From 33aa185d83e3fc8ed4e2e2fbb8aad97e3a6d8011 Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Fri, 10 May 2019 13:38:23 -0500
Subject: Add warning about updating Omnibus is secrets are updated

[ci skip]
---
 config/initializers/01_secret_token.rb | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/config/initializers/01_secret_token.rb b/config/initializers/01_secret_token.rb
index 4328ca509ba..e24b5cbd510 100644
--- a/config/initializers/01_secret_token.rb
+++ b/config/initializers/01_secret_token.rb
@@ -1,3 +1,14 @@
+# WARNING: If you add a new secret to this file, make sure you also
+# update Omnibus GitLab or updates will fail. Omnibus is responsible for
+# writing the `secrets.yml` file.  If Omnibus doesn't know about a
+# secret, Rails will attempt to write to the file, but this will fail
+# because Rails doesn't have write access.
+#
+# As an example:
+# * https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/27581
+# * https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests/3267
+#
+#
 # This file needs to be loaded BEFORE any initializers that attempt to
 # prepend modules that require access to secrets (e.g. EE's 0_as_concern.rb).
 #
-- 
cgit v1.2.3