How can we implement server-side hooks, or any similar solution, to restrict git push into git server?
For example, we want to disable push of commits containing *.class files.
Azure devops - server-side git hooks
Asked Answered
I don't think Azure DevOps uses hooks.
You can use Branch Policies to make use of an external validation service (as I understand it this uses web hooks).
Additional: the status of this User Voice request indicates the above is the official answer.
But maybe the simple case would be .gitignore and code reviews?
Azure DevOps does have services hooks - learn.microsoft.com/en-us/azure/devops/service-hooks/services/… Branch Policies it only to merge between branches, not for each push. –
Pontiff
As I understand, branch policies enables applying restrictions to disable direct push without pull requests. But I can't find a way to inspect commits metadata and content. –
Spanner
About service hooks - I understand I can subscribe to push events, but only for notification purpose. Is the push event cancelable? –
Spanner
@Spanner Azure DevOps has web hook support for various things, these are push only. Branch policies also allow external validation service which does allow a response. –
Whisker
Hi @Richard, sorry, I really need more guidance. Can you explain how I can use branch policies to restrict push of commits according to their content? Thanks! –
Spanner
@Spanner You will need to implement a service to host the logic. This will mean deployment to a point reachable from Azure DevOps. There is nothing inbuilt. –
Whisker
For anyone also searching for the feedback since Uservoice has been closed: developercommunity.visualstudio.com/idea/365841/… Please vote on this to make MS aware at least... –
Clone
The branch policies offer really only the policy part. The policy is based on a status pushed by the external service to the PR, using Status API. The external service may be called using a service hook, or it might be called from a pipeline that is configured to run as part of the PR validation, i.e. as yet another branch policy. The latter may enable more granular application of the policy without assistance of the external service itself. learn.microsoft.com/en-us/azure/devops/repos/git/… –
Cabasset
What I do is using build option together with policies in Azure DevOps. This is my azure-pipelines.yml file:
---
trigger:
branches:
exclude:
- '*'
pool:
vmImage: 'ubuntu-latest'
steps:
- script: sudo apt-get install python3-pip
displayName: 'Install Python PIP'
- script: sudo apt-get install python3-setuptools
condition: succeeded()
displayName: Install Python SetupTools
- script: sudo pip3 install -r requirements.txt
condition: succeeded()
displayName: Install Python PIP Packages
- task: PythonScript@0
inputs:
scriptSource: filePath
scriptPath: hooks/lint_checker.py
pythonInterpreter: python3
condition: succeeded()
displayName: Lint Checker
Use branch policies and set merge only with PR, after that direct push to the branch will be disabled, you can skip these policies for certain users (build users or admins)
I use this solution, that work properly and automatically for all users.
A combination of local git hooks and Pre-Build events in the csproj that check if there is a pre-commit hook in the .git\hooks
and if not, copy it from hooks folder that placed in the repo
Implementation:
In my repo there is hooks folder that contains 2 files:
- setup-hooks.bat
- pre-commit
the setup-hooks:
@echo off
echo Current location is: %cd%
:: Check if the .git/hooks directory exists
if not exist .git\hooks mkdir .git\hooks
:: Copy your hook scripts to the .git/hooks directory
copy hooks\pre-commit .git\hooks\pre-commit
echo Git hooks have been set up.
In the pre build event, I called to the setup-hooks.bat:
This can be achieved with a branch policy with a path filter on it. You could add a build pipeline with some powershell that returns a failed exit code.
© 2022 - 2025 — McMap. All rights reserved.
.gitignorefile. – Pontiff