如何在中央“开发库”中配置只读分支? [英] How to configure read-only branches in a central "development repository"?
问题描述
我必须为受控git存储库的某些远程分支机构配置只读访问权限。
该方案如下:
对于我们的开发,我们有一个内部的开发库(sup)(1),它反映了一个外部存储库 。这个开发库定期更新( cron 作业中的 git remote update )。我们的开发发生在外部分公司的dev_ * derived 分支中,但是从不直接分配给外部分支:
添加工作流程功能转换为 master :
- 我们创建一个分支
dev_master 与master作为父项。 - John克隆存储库
development,签出dev_master,在其上工作,并定期推回到开发。 - 如果存储库
external获取master更新,那么master 在开发中(由于上面提到的cronjob),有人可以合并masterondev_master,所以我们与外部保持同步。
我们需要禁止John推送 master 的分支 development ,因此在从 external 定期更新后,他的更改不会丢失。
同样,原理图:
笔记
(1)我可以发现有些人称这个开发库为staging repository(例如,在我如何在git中设置临时存储库?,其中提供了非常类似的情况)
我禁止这些推送使用服务器端钩子。从 git help hooks :
预先接收
该钩子由远程仓库上的git-receive-pack调用,当在本地仓库上完成
a git push时发生。在开始更新
远程仓库中的refs之前,将调用预接收钩子。它的退出状态决定了
更新的成功或失败。
[...]
如果钩子以非零状态退出,参考将被更新。如果钩
退出零,更新
挂钩仍然可以防止更新单个参考。
[...]
勾码:
$ b
# !/ bin / bash
#读取远程仓库的分支
remote_branches = $(git ls-remote - heads | sed's,。* \(refs / heads / \),\ 1,)
函数forbid_push_to_remote_branches()
{
while read old_value new_value ref_name
do
#Test for exists of [$ ref_name]远程
for remote_branch in $ remote_branches
do
if [[$ remote_branch == $ ref_name]]
然后
invalid_refs =$ invalid_refs [ $ remote_branch]
break
fi
完成
完成
#如果发现远程只读分支,退出非零
#并列出这些分支
if [[ -n $ invalid_refs]]
然后
echo错误:您尝试推送到远程分支:>& 2
echo$ invalid_refs>& 2
返回1
else
返回0
fi
}
forbid_push_to_remote_branches
exit $?
必须将此代码复制到文件 $(bare_repo_path.git)/ hooks / pre-receive 在服务器中(没有 pre-receive.sample )。
I have to configure read-only access for some remote branches of a controlled git repository.
The scenario is as follows:
For our development, we have an internal "development repository" (1) that mirrors an "external repository". This "development repository" gets periodic updates (git remote update in a cron job). Our development takes place in branches "dev_*" derived from the external repositories, but never direct on the external branch:
The workflow for adding functionality to master:
- We create a branch
dev_masterwithmasteras parent. - John clones the repository
development, checks outdev_master, works on it, and pushes regularly back todevelopment. - If the repository
externalgetsmasterupdated, so ismasterindevelopment(due to the above mentioned cronjob), and someone can mergemasterondev_master, so we keep in sync withexternal.
We need to forbid John's pushes to the branch master of development, so his changes doesn't get lost after the periodic update from external.
Again, schematic:
Notes
(1) I could find that some people call this development repository "staging repository" (for example, in How do I setup a staging repository in git?, where a very similar situation has been presented)
I forbid these pushes using a Server-Side hook. From git help hooks:
pre-receive
This hook is invoked by git-receive-pack on the remote repository, which happens when a git push is done on a local repository. Just before starting to update refs on the remote repository, the pre-receive hook is invoked. Its exit status determines the success or failure of the update.
[...]
If the hook exits with non-zero status, none of the refs will be updated. If the hook exits with zero, updating of individual refs can still be prevented by the update hook.
[...]
The hook code:
#!/bin/bash
# Read the branches of the remote repository
remote_branches=$(git ls-remote --heads | sed "s,.*\(refs/heads/\),\1,")
function forbid_push_to_remote_branches()
{
while read old_value new_value ref_name
do
# Test for existence of [$ref_name] in remote
for remote_branch in $remote_branches
do
if [[ $remote_branch == $ref_name ]]
then
invalid_refs="$invalid_refs [$remote_branch]"
break
fi
done
done
# if remote read-only branches found, exit with non-zero
# and list these branches
if [[ -n $invalid_refs ]]
then
echo "ERROR: You are trying to push to remote branch(es):" >&2
echo " $invalid_refs" >&2
return 1
else
return 0
fi
}
forbid_push_to_remote_branches
exit $?
This code must be copied to the file $(bare_repo_path.git)/hooks/pre-receive in the server (there is no pre-receive.sample).
这篇关于如何在中央“开发库”中配置只读分支?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
