3

Is there a way to lock the Git branch for writing AND reading? So that no writing to the branch and no cloning from the branch will be possible, but just for one person who is build engineer?

Here is the scenario:

The code has been pushed to the Git repository and then the development branch was made. Now the idea is to lock the master branch for everybody, but one person and have devs to clone from the development branch and push the code back to the development branch.

Only one person - build engineer should have access to the master branch.

Also, is there a good Gui tool that can work with Git? We currently use SourceTree, but it displaying the tree and commits is ugly.

Thank you.

Igor
  • 5,620
  • 11
  • 51
  • 103
  • Generally, a Git server (such as Github or Stash) will allow you to prevent pushes to specific branches. I can't see a reason for prevent *pulls* from a specific branch. – Oliver Charlesworth Mar 25 '16 at 19:57
  • Possible duplicate of [A way to restrict Git branch access?](http://stackoverflow.com/questions/8781240/a-way-to-restrict-git-branch-access) – Frxstrem Mar 25 '16 at 19:59
  • @OliverCharlesworth, because regular development should be done from the development branch. Regular developer should not have access to the master branch. Also what about the Gui tool? Is there something better? – Igor Mar 25 '16 at 20:28

1 Answers1

3

Git works at the repository level, which means if you can clone a git repo, you can clone it completely (with all its branch)

That means read access cannot be enforced below the repo level (for a branch).
The all repo can be made private, but that is not a feature from git, more a listener managing access in front of the git repo (like an Apache server or and ssh daemon coupled with user authentication and authorization).

To achieve complete read protection, you would need two repos:

  • one for master
  • one for dev (typically a fork of master)

Developers would still have access to master through the original repo that was forked though.
For a complete isolation, you would need to make the first repo a private one, and the second would no longer be a fork.

But more generally, having (read) access to master is not a bad practice:

  • as long as non-forward push to development branch is blocked, that means a rebase of said development branch is not possible: any development goes on on that branch (and not master)
  • Developers can still compare their commits to master, and/or cherry-pick or merge some of master commits to the development branch, should they need to include some hot-fix done on master (before the next merge)
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • @jthill below seems more accurate, although git itself does not deny access to a repo at all. You can put listeners in front of the repo which will deny access, but git itself is just a version file manager whose `receive-pack`/`upload-pack` will happily receive/transfer anything you ask. I have edited the answer accordingly. – VonC Mar 25 '16 at 21:25