root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2025-05-13 06:11:45 +00:00
parent 232b95461c
commit 14b3e98b7e
21 changed files with 87 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.rubocop_todo/gitlab/bounded_contexts.yml
View File

@ -3533,7 +3533,6 @@ Gitlab/BoundedContexts:
- 'ee/lib/ee/event_filter.rb'
- 'ee/lib/ee/feature.rb'
- 'ee/lib/ee/feature/definition.rb'
- 'ee/lib/ee/sidebars/admin/menus/admin_overview_menu.rb'
- 'ee/lib/ee/sidebars/admin/menus/admin_settings_menu.rb'
- 'ee/lib/ee/sidebars/admin/menus/monitoring_menu.rb'
- 'ee/lib/ee/sidebars/admin/panel.rb'

2
GITALY_SERVER_VERSION
View File

@ -1 +1 @@
503d70e59609c805742ef9ac6537240e0db33c40
75281001cbb0339ff4467b1a1ba8f9390af95a7b

2
GITLAB_SHELL_VERSION
View File

@ -1 +1 @@
14.41.0
14.42.0

3
app/assets/javascripts/lib/graphql.js
View File

@ -79,6 +79,9 @@ export const typePolicies = {
ProjectValueStreamAnalyticsFlowMetrics: {
merge: true,
},
ValueStreamStageMetrics: {
merge: true,
},
ScanExecutionPolicy: {
keyFields: ['name'],
},

2
app/helpers/sidebars_helper.rb
View File

@ -521,7 +521,7 @@ module SidebarsHelper
end
def display_admin_area_link?
current_user&.can_admin_all_resources?
current_user&.can?(:access_admin_area)
end
end

3
app/policies/global_policy.rb
View File

@ -141,6 +141,7 @@ class GlobalPolicy < BasePolicy
end
rule { admin }.policy do
enable :access_admin_area
enable :read_custom_attribute
enable :update_custom_attribute
enable :approve_user
@ -159,6 +160,8 @@ class GlobalPolicy < BasePolicy
enable :read_admin_health_check
enable :read_admin_metrics_dashboard
enable :read_admin_system_information
enable :read_admin_users
enable :read_application_statistics
end
# We can't use `read_statistics` because the user may have different permissions for different projects

2
doc/ci/debugging.md
View File

@ -242,7 +242,7 @@ as they could be viewed by any user with access to the pipelines.
### Run the job's commands locally
You can use a tool like [Rancher Desktop](https://rancherdesktop.io/) or [similar alternatives](https://handbook.gitlab.com/handbook/tools-and-tips/mac/#docker-desktop)
You can use a tool like [Rancher Desktop](https://rancherdesktop.io/) or similar alternatives
to run the job's container image on your local machine. Then, run the job's `script` commands
in the container and verify the behavior.

2
doc/ci/pipelines/compute_minutes.md
View File

@ -133,7 +133,7 @@ Certain [discounts apply to GitLab.com](#cost-factors-for-gitlabcom) based on pr
Community contributors can use up to 300,000 minutes on instance runners when contributing to open source projects
maintained by GitLab. The maximum of 300,000 minutes would only be possible if contributing exclusively to projects
[part of the GitLab product](https://handbook.gitlab.com/handbook/product/groups/product-analysis/engineering/metrics/#projects-that-are-part-of-the-product).
part of the GitLab product.
The total number of minutes available on instance runners is reduced by the compute minutes used by pipelines from
other projects. The 300,000 minutes applies to all GitLab.com tiers.

2
doc/ci/pipelines/pipeline_efficiency.md
View File

@ -258,5 +258,5 @@ identify recurring problems with CI pipeline efficiency.
### Related topics
- [CI Monitoring Webcast Slides](https://docs.google.com/presentation/d/1ONwIIzRB7GWX-WOSziIIv8fz1ngqv77HO1yVfRooOHM/edit?usp=sharing)
- [GitLab.com Monitoring Handbook](https://handbook.gitlab.com/handbook/engineering/monitoring/)
- GitLab.com Monitoring Handbook
- [Buildings dashboards for operational visibility](https://aws.amazon.com/builders-library/building-dashboards-for-operational-visibility/)

2
doc/ci/runners/hosted_runners/_index.md
View File

@ -85,7 +85,7 @@ For more information about the security of hosted runners for GitLab.com, see:
- [Google Cloud Infrastructure Security Design Overview whitepaper](https://cloud.google.com/docs/security/infrastructure/design/resources/google_infrastructure_whitepaper_fa.pdf)
- [GitLab Trust Center](https://about.gitlab.com/security/)
- [GitLab Security Compliance Controls](https://handbook.gitlab.com/handbook/security/security-assurance/security-compliance/sec-controls/)
- GitLab Security Compliance Controls
### Caching on hosted runners for GitLab.com

2
doc/ci/runners/new_creation_workflow.md
View File

@ -20,7 +20,7 @@ Use the [runner creation workflow](https://docs.gitlab.com/runner/register/#regi
For information about the current development status of the new workflow, see [epic 7663](https://gitlab.com/groups/gitlab-org/-/epics/7663).
For information about the technical design and reasons for the new architecture, see [Next GitLab Runner Token Architecture](https://handbook.gitlab.com/handbook/engineering/architecture/design-documents/runner_tokens/).
For information about the technical design and reasons for the new architecture, see Next GitLab Runner Token Architecture.
If you experience problems or have concerns about the new runner registration workflow,
or need more information, let us know in the [feedback issue](https://gitlab.com/gitlab-org/gitlab/-/issues/387993).

8
doc/integration/exact_code_search/zoekt.md
View File

@ -76,16 +76,10 @@ To enable [exact code search](../../user/search/exact_code_search.md) in GitLab:
- Stopping indexing when Zoekt node storage exceeds the critical watermark [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/504945) in GitLab 17.7 [with a flag](../../administration/feature_flags.md) named `zoekt_critical_watermark_stop_indexing`. Disabled by default.
- [Enabled on GitLab.com, GitLab Self-Managed, and GitLab Dedicated](https://gitlab.com/gitlab-org/gitlab/-/issues/505334) in GitLab 18.0.
- [Generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/505334) in GitLab 18.1. Feature flag `zoekt_critical_watermark_stop_indexing` removed.
{{< /history >}}
{{< alert type="flag" >}}
The availability of this feature is controlled by a feature flag.
For more information, see the history.
{{< /alert >}}
Prerequisites:
- You must have administrator access to the instance.

18
doc/update/terminology.md
View File

@ -44,3 +44,21 @@ A "breaking change" is any change that requires users to make a corresponding ch
- Removing a public method from a code class.
A breaking change can be considered major if it affects many users, or represents a significant change in behavior.
## Third-party dependencies
This section applies to all above terms.
Changes (deprecation, end of support, removal, or breaking change) in third-party dependencies are handled separately from changes to features in GitLab itself:
- These changes follow the dependency's own lifecycle and are not subject to feature process and timeline requirements for GitLab.
- GitLab will try to minimize impact and provide a smooth migration experience for third-party dependency changes that affect our product.
- Security updates to dependencies might be applied without following their standard deprecation processes when necessary to address severe vulnerabilities within vulnerability resolution SLAs. For more information, see the GitLab Handbook.
- In cases where dependencies change outside our control or timeline, GitLab might need to implement changes to our own software outside our usual process and timeline to
maintain our functionality, compatibility, or security.
- GitLab will make reasonable efforts to communicate significant third-party dependency changes.
- GitLab is not responsible for any changes in third-party dependency functionality that is not directly used by GitLab products.
- Customers who leverage these third-party dependencies beyond the usage patterns of GitLab do so at their own risk and should:
- Monitor the third-party's release notes independently.
- Test their custom implementations against new dependency versions.
- Plan their own migration strategies for third-party changes.

3
lib/api/helpers.rb
View File

@ -376,7 +376,8 @@ module API
end
def authorize_read_application_statistics!
authenticated_as_admin!
authenticate!
forbidden! unless current_user.can?(:read_application_statistics)
end
def authorize!(action, subject = :global, reason = nil)

7
lib/gitlab/exclusive_lease.rb
View File

@ -180,6 +180,13 @@ module Gitlab
def cancel
self.class.cancel(@redis_shared_state_key, @uuid)
end
# Returns true if the UUID for the key hasn't changed.
def same_uuid?
::Gitlab::Redis::SharedState.with do |redis|
redis.get(@redis_shared_state_key) == @uuid
end
end
end
end

2
lib/gitlab/metrics/samplers/concurrency_limit_sampler.rb
View File

@ -29,7 +29,7 @@ module Gitlab
try_obtain_lease do
# Keep reporting the metrics while the lease is valid
# to ensure we have continuous data
while exclusive_lease.exists?
while exclusive_lease.same_uuid?
report_metrics
Kernel.sleep(DEFAULT_SAMPLING_INTERVAL_SECONDS)
end

