From 7c2ede2ee05f8571cb88b6a236de8ab6aef87446 Mon Sep 17 00:00:00 2001
From: DJ Mountney <dj@gitlab.com>
Date: Mon, 22 Feb 2021 09:03:55 -0800
Subject: [PATCH] Update GitLab to the 13.9.0 Feature Release

---
 Dockerfile                    |  4 ++--
 build-scripts/build.sh        |  2 +-
 hardening_manifest.yaml       | 10 ++++----
 scripts/custom-instance-setup | 43 +++++++++++++++++++++++------------
 scripts/db-migrate            |  2 +-
 5 files changed, 38 insertions(+), 23 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 36663ac..898489f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,8 +1,8 @@
-ARG GITLAB_VERSION=v13.8.4-ubi8
+ARG GITLAB_VERSION=v13.9.0-ubi8
 
 ARG BASE_REGISTRY=nexus-docker-secure.levelup-nexus.svc.cluster.local:18082
 ARG BASE_IMAGE=gitlab/gitlab/gitlab-ruby
-ARG BASE_TAG=13.8.4
+ARG BASE_TAG=13.9.0
 
 ARG RUBY_IMAGE=${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 
diff --git a/build-scripts/build.sh b/build-scripts/build.sh
index 76fc313..e24f039 100755
--- a/build-scripts/build.sh
+++ b/build-scripts/build.sh
@@ -4,7 +4,7 @@
 
 set -euxo pipefail
 
-TAG=${1:-13.8.4}
+TAG=${1:-13.9.0}
 REPOSITORY=${2:-}
 DOCKER_OPTS=${DOCKER_OPTS:-""}
 
diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index f62ed40..cae6e3b 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -5,12 +5,12 @@ name: "gitlab/gitlab/gitlab-rails"
 # The most specific version should be the first tag and will be shown
 # on ironbank.dsop.io
 tags:
-  - "13.8.4"
+  - "13.9.0"
   - "latest"
 # Build args passed to Dockerfile ARGs
 args:
   BASE_IMAGE: "gitlab/gitlab/gitlab-ruby"
-  BASE_TAG: "13.8.4"
+  BASE_TAG: "13.9.0"
 # Docker image labels
 labels:
   org.opencontainers.image.title: "Gitlab Rails"
@@ -22,7 +22,7 @@ labels:
   org.opencontainers.image.url: "https://about.gitlab.com/"
   ## Name of the distributing entity, organization or individual
   org.opencontainers.image.vendor: "Gitlab"
-  org.opencontainers.image.version: "13.8.4"
+  org.opencontainers.image.version: "13.9.0"
   ## Keywords to help with search (ex. "cicd,gitops,golang")
   mil.dso.ironbank.image.keywords: "gitlab, git, gitops"
   ## This value can be "opensource" or "commercial"
@@ -43,8 +43,8 @@ maintainers:
     username: "alfontaine"
     email: "alan.fontaine@centauricorp.com"
 resources: 
-  - url: "https://gitlab-ubi.s3.amazonaws.com/ubi8-build-dependencies-v13.8.4-ubi8/gitlab-rails-ee.tar.gz"
+  - url: "https://gitlab-ubi.s3.amazonaws.com/ubi8-build-dependencies-v13.9.0-ubi8/gitlab-rails-ee.tar.gz"
     filename: "gitlab-rails-ee.tar.gz"
     validation:
       type: "sha256"
-      value: "21d009575d8c5727379b8a5a8880c3ed896498ff5f33ce0df73a7936adf2fd8b"
+      value: "02806fb74bd256c94c5af618c3bf743d449514bd666d7b2c15307406e7c171fa"
diff --git a/scripts/custom-instance-setup b/scripts/custom-instance-setup
index b760ee3..f1b707e 100755
--- a/scripts/custom-instance-setup
+++ b/scripts/custom-instance-setup
@@ -1,20 +1,35 @@
-#!/bin/bash
-
-set -e
-
-# This `echo` should be updated whenever there are alterations to the script below
-echo "Disable authorized keys write in the database and enable the 'ci_enable_live_trace' feature flag"
+#!/usr/bin/env ruby
+# frozen_string_literal: true
 
 # Workaround for disabling the authorized_keys write to the database.
 # A proper fix is being tracked in: https://gitlab.com/gitlab-org/gitlab-ee/issues/4156
-#
-# Also, enable feature flags for object storage:
-# - ci_enable_live_trace: archive traces in object storage as artifacts, live data in Redis
-read -r -d '\0' CUSTOM_INSTANCE_SETUP <<- EOM
-(::ApplicationSetting.current_without_cache || ::ApplicationSetting.create_from_defaults).update_attribute(:authorized_keys_enabled, false)
+puts 'Disabling authorized keys write in the database.'
+setting = ::ApplicationSetting.current_without_cache || ::ApplicationSetting.create_from_defaults
+setting.update_attribute(:authorized_keys_enabled, false)
 
+puts 'Enabling incremental logging of CI jobs.'
 Feature.enable('ci_enable_live_trace')
-\0
-EOM
 
-/srv/gitlab/bin/rails runner -e production "$CUSTOM_INSTANCE_SETUP"
+puts 'Disabling access to disk storage for GitLab Pages'
+Feature.disable('pages_update_legacy_storage')
+
+puts 'Registering OAuth applications.'
+secrets_dir = ENV['OAUTH_SECRET_DIR'] || '/etc/gitlab/oauth-secrets'
+Dir.glob("#{secrets_dir}/*").each do |app_path|
+  app = File.basename(app_path).titleize
+  puts "Registering #{app} as an OAuth application."
+  begin
+    uid = File.read(File.join(app_path, 'appid')).strip
+    secret = File.read(File.join(app_path, 'appsecret')).strip
+    redirecturi = File.read(File.join(app_path, 'redirecturi')).strip
+
+    Doorkeeper::Application.where({ redirect_uri: redirecturi, name: app, uid: uid, secret: secret }).first_or_create
+    puts "Successfully registered #{app}."
+  rescue Errno::ENOENT
+    puts "Necessary secrets not found. Skipping registration of #{app}"
+    next
+  rescue RuntimeError
+    puts "Failed to register #{app}."
+    next
+  end
+end
diff --git a/scripts/db-migrate b/scripts/db-migrate
index ad6679e..b35c7f9 100755
--- a/scripts/db-migrate
+++ b/scripts/db-migrate
@@ -16,4 +16,4 @@ cd /srv/gitlab
 /srv/gitlab/bin/rake gitlab:db:configure
 
 echo "Performing custom instance setup"
-/scripts/custom-instance-setup
+/srv/gitlab/bin/rails runner -e production /scripts/custom-instance-setup
-- 
GitLab