Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-shell
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-shell
Commits
7354e1b8
Commit
7354e1b8
authored
Apr 13, 2015
by
Dmitriy Zaporozhets
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'master' of gitlab.com:gitlab-org/gitlab-shell
parents
46b92499
bf34fa78
Changes
7
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
47 additions
and
58 deletions
+47
-58
bin/gitlab-shell
bin/gitlab-shell
+4
-1
hooks/post-receive
hooks/post-receive
+3
-0
lib/gitlab_custom_hook.rb
lib/gitlab_custom_hook.rb
+5
-8
lib/gitlab_post_receive.rb
lib/gitlab_post_receive.rb
+0
-4
lib/gitlab_shell.rb
lib/gitlab_shell.rb
+13
-12
spec/gitlab_post_receive_spec.rb
spec/gitlab_post_receive_spec.rb
+0
-8
spec/gitlab_shell_spec.rb
spec/gitlab_shell_spec.rb
+22
-25
No files found.
bin/gitlab-shell
View file @
7354e1b8
...
@@ -5,6 +5,9 @@ unless ENV['SSH_CONNECTION']
...
@@ -5,6 +5,9 @@ unless ENV['SSH_CONNECTION']
exit
exit
end
end
key_id
=
/key-[0-9]+/
.
match
(
ARGV
.
join
).
to_s
original_cmd
=
ENV
[
'SSH_ORIGINAL_COMMAND'
]
require_relative
'../lib/gitlab_init'
require_relative
'../lib/gitlab_init'
#
#
...
@@ -14,7 +17,7 @@ require_relative '../lib/gitlab_init'
...
@@ -14,7 +17,7 @@ require_relative '../lib/gitlab_init'
#
#
require
File
.
join
(
ROOT_PATH
,
'lib'
,
'gitlab_shell'
)
require
File
.
join
(
ROOT_PATH
,
'lib'
,
'gitlab_shell'
)
if
GitlabShell
.
new
.
exec
if
GitlabShell
.
new
(
key_id
,
original_cmd
)
.
exec
exit
0
exit
0
else
else
exit
1
exit
1
...
...
hooks/post-receive
View file @
7354e1b8
...
@@ -7,6 +7,9 @@ refs = ARGF.read
...
@@ -7,6 +7,9 @@ refs = ARGF.read
key_id
=
ENV
[
'GL_ID'
]
key_id
=
ENV
[
'GL_ID'
]
repo_path
=
Dir
.
pwd
repo_path
=
Dir
.
pwd
# reset GL_ID env since we already got its value
ENV
[
'GL_ID'
]
=
nil
require_relative
'../lib/gitlab_custom_hook'
require_relative
'../lib/gitlab_custom_hook'
require_relative
'../lib/gitlab_post_receive'
require_relative
'../lib/gitlab_post_receive'
...
...
lib/gitlab_custom_hook.rb
View file @
7354e1b8
...
@@ -4,24 +4,21 @@ class GitlabCustomHook
...
@@ -4,24 +4,21 @@ class GitlabCustomHook
def
pre_receive
(
changes
,
repo_path
)
def
pre_receive
(
changes
,
repo_path
)
hook
=
hook_file
(
'pre-receive'
,
repo_path
)
hook
=
hook_file
(
'pre-receive'
,
repo_path
)
return
true
if
hook
.
nil?
return
true
if
hook
.
nil?
if
call_receive_hook
(
hook
,
changes
)
return
true
call_receive_hook
(
hook
,
changes
)
else
# reset GL_ID env since we stop git push here
ENV
[
'GL_ID'
]
=
nil
return
false
end
end
end
def
post_receive
(
changes
,
repo_path
)
def
post_receive
(
changes
,
repo_path
)
hook
=
hook_file
(
'post-receive'
,
repo_path
)
hook
=
hook_file
(
'post-receive'
,
repo_path
)
return
true
if
hook
.
nil?
return
true
if
hook
.
nil?
call_receive_hook
(
hook
,
changes
)
?
true
:
false
call_receive_hook
(
hook
,
changes
)
end
end
def
update
(
ref_name
,
old_value
,
new_value
,
repo_path
)
def
update
(
ref_name
,
old_value
,
new_value
,
repo_path
)
hook
=
hook_file
(
'update'
,
repo_path
)
hook
=
hook_file
(
'update'
,
repo_path
)
return
true
if
hook
.
nil?
return
true
if
hook
.
nil?
system
(
hook
,
ref_name
,
old_value
,
new_value
)
system
(
hook
,
ref_name
,
old_value
,
new_value
)
end
end
...
...
lib/gitlab_post_receive.rb
View file @
7354e1b8
...
@@ -13,10 +13,6 @@ class GitlabPostReceive
...
@@ -13,10 +13,6 @@ class GitlabPostReceive
end
end
def
exec
def
exec
# reset GL_ID env since we already
# get value from it
ENV
[
'GL_ID'
]
=
nil
result
=
update_redis
result
=
update_redis
begin
begin
...
...
lib/gitlab_shell.rb
View file @
7354e1b8
...
@@ -7,11 +7,13 @@ class GitlabShell
...
@@ -7,11 +7,13 @@ class GitlabShell
class
DisallowedCommandError
<
StandardError
;
end
class
DisallowedCommandError
<
StandardError
;
end
class
InvalidRepositoryPathError
<
StandardError
;
end
class
InvalidRepositoryPathError
<
StandardError
;
end
GIT_COMMANDS
=
%w(git-upload-pack git-receive-pack git-upload-archive git-annex-shell)
.
freeze
attr_accessor
:key_id
,
:repo_name
,
:git_cmd
,
:repos_path
,
:repo_name
attr_accessor
:key_id
,
:repo_name
,
:git_cmd
,
:repos_path
,
:repo_name
def
initialize
def
initialize
(
key_id
,
origin_cmd
)
@key_id
=
/key-[0-9]+/
.
match
(
ARGV
.
join
).
to_s
@key_id
=
key_id
@origin_cmd
=
ENV
[
'SSH_ORIGINAL_COMMAND'
]
@origin_cmd
=
origin_cmd
@config
=
GitlabConfig
.
new
@config
=
GitlabConfig
.
new
@repos_path
=
@config
.
repos_path
@repos_path
=
@config
.
repos_path
end
end
...
@@ -24,12 +26,7 @@ class GitlabShell
...
@@ -24,12 +26,7 @@ class GitlabShell
parse_cmd
parse_cmd
raise
DisallowedCommandError
unless
git_cmds
.
include?
(
@git_cmd
)
verify_access
ENV
[
'GL_ID'
]
=
@key_id
status
=
api
.
check_access
(
@git_cmd
,
@repo_name
,
@key_id
,
'_any'
)
raise
AccessDeniedError
,
status
.
message
unless
status
.
allowed?
process_cmd
process_cmd
...
@@ -60,6 +57,8 @@ class GitlabShell
...
@@ -60,6 +57,8 @@ class GitlabShell
args
=
Shellwords
.
shellwords
(
@origin_cmd
)
args
=
Shellwords
.
shellwords
(
@origin_cmd
)
@git_cmd
=
args
.
first
@git_cmd
=
args
.
first
raise
DisallowedCommandError
unless
GIT_COMMANDS
.
include?
(
@git_cmd
)
if
@git_cmd
==
'git-annex-shell'
if
@git_cmd
==
'git-annex-shell'
raise
DisallowedCommandError
unless
@config
.
git_annex_enabled?
raise
DisallowedCommandError
unless
@config
.
git_annex_enabled?
...
@@ -73,8 +72,10 @@ class GitlabShell
...
@@ -73,8 +72,10 @@ class GitlabShell
end
end
end
end
def
git_cmds
def
verify_access
%w(git-upload-pack git-receive-pack git-upload-archive git-annex-shell)
status
=
api
.
check_access
(
@git_cmd
,
@repo_name
,
@key_id
,
'_any'
)
raise
AccessDeniedError
,
status
.
message
unless
status
.
allowed?
end
end
def
process_cmd
def
process_cmd
...
@@ -105,7 +106,7 @@ class GitlabShell
...
@@ -105,7 +106,7 @@ class GitlabShell
# This method is not covered by Rspec because it ends the current Ruby process.
# This method is not covered by Rspec because it ends the current Ruby process.
def
exec_cmd
(
*
args
)
def
exec_cmd
(
*
args
)
Kernel
::
exec
({
'PATH'
=>
ENV
[
'PATH'
],
'LD_LIBRARY_PATH'
=>
ENV
[
'LD_LIBRARY_PATH'
],
'GL_ID'
=>
ENV
[
'GL_ID'
]
},
*
args
,
unsetenv_others:
true
)
Kernel
::
exec
({
'PATH'
=>
ENV
[
'PATH'
],
'LD_LIBRARY_PATH'
=>
ENV
[
'LD_LIBRARY_PATH'
],
'GL_ID'
=>
@key_id
},
*
args
,
unsetenv_others:
true
)
end
end
def
api
def
api
...
