2024-09-03 18:36:35 +02:00 · 2021-11-30 10:09:22 +01:00 · 2021-11-30 10:09:22 +01:00 · 3e2ecfc136
commit 3e2ecfc136
parent e56c7dae51 549bd754c8
11 changed files with 80 additions and 177 deletions
--- a/README.md
+++ b/README.md
@ -17,7 +17,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in

 Git-repository manager providing wiki, issue-tracking and CI/CD pipeline features.

-**Shipped version:** 14.4.0~ynh1
+**Shipped version:** 14.5.0~ynh1

 **Demo:** https://gitlab.com/explore

--- a/README_fr.md
+++ b/README_fr.md
@ -13,7 +13,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour

 Gestionnaire de dépôts Git proposant des fonctionnalités de wiki, suivi de bugs et de pipeline CI/CD.

-**Version incluse :** 14.4.0~ynh1
+**Version incluse :** 14.5.0~ynh1

 **Démo :** https://gitlab.com/explore

--- a/actions.json
+++ b/actions.json
@ -1,24 +0,0 @@
-[
-    {
-        "id": "web_account",
-        "name": "External users",
-        "command": "/bin/bash scripts/actions/web_account",
-        "user": "root",
-        "accepted_return_codes": [
-            0
-        ],
-        "description": {
-            "en": "Allow user to be created without yunohost account."
-        },
-        "arguments": [
-            {
-                "name": "use_web_account",
-                "type": "boolean",
-                "ask": {
-                    "en": "Authorized external user creation ?"
-                },
-                "default": true
-            }
-        ]
-    }
-]
--- a/conf/gitlab.rb
+++ b/conf/gitlab.rb
@ -195,6 +195,7 @@ external_url '__GENERATED_EXTERNAL_URL__'
 # gitlab_rails['namespaces_in_product_marketing_emails_worker_cron'] = "0 9 * * *"
 # gitlab_rails['ssh_keys_expired_notification_worker_cron'] = "0 2 * * *"
 # gitlab_rails['ssh_keys_expiring_soon_notification_worker_cron'] = "0 1 * * *"
+# gitlab_rails['loose_foreign_keys_cleanup_worker_cron'] = "*/5 * * * *"

 ### Webhook Settings
 ###! Number of seconds to wait for HTTP response after sending webhook HTTP POST
@ -680,6 +681,7 @@ gitlab_rails['gitlab_shell_ssh_port'] = __SSH_PORT__
 ### Extra customization
 # gitlab_rails['extra_google_analytics_id'] = '_your_tracking_id'
 # gitlab_rails['extra_google_tag_manager_id'] = '_your_tracking_id'
+# gitlab_rails['extra_one_trust_id'] = '_your_one_trust_id'
 # gitlab_rails['extra_matomo_url'] = '_your_matomo_url'
 # gitlab_rails['extra_matomo_site_id'] = '_your_matomo_site_id'
 # gitlab_rails['extra_matomo_disable_cookies'] = false
@ -793,6 +795,8 @@ gitlab_rails['gitlab_shell_ssh_port'] = __SSH_PORT__
 # gitlab_rails['redis_actioncable_sentinels'] = nil
 # gitlab_rails['redis_rate_limiting_instance'] = nil
 # gitlab_rails['redis_rate_limiting_sentinels'] = nil
+# gitlab_rails['redis_sessions_instance'] = nil
+# gitlab_rails['redis_sessions_sentinels'] = nil

 ################################################################################
 ## Container Registry settings
@ -1615,6 +1619,10 @@ nginx['listen_https'] = false
 ##! Default to 0 for unlimited connections.
 # gitlab_pages['max_connections'] = 0

+##! Configure the maximum length of URIs accepted by GitLab Pages
+##! By default is limited for security reasons. Set 0 for unlimited
+# gitlab_pages['max_uri_length'] = 1024
+
 ##! Setting the propagate_correlation_id to true allows installations behind a reverse proxy
 ##! generate and set a correlation ID to requests sent to GitLab Pages. If a reverse proxy
 ##! sets the header value X-Request-ID, the value will be propagated in the request chain.
@ -1707,6 +1715,16 @@ nginx['listen_https'] = false
 ##! Enable serving content from disk instead of Object Storage
 # gitlab_pages['enable_disk'] = nil

