1. 19 Dec, 2016 9 commits
    • Yorick Peterse's avatar
      Smarter refreshing of authorized projects · f73193c3
      Yorick Peterse authored
      Prior to this commit the refreshing of authorized projects was done in
      two steps:
      
      1. Remove existing authorizations
      2. Insert a new list of all authorizations
      
      This can lead to a high amount of dead tuples as every time all rows are
      being replaced. For example, if a user with 100 authorizations is given
      access to a new project this would lead to:
      
      * 100 rows being removed
      * 101 new rows being inserted
      
      This commit changes the way this system works so it only removes/inserts
      what is necessary. Using the above example this would lead to only 1 new
      row being inserted, with the initial 100 being left untouched.
      
      Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/25257
      f73193c3
    • Grzegorz Bizon's avatar
      Merge branch 'fix/ci-readme-typo' into 'master' · a50cd9eb
      Grzegorz Bizon authored
      Fix small typo in CI readme
      
      fix typo
      
      See merge request !8167
      a50cd9eb
    • Douglas Barbosa Alexandre's avatar
      Merge branch '25301-git-2.11-force-push-bug' into 'master' · 022242c3
      Douglas Barbosa Alexandre authored
      Accept environment variables from the `pre-receive` script
      
      ## Summary
      
      1. Starting version 2.11, git changed the way the pre-receive flow works.
        - Previously, the new potential objects would be added to the main repo. If the pre-receive passes, the new objects stay in the repo but are linked up. If the pre-receive fails, the new objects stay orphaned in the repo, and are cleaned up during the next `git gc`.
        - In 2.11, the new potential objects are added to a temporary "alternate object directory", that git creates for this purpose. If the pre-receive passes, the objects from the alternate object directory are migrated to the main repo. If the pre-receive fails the alternate object directory is simply deleted.
      2. In our workflow, the pre-recieve script (in `gitlab-shell`) calls the
         `/allowed` endpoint, which calls out directly to git to perform
         various checks. These direct calls to git do _not_ have the necessary
         environment variables set which allow access to the "alternate object
         directory" (explained above). Therefore these calls to git are not able to
         access any of the new potential objects to be added during this push.
      
      3. We fix this by accepting the relevant environment variables
         (`GIT_ALTERNATE_OBJECT_DIRECTORIES`, `GIT_OBJECT_DIRECTORY`, and
         `GIT_QUARANTINE_PATH`) on the `/allowed` endpoint, and then include
         these environment variables while calling out to git.
      
      4. This commit includes these environment variables while making the "force
         push" check.
      
      ## Issue Numbers
      
      - Closes #25301 (assuming the corresponding `gitlab-shell` MR has been merged in first)
      - Corresponding `gitlab-shell` MR: gitlab-org/gitlab-shell!112
      - Corresponding EE MR: gitlab-org/gitlab-ee!964
      
      ## Tasks
      
      -  [#25301/!7967/!112] Git version 2.11.0 - Can't push to protected branch as master or developer
          - [x]  Investigate
          - [x]  Implementation
              - [x]  `force_push.rb` should use the relevant environment variables
              - [x]  Any other instances of `/allowed` calling out to git directly? 
              - [x]  Verify that the fix works over SSH as well
              - [x]  Can we trim the number of env variables? Do we need all 3?
              - [x]  Whitelist variables. Server shouldn't pass through _any_ env variable passed in
              - [x]  Any security implications?
              - [x]  Check for force push return code
              - [x]  Shouldn't be able to opt-out from the force push check by passing an env variable
          - [x]  Tests
              - [x]  CE
                  - [x]  Added
                  - [x]  Passing
              - [x]  Shell
                  - [x]  Added
                  - [x]  Passing
          - [x]  Meta
              - [x]  CHANGELOG entry created
              - [x]  Branch has no merge conflicts with `master`
              - [x]  Squashed related commits together
              - [x]  EE merge request
          - [x]  Review
              - [x]  Endboss
          - [ ]  Follow-up
              - [x]  Make sure EE is working as expected
              - [x]  [CE] Gitlab changes without gitlab-shell changes shouldn't raise any exceptions
              - [x]  [CE] Gitlab-shell changes without gitlab changes shouldn't raise any exceptions
              - [x]  [EE] Gitlab changes without gitlab-shell changes shouldn't raise any exceptions
              - [x]  [EE] Gitlab-shell changes without gitlab changes shouldn't raise any exceptions
          - [ ]  Wait for merge
              - [ ]  CE
              - [ ]  EE
              - [x]  Shell
      
      
      See merge request !7967
      022242c3
    • Rémy Coutable's avatar
      Merge branch 'dockerfile-templates' into 'master' · 2c49c1af
      Rémy Coutable authored
      Allow to use Dockerfile templates
      
      See merge request !7247
      2c49c1af
    • Rémy Coutable's avatar
      Merge branch 'move-admin-application-spinach-test-to-rspec' into 'master' · 4f77a3f8
      Rémy Coutable authored
      Move admin application spinach test to RSpec
      
      Part of #23036
      
      See merge request !8140
      4f77a3f8
    • Rémy Coutable's avatar
      Merge branch 'deploy-keys-to-rspec' into 'master' · 0b2782f2
      Rémy Coutable authored
      Move admin deploy keys spinach test to RSpec
      
      Part of #23036
      
      See merge request !8141
      0b2782f2
    • James Lopez's avatar
      Fix typo · cfd1c6a5
      James Lopez authored
      cfd1c6a5
    • Stan Hu's avatar
      Merge branch 'fix-groups-helper-spec' into 'master' · 5be894fd
      Stan Hu authored
      Always use `fixture_file_upload` helper to upload files in tests.
      
      ## What does this MR do?
      
      Fix a broken spec.
      
      ## Are there points in the code the reviewer needs to double check?
      
      ## Why was this MR needed?
      
      ## Screenshots (if relevant)
      
      ## Does this MR meet the acceptance criteria?
      
      - [ ] [Changelog entry](https://docs.gitlab.com/ce/development/changelog.html) added
      - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
      - [ ] API support added
      - Tests
        - [ ] Added for this feature/bug
        - [ ] All builds are passing
      - [ ] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
      - [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
      - [ ] Branch has no merge conflicts with `master` (if it does - rebase it please)
      - [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)
      
      ## What are the relevant issue numbers?
      
      See merge request !8164
      5be894fd
    • Ruben Davila's avatar
      Always use `fixture_file_upload` helper to upload files in tests. · f8dde43d
      Ruben Davila authored
      * Also is not a good idea to use File.open without closing the file
        handler. We should use it with a block or close it explicitly.
      f8dde43d
  2. 18 Dec, 2016 5 commits
  3. 17 Dec, 2016 12 commits
  4. 16 Dec, 2016 14 commits