I am trying to restrict the binary file (EXE, DLL, PDF) committing in our gitlab. So I need to add the hook to restrict it in globally. How can I do this? Is Pre-receive hook is suitable for this?
Is this place is correct to add the hook?
/opt/gitlab/embedded/service/gitlab-shell/hooks/pre-receive
Any helps appreciated!
As I commented, for per-project, use custom hooks: (Chained hooks support)
See the exact steps at "How can I add hooks to gitlab?", and involve the create of a dedicate repo.git/custom_hooks subfolder.
But that is per-repository, not for all repos.
You would need to add that script for each repo of a group.
The pre-receive script you would see in the normal repo.git/hooks folder is actually a symlink to the gitlab-shell hook folder, and it is taken by GitLab to manage the access permission.
You can install a side-wide hook, but it is not very well documented. Gitlab is currently integrating gitlab-shell and gitaly. So providing instructions is a bit of a moving target, but they are valid as of the release of 12.3.5.
The scripts in gitlab-shell/hooks/* scan the current repository and site wide directories. However, the site wide directories will not be created at a clean install and you need to create them yourself.
mkdir -p <XXX>/gitlab-shell/hooks/pre-receive.d # or update.d or post-receive.d
chown git:git <XXX>/gitlab-shell/hooks/pre-receive.d
# link or copy your script of course it needs to be executable by the Gitlab user
ln -s /usr/bin/my-hook <XXX>/gitlab-shell/hooks/pre-receive.d/my-hook
