基于分支的用户授权的 GIT 支持 - 最佳实践还是工具?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/5097078/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
GIT support for branch based user authorization - Best Practices or Tools?
提问by rraheja
For a product based GIT repository, wherein there are branches for maintenance, testing as well as future development, how do I control user access to these branches. By access, I mean that even though others may read from it, they should not be able to inadvertently push changes to the repo.
对于基于产品的 GIT 存储库,其中有用于维护、测试以及未来开发的分支,我如何控制用户对这些分支的访问。通过访问,我的意思是即使其他人可能会读取它,他们也不应该无意中将更改推送到存储库。
For example,
例如,
A - B - C - D - E - F -> master
| | |
V1 V2' exp
|
V2
"B" is the commit used for Branch with tag V1 - meant for released version of the product. Only support/maintenance engineers should have access to this.
“B”是用于带有标签 V1 的分支的提交 - 表示产品的发布版本。只有支持/维护工程师才能访问它。
C is used for a recently frozen pre-release product V2' and should only allow critical show-stopper bug fixes, so only certain developers and the Testing team should have access to it. when V2 is released from this branch, only Support should access it as is the case with V1.
C 用于最近冻结的预发布产品 V2' 并且应该只允许关键的显示阻止错误修复,因此只有某些开发人员和测试团队应该可以访问它。当从这个分支发布 V2 时,只有支持人员应该像 V1 一样访问它。
E is used for branching off for testing a new feature for future V3 - only developers and not Support should access it.
E 用于分支以测试未来 V3 的新功能 - 只有开发人员而不是支持人员才能访问它。
"master" changes should only be merged on a request basis (similar to say, GitHub) by a central integration team.
“主”更改仅应由中央集成团队在请求的基础上(类似于 GitHub)合并。
How can the above be achieved with git? I recall seeing gitosis and some other external tools - are these essential for secure operation with git or are there any other best practices?
如何使用 git 实现上述目标?我记得看到 gitosis 和其他一些外部工具 - 这些对于使用 git 进行安全操作是必不可少的还是有其他最佳实践?
Thanks.
谢谢。
回答by VonC
The other classic way to restrict push access to a repo (or a branch or even a directory) is by using gitolite(which actually is a bigevolution of gitosis).
限制对存储库(或分支甚至目录)的推送访问的另一种经典方法是使用gitolite(这实际上是 的重大演变gitosis)。
You can define there (in the gitoliteconfig file) any group of users or group of repos you need and associate RWaccess rights.
您可以在那里(在gitolite配置文件中)定义您需要的任何用户组或存储库组并关联RW访问权限。
Note: August 2013:
注:2013 年 8 月:
We've released branch restrictions which can be configured via the repository admin "Branch management" screen.
我们已经发布了可以通过存储库管理员“分支管理”屏幕进行配置的分支限制。
Assembla provides such a protection as well(since March 2013).
Assembla 也提供了这样的保护(自 2013 年 3 月起)。
GitHubdoesn't have yet this feature:
GitHub has that feature since Sept. 2015: see "How to protect “master” in github?".
GitHub还没有这个功能:
GitHub 自 2015 年 9 月起具有该功能:请参阅“如何在 github 中保护“master”?”。
回答by rraheja
Put a server side commit hook that denies commits to whatever branches you need read-only or based on who the committer is.
放置一个服务器端提交钩子,拒绝提交到您需要只读的任何分支或基于提交者是谁。
For merging request work flow, we use a local install of Gitoriousand submit merge requests through its web interface and restrict the main-linerepository to your integration team, everyone else would work from server side clones and then push merge requests back to the main-line repository.
对于合并请求工作流程,我们使用本地安装的Gitorious并通过其 Web 界面提交合并请求并将main-line存储库限制在您的集成团队中,其他所有人将从服务器端克隆工作,然后将合并请求推回主线存储库.
With Gitorious you don't need the server side hooks, you just need to restrict access to the main-linerepository to only the people you want to be committer. Much simpler and easier to maintain.
使用 Gitorious,您不需要服务器端挂钩,您只需要将main-line存储库的访问权限限制为您想成为提交者的人。更简单,更容易维护。
