Use quarantine size to check push size against repository size limit
What does this MR do?
Use the new GetObjectDirectorySize RPC to determine the size of the quarantine directory in context of a Git push (git-receive-pack
). The size will then be used to determine if the push will make the repository exceed the repository size limit. Reject the push if so.
In a pre-receive hook, the GIT_OBJECT_DIRECTORY_RELATIVE
env var will be set to whatever the relative path of GIT_QUARANTINE_PATH
is. This is a temporary location where all the new/update objects goes first before actually being migrated to the actual object directory.
This is needed as pushing multiple branches (with same blobs) at the same time (or force-pushing) will fail in the current approach as they'll be counted as different blobs.
For commits generated through GitLab, it'll fallback to use the approach of using git-rev-list
as quarantine directory doesn't exist in that case.
Added a feature flag (enabled by default) just in case unforeseen issues arise when this gets released.
gitaly-proto MR: gitaly-proto!303 (merged)
gitaly MR: gitaly!1263 (merged)
TODOs
-
Update gitaly-proto
gem when required version gets released -
Update GITALY_SERVER_VERSION
when required version gets released
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry - [-] Documentation created/updated or follow-up review issue created
-
Code review guidelines -
Merge request performance guidelines - [-] Style guides
- [-] Database guides
-
Separation of EE specific content
Performance and testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. - [-] Tested in all supported browsers
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
- [-] Label as security and @ mention
@gitlab-com/gl-security/appsec
- [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
- [-] Security reports checked/validated by a reviewer from the AppSec team
Closes #11126 (closed)