root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2024-12-17 15:33:59 +00:00
parent 704b5ab203
commit 2620cc543d
159 changed files with 1368 additions and 425 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitlab/ci/qa-common/main.gitlab-ci.yml
View File

@ -6,7 +6,7 @@ workflow:
include:
- local: .gitlab/ci/version.yml
- component: "gitlab.com/gitlab-org/quality/pipeline-common/allure-report@9.6.3"
- component: "gitlab.com/gitlab-org/quality/pipeline-common/allure-report@9.7.1"
inputs:
job_name: "e2e-test-report"
job_stage: "report"
@ -16,7 +16,7 @@ include:
gitlab_auth_token_variable_name: "PROJECT_TOKEN_FOR_CI_SCRIPTS_API_USAGE"
allure_job_name: "${QA_RUN_TYPE}"
- project: gitlab-org/quality/pipeline-common
ref: 9.6.3
ref: 9.7.1
file:
- /ci/base.gitlab-ci.yml
- /ci/knapsack-report.yml

2
.gitlab/ci/qa-common/variables.gitlab-ci.yml
View File

@ -18,4 +18,4 @@ variables:
# Retry failed specs in separate process
QA_RETRY_FAILED_SPECS: "true"
# helm chart ref used by test-on-cng pipeline
GITLAB_HELM_CHART_REF: "37029a770840f692c6b57b4ac0b6d498873ed355"
GITLAB_HELM_CHART_REF: "555aff3d2ae9c36e936e8a30b0376a765bea00d0"

2
.rubocop.yml
View File

@ -450,7 +450,7 @@ Gitlab/EventStoreSubscriber:
- 'spec/**/*'
- 'ee/spec/**/*'
Gitlab/DocUrl:
Gitlab/DocumentationLinks/HardcodedUrl:
Enabled: true
Exclude:
- danger/**/*

1
.rubocop_todo/gitlab/bounded_contexts.yml
View File

@ -154,7 +154,6 @@ Gitlab/BoundedContexts:
- 'app/graphql/mutations/branch_rules/create.rb'
- 'app/graphql/mutations/branch_rules/delete.rb'
- 'app/graphql/mutations/branch_rules/update.rb'
- 'app/graphql/mutations/branches/create.rb'
- 'app/graphql/mutations/commits/create.rb'
- 'app/graphql/mutations/concerns/mutations/assignable.rb'
- 'app/graphql/mutations/concerns/mutations/finds_namespace.rb'

2
.rubocop_todo/gitlab/doc_url.yml → .rubocop_todo/gitlab/documentation_links/hardcoded_url.yml
View File

@ -1,5 +1,5 @@
---
Gitlab/DocUrl:
Gitlab/DocumentationLinks/HardcodedUrl:
Exclude:
- 'app/controllers/jira_connect/app_descriptor_controller.rb'
- 'app/graphql/types/merge_request_type.rb'

1
.rubocop_todo/layout/line_end_string_concatenation_indentation.yml
View File

@ -425,7 +425,6 @@ Layout/LineEndStringConcatenationIndentation:
- 'rubocop/cop/database/avoid_using_pluck_without_limit.rb'
- 'rubocop/cop/gitlab/avoid_current_organization.rb'
- 'rubocop/cop/gitlab/avoid_gitlab_instance_checks.rb'
- 'rubocop/cop/gitlab/doc_url.rb'
- 'rubocop/cop/gitlab/license_available_usage.rb'
- 'rubocop/cop/gitlab/rails/safe_format.rb'
- 'rubocop/cop/gitlab/rspec/avoid_setup.rb'

20
.rubocop_todo/layout/space_inside_parens.yml
View File

@ -2,24 +2,7 @@
# Cop supports --autocorrect.
Layout/SpaceInsideParens:
Exclude:
- 'spec/lib/banzai/filter/repository_link_filter_spec.rb'
- 'spec/lib/gitlab/auth/o_auth/auth_hash_spec.rb'
- 'spec/lib/gitlab/ci/config/entry/reports_spec.rb'
- 'spec/lib/gitlab/ci/config/entry/trigger_spec.rb'
- 'spec/lib/gitlab/ci/parsers/security/common_spec.rb'
- 'spec/lib/gitlab/ci/parsers_spec.rb'
- 'spec/lib/gitlab/ci/reports/test_suite_spec.rb'
- 'spec/lib/gitlab/ci/templates/AWS/deploy_ecs_gitlab_ci_yaml_spec.rb'
- 'spec/lib/gitlab/ci/templates/MATLAB_spec.rb'
- 'spec/lib/gitlab/ci/templates/Terraform/base_gitlab_ci_yaml_spec.rb'
- 'spec/lib/gitlab/ci/templates/Terraform/base_latest_gitlab_ci_yaml_spec.rb'
- 'spec/lib/gitlab/ci/templates/auto_devops_gitlab_ci_yaml_spec.rb'
- 'spec/lib/gitlab/ci/templates/flutter_gitlab_ci_yaml_spec.rb'
- 'spec/lib/gitlab/ci/templates/kaniko_gitlab_ci_yaml_spec.rb'
- 'spec/lib/gitlab/ci/templates/katalon_gitlab_ci_yaml_spec.rb'
- 'spec/lib/gitlab/ci/templates/npm_spec.rb'
- 'spec/lib/gitlab/ci/templates/terraform_gitlab_ci_yaml_spec.rb'
- 'spec/lib/gitlab/ci/templates/terraform_latest_gitlab_ci_yaml_spec.rb'
- 'spec/lib/gitlab/database/migrations/runner_spec.rb'
- 'spec/lib/gitlab/database/reindexing/reindex_concurrently_spec.rb'
- 'spec/lib/gitlab/diff/highlight_cache_spec.rb'
@ -54,8 +37,6 @@ Layout/SpaceInsideParens:
- 'spec/lib/security/ci_configuration/sast_iac_build_action_spec.rb'
- 'spec/lib/security/ci_configuration/secret_detection_build_action_spec.rb'
- 'spec/mailers/emails/profile_spec.rb'
- 'spec/models/ci/pending_build_spec.rb'
- 'spec/models/ci/running_build_spec.rb'
- 'spec/models/ml/candidate_metric_spec.rb'
- 'spec/models/ml/candidate_spec.rb'
- 'spec/policies/clusters/agent_policy_spec.rb'
@ -74,7 +55,6 @@ Layout/SpaceInsideParens:
- 'spec/support/helpers/javascript_fixtures_helpers.rb'
- 'spec/support/helpers/kubernetes_helpers.rb'
- 'spec/support/shared_contexts/services/projects/container_repository/delete_tags_service_shared_context.rb'
- 'spec/support/shared_examples/ci/badge_template_shared_examples.rb'
- 'spec/support/shared_examples/controllers/destroy_hook_shared_examples.rb'
- 'spec/support/shared_examples/features/project_features_apply_to_issuables_shared_examples.rb'
- 'spec/support/shared_examples/features/wiki/user_views_wiki_page_shared_examples.rb'

2
GITLAB_KAS_VERSION
View File

@ -1 +1 @@
c31483002bbcea0cfb90ba3ceac47f0b19672521
ed1aac14a057630d36a4a7145e246c01b6c3f031

7
app/assets/javascripts/access_tokens/components/access_token_table_app.vue
View File

@ -1,5 +1,5 @@
<script>
import { GlButton, GlIcon, GlLink, GlPagination, GlTable, GlTooltipDirective } from '@gitlab/ui';
import { GlButton, GlLink, GlPagination, GlTable, GlTooltipDirective } from '@gitlab/ui';
import { helpPagePath } from '~/helpers/help_page_helper';
import axios from '~/lib/utils/axios_utils';
import {
@ -10,6 +10,7 @@ import {
import { __, s__, sprintf } from '~/locale';
import DomElementListener from '~/vue_shared/components/dom_element_listener.vue';
import TimeAgoTooltip from '~/vue_shared/components/time_ago_tooltip.vue';
import HelpIcon from '~/vue_shared/components/help_icon/help_icon.vue';
import UserDate from '~/vue_shared/components/user_date.vue';
import { EVENT_SUCCESS, FIELDS, INITIAL_PAGE, PAGE_SIZE } from './constants';
@ -26,12 +27,12 @@ export default {
components: {
DomElementListener,
GlButton,
GlIcon,
GlLink,
GlPagination,
GlTable,
TimeAgoTooltip,
UserDate,
HelpIcon,
},
directives: {
GlTooltip: GlTooltipDirective,
@ -209,7 +210,7 @@ export default {
<template #head(lastUsedAt)="{ label }">
<span>{{ label }}</span>
<gl-link :href="$options.lastUsedHelpLink"
><gl-icon name="question-o" class="gl-ml-2" /><span class="gl-sr-only">{{
><help-icon class="gl-ml-2" /><span class="gl-sr-only">{{
s__('AccessTokens|The last time a token was used')
}}</span></gl-link
>

7
app/assets/javascripts/access_tokens/components/inactive_access_token_table_app.vue
View File

@ -1,9 +1,10 @@
<script>
import { GlIcon, GlLink, GlPagination, GlTable, GlTooltipDirective } from '@gitlab/ui';
import { GlLink, GlPagination, GlTable, GlTooltipDirective } from '@gitlab/ui';
import { helpPagePath } from '~/helpers/help_page_helper';
import { convertObjectPropsToCamelCase } from '~/lib/utils/common_utils';
import { __ } from '~/locale';
import TimeAgoTooltip from '~/vue_shared/components/time_ago_tooltip.vue';
import HelpIcon from '~/vue_shared/components/help_icon/help_icon.vue';
import UserDate from '~/vue_shared/components/user_date.vue';
import { INACTIVE_TOKENS_TABLE_FIELDS, INITIAL_PAGE, PAGE_SIZE } from './constants';
@ -11,12 +12,12 @@ export default {
PAGE_SIZE,
name: 'InactiveAccessTokenTableApp',
components: {
GlIcon,
GlLink,
GlPagination,
GlTable,
TimeAgoTooltip,
UserDate,
HelpIcon,
},
directives: {
GlTooltip: GlTooltipDirective,
@ -88,7 +89,7 @@ export default {
<template #head(lastUsedAt)="{ label }">
<span>{{ label }}</span>
<gl-link :href="$options.lastUsedHelpLink"
><gl-icon name="question-o" class="gl-ml-2" /><span class="gl-sr-only">{{
><help-icon class="gl-ml-2" /><span class="gl-sr-only">{{
s__('AccessTokens|The last time a token was used')
}}</span></gl-link
>

