root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2025-05-06 21:11:45 +00:00
parent 7ffbe2b95c
commit 20dda16549
127 changed files with 847 additions and 438 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
.gitlab/CODEOWNERS
View File

@ -582,7 +582,6 @@ lib/gitlab/checks/**
/doc/administration/application_settings_cache.md @jglassman1
/doc/administration/auditor_users.md @idurham
/doc/administration/auth/ @idurham
/doc/administration/backup_restore/ @axil
/doc/administration/broadcast_messages.md @sselhorn
/doc/administration/cells.md @emily.sahlani
/doc/administration/cicd/ @lyspin
@ -606,7 +605,7 @@ lib/gitlab/checks/**
/doc/administration/file_hooks.md @ashrafkhamis
/doc/administration/geo/ @axil
/doc/administration/geo_sites.md @axil
/doc/administration/get_started.md @kpaizee
/doc/administration/get_started.md @gl-docsteam
/doc/administration/git_protocol.md @brendan777
/doc/administration/gitaly/ @eread
/doc/administration/gitlab_duo_self_hosted/ @jglassman1
@ -632,7 +631,7 @@ lib/gitlab/checks/**
/doc/administration/logs/ @axil
/doc/administration/logs/_index.md @lciutacu
/doc/administration/maintenance_mode/ @axil
/doc/administration/merge_request_diffs.md @brendan777
/doc/administration/merge_request_diffs.md @aqualls
/doc/administration/merge_requests_approvals.md @brendan777
/doc/administration/moderate_users.md @lciutacu
/doc/administration/monitoring/_index.md @lciutacu
@ -655,7 +654,6 @@ lib/gitlab/checks/**
/doc/administration/packages/_index.md @z_painter
/doc/administration/pages/ @msedlakjakubowski
/doc/administration/polling.md @axil
/doc/administration/postgresql/ @emily.sahlani
/doc/administration/raketasks/ @axil
/doc/administration/raketasks/ldap.md @idurham
/doc/administration/raketasks/praefect.md @eread
@ -710,6 +708,7 @@ lib/gitlab/checks/**
/doc/administration/settings/terraform_limits.md @z_painter
/doc/administration/settings/third_party_offers.md @emily.sahlani
/doc/administration/settings/visibility_and_access_controls.md @brendan777
/doc/administration/settings/vscode_extension_marketplace.md @brendan777
/doc/administration/sidekiq/ @axil
/doc/administration/sidekiq/sidekiq_memory_killer.md @jglassman1
/doc/administration/silent_mode/ @axil
@ -795,6 +794,7 @@ lib/gitlab/checks/**
/doc/api/group_level_variables.md @marcel.amirault
/doc/api/group_markdown_uploads.md @msedlakjakubowski
/doc/api/group_milestones.md @msedlakjakubowski
/doc/api/group_placeholder_reassignments.md @ashrafkhamis
/doc/api/group_protected_branches.md @brendan777
/doc/api/group_protected_environments.md @z_painter
/doc/api/group_push_rules.md @brendan777
@ -831,7 +831,7 @@ lib/gitlab/checks/**
/doc/api/merge_trains.md @lyspin
/doc/api/metadata.md @z_painter
/doc/api/milestones.md @msedlakjakubowski
/doc/api/namespaces.md @idurham
/doc/api/namespaces.md @emily.sahlani
/doc/api/notes.md @msedlakjakubowski
/doc/api/notification_settings.md @sselhorn
/doc/api/oauth2.md @idurham
@ -934,6 +934,7 @@ lib/gitlab/checks/**
/doc/ci/examples/deployment/ @z_painter
/doc/ci/examples/semantic-release.md @z_painter
/doc/ci/gitlab_google_cloud_integration/ @lyspin
/doc/ci/inputs/ @marcel.amirault
/doc/ci/interactive_web_terminal/ @rsarangadharan
/doc/ci/jobs/ @marcel.amirault
/doc/ci/jobs/fine_grained_permissions.md @idurham
@ -977,7 +978,7 @@ lib/gitlab/checks/**
/doc/development/audit_event_guide/ @gitlab-org/govern/security-policies-frontend @gitlab-org/govern/threat-insights-frontend-team @gitlab-org/govern/threat-insights-backend-team
/doc/development/avoiding_required_stops.md @gitlab-org/distribution
/doc/development/build_test_package.md @gitlab-org/distribution
/doc/development/cascading_settings.md @gitlab-org/foundations/personal-productivity/engineering
/doc/development/cascading_settings.md @gitlab-org/foundations/engineering
/doc/development/cells/ @OmarQunsulGitlab @bmarjanovic
/doc/development/cicd/ @gitlab-org/maintainers/cicd-verify
/doc/development/contributing/verify/ @gitlab-org/maintainers/cicd-verify
@ -987,7 +988,7 @@ lib/gitlab/checks/**
/doc/development/documentation/ @fneill @sselhorn
/doc/development/duo_workflow/ @gitlab-org/ai-powered
/doc/development/fe_guide/analytics_dashboards.md @gitlab-org/analytics-section/product-analytics/engineers/frontend
/doc/development/fe_guide/keyboard_shortcuts.md @gitlab-org/foundations/personal-productivity/engineering
/doc/development/fe_guide/keyboard_shortcuts.md @gitlab-org/foundations/engineering
/doc/development/git_object_deduplication.md @proglottis @toon
/doc/development/gitaly.md @proglottis @toon
/doc/development/gitpod_internals.md @gl-dx/tooling-maintainers
@ -998,7 +999,7 @@ lib/gitlab/checks/**
/doc/development/logging.md @gitlab-org/analytics-section/product-analytics/engineers/frontend
/doc/development/logs.md @gitlab-org/analytics-section/product-analytics/engineers/frontend
/doc/development/metrics.md @gitlab-org/analytics-section/product-analytics/engineers/frontend
/doc/development/navigation_sidebar.md @gitlab-org/foundations/personal-productivity/engineering
/doc/development/navigation_sidebar.md @gitlab-org/foundations/engineering
/doc/development/observability/ @gitlab-org/analytics-section/product-analytics/engineers/frontend
/doc/development/omnibus.md @gitlab-org/distribution
/doc/development/organization/ @abdwdd @alexpooley
@ -1039,6 +1040,7 @@ lib/gitlab/checks/**
/doc/operations/feature_flags.md @z_painter
/doc/policy/ @axil
/doc/security/ @idurham
/doc/security/asset_proxy.md @msedlakjakubowski
/doc/security/hardening_nist_800_53.md @emily.sahlani
/doc/solutions/ @jfullam @Darwinjs @sbrightwell
/doc/solutions/integrations/servicenow.md @ashrafkhamis
@ -1052,7 +1054,7 @@ lib/gitlab/checks/**
/doc/topics/git/project.md @emily.sahlani
/doc/topics/offline/ @axil
/doc/topics/runner_fleet_design_guides/ @rsarangadharan
/doc/tutorials/ @kpaizee
/doc/tutorials/ @gl-docsteam
/doc/tutorials/boards_for_standups/ @msedlakjakubowski
/doc/tutorials/boards_for_teams/ @msedlakjakubowski
/doc/tutorials/compliance_pipeline/ @eread
@ -1067,6 +1069,7 @@ lib/gitlab/checks/**
/doc/tutorials/idea_management/ @msedlakjakubowski
/doc/tutorials/install_gitlab_single_node/ @axil
/doc/tutorials/issue_triage/ @msedlakjakubowski
/doc/tutorials/issue_triage_group/ @msedlakjakubowski
/doc/tutorials/kanban/ @msedlakjakubowski
/doc/tutorials/left_sidebar/ @sselhorn
/doc/tutorials/merge_requests/ @aqualls
@ -1098,6 +1101,7 @@ lib/gitlab/checks/**
/doc/user/application_security/security_dashboard/ @rlehmann1
/doc/user/application_security/vulnerabilities/ @rlehmann1
/doc/user/application_security/vulnerabilities/risk_assessment_data.md @rdickenson
/doc/user/application_security/vulnerability_archival/ @rlehmann1
/doc/user/application_security/vulnerability_report/ @rlehmann1
/doc/user/asciidoc.md @brendan777
/doc/user/clusters/ @z_painter
@ -1105,7 +1109,6 @@ lib/gitlab/checks/**
/doc/user/compliance/license_approval_policies.md @rlehmann1
/doc/user/compliance/license_scanning_of_cyclonedx_files/ @rdickenson
/doc/user/crm/ @msedlakjakubowski
/doc/user/custom_roles.md @idurham
/doc/user/custom_roles/ @idurham
/doc/user/discussions/ @aqualls
/doc/user/duo_amazon_q/ @sselhorn
@ -1119,6 +1122,7 @@ lib/gitlab/checks/**
/doc/user/get_started/get_started_projects.md @emily.sahlani
/doc/user/get_started/getting_started_gitlab_duo.md @sselhorn
/doc/user/gitlab_duo/ @sselhorn
/doc/user/gitlab_duo/tutorials/ @gl-docsteam
/doc/user/gitlab_duo_chat/ @jglassman1
/doc/user/glql/ @msedlakjakubowski
/doc/user/group/_index.md @emily.sahlani
@ -1200,7 +1204,6 @@ lib/gitlab/checks/**
/doc/user/project/merge_requests/ @aqualls
/doc/user/project/merge_requests/approvals/ @brendan777
/doc/user/project/merge_requests/cherry_pick_changes.md @brendan777
/doc/user/project/merge_requests/csv_export.md @eread
/doc/user/project/merge_requests/methods/ @brendan777
/doc/user/project/merge_requests/squash_and_merge.md @brendan777
/doc/user/project/merge_requests/status_checks.md @rlehmann1
@ -1245,6 +1248,7 @@ lib/gitlab/checks/**
/doc/user/storage_usage_quotas.md @lciutacu
/doc/user/tasks.md @msedlakjakubowski
/doc/user/todos.md @sselhorn
/doc/user/work_items/ @msedlakjakubowski
/doc/user/workspace/ @brendan777
# End rake-managed-docs-block

7
app/assets/javascripts/api/groups_api.js
View File

@ -3,6 +3,7 @@ import axios from '../lib/utils/axios_utils';
import { buildApiUrl } from './api_utils';
const GROUP_PATH = '/api/:version/groups/:id';
const GROUP_RESTORE_PATH = '/api/:version/groups/:id/restore';
const GROUPS_PATH = '/api/:version/groups.json';
const GROUP_MEMBERS_PATH = '/api/:version/groups/:id/members';
const GROUP_MEMBER_PATH = '/api/:version/groups/:id/members/:user_id';
@ -59,6 +60,12 @@ export function deleteGroup(groupId) {
return axios.delete(url);
}
export function restoreGroup(groupId) {
const url = buildApiUrl(GROUP_RESTORE_PATH).replace(':id', groupId);
return axios.post(url);
}
export const getGroupTransferLocations = (groupId, params = {}) => {
const url = buildApiUrl(GROUP_TRANSFER_LOCATIONS_PATH).replace(':id', groupId);
const defaultParams = { per_page: DEFAULT_PER_PAGE };

19
app/assets/javascripts/environments/constants.js
View File

@ -87,23 +87,32 @@ export const ENVIRONMENT_EDIT_HELP_TEXT = ENVIRONMENT_NEW_HELP_TEXT;
export const SERVICES_LIMIT_PER_PAGE = 10;
export const CLUSTER_STATUS_HEALTHY_TEXT = s__('Environment|Healthy');
export const CLUSTER_STATUS_UNHEALTHY_TEXT = s__('Environment|Unhealthy');
export const CLUSTER_HEALTH_SUCCESS = 'success';
export const CLUSTER_HEALTH_ERROR = 'error';
export const CLUSTER_HEALTH_NEEDS_ATTENTION = 'needs-attention';
export const CLUSTER_HEALTH_UNKNOWN = 'unknown';
export const HEALTH_BADGES = {
[CLUSTER_HEALTH_SUCCESS]: {
variant: 'success',
text: CLUSTER_STATUS_HEALTHY_TEXT,
text: s__('Environment|Healthy'),
icon: 'status-success',
},
[CLUSTER_HEALTH_ERROR]: {
variant: 'danger',
text: CLUSTER_STATUS_UNHEALTHY_TEXT,
text: s__('Environment|Unhealthy'),
icon: 'status-alert',
},
[CLUSTER_HEALTH_NEEDS_ATTENTION]: {
variant: 'warning',
text: s__('Environment|Needs attention'),
icon: 'status-alert',
},
[CLUSTER_HEALTH_UNKNOWN]: {
variant: 'muted',
text: s__('Environment|Unknown'),
icon: 'status-waiting',
},
};
export const SYNC_STATUS_BADGES = {

23
app/assets/javascripts/environments/environment_details/components/kubernetes/kubernetes_overview.vue
View File

