Restrict a file to being edited in gitlab (.gitlab-ci.yml) - file

as you know We have a file for gitlab ci configuration named '.gitlab-ci.yml'
and this file shouldn't be edited by any developers so I decided to avoid developers to edit it.
the thing is gitlab said you can lock file to being edited but the prerequirement of this action is to have a premium account.
what can I do when I haven't premium account?
do you have any idea to lock a file to being edited?

Check if you have access to a Push Rule feature, which is a kind of pre-receive hook.
Or you can set a pre-receive hook if your GitLab server is on-premise.
In both cases, you can list the files being pushed in that hook, and fails if one of them is .gitlab-ci.yml.

As of today, the official way (~workaround~) for this seems to be creating a different repository for the .yml file with more restrict permissions and then referencing that .yml file from your project:
A .gitlab-ci.yml may contain rules to deploy an application to the production server. This deployment usually runs automatically after pushing a merge request. To prevent developers from changing the .gitlab-ci.yml, you can define it in a different repository. The configuration can reference a file in another project with a completely different set of permissions (similar to separating a project for deployments). In this scenario, the .gitlab-ci.yml is publicly accessible, but can only be edited by users with appropriate permissions in the other project.
https://docs.gitlab.com/ee/ci/environments/deployment_safety.html#protect-gitlab-ciyml-from-change
Also, there is a discussion on this matter here:
https://gitlab.com/gitlab-org/gitlab/-/issues/15632

Related

After configuring a Manifest for an App Registration in AzureAD, I am unable to save the Manifest

I am an owner of an App Registration in AzureAD. The SAVE button is greyed out when I try to save the manifest. I am able to get an error if I upload the manifest. The error is generic, "Failed to save manifest." I am looking for a troubleshooting path. I will not turn down solutions either.
I've added myself as an Application Administrator, but it didn't work.
It depends on what you modified.
Please double-check the content comparison before and after the modification to locate the properties that may be problematic.
When you try to upload a previously downloaded manifest, you may see the above error. This is likely because the manifest editor now supports a newer version of the schema, which doesn't match with the one you're trying to upload. We recommend try the following.
1.Edit the attributes individually in the manifest editor instead of uploading a previously downloaded manifest. Use the manifest reference table to understand the syntax and semantics of old and new attributes so that you can successfully edit the attributes you're interested in.
2.If your workflow requires you to save the manifests in your source repository for use later, we suggest rebasing the saved manifests in your repository with the one you see in the App registrations experience.
Here is a similar SO thread you could refer to.

Google App boto file stored in inappropriate directory

I installed Google Cloud SDK and it dumped a .boto file directory in to the My Documents folder (e.g. C:\Users\John) which is a wildly inappropriate location. I do see many instances of the boto file in the Python files, a couple of dozens of instances / examples:
return os.path.join(self.LegacyCredentialsDir(account), '.boto')
os.path.expanduser(os.path.join('~', '.boto')),
Where do I go to change the path to something appropriate? An appropriate path would be something such as C:\Users\John\AppData\Roaming\gcloud\.boto in example.
At the top of the file:
This file contains credentials and other configuration information needed
by the boto library, used by gsutil. You can edit this file (e.g., to add
credentials) but be careful not to mis-edit any of the variable names (like
"gs_access_key_id") or remove important markers (like the "[Credentials]" and
"[Boto]" section delimiters).
[Credentials]
Google OAuth2 credentials are managed by the Cloud SDK and
do not need to be present in this file.
To add HMAC google credentials for "gs://" URIs, edit and uncomment the
following two lines:
The latest versions of Boto don't seem to be a great fit for App Engine. I ran into this issue about a year ago, and I don't remember all of the details, but I avoided Boto3 and stuck with Boto 2.47 and that worked well for me.
For my use case, I only needed help with SES. If you need many other AWS services then YMMV.

