Merge branch 'skip_git_hooks_for_git_annex' into 'master'

Skip git hooks for git annex Fixes gitlab-org/gitlab-ee#40 Introduces a config change in gitlab.yml. Config is a duplicate of what we already provide, see [explanation](https://gitlab.com/gitlab-org/gitlab-ee/issues/40#note_3288720) and [conclusion](https://gitlab.com/gitlab-org/gitlab-ee/issues/40#note_3294036). See merge request !129

Merge branch 'skip_git_hooks_for_git_annex' into 'master'
Skip git hooks for git annex Fixes gitlab-org/gitlab-ee#40 Introduces a config change in gitlab.yml. Config is a duplicate of what we already provide, see [explanation](https://gitlab.com/gitlab-org/gitlab-ee/issues/40#note_3288720) and [conclusion](https://gitlab.com/gitlab-org/gitlab-ee/issues/40#note_3294036). See merge request !129
fb71b01c · Robert Speicher · d8adce0c · f35cfe59 · fb71b01c · fb71b01c
Commit fb71b01c authored Jan 20, 2016 by Robert Speicher
4 changed files
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -496,6 +496,11 @@ production: &base
    # If you use non-standard ssh port you need to specify it
    # ssh_port: 22

+    # git-annex support (EE only)
+    # If this setting is set to true, the same setting in config.yml of
+    # gitlab-shell needs to be set to true
+    # git_annex_enabled: false
+
  ## Git settings
  # CAUTION!
  # Use the default values unless you really know what you are doing

--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -342,6 +342,7 @@ Settings.gitlab_shell['ssh_port']     ||= 22
 Settings.gitlab_shell['ssh_user']     ||= Settings.gitlab.user
 Settings.gitlab_shell['owner_group']  ||= Settings.gitlab.user
 Settings.gitlab_shell['ssh_path_prefix'] ||= Settings.send(:build_gitlab_shell_ssh_path_prefix)
+Settings.gitlab_shell['git_annex_enabled'] ||= false

 #
 # Backup

--- a/lib/gitlab/git_access.rb
+++ b/lib/gitlab/git_access.rb
@@ -85,6 +85,8 @@ module Gitlab
    end

    def push_access_check(changes)
+      return build_status_object(true) if git_annex_branch_sync?(changes)
+
      if user
        user_push_access_check(changes)
      elsif deploy_key
@@ -325,5 +327,23 @@ module Gitlab
        build_status_object(false, "You don't have permission")
      end
    end
+
+    def git_annex_branch_sync?(changes)
+      return false unless Gitlab.config.gitlab_shell.git_annex_enabled
+      return false if changes.blank?
+
+      changes = changes.lines if changes.kind_of?(String)
+
+      # Iterate over all changes to find if user allowed all of them to be applied
+      # 0000000000000000000000000000000000000000 3073696294ddd52e9e6b6fc3f429109cac24626f refs/heads/synced/git-annex
+      # 0000000000000000000000000000000000000000 65be9df0e995d36977e6d76fc5801b7145ce19c9 refs/heads/synced/master
+      changes.map(&:strip).reject(&:blank?).each do |change|
+        unless change.end_with?("refs/heads/synced/git-annex") || change.include?("refs/heads/synced/")
+          return false
+        end
+      end
+
+      true
+    end
  end
 end
--- a/spec/lib/gitlab/git_access_spec.rb
+++ b/spec/lib/gitlab/git_access_spec.rb
@@ -5,6 +5,10 @@ describe Gitlab::GitAccess, lib: true do
  let(:project) { create(:project) }
  let(:user) { create(:user) }
  let(:actor) { user }
+  let(:git_annex_changes) do
+    ["6f6d7e7ed97bb5f0054f2b1df789b39ca89b6ff9 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/synced/git-annex",
+     "6f6d7e7ed97bb5f0054f2b1df789b39ca89b6ff9 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/synced/named-branch"]
+  end

  describe 'can_push_to_branch?' do
    describe 'push to none protected branch' do
@@ -244,6 +248,65 @@ describe Gitlab::GitAccess, lib: true do
        end
      end
    end
+
+    context "when using git annex" do
+      before { project.team << [user, :master] }
+
+      describe 'and git hooks unset' do
+        describe 'git annex enabled' do
+          before { allow(Gitlab.config.gitlab_shell).to receive(:git_annex_enabled).and_return(true) }
+
+          it { expect(access.push_access_check(git_annex_changes)).to be_allowed }
+        end
+
+        describe 'git annex disabled' do
+          before { allow(Gitlab.config.gitlab_shell).to receive(:git_annex_enabled).and_return(false) }
+
+          it { expect(access.push_access_check(git_annex_changes)).to be_allowed }
+        end
+      end
+
+      describe 'and git hooks set' do
+        before { project.create_git_hook }
+
+        describe 'check commit author email' do
+          before do
+            project.git_hook.update(author_email_regex: "@only.com")
+          end
+
+          describe 'git annex enabled' do
+            before { allow(Gitlab.config.gitlab_shell).to receive(:git_annex_enabled).and_return(true) }
+
+            it { expect(access.push_access_check(git_annex_changes)).to be_allowed }
+          end
+
+          describe 'git annex disabled' do
+            before { allow(Gitlab.config.gitlab_shell).to receive(:git_annex_enabled).and_return(false) }
+
+            it { expect(access.push_access_check(git_annex_changes)).to_not be_allowed }
+          end
+        end
+
+        describe 'check commit author email' do
+          before do
+            allow_any_instance_of(Gitlab::Git::Blob).to receive(:size).and_return(5.megabytes.to_i)
+            project.git_hook.update(max_file_size: 2)
+          end
+
+          describe 'git annex enabled' do
+            before { allow(Gitlab.config.gitlab_shell).to receive(:git_annex_enabled).and_return(true) }
+
+            it { expect(access.push_access_check(git_annex_changes)).to be_allowed }
+          end
+
+          describe 'git annex disabled' do
+            before { allow(Gitlab.config.gitlab_shell).to receive(:git_annex_enabled).and_return(false) }
+
+            it { expect(access.push_access_check(git_annex_changes)).to_not be_allowed }
+          end
+        end
+      end
+    end
  end

  describe "git_hook_check" do