+##! Rate-limiting options below work in report-only mode:
+##! they only count rejected requests, but don't reject them
+##! enable `FF_ENABLE_RATE_LIMITER=true` environment variable to
+##! reject requests.
+
+##! Rate limit per source IP in number of requests per second, 0 means is disabled
+# gitlab_pages['rate_limit_source_ip'] = 50.0
+##! Rate limit per source IP maximum burst allowed per second
+# gitlab_pages['rate_limit_source_ip_burst'] = 600
+
 # gitlab_pages['env_directory'] = "/opt/gitlab/etc/gitlab-pages/env"
 # gitlab_pages['env'] = {
 #   'SSL_CERT_DIR' => "#{node['package']['install-dir']}/embedded/ssl/certs/"
@ -1745,6 +1763,7 @@ nginx['listen_https'] = false
 # gitlab_rails['gitlab_kas_enabled'] = true
 # gitlab_rails['gitlab_kas_external_url'] = ws://gitlab.example.com/-/kubernetes-agent
 # gitlab_rails['gitlab_kas_internal_url'] = grpc://localhost:8153
+# gitlab_rails['gitlab_kas_external_k8s_proxy_url'] = ws://gitlab.example.com/-/kubernetes-agent

 ##! Enable GitLab KAS
 # gitlab_kas['enable'] = true
@ -1760,16 +1779,29 @@ nginx['listen_https'] = false
 ##! Shared secret used for authentication between KAS and GitLab
 # gitlab_kas['api_secret_key'] = nil # Will be generated if not set. Base64 encoded and exactly 32 bytes long.

+##! Shared secret used for authentication between different KAS instances in a multi-node setup
+# gitlab_kas['private_api_secret_key'] = nil # Will be generated if not set. Base64 encoded and exactly 32 bytes long.
+
 ##! Listen configuration for GitLab KAS
 # gitlab_kas['listen_address'] = 'localhost:8150'
 # gitlab_kas['listen_network'] = 'tcp'
 # gitlab_kas['listen_websocket'] = true
 # gitlab_kas['internal_api_listen_network'] = 'tcp'
 # gitlab_kas['internal_api_listen_address'] = 'localhost:8153'
+# gitlab_kas['kubernetes_api_listen_address'] = 'localhost:8154'
+# gitlab_kas['private_api_listen_network'] = 'tcp'
+# gitlab_kas['private_api_listen_address'] = 'localhost:8155'

 ##! Metrics configuration for GitLab KAS
 # gitlab_kas['metrics_usage_reporting_period'] = 60

+##! Environment variables for GitLab KAS
+# gitlab_kas['env'] = {
+#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/",
+#   # In a multi-node setup, this address MUST be reachable from other KAS instances. In a single-node setup, it can be on localhost for simplicity
+#   'OWN_PRIVATE_API_URL' => 'grpc://localhost:8155'
+# }
+
 ##! Directories for GitLab KAS
 # gitlab_kas['dir'] = '/var/opt/gitlab/gitlab-kas'
 # gitlab_kas['log_directory'] = '/var/log/gitlab/gitlab-kas'
@ -2074,6 +2106,10 @@ nginx['listen_https'] = false
 ##! Manage gitlab-exporter sidekiq probes. false by default when Sentinels are
 ##! found.
 # gitlab_exporter['probe_sidekiq'] = true
+##! Service name used to register GitLab Exporter as a Consul service
+# gitlab_exporter['consul_service_name'] = 'gitlab-exporter'
+##! Semantic metadata used when registering GitLab Exporter as a Consul service
+# gitlab_exporter['consul_service_meta'] = {}

