Find committer of a force push on github





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}







12















In our project (which is hosted on GitHub), someone accidentally force-pushes master every once in a while. No one is aware if doing so, and I would like to find out who does it and what sort of misconfigured tool or bad habit is behind it.



So the question is, how to identify the user who made the force push? When I pull I see something like this:



# git pull --prune
(.....)
+ 4c0d44c...138b9ed master -> origin/master (forced update)


but 138b9ed is just the latest commit in origin/master, and anyone might have committed after the force push; it is even possible that the force pusher himself did not commit anything, just rebased, so his name is not even present in the rewritten part of origin/master's history as an author.



I also tried git reflog origin/master, but it just gives the same information: there is a record saying git pull --prune (forced update) with the commit id 138b9ed, but that will again give the last committer into master, not the one who did the force push. Running git reflog master on the origin server would probably help, but GitHub does not give you that sort of access AFAIK.



Is there any reliable way to find out whom the push originated from (and when)?










share|improve this question























  • You now can see who force pushed your branch (on GitHub only): see my answer below

    – VonC
    Nov 16 '18 at 18:45


















12















In our project (which is hosted on GitHub), someone accidentally force-pushes master every once in a while. No one is aware if doing so, and I would like to find out who does it and what sort of misconfigured tool or bad habit is behind it.



So the question is, how to identify the user who made the force push? When I pull I see something like this:



# git pull --prune
(.....)
+ 4c0d44c...138b9ed master -> origin/master (forced update)


but 138b9ed is just the latest commit in origin/master, and anyone might have committed after the force push; it is even possible that the force pusher himself did not commit anything, just rebased, so his name is not even present in the rewritten part of origin/master's history as an author.



I also tried git reflog origin/master, but it just gives the same information: there is a record saying git pull --prune (forced update) with the commit id 138b9ed, but that will again give the last committer into master, not the one who did the force push. Running git reflog master on the origin server would probably help, but GitHub does not give you that sort of access AFAIK.



Is there any reliable way to find out whom the push originated from (and when)?










share|improve this question























  • You now can see who force pushed your branch (on GitHub only): see my answer below

    – VonC
    Nov 16 '18 at 18:45














12












12








12


3






In our project (which is hosted on GitHub), someone accidentally force-pushes master every once in a while. No one is aware if doing so, and I would like to find out who does it and what sort of misconfigured tool or bad habit is behind it.



So the question is, how to identify the user who made the force push? When I pull I see something like this:



# git pull --prune
(.....)
+ 4c0d44c...138b9ed master -> origin/master (forced update)


but 138b9ed is just the latest commit in origin/master, and anyone might have committed after the force push; it is even possible that the force pusher himself did not commit anything, just rebased, so his name is not even present in the rewritten part of origin/master's history as an author.



I also tried git reflog origin/master, but it just gives the same information: there is a record saying git pull --prune (forced update) with the commit id 138b9ed, but that will again give the last committer into master, not the one who did the force push. Running git reflog master on the origin server would probably help, but GitHub does not give you that sort of access AFAIK.



Is there any reliable way to find out whom the push originated from (and when)?










share|improve this question














In our project (which is hosted on GitHub), someone accidentally force-pushes master every once in a while. No one is aware if doing so, and I would like to find out who does it and what sort of misconfigured tool or bad habit is behind it.



So the question is, how to identify the user who made the force push? When I pull I see something like this:



# git pull --prune
(.....)
+ 4c0d44c...138b9ed master -> origin/master (forced update)


but 138b9ed is just the latest commit in origin/master, and anyone might have committed after the force push; it is even possible that the force pusher himself did not commit anything, just rebased, so his name is not even present in the rewritten part of origin/master's history as an author.



I also tried git reflog origin/master, but it just gives the same information: there is a record saying git pull --prune (forced update) with the commit id 138b9ed, but that will again give the last committer into master, not the one who did the force push. Running git reflog master on the origin server would probably help, but GitHub does not give you that sort of access AFAIK.