@ -25,8 +25,6 @@ import {
import fluxKustomizationQuery from '~/environments/graphql/queries/flux_kustomization.query.graphql';
import fluxHelmReleaseQueryStatus from '~/environments/graphql/queries/flux_helm_release.query.graphql';
import {
CLUSTER_HEALTH_SUCCESS,
CLUSTER_HEALTH_ERROR,
HELM_RELEASES_RESOURCE_TYPE,
KUSTOMIZATIONS_RESOURCE_TYPE,
FLUX_RECONCILE_ACTION,
@ -128,9 +126,8 @@ export default {
data() {
return {
error: null,
failedState: {},
podsLoading: false,
activeTab: k8sResourceType.k8sPods,
clusterHealthStatus: '',
fluxApiError: '',
podToDelete: {},
fluxHelmRelease: {},
@ -147,15 +144,6 @@ export default {
gitlabAgentId: this.gitlabAgentId,
});
},
clusterHealthStatus() {
if (this.podsLoading) {
return '';
}
return this.hasFailedState ? CLUSTER_HEALTH_ERROR : CLUSTER_HEALTH_SUCCESS;
},
hasFailedState() {
return Object.values(this.failedState).some((item) => item);
},
fluxResourceStatus() {
const conditions = this.fluxKustomization.conditions || this.fluxHelmRelease.conditions || [];
const spec = this.fluxKustomization.spec || this.fluxHelmRelease.spec || false;
@ -186,12 +174,6 @@ export default {
});
this.error = message;
},
handleFailedState(event) {
this.failedState = {
...this.failedState,
...event,
};
},
transformFluxResourceData(item) {
return {
name: item.metadata.name,
@ -347,8 +329,7 @@ export default {
:flux-kustomization="fluxKustomization"
class="gl-mb-5"
@cluster-error="handleError"
@loading="podsLoading = $event"
@update-failed-state="handleFailedState"
@update-cluster-state="clusterHealthStatus = $event"
@select-item="toggleDetailsDrawer"
@remove-selection="closeDetailsDrawer"
@delete-pod="onDeletePod"

59
app/assets/javascripts/environments/environment_details/components/kubernetes/kubernetes_pods.vue
View File

@ -9,7 +9,13 @@ import {
STATUS_LABELS,
PODS_TABLE_FIELDS,
} from '~/kubernetes_dashboard/constants';
import { DELETE_POD_ACTION } from '~/environments/constants';
import {
DELETE_POD_ACTION,
CLUSTER_HEALTH_SUCCESS,
CLUSTER_HEALTH_ERROR,
CLUSTER_HEALTH_NEEDS_ATTENTION,
CLUSTER_HEALTH_UNKNOWN,
} from '~/environments/constants';
import { getAge, getPodStatusText } from '~/kubernetes_dashboard/helpers/k8s_integration_helper';
import WorkloadStats from '~/kubernetes_dashboard/components/workload_stats.vue';
import WorkloadTable from '~/kubernetes_dashboard/components/workload_table.vue';
@ -59,9 +65,6 @@ export default {
this.error = error.message;
this.$emit('cluster-error', this.error);
},
watchLoading(isLoading) {
this.$emit('loading', isLoading);
},
},
},
props: {
@ -88,19 +91,19 @@ export default {
return [
{
value: this.countPodsByPhase(STATUS_RUNNING),
value: this.podsRunning,
title: STATUS_LABELS[STATUS_RUNNING],
},
{
value: this.countPodsByPhase(STATUS_PENDING),
value: this.podsPending,
title: STATUS_LABELS[STATUS_PENDING],
},
{
value: this.countPodsByPhase(STATUS_SUCCEEDED),
value: this.podsSucceeded,
title: STATUS_LABELS[STATUS_SUCCEEDED],
},
{
value: this.countPodsByPhase(STATUS_FAILED),
value: this.podsFailed,
title: STATUS_LABELS[STATUS_FAILED],
},
];
@ -108,6 +111,18 @@ export default {
loading() {
return this.$apollo?.queries?.k8sPods?.loading;
},
podsRunning() {
return this.countPodsByPhase(STATUS_RUNNING);
},
podsPending() {
return this.countPodsByPhase(STATUS_PENDING);
},
podsFailed() {
return this.countPodsByPhase(STATUS_FAILED);
},
podsSucceeded() {
return this.countPodsByPhase(STATUS_SUCCEEDED);
},
podsCount() {
return this.k8sPods?.length || 0;
},
@ -118,6 +133,30 @@ export default {
return matchesStatus && matchesSearch;
});
},
podsHealthStatus() {
if (this.loading) {
return '';
}
if (!this.k8sPods.length) {
return CLUSTER_HEALTH_UNKNOWN;
}
if (this.podsFailed > 0) {
return CLUSTER_HEALTH_ERROR;
}
if (this.podsPending > 0) {
return CLUSTER_HEALTH_NEEDS_ATTENTION;
}
return CLUSTER_HEALTH_SUCCESS;
},
},
watch: {
k8sPods() {
this.$emit('update-cluster-state', this.podsHealthStatus);
},
},
methods: {
search(searchTerm, podName) {
@ -125,15 +164,13 @@ export default {
},
countPodsByPhase(phase) {
const pods = this.k8sPods || [];
const filteredPods = pods.filter((item) => {
const matchesPhase = item.status === phase;
if (!this.podsSearch) return matchesPhase;
return matchesPhase && this.search(this.podsSearch, item.name);
});
const hasFailedState = Boolean(phase === STATUS_FAILED && filteredPods.length);
this.$emit('update-failed-state', { pods: hasFailedState });
return filteredPods.length;
},
onItemSelect(item) {

10
app/assets/javascripts/environments/environment_details/components/kubernetes/kubernetes_status_bar.vue
View File

@ -12,6 +12,8 @@ import { s__ } from '~/locale';
import {
CLUSTER_HEALTH_SUCCESS,
CLUSTER_HEALTH_ERROR,
CLUSTER_HEALTH_NEEDS_ATTENTION,
CLUSTER_HEALTH_UNKNOWN,
HEALTH_BADGES,
SYNC_STATUS_BADGES,
HELM_RELEASES_RESOURCE_TYPE,
@ -46,7 +48,13 @@ export default {
type: String,
default: '',
validator(val) {
return [CLUSTER_HEALTH_ERROR, CLUSTER_HEALTH_SUCCESS, ''].includes(val);
return [
CLUSTER_HEALTH_ERROR,
CLUSTER_HEALTH_SUCCESS,
CLUSTER_HEALTH_UNKNOWN,
CLUSTER_HEALTH_NEEDS_ATTENTION,
'',
].includes(val);
},
},
configuration: {

3
app/assets/javascripts/environments/environment_details/components/kubernetes/kubernetes_tabs.vue
View File

@ -71,8 +71,7 @@ export default {
<kubernetes-pods
:namespace="namespace"
:configuration="configuration"
@loading="$emit('loading', $event)"
@update-failed-state="$emit('update-failed-state', $event)"
@update-cluster-state="$emit('update-cluster-state', $event)"
@cluster-error="$emit('cluster-error', $event)"
@select-item="$emit('select-item', $event)"
@delete-pod="$emit('delete-pod', $event)"

2
app/assets/javascripts/groups/your_work/graphql/utils.js
View File

@ -13,6 +13,7 @@ export const formatGroup = (group) => ({
createdAt: group.created_at,
updatedAt: group.updated_at,
avatarUrl: group.avatar_url,
markedForDeletionOn: group.marked_for_deletion_on,
userPermissions: {
canLeave: group.can_leave,
removeGroup: group.can_remove,
@ -36,7 +37,6 @@ export const formatGroup = (group) => ({
organizationEditPath: '',
groupMembersCount: 0,
isLinkedToSubscription: false,
markedForDeletionOn: null,
isAdjournedDeletionEnabled: false,
permanentDeletionDate: null,
});

11
app/assets/javascripts/organizations/shared/utils.js
View File

@ -3,6 +3,7 @@ import {
ACTION_EDIT,
ACTION_DELETE,
ACTION_LEAVE,
ACTION_RESTORE,
} from '~/vue_shared/components/list_actions/constants';
import {
TIMESTAMP_TYPE_CREATED_AT,
@ -11,13 +12,17 @@ import {
import { formatGraphQLProjects } from '~/vue_shared/components/projects_list/formatter';
import { SORT_CREATED_AT, SORT_UPDATED_AT } from './constants';
const availableGroupActions = (userPermissions) => {
const availableGroupActions = ({ userPermissions, markedForDeletionOn }) => {
const baseActions = [];
if (userPermissions.viewEditPage) {
baseActions.push(ACTION_EDIT);
}
if (userPermissions.removeGroup && markedForDeletionOn) {
baseActions.push(ACTION_RESTORE);
}
if (userPermissions.canLeave) {
baseActions.push(ACTION_LEAVE);
}
@ -36,6 +41,7 @@ export const formatGroups = (groups) =>
fullName,
webUrl,
parent,
markedForDeletionOn,
maxAccessLevel: accessLevel,
userPermissions,
organizationEditPath: editPath,
@ -49,9 +55,10 @@ export const formatGroups = (groups) =>
fullName,
webUrl,
parent: parent?.id || null,
markedForDeletionOn,
accessLevel,
editPath,
availableActions: availableGroupActions(userPermissions),
availableActions: availableGroupActions({ userPermissions, markedForDeletionOn }),
descendantGroupsCount,
children: children?.length ? formatGroups(children) : [],
childrenLoading: false,

6
app/assets/javascripts/projects/components/project_delete_button.vue
View File

@ -14,11 +14,6 @@ export default {
type: String,
required: true,
},
disabled: {
type: Boolean,
required: false,
default: false,
},
formPath: {
type: String,
required: true,
@ -55,7 +50,6 @@ export default {
<shared-delete-button
:confirm-phrase="confirmPhrase"
:name-with-namespace="nameWithNamespace"
:disabled="disabled"
:form-path="formPath"
:is-fork="isFork"
:issues-count="issuesCount"

6
app/assets/javascripts/projects/components/shared/delete_button.vue
View File

@ -19,11 +19,6 @@ export default {
type: String,
required: true,
},
disabled: {
type: Boolean,
required: false,
default: false,
},
formPath: {
type: String,
required: true,
@ -100,7 +95,6 @@ export default {
category="primary"
variant="danger"
data-testid="delete-button"
:disabled="disabled"
@click="onButtonClick"
>{{ buttonText }}</gl-button
>

2
app/assets/javascripts/projects/project_delete_button.js
View File

@ -12,7 +12,6 @@ export default (selector = '#js-project-delete-button') => {
nameWithNamespace,
formPath,
isFork,
isSecurityPolicyProject,
issuesCount,
mergeRequestsCount,
forksCount,
@ -28,7 +27,6 @@ export default (selector = '#js-project-delete-button') => {
props: {
confirmPhrase,
nameWithNamespace,
disabled: parseBoolean(isSecurityPolicyProject),
formPath,
isFork: parseBoolean(isFork),
issuesCount: parseInt(issuesCount, 10),

85
app/assets/javascripts/vue_shared/components/groups_list/group_list_item_actions.vue Normal file
View File

@ -0,0 +1,85 @@
<script>
import { GlLoadingIcon } from '@gitlab/ui';
import { __ } from '~/locale';
import { createAlert } from '~/alert';
import ListActions from '~/vue_shared/components/list_actions/list_actions.vue';
import {
ACTION_EDIT,
ACTION_RESTORE,
ACTION_DELETE,
ACTION_LEAVE,
} from '~/vue_shared/components/list_actions/constants';
import { restoreGroup } from '~/api/groups_api';
import { renderRestoreSuccessToast } from './utils';
export default {
name: 'GroupListItemActions',
i18n: {
restoreErrorMessage: __(
'An error occurred restoring this group. Please refresh the page to try again.',
),
},
components: {
GlLoadingIcon,
ListActions,
},
props: {
group: {
type: Object,
required: true,
},
},
data() {
return {
actionsLoading: false,
};
},
computed: {
availableActions() {
return this.group.availableActions ?? [];
},
actions() {
return {
[ACTION_EDIT]: {
href: this.group.editPath,
},
[ACTION_RESTORE]: {
action: this.onActionRestore,
},
[ACTION_DELETE]: {
action: this.onActionDelete,
},
[ACTION_LEAVE]: {
action: this.onActionLeave,
},
};
},
},
methods: {
async onActionRestore() {
this.actionsLoading = true;
try {
await restoreGroup(this.group.id);
this.$emit('refetch');
renderRestoreSuccessToast(this.group);
} catch (error) {
createAlert({ message: this.$options.i18n.restoreErrorMessage, error, captureError: true });
} finally {
this.actionsLoading = false;
}
},
onActionDelete() {
this.$emit('delete');
},
onActionLeave() {
this.$emit('leave');
},
},
};
</script>
<template>
<gl-loading-icon v-if="actionsLoading" size="sm" class="gl-p-3" />
<list-actions v-else :actions="actions" :available-actions="availableActions" />
</template>

36
app/assets/javascripts/vue_shared/components/groups_list/groups_list_item.vue
View File

