Add a security harness script and pre-push hook
During the development of security patches and releases, we want to ensure developers and release managers don't accidentally push to any remote other than dev.gitlab.org
.
I'm investigating adding a pre-push
hook to act as a safety harness that will prevent pushes to anything other than dev.
Example:
gitlab-ee rs-test-push % ./scripts/security-harness
Security harness installed -- you will only be able to push to dev.gitlab.org!
gitlab-ee rs-test-push % g remote -v
ce ../../gdk-ce/gitlab-ce (fetch)
ce ../../gdk-ce/gitlab-ce (push)
dev git@dev.gitlab.org:gitlab/gitlab-ee.git (fetch)
dev git@dev.gitlab.org:gitlab/gitlab-ee.git (push)
origin git@gitlab.com:gitlab-org/gitlab-ee.git (fetch)
origin git@gitlab.com:gitlab-org/gitlab-ee.git (push)
gitlab-ee rs-test-push % gp origin -n
Pushing to remotes other than dev.gitlab.org has been disabled!
Remove .git/security_harness to disable this check.
error: failed to push some refs to 'git@gitlab.com:gitlab-org/gitlab-ee.git'
gitlab-ee rs-test-push % gp dev -n
To dev.gitlab.org:gitlab/gitlab-ee.git
* [new branch] rs-test-push -> rs-test-push
gitlab-ee rs-test-push % ./scripts/security-harness
Security harness removed -- you can now push to all remotes
gitlab-ee rs-test-push % g pdo -n
To dev.gitlab.org:gitlab/gitlab-ee.git
* [new branch] rs-test-push -> rs-test-push
To gitlab.com:gitlab-org/gitlab-ee.git
* [new branch] rs-test-push -> rs-test-push