gitlab: 8.5.12 -> 8.10.3, update module

Fixes #14795.

nixos/modules/services/misc/gitlab.nix

@@ -57,42 +57,23 @@ let
           issues = true;
           merge_requests = true;
           wiki = true;
-          snippets = false;
+          snippets = true;
           builds = true;
+          container_registry = true;
         };
       };
-      artifacts = {
+      repositories.storages.default = "${cfg.statePath}/repositories";
-        enabled = true;
+      artifacts.enabled = true;
-      };
+      lfs.enabled = true;
-      lfs = {
+      gravatar.enabled = true;
-        enabled = true;
+      cron_jobs = { };
-      };
+      gitlab_ci.builds_path = "${cfg.statePath}/builds";
-      gravatar = {
+      ldap.enabled = false;
-        enabled = true;
+      omniauth.enabled = false;
-      };
+      shared.path = "${cfg.statePath}/shared";
-      cron_jobs = {
+      backup.path = "${cfg.backupPath}";
-        stuck_ci_builds_worker = {
-          cron = "0 0 * * *";
-        };
-      };
-      gitlab_ci = {
-        builds_path = "${cfg.statePath}/builds";
-      };
-      ldap = {
-        enabled = false;
-      };
-      omniauth = {
-        enabled = false;
-      };
-      shared = {
-        path = "${cfg.statePath}/shared";
-      };
-      backup = {
-        path = "${cfg.backupPath}";
-      };
       gitlab_shell = {
         path = "${cfg.packages.gitlab-shell}";
-        repos_path = "${cfg.statePath}/repositories";
         hooks_path = "${cfg.statePath}/shell/hooks";
         secret_file = "${cfg.statePath}/config/gitlab_shell_secret";
         upload_pack = true;
@@ -127,19 +108,38 @@ let
 
   gitlab-runner = pkgs.stdenv.mkDerivation rec {
     name = "gitlab-runner";
-    buildInputs = [ cfg.packages.gitlab bundler pkgs.makeWrapper ];
+    buildInputs = [ cfg.packages.gitlab cfg.packages.gitlab.env pkgs.makeWrapper ];
     phases = "installPhase fixupPhase";
     buildPhase = "";
     installPhase = ''
       mkdir -p $out/bin
-      makeWrapper ${bundler}/bin/bundle $out/bin/gitlab-runner \
+      makeWrapper ${cfg.packages.gitlab.env}/bin/bundle $out/bin/gitlab-runner \
-          ${concatStrings (mapAttrsToList (name: value: "--set ${name} '\"${value}\"' ") gitlabEnv)} \
+          ${concatStrings (mapAttrsToList (name: value: "--set ${name} '${value}' ") gitlabEnv)} \
-          --set GITLAB_CONFIG_PATH '"${cfg.statePath}/config"' \
+          --set GITLAB_CONFIG_PATH '${cfg.statePath}/config' \
-          --set PATH '"${pkgs.nodejs}/bin:${pkgs.gzip}/bin:${config.services.postgresql.package}/bin:$PATH"' \
+          --set PATH '${pkgs.nodejs}/bin:${pkgs.gzip}/bin:${config.services.postgresql.package}/bin:$PATH' \
-          --set RAKEOPT '"-f ${cfg.packages.gitlab}/share/gitlab/Rakefile"'
+          --set RAKEOPT '-f ${cfg.packages.gitlab}/share/gitlab/Rakefile' \
+          --run 'cd ${cfg.packages.gitlab}/share/gitlab'
     '';
   };
 
+  smtpSettings = pkgs.writeText "gitlab-smtp-settings.rb" ''
+    if Rails.env.production?
+      Rails.application.config.action_mailer.delivery_method = :smtp
+
+      ActionMailer::Base.delivery_method = :smtp
+      ActionMailer::Base.smtp_settings = {
+        address: "${cfg.smtp.address}",
+        port: ${toString cfg.smtp.port},
+        ${optionalString (cfg.smtp.username != null) ''user_name: "${cfg.smtp.username}",''}
+        ${optionalString (cfg.smtp.password != null) ''password: "${cfg.smtp.password}",''}
+        domain: "${cfg.smtp.domain}",
+        ${optionalString (cfg.smtp.authentication != null) "authentication: :${cfg.smtp.authentication},"}
+        enable_starttls_auto: ${toString cfg.smtp.enableStartTLSAuto},
+        openssl_verify_mode: '${cfg.smtp.opensslVerifyMode}'
+      }
+    end
+  '';
+
 in {
 
   options = {
@@ -255,6 +255,62 @@ in {
         '';
       };
 
+      smtp = {
+        enable = mkOption {
+          type = types.bool;
+          default = false;
+          description = "Enable gitlab mail delivery over SMTP.";
+        };
+
+        address = mkOption {
+          type = types.str;
+          default = "localhost";
+          description = "Address of the SMTP server for Gitlab.";
+        };
+
+        port = mkOption {
+          type = types.int;
+          default = 465;
+          description = "Port of the SMTP server for Gitlab.";
+        };
+
+        username = mkOption {
+          type = types.nullOr types.str;
+          default = null;
+          description = "Username of the SMTP server for Gitlab.";
+        };
+
+        password = mkOption {
+          type = types.nullOr types.str;
+          default = null;
+          description = "Password of the SMTP server for Gitlab.";
+        };
+
+        domain = mkOption {
+          type = types.str;
+          default = "localhost";
+          description = "HELO domain to use for outgoing mail.";
+        };
+
+        authentication = mkOption {
+          type = types.nullOr types.str;
+          default = null;
+          description = "Authentitcation type to use, see http://api.rubyonrails.org/classes/ActionMailer/Base.html";
+        };
+
+        enableStartTLSAuto = mkOption {
+          type = types.bool;
+          default = true;
+          description = "Whether to try to use StartTLS.";
+        };
+
+        opensslVerifyMode = mkOption {
+          type = types.str;
+          default = "peer";
+          description = "How OpenSSL checks the certificate, see http://api.rubyonrails.org/classes/ActionMailer/Base.html";
+        };
+      };
+
       extraConfig = mkOption {
         type = types.attrs;
         default = {};
@@ -308,6 +364,7 @@ in {
     systemd.services.gitlab-sidekiq = {
       after = [ "network.target" "redis.service" ];
       wantedBy = [ "multi-user.target" ];
+      partOf = [ "gitlab.service" ];
       environment = gitlabEnv;
       path = with pkgs; [
         config.services.postgresql.package
@@ -322,7 +379,7 @@ in {
         Group = cfg.group;
         TimeoutSec = "300";
         WorkingDirectory = "${cfg.packages.gitlab}/share/gitlab";
-        ExecStart="${bundler}/bin/bundle exec \"sidekiq -q post_receive -q mailers -q system_hook -q project_web_hook -q gitlab_shell -q common -q default -e production -P ${cfg.statePath}/tmp/sidekiq.pid\"";
+        ExecStart="${cfg.packages.gitlab.env}/bin/bundle exec \"sidekiq -q post_receive -q mailers -q system_hook -q project_web_hook -q gitlab_shell -q common -q default -e production -P ${cfg.statePath}/tmp/sidekiq.pid\"";
       };
     };
 
@@ -397,6 +454,9 @@ in {
         chmod -R u+rwX,go-rwx+X ${gitlabEnv.HOME}/
 
         cp -rf ${cfg.packages.gitlab}/share/gitlab/config.dist/* ${cfg.statePath}/config
+        ${optionalString cfg.smtp.enable ''
+          ln -sf ${smtpSettings} ${cfg.statePath}/config/initializers/smtp_settings.rb
+        ''}
         ln -sf ${cfg.statePath}/config /run/gitlab/config
         cp ${cfg.packages.gitlab}/share/gitlab/VERSION ${cfg.statePath}/VERSION
 
@@ -441,8 +501,9 @@ in {
         User = cfg.user;
         Group = cfg.group;
         TimeoutSec = "300";
+        Restart = "on-failure";
         WorkingDirectory = "${cfg.packages.gitlab}/share/gitlab";
-        ExecStart="${bundler}/bin/bundle exec \"unicorn -c ${cfg.statePath}/config/unicorn.rb -E production\"";
+        ExecStart = "${cfg.packages.gitlab.env}/bin/bundle exec \"unicorn -c ${cfg.statePath}/config/unicorn.rb -E production\"";
       };
 
     };

pkgs/applications/version-management/gitlab-shell/default.nix

@@ -1,14 +1,14 @@
 { stdenv, ruby, bundler, fetchFromGitLab }:
 
 stdenv.mkDerivation rec {
-  version = "2.6.10";
+  version = "3.2.1";
   name = "gitlab-shell-${version}";
 
   srcs = fetchFromGitLab {
     owner = "gitlab-org";
     repo = "gitlab-shell";
     rev = "v${version}";
-    sha256 = "1f1ma49xpkan2iksnw9amzjdw6i0bxnzdbsk0329m7if4987vcqd";
+    sha256 = "099w4s606k2mk9xc42jwqym1ycr20824w6nkf3zpiv17slwakw90";
   };
 
   buildInputs = [

pkgs/applications/version-management/gitlab-workhorse/default.nix

@@ -1,14 +1,14 @@
 { stdenv, fetchFromGitLab, git, go }:
 
 stdenv.mkDerivation rec {
-  version = "0.6.4";
+  version = "0.7.8";
   name = "gitlab-workhorse-${version}";
 
   srcs = fetchFromGitLab {
     owner = "gitlab-org";
     repo = "gitlab-workhorse";
-    rev = version;
+    rev = "v${version}";
-    sha256 = "09bs3kdmqi6avdak2nqma141y4fhfv050zwqqx7qh9a9hgkgwjxw";
+    sha256 = "03lhgmd8w2ainvgf2q3pgafz2jl5g4x32qyybyijlyxfl07vkg4g";
   };
 
   buildInputs = [ git go ];

pkgs/applications/version-management/gitlab/Gemfile

@@ -1,67 +1,71 @@
-source "https://rubygems.org"
+source 'https://rubygems.org'
 
