What is “Install Verified label” in Gerrit?

What is “Install Verified label” in Gerrit?

The Verified label was originally invented by the Android Open Source Project to mean ‘compiles, passes basic unit tests’. Some CI tools expect to use the Verified label to vote on a change after running.

During site initialization the administrator may have chosen to configure the default Verified label for all projects. In case it is desired to configure it at a later time, administrators can do this by adding the following to project.config in All-Projects:

[label “Verified”]
function = MaxWithBlock
value = -1 Fails
value = 0 No score
value = +1 Verified
copyAllScoresIfNoCodeChange = true
The range of values is:

-1 Fails
Tried to compile, but got a compile error, or tried to run tests, but one or more tests did not pass.
Any -1 blocks submit.

0 No score
Didn’t try to perform the verification tasks.

+1 Verified
Compiled (and ran tests) successfully.
Any +1 enables submit.

For a change to be submittable, the change must have a +1 Verified in this label, and no -1 Fails. Thus, -1 Fails can block a submit, while +1 Verified enables a submit.

Additional values could also be added to this label, to allow it to behave more like Code-Review (below). Add -2 and +2 entries to the label.Verified.value fields in project.config to get the same behavior.

As an example, the popular gerrit-trigger plugin for Jenkins/Hudson can set labels at:

  • The start of a build
  • A successful build
  • An unstable build (tests fails)
  • A failed build

Usually the range chosen for this verdict is the Verified label. Depending on the size of your project and discipline of involved developers you might want to limit access right to the +1 Verified label to the CI system only. That way it’s guaranteed that submitted commits always get built and pass tests successfully.

If the build doesn’t complete successfully the CI system can set the Verified label to -1. However that means that a failed build will block submit of the change even if someone else sets Verified +1. Depending on the project and how much the CI system can be trusted for accurate results, a blocking label might not be feasible. A recommended alternative is to set the label Code-review to -1 instead, as it isn’t a blocking label but still shows a red label in the Gerrit UI. Optionally, to enable the possibility to deliver different results (build error vs unstable for instance), it’s also possible to set Code-review +1 as well.

If pushing new changes is granted, it’s possible to automate cherry-pick of submitted changes for upload to other branches under certain conditions. This is probably not the first step of what a project wants to automate however, and so the push right can be found under the optional section.

Suggested access rights to grant, that won’t block changes:
Read on ‘refs/heads/*’ and ‘refs/tags/*’
Label: Code-Review with range ‘-1’ to ‘0’ for ‘refs/heads/*’
Label: Verified with range ‘0’ to ‘+1’ for ‘refs/heads/*’

Optional access rights to grant:
Label: Code-Review with range ‘-1’ to ‘+1’ for ‘refs/heads/*’
Push to ‘refs/for/refs/heads/*’

Reference
https://gerrit-review.googlesource.com/Documentation/config-labels.html#label_Verified
https://gerrit-review.googlesource.com/Documentation/access-control.html#examples_cisystem
https://groups.google.com/forum/#!topic/repo-discuss/FdN29piSmEQ