Skip to content

Commit 3e873ea

Browse files
ErinaInitErinaInit
committed
upgrade to 17.3.4
1 parent 34449af commit 3e873ea

File tree

3 files changed

+64
-34
lines changed

3 files changed

+64
-34
lines changed

.gitlab-version

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
17.2.1
1+
17.3.4

Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
FROM ghcr.io/rtxux/gitlab:17.2.1
1+
FROM ghcr.io/rtxux/gitlab:17.3.4
22

33
# Override files
44
COPY assets/runtime/config/gitlabhq/gitlab.yml ${GITLAB_RUNTIME_DIR}/config/gitlabhq/gitlab.yml

assets/runtime/functions

Lines changed: 62 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -351,6 +351,10 @@ gitlab_configure_gitaly() {
351351
gitlab_configure_monitoring() {
352352
echo "Configuring gitlab::monitoring..."
353353

354+
if [ "${GITLAB_MONITORING_IP_WHITELIST}" == "" ]; then
355+
exec_as_git sed -i "/{{GITLAB_MONITORING_IP_WHITELIST}}/d" ${GITLAB_CONFIG}
356+
fi
357+
354358
update_template ${GITLAB_CONFIG} \
355359
GITLAB_MONITORING_UNICORN_SAMPLER_INTERVAL \
356360
GITLAB_MONITORING_IP_WHITELIST \
@@ -705,28 +709,30 @@ gitlab_configure_oauth_saml() {
705709
fi
706710
}
707711

708-
# gitlab_configure_oauth2_generic() {
709-
# if [[ -n ${OAUTH2_GENERIC_APP_ID} && \
710-
# -n ${OAUTH2_GENERIC_APP_SECRET} ]]; then
711-
# echo "Configuring gitlab::oauth::generic..."
712-
# OAUTH_ENABLED=${OAUTH_ENABLED:-true}
713-
# update_template ${GITLAB_CONFIG} \
714-
# OAUTH2_GENERIC_APP_ID \
715-
# OAUTH2_GENERIC_APP_SECRET \
716-
# OAUTH2_GENERIC_CLIENT_SITE \
717-
# OAUTH2_GENERIC_CLIENT_USER_INFO_URL \
718-
# OAUTH2_GENERIC_CLIENT_AUTHORIZE_URL \
719-
# OAUTH2_GENERIC_CLIENT_TOKEN_URL \
720-
# OAUTH2_GENERIC_CLIENT_END_SESSION_ENDPOINT \
721-
# OAUTH2_GENERIC_ID_PATH \
722-
# OAUTH2_GENERIC_USER_UID \
723-
# OAUTH2_GENERIC_USER_NAME \
724-
# OAUTH2_GENERIC_USER_EMAIL \
725-
# OAUTH2_GENERIC_NAME
726-
# else
727-
# exec_as_git sed -i "/name: 'oauth2_generic'/,/{{OAUTH2_GENERIC_NAME}}/d" ${GITLAB_CONFIG}
728-
# fi
729-
# }
712+
gitlab_configure_oauth2_generic() {
713+
if [[ -n ${OAUTH2_GENERIC_APP_ID} && \
714+
-n ${OAUTH2_GENERIC_APP_SECRET} ]]; then
715+
echo "Configuring gitlab::oauth::generic..."
716+
OAUTH_ENABLED=${OAUTH_ENABLED:-true}
717+
update_template ${GITLAB_CONFIG} \
718+
OAUTH2_GENERIC_APP_ID \
719+
OAUTH2_GENERIC_APP_SECRET \
720+
OAUTH2_GENERIC_CLIENT_SITE \
721+
OAUTH2_GENERIC_CLIENT_USER_INFO_URL \
722+
OAUTH2_GENERIC_CLIENT_AUTHORIZE_URL \
723+
OAUTH2_GENERIC_CLIENT_TOKEN_URL \
724+
OAUTH2_GENERIC_CLIENT_END_SESSION_ENDPOINT \
725+
OAUTH2_GENERIC_ID_PATH \
726+
OAUTH2_GENERIC_USER_UID \
727+
OAUTH2_GENERIC_USER_NAME \
728+
OAUTH2_GENERIC_USER_EMAIL \
729+
OAUTH2_GENERIC_AUTHORIZE_PARAMS_SCOPE \
730+
OAUTH2_GENERIC_LABEL \
731+
OAUTH2_GENERIC_NAME
732+
else
733+
exec_as_git sed -i "/name: 'oauth2_generic'/,/{{OAUTH2_GENERIC_NAME}}/d" ${GITLAB_CONFIG}
734+
fi
735+
}
730736

