Skip to content

Instantly share code, notes, and snippets.

@stefansundin
Last active June 9, 2024 13:02
Show Gist options
  • Save stefansundin/d465f1e331fc5c632088 to your computer and use it in GitHub Desktop.
Save stefansundin/d465f1e331fc5c632088 to your computer and use it in GitHub Desktop.
Git pre-push hook to prevent force pushing the master/main branch.
#!/bin/bash
# This script will install a Git pre-push hook that prevents force pushing the master/main branch.
# There are three variants that I have built:
# - pre-push: prevents force-pushing to master/main.
# - pre-push-2: prevents force-pushing to master/main depending on the remote (you need to edit the file!).
# - pre-push-3: prevents any type of pushing to master/main.
# Set the desired version like this before proceeding:
# FILE=pre-push
# Single repo installation:
# curl -fL https://gist.githubusercontent.com/stefansundin/d465f1e331fc5c632088/raw/install-pre-push.sh | sh -s ${FILE:-pre-push}
# Uninstall:
# rm .git/hooks/pre-push
# Global installation instructions:
# mkdir $HOME/.githooks
# git config --global core.hooksPath $HOME/.githooks
# curl -fL -o $HOME/.githooks/pre-push https://gist.githubusercontent.com/stefansundin/d465f1e331fc5c632088/raw/${FILE:-pre-push}
# chmod +x $HOME/.githooks/pre-push
# Uninstall:
# rm $HOME/.githooks/pre-push
GIT_DIR=`git rev-parse --git-common-dir 2> /dev/null`
echo
echo
if [ "$GIT_DIR" == "" ]; then
echo This does not appear to be a git repo.
exit 1
fi
if [ -f "$GIT_DIR/hooks/pre-push" ]; then
echo There is already a pre-push hook installed. Delete it first.
echo
echo " rm '$GIT_DIR/hooks/pre-push'"
echo
exit 2
fi
FILE=${1:-pre-push}
echo "Downloading $FILE hook from https://gist.github.com/stefansundin/d465f1e331fc5c632088"
echo
curl -fL -o "$GIT_DIR/hooks/pre-push" "https://gist.githubusercontent.com/stefansundin/d465f1e331fc5c632088/raw/$FILE"
if [ ! -f "$GIT_DIR/hooks/pre-push" ]; then
echo Error downloading pre-push script!
exit 3
fi
chmod +x "$GIT_DIR/hooks/pre-push"
echo "You're all set!"
echo "P.S. There is now a way to install this globally, see the instructions on the gist page."
exit 0
#!/bin/bash
# Prevents force-pushing to master/main.
# Install:
# cd path/to/git/repo
# curl -fL -o .git/hooks/pre-push https://gist.githubusercontent.com/stefansundin/d465f1e331fc5c632088/raw/pre-push
# chmod +x .git/hooks/pre-push
BRANCH=`git rev-parse --abbrev-ref HEAD`
PUSH_COMMAND=`ps -ocommand= -p $PPID`
if [[ "$BRANCH" =~ ^(master|main)$ && "$PUSH_COMMAND" =~ force|delete|-f ]]; then
echo
echo "Prevented force-push to $BRANCH. This is a very dangerous command."
echo "If you really want to do this, use --no-verify to bypass this pre-push hook."
echo
exit 1
fi
exit 0
#!/bin/bash
# Use this file to prevent force pushes only to specific remotes (e.g. work).
# You have to customize it below ("workorg/").
# Prevents force-pushing to master.
# Install:
# cd path/to/git/repo
# curl -fL -o .git/hooks/pre-push https://gist.githubusercontent.com/stefansundin/d465f1e331fc5c632088/raw/pre-push-2
# chmod +x .git/hooks/pre-push
ORIGIN="$1"
REMOTE_URL="$2"
BRANCH=`git rev-parse --abbrev-ref HEAD`
PUSH_COMMAND=`ps -ocommand= -p $PPID`
if [[ "$BRANCH" =~ ^(master|main)$ && "$PUSH_COMMAND" =~ force|delete|-f && "$REMOTE_URL" == *"workorg/"* ]]; then
echo
echo "Prevented force-push to $BRANCH. This is a very dangerous command."
echo "If you really want to do this, use --no-verify to bypass this pre-push hook."
echo
exit 1
fi
exit 0
#!/bin/bash
# Prevents any type of pushing to master/main.
# Install:
# cd path/to/git/repo
# curl -fL -o .git/hooks/pre-push https://gist.githubusercontent.com/stefansundin/d465f1e331fc5c632088/raw/pre-push
# chmod +x .git/hooks/pre-push
BRANCH=`git rev-parse --abbrev-ref HEAD`
if [[ "$BRANCH" =~ ^(master|main)$ ]]; then
echo
echo "Prevented push to $BRANCH."
echo "If you really want to do this, use --no-verify to bypass this pre-push hook."
echo
exit 1
fi
exit 0
@bilogic
Copy link

bilogic commented Jan 23, 2023

I ran the global installation as user a, but I could still commit master of a repo owned by user a with no errors.
I suppose this blocks only push?

@stefansundin
Copy link
Author

@bilogic Yes. For a pre-commit hook see https://gist.github.com/stefansundin/9059706.

I also no longer use the global install myself so I do not recommend it.

@bilogic
Copy link

bilogic commented Jan 24, 2023

@stefansundin i see thanks.

Here's what I understood:

  1. I have origin at /repository/origin
  2. I check out master to /repository/local
  3. This pre-push hook must exists at /repository/local/.git/hooks to have the desired effect
  4. But seems to me that it can also be removed by the person in control of /repository/local
  5. Is there a way to prevent a push from /repository/local into /repository/origin's master, controlled by the origin?

@stefansundin
Copy link
Author

@bilogic Correct, this hook is all local. GitHub has support for protected branches now, which you can use to prevent pushes to certain branches (they didn't have this feature back when I wrote this). https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/about-protected-branches

@bilogic
Copy link

bilogic commented Jan 24, 2023

@stefansundin I wanted to prevent a push without GitHub. Anyway, thanks!

@stefansundin
Copy link
Author

@bilogic You probably want a pre-receive hook if you have control over the server. I don't have a script ready for you so you are on your own. 😆

It would really have accelerated things if you posted more information up-front, but I guess we finally arrived at the solution. 😅

Good luck!

@jha-adrs
Copy link

jha-adrs commented Jun 9, 2024

Is there a way for this to work with husky

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment