From 25425821fec5c9e2ce26755b020ff71e38fab8a4 Mon Sep 17 00:00:00 2001
From: DJ Mountney <dj@gitlab.com>
Date: Sat, 22 May 2021 08:04:24 -0700
Subject: [PATCH 1/3] Update GitLab to the 13.12.0 Feature Release

---
 Dockerfile              |  4 ++--
 build-scripts/build.sh  |  2 +-
 hardening_manifest.yaml | 10 +++++-----
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 6e58265..58d9930 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,8 +1,8 @@
-ARG GITLAB_VERSION=v13.11.2-ubi8
+ARG GITLAB_VERSION=v13.12.0-ubi8
 
 ARG BASE_REGISTRY=nexus-docker-secure.levelup-nexus.svc.cluster.local:18082
 ARG BASE_IMAGE=gitlab/gitlab/gitlab-ruby
-ARG BASE_TAG=13.11.2
+ARG BASE_TAG=13.12.0
 
 ARG RUBY_IMAGE=${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 
diff --git a/build-scripts/build.sh b/build-scripts/build.sh
index bb549a8..aa405d7 100755
--- a/build-scripts/build.sh
+++ b/build-scripts/build.sh
@@ -4,7 +4,7 @@
 
 set -euxo pipefail
 
-TAG=${1:-13.11.2}
+TAG=${1:-13.12.0}
 REPOSITORY=${2:-}
 DOCKER_OPTS=${DOCKER_OPTS:-""}
 
diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index a3a8e60..877d6c4 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -5,12 +5,12 @@ name: "gitlab/gitlab/gitlab-rails"
 # The most specific version should be the first tag and will be shown
 # on ironbank.dsop.io
 tags:
-  - "13.11.2"
+  - "13.12.0"
   - "latest"
 # Build args passed to Dockerfile ARGs
 args:
   BASE_IMAGE: "gitlab/gitlab/gitlab-ruby"
-  BASE_TAG: "13.11.2"
+  BASE_TAG: "13.12.0"
 # Docker image labels
 labels:
   org.opencontainers.image.title: "Gitlab Rails"
@@ -22,7 +22,7 @@ labels:
   org.opencontainers.image.url: "https://about.gitlab.com/"
   ## Name of the distributing entity, organization or individual
   org.opencontainers.image.vendor: "Gitlab"
-  org.opencontainers.image.version: "13.11.2"
+  org.opencontainers.image.version: "13.12.0"
   ## Keywords to help with search (ex. "cicd,gitops,golang")
   mil.dso.ironbank.image.keywords: "gitlab, git, gitops"
   ## This value can be "opensource" or "commercial"
@@ -43,8 +43,8 @@ maintainers:
     username: "alfontaine"
     email: "alan.fontaine@centauricorp.com"
 resources: 
-  - url: "https://gitlab-ubi.s3.amazonaws.com/ubi8-build-dependencies-v13.11.2-ubi8/gitlab-rails-ee.tar.gz"
+  - url: "https://gitlab-ubi.s3.amazonaws.com/ubi8-build-dependencies-v13.12.0-ubi8/gitlab-rails-ee.tar.gz"
     filename: "gitlab-rails-ee.tar.gz"
     validation:
       type: "sha256"
-      value: "88f674a16a0217c18e6e364569d47ec016a71e556d781e0ef231668afb35915b"
+      value: "c6a8ea0963c328909e9b4a78c18195728ade17ce4e9504afd01d1aeba20af96b"
-- 
GitLab


From ff5cd44bcfbc67667f01634d8990242f83194ee4 Mon Sep 17 00:00:00 2001
From: Steven Terhar <sterhar@gitlab.com>
Date: Wed, 2 Jun 2021 14:28:38 +0000
Subject: [PATCH 2/3] Update GitLab to the 13.12.2 Security Release

---
 Dockerfile              |  4 ++--
 build-scripts/build.sh  |  2 +-
 hardening_manifest.yaml | 10 +++++-----
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 58d9930..69fe487 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,8 +1,8 @@
-ARG GITLAB_VERSION=v13.12.0-ubi8
+ARG GITLAB_VERSION=v13.12.2-ubi8
 
 ARG BASE_REGISTRY=nexus-docker-secure.levelup-nexus.svc.cluster.local:18082
 ARG BASE_IMAGE=gitlab/gitlab/gitlab-ruby
-ARG BASE_TAG=13.12.0
+ARG BASE_TAG=13.12.2
 
 ARG RUBY_IMAGE=${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 
diff --git a/build-scripts/build.sh b/build-scripts/build.sh
index aa405d7..a96b1b5 100755
--- a/build-scripts/build.sh
+++ b/build-scripts/build.sh
@@ -4,7 +4,7 @@
 
 set -euxo pipefail
 
-TAG=${1:-13.12.0}
+TAG=${1:-13.12.2}
 REPOSITORY=${2:-}
 DOCKER_OPTS=${DOCKER_OPTS:-""}
 
diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index 877d6c4..309fa49 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -5,12 +5,12 @@ name: "gitlab/gitlab/gitlab-rails"
 # The most specific version should be the first tag and will be shown
 # on ironbank.dsop.io
 tags:
-  - "13.12.0"
+  - "13.12.2"
   - "latest"
 # Build args passed to Dockerfile ARGs
 args:
   BASE_IMAGE: "gitlab/gitlab/gitlab-ruby"
-  BASE_TAG: "13.12.0"
+  BASE_TAG: "13.12.2"
 # Docker image labels
 labels:
   org.opencontainers.image.title: "Gitlab Rails"
@@ -22,7 +22,7 @@ labels:
   org.opencontainers.image.url: "https://about.gitlab.com/"
   ## Name of the distributing entity, organization or individual
   org.opencontainers.image.vendor: "Gitlab"
-  org.opencontainers.image.version: "13.12.0"
+  org.opencontainers.image.version: "13.12.2"
   ## Keywords to help with search (ex. "cicd,gitops,golang")
   mil.dso.ironbank.image.keywords: "gitlab, git, gitops"
   ## This value can be "opensource" or "commercial"
@@ -43,8 +43,8 @@ maintainers:
     username: "alfontaine"
     email: "alan.fontaine@centauricorp.com"
 resources: 
-  - url: "https://gitlab-ubi.s3.amazonaws.com/ubi8-build-dependencies-v13.12.0-ubi8/gitlab-rails-ee.tar.gz"
+  - url: "https://gitlab-ubi.s3.amazonaws.com/ubi8-build-dependencies-v13.12.2-ubi8/gitlab-rails-ee.tar.gz"
     filename: "gitlab-rails-ee.tar.gz"
     validation:
       type: "sha256"
-      value: "c6a8ea0963c328909e9b4a78c18195728ade17ce4e9504afd01d1aeba20af96b"
+      value: "bce5112666ada7189b99e52c9ca6b6324f6d86fc5ad398fc3cd495f1468cebf4"
-- 
GitLab


From 9c945beb7620d2535b8ed5cb36ba922fa70cead1 Mon Sep 17 00:00:00 2001
From: DJ Mountney <dj@gitlab.com>
Date: Tue, 22 Jun 2021 07:28:11 -0700
Subject: [PATCH 3/3] Update GitLab to the 14.0.0 Major Release

---
 Dockerfile                       |  4 ++--
 build-scripts/build.sh           |  2 +-
 hardening_manifest.yaml          | 10 +++++-----
 scripts/lib/checks/postgresql.rb | 10 ++++++++--
 4 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 69fe487..ed3b20a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,8 +1,8 @@
-ARG GITLAB_VERSION=v13.12.2-ubi8
+ARG GITLAB_VERSION=v14.0.0-ubi8
 
 ARG BASE_REGISTRY=nexus-docker-secure.levelup-nexus.svc.cluster.local:18082
 ARG BASE_IMAGE=gitlab/gitlab/gitlab-ruby
-ARG BASE_TAG=13.12.2
+ARG BASE_TAG=14.0.0
 
