我在 gerrit 中为我的公司设置访问控制,在我们当前的内部流程中,同行评审员和编码员之间有交叉(他们往往是同一群人)。我们还希望只需要 1 位审阅者对代码进行同行评审,并在看起来不错的情况下提交。
使用默认设置,任何具有该+2: Looks good to me, approved
选项的用户都可以对自己的代码进行同行评审。
有什么办法可以阻止作者审查自己的代码,但仍然允许他们全面审查别人的代码?我无法在访问控制组设置或权限设置中找到任何类型的排除作者。
我在 gerrit 中为我的公司设置访问控制,在我们当前的内部流程中,同行评审员和编码员之间有交叉(他们往往是同一群人)。我们还希望只需要 1 位审阅者对代码进行同行评审,并在看起来不错的情况下提交。
使用默认设置,任何具有该+2: Looks good to me, approved
选项的用户都可以对自己的代码进行同行评审。
有什么办法可以阻止作者审查自己的代码,但仍然允许他们全面审查别人的代码?我无法在访问控制组设置或权限设置中找到任何类型的排除作者。
Gerrit Cookbook Example 8并没有严格阻止作者审查他/她自己的更改,但会要求其他人在提交之前对其进行 +2。
这对我有用,但它是一个快速破解:
我已经调整了我之前的答案,所以它不会假设您使用的是 mysql 服务器。
您可能希望将日志文件移动到任何正常日志轮换的位置 - 可能在 ../logs/comment-added.log 中。
我试图将可配置位拉到最前面。将此文件称为 comment-hook 并将其放入 $gerrit_root/hooks 中,chmod it 755 或类似的。在 admin 组中设置一个机器人用户,这样钩子就可以使用 sql 接口(并对具有足够 +1 的事物进行评论 +2)。
#!/usr/bin/perl
#
# comment-hook for a +2 approval from a simple quorum of +1 votes.
#
# Licence: Public domain. All risk is yours; if it breaks, you get to keep both pieces.
$QUORUM = 2; # Total number of +1 votes causing a +2
$PLEBIANS = 'abs(value) < 2'; # or 'value = 1' to ignore -1 unvotes
$AUTO_SUBMIT_ON_QUORACY = '--submit'; # or '' for none
$AND_IGNORE_UPLOADER = 'and uploader_account_id != account_id'; # or '' to let uploaders votes count
$GERRIT_SSH_PORT = 29418;
$SSH_PRIVATE_KEY = '/home/gerrit2/.ssh/id_rsa';
$SSH_USER_IN_ADMIN_GROUP = 'devuser';
# Hopefully you shouldn't need to venture past here.
$SSH = "ssh -i $SSH_PRIVATE_KEY -p $GERRIT_SSH_PORT $SSH_USER_IN_ADMIN_GROUP\@localhost";
$LOG = "/home/gerrit2/hooks/log.comment-added";
open LOG, ">>$LOG" or die;
sub count_of_relevant_votes {
# Total selected code review votes for this commit
my $relevance = shift;
$query = "
select sum(value) from patch_sets, patch_set_approvals
where patch_sets.change_id = patch_set_approvals.change_id
and patch_sets.patch_set_id = patch_set_approvals.patch_set_id
and revision = '$V{commit}'
and category_id = 'CRVW'
and $relevance
$AND_IGNORE_UPLOADER
;";
$command = "$SSH \"gerrit gsql -c \\\"$query\\\"\"";
#print LOG "FOR... $command\n";
@lines = qx($command);
chomp @lines;
#print LOG "GOT... ", join("//", @lines), "\n";
# 0=headers 1=separators 2=data 3=count and timing.
return $lines[2];
}
sub response {
my $review = shift;
return "$SSH 'gerrit review --project=\"$V{project}\" $review $V{commit}'";
}
# ######################
# Parse options
$key='';
while ( $_ = shift @ARGV ) {
if (/^--(.*)/) {
$key = $1;
}
else {
$V{$key} .= " " if exists $V{$key};
$V{$key} .= $_;
}
}
#print LOG join("\n", map { "$_ = '$V{$_}'" } keys %V), "\n";
# ######################
# Ignore my own comments
$GATEKEEPER="::GATEKEEPER::";
if ($V{comment} =~ /$GATEKEEPER/) {
# print LOG localtime() . "$V{commit}: Ignore $GATEKEEPER comments\n";
exit 0;
}
# ######################
# Forbear to analyse anything already +2'd
$submittable = count_of_relevant_votes('value = 2');
if ($submittable > 0) {
# print LOG "$V{commit} Already +2'd by someone or something.\n";
exit 0;
}
# ######################
# Look for a consensus amongst qualified voters.
$plebicite = count_of_relevant_votes($PLEBIANS);
#if ($V{comment} =~ /TEST:(\d)/) {
# $plebicite=$1;
#}
# ######################
# If there's a quorum, approve and submit.
if ( $plebicite >= $QUORUM ) {
$and_submitting = ($AUTO_SUBMIT_ON_QUORACY ? " and submitting" : "");
$review = " --code-review=+2 --message=\"$GATEKEEPER approving$and_submitting due to $plebicite total eligible votes\" $AUTO_SUBMIT_ON_QUORACY";
}
else {
$review = " --code-review=0 --message=\"$GATEKEEPER ignoring $plebicite total eligible votes\"";
# print LOG "$V{commit}: $review\n";
exit 0;
}
$response = response($review);
print LOG "RUNNING: $response\n";
$output = qx( $response 2>&1 );
if ($output =~ /\S/) {
print LOG "$V{commit}: output from commenting: $output";
$response = response(" --message=\"During \Q$review\E: \Q$output\E\"");
print LOG "WARNING: $response\n";
$output = qx( $response 2>&1 );
print LOG "ERROR: $output\n";
}
exit 0;
Gerrit 允许您设置序言“提交规则”来定义何时可以提交更改。
该文档包含几个示例,包括一个阻止作者批准他自己的更改的示例。
我刚刚为我们的 Gerrit 安装编写了这个 prolog 过滤器。我在父项目中将其作为 submit_filter 进行,因为我希望它适用于我们系统中的所有项目。
%filter to require all projects to have a code-reviewer other than the owner
submit_filter(In, Out) :-
%unpack the submit rule into a list of code reviews
In =.. [submit | Ls],
%add the non-owner code review requiremet
reject_self_review(Ls, R),
%pack the list back up and return it (kinda)
Out =.. [submit | R].
reject_self_review(S1, S2) :-
%set O to be the change owner
gerrit:change_owner(O),
%find a +2 code review, if it exists, and set R to be the reviewer
gerrit:commit_label(label('Code-Review', 2), R),
%if there is a +2 review from someone other than the owner, then the filter has no work to do, assign S2 to S1
R \= O, !,
%the cut (!) predicate prevents further rules from being consulted
S2 = S1.
reject_self_review(S1, S2) :-
%set O to be the change owner
gerrit:change_owner(O),
% find a +2 code review, if it exists, and set R to be the reviewer - comment sign was missing
gerrit:commit_label(label('Code-Review', 2), R),
R = O, !,
%if there isn't a +2 from someone else (above rule), and there is a +2 from the owner, reject with a self-reviewed label
S2 = [label('Self-Reviewed', reject(O))|S1].
%if the above two rules didn't make it to the ! predicate, there aren't any +2s so let the default rules through unfiltered
reject_self_review(S1, S1).
这条规则相对于食谱中的规则 #8的好处 (IMO)是:
Self-Reviewed
更改被阻止时显示,而不是为每个更改添加Non-Author-Code-Review
标签reject(O)
该规则,Self-Reviewed
标签实际上是一个危险信号submit_filter
而不是 a submit_rule
,此规则安装在父项目中并适用于所有子项目请注意:此规则旨在防止Owner
自我审查更改,而食谱中的示例与Author
. 根据您的工作流程,您可能希望将 2 个gerrit:change_owner(O)
谓词替换为gerrit:commit_author(O)
orgerrit:commit_committer(O)
您可以从访问选项卡中的 GUI 执行此操作。转到 /refs/heads/ 部分 -> 在标签代码审查部分添加组“更改所有者” -> 选择 -1..+1
这将使更改所有者获得将 -1 授予 +1 的特权