root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2025-07-10 18:07:41 +00:00
parent ee219f9b91
commit 1db959cb59
158 changed files with 2066 additions and 1224 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitlab-ci.yml
View File

@ -235,6 +235,7 @@ variables:
FLAKY_RSPEC_SUITE_REPORT_PATH: rspec/flaky/report-suite.json
FRONTEND_FIXTURES_MAPPING_PATH: crystalball/frontend_fixtures_mapping.json
JEST_MATCHING_TEST_FILES_PATH: jest/matching_test_files.txt
GITLAB_WORKHORSE_FOLDER: "gitlab-workhorse"
JOB_METRICS_FILE_PATH: "${CI_PROJECT_DIR}/tmp/job-metrics.json"
KNAPSACK_RSPEC_SUITE_REPORT_PATH: knapsack/report-master.json

1
.gitlab/CODEOWNERS
View File

@ -1412,6 +1412,7 @@ lib/gitlab/checks/
/app/views/user_settings/passwords/
/app/views/user_settings/personal_access_tokens/index.html.haml
/app/views/user_settings/user_settings/authentication_log.haml
/app/workers/authn/
/app/workers/personal_access_tokens/
/app/workers/resource_access_tokens/
/config/initializers/01_secret_token.rb

1
.gitlab/ci/rules.gitlab-ci.yml
View File

@ -641,6 +641,7 @@
.code-rest-api-patterns: &code-rest-api-patterns
- "{,ee/,jh/}lib/{,ee/,jh/}api/**/*"
- "{,ee/,jh/}app/policies/**/*"
# Auto-generated files
- "doc/api/openapi/openapi_v2.yaml"

7
.rubocop.yml
View File

@ -1061,13 +1061,6 @@ Migration/AsyncPostMigrateOnly:
- db/**/*.rb
EnforcedSince: 20240115115029
Migration/PreventEnablingLockRetriesForTransactionalMigrations:
Enabled: true
Include:
- '{,ee/,jh/}db/**/*.rb'
Exclude:
- '{,ee/,jh/}db/click_house/**/*.rb'
Gitlab/RailsLogger:
Exclude:
- 'spec/**/*.rb'

1
.rubocop_todo/internal_affairs/cop_description_with_example.yml
View File

@ -92,7 +92,6 @@ InternalAffairs/CopDescriptionWithExample:
- 'rubocop/cop/migration/migration_with_milestone.rb'
- 'rubocop/cop/migration/prevent_adding_columns.rb'
- 'rubocop/cop/migration/prevent_feature_flags_usage.rb'
- 'rubocop/cop/migration/prevent_global_enable_lock_retries_with_disable_ddl_transaction.rb'
- 'rubocop/cop/migration/prevent_index_creation.rb'
- 'rubocop/cop/migration/prevent_strings.rb'
- 'rubocop/cop/migration/refer_to_index_by_name.rb'

1
.rubocop_todo/internal_affairs/node_matcher_directive.yml
View File

@ -14,7 +14,6 @@ InternalAffairs/NodeMatcherDirective:
- 'rubocop/cop/migration/ensure_factory_for_table.rb'
- 'rubocop/cop/migration/migration_record.rb'
- 'rubocop/cop/migration/migration_with_milestone.rb'
- 'rubocop/cop/migration/prevent_global_enable_lock_retries_with_disable_ddl_transaction.rb'
- 'rubocop/cop/migration/prevent_index_creation.rb'
- 'rubocop/cop/migration/prevent_single_statement_with_disable_ddl_transaction.rb'
- 'rubocop/cop/migration/prevent_strings.rb'

1
.rubocop_todo/internal_affairs/redundant_message_argument.yml
View File

@ -11,7 +11,6 @@ InternalAffairs/RedundantMessageArgument:
- 'rubocop/cop/migration/async_post_migrate_only.rb'
- 'rubocop/cop/migration/batch_migrations_post_only.rb'
- 'rubocop/cop/migration/migration_with_milestone.rb'
- 'rubocop/cop/migration/prevent_global_enable_lock_retries_with_disable_ddl_transaction.rb'
- 'rubocop/cop/migration/prevent_single_statement_with_disable_ddl_transaction.rb'
- 'rubocop/cop/migration/schema_addition_methods_no_post.rb'
- 'rubocop/cop/redis_queue_usage.rb'

1
.rubocop_todo/internal_affairs/useless_message_assertion.yml
View File

@ -23,7 +23,6 @@ InternalAffairs/UselessMessageAssertion:
- 'spec/rubocop/cop/migration/avoid_finalize_background_migration_spec.rb'
- 'spec/rubocop/cop/migration/batched_migration_base_class_spec.rb'
- 'spec/rubocop/cop/migration/migration_with_milestone_spec.rb'
- 'spec/rubocop/cop/migration/prevent_global_enable_lock_retries_with_disable_ddl_transaction_spec.rb'
- 'spec/rubocop/cop/migration/prevent_single_statement_with_disable_ddl_transaction_spec.rb'
- 'spec/rubocop/cop/migration/schema_addition_methods_no_post_spec.rb'
- 'spec/rubocop/cop/performance/active_record_subtransaction_methods_spec.rb'

1
.rubocop_todo/layout/line_length.yml
View File

@ -2336,7 +2336,6 @@ Layout/LineLength:
- 'rubocop/cop/inject_enterprise_edition_module.rb'
- 'rubocop/cop/migration/add_limit_to_text_columns.rb'
- 'rubocop/cop/migration/add_reference.rb'
- 'rubocop/cop/migration/prevent_global_enable_lock_retries_with_disable_ddl_transaction.rb'
- 'rubocop/cop/migration/with_lock_retries_disallowed_method.rb'
- 'rubocop/cop/qa/selector_usage.rb'
- 'rubocop/cop/rspec/top_level_describe_path.rb'

1
.rubocop_todo/rspec/feature_category.yml
View File

@ -3462,7 +3462,6 @@ RSpec/FeatureCategory:
- 'spec/rubocop/cop/migration/datetime_spec.rb'
- 'spec/rubocop/cop/migration/drop_table_spec.rb'
- 'spec/rubocop/cop/migration/migration_record_spec.rb'
- 'spec/rubocop/cop/migration/prevent_global_enable_lock_retries_with_disable_ddl_transaction_spec.rb'
- 'spec/rubocop/cop/migration/prevent_strings_spec.rb'
- 'spec/rubocop/cop/migration/refer_to_index_by_name_spec.rb'
- 'spec/rubocop/cop/migration/remove_column_spec.rb'

2
Gemfile.checksum
View File

@ -718,7 +718,7 @@
{"name":"spring","version":"4.3.0","platform":"ruby","checksum":"0aaaf3bcce38e8528275854881d1922660d76cbd19a9a3af4a419d95b7fe7122"},
{"name":"spring-commands-rspec","version":"1.0.4","platform":"ruby","checksum":"6202e54fa4767452e3641461a83347645af478bf45dddcca9737b43af0dd1a2c"},
{"name":"sprite-factory","version":"1.7.1","platform":"ruby","checksum":"5586524a1aec003241f1abc6852b61433e988aba5ee2b55f906387bf49b01ba2"},
{"name":"sprockets","version":"3.7.2","platform":"ruby","checksum":"5ea1d7facd09203c1aa196afd6178208cd25abdbcc2a9978810a2f0754e152a0"},
{"name":"sprockets","version":"3.7.5","platform":"ruby","checksum":"72c20f256548f8a37fe7db41d96be86c3262fddaf4ebe9d69ec8317394fed383"},
{"name":"sprockets-rails","version":"3.5.2","platform":"ruby","checksum":"a9e88e6ce9f8c912d349aa5401509165ec42326baf9e942a85de4b76dbc4119e"},
{"name":"ssh_data","version":"1.3.0","platform":"ruby","checksum":"ec7c1e95a3aebeee412147998f4c147b4b05da6ed0aafda6083f9449318eaac0"},
{"name":"ssrf_filter","version":"1.0.8","platform":"ruby","checksum":"03f49f54837e407d43ee93ec733a8a94dc1bcf8185647ac61606e63aaedaa0db"},

3
Gemfile.lock
View File

@ -1849,7 +1849,8 @@ GEM
spring-commands-rspec (1.0.4)
spring (>= 0.9.1)
sprite-factory (1.7.1)
sprockets (3.7.2)
sprockets (3.7.5)
base64
concurrent-ruby (~> 1.0)
rack (> 1, < 3)
sprockets-rails (3.5.2)

2
Gemfile.next.checksum
View File

@ -718,7 +718,7 @@
{"name":"spring","version":"4.3.0","platform":"ruby","checksum":"0aaaf3bcce38e8528275854881d1922660d76cbd19a9a3af4a419d95b7fe7122"},
{"name":"spring-commands-rspec","version":"1.0.4","platform":"ruby","checksum":"6202e54fa4767452e3641461a83347645af478bf45dddcca9737b43af0dd1a2c"},
{"name":"sprite-factory","version":"1.7.1","platform":"ruby","checksum":"5586524a1aec003241f1abc6852b61433e988aba5ee2b55f906387bf49b01ba2"},
{"name":"sprockets","version":"3.7.2","platform":"ruby","checksum":"5ea1d7facd09203c1aa196afd6178208cd25abdbcc2a9978810a2f0754e152a0"},
{"name":"sprockets","version":"3.7.5","platform":"ruby","checksum":"72c20f256548f8a37fe7db41d96be86c3262fddaf4ebe9d69ec8317394fed383"},
{"name":"sprockets-rails","version":"3.5.2","platform":"ruby","checksum":"a9e88e6ce9f8c912d349aa5401509165ec42326baf9e942a85de4b76dbc4119e"},
{"name":"ssh_data","version":"1.3.0","platform":"ruby","checksum":"ec7c1e95a3aebeee412147998f4c147b4b05da6ed0aafda6083f9449318eaac0"},
{"name":"ssrf_filter","version":"1.0.8","platform":"ruby","checksum":"03f49f54837e407d43ee93ec733a8a94dc1bcf8185647ac61606e63aaedaa0db"},

3
Gemfile.next.lock
View File

@ -1843,7 +1843,8 @@ GEM
spring-commands-rspec (1.0.4)
spring (>= 0.9.1)
sprite-factory (1.7.1)
sprockets (3.7.2)
sprockets (3.7.5)
base64
concurrent-ruby (~> 1.0)
rack (> 1, < 3)
sprockets-rails (3.5.2)

1
app/assets/javascripts/lib/utils/text_markdown.js
View File

@ -877,6 +877,7 @@ function handleContinueList(e, textArea) {
function handleContinueIndentedText(e, textArea) {
if (!gon.features?.continueIndentedText) return;
if (!gon.markdown_maintain_indentation) return;
if (!shouldHandleIndentation(e, textArea)) {
return;

2
app/assets/javascripts/members/components/modals/leave_modal.vue
View File

@ -27,7 +27,7 @@ export default {
'Members|You cannot remove yourself from a personal project.',
),
preventedBodyGroupMemberModelType: s__(
'Members|A group must have at least one owner. To leave this group, assign a new owner.',
'Members|Groups require a human Owner. Assign another human user as Owner to leave.',
),
},
components: { GlModal, GlForm, GlSprintf, UserDeletionObstaclesList },

32
app/assets/javascripts/todos/components/todo_item.vue
View File

@ -1,24 +1,19 @@
<script>
import { GlLink, GlIcon, GlFormCheckbox } from '@gitlab/ui';
import { GlLink, GlFormCheckbox } from '@gitlab/ui';
import { fallsBefore } from '~/lib/utils/datetime_utility';
import { INSTRUMENT_TODO_ITEM_FOLLOW, TODO_STATE_DONE } from '../constants';
import TodoItemTitle from './todo_item_title.vue';
import TodoItemBody from './todo_item_body.vue';
import TodoItemTimestamp from './todo_item_timestamp.vue';
import TodoItemActions from './todo_item_actions.vue';
import TodoItemTitleHiddenBySaml from './todo_item_title_hidden_by_saml.vue';
export default {
TRACK_ACTION: INSTRUMENT_TODO_ITEM_FOLLOW,
components: {
GlLink,
GlIcon,
GlFormCheckbox,
TodoItemTitle,
TodoItemBody,
TodoItemTimestamp,
TodoItemActions,
TodoItemTitleHiddenBySaml,
},
inject: ['currentTab'],
props: {
@ -41,9 +36,6 @@ export default {
isHiddenBySaml() {
return !this.todo.targetEntity;
},
titleComponent() {
return this.isHiddenBySaml ? TodoItemTitleHiddenBySaml : TodoItemTitle;
},
isDone() {
return this.todo.state === TODO_STATE_DONE;
},
@ -67,13 +59,13 @@ export default {
<template>
<li
class="gl-border-t gl-border-b gl-relative -gl-mt-px gl-flex gl-gap-3 gl-px-5 gl-py-3 hover:gl-bg-feedback-info"
class="gl-border-b gl-flex gl-gap-3 gl-px-5 gl-py-3 hover:gl-bg-feedback-info"
:data-testid="`todo-item-${todo.id}`"
:class="{ 'gl-bg-subtle': isDone }"
>
<gl-form-checkbox
v-if="selectable"
class="gl-inline-block gl-pt-2"
class="gl-mt-1 gl-inline-block"
:aria-label="__('Select')"
:checked="selected"
@change="(checked) => $emit('select-change', todo.id, checked)"
@ -83,27 +75,17 @@ export default {
:data-event-tracking="$options.TRACK_ACTION"
:data-event-label="trackingLabel"
:data-event-property="todo.action"
class="gl-flex gl-min-w-0 gl-flex-1 gl-flex-wrap gl-justify-end gl-gap-y-3 !gl-text-default !gl-no-underline sm:gl-flex-nowrap sm:gl-items-center"
class="gl-flex gl-min-w-0 gl-grow gl-flex-col gl-flex-nowrap gl-justify-between gl-gap-3 gl-gap-y-3 !gl-text-default !gl-no-underline sm:gl-flex-row sm:gl-items-center"
>
<div
class="gl-w-64 gl-flex-grow-2 gl-self-center gl-overflow-hidden gl-overflow-x-auto sm:gl-w-auto"
>
<component
:is="titleComponent"
:todo="todo"
class="gl-flex gl-items-center gl-gap-2 gl-overflow-hidden gl-whitespace-nowrap gl-px-2 gl-pb-3 gl-pt-1 gl-text-sm gl-text-subtle sm:gl-mr-0 sm:gl-pr-4"
/>
<todo-item-body :todo="todo" :is-hidden-by-saml="isHiddenBySaml" />
</div>
<todo-item-body :todo="todo" :is-hidden-by-saml="isHiddenBySaml" />
<todo-item-timestamp
:todo="todo"
:is-snoozed="isSnoozed"
class="gl-w-full gl-whitespace-nowrap gl-px-2 sm:gl-w-auto"
class="gl-self-start gl-whitespace-nowrap sm:gl-w-auto"
/>
</gl-link>
<todo-item-actions
class="gl-self-start sm:gl-self-center"
class="gl-self-start"
:todo="todo"
:is-snoozed="isSnoozed"
@change="$emit('change')"

52
app/assets/javascripts/todos/components/todo_item_body.vue
View File

@ -21,6 +21,8 @@ import {
TODO_ACTION_TYPE_SSH_KEY_EXPIRING_SOON,
DUO_ACCESS_GRANTED_ACTIONS,
} from '../constants';
import TodoItemTitle from './todo_item_title.vue';
import TodoItemTitleHiddenBySaml from './todo_item_title_hidden_by_saml.vue';
export default {
components: {
@ -67,6 +69,9 @@ export default {
this.todo.author.id !== this.currentUserId
);
},
titleComponent() {
return this.isHiddenBySaml ? TodoItemTitleHiddenBySaml : TodoItemTitle;
},
author() {
if (this.isHiddenBySaml) {
return {
@ -179,28 +184,37 @@ export default {
</script>
<template>
<div class="gl-flex gl-items-start gl-px-2" data-testid="todo-item-container">
<div v-if="showAvatarOnNote" class="gl-mr-3 gl-hidden sm:gl-inline-block">
<gl-avatar-link :href="author.webUrl" aria-hidden="true" tabindex="-1" class="gl-flex">
<gl-avatar :size="24" :src="author.avatarUrl" role="none" />
<div class="gl-flex gl-min-w-0 gl-gap-3" data-testid="todo-item-container">
<div v-if="showAvatarOnNote" class="gl-hidden sm:gl-inline-block">
<gl-avatar-link :href="author.webUrl" aria-hidden="true" tabindex="-1" class="gl-mt-1">
<gl-avatar :size="32" :src="author.avatarUrl" role="none" />
</gl-avatar-link>
</div>
<div>
<div v-if="showAuthorOnNote" class="gl-inline-flex gl-font-bold">
<gl-link
v-if="author"
:href="author.webUrl"
class="!gl-text-default"
data-testid="todo-author-name-content"
>{{ authorOnNote }}</gl-link
>
<span v-else>{{ $options.i18n.removed }}</span>
<span v-if="todo.note">:</span>
<div class="gl-flex gl-min-w-0 gl-flex-col gl-gap-1">
<component
:is="titleComponent"
:todo="todo"
class="gl-flex gl-min-w-0 gl-items-center gl-gap-1 gl-overflow-hidden gl-whitespace-nowrap gl-text-sm gl-text-subtle"
/>
<div>
<div v-if="showAuthorOnNote" class="gl-inline-flex gl-font-bold">
<gl-link
v-if="author"
:href="author.webUrl"
class="!gl-text-default"
data-testid="todo-author-name-content"
>{{ authorOnNote }}</gl-link
>
<span v-else>{{ $options.i18n.removed }}</span>
<span v-if="todo.note">:</span>
</div>
<span v-if="actionName" data-testid="todo-action-name-content">
{{ actionName }}
</span>
<span v-if="noteText" v-safe-html="noteText"></span>
</div>
<span v-if="actionName" data-testid="todo-action-name-content">
{{ actionName }}
</span>
<span v-if="noteText" v-safe-html="noteText"></span>
</div>
</div>
</template>

4
app/assets/javascripts/todos/components/todo_item_timestamp.vue
View File

@ -52,7 +52,9 @@ export default {
</script>
<template>
<div class="gl-flex gl-gap-2 gl-text-sm gl-text-subtle sm:gl-flex-col sm:gl-gap-0">
<div
class="gl-flex gl-gap-2 gl-text-sm gl-text-subtle sm:gl-h-7 sm:gl-flex-col sm:gl-justify-center sm:gl-gap-0"
>
<span class="gl-text-right">
<todo-snoozed-timestamp
v-if="todo.snoozedUntil"

6
app/assets/javascripts/todos/components/todo_item_title.vue
View File

@ -165,9 +165,9 @@ export default {
<template>
<div>
<status-badge v-if="showStatusBadge" :issuable-type="issuableType" :state="issuableState" />
<gl-icon v-if="icon" :name="icon" />
<div class="gl-overflow-hidden gl-text-ellipsis" data-testid="todo-title">
<gl-icon v-if="icon" :name="icon" class="gl-shrink-0" :size="12" />
<span class="gl-overflow-hidden gl-text-ellipsis" data-testid="todo-title">
{{ todoTitle }}
</div>
</span>
</div>
</template>

2
app/controllers/concerns/wiki_actions.rb
View File

@ -37,8 +37,6 @@ module WikiActions
push_frontend_feature_flag(:glql_work_items, container)
push_force_frontend_feature_flag(:glql_integration, !!container&.glql_integration_feature_flag_enabled?)
push_force_frontend_feature_flag(:glql_load_on_click, !!container&.glql_load_on_click_feature_flag_enabled?)
push_force_frontend_feature_flag(:continue_indented_text,
!!container&.continue_indented_text_feature_flag_enabled?)
end
before_action only: [:show, :edit, :update] do

1
app/controllers/groups/boards_controller.rb
View File

@ -11,7 +11,6 @@ class Groups::BoardsController < Groups::ApplicationController
push_force_frontend_feature_flag(:work_items_beta, !!group&.work_items_beta_feature_flag_enabled?)
push_frontend_feature_flag(:notifications_todos_buttons, current_user)
push_force_frontend_feature_flag(:glql_integration, !!group&.glql_integration_feature_flag_enabled?)
push_force_frontend_feature_flag(:continue_indented_text, !!group&.continue_indented_text_feature_flag_enabled?)
push_frontend_feature_flag(:work_item_status_feature_flag, group&.root_ancestor)
end

1
app/controllers/groups/work_items_controller.rb
View File

@ -13,7 +13,6 @@ module Groups
!!group&.create_group_level_work_items_feature_flag_enabled?)
push_force_frontend_feature_flag(:glql_integration, !!group&.glql_integration_feature_flag_enabled?)
push_force_frontend_feature_flag(:glql_load_on_click, !!group&.glql_load_on_click_feature_flag_enabled?)
push_force_frontend_feature_flag(:continue_indented_text, !!group&.continue_indented_text_feature_flag_enabled?)
push_frontend_feature_flag(:issues_list_drawer, group)
push_frontend_feature_flag(:work_item_status_feature_flag, group&.root_ancestor)
push_frontend_feature_flag(:work_item_planning_view, group)

1
app/controllers/profiles/preferences_controller.rb
View File

@ -64,6 +64,7 @@ class Profiles::PreferencesController < Profiles::ApplicationController
:keyboard_shortcuts_enabled,
:markdown_surround_selection,
:markdown_automatic_lists,
:markdown_maintain_indentation,
:use_new_navigation,
:enabled_following,
:use_work_items_view,

1
app/controllers/projects/boards_controller.rb
View File

@ -11,7 +11,6 @@ class Projects::BoardsController < Projects::ApplicationController
push_force_frontend_feature_flag(:work_items_beta, !!project&.work_items_beta_feature_flag_enabled?)
push_frontend_feature_flag(:notifications_todos_buttons, current_user)
push_force_frontend_feature_flag(:glql_integration, !!project&.glql_integration_feature_flag_enabled?)
push_force_frontend_feature_flag(:continue_indented_text, !!project&.continue_indented_text_feature_flag_enabled?)
push_frontend_feature_flag(:work_item_status_feature_flag, project&.root_ancestor)
end

