Automated usage of Gitlab

Ben Cooksley bcooksley at kde.org
Sun Jul 3 11:45:37 BST 2022


Hi all,

Recent analysis of the logs of our Giltab instance has revealed numerous
instances of files being directly retrieved from Gitlab (using the /raw/
API). Much to my incredible sadness, this has included accesses being made
by KDE Applications themselves.

As a reminder, automated access to the "raw files" API of Gitlab is
strictly prohibited and not permitted under any circumstances. The only use
of it which is allowed is within .gitlab-ci.yml files to import job
definitions from sysadmin/ci-utilities.

At this time I am tracking:
- Retrieval of qt/qt/qtbase - .qmake.conf and extra-cmake-modules -
FindUDev.cmake and COPYING-CMAKE-SCRIPTS from systems operating in
Microsoft Azure using curl.

- Retrieval of *.colors files from the Breeze repositories, originating
from KDE CI/CD servers, likely as a consequence of unit tests or Craft
builds

- Retrieval of various code examples from various repositories, originating
from KDE CI/CD servers, likely due to unit tests or Craft builds utilising
them

- Retrieval by Digikam itself of files from the Digikam code repository
(see
https://invent.kde.org/graphics/digikam/-/blob/master/core/libs/onlineversion/onlineversionchecker.cpp
)

The last one is particularly upsetting, as this is how we ended up with a
bad situation with Discover.

Developers - please discuss with Sysadmin before implementing functionality
in your software that communicates with KDE.org infrastructure so we can
ensure that the endpoints you are contacting are highly scalable.
Gitlab does not meet this criteria by any definition at all.

If we could please get these corrected that would be appreciated.

Thanks,
Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-devel/attachments/20220703/973af806/attachment.htm>


More information about the kde-devel mailing list