1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
|
---
stage: Create
group: Source Code
info: "To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments"
description: "Use push rules to control the content and format of Git commits your repository will accept. Set standards for commit messages, and block secrets or credentials from being added accidentally."
---
# Group push rules API
DETAILS:
**Tier:** Premium, Ultimate
**Offering:** GitLab.com, Self-managed, GitLab Dedicated
The following [push rules](../user/group/access_and_permissions.md#group-push-rules)
endpoints are only available to group owners and administrators.
## Get the push rules of a group
Gets the push rules of a group.
```plaintext
GET /groups/:id/push_rule
```
Supported attributes:
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `id` | integer/string | yes | The ID of the group or [URL-encoded path of the group](rest/index.md#namespaced-paths). |
Example request:
```shell
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/2/push_rule"
```
Example response:
```json
{
"id": 1,
"created_at": "2020-08-17T19:09:19.580Z",
"commit_committer_check": true,
"commit_committer_name_check": true,
"reject_unsigned_commits": false,
"reject_non_dco_commits": false,
"commit_message_regex": "[a-zA-Z]",
"commit_message_negative_regex": "[x+]",
"branch_name_regex": "[a-z]",
"deny_delete_tag": true,
"member_check": true,
"prevent_secrets": true,
"author_email_regex": "^[A-Za-z0-9.]+@gitlab.com$",
"file_name_regex": "(exe)$",
"max_file_size": 100
}
```
## Add push rules to a group
Adds push rules to the group. Use only if you haven't defined any push rules so far.
```plaintext
POST /groups/:id/push_rule
```
Supported attributes:
<!-- markdownlint-disable MD056 -->
| Attribute | Type | Required | Description |
| --------------------------------------------- | -------------- | -------- | ----------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the group](rest/index.md#namespaced-paths). |
| `deny_delete_tag` | boolean | no | Deny deleting a tag. |
| `member_check` | boolean | no | Allow only GitLab users to author commits. |
| `prevent_secrets` | boolean | no | Reject files that are likely to [contain secrets](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/gitlab/checks/files_denylist.yml). |
| `commit_message_regex` | string | no | Allow only commit messages that match the regular expression provided in this attribute, for example, `Fixed \d+\..*`. |
| `commit_message_negative_regex` | string | no | Reject commit messages matching the regular expression provided in this attribute, for example, `ssh\:\/\/`. |
| `branch_name_regex` | string | no | Allow only branch names that match the regular expression provided in this attribute, for example, `(feature|hotfix)\/.*`. |
| `author_email_regex` | string | no | Allow only commit author emails that match the regular expression provided in this attribute, for example, `@my-company.com$`. |
| `file_name_regex` | string | no | Reject filenames matching the regular expression provided in this attribute, for example, `(jar|exe)$`. |
| `max_file_size` | integer | no | Maximum file size (MB) allowed. |
| `commit_committer_check` | boolean | no | Allow commits from users only if the committer email is one of their own verified emails. |
| `commit_committer_name_check` | boolean | no | Allow commits from users only if the commit author name is consistent with their GitLab account name. |
| `reject_unsigned_commits` | boolean | no | Reject a commit when it's not signed. |
| `reject_non_dco_commits` | boolean | no | Reject a commit when it's not DCO certified. |
<!-- markdownlint-enable MD056 -->
Example request:
```shell
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/19/push_rule?prevent_secrets=true"
```
Example response:
```json
{
"id": 1,
"created_at": "2020-08-31T15:53:00.073Z",
"commit_committer_check": false,
"commit_committer_name_check": false,
"reject_unsigned_commits": false,
"reject_non_dco_commits": false,
"commit_message_regex": "[a-zA-Z]",
"commit_message_negative_regex": "[x+]",
"branch_name_regex": null,
"deny_delete_tag": false,
"member_check": false,
"prevent_secrets": true,
"author_email_regex": "^[A-Za-z0-9.]+@gitlab.com$",
"file_name_regex": null,
"max_file_size": 100
}
```
## Edit the push rules of a group
Edits the push rules for the group.
```plaintext
PUT /groups/:id/push_rule
```
<!-- markdownlint-disable MD056 -->
| Attribute | Type | Required | Description |
| --------------------------------------------- | -------------- | -------- | ----------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the group](rest/index.md#namespaced-paths). |
| `deny_delete_tag` | boolean | no | Deny deleting a tag. |
| `member_check` | boolean | no | Allow only GitLab users to author commits. |
| `prevent_secrets` | boolean | no | Reject files that are likely to [contain secrets](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/gitlab/checks/files_denylist.yml). |
| `commit_message_regex` | string | no | Allow only commit messages that match the regular expression provided in this attribute, for example, `Fixed \d+\..*`. |
| `commit_message_negative_regex` | string | no | Reject commit messages matching the regular expression provided in this attribute, for example, `ssh\:\/\/`. |
| `branch_name_regex` | string | no | Allow only branch names that match the regular expression provided in this attribute, for example, `(feature|hotfix)\/.*`. |
| `author_email_regex` | string | no | Allow only commit author emails that match the regular expression provided in this attribute, for example, `@my-company.com$`. |
| `file_name_regex` | string | no | Reject filenames matching the regular expression provided in this attribute, for example, `(jar|exe)$`. |
| `max_file_size` | integer | no | Maximum file size (MB) allowed. |
| `commit_committer_check` | boolean | no | Allow commits from users only if the committer email is one of their own verified emails. |
| `commit_committer_name_check` | boolean | no | Allow commits from users only if the commit author name is consistent with their GitLab account name. |
| `reject_unsigned_commits` | boolean | no | Reject a commit when it's not signed. |
| `reject_non_dco_commits` | boolean | no | Reject a commit when it's not DCO certified. |
<!-- markdownlint-enable MD056 -->
Example request:
```shell
curl --request PUT --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/19/push_rule?member_check=true"
```
Example response:
```json
{
"id": 19,
"created_at": "2020-08-31T15:53:00.073Z",
"commit_committer_check": false,
"commit_committer_name_check": false,
"reject_unsigned_commits": false,
"reject_non_dco_commits": false,
"commit_message_regex": "[a-zA-Z]",
"commit_message_negative_regex": "[x+]",
"branch_name_regex": null,
"deny_delete_tag": false,
"member_check": true,
"prevent_secrets": false,
"author_email_regex": "^[A-Za-z0-9.]+@staging.gitlab.com$",
"file_name_regex": null,
"max_file_size": 100
}
```
## Delete the push rules of a group
Deletes all the push rules of a group.
```plaintext
DELETE /groups/:id/push_rule
```
Supported attributes:
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the group](rest/index.md#namespaced-paths). |
Example request:
```shell
curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/19/push_rule"
```
If successful, no response is returned.
|
