Sometimes you do not want devs to modify some files in your GIT repo, such as config files, CI/CD files, whatever.. To do that GITLAB EE (Paid version) has an option in the repo/general level but GITLAB CE (Community Edition) does not. We can achieve that in a easy way, by adding a file to our Self Hosted Community Edition Gitlab Server.
Go to your server and find your “git-data” folder.
~/git-data/repositories/GROUP_NAME/REPO_NAME.git/
Here we need to create a folder called “custom_hooks” .
Access the new folder and add a file inside it with the name update.
We are going to use an example to not allow modifications to the “gitlab-ci.yml” file.
Copy the following content to the file.
#!/bin/bash
refname=”$1"
oldrev=”$2"
newrev=”$3"
result=0if ! [ “$oldrev” = “0000000000000000000000000000000000000000” ] ; then
excludes=( ^$oldrev )
else
excludes=( $(git for-each-ref — format ‘^%(refname:short)’ refs/heads/) )
ficommits=`git rev-list $newrev “${excludes[@]}”`
for commit in $commits
do
fileci=`git show — pretty=”” — name-only $commit|grep gitlab-ci`
if [ “$fileci” != “” ] ; then
echo “####################################################################################”
echo “Error: THE FILE GITLAB-CI.YML MUST NOT BE UPDATED !!”
echo “CHECK WITH THE GITLAB ADMINISTRATOR IF YOU WISH SO”
echo “####################################################################################”
result=1
fi
doneexit $result
So here everytime someone tries to push commits to gitlab that contains this specific file with the name gitlab-ci an error will be show to the user not allowing that push.