-gem 'rails', '4.2.5.2'
+gem 'rails', '4.2.7'
 gem 'rails-deprecated_sanitizer', '~> 1.0.3'
 
 # Responders respond_to and respond_with
 gem 'responders', '~> 2.0'
 
-# Specify a sprockets version due to security issue
+# Specify a sprockets version due to increased performance
-# See https://groups.google.com/forum/#!topic/rubyonrails-security/doAVp0YaTqY
+# See https://gitlab.com/gitlab-org/gitlab-ce/issues/6069
-gem 'sprockets', '~> 2.12.3'
+gem 'sprockets', '~> 3.6.0'
 
 # Default values for AR models
-gem "default_value_for", "~> 3.0.0"
+gem 'default_value_for', '~> 3.0.0'
 
 # Supported DBs
-gem "mysql2", '~> 0.3.16', group: :mysql
+gem 'mysql2', '~> 0.3.16', group: :mysql
-gem "pg", '~> 0.18.2', group: :postgres
+gem 'pg', '~> 0.18.2', group: :postgres
 
 # Authentication libraries
-gem 'devise',                 '~> 3.5.4'
+gem 'devise',                 '~> 4.0'
-gem 'devise-async',           '~> 0.9.0'
+gem 'doorkeeper',             '~> 4.0'
-gem 'doorkeeper',             '~> 2.2.0'
 gem 'omniauth',               '~> 1.3.1'
+gem 'omniauth-auth0',         '~> 1.4.1'
 gem 'omniauth-azure-oauth2',  '~> 0.0.6'
 gem 'omniauth-bitbucket',     '~> 0.0.2'
 gem 'omniauth-cas3',          '~> 1.1.2'
 gem 'omniauth-facebook',      '~> 3.0.0'
 gem 'omniauth-github',        '~> 1.1.1'
 gem 'omniauth-gitlab',        '~> 1.0.0'
-gem 'omniauth-google-oauth2', '~> 0.2.0'
+gem 'omniauth-google-oauth2', '~> 0.4.1'
 gem 'omniauth-kerberos',      '~> 0.3.0', group: :kerberos
-gem 'omniauth-saml',          '~> 1.4.2'
+gem 'omniauth-saml',          '~> 1.6.0'
 gem 'omniauth-shibboleth',    '~> 1.2.0'
 gem 'omniauth-twitter',       '~> 1.2.0'
 gem 'omniauth_crowd',         '~> 2.2.0'
 gem 'rack-oauth2',            '~> 1.2.1'
+gem 'jwt'
 
 # Spam and anti-bot protection
-gem 'recaptcha', require: 'recaptcha/rails'
+gem 'recaptcha', '~> 3.0', require: 'recaptcha/rails'
 gem 'akismet', '~> 2.0'
 
 # Two-factor authentication
-gem 'devise-two-factor', '~> 2.0.0'
+gem 'devise-two-factor', '~> 3.0.0'
 gem 'rqrcode-rails3', '~> 0.1.7'
-gem 'attr_encrypted', '~> 1.3.4'
+gem 'attr_encrypted', '~> 3.0.0'
+gem 'u2f', '~> 0.2.1'
 
 # Browser detection
-gem "browser", '~> 1.0.0'
+gem 'browser', '~> 2.2'
 
 # Extracting information from a git repository
 # Provide access to Gitlab::Git library
-gem "gitlab_git", '~> 8.2'
+gem 'gitlab_git', '~> 10.3.2'
 
 # LDAP Auth
 # GitLab fork with several improvements to original library. For full list of changes
 # see https://github.com/intridea/omniauth-ldap/compare/master...gitlabhq:master
-gem 'gitlab_omniauth-ldap', '~> 1.2.1', require: "omniauth-ldap"
+gem 'gitlab_omniauth-ldap', '~> 1.2.1', require: 'omniauth-ldap'
 
 # Git Wiki
-gem 'gollum-lib', '~> 4.1.0'
+# Required manually in config/initializers/gollum.rb to control load order
+gem 'gollum-lib', '~> 4.2', require: false
+gem 'gollum-rugged_adapter', '~> 0.4.2', require: false
 
 # Language detection
-gem "github-linguist", "~> 4.7.0", require: "linguist"
+gem 'github-linguist', '~> 4.7.0', require: 'linguist'
 
 # API
 gem 'grape',        '~> 0.13.0'
@@ -69,72 +73,80 @@ gem 'grape-entity', '~> 0.4.2'
 gem 'rack-cors',    '~> 0.4.0', require: 'rack/cors'
 
