Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Gerrit - how to disallow direct push to "master" but allow to other branches

Tags:

git

gerrit

I want to set up configuration described below:

  • Registered user can not push his changes directly to master. He has to push these changes for review:

    git push origin master - it should be rejected by Gerrit (origin = Gerrit)

    git push origin HEAD:refs/for/master - it should be allowed by Gerrit

  • Registered user can create a new branch. This branch will be treated as a backup and a way of cooperation between two or more developers so it shouldn't be reviewed.

    git push origin xyz_abc - it should be allowed by Gerrit

How should I configure Gerrit to achieve such functionality ?

like image 980
Tomasz Mielcarz Avatar asked Apr 26 '13 13:04

Tomasz Mielcarz


People also ask

How do I give someone access to Gerrit?

Log into Gerrit using the TeamForge site administrator username and password you provided while running the Git installer's configuration script. Select the Admin tab and click Projects. In the All Projects page, click Access. You will see a list of all default access rights.

What is reference in Gerrit?

The refs/for/[BRANCH_NAME] syntax allows Gerrit to differentiate between commits that are pushed for review and commits that are pushed directly into the repository. Gerrit supports using either the full name or the short name for a branch. For instance, this command: git commit git push origin HEAD:refs/for/master.


1 Answers

There are no good instructions anywhere, so thought I'd document the steps here.

1. Navigate to your project's Access page

Projects > List > your_project > Access

2. Edit Access

Click the Edit button

3. Add Reference to refs/heads/*

This is the reference for all direct pushes. We're going to configure who can do what to this path.

Click "Add Reference" and type in 'refs/heads/*' (no quotes)

4. Deny the "Push" permission

The Push permission is the one which controls who can make direct pushes. Merge pushes and pushes to Gerrit will still be allowed (see notes below).

  1. Click "Add Permission" and select "Push".
  2. Select the user group you want to deny push from (you can type in "Registered Users" if you want to block everyone)
  3. Choose "DENY" from the dropdown that appears once you've added your user group

5. Save Changes

And you're done. The finished config should look something like this:

Finished config


Note

If this doesn't work, make sure you have the Push permission set to ALLOW on refs/for/refs/* - this is the permission which allows pushes to Gerrit.

like image 192
Seb Charrot Avatar answered Sep 28 '22 03:09

Seb Charrot