7
app/assets/javascripts/token_access/components/token_permissions.vue
View File

@ -1,8 +1,9 @@
<script>
import { GlButton, GlFormCheckbox, GlIcon, GlLink, GlLoadingIcon } from '@gitlab/ui';
import { GlButton, GlFormCheckbox, GlLink, GlLoadingIcon } from '@gitlab/ui';
import { createAlert } from '~/alert';
import { __, sprintf } from '~/locale';
import { helpPagePath } from '~/helpers/help_page_helper';
import HelpIcon from '~/vue_shared/components/help_icon/help_icon.vue';
import CrudComponent from '~/vue_shared/components/crud_component.vue';
import updateCiJobTokenPermissionsMutation from '../graphql/mutations/update_ci_job_token_permissions.mutation.graphql';
import getCiJobTokenPermissionsQuery from '../graphql/queries/get_ci_job_token_permissions.query.graphql';
@ -12,10 +13,10 @@ export default {
components: {
GlButton,
GlFormCheckbox,
GlIcon,
GlLink,
GlLoadingIcon,
CrudComponent,
HelpIcon,
},
inject: ['fullPath'],
apollo: {
@ -112,7 +113,7 @@ export default {
'CICD|CI/CD job token can be used to authenticate a Git push to this repository, using the permissions of the user that started the job.',
)
}}<gl-link :href="$options.docsLink" target="_blank">
<gl-icon name="question-o" class="gl-ml-2" variant="info" />
<help-icon class="gl-ml-2" />
</gl-link>
</p>
</gl-form-checkbox>

1
app/assets/stylesheets/framework/variables_overrides.scss
View File

@ -20,6 +20,7 @@ $info: $blue-500;
$warning: $orange-500;
$danger: $red-500;
$zindex-modal-backdrop: 1040;
$zindex-duo-chat: 1040;
$nav-divider-margin-y: ($grid-size / 2);
$dropdown-item-padding-y: 8px;
$dropdown-item-padding-x: 12px;

43
app/graphql/mutations/branches/create.rb
View File

@ -1,43 +0,0 @@
# frozen_string_literal: true
module Mutations
module Branches
class Create < BaseMutation
graphql_name 'CreateBranch'
include FindsProject
argument :project_path, GraphQL::Types::ID,
required: true,
description: 'Project full path the branch is associated with.'
argument :name, GraphQL::Types::String,
required: true,
description: 'Name of the branch.'
argument :ref,
GraphQL::Types::String,
required: true,
description: 'Branch name or commit SHA to create branch from.'
field :branch,
Types::BranchType,
null: true,
description: 'Branch after mutation.'
authorize :push_code
def resolve(project_path:, name:, ref:)
project = authorized_find!(project_path)
result = ::Branches::CreateService.new(project, current_user)
.execute(name, ref)
{
branch: (result[:branch] if result[:status] == :success),
errors: Array.wrap(result[:message])
}
end
end
end
end

37
app/graphql/mutations/branches/delete.rb
View File

@ -1,37 +0,0 @@
# frozen_string_literal: true
module Mutations
module Branches # rubocop:disable Gitlab/BoundedContexts -- Existing module
class Delete < BaseMutation
graphql_name 'BranchDelete'
include FindsProject
argument :project_path, GraphQL::Types::ID,
required: true,
description: 'Project full path the branch is associated with.'
argument :name, GraphQL::Types::String,
required: true,
description: 'Name of the branch.'
field :branch,
Types::BranchType,
null: true,
description: 'Branch after mutation.'
authorize :push_code
def resolve(project_path:, name:)
project = authorized_find!(project_path)
result = ::Branches::DeleteService.new(project, current_user).execute(name)
{
branch: (result.payload[:branch] if result.error?),
errors: result.errors
}
end
end
end
end

2
app/graphql/mutations/projects/blobs_remove.rb
View File

@ -31,7 +31,7 @@ module Mutations
def resolve(project_path:, blob_oids:)
project = authorized_find!(project_path)
result = Repositories::RewriteHistoryService.new(project, current_user).async_execute(blob_oids: blob_oids)
result = ::Repositories::RewriteHistoryService.new(project, current_user).async_execute(blob_oids: blob_oids)
return { errors: result.errors } if result.error?

3
app/graphql/mutations/projects/text_replace.rb
View File

@ -40,7 +40,8 @@ module Mutations
def resolve(project_path:, replacements:)
project = authorized_find!(project_path)
result = Repositories::RewriteHistoryService.new(project, current_user).async_execute(redactions: replacements)
result = ::Repositories::RewriteHistoryService.new(project, current_user)
.async_execute(redactions: replacements)
return { errors: result.errors } if result.error?

45
app/graphql/mutations/repositories/branches/create.rb Normal file
View File

@ -0,0 +1,45 @@
# frozen_string_literal: true
module Mutations
module Repositories
module Branches
class Create < BaseMutation
graphql_name 'CreateBranch'
include FindsProject
argument :project_path, GraphQL::Types::ID,
required: true,
description: 'Project full path the branch is associated with.'
argument :name, GraphQL::Types::String,
required: true,
description: 'Name of the branch.'
argument :ref,
GraphQL::Types::String,
required: true,
description: 'Branch name or commit SHA to create branch from.'
field :branch,
Types::BranchType,
null: true,
description: 'Branch after mutation.'
authorize :push_code
def resolve(project_path:, name:, ref:)
project = authorized_find!(project_path)
result = ::Branches::CreateService.new(project, current_user)
.execute(name, ref)
{
branch: (result[:branch] if result[:status] == :success),
errors: Array.wrap(result[:message])
}
end
end
end
end
end

39
app/graphql/mutations/repositories/branches/delete.rb Normal file
View File

@ -0,0 +1,39 @@
# frozen_string_literal: true
module Mutations
module Repositories
module Branches
class Delete < BaseMutation
graphql_name 'BranchDelete'
include FindsProject
argument :project_path, GraphQL::Types::ID,
required: true,
description: 'Project full path the branch is associated with.'
argument :name, GraphQL::Types::String,
required: true,
description: 'Name of the branch.'
field :branch,
Types::BranchType,
null: true,
description: 'Branch after mutation.'
authorize :push_code
def resolve(project_path:, name:)
project = authorized_find!(project_path)
result = ::Branches::DeleteService.new(project, current_user).execute(name)
{
branch: (result.payload[:branch] if result.error?),
errors: result.errors
}
end
end
end
end
end

21
app/graphql/types/container_registry/protection/tag_rule_access_level_enum.rb Normal file
View File

@ -0,0 +1,21 @@
# frozen_string_literal: true
module Types
module ContainerRegistry
module Protection
class TagRuleAccessLevelEnum < BaseEnum
graphql_name 'ContainerProtectionTagRuleAccessLevel'
description 'Access level of a container registry tag protection rule resource'
::ContainerRegistry::Protection::TagRule::ACCESS_LEVELS.each_key do |access_level_key|
access_level_key = access_level_key.to_s
value access_level_key.upcase,
value: access_level_key,
experiment: { milestone: '17.8' },
description: "#{access_level_key.capitalize} access."
end
end
end
end
end

51
app/graphql/types/container_registry/protection/tag_rule_type.rb Normal file
View File

@ -0,0 +1,51 @@
# frozen_string_literal: true
module Types
module ContainerRegistry
module Protection
class TagRuleType < ::Types::BaseObject
graphql_name 'ContainerProtectionTagRule'
description 'A container repository tag protection rule designed to prevent users with a certain ' \
'access level or lower from altering the container registry.'
authorize :admin_container_image
field :id,
::Types::GlobalIDType[::ContainerRegistry::Protection::TagRule],
null: false,
experiment: { milestone: '17.8' },
description: 'ID of the container repository tag protection rule.'
field :tag_name_pattern,
GraphQL::Types::String,
null: false,
experiment: { milestone: '17.8' },
description:
'Container repository tag name pattern protected by the protection rule. ' \
'For example, `v1.*`. Wildcard character `*` allowed.'
# rubocop:disable GraphQL/ExtractType -- These are stored as separate fields
field :minimum_access_level_for_delete,
Types::ContainerRegistry::Protection::TagRuleAccessLevelEnum,
null: true,
experiment: { milestone: '17.8' },
description:
'Minimum GitLab access level required to delete container image tags from the container repository. ' \
'For example, `MAINTAINER`, `OWNER`, or `ADMIN`. ' \
'If the value is `nil`, the minimum access level is ignored. ' \
'Users with at least the Developer role can delete container image tags.'
field :minimum_access_level_for_push,
Types::ContainerRegistry::Protection::TagRuleAccessLevelEnum,
null: true,
experiment: { milestone: '17.8' },
description:
'Minimum GitLab access level required to push container image tags to the container repository. ' \
'For example, `MAINTAINER`, `OWNER`, or `ADMIN`. ' \
'If the value is `nil`, the minimum access level is ignored. ' \
'Users with at least the Developer role can push container image tags.'
# rubocop:enable GraphQL/ExtractType -- These are stored as user preferences
end
end
end
end

4
app/graphql/types/mutation_type.rb
View File

@ -39,8 +39,8 @@ module Types
mount_mutation Mutations::Boards::Lists::Create
mount_mutation Mutations::Boards::Lists::Update
mount_mutation Mutations::Boards::Lists::Destroy
mount_mutation Mutations::Branches::Create, calls_gitaly: true
mount_mutation Mutations::Branches::Delete, calls_gitaly: true
mount_mutation Mutations::Repositories::Branches::Create, calls_gitaly: true
mount_mutation Mutations::Repositories::Branches::Delete, calls_gitaly: true
mount_mutation Mutations::Clusters::Agents::Create
mount_mutation Mutations::Clusters::Agents::Delete
mount_mutation Mutations::Clusters::AgentTokens::Create

13
app/graphql/types/project_type.rb
View File

@ -529,6 +529,13 @@ module Types
experiment: { milestone: '16.10' },
resolver: Resolvers::ProjectContainerRegistryProtectionRulesResolver
field :container_protection_tag_rules,
Types::ContainerRegistry::Protection::TagRuleType.connection_type,
null: true,
experiment: { milestone: '17.8' },
description: 'Container repository tag protection rules for the project. ' \
'Returns an empty array if the `container_registry_protected_tags` feature flag is disabled.'
field :container_repositories, Types::ContainerRegistry::ContainerRepositoryType.connection_type,
null: true,
description: 'Container repositories of the project.',
@ -939,6 +946,12 @@ module Types
)
end
def container_protection_tag_rules
return [] unless Feature.enabled?(:container_registry_protected_tags, object)
object.container_registry_protection_tag_rules
end
private
def project

2
app/models/ci/bridge.rb
View File

@ -90,7 +90,7 @@ module Ci
def self.clone_accessors
%i[pipeline project ref tag options name
allow_failure stage stage_idx
allow_failure stage_idx
yaml_variables when environment description needs_attributes
scheduling_type ci_stage partition_id].freeze
end

4
app/models/ci/build.rb
View File

@ -165,7 +165,7 @@ module Ci
scope :eager_load_for_archiving_trace, -> { preload(:project, :pending_state) }
scope :eager_load_for_api, -> do
preload(
:job_artifacts_archive, :job_artifacts, :runner, :tags, :runner_manager, :metadata,
:job_artifacts_archive, :ci_stage, :job_artifacts, :runner, :tags, :runner_manager, :metadata,
pipeline: :project,
user: [:user_preference, :user_detail, :followees]
)
@ -263,7 +263,7 @@ module Ci
def clone_accessors
%i[pipeline project ref tag options name
allow_failure stage stage_idx trigger_request
allow_failure stage_idx trigger_request
yaml_variables when environment coverage_regex
description tag_list protected needs_attributes
job_variables_attributes resource_group scheduling_type

5
app/models/ci/pipeline.rb
View File

@ -608,7 +608,7 @@ module Ci
end
def stages_count
statuses.select(:stage).distinct.count
stages.count
end
def total_size
@ -624,8 +624,7 @@ module Ci
end
def stages_names
statuses.order(:stage_idx).distinct
.pluck(:stage, :stage_idx).map(&:first)
stages.order(:position).pluck(:name)
end
def ref_exists?

7
app/models/ci/runner.rb
View File

@ -109,11 +109,8 @@ module Ci
scope :stale, -> do
stale_timestamp = stale_deadline
created_before_stale_deadline = arel_table[:created_at].lteq(stale_timestamp)
contacted_before_stale_deadline = arel_table[:contacted_at].lteq(stale_timestamp)
never_contacted = arel_table[:contacted_at].eq(nil)
where(created_before_stale_deadline).where(never_contacted.or(contacted_before_stale_deadline))
where(created_at: ..stale_timestamp)
.and(never_contacted.or(where(contacted_at: ..stale_timestamp)))
end
scope :ordered, -> { order(id: :desc) }

7
app/models/ci/runner_manager.rb
View File

@ -73,14 +73,11 @@ module Ci
scope :stale, -> do
stale_timestamp = stale_deadline
created_before_stale_deadline = arel_table[:created_at].lteq(stale_timestamp)
contacted_before_stale_deadline = arel_table[:contacted_at].lteq(stale_timestamp)
from_union(
never_contacted,
where(contacted_before_stale_deadline),
where(contacted_at: ..stale_timestamp),
remove_duplicates: false
).where(created_before_stale_deadline)
).where(created_at: ..stale_timestamp)
end
scope :for_runner, ->(runner) do

5
app/models/commit_status.rb
View File

@ -9,6 +9,8 @@ class CommitStatus < Ci::ApplicationRecord
include BulkInsertableAssociations
include TaggableQueries
ignore_columns :stage, remove_with: '17.10', remove_after: '2025-03-14'
self.table_name = :p_ci_builds
self.sequence_name = :ci_builds_id_seq
self.primary_key = :id
@ -344,6 +346,9 @@ class CommitStatus < Ci::ApplicationRecord
ci_stage&.name
end
# TODO: Temporary technical debt so we can ignore `stage`: https://gitlab.com/gitlab-org/gitlab/-/issues/507579
alias_method :stage, :stage_name
# Handled only by ci_build
def exit_code=(value); end

2
app/models/concerns/ci/has_runner_status.rb
View File

@ -5,7 +5,7 @@ module Ci
extend ActiveSupport::Concern
included do
scope :offline, -> { where(arel_table[:contacted_at].lteq(online_contact_time_deadline)) }
scope :offline, -> { where(contacted_at: ..online_contact_time_deadline) }
scope :never_contacted, -> { where(contacted_at: nil) }
scope :online, -> { where(arel_table[:contacted_at].gt(online_contact_time_deadline)) }

9
app/policies/container_registry/protection/tag_rule_policy.rb Normal file
View File

@ -0,0 +1,9 @@
# frozen_string_literal: true
module ContainerRegistry
module Protection
class TagRulePolicy < BasePolicy
delegate { @subject.project }
end
end
end

1
app/services/ci/create_commit_status_service.rb
View File

@ -109,7 +109,6 @@ module Ci
protected: project.protected_for?(ref),
ci_stage: stage,
stage_idx: stage.position,
stage: 'external',
partition_id: pipeline.partition_id
).tap do |new_commit_status|
new_commit_status.assign_attributes(optional_commit_status_params)

1
app/services/projects/update_pages_service.rb
View File

@ -77,7 +77,6 @@ module Projects
user: build.user,
ci_stage: stage,
name: 'pages:deploy',
stage: 'deploy',
stage_idx: stage.position
)
end

4
app/views/layouts/header/_openssl_callout.html.haml
View File

@ -1,8 +1,8 @@
- return unless show_openssl_callout?
-# rubocop:disable Gitlab/DocUrl -- This documentation section is only available in version 17.4 onward in GitLab.com.
-# rubocop:disable Gitlab/DocumentationLinks/HardcodedUrl -- This documentation section is only available in version 17.4 onward in GitLab.com.
- link = link_to('', 'https://docs.gitlab.com/ee/update/versions/gitlab_17_changes.html#1770', target: '_blank', rel: 'noopener noreferrer')
-# rubocop:enable Gitlab/DocUrl
-# rubocop:enable Gitlab/DocumentationLinks/HardcodedUrl
- message = safe_format(_('Starting with GitLab 17.7, OpenSSL 3 will be used. All TLS connections require TLS 1.2 or higher. Weaker ciphers are no longer supported. Encryption must have at least of 112 bits of security. %{link_start}Learn more%{link_end}.'), tag_pair(link, :link_start, :link_end))
= render Pajamas::AlertComponent.new(title: _('OpenSSL version 3'),

2
app/views/shared/_visibility_radios.html.haml
View File

@ -7,7 +7,7 @@
- elsif disallowed_visibility_level_by_parent?(form_model, level)
= s_('VisibilityLevel|This visibility level is not allowed because the parent group has a more restrictive visibility level.')
- elsif disallowed_visibility_level_by_projects?(form_model, level) || disallowed_visibility_level_by_sub_groups?(form_model, level)
- learn_more_link_start = '<a href="https://docs.gitlab.com/ee/user/public_access" target="_blank" rel="noopener noreferrer">'.html_safe # rubocop:disable Gitlab/DocUrl -- Not referencing this rails application; it is referencing another doc
- learn_more_link_start = '<a href="https://docs.gitlab.com/ee/user/public_access" target="_blank" rel="noopener noreferrer">'.html_safe # rubocop:disable Gitlab/DocumentationLinks/HardcodedUrl -- Not referencing this rails application; it is referencing another doc
- learn_more_link_end = '</a>'.html_safe
= s_('VisibilityLevel|This visibility level is not allowed because a child of %{group_name} has a less restrictive visibility level. %{learn_more_link_start}Learn more%{learn_more_link_end}.').html_safe % { group_name: form_model.name, learn_more_link_start: learn_more_link_start, learn_more_link_end: learn_more_link_end }

4
config/initializers/safe_session_store_patch.rb
View File

@ -30,11 +30,11 @@ module Rack
def []=(key, value)
unless safe_object?(value)
# rubocop:disable Gitlab/DocUrl
# rubocop:disable Gitlab/DocumentationLinks/HardcodedUrl
raise "Session attempted to store type #{value.class} with key '#{key}': #{value.inspect}.\n" \
"Serializing novel Ruby objects can cause uninitialized constants in mixed deployments.\n" \
"See https://docs.gitlab.com/ee/development/multi_version_compatibility.html"
# rubocop:enable Gitlab/DocUrl
# rubocop:enable Gitlab/DocumentationLinks/HardcodedUrl
end
super

8
db/docs/batched_background_migrations/backfill_bulk_import_export_uploads_group_id.yml Normal file
View File

@ -0,0 +1,8 @@
---
migration_job_name: BackfillBulkImportExportUploadsGroupId
description: Backfills sharding key `bulk_import_export_uploads.group_id` from `bulk_import_exports`.
feature_category: importers
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175723
milestone: '17.8'
queued_migration_version: 20241213150054
finalized_by: # version of the migration that finalized this BBM

8
db/docs/batched_background_migrations/backfill_bulk_import_export_uploads_project_id.yml Normal file
View File

@ -0,0 +1,8 @@
---
migration_job_name: BackfillBulkImportExportUploadsProjectId
description: Backfills sharding key `bulk_import_export_uploads.project_id` from `bulk_import_exports`.
feature_category: importers
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175723
milestone: '17.8'
queued_migration_version: 20241213150049
finalized_by: # version of the migration that finalized this BBM

8
db/docs/batched_background_migrations/backfill_issuable_slas_namespace_id.yml Normal file
View File

@ -0,0 +1,8 @@
---
migration_job_name: BackfillIssuableSlasNamespaceId
description: Backfills sharding key `issuable_slas.namespace_id` from `issues`.
feature_category: incident_management
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175719
milestone: '17.8'
queued_migration_version: 20241213142263
finalized_by: # version of the migration that finalized this BBM

3
db/docs/bulk_import_export_uploads.yml
View File

@ -27,3 +27,6 @@ desired_sharding_key:
sharding_key: group_id
belongs_to: export
table_size: small
desired_sharding_key_migration_job_name:
- BackfillBulkImportExportUploadsProjectId
- BackfillBulkImportExportUploadsGroupId

1
db/docs/issuable_slas.yml
View File

@ -18,3 +18,4 @@ desired_sharding_key:
sharding_key: namespace_id
belongs_to: issue
table_size: small
desired_sharding_key_migration_job_name: BackfillIssuableSlasNamespaceId

9
db/migrate/20241213142259_add_namespace_id_to_issuable_slas.rb Normal file
View File

@ -0,0 +1,9 @@
# frozen_string_literal: true
class AddNamespaceIdToIssuableSlas < Gitlab::Database::Migration[2.2]
milestone '17.8'
def change
add_column :issuable_slas, :namespace_id, :bigint
end
end

9
db/migrate/20241213150045_add_project_id_to_bulk_import_export_uploads.rb Normal file
View File

@ -0,0 +1,9 @@
# frozen_string_literal: true
class AddProjectIdToBulkImportExportUploads < Gitlab::Database::Migration[2.2]
milestone '17.8'
def change
add_column :bulk_import_export_uploads, :project_id, :bigint
end
end

9
db/migrate/20241213150050_add_group_id_to_bulk_import_export_uploads.rb Normal file
View File

@ -0,0 +1,9 @@
# frozen_string_literal: true
class AddGroupIdToBulkImportExportUploads < Gitlab::Database::Migration[2.2]
milestone '17.8'
def change
add_column :bulk_import_export_uploads, :group_id, :bigint
end
end

15
db/post_migrate/20241204050830_queue_backfill_p_ci_pipelines_trigger_id.rb
View File

