Google Gerrit

By -

About Me !

What is Gerrit

  • Web based code review tool
  • Repository management for Git
  • Workflow management
  • Integrated access control
  • Extend using server side plugins


  • 100% pure Java SSH and HTTP Git backend
    • Powered by JGit
  • GWT Web-view administration
    • Users and Groups
    • Project and branch security
    • Git repository browsing
  • Git repository replication engine
  • Code collaboration and review
  • Code validation through Jenkins Triggers


  • Apache 2.0
  • 93 included dependencies (Mostly Apache2.0, BSD, MPL1.1., EPL)
  • Latest release 2.11.5
  • 9 years old

Code Review

  • Web based review
  • Read code. Comment on code. Make better code

Repository Mgmt

  • Fine Grained ACLs
  • Repository and branch level access controls.

Workflow Mgmt

Acsess Mgmt

Empowered with Plugins

Gerrit Code Review can be extended and further customized by installing server-side plugins.

How to Install Gerrit

  • WAR file (Tomcat, Jetty etc)
  • Self contained daemon (with embedded Jetty)


  • JDK 1.7
  • Database (MySql, PostgreSQL, Embedded H2)

Download Gerrit

Database Setup

  • If you choose H2, Gerrit will automatically set up the embedded H2 database as backend so no set up or configuration is necessary.


Installation support

  • Database Support
    • For accounts, groups, metadata in database
    • PostgreSQL, MySQL, or embedded H2
  • Directory Support
    • OpenID authentication (google, yahoo etc)
    • LDAP (Users and Groups)
  • HTTP
    • Embedded Jetty
    • Deployment of WAR to Tomcat, Jetty, etc.
  • SSH
    • Embedded pure java SSH daemon on port 29418 (configurable)


  • Central git repository for entire team
  • Code review are at commit level
  • 5 New commits, 5 new reviews
  • Search the dashboards show relevant review spanning repositories

Workflow cont..

  • git clone url
  • git commit -m"this is fix"
  • git push origin HEAD:refs/for/master

Gerrit: high level workflow

Cool, isn't it ?

  • Gerrit allow "automatic" topic-branches
  • Triggers with Jenkins branch validation
  • Enforce collective code-ownership
    • People "interacts" with the code changes
    • Discussion on style and architecture
    • Democratic voting (+1 / -1)
  • Project history
    • Reason behind changes is recorded in code-review

See Gerrit "live" in action

1 . Create a User for host the Gerrit Service

  • $ sudo adduser gerrit2
  • $ sudo su gerrit2

2. Set-up

  • Option-A: download and install
  • Option-B: Gerrit as hosted service
    • (free for OpenSource projects)
    • (free up to 10 users)
    • Gerrit Config - $site_path/etc/gerrit.config

3. Add SSH keys

3. Talk to Gerrit via SSH

  • Gerrit SSH console
    • Listen at 29418 port
    • Not a real SSH server (just Gerrit listening)

4. Create a Gerrit project

  • Gerrit Project is:
    • Git repository (use "path notation" to organise projects)
    • Access permissions
    • Code-review and change-sets
  • Option-A: use Gerrit SSH command $ ssh -p 29418 lmilanesio@localhost gerrit create-project lmit/33degree
  • Option-B: user the provider-specific page

5. Clone repo from Gerrit

  • Git SSH repository URL is:
  • ssh://<user>@<host>:29418/<Gerrit project>.git
  • Gerrit supports HTTP or HTTP/S repository URL:
  • http://<Gerrit URL>/p/<Gerrit project>.git
NOTE: For HTTP authentication, put your credentials on ~/.netrc file
machine <hostname> login <username> password <password>

6. Gerrit Change-Id

  • SHA-1 GUID of a change-set under review
  • MUST be last line of commit msg

Now all Git commit will auto-generate a Change-Id !

7. Submit a change for review

  • Change for review committed locally
  • Push to refs/for/<branch> for submitting local Git changes for review on <branch>

8. Verify change against CI

9. Additional patch-set to Change-Id

  • Fix the problem locally
  • Amend the commit (same Change-Id)
  • Push again to refs/for/ for adding one extra change-set

10. Change-Id is validated against CI

11. Review and comment changes

12. Review merge and submit change

  • One or more reviewers can "vote" for the change
  • Authorised users can then "Submit" the change.
  • Change is automatically merged to master

13. Master build is triggered ... SUCCESS !!

... is just about code-review then ?

Credits and resources

Slides available at Follow me: @lucamilanesio

Gerrit: just code-review then ?

  • Git Security - Groups
    • Define different "roles" in the project
    • System groups
      • Anonymous users: use for public projects
      • Registered Users: all users
      • Administrators: to administer Gerrit
      • Project Owners: to administer projects
      • Non-interactive Users: for CI or batch operations
    • Groups can be hierarchical (groups of groups)

Define groups and members

Putting all together with projects

  • Git Security: rights to projects
    • Define access rights to Git operations
    • Control the Gerrit identity vs Git author / committer
    • Delegate project administration
    • Assign code-review voting range rights
    • Define who can submit and merge changes
    • Organise project rights hirarchically

Define project access rights per refspec

Assign access rights to Groups


... and Gerrit replication

Gerrit UI

Questions ???

Thanks !!