Clean up Gerrit global config documentation
Recent work has concluded adding OpenStack Release Manager permissions explicitly to all openstack/ namespace projects with the addition of inheritance from openstack/meta-config in their individual ACLs. This made the earlier Release Manager permissions in our global configuration redundant, so it's being removed. The cleanup is done by hand due to how global configuration is managed in Gerrit's All-Projects metaproject, but we're updating our documentation to reflect it. While here, clean up obsolete references to API-Projects inheritance and stable/.* branch permissions which we've not applied for some years now. Change-Id: Ib9314f7a1deb3d343eb2d9b476064de41186f57a
This commit is contained in:
Jeremy Stanley
parent
8346b9ac6f
commit
b87e938a13
@ -88,8 +88,6 @@ access to external testing tools for all projects.
|
||||
The `Continuous Integration Tools` group contains Zuul and any
|
||||
other CI tools that get +2/-2 access on reviews.
|
||||
|
||||
The `Release Managers` group is used for release managers.
|
||||
|
||||
|
||||
Users
|
||||
-----
|
||||
@ -201,32 +199,12 @@ High level goals:
|
||||
#. Zuul can perform verification (blocking or approving: +/-2).
|
||||
#. Third Party CI systems can perform informational verification (+/-1).
|
||||
#. All registered users can create changes.
|
||||
#. The OpenStack Release Manager and Zuul can tag releases (push
|
||||
annotated tags).
|
||||
#. Members of $PROJECT-core group can perform full code review
|
||||
(blocking or approving: +/- 2), and submit changes to be merged.
|
||||
#. Members of Release Managers (Release Manager and delegates), and
|
||||
$PROJECT-milestone (PTL and release minded people) exclusively can
|
||||
perform full code review (blocking or approving: +/- 2), and submit
|
||||
changes to be merged on pre-release stable/* branches.
|
||||
#. Members of Release Managers can create and remove stable
|
||||
branches, tag stable branches for EOL and abandon changes on EOL
|
||||
branches.
|
||||
#. Full code review (+/- 2) of API projects (documentation of the API,
|
||||
not implementation of the API) should be available to the -core
|
||||
group of the corresponding implementation project as well as to the
|
||||
OpenStack Documentation Coordinators.
|
||||
#. Full code review of stable branches should be available to the
|
||||
-stable-maint group of the project.
|
||||
#. Drivers (PTL and delegates) of client library projects should be
|
||||
able to add tags (which are automatically used to trigger
|
||||
releases).
|
||||
|
||||
To manage API project permissions collectively across projects, API
|
||||
projects are reparented to the "API-Projects" meta-project instead of
|
||||
"All-Projects". This causes them to inherit permissions from the
|
||||
API-Projects project (which, in turn, inherits from All-Projects).
|
||||
|
||||
The global Gerrit permissions set out the high level goals (and
|
||||
manage-projects can then override this on a per project basis as
|
||||
needed). To setup the global permissions, first create the groups
|
||||
@ -266,7 +244,6 @@ Next, edit `project.config` to look like::
|
||||
|
||||
[access "refs/*"]
|
||||
create = group Project Bootstrappers
|
||||
create = group Release Managers
|
||||
forgeAuthor = group Registered Users
|
||||
forgeCommitter = group Project Bootstrappers
|
||||
push = +force group Project Bootstrappers
|
||||
@ -274,10 +251,8 @@ Next, edit `project.config` to look like::
|
||||
pushSignedTag = group Project Bootstrappers
|
||||
pushTag = group Continuous Integration Tools
|
||||
pushTag = group Project Bootstrappers
|
||||
pushTag = group Release Managers
|
||||
read = group Anonymous Users
|
||||
editTopicName = group Registered Users
|
||||
abandon = group Release Managers
|
||||
|
||||
[access "refs/drafts/*"]
|
||||
push = block group Registered Users
|
||||
|
||||
Loading…
Reference in New Issue
Block a user