Age | Commit message (Collapse) | Author |
|
For the praefect binary we have a sub-command to verify
if praefect service can operate without issues. The
verification process checks if migrations were applied,
if gitaly nodes are reachable, if the clock synced, etc.
This check can be done only when you have direct access
to the binary. With introducing of ReadinessCheck RPC
we now can run the same verification process mentioned
above by issuing an RPC call.
The new RPC will be part of the gitlab:gitaly:check task.
It is noop for the gitaly service as of now.
Part of: https://gitlab.com/gitlab-org/gitlab/-/issues/348174
|
|
It is hard to test ReadinessCheck RPC because the set of the
checks that is executed is hard or not possible to mock or
substitute. Those we made check an injectable to provide from
outside. It will help us to write better tests for the RPC.
|
|
To test ReadinessCheck RPC we need to run praefect service.
The runPraefectServer function does what we need, but it is
not exportable. This change moves and renames runPraefectServer
and related code, so it can be re-used in other packages for
testing.
|
|
The set of the checks that is used to make sure praefect is ready
to serve the requests is moved to another location. That is done
because we should be able to call them from the RPC handler as
they will be used by the ReadinessCheck RPC.
Part of: https://gitlab.com/gitlab-org/gitlab/-/issues/348174
|
|
The new ReadinessCheck RPC added. It will allow to check the
service readiness and should be triggered before putting traffic
on to the service. In case of the failure the details about an
error and the check name would be returned to the caller.
Part of: https://gitlab.com/gitlab-org/gitlab/-/issues/348174
|
|
lstree: Support SHA256 object hash
See merge request gitlab-org/gitaly!4789
|
|
repository: Fix passing zero OID to WriteRef
See merge request gitlab-org/gitaly!4794
|
|
In ceb9161b1 (repository: Resolve revisions passed to the WriteRef RPC,
2022-07-29) we have refactored the `WriteRef()` RPC to resolve both old
and new revision before executing git-update-ref(1) in order to ensure
that the objects we want to update to actually exist. This refactoring
broke the case though where the client passes the all-zeroes object ID
either as old or new reference, which both have a well-defined meaning
in this context.
Fix this bug by special-casing the all-zeroes object ID.
Changelog: fixed
|
|
hook: Remove PackObjectsMetric feature flag
See merge request gitlab-org/gitaly!4786
|
|
'master'
go: Update module gitlab.com/gitlab-org/gitlab-shell/v14 to v14.10.0
See merge request gitlab-org/gitaly!4764
|
|
updateref: Support repositories with SHA256 object hashes
See merge request gitlab-org/gitaly!4778
|
|
go: Update module github.com/hashicorp/yamux to v0.1.1
See merge request gitlab-org/gitaly!4749
|
|
git: Speed up fetches by disabling the logic to show forced updates
Closes #4377
See merge request gitlab-org/gitaly!4783
|
|
Capture stderr on CreateFork
See merge request gitlab-org/gitaly!4785
|
|
git: Upgrade default Git distribution to v2.37.1.gl1
Closes #4193
See merge request gitlab-org/gitaly!4787
|
|
Exclude github.com/gin-gonic/gin vulnerable to CVE-2020-28483
Closes #3629
See merge request gitlab-org/gitaly!4784
|
|
git: Default-enable use of Git v2.37.1.gl1
See merge request gitlab-org/gitaly!4782
|
|
The lstree package supports both SHA1 and SHA256-based repositories.
Enable testing of the SHA256 object hash.
|
|
Detect the object hash used by the repository for which we should list
tree entries to support SHA256-based repositories.
|
|
Inject the object hash used to parse tree entries so that the tree entry
parser can easily support parsing both SHA1 and SHA256 tree entries. For
the time being all callers just inject SHA1. They will be converted over
time to inject the correct value.
|
|
We're using a seeded repository to test `ListEntries()` even though we
generate all test data at runtime anyway. Convert the tests to use
`gittest.InitRepo()` instead.
|
|
The lstree's parser tests use static data of git-ls-tree(1) that has
been written into a set of files. This makes it hard to test this
package with SHA256 given that the output of course contains SHA1 object
hashes.
Refactor the tests to instead generate data at runtime. Note that we're
removing one of the two testcases in this process: both testcases do in
fact exercise the exact same logic, only that one of both has a space in
one of its tree entries. So we just retain the test for the tree entry
with the space and discard the other one given that they don't really
test different things anyway.
|
|
The `WriteTree()` helper function doesn't allow writing tree entries
referring to a submodule right now. Add this functionality.
|
|
Now that we have default-enabled bundled Git v2.37.1.gl1 we can also
switch our default Git distribution to that newer Git version. Do so.
Changelog: changed
|
|
The updateref package needs to be able to verify object hashes, which
mandates that it must be able to tell which object hash format a repo is
using and to provide the correct zero object ID.
