Replace SSRF resolver with Addrinfo.getaddrinfo to include alternative localhost versions
See merge request gitlab/gitlabhq!2219
(cherry picked from commit 4a1e73783d)
1bffa0c3 Replace SSRF resolver with Addrinfo.getaddrinfo to include alternative localhost versions
GitHub Enterprise disables rate limiting for the API, resulting in HTTP
404 errors when requesting rate limiting details. This changes
Gitlab::GithubImport::Client so it can deal with rate limiting being
disabled.
Prior to this MR there were two GitHub related importers:
* Github::Import: the main importer used for GitHub projects
* Gitlab::GithubImport: importer that's somewhat confusingly used for
importing Gitea projects (apparently they have a compatible API)
This MR renames the Gitea importer to Gitlab::LegacyGithubImport and
introduces a new GitHub importer in the Gitlab::GithubImport namespace.
This new GitHub importer uses Sidekiq for importing multiple resources
in parallel, though it also has the ability to import data sequentially
should this be necessary.
The new code is spread across the following directories:
* lib/gitlab/github_import: this directory contains most of the importer
code such as the classes used for importing resources.
* app/workers/gitlab/github_import: this directory contains the Sidekiq
workers, most of which simply use the code from the directory above.
* app/workers/concerns/gitlab/github_import: this directory provides a
few modules that are included in every GitHub importer worker.
== Stages
The import work is divided into separate stages, with each stage
importing a specific set of data. Stages will schedule the work that
needs to be performed, followed by scheduling a job for the
"AdvanceStageWorker" worker. This worker will periodically check if all
work is completed and schedule the next stage if this is the case. If
work is not yet completed this worker will reschedule itself.
Using this approach we don't have to block threads by calling `sleep()`,
as doing so for large projects could block the thread from doing any
work for many hours.
== Retrying Work
Workers will reschedule themselves whenever necessary. For example,
hitting the GitHub API's rate limit will result in jobs rescheduling
themselves. These jobs are not processed until the rate limit has been
reset.
== User Lookups
Part of the importing process involves looking up user details in the
GitHub API so we can map them to GitLab users. The old importer used
an in-memory cache, but this obviously doesn't work when the work is
spread across different threads.
The new importer uses a Redis cache and makes sure we only perform
API/database calls if absolutely necessary. Frequently used keys are
refreshed, and lookup misses are also cached; removing the need for
performing API/database calls if we know we don't have the data we're
looking for.
== Performance & Models
The new importer in various places uses raw INSERT statements (as
generated by `Gitlab::Database.bulk_insert`) instead of using Rails
models. This allows us to bypass any validations and callbacks,
drastically reducing the number of SQL queries and Gitaly RPC calls
necessary to import projects.
To ensure the code produces valid data the corresponding tests check if
the produced rows are valid according to the model validation rules.
This adds the keyword argument "return_ids" to
Gitlab::Database.bulk_insert. When set to `true` (and PostgreSQL is
used) this method will return an Array of the IDs of the inserted rows,
otherwise it will return an empty Array.
This method can be called with an array, or a relation:
1. Arrays always have a limited amount of values, so that's fine.
2. If the relation does not have a limit value applied, then we will load every
single object in that collection, and prevent N+1 queries for the metadata
for that. But that's wrong, because we should never call this without an
explicit limit set. So we raise in that case, and this commit will see which
specs fail.
The only failing specs here were the issues API specs, and the specs for
IssuableMetadata itself, and both have been addressed.
Routes with the name `legacy_*_redirect` may have wildcards deliberately, in
order to support routing old paths to new paths. As long as these routes are
tested independently, they do not need to fail the path regex spec.
This allows input to start processing immediately without waiting for the process to complete.
This also allows long or infinite inputs to be partially processed,
which will termiate the process when reading stops with SIGPIPE.
also, I refactored the MergeRequest#fetch_ref method to express
the side-effect that this method has.
MergeRequest#fetch_ref -> MergeRequest#fetch_ref!
Repository#fetch_source_branch -> Repository#fetch_source_branch!
Douwe Maan
Rémy Coutable
Alejandro Rodríguez
Lin Jen-Shin (godfat)
Jacob Vosmaer (GitLab)
Sean McGivern
Yorick Peterse
James Edwards-Jones
micael.bergeron
Stan Hu
James Lopez
Bob Van Landuyt
Pawel Chojnacki
Joe Marty
Shinya Maeda
Sean McGivern
Alessio Caiazza
Clement Ho
James Lopez
Eric Eastwood
Grzegorz Bizon
Tim Zallmann
Markus Koller
Filipa Lacerda
Douwe Maan
Brett Walker