 # Pagination
-gem "kaminari", "~> 0.16.3"
+gem 'kaminari', '~> 0.17.0'
 
 # HAML
-gem "haml-rails", '~> 0.9.0'
+gem 'hamlit', '~> 2.5'
 
 # Files attachments
-gem "carrierwave", '~> 0.9.0'
+gem 'carrierwave', '~> 0.10.0'
 
 # Drag and Drop UI
 gem 'dropzonejs-rails', '~> 0.7.1'
 
+# for backups
+gem 'fog-aws', '~> 0.9'
+gem 'fog-azure', '~> 0.0'
+gem 'fog-core', '~> 1.40'
+gem 'fog-local', '~> 0.3'
+gem 'fog-google', '~> 0.3'
+gem 'fog-openstack', '~> 0.1'
+gem 'fog-rackspace', '~> 0.1.1'
+
 # for aws storage
-gem "fog", "~> 1.36.0"
+gem 'unf', '~> 0.1.4'
-gem "unf", '~> 0.1.4'
 
 # Authorization
-gem "six", '~> 0.2.0'
+gem 'six', '~> 0.2.0'
 
 # Seed data
-gem "seed-fu", '~> 2.3.5'
+gem 'seed-fu', '~> 2.3.5'
 
 # Markdown and HTML processing
 gem 'html-pipeline', '~> 1.11.0'
 gem 'task_list',     '~> 1.0.2', require: 'task_list/railtie'
-gem 'github-markup', '~> 1.3.1'
+gem 'github-markup', '~> 1.4'
 gem 'redcarpet',     '~> 3.3.3'
-gem 'RedCloth',      '~> 4.2.9'
+gem 'RedCloth',      '~> 4.3.2'
 gem 'rdoc',          '~>3.6'
 gem 'org-ruby',      '~> 0.9.12'
 gem 'creole',        '~> 0.5.0'
 gem 'wikicloth',     '0.8.1'
 gem 'asciidoctor',   '~> 1.5.2'
-gem 'rouge',         '~> 1.10.1'
+gem 'rouge',         '~> 2.0'
 
 # See https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s
 # and https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM
-gem 'nokogiri', '~> 1.6.7', '>= 1.6.7.2'
+gem 'nokogiri', '~> 1.6.7', '>= 1.6.7.2', '< 1.6.8'
 
 # Diffs
 gem 'diffy', '~> 3.0.3'
 
 # Application server
 group :unicorn do
-  gem "unicorn", '~> 4.8.2'
+  gem 'unicorn', '~> 4.9.0'
   gem 'unicorn-worker-killer', '~> 0.4.2'
 end
 
 # State machine
-gem "state_machines-activerecord", '~> 0.3.0'
+gem 'state_machines-activerecord', '~> 0.4.0'
 # Run events after state machine commits
-gem 'after_commit_queue'
+gem 'after_commit_queue', '~> 1.3.0'
 
 # Issue tags
 gem 'acts-as-taggable-on', '~> 3.4'
 
 # Background jobs
-gem 'sinatra', '~> 1.4.4', require: nil
+gem 'sinatra', '~> 1.4.4', require: false
 gem 'sidekiq', '~> 4.0'
 gem 'sidekiq-cron', '~> 0.4.0'
-gem 'redis-namespace'
+gem 'redis-namespace', '~> 1.5.2'
 
 # HTTP requests
-gem "httparty", '~> 0.13.3'
+gem 'httparty', '~> 0.13.3'
 
 # Colored output to console
-gem "colorize", '~> 0.7.0'
+gem 'rainbow', '~> 2.1.0'
 
 # GitLab settings
 gem 'settingslogic', '~> 2.0.9'
@@ -144,7 +156,11 @@ gem 'settingslogic', '~> 2.0.9'
 gem 'version_sorter', '~> 2.0.0'
 
 # Cache
-gem "redis-rails", '~> 4.0.0'
+gem 'redis-rails', '~> 4.0.0'
+
+# Redis
+gem 'redis', '~> 3.2'
+gem 'connection_pool', '~> 2.0'
 
 # Campfire integration
 gem 'tinder', '~> 1.10.0'
@@ -153,13 +169,13 @@ gem 'tinder', '~> 1.10.0'
 gem 'hipchat', '~> 1.5.0'
 
 # Flowdock integration
-gem "gitlab-flowdock-git-hook", "~> 1.0.1"
+gem 'gitlab-flowdock-git-hook', '~> 1.0.1'
 
 # Gemnasium integration
-gem "gemnasium-gitlab-service", "~> 0.2"
+gem 'gemnasium-gitlab-service', '~> 0.2'
 
 # Slack integration
-gem "slack-notifier", "~> 1.2.0"
+gem 'slack-notifier', '~> 1.2.0'
 
 # Asana integration
 gem 'asana', '~> 0.4.0'
@@ -170,24 +186,24 @@ gem 'ruby-fogbugz', '~> 0.2.1'
 # d3
 gem 'd3_rails', '~> 3.5.0'
 
-#cal-heatmap
-gem 'cal-heatmap-rails', '~> 3.5.0'
-
 # underscore-rails
-gem "underscore-rails", "~> 1.8.0"
+gem 'underscore-rails', '~> 1.8.0'
 
 # Sanitize user input
-gem "sanitize", '~> 2.0'
+gem 'sanitize', '~> 2.0'
 gem 'babosa', '~> 1.0.2'
 
 # Sanitizes SVG input
-gem "loofah", "~> 2.0.3"
+gem 'loofah', '~> 2.0.3'
+
+# Working with license
+gem 'licensee', '~> 8.0.0'
 
 # Protect against bruteforcing
-gem "rack-attack", '~> 4.3.1'
+gem 'rack-attack', '~> 4.3.1'
 
 # Ace editor
-gem 'ace-rails-ap', '~> 2.0.1'
+gem 'ace-rails-ap', '~> 4.0.2'
 
 # Keyboard shortcuts
 gem 'mousetrap-rails', '~> 1.4.6'
@@ -195,49 +211,49 @@ gem 'mousetrap-rails', '~> 1.4.6'
 # Detect and convert string character encoding
 gem 'charlock_holmes', '~> 0.7.3'
 
-gem "sass-rails", '~> 5.0.0'
+# Parse duration
-gem "coffee-rails", '~> 4.1.0'
+gem 'chronic_duration', '~> 0.10.6'
-gem "uglifier", '~> 2.7.2'
+
+gem 'sass-rails', '~> 5.0.0'
+gem 'coffee-rails', '~> 4.1.0'
+gem 'uglifier', '~> 2.7.2'
 gem 'turbolinks', '~> 2.5.0'
 gem 'jquery-turbolinks', '~> 2.1.0'
 
 gem 'addressable',        '~> 2.3.8'
 gem 'bootstrap-sass',     '~> 3.3.0'
-gem 'font-awesome-rails', '~> 4.2'
+gem 'font-awesome-rails', '~> 4.6.1'
-gem 'gitlab_emoji',       '~> 0.3.0'
+gem 'gemojione',          '~> 3.0'
 gem 'gon',                '~> 6.0.1'
 gem 'jquery-atwho-rails', '~> 1.3.2'
-gem 'jquery-rails',       '~> 4.0.0'
+gem 'jquery-rails',       '~> 4.1.0'
-gem 'jquery-scrollto-rails', '~> 1.4.3'
 gem 'jquery-ui-rails',    '~> 5.0.0'
-gem 'nprogress-rails',    '~> 0.1.6.7'
+gem 'request_store',      '~> 1.3.0'
-gem 'raphael-rails',      '~> 2.1.2'
-gem 'request_store',      '~> 1.2.0'
 gem 'select2-rails',      '~> 3.5.9'
 gem 'virtus',             '~> 1.0.1'
 gem 'net-ssh',            '~> 3.0.1'
+gem 'base32',             '~> 0.3.0'
 
 # Sentry integration
-gem 'sentry-raven', '~> 0.15'
+gem 'sentry-raven', '~> 1.1.0'
+
+gem 'premailer-rails', '~> 1.9.0'
 
 # Metrics
 group :metrics do
   gem 'allocations', '~> 1.0', require: false, platform: :mri
   gem 'method_source', '~> 0.8', require: false
   gem 'influxdb', '~> 0.2', require: false
-  gem 'connection_pool', '~> 2.0', require: false
 end
 
 group :development do
-  gem "foreman"
+  gem 'foreman', '~> 0.78.0'
-  gem 'brakeman', '~> 3.1.0', require: false
+  gem 'brakeman', '~> 3.3.0', require: false
 
-  gem "annotate", "~> 2.6.0"
+  gem 'letter_opener_web', '~> 1.3.0'
-  gem "letter_opener", '~> 1.1.2'
-  gem 'quiet_assets', '~> 1.0.2'
   gem 'rerun', '~> 0.11.0'
-  gem 'bullet', require: false
+  gem 'bullet', '~> 5.0.0', require: false
-  gem 'rblineprof', platform: :mri, require: false
+  gem 'rblineprof', '~> 0.3.6', platform: :mri, require: false
   gem 'web-console', '~> 2.0'
 
   # Better errors handler
@@ -245,23 +261,25 @@ group :development do
   gem 'binding_of_caller', '~> 0.7.2'
 
   # Docs generator
-  gem "sdoc", '~> 0.3.20'
+  gem 'sdoc', '~> 0.3.20'
 
   # thin instead webrick
-  gem 'thin', '~> 1.6.1'
+  gem 'thin', '~> 1.7.0'
 end
 
 group :development, :test do
-  gem 'byebug', platform: :mri
+  gem 'byebug', '~> 8.2.1', platform: :mri
-  gem 'pry-rails'
+  gem 'pry-rails', '~> 0.3.4'
 
   gem 'awesome_print', '~> 1.2.0', require: false
   gem 'fuubar', '~> 2.0.0'
 
