BigW Consortium Gitlab
Allow specifying protected branches using wildcards Closes #18627 # Tasks - [ ] #18627 !4665 Allow specifying protected branches using wildcards - [x] Find existing usages of protected branches - Protecting branches - `ProtectedBranchesController` is used to mark a branch protected/unprotected - `API::Branches` can be used to mark a branch protected/unprotected - Enforcing branch protection - `Gitlab::GitAccess` has helpers (`can_push_to_branch?`, `check`) that are used to deny pushes if a branch is protected - Over SSH: `gitlab-shell` receives a push, and calls `/allowed` on the GitLab API, which calls `GitAccess.check` - Over HTTP: - `gitlab-workhorse` receives the request, and forwards it to rails - Rails (in the `GitHttpController#git-recieve-pack`) runs basic checks (is the user logged in, not protected branch checks) and returns ok with `GL_ID` and `RepoPath` - `gitlab-workhorse` looks at the response, and calls the relevant `gitlab-shell` action from `git-http/handlePostRPC` - Rest of this flow is the same as the SSH flow above - [x] Implementation - [x] Backend - [x] Change `project#protected_branch?` to look at wildcard protected branches - [x] Change `project#developers_can_push_to_protected_branch?` - [x] Change `project#open_branches` - [x] Better error message when creating a disallowed branch from the Web UI - [x] Frontend - [x] Protected branches page should allow typing out a wildcard pattern - [x] Add help text explaining the use of wildcards - [x] Show matching branches for each protected branch - [x] ~~On the index page~~ - [x] On a show page - [x] Index? - [x] Can't have the "last commit" column for wildcard protected branches - [x] Fix / write tests - [x] What happens if a hook is missing in dev? - [x] Refactor - [x] Test workflows - Create a branch matching a wildcard pattern - Push to a branch matching a wildcard pattern - Force push to a branch matching a wildcard pattern - Delete a branch matching a wildcard pattern - [x] Test using Web UI - [x] Test over SSH - [x] Test over HTTP - [x] Test as developer and master - [x] Investigate performance - [x] Test with a large number of protected branches / branches - [x] Paginate list of protected branches - [x] ~~Possibly rewrite `open_branches`~~ - [x] Add `iid`s to existing `ProtectedBranch`es - [x] Add documentation - [x] Add CHANGELOG entry - [x] Add screenshots - [x] Make sure [build](https://gitlab.com/gitlab-org/gitlab-ce/commit/2f753e3ed2ce681b4444944d521f4419e8ed37f7/builds) passes - [x] Assign to endboss for review - [x] Address @DouweM's comments - [x] `protected_branch_params` - [x] `exact_match` instead of `explicit_match` - [x] When would self.name be blank? - [x] Move `protected_branches.each` to a partial - [x] Move `matching_branches.each` to a partial - [x] If the branch is in @matching_branches, it's not been removed - [x] move this regex to a method and memoize it - [x] `commit_sha` directly for exact matches - [x] Number of matches for wildcard matches, with a link - [x] Wait for [build](https://gitlab.com/gitlab-org/gitlab-ce/commit/43f9ce0e88194b8f719bb1c1e656b7fc13278d56/builds) to pass - [x] Respond to @DouweM's comments - [x] Don't use iid - [x] Controller should use `@project.protected_branches.new` - [x] move the memoization to `def wildcard_regex` - [x] render with `collection: @protected_branches` - [x] Wait for [build](https://gitlab.com/gitlab-org/gitlab-ce/commit/f7beedf122fa0c7aa89e86181fe7499321fb10ca/builds) to pass - [x] Wait for @DouweM's review - [x] Wait for @jschatz1's review - [x] Respond to @jschatz1's comments - [x] Use the new dropdown style - [x] description should be moved to the description section without the styling - [x] Protect button should be disabled when no branch is selected - [x] Update screenshots - [x] Merge conflicts - [x] Make sure [build](https://gitlab.com/gitlab-org/gitlab-ce/commit/20f3cfe8d5540eab64c2ba548043d600b28c61ba/builds) passes - [ ] Revisit performance, possibly with staging/production data - [ ] Get a dump of staging / run against staging live - [ ] Get SSH access to staging - [ ] Wait for review/merge # Screenshots ## Creating wildcard protected branches ![1](/uploads/9446afccfdf6fa381e00c800dd2cc82e/1.png) ![2](/uploads/0b154503b297a818d3577488c575d845/2.png) ![3](/uploads/36217f79df9e41cc1550601f02627fe8/3.png) ![4](/uploads/041ca9bd529bcfa5373fca67e917cbcb/4.png) ### Using the `GLDropdown` component ![2016-06-30_14-16-15](/uploads/508afc2a5e2463c2954641409a560d88/2016-06-30_14-16-15.gif) ## Enforcing wildcard protected branches ### From the Web UI ![Screen_Shot_2016-06-20_at_1.21.18_PM](/uploads/8b5d4b1911e9152698a0488daf1880bc/Screen_Shot_2016-06-20_at_1.21.18_PM.png) ### Over SSH ![SSH](/uploads/7365989d7e4c406ef37b6ae5106442c9/SSH.gif) ### Over HTTPS ![HTTPS](/uploads/a7c0f56ae58efcffc75e6700fa2f4ac0/HTTPS.gif) ## Listing matching branches ![Screen_Shot_2016-06-20_at_1.33.44_PM](/uploads/d054113022f5d7ec64c0e57e501ac104/Screen_Shot_2016-06-20_at_1.33.44_PM.png) See merge request !4665
