How can I allow merging to master only from testing branch?

Question

I have a master branch and a testing branch. I push some stuff to testing and when everything is okay and tested, I merge testing branch to the master. Is there a way to create such a server hook which forbids pushing commits to master which are not merge commits from testing branch? It seems to me that it is impossible because pre-receive hook does not contain information about where the commit is coming from (what branch).

Answer 1

You are correct, it is impossible in general. It's worse than not having information about where a commit comes from, because commits don't come from branches: they just exist. A git push request consists of two parts, the first being transferring over any commits and other objects, and the second—the part you can write a hook for—being please-or-forcefully set this set of names to point to that set of commits hash IDs.

Consider, for instance, what happens if I, on my system, do:

git checkout $hash1
git merge $hash2
git push your-server HEAD:refs/heads/master

I have made my merge commit on no branch, using no branches. I send this commit to your server and ask your server to set your server's master to point to this commit.

With that said, you can put constraints into a pre-receive hook to help people avoid mistakes. You can't fix all cases, but you can catch some obvious ones. I have an example of a fancy set of pre-receive hooks here. Pay particular attention to the merges_from function and its callers. These use the names currently stored on the server, so anyone with appropriate permissions on the intermediate branches can use a sequence of two or more git push commands to defeat the intent of the hook. However, if users are just doing their work in the ordinary way, and you have configured everything as outlined in comments, only those users listed as "maintainers" can add commits to master without first pushing them to some staging or testing branch.

Modern hosting servers such as GitHub have similar (but much fancier) rules that allow you to require passing some sort of continuous-integration (e.g., Travis) tests before merges are allowed.