I'm Looking for a way to create a pre-receive hook for git repo hosted on gitlab/github.
Hosted git solutions do not support these server-side hooks and I'm looking for a way to mitigate it under these requirements:
- Keep the service hosted and managed in the cloud - not running my own git server on-premises.
- Allow users to use HTTPS and SSH to interact with their repo
What I thought about, and led to a dead end.
- Running a lean git server that upon push, mirror the remote repo, gets the push and runs
pre-receive, then propagates the push to the real remote. The problem with this approach is keeping the author name on the real repo and security bypass (not all users can access all repos) - Searching for a git proxy that can do that - did not find anything.
- Run a proxy and inspect the content on the wire. It's a company-wide solution so HTTPS is possible by running man-in-the-middle as I control the root CA. No solution for SSH access.
The solution is intended to be deployed company-wide.
I am aware of the possibility of using local pre-commit with some global config and installing it on all workstations. Trying to avoid this solution as it raises issues when the user has its own pre-commit config, also workstations use a variety of OS versions (mac, linux, win) and different CLI tools/versions already installed.