`ggshield install --mode global` fails on Windows

[mherzberg]

Environment

• ggshield version: 1.32.1
• Operating system (Linux, macOS, Windows): Windows 11
• Operating system version: 23H2
• Python version: 3.10.11 (I believe - whatever is part of your self-contained Windows release)

Describe the bug

ggshield install --mode global fails to install the pre-commit hook.

I suspect this is because of changes introduced through this PR, which added env["GIT_CONFIG_GLOBAL"] = os.getenv("GG_GIT_CONFIG", "") among other git config related changes. The PR comment "Set the appropriate environment variables to ignore any git configuration." appears to assume the code is only used for read operations on the config file. However, as seen in the stack trace below, the code is also executed when setting core.hooksPath.

Steps to reproduce:

1. Download the latest self-contained ggshield version for Windows.
2. Run ggshield install --mode global on a Windows machine.
3. The installation fails, as shown below.

Actual result:

Version 1.32.1 fails to install the pre-commit hook:

PS C:\Users\User\Downloads\ggshield-1.32.1-x86_64-pc-windows-msvc\ggshield-1.32.1-x86_64-pc-windows-msvc> .\ggshield.exe install --mode global
Traceback (most recent call last):
  File "ggshield\__main__.py", line 194, in <module>
  File "ggshield\__main__.py", line 190, in main
  File "click\[core.py](http://core.py/)", line 1078, in main
  File "click\[core.py](http://core.py/)", line 1688, in invoke
  File "click\[core.py](http://core.py/)", line 1434, in invoke
  File "click\[core.py](http://core.py/)", line 783, in invoke
  File "ggshield\cmd\[install.py](http://install.py/)", line 57, in install_cmd
  File "ggshield\cmd\[install.py](http://install.py/)", line 70, in install_global
  File "ggshield\utils\git_shell.py", line 230, in git
  File "ggshield\utils\git_shell.py", line 204, in git
  File "[subprocess.py](http://subprocess.py/)", line 526, in run
subprocess.CalledProcessError: Command '['C:\\Program Files\\Git\\cmd\\git.EXE', 'config', '--global', 'core.hooksPath', 'C:\\Users\\User\\.git\\hooks']' returned non-zero exit status 4.
[17472] Failed to execute script '__main__' due to unhandled exception!

Expected result:

Version 1.32.0 installed fine, I expect version 1.32.1 to also install fine:

PS C:\Users\User\Downloads\ggshield-1.32.0-x86_64-pc-windows-msvc\ggshield-1.32.0-x86_64-pc-windows-msvc> .\ggshield.exe install --mode global
pre-commit successfully added in C:\Users\User\.git\hooks\pre-commit
A new version of ggshield (v1.32.1) has been released (https://github.com/GitGuardian/ggshield).
PS C:\Users\User\Downloads\ggshield-1.32.0-x86_64-pc-windows-msvc\ggshield-1.32.0-x86_64-pc-windows-msvc>

[agateau-gg]

Good catch, this is indeed a regression of 1.32.1. Looking into it.

[bapturp]

I have similar issue with the brew installed version of ggshield 1.32.1 running the very same command ggshield install --mode global:

Traceback (most recent call last):
  File "/opt/homebrew/bin/ggshield", line 8, in <module>
    sys.exit(main())
             ~~~~^^
  File "/opt/homebrew/Cellar/ggshield/1.32.1/libexec/lib/python3.13/site-packages/ggshield/__main__.py", line 190, in main
    return cli.main(args, prog_name="ggshield", standalone_mode=not show_crash_log)
           ~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/ggshield/1.32.1/libexec/lib/python3.13/site-packages/click/core.py", line 1078, in main
    rv = self.invoke(ctx)
  File "/opt/homebrew/Cellar/ggshield/1.32.1/libexec/lib/python3.13/site-packages/click/core.py", line 1688, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
                           ~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^
  File "/opt/homebrew/Cellar/ggshield/1.32.1/libexec/lib/python3.13/site-packages/click/core.py", line 1434, in invoke
    return ctx.invoke(self.callback, **ctx.params)
           ~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/ggshield/1.32.1/libexec/lib/python3.13/site-packages/click/core.py", line 783, in invoke
    return __callback(*args, **kwargs)
  File "/opt/homebrew/Cellar/ggshield/1.32.1/libexec/lib/python3.13/site-packages/ggshield/cmd/install.py", line 57, in install_cmd
    install_global(hook_type=hook_type, force=force, append=append)
    ~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/ggshield/1.32.1/libexec/lib/python3.13/site-packages/ggshield/cmd/install.py", line 70, in install_global
    git(["config", "--global", "core.hooksPath", str(hook_dir_path)])
    ~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/ggshield/1.32.1/libexec/lib/python3.13/site-packages/ggshield/utils/git_shell.py", line 230, in git
    raise exc
  File "/opt/homebrew/Cellar/ggshield/1.32.1/libexec/lib/python3.13/site-packages/ggshield/utils/git_shell.py", line 204, in git
    result = subprocess.run(
        [_get_git_path()] + command,
    ...<4 lines>...
        cwd=str(cwd),
    )
  File "/opt/homebrew/Cellar/python@3.13/3.13.0_1/Frameworks/Python.framework/Versions/3.13/lib/python3.13/subprocess.py", line 577, in run
    raise CalledProcessError(retcode, process.args,
                             output=stdout, stderr=stderr)
subprocess.CalledProcessError: Command '['/opt/homebrew/bin/git', 'config', '--global', 'core.hooksPath', '/Users/username/.git/hooks']' returned non-zero exit status 4

[rgajason]

Could we get a release with this fix? This has been pretty impacting for us. Or is there a "last known good" version?

[agateau-gg]

We just released 1.32.2, which fixes this issue.