Is there a way to prevent force push into a branch or repository?
是否有一种方法可以阻止强制进入分支或存储库?
I want to stop important branches from having their history rewritten either accidentally or intentionally. How do people deal with this in larger development teams?
我想阻止重要分支无意中或有意地改写它们的历史。在大型开发团队中,人们如何处理这个问题?
Ideally, in my view, would possible to lock few branches per repository, and prevent everyone, other than the repository owner from doing a force push into them.
在我看来,在理想的情况下,每个存储库可以锁住几个分支,并防止除存储库所有者之外的所有分支进入它们。
2 个解决方案
#1
32
This is easy to do with Git with a pre-receive hook. Of course, this requires that you are actually able to install hooks, and for obvious reasons, GitHub doesn't allow you to upload arbitrary executable files to run on their servers :-)
这很容易与Git一起使用预接收挂钩。当然,这要求您实际上能够安装钩子,而且由于明显的原因,GitHub不允许您上传任意可执行文件,以便在其服务器上运行:-)
In general, the workflow with Git or really any distributed version control system, is that you don't allow other people to push to your repository. Instead, you pull from theirs. This requires a much lower level of trust. So, this would be workaround number 1: don't let them push, have them fork and then pull from them. That way, you can control what goes into your repository.
一般来说,使用Git或任何分布式版本控制系统的工作流是不允许其他人推入您的存储库。相反,你从他们的车里抽。这需要更低水平的信任。所以,这将是一个解决方案1:不要让他们推,让他们用叉子然后从他们身上拉。这样,您就可以控制进入存储库的内容。
Another workaround would be to set up your own staging repository on a server you own, where you can install your own Git hooks. You can configure a pre-receive hook which denies pushing if it's not a fast-forward and post-receive hook which automatically forwards all pushes to GitHub. Of course, this means that you lose many of the benefits of using GitHub in the first place.
另一个解决方案是在自己的服务器上设置自己的staging存储库,在那里可以安装自己的Git hook。您可以配置一个预接收钩子,如果不是一个快进和后接收钩子,则拒绝推送。当然,这意味着您首先会失去使用GitHub的许多好处。
As a third workaround, you could use multiple repositories. This is a combination of the two other approaches: have one repository that your collaborators can push to and another one that only you have access to, that you pull into from the first repository.
作为第三个工作区,您可以使用多个存储库。这是另外两种方法的组合:有一个存储库,您的协作者可以推动另一个存储库,而另一个存储库只有您可以访问,从第一个存储库中提取。
At any rate, you should file a feature request with GitHub (especially if you are a paying customer!) since this seems to be a useful feature.
无论如何,您应该向GitHub提交一个特性请求(特别是如果您是付费用户!),因为这似乎是一个有用的特性。
#2
16
GitHub announced the "protected branches" feature:
GitHub发布了“受保护的分支”功能:
[...] a new feature called Protected Branches which gives repository administrators the ability to disable force pushes to specific branches. [...] go to the Branches tab in repository settings and protect branches.
[…一个新的特性叫做受保护分支,它使存储库管理员能够禁用对特定分支的强制推送。[…转到存储库设置中的branch选项卡并保护分支。
Source: https://github.com/blog/2051-protected-branches-and-required-status-checks
来源:https://github.com/blog/2051-protected-branches-and-required-status-checks
#1
32
This is easy to do with Git with a pre-receive hook. Of course, this requires that you are actually able to install hooks, and for obvious reasons, GitHub doesn't allow you to upload arbitrary executable files to run on their servers :-)
这很容易与Git一起使用预接收挂钩。当然,这要求您实际上能够安装钩子,而且由于明显的原因,GitHub不允许您上传任意可执行文件,以便在其服务器上运行:-)
In general, the workflow with Git or really any distributed version control system, is that you don't allow other people to push to your repository. Instead, you pull from theirs. This requires a much lower level of trust. So, this would be workaround number 1: don't let them push, have them fork and then pull from them. That way, you can control what goes into your repository.
一般来说,使用Git或任何分布式版本控制系统的工作流是不允许其他人推入您的存储库。相反,你从他们的车里抽。这需要更低水平的信任。所以,这将是一个解决方案1:不要让他们推,让他们用叉子然后从他们身上拉。这样,您就可以控制进入存储库的内容。
Another workaround would be to set up your own staging repository on a server you own, where you can install your own Git hooks. You can configure a pre-receive hook which denies pushing if it's not a fast-forward and post-receive hook which automatically forwards all pushes to GitHub. Of course, this means that you lose many of the benefits of using GitHub in the first place.
另一个解决方案是在自己的服务器上设置自己的staging存储库,在那里可以安装自己的Git hook。您可以配置一个预接收钩子,如果不是一个快进和后接收钩子,则拒绝推送。当然,这意味着您首先会失去使用GitHub的许多好处。
As a third workaround, you could use multiple repositories. This is a combination of the two other approaches: have one repository that your collaborators can push to and another one that only you have access to, that you pull into from the first repository.
作为第三个工作区,您可以使用多个存储库。这是另外两种方法的组合:有一个存储库,您的协作者可以推动另一个存储库,而另一个存储库只有您可以访问,从第一个存储库中提取。
At any rate, you should file a feature request with GitHub (especially if you are a paying customer!) since this seems to be a useful feature.
无论如何,您应该向GitHub提交一个特性请求(特别是如果您是付费用户!),因为这似乎是一个有用的特性。
#2
16
GitHub announced the "protected branches" feature:
GitHub发布了“受保护的分支”功能:
[...] a new feature called Protected Branches which gives repository administrators the ability to disable force pushes to specific branches. [...] go to the Branches tab in repository settings and protect branches.
[…一个新的特性叫做受保护分支,它使存储库管理员能够禁用对特定分支的强制推送。[…转到存储库设置中的branch选项卡并保护分支。
Source: https://github.com/blog/2051-protected-branches-and-required-status-checks
来源:https://github.com/blog/2051-protected-branches-and-required-status-checks