From d70b3c2b134700e5d6b9850dd1969a7f5796565f Mon Sep 17 00:00:00 2001 From: Kay0u Date: Mon, 22 Nov 2021 18:49:19 +0100 Subject: [PATCH] 14.5.0 --- conf/gitlab.rb | 36 +++++++++++++++++++++++++++++++ manifest.json | 2 +- scripts/upgrade.d/upgrade.last.sh | 12 +++++------ 3 files changed, 43 insertions(+), 7 deletions(-) diff --git a/conf/gitlab.rb b/conf/gitlab.rb index 46c0ae3..7ee02d2 100644 --- a/conf/gitlab.rb +++ b/conf/gitlab.rb @@ -195,6 +195,7 @@ external_url '__GENERATED_EXTERNAL_URL__' # gitlab_rails['namespaces_in_product_marketing_emails_worker_cron'] = "0 9 * * *" # gitlab_rails['ssh_keys_expired_notification_worker_cron'] = "0 2 * * *" # gitlab_rails['ssh_keys_expiring_soon_notification_worker_cron'] = "0 1 * * *" +# gitlab_rails['loose_foreign_keys_cleanup_worker_cron'] = "*/5 * * * *" ### Webhook Settings ###! Number of seconds to wait for HTTP response after sending webhook HTTP POST @@ -680,6 +681,7 @@ gitlab_rails['gitlab_shell_ssh_port'] = __SSH_PORT__ ### Extra customization # gitlab_rails['extra_google_analytics_id'] = '_your_tracking_id' # gitlab_rails['extra_google_tag_manager_id'] = '_your_tracking_id' +# gitlab_rails['extra_one_trust_id'] = '_your_one_trust_id' # gitlab_rails['extra_matomo_url'] = '_your_matomo_url' # gitlab_rails['extra_matomo_site_id'] = '_your_matomo_site_id' # gitlab_rails['extra_matomo_disable_cookies'] = false @@ -793,6 +795,8 @@ gitlab_rails['gitlab_shell_ssh_port'] = __SSH_PORT__ # gitlab_rails['redis_actioncable_sentinels'] = nil # gitlab_rails['redis_rate_limiting_instance'] = nil # gitlab_rails['redis_rate_limiting_sentinels'] = nil +# gitlab_rails['redis_sessions_instance'] = nil +# gitlab_rails['redis_sessions_sentinels'] = nil ################################################################################ ## Container Registry settings @@ -1615,6 +1619,10 @@ nginx['listen_https'] = false ##! Default to 0 for unlimited connections. # gitlab_pages['max_connections'] = 0 +##! Configure the maximum length of URIs accepted by GitLab Pages +##! By default is limited for security reasons. Set 0 for unlimited +# gitlab_pages['max_uri_length'] = 1024 + ##! Setting the propagate_correlation_id to true allows installations behind a reverse proxy ##! generate and set a correlation ID to requests sent to GitLab Pages. If a reverse proxy ##! sets the header value X-Request-ID, the value will be propagated in the request chain. @@ -1707,6 +1715,16 @@ nginx['listen_https'] = false ##! Enable serving content from disk instead of Object Storage # gitlab_pages['enable_disk'] = nil +##! Rate-limiting options below work in report-only mode: +##! they only count rejected requests, but don't reject them +##! enable `FF_ENABLE_RATE_LIMITER=true` environment variable to +##! reject requests. + +##! Rate limit per source IP in number of requests per second, 0 means is disabled +# gitlab_pages['rate_limit_source_ip'] = 50.0 +##! Rate limit per source IP maximum burst allowed per second +# gitlab_pages['rate_limit_source_ip_burst'] = 600 + # gitlab_pages['env_directory'] = "/opt/gitlab/etc/gitlab-pages/env" # gitlab_pages['env'] = { # 'SSL_CERT_DIR' => "#{node['package']['install-dir']}/embedded/ssl/certs/" @@ -1745,6 +1763,7 @@ nginx['listen_https'] = false # gitlab_rails['gitlab_kas_enabled'] = true # gitlab_rails['gitlab_kas_external_url'] = ws://gitlab.example.com/-/kubernetes-agent # gitlab_rails['gitlab_kas_internal_url'] = grpc://localhost:8153 +# gitlab_rails['gitlab_kas_external_k8s_proxy_url'] = ws://gitlab.example.com/-/kubernetes-agent ##! Enable GitLab KAS # gitlab_kas['enable'] = true @@ -1760,16 +1779,29 @@ nginx['listen_https'] = false ##! Shared secret used for authentication between KAS and GitLab # gitlab_kas['api_secret_key'] = nil # Will be generated if not set. Base64 encoded and exactly 32 bytes long. +##! Shared secret used for authentication between different KAS instances in a multi-node setup +# gitlab_kas['private_api_secret_key'] = nil # Will be generated if not set. Base64 encoded and exactly 32 bytes long. + ##! Listen configuration for GitLab KAS # gitlab_kas['listen_address'] = 'localhost:8150' # gitlab_kas['listen_network'] = 'tcp' # gitlab_kas['listen_websocket'] = true # gitlab_kas['internal_api_listen_network'] = 'tcp' # gitlab_kas['internal_api_listen_address'] = 'localhost:8153' +# gitlab_kas['kubernetes_api_listen_address'] = 'localhost:8154' +# gitlab_kas['private_api_listen_network'] = 'tcp' +# gitlab_kas['private_api_listen_address'] = 'localhost:8155' ##! Metrics configuration for GitLab KAS # gitlab_kas['metrics_usage_reporting_period'] = 60 +##! Environment variables for GitLab KAS +# gitlab_kas['env'] = { +# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/", +# # In a multi-node setup, this address MUST be reachable from other KAS instances. In a single-node setup, it can be on localhost for simplicity +# 'OWN_PRIVATE_API_URL' => 'grpc://localhost:8155' +# } + ##! Directories for GitLab KAS # gitlab_kas['dir'] = '/var/opt/gitlab/gitlab-kas' # gitlab_kas['log_directory'] = '/var/log/gitlab/gitlab-kas' @@ -2074,6 +2106,10 @@ nginx['listen_https'] = false ##! Manage gitlab-exporter sidekiq probes. false by default when Sentinels are ##! found. # gitlab_exporter['probe_sidekiq'] = true +##! Service name used to register GitLab Exporter as a Consul service +# gitlab_exporter['consul_service_name'] = 'gitlab-exporter' +##! Semantic metadata used when registering GitLab Exporter as a Consul service +# gitlab_exporter['consul_service_meta'] = {} # To completely disable prometheus, and all of it's exporters, set to false # prometheus_monitoring['enable'] = true diff --git a/manifest.json b/manifest.json index 5637fcf..597018c 100644 --- a/manifest.json +++ b/manifest.json @@ -2,7 +2,7 @@ "name": "GitLab", "id": "gitlab", "packaging_format": 1, - "version": "14.4.0~ynh1", + "version": "14.5.0~ynh1", "description": { "en": "Git-repository manager providing wiki, issue-tracking and CI/CD pipeline features.", "fr": "Gestionnaire de dépôts Git proposant des fonctionnalités de wiki, suivi de bugs et de pipeline CI/CD." diff --git a/scripts/upgrade.d/upgrade.last.sh b/scripts/upgrade.d/upgrade.last.sh index 1ca3430..c81c4a8 100644 --- a/scripts/upgrade.d/upgrade.last.sh +++ b/scripts/upgrade.d/upgrade.last.sh @@ -1,15 +1,15 @@ #!/bin/bash -gitlab_version="14.4.0" +gitlab_version="14.5.0" # sha256sum found here: https://packages.gitlab.com/gitlab gitlab_debian_version="buster" -gitlab_x86_64_buster_source_sha256="89d12148595ac1e5e127ec96ed877e738c28e5eed02328d26b1610341c291d92" +gitlab_x86_64_buster_source_sha256="9665cde5950fb531bde2c585fbab6a76e6a9677868dc573d6435003b580833d4" -gitlab_arm64_buster_source_sha256="98ec153767bf80c55e12be896f2005658e91ed761715841fbf87bfb41953f961" +gitlab_arm64_buster_source_sha256="bb0372c1fe0aa8f7f741c3e0b709374309a1aa82462c391be4800fca189d209e" -gitlab_arm_buster_source_sha256="e950b5f4fa76d051eddd20ae9cd1aab017f9b0abee41be1fee566ed0b39146ea" +gitlab_arm_buster_source_sha256="9c7b3bf6704f4937d69ec7a5f3abeda2fcfe59721887d1012be3bca472cc13e7" architecture=$(ynh_app_setting_get --app="$app" --key=architecture) @@ -20,8 +20,8 @@ elif [ "$architecture" = "arm64" ]; then elif [ "$architecture" = "arm" ]; then # If the version for arm doesn't exist, then use an older one if [ -z "$gitlab_arm_buster_source_sha256" ]; then - gitlab_version="14.4.0" - gitlab_arm_buster_source_sha256="e950b5f4fa76d051eddd20ae9cd1aab017f9b0abee41be1fee566ed0b39146ea" + gitlab_version="14.5.0" + gitlab_arm_buster_source_sha256="9c7b3bf6704f4937d69ec7a5f3abeda2fcfe59721887d1012be3bca472cc13e7" fi gitlab_source_sha256=$gitlab_arm_buster_source_sha256 fi