Matching attachments we support with what github supports
What does this MR do and why?
This restricts possible attachments we import from GitHub. Currently, the attachment link is hidden behind GitHub's redirect link (Eg. https://github.com/MaxPIsa/testrepo/assets/142635249/625a76d0-d9e4-4f36-a5e2-e9563d498296). And only by accessing this link, will we know the file attachment extension of the image.
There's no security concern right now as everything GitHub supports we already support: https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/attaching-files
Screenshots or screen recordings
The URLs of attachments that are not supported are not changed. In the screenshot, the https://github.com/MaxPIsa/publicImagesRepo/assets/142635249/5ff826ef-1ddd-4c43-a3e2-94414b42fc00 url links to an attachment that's not supported.
Before | After |
---|---|
How to set up and validate locally
- Create an image attachment on GitHub's issue or Pull Request
- Manually change
gitlab/lib/gitlab/github_import/attachments_downloader#MEDIA_TYPE_EXTENSIONS
and remove one eg (.jpg) - Import to Gitlab using https://docs.gitlab.com/ee/user/project/import/github.html
- Ensure copy markdown file checkbox is enabled
- When importing, the image with the extension you removed in step 2 only has its url in the markdown. It doesn't upload the file to gitlab nor does it edit the url link
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.