From 03583090bc0306b402a0616018145b8b3a101113 Mon Sep 17 00:00:00 2001
From: Jacques Marneweck <jacques@powertrip.co.za>
Date: Wed, 16 Dec 2015 10:43:25 +0200
Subject: [PATCH 1/8] Bump base to 15.3.0

---
 manifest | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/manifest b/manifest
index 1db773e..b2c9c79 100644
--- a/manifest
+++ b/manifest
@@ -1,9 +1,8 @@
 name="gitlab"
 organization="SmartOS"
 brand="SmartMachine"
-version="15.2.0"
+version="15.3.0"
 description="GitLab is open source software to collaborate on code. Create projects and repositories, manage access and do code reviews."
 homepage="https://github.com/datasets-at/mi-gitlab"
 users="root admin mysql gitlab_root"
-base="5c7d0d24-3475-11e5-8e67-27953a8b237e"
-
+base="842e6fa6-6e9b-11e5-8402-1b490459e334"

From 1bd19288e4fb0e72e6ce2e11379d2a5fec8edf7f Mon Sep 17 00:00:00 2001
From: Jacques Marneweck <jacques@powertrip.co.za>
Date: Wed, 16 Dec 2015 10:59:56 +0200
Subject: [PATCH 2/8] Need go installed

---
 packages | 1 +
 1 file changed, 1 insertion(+)

diff --git a/packages b/packages
index c7c49e1..65fce21 100644
--- a/packages
+++ b/packages
@@ -12,3 +12,4 @@ python27
 ruby22-base
 redis
 percona-server
+go

From 06e5c9829337c60fdc043441dbd3560815e77441 Mon Sep 17 00:00:00 2001
From: Jacques Marneweck <jacques@powertrip.co.za>
Date: Wed, 16 Dec 2015 11:02:55 +0200
Subject: [PATCH 3/8] Clone gitlab-workhorse and checkout 8-3-stable of GitLab,
 2.6.8 of gitlab-shell

---
 customize | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/customize b/customize
index 6e8964f..497a7d2 100755
--- a/customize
+++ b/customize
@@ -22,16 +22,22 @@ passwd -u git
 cd /home/git
 sudo -u git -H git clone https://github.com/gitlabhq/gitlab-shell.git gitlab-shell
 sudo -u git -H git clone https://github.com/gitlabhq/gitlabhq.git gitlab
+sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-workhorse.git gitlab-workhorse
+
+echo "* Configuring gitlab-workhorse.";
+cd /home/git/gitlab-workhorse
+sudo -u git -H git checkout 0.4.2
+sudo -u git -H make
 
 echo "* Configuring gitlab-shell.";
 cd /home/git/gitlab-shell
-sudo -u git -H git checkout v2.6.3
+sudo -u git -H git checkout v2.6.8
 sudo -u git -H cp /root/gitlab-shell-config.yml config.yml
 sudo -u git -H ./bin/install
 
 echo "* Configuring gitlab.";
 cd /home/git/gitlab
-sudo -u git -H git checkout 7-13-stable
+sudo -u git -H git checkout 8-3-stable
 chown -R git {log,tmp}/
 chmod -R u+rwX  {log,tmp}/
 sudo -u git -H cp /root/gitlab-gitlab.yml config/gitlab.yml

From a5f1b2fedf2b0b385c9992c18dddccf3f901d589 Mon Sep 17 00:00:00 2001
From: Jacques Marneweck <jacques@powertrip.co.za>
Date: Wed, 16 Dec 2015 11:55:31 +0200
Subject: [PATCH 4/8] Bump gcc to 4.8.x

---
 packages | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages b/packages
index 65fce21..93e22bb 100644
--- a/packages
+++ b/packages
@@ -2,7 +2,7 @@ nginx
 git-base
 cmake
 gmake
-gcc47
+gcc48
 pkg-config
 libxslt
 libxml2

From 58d81dcb9e873c57f4bbbf32d0600e59555dead3 Mon Sep 17 00:00:00 2001
From: Jacques Marneweck <jacques@powertrip.co.za>
Date: Wed, 16 Dec 2015 12:58:12 +0200
Subject: [PATCH 5/8] Get nokogiri to compile and install with bundler

---
 customize | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/customize b/customize
index 497a7d2..dd103cf 100755
--- a/customize
+++ b/customize
@@ -46,7 +46,7 @@ sudo -u git -H cp /root/gitlab-database-rootparty.yml config/database.yml
 sudo -u git -H chmod o-rwx config/database.yml
 
 echo "* Installing gems.";
-sudo -u git -H bundle install --deployment --without development test postgres aws
+sudo -u git -H NOKOGIRI_USE_SYSTEM_LIBRARIES=yes bundle install --deployment --without development test postgres aws
 
 echo "* starting the MySQL instance"
 svcadm enable percona

From 799ebfdd31ebba094bde28c327f63583f793a071 Mon Sep 17 00:00:00 2001
From: Jacques Marneweck <jacques@powertrip.co.za>
Date: Wed, 16 Dec 2015 13:52:25 +0200
Subject: [PATCH 6/8] SMF for gitlab-workhorse

---
 copy/root/gitlab-workhorse.xml | 41 ++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 copy/root/gitlab-workhorse.xml

diff --git a/copy/root/gitlab-workhorse.xml b/copy/root/gitlab-workhorse.xml
new file mode 100644
index 0000000..4ebdfd0
--- /dev/null
+++ b/copy/root/gitlab-workhorse.xml
@@ -0,0 +1,41 @@
+<?xml version='1.0'?>
+<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
+<service_bundle type='manifest' name='export'>
+  <service name='application/gitlab-workhorse' type='service' version='1'>
+    <create_default_instance enabled='false'/>
+    <single_instance/>
+    <dependency name='network' grouping='require_all' restart_on='error' type='service'>
+      <service_fmri value='svc:/milestone/network:default'/>
+    </dependency>
+    <dependency name='filesystem' grouping='require_all' restart_on='error' type='service'>
+      <service_fmri value='svc:/system/filesystem/local'/>
+    </dependency>
+    <dependency name='redis' grouping='require_all' restart_on='none' type='service'>
+      <service_fmri value='svc:/application-gitlab'/>
+    </dependency>
+    <method_context working_directory='/home/git/gitlab-workhorse'>
+      <method_credential group='other' user='git'/>
+      <method_environment>
+        <envvar name='PATH' value='/opt/local/bin:/opt/local/sbin:/usr/bin:/usr/sbin:/bin'/>
+      </method_environment>
+    </method_context>
+    <exec_method name='start' type='method' exec='/home/git/gitlab-workhorse/gitlab-workhorse' timeout_seconds='60'>
+      <method_context>
+        <method_environment>
+          <envvar name='PATH' value='/opt/local/bin:/opt/local/sbin:/usr/bin:/usr/sbin'/>
+        </method_environment>
+      </method_context>
+    </exec_method>
+    <exec_method name='stop' type='method' exec=':kill' timeout_seconds='60'/>
+    <property_group name='startd' type='framework'>
+      <propval name='duration' type='astring' value='child'/>
+      <propval name='ignore_error' type='astring' value='core,signal'/>
+    </property_group>
+    <stability value='Evolving'/>
+    <template>
+      <common_name>
+        <loctext xml:lang='C'>GitLab webapp</loctext>
+      </common_name>
+    </template>
+  </service>
+</service_bundle>

From 5b67205e4e530d68b30617c1b7dfa7c7e12e28bf Mon Sep 17 00:00:00 2001
From: Jacques Marneweck <jacques@powertrip.co.za>
Date: Wed, 16 Dec 2015 14:02:21 +0200
Subject: [PATCH 7/8] Import gitlab-workhorse SMF manifest and cleanup some
 packages

---
 customize | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/customize b/customize
index dd103cf..3eccf5d 100755
--- a/customize
+++ b/customize
@@ -86,13 +86,14 @@ sudo -u git -H cp /root/gitlab-database.yml config/database.yml
 echo "* Importing services.";
 svccfg import /root/gitlab.xml
 svccfg import /root/gitlab-sidekiq.xml
+svccfg import /root/gitlab-workhorse.xml
 
 echo "* Configuring nginx.";
 cp /root/nginx.conf /opt/local/etc/nginx/nginx.conf
 
 # Clean up
 echo "* Cleaning up."
-/opt/local/sbin/pkg_delete cmake gmake gcc47 pkg-config
+/opt/local/sbin/pkg_delete cmake gmake gcc48 pkg-config
 rm -rf /root/*
 rm -rf /tmp/*
 

From 518025068e378b28025d41cc98d5a5e5c653f16d Mon Sep 17 00:00:00 2001
From: Jacques Marneweck <jacques@powertrip.co.za>
Date: Wed, 16 Dec 2015 14:26:04 +0200
Subject: [PATCH 8/8] gitlab-workhorse bits for nginx config

---
 copy/root/nginx.conf | 107 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 107 insertions(+)

diff --git a/copy/root/nginx.conf b/copy/root/nginx.conf
index 3d80848..45cb487 100644
--- a/copy/root/nginx.conf
+++ b/copy/root/nginx.conf
@@ -37,6 +37,10 @@ http {
     server unix:/home/git/gitlab/tmp/sockets/gitlab.socket;
   }
 
+  upstream gitlab-workhorse {
+    server unix:/home/git/gitlab/tmp/sockets/gitlab-workhorse.socket fail_timeout=0;
+  }
+
   server {
     listen *:80 default_server;         # e.g., listen 192.168.1.1:80; In most cases *:80 is a good idea
     server_name YOUR_SERVER_FQDN;     # e.g., server_name source.example.com;
@@ -53,6 +57,27 @@ http {
       try_files $uri $uri/index.html $uri.html @gitlab;
     }
 
+  ## We route uploads through GitLab to prevent XSS and enforce access control.
+    location /uploads/ {
+      ## If you use HTTPS make sure you disable gzip compression
+      ## to be safe against BREACH attack.
+      # gzip off;
+
+      ## https://github.com/gitlabhq/gitlabhq/issues/694
+      ## Some requests take more than 30 seconds.
+      proxy_read_timeout      300;
+      proxy_connect_timeout   300;
+      proxy_redirect          off;
+
+      proxy_set_header    Host                $http_host;
+      proxy_set_header    X-Real-IP           $remote_addr;
+      proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
+      proxy_set_header    X-Forwarded-Proto   $scheme;
+      proxy_set_header    X-Frame-Options     SAMEORIGIN;
+
+      proxy_pass http://gitlab;
+    }
+
     # if a file, which is not found in the root folder is requested,
     # then the proxy pass the request to the upsteam (gitlab unicorn)
     location @gitlab {
@@ -66,6 +91,88 @@ http {
 
       proxy_pass http://gitlab;
     }
+
+    location ~ ^/[\w\.-]+/[\w\.-]+/gitlab-lfs/objects {
+      client_max_body_size 0;
+      # 'Error' 418 is a hack to re-use the @gitlab-workhorse block
+      error_page 418 = @gitlab-workhorse;
+      return 418;
+    }
+
+    location ~ ^/[\w\.-]+/[\w\.-]+/(info/refs|git-upload-pack|git-receive-pack)$ {
+      client_max_body_size 0;
+      # 'Error' 418 is a hack to re-use the @gitlab-workhorse block
+      error_page 418 = @gitlab-workhorse;
+      return 418;
+    }
+
+    location ~ ^/[\w\.-]+/[\w\.-]+/repository/archive {
+      client_max_body_size 0;
+      # 'Error' 418 is a hack to re-use the @gitlab-workhorse block
+      error_page 418 = @gitlab-workhorse;
+      return 418;
+    }
+
+    location ~ ^/api/v3/projects/.*/repository/archive {
+      client_max_body_size 0;
+      # 'Error' 418 is a hack to re-use the @gitlab-workhorse block
+      error_page 418 = @gitlab-workhorse;
+      return 418;
+    }
+
+    # Build artifacts should be submitted to this location
+    location ~ ^/[\w\.-]+/[\w\.-]+/builds/download {
+      client_max_body_size 0;
+      # 'Error' 418 is a hack to re-use the @gitlab-workhorse block
+      error_page 418 = @gitlab-workhorse;
+      return 418;
+    }
+
+    # Build artifacts should be submitted to this location
+    location ~ /ci/api/v1/builds/[0-9]+/artifacts {
+      client_max_body_size 0;
+      # 'Error' 418 is a hack to re-use the @gitlab-workhorse block
+      error_page 418 = @gitlab-workhorse;
+      return 418;
+    }
+
+    location @gitlab-workhorse {
+      client_max_body_size 0;
+      ## If you use HTTPS make sure you disable gzip compression
+      ## to be safe against BREACH attack.
+      # gzip off;
+
+      ## https://github.com/gitlabhq/gitlabhq/issues/694
+      ## Some requests take more than 30 seconds.
+      proxy_read_timeout      300;
+      proxy_connect_timeout   300;
+      proxy_redirect          off;
+
+      # Do not buffer Git HTTP responses
+      proxy_buffering off;
+
+      # The following settings only work with NGINX 1.7.11 or newer
+      #
+      # # Pass chunked request bodies to gitlab-workhorse as-is
+      # proxy_request_buffering off;
+      # proxy_http_version 1.1;
+
+      proxy_set_header    Host                $http_host;
+      proxy_set_header    X-Real-IP           $remote_addr;
+      proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
+      proxy_set_header    X-Forwarded-Proto   $scheme;
+
+      proxy_pass http://gitlab-workhorse;
+    }
+
+    location ~ ^/(assets)/ {
+      root /home/git/gitlab/public;
+      gzip_static on; # to serve pre-gzipped version
+      expires max;
+      add_header Cache-Control public;
+    }
+
+    error_page 502 /502.html;
   }
 }