-  gem 'database_cleaner', '~> 1.4.0'
+  gem 'database_cleaner',   '~> 1.4.0'
-  gem 'factory_girl_rails', '~> 4.3.0'
+  gem 'factory_girl_rails', '~> 4.6.0'
-  gem 'rspec-rails',      '~> 3.3.0'
+  gem 'rspec-rails',        '~> 3.5.0'
-  gem 'spinach-rails', '~> 0.2.1'
+  gem 'rspec-retry',        '~> 0.4.5'
+  gem 'spinach-rails',      '~> 0.2.1'
+  gem 'spinach-rerun-reporter', '~> 0.0.2'
 
   # Prevent occasions where minitest is not bundled in packaged versions of ruby (see #3826)
   gem 'minitest', '~> 5.7.0'
@@ -269,26 +287,30 @@ group :development, :test do
   # Generate Fake data
   gem 'ffaker', '~> 2.0.0'
 
-  gem 'capybara',            '~> 2.4.0'
+  gem 'capybara',            '~> 2.6.2'
   gem 'capybara-screenshot', '~> 1.0.0'
-  gem 'poltergeist',         '~> 1.8.1'
+  gem 'poltergeist',         '~> 1.9.0'
 
-  gem 'teaspoon', '~> 1.0.0'
+  gem 'teaspoon', '~> 1.1.0'
   gem 'teaspoon-jasmine', '~> 2.2.0'
 
-  gem 'spring', '~> 1.3.6'
+  gem 'spring',                   '~> 1.7.0'
   gem 'spring-commands-rspec',    '~> 1.0.4'
-  gem 'spring-commands-spinach',  '~> 1.0.0'
+  gem 'spring-commands-spinach',  '~> 1.1.0'
   gem 'spring-commands-teaspoon', '~> 0.0.2'
 
-  gem 'rubocop', '~> 0.35.0', require: false
+  gem 'rubocop', '~> 0.41.2', require: false
-  gem 'coveralls',  '~> 0.8.2', require: false
+  gem 'rubocop-rspec', '~> 1.5.0', require: false
-  gem 'simplecov', '~> 0.10.0', require: false
+  gem 'scss_lint', '~> 0.47.0', require: false
-  gem 'flog', require: false
+  gem 'simplecov', '~> 0.11.0', require: false
-  gem 'flay', require: false
+  gem 'flog', '~> 4.3.2', require: false
-  gem 'bundler-audit', require: false
+  gem 'flay', '~> 2.6.1', require: false
+  gem 'bundler-audit', '~> 0.5.0', require: false
 
-  gem 'benchmark-ips', require: false
+  gem 'benchmark-ips', '~> 2.3.0', require: false
+
+  gem 'license_finder', '~> 2.1.0', require: false
+  gem 'knapsack', '~> 1.11.0'
 end
 
 group :test do
@@ -296,30 +318,36 @@ group :test do
   gem 'email_spec', '~> 1.6.0'
   gem 'webmock', '~> 1.21.0'
   gem 'test_after_commit', '~> 0.4.2'
-  gem 'sham_rack'
+  gem 'sham_rack', '~> 1.3.6'
 end
 
 group :production do
-  gem "gitlab_meta", '7.0'
+  gem 'gitlab_meta', '7.0'
 end
 
-gem "newrelic_rpm", '~> 3.14'
+gem 'newrelic_rpm', '~> 3.14'
 
-gem 'octokit', '~> 3.8.0'
+gem 'octokit', '~> 4.3.0'
 
-gem "mail_room", "~> 0.6.1"
+gem 'mail_room', '~> 0.8'
 
 gem 'email_reply_parser', '~> 0.5.8'
 
 ## CI
-gem 'activerecord-deprecated_finders', '~> 1.0.3'
+gem 'activerecord-session_store', '~> 1.0.0'
-gem 'activerecord-session_store', '~> 0.1.0'
+gem 'nested_form', '~> 0.3.2'
-gem "nested_form", '~> 0.3.2'
 
 # OAuth
-gem 'oauth2', '~> 1.0.0'
+gem 'oauth2', '~> 1.2.0'
 
 # Soft deletion
-gem "paranoia", "~> 2.0"
+gem 'paranoia', '~> 2.0'
+
+# Health check
+gem 'health_check', '~> 2.1.0'
+
+# System information
+gem 'vmstat', '~> 2.1.1'
+gem 'sys-filesystem', '~> 1.1.6'
 
 gem "activerecord-nulldb-adapter"

pkgs/applications/version-management/gitlab/default.nix

@@ -24,20 +24,19 @@ in
 
 stdenv.mkDerivation rec {
   name = "gitlab-${version}";
-  version = "8.5.12";
+  version = "8.10.3";
 
-  buildInputs = [ ruby bundler tzdata git nodejs procps ];
+  buildInputs = [ env ruby bundler tzdata git nodejs procps ];
 
   src = fetchFromGitHub {
     owner = "gitlabhq";
     repo = "gitlabhq";
     rev = "v${version}";
-    sha256 = "144i97ywnr0xgm7gnwnwiy7kk5z1d71ccawl8qdhapz0705993l8";
+    sha256 = "0fhnwrgrpccc2j9wgdmwwi9h1ym3ll97lhmddq0xfzivc302ri3w";
   };
 
   patches = [
     ./remove-hardcoded-locations.patch
-    ./disable-dump-schema-after-migration.patch
     ./nulladapter.patch
   ];
 
@@ -66,9 +65,10 @@ stdenv.mkDerivation rec {
   '';
 
   buildPhase = ''
-    export GEM_HOME=${env}/${ruby.gemPath}
     mv config/gitlab.yml.example config/gitlab.yml
-    GITLAB_DATABASE_ADAPTER=nulldb bundle exec rake assets:precompile RAILS_ENV=production
+    GITLAB_DATABASE_ADAPTER=nulldb \
+      SKIP_STORAGE_VALIDATION=true \
+      rake assets:precompile RAILS_ENV=production
     mv config/gitlab.yml config/gitlab.yml.example
     mv config config.dist
   '';

pkgs/applications/version-management/gitlab/disable-dump-schema-after-migration.patch

@@ -1,11 +0,0 @@
-diff --git a/config/environments/production.rb b/config/environments/production.rb
-index 3316ece..d60566c 100644
---- a/config/environments/production.rb
-+++ b/config/environments/production.rb
-@@ -77,4 +77,6 @@ Gitlab::Application.configure do
-   config.eager_load = true
- 
-   config.allow_concurrency = false
-+
-+  config.active_record.dump_schema_after_migration = false
- end

pkgs/applications/version-management/gitlab/nulladapter.patch

@@ -1,29 +1,70 @@
-index acd1874..f493451 100644
+diff --git a/Gemfile b/Gemfile
+index 92e666c..f97c991 100644
 --- a/Gemfile
 +++ b/Gemfile
-@@ -318,3 +318,5 @@ gem 'oauth2', '~> 1.0.0'
+@@ -117,7 +117,7 @@ gem 'rouge',         '~> 2.0'
  
- # Soft deletion
+ # See https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s
- gem "paranoia", "~> 2.0"
+ # and https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM
+-gem 'nokogiri', '~> 1.6.7', '>= 1.6.7.2'
++gem 'nokogiri', '~> 1.6.7', '>= 1.6.7.2', '< 1.6.8'
+ 
+ # Diffs
+ gem 'diffy', '~> 3.0.3'
+@@ -349,3 +349,5 @@ gem 'health_check', '~> 2.1.0'
+ # System information
+ gem 'vmstat', '~> 2.1.1'
+ gem 'sys-filesystem', '~> 1.1.6'
 +
 +gem "activerecord-nulldb-adapter"
-index 14d2c76..7a010f0 100644
+diff --git a/Gemfile.lock b/Gemfile.lock
+index e2b3d55..23a5454 100644
 --- a/Gemfile.lock
 +++ b/Gemfile.lock
-@@ -34,6 +34,8 @@ GEM
+@@ -32,6 +32,8 @@ GEM
-       activesupport (= 4.2.5.1)
+       activemodel (= 4.2.7)
+       activesupport (= 4.2.7)
        arel (~> 6.0)
-     activerecord-deprecated_finders (1.0.4)
++    activerecord-nulldb-adapter (0.3.3)
-+    activerecord-nulldb-adapter (0.3.2)
 +      activerecord (>= 2.0.0)
-     activerecord-session_store (0.1.2)
+     activerecord-session_store (1.0.0)
-       actionpack (>= 4.0.0, < 5)
+       actionpack (>= 4.0, < 5.1)
-       activerecord (>= 4.0.0, < 5)
+       activerecord (>= 4.0, < 5.1)
-@@ -880,6 +882,7 @@ DEPENDENCIES
+@@ -390,7 +392,7 @@ GEM
-   RedCloth (~> 4.2.9)
+     method_source (0.8.2)
-   ace-rails-ap (~> 2.0.1)
+     mime-types (2.99.2)
-   activerecord-deprecated_finders (~> 1.0.3)
+     mimemagic (0.3.0)
+-    mini_portile2 (2.1.0)
++    mini_portile2 (2.0.0)
+     minitest (5.7.0)
+     mousetrap-rails (1.4.6)
+     multi_json (1.12.1)
+@@ -401,9 +403,8 @@ GEM
+     net-ldap (0.12.1)
+     net-ssh (3.0.1)
+     newrelic_rpm (3.14.1.311)
+-    nokogiri (1.6.8)
+-      mini_portile2 (~> 2.1.0)
+-      pkg-config (~> 1.1.7)
++    nokogiri (1.6.7.2)
++      mini_portile2 (~> 2.0.0.rc2)
+     numerizer (0.1.1)
+     oauth (0.4.7)
+     oauth2 (1.2.0)
+@@ -803,6 +803,7 @@ PLATFORMS
+ DEPENDENCIES
+   RedCloth (~> 4.3.2)
+   ace-rails-ap (~> 4.0.2)
 +  activerecord-nulldb-adapter
-   activerecord-session_store (~> 0.1.0)
+   activerecord-session_store (~> 1.0.0)
    acts-as-taggable-on (~> 3.4)
    addressable (~> 2.3.8)
+@@ -894,7 +895,7 @@ DEPENDENCIES
+   nested_form (~> 0.3.2)
+   net-ssh (~> 3.0.1)
+   newrelic_rpm (~> 3.14)
+-  nokogiri (~> 1.6.7, >= 1.6.7.2)
++  nokogiri (~> 1.6.7, >= 1.6.7.2, < 1.6.8)
+   oauth2 (~> 1.2.0)
+   octokit (~> 4.3.0)
+   omniauth (~> 1.3.1)

