Merge branch 'testing' into fix-lxc-issue

README.md

@@ -10,7 +10,7 @@ If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to
 
 GitLab is a web-based Git-repository manager providing wiki, issue-tracking and CI/CD pipeline features, using an open-source license, developed by GitLab Inc.
 
-**Shipped version:** 12.1.3
+**Shipped version:** 12.4.0
 
 ## Screenshots
 

conf/gitlab.rb

@@ -22,6 +22,16 @@
 ##! settings that can be configured by this file, which may be found at:
 ##! https://gitlab.com/gitlab-org/omnibus-gitlab/raw/master/files/gitlab-config-template/gitlab.rb.template
 
+##! You can run `gitlab-ctl diff-config` to compare the contents of the current gitlab.rb with
+##! the gitlab.rb.template from the currently running version.
+
+##! You can run `gitlab-ctl show-config` to display the configuration that will be generated by
+##! running `gitlab-ctl reconfigure`
+
+##! In general, the values specified here should reflect what the default value of the attribute will be.
+##! There are instances where this behavior is not possible or desired. For example, when providing passwords,
+##! or connecting to third party services.
+##! In those instances, we endeavour to provide an example configuration.
 
 ## GitLab URL
 ##! URL on which GitLab will be reachable.
@@ -48,8 +58,6 @@ external_url '__GENERATED_EXTERNAL_URL__'
 ##! beginning; Remove them to enable the setting.
 
 ##! **Configuration settings below are optional.**
-##! **The values currently assigned are only examples and ARE NOT the default
-##!   values.**
 
 
 ################################################################################
@@ -71,6 +79,9 @@ external_url '__GENERATED_EXTERNAL_URL__'
 # gitlab_rails['gitlab_email_display_name'] = 'Example'
 # gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com'
 # gitlab_rails['gitlab_email_subject_suffix'] = ''
+# gitlab_rails['gitlab_email_smime_enabled'] = false
+# gitlab_rails['gitlab_email_smime_key_file'] = '/etc/gitlab/ssl/gitlab_smime.key'
+# gitlab_rails['gitlab_email_smime_cert_file'] = '/etc/gitlab/ssl/gitlab_smime.crt'
 
 ### GitLab user privileges
 # gitlab_rails['gitlab_default_can_create_group'] = true
@@ -109,7 +120,7 @@ external_url '__GENERATED_EXTERNAL_URL__'
 ###!       https://docs.gitlab.com/ce/ci/yaml/README.html#artifacts:expire_in
 # gitlab_rails['stuck_ci_jobs_worker_cron'] = "0 0 * * *"
 # gitlab_rails['expire_build_artifacts_worker_cron'] = "50 * * * *"
-# gitlab_rails['pipeline_schedule_worker_cron'] = "41 * * * *"
+# gitlab_rails['pipeline_schedule_worker_cron'] = "19 * * * *"
 # gitlab_rails['ci_archive_traces_cron_worker_cron'] = "17 * * * *"
 # gitlab_rails['repository_check_worker_cron'] = "20 * * * *"
 # gitlab_rails['admin_email_worker_cron'] = "0 0 * * 0"
@@ -131,6 +142,34 @@ external_url '__GENERATED_EXTERNAL_URL__'
 ###!   will appear signed in from that address.**
 # gitlab_rails['trusted_proxies'] = []
 
+### Content Security Policy
+####! Customize if you want to enable the Content-Security-Policy header, which
+####! can help thwart JavaScript cross-site scripting (XSS) attacks.
+####! See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
+# gitlab_rails['content_security_policy'] = {
+#  'enabled' => false,
+#  'report_only' => false,
+#  # Each directive is a String (e.g. "'self'").
+#  'directives' => {
+#    'base_uri' => nil,
+#    'child_src' => nil,
+#    'connect_src' => nil,
+#    'default_src' => nil,
+#    'font_src' => nil,
+#    'form_action' => nil,
+#    'frame_ancestors' => nil,
+#    'frame_src' => nil,
+#    'img_src' => nil,
+#    'manifest_src' => nil,
+#    'media_src' => nil,
+#    'object_src' => nil,
+#    'script_src' => nil,
+#    'style_src' => nil,
+#    'worker_src' => nil,
+#    'report_uri' => nil,
+#  }
+# }
+
 ### Monitoring settings
 ###! IP whitelist controlling access to monitoring endpoints
 # gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '::1/128']
@@ -274,6 +313,50 @@ external_url '__GENERATED_EXTERNAL_URL__'
 gitlab_rails['ldap_enabled'] = true
 
 ###! **remember to close this block with 'EOS' below**
+# gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
+#   main: # 'main' is the GitLab 'provider ID' of this LDAP server
+#     label: 'LDAP'
+#     host: '_your_ldap_server'
+#     port: 389
+#     uid: 'sAMAccountName'
+#     bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
+#     password: '_the_password_of_the_bind_user'
+#     encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
+#     verify_certificates: true
+#     smartcard_auth: false
+#     active_directory: true
+#     allow_username_or_email_login: false
+#     lowercase_usernames: false
+#     block_auto_created_users: false
+#     base: ''
+#     user_filter: ''
+#     ## EE only
+#     group_base: ''
+#     admin_group: ''
+#     sync_ssh_keys: false
+#
+#   secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server
+#     label: 'LDAP'
+#     host: '_your_ldap_server'
+#     port: 389
+#     uid: 'sAMAccountName'
+#     bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
+#     password: '_the_password_of_the_bind_user'
+#     encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
+#     verify_certificates: true
+#     smartcard_auth: false
+#     active_directory: true
+#     allow_username_or_email_login: false
+#     lowercase_usernames: false
+#     block_auto_created_users: false
+#     base: ''
+#     user_filter: ''
+#     ## EE only
+#     group_base: ''
+#     admin_group: ''
+#     sync_ssh_keys: false
+# EOS
+
 gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block with 'EOS' below
   main: # 'main' is the GitLab 'provider ID' of this LDAP server
     label: 'LDAP'
@@ -296,6 +379,7 @@ EOS
 # gitlab_rails['smartcard_ca_file'] = "/etc/gitlab/ssl/CA.pem"
 # gitlab_rails['smartcard_client_certificate_required_port'] = 3444
 # gitlab_rails['smartcard_required_for_git_access'] = false
+# gitlab_rails['smartcard_san_extensions'] = false
 
