Reputation: 708
How to prevent gerrit push to authoritative repository
We've been using gerrit for a few years, but we don't use the workflow described in the gerrit documentation. The developers who drove the adoption of gerrit and manaaged it for us are no longer here, unfortunately, so we have no local experts. We don't clone from gerrit, but instead clone from our authoratitive repository and have a 'gerrit' remote specified in our clones. Recently we had a user use the command:
git push gerrit master;refs/for/master/some_comment
Since the ';' terminated the command it became just
git push gerrit master
which actually pushed the commit to the master branch of the authoratative repository. However, it did so without executing the pre-recevie hook (or any hooks as near as I can tell) in the authoratative repository. We have two questions:
Is there a way to tell gerrit to reject this type of push? I tried setting the project to Read-only, but that also rejects correctly formatted change pushes.
If not, can we ensure that the hooks in the authoritative repository get executed?
Upvotes: 0
Views: 225
Answers (1)
Reputation: 971
To prevent direct pushes into the repository, remove the Push permission from refs/heads/* in the project's access controls.
The Push permission should remain on refs/for/refs/heads/* to allow developers to push changes for review.
Upvotes: 1
Related Questions
- Gerrit - how to disallow direct push to "master" but allow to other branches
- How to restrict gerrit repository options configurations?
- Add only specific repository for Gerrit
- Force push to Gerrit even with no new changes
- Make all Gerrit Repositories Read only
- How to disable direct push to Gerrit?
- How to prevent gerrit from modifying other commits?
- Gerrit and repo
- Why Gerrit is accepting pushes, it can't handle?
- How to prevent gerrit replication ref/changes/* to mirror git repository