Here are hooks for an integration bare repository.
The repository is intended to be reached via HTTP(s) only and the access is filtered by the REMOTE_USER env var.
As post-receive notification system, the script suggested at http://www.fclose.com/1473/setting-up-git-commit-email-notification/ has been chosen.
| #!/usr/bin/env bash | |
| # -------------------------------------------------------------# | |
| # Avoid push in master and deletes except for allowed users # | |
| # -------------------------------------------------------------# | |
| # Sergio Vaccaro <sergio.vaccaro@istat.it> | |
| # Inspired by https://github.com/github/platform-samples/blob/master/pre-receive-hooks/block_branch_names.sh | |
| # | |
| # Pre-receive hook that will | |
| # - block any push 'master', | |
| # - block deletes | |
| # if the REMOTE_USER isn't an integration manager. | |
| # | |
| # Configuration | |
| protected_branch="master" | |
| zero_commit="0000000000000000000000000000000000000000" | |
| # Integration managers (array) | |
| IM[1]=sergio | |
| # Integration managers can push everywhere | |
| if [[ "${IM[@]}" =~ "${REMOTE_USER}" ]]; then | |
| exit 0; | |
| fi | |
| # Verify the operation | |
| while read oldrev newrev refname; do | |
| # Check for deletes | |
| if [[ "$newrev" == "$zero_commit" ]]; then | |
| echo "[POLICY] Deleting branches is allowed to the integration manager(s) only" | |
| exit 1 | |
| fi | |
| # Check if the branch name is the $protected_branch | |
| if [[ "$refname" == "refs/heads/${protected_branch}" ]]; then | |
| echo "[POLICY] Push on ${protected_branch} is allowed to the integration manager(s) only" | |
| exit 1 | |
| fi | |
| done | |
| exit 0 |