On 18/05/15 05:40, Sage Weil wrote:
As the number of people contributing code grows, we've added more and more
people to the github ceph org who have write access to ceph.git. Those
people can merge pull requests and can also push branches directly to the
repo.
We also use ceph.git as a source for the test build infrastrucure
(gitbuilders) to generate packages for QA or hot fixes and make check
tests. This leads to an every-growing body of wip-* branches in the repo
(which is annoying), and also means that in order to build something to
test in QA you also get the ability to (say) push directly to master.
How about we instead
- create a second repo named something like ceph-ci.git (that's the best
I can come up with at the moment)
- add this as a second source for all gitbuilders (they can poll a list)
- move all wip-* branches here
- create a new github team with contributing developers who can push to
this repo and are trusted not to wreak havoc on the builders
- remove all the cruft from ceph.git, so that it's just master, next, the
stable branches, release tags, and anything else similarly important.
- restrict ceph.git write access to core developers
This will improve security somewhat and reduce the risk of an accidental
push to an important branch.
It may also reduce the risk associated with accidental force pushes
(something we've hemmed and hawed about recently) by limiting the circle
of people who can write to ceph.git and also changing workflows so that it
is almost never used directly...
I think this is a great idea!
'ceph-ci' also looks like a simple enough name conveying its purpose,
even though the 'continuous' part is not necessarily true (but it's
trivial to type, so it gets my vote).
-Joao
--
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
