Gerrit 介绍和使用
Gerrit 介绍和使用
介绍
Demo:https://gerrit-demo.123u.com/
开源地址:https://github.com/GerritCodeReview/gerrit
Gerrit,一种开放源代码的代码审查软件,提供 Code Review和 Git 仓库的两大功能,但实际上很多项目用的是其他的Git仓库,例如GitLab和GitHub。同一个团队的程序员,可以通过web页面相互审阅彼此修改后的代码,决定是否能够提交,退回或是继续修改。它使用版本控制系统Git作为底层。
理论上Git虽然是一个分布式版本管理系统,不需要中心代码库就能相互同步数据。而在实际的操作过程中,为了方便一个团队的多名开发人员通常需要指定一个确定的代码库用于提交和相互同步代码。所以我们开发团队代码管理一般使用如下结构:
在引入Gerrit代码审核机制后,我们的代码提交和同步的方式发生了变化:
工作流程
首先贡献者的代码通过 git 命令(或 repo 封装)推送到 Gerrit 管理下的 Git 版本库,推送的提交转化为一个一个的代码审核任务,审核任务可以通过 refs/changes/
安装
# Git Nginx Java 安装
yum install -y java-1.8.0-openjdk git nginx
java -version
systemctl start nginx && systemctl enable nginx
# 下载
wget https://gerrit-releases.storage.googleapis.com/gerrit-3.6.0.war
# 启动
export GERRIT_SITE=~/gerrit_testsite
java -jar gerrit-3.6.0.war init -d /data/gerrit
~/gerrit_testsite/etc/gerrit.config 配置内容
[gerrit]
basePath = git
canonicalWebUrl = https://gerrit.com/
serverId = 5916d32e-428a-40de-8608-c778819f11d8
[container]
javaOptions = "-Dflogger.backend_factory=com.google.common.flogger.backend.log4j.Log4jBackendFactory#getInstance"
javaOptions = "-Dflogger.logging_context=com.google.gerrit.server.logging.LoggingContext#getInstance"
user = root
javaHome = /usr/lib/jvm/java-11-openjdk-11.0.14.1.1-1.el7_9.x86_64
[index]
type = lucene
[auth]
type = ldap
[receive]
enableSignedPush = false
[sshd]
listenAddress = *:29418
[httpd]
listenUrl = proxy-https://gerrit.com/
[cache]
directory = cache
[ldap]
server = LDAP://10.0.150.191/
username = cn=rootu
password = ""
accountBase = OU=users
groupBase = OU=users
[sendemail]
enable = true
smtpServer = smtp.feishu.cn
smtpServerPort = 465
smtpEncryption = SSL
sslVerify = true
smtpUser = gerrit@qq.com
smtpPass = ******
from = gerrit@qq.com
Nginx 配置文件:/etc/nginx/conf.d/gerrit.conf
upstream proxy_pool_gerrit {
server 10.221.0.1:8080 weight=10;
keepalive 512;
}
server {
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/1_123u.com_bundle.crt;
ssl_certificate_key /etc/nginx/ssl/2_123u.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
server_name gerrit.com;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/gerrit.access.log main;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://proxy_pool_gerrit;
}
}
server {
listen 80;
server_name gerrit.com;
access_log /var/log/nginx/gerrit.access.log main;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://10.221.0.1:8080;
}
}
启动
gerrit_testsite]# ./bin/gerrit.sh restart
服务端
新建项目
-
进入gerrit管理页面
创建项目
-
Repository name,仓名,必填,可以包含
/
字符、英文大小写、数字; -
Rights inherit from,权限集成自,选填,指定已有仓名,默认是
All-Projects
; -
Owner,选填,指定项目所有者,指定的所有者即便不是管理员也有Review+2等权限;
-
Create initial empty commit,用于指定是否创建一个空提交,默认为True;
-
Only serve as parent for other repositories,用于指定当前仓仅作为Parent仓,默认为False
将gitlab项目同步gerrit服务器
[root@test-lwj-150-64 gerrit_testsite]# cd git/
[root@test-lwj-150-64 git]# pwd
/root/gerrit_testsite/git
[root@test-lwj-150-64 git]# rm -rf bubble.git/
[root@test-lwj-150-64 git]# git clone --bare git@git.intra.123u.com:sa/bubble.git
Cloning into bare repository 'bubble.git'...
remote: Counting objects: 63, done.
remote: Compressing objects: 100% (54/54), done.
remote: Total 63 (delta 14), reused 0 (delta 0)
Receiving objects: 100% (63/63), 436.15 KiB | 3.83 MiB/s, done.
