One way to do that is to set a pre-commit hook on your local machine, and check for the presence of said file among the staged files :
# .git/hooks/pre-comit :
forbidden=$(git diff --cached --diff-filter=ACMR -- forbidden/file)
if [ -n "$forbidden" ]; then
echo "*** rejecting commit, file '$forbidden' is present" >&2
One major benefit is : you (or other users) are informed right now that this file should not be committed, rather than later when the push is rejected.
Downsides are :
- this hook must be installed once per clone of your repo
- a user can skip that hook (uninstall it manually, modify the hook script, or run
git commit -n to skip
If you need to be 100% positive this file does not reach the central repo, one way to prevent this is indeed to set a
pre-receive hook, but this hook must be set on the server.
You tagged your question
gitlab, here is the documentation page to set such a hook :
You need to access your gitlab's install filesystem (e.g : ssh to gitlab's server with the admin account), and set the
pre-receive hook in the appropriate project(s).
Note that, since a user can push a whole branch (or even several branches) in one go, you should check the presence of said file in all new commits pushed to the server, not just the tip of each branch.