diff options
| -rw-r--r-- | CHANGELOG | 17 | ||||
| -rw-r--r-- | Gemfile | 3 | ||||
| -rw-r--r-- | Gemfile.lock | 10 | ||||
| -rw-r--r-- | app/assets/stylesheets/pages/notes.scss | 4 | ||||
| -rw-r--r-- | app/controllers/import/bitbucket_controller.rb | 1 | ||||
| -rw-r--r-- | app/helpers/blob_helper.rb | 8 | ||||
| -rw-r--r-- | app/helpers/emails_helper.rb | 4 | ||||
| -rw-r--r-- | app/views/projects/wikis/show.html.haml | 6 | ||||
| -rw-r--r-- | doc/gitlab-basics/README.md | 4 | ||||
| -rw-r--r-- | doc/gitlab-basics/add-file.md | 31 | ||||
| -rw-r--r-- | doc/ssh/README.md | 3 | ||||
| -rw-r--r-- | doc/workflow/importing/README.md | 5 | ||||
| -rw-r--r-- | doc/workflow/labels.md | 4 | ||||
| -rw-r--r-- | lib/gitlab/backend/grack_auth.rb | 11 | ||||
| -rw-r--r-- | lib/gitlab/backend/shell_env.rb | 11 | ||||
| -rw-r--r-- | lib/gitlab/bitbucket_import/client.rb | 21 | ||||
| -rw-r--r-- | lib/redcarpet/render/gitlab_html.rb | 8 | ||||
| -rw-r--r-- | lib/rouge/formatters/html_gitlab.rb | 168 | ||||
| -rw-r--r-- | lib/support/nginx/gitlab | 25 | ||||
| -rw-r--r-- | lib/support/nginx/gitlab-ssl | 25 | ||||
| -rw-r--r-- | spec/features/security/group_access_spec.rb | 30 |
21 files changed, 350 insertions, 49 deletions
diff --git a/CHANGELOG b/CHANGELOG index eef3c3e7c01..c8b73f92103 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,10 +1,9 @@ Please view this file on the master branch, on stable branches it's out of date. v 7.14.0 (unreleased) + - Upgrade gitlab_git to version 7.2.6 to fix Error 500 when creating network graphs (Stan Hu) - Fix URL used for refreshing notes if relative_url is present (Bartłomiej Święcki) - Fix commit data retrieval when branch name has single quotes (Stan Hu) - - Fix Error 500 when browsing projects with no HEAD (Stan Hu) - - Add rake task 'gitlab:update_commit_count' (Daniel Gerhardt) - Fix full screen mode for snippet comments (Daniel Gerhardt) - Fix 404 error in files view after deleting the last file in a repository (Stan Hu) - Fix the "Reload with full diff" URL button (Stan Hu) @@ -17,6 +16,18 @@ v 7.14.0 (unreleased) - Add support for destroying project milestones (Stan Hu) - Add fetch command to the MR page - Add project star and fork count, group avatar URL and user/group web URL attributes to API + - Fix bug causing Bitbucket importer to crash when OAuth application had been removed. + - Add fetch command to the MR page. + +v 7.13.2 + - Fix randomly failed spec + - Create project services on Project creation + - Add admin_merge_request ability to Developer level and up + - Fix Error 500 when browsing projects with no HEAD (Stan Hu) + - Fix labels / assignee / milestone for the merge requests when issues are disabled + - Show the first tab automatically on MergeRequests#new + - Add rake task 'gitlab:update_commit_count' (Daniel Gerhardt) + - Fix Gmail Actions v 7.13.1 - Fix: Label modifications are not reflected in existing notes and in the issue list @@ -27,10 +38,10 @@ v 7.13.1 - Fix: ActionView::Template::Error - Fix: "Create Merge Request" isn't always shown in event for newly pushed branch - Fix bug causing "Remove source-branch" option not to work for merge requests from the same project. + - Render Note field hints consistently for "new" and "edit" forms v 7.13.0 - Remove repository graph log to fix slow cache updates after push event (Stan Hu) -v 7.13.0 (unreleased) - Return comments in created order in merge request API (Stan Hu) - Only enable HSTS header for HTTPS and port 443 (Stan Hu) - Fix user autocomplete for unauthenticated users accessing public projects (Stan Hu) @@ -38,7 +38,7 @@ gem "browser", '~> 0.8.0' # Extracting information from a git repository # Provide access to Gitlab::Git library -gem "gitlab_git", '~> 7.2.5' +gem "gitlab_git", '~> 7.2.6' # Ruby/Rack Git Smart-HTTP Server Handler # GitLab fork with a lot of changes (improved thread-safety, better memory usage etc) @@ -272,4 +272,3 @@ end gem "newrelic_rpm" gem 'octokit', '3.7.0' -gem "rugments", "~> 1.0.0.beta8" diff --git a/Gemfile.lock b/Gemfile.lock index 6e571072a4c..44365017edc 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -271,7 +271,7 @@ GEM mime-types (~> 1.19) gitlab_emoji (0.1.0) gemojione (~> 2.0) - gitlab_git (7.2.5) + gitlab_git (7.2.6) activesupport (~> 4.0) charlock_holmes (~> 0.6) gitlab-linguist (~> 3.0) @@ -288,7 +288,7 @@ GEM github-markup (~> 1.3.1) gollum-grit_adapter (~> 0.1, >= 0.1.1) nokogiri (~> 1.6.4) - rouge (~> 1.7.4) + rouge (~> 1.9) sanitize (~> 2.1.0) stringex (~> 2.5.1) gon (5.0.1) @@ -536,7 +536,7 @@ GEM netrc (~> 0.7) rinku (1.7.3) rotp (1.6.1) - rouge (1.7.7) + rouge (1.9.1) rqrcode (0.4.2) rqrcode-rails3 (0.1.7) rqrcode (>= 0.4.2) @@ -579,7 +579,6 @@ GEM rubyntlm (0.5.0) rubypants (0.2.0) rugged (0.22.2) - rugments (1.0.0.beta8) safe_yaml (1.0.4) sanitize (2.1.0) nokogiri (>= 1.4.4) @@ -784,7 +783,7 @@ DEPENDENCIES gitlab-grack (~> 2.0.2) gitlab-linguist (~> 3.0.1) gitlab_emoji (~> 0.1) - gitlab_git (~> 7.2.5) + gitlab_git (~> 7.2.6) gitlab_meta (= 7.0) gitlab_omniauth-ldap (= 1.2.1) gollum-lib (~> 4.0.2) @@ -836,7 +835,6 @@ DEPENDENCIES rqrcode-rails3 rspec-rails (~> 3.3.0) rubocop (= 0.28.0) - rugments (~> 1.0.0.beta8) sanitize (~> 2.0) sass-rails (~> 4.0.5) sdoc diff --git a/app/assets/stylesheets/pages/notes.scss b/app/assets/stylesheets/pages/notes.scss index 4da65b28743..85c828ec1ad 100644 --- a/app/assets/stylesheets/pages/notes.scss +++ b/app/assets/stylesheets/pages/notes.scss @@ -37,7 +37,7 @@ ul.notes { font-size: 13px; a { - @extend .cgray; + @extend .cgray; &:hover { text-decoration: underline; @@ -105,6 +105,8 @@ ul.notes { } hr { + // Darken 'whitesmoke' a bit to make it more visible in note bodies + border-color: darken(#F5F5F5, 8%); margin: 10px 0; } } diff --git a/app/controllers/import/bitbucket_controller.rb b/app/controllers/import/bitbucket_controller.rb index ca78a4aaa8e..af0b841f0b7 100644 --- a/app/controllers/import/bitbucket_controller.rb +++ b/app/controllers/import/bitbucket_controller.rb @@ -3,6 +3,7 @@ class Import::BitbucketController < Import::BaseController before_action :bitbucket_auth, except: :callback rescue_from OAuth::Error, with: :bitbucket_unauthorized + rescue_from Gitlab::BitbucketImport::Client::Unauthorized, with: :bitbucket_unauthorized def callback request_token = session.delete(:oauth_request_token) diff --git a/app/helpers/blob_helper.rb b/app/helpers/blob_helper.rb index 50df3801703..77d99140c43 100644 --- a/app/helpers/blob_helper.rb +++ b/app/helpers/blob_helper.rb @@ -1,6 +1,6 @@ module BlobHelper def highlight(blob_name, blob_content, nowrap: false, continue: false) - @formatter ||= Rugments::Formatters::HTML.new( + @formatter ||= Rouge::Formatters::HTMLGitlab.new( nowrap: nowrap, cssclass: 'code highlight', lineanchors: true, @@ -8,11 +8,11 @@ module BlobHelper ) begin - @lexer ||= Rugments::Lexer.guess(filename: blob_name, source: blob_content).new + @lexer ||= Rouge::Lexer.guess(filename: blob_name, source: blob_content).new result = @formatter.format(@lexer.lex(blob_content, continue: continue)).html_safe rescue - lexer = Rugments::Lexers::PlainText - result = @formatter.format(lexer.lex(blob_content)).html_safe + @lexer = Rouge::Lexers::PlainText + result = @formatter.format(@lexer.lex(blob_content)).html_safe end result diff --git a/app/helpers/emails_helper.rb b/app/helpers/emails_helper.rb index 128de18bc47..45788ba95ac 100644 --- a/app/helpers/emails_helper.rb +++ b/app/helpers/emails_helper.rb @@ -31,8 +31,8 @@ module EmailsHelper end def color_email_diff(diffcontent) - formatter = Rugments::Formatters::HTML.new(cssclass: "highlight", inline_theme: :github) - lexer = Rugments::Lexers::Diff.new + formatter = Rouge::Formatters::HTML.new(css_class: 'highlight', inline_theme: 'github') + lexer = Rouge::Lexers::Diff raw formatter.format(lexer.lex(diffcontent)) end diff --git a/app/views/projects/wikis/show.html.haml b/app/views/projects/wikis/show.html.haml index 83cd4c66672..5c4dd7f91ae 100644 --- a/app/views/projects/wikis/show.html.haml +++ b/app/views/projects/wikis/show.html.haml @@ -3,6 +3,10 @@ %h3.page-title = @page.title = render 'main_links' + +.wiki-last-edit-by + Last edited by #{@page.commit.author.name} #{time_ago_with_tooltip(@page.commit.authored_date)} + - if @page.historical? .warning_message This is an old version of this page. @@ -16,6 +20,6 @@ = render_wiki_content(@page) %hr - .wiki-last-edit-by Last edited by #{@page.commit.author.name} #{time_ago_with_tooltip(@page.commit.authored_date)} + diff --git a/doc/gitlab-basics/README.md b/doc/gitlab-basics/README.md index d6272cd5912..538894f5848 100644 --- a/doc/gitlab-basics/README.md +++ b/doc/gitlab-basics/README.md @@ -2,7 +2,7 @@ Step-by-step guides on the basics of working with Git and GitLab. -* [Start using Git on the commandline](start-using-git.md) +* [Start using Git on the command line](start-using-git.md) * [Create and add your SSH Keys](create-your-ssh-keys.md) @@ -17,3 +17,5 @@ Step-by-step guides on the basics of working with Git and GitLab. * [Create a branch](create-branch.md) * [Fork a project](fork-project.md) + +* [Add a file](add-file.md) diff --git a/doc/gitlab-basics/add-file.md b/doc/gitlab-basics/add-file.md new file mode 100644 index 00000000000..e7c441e7698 --- /dev/null +++ b/doc/gitlab-basics/add-file.md @@ -0,0 +1,31 @@ +# How to add a file + +You can create a file in your [shell](command-line-commands.md) or in GitLab. + +To create a file in GitLab, sign in to [GitLab.com](https://gitlab.com). + +Select a project on the right side of your screen: + + + +It's a good idea to [create a branch](create-branch.md), but it's not necessary. + +Go to the directory where you'd like to add the file and click on the "+" sign next to the name of the project and directory: + + + +Name your file (you can't add spaces, so you can use hyphens or underscores). Don't forget to include the markup language you'd like to use : + + + +Add all the information that you'd like to include in your file: + + + +Add a commit message based on what you just added and then click on "commit changes": + + + +### Note +Besides its regular files, every directory needs a README.md or README.html file which works like an index, telling +what the directory is about. It's the first document you'll find when you open a directory. diff --git a/doc/ssh/README.md b/doc/ssh/README.md index 5f44f9351dd..7cdcd11c04c 100644 --- a/doc/ssh/README.md +++ b/doc/ssh/README.md @@ -105,3 +105,6 @@ IdentityFile ~/my-ssh-key-directory/company-com-private-key-filename Note in the gitlab.com example above a username was specified to override the default chosen by OpenSSH (your local username). This is only required if your local and remote usernames differ. Due to the wide variety of SSH clients and their very large number of configuration options, further explanation of these topics is beyond the scope of this document. + +Public SSH keys need to be unique, as they will bind to your account. Your SSH key is the only identifier you'll +have when pushing code via SSH. That's why it needs to uniquely map to a single user. diff --git a/doc/workflow/importing/README.md b/doc/workflow/importing/README.md index 19395657719..cd98d1b9852 100644 --- a/doc/workflow/importing/README.md +++ b/doc/workflow/importing/README.md @@ -6,4 +6,7 @@ 4. [SVN](migrating_from_svn.md)
### Note
-* If you'd like to migrate from a self-hosted GitLab instance to GitLab.com, you can copy your repos by changing the remote and pushing to the new server; but issues and merge requests can't be imported.
