datasets-at · jacques · Dec 16, 2015 · Dec 16, 2015 · Dec 16, 2015 · Dec 16, 2015
diff --git a/copy/root/gitlab-workhorse.xml b/copy/root/gitlab-workhorse.xml
@@ -0,0 +1,41 @@
+<?xml version='1.0'?>
+<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
+<service_bundle type='manifest' name='export'>
+  <service name='application/gitlab-workhorse' type='service' version='1'>
+    <create_default_instance enabled='false'/>
+    <single_instance/>
+    <dependency name='network' grouping='require_all' restart_on='error' type='service'>
+      <service_fmri value='svc:/milestone/network:default'/>
+    </dependency>
+    <dependency name='filesystem' grouping='require_all' restart_on='error' type='service'>
+      <service_fmri value='svc:/system/filesystem/local'/>
+    </dependency>
+    <dependency name='redis' grouping='require_all' restart_on='none' type='service'>
+      <service_fmri value='svc:/application-gitlab'/>
+    </dependency>
+    <method_context working_directory='/home/git/gitlab-workhorse'>
+      <method_credential group='other' user='git'/>
+      <method_environment>
+        <envvar name='PATH' value='/opt/local/bin:/opt/local/sbin:/usr/bin:/usr/sbin:/bin'/>
+      </method_environment>
+    </method_context>
+    <exec_method name='start' type='method' exec='/home/git/gitlab-workhorse/gitlab-workhorse' timeout_seconds='60'>
+      <method_context>
+        <method_environment>
+          <envvar name='PATH' value='/opt/local/bin:/opt/local/sbin:/usr/bin:/usr/sbin'/>
+        </method_environment>
+      </method_context>
+    </exec_method>
+    <exec_method name='stop' type='method' exec=':kill' timeout_seconds='60'/>
+    <property_group name='startd' type='framework'>
+      <propval name='duration' type='astring' value='child'/>
+      <propval name='ignore_error' type='astring' value='core,signal'/>
+    </property_group>
+    <stability value='Evolving'/>
+    <template>
+      <common_name>
+        <loctext xml:lang='C'>GitLab webapp</loctext>
+      </common_name>
+    </template>
+  </service>
+</service_bundle>
diff --git a/copy/root/nginx.conf b/copy/root/nginx.conf
@@ -37,6 +37,10 @@ http {
     server unix:/home/git/gitlab/tmp/sockets/gitlab.socket;
   }
 
+  upstream gitlab-workhorse {
+    server unix:/home/git/gitlab/tmp/sockets/gitlab-workhorse.socket fail_timeout=0;
+  }
+
   server {
     listen *:80 default_server;         # e.g., listen 192.168.1.1:80; In most cases *:80 is a good idea
     server_name YOUR_SERVER_FQDN;     # e.g., server_name source.example.com;
@@ -53,6 +57,27 @@ http {
       try_files $uri $uri/index.html $uri.html @gitlab;
     }
 
+  ## We route uploads through GitLab to prevent XSS and enforce access control.
+    location /uploads/ {
+      ## If you use HTTPS make sure you disable gzip compression
+      ## to be safe against BREACH attack.
+      # gzip off;
+
+      ## https://github.com/gitlabhq/gitlabhq/issues/694
+      ## Some requests take more than 30 seconds.
+      proxy_read_timeout      300;
+      proxy_connect_timeout   300;
+      proxy_redirect          off;
+
+      proxy_set_header    Host                $http_host;
+      proxy_set_header    X-Real-IP           $remote_addr;
+      proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
+      proxy_set_header    X-Forwarded-Proto   $scheme;
+      proxy_set_header    X-Frame-Options     SAMEORIGIN;
+
+      proxy_pass http://gitlab;
+    }
+
     # if a file, which is not found in the root folder is requested,
     # then the proxy pass the request to the upsteam (gitlab unicorn)
     location @gitlab {
@@ -66,6 +91,88 @@ http {
 
       proxy_pass http://gitlab;
     }
+
+    location ~ ^/[\w\.-]+/[\w\.-]+/gitlab-lfs/objects {
+      client_max_body_size 0;
+      # 'Error' 418 is a hack to re-use the @gitlab-workhorse block
+      error_page 418 = @gitlab-workhorse;
+      return 418;
+    }
+
+    location ~ ^/[\w\.-]+/[\w\.-]+/(info/refs|git-upload-pack|git-receive-pack)$ {
+      client_max_body_size 0;
+      # 'Error' 418 is a hack to re-use the @gitlab-workhorse block
+      error_page 418 = @gitlab-workhorse;
+      return 418;
+    }
+
+    location ~ ^/[\w\.-]+/[\w\.-]+/repository/archive {
+      client_max_body_size 0;
+      # 'Error' 418 is a hack to re-use the @gitlab-workhorse block
+      error_page 418 = @gitlab-workhorse;
+      return 418;
+    }
+
+    location ~ ^/api/v3/projects/.*/repository/archive {
+      client_max_body_size 0;
+      # 'Error' 418 is a hack to re-use the @gitlab-workhorse block
+      error_page 418 = @gitlab-workhorse;
+      return 418;
+    }
+
+    # Build artifacts should be submitted to this location
+    location ~ ^/[\w\.-]+/[\w\.-]+/builds/download {
+      client_max_body_size 0;
+      # 'Error' 418 is a hack to re-use the @gitlab-workhorse block
+      error_page 418 = @gitlab-workhorse;
+      return 418;
+    }
+
+    # Build artifacts should be submitted to this location
+    location ~ /ci/api/v1/builds/[0-9]+/artifacts {
+      client_max_body_size 0;
+      # 'Error' 418 is a hack to re-use the @gitlab-workhorse block
+      error_page 418 = @gitlab-workhorse;
+      return 418;
+    }
+
+    location @gitlab-workhorse {
+      client_max_body_size 0;
+      ## If you use HTTPS make sure you disable gzip compression
+      ## to be safe against BREACH attack.
+      # gzip off;
+
+      ## https://github.com/gitlabhq/gitlabhq/issues/694
+      ## Some requests take more than 30 seconds.
+      proxy_read_timeout      300;
+      proxy_connect_timeout   300;
+      proxy_redirect          off;
+
+      # Do not buffer Git HTTP responses
+      proxy_buffering off;
+
+      # The following settings only work with NGINX 1.7.11 or newer
+      #
+      # # Pass chunked request bodies to gitlab-workhorse as-is
+      # proxy_request_buffering off;
+      # proxy_http_version 1.1;
+
+      proxy_set_header    Host                $http_host;
+      proxy_set_header    X-Real-IP           $remote_addr;
+      proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
+      proxy_set_header    X-Forwarded-Proto   $scheme;
+
+      proxy_pass http://gitlab-workhorse;
+    }
+
+    location ~ ^/(assets)/ {
+      root /home/git/gitlab/public;
+      gzip_static on; # to serve pre-gzipped version
+      expires max;
+      add_header Cache-Control public;
+    }
+
+    error_page 502 /502.html;
   }
 }
 
diff --git a/customize b/customize
@@ -22,16 +22,22 @@ passwd -u git
 cd /home/git
 sudo -u git -H git clone https://github.com/gitlabhq/gitlab-shell.git gitlab-shell
 sudo -u git -H git clone https://github.com/gitlabhq/gitlabhq.git gitlab
+sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-workhorse.git gitlab-workhorse
+
+echo "* Configuring gitlab-workhorse.";
+cd /home/git/gitlab-workhorse
+sudo -u git -H git checkout 0.4.2
+sudo -u git -H make
 
 echo "* Configuring gitlab-shell.";
 cd /home/git/gitlab-shell
-sudo -u git -H git checkout v2.6.3
+sudo -u git -H git checkout v2.6.8
 sudo -u git -H cp /root/gitlab-shell-config.yml config.yml
 sudo -u git -H ./bin/install
 
 echo "* Configuring gitlab.";
 cd /home/git/gitlab
-sudo -u git -H git checkout 7-13-stable
+sudo -u git -H git checkout 8-3-stable
 chown -R git {log,tmp}/
 chmod -R u+rwX  {log,tmp}/
 sudo -u git -H cp /root/gitlab-gitlab.yml config/gitlab.yml
@@ -40,7 +46,7 @@ sudo -u git -H cp /root/gitlab-database-rootparty.yml config/database.yml
 sudo -u git -H chmod o-rwx config/database.yml
 
 echo "* Installing gems.";
-sudo -u git -H bundle install --deployment --without development test postgres aws
+sudo -u git -H NOKOGIRI_USE_SYSTEM_LIBRARIES=yes bundle install --deployment --without development test postgres aws
 
 echo "* starting the MySQL instance"
 svcadm enable percona
@@ -80,13 +86,14 @@ sudo -u git -H cp /root/gitlab-database.yml config/database.yml
 echo "* Importing services.";
 svccfg import /root/gitlab.xml
 svccfg import /root/gitlab-sidekiq.xml
+svccfg import /root/gitlab-workhorse.xml
 
 echo "* Configuring nginx.";
 cp /root/nginx.conf /opt/local/etc/nginx/nginx.conf
 
 # Clean up
 echo "* Cleaning up."
-/opt/local/sbin/pkg_delete cmake gmake gcc47 pkg-config
+/opt/local/sbin/pkg_delete cmake gmake gcc48 pkg-config
 rm -rf /root/*
 rm -rf /tmp/*
 

diff --git a/manifest b/manifest
@@ -1,9 +1,8 @@
 name="gitlab"
 organization="SmartOS"
 brand="SmartMachine"
-version="15.2.0"
+version="15.3.0"
 description="GitLab is open source software to collaborate on code. Create projects and repositories, manage access and do code reviews."
 homepage="https://github.com/datasets-at/mi-gitlab"
 users="root admin mysql gitlab_root"
-base="5c7d0d24-3475-11e5-8e67-27953a8b237e"
-
+base="842e6fa6-6e9b-11e5-8402-1b490459e334"
diff --git a/packages b/packages
@@ -2,7 +2,7 @@ nginx
 git-base
 cmake
 gmake
-gcc47
+gcc48
 pkg-config
 libxslt
 libxml2
@@ -12,3 +12,4 @@ python27
 ruby22-base
 redis
 percona-server
+go