Merge branch 'tag-exists' into 'master'

Use tag_exists? in GitAccess#protected_tag?

This will fail until https://gitlab.com/gitlab-org/gitlab_git/merge_requests/81/ is merged. Adding this should speed up checking for tags in `Gitlab::GitAccess` as it no longer needs to retrieve the entire list of tags.

See https://gitlab.com/gitlab-org/gitlab-ce/issues/14280 for more information.

See merge request !3983

CHANGELOG

@@ -3,6 +3,8 @@ Please view this file on the master branch, on stable branches it's out of date.
 v 8.8.0 (unreleased)
   - Project#open_branches has been cleaned up and no longer loads entire records into memory.
   - Log to application.log when an admin starts and stops impersonating a user
+  - Updated gitlab_git to 10.1.0
+  - GitAccess#protected_tag? no longer loads all tags just to check if a single one exists
   - Make build status canceled if any of the jobs was canceled and none failed
   - Upgrade Sidekiq to 4.1.2
   - Sanitize repo paths in new project error message

Gemfile.lock

@@ -353,7 +353,7 @@ GEM
       posix-spawn (~> 0.3)
     gitlab_emoji (0.3.1)
       gemojione (~> 2.2, >= 2.2.1)
-    gitlab_git (10.0.2)
+    gitlab_git (10.1.0)
       activesupport (~> 4.0)
       charlock_holmes (~> 0.7.3)
       github-linguist (~> 4.7.0)

lib/gitlab/git_access.rb

@@ -128,7 +128,7 @@ module Gitlab
       action =
         if project.protected_branch?(branch_name(ref))
           protected_branch_action(oldrev, newrev, branch_name(ref))
-        elsif protected_tag?(tag_name(ref))
+        elsif (tag_ref = tag_name(ref)) && protected_tag?(tag_ref)
           # Prevent any changes to existing git tag unless user has permissions
           :admin_project
         else
@@ -176,7 +176,7 @@ module Gitlab
     end
 
     def protected_tag?(tag_name)
-      project.repository.tag_names.include?(tag_name)
+      project.repository.tag_exists?(tag_name)
     end
 
     def user_allowed?