Metadata-Version: 2.1
Name: pagure-dist-git
Version: 1.13
Summary: Pagure Git auth backend for Dist-Git setups
Home-page: https://pagure.io/pagure-dist-git
Author: Pierre-Yves Chibon
Author-email: pingou@fedoraproject.org
License: GPLv2+
License-File: LICENSE
Requires-Dist: pagure>=5.2



This project implements a dynamic Git auth backend for Pagure for Dist-Git_
to power https://src.fedoraproject.org

Configuration
=============

This plugin reuses the Pagure configuration, and adds several keys to it.

- ``ACL_DEBUG``: Whether to print some output with information decisions are 
  based on.
- ``ACL_PROTECTED_NAMESPACES``: List of namespaces where the extra strong 
  protections are in place.
- ``BLACKLIST_RES``: List of regular expressions with refs that can never be 
  pushed.
- ``ACL_BLOCK_UNSPECIFIED``: Whether to deny pushes to branches that aren't 
  either RCM, SIG or supported branches.
- ``UNSPECIFIED_BLACKLIST_RES``: List of regular expressions with refs that 
  can't be used if unspecified.
- ``RCM_BRANCHES``: List of regular expressions with refs that people in the
  RCM group can push.
- ``RCM_GROUP``: The group containing RCM members
- ``SUPPORTED_SIGS``: List of groups that grant access to sig_prefix-$signame-*
  refs.
- ``SIG_PREFIXES``: List of prefixes for SIG refs.

To enable this plugin, you need to either point the PAGURE_PLUGIN environment
variable at the pagure_distgit_config file or use the --plugin parameter of
the runserver.py script.

Example configurations
======================

Fedora
------

:: 

   ACL_DEBUG = False
   ACL_BLOCK_UNSPECIFIED = False
   ACL_PROTECTED_NAMESPACES = ['rpms', 'modules', 'container']
   RCM_GROUP = 'relenggroup'
   RCM_BRANCHES = ['refs/heads/f[0-9]+']
   # Pushing to c* stuff is never allowed
   BLACKLIST_RES = ['refs/heads/c[0-9]+.*']
   # Pushing to (f|epel|el|olpc)(num+) that is not previously approved
   # (supported branches) is not allowed.
   UNSPECIFIED_BLACKLIST_RES = ['refs/heads/f[0-9]+',
                                'refs/heads/epel[0-9]+',
                                'refs/heads/el[0-9]+',
                                'refs/heads/olpc[0-9]+']
   ORACULUM_URL = 'https://packager-dashboard.fedoraproject.org/api/'

CentOS
------

::

   SIG_PREFIXES = ['refs/heads/c7', 'refs/heads/c7-plus', 'refs/heads/c7-alt', ]
   SUPPORTED_SIGS = ['sig-atomic', 'sig-cloud', 'sig-core', 'sig-storage', ]
   
   # Branches to which *nobody* will be able to push (basically Fedora)
   BLACKLIST_RES = ['refs/heads/el[0-9]+.*', 'refs/heads/olpc[0-9]+.*', ]
   
   ### Specific ACO group that will have access to all protected branches with RWC rights
   RCM_GROUP = 'centos-rcm'
   RCM_BRANCHES = ['refs/heads/c[0-9]+.*', 'refs/tags/.*', ]

Tests
=====

The tests here require the *test suite* of pagure itself to work.  You have to
modify your PYTHONPATH to find them. Run with::

    $ PYTHONPATH=.:/path/to/pagure/checkout pytest pagure_distgit_tests/

You can use our requirements-testing.txt to install testing dependencies with pip::

    $ pip install -r /path/to/pagure/checkout/requirements.txt
    $ pip install -r /path/to/pagure/checkout/requirements-testing.txt
    $ pip install -r requirements-testing.txt

Setting up testing env
======================

The dist-git needs pagure to run. This guide will use the existing pagure vagrant setup with
few modifications. First you need to clone pagure::

    $ git clone https://pagure.io/pagure.git
    $ cd pagure

Next step is to copy `Vagrantfile.example` as `Vagrantfile` to git root folder::

    $ cp dev/Vagrantfile.example Vagrantfile

Add mount point for the dist-git repository. You need to add the following to
`Vagrantfile`::
 
    config.vm.synced_folder "/path/to/pagure-dist-git", "/srv/pagure-dist-git", type: "sshfs"

Create the vagrant machine and ssh into it::

    $ vagrant up && vagrant ssh

In the vagrant we need to do a few more steps. First add dist-git specific tables and
some test data::

    $ cd /srv/pagure-dist-git/
    $ sudo -u git python createdb.py -c /etc/pagure/pagure.cfg
    $ cd /srv/pagure
    $ sudo -u git PAGURE_CONFIG="/etc/pagure/pagure.cfg" python dev-data.py -a

Add theme to `/etc/pagure/pagure.cfg`::

    THEME = 'srcfpo'

Update `/etc/systemd/system/pagure.service` with env variables::

    Environment="PAGURE_PLUGINS_CONFIG=/srv/pagure-dist-git/pagure_distgit_config"
    Environment="PYTHONPATH=/srv/pagure-dist-git"

Stop the running pagure instance::

    $ pstop

Reload systemd daemons::

    $ sudo systemctl daemon-reload

Start the pagure instance again::

    $ pstart

Now you should have running instance of pagure with dist-git on `http://localhost:5000`.
Nice hacking! :-)

.. _Dist-Git: https://github.com/release-engineering/dist-git
