Merge branch 'vendor-gitlab-shell-433cc96551a6d1f1621f9e10' into 'master'

Vendor gitlab-shell at 433cc96551a6d1f1621f9e10

See merge request gitlab-org/gitaly!1175

22 files changed, 219 insertions, 81 deletions

diff --git a/changelogs/unreleased/vendor-gitlab-shell-433cc96551a6d1f1621f9e10.yml b/changelogs/unreleased/vendor-gitlab-shell-433cc96551a6d1f1621f9e10.yml
new file mode 100644
index 000000000..6f205da90
--- /dev/null
+++ b/changelogs/unreleased/vendor-gitlab-shell-433cc96551a6d1f1621f9e10.yml
@@ -0,0 +1,5 @@
+---
+title: Vendor gitlab-shell at 433cc96551a6d1f1621f9e10
+merge_request: 1175
+author:
+type: other
diff --git a/ruby/vendor/gitlab-shell/CHANGELOG b/ruby/vendor/gitlab-shell/CHANGELOG
index 592e99d5f..4396dd207 100644
--- a/ruby/vendor/gitlab-shell/CHANGELOG
+++ b/ruby/vendor/gitlab-shell/CHANGELOG
@@ -1,3 +1,16 @@
+v8.7.1
+  - Fix unmarshalling JSON from the command line !280
+
+v8.7.0
+  - Add distributed tracing to GitLab-Shell !277
+
+v8.6.0
+  - Add support for using gl_project_path !275
+  - Provide expires_in for LFS if available !273
+
+v8.5.0
+  - Bump gitaly-proto to v1.10.0
+
 v8.4.4
   - Pass push options along to gitlab-rails's post-receive endpoint
 
diff --git a/ruby/vendor/gitlab-shell/Gemfile b/ruby/vendor/gitlab-shell/Gemfile
index 4166d5071..cabe4079d 100644
--- a/ruby/vendor/gitlab-shell/Gemfile
+++ b/ruby/vendor/gitlab-shell/Gemfile
@@ -2,6 +2,7 @@ source 'https://rubygems.org'
 
 group :development, :test do
   gem 'listen', '~> 0.5.0'
+  gem 'pry', '~> 0.12.2'
   gem 'rspec', '~> 3.8.0'
   gem 'rspec-parameterized', '~> 0.4.0'
   gem 'rubocop', '0.49.1', require: false
diff --git a/ruby/vendor/gitlab-shell/Gemfile.lock b/ruby/vendor/gitlab-shell/Gemfile.lock
index f23d7817c..3e79a1c24 100644
--- a/ruby/vendor/gitlab-shell/Gemfile.lock
+++ b/ruby/vendor/gitlab-shell/Gemfile.lock
@@ -25,6 +25,7 @@ GEM
     listen (0.5.3)
     memoizable (0.4.2)
       thread_safe (~> 0.3, >= 0.3.1)
+    method_source (0.9.2)
     multi_json (1.13.1)
     parallel (1.12.1)
     parser (2.5.1.2)
@@ -35,6 +36,9 @@ GEM
       parser
       unparser
     procto (0.0.3)
+    pry (0.12.2)
+      coderay (~> 1.1.0)
+      method_source (~> 0.9.0)
     public_suffix (3.0.3)
     rainbow (2.2.2)
       rake
@@ -93,6 +97,7 @@ PLATFORMS
 
 DEPENDENCIES
   listen (~> 0.5.0)
+  pry (~> 0.12.2)
   rspec (~> 3.8.0)
   rspec-parameterized (~> 0.4.0)
   rubocop (= 0.49.1)
diff --git a/ruby/vendor/gitlab-shell/README.md b/ruby/vendor/gitlab-shell/README.md
index c562fc44c..e65e76602 100644
--- a/ruby/vendor/gitlab-shell/README.md
+++ b/ruby/vendor/gitlab-shell/README.md
@@ -1,5 +1,5 @@
 # gitlab-shell
 
-Vendored from https://gitlab.com/gitlab-org/gitlab-shell at [6c5b195353a632095d7f672d28b9985fd879b077](https://gitlab.com/gitlab-org/gitlab-shell/commit/6c5b195353a632095d7f672d28b9985fd879b077).
+Vendored from https://gitlab.com/gitlab-org/gitlab-shell at [433cc96551a6d1f1621f9e105b1e7eb1ccc41b7a](https://gitlab.com/gitlab-org/gitlab-shell/commit/433cc96551a6d1f1621f9e105b1e7eb1ccc41b7a).
 
