[!NOTE|label:references:]
.gitconfig
$ git config --global gitreview.username <UserName>
$ git config --global gitreview.remote origin
default groups
[!TIP]
System Groups
-
- Administrators
- Non-Interactive Users
- ~Service Users~
special references
refs/changes/*refs/meta/configrefs/meta/dashboards/*refs/notes/review
magic references
refs/for/<branch ref>
refs/meta/config
get project.config
clone the repo
$ git clone <repo url> # or update the local repo to HEAD $ git pull [--rebase]checkout
meta/config$ git fetch origin refs/meta/config:refs/remotes/origin/meta/config $ git checkout meta/configor
$ git fetch ssh://localhost:29418/project refs/meta/config $ git checkout FETCH_HEAD
publish to remote
$ git add --all .
$ git commit -m "<add your comments here>"
submit directly
$ git push origin meta/config:meta/configor
$ git push origin HEAD:refs/meta/configsubmit review
[!NOTE|label:references:]
$ git push origin HEAD:refs/for/refs/meta/config- or
$ git push origin meta/config:refs/for/refs/meta/config
- or
update meta/config if remotes update
$ git fetch origin --force refs/meta/config:refs/remotes/origin/meta/config
$ git pull origin refs/meta/config
# or
$ git merge meta/config
reset to remotes
$ git fetch origin --force refs/meta/config:refs/remotes/origin/meta/config
$ git reset --hard remotes/origin/meta/config
useful refs
sandbox:
refs/heads/sandbox/${username}/*
its-jira:
for project specific
[commentlink "its-jira"] match = ^[ \\t]*PROJECT-([0-9]{1,5}): link = https://<jira-domain>:<jira-port>/browse/PROJECT-$1for common setup
[plugin "its-jira"] association = OPTIONAL branch = ^refs/heads/.* branch = ^refs/heads/stable-.* commentOnChangeAbandoned = false commentOnChangeCreated = true commentOnChangeMerged = true commentOnChangeRestored = false commentOnCommentAdded = false commentOnFirstLinkedPatchSetCreated = true commentOnPatchSetCreated = false commentOnRefUpdatedGitWeb = true enabled = enforced [commentlink "its-jira"] match = ^[ \\t]*([A-Za-z]*-[0-9]{1,5}): link = https://<jira-domain>:<jira-port>/browse/$1 [commentlink "changeid"] match = (I[0-9a-f]{8,40}) link = "#/q/$1"
verified label
[label "Verified"]
function = MaxWithBlock
defaultValue = 0
copyAllScoresIfNoCodeChange = true
value = -1 Fails
value = 0 No score
value = +1 Verified
change-id
[receive]
requireChangeId = true
createNewChangeForAllNotInTarget = false
maxObjectSizeLimit = 6m
maxBatchChanges = 1
[commentlink "changeid"]
match = (I[0-9a-f]{8,40})
link = "#/q/$1"
freeze main branch
[!TIP] One quirk is that the shortest possible pattern expansion must be a valid ref name
thus^refs/heads/.*/namewill fail becauserefs/heads//nameis not a valid reference
but^refs/heads/.+/namewill work.
About the refs/for namespace
[!TIP] references:
- what is the use refs/for/refs/* in gerrit?
refs/for/*syntax is just a short name forrefs/for/refs/*:
project.config[access "refs/for/refs/heads/main"] push = block group user/Marslo Jiao (marslo) push = block group Registered Users submit = block group Registered Users submit = block group group user/Marslo Jiao (marslo) addPatchSet = block group user/Marslo Jiao (marslo) addPatchSet = block group Registered Users pushMerge = block group user/Marslo Jiao (marslo) pushMerge = block group Registered Usersgroups... global:Project-Owners Project Owners global:Registered-Users Registered Users ... user:marslo user/Marslo Jiao(marslo) ...
freeze multiple branches (stable & release) for the specific account
project.config[access "^refs/for/refs/heads/(stable|release)$"] push = block group Registered Users submit = block group Registered Users addPatchSet = block group Registered Users pushMerge = block group Registered Users [access "^refs/heads/(stable|release)$"] read = group user/Marslo Jiao (marslo) push = +force group user/Marslo Jiao (marslo) pushMerge = group user/Marslo Jiao (marslo)- or using
exclusiveGroupPermissions[access "^refs/heads/backup/(main|dev|staging|stable)/.+$"] exclusiveGroupPermissions = create delete push pushMerge create = group Project Owners create = block group Registered Users delete = block group Registered Users push = block group Registered Users pushMerge = block group Registered Users [access "^refs/for/refs/heads/backup/(main|dev|staging|stable)/.+$"] exclusiveGroupPermissions = addPatchSet create push pushMerge submit addPatchSet = block group Registered Users create = block group Registered Users push = block group Registered Users pushMerge = block group Registered Users submit = block group Registered Users
- or using
groups... global:Project-Owners Project Owners global:Registered-Users Registered Users ... user:marslo user/Marslo Jiao(marslo) ...
only allow code review merge, forbidden code push
[!TIP|label:references:]
- restriction for branches (
feature1,feature2andmain)
project.config[access "refs/*"] read = group Project Owners read = group user/Marslo Jiao (marslo) [access "refs/for/*"] addPatchSet = group Project Owners addPatchSet = group user/Marslo Jiao (marslo) push = group Project Owners push = group user/Marslo Jiao (marslo) pushMerge = group Project Owners pushMerge = group user/Marslo Jiao (marslo) [access "^refs/heads/(feature1|feature2|main)$"] push = block group Registered Users pushMerge = block group Registered Users submit = group Change Ownergroups... global:Project-Owners Project Owners global:Registered-Users Registered Users ... user:marslo user/Marslo Jiao(marslo) ...-
[!TIP|label:references:]
[project] description = Gerrit Code Review [access "refs/*"] owner = group google/gerritcodereview-maintainers@googlegroups.com [access "refs/heads/*"] label-Code-Review = -2..+2 group google/gerritcodereview-maintainers@googlegroups.com label-Code-Review = -2..+2 group polygerrit-maintainers label-Verified = -1..+1 group Change Owner label-Verified = -1..+1 group gerrit-verifiers label-Code-Style = -1..+1 group gerrit-verifiers label-Verified-Notedb = -1..+1 group gerrit-verifiers label-Library-Compliance = -1..+1 group gerrit-lib label-Library-Compliance = -1..+0 group google/gerritcodereview-maintainers@googlegroups.com submit = group Change Owner submit = group google/gerritcodereview-maintainers@googlegroups.com create = group google/gerritcodereview-maintainers@googlegroups.com abandon = group gerrit-verifiers editTopicName = +force group google/gerritcodereview-maintainers@googlegroups.com removeReviewer = group google/gerritcodereview-maintainers@googlegroups.com publishDrafts = group google/gerritcodereview-maintainers@googlegroups.com [access "refs/tags/*"] create = group gerrit-release-creators create = group google/gerritcodereview-maintainers@googlegroups.com createTag = group gerrit-release-creators createTag = group google/gerritcodereview-maintainers@googlegroups.com createSignedTag = group gerrit-release-creators createSignedTag = group google/gerritcodereview-maintainers@googlegroups.com [access] inheritFrom = Public-Projects [receive] rejectImplicitMerges = true [reviewer] enableByEmail = true [label "Verified"] function = MaxNoBlock copyAllScoresIfNoCodeChange = true value = -1 Fails value = 0 No score value = +1 Verified defaultValue = 0 [label "Code-Style"] function = MaxWithBlock copyAllScoresIfNoCodeChange = true value = -1 Wrong Style or Formatting value = 0 No score value = +1 Style Verified defaultValue = 0 [label "Library-Compliance"] function = MaxWithBlock copyAllScoresIfNoCodeChange = true copyAllScoresOnTrivialRebase = true value = -1 Do not submit value = 0 No score value = +1 Approved defaultValue = 0 [access "refs/for/refs/meta/dashboards/*"] push = group google/gerritcodereview-maintainers@googlegroups.com [access "refs/meta/dashboards/*"] label-Code-Review = -2..+2 group google/gerritcodereview-maintainers@googlegroups.com label-Code-Review = -1..+1 group Registered Users label-Verified = -1..+1 group gerrit-verifiers label-Verified = -1..+1 group google/gerritcodereview-maintainers@googlegroups.com submit = group google/gerritcodereview-maintainers@googlegroups.com forgeAuthor = group google/gerritcodereview-maintainers@googlegroups.com label-Code-Style = -1..+1 group google/gerritcodereview-maintainers@googlegroups.com [access "refs/for/refs/meta/config"] push = group gerrit-verifiers [notify "polygerrit-reviews"] email = polygerrit-reviews@google.com type = all_comments type = submitted_changes header = cc filter = file:polygerrit-ui [access "refs/heads/infra/config"] push = group gerrit-tricium-admins
Code-Review 1+1=2
[!NOTE|label:references:]
[label "Code-Review"]
function = NoOp
copyMinScore = true
value = -2 This shall not be merged
value = -1 I would prefer this is not merged as is
value = 0 No score
value = +1 Looks good to me, but someone else must approve
value = +2 Looks good to me, approved
defaultValue = 0
[submit-requirement "Code-Review"]
submittableIf = (label:Code-Review=+1,count>=2 OR label:Code-Review=MAX) AND -label:Code-Review=MIN
optional label vote
[!NOTE|label:references:]
- Customized Labels
label.Label-Name.function (deprecated)
MaxWithBlock( default )AnyWithBlockMaxNoBlockNoOp/NoBlockPatchSetLock
[label "Klocwork"]
function = NoOp
value = -1 Fails
value = 0 No score
value = +1 Success
defaultValue = 0
copyAllScoresIfNoCodeChange = true
sections
[!NOTE|label:references:]
commentlink
[commentlink "changeid"]
match = (I[0-9a-f]{8,40})
link = "/q/$1"
[commentlink "bugzilla"]
match = "(^|\\s)(bug\\s+#?)(\\d+)($|\\s)"
link = http://bugs.example.com/show_bug.cgi?id=$3
prefix = $1
suffix = $4
text = $2$3
[commentlink "its-jira"]
match = ^[ \\t]*([A-Za-z]*-[0-9]{1,5}):
link = https://jira.domain.com/browse/$1
receive
[receive]
requireChangeId = true
createNewChangeForAllNotInTarget = false
rejectImplicitMerges = false
requireSignedOffBy = true
maxObjectSizeLimit = 6m
maxBatchChanges = 1
change
[change]
privateByDefault = false
workInProgressByDefault = false
Submit Requirements
[!NOTE|label:references:]
-
[submit-requirement "Code-Style"] description = Code is properly styled and formatted applicableIf = -branch:refs/meta/config submittableIf = label:Code-Style=+1 AND -label:Code-Style=-1 canOverrideInChildProjects = trueor setup in
label: LABEL[label "Verified"] branch = refs/heads/release/* # same as [submit-requirement "Verified"] submittableIf = label:Verified=MAX AND -label:Verified=MIN applicableIf = branch:^refs/heads/release/.*
complex rule
[!NOTE|label:references:]
[submit-requirement "Core-Library-Review"] description = "SDK core library changes need to be approved for each platform or have a 'CoreLibraryReviewExempt: <reason>' footer. See also: https://github.com/dart-lang/sdk/wiki/Gerrit-Submit-Requirements#core-library-review" applicableIf = NOT ownerin:bots AND NOT is:pure-revert AND path:\"^sdk/lib/[^_].*\\.dart$\" submittableIf = hasfooter:CoreLibraryReviewExempt OR ((label:Code-Review=+1,group=mdb/dart-core-library-change-approvers-api OR ownerin:mdb/dart-core-library-change-approvers-api) AND (label:Code-Review=+1,group=mdb/dart-core-library-change-approvers-vm OR ownerin:mdb/dart-core-library-change-approvers-vm) AND (label:Code-Review=+1,group=mdb/dart-core-library-change-approvers-wasm OR ownerin:mdb/dart-core-library-change-approvers-wasm) AND (label:Code-Review=+1,group=mdb/dart-core-library-change-approvers-web OR ownerin:mdb/dart-core-library-change-approvers-web)) canOverrideInChildProjects = false-
applicableIf = message:\"^.*(D|d)(O|o) (N|n)(O|o)(T|t) (R|r)(E|e)(V|v)(I|i)(E|e)(W|w).*\" -
applicableIf = branch:\"^refs/heads/release-branch.+\"
plugin
[plugin "its-jira"]
association = OPTIONAL
branch = ^refs/heads/.*
commentOnChangeAbandoned = false
commentOnChangeCreated = true
commentOnChangeMerged = true
commentOnChangeRestored = false
commentOnCommentAdded = true
commentOnFirstLinkedPatchSetCreated = true
commentOnPatchSetCreated = false
commentOnRefUpdatedGitWeb = true
enabled = enforced
rules.pl
[!NOTE|label:references:]
submit by a non author
[!TIP|label:references:]
by
rules.plsubmit_rule(S) :- gerrit:default_submit(X), X =.. [submit | Ls], add_non_author_approval(Ls, R), S =.. [submit | R]. add_non_author_approval(S1, S2) :- gerrit:commit_author(A), gerrit:commit_label(label('Code-Review', 2), R), R \= A, !, S2 = [label('Non-Author-Code-Review', ok(R)) | S1]. add_non_author_approval(S1, [label('Non-Author-Code-Review', need(_)) | S1]).
1.4.3.6.1 -- non author cr by
project.config[access "refs/*"] label-Code-Review = block -2..+2 group Change Owner exclusiveGroupPermissions = label-Code-Reviewby
submit-requirement[submit-requirement "Code-Review"] description = A maximum vote from a non-uploader is required for the \ 'Code-Review' label. A minimum vote is blocking. submittableIf = label:Code-Review=MAX,user=non_uploader AND -label:Code-Review=MIN canOverrideInChildProjects = true
Labels and Submit Requirements
[label "Code-Review"]
function = NoBlock
value = -2 This shall not be submitted
value = -1 I would prefer this is not merged as is
value = 0 No score
value = +1 Looks good to me, but someone else must approve
value = +2 Looks good to me, approved
defaultValue = 0
[submit-requirement "Code-Review"]
description = At least one maximum vote for label 'Code-Review' is required
submittableIf = label:Code-Review=MAX,user=non_uploader AND -label:Code-Review=MIN
canOverrideInChildProjects = true
ticket check
[!TIP] check also:
optional validation
submit_rule(S) :- gerrit:default_submit(X), X =.. [submit | Ls], require_ticket_check_for_ticket(Ls, Nls), S =.. [submit | Nls]. require_ticket_check_for_ticket(S1, S2) :- gerrit:commit_message_matches('^issue-[\\d]+\\s?:\\s?[\\w\\W]+'), !, S2 = [label('Ticket-Checked', need(_)) | S1]. require_ticket_check_for_ticket(S1, S2) :- !, S2 = S1.
optional validation with auto vote
submit_rule(S) :- gerrit:default_submit(X), X =.. [submit | Ls], require_ticket_check_for_ticket(Ls, Nls), S =.. [submit | Nls]. require_ticket_check_for_ticket(S1, S2) :- gerrit:commit_message_matches('\\[issue-[\\d]{2}\\]\\s?:\\s?[\\w\\W]+'), !, S2 = [label('Ticket-Checked', ok(user(824))) | S1]. require_ticket_check_for_ticket(S1, S2) :- !, S2 = S1.
