Commit aad6ceae authored by Marco Wessel's avatar Marco Wessel

Allow configuring protection of the default branch upon first push

parent 254d1d7a
...@@ -28,7 +28,7 @@ v 7.8.0 ...@@ -28,7 +28,7 @@ v 7.8.0
- -
- -
- -
- - Allow configuring protection of the default branch upon first push (Marco Wessel)
- -
- -
- -
......
...@@ -22,6 +22,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController ...@@ -22,6 +22,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
def application_setting_params def application_setting_params
params.require(:application_setting).permit( params.require(:application_setting).permit(
:default_projects_limit, :default_projects_limit,
:default_branch_protection,
:signup_enabled, :signup_enabled,
:signin_enabled, :signin_enabled,
:gravatar_enabled, :gravatar_enabled,
......
...@@ -4,6 +4,7 @@ ...@@ -4,6 +4,7 @@
# #
# id :integer not null, primary key # id :integer not null, primary key
# default_projects_limit :integer # default_projects_limit :integer
# default_branch_protection :integer
# signup_enabled :boolean # signup_enabled :boolean
# signin_enabled :boolean # signin_enabled :boolean
# gravatar_enabled :boolean # gravatar_enabled :boolean
...@@ -25,6 +26,7 @@ class ApplicationSetting < ActiveRecord::Base ...@@ -25,6 +26,7 @@ class ApplicationSetting < ActiveRecord::Base
def self.create_from_defaults def self.create_from_defaults
create( create(
default_projects_limit: Settings.gitlab['default_projects_limit'], default_projects_limit: Settings.gitlab['default_projects_limit'],
default_branch_protection: Settings.gitlab['default_branch_protection'],
signup_enabled: Settings.gitlab['signup_enabled'], signup_enabled: Settings.gitlab['signup_enabled'],
signin_enabled: Settings.gitlab['signin_enabled'], signin_enabled: Settings.gitlab['signin_enabled'],
gravatar_enabled: Settings.gravatar['enabled'], gravatar_enabled: Settings.gravatar['enabled'],
......
class GitPushService class GitPushService
attr_accessor :project, :user, :push_data, :push_commits attr_accessor :project, :user, :push_data, :push_commits
include Gitlab::CurrentSettings
include Gitlab::Access
# This method will be called after each git update # This method will be called after each git update
# and only if the provided user and project is present in GitLab. # and only if the provided user and project is present in GitLab.
...@@ -29,8 +31,12 @@ class GitPushService ...@@ -29,8 +31,12 @@ class GitPushService
if is_default_branch?(ref) if is_default_branch?(ref)
# Initial push to the default branch. Take the full history of that branch as "newly pushed". # Initial push to the default branch. Take the full history of that branch as "newly pushed".
@push_commits = project.repository.commits(newrev) @push_commits = project.repository.commits(newrev)
# Default branch is protected by default
project.protected_branches.create({ name: project.default_branch }) # Set protection on the default branch if configured
if (current_application_settings.default_branch_protection != PROTECTION_NONE)
developers_can_push = current_application_settings.default_branch_protection == PROTECTION_DEV_CAN_PUSH ? true : false
project.protected_branches.create({ name: project.default_branch, developers_can_push: developers_can_push })
end
else else
# Use the pushed commits that aren't reachable by the default branch # Use the pushed commits that aren't reachable by the default branch
# as a heuristic. This may include more commits than are actually pushed, but # as a heuristic. This may include more commits than are actually pushed, but
......
...@@ -25,6 +25,10 @@ ...@@ -25,6 +25,10 @@
= f.label :default_projects_limit, class: 'control-label' = f.label :default_projects_limit, class: 'control-label'
.col-sm-10 .col-sm-10
= f.number_field :default_projects_limit, class: 'form-control' = f.number_field :default_projects_limit, class: 'form-control'
.form-group
= f.label :default_branch_protection, class: 'control-label'
.col-sm-10
= f.select :default_branch_protection, options_for_select(Gitlab::Access.protection_options, @application_setting.default_branch_protection), {}, class: 'form-control'
.form-group .form-group
= f.label :home_page_url, class: 'control-label' = f.label :home_page_url, class: 'control-label'
.col-sm-10 .col-sm-10
......
