限制git 库master 分支的non-fast-forward 提交

      有个需求是git 代码服务器不对开发人员开放ssh 登录管理权限,并且master 分支只能接受fast forward 提交(只能向前提),不能强制覆盖master 分支,以防意外删除或者破坏master 分支的代码。

      如果只是这个需求,在git 服务器上做如下配置即可:

       git config --system receive.denyNonFastForwards true

但是这个配置也会影响到各个开发者自己的开发分支,也无法强制覆盖,导致有时和master 同步的时候很不方便;查了一下资料,需要用git hook脚本来解决:

 

参考资料: 

https://git-scm.com/book/zh/v2/%E8%87%AA%E5%AE%9A%E4%B9%89-Git-Git-%E9%92%A9%E5%AD%90

另外查了资料,找了一个参考代码:

https://stackoverflow.com/questions/11499820/how-can-i-prevent-non-fastforward-pushes-to-selected-branches-in-git

做了一下修改,修改如下,经验证可以正常使用满足上面需求,贴出来,供需要的人员参考:


#!/bin/sh
#
# A hook script to block non-fast-forward updates for branches that haven't
# been explicitly configured to allow it. Based on update.sample.
# Called by "git receive-pack" with arguments: refname sha1-old sha1-new
#
# --- Command line
refname="$1"
oldrev="$2"
newrev="$3"

# --- Safety check
if [ -z "$GIT_DIR" ]; then
        echo "Don't run this script from the command line." >&2
        echo " (if you want, you could supply GIT_DIR then run" >&2
        echo "  $0 <ref> <oldrev> <newrev>)" >&2
        exit 1
fi

if [ -z "$refname" -o -z "$oldrev" -o -z "$newrev" ]; then
        echo "Usage: $0 <ref> <oldrev> <newrev>" >&2
        exit 1
fi

# --- Check types
# if $newrev is 0000...0000, it's a commit to delete a ref.
zero="0000000000000000000000000000000000000000"
if [ "$newrev" = "$zero" ]; then
        newrev_type=delete
else
        newrev_type=$(git cat-file -t $newrev)
fi

# branch
branch=${refname##refs/heads/}
 
case "$refname","$newrev_type" in
        refs/tags/*,commit)
                # un-annotated tag
                ;;
        refs/tags/*,delete)
                # delete tag
                ;;
        refs/tags/*,tag)
                # annotated tag
                ;;
        refs/heads/*,commit)
                # git rev-list doesn't print anything on fast-forward updates
                if test $(git rev-list "$newrev".."$oldrev"); then
                        echo $branch, $newrev, $oldrev
 
                        if [ "$branch" == "master" ]; then
                                echo "hooks/update: Non-fast-forward updates are not allowed for branch $branch"
                                exit 1
                        fi
                fi
                ;;
        refs/heads/*,delete)
                # delete branch
                if [ "$branch" == "master" ]; then
                    echo "can't delete branch: $branch"
                    exit 1
                fi
				;;
        refs/remotes/*,commit)
                # tracking branch
                ;;
        refs/remotes/*,delete)
                 # delete branch
                if [ "$branch" == "master" ]; then
                    echo "can't delete branch: $branch"
                    exit 1
                fi
                ;;
        *)
                # Anything else (is there anything else?)
                echo "hooks/update: Unknown type of update to ref $refname of type $newrev_type" >&2
                exit 1
                ;;
esac

# --- Finished
exit 0

 


以上文件放到 git server的代码  proj.git/hooks/ 的update 文件里面,并且chmod +x update 使其可执行

 

另外如果需要对多个branch做non-fast-forward限制,可以用参照

https://stackoverflow.com/questions/11499820/how-can-i-prevent-non-fastforward-pushes-to-selected-branches-in-git

对该git库做局部server 的branch配置,具体如下

A. 在server 上cd  your-prj.git

B.  对需要限制的branch进行配置:

git config --bool hooks.branch.Your-Branch.denyNonFastForwards true

C.  在 $branch" == "master" 地方修改为如下

deny=$(git config --bool hooks.branch."$branch".denyNonFastForwards)

if ["$deny" == "true"]; then

....

 

以上,供需要的朋友参考。

2019.8.8

 

 

 

 

 

 

  • 1
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值