Skip to content

Send a copy of each commit to an immutable store

Hello,

A little bit of context, we work with a GitOps strategy (Flux + Helm) for a financial service company. One of our regulator requierment is to be able to audit each deployment (Basicly : who? / what? / when?) so in our case these informations are present in each commit. One of our pain point is that it's possible to re-write commit history (aka push --force) so it's not possible to base our audit system on gitlab/gitaly. (It's not a bad new !)

So we are looking for something able to "duplicate" each commit into a immutable store. We don't want to be able to rebuild the git repo from the immutable store just find some useful information from the commit hash.

We already have explore the "post-receive" hook but we have concern about performance and concurrency gestion.

Just in case, we use a self-hosted gitlab deployed via helm and we have a standalone gitaly pod (no praefect).

Do you have any guidance on how to achive this ?

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information