feat: add secure flag to gitlab config #1129
Conversation
lib/plugin/gitlab/GitLab.js
Outdated
| certificateAuthority: certificateAuthorityFile ? fs.readFileSync(certificateAuthorityFile) : undefined, | ||
| rejectUnauthorized: typeof secure === 'boolean' ? secure : undefined | ||
| }; | ||
| const https = _.merge({}, httpsOptions); |
There was a problem hiding this comment.
Looks like we don't need this intermediate step?
There was a problem hiding this comment.
That's correct, we don't really need it. My idea here was to use lodash merge because it remove keys with undefined values, so we wouldn't end up setting https to an empty object, which was what the code was doing before. But I can remove this line.
Regarding testing, I tried to find a test using CA certificates, but couldn't find one, so I skipped it. Or do you mean just a unit test to check if the options passed to the Gitlab plugin are correct?
There was a problem hiding this comment.
That's correct, we don't really need it. My idea here was to use lodash merge because it remove keys with undefined values, so we wouldn't end up setting
httpsto an empty object, which was what the code was doing before. But I can remove this line.
Thanks, merge is not descriptive towards that end, but let's just keep it then.
Regarding testing, I tried to find a test using CA certificates, but couldn't find one, so I skipped it. Or do you mean just a unit test to check if the options passed to the Gitlab plugin are correct?
Just the latter!
test/gitlab.js
Outdated
There was a problem hiding this comment.
I decided to do multiple checks inside the same test, because they are fairly simple, but I can also split them into multiple tests if you prefer.
There was a problem hiding this comment.
Cool! Or use blocks: https://www.webpro.nl/scraps/javascript-block-statement :)
|
🚀 This pull request is included in v17.6.0. See Release 17.6.0 for release notes. |
|
Thanks @vonBrax! |
This PR adds a new flag to the gitlab config options:
secure.If the value of this flag is not
undefined, it will be forward to https request library (got), which in turn also forwards it to node'shttps.requestmethod as therejectUnauthorizedflag.The
rejectUnauthorizedflag istrueby default. When its value isfalse, it allows node to make https requests to servers without verifying the server certificate against the list of trusted CA's.The goal of this PR is to reduce the effort to create gitlab releases for teams working with self-hosted private gitlab instances, skipping the need of having to pass CA certificates around.
Fix: #1125