34

Is there a way to prevent force push into a branch or repository?

I want to stop important branches from having their history rewritten either accidentally or intentionally. How do people deal with this in larger development teams?

Ideally, in my view, would possible to lock few branches per repository, and prevent everyone, other than the repository owner from doing a force push into them.

Michael Mior
  • 28,107
  • 9
  • 89
  • 113
Alex G
  • 522
  • 1
  • 5
  • 13

2 Answers2

33

This is easy to do with Git with a pre-receive hook. Of course, this requires that you are actually able to install hooks, and for obvious reasons, GitHub doesn't allow you to upload arbitrary executable files to run on their servers :-)

In general, the workflow with Git or really any distributed version control system, is that you don't allow other people to push to your repository. Instead, you pull from theirs. This requires a much lower level of trust. So, this would be workaround number 1: don't let them push, have them fork and then pull from them. That way, you can control what goes into your repository.

Another workaround would be to set up your own staging repository on a server you own, where you can install your own Git hooks. You can configure a pre-receive hook which denies pushing if it's not a fast-forward and post-receive hook which automatically forwards all pushes to GitHub. Of course, this means that you lose many of the benefits of using GitHub in the first place.

As a third workaround, you could use multiple repositories. This is a combination of the two other approaches: have one repository that your collaborators can push to and another one that only you have access to, that you pull into from the first repository.

At any rate, you should file a feature request with GitHub (especially if you are a paying customer!) since this seems to be a useful feature.

Jörg W Mittag
  • 363,080
  • 75
  • 446
  • 653
  • 2
    [GitHub Support: Disable push commits](http://support.github.com/discussions/feature-requests/397-per-repository-option-to-disable-git-push-force-enable-receivedenynonfastforwards). That request seems to have been languishing for a while. Thanks for the clarifiction on the git way of thinking. Multiple repositories with few trusted 'release managers' may be right approach. – Alex G Feb 23 '11 at 19:04
  • 8
    Considering how easy it is to [set up a Git repo to deny non-fast-forwards](http://git-scm.com/docs/git-config) (see **receive.denyNonFastForwards**), you would think that GitHub would have provided it as a per repo setting by now. –  Jun 07 '13 at 21:24
18

GitHub announced the "protected branches" feature:

[...] a new feature called Protected Branches which gives repository administrators the ability to disable force pushes to specific branches. [...] go to the Branches tab in repository settings and protect branches.

Source: https://github.com/blog/2051-protected-branches-and-required-status-checks

Repository > Settings > Branches

fnkr
  • 9,428
  • 6
  • 54
  • 61