Resolving deltas: 100% (14/14), done.
[root@test-lwj-150-64 git]# ls
All-Projects.git All-Users.git bubble.git test_repo.git
[root@test-lwj-150-64 git]# ll bubble.git/
total 20
-rw-r--r-- 1 root root 23 May 31 15:06 HEAD
drwxr-xr-x 2 root root 6 May 31 15:06 branches
-rw-r--r-- 1 root root 128 May 31 15:06 config
-rw-r--r-- 1 root root 73 May 31 15:06 description
drwxr-xr-x 2 root root 4096 May 31 15:06 hooks
drwxr-xr-x 2 root root 21 May 31 15:06 info
drwxr-xr-x 4 root root 30 May 31 15:06 objects
-rw-r--r-- 1 root root 365 May 31 15:06 packed-refs
drwxr-xr-x 4 root root 31 May 31 15:06 refs
改动后的内容自动同步Gitlab
# 在gerrit_testsite/etc/replication.config配置添加如下内容;
[remote "bubble"]
projects = bubble
url = git@git.com:sa/bubble.git
push = +refs/heads/*:refs/heads/*
push = +refs/tags/*:refs/tags/*
push = +refs/changes/*:refs/changes/*
threads = 3
重启gerrit
[root@test-lwj-150-64 gerrit_testsite]# ./bin/gerrit.sh restart
Stopping Gerrit Code Review: OK
Starting Gerrit Code Review: OK
客户端
-
本地Git用户配置要和Gerrit用户信息一致,使用域账号登入即可
-
本地公钥已添加到Gerrit用户配置中
-
本地Git版本不能太低,否则会出现未知的错误
本地公钥已添加到Gerrit用户配置中; 【settings】>【SSH Key】
客户端使用test用户进行拉取代码
注:在初次克隆代码时需要从服务器下载hook脚本用于每次审查自动生成change-id。
[dev@test-lwj-150-64 ~]$ git clone "ssh://test@gerrit-demo.123u.com:29418/bubble" && scp -p -P 29418 test@gerrit-demo.123u.com:hooks/commit-msg "bubble/.git/hooks/"
Cloning into 'bubble'...
remote: Counting objects: 63, done
remote: Finding sources: 100% (63/63)
remote: Total 63 (delta 14), reused 63 (delta 14)
Receiving objects: 100% (63/63), 436.16 KiB | 3.16 MiB/s, done.
Resolving deltas: 100% (14/14), done.
commit-msg 100% 1790 666.8KB/s 00:00
[dev@test-lwj-150-64 ~]$ ls
bubble test_repo
[dev@test-lwj-150-64 ~]$ ls bubble/
conf dao go.mod main.go README.md setting templates
controller example.png go.sum models routers static testlog.txt
[dev@test-lwj-150-64 ~]$
提交代码
[dev@test-lwj-150-64 bubble]$ echo "1111111111" >> testlog.txt
[dev@test-lwj-150-64 bubble]$ git add .
[dev@test-lwj-150-64 bubble]$ git commit -m "update tesetlog 1.0.0"
# 如果没有develop分支,则会自动创建
[gerrit@test-lwj-150-64 bubble]$ git push origin HEAD:refs/for/develop
Enumerating objects: 5, done.
Counting objects: 100% (5/5), done.
Delta compression using up to 4 threads
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 309 bytes | 309.00 KiB/s, done.
Total 3 (delta 1), reused 0 (delta 0), pack-reused 0
remote: Resolving deltas: 100% (1/1)
remote: Processing changes: refs: 1, new: 1, done
remote:
remote: SUCCESS
remote:
remote: http://10.0.150.64:8080/c/bubble/+/103 update tesetlog 1.0.0 [NEW]
remote:
To ssh://gerrit.com:29418/bubble
* [new reference] HEAD -> refs/for/develop
通过Gerrit Web页面进行review
- subject:提交的变更
- branch:合并的目标分支
-
默认只有Project Owners和Administrator群组用户拥有“Code-Review”选项+2的权限(提交通过)
-
普通用户的“Code-Review”选项只能选择+1(审核建议)
-
多人评审后当总分>=2时,表示审核通过,进入下一步的代码验证流程;否则需要提交者返工修改。
- 点击“Summit”按钮才能进入代码库
选择Merged,查看合并记录
查看是否同步gitlab
查看触发构建任务
这里使用蓝盾Devops平台作为CICD流程示例,配置了代码库进行监听并自动触发CI任务。
由Gerrit code 代码审核过之后,通过merge request之后会自动同步到Gitlab仓库, 同时会自动触发构建任务
参考: