Jeepyb is a collection of tools which make managing Gerrit easier. Specifically, management of Gerrit projects and their associated upstream integration with things like Github and Launchpad.
At a Glance¶
Gerrit Project Configuration¶
manage-projects command in Jeepyb is able to create a new
project in Gerrit, create the new project on Github, create a local
git replica on the Gerrit host, configure the project Access Controls,
and create new groups in Gerrit.
The global configuration data needed for
manage-projects to know how to
connect to things or how to operate is in
[projects] homepage=http://example.org gerrit-host=review.example.org gerrit-user=example-project-creator gerrit-key=/home/gerrit2/.ssh/example_project_id_rsa github-config=/etc/github/github-projects.secure.config has-wiki=False has-issues=False has-pull-requests=False has-downloads=False
OpenStack Gerrit projects are configured in the
project-config: gerrit/projects.yaml. file. When this file is updated,
manage-projects is run automatically.
- project: example/gerrit description: Fork of Gerrit used by Example remote: https://gerrit.googlesource.com/gerrit - project: example/project1 description: Best project ever. has-wiki: True acl-config: /path/to/acl/file
The above config gives puppet and its related scripts enough
information to create new projects, but not enough to add access
controls to each project. To add access control you need to have an
acl-config option for the project in
option should have a value that is a path to the
for that project.
That is the high level view of how we can configure projects using the puppet repository. To create an actual change that does all of this for a single project you will want to do the following:
gerrit/acls/organization/project-name.configfile to the
project-configrepo. The contents will probably end up looking like the block below (note that the sections are in alphabetical order):
[access "refs/heads/*"] label-Code-Review = -2..+2 group project-name-core label-Workflow = -1..+1 group project-name-core [receive] requireChangeId = true requireContributorAgreement = true [submit] mergeContent = true
Add a project entry for the project in
- project: organization/project-name acl-config: /home/gerrit2/acls/organization/project-name.config
If there is an existing repo that is being replaced by this new project you can set the upstream value for the project. When an upstream is set, that upstream will be cloned and pushed into Gerrit instead of an empty repository. e.g.:
- project: organization/project-name acl-config: /home/gerrit2/acls/organization/project-name.config upstream: git://github.com/awesumsauce/project-name.git
That is all you need to do. Push the change to gerrit and if necessary
modify group membership for the groups you configured in the
project.config through Launchpad.
Launchpad Bug Integration¶
update-bug Jeepyb command is installed as a Gerrit commit hook
so that it runs each time a patchset is created. It updates Launchpad
bugs based on information that it finds in the commit message. It
also contains a manual mapping of Gerrit to Launchpad project names
for projects that use a different Launchpad project for their bugs.
Launchpad Blueprint Integration¶
update-blueprint Jeepyb command is installed as a Gerrit
commit hook so that it runs each time a patchset is created. It
updates Launchpad blueprints based on information that it finds in the
Trivial Rebase Hook¶
trivial-rebase commit hook runs when new patchsets are
uploaded and detects whether the new patchset is merely a rebase onto
a new parent, or is a substantial change. If it is a rebase, it
restores previous review votes and leaves a comment in Gerrit. It
uses Gerrit’s own SSH host key as the private key for access in order
to gain the “superuser” permissions needed to impersonate other users
Closing Github Pull Requests¶
close-pull-requests Jeepyb command is installed as a cron job
and periodically closes all pull requests for projects so configured
This ensures that project metadata is set up as defined in projects.yaml.
openstackwatch command publishes RSS feeds of Gerrit
run-mirror command builds a full Pypi mirror for a project or
set of projects by reading a requirements.txt file, installing all
listed dependencies into a virtualenv, inspecting the resulting
installed package set, and then downloading all of the second-level
(and further) dependencies. Essentially, the mirror is built by
introspection and contains the full set of dependencies needed whether
they are explicitly listed or not.
Jeepyb needs to run with the same ssh key registered with gerrit and github (and any other ssh services it may be pointed at). Be sure to add your public key when creating accounts.