 Original README: [README.orig.md](README.orig.md).
diff --git a/ruby/vendor/gitlab-shell/README.orig.md b/ruby/vendor/gitlab-shell/README.orig.md
index 55f7c61e9..7cb961943 100644
--- a/ruby/vendor/gitlab-shell/README.orig.md
+++ b/ruby/vendor/gitlab-shell/README.orig.md
@@ -23,10 +23,23 @@ An overview of the four cases described above:
 For historical reasons the gitlab-shell repository also contains the
 Git hooks that allow GitLab to validate Git pushes (e.g. "is this user
 allowed to push to this protected branch"). These hooks also trigger
-events in GitLab (e.g. to start a CI pipeline after a push). In
-GitLab's current architecture (Q4 2018) these hooks belong to Gitaly
-more than gitlab-shell. We [are moving them to the Gitaly
-repository](https://gitlab.com/gitlab-org/gitaly/issues/1226).
+events in GitLab (e.g. to start a CI pipeline after a push). 
+
+We are in the process of moving these hooks to Gitaly, because Git hooks
+require direct disk access to Git repositories, and that is only
+possible on Gitaly servers. It makes no sense to have to install
+gitlab-shell on Gitaly servers.
+
+As of GitLab 11.9 [the actual Git hooks are in the Gitaly
+repository](https://gitlab.com/gitlab-org/gitaly/tree/v1.22.0/ruby/vendor/gitlab-shell/hooks),
+but gitlab-shell must still be installed on Gitaly servers because the
+hooks rely on configuration data (e.g. the GitLab internal API URL) that
+is not yet available in Gitaly itself. Also see the [transition
+plan](https://gitlab.com/gitlab-org/gitaly/issues/1226#note_126519133).
+
+This means that for GitLab 11.9 and up, it is pointless to make changes
+to Git hook code in the gitlab-shell repository, because the code that
+gets run is in the Gitaly repository instead.
 
 ## Code status
 
diff --git a/ruby/vendor/gitlab-shell/VERSION b/ruby/vendor/gitlab-shell/VERSION
index 2eb8a04cb..d139a7540 100644
--- a/ruby/vendor/gitlab-shell/VERSION
+++ b/ruby/vendor/gitlab-shell/VERSION
@@ -1 +1 @@
-8.4.4
\ No newline at end of file
+8.7.1
diff --git a/ruby/vendor/gitlab-shell/config.yml.example b/ruby/vendor/gitlab-shell/config.yml.example
index 3d3e58062..4c356a759 100644
--- a/ruby/vendor/gitlab-shell/config.yml.example
+++ b/ruby/vendor/gitlab-shell/config.yml.example
@@ -56,3 +56,7 @@ audit_usernames: false
 migration:
   enabled: false
   features: []
+
+# Distributed Tracing. GitLab-Shell has distributed tracing instrumentation.
+# For more details, visit https://docs.gitlab.com/ee/development/distributed_tracing.html
+# gitlab_tracing: opentracing://driver
diff --git a/ruby/vendor/gitlab-shell/lib/gitlab_access_status.rb b/ruby/vendor/gitlab-shell/lib/gitlab_access_status.rb
index dd6562ece..dc577f4c4 100644
--- a/ruby/vendor/gitlab-shell/lib/gitlab_access_status.rb
+++ b/ruby/vendor/gitlab-shell/lib/gitlab_access_status.rb
@@ -3,15 +3,17 @@ require 'json'
 class GitAccessStatus
   HTTP_MULTIPLE_CHOICES = '300'.freeze
 
-  attr_reader :message, :gl_repository, :gl_id, :gl_username, :gitaly, :git_protocol, :git_config_options, :payload
+  attr_reader :message, :gl_repository, :gl_project_path, :gl_id, :gl_username, :gitaly, :git_protocol, :git_config_options, :payload
 