33
lib/sidebars/admin/menus/admin_overview_menu.rb
View File

@ -32,74 +32,79 @@ module Sidebars
{ testid: 'admin-overview-submenu-content' }
end
override :render_with_abilities
def render_with_abilities
super + %i[access_admin_area]
end
private
def dashboard_menu_item
::Sidebars::MenuItem.new(
build_menu_item(
title: _('Dashboard'),
link: admin_root_path,
active_routes: { controller: 'dashboard' },
item_id: :dashboard
)
) { can?(current_user, :read_application_statistics) }
end
def projects_menu_item
::Sidebars::MenuItem.new(
build_menu_item(
title: _('Projects'),
link: admin_projects_path,
active_routes: { controller: 'admin/projects' },
item_id: :projects
)
) { can?(current_user, :admin_all_resources) }
end
def users_menu_item
::Sidebars::MenuItem.new(
build_menu_item(
title: _('Users'),
link: admin_users_path,
active_routes: { controller: 'users' },
item_id: :users,
container_html_options: { 'data-testid': 'admin-overview-users-link' }
)
) { can?(current_user, :read_admin_users) }
end
def groups_menu_item
::Sidebars::MenuItem.new(
build_menu_item(
title: _('Groups'),
link: admin_groups_path,
active_routes: { controller: 'groups' },
item_id: :groups,
container_html_options: { 'data-testid': 'admin-overview-groups-link' }
)
) { can?(current_user, :admin_all_resources) }
end
def organizations_menu_item
return unless Feature.enabled?(:ui_for_organizations, current_user)
::Sidebars::MenuItem.new(
build_menu_item(
title: _('Organizations'),
link: admin_organizations_path,
active_routes: { controller: 'organizations' },
item_id: :organizations,
container_html_options: { 'data-testid': 'admin-overview-organizations-link' }
)
) { can?(current_user, :admin_all_resources) }
end
def topics_menu_item
::Sidebars::MenuItem.new(
build_menu_item(
title: _('Topics'),
link: admin_topics_path,
active_routes: { controller: 'admin/topics' },
item_id: :topics
)
) { can?(current_user, :admin_all_resources) }
end
def gitaly_servers_menu_item
::Sidebars::MenuItem.new(
build_menu_item(
title: _('Gitaly servers'),
link: admin_gitaly_servers_path,
active_routes: { controller: 'gitaly_servers' },
item_id: :gitaly_servers
)
) { can?(current_user, :read_admin_gitaly_servers) }
end
end
end

3
locale/gitlab.pot
View File

@ -19399,6 +19399,9 @@ msgstr ""
msgid "CycleAnalytics|There is no data for 'Total time' available. Adjust the current filters."
msgstr ""
msgid "CycleAnalytics|There was an error while fetching data for the stage time chart."
msgstr ""
msgid "CycleAnalytics|Time to restore service"
msgstr ""

17
spec/lib/gitlab/exclusive_lease_spec.rb
View File

@ -331,4 +331,21 @@ RSpec.describe Gitlab::ExclusiveLease, :request_store,
described_class.throttle(1, count: 48, period: 1.day) {}
end
end
describe '#same_uuid?' do
it 'returns true for an existing lease' do
lease = described_class.new(unique_key, timeout: 3600)
lease.try_obtain
expect(lease.same_uuid?).to eq(true)
end
it 'returns false for a lease that does not exist' do
described_class.new(unique_key, timeout: 3600).try_obtain
lease = described_class.new(unique_key, timeout: 3600)
expect(lease.same_uuid?).to eq(false)
end
end
end

5
spec/lib/gitlab/metrics/samplers/concurrency_limit_sampler_spec.rb
View File

@ -22,7 +22,7 @@ RSpec.describe Gitlab::Metrics::Samplers::ConcurrencyLimitSampler, :clean_gitlab
before do
allow(Gitlab::SidekiqMiddleware::ConcurrencyLimit::WorkersMap)
.to receive(:workers).and_return(workers_with_limits)
allow(sampler.exclusive_lease).to receive(:exists?).and_return(true, false) # run sample once
allow(sampler.exclusive_lease).to receive(:same_uuid?).and_return(true, false) # run sample once
end
it 'fetches data for each worker and sets gauge' do
@ -77,8 +77,7 @@ RSpec.describe Gitlab::Metrics::Samplers::ConcurrencyLimitSampler, :clean_gitlab
context 'when lease exists for more than 1 cycle' do
before do
stub_exclusive_lease(lease_key, timeout: described_class::LEASE_TIMEOUT)
allow(sampler.exclusive_lease).to receive(:exists?).and_return(true, true, true, false)
allow(sampler.exclusive_lease).to receive(:same_uuid?).and_return(true, true, true, false)
end
it 'report metrics while lease exists and afterwards reset the metrics' do

3
spec/policies/global_policy_spec.rb
View File

@ -751,6 +751,9 @@ RSpec.describe GlobalPolicy, feature_category: :shared do
let(:current_user) { admin_user }
let(:permissions) do
[
:access_admin_area,
:read_application_statistics,
:read_admin_users,
:read_admin_audit_log,
:read_admin_background_jobs,
:read_admin_background_migrations,