New upstream version 3.8.0+debian

parent fa6a60ff
Pipeline #3114 failed with stage
in 2 minutes and 2 seconds
# Avoid distributing redigomock because it is GPLv2
image: golang:1.8
.test_template: &test_definition
- apt-get update -qq && apt-get install -y unzip bzip2
- apt update -qq && apt install -y unzip bzip2
- go version
- make test
test using go 1.8:
<<: *test_definition
image: golang:1.5.4
test using go 1.9:
image: golang:1.9
<<: *test_definition
image: golang:1.6.3
<<: *test_definition
image: golang:1.7.1
- tags
- git describe --exact-match
......@@ -2,6 +2,164 @@
Formerly known as 'gitlab-git-http-server'.
- Add structured logging !236
- Add option to send file uploads straight to object storage !227
- Allow sending Git archives with file names other than 'archive' !232
- Unify uploads handling under filestore package !230
- Introduce a `send-url:` method that allows to serve remote HTTP/GET file, like S3-based file !228
- Use grpc-go 1.9.1 (!225)
- Update gitaly stream and dial library functions (!224)
- Add option to disable Git archive caching !222
- Track Gitaly Connections in Prometheus !211
- Run test suite on Go 1.9 !213
- Remove repo disk check !218
- Fix "net/http: request canceled" errors in gitlab-zip-cat !208
- Ban context.Background !201
- Respect the ShowAllRefs flag in git upload-pack and info-refs !203
- Upgrade grpc to v1.7.1, protobuf to latest !207
- Implement Gitaly call for archive requests !199
- Re-use client.Dial from gitaly !194
- Respect GL_USERNAME !192
- Update BurntSushi/toml !195
- Add Redis error counters !197
- Migrate Send{Diff,Patch} to Gitaly !200
- Add histograms to routes !184
- Gitaly deprecations and replacements !186, !187, !189
- Enable CI long polling by default !188
- Refactor Git archive creation !190
- Use GetBlob RPC instead of TreeEntry RPC for serving blobs !182
- Improve gitaly info refs error message !172
- Migrate GetBlob to Gitaly !174
- Drop support for Go <1.8 !176
- Add some tests for gzipped assets !177
- Use reader/writer from gitaly streamio !178
- Use http.Request contexts for Gitaly calls !179
- Allow to access remote archive !180
- Add support for token authentication on Gitaly requests
- Update gitaly-proto library to 0.9.0
- Bug fix and counters for static error pages
- Remove chatty ErrorPage log message
- Filter query-string secrets out of logged URLs
- Suggest better default for prometheus port
- Add internal upload to external storage
- Prometheus metrics for senddata and git archive cache
- Support GL_REPOSITORY from API and pass it to Gitaly on ReceivePack
- Fix gRPC stream resource leak !158, !160
- Don't append error messages to Git HTTP responses !157
- Drop support for old Gitaly fields in Git API response !152
- Support forwarding Git HTTP POST data to Gitaly !143
- Pass more Gitaly 'Repository' fields on from gitlab-rails !147
- Support insecure TCP connections to Gitaly !150
- Return 500 from GET /info/refs if possible !145
- Fix several Redis integration bugs !137, !140
- Fix race conditions in Redis tests !136
- Don't follow HTTP redirects on internal API !134
- Support /api/v4 for CI !133
- Don't spam logs with CI queueing messages (Marcin Biegała) !127
- Integrate with Gitaly via gRPC !119
- Buffer git receive-pack responses in tempfiles !123
- Use stdlib to copy stdin/stdout of git subprocesses !118
- Terminal session timeouts !107
- Redis integration EXPERIMENTAL !112
- CI notifications via Redis EXPERIMENTAL !128
- More CI queue metrics !122
- Fix stalled HTTP fetches with large payloads. !110
- Correctly parse content types in HTTP requests and responses !114
- Catch _all_ multipart NextPart() errors. !108
- Replace 'gitlab_workhorse_artifacts_upload_*' with labeled version of
'gitlab_workhorse_multipart_upload_*'. !106
- Allow GET /info/refs to be proxied to Gitaly. !105
- Set correct value of X-Forwarded-For header in PreAuthorize request. !104
- Allow nested namespaces in git URLs. !80
- More Prometheus metrics
- Hide 502 internal errors from text-mode clients
- Buffer internal API responses up to a 32kB hard limit
- Add terminal websocket proxy endpoint
- Rewrite all incoming multipart requests: write 'file' parts to tempfiles
- Restrict effect of API rate limiting to /ci/api/v1/builds/register.json
- Prometheus metrics listener via `-prometheusListenAddr` option
- Tell NGINX to not buffer Git HTTP responses etc. with X-Accel-Buffering
- Fix double content type bug on archive downloads
- Workhorse is now v1.0.0, according to Semantic Versioning. No breaking
changes were made.
