/executions\u003e\n      \u003c/plugin\u003e\n      ...\n    \u003c/plugins\u003e\n  \u003c/build\u003e\n```\n\n### 2.2、插件`configuration`配置说明\n\n#### 2.2.1、ghooks标签\n\n在该标签下面配置git hook。\n\n#### 2.2.2、commit-msg标签\n\n该标签是git hook钩子标签，目前可用的钩子标签如下：\n\n```\napplypatch-msg\npre-push\ncommit-msg\npre-rebase\npost-update\nprepare-commit-msg\npre-applypatch\nupdate\npre-commit\n```\n\n### 2.2.1、配置内置钩子脚本\n\n目前提供的内置钩子脚本有:\n\n* [validate-commit-message/validate-commit-message.sh](https://github.com/arthinking/git-hook-maven-plugin/tree/master/git-hook-maven-plugin/src/main/resources/validate-commit-message)\n\n`validate-commit-message/validate-commit-message.sh`钩子脚本, 该脚本主要用于校验提交日志的格式规范, 遵循[AngularJS Git Commit Message Conventions](https://docs.google.com/document/d/1QrDFcIiPjSLDn3EL15IJygNPiHORgU1_OOAqWjiDU5Y/edit#)的格式。\n\n一般在`ghooks`标签中配置git hook脚本标签, 上面例子中配置了`commit-msg`和`pre-commit`钩子标签, 内置的钩子脚本, 可以直接配置使用:\n\n```xml\n\u003ccommit-msg\u003evalidate-commit-message/validate-commit-message.sh\u003c/commit-msg\u003e\n```\n\n钩子标签值的格式:\n\n\u003e 钩子脚本所在文件夹/脚本文件\n\n### 2.2.2、配置自定义钩子脚本\n\n当然, 您也可以配置自己编写的钩子脚本, 脚本的可以是python, shell, perl等格式。在git项目根目录创建一个`ghooks`文件夹把脚本文件放置到该文件夹中:\n\n```\ngit-hook-maven-plugin-demo\n  |-ghooks\n    |-validate-code\n      |--validate-code.sh\n      |--README.md\n  |--src\n    |--main\n      |--java\n        ...\n```\n如上目录结构, 假设该脚本是`pre-commit`钩子, 则可以这样配置:\n\n```xml\n\u003cpre-commit\u003evalidate-code/validate-code.sh\u003c/pre-commit\u003e\n```\n\n建议自定义脚本放置到单独的文件夹中, 如上面的`validate-code`文件夹, 同时提供`README`文件, 阐述脚本的用途, 以及适用于什么钩子。\n\n\u003e 注意: 自己编写脚本的时候, 需要在脚本文件头的注释中声明脚本的版本, 插件检查到脚本版本有变更, 会自动更新项目的钩子脚本。格式如:\n\n```python\n! /usr/bin/env python\n# Just for pre-commit hook\n# hook.version@1.0.2\nimport sys,os,re\n```\n\n详细说明参考: [Git hook介绍](https://git-scm.com/docs/githooks)\n\n## 3、运行\n\nMaven插件的运行依赖于插件配置中的`phase`标签, 该标签声明了此插件会在Maven生命周期的哪一个阶段执行, 比如上面的例子就会在编译期间自动触发。\n\n\n# References\n\n- [自定义 Git - Git 钩子](https://www.git-scm.com/book/zh/v2/%E8%87%AA%E5%AE%9A%E4%B9%89-Git-Git-%E9%92%A9%E5%AD%90)\n- [Plugin Developers Centre](https://maven.apache.org/plugin-developers/index.html)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Farthinking%2Fgit-hook-maven-plugin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Farthinking%2Fgit-hook-maven-plugin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Farthinking%2Fgit-hook-maven-plugin/lists"}