What files make one Wordpress site different from another

Migrating wordpress sites between hosts can take a lot of time, especially when the hosting platforms are different.
I have been trying to migrate my sites from Cpanel to Mediatemple, but it seems like im just not getting it right.
There is various options
Use the guide they provide
https://kb.mediatemple.net/questions/1556/Migrating+your+websites+to+the+Grid#gs
When moving the files in this way the permissions of the files are not set properly and I would have to got back through them and figure out which ones need to change.
The database export from PHPMyAdmin also does not look the same it looks in the screenshot
Using InfiniteWP
To use InfiniteWP you must provide the url of the site and since I dont want to change the DNS until the site is moved this option does not seems to be ideal.
This option might work if its ok for the sites to be unavailable for a day or so while the DNS resolves...
But I don't want the sites to be unavailable
Using Mediatemples "one click apps" to install wordpress and then moving only the files that are unique to the site from the old host to the new host.
I would like to use this option
I think that the content of the WP-Content folder needs to be moved that the database needs to be moved.
My question is
- what folders and files in a standard wordpress install typically hardly ever changes from one site to the other.
- can I use the wordpress database export and import function to move the database from one site to the other.
Any help will be appreciated
Thank you
With InfiniteWP, you can use the clone an existing site command (which can be found in "Tool"->"Install / Clone WP") to migrate a site to a new server.
You have to use a temporary (sub)domain pointing to the new server.
To answer your questions :
/wp-content/ stores all your files and sometimes plugin files, wp-config.php is where your configuration is stored (e.g. credentials to access the database). Depending on your servers, the .htaccess files may be different.
I would recommend to create a dump file of your entire database using phpMyAdmin.

File is not creating on heroku using cakephp

I tried to make a file on heroku using PHP code:
$fh = fopen("../DownloadFiles/".$filename,'a');
fwrite($fh,$s);
but the file has not been created and it is not showing any error. Please help.
This should work just fine, but are you aware that if you're running multiple dynos, that file will exist only on the dyno that served that one request, and not on all the others?
Also, Dynos restart every 24 hours, and their state is reset every time you push a change to Heroku, so you cannot store persistent information on them; that's called an ephemeral filesystem.
You could, for instance, store uploaded files on Amazon S3, like described in the docs: https://devcenter.heroku.com/articles/s3-upload-php
Two remarks about your original issue:
you're probably running an old version of CakePHP which mangles all internal PHP error handling and writes it out to a log file (if you're lucky), so you can't see anything in heroku logs, and it's not possible to configure it otherwise; upgrade to a more recent version that lets you log to streams and then use php://stderr as the destination
in general, if you want to write to a file in PHP, you can just do file_put_contents($filename, $contents)...
Does the DownloadFiles folder exist in the deployment? Node fs gives error if the directory is not found. You can add a snippet to check if dir exists and if not then create. You can use fs.exists and fs.mkdir.
For more info http://nodejs.org/api/fs.html

Exporting a Typo3 site bit by bit

(edit: I'm leaving all the mistaken assumptions in just in case someone else makes the same mistakes)
I have an ancient Typo3 3.8.1 site on a remote server. I don't have access to that server, and the team in charge of maintaining the site doesn't know who to contact to get access to the server. I do have the admin rights on that site, though. (edit: no I don't. oops.)
This is what I see in the (not) admin menu:
I'm not sure if this version supports extensions, I can't find an extension manager anywhere. (because I'm not an admin)
I want to export the site so I can host it on a server on my own domain instead. The problem is the export file is too large, I can't download it. Will I destroy the directory structure if I export a bunch of pages at a time?
If you have admin access to the backend you can try to install Quixplorer - file manager. Using it you can try to zip folders in the main directory ie. (typo3, typo3conf, fileadmin etc) one by one and download them via browser.
It's important to download and remove typo3conf.zip from the server as soon as possible, cause it contains sensitive data.
Additionally you can also install PhpMyAdmin extension (search in repository) i you haven't other MySQL client.
Edit:
If you can't use Quixplorer the only way is... to write own extension and upload it via Extension Manager, there you'll need to try perform primitive file system operations like:
(PHP)
system('zip -R t3c.zip typo3conf/');
Sometimes the server allows more memory and execution_time that the T3D Export. So, if you can change PHP files on that server, try to change typo3/sysext/impexp/class.tx_impexp.php - search for ini_set and change that settings. If the server allows, you can then create bigger t3d-files.
And you could try some shell-extensions to get hands on that server:
http://typo3.org/extensions/repository/view/phpshell
http://typo3.org/extensions/repository/view/mw_shell
http://typo3.org/extensions/repository/view/shell
But to answer your initial question: you can crate a couple of T3D-files and import them again. Just force uid if you import them - and install all needed extensions first!

Resources