Prevent users to push to specific folders in protected branches with CODEOWNERS does not work
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Summary
I use a mono repo for several reasons. There are some top level folders that I would like to protect from direct pushes, hence, if a push contains files in these "protected" folders it would be rejected. I have tried Codeowners in combination with protected branches but it turns out that a user/role either has the right to push to the protected branch or not. The Codeowners definitions is not applied if a user is allowed to push. And if a user is not allowed to push, then also Codeowners are not applied.
It seems the standard fashion to solve this is a simple server hook for pre-receive. A very simple script would then check if the push containes files in such a folder and rejects the push if that is the case. However, I am an GitLab SaaS where it seems you cannot add a server hook (which is strange because a server hook would be specific to a repository).
What is the expected correct behavior?
It should be able to apply codeowners either for Allowed push users or apply codeowners for non-allowed users such that the push would be allowed if the user is a code owner. It would however be best if you could set allowed to push to e.g. Developers / Maintainers and once Codeowners are set for specific folders the push would be rejected and an MR would be required
Or allow for server hooks that would solve the same problem for GitLab SaaS
Possible fixes
Or provide other means to solve that problem