Find committer of a force push on github
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
In our project (which is hosted on GitHub), someone accidentally force-pushes master every once in a while. No one is aware if doing so, and I would like to find out who does it and what sort of misconfigured tool or bad habit is behind it.
So the question is, how to identify the user who made the force push? When I pull I see something like this:
# git pull --prune
(.....)
+ 4c0d44c...138b9ed master -> origin/master (forced update)
but 138b9ed
is just the latest commit in origin/master, and anyone might have committed after the force push; it is even possible that the force pusher himself did not commit anything, just rebased, so his name is not even present in the rewritten part of origin/master's history as an author.
I also tried git reflog origin/master
, but it just gives the same information: there is a record saying git pull --prune (forced update)
with the commit id 138b9ed
, but that will again give the last committer into master, not the one who did the force push. Running git reflog master
on the origin server would probably help, but GitHub does not give you that sort of access AFAIK.
Is there any reliable way to find out whom the push originated from (and when)?
git github git-push
add a comment |
In our project (which is hosted on GitHub), someone accidentally force-pushes master every once in a while. No one is aware if doing so, and I would like to find out who does it and what sort of misconfigured tool or bad habit is behind it.
So the question is, how to identify the user who made the force push? When I pull I see something like this:
# git pull --prune
(.....)
+ 4c0d44c...138b9ed master -> origin/master (forced update)
but 138b9ed
is just the latest commit in origin/master, and anyone might have committed after the force push; it is even possible that the force pusher himself did not commit anything, just rebased, so his name is not even present in the rewritten part of origin/master's history as an author.
I also tried git reflog origin/master
, but it just gives the same information: there is a record saying git pull --prune (forced update)
with the commit id 138b9ed
, but that will again give the last committer into master, not the one who did the force push. Running git reflog master
on the origin server would probably help, but GitHub does not give you that sort of access AFAIK.
Is there any reliable way to find out whom the push originated from (and when)?
git github git-push
You now can see who force pushed your branch (on GitHub only): see my answer below
– VonC
Nov 16 '18 at 18:45
add a comment |
In our project (which is hosted on GitHub), someone accidentally force-pushes master every once in a while. No one is aware if doing so, and I would like to find out who does it and what sort of misconfigured tool or bad habit is behind it.
So the question is, how to identify the user who made the force push? When I pull I see something like this:
# git pull --prune
(.....)
+ 4c0d44c...138b9ed master -> origin/master (forced update)
but 138b9ed
is just the latest commit in origin/master, and anyone might have committed after the force push; it is even possible that the force pusher himself did not commit anything, just rebased, so his name is not even present in the rewritten part of origin/master's history as an author.
I also tried git reflog origin/master
, but it just gives the same information: there is a record saying git pull --prune (forced update)
with the commit id 138b9ed
, but that will again give the last committer into master, not the one who did the force push. Running git reflog master
on the origin server would probably help, but GitHub does not give you that sort of access AFAIK.
Is there any reliable way to find out whom the push originated from (and when)?
git github git-push
In our project (which is hosted on GitHub), someone accidentally force-pushes master every once in a while. No one is aware if doing so, and I would like to find out who does it and what sort of misconfigured tool or bad habit is behind it.
So the question is, how to identify the user who made the force push? When I pull I see something like this:
# git pull --prune
(.....)
+ 4c0d44c...138b9ed master -> origin/master (forced update)
but 138b9ed
is just the latest commit in origin/master, and anyone might have committed after the force push; it is even possible that the force pusher himself did not commit anything, just rebased, so his name is not even present in the rewritten part of origin/master's history as an author.
I also tried git reflog origin/master
, but it just gives the same information: there is a record saying git pull --prune (forced update)
with the commit id 138b9ed
, but that will again give the last committer into master, not the one who did the force push. Running git reflog master
on the origin server would probably help, but GitHub does not give you that sort of access AFAIK.
