James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 1 | :title: Gerrit Driver |
| 2 | |
| 3 | Gerrit |
| 4 | ====== |
| 5 | |
| 6 | `Gerrit`_ is a code review system. The Gerrit driver supports |
| 7 | sources, triggers, and reporters. |
| 8 | |
| 9 | .. _Gerrit: https://www.gerritcodereview.com/ |
| 10 | |
| 11 | Zuul will need access to a Gerrit user. |
| 12 | |
| 13 | Create an SSH keypair for Zuul to use if there isn't one already, and |
| 14 | create a Gerrit user with that key:: |
| 15 | |
| 16 | cat ~/id_rsa.pub | ssh -p29418 review.example.com gerrit create-account --ssh-key - --full-name Zuul zuul |
| 17 | |
| 18 | Give that user whatever permissions will be needed on the projects you |
| 19 | want Zuul to report on. For instance, you may want to grant |
| 20 | ``Verified +/-1`` and ``Submit`` to the user. Additional categories |
| 21 | or values may be added to Gerrit. Zuul is very flexible and can take |
| 22 | advantage of those. |
| 23 | |
| 24 | Connection Configuration |
| 25 | ------------------------ |
| 26 | |
James E. Blair | d23f45d | 2017-08-03 16:37:13 -0700 | [diff] [blame^] | 27 | The supported options in ``zuul.conf`` connections are: |
James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 28 | |
James E. Blair | d23f45d | 2017-08-03 16:37:13 -0700 | [diff] [blame^] | 29 | .. attr:: <gerrit connection> |
James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 30 | |
James E. Blair | d23f45d | 2017-08-03 16:37:13 -0700 | [diff] [blame^] | 31 | .. attr:: driver |
| 32 | :required: |
James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 33 | |
James E. Blair | d23f45d | 2017-08-03 16:37:13 -0700 | [diff] [blame^] | 34 | .. value:: gerrit |
James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 35 | |
James E. Blair | d23f45d | 2017-08-03 16:37:13 -0700 | [diff] [blame^] | 36 | The connection must set ``driver=gerrit`` for Gerrit connections. |
James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 37 | |
James E. Blair | d23f45d | 2017-08-03 16:37:13 -0700 | [diff] [blame^] | 38 | .. attr:: server |
James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 39 | |
James E. Blair | d23f45d | 2017-08-03 16:37:13 -0700 | [diff] [blame^] | 40 | Fully qualified domain name of Gerrit server. |
James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 41 | |
James E. Blair | d23f45d | 2017-08-03 16:37:13 -0700 | [diff] [blame^] | 42 | .. attr:: canonical_hostname |
James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 43 | |
James E. Blair | d23f45d | 2017-08-03 16:37:13 -0700 | [diff] [blame^] | 44 | The canonical hostname associated with the git repos on the |
| 45 | Gerrit server. Defaults to the value of |
| 46 | :attr:`<gerrit connection>.server`. This is used to identify |
| 47 | projects from this connection by name and in preparing repos on |
| 48 | the filesystem for use by jobs. Note that Zuul will still only |
| 49 | communicate with the Gerrit server identified by ``server``; |
| 50 | this option is useful if users customarily use a different |
| 51 | hostname to clone or pull git repos so that when Zuul places |
| 52 | them in the job's working directory, they appear under this |
| 53 | directory name. |
| 54 | |
| 55 | .. attr:: port |
| 56 | :default: 29418 |
| 57 | |
| 58 | Gerrit server port. |
| 59 | |
| 60 | .. attr:: baseurl |
| 61 | |
| 62 | Path to Gerrit web interface. |
| 63 | |
| 64 | .. attr:: user |
| 65 | :default: zuul |
| 66 | |
| 67 | User name to use when logging into Gerrit via ssh. |
| 68 | |
| 69 | .. attr:: sshkey |
| 70 | :default: ~zuul/.ssh/id_rsa |
| 71 | |
| 72 | Path to SSH key to use when logging into Gerrit. |
| 73 | |
| 74 | .. attr:: keepalive |
| 75 | :default: 60 |
| 76 | |
| 77 | SSH connection keepalive timeout; ``0`` disables. |
James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 78 | |
| 79 | Trigger Configuration |
| 80 | --------------------- |
| 81 | |
| 82 | Zuul works with standard versions of Gerrit by invoking the ``gerrit |
| 83 | stream-events`` command over an SSH connection. It also reports back |
| 84 | to Gerrit using SSH. |
| 85 | |
| 86 | If using Gerrit 2.7 or later, make sure the user is a member of a group |
| 87 | that is granted the ``Stream Events`` permission, otherwise it will not |
