diff --git a/.rubocop_todo/layout/line_end_string_concatenation_indentation.yml b/.rubocop_todo/layout/line_end_string_concatenation_indentation.yml index f9120ccea3a..1a5194eb64f 100644 --- a/.rubocop_todo/layout/line_end_string_concatenation_indentation.yml +++ b/.rubocop_todo/layout/line_end_string_concatenation_indentation.yml @@ -311,7 +311,6 @@ Layout/LineEndStringConcatenationIndentation: - 'ee/spec/requests/users/registrations_identity_verification_controller_spec.rb' - 'ee/spec/serializers/integrations/field_entity_spec.rb' - 'ee/spec/services/boards/epic_lists/destroy_service_spec.rb' - - 'ee/spec/services/ci/destroy_pipeline_service_spec.rb' - 'ee/spec/services/clusters/agent_tokens/create_service_audit_log_spec.rb' - 'ee/spec/services/clusters/agent_tokens/revoke_service_audit_log_spec.rb' - 'ee/spec/services/ee/auth/container_registry_authentication_service_spec.rb' diff --git a/.rubocop_todo/rspec/context_wording.yml b/.rubocop_todo/rspec/context_wording.yml index a66cbc81c89..9bf1ab7d66f 100644 --- a/.rubocop_todo/rspec/context_wording.yml +++ b/.rubocop_todo/rspec/context_wording.yml @@ -2361,7 +2361,6 @@ RSpec/ContextWording: - 'spec/services/ci/create_pipeline_service/tags_spec.rb' - 'spec/services/ci/create_pipeline_service_spec.rb' - 'spec/services/ci/create_web_ide_terminal_service_spec.rb' - - 'spec/services/ci/destroy_pipeline_service_spec.rb' - 'spec/services/ci/destroy_secure_file_service_spec.rb' - 'spec/services/ci/expire_pipeline_cache_service_spec.rb' - 'spec/services/ci/find_exposed_artifacts_service_spec.rb' diff --git a/.rubocop_todo/rspec/named_subject.yml b/.rubocop_todo/rspec/named_subject.yml index 85c780cc377..95e387e8b4c 100644 --- a/.rubocop_todo/rspec/named_subject.yml +++ b/.rubocop_todo/rspec/named_subject.yml @@ -2937,7 +2937,6 @@ RSpec/NamedSubject: - 'spec/services/ci/create_pipeline_service/parameter_content_spec.rb' - 'spec/services/ci/create_web_ide_terminal_service_spec.rb' - 'spec/services/ci/deployments/destroy_service_spec.rb' - - 'spec/services/ci/destroy_pipeline_service_spec.rb' - 'spec/services/ci/destroy_secure_file_service_spec.rb' - 'spec/services/ci/drop_pipeline_service_spec.rb' - 'spec/services/ci/expire_pipeline_cache_service_spec.rb' diff --git a/.rubocop_todo/rspec/scattered_let.yml b/.rubocop_todo/rspec/scattered_let.yml index 50660b25bf9..6f2fb149986 100644 --- a/.rubocop_todo/rspec/scattered_let.yml +++ b/.rubocop_todo/rspec/scattered_let.yml @@ -191,7 +191,6 @@ RSpec/ScatteredLet: - 'spec/services/ci/create_downstream_pipeline_service_spec.rb' - 'spec/services/ci/create_pipeline_service/rules_spec.rb' - 'spec/services/ci/create_pipeline_service_spec.rb' - - 'spec/services/ci/destroy_pipeline_service_spec.rb' - 'spec/services/design_management/delete_designs_service_spec.rb' - 'spec/services/design_management/save_designs_service_spec.rb' - 'spec/services/discussions/capture_diff_note_positions_service_spec.rb' diff --git a/app/assets/stylesheets/framework/sidebar.scss b/app/assets/stylesheets/framework/sidebar.scss index 6d4bf6573ac..686538cda69 100644 --- a/app/assets/stylesheets/framework/sidebar.scss +++ b/app/assets/stylesheets/framework/sidebar.scss @@ -774,7 +774,7 @@ .reviewer-merge-icon, .assignee .merge-icon, .reviewer .merge-icon { - color: $orange-400; + color: var(--gl-status-warning-icon-color); position: absolute; bottom: -3px; right: -3px; diff --git a/app/services/ci/destroy_pipeline_service.rb b/app/services/ci/destroy_pipeline_service.rb index 7adf573687a..829a5176acb 100644 --- a/app/services/ci/destroy_pipeline_service.rb +++ b/app/services/ci/destroy_pipeline_service.rb @@ -5,6 +5,10 @@ module Ci def execute(pipeline) raise Gitlab::Access::AccessDeniedError unless can?(current_user, :destroy_pipeline, pipeline) + unsafe_execute(pipeline) + end + + def unsafe_execute(pipeline) Ci::ExpirePipelineCacheService.new.execute(pipeline, delete: true) # ensure cancellation happens sync so we accumulate compute minutes successfully diff --git a/data/deprecations/17-3-codeclimate.yml b/data/deprecations/17-3-codeclimate.yml index 4e1ed8bf899..3c6f9183421 100644 --- a/data/deprecations/17-3-codeclimate.yml +++ b/data/deprecations/17-3-codeclimate.yml @@ -7,8 +7,8 @@ issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/471677 # (required) Link to the deprecation issue in GitLab body: | # (required) Do not modify this line, instead