Is there any reliable way to find out whom the push originated from (and when)?







git github git-push






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Jul 6 '13 at 13:01









TgrTgr

21k866101




21k866101













  • You now can see who force pushed your branch (on GitHub only): see my answer below

    – VonC
    Nov 16 '18 at 18:45



















  • You now can see who force pushed your branch (on GitHub only): see my answer below

    – VonC
    Nov 16 '18 at 18:45

















You now can see who force pushed your branch (on GitHub only): see my answer below

– VonC
Nov 16 '18 at 18:45





You now can see who force pushed your branch (on GitHub only): see my answer below

– VonC
Nov 16 '18 at 18:45












2 Answers
2






active

oldest

votes


















12














You can add a webhook to your Github repository and have it submit the push notifications to some server or a service like requestb.in.



The notification payload has a pusher key which identifies the Github user account used to push the update(s). This way you should be able to identify the "bad guy".



Edit: The payload also has a boolean forced key, which tells you if the even was --force pushed or not. It is not shown in Github's example payload [as of 2013-07-06], but visible in this other example.



Edit: This is only possible because Github is an integrated solution that identifies the pusher and provides that information in the webhook payload. Using a pure Git server (e.g. using only SSH for authorization) or a different Git serving solution (Gitolite, Gitlab, etc), this might not be possible. Git itself has no way of identifying the user who pushes (Git only saves user information in commit and tag objects), so this information has to be provided by the identification & authorization part of the connection (this can be SSH or HTTPS or the likes; it can also be completely missing, for example when pushing locally to a repo on the same file system).






share|improve this answer


























  • So basically I would check whether before is an ancestor of after in the post-receive webhook payload, and if not, it was a force push?

    – Tgr
    Jul 6 '13 at 13:26











  • Yes (+1), ... either that answer, or use a polygraph ;) as in stackoverflow.com/a/15030429/6309.

    – VonC
    Jul 6 '13 at 13:29













  • @Tgr, the payload has a forced key which tells you if the push was forced ;)

    – Nevik Rehnel
    Jul 6 '13 at 13:31











  • @NevikRehnel the one linked has no forced key. Am I looking at the wrong hook then?

    – Tgr
    Jul 6 '13 at 13:43











  • @Tgr: it does not show up in the github example payload. you can see it in this other example

    – Nevik Rehnel
    Jul 6 '13 at 13:45





















1














As GitHub just mentioned on twitter




Let the force (push) be with you.



Seriously.

Go ahead, force push to that branch




https://pbs.twimg.com/media/DsJIVxtU4AAreMW.jpg:large



The blog post "Force push timeline event" mentions:




When you force push to a branch, GitHub now displays the force push event in the “Conversation” timeline of your pull request.



Clicking the “force-pushed” link will show a two dot comparison between the two commits.







share|improve this answer
























  • What if the branch is not in a pull request?

    – donquixote
    Feb 7 at 17:12











  • @donquixote Then it won't show up, and you would have to query the push events in order to find back those old commits, in a "poor man reflog" fashion: stackoverflow.com/a/50515355/6309

    – VonC
    Feb 7 at 17:37











  • I think the linked QA only explains this for local pushes, not for those on github.

    – donquixote
    Feb 7 at 21:03











  • @donquixote yes, but the linked QA refers itself to stackoverflow.com/a/28958418/6309

    – VonC
    Feb 7 at 21:41












Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f17503226%2ffind-committer-of-a-force-push-on-github%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























2 Answers
2






active

oldest

votes








2 Answers
2






active

oldest

votes









active

oldest

votes






active

oldest

votes









12














You can add a webhook to your Github repository and have it submit the push notifications to some server or a service like requestb.in.



The notification payload has a pusher key which identifies the Github user account used to push the update(s). This way you should be able to identify the "bad guy".



Edit: The payload also has a boolean forced key, which tells you if the even was --force pushed or not. It is not shown in Github's example payload [as of 2013-07-06], but visible in this other example.



Edit: This is only possible because Github is an integrated solution that identifies the pusher and provides that information in the webhook payload. Using a pure Git server (e.g. using only SSH for authorization) or a different Git serving solution (Gitolite, Gitlab, etc), this might not be possible. Git itself has no way of identifying the user who pushes (Git only saves user information in commit and tag objects), so this information has to be provided by the identification & authorization part of the connection (this can be SSH or HTTPS or the likes; it can also be completely missing, for example when pushing locally to a repo on the same file system).






share|improve this answer


























  • So basically I would check whether before is an ancestor of after in the post-receive webhook payload, and if not, it was a force push?