@ -2,23 +2,14 @@
class QueueBackfillPCiPipelinesTriggerId < Gitlab::Database::Migration[2.2]
milestone '17.7'
restrict_gitlab_migration gitlab_schema: :gitlab_ci
TABLE = :ci_trigger_requests
PRIMARY_KEY = :id
MIGRATION = "BackfillPCiPipelinesTriggerId"
DELAY_INTERVAL = 2.minutes
def up
queue_batched_background_migration(
MIGRATION, TABLE, PRIMARY_KEY, job_interval: DELAY_INTERVAL
)
# no-op
# see RequeueBackfillPCiPipelinesTriggerId
end
def down
delete_batched_background_migration(
MIGRATION, TABLE, PRIMARY_KEY, []
)
# no-op
end
end

16
db/post_migrate/20241213142260_index_issuable_slas_on_namespace_id.rb Normal file
View File

@ -0,0 +1,16 @@
# frozen_string_literal: true
class IndexIssuableSlasOnNamespaceId < Gitlab::Database::Migration[2.2]
milestone '17.8'
disable_ddl_transaction!
INDEX_NAME = 'index_issuable_slas_on_namespace_id'
def up
add_concurrent_index :issuable_slas, :namespace_id, name: INDEX_NAME
end
def down
remove_concurrent_index_by_name :issuable_slas, INDEX_NAME
end
end

16
db/post_migrate/20241213142261_add_issuable_slas_namespace_id_fk.rb Normal file
View File

@ -0,0 +1,16 @@
# frozen_string_literal: true
class AddIssuableSlasNamespaceIdFk < Gitlab::Database::Migration[2.2]
milestone '17.8'
disable_ddl_transaction!
def up
add_concurrent_foreign_key :issuable_slas, :namespaces, column: :namespace_id, on_delete: :cascade
end
def down
with_lock_retries do
remove_foreign_key :issuable_slas, column: :namespace_id
end
end
end

25
db/post_migrate/20241213142262_add_issuable_slas_namespace_id_trigger.rb Normal file
View File

@ -0,0 +1,25 @@
# frozen_string_literal: true
class AddIssuableSlasNamespaceIdTrigger < Gitlab::Database::Migration[2.2]
milestone '17.8'
def up
install_sharding_key_assignment_trigger(
table: :issuable_slas,
sharding_key: :namespace_id,
parent_table: :issues,
parent_sharding_key: :namespace_id,
foreign_key: :issue_id
)
end
def down
remove_sharding_key_assignment_trigger(
table: :issuable_slas,
sharding_key: :namespace_id,
parent_table: :issues,
parent_sharding_key: :namespace_id,
foreign_key: :issue_id
)
end
end

40
db/post_migrate/20241213142263_queue_backfill_issuable_slas_namespace_id.rb Normal file
View File

@ -0,0 +1,40 @@
# frozen_string_literal: true
class QueueBackfillIssuableSlasNamespaceId < Gitlab::Database::Migration[2.2]
milestone '17.8'
restrict_gitlab_migration gitlab_schema: :gitlab_main_cell
MIGRATION = "BackfillIssuableSlasNamespaceId"
DELAY_INTERVAL = 2.minutes
BATCH_SIZE = 1000
SUB_BATCH_SIZE = 100
def up
queue_batched_background_migration(
MIGRATION,
:issuable_slas,
:id,
:namespace_id,
:issues,
:namespace_id,
:issue_id,
job_interval: DELAY_INTERVAL,
batch_size: BATCH_SIZE,
sub_batch_size: SUB_BATCH_SIZE
)
end
def down
delete_batched_background_migration(
MIGRATION,
:issuable_slas,
:id,
[
:namespace_id,
:issues,
:namespace_id,
:issue_id
]
)
end
end

16
db/post_migrate/20241213150046_index_bulk_import_export_uploads_on_project_id.rb Normal file
View File

@ -0,0 +1,16 @@
# frozen_string_literal: true
class IndexBulkImportExportUploadsOnProjectId < Gitlab::Database::Migration[2.2]
milestone '17.8'
disable_ddl_transaction!
INDEX_NAME = 'index_bulk_import_export_uploads_on_project_id'
def up
add_concurrent_index :bulk_import_export_uploads, :project_id, name: INDEX_NAME
end
def down
remove_concurrent_index_by_name :bulk_import_export_uploads, INDEX_NAME
end
end

16
db/post_migrate/20241213150047_add_bulk_import_export_uploads_project_id_fk.rb Normal file
View File

@ -0,0 +1,16 @@
# frozen_string_literal: true
class AddBulkImportExportUploadsProjectIdFk < Gitlab::Database::Migration[2.2]
milestone '17.8'
disable_ddl_transaction!
def up
add_concurrent_foreign_key :bulk_import_export_uploads, :projects, column: :project_id, on_delete: :cascade
end
def down
with_lock_retries do
remove_foreign_key :bulk_import_export_uploads, column: :project_id
end
end
end

25
db/post_migrate/20241213150048_add_bulk_import_export_uploads_project_id_trigger.rb Normal file
View File

@ -0,0 +1,25 @@
# frozen_string_literal: true
class AddBulkImportExportUploadsProjectIdTrigger < Gitlab::Database::Migration[2.2]
milestone '17.8'
def up
install_sharding_key_assignment_trigger(
table: :bulk_import_export_uploads,
sharding_key: :project_id,
parent_table: :bulk_import_exports,
parent_sharding_key: :project_id,
foreign_key: :export_id
)
end
def down
remove_sharding_key_assignment_trigger(
table: :bulk_import_export_uploads,
sharding_key: :project_id,
parent_table: :bulk_import_exports,
parent_sharding_key: :project_id,
foreign_key: :export_id
)
end
end

40
db/post_migrate/20241213150049_queue_backfill_bulk_import_export_uploads_project_id.rb Normal file
View File

@ -0,0 +1,40 @@
# frozen_string_literal: true
class QueueBackfillBulkImportExportUploadsProjectId < Gitlab::Database::Migration[2.2]
milestone '17.8'
restrict_gitlab_migration gitlab_schema: :gitlab_main_cell
MIGRATION = "BackfillBulkImportExportUploadsProjectId"
DELAY_INTERVAL = 2.minutes
BATCH_SIZE = 1000
SUB_BATCH_SIZE = 100
def up
queue_batched_background_migration(
MIGRATION,
:bulk_import_export_uploads,
:id,
:project_id,
:bulk_import_exports,
:project_id,
:export_id,
job_interval: DELAY_INTERVAL,
batch_size: BATCH_SIZE,
sub_batch_size: SUB_BATCH_SIZE
)
end
def down
delete_batched_background_migration(
MIGRATION,
:bulk_import_export_uploads,
:id,
[
:project_id,
:bulk_import_exports,
:project_id,
:export_id
]
)
end
end

16
db/post_migrate/20241213150051_index_bulk_import_export_uploads_on_group_id.rb Normal file
View File

@ -0,0 +1,16 @@
# frozen_string_literal: true
class IndexBulkImportExportUploadsOnGroupId < Gitlab::Database::Migration[2.2]
milestone '17.8'
disable_ddl_transaction!
INDEX_NAME = 'index_bulk_import_export_uploads_on_group_id'
def up
add_concurrent_index :bulk_import_export_uploads, :group_id, name: INDEX_NAME
end
def down
remove_concurrent_index_by_name :bulk_import_export_uploads, INDEX_NAME
end
end

16
db/post_migrate/20241213150052_add_bulk_import_export_uploads_group_id_fk.rb Normal file
View File

@ -0,0 +1,16 @@
# frozen_string_literal: true
class AddBulkImportExportUploadsGroupIdFk < Gitlab::Database::Migration[2.2]
milestone '17.8'
disable_ddl_transaction!
def up
add_concurrent_foreign_key :bulk_import_export_uploads, :namespaces, column: :group_id, on_delete: :cascade
end
def down
with_lock_retries do
remove_foreign_key :bulk_import_export_uploads, column: :group_id
end
end
end

25
db/post_migrate/20241213150053_add_bulk_import_export_uploads_group_id_trigger.rb Normal file
View File

@ -0,0 +1,25 @@
# frozen_string_literal: true
class AddBulkImportExportUploadsGroupIdTrigger < Gitlab::Database::Migration[2.2]
milestone '17.8'
def up
install_sharding_key_assignment_trigger(
table: :bulk_import_export_uploads,
sharding_key: :group_id,
parent_table: :bulk_import_exports,
parent_sharding_key: :group_id,
foreign_key: :export_id
)
end
def down
remove_sharding_key_assignment_trigger(
table: :bulk_import_export_uploads,
sharding_key: :group_id,
parent_table: :bulk_import_exports,
parent_sharding_key: :group_id,
foreign_key: :export_id
)
end
end

40
db/post_migrate/20241213150054_queue_backfill_bulk_import_export_uploads_group_id.rb Normal file
View File

@ -0,0 +1,40 @@
# frozen_string_literal: true
class QueueBackfillBulkImportExportUploadsGroupId < Gitlab::Database::Migration[2.2]
milestone '17.8'
restrict_gitlab_migration gitlab_schema: :gitlab_main_cell
MIGRATION = "BackfillBulkImportExportUploadsGroupId"
DELAY_INTERVAL = 2.minutes
BATCH_SIZE = 1000
SUB_BATCH_SIZE = 100
def up
queue_batched_background_migration(
MIGRATION,
:bulk_import_export_uploads,
:id,
:group_id,
:bulk_import_exports,
:group_id,
:export_id,
job_interval: DELAY_INTERVAL,
batch_size: BATCH_SIZE,
sub_batch_size: SUB_BATCH_SIZE
)
end
def down
delete_batched_background_migration(
MIGRATION,
:bulk_import_export_uploads,
:id,
[
:group_id,
:bulk_import_exports,
:group_id,
:export_id
]
)
end
end

20
db/post_migrate/20241216064063_prepare_async_tmp_index_for_builds_trigger_request_id.rb Normal file
View File

@ -0,0 +1,20 @@
# frozen_string_literal: true
class PrepareAsyncTmpIndexForBuildsTriggerRequestId < Gitlab::Database::Migration[2.2]
include Gitlab::Database::PartitioningMigrationHelpers
milestone '17.8'
TABLE = :p_ci_builds
COLUMN = :trigger_request_id
INDEX_NAME = :tmp_p_ci_builds_trigger_request_id_idx
WHERE = 'trigger_request_id IS NOT NULL'
def up
prepare_partitioned_async_index(TABLE, COLUMN, name: INDEX_NAME, where: WHERE)
end
def down
unprepare_partitioned_async_index(TABLE, COLUMN, name: INDEX_NAME)
end
end

21
db/post_migrate/20241216064401_remove_backfill_p_ci_pipelines_trigger_id.rb Normal file
View File

@ -0,0 +1,21 @@
# frozen_string_literal: true
class RemoveBackfillPCiPipelinesTriggerId < Gitlab::Database::Migration[2.2]
milestone '17.8'
restrict_gitlab_migration gitlab_schema: :gitlab_ci
TABLE = :ci_trigger_requests
PRIMARY_KEY = :id
MIGRATION = "BackfillPCiPipelinesTriggerId"
def up
# Clear previous background migration execution from QueueBackfillPCiPipelinesTriggerId
delete_batched_background_migration(
MIGRATION, TABLE, PRIMARY_KEY, []
)
end
def down
# no-op
end
end

