Allow specifying protected branches using wildcards

Closes #18627 (closed)

Tasks

• #18627 (closed) !4665 (merged) Allow specifying protected branches using wildcards
  • Find existing usages of protected branches
    • Protecting branches
      • ProtectedBranchesController is used to mark a branch protected/unprotected
      • API::Branches can be used to mark a branch protected/unprotected
    • Enforcing branch protection
      • Gitlab::GitAccess has helpers (can_push_to_branch?, check) that are used to deny pushes if a branch is protected
      • Over SSH: gitlab-shell receives a push, and calls /allowed on the GitLab API, which calls GitAccess.check
      • Over HTTP:
        • gitlab-workhorse receives the request, and forwards it to rails
        • Rails (in the GitHttpController#git-recieve-pack) runs basic checks (is the user logged in, not protected branch checks) and returns ok with GL_ID and RepoPath
        • gitlab-workhorse looks at the response, and calls the relevant gitlab-shell action from git-http/handlePostRPC
        • Rest of this flow is the same as the SSH flow above
  • Implementation
    • Backend
      • Change project#protected_branch? to look at wildcard protected branches
      • Change project#developers_can_push_to_protected_branch?
      • Change project#open_branches
      • Better error message when creating a disallowed branch from the Web UI
    • Frontend
      • Protected branches page should allow typing out a wildcard pattern
      • Add help text explaining the use of wildcards
      • Show matching branches for each protected branch
        • On the index page
        • On a show page
        • Index?
      • Can't have the "last commit" column for wildcard protected branches
  • Fix / write tests
  • What happens if a hook is missing in dev?
  • Refactor
  • Test workflows
    • Create a branch matching a wildcard pattern
    • Push to a branch matching a wildcard pattern
    • Force push to a branch matching a wildcard pattern
    • Delete a branch matching a wildcard pattern
    • Test using Web UI
    • Test over SSH
    • Test over HTTP
    • Test as developer and master
  • Investigate performance
    • Test with a large number of protected branches / branches
    • Paginate list of protected branches
    • Possibly rewrite open_branches
  • Add iids to existing ProtectedBranches
  • Add documentation
  • Add CHANGELOG entry
  • Add screenshots
  • Make sure build passes
  • Assign to endboss for review
  • Address @DouweM's comments
    • protected_branch_params
    • exact_match instead of explicit_match
    • When would self.name be blank?
    • Move protected_branches.each to a partial
    • Move matching_branches.each to a partial
    • If the branch is in @matching_branches, it's not been removed
    • move this regex to a method and memoize it
    • commit_sha directly for exact matches
    • Number of matches for wildcard matches, with a link
  • Wait for build to pass
  • Respond to @DouweM's comments
    • Don't use iid
    • Controller should use @project.protected_branches.new
    • move the memoization to def wildcard_regex
    • render with collection: @protected_branches
  • Wait for build to pass
  • Wait for @DouweM's review
  • Wait for @jschatz1's review
  • Respond to @jschatz1's comments
    • Use the new dropdown style
    • description should be moved to the description section without the styling
    • Protect button should be disabled when no branch is selected
  • Update screenshots
  • Merge conflicts
  • Make sure build passes
  • Revisit performance, possibly with staging/production data
    • Get a dump of staging / run against staging live
      • Get SSH access to staging
  • Wait for review/merge

Screenshots

Creating wildcard protected branches

Using the GLDropdown component

Enforcing wildcard protected branches

From the Web UI

Over SSH

Over HTTPS

Listing matching branches

Marked this merge request as a Work In Progress

Added 2 commits:

• 66367a01 - Fix two more Project methods to work with wildcard protected branches.
• ff52dd52 - Improve the performance of Project#protected_branch?

Added 3 commits:

• 36118973 - Fix two more Project methods to work with wildcard protected branches.
• 16d884ef - Improve the performance of Project#protected_branch?
• 3aa04a2e - Remove the (now) unused Project#protected_branch_names method.

Added 4 commits:

• c0d339c3 - Have Project#protected_branch? support wildcard matches.
• a0e78437 - Fix two more Project methods to work with wildcard protected branches.
• 2250d476 - Improve the performance of Project#protected_branch?
• 090d7004 - Remove the (now) unused Project#protected_branch_names method.

Added 2 commits:

• b85b971d - Improve the performance of Project#protected_branch?
• 51f6b562 - Remove the (now) unused Project#protected_branch_names method.

Added ~149423 label

Added 1 commit:

• d6178364 - Allow entering any branch name for a protected branch.

Added 2 commits:

• 5f24a133 - Display branches matching a protected branch.
• 3abe9d06 - Remove the "Last Commit" column from the list of protected branches.

Added 209 commits:

• 3abe9d06...1b43f51a - 202 commits from branch master
• 2c8e475a - Have Project#protected_branch? support wildcard matches.
• 6751e115 - Fix two more Project methods to work with wildcard protected branches.
• 5c8a2aa1 - Improve the performance of Project#protected_branch?
• d872d36f - Remove the (now) unused Project#protected_branch_names method.
• 2ed11333 - Allow entering any branch name for a protected branch.
• 78d8fd91 - Display branches matching a protected branch.
• 38bc302a - Remove the "Last Commit" column from the list of protected branches.

Added 4 commits:

• ab8408f6 - Allow entering any branch name for a protected branch.
• e69d30b6 - Display branches matching a protected branch.
• 8555070d - Remove the "Last Commit" column from the list of protected branches.
• 85db258d - Improve the error message displayed when branch creation fails.

Marked the task Implementation as completed

Marked the task Backend as completed

Marked the task Better error message when creating a disallowed branch from the Web UI as completed

Added 1 commit:

• 19112c94 - Link each matching branch to it's tree page.

Added 9 commits:

• 3c3808c4 - Have Project#protected_branch? support wildcard matches.
• bda78993 - Fix two more Project methods to work with wildcard protected branches.
• 58ccbf06 - Improve the performance of Project#protected_branch?
• 92fb402e - Remove the (now) unused Project#protected_branch_names method.
• 01547358 - Allow entering any branch name for a protected branch.
• aaf8c842 - Display branches matching a protected branch.
• 4ecda19c - Remove the "Last Commit" column from the list of protected branches.
• 0adfe855 - Improve the error message displayed when branch creation fails.
• c2a7e503 - Link each matching branch to it's tree page.

Added 93 commits:

• c2a7e503...f011b86b - 84 commits from branch master
• c3cf817d - Have Project#protected_branch? support wildcard matches.
• bc565e61 - Fix two more Project methods to work with wildcard protected branches.
• a68f9cd7 - Improve the performance of Project#protected_branch?
• 841d284b - Remove the (now) unused Project#protected_branch_names method.
• 6300fc9c - Allow entering any branch name for a protected branch.
• 175134dc - Display branches matching a protected branch.
• 24b92a77 - Remove the "Last Commit" column from the list of protected branches.
• f568f815 - Improve the error message displayed when branch creation fails.
• a6b09347 - Link each matching branch to it's tree page.

Added 1 commit:

• 039c339c - Add a feature spec for protected branch creation.

Marked the task Fix / write tests as completed

Marked the task Test over SSH as completed

Marked the task Test over HTTP as completed