Is it possible to block git pulls/fetches?

Question

in our project we have a jenkins job running from a remote master branch. Developers often rebase from this remote master to fetch the latests changes into their local copies. What we want is to avoid this rebasing when the jenkins is broken (red or yellow ball). Instructions are "rebase only if jenkins is green" but... people are lazy :-)

So, can we do something in the jenkins job so that it blocks the git repo when the execution fails?

Best regards!

Answer 1

It seems you are not verifying your commits before merging into your git repository instead verifying them after merged into git in frequent intervals of time.

I think there is no way we can disable git pull other than removing ssh-keys of all users from git repository, which is not feasible. We can have a post build step in Jenkins which can manipulate authorized_keys file in Git to block access to git repo. ( I am not sure if it works)

We had a same scenario where each build+verification takes around 2 hours and we can't really enforce this test for each commit. But we were able to manage this situation.

If you are using gerrit:

Instead of using Jenkins Gerrit-trigger plugin, we can have our own script which will poll entire gerrit for changes which have all approvals and ready to merge and run your verification. Once verification succeeds all changes in that job will be merged(Submitted in Gerrit) automatically. With this we can avoid bad commits being merged.

If you are not using gerrit:

We can have two separate branches

1. Development branch ( where all developers push their changes)
2. Integration branch (from where developers can pull their changes)

All developers will push their changes to development branch and in frequent intervals we can verify development branch and push changes to integration branch only if verification succeeds.