Details
-
Suggestion
-
Resolution: Fixed
Description
We recently had an "event" (I'll describe details below) where a user apparently changed a branch pointer and unwittingly merged two code lines. Problem is, we do not have any idea who did this because Bitbucket only shows commit pushes and does not provide an audit trail of who/when/what anyone changes a branch pointer via
git push origin master:branch
Here is what happened in our case as best we can figure. Given: a "master" (i.e. trunk) code line and a "branch" code line that is a branch off of "master".
- Work is done on "branch", committed, and pushed to Bitbucket.
- User checks out "master", does a git merge branch, commits the merge, and pushes to Bitbucket
- Someone, we don't know who, sets the "branch" branch pointer to "master" - git push origin master:branch
At this point the two code lines have completely joined. We don't want the two to join because there are changes in "master" that must not be in "branch".
Ideally, we would like to prevent this kind of branch pointer manipulation altogether (I don't know how to codify this into a specific rule - there are cases where this kind of manipulation should be allowed...). If we cannot get that then we at least want to know who did this so as to correct the behavior - so at least some audit trail would be needed.