using maven release plugin (tag or branch) to push to refs/for/* in gerrit
1,452 views
Skip to first unread message
Josh Young
Jun 23, 2011, 9:44:52 AM6/23/11
to Repo and Gerrit Discussion, bb...@vecna.com
The company I work for currently uses maven as a dependency
management / build tool and we are attempting to switch to gerrit to
handle secure code reviews (because of requirements from PCI
certification).
I am trying to figure out how to setup gerrit/maven/git such that we
can use the maven release plugin to tag/branch code (we tend to have
projects with multiple modules and the automated version updating is
useful).
The key issue is that users are only allowed to create annotated tags
& upload code for peer review. They do not have any branch create/
upload/delete access since this would allow them to bypass the peer
review procedure which is prohibited by PCI.
I've already figured out how to get mvn release:prepare to work (well
fool it to work) by doing the release from a local git branch named
refs/for/master (works with the release plugin version 2.1 and up).
When the tagging of the release happens the push uses
localBranch:localBranch as the destination.
I can use a similar trick for maven release:branch which gets me past
the initial update to master (change of version prior to branching,
need this or the commit part fails). Unfortunately it fails when it
attempts to push the branch (the branch is created using the ui in
gerrit so I know it exists).
The following is the maven command I've been using (update branch
versions is required or the git commit fails):
$ mvn release:branch -DbranchName=maven-test-branch -
DupdateBranchVersions=true
Unfortunately when it attempts to push to the branch it fails because
it uses the command:
$ git push ssh://gerrit.host.name:3622/sandbox maven-test-branch
Here are some snippits from the push of what maven is doing:
...
[INFO] Executing: /bin/sh -c cd /home/jyoung/dev/gerrit-sandbox2 &&
git add -- pom.xml
[INFO] Working directory: /home/jyoung/dev/gerrit-sandbox2
[INFO] Executing: /bin/sh -c cd /home/jyoung/dev/gerrit-sandbox2 &&
git status
[INFO] Working directory: /home/jyoung/dev/gerrit-sandbox2
[INFO] Executing: /bin/sh -c cd /home/jyoung/dev/gerrit-sandbox2 &&
git commit --verbose -F /tmp/maven-scm-260241259.commit pom.xml
[INFO] Working directory: /home/jyoung/dev/gerrit-sandbox2
[INFO] Executing: /bin/sh -c cd /home/jyoung/dev/gerrit-sandbox2 &&
git symbolic-ref HEAD
[INFO] Working directory: /home/jyoung/dev/gerrit-sandbox2
[INFO] Executing: /bin/sh -c cd /home/jyoung/dev/gerrit-sandbox2 &&
git push ssh://gerrit.host.name:3622/sandbox refs/for/master:refs/for/
master
[INFO] Working directory: /home/jyoung/dev/gerrit-sandbox2
[INFO] Branching release with the label branch-gerrit...
[INFO] Executing: /bin/sh -c cd /home/jyoung/dev/gerrit-sandbox2 &&
git branch branch-gerrit
[INFO] Working directory: /home/jyoung/dev/gerrit-sandbox2
[INFO] Executing: /bin/sh -c cd /home/jyoung/dev/gerrit-sandbox2 &&
git push ssh://gerrit.host.name:3622/sandbox maven-test-branch
[INFO] Working directory: /home/jyoung/dev/gerrit-sandbox2
...
[ERROR] The git-push command failed.
[ERROR] Command output:
[ERROR] To ssh://gerrit.host.name:3622/sandbox
[ERROR] ! [remote rejected] maven-test-branch -> maven-test-branch
(prohibited by Gerrit)
[ERROR] error: failed to push some refs to 'ssh://gerrit.host.name:
3622/sandbox'
...
I attempted to run the command from the command line ($ git push
ssh://gerrit.host.name:3622/sandbox maven-test-branch) and I get the
same failure.
Has anyone had luck configuring things such that maven release:branch
works without allowing users to have "update branch" permissions?
Since we only ever want to upload for peer review is there any way to
configure gerrit so that "refs/for/branch-name" is just "branch-
name"? Can this be done local git-side somehow?
I've played with local git configurations and maven configurations
with no luck. I've searched for gerrit configurations, but haven't
found any so any ideas are appreciated. The only real requirement is
that users do not get the permissions to push directly to the branch,
or otherwise skip the peer review process.
Thanks!
~Josh
management / build tool and we are attempting to switch to gerrit to
handle secure code reviews (because of requirements from PCI
certification).
I am trying to figure out how to setup gerrit/maven/git such that we
can use the maven release plugin to tag/branch code (we tend to have
projects with multiple modules and the automated version updating is
useful).
The key issue is that users are only allowed to create annotated tags
& upload code for peer review. They do not have any branch create/
upload/delete access since this would allow them to bypass the peer
review procedure which is prohibited by PCI.
I've already figured out how to get mvn release:prepare to work (well
fool it to work) by doing the release from a local git branch named
refs/for/master (works with the release plugin version 2.1 and up).
When the tagging of the release happens the push uses
localBranch:localBranch as the destination.
I can use a similar trick for maven release:branch which gets me past
the initial update to master (change of version prior to branching,
need this or the commit part fails). Unfortunately it fails when it
attempts to push the branch (the branch is created using the ui in
gerrit so I know it exists).
The following is the maven command I've been using (update branch
versions is required or the git commit fails):
$ mvn release:branch -DbranchName=maven-test-branch -
DupdateBranchVersions=true
Unfortunately when it attempts to push to the branch it fails because
it uses the command:
$ git push ssh://gerrit.host.name:3622/sandbox maven-test-branch
Here are some snippits from the push of what maven is doing:
...
