How to assign access rights to a Gerrit project using API / SSH? - gerrit

I'm looking for a way to automatically add +2 permissions for certain refs for a lot of projects in Gerrit and unfortunately it seems there are no API calls to modify access rights, only to read them. Do you have any idea how to modify refs permissions for a big amount of projects?
I'm using Gerrit 2.9.
Thanks.

One possibility would be to create a batch script to modify the project.config for those projects and commit them back to gerrit.
This is how you can checkout the project.config for the All-Projects, it works the same for other projects: http://blog.bruin.sg/2013/04/how-to-edit-the-project-config-for-all-projects-in-gerrit/
Simply put:
Create list of project you want to change
Iterate over the lest
Checkout the refs/meta/config ref
Use script to modify project.config
Commit and push back to the server
More information about the project.config: http://gerrit-review.googlesource.com/Documentation/config-project-config.html

Related

How to accomplish read-only git branch using Gerrit access rules

We use Gerrit 2.5-rc1) ACLs to manage access to our git projects & branches. We try to keep the rules simple for developer groups; refs/heads/* allow Push, Create Reference, Push Merge Commit.
There is a need to mark a specific branch, call it foo, as read only. I have tried adding a new rule for refs/heads/foo/*, allowing READ, but DENYing Push, Push Merge Commit, etc. (both with and without "Exclusive" tickbox ticked). In any case, developers are still permitted to push to that branch.
Any idea how to do this without writing server hooks, etc?
For your Gerrit version I think the following set should do the trick:
refs/heads/* ALLOW
refs/heads/foo/* BLOCK

Get Project's Credentials using Jenkins API

I'm building a Jenkins plugin that one of the features is to commit and push some files generated during the build. I already have the code to commit and to push (using Git client from org.jenkinsci.plugins), however when I execute
PushCommand push = gitClient.push();
push.ref(__MY_BRANCH__);
push.to(new URIish("origin"))
push.force();
push.execute();
I get an error not having permissions to push. So, my question is: how can I re-use the credentials of a project to proper configue gitClient or the pushCommand ?
--
Thanks,
Jose
You need to provide credentials to the GitClient.
For example, here you can see the Git plugin calling the GitClient#addDefaultCredentials() method, using credentials obtained from CredentialsMatchers.
You mention you want to re-use the credentials from the same job so — assuming that the Git plugin has been configured with those credentials — your plugin should have access to the AbstractBuild where you can use something like build.getProject().getScm()​.getUserRemoteConfigs().get(0)​.getCredentialsId to fetch the configured credentials ID.
You'll need to cast the SCM to GitSCM, but otherwise that should work fine.

Using Gerrit to restrict read access to a git branch

I'm beginning to suspect that this is not possible. I was hoping that I could set up custom access control in Gerrit so that a particular role (defined in TF) would not have read access to a specific branch in a repo.
However, it appears that users with this role are unable to clone the repo at all. I was hoping they'd be able to clone and just not beb able to check out the restricted branch.
Just wondering if anyone else has enountered this and might be able to confirm the behaviour I'm seeing. I did see another thread here recommending gitolite for partial copies but I'm restricted to using TF/Gerrit.
Thanks!

Getting git items for a particular branch/tag via TFS rest api

Now that TFS 2015 comes with the same new Rest API of VS Team Services, I've taken a look at the API doc:
https://www.visualstudio.com/en-us/integrate/api/git/overview
One question naturally raised is that most queries do not expose an parameter for git branch or tag (e.g. download /path/to/my/file with tag 'release_v1.0'), which looks like a show stopper. As in my case, I need programatically pull out some source file under a certain branch/tag.
Is it not supported yet?
Yes you can. As or the link that you have above you can use the provided so to retrieve both branches and yes. In git they are really all the same thing, pointers. This use the "refs" api.
https://www.visualstudio.com/integrate/api/git/refs

How to store git commit hash during TFS build for display on a page?

How can I get the current commit hash from git and store it somewhere so that I can display it on an ASP.net MVC page? Does TFS expose that information anywhere? Is there some consistent way I can do it whether I build on a TFS server or locally?
If you need something like this, it'll most likely be a custom MsBuild task (to make it available locally) or a custom Team Build Activity.
On the build server the current Commit hash or tag (depending on how the build was queued) is available as part of the IBuildDetails.
On the client you can use LibGitSharp or invoke the git commandline to grab the current commit in your workspace and put it somewhere in the output directory.
But if you want to know if there is a standard, default way, then no.

Resources