diff options
author | Kamil TrzciĆski <ayufan@ayufan.eu> | 2019-04-04 15:00:56 +0000 |
---|---|---|
committer | Sean McGivern <sean@gitlab.com> | 2019-04-04 15:00:56 +0000 |
commit | 8a833c720e91c7b4d764e85c30e3be18ee5221fd (patch) | |
tree | 54b714d8a8f18f6e6f0f8f5da56fae5203f002e8 /doc/ci/yaml/README.md | |
parent | 7926384ff32b9ad8833dcfffc9bb87d036c4bd21 (diff) | |
download | gitlab-ce-8a833c720e91c7b4d764e85c30e3be18ee5221fd.tar.gz |
Allow to use untrusted Regexp via feature flag
This brings support for untrusted regexp for 'only:refs:' when
enabled via feature flag: alllow_unsafe_ruby_regexp.
This is by default disabled, and should not be used in production
Diffstat (limited to 'doc/ci/yaml/README.md')
-rw-r--r-- | doc/ci/yaml/README.md | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/doc/ci/yaml/README.md b/doc/ci/yaml/README.md index e75f7050a09..686d36c50ee 100644 --- a/doc/ci/yaml/README.md +++ b/doc/ci/yaml/README.md @@ -414,6 +414,27 @@ job: only: ['branches', 'tags'] ``` +### Supported `only`/`except` regexp syntax + +CAUTION: **Warning:** +This is a breaking change that was introduced with GitLab 11.9.4. + +In GitLab 11.9.4, GitLab begun internally converting regexp used +in `only` and `except` parameters to [RE2](https://github.com/google/re2/wiki/Syntax). + +This means that only subset of features provided by [Ruby Regexp](https://ruby-doc.org/core/Regexp.html) +is supported. [RE2](https://github.com/google/re2/wiki/Syntax) limits the set of features +provided due to computational complexity, which means some features became unavailable in GitLab 11.9.4. +For example, negative lookaheads. + +For GitLab versions from 11.9.7 and up to GitLab 12.0, GitLab provides a feature flag that can be +enabled by administrators that allows users to use unsafe regexp syntax. This brings compatibility +with previously allowed syntax version and allows users to gracefully migrate to the new syntax. + +```ruby +Feature.enable(:allow_unsafe_ruby_regexp) +``` + ### `only`/`except` (advanced) > - `refs` and `kubernetes` policies introduced in GitLab 10.0. |