modify the lines below. In GitLab 18.0, we will remove CodeClimate-based Code Quality scanning. - However, you'll still be able to import results from quality tools by [providing a report as an artifact](https://docs.gitlab.com/ee/ci/testing/code_quality.html#implement-a-custom-tool), just as you can today. - In addition, you can also see this [epic](https://gitlab.com/groups/gitlab-org/-/epics/8790) for new directions considered for Code Quality. + In its place, you should use quality tools directly in your CI/CD pipeline and [provide the tool's report as an artifact](https://docs.gitlab.com/ee/ci/testing/code_quality.html#import-code-quality-results-from-a-cicd-job). + Many tools already support the required report format, and you can integrate them by following the [documented steps](https://docs.gitlab.com/ee/ci/testing/code_quality.html#integrate-common-tools-with-code-quality). We expect to implement this change by: @@ -19,4 +19,4 @@ After End of Support in GitLab 18.0, we won't provide further updates. However, we won't delete previously published container images or remove the ability to run them by using custom CI/CD pipeline job definitions. - For more details and required actions, see the [deprecation issue for this change](https://gitlab.com/gitlab-org/gitlab/-/issues/471677#action-required). + For more details, see [Scan code for quality violations](https://docs.gitlab.com/ee/ci/testing/code_quality.html#scan-code-for-quality-violations). diff --git a/doc/ci/testing/code_quality.md b/doc/ci/testing/code_quality.md index 5b59591f983..67783bd7bc6 100644 --- a/doc/ci/testing/code_quality.md +++ b/doc/ci/testing/code_quality.md @@ -43,7 +43,9 @@ You can also [integrate multiple tools](#integrate-multiple-tools). Many development teams already use linters, style checkers, or other tools in their CI/CD pipelines to automatically detect violations of coding standards. You can make the findings from these tools easier to see and fix by integrating them with Code Quality. -To integrate a tool with Code Quality: +To see if your tool already has a documented integration, see [Integrate common tools with Code Quality](#integrate-common-tools-with-code-quality). + +To integrate a different tool with Code Quality: 1. Add the tool to your CI/CD pipeline. 1. Configure the tool to output a report as a file. @@ -76,19 +78,6 @@ You can capture results from multiple tools in a single pipeline. For example, you can run a code linter to scan your code along with a language linter to scan your documentation, or you can use a standalone tool along with CodeClimate-based scanning. Code Quality combines all of the reports so you see all of them when you [view results](#view-code-quality-results). -Here is an example that returns ESLint output in the necessary format: - -```yaml -eslint: - image: node:18-alpine - script: - - npm ci - - npx eslint --format gitlab . - artifacts: - reports: - codequality: gl-code-quality-report.json -``` - ## View Code Quality results Code Quality results are shown in the: diff --git a/doc/update/deprecations.md b/doc/update/deprecations.md index eb42023c486..d8bae910e04 100644 --- a/doc/update/deprecations.md +++ b/doc/update/deprecations.md @@ -209,8 +209,8 @@ This is one small step towards moving away from CI/CD templates in preference of In GitLab 18.0, we will remove CodeClimate-based Code Quality scanning. -However, you'll still be able to import results from quality tools by [providing a report as an artifact](https://docs.gitlab.com/ee/ci/testing/code_quality.html#implement-a-custom-tool), just as you can today. -In addition, you can also see this [epic](https://gitlab.com/groups/gitlab-org/-/epics/8790) for new directions considered for Code Quality. +In its place, you should use quality tools directly in your CI/CD pipeline and [provide the tool's report as an artifact](https://docs.gitlab.com/ee/ci/testing/code_quality.html#import-code-quality-results-from-a-cicd-job). +Many tools already support the required report format, and you can integrate them by following the [documented steps](https://docs.gitlab.com/ee/ci/testing/code_quality.html#integrate-common-tools-with-code-quality). We expect to implement this change by: @@ -221,7 +221,7 @@ Effective immediately, CodeClimate-based scanning will receive only [limited upd After End of Support in GitLab 18.0, we won't provide further