我正在为gerrit中的我的公司设置访问控制,并且在我们当前的内部流程中,同行评审人员与编码人员之间存在交叉(他们往往是同一群人) 。我们还希望只需要1位审阅者同行审阅代码并在其看起来不错的情况下提交。从gerrit的同行评审人名单中排除作者
使用默认设置,任何具有+2: Looks good to me, approved选项的用户都可以同行查看他们自己的代码。
有什么办法可以防止作者查看他们自己的代码,但仍然允许他们完全查看他人的代码吗?我无法在访问控制组设置或权限设置中找到任何种类的排除作者。
这是为我工作,但它是一个快速黑客:
我已经调整了我以前的答案,所以它不认为你使用的是mysql服务器。
您可能希望将日志文件移动到任何正常的日志轮换 - 可能位于../logs/comment-added.log中。
我试过把可配置的位拉到最前面。调用这个文件的评论挂钩和 把它放在$ gerrit_root/hooks,chmod it 755或类似的。在admin 组中设置一个机器人用户,以便该钩子可以使用sql界面(并在+ 1s的内容上注释+2)。
#!/usr/bin/perl
#
# comment-hook for a +2 approval from a simple quorum of +1 votes.
#
# Licence: Public domain. All risk is yours; if it breaks, you get to keep both pieces.
$QUORUM = 2; # Total number of +1 votes causing a +2
$PLEBIANS = 'abs(value) < 2'; # or 'value = 1' to ignore -1 unvotes
$AUTO_SUBMIT_ON_QUORACY = '--submit'; # or '' for none
$AND_IGNORE_UPLOADER = 'and uploader_account_id != account_id'; # or '' to let uploaders votes count
$GERRIT_SSH_PORT = 29418;
$SSH_PRIVATE_KEY = '/home/gerrit2/.ssh/id_rsa';
$SSH_USER_IN_ADMIN_GROUP = 'devuser';
# Hopefully you shouldn't need to venture past here.
$SSH = "ssh -i $SSH_PRIVATE_KEY -p $GERRIT_SSH_PORT $SSH_USER_IN_ADMIN_GROUP\@localhost";
$LOG = "/home/gerrit2/hooks/log.comment-added";
open LOG, ">>$LOG" or die;
sub count_of_relevant_votes {
# Total selected code review votes for this commit
my $relevance = shift;
$query = "
select sum(value) from patch_sets, patch_set_approvals
where patch_sets.change_id = patch_set_approvals.change_id
and patch_sets.patch_set_id = patch_set_approvals.patch_set_id
and revision = '$V{commit}'
and category_id = 'CRVW'
and $relevance
$AND_IGNORE_UPLOADER
;";
$command = "$SSH \"gerrit gsql -c \\\"$query\\\"\"";
#print LOG "FOR... $command\n";
@lines = qx($command);
chomp @lines;
#print LOG "GOT... ", join("//", @lines), "\n";
# 0=headers 1=separators 2=data 3=count and timing.
return $lines[2];
}
sub response {
my $review = shift;
return "$SSH 'gerrit review --project=\"$V{project}\" $review $V{commit}'";
}
# ######################
# Parse options
$key='';
while ($_ = shift @ARGV) {
if (/^--(.*)/) {
$key = $1;
}
else {
$V{$key} .= " " if exists $V{$key};
$V{$key} .= $_;
}
}
#print LOG join("\n", map { "$_ = '$V{$_}'" } keys %V), "\n";
# ######################
# Ignore my own comments
$GATEKEEPER="::GATEKEEPER::";
if ($V{comment} =~ /$GATEKEEPER/) {
# print LOG localtime() . "$V{commit}: Ignore $GATEKEEPER comments\n";
exit 0;
}
# ######################
# Forbear to analyse anything already +2'd
$submittable = count_of_relevant_votes('value = 2');
if ($submittable > 0) {
# print LOG "$V{commit} Already +2'd by someone or something.\n";
exit 0;
}
# ######################
# Look for a consensus amongst qualified voters.
$plebicite = count_of_relevant_votes($PLEBIANS);
#if ($V{comment} =~ /TEST:(\d)/) {
# $plebicite=$1;
#}
# ######################
# If there's a quorum, approve and submit.
if ($plebicite >= $QUORUM) {
$and_submitting = ($AUTO_SUBMIT_ON_QUORACY ? " and submitting" : "");
$review = " --code-review=+2 --message=\"$GATEKEEPER approving$and_submitting due to $plebicite total eligible votes\" $AUTO_SUBMIT_ON_QUORACY";
}
else {
$review = " --code-review=0 --message=\"$GATEKEEPER ignoring $plebicite total eligible votes\"";
# print LOG "$V{commit}: $review\n";
exit 0;
}
$response = response($review);
print LOG "RUNNING: $response\n";
$output = qx($response 2>&1 );
if ($output =~ /\S/) {
print LOG "$V{commit}: output from commenting: $output";
$response = response(" --message=\"During \Q$review\E: \Q$output\E\"");
print LOG "WARNING: $response\n";
$output = qx($response 2>&1 );
print LOG "ERROR: $output\n";
}
exit 0;
格里特允许您设置了序言“提交规则”当一个变化是submittable定义。
documentation包括几个例子,包括阻止作者批准他自己的改变的例子。
正如[documentation](https://gerrit-review.googlesource.com/Documentation/prolog-cookbook.html#RulesFile)中提到的那样,'rules.pl'文件应该放在'refs/meta/config'该项目的分支。 – 2016-07-07 06:36:46
The Gerrit Cookbook Example 8并未严格禁止作者审核其自己的更改,但在提交之前需要其他人将其更改为+2。
我刚刚为Gerrit的安装写了这个prolog过滤器。我在父项目中做了一个submit_filter,因为我希望它适用于我们系统中的所有项目。
%filter to require all projects to have a code-reviewer other than the owner
submit_filter(In, Out) :-
%unpack the submit rule into a list of code reviews
In =.. [submit | Ls],
%add the non-owner code review requiremet
reject_self_review(Ls, R),
%pack the list back up and return it (kinda)
Out =.. [submit | R].
reject_self_review(S1, S2) :-
%set O to be the change owner
gerrit:change_owner(O),
%find a +2 code review, if it exists, and set R to be the reviewer
gerrit:commit_label(label('Code-Review', 2), R),
%if there is a +2 review from someone other than the owner, then the filter has no work to do, assign S2 to S1
R \= O, !,
%the cut (!) predicate prevents further rules from being consulted
S2 = S1.
reject_self_review(S1, S2) :-
%set O to be the change owner
gerrit:change_owner(O),
find a +2 code review, if it exists, and set R to be the reviewer
gerrit:commit_label(label('Code-Review', 2), R),
R = O, !,
%if there isn't a +2 from someone else (above rule), and there is a +2 from the owner, reject with a self-reviewed label
S2 = [label('Self-Reviewed', reject(O))|S1].
%if the above two rules didn't make it to the ! predicate, there aren't any +2s so let the default rules through unfiltered
reject_self_review(S1, S1).
此规则在rule #8 from the cookbook的好处(IMO)是:
Self-Reviewed标签中仅示出,而不是添加Non-Author-Code-Review标签每变化reject(O)该规则导致Self-Reviewed标签字面上成为红色标志submit_filter代替submit_rule,这个规则被安装在一个父项目,并适用于所有的子项目请注意:此规则编写,以防止自我审查的变化Owner,而例如从食谱与Author比较。根据您的工作流程,您可能需要用gerrit:commit_author(O)或替换2 gerrit:change_owner(O)谓词或
您可以通过访问选项卡中的GUI来完成。 转到/ refs/heads/section - >在标签代码 - 查看部分添加组'更改所有者' - >选择-1 .. + 1
这将使更改所有者有权给-1 +1
你确定你必须强制吗?程序员是聪明的人,只是把它作为一个规则。在某些角落案例中,审查自己的代码可能很有用(例如,代码已经过审查,但您在提交消息中修复了拼写错误,在这种情况下,其他审阅将会失去时间)。 – 2011-12-05 21:57:47
@TomaszWysocki我只能说,程序员在处理过程中远非聪明。我一直在Gerrit寻找这个功能,因为愚蠢的开发人员。您想要查看您自己的工作的具体示例会打开整个系统,导致错误使用。是否要求另一位同行评论者回顾简单的改变!只需添加我是一名开发人员。 – Tnem 2012-01-13 08:34:03
看到这个答案:[使用块语句](https://stackoverflow.com/questions/11560812/exclude-author-from-gerrit-review/47887713#47887713) – very 2017-12-19 13:09:35