Commits · 2fe99f66a64ed86aebc4e840dd24d78416516c17 · nexedi / gitlab-ce

18 May, 2020 1 commit

delay PostUploadPack response until request is fully read · 2fe99f66

Sami Hiltunen authored May 13, 2020

Git and Gitaly stream upload-pack response data as soon as it is
available. Some HTTP clients do not support the response being streamed
back while the server is still reading from the request body. To avoid
this, the request was buffered in to a temporary file before passing it
to Gitaly for handling. The buffer had a maximum size of 10MB, which is
now reached by requests to large repositories. These requests were then
truncated, causing Git to fail.

This commit fixes the problem by removing the request buffering and the
maximum size. Instead, the response is buffered in to a temporary file
until the request body is fully read, thus avoiding the problem of
streaming the request and the response simultaneously.

2fe99f66

08 May, 2020 4 commits
- Update VERSION to 8.31.0 · c4f1edeb
  Alessio Caiazza authored May 08, 2020
  
  c4f1edeb
- Update CHANGELOG for 8.31.0 · 02595c58
  Alessio Caiazza authored May 08, 2020
```
[ci skip]
```
  02595c58
- Merge branch '261-10io-add-signed-params-to-file-uploads' into 'master' · fb5ddd90
  Alessio Caiazza authored May 08, 2020
```
Add a new JWT signed field for uploads

See merge request gitlab-org/gitlab-workhorse!490
```
  fb5ddd90
- Add a signed parameter in GitLabFinalizeFields · 40a18941
  David Fernandez authored Apr 21, 2020
```
It contains all the parameters generated by workhorse during a file upload
```
  40a18941
07 May, 2020 2 commits
- Merge branch 'id-refactor-artifacts-upload-test' into 'master' · 6378ac2a
  Nick Thomas authored May 07, 2020
```
Refactor internal/artifacts/artifacts_upload_test.go

See merge request gitlab-org/gitlab-workhorse!491
```
  6378ac2a
- Refactor internal/artifacts/artifacts_upload_test.go · 3dfc4a8e
  Igor Drozdov authored May 06, 2020
  
  3dfc4a8e
20 Apr, 2020 2 commits
- Merge branch 'add-default-workflow-and-rules' into 'master' · 65ce8016
  Alessio Caiazza authored Apr 20, 2020
```
Set default, workflow, and use rules in CI config

See merge request gitlab-org/gitlab-workhorse!489
```
  65ce8016
- Set default, workflow, and use rules in CI config · 515272d0
  Rémy Coutable authored Apr 17, 2020
```
Signed-off-by: Rémy Coutable <remy@rymai.me>
```
  515272d0
15 Apr, 2020 2 commits

Merge branch 'security/gitlab-issue-213139' into 'master' · 23da85f7
Alessio Caiazza authored Apr 15, 2020
```
Sign artifact multipart fields in Workhorse

See merge request gitlab-org/security/gitlab-workhorse!7
```
23da85f7

Sign artifact multipart fields in Workhorse · 28ba9f6a

Stan Hu authored Apr 15, 2020

This adds the `Gitlab-Workhorse-Multipart-Fields` HTTP header, which
contains a list of signed multipart keys, for the CI artifacts upload
endpoints. This is already done for multipart attachments but was
not done for the the CI artifacts case.

Without this header, Rails can't guarantee that the file attachments
were validated by Workhorse.

This is the Workhorse part of the solution for
https://gitlab.com/gitlab-org/gitlab/-/issues/213139. This needs to be
used by Rails:
https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/403

28ba9f6a

08 Apr, 2020 2 commits
- Merge branch 'changelog-generator' into 'master' · 1dc5c363
  Jacob Vosmaer authored Apr 08, 2020
```
Add automatic changelog generation

See merge request gitlab-org/gitlab-workhorse!484
```
  1dc5c363
- Add automatic changelog generation · f2112538
  Alessio Caiazza authored Apr 08, 2020
  
  f2112538
06 Apr, 2020 1 commit
- Merge branch 'id-testing-code-navigation' into 'master' · 91045d44
  Nick Thomas authored Apr 06, 2020
```
Include code-navigation block to CI

See merge request gitlab-org/gitlab-workhorse!482
```
  91045d44
04 Apr, 2020 2 commits
- Merge branch 'release-8-30' into 'master' · 0b04008c
  Nick Thomas authored Apr 04, 2020
```
Release v8.30.0

See merge request gitlab-org/gitlab-workhorse!483
```
  0b04008c
- Release v8.30.0 · fe6a6873
  Nick Thomas authored Apr 04, 2020
  
  fe6a6873
03 Apr, 2020 4 commits
- Merge branch 'proxy-actioncable-ws-route' into 'master' · 866610fa
  Nick Thomas authored Apr 03, 2020
```
Proxy ActionCable websocket connection

See merge request gitlab-org/gitlab-workhorse!454
```
  866610fa
- Include code-navigation block to CI · 98eb6625
  Igor Drozdov authored Apr 03, 2020
  
  98eb6625
- Add integration test for cable backend · 99d40e17
  Heinrich Lee Yu authored Mar 28, 2020
```
Tests a single backend setup and a separate cable backend setup
```
  99d40e17
- Merge branch 'add-missing-changelog-entry' into 'master' · 73d42cb5
  Alessio Caiazza authored Apr 03, 2020
```
Add a missing CHANGELOG entry

See merge request gitlab-org/gitlab-workhorse!481
```
  73d42cb5
02 Apr, 2020 3 commits
- Update docs in README · 509d9b4b
  Heinrich Lee Yu authored Mar 27, 2020
  