-  def initialize(status, status_code, message, gl_repository: nil, gl_id: nil,
+  def initialize(status, status_code, message, gl_repository: nil,
+                 gl_project_path: nil, gl_id: nil,
                  gl_username: nil, gitaly: nil, git_protocol: nil,
                  git_config_options: nil, payload: nil)
     @status = status
     @status_code = status_code
     @message = message
     @gl_repository = gl_repository
+    @gl_project_path = gl_project_path
     @gl_id = gl_id
     @gl_username = gl_username
     @git_config_options = git_config_options
@@ -26,6 +28,7 @@ class GitAccessStatus
         status_code,
         values["message"],
         gl_repository: values["gl_repository"],
+        gl_project_path: values["gl_project_path"],
         gl_id: values["gl_id"],
         gl_username: values["gl_username"],
         git_config_options: values["git_config_options"],
diff --git a/ruby/vendor/gitlab-shell/lib/gitlab_lfs_authentication.rb b/ruby/vendor/gitlab-shell/lib/gitlab_lfs_authentication.rb
index ccd6d69f0..574dc98f1 100644
--- a/ruby/vendor/gitlab-shell/lib/gitlab_lfs_authentication.rb
+++ b/ruby/vendor/gitlab-shell/lib/gitlab_lfs_authentication.rb
@@ -2,29 +2,42 @@ require 'base64'
 require 'json'
 
 class GitlabLfsAuthentication
+  # TODO: These don't need to be public
   attr_accessor :username, :lfs_token, :repository_http_path
 
-  def initialize(username, lfs_token, repository_http_path)
+  def initialize(username, lfs_token, repository_http_path, expires_in = nil)
     @username = username
     @lfs_token = lfs_token
     @repository_http_path = repository_http_path
+    @expires_in = expires_in
   end
 
   def self.build_from_json(json)
     values = JSON.parse(json)
-    new(values['username'], values['lfs_token'], values['repository_http_path'])
+    new(values['username'],
+        values['lfs_token'],
+        values['repository_http_path'],
+        values['expires_in'])
   rescue
     nil
   end
 
+  # Source: https://github.com/git-lfs/git-lfs/blob/master/docs/api/server-discovery.md#ssh
+  #
   def authentication_payload
-    authorization = {
-      header: {
-        Authorization: "Basic #{Base64.strict_encode64("#{username}:#{lfs_token}")}"
-      },
-      href: "#{repository_http_path}/info/lfs/"
-    }
-
-    JSON.generate(authorization)
+    payload = { header: { Authorization: authorization }, href: href }
+    payload[:expires_in] = @expires_in if @expires_in
+
+    JSON.generate(payload)
+  end
+
+  private
+
+  def authorization
+    "Basic #{Base64.strict_encode64("#{username}:#{lfs_token}")}"
+  end
+
+  def href
+    "#{repository_http_path}/info/lfs"
   end
 end
diff --git a/ruby/vendor/gitlab-shell/lib/gitlab_post_receive.rb b/ruby/vendor/gitlab-shell/lib/gitlab_post_receive.rb
index 2d412b91b..7c5bd19c9 100644
--- a/ruby/vendor/gitlab-shell/lib/gitlab_post_receive.rb
+++ b/ruby/vendor/gitlab-shell/lib/gitlab_post_receive.rb
@@ -24,10 +24,11 @@ class GitlabPostReceive
     end
 
     return false unless response
-    print_broadcast_message(response['broadcast_message']) if response['broadcast_message']
+    print_formatted_alert_message(response['broadcast_message']) if response['broadcast_message']
     print_merge_request_links(response['merge_request_urls']) if response['merge_request_urls']
     puts response['redirected_message'] if response['redirected_message']
     puts response['project_created_message'] if response['project_created_message']
+    print_warnings(response['warnings']) if response['warnings']
 
     response['reference_counter_decreased']
   rescue GitlabNet::ApiUnreachableError
@@ -59,7 +60,12 @@ class GitlabPostReceive
     puts
   end
 
-  def print_broadcast_message(message)
+  def print_warnings(warnings)
+    message = "WARNINGS:\n#{warnings}"
+    print_formatted_alert_message(message)
+  end
+
+  def print_formatted_alert_message(message)
     # A standard terminal window is (at least) 80 characters wide.
     total_width = 80
 
diff --git a/ruby/vendor/gitlab-shell/lib/gitlab_shell.rb b/ruby/vendor/gitlab-shell/lib/gitlab_shell.rb
index c1bb97627..2cb76a881 100644
--- a/ruby/vendor/gitlab-shell/lib/gitlab_shell.rb
+++ b/ruby/vendor/gitlab-shell/lib/gitlab_shell.rb
@@ -27,7 +27,7 @@ class GitlabShell # rubocop:disable Metrics/ClassLength
   TWO_FACTOR_RECOVERY_COMMAND = '2fa_recovery_codes'
   GL_PROTOCOL = 'ssh'
 
