Automated usage of Gitlab

Ben Cooksley bcooksley at kde.org
Mon Jul 4 10:30:08 BST 2022 

On Mon, Jul 4, 2022 at 5:11 AM Julius Künzel <jk.kdedev at smartlab.uber.space>
wrote:

> 3. Juli 2022 um 13:43, "Nicolas Fella" <nicolas.fella at gmx.de> schrieb:
>
> >
> > On 7/3/22 12:45, Ben Cooksley wrote:
> >
> > >
> > > Hi all,
> > >
> > >  Recent analysis of the logs of our Giltab instance has revealed
> > >  numerous instances of files being directly retrieved from Gitlab
> > >  (using the /raw/ API). Much to my incredible sadness, this has
> > >  included accesses being made by KDE Applications themselves.
> > >
> > >  As a reminder, automated access to the "raw files" API of Gitlab is
> > >  strictly prohibited and not permitted under any circumstances. The
> > >  only use of it which is allowed is within .gitlab-ci.yml files to
> > >  import job definitions from sysadmin/ci-utilities.
> > >
> > >  At this time I am tracking:
> > >  - Retrieval of qt/qt/qtbase - .qmake.conf and extra-cmake-modules -
> > >  FindUDev.cmake and COPYING-CMAKE-SCRIPTS from systems operating in
> > >  Microsoft Azure using curl.
> > >
> > >  - Retrieval of *.colors files from the Breeze repositories,
> > >  originating from KDE CI/CD servers, likely as a consequence of unit
> > >  tests or Craft builds
> > >
> >
> > That looks like
> >
> https://invent.kde.org/packaging/craft-blueprints-kde/-/blob/master/kde/kdemultimedia/kdenlive/kdenlive.py#L116
> >
> > That's the only usage of raw invent URLs I see in craft-blueprints-kde
>
> I removed that code now. It was introduced in a pre GitLab time and later
> just ported, but not need anymore. See
> https://invent.kde.org/packaging/craft-blueprints-kde/-/commit/26d86498d6deaf3183723575d487379f01525607


Thanks for fixing that Julius - appreciated!


>
>
> >
> > >
> > > - Retrieval of various code examples from various repositories,
> > >  originating from KDE CI/CD servers, likely due to unit tests or Craft
> > >  builds utilising them
> > >
> > >  - Retrieval by Digikam itself of files from the Digikam code
> > >  repository (see
> > >
> https://invent.kde.org/graphics/digikam/-/blob/master/core/libs/onlineversion/onlineversionchecker.cpp
> )
> > >
> > >  The last one is particularly upsetting, as this is how we ended up
> > >  with a bad situation with Discover.
> > >
> > >  Developers - please discuss with Sysadmin before implementing
> > >  functionality in your software that communicates with KDE.org
> > >  infrastructure so we can ensure that the endpoints you are contacting
> > >  are highly scalable.
> > >  Gitlab does not meet this criteria by any definition at all.
> > >
> > >  If we could please get these corrected that would be appreciated.
> > >
> > >  Thanks,
> > >  Ben
> > >
> >
>

Cheers,
Ben


>
> Julius Künzel
> Volunteer KDE Developer, mainly hacking Kdenlive
> KDE GitLab: https://my.kde.org/user/jlskuz/
> Matrix: @jlskuz:kde.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-devel/attachments/20220704/4922830a/attachment.htm>

More information about the kde-devel mailing list