Implement openstack-unmaintained-core group
Create a gerrit group to handle branches in Unmaintained status across all projects, as described in TC resolution 2023-11-14, which is commit 90982cd in the governance repository. Also adjust the acl file normalization tool so that it will guarantee that the Release Managers group has 'abandon' permission on Unmaintained branches if any project chooses to override the global openstack-unmaintained-core group with a project-specific unmaintained core team (as is allowed by TC resolution 2023-11-14). This entails a change in that script to require the acl file's namespace be passed in so that the check doesn't affect non-OpenStack OpenInfra projects. Change-Id: Ife8e5f175cb8a7d396dfe2a5d52fd6d524ae0b43
This commit is contained in:
		| @@ -4,6 +4,19 @@ | |||||||
| 	createSignedTag = group Release Managers | 	createSignedTag = group Release Managers | ||||||
| 	delete = group Release Managers | 	delete = group Release Managers | ||||||
|  |  | ||||||
|  | [access "refs/heads/unmaintained/*"] | ||||||
|  | 	abandon = group Change Owner | ||||||
|  | 	abandon = group Project Bootstrappers | ||||||
|  | 	abandon = group Release Managers | ||||||
|  | 	abandon = group openstack-unmaintained-core | ||||||
|  | 	exclusiveGroupPermissions = abandon label-Code-Review label-Workflow | ||||||
|  | 	label-Code-Review = -2..+2 group Project Bootstrappers | ||||||
|  | 	label-Code-Review = -2..+2 group openstack-unmaintained-core | ||||||
|  | 	label-Code-Review = -1..+1 group Registered Users | ||||||
|  | 	label-Workflow = -1..+0 group Change Owner | ||||||
|  | 	label-Workflow = -1..+1 group Project Bootstrappers | ||||||
|  | 	label-Workflow = -1..+1 group openstack-unmaintained-core | ||||||
|  |  | ||||||
| [receive] | [receive] | ||||||
| 	requireChangeId = true | 	requireChangeId = true | ||||||
| 	requireContributorAgreement = true | 	requireContributorAgreement = true | ||||||
|   | |||||||
| @@ -13,13 +13,16 @@ declare -i NUM_TESTS=0 | |||||||
|  |  | ||||||
| function check_team_acl { | function check_team_acl { | ||||||
|     local configs_dir="$1" |     local configs_dir="$1" | ||||||
|  |     local namespace | ||||||
|     local configs_list |     local configs_list | ||||||
|  |  | ||||||
|     echo "Checking" $(basename $configs_dir) |     namespace="$(basename $configs_dir)" | ||||||
|  |     echo "Checking $namespace" | ||||||
|     configs_list=$(find $configs_dir -name "*.config") |     configs_list=$(find $configs_dir -name "*.config") | ||||||
|     for config in $configs_list; do |     for config in $configs_list; do | ||||||
|         let "NUM_TESTS+=1" |         let "NUM_TESTS+=1" | ||||||
|         $OLDPWD/tools/normalize_acl.py $config all > $TMPDIR/normalized |         $OLDPWD/tools/normalize_acl.py $namespace $config all \ | ||||||
|  |                                        > $TMPDIR/normalized | ||||||
|         if ! diff -u $config $TMPDIR/normalized >>config_failures; |         if ! diff -u $config $TMPDIR/normalized >>config_failures; | ||||||
|         then |         then | ||||||
|             echo "Project $config is not normalized!" >>config_failures |             echo "Project $config is not normalized!" >>config_failures | ||||||
|   | |||||||
| @@ -11,9 +11,13 @@ | |||||||
| #  License for the specific language governing permissions and limitations | #  License for the specific language governing permissions and limitations | ||||||
| #  under the License. | #  under the License. | ||||||
|  |  | ||||||
| # Usage: normalize_acl.py acl.config [transformation [transformation [...]]] | # Usage: normalize_acl.py NAMESPACE acl.config [transform [transform [...]]] | ||||||
| # | # | ||||||
| # Transformations are described in user-facing detail below | # The NAMESPACE specifies the OpenInfra project, e.g., 'openstack', and | ||||||
