root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2022-09-12 06:13:23 +00:00
parent 721529ce18
commit 04cc67da3e
17 changed files with 163 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
app/assets/javascripts/merge_requests/components/sticky_header.vue
View File

@ -35,6 +35,7 @@ export default {
projectPath: { default: null },
title: { default: '' },
tabs: { default: () => [] },
isFluidLayout: { default: false },
},
data() {
return {
@ -94,6 +95,7 @@ export default {
>
<div
class="issue-sticky-header-text gl-display-flex gl-flex-direction-column gl-align-items-center gl-mx-auto gl-px-5"
:class="{ 'gl-max-w-container-xl': !isFluidLayout }"
>
<div class="gl-w-full gl-display-flex gl-align-items-center">
<status-box :initial-state="getNoteableData.state" issuable-type="merge_request" />
@ -143,7 +145,12 @@ export default {
:key="tab[0]"
:class="{ active: activeTab === tab[0] }"
>
<gl-link :href="tab[2]" :data-action="tab[0]" class="gl-outline-0!" @click="visitTab">
<gl-link
:href="tab[2]"
:data-action="tab[0]"
class="gl-outline-0! gl-py-4!"
@click="visitTab"
>
{{ tab[1] }}
<gl-badge variant="muted" size="sm">
<template v-if="index === 0 && discussionCounter !== 0">

4
app/assets/javascripts/pages/projects/merge_requests/show/index.js
View File

@ -6,6 +6,7 @@ import initMrNotes from '~/mr_notes';
import store from '~/mr_notes/stores';
import initSidebarBundle from '~/sidebar/sidebar_bundle';
import { apolloProvider } from '~/graphql_shared/issuable_client';
import { parseBoolean } from '~/lib/utils/common_utils';
import initShow from '../init_merge_request_show';
import getStateQuery from '../queries/get_state.query.graphql';
@ -21,7 +22,7 @@ requestIdleCallback(() => {
if (el) {
const { data } = el.dataset;
const { iid, projectPath, title, tabs } = JSON.parse(data);
const { iid, projectPath, title, tabs, isFluidLayout } = JSON.parse(data);
// eslint-disable-next-line no-new
new Vue({
@ -34,6 +35,7 @@ requestIdleCallback(() => {
projectPath,
title,
tabs,
isFluidLayout: parseBoolean(isFluidLayout),
},
render(h) {
return h(StickyHeader);

1
app/assets/stylesheets/page_bundles/merge_requests.scss
View File

@ -826,6 +826,7 @@ $tabs-holder-z-index: 250;
.merge-request-sticky-header {
z-index: 204;
box-shadow: 0 1px 2px $issue-boards-card-shadow;
--width: calc(100% - #{$contextual-sidebar-width});
@include media-breakpoint-down(lg) {

1
app/helpers/merge_requests_helper.rb
View File

@ -262,6 +262,7 @@ module MergeRequestsHelper
iid: @merge_request.iid,
projectPath: @project.full_path,
title: markdown_field(@merge_request, :title),
isFluidLayout: fluid_layout.to_s,
tabs: [
['show', _('Overview'), project_merge_request_path(@project, @merge_request), @merge_request.related_notes.user.count],
['commits', _('Commits'), commits_project_merge_request_path(@project, @merge_request), @commits_count],

16
data/deprecations/15-4-non-expiring-access-tokens.yml
View File

@ -6,12 +6,20 @@
breaking_change: true
reporter: hsutor
body: | # Do not modify this line, instead modify the lines below.
Currently, you can create access tokens that have no expiration date. These access tokens are valid indefinitely, which presents a security risk if the access token is
divulged. Because expiring access tokens are better, from GitLab 15.3 we [populate a default expiration date](https://gitlab.com/gitlab-org/gitlab/-/issues/348660).
Access tokens that have no expiration date are valid indefinitely, which presents a security risk if the access token
is divulged. Because access tokens that have an exipiration date are better, from GitLab 15.3 we
[populate a default expiration date](https://gitlab.com/gitlab-org/gitlab/-/issues/348660).
In GitLab 16.0, any personal, project, or group access token that does not have an expiration date will automatically have an expiration date set at one year.
In GitLab 16.0, any [personal](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html),
[project](https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html), or
[group](https://docs.gitlab.com/ee/user/group/settings/group_access_tokens.html) access token that does not have an
expiration date will automatically have an expiration date set at one year.
We recommend giving your tokens an expiration date in line with your company's security policies before the default is applied in GitLab 16.0.
We recommend giving your access tokens an expiration date in line with your company's security policies before the
default is applied:
- On GitLab.com during the 16.0 milestone.
- On GitLab self-managed instances when they are upgraded to 16.0.
stage: Manage
tiers: [Free, Premium, Ultimate]
issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/369122

20
doc/integration/mattermost/index.md
View File

@ -140,7 +140,7 @@ mattermost['gitlab_user_api_endpoint'] = "http://gitlab.example.com/api/v4/user"
Save the changes and then run `sudo gitlab-ctl reconfigure`. If there are no errors your GitLab and GitLab Mattermost should be configured correctly.
### Specify numeric user and group identifiers
## Specify numeric user and group identifiers
Omnibus GitLab creates a user and group `mattermost`. You can specify the
numeric identifiers for these users in `/etc/gitlab/gitlab.rb` as follows:
@ -152,7 +152,7 @@ mattermost['gid'] = 1234
Run `sudo gitlab-ctl reconfigure` to apply the changes.
### Setting custom environment variables
## Setting custom environment variables
If necessary you can set custom environment variables to be used by Mattermost
via `/etc/gitlab/gitlab.rb`. This can be useful if the Mattermost server
@ -165,7 +165,7 @@ mattermost['env'] = {"HTTP_PROXY" => "my_proxy", "HTTPS_PROXY" => "my_proxy", "N
Run `sudo gitlab-ctl reconfigure` to apply the changes.
### Connecting to the bundled PostgreSQL database
## Connecting to the bundled PostgreSQL database
If you need to connect to the bundled PostgreSQL database and are using the default Omnibus GitLab database configuration, you can connect as
the PostgreSQL superuser:
@ -174,14 +174,14 @@ the PostgreSQL superuser:
sudo gitlab-psql -d mattermost_production
```
### Back up GitLab Mattermost
## Back up GitLab Mattermost
GitLab Mattermost is not included in the regular [Omnibus GitLab backup](../../raketasks/backup_restore.md) Rake task.
The general Mattermost [backup and disaster recovery](https://docs.mattermost.com/deploy/backup-disaster-recovery.html) documentation can be used as a guide
on what needs to be backed up.
#### Back up the bundled PostgreSQL database
### Back up the bundled PostgreSQL database
If you need to back up the bundled PostgreSQL database and are using the default Omnibus GitLab database configuration, you can back up using this command:
@ -189,7 +189,7 @@ If you need to back up the bundled PostgreSQL database and are using the default
sudo -i -u gitlab-psql -- /opt/gitlab/embedded/bin/pg_dump -h /var/opt/gitlab/postgresql mattermost_production | gzip > mattermost_dbdump_$(date --rfc-3339=date).sql.gz
```
#### Back up the `data` directory and `config.json`
### Back up the `data` directory and `config.json`
Mattermost has a `data` directory and `config.json` file that need to be backed up as well:
@ -197,7 +197,7 @@ Mattermost has a `data` directory and `config.json` file that need to be backed
sudo tar -zcvf mattermost_data_$(date --rfc-3339=date).gz -C /var/opt/gitlab/mattermost data config.json
```
### Restore GitLab Mattermost
## Restore GitLab Mattermost
If you have previously [created a backup of GitLab Mattermost](#back-up-gitlab-mattermost), you can run the following commands to restore it:
@ -227,11 +227,11 @@ sudo chown mattermost:mattermost /var/opt/gitlab/mattermost/config.json
sudo gitlab-ctl start mattermost
```
### Mattermost Command Line Tools (CLI)
## Mattermost Command Line Tools (CLI)
[`mmctl`](https://docs.mattermost.com/manage/mmctl-command-line-tool.html) is a CLI tool for the Mattermost server which is installed locally and uses the Mattermost API, but may also be used remotely. You must configure Mattermost either for local connections or authenticate as an administrator with local login credentials (not through GitLab SSO). The executable is located at `/opt/gitlab/embedded/bin/mmctl`.
#### Use `mmctl` through a local connection
### Use `mmctl` through a local connection
For local connections, the `mmctl` binary and Mattermost must be run from the same server. To enable the local socket:
@ -269,7 +269,7 @@ wd3g5zpepjgbfjgpdjaas7yj6a: feedbackbot (feedbackbot@localhost)
There are 4 users on local instance
```
#### Use `mmctl` through a remote connection
### Use `mmctl` through a remote connection
For remote connections or local connections where the socket cannot be used,
create a non SSO user and give that user admin privileges. Those credentials

16
doc/update/deprecations.md
View File

@ -57,12 +57,20 @@ WARNING:
This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
Review the details carefully before upgrading.
Currently, you can create access tokens that have no expiration date. These access tokens are valid indefinitely, which presents a security risk if the access token is
divulged. Because expiring access tokens are better, from GitLab 15.3 we [populate a default expiration date](https://gitlab.com/gitlab-org/gitlab/-/issues/348660).
Access tokens that have no expiration date are valid indefinitely, which presents a security risk if the access token
is divulged. Because access tokens that have an exipiration date are better, from GitLab 15.3 we
[populate a default expiration date](https://gitlab.com/gitlab-org/gitlab/-/issues/348660).
In GitLab 16.0, any personal, project, or group access token that does not have an expiration date will automatically have an expiration date set at one year.
In GitLab 16.0, any [personal](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html),
[project](https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html), or
[group](https://docs.gitlab.com/ee/user/group/settings/group_access_tokens.html) access token that does not have an
expiration date will automatically have an expiration date set at one year.
We recommend giving your tokens an expiration date in line with your company's security policies before the default is applied in GitLab 16.0.
We recommend giving your access tokens an expiration date in line with your company's security policies before the
default is applied:
- On GitLab.com during the 16.0 milestone.
- On GitLab self-managed instances when they are upgraded to 16.0.
</div>
</div>

3
doc/user/application_security/sast/index.md
View File

@ -78,6 +78,7 @@ You can also [view our language roadmap](https://about.gitlab.com/direction/secu
|------------------------------------------------|-----------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------|
| .NET Core | [Security Code Scan](https://security-code-scan.github.io) | 11.0 |
| .NET Framework<sup>1</sup> | [Security Code Scan](https://security-code-scan.github.io) | 13.0 |
| .NET (all versions, C# only) | [Semgrep](https://semgrep.dev) | 15.4 |
| Apex (Salesforce) | [PMD](https://pmd.github.io/pmd/index.html) | 12.1 |
| C | [Semgrep](https://semgrep.dev) | 14.2 |
| C/C++ | [Flawfinder](https://github.com/david-a-wheeler/flawfinder) | 10.7 |
@ -108,7 +109,7 @@ You can also [view our language roadmap](https://about.gitlab.com/direction/secu
| TypeScript | [ESLint security plugin](https://github.com/nodesecurity/eslint-plugin-security) | 11.9, [merged](https://gitlab.com/gitlab-org/gitlab/-/issues/36059) with ESLint in 13.2 |
| TypeScript | [Semgrep](https://semgrep.dev) | 13.10 |
1. .NET 4 support is limited. The analyzer runs in a Linux container and does not have access to Windows-specific libraries or features. We currently plan to [migrate C# coverage to Semgrep-based scanning](https://gitlab.com/gitlab-org/gitlab/-/issues/347258) to make it easier to scan C# projects.
1. .NET 4 support is limited. The analyzer runs in a Linux container and does not have access to Windows-specific libraries or features. Use the Semgrep-based scanner if you need .NET 4 support.
1. The SpotBugs-based analyzer supports [Ant](https://ant.apache.org/), [Gradle](https://gradle.org/), [Maven](https://maven.apache.org/), and [SBT](https://www.scala-sbt.org/). It can also be used with variants like the
[Gradle wrapper](https://docs.gradle.org/current/userguide/gradle_wrapper.html),
[Grails](https://grails.org/),

BIN
doc/user/compliance/license_compliance/img/denied_licenses_v13_3.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 29 KiB

BIN
doc/user/compliance/license_compliance/img/denied_licenses_v15_3.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 113 KiB

14
doc/user/compliance/license_compliance/index.md
View File

@ -738,7 +738,7 @@ which enables a designated approver that can approve and then merge a merge requ
These policies can be configured by using the [Managed Licenses API](../../../api/managed_licenses.md).
![Merge request with denied licenses](img/denied_licenses_v13_3.png)
