| commit | c39d36f0980719c0481e15765277efd2fbd1d46a | [log] [tgz] |
|---|---|---|
| author | Luca Milanesio <luca.milanesio@gmail.com> | Wed Jul 16 17:52:30 2014 +0100 |
| committer | Luca Milanesio <luca.milanesio@gmail.com> | Tue Jul 22 13:15:38 2014 +0000 |
| tree | 67ca40bef927188a7f9b871cb36ebc4b427ed90b | |
| parent | 99a192ee4155b926cb6f94f8b53caae136bfb520 [diff] |
GitHub organisations plugged as GroupBackend Initial support for using GitHub organisations plugged into Gerrit as GroupBackend and thus visibles from: - User’s group membership (/#/settings/group-memberships) - Project’s access control (/#/admin/projects/All-Projects,access) By typing github/OrgName in the Project’s access screen you will see listed all the organisations that your user belongs to and you can then assign Gerrit project permissions to it. The members of that organisation will automatically be granted permissions to the Gerrit project. Membership is resolved at runtime by making a GitHub API call using the current user scope, with a cache TTL of 15’. This means that only 4 GitHub calls/h per user can be actually consumed by group resolution. Changes on GitHub organisation membership will be then detected by Gerrit after at least 15’. Gerrit cache for GitHub organisations membership is called: github-plugin-organisations. Change-Id: I051cd44c978b7f25a5508a33c298fd18b904177e
This plugin allows existing GitHub repositories to be integrated as Gerrit projects.
Many people see Gerrit and GitHub as opposites: the pull-request model adopted by GitHub is often used as “easy shortcut” to the more comprehensive and structured code-review process in Gerrit.
There are many discussion threads on this:
In reality there are already OpenSource projects that have started using the two tools together:
The reason for using GitHub and Gerrit together are: a) GitHub is widely recognised and accessible by lots of world-wide sites. b) Using a public GitHub repo allows to “off-load” a lot of git pull traffic. c) Pull-request allows novice users to start getting involved. d) Gerrit code-review define the quality gates for avoiding “noise” of unstructured contributions.
When using GitHub and Gerrit together, the “master of truth” has to be Gerrit: this is because it is the place where more control in terms of security and workflow can be defined.
A Gerrit plugin can help controlling the GitHub replica and importing the pull requests as Gerrit changes.
Users can login to Gerrit using the same username and credentials in GitHub. Gerrit login points to GitHub for generating the OAuth token to be used for the code-review authenticated session.
The initial Gerrit registration page can be customised to import GitHub SSH Keys directly into Gerrit.
Existing GitHub repositories are automatically replicated to Gerrit for the purpose of performing code-review and pushing back changes once approved. Additionally to the standard Gerrit push replication, supports as well the ability to pull branches from remote GitHub repositories.
Hooks into the GitHub pull-request mechanism to automatically create a Change in Gerrit submitted for review.
GitHub plugin is designed to work with Gerrit 2.10 (currently in development). In order to build the GitHub plugin you need to have a working Gerrit 2.10 build in place.
See https://gerrit-review.googlesource.com/Documentation/dev-buck.html for a reference on how to build Gerrit 2.10 (master branch) using BUCK.
In order to access GitHub API, we have used the lucamilanesio fork of Kohsuke API layer hosted on GitHub at https://github.com/lucamilanesio/github-api.
You need to clone and build the GitHub API as pre-requisite for building the GitHub plugin for Gerrit.
Example: git clone https://github.com/lucamilanesio/github-api.git cd github-api mvn install -DskipTests=true
You need to clone, build and install the singleusergroup plugin for Gerrit (see https://gerrit-review.googlesource.com/#/admin/projects/plugins/singleusergroup).
This plugin is needed to allow Gerrit to use individual users as Groups for being used in Gerrit ACLs. As of Gerrit 2.10 singleuserplugin is a core plugin and included in Gerrit tree (if it was cloned recursively).
Example: cd gerrit buck build plugins/singleusergroup cp buck-out/gen/plugins/singleusergroup/singleusergroup.jar $GERRIT_SITE/plugins/.
Just clone the Git repository (see https://gerrit-review.googlesource.com/#/admin/projects/plugins/github) and do a mvn install from the root directory. This will create two JARs under github-oauth/target and github-plugin/target: the oauth is a JAR library to be copied to $GERRIT_SITE/lib whilst the plugin JAR has to be installed as usual under $GERRIT_SITE/plugins.
Example: git clone https://gerrit.googlesource.com/plugins/github cd github mvn install cp github-oauth/target/github-oauth-.jar $GERRIT_SITE/lib cp github-plugin/target/github-plugin-.jar $GERRIT_SITE/plugins
Note: Client ID & Client Secret are generated that used in the next step.
java -jar buck-out/gen/gerrit.war $gerrit_site
User Authentication
Authentication methodi []: HTTP
Ger username from custom HTTP header [Y/n]? Y
Username HTTP header []: GITHUB_USER
SSO logout URL : /oauth/reset
GitHub Integration
GitHub URL: [https://github.com]:
Use GitHub for Gerrit login? [Y/n] Y
ClientId []:
ClientSecret []: