commit | 23e03f4bda144ef5734dd67966cce03fc9d227ef | [log] [tgz] |
---|---|---|
author | Han-Wen Nienhuys <hanwen@google.com> | Wed Jan 29 20:36:45 2020 +0100 |
committer | Han-Wen Nienhuys <hanwen@google.com> | Mon Feb 03 11:13:05 2020 +0000 |
tree | f75e01bab254ae4cc96fc5cfd7e3f52346d9873c | |
parent | c7e40dab207a95d69f58a42dcef4b89ae11d5ed1 [diff] |
cmd/checker: for GCP, check scopes GCP service accounts can be granted different permissions ("scopes"). Without the correct scope, requests be denied with status 403. With this change, gerrit-linter will provide a better error message if scopes are misconfigured. Change-Id: I74390f4f89b7bf3bc6cec54a6527179a764add7f
This is a style verifier intended to be used with the Gerrit checks plugin.
go install github.com/bazelbuild/buildtools/buildifier curl -o google-java-format.jar https://github.com/google/google-java-format/releases/download/google-java-format-1.7/google-java-format-1.7-all-deps.jar
Obtain an HTTP password, and put it in testsite-auth
. The format is username:secret
.
Register a checker
go run ./cmd/checker -auth_file=testsite-auth --gerrit http://localhost:8080 \ --language go --repo gerrit --register
go run ./cmd/checker -auth_file=testsite-auth --gerrit http://localhost:8080 \ --list
go run ./cmd/checker -auth_file=testsite-auth --gerrit http://localhost:8080
For simplicity of deployment, the gerrit-linter checker is stateless. All the necessary data is encoded in the checker UUID.
handle file types (symlink) and deletions
more formatters: clang-format, typescript, jsformat, ... ?
isolate each formatter to run with a separate gvisor/docker container.
tests: the only way to test this reliably is to spin up a gerrit server, and create changes against the server.
Update the list of checkers periodically.
This currently runs the formatters without sandboxing. Critical bugs (heap overflow, buffer overflow) in formatters can be escalated to obtain the OAuth2 token used for authentication.
The currently supported formatters are written in Java and Go, so this should not be an issue.
The following example shows how to build a Docker image hosted on GCP, in the project api-project-164060093628
.
VERSION=$(date --iso-8601=minutes | tr -d ':' | tr '[A-Z]' '[a-z]'| sed \ 's|\+.*$||')-$(git rev-parse --short HEAD) NAME=gcr.io/api-project-164060093628/gerrit-linter:${VERSION} docker build -t ${NAME} -f Dockerfile . docker push ${NAME}
To deploy onto a GCP VM, configure the VM to have scope https://www.googleapis.com/auth/gerritcodereview
:
cloud beta compute instances set-scopes VM-NAME --scopes=https://www.googleapis.com/auth/gerritcodereview
This is not an official Google product