 ### OmniAuth Settings
 ###! Docs: https://docs.gitlab.com/ce/integration/omniauth.html
@@ -309,6 +393,7 @@ EOS
 # gitlab_rails['omniauth_auto_link_ldap_user'] = false
 # gitlab_rails['omniauth_auto_link_saml_user'] = false
 # gitlab_rails['omniauth_external_providers'] = ['twitter', 'google_oauth2']
+# gitlab_rails['omniauth_allow_bypass_two_factor'] = ['google_oauth2']
 # gitlab_rails['omniauth_providers'] = [
 #   {
 #     "name" => "google_oauth2",
@@ -353,6 +438,11 @@ EOS
 ###!   include 'STANDARD', 'STANDARD_IA', and 'REDUCED_REDUNDANCY'**
 # gitlab_rails['backup_storage_class'] = 'STANDARD'
 
+###! Skip parts of the backup. Comma separated.
+###! Docs: https://docs.gitlab.com/ee/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup
+#gitlab_rails['env'] = {
+#    "SKIP" => "db,uploads,repositories,builds,artifacts,lfs,registry,pages"
+#}
 
 ### Pseudonymizer Settings
 # gitlab_rails['pseudonymizer_manifest'] = 'config/pseudonymizer.yml'
@@ -409,17 +499,6 @@ gitlab_rails['gitlab_shell_ssh_port'] = __SSH_PORT__
 #   'bantime' => 3600
 # }
 
-# gitlab_rails['rack_attack_protected_paths'] = [
-#   '/users/password',
-#   '/users/sign_in',
-#   '/api/#{API::API.version}/session.json',
-#   '/api/#{API::API.version}/session',
-#   '/users',
-#   '/users/confirmation',
-#   '/unsubscribes/',
-#   '/import/github/personal_access_token'
-# ]
-
 ###! **We do not recommend changing these directories.**
 # gitlab_rails['dir'] = "/var/opt/gitlab/gitlab-rails"
 # gitlab_rails['log_directory'] = "/var/log/gitlab/gitlab-rails"
@@ -438,7 +517,7 @@ gitlab_rails['gitlab_shell_ssh_port'] = __SSH_PORT__
 #### Set path to an initial license to be used while bootstrapping GitLab.
 ####! **Only applicable on initial setup, future license updations need to be done via UI.
 ####! Updating the file specified in this path won't yield any change after the first reconfigure run.
-# gitlab_rails['iniitial_license_file'] = '/etc/gitlab/company.gitlab-license'
+# gitlab_rails['initial_license_file'] = '/etc/gitlab/company.gitlab-license'
 
 #### Enable or disable automatic database migrations
 # gitlab_rails['auto_migrate'] = true
@@ -463,6 +542,8 @@ gitlab_rails['gitlab_shell_ssh_port'] = __SSH_PORT__
 # gitlab_rails['db_sslmode'] = nil
 # gitlab_rails['db_sslcompression'] = 0
 # gitlab_rails['db_sslrootcert'] = nil
+# gitlab_rails['db_sslcert'] = nil
+# gitlab_rails['db_sslkey'] = nil
 # gitlab_rails['db_prepared_statements'] = false
 # gitlab_rails['db_statements_limit'] = 1000
 
@@ -527,7 +608,7 @@ gitlab_rails['gitlab_shell_ssh_port'] = __SSH_PORT__
 ##! Docs: https://docs.gitlab.com/ce/administration/container_registry.html
 ################################################################################
 
-# registry_external_url 'https://registry.gitlab.example.com'
+# registry_external_url 'https://registry.example.com'
 
 ### Settings used by GitLab application
 # gitlab_rails['registry_enabled'] = true
@@ -535,6 +616,11 @@ gitlab_rails['gitlab_shell_ssh_port'] = __SSH_PORT__
 # gitlab_rails['registry_port'] = "5005"
 # gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry"
 
+# Notification secret, it's used to authenticate notification requests to GitLab application
+# You only need to change this when you use external Registry service, otherwise
+# it will be taken directly from notification settings of your Registry
+# gitlab_rails['registry_notification_secret'] = nil
+
 ###! **Do not change the following 3 settings unless you know what you are
 ###!   doing**
 # gitlab_rails['registry_api_url'] = "http://localhost:5000"
@@ -570,6 +656,7 @@ gitlab_rails['gitlab_shell_ssh_port'] = __SSH_PORT__
 #   's3' => {
 #     'accesskey' => 'AKIAKIAKI',
 #     'secretkey' => 'secret123',
+#     'region' => 'us-east-1',
 #     'bucket' => 'gitlab-registry-bucket-AKIAKIAKI'
 #   }
 # }
@@ -676,7 +763,7 @@ gitlab_rails['gitlab_shell_ssh_port'] = __SSH_PORT__
 # unicorn['enable'] = true
 # unicorn['worker_timeout'] = 60
 ###! Minimum worker_processes is 2 at this moment
-###! See https://gitlab.com/gitlab-org/gitlab-ce/issues/18771
+###! See https://gitlab.com/gitlab-org/gitlab-foss/issues/18771
 unicorn['worker_processes'] = __UNICORN_WORKER_PROCESSES__
 
 ### Advanced settings
@@ -699,6 +786,11 @@ unicorn['port'] = __UNICORN_PORT__
 # unicorn['worker_memory_limit_min'] = "400 * 1 << 20"
 # unicorn['worker_memory_limit_max'] = "650 * 1 << 20"
 
+# unicorn['exporter_enabled'] = false
+# unicorn['exporter_address'] = "127.0.0.1"
+# unicorn['exporter_port'] = 8083
+# unicorn['exporter_blackout_seconds'] = 10
+
 ################################################################################
 ## GitLab Puma
 ##! Tweak puma settings. You should only use Unicorn or Puma, not both.
@@ -724,7 +816,12 @@ unicorn['port'] = __UNICORN_PORT__
 