\ No newline at end of file +* If you'd like to migrate from a self-hosted GitLab instance to GitLab.com, you can copy your repos by changing the remote and pushing to the new server; but issues and merge requests can't be imported.
+
+* Repositories are imported to GitLab via HTTP.
+If the repository is too large, it can timeout. We have a soft limit of 10GB.
diff --git a/doc/workflow/labels.md b/doc/workflow/labels.md index 085b7baf5ce..6e4840ca5ae 100644 --- a/doc/workflow/labels.md +++ b/doc/workflow/labels.md @@ -1,6 +1,6 @@ # Labels -In GitLab, you can easily tag issues and merge requests. If you have permission level `Developer` or higher, you can manage labels. To create, edit or delete a label, go to a project and then to `Issues` and then `Labels`. +In GitLab, you can easily tag issues and Merge Requests. If you have permission level `Developer` or higher, you can manage labels. To create, edit or delete a label, go to a project and then to `Issues` and then `Labels`. Here you can create a new label. @@ -14,3 +14,5 @@ If you want to change an existing label, press edit next to the listed label. You will be presented with the same form as when creating a new label.  + +You can add labels to Merge Requests when you create or edit them. diff --git a/lib/gitlab/backend/grack_auth.rb b/lib/gitlab/backend/grack_auth.rb index 03cef30c97d..12292f614e9 100644 --- a/lib/gitlab/backend/grack_auth.rb +++ b/lib/gitlab/backend/grack_auth.rb @@ -26,7 +26,12 @@ module Grack auth! if project && authorized_request? - @app.call(env) + if ENV['GITLAB_GRACK_AUTH_ONLY'] == '1' + # Tell gitlab-git-http-server the request is OK, and what the GL_ID is + render_grack_auth_ok + else + @app.call(env) + end elsif @user.nil? && !@gitlab_ci unauthorized else @@ -174,6 +179,10 @@ module Grack end end + def render_grack_auth_ok + [200, { "Content-Type" => "application/json" }, [JSON.dump({ 'GL_ID' => Gitlab::ShellEnv.gl_id(@user) })]] + end + def render_not_found [404, { "Content-Type" => "text/plain" }, ["Not Found"]] end diff --git a/lib/gitlab/backend/shell_env.rb b/lib/gitlab/backend/shell_env.rb index 17ec029eed4..9f5adee594a 100644 --- a/lib/gitlab/backend/shell_env.rb +++ b/lib/gitlab/backend/shell_env.rb @@ -7,7 +7,7 @@ module Gitlab def set_env(user) # Set GL_ID env variable if user - ENV['GL_ID'] = "user-#{user.id}" + ENV['GL_ID'] = gl_id(user) end end @@ -15,5 +15,14 @@ module Gitlab # Reset GL_ID env variable ENV['GL_ID'] = nil end + + def gl_id(user) + if user.present? + "user-#{user.id}" + else + # This empty string is used in the render_grack_auth_ok method + "" + end + end end end diff --git a/lib/gitlab/bitbucket_import/client.rb b/lib/gitlab/bitbucket_import/client.rb index 5b1952b9675..778b76f6890 100644 --- a/lib/gitlab/bitbucket_import/client.rb +++ b/lib/gitlab/bitbucket_import/client.rb @@ -1,6 +1,8 @@ module Gitlab module BitbucketImport class Client + class Unauthorized < StandardError; end + attr_reader :consumer, :api def initialize(access_token = nil, access_token_secret = nil) @@ -46,23 +48,23 @@ module Gitlab end def user - JSON.parse(api.get("/api/1.0/user").body) + JSON.parse(get("/api/1.0/user").body) end def issues(project_identifier) - JSON.parse(api.get("/api/1.0/repositories/#{project_identifier}/issues").body) + JSON.parse(get("/api/1.0/repositories/#{project_identifier}/issues").body) end def issue_comments(project_identifier, issue_id) - JSON.parse(api.get("/api/1.0/repositories/#{project_identifier}/issues/#{issue_id}/comments").body) + JSON.parse(get("/api/1.0/repositories/#{project_identifier}/issues/#{issue_id}/comments").body) end def