git command to find out who pushes a tag to server?

Question

We use gitlab and through its push events I can find out who push a tag to server,

But I can't find the git command to do that. Is it possible ?

Answer 1

You can query gitlab API about tags. See https://docs.gitlab.com/ee/api/tags.html .

$ curl '--header' 'Authorization: Bearer *****' https://gitlab.com/api/v4/projects/:id/repository/tags |
> jq '.[] | .name, .commit.author_name'
{"name":"1.0.0","who":"he"}
{"name":"0.3.4","who":"other guy"}
etc.

Answer 2

No, not through git alone.

git stores information about the commits (the author, the creation date ...) and the signed tags, but git alone is completely oblivious to the users that can exist on gitlab, and to the actions they can have taken.

For example : it is perfectly possible that @yuqi in your example has pushed the work of @bob, and that @yuqi hasn't authored or edited any commit in person.
A more realistic example would be : if @cibot pushed tags, chances are @cibot itself wouldn't create the commits.

---

The information "this gitlab user has done this action" can only be served by gitlab itself.

Check gitlab's API (perhaps someone with more experience than me with gitlab can name the correct endpoint), or find some other way to recover that information from gitlab -- if you have a self hosted version of gitlab, perhaps you can ssh to the server and get your information from there.

Answer 3

Unfortunately, I am afraid that it is not possible to do it with Git only. I have no idea how does Gitlab works internally but Git alone lets you intercept some "events" so that you can extend the behaviour of a certain action. You might already know them, but these "action listener" are called git hooks. The one you are interested in is a server-side hook: post-receive.

I invite you to read the documentation of course, but you can test it immediately by creating a file called post-receive inside .git/hooks folder. Then you make it executable, with

chmod +x .git/hooks/post-receive

And this file is automatically called every time the refs update is complete after your git server receives a push. To detect the push of a tag, the script body could be like:

#!/bin/bash

while read -a line 
do
        if [[ "${line[2]}" == refs/tags/* ]]
        then
                # echo "old-value: ${line[0]}"
                # echo "new value: ${line[1]}"
                # echo "tag: ${line[2]}"
        fi
done

It takes no arguments, but for each ref to be updated it receives on standard input a line of the format:

<old-value> SP <new-value> SP <ref-name> LF 

where <old-value> is the old object name stored in the ref, <new-value> is the new object name to be stored in the ref and <ref-name> is the full name of the ref. When creating a new ref, <old-value> is the all-zeroes object name.

_{This is actually taken from the pre-receive hook, but input is the same}

But how do I know who pushed?

I cannot properly answer to this question, just a theory. Unless you have a signed push, where additional environment variables (like GIT_PUSH_CERT_SIGNER) are created after the sign gets verified, you could retrieve the identity of the user who is pushing be examining the SSH and HTTPS sessions. For example, Gitlab logs them, as described here.

---

To be honest, I believed (and I still do) it would be possible, but I was not lucky enough to find a way perhaps.

Answer 4

Here is a working solution:

git log --pretty=format:"%d %an" --tags --no-walk

Look at https://git-scm.com/docs/pretty-formats for further formatting options.