Protect a file from accidental commits

Question

Consider an SVN repository which has a file with great production importance:

.
├── Makefile
├── README
├── config
│   └── system_configurations
│       └── IMPORTANT.conf
....

Developers often change IMPORTANT.conf locally for testing purposes, but don't want to commit it accidentally.

Is there a way to protect this file, so that committing it will show some kind of warning or require some special command line argument?

I know there are some architectural solutions (e.g., use LOCAL_IMPORTANT.conf locally, symlinks etc.) - I'm looking for a solution from the SVN realm.

Answer 1

Maybe use the SVN lock mechanism?

http://tortoisesvn.net/docs/nightly/TortoiseSVN_en/tsvn-dug-locking.html

This might not offer enough protection, since you can "steal" locks from other users, but it will prevent users from committing changes to a particular file, until they steal your lock.

Answer 2

I'd find a way where you could leave IMPORTANT.conf out of SVN entirely, and have the CI server copy it's approved one into place from another location -- such as IMPORTANT_Dev.conf, IMPORTANT_Prod.conf, etc.

Technically you could do a post-commit hook or pre-commit hook that would parse the commit's details for IMPORTANT.conf and either slap the dev or fail the commit, but that seems overkill to use a source control tool for configuration management.

Answer 3

Maybe it's not a simpliest solution, but absolutely configurable and general:

svn hook (pre-commit hook in this case)
You are free to use different script languages, and you are able to prevent accidentaly changes with predefined commit-comments, like:
(pseudo-code)

if(affected(important_file) && !commmentContains("IMPORTANT_FILE_CHANGE")) {
   return false;
}

You can find many articles on Google, but here is an example:
http://wordaligned.org/articles/a-subversion-pre-commit-hook

Answer 4

There are lots of possible solutions. I would favour locking (as mentioned by Khoi). Set the svn:needs-lock on the critical files, and then let people explicitly lock them in the rare cases they actually need to change.

http://svnbook.red-bean.com/en/1.7/svn.advanced.locking.html

Another solution might be though the SVN access controls. How is the SVN repository accessed? http and svn access both allow permissions to be set on paths:

http://svnbook.red-bean.com/en/1.7/svn.serverconfig.pathbasedauthz.html

Answer 5

Try just ignoring it

# ---------------------------------------------------------------------
#      Ignore all the .txt files in the /trunk/Blah/ directory
# ---------------------------------------------------------------------

# Go to the directory
cd trunk/Blah/              # The directory with the files

# Start editing the properties for the current directory
svn propedit svn:ignore .   # Opens an editor (SVN_EDITOR, EDITOR)

# Add the following value with a new line, save, and exit:
*.txt

# See that things worked
svn propget svn:ignore .    # So you can see the properties
svn status --no-ignore      # You should see an 'I' next to the ignored files

# Commit
svn commit -m "New Ignores" # You must commit the new property change


# ---------------------------------------------------------------------
#     Ignore a single file secret.txt in the /trunk/ directory
# ---------------------------------------------------------------------

# Go to the directory
cd trunk/

# Add just the single file to the current directories ignore list (like above)
# Note the dot at the end of the command is important
svn propset svn:ignore secret.txt .

# See that things worked
svn propget svn:ignore .    # Notice the single file was added to the list
svn status --no-ignore      # You should see an 'I' next to the ignored files

# Commit
svn commit -m "Its secret"  # You must commit the new property change

When you want to commit it, use

svn changelist ignore-on-commit {file-you-want-to-add}

And if you want to find files that aren't versioned

svn status | grep ^\? | awk '{print $2}'