We need to prevent accidental deletion of release tags and maint branches. We need to ensure that shared CI runners are enabled on all repos. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
3.4 KiB
Repository infrastructure setup
GitLab Configuration
The GitLab organization hosts the master copy of all the libvirt Git repositories.
When creating a new repository the following changes to the defaults are required under the Settings page:
- General
- Naming, topics, avatar
- Project avatar: upload
docs/logos/logo-square-256.png
- Project avatar: upload
- Visibility, project features, permissions
- Packages: disabled
- Wiki: disabled
- Snippets: disabled
- Merge Requests
- Merge method: Fast-forward merge
- Merge options: Enable 'delete source branch' option by default
- Merge checks: Pipelines must succeed
- Merge request approvals
- Any eligible user: Num approvals required == 1
- Naming, topics, avatar
- Integrations
- Pipelines emails
- Recipients:
libvirt-ci@redhat.com
- Recipients:
- Pipelines emails
- Repository
- Push rules
- Do not allow users to remove git tags with git push: enabled
- Commit message:
Signed-off-by:
- Branch name:
^(master|v.*-maint)$
- Mirroring repositories
- Git repository URL:
https://libvirtmirror@github.com/libvirt/$repo.git
- Mirror direction: push
- Password: see
/root/libvirt-mirror-github-api-token.txt
onlibvirt.org
- Git repository URL:
- Protected branches
- Branch:
master
andv*-maint
- Allowed to merge: Developers + Maintainers
- Allowed to push: None (or Developers + Maintainers if MRs not used)
- Require approval from code owners: disabled
- Branch:
- Protected tags
- Tag:
v*
and any project specific tag formats likeLIBVIRT_*
orCVE*
- Allowed to create: Developers + Maintainers
- Tag:
- Push rules
- CI/CD
- Runners
- Shared runners: Enable shared runners
- Runners
GitHub configuration
The GitHub organization hosts read-only mirrors of all the libvirt Git repositories.
When creating a new repository the following changes to the defaults are required under the Settings page:
- Options
- Features
- Wikis: disabled
- Sponsorships: disabled
- Projects: disabled
- Manage access
- Add the
@committers
team with the role "Write", which grants thelibvirtmirror
user access to sync from GitLab.
- Add the
- Integrations
- Check for Repo Lockdown (should be set automatically for all projects)
- Features
In the master git repository create a file .github/lockdown.yml to restrict use of issue tracker and pull requests.
libvirt.org
The libvirt project server hosts read-only mirrors of all the libvirt Git repositories in the directory /data/git
.
When creating a new repository the following steps are required:
Create repo with :
$ sudo su - # cd /data/git # mkdir $repo.git # cd $repo.git # git init --bare # touch export # touch git-daemon-export-ok # cd .. # chown -R gitmirror.gitmirror $repo.git # chmod -R g+w $repo.git # find -type d $repo.git | xargs chmod g+s
Set the
description
andconfig
files following other repos' exampleSetup mirroring :
$ sudo su - gitmirror # ./newrepo.sh /data/git/$repo.git # cd mirrors # $HOME/sync-one.sh $repo.git