Action is hardcoded in calls to `/internal/allowed`

When checking whether a change is allowed to go through we use Rails' /internal/allowed API endpoint. In order to give Rails the ability to judge based on different parameters we send along some information in that request:

The protocol determines whether it was a "web" operation or an "http"/"ssh"-based push.
Changes contains the list of references that have changed.
The project's path so that Rails knows which project this is.
An "action" to tell Rails what has happened.

The "action" is hardcoded to git-receive-pack though, which makes it a rather useless signal.

We should fix the action to become more meaningful and tell the client what exactly has happened. The proposal is described in #4581 (comment 2116525724).

The steps would be the following:

Decide on which metadata key to recognize for Gitaly clients to pass in metadata through the gRPC call
https://gitlab.com/gitlab-org/gitaly/-/blob/master/internal/gitlab/http_client.go#L167 is what contains the call to set "action". Replace this with the value from the gRPC metadata.
- NOTE: When Git hooks are invoked by Git itself, it encodes a payload eg: https://gitlab.com/gitlab-org/gitaly/-/blob/master/internal/git/gitcmd/hooks_options.go#L108 so the context will need to be serialized/de-serialized
Document this in the RPC docs that end up calling PreReceiveHook.

Edited Dec 06, 2024 by John Cai

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information