-  attr_accessor :gl_id, :gl_repository, :repo_name, :command, :git_access, :git_protocol
+  attr_accessor :gl_id, :gl_repository, :gl_project_path, :repo_name, :command, :git_access, :git_protocol
 
   def initialize(who)
     who_sym, = GitlabNet.parse_who(who)
@@ -58,6 +58,7 @@ class GitlabShell # rubocop:disable Metrics/ClassLength
 
       @gl_repository = access_status.gl_repository
       @git_protocol = ENV['GIT_PROTOCOL']
+      @gl_project_path = access_status.gl_project_path
       @gitaly = access_status.gitaly
       @username = access_status.gl_username
       @git_config_options = access_status.git_config_options
@@ -167,6 +168,7 @@ class GitlabShell # rubocop:disable Metrics/ClassLength
     args = JSON.dump(
       'repository' => @gitaly['repository'],
       'gl_repository' => @gl_repository,
+      'gl_project_path' => @gl_project_path,
       'gl_id' => @gl_id,
       'gl_username' => @username,
       'git_config_options' => @git_config_options,
diff --git a/ruby/vendor/gitlab-shell/spec/gitlab_access_spec.rb b/ruby/vendor/gitlab-shell/spec/gitlab_access_spec.rb
index 92268e2e7..6c1d3485e 100644
--- a/ruby/vendor/gitlab-shell/spec/gitlab_access_spec.rb
+++ b/ruby/vendor/gitlab-shell/spec/gitlab_access_spec.rb
@@ -11,6 +11,7 @@ describe GitlabAccess do
                                                 '200',
                                                  'ok',
                                                  gl_repository: 'project-1',
+                                                 gl_project_path: 'group/subgroup/project',
                                                  gl_id: 'user-123',
                                                  gl_username: 'testuser',
                                                  git_config_options: ['receive.MaxInputSize=10000'],
@@ -49,6 +50,7 @@ describe GitlabAccess do
                   '401',
                   'denied',
                   gl_repository: nil,
+                  gl_project_path: nil,
                   gl_id: nil,
                   gl_username: nil,
                   git_config_options: nil,
diff --git a/ruby/vendor/gitlab-shell/spec/gitlab_lfs_authentication_spec.rb b/ruby/vendor/gitlab-shell/spec/gitlab_lfs_authentication_spec.rb
index 81b53a7bf..acc9e3dc3 100644
--- a/ruby/vendor/gitlab-shell/spec/gitlab_lfs_authentication_spec.rb
+++ b/ruby/vendor/gitlab-shell/spec/gitlab_lfs_authentication_spec.rb
@@ -3,15 +3,17 @@ require 'gitlab_lfs_authentication'
 require 'json'
 
 describe GitlabLfsAuthentication do
+  let(:payload_from_gitlab_api) do
+    {
+      username: 'dzaporozhets',
+      lfs_token: 'wsnys8Zm8Jn7zyhHTAAK',
+      repository_http_path: 'http://gitlab.dev/repo'
+    }
+  end
+
   subject do
     GitlabLfsAuthentication.build_from_json(
-      JSON.generate(
-        {
-          username: 'dzaporozhets',
-          lfs_token: 'wsnys8Zm8Jn7zyhHTAAK',
-          repository_http_path: 'http://gitlab.dev/repo'
-        }
-      )
+      JSON.generate(payload_from_gitlab_api)
     )
   end
 
@@ -22,16 +24,34 @@ describe GitlabLfsAuthentication do
   end
 
   describe '#authentication_payload' do
-    result = "{\"header\":{\"Authorization\":\"Basic ZHphcG9yb3poZXRzOndzbnlzOFptOEpuN3p5aEhUQUFL\"},\"href\":\"http://gitlab.dev/repo/info/lfs/\"}"
+    shared_examples 'a valid payload' do
+      it 'should be proper JSON' do
+        payload = subject.authentication_payload
+        json_payload = JSON.parse(payload)
+
+        expect(json_payload['header']['Authorization']).to eq('Basic ZHphcG9yb3poZXRzOndzbnlzOFptOEpuN3p5aEhUQUFL')
+        expect(json_payload['href']).to eq('http://gitlab.dev/repo/info/lfs')
+      end
+    end
+
+    context 'without expires_in' do
+      let(:result) { { 'header' => { 'Authorization' => 'Basic ZHphcG9yb3poZXRzOndzbnlzOFptOEpuN3p5aEhUQUFL' }, 'href' => 'http://gitlab.dev/repo/info/lfs' }.to_json }
+
+      it { expect(subject.authentication_payload).to eq(result) }
+
+      it_behaves_like 'a valid payload'
+    end
+
+    context 'with expires_in' do
+      let(:result) { { 'header' => { 'Authorization' => 'Basic ZHphcG9yb3poZXRzOndzbnlzOFptOEpuN3p5aEhUQUFL' }, 'href' => 'http://gitlab.dev/repo/info/lfs', 'expires_in' => 1800 }.to_json }
 
-    it { expect(subject.authentication_payload).to eq(result) }
+      before do
+        payload_from_gitlab_api[:expires_in] = 1800
+      end
 
-    it 'should be a proper JSON' do
-      payload = subject.authentication_payload
-      json_payload = JSON.parse(payload)
+      it { expect(subject.authentication_payload).to eq(result) }
 
-      expect(json_payload['header']['Authorization']).to eq('Basic ZHphcG9yb3poZXRzOndzbnlzOFptOEpuN3p5aEhUQUFL')
-      expect(json_payload['href']).to eq('http://gitlab.dev/repo/info/lfs/')
+      it_behaves_like 'a valid payload'
     end
   end
 end
diff --git a/ruby/vendor/gitlab-shell/spec/gitlab_net_spec.rb b/ruby/vendor/gitlab-shell/spec/gitlab_net_spec.rb
index c6245d4e3..d7c46dc7e 100644
--- a/ruby/vendor/gitlab-shell/spec/gitlab_net_spec.rb
+++ b/ruby/vendor/gitlab-shell/spec/gitlab_net_spec.rb
@@ -287,7 +287,9 @@ describe GitlabNet, vcr: true do
       it 'should allow push access for host' do
         VCR.use_cassette("allowed-push") do
           access = gitlab_net.check_access('git-receive-pack', nil, project, key, changes, 'ssh')
+
           expect(access.allowed?).to be_truthy
+          expect(access.gl_project_path).to eq('gitlab-org/gitlab.test')
         end
       end
 
@@ -322,7 +324,9 @@ describe GitlabNet, vcr: true do
       it 'should allow pull access for host' do
         VCR.use_cassette("allowed-pull") do
           access = gitlab_net.check_access('git-upload-pack', nil, project, key, changes, 'ssh')
+
           expect(access.allowed?).to be_truthy
+          expect(access.gl_project_path).to eq('gitlab-org/gitlab.test')
         end
       end
     end
diff --git a/ruby/vendor/gitlab-shell/spec/gitlab_post_receive_spec.rb b/ruby/vendor/gitlab-shell/spec/gitlab_post_receive_spec.rb
index 3cae6319e..d0618309c 100644
--- a/ruby/vendor/gitlab-shell/spec/gitlab_post_receive_spec.rb
+++ b/ruby/vendor/gitlab-shell/spec/gitlab_post_receive_spec.rb
@@ -64,7 +64,7 @@ describe GitlabPostReceive do
       context 'when contains long url string at end' do
         let(:broadcast_message) { "test " * 10 + "message " * 10 + "https://localhost:5000/test/a/really/long/url/that/is/in/the/broadcast/message/do-not-truncate-when-url" }
 
-        it 'doesnt truncate url' do          
+        it 'doesnt truncate url' do
           expect_any_instance_of(GitlabNet).to receive(:post_receive).and_return(response)
           assert_broadcast_message_printed_keep_long_url_end(gitlab_post_receive)
           assert_new_mr_printed(gitlab_post_receive)
@@ -76,7 +76,7 @@ describe GitlabPostReceive do
       context 'when contains long url string at start' do
         let(:broadcast_message) { "https://localhost:5000/test/a/really/long/url/that/is/in/the/broadcast/message/do-not-truncate-when-url " + "test " * 10 + "message " * 11}
 
