Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Committer verification #2770
Git and distributed version control have many benefits out of the box, but controlling access and workflows isn’t one of them. For example, without a Git management tool, a developer can push commits that others have written to the central repository.
This creates problems for organizations with strict security and compliance requirements.
BitBucket has added this feature.
And GitLab adds too.
From git point, I would recommend you to use gpg commit verification (allready implemented) that allow a "pusher" to push commit from another "commiter" and still be able to verify that the commit hasn't be tempered or that the identity of the commiter ins't falsify. This type of verification is totally decentralized and verification can also be done locally and is supported natively by git.
This solution, doesn't cover the part of only allowing to push commit from the logged user that maybe needed for your corporation (this would block cherry-pick and some git flow if enable).
If the gpg method doesn't fully comply with your need, gitea support server-side hook but those need to be added manually via git cli. More generaly, we could provide a way to apply predifined list of server-side hooks.
EDIT: it is also possible to edit the pre-receive hook via web interface.