    – Tgr
    Jul 6 '13 at 13:26











  • Yes (+1), ... either that answer, or use a polygraph ;) as in stackoverflow.com/a/15030429/6309.

    – VonC
    Jul 6 '13 at 13:29













  • @Tgr, the payload has a forced key which tells you if the push was forced ;)

    – Nevik Rehnel
    Jul 6 '13 at 13:31











  • @NevikRehnel the one linked has no forced key. Am I looking at the wrong hook then?

    – Tgr
    Jul 6 '13 at 13:43











  • @Tgr: it does not show up in the github example payload. you can see it in this other example

    – Nevik Rehnel
    Jul 6 '13 at 13:45


















12














You can add a webhook to your Github repository and have it submit the push notifications to some server or a service like requestb.in.



The notification payload has a pusher key which identifies the Github user account used to push the update(s). This way you should be able to identify the "bad guy".



Edit: The payload also has a boolean forced key, which tells you if the even was --force pushed or not. It is not shown in Github's example payload [as of 2013-07-06], but visible in this other example.



Edit: This is only possible because Github is an integrated solution that identifies the pusher and provides that information in the webhook payload. Using a pure Git server (e.g. using only SSH for authorization) or a different Git serving solution (Gitolite, Gitlab, etc), this might not be possible. Git itself has no way of identifying the user who pushes (Git only saves user information in commit and tag objects), so this information has to be provided by the identification & authorization part of the connection (this can be SSH or HTTPS or the likes; it can also be completely missing, for example when pushing locally to a repo on the same file system).






share|improve this answer


























  • So basically I would check whether before is an ancestor of after in the post-receive webhook payload, and if not, it was a force push?

    – Tgr
    Jul 6 '13 at 13:26











  • Yes (+1), ... either that answer, or use a polygraph ;) as in stackoverflow.com/a/15030429/6309.

    – VonC
    Jul 6 '13 at 13:29













  • @Tgr, the payload has a forced key which tells you if the push was forced ;)

    – Nevik Rehnel
    Jul 6 '13 at 13:31











  • @NevikRehnel the one linked has no forced key. Am I looking at the wrong hook then?

    – Tgr
    Jul 6 '13 at 13:43











  • @Tgr: it does not show up in the github example payload. you can see it in this other example

    – Nevik Rehnel
    Jul 6 '13 at 13:45
















12












12








12







You can add a webhook to your Github repository and have it submit the push notifications to some server or a service like requestb.in.



The notification payload has a pusher key which identifies the Github user account used to push the update(s). This way you should be able to identify the "bad guy".



Edit: The payload also has a boolean forced key, which tells you if the even was --force pushed or not. It is not shown in Github's example payload [as of 2013-07-06], but visible in this other example.



Edit: This is only possible because Github is an integrated solution that identifies the pusher and provides that information in the webhook payload. Using a pure Git server (e.g. using only SSH for authorization) or a different Git serving solution (Gitolite, Gitlab, etc), this might not be possible. Git itself has no way of identifying the user who pushes (Git only saves user information in commit and tag objects), so this information has to be provided by the identification & authorization part of the connection (this can be SSH or HTTPS or the likes; it can also be completely missing, for example when pushing locally to a repo on the same file system).






share|improve this answer















You can add a webhook to your Github repository and have it submit the push notifications to some server or a service like requestb.in.



The notification payload has a pusher key which identifies the Github user account used to push the update(s). This way you should be able to identify the "bad guy".



Edit: The payload also has a boolean forced key, which tells you if the even was --force pushed or not. It is not shown in Github's example payload [as of 2013-07-06], but visible in this other example.



Edit: This is only possible because Github is an integrated solution that identifies the pusher and provides that information in the webhook payload. Using a pure Git server (e.g. using only SSH for authorization) or a different Git serving solution (Gitolite, Gitlab, etc), this might not be possible. Git itself has no way of identifying the user who pushes (Git only saves user information in commit and tag objects), so this information has to be provided by the identification & authorization part of the connection (this can be SSH or HTTPS or the likes; it can also be completely missing, for example when pushing locally to a repo on the same file system).







share|improve this answer














share|improve this answer



share|improve this answer








edited Jul 6 '13 at 13:53

























answered Jul 6 '13 at 13:05









Nevik RehnelNevik Rehnel

29.2k54944




29.2k54944













  • So basically I would check whether before is an ancestor of after in the post-receive webhook payload, and if not, it was a force push?

