diff --git a/.circleci/config.yml b/.circleci/config.yml new file mode 100644 index 00000000..f8fef58e --- /dev/null +++ b/.circleci/config.yml @@ -0,0 +1,93 @@ +version: 2 +jobs: + shellcheck: + docker: + - image: nlknguyen/alpine-shellcheck:v0.4.6 + steps: + - checkout + - run: + name: Check Docker Hub Hooks + command: | + find hooks -type f | wc -l + find hooks -type f | xargs shellcheck -e SC2086 --external-sources + - run: + name: Check Scripts + command: | + find . -type f -name '*.sh' | wc -l + find . -type f -name '*.sh' | xargs shellcheck -e SC2086 -e SC1090 --external-sources + + build: + docker: + - image: circleci/golang:1-stretch-browsers-legacy + environment: + IMAGE_NAME: "sameersbn/gitlab" + + steps: + - checkout + + - setup_remote_docker: + version: 18.03.1-ce + + - run: + name: Docker info + command: | + docker version + docker info + + - restore_cache: + keys: + - cache-v2-{{ .Branch }} + paths: + - /tmp/cache/layers.tar + + - run: + name: Loading docker cache + command: | + if [[ -f /tmp/cache/layers.tar ]]; then + echo "Loading cache ..." + docker load -i /tmp/cache/layers.tar + docker image ls + else + echo "Couldn't find any caches" + fi + + - run: + name: Build docker image + command: | + docker build \ + --pull \ + --cache-from=${IMAGE_NAME} \ + --build-arg BUILD_DATE="$(date +"%Y-%m-%d %H:%M:%S%:z")" \ + --build-arg VCS_REF=$(git rev-parse --short HEAD) \ + -t ${IMAGE_NAME}:$(cat VERSION) . + no_output_timeout: 60m + + - run: + name: Launching container for testing + command: | + docker-compose up -d + sleep 180 + + - run: + name: Testing image + command: | + docker run --network container:$(docker-compose ps -q gitlab) \ + appropriate/curl --retry 15 --retry-delay 5 --retry-connrefused http://localhost/explore + + - run: + name: Generate docker build image cache + command: | + mkdir -p /tmp/cache/ + docker save -o /tmp/cache/layers.tar ${IMAGE_NAME} + + - save_cache: + key: cache-v2-{{ .Branch }} + paths: + - /tmp/cache/layers.tar + +workflows: + version: 2 + build-and-test: + jobs: + - shellcheck + - build diff --git a/.gitignore b/.gitignore index eb601196..23a34d32 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,3 @@ *.gem *.tar.gz -docker-compose.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 07ba61db..5e7b1798 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,59 @@ -image: docker:dind +image: docker:18-git -deploy: +stages: + - build + +before_script: + - export VERSION=$(cat VERSION) + - export CI_REGISTRY=${CI_REGISTRY:-hub.docker.com} + - export CI_REGISTRY_USER=${CI_REGISTRY_USER:-gitlab-ci-token} + - export CI_REGISTRY_PASSWORD=${CI_REGISTRY_PASSWORD:-${CI_JOB_TOKEN}} + - export DOCKER_IMAGE=${DOCKER_IMAGE:-${CI_REGISTRY}/${CI_PROJECT_PATH}} + - | + if [ "${DOCKER_IMAGE}" = "/" ]; then + export DOCKER_IMAGE=sameersbn/gitlab + fi + +docker:build: + stage: build + only: + - master script: - - ci/gitlab + - docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY} + - docker build + --pull + --cache-from=${DOCKER_IMAGE} + --build-arg=VCS_REF=$(git rev-parse --short HEAD) + --build-arg=BUILD_DATE="$(date +"%Y-%m-%d %H:%M:%S%:z")" + --tag ${DOCKER_IMAGE} . + - docker push ${DOCKER_IMAGE} + +docker:build:branches: + stage: build + only: + - branches + except: + - master + script: + - docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY} + - docker build + --pull + --cache-from=${DOCKER_IMAGE}:${CI_COMMIT_REF_SLUG} + --build-arg=VCS_REF=$(git rev-parse --short HEAD) + --build-arg=BUILD_DATE="$(date +"%Y-%m-%d %H:%M:%S%:z")" + --tag ${DOCKER_IMAGE}:${CI_COMMIT_REF_SLUG} . + - docker push ${DOCKER_IMAGE}:${CI_COMMIT_REF_SLUG} + +docker:build:release: + stage: build + only: + - tags + script: + - docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY} + - docker build + --pull + --cache-from=${DOCKER_IMAGE}:${VERSION} + --build-arg=VCS_REF=$(git rev-parse --short HEAD) + --build-arg=BUILD_DATE="$(date +"%Y-%m-%d %H:%M:%S%:z")" + --tag ${DOCKER_IMAGE}:${VERSION} . + - docker push ${DOCKER_IMAGE}:${VERSION} diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 61c89824..00000000 --- a/.travis.yml +++ /dev/null @@ -1,9 +0,0 @@ -sudo: required - -language: bash - -services: - - docker - -script: - - docker build -t sammeersbn/gitlab . diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 00000000..dbb5cdb4 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,12 @@ +# GitLab-CI Configuration + +When using your own gitlab instance, the provided .gitlab-ci.yml will be automatically be using the settings provided by the GitLab Instance. If needed several options can be overriden. + +Overrides for these values can be set within the project, under `Settings` -> `CI/CD` -> `Variables`. + +| Variable | Default Value | Description | +| ---------------------- | ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| `CI_REGISTRY` | `hub.docker.com` | If available this will be automatically overriden by registry address which is configured within the GitLab instance | +| `CI_REGISTRY_USER` | `gitlab-ci-token` | Username for the registry | +| `CI_REGISTRY_PASSWORD` | `${CI_JOB_TOKEN}` | Password for the registry | +| `DOCKER_IMAGE` | `sameersbn/gitlab` | Docker image name, will be automatically be overriden by the running GitLab instance with the `${CI_PROJECT_PATH}` variable. This will case the image to be uploaded to the local registry of the project within GitLab. | diff --git a/Changelog.md b/Changelog.md index 00be9108..f13d9541 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,7 +1,488 @@ # Changelog This file only reflects the changes that are made in this image. Please refer to the upstream GitLab [CHANGELOG]( -https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG.md) for the list of changes in GitLab. +https://gitlab.com/gitlab-org/gitlab-foss/blob/master/CHANGELOG.md) for the list of changes in GitLab. + +**12.5.5** +- gitlab: upgrade CE to v12.5.5 + +**12.5.4** +- gitlab: upgrade CE to v12.5.4 +- Update golang to 1.12.14 + +**12.5.3** +- gitlab: upgrade CE to v12.5.3 + +**12.5.2** +- gitlab: upgrade CE to v12.5.2 + +**12.5.1** +- gitlab: upgrade CE to v12.5.1 + +**12.5.0** +- gitlab: upgrade CE to v12.5.0 + +**12.4.3** +- gitlab: upgrade CE to v12.4.3 + +**12.4.2** +- gitlab: upgrade CE to v12.4.2 + +**12.4.1** +- gitlab: upgrade CE to v12.4.1 + +**12.4.0** +- gitlab: upgrade CE to v12.4.0 + +**12.3.5** +- gitlab: upgrade CE to v12.3.5 + +**12.3.4** +- gitlab: upgrade CE to v12.3.4 + +**12.3.3** +- gitlab: upgrade CE to v12.3.3 + +**12.3.2** +- gitlab: upgrade CE to v12.3.2 + +**12.3.1** +- gitlab: upgrade CE to v12.3.1 + +**12.3.0** +- gitlab: upgrade CE to v12.3.0 + +**12.2.5** +- gitlab: upgrade CE to v12.2.5 + +**12.2.4** +- gitlab: upgrade CE to v12.2.4 + +**12.2.3** +- gitlab: upgrade CE to v12.2.3 + +**12.2.1** +- gitlab: upgrade CE to v12.2.1 + +**12.2.0** +- gitlab: upgrade CE to v12.2.0 +- upgrade base image to ubuntu:bionic + +**12.1.6** +- gitlab: upgrade CE to v12.1.6 + +**12.1.4** +- gitlab: upgrade CE to v12.1.4 + +**12.1.3** +- gitlab: upgrade CE to v12.1.3 + +**12.1.2** +- gitlab: upgrade CE to v12.1.2 + +**12.1.1** +- gitlab: upgrade CE to v12.1.1 + +**12.1.0** +- gitlab: upgrade CE to v12.1.0 +- Removed MySQL related information and packages. GitLab v12.1.X or greater requires only PostgreSQL. Do an Migration before upgrading to v12.1.X. For more Information have a look at the [Migration Guide](https://docs.gitlab.com/ce/update/mysql_to_postgresql.html) + +**12.0.4** +- gitlab: upgrade CE to v12.0.4 + +**12.0.3** +- gitlab: upgrade CE to v12.0.3 + +**12.0.2** +- gitlab: upgrade CE to v12.0.2 + +**12.0.1** +- gitlab: upgrade CE to v12.0.1 + +**12.0.0** +- gitlab: upgrade CE to v12.0.0 +- Update gitaly to 1.47.0 +- Update gitlab-shell to 9.3.0 +- Update gitlab-pages to 1.6.1 +- ruby: update to 2.6 +- python: update to 3 + +**11.11.3** +- gitlab: upgrade CE to v11.11.3 +- Update gitaly to 1.42.4 +- Update golang to 1.12.6 + +**11.11.2** +- gitlab: upgrade CE to v11.11.2 +- Update gitaly to 1.42.3 + +**11.11.1** +- gitlab: upgrade CE to v11.11.1 +- Update gitaly to 1.42.2 + +**11.11.0** +- gitlab: upgrade CE to v11.11.0 +- Update gitaly to 1.42.0 +- Update gitlab-shell to 9.1.0 +- Update gitlab-workhorse to 8.7.0 + +**11.10.4** +- gitlab: upgrade CE to v11.10.4 + +**11.10.3** +- gitlab: upgrade CE to v11.10.3 + +**11.10.2** +- gitlab: upgrade CE to v11.10.2 + +**11.10.1** +- gitlab: upgrade CE to v11.10.1 + +**11.10.0** +- gitlab: upgrade CE to v11.10.0 + +**11.9.8** +- gitlab: upgrade CE to v11.9.8 + +**11.9.7** +- gitlab: upgrade CE to v11.9.7 + +**11.9.6** +- gitlab: upgrade CE to v11.9.6 + +**11.9.5** +- gitlab: upgrade CE to v11.9.5 + +**11.9.4** +- gitlab: upgrade CE to v11.9.4 +- Update gitlab-workhorse to 8.3.3 + +**11.9.1** +- gitlab: upgrade CE to v11.9.1 +- Update gitaly to 1.27.1 + +**11.9.0** +- gitlab: upgrade CE to v11.9.0 + +**11.8.3** +- gitlab: upgrade CE to v11.8.3 + +**11.8.2** +- gitlab: upgrade CE to v11.8.2 + +**11.8.1** +- gitlab: upgrade CE to v11.8.1 + +**11.8.0** +- gitlab: upgrade CE to v11.8.0 +- Update gitlab-workhorse to 8.3.1 +- Update gitaly to 1.20.0 +- Update gitlab-pages to 1.5.0 + +**11.7.5** +- gitlab: upgrade CE to v11.7.5 + +**11.7.4** +- gitlab: upgrade CE to v11.7.4 + +**11.7.3** +- gitlab: upgrade CE to v11.7.3 +- Update gitlab-workhorse to 8.1.1 +- Update gitaly to 1.13.0 +- Update gitlab-pages to 1.4.0 + +**11.7.0** +- gitlab: upgrade CE to v11.7.0 + +**11.6.5** +- gitlab: upgrade CE to v11.6.5 + +**11.6.4** +- gitlab: upgrade CE to v11.6.4 + +**11.6.3** +- gitlab: upgrade CE to v11.6.3 + +**11.6.2** +- gitlab: upgrade CE to v11.6.2 + +**11.6.1** +- gitlab: upgrade CE to v11.6.1 +- Added `GITLAB_IMPERSONATION_ENABLED` +- Added `OAUTH_SAML_ATTRIBUTE_STATEMENTS_USERNAME` +- Added `GITLAB_PAGES_ACCESS_CONTROL_SERVER` +- Added `GITLAB_PAGES_ACCESS_CLIENT_ID` +- Added `GITLAB_PAGES_ACCESS_CLIENT_SECRET` +- Added `GITLAB_PAGES_ACCESS_SECRET` +- Added `GITLAB_PAGES_ACCESS_REDIRECT_URI` + +**11.6.0** +- gitlab: upgrade CE to v11.6.0 +- Update gitaly to 1.7.1 +- Update gitlab-shell to 8.4.3 +- Update gitlab-workhorse to 7.6.0 +- Update golang to 1.11.4 +- Added `LDAP_USER_ATTRIBUTE_USERNAME` +- Added `LDAP_USER_ATTRIBUTE_MAIL` +- Added `LDAP_USER_ATTRIBUTE_NAME` +- Added `LDAP_USER_ATTRIBUTE_FIRSTNAME` +- Added `LDAP_USER_ATTRIBUTE_LASTNAME` +- Added `GITLAB_BACKUP_DIR_CHOWN` +- Added `GITLAB_BACKUP_DIR_GROUP` +- Added `GITLAB_PAGES_NGINX_PROXY` + +**11.5.5** +- gitlab: upgrade CE to v11.5.5 + +**11.5.4** +- gitlab: upgrade CE to v11.5.4 + +**11.5.3** +- gitlab: upgrade CE to v11.5.3 + +**11.5.2** +- gitlab: upgrade CE to v11.5.2 + +**11.5.1-1** +- Fixed GitLab Dependencies + +**11.5.1** +- gitlab: upgrade CE to v11.5.1 + +**11.5.0** +- gitlab: upgrade CE to v11.5.0 + +**11.4.7** +- gitlab: upgrade CE to v11.4.7 + +**11.4.6** +- gitlab: upgrade CE to v11.4.6 + +**11.4.5** +- gitlab: upgrade CE to v11.4.5 + +**11.4.4** +- gitlab: upgrade CE to v11.4.4 +- golang: update to 1.10.4 + +**11.4.3** +- gitlab: upgrade CE to v11.4.3 + +**11.4.2** +- gitlab: upgrade CE to v11.4.2 + +**11.4.1** +- gitlab: upgrade CE to v11.4.1 +- Add docs how to reuse ssh port [#1731](https://github.com/sameersbn/docker-gitlab/pull/1731) + +**11.4.0** +- gitlab: upgrade CE to v11.4.0 +- baseimage: upgrade to xenial-20181005 + +**11.3.6** +- gitlab: upgrade CE to v11.3.6 + +**11.3.5** +- gitlab: upgrade CE to v11.3.5 + +**11.3.4** +- gitlab: upgrade CE to v11.3.4 + +**11.3.3** +- gitlab: upgrade CE to v11.3.3 + +**11.3.2** +- gitlab: upgrade CE to v11.3.2 + +**11.3.1** +- gitlab: upgrade CE to v11.3.1 + +**11.3.0** +- gitlab: upgrade CE to v11.3.0 +- Fix backup config stripping for when AWS & GCS backups are disabled [#1725](https://github.com/sameersbn/docker-gitlab/pull/1725) +- Correct Backup Date format for selective backups [#1699](https://github.com/sameersbn/docker-gitlab/pull/1699) +- Fix gitlay-ssh symlink to enable rebase/squash in forks + +**11.2.3** +- gitlab: upgrade CE to v11.2.3 + +**11.2.2** +- gitlab: upgrade CE to v11.2.2 + +**11.2.1** +- gitlab: upgrade CE to v11.2.1 + +**11.2.0** +- gitlab: upgrade CE to v11.2.0 +- ADD `GITLAB_DEFAULT_THEME` + +**11.1.4** +- gitlab: upgrade CE to v11.1.4 + +**11.1.3** +- gitlab: upgrade CE to v11.1.3 +- Upgrade redis to 4.0.9-1 + +**11.1.2** +- gitlab: upgrade CE to v11.1.2 + +**11.1.1** +- gitlab: upgrade CE to v11.1.1 + +**11.1.0** +- gitlab: upgrade CE to v11.1.0 + +**11.0.4** +- gitlab: upgrade CE to v11.0.4 + +**11.0.3** +- gitlab: upgrade CE to v11.0.3 +- ruby: update to 2.4 + +**11.0.2** +- gitlab: upgrade CE to v11.0.2 + +**11.0.1** +- gitlab: upgrade CE to v11.0.1 + +**11.0.0** +- gitlab: upgrade CE to v11.0.0 + +**10.8.4** +- gitlab: upgrade CE to v10.8.4 + +**10.8.3-1** +- Fix boot loops that were introduced during [#1621](https://github.com/sameersbn/docker-gitlab/pull/1621) and will be fixed with [#1628](https://github.com/sameersbn/docker-gitlab/pull/1628) + + +**10.8.3** +- gitlab: upgrade CE to v10.8.3 +- Fix potential boot problems on clean setups [#1621](https://github.com/sameersbn/docker-gitlab/pull/1621) + +**10.8.2** +- gitlab: upgrade CE to v10.8.2 + +**10.8.1** +- gitlab: upgrade CE to v10.8.1 + +**10.8.0** +- gitlab: upgrade CE to v10.8.0 +- Add support for swarm mode with docker-configs and docker secrets ([#1540](https://github.com/sameersbn/docker-gitlab/pull/1540)) + +**10.7.4** +- gitlab: upgrade CE to v10.7.4 +- FIX `GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT` + +**10.7.3** +- gitlab: upgrade CE to v10.7.3 + +**10.7.2** +- gitlab: upgrade CE to v10.7.2 + +**10.7.1** +- gitlab: upgrade CE to v10.7.1 + +**10.7.0** +- gitlab: upgrade CE to v10.7.0 +- ADD `GITLAB_SIDEKIQ_LOG_FORMAT` +- ADD `GITLAB_ARTIFACTS_OBJECT_STORE_ENABLED` +- ADD `GITLAB_ARTIFACTS_OBJECT_STORE_REMOTE_DIRECTORY` +- ADD `GITLAB_ARTIFACTS_OBJECT_STORE_BACKGROUND_UPLOAD` +- ADD `GITLAB_ARTIFACTS_OBJECT_STORE_PROXY_DOWNLOAD` +- ADD `GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_PROVIDER` +- ADD `GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID` +- ADD `GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY` +- ADD `GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_REGION` +- ADD `GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_HOST` +- ADD `GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT` +- ADD `GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE` + +- ADD `GITLAB_LFS_OBJECT_STORE_ENABLED` +- ADD `GITLAB_LFS_OBJECT_STORE_REMOTE_DIRECTORY` +- ADD `GITLAB_LFS_OBJECT_STORE_DIRECT_UPLOAD` +- ADD `GITLAB_LFS_OBJECT_STORE_BACKGROUND_UPLOAD` +- ADD `GITLAB_LFS_OBJECT_STORE_PROXY_DOWNLOAD` +- ADD `GITLAB_LFS_OBJECT_STORE_CONNECTION_PROVIDER` +- ADD `GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID` +- ADD `GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY` +- ADD `GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_REGION` +- ADD `GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_HOST` +- ADD `GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT` +- ADD `GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE` + +- ADD `GITLAB_UPLOADS_OBJECT_STORE_ENABLED` +- ADD `GITLAB_UPLOADS_OBJECT_STORE_REMOTE_DIRECTORY` +- ADD `GITLAB_UPLOADS_OBJECT_STORE_DIRECT_UPLOAD` +- ADD `GITLAB_UPLOADS_OBJECT_STORE_BACKGROUND_UPLOAD` +- ADD `GITLAB_UPLOADS_OBJECT_STORE_PROXY_DOWNLOAD` +- ADD `GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_PROVIDER` +- ADD `GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID` +- ADD `GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY` +- ADD `GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_REGION` +- ADD `GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_HOST` +- ADD `GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT` +- ADD `GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE` + +**10.6.4** +- gitlab: upgrade CE to v10.6.4 + +**10.6.3** +- gitlab: upgrade CE to v10.6.3 + +**10.6.2** +- gitlab: upgrade CE to v10.6.2 +- golang: update to 1.9.5 + +**10.6.1** +- gitlab: upgrade CE to v10.6.1 + +**10.6.0** +- gitlab: upgrade CE to v10.6.0 + +**10.5.6** +- gitlab: security upgrade CE to v10.5.6 + +**10.5.5** +- gitlab: upgrade CE to v10.5.5 + +**10.5.4** +- gitlab: upgrade CE to v10.5.4 + +**10.5.3** +- gitlab: upgrade CE to v10.5.3 + +**10.5.2** +- gitlab: upgrade CE to v10.5.2 +- Fix `GITLAB_UPLOADS_STORAGE_PATH` + +**10.5.1** +- gitlab: upgrade CE to v10.5.1 + +**10.5.0** +- gitlab: upgrade CE to v10.5.0 +- Add `GITLAB_UPLOADS_STORAGE_PATH` +- Add `GITLAB_UPLOADS_BASE_DIR` +- Add `LDAP_LOWERCASE_USERNAMES` + +**10.4.4** +- gitlab: upgrade CE to v10.4.4 + +**10.4.3** +- gitlab: upgrade CE to v10.4.3 + +**10.4.2-1** +- FIXED SSH Host Key generation through droping the support for rsa1 + +**10.4.2** +- gitlab: upgrade CE to v10.4.2 + +**10.4.1** +- gitlab: upgrade CE to v10.4.1 + +**10.4.0** +- gitlab: upgrade CE to v10.4.0 +- docker: upgrade to ubuntu xenial as baseimage +- golang: update to 1.9.3 **10.3.6** - gitlab: upgrade CE to v10.3.6 @@ -131,7 +612,7 @@ https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG.md) for the list o **9.3.8** - gitlab: upgrade to CE v9.3.8 -- Added RE2 library to build dependencies ([issue 35342](https://gitlab.com/gitlab-org/gitlab-ce/issues/35342)) +- Added RE2 library to build dependencies ([issue 35342](https://gitlab.com/gitlab-org/gitlab-foss/issues/35342)) **9.3.7** - gitlab: upgrade to CE v9.3.7 diff --git a/Dockerfile b/Dockerfile index 01cd9db6..403b9c5b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,13 +1,16 @@ -FROM sameersbn/ubuntu:14.04.20180124 -LABEL maintainer="sameer@damagehead.com" +FROM ubuntu:bionic-20191010 -ENV GITLAB_VERSION=10.3.6 \ - RUBY_VERSION=2.3 \ - GOLANG_VERSION=1.8.3 \ - GITLAB_SHELL_VERSION=5.10.2 \ - GITLAB_WORKHORSE_VERSION=3.3.1 \ - GITLAB_PAGES_VERSION=0.6.0 \ - GITALY_SERVER_VERSION=0.59.2 \ +ARG BUILD_DATE +ARG VCS_REF +ARG VERSION=12.5.5 + +ENV GITLAB_VERSION=${VERSION} \ + RUBY_VERSION=2.6 \ + GOLANG_VERSION=1.12.14 \ + GITLAB_SHELL_VERSION=10.2.0 \ + GITLAB_WORKHORSE_VERSION=8.14.1 \ + GITLAB_PAGES_VERSION=1.12.0 \ + GITALY_SERVER_VERSION=1.72.1 \ GITLAB_USER="git" \ GITLAB_HOME="/home/git" \ GITLAB_LOG_DIR="/var/log/gitlab" \ @@ -17,36 +20,40 @@ ENV GITLAB_VERSION=10.3.6 \ ENV GITLAB_INSTALL_DIR="${GITLAB_HOME}/gitlab" \ GITLAB_SHELL_INSTALL_DIR="${GITLAB_HOME}/gitlab-shell" \ - GITLAB_WORKHORSE_INSTALL_DIR="${GITLAB_HOME}/gitlab-workhorse" \ - GITLAB_PAGES_INSTALL_DIR="${GITLAB_HOME}/gitlab-pages" \ GITLAB_GITALY_INSTALL_DIR="${GITLAB_HOME}/gitaly" \ GITLAB_DATA_DIR="${GITLAB_HOME}/data" \ GITLAB_BUILD_DIR="${GITLAB_CACHE_DIR}/build" \ GITLAB_RUNTIME_DIR="${GITLAB_CACHE_DIR}/runtime" -RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv E1DD270288B4E6030699E45FA1715D88E1DF1F24 \ - && echo "deb http://ppa.launchpad.net/git-core/ppa/ubuntu trusty main" >> /etc/apt/sources.list \ +RUN apt-get update \ + && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \ + wget ca-certificates apt-transport-https gnupg2 +RUN set -ex && \ + apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv E1DD270288B4E6030699E45FA1715D88E1DF1F24 \ + && echo "deb http://ppa.launchpad.net/git-core/ppa/ubuntu bionic main" >> /etc/apt/sources.list \ && apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 80F70E11F0F0D5F10CB20E62F5DA5F09C3173AA6 \ - && echo "deb http://ppa.launchpad.net/brightbox/ruby-ng/ubuntu trusty main" >> /etc/apt/sources.list \ + && echo "deb http://ppa.launchpad.net/brightbox/ruby-ng/ubuntu bionic main" >> /etc/apt/sources.list \ && apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 8B3981E7A6852F782CC4951600A6F0A3C300EE8C \ - && echo "deb http://ppa.launchpad.net/nginx/stable/ubuntu trusty main" >> /etc/apt/sources.list \ + && echo "deb http://ppa.launchpad.net/nginx/stable/ubuntu bionic main" >> /etc/apt/sources.list \ && wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - \ - && echo 'deb http://apt.postgresql.org/pub/repos/apt/ trusty-pgdg main' > /etc/apt/sources.list.d/pgdg.list \ + && echo 'deb http://apt.postgresql.org/pub/repos/apt/ bionic-pgdg main' > /etc/apt/sources.list.d/pgdg.list \ && wget --quiet -O - https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - \ - && echo 'deb https://deb.nodesource.com/node_8.x trusty main' > /etc/apt/sources.list.d/nodesource.list \ + && echo 'deb https://deb.nodesource.com/node_12.x bionic main' > /etc/apt/sources.list.d/nodesource.list \ && wget --quiet -O - https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - \ && echo 'deb https://dl.yarnpkg.com/debian/ stable main' > /etc/apt/sources.list.d/yarn.list \ + && set -ex \ && apt-get update \ - && DEBIAN_FRONTEND=noninteractive apt-get install -y supervisor logrotate locales curl \ - nginx openssh-server mysql-client postgresql-client redis-tools \ - git-core ruby${RUBY_VERSION} python2.7 python-docutils nodejs yarn gettext-base \ - libmysqlclient18 libpq5 zlib1g libyaml-0-2 libssl1.0.0 \ - libgdbm3 libreadline6 libncurses5 libffi6 \ - libxml2 libxslt1.1 libcurl3 libicu52 \ + && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \ + sudo supervisor logrotate locales curl \ + nginx openssh-server postgresql-client-10 postgresql-contrib-10 redis-tools \ + git-core ruby${RUBY_VERSION} python3 python3-docutils nodejs yarn gettext-base graphicsmagick \ + libpq5 zlib1g libyaml-0-2 libssl1.0.0 \ + libgdbm5 libreadline7 libncurses5 libffi6 \ + libxml2 libxslt1.1 libcurl4 libicu60 libre2-dev tzdata unzip libimage-exiftool-perl \ && update-locale LANG=C.UTF-8 LC_MESSAGES=POSIX \ && locale-gen en_US.UTF-8 \ && DEBIAN_FRONTEND=noninteractive dpkg-reconfigure locales \ - && gem install --no-document bundler \ + && gem install --no-document bundler -v 1.17.3 \ && rm -rf /var/lib/apt/lists/* COPY assets/build/ ${GITLAB_BUILD_DIR}/ @@ -56,6 +63,17 @@ COPY assets/runtime/ ${GITLAB_RUNTIME_DIR}/ COPY entrypoint.sh /sbin/entrypoint.sh RUN chmod 755 /sbin/entrypoint.sh +LABEL \ + maintainer="sameer@damagehead.com" \ + org.label-schema.schema-version="1.0" \ + org.label-schema.build-date=${BUILD_DATE} \ + org.label-schema.name=gitlab \ + org.label-schema.vendor=damagehead \ + org.label-schema.url="https://github.com/sameersbn/docker-gitlab" \ + org.label-schema.vcs-url="https://github.com/sameersbn/docker-gitlab.git" \ + org.label-schema.vcs-ref=${VCS_REF} \ + com.damagehead.gitlab.license=MIT + EXPOSE 22/tcp 80/tcp 443/tcp VOLUME ["${GITLAB_DATA_DIR}", "${GITLAB_LOG_DIR}"] diff --git a/README.md b/README.md index 6202d6ea..90db2db1 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ [![Docker Repository on Quay.io](https://quay.io/repository/sameersbn/gitlab/status "Docker Repository on Quay.io")](https://quay.io/repository/sameersbn/gitlab) [![](https://images.microbadger.com/badges/image/sameersbn/gitlab.svg)](http://microbadger.com/images/sameersbn/gitlab "Get your own image badge on microbadger.com") -# sameersbn/gitlab:10.3.6 +# sameersbn/gitlab:12.5.5 - [Introduction](#introduction) - [Changelog](Changelog.md) @@ -18,10 +18,6 @@ - [PostgreSQL (Recommended)](#postgresql) - [External PostgreSQL Server](#external-postgresql-server) - [Linking to PostgreSQL Container](#linking-to-postgresql-container) - - [MySQL](#mysql) - - [Internal MySQL Server](#internal-mysql-server) - - [External MySQL Server](#external-mysql-server) - - [Linking to MySQL Container](#linking-to-mysql-container) - [Redis](#redis) - [Internal Redis Server](#internal-redis-server) - [External Redis Server](#external-redis-server) @@ -49,9 +45,11 @@ - [SAML](#saml) - [Crowd](#crowd) - [Microsoft Azure](#microsoft-azure) + - [Gitlab Pages](#gitlab-pages) - [External Issue Trackers](#external-issue-trackers) - [Host UID / GID Mapping](#host-uid--gid-mapping) - [Piwik](#piwik) + - [Exposing ssh port in dockerized gitlab-ce](docs/exposing-ssh-port.md) - [Available Configuration Parameters](#available-configuration-parameters) - [Maintenance](#maintenance) - [Creating Backups](#creating-backups) @@ -71,9 +69,9 @@ Dockerfile to build a [GitLab](https://about.gitlab.com/) image for the [Docker](https://www.docker.com/products/docker-engine) opensource container platform. -GitLab CE is set up in the Docker image using the [install from source](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/install/installation.md) method as documented in the the official GitLab documentation. +GitLab CE is set up in the Docker image using the [install from source](https://docs.gitlab.com/ce/install/installation.html) method as documented in the the official GitLab documentation. -For other methods to install GitLab please refer to the [Official GitLab Installation Guide](https://about.gitlab.com/installation/) which includes a [GitLab image for Docker](https://gitlab.com/gitlab-org/gitlab-ce/tree/master/docker). +For other methods to install GitLab please refer to the [Official GitLab Installation Guide](https://about.gitlab.com/install/) which includes a [GitLab image for Docker](https://docs.gitlab.com/omnibus/docker/). # Contributing @@ -126,7 +124,7 @@ Automated builds of the image are available on [Dockerhub](https://hub.docker.co > **Note**: Builds are also available on [Quay.io](https://quay.io/repository/sameersbn/gitlab) ```bash -docker pull sameersbn/gitlab:10.3.6 +docker pull sameersbn/gitlab:12.5.5 ``` You can also pull the `latest` tag which is built from the repository *HEAD* @@ -173,7 +171,7 @@ docker run --name gitlab-postgresql -d \ --env 'DB_USER=gitlab' --env 'DB_PASS=password' \ --env 'DB_EXTENSION=pg_trgm' \ --volume /srv/docker/gitlab/postgresql:/var/lib/postgresql \ - sameersbn/postgresql:9.6-2 + sameersbn/postgresql:10-2 ``` Step 2. Launch a redis container @@ -181,7 +179,7 @@ Step 2. Launch a redis container ```bash docker run --name gitlab-redis -d \ --volume /srv/docker/gitlab/redis:/var/lib/redis \ - sameersbn/redis:latest + sameersbn/redis:4.0.9-2 ``` Step 3. Launch the gitlab container @@ -195,7 +193,7 @@ docker run --name gitlab -d \ --env 'GITLAB_SECRETS_SECRET_KEY_BASE=long-and-random-alpha-numeric-string' \ --env 'GITLAB_SECRETS_OTP_KEY_BASE=long-and-random-alpha-numeric-string' \ --volume /srv/docker/gitlab/gitlab:/home/git/data \ - sameersbn/gitlab:10.3.6 + sameersbn/gitlab:12.5.5 ``` *Please refer to [Available Configuration Parameters](#available-configuration-parameters) to understand `GITLAB_PORT` and other configuration options* @@ -230,14 +228,14 @@ Volumes can be mounted in docker by specifying the `-v` option in the docker run ```bash docker run --name gitlab -d \ --volume /srv/docker/gitlab/gitlab:/home/git/data \ - sameersbn/gitlab:10.3.6 + sameersbn/gitlab:12.5.5 ``` ## Database -GitLab uses a database backend to store its data. You can configure this image to use either MySQL or PostgreSQL. +GitLab uses a database backend to store its data. You can configure this image to use PostgreSQL. -*Note: GitLab HQ recommends using PostgreSQL over MySQL* +*Note: GitLab requieres PostgreSQL now. So use an older image < 12.1 or migrate to PostgresSQL* ### PostgreSQL @@ -259,25 +257,25 @@ We are now ready to start the GitLab application. ```bash docker run --name gitlab -d \ - --env 'DB_ADAPTER=postgresql' --env 'DB_HOST=192.168.1.100' \ + --env 'DB_HOST=192.168.1.100' \ --env 'DB_NAME=gitlabhq_production' \ --env 'DB_USER=gitlab' --env 'DB_PASS=password' \ --volume /srv/docker/gitlab/gitlab:/home/git/data \ - sameersbn/gitlab:10.3.6 + sameersbn/gitlab:12.5.5 ``` #### Linking to PostgreSQL Container You can link this image with a postgresql container for the database requirements. The alias of the postgresql server container should be set to **postgresql** while linking with the gitlab image. -If a postgresql container is linked, only the `DB_ADAPTER`, `DB_HOST` and `DB_PORT` settings are automatically retrieved using the linkage. You may still need to set other database connection parameters such as the `DB_NAME`, `DB_USER`, `DB_PASS` and so on. +If a postgresql container is linked, only the `DB_HOST` and `DB_PORT` settings are automatically retrieved using the linkage. You may still need to set other database connection parameters such as the `DB_NAME`, `DB_USER`, `DB_PASS` and so on. To illustrate linking with a postgresql container, we will use the [sameersbn/postgresql](https://github.com/sameersbn/docker-postgresql) image. When using postgresql image in production you should mount a volume for the postgresql data store. Please refer the [README](https://github.com/sameersbn/docker-postgresql/blob/master/README.md) of docker-postgresql for details. First, lets pull the postgresql image from the docker index. ```bash -docker pull sameersbn/postgresql:9.6-2 +docker pull sameersbn/postgresql:10-2 ``` For data persistence lets create a store for the postgresql and start the container. @@ -297,7 +295,7 @@ docker run --name gitlab-postgresql -d \ --env 'DB_USER=gitlab' --env 'DB_PASS=password' \ --env 'DB_EXTENSION=pg_trgm' \ --volume /srv/docker/gitlab/postgresql:/var/lib/postgresql \ - sameersbn/postgresql:9.6-2 + sameersbn/postgresql:10-2 ``` The above command will create a database named `gitlabhq_production` and also create a user named `gitlab` with the password `password` with access to the `gitlabhq_production` database. @@ -307,7 +305,7 @@ We are now ready to start the GitLab application. ```bash docker run --name gitlab -d --link gitlab-postgresql:postgresql \ --volume /srv/docker/gitlab/gitlab:/home/git/data \ - sameersbn/gitlab:10.3.6 + sameersbn/gitlab:12.5.5 ``` Here the image will also automatically fetch the `DB_NAME`, `DB_USER` and `DB_PASS` variables from the postgresql container as they are specified in the `docker run` command for the postgresql container. This is made possible using the magic of docker links and works with the following images: @@ -317,103 +315,6 @@ Here the image will also automatically fetch the `DB_NAME`, `DB_USER` and `DB_PA - [orchardup/postgresql](https://hub.docker.com/r/orchardup/postgresql/) - [paintedfox/postgresql](https://hub.docker.com/r/paintedfox/postgresql/) -### MySQL - -#### Internal MySQL Server - -The internal mysql server has been removed from the image. Please use a [linked mysql](#linking-to-mysql-container) container or specify a connection to a [external mysql](#external-mysql-server) server. - -If you have been using the internal mysql server follow these instructions to migrate to a linked mysql container: - -Assuming that your mysql data is available at `/srv/docker/gitlab/mysql` - -```bash -docker run --name gitlab-mysql -d \ - --volume /srv/docker/gitlab/mysql:/var/lib/mysql \ - sameersbn/mysql:latest -``` - -This will start a mysql container with your existing mysql data. Now login to the mysql container and create a user for the existing `gitlabhq_production` database. - -All you need to do now is link this mysql container to the gitlab ci container using the `--link gitlab-mysql:mysql` option and provide the `DB_NAME`, `DB_USER` and `DB_PASS` parameters. - -Refer to [Linking to MySQL Container](#linking-to-mysql-container) for more information. - -#### External MySQL Server - -The image can be configured to use an external MySQL database. The database configuration should be specified using environment variables while starting the GitLab image. - -Before you start the GitLab image create user and database for gitlab. - -```sql -CREATE USER 'gitlab'@'%.%.%.%' IDENTIFIED BY 'password'; -CREATE DATABASE IF NOT EXISTS `gitlabhq_production` DEFAULT CHARACTER SET `utf8` COLLATE `utf8_unicode_ci`; -GRANT ALL PRIVILEGES ON `gitlabhq_production`.* TO 'gitlab'@'%.%.%.%'; -``` - -We are now ready to start the GitLab application. - -*Assuming that the mysql server host is 192.168.1.100* - -```bash -docker run --name gitlab -d \ - --env 'DB_ADAPTER=mysql2' --env 'DB_HOST=192.168.1.100' \ - --env 'DB_NAME=gitlabhq_production' \ - --env 'DB_USER=gitlab' --env 'DB_PASS=password' \ - --volume /srv/docker/gitlab/gitlab:/home/git/data \ - sameersbn/gitlab:10.3.6 -``` - -#### Linking to MySQL Container - -You can link this image with a mysql container for the database requirements. The alias of the mysql server container should be set to **mysql** while linking with the gitlab image. - -If a mysql container is linked, only the `DB_ADAPTER`, `DB_HOST` and `DB_PORT` settings are automatically retrieved using the linkage. You may still need to set other database connection parameters such as the `DB_NAME`, `DB_USER`, `DB_PASS` and so on. - -To illustrate linking with a mysql container, we will use the [sameersbn/mysql](https://github.com/sameersbn/docker-mysql) image. When using docker-mysql in production you should mount a volume for the mysql data store. Please refer the [README](https://github.com/sameersbn/docker-mysql/blob/master/README.md) of docker-mysql for details. - -First, lets pull the mysql image from the docker index. - -```bash -docker pull sameersbn/mysql:latest -``` - -For data persistence lets create a store for the mysql and start the container. - -SELinux users are also required to change the security context of the mount point so that it plays nicely with selinux. - -```bash -mkdir -p /srv/docker/gitlab/mysql -sudo chcon -Rt svirt_sandbox_file_t /srv/docker/gitlab/mysql -``` - -The run command looks like this. - -```bash -docker run --name gitlab-mysql -d \ - --env 'DB_NAME=gitlabhq_production' \ - --env 'DB_USER=gitlab' --env 'DB_PASS=password' \ - --volume /srv/docker/gitlab/mysql:/var/lib/mysql \ - sameersbn/mysql:latest -``` - -The above command will create a database named `gitlabhq_production` and also create a user named `gitlab` with the password `password` with full/remote access to the `gitlabhq_production` database. - -We are now ready to start the GitLab application. - -```bash -docker run --name gitlab -d --link gitlab-mysql:mysql \ - --volume /srv/docker/gitlab/gitlab:/home/git/data \ - sameersbn/gitlab:10.3.6 -``` - -Here the image will also automatically fetch the `DB_NAME`, `DB_USER` and `DB_PASS` variables from the mysql container as they are specified in the `docker run` command for the mysql container. This is made possible using the magic of docker links and works with the following images: - - - [mysql](https://hub.docker.com/_/mysql/) - - [sameersbn/mysql](https://quay.io/repository/sameersbn/mysql/) - - [centurylink/mysql](https://hub.docker.com/r/centurylink/mysql/) - - [orchardup/mysql](https://hub.docker.com/r/orchardup/mysql/) - ## Redis GitLab uses the redis server for its key-value data store. The redis server connection details can be specified using environment variables. @@ -431,7 +332,7 @@ The image can be configured to use an external redis server. The configuration s ```bash docker run --name gitlab -it --rm \ --env 'REDIS_HOST=192.168.1.100' --env 'REDIS_PORT=6379' \ - sameersbn/gitlab:10.3.6 + sameersbn/gitlab:12.5.5 ``` ### Linking to Redis Container @@ -443,7 +344,7 @@ To illustrate linking with a redis container, we will use the [sameersbn/redis]( First, lets pull the redis image from the docker index. ```bash -docker pull sameersbn/redis:latest +docker pull sameersbn/redis:4.0.9-2 ``` Lets start the redis container @@ -451,14 +352,14 @@ Lets start the redis container ```bash docker run --name gitlab-redis -d \ --volume /srv/docker/gitlab/redis:/var/lib/redis \ - sameersbn/redis:latest + sameersbn/redis:4.0.9-2 ``` We are now ready to start the GitLab application. ```bash docker run --name gitlab -d --link gitlab-redis:redisio \ - sameersbn/gitlab:10.3.6 + sameersbn/gitlab:12.5.5 ``` ### Mail @@ -471,7 +372,7 @@ If you are using Gmail then all you need to do is: docker run --name gitlab -d \ --env 'SMTP_USER=USER@gmail.com' --env 'SMTP_PASS=PASSWORD' \ --volume /srv/docker/gitlab/gitlab:/home/git/data \ - sameersbn/gitlab:10.3.6 + sameersbn/gitlab:12.5.5 ``` Please refer the [Available Configuration Parameters](#available-configuration-parameters) section for the list of SMTP parameters that can be specified. @@ -491,7 +392,7 @@ docker run --name gitlab -d \ --env 'IMAP_USER=USER@gmail.com' --env 'IMAP_PASS=PASSWORD' \ --env 'GITLAB_INCOMING_EMAIL_ADDRESS=USER+%{key}@gmail.com' \ --volume /srv/docker/gitlab/gitlab:/home/git/data \ - sameersbn/gitlab:10.3.6 + sameersbn/gitlab:12.5.5 ``` Please refer the [Available Configuration Parameters](#available-configuration-parameters) section for the list of IMAP parameters that can be specified. @@ -568,7 +469,7 @@ docker run --name gitlab -d \ --env 'GITLAB_SSH_PORT=10022' --env 'GITLAB_PORT=10443' \ --env 'GITLAB_HTTPS=true' --env 'SSL_SELF_SIGNED=true' \ --volume /srv/docker/gitlab/gitlab:/home/git/data \ - sameersbn/gitlab:10.3.6 + sameersbn/gitlab:12.5.5 ``` In this configuration, any requests made over the plain http protocol will automatically be redirected to use the https protocol. However, this is not optimal when using a load balancer. @@ -584,7 +485,7 @@ docker run --name gitlab -d \ --env 'GITLAB_HTTPS=true' --env 'SSL_SELF_SIGNED=true' \ --env 'NGINX_HSTS_MAXAGE=2592000' \ --volume /srv/docker/gitlab/gitlab:/home/git/data \ - sameersbn/gitlab:10.3.6 + sameersbn/gitlab:12.5.5 ``` If you want to completely disable HSTS set `NGINX_HSTS_ENABLED` to `false`. @@ -607,7 +508,7 @@ docker run --name gitlab -d \ --env 'GITLAB_SSH_PORT=10022' --env 'GITLAB_PORT=443' \ --env 'GITLAB_HTTPS=true' --env 'SSL_SELF_SIGNED=true' \ --volume /srv/docker/gitlab/gitlab:/home/git/data \ - sameersbn/gitlab:10.3.6 + sameersbn/gitlab:12.5.5 ``` Again, drop the `--env 'SSL_SELF_SIGNED=true'` option if you are using CA certified SSL certificates. @@ -627,8 +528,8 @@ This is simply done by adding the servers certificate into their list of trusted Again, this is a client side configuration which means that everyone who is going to communicate with the server should perform this configuration on their machine. In short, distribute the `gitlab.crt` file among your developers and ask them to add it to their list of trusted ssl certificates. Failure to do so will result in errors that look like this: ```bash -git clone https://git.local.host/gitlab-ce.git -fatal: unable to access 'https://git.local.host/gitlab-ce.git': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none +git clone https://git.local.host/gitlab-foss.git +fatal: unable to access 'https://git.local.host/gitlab-foss.git': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none ``` You can do the same at the web browser. Instructions for installing the root certificate for firefox can be found [here](http://portal.threatpulse.com/docs/sol/Content/03Solutions/ManagePolicy/SSL/ssl_firefox_cert_ta.htm). You will find similar options chrome, just make sure you install the certificate under the authorities tab of the certificate manager dialog. @@ -655,7 +556,7 @@ Let's assume we want to deploy our application to '/git'. GitLab needs to know t docker run --name gitlab -it --rm \ --env 'GITLAB_RELATIVE_URL_ROOT=/git' \ --volume /srv/docker/gitlab/gitlab:/home/git/data \ - sameersbn/gitlab:10.3.6 + sameersbn/gitlab:12.5.5 ``` GitLab will now be accessible at the `/git` path, e.g. `http://www.example.com/git`. @@ -766,6 +667,51 @@ Once you have the Client ID, Client secret and Tenant ID generated, configure th For example, if your Client ID is `xxx`, the Client secret is `yyy` and the Tenant ID is `zzz`, then adding `--env 'OAUTH_AZURE_API_KEY=xxx' --env 'OAUTH_AZURE_API_SECRET=yyy' --env 'OAUTH_AZURE_TENANT_ID=zzz'` to the docker run command enables support for Microsoft Azure OAuth. +### Gitlab Pages + +Gitlab Pages allows a user to host static websites from a project. Gitlab pages can be enabled with setting the envrionment variable `GITLAB_PAGES_ENABLED` to `true`. + +### Gitlab Pages Access Control + +Since version `11.5.0` Gitlab pages supports access control. This allows only access to a published website if you are a project member, or have access to a certain project. + +Gitlab pages access control requires additional configuration before activating it through the variable `GITLAB_PAGES_ACCESS_CONTROL`. + +Gitab pages access control makes use of the Gitlab OAuth Module. + + - Goto the Gitlab Admin area + - Select `Applications` in the menu + - Create `New Application` + - Name: `Gitlab Pages` + - Scopes: + - api + - Trusted: NO (Do not select) + - Redirect URI: https://projects./auth + +Note about the `Redirect URI`; this can be tricky to configure or figure out, What needs to be achieved is to following, the redirect URI needs to end up at the `gitlab-pages` daemon with the `/auth` endpoint. + +This means that if you run your gitlab pages at domain `pages.example.io` this will be a wilcard domain where your projects are created based on their namespace. The best trick is to enter a NON-Existing gitlab project pages URI as the redirect URI. + +In the example above; the pages domain `projects` has been chosen. This will cause the nginx, either the built in or your own loadbalancer to redirect `*.