opendev/infra-manual
Code Issues Proposed changes

Update ACL sections with release team policy change

Browse Source 
Official teams are managed by the Release Management team, they
create branches and tags.

Explain how ACLs for these should be setup.

Change-Id: I0dfb14b60ae96f9d1777ce5ce8782e6e94eaaa50
Depends-On: https://review.openstack.org/557737
This commit is contained in:
Andreas Jaeger 2018-04-10 10:14:00 +02:00
parent 2a6440255f
commit 9d897524ff
1 changed files with 31 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
doc/source/creators.rst
View File

@ -319,12 +319,10 @@ Each project should have a gerrit group "<projectname>-core",
containing the normal core group, with permission to containing the normal core group, with permission to
+2 changes. +2 changes.
Libraries for official projects should be configured so the Release management of official projects is handled by the Release
``library-release`` team has tagging rights. Management team through the ``openstack/releases`` repository, the
default settings allow the "``Release Managers``" team to push tags
Other official projects should be configured so that tagging rights and create branches.
use the default settings, allowing the "``Release Managers``" team to
push tags.
For unofficial projects, a second "<projectname>-release" team should For unofficial projects, a second "<projectname>-release" team should
be created and populated with a small group of the primary maintainers be created and populated with a small group of the primary maintainers
@ -388,18 +386,8 @@ should also be set for projects that want to become official.
Creation of Tags Creation of Tags
~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~
For library projects managed by the release team, allow the For unofficial projects, you can allow the project-specific release
``library-release`` team to create tags by adding a new section team to create tags by adding a new section containing:
containing:
.. code-block:: ini
[access "refs/tags/*"]
pushSignedTag = group library-release
For non-library projects, or unofficial projects, you can allow the
project-specific release team to create tags by adding a new section
containing:
.. code-block:: ini .. code-block:: ini
@ -423,8 +411,8 @@ OpenStack infrastructure which fire on tags, will have that tag indefinitely.
Creation of Branches Creation of Branches
~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~
To allow creation of branches to the release team, add a ``create`` For unofficial projects, to allow creation of branches to the release
rule to it the ``refs/heads/*`` section: team, add a ``create`` rule to it the ``refs/heads/*`` section:
.. code-block:: ini .. code-block:: ini
@ -493,9 +481,29 @@ membership without needing to be members of the group themselves.
Extended ACL File Extended ACL File
~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~
So, if your project requires the ICLA signed, has a release team
that will create tags and branches, and allow voting third-party CI So, if your official project requires the ICLA signed and allow voting
systems, create a ``gerrit/acls/openstack/<projectname>.config`` third-party CI systems, create a
``gerrit/acls/openstack/<projectname>.config`` like:
.. code-block:: ini
[access "refs/heads/*"]
abandon = group <projectname>-core
label-Code-Review = -2..+2 group <projectname>-core
label-Verified = -1..+1 group <projectname>-ci
label-Workflow = -1..+1 group <projectname>-core
[receive]
requireChangeId = true
requireContributorAgreement = true
[submit]
mergeContent = true
If your unofficial project requires the ICLA signed, has a release
team that will create tags and branches, and allow voting third-party
CI systems, create a ``gerrit/acls/openstack/<projectname>.config``
like: like:
.. code-block:: ini .. code-block:: ini