project(project_identifier) - JSON.parse(api.get("/api/1.0/repositories/#{project_identifier}").body) + JSON.parse(get("/api/1.0/repositories/#{project_identifier}").body) end def find_deploy_key(project_identifier, key) - JSON.parse(api.get("/api/1.0/repositories/#{project_identifier}/deploy-keys").body).find do |deploy_key| + JSON.parse(get("/api/1.0/repositories/#{project_identifier}/deploy-keys").body).find do |deploy_key| deploy_key["key"].chomp == key.chomp end end @@ -82,11 +84,18 @@ module Gitlab end def projects - JSON.parse(api.get("/api/1.0/user/repositories").body).select { |repo| repo["scm"] == "git" } + JSON.parse(get("/api/1.0/user/repositories").body).select { |repo| repo["scm"] == "git" } end private + def get(url) + response = api.get(url) + raise Unauthorized if (400..499).include?(response.code.to_i) + + response + end + def config Gitlab.config.omniauth.providers.find { |provider| provider.name == "bitbucket"} end diff --git a/lib/redcarpet/render/gitlab_html.rb b/lib/redcarpet/render/gitlab_html.rb index 2f7aff03c2a..04440e4f68d 100644 --- a/lib/redcarpet/render/gitlab_html.rb +++ b/lib/redcarpet/render/gitlab_html.rb @@ -22,10 +22,10 @@ class Redcarpet::Render::GitlabHTML < Redcarpet::Render::HTML ERB::Util.html_escape_once(text) end - # Stolen from Rugments::Plugins::Redcarpet as this module is not required - # from Rugments's gem root. + # Stolen from Rouge::Plugins::Redcarpet as this module is not required + # from Rouge's gem root. def block_code(code, language) - lexer = Rugments::Lexer.find_fancy(language, code) || Rugments::Lexers::PlainText + lexer = Rouge::Lexer.find_fancy(language, code) || Rouge::Lexers::PlainText # XXX HACK: Redcarpet strips hard tabs out of code blocks, # so we assume you're not using leading spaces that aren't tabs, @@ -34,7 +34,7 @@ class Redcarpet::Render::GitlabHTML < Redcarpet::Render::HTML code.gsub!(/^ /, "\t") end - formatter = Rugments::Formatters::HTML.new( + formatter = Rouge::Formatters::HTMLGitlab.new( cssclass: "code highlight #{@color_scheme} #{lexer.tag}" ) formatter.format(lexer.lex(code)) diff --git a/lib/rouge/formatters/html_gitlab.rb b/lib/rouge/formatters/html_gitlab.rb new file mode 100644 index 00000000000..485af6832d7 --- /dev/null +++ b/lib/rouge/formatters/html_gitlab.rb @@ -0,0 +1,168 @@ +require 'cgi' + +module Rouge + module Formatters + class HTMLGitlab < Rouge::Formatter + tag 'html_gitlab' + + # Creates a new <tt>Rouge::Formatter::HTMLGitlab</tt> instance. + # + # [+nowrap+] If set to True, don't wrap the output at all, not + # even inside a <tt><pre></tt> tag (default: false). + # [+cssclass+] CSS class for the wrapping <tt><div></tt> tag + # (default: 'highlight'). + # [+linenos+] If set to 'table', output line numbers as a table + # with two cells, one containing the line numbers, + # the other the whole code. This is copy paste friendly, + # but may cause alignment problems with some browsers + # or fonts. If set to 'inline', the line numbers will + # be integrated in the <tt><pre></tt> tag that contains + # the code (default: nil). + # [+linenostart+] The line number for the first line (default: 1). + # [+lineanchors+] If set to true the formatter will wrap each output + # line in an anchor tag with a name of L-linenumber. + # This allows easy linking to certain lines + # (default: false). + # [+lineanchorsid+] If lineanchors is true the name of the anchors can + # be changed with lineanchorsid to e.g. foo-linenumber + # (default: 'L'). + # [+anchorlinenos+] If set to true, will wrap line numbers in <tt><a></tt> + # tags. Used in combination with linenos and lineanchors + # (default: false). + # [+inline_theme+] Inline CSS styles for the <pre> tag (default: false). + def initialize( + nowrap: false, + cssclass: 'highlight', + linenos: nil, + linenostart: 1, + lineanchors: false, + lineanchorsid: 'L', + anchorlinenos: false, + inline_theme: nil + ) + @nowrap = nowrap + @cssclass = cssclass + @linenos = linenos + @linenostart = linenostart + @lineanchors = lineanchors + @lineanchorsid = lineanchorsid + @anchorlinenos = anchorlinenos + @inline_theme = Theme.find(@inline_theme).new if @inline_theme.is_a?(String) + end + + def render(tokens) + case @linenos + when 'table' + render_tableized(tokens) + when 'inline' + render_untableized(tokens) + else + render_untableized(tokens) + end + end + + alias_method :format, :render + + private + + def render_untableized(tokens) + data = process_tokens(tokens) + + html = '' + html << "<pre class=\"#{@cssclass}\"><code>" unless @nowrap + html << wrap_lines(data[:code]) + html << "</code></pre>\n" unless @nowrap + html + end + + def render_tableized(tokens) + data = process_tokens(tokens) + + html = '' + html << "<div class=\"#{@cssclass}\">" unless @nowrap + html << '<table><tbody>' + html << "<td class=\"linenos\"><pre>" + html << wrap_linenos(data[:numbers]) + html << '</pre></td>' + html << "<td class=\"lines\"><pre><code>" + html << wrap_lines(data[:code]) + html << '</code></pre></td>' + html << '</tbody></table>' + html << '</div>' unless @nowrap + html + end + + def process_tokens(tokens) + num_lines = 0 + last_val = '' + rendered = '' + + tokens.each do |tok, val| + last_val = val + num_lines += val.scan(/\n/).size + rendered << span(tok, val) + end + + numbers = (@linenostart..num_lines + @linenostart - 1).to_a + + { numbers: numbers, code: rendered } + end + + def wrap_linenos(numbers) + if @anchorlinenos + numbers.map! do |number| + "<a href=\"##{@lineanchorsid}#{number}\">#{number}</a>" + end + end + numbers.join("\n") + end + + def wrap_lines(rendered) + if @lineanchors + lines = rendered.split("\n") + lines = lines.each_with_index.map do |line, index| + number = index + @linenostart + + if @linenos == 'inline' + "<a name=\"L#{number}\"></a>" \ + "<span class=\"linenos\">#{number}</span>" \ + "<span id=\"#{@lineanchorsid}#{number}\" class=\"line\">#{line}" \ + '</span>' + else + "<span id=\"#{@lineanchorsid}#{number}\" class=\"line\">#{line}" \ + '</span>' + end + end + lines.join("\n") + else + if @linenos == 'inline' + lines = rendered.split("\n") + lines = lines.each_with_index.map do |line, index| + number = index + @linenostart + "<span class=\"linenos\">#{number}</span>#{line}" + end + lines.join("\n") + else + rendered + end + end + end + + def span(tok, val) + # http://stackoverflow.com/a/1600584/2587286 + val = CGI.escapeHTML(val) + + if tok.shortname.empty? + val + else + if @inline_theme + rules = @inline_theme.style_for(tok).rendered_rules + "<span style=\"#{rules.to_a.join(';')}\">#{val}</span>" + else + "<span class=\"#{tok.shortname}\">#{val}</span>" + end + end + end + end + end +end diff --git a/lib/support/nginx/gitlab b/lib/support/nginx/gitlab index edb987875df..efa0898900f 100644 --- a/lib/support/nginx/gitlab +++ b/lib/support/nginx/gitlab @@ -38,6 +38,11 @@ upstream gitlab { server unix:/home/git/gitlab/tmp/sockets/gitlab.socket fail_timeout=0; } +## Experimental: gitlab-git-http-server +# upstream gitlab-git-http-server { +# server localhost:8181; +# } + ## Normal HTTP host server { ## Either remove "default_server" from the listen line below, @@ -109,6 +114,26 @@ server { proxy_pass http://gitlab; } + ## Experimental: send Git HTTP traffic to gitlab-git-http-server instead of Unicorn + # location ~ [-\/\w\.]