Add object hash detection logic and enable testing the package with
SHA256.
|
|
Change the updateref package to accept object IDs as old and new
target of the reference that is to be updated. This increases type
safety and better documents the intent of provided functions.
|
|
One of our tests for the `UpdaterWithHooks` structure is hardcoding the
use of the SHA1 object hash. Refactor it to instead use the current
default object hash as dictated by the `gittest` package. While at it,
set up the Git command factory that the test will start to require when
we auto-detect the object hash used by a repository.
|
|
Convert the tests of the updateref package to not use a seeded
repository so that we can test the package with both SHA1 and SHA256
object hashes.
|
|
Adjust test names of the updateref package to match modern best
practices and parallelize the tests.
|
|
When we rescue dangling objects in an object pool we execute git-fsck(1)
to find out about any objects which are not currently referenced. We
don't perform any sanity checks though on the output of git-fsck(1): the
only thing we do is to split the string, and then pass whatever data we
have obtained to git-update-ref(1).
Verify that the obtained data is actually a conforming object hash by
parsing the object ID. This also prepares for an upcoming change where
the updateref package will start to accept `git.ObjectID`s instead of
bare strings.
|
|
The WriteRef RPC gets as input a reference name that is to be updated as
well as the old and new revisions that the reference should be updated
from respectively to. It's not entirely clear what these revisions
contain: while one would typically expect it to only ever contain object
IDs, that may or may not be the case.
Resolve the revision to an object ID before invoking git-update-ref(1)
with them. This will ease the transition when we migrate the updateref
package to only ever accept object IDs as input, but it will also give
us better indicators when the revision does not exist in the repository.
|
|
This feature flag has been running in production without any issues. We
can now remove it now.
|
|
catfile: Support repositories with SHA256 object hashes
See merge request gitlab-org/gitaly!4779
|
|
CreateFork had been returning unhelpful exit status errors that are too
ambiguous to allow for debugging.
|
|
The affected versions are transitive dependencies of gocloud.dev which
is used by gitaly-backup to upload backups to object storage. This
feature has not been hooked up to backup.rake. There is no risk of
exploitation.
Changelog: security
|
|
server: Give clients grace-period for keepalives
Closes #4397
See merge request gitlab-org/gitaly!4772
|
|
localrepo: Don't run case-sensitive test on macOS
See merge request gitlab-org/gitaly!4773
|
|
By default, git-fetch(1) will compute for every reference it's about to
fetch whether the update is a forced update or a normal one. This info
is used in two different ways:
1. To compute whether the branch update should be allowed in the
first place. This is pointless though in the case where we ask
git-fetch(1) to force all updates anyway.
2. To provide information via stdout whether the reference has been
force-updated or not. This is pointless in the case where we ask
git-fetch(1) to be quiet.
And while this check can indeed be quite expensive and take dozens of
seconds, git-fetch(1) will still perform it even when asked to be quiet
and to force-update any references.
Skip this computation when fetching into localrepos when forcing the
update and asking Git to be quiet.
Changelog: fixed
|
|
By default, git-fetch(1) will compute for every reference it's about to
fetch whether the update is a forced update or a normal one. This info
is used in two different ways:
1. To compute whether the branch update should be allowed in the
first place. This is pointless though in the case where we ask
git-fetch(1) to force all updates anyway.
2. To provide information via stdout whether the reference has been
force-updated or not. This is pointless in the case where we ask
git-fetch(1) to be quiet.
And while this check can indeed be quite expensive and take dozens of
seconds, git-fetch(1) will still perform it even when asked to be quiet
and to force-update any references.
Skip this computation when fetching into object pools to speed up these
fetches.
Changelog: fixed
|
|
ref: Fix `Internal` errors in `FindTag()` when tag doesn't exist
See merge request gitlab-org/gitaly!4771
|
|
We have finally been able to roll out Git v2.37.1.gl1 to production
without any issues observed so far. So let's default-enable this new Git
version so that background jobs will also start to use it.
Changelog: changed
|
|
Update nokogiri gem to v1.13.8
See merge request gitlab-org/gitaly!4776
|
|
macOS uses case-insensitive filesystems (HFS, APFS), so git
default-enables `core.ignorecase`. This causes attempts to create ref
'refs/heads/MASTER' to fail as 'refs/heads/master' already exists, and
makes `TestRepo_GetReferenceWithAmbiguousRefs()` fail on macOS.
Update this test to only execute the 'MASTER' case when not on macOS.
|
|
go: Update gRPC dependencies
See merge request gitlab-org/gitaly!4781
|
|
|
|
Using require.Equal does generally not work with grpc messages. We've
written the ProtoEqual testhelper, which we are now using instead.
|
|
Stop installing packed binaries
See merge request gitlab-org/gitaly!4673
|
|
Now that the catfile package supports SHA256 object hashes we can remove
the build tags that keep the tests from running in SHA256-mode.
|
|
Refactor the catfile tests to be hash-agnostic so that they behave well
both with SHA1 and SHA256 repositories.
|
|
Refactor some of the catfile tests to match modern best practices.
|