| = Gerrit Code Review - Project Configuration File Format |
| |
| This page explains the storage format of Gerrit's project configuration |
| and access control models. |
| |
| The web UI access control panel is a front end for human-readable |
| configuration files under the +refs/meta/config+ namespace in the |
| affected project. Direct manipulation of these files is mainly |
| relevant in an automation scenario of the access controls. |
| |
| |
| == The +refs/meta/config+ namespace |
| |
| The namespace contains three different files that play different |
| roles in the permission model. With read permission to that reference, |
| it is possible to fetch the +refs/meta/config+ reference to a local |
| repository. A nice side effect is that you can also upload changes |
| to project permissions and review them just like with regular code |
| changes. The preview changes option is also provided on the UI. Please note |
| that you will have to configure push rights for the +refs/meta/config+ name |
| space if you'd like to use the possibility to automate permission updates. |
| |
| == Property inheritance |
| |
| If a property is set to INHERIT, then the value from the parent project is |
| used. If the property is not set in any parent project, the default value is |
| FALSE. |
| |
| [[file-project_config]] |
| == The file +project.config+ |
| |
| The +project.config+ file contains the link between groups and their |
| permitted actions on reference patterns in this project and any projects |
| that inherit its permissions. |
| |
| The format in this file corresponds to the Git config file format, so |
| if you want to automate your permissions it is a good idea to use the |
| +git config+ command when writing to the file. This way you know you |
| don't accidentally break the format of the file. |
| |
| Here follows a +git config+ command example: |
| |
| ---- |
| $ git config -f project.config project.description "Rights inherited by all other projects" |
| ---- |
| |
| Below you will find an example of the +project.config+ file format: |
| |
| ---- |
| [project] |
| description = Rights inherited by all other projects |
| [access "refs/*"] |
| read = group Administrators |
| [access "refs/heads/*"] |
| label-Your-Label-Here = -1..+1 group Administrators |
| [capability] |
| administrateServer = group Administrators |
| [receive] |
| requireContributorAgreement = false |
| [label "Your-Label-Here"] |
| function = MaxWithBlock |
| value = -1 Your -1 Description |
| value = 0 Your No score Description |
| value = +1 Your +1 Description |
| ---- |
| |
| As you can see, there are several sections. |
| |
| The link:#project-section[+project+ section] appears once per project. |
| |
| The link:#access-section[+access+ section] appears once per reference pattern, |
| such as `+refs/*+` or `+refs/heads/*+`. Only one access section per pattern is |
| allowed. |
| |
| The link:#receive-section[+receive+ section] appears once per project. |
| |
| The link:#submit-section[+submit+ section] appears once per project. |
| |
| The link:#capability-section[+capability+] section only appears once, and only |
| in the +All-Projects+ repository. It controls core features that are configured |
| on a global level. |
| |
| The link:#label-section[+label+] section can appear multiple times. You can |
| also redefine the text and behavior of the built in label types `Code-Review` |
| and `Verified`. |
| |
| Optionally a +commentlink+ section can be added to define project-specific |
| comment links. The +commentlink+ section has the same format as the |
| link:config-gerrit.html#commentlink[+commentlink+ section in gerrit.config] |
| which is used to define global comment links. |
| |
| [[project-section]] |
| === Project section |
| |
| The project section includes configuration of project settings. |
| |
| These are the keys: |
| |
| [[description]]description:: |
| + |
| A description for the project. |
| |
| [[state]]state:: |
| + |
| This setting defines the state of the project. A project can have the |
| following states: |
| |
| - `Active`: |
| + |
| The project is active and users can see and modify the project according |
| to their access rights on the project. |
| |
| - `Read Only`: |
| + |
| The project is read only and all modifying operations on it are |
| disabled. E.g. this means that pushing to this project fails for all |
| users even if they have push permissions assigned on it. |
| + |
| Setting a project to this state is an easy way to temporary close a |
| project, as you can keep all write access rights in place and they will |
| become active again as soon as the project state is set back to |
| `Active`. |
| + |
| This state also makes sense if a project was moved to another location. |
| In this case all new development should happen in the new project and |
| you want to prevent that somebody accidentally works on the old |
| project, while keeping the old project around for old references. |
| |
| - `Hidden`: |
| + |
| The project is hidden and only visible to project owners. Other users |
| are not able to see the project even if they have read permissions |
| granted on the project. |
| |
| |
| [[receive-section]] |
| === Receive section |
| |
| The receive section includes configuration of project-specific |
| receive settings: |
| |
| [[receive.requireContributorAgreement]]receive.requireContributorAgreement:: |
| + |
| Controls whether or not a user must complete a contributor agreement before |
| they can upload changes. Default is `INHERIT`. If `All-Project` enables this |
| option then the dependent project must set it to false if users are not |
| required to sign a contributor agreement prior to submitting changes for that |
| specific project. To use that feature the global option in `gerrit.config` |
| must be enabled: |
| link:config-gerrit.html#auth.contributorAgreements[auth.contributorAgreements]. |
| |
| [[receive.requireSignedOffBy]]receive.requireSignedOffBy:: |
| + |
| Sign-off can be a requirement for some projects (for example Linux kernel uses |
| it). Sign-off is a line at the end of the commit message which certifies who |
| is the author of the commit. Its main purpose is to improve tracking of who |
| did what, especially with patches. Default is `INHERIT`, which means that this |
| property is inherited from the parent project. |
| |
| [[receive.requireChangeId]]receive.requireChangeId:: |
| + |
| The `Require Change-Id in commit message` option defines whether a |
| link:user-changeid.html[Change-Id] in the commit message is required |
| for pushing a commit for review. If this option is set, trying to push |
| a commit for review that doesn't contain a Change-Id in the commit |
| message fails with link:error-missing-changeid.html[missing Change-Id |
| in commit message footer]. |
| |
| It is recommended to set this option and use a |
| link:user-changeid.html#create[commit-msg hook] (or other client side |
| tooling like EGit) to automatically generate Change-Id's for new |
| commits. This way the Change-Id is automatically in place when changes |
| are reworked or rebased and uploading new patch sets gets easy. |
| |
| If this option is not set, commits can be uploaded without a Change-Id, |
| but then users have to remember to copy the assigned Change-Id from the |
| change screen and insert it manually into the commit message when they |
| want to upload a second patch set. |
| |
| Default is `INHERIT`, which means that this property is inherited from |
| the parent project. The global default for new hosts is `true` |
| |
| This option is deprecated and future releases will behave as if this |
| is always `true`. |
| |
| [[receive.maxObjectSizeLimit]]receive.maxObjectSizeLimit:: |
| + |
| Maximum allowed Git object size that receive-pack will accept. If an object |
| is larger than the given size the pack-parsing will abort and the push |
| operation will fail. If set to zero then there is no limit. |
| + |
| Project owners can use this setting to prevent developers from pushing |
| objects which are too large to Gerrit. This setting can also be set in |
| `gerrit.config` globally (link:config-gerrit.html#receive.maxObjectSizeLimit[ |
| receive.maxObjectSizeLimit]). |
| + |
| The project specific setting in `project.config` may not set a value higher |
| than the global limit (if configured). In other words, it is only honored when |
| it further reduces the global limit. |
| + |
| When link:config-gerrit.html#receive.inheritProjectMaxObjectSizeLimit[ |
| `receive.inheritProjectmaxObjectSizeLimit`] is enabled in the global config, |
| the value is inherited from the parent project. Otherwise, it is not inherited |
| and must be explicitly set per project. |
| + |
| Default is zero. |
| + |
| Common unit suffixes of k, m, or g are supported. |
| |
| [[receive.checkReceivedObjects]]receive.checkReceivedObjects:: |
| + |
| Controls whether or not the JGit functionality for checking received objects |
| is enabled. |
| + |
| By default Gerrit checks the validity of git objects. Setting this variable to |
| false should not be used unless a project with history containing invalid |
| objects needs to be pushed into a Gerrit repository. |
| + |
| This functionality is provided as some other git implementations have allowed |
| bad history to be written into git repositories. If these repositories need pushing |
| up to Gerrit then the JGit checks need to be disabled. |
| + |
| The default value for this is true, false disables the checks. |
| |
| [[receive.enableSignedPush]]receive.enableSignedPush:: |
| + |
| Controls whether server-side signed push validation is enabled on the |
| project. Only has an effect if signed push validation is enabled on the |
| server; see the link:config-gerrit.html#receive.enableSignedPush[global |
| configuration] for details. |
| + |
| Default is `INHERIT`, which means that this property is inherited from |
| the parent project. |
| |
| [[receive.requireSignedPush]]receive.requireSignedPush:: |
| + |
| Controls whether server-side signed push validation is required on the |
| project. Only has an effect if signed push validation is enabled on the |
| server, and link:#receive.enableSignedPush[`receive.enableSignedPush`] is |
| set on the project. See the |
| link:config-gerrit.html#receive.enableSignedPush[global configuration] |
| for details. |
| + |
| Default is `INHERIT`, which means that this property is inherited from |
| the parent project. |
| |
| [[receive.rejectImplicitMerges]]receive.rejectImplicitMerges:: |
| + |
| Controls whether a check for implicit merges will be performed when changes are |
| pushed for review. An implicit merge is a case where merging an open change |
| would implicitly merge another branch into the target branch. Typically, this |
| happens when a change is done on master and, by mistake, pushed to a stable branch |
| for review. When submitting such change, master would be implicitly merged into |
| stable without anyone noticing that. When this option is set to 'true' Gerrit |
| will reject the push if an implicit merge is detected. |
| + |
| This check is only done for non-merge commits, merge commits are not subject of |
| the implicit merge check. |
| + |
| Default is `INHERIT`, which means that this property is inherited from |
| the parent project. |
| |
| [[receive.createNewChangeForAllNotInTarget]]receive.createNewChangeForAllNotInTarget:: |
| + |
| The `create-new-change-for-all-not-in-target` option provides a |
| convenience for selecting link:user-upload.html#base[the merge base] |
| by setting it automatically to the target branch's tip so you can |
| create new changes for all commits not in the target branch. |
| |
| This option is disabled if the tip of the push is a merge commit. |
| |
| This option also only works if there are no merge commits in the |
| commit chain, in such cases it fails warning the user that such |
| pushes can only be performed by manually specifying |
| link:user-upload.html#base[bases] |
| |
| This option is useful if you want to push a change to your personal |
| branch first and for review to another branch for example. Or in cases |
| where a commit is already merged into a branch and you want to create |
| a new open change for that commit on another branch. |
| |
| [[change-section]] |
| === Change section |
| |
| The change section includes configuration for project-specific change settings: |
| |
| [[change.privateByDefault]]change.privateByDefault:: |
| + |
| Controls whether all new changes in the project are set as private by default. |
| + |
| Note that a new change will be public if the `is_private` field in |
| link:rest-api-changes.html#change-input[ChangeInput] is set to `false` explicitly |
| when calling the link:rest-api-changes.html#create-change[CreateChange] REST API |
| or the `remove-private` link:user-upload.html#private[PushOption] is used during |
| the Git push. |
| + |
| Default is `INHERIT`, which means that this property is inherited from |
| the parent project. |
| |
| [[change.workInProgressByDefault]]change.workInProgressByDefault:: |
| + |
| Controls whether all new changes in the project are set as WIP by default. |
| + |
| Note that a new change will be ready if the `workInProgress` field in |
| link:rest-api-changes.html#change-input[ChangeInput] is set to `false` explicitly |
| when calling the link:rest-api-changes.html#create-change[CreateChange] REST API |
| or the `ready` link:user-upload.html#wip[PushOption] is used during |
| the Git push. |
| + |
| Default is `INHERIT`, which means that this property is inherited from |
| the parent project. |
| |
| [[submit-section]] |
| === Submit section |
| |
| The submit section includes configuration of project-specific |
| submit settings: |
| |
| [[content_merge]]submit.mergeContent:: |
| + |
| Defines whether Gerrit will try to |
| do a content merge when a path conflict occurs. Valid values are |
| 'true', 'false', or 'INHERIT'. Default is 'INHERIT'. This option can |
| be modified by any project owner through the project console, `Browse` |
| > `Repositories` > my/project > `Allow content merges`. |
| |
| [[submit.action]]submit.action:: |
| + |
| Defines the link:#submit-type[submit type]. Valid |
| values are 'fast forward only', 'merge if necessary', 'rebase if necessary', |
| 'rebase always', 'merge always' and 'cherry pick'. The default is 'merge if necessary'. |
| |
| [[submit.matchAuthorToCommitterDate]]submit.matchAuthorToCommitterDate:: |
| + |
| Defines whether the author date will be changed to match the submitter date upon submit, so that |
| git log shows when the change was submitted instead of when the author last committed. Valid |
| values are 'true', 'false', or 'INHERIT'. The default is 'INHERIT'. This option only takes effect |
| in submit strategies which already modify the commit, i.e. Cherry Pick, Rebase Always, and |
| (when rebase is necessary) Rebase If Necessary. |
| |
| [[submit.rejectEmptyCommit]]submit.rejectEmptyCommit:: |
| + |
| Defines whether empty commits should be rejected when a change is merged. When using |
| link:#submit.action[submit action] Cherry Pick, Rebase If Necessary or Rebase Always changes may |
| become empty upon submit, since the rebase|cherry-pick can lead to an empty commit. If this option |
| is set to 'true' the merge would fail in such a case. An empty commit is still allowed as the |
| initial commit on a branch. |
| |
| [[submit-type]] |
| ==== Submit Type |
| |
| 'submit.action': The method Gerrit uses to submit a change to a project. |
| |
| The submit type can also be modified by any project owner through the |
| project console, `Browse` > `Repositories` > my/project > 'Submit type'. |
| In general, a submitting a change only merges the change if all its |
| dependencies are also submitted, with exceptions documented below. |
| |
| The following submit types are supported: |
| |
| [[submit_type_inherit]] |
| * Inherit |
| + |
| This is the default for new projects, unless overridden by a global |
| link:config-gerrit.html#repository.name.defaultSubmitType[`defaultSubmitType` option]. |
| + |
| Inherit the submit type from the parent project. In `All-Projects`, this |
| is equivalent to link:#merge_if_necessary[Merge If Necessary]. |
| |
| [[fast_forward_only]] |
| * Fast Forward Only |
| + |
| With this method Gerrit does not create merge commits on submitting a |
| change. Merge commits may still be submitted, but they must be created |
| on the client prior to uploading to Gerrit for review. |
| + |
| To submit a change, the change must be a strict superset of the |
| destination branch. That is, the change must already contain the |
| tip of the destination branch at submit time. |
| |
| [[merge_if_necessary]] |
| * Merge If Necessary |
| + |
| If the change being submitted is a strict superset of the destination |
| branch, then the branch is fast-forwarded to the change. If not, |
| then a merge commit is automatically created. This is identical |
| to the classical `git merge` behavior, or `git merge --ff`. |
| |
| [[always_merge]] |
| * Always Merge |
| + |
| Always produce a merge commit, even if the change is a strict |
| superset of the destination branch. This is identical to the |
| behavior of `git merge --no-ff`, and may be useful if the |
| project needs to follow submits with `git log --first-parent`. |
| |
| [[cherry_pick]] |
| * Cherry Pick |
| + |
| Always cherry pick the patch set, ignoring the parent lineage |
| and instead creating a brand new commit on top of the current |
| branch head. |
| + |
| When cherry picking a change, Gerrit automatically appends onto the |
| end of the commit message a short summary of the change's approvals, |
| and a URL link back to the change on the web. The committer header |
| is also set to the submitter, while the author header retains the |
| original patch set author. |
| + |
| Note that Gerrit ignores dependencies between changes when using this |
| submit type unless |
| link:config-gerrit.html#change.submitWholeTopic[`change.submitWholeTopic`] |
| is enabled and depending changes share the same topic. So generally |
| submitters must remember to submit changes in the right order when using this |
| submit type. If all you want is extra information in the commit message, |
| consider using the Rebase Always submit strategy. |
| |
| [[rebase_if_necessary]] |
| * Rebase If Necessary |
| + |
| If the change being submitted is a strict superset of the destination |
| branch, then the branch is fast-forwarded to the change. If not, |
| then the change is automatically rebased and then the branch is |
| fast-forwarded to the change. |
| + |
| When Gerrit tries to do a merge, by default the merge will only |
| succeed if there is no path conflict. A path conflict occurs when |
| the same file has also been changed on the other side of the merge. |
| |
| [[rebase_always]] |
| * Rebase Always |
| + |
| Basically, the same as Rebase If Necessary, but it creates a new patchset even |
| if fast forward is possible AND like Cherry Pick it ensures footers such as |
| Change-Id, Reviewed-On, and others are present in resulting commit that is |
| merged. |
| + |
| Thus, Rebase Always can be considered similar to Cherry Pick, but with |
| the important distinction that Rebase Always does not ignore dependencies. |
| |
| |
| [[access-section]] |
| === Access section |
| |
| Each +access+ section includes a reference and access rights connected |
| to groups. Each group listed must exist in the link:#file-groups[+groups+ file]. |
