Implement openstack-unmaintained-core group
Create a gerrit group to handle branches in Unmaintained status across all projects, as described in TC resolution 2023-11-14, which is commit 90982cd in the governance repository. Also adjust the acl file normalization tool so that it will guarantee that the Release Managers group has 'abandon' permission on Unmaintained branches if any project chooses to override the global openstack-unmaintained-core group with a project-specific unmaintained core team (as is allowed by TC resolution 2023-11-14). This entails a change in that script to require the acl file's namespace be passed in so that the check doesn't affect non-OpenStack OpenInfra projects. Change-Id: Ife8e5f175cb8a7d396dfe2a5d52fd6d524ae0b43
This commit is contained in:
parent
9d1b58312c
commit
60de765fa0
@ -4,6 +4,19 @@
|
||||
createSignedTag = group Release Managers
|
||||
delete = group Release Managers
|
||||
|
||||
[access "refs/heads/unmaintained/*"]
|
||||
abandon = group Change Owner
|
||||
abandon = group Project Bootstrappers
|
||||
abandon = group Release Managers
|
||||
abandon = group openstack-unmaintained-core
|
||||
exclusiveGroupPermissions = abandon label-Code-Review label-Workflow
|
||||
label-Code-Review = -2..+2 group Project Bootstrappers
|
||||
label-Code-Review = -2..+2 group openstack-unmaintained-core
|
||||
label-Code-Review = -1..+1 group Registered Users
|
||||
label-Workflow = -1..+0 group Change Owner
|
||||
label-Workflow = -1..+1 group Project Bootstrappers
|
||||
label-Workflow = -1..+1 group openstack-unmaintained-core
|
||||
|
||||
[receive]
|
||||
requireChangeId = true
|
||||
requireContributorAgreement = true
|
||||
|
@ -13,13 +13,16 @@ declare -i NUM_TESTS=0
|
||||
|
||||
function check_team_acl {
|
||||
local configs_dir="$1"
|
||||
local namespace
|
||||
local configs_list
|
||||
|
||||
echo "Checking" $(basename $configs_dir)
|
||||
namespace="$(basename $configs_dir)"
|
||||
echo "Checking $namespace"
|
||||
configs_list=$(find $configs_dir -name "*.config")
|
||||
for config in $configs_list; do
|
||||
let "NUM_TESTS+=1"
|
||||
$OLDPWD/tools/normalize_acl.py $config all > $TMPDIR/normalized
|
||||
$OLDPWD/tools/normalize_acl.py $namespace $config all \
|
||||
> $TMPDIR/normalized
|
||||
if ! diff -u $config $TMPDIR/normalized >>config_failures;
|
||||
then
|
||||
echo "Project $config is not normalized!" >>config_failures
|
||||
|
@ -11,9 +11,13 @@
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
# Usage: normalize_acl.py acl.config [transformation [transformation [...]]]
|
||||
# Usage: normalize_acl.py NAMESPACE acl.config [transform [transform [...]]]
|
||||
#
|
||||
# Transformations are described in user-facing detail below
|
||||
# The NAMESPACE specifies the OpenInfra project, e.g., 'openstack', and
|
||||
# conventionally corresponds to the directory name containing that project's
|
||||
# acl files.
|
||||
#
|
||||
# Transforms are described in user-facing detail below
|
||||
#
|
||||
# Transformations:
|
||||
# all Report all transformations as a dry run.
|
||||
@ -83,19 +87,39 @@ The current transformations
|
||||
|
||||
LAST_TRANSFORMATION = 10
|
||||
|
||||
aclfile = sys.argv[1]
|
||||
USAGE_STRING = ("Usage:\n normalize_acl.py NAMESPACE acl.config [transform "
|
||||
"[transform [...]]]\n or 'normalize_acl.py -help' for info "
|
||||
"on the available transforms")
|
||||
|
||||
|
||||
try:
|
||||
namespace = sys.argv[1]
|
||||
except IndexError:
|
||||
print('error: missing NAMESPACE or -help')
|
||||
print(USAGE_STRING)
|
||||
sys.exit(1)
|
||||
|
||||
# NOTE(ianw) : 2023-04-20 obviously we would not write any of this
|
||||
# like this if we were starting fresh. But this has grown from a
|
||||
# simple thing into something difficult for people to deal with. If
|
||||
# we have any errors during the tox job, we use this to print out a
|
||||
# help message.
|
||||
if (aclfile == '-help'):
|
||||
if (namespace == '-help'):
|
||||
print(NORMALIZATION_HELP)
|
||||
sys.exit(1)
|
||||
|
||||
try:
|
||||
transformations = sys.argv[2:]
|
||||
aclfile = sys.argv[2]
|
||||
except IndexError:
|
||||
print('error: missing acl filespec')
|
||||
print(USAGE_STRING)
|
||||
sys.exit(1)
|
||||
|
||||
# TODO(rosmaita): refactor this, there's nothing in the 'try'
|
||||
# that will raise a KeyError, and in any case, an out-of-range slice
|
||||
# reference already returns an empty list
|
||||
try:
|
||||
transformations = sys.argv[3:]
|
||||
if transformations:
|
||||
RANGE_END = LAST_TRANSFORMATION + 1
|
||||
if transformations[0] == 'all':
|
||||
@ -306,6 +330,9 @@ if '8' in transformations:
|
||||
if 'abandon' in exclusives:
|
||||
newsection.append('abandon = group Change Owner')
|
||||
newsection.append('abandon = group Project Bootstrappers')
|
||||
if (namespace == 'openstack'
|
||||
and 'refs/heads/unmaintained' in section):
|
||||
newsection.append('abandon = group Release Managers')
|
||||
if 'label-Code-Review' in exclusives:
|
||||
newsection.append('label-Code-Review = -2..+2 '
|
||||
'group Project Bootstrappers')
|
||||
|
Loading…
Reference in New Issue
Block a user