...@@ -87,6 +87,7 @@ Settings['issues_tracker'] ||= {} ...@@ -87,6 +87,7 @@ Settings['issues_tracker'] ||= {}
# #
Settings['gitlab'] ||= Settingslogic.new({}) Settings['gitlab'] ||= Settingslogic.new({})
Settings.gitlab['default_projects_limit'] ||= 10 Settings.gitlab['default_projects_limit'] ||= 10
Settings.gitlab['default_branch_protection'] ||= 2
Settings.gitlab['default_can_create_group'] = true if Settings.gitlab['default_can_create_group'].nil? Settings.gitlab['default_can_create_group'] = true if Settings.gitlab['default_can_create_group'].nil?
Settings.gitlab['default_theme'] = Gitlab::Theme::MARS if Settings.gitlab['default_theme'].nil? Settings.gitlab['default_theme'] = Gitlab::Theme::MARS if Settings.gitlab['default_theme'].nil?
Settings.gitlab['host'] ||= 'localhost' Settings.gitlab['host'] ||= 'localhost'
......
class AddDefaultBranchProtectionSetting < ActiveRecord::Migration
def change
add_column :application_settings, :default_branch_protection, :integer, :default => 2
end
end
...@@ -11,13 +11,14 @@ ...@@ -11,13 +11,14 @@
# #
# It's strongly recommended that you check this file into your version control system. # It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 20150116234544) do ActiveRecord::Schema.define(version: 20150125163100) do
# These are extensions that must be enabled in order to support this database # These are extensions that must be enabled in order to support this database
enable_extension "plpgsql" enable_extension "plpgsql"
create_table "application_settings", force: true do |t| create_table "application_settings", force: true do |t|
t.integer "default_projects_limit" t.integer "default_projects_limit"
t.integer "default_branch_protection"
t.boolean "signup_enabled" t.boolean "signup_enabled"
t.boolean "signin_enabled" t.boolean "signin_enabled"
t.boolean "gravatar_enabled" t.boolean "gravatar_enabled"
......
...@@ -11,6 +11,11 @@ module Gitlab ...@@ -11,6 +11,11 @@ module Gitlab
MASTER = 40 MASTER = 40
OWNER = 50 OWNER = 50
# Branch protection settings
PROTECTION_NONE = 0
PROTECTION_DEV_CAN_PUSH = 1
PROTECTION_FULL = 2
class << self class << self
def values def values
options.values options.values
...@@ -43,6 +48,17 @@ module Gitlab ...@@ -43,6 +48,17 @@ module Gitlab
master: MASTER, master: MASTER,
} }
end end
def protection_options
{
"None" => PROTECTION_NONE,
"Protect, developers can push" => PROTECTION_DEV_CAN_PUSH,
"Full protection" => PROTECTION_FULL,
}
end
def protection_values
protection_options.values
end
end end
def human_access def human_access
......
...@@ -12,6 +12,7 @@ module Gitlab ...@@ -12,6 +12,7 @@ module Gitlab
def fake_application_settings def fake_application_settings
OpenStruct.new( OpenStruct.new(
default_projects_limit: Settings.gitlab['default_projects_limit'], default_projects_limit: Settings.gitlab['default_projects_limit'],
default_branch_protection: Settings.gitlab['default_branch_protection'],
signup_enabled: Settings.gitlab['signup_enabled'], signup_enabled: Settings.gitlab['signup_enabled'],
signin_enabled: Settings.gitlab['signin_enabled'], signin_enabled: Settings.gitlab['signin_enabled'],
gravatar_enabled: Settings.gravatar['enabled'], gravatar_enabled: Settings.gravatar['enabled'],
......
...@@ -4,6 +4,7 @@ ...@@ -4,6 +4,7 @@
# #
# id :integer not null, primary key # id :integer not null, primary key
# default_projects_limit :integer # default_projects_limit :integer
# default_branch_protection :interger
# signup_enabled :boolean # signup_enabled :boolean
# signin_enabled :boolean # signin_enabled :boolean
# gravatar_enabled :boolean # gravatar_enabled :boolean
......
...@@ -106,7 +106,7 @@ describe GitPushService do ...@@ -106,7 +106,7 @@ describe GitPushService do
it "when pushing a branch for the first time" do it "when pushing a branch for the first time" do
project.should_receive(:execute_hooks) project.should_receive(:execute_hooks)
project.default_branch.should == "master" project.default_branch.should == "master"
project.protected_branches.should_receive(:create).with({ name: "master" }) project.protected_branches.should_receive(:create).with({ name: "master", developers_can_push: false })
service.execute(project, user, @blankrev, 'newrev', 'refs/heads/master') service.execute(project, user, @blankrev, 'newrev', 'refs/heads/master')
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment