diff --git a/.gitlab/ci/frontend.gitlab-ci.yml b/.gitlab/ci/frontend.gitlab-ci.yml index b8a30ef807b..dbef92c9c35 100644 --- a/.gitlab/ci/frontend.gitlab-ci.yml +++ b/.gitlab/ci/frontend.gitlab-ci.yml @@ -260,7 +260,7 @@ jest: - tmp/tests/frontend/ reports: junit: junit_jest.xml - parallel: 7 + parallel: 12 jest predictive: extends: @@ -278,7 +278,7 @@ jest as-if-foss: - .frontend:rules:jest:as-if-foss - .as-if-foss needs: ["rspec-all frontend_fixture as-if-foss"] - parallel: 4 + parallel: 10 jest predictive as-if-foss: extends: diff --git a/.gitlab/ci/review-apps/main.gitlab-ci.yml b/.gitlab/ci/review-apps/main.gitlab-ci.yml index 96f815b05e8..3522dac39e4 100644 --- a/.gitlab/ci/review-apps/main.gitlab-ci.yml +++ b/.gitlab/ci/review-apps/main.gitlab-ci.yml @@ -44,7 +44,7 @@ review-build-cng: variables: HOST_SUFFIX: "${CI_ENVIRONMENT_SLUG}" DOMAIN: "-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}" - GITLAB_HELM_CHART_REF: "a468cd56328c55df994ba0678ba1add8691d3f7f" # 6.11.5: https://gitlab.com/gitlab-org/charts/gitlab/-/commit/a468cd56328c55df994ba0678ba1add8691d3f7f + GITLAB_HELM_CHART_REF: "75b1486a9aec212d0f49ef1251526d8e51004bbc" # 7.0.1: https://gitlab.com/gitlab-org/charts/gitlab/-/commit/75b1486a9aec212d0f49ef1251526d8e51004bbc environment: name: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE} # No separator for SCHEDULE_TYPE so it's compatible as before and looks nice without it url: https://gitlab-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN} diff --git a/app/models/personal_access_token.rb b/app/models/personal_access_token.rb index be6c6021c88..40370359c01 100644 --- a/app/models/personal_access_token.rb +++ b/app/models/personal_access_token.rb @@ -24,11 +24,6 @@ class PersonalAccessToken < ApplicationRecord after_initialize :set_default_scopes, if: :persisted? before_save :ensure_token - # During the implementation of Admin Mode for API, tokens of - # administrators should automatically get the `admin_mode` scope as well - # See https://gitlab.com/gitlab-org/gitlab/-/issues/42692 - before_create :add_admin_mode_scope, if: -> { Feature.disabled?(:admin_mode_for_api) && user_admin? } - scope :active, -> { not_revoked.not_expired } scope :expiring_and_not_notified, ->(date) { where(["revoked = false AND expire_notification_delivered = false AND expires_at >= CURRENT_DATE AND expires_at <= ?", date]) } scope :expired_today_and_not_notified, -> { where(["revoked = false AND expires_at = CURRENT_DATE AND after_expiry_notification_delivered = false"]) } @@ -91,10 +86,7 @@ class PersonalAccessToken < ApplicationRecord protected def validate_scopes - valid_scopes = Gitlab::Auth.all_available_scopes - valid_scopes += [Gitlab::Auth::ADMIN_MODE_SCOPE] if Feature.disabled?(:admin_mode_for_api) - - unless revoked || scopes.all? { |scope| valid_scopes.include?(scope.to_sym) } + unless revoked || scopes.all? { |scope| Gitlab::Auth.all_available_scopes.include?(scope.to_sym) } errors.add :scopes, "can only contain available scopes" end end @@ -111,10 +103,6 @@ class PersonalAccessToken < ApplicationRecord user.admin? # rubocop: disable Cop/UserAdmin end - def add_admin_mode_scope - self.scopes += [Gitlab::Auth::ADMIN_MODE_SCOPE.to_s] - end - def prefix_from_application_current_settings self.class.token_prefix end diff --git a/config/feature_flags/development/add_validation_for_push_rules.yml b/config/feature_flags/development/add_validation_for_push_rules.yml index c1cb4b4f601..cb1c26ddd87 100644 --- a/config/feature_flags/development/add_validation_for_push_rules.yml +++ b/config/feature_flags/development/add_validation_for_push_rules.yml @@ -5,4 +5,4 @@ rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/411901 milestone: '16.1' type: development group: group::source code -default_enabled: false +default_enabled: true diff --git a/config/feature_flags/development/admin_mode_for_api.yml b/config/feature_flags/development/admin_mode_for_api.yml deleted file mode 100644 index dc80d8a1c77..00000000000 --- a/config/feature_flags/development/admin_mode_for_api.