Page MenuHomePhabricator
Create Task
Maniphest T1009

Define a process to import and create repositories
Closed, ResolvedPublic
Actions

Description

@Chad says on wikitech-l:

I agree, having to request is problematic. The main reason this happened is that Gerrit has always made it easier to screw up than do it right when creating your project (it's not just that you *can* screw up, but that the defaults *encourage* a non-admin to screw up).

If it was the mediawiki-core group, that might scale. It's a far smaller group. The whole thing is rather silly I'm afraid as I've never scaled this process out beyond Christian [@QChris] and myself really.
I think this should be a much *much* larger group in Phabricator than we've done in Gerrit. It's much harder to screw yourself over.

Permissions to be defined (please correct / fine tune if needed):

  • Who can initially import existing repos (Gerrit, SVN, GitHub) and how to join this group.
  • Who can initially create new repos and how to join this group.

Related Objects
Search...

StatusSubtypeAssignedTask
 ResolvedDzahnT123525 reduce amount of remaining Ubuntu 12.04 (precise) systems in production
 Resolved CmjohnsonT138978 decom antimony (datacenter)
 ResolvedDzahnT123718 Phase out antimony.wikimedia.org (git.wikimedia.org / gitblit)
 ResolvedDanny_BT138986 Archive #Gitblit-Deprecate
 ResolvedPaladoxT137353 Update all on-wiki references to git.wikimedia.org and replace them with the Phabricator equivalent
 OpenDzahnT323073 Make https://git.wikimedia.org not redirect to Phabricator Diffusion
 Resolved demonT111465 [keyresult] Deprecate gitblit in favor of Diffusion
 Resolved demonT752 Use Diffusion as canonical location for browsing code repos (not gitblit)
 ResolvedPaladoxT108864 Update mediawiki.org templates to link to Diffusion, not gitblit
 ResolvedNemo_bisT101358 Update {{git file}} to link to diffusion
 Resolved demonT110607 redirect gerrit repo paths to diffusion callsigns
 ResolvedPaladoxT111887 Diffusion replacement for tarfile download from git.wikimedia.org
 ResolvedKrenairT122674 Make all /r/project/* paths in phabricator accessible without login
 Resolved mmodellT129447 Diffusion redirect from name to callsign doesn't always work
 InvalidNoneT135336 Update Module:Callsigns in mediawiki.org
 DeclinedNoneT76788 ExtensionDistributor should use Phabricator/Diffusion instead of Gerrit
 Resolved demonT616 Import all gerrit.wikimedia.org repositories with Diffusion
 InvalidNoneT98348 Implement the Wikimedia Foundation Call to Action 2015
 InvalidNoneT98358 WMF to integrate, consolidate, and pause or stop stalled initiatives
 ResolvedQgilT553 Engineering Community team goals for October 2014
 DeclinedNoneT617 Provide static dump of Gerrit
 DuplicateNoneT18 Plan to migrate code review from Gerrit to Phabricator
 DeclinedNoneT38269 Implement a real way to request new repositories
 ResolvedgregT1009 Define a process to import and create repositories

Event Timeline

Qgil created this task.Oct 31 2014, 8:35 AM
Qgil raised the priority of this task from to Low.
Qgil updated the task description. (Show Details)
Qgil added a project: Gerrit-Migration.
Qgil changed Security from none to None.
Qgil added subscribers: Aklapper, Qgil, greg and 16 others.
hashar added a comment.Oct 31 2014, 9:34 AM

In Gerrit we had people request repositories on a wiki page https://www.mediawiki.org/wiki/Gerrit/New_repositories which has some guidelines. I don't think I ever used that page though :D

The list of people allowed to create new repositories in Gerrit is the group "Project and Group Creators" https://gerrit.wikimedia.org/r/#/admin/groups/119,members which also includes Gerrit administrators https://gerrit.wikimedia.org/r/#/admin/groups/1,members

In Phabricator I guess we can create a group that contains those people and let them virally add more folks to it.

demon added a comment.Oct 31 2014, 2:34 PM
  • Repos from SVN require shell access to the SVN box, so that will remain only something that a limited number of people can do.
  • Git repos are mostly the same so we'll be able to give this group to anyone in theory--no special access needed.

Really we need to make sure we're clear on naming conventions (especially on callsigns since those cannot ever change).

+1 to the idea of making it a viral group.

Mattflaschen-WMF added a comment.Nov 13 2014, 4:21 AM
In T1009#17490, @Chad wrote:
  • Repos from SVN require shell access to the SVN box, so that will remain only something that a limited number of people can do.
  • Git repos are mostly the same so we'll be able to give this group to anyone in theory--no special access needed.

