root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2023-05-12 03:13:21 +00:00
parent 4e65fc3589
commit 0466f3a162
45 changed files with 365 additions and 403 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
.gitlab/ci/qa-common/main.gitlab-ci.yml
View File

@ -223,17 +223,14 @@ stages:
- .qa-install
- .ruby-image
stage: report
variables:
QA_TESTCASE_SESSIONS_PROJECT: gitlab-org/quality/testcase-sessions
QA_RSPEC_JSON_FILE_PATTERN: $CI_PROJECT_DIR/gitlab-qa-run-*/**/rspec-*.json
GITLAB_QA_ACCESS_TOKEN: $QA_TEST_SESSION_TOKEN
GITLAB_CI_API_TOKEN: $QA_GITLAB_CI_TOKEN
when: always
script:
- |
bundle exec gitlab-qa-report \
--generate-test-session "$QA_RSPEC_JSON_FILE_PATTERN" \
--project "$QA_TESTCASE_SESSIONS_PROJECT"
bundle exec generate-test-session \
--input-files "${CI_PROJECT_DIR}/gitlab-qa-run-*/**/rspec-*.json" \
--project "gitlab-org/quality/testcase-sessions" \
--token "${QA_TEST_SESSION_TOKEN}" \
--ci-project-token "${GENERATE_TEST_SESSION_READ_API_REPORTER_TOKEN}" > REPORT_ISSUE_URL
artifacts:
when: always
expire_in: 1d

1
.rubocop_todo/sidekiq_load_balancing/worker_data_consistency.yml
View File

@ -92,7 +92,6 @@ SidekiqLoadBalancing/WorkerDataConsistency:
- 'app/workers/dependency_proxy/cleanup_dependency_proxy_worker.rb'
- 'app/workers/dependency_proxy/cleanup_manifest_worker.rb'
- 'app/workers/dependency_proxy/image_ttl_group_policy_worker.rb'
- 'app/workers/deployments/drop_older_deployments_worker.rb'
- 'app/workers/deployments/link_merge_request_worker.rb'
- 'app/workers/deployments/update_environment_worker.rb'
- 'app/workers/design_management/copy_design_collection_worker.rb'

39
app/assets/stylesheets/framework/common.scss
View File

@ -5,6 +5,9 @@
--top-bar-height: 0px;
--system-footer-height: 0px;
--mr-review-bar-height: 0px;
--application-bar-left: 0px;
--application-bar-right: 0px;
}
.with-performance-bar {
@ -27,6 +30,42 @@
--mr-review-bar-height: #{$mr-review-bar-height};
}
@include media-breakpoint-up(md) {
.page-with-contextual-sidebar {
--application-bar-left: #{$contextual-sidebar-collapsed-width};
}
.right-sidebar-collapsed {
--application-bar-right: #{$gutter-collapsed-width};
&.is-merge-request {
--application-bar-right: 0px;
}
}
.right-sidebar-expanded {
--application-bar-right: #{$gutter-width};
}
}
@include media-breakpoint-up(xl) {
.page-with-contextual-sidebar {
--application-bar-left: #{$contextual-sidebar-width};
}
.page-with-icon-sidebar {
--application-bar-left: #{$contextual-sidebar-collapsed-width};
}
.page-with-super-sidebar {
--application-bar-left: #{$super-sidebar-width};
}
.page-with-super-sidebar-collapsed {
--application-bar-left: 0px;
}
}
/** COLORS **/
.cgray { color: $gl-text-color; }
.clgray { color: $gray-200; }

32
app/assets/stylesheets/framework/header.scss
View File

@ -317,42 +317,22 @@ $search-input-field-x-min-width: 200px;
}
.top-bar-fixed {
@include gl-inset-border-b-1-gray-100;
background-color: $body-bg;
left: 0;
left: var(--application-bar-left);
position: fixed;
right: 0;
right: var(--application-bar-right);
top: $calc-application-bars-height;
width: auto;
z-index: $top-bar-z-index;
@include gl-inset-border-b-1-gray-100;
.breadcrumbs-list {
@include media-breakpoint-down(xs) {
flex-wrap: nowrap;
}
}
@media (prefers-reduced-motion: no-preference) {
transition: left $gl-transition-duration-medium, right $gl-transition-duration-medium;
}
@include media-breakpoint-up(md) {
.right-sidebar-collapsed & {
right: $gutter-collapsed-width;
}
.right-sidebar-expanded & {
right: $gutter-width;
}
}
@include media-breakpoint-up(xl) {
.page-with-super-sidebar & {
left: $super-sidebar-width;
}
.page-with-super-sidebar-collapsed & {
left: 0;
.breadcrumbs-list {
@include media-breakpoint-down(xs) {
flex-wrap: nowrap;
}
}
}

10
app/assets/stylesheets/framework/sidebar.scss
View File

@ -56,7 +56,7 @@
z-index: $zindex-dropdown-menu;
&.right-sidebar-merge-requests {
width: 300px;
width: $gutter-width;
@include media-breakpoint-up(md) {
z-index: auto;
@ -319,7 +319,7 @@
@include right-sidebar;
top: calc(#{$header-height} + #{$calc-application-bars-height});
@include media-breakpoint-down(sm) {
@include media-breakpoint-down(md) {
z-index: 251;
}
}
@ -327,9 +327,13 @@
&.right-sidebar-merge-requests {
@include media-breakpoint-down(md) {
@include right-sidebar;
top: $calc-application-header-height;
top: calc(#{$header-height} + #{$calc-application-bars-height});
z-index: 251;
}
@include media-breakpoint-down(sm) {
top: $calc-application-header-height;
}
}
a:not(.btn) {

26
app/assets/stylesheets/page_bundles/merge_requests.scss
View File

@ -964,7 +964,7 @@ $tabs-holder-z-index: 250;
.merge-request-overview {
@include media-breakpoint-up(lg) {
display: grid;
grid-template-columns: calc(97% - 285px) auto;
grid-template-columns: calc(97% - #{$gutter-width}) auto;
grid-gap: 3%;
}
}
@ -1081,30 +1081,6 @@ $tabs-holder-z-index: 250;
box-shadow: 0 1px 4px rgba($gray-300, 0.4);
}
.page-with-contextual-sidebar .merge-request-sticky-header {
--width: calc(100% - #{$contextual-sidebar-width});
@include media-breakpoint-down(lg) {
--width: calc(100% - #{$contextual-sidebar-collapsed-width});
}
}
.page-with-icon-sidebar .issue-sticky-header {
--width: calc(100% - #{$contextual-sidebar-collapsed-width});
}
.page-with-super-sidebar .merge-request-sticky-header {
@include media-breakpoint-up(xl) {
--width: calc(100% - #{$super-sidebar-width});
}
}
.page-with-super-sidebar-collapsed .merge-request-sticky-header {
@include media-breakpoint-up(xl) {
--width: 100%;
}
}
.merge-request-notification-toggle {
.gl-toggle {
@include gl-ml-auto;

83
app/assets/stylesheets/pages/issues.scss
View File

@ -250,16 +250,10 @@ ul.related-merge-requests > li gl-emoji {
}
.issue-sticky-header {
--width: 100%;
@include gl-left-0;
width: var(--width);
left: var(--application-bar-left);
right: var(--application-bar-right);
width: auto;
top: $calc-application-header-height;
// collapsed right sidebar
@include media-breakpoint-up(sm) {
--width: calc(100% - #{$gutter-collapsed-width});
}
}
.limit-container-width {
@ -268,77 +262,6 @@ ul.related-merge-requests > li gl-emoji {
}
}
@include media-breakpoint-up(md) {
// collapsed left sidebar + collapsed right sidebar
.page-with-contextual-sidebar .issue-sticky-header {
left: $contextual-sidebar-collapsed-width;
--width: calc(100% - #{$contextual-sidebar-collapsed-width} - #{$gutter-collapsed-width});
}
// collapsed left sidebar + expanded right sidebar
.page-with-contextual-sidebar.right-sidebar-expanded .issue-sticky-header {
--width: calc(100% - #{$contextual-sidebar-collapsed-width} - #{$gutter-width});
}
// collapsed super sidebar + collapsed right sidebar
.page-with-super-sidebar .issue-sticky-header {
--width: calc(100% - #{$gutter-collapsed-width});
}
// collapsed super sidebar + expanded right sidebar
.page-with-super-sidebar.right-sidebar-expanded .issue-sticky-header {
--width: calc(100% - #{$gutter-width});
}
}
@include media-breakpoint-up(xl) {
// expanded left sidebar + collapsed right sidebar
.page-with-contextual-sidebar .issue-sticky-header {
left: $contextual-sidebar-width;
--width: calc(100% - #{$contextual-sidebar-width} - #{$gutter-collapsed-width});
}
// collapsed left sidebar + collapsed right sidebar
.page-with-icon-sidebar .issue-sticky-header {
left: $contextual-sidebar-collapsed-width;
--width: calc(100% - #{$contextual-sidebar-collapsed-width} - #{$gutter-collapsed-width});
}
// expanded left sidebar + expanded right sidebar
.page-with-contextual-sidebar.right-sidebar-expanded .issue-sticky-header {
--width: calc(100% - #{$contextual-sidebar-width} - #{$gutter-width});
}
// collapsed left sidebar + expanded right sidebar
.page-with-contextual-sidebar.right-sidebar-expanded.page-with-icon-sidebar .issue-sticky-header {
--width: calc(100% - #{$contextual-sidebar-collapsed-width} - #{$gutter-width});
}
// expanded super sidebar + collapsed right sidebar
.page-with-super-sidebar .issue-sticky-header {
left: $super-sidebar-width;
--width: calc(100% - #{$super-sidebar-width} - #{$gutter-collapsed-width});
}
// collapsed super sidebar + collapsed right sidebar
.page-with-super-sidebar-collapsed .issue-sticky-header {
left: 0;
--width: calc(100% - #{$gutter-collapsed-width});
}
// expanded super sidebar + expanded right sidebar
.page-with-super-sidebar.right-sidebar-expanded .issue-sticky-header {
left: $super-sidebar-width;
--width: calc(100% - #{$super-sidebar-width} - #{$gutter-width});
}
// collapsed super sidebar + expanded right sidebar
.page-with-super-sidebar-collapsed.right-sidebar-expanded .issue-sticky-header {
left: 0;
--width: calc(100% - #{$gutter-width});
}
}
.issuable-header-slide-enter-active,
.issuable-header-slide-leave-active {
@include gl-transition-medium;

19
app/assets/stylesheets/startup/startup-dark.scss
View File

@ -635,6 +635,25 @@ html {
.with-top-bar {
--top-bar-height: 48px;
}
@media (min-width: 768px) {
.page-with-contextual-sidebar {
--application-bar-left: 56px;
}
}
@media (min-width: 1200px) {
.page-with-contextual-sidebar {
--application-bar-left: 256px;
}
.page-with-icon-sidebar {
--application-bar-left: 56px;
}
.page-with-super-sidebar {
--application-bar-left: 256px;
}
.page-with-super-sidebar-collapsed {
--application-bar-left: 0px;
}
}
.gl-font-sm {
font-size: 12px;
}