![Merge request with denied licenses](img/denied_licenses_v15_3.png)
The **Policies** tab in the project's license compliance section displays your project's license
policies. Project maintainers can specify policies in this section.
@ -795,6 +795,18 @@ We recommend that you use the most recent version of all containers, and the mos
## Troubleshooting
### The License Compliance widget is stuck in a loading state
A loading spinner is displayed in the following scenarios:
- While the pipeline is in progress.
- If the pipeline is complete, but still parsing the results in the background.
- If the license scanning job is complete, but the pipeline is still running.
The License Compliance widget polls every few seconds for updated results. When the pipeline is complete, the first poll after pipeline completion triggers the parsing of the results. This can take a few seconds depending on the size of the generated report.
The final state is when a successful pipeline run has been completed, parsed, and the licenses displayed in the widget.
### ASDF_PYTHON_VERSION does not automatically install the version
Defining a non-latest Python version in ASDF_PYTHON_VERSION [doesn't have it automatically installed](https://gitlab.com/gitlab-org/gitlab/-/issues/325604). If your project requires a non-latest version of Python:

7
doc/user/group/settings/group_access_tokens.md
View File

@ -27,6 +27,13 @@ associated with a group rather than a project or user.
In self-managed instances, group access tokens are subject to the same [maximum lifetime limits](../../admin_area/settings/account_and_limit_settings.md#limit-the-lifetime-of-access-tokens) as personal access tokens if the limit is set.
WARNING:
The ability to create group access tokens without expiry was
[deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/369122) in GitLab 15.4 and is planned for removal in GitLab
16.0. When this ability is removed, existing group access tokens without an expiry are planned to have an expiry added.
The automatic adding of an expiry occurs on GitLab.com during the 16.0 milestone. The automatic adding of an expiry
occurs on self-managed instances when they are upgraded to GitLab 16.0. This change is a breaking change.
You can use group access tokens:
- On GitLab SaaS if you have the Premium license tier or higher. Group access tokens are not available with a [trial license](https://about.gitlab.com/free-trial/).

7
doc/user/profile/personal_access_tokens.md
View File

@ -19,6 +19,13 @@ Personal access tokens can be an alternative to [OAuth2](../../api/oauth2.md) an
In both cases, you authenticate with a personal access token in place of your password.
WARNING:
The ability to create personal access tokens without expiry was
[deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/369122) in GitLab 15.4 and is planned for removal in GitLab
16.0. When this ability is removed, existing personal access tokens without an expiry are planned to have an expiry added.
The automatic adding of an expiry occurs on GitLab.com during the 16.0 milestone. The automatic adding of an expiry
occurs on self-managed instances when they are upgraded to GitLab 16.0. This change is a breaking change.
Personal access tokens are:
- Required when [two-factor authentication (2FA)](account/two_factor_authentication.md) is enabled.

7
doc/user/project/settings/project_access_tokens.md
View File

@ -27,6 +27,13 @@ and [personal access tokens](../../profile/personal_access_tokens.md).
In self-managed instances, project access tokens are subject to the same [maximum lifetime limits](../../admin_area/settings/account_and_limit_settings.md#limit-the-lifetime-of-access-tokens) as personal access tokens if the limit is set.
WARNING:
The ability to create project access tokens without expiry was
[deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/369122) in GitLab 15.4 and is planned for removal in GitLab
16.0. When this ability is removed, existing project access tokens without an expiry are planned to have an expiry added.
The automatic adding of an expiry occurs on GitLab.com during the 16.0 milestone. The automatic adding of an expiry
