Skip to content

Possible race condition in cherry-pick API

The following discussion from !22919 (merged) should be addressed:

  • @nick.thomas started a discussion: (+4 comments)

    I think there's a race condition here. If multiple pushes happen to the branch in quick succession, we could find that the endpoint returns the wrong commit?

    Underlying the service, we do a Gitlab::GitalyClient::OperationsService#user_revert, which returns a Gitlab::Git::OperationService::BranchUpdate containing a newrev. Could we use this to look up the commit, instead of taking the commit of the current head of the branch? I'm not clear on how far up into the service it's passed.