1
app/controllers/projects/issues_controller.rb
View File

@ -56,7 +56,6 @@ class Projects::IssuesController < Projects::ApplicationController
push_frontend_feature_flag(:work_item_planning_view, project&.group)
push_force_frontend_feature_flag(:glql_integration, !!project&.glql_integration_feature_flag_enabled?)
push_force_frontend_feature_flag(:glql_load_on_click, !!project&.glql_load_on_click_feature_flag_enabled?)
push_force_frontend_feature_flag(:continue_indented_text, !!project&.continue_indented_text_feature_flag_enabled?)
push_force_frontend_feature_flag(:work_items_beta, !!project&.work_items_beta_feature_flag_enabled?)
push_force_frontend_feature_flag(:work_items_alpha, !!project&.work_items_alpha_feature_flag_enabled?)
push_frontend_feature_flag(:work_item_view_for_issues, project&.group)

1
app/controllers/projects/merge_requests/application_controller.rb
View File

@ -10,7 +10,6 @@ class Projects::MergeRequests::ApplicationController < Projects::ApplicationCont
before_action do
push_force_frontend_feature_flag(:glql_integration, !!project&.glql_integration_feature_flag_enabled?)
push_force_frontend_feature_flag(:glql_load_on_click, !!project&.glql_load_on_click_feature_flag_enabled?)
push_force_frontend_feature_flag(:continue_indented_text, !!project&.continue_indented_text_feature_flag_enabled?)
end
private

1
app/controllers/projects/work_items_controller.rb
View File

@ -14,7 +14,6 @@ class Projects::WorkItemsController < Projects::ApplicationController
push_force_frontend_feature_flag(:work_items_alpha, !!project&.work_items_alpha_feature_flag_enabled?)
push_force_frontend_feature_flag(:glql_integration, !!project&.glql_integration_feature_flag_enabled?)
push_force_frontend_feature_flag(:glql_load_on_click, !!project&.glql_load_on_click_feature_flag_enabled?)
push_force_frontend_feature_flag(:continue_indented_text, !!project&.continue_indented_text_feature_flag_enabled?)
push_frontend_feature_flag(:work_item_status_feature_flag, project&.root_ancestor)
push_frontend_feature_flag(:work_item_planning_view, project&.group)
push_force_frontend_feature_flag(:work_items_bulk_edit, project&.work_items_bulk_edit_feature_flag_enabled?)

4
app/models/ci/bridge.rb
View File

@ -61,11 +61,11 @@ module Ci
end
event :start_cancel do
transition CANCELABLE_STATUSES.map(&:to_sym) + [:manual] => :canceling
transition CANCELABLE_STATUSES.map(&:to_sym) => :canceling
end
event :finish_cancel do
transition CANCELABLE_STATUSES.map(&:to_sym) + [:manual, :canceling] => :canceled
transition CANCELABLE_STATUSES.map(&:to_sym) + [:canceling] => :canceled
end
event :success do

1
app/models/ci/pipeline.rb
View File

@ -35,7 +35,6 @@ module Ci
DEFAULT_CONFIG_PATH = '.gitlab-ci.yml'
CANCELABLE_STATUSES = (Ci::HasStatus::CANCELABLE_STATUSES + ['manual']).freeze
UNLOCKABLE_STATUSES = (Ci::Pipeline.completed_statuses + [:manual]).freeze
# UI only shows 100+. TODO: pass constant to UI for SSoT
COUNT_FAILED_JOBS_LIMIT = 101

2
app/models/commit_status.rb
View File

@ -175,7 +175,7 @@ class CommitStatus < Ci::ApplicationRecord
event :cancel do
transition running: :canceling, if: :supports_canceling?
transition CANCELABLE_STATUSES.map(&:to_sym) + [:manual] => :canceled
transition CANCELABLE_STATUSES.map(&:to_sym) => :canceled
end
event :force_cancel do

2
app/models/concerns/ci/has_status.rb
View File

@ -45,7 +45,7 @@ module Ci
IGNORED_STATUSES = %w[manual].to_set.freeze
EXECUTING_STATUSES = %w[running canceling].freeze
ALIVE_STATUSES = ORDERED_STATUSES - COMPLETED_STATUSES - BLOCKED_STATUS
CANCELABLE_STATUSES = (ALIVE_STATUSES + ['scheduled'] - ['canceling']).freeze
CANCELABLE_STATUSES = (ORDERED_STATUSES - COMPLETED_STATUSES - ['canceling']).freeze
STATUSES_ENUM = { created: 0, pending: 1, running: 2, success: 3,
failed: 4, canceled: 5, skipped: 6, manual: 7,
scheduled: 8, preparing: 9, waiting_for_resource: 10,

26
app/models/group.rb
View File

@ -715,12 +715,12 @@ class Group < Namespace
def last_owner?(user)
return false unless user
all_owners = member_owners_excluding_project_bots
all_owners = member_owners_excluding_project_bots_and_service_accounts
last_owner_in_list?(user, all_owners)
end
# This is used in BillableMember Entity to
# avoid multiple "member_owners_excluding_project_bots" calls
# avoid multiple "member_owners_excluding_project_bots_and_service_accounts" calls
# for each billable members
def last_owner_in_list?(user, all_owners)
return false unless user
@ -730,18 +730,18 @@ class Group < Namespace
# Excludes non-direct owners for top-level group
# Excludes project_bots
def member_owners_excluding_project_bots
members_from_hiearchy = if root?
members.non_minimal_access.without_invites_and_requests
else
members_with_parents(only_active_users: false)
end
# Excludes service accounts
def member_owners_excluding_project_bots_and_service_accounts
members_from_hierarchy = if root?
members.non_minimal_access.without_invites_and_requests
else
members_with_parents(only_active_users: false)
end
owners = []
members_from_hiearchy.all_owners.non_invite.each_batch do |relation|
members_from_hierarchy.all_owners.non_invite.each_batch do |relation|
owners += relation.preload(:user, :source).load.reject do |member|
member.user.nil? || member.user.project_bot?
member.user.nil? || member.user.project_bot? || member.user.service_account?
end
end
@ -1108,10 +1108,6 @@ class Group < Namespace
licensed_feature_available?(:work_item_status)
end
def continue_indented_text_feature_flag_enabled?
feature_flag_enabled_for_self_or_ancestor?(:continue_indented_text, type: :wip)
end
def glql_integration_feature_flag_enabled?
feature_flag_enabled_for_self_or_ancestor?(:glql_integration)
end

6
app/models/issue.rb
View File

@ -419,11 +419,7 @@ class Issue < ApplicationRecord
end
def self.alternative_reference_prefix_with_postfix
if Feature.enabled?(:extensible_reference_filters, Feature.current_request)
'[issue:'
else
''
end
'[issue:'
end
def self.reference_postfix

2
app/models/members/group_member.rb
View File

@ -62,7 +62,7 @@ class GroupMember < Member
return false unless access_level == Gitlab::Access::OWNER
return last_owner unless last_owner.nil?
owners = group.member_owners_excluding_project_bots
owners = group.member_owners_excluding_project_bots_and_service_accounts
owners.reject! do |member|
member.group == group && member.user_id == user_id

2
app/models/members/last_group_owner_assigner.rb
View File

@ -30,6 +30,6 @@ class LastGroupOwnerAssigner
end
def owners
@owners ||= group.member_owners_excluding_project_bots
@owners ||= group.member_owners_excluding_project_bots_and_service_accounts
end
end

4
app/models/project.rb
View File

@ -3465,10 +3465,6 @@ class Project < ApplicationRecord
group&.work_items_bulk_edit_feature_flag_enabled? || Feature.enabled?(:work_items_bulk_edit, self, type: :wip)
end
def continue_indented_text_feature_flag_enabled?
group&.continue_indented_text_feature_flag_enabled? || Feature.enabled?(:continue_indented_text, self, type: :wip)
end
def enqueue_record_project_target_platforms
return unless Gitlab.com?

1
app/models/user.rb
View File

@ -444,6 +444,7 @@ class User < ApplicationRecord
:render_whitespace_in_code, :render_whitespace_in_code=,
:markdown_surround_selection, :markdown_surround_selection=,
:markdown_automatic_lists, :markdown_automatic_lists=,
:markdown_maintain_indentation, :markdown_maintain_indentation=,
:diffs_deletion_color, :diffs_deletion_color=,
:diffs_addition_color, :diffs_addition_color=,
:use_new_navigation, :use_new_navigation=,

6
app/models/work_item.rb
View File

@ -82,11 +82,7 @@ class WorkItem < Issue
end
def alternative_reference_prefix_with_postfix
if Feature.enabled?(:extensible_reference_filters, Feature.current_request)
'[work_item:'
else
''
end
'[work_item:'
end
def reference_pattern

4
app/services/groups/transfer_service.rb
View File

@ -73,6 +73,7 @@ module Groups
end
transfer_labels
transfer_status_data(old_root_ancestor_id)
remove_paid_features_for_projects(old_root_ancestor_id)
post_update_hooks(@updated_project_ids, old_root_ancestor_id)
propagate_integrations
@ -89,6 +90,9 @@ module Groups
end
end
# Overridden in EE
def transfer_status_data(old_root_ancestor_id); end
# Overridden in EE
def post_update_hooks(updated_project_ids, old_root_ancestor_id)
refresh_project_authorizations

6
app/views/profiles/preferences/show.html.haml
View File

@ -144,7 +144,11 @@
= f.gitlab_ui_checkbox_component :markdown_automatic_lists,
s_('Preferences|Automatically add new list items'),
help_text: html_escape(s_('Preferences|When you type in a description or comment box, pressing %{kbdOpen}Enter%{kbdClose} in a list adds a new item below.')) % { kbdOpen: '<kbd>'.html_safe, kbdClose: '</kbd>'.html_safe }
- if Feature.enabled?(:continue_indented_text, current_user)
.form-group
= f.gitlab_ui_checkbox_component :markdown_maintain_indentation,
s_('Preferences|Maintain indentation'),
help_text: safe_format(s_('Preferences|When you type in a description or comment box, pressing %{kbdOpen}Enter%{kbdClose} creates a new line indented the same as the previous line.'), tag_pair(tag.kbd, :kbdOpen, :kbdClose))
.form-group
= f.label :tab_width, s_('Preferences|Tab width'), class: 'label-bold'
= f.number_field :tab_width,

1
config/events/api_request_from_runner.yml
View File

@ -15,6 +15,7 @@ additional_properties:
product_group: authorization
product_categories:
- permissions
- runner
milestone: '18.1'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/189430
tiers:

2
config/events/click_create_group_runner_button.yml
View File

@ -6,6 +6,8 @@ identifiers:
- namespace
- user
product_group: runner
product_categories:
- fleet_visibility
milestone: '16.10'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/146063
tiers:

2
config/events/click_create_project_runner_button.yml
View File

@ -7,6 +7,8 @@ identifiers:
- namespace
- user
product_group: runner
product_categories:
- fleet_visibility
milestone: '16.10'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/146063
tiers:

2
config/events/click_view_all_link_in_pipeline_analytics.yml
View File

@ -7,6 +7,8 @@ identifiers:
- namespace
- user
product_group: runner
product_categories:
- fleet_visibility
milestone: '17.2'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/158957
tiers:

2
config/events/click_view_runners_button_in_new_group_runner_form.yml
View File

@ -6,6 +6,8 @@ identifiers:
- namespace
- user
product_group: runner
product_categories:
- fleet_visibility
milestone: '16.10'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/146063
tiers:

2
config/events/click_view_runners_button_in_new_project_runner_form.yml
View File

@ -7,6 +7,8 @@ identifiers:
- namespace
- user
product_group: runner
product_categories:
- fleet_visibility
milestone: '16.10'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/146063
tiers:

2
config/events/set_runner_maintenance_note.yml
View File

@ -10,6 +10,8 @@ additional_properties:
label:
description: The runner type, which can be `project_type`, `group_type`, or `instance_type`
product_group: runner
product_categories:
- fleet_visibility
milestone: '17.6'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/170483
tiers:

2
config/events/view_admin_runners_pageload.yml
View File

@ -5,6 +5,8 @@ action: view_admin_runners_pageload
identifiers:
- user
product_group: personal_productivity
product_categories:
- fleet_visibility
milestone: '17.2'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/156812
tiers:

2
config/feature_flags/beta/directory_code_dropdown_updates.yml
View File

@ -6,4 +6,4 @@ rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/514750
milestone: '17.9'
group: group::source code
type: beta
default_enabled: true
default_enabled: false

10
config/feature_flags/beta/stream_audit_events_remote_ip_proxy_protocol.yml
View File

@ -1,10 +0,0 @@
---
name: stream_audit_events_remote_ip_proxy_protocol
description: Fixes remote IP in stream audit events of Git over SSH
feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/378590
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/191408
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/543033
milestone: '18.1'
group: group::source code
type: beta
default_enabled: true

10
config/feature_flags/gitlab_com_derisk/keyset_paginate_exported_merge_requests.yml
View File

@ -1,10 +0,0 @@
---
name: keyset_paginate_exported_merge_requests
description: Use keyset pagination for serializing MRs during file-based export
feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/553170
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/196530
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/553171
milestone: '18.2'
group: group::import
type: gitlab_com_derisk
default_enabled: false

2
config/feature_flags/wip/continue_indented_text.yml
View File

@ -1,7 +1,7 @@
---
name: continue_indented_text
feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/23978
milestone: '17.9'
milestone: '18.2'
group: group::knowledge
type: wip
default_enabled: false

9
config/feature_flags/wip/extensible_reference_filters.yml
View File

@ -1,9 +0,0 @@
---
name: extensible_reference_filters
feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/352861
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/181859
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/535018
milestone: '18.1'
group: group::knowledge
type: wip
default_enabled: false

2
config/initializers/sprockets_patch.rb
View File

@ -8,7 +8,7 @@
require 'sprockets/utils'
unless Gem::Version.new(Sprockets::VERSION) == Gem::Version.new('3.7.2')
if Gem::Version.new(Sprockets::VERSION) >= Gem::Version.new('4.2.0')
raise 'New version of Sprockets detected. This patch can likely be removed.'
end

2
config/metrics/counts_28d/count_distinct_user_id_from_click_create_group_runner_button_monthly.yml
View File

@ -2,6 +2,8 @@
key_path: redis_hll_counters.count_distinct_user_id_from_click_create_group_runner_button_monthly
description: Monthly count of unique users who clicked the 'Create runner' button in a group
product_group: runner
product_categories:
- fleet_visibility
performance_indicator_type: []
value_type: number
status: active

2
config/metrics/counts_28d/count_distinct_user_id_from_click_create_project_runner_button_monthly.yml
View File

@ -2,6 +2,8 @@
key_path: redis_hll_counters.count_distinct_user_id_from_click_create_project_runner_button_monthly
description: Monthly count of unique users who clicked the 'Create runner' button in a project
product_group: runner
product_categories:
- fleet_visibility
performance_indicator_type: []
value_type: number
status: active

2
config/metrics/counts_28d/count_distinct_user_id_from_click_view_all_link_in_pipeline_analytics_monthly.yml
View File

@ -2,6 +2,8 @@
key_path: redis_hll_counters.count_distinct_user_id_from_click_view_all_link_in_pipeline_analytics_monthly
description: Monthly count of unique users who clicked on the View All link on the Pipeline Analytics page
product_group: runner
product_categories:
- fleet_visibility
performance_indicator_type: []
value_type: number
status: active

2
config/metrics/counts_28d/count_distinct_user_id_from_click_view_runners_button_in_new_group_runner_form_monthly.yml
View File

@ -2,6 +2,8 @@
key_path: redis_hll_counters.count_distinct_user_id_from_click_view_runners_button_in_new_group_runner_form_monthly
description: Monthly count of unique users who clicked the 'View Runners' button after creating a group runner
product_group: runner
product_categories:
- fleet_visibility
performance_indicator_type: []
value_type: number
status: active

2
config/metrics/counts_28d/count_distinct_user_id_from_click_view_runners_button_in_new_project_runner_form_monthly.yml
View File

@ -2,6 +2,8 @@
key_path: redis_hll_counters.count_distinct_user_id_from_click_view_runners_button_in_new_project_runner_form_monthly
description: Monthly count of unique users who clicked the 'View Runners' button after creating a project runner
product_group: runner
product_categories:
- fleet_visibility
performance_indicator_type: []
value_type: number
status: active

2
config/metrics/counts_28d/count_distinct_user_id_from_view_admin_runners_pageload_monthly.yml
View File

@ -2,6 +2,8 @@
key_path: redis_hll_counters.count_distinct_user_id_from_view_admin_runners_pageload_monthly
description: Monthly count of unique users who visit the admin runners page
product_group: personal_productivity
product_categories:
- fleet_visibility
performance_indicator_type: []
value_type: number
status: active

2
config/metrics/counts_28d/count_total_runner_created_with_maintenance_note_monthly.yml
View File

@ -2,6 +2,8 @@
key_path: counts.count_total_set_runner_maintenance_note_monthly
description: Monthly count of assignments of maintenance notes to runners
product_group: runner
product_categories:
- fleet_visibility
performance_indicator_type: []
value_type: number
status: active

2
config/metrics/counts_28d/count_total_view_admin_runners_pageload_monthly.yml
View File

@ -2,6 +2,8 @@
key_path: counts.count_total_view_admin_runners_pageload_monthly
description: Monthly count of total users who visit the admin runners page
product_group: personal_productivity
product_categories:
- fleet_visibility
performance_indicator_type: []
value_type: number
status: active

2
config/metrics/counts_7d/count_distinct_user_id_from_click_create_group_runner_button_weekly.yml
View File

@ -2,6 +2,8 @@
key_path: redis_hll_counters.count_distinct_user_id_from_click_create_group_runner_button_weekly
description: Weekly count of unique users who clicked the 'Create runner' button in a group
product_group: runner
product_categories:
- fleet_visibility
performance_indicator_type: []
value_type: number
status: active

2
config/metrics/counts_7d/count_distinct_user_id_from_click_create_project_runner_button_weekly.yml
View File

@ -2,6 +2,8 @@
key_path: redis_hll_counters.count_distinct_user_id_from_click_create_project_runner_button_weekly
description: Weekly count of unique users who clicked the 'Create runner' button in a project
product_group: runner
product_categories:
- fleet_visibility
performance_indicator_type: []
value_type: number
status: active

2
config/metrics/counts_7d/count_distinct_user_id_from_click_view_all_link_in_pipeline_analytics_weekly.yml
View File

@ -2,6 +2,8 @@
key_path: redis_hll_counters.count_distinct_user_id_from_click_view_all_link_in_pipeline_analytics_weekly
description: Weekly count of unique users who clicked on the View All link on the Pipeline Analytics page
product_group: runner
product_categories:
- fleet_visibility
performance_indicator_type: []
value_type: number
status: active

2
config/metrics/counts_7d/count_distinct_user_id_from_click_view_runners_button_in_new_group_runner_form_weekly.yml
View File

@ -2,6 +2,8 @@
key_path: redis_hll_counters.count_distinct_user_id_from_click_view_runners_button_in_new_group_runner_form_weekly
description: Weekly count of unique users who clicked the 'View Runners' button after creating a group runner
product_group: runner
product_categories:
- fleet_visibility
performance_indicator_type: []
value_type: number
status: active

2
config/metrics/counts_7d/count_distinct_user_id_from_click_view_runners_button_in_new_project_runner_form_weekly.yml
View File

@ -2,6 +2,8 @@
key_path: redis_hll_counters.count_distinct_user_id_from_click_view_runners_button_in_new_project_runner_form_weekly
description: Weekly count of unique users who clicked the 'View Runners' button after creating a project runner
product_group: runner
product_categories:
- fleet_visibility
performance_indicator_type: []
value_type: number
status: active

2
config/metrics/counts_7d/count_distinct_user_id_from_view_admin_runners_pageload_weekly.yml
View File

@ -2,6 +2,8 @@
key_path: redis_hll_counters.count_distinct_user_id_from_view_admin_runners_pageload_weekly
description: Weekly count of unique users who visit the admin runners page
product_group: personal_productivity
product_categories:
- fleet_visibility
performance_indicator_type: []
value_type: number
status: active

2
config/metrics/counts_7d/count_total_runner_created_with_maintenance_note_weekly.yml
View File

@ -2,6 +2,8 @@
key_path: counts.count_total_set_runner_maintenance_note_weekly
description: Weekly count of assignments of maintenance notes to runners
product_group: runner
product_categories:
- fleet_visibility
performance_indicator_type: []
value_type: number
status: active

2
config/metrics/counts_7d/count_total_view_admin_runners_pageload_weekly.yml
View File

@ -2,6 +2,8 @@
key_path: counts.count_total_view_admin_runners_pageload_weekly
description: Weekly count of total users who visit the admin runners page
product_group: personal_productivity
product_categories:
- fleet_visibility
performance_indicator_type: []
value_type: number
status: active

1
config/metrics/counts_all/20210216175520_ci_runners.yml
View File

@ -5,6 +5,7 @@ description: Total configured Runners of all types
product_group: runner
product_categories:
- fleet_visibility
- runner
value_type: number
status: active
time_frame: all

1
config/metrics/counts_all/20210502045402_ci_runners_instance_type_active.yml
View File

@ -5,6 +5,7 @@ description: Total active Shared (Instance) Runners
product_group: runner
product_categories:
- fleet_visibility
- runner
value_type: number
status: active
milestone: "13.12"

1
config/metrics/counts_all/20210502050341_ci_runners_group_type_active.yml
View File

@ -5,6 +5,7 @@ description: Total active Group Runners
product_group: runner
product_categories:
- fleet_visibility
- runner
value_type: number
status: active
milestone: "13.12"

1
config/metrics/counts_all/20210502050834_ci_runners_project_type_active.yml
View File

@ -5,6 +5,7 @@ description: Total active Specific (Project) Runners
product_group: runner
product_categories:
- fleet_visibility
- runner
value_type: number
status: active
milestone: "13.12"

1
config/metrics/counts_all/20210502050942_ci_runners_online.yml
View File

@ -5,6 +5,7 @@ description: Total online Runners of all types
product_group: runner
product_categories:
- fleet_visibility
- runner
value_type: number
status: active
milestone: "13.12"

1
config/metrics/counts_all/20210502051651_ci_runners_instance_type_active_online.yml
View File

@ -5,6 +5,7 @@ description: Total active and online Shared (Instance) Runners
product_group: runner
product_categories:
- fleet_visibility
- runner
value_type: number
status: active
milestone: "13.12"

1
config/metrics/counts_all/20210502051922_ci_runners_group_type_active_online.yml
View File

@ -5,6 +5,7 @@ description: Total active and online Group Runners
product_group: runner
product_categories:
- fleet_visibility
- runner
value_type: number
status: active
milestone: "13.12"

1
config/metrics/counts_all/20210502052036_ci_runners_project_type_active_online.yml
View File

@ -5,6 +5,7 @@ description: Total active and online Specific (Project) Runners
product_group: runner
product_categories:
- fleet_visibility
- runner
value_type: number
status: active
milestone: "13.12"

2
config/metrics/settings/20240425162824_instance_runner_registration_token_allowed.yml
View File

@ -2,6 +2,8 @@
key_path: settings.allow_runner_registration_token
description: Whether runner registration tokens are allowed on the instance
product_group: runner
product_categories:
- runner
value_type: boolean
status: active
milestone: "17.0"

2
config/metrics/settings/20250321144300_instance_runner_token_expiration_enabled.yml
View File

@ -3,6 +3,8 @@ key_path: settings.instance_runner_token_expiration_enabled
description: >
Tracks whether an expiration interval is defined for instance runner authentication tokens
product_group: runner
product_categories:
- runner
value_type: boolean
status: active
milestone: "17.11"

2
config/metrics/settings/20250321144301_group_runner_token_expiration_enabled.yml
View File

@ -3,6 +3,8 @@ key_path: settings.group_runner_token_expiration_enabled
description: >
Tracks whether an expiration interval is defined for group runner authentication tokens
product_group: runner
product_categories:
- runner
value_type: boolean
status: active
milestone: "17.11"

2
config/metrics/settings/20250321144302_project_runner_token_expiration_enabled.yml
View File

@ -3,6 +3,8 @@ key_path: settings.project_runner_token_expiration_enabled
description: >
Tracks whether an expiration interval is defined for project runner authentication tokens
product_group: runner
product_categories:
- runner
value_type: boolean
status: active
milestone: "17.11"

2
db/docs/batched_background_migrations/backfill_issue_assignees_namespace_id.yml
View File

@ -5,4 +5,4 @@ feature_category: team_planning
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/174106
milestone: '17.10'
queued_migration_version: 20250220131539
finalized_by: # version of the migration that finalized this BBM
finalized_by: '20250708204640'

13
db/migrate/20250604220725_add_markdown_maintain_indentation.rb Normal file
View File

@ -0,0 +1,13 @@
# frozen_string_literal: true
class AddMarkdownMaintainIndentation < Gitlab::Database::Migration[2.3]
milestone '18.2'
def up
add_column :user_preferences, :markdown_maintain_indentation, :boolean, default: false, null: false
end
def down
remove_column :user_preferences, :markdown_maintain_indentation, :boolean
end
end

20
db/post_migrate/20250708204640_finalize_backfill_issue_assignees_namespace_id.rb Normal file
View File

@ -0,0 +1,20 @@
# frozen_string_literal: true
class FinalizeBackfillIssueAssigneesNamespaceId < Gitlab::Database::Migration[2.3]
milestone '18.2'
disable_ddl_transaction!
restrict_gitlab_migration gitlab_schema: :gitlab_main_cell
def up
ensure_batched_background_migration_is_finished(
job_class_name: 'BackfillIssueAssigneesNamespaceId',
table_name: :issue_assignees,
column_name: :issue_id,
job_arguments: [:namespace_id, :issues, :namespace_id, :issue_id],
finalize: true
)
end
def down; end
end

1
db/schema_migrations/20250604220725 Normal file
View File

@ -0,0 +1 @@
7140654d9f62a72e40808df6c28ec1e4dcb50b1a33e924c2c70b7e36cda583a8

1
db/schema_migrations/20250708204640 Normal file
View File

@ -0,0 +1 @@
84d12bf9c49331d3d2d0143fec3662050bb0433369f9212cb93d9cad37fe6492

1
db/structure.sql
View File

@ -25020,6 +25020,7 @@ CREATE TABLE user_preferences (
extensions_marketplace_opt_in_url text,
dark_color_scheme_id smallint,
work_items_display_settings jsonb DEFAULT '{}'::jsonb NOT NULL,
markdown_maintain_indentation boolean DEFAULT false NOT NULL,
default_duo_add_on_assignment_id bigint,
CONSTRAINT check_1d670edc68 CHECK ((time_display_relative IS NOT NULL)),
CONSTRAINT check_89bf269f41 CHECK ((char_length(diffs_deletion_color) <= 7)),

4
doc/administration/settings/vscode_extension_marketplace.md
View File

@ -2,7 +2,7 @@
stage: Create
group: Remote Development
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
description: Configure VS Code Extension Marketplace for features on the GitLab self-managed instance.
description: Configure VS Code Extension Marketplace for features on the GitLab Self-Managed instance.
title: Configure VS Code Extension Marketplace
---
@ -20,7 +20,7 @@ feature across your GitLab instance and configure which extension registry your
{{< alert type="note" >}}
To access the VS Code Extension Marketplace, your web browser must be able to access the `.cdn.web-ide.gitlab-static.net` assets host. This security requirement ensures that third-party extensions run in isolation, and cannot access your account.
To access the VS Code Extension Marketplace, your web browser must have access to the `.cdn.web-ide.gitlab-static.net` assets host. This security requirement ensures that third-party extensions run in isolation, and cannot access your account.
{{< /alert >}}

40
doc/api/groups.md
View File

@ -1472,6 +1472,26 @@ curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" \
### Archive a group
{{< details >}}
- Status: Experiment
{{< /details >}}
{{< history >}}
- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/481969) in GitLab 18.0 [with a flag](../administration/feature_flags/_index.md) named `archive_group`. Disabled by default. This feature is an [experiment](../policy/development_stages_support.md).
{{< /history >}}
{{< alert type="flag" >}}
The availability of this feature is controlled by a feature flag.
For more information, see the history.
This feature is available for testing, but not ready for production use.
{{< /alert >}}
Archive a group.
Prerequisites:
@ -1552,6 +1572,26 @@ Example response:
### Unarchive a group
{{< details >}}
- Status: Experiment
{{< /details >}}
{{< history >}}
- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/481969) in GitLab 18.0 [with a flag](../administration/feature_flags/_index.md) named `archive_group`. Disabled by default. This feature is an [experiment](../policy/development_stages_support.md).
{{< /history >}}
{{< alert type="flag" >}}
The availability of this feature is controlled by a feature flag.
For more information, see the history.
This feature is available for testing, but not ready for production use.
{{< /alert >}}
Unarchive a group.
Prerequisites:

