Merge branch 'gh-import-ssl-verification-configurable' into 'master'

Allow SSL verification to be configurable when importing GitHub projects

Closes gitlab-org/gitlab-ce#14190

See merge request !260

CHANGELOG

@@ -26,6 +26,7 @@ v 8.6.0 (unreleased)
   - Show labels in dashboard and group milestone views
   - Add main language of a project in the list of projects (Tiago Botelho)
   - Add ability to show archived projects on dashboard, explore and group pages
+  - Allow SSL verification to be configurable when importing GitHub projects
 
 v 8.5.5
   - Ensure removing a project removes associated Todo entries

config/gitlab.yml.example

@@ -419,6 +419,7 @@ production: &base
       #     app_id: 'YOUR_APP_ID',
       #     app_secret: 'YOUR_APP_SECRET',
       #     url: "https://github.com/",
+      #     verify_ssl: true,
       #     args: { scope: 'user:email' } }
       # - { name: 'bitbucket',
       #     app_id: 'YOUR_APP_ID',

lib/gitlab/github_import/client.rb

@@ -12,7 +12,14 @@ module Gitlab
 
         if access_token
           ::Octokit.auto_paginate = true
-          @api = ::Octokit::Client.new(access_token: access_token, api_endpoint: github_options[:site])
+
+          @api = ::Octokit::Client.new(
+            access_token: access_token,
+            api_endpoint: github_options[:site],
+            connection_options: {
+              ssl: { verify: config.verify_ssl }
+            }
+          )
         end
       end
 

spec/lib/gitlab/github_import/client_spec.rb

@@ -16,6 +16,17 @@ describe Gitlab::GithubImport::Client, lib: true do
     end
   end
 
+
+  context 'allow SSL verification to be configurable on API' do
+    before do
+      github_provider['verify_ssl'] = false
+    end
+
+    it 'uses supplied value' do
+      expect(client.api.connection_options[:ssl]).to eq({ verify: false })
+    end
+  end
+
   context 'when provider does not specity an API endpoint' do
     it 'uses GitHub root API endpoint' do
       expect(client.api.api_endpoint).to eq 'https://api.github.com/'