2018-03-17 18:26:18 +05:30
|
|
|
module Gitlab
|
|
|
|
module Git
|
|
|
|
class GitlabProjects
|
|
|
|
include Gitlab::Git::Popen
|
|
|
|
include Gitlab::Utils::StrongMemoize
|
|
|
|
|
|
|
|
ShardNameNotFoundError = Class.new(StandardError)
|
|
|
|
|
|
|
|
# Absolute path to directory where repositories are stored.
|
|
|
|
# Example: /home/git/repositories
|
|
|
|
attr_reader :shard_path
|
|
|
|
|
|
|
|
# Relative path is a directory name for repository with .git at the end.
|
|
|
|
# Example: gitlab-org/gitlab-test.git
|
|
|
|
attr_reader :repository_relative_path
|
|
|
|
|
|
|
|
# Absolute path to the repository.
|
|
|
|
# Example: /home/git/repositorities/gitlab-org/gitlab-test.git
|
|
|
|
attr_reader :repository_absolute_path
|
|
|
|
|
|
|
|
# This is the path at which the gitlab-shell hooks directory can be found.
|
|
|
|
# It's essential for integration between git and GitLab proper. All new
|
|
|
|
# repositories should have their hooks directory symlinked here.
|
|
|
|
attr_reader :global_hooks_path
|
|
|
|
|
|
|
|
attr_reader :logger
|
|
|
|
|
|
|
|
def initialize(shard_path, repository_relative_path, global_hooks_path:, logger:)
|
|
|
|
@shard_path = shard_path
|
|
|
|
@repository_relative_path = repository_relative_path
|
|
|
|
|
|
|
|
@logger = logger
|
|
|
|
@global_hooks_path = global_hooks_path
|
|
|
|
@repository_absolute_path = File.join(shard_path, repository_relative_path)
|
|
|
|
@output = StringIO.new
|
|
|
|
end
|
|
|
|
|
|
|
|
def output
|
|
|
|
io = @output.dup
|
|
|
|
io.rewind
|
|
|
|
io.read
|
|
|
|
end
|
|
|
|
|
|
|
|
# Import project via git clone --bare
|
|
|
|
# URL must be publicly cloneable
|
|
|
|
def import_project(source, timeout)
|
|
|
|
Gitlab::GitalyClient.migrate(:import_repository) do |is_enabled|
|
|
|
|
if is_enabled
|
|
|
|
gitaly_import_repository(source)
|
|
|
|
else
|
|
|
|
git_import_repository(source, timeout)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def fork_repository(new_shard_path, new_repository_relative_path)
|
|
|
|
Gitlab::GitalyClient.migrate(:fork_repository) do |is_enabled|
|
|
|
|
if is_enabled
|
|
|
|
gitaly_fork_repository(new_shard_path, new_repository_relative_path)
|
|
|
|
else
|
|
|
|
git_fork_repository(new_shard_path, new_repository_relative_path)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2018-03-27 19:54:05 +05:30
|
|
|
def fetch_remote(name, timeout, force:, tags:, ssh_key: nil, known_hosts: nil, prune: true)
|
2018-03-17 18:26:18 +05:30
|
|
|
tags_option = tags ? '--tags' : '--no-tags'
|
|
|
|
|
|
|
|
logger.info "Fetching remote #{name} for repository #{repository_absolute_path}."
|
2018-03-27 19:54:05 +05:30
|
|
|
cmd = %W(git fetch #{name} --quiet)
|
|
|
|
cmd << '--prune' if prune
|
2018-03-17 18:26:18 +05:30
|
|
|
cmd << '--force' if force
|
|
|
|
cmd << tags_option
|
|
|
|
|
|
|
|
setup_ssh_auth(ssh_key, known_hosts) do |env|
|
|
|
|
success = run_with_timeout(cmd, timeout, repository_absolute_path, env)
|
|
|
|
|
|
|
|
unless success
|
|
|
|
logger.error "Fetching remote #{name} for repository #{repository_absolute_path} failed."
|
|
|
|
end
|
|
|
|
|
|
|
|
success
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def push_branches(remote_name, timeout, force, branch_names)
|
|
|
|
logger.info "Pushing branches from #{repository_absolute_path} to remote #{remote_name}: #{branch_names}"
|
|
|
|
cmd = %w(git push)
|
|
|
|
cmd << '--force' if force
|
|
|
|
cmd += %W(-- #{remote_name}).concat(branch_names)
|
|
|
|
|
|
|
|
success = run_with_timeout(cmd, timeout, repository_absolute_path)
|
|
|
|
|
|
|
|
unless success
|
|
|
|
logger.error("Pushing branches to remote #{remote_name} failed.")
|
|
|
|
end
|
|
|
|
|
|
|
|
success
|
|
|
|
end
|
|
|
|
|
|
|
|
def delete_remote_branches(remote_name, branch_names)
|
|
|
|
branches = branch_names.map { |branch_name| ":#{branch_name}" }
|
|
|
|
|
|
|
|
logger.info "Pushing deleted branches from #{repository_absolute_path} to remote #{remote_name}: #{branch_names}"
|
|
|
|
cmd = %W(git push -- #{remote_name}).concat(branches)
|
|
|
|
|
|
|
|
success = run(cmd, repository_absolute_path)
|
|
|
|
|
|
|
|
unless success
|
|
|
|
logger.error("Pushing deleted branches to remote #{remote_name} failed.")
|
|
|
|
end
|
|
|
|
|
|
|
|
success
|
|
|
|
end
|
|
|
|
|
|
|
|
protected
|
|
|
|
|
|
|
|
def run(*args)
|
|
|
|
output, exitstatus = popen(*args)
|
|
|
|
@output << output
|
|
|
|
|
|
|
|
exitstatus&.zero?
|
|
|
|
end
|
|
|
|
|
|
|
|
def run_with_timeout(*args)
|
|
|
|
output, exitstatus = popen_with_timeout(*args)
|
|
|
|
@output << output
|
|
|
|
|
|
|
|
exitstatus&.zero?
|
|
|
|
rescue Timeout::Error
|
|
|
|
@output.puts('Timed out')
|
|
|
|
|
|
|
|
false
|
|
|
|
end
|
|
|
|
|
|
|
|
def mask_password_in_url(url)
|
|
|
|
result = URI(url)
|
|
|
|
result.password = "*****" unless result.password.nil?
|
|
|
|
result.user = "*****" unless result.user.nil? # it's needed for oauth access_token
|
|
|
|
result
|
|
|
|
rescue
|
|
|
|
url
|
|
|
|
end
|
|
|
|
|
|
|
|
def remove_origin_in_repo
|
|
|
|
cmd = %w(git remote rm origin)
|
|
|
|
run(cmd, repository_absolute_path)
|
|
|
|
end
|
|
|
|
|
|
|
|
# Builds a small shell script that can be used to execute SSH with a set of
|
|
|
|
# custom options.
|
|
|
|
#
|
|
|
|
# Options are expanded as `'-oKey="Value"'`, so SSH will correctly interpret
|
|
|
|
# paths with spaces in them. We trust the user not to embed single or double
|
|
|
|
# quotes in the key or value.
|
|
|
|
def custom_ssh_script(options = {})
|
|
|
|
args = options.map { |k, v| %Q{'-o#{k}="#{v}"'} }.join(' ')
|
|
|
|
|
|
|
|
[
|
|
|
|
"#!/bin/sh",
|
|
|
|
"exec ssh #{args} \"$@\""
|
|
|
|
].join("\n")
|
|
|
|
end
|
|
|
|
|
|
|
|
# Known hosts data and private keys can be passed to gitlab-shell in the
|
|
|
|
# environment. If present, this method puts them into temporary files, writes
|
|
|
|
# a script that can substitute as `ssh`, setting the options to respect those
|
|
|
|
# files, and yields: { "GIT_SSH" => "/tmp/myScript" }
|
|
|
|
def setup_ssh_auth(key, known_hosts)
|
|
|
|
options = {}
|
|
|
|
|
|
|
|
if key
|
|
|
|
key_file = Tempfile.new('gitlab-shell-key-file')
|
|
|
|
key_file.chmod(0o400)
|
|
|
|
key_file.write(key)
|
|
|
|
key_file.close
|
|
|
|
|
|
|
|
options['IdentityFile'] = key_file.path
|
|
|
|
options['IdentitiesOnly'] = 'yes'
|
|
|
|
end
|
|
|
|
|
|
|
|
if known_hosts
|
|
|
|
known_hosts_file = Tempfile.new('gitlab-shell-known-hosts')
|
|
|
|
known_hosts_file.chmod(0o400)
|
|
|
|
known_hosts_file.write(known_hosts)
|
|
|
|
known_hosts_file.close
|
|
|
|
|
|
|
|
options['StrictHostKeyChecking'] = 'yes'
|
|
|
|
options['UserKnownHostsFile'] = known_hosts_file.path
|
|
|
|
end
|
|
|
|
|
|
|
|
return yield({}) if options.empty?
|
|
|
|
|
|
|
|
script = Tempfile.new('gitlab-shell-ssh-wrapper')
|
|
|
|
script.chmod(0o755)
|
|
|
|
script.write(custom_ssh_script(options))
|
|
|
|
script.close
|
|
|
|
|
|
|
|
yield('GIT_SSH' => script.path)
|
|
|
|
ensure
|
|
|
|
key_file&.close!
|
|
|
|
known_hosts_file&.close!
|
|
|
|
script&.close!
|
|
|
|
end
|
|
|
|
|
|
|
|
private
|
|
|
|
|
|
|
|
def shard_name
|
|
|
|
strong_memoize(:shard_name) do
|
|
|
|
shard_name_from_shard_path(shard_path)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def shard_name_from_shard_path(shard_path)
|
|
|
|
Gitlab.config.repositories.storages.find { |_, info| info['path'] == shard_path }&.first ||
|
|
|
|
raise(ShardNameNotFoundError, "no shard found for path '#{shard_path}'")
|
|
|
|
end
|
|
|
|
|
|
|
|
def git_import_repository(source, timeout)
|
|
|
|
# Skip import if repo already exists
|
|
|
|
return false if File.exist?(repository_absolute_path)
|
|
|
|
|
|
|
|
masked_source = mask_password_in_url(source)
|
|
|
|
|
|
|
|
logger.info "Importing project from <#{masked_source}> to <#{repository_absolute_path}>."
|
|
|
|
cmd = %W(git clone --bare -- #{source} #{repository_absolute_path})
|
|
|
|
|
|
|
|
success = run_with_timeout(cmd, timeout, nil)
|
|
|
|
|
|
|
|
unless success
|
|
|
|
logger.error("Importing project from <#{masked_source}> to <#{repository_absolute_path}> failed.")
|
|
|
|
FileUtils.rm_rf(repository_absolute_path)
|
|
|
|
return false
|
|
|
|
end
|
|
|
|
|
|
|
|
Gitlab::Git::Repository.create_hooks(repository_absolute_path, global_hooks_path)
|
|
|
|
|
|
|
|
# The project was imported successfully.
|
|
|
|
# Remove the origin URL since it may contain password.
|
|
|
|
remove_origin_in_repo
|
|
|
|
|
|
|
|
true
|
|
|
|
end
|
|
|
|
|
|
|
|
def gitaly_import_repository(source)
|
|
|
|
raw_repository = Gitlab::Git::Repository.new(shard_name, repository_relative_path, nil)
|
|
|
|
|
|
|
|
Gitlab::GitalyClient::RepositoryService.new(raw_repository).import_repository(source)
|
|
|
|
true
|
|
|
|
rescue GRPC::BadStatus => e
|
|
|
|
@output << e.message
|
|
|
|
false
|
|
|
|
end
|
|
|
|
|
|
|
|
def git_fork_repository(new_shard_path, new_repository_relative_path)
|
|
|
|
from_path = repository_absolute_path
|
|
|
|
to_path = File.join(new_shard_path, new_repository_relative_path)
|
|
|
|
|
|
|
|
# The repository cannot already exist
|
|
|
|
if File.exist?(to_path)
|
|
|
|
logger.error "fork-repository failed: destination repository <#{to_path}> already exists."
|
|
|
|
return false
|
|
|
|
end
|
|
|
|
|
|
|
|
# Ensure the namepsace / hashed storage directory exists
|
|
|
|
FileUtils.mkdir_p(File.dirname(to_path), mode: 0770)
|
|
|
|
|
|
|
|
logger.info "Forking repository from <#{from_path}> to <#{to_path}>."
|
|
|
|
cmd = %W(git clone --bare --no-local -- #{from_path} #{to_path})
|
|
|
|
|
|
|
|
run(cmd, nil) && Gitlab::Git::Repository.create_hooks(to_path, global_hooks_path)
|
|
|
|
end
|
|
|
|
|
|
|
|
def gitaly_fork_repository(new_shard_path, new_repository_relative_path)
|
|
|
|
target_repository = Gitlab::Git::Repository.new(shard_name_from_shard_path(new_shard_path), new_repository_relative_path, nil)
|
|
|
|
raw_repository = Gitlab::Git::Repository.new(shard_name, repository_relative_path, nil)
|
|
|
|
|
|
|
|
Gitlab::GitalyClient::RepositoryService.new(target_repository).fork_repository(raw_repository)
|
|
|
|
rescue GRPC::BadStatus => e
|
|
|
|
logger.error "fork-repository failed: #{e.message}"
|
|
|
|
false
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|