 # To completely disable prometheus, and all of it's exporters, set to false
 # prometheus_monitoring['enable'] = true
--- a/config_panel.json
+++ b/config_panel.json
@ -1,42 +0,0 @@
-{
-    "name": "GitLab configuration panel",
-    "version": "0.1",
-    "panel": [
-        {
-            "name": "GitLab configuration",
-            "id": "main",
-            "sections": [
-                {
-                    "name": "Overwriting config files",
-                    "id": "overwrite_files",
-                    "options": [
-                        {
-                            "name": "overwrite_nginx",
-                            "ask": {
-                                "en": "Overwrite the nginx config file ?"
-                            },
-                            "help": "If the file is overwritten, a backup will be created.",
-                            "type": "boolean",
-                            "default": true
-                        }
-                    ]
-                },
-                {
-                    "name": "External users",
-                    "id": "users",
-                    "options": [
-                        {
-                            "name": "use_web_account",
-                            "ask": {
-                                "en": "Authorized external user creation ?"
-                            },
-                            "help": "Allow user to be created without yunohost account.",
-                            "type": "boolean",
-                            "default": true
-                        }
-                    ]
-                }
-            ]
-        }
-    ]
-}
--- a/config_panel.toml
+++ b/config_panel.toml
@ -0,0 +1,19 @@
+version = "1.0"
+
+[main]
+name = "GitLab configuration"
+
+    [main.overwrite_files]
+    name = "Overwriting config files"
+
+        [main.overwrite_files.overwrite_nginx]
+        ask = "Overwrite the nginx config file ?"
+        type = "boolean"
+        help = "If the file is overwritten, a backup will be created."
+
+    [main.users]
+    name = "External users"
+    
+        [main.users.use_web_account]
+        ask = "Authorized external user creation ?"
+        type = "boolean"
--- a/manifest.json
+++ b/manifest.json
@ -2,7 +2,7 @@
    "name": "GitLab",
    "id": "gitlab",
    "packaging_format": 1,
-    "version": "14.4.0~ynh1",
+    "version": "14.5.0~ynh1",
    "description": {
        "en": "Git-repository manager providing wiki, issue-tracking and CI/CD pipeline features.",
        "fr": "Gestionnaire de dépôts Git proposant des fonctionnalités de wiki, suivi de bugs et de pipeline CI/CD."
--- a/scripts/actions/web_account
+++ b/scripts/actions/web_account
@ -1,57 +0,0 @@
-#!/bin/bash
-
-#=================================================
-# GENERIC STARTING
-#=================================================
-# IMPORT GENERIC HELPERS
-#=================================================
-
-source scripts/_common.sh
-source /usr/share/yunohost/helpers
-
-#=================================================
-# RETRIEVE ARGUMENTS
-#=================================================
-
-# Get use_web_account
-use_web_account=${YNH_ACTION_USE_WEB_ACCOUNT}
-
-app=${YNH_APP_INSTANCE_NAME:-$YNH_APP_ID}
-
-#=================================================
-# CHECK IF ARGUMENTS ARE CORRECT
-#=================================================
-
-#=================================================
-# CHECK IF AN ACTION HAS TO BE DONE
-#=================================================
-
-use_web_account_old=$(ynh_app_setting_get --app=$app --key=use_web_account)
-
-if [ $use_web_account -eq $use_web_account_old ]
-then
-	ynh_die "use_web_account is already set as $use_web_account." 0
-fi
-
-#=================================================
-# SPECIFIC ACTION
-#=================================================
-# SET USER CREATION POLICY
-#=================================================
-if [ $use_web_account -eq 0 ]; then
-	web_account="Enable"
-else
-	web_account="Disable"
-fi
-ynh_script_progression --message=--message="$web_account web user creation..." --weight=13
-
-echo "ApplicationSetting.last.update_attributes(password_authentication_enabled_for_web: $use_web_account, signup_enabled: $use_web_account)" | gitlab-rails console
-
-# Update the config of the app
-ynh_app_setting_set --app=$app --key=use_web_account --value=$use_web_account
-
-#=================================================
-# END OF SCRIPT
-#=================================================
-
-ynh_script_progression --message="Execution completed" --last
--- a/scripts/config
+++ b/scripts/config
@ -6,65 +6,33 @@
 # IMPORT GENERIC HELPERS
 #=================================================

-source _common.sh
 source /usr/share/yunohost/helpers

+ynh_abort_if_errors
+
 #=================================================
 # RETRIEVE ARGUMENTS
 #=================================================

-app=${YNH_APP_INSTANCE_NAME:-$YNH_APP_ID}
-
-
 #=================================================
-# LOAD VALUES
+# SPECIFIC GETTERS FOR TOML SHORT KEY
 #=================================================

-# Load the real value from the app config or elsewhere.
-# Then get the value from the form.
-# If the form has a value for a variable, take the value from the form,
-# Otherwise, keep the value from the app config.
-
-# Overwrite nginx configuration
-old_overwrite_nginx="$(ynh_app_setting_get --app=$app --key=overwrite_nginx)"
-overwrite_nginx="${YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_NGINX:-$old_overwrite_nginx}"
-
-# use_web_account
-old_use_web_account="$(ynh_app_setting_get --app=$app --key=use_web_account)"
-use_web_account="${YNH_CONFIG_MAIN_USERS_USE_WEB_ACCOUNT:-$old_use_web_account}"
-
 #=================================================
-# SHOW_CONFIG FUNCTION FOR 'SHOW' COMMAND
+# SPECIFIC SETTERS FOR TOML SHORT KEYS
 #=================================================

