Add a pre-push hook

For security reasons, this hook needs to be installed manually (after
inspecting it!!!) to `.git/hooks/pre-push`.

The hook assists developers by verifying that `dist/` is up to date and
that the version number in `package.json` is set correctly when pushing
a tag.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

pre-push.hook

@@ -0,0 +1,45 @@
+#!/bin/sh
+
+# This pre-push hook ensures that we only push branches with up to date files in `dist/`.
+#
+# While at it, it also ensures that it is itself up to date with `pre-push.hook`
+
+die () {
+    echo "$*" >&2
+    exit 1
+}
+
+LF='
+'
+
+git diff --no-index --quiet pre-push.hook "$(git rev-parse --git-path hooks/pre-push)" ||
+die 'The `pre-push` hook is not up to date with `pre-push.hook`'
+
+# Verify that any tagged version is reflected in its `package.json`
+for tag in $(git for-each-ref --format='%(refname:short)' --points-at=HEAD 'refs/tags/v[0-9]*')
+do
+    out="$(git tag --verify $tag 2>&1)" ||
+    die "$out$LF${LF}Tag $tag is not signed/signature cannot be verified"
+
+    git grep -q '"version": "'"${tag#v}"'"' refs/tags/$tag -- package.json || {
+        sed 's/\("version": "\)[^"]*/\1'"${tag#v}"/ <package.json >package.json.new &&
+        mv -f package.json.new package.json
+        die "package.json did not reflect $tag; It was adjusted."
+        exit 1
+    }
+done
+
+git diff --quiet dist/ ||
+die '`dist/` is dirty'
+
+base="$(git rev-list HEAD -1 -- dist/)"
+if test 0 -lt $(git rev-list --count ${base+$base..}HEAD -- \*.ts)
+then
+    echo "Verifying that dist/ is up to date" >&2
+    npm run prepare &&
+    if ! git diff --quiet dist/
+    then
+        echo "Committing dist/ because it was not up to date" >&2
+        git commit -sm "npm run prepare" dist/
+    fi
+fi