Add latest changes from gitlab-org/gitlab@master

3 files changed, 40 insertions, 7 deletions

diff --git a/lib/gitlab/checks/push_file_count_check.rb b/lib/gitlab/checks/push_file_count_check.rb
new file mode 100644
index 00000000000..288a7e0d41a
--- /dev/null
+++ b/lib/gitlab/checks/push_file_count_check.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module Checks
+    class PushFileCountCheck < BaseChecker
+      attr_reader :repository, :newrev, :limit, :logger
+
+      LOG_MESSAGES = {
+        diff_content_check: "Validating diff contents being single file..."
+      }.freeze
+
+      ERROR_MESSAGES = {
+        upper_limit: "The repository can contain at most %{limit} file(s).",
+        lower_limit: "The repository must contain at least 1 file."
+      }.freeze
+
+      def initialize(change, repository:, limit:, logger:)
+        @repository = repository
+        @newrev = change[:newrev]
+        @limit = limit
+        @logger = logger
+      end
+
+      def validate!
+        file_count = repository.ls_files(newrev).size
+
+        if file_count > limit
+          raise ::Gitlab::GitAccess::ForbiddenError, ERROR_MESSAGES[:upper_limit] % { limit: limit }
+        end
+
+        if file_count == 0
+          raise ::Gitlab::GitAccess::ForbiddenError, ERROR_MESSAGES[:lower_limit]
+        end
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/checks/snippet_check.rb b/lib/gitlab/checks/snippet_check.rb
index 8bb6c576204..bcecd0fc251 100644
--- a/lib/gitlab/checks/snippet_check.rb
+++ b/lib/gitlab/checks/snippet_check.rb
@@ -20,14 +20,11 @@ module Gitlab
         @logger.append_message("Running checks for ref: #{@branch_name || @tag_name}")
       end
 
-      def exec
+      def validate!
         if creation? || deletion?
           raise GitAccess::ForbiddenError, ERROR_MESSAGES[:create_delete_branch]
         end
 
-        # TODO: https://gitlab.com/gitlab-org/gitlab/issues/205628
-        # Check operation will not result in more than one file in the repository
-
         true
       end
 
diff --git a/lib/gitlab/git_access_snippet.rb b/lib/gitlab/git_access_snippet.rb
index 5817b17164e..87399f8d07f 100644
--- a/lib/gitlab/git_access_snippet.rb
+++ b/lib/gitlab/git_access_snippet.rb
@@ -97,9 +97,8 @@ module Gitlab
     end
 
     def check_single_change_access(change)
-      change_access = Checks::SnippetCheck.new(change, logger: logger)
-
-      change_access.exec
+      Checks::SnippetCheck.new(change, logger: logger).validate!
+      Checks::PushFileCountCheck.new(change, repository: repository, limit: Snippet::MAX_FILE_COUNT, logger: logger).validate!
     rescue Checks::TimedLogger::TimeoutError
       raise TimeoutError, logger.full_message
     end