updates. However, we won't delete previously published container images or remove the ability to run them by using custom CI/CD pipeline job definitions. -For more details and required actions, see the [deprecation issue for this change](https://gitlab.com/gitlab-org/gitlab/-/issues/471677#action-required). +For more details, see [Scan code for quality violations](https://docs.gitlab.com/ee/ci/testing/code_quality.html#scan-code-for-quality-violations). diff --git a/doc/user/compliance/license_scanning_of_cyclonedx_files/index.md b/doc/user/compliance/license_scanning_of_cyclonedx_files/index.md index 9c34d7ceb53..b67940d3e10 100644 --- a/doc/user/compliance/license_scanning_of_cyclonedx_files/index.md +++ b/doc/user/compliance/license_scanning_of_cyclonedx_files/index.md @@ -14,6 +14,7 @@ DETAILS: > - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/385176) in GitLab 16.4. Feature flags `license_scanning_sbom_scanner` and `package_metadata_synchronization` removed. > - The legacy License Compliance analyzer (`License-Scanning.gitlab-ci.yml`) was [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/439162) in GitLab 17.0. > - In GitLab 17.5 we introduced the ability to use a CycloneDX report artifact as a source of data for license information behind the feature flag `license_scanning_with_sbom_licenses`, disabled by default. +> - In GitLab 17.6 the ability to use a CycloneDX report artifact as a source of data for license information has been enabled by default. The feature flag `license_scanning_with_sbom_licenses` is still present to disable the feature if necessary. To detect the licenses in use, License Compliance relies on running the [Dependency Scanning CI Jobs](../../application_security/dependency_scanning/index.md), @@ -210,7 +211,7 @@ CycloneDX reports for licenses. For more information, see the offline [quick sta ## Use CycloneDX report as a source of license information -The ability to use a CI report artifact as a source of license information data was introduced in GitLab 17.5 behind the feature flag `license_scanning_with_sbom_licenses`. +The ability to use a CI report artifact as a source of license information data was introduced in GitLab 17.5 behind the feature flag `license_scanning_with_sbom_licenses` and enabled by default in 17.6. When the feature flag `license_scanning_with_sbom_licenses` is enabled, the License Scanning uses the [licenses](https://cyclonedx.org/use-cases/#license-compliance) field of the CycloneDX JSON SBOM when available. If the license information is unavailable, the license information imported from the external license database will be used(current behavior). License information can be provided using a valid SPDX identifier or a license name. However, providing a license using an SPDX License Expression is not supported. @@ -218,6 +219,8 @@ More information about the license field format can be found on the [CycloneDX]( Compatible CycloneDX SBOM generators that provide the licenses field can be found in the [CycloneDX Tool Center](https://cyclonedx.org/tool-center/). +Only licenses providing an SPDX identifier are currently supported. Extending this feature beyond SDPX licenses is tracked in [issue 505677](https://gitlab.com/gitlab-org/gitlab/-/issues/505677). + ## Troubleshooting ### A CycloneDX file is not being scanned and appears to provide no results diff --git a/doc/user/duo_workflow/index.md b/doc/user/duo_workflow/index.md index 42fc806904d..369934291ed 100644 --- a/doc/user/duo_workflow/index.md +++ b/doc/user/duo_workflow/index.md @@ -99,23 +99,6 @@ Other risks to be aware of when using Duo Workflow: goals or messages, as there is a chance it might end up using those in code or other API calls. -## Duo Workflow use cases - -Automate tasks and help increase productivity in your development workflow by using GitLab Duo Workflow. -GitLab Duo Workflow, currently only in your IDE, takes the information you provide -and uses AI to walk you through an implementation plan. - -GitLab Duo Workflow supports a wide variety of use cases. Here are a few examples: - -- Bootstrap a new project -- Write tests -- Fix a failed pipeline -- Implement a proof of concept for an existing issue -- Comment on a merge request with suggestions -- Optimize CI configuration - -These are examples of successful use cases, but it can be used for many more. - ## Prerequisites Before you can use GitLab Duo Workflow: diff --git a/spec/services/ci/destroy_pipeline_service_spec.rb b/spec/services/ci/destroy_pipeline_service_spec.rb index eff9b9e4b63..66d12612386 100644 --- a/spec/services/ci/destroy_pipeline_service_spec.rb +++ b/spec/services/ci/destroy_pipeline_service_spec.rb @@ -4,16 +4,13 @@ require 'spec_helper' RSpec.describe ::Ci::DestroyPipelineService, feature_category: :continuous_integration do let_it_be(:project) { create(:project, :repository) } + let_it_be_with_refind(:pipeline) { create(:ci_pipeline, :success, project: project, sha: project.commit.id) } - let!(:pipeline) { create(:ci_pipeline, :success, project: project, sha: project.commit.id) } - - subject { described_class.new(project, user).execute(pipeline) } - - context 'user is owner' do - let(:user) { project.first_owner } + let(:service) { described_class.new(project, user) } + shared_examples 'unsafe_execute' do it 'destroys the pipeline' do - subject + response expect { pipeline.reload }.to raise_error(ActiveRecord::RecordNotFound) end @@ -23,7 +20,7 @@ RSpec.describe ::Ci::DestroyPipelineService, feature_category: :continuous_integ expect(project.pipeline_status.has_status?).to be_truthy - subject + response # We need to reset lazy_latest_pipeline cache to simulate a new request BatchLoader::Executor.clear_current @@ -33,14 +30,14 @@ RSpec.describe ::Ci::DestroyPipelineService, feature_category: :continuous_integ end it 'does not log an audit event' do - expect { subject }.not_to change { AuditEvent.count } + expect { response }.not_to change { AuditEvent.count } end context 'when the pipeline has jobs' do let!(:build) { create(:ci_build, project: project, pipeline: pipeline) } it 'destroys associated jobs' do - subject + response expect { build.reload }.to raise_error(ActiveRecord::RecordNotFound) end @@ -48,7 +45,7 @@ RSpec.describe ::Ci::DestroyPipelineService, feature_category: :continuous_integ it 'destroys associated stages' do stages = pipeline.stages - subject + response expect(stages).to all(raise_error(ActiveRecord::RecordNotFound)) end @@ -57,35 +54,34 @@ RSpec.describe ::Ci::DestroyPipelineService, feature_category: :continuous_integ let!(:artifact) { create(:ci_job_artifact, :archive, job: build) } it 'destroys associated artifacts' do - subject + response expect { artifact.reload }.to raise_error(ActiveRecord::RecordNotFound) end it 'inserts deleted objects for object storage files' do - expect { subject }.to change { Ci::DeletedObject.count } + expect { response }.to change { Ci::DeletedObject.count } end end context 'when job has trace chunks' do - let(:connection_params) { Gitlab.config.artifacts.object_store.connection.symbolize_keys } - let(:connection) { ::Fog::Storage.new(connection_params) } - before do stub_object_storage(connection_params: connection_params, remote_directory: 'artifacts') stub_artifacts_object_storage end + let(:connection_params) { Gitlab.config.artifacts.object_store.connection.symbolize_keys } + let(:connection) { ::Fog::Storage.new(connection_params) } let!(:trace_chunk) { create(:ci_build_trace_chunk, :fog_with_data, build: build) } it 'destroys associated trace chunks' do - subject + response expect { trace_chunk.reload }.to raise_error(ActiveRecord::RecordNotFound) end it 'removes data from object store' do - expect { subject }.to change { Ci::BuildTraceChunks::Fog.new.data(trace_chunk) } + expect { response }.to change { Ci::BuildTraceChunks::Fog.new.data(trace_chunk) } end end end @@ -104,16 +100,34 @@ RSpec.describe ::Ci::DestroyPipelineService, feature_category: :continuous_integ expect(cancel_pipeline_service).to receive(:force_execute) - subject + response end end end - context 'user is not owner' do - let(:user) { create(:user) } + describe '#execute' do + subject(:response) { service.execute(pipeline) } - it 'raises an exception' do - expect { subject }.to raise_error(Gitlab::Access::AccessDeniedError) + context 'when user is owner' do + let(:user) { project.first_owner } + + it_behaves_like 'unsafe_execute' + end + + context 'when user is not owner' do + let(:user) { create(:user) } + + it 'raises an exception' do + expect { response }.to raise_error(Gitlab::Access::AccessDeniedError) + end end end + + describe '#unsafe_execute' do + subject(:response) { service.unsafe_execute(pipeline) } + + let(:user) { nil } + + it_behaves_like 'unsafe_execute' + end end