Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
4419d7ea
Commit
4419d7ea
authored
Mar 06, 2018
by
Nick Thomas
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Implement foreground verification of CI artifacts
parent
98c8c90e
Changes
7
Show whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
119 additions
and
0 deletions
+119
-0
changelogs/unreleased/43949-verify-job-artifacts.yml
changelogs/unreleased/43949-verify-job-artifacts.yml
+5
-0
doc/administration/raketasks/check.md
doc/administration/raketasks/check.md
+4
-0
lib/gitlab/verify/job_artifacts.rb
lib/gitlab/verify/job_artifacts.rb
+27
-0
lib/tasks/gitlab/artifacts/check.rake
lib/tasks/gitlab/artifacts/check.rake
+8
-0
spec/factories/ci/job_artifacts.rb
spec/factories/ci/job_artifacts.rb
+6
-0
spec/lib/gitlab/verify/job_artifacts_spec.rb
spec/lib/gitlab/verify/job_artifacts_spec.rb
+35
-0
spec/tasks/gitlab/artifacts/check_rake_spec.rb
spec/tasks/gitlab/artifacts/check_rake_spec.rb
+34
-0
No files found.
changelogs/unreleased/43949-verify-job-artifacts.yml
0 → 100644
View file @
4419d7ea
---
title
:
Implement foreground verification of CI artifacts
merge_request
:
17578
author
:
type
:
added
doc/administration/raketasks/check.md
View file @
4419d7ea
...
...
@@ -84,12 +84,14 @@ checks using those checksums can be run. These checks also detect missing files.
Currently, integrity checks are supported for the following types of file:
*
CI artifacts
*
LFS objects
*
User uploads
**Omnibus Installation**
```
sudo gitlab-rake gitlab:artifacts:check
sudo gitlab-rake gitlab:lfs:check
sudo gitlab-rake gitlab:uploads:check
```
...
...
@@ -97,6 +99,7 @@ sudo gitlab-rake gitlab:uploads:check
**Source Installation**
```
bash
sudo
-u
git
-H
bundle
exec
rake gitlab:artifacts:check
RAILS_ENV
=
production
sudo
-u
git
-H
bundle
exec
rake gitlab:lfs:check
RAILS_ENV
=
production
sudo
-u
git
-H
bundle
exec
rake gitlab:uploads:check
RAILS_ENV
=
production
```
...
...
@@ -112,6 +115,7 @@ Variable | Type | Description
`VERBOSE`
| boolean | Causes failures to be listed individually, rather than being summarized.
```
bash
sudo
gitlab-rake gitlab:artifacts:check
BATCH
=
100
ID_FROM
=
50
ID_TO
=
250
sudo
gitlab-rake gitlab:lfs:check
BATCH
=
100
ID_FROM
=
50
ID_TO
=
250
sudo
gitlab-rake gitlab:uploads:check
BATCH
=
100
ID_FROM
=
50
ID_TO
=
250
```
...
...
lib/gitlab/verify/job_artifacts.rb
0 → 100644
View file @
4419d7ea
module
Gitlab
module
Verify
class
JobArtifacts
<
BatchVerifier
def
name
'Job artifacts'
end
def
describe
(
object
)
"Job artifact:
#{
object
.
id
}
"
end
private
def
relation
::
Ci
::
JobArtifact
.
all
end
def
expected_checksum
(
artifact
)
artifact
.
file_sha256
end
def
actual_checksum
(
artifact
)
Digest
::
SHA256
.
file
(
artifact
.
file
.
path
).
hexdigest
end
end
end
end
lib/tasks/gitlab/artifacts/check.rake
0 → 100644
View file @
4419d7ea
namespace
:gitlab
do
namespace
:artifacts
do
desc
'GitLab | Artifacts | Check integrity of uploaded job artifacts'
task
check: :environment
do
Gitlab
::
Verify
::
RakeTask
.
run!
(
Gitlab
::
Verify
::
JobArtifacts
)
end
end
end
spec/factories/ci/job_artifacts.rb
View file @
4419d7ea
...
...
@@ -35,5 +35,11 @@ FactoryBot.define do
Rails
.
root
.
join
(
'spec/fixtures/trace/sample_trace'
),
'text/plain'
)
end
end
trait
:correct_checksum
do
after
(
:build
)
do
|
artifact
,
evaluator
|
artifact
.
file_sha256
=
Digest
::
SHA256
.
file
(
artifact
.
file
.
path
).
hexdigest
end
end
end
end
spec/lib/gitlab/verify/job_artifacts_spec.rb
0 → 100644
View file @
4419d7ea
require
'spec_helper'
describe
Gitlab
::
Verify
::
JobArtifacts
do
include
GitlabVerifyHelpers
it_behaves_like
'Gitlab::Verify::BatchVerifier subclass'
do
let!
(
:objects
)
{
create_list
(
:ci_job_artifact
,
3
,
:archive
)
}
end
describe
'#run_batches'
do
let
(
:failures
)
{
collect_failures
}
let
(
:failure
)
{
failures
[
artifact
]
}
let!
(
:artifact
)
{
create
(
:ci_job_artifact
,
:archive
,
:correct_checksum
)
}
it
'passes artifacts with the correct file'
do
expect
(
failures
).
to
eq
({})
end
it
'fails artifacts with a missing file'
do
FileUtils
.
rm_f
(
artifact
.
file
.
path
)
expect
(
failures
.
keys
).
to
contain_exactly
(
artifact
)
expect
(
failure
).
to
be_a
(
Errno
::
ENOENT
)
expect
(
failure
.
to_s
).
to
include
(
artifact
.
file
.
path
)
end
it
'fails artifacts with a mismatched checksum'
do
File
.
truncate
(
artifact
.
file
.
path
,
0
)
expect
(
failures
.
keys
).
to
contain_exactly
(
artifact
)
expect
(
failure
.
to_s
).
to
include
(
'Checksum mismatch'
)
end
end
end
spec/tasks/gitlab/artifacts/check_rake_spec.rb
0 → 100644
View file @
4419d7ea
require
'rake_helper'
describe
'gitlab:artifacts rake tasks'
do
describe
'check'
do
let!
(
:artifact
)
{
create
(
:ci_job_artifact
,
:archive
,
:correct_checksum
)
}
before
do
Rake
.
application
.
rake_require
(
'tasks/gitlab/artifacts/check'
)
stub_env
(
'VERBOSE'
=>
'true'
)
end
it
'outputs the integrity check for each batch'
do
expect
{
run_rake_task
(
'gitlab:artifacts:check'
)
}.
to
output
(
/Failures: 0/
).
to_stdout
end
it
'errors out about missing files on the file system'
do
FileUtils
.
rm_f
(
artifact
.
file
.
path
)
expect
{
run_rake_task
(
'gitlab:artifacts:check'
)
}.
to
output
(
/No such file.*
#{
Regexp
.
quote
(
artifact
.
file
.
path
)
}
/
).
to_stdout
end
it
'errors out about invalid checksum'
do
artifact
.
update_column
(
:file_sha256
,
'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
)
expect
{
run_rake_task
(
'gitlab:artifacts:check'
)
}.
to
output
(
/Checksum mismatch/
).
to_stdout
end
it
'errors out about missing checksum'
do
artifact
.
update_column
(
:file_sha256
,
nil
)
expect
{
run_rake_task
(
'gitlab:artifacts:check'
)
}.
to
output
(
/Checksum missing/
).
to_stdout
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment