We have our repositories hosted on GitLab and mirrored into Diffusion. I have a Herald rule setup for a particular repository which adds me as an auditor to any commit that wasn't reviewed or authored by myself. In the past month, there have been a handful (maybe 5?) audits that I have received a notification for which were triggered for a commit with no branch, no tag and a refs/keep-around/${COMMIT_HASH} reference.
I've never heard of refs/keep-around, but it seems that GitLab uses it to ensure that certain commits aren't garbage collection. From the GitLab source code:
app/models/repository.rb
def keep_around(sha) return unless sha && commit(sha) return if kept_around?(sha) # This will still fail if the file is corrupted (e.g. 0 bytes) begin rugged.references.create(keep_around_ref_name(sha), sha, force: true) rescue Rugged::ReferenceError => ex Rails.logger.error "Unable to create keep-around reference for repository #{path}: #{ex}" rescue Rugged::OSError => ex raise unless ex.message =~ /Failed to create locked file/ && ex.message =~ /File exists/ Rails.logger.error "Unable to create keep-around reference for repository #{path}: #{ex}" end end def kept_around?(sha) ref_exists?(keep_around_ref_name(sha)) end # ... def keep_around_ref_name(sha) "refs/keep-around/#{sha}" end
Would it be reasonable to prevent these refs from being imported into Diffusion? If so, I can submit a diff.