Page MenuHomeSoftware Heritage

external contributions: permission issue with staging area when `arc diff`
Closed, ResolvedPublic

Description

As per T1519#27966, permission issue exists regarding the staging area.

for that particular instance, the staging area set for the webapp repository is indeed using an ssh://git@forge.softwareheritage.org access.

Possibilities as far as i can see so far:

  • Do we use an https url instead? That's what we did for the git repositories of the swh-environment for example.
  • Do we use arc's --skip-staging flag as mentioned by the author? Thus updating the wiki page [1] for that.
  • Disable the staging area? I'm not sure it's used so far (we talked at some point to use it for the limitations we currently have on ci building stacked diffs IIRC)

[1] https://wiki.softwareheritage.org/wiki/Code_review_in_Phabricator

Event Timeline

ardumont triaged this task as Normal priority.Feb 8 2019, 8:55 AM
ardumont created this task.
ardumont updated the task description. (Show Details)Feb 8 2019, 8:59 AM
olasd added a subscriber: olasd.Feb 8 2019, 10:18 AM

One more possibility is to document that people need to setup an ssh key on their account to be able to push their changes.

Using a https URL for the staging area means people have to type their Phabricator password each time they create a diff (if they don't have pushInsteadOf set up); I'm not too keen on that.

Disabling the staging area will not let us use the staging area (duh), and we should really work on using them (https://secure.phabricator.com/book/phabricator/article/harbormaster/#change-handoff recommends them) so it's not great.

--skip-staging will prevent tools using the staging area which is bad when we start actually using them.

After unrolling everything, I guess a sensible compromise would be

  • use https for the staging area configuration (which will allow people to push it even if nothing is configured, by just typing their password)
  • make sure people configure a ssh key and git's pushInsteadOf setting (so that they don't _have_ to type their password)
ardumont updated the task description. (Show Details)Feb 8 2019, 10:29 AM

sounds like a plan!

use https for the staging area configuration (which will allow people to push it even if nothing is configured, by just typing their password)

That'd mean also to change that uri to be read/write, it's read-only for now.

olasd added a comment.Feb 8 2019, 11:54 AM

use https for the staging area configuration (which will allow people to push it even if nothing is configured, by just typing their password)

That'd mean also to change that uri to be read/write, it's read-only for now.

That's done now.

olasd added a comment.Feb 8 2019, 12:24 PM

I've moved the repositories that need it to have their staging area set to https.

As it turns out, there's *also* a hoop to go through if one wants to push via HTTP: Phabricator wants you to add a VCS password to your account, separate from your account password (which is, IMO, a good thing!).

So either way we need to document this in our contribution documentation. I guess I'll document both the VCS password approach and the ssh key + pushInsteadOf approach.

olasd added a comment.Feb 8 2019, 1:15 PM

I've documented the extra hoops people need to jump through for git push to work on https://wiki.softwareheritage.org/index.php?title=Code_review_in_Phabricator&type=revision&diff=964&oldid=899

Thanks by the way!

ardumont closed this task as Resolved.Feb 9 2019, 9:58 AM
ardumont claimed this task.

with your proposal, implementation, and documentation updated, this can be closed.