DEV Community

Pedro E.
Pedro E.

Posted on • Originally published at pedroe.Medium

Not Allowing Modifications to a File - GITLAB CE

Sometimes you do not want devs to modify some files in your GIT repo, such as config files, CI/CD files, whatever.. To do that GITLAB EE (Paid version) has an option in the repo/general level but GITLAB CE (Community Edition) does not.

We can achieve that in a easy way, by adding a file to our Self Hosted Community Edition Gitlab Server.

Go to your server and find your “git-data” folder.

~/git-data/repositories/GROUP_NAME/REPO_NAME.git/
Enter fullscreen mode Exit fullscreen mode

Here we need to create a folder called “custom_hooks” .
Access the new folder and add a file inside it with the name update.
We are going to use an example to not allow modifications to the “gitlab-ci.yml” file.

Copy the following content to the file.

#!/bin/bash

refname="$1"
oldrev="$2"
newrev="$3"
result=0

if ! [ "$oldrev" = "0000000000000000000000000000000000000000" ] ; then
    excludes=( ^$oldrev )
else
    excludes=( $(git for-each-ref --format '^%(refname:short)' refs/heads/) )
fi

commits=`git rev-list $newrev "${excludes[@]}"`

for commit in $commits
do
  fileci=`git show --pretty="" --name-only $commit|grep gitlab-ci`
  if [ "$fileci" != "" ] ; then
    echo "####################################################################################"
    echo "Error: THE FILE GITLAB-CI.YML MUST NOT BE UPDATED !!"
    echo "CHECK WITH THE GITLAB ADMINISTRATOR IF YOU WISH SO"
    echo "####################################################################################"
    result=1
  fi

done

exit $result

Enter fullscreen mode Exit fullscreen mode

So here everytime someone tries to push commits to gitlab that contains this specific file with the name gitlab-ci an error will be presented to the user not allowing that push.

Top comments (1)

Collapse
 
manishfoodtechs profile image
manish srivastava

Thanks