3
doc/api/pipelines.md
View File

@ -242,8 +242,7 @@ Example of response
## Get variables for a pipeline
Get the variables of a pipeline. Does not include variables that come from a pipeline schedule.
For more information, see [issue 250850](https://gitlab.com/gitlab-org/gitlab/-/issues/250850).
Get the [pipeline variables](../ci/variables/_index.md#use-pipeline-variables) of a pipeline.
```plaintext
GET /projects/:id/pipelines/:pipeline_id/variables

1
doc/ci/jobs/job_control.md
View File

@ -15,6 +15,7 @@ title: Control how jobs run
Before a new pipeline starts, GitLab checks the pipeline configuration to determine
which jobs can run in that pipeline. You can configure jobs to run depending on
conditions like the value of variables or the pipeline type with [`rules`](job_rules.md).
When using job rules, learn how to [avoid duplicate pipelines](job_rules.md#avoid-duplicate-pipelines). To control pipeline creation, use [workflow:rules](../yaml/workflow.md).
## Create a job that must be run manually

54
doc/ci/review_apps/_index.md
View File

@ -266,8 +266,8 @@ Other examples of review apps:
Route maps let you navigate directly from source files to their corresponding public pages in the review app environment.
This feature makes it easier to preview specific changes in your merge requests.
When configured, route maps enhance the review app experience by adding links to review app versions
of the changed files in:
When configured, route maps add contextual links that let you view the review app version of files
that match your mapping patterns. These links appear in:
- The merge request widget.
- Commit and file views.
@ -290,8 +290,8 @@ Each mapping in the route map follows this format:
You can use two types of mapping:
- **Exact match**: String literals enclosed in single quotes
- **Pattern match**: Regular expressions enclosed in forward slashes
- Exact match: String literals enclosed in single quotes
- Pattern match: Regular expressions enclosed in forward slashes
For pattern matching with regular expressions:
@ -332,25 +332,41 @@ In this example:
### View mapped pages
After you configure route maps, you can find links to the mapped pages after the next
review app deployment.
Use route maps to navigate directly from source files to their corresponding pages in your review app.
To view mapped pages:
Prerequisites:
- In the merge request widget, select **View app** to go to the environment URL set in the
`.gitlab-ci.yml` file. The list shows up to 5 matched items from the route map (with
filtering if more are available).
- You must have configured route maps in `.gitlab/route-map.yml`.
- A review app must be deployed for your branch or merge request.
![Merge request widget with route maps showing matched items and filter bar](img/mr_widget_route_maps_v17_11.png)
To view mapped pages from the merge request widget:
For files in your route map:
1. In the merge request widget, select **View app**.
The dropdown list shows up to 5 mapped pages (with filtering if more are available).
1. In the **Changes** tab of your merge request, select **View file @ [commit]** next to a file.
1. On the file's page, look for **View on [deployment-URL]** ({{< icon name="external-link" >}}) in the upper-right corner.
![Merge request widget with route maps showing matched items and filter bar.](img/mr_widget_route_maps_v17_11.png)
For merge requests using merged results pipelines:
To view a mapped page from a file:
1. Go to the **Pipelines** tab in your merge request.
1. Select the commit for the latest pipeline.
1. Select **View file @ [commit]** next to a file.
1. On the file's page, select **View on [deployment-URL]** ({{< icon name="external-link" >}}) in the upper-right corner.
1. Go to a file that matches your route map using one of these methods:
- From a merge request: In the **Changes** tab, select **View file @ [commit]**.
- From a commit page: Select the filename.
- From a comparison: When comparing revisions, select the filename.
1. On the file's page, select **View on [environment-name]** ({{< icon name="external-link" >}}) in the upper-right corner.
To view mapped pages from a commit:
1. Go to a commit that has a review app deployment:
- For branch pipelines: Select **Code > Commits** and select a commit with a pipeline badge.
- For merge request pipelines: In your merge request, select the **Commits** tab and select a commit.
- For merged results pipelines: In your merge request, select the **Pipelines** tab and select the pipeline commit.
1. Select the review app icon ({{< icon name="external-link" >}}) next to a filename that matches your route map.
The icon opens the corresponding page in your review app.
{{< alert type="note" >}}
Merged results pipelines create an internal commit that merges your branch with the target branch.
To access review app links for these pipelines, use the commit from the **Pipelines** tab,
not the **Commits** tab.
{{< /alert >}}

2
doc/development/testing_guide/end_to_end/best_practices/feature_flags.md
View File

@ -198,7 +198,7 @@ End-to-end tests should pass with a feature flag enabled before it is enabled on
There are two ways to confirm that end-to-end tests pass:
- If a merge request adds or edits a [feature flag definition file](../../../feature_flags/_index.md#feature-flag-definition-and-validation),
two `e2e:test-on-omnibus-ee` jobs (`ee:instance-parallel` and `ee:instance-parallel-ff-inverse`) are included automatically in the merge request pipeline.
two `e2e:test-on-gdk` jobs (`gdk-instance` and `gdk-instance-ff-inverse`) are included automatically in the merge request pipeline.
One job runs the application with default feature flag state and another sets it to inverse value. The jobs execute the same suite of tests to confirm that they pass with the feature flag either enabled or disabled.
- In some cases, if end-to-end test jobs didn't trigger automatically, or if it has run the tests with the default feature flag values (which might not be desired),
you can create a Draft MR that enables the feature flag to ensure that all E2E tests pass with the feature flag enabled and disabled.

2
doc/subscriptions/subscription-add-ons.md
View File

@ -37,7 +37,7 @@ GitLab Duo Core is included automatically if you have:
If you are a new customer in GitLab 18.0 or later, IDE features are automatically turned on and no further action is needed.
If you are a pre-existing customer from GitLab 17.11 or earlier, you must [turn on IDE features](../user/gitlab_duo/turn_on_off.md#change-gitlab-duo-core-availability) to start using GitLab Duo in your IDEs. No further action is needed.
If you are a pre-existing customer from GitLab 17.11 or earlier, you must [turn on IDE features](../user/gitlab_duo/turn_on_off.md#turn-gitlab-duo-core-on-or-off) to start using GitLab Duo in your IDEs. No further action is needed.
Users assigned the following roles have access to GitLab Duo Core:

2
doc/tutorials/scrum_events/_index.md
View File

@ -433,7 +433,7 @@ Mark them for refinement:
By this point in the tutorial, your **Backlog** board should look like this:
![Example issue board](img/issue_board_demo_v16_10.png)
![A backlog board with user stories distributed across iteration columns.](img/issue_board_demo_v16_10.png)
In practice, you will use this board to sequence many stories into upcoming iterations.
When your backlog grows, and you have dozens of stories spanning multiple features, it can be helpful

218
doc/user/application_security/coverage_fuzzing/_index.md
View File

@ -13,6 +13,8 @@ description: Coverage-guided fuzzing, random inputs, and unexpected behavior.
{{< /details >}}
## Getting started
Coverage-guided fuzz testing sends random inputs to an instrumented version of your application in
an effort to cause unexpected behavior. Such behavior indicates a bug that you should address.
GitLab allows you to add coverage-guided fuzz testing to your pipelines. This helps you discover
@ -25,43 +27,7 @@ you can run your coverage-guided fuzz testing as part your CI/CD workflow.
<i class="fa fa-youtube-play youtube" aria-hidden="true"></i>
For an overview, see [Coverage Fuzzing](https://www.youtube.com/watch?v=bbIenVVcjW0).
## Coverage-guided fuzz testing process
The fuzz testing process:
1. Compiles the target application.
1. Runs the instrumented application, using the `gitlab-cov-fuzz` tool.
1. Parses and analyzes the exception information output by the fuzzer.
1. Downloads the [corpus](../terminology/_index.md#corpus) from either:
- The previous pipelines.
- If `COVFUZZ_USE_REGISTRY` is set to `true`, the [corpus registry](#corpus-registry).
1. Downloads crash events from previous pipeline.
1. Outputs the parsed crash events and data to the `gl-coverage-fuzzing-report.json` file.
1. Updates the corpus, either:
- In the job's pipeline.
- If `COVFUZZ_USE_REGISTRY` is set to `true`, in the corpus registry.
The results of the coverage-guided fuzz testing are available in the CI/CD pipeline.
## Supported fuzzing engines and languages
You can use the following fuzzing engines to test the specified languages.
| Language | Fuzzing Engine | Example |
|---------------------------------------------|------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------|
| C/C++ | [libFuzzer](https://llvm.org/docs/LibFuzzer.html) | [c-cpp-example](https://gitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/c-cpp-fuzzing-example) |
| Go | [go-fuzz (libFuzzer support)](https://github.com/dvyukov/go-fuzz) | [go-fuzzing-example](https://gitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/go-fuzzing-example) |
| Swift | [libFuzzer](https://github.com/apple/swift/blob/master/docs/libFuzzerIntegration.md) | [swift-fuzzing-example](https://gitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/swift-fuzzing-example) |
| Rust | [cargo-fuzz (libFuzzer support)](https://github.com/rust-fuzz/cargo-fuzz) | [rust-fuzzing-example](https://gitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/rust-fuzzing-example) |
| Java (Maven only)<sup>1</sup> | [Javafuzz](https://gitlab.com/gitlab-org/security-products/analyzers/fuzzers/javafuzz) (recommended) | [javafuzz-fuzzing-example](https://gitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/javafuzz-fuzzing-example) |
| Java | [JQF](https://github.com/rohanpadhye/JQF) (not preferred) | [jqf-fuzzing-example](https://gitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/java-fuzzing-example) |
| JavaScript | [`jsfuzz`](https://gitlab.com/gitlab-org/security-products/analyzers/fuzzers/jsfuzz) | [jsfuzz-fuzzing-example](https://gitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/jsfuzz-fuzzing-example) |
| Python | [`pythonfuzz`](https://gitlab.com/gitlab-org/security-products/analyzers/fuzzers/pythonfuzz) | [pythonfuzz-fuzzing-example](https://gitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/pythonfuzz-fuzzing-example) |
| AFL (any language that works on top of AFL) | [AFL](https://lcamtuf.coredump.cx/afl/) | [afl-fuzzing-example](https://gitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/afl-fuzzing-example) |
1. Support for Gradle is planned in [issue 409764](https://gitlab.com/gitlab-org/gitlab/-/issues/409764).
## Confirm status of coverage-guided fuzz testing
### Confirm status of coverage-guided fuzz testing
To confirm the status of coverage-guided fuzz testing:
@ -72,7 +38,7 @@ To confirm the status of coverage-guided fuzz testing:
- **Enabled**
- A prompt to upgrade to GitLab Ultimate.
## Enable coverage-guided fuzz testing
### Enable coverage-guided fuzz testing
To enable coverage-guided fuzz testing, edit `.gitlab-ci.yml`:
@ -121,34 +87,9 @@ job. If you include these keys in your own job, you must copy their original con
- `artifacts`
- `rules`
### Available CI/CD variables
## Understanding the results
Use the following variables to configure coverage-guided fuzz testing in your CI/CD pipeline.
{{< alert type="warning" >}}
All customization of GitLab security scanning tools should be tested in a merge request before
merging these changes to the default branch. Failure to do so can give unexpected results, including
a large number of false positives.
{{< /alert >}}
| CI/CD variable | Description |
|---------------------------|---------------------------------------------------------------------------------|
| `COVFUZZ_ADDITIONAL_ARGS` | Arguments passed to `gitlab-cov-fuzz`. Used to customize the behavior of the underlying fuzzing engine. Read the fuzzing engine's documentation for a complete list of arguments. |
| `COVFUZZ_BRANCH` | The branch on which long-running fuzzing jobs are to be run. On all other branches, only fuzzing regression tests are run. Default: Repository's default branch. |
| `COVFUZZ_SEED_CORPUS` | Path to a seed corpus directory. Default: empty. |
| `COVFUZZ_URL_PREFIX` | Path to the `gitlab-cov-fuzz` repository cloned for use with an offline environment. You should only change this value when using an offline environment. Default: `https://gitlab.com/gitlab-org/security-products/analyzers/gitlab-cov-fuzz/-/raw`. |
| `COVFUZZ_USE_REGISTRY` | Set to `true` to have the corpus stored in the GitLab corpus registry. The variables `COVFUZZ_CORPUS_NAME` and `COVFUZZ_GITLAB_TOKEN` are required if this variable is set to `true`. Default: `false`. |
| `COVFUZZ_CORPUS_NAME` | Name of the corpus to be used in the job. |
