Skip to content
Snippets Groups Projects
Commit a6011c3d authored by GitLab Bot's avatar GitLab Bot
Browse files

Add latest changes from gitlab-org/gitlab@master

parent ffc757a7
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 284 additions and 279 deletions
app/controllers/projects/releases_controller.rb
+ 2
2
View file @ a6011c3d
@@ -8,7 +8,7 @@ class Projects::ReleasesController < Projects::ApplicationController
before_action do
push_frontend_feature_flag(:release_issue_summary, project)
push_frontend_feature_flag(:release_evidence_collection, project, default_enabled: true)
push_frontend_feature_flag(:release_show_page, project)
push_frontend_feature_flag(:release_show_page, project, default_enabled: true)
end
before_action :authorize_update_release!, only: %i[edit update]
before_action :authorize_read_release_evidence!, only: [:evidence]
@@ -31,7 +31,7 @@ class Projects::ReleasesController < Projects::ApplicationController
end
 
def show
return render_404 unless Feature.enabled?(:release_show_page, project)
return render_404 unless Feature.enabled?(:release_show_page, project, default_enabled: true)
 
respond_to do |format|
format.html do
app/presenters/release_presenter.rb
+ 1
1
View file @ a6011c3d
@@ -20,7 +20,7 @@ class ReleasePresenter < Gitlab::View::Presenter::Delegated
end
 
def self_url
return unless ::Feature.enabled?(:release_show_page, project)
return unless ::Feature.enabled?(:release_show_page, project, default_enabled: true)
 
project_release_url(project, release)
end
app/views/projects/pipeline_schedules/index.html.haml
+ 1
1
View file @ a6011c3d
@@ -2,7 +2,7 @@
 
- page_title _("Pipeline Schedules")
 
#pipeline-schedules-callout{ data: { docs_url: help_page_path('user/project/pipelines/schedules') } }
#pipeline-schedules-callout{ data: { docs_url: help_page_path('ci/pipelines/schedules') } }
.top-area
- schedule_path_proc = ->(scope) { pipeline_schedules_path(@project, scope: scope) }
= render "tabs", schedule_path_proc: schedule_path_proc, all_schedules: @all_schedules, scope: @scope
changelogs/unreleased/nfriend-enable-release-show-page-feature-flag.yml 0 → 100644
+ 5
0
View file @ a6011c3d
---
title: Add dedicated Release page for viewing a single Release
merge_request: 26502
author:
type: added
doc/README.md
+ 1
1
View file @ a6011c3d
@@ -287,7 +287,7 @@ The following documentation relates to the DevOps **Release** stage:
| [GitLab CI/CD](ci/README.md) | Explore the features and capabilities of Continuous Deployment and Delivery with GitLab. |
| [GitLab Pages](user/project/pages/index.md) | Build, test, and deploy a static site directly from GitLab. |
| [Protected Runners](ci/runners/README.md#protected-runners) | Select Runners to only pick jobs for protected branches and tags. |
| [Scheduled Pipelines](user/project/pipelines/schedules.md) | Execute pipelines on a schedule. |
| [Scheduled Pipelines](ci/pipelines/schedules.md) | Execute pipelines on a schedule. |
 
<div align="right">
<a type="button" class="btn btn-default" href="#overview">
doc/administration/auth/crowd.md
+ 1
1
View file @ a6011c3d
@@ -54,7 +54,7 @@ Authenticate to GitLab using the Atlassian Crowd OmniAuth provider.
 
**Source:**
 
```
```yaml
- { name: 'crowd',
args: {
crowd_server_url: 'CROWD_SERVER_URL',
doc/administration/auth/ldap.md
+ 6
6
View file @ a6011c3d
@@ -405,7 +405,7 @@ production:
Tip: If you want to limit access to the nested members of an Active Directory
group, you can use the following syntax:
 
```text
```plaintext
(memberOf:1.2.840.113556.1.4.1941:=CN=My Group,DC=Example,DC=com)
```
 
@@ -423,13 +423,13 @@ The `user_filter` DN can contain special characters. For example:
 
- A comma:
 