...
spec/gitlab_post_receive_spec.rb
View file @
7354e1b8
...
@@ -24,14 +24,6 @@ describe GitlabPostReceive do
...
@@ -24,14 +24,6 @@ describe GitlabPostReceive do
allow
(
gitlab_post_receive
).
to
receive
(
:system
).
and_return
(
true
)
allow
(
gitlab_post_receive
).
to
receive
(
:system
).
and_return
(
true
)
end
end
it
"resets the GL_ID environment variable"
do
ENV
[
"GL_ID"
]
=
actor
gitlab_post_receive
.
exec
expect
(
ENV
[
"GL_ID"
]).
to
be_nil
end
it
"prints the broadcast message"
do
it
"prints the broadcast message"
do
expect
(
gitlab_post_receive
).
to
receive
(
:puts
).
ordered
expect
(
gitlab_post_receive
).
to
receive
(
:puts
).
ordered
expect
(
gitlab_post_receive
).
to
receive
(
:puts
).
with
(
expect
(
gitlab_post_receive
).
to
receive
(
:puts
).
with
(
...
...
spec/gitlab_shell_spec.rb
View file @
7354e1b8
...
@@ -13,7 +13,7 @@ describe GitlabShell do
...
@@ -13,7 +13,7 @@ describe GitlabShell do
subject
do
subject
do
ARGV
[
0
]
=
key_id
ARGV
[
0
]
=
key_id
GitlabShell
.
new
.
tap
do
|
shell
|
GitlabShell
.
new
(
key_id
,
ssh_cmd
)
.
tap
do
|
shell
|
shell
.
stub
(
exec_cmd: :exec_called
)
shell
.
stub
(
exec_cmd: :exec_called
)
shell
.
stub
(
api:
api
)
shell
.
stub
(
api:
api
)
end
end
...
@@ -27,6 +27,7 @@ describe GitlabShell do
...
@@ -27,6 +27,7 @@ describe GitlabShell do
end
end
let
(
:key_id
)
{
"key-
#{
rand
(
100
)
+
100
}
"
}
let
(
:key_id
)
{
"key-
#{
rand
(
100
)
+
100
}
"
}
let
(
:ssh_cmd
)
{
nil
}
let
(
:tmp_repos_path
)
{
File
.
join
(
ROOT_PATH
,
'tmp'
,
'repositories'
)
}
let
(
:tmp_repos_path
)
{
File
.
join
(
ROOT_PATH
,
'tmp'
,
'repositories'
)
}
before
do
before
do
...
@@ -34,7 +35,7 @@ describe GitlabShell do
...
@@ -34,7 +35,7 @@ describe GitlabShell do
end
end
describe
:initialize
do
describe
:initialize
do
before
{
ssh_cmd
'git-receive-pack'
}
let
(
:ssh_cmd
)
{
'git-receive-pack'
}
its
(
:key_id
)
{
should
==
key_id
}
its
(
:key_id
)
{
should
==
key_id
}
its
(
:repos_path
)
{
should
==
tmp_repos_path
}
its
(
:repos_path
)
{
should
==
tmp_repos_path
}
...
@@ -43,8 +44,9 @@ describe GitlabShell do
...
@@ -43,8 +44,9 @@ describe GitlabShell do
describe
:parse_cmd
do
describe
:parse_cmd
do
describe
'git'
do
describe
'git'
do
context
'w/o namespace'
do
context
'w/o namespace'
do
let
(
:ssh_cmd
)
{
'git-upload-pack gitlab-ci.git'
}
before
do
before
do
ssh_cmd
'git-upload-pack gitlab-ci.git'
subject
.
send
:parse_cmd
subject
.
send
:parse_cmd
end
end
...
@@ -53,8 +55,9 @@ describe GitlabShell do
...
@@ -53,8 +55,9 @@ describe GitlabShell do
end
end
context
'namespace'
do
context
'namespace'
do
let
(
:ssh_cmd
)
{
'git-upload-pack dmitriy.zaporozhets/gitlab-ci.git'
}
before
do
before
do
ssh_cmd
'git-upload-pack dmitriy.zaporozhets/gitlab-ci.git'
subject
.
send
:parse_cmd
subject
.
send
:parse_cmd
end
end
...
@@ -63,7 +66,7 @@ describe GitlabShell do
...
@@ -63,7 +66,7 @@ describe GitlabShell do
end
end
context
'with an invalid number of arguments'
do
context
'with an invalid number of arguments'
do
before
{
ssh_cmd
'foobar'
}
let
(
:ssh_cmd
)
{
'foobar'
}
it
"should raise an DisallowedCommandError"
do
it
"should raise an DisallowedCommandError"
do
expect
{
subject
.
send
:parse_cmd
}.
to
raise_error
(
GitlabShell
::
DisallowedCommandError
)
expect
{
subject
.
send
:parse_cmd
}.
to
raise_error
(
GitlabShell
::
DisallowedCommandError
)
...
@@ -74,6 +77,8 @@ describe GitlabShell do
...
@@ -74,6 +77,8 @@ describe GitlabShell do
describe
'git-annex'
do
describe
'git-annex'
do
let
(
:repo_path
)
{
File
.
join
(
tmp_repos_path
,
'dzaporozhets/gitlab.git'
)
}
let
(
:repo_path
)
{
File
.
join
(
tmp_repos_path
,
'dzaporozhets/gitlab.git'
)
}
let
(
:ssh_cmd
)
{
'git-annex-shell inannex /~/dzaporozhets/gitlab.git SHA256E'
}
before
do
before
do
GitlabConfig
.
any_instance
.
stub
(
git_annex_enabled?:
true
)
GitlabConfig
.
any_instance
.
stub
(
git_annex_enabled?:
true
)
...
@@ -82,7 +87,6 @@ describe GitlabShell do
...
@@ -82,7 +87,6 @@ describe GitlabShell do
cmd
=
%W(git --git-dir=
#{
repo_path
}
init --bare)
cmd
=
%W(git --git-dir=
#{
repo_path
}
init --bare)
system
(
*
cmd
)
system
(
*
cmd
)
ssh_cmd
'git-annex-shell inannex /~/dzaporozhets/gitlab.git SHA256E'
subject
.
send
:parse_cmd
subject
.
send
:parse_cmd
end
end
...
@@ -97,7 +101,7 @@ describe GitlabShell do
...
@@ -97,7 +101,7 @@ describe GitlabShell do
describe
:exec
do
describe
:exec
do
context
'git-upload-pack'
do
context
'git-upload-pack'
do
before
{
ssh_cmd
'git-upload-pack gitlab-ci.git'
}
let
(
:ssh_cmd
)
{
'git-upload-pack gitlab-ci.git'
}
after
{
subject
.
exec
}
after
{
subject
.
exec
}
it
"should process the command"
do
it
"should process the command"
do
...
@@ -108,10 +112,6 @@ describe GitlabShell do
...
@@ -108,10 +112,6 @@ describe GitlabShell do
subject
.
should_receive
(
:exec_cmd
).
with
(
"git-upload-pack"
,
File
.
join
(
tmp_repos_path
,
'gitlab-ci.git'
))
subject
.
should_receive
(
:exec_cmd
).
with
(
"git-upload-pack"
,
File
.
join
(
tmp_repos_path
,
'gitlab-ci.git'
))
end
end
it
"should set the GL_ID environment variable"
do
ENV
.
should_receive
(
"[]="
).
with
(
"GL_ID"
,
key_id
)
end
it
"should log the command execution"
do
it
"should log the command execution"
do
message
=
"gitlab-shell: executing git command "
message
=
"gitlab-shell: executing git command "
message
<<
"<git-upload-pack
#{
File
.
join
(
tmp_repos_path
,
'gitlab-ci.git'
)
}
> "
message
<<
"<git-upload-pack
#{
File
.
join
(
tmp_repos_path
,
'gitlab-ci.git'
)
}
> "
...
@@ -126,7 +126,7 @@ describe GitlabShell do
...
@@ -126,7 +126,7 @@ describe GitlabShell do
end
end
context
'git-receive-pack'
do
context
'git-receive-pack'
do
before
{
ssh_cmd
'git-receive-pack gitlab-ci.git'
}
let
(
:ssh_cmd
)
{
'git-receive-pack gitlab-ci.git'
}
after
{
subject
.
exec
}
after
{
subject
.
exec
}
it
"should process the command"
do
it
"should process the command"
do
...
@@ -146,7 +146,7 @@ describe GitlabShell do
...
@@ -146,7 +146,7 @@ describe GitlabShell do
end
end
context
'arbitrary command'
do
context
'arbitrary command'
do
before
{
ssh_cmd
'arbitrary command'
}
let
(
:ssh_cmd
)
{
'arbitrary command'
}
after
{
subject
.
exec
}
after
{
subject
.
exec
}
it
"should not process the command"
do
it
"should not process the command"
do
...
@@ -163,8 +163,7 @@ describe GitlabShell do
...
@@ -163,8 +163,7 @@ describe GitlabShell do
end
end
end
end
context
'no command'
do
context
'no command'
do
before
{
ssh_cmd
nil
}
after
{
subject
.
exec
}
after
{
subject
.
exec
}
it
"should call api.discover"
do
it
"should call api.discover"
do
...
@@ -173,8 +172,9 @@ describe GitlabShell do
...
@@ -173,8 +172,9 @@ describe GitlabShell do
end
end
context
"failed connection"
do
context
"failed connection"
do
let
(
:ssh_cmd
)
{
'git-upload-pack gitlab-ci.git'
}
before
{
before
{
ssh_cmd
'git-upload-pack gitlab-ci.git'
api
.
stub
(
:check_access
).
and_raise
(
GitlabNet
::
ApiUnreachableError
)
api
.
stub
(
:check_access
).
and_raise
(
GitlabNet
::
ApiUnreachableError
)
}
}
after
{
subject
.
exec
}
after
{
subject
.
exec
}
...
@@ -189,9 +189,10 @@ describe GitlabShell do
...
@@ -189,9 +189,10 @@ describe GitlabShell do
end
end
describe
'git-annex'
do
describe
'git-annex'
do
let
(
:ssh_cmd
)
{
'git-annex-shell commit /~/gitlab-ci.git SHA256'
}
before
do
before
do
GitlabConfig
.
any_instance
.
stub
(
git_annex_enabled?:
true
)
GitlabConfig
.
any_instance
.
stub
(
git_annex_enabled?:
true
)
ssh_cmd
'git-annex-shell commit /~/gitlab-ci.git SHA256'
end
end
after
{
subject
.
exec
}
after
{
subject
.
exec
}
...
@@ -203,7 +204,7 @@ describe GitlabShell do
...
@@ -203,7 +204,7 @@ describe GitlabShell do
end
end
describe
:validate_access
do
describe
:validate_access
do
before
{
ssh_cmd
'git-upload-pack gitlab-ci.git'
}
let
(
:ssh_cmd
)
{
'git-upload-pack gitlab-ci.git'
}
after
{
subject
.
exec
}
after
{
subject
.
exec
}
it
"should call api.check_access"
do
it
"should call api.check_access"
do
...
@@ -220,7 +221,7 @@ describe GitlabShell do
...
@@ -220,7 +221,7 @@ describe GitlabShell do
end
end
describe
:exec_cmd
do
describe
:exec_cmd
do
let
(
:shell
)
{
GitlabShell
.
new
}
let
(
:shell
)
{
GitlabShell
.
new
(
key_id
,
ssh_cmd
)
}
before
{
Kernel
.
stub!
(
:exec
)
}
before
{
Kernel
.
stub!
(
:exec
)
}
it
"uses Kernel::exec method"
do
it
"uses Kernel::exec method"
do
...
@@ -230,21 +231,17 @@ describe GitlabShell do
...
@@ -230,21 +231,17 @@ describe GitlabShell do
end
end
describe
:api
do
describe
:api
do
let
(
:shell
)
{
GitlabShell
.
new
}
let
(
:shell
)
{
GitlabShell
.
new
(
key_id
,
ssh_cmd
)
}
subject
{
shell
.
send
:api
}
subject
{
shell
.
send
:api
}
it
{
should
be_a
(
GitlabNet
)
}
it
{
should
be_a
(
GitlabNet
)
}
end
end
describe
:escape_path
do
describe
:escape_path
do
let
(
:shell
)
{
GitlabShell
.
new
}
let
(
:shell
)
{
GitlabShell
.
new
(
key_id
,
ssh_cmd
)
}
before
{
File
.
stub
(
:absolute_path
)
{
'y'
}
}
before
{
File
.
stub
(
:absolute_path
)
{
'y'
}
}
subject
{
->
{
shell
.
send
(
:escape_path
,
'z'
)
}
}
subject
{
->
{
shell
.
send
(
:escape_path
,
'z'
)
}
}
it
{
should
raise_error
(
GitlabShell
::
InvalidRepositoryPathError
)
}
it
{
should
raise_error
(
GitlabShell
::
InvalidRepositoryPathError
)
}
end
end
def
ssh_cmd
(
cmd
)
ENV
[
'SSH_ORIGINAL_COMMAND'
]
=
cmd
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment