gitlab-org--gitlab-foss/config
Douwe Maan bf89e06a45 Merge branch '18627-wildcard-branch-protection' into 'master'
Allow specifying protected branches using wildcards

Closes #18627 

# Tasks

- [ ]  #18627 !4665 Allow specifying protected branches using wildcards
    - [x]  Find existing usages of protected branches
        - Protecting branches
            - `ProtectedBranchesController` is used to mark a branch protected/unprotected
            - `API::Branches` can be used to mark a branch protected/unprotected
        - Enforcing branch protection
            - `Gitlab::GitAccess` has helpers (`can_push_to_branch?`, `check`) that are used to deny pushes if a branch is protected
            - Over SSH: `gitlab-shell` receives a push, and calls `/allowed` on the GitLab API, which calls `GitAccess.check`
            - Over HTTP: 
                - `gitlab-workhorse` receives the request, and forwards it to rails
                - Rails (in the `GitHttpController#git-recieve-pack`) runs basic checks (is the user logged in, not protected branch checks) and returns ok with `GL_ID` and `RepoPath`
                - `gitlab-workhorse` looks at the response, and calls the relevant `gitlab-shell` action from `git-http/handlePostRPC`
                - Rest of this flow is the same as the SSH flow above
    - [x]  Implementation
        - [x]  Backend
            - [x]  Change `project#protected_branch?` to look at wildcard protected branches
            - [x]  Change `project#developers_can_push_to_protected_branch?`
            - [x]  Change `project#open_branches`
            - [x]  Better error message when creating a disallowed branch from the Web UI
        - [x]  Frontend
            - [x]  Protected branches page should allow typing out a wildcard pattern
            - [x]  Add help text explaining the use of wildcards
            - [x]  Show matching branches for each protected branch
                - [x]  ~~On the index page~~
                - [x]  On a show page
                - [x]  Index?
            - [x]  Can't have the "last commit" column for wildcard protected branches
    - [x]  Fix / write tests
    - [x]  What happens if a hook is missing in dev?
    - [x]  Refactor
    - [x]  Test workflows
        - Create a branch matching a wildcard pattern
        - Push to a branch matching a wildcard pattern
        - Force push to a branch matching a wildcard pattern
        - Delete a branch matching a wildcard pattern
        - [x]  Test using Web UI
        - [x]  Test over SSH
        - [x]  Test over HTTP
        - [x]  Test as developer and master
    - [x]  Investigate performance
        - [x]  Test with a large number of protected branches / branches
        - [x]  Paginate list of protected branches
        - [x]  ~~Possibly rewrite `open_branches`~~
    - [x]  Add `iid`s to existing `ProtectedBranch`es
    - [x]  Add documentation
    - [x]  Add CHANGELOG entry
    - [x]  Add screenshots
    - [x]  Make sure [build](2f753e3ed2/builds) passes
    - [x]  Assign to endboss for review
    - [x]  Address @DouweM's comments
        - [x]  `protected_branch_params`
        - [x]  `exact_match` instead of `explicit_match`
        - [x]  When would self.name be blank?
        - [x]  Move `protected_branches.each` to a partial
        - [x]  Move `matching_branches.each` to a partial
        - [x]  If the branch is in @matching_branches, it's not been removed
        - [x]  move this regex to a method and memoize it
        - [x]  `commit_sha` directly for exact matches
        - [x]  Number of matches for wildcard matches, with a link
    - [x]  Wait for [build](43f9ce0e88/builds) to pass
    - [x]  Respond to @DouweM's comments
        - [x]  Don't use iid
        - [x]  Controller should use `@project.protected_branches.new`
        - [x]  move the memoization to `def wildcard_regex`
        - [x]  render with `collection: @protected_branches`
    - [x]  Wait for [build](f7beedf122/builds) to pass
    - [x]  Wait for @DouweM's review
    - [x]  Wait for @jschatz1's review
    - [x]  Respond to @jschatz1's comments
        - [x]  Use the new dropdown style
        - [x]  description should be moved to the description section without the styling
        - [x]  Protect button should be disabled when no branch is selected
    - [x]  Update screenshots
    - [x]  Merge conflicts
    - [x]  Make sure [build](20f3cfe8d5/builds) passes
    - [ ]  Revisit performance, possibly with staging/production data
        - [ ]  Get a dump of staging / run against staging live
            - [ ]  Get SSH access to staging
    - [ ]  Wait for review/merge