19
app/assets/stylesheets/startup/startup-general.scss
View File

@ -635,6 +635,25 @@ html {
.with-top-bar {
--top-bar-height: 48px;
}
@media (min-width: 768px) {
.page-with-contextual-sidebar {
--application-bar-left: 56px;
}
}
@media (min-width: 1200px) {
.page-with-contextual-sidebar {
--application-bar-left: 256px;
}
.page-with-icon-sidebar {
--application-bar-left: 56px;
}
.page-with-super-sidebar {
--application-bar-left: 256px;
}
.page-with-super-sidebar-collapsed {
--application-bar-left: 0px;
}
}
.gl-font-sm {
font-size: 12px;
}

9
app/workers/all_queues.yml
View File

@ -930,15 +930,6 @@
:weight: 3
:idempotent: true
:tags: []
- :name: deployment:deployments_drop_older_deployments
:worker_name: Deployments::DropOlderDeploymentsWorker
:feature_category: :continuous_delivery
:has_external_dependencies: false
:urgency: :low
:resource_boundary: :unknown
:weight: 3
:idempotent: false
:tags: []
- :name: deployment:deployments_hooks
:worker_name: Deployments::HooksWorker
:feature_category: :continuous_delivery

16
app/workers/deployments/drop_older_deployments_worker.rb
View File

@ -1,16 +0,0 @@
# frozen_string_literal: true
module Deployments
class DropOlderDeploymentsWorker # rubocop:disable Scalability/IdempotentWorker
include ApplicationWorker
data_consistency :always
sidekiq_options retry: 3
queue_namespace :deployment
feature_category :continuous_delivery
def perform(deployment_id); end
end
end

8
config/feature_flags/development/ci_enforce_rate_limits_jobs_api.yml
View File

@ -1,8 +0,0 @@
---
name: ci_enforce_rate_limits_jobs_api
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/104912
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/384186
milestone: '15.7'
type: development
group: group::pipeline execution
default_enabled: false

8
config/feature_flags/development/instance_streaming_audit_events.yml Normal file
View File

@ -0,0 +1,8 @@
---
name: instance_streaming_audit_events
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/119008
rollout_issue_url:
milestone: '16.0'
type: development
group: group::compliance
default_enabled: false

23
data/deprecations/16-0-deprecate-omnibus-grafana.yml Normal file
View File

@ -0,0 +1,23 @@
- title: "Bundled Grafana deprecated and disabled"
removal_milestone: "16.3"
announcement_milestone: "16.0"
breaking_change: true
reporter: twk3
stage: Enablement
issue_url: https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/7772
body: | # (required) Do not modify this line, instead modify the lines below.
The version of [Grafana bundled with Omnibus GitLab](https://docs.gitlab.com/omnibus/settings/grafana.html) is
disabled in 16.0 and will be removed in 16.3.
If you are using the bundled Grafana, you must migrate to either:
- Another implementation of Grafana. For more information, see
[Switch to new Grafana instance](https://docs.gitlab.com/ee/administration/monitoring/performance/grafana_configuration.html#switch-to-new-grafana-instance).
- Another observability platform of your choice.
The version of Grafana that is currently provided is no longer a supported version.
In GitLab versions 16.0 to 16.2, you can still [re-enable the bundled Grafana](https://docs.gitlab.com/ee/administration/monitoring/performance/grafana_configuration.html#temporary-workaround).
However, enabling the bundled Grafana will no longer work from GitLab 16.3.
end_of_support_milestone: 16.3
tiers: # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
documentation_url: https://docs.gitlab.com/omnibus/settings/grafana.html

16
data/removals/16_0/16-0-gitlab-com-importer.yml Normal file
View File

@ -0,0 +1,16 @@
- title: "GitLab.com importer"
announcement_milestone: "15.8"
removal_milestone: "16.0"
breaking_change: false
reporter: m_frankiewicz
stage: Manage
issue_url: https://gitlab.com/gitlab-com/Product/-/issues/4895
body: |
The [GitLab.com importer](https://docs.gitlab.com/ee/user/project/import/gitlab_com.html) was deprecated in GitLab 15.8 and is removed in GitLab 16.0.
The GitLab.com importer was introduced in 2015 for importing a project from GitLab.com to a self-managed GitLab instance through the UI.
This feature was available on self-managed instances only. [Migrating GitLab groups and projects by direct transfer](https://docs.gitlab.com/ee/user/group/import/#migrate-groups-by-direct-transfer-recommended)
supersedes the GitLab.com importer and provides a more cohesive importing functionality.
See [migrated group items](https://docs.gitlab.com/ee/user/group/import/#migrated-group-items) and [migrated project items](https://docs.gitlab.com/ee/user/group/import/#migrated-project-items) for an overview.

25
data/removals/16_0/16-0-import-bare-repositories-rake-task.yml Normal file
View File

@ -0,0 +1,25 @@
- title: "Rake task for importing bare repositories"
announcement_milestone: "15.8"
removal_milestone: "16.0"
breaking_change: false
reporter: m_frankiewicz
stage: Manage
issue_url: https://gitlab.com/gitlab-com/Product/-/issues/5255
body: |
The [Rake task for importing bare repositories](https://docs.gitlab.com/ee/raketasks/import.html) `gitlab:import:repos` was deprecated in GitLab 15.8 and is removed in GitLab 16.0.
This Rake task imported a directory tree of repositories into a GitLab instance. These repositories must have been
managed by GitLab previously, because the Rake task relied on the specific directory structure or a specific custom Git setting in order to work (`gitlab.fullpath`).
Importing repositories using this Rake task had limitations. The Rake task:
- Only knew about project and project wiki repositories and didn't support repositories for designs, group wikis, or snippets.
- Permitted you to import non-hashed storage projects even though these aren't supported.
- Relied on having Git config `gitlab.fullpath` set. [Epic 8953](https://gitlab.com/groups/gitlab-org/-/epics/8953) proposes removing support for this setting.
Alternatives to using the `gitlab:import:repos` Rake task include:
- Migrating projects using either [an export file](https://docs.gitlab.com/ee/user/project/settings/import_export.html) or
[direct transfer](https://docs.gitlab.com/ee/user/group/import/#migrate-groups-by-direct-transfer-recommended) migrate repositories as well.
- Importing a [repository by URL](https://docs.gitlab.com/ee/user/project/import/repo_by_url.html).
- Importing a [repositories from a non-GitLab source](https://docs.gitlab.com/ee/user/project/import/).

12
data/removals/16_0/16-0-restrict-imports-to-maintainers-and-above.yml Normal file
View File

@ -0,0 +1,12 @@
- title: "Developer role providing the ability to import projects to a group"
announcement_milestone: "15.8"
removal_milestone: "16.0"
breaking_change: true
reporter: m_frankiewicz
stage: Manage
issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/387891
body: |
The ability for users with the Developer role for a group to import projects to that group was deprecated in GitLab
15.8 and is removed in GitLab 16.0.
From GitLab 16.0, only users with at least the Maintainer role for a group can import projects to that group.

16
db/migrate/20230509144234_delete_drop_older_deployments_worker_queues.rb Normal file
View File

@ -0,0 +1,16 @@
# frozen_string_literal: true
class DeleteDropOlderDeploymentsWorkerQueues < Gitlab::Database::Migration[2.1]
DEPRECATED_JOB_CLASSES = %w[
Deployments::DropOlderDeploymentsWorker
]
disable_ddl_transaction!
def up
sidekiq_remove_jobs(job_klasses: DEPRECATED_JOB_CLASSES)
end
def down
# This migration removes any instances of deprecated workers and cannot be undone.
end
end

1
db/schema_migrations/20230509144234 Normal file
View File

@ -0,0 +1 @@
8c6d6a8d77dac3291f8af00e61c5ce0124c0742d0009f84b0d5bab7b43024bbe

3
doc/administration/raketasks/github_import.md
View File

@ -20,8 +20,7 @@ before/after the brackets. Also, some shells (for example, Zsh) can interpret th
Prerequisite:
- At least the Maintainer role on the destination group to import to. Using the Developer role for this purpose was
[deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/387891) in GitLab 15.8 and will be removed in GitLab 16.0.
- At least the Maintainer role on the destination group to import to.
## Rate limit

4
doc/api/import.md
View File

@ -19,9 +19,7 @@ Prerequisites:
- [Prerequisites for GitHub importer](../user/project/import/github.md#prerequisites).
- The namespace set in `target_namespace` must exist.
- The namespace can be your user namespace or an existing group that you have at least the Maintainer role for. Using
the Developer role for this purpose was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/387891) in GitLab
15.8 and will be removed in GitLab 16.0.
- The namespace can be your user namespace or an existing group that you have at least the Maintainer role for.
```plaintext
POST /import/github

150
doc/api/managed_licenses.md
View File

@ -2,148 +2,16 @@
stage: Fulfillment
group: Utilization
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
remove_date: '2023-08-22'
redirect_to: 'index.md'
---
# Managed Licenses API (deprecated) **(ULTIMATE)**
# Managed Licenses API (removed) **(ULTIMATE)**
WARNING:
This feature was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/390417) in GitLab 15.9.
This feature was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/390417) in GitLab 15.9
and [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/397067) in 16.0.
WARNING:
"approval" and "blacklisted" approval statuses are changed to "allowed" and "denied" in GitLab 15.0.
## List managed licenses
Get all managed licenses for a given project.
```plaintext
GET /projects/:id/managed_licenses
```
| Attribute | Type | Required | Description |
| --------- | ------- | -------- | --------------------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the project](rest/index.md#namespaced-path-encoding) |
```shell
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/1/managed_licenses"
```
Example response:
```json
[
{
"id": 1,
"name": "MIT",
"approval_status": "allowed"
},
{
"id": 3,
"name": "ISC",
"approval_status": "denied"
}
]
```
## Show an existing managed license
Shows an existing managed license.
```plaintext
GET /projects/:id/managed_licenses/:managed_license_id
```
| Attribute | Type | Required | Description |
| --------------- | ------- | --------------------------------- | ------------------------------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the project](rest/index.md#namespaced-path-encoding) owned by the authenticated user |
| `managed_license_id` | integer/string | yes | The ID or URL-encoded name of the license belonging to the project |
```shell
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/1/managed_licenses/6"
```
Example response:
```json
{
"id": 1,
"name": "MIT",
"approval_status": "denied"
}
```
## Create a new managed license
Creates a new managed license for the given project with the given name and approval status.
```plaintext
POST /projects/:id/managed_licenses
```
| Attribute | Type | Required | Description |
| ------------- | ------- | -------- | ---------------------------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the project](rest/index.md#namespaced-path-encoding) owned by the authenticated user |
| `name` | string | yes | The name of the managed license |
| `approval_status` | string | yes | The approval status of the license. "allowed" or "denied". |
```shell
curl --data "name=MIT&approval_status=denied" --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/1/managed_licenses"
```
Example response:
```json
{
"id": 1,
"name": "MIT",
"approval_status": "allowed"
}
```
## Delete a managed license
Deletes a managed license with a given ID.
```plaintext
DELETE /projects/:id/managed_licenses/:managed_license_id
```
| Attribute | Type | Required | Description |
| --------- | ------- | -------- | --------------------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the project](rest/index.md#namespaced-path-encoding) owned by the authenticated user |
| `managed_license_id` | integer/string | yes | The ID or URL-encoded name of the license belonging to the project |
```shell
curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/1/managed_licenses/4"
```
When successful, it replies with an HTTP 204 response.
## Edit an existing managed license
Updates an existing managed license with a new approval status.
```plaintext
PATCH /projects/:id/managed_licenses/:managed_license_id
```
| Attribute | Type | Required | Description |
| --------------- | ------- | --------------------------------- | ------------------------------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the project](rest/index.md#namespaced-path-encoding) owned by the authenticated user |
| `managed_license_id` | integer/string | yes | The ID or URL-encoded name of the license belonging to the project |
| `approval_status` | string | yes | The approval status of the license. "allowed" or "denied". |
```shell
curl --request PATCH --data "approval_status=denied" \
--header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/1/managed_licenses/6"
```
Example response:
```json
{
"id": 1,
"name": "MIT",
"approval_status": "denied"
}
```
<!-- This redirect file can be deleted after <2023-08-22>. -->
<!-- Redirects that point to other docs in the same project expire in three months. -->
<!-- Redirects that point to docs in a different project or site (link is not relative and starts with `https:`) expire in one year. -->
<!-- Before deletion, see: https://docs.gitlab.com/ee/development/documentation/redirects.html -->

12
doc/api/project_import_export.md
View File

@ -146,12 +146,12 @@ POST /projects/import
| Attribute | Type | Required | Description |
| ----------- | -------------- | -------- | ---------------------------------------- |
| `file` | string | yes | The file to be uploaded.
| `path` | string | yes | Name and path for new project.
| `name` | string | no | The name of the project to be imported. Defaults to the path of the project if not provided.
| `namespace` | integer or string | no | The ID or path of the namespace to import the project to. Defaults to the current user's namespace.<br/><br/> Requires at least the Maintainer role on the destination group to import to. Using the Developer role for this purpose was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/387891) in GitLab 15.8 and is scheduled for removal in GitLab 16.0.
| `override_params` | Hash | no | Supports all fields defined in the [Project API](projects.md).
| `overwrite` | boolean | no | If there is a project with the same path the import overwrites it. Defaults to `false`.
| `file` | string | yes | The file to be uploaded. |
| `path` | string | yes | Name and path for new project. |
| `name` | string | no | The name of the project to be imported. Defaults to the path of the project if not provided. |
| `namespace` | integer or string | no | The ID or path of the namespace to import the project to. Defaults to the current user's namespace.<br/><br/> Requires at least the Maintainer role on the destination group to import to. |
| `override_params` | Hash | no | Supports all fields defined in the [Project API](projects.md). |
| `overwrite` | boolean | no | If there is a project with the same path the import overwrites it. Defaults to `false`. |
The override parameters passed take precedence over all values defined inside the export file.

9
doc/security/rate_limits.md
View File

@ -138,13 +138,6 @@ The **rate limit** is 20 calls per minute per IP address.
### Project Jobs API endpoint
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/104912) in GitLab 15.7 [with a flag](../administration/feature_flags.md) named `ci_enforce_rate_limits_jobs_api`. Disabled by default.
FLAG:
On self-managed GitLab, by default this feature is not available. To make it available,
ask an administrator to [enable the feature flag](../administration/feature_flags.md) named `ci_enforce_rate_limits_jobs_api`.
The feature is not ready for production use.
There is a rate limit for the endpoint `project/:id/jobs`, which is enforced to reduce timeouts when retrieving jobs.
The **rate limit** is 600 calls per minute per authenticated user.
@ -202,7 +195,7 @@ To remove a blocked IP:
keys *rack::attack*
```
By default, the [`keys` command is disabled](https://docs.gitlab.com/omnibus/settings/redis.html#renamed-commands).
By default, the [`keys` command is disabled](https://docs.gitlab.com/omnibus/settings/redis.html#renamed-commands).
1. Optionally, add [the IP to the allowlist](https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-rack-attack)
to prevent it being denylisted again.

31
doc/update/deprecations.md
View File

@ -728,6 +728,37 @@ be available in CI/CD jobs.
</div>
</div>
<div class="milestone-wrapper" data-milestone="16.3">
## GitLab 16.3
<div class="deprecation breaking-change" data-milestone="16.3">
### Bundled Grafana deprecated and disabled
<div class="deprecation-notes">
- Announced in: GitLab <span class="milestone">16.0</span>
- End of Support: GitLab <span class="milestone">16.3</span>
- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/7772).
</div>
The version of [Grafana bundled with Omnibus GitLab](https://docs.gitlab.com/omnibus/settings/grafana.html) is
disabled in 16.0 and will be removed in 16.3.
If you are using the bundled Grafana, you must migrate to either:
- Another implementation of Grafana. For more information, see
[Switch to new Grafana instance](https://docs.gitlab.com/ee/administration/monitoring/performance/grafana_configuration.html#switch-to-new-grafana-instance).
- Another observability platform of your choice.
The version of Grafana that is currently provided is no longer a supported version.
In GitLab versions 16.0 to 16.2, you can still [re-enable the bundled Grafana](https://docs.gitlab.com/ee/administration/monitoring/performance/grafana_configuration.html#temporary-workaround).
However, enabling the bundled Grafana will no longer work from GitLab 16.3.
</div>
</div>
<div class="milestone-wrapper" data-milestone="16.1">
## GitLab 16.1

42
doc/update/removals.md
View File

@ -122,6 +122,17 @@ Review the details carefully before upgrading.
The Container Registry [pull-through cache](https://docs.docker.com/registry/recipes/mirror/) was deprecated in GitLab 15.8 and removed in GitLab 16.0. This feature is part of the upstream [Docker Distribution project](https://github.com/distribution/distribution) but we are removing that code in favor of the GitLab Dependency Proxy. Use the GitLab Dependency Proxy to proxy and cache container images from Docker Hub.
### Developer role providing the ability to import projects to a group
WARNING:
This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
Review the details carefully before upgrading.
The ability for users with the Developer role for a group to import projects to that group was deprecated in GitLab
15.8 and is removed in GitLab 16.0.
From GitLab 16.0, only users with at least the Maintainer role for a group can import projects to that group.
### Embedding Grafana panels in Markdown is removed
WARNING:
@ -156,6 +167,17 @@ Review the details carefully before upgrading.
GitLab administrators can no longer perform actions on protected branches or tags unless they have been explicitly granted that permission. These actions include pushing and merging into a [protected branch](https://docs.gitlab.com/ee/user/project/protected_branches.html), unprotecting a branch, and creating [protected tags](https://docs.gitlab.com/ee/user/project/protected_tags.html).
### GitLab.com importer
The [GitLab.com importer](https://docs.gitlab.com/ee/user/project/import/gitlab_com.html) was deprecated in GitLab 15.8 and is removed in GitLab 16.0.
The GitLab.com importer was introduced in 2015 for importing a project from GitLab.com to a self-managed GitLab instance through the UI.
This feature was available on self-managed instances only. [Migrating GitLab groups and projects by direct transfer](https://docs.gitlab.com/ee/user/group/import/#migrate-groups-by-direct-transfer-recommended)
supersedes the GitLab.com importer and provides a more cohesive importing functionality.
See [migrated group items](https://docs.gitlab.com/ee/user/group/import/#migrated-group-items) and [migrated project items](https://docs.gitlab.com/ee/user/group/import/#migrated-project-items) for an overview.
### GraphQL API: Runner status no longer returns `PAUSED` and `ACTIVE` values
WARNING:
@ -253,6 +275,26 @@ is removed in favor of more specialized fields like:
- `infrastructure_access_level`
- `monitor_access_level`
### Rake task for importing bare repositories
The [Rake task for importing bare repositories](https://docs.gitlab.com/ee/raketasks/import.html) `gitlab:import:repos` was deprecated in GitLab 15.8 and is removed in GitLab 16.0.
This Rake task imported a directory tree of repositories into a GitLab instance. These repositories must have been
managed by GitLab previously, because the Rake task relied on the specific directory structure or a specific custom Git setting in order to work (`gitlab.fullpath`).
Importing repositories using this Rake task had limitations. The Rake task:
- Only knew about project and project wiki repositories and didn't support repositories for designs, group wikis, or snippets.
- Permitted you to import non-hashed storage projects even though these aren't supported.
- Relied on having Git config `gitlab.fullpath` set. [Epic 8953](https://gitlab.com/groups/gitlab-org/-/epics/8953) proposes removing support for this setting.
Alternatives to using the `gitlab:import:repos` Rake task include:
- Migrating projects using either [an export file](https://docs.gitlab.com/ee/user/project/settings/import_export.html) or
[direct transfer](https://docs.gitlab.com/ee/user/group/import/#migrate-groups-by-direct-transfer-recommended) migrate repositories as well.
- Importing a [repository by URL](https://docs.gitlab.com/ee/user/project/import/repo_by_url.html).
- Importing a [repositories from a non-GitLab source](https://docs.gitlab.com/ee/user/project/import/).
### Redis 5 compatibility
WARNING:

4
doc/user/group/import/index.md
View File

@ -107,9 +107,7 @@ To migrate groups by direct transfer:
- For GitLab 15.0 and earlier source instances, the personal access token must have both the `api` and
`read_repository` scopes.
- You must have the Owner role on the source group to migrate from.
- You must have at least the Maintainer role on the destination group to migrate to. Using the Developer role for this
purpose was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/387891) in GitLab 15.8 and will be removed in
GitLab 16.0.
- You must have at least the Maintainer role on the destination group to migrate to.
### Prepare user accounts

3
doc/user/project/import/bitbucket.md
View File

@ -38,8 +38,7 @@ When importing:
to enable it. The Bitbucket Cloud integration is enabled by default on GitLab.com.
- [Bitbucket Cloud import source](../../admin_area/settings/visibility_and_access_controls.md#configure-allowed-import-sources) must be enabled. If not enabled, ask your
GitLab administrator to enable it. The Bitbucket Cloud import source is enabled by default on GitLab.com.
- At least the Maintainer role on the destination group to import to. Using the Developer role for this purpose was
[deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/387891) in GitLab 15.8 and will be removed in GitLab 16.0.
- At least the Maintainer role on the destination group to import to.
## How it works

3
doc/user/project/import/bitbucket_server.md
View File

@ -34,8 +34,7 @@ You can import Bitbucket repositories to GitLab.
- [Bitbucket Server import source](../../admin_area/settings/visibility_and_access_controls.md#configure-allowed-import-sources)
must be enabled. If not enabled, ask your GitLab administrator to enable it. The Bitbucket Server import source is enabled
by default on GitLab.com.
- At least the Maintainer role on the destination group to import to. Using the Developer role for this purpose was
[deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/387891) in GitLab 15.8 and will be removed in GitLab 16.0.
- At least the Maintainer role on the destination group to import to.
### Import repositories

3
doc/user/project/import/fogbugz.md
View File

@ -22,8 +22,7 @@ users.
- [FogBugz import source](../../admin_area/settings/visibility_and_access_controls.md#configure-allowed-import-sources)
must be enabled. If not enabled, ask your GitLab administrator to enable it. The FogBugz import source is enabled
by default on GitLab.com.
- At least the Maintainer role on the destination group to import to. Using the Developer role for this purpose was
[deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/387891) in GitLab 15.8 and will be removed in GitLab 16.0.
- At least the Maintainer role on the destination group to import to.
## Import project from FogBugz

3
doc/user/project/import/gitea.md
View File

@ -35,8 +35,7 @@ on the issue about the original Gitea author.
- [Gitea import source](../../admin_area/settings/visibility_and_access_controls.md#configure-allowed-import-sources)
must be enabled. If not enabled, ask your GitLab administrator to enable it. The Gitea import source is enabled
by default on GitLab.com.
- At least the Maintainer role on the destination group to import to. Using the Developer role for this purpose was
[deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/387891) in GitLab 15.8 and will be removed in GitLab 16.0.
- At least the Maintainer role on the destination group to import to.
## Import your Gitea repositories

4
doc/user/project/import/github.md
View File

@ -43,9 +43,7 @@ To import projects from GitHub:
- [GitHub import source](../../admin_area/settings/visibility_and_access_controls.md#configure-allowed-import-sources)
must be enabled. If not enabled, ask your GitLab administrator to enable it. The GitHub import source is enabled
by default on GitLab.com.
- You must have at least the Maintainer role on the destination group to import to. Using the Developer role for this
purpose was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/387891) in GitLab 15.8 and will be removed in
GitLab 16.0.
- You must have at least the Maintainer role on the destination group to import to.
- Each GitHub author and assignee in the repository must have a
[public-facing email address](https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/setting-your-commit-email-address)
on GitHub that matches their GitLab email address (regardless of how the account was created). If their email address

3
doc/user/project/import/manifest.md
View File

@ -24,8 +24,7 @@ repositories like the Android Open Source Project (AOSP).
by default on GitLab.com.
- GitLab must use PostgreSQL for its database, because [subgroups](../../group/subgroups/index.md) are needed for the manifest import
to work. Read more about the [database requirements](../../../install/requirements.md#database).
- At least the Maintainer role on the destination group to import to. Using the Developer role for this purpose was
[deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/387891) in GitLab 15.8 and will be removed in GitLab 16.0.
- At least the Maintainer role on the destination group to import to.
## Manifest format

3
doc/user/project/import/repo_by_url.md
View File

@ -15,8 +15,7 @@ You can import your existing repositories by providing the Git URL.
- [Repository by URL import source](../../admin_area/settings/visibility_and_access_controls.md#configure-allowed-import-sources)
must be enabled. If not enabled, ask your GitLab administrator to enable it. The Repository by URL import source is enabled
by default on GitLab.com.
- At least the Maintainer role on the destination group to import to. Using the Developer role for this purpose was
[deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/387891) in GitLab 15.8 and will be removed in GitLab 16.0.
- At least the Maintainer role on the destination group to import to.
## Import project by URL

3
doc/user/project/settings/import_export.md
View File

@ -203,8 +203,7 @@ may be possible for an attacker to steal your sensitive data.
- Compare GitLab versions and ensure you are importing to a GitLab version that is the same or later
than the GitLab version you exported to.
- Review [compatibility](#compatibility) for any issues.
- At least the Maintainer role on the destination group to migrate to. Using the Developer role for this purpose was
[deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/387891) in GitLab 15.8 and will be removed in GitLab 16.0.
- At least the Maintainer role on the destination group to migrate to.
### Import a project

2
lib/api/ci/jobs.rb
View File

@ -49,7 +49,7 @@ module API
end
# rubocop: disable CodeReuse/ActiveRecord
get ':id/jobs', urgency: :low, feature_category: :continuous_integration do
check_rate_limit!(:jobs_index, scope: current_user) if enforce_jobs_api_rate_limits(@project)
check_rate_limit!(:jobs_index, scope: current_user)
authorize_read_builds!

4
lib/api/helpers.rb
View File

@ -167,10 +167,6 @@ module API
current_authenticated_job.project == project
end
def enforce_jobs_api_rate_limits(project)
::Feature.enabled?(:ci_enforce_rate_limits_jobs_api, project)
end
# rubocop: disable CodeReuse/ActiveRecord
def find_group(id)
if id.to_s =~ INTEGER_ID_REGEX

28
lib/gitlab/ci/templates/Pages/Zola.gitlab-ci.yml Normal file
View File

@ -0,0 +1,28 @@
# To contribute improvements to CI/CD templates, please follow the Development guide at:
# https://docs.gitlab.com/ee/development/cicd/templates.html
# This specific template is located at:
# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Pages/Zola.gitlab-ci.yml
---
# From: https://www.getzola.org/documentation/deployment/gitlab-pages/
# Source template is slightly modified to be self-contained
pages:
image: alpine:latest
variables:
# This variable will ensure that the CI runner pulls in your theme from the submodule
GIT_SUBMODULE_STRATEGY: recursive
before_script:
# Install the zola package from the alpine community repositories
- apk add --update-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/community/ zola
script:
# Execute zola build
- zola build --base-url "$CI_PAGES_URL"
artifacts:
paths:
# Path of our artifacts
- public
# This config will only publish changes that are pushed on the default branch
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
environment: production

2
qa/Gemfile
View File

@ -3,7 +3,7 @@
source 'https://rubygems.org'
gem 'gitlab-qa', '~> 10', '>= 10.3.0', require: 'gitlab/qa'
gem 'gitlab_quality-test_tooling', '~> 0.2.2', require: false
gem 'gitlab_quality-test_tooling', '~> 0.3.0', require: false
gem 'activesupport', '~> 6.1.7.2' # This should stay in sync with the root's Gemfile
gem 'allure-rspec', '~> 2.20.0'
gem 'capybara', '~> 3.39.0'

4
qa/Gemfile.lock
View File

@ -111,7 +111,7 @@ GEM
rainbow (>= 3, < 4)
table_print (= 1.5.7)
zeitwerk (>= 2, < 3)
gitlab_quality-test_tooling (0.2.2)
gitlab_quality-test_tooling (0.3.0)
activesupport (~> 6.1)
gitlab (~> 4.18.0)
http (~> 5.0)
@ -328,7 +328,7 @@ DEPENDENCIES
fog-core (= 2.1.0)
fog-google (~> 1.19)
gitlab-qa (~> 10, >= 10.3.0)
gitlab_quality-test_tooling (~> 0.2.2)
gitlab_quality-test_tooling (~> 0.3.0)
influxdb-client (~> 2.9)
knapsack (~> 4.0)
nokogiri (~> 1.14, >= 1.14.3)

25
spec/lib/gitlab/ci/templates/Pages/zola_gitlab_ci_yaml_spec.rb Normal file
View File

@ -0,0 +1,25 @@
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe 'Pages/Zola.gitlab-ci.yml', feature_category: :pages do
subject(:template) { Gitlab::Template::GitlabCiYmlTemplate.find('Pages/Zola') }
describe 'the created pipeline' do
let_it_be(:project) { create(:project, :repository) }
let(:user) { project.first_owner }
let(:service) { Ci::CreatePipelineService.new(project, user, ref: project.default_branch) }
let(:pipeline) { service.execute(:push).payload }
let(:build_names) { pipeline.builds.pluck(:name) }
before do
stub_ci_pipeline_yaml_file(template.content)
allow(Ci::BuildScheduleWorker).to receive(:perform).and_return(true)
end
it 'creates "pages" job' do
expect(build_names).to include('pages')
end
end
end

7
spec/models/deployment_spec.rb
View File

@ -170,13 +170,6 @@ RSpec.describe Deployment, feature_category: :continuous_delivery do
deployment.run!
end
end
it 'does not execute Deployments::DropOlderDeploymentsWorker' do
expect(Deployments::DropOlderDeploymentsWorker)
.not_to receive(:perform_async).with(deployment.id)
deployment.run!
end
end
context 'when deployment succeeded' do

38
spec/requests/api/ci/jobs_spec.rb
View File

@ -546,40 +546,18 @@ RSpec.describe API::Ci::Jobs, feature_category: :continuous_integration do
describe 'GET /projects/:id/jobs rate limited' do
let(:query) { {} }
context 'with the ci_enforce_rate_limits_jobs_api feature flag on' do
before do
stub_feature_flags(ci_enforce_rate_limits_jobs_api: true)
allow_next_instance_of(Gitlab::ApplicationRateLimiter::BaseStrategy) do |strategy|
threshold = Gitlab::ApplicationRateLimiter.rate_limits[:jobs_index][:threshold]
allow(strategy).to receive(:increment).and_return(threshold + 1)
end
get api("/projects/#{project.id}/jobs", api_user), params: query
before do
allow_next_instance_of(Gitlab::ApplicationRateLimiter::BaseStrategy) do |strategy|
threshold = Gitlab::ApplicationRateLimiter.rate_limits[:jobs_index][:threshold]
allow(strategy).to receive(:increment).and_return(threshold + 1)
end
it 'enforces rate limits for the endpoint' do
expect(response).to have_gitlab_http_status :too_many_requests
expect(json_response['message']['error']).to eq('This endpoint has been requested too many times. Try again later.')
end
get api("/projects/#{project.id}/jobs", api_user), params: query
end
context 'with the ci_enforce_rate_limits_jobs_api feature flag off' do
before do
stub_feature_flags(ci_enforce_rate_limits_jobs_api: false)
allow_next_instance_of(Gitlab::ApplicationRateLimiter::BaseStrategy) do |strategy|
threshold = Gitlab::ApplicationRateLimiter.rate_limits[:jobs_index][:threshold]
allow(strategy).to receive(:increment).and_return(threshold + 1)
end
get api("/projects/#{project.id}/jobs", api_user), params: query
end
it 'makes a successful request' do
expect(response).to have_gitlab_http_status(:ok)
expect(response).to include_limited_pagination_headers
end
it 'enforces rate limits for the endpoint' do
expect(response).to have_gitlab_http_status :too_many_requests
expect(json_response['message']['error']).to eq('This endpoint has been requested too many times. Try again later.')
end
end

1
spec/support/rspec_order_todo.yml
View File

@ -10072,7 +10072,6 @@
- './spec/workers/dependency_proxy/cleanup_manifest_worker_spec.rb'
- './spec/workers/dependency_proxy/image_ttl_group_policy_worker_spec.rb'
- './spec/workers/deployments/archive_in_project_worker_spec.rb'
- './spec/workers/deployments/drop_older_deployments_worker_spec.rb'
- './spec/workers/deployments/hooks_worker_spec.rb'
- './spec/workers/deployments/link_merge_request_worker_spec.rb'
- './spec/workers/deployments/update_environment_worker_spec.rb'

1
spec/workers/every_sidekiq_worker_spec.rb
View File

@ -205,7 +205,6 @@ RSpec.describe 'Every Sidekiq worker', feature_category: :shared do
'DependencyProxy::CleanupBlobWorker' => 3,
'DependencyProxy::CleanupManifestWorker' => 3,
'Deployments::AutoRollbackWorker' => 3,
'Deployments::DropOlderDeploymentsWorker' => 3,
'Deployments::FinishedWorker' => 3,
'Deployments::ForwardDeploymentWorker' => 3,
'Deployments::LinkMergeRequestWorker' => 3,