731737
gitlab_configure_oauth_crowd() {
732738
if [[ -n ${OAUTH_CROWD_SERVER_URL} && \
@@ -778,7 +784,7 @@ gitlab_configure_oauth_azure() {
778784
gitlab_configure_oauth2_generic_ustc() {
779785
if [[ -n ${OAUTH2_GENERIC_USTC_APP_ID} && \
780786
-n ${OAUTH2_GENERIC_USTC_APP_SECRET} ]]; then
781-
echo "Configuring gitlab::oauth::generic_ustc..."
787+
echo "Configuring gitlab::oauth::generic..."
782788
OAUTH_ENABLED=${OAUTH_ENABLED:-true}
783789
update_template ${GITLAB_CONFIG} \
784790
OAUTH2_GENERIC_USTC_APP_ID \
@@ -830,11 +836,11 @@ gitlab_configure_oauth() {
830836
gitlab_configure_oauth_gitlab
831837
gitlab_configure_oauth_bitbucket
832838
gitlab_configure_oauth_saml
833-
# gitlab_configure_oauth2_generic
839+
gitlab_configure_oauth2_generic
834840
gitlab_configure_oauth_crowd
835841
gitlab_configure_oauth_auth0
836842
gitlab_configure_oauth_azure
837-
gitlab_configure_oauth2_generic_ustc
843+
gitlab_configure_oauth_azure_ad_v2
838844
gitlab_configure_oauth_oidc
839845

840846
OAUTH_ENABLED=${OAUTH_ENABLED:-false}
@@ -845,7 +851,8 @@ gitlab_configure_oauth() {
845851
OAUTH_AUTO_LINK_LDAP_USER \
846852
OAUTH_AUTO_LINK_SAML_USER \
847853
OAUTH_AUTO_LINK_USER \
848-
OAUTH_EXTERNAL_PROVIDERS
854+
OAUTH_EXTERNAL_PROVIDERS \
855+
OAUTH_ALLOW_BYPASS_TWO_FACTOR
849856

850857
case ${OAUTH_AUTO_SIGN_IN_WITH_PROVIDER} in
851858
cas3|google_oauth2|facebook|twitter|github|gitlab|bitbucket|saml|crowd|azure_oauth2|azure_activedirectory_v2|oauth2_generic|$OAUTH2_GENERIC_NAME|oidc)
@@ -1097,6 +1104,24 @@ gitlab_configure_analytics() {
10971104

10981105
gitlab_configure_rack_attack() {
10991106
echo "Configuring gitlab::rack_attack..."
1107+
1108+
# validity check : RACK_ATTACK_WHITELIST should be an array of valid IP Address string
1109+
echo " Validating RACK_ATTACK_WHITELIST..."
1110+
/usr/bin/env ruby << SCRIPT
1111+
require 'ipaddr'
1112+
${RACK_ATTACK_WHITELIST}.each do |host|
1113+
begin
1114+
printf(" input=%s, to_range=%s\n", host, IPAddr.new(host).to_range)
1115+
rescue IPAddr::InvalidAddressError => e
1116+
p e
1117+
exit 1
1118+
rescue => e
1119+
put "Unexpected error", e
1120+
exit 1
1121+
end
1122+
end
1123+
SCRIPT
1124+
11001125
update_template ${GITLAB_CONFIG} \
11011126
RACK_ATTACK_ENABLED \
11021127
RACK_ATTACK_WHITELIST \
@@ -1672,7 +1697,12 @@ initialize_datadir() {
16721697
chmod u+rwX ${GITLAB_SHARED_DIR}/ci_secure_files
16731698
chown ${GITLAB_USER}: ${GITLAB_SHARED_DIR}/ci_secure_files
16741699

