Merge branch 'master' of gitlab.com:gitlab-org/gitlab-pages into update-go-proxyproto

author: vtak <vtak@gitlab.com> 2022-03-16 09:54:04 +0300
committer: vtak <vtak@gitlab.com> 2022-03-16 09:54:21 +0300
commit: f0e37afc2fb092323fae6c46ffef0c1651fa7809 (patch)
tree: 2905d09592c83c6a95a4901a899403573b46bf14
parent: 348b0e1b8e929cc68f1b07bb0af88a75396ef9db (diff)
parent: 8d0041e051d16bb44208a5992e88ff7cd33a14e8 (diff)
7 files changed, 30 insertions, 20 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 3ffbfba8..e446cf2e 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -19,7 +19,7 @@ include:
   - local: .gitlab/ci/test.yml
 
 default:
-  image: golang:1.17
+  image: golang:1.18
   tags:
     - gitlab-org
 
diff --git a/.gitlab/ci/test.yml b/.gitlab/ci/test.yml
index e9bca5d6..0be07471 100644
--- a/.gitlab/ci/test.yml
+++ b/.gitlab/ci/test.yml
@@ -11,7 +11,7 @@
   image: golang:${GO_VERSION}
   parallel:
     matrix:
-      - GO_VERSION: ["1.16", "1.17"]
+      - GO_VERSION: ["1.16", "1.17", "1.18"]
 
 tests:
   extends: .tests-matrix
diff --git a/CHANGELOG.md b/CHANGELOG.md
index f65bf9b6..c2dcfcab 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,11 @@
+## 1.56.0 (2022-03-15)
+
+### Added (3 changes)
+
+- [feat: allow auth http.Client timeout to be configurable](gitlab-org/gitlab-pages@0a2122d4960ebdca71a21cdb6038696f1746c3f1) by @Osmanilge ([merge request](gitlab-org/gitlab-pages!687))
+- [feat: make server shutdown timeout configurable](gitlab-org/gitlab-pages@f78d8d18b960f66a2a4f4e2044e2159647d375af) by @HuseyinEmreAksoy ([merge request](gitlab-org/gitlab-pages!688))
+- [Add security-harness script](gitlab-org/gitlab-pages@de0b946ff919a2df3e172c569383dec8a4fd3b41) ([merge request](gitlab-org/gitlab-pages!697))
+
 ## 1.55.0 (2022-02-22)
 
 ### Added (1 change)
diff --git a/VERSION b/VERSION
index 094d6ad0..3ebf789f 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-1.55.0
+1.56.0
diff --git a/internal/config/config.go b/internal/config/config.go
index 7644e5ad..48bab76e 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -135,6 +135,7 @@ type ZipServing struct {
 	RefreshInterval    time.Duration
 	OpenTimeout        time.Duration
 	AllowedPaths       []string
+	HTTPClientTimeout  time.Duration
 }
 
 func internalGitlabServerFromFlags() string {
@@ -240,6 +241,7 @@ func loadConfig() (*Config, error) {
 			RefreshInterval:    *zipCacheRefresh,
 			OpenTimeout:        *zipOpenTimeout,
 			AllowedPaths:       []string{*pagesRoot},
+			HTTPClientTimeout:  *zipHTTPClientTimeout,
 		},
 
 		// Actual listener pointers will be populated in appMain. We populate the
@@ -315,6 +317,7 @@ func LogConfig(config *Config) {
 		"zip-cache-cleanup":              config.Zip.CleanupInterval,
 		"zip-cache-refresh":              config.Zip.RefreshInterval,
 		"zip-open-timeout":               config.Zip.OpenTimeout,
+		"zip-http-client-timeout":        config.Zip.HTTPClientTimeout,
 		"rate-limit-source-ip":           config.RateLimit.SourceIPLimitPerSecond,
 		"rate-limit-source-ip-burst":     config.RateLimit.SourceIPBurst,
 		"rate-limit-domain":              config.RateLimit.DomainLimitPerSecond,
diff --git a/internal/config/flags.go b/internal/config/flags.go
index 091e07e3..cd44692a 100644
--- a/internal/config/flags.go
+++ b/internal/config/flags.go
@@ -66,20 +66,21 @@ var (
 	_          = flag.String("domain-config-source", "gitlab", "DEPRECATED and has not affect, see https://gitlab.com/gitlab-org/gitlab-pages/-/merge_requests/541")
 	enableDisk = flag.Bool("enable-disk", true, "Enable disk access, shall be disabled in environments where shared disk storage isn't available")
 
