Someone used git push --force but I can't tell who did it from the logs. Is there a way to identify the culprit?
Asked
Active
Viewed 2.2k times
41
Kevin Panko
- 8,356
- 19
- 50
- 61
glevine
- 697
- 1
- 7
- 19
-
10You could get each member of your team to take a polygraph. Failing that tell them everyone will have to work through their lunch for a week if the culprit doesnt come forward – cowls Feb 22 '13 at 16:11
-
1Note that you would soon be able to [do a `git push --force` in a more secure way](http://stackoverflow.com/a/18505634/6309) – VonC Sep 10 '13 at 11:58
2 Answers
60
Update Nov. 2018: if you are pushing to a centralized Git repository hosting service like GitHub, then you would be able to see who has forced push your branch. But only because GitHub has chosen to surface that event in its GUI.
See more at "Find committer of a force push on GitHub".
Original answer 2013:
As I mention in "Distributed Version Control Systems and the Enterprise - a Good mix?", there is no authorization or authentication with Git alone.
You need an authorization layer like Gitolite in order to keep track of who does what. (Gitolite comes with its own audit trail mechanism).
But if your repo is accessible through file (or local) protocol, then you cannot know who forced pushed.
(from motivationalgenerator.com, and wikipedia)
VonC
- 1,262,500
- 529
- 4,410
- 5,250
-
Using bitbucket. No record. Could it be done accidentally with some GUI tool that doesn’t bring up a dialog to warn the user? – wcochran Feb 22 '19 at 20:52
-
@wcochran I confirm the record I mention above is for GitHub repository only. For BitBucket, a `push --force` can be done from any number of sources, including a simple command line session. – VonC Feb 22 '19 at 22:50
4
If you are lucky enough to use GitHub or GitHub for Enterprise, you can have a look to the events REST API and check who/when Pushed/Dropped to the remote refs, example for log4j:
Pierrick HYMBERT
- 727
- 8
- 6