pkgs/applications/version-management/gitlab/remove-hardcoded-locations.patch

@@ -1,8 +1,8 @@
 diff --git a/config/environments/production.rb b/config/environments/production.rb
-index 9095266..694a4c5 100644
+index a9d8ac4..85f13f5 100644
 --- a/config/environments/production.rb
 +++ b/config/environments/production.rb
-@@ -67,10 +67,10 @@ Rails.application.configure do
+@@ -70,14 +70,16 @@ Rails.application.configure do
  
    config.action_mailer.delivery_method = :sendmail
    # Defaults to:
@@ -17,11 +17,17 @@ index 9095266..694a4c5 100644
    config.action_mailer.perform_deliveries = true
    config.action_mailer.raise_delivery_errors = true
  
+   config.eager_load = true
+ 
+   config.allow_concurrency = false
++
++  config.active_record.dump_schema_after_migration = false
+ end
 diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
-index 05f127d..6a4ae68 100644
+index 1470a6e..1b2660d 100644
 --- a/config/gitlab.yml.example
 +++ b/config/gitlab.yml.example
-@@ -423,7 +423,7 @@ production: &base
+@@ -476,7 +476,7 @@ production: &base
    # CAUTION!
    # Use the default values unless you really know what you are doing
    git:
@@ -30,6 +36,28 @@ index 05f127d..6a4ae68 100644
      # The next value is the maximum memory size grit can use
      # Given in number of bytes per git object (e.g. a commit)
      # This value can be increased if you have very large commits
+diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb
+index 86f5521..3bf006b 100644
+--- a/config/initializers/1_settings.rb
++++ b/config/initializers/1_settings.rb
+@@ -192,7 +192,7 @@ Settings.gitlab['user']       ||= 'git'
+ Settings.gitlab['user_home']  ||= begin
+   Etc.getpwnam(Settings.gitlab['user']).dir
+ rescue ArgumentError # no user configured
+-  '/home/' + Settings.gitlab['user']
++  '/homeless-shelter'
+ end
+ Settings.gitlab['time_zone'] ||= nil
+ Settings.gitlab['signup_enabled'] ||= true if Settings.gitlab['signup_enabled'].nil?
+@@ -350,7 +350,7 @@ Settings.backup['upload']['encryption'] ||= nil
+ #
+ Settings['git'] ||= Settingslogic.new({})
+ Settings.git['max_size']  ||= 20971520 # 20.megabytes
+-Settings.git['bin_path']  ||= '/usr/bin/git'
++Settings.git['bin_path']  ||= 'git'
+ Settings.git['timeout']   ||= 10
+ 
+ # Important: keep the satellites.path setting until GitLab 9.0 at
 diff --git a/lib/gitlab/logger.rb b/lib/gitlab/logger.rb
 index 59b2114..4f4a39a 100644
 --- a/lib/gitlab/logger.rb
@@ -72,7 +100,7 @@ index be8fcc7..7642d74 100644
    end
  end
 diff --git a/lib/tasks/gitlab/check.rake b/lib/tasks/gitlab/check.rake
-index d59872d..0b8007f 100644
+index 60f4636..157641f 100644
 --- a/lib/tasks/gitlab/check.rake
 +++ b/lib/tasks/gitlab/check.rake
 @@ -223,7 +223,7 @@ namespace :gitlab do
@@ -83,23 +111,22 @@ index d59872d..0b8007f 100644
 +      log_path = ENV["GITLAB_LOG_PATH"]
  
        if File.writable?(log_path)
-         puts "yes".green
+         puts "yes".color(:green)
-@@ -263,10 +263,12 @@ namespace :gitlab do
+@@ -263,10 +263,11 @@ namespace :gitlab do
      def check_uploads
        print "Uploads directory setup correctly? ... "
  
 -      unless File.directory?(Rails.root.join('public/uploads'))
 +      uploads_dir = ENV['GITLAB_UPLOADS_PATH'] || Rails.root.join('public/uploads')
-+
 +      unless File.directory?(uploads_dir)
-         puts "no".red
+         puts "no".color(:red)
          try_fixing_it(
 -          "sudo -u #{gitlab_user} mkdir #{Rails.root}/public/uploads"
 +          "sudo -u #{gitlab_user} mkdir #{uploads_dir}"
          )
          for_more_information(
            see_installation_guide_section "GitLab"
-@@ -275,7 +277,7 @@ namespace :gitlab do
+@@ -275,7 +276,7 @@ namespace :gitlab do
          return
        end