- Add support for logging to file, and logfile rotation with SIGHUP.
- Improve error messages.
Simplify revspec for 'git format-patch'.
......@@ -151,7 +309,7 @@ Return response to client when uploading Git LFS object.
Add support for Build Artifacts and Git LFS. The GitLab-Workhorse
Add support for Build Artifacts and Git LFS. The GitLab-Workhorse
offloads file uploading and downloading by providing support for
rewriting multipart form data and X-Sendfile.
## Contributing
Thank you for your interest in contributing to this GitLab project! We welcome
all contributions. By participating in this project, you agree to abide by the
[code of conduct](#code-of-conduct).
## Contributor license agreement
By submitting code as an individual you agree to the [individual contributor
license agreement][individual-agreement].
By submitting code as an entity you agree to the [corporate contributor license
## Code of conduct
As contributors and maintainers of this project, we pledge to respect all people
who contribute through reporting issues, posting feature requests, updating
documentation, submitting pull requests or patches, and other activities.
We are committed to making participation in this project a harassment-free
experience for everyone, regardless of level of experience, gender, gender
identity and expression, sexual orientation, disability, personal appearance,
body size, race, ethnicity, age, or religion.
Examples of unacceptable behavior by participants include the use of sexual
language or imagery, derogatory comments or personal attacks, trolling, public
or private harassment, insults, or other unprofessional conduct.
Project maintainers have the right and responsibility to remove, edit, or reject
comments, commits, code, wiki edits, issues, and other contributions that are
not aligned to this Code of Conduct. Project maintainers who do not follow the
Code of Conduct may be removed from the project team.
This code of conduct applies both within project spaces and in public spaces
when an individual is representing the project or its community.
Instances of abusive, harassing, or otherwise unacceptable behavior can be
reported by emailing
This Code of Conduct is adapted from the [Contributor Covenant][contributor-covenant], version 1.1.0,
available at [](
"ImportPath": "",
"GoVersion": "go1.7",
"GodepVersion": "v74",
"Deps": [
"ImportPath": "",
"Comment": "2016.08.31",
"Rev": "ec89d50f00d39494f5b3ec5cf2fe75c53467a937"
"ImportPath": "",
"Comment": "v3.0.0",
"Rev": "d2709f9f1f31ebcda9651b03077758c1f3a0018c"
"ImportPath": "",
"Rev": "379f8d0a68ca237cf8893a1cdfd4f574125e2c51"
This directory tree is generated automatically by godep.
Please do not edit.
See for more information.
The MIT License (MIT)
Copyright (c) 2015 GitLab B.V.
Copyright (c) 2015-2017 GitLab B.V.
