Geek Answers Handbook

Prevent branching and merging of specific branches

Is there a git hook or some other way to prevent branching and merging of individual branches. We want to make sure that we do not integrate the dirty branch of integration into our clean deployment branch.

The main goal is that people cannot accomplish something like this:

git checkout integration git checkout -b major_problem_branch

or

 git checkout deployment_or_hotfix_or_feature_branch git merge integration
+6
source share
7 answers

You can use branch permissions on the server by adding this to the configuration file in your open repository:

 [hooks] allowedtomerge = user1,user2,user3 protectedbranches = master

This will allow user1, user2 and user3 to join together to manage the branch, but nothing more.

Or you can create a binding before committing:

 #!/bin/bash if [[ `git symbolic-ref HEAD` == "refs/heads/master" ] -a ["$USER" != "user1"]] then echo "You cannot commit in master!" exit 1 fi

Then you have people who value and allow change to go forward.

Ideally, I would use a system that you like, for example, gerrit or assembly or github. They have good ways to manage the master branch through merge requests.

+4
source

In general, you cannot reliably prevent someone from making changes to their local repositories. If you do not trust your developers to never make mistakes (in which case you will not need it), you should run your checks on hooks on your server.

This means that you cannot count on preventing the fork of people, and I'm not sure why you really wanted to. What you can do is get people to push away work that has not been "approved" in the server deployment branch (which I will call deploy ).

Now the first question is how to express this statement.

If you need a workflow where an authorized person needs to check the work before deploying it, I would ask the reviewer to follow these steps if the work currently lives in branches called review :

  • Make sure deploy fully integrated with review , so deploy can be quickly redirected to review later.
  • Do any appropriate review .
  • Create and click the signed tag ( git tag -s ) using an authorized key for the review content.
  • Fast forward deploy to review ( git checkout deploy , git merge --ff-only review ) and click.

If instead you want someone to be able to deploy, but you want them to think about it first, you could do the same thing except debug the signature requirements. Or you can bless a particular branch ( tested , say) and require that all work be merged and clicked on tested before it is moved to deploy .

How can the server verify that this permission has been granted for the deploy branch? The basic plan is to use the update hook to accept or reject ref-updates for refs/heads/deploy in accordance with the acceptance criteria that you decided on.

If you need a tag that meets certain criteria, for example, is signed with an approved key, you can find all the tags that point to the new object offered for deployment using git for-each-ref refs/tags . Remember to accept the update if any tag meets the criteria, or sooner or later someone is going to click on a bad tag that blocks deployment. Checking that the right key has been used remains as an exercise for the reader, but gpg --no-default-keyring --keyring=approved.gpg can help.

If you make a commit while someone is tagging it, you can use git describe --exact-match <object> . If you want to restrict to tags with a specific name pattern, add --match <pattern> . If you accept unannotated tags, add --tags .

If you want the work to be merged with a blissful branch before merging with the deployment, you can verify that the output of git rev-parse tested is equal to the proposed new object.

In all cases, you probably want to double-check that clicking is a quick redirect. You can verify that git merge-base <old> <new> is equal to <old> .

+3
source

I don’t think Git has allowed branch support, you should use gitolite for such a requirement.

You even have a very cool gitolite web interface called GitLab , similar to github.

+1
source

If you never want to merge with the dirty integration branch into the clean deployment branch, you can clone the deployment repository and then do the dirty integration work only on the clone (repository without deployment).

+1
source

May I advise you to use git nvie stream . Model It keeps all your branches where they should be, using very simple commands. Here cheatsheet

+1
source

Please note: if you want to control access rights at the central repo level, Assembla is one git hosting service that now (March 2013) allows secure branches:

See " Put Your Forks Introducing Secure Branches :

A Protected branch is a restricted write branch.
Indicate the participants (or groups) of your team who will be able to send the code to the branch:

group

Now only these people can click on the Master branch.
All others will have to contribute code through merge requests. They will be able to click on any other branch in the repo, but not Master .

protected master branch

+1
source

With an industry feature (as described here in my article: http://dymitruk.com/blog/2012/02/05/branch-per-feature/ ) you have an idea for a release candidate. You can add an update hook to the server to ensure that the merger base of the candidate for release and development (as an integration branch) has a common base, which is the iteration start tag. This ensures that all you have is the functions themselves.

If you want to be more confident, you can see if the function is complete. You will need to connect the hook script to your problem tracking system. If a function that integrates does not have a β€œfull” status, you may also fail at this point. For example, Jira provides a way to interact with it through the command line.

0
source

More articles:


All Articles