@ -9,11 +9,7 @@ import { VISIBILITY_TYPE_ICON, GROUP_VISIBILITY_TYPE } from '~/visibility_level/
import { ACCESS_LEVEL_LABELS, ACCESS_LEVEL_NO_ACCESS_INTEGER } from '~/access_level/constants';
import { __ } from '~/locale';
import { numberToMetricPrefix } from '~/lib/utils/number_utils';
import {
ACTION_EDIT,
ACTION_DELETE,
ACTION_LEAVE,
} from '~/vue_shared/components/list_actions/constants';
import { ACTION_DELETE, ACTION_LEAVE } from '~/vue_shared/components/list_actions/constants';
import {
TIMESTAMP_TYPES,
TIMESTAMP_TYPE_CREATED_AT,
@ -22,7 +18,8 @@ import ListItem from '~/vue_shared/components/resource_lists/list_item.vue';
import ListItemStat from '~/vue_shared/components/resource_lists/list_item_stat.vue';
import { renderDeleteSuccessToast, deleteParams } from '~/vue_shared/components/groups_list/utils';
import GroupListItemLeaveModal from '~/vue_shared/components/groups_list/group_list_item_leave_modal.vue';
import GroupListItemPreventDeleteModal from './group_list_item_prevent_delete_modal.vue';
import GroupListItemPreventDeleteModal from '~/vue_shared/components/groups_list/group_list_item_prevent_delete_modal.vue';
import GroupListItemActions from '~/vue_shared/components/groups_list/group_list_item_actions.vue';
import GroupListItemInactiveBadge from './group_list_item_inactive_badge.vue';
export default {
@ -39,6 +36,7 @@ export default {
ListItemStat,
GlIcon,
GlBadge,
GroupListItemActions,
GroupListItemLeaveModal,
GroupListItemPreventDeleteModal,
GroupListItemDeleteModal,
@ -110,25 +108,15 @@ export default {
groupMembersCount() {
return numberToMetricPrefix(this.group.groupMembersCount);
},
actions() {
return {
[ACTION_EDIT]: {
href: this.group.editPath,
},
[ACTION_DELETE]: {
action: this.onActionDelete,
},
[ACTION_LEAVE]: {
action: this.onActionLeave,
},
};
},
hasActionDelete() {
return this.group.availableActions?.includes(ACTION_DELETE);
},
hasActionLeave() {
return this.group.availableActions?.includes(ACTION_LEAVE);
},
hasActions() {
return this.group.availableActions?.length;
},
hasFooterAction() {
return this.hasActionDelete || this.hasActionLeave;
},
@ -170,7 +158,6 @@ export default {
:resource="group"
:show-icon="showGroupIcon"
:icon-name="groupIconName"
:actions="actions"
:list-item-class="listItemClass"
:timestamp-type="timestampType"
>
@ -211,6 +198,15 @@ export default {
/>
</template>
<template v-if="hasActions" #actions>
<group-list-item-actions
:group="group"
@refetch="refetch"
@delete="onActionDelete"
@leave="onActionLeave"
/>
</template>
<template v-if="hasFooterAction" #footer>
<template v-if="hasActionDelete">
<group-list-item-prevent-delete-modal

8
app/assets/javascripts/vue_shared/components/groups_list/utils.js
View File

@ -29,6 +29,14 @@ export const renderLeaveSuccessToast = (group) => {
);
};
export const renderRestoreSuccessToast = (group) => {
toast(
sprintf(__("Group '%{group_name}' has been successfully restored."), {
group_name: group.fullName,
}),
);
};
export const deleteParams = (item) => {
// If delayed deletion is disabled or the project/group is not yet marked for deletion
if (!item.isAdjournedDeletionEnabled || !item.markedForDeletionOn) {

2
app/controllers/search_controller.rb
View File

@ -145,7 +145,7 @@ class SearchController < ApplicationController
return true
end
return true if ::Feature.disabled?(:allow_anonymous_searches, type: :ops)
return true unless ::Gitlab::CurrentSettings.anonymous_searches_allowed?
false
end

2
app/graphql/types/work_items/widgets/assignees_type.rb
View File

@ -36,7 +36,7 @@ module Types
}
def can_invite_members?
Ability.allowed?(current_user, :admin_project_member, object.work_item.project)
Ability.allowed?(current_user, :invite_project_members, object.work_item.project)
end
end
# rubocop:enable Graphql/AuthorizeTypes

9
app/helpers/application_settings_helper.rb
View File

@ -74,9 +74,16 @@ module ApplicationSettingsHelper
def global_search_settings_checkboxes(form)
[
form.gitlab_ui_checkbox_component(
:anonymous_searches_allowed,
_("Allow unauthenticated users to use search"),
checkbox_options: {
checked: @application_setting.anonymous_searches_allowed, multiple: false
}
),
form.gitlab_ui_checkbox_component(
:global_search_block_anonymous_searches_enabled,
_("Restrict global search to authenticated users"),
_("Restrict global search to authenticated users only"),
checkbox_options: {
checked: @application_setting.global_search_block_anonymous_searches_enabled, multiple: false
}

4
app/helpers/groups_helper.rb
View File

@ -31,6 +31,10 @@ module GroupsHelper
Ability.allowed?(current_user, :admin_group_member, group)
end
def can_invite_group_member?(group)
Ability.allowed?(current_user, :invite_group_members, group)
end
def show_prevent_inviting_groups_outside_hierarchy_setting?(group)
group.root?
end

2
app/helpers/invite_members_helper.rb
View File

@ -6,7 +6,7 @@ module InviteMembersHelper
def can_invite_members_for_project?(project)
# do not use the can_admin_project_member? helper here due to structure of the view and how membership_locked?
# is leveraged for inviting groups
can?(current_user, :admin_project_member, project)
can?(current_user, :invite_project_members, project)
end
def invite_accepted_notice(member)

4
app/helpers/merge_requests_helper.rb
View File

@ -529,6 +529,10 @@ module MergeRequestsHelper
query: is_author_or_assignee ? 'authorOrAssigneeMergeRequests' : 'assignedMergeRequests',
variables: {
reviewStates: %w[APPROVED UNAPPROVED UNREVIEWED REVIEW_STARTED],
not: {
reviewStates: %w[REQUESTED_CHANGES REVIEWED]
},
ignoredReviewerUsername: ::Users::Internal.duo_code_review_bot.username,
perPage: 10
}
}

3
app/helpers/projects_helper.rb
View File

@ -643,9 +643,8 @@ module ProjectsHelper
localized_access_names[access] || Gitlab::Access.human_access(access)
end
def project_delete_delayed_button_data(project, button_text = nil, is_security_policy_project: false)
def project_delete_delayed_button_data(project, button_text = nil)
project_delete_button_shared_data(project, button_text).merge({
is_security_policy_project: is_security_policy_project.to_s,
restore_help_path: help_page_path('user/project/working_with_projects.md', anchor: 'restore-a-project'),
delayed_deletion_date: permanent_deletion_date_formatted(Date.current),
form_path: project_path(project)

3
app/models/application_setting.rb
View File

@ -694,7 +694,8 @@ class ApplicationSetting < ApplicationRecord
validates :resource_usage_limits, json_schema: { filename: 'resource_usage_limits' }
jsonb_accessor :group_settings,
top_level_group_creation_enabled: [:boolean, { default: true }]
top_level_group_creation_enabled: [:boolean, { default: true }],
disable_invite_members: [:boolean, { default: false }]
validates :group_settings,
json_schema: { filename: "application_setting_group_settings" }

3
app/models/application_setting_implementation.rb
View File

@ -334,7 +334,8 @@ module ApplicationSettingImplementation
vscode_extension_marketplace_enabled: false,
reindexing_minimum_index_size: 1.gigabyte,
reindexing_minimum_relative_bloat_size: 0.2,
git_push_pipeline_limit: 4
git_push_pipeline_limit: 4,
disable_invite_members: false
}.tap do |hsh|
hsh.merge!(non_production_defaults) unless Rails.env.production?
end

3
app/models/users/callout.rb
View File

@ -107,7 +107,8 @@ module Users
dora_dashboard_migration_group: 104,
dora_dashboard_migration_project: 105,
enable_duo_banner_admin_duo_settings_page: 106, # EE-only
enable_duo_banner_admin_dashboard: 107 # EE-only
enable_duo_banner_admin_dashboard: 107, # EE-only
explore_duo_core_banner: 108 # EE-only
}
validates :feature_name,

4
app/policies/group_policy.rb
View File

@ -460,6 +460,10 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy
# https://gitlab.com/gitlab-org/gitlab/-/issues/512210
rule { guest & allow_guest_plus_roles_to_pull_packages_enabled }.enable :read_package
rule { can?(:admin_group_member) }.policy do
enable :invite_group_members
end
def access_level(for_any_session: false)
return GroupMember::NO_ACCESS if @user.nil?
return GroupMember::NO_ACCESS unless user_is_user?

11
app/policies/project_policy.rb
View File

@ -322,8 +322,11 @@ class ProjectPolicy < BasePolicy
# not.
rule { guest | admin | organization_owner }.enable :read_project_for_iids
rule { admin }.enable :update_max_artifacts_size
rule { admin }.enable :read_storage_disk_path
rule { admin }.policy do
enable :update_max_artifacts_size
enable :read_storage_disk_path
end
rule { can?(:read_all_resources) }.enable :read_confidential_issues
rule { guest }.enable :guest_access
@ -1116,6 +1119,10 @@ class ProjectPolicy < BasePolicy
# https://gitlab.com/gitlab-org/gitlab/-/issues/512210
rule { can?(:guest_access) & allow_guest_plus_roles_to_pull_packages_enabled }.enable :read_package
rule { can?(:admin_project_member) }.policy do
enable :invite_project_members
end
private
def team_member?

2
app/services/service_ping/submit_service.rb
View File

@ -41,6 +41,7 @@ module ServicePing
{
metadata: {
uuid: service_ping_payload[:uuid],
unique_instance_id: service_ping_payload[:unique_instance_id],
metrics: Gitlab::Utils::UsageData.metrics_collection_metadata(service_ping_payload)
}
}
@ -82,6 +83,7 @@ module ServicePing
error_payload = {
time: current_time,
uuid: Gitlab::CurrentSettings.uuid,
unique_instance_id: Gitlab::GlobalAnonymousId.instance_uuid,
hostname: Gitlab.config.gitlab.host,
version: Gitlab.version_info.to_s,
message: "#{error.message.presence || error.class} at #{error.backtrace[0]}",

4
app/validators/json_schemas/application_setting_group_settings.json
View File

@ -7,6 +7,10 @@
"top_level_group_creation_enabled": {
"type": "boolean",
"description": "Allows a user to create top-level-groups"
},
"disable_invite_members": {
"type": "boolean",
"description": "When enabled, prevents group owners and members from inviting new users to the group"
}
}
}

6
app/views/admin/application_settings/_global_search_settings.html.haml
View File

@ -1,10 +1,10 @@
= render ::Layouts::SettingsBlockComponent.new(_('Global Search'),
= render ::Layouts::SettingsBlockComponent.new(_('Visibility and access controls'),
id: 'js-global-search-settings',
testid: 'admin-global-search-settings',
expanded: expanded_by_default?) do |c|
- c.with_description do
= _('Configure settings for global search.')
= link_to _('Learn more.'), help_page_path('user/search/_index.md', anchor: 'disable-global-search-scopes'), target: '_blank', rel: 'noopener noreferrer'
= _('Configure search access and visibility settings for search scopes.')
= link_to _('Learn more.'), help_page_path('user/search/_index.md', anchor: 'restrict-search-access'), target: '_blank', rel: 'noopener noreferrer'
- c.with_body do
= gitlab_ui_form_for @application_setting, url: general_admin_application_settings_path(anchor: 'js-global-search-settings'), html: { class: 'fieldset-form', id: 'global-search-settings' } do |f|
= form_errors(@application_setting)

2
app/views/admin/application_settings/_visibility_and_access.html.haml
View File

@ -54,6 +54,8 @@
%label.label-bold= s_('AdminSettings|Feed token')
= f.gitlab_ui_checkbox_component :disable_feed_token, s_('AdminSettings|Disable feed token')
= render_if_exists 'admin/application_settings/disable_invite_members_setting', form: f
= render_if_exists 'admin/application_settings/globally_allowed_ips', form: f
-# This is added for Jihu edition in https://jihulab.com/gitlab-cn/gitlab/-/merge_requests/1112

2
app/views/groups/_invite_groups_modal.html.haml
View File

@ -1,3 +1,3 @@
- return unless can_admin_group_member?(group)
- return unless can_invite_group_member?(group)
.js-invite-groups-modal{ data: { reload_page_on_submit: local_assigns.fetch(:reload_page_on_submit, false).to_s }.merge(common_invite_group_modal_data(group, GroupMember)) }

2
app/views/groups/_invite_members_modal.html.haml
View File

@ -1,4 +1,4 @@
- return unless can_admin_group_member?(group)
- return unless can_invite_group_member?(group)
.js-invite-members-modal{ data: { is_project: 'false',
access_levels: access_level_roles_user_can_assign(group, group.access_level_roles).to_json,

11
app/views/groups/group_members/index.html.haml
View File

@ -13,11 +13,12 @@
.gl-w-full.order-md-1
= brand_member_guidelines
- c.with_actions do
.js-invite-group-trigger{ data: { classes: 'md:gl-w-auto gl-w-full', display_text: _('Invite a group') } }
.js-invite-members-trigger{ data: { variant: 'confirm',
classes: 'md:gl-w-auto gl-w-full',
trigger_source: 'group_members_page',
display_text: _('Invite members') } }
- if can_invite_group_member?(@group)
.js-invite-group-trigger{ data: { classes: 'md:gl-w-auto gl-w-full', display_text: _('Invite a group') } }
.js-invite-members-trigger{ data: { variant: 'confirm',
classes: 'md:gl-w-auto gl-w-full',
trigger_source: 'group_members_page',
display_text: _('Invite members') } }
= render 'groups/invite_groups_modal', group: @group, reload_page_on_submit: true

7
app/views/projects/_delete_delayed.html.haml
View File

@ -1,7 +1,2 @@
%p= delete_delayed_message(@project)
- if @project.adjourned_deletion?
#js-project-delayed-delete-button{ data: project_delete_delayed_button_data(@project) }
- else
-# This is a free project, it will use delayed deletion but can only be restored by an admin.
-# Use the standard delete button so there is no message about it being able to be restored.
#js-project-delete-button{ data: project_delete_delayed_button_data(@project) }
#js-project-delayed-delete-button{ data: project_delete_delayed_button_data(@project) }

3
app/views/projects/_delete_immediately.html.haml
View File

@ -1,5 +1,4 @@
- button_text = local_assigns.fetch(:button_text, nil)
%p
= delete_immediately_message(@project)
%p= delete_immediately_message(@project)
#js-project-delete-button{ data: project_delete_immediately_button_data(@project, button_text) }

4
config/feature_flags/gitlab_com_derisk/push_rule_file_size_limit.yml → config/feature_flags/beta/push_rule_file_size_limit.yml
View File

@ -4,6 +4,6 @@ feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/505364
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/183600
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/523497
milestone: '17.10'
type: gitlab_com_derisk
type: beta
group: group::source code
default_enabled: false
default_enabled: true

2
config/feature_flags/beta/revalidate_gpg_fingerprints.yml
View File

@ -6,4 +6,4 @@ rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/534717
milestone: '17.11'
group: group::source code
type: beta
default_enabled: false
default_enabled: true

8
config/feature_flags/ops/allow_anonymous_searches.yml
View File

@ -1,8 +0,0 @@
---
name: allow_anonymous_searches
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/138975
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/434218
milestone: '16.7'
type: ops
group: group::global search
default_enabled: true

4
doc/administration/geo/secondary_proxy/_index.md
View File

@ -233,7 +233,7 @@ In this context, accelerated reads refer to read requests served from the second
| LFS objects (using Git) | {{< icon name="check-circle" >}} Yes | |
| Pages | {{< icon name="dotted-circle" >}} No | Pages can use the same URL (without access control), but must be configured separately and are not proxied. |
| Advanced search (using the web UI) | {{< icon name="dotted-circle" >}} No | |
| Container registry | {{< icon name="dotted-circle" >}} No | The container registry is only recommended for Disaster Recovery scenarios. If the secondary site's container registry is not up to date, the read request is served with old data as the request is not forwarded to the primary site. Accelerating the container registry is planned, please upvote or comment in the [issue](https://gitlab.com/gitlab-org/gitlab/-/issues/365864) to indicate your interest or ask your GitLab representative to do so on your behalf. |
| Container registry | {{< icon name="dotted-circle" >}} No | The container registry is only recommended for Disaster Recovery scenarios. If the secondary site's container registry is not up to date, the read request is served with old data as the request is not forwarded to the primary site. Accelerating the container registry is planned, upvote or comment in the [issue](https://gitlab.com/gitlab-org/gitlab/-/issues/365864) to indicate your interest or ask your GitLab representative to do so on your behalf. |
| Dependency Proxy | {{< icon name="dotted-circle" >}} No | Read requests to a Geo secondary site's Dependency Proxy are always proxied to the primary site. |
| All other data | {{< icon name="dotted-circle" >}} No | Read requests for components not listed in this table are always automatically forwarded to the primary site. |
@ -265,7 +265,7 @@ Disabling the proxying feature flag has the following general effects:
| LFS objects (using Git) | **{check-circle}** Yes | LFS objects are served from the locally stored data, while pushes get proxied to the primary. If an LFS object doesn't exist locally on the Geo secondary, for example due to exclusion by selective sync, it causes a "not found" error. |
| Pages | **{dotted-circle}** Maybe | Pages can use the same URL (without access control), but must be configured separately and are not proxied. |
| Advanced search (using the web UI) | **{dotted-circle}** No | |
| Container registry | **{dotted-circle}** No | The container registry is only recommended for Disaster Recovery scenarios. If the secondary site's container registry is not up to date, the read request is served with old data as the request is not forwarded to the primary site. Accelerating the container registry is planned, please upvote or comment in the [issue](https://gitlab.com/gitlab-org/gitlab/-/issues/365864) to indicate your interest or ask your GitLab representative to do so on your behalf. |
| Container registry | **{dotted-circle}** No | The container registry is only recommended for Disaster Recovery scenarios. If the secondary site's container registry is not up to date, the read request is served with old data as the request is not forwarded to the primary site. Accelerating the container registry is planned, upvote or comment in the [issue](https://gitlab.com/gitlab-org/gitlab/-/issues/365864) to indicate your interest or ask your GitLab representative to do so on your behalf. |
| Dependency Proxy | **{dotted-circle}** No | |
| All other data | **{dotted-circle}** Maybe | Reads are served from the locally stored data. Writes cause an error. |

2
doc/api/graphql/getting_started.md
View File

@ -393,7 +393,7 @@ query {
Pagination is a way of only asking for a subset of the records, such as the
first ten. If we want more of them, we can make another request for the next
ten from the server in the form of something like `please give me the next ten records`.
ten from the server in the form of something like `give me the next ten records`.
By default, the GitLab GraphQL API returns 100 records per page. To change this
behavior, use `first` or `last` arguments. Both arguments take a value, so

1
doc/api/graphql/reference/_index.md
View File

@ -45591,6 +45591,7 @@ Name of the feature that the callout is for.
| <a id="usercalloutfeaturenameenumduo_chat_callout"></a>`DUO_CHAT_CALLOUT` | Callout feature name for duo_chat_callout. |
| <a id="usercalloutfeaturenameenumenable_duo_banner_admin_dashboard"></a>`ENABLE_DUO_BANNER_ADMIN_DASHBOARD` | Callout feature name for enable_duo_banner_admin_dashboard. |
| <a id="usercalloutfeaturenameenumenable_duo_banner_admin_duo_settings_page"></a>`ENABLE_DUO_BANNER_ADMIN_DUO_SETTINGS_PAGE` | Callout feature name for enable_duo_banner_admin_duo_settings_page. |
| <a id="usercalloutfeaturenameenumexplore_duo_core_banner"></a>`EXPLORE_DUO_CORE_BANNER` | Callout feature name for explore_duo_core_banner. |
| <a id="usercalloutfeaturenameenumfeature_flags_new_version"></a>`FEATURE_FLAGS_NEW_VERSION` | Callout feature name for feature_flags_new_version. |
| <a id="usercalloutfeaturenameenumgcp_signup_offer"></a>`GCP_SIGNUP_OFFER` | Callout feature name for gcp_signup_offer. |
| <a id="usercalloutfeaturenameenumgeo_enable_hashed_storage"></a>`GEO_ENABLE_HASHED_STORAGE` | Callout feature name for geo_enable_hashed_storage. |

2
doc/api/projects.md
View File

@ -2646,7 +2646,7 @@ Supported attributes:
If you have at least the Developer role, the following requests could also return the `secret_push_protection_enabled` value.
Note that some of these requests have stricter requirements about roles. Refer to the endpoints above for clarification.
Use this information to determine whether secret push protection is enabled for a project.
To modify the `secret_push_protection_enabled` value, please use the [Project Security Settings API](project_security_settings.md).
To modify the `secret_push_protection_enabled` value, use the [Project Security Settings API](project_security_settings.md).
- `GET /projects`
- `GET /projects/:id`

2
doc/api/secure_files.md
View File

@ -18,7 +18,7 @@ title: Project-level Secure Files API
{{< /history >}}
This feature is part of [Mobile DevOps](../ci/mobile_devops/_index.md) developed by GitLab Incubation Engineering.
This feature is part of [Mobile DevOps](../ci/mobile_devops/_index.md).
The feature is still in development, but you can:
- [Request a feature](https://gitlab.com/gitlab-org/incubation-engineering/mobile-devops/feedback/-/issues/new?issuable_template=feature_request).

4
doc/api/settings.md
View File

@ -166,7 +166,8 @@ Example response:
"concurrent_bitbucket_import_jobs_limit": 100,
"concurrent_bitbucket_server_import_jobs_limit": 100,
"silent_admin_exports_enabled": false,
"top_level_group_creation_enabled": true
"top_level_group_creation_enabled": true,
"disable_invite_members": false
}
```
@ -788,6 +789,7 @@ to configure other related settings. These requirements are
| `helm_max_packages_count` | integer | no | Maximum number of Helm packages that can be listed per channel. Must be at least 1. Default is 1000. |
| `require_admin_two_factor_authentication` | boolean | no | Allow administrators to require 2FA for all administrators on the instance. |
| `secret_push_protection_available` | boolean | no | Allow projects to enable secret push protection. This does not enable secret push protection. Ultimate only. |
| `disable_invite_members` | boolean | no | Disable invite members functionality for group. |
### Inactive project settings

4
doc/ci/yaml/signing_examples.md
View File

@ -36,9 +36,9 @@ Prerequisites:
- You must use a version of Cosign that is `>= 2.0.1`.
**Limitations**
**Known issues**
- The `id_tokens` portion of the CI/CD configuration file must be located in the project that is being built and signed. AutoDevOps, CI files included from another repository, and child pipelines are not supported. Work to remove this limitation is being tracked in [issue 411317](https://gitlab.com/gitlab-org/gitlab/-/issues/411317).
- The `id_tokens` portion of the CI/CD configuration file must be located in the project that is being built and signed. AutoDevOps, CI files included from another repository, and child pipelines are not supported. Work to remove this limitation is being tracked in [epic 11637](https://gitlab.com/groups/gitlab-org/-/epics/11637).
**Best practices**:

4
doc/development/backup_and_restore/backup_gitlab.md
View File

@ -54,7 +54,7 @@ When a user executes the backup creation Rake task, the following sequence of hi
1. Create a temporary directory to store all application backup data and metadata.
1. Dump each PostgreSQL database used by the application in a SQL file in the `db` subdirectory of the archive. This is generally done by invoking `pg_dump` on each significant database. Each `.sql` file created is further compressed with `gzip`.
1. Request a bundle export of each Git repository in the application through Gitaly. All of this data is retained in the `repositories` directory of the archive. Note that this includes any "wiki" or "design" data associated with projects, as those features are stored as associated Git repositories.
1. Request a bundle export of each Git repository in the application through Gitaly. All of this data is retained in the `repositories` directory of the archive. This includes any "wiki" or "design" data associated with projects, as those features are stored as associated Git repositories.
1. For each remaining "blob"-oriented data feature, each blob corresponds to a file in a directory. So, for each binary data feature, copy each of its blob entries to a named file in a temporary directory in the archive. Once all data has been copied over, compress and serialize the directory into a `.tar.gz` file that is itself embedded in the archive. This is done for each of the following features:
- `artifacts`
@ -72,7 +72,7 @@ When a user executes the backup creation Rake task, the following sequence of hi
1. Serialize the temporary archive directory into a single `.tar` tarball file.
1. Move the tarball file to its final storage place. Depending on system configuration and parameters, this may be a directory on the machine running the creation task, or this may be a storage bucket on a cloud storage service like S3 or Google Storage.
Take note that there are a number of configuration and environmental parameters that may alter this general procedure. These parameters are covered in the next sections.
A number of configuration and environmental parameters may alter this general procedure. These parameters are covered in the next sections.
#### Customizing Backup Creation

9
doc/development/database/batched_background_migrations.md
View File

@ -297,8 +297,13 @@ This ensures a smooth upgrade process for GitLab Self-Managed instances.
It is important to finalize all batched background migrations when it is safe
to do so. Leaving around old batched background migration is a form of
technical debt that needs to be maintained in tests and in application
behavior. It is important to note that you cannot depend on any batched
background migration being completed until after it is finalized.
behavior.
{{< alert type="note" >}}
You cannot depend on any batched background migration being completed until after it is finalized.
{{< /alert >}}
We recommend that batched background migrations are finalized after all of the
following conditions are met:

2
doc/development/database/batching_best_practices.md
View File

@ -478,7 +478,7 @@ def perform(project_id)
end
```
The snippet above can be a short term fix until a proper solution is in place. It's important to note that offset pagination gets slower as the page number increases which means that there might be a chance where the offset paginated query times out the same way as the original query. The chances are reduced to some extent by the database buffer cache which keeps the previously loaded records in memory; Thus, the consecutive (short-term) lookup of the same rows will not have very high impact on the performance.
The snippet above can be a short term fix until a proper solution is in place. Offset pagination gets slower as the page number increases which means that there might be a chance where the offset paginated query times out the same way as the original query. The chances are reduced to some extent by the database buffer cache which keeps the previously loaded records in memory; Thus, the consecutive (short-term) lookup of the same rows will not have very high impact on the performance.
Pros:

6
doc/development/database/filtering_by_label.md
View File

@ -37,10 +37,10 @@ ORDER BY
LIMIT 20 OFFSET 0
```
In particular, note that:
Specifically:
1. We `GROUP BY issues.id` so that we can ...
1. Use the `HAVING (COUNT(DISTINCT labels.title) = 2)` condition to ensure that
1. `GROUP BY issues.id` groups the results by issues.
1. `HAVING (COUNT(DISTINCT labels.title) = 2)` ensures that
all matched issues have both labels.
This is more complicated than is ideal. It makes the query construction more

24
doc/development/duo_workflow/_index.md
View File

@ -5,14 +5,14 @@ info: Any user with at least the Maintainer role can merge updates to this conte
title: Development of GitLab Duo Workflow
---
This guide describes how to set up the local development environment for the various projects that make up [GitLab Duo Workflow](../../user/duo_workflow/_index.md).
How to set up the local development environment to run [GitLab Duo Workflow](../../user/duo_workflow/_index.md).
## Prerequisites
- Vertex API access
- You need access to the `ai-enablement-dev-69497ba7` project in GCP. This should by available to all engineers at GitLab.
- Docker
- See which Docker tooling is approved for GitLab team members in the [handbook](https://handbook.gitlab.com/handbook/tools-and-tips/mac/#docker-desktop).
- [GitLab Ultimate license](https://handbook.gitlab.com/handbook/engineering/developer-onboarding/#working-on-gitlab-ee-developer-licenses)
- [Vertex access](https://gitlab.com/gitlab-org/gitlab-development-kit/-/blob/main/doc/howto/gitlab_ai_gateway.md#use-the-existing-project): You need access to the `ai-enablement-dev-69497ba7` project in GCP because GDK by default uses Anthropic hosted on Vertex. Access to this project should be available to all engineers at GitLab.
- If you do not have Vertex access for any reason, you should unset `DUO_WORKFLOW__VERTEX_PROJECT_ID` in the Duo Workflow Service and set `ANTHROPIC_API_KEY` to a regular Anthropic API key
- Various settings and feature flags, which are enabled for you by the [GDK setup script](#gdk-setup)
## Set up local development for Workflow
@ -25,19 +25,21 @@ Workflow consists of four separate services:
### GDK Setup
We recommend [setting up GitLab Duo Workflow directly with the GitLab Development Kit (GDK)](https://gitlab.com/gitlab-org/gitlab-development-kit/-/blob/main/doc/howto/duo_workflow.md?ref_type=heads)
for setting up local versions of GitLab, the GitLab Duo Workflow Service and Executor.
You should [set up GitLab Duo Workflow with the GitLab Development Kit (GDK)](https://gitlab.com/gitlab-org/gitlab-development-kit/-/blob/main/doc/howto/duo_workflow.md)
to run local versions of GitLab, Duo Workflow Service, and Executor.
This setup can be used with the [publicly available version of the VS Code Extension](https://marketplace.visualstudio.com/items?itemName=GitLab.gitlab-workflow).
Follow [these instructions](#gitlab-duo-workflow-ui-in-visual-studio-code-vs-code) to see the GitLab Duo Workflow UI local build in VS Code if you want to actively need to develop it or use an unreleased version.
Follow [these instructions](#gitlab-duo-workflow-ui-in-visual-studio-code-vs-code) to see the GitLab Duo Workflow UI local build in VS Code. A local build is required if you are making VS Code changes or need use an unreleased version.
### Manual Setup
#### GitLab Duo Workflow UI in Visual Studio Code (VS Code)
There is no need for the GDK, Workflow service or Workflow executor local build to test the GitLab Duo Workflow UI.
Only set these up if you are making changes to one of these packages and need to test their integration with the GitLab Duo Workflow UI in VS Code.
Please refer to the [GitLab Duo Workflow README.md](https://gitlab.com/gitlab-org/editor-extensions/gitlab-lsp/-/blob/main/packages/webview_duo_workflow/README.md) file in the Language Server project to get started with local development of GitLab Duo Workflow UI.
Only set these up if you are making changes to one of them and need to test their integration with the GitLab Duo Workflow UI.
Refer to the [GitLab Duo Workflow README](https://gitlab.com/gitlab-org/editor-extensions/gitlab-lsp/-/blob/main/packages/webview_duo_workflow/README.md) file in the Language Server project to get started with local development of GitLab Duo Workflow UI.
#### Set up your local GitLab instance
@ -80,7 +82,7 @@ Please refer to the [GitLab Duo Workflow README.md](https://gitlab.com/gitlab-or
#### Set up the GitLab Duo Workflow Service and Executor
Refer to the readme of [GitLab Duo Workflow Service](https://gitlab.com/gitlab-org/duo-workflow/duo-workflow-service) and [GitLab Duo Workflow Executor](https://gitlab.com/gitlab-org/duo-workflow/duo-workflow-executor/) to set them up individually.
Refer to the [GitLab Duo Workflow Service README](https://gitlab.com/gitlab-org/duo-workflow/duo-workflow-service) and [GitLab Duo Workflow Executor](https://gitlab.com/gitlab-org/duo-workflow/duo-workflow-executor/) to set them up individually.
## Troubleshooting

2
doc/development/experiment_guide/experiment_code_reviews.md
View File

@ -17,7 +17,7 @@ exist in the application. These tests should help prevent the experiment code fr
being removed before the [experiment cleanup process](https://handbook.gitlab.com/handbook/marketing/growth/engineering/experimentation/#experiment-cleanup-issue) starts.
If, as a reviewer or maintainer, you find code that would usually fail review
but is acceptable for now, mention your concerns with a note that there's no
but is acceptable for now, mention your concerns with a note stating that there's no
need to change the code. The author can then add a comment to this piece of code
and link to the issue that resolves the experiment. The author or reviewer can add a link to this concern in the
experiment rollout issue under the `Experiment Successful Cleanup Concerns` section of the description.

2
doc/development/export_csv.md
View File

@ -7,7 +7,7 @@ title: Export to CSV
This document lists the different implementations of CSV export in GitLab codebase.
| Export type | How it works | Advantages | Disadvantages | Existing examples |
| Export type | Implementation | Advantages | Disadvantages | Existing examples |
|---|---|---|---|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Streaming | - Query and yield data in batches to a response stream.<br>- Download starts immediately. | - Report available immediately. | - No progress indicator.<br>- Requires a reliable connection. | [Export audit event log](../administration/compliance/audit_event_reports.md#exporting-audit-events) |
| Downloading | - Query and write data in batches to a temporary file.<br>- Loads the file into memory.<br>- Sends the file to the client. | - Report available immediately. | - Large amount of data might cause request timeout.<br>- Memory intensive.<br>- Request expires when the user goes to a different page. | - [Export Chain of Custody Report](../user/compliance/compliance_center/compliance_chain_of_custody_report.md)<br>- [Export License Usage File](../subscriptions/self_managed/_index.md#export-your-license-usage) |

2
doc/development/fe_guide/date_and_time.md
View File

@ -61,7 +61,7 @@ newDate('2020-02-02') // Sun Feb 02 2020 00:00:00 GMT-0800 (Pacific Standard Tim
// add a time component
new Date('2020-02-02T00:00') // Sun Feb 02 2020 00:00:00 GMT-0800 (Pacific Standard Time)
// use the (year, month, day) constructor - note that month is 0-indexed (another source of possible bugs, yay!)
// use the (year, month, day) constructor - month is 0-indexed (another source of possible bugs, yay!)
new Date(2020, 1, 2) // Sun Feb 02 2020 00:00:00 GMT-0800 (Pacific Standard Time)
// bad

2
doc/development/fe_guide/view_component.md
View File

@ -331,4 +331,4 @@ If you need to have a custom layout for your ViewComponent preview consider usin
- `app/assets/javascripts/entrypoints/lookbook` for your custom JavaScript code
- `app/assets/stylesheets/lookbook` for your custom SASS code
Please note that JavaScript and SASS code has to be manually included in the layout.
JavaScript and SASS code have to be manually included in the layout.

2
doc/development/feature_flags/_index.md
View File

@ -46,7 +46,7 @@ offer a way for customers to enable or disable features for themselves on
GitLab.com or self-managed and can remain in the codebase as long as needed. In
contrast users have no way to enable or disable feature flags for themselves on
GitLab.com and only self-managed admins can change the feature flags.
Also note that
Also,
[feature flags are not supported in GitLab Dedicated](../enabling_features_on_dedicated.md#feature-flags)
which is another reason you should not use them as a replacement for settings.

2
doc/development/gitlab_flavored_markdown/banzai_pipeline_and_parsing.md
View File

@ -63,7 +63,7 @@ For this we use several techniques:
- For certain filters that can take a long time, we use a Ruby timeout with `Gitlab::RenderTimeout.timeout` in [TimeoutFilterHandler](https://gitlab.com/gitlab-org/gitlab/blob/master/lib/banzai/filter/concerns/timeout_filter_handler.rb).
This allows us to interrupt the actual processing if it takes too long.
It's **important** to note that in general using Ruby `timeout` is [not considered safe](https://jvns.ca/blog/2015/11/27/why-rubys-timeout-is-dangerous-and-thread-dot-raise-is-terrifying/).
In general, using Ruby `timeout` is [not considered safe](https://jvns.ca/blog/2015/11/27/why-rubys-timeout-is-dangerous-and-thread-dot-raise-is-terrifying/).
We therefore only use it when absolutely necessary, preferring to fix an actual performance problem rather then using a timeout.
- [PipelineTimingCheck](https://gitlab.com/gitlab-org/gitlab/blob/master/lib/banzai/filter/concerns/pipeline_timing_check.rb) allows us to keep track of the cumulative amount of time the pipeline is taking. When we reach a maximum, we can then skip any remaining filters.
For nearly all filters, it's generally ok to skip them in a case like this in order to show the user _something_, rather than nothing.

2
doc/development/go_guide/_index.md
View File

@ -259,7 +259,7 @@ func Test(t *testing.T) {
want := TestData{}
got := FuncUnderTest()
require.Equal(t, want, got) // note that expected value comes first, then comes the actual one ("diff" semantics)
require.Equal(t, want, got) // expected value comes first, then comes the actual one ("diff" semantics)
})
}
```

2
doc/development/i18n/proofreader.md
View File

@ -82,6 +82,8 @@ are very appreciative of the work done by translators and proofreaders!
- Korean
- Sunjung Park - [GitLab](https://gitlab.com/sunjungp), [Crowdin](https://crowdin.com/profile/sunjungp)
- Hwanyong Lee - [GitLab](https://gitlab.com/hwan_ajou), [Crowdin](https://crowdin.com/profile/grbear)
- Latvian
- 𝕠𝕠𝕠𝕝 - [GitLab](https://gitlab.com/Coool), [Crowdin](https://crowdin.com/profile/Coool)
- Mongolian
- Proofreaders needed.
- Norwegian Bokmal

2
doc/development/performance.md
View File

@ -149,7 +149,7 @@ you to see where time is spent in a process. The
[Stackprof](https://github.com/tmm1/stackprof) gem is included in GitLab,
allowing you to profile which code is running on CPU in detail.
It's important to note that profiling an application *alters its performance*.
Profiling an application *alters its performance*.
Different profiling strategies have different overheads. Stackprof is a sampling
profiler. It samples stack traces from running threads at a configurable
frequency (for example, 100 hz, that is 100 stacks per second). This type of profiling

4
doc/development/pipelines/_index.md
View File

@ -210,7 +210,7 @@ and `rspec rspec-ee-pg16-rerun-previous-failed-tests` jobs run the failed tests
This was introduced on August 25th 2021, with <https://gitlab.com/gitlab-org/gitlab/-/merge_requests/69053>.
### How it works?
### How the failed test is re-run
1. The `detect-previous-failed-tests` job (`prepare` stage) detects the test files associated with failed RSpec
jobs from the previous MR pipeline.
@ -574,7 +574,7 @@ before we resolve [Developer-level users no longer able to run pipelines on prot
It's used to run `sync-as-if-jh-branch` to synchronize the dependencies
when the merge requests changed the dependencies. See
[How we generate the as-if-JH branch](#how-we-generate-the-as-if-jh-branch)
for how it works.
for its implementation.
###### Temporary GitLab JH validation project variables

