aland/nixpkgs-odroid-hc4
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

uboot: (firmwareOdroidC2/C4) don't invoke patch tool, use patches = [] instead

Browse source 
https://github.com/NixOS/nixpkgs/blob/master/pkgs/stdenv/generic/setup.sh#L948
this can do it nicely.

Signed-off-by: Anton Arapov <anton@deadbeef.mx>
This commit is contained in:
Anton Arapov 2021-04-03 12:58:10 +02:00 committed by Alan Daniels
commit 56de2bcd43
30691 changed files with 3076956 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

14
pkgs/applications/version-management/gitlab/data.json Normal file
View file

@ -0,0 +1,14 @@
{
"version": "15.0.2",
"repo_hash": "sha256-B5zD8yBY6d+jkIghuxShsR73+2X7Jd9mai1ouraEM44=",
"yarn_hash": "1a8k3x3b9sirzicqkwmr10m27n593iljfh8awdc9700akbj155lr",
"owner": "gitlab-org",
"repo": "gitlab",
"rev": "v15.0.2-ee",
"passthru": {
"GITALY_SERVER_VERSION": "15.0.2",
"GITLAB_PAGES_VERSION": "1.58.0",
"GITLAB_SHELL_VERSION": "14.3.0",
"GITLAB_WORKHORSE_VERSION": "15.0.2"
}
}

210
pkgs/applications/version-management/gitlab/default.nix Normal file
View file

@ -0,0 +1,210 @@
{ stdenv, lib, fetchurl, fetchpatch, fetchFromGitLab, bundlerEnv
, ruby, tzdata, git, nettools, nixosTests, nodejs, openssl
, gitlabEnterprise ? false, callPackage, yarn
, fixup_yarn_lock, replace, file, cacert, fetchYarnDeps, makeWrapper
}:
let
data = lib.importJSON ./data.json;
version = data.version;
src = fetchFromGitLab {
owner = data.owner;
repo = data.repo;
rev = data.rev;
sha256 = data.repo_hash;
};
rubyEnv = bundlerEnv rec {
name = "gitlab-env-${version}";
inherit ruby;
gemdir = ./rubyEnv;
gemset =
let x = import (gemdir + "/gemset.nix");
in x // {
# the openssl needs the openssl include files
openssl = x.openssl // {
buildInputs = [ openssl ];
};
ruby-magic = x.ruby-magic // {
buildInputs = [ file ];
buildFlags = [ "--enable-system-libraries" ];
};
# the included yarn rake task attaches the yarn:install task
# to assets:precompile, which is both unnecessary (since we
# run `yarn install` ourselves) and undoes the shebang patches
# in node_modules
railties = x.railties // {
dontBuild = false;
patches = [ ./railties-remove-yarn-install-enhancement.patch ];
patchFlags = "-p2";
};
};
groups = [
"default" "unicorn" "ed25519" "metrics" "development" "puma" "test" "kerberos"
];
# N.B. omniauth_oauth2_generic and apollo_upload_server both provide a
# `console` executable.
ignoreCollisions = true;
};
yarnOfflineCache = fetchYarnDeps {
yarnLock = src + "/yarn.lock";
sha256 = data.yarn_hash;
};
assets = stdenv.mkDerivation {
pname = "gitlab-assets";
inherit version src;
nativeBuildInputs = [ rubyEnv.wrappedRuby rubyEnv.bundler nodejs yarn git cacert ];
# Since version 12.6.0, the rake tasks need the location of git,
# so we have to apply the location patches here too.
patches = [ ./remove-hardcoded-locations.patch ];
# One of the patches uses this variable - if it's unset, execution
# of rake tasks fails.
GITLAB_LOG_PATH = "log";
FOSS_ONLY = !gitlabEnterprise;
configurePhase = ''
runHook preConfigure
# Some rake tasks try to run yarn automatically, which won't work
rm lib/tasks/yarn.rake
# The rake tasks won't run without a basic configuration in place
mv config/database.yml.postgresql config/database.yml
mv config/gitlab.yml.example config/gitlab.yml
# Yarn and bundler wants a real home directory to write cache, config, etc to
export HOME=$NIX_BUILD_TOP/fake_home
# Make yarn install packages from our offline cache, not the registry
yarn config --offline set yarn-offline-mirror ${yarnOfflineCache}
# Fixup "resolved"-entries in yarn.lock to match our offline cache
${fixup_yarn_lock}/bin/fixup_yarn_lock yarn.lock
yarn install --offline --frozen-lockfile --ignore-scripts --no-progress --non-interactive
patchShebangs node_modules/
runHook postConfigure
'';
buildPhase = ''
runHook preBuild
bundle exec rake gettext:po_to_json RAILS_ENV=production NODE_ENV=production
bundle exec rake rake:assets:precompile RAILS_ENV=production NODE_ENV=production
bundle exec rake gitlab:assets:compile_webpack_if_needed RAILS_ENV=production NODE_ENV=production
bundle exec rake gitlab:assets:fix_urls RAILS_ENV=production NODE_ENV=production
bundle exec rake gitlab:assets:check_page_bundle_mixins_css_for_sideeffects RAILS_ENV=production NODE_ENV=production
runHook postBuild
'';
installPhase = ''
runHook preInstall
mv public/assets $out
runHook postInstall
'';
};
in
stdenv.mkDerivation {
name = "gitlab${lib.optionalString gitlabEnterprise "-ee"}-${version}";
inherit src;
buildInputs = [
rubyEnv rubyEnv.wrappedRuby rubyEnv.bundler tzdata git nettools makeWrapper
];
patches = [
# Change hardcoded paths to the NixOS equivalent
./remove-hardcoded-locations.patch
];
postPatch = ''
${lib.optionalString (!gitlabEnterprise) ''
# Remove all proprietary components
rm -rf ee
sed -i 's/-ee//' ./VERSION
''}
# For reasons I don't understand "bundle exec" ignores the
# RAILS_ENV causing tests to be executed that fail because we're
# not installing development and test gems above. Deleting the
# tests works though.
rm lib/tasks/test.rake
rm config/initializers/gitlab_shell_secret_token.rb
sed -i '/ask_to_continue/d' lib/tasks/gitlab/two_factor.rake
sed -ri -e '/log_level/a config.logger = Logger.new(STDERR)' config/environments/production.rb
mv config/puma.rb.example config/puma.rb
# Always require lib-files and application.rb through their store
# path, not their relative state directory path. This gets rid of
# warnings and means we don't have to link back to lib from the
# state directory.
${replace}/bin/replace-literal -f -r -e '../lib' "$out/share/gitlab/lib" config
${replace}/bin/replace-literal -f -r -e "require_relative 'application'" "require_relative '$out/share/gitlab/config/application'" config
'';
buildPhase = ''
rm -f config/secrets.yml
mv config config.dist
rm -r tmp
'';
installPhase = ''
mkdir -p $out/share
cp -r . $out/share/gitlab
ln -sf ${assets} $out/share/gitlab/public/assets
rm -rf $out/share/gitlab/log
ln -sf /run/gitlab/log $out/share/gitlab/log
ln -sf /run/gitlab/uploads $out/share/gitlab/public/uploads
ln -sf /run/gitlab/config $out/share/gitlab/config
ln -sf /run/gitlab/tmp $out/share/gitlab/tmp
# rake tasks to mitigate CVE-2017-0882
# see https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/
cp ${./reset_token.rake} $out/share/gitlab/lib/tasks/reset_token.rake
# manually patch the shebang line in generate-loose-foreign-key
wrapProgram $out/share/gitlab/scripts/decomposition/generate-loose-foreign-key --set ENABLE_SPRING 0 --add-flags 'runner -e test'
'';
passthru = {
inherit rubyEnv assets;
ruby = rubyEnv.wrappedRuby;
GITALY_SERVER_VERSION = data.passthru.GITALY_SERVER_VERSION;
GITLAB_PAGES_VERSION = data.passthru.GITLAB_PAGES_VERSION;
GITLAB_SHELL_VERSION = data.passthru.GITLAB_SHELL_VERSION;
GITLAB_WORKHORSE_VERSION = data.passthru.GITLAB_WORKHORSE_VERSION;
gitlabEnv.FOSS_ONLY = lib.boolToString (!gitlabEnterprise);
tests = {
nixos-test-passes = nixosTests.gitlab;
};
};
meta = with lib; {
homepage = "http://www.gitlab.com/";
platforms = platforms.linux;
maintainers = with maintainers; [ fpletz globin krav talyz yayayayaka yuka ];
} // (if gitlabEnterprise then
{
license = licenses.unfreeRedistributable; # https://gitlab.com/gitlab-org/gitlab-ee/raw/master/LICENSE
description = "GitLab Enterprise Edition";
}
else
{
license = licenses.mit;
description = "GitLab Community Edition";
longDescription = "GitLab Community Edition (CE) is an open source end-to-end software development platform with built-in version control, issue tracking, code review, CI/CD, and more. Self-host GitLab CE on your own servers, in a container, or on a cloud provider.";
});
}

41
pkgs/applications/version-management/gitlab/gitaly/Gemfile Normal file
View file

@ -0,0 +1,41 @@
source 'https://rubygems.org'
gem 'rugged', '~> 1.2'
gem 'github-linguist', '~> 7.12', require: 'linguist'
gem 'gitlab-markup', '~> 1.7.1'
gem 'activesupport', '~> 6.1.4.7'
gem 'rdoc', '~> 6.0'
gem 'gitlab-gollum-lib', '~> 4.2.7.10.gitlab.2', require: false
gem 'gitlab-gollum-rugged_adapter', '~> 0.4.4.4.gitlab.1', require: false
gem 'grpc', '~> 1.42.0' # keep in lock-step with grpc-tools
gem 'sentry-raven', '~> 3.0', require: false
gem 'faraday', '~> 1.0'
gem 'rbtrace', require: false
# Labkit provides observability functionality
gem 'gitlab-labkit', '~> 0.21.1'
# Detects the open source license the repository includes
# This version needs to be in sync with GitLab CE/EE
gem 'licensee', '~> 9.14.1'
gem 'google-protobuf', '~> 3.19.0'
group :development, :test do
gem 'rubocop', '~> 0.69', require: false
gem 'rspec', require: false
gem 'rspec-parameterized', require: false
gem 'timecop', require: false
gem 'factory_bot', require: false
gem 'pry', '~> 0.12.2', require: false
gem 'grpc-tools', '~> 1.42.0'
end
# Gems required in omnibus-gitlab pipeline
group :development, :test, :omnibus do
# Using a fork until https://github.com/pivotal/LicenseFinder/pull/816 is
# resolved. For details, check discussion in
# https://gitlab.com/gitlab-org/gitlab/-/merge_requests/74881
gem 'gitlab-license_finder', require: false
end

252
pkgs/applications/version-management/gitlab/gitaly/Gemfile.lock Normal file
View file

@ -0,0 +1,252 @@
GEM
remote: https://rubygems.org/
specs:
abstract_type (0.0.7)
actionpack (6.1.4.7)
actionview (= 6.1.4.7)
activesupport (= 6.1.4.7)
rack (~> 2.0, >= 2.0.9)
rack-test (>= 0.6.3)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.2.0)
actionview (6.1.4.7)
activesupport (= 6.1.4.7)
builder (~> 3.1)
erubi (~> 1.4)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.1, >= 1.2.0)
activesupport (6.1.4.7)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 1.6, < 2)
minitest (>= 5.1)
tzinfo (~> 2.0)
zeitwerk (~> 2.3)
adamantium (0.2.0)
ice_nine (~> 0.11.0)
memoizable (~> 0.4.0)
addressable (2.7.0)
public_suffix (>= 2.0.2, < 5.0)
ast (2.4.2)
binding_ninja (0.2.3)
builder (3.2.4)
charlock_holmes (0.7.7)
coderay (1.1.2)
concord (0.1.5)
adamantium (~> 0.2.0)
equalizer (~> 0.0.9)
concurrent-ruby (1.1.10)
crass (1.0.6)
diff-lcs (1.3)
dotenv (2.7.6)
equalizer (0.0.11)
erubi (1.10.0)
escape_utils (1.2.1)
factory_bot (5.0.2)
activesupport (>= 4.2.0)
faraday (1.0.1)
multipart-post (>= 1.2, < 3)
ffi (1.15.3)
gemojione (3.3.0)
json
github-linguist (7.12.1)
charlock_holmes (~> 0.7.7)
escape_utils (~> 1.2.0)
mini_mime (~> 1.0)
rugged (>= 0.25.1)
github-markup (1.7.0)
gitlab-gollum-lib (4.2.7.10.gitlab.2)
gemojione (~> 3.2)
github-markup (~> 1.6)
gitlab-gollum-rugged_adapter (~> 0.4.4.4.gitlab.1)
nokogiri (>= 1.6.1, < 2.0)
rouge (~> 3.1)
sanitize (~> 6.0)
stringex (~> 2.6)
gitlab-gollum-rugged_adapter (0.4.4.4.gitlab.1)
mime-types (>= 1.15)
rugged (~> 1.0)
gitlab-labkit (0.21.2)
actionpack (>= 5.0.0, < 7.0.0)
activesupport (>= 5.0.0, < 7.0.0)
grpc (~> 1.30)
jaeger-client (~> 1.1)
opentracing (~> 0.4)
pg_query (~> 2.1)
redis (> 3.0.0, < 5.0.0)
gitlab-license_finder (6.14.2.1)
bundler
rubyzip (>= 1, < 3)
thor (~> 1.0)
tomlrb (>= 1.3, < 2.1)
with_env (= 1.1.0)
xml-simple (~> 1.1.5)
gitlab-markup (1.7.1)
google-protobuf (3.19.1)
googleapis-common-protos-types (1.3.0)
google-protobuf (~> 3.14)
grpc (1.42.0)
google-protobuf (~> 3.18)
googleapis-common-protos-types (~> 1.0)
grpc-tools (1.42.0)
i18n (1.10.0)
concurrent-ruby (~> 1.0)
ice_nine (0.11.2)
jaeger-client (1.1.0)
opentracing (~> 0.3)
thrift
json (2.5.1)
licensee (9.14.1)
dotenv (~> 2.0)
octokit (~> 4.17)
reverse_markdown (~> 1.0)
rugged (>= 0.24, < 2.0)
thor (>= 0.19, < 2.0)
loofah (2.16.0)
crass (~> 1.0.2)
nokogiri (>= 1.5.9)
memoizable (0.4.2)
thread_safe (~> 0.3, >= 0.3.1)
method_source (0.9.2)
mime-types (3.3.1)
mime-types-data (~> 3.2015)
mime-types-data (3.2020.1104)
mini_mime (1.0.2)
mini_portile2 (2.8.0)
minitest (5.15.0)
msgpack (1.3.3)
multipart-post (2.1.1)
nokogiri (1.13.3)
mini_portile2 (~> 2.8.0)
racc (~> 1.4)
octokit (4.20.0)
faraday (>= 0.9)
sawyer (~> 0.8.0, >= 0.5.3)
opentracing (0.5.0)
optimist (3.0.1)
parallel (1.19.2)
parser (3.0.3.2)
ast (~> 2.4.1)
pg_query (2.1.1)
google-protobuf (>= 3.17.1)
proc_to_ast (0.1.0)
coderay
parser
unparser
procto (0.0.3)
pry (0.12.2)
coderay (~> 1.1.0)
method_source (~> 0.9.0)
public_suffix (4.0.6)
racc (1.6.0)
rack (2.2.3)
rack-test (1.1.0)
rack (>= 1.0, < 3)
rails-dom-testing (2.0.3)
activesupport (>= 4.2.0)
nokogiri (>= 1.6)
rails-html-sanitizer (1.4.2)
loofah (~> 2.3)
rainbow (3.0.0)
rbtrace (0.4.14)
ffi (>= 1.0.6)
msgpack (>= 0.4.3)
optimist (>= 3.0.0)
rdoc (6.3.2)
redis (4.4.0)
regexp_parser (1.8.1)
reverse_markdown (1.4.0)
nokogiri
rexml (3.2.5)
rouge (3.27.0)
rspec (3.8.0)
rspec-core (~> 3.8.0)
rspec-expectations (~> 3.8.0)
rspec-mocks (~> 3.8.0)
rspec-core (3.8.0)
rspec-support (~> 3.8.0)
rspec-expectations (3.8.3)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.8.0)
rspec-mocks (3.8.0)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.8.0)
rspec-parameterized (0.4.2)
binding_ninja (>= 0.2.3)
parser
proc_to_ast
rspec (>= 2.13, < 4)
unparser
rspec-support (3.8.0)
rubocop (0.86.0)
parallel (~> 1.10)
parser (>= 2.7.0.1)
rainbow (>= 2.2.2, < 4.0)
regexp_parser (>= 1.7)
rexml
rubocop-ast (>= 0.0.3, < 1.0)
ruby-progressbar (~> 1.7)
unicode-display_width (>= 1.4.0, < 2.0)
rubocop-ast (0.2.0)
parser (>= 2.7.0.1)
ruby-progressbar (1.10.1)
rubyzip (2.3.2)
rugged (1.2.0)
sanitize (6.0.0)
crass (~> 1.0.2)
nokogiri (>= 1.12.0)
sawyer (0.8.2)
addressable (>= 2.3.5)
faraday (> 0.8, < 2.0)
sentry-raven (3.0.4)
faraday (>= 1.0)
stringex (2.8.5)
thor (1.1.0)
thread_safe (0.3.6)
thrift (0.15.0)
timecop (0.9.1)
tomlrb (2.0.1)
tzinfo (2.0.4)
concurrent-ruby (~> 1.0)
unicode-display_width (1.7.0)
unparser (0.4.7)
abstract_type (~> 0.0.7)
adamantium (~> 0.2.0)
concord (~> 0.1.5)
diff-lcs (~> 1.3)
equalizer (~> 0.0.9)
parser (>= 2.6.5)
procto (~> 0.0.2)
with_env (1.1.0)
xml-simple (1.1.9)
rexml
zeitwerk (2.5.4)
PLATFORMS
ruby
DEPENDENCIES
activesupport (~> 6.1.4.7)
factory_bot
faraday (~> 1.0)
github-linguist (~> 7.12)
gitlab-gollum-lib (~> 4.2.7.10.gitlab.2)
gitlab-gollum-rugged_adapter (~> 0.4.4.4.gitlab.1)
gitlab-labkit (~> 0.21.1)
gitlab-license_finder
gitlab-markup (~> 1.7.1)
google-protobuf (~> 3.19.0)
grpc (~> 1.42.0)
grpc-tools (~> 1.42.0)
licensee (~> 9.14.1)
pry (~> 0.12.2)
rbtrace
rdoc (~> 6.0)
rspec
rspec-parameterized
rubocop (~> 0.69)
rugged (~> 1.2)
sentry-raven (~> 3.0)
timecop
BUNDLED WITH
2.1.4

58
pkgs/applications/version-management/gitlab/gitaly/default.nix Normal file
View file

@ -0,0 +1,58 @@
{ lib, fetchFromGitLab, fetchFromGitHub, buildGoModule, ruby
, bundlerEnv, pkg-config
# libgit2 + dependencies
, libgit2_1_3_0, openssl, zlib, pcre, http-parser }:
let
rubyEnv = bundlerEnv rec {
name = "gitaly-env";
inherit ruby;
copyGemFiles = true;
gemdir = ./.;
};
version = "15.0.2";
package_version = "v14";
gitaly_package = "gitlab.com/gitlab-org/gitaly/${package_version}";
in
buildGoModule {
pname = "gitaly";
inherit version;
src = fetchFromGitLab {
owner = "gitlab-org";
repo = "gitaly";
rev = "v${version}";
sha256 = "sha256-jwPXar16FOq0xCg3xUXH72YPmoVa91ae3bgz95ZmYo4=";
};
vendorSha256 = "sha256-/tHKWo09ZV31TSIqlOk36V3y7gNikziUJHf+nS1gHEw=";
passthru = {
inherit rubyEnv;
};
ldflags = "-X ${gitaly_package}/internal/version.version=${version} -X ${gitaly_package}/internal/version.moduleVersion=${version}";
tags = [ "static,system_libgit2" ];
nativeBuildInputs = [ pkg-config ];
buildInputs = [ rubyEnv.wrappedRuby libgit2_1_3_0 openssl zlib pcre http-parser ];
doCheck = false;
postInstall = ''
mkdir -p $ruby
cp -rv $src/ruby/{bin,lib,proto} $ruby
mv $out/bin/gitaly-git2go-${package_version} $out/bin/gitaly-git2go-${version}
'';
outputs = [ "out" "ruby" ];
meta = with lib; {
homepage = "https://gitlab.com/gitlab-org/gitaly";
description = "A Git RPC service for handling all the git calls made by GitLab";
platforms = platforms.linux ++ [ "x86_64-darwin" ];
maintainers = with maintainers; [ roblabla globin fpletz talyz yayayayaka ];
license = licenses.mit;
};
}

1002
pkgs/applications/version-management/gitlab/gitaly/gemset.nix Normal file
View file

File diff suppressed because it is too large Load diff

32
pkgs/applications/version-management/gitlab/gitlab-shell/default.nix Normal file
View file

@ -0,0 +1,32 @@
{ lib, fetchFromGitLab, buildGoModule, ruby }:
buildGoModule rec {
pname = "gitlab-shell";
version = "14.3.0";
src = fetchFromGitLab {
owner = "gitlab-org";
repo = "gitlab-shell";
rev = "v${version}";
sha256 = "sha256-SFoNtWcY0iJREsA+vZRsVJHmNb2vNvOiBJnochxA/Us=";
};
buildInputs = [ ruby ];
patches = [ ./remove-hardcoded-locations.patch ];
vendorSha256 = "sha256-eSzJon8o7ktV3rFuTE1A4tzdkBzWBZf1JxnrcMj5s00=";
postInstall = ''
cp -r "$NIX_BUILD_TOP/source"/bin/* $out/bin
cp -r "$NIX_BUILD_TOP/source"/{support,VERSION} $out/
'';
doCheck = false;
meta = with lib; {
description = "SSH access and repository management app for GitLab";
homepage = "http://www.gitlab.com/";
platforms = platforms.linux;
maintainers = with maintainers; [ fpletz globin talyz yayayayaka ];
license = licenses.mit;
};
}

48
pkgs/applications/version-management/gitlab/gitlab-shell/remove-hardcoded-locations.patch Normal file
View file

@ -0,0 +1,48 @@
diff --git a/internal/config/config.go b/internal/config/config.go
index 36f8625..72ede08 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -12,7 +12,7 @@ import (
)
const (
- configFile = "config.yml"
+ configFile = "shell-config.yml"
defaultSecretFileName = ".gitlab_shell_secret"
)
@@ -91,7 +91,7 @@ func (c *Config) GetHttpClient() *client.HttpClient {
// NewFromDirExternal returns a new config from a given root dir. It also applies defaults appropriate for
// gitlab-shell running in an external SSH server.
func NewFromDirExternal(dir string) (*Config, error) {
- cfg, err := newFromFile(filepath.Join(dir, configFile))
+ cfg, err := newFromFile(filepath.Join("/run/gitlab", configFile))
if err != nil {
return nil, err
}
diff --git a/internal/keyline/key_line.go b/internal/keyline/key_line.go
index c6f2422..fb0426b 100644
--- a/internal/keyline/key_line.go
+++ b/internal/keyline/key_line.go
@@ -37,7 +37,7 @@ func NewPrincipalKeyLine(keyId, principal string, config *config.Config) (*KeyLi
}
func (k *KeyLine) ToString() string {
- command := fmt.Sprintf("%s %s-%s", path.Join(k.Config.RootDir, executable.BinDir, executable.GitlabShell), k.Prefix, k.Id)
+ command := fmt.Sprintf("%s %s-%s", path.Join("/run/current-system/sw/bin", executable.GitlabShell), k.Prefix, k.Id)
return fmt.Sprintf(`command="%s",%s %s`, command, SshOptions, k.Value)
}
diff --git a/support/gitlab_config.rb b/support/gitlab_config.rb
index 52ac5ee..d96baa3 100644
--- a/support/gitlab_config.rb
+++ b/support/gitlab_config.rb
@@ -7,7 +7,7 @@ class GitlabConfig
attr_reader :config
def initialize
- @config = YAML.load_file(File.join(ROOT_PATH, 'config.yml'))
+ @config = YAML.load_file('/run/gitlab/shell-config.yml')
end
def auth_file

