0

I have an application which relies on other modules to work properly. Those modules are on my Gitlab server. These are pulled via composer.json to the client's server. How the client gets the permission to do so is via "Deployment keys". I take the client's public key and add it to the module's deployment keys section in the settings.

The problem with this approach is that the client can open composer.json and simply pull any branch they desire as long as they know the branch name. However, I'd like for the client to be able to pull only one specific branch. So when I setup the client's server, I know for certain that they can only get what I want them to and not the whole repository.

Is there a way to set Gitlab in such a way to only allow access to a certain branch and not the whole repository?

The Gitlab version is 9.

Please note that this is all about deployment and not to help some development process. Allowing forking etc. doesn't really apply to my situation.

halfer
  • 19,824
  • 17
  • 99
  • 186
aborted
  • 4,481
  • 14
  • 69
  • 132
  • In short: no. You can write-, merge-, fork- or delete-protect branches, but cannot read-protect. – phd Dec 20 '17 at 16:02
  • Hey, thanks for the answer. I don't believe that it is a true duplicate of the one you linked to, since my situation is totally different. Anyway, is there a workaround I could use which might not even involve Gitlab at all? – aborted Dec 20 '17 at 16:29
  • You can try gitolite with [deny-rules](http://gitolite.com/gitolite/conf-2/). – phd Dec 20 '17 at 19:21
  • Possible duplicate of [How to restrict access to master branch on git](https://stackoverflow.com/questions/38864405/how-to-restrict-access-to-master-branch-on-git) – 1615903 Dec 21 '17 at 06:42
  • @1615903 The answers there list every possible kind of protection except the only one the OP needs — read protection! :-D – phd Dec 21 '17 at 10:16

0 Answers0