Merge remote-tracking branch 'upstream/master' into ce-to-ee-2018-10-26

# Conflicts: # doc/README.md # lib/gitlab/checks/change_access.rb [ci skip]

Merge remote-tracking branch 'upstream/master' into ce-to-ee-2018-10-26
# Conflicts: # doc/README.md # lib/gitlab/checks/change_access.rb [ci skip]
62a69cfa · GitLab Bot · 3d1c2c26 · e997b22d · 62a69cfa · 62a69cfa
Commit 62a69cfa authored Oct 26, 2018 by GitLab Bot
10 changed files
--- a/app/workers/post_receive.rb
+++ b/app/workers/post_receive.rb
@@ -30,15 +30,14 @@ class PostReceive
  def process_project_changes(post_received)
    changes = []
    refs = Set.new
+    @user = post_received.identify
-    post_received.changes_refs do |oldrev, newrev, ref|
-      @user ||= post_received.identify(newrev)
    unless @user
      log("Triggered hook for non-existing user \"#{post_received.identifier}\"")
-        return false # rubocop:disable Cop/AvoidReturnFromBlocks
+      return false
    end
+    post_received.changes_refs do |oldrev, newrev, ref|
      if Gitlab::Git.tag_ref?(ref)
        GitTagPushService.new(post_received.project, @user, oldrev: oldrev, newrev: newrev, ref: ref).execute
      elsif Gitlab::Git.branch_ref?(ref)

--- a/changelogs/unreleased/51335-fail-early-when-user-cannot-be-identified.yml
+++ b/changelogs/unreleased/51335-fail-early-when-user-cannot-be-identified.yml
+---
+title: If user was not found, service hooks won't run on post receive background job
+merge_request: 22519
+author:
+type: fixed
--- a/changelogs/unreleased/pl-uprade-prometheus-alertmanager.yml
+++ b/changelogs/unreleased/pl-uprade-prometheus-alertmanager.yml
+---
+title: Upgrade Prometheus to 2.4.3 and Alertmanager to 0.15.2
+merge_request: 22600
+author:
+type: other
--- a/doc/README.md
+++ b/doc/README.md
@@ -187,8 +187,11 @@ configuration. Then customize everything from buildpacks to CI/CD.
 - [Deployment of Helm, Ingress, and Prometheus on Kubernetes](user/project/clusters/index.md#installing-applications)
 - [Protected variables](ci/variables/README.md#protected-variables)
 - [Easy creation of Kubernetes clusters on GKE](user/project/clusters/index.md#adding-and-creating-a-new-gke-cluster-via-gitlab)
+<<<<<<< HEAD
 - [Multiple Kubernetes Clusters](user/project/clusters/index.md#multiple-kubernetes-clusters) **[PREMIUM]**
 - [Environment-specific variables](ci/variables/README.md#limiting-environment-scopes-of-variables) **[PREMIUM]**
+=======
+>>>>>>> upstream/master
 - [Executable Runbooks](user/project/clusters/runbooks/index.md)
 ### Monitor

--- a/lib/gitlab/checks/change_access.rb
+++ b/lib/gitlab/checks/change_access.rb
@@ -69,7 +69,10 @@ module Gitlab
      def push_checks
        logger.log_timed(LOG_MESSAGES[__method__]) do
          unless can_push?
+<<<<<<< HEAD
            # You are not allowed to push code to this project.
+=======
+>>>>>>> upstream/master
            raise GitAccess::UnauthorizedError, ERROR_MESSAGES[:push_code]
          end
        end

--- a/lib/gitlab/git_post_receive.rb
+++ b/lib/gitlab/git_post_receive.rb
@@ -11,8 +11,8 @@ module Gitlab
      @changes = deserialize_changes(changes)
    end
-    def identify(revision)
+    def identify
-      super(identifier, project, revision)
+      super(identifier)
    end
    def changes_refs

--- a/lib/gitlab/identifier.rb
+++ b/lib/gitlab/identifier.rb
 # frozen_string_literal: true
 # Detect user based on identifier like
-# key-13 or user-36 or last commit
+# key-13 or user-36
 module Gitlab
  module Identifier
-    def identify(identifier, project = nil, newrev = nil)
+    def identify(identifier)
-      if identifier.blank?
+      if identifier =~ /\Auser-\d+\Z/
-        identify_using_commit(project, newrev)
-      elsif identifier =~ /\Auser-\d+\Z/
        # git push over http
        identify_using_user(identifier)
      elsif identifier =~ /\Akey-\d+\Z/
@@ -16,19 +14,6 @@ module Gitlab
      end
    end
-    # Tries to identify a user based on a commit SHA.
-    def identify_using_commit(project, ref)
-      return if project.nil? && ref.nil?
-      commit = project.commit(ref)
-      return if !commit || !commit.author_email
-      identify_with_cache(:email, commit.author_email) do
-        commit.author
-      end
-    end
    # Tries to identify a user based on a user identifier (e.g. "user-123").
    # rubocop: disable CodeReuse/ActiveRecord
    def identify_using_user(identifier)

