Gerrit: auto create feature branches (push to refs/for/new-feature-branch)

1,111 views
Skip to first unread message

Timo Lotterbach

unread,
Jul 22, 2016, 7:15:12 AM7/22/16
to Repo and Gerrit Discussion
Hi Gerrit Community,

I was wondering, why gerrit does not support creating new branches by simply pushing patches to a new branch name, e.g.

git push origin HEAD:refs/for/my-new-feature-branch

After some research, I mainly found two arguments for this
  1. gerrit access rights not sufficient
    • create reference in refs/for/* is not enough (branch must exist already)
    • create reference in refs/heads/* is too much (would allow anyone to push arbitrary patches with their new branch, completely bypassing code review)
  2. it is easy to introduce typos in branch names
    • can also happen in Gerrit Web UI
Are there any other reasons I missed so far?

I would love to see that feature happen. And I'm pretty sure, it could improve the workflow for many developers.
(Yes, I am aware of the ssh create branch patch [1].)

Best regards,
Timo Lotterbach

--------------------------------------------

Dave Borowitz

unread,
Jul 22, 2016, 10:15:50 AM7/22/16
to Timo Lotterbach, Repo and Gerrit Discussion
Your arguments against it are the same ones I would make.

This use case is why we added the feature of ${username} in access control refspecs:

--
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en

---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Darragh Bailey

unread,
Jul 22, 2016, 4:15:15 PM7/22/16
to Dave Borowitz, repo-d...@googlegroups.com, Timo Lotterbach

On 22 Jul 2016 15:15, "'Dave Borowitz' via Repo and Gerrit Discussion" <repo-d...@googlegroups.com> wrote:
>
> Your arguments against it are the same ones I would make.
>
> This use case is why we added the feature of ${username} in access control refspecs:
> https://gerrit-documentation.storage.googleapis.com/Documentation/2.12.3/access-control.html#_project_access_control_lists
>

This sounds like there is no permission that allows for create reference from existing commits only via git push.

Seems like it would be a really handy permission. Much easier to allow that while still preventing direct pushes of new un-reviewed commits.

--
Darragh Bailey
"Nothing is foolproof to a sufficiently talented fool" - unknown

Oswald Buddenhagen

unread,
Jul 26, 2016, 4:59:21 AM7/26/16
to repo-d...@googlegroups.com
On Fri, Jul 22, 2016 at 09:15:02PM +0100, Darragh Bailey wrote:
> This sounds like there is no permission that allows for create reference
> from existing commits only via git push.
>
i would have thought that ALLOW "create reference" + DENY "push" would
be just that ...

Björn Pedersen

unread,
Jul 26, 2016, 7:20:44 AM7/26/16
to Repo and Gerrit Discussion
Hi,

This combination is working (but branches are not auto-created on push, you need use either the GUI or the ssh api for that.
see comments in the bug tracker as well: https://bugs.chromium.org/p/gerrit/issues/detail?id=1802

Björn

Darragh Bailey

unread,
Jul 27, 2016, 10:44:54 AM7/27/16
to Björn Pedersen, Repo and Gerrit Discussion

But does that allow it via 'git push'? as in if the commit exists on the remote can you create a reference using, git push without allowing new commits to be pushed?

git push origin <commit>:refs/heads/my_new_feature

Where commit is already in a remote reference.

I don't have a test set up to go through this to confirm, but it's sounding like you can't do it via a git push, and the comments to the referenced issue don't appear to make it clear if it's testing a push with an existing commit or a push with new commits.


If the permissions suggested do work to allow references to be created via git, without allow new commits, I guess the following could be added to a workflow script to perform the desired behaviour.

new_branch=my_cool_feature
BASE_COMMIT=$(git for-each-ref --format="%(refname)" refs/remotes/origin | grep -v "HEAD" | xargs -n1 git merge-base HEAD | uniq | xargs git rev-list --no-walk --topo-order | head -n1)
git push origin ${BASE_COMMIT}:${new_branch}
git push origin HEAD:refs/for/${new_branch}

YMMV

--
Darragh




Björn Pedersen

unread,
Jul 28, 2016, 10:47:22 AM7/28/16
to Repo and Gerrit Discussion, ice...@googlemail.com

Hi,
 
But does that allow it via 'git push'? as in if the commit exists on the remote can you create a reference using, git push without allowing new commits to be pushed?

git push origin <commit>:refs/heads/my_new_feature

Where commit is already in a remote reference.

Just tested it with the above mentioned rights:

pedersen@resi2:~/tmp/Test2> git co -b tx origin/master
Branch tx konfiguriert zum Folgen von Remote-Branch master von origin durch Rebase.
Zu neuem Branch 'tx' gewechselt
pedersen@resi2:~/tmp/Test2> git push origin HEAD:refs/for/dummy3
Total 0 (delta 0), reused 0 (delta 0)
remote: Processing changes: refs: 1, done   
To ssh://localhost:29418/Test2
 ! [remote rejected] HEAD -> refs/for/dummy3 (branch dummy3 not found)
error: Fehler beim Versenden einiger Referenzen nach 'ssh://localhost:29418/Test2'

==> pushing to refs/for/...  does not auto-create a branch

pedersen@resi2:~/tmp/Test2> git push origin HEAD:refs/heads/dummy3
Total 0 (delta 0), reused 0 (delta 0)
remote: Processing changes: refs: 1, done   
To ssh://localhost:29418/Test2
 * [new branch]      HEAD -> dummy3

==> pushing a already merged commit to a new branch does create the branch.
So your snippet below should work.
 

Timo Lotterbach

unread,
Aug 30, 2016, 8:05:34 AM8/30/16
to Repo and Gerrit Discussion, ice...@googlemail.com
Hi everyone,

sorry for my late response, but I really have to say "thank you".
This was exactly what I was looking for.

Your help is much appreciated.

Thank you guys,
Timo Lotterbach 
Reply all
Reply to author
Forward
0 new messages