Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Gerrit - how to disallow direct push to "master" but allow to other branches

Tags:

git

gerrit

I want to set up configuration described below:

  • Registered user can not push his changes directly to master. He has to push these changes for review:

    git push origin master - it should be rejected by Gerrit (origin = Gerrit)

    git push origin HEAD:refs/for/master - it should be allowed by Gerrit

  • Registered user can create a new branch. This branch will be treated as a backup and a way of cooperation between two or more developers so it shouldn't be reviewed.

    git push origin xyz_abc - it should be allowed by Gerrit

How should I configure Gerrit to achieve such functionality ?

like image 980
Tomasz Mielcarz Avatar asked Apr 26 '13 13:04

Tomasz Mielcarz

People also ask

How do I give someone access to Gerrit?

Log into Gerrit using the TeamForge site administrator username and password you provided while running the Git installer's configuration script. Select the Admin tab and click Projects. In the All Projects page, click Access. You will see a list of all default access rights.

What is reference in Gerrit?

The refs/for/[BRANCH_NAME] syntax allows Gerrit to differentiate between commits that are pushed for review and commits that are pushed directly into the repository. Gerrit supports using either the full name or the short name for a branch. For instance, this command: git commit git push origin HEAD:refs/for/master.

1 Answers

There are no good instructions anywhere, so thought I'd document the steps here.

1. Navigate to your project's Access page

Projects > List > your_project > Access

2. Edit Access

Click the Edit button

3. Add Reference to refs/heads/*

This is the reference for all direct pushes. We're going to configure who can do what to this path.

Click "Add Reference" and type in 'refs/heads/*' (no quotes)

4. Deny the "Push" permission

The Push permission is the one which controls who can make direct pushes. Merge pushes and pushes to Gerrit will still be allowed (see notes below).

  1. Click "Add Permission" and select "Push".
  2. Select the user group you want to deny push from (you can type in "Registered Users" if you want to block everyone)
  3. Choose "DENY" from the dropdown that appears once you've added your user group

5. Save Changes

And you're done. The finished config should look something like this:

Finished config

Note

If this doesn't work, make sure you have the Push permission set to ALLOW on refs/for/refs/* - this is the permission which allows pushes to Gerrit.

like image 192
Seb Charrot Avatar answered Sep 28 '22 03:09

Seb Charrot
Sign in to Comment

Related questions

Git-based content management? [closed]
How to organize a set of scientific experiments using Git
npm install from git repo subfolder
Git workflow for maintaining a derivative fork
Which signals can safely be used to kill a Git process and which not?
What are the use-cases for local branches tracking other local branches?
A true, robust, git svn externals solution?
Push local repo to new sub-directory of remote repo
Jenkins Pipeline job can't find script due to @tmp path being created
How do I relate an existing Mercurial and git repositories using hg-git?
Value and usage of Git-Flow's tag-prefix feature?
Why do large files still exist in my packfile, after scrubbing them with filter-branch?
How to make Git temporarily ignore ~/.gitconfig?
Git pre-commit hooks only for a specific subfolder?
Why does git keep messing with my line endings?
Why did git push so much data?
git rebase branch with all subbranches
Will git-rm --cached delete another user's working tree files when they pull
Best practices for using Git with Magento?
How to force a common ancestor in a git merge?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!