Reputation: 159
Enforcing and creating Git policies
I have been tasked with changing Git a bit, and have failed to find anything of relevance on the interwebs - and I am in dire need of directions.
What we have:
a bunch of branches, with the main being test (basically develop) and master branches. master is untouched most of the times.
Now, I have created a continuous integration environment using TeamCity, Jira and Crucible as well as a service written by myself.
What we want to achieve:
- disallow pushing to
test- unless it's TeamCity - reject push on feature branch if the Jira issue of id==branchName is in wrong state
Now, ad1) I have no clue how is such a thing achieved. I might be simply misunderstanding what Git helpers were saying to me, but as I read, I can either disallow completely, or allow completely.
ad2) is nominally easy, as I understand a pre-push hook script has to be used, but it also has to be placed on each dev's local git repository, or can I enforce that somehow?
Upvotes: 2
Views: 120
Answers (1)
Reputation: 312263
As @chicks said, you can absolutely get the features you want using something like GitLab. User restrictions (as in "only teamcity has write-access to this branch") are available out of the box, and there is generally support for server-side hooks that you could use to implement your second requirement.
It's certainly possible to implement the same restrictions on your own, simply serving out git repositories over ssh, but it requires some development effort on your part. The general model is:
- Configure
.ssh/authorized_keysfor yourgituser to include metadata that can be used to identify the user associated with an incoming push, - Write Git hook scripts to perform the per-branch access control or policy enforcement.
There are examples of doing these things here and there; for example, this is an older answer I wrote describing how to ensure that the email address on commits matches the identity of the connecting user.
Using a pre-packaged solution like GitLab will almost invariabely make more sense than trying to roll-your-own.
Upvotes: 2
Related Questions
- How can I prevent changes to existing files but allow creation of files in a git repo?
- How to restrict folders / files on a Git repo?
- User Access Control in git
- Restrict Git Push/Pull
- Set up access control in git (in our own Git server)
- Branch Policy in Github
- Git hook to disallow directory creation in top level
- How do I manage access control to a git repository on a file system?
- Enforce git branch policies
- Git: shell script execute permissions enforced