1
db/schema_migrations/20241213142259 Normal file
View File

@ -0,0 +1 @@
974aaa995416645bb17f250224e2eda3327dc94c9f2194e11219624f4cf37efc

1
db/schema_migrations/20241213142260 Normal file
View File

@ -0,0 +1 @@
3c0f16d01dc521e3032111746b0b2469378548b8d5c80e5e9c3355cec6ad1fed

1
db/schema_migrations/20241213142261 Normal file
View File

@ -0,0 +1 @@
7e19b2234f7bfb386d2e39d5da33de45bd51d3d9d4fb560f70e3eedaa687163b

1
db/schema_migrations/20241213142262 Normal file
View File

@ -0,0 +1 @@
a79a7f0b9972a57e5a73e19fa46457f6e84a00e5c81ba22d2691c88de95bea13

1
db/schema_migrations/20241213142263 Normal file
View File

@ -0,0 +1 @@
7c9d3234710dcccae97cd6a15eb1777fedb687eec2e8123b059d63db6e5b99af

1
db/schema_migrations/20241213150045 Normal file
View File

@ -0,0 +1 @@
1f05ebd14030efcc79a88a09a16c954d30f30032fce39068e23e8d9bf45b5ba7

1
db/schema_migrations/20241213150046 Normal file
View File

@ -0,0 +1 @@
94d04e41dd8d681dea88a6828bf4f27c5812938dbf4436ae5ad81478b1c23fc4

1
db/schema_migrations/20241213150047 Normal file
View File

@ -0,0 +1 @@
cd31480390b905bba738eef4ac28e1fb392881a3097f6c69fa427dc85b7bc93a

1
db/schema_migrations/20241213150048 Normal file
View File

@ -0,0 +1 @@
8c3064d90d9fc6cf33aa8685c634ff8c37934453075870b151a372f09aee8ee4

1
db/schema_migrations/20241213150049 Normal file
View File

@ -0,0 +1 @@
c343e40451fe18fd57ce80a450a79bd8e7fb4d4e2b4166bcd260835d2dfa7579

1
db/schema_migrations/20241213150050 Normal file
View File

@ -0,0 +1 @@
7baaad2cc55cc1922708e1cf5cd0bcf465e4fe34f2d067e555966aa8c1a62107

1
db/schema_migrations/20241213150051 Normal file
View File

@ -0,0 +1 @@
d93e4a954c0ca17c77f713fc4548fd9e18a249b1e3a63ba84f3670b6060ee638

1
db/schema_migrations/20241213150052 Normal file
View File

@ -0,0 +1 @@
837067ba8e1b2d7d55caf3658f76e4c18d23a365a1817279ec2cabc95ceebbb6

1
db/schema_migrations/20241213150053 Normal file
View File

@ -0,0 +1 @@
4b156e2d2d5ac4bb2bdb45e1220f7791d659eec1564b54d5dfda2b91f2863d00

1
db/schema_migrations/20241213150054 Normal file
View File

@ -0,0 +1 @@
9bfe6e1f2ab40cf4e182d87a1d769c7ac377246f51d11b3f0f569dfa937035f9

1
db/schema_migrations/20241216064063 Normal file
View File

@ -0,0 +1 @@
c6a2369b52b69d2a3abf87a9b6243d7210fc93de58306751f759f8812ffdc60f

1
db/schema_migrations/20241216064401 Normal file
View File

@ -0,0 +1 @@
50d703d2f3ef6ac8ee353dd8de693a2d3d225e7166cf86366d2078766dc16487

74
db/structure.sql
View File

@ -1111,6 +1111,22 @@ RETURN NEW;
END
$$;
CREATE FUNCTION trigger_0d96daa4d734() RETURNS trigger
LANGUAGE plpgsql
AS $$
BEGIN
IF NEW."group_id" IS NULL THEN
SELECT "group_id"
INTO NEW."group_id"
FROM "bulk_import_exports"
WHERE "bulk_import_exports"."id" = NEW."export_id";
END IF;
RETURN NEW;
END
$$;
CREATE FUNCTION trigger_0da002390fdc() RETURNS trigger
LANGUAGE plpgsql
AS $$
@ -1801,6 +1817,22 @@ RETURN NEW;
END
$$;
CREATE FUNCTION trigger_4cc5c3ac4d7f() RETURNS trigger
LANGUAGE plpgsql
AS $$
BEGIN
IF NEW."project_id" IS NULL THEN
SELECT "project_id"
INTO NEW."project_id"
FROM "bulk_import_exports"
WHERE "bulk_import_exports"."id" = NEW."export_id";
END IF;
RETURN NEW;
END
$$;
CREATE FUNCTION trigger_54707c384ad7() RETURNS trigger
LANGUAGE plpgsql
AS $$
@ -2838,6 +2870,22 @@ RETURN NEW;
END
$$;
CREATE FUNCTION trigger_cd50823537a3() RETURNS trigger
LANGUAGE plpgsql
AS $$
BEGIN
IF NEW."namespace_id" IS NULL THEN
SELECT "namespace_id"
INTO NEW."namespace_id"
FROM "issues"
WHERE "issues"."id" = NEW."issue_id";
END IF;
RETURN NEW;
END
$$;
CREATE FUNCTION trigger_cf646a118cbb() RETURNS trigger
LANGUAGE plpgsql
AS $$
@ -8725,6 +8773,8 @@ CREATE TABLE bulk_import_export_uploads (
updated_at timestamp with time zone NOT NULL,
export_file text,
batch_id bigint,
project_id bigint,
group_id bigint,
CONSTRAINT check_5add76239d CHECK ((char_length(export_file) <= 255))
);
@ -13902,7 +13952,8 @@ CREATE TABLE issuable_slas (
issue_id bigint NOT NULL,
due_at timestamp with time zone NOT NULL,
label_applied boolean DEFAULT false NOT NULL,
issuable_closed boolean DEFAULT false NOT NULL
issuable_closed boolean DEFAULT false NOT NULL,
namespace_id bigint
);
CREATE SEQUENCE issuable_slas_id_seq
@ -29644,6 +29695,10 @@ CREATE INDEX index_bulk_import_entities_on_project_id ON bulk_import_entities US
CREATE INDEX index_bulk_import_export_uploads_on_export_id ON bulk_import_export_uploads USING btree (export_id);
CREATE INDEX index_bulk_import_export_uploads_on_group_id ON bulk_import_export_uploads USING btree (group_id);
CREATE INDEX index_bulk_import_export_uploads_on_project_id ON bulk_import_export_uploads USING btree (project_id);
CREATE INDEX index_bulk_import_exports_on_group_id ON bulk_import_exports USING btree (group_id);
CREATE INDEX index_bulk_import_exports_on_project_id ON bulk_import_exports USING btree (project_id);
@ -31060,6 +31115,8 @@ CREATE INDEX index_issuable_slas_on_due_at_id_label_applied_issuable_closed ON i
CREATE UNIQUE INDEX index_issuable_slas_on_issue_id ON issuable_slas USING btree (issue_id);
CREATE INDEX index_issuable_slas_on_namespace_id ON issuable_slas USING btree (namespace_id);
CREATE INDEX index_issue_assignees_on_user_id_and_issue_id ON issue_assignees USING btree (user_id, issue_id);
CREATE INDEX index_issue_assignment_events_on_namespace_id ON issue_assignment_events USING btree (namespace_id);
@ -35710,6 +35767,8 @@ CREATE TRIGGER trigger_0aea02e5a699 BEFORE INSERT OR UPDATE ON protected_branch_
CREATE TRIGGER trigger_0c326daf67cf BEFORE INSERT OR UPDATE ON analytics_cycle_analytics_value_stream_settings FOR EACH ROW EXECUTE FUNCTION trigger_0c326daf67cf();
CREATE TRIGGER trigger_0d96daa4d734 BEFORE INSERT OR UPDATE ON bulk_import_export_uploads FOR EACH ROW EXECUTE FUNCTION trigger_0d96daa4d734();
CREATE TRIGGER trigger_0da002390fdc BEFORE INSERT OR UPDATE ON operations_feature_flags_issues FOR EACH ROW EXECUTE FUNCTION trigger_0da002390fdc();
CREATE TRIGGER trigger_0e13f214e504 BEFORE INSERT OR UPDATE ON merge_request_assignment_events FOR EACH ROW EXECUTE FUNCTION trigger_0e13f214e504();
@ -35794,6 +35853,8 @@ CREATE TRIGGER trigger_4ad9a52a6614 BEFORE INSERT OR UPDATE ON sbom_occurrences_
CREATE TRIGGER trigger_4b43790d717f BEFORE INSERT OR UPDATE ON protected_environment_approval_rules FOR EACH ROW EXECUTE FUNCTION trigger_4b43790d717f();
CREATE TRIGGER trigger_4cc5c3ac4d7f BEFORE INSERT OR UPDATE ON bulk_import_export_uploads FOR EACH ROW EXECUTE FUNCTION trigger_4cc5c3ac4d7f();
CREATE TRIGGER trigger_54707c384ad7 BEFORE INSERT OR UPDATE ON security_orchestration_policy_rule_schedules FOR EACH ROW EXECUTE FUNCTION trigger_54707c384ad7();
CREATE TRIGGER trigger_56d49f4ed623 BEFORE INSERT OR UPDATE ON workspace_variables FOR EACH ROW EXECUTE FUNCTION trigger_56d49f4ed623();
@ -35924,6 +35985,8 @@ CREATE TRIGGER trigger_cac7c0698291 BEFORE INSERT OR UPDATE ON evidences FOR EAC
CREATE TRIGGER trigger_catalog_resource_sync_event_on_project_update AFTER UPDATE ON projects FOR EACH ROW WHEN ((((old.name)::text IS DISTINCT FROM (new.name)::text) OR (old.description IS DISTINCT FROM new.description) OR (old.visibility_level IS DISTINCT FROM new.visibility_level))) EXECUTE FUNCTION insert_catalog_resource_sync_event();
CREATE TRIGGER trigger_cd50823537a3 BEFORE INSERT OR UPDATE ON issuable_slas FOR EACH ROW EXECUTE FUNCTION trigger_cd50823537a3();
CREATE TRIGGER trigger_cf646a118cbb BEFORE INSERT OR UPDATE ON milestone_releases FOR EACH ROW EXECUTE FUNCTION trigger_cf646a118cbb();
CREATE TRIGGER trigger_d4487a75bd44 BEFORE INSERT OR UPDATE ON terraform_state_versions FOR EACH ROW EXECUTE FUNCTION trigger_d4487a75bd44();
@ -36279,6 +36342,9 @@ ALTER TABLE ONLY alert_management_alerts
ALTER TABLE ONLY design_management_designs
ADD CONSTRAINT fk_239cd63678 FOREIGN KEY (namespace_id) REFERENCES namespaces(id) ON DELETE CASCADE;
ALTER TABLE ONLY bulk_import_export_uploads
ADD CONSTRAINT fk_23e0e92313 FOREIGN KEY (group_id) REFERENCES namespaces(id) ON DELETE CASCADE;
ALTER TABLE ONLY audit_events_streaming_http_instance_namespace_filters
ADD CONSTRAINT fk_23f3ab7df0 FOREIGN KEY (namespace_id) REFERENCES namespaces(id) ON DELETE CASCADE;
@ -36306,6 +36372,9 @@ ALTER TABLE ONLY user_namespace_callouts
ALTER TABLE ONLY user_details
ADD CONSTRAINT fk_27ac767d6a FOREIGN KEY (bot_namespace_id) REFERENCES namespaces(id) ON DELETE SET NULL;
ALTER TABLE ONLY issuable_slas
ADD CONSTRAINT fk_282ef683a5 FOREIGN KEY (namespace_id) REFERENCES namespaces(id) ON DELETE CASCADE;
ALTER TABLE ONLY work_item_dates_sources
ADD CONSTRAINT fk_283fb4ad36 FOREIGN KEY (start_date_sourcing_milestone_id) REFERENCES milestones(id) ON DELETE SET NULL;
@ -36864,6 +36933,9 @@ ALTER TABLE ONLY sent_notifications
ALTER TABLE ONLY labels
ADD CONSTRAINT fk_7de4989a69 FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE;
ALTER TABLE ONLY bulk_import_export_uploads
ADD CONSTRAINT fk_7e03e410b4 FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE;
ALTER TABLE ONLY merge_requests
ADD CONSTRAINT fk_7e85395a64 FOREIGN KEY (sprint_id) REFERENCES sprints(id) ON DELETE SET NULL;

