Limit push access to subtree

I have a repository where I have some service users that should be able to push to specific sub-trees, but not generally be able to write to the repository. Is there any way to do that with current gitea, and if not, what would be the best approach to fixing it in Gitea? I can see a few viable approaches with wildly varying implementation scope:

  • add native ACL functionality
  • expose more information through environment variables to the git hook and implement the functionality there.
  • add support for setting environment variables for SSH keys
  • add support for validating webhooks, which would look at the commit and allow/disallow the push based on signed commits or similar.

I’m happy to write smaller amounts of code, but want to ask here before filing an issue in github so I know what to ask for. :slight_smile: