commit | cf7d8fd66e41e857d764003c3d49dc65d76ec4f5 | [log] [tgz] |
---|---|---|
author | Dmitrii Filippov <dmfilippov@google.com> | Tue Oct 17 18:14:42 2023 +0200 |
committer | Dmitrii Filippov <dmfilippov@google.com> | Mon Nov 20 16:03:45 2023 +0000 |
tree | 1673e24bd59b86248c109053949b5bcc95ad41e5 | |
parent | 0ae42bb19be3aeb5a12820913f7b0b273bdddf6b [diff] |
Reject implicit merges on submit (except for cherry pick submit type). Gerrit can check if a change implicitly merges another branch to the target branch when changes are pushed to gerrit (see [1]). However, it is possible to bypass this limitation by creating a chain of changes, which includes an explicit merge, e.g. change 1: parent - "stable" branch; target - "master" branch. change 2: parents - "change 1" and "master" branch (explicit merge) target - "master" branch If these 2 changes are pushed together, gerrit accepts them even if rejectImplicitMerges [1] is set to true. This is correct behaviour, because change 2 is an explicit merge. If later only the change 1 is submitted, then the stable branch is implicitly merged into master branch. This is an implicit merge; gerrit should reject it and instead it should only allow submitting change 2 together with change 1. This fix adds additional checks (to the MergeOp class) to reject implicit merges. This check is guarded by experiments, so we can ensure that this fix doesn't break valid workflows. The cherry pick submit strategy is excluded from this check, because it always merges a single change (i.e. it never merges chain of changes). Adding a check to this strategy will break normal use-cases. At the same time, cherry pick strategy never brings content from another branch. It only applies diff to the target branch - so it can't be used to silently merge another change. [1] https://gerrit-review.googlesource.com/Documentation/config-project-config.html#receive.rejectImplicitMerges Bug: Google b/271135486 Release-Notes: skip Change-Id: I387105f666e05920b268c4512762adc343f3af93
Gerrit is a code review and project management tool for Git based projects.
Gerrit makes reviews easier by showing changes in a side-by-side display, and allowing inline comments to be added by any reviewer.
Gerrit simplifies Git based project maintainership by permitting any authorized user to submit changes to the master Git repository, rather than requiring all approved changes to be merged in by hand by the project maintainer.
For information about how to install and use Gerrit, refer to the documentation.
Our canonical Git repository is located on googlesource.com. There is a mirror of the repository on Github.
Please report bugs on the issue tracker.
Gerrit is the work of hundreds of contributors. We appreciate your help!
Please read the contribution guidelines.
Note that we do not accept Pull Requests via the Github mirror.
The Developer Mailing list is repo-discuss on Google Groups.
Gerrit is provided under the Apache License 2.0.
Install Bazel and run the following:
git clone --recurse-submodules https://gerrit.googlesource.com/gerrit cd gerrit && bazel build release
The instruction how to configure GerritForge/BinTray repositories is here
On Debian/Ubuntu run:
apt-get update && apt-get install gerrit=<version>-<release>
NOTE: release is a counter that starts with 1 and indicates the number of packages that have been released with the same version of the software.
On CentOS/RedHat run:
yum clean all && yum install gerrit-<version>[-<release>]
On Fedora run:
dnf clean all && dnf install gerrit-<version>[-<release>]
Docker images of Gerrit are available on DockerHub
To run a CentOS 8 based Gerrit image:
docker run -p 8080:8080 gerritcodereview/gerrit[:version]-centos8
To run a Ubuntu 20.04 based Gerrit image:
docker run -p 8080:8080 gerritcodereview/gerrit[:version]-ubuntu20
NOTE: release is optional. Last released package of the version is installed if the release number is omitted.