能否为现有Git仓库配置Gerrit仅作为代码评审工具?
Absolutely, this setup is totally feasible—Gerrit’s flexible enough to be used purely as a code review tool without taking over your core Git workflow. Whether you want pre-merge or post-commit reviews, here’s how to pull it off:
核心思路
We’ll treat Gerrit as a review-only sidecar to your main Git server:
- Your existing Git repo stays the single source of truth (all pulls/pushes, permission management happen here)
- Gerrit mirrors your main repo to have the latest codebase for review context
- Developers push changes to Gerrit only for feedback (either before or after merging to your main repo)
- Once reviews are signed off, you merge changes directly in your main repo—Gerrit never handles the merge itself
分步配置
1. 初始化Gerrit并禁用不必要功能
First off, tweak Gerrit’s config to strip out non-review features like permission enforcement and auto-merging:
- Edit your Gerrit’s
gerrit.configfile (usually located in$GERRIT_SITE/etc/):[auth] type = DEVELOPMENT_BECOME_ANY_ACCOUNT # Skips strict permission checks (great for teams; use LDAP/OAuth in production with global review access) [sendemail] enable = true # Optional: Turn on email notifications for review requests/feedback [repository] defaultCloneSection = anonymous # Let anyone clone Gerrit’s mirror repo for context [change] submitWholeTopic = false # Disable Gerrit’s automatic commit submission [submit] mergeContent = false # Prevent Gerrit from handling merge operations - Restart Gerrit to apply these changes.
2. Sync Your Main Git Repo to Gerrit
Gerrit needs a copy of your code to show diffs and context. Set up an automatic mirror sync:
- In Gerrit’s web UI, create a new project with the exact same name as your main repo.
- On your main Git server, add a remote pointing to Gerrit:
git remote add gerrit ssh://<gerrit-user>@<gerrit-host>:<gerrit-port>/<repo-name>.git - Set up a cron job or post-receive hook to push updates from your main repo to Gerrit automatically:
# Example cron job (runs every 5 minutes to sync latest code) */5 * * * * cd /path/to/your/main/repo && git push gerrit --mirror
This ensures Gerrit always has the latest code from your main repo.
3. Configure Developer Workflows
Developers will work directly with your main Git server, and only push to Gerrit when they need a review:
Option A: Pre-Commit Review (Feedback Before Merging)
- Developers clone from your main server:
git clone ssh://<main-git-user>@<main-git-host>/<repo-name>.git - They make changes, commit locally, then push the commit to Gerrit’s review reference:
(Replacegit push ssh://<gerrit-user>@<gerrit-host>:<gerrit-port>/<repo-name>.git HEAD:refs/for/mainmainwith your target branch name) - Gerrit will auto-create a review request. Once approved, developers push the commit directly to your main repo.
Option B: Post-Commit Review (Feedback After Merging)
If you prefer reviewing commits after they’re merged to your main repo:
- After pushing to your main repo, developers push the same commit to Gerrit’s review ref for post-hoc feedback:
git push ssh://<gerrit-user>@<gerrit-host>:<gerrit-port>/<repo-name>.git <commit-hash>:refs/for/main - Gerrit will flag the commit as already merged, but reviewers can still leave comments and approvals for audit purposes.
4. Lock Down Gerrit Repo Permissions (Optional)
To prevent accidental pushes to Gerrit’s main branches (keeping your main repo as the only source of truth):
- In Gerrit’s web UI, go to Projects > Your Repo > Access
- Set permissions for
refs/heads/*to No Access for all users - Only grant access to
refs/for/*(review references) for all team members
Quick Notes to Keep in Mind
- Gerrit stays completely out of core repo operations: no merge conflict handling, no permission checks, no serving as your code’s source of truth.
- You get all Gerrit’s review features: inline comments, approval labels (like Code-Review +2), and full audit trails for feedback.
- If auto-sync feels overkill, developers can manually push the latest main branch to Gerrit whenever they need review context.
内容的提问来源于stack exchange,提问作者OkyDokyman