    – Tgr
    Jul 6 '13 at 13:26











  • Yes (+1), ... either that answer, or use a polygraph ;) as in stackoverflow.com/a/15030429/6309.

    – VonC
    Jul 6 '13 at 13:29













  • @Tgr, the payload has a forced key which tells you if the push was forced ;)

    – Nevik Rehnel
    Jul 6 '13 at 13:31











  • @NevikRehnel the one linked has no forced key. Am I looking at the wrong hook then?

    – Tgr
    Jul 6 '13 at 13:43











  • @Tgr: it does not show up in the github example payload. you can see it in this other example

    – Nevik Rehnel
    Jul 6 '13 at 13:45





















  • So basically I would check whether before is an ancestor of after in the post-receive webhook payload, and if not, it was a force push?

    – Tgr
    Jul 6 '13 at 13:26











  • Yes (+1), ... either that answer, or use a polygraph ;) as in stackoverflow.com/a/15030429/6309.

    – VonC
    Jul 6 '13 at 13:29













  • @Tgr, the payload has a forced key which tells you if the push was forced ;)

    – Nevik Rehnel
    Jul 6 '13 at 13:31











  • @NevikRehnel the one linked has no forced key. Am I looking at the wrong hook then?

    – Tgr
    Jul 6 '13 at 13:43











  • @Tgr: it does not show up in the github example payload. you can see it in this other example

    – Nevik Rehnel
    Jul 6 '13 at 13:45



















So basically I would check whether before is an ancestor of after in the post-receive webhook payload, and if not, it was a force push?

– Tgr
Jul 6 '13 at 13:26





So basically I would check whether before is an ancestor of after in the post-receive webhook payload, and if not, it was a force push?

– Tgr
Jul 6 '13 at 13:26













Yes (+1), ... either that answer, or use a polygraph ;) as in stackoverflow.com/a/15030429/6309.

– VonC
Jul 6 '13 at 13:29







Yes (+1), ... either that answer, or use a polygraph ;) as in stackoverflow.com/a/15030429/6309.

– VonC
Jul 6 '13 at 13:29















@Tgr, the payload has a forced key which tells you if the push was forced ;)

– Nevik Rehnel
Jul 6 '13 at 13:31





@Tgr, the payload has a forced key which tells you if the push was forced ;)

– Nevik Rehnel
Jul 6 '13 at 13:31













@NevikRehnel the one linked has no forced key. Am I looking at the wrong hook then?

– Tgr
Jul 6 '13 at 13:43





@NevikRehnel the one linked has no forced key. Am I looking at the wrong hook then?

– Tgr
Jul 6 '13 at 13:43













@Tgr: it does not show up in the github example payload. you can see it in this other example

– Nevik Rehnel
Jul 6 '13 at 13:45







@Tgr: it does not show up in the github example payload. you can see it in this other example

– Nevik Rehnel
Jul 6 '13 at 13:45















1














As GitHub just mentioned on twitter




Let the force (push) be with you.



Seriously.

Go ahead, force push to that branch




https://pbs.twimg.com/media/DsJIVxtU4AAreMW.jpg:large



The blog post "Force push timeline event" mentions:




When you force push to a branch, GitHub now displays the force push event in the “Conversation” timeline of your pull request.



Clicking the “force-pushed” link will show a two dot comparison between the two commits.







share|improve this answer
























  • What if the branch is not in a pull request?

    – donquixote
    Feb 7 at 17:12











  • @donquixote Then it won't show up, and you would have to query the push events in order to find back those old commits, in a "poor man reflog" fashion: stackoverflow.com/a/50515355/6309

    – VonC
    Feb 7 at 17:37











  • I think the linked QA only explains this for local pushes, not for those on github.

    – donquixote
    Feb 7 at 21:03











  • @donquixote yes, but the linked QA refers itself to stackoverflow.com/a/28958418/6309

    – VonC
    Feb 7 at 21:41
















1














As GitHub just mentioned on twitter




Let the force (push) be with you.



Seriously.

