- 20 Sep, 2018 1 commit
-
-
Alain Takoudjou authored
when doing git clone https://gitlab-ci-token:RUNNER_TOKEN@GITLAB_URL/NAMESPACE/PROJECT.git user is always gitlab-ci-token and cannot be used to identify the project, runner token is not unique per project. If two projects in the namespace has the same token and the wrong project is returned by `build_access_token_check` method, gitlab will simply return 404. `build_access_token_check` now take namespace_id as parameter so that we can ensure that we authenticate on the right project.
-
- 12 Sep, 2018 3 commits
-
-
Alain Takoudjou authored
From gitlab 8.12 there is new CI job permissions model which only accept login from ci token for running job. Then the access is revoked after the job is finished. In Nexedi, when have a lot of URLs which rely on gitlab-ci-token and project-runners-token, so we need to re-allow access else access to all those URL will be refused. More info are here: https://docs.gitlab.com/ee/user/project/new_ci_build_permissions_model.html#before-gitlab-8-12
-
Alain Takoudjou authored
commit_with_hooks was replaced by GitOperationService: see https://gitlab.com/gitlab-org/gitlab-ce/commit/a52dc7cec70ef97b2755fb9cef7d6b489062310c
-
Alain Takoudjou authored
Colorize gem was replaced with Rainbow, so we fix patched tasks check to work with the new module.
-
- 23 Aug, 2018 9 commits
-
-
Kirill Smelkov authored
Teach GitLab not only to merge changes from a merge-request, but also to apply patches posted to merge-request in a way like `git am` would do - without merge commit and directly on top of current branch. Which way to go is selected by user in web UI, and apply patches is the first option. There are 3 cases: - only 1 commit is present in MR -> the only available option is to apply that single commit as one patch without a merge ( There is no need for merge commit in this case at all: information about user who applied the patch goes to "Committer" field in resultant commit. Avoiding 1 merge per 1 patch results in cleaner history ) It is also possible to review patch description directly in web UI, before doing the actual application, and correct / amend it as needed. - several commits are present in MR: * it is possible to apply the patches directly on top of current branch. Again information about who applied what goes to "Committer" field. * it is possible to merge MR changes with making a merge commit. This variant is useful, when patches from a MR do several logical steps to reach one goal, and MR description contain cover letter for whole patch series. in this case original commits stay untouched and resulting merge will contain MR author as author, user who accepted MR as committer, and cover letter as merge commit message. NOTE we avoid useless "Merge branch X into Y" in merge message, and just put MR title into merge subject and MR description into merge description. This way it is more logical with more important information in merge subject and thus e.g. more handy to oversee what a merge brings, just by it subject, e.g. via looking at updates via gitk --first-parent ... or via web. NOTE for pre-generated references to merge-request we now use full MR URL, instead of !<MR-n>. Full URLs work everywhere, not only on original site where MR was created, or even only in original repo and not its fork on the same site.
-
Kirill Smelkov authored
TODO detect whether request comes from China and only then show ICP (?).
-
Kirill Smelkov authored
We show in small font size the same info that is shown on sign_in page: "GitLab Nexedi Edition", "About GitLab" and "About Nexedi" This is good to have and hereby-introduced about-footer area will be also used in the next patch for ICP too. XXX placement of .about-footer to be near bottom is done not very correctly.
-
Kirill Smelkov authored
Like Omnibus, SlapOS version does not have init script - nothing to check here.
-
Kirill Smelkov authored
This is handy for monitoring tools, which could e.g. periodically call check tasks and instead of parsing output, rely on exit code. The way we detect if something failed is via hooking into String#red, and if anything was ever printed in red - that's an error.
-
Kirill Smelkov authored
-
Kirill Smelkov authored
The default was switched to HTTP in the previous patch, but let's completely remove SSH option - we support only HTTP for git fetch/push. Conflicts: app/views/shared/_clone_panel.html.haml
-
Kirill Smelkov authored
Both fetch and push are possible over https, which is selected by http if gitlab was configured to use https in external url. This way to reduce security vectors and possible ways to interact with gitlab we use https only without ssh at all.
-
Kirill Smelkov authored
= GitLab Community Edition + Nexedi patches
-
- 09 Aug, 2017 2 commits
-
-
James Edwards-Jones authored
-
James Edwards-Jones authored
[ci skip]
-
- 08 Aug, 2017 4 commits
-
-
Mike Greiling authored
Mark thunky as MIT license for license_finder See merge request !2165
-
Mike Greiling authored
Fix file disclosure via hidden symlinks using the project import (8.17) See merge request !2160
-
Mike Greiling authored
Ensure user and hostnames begin with an alnum character in UrlBlocker See merge request !2153
-
James Edwards-Jones authored
-
- 19 Jul, 2017 5 commits
-
-
James Edwards-Jones authored
-
James Edwards-Jones authored
[ci skip]
-
Sean McGivern authored
[8-17 security fix] Renders 404 if given project is not readable by the user on Todos dashboard See merge request !2136
-
Sean McGivern authored
Fix filename used for CHANGELOG entry See merge request !2140
-
Sean McGivern authored
Merge branch 'security-8-17-backport-33323-fix-incorrect-project-authorizations' into 'security-8-17' Escape the underscore char inside the LIKE operator See merge request !2134
-
- 05 May, 2017 4 commits
-
-
Lin Jen-Shin authored
-
Lin Jen-Shin authored
[ci skip]
-
Lin Jen-Shin authored
-
-
- 04 May, 2017 10 commits
-
-
Felipe Artur authored
-
Felipe Artur authored
-
Robert Speicher authored
New Hamlit XSS fix, does not include extraneous changes See merge request !2095
-
Douwe Maan authored
Refactor snippets finder & dont return internal snippets for external users See merge request !2094
-
Robert Speicher authored
Fix XSS in branches dropdown See merge request !2093
-
Douwe Maan authored
Respect project features in wiki and blob search See merge request !2089
-
Sean McGivern authored
Fix snippets visibility for show action - external users can not see internal snippets See merge request !2087
-
Douwe Maan authored
Sanitize submodule URLs before linking to them in the file tree view See merge request !2084
-
Robert Speicher authored
Render asciidoc & other markup using banzai in a pipeline See merge request !2088
-
Robert Speicher authored
Add correct `rel` attributes to external links when rendering markdown See merge request !2086
-
- 06 Apr, 2017 2 commits
-
-
DJ Mountney authored
-
DJ Mountney authored
[ci skip]
-