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
......@@ -2,15 +2,16 @@ PREFIX=/usr/local
VERSION=$(shell git describe)-$(shell date -u +%Y%m%d.%H%M%S)
BUILD_DIR = $(shell pwd)
export GOPATH=${BUILD_DIR}/_build
export PATH:=${GOPATH}/bin:${PATH}
GOBUILD=go build -ldflags "-X main.Version=${VERSION}"
PKG_ALL = $(shell GOPATH=${GOPATH} go list ${PKG}/... | grep -v /vendor/)
all: clean-build gitlab-zip-cat gitlab-zip-metadata gitlab-workhorse
gitlab-zip-cat: ${BUILD_DIR}/_build $(shell find cmd/gitlab-zip-cat/ -name '*.go')
${GOBUILD} -o ${BUILD_DIR}/$@ ${PKG}/cmd/$@
gitlab-zip-metadata: ${BUILD_DIR}/_build $(shell find cmd/gitlab-zip-metadata/ -name '*.go')
${GOBUILD} -o ${BUILD_DIR}/$@ ${PKG}/cmd/$@
......@@ -27,18 +28,24 @@ ${BUILD_DIR}/_build:
touch $@
.PHONY: test
test: clean-build clean-workhorse all
go fmt ${PKG}/... | awk '{ print } END { if (NR > 0) { print "Please run go fmt"; exit 1 } }'
go test ${PKG}/...
test: clean-build clean-workhorse all govendor
go fmt ${PKG_ALL} | awk '{ print } END { if (NR > 0) { print "Please run go fmt"; exit 1 } }'
cd ${GOPATH}/src/${PKG} && govendor sync
go test ${PKG_ALL}
.PHONY: govendor
command -v govendor || go get
go test -cover -coverprofile=test.coverage
go tool cover -html=test.coverage -o coverage.html
rm -f test.coverage
go fmt ./...
go fmt ${PKG_ALL}
.PHONY: clean
clean: clean-workhorse clean-build
......@@ -48,6 +55,9 @@ clean: clean-workhorse clean-build
cd ${BUILD_DIR} && rm -f gitlab-workhorse gitlab-zip-cat gitlab-zip-metadata
sh _support/
.PHONY: clean-build
rm -rf ${BUILD_DIR}/_build
......@@ -4,6 +4,29 @@ Gitlab-workhorse is a smart reverse proxy for GitLab. It handles
"large" HTTP requests such as file downloads, file uploads, Git
push/pull and Git archive downloads.
## Quick facts (how does Workhorse work)
- Workhorse can handle some requests without involving Rails at all:
for example, Javascript files and CSS files are served straight
from disk.
- Workhorse can modify responses sent by Rails: for example if you use
`send_file` in Rails then gitlab-workhorse will open the file on
disk and send its contents as the response body to the client.
- Workhorse can take over requests after asking permission from Rails.
Example: handling `git clone`.
- Workhorse can modify requests before passing them to Rails. Example:
when handling a Git LFS upload Workhorse first asks permission from
Rails, then it stores the request body in a tempfile, then it sends
a modified request containing the tempfile path to Rails.
- Workhorse can manage long-lived WebSocket connections for Rails.
Example: handling the terminal websocket for environments.
- Workhorse does not connect to Postgres, only to Rails and (optionally) Redis.
- We assume that all requests that reach Workhorse pass through an
upstream proxy such as NGINX or Apache first.
- Workhorse does not accept HTTPS connections.
- Workhorse does not clean up idle client connections.
- We assume that all requests to Rails pass through Workhorse.
For more information see ['A brief history of
......@@ -13,6 +36,8 @@ gitlab-workhorse'][brief-history-blog].
gitlab-workhorse [OPTIONS]
-apiCiLongPollingDuration duration
Long polling duration for job requesting for runners (default 0s - disabled)
-apiLimit uint
Number of API requests allowed at single time
-apiQueueDuration duration
......@@ -39,6 +64,8 @@ Options:
How long to wait for response headers when proxying the request (default 5m0s)
-secretPath string
File with secret key to authenticate with authBackend (default "./.gitlab_workhorse_secret")
-config string
File that hold configuration. Currently only for redis. File is in TOML-format (default "")
Print version and exit
......@@ -51,6 +78,59 @@ Gitlab-workhorse can listen on either a TCP or a Unix domain socket. It