Skip to content

Use quarantine size to check push size against repository size limit

Patrick Bajao requested to merge 11126-fix-repository-size-check into master

What does this MR do?

Use the new GetObjectDirectorySize RPC to determine the size of the quarantine directory in context of a Git push (git-receive-pack). The size will then be used to determine if the push will make the repository exceed the repository size limit. Reject the push if so.

In a pre-receive hook, the GIT_OBJECT_DIRECTORY_RELATIVE env var will be set to whatever the relative path of GIT_QUARANTINE_PATH is. This is a temporary location where all the new/update objects goes first before actually being migrated to the actual object directory.

This is needed as pushing multiple branches (with same blobs) at the same time (or force-pushing) will fail in the current approach as they'll be counted as different blobs.

For commits generated through GitLab, it'll fallback to use the approach of using git-rev-list as quarantine directory doesn't exist in that case.

Added a feature flag (enabled by default) just in case unforeseen issues arise when this gets released.

gitaly-proto MR: gitaly-proto!303 (merged)

gitaly MR: gitaly!1263 (merged)

TODOs

  • Update gitaly-proto gem when required version gets released
  • Update GITALY_SERVER_VERSION when required version gets released

Does this MR meet the acceptance criteria?

Conformity

Performance and testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • [-] Label as security and @ mention @gitlab-com/gl-security/appsec
  • [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • [-] Security reports checked/validated by a reviewer from the AppSec team

Closes #11126 (closed)

Edited by Patrick Bajao

Merge request reports