Is there any reliable way to find out whom the push originated from (and when)?
git github git-push
git github git-push
asked Jul 6 '13 at 13:01
TgrTgr
21k866101
21k866101
You now can see who force pushed your branch (on GitHub only): see my answer below
– VonC
Nov 16 '18 at 18:45
add a comment |
You now can see who force pushed your branch (on GitHub only): see my answer below
– VonC
Nov 16 '18 at 18:45
You now can see who force pushed your branch (on GitHub only): see my answer below
– VonC
Nov 16 '18 at 18:45
You now can see who force pushed your branch (on GitHub only): see my answer below
– VonC
Nov 16 '18 at 18:45
add a comment |
2 Answers
2
active
oldest
votes
You can add a webhook to your Github repository and have it submit the push notifications to some server or a service like requestb.in.
The notification payload has a pusher
key which identifies the Github user account used to push the update(s). This way you should be able to identify the "bad guy".
Edit: The payload also has a boolean forced
key, which tells you if the even was --force
pushed or not. It is not shown in Github's example payload [as of 2013-07-06], but visible in this other example.
Edit: This is only possible because Github is an integrated solution that identifies the pusher and provides that information in the webhook payload. Using a pure Git server (e.g. using only SSH for authorization) or a different Git serving solution (Gitolite, Gitlab, etc), this might not be possible. Git itself has no way of identifying the user who pushes (Git only saves user information in commit and tag objects), so this information has to be provided by the identification & authorization part of the connection (this can be SSH or HTTPS or the likes; it can also be completely missing, for example when pushing locally to a repo on the same file system).
So basically I would check whetherbefore
is an ancestor ofafter
in the post-receive webhook payload, and if not, it was a force push?
– Tgr
Jul 6 '13 at 13:26
Yes (+1), ... either that answer, or use a polygraph ;) as in stackoverflow.com/a/15030429/6309.
– VonC
Jul 6 '13 at 13:29
@Tgr, the payload has aforced
key which tells you if the push was forced ;)
– Nevik Rehnel
Jul 6 '13 at 13:31
@NevikRehnel the one linked has noforced
key. Am I looking at the wrong hook then?
– Tgr
Jul 6 '13 at 13:43
@Tgr: it does not show up in the github example payload. you can see it in this other example
– Nevik Rehnel
Jul 6 '13 at 13:45
add a comment |
As GitHub just mentioned on twitter
Let the force (push) be with you.
Seriously.
Go ahead, force push to that branch
The blog post "Force push timeline event" mentions:
When you force push to a branch, GitHub now displays the force push event in the “Conversation” timeline of your pull request.
Clicking the “force-pushed” link will show a two dot comparison between the two commits.
What if the branch is not in a pull request?
– donquixote
Feb 7 at 17:12
@donquixote Then it won't show up, and you would have to query the push events in order to find back those old commits, in a "poor man reflog" fashion: stackoverflow.com/a/50515355/6309
– VonC
Feb 7 at 17:37
I think the linked QA only explains this for local pushes, not for those on github.
– donquixote
Feb 7 at 21:03
@donquixote yes, but the linked QA refers itself to stackoverflow.com/a/28958418/6309
– VonC
Feb 7 at 21:41
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f17503226%2ffind-committer-of-a-force-push-on-github%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
You can add a webhook to your Github repository and have it submit the push notifications to some server or a service like requestb.in.
The notification payload has a pusher
key which identifies the Github user account used to push the update(s). This way you should be able to identify the "bad guy".
Edit: The payload also has a boolean forced
key, which tells you if the even was --force
pushed or not. It is not shown in Github's example payload [as of 2013-07-06], but visible in this other example.
Edit: This is only possible because Github is an integrated solution that identifies the pusher and provides that information in the webhook payload. Using a pure Git server (e.g. using only SSH for authorization) or a different Git serving solution (Gitolite, Gitlab, etc), this might not be possible. Git itself has no way of identifying the user who pushes (Git only saves user information in commit and tag objects), so this information has to be provided by the identification & authorization part of the connection (this can be SSH or HTTPS or the likes; it can also be completely missing, for example when pushing locally to a repo on the same file system).
