How to prevent push to master branch using python?

Question

I have written a pre-push hook in python which prevents push to the master branch partially. ie when in feature branch and given this command git push origin master ,the files are pushed.

In the below image when the head is in master branch, the push is prevented.

But when the head is in feature1 branch, the push to master is not prevented.

My code so far:

#!/usr/bin/env python

import sys
import re
from subprocess import check_output

branch = check_output(['git', 'symbolic-ref','--short','HEAD']).strip()
print('branch-name:',branch.decode('utf-8')) #this prints the current branch: feature (if in feature) 


if ((branch.decode('utf-8')) != 'master'):
    print('into if clause')
    print('push to remote successful')
    sys.exit(0)

else :
    print('into else clause')
    print('you are not allowed to push to the master branch')
    sys.exit(1)

I want to modify the code in such a manner that following commands must not be allowed(irrespective of the branch it is in): git push --force origin master ; git push --delete origin master ; git push origin master ; git co master ; git push --force origin . Thanks in advance.

Answer 1

If you are using free-plan on private repo in Github, you may not be able to use protected branch feature. So you need to block any push / commit from local.
Please keep in mind, it can be bypassed easily with --no-verify command.

I recommend you to do it using husky instead of python, since it is way easier I think..

This is what I did to make it work locally and distributed to all repo's members.

First of all, you need to install husky to control pre-commit and pre-push hook. Then, I made a pre-push bash script and commit it inside the repository. Then call this script from husky pre-push hook with husky parameter.

This is my husky configuration inside package.json (you can set separated config if you want)

"husky": {
    "hooks": {
        "pre-commit": "./commands/pre-commit",
        "pre-push": "./commands/pre-push $HUSKY_GIT_STDIN"
    }
},

as you can see I have 2 scripts, one for pre-push and one for pre-commit.

And this is my commands/pre-push bash script

#!/bin/bash

echo -e "===\n>> Talenavi Pre-push Hook: Checking branch name / Mengecek nama branch..."

BRANCH=`git rev-parse --abbrev-ref HEAD`
PROTECTED_BRANCHES="^(master|develop)"

if [[ $1 != *"$BRANCH"* ]]
then
  echo -e "\n🚫 You must use (git push origin $BRANCH) / Anda harus menggunakan (git push origin $BRANCH).\n" && exit 1
fi

if [[ "$BRANCH" =~ $PROTECTED_BRANCHES ]]
then
  echo -e "\n🚫 Cannot push to remote $BRANCH branch, please create your own branch and use PR."
  echo -e "🚫 Tidak bisa push ke remote branch $BRANCH, silahkan buat branch kamu sendiri dan gunakan pull request.\n" && exit 1
fi

echo -e ">> Finish checking branch name / Selesai mengecek nama branch.\n==="

exit 0

The script basically will do 2 things:

• This script will block anybody who tries to push to a certain branch (in my case I don't want anybody -including myself- to push directly to master and develop branch). They need to work in their own branch and then create a pull request.
• This script will block anybody who tries to push to a branch that is different from their current active branch. For example you are in branch fix/someissue but then you mistakenly type git push origin master .

For more detailed instructions you can follow from this article:
https://github.com/talenavi/husky-precommit-prepush-githooks