Really we need to make sure we're clear on naming conventions (especially on callsigns since those cannot ever change).

People added to this group also need to be clear on the policy that repositories are open source (https://www.mediawiki.org/wiki/Template:Extension/Expectations).

demon added a comment.Nov 13 2014, 4:34 AM
In T1009#21839, @Mattflaschen wrote:
In T1009#17490, @Chad wrote:
  • Repos from SVN require shell access to the SVN box, so that will remain only something that a limited number of people can do.
  • Git repos are mostly the same so we'll be able to give this group to anyone in theory--no special access needed.

Really we need to make sure we're clear on naming conventions (especially on callsigns since those cannot ever change).

People added to this group also need to be clear on the policy that repositories are open source (https://www.mediawiki.org/wiki/Template:Extension/Expectations).

I don't see that as a problem.

Mattflaschen-WMF mentioned this in T584: Define main tasks (epics) for code review in Phabricator.Nov 13 2014, 5:31 AM
Mattflaschen-WMF unsubscribed.Nov 15 2014, 3:25 AM
Jdforrester-WMF added a project: Gitblit-Deprecate.Nov 20 2014, 4:47 PM
hashar unsubscribed.Nov 20 2014, 4:56 PM
MZMcBride subscribed.Dec 5 2014, 7:22 PM
greg added a project: Diffusion.Sep 9 2015, 5:30 PM
Qgil added a parent task: T38269: Implement a real way to request new repositories.Sep 17 2015, 9:04 AM
demon mentioned this in T75983: Process to request the read-only mirror of a non-gerrit code repository in Diffusion.Dec 1 2015, 6:27 PM
greg added a comment.Dec 2 2015, 12:06 AM

Proposal

  • Create a Diffusion-Repository-Administrators group in Phabricator that gives members the needed permissions to create/edit/etc repositories in Phab.
    • {{DONE}}
  • To become a member of that group, one must:
    • file a task requesting access
    • have read and agreed to the repository guidelines (mostly naming conventions, really, and the "everything hosted here is open source, please use an OSI-approved license" obvious bit)
    • show a legitimate need to be a member of the group
    • a current member of the group reviews and adds them or declines
greg added a comment.Dec 2 2015, 12:07 AM

This will be documented here: https://www.mediawiki.org/wiki/Phabricator/Diffusion#Requesting_a_new_repository

I've already taken a first stab at cleaning up that page and documenting this there.

chasemp added a comment.Dec 2 2015, 12:09 AM

I would feel a better if we were backing up repo's hosted in Phab to somewhere not iridium before we do this. Right now it's a primary source for only scap3 (I think?), and it's true we have repo's scattered about on dev laptops, but a full recovery of known state without a backup from iridium would be a huge hassle and maybe even impossible.

greg moved this task from To Triage to Documentation on the Gerrit-Migration board.Dec 2 2015, 12:25 AM
demon added a comment.Dec 2 2015, 12:41 AM
In T1009#1843318, @chasemp wrote:

I would feel a better if we were backing up repo's hosted in Phab to somewhere not iridium before we do this. Right now it's a primary source for only scap3 (I think?), and it's true we have repo's scattered about on dev laptops, but a full recovery of known state without a backup from iridium would be a huge hassle and maybe even impossible.

Should be easy to configure backula to backup the /srv/phab/repos directory, we do the same in Gerrit.

greg mentioned this in T120045: Configure backula to backup the /srv/phab/repos directory.Dec 2 2015, 12:57 AM
In T1009#1843433, @demon wrote:
In T1009#1843318, @chasemp wrote:

I would feel a better if we were backing up repo's hosted in Phab to somewhere not iridium before we do this. Right now it's a primary source for only scap3 (I think?), and it's true we have repo's scattered about on dev laptops, but a full recovery of known state without a backup from iridium would be a huge hassle and maybe even impossible.

Should be easy to configure backula to backup the /srv/phab/repos directory, we do the same in Gerrit.

T120045: Configure backula to backup the /srv/phab/repos directory

greg closed this task as Resolved.Dec 2 2015, 6:51 PM
greg claimed this task.

So, I think we're good here with the same output from T75983: Process to request the read-only mirror of a non-gerrit code repository in Diffusion.

Restricted Application added a project: User-greg. · View Herald TranscriptDec 2 2015, 6:51 PM
greg moved this task from To Triage to Done on the Gitblit-Deprecate board.Dec 2 2015, 6:51 PM
greg moved this task from Documentation to Done/Archive on the Gerrit-Migration board.Mar 15 2016, 9:29 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL