Not Allowing Modifications to a File — GITLAB CE

Pedro E.
Oct 16, 2020

--

Sometimes you do not want devs to modify some files in your GIT repo, such as config files, CI/CD files, whatever.. To do that GITLAB EE (Paid version) has an option in the repo/general level but GITLAB CE (Community Edition) does not. We can achieve that in a easy way, by adding a file to our Self Hosted Community Edition Gitlab Server.

Go to your server and find your “git-data” folder.

~/git-data/repositories/GROUP_NAME/REPO_NAME.git/

Here we need to create a folder called “custom_hooks” .

Access the new folder and add a file inside it with the name update.

We are going to use an example to not allow modifications to the “gitlab-ci.yml” file.

Copy the following content to the file.

#!/bin/bash

refname=”$1"
oldrev=”$2"
newrev=”$3"
result=0

if ! [ “$oldrev” = “0000000000000000000000000000000000000000” ] ; then
excludes=( ^$oldrev )
else
excludes=( $(git for-each-ref — format ‘^%(refname:short)’ refs/heads/) )
fi

commits=`git rev-list $newrev “${excludes[@]}”`

for commit in $commits
do
fileci=`git show — pretty=”” — name-only $commit|grep gitlab-ci`
if [ “$fileci” != “” ] ; then
echo “####################################################################################”
echo “Error: THE FILE GITLAB-CI.YML MUST NOT BE UPDATED !!”
echo “CHECK WITH THE GITLAB ADMINISTRATOR IF YOU WISH SO”
echo “####################################################################################”
result=1
fi

done

exit $result

So here everytime someone tries to push commits to gitlab that contains this specific file with the name gitlab-ci an error will be show to the user not allowing that push.

--

--