GIT支持基于分支的用户授权 - 最佳实践或工具？ [英] GIT support for branch based user authorization - Best Practices or Tools?

问题描述

对于基于产品的GIT存储库，其中有分支机构进行维护，测试以及未来开发，我如何控制用户访问这些分支机构。通过访问，我的意思是，尽管其他人可能会从中读取它们，但它们不应该能够无意中推动对回购的更改。

例如，

b
$ b

  A  -  B  -  C  -  D  -  E  -  F  - >掌握
 | | | 
 V1 V2'exp 
 | 
 V2 
  

B是为分支V1使用的提交 - 用于发布该产品的版本。只有支持/维护工程师才能访问这个。

用于最近冻结的预发布产品V2'，并且应该只允许关键的显示限制器错误修复，因此只有特定的开发人员和测试团队才能访问到它。当V2从这个分支发布时，只有支持人员可以像V1那样访问它。

E用于分支测试未来V3的新功能 - 只有开发人员而不是支持人员应该访问它。

主更改应该仅由中央集成团队根据请求（类似于GitHub）进行合并。 / p>

使用git怎样才能达到上述目的？我记得看到gitosis和一些其他外部工具 - 这些对于使用git进行安全操作来说至关重要吗？还是有其他最佳做法？

谢谢。

已添加
Gitflow最佳实践分支模型

另一种限制对存储库（或分支甚至目录）的访问的经典方法是使用 gitolite （实际上是 gitosis ）。

您可以在那里（在 gitolite 配置文件中）定义您需要的任何用户组或回购组，

注意：2013年8月：

• Stash提供只读分支，


• 和 BitBucket应该尽快做到这一点
  

我们已经发布了可以通过资源库管理员分支管理屏幕进行配置的分支限制。

< a Assembla provide such such a a href =http://blog.assembla.com/assemblablog/tabid/12618/bid/96330/Put-Down-Your-Forks-Introducing-Protected-Branches.aspx =nofollow noreferrer>也是一种保护措施（自3月20日起）

GitHub 还没有此功能：

自2015年9月以来，GitHub具有该功能：请参阅 如何保护github中的master？ 。

For a product based GIT repository, wherein there are branches for maintenance, testing as well as future development, how do I control user access to these branches. By access, I mean that even though others may read from it, they should not be able to inadvertently push changes to the repo.

For example,

A - B - C - D - E - F -> master
    |   |       |
    V1  V2'     exp
        |
        V2

"B" is the commit used for Branch with tag V1 - meant for released version of the product. Only support/maintenance engineers should have access to this.

C is used for a recently frozen pre-release product V2' and should only allow critical show-stopper bug fixes, so only certain developers and the Testing team should have access to it. when V2 is released from this branch, only Support should access it as is the case with V1.

E is used for branching off for testing a new feature for future V3 - only developers and not Support should access it.

"master" changes should only be merged on a request basis (similar to say, GitHub) by a central integration team.

How can the above be achieved with git? I recall seeing gitosis and some other external tools - are these essential for secure operation with git or are there any other best practices?

Thanks.

ADDED Gitflow best practice branching model

解决方案

The other classic way to restrict push access to a repo (or a branch or even a directory) is by using gitolite (which actually is a big evolution of gitosis).

You can define there (in the gitolite config file) any group of users or group of repos you need and associate RW access rights.

---

Note: August 2013:

• Stash provides read-only branches,
• and BitBucket should do the same soon

We've released branch restrictions which can be configured via the repository admin "Branch management" screen.

Assembla provides such a protection as well (since March 2013).

GitHub doesn't have yet this feature:
GitHub has that feature since Sept. 2015: see "How to protect "master" in github?".

这篇关于GIT支持基于分支的用户授权 - 最佳实践或工具？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！