Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
x/build: give a few people access to delete TryBot-Result label, but not change it #21299
Currently we have a Gerrit group called "trybot-result-changers":
The intent of that group is that some people can delete TryBot-Result on failed flakes and cause the trybots to re-run.
But the way we implemented that group is this ACL:
(in All-Projects project.config)
I think we want to use this instead:
We want some people to be able to delete the gopherbot's TryBot-Result label, but not set it themselves.
Is that possible?
Leaving for @andybons
Oh, nevermind... this is indeed fixed. I thought you were just showing that you don't have permission to change it, whereas my concern was for people who did have the permission.
But I can see that I can both delete the TryBot-Result label and also not change it.
Let me look through the git history to see when & how that was fixed.
commit 9a62ff8f7f73852684d6fef26e57e679057ba655 Author: Filippo Valsorda <email@example.com> Date: Wed Jun 6 20:48:03 2018 +0000 Let trybot-result-changers change TryBot-Result Current permission only lets them cast it on their own behalf. Change-Id: I90c09cba2e157152de6946f592f9833537841827 Reviewed-on: https://go-review.googlesource.com/116760 Reviewed-by: Filippo Valsorda <firstname.lastname@example.org> diff --git a/project.config b/project.config index b3f86a9..0ab6c4a 100644 --- a/project.config +++ b/project.config @@ -52,9 +52,9 @@ editTopicName = group approvers label-Run-TryBot = +0..+1 group approvers label-Run-TryBot = +0..+1 group may-start-trybots - label-TryBot-Result = -1..+1 group trybot-result-changers editHashtags = group approvers editHashtags = group gobot + labelAs-TryBot-Result = group trybot-result-changers [access "refs/meta/config"] exclusiveGroupPermissions = read read = group Project Owners
commit e5f87f16b9926cde199b363057a18b853d9d71c0 Author: Filippo Valsorda <email@example.com> Date: Wed Jun 6 23:27:16 2018 +0000 Restore gobot's permission to cast TryBot-Result gobot was using its membership of trybot-result-changers to do that, but that group was switched to casting the vote on behalf of in I90c09cba2e157152de6946f592f9833537841827 Change-Id: I94df0d7c546ecef94f783ff1f175374773ab43cc Reviewed-on: https://go-review.googlesource.com/116764 Reviewed-by: Brad Fitzpatrick <firstname.lastname@example.org> diff --git a/project.config b/project.config index 0ab6c4a..c0e2b09 100644 --- a/project.config +++ b/project.config @@ -55,6 +55,7 @@ editHashtags = group approvers editHashtags = group gobot labelAs-TryBot-Result = group trybot-result-changers + label-TryBot-Result = -1..+1 group gobot [access "refs/meta/config"] exclusiveGroupPermissions = read read = group Project Owners
Ah, so it's "
Update: durr, the same docs I found and replied with two years ago.