New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[18.09] gitlab fixes #49682
[18.09] gitlab fixes #49682
Conversation
@GrahamcOfBorg test gitlab |
Success on aarch64-linux (full log) Attempted: gitlab Partial log (click to expand)
|
No attempt on x86_64-darwin (full log) The following builds were skipped because they don't evaluate on x86_64-darwin: gitlab Partial log (click to expand)
|
Success on x86_64-linux (full log) Attempted: gitlab Partial log (click to expand)
|
Success on x86_64-linux (full log) Attempted: tests.gitlab Partial log (click to expand)
|
Success on aarch64-linux (full log) Attempted: tests.gitlab Partial log (click to expand)
|
Did anyone test that migrations are still working? |
(cherry picked from commit ec7cb84)
SSRF in Kubernetes integration The GitLab Kubernetes integration was vulnerable to a SSRF issue which could allow an attacker to make requests to access any internal URLs. The issue is now mitigated in the latest release and is assigned CVE-2018-18843. (cherry picked from commit 9e491f7)
86418e3
to
09a9ea3
Compare
Success on aarch64-linux (full log) Attempted: gitlab Partial log (click to expand)
|
Success on x86_64-linux (full log) Attempted: gitlab Partial log (click to expand)
|
No attempt on x86_64-darwin (full log) The following builds were skipped because they don't evaluate on x86_64-darwin: gitlab Partial log (click to expand)
|
I instantiated a nixos container with nixops on nixos-18.09 before this merge, fast-forwarder nixpkgs to it, then deployed again. The unit was restarted, and ran the migrate task in the I only did test anything outside the scope of this PR, so 11.4.3 -> 11.4.4 only, no bumps from older versions. |
I updated our production instance :) |
@globin You are right! Thanks! Sorry I wasn't around for debugging |
The tests do not work on i686 since the RAM size is a bit too large: https://hydra.nixos.org/build/83692760 We should either figure out if less RAM also works of disable it on that platform. |
I tried running with 2047 MB RAM (the maximum currently possible with i686), but ruby failed with a missing symbol somewhere (
Currently I'm inclined to disable gitlab on i686 in nixpkgs for now, while asking gitlab upstream whether their |
Upstream issue created: https://gitlab.com/gitlab-org/gitlab-ce/issues/53525 |
Since c7be9f5c (gitlab-ce), posix-spawn disappeared from Gemfile.lock. I'll have a look into 32bit support on the next release including that commit. |
Motivation for this change
This backports some of the recent gitlab improvements (fixed tests #49658, security updates #49663) to 18.09
I'd also like to merge in #49385 (but without the version bump currently present in the PR)
Things done
sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)nix path-info -S
before and after)