30
pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix Normal file
View file

@ -0,0 +1,30 @@
{ lib, fetchFromGitLab, git, buildGoModule }:
let
data = lib.importJSON ../data.json;
in
buildGoModule rec {
pname = "gitlab-workhorse";
version = "15.0.2";
src = fetchFromGitLab {
owner = data.owner;
repo = data.repo;
rev = data.rev;
sha256 = data.repo_hash;
};
sourceRoot = "source/workhorse";
vendorSha256 = "sha256-7hNwBCDMdiiOliZa/lkYLo8gyAksAU0HanCSyaAMYLs=";
buildInputs = [ git ];
ldflags = [ "-X main.Version=${version}" ];
doCheck = false;
meta = with lib; {
homepage = "http://www.gitlab.com/";
platforms = platforms.linux;
maintainers = with maintainers; [ fpletz globin talyz yayayayaka ];
license = licenses.mit;
};
}

13
pkgs/applications/version-management/gitlab/railties-remove-yarn-install-enhancement.patch Normal file
View file

@ -0,0 +1,13 @@
diff --git a/railties/lib/rails/tasks/yarn.rake b/railties/lib/rails/tasks/yarn.rake
index 0226da721a..365cdeb0f9 100644
--- a/railties/lib/rails/tasks/yarn.rake
+++ b/railties/lib/rails/tasks/yarn.rake
@@ -27,8 +27,3 @@ namespace :yarn do
exit 1
end
end
-
-# Run Yarn prior to Sprockets assets precompilation, so dependencies are available for use.
-if Rake::Task.task_defined?("assets:precompile") && File.exist?(Rails.root.join("bin", "yarn"))
- Rake::Task["assets:precompile"].enhance [ "yarn:install" ]
-end

219
pkgs/applications/version-management/gitlab/remove-hardcoded-locations.patch Normal file
View file

@ -0,0 +1,219 @@
diff --git a/config/environments/production.rb b/config/environments/production.rb
index e1a7db8d860..5823f170410 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -71,10 +71,10 @@
config.action_mailer.delivery_method = :sendmail
# Defaults to:
- # # config.action_mailer.sendmail_settings = {
- # # location: '/usr/sbin/sendmail',
- # # arguments: '-i -t'
- # # }
+ config.action_mailer.sendmail_settings = {
+ location: '/run/wrappers/bin/sendmail',
+ arguments: '-i -t'
+ }
config.action_mailer.perform_deliveries = true
config.action_mailer.raise_delivery_errors = true
diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index da1a15302da..c846db93e5c 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -1191,7 +1191,7 @@ production: &base
# CAUTION!
# Use the default values unless you really know what you are doing
git:
- bin_path: /usr/bin/git
+ bin_path: git
## Webpack settings
# If enabled, this will tell rails to serve frontend assets from the webpack-dev-server running
diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb
index 99335321f28..9d9d1c48af4 100644
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -185,7 +185,7 @@
Settings.gitlab['user_home'] ||= begin
Etc.getpwnam(Settings.gitlab['user']).dir
rescue ArgumentError # no user configured
- '/home/' + Settings.gitlab['user']
+ '/homeless-shelter'
end
Settings.gitlab['time_zone'] ||= nil
Settings.gitlab['signup_enabled'] ||= true if Settings.gitlab['signup_enabled'].nil?
@@ -794,7 +794,7 @@
# Git
#
Settings['git'] ||= Settingslogic.new({})
-Settings.git['bin_path'] ||= '/usr/bin/git'
+Settings.git['bin_path'] ||= 'git'
# Important: keep the satellites.path setting until GitLab 9.0 at
# least. This setting is fed to 'rm -rf' in
diff --git a/config/puma.rb.example b/config/puma.rb.example
index 9fc354a8fe8..2352ca9b58c 100644
--- a/config/puma.rb.example
+++ b/config/puma.rb.example
@@ -5,12 +5,8 @@
# The default is "config.ru".
#
rackup 'config.ru'
-pidfile '/home/git/gitlab/tmp/pids/puma.pid'
-state_path '/home/git/gitlab/tmp/pids/puma.state'
-
-stdout_redirect '/home/git/gitlab/log/puma.stdout.log',
- '/home/git/gitlab/log/puma.stderr.log',
- true
+pidfile ENV['PUMA_PATH'] + '/tmp/pids/puma.pid'
+state_path ENV['PUMA_PATH'] + '/tmp/pids/puma.state'
# Configure "min" to be the minimum number of threads to use to answer
# requests and "max" the maximum.
@@ -31,12 +27,12 @@ queue_requests false
# Bind the server to "url". "tcp://", "unix://" and "ssl://" are the only
# accepted protocols.
-bind 'unix:///home/git/gitlab/tmp/sockets/gitlab.socket'
+bind "unix://#{ENV['PUMA_PATH']}/tmp/sockets/gitlab.socket"
workers 3
-require_relative "/home/git/gitlab/lib/gitlab/cluster/lifecycle_events"
-require_relative "/home/git/gitlab/lib/gitlab/cluster/puma_worker_killer_initializer"
+require_relative ENV['GITLAB_PATH'] + "lib/gitlab/cluster/lifecycle_events"
+require_relative ENV['GITLAB_PATH'] + "lib/gitlab/cluster/puma_worker_killer_initializer"
on_restart do
# Signal application hooks that we're about to restart
@@ -80,7 +76,7 @@ if defined?(nakayoshi_fork)
end
# Use json formatter
-require_relative "/home/git/gitlab/lib/gitlab/puma_logging/json_formatter"
+require_relative ENV['GITLAB_PATH'] + "lib/gitlab/puma_logging/json_formatter"
json_formatter = Gitlab::PumaLogging::JSONFormatter.new
log_formatter do |str|
diff --git a/lib/api/api.rb b/lib/api/api.rb
index a287ffbfcd8..1a5ca59183a 100644
--- a/lib/api/api.rb
+++ b/lib/api/api.rb
@@ -4,7 +4,7 @@ module API
class API < ::API::Base
include APIGuard
- LOG_FILENAME = Rails.root.join("log", "api_json.log")
+ LOG_FILENAME = File.join(ENV["GITLAB_LOG_PATH"], "api_json.log")
NO_SLASH_URL_PART_REGEX = %r{[^/]+}.freeze
NAMESPACE_OR_PROJECT_REQUIREMENTS = { id: NO_SLASH_URL_PART_REGEX }.freeze
diff --git a/lib/gitlab/authorized_keys.rb b/lib/gitlab/authorized_keys.rb
index 50cd15b7a10..3ac89e5b8e9 100644
--- a/lib/gitlab/authorized_keys.rb
+++ b/lib/gitlab/authorized_keys.rb
@@ -157,7 +157,7 @@ def command(id)
raise KeyError, "Invalid ID: #{id.inspect}"
end
- "#{File.join(Gitlab.config.gitlab_shell.path, 'bin', 'gitlab-shell')} #{id}"
+ "#{File.join('/run/current-system/sw/bin', 'gitlab-shell')} #{id}"
end
def strip(key)
diff --git a/lib/gitlab/logger.rb b/lib/gitlab/logger.rb
index 89a4e36a232..ae379ffb27a 100644
--- a/lib/gitlab/logger.rb
+++ b/lib/gitlab/logger.rb
@@ -37,7 +37,7 @@ def self.build
end
def self.full_log_path
- Rails.root.join("log", file_name)
+ File.join(ENV["GITLAB_LOG_PATH"], file_name)
end
def self.cache_key
diff --git a/lib/gitlab/uploads_transfer.rb b/lib/gitlab/uploads_transfer.rb
index e0e7084e27e..19fab855b90 100644
--- a/lib/gitlab/uploads_transfer.rb
+++ b/lib/gitlab/uploads_transfer.rb
@@ -3,7 +3,7 @@
module Gitlab
class UploadsTransfer < ProjectTransfer
def root_dir
- FileUploader.root
+ ENV['GITLAB_UPLOADS_PATH'] || FileUploader.root
end
end
end
diff --git a/lib/system_check/app/log_writable_check.rb b/lib/system_check/app/log_writable_check.rb
index 2c108f0c18d..3a16ff52d01 100644
--- a/lib/system_check/app/log_writable_check.rb
+++ b/lib/system_check/app/log_writable_check.rb
@@ -23,7 +23,7 @@ def show_error
private
def log_path
- Rails.root.join('log')
+ ENV["GITLAB_LOG_PATH"]
end
end
end
diff --git a/lib/system_check/app/uploads_directory_exists_check.rb b/lib/system_check/app/uploads_directory_exists_check.rb
index 54dff63ab61..882da702f29 100644
--- a/lib/system_check/app/uploads_directory_exists_check.rb
+++ b/lib/system_check/app/uploads_directory_exists_check.rb
@@ -6,12 +6,13 @@ class UploadsDirectoryExistsCheck < SystemCheck::BaseCheck
set_name 'Uploads directory exists?'
def check?
- File.directory?(Rails.root.join('public/uploads'))
+ File.directory?(ENV['GITLAB_UPLOADS_PATH'] || Rails.root.join('public/uploads'))
end
def show_error
+ uploads_dir = ENV['GITLAB_UPLOADS_PATH'] || Rails.root.join('public/uploads')
try_fixing_it(
- "sudo -u #{gitlab_user} mkdir #{Rails.root}/public/uploads"
+ "sudo -u #{gitlab_user} mkdir #{uploads_dir}"
)
for_more_information(
see_installation_guide_section('GitLab')
diff --git a/lib/system_check/app/uploads_path_permission_check.rb b/lib/system_check/app/uploads_path_permission_check.rb
index 2e1cc687c43..ca69d63bcf6 100644
--- a/lib/system_check/app/uploads_path_permission_check.rb
+++ b/lib/system_check/app/uploads_path_permission_check.rb
@@ -27,7 +27,7 @@ def show_error
private
def rails_uploads_path
- Rails.root.join('public/uploads')
+ ENV['GITLAB_UPLOADS_PATH'] || Rails.root.join('public/uploads')
end
def uploads_fullpath
diff --git a/lib/system_check/app/uploads_path_tmp_permission_check.rb b/lib/system_check/app/uploads_path_tmp_permission_check.rb
index 567c7540777..29906b1c132 100644
--- a/lib/system_check/app/uploads_path_tmp_permission_check.rb
+++ b/lib/system_check/app/uploads_path_tmp_permission_check.rb
@@ -35,7 +35,7 @@ def upload_path_tmp
end
def uploads_fullpath
- File.realpath(Rails.root.join('public/uploads'))
+ File.realpath(ENV['GITLAB_UPLOADS_PATH'] || Rails.root.join('public/uploads'))
end
end
end
diff --git a/scripts/decomposition/generate-loose-foreign-key b/scripts/decomposition/generate-loose-foreign-key
index 35f84c64ce1..c2fecf3404c 100755
--- a/scripts/decomposition/generate-loose-foreign-key
+++ b/scripts/decomposition/generate-loose-foreign-key
@@ -1,4 +1,4 @@
-#!/usr/bin/env -S ENABLE_SPRING=0 bin/rails runner -e test
+#!/usr/bin/env rails
# This is helper script to swap foreign key to loose foreign key
# using DB schema

43
pkgs/applications/version-management/gitlab/reset_token.rake Normal file
View file

@ -0,0 +1,43 @@
# Taken from:
# https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/
# lib/tasks/reset_token.rake
require_relative '../../app/models/concerns/token_authenticatable.rb'
STDOUT.sync = true
namespace :tokens do
desc "Reset all GitLab user auth tokens"
task reset_all: :environment do
reset_all_users_token(:reset_authentication_token!)
end
desc "Reset all GitLab email tokens"
task reset_all_email: :environment do
reset_all_users_token(:reset_incoming_email_token!)
end
def reset_all_users_token(token)
TmpUser.find_in_batches do |batch|
puts "Processing batch starting with user ID: #{batch.first.id}"
batch.each(&token)
end
end
end
class TmpUser < ActiveRecord::Base
include TokenAuthenticatable
self.table_name = 'users'
def reset_authentication_token!
write_new_token(:authentication_token)
save!(validate: false)
end
def reset_incoming_email_token!
write_new_token(:incoming_email_token)
save!(validate: false)
end
end

547
pkgs/applications/version-management/gitlab/rubyEnv/Gemfile Normal file
View file

@ -0,0 +1,547 @@
# frozen_string_literal: true
source 'https://rubygems.org'
gem 'rails', '~> 6.1.4.7'
gem 'bootsnap', '~> 1.9.4', require: false
# Responders respond_to and respond_with
gem 'responders', '~> 3.0'
gem 'sprockets', '~> 3.7.0'
gem 'view_component', '~> 2.50.0'
# Default values for AR models
gem 'default_value_for', '~> 3.4.0'
# Supported DBs
gem 'pg', '~> 1.1'
gem 'rugged', '~> 1.2'
gem 'grape-path-helpers', '~> 1.7.0'
gem 'faraday', '~> 1.0'
gem 'marginalia', '~> 1.10.0'
# Authorization
gem 'declarative_policy', '~> 1.1.0'
# Authentication libraries
gem 'devise', '~> 4.7.2'
gem 'bcrypt', '~> 3.1', '>= 3.1.14'
gem 'doorkeeper', '~> 5.5.0.rc2'
gem 'doorkeeper-openid_connect', '~> 1.7.5'
gem 'rexml', '~> 3.2.5'
gem 'ruby-saml', '~> 1.13.0'
gem 'omniauth', '~> 1.8'
gem 'omniauth-auth0', '~> 2.0.0'
gem 'omniauth-azure-activedirectory-v2', '~> 1.0'
gem 'omniauth-azure-oauth2', '~> 0.0.9' # Deprecated v1 version
gem 'omniauth-cas3', '~> 1.1.4'
gem 'omniauth-dingtalk-oauth2', '~> 1.0'
gem 'omniauth-alicloud', '~> 1.0.1'
gem 'omniauth-facebook', '~> 4.0.0'
gem 'omniauth-github', '~> 1.4'
gem 'omniauth-gitlab', '~> 1.0.2'
gem 'omniauth-google-oauth2', '~> 0.6.0'
gem 'omniauth-oauth2-generic', '~> 0.2.2'
gem 'omniauth-saml', '~> 1.10'
gem 'omniauth-shibboleth', '~> 1.3.0'
gem 'omniauth-twitter', '~> 1.4'
gem 'omniauth_crowd', '~> 2.4.0'
gem 'omniauth-authentiq', '~> 0.3.3'
gem 'gitlab-omniauth-openid-connect', '~> 0.9.0', require: 'omniauth_openid_connect'
gem 'omniauth-salesforce', '~> 1.0.5'
gem 'omniauth-atlassian-oauth2', '~> 0.2.0'
gem 'rack-oauth2', '~> 1.16.0'
gem 'jwt', '~> 2.1.0'
# Kerberos authentication. EE-only
gem 'gssapi', group: :kerberos
gem 'timfel-krb5-auth', '~> 0.8', group: :kerberos
# Spam and anti-bot protection
gem 'recaptcha', '~> 4.11', require: 'recaptcha/rails'
gem 'akismet', '~> 3.0'
gem 'invisible_captcha', '~> 1.1.0'
# Two-factor authentication
gem 'devise-two-factor', '~> 4.0.2'
gem 'rqrcode-rails3', '~> 0.1.7'
gem 'attr_encrypted', '~> 3.1.0'
gem 'u2f', '~> 0.2.1'
# GitLab Pages
gem 'validates_hostname', '~> 1.0.11'
gem 'rubyzip', '~> 2.3.2', require: 'zip'
# GitLab Pages letsencrypt support
gem 'acme-client', '~> 2.0', '>= 2.0.9'
# Browser detection
gem 'browser', '~> 4.2'
# OS detection for usage ping
gem 'ohai', '~> 16.10'
# GPG
gem 'gpgme', '~> 2.0.19'
# LDAP Auth
# GitLab fork with several improvements to original library. For full list of changes
# see https://github.com/intridea/omniauth-ldap/compare/master...gitlabhq:master
gem 'gitlab_omniauth-ldap', '~> 2.1.1', require: 'omniauth-ldap'
gem 'net-ldap', '~> 0.16.3'
# API
gem 'grape', '~> 1.5.2'
gem 'grape-entity', '~> 0.10.0'
gem 'rack-cors', '~> 1.0.6', require: 'rack/cors'
# GraphQL API
gem 'graphql', '~> 1.11.10'
gem 'graphiql-rails', '~> 1.8'
gem 'apollo_upload_server', '~> 2.1.0'
gem 'graphql-docs', '~> 1.6.0', group: [:development, :test]
gem 'graphlient', '~> 0.5.0' # Used by BulkImport feature (group::import)
gem 'hashie'
# Disable strong_params so that Mash does not respond to :permitted?
gem 'hashie-forbidden_attributes'
# Pagination
gem 'kaminari', '~> 1.0'
# HAML
gem 'hamlit', '~> 2.15.0'
# Files attachments
gem 'carrierwave', '~> 1.3'
gem 'mini_magick', '~> 4.10.1'
# for backups
gem 'fog-aws', '~> 3.12'
# Locked until fog-google resolves https://github.com/fog/fog-google/issues/421.
# Also see config/initializers/fog_core_patch.rb.
gem 'fog-core', '= 2.1.0'
gem 'fog-google', '~> 1.15', require: 'fog/google'
gem 'fog-local', '~> 0.6'
gem 'fog-openstack', '~> 1.0'
gem 'fog-rackspace', '~> 0.1.1'
gem 'fog-aliyun', '~> 0.3'
gem 'gitlab-fog-azure-rm', '~> 1.2.0', require: 'fog/azurerm'