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -name: admin_mode_for_api -introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/107925 -rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/387729 -milestone: '15.8' -type: development -group: group::authentication and authorization -default_enabled: false diff --git a/db/post_migrate/20230523210653_remove_file_md5_from_debian_project_component_files.rb b/db/post_migrate/20230523210653_remove_file_md5_from_debian_project_component_files.rb new file mode 100644 index 00000000000..9ffba2da108 --- /dev/null +++ b/db/post_migrate/20230523210653_remove_file_md5_from_debian_project_component_files.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +class RemoveFileMd5FromDebianProjectComponentFiles < Gitlab::Database::Migration[2.1] + enable_lock_retries! + + def change + remove_column :packages_debian_project_component_files, :file_md5, :bytea + end +end diff --git a/db/post_migrate/20230523210758_remove_file_md5_from_debian_group_component_files.rb b/db/post_migrate/20230523210758_remove_file_md5_from_debian_group_component_files.rb new file mode 100644 index 00000000000..fb9e6da9850 --- /dev/null +++ b/db/post_migrate/20230523210758_remove_file_md5_from_debian_group_component_files.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +class RemoveFileMd5FromDebianGroupComponentFiles < Gitlab::Database::Migration[2.1] + enable_lock_retries! + + def change + remove_column :packages_debian_group_component_files, :file_md5, :bytea + end +end diff --git a/db/schema_migrations/20230523210653 b/db/schema_migrations/20230523210653 new file mode 100644 index 00000000000..0f72d2ef778 --- /dev/null +++ b/db/schema_migrations/20230523210653 @@ -0,0 +1 @@ +20696f0e2e6e7bc7df4696fd91e621538f7a2f8f55e2059bc83f0081811bc365 \ No newline at end of file diff --git a/db/schema_migrations/20230523210758 b/db/schema_migrations/20230523210758 new file mode 100644 index 00000000000..b9e5467643a --- /dev/null +++ b/db/schema_migrations/20230523210758 @@ -0,0 +1 @@ +5cae86aed3b05da49cfa963f0c601763ef433839be4360b6280f8f66f60b279d \ No newline at end of file diff --git a/db/structure.sql b/db/structure.sql index 63c2d188b14..5530bd4c525 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -19358,7 +19358,6 @@ CREATE TABLE packages_debian_group_component_files ( compression_type smallint, file_store smallint DEFAULT 1 NOT NULL, file text NOT NULL, - file_md5 bytea, file_sha256 bytea NOT NULL, CONSTRAINT check_839e1685bc CHECK ((char_length(file) <= 255)) ); @@ -19483,7 +19482,6 @@ CREATE TABLE packages_debian_project_component_files ( compression_type smallint, file_store smallint DEFAULT 1 NOT NULL, file text NOT NULL, - file_md5 bytea, file_sha256 bytea NOT NULL, CONSTRAINT check_e5af03fa2d CHECK ((char_length(file) <= 255)) ); diff --git a/doc/administration/packages/container_registry.md b/doc/administration/packages/container_registry.md index 87422f1ddeb..caebf1f78ae 100644 --- a/doc/administration/packages/container_registry.md +++ b/doc/administration/packages/container_registry.md @@ -598,7 +598,7 @@ The default configuration for the storage driver is scheduled to be [changed](ht When moving from an existing file system or another object storage provider to Azure Object Storage, you must configure the registry to use the standard root directory. -Configure it by setting [`trimlegacyrootprefix: true]`](https://gitlab.com/gitlab-org/container-registry/-/blob/a3f64464c3ec1c5a599c0a2daa99ebcbc0100b9a/docs-gitlab/README.md#azure-storage-driver) in the Azure storage driver section of the registry configuration. +Configure it by setting [`trimlegacyrootprefix: true`](https://gitlab.com/gitlab-org/container-registry/-/blob/a3f64464c3ec1c5a599c0a2daa99ebcbc0100b9a/docs-gitlab/README.md#azure-storage-driver) in the Azure storage driver section of the registry configuration. Without this configuration, the Azure storage driver uses `//` instead of `/` as the first section of the root path, rendering the migrated images inaccessible. **Omnibus GitLab installations** diff --git a/doc/development/ai_features.md b/doc/development/ai_features.md index a19468f4c61..b18345d3afa 100644 --- a/doc/development/ai_features.md +++ b/doc/development/ai_features.md @@ -457,6 +457,13 @@ module Gitlab end ``` +Because we support multiple AI providers, you may also use those providers for the same example: + +```ruby +Gitlab::Llm::VertexAi::Client.new(user) +Gitlab::Llm::Anthropic::Client.new(user) +``` + ### Add Ai Action to GraphQL TODO diff --git a/doc/user/project/service_desk.md