root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2025-05-09 18:11:52 +00:00
parent 915d10b20d
commit 0815945e44
156 changed files with 1211 additions and 1033 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitlab/issue_templates/Operational Readiness.md
View File

@ -105,7 +105,7 @@ Complete common and the appropriate checklists per the type of new component men
### New data store, third party dependency
- [ ] Legal and Security
- [ ] What is the [classification](https://about.gitlab.com/handbook/security/data-classification-standard.html#data-classification-levels) of data stored in the data store?
- [ ] What is the [classification](https://handbook.gitlab.com/handbook/security/data-classification-standard/#data-classification-levels) of data stored in the data store?
- [ ] Have they got any security standards to meet our and/or our customers' requirements? (i.e. FIPS and/or Fed-RAMP) If not, what needs to be done?
- [ ] Development, Testing, Deployment, and Operation
- [ ] What integration types do they provide, e.g. SaaS and/or self-hosting?

2
GITLAB_KAS_VERSION
View File

@ -1 +1 @@
2b6ddffe03cec87d2ad017a44cb8ea854e4a9200
2c3d376351199588c5e6e1c17feb97a7d800f579

2
Gemfile.checksum
View File

@ -218,7 +218,7 @@
{"name":"gitaly","version":"17.8.4","platform":"ruby","checksum":"196d9735a83f8a7d396baa216b979eb0c801622d8b7573f90010338d5b0c7b4f"},
{"name":"gitlab","version":"4.19.0","platform":"ruby","checksum":"3f645e3e195dbc24f0834fbf83e8ccfb2056d8e9712b01a640aad418a6949679"},
{"name":"gitlab-chronic","version":"0.10.6","platform":"ruby","checksum":"a244d11a1396d2aac6ae9b2f326adf1605ec1ad20c29f06e8b672047d415a9ac"},
{"name":"gitlab-cloud-connector","version":"1.11.0","platform":"ruby","checksum":"fb131bb3d04a7d014a08311cd7ff669ed3c5577d9d0b11df7216f768dfd5c0c8"},
{"name":"gitlab-cloud-connector","version":"1.12.0","platform":"ruby","checksum":"b1eb7b0f5cb6633929681904d92771b387ec126b02319cd6cb62dd04bd5750af"},
{"name":"gitlab-crystalball","version":"0.7.2","platform":"ruby","checksum":"c4ed7871d5952377ba38dedc2d64febc204273b5a7d98c954b777b4a9aceb49a"},
{"name":"gitlab-dangerfiles","version":"4.9.1","platform":"ruby","checksum":"296b19d8aca5e4da8d391234914a1c4dfedc29700ddbcd9c554b6ffaa7fdf1b2"},
{"name":"gitlab-experiment","version":"0.9.1","platform":"ruby","checksum":"f230ee742154805a755d5f2539dc44d93cdff08c5bbbb7656018d61f93d01f48"},

2
Gemfile.lock
View File

@ -748,7 +748,7 @@ GEM
terminal-table (>= 1.5.1)
gitlab-chronic (0.10.6)
numerizer (~> 0.2)
gitlab-cloud-connector (1.11.0)
gitlab-cloud-connector (1.12.0)
activesupport (~> 7.0)
jwt (~> 2.9.3)
gitlab-crystalball (0.7.2)

2
Gemfile.next.checksum
View File

@ -218,7 +218,7 @@
{"name":"gitaly","version":"17.8.4","platform":"ruby","checksum":"196d9735a83f8a7d396baa216b979eb0c801622d8b7573f90010338d5b0c7b4f"},
{"name":"gitlab","version":"4.19.0","platform":"ruby","checksum":"3f645e3e195dbc24f0834fbf83e8ccfb2056d8e9712b01a640aad418a6949679"},
{"name":"gitlab-chronic","version":"0.10.6","platform":"ruby","checksum":"a244d11a1396d2aac6ae9b2f326adf1605ec1ad20c29f06e8b672047d415a9ac"},
{"name":"gitlab-cloud-connector","version":"1.11.0","platform":"ruby","checksum":"fb131bb3d04a7d014a08311cd7ff669ed3c5577d9d0b11df7216f768dfd5c0c8"},
{"name":"gitlab-cloud-connector","version":"1.12.0","platform":"ruby","checksum":"b1eb7b0f5cb6633929681904d92771b387ec126b02319cd6cb62dd04bd5750af"},
{"name":"gitlab-crystalball","version":"0.7.2","platform":"ruby","checksum":"c4ed7871d5952377ba38dedc2d64febc204273b5a7d98c954b777b4a9aceb49a"},
{"name":"gitlab-dangerfiles","version":"4.9.1","platform":"ruby","checksum":"296b19d8aca5e4da8d391234914a1c4dfedc29700ddbcd9c554b6ffaa7fdf1b2"},
{"name":"gitlab-experiment","version":"0.9.1","platform":"ruby","checksum":"f230ee742154805a755d5f2539dc44d93cdff08c5bbbb7656018d61f93d01f48"},

2
Gemfile.next.lock
View File

@ -748,7 +748,7 @@ GEM
terminal-table (>= 1.5.1)
gitlab-chronic (0.10.6)
numerizer (~> 0.2)
gitlab-cloud-connector (1.11.0)
gitlab-cloud-connector (1.12.0)
activesupport (~> 7.0)
jwt (~> 2.9.3)
gitlab-crystalball (0.7.2)

40
app/assets/javascripts/access_tokens/index.js
View File

@ -1,9 +1,11 @@
import Vue from 'vue';
import { pinia } from '~/pinia/instance';
import { convertObjectPropsToCamelCase, parseBoolean } from '~/lib/utils/common_utils';
import { parseRailsFormFields } from '~/lib/utils/forms';
import { __, sprintf } from '~/locale';
import Translate from '~/vue_shared/translate';
import AccessTokens from '~/vue_shared/access_tokens/components/access_tokens.vue';
import AccessTokenTableApp from './components/access_token_table_app.vue';
import InactiveAccessTokenTableApp from './components/inactive_access_token_table_app.vue';
import ExpiresAtField from './components/expires_at_field.vue';
@ -126,6 +128,44 @@ export const initNewAccessTokenApp = () => {
});
};
export const initSharedAccessTokenApp = () => {
const el = document.querySelector('#js-shared-access-token-app');
if (!el) {
return null;
}
const {
accessTokenMaxDate,
accessTokenMinDate,
accessTokenCreate,
accessTokenRevoke,
accessTokenRotate,
accessTokenShow,
} = el.dataset;
return new Vue({
el,
name: 'AccessTokensRoot',
pinia,
provide: {
accessTokenMaxDate,
accessTokenMinDate,
accessTokenCreate,
accessTokenRevoke,
accessTokenRotate,
accessTokenShow,
},
render(createElement) {
return createElement(AccessTokens, {
props: {
id: gon.current_user_id,
},
});
},
});
};
export const initTokensApp = () => {
const el = document.getElementById('js-tokens-app');

2
app/assets/javascripts/admin/users/components/admin_users_filter_app.vue
View File

@ -1,7 +1,7 @@
<script>
import { GlFilteredSearch } from '@gitlab/ui';
import { setUrlParams, visitUrl } from '~/lib/utils/url_utility';
import { TOKENS } from 'ee_else_ce/admin/users/constants';
import { TOKENS } from '../constants';
import { initializeValuesFromQuery } from '../utils';
const TOKEN_TYPES = TOKENS.map(({ type }) => type);

5
app/assets/javascripts/admin/users/constants.js
View File

@ -23,13 +23,10 @@ export const I18N_USER_ACTIONS = {
untrust: s__('AdminUsers|Untrust user'),
};
// NOTE: the 'access_level' token is overridden in EE version
export const ACCESS_LEVEL_TOKEN_TYPE = 'access_level';
export const TOKENS = [
{
title: s__('AdminUsers|Access level'),
type: ACCESS_LEVEL_TOKEN_TYPE,
type: 'access_level',
token: GlFilteredSearchToken,
operators: OPERATORS_IS,
unique: true,

2
app/assets/javascripts/admin/users/utils.js
View File

@ -6,7 +6,7 @@ import {
TOKENS,
SOLO_OWNED_ORGANIZATIONS_EMPTY,
SOLO_OWNED_ORGANIZATIONS_REQUESTED_COUNT,
} from 'ee_else_ce/admin/users/constants';
} from './constants';
export const generateUserPaths = (paths, id) => {
return Object.fromEntries(

22
app/assets/javascripts/ci/common/private/jobs_filtered_search/app.vue
View File

@ -40,16 +40,14 @@ export default {
},
];
if (this.glFeatures.populateAndUseBuildSourceTable) {
tokens.push({
type: TOKEN_TYPE_JOBS_SOURCE,
title: TOKEN_TITLE_JOBS_SOURCE,
icon: 'trigger-source',
unique: true,
token: JobSourceToken,
operators: OPERATORS_IS,
});
}
tokens.push({
type: TOKEN_TYPE_JOBS_SOURCE,
title: TOKEN_TITLE_JOBS_SOURCE,
icon: 'trigger-source',
unique: true,
token: JobSourceToken,
operators: OPERATORS_IS,
});
if (this.glFeatures.adminJobsFilterRunnerType) {
tokens.push({
@ -76,10 +74,6 @@ export default {
},
];
case 'sources':
if (!this.glFeatures.populateAndUseBuildSourceTable) {
return acc;
}
return [
...acc,
{

7
app/assets/javascripts/ci/jobs_page/jobs_page_app.vue
View File

@ -132,9 +132,7 @@ export default {
methods: {
resetRequestData() {
if (this.glFeatures.feSearchBuildByName) {
this.requestData = { statuses: null, name: null };
} else if (this.glFeatures.populateAndUseBuildSourceTable) {
this.requestData = { statuses: null, sources: null };
this.requestData = { statuses: null, sources: null, name: null };
} else {
this.requestData = { statuses: null, sources: null };
}
@ -185,8 +183,7 @@ export default {
this.requestData.statuses = filter.value.data;
}
// Technically, this shouldn't need to check the feature flag because the filter won't be available if the flag is disabled
if (this.glFeatures.populateAndUseBuildSourceTable && filter.type === 'jobs-source') {
if (filter.type === 'jobs-source') {
this.requestData.sources = filter.value.data;
}
});

3
app/assets/javascripts/groups/components/app.vue
View File

@ -1,6 +1,5 @@
<script>
import { GlLoadingIcon, GlModal } from '@gitlab/ui';
import EmptyResult from '~/vue_shared/components/empty_result.vue';
import { createAlert } from '~/alert';
import { HTTP_STATUS_FORBIDDEN } from '~/lib/utils/http_status';
import { mergeUrlParams, getParameterByName } from '~/lib/utils/url_utility';
@ -15,7 +14,6 @@ export default {
GroupsComponent,
GlModal,
GlLoadingIcon,
EmptyResult,
},
props: {
action: {
@ -235,7 +233,6 @@ export default {
/>
<template v-else>
<groups-component v-if="hasGroups" :groups="groups" :page-info="pageInfo" :action="action" />
<empty-result v-else-if="fromSearch" data-testid="search-empty-state" />
<slot v-else name="empty-state"></slot>
</template>
<gl-modal

29
app/assets/javascripts/groups/components/empty_states/dashboard_groups_empty_state.vue Normal file
View File

@ -0,0 +1,29 @@
<script>
import groupsEmptyStateIllustration from '@gitlab/svgs/dist/illustrations/empty-state/empty-groups-md.svg?url';
import ResourceListsEmptyState from '~/vue_shared/components/resource_lists/empty_state.vue';
export default {
components: { ResourceListsEmptyState },
groupsEmptyStateIllustration,
props: {
search: {
type: String,
required: false,
default: '',
},
},
};
</script>
<template>
<resource-lists-empty-state
:title="s__('GroupsEmptyState|A group is a collection of several projects')"
:description="
s__(
'GroupsEmptyState|If you organize your projects under a group, it works like a folder. You can manage your group member\'s permissions and access to each project in the group.',
)
"
:svg-path="$options.groupsEmptyStateIllustration"
:search="search"
/>
</template>

20
app/assets/javascripts/groups/components/empty_states/groups_explore_empty_state.vue
View File

@ -1,20 +1,24 @@
<script>
import { GlEmptyState } from '@gitlab/ui';
import groupsEmptyStateIllustration from '@gitlab/svgs/dist/illustrations/empty-state/empty-groups-md.svg?url';
import { s__ } from '~/locale';
import ResourceListsEmptyState from '~/vue_shared/components/resource_lists/empty_state.vue';
export default {
components: { GlEmptyState },
components: { ResourceListsEmptyState },
groupsEmptyStateIllustration,
computed: {
title() {
return s__('GroupsEmptyState|No public or internal groups');
props: {
search: {
type: String,
required: false,
default: '',
},
},
};
</script>
<template>
<gl-empty-state :title="title" :svg-path="$options.groupsEmptyStateIllustration" />
<resource-lists-empty-state
:title="s__('GroupsEmptyState|No public or internal groups')"
:svg-path="$options.groupsEmptyStateIllustration"
:search="search"
/>
</template>

18
app/assets/javascripts/groups/components/empty_states/inactive_projects_empty_state.vue
View File

@ -1,22 +1,32 @@
<script>
import { GlEmptyState } from '@gitlab/ui';
import ResourceListsEmptyState from '~/vue_shared/components/resource_lists/empty_state.vue';
import { s__ } from '~/locale';
import { SEARCH_MINIMUM_LENGTH } from '../../constants';
export default {
components: { GlEmptyState },
components: { ResourceListsEmptyState },
SEARCH_MINIMUM_LENGTH,
i18n: {
title: s__('GroupsEmptyState|There are no inactive projects in this group'),
description: s__('GroupsEmptyState|Projects that are no longer used are displayed here.'),
},
inject: ['emptyProjectsIllustration'],
props: {
search: {
type: String,
required: false,
default: '',
},
},
};
</script>
<template>
<gl-empty-state
<resource-lists-empty-state
:title="$options.i18n.title"
:description="$options.i18n.description"
:svg-path="emptyProjectsIllustration"
:search="search"
:search-minimum-length="$options.SEARCH_MINIMUM_LENGTH"
/>
</template>

24
app/assets/javascripts/groups/components/empty_states/shared_groups_empty_state.vue
View File

@ -1,12 +1,14 @@
<script>
import { GlEmptyState, GlSprintf } from '@gitlab/ui';
import { GlSprintf } from '@gitlab/ui';
import groupsEmptyStateIllustration from '@gitlab/svgs/dist/illustrations/empty-state/empty-groups-md.svg?url';
import ResourceListsEmptyState from '~/vue_shared/components/resource_lists/empty_state.vue';
import HelpPageLink from '~/vue_shared/components/help_page_link/help_page_link.vue';
import { s__ } from '~/locale';
import { SEARCH_MINIMUM_LENGTH } from '../../constants';
export default {
components: { GlEmptyState, GlSprintf, HelpPageLink },
components: { ResourceListsEmptyState, GlSprintf, HelpPageLink },
SEARCH_MINIMUM_LENGTH,
groupsEmptyStateIllustration,
i18n: {
title: s__('GroupsEmptyState|This group has not been invited to any other groups.'),
@ -14,11 +16,23 @@ export default {
'GroupsEmptyState|Other groups this group has been %{linkStart}invited to%{linkEnd} will appear here.',
),
},
props: {
search: {
type: String,
required: false,
default: '',
},
},
};
</script>
<template>
<gl-empty-state :title="$options.i18n.title" :svg-path="$options.groupsEmptyStateIllustration">
<resource-lists-empty-state
:title="$options.i18n.title"
:svg-path="$options.groupsEmptyStateIllustration"
:search="search"
:search-minimum-length="$options.SEARCH_MINIMUM_LENGTH"
>
<template #description>
<gl-sprintf :message="$options.i18n.description">
<template #link="{ content }">
@ -30,5 +44,5 @@ export default {
</template>
</gl-sprintf>
</template>
</gl-empty-state>
</resource-lists-empty-state>
</template>

24
app/assets/javascripts/groups/components/empty_states/shared_projects_empty_state.vue
View File

@ -1,11 +1,13 @@
<script>
import { GlEmptyState, GlSprintf } from '@gitlab/ui';
import { GlSprintf } from '@gitlab/ui';
import ResourceListsEmptyState from '~/vue_shared/components/resource_lists/empty_state.vue';
import HelpPageLink from '~/vue_shared/components/help_page_link/help_page_link.vue';
import { s__ } from '~/locale';
import { SEARCH_MINIMUM_LENGTH } from '../../constants';
export default {
components: { GlEmptyState, HelpPageLink, GlSprintf },
components: { ResourceListsEmptyState, HelpPageLink, GlSprintf },
SEARCH_MINIMUM_LENGTH,
i18n: {
title: s__('GroupsEmptyState|This group has not been invited to any other projects.'),
description: s__(
@ -13,11 +15,23 @@ export default {
),
},
inject: ['emptyProjectsIllustration'],
props: {
search: {
type: String,
required: false,
default: '',
},
},
};
</script>
<template>
<gl-empty-state :title="$options.i18n.title" :svg-path="emptyProjectsIllustration">
<resource-lists-empty-state
:title="$options.i18n.title"
:svg-path="emptyProjectsIllustration"
:search="search"
:search-minimum-length="$options.SEARCH_MINIMUM_LENGTH"
>
<template #description>
<gl-sprintf :message="$options.i18n.description">
<template #link="{ content }">
@ -29,5 +43,5 @@ export default {
</template>
</gl-sprintf>
</template>
</gl-empty-state>
</resource-lists-empty-state>
</template>

20
app/assets/javascripts/groups/components/empty_states/subgroups_and_projects_empty_state.vue
View File

@ -1,11 +1,12 @@
<script>
import { GlEmptyState } from '@gitlab/ui';
import ActionCard from '~/vue_shared/components/action_card.vue';
import ResourceListsEmptyState from '~/vue_shared/components/resource_lists/empty_state.vue';
import { s__ } from '~/locale';
import { SEARCH_MINIMUM_LENGTH } from '../../constants';
export default {
components: { GlEmptyState, ActionCard },
components: { ResourceListsEmptyState, ActionCard },
SEARCH_MINIMUM_LENGTH,
i18n: {
title: s__('GroupsEmptyState|There are no subgroups or projects in this group'),
description: s__(
@ -30,6 +31,13 @@ export default {
'canCreateSubgroups',
'canCreateProjects',
],
props: {
search: {
type: String,
required: false,
default: '',
},
},
computed: {
hasActions() {
return this.canCreateSubgroups || this.canCreateProjects;
@ -42,10 +50,12 @@ export default {
</script>
<template>
<gl-empty-state
<resource-lists-empty-state
:title="$options.i18n.title"
:svg-path="emptySubgroupIllustration"
:description="description"
:search="search"
:search-minimum-length="$options.SEARCH_MINIMUM_LENGTH"
>
<template v-if="hasActions" #actions>
<div
@ -72,5 +82,5 @@ export default {
/>
</div>
</template>
</gl-empty-state>
</resource-lists-empty-state>
</template>

2
app/assets/javascripts/groups/components/groups_list_with_filtered_search_app.vue
View File

@ -149,7 +149,7 @@ export default {
/>
<groups-app :service="service" :store="store">
<template #empty-state>
<slot name="empty-state"></slot>
<slot name="empty-state" :search="search"></slot>
</template>
</groups-app>
</div>

8
app/assets/javascripts/groups/components/overview_tabs.vue
View File

@ -27,8 +27,6 @@ import SharedProjectsEmptyState from './empty_states/shared_projects_empty_state
import SharedGroupsEmptyState from './empty_states/shared_groups_empty_state.vue';
import InactiveProjectsEmptyState from './empty_states/inactive_projects_empty_state.vue';
const MIN_SEARCH_LENGTH = 3;
export default {
components: {
GlTabs,
@ -227,9 +225,7 @@ export default {
onFilter(filtersQuery) {
this.search = filtersQuery[OVERVIEW_TABS_FILTERED_SEARCH_TERM_KEY];
if (!this.search || this.search.length >= MIN_SEARCH_LENGTH) {
this.handleSearchOrSortChange();
}
this.handleSearchOrSortChange();
},
},
i18n: {
@ -263,7 +259,7 @@ export default {
>
<groups-app :action="key" :service="service" :store="store">
<template v-if="emptyStateComponent" #empty-state>
<component :is="emptyStateComponent" />
<component :is="emptyStateComponent" :search="search" />
</template>
</groups-app>
</gl-tab>

1
app/assets/javascripts/groups/constants.js
View File

@ -7,6 +7,7 @@ import {
} from '~/groups_projects/constants';
export const MAX_CHILDREN_COUNT = 20;
export const SEARCH_MINIMUM_LENGTH = 3;
export const ACTIVE_TAB_SUBGROUPS_AND_PROJECTS = 'subgroups_and_projects';
export const ACTIVE_TAB_SHARED = 'shared';

2
app/assets/javascripts/groups/init_groups_list_with_filtered_search.js
View File

@ -47,7 +47,7 @@ export const initGroupsListWithFilteredSearch = ({ filteredSearchNamespace, Empt
initialSort,
},
scopedSlots: {
'empty-state': () => createElement(EmptyState),
'empty-state': ({ search }) => createElement(EmptyState, { props: { search } }),
},
});
},

3
app/assets/javascripts/packages_and_registries/container_registry/explorer/components/delete_button.vue
View File

@ -43,8 +43,7 @@ export default {
:disabled="disabled"
:title="title"
:aria-label="title"
variant="danger"
category="secondary"
category="tertiary"
icon="remove"
@click="$emit('delete')"
/>

5
app/assets/javascripts/packages_and_registries/container_registry/explorer/components/details_page/tags_list_row.vue
View File

@ -266,12 +266,11 @@ export default {
variant="warning"
/>
</div>
</template>
<template v-if="signatures.length" #left-after-toggle>
<gl-badge
v-if="signatures.length"
v-gl-tooltip.d0="$options.i18n.SIGNATURE_BADGE_TOOLTIP"
class="gl-ml-4"
class="sm:gl-ml-3"
data-testid="signed-badge"
>
{{ s__('ContainerRegistry|Signed') }}

1
app/assets/javascripts/packages_and_registries/container_registry/explorer/components/list_page/image_list_row.vue
View File

@ -198,7 +198,6 @@ export default {
</gl-skeleton-loader>
</div>
</template>
<template #right-primary> &nbsp; </template>
<template #right-secondary>
<publish-message
:project-name="projectName"

2
app/assets/javascripts/packages_and_registries/container_registry/explorer/constants/quick_start.js
View File

@ -1,6 +1,6 @@
import { s__ } from '~/locale';
export const QUICK_START = s__('ContainerRegistry|CLI Commands');
export const QUICK_START = s__('ContainerRegistry|CLI commands');
export const LOGIN_COMMAND_LABEL = s__('ContainerRegistry|Login');
export const COPY_LOGIN_TITLE = s__('ContainerRegistry|Copy login command');
export const BUILD_COMMAND_LABEL = s__('ContainerRegistry|Build an image');

2
app/assets/javascripts/packages_and_registries/container_registry/explorer/pages/list.vue
View File

@ -302,11 +302,13 @@ export default {
:docker-build-command="dockerBuildCommand"
:docker-push-command="dockerPushCommand"
:docker-login-command="dockerLoginCommand"
class="!gl-w-auto"
/>
<gl-button
v-if="config.showContainerRegistrySettings"
v-gl-tooltip="$options.i18n.SETTINGS_TEXT"
icon="settings"
class="!gl-w-auto"
:href="config.settingsPath"
:aria-label="$options.i18n.SETTINGS_TEXT"
/>

2
app/assets/javascripts/packages_and_registries/shared/constants/quick_start.js
View File

@ -1,6 +1,6 @@
import { s__ } from '~/locale';
export const QUICK_START = s__('ContainerRegistry|CLI Commands');
export const QUICK_START = s__('ContainerRegistry|CLI commands');
export const LOGIN_COMMAND_LABEL = s__('ContainerRegistry|Login');
export const COPY_LOGIN_TITLE = s__('ContainerRegistry|Copy login command');
export const BUILD_COMMAND_LABEL = s__('ContainerRegistry|Build an image');

2
app/assets/javascripts/pages/dashboard/groups/index/index.js
View File

@ -1,8 +1,10 @@
import { initGroupsListWithFilteredSearch } from '~/groups/init_groups_list_with_filtered_search';
import { initYourWorkGroups } from '~/groups/your_work';
import { DASHBOARD_FILTERED_SEARCH_NAMESPACE } from '~/groups/constants';
import DashboardGroupsEmptyState from '~/groups/components/empty_states/dashboard_groups_empty_state.vue';
initGroupsListWithFilteredSearch({
filteredSearchNamespace: DASHBOARD_FILTERED_SEARCH_NAMESPACE,
EmptyState: DashboardGroupsEmptyState,
});
initYourWorkGroups();

4
app/assets/javascripts/pages/user_settings/personal_access_tokens/index.js
View File

@ -2,10 +2,12 @@ import {
initAccessTokenTableApp,
initExpiresAtField,
initNewAccessTokenApp,
initSharedAccessTokenApp,
initTokensApp,
} from '~/access_tokens';
initAccessTokenTableApp();
initExpiresAtField();
initNewAccessTokenApp();
initTokensApp();
initSharedAccessTokenApp();
initNewAccessTokenApp();

9
app/assets/javascripts/vue_shared/components/registry/list_item.vue
View File

@ -60,10 +60,10 @@ export default {
class="gl-flex gl-flex-col gl-border-b-1 gl-border-t-1 gl-border-b-solid gl-border-t-solid"
:class="optionalClasses"
>
<div class="gl-flex gl-items-center gl-py-3">
<div class="gl-flex gl-py-3">
<div
v-if="$slots['left-action'] /* eslint-disable-line @gitlab/vue-prefer-dollar-scopedslots */"
class="gl-flex gl-w-7 gl-justify-start gl-pl-2"
class="gl-flex gl-w-7 gl-justify-start gl-pt-2"
>
<slot name="left-action"></slot>
</div>
@ -73,7 +73,7 @@ export default {
v-if="
$slots['left-primary'] /* eslint-disable-line @gitlab/vue-prefer-dollar-scopedslots */
"
class="gl-flex gl-min-h-6 gl-min-w-0 gl-items-center gl-font-semibold gl-text-default"
class="gl-min-h-6 gl-min-w-0 gl-items-center gl-font-semibold gl-text-default sm:gl-flex"
>
<slot name="left-primary"></slot>
<gl-button
@ -88,7 +88,6 @@ export default {
:aria-expanded="isDetailsShown"
@click="toggleDetails"
/>
<slot name="left-after-toggle"></slot>
</div>
<div
v-if="
@ -130,7 +129,7 @@ export default {
v-if="
$slots['right-action'] /* eslint-disable-line @gitlab/vue-prefer-dollar-scopedslots */
"
class="gl-flex gl-w-9 gl-justify-end gl-pr-1"
class="gl-items-center gl-pl-3 sm:gl-flex"
>
<slot name="right-action"></slot>
</div>

2
app/assets/javascripts/vue_shared/components/registry/title_area.vue
View File

@ -84,7 +84,7 @@ export default {
<div
v-for="(row, metadataIndex) in metadataSlots"
:key="metadataIndex"
class="gl-mr-3 gl-flex gl-items-center"
class="gl-mr-5 gl-flex gl-flex-wrap gl-items-center"
>
<slot :name="row"></slot>
</div>

30
app/assets/javascripts/work_items/components/create_work_item.vue
View File

@ -13,7 +13,7 @@ import {
import glFeatureFlagMixin from '~/vue_shared/mixins/gl_feature_flags_mixin';
import { createAlert } from '~/alert';
import { clearDraft } from '~/lib/utils/autosave';
import { isMetaEnterKeyPair } from '~/lib/utils/common_utils';
import { isMetaEnterKeyPair, parseBoolean } from '~/lib/utils/common_utils';
import { getParameterByName } from '~/lib/utils/url_utility';
import { convertToGraphQLId } from '~/graphql_shared/utils';
import { s__, sprintf } from '~/locale';
@ -193,10 +193,11 @@ export default {
data() {
return {
isTitleValid: true,
isConfidential: false,
isConfidential: parseBoolean(getParameterByName('issue[confidential]')),
isRelatedToItem: true,
localTitle: this.title || '',
error: null,
workItem: {},
workItemTypes: [],
selectedProjectFullPath: this.initialSelectedProject(),
selectedWorkItemTypeId: null,
@ -212,7 +213,6 @@ export default {
};
},
apollo: {
// eslint-disable-next-line @gitlab/vue-no-undef-apollo-properties
workItem: {
query: workItemByIidQuery,
variables() {
@ -252,20 +252,14 @@ export default {
return;
}
let workItemDescription = '';
let workItemTitle = '';
// The follow up title and description can come from the backend for the following three use cases
// 1. when resolving a discussion in the MR and we have the merge request id in the query param
// 2. when the issue and title are added in the query param . read https://docs.gitlab.com/user/project/issues/create_issues/#using-a-url-with-prefilled-values
// 3. when following up a work item with a vulnerability, where we have the vulnerability id in the query param
workItemTitle = document.querySelector(
'.follow_up_work_item .follow-up-title',
)?.textContent;
workItemDescription = document.querySelector(
'.follow_up_work_item .follow-up-description',
)?.textContent;
const workItemTitle = document.querySelector('.params-title')?.textContent.trim();
const workItemDescription = document
.querySelector('.params-description')
?.textContent.trim();
for await (const workItemType of this.workItemTypes) {
await setNewWorkItemCache(
@ -488,10 +482,10 @@ export default {
);
},
resolvingMRDiscussionLink() {
return document.querySelector('.follow_up_work_item_details span.note-link a')?.href || '';
return document.querySelector('.params-discussion-to-resolve a')?.href || '';
},
resolvingMRDiscussionLinkText() {
return document.querySelector('.follow_up_work_item_details span.note-link a')?.text || '';
return document.querySelector('.params-discussion-to-resolve a')?.text || '';
},
createWorkItemWarning() {
const warning =
@ -924,7 +918,11 @@ export default {
@error="updateError = $event"
@updateDraft="updateDraftData('description', $event)"
/>
<div v-if="numberOfDiscussionsResolved && resolvingMRDiscussionLink" class="gl-mb-4">
<div
v-if="numberOfDiscussionsResolved && resolvingMRDiscussionLink"
class="gl-mb-4"
data-testid="work-item-resolve-discussion"
>
<gl-icon class="gl-mr-2" name="information-o" />
{{ createWorkItemWarning }}
<gl-link :href="resolvingMRDiscussionLink">{{

10
app/assets/javascripts/work_items/pages/create_work_item.vue
View File

@ -1,5 +1,7 @@
<script>
import { visitUrl, getParameterByName, updateHistory, removeParams } from '~/lib/utils/url_utility';
import { TYPENAME_WORK_ITEM } from '~/graphql_shared/constants';
import { convertToGraphQLId } from '~/graphql_shared/utils';
import CreateWorkItem from '../components/create_work_item.vue';
import CreateWorkItemCancelConfirmationModal from '../components/create_work_item_cancel_confirmation_modal.vue';
import {
@ -27,9 +29,15 @@ export default {
},
},
data() {
// Generated by backend with add_related_issue query parameter
const relatedId = document.querySelector('.params-add-related-issue')?.textContent.trim();
const legacyAddRelatedIssueId = relatedId
? convertToGraphQLId(TYPENAME_WORK_ITEM, relatedId)
: undefined;
return {
relatedItem: null,
relatedItemId: getParameterByName(RELATED_ITEM_ID_URL_QUERY_PARAM),
relatedItemId: getParameterByName(RELATED_ITEM_ID_URL_QUERY_PARAM) || legacyAddRelatedIssueId,
isCancelConfirmationModalVisible: false,
shouldDiscardDraft: false,
workItemType: convertTypeEnumToName(this.workItemTypeEnum),

6
app/assets/javascripts/work_items/router/routes.js
View File

@ -3,6 +3,7 @@ import CreateWorkItem from '../pages/create_work_item.vue';
import WorkItemDetail from '../pages/work_item_root.vue';
import DesignDetail from '../components/design_management/design_preview/design_details.vue';
import { ROUTES, WORK_ITEM_BASE_ROUTE_MAP } from '../constants';
import { getEnumFromIssueTypeParameter } from '../utils';
function generateTypeRegex(routeMap) {
const types = Object.keys(routeMap);
@ -21,7 +22,10 @@ function getRoutes() {
name: ROUTES.new,
component: CreateWorkItem,
props: ({ params, query }) => ({
workItemTypeEnum: query.type || WORK_ITEM_BASE_ROUTE_MAP[params.type],
workItemTypeEnum:
query.type ||
getEnumFromIssueTypeParameter(query['issue[issue_type]']) ||
WORK_ITEM_BASE_ROUTE_MAP[params.type],
}),
},
{

9
app/assets/javascripts/work_items/utils.js
View File

@ -35,6 +35,8 @@ import {
WIDGET_TYPE_TIME_TRACKING,
WIDGET_TYPE_VULNERABILITIES,
WIDGET_TYPE_WEIGHT,
WORK_ITEM_TYPE_ENUM_INCIDENT,
WORK_ITEM_TYPE_ENUM_ISSUE,
WORK_ITEM_TYPE_ROUTE_WORK_ITEM,
} from './constants';
@ -128,6 +130,13 @@ export const formatLabelForListbox = (label) => ({
export const convertTypeEnumToName = (workItemTypeEnum) =>
Object.keys(NAME_TO_ENUM_MAP).find((name) => NAME_TO_ENUM_MAP[name] === workItemTypeEnum);
export const getEnumFromIssueTypeParameter = (param) => {
if (!param) {
return undefined;
}
return param === 'incident' ? WORK_ITEM_TYPE_ENUM_INCIDENT : WORK_ITEM_TYPE_ENUM_ISSUE;
};
/**
* TODO: Remove this method with https://gitlab.com/gitlab-org/gitlab/-/issues/479637
* We're currently setting children count per page based on `DEFAULT_PAGE_SIZE_CHILD_ITEMS`

2
app/controllers/graphql_controller.rb
View File

@ -254,7 +254,7 @@ class GraphqlController < ApplicationController
end
def query
GraphQL::Language.escape_single_quoted_newlines(permitted_params.fetch(:query, ''))
GraphQL::Language.escape_single_quoted_newlines(permitted_params.fetch(:query, '').to_s)
end
def multiplex_param

2
app/controllers/search_controller.rb
View File

@ -145,7 +145,7 @@ class SearchController < ApplicationController
return true
end
return true unless ::Gitlab::CurrentSettings.anonymous_searches_allowed?
return true if ::Feature.disabled?(:allow_anonymous_searches, type: :ops)
false
end

4
app/controllers/user_settings/personal_access_tokens_controller.rb
View File

@ -62,7 +62,9 @@ module UserSettings
if result.success?
tokens, size = active_access_tokens
render json: { new_token: @personal_access_token.token,
render json: { token: @personal_access_token.token,
# Delete when `migrate_user_access_tokens_ui` feature flag is removed
new_token: @personal_access_token.token,
active_access_tokens: tokens, total: size }, status: :ok
else
render json: { errors: result.errors }, status: :unprocessable_entity

21
app/events/merge_requests/auto_merge/title_description_update_event.rb Normal file
View File

@ -0,0 +1,21 @@
# frozen_string_literal: true
module MergeRequests
module AutoMerge
class TitleDescriptionUpdateEvent < Gitlab::EventStore::Event
def schema
{
'type' => 'object',
'required' => %w[
current_user_id
merge_request_id
],
'properties' => {
'current_user_id' => { 'type' => 'integer' },
'merge_request_id' => { 'type' => 'integer' }
}
}
end
end
end
end

11
app/helpers/access_tokens_helper.rb
View File

@ -35,6 +35,17 @@ module AccessTokensHelper
}.to_json
end
def personal_access_token_data
{
access_token: {
create: user_settings_personal_access_tokens_path,
revoke: api_v4_personal_access_tokens_path,
rotate: api_v4_personal_access_tokens_path,
show: api_v4_personal_access_tokens_path
}
}
end
def expires_at_field_data
{
min_date: 1.day.from_now.iso8601,

7
app/helpers/application_settings_helper.rb
View File

@ -74,13 +74,6 @@ module ApplicationSettingsHelper
def global_search_settings_checkboxes(form)
[
form.gitlab_ui_checkbox_component(
:anonymous_searches_allowed,
_("Allow unauthenticated users to use search"),
checkbox_options: {
checked: @application_setting.anonymous_searches_allowed, multiple: false
}
),
form.gitlab_ui_checkbox_component(
:global_search_block_anonymous_searches_enabled,
_("Restrict global search to authenticated users only"),

2
app/models/application_setting.rb
View File

@ -716,7 +716,7 @@ class ApplicationSetting < ApplicationRecord
jsonb_accessor :service_ping_settings,
gitlab_environment_toolkit_instance: [:boolean, { default: false }],
gitlab_product_usage_data_enabled: [:boolean, { default: true }]
gitlab_product_usage_data_enabled: [:boolean, { default: Settings.gitlab['initial_gitlab_product_usage_data'] }]
jsonb_accessor :rate_limits_unauthenticated_git_http,
throttle_unauthenticated_git_http_enabled: [:boolean, { default: false }],

1
app/models/application_setting_implementation.rb
View File

@ -107,7 +107,6 @@ module ApplicationSettingImplementation
gitaly_timeout_default: 55,
gitaly_timeout_fast: 10,
gitaly_timeout_medium: 30,
gitlab_product_usage_data_enabled: Settings.gitlab['initial_gitlab_product_usage_data'],
gitpod_enabled: false,
gitpod_url: 'https://gitpod.io/',
gravatar_enabled: Settings.gravatar['enabled'],

22
app/services/auth/dependency_proxy_authentication_service.rb
View File

@ -16,9 +16,6 @@ module Auth
return error('dependency proxy not enabled', 404) unless ::Gitlab.config.dependency_proxy.enabled
return error('access forbidden', 403) unless valid_user_actor?
# TODO: Remove this when enforce_abilities_check_for_dependency_proxy is permanently enabled
log_missing_authentication_abilities unless deploy_token || has_required_abilities?
{ token: authorized_token.encoded }
end
@ -50,10 +47,8 @@ module Auth
# https://gitlab.com/gitlab-org/gitlab/-/issues/520321
if Feature.enabled?(:packages_dependency_proxy_containers_scope_check, feature_user)
dependency_proxy_containers_scope_check
elsif Feature.enabled?(:enforce_abilities_check_for_dependency_proxy, feature_user)
has_required_abilities?
else
current_user || valid_deploy_token?
has_required_abilities?
end
end
@ -77,10 +72,6 @@ module Auth
PersonalAccessTokensFinder.new(state: 'active').find_by_token(raw_token.to_s)
end
def valid_deploy_token?
deploy_token && deploy_token.valid_for_dependency_proxy?
end
def authorized_token
JSONWebToken::HMACToken.new(self.class.secret).tap do |token|
token['user_id'] = current_user.id if current_user
@ -108,16 +99,5 @@ module Auth
def personal_access_token_user?
raw_token && current_user && (current_user.human? || current_user.service_account?)
end
def log_missing_authentication_abilities
log_info = {
message: MISSING_ABILITIES_MESSAGE,
authentication_abilities: authentication_abilities,
username: current_user&.username,
user_id: current_user&.id
}.compact
Gitlab::AuthLogger.warn(log_info)
end
end
end

31
app/views/admin/application_settings/_account_and_limit.html.haml
View File

@ -34,10 +34,26 @@
= f.gitlab_ui_checkbox_component :remember_me_enabled, _('Allow users to extend their session'), help_text: _("Users can select 'Remember me' on sign-in to keep their session active beyond the session duration. %{link_start}Learn more%{link_end}.").html_safe % { link_start: remember_me_help_link_start, link_end: '</a>'.html_safe }
= render_if_exists 'admin/application_settings/git_two_factor_session_expiry', form: f
= render 'admin/application_settings/require_personal_access_token_expiry', form: f
= render_if_exists 'admin/application_settings/personal_access_token_expiration_policy', form: f
= render_if_exists 'admin/application_settings/service_access_tokens_expiration_enforced', form: f
= render_if_exists 'admin/application_settings/allow_top_level_group_owners_to_create_service_accounts', form: f
.form-group
= f.label :disable_feed_token, s_('AdminSettings|Feed token')
= f.gitlab_ui_checkbox_component :disable_feed_token, s_('AdminSettings|Disable feed token')
= render_if_exists 'admin/application_settings/disable_personal_access_tokens', form: f
%h5= s_('AccessTokens|Access token expiration')
.form-group
= render 'admin/application_settings/require_access_token_expiry', form: f
= render_if_exists 'admin/application_settings/service_accounts_pats_expiration_enforced', form: f
.form-group
= f.label :personal_access_token_prefix, s_('AccessTokens|Access token prefix')
= f.text_field :personal_access_token_prefix, placeholder: _('Maximum 20 characters'), class: 'form-control gl-form-input'
- if Feature.enabled?(:custom_prefix_for_all_token_types, :instance)
.form-group
= f.label :instance_token_prefix, s_('AccessTokens|Instance token prefix')
= f.text_field :instance_token_prefix, placeholder: _('Maximum 20 characters'), class: 'form-control gl-form-input'
= render_if_exists 'admin/application_settings/personal_access_token_expiration_policy', form: f
= render_if_exists 'admin/application_settings/ssh_key_expiration_policy', form: f
.form-group
@ -70,15 +86,6 @@
.form-text.gl-text-subtle
= _('Must be 90 days or more. Applies only to users with sign-in history. Users with no sign-in history are automatically deactivated after 7 days.')
.form-group
= f.label :personal_access_token_prefix, _('Personal access token prefix'), class: 'label-light'
= f.text_field :personal_access_token_prefix, placeholder: _('Maximum 20 characters'), class: 'form-control gl-form-input'
- if Feature.enabled?(:custom_prefix_for_all_token_types, :instance)
.form-group
= f.label :instance_token_prefix, _('Instance token prefix'), class: 'label-light'
= f.text_field :instance_token_prefix, placeholder: _('Maximum 20 characters'), class: 'form-control gl-form-input'
.form-group
= f.label :user_show_add_ssh_key_message, _('Prompt users to upload SSH keys'), class: 'label-bold'
= f.gitlab_ui_checkbox_component :user_show_add_ssh_key_message, _("Inform users without uploaded SSH keys that they can't push over SSH until one is added")

4
app/views/admin/application_settings/_require_access_token_expiry.html.haml Normal file
View File

@ -0,0 +1,4 @@
- pat_expiry_rules_link = link_to('', help_page_path('user/profile/personal_access_tokens.md', anchor: 'access-token-expiration', target: '_blank', rel: 'noopener noreferrer'))
- help_text = safe_format(s_('AccessTokens|Forces new personal, group, project and impersonation tokens to require an expiration date. Does not affect existing token expiration dates or personal access tokens for service accounts. This setting overrides the group-level %{link_start}service account token expiration%{link_end} setting.'), tag_pair(pat_expiry_rules_link, :link_start, :link_end))
= form.gitlab_ui_checkbox_component :require_personal_access_token_expiry, _('Require expiration date'), help_text: help_text

7
app/views/admin/application_settings/_require_personal_access_token_expiry.html.haml
View File

@ -1,7 +0,0 @@
- help_link = help_page_path('user/profile/personal_access_tokens.md', anchor: 'create-a-service-account-personal-access-token-with-no-expiry-date')
- help_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: help_link }
- help_text = s_('AccessTokens|When enabled, a user will be required to enter in an expiration date when creating an access token. Changes will not affect existing token expiration dates. This setting overrides the group-level %{link_start}service account token expiration%{link_end} setting.').html_safe % { link_start: help_link_start, link_end: '</a>'.html_safe }
.form-group
= form.label :require_personal_access_token_expiry, s_('AccessTokens|Personal / project / group access token expiration'), class: 'label-light'
= form.gitlab_ui_checkbox_component :require_personal_access_token_expiry, _('Require expiration date'), help_text: help_text

6
app/views/admin/application_settings/_visibility_and_access.html.haml
View File

@ -48,12 +48,6 @@
= f.label field_name, "#{type.upcase} SSH keys", class: 'label-bold'
= f.select field_name, key_restriction_options_for_select(type), {}, class: 'form-control'
= render_if_exists 'admin/application_settings/disable_personal_access_tokens', form: f
.form-group
%label.label-bold= s_('AdminSettings|Feed token')
= f.gitlab_ui_checkbox_component :disable_feed_token, s_('AdminSettings|Disable feed token')
= render_if_exists 'admin/application_settings/disable_invite_members_setting', form: f
= render_if_exists 'admin/application_settings/globally_allowed_ips', form: f

17
app/views/projects/issues/new.html.haml
View File

@ -11,18 +11,15 @@
- add_to_breadcrumbs _("Issues"), project_issues_path(@project)
- breadcrumb_title _("New issue")
- if @merge_request_to_resolve_discussions_of
.follow_up_work_item_details.hidden
%span.permission
= @merge_request_to_resolve_discussions_of.discussions_can_be_resolved_by?(current_user)
%span.note-link
= link_to_discussions_to_resolve(@merge_request_to_resolve_discussions_of, @discussion_to_resolve)
.follow_up_work_item.hidden
%span.follow-up-title
.new-issue-params.hidden
.params-title
= @issue.title
.follow-up-description
.params-description
= @issue.description
.params-add-related-issue
= @add_related_issue&.id
.params-discussion-to-resolve
= @merge_request_to_resolve_discussions_of ? link_to_discussions_to_resolve(@merge_request_to_resolve_discussions_of, @discussion_to_resolve) : nil
- if use_work_item
#js-work-items{ data: work_items_data(@project, current_user) }

54
app/views/user_settings/personal_access_tokens/index.html.haml
View File

@ -4,33 +4,37 @@
- type_plural = _('personal access tokens')
- @force_desktop_expanded_sidebar = true
= render ::Layouts::SettingsSectionComponent.new(page_title) do |c|
- c.with_description do
= s_('AccessTokens|You can generate a personal access token for each application you use that needs access to the GitLab API.')
= s_('AccessTokens|You can also use personal access tokens to authenticate against Git over HTTP.')
= s_('AccessTokens|They are the only accepted password when you have Two-Factor Authentication (2FA) enabled.')
- c.with_body do
#js-new-access-token-app{ data: { access_token_type: type } }
- if Feature.enabled?(:migrate_user_access_tokens_ui, current_user)
#js-shared-access-token-app{ data: personal_access_token_data }
- else
= render ::Layouts::SettingsSectionComponent.new(page_title) do |c|
- c.with_description do
= s_('AccessTokens|You can generate a personal access token for each application you use that needs access to the GitLab API.')
= s_('AccessTokens|You can also use personal access tokens to authenticate against Git over HTTP.')
= s_('AccessTokens|They are the only accepted password when you have Two-Factor Authentication (2FA) enabled.')
= render ::Layouts::CrudComponent.new(_('Active personal access tokens'),
icon: 'token',
count: @active_access_tokens_size,
count_options: { class: 'js-token-count', data: { testid: 'active-token-count' } },
toggle_text: _('Add new token'),
toggle_options: { data: { testid: 'add-new-token-button' } },
form_options: { class: 'js-add-new-token-form' },
options: { class: 'js-token-card' }) do |c|
- c.with_form do
= render 'shared/access_tokens/form',
ajax: true,
type: type,
path: user_settings_personal_access_tokens_path,
token: @personal_access_token,
scopes: @scopes,
help_path: help_page_path('user/profile/personal_access_tokens.md', anchor: 'personal-access-token-scopes')
- c.with_body do
#js-new-access-token-app{ data: { access_token_type: type } }
- c.with_body do
#js-access-token-table-app{ data: { access_token_type: type, access_token_type_plural: type_plural, backend_pagination: 'true', initial_active_access_tokens: @active_access_tokens.to_json } }
= render ::Layouts::CrudComponent.new(_('Active personal access tokens'),
icon: 'token',
count: @active_access_tokens_size,
count_options: { class: 'js-token-count', data: { testid: 'active-token-count' } },
toggle_text: _('Add new token'),
toggle_options: { data: { testid: 'add-new-token-button' } },
form_options: { class: 'js-add-new-token-form' },
options: { class: 'js-token-card' }) do |c|
- c.with_form do
= render 'shared/access_tokens/form',
ajax: true,
type: type,
path: user_settings_personal_access_tokens_path,
token: @personal_access_token,
scopes: @scopes,
help_path: help_page_path('user/profile/personal_access_tokens.md', anchor: 'personal-access-token-scopes')
- c.with_body do
#js-access-token-table-app{ data: { access_token_type: type, access_token_type_plural: type_plural, backend_pagination: 'true', initial_active_access_tokens: @active_access_tokens.to_json } }
= render 'user_settings/personal_access_tokens/dpop' if Feature.enabled?(:dpop_authentication, current_user)

15
config/feature_flags/wip/enforce_abilities_check_for_dependency_proxy.yml → config/feature_flags/beta/migrate_user_access_tokens_ui.yml
View File

@ -1,9 +1,10 @@
---
name: enforce_abilities_check_for_dependency_proxy
feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/520313
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/182559
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/521193
milestone: '17.10'
group: group::container registry
type: wip
name: migrate_user_access_tokens_ui
description: Improves the personal access token page UI
feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/425053
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/189817
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/538388
milestone: '18.0'
group: group::authentication
type: beta
default_enabled: false

8
config/feature_flags/ops/allow_anonymous_searches.yml Normal file
View File

@ -0,0 +1,8 @@
---
name: allow_anonymous_searches
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/138975
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/434218
milestone: '16.7'
type: ops
group: group::global search
default_enabled: true

25
db/post_migrate/20250506055121_finalize_delete_orphaned_groups.rb Normal file
View File

@ -0,0 +1,25 @@
# frozen_string_literal: true
class FinalizeDeleteOrphanedGroups < Gitlab::Database::Migration[2.3]
milestone '18.0'
disable_ddl_transaction!
restrict_gitlab_migration gitlab_schema: :gitlab_main
MIGRATION = "DeleteOrphanedGroups"
def up
return unless Gitlab.com_except_jh? && !Gitlab.staging?
ensure_batched_background_migration_is_finished(
job_class_name: MIGRATION,
table_name: :namespaces,
column_name: :id,
job_arguments: [],
finalize: true
)
end
def down; end
end

1
db/schema_migrations/20250506055121 Normal file
View File

@ -0,0 +1 @@
cab1b967986ef99193d53cbe1892cabd26a36b4abc7a62cf31bf8249742d8fdd

2
doc/administration/gitaly/_index.md
View File

@ -1,5 +1,5 @@
---
stage: Systems
stage: Data Access
group: Gitaly
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Gitaly and Gitaly Cluster

2
doc/administration/gitaly/bundle_uris.md
View File

@ -1,5 +1,5 @@
---
stage: Systems
stage: Data Access
group: Gitaly
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Bundle URIs

2
doc/administration/gitaly/cgroups.md
View File

@ -1,5 +1,5 @@
---
stage: Systems
stage: Data Access
group: Gitaly
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Cgroups

2
doc/administration/gitaly/concurrency_limiting.md
View File

@ -1,5 +1,5 @@
---
stage: Systems
stage: Data Access
group: Gitaly
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Concurrency limiting

2
doc/administration/gitaly/configure_gitaly.md
View File

@ -1,5 +1,5 @@
---
stage: Systems
stage: Data Access
group: Gitaly
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Configure Gitaly

2
doc/administration/gitaly/consistency_checks.md
View File

@ -1,5 +1,5 @@
---
stage: Systems
stage: Data Access
group: Gitaly
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Repository consistency checks

2
doc/administration/gitaly/gitaly_geo_capabilities.md
View File

@ -1,5 +1,5 @@
---
stage: Systems
stage: Data Access
group: Gitaly
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Gitaly and Geo capabilities

2
doc/administration/gitaly/kubernetes.md
View File

@ -1,5 +1,5 @@
---
stage: Systems
stage: Data Access
group: Gitaly
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Gitaly on Kubernetes

2
doc/administration/gitaly/monitoring.md
View File

@ -1,5 +1,5 @@
---
stage: Systems
stage: Data Access
group: Gitaly
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Monitoring Gitaly and Gitaly Cluster

2
doc/administration/gitaly/praefect.md
View File

@ -1,5 +1,5 @@
---
stage: Systems
stage: Data Access
group: Gitaly
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Configure Gitaly Cluster

2
doc/administration/gitaly/recovery.md
View File

@ -1,5 +1,5 @@
---
stage: Systems
stage: Data Access
group: Gitaly
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Gitaly Cluster recovery options and tools

2
doc/administration/gitaly/reference.md
View File

@ -1,5 +1,5 @@
---
stage: Systems
stage: Data Access
group: Gitaly
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Example configuration files

2
doc/administration/gitaly/tls_support.md
View File

@ -1,5 +1,5 @@
---
stage: Systems
stage: Data Access
group: Gitaly
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Gitaly TLS support

2
doc/administration/gitaly/troubleshooting.md
View File

@ -1,5 +1,5 @@
---
stage: Systems
stage: Data Access
group: Gitaly
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Troubleshooting Gitaly

2
doc/administration/gitaly/troubleshooting_gitaly_cluster.md
View File

@ -1,5 +1,5 @@
---
stage: Systems
stage: Data Access
group: Gitaly
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Troubleshooting Gitaly Cluster

2
doc/administration/housekeeping.md
View File

@ -1,5 +1,5 @@
---
stage: Systems
stage: Data Access
group: Gitaly
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Housekeeping

2
doc/administration/operations/moving_repositories.md
View File

@ -1,5 +1,5 @@
---
stage: Systems
stage: Data Access
group: Gitaly
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Moving repositories managed by GitLab

2
doc/administration/raketasks/praefect.md
View File

@ -1,5 +1,5 @@
---
stage: Systems
stage: Data Access
group: Gitaly
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Praefect Rake tasks

2
doc/administration/repository_checks.md
View File

@ -1,5 +1,5 @@
---
stage: Systems
stage: Data Access
group: Gitaly
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
gitlab_dedicated: yes

2
doc/administration/repository_storage_paths.md
View File

@ -1,5 +1,5 @@
---
stage: Systems
stage: Data Access
group: Gitaly
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Repository storage

2
doc/administration/server_hooks.md
View File

@ -1,5 +1,5 @@
---
stage: Systems
stage: Data Access
group: Gitaly
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Git server hooks

296
doc/administration/settings/account_and_limit_settings.md
View File

@ -85,85 +85,6 @@ This setting does not apply when pushing Git LFS objects.
{{< /alert >}}
## Personal access token prefix
You can specify a prefix for personal access tokens. You might use a prefix
to find tokens more quickly, or for use with automation tools.
The default prefix is `glpat-` but administrators can change it.
[Project access tokens](../../user/project/settings/project_access_tokens.md) and
[group access tokens](../../user/group/settings/group_access_tokens.md) also inherit this prefix.
By default, [secret push protection](../../user/application_security/secret_detection/secret_push_protection/_index.md) and
[pipeline secret detection](../../user/application_security/secret_detection/pipeline/_index.md#detected-secrets) do not detect custom prefixes.
Custom prefixes might cause an increase in false negatives.
### Set a prefix
To change the default global prefix:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Settings > General**.
1. Expand the **Account and limit** section.
1. Fill in the **Personal access token prefix** field.
1. Select **Save changes**.
You can also configure the prefix by using the
[settings API](../../api/settings.md).
## Instance token prefix
{{< history >}}
- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/179852) in GitLab 17.10 [with a flag](../feature_flags.md) named `custom_prefix_for_all_token_types`. Disabled by default.
{{< /history >}}
{{< alert type="flag" >}}
The availability of this feature is controlled by a feature flag.
For more information, see the history.
This feature is available for testing, but not ready for production use.
{{< /alert >}}
You can set a custom prefix for all tokens generated on your instance.
By default, GitLab uses `gl` as the instance prefix.
Custom token prefixes apply only to the following tokens:
- [Feed tokens](../../security/tokens/_index.md#feed-token)
- [Deploy tokens](../../user/project/deploy_tokens/_index.md)
- [Feature flags client tokens](../../operations/feature_flags.md#get-access-credentials)
Prerequisites:
- You must have administrator access to the instance.
To set a custom token prefix:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Settings > General**.
1. Expand the **Account and limit** section.
1. In the **Instance token prefix** field, enter your custom prefix.
1. Select **Save changes**.
{{< alert type="note" >}}
By default, [secret push protection](../../user/application_security/secret_detection/secret_push_protection/_index.md), [client-side secret detection](../../user/application_security/secret_detection/client/_index.md) and
[pipeline secret detection](../../user/application_security/secret_detection/pipeline/_index.md#detected-secrets) do not detect custom instance token prefixes. This may result in an increase in false negatives.
{{< /alert >}}
### Token prefix benefits
Using custom token prefixes provides the following benefits:
- Makes your tokens distinct and identifiable.
- Helps identify leaked tokens during security scans.
- Reduces the risk of token confusion between different instances.
## Repository size limit
{{< details >}}
@ -334,48 +255,6 @@ To set a limit on how long these sessions are valid:
1. Fill in the **Session duration for Git operations when 2FA is enabled (minutes)** field.
1. Select **Save changes**.
## Require expiration dates for new access tokens
{{< details >}}
- Tier: Free, Premium, Ultimate
- Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated
{{< /details >}}
{{< history >}}
- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/470192) in GitLab 17.3.
{{< /history >}}
Prerequisites:
- You must be an administrator.
You can require all new access tokens to have an expiration date.
This setting is turned on by default and applies to:
- Project access tokens.
- Group access tokens.
- Personal access tokens for non-service account users.
For personal access tokens for service accounts, use the `service_access_tokens_expiration_enforced`
setting in the [Application Settings API](../../api/settings.md).
To require expiration dates for new access tokens:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Settings > General**.
1. Expand **Account and limit**.
1. Select the **Personal / Project / Group access token expiration** checkbox.
1. Select **Save changes**.
When you require expiration dates for new access tokens:
- Users must set an expiration date that does not exceed the allowed lifetime for new access tokens.
- To control the maximum access token lifetime, use the [**Limit the lifetime of access tokens** setting](#limit-the-lifetime-of-access-tokens).
## Allow top-level group Owners to create service accounts
{{< details >}}
@ -407,65 +286,127 @@ To allow top-level group Owners to create service accounts:
1. Under **Service account creation**, select the **Allow top-level group owners to create Service accounts** checkbox.
1. Select **Save changes**.
## Limit the lifetime of SSH keys
## Require expiration dates for new access tokens
{{< details >}}
- Tier: Ultimate
- Offering: GitLab Self-Managed, GitLab Dedicated
- Tier: Free, Premium, Ultimate
- Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated
{{< /details >}}
{{< history >}}
- [Changed](https://gitlab.com/gitlab-org/gitlab/-/issues/461901) the maximum allowable lifetime limit to an increased value of 400 days in GitLab 17.6 [with a flag](../feature_flags.md) named `buffered_token_expiration_limit`. Disabled by default.
- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/470192) in GitLab 17.3.
{{< /history >}}
Prerequisites:
- You must be an administrator.
You can require all new access tokens to have an expiration date.
This setting is turned on by default and applies to:
- Personal access tokens for non-service account users.
- Group access tokens.
- Project access tokens.
For personal access tokens for service accounts, use the `service_access_tokens_expiration_enforced`
setting in the [Application Settings API](../../api/settings.md).
To require expiration dates for new access tokens:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Settings > General**.
1. Expand **Account and limit**.
1. Select the **Personal / Project / Group access token expiration** checkbox.
1. Select **Save changes**.
When you require expiration dates for new access tokens:
- Users must set an expiration date that does not exceed the allowed lifetime for new access tokens.
- To control the maximum access token lifetime, use the [**Limit the lifetime of access tokens** setting](#limit-the-lifetime-of-access-tokens).
## Personal access token prefix
You can specify a prefix for personal access tokens. You might use a prefix
to find tokens more quickly, or for use with automation tools.
The default prefix is `glpat-` but administrators can change it.
[Project access tokens](../../user/project/settings/project_access_tokens.md) and
[group access tokens](../../user/group/settings/group_access_tokens.md) also inherit this prefix.
By default, [secret push protection](../../user/application_security/secret_detection/secret_push_protection/_index.md) and
[pipeline secret detection](../../user/application_security/secret_detection/pipeline/_index.md#detected-secrets) do not detect custom prefixes.
Custom prefixes might cause an increase in false negatives. To use custom instance prefixes with your pipeline secret detection ruleset, consider [extending the pipeline configuration](../../user/application_security/secret_detection/pipeline/configure.md#ignore-patterns-and-paths).
### Set a prefix
To change the default global prefix:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Settings > General**.
1. Expand the **Account and limit** section.
1. Fill in the **Personal access token prefix** field.
1. Select **Save changes**.
You can also configure the prefix by using the
[settings API](../../api/settings.md).
## Instance token prefix
{{< history >}}
- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/179852) in GitLab 17.10 [with a flag](../feature_flags.md) named `custom_prefix_for_all_token_types`. Disabled by default.
{{< /history >}}
{{< alert type="flag" >}}
The availability of the extended maximum allowable lifetime limit is controlled by a feature flag.
The availability of this feature is controlled by a feature flag.
For more information, see the history.
The feature flag is not available on GitLab Dedicated.
This feature is available for testing, but not ready for production use.
{{< /alert >}}
Users can optionally specify a lifetime for
[SSH keys](../../user/ssh.md).
This lifetime is not a requirement, and can be set to any arbitrary number of days.
You can set a custom prefix for all tokens generated on your instance.
By default, GitLab uses `gl` as the instance prefix.
SSH keys are user credentials to access GitLab.
However, organizations with security requirements may want to enforce more protection by
requiring the regular rotation of these keys.
Custom token prefixes apply only to the following tokens:
### Set a lifetime
- [Feed tokens](../../security/tokens/_index.md#feed-token)
- [Deploy tokens](../../user/project/deploy_tokens/_index.md)
- [Feature flags client tokens](../../operations/feature_flags.md#get-access-credentials)
Only a GitLab administrator can set a lifetime. Leaving it empty means
there are no restrictions.
Prerequisites:
To set a lifetime on how long SSH keys are valid:
- You must have administrator access to the instance.
To set a custom token prefix:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Settings > General**.
1. Expand the **Account and limit** section.
1. Fill in the **Maximum allowable lifetime for SSH keys (days)** field.
1. In the **Instance token prefix** field, enter your custom prefix.
1. Select **Save changes**.
After a lifetime for SSH keys is set, GitLab:
- Requires users to set an expiration date that is no later than the allowed lifetime on new SSH keys. The maximum allowed lifetime is:
- 365 days by default.
- 400 days, if you enable the `buffered_token_expiration_limit` feature flag.
This extended limit is not available on GitLab Dedicated.
- Applies the lifetime restriction to existing SSH keys. Keys with no expiry or a lifetime
greater than the maximum immediately become invalid.
{{< alert type="note" >}}
When a user's SSH key becomes invalid they can delete and re-add the same key again.
By default, [secret push protection](../../user/application_security/secret_detection/secret_push_protection/_index.md), [client-side secret detection](../../user/application_security/secret_detection/client/_index.md) and
[pipeline secret detection](../../user/application_security/secret_detection/pipeline/_index.md#detected-secrets) do not detect custom instance token prefixes. This may result in an increase in false negatives. To use custom instance prefixes with your pipeline secret detection ruleset, consider [extending the pipeline configuration](../../user/application_security/secret_detection/pipeline/configure.md#ignore-patterns-and-paths).
{{< /alert >}}
### Token prefix benefits
Using custom token prefixes provides the following benefits:
- Makes your tokens distinct and identifiable.
- Helps identify leaked tokens during security scans.
- Reduces the risk of token confusion between different instances.
## Limit the lifetime of access tokens
{{< details >}}
@ -529,6 +470,65 @@ After a lifetime for access tokens is set, GitLab:
allowed lifetime. Three hours is given to allow administrators to change the allowed lifetime,
or remove it, before revocation takes place.
## Limit the lifetime of SSH keys
{{< details >}}
- Tier: Ultimate
- Offering: GitLab Self-Managed, GitLab Dedicated
{{< /details >}}
{{< history >}}
- [Changed](https://gitlab.com/gitlab-org/gitlab/-/issues/461901) the maximum allowable lifetime limit to an increased value of 400 days in GitLab 17.6 [with a flag](../feature_flags.md) named `buffered_token_expiration_limit`. Disabled by default.
{{< /history >}}
{{< alert type="flag" >}}
The availability of the extended maximum allowable lifetime limit is controlled by a feature flag.
For more information, see the history.
The feature flag is not available on GitLab Dedicated.
{{< /alert >}}
Users can optionally specify a lifetime for
[SSH keys](../../user/ssh.md).
This lifetime is not a requirement, and can be set to any arbitrary number of days.
SSH keys are user credentials to access GitLab.
However, organizations with security requirements may want to enforce more protection by
requiring the regular rotation of these keys.
### Set a lifetime
Only a GitLab administrator can set a lifetime. Leaving it empty means
there are no restrictions.
To set a lifetime on how long SSH keys are valid:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Settings > General**.
1. Expand the **Account and limit** section.
1. Fill in the **Maximum allowable lifetime for SSH keys (days)** field.
1. Select **Save changes**.
After a lifetime for SSH keys is set, GitLab:
- Requires users to set an expiration date that is no later than the allowed lifetime on new SSH keys. The maximum allowed lifetime is:
- 365 days by default.
- 400 days, if you enable the `buffered_token_expiration_limit` feature flag.
This extended limit is not available on GitLab Dedicated.
- Applies the lifetime restriction to existing SSH keys. Keys with no expiry or a lifetime
greater than the maximum immediately become invalid.
{{< alert type="note" >}}
When a user's SSH key becomes invalid they can delete and re-add the same key again.
{{< /alert >}}
## User OAuth applications setting
{{< details >}}