```text
```plaintext
OU=GitLab, Inc,DC=gitlab,DC=com
```
 
- Open and close brackets:
 
```text
```plaintext
OU=Gitlab (Inc),DC=gitlab,DC=com
```
 
@@ -438,13 +438,13 @@ The `user_filter` DN can contain special characters. For example:
 
- Escape commas with `\2C`. For example:
 
```text
```plaintext
OU=GitLab\2C Inc,DC=gitlab,DC=com
```
 
- Escape open and close brackets with `\28` and `\29`, respectively. For example:
 
```text
```plaintext
OU=Gitlab \28Inc\29,DC=gitlab,DC=com
```
 
@@ -603,7 +603,7 @@ GitLab. Common combinations are `encryption: 'plain'` and `port: 389`, OR
 
If GitLab cannot reach your LDAP endpoint, you will see a message like this:
 
```
```plaintext
Could not authenticate you from Ldapmain because "Connection timed out - user specified timeout".
```
 
doc/administration/auth/okta.md
+ 3
3
View file @ a6011c3d
@@ -86,9 +86,9 @@ Now that the Okta app is configured, it's time to enable it in GitLab.
 
Edit `config/gitlab.yml`:
 
```yaml
auto_link_saml_user: true
```
```yaml
auto_link_saml_user: true
```
 
1. Add the provider configuration.
 
doc/administration/geo/replication/database.md
+ 1
1
View file @ a6011c3d
@@ -495,7 +495,7 @@ work:
 
1. On the **secondary** nodes, change `/etc/gitlab/gitlab.rb`:
 
```
```ruby
geo_postgresql['fdw_external_user'] = 'gitlab_geo_fdw'
```
 
doc/administration/geo/replication/troubleshooting.md
+ 79
79
View file @ a6011c3d
@@ -46,7 +46,7 @@ sudo gitlab-rake gitlab:geo:check
 
Example output:
 
```text
```plaintext
Checking Geo ...
 
GitLab Geo is available ... yes
@@ -79,7 +79,7 @@ sudo gitlab-rake geo:status
 
Example output:
 
```text
```plaintext
http://secondary.example.com/
-----------------------------------------------------
GitLab Version: 11.10.4-ee
@@ -134,11 +134,11 @@ sudo gitlab-rake gitlab:geo:check
It displays the current machine's node name and whether the matching database
record is a **primary** or **secondary** node.
 
```
```plaintext
This machine's Geo node name matches a database record ... yes, found a secondary node named "Shanghai"
```
 
```
```plaintext
This machine's Geo node name matches a database record ... no
Try fixing it:
You could add or update a Geo node database record, setting the name to "https://example.com/".
@@ -157,95 +157,95 @@ sudo gitlab-rake gitlab:geo:check
 
1. Rails did not provide a password when connecting to the database
 
```text
Checking Geo ...
```plaintext
Checking Geo ...
 
GitLab Geo is available ... Exception: fe_sendauth: no password supplied
GitLab Geo is enabled ... Exception: fe_sendauth: no password supplied
...
Checking Geo ... Finished
```
GitLab Geo is available ... Exception: fe_sendauth: no password supplied
GitLab Geo is enabled ... Exception: fe_sendauth: no password supplied
...
Checking Geo ... Finished
```
 
- Ensure that you have the `gitlab_rails['db_password']` set to the plain text-password used when creating the hash for `postgresql['sql_user_password']`.
- Ensure that you have the `gitlab_rails['db_password']` set to the plain text-password used when creating the hash for `postgresql['sql_user_password']`.
 
1. Rails is unable to connect to the database
 
```text
Checking Geo ...
```plaintext
Checking Geo ...
 
GitLab Geo is available ... Exception: FATAL: no pg_hba.conf entry for host "1.1.1.1", user "gitlab", database "gitlabhq_production", SSL on
FATAL: no pg_hba.conf entry for host "1.1.1.1", user "gitlab", database "gitlabhq_production", SSL off
GitLab Geo is enabled ... Exception: FATAL: no pg_hba.conf entry for host "1.1.1.1", user "gitlab", database "gitlabhq_production", SSL on
FATAL: no pg_hba.conf entry for host "1.1.1.1", user "gitlab", database "gitlabhq_production", SSL off
...
Checking Geo ... Finished
```
GitLab Geo is available ... Exception: FATAL: no pg_hba.conf entry for host "1.1.1.1", user "gitlab", database "gitlabhq_production", SSL on
FATAL: no pg_hba.conf entry for host "1.1.1.1", user "gitlab", database "gitlabhq_production", SSL off
GitLab Geo is enabled ... Exception: FATAL: no pg_hba.conf entry for host "1.1.1.1", user "gitlab", database "gitlabhq_production", SSL on
FATAL: no pg_hba.conf entry for host "1.1.1.1", user "gitlab", database "gitlabhq_production", SSL off
...
Checking Geo ... Finished
```
 
- Ensure that you have the IP address of the rails node included in `postgresql['md5_auth_cidr_addresses']`.
- Ensure that you have included the subnet mask on the IP address: `postgresql['md5_auth_cidr_addresses'] = ['1.1.1.1/32']`.
- Ensure that you have the IP address of the rails node included in `postgresql['md5_auth_cidr_addresses']`.
- Ensure that you have included the subnet mask on the IP address: `postgresql['md5_auth_cidr_addresses'] = ['1.1.1.1/32']`.
 
1. Rails has supplied the incorrect password
 
```text
Checking Geo ...
GitLab Geo is available ... Exception: FATAL: password authentication failed for user "gitlab"
FATAL: password authentication failed for user "gitlab"
GitLab Geo is enabled ... Exception: FATAL: password authentication failed for user "gitlab"
FATAL: password authentication failed for user "gitlab"
...
Checking Geo ... Finished
```
```plaintext
Checking Geo ...
GitLab Geo is available ... Exception: FATAL: password authentication failed for user "gitlab"
FATAL: password authentication failed for user "gitlab"
GitLab Geo is enabled ... Exception: FATAL: password authentication failed for user "gitlab"
FATAL: password authentication failed for user "gitlab"
...
Checking Geo ... Finished
```
 
- Verify the correct password is set for `gitlab_rails['db_password']` that was used when creating the hash in `postgresql['sql_user_password']` by running `gitlab-ctl pg-password-md5 gitlab` and entering the password.
- Verify the correct password is set for `gitlab_rails['db_password']` that was used when creating the hash in `postgresql['sql_user_password']` by running `gitlab-ctl pg-password-md5 gitlab` and entering the password.
 
1. Check returns not a secondary node
 
```text
Checking Geo ...
```plaintext
Checking Geo ...
 
GitLab Geo is available ... yes
GitLab Geo is enabled ... yes
GitLab Geo secondary database is correctly configured ... not a secondary node
Database replication enabled? ... not a secondary node
...
Checking Geo ... Finished
```
GitLab Geo is available ... yes
GitLab Geo is enabled ... yes
GitLab Geo secondary database is correctly configured ... not a secondary node
Database replication enabled? ... not a secondary node
...
Checking Geo ... Finished
```
 
- Ensure that you have added the secondary node in the Admin Area of the **primary** node.
- Ensure that you entered the `external_url` or `gitlab_rails['geo_node_name']` when adding the secondary node in the admin are of the **primary** node.
- Prior to GitLab 12.4, edit the secondary node in the Admin Area of the **primary** node and ensure that there is a trailing `/` in the `Name` field.
- Ensure that you have added the secondary node in the Admin Area of the **primary** node.
- Ensure that you entered the `external_url` or `gitlab_rails['geo_node_name']` when adding the secondary node in the admin are of the **primary** node.
- Prior to GitLab 12.4, edit the secondary node in the Admin Area of the **primary** node and ensure that there is a trailing `/` in the `Name` field.
 
1. Check returns Exception: PG::UndefinedTable: ERROR: relation "geo_nodes" does not exist
 
```text
Checking Geo ...
GitLab Geo is available ... no
Try fixing it:
Upload a new license that includes the GitLab Geo feature
For more information see:
https://about.gitlab.com/features/gitlab-geo/
GitLab Geo is enabled ... Exception: PG::UndefinedTable: ERROR: relation "geo_nodes" does not exist
LINE 8: WHERE a.attrelid = '"geo_nodes"'::regclass
^
: SELECT a.attname, format_type(a.atttypid, a.atttypmod),
pg_get_expr(d.adbin, d.adrelid), a.attnotnull, a.atttypid, a.atttypmod,
c.collname, col_description(a.attrelid, a.attnum) AS comment
FROM pg_attribute a
LEFT JOIN pg_attrdef d ON a.attrelid = d.adrelid AND a.attnum = d.adnum
LEFT JOIN pg_type t ON a.atttypid = t.oid
LEFT JOIN pg_collation c ON a.attcollation = c.oid AND a.attcollation <> t.typcollation
WHERE a.attrelid = '"geo_nodes"'::regclass
AND a.attnum > 0 AND NOT a.attisdropped
ORDER BY a.attnum
...
Checking Geo ... Finished
```
When performing a Postgres major version (9 > 10) update this is expected. Follow:
- [initiate-the-replication-process](database.md#step-3-initiate-the-replication-process)
- [Geo database has an outdated FDW remote schema](troubleshooting.md#geo-database-has-an-outdated-fdw-remote-schema-error)
```plaintext
Checking Geo ...
GitLab Geo is available ... no
Try fixing it:
Upload a new license that includes the GitLab Geo feature
For more information see:
https://about.gitlab.com/features/gitlab-geo/
GitLab Geo is enabled ... Exception: PG::UndefinedTable: ERROR: relation "geo_nodes" does not exist
LINE 8: WHERE a.attrelid = '"geo_nodes"'::regclass
^
: SELECT a.attname, format_type(a.atttypid, a.atttypmod),
pg_get_expr(d.adbin, d.adrelid), a.attnotnull, a.atttypid, a.atttypmod,
c.collname, col_description(a.attrelid, a.attnum) AS comment
FROM pg_attribute a
LEFT JOIN pg_attrdef d ON a.attrelid = d.adrelid AND a.attnum = d.adnum
LEFT JOIN pg_type t ON a.atttypid = t.oid
LEFT JOIN pg_collation c ON a.attcollation = c.oid AND a.attcollation <> t.typcollation
WHERE a.attrelid = '"geo_nodes"'::regclass
AND a.attnum > 0 AND NOT a.attisdropped
ORDER BY a.attnum
...
Checking Geo ... Finished
```
When performing a Postgres major version (9 > 10) update this is expected. Follow:
- [initiate-the-replication-process](database.md#step-3-initiate-the-replication-process)
- [Geo database has an outdated FDW remote schema](troubleshooting.md#geo-database-has-an-outdated-fdw-remote-schema-error)
 
## Fixing replication errors
 
@@ -483,7 +483,7 @@ when promoting a secondary to a primary node with strategies to resolve them.
When [promoting a **secondary** node](../disaster_recovery/index.md#step-3-promoting-a-secondary-node),
you might encounter the following error:
 
```text
```plaintext
Running gitlab-rake geo:set_secondary_as_primary...
 
rake aborted!
@@ -523,7 +523,7 @@ This section documents ways to fix potential Foreign Data Wrapper errors.
When setting up Geo, you might see this warning in the `gitlab-rake
gitlab:geo:check` output:
 
```text
```plaintext
GitLab Geo tracking database Foreign Data Wrapper schema is up-to-date? ... foreign data wrapper is not configured
```
 
@@ -607,7 +607,7 @@ To check the configuration:
1. Check that the foreign server mapping is correct via `\des+`. The
results should look something like this:
 
```
```plaintext
gitlabhq_geo_production=# \des+
List of foreign servers
-[ RECORD 1 ]--------+------------------------------------------------------------
@@ -643,7 +643,7 @@ To check the configuration:
 
1. Check that the user mapping is configured properly via `\deu+`:
 
```
```plaintext
gitlabhq_geo_production=# \deu+
List of user mappings
Server | User name | FDW Options
@@ -731,7 +731,7 @@ GitLab can error with a `Geo database has an outdated FDW remote schema` message
 
For example:
 
```text
```plaintext
Geo database has an outdated FDW remote schema. It contains 229 of 236 expected tables. Please refer to Geo Troubleshooting.
```
 
doc/administration/git_annex.md
+ 6
6
View file @ a6011c3d
@@ -43,13 +43,13 @@ configuration options required to enable it.
 
For Debian-like systems (for example, Debian and Ubuntu) this can be achieved by running:
 
```
```shell
sudo apt-get update && sudo apt-get install git-annex
```
 
For RedHat-like systems (for example, CentOS and RHEL) this can be achieved by running:
 
```
```shell
sudo yum install epel-release && sudo yum install git-annex
```
 
@@ -108,7 +108,7 @@ git annex sync --content # sync the Git repo and large file to the GitLa
 
The output should look like this:
 
```
```plaintext
commit
On branch master
Your branch is ahead of 'origin/master' by 1 commit.
@@ -154,7 +154,7 @@ are turned into symbolic links that point to data in `.git/annex/objects/`.
 
The `debian.iso` file in the example will contain the symbolic link:
 
```
```plaintext
.git/annex/objects/ZW/1k/SHA256E-s82701--6384039733b5035b559efd5a2e25a493ab6e09aabfd5162cc03f6f0ec238429d.png/SHA256E-s82701--6384039733b5035b559efd5a2e25a493ab6e09aabfd5162cc03f6f0ec238429d.iso
```
 
@@ -216,14 +216,14 @@ and the files are pushed to the GitLab repository.
If you get hit by this, you can run the following command inside the repository
that the warning was raised:
 
```
```shell
git config remote.origin.annex-ignore false
```
 
Consecutive runs of `git annex sync --content` **should not** produce this
warning and the output should look like this:
 
```
```plaintext
commit ok
pull origin
ok
doc/administration/gitaly/praefect.md
+ 1
1
View file @ a6011c3d
@@ -121,7 +121,7 @@ node, using `psql` which is installed by GitLab Omnibus.
 
```sql
CREATE ROLE praefect WITH LOGIN CREATEDB PASSWORD 'PRAEFECT_SQL_PASSWORD';
```
```
 
1. Reconnect to the PostgreSQL server, this time as the `praefect` user:
 
doc/administration/lfs/migrate_from_git_annex_to_git_lfs.md
+ 1
1
View file @ a6011c3d
@@ -57,7 +57,7 @@ Fire up a terminal, navigate to your Git repository and:
 
1. Enable `git-lfs`:
 
```
```shell
git lfs install
git lfs track <files>
git add .
doc/administration/logs.md
+ 1
1
View file @ a6011c3d
@@ -353,7 +353,7 @@ GitLab uses background jobs for processing tasks which can take a long
time. All information about processing these jobs are written down to
this file. For example:
 
```
```plaintext
2014-06-10T07:55:20Z 2037 TID-tm504 ERROR: /opt/bitnami/apps/discourse/htdocs/vendor/bundle/ruby/1.9.1/gems/redis-3.0.7/lib/redis/client.rb:228:in `read'
2014-06-10T18:18:26Z 14299 TID-55uqo INFO: Booting Sidekiq 3.0.0 with redis options {:url=>"redis://localhost:6379/0", :namespace=>"sidekiq"}
```
doc/administration/monitoring/prometheus/index.md
+ 3
3
View file @ a6011c3d
@@ -135,9 +135,9 @@ To use an external Prometheus server:
1. Install and set up a dedicated Prometheus instance, if necessary, using the [official installation instructions](https://prometheus.io/docs/prometheus/latest/installation/).
1. Add the Prometheus server IP address to the [monitoring IP whitelist](../ip_whitelist.md). For example:
 
```ruby
gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '192.168.0.1']
```
```ruby
gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '192.168.0.1']
```
 
1. To scrape NGINX metrics, you'll also need to configure NGINX to allow the Prometheus server
IP. For example:
doc/administration/operations/ssh_certificates.md
+ 4
4
View file @ a6011c3d
@@ -40,7 +40,7 @@ it](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/htm
We assume that you already have SSH certificates set up, and have
added the `TrustedUserCAKeys` of your CA to your `sshd_config`, e.g.:
 
```
```plaintext
TrustedUserCAKeys /etc/security/mycompany_user_ca.pub
```
 
@@ -87,7 +87,7 @@ Then, in your `sshd_config` set up `AuthorizedPrincipalsCommand` for
the `git` user. Hopefully you can use the default one shipped with
GitLab:
 
```
```plaintext
Match User git
AuthorizedPrincipalsCommandUser root
AuthorizedPrincipalsCommand /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-principals-check %i sshUsers
@@ -95,7 +95,7 @@ Match User git
 
This command will emit output that looks something like:
 
```
```shell
command="/opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell username-{KEY_ID}",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty {PRINCIPAL}
```
 
@@ -108,7 +108,7 @@ some principal that's guaranteed to be part of the key for all users
who can log in to GitLab, or you must provide a list of principals,
one of which is going to be present for the user, e.g.:
 
```
```plaintext
[...]
AuthorizedPrincipalsCommand /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-principals-check %i sshUsers windowsUsers
```
doc/administration/pages/index.md
+ 7
7
View file @ a6011c3d
@@ -360,16 +360,16 @@ that method from working. Use the following workaround:
 
1. Append your GitLab server TLS/SSL certficate to `/opt/gitlab/embedded/ssl/certs/cacert.pem` where `gitlab-domain-example.com` is your GitLab application URL
 
```shell
printf "\ngitlab-domain-example.com\n===========================\n" | sudo tee --append /opt/gitlab/embedded/ssl/certs/cacert.pem
echo -n | openssl s_client -connect gitlab-domain-example.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | sudo tee --append /opt/gitlab/embedded/ssl/certs/cacert.pem
```
```shell
printf "\ngitlab-domain-example.com\n===========================\n" | sudo tee --append /opt/gitlab/embedded/ssl/certs/cacert.pem
echo -n | openssl s_client -connect gitlab-domain-example.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | sudo tee --append /opt/gitlab/embedded/ssl/certs/cacert.pem
```
 
1. [Restart](../restart_gitlab.md) the GitLab Pages Daemon. For GitLab Omnibus instances:
 
```shell
sudo gitlab-ctl restart gitlab-pages
```
```shell
sudo gitlab-ctl restart gitlab-pages
```
 
CAUTION: **Caution:**
Some GitLab Omnibus upgrades will revert this workaround and you'll need to apply it again.
doc/administration/reply_by_email_postfix_setup.md
+ 7
7
View file @ a6011c3d
@@ -73,7 +73,7 @@ The instructions make the assumption that you will be using the email address `i
 
1. Send the new `incoming` user a dummy email to test SMTP, by entering the following into the SMTP prompt:
 
```
```plaintext
ehlo localhost
mail from: root@localhost
rcpt to: incoming@localhost
@@ -101,7 +101,7 @@ The instructions make the assumption that you will be using the email address `i
 
You should see output like this:
 
```
```plaintext
"/var/mail/incoming": 1 message 1 unread
>U 1 root@localhost 59/2842 Re: Some issue
```
@@ -147,7 +147,7 @@ Courier, which we will install later to add IMAP authentication, requires mailbo
 
You should see output like this:
 
```
```plaintext
"/home/incoming/Maildir": 1 message 1 unread
>U 1 root@localhost 59/2842 Re: Some issue
```
@@ -253,7 +253,7 @@ Courier, which we will install later to add IMAP authentication, requires mailbo
 
1. Send the `incoming` user a dummy email to test SMTP, by entering the following into the SMTP prompt:
 
```
```plaintext
ehlo gitlab.example.com
mail from: root@gitlab.example.com
rcpt to: incoming@gitlab.example.com
@@ -277,7 +277,7 @@ Courier, which we will install later to add IMAP authentication, requires mailbo
 
You should see output like this:
 
```
```plaintext
"/home/incoming/Maildir": 1 message 1 unread
>U 1 root@gitlab.example.com 59/2842 Re: Some issue
```
@@ -313,7 +313,7 @@ Courier, which we will install later to add IMAP authentication, requires mailbo
 
1. Sign in as the `incoming` user to test IMAP, by entering the following into the IMAP prompt:
 
```
```plaintext
a login incoming PASSWORD
```
 
@@ -321,7 +321,7 @@ Courier, which we will install later to add IMAP authentication, requires mailbo
 
You should see output like this:
 
```
```plaintext
a OK LOGIN Ok.
```
 
doc/administration/repository_storage_paths.md
+ 2
2
View file @ a6011c3d
@@ -15,7 +15,7 @@ storage shards) to distribute the storage load between several mount points.
 
Example: this is OK:
 
```
```plaintext
default:
path: /mnt/git-storage-1
storage2:
@@ -24,7 +24,7 @@ storage2:
 
This is not OK because it nests storage paths:
 
```
```plaintext
default:
path: /mnt/git-storage-1
storage2:
doc/administration/static_objects_external_storage.md
+ 152
152
View file @ a6011c3d
@@ -63,158 +63,158 @@ other CDNs or Function as a Service (FaaS) systems should work using the same pr
`pwgen -cn1 64` on a UNIX machine). Save this token for the admin panel, as
described in the [configuring](#configuring) section.
 
```js
const ORIGIN_HOSTNAME = 'gitlab.installation.com' // FIXME: SET CORRECT VALUE
const STORAGE_TOKEN = 'very-secure-token' // FIXME: SET CORRECT VALUE
const CACHE_PRIVATE_OBJECTS = false
const CORS_HEADERS = {
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Methods': 'GET, HEAD, OPTIONS',
'Access-Control-Allow-Headers': 'X-Csrf-Token, X-Requested-With',
}
self.addEventListener('fetch', event => event.respondWith(handle(event)))
async function handle(event) {
try {
let response = await verifyAndHandle(event);
// responses returned from cache are immutable, so we recreate them
// to set CORS headers
response = new Response(response.body, response)
response.headers.set('Access-Control-Allow-Origin', '*')
return response
} catch (e) {
return new Response('An error occurred!', {status: e.statusCode || 500})
}
}
async function verifyAndHandle(event) {
if (!validRequest(event.request)) {
return new Response(null, {status: 400})
}
if (event.request.method === 'OPTIONS') {
return handleOptions(event.request)
}
return handleRequest(event)
}
function handleOptions(request) {
// Make sure the necessary headers are present
// for this to be a valid pre-flight request
if (
request.headers.get('Origin') !== null &&
request.headers.get('Access-Control-Request-Method') !== null &&
request.headers.get('Access-Control-Request-Headers') !== null
) {
// Handle CORS pre-flight request
return new Response(null, {
headers: CORS_HEADERS,
})
} else {
// Handle standard OPTIONS request
return new Response(null, {
headers: {
Allow: 'GET, HEAD, OPTIONS',
},
})
}
}
async function handleRequest(event) {
let cache = caches.default
let url = new URL(event.request.url)
let static_object_token = url.searchParams.get('token')
let headers = new Headers(event.request.headers)
url.host = ORIGIN_HOSTNAME
url = normalizeQuery(url)
headers.set('X-Gitlab-External-Storage-Token', STORAGE_TOKEN)
if (static_object_token !== null) {
headers.set('X-Gitlab-Static-Object-Token', static_object_token)
}
let request = new Request(url, { headers: headers })
let cached_response = await cache.match(request)
let is_conditional_header_set = headers.has('If-None-Match')
if (cached_response) {
return cached_response
}
// We don't want to override If-None-Match that is set on the original request
if (cached_response && !is_conditional_header_set) {
headers.set('If-None-Match', cached_response.headers.get('ETag'))
}
let response = await fetch(request, {
headers: headers,
redirect: 'manual'
})
if (response.status == 304) {
if (is_conditional_header_set) {
return response
} else {
return cached_response
}
} else if (response.ok) {
response = new Response(response.body, response)
// cache.put will never cache any response with a Set-Cookie header
response.headers.delete('Set-Cookie')
if (CACHE_PRIVATE_OBJECTS) {
response.headers.delete('Cache-Control')
}
event.waitUntil(cache.put(request, response.clone()))
}
return response
}
function normalizeQuery(url) {
let searchParams = url.searchParams
url = new URL(url.toString().split('?')[0])
if (url.pathname.includes('/raw/')) {
let inline = searchParams.get('inline')
if (inline == 'false' || inline == 'true') {
url.searchParams.set('inline', inline)
}
} else if (url.pathname.includes('/-/archive/')) {
let append_sha = searchParams.get('append_sha')
let path = searchParams.get('path')
if (append_sha == 'false' || append_sha == 'true') {
url.searchParams.set('append_sha', append_sha)
}
if (path) {
url.searchParams.set('path', path)
}
}
return url
}
function validRequest(request) {
let url = new URL(request.url)
let path = url.pathname
if (/^(.+)(\/raw\/|\/-\/archive\/)/.test(path)) {
return true
}
return false
}
```
```js
const ORIGIN_HOSTNAME = 'gitlab.installation.com' // FIXME: SET CORRECT VALUE
const STORAGE_TOKEN = 'very-secure-token' // FIXME: SET CORRECT VALUE
const CACHE_PRIVATE_OBJECTS = false
const CORS_HEADERS = {
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Methods': 'GET, HEAD, OPTIONS',
'Access-Control-Allow-Headers': 'X-Csrf-Token, X-Requested-With',
}
self.addEventListener('fetch', event => event.respondWith(handle(event)))
async function handle(event) {
try {
let response = await verifyAndHandle(event);
// responses returned from cache are immutable, so we recreate them
// to set CORS headers
response = new Response(response.body, response)
response.headers.set('Access-Control-Allow-Origin', '*')
return response
} catch (e) {
return new Response('An error occurred!', {status: e.statusCode || 500})
}
}
async function verifyAndHandle(event) {
if (!validRequest(event.request)) {
return new Response(null, {status: 400})
}
if (event.request.method === 'OPTIONS') {
return handleOptions(event.request)
}
return handleRequest(event)
}
function handleOptions(request) {
// Make sure the necessary headers are present
// for this to be a valid pre-flight request
if (
request.headers.get('Origin') !== null &&
request.headers.get('Access-Control-Request-Method') !== null &&
request.headers.get('Access-Control-Request-Headers') !== null
) {
// Handle CORS pre-flight request
return new Response(null, {
headers: CORS_HEADERS,
})
} else {
// Handle standard OPTIONS request
return new Response(null, {
headers: {
Allow: 'GET, HEAD, OPTIONS',
},
})
}
}
async function handleRequest(event) {
let cache = caches.default
let url = new URL(event.request.url)
let static_object_token = url.searchParams.get('token')
let headers = new Headers(event.request.headers)
url.host = ORIGIN_HOSTNAME
url = normalizeQuery(url)
headers.set('X-Gitlab-External-Storage-Token', STORAGE_TOKEN)
if (static_object_token !== null) {
headers.set('X-Gitlab-Static-Object-Token', static_object_token)
}
let request = new Request(url, { headers: headers })
let cached_response = await cache.match(request)
let is_conditional_header_set = headers.has('If-None-Match')
if (cached_response) {
return cached_response
}
// We don't want to override If-None-Match that is set on the original request
if (cached_response && !is_conditional_header_set) {
headers.set('If-None-Match', cached_response.headers.get('ETag'))
}
let response = await fetch(request, {
headers: headers,
redirect: 'manual'
})
if (response.status == 304) {
if (is_conditional_header_set) {
return response
} else {
return cached_response
}
} else if (response.ok) {
response = new Response(response.body, response)
// cache.put will never cache any response with a Set-Cookie header
response.headers.delete('Set-Cookie')
if (CACHE_PRIVATE_OBJECTS) {
response.headers.delete('Cache-Control')
}
event.waitUntil(cache.put(request, response.clone()))
}
return response
}
function normalizeQuery(url) {
let searchParams = url.searchParams
url = new URL(url.toString().split('?')[0])
if (url.pathname.includes('/raw/')) {
let inline = searchParams.get('inline')
if (inline == 'false' || inline == 'true') {
url.searchParams.set('inline', inline)
}
} else if (url.pathname.includes('/-/archive/')) {
let append_sha = searchParams.get('append_sha')
let path = searchParams.get('path')
if (append_sha == 'false' || append_sha == 'true') {
url.searchParams.set('append_sha', append_sha)
}
if (path) {
url.searchParams.set('path', path)
}
}
return url
}
function validRequest(request) {
let url = new URL(request.url)
let path = url.pathname
if (/^(.+)(\/raw\/|\/-\/archive\/)/.test(path)) {
return true
}
return false
}
```
 
1. Create a new worker with this script.
1. Copy your values for `ORIGIN_HOSTNAME` and `STORAGE_TOKEN`.
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment