Gitlab – custom pre-receive hook

As many of you I’m also using Gitlab to manage some of my projects. What I have recently been doing – was discovering how great it is to enable pipeline within your projects.

That have enabled me to install several runners and configure different stages of deployments for my repositories. While this all sounds cool it relies on single file called .gitlab-ci.yml

This would not be a big problem if not the fact that some of repositories have other developers working on it and potentially changing that file could present a security risk for my services/servers. So to overcome this I have come up with pre-receive hook that is now sort of ACL for my file unless secret commit message is included.

Installing

In repository create folder called *custom_hooks* i.e.

Then create file called *pre-receive* and apply permissions to it

Afterwards you can just select the language you are interested in programming your custom git hook – below is my Ruby attempt.

What it does it check if thr push is not by any chance unathorised change to our gitlab-ci.yml file.

You would be able to change this file if your commit message will be done with specific secret. But I leave this for ppl to adapt for their needs.

Script

 

I hope this will get you going and leave comments if you make some interesting changes to it 🙂

« »

© 2019 Automation Ninja's Dojo. Theme by Anders Norén.

%d bloggers like this: