One way to do that is to set a pre-commit hook on your local machine, and check for the presence of said file among the staged files :
# .git/hooks/pre-comit :
#!/bin/bash
forbidden=$(git diff --cached --diff-filter=ACMR -- forbidden/file)
if [ -n "$forbidden" ]; then
echo "*** rejecting commit, file '$forbidden' is present" >&2
exit 1
fi
One major benefit is : you (or other users) are informed right now that this file should not be committed, rather than later when the push is rejected.
Downsides are :
- this hook must be installed once per clone of your repo
- a user can skip that hook (uninstall it manually, modify the hook script, or run
git commit -n to skip pre-commit and commit-msg hooks)
If you need to be 100% positive this file does not reach the central repo, one way to prevent this is indeed to set a pre-receive hook, but this hook must be set on the server.
You tagged your question gitlab, here is the documentation page to set such a hook :
https://docs.gitlab.com/ee/administration/server_hooks.html
You need to access your gitlab's install filesystem (e.g : ssh to gitlab's server with the admin account), and set the pre-receive hook in the appropriate project(s).
Note that, since a user can push a whole branch (or even several branches) in one go, you should check the presence of said file in all new commits pushed to the server, not just the tip of each branch.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