` to the `gitlab-pages` daemon. Which will trigger the pages endpoint. + +Make sure to choose own which does not exist and make sure that the request is routed to the `gitlab-pages` daemon if you are using your own HTTP load balancer in front of Gitlab. + +After creating the OAuth application endpoint for the Gitlab Pages Daemon. Gitlab pages access control can now be enabled. + +Add to following environment variables to your Gitlab Container. + +| Variable | R/O | Description | +|----------|-----|-------------| +| GITLAB_PAGES_ACCESS_CONTROL | Required | Set to `true` to enable access control. | +| GITLAB_PAGES_ACCESS_SECRET | Optional | Secret Hash, minimal 32 characters, if omitted, it will be auto generated. | +| GITLAB_PAGES_ACCESS_CONTROL_SERVER | Required | Gitlab instance URI, example: `https://gitlab.example.io` | +| GITLAB_PAGES_ACCESS_CLIENT_ID | Required | Client ID from earlier generated OAuth application | +| GITLAB_PAGES_ACCESS_CLIENT_SECRET | Required | Client Secret from earlier genereated OAuth application | +| GITLAB_PAGES_ACCESS_REDIRECT_URI | Required | Redirect URI, non existing pages domain to redirect to pages daemon, `https://projects.example.io` | + +After you have enabled the gitlab pages access control. When you go to a project `General Settings` -> `Permissions` you can choose the pages persmission level for the project. + + ### External Issue Trackers Since version `7.10.0` support for external issue trackers can be enabled in the "Service Templates" section of the settings panel. @@ -783,14 +729,14 @@ Also the container processes seem to be executed as the host's user/group `1000` ```bash docker run --name gitlab -it --rm [options] \ --env "USERMAP_UID=$(id -u git)" --env "USERMAP_GID=$(id -g git)" \ - sameersbn/gitlab:10.3.6 + sameersbn/gitlab:12.5.5 ``` When changing this mapping, all files and directories in the mounted data volume `/home/git/data` have to be re-owned by the new ids. This can be achieved automatically using the following command: ```bash docker run --name gitlab -d [OPTIONS] \ - sameersbn/gitlab:10.3.6 app:sanitize + sameersbn/gitlab:12.5.5 app:sanitize ``` ### Piwik @@ -801,9 +747,11 @@ These options should contain something like: - `PIWIK_URL=piwik.example.org` - `PIWIK_SITE_ID=42` + ### Available Configuration Parameters -*Please refer the docker run command options for the `--env-file` flag where you can specify all required environment variables in a single file. This will save you from writing a potentially long docker run command. Alternatively you can use docker-compose.* +*Please refer the docker run command options for the `--env-file` flag where you can specify all required environment variables in a single file. This will save you from writing a potentially long docker run command. Alternatively you can use docker-compose. docker-compose users and Docker Swarm mode users can also use the [secrets and config file options](#docker-secrets-and-configs)* + Below is the complete list of available options that can be used to customize your gitlab installation. @@ -824,9 +772,14 @@ Below is the complete list of available options that can be used to customize yo | `GITLAB_EMAIL_REPLY_TO` | The reply-to address of emails sent out by GitLab. Defaults to value of `GITLAB_EMAIL`, else defaults to `noreply@example.com`. | | `GITLAB_EMAIL_SUBJECT_SUFFIX` | The e-mail subject suffix used in e-mails sent by GitLab. No defaults. | | `GITLAB_EMAIL_ENABLED` | Enable or disable gitlab mailer. Defaults to the `SMTP_ENABLED` configuration. | +| `GITLAB_EMAIL_SMIME_ENABLE` | Enable or disable email S/MIME signing. Defaults is `false`. | +| `GITLAB_EMAIL_SMIME_KEY_FILE` | Specifies the path to a S/MIME private key file in PEM format, unencrypted. Defaults to ``. | +| `GITLAB_EMAIL_SMIME_CERT_FILE` | Specifies the path to a S/MIME public certificate key in PEM format. Defaults to ``. | +| `GITLAB_DEFAULT_THEME` | Default theme ID, by default 2. (1 - Indigo, 2 - Dark, 3 - Light, 4 - Blue, 5 - Green, 6 - Light Indigo, 7 - Light Blue, 8 - Light Green, 9 - Red, 10 - Light Red) | | `GITLAB_INCOMING_EMAIL_ADDRESS` | The incoming email address for reply by email. Defaults to the value of `IMAP_USER`, else defaults to `reply@example.com`. Please read the [reply by email](http://doc.gitlab.com/ce/incoming_email/README.html) documentation to currently set this parameter. | | `GITLAB_INCOMING_EMAIL_ENABLED` | Enable or disable gitlab reply by email feature. Defaults to the value of `IMAP_ENABLED`. | | `GITLAB_SIGNUP_ENABLED` | Enable or disable user signups (first run only). Default is `true`. | +| `GITLAB_IMPERSONATION_ENABLED` | Enable or disable impersonation. Defaults to `true`. | | `GITLAB_PROJECTS_LIMIT` | Set default projects limit. Defaults to `100`. | | `GITLAB_USERNAME_CHANGE` | Enable or disable ability for users to change their username. Defaults to `true`. | | `GITLAB_CREATE_GROUP` | Enable or disable ability for users to create groups. Defaults to `true`. | @@ -841,14 +794,67 @@ Below is the complete list of available options that can be used to customize yo | `GITLAB_NOTIFY_PUSHER` | Add pusher to recipients list of broken build notification emails. Defaults to `false` | | `GITLAB_REPOS_DIR` | The git repositories folder in the container. Defaults to `/home/git/data/repositories` | | `GITLAB_BACKUP_DIR` | The backup folder in the container. Defaults to `/home/git/data/backups` | +| `GITLAB_BACKUP_DIR_CHOWN` | Optionally change ownership of backup files on start-up. Defaults to `true` | +| `GITLAB_BACKUP_DIR_GROUP` | Optionally group backups into a subfolder. Can also be used to place backups in to a subfolder on remote storage. Not used by default. | | `GITLAB_BUILDS_DIR` | The build traces directory. Defaults to `/home/git/data/builds` | | `GITLAB_DOWNLOADS_DIR` | The repository downloads directory. A temporary zip is created in this directory when users click **Download Zip** on a project. Defaults to `/home/git/data/tmp/downloads`. | | `GITLAB_SHARED_DIR` | The directory to store the build artifacts. Defaults to `/home/git/data/shared` | | `GITLAB_ARTIFACTS_ENABLED` | Enable/Disable GitLab artifacts support. Defaults to `true`. | | `GITLAB_ARTIFACTS_DIR` | Directory to store the artifacts. Defaults to `$GITLAB_SHARED_DIR/artifacts` | -| `GITLAB_PIPELINE_SCHEDULE_WORKER_CRON` | Cron notation for the Gitlab pipeline schedule worker. Defaults to `'0 */12 * * *'` | +| `AWS_ACCESS_KEY_ID`| Default AWS access key to be used for object store. Defaults to `AWS_ACCESS_KEY_ID`| +| `AWS_SECRET_ACCESS_KEY`| Default AWS access key to be used for object store. Defaults to `AWS_SECRET_ACCESS_KEY`| +| `GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT`| Default Google project to use for Object Store.| +| `GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL`| Default Google service account email to use for Object Store.| +| `GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION`| Default Google key file Defaults to `/gcs/key.json`| +| `GITLAB_OBJECT_STORE_CONNECTION_PROVIDER`| Default object store connection provider. Defaults to `AWS`| +| `GITLAB_ARTIFACTS_OBJECT_STORE_ENABLED` | Enables Object Store for Artifacts that will be remote stored. Defaults to `false` | +| `GITLAB_ARTIFACTS_OBJECT_STORE_REMOTE_DIRECTORY` | Bucket name to store the artifacts. Defaults to `artifacts` | +| `GITLAB_ARTIFACTS_OBJECT_STORE_DIRECT_UPLOAD` | Set to true to enable direct upload of Artifacts without the need of local shared storage. Defaults to `false` | +| `GITLAB_ARTIFACTS_OBJECT_STORE_BACKGROUND_UPLOAD` | Temporary option to limit automatic upload. Defaults to `false` | +| `GITLAB_ARTIFACTS_OBJECT_STORE_PROXY_DOWNLOAD` | Passthrough all downloads via GitLab instead of using Redirects to Object Storage. Defaults to `false` | +| `GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_PROVIDER` | Connection Provider for the Object Store. (`AWS` or `Google`) Defaults to `$GITLAB_OBJECT_STORE_CONNECTION_PROVIDER` (`AWS`) | +| `GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID` | AWS Access Key ID for the Bucket. Defaults to `$AWS_ACCESS_KEY_ID` | +| `GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY` | AWS Secret Access Key. Defaults to `$AWS_SECRET_ACCESS_KEY` | +| `GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_REGION` | AWS Region. Defaults to `us-east-1` | +| `GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_HOST` | Configure this for an compatible AWS host like minio. Defaults to `s3.amazonaws.com` | +| `GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT` | AWS Endpoint like `http://127.0.0.1:9000`. Defaults to `nil` | +| `GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE` | Changes AWS Path Style to 'host/bucket_name/object' instead of 'bucket_name.host/object'. Defaults to `true` | +| `GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT`| Google project. Defaults to `$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT`| +| `GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL`| Google service account. Defaults to `$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL`| +| `GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION`| Default Google key file. Defaults to `$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION` (`/gcs/key.json`)| +| `GITLAB_PIPELINE_SCHEDULE_WORKER_CRON` | Cron notation for the GitLab pipeline schedule worker. Defaults to `'19 * * * *'` | | `GITLAB_LFS_ENABLED` | Enable/Disable Git LFS support. Defaults to `true`. | | `GITLAB_LFS_OBJECTS_DIR` | Directory to store the lfs-objects. Defaults to `$GITLAB_SHARED_DIR/lfs-objects` | +| `GITLAB_LFS_OBJECT_STORE_ENABLED` | Enables Object Store for LFS that will be remote stored. Defaults to `false` | +| `GITLAB_LFS_OBJECT_STORE_REMOTE_DIRECTORY` | Bucket name to store the LFS. Defaults to `lfs-object` | +| `GITLAB_LFS_OBJECT_STORE_BACKGROUND_UPLOAD` | Temporary option to limit automatic upload. Defaults to `false` | +| `GITLAB_LFS_OBJECT_STORE_PROXY_DOWNLOAD` | Passthrough all downloads via GitLab instead of using Redirects to Object Storage. Defaults to `false` | +| `GITLAB_LFS_OBJECT_STORE_CONNECTION_PROVIDER` | Connection Provider for the Object Store. (`AWS` or `Google`) Defaults to `$GITLAB_OBJECT_STORE_CONNECTION_PROVIDER` (`AWS`) | +| `GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID` | AWS Access Key ID for the Bucket. Defaults to `AWS_ACCESS_KEY_ID` | +| `GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY` | AWS Secret Access Key. Defaults to `AWS_SECRET_ACCESS_KEY` | +| `GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_REGION` | AWS Region. Defaults to `us-east-1` | +| `GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_HOST` | Configure this for an compatible AWS host like minio. Defaults to `s3.amazonaws.com` | +| `GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT` | AWS Endpoint like `http://127.0.0.1:9000`. Defaults to `nil` | +| `GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE` | Changes AWS Path Style to 'host/bucket_name/object' instead of 'bucket_name.host/object'. Defaults to `true` | +| `GITLAB_LFS_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT`| Google project. Defaults to `$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT`| +| `GITLAB_LFS_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL`| Google service account. Defaults to `$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL`| +| `GITLAB_LFS_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION`| Default Google key file. Defaults to `$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION` (`/gcs/key.json`)| +| `GITLAB_UPLOADS_STORAGE_PATH` | The location where uploads objects are stored. Defaults to `$GITLAB_SHARED_DIR/public`. | +| `GITLAB_UPLOADS_BASE_DIR` | Mapping for the `GITLAB_UPLOADS_STORAGE_PATH`. Defaults to `uploads/-/system` | +| `GITLAB_UPLOADS_OBJECT_STORE_ENABLED` | Enables Object Store for UPLOADS that will be remote stored. Defaults to `false` | +| `GITLAB_UPLOADS_OBJECT_STORE_REMOTE_DIRECTORY` | Bucket name to store the UPLOADS. Defaults to `uploads` | +| `GITLAB_UPLOADS_OBJECT_STORE_BACKGROUND_UPLOAD` | Temporary option to limit automatic upload. Defaults to `false` | +| `GITLAB_UPLOADS_OBJECT_STORE_PROXY_DOWNLOAD` | Passthrough all downloads via GitLab instead of using Redirects to Object Storage. Defaults to `false` | +| `GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_PROVIDER` | Connection Provider for the Object Store. (`AWS` or `Google`) Defaults to `$GITLAB_OBJECT_STORE_CONNECTION_PROVIDER` (`AWS`) | +| `GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID` | AWS Access Key ID for the Bucket. Defaults to `AWS_ACCESS_KEY_ID` | +| `GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY` | AWS Secret Access Key. Defaults to `AWS_SECRET_ACCESS_KEY` | +| `GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_REGION` | AWS Region. Defaults to `us-east-1` | +| `GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_HOST` | Configure this for an compatible AWS host like minio. Defaults to `s3.amazonaws.com` | +| `GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT` | AWS Endpoint like `http://127.0.0.1:9000`. Defaults to `nil` | +| `GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE` | Changes AWS Path Style to 'host/bucket_name/object' instead of 'bucket_name.host/object'. Defaults to `true` | +| `GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT`| Google project. Defaults to `$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT`| +| `GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL`| Google service account. Defaults to `$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL`| +| `GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION`| Default Google key file. Defaults to `$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION` (`/gcs/key.json`)| | `GITLAB_MATTERMOST_ENABLED` | Enable/Disable GitLab Mattermost for *Add Mattermost button*. Defaults to `false`. | | `GITLAB_MATTERMOST_URL` | Sets Mattermost URL. Defaults to `https://mattermost.example.com`. | | `GITLAB_BACKUP_SCHEDULE` | Setup cron job to automatic backups. Possible values `disable`, `daily`, `weekly` or `monthly`. Disabled by default | @@ -876,6 +882,13 @@ Below is the complete list of available options that can be used to customize yo | `GITLAB_PAGES_ARTIFACTS_SERVER` | Set to `true` to enable pages artifactsserver, enabled by default. | | `GITLAB_PAGES_EXTERNAL_HTTP` | Sets GitLab Pages external http to receive request on an independen port. Disabled by default | | `GITLAB_PAGES_EXTERNAL_HTTPS` | Sets GitLab Pages external https to receive request on an independen port. Disabled by default | +| `GITLAB_PAGES_ACCESS_CONTROL` | Set to `true` to enable access control for pages. Allows access to a Pages site to be controlled based on a user’s membership to that project. Disabled by default. | +| `GITLAB_PAGES_NGINX_PROXY` | Disable the nginx proxy for gitlab pages, defaults to `true`. When set to `false` this will turn off the nginx proxy to the gitlab pages daemon, used when the user provides their own http load balancer in combination with a gitlab pages custom domain setup. | +| `GITLAB_PAGES_ACCESS_SECRET` | Secret Hash, minimal 32 characters, if omitted, it will be auto generated. | +| `GITLAB_PAGES_ACCESS_CONTROL_SERVER` | Gitlab instance URI, example: `https://gitlab.example.io` | +| `GITLAB_PAGES_ACCESS_CLIENT_ID` | Client ID from earlier generated OAuth application | +| `GITLAB_PAGES_ACCESS_CLIENT_SECRET` | Client Secret from earlier genereated OAuth application | +| `GITLAB_PAGES_ACCESS_REDIRECT_URI` | Redirect URI, non existing pages domain to redirect to pages daemon, `https://projects.example.io/auth` | | `GITLAB_HTTPS` | Set to `true` to enable https support, disabled by default. | | `GITALY_CLIENT_PATH` | Set default path for gitaly. defaults to `/home/git/gitaly` | | `GITALY_TOKEN` | Set a gitaly token, blank by default. | @@ -912,15 +925,16 @@ Below is the complete list of available options that can be used to customize yo | `SIDEKIQ_CONCURRENCY` | The number of concurrent sidekiq jobs to run. Defaults to `25` | | `SIDEKIQ_SHUTDOWN_TIMEOUT` | Timeout for sidekiq shutdown. Defaults to `4` | | `SIDEKIQ_MEMORY_KILLER_MAX_RSS` | Non-zero value enables the SidekiqMemoryKiller. Defaults to `1000000`. For additional options refer [Configuring the MemoryKiller](http://doc.gitlab.com/ce/operations/sidekiq_memory_killer.html) | -| `DB_ADAPTER` | The database type. Possible values: `mysql2`, `postgresql`. Defaults to `postgresql`. | -| `DB_ENCODING` | The database encoding. For `DB_ADAPTER` values `postresql` and `mysql2`, this parameter defaults to `unicode` and `utf8` respectively. | -| `DB_COLLATION` | The database collation. Defaults to `utf8_general_ci` for `DB_ADAPTER` `mysql2`. This parameter is not supported for `DB_ADAPTER` `postresql` and will be removed. | +| `GITLAB_SIDEKIQ_LOG_FORMAT` | Sidekiq log format that will be used. Defaults to `json` | +| `DB_ADAPTER` | The database type. Currently only postgresql is supported. Over 12.1 postgres force. Possible values: `postgresql`. Defaults to `postgresql`. | +| `DB_ENCODING` | The database encoding. For `DB_ADAPTER` values `postresql` this parameter defaults and `utf8` respectively. | | `DB_HOST` | The database server hostname. Defaults to `localhost`. | -| `DB_PORT` | The database server port. Defaults to `3306` for mysql and `5432` for postgresql. | +| `DB_PORT` | The database server port. Defaults to `5432` for postgresql. | | `DB_NAME` | The database database name. Defaults to `gitlabhq_production` | | `DB_USER` | The database database user. Defaults to `root` | | `DB_PASS` | The database database password. Defaults to no password | | `DB_POOL` | The database database connection pool count. Defaults to `10`. | +| `DB_PREPARED_STATEMENTS` | Whether use database prepared statements. No defaults. But set to `false` if you want to use with [PgBouncer](https://pgbouncer.github.io/) | | `SMTP_ENABLED` | Enable mail delivery via SMTP. Defaults to `true` if `SMTP_USER` is defined, else defaults to `false`. | | `SMTP_DOMAIN` | SMTP domain. Defaults to` www.gmail.com` | | `SMTP_HOST` | SMTP server host. Defaults to `smtp.gmail.com`. | @@ -959,6 +973,12 @@ Below is the complete list of available options that can be used to customize yo | `LDAP_BLOCK_AUTO_CREATED_USERS` | Locks down those users until they have been cleared by the admin. Defaults to `false`. | | `LDAP_BASE` | Base where we can search for users. No default. | | `LDAP_USER_FILTER` | Filter LDAP users. No default. | +| `LDAP_USER_ATTRIBUTE_USERNAME` | Attribute fields for the identification of a user. Default to `['uid', 'userid', 'sAMAccountName']` | +| `LDAP_USER_ATTRIBUTE_MAIL` | Attribute fields for the shown mail address. Default to `['mail', 'email', 'userPrincipalName']` | +| `LDAP_USER_ATTRIBUTE_NAME` | Attribute field for the used username of a user. Default to `cn`. | +| `LDAP_USER_ATTRIBUTE_FIRSTNAME` | Attribute field for the forename of a user. Default to `givenName` | +| `LDAP_USER_ATTRIBUTE_LASTNAME` | Attribute field for the surname of a user. Default to `sn` | +| `LDAP_LOWERCASE_USERNAMES` | GitLab will lower case the username for the LDAP Server. Defaults to `false` | | `OAUTH_ENABLED` | Enable OAuth support. Defaults to `true` if any of the support OAuth providers is configured, else defaults to `false`. | | `OAUTH_AUTO_SIGN_IN_WITH_PROVIDER` | Automatically sign in with a specific OAuth provider without showing GitLab sign-in page. Accepted values are `cas3`, `github`, `bitbucket`, `gitlab`, `google_oauth2`, `facebook`, `twitter`, `saml`, `crowd`, `auth0` and `azure_oauth2`. No default. | | `OAUTH_ALLOW_SSO` | Comma separated list of oauth providers for single sign-on. This allows users to login without having a user account. The account is created automatically when authentication is successful. Accepted values are `cas3`, `github`, `bitbucket`, `gitlab`, `google_oauth2`, `facebook`, `twitter`, `saml`, `crowd`, `auth0` and `azure_oauth2`. No default. | @@ -1000,6 +1020,7 @@ Below is the complete list of available options that can be used to customize yo | `OAUTH_SAML_GROUPS_ATTRIBUTE` | Map groups attribute in a SAMLResponse to external groups. No defaults. | | `OAUTH_SAML_EXTERNAL_GROUPS` | List of external groups in a SAMLResponse. Value is comma separated list of single quoted groups. Example: `'group1','group2'`. No defaults. | | `OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL` | Map 'email' attribute name in a SAMLResponse to entries in the OmniAuth info hash, No defaults. See [GitLab documentation](http://doc.gitlab.com/ce/integration/saml.html#attribute_statements) for more details. | +| `OAUTH_SAML_ATTRIBUTE_STATEMENTS_USERNAME` | Map 'username' attribute in a SAMLResponse to entries in the OmniAuth info hash, No defaults. See [GitLab documentation](http://doc.gitlab.com/ce/integration/saml.html#attribute_statements) for more details. | | `OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME` | Map 'name' attribute in a SAMLResponse to entries in the OmniAuth info hash, No defaults. See [GitLab documentation](http://doc.gitlab.com/ce/integration/saml.html#attribute_statements) for more details. | | `OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME` | Map 'first_name' attribute in a SAMLResponse to entries in the OmniAuth info hash, No defaults. See [GitLab documentation](http://doc.gitlab.com/ce/integration/saml.html#attribute_statements) for more details. | | `OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME` | Map 'last_name' attribute in a SAMLResponse to entries in the OmniAuth info hash, No defaults. See [GitLab documentation](http://doc.gitlab.com/ce/integration/saml.html#attribute_statements) for more details. | @@ -1009,6 +1030,7 @@ Below is the complete list of available options that can be used to customize yo | `OAUTH_AUTH0_CLIENT_ID` | Auth0 Client ID. No defaults. | | `OAUTH_AUTH0_CLIENT_SECRET` | Auth0 Client secret. No defaults. | | `OAUTH_AUTH0_DOMAIN` | Auth0 Domain. No defaults. | +| `OAUTH_AUTH0_SCOPE` | Auth0 Scope. Defaults to `openid profile email`. | | `OAUTH_AZURE_API_KEY` | Azure Client ID. No defaults. | | `OAUTH_AZURE_API_SECRET` | Azure Client secret. No defaults. | | `OAUTH_AZURE_TENANT_ID` | Azure Tenant ID. No defaults. | @@ -1029,6 +1051,7 @@ Below is the complete list of available options that can be used to customize yo | `AWS_BACKUP_MULTIPART_CHUNK_SIZE` | Enables mulitpart uploads when file size reaches a defined size. See at [AWS S3 Docs](http://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) | | `AWS_BACKUP_ENCRYPTION` | Turns on AWS Server-Side Encryption. Defaults to `false`. See at [AWS S3 Docs](http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) | | `AWS_BACKUP_STORAGE_CLASS` | Configure the storage class for the item. Defaults to `STANDARD` See at [AWS S3 Docs](http://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) | +| `AWS_BACKUP_SIGNATURE_VERSION` | Configure the storage signature version. Defaults to `4` See at [AWS S3 Docs](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version) | | `GCS_BACKUPS` | Enables automatic uploads to an Google Cloud Storage (GCS) instance. Defaults to `false`. | | `GCS_BACKUP_ACCESS_KEY_ID` | GCS access key id. No defaults | | `GCS_BACKUP_SECRET_ACCESS_KEY` | GCS secret access key. No defaults | @@ -1040,6 +1063,27 @@ Below is the complete list of available options that can be used to customize yo | `RACK_ATTACK_FINDTIME` | Number of seconds before resetting the per IP auth attempt counter. Defaults to `60`. | | `RACK_ATTACK_BANTIME` | Number of seconds an IP should be banned after too many auth attempts. Defaults to `3600`. | | `GITLAB_WORKHORSE_TIMEOUT` | Timeout for gitlab workhorse http proxy. Defaults to `5m0s`. | +| `SENTRY_ENABLED` | Enables Error Reporting and Logging with Sentry. Defaults to `false`. | +| `SENTRY_DSN` | Sentry DSN. No defaults. | +| `SENTRY_CLIENTSIDE_DSN` | Sentry clientside DSN. No defaults. | +| `SENTRY_ENVIRONMENT` | Sentry environment. Defaults to `production`. | + +### Docker secrets and configs + +All the above environment variables can be put into a [secrets](https://docs.docker.com/compose/compose-file/#secrets) or [config](https://docs.docker.com/compose/compose-file/#configs) file +and then both docker-compose and Docker Swarm can import them into your gitlab container. + +On startup, the gitlab container will source env vars from a config file labeled `gitlab-config`, and then a secrets file labeled `gitlab-secrets` (both mounted in the default locations). + +See the example [`contrib/docker-swarm/docker-compose.yml`](./contrib/docker-swarm/docker-compose.yml) file, and the +example `gitlab.configs` and `gitlab.secrets` file. +You may as well choose file names other than the example source files (`gitlab.configs` and `gitlab.secrets`) and update +the `file: ./gitlab.configs` and `file: ./gitlab.secrets` references accordingly. But do not alter the config +keys [`gitlab-configs`](contrib/docker-swarm/docker-compose.yml#L158) and +[`gitlab-secrets`](contrib/docker-swarm/docker-compose.yml#L162) as they are currently +[hardcoded](./assets/runtime/functions#L4:L9) and thus must be kept as in the example. + +If you're not using one of these files, then don't include its entry in the docker-compose file. # Maintenance @@ -1057,7 +1101,7 @@ Execute the rake task to create a backup. ```bash docker run --name gitlab -it --rm [OPTIONS] \ - sameersbn/gitlab:10.3.6 app:rake gitlab:backup:create + sameersbn/gitlab:12.5.5 app:rake gitlab:backup:create ``` A backup will be created in the backups folder of the [Data Store](#data-store). You can change the location of the backups using the `GITLAB_BACKUP_DIR` configuration parameter. @@ -1067,9 +1111,16 @@ A backup will be created in the backups folder of the [Data Store](#data-store). When using `docker-compose` you may use the following command to execute the backup. ```bash +docker-compose rm -sf gitlab docker-compose run --rm gitlab app:rake gitlab:backup:create ``` +Afterwards you can bring your Instance back with the following command: + +```bash +docker-compose up -d +``` + ## Restoring Backups GitLab also defines a rake task to restore a backup. @@ -1085,14 +1136,14 @@ you need to prepare the database: ```bash docker run --name gitlab -it --rm [OPTIONS] \ - sameersbn/gitlab:10.3.6 app:rake db:setup + sameersbn/gitlab:12.5.5 app:rake db:setup ``` Execute the rake task to restore a backup. Make sure you run the container in interactive mode `-it`. ```bash docker run --name gitlab -it --rm [OPTIONS] \ - sameersbn/gitlab:10.3.6 app:rake gitlab:backup:restore + sameersbn/gitlab:12.5.5 app:rake gitlab:backup:restore ``` The list of all available backups will be displayed in reverse chronological order. Select the backup you want to restore and continue. @@ -1110,6 +1161,7 @@ docker-compose run --rm gitlab app:rake gitlab:backup:restore # List available b docker-compose run --rm gitlab app:rake gitlab:backup:restore BACKUP=1515629493_2018_01_11_10.3.6 # Choose to restore from 1515629493 ``` + ## Host Key Backups (ssh) SSH keys are not backed up in the normal gitlab backup process. You @@ -1149,7 +1201,7 @@ The `app:rake` command allows you to run gitlab rake tasks. To run a rake task s ```bash docker run --name gitlab -it --rm [OPTIONS] \ - sameersbn/gitlab:10.3.6 app:rake gitlab:env:info + sameersbn/gitlab:12.5.5 app:rake gitlab:env:info ``` You can also use `docker exec` to run raketasks on running gitlab instance. For example, @@ -1162,7 +1214,7 @@ Similarly, to import bare repositories into GitLab project instance ```bash docker run --name gitlab -it --rm [OPTIONS] \ - sameersbn/gitlab:10.3.6 app:rake gitlab:import:repos + sameersbn/gitlab:12.5.5 app:rake gitlab:import:repos ``` Or @@ -1193,7 +1245,7 @@ Copy all the **bare** git repositories to the `repositories/` directory of the [ ```bash docker run --name gitlab -it --rm [OPTIONS] \ - sameersbn/gitlab:10.3.6 app:rake gitlab:import:repos + sameersbn/gitlab:12.5.5 app:rake gitlab:import:repos ``` Watch the logs and your repositories should be available into your new gitlab container. @@ -1215,12 +1267,12 @@ To upgrade to newer gitlab releases, simply follow this 4 step upgrade procedure > **Note** > -> Upgrading to `sameersbn/gitlab:10.3.6` from `sameersbn/gitlab:7.x.x` can cause issues. It is therefore required that you first upgrade to `sameersbn/gitlab:8.0.5-1` before upgrading to `sameersbn/gitlab:8.1.0` or higher. +> Upgrading to `sameersbn/gitlab:12.5.5` from `sameersbn/gitlab:7.x.x` can cause issues. It is therefore required that you first upgrade to `sameersbn/gitlab:8.0.5-1` before upgrading to `sameersbn/gitlab:8.1.0` or higher. - **Step 1**: Update the docker image. ```bash -docker pull sameersbn/gitlab:10.3.6 +docker pull sameersbn/gitlab:12.5.5 ``` - **Step 2**: Stop and remove the currently running image @@ -1246,7 +1298,7 @@ Replace `x.x.x` with the version you are upgrading from. For example, if you are > **Note**: Since GitLab `8.11.0` you need to provide the `GITLAB_SECRETS_SECRET_KEY_BASE` and `GITLAB_SECRETS_OTP_KEY_BASE` parameters while starting the image. These should initially both have the same value as the contents of the `/home/git/data/.secret` file. See [Available Configuration Parameters](#available-configuration-parameters) for more information on these parameters. ```bash -docker run --name gitlab -d [OPTIONS] sameersbn/gitlab:10.3.6 +docker run --name gitlab -d [OPTIONS] sameersbn/gitlab:12.5.5 ``` ## Shell Access diff --git a/VERSION b/VERSION index 709c7796..8c966ec2 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -10.3.6 +12.5.5 diff --git a/assets/build/install.sh b/assets/build/install.sh index 76396d59..b69018d6 100755 --- a/assets/build/install.sh +++ b/assets/build/install.sh @@ -1,25 +1,34 @@ #!/bin/bash set -e -GITLAB_CLONE_URL=https://gitlab.com/gitlab-org/gitlab-ce.git -GITLAB_SHELL_URL=https://gitlab.com/gitlab-org/gitlab-shell/repository/archive.tar.gz +GITLAB_CLONE_URL=https://gitlab.com/gitlab-org/gitlab-foss.git +GITLAB_SHELL_URL=https://gitlab.com/gitlab-org/gitlab-shell/-/archive/v${GITLAB_SHELL_VERSION}/gitlab-shell-v${GITLAB_SHELL_VERSION}.tar.bz2 GITLAB_WORKHORSE_URL=https://gitlab.com/gitlab-org/gitlab-workhorse.git GITLAB_PAGES_URL=https://gitlab.com/gitlab-org/gitlab-pages.git GITLAB_GITALY_URL=https://gitlab.com/gitlab-org/gitaly.git +GITLAB_WORKHORSE_BUILD_DIR=/tmp/gitlab-workhorse +GITLAB_PAGES_BUILD_DIR=/tmp/gitlab-pages +GITLAB_GITALY_BUILD_DIR=/tmp/gitaly + GEM_CACHE_DIR="${GITLAB_BUILD_DIR}/cache" +GOROOT=/tmp/go +PATH=${GOROOT}/bin:$PATH + +export GOROOT PATH + BUILD_DEPENDENCIES="gcc g++ make patch pkg-config cmake paxctl \ libc6-dev ruby${RUBY_VERSION}-dev \ - libmysqlclient-dev libpq-dev zlib1g-dev libyaml-dev libssl-dev \ + libpq-dev zlib1g-dev libyaml-dev libssl-dev \ libgdbm-dev libreadline-dev libncurses5-dev libffi-dev \ libxml2-dev libxslt-dev libcurl4-openssl-dev libicu-dev \ - gettext" + gettext libkrb5-dev" ## Execute a command as GITLAB_USER exec_as_git() { - if [[ $(whoami) == ${GITLAB_USER} ]]; then - $@ + if [[ $(whoami) == "${GITLAB_USER}" ]]; then + "$@" else sudo -HEu ${GITLAB_USER} "$@" fi @@ -27,28 +36,15 @@ exec_as_git() { # install build dependencies for gem installation apt-get update -DEBIAN_FRONTEND=noninteractive apt-get install -y ${BUILD_DEPENDENCIES} - -# Install RE2 library wich became dependencie since 9.3.8 version -# https://gitlab.com/gitlab-org/gitlab-ce/issues/35342 -DEBIAN_FRONTEND=noninteractive apt-get install -y checkinstall -cd /tmp -git clone https://github.com/google/re2.git -cd re2/ && make && make test -checkinstall -D --install=no -y --pkgname=re2 --pkgversion=1-current -dpkg -i re2_1-current-1_amd64.deb -ldconfig -cd - -rm -rf /tmp/re2 -DEBIAN_FRONTEND=noninteractive apt-get purge -y --auto-remove checkinstall +DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y ${BUILD_DEPENDENCIES} # PaX-mark ruby # Applying the mark late here does make the build usable on PaX kernels, but # still the build itself must be executed on a non-PaX kernel. It's done here # only for simplicity. -paxctl -Cm `which ruby${RUBY_VERSION}` +paxctl -cvm "$(command -v ruby${RUBY_VERSION})" # https://en.wikibooks.org/wiki/Grsecurity/Application-specific_Settings#Node.js -paxctl -Cm `which nodejs` +paxctl -cvm "$(command -v nodejs)" # remove the host keys generated during openssh-server installation rm -rf /etc/ssh/ssh_host_*_key /etc/ssh/ssh_host_*_key.pub @@ -66,16 +62,18 @@ EOF exec_as_git git config --global core.autocrlf input exec_as_git git config --global gc.auto 0 exec_as_git git config --global repack.writeBitmaps true +exec_as_git git config --global receive.advertisePushOptions true -# shallow clone gitlab-ce -echo "Cloning gitlab-ce v.${GITLAB_VERSION}..." + +# shallow clone gitlab-foss +echo "Cloning gitlab-foss v.${GITLAB_VERSION}..." exec_as_git git clone -q -b v${GITLAB_VERSION} --depth 1 ${GITLAB_CLONE_URL} ${GITLAB_INSTALL_DIR} GITLAB_SHELL_VERSION=${GITLAB_SHELL_VERSION:-$(cat ${GITLAB_INSTALL_DIR}/GITLAB_SHELL_VERSION)} GITLAB_WORKHORSE_VERSION=${GITLAB_WORKHOUSE_VERSION:-$(cat ${GITLAB_INSTALL_DIR}/GITLAB_WORKHORSE_VERSION)} GITLAB_PAGES_VERSION=${GITLAB_PAGES_VERSION:-$(cat ${GITLAB_INSTALL_DIR}/GITLAB_PAGES_VERSION)} -#download golang +# download golang echo "Downloading Go ${GOLANG_VERSION}..." wget -cnv https://storage.googleapis.com/golang/go${GOLANG_VERSION}.linux-amd64.tar.gz -P ${GITLAB_BUILD_DIR}/ tar -xf ${GITLAB_BUILD_DIR}/go${GOLANG_VERSION}.linux-amd64.tar.gz -C /tmp/ @@ -83,56 +81,63 @@ tar -xf ${GITLAB_BUILD_DIR}/go${GOLANG_VERSION}.linux-amd64.tar.gz -C /tmp/ # install gitlab-shell echo "Downloading gitlab-shell v.${GITLAB_SHELL_VERSION}..." mkdir -p ${GITLAB_SHELL_INSTALL_DIR} -wget -cq ${GITLAB_SHELL_URL}?ref=v${GITLAB_SHELL_VERSION} -O ${GITLAB_BUILD_DIR}/gitlab-shell-${GITLAB_SHELL_VERSION}.tar.gz -tar xf ${GITLAB_BUILD_DIR}/gitlab-shell-${GITLAB_SHELL_VERSION}.tar.gz --strip 1 -C ${GITLAB_SHELL_INSTALL_DIR} -rm -rf ${GITLAB_BUILD_DIR}/gitlab-shell-${GITLAB_SHELL_VERSION}.tar.gz +wget -cq ${GITLAB_SHELL_URL} -O ${GITLAB_BUILD_DIR}/gitlab-shell-${GITLAB_SHELL_VERSION}.tar.bz2 +tar xf ${GITLAB_BUILD_DIR}/gitlab-shell-${GITLAB_SHELL_VERSION}.tar.bz2 --strip 1 -C ${GITLAB_SHELL_INSTALL_DIR} +rm -rf ${GITLAB_BUILD_DIR}/gitlab-shell-${GITLAB_SHELL_VERSION}.tar.bz2 chown -R ${GITLAB_USER}: ${GITLAB_SHELL_INSTALL_DIR} cd ${GITLAB_SHELL_INSTALL_DIR} -exec_as_git cp -a ${GITLAB_SHELL_INSTALL_DIR}/config.yml.example ${GITLAB_SHELL_INSTALL_DIR}/config.yml +exec_as_git cp -a config.yml.example config.yml if [[ -x ./bin/compile ]]; then echo "Compiling gitlab-shell golang executables..." - exec_as_git PATH=/tmp/go/bin:$PATH GOROOT=/tmp/go ./bin/compile + ./bin/compile + rm -rf go_build fi -exec_as_git ./bin/install +./bin/install # remove unused repositories directory created by gitlab-shell install -exec_as_git rm -rf ${GITLAB_HOME}/repositories +rm -rf ${GITLAB_HOME}/repositories # download gitlab-workhorse echo "Cloning gitlab-workhorse v.${GITLAB_WORKHORSE_VERSION}..." -exec_as_git git clone -q -b v${GITLAB_WORKHORSE_VERSION} --depth 1 ${GITLAB_WORKHORSE_URL} ${GITLAB_WORKHORSE_INSTALL_DIR} -chown -R ${GITLAB_USER}: ${GITLAB_WORKHORSE_INSTALL_DIR} +git clone -q -b v${GITLAB_WORKHORSE_VERSION} --depth 1 ${GITLAB_WORKHORSE_URL} ${GITLAB_WORKHORSE_BUILD_DIR} +make -C ${GITLAB_WORKHORSE_BUILD_DIR} install -#install gitlab-workhorse -cd ${GITLAB_WORKHORSE_INSTALL_DIR} -PATH=/tmp/go/bin:$PATH GOROOT=/tmp/go make install +# clean up +rm -rf ${GITLAB_WORKHORSE_BUILD_DIR} -#download pages +# download gitlab-pages echo "Downloading gitlab-pages v.${GITLAB_PAGES_VERSION}..." -exec_as_git git clone -q -b v${GITLAB_PAGES_VERSION} --depth 1 ${GITLAB_PAGES_URL} ${GITLAB_PAGES_INSTALL_DIR} -chown -R ${GITLAB_USER}: ${GITLAB_PAGES_INSTALL_DIR} +git clone -q -b v${GITLAB_PAGES_VERSION} --depth 1 ${GITLAB_PAGES_URL} ${GITLAB_PAGES_BUILD_DIR} -#install gitlab-pages -cd ${GITLAB_PAGES_INSTALL_DIR} -PATH=/tmp/go/bin:$PATH GOROOT=/tmp/go make -cp -f gitlab-pages /usr/local/bin/ +# install gitlab-pages +make -C ${GITLAB_PAGES_BUILD_DIR} +cp -a ${GITLAB_PAGES_BUILD_DIR}/gitlab-pages /usr/local/bin/ -# download gitaly +# clean up +rm -rf ${GITLAB_PAGES_BUILD_DIR} + +# download and build gitaly echo "Downloading gitaly v.${GITALY_SERVER_VERSION}..." -exec_as_git git clone -q -b v${GITALY_SERVER_VERSION} --depth 1 ${GITLAB_GITALY_URL} ${GITLAB_GITALY_INSTALL_DIR} -chown -R ${GITLAB_USER}: ${GITLAB_GITALY_INSTALL_DIR} -# copy default config for gitaly -exec_as_git cp ${GITLAB_GITALY_INSTALL_DIR}/config.toml.example ${GITLAB_GITALY_INSTALL_DIR}/config.toml +git clone -q -b v${GITALY_SERVER_VERSION} --depth 1 ${GITLAB_GITALY_URL} ${GITLAB_GITALY_BUILD_DIR} # install gitaly -cd ${GITLAB_GITALY_INSTALL_DIR} -ln -sf /tmp/go /usr/local/go -PATH=/tmp/go/bin:$PATH make install && make clean -rm -f /usr/local/go +make -C ${GITLAB_GITALY_BUILD_DIR} install +mkdir -p ${GITLAB_GITALY_INSTALL_DIR} +cp -a ${GITLAB_GITALY_BUILD_DIR}/ruby ${GITLAB_GITALY_INSTALL_DIR}/ +cp -a ${GITLAB_GITALY_BUILD_DIR}/config.toml.example ${GITLAB_GITALY_INSTALL_DIR}/config.toml +rm -rf ${GITLAB_GITALY_INSTALL_DIR}/ruby/vendor/bundle/ruby/**/cache +chown -R ${GITLAB_USER}: ${GITLAB_GITALY_INSTALL_DIR} + +# clean up +rm -rf ${GITLAB_GITALY_BUILD_DIR} # remove go -rm -rf ${GITLAB_BUILD_DIR}/go${GOLANG_VERSION}.linux-amd64.tar.gz /tmp/go +rm -rf ${GITLAB_BUILD_DIR}/go${GOLANG_VERSION}.linux-amd64.tar.gz ${GOROOT} + +# Fix for rebase in forks +echo "Linking $(command -v gitaly-ssh) to /" +ln -s "$(command -v gitaly-ssh)" / # remove HSTS config from the default headers, we configure it in nginx exec_as_git sed -i "/headers\['Strict-Transport-Security'\]/d" ${GITLAB_INSTALL_DIR}/app/controllers/application_controller.rb @@ -148,7 +153,7 @@ if [[ -d ${GEM_CACHE_DIR} ]]; then chown -R ${GITLAB_USER}: ${GITLAB_INSTALL_DIR}/vendor/cache fi -exec_as_git bundle install -j$(nproc) --deployment --without development test aws +exec_as_git bundle install -j"$(nproc)" --deployment --without development test mysql aws # make sure everything in ${GITLAB_HOME} is owned by ${GITLAB_USER} user chown -R ${GITLAB_USER}: ${GITLAB_HOME} @@ -156,14 +161,14 @@ chown -R ${GITLAB_USER}: ${GITLAB_HOME} # gitlab.yml and database.yml are required for `assets:precompile` exec_as_git cp ${GITLAB_INSTALL_DIR}/config/resque.yml.example ${GITLAB_INSTALL_DIR}/config/resque.yml exec_as_git cp ${GITLAB_INSTALL_DIR}/config/gitlab.yml.example ${GITLAB_INSTALL_DIR}/config/gitlab.yml -exec_as_git cp ${GITLAB_INSTALL_DIR}/config/database.yml.mysql ${GITLAB_INSTALL_DIR}/config/database.yml +exec_as_git cp ${GITLAB_INSTALL_DIR}/config/database.yml.postgresql ${GITLAB_INSTALL_DIR}/config/database.yml # Installs nodejs packages required to compile webpack exec_as_git yarn install --production --pure-lockfile exec_as_git yarn add ajv@^4.0.0 echo "Compiling assets. Please be patient, this could take a while..." -exec_as_git bundle exec rake gitlab:assets:compile USE_DB=false SKIP_STORAGE_VALIDATION=true +exec_as_git bundle exec rake gitlab:assets:compile USE_DB=false SKIP_STORAGE_VALIDATION=true NODE_OPTIONS="--max-old-space-size=4096" # remove auto generated ${GITLAB_DATA_DIR}/config/secrets.yml rm -rf ${GITLAB_DATA_DIR}/config/secrets.yml @@ -207,6 +212,7 @@ sed -i \ -e "s|^[#]*UsePrivilegeSeparation yes|UsePrivilegeSeparation no|" \ -e "s|^[#]*PasswordAuthentication yes|PasswordAuthentication no|" \ -e "s|^[#]*LogLevel INFO|LogLevel VERBOSE|" \ + -e "s|^[#]*AuthorizedKeysFile.*|AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_proxy|" \ /etc/ssh/sshd_config echo "UseDNS no" >> /etc/ssh/sshd_config @@ -219,6 +225,9 @@ sed -i \ -e "s|error_log /var/log/nginx/error.log;|error_log ${GITLAB_LOG_DIR}/nginx/error.log;|" \ /etc/nginx/nginx.conf +# fix "unknown group 'syslog'" error preventing logrotate from functioning +sed -i "s|^su root syslog$|su root root|" /etc/logrotate.conf + # configure supervisord log rotation cat > /etc/logrotate.d/supervisord < /etc/supervisor/conf.d/groups.conf </dev/null 2>&1 do @@ -206,22 +173,14 @@ gitlab_configure_database() { gitlab_check_database_connection update_template ${GITLAB_DATABASE_CONFIG} \ - DB_ADAPTER \ DB_ENCODING \ - DB_COLLATION \ DB_HOST \ DB_PORT \ DB_NAME \ DB_USER \ DB_PASS \ - DB_POOL - - if [[ ${DB_ADAPTER} == postgresql ]]; then - exec_as_git sed -i \ - -e "/reconnect: /d" \ - -e "/collation: /d" \ - ${GITLAB_DATABASE_CONFIG} - fi + DB_POOL \ + DB_PREPARED_STATEMENTS } gitlab_finalize_redis_parameters() { @@ -294,7 +253,6 @@ gitlab_configure_monitoring() { GITLAB_MONITORING_SIDEKIQ_EXPORTER_ENABLED \ GITLAB_MONITORING_SIDEKIQ_EXPORTER_ADDRESS \ GITLAB_MONITORING_SIDEKIQ_EXPORTER_PORT - } gitlab_configure_gitlab_workhorse() { @@ -390,6 +348,17 @@ gitlab_configure_mail_delivery() { GITLAB_EMAIL_DISPLAY_NAME \ GITLAB_EMAIL_REPLY_TO \ GITLAB_EMAIL_SUBJECT_SUFFIX + + if [[ ${GITLAB_EMAIL_SMIME_ENABLE} == true ]]; then + exec_as_git sed -i "/#start-email-smime/d" ${GITLAB_CONFIG} + exec_as_git sed -i "/#end-email-smime/d" ${GITLAB_CONFIG} + update_template ${GITLAB_CONFIG} \ + GITLAB_EMAIL_SMIME_ENABLE \ + GITLAB_EMAIL_SMIME_KEY_FILE \ + GITLAB_EMAIL_SMIME_CERT_FILE + else + exec_as_git sed -i "/#start-email-smime/,/#end-email-smime/d" ${GITLAB_CONFIG} + fi } gitlab_configure_mailroom() { @@ -455,6 +424,12 @@ gitlab_configure_ldap() { LDAP_BLOCK_AUTO_CREATED_USERS \ LDAP_BASE \ LDAP_USER_FILTER \ + LDAP_LOWERCASE_USERNAMES \ + LDAP_USER_ATTRIBUTE_USERNAME \ + LDAP_USER_ATTRIBUTE_MAIL \ + LDAP_USER_ATTRIBUTE_NAME \ + LDAP_USER_ATTRIBUTE_FIRSTNAME \ + LDAP_USER_ATTRIBUTE_LASTNAME \ LDAP_LABEL } @@ -585,6 +560,9 @@ gitlab_configure_oauth_saml_attribute_statements() { OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME \ OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME # Remove undefined optional attributes + exec_as_git sed -i "/email: \\[''\\],/d" ${GITLAB_CONFIG} + exec_as_git sed -i "/name: \\[''\\],/d" ${GITLAB_CONFIG} + exec_as_git sed -i "/username: \\[''\\],/d" ${GITLAB_CONFIG} exec_as_git sed -i "/first_name: \\[''\\],/d" ${GITLAB_CONFIG} exec_as_git sed -i "/last_name: \\[''\\],/d" ${GITLAB_CONFIG} else @@ -635,15 +613,17 @@ gitlab_configure_oauth_crowd() { gitlab_configure_oauth_auth0() { if [[ -n ${OAUTH_AUTH0_CLIENT_ID} && \ -n ${OAUTH_AUTH0_CLIENT_SECRET} && \ + -n ${OAUTH_AUTH0_SCOPE} && \ -n ${OAUTH_AUTH0_DOMAIN} ]]; then echo "Configuring gitlab::oauth::auth0..." OAUTH_ENABLED=${OAUTH_ENABLED:-true} update_template ${GITLAB_CONFIG} \ OAUTH_AUTH0_CLIENT_ID \ OAUTH_AUTH0_CLIENT_SECRET \ - OAUTH_AUTH0_DOMAIN + OAUTH_AUTH0_DOMAIN \ + OAUTH_AUTH0_SCOPE else - exec_as_git sed -i "/name: 'auth0'/,/{{OAUTH_AUTH0_DOMAIN}}/d" ${GITLAB_CONFIG} + exec_as_git sed -i "/name: 'auth0'/,/{{OAUTH_AUTH0_SCOPE}}/d" ${GITLAB_CONFIG} fi } @@ -741,6 +721,10 @@ gitlab_configure_secrets() { gitlab_configure_sidekiq() { echo "Configuring gitlab::sidekiq..." + # configure gitlab sidekiq log format + update_template ${GITLAB_CONFIG} \ + GITLAB_SIDEKIQ_LOG_FORMAT + # configure sidekiq update_template /etc/supervisor/conf.d/sidekiq.conf \ SIDEKIQ_CONCURRENCY \ @@ -772,7 +756,11 @@ gitlab_configure_backups_schedule() { weekly) day_of_week=0 ;; monthly) day_of_month=01 ;; esac - echo "$min $hour $day_of_month $month $day_of_week /bin/bash -l -c 'cd ${GITLAB_INSTALL_DIR} && bundle exec rake gitlab:backup:create SKIP=${GITLAB_BACKUP_SKIP} RAILS_ENV=${RAILS_ENV}'" >> /tmp/cron.${GITLAB_USER} + if [[ -n ${GITLAB_BACKUP_DIR_GROUP} ]]; then + echo "$min $hour $day_of_month $month $day_of_week /bin/bash -l -c 'cd ${GITLAB_INSTALL_DIR} && bundle exec rake gitlab:backup:create SKIP=${GITLAB_BACKUP_SKIP} DIRECTORY=${GITLAB_BACKUP_DIR_GROUP} RAILS_ENV=${RAILS_ENV}'" >> /tmp/cron.${GITLAB_USER} + else + echo "$min $hour $day_of_month $month $day_of_week /bin/bash -l -c 'cd ${GITLAB_INSTALL_DIR} && bundle exec rake gitlab:backup:create SKIP=${GITLAB_BACKUP_SKIP} RAILS_ENV=${RAILS_ENV}'" >> /tmp/cron.${GITLAB_USER} + fi crontab -u ${GITLAB_USER} /tmp/cron.${GITLAB_USER} fi rm -rf /tmp/cron.${GITLAB_USER} @@ -820,7 +808,8 @@ gitlab_configure_backups_aws() { AWS_BACKUP_SECRET_ACCESS_KEY \ AWS_BACKUP_BUCKET \ AWS_BACKUP_MULTIPART_CHUNK_SIZE \ - AWS_BACKUP_STORAGE_CLASS + AWS_BACKUP_STORAGE_CLASS \ + AWS_BACKUP_SIGNATURE_VERSION } gitlab_configure_backup_gcs() { @@ -847,7 +836,7 @@ gitlab_configure_backups() { GITLAB_BACKUP_ARCHIVE_PERMISSIONS gitlab_configure_backups_schedule if [[ ${AWS_BACKUPS} != true && ${GCS_BACKUPS} != true ]]; then - exec_as_git sed -i "/upload:/,/#end-gcs/d" ${GITLAB_CONFIG} + exec_as_git sed -i "/\s\+upload:/,/#end-gcs/d" ${GITLAB_CONFIG} return 0 fi if [[ ${AWS_BACKUPS} == true && ${GCS_BACKUPS} == true ]]; then @@ -936,6 +925,42 @@ gitlab_configure_ci() { } gitlab_configure_artifacts() { + if [[ ${GITLAB_ARTIFACTS_OBJECT_STORE_ENABLED} == true ]]; then + echo "Configuring gitlab::artifacts:object_store" + + if [[ "${GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_PROVIDER}" == "Google" ]]; then + echo " -> Google ARTIFACTS provider selected removing aws config" + exec_as_git sed -i "/#start-artifacts-aws/,/#end-artifacts-aws/d" ${GITLAB_CONFIG} + exec_as_git sed -i "/#start-artifacts-gcs/d" ${GITLAB_CONFIG} + exec_as_git sed -i "/#end-artifacts-gcs/d" ${GITLAB_CONFIG} + fi + if [[ "${GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_PROVIDER}" == "AWS" ]]; then + echo " -> AWS ARTIFACTS provider selected removing Google config" + exec_as_git sed -i "/#start-artifacts-gcs/,/#end-artifacts-gcs/d" ${GITLAB_CONFIG} + exec_as_git sed -i "/#start-artifacts-aws/d" ${GITLAB_CONFIG} + exec_as_git sed -i "/#end-artifacts-aws/d" ${GITLAB_CONFIG} + fi + + update_template ${GITLAB_CONFIG} \ + GITLAB_ARTIFACTS_OBJECT_STORE_ENABLED \ + GITLAB_ARTIFACTS_OBJECT_STORE_REMOTE_DIRECTORY \ + GITLAB_ARTIFACTS_OBJECT_STORE_DIRECT_UPLOAD \ + GITLAB_ARTIFACTS_OBJECT_STORE_BACKGROUND_UPLOAD \ + GITLAB_ARTIFACTS_OBJECT_STORE_PROXY_DOWNLOAD \ + GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_PROVIDER \ + GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID \ + GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY \ + GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_REGION \ + GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_HOST \ + GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT \ + GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE \ + GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT \ + GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL \ + GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION + else + exec_as_git sed -i -e "/path: {{GITLAB_ARTIFACTS_DIR}}/{n;N;N;N;N;N;N;N;N;N;N;N;N;N;N;N;N;N;N;N;N;d;}" ${GITLAB_CONFIG} + fi + echo "Configuring gitlab::artifacts..." update_template ${GITLAB_CONFIG} \ GITLAB_ARTIFACTS_ENABLED \ @@ -943,12 +968,92 @@ gitlab_configure_artifacts() { } gitlab_configure_lfs() { + if [[ ${GITLAB_LFS_OBJECT_STORE_ENABLED} == true ]]; then + echo "Configuring gitlab::lfs:object_store" + + if [[ "${GITLAB_LFS_OBJECT_STORE_CONNECTION_PROVIDER}" == "Google" ]]; then + echo " -> Google LFS provider selected removing aws config" + exec_as_git sed -i "/#start-lfs-aws/,/#end-lfs-aws/d" ${GITLAB_CONFIG} + exec_as_git sed -i "/#start-lfs-gcs/d" ${GITLAB_CONFIG} + exec_as_git sed -i "/#end-lfs-gcs/d" ${GITLAB_CONFIG} + fi + if [[ "${GITLAB_LFS_OBJECT_STORE_CONNECTION_PROVIDER}" == "AWS" ]]; then + echo " -> AWS LFS provider selected removing Google config" + exec_as_git sed -i "/#start-lfs-gcs/,/#end-lfs-gcs/d" ${GITLAB_CONFIG} + exec_as_git sed -i "/#start-lfs-aws/d" ${GITLAB_CONFIG} + exec_as_git sed -i "/#end-lfs-aws/d" ${GITLAB_CONFIG} + fi + + update_template ${GITLAB_CONFIG} \ + GITLAB_LFS_OBJECT_STORE_ENABLED \ + GITLAB_LFS_OBJECT_STORE_REMOTE_DIRECTORY \ + GITLAB_LFS_OBJECT_STORE_DIRECT_UPLOAD \ + GITLAB_LFS_OBJECT_STORE_BACKGROUND_UPLOAD \ + GITLAB_LFS_OBJECT_STORE_PROXY_DOWNLOAD \ + GITLAB_LFS_OBJECT_STORE_CONNECTION_PROVIDER \ + GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID \ + GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY \ + GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_REGION \ + GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_HOST \ + GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT \ + GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE \ + GITLAB_LFS_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT \ + GITLAB_LFS_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL \ + GITLAB_LFS_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION + else + exec_as_git sed -i -e "/path: {{GITLAB_LFS_OBJECTS_DIR}}/{n;N;N;N;N;N;N;N;N;N;N;N;N;N;N;N;N;N;N;N;N;d;}" ${GITLAB_CONFIG} + fi + echo "Configuring gitlab::lfs..." update_template ${GITLAB_CONFIG} \ GITLAB_LFS_ENABLED \ GITLAB_LFS_OBJECTS_DIR } +gitlab_configure_uploads() { + if [[ ${GITLAB_UPLOADS_OBJECT_STORE_ENABLED} == true ]]; then + echo "Configuring gitlab::uploads:object_store" + + if [[ "${GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_PROVIDER}" == "Google" ]]; then + echo " -> Google UPLOADS provider selected removing aws config" + exec_as_git sed -i "/#start-uploads-aws/,/#end-uploads-aws/d" ${GITLAB_CONFIG} + exec_as_git sed -i "/#start-uploads-gcs/d" ${GITLAB_CONFIG} + exec_as_git sed -i "/#end-uploads-gcs/d" ${GITLAB_CONFIG} + fi + if [[ "${GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_PROVIDER}" == "AWS" ]]; then + echo " -> AWS UPLOADS provider selected removing Google config" + exec_as_git sed -i "/#start-uploads-gcs/,/#end-uploads-gcs/d" ${GITLAB_CONFIG} + exec_as_git sed -i "/#start-uploads-aws/d" ${GITLAB_CONFIG} + exec_as_git sed -i "/#end-uploads-aws/d" ${GITLAB_CONFIG} + fi + + update_template ${GITLAB_CONFIG} \ + GITLAB_UPLOADS_OBJECT_STORE_ENABLED \ + GITLAB_UPLOADS_OBJECT_STORE_REMOTE_DIRECTORY \ + GITLAB_UPLOADS_OBJECT_STORE_DIRECT_UPLOAD \ + GITLAB_UPLOADS_OBJECT_STORE_BACKGROUND_UPLOAD \ + GITLAB_UPLOADS_OBJECT_STORE_PROXY_DOWNLOAD \ + GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_PROVIDER \ + GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID \ + GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY \ + GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_REGION \ + GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_HOST \ + GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT \ + GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE \ + GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT \ + GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL \ + GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION + + else + exec_as_git sed -i -e "/base_dir: {{GITLAB_UPLOADS_BASE_DIR}}/{n;N;N;N;N;N;N;N;N;N;N;N;N;N;N;N;N;N;N;N;N;d;}" ${GITLAB_CONFIG} + fi + + echo "Configuring gitlab::uploads..." + update_template ${GITLAB_CONFIG} \ + GITLAB_UPLOADS_STORAGE_PATH \ + GITLAB_UPLOADS_BASE_DIR +} + gitlab_configure_mattermost() { echo "Configuring gitlab::mattermost..." update_template ${GITLAB_CONFIG} \ @@ -997,7 +1102,8 @@ gitlab_configure_pages(){ GITLAB_PAGES_DOMAIN \ GITLAB_PAGES_PORT \ GITLAB_PAGES_HTTPS \ - GITLAB_PAGES_ARTIFACTS_SERVER + GITLAB_PAGES_ARTIFACTS_SERVER \ + GITLAB_PAGES_ACCESS_CONTROL if [[ -n ${GITLAB_PAGES_EXTERNAL_HTTP} ]]; then update_template ${GITLAB_CONFIG} \ @@ -1014,6 +1120,14 @@ gitlab_configure_pages(){ fi } +gitlab_configure_sentry(){ + echo "Configuring gitlab::sentry..." + update_template ${GITLAB_CONFIG} \ + SENTRY_ENABLED \ + SENTRY_DSN \ + SENTRY_CLIENTSIDE_DSN \ + SENTRY_ENVIRONMENT +} nginx_configure_gitlab_ssl() { if [[ ${GITLAB_HTTPS} == true && -f ${SSL_CERTIFICATE_PATH} && -f ${SSL_KEY_PATH} && -f ${SSL_DHPARAM_PATH} ]]; then @@ -1044,22 +1158,24 @@ nginx_configure_gitlab_hsts() { fi } - nginx_configure_gitlab_ipv6() { - if [[ ! -f /proc/net/if_inet6 ]]; then - # disable ipv6 support in nginx for gitlab - sed -i \ - -e "/listen \[::\]:80/d" \ - -e "/listen \[::\]:443/d" \ - ${GITLAB_NGINX_CONFIG} - # disable ipv6 support in nginx for pages - if [[ ${GITLAB_PAGES_ENABLED} == true ]]; then - sed -i \ - -e "/listen \[::\]:80/d" \ - -e "/listen \[::\]:443/d" \ - ${GITLAB_PAGES_NGINX_CONFIG} - fi - fi - } +nginx_configure_gitlab_ipv6() { + if [[ ! -f /proc/net/if_inet6 ]]; then + # disable ipv6 support in nginx for gitlab + sed -i \ + -e "/listen \[::\]:80/d" \ + -e "/listen \[::\]:443/d" \ + ${GITLAB_NGINX_CONFIG} + # disable ipv6 support in nginx for pages + if [[ ${GITLAB_PAGES_ENABLED} == true ]]; then + if [[ ${GITLAB_PAGES_NGINX_PROXY} == true ]]; then + sed -i \ + -e "/listen \[::\]:80/d" \ + -e "/listen \[::\]:443/d" \ + ${GITLAB_PAGES_NGINX_CONFIG} + fi + fi + fi +} nginx_configure_gitlab_real_ip() { if [[ ${NGINX_REAL_IP_RECURSIVE} == on && \ @@ -1122,21 +1238,26 @@ nginx_configure_pages(){ local GITLAB_PAGES_DOMAIN=$(echo $GITLAB_PAGES_DOMAIN | sed 's/\./\\\\./g') if [[ ${GITLAB_PAGES_ENABLED} == true ]]; then echo "Configuring nginx::gitlab-pages..." - if [[ ${GITLAB_PAGES_HTTPS} == true ]]; then - update_template ${GITLAB_PAGES_NGINX_CONFIG} \ - GITLAB_PORT \ - GITLAB_PAGES_DOMAIN \ - GITLAB_PAGES_PORT \ - GITLAB_LOG_DIR \ - GITLAB_PAGES_DOMAIN \ - SSL_PAGES_CERT_PATH \ - SSL_PAGES_KEY_PATH \ - SSL_DHPARAM_PATH \ - GITLAB_LOG_DIR + if [[ ${GITLAB_PAGES_NGINX_PROXY} == true ]]; then + if [[ ${GITLAB_PAGES_HTTPS} == true ]]; then + update_template ${GITLAB_PAGES_NGINX_CONFIG} \ + GITLAB_PORT \ + GITLAB_PAGES_DOMAIN \ + GITLAB_PAGES_PORT \ + GITLAB_LOG_DIR \ + GITLAB_PAGES_DOMAIN \ + SSL_PAGES_CERT_PATH \ + SSL_PAGES_KEY_PATH \ + SSL_DHPARAM_PATH \ + GITLAB_LOG_DIR + else + update_template ${GITLAB_PAGES_NGINX_CONFIG} \ + GITLAB_PAGES_DOMAIN \ + GITLAB_LOG_DIR + fi else - update_template ${GITLAB_PAGES_NGINX_CONFIG} \ - GITLAB_PAGES_DOMAIN \ - GITLAB_LOG_DIR + echo "Gitlab pages nginx proxy disabled" + echo "Assuming custom domain setup with own HTTP(S) load balancer'" fi fi } @@ -1253,7 +1374,9 @@ initialize_datadir() { # create the backups directory mkdir -p ${GITLAB_BACKUP_DIR} - chown ${GITLAB_USER}: ${GITLAB_BACKUP_DIR} + if [[ ${GITLAB_BACKUP_DIR_CHOWN} == true ]]; then + chown ${GITLAB_USER}: ${GITLAB_BACKUP_DIR} + fi # create the uploads directory mkdir -p ${GITLAB_DATA_DIR}/uploads @@ -1335,10 +1458,9 @@ generate_ssh_key() { } generate_ssh_host_keys() { - sed -i "s|HostKey /etc/ssh/|HostKey ${GITLAB_DATA_DIR}/ssh/|g" /etc/ssh/sshd_config + sed -i "s|#HostKey /etc/ssh/|HostKey ${GITLAB_DATA_DIR}/ssh/|g" /etc/ssh/sshd_config if [[ ! -e ${GITLAB_DATA_DIR}/ssh/ssh_host_rsa_key ]]; then echo -n "Generating OpenSSH host keys... " - generate_ssh_key rsa1 ${GITLAB_DATA_DIR}/ssh/ssh_host_key generate_ssh_key rsa ${GITLAB_DATA_DIR}/ssh/ssh_host_rsa_key generate_ssh_key dsa ${GITLAB_DATA_DIR}/ssh/ssh_host_dsa_key generate_ssh_key ecdsa ${GITLAB_DATA_DIR}/ssh/ssh_host_ecdsa_key @@ -1401,11 +1523,21 @@ install_configuration_templates() { ## ${GITLAB_PAGES_NGINX_CONFIG} if [[ ${GITLAB_PAGES_ENABLED} == true ]]; then if [[ ${GITLAB_PAGES_HTTPS} == true && -f ${SSL_PAGES_CERT_PATH} && -f ${SSL_PAGES_KEY_PATH} ]]; then - install_template root: nginx/gitlab-pages-ssl ${GITLAB_PAGES_NGINX_CONFIG} + if [[ ${GITLAB_PAGES_NGINX_PROXY} == true ]]; then + install_template root: nginx/gitlab-pages-ssl ${GITLAB_PAGES_NGINX_CONFIG} + else + echo "Gitlab pages nginx proxy disabled" + echo "Assuming custom domain setup with own HTTP(S) load balancer'" + fi else - echo "SSL Key, SSL Certificate were not found." - echo "Assuming that the container is running behind a HTTPS enabled load balancer." - install_template root: nginx/gitlab-pages ${GITLAB_PAGES_NGINX_CONFIG} + if [[ ${GITLAB_PAGES_NGINX_PROXY} == true ]]; then + echo "SSL Key, SSL Certificate were not found." + echo "Assuming that the container is running behind a HTTPS enabled load balancer." + install_template root: nginx/gitlab-pages ${GITLAB_PAGES_NGINX_CONFIG} + else + echo "Gitlab pages nginx proxy disabled" + echo "Assuming custom domain setup with own HTTP(S) load balancer'" + fi fi fi @@ -1443,9 +1575,11 @@ configure_gitlab() { GITLAB_SSH_HOST \ GITLAB_SSH_PORT \ GITLAB_SIGNUP_ENABLED \ + GITLAB_IMPERSONATION_ENABLED \ GITLAB_PROJECTS_LIMIT \ GITLAB_USERNAME_CHANGE \ - GITLAB_CREATE_GROUP + GITLAB_DEFAULT_THEME \ + GITLAB_CREATE_GROUP gitlab_configure_database gitlab_configure_redis @@ -1462,6 +1596,7 @@ configure_gitlab() { gitlab_configure_ci gitlab_configure_artifacts gitlab_configure_lfs + gitlab_configure_uploads gitlab_configure_mattermost gitlab_configure_project_features gitlab_configure_mail_delivery @@ -1474,6 +1609,7 @@ configure_gitlab() { gitlab_configure_backups gitlab_configure_registry gitlab_configure_pages + gitlab_configure_sentry # remove stale gitlab.socket rm -rf ${GITLAB_INSTALL_DIR}/tmp/sockets/gitlab.socket @@ -1522,6 +1658,20 @@ cat >> /etc/supervisor/conf.d/gitlab-pages.conf <> /etc/supervisor/conf.d/gitlab-pages.conf <> /etc/supervisor/conf.d/gitlab-pages.conf </dev/null - if [[ ${DB_ADAPTER} == mysql2 ]]; then - exec_as_git bundle exec rake add_limits_mysql >/dev/null - fi - echo "${GITLAB_VERSION}" > ${GITLAB_TEMP_DIR}/VERSION rm -rf ${GITLAB_TEMP_DIR}/GITLAB_RELATIVE_URL_ROOT # force cache cleanup fi @@ -1610,7 +1749,7 @@ migrate_database() { # assets need to be recompiled when GITLAB_RELATIVE_URL_ROOT is used if [[ -n ${GITLAB_RELATIVE_URL_ROOT} ]]; then echo "Recompiling assets (relative_url in use), this could take a while..." - exec_as_git bundle exec rake gitlab:assets:compile >/dev/null 2>&1 + exec_as_git bundle exec rake gitlab:assets:compile NODE_OPTIONS="--max-old-space-size=4096" >/dev/null 2>&1 fi echo "Clearing cache..." @@ -1625,7 +1764,16 @@ execute_raketask() { return 1 fi + if [[ ${1} == gitlab:backup:create ]]; then + /usr/bin/supervisord -c /etc/supervisor/supervisord.conf + supervisorctl stop gitlab_extensions:* + supervisorctl stop gitlab:* + fi + if [[ ${1} == gitlab:backup:restore ]]; then + /usr/bin/supervisord -c /etc/supervisor/supervisord.conf + supervisorctl stop gitlab_extensions:* + supervisorctl stop gitlab:* interactive=true for arg in $@ do @@ -1646,7 +1794,7 @@ execute_raketask() { echo for b in $(ls ${GITLAB_BACKUP_DIR} | grep _gitlab_backup | sort -r) do - echo "‣ $b (created at $(date --date="@${b%%_gitlab_backup.tar}" +'%d %b, %G - %H:%M:%S %Z'))" + echo "‣ $b (created at $(date --date="@${b%%_*_gitlab_backup.tar}" +'%d %b, %G - %H:%M:%S %Z'))" done echo diff --git a/ci/gitlab b/ci/gitlab deleted file mode 100755 index 1b8736d5..00000000 --- a/ci/gitlab +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh - -set -e - -VERSION=$(cat VERSION) -DOCKER_REGISTRY_HOST=${DOCKER_REGISTRY_HOST:-hub.docker.com} -DOCKER_IMAGE=${DOCKER_IMAGE:-sameersbn/gitlab} - -docker build -t $DOCKER_IMAGE . - -docker tag $DOCKER_IMAGE $DOCKER_REGISTRY_HOST/$DOCKER_IMAGE:latest -docker tag $DOCKER_IMAGE $DOCKER_REGISTRY_HOST/$DOCKER_IMAGE:$VERSION - -docker push $DOCKER_REGISTRY_HOST/$DOCKER_IMAGE:latest -docker push $DOCKER_REGISTRY_HOST/$DOCKER_IMAGE:$VERSION diff --git a/contrib/docker-swarm/docker-compose.yml b/contrib/docker-swarm/docker-compose.yml new file mode 100644 index 00000000..78fc4327 --- /dev/null +++ b/contrib/docker-swarm/docker-compose.yml @@ -0,0 +1,164 @@ +version: '3.4' + +services: + redis: + restart: always + image: sameersbn/redis:4.0.9-2 + command: + - --loglevel warning + volumes: + - /srv/docker/gitlab/redis:/var/lib/redis:Z + + postgresql: + restart: always + image: sameersbn/postgresql:9.6-2 + volumes: + - /srv/docker/gitlab/postgresql:/var/lib/postgresql:Z + environment: + - DB_USER=gitlab + - DB_PASS=password + - DB_NAME=gitlabhq_production + - DB_EXTENSION=pg_trgm + + gitlab: + restart: always + image: sameersbn/gitlab:10.7.2 + depends_on: + - redis + - postgresql + ports: + - "10080:80" + - "10022:22" + volumes: + - /srv/docker/gitlab/gitlab:/home/git/data:Z + configs: + - gitlab-configs + secrets: + - gitlab-secrets + environment: + - DEBUG=false + + - DB_ADAPTER=postgresql + - DB_HOST=postgresql + - DB_PORT=5432 + - DB_USER=gitlab + - DB_PASS=password + - DB_NAME=gitlabhq_production + + - REDIS_HOST=redis + - REDIS_PORT=6379 + + - TZ=Asia/Kolkata + - GITLAB_TIMEZONE=Kolkata + + - GITLAB_HTTPS=false + - SSL_SELF_SIGNED=false + + - GITLAB_HOST=localhost + - GITLAB_PORT=10080 + - GITLAB_SSH_PORT=10022 + - GITLAB_RELATIVE_URL_ROOT= + - GITLAB_SECRETS_DB_KEY_BASE=long-and-random-alphanumeric-string + - GITLAB_SECRETS_SECRET_KEY_BASE=long-and-random-alphanumeric-string + - GITLAB_SECRETS_OTP_KEY_BASE=long-and-random-alphanumeric-string + + - GITLAB_ROOT_PASSWORD= + - GITLAB_ROOT_EMAIL= + + - GITLAB_NOTIFY_ON_BROKEN_BUILDS=true + - GITLAB_NOTIFY_PUSHER=false + + - GITLAB_EMAIL=notifications@example.com + - GITLAB_EMAIL_REPLY_TO=noreply@example.com + - GITLAB_INCOMING_EMAIL_ADDRESS=reply@example.com + + - GITLAB_BACKUP_SCHEDULE=daily + - GITLAB_BACKUP_TIME=01:00 + + - SMTP_ENABLED=false + - SMTP_DOMAIN=www.example.com + - SMTP_HOST=smtp.gmail.com + - SMTP_PORT=587 + - SMTP_USER=mailer@example.com + - SMTP_PASS=password + - SMTP_STARTTLS=true + - SMTP_AUTHENTICATION=login + + - IMAP_ENABLED=false + - IMAP_HOST=imap.gmail.com + - IMAP_PORT=993 + - IMAP_USER=mailer@example.com + - IMAP_PASS=password + - IMAP_SSL=true + - IMAP_STARTTLS=false + + - OAUTH_ENABLED=false + - OAUTH_AUTO_SIGN_IN_WITH_PROVIDER= + - OAUTH_ALLOW_SSO= + - OAUTH_BLOCK_AUTO_CREATED_USERS=true + - OAUTH_AUTO_LINK_LDAP_USER=false + - OAUTH_AUTO_LINK_SAML_USER=false + - OAUTH_EXTERNAL_PROVIDERS= + + - OAUTH_CAS3_LABEL=cas3 + - OAUTH_CAS3_SERVER= + - OAUTH_CAS3_DISABLE_SSL_VERIFICATION=false + - OAUTH_CAS3_LOGIN_URL=/cas/login + - OAUTH_CAS3_VALIDATE_URL=/cas/p3/serviceValidate + - OAUTH_CAS3_LOGOUT_URL=/cas/logout + + - OAUTH_GOOGLE_API_KEY= + - OAUTH_GOOGLE_APP_SECRET= + - OAUTH_GOOGLE_RESTRICT_DOMAIN= + + - OAUTH_FACEBOOK_API_KEY= + - OAUTH_FACEBOOK_APP_SECRET= + + - OAUTH_TWITTER_API_KEY= + - OAUTH_TWITTER_APP_SECRET= + + - OAUTH_GITHUB_API_KEY= + - OAUTH_GITHUB_APP_SECRET= + - OAUTH_GITHUB_URL= + - OAUTH_GITHUB_VERIFY_SSL= + + - OAUTH_GITLAB_API_KEY= + - OAUTH_GITLAB_APP_SECRET= + + - OAUTH_BITBUCKET_API_KEY= + - OAUTH_BITBUCKET_APP_SECRET= + + - OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL= + - OAUTH_SAML_IDP_CERT_FINGERPRINT= + - OAUTH_SAML_IDP_SSO_TARGET_URL= + - OAUTH_SAML_ISSUER= + - OAUTH_SAML_LABEL="Our SAML Provider" + - OAUTH_SAML_NAME_IDENTIFIER_FORMAT=urn:oasis:names:tc:SAML:2.0:nameid-format:transient + - OAUTH_SAML_GROUPS_ATTRIBUTE= + - OAUTH_SAML_EXTERNAL_GROUPS= + - OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL= + - OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME= + - OAUTH_SAML_ATTRIBUTE_STATEMENTS_USERNAME= + - OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME= + - OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME= + + - OAUTH_CROWD_SERVER_URL= + - OAUTH_CROWD_APP_NAME= + - OAUTH_CROWD_APP_PASSWORD= + + - OAUTH_AUTH0_CLIENT_ID= + - OAUTH_AUTH0_CLIENT_SECRET= + - OAUTH_AUTH0_DOMAIN= + - OAUTH_AUTH0_SCOPE= + + - OAUTH_AZURE_API_KEY= + - OAUTH_AZURE_API_SECRET= + - OAUTH_AZURE_TENANT_ID= + +configs: + gitlab-configs: + file: ./gitlab.configs + +secrets: + gitlab-secrets: + file: ./gitlab.secrets diff --git a/contrib/docker-swarm/gitlab.configs b/contrib/docker-swarm/gitlab.configs new file mode 100644 index 00000000..898f5209 --- /dev/null +++ b/contrib/docker-swarm/gitlab.configs @@ -0,0 +1,3 @@ +# config file to be sourced on startup - will over-ride any env set in the docker-compose.yml + +TEST=none diff --git a/contrib/docker-swarm/gitlab.secrets b/contrib/docker-swarm/gitlab.secrets new file mode 100644 index 00000000..488566e3 --- /dev/null +++ b/contrib/docker-swarm/gitlab.secrets @@ -0,0 +1,13 @@ +# config file to be sourced on startup - will over-ride any env set in the docker-compose.yml + +LDAP_ENABLED=true +LDAP_LABEL="LDAP login" +LDAP_HOST=pool.ldap.example.com +LDAP_PORT=3268 +LDAP_BIND_DN=the-ldap +LDAP_PASS=no-not-really +LDAP_BASE=ou=People,dc=example,dc=com +#LDAP_LOWERCASE_USERNAMES=true +##LDAP_USER_FILTER=uid={login} +##LDAP_UID= +# diff --git a/contrib/expose-gitlab-ssh-port.sh b/contrib/expose-gitlab-ssh-port.sh new file mode 100644 index 00000000..51f5339e --- /dev/null +++ b/contrib/expose-gitlab-ssh-port.sh @@ -0,0 +1,33 @@ +#!/usr/bin/env bash +set -ev + +GITLAB_USERGROUP=${GITLAB_USERGROUP:-1010} +GITLAB_SSH_PORT=${GITLAB_SSH_PORT:-9922} + +if ! id -u git >> /dev/null 2>&1; then + groupadd -g ${GITLAB_USERGROUP} git + useradd -m -u ${GITLAB_USERGROUP} -g git -s /bin/sh -d /home/git git +fi +su git -c "mkdir -p /home/git/.ssh/" + +su git -c "if [ ! -f /home/git/.ssh/id_rsa ]; then ssh-keygen -t rsa -b 4096 -N \"\" -f /home/git/.ssh/id_rsa; fi" +su git -c "if [ -f /home/git/.ssh/id_rsa.pub ]; then mv /home/git/.ssh/id_rsa.pub /home/git/.ssh/authorized_keys_proxy; fi" + +mkdir -p /home/git/gitlab-shell/bin/ +rm -f /home/git/gitlab-shell/bin/gitlab-shell +tee -a /home/git/gitlab-shell/bin/gitlab-shell > /dev/null < /dev/null ; then + wait $SUPERVISOR_PID || true + fi rm -rf /var/run/supervisor.sock exec /usr/bin/supervisord -nc /etc/supervisor/supervisord.conf ;; @@ -27,7 +35,7 @@ case ${1} in ;; app:rake) shift 1 - execute_raketask $@ + execute_raketask "$@" ;; esac ;; diff --git a/hooks/build b/hooks/build new file mode 100644 index 00000000..6b0c931c --- /dev/null +++ b/hooks/build @@ -0,0 +1,12 @@ +#!/bin/bash + +# Docker Daemon Build Hook +# $IMAGE_NAME var is injected into the build so the tag is correct. + +docker pull ${DOCKER_REPO}:latest + +docker build \ + --cache-from=${DOCKER_REPO}:latest \ + --build-arg=BUILD_DATE="$(date +"%Y-%m-%d %H:%M:%S%:z")" \ + --build-arg=VCS_REF="$(git rev-parse --short HEAD)" \ + -t ${IMAGE_NAME} . diff --git a/kubernetes/deploy.sh b/kubernetes/deploy.sh index f899ff41..315c6b16 100755 --- a/kubernetes/deploy.sh +++ b/kubernetes/deploy.sh @@ -1,6 +1,8 @@ #!/bin/bash +set -e +set -o pipefail -if ! which -s kubectl; then +if ! command -v kubectl > /dev/null; then echo "kubectl command not installed" exit 1 fi diff --git a/kubernetes/gitlab-rc.yml b/kubernetes/gitlab-rc.yml index 429a1edf..f2ed1569 100644 --- a/kubernetes/gitlab-rc.yml +++ b/kubernetes/gitlab-rc.yml @@ -14,7 +14,7 @@ spec: spec: containers: - name: gitlab - image: sameersbn/gitlab:10.3.6 + image: sameersbn/gitlab:12.5.5 env: - name: TZ value: Asia/Kolkata diff --git a/kubernetes/postgresql-rc.yml b/kubernetes/postgresql-rc.yml index 8e5db281..42df975a 100644 --- a/kubernetes/postgresql-rc.yml +++ b/kubernetes/postgresql-rc.yml @@ -14,7 +14,7 @@ spec: spec: containers: - name: postgresql - image: sameersbn/postgresql:9.6-2 + image: sameersbn/postgresql:10-2 env: - name: DB_USER value: gitlab diff --git a/kubernetes/teardown.sh b/kubernetes/teardown.sh index 3937c4bc..c4b3be9e 100755 --- a/kubernetes/teardown.sh +++ b/kubernetes/teardown.sh @@ -1,6 +1,8 @@ #!/bin/bash +set -e +set -o pipefail -if ! which -s kubectl; then +if ! command -v kubectl > /dev/null; then echo "kubectl command not installed" exit 1 fi