 ### **Only change these settings if you understand well what they mean**
 ###! Docs: https://github.com/schneems/puma_worker_killer
-# puma['per_worker_max_memory_mb'] = 650
+# puma['per_worker_max_memory_mb'] = 850
+
+# puma['exporter_enabled'] = false
+# puma['exporter_address'] = "127.0.0.1"
+# puma['exporter_port'] = 8083
+# puma['exporter_blackout_seconds'] = 10
 
 ################################################################################
 ## GitLab Sidekiq
@@ -894,6 +991,9 @@ sidekiq['listen_port'] = __SIDEKIQ_PORT__
 # See https://www.postgresql.org/docs/9.6/static/auth-pg-hba-conf.html for an explanation
 # of the values
 
+### Version settings
+# Set this if you have disabled the bundled PostgreSQL but still want to use the backup rake tasks
+# postgresql['version'] = 10
 
 ################################################################################
 ## GitLab Redis
@@ -918,6 +1018,16 @@ sidekiq['listen_port'] = __SIDEKIQ_PORT__
 # redis['uid'] = nil
 # redis['gid'] = nil
 
+### Disable or obfuscate unnecessary redis command names
+### Uncomment and edit this block to add or remove entries.
+### See https://docs.gitlab.com/omnibus/settings/redis.html#renamed-commands
+### for detailed usage
+###
+# redis['rename_commands'] = {
+#   'KEYS': ''
+#}
+#
+
 ###! **To enable only Redis service in this machine, uncomment
 ###!   one of the lines below (choose master or slave instance types).**
 ###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
@@ -1003,12 +1113,12 @@ nginx['client_max_body_size'] = '__CLIENT_MAX_BODY_SIZE__'
 
 # nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt"
 # nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key"
-# nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
+# nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256"
 # nginx['ssl_prefer_server_ciphers'] = "on"
 
 ##! **Recommended by: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
 ##!                   https://cipherli.st/**
-# nginx['ssl_protocols'] = "TLSv1.2"
+# nginx['ssl_protocols'] = "TLSv1.2 TLSv1.3"
 
 ##! **Recommended in: https://nginx.org/en/docs/http/ngx_http_ssl_module.html**
 # nginx['ssl_session_cache'] = "builtin:1000  shared:SSL:10m"
@@ -1140,6 +1250,7 @@ nginx['listen_https'] = false
 ##! You can disable built in logrotate feature.
 ################################################################################
 # logrotate['enable'] = true
+# logrotate['log_directory'] = "/var/log/gitlab/logrotate"
 
 ################################################################################
 ## Users and groups accounts
@@ -1248,16 +1359,6 @@ nginx['listen_https'] = false
 ##! Specifies the maximum SSL/TLS version ("ssl3", "tls1.0", "tls1.1" or "tls1.2")
 # gitlab_pages['tls_max_version'] = "tls1.2"
 
-##! Configure the pages admin API
-# gitlab_pages['admin_secret_token'] = 'custom secret'
-# gitlab_pages['admin_https_listener'] = '0.0.0.0:5678'
-# gitlab_pages['admin_https_cert'] = '/etc/gitlab/pages-admin.crt'
-# gitlab_pages['admin_https_key'] = '/etc/gitlab/pages-admin.key'
-
-##! Client side configuration for gitlab-pages admin API, in case pages runs on a different host
-# gitlab_rails['pages_admin_address'] = 'pages.gitlab.example.com:5678'
-# gitlab_rails['pages_admin_certificate'] = '/etc/gitlab/pages-admin.crt'
-
 ##! Pages access control
 # gitlab_pages['access_control'] = false
 # gitlab_pages['gitlab_id'] = nil # Automatically generated if not present
@@ -1266,6 +1367,9 @@ nginx['listen_https'] = false
 # gitlab_pages['gitlab_server'] = nil # Defaults to external_url
 # gitlab_pages['auth_secret'] = nil # Generated if not present
 
+##! Define custom gitlab-pages HTTP headers for the whole instance
+# gitlab_pages['headers'] = []
+
 ################################################################################
 ## GitLab Pages NGINX
 ################################################################################
@@ -1440,9 +1544,9 @@ nginx['listen_https'] = false
 ### Custom Prometheus flags
 #
 # prometheus['flags'] = {
-#   'storage.tsdb.path' => "#{node['gitlab']['prometheus']['home']}/data",
+#   'storage.tsdb.path' => "/var/opt/gitlab/prometheus/data",
 #   'storage.tsdb.retention.time' => "15d",
-#   'config.file' => "#{node['gitlab']['prometheus']['home']}/prometheus.yml"
+#   'config.file' => "/var/opt/gitlab/prometheus/prometheus.yml"
 # }
 
 ##! Advanced settings. Should be changed only if absolutely needed.
@@ -1457,9 +1561,9 @@ nginx['listen_https'] = false
 # alertmanager['log_directory'] = '/var/log/gitlab/alertmanager'
 # alertmanager['admin_email'] = 'admin@example.com'
 # alertmanager['flags'] = {
-#   'web.listen-address' => "#{node['gitlab']['alertmanager']['listen_address']}"
+#   'web.listen-address' => "localhost:9093"
-#   'storage.path' => "#{node['gitlab']['alertmanager']['home']}/data"
+#   'storage.path' => "/var/opt/gitlab/alertmanager/data"
-#   'config.file' => "#{node['gitlab']['alertmanager']['home']}/alertmanager.yml"
+#   'config.file' => "/var/opt/gitlab/alertmanager/alertmanager.yml"
 # }
 # alertmanager['env_directory'] = '/opt/gitlab/etc/alertmanager/env'
 # alertmanager['env'] = {
@@ -1468,6 +1572,7 @@ nginx['listen_https'] = false
 
 ##! Advanced settings. Should be changed only if absolutely needed.
 # alertmanager['listen_address'] = 'localhost:9093'
+# alertmanager['global'] = {}
 
 ################################################################################
 ## Prometheus Node Exporter
@@ -1478,7 +1583,7 @@ nginx['listen_https'] = false
 # node_exporter['home'] = '/var/opt/gitlab/node-exporter'
 # node_exporter['log_directory'] = '/var/log/gitlab/node-exporter'
 # node_exporter['flags'] = {
-#   'collector.textfile.directory' => "#{node['gitlab']['node-exporter']['home']}/textfile_collector"
+#   'collector.textfile.directory' => "/var/opt/gitlab/node-exporter/textfile_collector"
 # }
 # node_exporter['env_directory'] = '/opt/gitlab/etc/node-exporter/env'
 # node_exporter['env'] = {
@@ -1496,7 +1601,7 @@ nginx['listen_https'] = false
 # redis_exporter['enable'] = true
 # redis_exporter['log_directory'] = '/var/log/gitlab/redis-exporter'
 # redis_exporter['flags'] = {
-#   'redis.addr' => "unix://#{node['gitlab']['gitlab-rails']['redis_socket']}",
+#   'redis.addr' => "unix:///var/opt/gitlab/redis/redis.socket",
 # }
 # redis_exporter['env_directory'] = '/opt/gitlab/etc/redis-exporter/env'
 # redis_exporter['env'] = {
@@ -1535,22 +1640,22 @@ nginx['listen_https'] = false
 # }
 
 ################################################################################
-## Prometheus Gitlab monitor
+## Prometheus Gitlab exporter
-##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/gitlab_monitor_exporter.html
+##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/gitlab_exporter.html
 ################################################################################
 
 
-# gitlab_monitor['enable'] = true
+# gitlab_exporter['enable'] = true
-# gitlab_monitor['log_directory'] = "/var/log/gitlab/gitlab-monitor"
+# gitlab_exporter['log_directory'] = "/var/log/gitlab/gitlab-exporter"
-# gitlab_monitor['home'] = "/var/opt/gitlab/gitlab-monitor"
+# gitlab_exporter['home'] = "/var/opt/gitlab/gitlab-exporter"
 
 ##! Advanced settings. Should be changed only if absolutely needed.
-# gitlab_monitor['listen_address'] = 'localhost'
+# gitlab_exporter['listen_address'] = 'localhost'
-# gitlab_monitor['listen_port'] = '9168'
+# gitlab_exporter['listen_port'] = '9168'
 
-##! Manage gitlab-monitor sidekiq probes. false by default when Sentinels are
+##! Manage gitlab-exporter sidekiq probes. false by default when Sentinels are
 ##! found.
-# gitlab_monitor['probe_sidekiq'] = true
+# gitlab_exporter['probe_sidekiq'] = true
 
 # To completely disable prometheus, and all of it's exporters, set to false
 # prometheus_monitoring['enable'] = true
@@ -1565,6 +1670,8 @@ grafana['enable'] = false
 # grafana['home'] = '/var/opt/gitlab/grafana'
 # grafana['admin_password'] = 'admin'
 # grafana['allow_user_sign_up'] = false
+# grafana['basic_auth_enabled'] = false
+# grafana['disable_login_form'] = true
 # grafana['gitlab_application_id'] = 'GITLAB_APPLICATION_ID'
 # grafana['gitlab_secret'] = 'GITLAB_SECRET'
 # grafana['env_directory'] = '/opt/gitlab/etc/grafana/env'
@@ -1645,9 +1752,11 @@ grafana['enable'] = false
 # gitaly['auth_transitioning'] = false # When true, auth is logged to Prometheus but NOT enforced
 # gitaly['graceful_restart_timeout'] = '1m' # Grace time for a gitaly process to finish ongoing requests
 # gitaly['git_catfile_cache_size'] = 100 # Number of 'git cat-file' processes kept around for re-use
+# gitaly['open_files_ulimit'] = 15000 # Maximum number of open files allowed for the gitaly process
 # gitaly['ruby_max_rss'] = 300000000 # RSS threshold in bytes for triggering a gitaly-ruby restart
 # gitaly['ruby_graceful_restart_timeout'] = '10m' # Grace time for a gitaly-ruby process to finish ongoing requests
 # gitaly['ruby_restart_delay'] = '5m' # Period of sustained high RSS that needs to be observed before restarting gitaly-ruby
+# gitaly['ruby_rugged_git_config_search_path'] = "/opt/gitlab/embedded/etc" # Location of system-wide gitconfig file
 # gitaly['ruby_num_workers'] = 3 # Number of gitaly-ruby worker processes. Minimum 2, default 2.
 # gitaly['storage'] = [
 #   {
@@ -1669,6 +1778,32 @@ grafana['enable'] = false
 #   }
 # ]
 
+################################################################################
+## Praefect
+##! Docs: https://gitlab.com/gitlab-org/gitaly/blob/master/doc/design_ha.md
+################################################################################
+
+# praefect['enable'] = false
+# praefect['virtual_storage_name'] = "praefect"
+# praefect['auth_token'] = ""
+# praefect['auth_transitioning'] = false 
+# praefect['listen_addr'] = "localhost:2305"
+# praefect['prometheus_listen_addr'] = "localhost:9652"
+# praefect['logging_level'] = "warn"
+# praefect['logging_format'] = "json"
+# praefect['storage_nodes'] = [
+#   {
+#     'storage' => 'praefect',
+#     'address' => 'tcp://12:23:56:78',
+#     'token' => 'abc123'
+#   },
+#   {
+#     'storoge' => 'praefect-2',
+#     'address' => 'tcp://praefect2.internal',
+#     'token' => 'xyz456'
+#   }
+# ]
+
 ################################################################################
 # Storage check
 ################################################################################
@@ -1695,6 +1830,11 @@ grafana['enable'] = false
 ##! non-docker containers. Recommended not to change.
 # package['detect_init'] = true
 
+##! Specify maximum number of tasks that can be created by the systemd unit
+##! Will be populated as TasksMax value to the unit file if user is on a systemd
+##! version that supports it (>= 227). Will be a no-op if user is not on systemd.
+# package['systemd_tasks_max'] = 4915
+
 ################################################################################
 ################################################################################
 ##                  Configuration Settings for GitLab EE only                 ##
@@ -1894,6 +2034,10 @@ grafana['enable'] = false
 # If it is blank, it defaults to external_url.
 # gitlab_rails['geo_node_name'] = nil
 
+# gitlab_rails['geo_registry_replication_enabled'] = true
+# gitlab_rails['geo_registry_replication_primary_api_url'] = 'https://example.com:5000'
+
+
 ################################################################################
 ## GitLab Geo Secondary (EE only)
 ################################################################################

config_panel.json

@@ -11,9 +11,11 @@
                     "id": "is_public",
                     "options": [
                         {
-                            "name": "Is it a public app ?",
+                            "name": "is_public",
-                            "id": "is_public",
+                            "ask": {
-                            "type": "bool",
+                                "en": "Is it a public app ?"
+                            },
+                            "type": "boolean",
                             "default": true
                         }
                     ]
@@ -23,10 +25,12 @@
                     "id": "overwrite_files",
                     "options": [
                         {
-                            "name": "Overwrite the nginx config file ?",
+                            "name": "overwrite_nginx",
+                            "ask": {
+                                "en": "Overwrite the nginx config file ?"
+                            },
                             "help": "If the file is overwritten, a backup will be created.",
-                            "id": "overwrite_nginx",
+                            "type": "boolean",
-                            "type": "bool",
                             "default": true
                         }
                     ]
@@ -36,10 +40,91 @@
                     "id": "users",
                     "options": [
                         {
-                            "name": "Authorized external user creation ?",
+                            "name": "use_web_account",
+                            "ask": {
+                                "en": "Authorized external user creation ?"
+                            },
                             "help": "Allow user to be created without yunohost account.",
-                            "id": "use_web_account",
+                            "type": "boolean",
-                            "type": "bool",
+                            "default": true
+                        }
+                    ]
+                },
+                {
+                    "name": "Backup strategy",
+                    "id": "backup_strategy",
+                    "help": "WARNING: If you disable one of these backup, it will not be restored in case of error, use this feature at your own risk",
+                    "options": [
+                        {
+                            "name": "backup_db",
+                            "ask": {
+                                "en": "Should gitlab backup the database ?"
+                            },
+                            "help": "https://docs.gitlab.com/ce/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup",
+                            "type": "boolean",
+                            "default": true
+                        },
+                        {
+                            "name": "backup_uploads",
+                            "ask": {
+                                "en": "Should gitlab backup attachments ?"
+                            },
+                            "help": "https://docs.gitlab.com/ce/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup",
+                            "type": "boolean",
+                            "default": true
+                        },
+                        {
+                            "name": "backup_repositories",
+                            "ask": {
+                                "en": "Should gitlab backup git repositories data ?"
+                            },
+                            "help": "https://docs.gitlab.com/ce/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup",
+                            "type": "boolean",
+                            "default": true
+                        },
+                        {
+                            "name": "backup_builds",
+                            "ask": {
+                                "en": "Should gitlab backup CI job output logs ?"
+                            },
+                            "help": "https://docs.gitlab.com/ce/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup",
+                            "type": "boolean",
+                            "default": true
+                        },
+                        {
+                            "name": "backup_artifacts",
+                            "ask": {
+                                "en": "Should gitlab backup CI job artifacts ?"
+                            },
+                            "help": "https://docs.gitlab.com/ce/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup",
+                            "type": "boolean",
+                            "default": true
+                        },
+                        {
+                            "name": "backup_lfs",
+                            "ask": {
+                                "en": "Should gitlab backup LFS objects ?"
+                            },
+                            "help": "https://docs.gitlab.com/ce/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup",
+                            "type": "boolean",
+                            "default": true
+                        },
+                        {
+                            "name": "backup_registry",
+                            "ask": {
+                                "en": "Should gitlab backup container registry images ?"
+                            },
+                            "help": "https://docs.gitlab.com/ce/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup",
+                            "type": "boolean",
+                            "default": true
+                        },
+                        {
+                            "name": "backup_pages",
+                            "ask": {
+                                "en": "Should gitlab backup pages content ?"
+                            },
+                            "help": "https://docs.gitlab.com/ce/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup",
+                            "type": "boolean",
                             "default": true
                         }
                     ]

manifest.json

@@ -2,7 +2,7 @@
     "name": "Gitlab",
     "id": "gitlab",
     "packaging_format": 1,
-    "version": "12.1.3~ynh1",
+    "version": "12.4.0~ynh1",
     "description": {
         "en": "GitLab is a Git-repository manager.",
         "fr": "GitLab est un gestionnaire de dépôts Git."
@@ -14,7 +14,7 @@
         "email": "pierre@kayou.io"
     },
     "requirements": {
-        "yunohost": ">= 3.5.0"
+        "yunohost": ">= 3.6.0"
     },
     "multi_instance": false,
     "services": [

scripts/_common.sh

@@ -4,25 +4,7 @@
 # SET ALL CONSTANTS
 #=================================================
 
-pkg_dependencies="openssh-server"
+pkg_dependencies="openssh-server bc"
-
-#=================================================
-# BOOLEAN CONVERTER
-#=================================================
-
-bool_to_01 () {
-	local var="$1"
-	[ "$var" = "true" ] && var=1
-	[ "$var" = "false" ] && var=0
-	echo "$var"
-}
-
-bool_to_true_false () {
-	local var="$1"
-	[ "$var" = "1" ] && var=true
-	[ "$var" = "0" ] && var=false
-	echo "$var"
-}
 
 #=================================================
 # EXPERIMENTAL HELPERS

scripts/backup

@@ -32,6 +32,15 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 config_path=$(ynh_app_setting_get --app=$app --key=config_path)
 domain=$(ynh_app_setting_get --app=$app --key=domain)
 
+backup_db=$(ynh_app_setting_get --app="$app" --key=backup_db)
+backup_uploads=$(ynh_app_setting_get --app="$app" --key=backup_uploads)
+backup_repositories=$(ynh_app_setting_get --app="$app" --key=backup_repositories)
+backup_builds=$(ynh_app_setting_get --app="$app" --key=backup_builds)
+backup_artifacts=$(ynh_app_setting_get --app="$app" --key=backup_artifacts)
+backup_lfs=$(ynh_app_setting_get --app="$app" --key=backup_lfs)
+backup_registry=$(ynh_app_setting_get --app="$app" --key=backup_registry)
+backup_pages=$(ynh_app_setting_get --app="$app" --key=backup_pages)
+
 #=================================================
 # STANDARD BACKUP STEPS
 #=================================================
@@ -46,10 +55,45 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
 #=================================================
 ynh_script_progression --message="Backuping of Gitlab..." --weight=9
 
+to_skip=""
+
+if [ $backup_db -eq 0 ]; then
+	to_skip="db,"$to_skip
+fi
+
+if [ $backup_uploads -eq 0 ]; then
+	to_skip="uploads,"$to_skip
+fi
+
+if [ $backup_repositories -eq 0 ]; then
+	to_skip="repositories,"$to_skip
+fi
+
+if [ $backup_builds -eq 0 ]; then
+	to_skip="builds,"$to_skip
+fi
+
+if [ $backup_artifacts -eq 0 ]; then
+	to_skip="artifacts,"$to_skip
+fi
+
+if [ $backup_lfs -eq 0 ]; then
+	to_skip="lfs,"$to_skip
+fi
+
+if [ $backup_registry -eq 0 ]; then
+	to_skip="registry,"$to_skip
+fi
+
+if [ $backup_pages -eq 0 ]; then
+	to_skip="pages,"$to_skip
+fi
+
 # Use gitlab-rake to backup
 # For the complete doc: https://docs.gitlab.com/ce/raketasks/backup_restore.html
 # For the filename: https://docs.gitlab.com/ce/raketasks/backup_restore.html#backup-filename
-gitlab-rake gitlab:backup:create BACKUP=last
+# For the backup strategy: https://docs.gitlab.com/ce/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup
+gitlab-backup create BACKUP=last SKIP=$to_skip
 
 ynh_backup --src_path="/var/opt/$app/backups/last_gitlab_backup.tar"
 

scripts/config

@@ -27,19 +27,41 @@ app=${YNH_APP_INSTANCE_NAME:-$YNH_APP_ID}
 
 # is_public
 old_is_public="$(ynh_app_setting_get --app=$app --key=is_public)"
-old_is_public=$(bool_to_true_false $old_is_public)
 is_public="${YNH_CONFIG_MAIN_IS_PUBLIC_IS_PUBLIC:-$old_is_public}"
 
 # Overwrite nginx configuration
 old_overwrite_nginx="$(ynh_app_setting_get --app=$app --key=overwrite_nginx)"
-old_overwrite_nginx=$(bool_to_true_false $old_overwrite_nginx)
 overwrite_nginx="${YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_NGINX:-$old_overwrite_nginx}"
 
 # use_web_account
 old_use_web_account="$(ynh_app_setting_get --app=$app --key=use_web_account)"
-old_use_web_account=$(bool_to_true_false $old_use_web_account)
 use_web_account="${YNH_CONFIG_MAIN_USERS_USE_WEB_ACCOUNT:-$old_use_web_account}"
 
+# backup_strategy
+old_backup_db="$(ynh_app_setting_get --app=$app --key=backup_db)"
+backup_db="${YNH_CONFIG_MAIN_BACKUP_STRATEGY_BACKUP_DB:-$old_backup_db}"
+
+old_backup_uploads="$(ynh_app_setting_get --app=$app --key=backup_uploads)"
+backup_uploads="${YNH_CONFIG_MAIN_BACKUP_STRATEGY_BACKUP_UPLOADS:-$old_backup_uploads}"
+
+old_backup_repositories="$(ynh_app_setting_get --app=$app --key=backup_repositories)"
+backup_repositories="${YNH_CONFIG_MAIN_BACKUP_STRATEGY_BACKUP_REPOSITORIES:-$old_backup_repositories}"
+
+old_backup_builds="$(ynh_app_setting_get --app=$app --key=backup_builds)"
+backup_builds="${YNH_CONFIG_MAIN_BACKUP_STRATEGY_BACKUP_BUILDS:-$old_backup_builds}"
+
+old_backup_artifacts="$(ynh_app_setting_get --app=$app --key=backup_artifacts)"
+backup_artifacts="${YNH_CONFIG_MAIN_BACKUP_STRATEGY_BACKUP_ARTIFACTS:-$old_backup_artifacts}"
+
+old_backup_lfs="$(ynh_app_setting_get --app=$app --key=backup_lfs)"
+backup_lfs="${YNH_CONFIG_MAIN_BACKUP_STRATEGY_BACKUP_LFS:-$old_backup_lfs}"
+
+old_backup_registry="$(ynh_app_setting_get --app=$app --key=backup_registry)"
+backup_registry="${YNH_CONFIG_MAIN_BACKUP_STRATEGY_BACKUP_REGISTRY:-$old_backup_registry}"
+
+old_backup_pages="$(ynh_app_setting_get --app=$app --key=backup_pages)"
+backup_pages="${YNH_CONFIG_MAIN_BACKUP_STRATEGY_BACKUP_PAGES:-$old_backup_pages}"
+
 #=================================================
 # SHOW_CONFIG FUNCTION FOR 'SHOW' COMMAND
 #=================================================
@@ -48,11 +70,27 @@ show_config() {
 	# here you are supposed to read some config file/database/other then print the values
 	# echo "YNH_CONFIG_${PANEL_ID}_${SECTION_ID}_${OPTION_ID}=value"
 
-	echo "YNH_CONFIG_MAIN_IS_PUBLIC_IS_PUBLIC=$is_public"
+	ynh_return "YNH_CONFIG_MAIN_IS_PUBLIC_IS_PUBLIC=$is_public"
 
-	echo "YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_NGINX=$overwrite_nginx"
+	ynh_return "YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_NGINX=$overwrite_nginx"
 
-	echo "YNH_CONFIG_MAIN_USERS_USE_WEB_ACCOUNT=$use_web_account"
+	ynh_return "YNH_CONFIG_MAIN_USERS_USE_WEB_ACCOUNT=$use_web_account"
+
+	ynh_return "YNH_CONFIG_MAIN_BACKUP_STRATEGY_BACKUP_DB=$backup_db"
+
+	ynh_return "YNH_CONFIG_MAIN_BACKUP_STRATEGY_BACKUP_UPLOADS=$backup_uploads"
+
+	ynh_return "YNH_CONFIG_MAIN_BACKUP_STRATEGY_BACKUP_REPOSITORIES=$backup_repositories"
+
+	ynh_return "YNH_CONFIG_MAIN_BACKUP_STRATEGY_BACKUP_BUILDS=$backup_builds"
+
+	ynh_return "YNH_CONFIG_MAIN_BACKUP_STRATEGY_BACKUP_ARTIFACTS=$backup_artifacts"
+
+	ynh_return "YNH_CONFIG_MAIN_BACKUP_STRATEGY_BACKUP_LFS=$backup_lfs"
+
+	ynh_return "YNH_CONFIG_MAIN_BACKUP_STRATEGY_BACKUP_REGISTRY=$backup_registry"
+
+	ynh_return "YNH_CONFIG_MAIN_BACKUP_STRATEGY_BACKUP_PAGES=$backup_pages"
 }
 
 #=================================================
@@ -61,23 +99,30 @@ show_config() {
 
 apply_config() {
 	# Change public accessibility
-	if [ "$is_public" = "true" ]
+	yunohost app action run $app public_private --args is_public=$is_public
-	then
-		yunohost app action run $app public_private --args is_public=1
-	else
-		yunohost app action run $app public_private --args is_public=0
-	fi
 
 	# Change use_web_account
-	if [ "$use_web_account" = "true" ]
+	yunohost app action run $app web_account --args use_web_account=$use_web_account
-	then
-		yunohost app action run $app web_account --args use_web_account=1
-	else
-		yunohost app action run $app web_account --args use_web_account=0
-	fi
 
 	# Set overwrite_nginx
 	ynh_app_setting_set --app=$app --key=overwrite_nginx --value="$overwrite_nginx"
+
+	# Set backup_db
+	ynh_app_setting_set --app=$app --key=backup_db --value="$backup_db"
+	# Set backup_uploads
+	ynh_app_setting_set --app=$app --key=backup_uploads --value="$backup_uploads"
+	# Set backup_repositories
+	ynh_app_setting_set --app=$app --key=backup_repositories --value="$backup_repositories"
+	# Set backup_builds
+	ynh_app_setting_set --app=$app --key=backup_builds --value="$backup_builds"
+	# Set backup_artifacts
+	ynh_app_setting_set --app=$app --key=backup_artifacts --value="$backup_artifacts"
+	# Set backup_lfs
+	ynh_app_setting_set --app=$app --key=backup_lfs --value="$backup_lfs"
+	# Set backup_registry
+	ynh_app_setting_set --app=$app --key=backup_registry --value="$backup_registry"
+	# Set backup_pages
+	ynh_app_setting_set --app=$app --key=backup_pages --value="$backup_pages"
 }
 
 #=================================================

scripts/install

@@ -54,18 +54,6 @@ else
         your hardware and the result of the command \"uname -m\"." 1
 fi
 
-# https://docs.gitlab.com/ee/install/requirements.html#unicorn-workers
-unicorn_worker_processes=$(($(nproc) + 1 ))
-
-# If the server has at least 2GB of RAM
-if [ $(ynh_check_ram --no_swap) -ge 2000 ]; then
-	# Min 3 worker processes
-	unicorn_worker_processes=$(($unicorn_worker_processes>3?$unicorn_worker_processes:3))
-else
-	# 2 worker processes
-	unicorn_worker_processes=2
-fi
-
 # Could be an option?
 client_max_body_size="250m"
 
@@ -84,7 +72,6 @@ ynh_app_setting_set --app=$app --key=use_web_account --value=$use_web_account
 ynh_app_setting_set --app=$app --key=final_path --value=$final_path
 ynh_app_setting_set --app=$app --key=config_path --value=$config_path
 ynh_app_setting_set --app=$app --key=architecture --value=$architecture
-ynh_app_setting_set --app=$app --key=unicorn_worker_processes --value=$unicorn_worker_processes
 ynh_app_setting_set --app=$app --key=client_max_body_size --value=$client_max_body_size
 
 ynh_app_setting_set --app=$app --key=overwrite_nginx --value="1"
@@ -112,6 +99,24 @@ ynh_script_progression --message="Installing dependencies..." --weight=5
 
 ynh_install_app_dependencies $pkg_dependencies
 
+#=================================================
+# DEFINE THE NUMBER OF WORKERS USED
+#=================================================
+
+# https://docs.gitlab.com/ce/install/requirements.html#unicorn-workers
+unicorn_worker_processes=$(bc <<< "($(nproc) * 1.5 + 1) / 1")
+
+# If the server has at least 2GB of RAM
+if [ $(ynh_check_ram --no_swap) -ge 2000 ]; then
+	# Min 3 worker processes
+	unicorn_worker_processes=$(($unicorn_worker_processes>3?$unicorn_worker_processes:3))
+else
+	# 2 worker processes
+	unicorn_worker_processes=2
+fi
+
+ynh_app_setting_set --app=$app --key=unicorn_worker_processes --value=$unicorn_worker_processes
+
 #=================================================
 # ADD SWAP IF NEEDED
 #=================================================
@@ -120,7 +125,7 @@ total_memory=$(ynh_check_ram)
 total_swap=$(ynh_check_ram --only_swap)
 swap_needed=0
 
-# https://docs.gitlab.com/ee/install/requirements.html#memory
+# https://docs.gitlab.com/ce/install/requirements.html#memory
 if [ $total_memory -lt 8192 ]; then
 	# Need a minimum of 8Go of memory
 	swap_needed=$((8192 - $total_memory))
@@ -212,6 +217,20 @@ newuser.confirmation_token = nil
 newuser.save
 ApplicationSetting.last.update_attributes(password_authentication_enabled_for_web: $use_web_account, signup_enabled: $use_web_account)" | gitlab-rails console
 
+
+#=================================================
+# DEFINE THE BACKUP STRATEGY: https://docs.gitlab.com/ce/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup
+#=================================================
+
+ynh_app_setting_set --app=$app --key=backup_db --value=1
+ynh_app_setting_set --app=$app --key=backup_uploads --value=1
+ynh_app_setting_set --app=$app --key=backup_repositories --value=1
+ynh_app_setting_set --app=$app --key=backup_builds --value=1
+ynh_app_setting_set --app=$app --key=backup_artifacts --value=1
+ynh_app_setting_set --app=$app --key=backup_lfs --value=1
+ynh_app_setting_set --app=$app --key=backup_registry --value=1
+ynh_app_setting_set --app=$app --key=backup_pages --value=1
+
 #=================================================
 # RECONFIGURE TO TAKE INTO ACCOUNT CHANGES
 #=================================================

scripts/restore

@@ -71,7 +71,7 @@ total_memory=$(ynh_check_ram)
 total_swap=$(ynh_check_ram --only_swap)
 swap_needed=0
 
-# https://docs.gitlab.com/ee/install/requirements.html#memory
+# https://docs.gitlab.com/ce/install/requirements.html#memory
 if [ $total_memory -lt 8192 ]; then
 	# Need a minimum of 8Go of memory
 	swap_needed=$((8192 - $total_memory))
@@ -137,7 +137,12 @@ gitlab-ctl stop sidekiq
 
 # Use gitlab-rake to backup
 # Doc: https://docs.gitlab.com/ce/raketasks/backup_restore.html#restore-for-omnibus-gitlab-installations
-ynh_exec_warn_less gitlab-rake gitlab:backup:restore force=yes BACKUP=$last_backup
+ynh_exec_warn_less gitlab-backup restore force=yes BACKUP=$last_backup
+
+# https://docs.gitlab.com/ce/raketasks/backup_restore.html#container-registry-push-failures-after-restoring-from-a-backup
+if ynh_user_exists --username="registry" && [ -d "/var/opt/gitlab/gitlab-rails/shared/registry/docker" ]; then
+	chown -R registry:registry /var/opt/gitlab/gitlab-rails/shared/registry/docker
+fi
 
 #=================================================
 # GENERIC FINALIZATION

scripts/upgrade

@@ -33,6 +33,15 @@ unicorn_worker_processes=$(ynh_app_setting_get --app="$app" --key=unicorn_worker
 client_max_body_size=$(ynh_app_setting_get --app="$app" --key=client_max_body_size)
 overwrite_nginx=$(ynh_app_setting_get --app="$app" --key=overwrite_nginx)
 
+backup_db=$(ynh_app_setting_get --app="$app" --key=backup_db)
+backup_uploads=$(ynh_app_setting_get --app="$app" --key=backup_uploads)
+backup_repositories=$(ynh_app_setting_get --app="$app" --key=backup_repositories)
+backup_builds=$(ynh_app_setting_get --app="$app" --key=backup_builds)
+backup_artifacts=$(ynh_app_setting_get --app="$app" --key=backup_artifacts)
+backup_lfs=$(ynh_app_setting_get --app="$app" --key=backup_lfs)
+backup_registry=$(ynh_app_setting_get --app="$app" --key=backup_registry)
+backup_pages=$(ynh_app_setting_get --app="$app" --key=backup_pages)
+
 #=================================================
 # CHECK VERSION
 #=================================================
@@ -65,7 +74,7 @@ if [ -z "$config_path" ]; then
 fi
 
 if [ -z "$unicorn_worker_processes" ]; then
-	# https://docs.gitlab.com/ee/install/requirements.html#unicorn-workers
+	# https://docs.gitlab.com/ce/install/requirements.html#unicorn-workers
 	unicorn_worker_processes=$(($(nproc) + 1 ))
 
 	# If the server has at least 2GB of RAM
@@ -146,6 +155,39 @@ if [ -e "/etc/apt/sources.list.d/gitlab-ce.list" ]; then
 	ynh_secure_remove --file="/etc/apt/sources.list.d/gitlab-ce.list"
 fi
 
+# Define the backup strategy: https://docs.gitlab.com/ce/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup
+if [ -z "$backup_db" ]; then
+	ynh_app_setting_set --app=$app --key=backup_db --value=1
+fi
+
+if [ -z "$backup_uploads" ]; then
+	ynh_app_setting_set --app=$app --key=backup_uploads --value=1
+fi
+
+if [ -z "$backup_repositories" ]; then
+	ynh_app_setting_set --app=$app --key=backup_repositories --value=1
+fi
+
+if [ -z "$backup_builds" ]; then
+	ynh_app_setting_set --app=$app --key=backup_builds --value=1
+fi
+
+if [ -z "$backup_artifacts" ]; then
+	ynh_app_setting_set --app=$app --key=backup_artifacts --value=1
+fi
+
+if [ -z "$backup_lfs" ]; then
+	ynh_app_setting_set --app=$app --key=backup_lfs --value=1
+fi
+
+if [ -z "$backup_registry" ]; then
+	ynh_app_setting_set --app=$app --key=backup_registry --value=1
+fi
+
+if [ -z "$backup_pages" ]; then
+	ynh_app_setting_set --app=$app --key=backup_pages --value=1
+fi
+
 #=================================================
 # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
 #=================================================
@@ -188,7 +230,7 @@ total_memory=$(ynh_check_ram)
 total_swap=$(ynh_check_ram --only_swap)
 swap_needed=0
 
-# https://docs.gitlab.com/ee/install/requirements.html#memory
+# https://docs.gitlab.com/ce/install/requirements.html#memory
 if [ $total_memory -lt 8192 ]; then
 	# Need a minimum of 8Go of memory
 	swap_needed=$((8192 - $total_memory))
@@ -236,6 +278,9 @@ if [ "$upgrade_type" == "UPGRADE_APP" ]
 then
 	ynh_script_progression --message="Setting up source files..." --weight=200
 
+	# To avoid the automatic backup, already performed by YunoHost: https://docs.gitlab.com/omnibus/update/#updating-methods
+	touch $config_path/skip-auto-backup
+
 	current_version=$(grep gitlab-ce /opt/gitlab/version-manifest.txt | cut -d' ' -f2)
 
 	# Load the last available version

scripts/upgrade.d/upgrade.last.sh

@@ -1,8 +1,8 @@
-gitlab_version="12.1.3"
+gitlab_version="12.4.0"
 
-gitlab_x86_64_source_sha256="27f49d2249ce8af1750b4eb1133e5b9a9f9ccd4b38004a3b483e3f538ac13167"
+gitlab_x86_64_source_sha256="a8e84fe14b8ea1e63b6746478475f1253528d25414f5dd4538cb0f229ed42d82"
 
-gitlab_arm_source_sha256="4ca3f23d7e6d0f2e3dd288e811920bb85b44191f1da7befbd9606badb2a836dc"
+gitlab_arm_source_sha256="ab5ae257dc3b26f463a5afaf1344f4218fb545080e8e9a0f071d8cd59da2f259"
 
 gitlab_filename="gitlab-ce-${gitlab_version}.deb"