Page MenuHomePhabricator

Define a process to import and create repositories
Closed, ResolvedPublic

Description

@Chad says on wikitech-l:

I agree, having to request is problematic. The main reason this happened is that Gerrit has always made it easier to screw up than do it right when creating your project (it's not just that you *can* screw up, but that the defaults *encourage* a non-admin to screw up).
If it was the mediawiki-core group, that might scale. It's a far smaller group. The whole thing is rather silly I'm afraid as I've never scaled this process out beyond Christian [@QChris] and myself really.
I think this should be a much *much* larger group in Phabricator than we've done in Gerrit. It's much harder to screw yourself over.

Permissions to be defined (please correct / fine tune if needed):

  • Who can initially import existing repos (Gerrit, SVN, GitHub) and how to join this group.
  • Who can initially create new repos and how to join this group.

Related Objects

StatusAssignedTask
ResolvedDzahn
ResolvedCmjohnson
ResolvedDzahn
Resolveddemon
Resolveddemon
ResolvedDanny_B
ResolvedPaladox
ResolvedPaladox
ResolvedNemo_bis
Resolveddemon
ResolvedPaladox
ResolvedKrenair
Resolvedmmodell
InvalidNone
DeclinedNone
Resolveddemon
InvalidNone
InvalidNone
ResolvedQgil
DeclinedNone
DuplicateNone
OpenNone
Resolvedgreg

Event Timeline

Qgil created this task.Oct 31 2014, 8:35 AM
Qgil raised the priority of this task from to Low.
Qgil updated the task description. (Show Details)
Qgil added a project: Gerrit-Migration.
Qgil changed Security from none to None.
Qgil added subscribers: Aklapper, Qgil, greg and 16 others.

In Gerrit we had people request repositories on a wiki page https://www.mediawiki.org/wiki/Gerrit/New_repositories which has some guidelines. I don't think I ever used that page though :D

The list of people allowed to create new repositories in Gerrit is the group "Project and Group Creators" https://gerrit.wikimedia.org/r/#/admin/groups/119,members which also includes Gerrit administrators https://gerrit.wikimedia.org/r/#/admin/groups/1,members

In Phabricator I guess we can create a group that contains those people and let them virally add more folks to it.

demon added a comment.Oct 31 2014, 2:34 PM
  • Repos from SVN require shell access to the SVN box, so that will remain only something that a limited number of people can do.
  • Git repos are mostly the same so we'll be able to give this group to anyone in theory--no special access needed.

Really we need to make sure we're clear on naming conventions (especially on callsigns since those cannot ever change).

+1 to the idea of making it a viral group.

In T1009#17490, @Chad wrote:
  • Repos from SVN require shell access to the SVN box, so that will remain only something that a limited number of people can do.
  • Git repos are mostly the same so we'll be able to give this group to anyone in theory--no special access needed.

Really we need to make sure we're clear on naming conventions (especially on callsigns since those cannot ever change).

People added to this group also need to be clear on the policy that repositories are open source (https://www.mediawiki.org/wiki/Template:Extension/Expectations).

demon added a comment.Nov 13 2014, 4:34 AM
In T1009#21839, @Mattflaschen wrote:
In T1009#17490, @Chad wrote:
  • Repos from SVN require shell access to the SVN box, so that will remain only something that a limited number of people can do.
  • Git repos are mostly the same so we'll be able to give this group to anyone in theory--no special access needed.

Really we need to make sure we're clear on naming conventions (especially on callsigns since those cannot ever change).

People added to this group also need to be clear on the policy that repositories are open source (https://www.mediawiki.org/wiki/Template:Extension/Expectations).

I don't see that as a problem.

hashar removed a subscriber: hashar.Nov 20 2014, 4:56 PM
greg added a comment.Dec 2 2015, 12:06 AM

Proposal

  • Create a Repository-Admins group in Phabricator that gives members the needed permissions to create/edit/etc repositories in Phab.
    • {{DONE}}
  • To become a member of that group, one must:
    • file a task requesting access
    • have read and agreed to the repository guidelines (mostly naming conventions, really, and the "everything hosted here is open source, please use an OSI-approved license" obvious bit)
    • show a legitimate need to be a member of the group
    • a current member of the group reviews and adds them or declines
greg added a comment.Dec 2 2015, 12:07 AM

This will be documented here: https://www.mediawiki.org/wiki/Phabricator/Diffusion#Requesting_a_new_repository

I've already taken a first stab at cleaning up that page and documenting this there.

I would feel a better if we were backing up repo's hosted in Phab to somewhere not iridium before we do this. Right now it's a primary source for only scap3 (I think?), and it's true we have repo's scattered about on dev laptops, but a full recovery of known state without a backup from iridium would be a huge hassle and maybe even impossible.

demon added a comment.Dec 2 2015, 12:41 AM

I would feel a better if we were backing up repo's hosted in Phab to somewhere not iridium before we do this. Right now it's a primary source for only scap3 (I think?), and it's true we have repo's scattered about on dev laptops, but a full recovery of known state without a backup from iridium would be a huge hassle and maybe even impossible.

Should be easy to configure backula to backup the /srv/phab/repos directory, we do the same in Gerrit.

I would feel a better if we were backing up repo's hosted in Phab to somewhere not iridium before we do this. Right now it's a primary source for only scap3 (I think?), and it's true we have repo's scattered about on dev laptops, but a full recovery of known state without a backup from iridium would be a huge hassle and maybe even impossible.

Should be easy to configure backula to backup the /srv/phab/repos directory, we do the same in Gerrit.

T120045: Configure backula to backup the /srv/phab/repos directory

greg closed this task as Resolved.Dec 2 2015, 6:51 PM
greg claimed this task.
Restricted Application added a project: User-greg. · View Herald TranscriptDec 2 2015, 6:51 PM
greg moved this task from To Triage to Done on the Gitblit-Deprecate board.Dec 2 2015, 6:51 PM