[sysadmin-bin] Protect master and gnome-* and leave any other branch unprotected via on disk hooks (Gitlab has it's

[Andrea Veri <av src gnome org>]

commit f68f4bea107ac44d21205cc2ea6e44dd0b3f9be0
Author: Andrea Veri <averi redhat com>
Date:   Fri Dec 15 13:34:44 2017 +0100

    Protect master and gnome-* and leave any other branch unprotected via on disk hooks (Gitlab has it's own 
implementation of branch protection for maintainers that are interested)

 git/pre-receive-check-policy |   63 ++++++++++++++++++++++++++---------------
 1 files changed, 40 insertions(+), 23 deletions(-)
---
diff --git a/git/pre-receive-check-policy b/git/pre-receive-check-policy
index f8ba33b..f1b233c 100755
--- a/git/pre-receive-check-policy
+++ b/git/pre-receive-check-policy
@@ -112,10 +112,14 @@ check_ref_update() {
            # Branch update
            branchname=${refname#refs/heads/}
 
-           is_wip=false
-           case $branchname in
-               wip/*) is_wip=true ;;
-           esac
+        is_wip=false
+        is_master=false
+        is_gnome=false
+        case $branchname in
+        wip/*) is_wip=true ;;
+        master) is_master=true ;;
+        gnome-*) is_gnome=true ;;
+        esac
 
            range=
            case $change_type in
@@ -145,25 +149,38 @@ check_ref_update() {
                    fi
                    ;;
                update)
-                   range="$oldrev..$newrev"
-                   if [ "`git merge-base $oldrev $newrev`" != $oldrev ] && ! $is_wip && ! forced ; then
-                       # Non-fast-forward update. Right now we have
-                       # receive.denyNonFastforwards in the git configs for
-                       # our repositories anyways, but catching it here would
-                       # allow overriding without having to change the config
-                       # temporarily.
-                       cat <<- EOF >&2
-                               ---
-                               You are trying to update the branch '$branchname' in a way that is not
-                               a fast-forward update. Please see:
-
-                                 https://wiki.gnome.org/Git/Help/NonFastForward
-                               ---
-                               EOF
-                       exit 1
-                   fi
-                   ;;
-           esac
+            range="$oldrev..$newrev"
+            nonfastforward=false
+            if [ "`git merge-base $oldrev $newrev`" != $oldrev ]; then
+                # Non-fast-forward update. Right now we have
+                # receive.denyNonFastforwards in the git configs for
+                # our repositories anyways, but catching it here would
+                # allow overriding without having to change the config
+                # temporarily.
+                if [ "`hostname`" == 'git.gnome.org' ]; then
+                    if ! $is_wip && ! forced; then
+                        nonfastforward=true
+                    fi
+                elif [ "`hostname`" == 'gitlab.gnome.org' ]; then
+                    if ($is_master || $is_gnome); then
+                        nonfastforward=true
+                    fi
+                fi
+            fi
+
+            if $nonfastforward; then
+                cat <<- EOF >&2
+                    ---
+                    You are trying to update the branch '$branchname' in a way that is not
+                    a fast-forward update. Please see:
+
+                      https://wiki.gnome.org/Git/Help/NonFastForward
+                    ---
+                    EOF
+                exit 1
+            fi
+            ;;
+        esac
 
            # For new commits introduced with this branch update, we want to run some
            # checks to catch common mistakes.