I need to pitch an Enterprise level code management system. This system
needs to have some fairly strict read-only vs. read/write requirements
based on environment.
I first asked this question in Stack Overflow
but I need to flesh out additional details...
Posit three environments identified by their subdomains: DEV.example.com,
TEST.example.com, and PROD.example.com.
- The three subdomains have firewalls between them, and cross-domain
access is the exception, not the rule.
- DEV is the only subdomain that is allowed to push code to a central
- TEST and PROD MUST <https://www.ietf.org/rfc/rfc2119.txt> be pull
only. Repositories MUST NOT be modifiable from these subdomains.
- Include the possibility that developers and testers may be the same
people, so user-based access control to a single git repository won't
The solution that I came up with use two repository servers:
git.DEV.example.com and git.PROD.example.com.
- Projects in git.DEV.example.com include
- Project directories owned by git:<group>.
- Group-based access control via "git init --shared=group
- Push control set with "git remote add -t master -m master
--mirror=push gitPROD ssh://g...@git.prod.example.com/path/to/project.git
- The "git push gitPROD" command in hooks/post-update.
- git-web installed, but push access via SSH only. (WebDAV probably
wouldn't be approved by security.)
- Matching projects in git.PROD.example.com would include
- Project directories owned by git:git.
- Access control via "git init --bare --shared=0644
- git-web installed, and read access available via http. Firewall
modifications would be made to allow http GET access from anywhere in
TEST or PROD.
So, a developer has a git repository in their local workspace. When they're
happy with their code, in whatever branch they're on, they push to
git.DEV.example.com as their central repository in DEV. When that push
happens, git.DEV.example.com automagically pushes the MASTER branch ONLY up
to git.PROD.example.com. (If MASTER isn't changed, existing "no changes to
push" results are fine.)
Here are my questions:
- Am I missing a substantially easier solution?
- For "--shared=group" is the group membership of the .git directory the
relevant group? I think so, but I would appreciate verification.
- When the post-update script fires, who is the initiating user?
- Is it the developer pushing to the repository?
- Is it the user associated with the .git directory?
- I need to know what user is launching the "git push gitPROD" in
order to allow/limit access on git.PROD.example.com.
You received this message because you are subscribed to the Google Groups "Git
for human beings" group.
To unsubscribe from this group and stop receiving emails from it, send an email
For more options, visit https://groups.google.com/d/optout.