Add security harness
What does this MR do?
Add security harness
Why was this MR needed?
In https://gitlab.com/gitlab-org/gitlab-runner/-/blob/93156ab755258783ee5059d424887ec0c2705baa/.gitlab/issue_templates/Security%20developer%20workflow.md#L18 we ask the developer to run the security harness script to prevent them from pushing the public repository.
Copy this script from gitlab-org/gitlab to the sake of consistency. This uses a ruby script and ruby is something we don't use in this project. However it's better to just do copy paste rather then have our own go/bash version. This script is only going to be used by team members at GitLab and not by the wider community since security releases are done by GitLab team members, so expecting them to have ruby installed is normal.
What's the best way to test this MR?
# Install security-harness, you might need to run `rm .git/hooks/pre-push` first
$ ./scripts/security-harness
Security harness installed -- you will only be able to push to gitlab.com/gitlab-org/security!
# Make sure the hook was installed
$ cat .git/hooks/pre-push
#!/usr/bin/env bash
set -e
url="$2"
harness=`dirname "$0"`/../security_harness
if [ -e "$harness" ]
then
if [[ "$url" != *"gitlab-org/security/"* ]]
then
echo "Pushing to remotes other than gitlab.com/gitlab-org/security has been disabled!"
echo "Run scripts/security-harness to disable this check."
echo
exit 1
fi
fi
# Try to push to origin
$ git push -u origin add-security-harness
Pushing to remotes other than gitlab.com/gitlab-org/security has been disabled!
Run scripts/security-harness to disable this check.
error: failed to push some refs to 'gitlab.com:gitlab-org/gitlab-runner.git'
# Disable security harness
$ ./scripts/security-harness
Security harness removed -- you can now push to all remotes.
# Push to origin
$ git push -u origin add-security-harness
Branch 'add-security-harness' set up to track remote branch 'add-security-harness' from 'origin'.
Everything up-to-date
What are the relevant issue numbers?
reference #21301 (closed)