Go ahead, force push to that branch




https://pbs.twimg.com/media/DsJIVxtU4AAreMW.jpg:large



The blog post "Force push timeline event" mentions:




When you force push to a branch, GitHub now displays the force push event in the “Conversation” timeline of your pull request.



Clicking the “force-pushed” link will show a two dot comparison between the two commits.







share|improve this answer
























  • What if the branch is not in a pull request?

    – donquixote
    Feb 7 at 17:12











  • @donquixote Then it won't show up, and you would have to query the push events in order to find back those old commits, in a "poor man reflog" fashion: stackoverflow.com/a/50515355/6309

    – VonC
    Feb 7 at 17:37











  • I think the linked QA only explains this for local pushes, not for those on github.

    – donquixote
    Feb 7 at 21:03











  • @donquixote yes, but the linked QA refers itself to stackoverflow.com/a/28958418/6309

    – VonC
    Feb 7 at 21:41














1












1








1







As GitHub just mentioned on twitter




Let the force (push) be with you.



Seriously.

Go ahead, force push to that branch




https://pbs.twimg.com/media/DsJIVxtU4AAreMW.jpg:large



The blog post "Force push timeline event" mentions:




When you force push to a branch, GitHub now displays the force push event in the “Conversation” timeline of your pull request.



Clicking the “force-pushed” link will show a two dot comparison between the two commits.







share|improve this answer













As GitHub just mentioned on twitter




Let the force (push) be with you.



Seriously.

Go ahead, force push to that branch




https://pbs.twimg.com/media/DsJIVxtU4AAreMW.jpg:large



The blog post "Force push timeline event" mentions:




When you force push to a branch, GitHub now displays the force push event in the “Conversation” timeline of your pull request.



Clicking the “force-pushed” link will show a two dot comparison between the two commits.








share|improve this answer












share|improve this answer



share|improve this answer










answered Nov 16 '18 at 18:45









VonCVonC

855k30227273293




855k30227273293













  • What if the branch is not in a pull request?

    – donquixote
    Feb 7 at 17:12











  • @donquixote Then it won't show up, and you would have to query the push events in order to find back those old commits, in a "poor man reflog" fashion: stackoverflow.com/a/50515355/6309

    – VonC
    Feb 7 at 17:37











  • I think the linked QA only explains this for local pushes, not for those on github.

    – donquixote
    Feb 7 at 21:03











  • @donquixote yes, but the linked QA refers itself to stackoverflow.com/a/28958418/6309

    – VonC
    Feb 7 at 21:41



















  • What if the branch is not in a pull request?

    – donquixote
    Feb 7 at 17:12











  • @donquixote Then it won't show up, and you would have to query the push events in order to find back those old commits, in a "poor man reflog" fashion: stackoverflow.com/a/50515355/6309

    – VonC
    Feb 7 at 17:37











  • I think the linked QA only explains this for local pushes, not for those on github.

    – donquixote
    Feb 7 at 21:03











  • @donquixote yes, but the linked QA refers itself to stackoverflow.com/a/28958418/6309

    – VonC
    Feb 7 at 21:41

















What if the branch is not in a pull request?

– donquixote
Feb 7 at 17:12





What if the branch is not in a pull request?

– donquixote
Feb 7 at 17:12













@donquixote Then it won't show up, and you would have to query the push events in order to find back those old commits, in a "poor man reflog" fashion: stackoverflow.com/a/50515355/6309

– VonC
Feb 7 at 17:37





@donquixote Then it won't show up, and you would have to query the push events in order to find back those old commits, in a "poor man reflog" fashion: stackoverflow.com/a/50515355/6309

– VonC
Feb 7 at 17:37













I think the linked QA only explains this for local pushes, not for those on github.

– donquixote
Feb 7 at 21:03





I think the linked QA only explains this for local pushes, not for those on github.

– donquixote
Feb 7 at 21:03













@donquixote yes, but the linked QA refers itself to stackoverflow.com/a/28958418/6309

– VonC
Feb 7 at 21:41





@donquixote yes, but the linked QA refers itself to stackoverflow.com/a/28958418/6309

– VonC
Feb 7 at 21:41


















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f17503226%2ffind-committer-of-a-force-push-on-github%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Florida Star v. B. J. F.

Danny Elfman

Lugert, Oklahoma