Override WORKHORSE_URL to check security mirror

With the vendoring of workhorse, our CI checks if the content of /workhorse matches the workhorse repository tagged with /GITLAB_WORKHORSE_VERSION. During a security release, this check may fail because the repository is hardcoded. With this commit we override such value with the environment variable GITLAB_WORKHORSE_URL that is already in use in our RSpec suite.

Override WORKHORSE_URL to check security mirror
With the vendoring of workhorse, our CI checks if the content of /workhorse matches the workhorse repository tagged with /GITLAB_WORKHORSE_VERSION. During a security release, this check may fail because the repository is hardcoded. With this commit we override such value with the environment variable GITLAB_WORKHORSE_URL that is already in use in our RSpec suite.
8b857769 · Alessio Caiazza · c8202729 · 8b857769
Commit 8b857769 authored Dec 03, 2020 by Alessio Caiazza
Show whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

scripts/update-workhorse scripts/update-workhorse +2 -1

No files found.
--- a/scripts/update-workhorse
+++ b/scripts/update-workhorse
@@ -2,6 +2,7 @@
 set -e
 WORKHORSE_DIR=workhorse/
 WORKHORSE_REF="v$(cat GITLAB_WORKHORSE_VERSION)"
+WORKHORSE_URL=${GITLAB_WORKHORSE_URL:-https://gitlab.com/gitlab-org/gitlab-workhorse.git}
 if [ $# -gt 1 ] || ([ $# = 1 ] && [ x$1 != xcheck ]); then
  echo "Usage: update-workhorse [check]"
@@ -15,7 +16,7 @@ if [ -n "$clean" ] ; then
  exit 1
 fi
-git fetch https://gitlab.com/gitlab-org/gitlab-workhorse.git "$WORKHORSE_REF"
+git fetch "$WORKHORSE_URL" "$WORKHORSE_REF"
 git rm -rf --quiet -- "$WORKHORSE_DIR"
 git read-tree --prefix="$WORKHORSE_DIR" -u FETCH_HEAD