How to set the receive.denyNonFastForwards on a repository in GitHub

Question

I have a repository hosted on GitHub which has several forks.

How can I set up the config of the main repository to set the receive.denyNonFastForwards flag so that the main repository can only accept pushes which are fast forwards and will reject any non fast forwards even if they are --forced

Jacob Helwig · Accepted Answer · 2012-10-23T16:16:45.920

GitHub does not expose this functionality, though there are two options:

GitHub support can set this on a repository.
You can emulate this by setting the GitHub repository as a mirror of another repository that you have more control over. Only give write access to the GitHub account to a minimal set of responsible individuals, and to an account used to do the mirroring. The non-GitHub repository would be where you would set receive.denyNonFastForwards, and have everyone push. The mirroring could then be done by a post-receive hook, cron job, or a combination of the two. A reason to go with both would be to get a minimal time lag between the two repositories, and still make sure everything is up to date even if the post-receive hook failed to update GitHub (if GitHub was down, for example).

Whilst this seems correct, I was able to have GitHub set this on our behalf by contacting their support team and asking for it to be done. — Sam Holder, Oct 23 '12 at 07:43
Good to know. I'll amend the answer to mention GitHub support. — Jacob Helwig, Oct 23 '12 at 16:12

score 0 · Answer 2 · edited Jun 13 '17 at 05:09

0

Github enterprise edition now has a feature for disabling force pushes. For the ones not using the enterprise edition you can configure a pre-push hook.

It is a good practice to never force-push to master unless absolutely necessary.

edited Jun 13 '17 at 05:09

kristianp

5,496
37
56

answered Feb 07 '15 at 19:52

tejasbubane

914
1
8
11

Andry · Answer 3 · 2023-02-25T00:05:51.473

You can do it through another hub like sourceforge.net using the ssh connection.

Just use it as a mirror for the github.com and sync time to time.

One more advanced feature of the sourceforge.net is that you can use dynamic password (2 Factor) without external connection. You can just install google 2FAS phone application and setup the private key been given by the hub and then you can authenticate with the dynamic part of the password without having any outside connection (without internet or SMS).

Pros

No need to disable force pushes and commit-with-amend feature with it. Just do push as is with server profile options by default.
You will always have a backup outside of the github.com and can compare 2 repositories before and after push-with-rewrite.
You still can avoid switching the receive.denyNonFastForwards flag off and on in the remote sf.net repository by pushing the local master branch into a new remote branch say master-<id> and then, compare it with the previous synchronized master-<id>. This will avoid a merge at all because the git new branch creation/delete is a cheap operation. But nevertheless you can not easely delete the current branch in the sf.net because of current branch protection over the receive.denyDeleteCurrent variable, so this leads the current master branch to leave as dormant.

Cons

You need to allocate repo on the sf.net for each such a repo on the github.com and control the synchronization. But there is still is an advantage - the receive.denyNonFastForwards flag is turned on by default for all new repositories on the sf.net.

How to set the receive.denyNonFastForwards on a repository in GitHub

3 Answers3

Linked