Skip to content

Feat/gitlab adapter clone#86

Merged
eldadfux merged 2 commits intoutopia-php:mainfrom
jaysomani:feat/gitlab-adapter-clone
Apr 10, 2026
Merged

Feat/gitlab adapter clone#86
eldadfux merged 2 commits intoutopia-php:mainfrom
jaysomani:feat/gitlab-adapter-clone

Conversation

@jaysomani
Copy link
Copy Markdown
Contributor

@jaysomani jaysomani commented Apr 7, 2026

No description provided.

@jaysomani jaysomani force-pushed the feat/gitlab-adapter-clone branch from 81676d3 to d8036b8 Compare April 9, 2026 11:45
@jaysomani jaysomani marked this pull request as ready for review April 9, 2026 12:07
@chatgpt-codex-connector
Copy link
Copy Markdown

chatgpt-codex-connector bot commented Apr 9, 2026

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

@greptile-apps
Copy link
Copy Markdown

greptile-apps bot commented Apr 9, 2026
edited
Loading

Greptile Summary

This PR adds generateCloneCommand, getLatestCommit, getCommit, createTag, and createFile to the GitLab adapter, along with integration tests for each. The two previously flagged issues — shell injection via unescaped $version in the tag clone path and the misuse of limit instead of per_page in the commits API — are both resolved in this revision.

Confidence Score: 5/5

Safe to merge; all remaining findings are P2 suggestions with no blocking defects.

Both previously flagged issues are addressed. The implementation closely mirrors the existing GitHub adapter. The only open finding is a test coverage gap (tag/commit clone paths are not executed end-to-end), which is a P2 improvement rather than a correctness problem.

tests/VCS/Adapter/GitLabTest.php — consider adding exec-based assertions for tag and commit-hash clone tests.

Vulnerabilities

No new security concerns identified. The previously reported shell injection in CLONE_TYPE_TAG (raw $version interpolated into the git refspec) has been fixed — the code now uses $tagName = escapeshellarg($version). The access token is embedded in the clone URL via urlencode, which is consistent with the GitHub adapter and expected for this use case.

Important Files Changed

Filename Overview
src/VCS/Adapter/Git/GitLab.php Adds generateCloneCommand, getLatestCommit, getCommit, createTag, and createFile; fixes shell injection in CLONE_TYPE_TAG by using escapeshellarg result, and switches commits API to per_page=1. Logic mirrors the GitHub adapter closely.
tests/VCS/Adapter/GitLabTest.php Adds integration tests for all new methods; branch clone is fully executed end-to-end, but tag and commit-hash clone tests only validate the command string without executing it.

Reviews (2): Last reviewed commit: "fix: shell injection in CLONE_TYPE_TAG a..." | Re-trigger Greptile

greptile-apps[bot]
greptile-apps bot reviewed Apr 9, 2026
View reviewed changes
@eldadfux eldadfux merged commit 86e397d into utopia-php:main Apr 10, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

@eldadfux eldadfux eldadfux approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jaysomani @eldadfux