| `COVFUZZ_GITLAB_TOKEN` | Environment variable configured with [personal access token](../../profile/personal_access_tokens.md#create-a-personal-access-token) or [project access token](../../project/settings/project_access_tokens.md#create-a-project-access-token) with API read/write access. |
#### Seed corpus
Files in the [seed corpus](../terminology/_index.md#seed-corpus) must be updated manually. They are
not updated or overwritten by the coverage-guide fuzz testing job.
## Output
### Output
Each fuzzing step outputs these artifacts:
@ -162,7 +103,7 @@ Each fuzzing step outputs these artifacts:
You can download the JSON report file from the CI/CD pipelines page. For more information, see
[Downloading artifacts](../../../ci/jobs/job_artifacts.md#download-job-artifacts).
## Corpus registry
### Corpus registry
The corpus registry is a library of corpora. Corpora in a project's registry are available to
all jobs in that project. A project-wide registry is a more efficient way to manage corpora than
@ -175,7 +116,7 @@ When you download a corpus, the file is named `artifacts.zip`, regardless of the
the corpus was initially uploaded. This file contains only the corpus, which is different to the
artifacts files you can download from the CI/CD pipeline. Also, a project member with a Reporter or above privilege can download the corpus using the direct download link.
### View details of the corpus registry
#### View details of the corpus registry
To view details of the corpus registry:
@ -183,14 +124,14 @@ To view details of the corpus registry:
1. Select **Secure > Security configuration**.
1. In the **Coverage Fuzzing** section, select **Manage corpus**.
### Create a corpus in the corpus registry
#### Create a corpus in the corpus registry
To create a corpus in the corpus registry, either:
- Create a corpus in a pipeline
- Upload an existing corpus file
#### Create a corpus in a pipeline
##### Create a corpus in a pipeline
To create a corpus in a pipeline:
@ -203,7 +144,7 @@ To create a corpus in a pipeline:
After the `my_fuzz_target` job runs, the corpus is stored in the corpus registry, with the name
provided by the `COVFUZZ_CORPUS_NAME` variable. The corpus is updated on every pipeline run.
#### Upload a corpus file
##### Upload a corpus file
To upload an existing corpus file:
@ -232,7 +173,7 @@ Prerequisites:
- Set `COVFUZZ_CORPUS_NAME` to the name of the corpus.
- Set `COVFUZZ_GITLAB_TOKEN` to the value of the personal access token.
## Coverage-guided fuzz testing report
### Coverage-guided fuzz testing report
For detailed information about the `gl-coverage-fuzzing-report.json` file's format, read the
[schema](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/blob/master/dist/coverage-fuzzing-report-format.json).
@ -266,7 +207,106 @@ Example coverage-guided fuzzing report:
}
```
## Duration of coverage-guided fuzz testing
### Interacting with the vulnerabilities
After a vulnerability is found, you can [address it](../vulnerabilities/_index.md).
The merge request widget lists the vulnerability and contains a button for downloading the fuzzing
artifacts. By selecting one of the detected vulnerabilities, you can see its details.
![Coverage Fuzzing Security Report](img/coverage_fuzzing_report_v13_6.png)
You can also view the vulnerability from the [Security Dashboard](../security_dashboard/_index.md),
which shows an overview of all the security vulnerabilities in your groups, projects, and pipelines.
Selecting the vulnerability opens a modal that provides additional information about the
vulnerability:
- Status: The vulnerability's status. As with any type of vulnerability, a coverage fuzzing
vulnerability can be Detected, Confirmed, Dismissed, or Resolved.
- Project: The project in which the vulnerability exists.
- Crash type: The type of crash or weakness in the code. This typically maps to a [CWE](https://cwe.mitre.org/).
- Crash state: A normalized version of the stack trace, containing the last three functions of the
crash (without random addresses).
- Stack trace snippet: The last few lines of the stack trace, which shows details about the crash.
- Identifier: The vulnerability's identifier. This maps to either a [CVE](https://cve.mitre.org/)
or [CWE](https://cwe.mitre.org/).
- Severity: The vulnerability's severity. This can be Critical, High, Medium, Low, Info, or Unknown.
- Scanner: The scanner that detected the vulnerability (for example, Coverage Fuzzing).
- Scanner Provider: The engine that did the scan. For Coverage Fuzzing, this can be any of the
engines listed in [Supported fuzzing engines and languages](#supported-fuzzing-engines-and-languages).
## Optimization
Use the following customization options to optimize coverage-guided fuzz testing to your project.
### Available CI/CD variables
Use the following variables to configure coverage-guided fuzz testing in your CI/CD pipeline.
{{< alert type="warning" >}}
All customization of GitLab security scanning tools should be tested in a merge request before
merging these changes to the default branch. Failure to do so can give unexpected results, including
a large number of false positives.
{{< /alert >}}
| CI/CD variable | Description |
|---------------------------|---------------------------------------------------------------------------------|
| `COVFUZZ_ADDITIONAL_ARGS` | Arguments passed to `gitlab-cov-fuzz`. Used to customize the behavior of the underlying fuzzing engine. Read the fuzzing engine's documentation for a complete list of arguments. |
| `COVFUZZ_BRANCH` | The branch on which long-running fuzzing jobs are to be run. On all other branches, only fuzzing regression tests are run. Default: Repository's default branch. |
| `COVFUZZ_SEED_CORPUS` | Path to a seed corpus directory. Default: empty. |
| `COVFUZZ_URL_PREFIX` | Path to the `gitlab-cov-fuzz` repository cloned for use with an offline environment. You should only change this value when using an offline environment. Default: `https://gitlab.com/gitlab-org/security-products/analyzers/gitlab-cov-fuzz/-/raw`. |
| `COVFUZZ_USE_REGISTRY` | Set to `true` to have the corpus stored in the GitLab corpus registry. The variables `COVFUZZ_CORPUS_NAME` and `COVFUZZ_GITLAB_TOKEN` are required if this variable is set to `true`. Default: `false`. |
| `COVFUZZ_CORPUS_NAME` | Name of the corpus to be used in the job. |
| `COVFUZZ_GITLAB_TOKEN` | Environment variable configured with [personal access token](../../profile/personal_access_tokens.md#create-a-personal-access-token) or [project access token](../../project/settings/project_access_tokens.md#create-a-project-access-token) with API read/write access. |
#### Seed corpus
Files in the [seed corpus](../terminology/_index.md#seed-corpus) must be updated manually. They are
not updated or overwritten by the coverage-guide fuzz testing job.
### Coverage-guided fuzz testing process
The fuzz testing process:
1. Compiles the target application.
1. Runs the instrumented application, using the `gitlab-cov-fuzz` tool.
1. Parses and analyzes the exception information output by the fuzzer.
1. Downloads the [corpus](../terminology/_index.md#corpus) from either:
- The previous pipelines.
- If `COVFUZZ_USE_REGISTRY` is set to `true`, the [corpus registry](#corpus-registry).
1. Downloads crash events from previous pipeline.
1. Outputs the parsed crash events and data to the `gl-coverage-fuzzing-report.json` file.
1. Updates the corpus, either:
- In the job's pipeline.
- If `COVFUZZ_USE_REGISTRY` is set to `true`, in the corpus registry.
The results of the coverage-guided fuzz testing are available in the CI/CD pipeline.
## Roll out
After you're comfortable using coverage-guided fuzz testing in a single project, you can take advantage of the following advanced features, including enabling testing in offline environments.
### Supported fuzzing engines and languages
You can use the following fuzzing engines to test the specified languages.
| Language | Fuzzing Engine | Example |
|---------------------------------------------|------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------|
| C/C++ | [libFuzzer](https://llvm.org/docs/LibFuzzer.html) | [c-cpp-example](https://gitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/c-cpp-fuzzing-example) |
| Go | [go-fuzz (libFuzzer support)](https://github.com/dvyukov/go-fuzz) | [go-fuzzing-example](https://gitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/go-fuzzing-example) |
| Swift | [libFuzzer](https://github.com/apple/swift/blob/master/docs/libFuzzerIntegration.md) | [swift-fuzzing-example](https://gitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/swift-fuzzing-example) |
| Rust | [cargo-fuzz (libFuzzer support)](https://github.com/rust-fuzz/cargo-fuzz) | [rust-fuzzing-example](https://gitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/rust-fuzzing-example) |
| Java (Maven only)<sup>1</sup> | [Javafuzz](https://gitlab.com/gitlab-org/security-products/analyzers/fuzzers/javafuzz) (recommended) | [javafuzz-fuzzing-example](https://gitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/javafuzz-fuzzing-example) |
| Java | [JQF](https://github.com/rohanpadhye/JQF) (not preferred) | [jqf-fuzzing-example](https://gitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/java-fuzzing-example) |
| JavaScript | [`jsfuzz`](https://gitlab.com/gitlab-org/security-products/analyzers/fuzzers/jsfuzz) | [jsfuzz-fuzzing-example](https://gitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/jsfuzz-fuzzing-example) |
| Python | [`pythonfuzz`](https://gitlab.com/gitlab-org/security-products/analyzers/fuzzers/pythonfuzz) | [pythonfuzz-fuzzing-example](https://gitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/pythonfuzz-fuzzing-example) |
| AFL (any language that works on top of AFL) | [AFL](https://lcamtuf.coredump.cx/afl/) | [afl-fuzzing-example](https://gitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/afl-fuzzing-example) |
1. Support for Gradle is planned in [issue 409764](https://gitlab.com/gitlab-org/gitlab/-/issues/409764).
### Duration of coverage-guided fuzz testing
The available durations for coverage-guided fuzz testing are:
@ -276,7 +316,7 @@ The available durations for coverage-guided fuzz testing are:
For a complete example, read the [Go coverage-guided fuzzing example](https://gitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/go-fuzzing-example/-/blob/master/.gitlab-ci.yml).
### Continuous coverage-guided fuzz testing
#### Continuous coverage-guided fuzz testing
It's also possible to run the coverage-guided fuzzing jobs longer and without blocking your main
pipeline. This configuration uses the GitLab
@ -321,11 +361,11 @@ This creates two jobs:
The `covfuzz-ci.yml` is the same as that in the [original synchronous example](https://gitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/go-fuzzing-example#running-go-fuzz-from-ci).
## FIPS-enabled binary
### FIPS-enabled binary
[Starting in GitLab 15.0](https://gitlab.com/gitlab-org/gitlab/-/issues/352549) the coverage fuzzing binary is compiled with `golang-fips` on Linux x86 and uses OpenSSL as the cryptographic backend. For more details, see FIPS compliance at GitLab with Go.
## Offline environment
### Offline environment
To use coverage fuzzing in an offline environment:
@ -336,34 +376,6 @@ To use coverage fuzzing in an offline environment:
`NEW_URL_GITLAB_COV_FUZ` is the URL of the private `gitlab-cov-fuzz` clone that you set up in the
first step.
## Interacting with the vulnerabilities
After a vulnerability is found, you can [address it](../vulnerabilities/_index.md).
The merge request widget lists the vulnerability and contains a button for downloading the fuzzing
artifacts. By selecting one of the detected vulnerabilities, you can see its details.
![Coverage Fuzzing Security Report](img/coverage_fuzzing_report_v13_6.png)
You can also view the vulnerability from the [Security Dashboard](../security_dashboard/_index.md),
which shows an overview of all the security vulnerabilities in your groups, projects, and pipelines.
Selecting the vulnerability opens a modal that provides additional information about the
vulnerability:
- Status: The vulnerability's status. As with any type of vulnerability, a coverage fuzzing
vulnerability can be Detected, Confirmed, Dismissed, or Resolved.
- Project: The project in which the vulnerability exists.
- Crash type: The type of crash or weakness in the code. This typically maps to a [CWE](https://cwe.mitre.org/).
- Crash state: A normalized version of the stack trace, containing the last three functions of the
crash (without random addresses).
- Stack trace snippet: The last few lines of the stack trace, which shows details about the crash.
- Identifier: The vulnerability's identifier. This maps to either a [CVE](https://cve.mitre.org/)
or [CWE](https://cwe.mitre.org/).
- Severity: The vulnerability's severity. This can be Critical, High, Medium, Low, Info, or Unknown.
- Scanner: The scanner that detected the vulnerability (for example, Coverage Fuzzing).
- Scanner Provider: The engine that did the scan. For Coverage Fuzzing, this can be any of the
engines listed in [Supported fuzzing engines and languages](#supported-fuzzing-engines-and-languages).
## Troubleshooting
### Error `Unable to extract corpus folder from artifacts zip file`

