Skip to content

protect protected branched to force updates #128

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 3, 2014
Merged

protect protected branched to force updates #128

merged 1 commit into from
Apr 3, 2014

Conversation

@Popl7
Copy link
Contributor

@Popl7 Popl7 commented Jan 28, 2014

this is a first (working) setup.
There are changes to the api from gitlab-ce.
I will post a PR for this as well. (#6190 gitlabhq/gitlabhq#6190)

Tests must be made.
@Popl7 Popl7 mentioned this pull request Jan 28, 2014
Merged
@coveralls
Copy link

Coverage Status

Coverage remained the same when pulling 5f14f42 on Popl7:add-better-branch-protection-against-history-rewrite-and-deletion into 56e216f on gitlabhq:master.
jacobvosmaer
jacobvosmaer reviewed Feb 19, 2014
View reviewed changes
lib/gitlab_update.rb Outdated
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is insecure. You should use:

unknow_refs = IO.popen(%W(git rev-list #{@oldrev}..#{@newrev} --)).read

The -- makes it clear to git that #{@oldrev}..#{@newrev} specifies a commit range. The IO.popen(%W(...)) avoids shell injection caused by incorrect tokenization.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, shouldn't the order of the refs be git rev-list oldrev ^newrev?
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure. I believe this checks if there are commits on old that aren't part of new.

I just checked: you are right.
According to the git manual about hooks it should be:

missed_refs = IO.popen(%W(git rev-list #{@newrev}..#{@oldrev} --)).read missed_refs.split("\n").size > 0
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Popl7 newrev..oldrev looks good. I think the line we are discussing has it turned around (oldrev..newrev).
@coveralls
Copy link

Coverage Status

Coverage decreased (-1.01%) when pulling 0eac27b on Popl7:add-better-branch-protection-against-history-rewrite-and-deletion into 79bceae on gitlabhq:master.
@dzaporozhets
Copy link
Contributor

@Popl7 does it affects both git over http and git over ssh?
@Popl7
Copy link
Contributor Author

Popl7 commented Mar 3, 2014

I am not sure. It works from the post-commit hook that is already used for the checking of authorization of the repo.
jacobvosmaer
jacobvosmaer reviewed Mar 3, 2014
View reviewed changes
lib/gitlab_update.rb
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@randx 👍 for the IO.popen
@dzaporozhets
Copy link
Contributor

@Popl7 can you check tests?
@Popl7
Copy link
Contributor Author

Popl7 commented Mar 11, 2014

I will try to make some tests

Op 11 mrt. 2014 om 16:15 heeft Dmitriy Zaporozhets notifications@github.com het volgende geschreven:

@Popl7 can you check tests?


Reply to this email directly or view it on GitHub.
@dzaporozhets
Copy link
Contributor

@Popl7 Can you add some tests and make it mergeable?
@Popl7
Copy link
Contributor Author

Popl7 commented Mar 25, 2014

hi Dimitri,

I can work on this tonight and try to get it mergable.

On 25 mrt. 2014, at 09:33, Dmitriy Zaporozhets notifications@github.com wrote:

@Popl7 Can you add some tests and make it mergeable?


Reply to this email directly or view it on GitHub.
@dzaporozhets
Copy link
Contributor

@Popl7 thanks. Ping me when ready
dzaporozhets added a commit that referenced this pull request Apr 3, 2014
@dzaporozhets
Merge pull request #128 from Popl7/add-better-branch-protection-again…
d5adeb1 
…st-history-rewrite-and-deletion protect protected branched to force updates
@dzaporozhets dzaporozhets merged commit d5adeb1 into gitlabhq:master Apr 3, 2014
@dzaporozhets
Copy link
Contributor

wow it does not work
dzaporozhets
dzaporozhets reviewed Apr 3, 2014
View reviewed changes
lib/gitlab_update.rb
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no such variable forced_push
@dzaporozhets
Copy link
Contributor

also it do not pass force_push variable via net
@dzaporozhets
Copy link
Contributor

Fixed by d299e7e
@Popl7 Popl7 deleted the add-better-branch-protection-against-history-rewrite-and-deletion branch April 3, 2014 12:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

4 participants

@Popl7 @coveralls @dzaporozhets @jacobvosmaer