Branch protection, can still be pushed #10733

@wxiaoguang commented on GitHub (Apr 27, 2023):

Are you admin?

yes

~~yes, so you can bypass that rule. That's by design.~~

Update: maybe I read it wrong.

@wxiaoguang commented on GitHub (Apr 27, 2023): > > > > > Are you admin? > > yes ~~yes, so you can bypass that rule. That's by design.~~ Update: maybe I read it wrong.

GiteaMirror commented

@lunny commented on GitHub (Apr 27, 2023):

I cannot reproduce that.

I don't think the site admin can bypass that rule.

@lunny commented on GitHub (Apr 27, 2023): I cannot reproduce that. I don't think the site admin can bypass that rule.

GiteaMirror commented

@ghostman-git commented on GitHub (Apr 27, 2023):

我无法重现这一点。

我认为网站管理员无法绕过该规则。

你是管理员吗？

是的

~~是的，所以你可以绕过这条规则。这是设计使然。~~

更新：也许我看错了。

Are you admin?

yes

~~yes, so you can bypass that rule. That's by design.~~

Update: maybe I read it wrong.

Upgrade from previous version to v1.19.1

@ghostman-git commented on GitHub (Apr 27, 2023): > 我无法重现这一点。 > > 我认为网站管理员无法绕过该规则。 > > > > > > > > > > 你是管理员吗？ > > > > > > 是的 > > ~是的，所以你可以绕过这条规则。这是设计使然。~ > > 更新：也许我看错了。 > > > > > > > > > > Are you admin? > > > > > > yes > > ~yes, so you can bypass that rule. That's by design.~ > > Update: maybe I read it wrong. Upgrade from previous version to v1.19.1

GiteaMirror commented

@ghostman-git commented on GitHub (Apr 27, 2023):

I cannot reproduce that.

I don't think the site admin can bypass that rule.

Upgrade from previous version to v1.19.1

@ghostman-git commented on GitHub (Apr 27, 2023): > I cannot reproduce that. > > I don't think the site admin can bypass that rule. Upgrade from previous version to v1.19.1

GiteaMirror commented

@wxiaoguang commented on GitHub (Apr 27, 2023):

What's your app.ini config / local git repo config (remote) / push command? and what's the response?

And one more question, can you reproduce it with a new / clear installation?

@wxiaoguang commented on GitHub (Apr 27, 2023): What's your app.ini config / local git repo config (remote) / push command? and what's the response? ---- And one more question, can you reproduce it with a new / clear installation?

GiteaMirror commented

@ghostman-git commented on GitHub (Apr 28, 2023):

What's your app.ini config / local git repo config (remote) / push command? and what's the response?

And one more question, can you reproduce it with a new / clear installation?

app.ini

APP_NAME = Gitea: Git with a cup of tea
RUN_MODE = prod
RUN_USER = git

[repository]
ROOT = /data/git/repositories

[repository.local]
LOCAL_COPY_PATH = /data/gitea/tmp/local-repo

[repository.upload]
TEMP_PATH = /data/gitea/uploads

[server]
APP_DATA_PATH    = /data/gitea
DOMAIN           = 192.168.31.244
SSH_DOMAIN       = 192.168.31.244
HTTP_PORT        = 3000
ROOT_URL         = http://192.168.31.244:3000/
DISABLE_SSH      = false
SSH_PORT         = 22
SSH_LISTEN_PORT  = 22
LFS_START_SERVER = true
LFS_CONTENT_PATH = /data/git/lfs
LFS_JWT_SECRET   = 123
OFFLINE_MODE     = true

[database]
PATH     = /data/gitea/gitea.db
DB_TYPE  = mysql
HOST     = localhost:3306
NAME     = gitea
USER     = ****
PASSWD   = ****
LOG_SQL  = false
SCHEMA   = 
SSL_MODE = disable
CHARSET  = utf8mb4

[indexer]
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve

[session]
PROVIDER_CONFIG = /data/gitea/sessions
PROVIDER        = file

[picture]
AVATAR_UPLOAD_PATH            = /data/gitea/avatars
REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
DISABLE_GRAVATAR              = true
ENABLE_FEDERATED_AVATAR       = false

[attachment]
MAX_SIZE      = 3072
ALLOWED_TYPES = */*
PATH          = /data/gitea/attachments