2
doc/user/gitlab_duo/troubleshooting.md
View File

@ -102,7 +102,7 @@ you can also do the following:
- If you have GitLab Duo Core, verify that you have:
- A Premium or Ultimate subscription.
- [Turned on IDE features](turn_on_off.md#change-gitlab-duo-core-availability).
- [Turned on IDE features](turn_on_off.md#turn-gitlab-duo-core-on-or-off).
- If you have GitLab Duo Pro or Enterprise:
- Verify that [a subscription add-on has been purchased](../../subscriptions/subscription-add-ons.md#purchase-gitlab-duo).
- Ensure that [seats are assigned to users](../../subscriptions/subscription-add-ons.md#assign-gitlab-duo-seats).

369
doc/user/gitlab_duo/turn_on_off.md
View File

@ -5,68 +5,13 @@ info: To determine the technical writer assigned to the Stage/Group associated w
title: Control GitLab Duo availability
---
GitLab Duo availability depends on your subscription add-on:
{{< details >}}
- [GitLab Duo Core](../../subscriptions/subscription-add-ons.md#gitlab-duo-core), or
- [GitLab Duo Pro or Enterprise](../../subscriptions/subscription-add-ons.md#gitlab-duo-pro-and-enterprise).
- Tier: Premium, Ultimate
- Add-on: GitLab Duo Core, Pro, or Enterprise
- Offering: GitLab.com, GitLab Self-Managed
Depending on your add-on, you can turn GitLab Duo on and off for a group, project, or instance.
## Change GitLab Duo Core availability
{{< history >}}
- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/538857) in GitLab 18.0.
{{< /history >}}
If you have the GitLab Duo Core add-on, which is included with Premium and Ultimate subscriptions,
GitLab Duo Chat and Code Suggestions are available in your IDEs, and are turned on by default.
If you were an existing user with a Premium or Ultimate subscription before May 15, 2025,
Chat and Code Suggestions in your IDEs are turned off by default. To turn on these
features:
1. Upgrade to GitLab 18.0 or later.
1. Turn on the IDE features for your group or instance.
It may take up to 10 minutes for the change to take effect.
### For a group
On GitLab.com, you can turn GitLab Duo Core on or off for a top-level group, but not for a subgroup or project.
Prerequisites:
- You must have the Owner role for the top-level group.
To turn GitLab Duo Core on or off for a top-level group on GitLab.com:
1. On the left sidebar, select **Search or go to** and find your top-level group.
1. Select **Settings > GitLab Duo**.
1. Select **Change configuration**.
1. Below **GitLab Duo Core**, select or clear the **Turn on IDE features** checkbox.
1. Select **Save changes**.
It may take up to 10 minutes for the change to take effect.
### For an instance
On GitLab Self-Managed, you can turn GitLab Duo Core on or off for an instance.
Prerequisites:
- You must be an administrator.
To turn GitLab Duo Core on or off for an instance:
1. On the left sidebar, at the bottom, select **Admin area**.
1. Select **GitLab Duo**.
1. Select **Change configuration**.
1. Below **GitLab Duo Core**, select or clear the **Turn on IDE features** checkbox.
1. Select **Save changes**.
## Change GitLab Duo Pro and Enterprise availability
{{< /details >}}
{{< history >}}
@ -75,133 +20,166 @@ To turn GitLab Duo Core on or off for an instance:
{{< /history >}}
For GitLab Duo Pro or Enterprise, GitLab Duo is turned on by default.
For some generally available features, like Code Suggestions,
[you must also assign seats](../../subscriptions/subscription-add-ons.md#assign-gitlab-duo-seats)
to the users you want to have access.
GitLab Duo is on by default when you [have a subscription](../../subscriptions/subscription-add-ons.md).
You can turn GitLab Duo on or off for a group, project, or instance.
You can turn GitLab Duo on or off:
When GitLab Duo is turned off for a group, project, or instance:
- On GitLab.com: For top-level groups, other groups or subgroups, and projects.
- On GitLab Self-Managed: For instances, groups or subgroups, and projects.
- GitLab Duo features that access resources, like code, issues, and vulnerabilities, are not available.
- Code Suggestions is not available.
- GitLab Duo Chat is not available.
You can also turn GitLab Duo Core (a subset of GitLab Duo features) on or off.
### For a group or subgroup
## Turn GitLab Duo Core on or off
{{< tabs >}}
{{< history >}}
{{< tab title="In 17.8 and later" >}}
- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/538857) in GitLab 18.0.
- GitLab availability settings, and group, subgroup, and project controls [added](https://gitlab.com/gitlab-org/gitlab/-/issues/551895) in GitLab 18.2.
In GitLab 17.8 and later, follow these instructions to turn GitLab Duo on or off
for a group, including its subgroups and projects.
{{< /history >}}
If you have [GitLab Duo Core](../../subscriptions/subscription-add-ons.md#gitlab-duo-core),
which is included with Premium and Ultimate subscriptions, GitLab Duo Chat and
Code Suggestions are available in your IDEs, and are turned on by default.
If you were an existing user with a Premium or Ultimate subscription before May 15, 2025,
when you upgrade to GitLab 18.0 or later, you have access to Chat and Code Suggestions in your IDEs,
but are turned off by default. However, you can turn them on.
### On GitLab.com
On GitLab.com, you can change availability for GitLab Duo Core for your top-level group (namespace).
Prerequisites:
- You must have the Owner role for the top-level group.
To change GitLab Duo Core availability:
1. On the left sidebar, select **Search or go to** and find your top-level group.
1. Select **Settings > GitLab Duo**.
1. Select **Change configuration**.
1. Under **GitLab Duo availability in this namespace**, select an option.
1. Under **GitLab Duo Core**, select or clear the **Turn on IDE features** checkbox.
If you selected **Always off** for GitLab Duo availability, you cannot access
this setting.
1. Select **Save changes**.
It might take up to 10 minutes for the change to take effect.
### On GitLab Self-Managed
On GitLab Self-Managed, you can change availability for GitLab Duo Core for your instance.
Prerequisites:
- You must be an administrator.
To change GitLab Duo Core availability:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **GitLab Duo**.
1. Select **Change configuration**.
1. Under **GitLab Duo availability in this instance**, select an option.
1. Under **GitLab Duo Core**, select or clear the **Turn on IDE features** checkbox.
If you selected **Always off** for GitLab Duo availability, you cannot access
this setting.
1. Select **Save changes**.
## Turn GitLab Duo on or off
GitLab Duo is on by default when you [have a subscription](../../subscriptions/subscription-add-ons.md).
You can choose to change its availability for different groups and projects.
### On GitLab.com
On GitLab.com, you can control GitLab Duo availability for the top-level group,
other groups, subgroups, and projects.
#### For a top-level group
Prerequisites:
- You must have the Owner role for the group.
To turn GitLab Duo on or off for a group or subgroup:
To change GitLab Duo Core availability for the top-level group:
1. On the left sidebar, select **Search or go to** and find your top-level group.
1. Select **Settings > GitLab Duo**.
1. Select **Change configuration**.
1. Under **GitLab Duo availability in this namespace**, select an option.
1. Select **Save changes**.
GitLab Duo availability changes for all subgroups and projects.
#### For a group or subgroup
Prerequisites:
- You must have the Owner role for the group.
To change GitLab Duo Core availability for a group or subgroup:
1. On the left sidebar, select **Search or go to** and find your group or subgroup.
1. Go to the settings, based on your deployment type and group level:
- For GitLab.com top-level groups: Select **Settings > GitLab Duo** and select **Change configuration**.
- For GitLab.com subgroups: Select **Settings > General** and expand **GitLab Duo features**.
- For GitLab Self-Managed (all groups and subgroups): Select **Settings > General** and expand **GitLab Duo features**.
1. Choose an option.
1. Select **Settings > General**.
1. Expand **GitLab Duo features**.
1. Under **GitLab Duo availability in this group**, select an option.
1. Select **Save changes**.
{{< /tab >}}
GitLab Duo availability changes for all subgroups and projects.
{{< tab title="In 17.7" >}}
In GitLab 17.7, follow these instructions to turn GitLab Duo on or off
for a group, including its subgroups and projects.
{{< alert type="note" >}}
In GitLab 17.7:
- For GitLab.com, the GitLab Duo settings page is only available for top-level groups, not for subgroups.
- For GitLab Self-Managed, the GitLab Duo settings page is not available for groups or subgroups.
{{< /alert >}}
#### For a project
Prerequisites:
- You must have the Owner role for the group.
- You must have the Owner role for the project.
To turn GitLab Duo on or off for a top-level group:
To change GitLab Duo Core availability for a project:
1. On the left sidebar, select **Search or go to** and find your top-level group.
1. Select **Settings > GitLab Duo**.
1. On the left sidebar, select **Search or go to** and find your project.
1. Select **Settings > General**.
1. Expand **GitLab Duo**.
1. Turn the **Use AI-native features in this project** toggle on or off.
1. Select **Save changes**.
### On GitLab Self-Managed
On GitLab Self-Managed, you can control GitLab Duo availability for the instance,
groups, subgroups, or projects.
#### For an instance
Prerequisites:
- You must be an administrator.
To change GitLab Duo Core availability for the instance:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **GitLab Duo**.
1. Select **Change configuration**.
1. Choose an option.
1. Under **GitLab Duo availability in this instance**, select an option.
1. Select **Save changes**.
{{< /tab >}}
GitLab Duo availability changes for the entire instance.
{{< tab title="In 17.4 to 17.6" >}}
In GitLab 17.4 to 17.6, follow these instructions to turn GitLab Duo on or off
for a group and its subgroups and projects.
{{< alert type="note" >}}
In GitLab 17.4 to 17.6:
- For GitLab.com, the GitLab Duo settings page is only available for top-level groups, not for subgroups.
- For GitLab Self-Managed, the GitLab Duo settings page is not available for groups or subgroups.
{{< /alert >}}
#### For a group or subgroup
Prerequisites:
- You must have the Owner role for the group.
To turn GitLab Duo on or off for a top-level group:
1. On the left sidebar, select **Search or go to** and find your top-level group.
1. Select **Settings > GitLab Duo**.
1. Select **Change configuration**.
1. Choose an option.
1. Select **Save changes**.
{{< /tab >}}
{{< tab title="In 17.3 and earlier" >}}
In GitLab 17.3 and earlier, follow these instructions to turn GitLab Duo on or off for a group
and its subgroups and projects.
Prerequisites:
- You must have the Owner role for the group.
- You must have the Owner role for the group or subgroup.
To turn GitLab Duo on or off for a group or subgroup:
1. On the left sidebar, select **Search or go to** and find your group or subgroup.
1. Select **Settings > General**.
1. Expand **Permissions and group features**.
1. Select or clear the **Use GitLab Duo features** checkbox.
1. Optional. Select the **Enforce for all subgroups** checkbox to cascade the setting to
all subgroups.
1. Expand **GitLab Duo features**.
1. Under **GitLab Duo availability in this group**, select an option.
1. Select **Save changes**.
![Cascading setting](img/disable_duo_features_v17_1.png)
GitLab Duo availability changes for all subgroups and projects.
{{< /tab >}}
{{< /tabs >}}
### For a project
{{< tabs >}}
{{< tab title="In 17.4 and later" >}}
In GitLab 17.4 and later, follow these instructions to turn GitLab Duo on or off for a project.
#### For a project
Prerequisites:
@ -211,93 +189,16 @@ To turn GitLab Duo on or off for a project:
1. On the left sidebar, select **Search or go to** and find your project.
1. Select **Settings > General**.
1. Expand **Visibility, project features, permissions**.
1. Under **GitLab Duo**, turn the toggle on or off.
1. Expand **GitLab Duo**.
1. Turn the **Use AI-native features in this project** toggle on or off.
1. Select **Save changes**.
{{< /tab >}}
GitLab Duo availability changes for the project.
{{< tab title="In 17.3 and earlier" >}}
### For earlier GitLab versions
In GitLab 17.3 and earlier, follow these instructions to turn GitLab Duo on or off for a project.
1. Use the GitLab GraphQL API
[`projectSettingsUpdate`](../../api/graphql/reference/_index.md#mutationprojectsettingsupdate)
mutation.
1. Set the
[`duo_features_enabled`](../../api/graphql/getting_started.md#update-project-settings)
setting to `true` or `false`.
{{< /tab >}}
{{< /tabs >}}
### For an instance
{{< details >}}
- Offering: GitLab Self-Managed
{{< /details >}}
{{< tabs >}}
{{< tab title="In 17.7 and later" >}}
In GitLab 17.7 and later, follow these instructions to turn GitLab Duo on or off for an instance.
Prerequisites:
- You must be an administrator.
To turn GitLab Duo on or off for an instance:
1. On the left sidebar, at the bottom, select **Admin area**.
1. Select **GitLab Duo**.
1. Select **Change configuration**.
1. Choose an option.
1. Select **Save changes**.
{{< /tab >}}
{{< tab title="In 17.4 to 17.6" >}}
In GitLab 17.4 to 17.6, follow these instructions to turn GitLab Duo on or off for the instance.
Prerequisites:
- You must be an administrator.
To turn GitLab Duo on or off for an instance:
1. On the left sidebar, at the bottom, select **Admin area**.
1. Select **Settings > General**.
1. Expand **GitLab Duo features**.
1. Choose an option.
1. Select **Save changes**.
{{< /tab >}}
{{< tab title="In 17.3 and earlier" >}}
In GitLab 17.3 and earlier, follow these instructions to turn GitLab Duo on or off for an instance.
Prerequisites:
- You must be an administrator.
To turn GitLab Duo on or off for an instance:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Settings > General**.
1. Expand **AI-powered features**.
1. Select or clear the **Use Duo features** checkbox.
1. Optional. Select the **Enforce for all subgroups** checkbox to cascade
the setting to all groups in the instance.
{{< /tab >}}
{{< /tabs >}}
For information on how to turn GitLab Duo on of off in earlier GitLab versions,
see [Control GitLab Duo availability for earlier GitLab versions](turn_on_off_earlier.md).
## Turn on beta and experimental features

Some files were not shown because too many files have changed in this diff Show More