We are running Stash 3.7. We protect the master branch in all our repositories using branch permissions. We are also using standard Git hooks (we use the update hook) to enforce various conditions such as commit message formats, user names with email address known to Stash, ... We validate that all branch names begin with a Rally ID (story id or defect id). Our branch permissions allow any authenticated user to push a branch that is named US* or DE*.
If a user tries to push a branch that does not meet this requirement, they get an error message from the pre-receive hook that enforces branch permissions:
remote: You have insufficient permissions to update 'refs/heads/invalid-branch-name'
remote: Check your branch permissions with the project administrator
! [remote rejected] master -> invalid-branch-name (pre-receive hook declined)
error: failed to push some refs to 'http://stash.chotel.com:8080/scm/ips/ips-atms'
This message, while clear enough to the experienced developer, results in several emails asking for access to Stash. We implemented a Git update hook that checks the branch name and issues a very explicit message:
remote: branch-name-verifier: (refs/heads/invalid-branch-name) branch name is NOT valid
remote: Branch names must include a Rally ID prefix followed by a dash or underscore
remote: followed by a brief description of the branch.
remote: Your branch name "invalid-branch-name" does not match this pattern.
Unfortunately, the message is only issued if the user has permissions to push code to any branch (such as administrators, and users authorized to merge branches to master). From our experience, the order of hook execution is pre-receive hooks followed by Git hooks.
Given that we want control of the error message issued for unacceptable branch names, what is the best approach?
Is there a file we can drop our custom message into? would be nice to provide our own message for branch permissions rejections.
If not, can we inject our Git update hook into the pre-receive chain of processing? If so, how?
If not, and if we write our own pre-receive hook in Java, how do we guarantee that it will be fired BEFORE branch permissions are checked?
Bitbucket Pipelines helps me manage and automate a number of serverless deployments to AWS Lambda and this is how I do it. I'm building Node.js Lambda functions using node-lambda ...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot