89aa675efd
Change-Id: I829c274750c7c5378845de5aabee88eafe46b591
574 lines
22 KiB
Plaintext
574 lines
22 KiB
Plaintext
= Gerrit Code Review - Project Configuration File Format
|
|
|
|
This page explains the storage format of Gerrit's project configuration
|
|
and access control models.
|
|
|
|
The web UI access control panel is a front end for human-readable
|
|
configuration files under the +refs/meta/config+ namespace in the
|
|
affected project. Direct manipulation of these files is mainly
|
|
relevant in an automation scenario of the access controls.
|
|
|
|
|
|
== The +refs/meta/config+ namespace
|
|
|
|
The namespace contains three different files that play different
|
|
roles in the permission model. With read permission to that reference,
|
|
it is possible to fetch the +refs/meta/config+ reference to a local
|
|
repository. A nice side effect is that you can also upload changes
|
|
to project permissions and review them just like with regular code
|
|
changes. The preview changes option is also provided on the UI. Please note
|
|
that you will have to configure push rights for the +refs/meta/config+ name
|
|
space if you'd like to use the possibility to automate permission updates.
|
|
|
|
== Property inheritance
|
|
|
|
If a property is set to INHERIT, then the value from the parent project is
|
|
used. If the property is not set in any parent project, the default value is
|
|
FALSE.
|
|
|
|
[[file-project_config]]
|
|
== The file +project.config+
|
|
|
|
The +project.config+ file contains the link between groups and their
|
|
permitted actions on reference patterns in this project and any projects
|
|
that inherit its permissions.
|
|
|
|
The format in this file corresponds to the Git config file format, so
|
|
if you want to automate your permissions it is a good idea to use the
|
|
+git config+ command when writing to the file. This way you know you
|
|
don't accidentally break the format of the file.
|
|
|
|
Here follows a +git config+ command example:
|
|
|
|
----
|
|
$ git config -f project.config project.description "Rights inherited by all other projects"
|
|
----
|
|
|
|
Below you will find an example of the +project.config+ file format:
|
|
|
|
----
|
|
[project]
|
|
description = Rights inherited by all other projects
|
|
[access "refs/*"]
|
|
read = group Administrators
|
|
[access "refs/heads/*"]
|
|
label-Your-Label-Here = -1..+1 group Administrators
|
|
[capability]
|
|
administrateServer = group Administrators
|
|
[receive]
|
|
requireContributorAgreement = false
|
|
[label "Your-Label-Here"]
|
|
function = MaxWithBlock
|
|
value = -1 Your -1 Description
|
|
value = 0 Your No score Description
|
|
value = +1 Your +1 Description
|
|
----
|
|
|
|
As you can see, there are several sections.
|
|
|
|
The link:#project-section[+project+ section] appears once per project.
|
|
|
|
The link:#access-section[+access+ section] appears once per reference pattern,
|
|
such as `+refs/*+` or `+refs/heads/*+`. Only one access section per pattern is
|
|
allowed.
|
|
|
|
The link:#receive-section[+receive+ section] appears once per project.
|
|
|
|
The link:#submit-section[+submit+ section] appears once per project.
|
|
|
|
The link:#capability-section[+capability+] section only appears once, and only
|
|
in the +All-Projects+ repository. It controls core features that are configured
|
|
on a global level.
|
|
|
|
The link:#label-section[+label+] section can appear multiple times. You can
|
|
also redefine the text and behavior of the built in label types `Code-Review`
|
|
and `Verified`.
|
|
|
|
Optionally a +commentlink+ section can be added to define project-specific
|
|
comment links. The +commentlink+ section has the same format as the
|
|
link:config-gerrit.html#commentlink[+commentlink+ section in gerrit.config]
|
|
which is used to define global comment links.
|
|
|
|
[[project-section]]
|
|
=== Project section
|
|
|
|
The project section includes configuration of project settings.
|
|
|
|
These are the keys:
|
|
|
|
[[description]]description::
|
|
+
|
|
A description for the project.
|
|
|
|
[[state]]state:
|
|
+
|
|
This setting defines the state of the project. A project can have the
|
|
following states:
|
|
|
|
- `Active`:
|
|
+
|
|
The project is active and users can see and modify the project according
|
|
to their access rights on the project.
|
|
|
|
- `Read Only`:
|
|
+
|
|
The project is read only and all modifying operations on it are
|
|
disabled. E.g. this means that pushing to this project fails for all
|
|
users even if they have push permissions assigned on it.
|
|
+
|
|
Setting a project to this state is an easy way to temporary close a
|
|
project, as you can keep all write access rights in place and they will
|
|
become active again as soon as the project state is set back to
|
|
`Active`.
|
|
+
|
|
This state also makes sense if a project was moved to another location.
|
|
In this case all new development should happen in the new project and
|
|
you want to prevent that somebody accidentally works on the old
|
|
project, while keeping the old project around for old references.
|
|
|
|
- `Hidden`:
|
|
+
|
|
The project is hidden and only visible to project owners. Other users
|
|
are not able to see the project even if they have read permissions
|
|
granted on the project.
|
|
|
|
|
|
[[receive-section]]
|
|
=== Receive section
|
|
|
|
The receive section includes configuration of project-specific
|
|
receive settings:
|
|
|
|
[[receive.requireContributorAgreement]]receive.requireContributorAgreement::
|
|
+
|
|
Controls whether or not a user must complete a contributor agreement before
|
|
they can upload changes. Default is `INHERIT`. If `All-Project` enables this
|
|
option then the dependent project must set it to false if users are not
|
|
required to sign a contributor agreement prior to submitting changes for that
|
|
specific project. To use that feature the global option in `gerrit.config`
|
|
must be enabled:
|
|
link:config-gerrit.html#auth.contributorAgreements[auth.contributorAgreements].
|
|
|
|
[[receive.requireSignedOffBy]]receive.requireSignedOffBy::
|
|
+
|
|
Sign-off can be a requirement for some projects (for example Linux kernel uses
|
|
it). Sign-off is a line at the end of the commit message which certifies who
|
|
is the author of the commit. Its main purpose is to improve tracking of who
|
|
did what, especially with patches. Default is `INHERIT`, which means that this
|
|
property is inherited from the parent project.
|
|
|
|
[[receive.requireChangeId]]receive.requireChangeId::
|
|
+
|
|
The `Require Change-Id in commit message` option defines whether a
|
|
link:user-changeid.html[Change-Id] in the commit message is required
|
|
for pushing a commit for review. If this option is set, trying to push
|
|
a commit for review that doesn't contain a Change-Id in the commit
|
|
message fails with link:error-missing-changeid.html[missing Change-Id
|
|
in commit message footer].
|
|
|
|
It is recommended to set this option and use a
|
|
link:user-changeid.html#create[commit-msg hook] (or other client side
|
|
tooling like EGit) to automatically generate Change-Id's for new
|
|
commits. This way the Change-Id is automatically in place when changes
|
|
are reworked or rebased and uploading new patch sets gets easy.
|
|
|
|
If this option is not set, commits can be uploaded without a Change-Id,
|
|
but then users have to remember to copy the assigned Change-Id from the
|
|
change screen and insert it manually into the commit message when they
|
|
want to upload a second patch set.
|
|
|
|
Default is `INHERIT`, which means that this property is inherited from
|
|
the parent project. The global default for new hosts is `true`
|
|
|
|
This option is deprecated and future releases will behave as if this
|
|
is always `true`.
|
|
|
|
[[receive.maxObjectSizeLimit]]receive.maxObjectSizeLimit::
|
|
+
|
|
Maximum allowed Git object size that receive-pack will accept. If an object
|
|
is larger than the given size the pack-parsing will abort and the push
|
|
operation will fail. If set to zero then there is no limit.
|
|
+
|
|
Project owners can use this setting to prevent developers from pushing
|
|
objects which are too large to Gerrit. This setting can also be set in
|
|
`gerrit.config` globally (link:config-gerrit.html#receive.maxObjectSizeLimit[
|
|
receive.maxObjectSizeLimit]).
|
|
+
|
|
The project specific setting in `project.config` may not set a value higher
|
|
than the global limit (if configured). In other words, it is only honored when
|
|
it further reduces the global limit.
|
|
+
|
|
When link:config-gerrit.html#receive.inheritProjectMaxObjectSizeLimit[
|
|
`receive.inheritProjectmaxObjectSizeLimit`] is enabled in the global config,
|
|
the value is inherited from the parent project. Otherwise, it is not inherited
|
|
and must be explicitly set per project.
|
|
+
|
|
Default is zero.
|
|
+
|
|
Common unit suffixes of k, m, or g are supported.
|
|
|
|
[[receive.checkReceivedObjects]]receive.checkReceivedObjects::
|
|
+
|
|
Controls whether or not the JGit functionality for checking received objects
|
|
is enabled.
|
|
+
|
|
By default Gerrit checks the validity of git objects. Setting this variable to
|
|
false should not be used unless a project with history containing invalid
|
|
objects needs to be pushed into a Gerrit repository.
|
|
+
|
|
This functionality is provided as some other git implementations have allowed
|
|
bad history to be written into git repositories. If these repositories need pushing
|
|
up to Gerrit then the JGit checks need to be disabled.
|
|
+
|
|
The default value for this is true, false disables the checks.
|
|
|
|
[[receive.enableSignedPush]]receive.enableSignedPush::
|
|
+
|
|
Controls whether server-side signed push validation is enabled on the
|
|
project. Only has an effect if signed push validation is enabled on the
|
|
server; see the link:config-gerrit.html#receive.enableSignedPush[global
|
|
configuration] for details.
|
|
+
|
|
Default is `INHERIT`, which means that this property is inherited from
|
|
the parent project.
|
|
|
|
[[receive.requireSignedPush]]receive.requireSignedPush::
|
|
+
|
|
Controls whether server-side signed push validation is required on the
|
|
project. Only has an effect if signed push validation is enabled on the
|
|
server, and link:#receive.enableSignedPush[`receive.enableSignedPush`] is
|
|
set on the project. See the
|
|
link:config-gerrit.html#receive.enableSignedPush[global configuration]
|
|
for details.
|
|
+
|
|
Default is `INHERIT`, which means that this property is inherited from
|
|
the parent project.
|
|
|
|
[[receive.rejectImplicitMerges]]receive.rejectImplicitMerges::
|
|
+
|
|
Controls whether a check for implicit merges will be performed when changes are
|
|
pushed for review. An implicit merge is a case where merging an open change
|
|
would implicitly merge another branch into the target branch. Typically, this
|
|
happens when a change is done on master and, by mistake, pushed to a stable branch
|
|
for review. When submitting such change, master would be implicitly merged into
|
|
stable without anyone noticing that. When this option is set to 'true' Gerrit
|
|
will reject the push if an implicit merge is detected.
|
|
+
|
|
This check is only done for non-merge commits, merge commits are not subject of
|
|
the implicit merge check.
|
|
+
|
|
Default is `INHERIT`, which means that this property is inherited from
|
|
the parent project.
|
|
|
|
[[receive.createNewChangeForAllNotInTarget]]receive.createNewChangeForAllNotInTarget::
|
|
+
|
|
The `create-new-change-for-all-not-in-target` option provides a
|
|
convenience for selecting link:user-upload.html#base[the merge base]
|
|
by setting it automatically to the target branch's tip so you can
|
|
create new changes for all commits not in the target branch.
|
|
|
|
This option is disabled if the tip of the push is a merge commit.
|
|
|
|
This option also only works if there are no merge commits in the
|
|
commit chain, in such cases it fails warning the user that such
|
|
pushes can only be performed by manually specifying
|
|
link:user-upload.html#base[bases]
|
|
|
|
This option is useful if you want to push a change to your personal
|
|
branch first and for review to another branch for example. Or in cases
|
|
where a commit is already merged into a branch and you want to create
|
|
a new open change for that commit on another branch.
|
|
|
|
[[change-section]]
|
|
=== Change section
|
|
|
|
The change section includes configuration for project-specific change settings:
|
|
|
|
[[change.privateByDefault]]change.privateByDefault::
|
|
+
|
|
Controls whether all new changes in the project are set as private by default.
|
|
+
|
|
Note that a new change will be public if the `is_private` field in
|
|
link:rest-api-changes.html#change-input[ChangeInput] is set to `false` explicitly
|
|
when calling the link:rest-api-changes.html#create-change[CreateChange] REST API
|
|
or the `remove-private` link:user-upload.html#private[PushOption] is used during
|
|
the Git push.
|
|
+
|
|
Default is `INHERIT`, which means that this property is inherited from
|
|
the parent project.
|
|
|
|
[[change.workInProgressByDefault]]change.workInProgressByDefault::
|
|
+
|
|
Controls whether all new changes in the project are set as WIP by default.
|
|
+
|
|
Note that a new change will be ready if the `workInProgress` field in
|
|
link:rest-api-changes.html#change-input[ChangeInput] is set to `false` explicitly
|
|
when calling the link:rest-api-changes.html#create-change[CreateChange] REST API
|
|
or the `ready` link:user-upload.html#wip[PushOption] is used during
|
|
the Git push.
|
|
+
|
|
Default is `INHERIT`, which means that this property is inherited from
|
|
the parent project.
|
|
|
|
[[submit-section]]
|
|
=== Submit section
|
|
|
|
The submit section includes configuration of project-specific
|
|
submit settings:
|
|
|
|
- 'mergeContent': Defines whether to automatically merge changes. Valid values
|
|
are 'true', 'false', or 'INHERIT'. Default is 'INHERIT'.
|
|
|
|
- 'action': defines the #submit-type[submit type]. Valid
|
|
values are 'fast forward only', 'merge if necessary', 'rebase if necessary',
|
|
'merge always' and 'cherry pick'. The default is 'merge if necessary'.
|
|
|
|
- 'matchAuthorToCommitterDate': Defines whether to the author date will be changed to match the
|
|
submitter date upon submit, so that git log shows when the change was submitted instead of when the
|
|
author last committed. Valid values are 'true', 'false', or 'INHERIT'. The default is 'INHERIT'.
|
|
This option only takes effect in submit strategies which already modify the commit, i.e.
|
|
Cherry Pick, Rebase Always, and (perhaps) Rebase If Necessary.
|
|
|
|
- 'rejectEmptyCommit': Defines whether empty commits should be rejected when a change is merged.
|
|
Changes might not seem empty at first but when attempting to merge, rebasing can lead to an empty
|
|
commit. If this option is set to 'true' the merge would fail. An empty commit is still allowed as
|
|
the initial commit on a branch.
|
|
|
|
Merge strategy
|
|
|
|
|
|
[[access-section]]
|
|
=== Access section
|
|
|
|
Each +access+ section includes a reference and access rights connected
|
|
to groups. Each group listed must exist in the link:#file-groups[+groups+ file].
|
|
|
|
Please refer to the
|
|
link:access-control.html#access_categories[Access Categories]
|
|
documentation for a full list of available access rights.
|
|
|
|
|
|
[[mimetype-section]]
|
|
=== MIME Types section
|
|
|
|
The +mimetype+ section may be configured to force the web code
|
|
reviewer to return certain MIME types by file path. MIME types
|
|
may be used to activate syntax highlighting.
|
|
|
|
----
|
|
[mimetype "text/x-c"]
|
|
path = *.pkt
|
|
[mimetype "text/x-java"]
|
|
path = api/current.txt
|
|
----
|
|
|
|
|
|
[[capability-section]]
|
|
=== Capability section
|
|
|
|
The +capability+ section only appears once, and only in the +All-Projects+
|
|
repository. It controls Gerrit administration capabilities that are configured
|
|
on a global level.
|
|
|
|
Please refer to the
|
|
link:access-control.html#global_capabilities[Global Capabilities]
|
|
documentation for a full list of available capabilities.
|
|
|
|
[[label-section]]
|
|
=== Label section
|
|
|
|
Please refer to link:config-labels.html#label_custom[Custom Labels] documentation.
|
|
|
|
[[branchOrder-section]]
|
|
=== branchOrder section
|
|
|
|
Defines a branch ordering which is used for backporting of changes.
|
|
Backporting will be offered for a change (in the Gerrit UI) for all
|
|
more stable branches where the change can merge cleanly.
|
|
|
|
[[branchOrder.branch]]branchOrder.branch::
|
|
+
|
|
A branch name, typically multiple values will be defined. The order of branch
|
|
names in this section defines the branch order. The topmost is considered to be
|
|
the least stable branch (typically the master branch) and the last one the
|
|
most stable (typically the last maintained release branch).
|
|
|
|
Example:
|
|
|
|
----
|
|
[branchOrder]
|
|
branch = master
|
|
branch = stable-2.9
|
|
branch = stable-2.8
|
|
branch = stable-2.7
|
|
----
|
|
|
|
The `branchOrder` section is inheritable. This is useful when multiple or all
|
|
projects follow the same branch rules. A `branchOrder` section in a child
|
|
project completely overrides any `branchOrder` section from a parent i.e. there
|
|
is no merging of `branchOrder` sections. A present but empty `branchOrder`
|
|
section removes all inherited branch order.
|
|
|
|
Branches not listed in this section will not be included in the mergeability
|
|
check. If the `branchOrder` section is not defined then the mergeability of a
|
|
change into other branches will not be done.
|
|
|
|
[[reviewer-section]]
|
|
=== reviewer section
|
|
|
|
Defines config options to adjust a project's reviewer workflow such as enabling
|
|
reviewers and CCs by email.
|
|
|
|
[[reviewer.enableByEmail]]reviewer.enableByEmail::
|
|
+
|
|
A boolean indicating if reviewers and CCs that do not currently have a Gerrit
|
|
account can be added to a change by providing their email address.
|
|
|
|
This setting only takes affect for changes that are readable by anonymous users.
|
|
|
|
Default is `INHERIT`, which means that this property is inherited from
|
|
the parent project. If the property is not set in any parent project, the
|
|
default value is `FALSE`.
|
|
|
|
[[file-groups]]
|
|
== The file +groups+
|
|
|
|
Each group in this list is linked with its UUID so that renaming of
|
|
groups is possible without having to rewrite every +groups+ file
|
|
in every repository where it's used.
|
|
|
|
This is what the default groups file for +All-Projects.git+ looks like:
|
|
|
|
----
|
|
# UUID Group Name
|
|
#
|
|
3d6da7dc4e99e6f6e5b5196e21b6f504fc530bba Administrators
|
|
global:Anonymous-Users Anonymous Users
|
|
global:Change-Owner Change Owner
|
|
global:Project-Owners Project Owners
|
|
global:Registered-Users Registered Users
|
|
----
|
|
|
|
This file can't be written to by the +git config+ command.
|
|
|
|
In order to reference a group in +project.config+, it must be listed in
|
|
the +groups+ file. When editing permissions through the web UI this
|
|
file is maintained automatically, but when pushing updates to
|
|
+refs/meta/config+ this must be dealt with by hand. Gerrit will refuse
|
|
+project.config+ files that refer to groups not listed in +groups+.
|
|
|
|
The UUID of a group can be found on the General tab of the group's page
|
|
in the web UI or via the +-v+ option to
|
|
link:cmd-ls-groups.html[the +ls-groups+ SSH command].
|
|
|
|
|
|
[[file-rules_pl]]
|
|
== The file +rules.pl+
|
|
|
|
The +rules.pl+ files allows you to replace or amend the default Prolog
|
|
rules that control e.g. what conditions need to be fulfilled for a
|
|
change to be submittable. This file content should be
|
|
interpretable by the 'Prolog Cafe' interpreter.
|
|
|
|
You can read more about the +rules.pl+ file and the prolog rules on
|
|
link:prolog-cookbook.html[the Prolog cookbook page].
|
|
|
|
GERRIT
|
|
------
|
|
Part of link:index.html[Gerrit Code Review]
|
|
|
|
SEARCHBOX
|
|
---------
|
|
|
|
[[submit-type]]
|
|
=== Submit Type
|
|
|
|
The method Gerrit uses to submit a change to a project can be
|
|
modified by any project owner through the project console, `Projects` >
|
|
`List` > my/project. In general, a submitted change is only merged if all
|
|
its dependencies are also submitted, with exceptions documented below.
|
|
The following submit types are supported:
|
|
|
|
[[submit_type_inherit]]
|
|
* Inherit
|
|
+
|
|
This is the default for new projects, unless overridden by a global
|
|
link:config-gerrit.html#repository.name.defaultSubmitType[`defaultSubmitType` option].
|
|
+
|
|
Inherit the submit type from the parent project. In `All-Projects`, this
|
|
is equivalent to link:#merge_if_necessary[Merge If Necessary].
|
|
|
|
[[fast_forward_only]]
|
|
* Fast Forward Only
|
|
+
|
|
With this method no merge commits are produced. All merges must
|
|
be handled on the client, prior to uploading to Gerrit for review.
|
|
+
|
|
To submit a change, the change must be a strict superset of the
|
|
destination branch. That is, the change must already contain the
|
|
tip of the destination branch at submit time.
|
|
|
|
[[merge_if_necessary]]
|
|
* Merge If Necessary
|
|
+
|
|
If the change being submitted is a strict superset of the destination
|
|
branch, then the branch is fast-forwarded to the change. If not,
|
|
then a merge commit is automatically created. This is identical
|
|
to the classical `git merge` behavior, or `git merge --ff`.
|
|
|
|
[[always_merge]]
|
|
* Always Merge
|
|
+
|
|
Always produce a merge commit, even if the change is a strict
|
|
superset of the destination branch. This is identical to the
|
|
behavior of `git merge --no-ff`, and may be useful if the
|
|
project needs to follow submits with `git log --first-parent`.
|
|
|
|
[[cherry_pick]]
|
|
* Cherry Pick
|
|
+
|
|
Always cherry pick the patch set, ignoring the parent lineage
|
|
and instead creating a brand new commit on top of the current
|
|
branch head.
|
|
+
|
|
When cherry picking a change, Gerrit automatically appends onto the
|
|
end of the commit message a short summary of the change's approvals,
|
|
and a URL link back to the change on the web. The committer header
|
|
is also set to the submitter, while the author header retains the
|
|
original patch set author.
|
|
+
|
|
Note that Gerrit ignores dependencies between changes when using this
|
|
submit type unless
|
|
link:config-gerrit.html#change.submitWholeTopic[`change.submitWholeTopic`]
|
|
is enabled and depending changes share the same topic. So generally
|
|
submitters must remember to submit changes in the right order when using this
|
|
submit type. If all you want is extra information in the commit message,
|
|
consider using the Rebase Always submit strategy.
|
|
|
|
[[rebase_if_necessary]]
|
|
* Rebase If Necessary
|
|
+
|
|
If the change being submitted is a strict superset of the destination
|
|
branch, then the branch is fast-forwarded to the change. If not,
|
|
then the change is automatically rebased and then the branch is
|
|
fast-forwarded to the change.
|
|
|
|
When Gerrit tries to do a merge, by default the merge will only
|
|
succeed if there is no path conflict. A path conflict occurs when
|
|
the same file has also been changed on the other side of the merge.
|
|
|
|
[[rebase_always]]
|
|
* Rebase Always
|
|
+
|
|
Basically, the same as Rebase If Necessary, but it creates a new patchset even
|
|
if fast forward is possible AND like Cherry Pick it ensures footers such as
|
|
Change-Id, Reviewed-On, and others are present in resulting commit that is
|
|
merged.
|
|
|
|
Thus, Rebase Always can be considered similar to Cherry Pick, but with
|
|
the important distinction that Rebase Always does not ignore dependencies.
|
|
|
|
[[content_merge]]
|
|
If `Allow content merges` is enabled, Gerrit will try
|
|
to do a content merge when a path conflict occurs.
|