summaryrefslogtreecommitdiff
path: root/baserock_gerrit/All-Projects/project.config
diff options
context:
space:
mode:
Diffstat (limited to 'baserock_gerrit/All-Projects/project.config')
-rw-r--r--baserock_gerrit/All-Projects/project.config105
1 files changed, 105 insertions, 0 deletions
diff --git a/baserock_gerrit/All-Projects/project.config b/baserock_gerrit/All-Projects/project.config
new file mode 100644
index 00000000..0b16b280
--- /dev/null
+++ b/baserock_gerrit/All-Projects/project.config
@@ -0,0 +1,105 @@
+# Top-level access controls for projects on Baserock Gerrit.
+
+# These can be overridden by a project's own project.config file. They are also
+# overridden by the config of a project's parent repo, if it is set to something
+# other than the default parent project 'All-Projects'.
+
+# Useful references:
+#
+# https://gerrit-documentation.storage.googleapis.com/Documentation/2.11/access-control.html
+# https://git.openstack.org/cgit/openstack-infra/system-config/tree/doc/source/gerrit.rst
+
+[project]
+ description = Access inherited by all other projects.
+
+[receive]
+ requireContributorAgreement = false
+ requireSignedOffBy = false
+ requireChangeId = true
+
+[submit]
+ mergeContent = true
+
+[capability]
+ administrateServer = group Administrators
+ priority = batch group Non-Interactive Users
+ streamEvents = group Non-Interactive Users
+
+ createProject = group Mirroring Tools
+
+# Everyone can read everything.
+[access "refs/*"]
+ read = group Administrators
+ read = group Anonymous Users
+
+
+# Developers can propose changes. All 'Registered Users' are 'Developers'.
+[access "refs/for/refs/*"]
+ push = group Developers
+ pushMerge = group Developers
+
+
+[access "refs/heads/*"]
+ forgeAuthor = group Developers
+ rebase = group Developers
+ label-Code-Review = -2..+2 group Mergers
+ submit = group Mergers
+ label-Code-Review = -1..+1 group Reviewers
+# label-Verified = -1..+1 group Testers
+
+ create = group Administrators
+ forgeCommitter = group Administrators
+ push = group Administrators
+ create = group Project Owners
+ forgeCommitter = group Project Owners
+ push = group Project Owners
+
+ create = group Mirroring Tools
+ forgeAuthor = group Mirroring Tools
+ forgeCommitter = group Mirroring Tools
+ push = +force group Mirroring Tools
+
+[access "refs/tags/*"]
+ pushTag = group Release Team
+ pushSignedTag = group Release Team
+
+ pushTag = group Administrators
+ pushSignedTag = group Administrators
+ pushTag = group Project Owners
+ pushSignedTag = group Project Owners
+
+ create = group Mirroring Tools
+ forgeAuthor = group Mirroring Tools
+ forgeCommitter = group Mirroring Tools
+ push = +force group Mirroring Tools
+ pushTag = +force group Mirroring Tools
+ pushSignedTag = +force group Mirroring Tools
+
+
+# Changing project configuration is allowed for Administrators only. (In theory
+# anyone who owns a project can change its permissions, but right now all
+# projects should be owned by the Administrators group).
+[access "refs/meta/config"]
+ exclusiveGroupPermissions = read
+
+ read = group Administrators
+ push = group Administrators
+ read = group Project Owners
+ push = group Project Owners
+
+[label "Code-Review"]
+ function = MaxWithBlock
+ copyMinScore = true
+ value = -2 Do not merge
+ value = -1 This patch needs further work before it can be merged
+ value = 0 No score
+ value = +1 Looks good to me, but someone else must approve
+ value = +2 Looks good to me, approved
+
+# Disabled for now, because there is no automated test tool hooked up to our
+# Gerrit yet.
+#[label "Verified"]
+# function = MaxWithBlock
+# value = -1 Failed
+# value = 0 No score
+# value = +1 Verified
View Lorry Controller Status