Google Git
Sign in
gerrit/plugins/oauth/e53ff8dd02d0c818df6ec1a5944b340005e2c194
commit
e53ff8dd02d0c818df6ec1a5944b340005e2c194
[log]
author
David Ostrovsky <david@ostrovsky.org>
Sun Feb 15 10:21:02 2026 +0100
committer
David Ostrovsky <david@ostrovsky.org>
Sat Mar 21 03:26:54 2026 -0700
tree
a8b7d1a3d6504910220adc95ddb1698d59aa3779
parent
9ecc49bc156a395ed06b65a854860145511ed332 [diff]
Bazel: compare runtime overlap against headless Gerrit WAR

Add a guardrail that fails if the oauth plugin bundles third-party
runtime jars that are already provided by Gerrit.

Use //:headless.war.jars.txt as the comparison manifest instead of
//:release.war.jars.txt.

The release WAR is not the right boundary for this check because it also
includes the packaged core plugins via //plugins:core. Comparing against
that manifest would make this test depend on the full set of core plugin
submodules being present during Bazel analysis.

In CI/CD the plugin is built inside a partial Gerrit clone without
fetching the core plugin submodules. Using the release WAR manifest
would therefore fail analysis before the test can run.

The headless WAR already provides the correct comparison scope for this
guardrail: jars shipped by Gerrit itself, but not jars contributed by
the packaged core plugins. This keeps the overlap check focused on
libraries provided by Gerrit runtime, while avoiding an unnecessary
dependency on core plugin submodules.

The test remains Gerrit-tree-only and is gated via:

  target_compatible_with = in_gerrit_tree_enabled()

so standalone plugin builds continue to report it as SKIPPED.

Change-Id: I4abd5646b9a92f3ab619c74c72bf4c47bbcdc07f
4 files changed
tree: a8b7d1a3d6504910220adc95ddb1698d59aa3779
  1. .settings/
  2. src/
  3. tools/
  4. .bazelignore
  5. .bazelrc
  6. .bazelversion
  7. .gitignore
  8. .travis.yml
  9. BUILD
  10. external_plugin_deps.MODULE.bazel
  11. LICENSE
  12. LICENSE-scribe
  13. MODULE.bazel
  14. MODULE.bazel.lock
  15. oauth_plugin_deps.lock.json
  16. oauth_third_party_runtime_jars.allowlist.txt
  17. README.md
README.md

Gerrit OAuth2 authentication provider

Build Status

With this plugin Gerrit can use OAuth2 protocol for authentication. Supported OAuth providers:

See the Wiki what it can do for you.

Prebuilt artifacts

Prebuilt binary artifacts are available on release page. Make sure to pick the right JAR for your Gerrit version.

Build

To build the plugin with Bazel, install Bazel and run the following:

  git clone https://gerrit.googlesource.com/plugins/oauth
  cd oauth && bazel build oauth

Install

Copy the bazel-bin/oauth.jar to $gerrit_site/plugins and re-run init to configure it:

  java -jar gerrit.war init -d <site>
  [...]
  *** OAuth Authentication Provider
  ***
  Use Bitbucket OAuth provider for Gerrit login ? [Y/n]? n
  Use Google OAuth provider for Gerrit login ? [Y/n]?
  Application client id          : <client-id>
  Application client secret      : 
                confirm password : 
  Link to OpenID accounts? [true]: 
  Use GitHub OAuth provider for Gerrit login ? [Y/n]? n

Reporting bugs

Make sure to read the FAQ before reporting issues.

License

Apache License 2.0