-        it 'doesnt truncate url' do          
+        it 'doesnt truncate url' do
           expect_any_instance_of(GitlabNet).to receive(:post_receive).and_return(response)
           assert_broadcast_message_printed_keep_long_url_start(gitlab_post_receive)
           assert_new_mr_printed(gitlab_post_receive)
@@ -88,7 +88,7 @@ describe GitlabPostReceive do
       context 'when contains long url string in middle' do
         let(:broadcast_message) { "test " * 11 + "https://localhost:5000/test/a/really/long/url/that/is/in/the/broadcast/message/do-not-truncate-when-url " + "message " * 11}
 
-        it 'doesnt truncate url' do          
+        it 'doesnt truncate url' do
           expect_any_instance_of(GitlabNet).to receive(:post_receive).and_return(response)
           assert_broadcast_message_printed_keep_long_url_middle(gitlab_post_receive)
           assert_new_mr_printed(gitlab_post_receive)
@@ -96,7 +96,21 @@ describe GitlabPostReceive do
           expect(gitlab_post_receive.exec).to eq(true)
         end
       end
+    end
+
+    context 'when warnings are present' do
+      let(:response) do
+        {
+          'reference_counter_decreased' => true,
+          'warnings' => 'My warning message'
+        }
+      end
 
+      it 'treats the warning as a broadcast message' do
+        expect_any_instance_of(GitlabNet).to receive(:post_receive).and_return(response)
+        expect(gitlab_post_receive).to receive(:print_formatted_alert_message).with("WARNINGS:\nMy warning message")
+        expect(gitlab_post_receive.exec).to eq(true)
+      end
     end
 
     context 'when redirected message available' do
@@ -199,7 +213,7 @@ describe GitlabPostReceive do
     expect(gitlab_post_receive).to receive(:puts).with(
       "    message message message message message message message message"
     ).ordered
-    
+
     expect(gitlab_post_receive).to receive(:puts).with(
       "https://localhost:5000/test/a/really/long/url/that/is/in/the/broadcast/message/do-not-truncate-when-url"
     ).ordered
@@ -216,7 +230,7 @@ describe GitlabPostReceive do
       "========================================================================"
     ).ordered
     expect(gitlab_post_receive).to receive(:puts).ordered
-    
+
     expect(gitlab_post_receive).to receive(:puts).with(
       "https://localhost:5000/test/a/really/long/url/that/is/in/the/broadcast/message/do-not-truncate-when-url"
     ).ordered
@@ -245,7 +259,7 @@ describe GitlabPostReceive do
       "========================================================================"
     ).ordered
     expect(gitlab_post_receive).to receive(:puts).ordered
-    
+
     expect(gitlab_post_receive).to receive(:puts).with(
       "         test test test test test test test test test test test"
     ).ordered
diff --git a/ruby/vendor/gitlab-shell/spec/gitlab_shell_authorized_keys_check_spec.rb b/ruby/vendor/gitlab-shell/spec/gitlab_shell_authorized_keys_check_spec.rb
index baaa56049..705060470 100644
--- a/ruby/vendor/gitlab-shell/spec/gitlab_shell_authorized_keys_check_spec.rb
+++ b/ruby/vendor/gitlab-shell/spec/gitlab_shell_authorized_keys_check_spec.rb
@@ -1,20 +1,7 @@
 require_relative 'spec_helper'
 
 describe 'bin/gitlab-shell-authorized-keys-check' do
-  def original_root_path
-    ROOT_PATH
-  end
-
-  # All this test boilerplate is mostly copy/pasted between
-  # gitlab_shell_gitlab_shell_spec.rb and
-  # gitlab_shell_authorized_keys_check_spec.rb
-  def tmp_root_path
-    @tmp_root_path ||= File.realpath(Dir.mktmpdir)
-  end
-
-  def config_path
-    File.join(tmp_root_path, 'config.yml')
-  end
+  include_context 'gitlab shell'
 
   def tmp_socket_path
     # This has to be a relative path shorter than 100 bytes due to
@@ -22,12 +9,8 @@ describe 'bin/gitlab-shell-authorized-keys-check' do
     'tmp/gitlab-shell-authorized-keys-check-socket'
   end
 
-  before(:all) do
-    FileUtils.mkdir_p(File.dirname(tmp_socket_path))
-    FileUtils.touch(File.join(tmp_root_path, '.gitlab_shell_secret'))
-
-    @server = HTTPUNIXServer.new(BindAddress: tmp_socket_path)
-    @server.mount_proc('/api/v4/internal/authorized_keys') do |req, res|
+  def mock_server(server)
+    server.mount_proc('/api/v4/internal/authorized_keys') do |req, res|
       if req.query['key'] == 'known-rsa-key'
         res.status = 200
         res.content_type = 'application/json'
@@ -36,28 +19,14 @@ describe 'bin/gitlab-shell-authorized-keys-check' do
         res.status = 404
       end
     end
-
-    @webrick_thread = Thread.new { @server.start }
-
-    sleep(0.1) while @webrick_thread.alive? && @server.status != :Running
-    raise "Couldn't start stub GitlabNet server" unless @server.status == :Running
-
-    File.open(config_path, 'w') do |f|
-      f.write("---\ngitlab_url: http+unix://#{CGI.escape(tmp_socket_path)}\n")
-    end
-
-    copy_dirs = ['bin', 'lib']
-    FileUtils.rm_rf(copy_dirs.map { |d| File.join(tmp_root_path, d) })
-    FileUtils.cp_r(copy_dirs, tmp_root_path)
   end
 
-  after(:all) do
-    @server.shutdown if @server
-    @webrick_thread.join if @webrick_thread
-    FileUtils.rm_rf(tmp_root_path)
+  before(:all) do
+    write_config(
+      "gitlab_url" => "http+unix://#{CGI.escape(tmp_socket_path)}",
+    )
   end
 
-  let(:gitlab_shell_path) { File.join(tmp_root_path, 'bin', 'gitlab-shell') }
   let(:authorized_keys_check_path) { File.join(tmp_root_path, 'bin', 'gitlab-shell-authorized-keys-check') }
 
   it 'succeeds when a valid key is given' do
diff --git a/ruby/vendor/gitlab-shell/spec/gitlab_shell_spec.rb b/ruby/vendor/gitlab-shell/spec/gitlab_shell_spec.rb
index eef572e13..c261e6f90 100644
--- a/ruby/vendor/gitlab-shell/spec/gitlab_shell_spec.rb
+++ b/ruby/vendor/gitlab-shell/spec/gitlab_shell_spec.rb
@@ -28,6 +28,7 @@ describe GitlabShell do
       '200',
       'ok',
       gl_repository: gl_repository,
+      gl_project_path: gl_project_path,
       gl_id: gl_id,
       gl_username: gl_username,
       git_config_options: git_config_options,
@@ -44,6 +45,7 @@ describe GitlabShell do
                 '200',
                 'ok',
                 gl_repository: gl_repository,
+                gl_project_path: gl_project_path,
                 gl_id: gl_id,
                 gl_username: gl_username,
                 git_config_options: nil,
@@ -62,6 +64,7 @@ describe GitlabShell do
 
   let(:repo_name) { 'gitlab-ci.git' }
   let(:gl_repository) { 'project-1' }
+  let(:gl_project_path) { 'group/subgroup/gitlab-ci' }
   let(:gl_id) { 'user-1' }
   let(:gl_username) { 'testuser' }
   let(:git_config_options) { ['receive.MaxInputSize=10000'] }
@@ -169,6 +172,7 @@ describe GitlabShell do
       JSON.dump(
         'repository' => { 'relative_path' => repo_name, 'storage_name' => 'default' },
         'gl_repository' => gl_repository,
+        'gl_project_path' => gl_project_path,
         'gl_id' => gl_id,
         'gl_username' => gl_username,
         'git_config_options' => git_config_options,
@@ -446,6 +450,7 @@ describe GitlabShell do
             false,
             'denied',
             gl_repository: nil,
+            gl_project_path: nil,
             gl_id: nil,
             gl_username: nil,
             git_config_options: nil,
diff --git a/ruby/vendor/gitlab-shell/spec/spec_helper.rb b/ruby/vendor/gitlab-shell/spec/spec_helper.rb
index dfdf44984..be5ff9c6b 100644
--- a/ruby/vendor/gitlab-shell/spec/spec_helper.rb
+++ b/ruby/vendor/gitlab-shell/spec/spec_helper.rb
@@ -1,3 +1,4 @@
+require 'pry'
 require 'rspec-parameterized'
 require 'simplecov'
 SimpleCov.start
diff --git a/ruby/vendor/gitlab-shell/spec/support/gitlab_shell_setup.rb b/ruby/vendor/gitlab-shell/spec/support/gitlab_shell_setup.rb
new file mode 100644
index 000000000..eddd2d141
--- /dev/null
+++ b/ruby/vendor/gitlab-shell/spec/support/gitlab_shell_setup.rb
@@ -0,0 +1,58 @@
+RSpec.shared_context 'gitlab shell', shared_context: :metadata do
+  def original_root_path
+    ROOT_PATH
+  end
+
+  def config_path
+    File.join(tmp_root_path, 'config.yml')
+  end
+
+  def write_config(config)
+    File.open(config_path, 'w') do |f|
+      f.write(config.to_yaml)
+    end
+  end
+
+  def tmp_root_path
+    @tmp_root_path ||= File.realpath(Dir.mktmpdir)
+  end
+
+  def mock_server(server)
+    raise NotImplementedError.new(
+      'mock_server method must be implemented in order to include gitlab shell context'
+    )
+  end
+
+  # This has to be a relative path shorter than 100 bytes due to
+  # limitations in how Unix sockets work.
+  def tmp_socket_path
+    'tmp/gitlab-shell-socket'
+  end
+
+  let(:gitlab_shell_path) { File.join(tmp_root_path, 'bin', 'gitlab-shell') }
+
+  before(:all) do
+    FileUtils.mkdir_p(File.dirname(tmp_socket_path))
+    FileUtils.touch(File.join(tmp_root_path, '.gitlab_shell_secret'))
+
+    @server = HTTPUNIXServer.new(BindAddress: tmp_socket_path)
+
+    mock_server(@server)
+
+    @webrick_thread = Thread.new { @server.start }
+
+    sleep(0.1) while @webrick_thread.alive? && @server.status != :Running
+    raise "Couldn't start stub GitlabNet server" unless @server.status == :Running
+    system(original_root_path, 'bin/compile')
+
+    copy_dirs = ['bin', 'lib']
+    FileUtils.rm_rf(copy_dirs.map { |d| File.join(tmp_root_path, d) })
+    FileUtils.cp_r(copy_dirs, tmp_root_path)
+  end
+
+  after(:all) do
+    @server.shutdown if @server
+    @webrick_thread.join if @webrick_thread
+    FileUtils.rm_rf(tmp_root_path)
+  end
+end
diff --git a/ruby/vendor/gitlab-shell/spec/vcr_cassettes/allowed-pull.yml b/ruby/vendor/gitlab-shell/spec/vcr_cassettes/allowed-pull.yml
index b07347655..d32431631 100644
--- a/ruby/vendor/gitlab-shell/spec/vcr_cassettes/allowed-pull.yml
+++ b/ruby/vendor/gitlab-shell/spec/vcr_cassettes/allowed-pull.yml
@@ -40,7 +40,7 @@ http_interactions:
       - '0.230871'
     body:
       encoding: UTF-8
-      string: '{"status":true,"gl_repository":"project-3","repository_path":"/Users/dzaporozhets/Projects/gitlab-development-kit/repositories/gitlab-org/gitlab-test.git"}'
+      string: '{"status":true,"gl_repository":"project-3","gl_project_path":"gitlab-org/gitlab.test","repository_path":"/Users/dzaporozhets/Projects/gitlab-development-kit/repositories/gitlab-org/gitlab-test.git"}'
     http_version: 
   recorded_at: Wed, 21 Jun 2017 10:44:52 GMT
 recorded_with: VCR 2.4.0
diff --git a/ruby/vendor/gitlab-shell/spec/vcr_cassettes/allowed-push.yml b/ruby/vendor/gitlab-shell/spec/vcr_cassettes/allowed-push.yml
index 1636fd507..025614a99 100644
--- a/ruby/vendor/gitlab-shell/spec/vcr_cassettes/allowed-push.yml
+++ b/ruby/vendor/gitlab-shell/spec/vcr_cassettes/allowed-push.yml
@@ -40,7 +40,7 @@ http_interactions:
       - '0.289759'
     body:
       encoding: UTF-8
-      string: '{"status":true,"gl_repository":"project-3","repository_path":"/Users/dzaporozhets/Projects/gitlab-development-kit/repositories/gitlab-org/gitlab-test.git"}'
+      string: '{"status":true,"gl_repository":"project-3","gl_project_path":"gitlab-org/gitlab.test","repository_path":"/Users/dzaporozhets/Projects/gitlab-development-kit/repositories/gitlab-org/gitlab-test.git"}'
     http_version: 
   recorded_at: Wed, 21 Jun 2017 10:44:52 GMT
 recorded_with: VCR 2.4.0