Page MenuHomePhabricator

Add policy support to hosted repositories for allowing pushing branches or tags
Closed, ResolvedPublic

Description

On some repos, we'd like to prevent users from pushing new branches.

Event Timeline

swisspol raised the priority of this task from to Needs Triage.
swisspol updated the task description. (Show Details)
swisspol added a subscriber: swisspol.

Can you use a Herald rule like this?

For: Commit Hook: Branches/Tags/Bookmarks
Type: Global

When [ all of ] these conditions are met:
[ Ref type ][ is ] [ branch ]
[ Ref change type ] [ has bit ] [ change creates ref ]
[ Repository ][ is any of ] [ X, Y, Z ]
[ Pusher's projects ] [ do not include ] [ super ultra trusted users who are great at git ]

Take these actions: 
[ Block change with message ] [ You aren't allowed to push new branches to this repository. ]

The "Pusher's projects" rule could be some other qualifier (e.g., only administrators, etc).

The "repository" rule could be something like [ Repository's projects ] [ include ] [ no branch pushes ] instead, then you can add that project to all the repositories you want to enforce this rule for.

Oooooh. Nice.

The "Pusher's projects" rule could be some other qualifier (e.g., only administrators, etc).

How does this work? It looks like I can only use projects, not "Administrators"?

Oh, I suppose there's actually no way to specify "Administrators", per se, right now. We could maybe add one after T8726 wraps up.

T8644 also discusses writing a "recipe book" for Herald, since there are a lot of things like this which it's powerful enough to do but where the pathway isn't necessarily obvious.

swisspol closed this task as Resolved.Jul 15 2015, 5:59 PM
swisspol claimed this task.

Got it, thanks!