2
doc/administration/settings/gitaly_timeouts.md
View File

@ -1,5 +1,5 @@
---
stage: Systems
stage: Data Access
group: Gitaly
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Gitaly timeouts

4
doc/api/pipeline_schedules.md
View File

@ -195,7 +195,7 @@ POST /projects/:id/pipeline_schedules
| `cron` | string | Yes | The [cron](https://en.wikipedia.org/wiki/Cron) schedule, for example: `0 1 * * *`. |
| `description` | string | Yes | The description of the pipeline schedule. |
| `id` | integer/string | Yes | The ID or [URL-encoded path of the project](rest/_index.md#namespaced-paths). |
| `ref` | string | Yes | The branch or tag name that is triggered. Both the short (e.g. `main`) and full (e.g. `refs/heads/main` or `refs/tags/main`) ref versions are accepted. If a short version is provided, it is automatically expanded to the full ref version but, if the ref is [ambiguous](../ci/pipelines/schedules.md#ambiguous-refs), it will be rejected |
| `ref` | string | Yes | The branch or tag name that is triggered. Both the short (for example: `main`) and full (for example: `refs/heads/main` or `refs/tags/main`) ref versions are accepted. If a short version is provided, it is automatically expanded to the full ref version but, if the ref is [ambiguous](../ci/pipelines/schedules.md#ambiguous-refs), it will be rejected |
| `active` | boolean | No | The activation of pipeline schedule. If false is set, the pipeline schedule is initially deactivated (default: `true`). |
| `cron_timezone` | string | No | The time zone supported by `ActiveSupport::TimeZone`, for example: `Pacific Time (US & Canada)` (default: `UTC`). |
| `inputs` | hash | No | An array of [inputs](../ci/inputs/_index.md#for-a-pipeline) to pass to the pipeline schedule. Each input contains a `name` and `value`. Values can be strings, arrays, numbers, or booleans. |
@ -259,7 +259,7 @@ PUT /projects/:id/pipeline_schedules/:pipeline_schedule_id
| `cron_timezone` | string | No | The time zone supported by `ActiveSupport::TimeZone` (for example `Pacific Time (US & Canada)`), or `TZInfo::Timezone` (for example `America/Los_Angeles`). |
| `cron` | string | No | The [cron](https://en.wikipedia.org/wiki/Cron) schedule, for example: `0 1 * * *`. |
| `description` | string | No | The description of the pipeline schedule. |
| `ref` | string | No | The branch or tag name that is triggered. Both the short (e.g. `main`) and full (e.g. `refs/heads/main` or `refs/tags/main`) ref versions are accepted. If a short version is provided, it is automatically expanded to the full ref version but, if the ref is [ambiguous](../ci/pipelines/schedules.md#ambiguous-refs), it will be rejected |
| `ref` | string | No | The branch or tag name that is triggered. Both the short (for example: `main`) and full (for example: `refs/heads/main` or `refs/tags/main`) ref versions are accepted. If a short version is provided, it is automatically expanded to the full ref version but, if the ref is [ambiguous](../ci/pipelines/schedules.md#ambiguous-refs), it will be rejected |
| `inputs` | hash | No | An array of [inputs](../ci/inputs/_index.md) to pass to the pipeline schedule. Each input contains a `name` and `value`. To delete an existing input, include the `name` field and set `destroy` to `true`. Values can be strings, arrays, numbers, or booleans. |
Example request:

2
doc/api/project_repository_storage_moves.md
View File

@ -1,5 +1,5 @@
---
stage: Systems
stage: Data Access
group: Gitaly
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Project repository storage moves API

2
doc/api/settings.md
View File

@ -391,6 +391,7 @@ these parameters:
- `lock_duo_features_enabled`
- `use_clickhouse_for_analytics`
- `virtual_registries_endpoints_api_limit`
- `lock_memberships_to_saml`
Example responses:
@ -602,6 +603,7 @@ to configure other related settings. These requirements are
| `jira_connect_proxy_url` | string | no | URL of the GitLab instance used as a proxy for the GitLab for Jira Cloud app. |
| `keep_latest_artifact` | boolean | no | Prevent the deletion of the artifacts from the most recent successful jobs, regardless of the expiry time. Enabled by default. |
| `local_markdown_version` | integer | no | Increase this value when any cached Markdown should be invalidated. |
| `lock_memberships_to_saml` | boolean | no | Enforce a [global lock on SAML group memberships](../user/group/saml_sso/group_sync.md#global-saml-group-memberships-lock). |
| `mailgun_signing_key` | string | no | The Mailgun HTTP webhook signing key for receiving events from webhook. |
| `mailgun_events_enabled` | boolean | no | Enable Mailgun event receiver. |
| `maintenance_mode_message` | string | no | Message displayed when instance is in maintenance mode. Premium and Ultimate only. |

