Reject implicit merges on submit (except for cherry pick submit type).

Gerrit can check if a change implicitly merges another branch to the
target branch when changes are pushed to gerrit (see [1]).

However, it is possible to bypass this limitation by creating a chain of
changes, which includes an explicit merge, e.g.

change 1:
  parent - "stable" branch;
  target - "master" branch.
change 2:
  parents - "change 1" and "master" branch (explicit merge)
  target - "master" branch

If these 2 changes are pushed together, gerrit accepts them even if
rejectImplicitMerges [1] is set to true. This is correct behaviour,
because change 2 is an explicit merge.

If later only the change 1 is submitted, then the stable branch is
implicitly merged into master branch. This is an implicit merge; gerrit
should reject it and instead it should only allow submitting change 2
together with change 1.

This fix adds additional checks (to the MergeOp class) to reject
implicit merges. This check is guarded by experiments, so we can ensure
that this fix doesn't break valid workflows.

The cherry pick submit strategy is excluded from this check, because it
always merges a single change (i.e. it never merges chain of changes).
Adding a check to this strategy will break normal use-cases. At the same
time, cherry pick strategy never brings content from another branch. It
only applies diff to the target branch - so it can't be used to silently
merge another change.

[1] https://gerrit-review.googlesource.com/Documentation/config-project-config.html#receive.rejectImplicitMerges

Bug: Google b/271135486
Release-Notes: skip
Change-Id: I387105f666e05920b268c4512762adc343f3af93
11 files changed
tree: 1673e24bd59b86248c109053949b5bcc95ad41e5
  1. .settings/
  2. .ts-out/
  3. antlr3/
  4. contrib/
  5. Documentation/
  6. e2e-tests/
  7. java/
  8. javatests/
  9. lib/
  10. modules/
  11. plugins/
  12. polygerrit-ui/
  13. prolog/
  14. prologtests/
  15. proto/
  16. resources/
  17. tools/
  18. webapp/
  19. .bazelignore
  20. .bazelproject
  21. .bazelrc
  22. .bazelversion
  23. .editorconfig
  24. .git-blame-ignore-revs
  25. .gitignore
  26. .gitmodules
  27. .gitreview
  28. .pydevproject
  29. .zuul.yaml
  30. BUILD
  31. COPYING
  32. INSTALL
  33. Jenkinsfile
  34. package.json
  35. README.md
  36. SUBMITTING_PATCHES
  37. version.bzl
  38. web-dev-server.config.mjs
  39. WORKSPACE
  40. yarn.lock
README.md

Gerrit Code Review

Gerrit is a code review and project management tool for Git based projects.

Build Status Maven Central

Objective

Gerrit makes reviews easier by showing changes in a side-by-side display, and allowing inline comments to be added by any reviewer.

Gerrit simplifies Git based project maintainership by permitting any authorized user to submit changes to the master Git repository, rather than requiring all approved changes to be merged in by hand by the project maintainer.

Documentation

For information about how to install and use Gerrit, refer to the documentation.

Source

Our canonical Git repository is located on googlesource.com. There is a mirror of the repository on Github.

Reporting bugs

Please report bugs on the issue tracker.

Contribute

Gerrit is the work of hundreds of contributors. We appreciate your help!

Please read the contribution guidelines.

Note that we do not accept Pull Requests via the Github mirror.

Getting in contact

The Developer Mailing list is repo-discuss on Google Groups.

License

Gerrit is provided under the Apache License 2.0.

Build

Install Bazel and run the following:

    git clone --recurse-submodules https://gerrit.googlesource.com/gerrit
    cd gerrit && bazel build release

Install binary packages (Deb/Rpm)

The instruction how to configure GerritForge/BinTray repositories is here

On Debian/Ubuntu run:

    apt-get update && apt-get install gerrit=<version>-<release>

NOTE: release is a counter that starts with 1 and indicates the number of packages that have been released with the same version of the software.

On CentOS/RedHat run:

    yum clean all && yum install gerrit-<version>[-<release>]

On Fedora run:

    dnf clean all && dnf install gerrit-<version>[-<release>]

Use pre-built Gerrit images on Docker

Docker images of Gerrit are available on DockerHub

To run a CentOS 8 based Gerrit image:

    docker run -p 8080:8080 gerritcodereview/gerrit[:version]-centos8

To run a Ubuntu 20.04 based Gerrit image:

    docker run -p 8080:8080 gerritcodereview/gerrit[:version]-ubuntu20

NOTE: release is optional. Last released package of the version is installed if the release number is omitted.