Allow specifying protected branches using wildcards

Closes #18627 (closed)

Tasks

• #18627 (closed) !4665 (merged) Allow specifying protected branches using wildcards
  • Find existing usages of protected branches
    • Protecting branches
      • ProtectedBranchesController is used to mark a branch protected/unprotected
      • API::Branches can be used to mark a branch protected/unprotected
    • Enforcing branch protection
      • Gitlab::GitAccess has helpers (can_push_to_branch?, check) that are used to deny pushes if a branch is protected
      • Over SSH: gitlab-shell receives a push, and calls /allowed on the GitLab API, which calls GitAccess.check
      • Over HTTP:
        • gitlab-workhorse receives the request, and forwards it to rails
        • Rails (in the GitHttpController#git-recieve-pack) runs basic checks (is the user logged in, not protected branch checks) and returns ok with GL_ID and RepoPath
        • gitlab-workhorse looks at the response, and calls the relevant gitlab-shell action from git-http/handlePostRPC
        • Rest of this flow is the same as the SSH flow above
  • Implementation
    • Backend
      • Change project#protected_branch? to look at wildcard protected branches
      • Change project#developers_can_push_to_protected_branch?
      • Change project#open_branches
      • Better error message when creating a disallowed branch from the Web UI
    • Frontend
      • Protected branches page should allow typing out a wildcard pattern
      • Add help text explaining the use of wildcards
      • Show matching branches for each protected branch
        • On the index page
        • On a show page
        • Index?
      • Can't have the "last commit" column for wildcard protected branches
  • Fix / write tests
  • What happens if a hook is missing in dev?
  • Refactor
  • Test workflows
    • Create a branch matching a wildcard pattern
    • Push to a branch matching a wildcard pattern
    • Force push to a branch matching a wildcard pattern
    • Delete a branch matching a wildcard pattern
    • Test using Web UI
    • Test over SSH
    • Test over HTTP
    • Test as developer and master
  • Investigate performance
    • Test with a large number of protected branches / branches
    • Paginate list of protected branches
    • Possibly rewrite open_branches
  • Add iids to existing ProtectedBranches
  • Add documentation
  • Add CHANGELOG entry
  • Add screenshots
  • Make sure build passes
  • Assign to endboss for review
  • Address @DouweM's comments
    • protected_branch_params
    • exact_match instead of explicit_match
    • When would self.name be blank?
    • Move protected_branches.each to a partial
    • Move matching_branches.each to a partial
    • If the branch is in @matching_branches, it's not been removed
    • move this regex to a method and memoize it
    • commit_sha directly for exact matches
    • Number of matches for wildcard matches, with a link
  • Wait for build to pass
  • Respond to @DouweM's comments
    • Don't use iid
    • Controller should use @project.protected_branches.new
    • move the memoization to def wildcard_regex
    • render with collection: @protected_branches
  • Wait for build to pass
  • Wait for @DouweM's review
  • Wait for @jschatz1's review
  • Respond to @jschatz1's comments
    • Use the new dropdown style
    • description should be moved to the description section without the styling
    • Protect button should be disabled when no branch is selected
  • Update screenshots
  • Merge conflicts
  • Make sure build passes
  • Revisit performance, possibly with staging/production data
    • Get a dump of staging / run against staging live
      • Get SSH access to staging
  • Wait for review/merge

Screenshots

Creating wildcard protected branches

Using the GLDropdown component

Enforcing wildcard protected branches

From the Web UI

Over SSH

Over HTTPS

Listing matching branches