It would be pretty beneficial if admins could warn users instead of blocking them. It would help with transitions and would also make companies with more lax workflows find more use out of hooks.
Since pre-receive hooks can print out output to the pusher and still accept the commit, there’s no reason to make a separate post-receive hook.
There is only one hook, but with configurable behavior.
Add a Disabled / Warn / Block dropdown option in the global options.
Add a “warn_dont_block” boolean option to mohami-security.yml.
If the “warn_dont_block” is missing, and the global hook is enabled, inherit the global hook configuration.
If the option is missing, and the global hook is disabled, default to blocking behavior (i.e. false).
Remember to update the hook description in UI (currently it says “Reject vulnerable commits”)
I reviewed related API and it doesn’t seem that PostReceiveHook can return anything to client shell.
PreRepositoryHook returns RepositoryHookResult while PostRepositoryHook has void return type
Atlassian documents are often outdated
I’m not seeing any hook response among parameters
Atlassian would never remove such functionality, it doesn’t make any sense for them to do so.