Can any project contributor do a force-push on GitHub - or only the administrator?

Question

On a GitHub project I administer, someone made the mistake (due to a mis-communication in directions) of adding a really large audio-file to the project - causing the project (which is less than a month old) to have a bloated repository - of a level of bloat that rivals projects that have been around much longer and cover a much wider scope.

Upon researching, I have found that the only action I can take that would remove that commit not just from the present version of the project, but from it's entire history (which I would have to do if I am to rescue the project from this bloat) involves a force-push.

My question is this -- is a force-push an action that only the administrator/owner of a GitHub project can do, or something that anyone authorized as a contributor can do? And if so, any precautions I could take against misuse of such a feature (i.e. use by anyone other than the project administrator) while still allowing it's proper use (i.e. use by the project administrator)?

Granted -- I do not believe the individual in question will mis-use such a feature. I suppose it's not impossible, as nobody's actions can be 100% predicted - but I feel fairly confident that it's very unlikely. However, as time goes on in the future, the further into the future I go, the more likely it is that I will make the mistake of trusting someone who would mis-use such a feature -- so I consider it best to know now how much the danger is - and if the danger is real, what precautions I can take against it.

Answer 1

Is a force-push an action that only the administrator/owner of a GitHub project can do, or something that anyone authorized as a contributor can do?

Free and paid GitHub accounts

The answer to your question depends on the type of GitHub account you're using. You write, in your comment, that you're using a free account. Such an account doesn't allow you much control; it doesn't even allow you to set the receive.denyNonFastFowards switch in order to forbid all force pushes; although, apparently, GitHub staff will set it for you if you send them an email.

A paid, GitHub-Enterprise account will give you finer control over force pushes: with such an account, you can specify which collaborators are allowed to force-push to which branches in which repositories.

If you're not willing to switch to a paid account...

If you and your collaborators are set on working with free accounts, I think you're going about it the wrong way: you should move away from the centralized workflow you're currently using,

and adopt an Integration-Manager workflow.

In this workflow, instead of having one canonical repository that all collaborators can push to,

• each collaborator has her/his own public repository (or fork) that only s/he can (force-)push to;
• some trusted collaborator (you, in his scenario), is responsible for integrating changes from contributors into the blessed/canonical repository.

If you use the Integration-Manager workflow (or the more sophisticated Dictator-and-lieutenants workflow), you will no longer step on each other's toes.

(Diagrams are taken from the Pro Git book, chapter 5 - Distributed Git.)