 ARG RUBY_IMAGE=${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 
diff --git a/build-scripts/build.sh b/build-scripts/build.sh
index a96b1b5..1431e03 100755
--- a/build-scripts/build.sh
+++ b/build-scripts/build.sh
@@ -4,7 +4,7 @@
 
 set -euxo pipefail
 
-TAG=${1:-13.12.2}
+TAG=${1:-14.0.0}
 REPOSITORY=${2:-}
 DOCKER_OPTS=${DOCKER_OPTS:-""}
 
diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index 309fa49..a35f5bc 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -5,12 +5,12 @@ name: "gitlab/gitlab/gitlab-rails"
 # The most specific version should be the first tag and will be shown
 # on ironbank.dsop.io
 tags:
-  - "13.12.2"
+  - "14.0.0"
   - "latest"
 # Build args passed to Dockerfile ARGs
 args:
   BASE_IMAGE: "gitlab/gitlab/gitlab-ruby"
-  BASE_TAG: "13.12.2"
+  BASE_TAG: "14.0.0"
 # Docker image labels
 labels:
   org.opencontainers.image.title: "Gitlab Rails"
@@ -22,7 +22,7 @@ labels:
   org.opencontainers.image.url: "https://about.gitlab.com/"
   ## Name of the distributing entity, organization or individual
   org.opencontainers.image.vendor: "Gitlab"
-  org.opencontainers.image.version: "13.12.2"
+  org.opencontainers.image.version: "14.0.0"
   ## Keywords to help with search (ex. "cicd,gitops,golang")
   mil.dso.ironbank.image.keywords: "gitlab, git, gitops"
   ## This value can be "opensource" or "commercial"
@@ -43,8 +43,8 @@ maintainers:
     username: "alfontaine"
     email: "alan.fontaine@centauricorp.com"
 resources: 
-  - url: "https://gitlab-ubi.s3.amazonaws.com/ubi8-build-dependencies-v13.12.2-ubi8/gitlab-rails-ee.tar.gz"
+  - url: "https://gitlab-ubi.s3.amazonaws.com/ubi8-build-dependencies-v14.0.0-ubi8/gitlab-rails-ee.tar.gz"
     filename: "gitlab-rails-ee.tar.gz"
     validation:
       type: "sha256"
-      value: "bce5112666ada7189b99e52c9ca6b6324f6d86fc5ad398fc3cd495f1468cebf4"
+      value: "186acdaa8c433a94c8ba39b268927583e93113e0e3c2f423848632ad294a78cf"
diff --git a/scripts/lib/checks/postgresql.rb b/scripts/lib/checks/postgresql.rb
index 267911d..eaf8296 100644
--- a/scripts/lib/checks/postgresql.rb
+++ b/scripts/lib/checks/postgresql.rb
@@ -52,7 +52,13 @@ module Checks
       ActiveRecord::Base.establish_connection(config)
       begin
         @@database_version = ActiveRecord::Migrator.current_version
-        true
+
+        # Rails silently eats `ActiveRecord::NoDatabaseError` when calling `current_version`
+        # This stems from https://github.com/rails/rails/blob/v6.0.3.6/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb#L48-L54
+        puts "WARNING: Problem accessing '#{config.database}' database. Confirm username, password, and permissions." if @@database_version.nil?
+
+        # returning false prevents bailing when BYPASS_SCHEMA_VERSION set.
+        !@@database_version.nil?
       rescue PG::ConnectionBad => e
         puts "PostgreSQL Error: #{e.message}"
         false
@@ -71,7 +77,7 @@ module Checks
 
       return true if (ENV['BYPASS_SCHEMA_VERSION'] && success)
 
-      (success && @@database_version >= codebase_schema_version)
+      (success && @@database_version.to_i >= codebase_schema_version)
     end
   end
 end
-- 
GitLab