# for Google storage
gem 'google-api-client', '~> 0.33'
# for aws storage
gem 'unf', '~> 0.1.4'
# Seed data
gem 'seed-fu', '~> 2.3.7'
# Search
gem 'elasticsearch-model', '~> 7.2'
gem 'elasticsearch-rails', '~> 7.2', require: 'elasticsearch/rails/instrumentation'
gem 'elasticsearch-api', '7.13.3'
gem 'aws-sdk-core', '~> 3'
gem 'aws-sdk-cloudformation', '~> 1'
gem 'aws-sdk-s3', '~> 1'
gem 'faraday_middleware-aws-sigv4', '~>0.3.0'
gem 'typhoeus', '~> 1.4.0' # Used with Elasticsearch to support http keep-alive connections
# Markdown and HTML processing
gem 'html-pipeline', '~> 2.13.2'
gem 'deckar01-task_list', '2.3.1'
gem 'gitlab-markup', '~> 1.8.0'
gem 'github-markup', '~> 1.7.0', require: 'github/markup'
gem 'commonmarker', '~> 0.23.4'
gem 'kramdown', '~> 2.3.1'
gem 'RedCloth', '~> 4.3.2'
gem 'rdoc', '~> 6.3.2'
gem 'org-ruby', '~> 0.9.12'
gem 'creole', '~> 0.5.0'
gem 'wikicloth', '0.8.1'
gem 'asciidoctor', '~> 2.0.10'
gem 'asciidoctor-include-ext', '~> 0.4.0', require: false
gem 'asciidoctor-plantuml', '~> 0.0.12'
gem 'asciidoctor-kroki', '~> 0.5.0', require: false
gem 'rouge', '~> 3.27.0'
gem 'truncato', '~> 0.7.11'
gem 'bootstrap_form', '~> 4.2.0'
gem 'nokogiri', '~> 1.12'
gem 'escape_utils', '~> 1.1'
# Calendar rendering
gem 'icalendar'
# Diffs
gem 'diffy', '~> 3.3'
gem 'diff_match_patch', '~> 0.1.0'
# Application server
gem 'rack', '~> 2.2.3'
# https://github.com/sharpstone/rack-timeout/blob/master/README.md#rails-apps-manually
gem 'rack-timeout', '~> 0.5.1', require: 'rack/timeout/base'
group :puma do
gem 'puma', '~> 5.6.2', require: false
gem 'puma_worker_killer', '~> 0.3.1', require: false
gem 'sd_notify', '~> 0.1.0', require: false
end
# State machine
gem 'state_machines-activerecord', '~> 0.8.0'
# CI domain tags
gem 'acts-as-taggable-on', '~> 9.0'
# Background jobs
gem 'sidekiq', '~> 6.4'
gem 'sidekiq-cron', '~> 1.2'
gem 'redis-namespace', '~> 1.8.1'
gem 'gitlab-sidekiq-fetcher', '0.8.0', require: 'sidekiq-reliable-fetch'
# Cron Parser
gem 'fugit', '~> 1.2.1'
# HTTP requests
gem 'httparty', '~> 0.16.4'
# Colored output to console
gem 'rainbow', '~> 3.0'
# Progress bar
gem 'ruby-progressbar', '~> 1.10'
# GitLab settings
gem 'settingslogic', '~> 2.0.9'
# Linear-time regex library for untrusted regular expressions
gem 're2', '~> 1.2.0'
# Misc
gem 'version_sorter', '~> 2.2.4'
# Export Ruby Regex to Javascript
gem 'js_regex', '~> 3.7'
# User agent parsing
gem 'device_detector'
# Redis
gem 'redis', '~> 4.4.0'
gem 'connection_pool', '~> 2.0'
# Redis session store
gem 'redis-actionpack', '~> 5.2.0'
# Discord integration
gem 'discordrb-webhooks', '~> 3.4', require: false
# Jira integration
gem 'jira-ruby', '~> 2.1.4'
gem 'atlassian-jwt', '~> 0.2.0'
# Flowdock integration
gem 'flowdock', '~> 0.7'
# Slack integration
gem 'slack-messenger', '~> 2.3.4'
# Hangouts Chat integration
gem 'hangouts-chat', '~> 0.0.5', require: 'hangouts_chat'
# Asana integration
gem 'asana', '~> 0.10.3'
# FogBugz integration
gem 'ruby-fogbugz', '~> 0.2.1'
# Kubernetes integration
gem 'kubeclient', '~> 4.9.2'
# Sanitize user input
gem 'sanitize', '~> 6.0'
gem 'babosa', '~> 1.0.4'
# Sanitizes SVG input
gem 'loofah', '~> 2.2'
# Working with license
gem 'licensee', '~> 9.14.1'
# Detect and convert string character encoding
gem 'charlock_holmes', '~> 0.7.7'
# Detect mime content type from content
gem 'ruby-magic', '~> 0.5'
# Faster blank
gem 'fast_blank'
# Parse time & duration
gem 'gitlab-chronic', '~> 0.10.5'
gem 'gitlab_chronic_duration', '~> 0.10.6.2'
gem 'rack-proxy', '~> 0.7.2'
gem 'sassc-rails', '~> 2.1.0'
gem 'autoprefixer-rails', '10.2.5.1'
gem 'terser', '1.0.2'
gem 'addressable', '~> 2.8'
gem 'tanuki_emoji', '~> 0.6'
gem 'gon', '~> 6.4.0'
gem 'request_store', '~> 1.5'
gem 'base32', '~> 0.3.0'
gem 'gitlab-license', '~> 2.1.0'
# Protect against bruteforcing
gem 'rack-attack', '~> 6.3.0'
# Sentry integration
gem 'sentry-raven', '~> 3.1'
gem 'sentry-ruby', '~> 5.1.1'
gem 'sentry-rails', '~> 5.1.1'
gem 'sentry-sidekiq', '~> 5.1.1'
# PostgreSQL query parsing
#
gem 'pg_query', '~> 2.1'
gem 'premailer-rails', '~> 1.10.3'
# LabKit: Tracing and Correlation
gem 'gitlab-labkit', '~> 0.22.0'
# Thrift is a dependency of gitlab-labkit, we want a version higher than 0.14.0
# because of https://gitlab.com/gitlab-org/gitlab/-/issues/321900
gem 'thrift', '>= 0.14.0'
# I18n
gem 'ruby_parser', '~> 3.15', require: false
gem 'rails-i18n', '~> 6.0'
gem 'gettext_i18n_rails', '~> 1.8.0'
gem 'gettext_i18n_rails_js', '~> 1.3'
gem 'gettext', '~> 3.3', require: false, group: :development
gem 'batch-loader', '~> 2.0.1'
# Perf bar
gem 'peek', '~> 1.1'
# Snowplow events tracking
gem 'snowplow-tracker', '~> 0.6.1'
# Metrics
gem 'method_source', '~> 1.0', require: false
gem 'webrick', '~> 1.6.1', require: false
gem 'prometheus-client-mmap', '~> 0.15.0', require: 'prometheus/client'
gem 'warning', '~> 1.2.0'
group :development do
gem 'lefthook', '~> 0.7.0', require: false
gem 'rubocop'
gem 'solargraph', '~> 0.44.3', require: false
gem 'letter_opener_web', '~> 2.0.0'
# Better errors handler
gem 'better_errors', '~> 2.9.0'
# thin instead webrick
gem 'thin', '~> 1.8.0'
gem 'sprite-factory', '~> 1.7'
end
group :development, :test do
gem 'deprecation_toolkit', '~> 1.5.1', require: false
gem 'bullet', '~> 6.1.3'
gem 'pry-byebug'
gem 'pry-rails', '~> 0.3.9'
gem 'pry-shell', '~> 0.5.0'
gem 'awesome_print', require: false
gem 'database_cleaner', '~> 1.7.0'
gem 'factory_bot_rails', '~> 6.2.0'
gem 'rspec-rails', '~> 5.0.1'
# Prevent occasions where minitest is not bundled in packaged versions of ruby (see #3826)
gem 'minitest', '~> 5.11.0'
# Generate Fake data
gem 'ffaker', '~> 2.10'
gem 'spring', '~> 2.1.0'
gem 'spring-commands-rspec', '~> 1.0.4'
gem 'gitlab-styles', '~> 7.0.0', require: false
gem 'haml_lint', '~> 0.36.0', require: false
gem 'bundler-audit', '~> 0.7.0.1', require: false
gem 'benchmark-ips', '~> 2.3.0', require: false
gem 'knapsack', '~> 1.21.1'
gem 'crystalball', '~> 0.7.0', require: false
gem 'simple_po_parser', '~> 1.1.6', require: false
gem 'timecop', '~> 0.9.1'
gem 'png_quantizator', '~> 0.2.1', require: false
gem 'parallel', '~> 1.19', require: false
gem 'test_file_finder', '~> 0.1.3'
gem 'sigdump', '~> 0.2.4', require: 'sigdump/setup'
end
group :development, :test, :danger do
gem 'gitlab-dangerfiles', '~> 3.0', require: false
end
group :development, :test, :coverage do
gem 'simplecov', '~> 0.21', require: false
gem 'simplecov-lcov', '~> 0.8.0', require: false
gem 'simplecov-cobertura', '~> 1.3.1', require: false
gem 'undercover', '~> 0.4.4', require: false
end
# Gems required in omnibus-gitlab pipeline
group :development, :test, :omnibus do
# Using a fork until https://github.com/pivotal/LicenseFinder/pull/816 is
# resolved. For details, check discussion in
# https://gitlab.com/gitlab-org/gitlab/-/merge_requests/74881
gem 'gitlab-license_finder', '~> 6.0', require: false
end
group :test do
gem 'fuubar', '~> 2.2.0'
gem 'rspec-retry', '~> 0.6.1'
gem 'rspec_profiling', '~> 0.0.6'
gem 'rspec-benchmark', '~> 0.6.0'
gem 'rspec-parameterized', require: false
gem 'capybara', '~> 3.35.3'
gem 'capybara-screenshot', '~> 1.0.22'
gem 'selenium-webdriver', '~> 3.142'
gem 'shoulda-matchers', '~> 4.0.1', require: false
gem 'email_spec', '~> 2.2.0'
gem 'webmock', '~> 3.9.1'
gem 'rails-controller-testing'
gem 'concurrent-ruby', '~> 1.1'
gem 'test-prof', '~> 1.0.7'
gem 'rspec_junit_formatter'
gem 'guard-rspec'
# Moved in `test` because https://gitlab.com/gitlab-org/gitlab/-/issues/217527
gem 'derailed_benchmarks', require: false
end
gem 'octokit', '~> 4.15'
# Updating this gem version here is deprecated. See:
# https://docs.gitlab.com/ee/development/emails.html#mailroom-gem-updates
gem 'gitlab-mail_room', '~> 0.0.9', require: 'mail_room'
gem 'email_reply_trimmer', '~> 0.1'
gem 'html2text'
gem 'ruby-prof', '~> 1.3.0'
gem 'stackprof', '~> 0.2.15', require: false
gem 'rbtrace', '~> 0.4', require: false
gem 'memory_profiler', '~> 0.9', require: false
gem 'benchmark-memory', '~> 0.1', require: false
gem 'activerecord-explain-analyze', '~> 0.1', require: false
# OAuth
gem 'oauth2', '~> 1.4'
# Health check
gem 'health_check', '~> 3.0'
# System information
gem 'vmstat', '~> 2.3.0'
gem 'sys-filesystem', '~> 1.4.3'
# NTP client
gem 'net-ntp'
# SSH keys support
gem 'ssh_data', '~> 1.2'
# Spamcheck GRPC protocol definitions
gem 'spamcheck', '~> 0.1.0'
# Gitaly GRPC protocol definitions
gem 'gitaly', '~> 14.10.0-rc1'
# KAS GRPC protocol definitions
gem 'kas-grpc', '~> 0.0.2'
gem 'grpc', '~> 1.42.0'
gem 'google-protobuf', '~> 3.19.0'
gem 'toml-rb', '~> 2.0'
# Feature toggles
gem 'flipper', '~> 0.21.0'
gem 'flipper-active_record', '~> 0.21.0'
gem 'flipper-active_support_cache_store', '~> 0.21.0'
gem 'unleash', '~> 3.2.2'
gem 'gitlab-experiment', '~> 0.7.1'
# Structured logging
gem 'lograge', '~> 0.5'
gem 'grape_logging', '~> 1.7'
# DNS Lookup
gem 'gitlab-net-dns', '~> 0.9.1'
# Countries list
gem 'countries', '~> 3.0'
gem 'retriable', '~> 3.1.2'
# LRU cache
gem 'lru_redux'
gem 'erubi', '~> 1.9.0'
# Locked as long as quoted-printable encoding issues are not resolved
# Monkey-patched in `config/initializers/mail_encoding_patch.rb`
# See https://gitlab.com/gitlab-org/gitlab/issues/197386
gem 'mail', '= 2.7.1'
# File encryption
gem 'lockbox', '~> 0.6.2'
# Email validation
gem 'valid_email', '~> 0.1'
# JSON
gem 'json', '~> 2.5.1'
gem 'json_schemer', '~> 0.2.18'
gem 'oj', '~> 3.10.6'
gem 'multi_json', '~> 1.14.1'
gem 'yajl-ruby', '~> 1.4.1', require: 'yajl'
gem 'webauthn', '~> 2.3'
# IPAddress utilities
gem 'ipaddress', '~> 0.8.3'
gem 'parslet', '~> 1.8'
gem 'ipynbdiff', '0.4.7'

1700
pkgs/applications/version-management/gitlab/rubyEnv/Gemfile.lock Normal file
View file

File diff suppressed because it is too large Load diff

6092
pkgs/applications/version-management/gitlab/rubyEnv/gemset.nix Normal file
View file

File diff suppressed because it is too large Load diff

199
pkgs/applications/version-management/gitlab/update.py Executable file
View file

@ -0,0 +1,199 @@
#!/usr/bin/env nix-shell
#! nix-shell -I nixpkgs=../../../.. -i python3 -p bundix bundler nix-update nix nix-universal-prefetch python3 python3Packages.requests python3Packages.click python3Packages.click-log prefetch-yarn-deps
import click
import click_log
import os
import re
import logging
import subprocess
import json
import pathlib
import tempfile
from distutils.version import LooseVersion
from typing import Iterable
import requests
logger = logging.getLogger(__name__)
class GitLabRepo:
version_regex = re.compile(r"^v\d+\.\d+\.\d+(\-rc\d+)?(\-ee)?")
def __init__(self, owner: str = 'gitlab-org', repo: str = 'gitlab'):
self.owner = owner
self.repo = repo
@property
def url(self):
return f"https://gitlab.com/{self.owner}/{self.repo}"
@property
def tags(self) -> Iterable[str]:
r = requests.get(self.url + "/refs?sort=updated_desc&ref=master").json()
tags = r.get("Tags", [])
# filter out versions not matching version_regex
versions = list(filter(self.version_regex.match, tags))
# sort, but ignore v and -ee for sorting comparisons
versions.sort(key=lambda x: LooseVersion(x.replace("v", "").replace("-ee", "")), reverse=True)
return versions
def get_git_hash(self, rev: str):
return subprocess.check_output(['nix-universal-prefetch', 'fetchFromGitLab', '--owner', self.owner, '--repo', self.repo, '--rev', rev]).decode('utf-8').strip()
def get_yarn_hash(self, rev: str):
with tempfile.TemporaryDirectory() as tmp_dir:
with open(tmp_dir + '/yarn.lock', 'w') as f:
f.write(self.get_file('yarn.lock', rev))
return subprocess.check_output(['prefetch-yarn-deps', tmp_dir + '/yarn.lock']).decode('utf-8').strip()
@staticmethod
def rev2version(tag: str) -> str:
"""
normalize a tag to a version number.
This obviously isn't very smart if we don't pass something that looks like a tag
:param tag: the tag to normalize
:return: a normalized version number
"""
# strip v prefix
version = re.sub(r"^v", '', tag)
# strip -ee suffix
return re.sub(r"-ee$", '', version)
def get_file(self, filepath, rev):
"""
returns file contents at a given rev
:param filepath: the path to the file, relative to the repo root
:param rev: the rev to fetch at
:return:
"""
return requests.get(self.url + f"/raw/{rev}/{filepath}").text
def get_data(self, rev):
version = self.rev2version(rev)
passthru = {v: self.get_file(v, rev).strip() for v in ['GITALY_SERVER_VERSION', 'GITLAB_PAGES_VERSION',
'GITLAB_SHELL_VERSION']}
passthru["GITLAB_WORKHORSE_VERSION"] = version
return dict(version=self.rev2version(rev),
repo_hash=self.get_git_hash(rev),
yarn_hash=self.get_yarn_hash(rev),
owner=self.owner,
repo=self.repo,
rev=rev,
passthru=passthru)
def _get_data_json():
data_file_path = pathlib.Path(__file__).parent / 'data.json'
with open(data_file_path, 'r') as f:
return json.load(f)
def _call_nix_update(pkg, version):
"""calls nix-update from nixpkgs root dir"""
nixpkgs_path = pathlib.Path(__file__).parent / '../../../../'
return subprocess.check_output(['nix-update', pkg, '--version', version], cwd=nixpkgs_path)
@click_log.simple_verbosity_option(logger)
@click.group()
def cli():
pass
@cli.command('update-data')
@click.option('--rev', default='latest', help='The rev to use (vX.Y.Z-ee), or \'latest\'')
def update_data(rev: str):
"""Update data.nix"""
repo = GitLabRepo()
if rev == 'latest':
# filter out pre and re releases
rev = next(filter(lambda x: not ('rc' in x or x.endswith('pre')), repo.tags))
logger.debug(f"Using rev {rev}")
version = repo.rev2version(rev)
logger.debug(f"Using version {version}")
data_file_path = pathlib.Path(__file__).parent / 'data.json'
data = repo.get_data(rev)
with open(data_file_path.as_posix(), 'w') as f:
json.dump(data, f, indent=2)
f.write("\n")
@cli.command('update-rubyenv')
def update_rubyenv():
"""Update rubyEnv"""
repo = GitLabRepo()
rubyenv_dir = pathlib.Path(__file__).parent / f"rubyEnv"
# load rev from data.json
data = _get_data_json()
rev = data['rev']
with open(rubyenv_dir / 'Gemfile.lock', 'w') as f:
f.write(repo.get_file('Gemfile.lock', rev))
with open(rubyenv_dir / 'Gemfile', 'w') as f:
original = repo.get_file('Gemfile', rev)
f.write(re.sub(r".*mail-smtp_pool.*", "", original))
subprocess.check_output(['bundle', 'lock'], cwd=rubyenv_dir)
subprocess.check_output(['bundix'], cwd=rubyenv_dir)
@cli.command('update-gitaly')
def update_gitaly():
"""Update gitaly"""
data = _get_data_json()
gitaly_server_version = data['passthru']['GITALY_SERVER_VERSION']
repo = GitLabRepo(repo='gitaly')
gitaly_dir = pathlib.Path(__file__).parent / 'gitaly'
for fn in ['Gemfile.lock', 'Gemfile']:
with open(gitaly_dir / fn, 'w') as f:
f.write(repo.get_file(f"ruby/{fn}", f"v{gitaly_server_version}"))
subprocess.check_output(['bundle', 'lock'], cwd=gitaly_dir)
subprocess.check_output(['bundix'], cwd=gitaly_dir)
_call_nix_update('gitaly', gitaly_server_version)
@cli.command('update-gitlab-shell')
def update_gitlab_shell():
"""Update gitlab-shell"""
data = _get_data_json()
gitlab_shell_version = data['passthru']['GITLAB_SHELL_VERSION']
_call_nix_update('gitlab-shell', gitlab_shell_version)
@cli.command('update-gitlab-workhorse')
def update_gitlab_workhorse():
"""Update gitlab-workhorse"""
data = _get_data_json()
gitlab_workhorse_version = data['passthru']['GITLAB_WORKHORSE_VERSION']
_call_nix_update('gitlab-workhorse', gitlab_workhorse_version)
@cli.command('update-all')
@click.option('--rev', default='latest', help='The rev to use (vX.Y.Z-ee), or \'latest\'')
@click.pass_context
def update_all(ctx, rev: str):
"""Update all gitlab components to the latest stable release"""
ctx.invoke(update_data, rev=rev)
ctx.invoke(update_rubyenv)
ctx.invoke(update_gitaly)
ctx.invoke(update_gitlab_shell)
ctx.invoke(update_gitlab_workhorse)
if __name__ == '__main__':
cli()