My cenario: I have a gitolite environment with two groups, developers and servers. At the begining, servers having only read permission was enough, but now we have a script that executes a git pull and creates a tag for we can know the exact time and person who did the deploy. It works perfectly fine, but I would like to prevent commits comming from servers. Only developers on their computers can write code at the repository, but there's people pushing code from the servers.
I alread tested the permission RW, RW+ and RW+C, with no success. So I would like to know if there's any way I can allow servers to push tags to the repository but not commits.
Gitolite should support restricting on tag with refexes:
A refex is a word I made up to mean "a regex that matches a ref".
That means you can disallow a repo, but allow only tags
RW refs/tags/v[0-9] = bob
In other words, RW or other permission alternatives are not enough. You need the proper refex as well.
As the OP Everton Leite comments:
RW refs/tags/.* = @servers