gitblit icon indicating copy to clipboard operation
gitblit copied to clipboard
verified publisher icon gitblit-org

It is recommended to add Gitblitfile to customize the processing flow of ‘pre receive’ and ‘post receive’

Open octoape opened this issue 5 years ago • 5 comments

It is recommended to add Gitblitfile to customize the processing flow of ‘pre receive’ and ‘post receive’, this is a cool and useful feature!

octoape avatar Nov 06 '20 01:11 octoape

Hi! Idid not understand what you mean by that. Could you elaborate more on what you are suggesting?

flaix avatar Nov 06 '20 08:11 flaix

@flaix Thank you for your reply. My thoughts are as follows:

  1. Gitblitfile is a groovy script file in the root directory of Git repository. It is similar to Jenkinsfile, and has the function of customized "pre receive" and "post receive" processing process. For example, when 'post receive' tells Jenkins to start building, sending emails, etc., you can do more and more according to the actual needs.

  2. Gitblit currently has the ability to handle "pre receive" and "post receive" operations using groovy scripts. So I think it should be easier to implement this function.

octoape avatar Nov 06 '20 09:11 octoape

If I understand you correctly, you suggest to move the configuration of pre-receive and post-receive hooks from being configured on the server to being configured in the repository, i.e. in the code itself.

Would you be able to provide a use case as an example, how you would use it. What would the proposed Gitblitfile look like, what other files would be required, what would they look like, what would be the process steps and the desired effect or outcome?

flaix avatar Nov 06 '20 18:11 flaix

If I understand you correctly, you suggest to move the configuration of pre-receive and post-receive hooks from being configured on the server to being configured in the repository, i.e. in the code itself.

Would you be able to provide a use case as an example, how you would use it. What would the proposed Gitblitfile look like, what other files would be required, what would they look like, what would be the process steps and the desired effect or outcome?

Yes, your understanding is correct. I think the Gitblitfile script looks like this:

import com.gitblit.GitBlit
import com.gitblit.Keys
import com.gitblit.models.RepositoryModel
import com.gitblit.models.UserModel
import com.gitblit.utils.JGitUtils
import org.eclipse.jgit.lib.Repository
import org.eclipse.jgit.revwalk.RevCommit
import org.eclipse.jgit.transport.ReceiveCommand
import org.eclipse.jgit.transport.ReceiveCommand.Result
import org.slf4j.Logger

/**
 * 
 * Bound Variables:
 *  gitblit         Gitblit Server                  com.gitblit.GitBlit
 *  repository      Gitblit Repository              com.gitblit.models.RepositoryModel
 *  receivePack     JGit Receive Pack               org.eclipse.jgit.transport.ReceivePack
 *  user            Gitblit User                    com.gitblit.models.UserModel
 *  commands        JGit commands                   Collection<org.eclipse.jgit.transport.ReceiveCommand>
 *  url             Base url for Gitblit            String
 *  logger          Logs messages to Gitblit        org.slf4j.Logger
 *  clientLogger    Logs messages to Git client     com.gitblit.utils.ClientLogger
 *  event           'PreReceive' or 'PostReceive'   String
 *
 * Accessing Gitblit Custom Fields:
 *   def myCustomField = repository.customFields.myCustomField
 *  
 */

def onPreReceive() {
    logger.info("On pre-receive...")
    // TODO
}

def onPostReceive() {
    logger.info("On post-receive...")
    // TODO
}

switch (event) {
    case "PreReceive":
        onPreReceive()
        break
    case "PostReceive":
        onPostReceive()
        break
    default:
        logger.info("Triggered by ${user.username} for ${repository.name}")
}

octoape avatar Nov 07 '20 03:11 octoape

Do I understand correctly that since this change if I have "Gitblitfile" in my repository it will be treated as a groovy file which will be run? I can't see any conditional execution there. Am I wrong or correct?

I have strong doubts about it and vote against it, unless security is taken in an account.

  1. User may have such a file for different purpose. I have such. An attempt to implement it as an executable may have hard to predict side effects.
  2. Commiter may supply a groove file which will be run on server on the gitblit server process rights and, as far as I understand inside a server JVM. Am I correct? If I am, then what prevents user from deleting or accessing repositories user has no rights for? Or allocating 1000GB array and crashing server? If user is to be allowed to execute code on server it must be done in a separate native process with strictly defined and restricted access rights. Alternatively in a heavily secured execution context. Do GitBlit has such a secure context?

Please, be so nice and clarify my concerns.

TomaszSzt avatar Nov 17 '21 15:11 TomaszSzt