[log]
ROOT_PATH        = /data/gitea/log
MODE             = file
LEVEL            = info
ROUTER           = file
ROUTER_LOG_LEVEL = file

[security]
INSTALL_LOCK        = true
SECRET_KEY          = 123
INTERNAL_TOKEN      = 123
PASSWORD_COMPLEXITY = off

[service]
DISABLE_REGISTRATION              = true
REQUIRE_SIGNIN_VIEW               = true
REGISTER_EMAIL_CONFIRM            = false
ENABLE_NOTIFY_MAIL                = true
ALLOW_ONLY_EXTERNAL_REGISTRATION  = false
ENABLE_CAPTCHA                    = false
DEFAULT_KEEP_EMAIL_PRIVATE        = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING       = true
NO_REPLY_ADDRESS                  = noreply.localhost

[oauth2]
JWT_SECRET = 123

[mailer]
ENABLED = true
HOST    = smtp.exmail.qq.com:465
FROM    = hxat@bjhxat.com
USER    = hxat@bjhxat.com
PASSWD  = ****

[openid]
ENABLE_OPENID_SIGNIN = false
ENABLE_OPENID_SIGNUP = false

git push

git push upstream/dev

Not tested yet, deploying testing

@ghostman-git commented on GitHub (Apr 28, 2023): > What's your app.ini config / local git repo config (remote) / push command? and what's the response? > > And one more question, can you reproduce it with a new / clear installation? 1. app.ini ``` APP_NAME = Gitea: Git with a cup of tea RUN_MODE = prod RUN_USER = git [repository] ROOT = /data/git/repositories [repository.local] LOCAL_COPY_PATH = /data/gitea/tmp/local-repo [repository.upload] TEMP_PATH = /data/gitea/uploads [server] APP_DATA_PATH = /data/gitea DOMAIN = 192.168.31.244 SSH_DOMAIN = 192.168.31.244 HTTP_PORT = 3000 ROOT_URL = http://192.168.31.244:3000/ DISABLE_SSH = false SSH_PORT = 22 SSH_LISTEN_PORT = 22 LFS_START_SERVER = true LFS_CONTENT_PATH = /data/git/lfs LFS_JWT_SECRET = 123 OFFLINE_MODE = true [database] PATH = /data/gitea/gitea.db DB_TYPE = mysql HOST = localhost:3306 NAME = gitea USER = **** PASSWD = **** LOG_SQL = false SCHEMA = SSL_MODE = disable CHARSET = utf8mb4 [indexer] ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve [session] PROVIDER_CONFIG = /data/gitea/sessions PROVIDER = file [picture] AVATAR_UPLOAD_PATH = /data/gitea/avatars REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars DISABLE_GRAVATAR = true ENABLE_FEDERATED_AVATAR = false [attachment] MAX_SIZE = 3072 ALLOWED_TYPES = */* PATH = /data/gitea/attachments [log] ROOT_PATH = /data/gitea/log MODE = file LEVEL = info ROUTER = file ROUTER_LOG_LEVEL = file [security] INSTALL_LOCK = true SECRET_KEY = 123 INTERNAL_TOKEN = 123 PASSWORD_COMPLEXITY = off [service] DISABLE_REGISTRATION = true REQUIRE_SIGNIN_VIEW = true REGISTER_EMAIL_CONFIRM = false ENABLE_NOTIFY_MAIL = true ALLOW_ONLY_EXTERNAL_REGISTRATION = false ENABLE_CAPTCHA = false DEFAULT_KEEP_EMAIL_PRIVATE = false DEFAULT_ALLOW_CREATE_ORGANIZATION = true DEFAULT_ENABLE_TIMETRACKING = true NO_REPLY_ADDRESS = noreply.localhost [oauth2] JWT_SECRET = 123 [mailer] ENABLED = true HOST = smtp.exmail.qq.com:465 FROM = hxat@bjhxat.com USER = hxat@bjhxat.com PASSWD = **** [openid] ENABLE_OPENID_SIGNIN = false ENABLE_OPENID_SIGNUP = false ``` 2. git push ``` git push upstream/dev ``` 3. Not tested yet, deploying testing

GiteaMirror commented

@wxiaoguang commented on GitHub (May 10, 2023):

Not tested yet, deploying testing

Any progress?

