6 Essential Git Hooks for Local Development and CI Efficiency
These articles are AI-generated summaries. Please check the original sources for full details.
The 6 Git Hooks I Copy Into Every New Repo
RAXXO Studios maintains 15 active repositories using a standardized set of local git hooks to automate quality control. These hooks run in as little as two seconds, catching errors before they reach the remote repository.
Why This Matters
While CI/CD pipelines are standard, they often suffer from high latency, taking 90 seconds to 3 minutes to report failures. Implementing local hooks provides immediate feedback, preventing context-switch fatigue and ensuring that only verified code enters the git history, which is critical for maintaining a clean changelog and preventing irreversible secret leaks in public repositories.
Key Insights
- Incremental type checking using tsc —noEmit —incremental reduces subsequent linting runs from 8 seconds to under 1 second.
- Conventional commit enforcement through regex allows for 100% automated changelog generation using tools like release-please or changesets.
- Post-merge dependency synchronization automatically triggers npm or bun install when package lockfiles change, eliminating environment drift.
- Pre-commit secret scanning uses grep-based patterns to detect AWS keys, OpenAI tokens, and SSH private keys before they are committed.
- Branch protection hooks prevent accidental direct pushes to production branches, acting as a Friday evening safety buffer.
Working Examples
Regex-based hook to enforce conventional commit messages.
#!/bin/sh
# .git/hooks/commit-msg
commit_msg=$(cat "$1")
pattern="^(feat|fix|chore|docs|refactor|test|perf|style|ci|build|revert)(\([a-z0-9-]+\))?: .{3,}$"
if ! echo "$commit_msg" | grep -qE "$pattern"; then
echo "Commit message must follow conventional commits format:"
echo " feat: add login button"
echo " fix(auth): handle expired tokens"
exit 1
fiAutomatically reinstalls dependencies if lockfiles change after a merge.
#!/bin/sh
# .git/hooks/post-merge
changed_files="$(git diff-tree -r --name-only --no-commit-id ORIG_HEAD HEAD)"
check_run() {
echo "$changed_files" | grep --quiet "$1" && eval "$2"
}
check_run package.json "npm install"
check_run package-lock.json "npm install"
check_run bun.lockb "bun install"
check_run pnpm-lock.yaml "pnpm install"Practical Applications
- Use Case: Automated dependency management via post-merge hooks prevents local development crashes after pulling team changes. Pitfall: Neglecting lockfile updates leads to broken environments and manual debugging.
- Use Case: Secret scanning in the pre-commit phase prevents accidental disclosure of API keys. Pitfall: Deleting a secret in a subsequent commit does not remove it from Git history, requiring immediate key rotation.
- Use Case: Conventional commit regex ensures changelogs are machine-readable. Pitfall: Vague commit messages like ‘wip’ break automated release tools and obscure project history.
References:
Continue reading
Next article
Analyzing the ROI of Knowledge Hoarding: Lessons from Two Years of Personal Knowledge Management
Related Content
Mastering git rm --cached: Removing Files from Tracking Without Local Deletion
Learn to use the git rm --cached command to remove sensitive files from the Index while preserving local data, preventing accidental commits of secrets and heavy dependencies.
RDLC Development for Business Central: Eliminating Deployment Feedback Loops
Bypass 5-minute Business Central deployment loops for RDLC reports using a custom WPF renderer, reducing feedback time from minutes to seconds.
CodeSnippet Pro: Building a Personal Code Management Tool
Developer M Fadhil Pratama built CodeSnippet Pro to reduce code repetition across projects, addressing a common productivity bottleneck.