Only send valid git URLs to webhook consumers
Summary
Projects can have SSH access disabled as a Group setting. When SSH access is disabled GitLab should remove the git_ssh_url field from the webhook body.
Steps to reproduce
- Disable SSH in Group → Permissions and Group Features →
Enabled git access protocols - Using a project in the group to send a webhook
- Inspect the
Project→git_ssh_urlfield
Example Project
This CI/CD pipeline shows the WebHook body; this was generated while the project's parent group HTTPS Only set under enabled git access protocols.
https://gitlab.com/gitlab-gold/duncan/issuehandler/-/jobs/3163986801#L28
What is the current bug behavior?
When SSH is disabled for a repository, multiple url fields provide a SSH resource, which is inaccessible if the repository only allows HTTPS. Providing inaccessible URLs to webhook consumers can cause downstream problems for JenkinsCI plugin when SSH is disabled
What is the expected correct behavior?
We should only deliver URLs which are active and accessible.
Relevant logs and/or screenshots
"project": {
"id": 1,
"name": "Code Repository",
"description": "Code Repository",
"web_url": "https://gitlab.com/group/code-repository",
"avatar_url": "https://www.avatar.com/movies/avatar",
"git_ssh_url": "git@gitlab.com:group/code-repository.git",
"git_http_url": "https://gitlab.com/group/code-repository.git"",
"namespace": "group",
"visibility_level": 20,
"path_with_namespace": "group/code-repository",
"default_branch": "main",
"ci_config_path": "",
"homepage": "https://gitlab.com/group/code-repository",
"url": "git@gitlab.com:group/code-repository.git",
"ssh_url": "git@gitlab.com:group/code-repository.git",
"http_url": "https://gitlab.com/group/code-repository.git"
},
Output of checks
This bug happens on GitLab.com - GitLab Enterprise Edition 15.5.0-pre 41c69aef