--- a/spec/lib/gitlab/identifier_spec.rb
+++ b/spec/lib/gitlab/identifier_spec.rb
@@ -11,11 +11,8 @@ describe Gitlab::Identifier do
  describe '#identify' do
    context 'without an identifier' do
-      it 'identifies the user using a commit' do
+      it 'returns nil' do
-        expect(identifier).to receive(:identify_using_commit)
+        expect(identifier.identify('')).to be nil
-          .with(project, '123')
-        identifier.identify('', project, '123')
      end
    end
@@ -24,7 +21,7 @@ describe Gitlab::Identifier do
        expect(identifier).to receive(:identify_using_user)
          .with("user-#{user.id}")
-        identifier.identify("user-#{user.id}", project, '123')
+        identifier.identify("user-#{user.id}")
      end
    end
@@ -33,46 +30,8 @@ describe Gitlab::Identifier do
        expect(identifier).to receive(:identify_using_ssh_key)
          .with("key-#{key.id}")
-        identifier.identify("key-#{key.id}", project, '123')
+        identifier.identify("key-#{key.id}")
-      end
-    end
      end
-  describe '#identify_using_commit' do
-    it "returns the User for an existing commit author's Email address" do
-      commit = double(:commit, author: user, author_email: user.email)
-      expect(project).to receive(:commit).with('123').and_return(commit)
-      expect(identifier.identify_using_commit(project, '123')).to eq(user)
-    end
-    it 'returns nil when no user could be found' do
-      allow(project).to receive(:commit).with('123').and_return(nil)
-      expect(identifier.identify_using_commit(project, '123')).to be_nil
-    end
-    it 'returns nil when the commit does not have an author Email' do
-      commit = double(:commit, author_email: nil)
-      expect(project).to receive(:commit).with('123').and_return(commit)
-      expect(identifier.identify_using_commit(project, '123')).to be_nil
-    end
-    it 'caches the found users per Email' do
-      commit = double(:commit, author: user, author_email: user.email)
-      expect(project).to receive(:commit).with('123').twice.and_return(commit)
-      2.times do
-        expect(identifier.identify_using_commit(project, '123')).to eq(user)
-      end
-    end
-    it 'returns nil if the project & ref are not present' do
-      expect(identifier.identify_using_commit(nil, nil)).to be_nil
    end
  end

--- a/spec/workers/post_receive_spec.rb
+++ b/spec/workers/post_receive_spec.rb
@@ -6,7 +6,7 @@ describe PostReceive do
  let(:base64_changes) { Base64.encode64(wrongly_encoded_changes) }
  let(:gl_repository) { "project-#{project.id}" }
  let(:key) { create(:key, user: project.owner) }
-  let(:key_id) { key.shell_id }
+  let!(:key_id) { key.shell_id }
  let(:project) do
    create(:project, :repository, auto_cancel_pending_pipelines: 'disabled')
@@ -31,6 +31,28 @@ describe PostReceive do
  end
  describe "#process_project_changes" do
+    context 'empty changes' do
+      it "does not call any PushService but runs after project hooks" do
+        expect(GitPushService).not_to receive(:new)
+        expect(GitTagPushService).not_to receive(:new)
+        expect_next_instance_of(SystemHooksService) { |service| expect(service).to receive(:execute_hooks) }
+        described_class.new.perform(gl_repository, key_id, "")
+      end
+    end
+    context 'unidentified user' do
+      let!(:key_id) { "" }
+      it 'returns false' do
+        expect(GitPushService).not_to receive(:new)
+        expect(GitTagPushService).not_to receive(:new)
+        expect(described_class.new.perform(gl_repository, key_id, base64_changes)).to be false
+      end
+    end
+    context 'with changes' do
      before do
        allow_any_instance_of(Gitlab::GitPostReceive).to receive(:identify).and_return(project.owner)
      end
@@ -38,7 +60,7 @@ describe PostReceive do
      context "branches" do
        let(:changes) { "123456 789012 refs/heads/tést" }
-      it "calls GitTagPushService" do
+        it "calls GitPushService" do
          expect_any_instance_of(GitPushService).to receive(:execute).and_return(true)
          expect_any_instance_of(GitTagPushService).not_to receive(:execute)
          described_class.new.perform(gl_repository, key_id, base64_changes)
@@ -113,6 +135,7 @@ describe PostReceive do
        end
      end
    end
+  end
  describe '#process_wiki_changes' do
    let(:gl_repository) { "wiki-#{project.id}" }

--- a/vendor/prometheus/values.yaml
+++ b/vendor/prometheus/values.yaml
 alertmanager:
  enabled: false
+  image:
+    tag: v0.15.2
 kubeStateMetrics:
  enabled: true
@@ -16,7 +18,7 @@ rbac:
 server:
  fullnameOverride: "prometheus-prometheus-server"
  image:
-    tag: v2.1.0
+    tag: v2.4.3
 serverFiles:
  alerts: {}