Gerrit/workflow/ops

This is a rough proposal for Gerrit to better fit the operations/puppet.git workflow. The repository is maintained by WMF operation team and is also used by WMF non-ops staff as well as volunteers from the community. The repository has only one branch : "production".

Use cases
The workflow depends on the role of the user:


 * ops, minor change :
 * git push their commit
 * self approve their change


 * ops, work in progress change :
 * git push their commit
 * find a pair to review
 * get approved


 * non-ops
 * git push the commit
 * find an ops to review
 * op approve the change

Enhancement proposals
Various proposals were discussed:

refs/autoplustwo
Add a new reference system in Gerrit to have a change autoapproved. Something like refs/autoplustwo. When one git push origin master:refs/autoplustwo/master, Gerrit would autoapprove the change. The push to that ref tree would be restricted to ops. This is probably not trivial.

Plugin
Write a plugin for the RefUpdated hook in 2.5 that will handle auto-approval. This probably is doable, but would need a bit of work (less than above, though)

Jenkins/Gerrit Hooks
Cludge something together using either jenkins or the gerrit hooks to do this. It's what we did for L10n-bot, and is pretty easy to setup. Only caveat: would need some way to indicate (in the commit msg?) that a commit *should not* be merged yet.