So basically I would check whetherbefore
is an ancestor ofafter
in the post-receive webhook payload, and if not, it was a force push?
– Tgr
Jul 6 '13 at 13:26
Yes (+1), ... either that answer, or use a polygraph ;) as in stackoverflow.com/a/15030429/6309.
– VonC
Jul 6 '13 at 13:29
@Tgr, the payload has aforced
key which tells you if the push was forced ;)
– Nevik Rehnel
Jul 6 '13 at 13:31
@NevikRehnel the one linked has noforced
key. Am I looking at the wrong hook then?
– Tgr
Jul 6 '13 at 13:43
@Tgr: it does not show up in the github example payload. you can see it in this other example
– Nevik Rehnel
Jul 6 '13 at 13:45
add a comment |
You can add a webhook to your Github repository and have it submit the push notifications to some server or a service like requestb.in.
The notification payload has a pusher
key which identifies the Github user account used to push the update(s). This way you should be able to identify the "bad guy".
Edit: The payload also has a boolean forced
key, which tells you if the even was --force
pushed or not. It is not shown in Github's example payload [as of 2013-07-06], but visible in this other example.
Edit: This is only possible because Github is an integrated solution that identifies the pusher and provides that information in the webhook payload. Using a pure Git server (e.g. using only SSH for authorization) or a different Git serving solution (Gitolite, Gitlab, etc), this might not be possible. Git itself has no way of identifying the user who pushes (Git only saves user information in commit and tag objects), so this information has to be provided by the identification & authorization part of the connection (this can be SSH or HTTPS or the likes; it can also be completely missing, for example when pushing locally to a repo on the same file system).
So basically I would check whetherbefore
is an ancestor ofafter
in the post-receive webhook payload, and if not, it was a force push?
– Tgr
Jul 6 '13 at 13:26
Yes (+1), ... either that answer, or use a polygraph ;) as in stackoverflow.com/a/15030429/6309.
– VonC
Jul 6 '13 at 13:29
@Tgr, the payload has aforced
key which tells you if the push was forced ;)
– Nevik Rehnel
Jul 6 '13 at 13:31
@NevikRehnel the one linked has noforced
key. Am I looking at the wrong hook then?
– Tgr
Jul 6 '13 at 13:43
@Tgr: it does not show up in the github example payload. you can see it in this other example
– Nevik Rehnel
Jul 6 '13 at 13:45
add a comment |
You can add a webhook to your Github repository and have it submit the push notifications to some server or a service like requestb.in.
The notification payload has a pusher
key which identifies the Github user account used to push the update(s). This way you should be able to identify the "bad guy".
Edit: The payload also has a boolean forced
key, which tells you if the even was --force
pushed or not. It is not shown in Github's example payload [as of 2013-07-06], but visible in this other example.
Edit: This is only possible because Github is an integrated solution that identifies the pusher and provides that information in the webhook payload. Using a pure Git server (e.g. using only SSH for authorization) or a different Git serving solution (Gitolite, Gitlab, etc), this might not be possible. Git itself has no way of identifying the user who pushes (Git only saves user information in commit and tag objects), so this information has to be provided by the identification & authorization part of the connection (this can be SSH or HTTPS or the likes; it can also be completely missing, for example when pushing locally to a repo on the same file system).
You can add a webhook to your Github repository and have it submit the push notifications to some server or a service like requestb.in.
The notification payload has a pusher
key which identifies the Github user account used to push the update(s). This way you should be able to identify the "bad guy".
Edit: The payload also has a boolean forced
key, which tells you if the even was --force
pushed or not. It is not shown in Github's example payload [as of 2013-07-06], but visible in this other example.
Edit: This is only possible because Github is an integrated solution that identifies the pusher and provides that information in the webhook payload. Using a pure Git server (e.g. using only SSH for authorization) or a different Git serving solution (Gitolite, Gitlab, etc), this might not be possible. Git itself has no way of identifying the user who pushes (Git only saves user information in commit and tag objects), so this information has to be provided by the identification & authorization part of the connection (this can be SSH or HTTPS or the likes; it can also be completely missing, for example when pushing locally to a repo on the same file system).
edited Jul 6 '13 at 13:53
answered Jul 6 '13 at 13:05
Nevik RehnelNevik Rehnel
29.2k54944
29.2k54944
So basically I would check whetherbefore
is an ancestor ofafter
in the post-receive webhook payload, and if not, it was a force push?
– Tgr
Jul 6 '13 at 13:26
Yes (+1), ... either that answer, or use a polygraph ;) as in stackoverflow.com/a/15030429/6309.
– VonC
Jul 6 '13 at 13:29
@Tgr, the payload has aforced
key which tells you if the push was forced ;)
– Nevik Rehnel
Jul 6 '13 at 13:31
@NevikRehnel the one linked has noforced
key. Am I looking at the wrong hook then?
– Tgr
Jul 6 '13 at 13:43
@Tgr: it does not show up in the github example payload. you can see it in this other example
– Nevik Rehnel
Jul 6 '13 at 13:45
add a comment |
So basically I would check whetherbefore
is an ancestor ofafter
in the post-receive webhook payload, and if not, it was a force push?
– Tgr
Jul 6 '13 at 13:26
Yes (+1), ... either that answer, or use a polygraph ;) as in stackoverflow.com/a/15030429/6309.
– VonC
Jul 6 '13 at 13:29
@Tgr, the payload has aforced
key which tells you if the push was forced ;)
– Nevik Rehnel
Jul 6 '13 at 13:31
@NevikRehnel the one linked has noforced
key. Am I looking at the wrong hook then?
– Tgr
Jul 6 '13 at 13:43
@Tgr: it does not show up in the github example payload. you can see it in this other example
– Nevik Rehnel
Jul 6 '13 at 13:45
So basically I would check whether
before
is an ancestor of after
in the post-receive webhook payload, and if not, it was a force push?– Tgr
Jul 6 '13 at 13:26
So basically I would check whether
before
is an ancestor of after
in the post-receive webhook payload, and if not, it was a force push?– Tgr
Jul 6 '13 at 13:26
Yes (+1), ... either that answer, or use a polygraph ;) as in stackoverflow.com/a/15030429/6309.
– VonC
Jul 6 '13 at 13:29
Yes (+1), ... either that answer, or use a polygraph ;) as in stackoverflow.com/a/15030429/6309.
– VonC
Jul 6 '13 at 13:29
@Tgr, the payload has a
forced
key which tells you if the push was forced ;)– Nevik Rehnel
Jul 6 '13 at 13:31
@Tgr, the payload has a
forced
key which tells you if the push was forced ;)– Nevik Rehnel
Jul 6 '13 at 13:31
@NevikRehnel the one linked has no
forced
key. Am I looking at the wrong hook then?– Tgr
Jul 6 '13 at 13:43
@NevikRehnel the one linked has no
forced
key. Am I looking at the wrong hook then?– Tgr
Jul 6 '13 at 13:43
@Tgr: it does not show up in the github example payload. you can see it in this other example
– Nevik Rehnel
Jul 6 '13 at 13:45
@Tgr: it does not show up in the github example payload. you can see it in this other example
– Nevik Rehnel
Jul 6 '13 at 13:45
add a comment |
As GitHub just mentioned on twitter
Let the force (push) be with you.
Seriously.
Go ahead, force push to that branch
The blog post "Force push timeline event" mentions:
When you force push to a branch, GitHub now displays the force push event in the “Conversation” timeline of your pull request.
Clicking the “force-pushed” link will show a two dot comparison between the two commits.
What if the branch is not in a pull request?
– donquixote
Feb 7 at 17:12
@donquixote Then it won't show up, and you would have to query the push events in order to find back those old commits, in a "poor man reflog" fashion: stackoverflow.com/a/50515355/6309
– VonC
Feb 7 at 17:37
I think the linked QA only explains this for local pushes, not for those on github.
– donquixote
Feb 7 at 21:03
@donquixote yes, but the linked QA refers itself to stackoverflow.com/a/28958418/6309
– VonC
Feb 7 at 21:41
add a comment |
As GitHub just mentioned on twitter
Let the force (push) be with you.
Seriously.
Go ahead, force push to that branch
The blog post "Force push timeline event" mentions:
When you force push to a branch, GitHub now displays the force push event in the “Conversation” timeline of your pull request.
Clicking the “force-pushed” link will show a two dot comparison between the two commits.
What if the branch is not in a pull request?
– donquixote
Feb 7 at 17:12
@donquixote Then it won't show up, and you would have to query the push events in order to find back those old commits, in a "poor man reflog" fashion: stackoverflow.com/a/50515355/6309
– VonC
Feb 7 at 17:37
I think the linked QA only explains this for local pushes, not for those on github.
– donquixote
Feb 7 at 21:03
@donquixote yes, but the linked QA refers itself to stackoverflow.com/a/28958418/6309
– VonC
Feb 7 at 21:41
add a comment |
As GitHub just mentioned on twitter
Let the force (push) be with you.
Seriously.
Go ahead, force push to that branch
The blog post "Force push timeline event" mentions:
When you force push to a branch, GitHub now displays the force push event in the “Conversation” timeline of your pull request.
Clicking the “force-pushed” link will show a two dot comparison between the two commits.
As GitHub just mentioned on twitter
Let the force (push) be with you.
Seriously.
Go ahead, force push to that branch
The blog post "Force push timeline event" mentions:
When you force push to a branch, GitHub now displays the force push event in the “Conversation” timeline of your pull request.
Clicking the “force-pushed” link will show a two dot comparison between the two commits.
answered Nov 16 '18 at 18:45
VonCVonC
855k30227273293
855k30227273293
What if the branch is not in a pull request?
– donquixote
Feb 7 at 17:12
@donquixote Then it won't show up, and you would have to query the push events in order to find back those old commits, in a "poor man reflog" fashion: stackoverflow.com/a/50515355/6309
– VonC
Feb 7 at 17:37
I think the linked QA only explains this for local pushes, not for those on github.
– donquixote
Feb 7 at 21:03
@donquixote yes, but the linked QA refers itself to stackoverflow.com/a/28958418/6309
– VonC
Feb 7 at 21:41
add a comment |
What if the branch is not in a pull request?
– donquixote
Feb 7 at 17:12
@donquixote Then it won't show up, and you would have to query the push events in order to find back those old commits, in a "poor man reflog" fashion: stackoverflow.com/a/50515355/6309
– VonC
Feb 7 at 17:37
I think the linked QA only explains this for local pushes, not for those on github.
– donquixote
Feb 7 at 21:03
@donquixote yes, but the linked QA refers itself to stackoverflow.com/a/28958418/6309
– VonC
Feb 7 at 21:41
What if the branch is not in a pull request?
– donquixote
Feb 7 at 17:12
What if the branch is not in a pull request?
– donquixote
Feb 7 at 17:12
@donquixote Then it won't show up, and you would have to query the push events in order to find back those old commits, in a "poor man reflog" fashion: stackoverflow.com/a/50515355/6309
– VonC
Feb 7 at 17:37
@donquixote Then it won't show up, and you would have to query the push events in order to find back those old commits, in a "poor man reflog" fashion: stackoverflow.com/a/50515355/6309
– VonC
Feb 7 at 17:37
I think the linked QA only explains this for local pushes, not for those on github.
– donquixote
Feb 7 at 21:03
I think the linked QA only explains this for local pushes, not for those on github.
– donquixote
Feb 7 at 21:03
@donquixote yes, but the linked QA refers itself to stackoverflow.com/a/28958418/6309
– VonC
Feb 7 at 21:41
@donquixote yes, but the linked QA refers itself to stackoverflow.com/a/28958418/6309
– VonC
Feb 7 at 21:41
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f17503226%2ffind-committer-of-a-force-push-on-github%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
You now can see who force pushed your branch (on GitHub only): see my answer below
– VonC
Nov 16 '18 at 18:45