#+TITLE: Configuration of gerrit

A gerrit instance is running at [[https://cl.fcuny.net][cl.fcuny.net]].

* Permissions
- branches other than main can be pushed to the server
- the main branch can only be modified by gerrit
* Secure configuration
The file =/var/lib/gerrit/etc/secure.config= is managed by nix and is encrypted with age. The file contains the following settings:
#+begin_src ini
[auth]
  registerEmailPrivateKey = <redacted>
[sendemail]
  smtpUser = <fastmail user>
  smtpPass = <fastmail SMTP password>
[plugin "gerrit-oauth-provider-google-oauth"]
  client-secret = <google oauth secret>
#+end_src

From the directory =hosts/tahoe/secrets= you can run =nix run github:ryantm/agenix -- -e gerrit/secure-config.age= to edit the secrets.
* Notes
The [[https://gerrit.googlesource.com/plugins/reviewnotes/][review notes]] plugin is enabled. The plugin stores into the notes the information about the reviews.

When cloning the repo, run the following:
#+begin_src sh
git config --add remote.origin.fetch refs/notes/review:refs/notes/review
git fetch
#+end_src

Then running =git log --show-notes=review= will show these notes.

More information can be found at [[https://cl.fcuny.net/plugins/reviewnotes/Documentation/refs-notes-review.md][this URL]].
* Repositories configuration
Gerrit stores information about repositories in a git repository. To get the configuration, run:
#+begin_src sh
git clone "https://fcuny@cl.fcuny.net/a/All-Projects" && (cd "All-Projects" && mkdir -p .git/hooks && cu
https://fcuny@cl.fcuny.net/tools/hooks/commit-msg; chmod +x `git rev-parse --git-dir`/hooks/commit-msg)
cd All-Projects
git fetch origin refs/meta/config:refs/remotes/origin/meta/config
git checkout meta/config
#+end_src

Then the file =project.config= can be edited.
* Labels
** Verified
The label verified is typically used for CI. Relevant diffs to add the label:
#+begin_src diff
diff --git a/project.config b/project.config
index eb13426..9d504c7 100644
--- a/project.config
+++ b/project.config
@@ -63,6 +63,11 @@
        value = 0 No score
        value = +1 Looks good to me, but someone else must approve
        value = +2 Looks good to me, approved
+[label "Verified"]
+       function = MaxWithBlock
+       value = -1 Fails
+       value =  0 No score
+       value = +1 Verified
 [capability]
        administrateServer = group Administrators
        priority = batch group Service Users
#+end_src

#+begin_src diff
diff --git a/project.config b/project.config
index 9d504c7..5f9352d 100644
--- a/project.config
+++ b/project.config
@@ -26,6 +26,7 @@
        label-Code-Review = -2..+2 group Administrators
        label-Code-Review = -2..+2 group Project Owners
        label-Code-Review = -1..+1 group Registered Users
+        label-Verified = -1..+1 group Service Users
        push = group Administrators
        push = group Project Owners
        read = group Anonymous Users
#+end_src