2

In our main branch we have a file that contains specific configurations. Let's call this file .example-conf.

When the developer creates his branch and pull requests. He can change the content of .example-conf file, so his pull request will execute our custom script based on these configs. Changes in file .example-conf should be ignored on the moment of merge.

We need to prevent developers from modifying .example-conf file in the main branch. But that file should be there for them when they create a branch from main.

We tried implementing a solution with .gitattributes but that doesn't work as there are no conflicts during the merge. So as result after merge content of .example-conf will be modified. We need it to stay same as on main branch.

We use GitHub for version control.

How can this be done?

kutsyk
  • 185
  • 1
  • 13
  • The simplest thing to do _if you want to keep the file in the repo_ is to tell git (every single developer) to just ignore changes on it: `git update-index --assume-unchanged .example-conf`.... but it's a per-repo operation, that's why I say that every developer will have to run it. Perhaps you might add a file with the instructions for developers to be able to set up their environment and this is just one more step in the process. – eftshift0 Jul 05 '21 at 13:16
  • @eftshift0 thanks for the answer. But in this case, they won't be able to push it with different content into their feature branch. We need them to be able to modify it in their specific branch but prevent changes in `main` branch. – kutsyk Jul 05 '21 at 13:21
  • ??? So you want to be able to see the change in git **in that specific branch**? But then you want to discard the change _when merging_? Just so that I am sure that I understand: say I am a developer on branch X, I changed that file.... I add all my changes into the feature branch (other files) **but** I don't include the changes into that file... I create the MR. It would be **wrong** and you would ask me to add the changes on that file in the branch? – eftshift0 Jul 05 '21 at 13:25
  • what about move the config into github actions **secrets**? – Lei Yang Jul 05 '21 at 13:26
  • @eftshift0 thanks for the answer. Yes, we want to _discard the change for this specific file when merging_, the developer should be able to change it on his branch, but should not merge changes for that 1 specific file in the `main` branch. – kutsyk Jul 05 '21 at 13:28
  • @LeiYang thanks for the answer. We don't use GitHub actions, we have our custom app running in AzureDevOps which is checking PR code based on the content of `.example-conf` configuration file. – kutsyk Jul 05 '21 at 13:29
  • but when you say `in their branch`, you mean _locally_? That's fine. Developers will be able to modify the file locally, but git won't care for changes on the file. – eftshift0 Jul 05 '21 at 13:32
  • @eftshift0 in their branch, I mean a feature branch. Which then is pushed remotely and PR created to be merged. At the moment of the merge to the `main` branch. Changes to a specific file in the `feature` branch should be ignored, and content of the file in the `main` branch should be unchanged – kutsyk Jul 05 '21 at 13:35
  • @kutsyk did you manage to find a solution in the end? – akds Aug 31 '22 at 16:01

2 Answers2

3

Github allows you to add an extra layer of security by using code owners. This feature can be enabled by adding the Require pull request reviews before merging branch protection rule and then enable Require review from Code Owners Additionally you have to add a code owners file that specifies who is the code owner of the .example-conf. e.g.

conf/*.conf    i.am@the.owner

For further information see Introducing Code Owners

Michael Mairegger
  • 6,833
  • 28
  • 41
  • Thanks for the answer, in this case **code owner** will be a manual check, but it won't automatically remove changes from the file. We need changes this specific file to be ignored during merge – kutsyk Jul 05 '21 at 13:32
1

From what I understand, these are things you want :

  1. No one can change .conf in main branch.
  2. They can change .conf in branches other than main branch.

You can write a pre-commit hook that aborts the commit if .conf file is changed in main branch. To make a pre-hook, you can write a shell script like :

#!/bin/sh

branch="$(git rev-parse --abbrev-ref HEAD)"

if [ "$branch" = "main" ]; then
  if [ "$(git diff --exit-code .conf)" = "1" ]; then
    echo "Cannot change .conf file in main branch. Aborting commit..."
    echo "Unstage .conf to commit."
    exit 1
  fi
fi

Save this script as pre-commit. Make it executable by using

chmod +x pre-commit

Save/Move this executable in .git/hooks/directory.

This will not allow anyone to change .conf in main branch. However, if you do want to change the .conf in main branch, then you need to pass a --no-verify flag with git commit. This would bypass the hook and will not give error when you change .conf in main and commit it.

Alternative: Branch specific .gitignore

See this answer .You can have a work-around to have branch specific .gitignores. This would mean that a person can change his .conf in local repository feature branch but the changes wont be pushed to remote feature branch. Thus the PR from feature -> main wont have the changes made in .conf.

Jdeep
  • 1,015
  • 1
  • 11
  • 19
  • Thank you for your answer. But with these 2 solutions, this applies only to a local repository. We have 20 devs working on the same code base, and we need to ensure that the file is immutable in the `main` branch. I've tested your approaches, but they don't give desired results – kutsyk Jul 06 '21 at 12:14
  • @kutsyk, Also note, : Its not enough to just paste the hooks in your local machine and push it to Github. In this case, the hooks would work only for you and not the other collaborators.. All your collaborators must have these hooks in their local machine (`.git/hooks`) too. – Jdeep Jul 06 '21 at 16:00