This is indeed a very interesting question.
It's not clear to me, how the push records are being recorded and if we
could achieve the same QoS e.g. by having the same access control on the
Gerrit pushes.
Also, the git page [1] says that "Setting up gitpubsub should provide
sufficient flexiblity ...", so I'm wondering if there's a way to use
that to provide pre-commit testing.
Do our mentors have so experience with this?
Thanks,
Till
[1] https://www.apache.org/dev/writable-git
On 4 May 2015, at 12:19, Ian Maxon wrote:
Hi,
Right now our git workflow uses Gerrit as a means to facilitate code
review
and verification of patches. The way we have it set up is that the
code
must be reviewed, and must have 'mvn verify' pass on our Jenkins
server (or
have that overridden by manual testing, but this shouldn't happen
normally). Patches get submitted to Gerrit first, and then when merged
into
Gerrit's internal master after review, they get pushed to "official"
repositories that folks fetch changes from normally.
I was reading about how to alter this workflow a bit to instead now
use
ASF's git repository (instead of Google code) as a new upstream from
our
Gerrit server, and I came across this document:
https://www.apache.org/dev/writable-git . The concerning part to me,
was
this: "The ASF repo must be the canonical master repo that all
committers
push changes to." In the explanation of this rule, this page(
http://www.sunstarsys.com/essays/git-and-non-repudiation) is linked,
and it
goes on to explain the concept of push records. If I understand the
two
above pages correctly, the situation is that only a committer (i.e. ,
not a
robot authorized by a committer ) can actually log into the ASF git
repo to
push new changes. Is this indeed correct? If so what options might we
have,
for a git workflow similar to the one we have now? The reason we
deployed
Gerrit and Jenkins was to have better gatekeeping over what commits
got
into master, so I think any tool chain that would achieve that end
could be
worth discussing. Do Github pull requests work on ASF mirrored repos,
the
same as they do on normal Github repos?
Thanks,
- Ian
