Set Up Push Restrictions
You can protect the repository by enforcing specific rules and prohibiting pushes that don't comply. You can ban commits from unauthenticated committers, enforce and verify GPG commit signatures, set commit message convention with regex, or prohibit pushes of oversize or unwanted files.
Navigate to the project and open the repository.
On the repository page, click Settings:
Go to the Push Restrictions tab.
Apply the restrictions (see descriptions below) and click Save when done.
Authenticate the user pushing a commit and prohibit to push if they are not the commit author.
Require commit signature
Allow only commits that are signed with a GPG key.
Verify commit signature
Check commits for a valid GPG signature. Label signed commits as Verified. Label unsigned commits or commits with invalid signatures as Unverified.
Limit file size
Prohibit to push files larger than a specified size.
Commit message regex
Enforce commit message convention. A commit can be pushed only if its commit message satisfies the specified regular expression pattern.
Commit message negative regex
A commit cannot be pushed if its commit message matches the specified regular expression pattern.
Use default list of forbidden files
Prohibit to push files in the pre-defined list (the list currently includes one file: id_rsa)
Prohibit to push files with specific name or type.