37

I have some Git private repositories on a GitHub company account, and I don't want anybody to push on some specific branches (like master, develop and beta or by pattern). I also tried to define some hooks but I want this to be done on GitHub and not done with a pre-push hook on the clients.

So to explain my problem simply, I want:

git push origin develop

to be refused by the server (which is GitHub) because of the branch name, but I do not want a client check by pre-push hook, I really want GitHub to do the check and refuse it.

Also if it's possible to allow only certain users to do so, but disabling it for everybody would be enough at first.

random
  • 9,774
  • 10
  • 66
  • 83
Huafu
  • 2,445
  • 1
  • 22
  • 26

4 Answers4

29

Ok I got the answer from IRC after a long chat. I'll have to work with forks and pull requests, or add pre-push hooks on each dev's machine since GitHub doesn't allow per branch permissions neither pre-publish canceling hooks. Here is a part of the answers I got:

Fork the repository. then the developer can work on their own version of the repository, and doesn't have to worry about committing to the wrong branch. And then someone upstream can always merge into whatever branch should be committed into.

Yeah but we're a company and we don't want that all our devs have forks

Why not?

Well they should be able to push their branch on a common repo to work with some other devs on the same feature for example.

Have a read through https://help.github.com/articles/using-pull-requests. You can still send patches around between multiple forks. This is the model that git was built on

I know but I want to be able to see quickly in a central way the actual work on any feature/hotfix, ...

To cut a long story short: GitHub doesn't support per-branch permissions

Community
  • 1
  • 1
Huafu
  • 2,445
  • 1
  • 22
  • 26
11

I know that this post is pretty old, but I believe that it may still help for some of you who are looking for an answer.

Well, now it is possible on GitHub.
Recently GitHub have introduced the Protected Branches feature, which makes it possible:

Protected branches block several features of Git on a branch that a repository administrator chooses to protect. A protected branch:

  • Can't be force pushed
  • Can't be deleted
  • Can't have changes merged into it until required status checks pass
  • Can't have changes merged into it until required reviews are approved
  • Can't be edited or have files uploaded to it from the web

Good luck.

Slavik Meltser
  • 9,712
  • 3
  • 47
  • 48
  • 5
    Thanks but protected branches are there since a while, and still people can push to it. They can't force push, but they do can push :-/ – Huafu Sep 20 '16 at 23:30
  • 1
    I just tested it, and when you enable protected branches, you cannot push directly into this branch anymore, only through pull-request. You can also require admins to behave the same way. – Slavik Meltser Sep 21 '16 at 05:37
  • I do have master and develop protected, and until yesterday I could still push to it directly. I'll double check on the config when on my computer. Thanks! – Huafu Sep 21 '16 at 05:44
  • 4
    If you are an admin of this repository, you will be able to push into master unless you check the checkbox in the protected branch setting of master, that says to also apply this restriction on administrators. – Slavik Meltser Sep 21 '16 at 05:47
  • 1
    I can push to a protected branch. It only stops force push. You can prevent a regular push only by adding some restriction - required review or status checks. – amit_saxena Jul 13 '17 at 09:51
4

The hooks you are looking for are pre-receive and update - the former is run once per push, the latter once per branch per push; but importantly, these are hooks on the server side.

Oliver Matthews
  • 7,497
  • 3
  • 33
  • 36
  • Yes thank you but what should I plug on this hook, I meant, there are many plugins and I don't know which one to use. Or did I go to the wrong page? (and I guess I'll have to use update in case a push is done on many branches) – Huafu Aug 29 '13 at 20:47
  • The scripts get passed the ref's being pushed. You can call `git rev-list --pretty=format` to get the email / name - check the help for rev-list for the format. – Oliver Matthews Aug 29 '13 at 20:50
  • Also you might want to consider pre-recieve - if a user tries to push to a branch he is allowed to and too one he isn't at the same time, do you take the allowed one or reject the lot? – Oliver Matthews Aug 29 '13 at 20:52
  • Ok, I guess I couldn't find how to create a script on hook for GitHub, I'll drop a deeper eye, thanks again ;-) – Huafu Aug 29 '13 at 20:52
  • Not 100% what you are looking for, but consider http://stackoverflow.com/questions/824990/git-gitosis-how-to-check-validity-of-user-name-and-email or https://gist.github.com/caniszczyk/1327469 – Oliver Matthews Aug 29 '13 at 20:55
  • 2
    Yeah well, I think I wasn't clear enough in my question. My question is really specific to GitHub.com, how to add a script hook, or what plugin to choose to achieve my needs on GitHub specifically. So when I go to the URL https://github.com/my-company/my-repository/settings/hooks I have a list of service hooks and I was wondering which one I have to use to do what I want to do. – Huafu Aug 29 '13 at 20:58
1

OK, so it seems possible to prevent push directly to a protected branch w/o a pull request. However, as you likely have admin rights, you need to tick both of these options below to see it in effect yourself:

enter image description here

Fellow Stranger
  • 32,129
  • 35
  • 168
  • 232