libvirt/docs/newreposetup.rst
Daniel P. Berrangé 0792570549 docs: document protected branches and tags
We need to prevent accidental deletion of release tags and maint
branches.

We need to ensure that shared CI runners are enabled on all repos.

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-05-07 12:17:43 +01:00

3.4 KiB

Repository infrastructure setup

GitLab Configuration

The GitLab organization hosts the master copy of all the libvirt Git repositories.

When creating a new repository the following changes to the defaults are required under the Settings page:

  • General
    • Naming, topics, avatar
      • Project avatar: upload docs/logos/logo-square-256.png
    • Visibility, project features, permissions
      • Packages: disabled
      • Wiki: disabled
      • Snippets: disabled
    • Merge Requests
      • Merge method: Fast-forward merge
      • Merge options: Enable 'delete source branch' option by default
      • Merge checks: Pipelines must succeed
    • Merge request approvals
      • Any eligible user: Num approvals required == 1
  • Integrations
    • Pipelines emails
      • Recipients: libvirt-ci@redhat.com
  • Repository
    • Push rules
      • Do not allow users to remove git tags with git push: enabled
      • Commit message: Signed-off-by:
      • Branch name: ^(master|v.*-maint)$
    • Mirroring repositories
      • Git repository URL: https://libvirtmirror@github.com/libvirt/$repo.git
      • Mirror direction: push
      • Password: see /root/libvirt-mirror-github-api-token.txt on libvirt.org
    • Protected branches
      • Branch: master and v*-maint
      • Allowed to merge: Developers + Maintainers
      • Allowed to push: None (or Developers + Maintainers if MRs not used)
      • Require approval from code owners: disabled
    • Protected tags
      • Tag: v* and any project specific tag formats like LIBVIRT_* or CVE*
      • Allowed to create: Developers + Maintainers
  • CI/CD
    • Runners
      • Shared runners: Enable shared runners

GitHub configuration

The GitHub organization hosts read-only mirrors of all the libvirt Git repositories.

When creating a new repository the following changes to the defaults are required under the Settings page:

  • Options
    • Features
      • Wikis: disabled
      • Sponsorships: disabled
      • Projects: disabled
    • Manage access
      • Add the @committers team with the role "Write", which grants the libvirtmirror user access to sync from GitLab.
    • Integrations
      • Check for Repo Lockdown (should be set automatically for all projects)

In the master git repository create a file .github/lockdown.yml to restrict use of issue tracker and pull requests.

libvirt.org

The libvirt project server hosts read-only mirrors of all the libvirt Git repositories in the directory /data/git.

When creating a new repository the following steps are required:

  • Create repo with :

    $ sudo su -
    # cd /data/git
    # mkdir $repo.git
    # cd $repo.git
    # git init --bare
    # touch export
    # touch git-daemon-export-ok
    # cd ..
    # chown -R gitmirror.gitmirror $repo.git
    # chmod -R g+w $repo.git
    # find -type d $repo.git | xargs chmod g+s
  • Set the description and config files following other repos' example

  • Setup mirroring :

    $ sudo su - gitmirror
    # ./newrepo.sh /data/git/$repo.git
    # cd mirrors
    # $HOME/sync-one.sh $repo.git