Name |
Last commit
|
Last update |
---|---|---|
.. | ||
behaviors | Loading commit data... | |
blob | Loading commit data... | |
ci | Loading commit data... | |
commit | Loading commit data... | |
extensions | Loading commit data... | |
graphs | Loading commit data... | |
lib | Loading commit data... | |
network | Loading commit data... | |
u2f | Loading commit data... | |
users | Loading commit data... | |
LabelManager.js.coffee | Loading commit data... | |
activities.js.coffee | Loading commit data... | |
admin.js.coffee | Loading commit data... | |
api.js.coffee | Loading commit data... | |
application.js.coffee | Loading commit data... | |
aside.js.coffee | Loading commit data... | |
autosave.js.coffee | Loading commit data... | |
awards_handler.coffee | Loading commit data... | |
breakpoints.coffee | Loading commit data... | |
broadcast_message.js.coffee | Loading commit data... | |
build_artifacts.js.coffee | Loading commit data... | |
commit.js.coffee | Loading commit data... | |
commits.js.coffee | Loading commit data... | |
compare.js.coffee | Loading commit data... | |
confirm_danger_modal.js.coffee | Loading commit data... | |
copy_to_clipboard.js.coffee | Loading commit data... | |
diff.js.coffee | Loading commit data... | |
dispatcher.js.coffee | Loading commit data... | |
dropzone_input.js.coffee | Loading commit data... | |
due_date_select.js.coffee | Loading commit data... | |
flash.js.coffee | Loading commit data... | |
gfm_auto_complete.js.coffee | Loading commit data... | |
gl_crop.js.coffee | Loading commit data... | |
gl_dropdown.js.coffee | Loading commit data... | |
gl_form.js.coffee | Loading commit data... | |
group_avatar.js.coffee | Loading commit data... | |
groups.js.coffee | Loading commit data... | |
groups_select.js.coffee | Loading commit data... | |
importer_status.js.coffee | Loading commit data... | |
issuable.js.coffee | Loading commit data... | |
issuable_context.js.coffee | Loading commit data... | |
issuable_form.js.coffee | Loading commit data... | |
issue.js.coffee | Loading commit data... | |
issue_status_select.js.coffee | Loading commit data... | |
issues-bulk-assignment.js.coffee | Loading commit data... | |
labels.js.coffee | Loading commit data... | |
labels_select.js.coffee | Loading commit data... | |
layout_nav.js.coffee | Loading commit data... | |
line_highlighter.js.coffee | Loading commit data... | |
logo.js.coffee | Loading commit data... | |
markdown_preview.js.coffee | Loading commit data... | |
merge_request.js.coffee | Loading commit data... | |
merge_request_tabs.js.coffee | Loading commit data... | |
merge_request_widget.js.coffee | Loading commit data... | |
merged_buttons.js.coffee | Loading commit data... | |
milestone.js.coffee | Loading commit data... | |
milestone_select.js.coffee | Loading commit data... | |
namespace_select.js.coffee | Loading commit data... | |
new_branch_form.js.coffee | Loading commit data... | |
new_commit_form.js.coffee | Loading commit data... | |
notes.js.coffee | Loading commit data... | |
notifications_dropdown.js.coffee | Loading commit data... | |
notifications_form.js.coffee | Loading commit data... | |
pager.js.coffee | Loading commit data... | |
profile.js.coffee | Loading commit data... | |
project.js.coffee | Loading commit data... | |
project_avatar.js.coffee | Loading commit data... | |
project_find_file.js.coffee | Loading commit data... | |
project_fork.js.coffee | Loading commit data... | |
project_import.js.coffee | Loading commit data... | |
project_members.js.coffee | Loading commit data... | |
project_new.js.coffee | Loading commit data... | |
project_select.js.coffee | Loading commit data... | |
project_show.js.coffee | Loading commit data... | |
projects_list.js.coffee | Loading commit data... | |
protected_branch_select.js.coffee | Loading commit data... | |
protected_branches.js.coffee | Loading commit data... | |
right_sidebar.js.coffee | Loading commit data... | |
search.js.coffee | Loading commit data... | |
search_autocomplete.js.coffee | Loading commit data... | |
shortcuts.js.coffee | Loading commit data... | |
shortcuts_blob.coffee | Loading commit data... | |
shortcuts_dashboard_navigation.js.coffee | Loading commit data... | |
shortcuts_find_file.js.coffee | Loading commit data... | |
shortcuts_issuable.coffee | Loading commit data... | |
shortcuts_navigation.coffee | Loading commit data... | |
shortcuts_network.js.coffee | Loading commit data... | |
sidebar.js.coffee | Loading commit data... | |
star.js.coffee | Loading commit data... | |
subscription.js.coffee | Loading commit data... | |
syntax_highlight.coffee | Loading commit data... | |
todos.js.coffee | Loading commit data... | |
tree.js.coffee | Loading commit data... | |
user.js.coffee | Loading commit data... | |
user_tabs.js.coffee | Loading commit data... | |
users_select.js.coffee | Loading commit data... | |
wikis.js.coffee | Loading commit data... | |
zen_mode.js.coffee | Loading commit data... |