Right now we replicate repositories from Gerrit to Github. Phabricator should take over this job.
Description
Description
Related Objects
Related Objects
- Mentioned In
- T187149: Delete all Phabricator git repos that haven't been referenced / aren't used.
T183361: Access request: Phabricator Repository-Admins
T114667: operations/apache-config is not replicated to github - Mentioned Here
- T119908: [RfC]: Migrate code review / management from Gerrit to Phabricator
P3245 github mirrors
Event Timeline
Comment Actions
This is easy: We just need:
- Create Credentials for push accounts
- Create repos at github (or copy the URL of existing)
- Make sure, that the push accounts can access the github repos
- Add the github repos as mirror at the git at phabricator
- Phabricator will now push every new change to github, if phabricator recives a new one
Comment Actions
Is there a list of repos, that need a push from phabricator (in future)? I can do this, I need only the password for the push account at github (not directly, you can put it in a credential, and phab uses it, I don't need to see it (so you can configure it, that I can see it, but I can not edit it, so I can say to phab, that he can use it, but I can not see it on my own)), and than I can configure mirrors. The only thing, that I can not (yet) do, is that @demon said, that gerrit replicates that repos. Once a mirror at phab is enabled, this replication from gerrit is no longer needed, and should be turned off, this is the thing I can't to yet (don't have the rights / don't know which site I have to visit).
Comment Actions
I do hope this doesn't break our replication from Github to specific repositories hosted on Gerrit!
Comment Actions
@demon: The problem, I can't add it, at the moment I get:
Access Denied: Restricted Passphrase Credential
Users with the "Can View" capability:
- Administrators can take this action.
I guess it is not a problem, if you add me, that I'm able to view it (then I can add it at phab). It is not required that I'm able to edit it, and as long as I can not edit it, I can not view it, so I can just use it, but don't see it (the password), so I guess this is not so problematic?
Comment Actions
@mwjames We don't have real automation here. I do have some script to help with it, though always manually merge (so I can also catch harmfull updates getting merged via Gerrit). If the repos move from Gerrit to Phabricator, then perhaps we can finally properly have them be read only except for TWN and us. I don't see this move making anything worse for us.
Comment Actions
I had K13 a little too tightly set on permissions. It's now set to viewable by Diffusion-Repository-Administrators and editable only by Phab admins. You shouldn't be able to view the actual password but the credential itself should work.
Comment Actions
Yeah, that works, thanks. I can not edit and view the password, but I can add it :).
So, as sayed above, I would volunteer to migrate the migration, if you want too, but I need the following things in this case:
- A overview about the repos to migrate
- A way to disable the gerrit replication, when phab replication is enabled
Comment Actions
"Everything" ... considering we have a Github mirror for basically everything that's in Gerrit/Phab
- A way to disable the gerrit replication, when phab replication is enabled
Easiest way is to have gerrit project owners (or gerrit admins) set DENY on the READ permission for the mediawiki-replication group on refs/* in a project's project.config.
That'll keep us from having to update replication.config in puppet for every single repository to add exceptions.
Comment Actions
I guess phab should use the same repos as gerrit use currently...
So every repo to migrate exists here: https://github.com/wikimedia?
In this case I guess I would make a task for gerrit admins to disable the replication at repos, where the phab mirror is active. (I think there would be no problem, if both are active. gerrit replicates, and phab will see, that this repo is active, and do nothing). Or do you think there is a better way?
What do you think, can I start now, or is there still something to do, which blocks this?
Comment Actions
I think that they are currently trying to do this to mediawiki/core but it doesn't seem to be working.
mediawiki/core at git.wikimedia.org isent updating either. could git.wikimedia.org still be left to replicate from gerrit.
maybe it isent working because it is missing the configuration file
They stopped replicating to git.wikimedia.org on prupose so phabricator could take over.
Comment Actions
@demon I asked @mmodell to turn replication on https://phabricator.wikimedia.org/diffusion/SMTL/ and it works https://github.com/wikimedia/mediawiki-skins-Metrolook
Could we try doing it to other repos.
If we deny mediawiki-replication like we did before it may have got in the way and caused the problem we had before with replication to GitHub.
But could we try adding the mirror in diffusion on mediawiki core please.
Comment Actions
MediaWiki core has been enabled for mirroring from diffusion. It isent pushing due to the size of the repo. We will need to manually add refs/changes and 1-10 folders at a time in that ref. This will let diffusion start mirroring.
We can start to enable other repos to mirror because mw extensions or skins should not be no way near the size of mw core.
Comment Actions
Yeah, I'm pretty sure MW and Puppet are the only two repos with enough refs to give us problems.
Comment Actions
@demon yep, we can do mw core and puppet manually. Then diffusion will start pushing.
Comment Actions
- CentralAuth
- Wikibase
- Wikidata
- Echo
- Flow
Have all been turned on for mirroring from diffusion. Thanks @Luke081515 for turning them on.
Comment Actions
@QChris hi could you when you create repos in gerrit and also create them in diffusion please add the mirror to diffusion too please.
Comment Actions
These repos have been turned on for diffusion mirroring to GitHub..
- integration/config
- operations/mediawiki/config
- operations/puppet
Thanks @Luke081515 for turning mirroring on these repos.
Comment Actions
These repos have been switched on for diffusion mirroring.
- mediawiki extension VisualEditor
- visualeditor/visualeditor
- mediawiki extension TimedMediaHandler
- mediawiki extension MobileFrontend
- mediawiki extension Translate
Thanks @Luke081515 for adding the mirrors to the repos.
Comment Actions
For mw core and operations-puppet we can do this
mw core
[remote "git@github.com:wikimedia/mediawiki.git"]
url = git@github.com:wikimedia/mediawiki.git push = +refs/heads/*:refs/heads/* push = +refs/tags/*:refs/tags/* threads = 3
operations-puppet
[remote "git@github.com:wikimedia/operations-puppet.git"]
url = git@github.com:wikimedia/operations-puppet.git push = +refs/heads/*:refs/heads/* push = +refs/tags/*:refs/tags/* threads = 3
We add the above to the config file inside the repos manually on the server where phabricator saves the repos.
@demon or @mmodell would you be able to do the above please or would you be able to add refs/changes manually to the GitHub mirror please.
Comment Actions
@Paladox: How does adding those options in phabricator fix the problem? I'm slightly confused.
Comment Actions
@mmodell since it won't mirror refs/changes/ which is causing the problem unless we add refs/changes manually to the mirror.
If we add that config to the config file it will stop refs/changes from being mirrored which will allow diffusion to mirror.
The way around it if you have time is to add refs/changes/ manually to the mw core and operations-puppet manually on GitHub.
Comment Actions
I created P3245 so that we can edit it and add the GitHub mirrors.
We need to reverse it so the callsign is first then GitHub mirror. Then we will need to update it to support conduit.
Comment Actions
@demon could you create a script we could use that will add the mirrors to all the repos please?
Also exclude the ones that have already been converted to use the mirror in diffusion please?
Comment Actions
We should start doing this for repos :). we will then have two backups of the git repos as refs/changes/ will be on GitHub :)
This will also enable the download button to make it easier to download repos.