feat(git): allow to install git-hook functions to local repositories

[NiasSt90]

Changes

Allow to install git-hook functions to local git repositories.

Context

• Support for Gerrit #4109
• Move all Git commands behind a PlatformScm interface #19065
• feat: Move some Git commands behind a PlatformScm interface #19327

Documentation (please check one with an [x])

• I have updated the documentation, or
• No documentation update is required

How I've tested my work (please select one)

I have verified these changes via:

• Code inspection only, or
• Newly added/modified unit tests, or
• No unit tests but ran on a real repository, or
• Both unit tests + ran on a real repository

[renovate-release]

🎉 This PR is included in version 34.88.0 🎉

The release is available on:

• GitHub release
• 34.88.0

Your semantic-release bot 📦🚀

[fgreinacher]

@viceice @rarkins Reviewing the changelog we were a bit concerned about the security implications of this first, but then noticed that the functionality is not used in the main codebase. Can you shed some light on the idea here?

/cc @dlouzan @nejch

[rarkins]

It's for Gerrit support later

[viceice]

Updated context in PR description

[fgreinacher]

Thanks for the quick answers! I assume this is the relevant part of #4109, correct?

install the gerrit-commit hook in initRepo
to create a change-id if not already exists in commit-message.

[NiasSt90]

If there are real concern about the hook i can try to avoid it for the Gerrit implementation.
The commit-msg hook needed for Gerrit is only needed to generate a Change-ID by calling this:

random=$( (whoami ; hostname ; date; cat $1 ; echo $RANDOM) | git hash-object --stdin)
($1 == file with the existing commit-msg)

This random value will be added to the commit-msg (a new line) like "Change-Id: I${random}"

A random UUID should be sufficient for this.

[viceice]

If there are real concern about the hook i can try to avoid it for the Gerrit implementation. The commit-msg hook needed for Gerrit is only needed to generate a Change-ID by calling this:

random=$( (whoami ; hostname ; date; cat $1 ; echo $RANDOM) | git hash-object --stdin) ($1 == file with the existing commit-msg)

This random value will be added to the commit-msg (a new line) like "Change-Id: I${random}"

A random UUID should be sufficient for this.

Sounds good. let's revert this feature then.

[fgreinacher]

Sounds cool! I think Renovate should avoid arbitrary code execution as good as possible.

[NiasSt90]

Could be reverted, i've tried and it works with:

/**
 * This function should generate a Gerrit Change-ID analogous to the commit hook. 
 * We avoid the commit hook cause of security concerns.
 * random=$( (whoami ; hostname ; date; cat $1 ; echo $RANDOM) | git hash-object --stdin) prefixed with an 'I'.
 * TODO: Gerrit don't accept longer Change-IDs (sha256), but what happens with this https://git-scm.com/docs/hash-function-transition/ ?
 */
function generateChangeId():string {
  return 'I' + createHash('sha1').update(randomUUID()).digest('hex');
}

I'm only need to check how this works after the git hash-function-transition. Currently Gerrit (3.7.0) wont accept Change-Ids that are longer then sha1.

Sorry for the noise with this PR.