@wxiaoguang commented on GitHub (May 10, 2023): > Not tested yet, deploying testing Any progress?

GiteaMirror commented

@ghostman-git commented on GitHub (May 11, 2023):

Not tested yet, deploying testing

Any progress?

The latest version is fine, but the upgrade from the original version will not work.

@ghostman-git commented on GitHub (May 11, 2023): > > Not tested yet, deploying testing > > Any progress? The latest version is fine, but the upgrade from the original version will not work.

GiteaMirror commented

@lunny commented on GitHub (May 11, 2023):

Could you run ./gitea doctor?

@lunny commented on GitHub (May 11, 2023): Could you run `./gitea doctor`?

GiteaMirror commented

@wxiaoguang commented on GitHub (May 11, 2023):

The latest version is fine, but the upgrade from the original version will not work.

If you create a new repo in your old instance, does its branch protection work?

@wxiaoguang commented on GitHub (May 11, 2023): > The latest version is fine, but the upgrade from the original version will not work. If you create a new repo in your old instance, does its branch protection work?

GiteaMirror commented

@ghostman-git commented on GitHub (May 12, 2023):

The latest version is fine, but the upgrade from the original version will not work.

If you create a new repo in your old instance, does its branch protection work?

Tried, invalid

@ghostman-git commented on GitHub (May 12, 2023): > > The latest version is fine, but the upgrade from the original version will not work. > > If you create a new repo in your old instance, does its branch protection work? Tried, invalid

GiteaMirror commented

@ghostman-git commented on GitHub (May 12, 2023):

Could you run ?./gitea doctor

How to run？

./gitea doctor

@ghostman-git commented on GitHub (May 12, 2023): > Could you run ?`./gitea doctor` How to run？ > ./gitea doctor ![image](https://github.com/go-gitea/gitea/assets/13376074/c5b500d5-2462-497c-83ed-1fcccaf8c331) ![image](https://github.com/go-gitea/gitea/assets/13376074/fdcf9343-5d58-429e-8650-a1199a23882b) ![image](https://github.com/go-gitea/gitea/assets/13376074/17415b38-9bfd-434e-ae6b-e532657ef7df)

GiteaMirror commented

@wxiaoguang commented on GitHub (May 12, 2023):

The latest version is fine, but the upgrade from the original version will not work.

If you create a new repo in your old instance, does its branch protection work?

Tried, invalid

If you have tried gitea doctor and tried the newly create repo, the same problem still exists, from my side I do not have idea for this problem at the moment. It looks like something is out of sync, but it seems need some deep debugging work on your instance.

ps: does protection work for the push over https (not ssh)? if https works, then the problem is highly likely related the ssh part.

@wxiaoguang commented on GitHub (May 12, 2023): > > > The latest version is fine, but the upgrade from the original version will not work. > > > > > > If you create a new repo in your old instance, does its branch protection work? > > Tried, invalid If you have tried `gitea doctor` and tried the newly create repo, the same problem still exists, from my side I do not have idea for this problem at the moment. It looks like something is out of sync, but it seems need some deep debugging work on your instance. ps: does protection work for the push over https (not ssh)? if https works, then the problem is highly likely related the ssh part.

GiteaMirror commented

@ghostman-git commented on GitHub (May 15, 2023):

The latest version is fine, but the upgrade from the original version will not work.

If you create a new repo in your old instance, does its branch protection work?

Tried, invalid

If you have tried and tried the newly create repo, the same problem still exists, from my side I do not have idea for this problem at the moment. It looks like something is out of sync, but it seems need some deep debugging work on your instance.gitea doctor

ps: does protection work for the push over https (not ssh)? if https works, then the problem is highly likely related the ssh part.

Use http, invalid

@ghostman-git commented on GitHub (May 15, 2023): > > > > The latest version is fine, but the upgrade from the original version will not work. > > > > > > > > > If you create a new repo in your old instance, does its branch protection work? > > > > > > Tried, invalid > > If you have tried and tried the newly create repo, the same problem still exists, from my side I do not have idea for this problem at the moment. It looks like something is out of sync, but it seems need some deep debugging work on your instance.`gitea doctor` > > ps: does protection work for the push over https (not ssh)? if https works, then the problem is highly likely related the ssh part. Use http, invalid

GiteaMirror commented

@ghostman-git commented on GitHub (May 15, 2023):

The latest version is fine, but the upgrade from the original version will not work.

If you create a new repo in your old instance, does its branch protection work?

Tried, invalid

If you have tried and tried the newly create repo, the same problem still exists, from my side I do not have idea for this problem at the moment. It looks like something is out of sync, but it seems need some deep debugging work on your instance.gitea doctor

ps: does protection work for the push over https (not ssh)? if https works, then the problem is highly likely related the ssh part.

There are some warnings about data table columns in the log at startup, I don't know if it affects it

@ghostman-git commented on GitHub (May 15, 2023): > > > > The latest version is fine, but the upgrade from the original version will not work. > > > > > > > > > If you create a new repo in your old instance, does its branch protection work? > > > > > > Tried, invalid > > If you have tried and tried the newly create repo, the same problem still exists, from my side I do not have idea for this problem at the moment. It looks like something is out of sync, but it seems need some deep debugging work on your instance.`gitea doctor` > > ps: does protection work for the push over https (not ssh)? if https works, then the problem is highly likely related the ssh part. There are some warnings about data table columns in the log at startup, I don't know if it affects it ![image](https://github.com/go-gitea/gitea/assets/13376074/ee558477-fe89-426e-9586-073d1464287b)

GiteaMirror commented

@lunny commented on GitHub (May 16, 2023):

Those logs will not affect anything.

@lunny commented on GitHub (May 16, 2023): Those logs will not affect anything.

GiteaMirror commented

@ghostman-git commented on GitHub (May 17, 2023):

@ghostman-git commented on GitHub (May 17, 2023): ![image](https://github.com/go-gitea/gitea/assets/13376074/644c1c49-d2ea-4bff-92d2-a72dac764677) ![image](https://github.com/go-gitea/gitea/assets/13376074/d4428c07-4fab-4637-8e6f-c08ec2f99f42) ![image](https://github.com/go-gitea/gitea/assets/13376074/7d826532-f712-43dd-895f-c0cff32103d2)

GiteaMirror commented

@gwynlionhart commented on GitHub (Jun 6, 2023):

I am having the same issue with Gitea version 1.19.3. Using docker.

Initialize Gitea as some admin user "admin"
Create an organization "org"
Create a Team "team" in that organization with write permissions to Code
Create a user and put them in the "team" Team.
Create a repository "test" in that organization and initialize the "main" branch
Go to the repo setting, then Branches, then Add New Rule for branch protection
Set Protected Branch Pattern to "main"
Disable Push
Required approvals:1
Block merge on rejected reviews
Save Rule
Clone the repo as the test user
Edit the readme file, commit it
git push
See below output of the git push

user@workstation MINGW64 ~/projects/test (main)
$ git push
Enumerating objects: 5, done.
Counting objects: 100% (5/5), done.
Writing objects: 100% (3/3), 253 bytes | 253.00 KiB/s, done.
Total 3 (delta 0), reused 0 (delta 0), pack-reused 0
To https://git-website.com/git/org/test.git
   ea12f0d..54c30fa  main -> main

@gwynlionhart commented on GitHub (Jun 6, 2023): I am having the same issue with Gitea version 1.19.3. Using docker. 1. Initialize Gitea as some admin user "admin" 2. Create an organization "org" 3. Create a Team "team" in that organization with write permissions to Code 4. Create a user and put them in the "team" Team. 5. Create a repository "test" in that organization and initialize the "main" branch 6. Go to the repo setting, then Branches, then Add New Rule for branch protection 7. Set Protected Branch Pattern to "main" 8. Disable Push 9. Required approvals:1 10. Block merge on rejected reviews 11. Save Rule 12. Clone the repo as the test user 13. Edit the readme file, commit it 14. git push See below output of the git push ``` user@workstation MINGW64 ~/projects/test (main) $ git push Enumerating objects: 5, done. Counting objects: 100% (5/5), done. Writing objects: 100% (3/3), 253 bytes | 253.00 KiB/s, done. Total 3 (delta 0), reused 0 (delta 0), pack-reused 0 To https://git-website.com/git/org/test.git ea12f0d..54c30fa main -> main ```

GiteaMirror commented