Docs feedback: Preventing conflicts using a pre-receive hook
This is part of the bidirectional mirroring section on the repository mirroring page. https://docs.gitlab.com/ee/workflow/repository_mirroring.html#preventing-conflicts-using-a-pre-receive-hook
I have two issues with the provided script
- The script assumes that authentication is already dealt with (Probably by assuming a http mirror that has everything configured with the url). When using SSH the script will fail because it doesn't know where the private key is. After digging quite sometime I realized the keys are saved to the database and not to the filesystem. The key can be extracted using the gitlab-rails console like so
echo "puts RemoteMirror.find_by(remote_name: '${TARGET_REPO}').credentials[:ssh_private_key]" | gitlab-rails c
. A few hints regarding this in the documentation would be appreciated. - The script doesn't deal with
GIT_QUARANTINE_PATH
. From what I understand pushing to a remote is a ref-update and git thinks that a ref-update duringpre-receive
is dangerous. Git knows this by looking if theGIT_QUARANTINE..
environment variables are set. To make the provided script work at all this has to be handled. I tried usingunset GIT_QUARANTINE_PATH
which worked. This git behaviour is not that old since it was introduced into git in 2017. Maybe it wasn't an issue at the time of writing but now it is.
Suggestions
- Incorporate the QUARANTINE behaviour.
- Give a heads up that the script will probably not work verbatim.
- Tell that the script needs to be altered depending on how the authentication to the remote mirror is setup.
- Drop a hint that the generated private keys are in the database when using a SSH mirror. Maybe even hint towards the option to use the gitlab-rails console for extracting them.
Edited by philipp-rs