Ability to block push when deploying
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Description
A customer is requesting a way to prevent pushes during a deployment. The deploy page allows blocking web requests but pushes are still possible via SSH. It would be nice to have a way to block these pushes, whether tied to the deploy page (ideally) or via another mechanism.
There are certain times when an admin knows that having users access the system could be detrimental or they could hit errors and the overall user experience could be bad.
If an admin is doing a major upgrade where there are lots of migrations, and a user pushes during a certain time, they could receive an error, or their post receive job could fail because of the database state.
There are other cases where an admin may be doing some data migration or doing a restore, and any writes could be lost at a later time. For example, an admin has already made a final copy of data before the move to another disk. While copying the last bits of data and swapping configuration, a user pushes code and it writes to the old location. The admin finishes moving data and swaps the configuration to point to the new storage. The user's previous write is now lost.
This is also related to an existing request for a 'maintenance mode' where admins can access the system but others cannot make writes - https://gitlab.com/gitlab-org/gitlab-ce/issues/19739
@regisF @victorwu Is this of interest?
@jacobvosmaer-gitlab @rspeicher Do you think this would be doable? Difficult?