2
doc/development/python_guide/getting_started.md
View File

@ -17,7 +17,7 @@ This guide helps non-Python developers get started with Python quickly and effic
mise use python@3.14
```
- Please note that while macOS comes with Python pre-installed, it's strongly advised to install and use a separate version of Python
- While macOS comes with Python pre-installed, it's strongly advised to install and use a separate version of Python
1. **Install Poetry** for package management:
- Poetry is a modern, Python-specific dependency manager that simplifies packaging and dependency handling. To install it, run:

2
doc/development/sec/vulnerability_tracking.md
View File

@ -75,7 +75,7 @@ The SAST Analyzer runs in a CI context, analyzes the source code and produces a
Tracking Calculator is directly embedded into the [Docker image of the SAST Analyzer](https://gitlab.com/gitlab-org/security-products/analyzers/semgrep/-/blob/52bedd15745ddb6124662e0dcda331e2e64b000b/Dockerfile#L5) (internal)
and invoked by means of [this script](https://gitlab.com/gitlab-org/security-products/post-analyzers/scripts/-/blob/474cfd78054d97291155045eaef66aa3b7919368/start.sh).
It is important to note that Tracking Calculator already [performs deduplication](https://gitlab.com/gitlab-org/security-products/post-analyzers/tracking-calculator/-/blob/c7b6f255ad030e6b9da58c12fa87204b8df71129/trackinginfo/sast.go#L127)
Tracking Calculator already [performs deduplication](https://gitlab.com/gitlab-org/security-products/post-analyzers/tracking-calculator/-/blob/c7b6f255ad030e6b9da58c12fa87204b8df71129/trackinginfo/sast.go#L127)
that is enabled by default. In the example above we have two different
algorithms `scope_offset_compressed` and `scope_offset` where
`scope_offset_compressed` is considered an improvement of `scope_offset` so

4
doc/integration/advanced_search/elasticsearch.md
View File

@ -89,10 +89,12 @@ before we remove them.
| GitLab version | OpenSearch version |
|-------------------------|--------------------------------|
| GitLab 17.6.3 and later | OpenSearch 1.x and later |
| GitLab 17.6.3 and later | OpenSearch 1.x and 2.x |
| GitLab 15.5.3 to 17.6.2 | OpenSearch 1.x, 2.0 to 2.17 |
| GitLab 15.0 to 15.5.2 | OpenSearch 1.x |
OpenSearch 3.0 is not supported, see [issue 540086](https://gitlab.com/gitlab-org/gitlab/-/issues/540086).
If your version of Elasticsearch or OpenSearch is incompatible, to prevent data loss, indexing pauses and
a message is logged in the
[`elasticsearch.log`](../../administration/logs/_index.md#elasticsearchlog) file.

4
doc/operations/feature_flags.md
View File

@ -27,7 +27,7 @@ For an example of feature flags in action, see [Eliminating risk with feature fl
For a click-through demo, see [Feature Flags](https://tech-marketing.gitlab.io/static-demos/feature-flags/feature-flags-html.html).
<!-- Demo published on 2023-07-13 -->
## How it works
## Using feature flags
GitLab offers an [Unleash](https://github.com/Unleash/unleash)-compatible API for feature flags.
@ -411,7 +411,7 @@ This feature is similar to the [linked issues](../user/project/issues/related_is
GitLab feature flags can be used in any application. Large applications might require advance configuration.
This section explains the performance factors to help your organization to identify
what's needed to be done before using the feature.
Read [How it works](#how-it-works) section before diving into the details.
For more information, see [using feature flags](#using-feature-flags).
### Maximum supported clients in application nodes

2
doc/security/hardening_nist_800_53.md
View File

@ -614,7 +614,7 @@ application code include:
#### Patch Management
GitLab documents its [Release and Maintenance Policy](../policy/maintenance.md)
in the documentation. Prior to upgrading a GitLab instance, please review the
in the documentation. Prior to upgrading a GitLab instance, review the
available guidance, which can assist with [planning an upgrade](../update/plan_your_upgrade.md),
[upgrading without downtime](../update/zero_downtime.md),
and other [upgrade paths](../update/upgrade_paths.md).

2
doc/solutions/components/integrated_snyk.md
View File

@ -23,7 +23,7 @@ title: GitLab Application Security Workflow Integrated with Snyk
This is an integration between Snyk and GitLab CI via a GitLab CI/CD Component.
## How it works
## Snyk workflow
This project has a component that runs the Snyk CLI and outputs the scan report in the SARIF format. It calls a separate component that converts SARIF to the GitLab vulnerability record format using a job based on the semgrep base image.

2
doc/subscriptions/self_managed/_index.md
View File

@ -515,7 +515,7 @@ To manually renew your subscription:
a copy of the renewal term activation code.
1. [Add the activation code](../../administration/license.md) to your instance.
To add products to your subscription, please [contact the sales team](https://customers.gitlab.com/contact_us).
To add products to your subscription, [contact the sales team](https://customers.gitlab.com/contact_us).
### Automatic subscription renewal

2
doc/topics/release_your_application.md
View File

@ -32,5 +32,5 @@ release features incrementally.
- Use GitLab CI/CD to target any type of infrastructure accessible by GitLab Runner.
[User and pre-defined environment variables](../ci/variables/_index.md) and CI/CD templates
support setting up a vast number of deployment strategies.
- Use GitLab [Cloud Seed](../cloud_seed/_index.md), an open-source Incubation Engineering program,
- Use GitLab [Cloud Seed](../cloud_seed/_index.md)
to set up deployment credentials and deploy your application to Google Cloud Run with minimal friction.

8
doc/update/zero_downtime.md
View File

@ -20,18 +20,18 @@ At a high level, this process is done by sequentially upgrading GitLab nodes in
Load Balancing, HA systems and graceful reloads to minimize the disruption.
For the purposes of this guide it will only pertain to the core GitLab components where applicable. For upgrades
or management of third party services, such as AWS RDS, please refer to the respective documentation.
or management of third party services, such as AWS RDS, refer to the respective documentation.
## Before you start
Achieving _true_ zero downtime as part of an upgrade is notably difficult for any distributed application. The process detailed in
this guide has been tested as given against our HA [Reference Architectures](../administration/reference_architectures/_index.md)
and was found to result in effectively no observable downtime, but please be aware your mileage may vary dependent on the specific system makeup.
and was found to result in effectively no observable downtime, but be aware your mileage may vary dependent on the specific system makeup.
For additional confidence, some customers have found success with further techniques such as the
manually draining nodes by using specific load balancer or infrastructure capabilities. These techniques depend greatly
on the underlying infrastructure capabilities and as a result are not covered in this guide.
For any additional information please reach out to your GitLab representative
For any additional information reach out to your GitLab representative
or the [Support team](https://about.gitlab.com/support/).
## Requirements and considerations
@ -48,7 +48,7 @@ The zero-downtime upgrade process has the following requirements:
- You have to use post-deployment migrations.
- [Zero-downtime upgrades are not available with the GitLab Charts](https://docs.gitlab.com/charts/installation/upgrade.html). Support is available with the [GitLab Operator](https://docs.gitlab.com/operator/gitlab_upgrades.html) but there are [known limitations](https://docs.gitlab.com/operator/#known-issues) with this deployment method and as such it's not covered in this guide at this time.
In addition to the above, please be aware of the following considerations:
In addition to the above, be aware of the following considerations:
- Most of the time, you can safely upgrade from a patch release to the next minor release if the patch release is not the latest.
For example, upgrading from `16.3.2` to `16.4.1` should be safe even if `16.3.3` has been released. You should verify the

2
doc/user/application_security/dast/browser/checks/16.2.md
View File

@ -26,7 +26,7 @@ IIS:
For IIS-based websites version 10 and later, you can use the `removeServerHeader` element to the `requestFiltering`
section of the `Web.config` file.
For all other server types, please consult your product's documentation on how to redact the version information from
For all other server types, consult your product's documentation on how to redact the version information from
the `Server` header.
## Details

2
doc/user/application_security/dast/browser/checks/16.3.md
View File

@ -19,7 +19,7 @@ We recommend that the version information be removed from the `X-Powered-By` hea
PHP:
For PHP based web sites, set the `expose_php` option to `off` in the `php.ini` configuration file.
For all other server types, please consult your product's documentation on how to redact the version
For all other server types, consult your product's documentation on how to redact the version
information from the `X-Powered-By` header.
## Details

2
doc/user/application_security/dast/browser/checks/16.8.md
View File

@ -12,7 +12,7 @@ hardening a website against various client side attacks such as Cross-Site Scrip
## Remediation
If the target site is missing a CSP, please investigate the relevant URLs for enabling CSP. Otherwise,
If the target site is missing a CSP, investigate the relevant URLs for enabling CSP. Otherwise,
follow the recommendations to determine if any actions are necessary.
## Details

2
doc/user/application_security/dast/browser/checks/548.1.md
View File

@ -27,7 +27,7 @@ IIS:
For IIS-based websites version 7.0 and later, you can use the `<directoryBrowse enabled="false" />` element
in the `applicationHost.config` or `Web.config` files.
For all other server types, please consult your product's documentation on how to disable directory
For all other server types, consult your product's documentation on how to disable directory
indexing.
## Details

6
doc/user/application_security/dependency_scanning/dependency_scanning_sbom/_index.md
View File

@ -122,14 +122,14 @@ Enable the Dependency Scanning using SBOM feature with one of the following opti
- Provide your own CycloneDX SBOM document as [a CI/CD artifact report](../../../../ci/yaml/artifacts_reports.md#artifactsreportscyclonedx) from a successful pipeline.
The preferred method is to use the new Dependency Scanning analyzer and this is what is documented in the next section.
To enable the (deprecated) Gemnasium analyzer please refer to the enablement instructions for the [legacy Dependency Scanning feature](../_index.md#enabling-the-analyzer).
To enable the (deprecated) Gemnasium analyzer, refer to the enablement instructions for the [legacy Dependency Scanning feature](../_index.md#enabling-the-analyzer).
## Enabling the analyzer
The Dependency Scanning analyzer produces a CycloneDX SBOM report compatible with GitLab. If your
application can't generate such a report, you can use the GitLab analyzer to produce one.
Please share any feedback on the new Dependency Scanning analyzer in this [feedback issue](https://gitlab.com/gitlab-org/gitlab/-/issues/523458).
Share any feedback on the new Dependency Scanning analyzer in this [feedback issue](https://gitlab.com/gitlab-org/gitlab/-/issues/523458).
Prerequisites:
@ -468,7 +468,7 @@ positives.
### Customizing behavior with the CI/CD template
When using the `latest` Dependency Scanning CI/CD template `Dependency-Scanning.latest.gitlab-ci.yml` or [Scan Execution Policies](../../policies/scan_execution_policies.md) please use [CI/CD variables](#available-cicd-variables).
When using the `latest` Dependency Scanning CI/CD template `Dependency-Scanning.latest.gitlab-ci.yml` or [Scan Execution Policies](../../policies/scan_execution_policies.md) use [CI/CD variables](#available-cicd-variables).
#### Available CI/CD variables

8
doc/user/application_security/dependency_scanning/migration_guide_to_sbom_based_scans.md
View File

@ -68,7 +68,7 @@ The Dependency Scanning using SBOM approach separates these tasks into two disti
- Second, the detected components are sent to the GitLab platform to perform a thorough security analysis using the built-in GitLab SBOM Vulnerability Scanner. You're already benefiting from this scanner with the [Continuous Vulnerability Scanning](../continuous_vulnerability_scanning/_index.md) feature.
This separation of concerns brings several advantages for future enhancements, but it also means some changes are necessary since the security analysis happens outside the CI/CD pipeline.
This impacts the availability of some functionalities that depend on the security analysis to run in the CI/CD pipeline. Please review [the deprecation announcement](../../../update/deprecations.md#dependency-scanning-upgrades-to-the-gitlab-sbom-vulnerability-scanner) for a complete description.
This impacts the availability of some functionalities that depend on the security analysis to run in the CI/CD pipeline. Review [the deprecation announcement](../../../update/deprecations.md#dependency-scanning-upgrades-to-the-gitlab-sbom-vulnerability-scanner) for a complete description.
### CI/CD configuration
@ -142,7 +142,7 @@ For multi-language projects, complete all relevant language-specific migration s
{{< alert type="note" >}}
If you decide to migrate from the CI/CD template to the CI/CD component, please review the [current limitations](../../../ci/components/_index.md#use-a-gitlabcom-component-on-gitlab-self-managed) for GitLab Self-Managed.
If you decide to migrate from the CI/CD template to the CI/CD component, review the [current limitations](../../../ci/components/_index.md#use-a-gitlabcom-component-on-gitlab-self-managed) for GitLab Self-Managed.
{{< /alert >}}
@ -156,7 +156,7 @@ In the following sections, you'll find detailed instructions for each supported
- What specific files you need to provide
- How to generate these files if they're not already part of your workflow
Please share any feedback on the new Dependency Scanning analyzer in this [feedback issue](https://gitlab.com/gitlab-org/gitlab/-/issues/523458).
Share any feedback on the new Dependency Scanning analyzer in this [feedback issue](https://gitlab.com/gitlab-org/gitlab/-/issues/523458).
### Bundler
@ -498,7 +498,7 @@ Prerequisites:
- Complete [the generic migration steps](#migrate-to-dependency-scanning-using-sbom) required for all projects.
There are no additional steps to migrate a Yarn project to use the Dependency Scanning analyzer. If you use the Resolve a vulnerability via merge request feature please check [the deprecation announcement](../../../update/deprecations.md#resolve-a-vulnerability-for-dependency-scanning-on-yarn-projects) for available actions. If you use the JavaScript vendored files scan feature, please check the [deprecation announcement](../../../update/deprecations.md#dependency-scanning-for-javascript-vendored-libraries) for available actions.
There are no additional steps to migrate a Yarn project to use the Dependency Scanning analyzer. If you use the Resolve a vulnerability via merge request feature check [the deprecation announcement](../../../update/deprecations.md#resolve-a-vulnerability-for-dependency-scanning-on-yarn-projects) for available actions. If you use the JavaScript vendored files scan feature, check the [deprecation announcement](../../../update/deprecations.md#dependency-scanning-for-javascript-vendored-libraries) for available actions.
## Changes to CI/CD variables

2
doc/user/application_security/policies/scan_execution_policies.md
View File

@ -375,7 +375,7 @@ rule in the defined policy are met.
{{< alert type="note" >}}
If you have merge request pipelines enabled for your project, you must set the `AST_ENABLE_MR_PIPELINES` CI/CD variable to `"true"` in your policy for each enforced scan. For more information on using security scanning tools with merge request pipelines, please refer to the [security scanning documentation](../../application_security/detect/roll_out_security_scanning.md#use-security-scanning-tools-with-merge-request-pipelines).
If you have merge request pipelines enabled for your project, you must set the `AST_ENABLE_MR_PIPELINES` CI/CD variable to `"true"` in your policy for each enforced scan. For more information on using security scanning tools with merge request pipelines, refer to the [security scanning documentation](../../application_security/detect/roll_out_security_scanning.md#use-security-scanning-tools-with-merge-request-pipelines).
{{< /alert >}}

2
doc/user/application_security/sast/advanced_sast_coverage.md
View File

@ -124,6 +124,6 @@ GitLab Advanced SAST finds the following types of weaknesses in each programming
{{< alert type="note" >}}
Did this page answer the question you had? If not, please comment on [epic 15343](https://gitlab.com/groups/gitlab-org/-/epics/15343) to share your use case.
Did this page answer the question you had? If not, comment on [epic 15343](https://gitlab.com/groups/gitlab-org/-/epics/15343) to share your use case.
{{< /alert >}}

2
doc/user/application_security/sast/analyzers.md
View File

@ -118,7 +118,7 @@ These rules replace language-specific analyzers that were used in previous relea
### Vulnerability translation
The Vulnerability Management system automatically moves vulnerabilities from the old analyzer to a new Semgrep-based finding when possible. For translation to the GitLab Advanced SAST analyzer, please refer to the [GitLab Advanced SAST documentation](gitlab_advanced_sast.md).
The Vulnerability Management system automatically moves vulnerabilities from the old analyzer to a new Semgrep-based finding when possible. For translation to the GitLab Advanced SAST analyzer, refer to the [GitLab Advanced SAST documentation](gitlab_advanced_sast.md).
When this happens, the system combines the vulnerabilities from each analyzer into a single record.

2
doc/user/application_security/sast/gitlab_advanced_sast.md
View File

@ -251,7 +251,7 @@ For details, see [Customize rulesets](customize_rulesets.md#disable-predefined-g
## Request source code of LGPL-licensed components in GitLab Advanced SAST
To request information about the source code of LGPL-licensed components in GitLab Advanced SAST, please
To request information about the source code of LGPL-licensed components in GitLab Advanced SAST,
[contact GitLab Support](https://about.gitlab.com/support/).
To ensure a quick response, include the GitLab Advanced SAST analyzer version in your request.

2
doc/user/application_security/secret_detection/pipeline/configure.md
View File

@ -256,7 +256,7 @@ variables:
SECRET_DETECTION_RULESET_GIT_REFERENCE: "gitlab.com/example-group/remote-ruleset-project"
```
Pipeline secret detection assumes the configuration is defined in `.gitlab/secret-detection-ruleset.toml` file in the repository referenced by the CI variable where the remote ruleset is stored. If that file doesn't exist, please make sure to [create one](#create-a-ruleset-configuration-file) and follow the steps to [override](#override-a-rule) or [disable](#disable-a-rule) a predefined rule as outlined above.
Pipeline secret detection assumes the configuration is defined in `.gitlab/secret-detection-ruleset.toml` file in the repository referenced by the CI variable where the remote ruleset is stored. If that file doesn't exist, make sure to [create one](#create-a-ruleset-configuration-file) and follow the steps to [override](#override-a-rule) or [disable](#disable-a-rule) a predefined rule as outlined above.
{{< alert type="note" >}}

