Push rules do not apply to LFS

Ticket: https://gitlab.zendesk.com/agent/tickets/54157

Summary

Push rules do not apply to LFS uploads.

Steps to reproduce

  1. Apply a filename push rule

    • \.(exe|jar|zip|7z|gz|dmg|mp4|pkg|rar|r\d+|msi|o|war|ear|bz2)$

  2. Apply a max_file_size push rule

  • 3
  1. Push a large zip file (3mb+)
git clone <project> 
cd <project folder> 
git lfs install 
git lfs track "*.zip" 
git add .gitattributes 
git commit -m "added lfs" 
git push 
echo "not a zip" > somefile.zip 
git add somefile.zip 
git commit -m "zip file" 
git push

Expected behavior

The commit is rejected and the file is not uploaded via LFS.

Actual behavior

The commit is rejected and the file is sent and saved via LFS.

Customer nodes

We get a failure because of the file not being allowed thanks to the hook above. That's great... However, it appears the file DOES still get sent to the server with LFS. Whether this is a bug with LFS or a bug in GitLab still allowing the file to be written to the server, I don't know... I just feel it could be a concern if someone tried to push a huge file anyway and it failed but truly got pushed.

Second question: Could there be an option to allow Git LFS to ignore the prohibited file names and size limit? In other words, if I was using LFS to read zip files, then the above would actually work. But if I didn't use Git LFS, it would fail saying it doesn't match the requirements? Basically, we want to restrict people from pushing large files to GitLab unless they're using LFS. If they use LFS, then they can push the large files plus 'prohibited file names' without any issues.

@patricio

Edited by 🤖 GitLab Bot 🤖