In Gerrit how to temporarily block/deny submits to a given branch?

Question

It's possible to modify access rules to certain branches of a given repository (both via UI and via Gerrit API) to block submits (e.g. in case of emergency maintenance).

However the only way I know to do this requires me to manually reconfigure rules in a every time I have to block modifications on a branch immediately. Because this is cumbersome, error prone and hard to document I'd like to have a "red button" solution instead.

To avoid re-inventing the wheel using manually written rules or scripting yet another solution for a problem other people had before I'm asking myself (or rather you) whether there is a to-go method already which stops submits to a faulty branch and similarly easily allows them again.

A solution I'd like to have would allow me to easily run

gerrit-set-submit-traffic-light block master

in cases of emergency on master branch and running

gerrit-set-submit-traffic-light allow master

to enable submitting again..

Is there such a thing? What would be the straight forward way to do this?

Answer 1

Option 1

All permissions for a repository are maintained in the repository itself, under the refs/meta/config ref in the file project.config.

If you want to disable the "submit" permission for a given branch, you need to modify that file. E.g., to temporarily restrict the submit permission to members of group Master-Emergency-Submitters, you'd add

[access "refs/heads/master"]
        submit = group Master-Emergency-Submitters

Once the emergency situation is over, you'd remove that entry again.

To perform these changes, all you need to do is to push the updated project.config file, which is easily scriptable.

Option 2

The Gerrit hooks plugin supports a submit hook that can block the submit step. The hook is a simple shell script which you can use to disable commits to your branches depending on some condition.

While the second option is less intrusive, it will still leave the "Submit" button enabled in the GUI (blocking submits after the user selected to perform them), which is less nice from a UX point of view.