2
doc/administration/reference_architectures/10k_users.md
View File

@ -2061,7 +2061,7 @@ On each node perform the following:
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Linux package node you configured and add or replace
the file of the same name on this server. If this is the first Linux package node you are configuring then you can skip this step.
1. Copy the SSH host keys (all in the name format `/etc/ssh/ssh_host_*_key*`) from the first Linux package node you configured and
1. Copy the SSH host keys (all in the name format `/etc/ssh/ssh_host_*_key*`) from the first Rails node you configured and
add or replace the files of the same name on this server. This ensures host mismatch errors aren't thrown
for your users as they hit the load balanced Rails nodes. If this is the first Linux package node you are configuring,
then you can skip this step.

2
doc/administration/reference_architectures/25k_users.md
View File

@ -2069,7 +2069,7 @@ On each node perform the following:
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Linux package node you configured and add or replace
the file of the same name on this server. If this is the first Linux package node you are configuring then you can skip this step.
1. Copy the SSH host keys (all in the name format `/etc/ssh/ssh_host_*_key*`) from the first Linux package node you configured and
1. Copy the SSH host keys (all in the name format `/etc/ssh/ssh_host_*_key*`) from the first Rails node you configured and
add or replace the files of the same name on this server. This ensures host mismatch errors aren't thrown
for your users as they hit the load balanced Rails nodes. If this is the first Linux package node you are configuring,
then you can skip this step.

5
doc/administration/reference_architectures/2k_users.md
View File

@ -885,7 +885,10 @@ On each node perform the following:
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Linux package node you configured and add or replace
the file of the same name on this server. If this is the first Linux package node you are configuring then you can skip this step.
1. Copy the SSH host keys (all in the name format `/etc/ssh/ssh_host_*_key*`) from the first Rails node you configured and
add or replace the files of the same name on this server. This ensures host mismatch errors aren't thrown
for your users as they hit the load balanced Rails nodes. If this is the first Linux package node you are configuring,
then you can skip this step.
1. To ensure database migrations are only run during reconfigure and not automatically on upgrade, run:
```shell

2
doc/administration/reference_architectures/3k_users.md
View File

@ -1920,7 +1920,7 @@ On each node perform the following:
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Linux package node you configured and add or replace
the file of the same name on this server. If this is the first Linux package node you are configuring then you can skip this step.
1. Copy the SSH host keys (all in the name format `/etc/ssh/ssh_host_*_key*`) from the first Linux package node you configured and
1. Copy the SSH host keys (all in the name format `/etc/ssh/ssh_host_*_key*`) from the first Rails node you configured and
add or replace the files of the same name on this server. This ensures host mismatch errors aren't thrown
for your users as they hit the load balanced Rails nodes. If this is the first Linux package node you are configuring,
then you can skip this step.

5
doc/administration/reference_architectures/50k_users.md
View File

@ -1912,7 +1912,10 @@ To configure the Sidekiq nodes, on each one:
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Linux package node you configured and add or replace
the file of the same name on this server. If this is the first Linux package node you are configuring then you can skip this step.
1. Copy the SSH host keys (all in the name format `/etc/ssh/ssh_host_*_key*`) from the first Rails node you configured and
add or replace the files of the same name on this server. This ensures host mismatch errors aren't thrown
for your users as they hit the load balanced Rails nodes. If this is the first Linux package node you are configuring,
then you can skip this step.
1. To ensure database migrations are only run during reconfigure and not automatically on upgrade, run:
```shell

2
doc/administration/reference_architectures/5k_users.md
View File

@ -1920,7 +1920,7 @@ On each node perform the following:
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Linux package node you configured and add or replace
the file of the same name on this server. If this is the first Linux package node you are configuring then you can skip this step.
1. Copy the SSH host keys (all in the name format `/etc/ssh/ssh_host_*_key*`) from the first Linux package node you configured and
1. Copy the SSH host keys (all in the name format `/etc/ssh/ssh_host_*_key*`) from the first Rails node you configured and
add or replace the files of the same name on this server. This ensures host mismatch errors aren't thrown
for your users as they hit the load balanced Rails nodes. If this is the first Linux package node you are configuring,
then you can skip this step.

53
doc/api/graphql/reference/index.md
View File

@ -13269,6 +13269,29 @@ The edge type for [`ContainerProtectionRepositoryRule`](#containerprotectionrepo
| <a id="containerprotectionrepositoryruleedgecursor"></a>`cursor` | [`String!`](#string) | A cursor for use in pagination. |
| <a id="containerprotectionrepositoryruleedgenode"></a>`node` | [`ContainerProtectionRepositoryRule`](#containerprotectionrepositoryrule) | The item at the end of the edge. |
#### `ContainerProtectionTagRuleConnection`
The connection type for [`ContainerProtectionTagRule`](#containerprotectiontagrule).
##### Fields
| Name | Type | Description |
| ---- | ---- | ----------- |
| <a id="containerprotectiontagruleconnectionedges"></a>`edges` | [`[ContainerProtectionTagRuleEdge]`](#containerprotectiontagruleedge) | A list of edges. |
| <a id="containerprotectiontagruleconnectionnodes"></a>`nodes` | [`[ContainerProtectionTagRule]`](#containerprotectiontagrule) | A list of nodes. |
| <a id="containerprotectiontagruleconnectionpageinfo"></a>`pageInfo` | [`PageInfo!`](#pageinfo) | Information to aid in pagination. |
#### `ContainerProtectionTagRuleEdge`
The edge type for [`ContainerProtectionTagRule`](#containerprotectiontagrule).
##### Fields
| Name | Type | Description |
| ---- | ---- | ----------- |
| <a id="containerprotectiontagruleedgecursor"></a>`cursor` | [`String!`](#string) | A cursor for use in pagination. |
| <a id="containerprotectiontagruleedgenode"></a>`node` | [`ContainerProtectionTagRule`](#containerprotectiontagrule) | The item at the end of the edge. |
#### `ContainerRepositoryConnection`
The connection type for [`ContainerRepository`](#containerrepository).
@ -21504,6 +21527,19 @@ A container repository protection rule designed to prevent users with a certain
| <a id="containerprotectionrepositoryruleminimumaccesslevelforpush"></a>`minimumAccessLevelForPush` **{warning-solid}** | [`ContainerProtectionRepositoryRuleAccessLevel`](#containerprotectionrepositoryruleaccesslevel) | **Introduced** in GitLab 16.6. **Status**: Experiment. Minimum GitLab access level required to push container images to the container repository. For example, `MAINTAINER`, `OWNER`, or `ADMIN`. If the value is `nil`, the minimum access level is ignored. Users with at least the Developer role can push container images. |
| <a id="containerprotectionrepositoryrulerepositorypathpattern"></a>`repositoryPathPattern` **{warning-solid}** | [`String!`](#string) | **Introduced** in GitLab 16.6. **Status**: Experiment. Container repository path pattern protected by the protection rule. For example, `my-project/my-container-*`. Wildcard character `*` allowed. |
### `ContainerProtectionTagRule`
A container repository tag protection rule designed to prevent users with a certain access level or lower from altering the container registry.
#### Fields
| Name | Type | Description |
| ---- | ---- | ----------- |
| <a id="containerprotectiontagruleid"></a>`id` **{warning-solid}** | [`ContainerRegistryProtectionTagRuleID!`](#containerregistryprotectiontagruleid) | **Introduced** in GitLab 17.8. **Status**: Experiment. ID of the container repository tag protection rule. |
| <a id="containerprotectiontagruleminimumaccesslevelfordelete"></a>`minimumAccessLevelForDelete` **{warning-solid}** | [`ContainerProtectionTagRuleAccessLevel`](#containerprotectiontagruleaccesslevel) | **Introduced** in GitLab 17.8. **Status**: Experiment. Minimum GitLab access level required to delete container image tags from the container repository. For example, `MAINTAINER`, `OWNER`, or `ADMIN`. If the value is `nil`, the minimum access level is ignored. Users with at least the Developer role can delete container image tags. |
| <a id="containerprotectiontagruleminimumaccesslevelforpush"></a>`minimumAccessLevelForPush` **{warning-solid}** | [`ContainerProtectionTagRuleAccessLevel`](#containerprotectiontagruleaccesslevel) | **Introduced** in GitLab 17.8. **Status**: Experiment. Minimum GitLab access level required to push container image tags to the container repository. For example, `MAINTAINER`, `OWNER`, or `ADMIN`. If the value is `nil`, the minimum access level is ignored. Users with at least the Developer role can push container image tags. |
| <a id="containerprotectiontagruletagnamepattern"></a>`tagNamePattern` **{warning-solid}** | [`String!`](#string) | **Introduced** in GitLab 17.8. **Status**: Experiment. Container repository tag name pattern protected by the protection rule. For example, `v1.*`. Wildcard character `*` allowed. |
### `ContainerRepository`
A container repository.
@ -31462,6 +31498,7 @@ Project-level settings for product analytics provider.
| <a id="projectcomponentusages"></a>`componentUsages` | [`CiCatalogResourceComponentUsageConnection`](#cicatalogresourcecomponentusageconnection) | Component(s) used by the project. (see [Connections](#connections)) |
| <a id="projectcontainerexpirationpolicy"></a>`containerExpirationPolicy` **{warning-solid}** | [`ContainerExpirationPolicy`](#containerexpirationpolicy) | **Deprecated** in GitLab 17.5. Use `container_tags_expiration_policy`. |
| <a id="projectcontainerprotectionrepositoryrules"></a>`containerProtectionRepositoryRules` **{warning-solid}** | [`ContainerProtectionRepositoryRuleConnection`](#containerprotectionrepositoryruleconnection) | **Introduced** in GitLab 16.10. **Status**: Experiment. Container protection rules for the project. |
| <a id="projectcontainerprotectiontagrules"></a>`containerProtectionTagRules` **{warning-solid}** | [`ContainerProtectionTagRuleConnection`](#containerprotectiontagruleconnection) | **Introduced** in GitLab 17.8. **Status**: Experiment. Container repository tag protection rules for the project. Returns an empty array if the `container_registry_protected_tags` feature flag is disabled. |
| <a id="projectcontainerregistryenabled"></a>`containerRegistryEnabled` | [`Boolean`](#boolean) | Indicates if Container Registry is enabled for the current user. |
| <a id="projectcontainerrepositoriescount"></a>`containerRepositoriesCount` | [`Int!`](#int) | Number of container repositories in the project. |
| <a id="projectcontainertagsexpirationpolicy"></a>`containerTagsExpirationPolicy` | [`ContainerTagsExpirationPolicy`](#containertagsexpirationpolicy) | Container tags expiration policy of the project. |
@ -38833,6 +38870,16 @@ Access level of a container registry protection rule resource.
| <a id="containerprotectionrepositoryruleaccesslevelmaintainer"></a>`MAINTAINER` **{warning-solid}** | **Introduced** in GitLab 16.6. **Status**: Experiment. Maintainer access. |
| <a id="containerprotectionrepositoryruleaccesslevelowner"></a>`OWNER` **{warning-solid}** | **Introduced** in GitLab 16.6. **Status**: Experiment. Owner access. |
### `ContainerProtectionTagRuleAccessLevel`
Access level of a container registry tag protection rule resource.
| Value | Description |
| ----- | ----------- |
| <a id="containerprotectiontagruleaccessleveladmin"></a>`ADMIN` **{warning-solid}** | **Introduced** in GitLab 17.8. **Status**: Experiment. Admin access. |
| <a id="containerprotectiontagruleaccesslevelmaintainer"></a>`MAINTAINER` **{warning-solid}** | **Introduced** in GitLab 17.8. **Status**: Experiment. Maintainer access. |
| <a id="containerprotectiontagruleaccesslevelowner"></a>`OWNER` **{warning-solid}** | **Introduced** in GitLab 17.8. **Status**: Experiment. Owner access. |
### `ContainerRepositoryCleanupStatus`
Status of the tags cleanup of a container repository.
@ -41920,6 +41967,12 @@ A `ContainerRegistryProtectionRuleID` is a global ID. It is encoded as a string.
An example `ContainerRegistryProtectionRuleID` is: `"gid://gitlab/ContainerRegistry::Protection::Rule/1"`.
### `ContainerRegistryProtectionTagRuleID`
A `ContainerRegistryProtectionTagRuleID` is a global ID. It is encoded as a string.
An example `ContainerRegistryProtectionTagRuleID` is: `"gid://gitlab/ContainerRegistry::Protection::TagRule/1"`.
### `ContainerRepositoryID`
A `ContainerRepositoryID` is a global ID. It is encoded as a string.

