Gitlab – custom pre-receive hook

As many of you I’m also using Gitlab to manage some of my projects. What I have recently been doing – was discovering how great it is to enable pipeline within your projects.

That have enabled me to install several runners and configure different stages of deployments for my repositories. While this all sounds cool it relies on single file called .gitlab-ci.yml

This would not be a big problem if not the fact that some of repositories have other developers working on it and potentially changing that file could present a security risk for my services/servers. So to overcome this I have come up with pre-receive hook that is now sort of ACL for my file unless secret commit message is included.

Installing

In repository create folder called *custom_hooks* i.e.

Then create file called *pre-receive* and apply permissions to it

Afterwards you can just select the language you are interested in programming your custom git hook – below is my Ruby attempt.

What it does it check if thr push is not by any chance unathorised change to our gitlab-ci.yml file.

You would be able to change this file if your commit message will be done with specific secret. But I leave this for ppl to adapt for their needs.

Script

 

I hope this will get you going and leave comments if you make some interesting changes to it 🙂

2 thoughts on “Gitlab – custom pre-receive hook

  1. Hi,
    Great post, I’m trying to achieve the exactly same thing, this is a good approach but how can I hide the secret code from the commit msg if every developer has access to it?

Leave a Reply

Your email address will not be published. Required fields are marked *