git -- locking master branch for some users?

Question

I would like to force other team-members to not work on the master-branch but on a development branch. we have a central git-repository where we push our work into. i would like to know if it's possible to block users from pushing changes to the master-branch but only allow certain users to do so.

I would like to have the following "workflow"

• development is always only done with a development-branch
• the release-manager is responsible for the master branch and only he is allowed to merge stuff from a development branch into the master and push it to the master-branch on the central repository to.

Is this possible and how can I achieve this?

Answer 1

See man githooks: In the shared repo, you can create a $(git rev-parse --git-dir)/hooks/pre-receive or $(git rev-parse --git-dir)/hooks/update script that verifies what your users are trying to push to which refs. Git comes with a update-paranoid example hook enforcing per-ref ACLs.

Answer 2

My low level approach would simply be to let the RM be the only one with SSH keys to push to the repository everyone else use as the master baseline. That way, nobody but the RM can push to master - yet everybody can work since they have their own local development branches and devs can share among themselves the branches they like.

The next step is to make a cooking pot tester for the things that will go into master soon. This pot is normally called next or dev. The idea is, that the more impact a branch has, the longer it cooks before a merge to master. This gives the RM full control over what branches should graduate and still gives everyone a heads-up.