2
doc/user/application_security/vulnerabilities/_index.md
View File

@ -157,7 +157,7 @@ To resolve the vulnerability:
1. Select outside the filter field. The vulnerability severity totals and list of matching vulnerabilities are updated.
1. Select the SAST vulnerability you want resolved.
- A blue icon is shown next to vulnerabilities that support Vulnerability Resolution.
1. In the upper-right corner, select **Resolve with AI**. If this project is a public project be aware that creating an MR will publicly expose the vulnerability and offered resolution. To create the MR privately, please [create a private fork](../../project/merge_requests/confidential.md), and repeat this process.
1. In the upper-right corner, select **Resolve with AI**. If this project is a public project be aware that creating an MR will publicly expose the vulnerability and offered resolution. To create the MR privately, [create a private fork](../../project/merge_requests/confidential.md), and repeat this process.
1. Add an additional commit to the MR. This forces a new pipeline to run.
1. After the pipeline is complete, on the [pipeline security tab](../vulnerability_report/pipeline.md#view-vulnerabilities-in-a-pipeline), confirm that the vulnerability no longer appears.
1. On the vulnerability report, [manually update the vulnerability](../vulnerability_report/_index.md#change-status-of-vulnerabilities).

2
doc/user/asciidoc.md
View File

@ -56,7 +56,7 @@ fixed-width font:
Admonition paragraphs grab the reader's attention:
- `NOTE: This is a brief reference, please read the full documentation at https://asciidoctor.org/docs/.`
- `NOTE: This is a brief reference, read the full documentation at https://asciidoctor.org/docs/.`
- `TIP: Lists can be indented. Leading whitespace is not significant.`
## Text formatting

8
doc/user/gitlab_duo/use_cases.md
View File

@ -55,7 +55,7 @@ you need to configure CI/CD.
- Chat can help with best practices for a `.gitignore` file for C#:
```markdown
Please show a .gitignore and .gitlab-ci.yml configuration for a C# project.
Show a .gitignore and .gitlab-ci.yml configuration for a C# project.
```
- If your CI/CD job fails, use Root Cause Analysis to [troubleshoot failed CI/CD jobs](../gitlab_duo_chat/examples.md#troubleshoot-failed-cicd-jobs-with-root-cause-analysis).
@ -63,7 +63,7 @@ you need to configure CI/CD.
GitLab Duo Chat, and ask for help:
```markdown
Please explain the CI/CD error: The current .NET SDK does not support targeting
Explain the CI/CD error: The current .NET SDK does not support targeting
.NET 8.0
```
@ -90,7 +90,7 @@ solutions level to avoid import problems.
```markdown
In C# and VS Code, how can I add a reference to a project from a test project?
Please provide the XML configuration which I can add to a C# .csproj file to add a
Provide the XML configuration which I can add to a C# .csproj file to add a
reference to another project in the existing solution?
```
@ -691,7 +691,7 @@ The refactoring examples involve the following:
GitLab Duo Chat helped with error debugging, prefixing the error message:
```markdown
please explain this error: undefined method `icon` for
Explain this error: undefined method `icon` for
```
## Code generation prompts

10
doc/user/gitlab_duo_chat/examples.md
View File

@ -316,7 +316,7 @@ A follow-up to the question `Write a Ruby function that prints 'Hello, World!' w
A follow-up to the question `How to start a C# project?` could be:
- `Can you also please explain how to add a .gitignore and .gitlab-ci.yml file for C#?`
- `Can you also explain how to add a .gitignore and .gitlab-ci.yml file for C#?`
## Ask about errors
@ -326,7 +326,7 @@ A follow-up to the question `How to start a C# project?` could be:
{{< /history >}}
Programming languages that require compiling the source code may throw cryptic error messages. Similarly, a script or a web application could throw a stack trace. You can ask GitLab Duo Chat by prefixing the copied error message with, for example, `Please explain this error message:`. Add the specific context, like the programming language.
Programming languages that require compiling the source code may throw cryptic error messages. Similarly, a script or a web application could throw a stack trace. You can ask GitLab Duo Chat by prefixing the copied error message with, for example, `Explain this error message:`. Add the specific context, like the programming language.
- `Explain this error message in Java: Int and system cannot be resolved to a type`
- `Explain when this C function would cause a segmentation fault: sqlite3_prepare_v2()`
@ -372,7 +372,7 @@ To do this:
For example, if you are developing an e-commerce app, you can add the `cart_service.py` and `checkout_flow.js` files to Chat's context and ask:
- `How does checkout_flow.js interact with cart_service.py? Please generate a sequence diagram using Mermaid.`
- `How does checkout_flow.js interact with cart_service.py? Generate a sequence diagram using Mermaid.`
- `Can you extend the checkout process by showing products related to the ones in the user's cart? I want to move the checkout logic to the backend before proceeding. Generate the Python backend code and change the frontend code to work with the new backend.`
{{< alert type="note" >}}
@ -523,9 +523,9 @@ You can ask GitLab Duo Chat to create a CI/CD configuration:
- `Create a CI/CD configuration for VueJS. Use npm, and add SAST security scanning.`
- `Generate a security scanning pipeline configuration, optimized for Java.`
You can also ask to explain specific job errors by copy-pasting the error message, prefixed with `Please explain this CI/CD job error message, in the context of <language>:`:
You can also ask to explain specific job errors by copy-pasting the error message, prefixed with `Explain this CI/CD job error message, in the context of <language>:`:
- `Please explain this CI/CD job error message in the context of a Go project: build.sh: line 14: go command not found`
- `Explain this CI/CD job error message in the context of a Go project: build.sh: line 14: go command not found`
Alternatively, you can use GitLab Duo Root Cause Analysis to [troubleshoot failed CI/CD jobs](#troubleshoot-failed-cicd-jobs-with-root-cause-analysis).

2
doc/user/packages/npm_registry/_index.md
View File

@ -632,7 +632,7 @@ In this case, the request body contains information about all packages in your p
To ensure your private package information stays within GitLab, always make sure to specify the GitLab registry when running `npm audit` commands.
#### Limitations
#### Known issues
- Audit results depend on [package forwarding](#package-forwarding-to-npmjscom) being enabled. If forwarding is disabled by an administrator or group Owner, `npm audit` does not return vulnerability information.
- The audit request includes information about all packages in your project, including private packages.

2
doc/user/project/import/github.md
View File

@ -101,7 +101,7 @@ GitHub Enterprise does not require a public email address, so you might have to
[GitHub auto-merge](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/automatically-merging-a-pull-request), the imported project in GitLab can have merge commits labeled `unverified` if the commit was signed with the GitHub internal GPG key.
- GitLab [can't import](https://gitlab.com/gitlab-org/gitlab/-/issues/424046) GitHub Markdown image attachments that
were uploaded to private repositories before 2023-05-09. If you encounter this problem, would like to help us resolve the problem, and are willing to provide a sample repository
for us, please add a comment to [issue 424046](https://gitlab.com/gitlab-org/gitlab/-/issues/424046) and we'll contact you.
for us, add a comment to [issue 424046](https://gitlab.com/gitlab-org/gitlab/-/issues/424046) and we'll contact you.
- For [GitLab-specific references](../../markdown.md#gitlab-specific-references), GitLab uses the `#` character for issues and a `!` character for merge requests.
However, GitHub uses only the `#` character for both issues and pull requests. When importing:

2
doc/user/project/pages/_index.md
View File

@ -67,7 +67,7 @@ For more information, see:
| [Modern static site generators](https://about.gitlab.com/blog/2016/06/10/ssg-overview-gitlab-pages-part-2/) | SSG overview. |
| [Build any SSG site with GitLab Pages](https://about.gitlab.com/blog/2016/06/17/ssg-overview-gitlab-pages-part-3-examples-ci/) | Use SSGs for GitLab Pages. |
## How it works
## Using GitLab Pages
To use GitLab Pages, you must create a project in GitLab to upload your website's
files to. These projects can be either public, internal, or private.