-	clientID           = flag.String("auth-client-id", "", "GitLab application Client ID")
-	clientSecret       = flag.String("auth-client-secret", "", "GitLab application Client Secret")
-	redirectURI        = flag.String("auth-redirect-uri", "", "GitLab application redirect URI")
-	authScope          = flag.String("auth-scope", "api", "Scope to be used for authentication (must match GitLab Pages OAuth application settings)")
-	authTimeout        = flag.Duration("auth-timeout", 5*time.Second, "GitLab application client timeout for authentication")
-	maxConns           = flag.Int("max-conns", 0, "Limit on the number of concurrent connections to the HTTP, HTTPS or proxy listeners, 0 for no limit")
-	maxURILength       = flag.Int("max-uri-length", 1024, "Limit the length of URI, 0 for unlimited.")
-	insecureCiphers    = flag.Bool("insecure-ciphers", false, "Use default list of cipher suites, may contain insecure ones like 3DES and RC4")
-	tlsMinVersion      = flag.String("tls-min-version", "tls1.2", tlsVersionFlagUsage("min"))
-	tlsMaxVersion      = flag.String("tls-max-version", "", tlsVersionFlagUsage("max"))
-	zipCacheExpiration = flag.Duration("zip-cache-expiration", 60*time.Second, "Zip serving archive cache expiration interval")
-	zipCacheCleanup    = flag.Duration("zip-cache-cleanup", 30*time.Second, "Zip serving archive cache cleanup interval")
-	zipCacheRefresh    = flag.Duration("zip-cache-refresh", 30*time.Second, "Zip serving archive cache refresh interval")
-	zipOpenTimeout     = flag.Duration("zip-open-timeout", 30*time.Second, "Zip archive open timeout")
+	clientID             = flag.String("auth-client-id", "", "GitLab application Client ID")
+	clientSecret         = flag.String("auth-client-secret", "", "GitLab application Client Secret")
+	redirectURI          = flag.String("auth-redirect-uri", "", "GitLab application redirect URI")
+	authScope            = flag.String("auth-scope", "api", "Scope to be used for authentication (must match GitLab Pages OAuth application settings)")
+	authTimeout          = flag.Duration("auth-timeout", 5*time.Second, "GitLab application client timeout for authentication")
+	maxConns             = flag.Int("max-conns", 0, "Limit on the number of concurrent connections to the HTTP, HTTPS or proxy listeners, 0 for no limit")
+	maxURILength         = flag.Int("max-uri-length", 1024, "Limit the length of URI, 0 for unlimited.")
+	insecureCiphers      = flag.Bool("insecure-ciphers", false, "Use default list of cipher suites, may contain insecure ones like 3DES and RC4")
+	tlsMinVersion        = flag.String("tls-min-version", "tls1.2", tlsVersionFlagUsage("min"))
+	tlsMaxVersion        = flag.String("tls-max-version", "", tlsVersionFlagUsage("max"))
+	zipCacheExpiration   = flag.Duration("zip-cache-expiration", 60*time.Second, "Zip serving archive cache expiration interval")
+	zipCacheCleanup      = flag.Duration("zip-cache-cleanup", 30*time.Second, "Zip serving archive cache cleanup interval")
+	zipCacheRefresh      = flag.Duration("zip-cache-refresh", 30*time.Second, "Zip serving archive cache refresh interval")
+	zipOpenTimeout       = flag.Duration("zip-open-timeout", 30*time.Second, "Zip archive open timeout")
+	zipHTTPClientTimeout = flag.Duration("zip-http-client-timeout", 30*time.Minute, "Zip HTTP client timeout")
 
 	disableCrossOriginRequests = flag.Bool("disable-cross-origin-requests", false, "Disable cross-origin requests")
 
diff --git a/internal/vfs/zip/vfs.go b/internal/vfs/zip/vfs.go
index d0608c81..3fcef556 100644
--- a/internal/vfs/zip/vfs.go
+++ b/internal/vfs/zip/vfs.go
@@ -67,9 +67,7 @@ func New(cfg *config.ZipServing) vfs.VFS {
 		cacheCleanupInterval:    cfg.CleanupInterval,
 		openTimeout:             cfg.OpenTimeout,
 		httpClient: &http.Client{
-			// TODO: make this timeout configurable
-			// https://gitlab.com/gitlab-org/gitlab-pages/-/issues/457
-			Timeout: 30 * time.Minute,
+			Timeout: cfg.HTTPClientTimeout,
 			Transport: httptransport.NewMeteredRoundTripper(
 				httptransport.NewTransport(),
 				"zip_vfs",
author	vtak <vtak@gitlab.com>	2022-03-16 09:54:04 +0300
committer	vtak <vtak@gitlab.com>	2022-03-16 09:54:21 +0300
commit	f0e37afc2fb092323fae6c46ffef0c1651fa7809 (patch)
tree	2905d09592c83c6a95a4901a899403573b46bf14
parent	348b0e1b8e929cc68f1b07bb0af88a75396ef9db (diff)
parent	8d0041e051d16bb44208a5992e88ff7cd33a14e8 (diff)