[INFO] Executing: /bin/sh -c cd /home/jyoung/dev/gerrit-sandbox2 &&
git add -- pom.xml
[INFO] Working directory: /home/jyoung/dev/gerrit-sandbox2
[INFO] Executing: /bin/sh -c cd /home/jyoung/dev/gerrit-sandbox2 &&
git status
[INFO] Working directory: /home/jyoung/dev/gerrit-sandbox2
[INFO] Executing: /bin/sh -c cd /home/jyoung/dev/gerrit-sandbox2 &&
git commit --verbose -F /tmp/maven-scm-260241259.commit pom.xml
[INFO] Working directory: /home/jyoung/dev/gerrit-sandbox2
[INFO] Executing: /bin/sh -c cd /home/jyoung/dev/gerrit-sandbox2 &&
git symbolic-ref HEAD
[INFO] Working directory: /home/jyoung/dev/gerrit-sandbox2
[INFO] Executing: /bin/sh -c cd /home/jyoung/dev/gerrit-sandbox2 &&
git push ssh://gerrit.host.name:3622/sandbox refs/for/master:refs/for/
master
[INFO] Working directory: /home/jyoung/dev/gerrit-sandbox2
[INFO] Branching release with the label branch-gerrit...
[INFO] Executing: /bin/sh -c cd /home/jyoung/dev/gerrit-sandbox2 &&
git branch branch-gerrit
[INFO] Working directory: /home/jyoung/dev/gerrit-sandbox2
[INFO] Executing: /bin/sh -c cd /home/jyoung/dev/gerrit-sandbox2 &&
git push ssh://gerrit.host.name:3622/sandbox maven-test-branch
[INFO] Working directory: /home/jyoung/dev/gerrit-sandbox2
...
[ERROR] The git-push command failed.
[ERROR] Command output:
[ERROR] To ssh://gerrit.host.name:3622/sandbox
[ERROR] ! [remote rejected] maven-test-branch -> maven-test-branch
(prohibited by Gerrit)
[ERROR] error: failed to push some refs to 'ssh://gerrit.host.name:
3622/sandbox'
...
I attempted to run the command from the command line ($ git push
ssh://gerrit.host.name:3622/sandbox maven-test-branch) and I get the
same failure.
Has anyone had luck configuring things such that maven release:branch
works without allowing users to have "update branch" permissions?
Since we only ever want to upload for peer review is there any way to
configure gerrit so that "refs/for/branch-name" is just "branch-
name"? Can this be done local git-side somehow?
I've played with local git configurations and maven configurations
with no luck. I've searched for gerrit configurations, but haven't
found any so any ideas are appreciated. The only real requirement is
that users do not get the permissions to push directly to the branch,
or otherwise skip the peer review process.
Thanks!
~Josh
Josh Young
Jun 23, 2011, 11:07:44 AM6/23/11
to Repo and Gerrit Discussion
I'm thinking about creating a gerrit scm provider for maven. Has this
been done before? I don't see anything obvious in google.
~Josh
been done before? I don't see anything obvious in google.
~Josh
Shawn Pearce
Jun 23, 2011, 11:25:04 AM6/23/11
to Josh Young, Jason van Zyl, Repo and Gerrit Discussion
Maven is making things confusing here by pushing a magically named
test branch to the repository. You need to modify Maven to not do
that. :-)
test branch to the repository. You need to modify Maven to not do
that. :-)
I've added in Jason to the thread (Jason please see the error below
about Maven release plugin against Gerrit Code Review). He probably
doesn't have time to fix this himself, but hopefully he can at least
point us towards the right Maven developer.
> --
> To unsubscribe, email repo-discuss...@googlegroups.com
> More info at http://groups.google.com/group/repo-discuss?hl=en
>
Josh Young
Jun 23, 2011, 11:33:31 AM6/23/11
to Repo and Gerrit Discussion
I specify the branch to create in the initial maven command with -
DbranchName=maven-test-branch (I'm not very creative with names).
The problem is that its running the push command without the HEAD:
prefix to the branch name.
For example its running:
something like
$ git push ssh://gerrit.host.name:3622/sandbox HEAD:refs/for/maven-
test-branch
from within the new branch
I'm starting to poke at creating a gerrit scm provider that extends
the git provider, not sure if thats the right direction, though.
~Josh
DbranchName=maven-test-branch (I'm not very creative with names).
The problem is that its running the push command without the HEAD:
prefix to the branch name.
For example its running:
$ git push ssh://gerrit.host.name:3622/sandbox maven-test-branch
which fails even when I run it locally, what I would like it to run is
something like
$ git push ssh://gerrit.host.name:3622/sandbox HEAD:refs/for/maven-
test-branch
from within the new branch
I'm starting to poke at creating a gerrit scm provider that extends
the git provider, not sure if thats the right direction, though.
~Josh
Josh Young
Jun 24, 2011, 3:18:58 AM6/24/11
to Repo and Gerrit Discussion
Created a gerrit scm for maven that allows some prefix parameters in
the url so you can specify refs/for/ on direct pushes and refs/heads
on branch pushes. Works like a charm as long as I can setup the
permissions in gerrit correctly (create branch, but not update
branch). Will test once our installation of 2.1.7.2 is updated to
2.2.1.
~Josh
the url so you can specify refs/for/ on direct pushes and refs/heads
on branch pushes. Works like a charm as long as I can setup the
permissions in gerrit correctly (create branch, but not update
branch). Will test once our installation of 2.1.7.2 is updated to
2.2.1.
~Josh
Reply all
Reply to author
Forward
0 new messages