Gerrit - how to disallow direct push to "master" but allow to other branches
I want to set up configuration described below:
Registered user can not push his changes directly to master. He has to push these changes for review:
git push origin master- it should be rejected by Gerrit (origin = Gerrit)git push origin HEAD:refs/for/master- it should be allowed by GerritRegistered user can create a new branch. This branch will be treated as a backup and a way of cooperation between two or more developers so it shouldn't be reviewed.
git push origin xyz_abc- it should be allowed by Gerrit
How should I configure Gerrit to achieve such functionality ?
Answer
There are no good instructions anywhere, so thought I'd document the steps here.
1. Navigate to your project's Access page
Projects > List > your_project > Access
2. Edit Access
Click the Edit button
3. Add Reference to refs/heads/*
This is the reference for all direct pushes. We're going to configure who can do what to this path.
Click "Add Reference" and type in 'refs/heads/*' (no quotes)
4. Deny the "Push" permission
The Push permission is the one which controls who can make direct pushes. Merge pushes and pushes to Gerrit will still be allowed (see notes below).
- Click "Add Permission" and select "Push".
- Select the user group you want to deny push from (you can type in "Registered Users" if you want to block everyone)
- Choose "DENY" from the dropdown that appears once you've added your user group
5. Save Changes
And you're done. The finished config should look something like this:
Note
If this doesn't work, make sure you have the Push permission set to ALLOW on refs/for/refs/* - this is the permission which allows pushes to Gerrit.