4
doc/api/group_access_tokens.md
View File

@ -117,7 +117,7 @@ POST /groups/:id/access_tokens
| `name` | String | yes | Name of the group access token |
| `scopes` | `Array[String]` | yes | [List of scopes](../user/group/settings/group_access_tokens.md#scopes-for-a-group-access-token) |
| `access_level` | Integer | no | Access level. Valid values are `10` (Guest), `15` (Planner), `20` (Reporter), `30` (Developer), `40` (Maintainer), and `50` (Owner). |
| `expires_at` | Date | yes | Expiration date of the access token in ISO format (`YYYY-MM-DD`). The date cannot be set later than the [maximum allowable lifetime of an access token](../user/profile/personal_access_tokens.md#access-token-expiration). |
| `expires_at` | Date | yes | Expiration date of the access token in ISO format (`YYYY-MM-DD`). If undefined, the date is set to the [maximum allowable lifetime limit](../user/profile/personal_access_tokens.md#access-token-expiration). |
```shell
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" \
@ -164,7 +164,7 @@ POST /groups/:id/access_tokens/:token_id/rotate
|-----------|------------|----------|---------------------|
| `id` | integer or string | yes | ID or [URL-encoded path of the group](rest/index.md#namespaced-paths) |
| `token_id` | integer | yes | ID of the access token |
| `expires_at` | date | no | Expiration date of the access token in ISO format (`YYYY-MM-DD`). [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/416795) in GitLab 16.6. |
| `expires_at` | date | no | Expiration date of the access token in ISO format (`YYYY-MM-DD`). [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/416795) in GitLab 16.6. If undefined, the token expires after one week. |
```shell
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/<group_id>/access_tokens/<token_id>/rotate"

2
doc/api/group_service_accounts.md
View File

@ -141,7 +141,7 @@ Parameters:
| `user_id` | integer | yes | The ID of a service account user. |
| `name` | string | yes | The name of the personal access token. |
| `scopes` | array | yes | Array of scopes of the personal access token. See [personal access token scopes](../user/profile/personal_access_tokens.md#personal-access-token-scopes) for possible values. |
| `expires_at` | date | no | The personal access token expiry date. When left blank, the token follows the [standard rule of expiry for personal access tokens](../user/profile/personal_access_tokens.md#access-token-expiration). To specify no expiration date, omit this key. |
| `expires_at` | date | no | Expiration date of the access token in ISO format (`YYYY-MM-DD`). If undefined, the date is set to the [maximum allowable lifetime limit](../user/profile/personal_access_tokens.md#access-token-expiration). |
Example request:

8
doc/api/personal_access_tokens.md
View File

@ -213,7 +213,7 @@ Example response:
## Rotate a personal access token
Rotate a personal access token. Revokes the previous token and creates a new token that expires in one week
Rotate a personal access token. Revokes the previous token and creates a new token that expires in one week.
You can either:
@ -224,7 +224,7 @@ You can either:
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/403042) in GitLab 16.0
In GitLab 16.6 and later, you can use the `expires_at` parameter to set a different expiry date. This non-default expiry date can be up to a maximum of one year from the rotation date.
In GitLab 16.6 and later, you can use the `expires_at` parameter to set a different expiry date. This non-default expiry date is subject to the [maximum allowable lifetime limits](../user/profile/personal_access_tokens.md#access-token-expiration).
```plaintext
POST /personal_access_tokens/:id/rotate
@ -233,7 +233,7 @@ POST /personal_access_tokens/:id/rotate
| Attribute | Type | Required | Description |
|-----------|-----------|----------|---------------------|
| `id` | integer/string | yes | ID of personal access token |
| `expires_at` | date | no | Expiration date of the access token in ISO format (`YYYY-MM-DD`). [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/416795) in GitLab 16.6. |
| `expires_at` | date | no | Expiration date of the access token in ISO format (`YYYY-MM-DD`). [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/416795) in GitLab 16.6. If undefined, the token expires after one week. |
NOTE:
Non-administrators can rotate their own tokens. Administrators can rotate tokens of any user.
@ -277,7 +277,7 @@ Requires:
- `api` scope.
You can use the `expires_at` parameter to set a different expiry date. This non-default expiry date can be up to a maximum of one year from the rotation date.
In GitLab 16.6 and later, you can use the `expires_at` parameter to set a different expiry date. This non-default expiry date is subject to the [maximum allowable lifetime limits](../user/profile/personal_access_tokens.md#access-token-expiration).
```plaintext
POST /personal_access_tokens/self/rotate

4
doc/api/project_access_tokens.md
View File

@ -123,7 +123,7 @@ POST projects/:id/access_tokens
| `name` | string | yes | Name of the project access token |
| `scopes` | `Array[String]` | yes | [List of scopes](../user/project/settings/project_access_tokens.md#scopes-for-a-project-access-token) |
| `access_level` | integer | no | Access level. Valid values are `10` (Guest), `15` (Planner), `20` (Reporter), `30` (Developer), `40` (Maintainer), and `50` (Owner). Defaults to `40`. |
| `expires_at` | date | yes | Expiration date of the access token in ISO format (`YYYY-MM-DD`). The date cannot be set later than the [maximum allowable lifetime of an access token](../user/profile/personal_access_tokens.md#access-token-expiration). |
| `expires_at` | date | yes | Expiration date of the access token in ISO format (`YYYY-MM-DD`). If undefined, the date is set to the [maximum allowable lifetime limit](../user/profile/personal_access_tokens.md#access-token-expiration). |
```shell
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" \
@ -170,7 +170,7 @@ POST /projects/:id/access_tokens/:token_id/rotate
|-----------|------------|----------|---------------------|
| `id` | integer or string | yes | ID or [URL-encoded path of the project](rest/index.md#namespaced-paths) |
| `token_id` | integer | yes | ID of the project access token |
| `expires_at` | date | no | Expiration date of the access token in ISO format (`YYYY-MM-DD`). [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/416795) in GitLab 16.6. |
| `expires_at` | date | no | Expiration date of the access token in ISO format (`YYYY-MM-DD`). [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/416795) in GitLab 16.6. If undefined, the token expires after one week. |
```shell
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/<project_id>/access_tokens/<token_id>/rotate"

4
doc/api/user_keys.md
View File

@ -158,7 +158,7 @@ Supported attributes:
|:-------------|:-------|:---------|:------------|
| `title` | string | yes | Title for key |
| `key` | string | yes | Public key value |
| `expires_at` | string | no | Expiration date of the key in ISO 8601 format (`YYYY-MM-DDTHH:MM:SSZ`) |
| `expires_at` | string | no | Expiration date of the key in ISO format (`YYYY-MM-DD`). |
| `usage_type` | string | no | Usage scope for the key. Possible values: `auth`, `signing` or `auth_and_signing`. Default value: `auth_and_signing` |
Returns either:
@ -214,7 +214,7 @@ Supported attributes:
| `id` | integer | yes | ID of user account |
| `title` | string | yes | Title for key |
| `key` | string | yes | Public key value |
| `expires_at` | string | no | Expiration date of the key in ISO 8601 format (`YYYY-MM-DDTHH:MM:SSZ`) |
| `expires_at` | string | no | Expiration date of the access token in ISO format (`YYYY-MM-DD`). |
| `usage_type` | string | no | Usage scope for the key. Possible values: `auth`, `signing` or `auth_and_signing`. Default value: `auth_and_signing` |
Returns either:

6
doc/api/user_tokens.md
View File

@ -91,7 +91,7 @@ Supported attributes:
| `name` | string | yes | Name of personal access token |
| `description`| string | no | Description of personal access token |
| `scopes` | array | yes | Array of approved scopes. Only accepts `k8s_proxy`. |
| `expires_at` | array | no | Expiration date of the access token in ISO format (`YYYY-MM-DD`). If undefined, token expires at the end of the current day. Subject to the [maximum allowable lifetime limits](../user/profile/personal_access_tokens.md#access-token-expiration). |
| `expires_at` | array | no | Expiration date of the access token in ISO format (`YYYY-MM-DD`). If undefined, the date is set to the [maximum allowable lifetime limit](../user/profile/personal_access_tokens.md#access-token-expiration). |
Example request:
@ -247,8 +247,8 @@ Supported attributes:
| `user_id` | integer | yes | ID of user account |
| `name` | string | yes | Name of impersonation token |
| `description`| string | no | Description of impersonation token |
| `expires_at` | date | yes | Expiration date of the impersonation token in ISO format (`YYYY-MM-DD`) |
| `scopes` | array | yes | Array of approved scopes. For a list of possible values, see [Personal access token scopes](../user/profile/personal_access_tokens.md#personal-access-token-scopes): |
| `expires_at` | date | yes | Expiration date of the impersonation token in ISO format (`YYYY-MM-DD`). If undefined, the date is set to the [maximum allowable lifetime limit](../user/profile/personal_access_tokens.md#access-token-expiration). |
| `scopes` | array | yes | Array of approved scopes. For a list of possible values, see [Personal access token scopes](../user/profile/personal_access_tokens.md#personal-access-token-scopes). |
Example request:

2
doc/development/database/batched_background_migrations.md
View File

@ -283,7 +283,7 @@ We recommend that batched background migrations are finalized after all of the
following conditions are met:
- The batched background migration is completed on GitLab.com
- The batched background migration was added in or before the last [required stop](required_stops.md)
- The batched background migration was added in or before the last [required stop](required_stops.md). For example if 17.8 is a required stop and the migration was added in 17.7, the finalizing migration can be added in 17.9.
The `ensure_batched_background_migration_is_finished` call must exactly match
the migration that was used to enqueue it. Pay careful attention to:

13
doc/development/documentation/styleguide/word_list.md
View File

@ -394,6 +394,19 @@ Use **cannot** instead of **can not**.
See also [contractions](index.md#contractions).
## card
Although the UI term might be **card**, do not use it in the documentation.
Avoid the descriptor if you can.
Use:
- By **Seat utilization**, select **Assign seats**.
Instead of:
- On the **Seat utilization** card, select **Assign seats**.
## Chat, GitLab Duo Chat
Use **Chat** with a capital `c` for **Chat** or **GitLab Duo Chat**.

2
doc/development/internal_api/index.md
View File

@ -332,7 +332,7 @@ personal access token.
|:----------|:-------|:---------|:------------|
| `name` | string | yes | The name of the new token |
| `scopes` | string array | yes | The authorization scopes for the new token, these must be valid token scopes |
| `expires_at` | string | no | The expiry date for the new token |
| `expires_at` | string | no | Expiration date of the access token in ISO format (`YYYY-MM-DD`). |
| `key_id` | integer | no | The ID of the SSH key used as found in the authorized-keys file or through the `/authorized_keys` check |
| `user_id` | integer | no | User ID for which to generate the new token |

3
doc/user/project/import/index.md
View File

@ -89,6 +89,7 @@ DETAILS:
> - Introduced in GitLab 17.6 [for Gitea](https://gitlab.com/gitlab-org/gitlab/-/issues/467084) [with flags](../../../administration/feature_flags.md) named `importer_user_mapping` and `gitea_user_mapping`, and [for GitHub](https://gitlab.com/gitlab-org/gitlab/-/issues/466355) with flags named `importer_user_mapping` and `github_user_mapping`. Disabled by default.
> - Introduced in GitLab 17.7 [for Bitbucket Server](https://gitlab.com/gitlab-org/gitlab/-/issues/466356) [with flags](../../../administration/feature_flags.md) named `importer_user_mapping` and `bitbucket_server_user_mapping`. Disabled by default.
> - [Enabled on GitLab.com and self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/472735) for direct transfer in GitLab 17.7.
> - Enabled on GitLab.com for [GitHub](https://gitlab.com/gitlab-org/gitlab/-/issues/499993), [Bitbucket Server](https://gitlab.com/gitlab-org/gitlab/-/issues/509897), and [Gitea](https://gitlab.com/gitlab-org/gitlab/-/issues/498390) in GitLab 17.7.
FLAG:
The availability of this feature is controlled by feature flags.
@ -98,7 +99,7 @@ NOTE:
To leave feedback about this feature, add a comment to [issue 502565](https://gitlab.com/gitlab-org/gitlab/-/issues/502565).
This method of user contribution and membership mapping is available for
[direct transfer migrations](../../group/import/index.md) on:
[direct transfer migrations](../../group/import/index.md), [GitHub importer](github.md), [Bitbucket Server importer](bitbucket_server.md), and [Gitea importer](gitea.md) on:
- GitLab.com
- GitLab self-managed when two feature flags are enabled

2
gems/config/rubocop.yml
View File

@ -55,7 +55,7 @@ Gitlab/BoundedContexts:
Enabled: false
# This cop doesn't make sense in the context of gems
Gitlab/DocUrl:
Gitlab/DocumentationLinks/HardcodedUrl:
Enabled: false
# This cop doesn't make sense in the context of gems

4
keeps/delete_obsolete_advanced_search_migrations.rb
View File

@ -85,7 +85,7 @@ module Keeps
change.assignees = groups_helper.pick_reviewer(group_data, change.identifiers)
change.changelog_ee = true
# rubocop:disable Gitlab/DocUrl -- Not running inside rails application
# rubocop:disable Gitlab/DocumentationLinks/HardcodedUrl -- Not running inside rails application
change.description = <<~MARKDOWN
This migration removes all but the latest obsolete Advanced search migration files from the project.
@ -102,7 +102,7 @@ module Keeps
- [ ] Update the archive of migrations in https://gitlab.com/gitlab-org/search-team/migration-graveyard
- [ ] Remove references to affected migration or spec files from Rubocop TODOs
MARKDOWN
# rubocop:enable Gitlab/DocUrl
# rubocop:enable Gitlab/DocumentationLinks/HardcodedUrl
change.changed_files = []
# always leave one migration

4
keeps/delete_old_feature_flags.rb
View File

@ -59,7 +59,7 @@ module Keeps
apply_patch_and_cleanup(feature_flag, change)
# rubocop:disable Gitlab/DocUrl -- Not running inside rails application
# rubocop:disable Gitlab/DocumentationLinks/HardcodedUrl -- Not running inside rails application
change.description = <<~MARKDOWN
This feature flag was introduced in #{feature_flag.milestone}, which is more than #{CUTOFF_MILESTONE_OLD} milestones ago.
@ -84,7 +84,7 @@ module Keeps
You can also see the status of the rollout by checking #{feature_flag_rollout_issue_url(feature_flag)} and #{format(FEATURE_FLAG_LOG_ISSUES_URL, feature_flag_name: feature_flag.name)}.
MARKDOWN
# rubocop:enable Gitlab/DocUrl
# rubocop:enable Gitlab/DocumentationLinks/HardcodedUrl
change.labels = [
'maintenance::removal',

4
keeps/mark_old_advanced_search_migrations_as_obsolete.rb
View File

@ -112,7 +112,7 @@ module Keeps
change.assignees = assignee
change.changelog_ee = true
# rubocop:disable Gitlab/DocUrl -- Not running inside rails application
# rubocop:disable Gitlab/DocumentationLinks/HardcodedUrl -- Not running inside rails application
change.description = <<~MARKDOWN
This migration marks the #{version} #{migration_name} Advanced search migration as obsolete.
@ -130,7 +130,7 @@ module Keeps
to process the migration. Therefore we mark any Advanced search migrations added before the
last required stop as obsolete.
MARKDOWN
# rubocop:enable Gitlab/DocUrl
# rubocop:enable Gitlab/DocumentationLinks/HardcodedUrl
change.changed_files = []
add_obsolete_to_yaml(migration_data[:yaml_filename], migration_data[:yaml_content])

4
keeps/overdue_finalize_background_migration.rb
View File

@ -84,7 +84,7 @@ module Keeps
end
def change_description(migration_record, job_name, last_migration_file)
# rubocop:disable Gitlab/DocUrl -- Not running inside rails application
# rubocop:disable Gitlab/DocumentationLinks/HardcodedUrl -- Not running inside rails application
<<~MARKDOWN
#{migration_code_not_present_message unless migration_code_present?(job_name)}
This migration was finished at `#{migration_record.finished_at || migration_record.updated_at}`, you can confirm
@ -106,7 +106,7 @@ module Keeps
to process the migration. Therefore we can finalize any batched background migration that was added before the
last required stop.
MARKDOWN
# rubocop:enable Gitlab/DocUrl
# rubocop:enable Gitlab/DocumentationLinks/HardcodedUrl
end
def truncate_migration_name(migration_name)

6
lib/api/ci/pipelines.rb
View File

@ -163,7 +163,7 @@ module API
.new(current_user: current_user, pipeline: pipeline, params: params)
.execute
builds = builds.with_preloads.preload(:metadata, :runner_manager) # rubocop:disable CodeReuse/ActiveRecord -- preload job.archived?
builds = builds.with_preloads.preload(:metadata, :runner_manager, :ci_stage) # rubocop:disable CodeReuse/ActiveRecord -- preload job.archived?
present paginate(builds), with: Entities::Ci::Job
end
@ -191,7 +191,9 @@ module API
bridges = ::Ci::JobsFinder
.new(current_user: current_user, pipeline: pipeline, params: params, type: ::Ci::Bridge)
.execute
bridges = bridges.with_preloads
# rubocop:disable CodeReuse/ActiveRecord -- Preload is only related to this endpoint
bridges = bridges.with_preloads.preload(:ci_stage)
# rubocop:enable CodeReuse/ActiveRecord
present paginate(bridges), with: Entities::Ci::Bridge
end

1
lib/api/ci/runners.rb
View File

@ -98,6 +98,7 @@ module API
def preload_job_associations(jobs)
jobs.preload( # rubocop: disable CodeReuse/ActiveRecord -- this preload is tightly related to the endpoint
:ci_stage,
:user,
{ pipeline: { project: [:route, { namespace: :route }] } },
{ project: [:route, { namespace: :route }, :ci_cd_settings] }

Some files were not shown because too many files have changed in this diff Show More