mandatory validation
submit_rule(S) :- gerrit:default_submit(X), % get the current submit structure X=.. [submit | Ls], require_ticket_check_for_ticket(Ls, Nls), S=.. [submit | Nls]. require_ticket_check_for_ticket(S1, S2) :- gerrit:commit_message_matches('\\[issue-[\\d]{2}\\][\\s\\S]+'), !, S2 = [label('Ticket-Checked', ok(user(790))) | S1]. % Add the label and automatically approval by user-id: 790 require_ticket_check_for_ticket(S1, [label('Ticket-Checked', need(_)) | S1]).
tips
generate changeId
$ echo Change-Id: I$({ git var GIT_COMMITTER_IDENT ; echo "$refhash" ; git show HEAD; } | git hash-object --stdin)
Change-Id: I86a371ebf8d29fd1634ed9191d594ce22b1f0953
Auto-submit reviews
if(manager.build.result.isBetterThan(hudson.model.Result.UNSTABLE)) {
def cmd = 'ssh -p 29418 HOST gerrit review --verified +1 --code-review +2 --submit --project $GERRIT_PROJECT $GIT_COMMIT'
cmd = manager.build.environment.expand(cmd)
manager.listener.logger.println("Merge review: '$cmd'")
def p = "$cmd".execute()
manager.listener.logger.println(p.in.text)
manager.addShortText("M")
}
Translating Gerrit Change-Ids using the CLI
$ # setup (only needed once)
$ git config --global alias.gerrit-id '!f() { git log |egrep "^(commit | *Change-Id:)" |grep -B1 $1 |head -1 |sed "s,^commit ,,"; }; f'
$ # use:
$ git gerrit-id Ifeb277
a3ea1e45902b64b45e141ebae2f59b94e745d187
Signed-off-by Lines
[!NOTE|label:references:]
- Reported-by:, Tested-by: and Reviewed-by:
Reported-by:Tested-by:Reviewed-by:- The refs/notes/review namespace
- Git: Gerrit Code Review
- refs/notes/review
- Autogenerated copy of review notes for all changes in the git. Each log entry on the refs/notes/review branch also references the patch set on which the review is made. This functionality is provided by the review-notes plugin.
integrate in Jenkins
[!NOTE|label:references:]
stream-events# permission requires $ ssh -i id_rsa jenkins@gerrit.domain.com -p 29418 gerrit stream-events stream events not permitted # verify $ ssh -i id_rsa jenkins@gerrit.domain.com -p 29418 gerrit stream-events | jq -r .type ref-updated comment-addedbuild current patches only
[!NOTE] Warning: The current implementation takes into account that 'Build Current Patches Only' with 'Abort new patch sets' and 'Abort patch sets with same topic' are enabled (see help for more).
1.4.3.6.7 -- gerrit trigger generate ssh-key
$ keyname='devops@jenkins' $ ssh-keygen -m PEM -t rsa -f ~/.ssh/${keyname} -C "${keyname}" -P '' -q
css for code block
.gr-formatted-text-0 gr-linked-text.pre.gr-formatted-text,
gr-linked-text[class*="pre"], gr-linked-text[class*="pre"] #output {
font-family: "Comic Mono", "Monaco", "Menlo", "Andale Mono", "Ubuntu Mono", "monofur" !important;
font-size: 16px !important;
}
.gr-formatted-text-0 gr-linked-text.pre.gr-formatted-text,
gr-linked-text[class*="pre"] {
color: #c8c8c8 !important;
background: #272727 !important;
border-radius: .75em !important;
box-shadow: 0 4px 8px 0 rgb(0 0 0 / 20%), 0 6px 20px 0 rgb(0 0 0 / 19%);
overflow: auto;
display: block;
padding: 12px 12px 1px 12px;
margin: 0px;
}
gruvbox
- background :
#272727 - front-color:
#e8dbb6
1.4.3.6.8 -- gruvbox code block - background :
ubunut
- background :
#3a122e - front-color:
#eee
1.4.3.6.9 -- ubuntu code block - background :
solarized
- background :
#0d2a34 - front-color:
#869395
1.4.3.6.10 -- solarized code block - background :