Skip to content

Upgrade to GitLab 18.4.2 fails: missing column application_settings.pre_receive_secret_detection_enabled during migration

Summary

Hi everyone, I’m running Ubuntu 24.04.2 LTS with GitLab EE Omnibus. When upgrading from 18.2.818.4.2, the upgrade fails with a PG::UndefinedColumn error during database migration.

Steps to reproduce

  1. Have a working GitLab EE 18.2.8 Omnibus installation on Ubuntu 24.04.2 LTS
  2. Run sudo apt update && sudo apt install gitlab-ee to upgrade to 18.4.2
  3. The gitlab-ctl reconfigure or dpkg --configure gitlab-ee step fails

What is the current bug behavior?

Upgrade fails with a PostgreSQL schema mismatch. The migration process expects the column application_settings.pre_receive_secret_detection_enabled, but this column no longer exists (it was renamed to secret_push_protection_available earlier). As a result, the database migration cannot complete, and the package remains in a failed state.

What is the expected correct behavior?

Upgrade should complete normally without manual intervention.

Relevant logs and/or screenshots

ActiveRecord::StatementInvalid: PG::UndefinedColumn: ERROR:  column application_settings.pre_receive_secret_detection_enabled does not exist
LINE 1: ..."enable_artifact_external_redirect_warning_page", "applicati...
                                                             ^
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/load_balancing/connection_proxy.rb:107:in `public_send'
...
/opt/gitlab/embedded/service/gitlab-rails/db/post_migrate/20250819062317_finalize_mark_admin_bot_runners_as_hosted.rb:11:in `up'
...
E: Sub-process /usr/bin/dpkg returned an error code (1)

Output of checks

Results of GitLab environment info

System information
System:		Ubuntu 24.04
Proxy:		no
Current User:	git
Using RVM:	no
Ruby Version:	3.2.8
Gem Version:	3.7.1
Bundler Version:2.7.1
Rake Version:	13.0.6
Redis Version:	7.2.10
Sidekiq Version:7.3.9
Go Version:	unknown

GitLab information
Version:	18.4.2-ee
Revision:	527e88bdddb
Directory:	/opt/gitlab/embedded/service/gitlab-rails
DB Adapter:	PostgreSQL
DB Version:	16.10
URL:		https://gitlab.mydigipay.info
HTTP Clone URL:	https://gitlab.mydigipay.info/some-group/some-project.git
SSH Clone URL:	git@gitlab.mydigipay.info:some-group/some-project.git
Elasticsearch:	no
Geo:		no
Using LDAP:	no
Using Omniauth:	yes
Omniauth Providers: 

GitLab Shell
Version:	14.45.2
Repository storages:
- default: 	unix:/var/opt/gitlab/gitaly/gitaly.socket
GitLab Shell path:		/opt/gitlab/embedded/service/gitlab-shell

Gitaly
- default Address: 	unix:/var/opt/gitlab/gitaly/gitaly.socket
- default Version: 	18.4.2
- default Git Version: 	2.50.1

Possible fixes

The column pre_receive_secret_detection_enabled was renamed to secret_push_protection_available in migrations: 20250114030822_rename_pre_receive_secret_detection_enabled_to_secret_push_protection_available.rb cleaned up by 20250805155759_cleanup_application_settings_pre_receive_secret_detection_enabled_rename.rb

It appears that the post-migrate job finalize_mark_admin_bot_runners_as_hosted still references the old column name during an intermediate upgrade path. A possible fix would be to update that migration or background job to reference the new column name, or ensure the rename migration always runs before that finalizer.

Edited by 🤖 GitLab Bot 🤖