1675-
# create attifacts dir
1700+
# create external-diffs dir
1701+
mkdir -p ${GITLAB_SHARED_DIR}/external-diffs
1702+
chmod u+rwX ${GITLAB_SHARED_DIR}/external-diffs
1703+
chown ${GITLAB_USER}: ${GITLAB_SHARED_DIR}/external-diffs
1704+
1705+
# create artifacts dir
16761706
mkdir -p ${GITLAB_ARTIFACTS_DIR}
16771707
chmod u+rwX ${GITLAB_ARTIFACTS_DIR}
16781708
chown ${GITLAB_USER}: ${GITLAB_ARTIFACTS_DIR}
@@ -1832,13 +1862,13 @@ generate_healthcheck_script() {
18321862
# configure healthcheck script
18331863
## https://docs.gitlab.com/ee/user/admin_area/monitoring/health_check.html
18341864
local HEALTHCHECK_PROTOCOL="http"
1835-
if [[ "${GITLAB_HTTPS}" == true ]]; then
1865+
if [[ "${GITLAB_HTTPS}" == true && "${SSL_SELF_SIGNED}" == false ]]; then
18361866
HEALTHCHECK_PROTOCOL="${HEALTHCHECK_PROTOCOL}s"
18371867
fi
18381868
cat > /usr/local/sbin/healthcheck <<EOF
18391869
#!/bin/bash
1840-
url=${HEALTHCHECK_PROTOCOL}://localhost${GITLAB_RELATIVE_URL_ROOT}/-/liveness
1841-
options=( '--insecure' '--location' '--silent' )
1870+
url=${HEALTHCHECK_PROTOCOL}://127.0.0.1${GITLAB_RELATIVE_URL_ROOT}/-/liveness
1871+
options=( '--insecure' '--silent' )
18421872
curl "\${options[@]}" \$url
18431873
[[ "\$(curl \${options[@]} -o /dev/null -I -w '%{http_code}' \$url)" == "200" ]]
18441874
EOF
@@ -2014,6 +2044,7 @@ configure_gitlab() {
20142044
rm -rf ${GITLAB_INSTALL_DIR}/tmp/sockets/gitlab.socket
20152045
}
20162046

2047+
# feature flags are recorded to database (schema "application_settings") so requires DB is (at least) initialized
20172048
gitlab_configure_feature_flags() {
20182049
echo "Configuring gitlab::feature_flags..."
20192050

@@ -2228,10 +2259,9 @@ migrate_database() {
22282259
mkdir -p ${GITLAB_HOME}/gitlab/node_modules
22292260
chown -R ${GITLAB_USER}: ${GITLAB_HOME}/gitlab/node_modules
22302261
fi
2231-
echo "Prepare recomplie assets... Installing missing node_modules for assets"
2262+
echo "Prepare recompile assets... Installing missing node_modules for assets"
22322263
chown -R ${GITLAB_USER}: ${GITLAB_HOME}/gitlab/node_modules
22332264
exec_as_git yarn install --production --pure-lockfile
2234-
exec_as_git yarn add ajv@^4.0.0
22352265
echo "Recompiling assets (relative_url in use), this could take a while..."
22362266
exec_as_git bundle exec rake gitlab:assets:compile NODE_OPTIONS="--max-old-space-size=4096" >/dev/null 2>&1
22372267
fi

0 commit comments

Comments
 (0)