  509d9b4b
- Add options to configure ActionCable backend · 16b3047a
  Heinrich Lee Yu authored Mar 13, 2020
```
This is to support running the ActionCable server in a separate
process from the web server
```
  16b3047a
- Proxy ActionCable websocket connection · 2eb8d8fd
  Heinrich Lee Yu authored Jan 21, 2020
```
Had to use a simple proxy because the other ResponseWriter
wrappers do not support HiJack and we don't need those for
this route anyway
```
  2eb8d8fd
01 Apr, 2020 1 commit
- Add a missing CHANGELOG entry · 5a042d0e
  Nick Thomas authored Apr 01, 2020
  
  5a042d0e
31 Mar, 2020 3 commits
- Merge branch 'release-workhorse-8-29' into 'master' · c961c60b
  Nick Thomas authored Mar 31, 2020
```
Release Workhorse v8.29.0

See merge request gitlab-org/gitlab-workhorse!480
```
  c961c60b
- Release Workhorse v8.29.0 · 32c70229
  Nick Thomas authored Mar 31, 2020
  
  32c70229
- Merge branch 'osw-bump-labkit-version' into 'master' · 359c34ac
  Nick Thomas authored Mar 31, 2020
```
Bump Labkit version to support profiler sample versioning

See merge request gitlab-org/gitlab-workhorse!479
```
  359c34ac
30 Mar, 2020 1 commit

Bump Labkit version · 837c5ae7

Oswaldo Ferreira authored Mar 30, 2020

This version bump refers to fac94cb42 in order to
support Go Continuous Profiling with versioning.

I.e. Workhorse will provide its build version to
the profiler and it'll be presented at the Stackdriver
Profiler UI.

837c5ae7

27 Mar, 2020 1 commit

Merge branch 'jv-simplify-ci' into 'master' · bd84afad

Nick Thomas authored Mar 27, 2020

CI: stop trying to rm -rf gitaly hooks in docker container

See merge request gitlab-org/gitlab-workhorse!477

bd84afad

26 Mar, 2020 1 commit
- Merge branch 'master' of dev.gitlab.org:gitlab/gitlab-workhorse · cf6337cd
  Robert Speicher authored Mar 26, 2020
  
  cf6337cd
25 Mar, 2020 1 commit
- CI: stop trying to rm -rf gitaly hooks in docker container · a289956d
  Jacob Vosmaer authored Mar 25, 2020
  
  a289956d
23 Mar, 2020 4 commits

Merge branch 'security-193100-ignore-duplicate-multipart-params' into 'master' · 7168c2e3
Alessio Caiazza authored Mar 23, 2020
```
Reject parameters that override upload fields

See merge request gitlab-org/security/gitlab-workhorse!3
```
7168c2e3
Release v8.28.0 · 3fbf8ef2
Alessio Caiazza authored Mar 23, 2020

3fbf8ef2

Reject parameters that override upload fields · 7c324521

Markus Koller authored Mar 04, 2020

When Workhorse intercepts file uploads, we store the files and send the
information about the temporary file in new multipart form values called
`file.path`, `file.size` etc.

Since we're also copying all other multipart form values from the
original client request, it was possible to override the values we
set in Workhorse, causing Rails to e.g. load the uploaded file from
an injected `file.path` parameter.

To avoid this, we check if client parameters have the same name as any
of our own added fields and reject the request.

7c324521

Always set internally used upload fields · 75a39b0b

Markus Koller authored Mar 06, 2020

The `path` and `remote_*` fields are not always set in Workhorse
depending on the storage type, but still picked up in Rails.

To avoid injecting any client params with the same name, we just set
these fields to empty strings.

75a39b0b

20 Mar, 2020 4 commits
- Merge branch '250-pypi-object-storage-upload-route-for-package-files-2' into 'master' · 3f55999a
  Nick Thomas authored Mar 20, 2020
```
Resolve "PyPi - Object storage upload route for package files"

See merge request gitlab-org/gitlab-workhorse!474
```
  3f55999a
- Merge branch 'release-8-27' into 'master' · a6556ddd
  Jacob Vosmaer authored Mar 20, 2020
```
Release v8.27.0

See merge request gitlab-org/gitlab-workhorse!476
```
  a6556ddd
- Release v8.27.0 · 211fe633
  Ahmad Sherif authored Mar 20, 2020
  
  211fe633
- Merge branch 'delete-set-cookie-header-from-archive-raw-blob' into 'master' · 91bcaaef
  Jacob Vosmaer authored Mar 20, 2020
```
Remove Set-Cookie header from archive and raw blob responses

See merge request gitlab-org/gitlab-workhorse!475
```
  91bcaaef
19 Mar, 2020 1 commit

Remove Set-Cookie header from archive and raw blob responses · 9672e1fe

Ahmad Sherif authored Mar 18, 2020

CDNs don't cache responses with Set-Cookie header as they assume they
contain some sort of state or user-specific data, which is not the case for
raw blobs and repository archives.

This change allows GitLab installations that sit behind a CDN to benefit from its
caching feature seamlessly.

Related to https://gitlab.com/gitlab-com/gl-infra/infrastructure/issues/6829
and https://gitlab.com/gitlab-com/gl-infra/scalability/-/issues/4

9672e1fe