Protect a file from accidental commits
-
04-06-2021 - |
Question
Consider an SVN repository which has a file with great production importance:
.
├── Makefile
├── README
├── config
│ └── system_configurations
│ └── IMPORTANT.conf
....
Developers often change IMPORTANT.conf
locally for testing purposes, but don't want to commit it accidentally.
Is there a way to protect this file, so that committing it will show some kind of warning or require some special command line argument?
I know there are some architectural solutions (e.g., use LOCAL_IMPORTANT.conf
locally, symlinks etc.) - I'm looking for a solution from the SVN realm.
Solution
Maybe use the SVN lock mechanism?
http://tortoisesvn.net/docs/nightly/TortoiseSVN_en/tsvn-dug-locking.html
This might not offer enough protection, since you can "steal" locks from other users, but it will prevent users from committing changes to a particular file, until they steal your lock.
OTHER TIPS
I'd find a way where you could leave IMPORTANT.conf out of SVN entirely, and have the CI server copy it's approved one into place from another location -- such as IMPORTANT_Dev.conf, IMPORTANT_Prod.conf, etc.
Technically you could do a post-commit hook or pre-commit hook that would parse the commit's details for IMPORTANT.conf and either slap the dev or fail the commit, but that seems overkill to use a source control tool for configuration management.
Maybe it's not a simpliest solution, but absolutely configurable and general:
svn hook (pre-commit hook in this case)
You are free to use different script languages, and you are able to prevent accidentaly changes with predefined commit-comments, like:
(pseudo-code)
if(affected(important_file) && !commmentContains("IMPORTANT_FILE_CHANGE")) {
return false;
}
You can find many articles on Google, but here is an example:
http://wordaligned.org/articles/a-subversion-pre-commit-hook
There are lots of possible solutions. I would favour locking (as mentioned by Khoi). Set the svn:needs-lock on the critical files, and then let people explicitly lock them in the rare cases they actually need to change.
http://svnbook.red-bean.com/en/1.7/svn.advanced.locking.html
Another solution might be though the SVN access controls. How is the SVN repository accessed? http and svn access both allow permissions to be set on paths:
http://svnbook.red-bean.com/en/1.7/svn.serverconfig.pathbasedauthz.html
Try just ignoring it
# ---------------------------------------------------------------------
# Ignore all the .txt files in the /trunk/Blah/ directory
# ---------------------------------------------------------------------
# Go to the directory
cd trunk/Blah/ # The directory with the files
# Start editing the properties for the current directory
svn propedit svn:ignore . # Opens an editor (SVN_EDITOR, EDITOR)
# Add the following value with a new line, save, and exit:
*.txt
# See that things worked
svn propget svn:ignore . # So you can see the properties
svn status --no-ignore # You should see an 'I' next to the ignored files
# Commit
svn commit -m "New Ignores" # You must commit the new property change
# ---------------------------------------------------------------------
# Ignore a single file secret.txt in the /trunk/ directory
# ---------------------------------------------------------------------
# Go to the directory
cd trunk/
# Add just the single file to the current directories ignore list (like above)
# Note the dot at the end of the command is important
svn propset svn:ignore secret.txt .
# See that things worked
svn propget svn:ignore . # Notice the single file was added to the list
svn status --no-ignore # You should see an 'I' next to the ignored files
# Commit
svn commit -m "Its secret" # You must commit the new property change
When you want to commit it, use
svn changelist ignore-on-commit {file-you-want-to-add}
And if you want to find files that aren't versioned
svn status | grep ^\? | awk '{print $2}'