Automated usage of Gitlab
Ben Cooksley
bcooksley at kde.org
Mon Jul 4 10:30:08 BST 2022
On Mon, Jul 4, 2022 at 5:11 AM Julius Künzel <jk.kdedev at smartlab.uber.space>
wrote:
> 3. Juli 2022 um 13:43, "Nicolas Fella" <nicolas.fella at gmx.de> schrieb:
>
> >
> > On 7/3/22 12:45, Ben Cooksley wrote:
> >
> > >
> > > Hi all,
> > >
> > > Recent analysis of the logs of our Giltab instance has revealed
> > > numerous instances of files being directly retrieved from Gitlab
> > > (using the /raw/ API). Much to my incredible sadness, this has
> > > included accesses being made by KDE Applications themselves.
> > >
> > > As a reminder, automated access to the "raw files" API of Gitlab is
> > > strictly prohibited and not permitted under any circumstances. The
> > > only use of it which is allowed is within .gitlab-ci.yml files to
> > > import job definitions from sysadmin/ci-utilities.
> > >
> > > At this time I am tracking:
> > > - Retrieval of qt/qt/qtbase - .qmake.conf and extra-cmake-modules -
> > > FindUDev.cmake and COPYING-CMAKE-SCRIPTS from systems operating in
> > > Microsoft Azure using curl.
> > >
> > > - Retrieval of *.colors files from the Breeze repositories,
> > > originating from KDE CI/CD servers, likely as a consequence of unit
> > > tests or Craft builds
> > >
> >
> > That looks like
> >
> https://invent.kde.org/packaging/craft-blueprints-kde/-/blob/master/kde/kdemultimedia/kdenlive/kdenlive.py#L116
> >
> > That's the only usage of raw invent URLs I see in craft-blueprints-kde
>
> I removed that code now. It was introduced in a pre GitLab time and later
> just ported, but not need anymore. See
> https://invent.kde.org/packaging/craft-blueprints-kde/-/commit/26d86498d6deaf3183723575d487379f01525607
Thanks for fixing that Julius - appreciated!
>
>
> >
> > >
> > > - Retrieval of various code examples from various repositories,
> > > originating from KDE CI/CD servers, likely due to unit tests or Craft
> > > builds utilising them
> > >
> > > - Retrieval by Digikam itself of files from the Digikam code
> > > repository (see
> > >
> https://invent.kde.org/graphics/digikam/-/blob/master/core/libs/onlineversion/onlineversionchecker.cpp
> )
> > >
> > > The last one is particularly upsetting, as this is how we ended up
> > > with a bad situation with Discover.
> > >
> > > Developers - please discuss with Sysadmin before implementing
> > > functionality in your software that communicates with KDE.org
> > > infrastructure so we can ensure that the endpoints you are contacting
> > > are highly scalable.
> > > Gitlab does not meet this criteria by any definition at all.
> > >
> > > If we could please get these corrected that would be appreciated.
> > >
> > > Thanks,
> > > Ben
> > >
> >
>
Cheers,
Ben
>
> Julius Künzel
> Volunteer KDE Developer, mainly hacking Kdenlive
> KDE GitLab: https://my.kde.org/user/jlskuz/
> Matrix: @jlskuz:kde.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-devel/attachments/20220704/4922830a/attachment.htm>
More information about the kde-devel
mailing list