2
doc/user/project/service_desk/configure.md
View File

@ -576,7 +576,7 @@ In [Microsoft 365 admin center](https://admin.microsoft.com/Adminportal/Home#/ho
Set-TransportConfig -AllowLegacyTLSClients $true
```
1. If you want to forward to an external recipient, please see this guide on how to enable
1. If you want to forward to an external recipient, see this guide on how to enable
[external email forwarding](https://learn.microsoft.com/en-gb/defender-office-365/outbound-spam-policies-external-email-forwarding).
You might also want to [create an outbound anti-spam policy](https://security.microsoft.com/antispam)
to allow forwarding to external recipients only for users who need it.

23
doc/user/search/_index.md
View File

@ -64,8 +64,9 @@ For more information, see [issue 477333](https://gitlab.com/gitlab-org/gitlab/-/
{{< history >}}
- Restricting global search to authenticated users [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/41041) in GitLab 13.4 [with a flag](../../administration/feature_flags.md) named `block_anonymous_global_searches`. Disabled by default.
- Enabling or disabling anonymous searches [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/138975) in GitLab 16.7 [with a flag](../../administration/feature_flags.md) named `allow_anonymous_searches`. Enabled by default.
- Enabling or disabling anonymous searches [generally available](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/186727) in GitLab 17.11 as a UI option, instead of the `block_anonymous_global_searches` flag.
- Allowing search for unauthenticated users [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/138975) in GitLab 16.7 [with a flag](../../administration/feature_flags.md) named `allow_anonymous_searches`. Enabled by default.
- Restricting global search to authenticated users [generally available](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/186727) in GitLab 17.11. Feature flag `block_anonymous_global_searches` removed.
- Allowing search for unauthenticated users [generally available](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/190090) in GitLab 18.0. Feature flag `allow_anonymous_searches` removed.
{{< /history >}}
@ -77,16 +78,22 @@ By default, requests to `/search` and global search are available for unauthenti
To restrict `/search` to authenticated users only, do one of the following:
- [Restrict public visibility](../../administration/settings/visibility_and_access_controls.md#restrict-visibility-levels)
of the project or group.
- Disable the [feature flag](../../administration/feature_flags.md) `allow_anonymous_searches`.
- [Restrict visibility levels](../../administration/settings/visibility_and_access_controls.md#restrict-visibility-levels)
for the project or group.
- Restrict access in the **Admin** area:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Settings > Search**.
1. Expand **Advanced search**.
1. Clear the **Allow unauthenticated users to use search** checkbox.
1. Select **Save changes**.
To restrict global search to authenticated users only:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Settings > Search**.
1. Expand **Global search**
1. Select **Restrict global search to authenticated users**.
1. Expand **Visibility and access controls**
1. Select the **Restrict global search to authenticated users only** checkbox.
1. Select **Save changes**.
## Disable global search scopes
@ -116,7 +123,7 @@ To disable one or more global search scopes:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Settings > Search**.
1. Expand **Global search**.
1. Expand **Visibility and access controls**.
1. Clear the checkboxes for the scopes you want to disable.
1. Select **Save changes**.

4
lib/api/helpers/members_helpers.rb
View File

@ -26,6 +26,10 @@ module API
authorize! :"admin_#{source_type}_member", source
end
def authorize_invite_source_member!(source_type, source)
authorize! :"invite_#{source_type}_members", source
end
def authorize_update_source_member!(source_type, member)
authorize! :"update_#{source_type}_member", member
end

2
lib/api/invitations.rb
View File

@ -46,7 +46,7 @@ module API
source = find_source(source_type, params[:id])
authorize_admin_source_member!(source_type, source)
authorize_invite_source_member!(source_type, source)
create_service_params = declared_params.merge(source: source)

4
lib/tasks/gitlab/tw/codeowners.rake
View File

@ -1,5 +1,7 @@
# frozen_string_literal: true
# For information on how to update TW codeowners, see: https://docs.gitlab.com/development/documentation/metadata/#update-the-codeowners-file
namespace :tw do
desc 'Generates a list of codeowners for documentation pages.'
task :codeowners do
@ -85,7 +87,7 @@ namespace :tw do
# CodeOwnerRule.new('Subscription Management', ''),
CodeOwnerRule.new('Switchboard', '@emily.sahlani'),
CodeOwnerRule.new('Testing', '@eread'),
CodeOwnerRule.new('Tutorials', '@kpaizee'),
CodeOwnerRule.new('Tutorials', '@gl-docsteam'),
CodeOwnerRule.new('US Public Sector Services', '@emily.sahlani'),
CodeOwnerRule.new('Utilization', '@lciutacu')
# CodeOwnerRule.new('Vulnerability Research', '')

40
locale/gitlab.pot
View File

@ -5792,6 +5792,9 @@ msgstr ""
msgid "AiPowered|Expire conversation based on time conversation was last updated."
msgstr ""
msgid "AiPowered|Explore GitLab Duo Core"
msgstr ""
msgid "AiPowered|Features are available. However, any group, subgroup, or project can turn them off."
msgstr ""
@ -5801,6 +5804,9 @@ msgstr ""
msgid "AiPowered|Features are not available. However, any group, subgroup, or project can turn them on."
msgstr ""
msgid "AiPowered|Get started with GitLab Duo"
msgstr ""
msgid "AiPowered|Get started with GitLab Duo Core"
msgstr ""
@ -5921,6 +5927,9 @@ msgstr ""
msgid "AiPowered|When you save, GitLab Duo will be turned off for all groups, subgroups, and projects."
msgstr ""
msgid "AiPowered|You now have access to GitLab Duo Chat and Code Suggestions in supported IDEs. To start using these features, %{link1Start}install the GitLab extension in your IDE%{link1End}. If you already have this extension installed, %{link2Start}explore what you can do with GitLab Duo Core%{link2End}."
msgstr ""
msgid "Akismet"
msgstr ""
@ -6465,6 +6474,9 @@ msgstr ""
msgid "Allow top-level group owners to create Service accounts."
msgstr ""
msgid "Allow unauthenticated users to use search"
msgstr ""
msgid "Allow use of licensed EE features"
msgstr ""
@ -6864,6 +6876,9 @@ msgstr ""
msgid "An error occurred previewing the blob"
msgstr ""
msgid "An error occurred restoring this group. Please refresh the page to try again."
msgstr ""
msgid "An error occurred when trying to display this GLQL view:"
msgstr ""
@ -16695,15 +16710,15 @@ msgstr ""
msgid "Configure runner version management and registration settings."
msgstr ""
msgid "Configure search access and visibility settings for search scopes."
msgstr ""
msgid "Configure settings for Advanced Search with Elasticsearch."
msgstr ""
msgid "Configure settings for exact code search."
msgstr ""
msgid "Configure settings for global search."
msgstr ""
msgid "Configure specific limits for Files API requests that supersede the general user and IP rate limits."
msgstr ""
@ -22529,6 +22544,9 @@ msgstr ""
msgid "Disable group runners"
msgstr ""
msgid "Disable inviting new members to group or project by group/project owners or project maintainers"
msgstr ""
msgid "Disable password authentication for users with an SSO identity"
msgstr ""
@ -24480,6 +24498,9 @@ msgstr ""
msgid "Environment|Healthy"
msgstr ""
msgid "Environment|Needs attention"
msgstr ""
msgid "Environment|No Kubernetes clusters configured"
msgstr ""
@ -28424,9 +28445,6 @@ msgstr ""
msgid "Global SAML group membership lock"
msgstr ""
msgid "Global Search"
msgstr ""
msgid "Global Search is disabled for this scope"
msgstr ""
@ -46018,6 +46036,9 @@ msgstr ""
msgid "Prevent environment from auto-stopping"
msgstr ""
msgid "Prevent group/project member invitations"
msgstr ""
msgid "Prevent outdated deployment jobs"
msgstr ""
@ -51201,7 +51222,7 @@ msgstr ""
msgid "Restrict access by IP address"
msgstr ""
msgid "Restrict global search to authenticated users"
msgid "Restrict global search to authenticated users only"
msgstr ""
msgid "Restrict membership by email domain"
@ -56556,6 +56577,9 @@ msgstr ""
msgid "Service accounts"
msgstr ""
msgid "ServiceAccounts|Access Tokens"
msgstr ""
msgid "ServiceAccounts|Add Service Account"
msgstr ""
@ -57414,7 +57438,7 @@ msgstr ""
msgid "Show whitespace changes"
msgstr ""
msgid "Show wiki in global search results"
msgid "Show wikis in global search results"
msgstr ""
msgid "Showing %d project."

11
qa/qa/page/project/settings/runners.rb
View File

@ -9,12 +9,11 @@ module QA
element 'runner-status-icon'
end
def has_online_runner?
has_element?('runner-status-icon', status: 'online')
end
def has_offline_runner?
has_element?('runner-status-icon', status: 'offline')
def has_online_runner?(runner_id)
runner_element = find_element("#runner_#{runner_id}")
within(runner_element) do
has_element?('runner-status-icon', status: 'online')
end
end
end
end

5
qa/qa/service/docker_run/gitlab_runner.rb
View File

@ -65,7 +65,7 @@ module QA
def restart
super
wait_until_shell_command_matches("docker logs #{@name}", /Configuration loaded/)
wait_until_running_and_configured
end
private
@ -157,7 +157,8 @@ module QA
end
def wait_until_running_and_configured
wait_until_shell_command_matches("docker logs #{@name}", /Configuration loaded/)
output = shell("docker logs #{@name}")
raise "Runner failed. Output: #{output}" unless output&.include?("Configuration loaded")
end
end
end

2
qa/qa/specs/features/browser_ui/4_verify/runner/register_project_runner_spec.rb
View File

@ -27,7 +27,7 @@ module QA
Page::Project::Settings::CiCd.perform do |settings|
settings.expand_runners_settings do |page|
expect(page).to have_content(executor)
expect(page).to have_online_runner
expect(page).to have_online_runner(runner.id)
end
end
create_commit

2
qa/qa/specs/features/browser_ui/4_verify/runner/unregister_runner_spec.rb
View File

@ -20,7 +20,7 @@ module QA
Page::Project::Settings::CiCd.perform do |settings|
settings.expand_runners_settings do |page|
expect(page).to have_content(executor)
expect(page).to have_online_runner
expect(page).to have_online_runner(runner.id)
end
end

8
spec/controllers/search_controller_spec.rb
View File

@ -252,9 +252,9 @@ RSpec.describe SearchController, feature_category: :global_search do
end
end
context 'when allow_anonymous_searches is disabled' do
context 'when anonymous_searches_allowed is disabled' do
before do
stub_feature_flags(allow_anonymous_searches: false)
stub_application_setting(anonymous_searches_allowed: false)
end
context 'for unauthenticated user' do
@ -754,7 +754,7 @@ RSpec.describe SearchController, feature_category: :global_search do
describe 'redirecting' do
using RSpec::Parameterized::TableSyntax
where(:restricted_visibility_levels, :allow_anonymous_searches, :block_anonymous_global_searches, :redirect) do
where(:restricted_visibility_levels, :anonymous_searches_allowed, :block_anonymous_global_searches, :redirect) do
[Gitlab::VisibilityLevel::PUBLIC] | true | false | true
[Gitlab::VisibilityLevel::PRIVATE] | true | false | false
nil | true | false | false
@ -766,7 +766,7 @@ RSpec.describe SearchController, feature_category: :global_search do
with_them do
before do
stub_application_setting(restricted_visibility_levels: restricted_visibility_levels)
stub_feature_flags(allow_anonymous_searches: allow_anonymous_searches)
stub_application_setting(anonymous_searches_allowed: anonymous_searches_allowed)
stub_application_setting(global_search_block_anonymous_searches_enabled: block_anonymous_global_searches)
end

13
spec/frontend/api/groups_api_spec.js
View File

@ -13,6 +13,7 @@ import {
createGroup,
getSharedGroups,
deleteGroupMember,
restoreGroup,
} from '~/api/groups_api';
const mockApiVersion = 'v4';
@ -68,6 +69,18 @@ describe('GroupsApi', () => {
});
});
describe('restoreGroup', () => {
it('posts to the correct URL and returns the data', async () => {
const expectedUrl = `${mockUrlRoot}/api/${mockApiVersion}/groups/${mockGroupId}/restore`;
mock.onPost(expectedUrl).replyOnce(HTTP_STATUS_OK, group);
await expect(restoreGroup(mockGroupId)).resolves.toMatchObject({
data: group,
});
});
});
describe('getGroupTransferLocations', () => {
beforeEach(() => {
jest.spyOn(axios, 'get');

Some files were not shown because too many files have changed in this diff Show More