-show_config() {
-	# here you are supposed to read some config file/database/other then print the values
-	# echo "YNH_CONFIG_${PANEL_ID}_${SECTION_ID}_${OPTION_ID}=value"
+set__use_web_account() {
+    if [ -n "${use_web_account}" ]
+    then
+        echo "ApplicationSetting.last.update(password_authentication_enabled_for_web: $use_web_account, signup_enabled: $use_web_account)" | gitlab-rails console

-	ynh_return "YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_NGINX=$overwrite_nginx"
-
-	ynh_return "YNH_CONFIG_MAIN_USERS_USE_WEB_ACCOUNT=$use_web_account"
-}
-
-#=================================================
-# MODIFY THE CONFIGURATION
-#=================================================
-
-apply_config() {
-	# Change use_web_account
-	yunohost app action run $app web_account --args use_web_account=$use_web_account
-
-	# Set overwrite_nginx
-	ynh_app_setting_set --app=$app --key=overwrite_nginx --value="$overwrite_nginx"
+        # Update the config of the app
+        ynh_app_setting_set --app=$app --key=use_web_account --value=$use_web_account
+    fi
 }

 #=================================================
 # GENERIC FINALIZATION
 #=================================================
-# SELECT THE ACTION FOLLOWING THE GIVEN ARGUMENT
-#=================================================
-
-case $1 in
-  show) show_config;;
-  apply) apply_config;;
-esac
+ynh_app_config_run $1
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -308,7 +308,10 @@ then
 				chown root:root "$config_path/gitlab-persistent.rb"
 				chmod 640 "$config_path/gitlab-persistent.rb"

-				gitlab-ctl reconfigure
+				# During large migrations, the logs are too big to be sent to paste.yunohost.org
+				# Send the reconfigure logs in a file, and if the process succeeds, just delete it.
+				gitlab-ctl reconfigure > "/tmp/gitlab_upgrade_$current_version.log"
+				ynh_secure_remove --file="/tmp/gitlab_upgrade_$current_version.log"
 			fi
 		fi
 	done
--- a/scripts/upgrade.d/upgrade.last.sh
+++ b/scripts/upgrade.d/upgrade.last.sh
@ -1,15 +1,15 @@
 #!/bin/bash

-gitlab_version="14.4.0"
+gitlab_version="14.5.0"

 # sha256sum found here: https://packages.gitlab.com/gitlab
 gitlab_debian_version="buster"

-gitlab_x86_64_buster_source_sha256="89d12148595ac1e5e127ec96ed877e738c28e5eed02328d26b1610341c291d92"
+gitlab_x86_64_buster_source_sha256="9665cde5950fb531bde2c585fbab6a76e6a9677868dc573d6435003b580833d4"

-gitlab_arm64_buster_source_sha256="98ec153767bf80c55e12be896f2005658e91ed761715841fbf87bfb41953f961"
+gitlab_arm64_buster_source_sha256="bb0372c1fe0aa8f7f741c3e0b709374309a1aa82462c391be4800fca189d209e"

-gitlab_arm_buster_source_sha256="e950b5f4fa76d051eddd20ae9cd1aab017f9b0abee41be1fee566ed0b39146ea"
+gitlab_arm_buster_source_sha256="9c7b3bf6704f4937d69ec7a5f3abeda2fcfe59721887d1012be3bca472cc13e7"

 architecture=$(ynh_app_setting_get --app="$app" --key=architecture)

@ -20,8 +20,8 @@ elif [ "$architecture" = "arm64" ]; then
 elif [ "$architecture" = "arm" ]; then
 	# If the version for arm doesn't exist, then use an older one
 	if [ -z "$gitlab_arm_buster_source_sha256" ]; then
-		gitlab_version="14.4.0"
-		gitlab_arm_buster_source_sha256="e950b5f4fa76d051eddd20ae9cd1aab017f9b0abee41be1fee566ed0b39146ea"
+		gitlab_version="14.5.0"
+		gitlab_arm_buster_source_sha256="9c7b3bf6704f4937d69ec7a5f3abeda2fcfe59721887d1012be3bca472cc13e7"
 	fi
 	gitlab_source_sha256=$gitlab_arm_buster_source_sha256
 fi