| |
| Please refer to the |
| link:access-control.html#access_categories[Access Categories] |
| documentation for a full list of available access rights. |
| |
| |
| [[mimetype-section]] |
| === MIME Types section |
| |
| The +mimetype+ section may be configured to force the web code |
| reviewer to return certain MIME types by file path. MIME types |
| may be used to activate syntax highlighting. |
| |
| ---- |
| [mimetype "text/x-c"] |
| path = *.pkt |
| [mimetype "text/x-java"] |
| path = api/current.txt |
| ---- |
| |
| |
| [[capability-section]] |
| === Capability section |
| |
| The +capability+ section only appears once, and only in the +All-Projects+ |
| repository. It controls Gerrit administration capabilities that are configured |
| on a global level. |
| |
| Please refer to the |
| link:access-control.html#global_capabilities[Global Capabilities] |
| documentation for a full list of available capabilities. |
| |
| [[label-section]] |
| === Label section |
| |
| Please refer to link:config-labels.html#label_custom[Custom Labels] documentation. |
| |
| [[branchOrder-section]] |
| === branchOrder section |
| |
| Defines a branch ordering which is used for backporting of changes. |
| Backporting will be offered for a change (in the Gerrit UI) for all |
| more stable branches where the change can merge cleanly. |
| |
| [[branchOrder.branch]]branchOrder.branch:: |
| + |
| A branch name, typically multiple values will be defined. The order of branch |
| names in this section defines the branch order. The topmost is considered to be |
| the least stable branch (typically the master branch) and the last one the |
| most stable (typically the last maintained release branch). |
| |
| Example: |
| |
| ---- |
| [branchOrder] |
| branch = master |
| branch = stable-2.9 |
| branch = stable-2.8 |
| branch = stable-2.7 |
| ---- |
| |
| The `branchOrder` section is inheritable. This is useful when multiple or all |
| projects follow the same branch rules. A `branchOrder` section in a child |
| project completely overrides any `branchOrder` section from a parent i.e. there |
| is no merging of `branchOrder` sections. A present but empty `branchOrder` |
| section removes all inherited branch order. |
| |
| Branches not listed in this section will not be included in the mergeability |
| check. If the `branchOrder` section is not defined then the mergeability of a |
| change into other branches will not be done. |
| |
| [[reviewer-section]] |
| === reviewer section |
| |
| Defines config options to adjust a project's reviewer workflow such as enabling |
| reviewers and CCs by email. |
| |
| [[reviewer.enableByEmail]]reviewer.enableByEmail:: |
| + |
| A boolean indicating if reviewers and CCs that do not currently have a Gerrit |
| account can be added to a change by providing their email address. |
| |
| This setting only takes affect for changes that are readable by anonymous users. |
| |
| Default is `INHERIT`, which means that this property is inherited from |
| the parent project. If the property is not set in any parent project, the |
| default value is `FALSE`. |
| |
| [[file-groups]] |
| == The file +groups+ |
| |
| Each group in this list is linked with its UUID so that renaming of |
| groups is possible without having to rewrite every +groups+ file |
| in every repository where it's used. |
| |
| This is what the default groups file for +All-Projects.git+ looks like: |
| |
| ---- |
| # UUID Group Name |
| # |
| 3d6da7dc4e99e6f6e5b5196e21b6f504fc530bba Administrators |
| global:Anonymous-Users Anonymous Users |
| global:Change-Owner Change Owner |
| global:Project-Owners Project Owners |
| global:Registered-Users Registered Users |
| ---- |
| |
| This file can't be written to by the +git config+ command. |
| |
| In order to reference a group in +project.config+, it must be listed in |
| the +groups+ file. When editing permissions through the web UI this |
| file is maintained automatically, but when pushing updates to |
| +refs/meta/config+ this must be dealt with by hand. Gerrit will refuse |
| +project.config+ files that refer to groups not listed in +groups+. |
| |
| The UUID of a group can be found on the General tab of the group's page |
| in the web UI or via the +-v+ option to |
| link:cmd-ls-groups.html[the +ls-groups+ SSH command]. |
| |
| |
| [[file-rules_pl]] |
| == The file +rules.pl+ |
| |
| The +rules.pl+ files allows you to replace or amend the default Prolog |
| rules that control e.g. what conditions need to be fulfilled for a |
| change to be submittable. This file content should be |
| interpretable by the 'Prolog Cafe' interpreter. |
| |
| You can read more about the +rules.pl+ file and the prolog rules on |
| link:prolog-cookbook.html[the Prolog cookbook page]. |
| |
| GERRIT |
| ------ |
| Part of link:index.html[Gerrit Code Review] |
| |
| SEARCHBOX |
| --------- |