# Screenshots

## Creating wildcard protected branches

![1](/uploads/9446afccfdf6fa381e00c800dd2cc82e/1.png)
![2](/uploads/0b154503b297a818d3577488c575d845/2.png)
![3](/uploads/36217f79df9e41cc1550601f02627fe8/3.png)
![4](/uploads/041ca9bd529bcfa5373fca67e917cbcb/4.png)

### Using the `GLDropdown` component

![2016-06-30_14-16-15](/uploads/508afc2a5e2463c2954641409a560d88/2016-06-30_14-16-15.gif)

## Enforcing wildcard protected branches

### From the Web UI

![Screen_Shot_2016-06-20_at_1.21.18_PM](/uploads/8b5d4b1911e9152698a0488daf1880bc/Screen_Shot_2016-06-20_at_1.21.18_PM.png)

### Over SSH

![SSH](/uploads/7365989d7e4c406ef37b6ae5106442c9/SSH.gif)

### Over HTTPS

![HTTPS](/uploads/a7c0f56ae58efcffc75e6700fa2f4ac0/HTTPS.gif)

## Listing matching branches

![Screen_Shot_2016-06-20_at_1.33.44_PM](/uploads/d054113022f5d7ec64c0e57e501ac104/Screen_Shot_2016-06-20_at_1.33.44_PM.png)

See merge request !4665
2016-07-07 22:37:30 +00:00
..
environments Remove quiet_assets in favor of built-in sprockets-rails config. 2016-06-30 16:18:05 -06:00
initializers Instrument Rinku usage 2016-07-04 12:20:57 +02:00
locales Minor fixes after a final look at the diff. 2016-05-11 10:30:47 +05:30
application.rb Add precompilation for relevant assets. 2016-06-23 11:05:02 -06:00
aws.yml.example Add a note that changing example configuration files requires changing omnibus-gitlab. 2015-06-11 15:11:37 +02:00
boot.rb Enable the Rubocop DeprecatedClassMethods cop 2016-05-08 15:33:34 -06:00
database.yml.env Improving the "Environment variables" administration doc 2016-02-01 19:10:46 +01:00
database.yml.mysql set the collation to utf8_general_ci 2014-08-13 14:45:23 +01:00
database.yml.postgresql Remove 'socket' example PostgreSQL parameter 2014-07-01 18:27:50 +02:00
dependency_decisions.yml Loop all disks when displaying system info 2016-06-29 16:02:12 -04:00
environment.rb Rails update to 4.2.4 2015-11-25 18:18:44 +02:00
gitlab.teatro.yml Refactor repository paths handling to allow multiple git mount points 2016-06-29 22:30:31 -04:00
gitlab.yml.example Refactor repository paths handling to allow multiple git mount points 2016-06-29 22:30:31 -04:00
license_finder.yml Resolve feedback. 2016-06-06 13:39:36 -06:00
mail_room.yml Don't require Gitlab::Redis in mail_room.yml if it's already defined 2016-06-10 13:44:45 +02:00
newrelic.yml Revert "Remove newrelic gem. Closes #12860" 2016-02-23 07:25:37 -08:00
resque.yml.example Add a note that changing example configuration files requires changing omnibus-gitlab. 2015-06-11 15:11:37 +02:00
routes.rb Modify the frontend for wildcard protected branches. 2016-07-05 10:50:34 +05:30
secrets.yml.example Groundwork for merging CI into CE 2015-08-25 18:42:46 -07:00
sidekiq.yml.example bug found by Charles Sibbald at Sky . Calls with patricio and Jacob confirmed this 2016-02-18 18:58:51 +00:00
unicorn.rb.example Fix typos and grammar 2016-02-10 12:43:19 +02:00
unicorn.rb.example.development Increase unicorn timeout to 60 seconds 2014-09-23 17:11:16 +03:00