Skip to content

Latest commit

 

History

History
86 lines (72 loc) · 4.14 KB

README.md

File metadata and controls

86 lines (72 loc) · 4.14 KB

A basic TFS Server Plugin that filters Git Push operations. Its purpose is to implement enterprise policies on Git repositories.

Design

A policy controls behavior for one or more repositories (you can use the * wildcard); a policy checks one or more rules that must be satisfied for the requested Git push operation to be accepted. The rules can be:

  • read-only to refuse any change to the repository
  • Limit size to avoid accepting big files in the repository
  • Force Push to restrict Force Push (i.e. history rewriting) to a group of users, no matters the permission on the Repository
  • email to constraint the accepted email addresses for Authors and Contributors

Install

Copy the DLL and the policy file in %Program Files%\Microsoft Team Foundation Server 12.0\Application Tier\Web Services\bin\Plugins.

Add a new source to the Event Log, e.g.

New-EventLog -LogName "Application" -Source "GitPushFilter"

Configuration

The plugin is driven by the GitPushFilter.policies configuration file, which must be present in the same folder, e.g. %Program Files%\Microsoft Team Foundation Server 12.0\Application Tier\Web Services\bin\Plugins

<GitPushFilterConfiguration
    LogFile="optional-path-to-diagnostic-log-file">
  <Policy
      Collection="name-of-tfs-collection-or-wildcard"
      Project="name-of-tfs-project-or-wildcard"
      Repository="name-of-tfs-git-repository-or-wildcard">
    <!-- rules -->
    <ReadOnly />
    <LimitSize megabytes="1">
      <!-- optional exempted groups -->
      <Allowed Group="windows-or-tfs-group"/>
      <!-- add more allowed groups -->
    </LimitSize>
    <ForcePush>
      <!-- optional exempted groups -->
      <Allowed Group="windows-or-tfs-group"/>
      <!-- add more allowed groups -->
    </ForcePush>
    <ValidEmails>
      <AuthorEmail matches="regular-expression" />
      <CommitterEmail matches="regular-expression" />
      <!-- add more allowed emails -->
    </ValidEmails>
  </Policy>
  <!-- add more policies for additional projects and repos -->
</GitPushFilterConfiguration>
Parameter Mandatory Repeatable Description
LogFile No No Full path to diagnostic log file
Policy Yes No Policy to apply to one or more repositories
Collection Yes No TeamProjectCollection scope, use * for all Collections
Project Yes No TeamProject scope, use * for all Projects in Collection
Repository Yes No Git Repository scope, use * for all Repositories in Project
ReadOnly No No Rule to refuse any change to the repository, putting it in a read-only mode
LimitSize No No Rule to control the size of files in a push (not a single commit)
ForcePush No No Rule to control history rewrite, i.e. force push
Allowed Yes Yes The Group attribute specify the Windows or TFS group
ValidEmails No No Rule to control commit emails
AuthorEmail Yes Yes The matches attribute specify a regular expression to be satisfied by Author email
CommitterEmail Yes Yes The matches attribute specify a regular expression to be satisfied by Committer email

Build

To compile the project, you must copy in the References folder, the proper version of the following TFS assemblies:

  • Microsoft.TeamFoundation.Client
  • Microsoft.TeamFoundation.Common
  • Microsoft.TeamFoundation.Framework.Server
  • Microsoft.TeamFoundation.Git.Server
  • Microsoft.TeamFoundation.Server.Core
  • Microsoft.VisualStudio.Services.WebApi

Built and tested with Visual Studio 2013 Update 4 and TFS 2013 Update 4.

You must define environment variable TFS_HOME to automatically copy the output to TFS plugin directory. For example, %ProgramFiles%\Microsoft Team Foundation Server 12.0