|  | # conventionally corresponds to the directory name containing that project's | ||||||
|  | # acl files. | ||||||
|  | # | ||||||
|  | # Transforms are described in user-facing detail below | ||||||
| # | # | ||||||
| # Transformations: | # Transformations: | ||||||
| # all Report all transformations as a dry run. | # all Report all transformations as a dry run. | ||||||
| @@ -83,19 +87,39 @@ The current transformations | |||||||
|  |  | ||||||
| LAST_TRANSFORMATION = 10 | LAST_TRANSFORMATION = 10 | ||||||
|  |  | ||||||
| aclfile = sys.argv[1] | USAGE_STRING = ("Usage:\n  normalize_acl.py NAMESPACE acl.config [transform " | ||||||
|  |                 "[transform [...]]]\n  or 'normalize_acl.py -help' for info " | ||||||
|  |                 "on the available transforms") | ||||||
|  |  | ||||||
|  |  | ||||||
|  | try: | ||||||
|  |     namespace = sys.argv[1] | ||||||
|  | except IndexError: | ||||||
|  |     print('error: missing NAMESPACE or -help') | ||||||
|  |     print(USAGE_STRING) | ||||||
|  |     sys.exit(1) | ||||||
|  |  | ||||||
| # NOTE(ianw) : 2023-04-20 obviously we would not write any of this | # NOTE(ianw) : 2023-04-20 obviously we would not write any of this | ||||||
| # like this if we were starting fresh.  But this has grown from a | # like this if we were starting fresh.  But this has grown from a | ||||||
| # simple thing into something difficult for people to deal with.  If | # simple thing into something difficult for people to deal with.  If | ||||||
| # we have any errors during the tox job, we use this to print out a | # we have any errors during the tox job, we use this to print out a | ||||||
| # help message. | # help message. | ||||||
| if (aclfile == '-help'): | if (namespace == '-help'): | ||||||
|     print(NORMALIZATION_HELP) |     print(NORMALIZATION_HELP) | ||||||
|     sys.exit(1) |     sys.exit(1) | ||||||
|  |  | ||||||
| try: | try: | ||||||
|     transformations = sys.argv[2:] |     aclfile = sys.argv[2] | ||||||
|  | except IndexError: | ||||||
|  |     print('error: missing acl filespec') | ||||||
|  |     print(USAGE_STRING) | ||||||
|  |     sys.exit(1) | ||||||
|  |  | ||||||
|  | # TODO(rosmaita): refactor this, there's nothing in the 'try' | ||||||
|  | # that will raise a KeyError, and in any case, an out-of-range slice | ||||||
|  | # reference already returns an empty list | ||||||
|  | try: | ||||||
|  |     transformations = sys.argv[3:] | ||||||
|     if transformations: |     if transformations: | ||||||
|         RANGE_END = LAST_TRANSFORMATION + 1 |         RANGE_END = LAST_TRANSFORMATION + 1 | ||||||
|         if transformations[0] == 'all': |         if transformations[0] == 'all': | ||||||
| @@ -306,6 +330,9 @@ if '8' in transformations: | |||||||
|                 if 'abandon' in exclusives: |                 if 'abandon' in exclusives: | ||||||
|                     newsection.append('abandon = group Change Owner') |                     newsection.append('abandon = group Change Owner') | ||||||
|                     newsection.append('abandon = group Project Bootstrappers') |                     newsection.append('abandon = group Project Bootstrappers') | ||||||
|  |                     if (namespace == 'openstack' | ||||||
|  |                         and 'refs/heads/unmaintained' in section): | ||||||
|  |                         newsection.append('abandon = group Release Managers') | ||||||
|                 if 'label-Code-Review' in exclusives: |                 if 'label-Code-Review' in exclusives: | ||||||
|                     newsection.append('label-Code-Review = -2..+2 ' |                     newsection.append('label-Code-Review = -2..+2 ' | ||||||
|                                       'group Project Bootstrappers') |                                       'group Project Bootstrappers') | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user
	 Brian Rosmaita
					Brian Rosmaita