| 88 | be able to invoke the ``gerrit stream-events`` command over SSH. |
| 89 | |
James E. Blair | d23f45d | 2017-08-03 16:37:13 -0700 | [diff] [blame^] | 90 | .. attr:: pipeline.trigger.<gerrit source> |
James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 91 | |
James E. Blair | d23f45d | 2017-08-03 16:37:13 -0700 | [diff] [blame^] | 92 | The dictionary passed to the Gerrit pipeline `trigger` attribute |
| 93 | supports the following attributes: |
James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 94 | |
James E. Blair | d23f45d | 2017-08-03 16:37:13 -0700 | [diff] [blame^] | 95 | .. attr:: event |
| 96 | :required: |
James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 97 | |
James E. Blair | d23f45d | 2017-08-03 16:37:13 -0700 | [diff] [blame^] | 98 | The event name from gerrit. Examples: ``patchset-created``, |
| 99 | ``comment-added``, ``ref-updated``. This field is treated as a |
| 100 | regular expression. |
James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 101 | |
James E. Blair | d23f45d | 2017-08-03 16:37:13 -0700 | [diff] [blame^] | 102 | .. attr:: branch |
James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 103 | |
James E. Blair | d23f45d | 2017-08-03 16:37:13 -0700 | [diff] [blame^] | 104 | The branch associated with the event. Example: ``master``. |
| 105 | This field is treated as a regular expression, and multiple |
| 106 | branches may be listed. |
James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 107 | |
James E. Blair | d23f45d | 2017-08-03 16:37:13 -0700 | [diff] [blame^] | 108 | .. attr:: ref |
James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 109 | |
James E. Blair | d23f45d | 2017-08-03 16:37:13 -0700 | [diff] [blame^] | 110 | On ref-updated events, the branch parameter is not used, instead |
| 111 | the ref is provided. Currently Gerrit has the somewhat |
| 112 | idiosyncratic behavior of specifying bare refs for branch names |
| 113 | (e.g., ``master``), but full ref names for other kinds of refs |
| 114 | (e.g., ``refs/tags/foo``). Zuul matches this value exactly |
| 115 | against what Gerrit provides. This field is treated as a |
| 116 | regular expression, and multiple refs may be listed. |
James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 117 | |
James E. Blair | d23f45d | 2017-08-03 16:37:13 -0700 | [diff] [blame^] | 118 | .. attr:: ignore-deletes |
| 119 | :default: true |
James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 120 | |
James E. Blair | d23f45d | 2017-08-03 16:37:13 -0700 | [diff] [blame^] | 121 | When a branch is deleted, a ref-updated event is emitted with a |
| 122 | newrev of all zeros specified. The ``ignore-deletes`` field is a |
| 123 | boolean value that describes whether or not these newrevs |
| 124 | trigger ref-updated events. |
James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 125 | |
James E. Blair | d23f45d | 2017-08-03 16:37:13 -0700 | [diff] [blame^] | 126 | .. attr:: approval |
James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 127 | |
James E. Blair | d23f45d | 2017-08-03 16:37:13 -0700 | [diff] [blame^] | 128 | This is only used for ``comment-added`` events. It only matches |
| 129 | if the event has a matching approval associated with it. |
| 130 | Example: ``Code-Review: 2`` matches a ``+2`` vote on the code |
| 131 | review category. Multiple approvals may be listed. |
James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 132 | |
James E. Blair | d23f45d | 2017-08-03 16:37:13 -0700 | [diff] [blame^] | 133 | .. attr:: email |
James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 134 | |
James E. Blair | d23f45d | 2017-08-03 16:37:13 -0700 | [diff] [blame^] | 135 | This is used for any event. It takes a regex applied on the |
| 136 | performer email, i.e. Gerrit account email address. If you want |
| 137 | to specify several email filters, you must use a YAML list. |
| 138 | Make sure to use non greedy matchers and to escapes dots! |
| 139 | Example: ``email: ^.*?@example\.org$``. |
| 140 | |
| 141 | .. attr:: username |
| 142 | |
| 143 | This is used for any event. It takes a regex applied on the |
| 144 | performer username, i.e. Gerrit account name. If you want to |
| 145 | specify several username filters, you must use a YAML list. |
| 146 | Make sure to use non greedy matchers and to escapes dots. |
| 147 | Example: ``username: ^zuul$``. |
| 148 | |
| 149 | .. attr:: comment |
| 150 | |
| 151 | This is only used for ``comment-added`` events. It accepts a |
| 152 | list of regexes that are searched for in the comment string. If |
| 153 | any of these regexes matches a portion of the comment string the |
| 154 | trigger is matched. ``comment: retrigger`` will match when |
| 155 | comments containing ``retrigger`` somewhere in the comment text |
| 156 | are added to a change. |
| 157 | |
| 158 | .. attr:: require-approval |
| 159 | |
| 160 | This may be used for any event. It requires that a certain kind |
| 161 | of approval be present for the current patchset of the change |
| 162 | (the approval could be added by the event in question). It |
| 163 | follows the same syntax as :attr:`pipeline.require.<gerrit |
| 164 | source>.approval`. For each specified criteria there must exist |
| 165 | a matching approval. |
| 166 | |
| 167 | .. attr:: reject-approval |
| 168 | |
| 169 | This takes a list of approvals in the same format as |
| 170 | :attr:`pipeline.trigger.<gerrit source>.require-approval` but |
| 171 | will fail to enter the pipeline if there is a matching approval. |
James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 172 | |
| 173 | Reporter Configuration |
| 174 | ---------------------- |
| 175 | |
| 176 | Zuul works with standard versions of Gerrit by invoking the |
| 177 | ``gerrit`` command over an SSH connection. It reports back to |
| 178 | Gerrit using SSH. |
| 179 | |
| 180 | The dictionary passed to the Gerrit reporter is used for ``gerrit |
| 181 | review`` arguments, with the boolean value of ``true`` simply |
| 182 | indicating that the argument should be present without following it |
| 183 | with a value. For example, ``verified: 1`` becomes ``gerrit review |
| 184 | --verified 1`` and ``submit: true`` becomes ``gerrit review |
| 185 | --submit``. |
| 186 | |
| 187 | A :ref:`connection<connections>` that uses the gerrit driver must be |
| 188 | supplied to the trigger. |
James E. Blair | d134c6d | 2017-07-26 16:09:34 -0700 | [diff] [blame] | 189 | |
| 190 | Requirements Configuration |
| 191 | -------------------------- |
| 192 | |
James E. Blair | 32c5248 | 2017-07-29 07:49:03 -0700 | [diff] [blame] | 193 | As described in :attr:`pipeline.require` and :attr:`pipeline.reject`, |
| 194 | pipelines may specify that items meet certain conditions in order to |
| 195 | be enqueued into the pipeline. These conditions vary according to the |
| 196 | source of the project in question. To supply requirements for changes |
James E. Blair | d23f45d | 2017-08-03 16:37:13 -0700 | [diff] [blame^] | 197 | from a Gerrit source named ``my-gerrit``, create a configuration such |
| 198 | as the following: |
James E. Blair | d134c6d | 2017-07-26 16:09:34 -0700 | [diff] [blame] | 199 | |
James E. Blair | d23f45d | 2017-08-03 16:37:13 -0700 | [diff] [blame^] | 200 | .. code-block:: yaml |
| 201 | |
| 202 | pipeline: |
| 203 | require: |
| 204 | my-gerrit: |
| 205 | approval: |
| 206 | - Code-Review: 2 |
James E. Blair | d134c6d | 2017-07-26 16:09:34 -0700 | [diff] [blame] | 207 | |
| 208 | This indicates that changes originating from the Gerrit connection |
James E. Blair | d23f45d | 2017-08-03 16:37:13 -0700 | [diff] [blame^] | 209 | named ``my-gerrit`` must have a ``Code-Review`` vote of ``+2`` in |
| 210 | order to be enqueued into the pipeline. |
James E. Blair | d134c6d | 2017-07-26 16:09:34 -0700 | [diff] [blame] | 211 | |
James E. Blair | 9437591 | 2017-07-28 17:20:27 -0700 | [diff] [blame] | 212 | .. attr:: pipeline.require.<gerrit source> |
James E. Blair | d134c6d | 2017-07-26 16:09:34 -0700 | [diff] [blame] | 213 | |
| 214 | The dictionary passed to the Gerrit pipeline `require` attribute |
| 215 | supports the following attributes: |
| 216 | |
James E. Blair | 9437591 | 2017-07-28 17:20:27 -0700 | [diff] [blame] | 217 | .. attr:: approval |
James E. Blair | d134c6d | 2017-07-26 16:09:34 -0700 | [diff] [blame] | 218 | |
| 219 | This requires that a certain kind of approval be present for the |
| 220 | current patchset of the change (the approval could be added by |
| 221 | the event in question). It takes several sub-parameters, all of |
| 222 | which are optional and are combined together so that there must |
| 223 | be an approval matching all specified requirements. |
| 224 | |
James E. Blair | 9437591 | 2017-07-28 17:20:27 -0700 | [diff] [blame] | 225 | .. attr:: username |
James E. Blair | d134c6d | 2017-07-26 16:09:34 -0700 | [diff] [blame] | 226 | |
| 227 | If present, an approval from this username is required. It is |
| 228 | treated as a regular expression. |
| 229 | |
James E. Blair | 9437591 | 2017-07-28 17:20:27 -0700 | [diff] [blame] | 230 | .. attr:: email |
James E. Blair | d134c6d | 2017-07-26 16:09:34 -0700 | [diff] [blame] | 231 | |
| 232 | If present, an approval with this email address is required. It is |
| 233 | treated as a regular expression. |
| 234 | |
James E. Blair | 9437591 | 2017-07-28 17:20:27 -0700 | [diff] [blame] | 235 | .. attr:: older-than |
James E. Blair | d134c6d | 2017-07-26 16:09:34 -0700 | [diff] [blame] | 236 | |
| 237 | If present, the approval must be older than this amount of time |
| 238 | to match. Provide a time interval as a number with a suffix of |
| 239 | "w" (weeks), "d" (days), "h" (hours), "m" (minutes), "s" |
| 240 | (seconds). Example ``48h`` or ``2d``. |
| 241 | |
James E. Blair | 9437591 | 2017-07-28 17:20:27 -0700 | [diff] [blame] | 242 | .. attr:: newer-than |
James E. Blair | d134c6d | 2017-07-26 16:09:34 -0700 | [diff] [blame] | 243 | |
| 244 | If present, the approval must be newer than this amount |
| 245 | of time to match. Same format as "older-than". |
| 246 | |
| 247 | Any other field is interpreted as a review category and value |
| 248 | pair. For example ``Verified: 1`` would require that the |
| 249 | approval be for a +1 vote in the "Verified" column. The value |
| 250 | may either be a single value or a list: ``Verified: [1, 2]`` |
| 251 | would match either a +1 or +2 vote. |
| 252 | |
James E. Blair | 9437591 | 2017-07-28 17:20:27 -0700 | [diff] [blame] | 253 | .. attr:: open |
James E. Blair | d134c6d | 2017-07-26 16:09:34 -0700 | [diff] [blame] | 254 | |
| 255 | A boolean value (``true`` or ``false``) that indicates whether |
| 256 | the change must be open or closed in order to be enqueued. |
| 257 | |
James E. Blair | 9437591 | 2017-07-28 17:20:27 -0700 | [diff] [blame] | 258 | .. attr:: current-patchset |
James E. Blair | d134c6d | 2017-07-26 16:09:34 -0700 | [diff] [blame] | 259 | |
| 260 | A boolean value (``true`` or ``false``) that indicates whether the |
| 261 | change must be the current patchset in order to be enqueued. |
| 262 | |
James E. Blair | 9437591 | 2017-07-28 17:20:27 -0700 | [diff] [blame] | 263 | .. attr:: status |
James E. Blair | d134c6d | 2017-07-26 16:09:34 -0700 | [diff] [blame] | 264 | |
| 265 | A string value that corresponds with the status of the change |
| 266 | reported by the trigger. |
| 267 | |
James E. Blair | 9437591 | 2017-07-28 17:20:27 -0700 | [diff] [blame] | 268 | .. attr:: pipeline.reject.<gerrit source> |
James E. Blair | d134c6d | 2017-07-26 16:09:34 -0700 | [diff] [blame] | 269 | |
| 270 | The `reject` attribute is the mirror of the `require` attribute. It |
| 271 | also accepts a dictionary under the connection name. This |
| 272 | dictionary supports the following attributes: |
| 273 | |
James E. Blair | 9437591 | 2017-07-28 17:20:27 -0700 | [diff] [blame] | 274 | .. attr:: approval |
James E. Blair | d134c6d | 2017-07-26 16:09:34 -0700 | [diff] [blame] | 275 | |
| 276 | This takes a list of approvals. If an approval matches the |
| 277 | provided criteria the change can not be entered into the |
James E. Blair | 91fe483 | 2017-07-28 17:28:26 -0700 | [diff] [blame] | 278 | pipeline. It follows the same syntax as |
| 279 | :attr:`pipeline.require.<gerrit source>.approval`. |
James E. Blair | d134c6d | 2017-07-26 16:09:34 -0700 | [diff] [blame] | 280 | |
James E. Blair | d23f45d | 2017-08-03 16:37:13 -0700 | [diff] [blame^] | 281 | Example to reject a change with any negative vote: |
James E. Blair | d134c6d | 2017-07-26 16:09:34 -0700 | [diff] [blame] | 282 | |
James E. Blair | d23f45d | 2017-08-03 16:37:13 -0700 | [diff] [blame^] | 283 | .. code-block:: yaml |
| 284 | |
| 285 | reject: |
| 286 | my-gerrit: |
| 287 | approval: |
| 288 | - Code-Review: [-1, -2] |