b/doc/user/project/service_desk.md index 53da3ab86d2..648b34cee2e 100644 --- a/doc/user/project/service_desk.md +++ b/doc/user/project/service_desk.md @@ -182,6 +182,11 @@ Behind the scenes, Service Desk works by the special Support Bot user creating i This user isn't a [billable user](../../subscriptions/self_managed/index.md#billable-users), so it does not count toward the license limit count. +In GitLab 16.0 and earlier, comments generated from Service Desk emails show `GitLab Support Bot` +as the author. In [GitLab 16.1 and later](https://gitlab.com/gitlab-org/gitlab/-/issues/226995), +these comments show the email of the user who sent the email. +This feature only applies to comments made in GitLab 16.1 and later. + #### Change the Support Bot's display name You can change the display name of the Support Bot user. Emails sent from Service Desk have diff --git a/lib/api/api_guard.rb b/lib/api/api_guard.rb index 81a640d9a93..0aee0c70203 100644 --- a/lib/api/api_guard.rb +++ b/lib/api/api_guard.rb @@ -83,10 +83,7 @@ module API private def bypass_session_for_admin_mode?(user) - return user.is_a?(User) && Gitlab::CurrentSettings.admin_mode if Feature.disabled?(:admin_mode_for_api) - - return false unless Gitlab::CurrentSettings.admin_mode - return false unless user.is_a?(User) + return false unless user.is_a?(User) && Gitlab::CurrentSettings.admin_mode Gitlab::Session.with_session(current_request.session) { Gitlab::Auth::CurrentUserMode.new(user).admin_mode? } || Gitlab::Auth::RequestAuthenticator.new(current_request).valid_access_token?(scopes: [:admin_mode]) diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb index 9268fdd8519..83d94d168a0 100644 --- a/lib/gitlab/auth.rb +++ b/lib/gitlab/auth.rb @@ -401,7 +401,7 @@ module Gitlab scopes = non_admin_available_scopes if resource.admin? # rubocop: disable Cop/UserAdmin - scopes += Feature.enabled?(:admin_mode_for_api) ? ADMIN_SCOPES : [SUDO_SCOPE] + scopes += ADMIN_SCOPES end scopes diff --git a/qa/qa/specs/features/browser_ui/1_manage/login/login_via_oauth_and_oidc_with_gitlab_as_idp_spec.rb b/qa/qa/specs/features/browser_ui/1_manage/login/login_via_oauth_and_oidc_with_gitlab_as_idp_spec.rb index 943ec6681b2..0ef26d71abc 100644 --- a/qa/qa/specs/features/browser_ui/1_manage/login/login_via_oauth_and_oidc_with_gitlab_as_idp_spec.rb +++ b/qa/qa/specs/features/browser_ui/1_manage/login/login_via_oauth_and_oidc_with_gitlab_as_idp_spec.rb @@ -2,11 +2,7 @@ module QA RSpec.describe 'Manage', :skip_live_env, requires_admin: 'creates users and instance OAuth application', - product_group: :authentication_and_authorization, quarantine: { - only: { pipeline: :nightly }, - type: :investigating, - issue: 'https://gitlab.com/gitlab-org/gitlab/-/issues/408317' - } do + product_group: :authentication_and_authorization do let!(:user) { Resource::User.fabricate_via_api! } let(:consumer_host) { "http://#{consumer_name}.#{Runtime::Env.running_in_ci? ? 'test' : 'bridge'}" } let(:instance_oauth_app) do @@ -65,7 +61,9 @@ module QA expect(page.driver.current_url).to include(Runtime::Scenario.gitlab_address) - Flow::Login.sign_in(as: user) + Flow::Login.sign_in(as: user, skip_page_validation: true) + + Flow::UserOnboarding.onboard_user expect(page.driver.current_url).to include(consumer_host) diff --git a/scripts/lint-doc.sh b/scripts/lint-doc.sh index 84035ecd012..e6b63925fc6 100755 --- a/scripts/lint-doc.sh +++ b/scripts/lint-doc.sh @@ -197,7 +197,7 @@ then # shellcheck disable=2059 printf "${COLOR_GREEN}INFO: Merged results pipeline detected, but no markdown files found. Skipping.${COLOR_RESET}\n" else - if ! yarn markdownlint --config .markdownlint.yml "${MD_DOC_PATH}" --rules doc/.markdownlint/rules; + if ! yarn markdownlint --rules doc/.markdownlint/rules ${MD_DOC_PATH}; then # shellcheck disable=2059 printf "${COLOR_RED}ERROR: Markdownlint failed with errors!${COLOR_RESET}\n" >&2 diff --git a/spec/lib/gitlab/auth_spec.rb b/spec/lib/gitlab/auth_spec.rb index 36c87fb4557..b864dba58de 100644 --- a/spec/lib/gitlab/auth_spec.rb +++ b/spec/lib/gitlab/auth_spec.rb @@ -115,26 +115,6 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching, feature_cate end end - context 'with admin_mode_for_api feature flag disabled' do - before do - stub_feature_flags(admin_mode_for_api: false) - end - - it 'contains all non-default scopes' do - expect(subject.all_available_scopes).to match_array %i[api read_user read_api read_repository write_repository read_registry write_registry sudo admin_mode read_observability write_observability] - end - - it 'contains for admin user all non-default scopes with ADMIN access and without observability scopes' do - user = build_stubbed(:user, admin: true) - - expect(subject.available_scopes_for(user)).to match_array %i[api read_user read_api read_repository write_repository read_registry write_registry sudo] - end - - it 'optional_scopes contains all non-default scopes' do - expect(subject.optional_scopes).to match_array %i[read_user read_api read_repository write_repository read_registry write_registry sudo admin_mode openid profile email read_observability write_observability] - end - end - context 'registry_scopes' do context 'when registry is disabled' do before do diff --git a/spec/models/personal_access_token_spec.rb b/spec/models/personal_access_token_spec.rb index 75d380c39ad..5ba9597a519 100644 --- a/spec/models/personal_access_token_spec.rb +++ b/spec/models/personal_access_token_spec.rb @@ -216,18 +216,6 @@ RSpec.describe PersonalAccessToken, feature_category: :system_access do expect(personal_access_token).to be_valid end - context 'with feature flag disabled' do - before do - stub_feature_flags(admin_mode_for_api: false) - end - - it "allows creating a token with `admin_mode` scope" do - personal_access_token.scopes = [:api, :admin_mode] - - expect(personal_access_token).to be_valid - end - end - context 'when registry is disabled' do before do stub_container_registry_config(enabled: false) @@ -403,28 +391,6 @@ RSpec.describe PersonalAccessToken, feature_category: :system_access do end end end - - context 'with feature flag disabled' do - before do - stub_feature_flags(admin_mode_for_api: false) - end - - context 'with administrator user' do - let_it_be(:user) { create(:user, :admin) } - - it 'adds `admin_mode` scope before created' do - expect(subject.scopes).to contain_exactly('api', 'admin_mode') - end - end - - context 'with normal user' do - let_it_be(:user) { create(:user) } - - it 'does not add `admin_mode` scope before created' do - expect(subject.scopes).to contain_exactly('api') - end - end - end end describe 'token format' do diff --git a/spec/requests/api/features_spec.rb b/spec/requests/api/features_spec.rb index c634677e04a..2571e3b1e6a 100644 --- a/spec/requests/api/features_spec.rb +++ b/spec/requests/api/features_spec.rb @@ -26,8 +26,6 @@ RSpec.describe API::Features, stub_feature_flags: false, feature_category: :feat actor.respond_to?(:admin) && actor.admin? end - stub_feature_flags(admin_mode_for_api: true) - skip_feature_flags_yaml_validation skip_default_enabled_yaml_check end @@ -86,9 +84,7 @@ RSpec.describe API::Features, stub_feature_flags: false, feature_category: :feat expect(response).to have_gitlab_http_status(:unauthorized) end - # Skipping this spec here, because the spec clears all the feature flags to have a deterministic list of features returned. - # which in turns causes the `admin_mode` feature not to be enabled and the spec to fail. - it 'returns the feature list for admins', :skip do + it 'returns the feature list for admins' do get api('/features', admin, admin_mode: true) expect(json_response).to match_array(expected_features) diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 0d97af0df0f..bbf69e75050 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -351,16 +351,6 @@ RSpec.configure do |config| end end - # See https://gitlab.com/gitlab-org/gitlab/-/issues/42692 - # The ongoing implementation of Admin Mode for API is behind the :admin_mode_for_api feature flag. - # All API specs will be adapted continuously. The following list contains the specs that have not yet been adapted. - # The feature flag is disabled for these specs as long as they are not yet adapted. - admin_mode_for_api_feature_flag_paths = %w[] - - if example.metadata[:file_path].start_with?(*admin_mode_for_api_feature_flag_paths) - stub_feature_flags(admin_mode_for_api: false) - end - # Make sure specs test by default admin mode setting on, unless forced to the opposite stub_application_setting(admin_mode: true) unless example.metadata[:do_not_mock_admin_mode_setting]