From 9d1445a69caff59ffbd39caf230a76898f33bf08 Mon Sep 17 00:00:00 2001 From: Thomas Steinbach <thomas.steinbach@aikq.de> Date: Sun, 16 Sep 2018 14:10:06 +0000 Subject: [PATCH 1/4] test --- tasks/setup-clone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/setup-clone.yml b/tasks/setup-clone.yml index 264827b..5d47d0b 100644 --- a/tasks/setup-clone.yml +++ b/tasks/setup-clone.yml @@ -57,7 +57,7 @@ - name: execute hook become: true - become_user: "{{ '#' + sourceDir.stat.uid }}" + become_user: "{{ '#' + (sourceDir.stat.uid | string) }}" command: ./custom_hooks/post-receive args: chdir: "{{ source_repository_path }}/{{ item.path_with_namespace }}.git" -- GitLab From c5dd4063bf95cc115c6e9e407026af96c948a06d Mon Sep 17 00:00:00 2001 From: Thomas Steinbach <thomas.steinbach@aikq.de> Date: Sun, 16 Sep 2018 14:16:59 +0000 Subject: [PATCH 2/4] fixed permissions for git related files --- tasks/setup-clone.yml | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/tasks/setup-clone.yml b/tasks/setup-clone.yml index 5d47d0b..a799a6e 100644 --- a/tasks/setup-clone.yml +++ b/tasks/setup-clone.yml @@ -32,18 +32,12 @@ changed_when: "result.status == 201" failed_when: "result.status != 201 and 'name already exists on this account' not in result.content" -- name: get owner and group of repository dir - become: true - stat: - path: "{{ source_repository_path }}/{{ item.path_with_namespace }}.git" - register: sourceDir - - name: create custom_hooks directory become: true file: path: "{{ source_repository_path }}/{{ item.path_with_namespace }}.git/custom_hooks" - owner: "{{ sourceDir.stat.uid }}" - group: "{{ sourceDir.stat.gid }}" + owner: git + group: root state: directory - name: setup post-receive hook to push clone @@ -51,13 +45,13 @@ template: src: post-receive.j2 dest: "{{ source_repository_path }}/{{ item.path_with_namespace }}.git/custom_hooks/post-receive" - owner: "{{ sourceDir.stat.uid }}" - group: "{{ sourceDir.stat.gid }}" + owner: git + group: root mode: 0750 - name: execute hook become: true - become_user: "{{ '#' + (sourceDir.stat.uid | string) }}" + become_user: git command: ./custom_hooks/post-receive args: chdir: "{{ source_repository_path }}/{{ item.path_with_namespace }}.git" -- GitLab From ada13f8b1768597ed817101d82457fed6e166750 Mon Sep 17 00:00:00 2001 From: Thomas Steinbach <thomas.steinbach@aikq.de> Date: Sun, 16 Sep 2018 14:21:27 +0000 Subject: [PATCH 3/4] fixed 'Exec format error' for hook --- templates/post-receive.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/post-receive.j2 b/templates/post-receive.j2 index 6e9f7f8..fa16f0e 100644 --- a/templates/post-receive.j2 +++ b/templates/post-receive.j2 @@ -1,3 +1,4 @@ +#!/bin/sh git push --prune git@gitlab.com:{{ gitlabcom_username }}/{{ item.namespace.name }}-{{ item.path }}.git +refs/heads/*:refs/heads/* +refs/tags/*:refs/tags/* {% if item.visibility is not defined or item.visibility == 'public' %} git push --prune git@github.com:{{ githubcom_username }}/{{ item.namespace.name }}-{{ item.path }}.git +refs/heads/*:refs/heads/* +refs/tags/*:refs/tags/* -- GitLab From 2830b49f89d037f701b729ce695bd217de6db9c5 Mon Sep 17 00:00:00 2001 From: Thomas Steinbach <thomas.steinbach@aikq.de> Date: Sun, 16 Sep 2018 14:51:59 +0000 Subject: [PATCH 4/4] test --- tasks/main.yml | 9 +++++++++ templates/post-receive.j2 | 4 ++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index 7b8ab17..bba837c 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,4 +1,13 @@ --- +- name: ensure git user has a private key for executing push hooks got gitlab.com and github.com + become: yes + openssl_privatekey: + path: /var/opt/gitlab/.ssh/id_rsa + size: 4096 + type: RSA + owner: git + group: git + - name: query users repositories where he is at least developer uri: url: "{{ SOURCE_GITLAB_URL }}/api/v4/projects?per_page={{ project_query_size }}&min_access_level=30" diff --git a/templates/post-receive.j2 b/templates/post-receive.j2 index fa16f0e..040c927 100644 --- a/templates/post-receive.j2 +++ b/templates/post-receive.j2 @@ -1,5 +1,5 @@ #!/bin/sh -git push --prune git@gitlab.com:{{ gitlabcom_username }}/{{ item.namespace.name }}-{{ item.path }}.git +refs/heads/*:refs/heads/* +refs/tags/*:refs/tags/* +/opt/gitlab/embedded/bin/git push --prune git@gitlab.com:{{ gitlabcom_username }}/{{ item.namespace.name }}-{{ item.path }}.git +refs/heads/*:refs/heads/* +refs/tags/*:refs/tags/* {% if item.visibility is not defined or item.visibility == 'public' %} -git push --prune git@github.com:{{ githubcom_username }}/{{ item.namespace.name }}-{{ item.path }}.git +refs/heads/*:refs/heads/* +refs/tags/*:refs/tags/* +/opt/gitlab/embedded/bin/git push --prune git@github.com:{{ githubcom_username }}/{{ item.namespace.name }}-{{ item.path }}.git +refs/heads/*:refs/heads/* +refs/tags/*:refs/tags/* {% endif %} -- GitLab