22
doc/ci/yaml/_index.md
View File

@ -2490,9 +2490,9 @@ for an environment.
**Supported values**:
- `agent`: A string specifying the [GitLab agent for Kubernetes](../../user/clusters/agent/_index.md). The format is `path/to/agent/project:agent-name`.
- `namespace`: A string representing the Kubernetes namespace. It needs to be set together with the `agent` keyword.
- `flux_resource_path`: A string representing the path to the Flux resource. This must be the full resource path. It needs to be set together with the
- `agent`: A string specifying the [GitLab agent for Kubernetes](../../user/clusters/agent/_index.md). The format is `path/to/agent/project:agent-name`. If the agent is connected to the project running the pipeline, use `$CI_PROJECT_PATH:agent-name`.
- `namespace`: A string representing the Kubernetes namespace where the environment is deployed. The namespace must be set together with the `agent` keyword.
- `flux_resource_path`: A string representing the full path to the Flux resource, such as a HelmRelease. The Flux resource must be set together with the
`agent` and `namespace` keywords.
**Example of `environment:kubernetes`**:
@ -2506,14 +2506,17 @@ deploy:
kubernetes:
agent: path/to/agent/project:agent-name
namespace: my-namespace
flux_resource_path: helm.toolkit.fluxcd.io/v2/namespaces/gitlab-agent/helmreleases/gitlab-agent
flux_resource_path: helm.toolkit.fluxcd.io/v2/namespaces/flux-system/helmreleases/helm-release-resource
```
This configuration sets up the `deploy` job to deploy to the `production`
environment, associates the [agent](../../user/clusters/agent/_index.md) named `agent-name` with the environment,
and configures the [dashboard for Kubernetes](../environments/kubernetes_dashboard.md) for an environment with
This configuration:
- Sets up the `deploy` job to deploy to the `production`
environment
- Associates the [agent](../../user/clusters/agent/_index.md) named `agent-name` with the environment
- Configures the [dashboard for Kubernetes](../environments/kubernetes_dashboard.md) for an environment with
the namespace `my-namespace` and the `flux_resource_path` set to
`helm.toolkit.fluxcd.io/v2/namespaces/gitlab-agent/helmreleases/gitlab-agent`.
`helm.toolkit.fluxcd.io/v2/namespaces/flux-system/helmreleases/helm-release-resource`.
**Additional details**:
@ -2522,7 +2525,8 @@ the namespace `my-namespace` and the `flux_resource_path` set to
[configure `user_access`](../../user/clusters/agent/user_access.md)
for the environment's project or its parent group.
- The user running the job must be authorized to access the cluster agent.
Otherwise, it will ignore `agent`, `namespace` and `flux_resource_path` attributes.
Otherwise, the dashboard ignores the `agent`, `namespace`, and `flux_resource_path` attributes.
- If you only want to set the `agent`, you do not have to set the `namespace`, and cannot set `flux_resource_path`. However, this configuration lists all namespaces in a cluster in the dashboard for Kubernetes.
#### `environment:deployment_tier`

2
doc/development/ai_features/actions.md
View File

@ -184,7 +184,7 @@ prompt_template:
### Incremental rollout of prompt versions
Once a stable prompt version is added to the AI Gateway it should not be altered. You can create a mutable version of a
prompt by adding a pre-release suffix to the file name (e.g. `1.0.1-dev.yml`). This will also prevent it from being
prompt by adding a pre-release suffix to the file name (for example, `1.0.1-dev.yml`). This will also prevent it from being
automatically served to clients. Then you can use a feature flag to control the rollout this new version. For GitLab
Duo Self-hosted, forced versions are ignored, and only versions defined in `PromptVersions` are used. This avoids
mistakenly enabling versions for models that don't have that specified version.

2
doc/development/ai_features/ai_feature_development_playbook.md
View File

@ -156,7 +156,7 @@ For an overview, see [this video](https://youtu.be/-DK-XFFllwg).
1. ELI5 Setup Considerations
- Requires upfront time investment
- Need to adjust evaluations for specific features
- Set up input data (e.g., local GDK for chat features)
- Set up input data (for example, local GDK for chat features)
1. Challenges
- Ensuring consistent data across different users

4
doc/development/ai_features/code_suggestions.md
View File

@ -10,8 +10,8 @@ title: Code Suggestions development guidelines
The recommended setup for locally developing and debugging Code Suggestions is to have all 3 different components running:
- IDE Extension (e.g. GitLab Workflow extension for VS Code).
- Main application configured correctly (e.g. GDK).
- IDE Extension (for example, GitLab Workflow extension for VS Code).
- Main application configured correctly (for example, GDK).
- [AI gateway](https://gitlab.com/gitlab-org/modelops/applied-ml/code-suggestions/ai-assist).
This should enable everyone to locally see how any change made in an IDE is sent to the main application to be transformed into a prompt before being sent to the respective model.

2
doc/development/ai_features/duo_chat.md
View File

@ -316,7 +316,7 @@ While there are no strict guidelines for interpreting the comparison results, he
In either of these scenarios, we recommend further investigation:
1. Compare your results with [the daily evaluation results](https://gitlab.com/gitlab-org/modelops/ai-model-validation-and-research/ai-evaluation/evaluation-runner#view-daily-evaluation-result-on-master). e.g. look at the daily evaluations from yesterday and the day before.
1. Compare your results with [the daily evaluation results](https://gitlab.com/gitlab-org/modelops/ai-model-validation-and-research/ai-evaluation/evaluation-runner#view-daily-evaluation-result-on-master). For instance, look at the daily evaluations from yesterday and the day before.
1. If you observe similar patterns in these daily evaluations, it's likely that your merge request is safe to merge. However, if the patterns differ, it may indicate that your merge request has introduced unexpected changes.
We strongly recommend running the regression evaluator in at least the following environments:

2
doc/development/ai_features/model_migration.md
View File

@ -42,7 +42,7 @@ Model migrations typically follow these general timelines:
- **Complex Migrations:** 1-2 months (full milestone or longer)
- Example: Adding support for a new provider like AWS Bedrock
- Example: Major version upgrades with breaking changes (e.g., Claude 2 to 3)
- Example: Major version upgrades with breaking changes (for example, Claude 2 to 3)
- Requires significant API integration work
- May need infrastructure changes

2
doc/development/ai_features/testing_and_validation.md
View File

@ -32,7 +32,7 @@ This command is responsible for seeding group and project resources for testing
It's mainly used by the following scenarios:
- Developers or UX designers have a local GDK but don't know how to set up the group and project resources to test a feature in UI.
- Evaluators (e.g. CEF) have input dataset that refers to a group or project resource e.g. (`Summarize issue #123` requires a corresponding issue record in PosstgreSQL)
- Evaluators (for example, CEF) have input dataset that refers to a group or project resource (for instance, `Summarize issue #123` requires a corresponding issue record in PostgreSQL)
Currently, the input dataset of evaluators and this development seed file are managed separately.
To ensure that the integration keeps working, this seeder has to create the **same** group/project resources every time.

2
doc/development/bulk_imports/contributing.md
View File

@ -124,7 +124,7 @@ associations that require them. For example, documents must be imported before m
- Anything that ends on `_id` or `_ids`
- Anything that includes `attributes` (except `custom_attributes`)
- Anything that ends on `_html`
- Anything sensitive (e.g. tokens, encrypted data)
- Anything sensitive (for example, tokens, encrypted data)
See a full list of prohibited references [here](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/import_export/attribute_cleaner.rb#L14-21).

BIN
doc/development/contributing/img/ui_color_theme_after_v16_9.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 13 KiB

BIN
doc/development/contributing/img/ui_color_theme_before_v16_9.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 12 KiB

2
doc/development/fe_guide/_index.md
View File

@ -59,7 +59,7 @@ The application structure typically follows the pattern: `app/assets/javascripts
- `constants.js` (shared variables)
- `index.js` (file that injects the Vue app)
There is always a top-level Vue component that acts as the “main” component and imports lower-level components to build a feature. In all cases, there is an accompanying file (often named index.js or app.js but often varies) that looks for the injection point on a Haml view (e.g., `#pipeline-schedules-app`) and mounts the Vue app to the page.
There is always a top-level Vue component that acts as the “main” component and imports lower-level components to build a feature. In all cases, there is an accompanying file (often named index.js or app.js but often varies) that looks for the injection point on a Haml view (for example, `#pipeline-schedules-app`) and mounts the Vue app to the page.
We achieve this by importing a JavaScript file like [`app/assets/javascripts/ci/pipeline_schedules/mount_pipeline_schedules_app.js`](https://gitlab.com/gitlab-org/gitlab/-/blob/4ce851345054dbf09956dabcc9b958ae8aab77bb/app/assets/javascripts/ci/pipeline_schedules/mount_pipeline_schedules_app.js) (which sets up the Vue app) into the related Haml views corresponding page bundle, such as [`app/assets/javascripts/pages/projects/pipeline_schedules/index/index.js`](https://gitlab.com/gitlab-org/gitlab/-/blob/4ce851345054dbf09956dabcc9b958ae8aab77bb/app/assets/javascripts/pages/projects/pipeline_schedules/index/index.js).

BIN
doc/development/fe_guide/img/panel_error_v17_1.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 39 KiB

BIN
doc/development/fe_guide/img/panel_info_v17_1.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 51 KiB

BIN
doc/development/fe_guide/img/panel_warning_v17_1.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 44 KiB

2
doc/development/fe_guide/style/scss.md
View File

@ -81,7 +81,7 @@ You can use the [important modifier](https://tailwindcss.com/docs/configuration#
##### Spacing and sizing CSS utility classes
Spacing and sizing CSS utility classes (e.g. `margin`, `padding`, `width`, `height`) use our spacing scale defined in
Spacing and sizing CSS utility classes (for example, `margin`, `padding`, `width`, `height`) use our spacing scale defined in
[src/tokens/build/tailwind/tokens.cjs](https://gitlab.com/gitlab-org/gitlab-ui/-/blob/7c0fb4b07a0f0d0a58dd0137831412dbf53ea498/src/tokens/build/tailwind/tokens.cjs). See [https://gitlab-org.gitlab.io/frontend/tailwind-documentation/margin](https://gitlab-org.gitlab.io/frontend/tailwind-documentation/margin) for available CSS utility classes.
**Example:** `gl-mt-5` is `margin-top: 1rem;`

2
doc/development/fe_guide/troubleshooting.md
View File

@ -120,7 +120,7 @@ Missing field 'description' while writing result {
1. The backend might not be returning the "description" field in the response for the "WorkItemWidgetDescription" type. Verify that your backend API is correctly sending the data as expected.
1. Use the `cache.readQuery` method to inspect the contents of the Apollo Client cache. Verify that the "description" field is present in the cached data for the relevant query
1. Open the error stack trace suggesting that the issue might be related to how Apollo Client is writing data to its cache. It's possible that the cache is not being updated correctly, leading to missing fields
1. Add console logs within your Apollo Client code (e.g., before and after writing to the cache) to track the data being processed and identify where the "description" field might be missing.
1. Add console logs within your Apollo Client code (for example, before and after writing to the cache) to track the data being processed and identify where the "description" field might be missing.
**Solution**

2
doc/development/git_object_deduplication.md
View File

@ -1,5 +1,5 @@
---
stage: Systems
stage: Data Access
group: Gitaly
info: Any user with at least the Maintainer role can merge updates to this content. For details, see https://docs.gitlab.com/ee/development/development_processes.html#development-guidelines-review.
title: How Git object deduplication works in GitLab

2
doc/development/gitaly.md
View File

@ -1,5 +1,5 @@
---
stage: Systems
stage: Data Access
group: Gitaly
info: Any user with at least the Maintainer role can merge updates to this content. For details, see https://docs.gitlab.com/ee/development/development_processes.html#development-guidelines-review.
title: Gitaly development guidelines

Some files were not shown because too many files have changed in this diff Show More