Possible race condition in cherry-pick API
The following discussion from !22919 (merged) should be addressed:
-
@nick.thomas started a discussion: (+4 comments) I think there's a race condition here. If multiple pushes happen to the branch in quick succession, we could find that the endpoint returns the wrong commit?
Underlying the service, we do a
Gitlab::GitalyClient::OperationsService#user_revert
, which returns aGitlab::Git::OperationService::BranchUpdate
containing anewrev
. Could we use this to look up the commit, instead of taking the commit of the current head of the branch? I'm not clear on how far up into the service it's passed.