Clever Geek Handbook

Git: unconditionally disallow check-out to another branch?

Is there a way to prevent a developer from checking out another branch? My problem is pretty simple: someone on my team keeps checking out another branch on a production environment, which of course can cause all problems with code that shouldn't end there or code that was there but disappeared after checking out.

I checked the list of possible git hooks here https://www.kernel.org/pub/software/scm/git/docs/githooks.html but I was unable to find any hook that might be useful in such a case.

Also, I found a similar question ( Prevent Checkout in Git ) where it was suggested to use a script instead of a command git checkout

in a workflow. But this really doesn't solve my problem, since I'm not even sure if the checkout is done manually by some developers without knowing git, or because of a misconfigured IDE, which, as a result of bad configuration and linking the local project to the remote, makes the checkout automatically, so the developer using it doesn't even know about it. In that case, even if I used scripts instead git checkout

, I would still have to disable the standard one git checkout

.

Does anyone know what is the solution for this? Or maybe a hook post-checkout

can be used for testing? It's still better than nothing.

+3


source to share


1 answer


In a distributed environment like Git, you can only enforce policy at the blissful server level (where all programmers need to go back). Not at the client level (where every programmer has cloned the repo and can checkout any branch they want)

For example, a simple policy:

  • dedicated repo for the prod branch
  • git config receive.denyNonFastForwards true

    installed on this repo will ensure that any push to prod will at least include the entire existing history of the prod branch, as well as some new commits.


This alone will make sure that any contributions to that branch are actually based on the specified branch.

A more complex policy would be an authorization level like gitolite , which protects a specific branch of the repo (or even a specific folder or file ), eliminating the need to isolate the production branch in its own repo.

+4


source






More articles:


All Articles