occurs on self-managed instances when they are upgraded to GitLab 16.0. This change is a breaking change.
You can use project access tokens:
- On GitLab SaaS if you have the Premium license tier or higher. Project access tokens are not available with a [trial license](https://about.gitlab.com/free-trial/).

8
doc/user/public_access.md
View File

@ -24,6 +24,8 @@ Public projects can be cloned **without any** authentication over HTTPS.
They are listed in the public access directory (`/public`) for all users.
Public groups can have public, internal, or private subgroups.
**Any signed-in user** has the Guest role on the repository.
NOTE:
@ -38,6 +40,8 @@ Internal projects can be cloned by any signed-in user except
They are also listed in the public access directory (`/public`), but only for signed-in users.
Internal groups can have internal or private subgroups.
Any signed-in users except [external users](permissions.md#external-users) have the
Guest role on the repository.
@ -53,6 +57,8 @@ Private projects can only be cloned and viewed by project members (except for gu
They appear in the public access directory (`/public`) for project members only.
Private groups can only have private subgroups.
## Change project visibility
Prerequisite:
@ -71,7 +77,7 @@ Prerequisite:
- You must have the Owner role for a group.
- Subgroups and projects must already have visibility settings that are at least as
restrictive as the new setting for the group.
restrictive as the new setting of the parent group.
1. On the top bar, select **Menu > Groups** and find your project.
1. On the left sidebar, select **Settings > General**.

19
lib/api/admin/batched_background_migrations.rb
View File

@ -11,6 +11,25 @@ module API
end
namespace 'admin' do
resources 'batched_background_migrations/:id' do
desc 'Retrieve a batched background migration'
params do
optional :database,
type: String,
values: Gitlab::Database.all_database_names,
desc: 'The name of the database',
default: 'main'
requires :id,
type: Integer,
desc: 'The batched background migration id'
end
get do
Gitlab::Database::SharedModel.using_connection(base_model.connection) do
present_entity(batched_background_migration)
end
end
end
resources 'batched_background_migrations' do
desc 'Get the list of the batched background migrations'
params do

54
spec/requests/api/admin/batched_background_migrations_spec.rb
View File

@ -6,6 +6,60 @@ RSpec.describe API::Admin::BatchedBackgroundMigrations do
let(:admin) { create(:admin) }
let(:unauthorized_user) { create(:user) }
describe 'GET /admin/batched_background_migrations/:id' do
let!(:migration) { create(:batched_background_migration, :paused) }
let(:database) { :main }
subject(:show_migration) do
get api("/admin/batched_background_migrations/#{migration.id}", admin), params: { database: database }
end
it 'fetches the batched background migration' do
show_migration
aggregate_failures "testing response" do
expect(response).to have_gitlab_http_status(:ok)
expect(json_response['id']).to eq(migration.id)
expect(json_response['status']).to eq('paused')
expect(json_response['job_class_name']).to eq(migration.job_class_name)
expect(json_response['progress']).to be_zero
end
end
context 'when the batched background migration does not exist' do
let(:params) { { database: database } }
it 'returns 404' do
put api("/admin/batched_background_migrations/#{non_existing_record_id}", admin), params: params
expect(response).to have_gitlab_http_status(:not_found)
end
end
context 'when multiple database is enabled' do
before do
skip_if_multiple_databases_not_setup
end
let(:ci_model) { Ci::ApplicationRecord }
let(:database) { :ci }
it 'uses the correct connection' do
expect(Gitlab::Database::SharedModel).to receive(:using_connection).with(ci_model.connection).and_yield
show_migration
end
end
context 'when authenticated as a non-admin user' do
it 'returns 403' do
get api("/admin/batched_background_migrations/#{migration.id}", unauthorized_user)
expect(response).to have_gitlab_http_status(:forbidden)
end
end
end
describe 'GET /admin/batched_background_migrations' do
let!(:migration) { create(:batched_background_migration) }