Earlier I had another thread related to VREF, did some blunders during that time and everything got messed up.I did learn some lessons though. Now I have another issue related to this, hopefully my question is not stupid again :(
we have a tools repo, which no one except @gatkeepers can push to "production" branch or master branch. We have a remote branch called "integration" where all the development happens, also people are allowed to create remote private branches.
Today we have created some additional VREF rules for individual component team to allow modification only in their module [like, for @s-team can modify only files under modules/p_s/ directory]
Below is my gitolite conf file
repo operatons/tools
RW+ = @gatekeepers
R production* master = @operations-dev
- production* master = @operations-dev
RW+ = @operations-dev
RW+ VREF/NAME/modules/p_d/ = @d-team
RW+ VREF/NAME/modules/p_s/ = @s-team
RW+ VREF/NAME/modules/p_k/ = @k-team
RW+ VREF/NAME/modules/p_p/ = @p-team
RW+ VREF/NAME/modules/p_a/ = @a-team
- VREF/NAME/ = @d-eam @s-team
- VREF/NAME/ = @k-team @p-team
- VREF/NAME/ = @a-team
config hooks.run = pgitrepopush
The issue I am facing now is, if a someone from @s-team does below operations,
> git clone g...@abc.com:operations/tools.git
> git branch test_branch
> git checkout test_branch
Modify any files under /modules/p_s/ directory
> git push origin test_branch
This push fails
maneesh@maneesh:~/git/tools$ git push origin test_branch
Counting objects: 30, done.
Delta compression using up to 12 threads.
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 411 bytes | 0 bytes/s, done.
Total 5 (delta 4), reused 0 (delta 0)
remote: FATAL: W VREF/NAME/.gitignore operations/tools man...@abc.com DENIED by VREF/NAME/
remote: error: hook declined to update refs/heads/test_branch
To g...@abc.com:operatons/tools
! [remote rejected] test -> test (hook declined)
error: failed to push some refs to 'g...@abc.com:operatons/tools.git'
Am I doing something wrong here? Or is this working as expected?
Thanks,
Maneesh
Below is the commands tried in sequential order to be specific,
maneesh@maneesh:~/git/tools$ git branch test_branch
maneesh@maneesh:~/git/tools$ git checkout test_branch
maneesh@maneesh:~/git/tools/modules/p_s$ vi README
maneesh@maneesh:~/git/tools/modules/p_s$ git add README
maneesh@maneesh:~/git/tools/modules/p_s$ git commit -m "updating readme file to
test commit"
[test_branch 64ad163] updating readme file
1 file changed, 1 insertion(+), 1 deletion(-)
maneesh@maneesh:~/git/tools/modules/p_s$ git push origin test_branch
Counting objects: 30, done.
Delta compression using up to 12 threads.
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 415 bytes | 0 bytes/s, done.
Total 5 (delta 4), reused 0 (delta 0)
remote: FATAL: W VREF/NAME/.gitignore operations/p_s man...@abc.com DENIED by VREF/NAME/
remote: error: hook declined to update refs/heads/test_branch
To g...@abc.com:operations/tools.git
! [remote rejected] test_branch -> test_branch (hook declined)
error: failed to push some refs to 'g...@abc.com:operations/tools.git'
Thanks,
Maneesh
maneesh@maneesh:~ git push origin test_branch
...........
remote: FATAL: W VREF/NAME/toolsfile operations/tools man...@abc.com DENIED by VREF/NAME/
remote: error: hook declined to update refs/heads/test_branch
To g...@abc.com:operations/tools.git
! [remote rejected] test_branch -> test_branch (hook declined)
error: failed to push some refs to 'g...@abc.com:operations/tools.git'
Now I feel the VREF rule is creating the problem.
The rule =>
RW+ VREF/NAME/modules/p_s/ = @s-team
- VREF/NAME/ = @s-team
The directory structure of repository is,
maneesh@maneesh~:pwd
/home/maneesh/git/tools
maneesh@maneesh~:ls
modules toolsfile
maneesh@maneesh~: ls modules/
p_d p_k p_p p_s
so when the @s-team makes modification to files under directory modules/p_s/
and try to push, the deny rule is coming into picture for "toolsfile"
Thanks,
Maneesh
This problem also exists whenever a tag is being pushed since the old tree is the empty tree. In my company's use-cases, it's extremely rare that any new commits are pushed as part of creating a tag. Typically the branch reference is pushed first, then the commit is tagged. Would it be possible to avoid this VREF entirely for tag creation?
It wouldn't be as accurate or thorough as your git-log command, but could you use
git branch --contains $newSHA
and
git tag --points-at $newSHA
instead? This would at least be a relatively quick way to determine if the new commit is already contained within another branch or pointed at by an existing tag.
>
> 3. The other way to do this would be to create a brand new VREF that
> does the "--not --all" thing. Maybe VREF/NEWFILES or something.
> This would do things the long way (using '--not --all').
I think a new VREF would be best for my use-cases. This would allow me to set the behavior in the gitolite config files, and the users won't have to learn (or remember) to do anything different than what they're currently doing.
The patch works great. I tested the new command on a repository with around 90k commits, and did not notice a performance hit. I was able to successfully push new tags to the repository as long as they were on previously-pushed commits. Tags on new commits were still rejected, as expected. Thanks!