From e3c6b457c8ff7785d6361eae5ea813f31203c7ae Mon Sep 17 00:00:00 2001 From: Jeremy Stanley Date: Wed, 3 May 2017 14:39:42 +0000 Subject: [PATCH] New subsection on voting third-party CI permission Voting third-party CI permission grants in Gerrit ACLs are a bit nuanced, so explain them in some detail and provide an example similar to the others in that section. Change-Id: I3849036f3f4c753d0c5c8f377ad164a019f3b7d2 --- doc/source/creators.rst | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/doc/source/creators.rst b/doc/source/creators.rst index d7121d5..9f47c5f 100644 --- a/doc/source/creators.rst +++ b/doc/source/creators.rst @@ -441,16 +441,41 @@ The ``exclusiveGroupPermissions`` avoids the inheritance from privileges to the stable team and add back the default privileges for owners of a change, gerrit administrators, and all users. +Voting Third-Party CI +~~~~~~~~~~~~~~~~~~~~~ + +To allow some third-party CI systems to vote Verify +1 or -1 on +proposed changes for your project, add a ``label-Verified`` rule to +the ``refs/heads/*`` section:: + + [access "refs/heads/*"] + abandon = group -core + label-Code-Review = -2..+2 group -core + label-Verified = -1..+1 group -ci + label-Workflow = -1..+1 group -core + +Optionally, if you only want them to be able to Verify +1 you can +adjust the vote range to ``0..+1`` instead. + +Once the project is created it is strongly recommended you go to the +*General* settings for the ``-ci`` group in Gerrit's +WebUI and switch the *Owners* field to your ``-core`` +group (or ``-release`` if you have one) so that it is +no longer self-managed, allowing your project team to control the +membership without needing to be members of the group themselves. + Extended ACL File ~~~~~~~~~~~~~~~~~ So, if your project requires the ICLA signed, has a release team -that will create tags and branches, create a -``gerrit/acls/openstack/.config`` like:: +that will create tags and branches, and allow voting third-party CI +systems, create a ``gerrit/acls/openstack/.config`` +like:: [access "refs/heads/*"] abandon = group -core create = group -release label-Code-Review = -2..+2 group -core + label-Verified = -1..+1 group -ci label-Workflow = -1..+1 group -core [access "refs/tags/*"]