+\.git\/ { + # ## If you use HTTPS make sure you disable gzip compression + # ## to be safe against BREACH attack. + # # gzip off; + + # ## https://github.com/gitlabhq/gitlabhq/issues/694 + # ## Some requests take more than 30 seconds. + # proxy_read_timeout 300; + # proxy_connect_timeout 300; + # proxy_redirect off; + + # proxy_set_header Host $http_host; + # proxy_set_header X-Real-IP $remote_addr; + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # proxy_set_header X-Forwarded-Proto $scheme; + + # proxy_pass http://gitlab-git-http-server; + # } + ## Enable gzip compression as per rails guide: ## http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression ## WARNING: If you are using relative urls remove the block below diff --git a/lib/support/nginx/gitlab-ssl b/lib/support/nginx/gitlab-ssl index 766559b49f6..314525518f1 100644 --- a/lib/support/nginx/gitlab-ssl +++ b/lib/support/nginx/gitlab-ssl @@ -42,6 +42,11 @@ upstream gitlab { server unix:/home/git/gitlab/tmp/sockets/gitlab.socket fail_timeout=0; } +## Experimental: gitlab-git-http-server +# upstream gitlab-git-http-server { +# server localhost:8181; +# } + ## Redirects all HTTP traffic to the HTTPS host server { ## Either remove "default_server" from the listen line below, @@ -156,6 +161,26 @@ server { proxy_pass http://gitlab; } + ## Experimental: send Git HTTP traffic to gitlab-git-http-server instead of Unicorn + # location ~ [-\/\w\.]+\.git\/ { + # ## If you use HTTPS make sure you disable gzip compression + # ## to be safe against BREACH attack. + # gzip off; + + # ## https://github.com/gitlabhq/gitlabhq/issues/694 + # ## Some requests take more than 30 seconds. + # proxy_read_timeout 300; + # proxy_connect_timeout 300; + # proxy_redirect off; + + # proxy_set_header Host $http_host; + # proxy_set_header X-Real-IP $remote_addr; + # proxy_set_header X-Forwarded-Ssl on; + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # proxy_set_header X-Forwarded-Proto $scheme; + # proxy_pass http://gitlab-git-http-server; + # } + ## Enable gzip compression as per rails guide: ## http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression ## WARNING: If you are using relative urls remove the block below diff --git a/spec/features/security/group_access_spec.rb b/spec/features/security/group_access_spec.rb index 0f36e474989..8ce15388605 100644 --- a/spec/features/security/group_access_spec.rb +++ b/spec/features/security/group_access_spec.rb @@ -36,7 +36,7 @@ describe 'Group access', feature: true do subject { group_path(group) } context 'with public projects' do - before(:all) { create_project(:public) } + let!(:project) { create_project(:public) } it { is_expected.to be_allowed_for group_member(:owner) } it { is_expected.to be_allowed_for group_member(:master) } @@ -48,7 +48,7 @@ describe 'Group access', feature: true do end context 'with mixed projects' do - before(:all) { create_project(:mixed) } + let!(:project) { create_project(:mixed) } it { is_expected.to be_allowed_for group_member(:owner) } it { is_expected.to be_allowed_for group_member(:master) } @@ -60,7 +60,7 @@ describe 'Group access', feature: true do end context 'with internal projects' do - before(:all) { create_project(:internal) } + let!(:project) { create_project(:internal) } it { is_expected.to be_allowed_for group_member(:owner) } it { is_expected.to be_allowed_for group_member(:master) } @@ -86,7 +86,7 @@ describe 'Group access', feature: true do subject { issues_group_path(group) } context 'with public projects' do - before(:all) { create_project(:public) } + let!(:project) { create_project(:public) } it { is_expected.to be_allowed_for group_member(:owner) } it { is_expected.to be_allowed_for group_member(:master) } @@ -98,7 +98,7 @@ describe 'Group access', feature: true do end context 'with mixed projects' do - before(:all) { create_project(:mixed) } + let!(:project) { create_project(:mixed) } it { is_expected.to be_allowed_for group_member(:owner) } it { is_expected.to be_allowed_for group_member(:master) } @@ -110,7 +110,7 @@ describe 'Group access', feature: true do end context 'with internal projects' do - before(:all) { create_project(:internal) } + let!(:project) { create_project(:internal) } it { is_expected.to be_allowed_for group_member(:owner) } it { is_expected.to be_allowed_for group_member(:master) } @@ -136,7 +136,7 @@ describe 'Group access', feature: true do subject { merge_requests_group_path(group) } context 'with public projects' do - before(:all) { create_project(:public) } + let!(:project) { create_project(:public) } it { is_expected.to be_allowed_for group_member(:owner) } it { is_expected.to be_allowed_for group_member(:master) } @@ -148,7 +148,7 @@ describe 'Group access', feature: true do end context 'with mixed projects' do - before(:all) { create_project(:mixed) } + let!(:project) { create_project(:mixed) } it { is_expected.to be_allowed_for group_member(:owner) } it { is_expected.to be_allowed_for group_member(:master) } @@ -160,7 +160,7 @@ describe 'Group access', feature: true do end context 'with internal projects' do - before(:all) { create_project(:internal) } + let!(:project) { create_project(:internal) } it { is_expected.to be_allowed_for group_member(:owner) } it { is_expected.to be_allowed_for group_member(:master) } @@ -186,7 +186,7 @@ describe 'Group access', feature: true do subject { group_group_members_path(group) } context 'with public projects' do - before(:all) { create_project(:public) } + let!(:project) { create_project(:public) } it { is_expected.to be_allowed_for group_member(:owner) } it { is_expected.to be_allowed_for group_member(:master) } @@ -198,7 +198,7 @@ describe 'Group access', feature: true do end context 'with mixed projects' do - before(:all) { create_project(:mixed) } + let!(:project) { create_project(:mixed) } it { is_expected.to be_allowed_for group_member(:owner) } it { is_expected.to be_allowed_for group_member(:master) } @@ -210,7 +210,7 @@ describe 'Group access', feature: true do end context 'with internal projects' do - before(:all) { create_project(:internal) } + let!(:project) { create_project(:internal) } it { is_expected.to be_allowed_for group_member(:owner) } it { is_expected.to be_allowed_for group_member(:master) } @@ -236,7 +236,7 @@ describe 'Group access', feature: true do subject { edit_group_path(group) } context 'with public projects' do - before(:all) { create_project(:public) } + let!(:project) { create_project(:public) } it { is_expected.to be_allowed_for group_member(:owner) } it { is_expected.to be_denied_for group_member(:master) } @@ -248,7 +248,7 @@ describe 'Group access', feature: true do end context 'with mixed projects' do - before(:all) { create_project(:mixed) } + let!(:project) { create_project(:mixed) } it { is_expected.to be_allowed_for group_member(:owner) } it { is_expected.to be_denied_for group_member(:master) } @@ -260,7 +260,7 @@ describe 'Group access', feature: true do end context 'with internal projects' do - before(:all) { create_project(:internal) } + let!(:project) { create_project(:internal) } it { is_expected.to be_allowed_for group_member(:owner) } it { is_expected.to be_denied_for group_member(:master) } |