Is it possible in Gitlab to disable force push for all branches, but allow to delete them?

Question

We use GitLab and want to disable force pushes and rebase for developers, but we also want them to be able to merge and delete branches, except protected ones. And we want to spread these rules to all our GitLab projects (there are about 130 of them) and to all branches. Is it possible?

We tried to use protected branches - in addition to protected master we mark all branches as protected (wildcard *), and allow developers to push and merge, but protected branches are also prohibited from deletion (even when merge request is accepted), so it doesn't work for us. Hope someone can suggest any working solution.

Answer 1

The only solution I found is to create global custom hook (according to the docs and this answer). So I've created the executable file gitlab-shell/hooks/pre-receive.d/disable-force-push.sh with the following content:

#!/bin/sh
# <oldrev> <newrev> <refname>
# update a blame tree
    
while read oldrev newrev ref ; do
    # old revision is blank - branch creation
    if [ "$oldrev" = "0000000000000000000000000000000000000000" ] || 
         # new revision is blank - branch deletion
         [ "$newrev" = "0000000000000000000000000000000000000000" ] ;
    then
        # create new or delete old branch
        continue;
    fi
    
    base=$(git merge-base $oldrev $newrev);
    if [ "$base" != "$oldrev" ] ; then
        # non fast forward merge
        echo "Force pushing of $ref is forbidden";
        exit 1;
    fi
done
exit 0;

Note that this only applies if you are self-hosting Gitlab. People on Gitlab SaaS can't make changes to the gitlab backend.