Google Gerrit
By - scmGalaxy.com
About Me !
What is Gerrit
- Web based code review tool
- Repository management for Git
- Workflow management
- Integrated access control
- Extend using server side plugins
More
- 100% pure Java SSH and HTTP Git backend
- Powered by JGit
- GWT Web-view administration
- Users and Groups
- Project and branch security
- Git repository browsing
- Git repository replication engine
- Code collaboration and review
- Code validation through Jenkins Triggers
Specifications
- Apache 2.0
- 93 included dependencies (Mostly Apache2.0, BSD, MPL1.1., EPL)
- Latest release 2.11.5
- 9 years old
Code Review
- Web based review
- Read code. Comment on code. Make better code
Repository Mgmt
- Fine Grained ACLs
- Repository and branch level access controls.
- SSH, HTTP
Workflow Mgmt
Acsess Mgmt
Empowered with Plugins
Gerrit Code Review can be extended and further customized by installing server-side plugins.
How to Install Gerrit
- WAR file (Tomcat, Jetty etc)
- Self contained daemon (with embedded Jetty)
Pre-requisite
- JDK 1.7
- Database (MySql, PostgreSQL, Embedded H2)
Download Gerrit
- Current and past binary releases of Gerrit can be obtained from the Gerrit Releases site.
- https://gerrit-releases.storage.googleapis.com/index.html
Database Setup
- If you choose H2, Gerrit will automatically set up the embedded H2 database as backend so no set up or configuration is necessary.
MySQL
Installation support
- Database Support
- For accounts, groups, metadata in database
- PostgreSQL, MySQL, or embedded H2
- Directory Support
- OpenID authentication (google, yahoo etc)
- LDAP (Users and Groups)
- HTTP
- Embedded Jetty
- Deployment of WAR to Tomcat, Jetty, etc.
- SSH
- Embedded pure java SSH daemon on port 29418 (configurable)
Workflow
- Central git repository for entire team
- Code review are at commit level
- 5 New commits, 5 new reviews
- Search the dashboards show relevant review spanning repositories
Workflow cont..
- git clone url
- git commit -m"this is fix"
- git push origin HEAD:refs/for/master
Gerrit: high level workflow
Cool, isn't it ?
- Gerrit allow "automatic" topic-branches
- Triggers with Jenkins branch validation
- Enforce collective code-ownership
- People "interacts" with the code changes
- Discussion on style and architecture
- Democratic voting (+1 / -1)
- Project history
- Reason behind changes is recorded in code-review
See Gerrit "live" in action
1 . Create a User for host the Gerrit Service
- $ sudo adduser gerrit2
- $ sudo su gerrit2
2. Set-up
- Option-A: download and install
- Download from http://code.google.com/p/gerrit/downloads/list
- Gerrit install wizard:
java -jar gerrit-2.2.2.1.war init -d ~/gerrit - Run Gerrit:
~/gerrit/bin/gerrit.sh start - Option-B: Gerrit as hosted service
- Assembla.com (free for OpenSource projects)
- GitEnterprise.com (free up to 10 users)
- Gerrit Config - $site_path/etc/gerrit.config
3. Add SSH keys
- Option-A: not easy ☹
- -
- Option-B: use the provider user registration
- Assembla:
https://www.assembla.com/signup - GitEnterprise:
https://gitent-scm.com/signup
3. Talk to Gerrit via SSH
- Gerrit SSH console
- Listen at 29418 port
- Not a real SSH server (just Gerrit listening)
4. Create a Gerrit project
- Gerrit Project is:
- Git repository (use "path notation" to organise projects)
- Access permissions
- Code-review and change-sets
- Option-A: use Gerrit SSH command $ ssh -p 29418 lmilanesio@localhost gerrit create-project lmit/33degree
- Option-B: user the provider-specific page
- Assembla: N/A (only 1 project associated to your "space")
- GitEnterprise: https://gitent-scm.com/newrepo
5. Clone repo from Gerrit
- Git SSH repository URL is: ssh://<user>@<host>:29418/<Gerrit project>.git
- Gerrit supports HTTP or HTTP/S repository URL: http://<Gerrit URL>/p/<Gerrit project>.git
machine <hostname> login <username> password <password>
6. Gerrit Change-Id
- SHA-1 GUID of a change-set under review
- MUST be last line of commit msg
Now all Git commit will auto-generate a Change-Id !
7. Submit a change for review
- Change for review committed locally
- Push to refs/for/<branch> for submitting local Git changes for review on <branch>
8. Verify change against CI
9. Additional patch-set to Change-Id
- Fix the problem locally
- Amend the commit (same Change-Id)
- Push again to refs/for/
for adding one extra change-set
10. Change-Id is validated against CI
11. Review and comment changes
12. Review merge and submit change
- One or more reviewers can "vote" for the change
- Authorised users can then "Submit" the change.
- Change is automatically merged to master
13. Master build is triggered ... SUCCESS !!
... is just about code-review then ?
Credits and resources
- Many thanks to
Shawn Pearce, father of Gerrit
Its contributors and Google Inc. - Google Gerrit code-review http://code.google.com/p/gerrit/
- Assembla Gerrit http://review.assembla.com
- GitEnterprise http://review.gitent-scm.com
@gitenterprise
Slides available at http://www.slideshare.net/lucamilanesio Follow me: @lucamilanesio
Gerrit: just code-review then ?
- Git Security - Groups
- Define different "roles" in the project
- System groups
- Anonymous users: use for public projects
- Registered Users: all users
- Administrators: to administer Gerrit
- Project Owners: to administer projects
- Non-interactive Users: for CI or batch operations
- Groups can be hierarchical (groups of groups)
Define groups and members
Putting all together with projects
- Git Security: rights to projects
- Define access rights to Git operations
- Control the Gerrit identity vs Git author / committer
- Delegate project administration
- Assign code-review voting range rights
- Define who can submit and merge changes
- Organise project rights hirarchically
Define project access rights per refspec
Assign access rights to Groups
BACKUP
... and Gerrit replication
Gerrit UI
