Commit 05229993 authored by Alejandro Rodríguez's avatar Alejandro Rodríguez

Add runbook to purge unwanted git data

parent bcbd296c
......@@ -362,6 +362,7 @@ During an incident there are at least 2 roles, and one more optional
* [Setup oauth2-proxy protection for web based application](howto/
* [Register new domain(s)](howto/
* [Setup and Use my Yubikey](howto/
* [Purge Git data](howto/
### Gitter
* [MongoDB operations](howto/gitter/
# Purge Git data
## Overview
From time to time, a user or GitLabber may push a commit with data they later realize don't want in The user may delete the branch if able, or rewrite their git history and force push, but other data may still be left dangling. In those cases, for confidentiality or security, waiting for an eventual garbage collection to get rid of such data may not be be sufficient, and the following manual steps may need to be taken:
## Checklist
- Delete Merge Requests. For example, if a security Merge Request was opened on instead of on (as specified in our [Security Releases documentation](, it's important to ensure it's deleted to avoid out of time disclosure of vulnerabilities. Deleting Merge Requests can only be done by project owners or admins through the UI or [the API](
- Delete pipelines. CI/CD pipelines and builds may still retain data such as commit names. This can be done via the API (
- Trigger a full Garbage Collection run on the project. Unfortunately, [manual housekeeping]( through the UI doesn't reliably trigger a full GC (see, so you'll need to run the following in a production rails console, with the relevant `project_id`: `, :gc).execute`
**If a full GC run doesn't delete the commits** you can use the following, more aggresive steps by logging in to the file server that contains the repository:
- Manually delete the commits: `git -C <repo_path> show-ref | grep <commit_id>` and `git -C <repo_path show-ref | grep <ref name>`, then `git -C <repo_path update-ref -d <those refs>`
- Run an aggresive gc: `git -C <repo_path> -c gc.reflogExpire=0 -c gc.reflogExpireUnreachable=0 -c gc.rerereresolved=0 -c gc.rerereunresolved=0 -c gc.pruneExpire=now gc` (source
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment