root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2019-11-13 15:07:29 +00:00
parent 4e516dbff9
commit 3318518149
38 changed files with 213 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/helpers/application_settings_helper.rb
View File

@ -176,6 +176,7 @@ module ApplicationSettingsHelper
:container_registry_token_expire_delay,
:default_artifacts_expire_in,
:default_branch_protection,
:default_ci_config_path,
:default_group_visibility,
:default_project_creation,
:default_project_visibility,

6
app/models/application_setting.rb
View File

@ -297,6 +297,12 @@ class ApplicationSetting < ApplicationRecord
pass: :external_auth_client_key_pass,
if: -> (setting) { setting.external_auth_client_cert.present? }
validates :default_ci_config_path,
format: { without: %r{(\.{2}|\A/)},
message: N_('cannot include leading slash or directory traversal.') },
length: { maximum: 255 },
allow_blank: true
attr_encrypted :asset_proxy_secret_key,
mode: :per_attribute_iv,
key: Settings.attr_encrypted_db_key_base_truncated,

1
app/models/application_setting_implementation.rb
View File

@ -42,6 +42,7 @@ module ApplicationSettingImplementation
container_registry_token_expire_delay: 5,
default_artifacts_expire_in: '30 days',
default_branch_protection: Settings.gitlab['default_branch_protection'],
default_ci_config_path: nil,
default_group_visibility: Settings.gitlab.default_projects_features['visibility_level'],
default_project_creation: Settings.gitlab['default_project_creation'],
default_project_visibility: Settings.gitlab.default_projects_features['visibility_level'],

33
app/models/clusters/applications/ingress.rb
View File

@ -21,6 +21,7 @@ module Clusters
}
FETCH_IP_ADDRESS_DELAY = 30.seconds
MODSEC_SIDECAR_INITIAL_DELAY_SECONDS = 10
state_machine :status do
after_transition any => [:installed] do |application|
@ -81,11 +82,39 @@ module Clusters
"enable-owasp-modsecurity-crs" => "true",
"modsecurity.conf" => modsecurity_config_content
},
"extraContainers" => [
{
"name" => "modsecurity-log",
"image" => "busybox",
"args" => [
"/bin/sh",
"-c",
"tail -f /var/log/modsec/audit.log"
],
"volumeMounts" => [
{
"name" => "modsecurity-log-volume",
"mountPath" => "/var/log/modsec",
"readOnly" => true
}
],
"startupProbe" => {
"exec" => {
"command" => ["ls", "/var/log/modsec"]
},
"initialDelaySeconds" => MODSEC_SIDECAR_INITIAL_DELAY_SECONDS
}
}
],
"extraVolumeMounts" => [
{
"name" => "modsecurity-template-volume",
"mountPath" => "/etc/nginx/modsecurity/modsecurity.conf",
"subPath" => "modsecurity.conf"
},
{
"name" => "modsecurity-log-volume",
"mountPath" => "/var/log/modsec"
}
],
"extraVolumes" => [
@ -100,6 +129,10 @@ module Clusters
}
]
}
},
{
"name" => "modsecurity-log-volume",
"emptyDir" => {}
}
]
}

4
app/models/concerns/noteable.rb
View File

@ -108,10 +108,6 @@ module Noteable
discussions_resolvable? && resolvable_discussions.none?(&:to_be_resolved?)
end
def discussions_to_be_resolved?
discussions_resolvable? && !discussions_resolved?
end
def discussions_to_be_resolved
@discussions_to_be_resolved ||= resolvable_discussions.select(&:to_be_resolved?)
end

5
app/models/merge_request.rb
View File

@ -68,6 +68,7 @@ class MergeRequest < ApplicationRecord
has_many :cached_closes_issues, through: :merge_requests_closing_issues, source: :issue
has_many :pipelines_for_merge_request, foreign_key: 'merge_request_id', class_name: 'Ci::Pipeline'
has_many :suggestions, through: :notes
has_many :unresolved_notes, -> { unresolved }, as: :noteable, class_name: 'Note'
has_many :merge_request_assignees
has_many :assignees, class_name: "User", through: :merge_request_assignees
@ -211,7 +212,7 @@ class MergeRequest < ApplicationRecord
scope :join_project, -> { joins(:target_project) }
scope :references_project, -> { references(:target_project) }
scope :with_api_entity_associations, -> {
preload(:assignees, :author, :notes, :labels, :milestone, :timelogs,
preload(:assignees, :author, :unresolved_notes, :labels, :milestone, :timelogs,
latest_merge_request_diff: [:merge_request_diff_commits],
metrics: [:latest_closed_by, :merged_by],
target_project: [:route, { namespace: :route }],
@ -923,7 +924,7 @@ class MergeRequest < ApplicationRecord
def mergeable_discussions_state?
return true unless project.only_allow_merge_if_all_discussions_are_resolved?
!discussions_to_be_resolved?
unresolved_notes.none?(&:to_be_resolved?)
end
def for_fork?

1
app/models/project.rb
View File

@ -92,6 +92,7 @@ class Project < ApplicationRecord
default_value_for :snippets_enabled, gitlab_config_features.snippets
default_value_for :only_allow_merge_if_all_discussions_are_resolved, false
default_value_for :remove_source_branch_after_merge, true
default_value_for(:ci_config_path) { Gitlab::CurrentSettings.default_ci_config_path }
add_authentication_token_field :runners_token, encrypted: -> { Feature.enabled?(:projects_tokens_optional_encryption, default_enabled: true) ? :optional : :required }

6
app/views/admin/application_settings/_ci_cd.html.haml
View File

@ -53,5 +53,11 @@
= s_('AdminSettings|Environment variables are protected by default')
.form-text.text-muted
= s_('AdminSettings|When creating a new environment variable it will be protected by default.')
.form-group
= f.label :ci_config_path, _('Default CI configuration path'), class: 'label-bold'
= f.text_field :default_ci_config_path, class: 'form-control', placeholder: '.gitlab-ci.yml'
%p.form-text.text-muted
= _("The default CI configuration path for new projects.").html_safe
= link_to icon('question-circle'), help_page_path('user/project/pipelines/settings', anchor: 'custom-ci-config-path'), target: '_blank'
= f.submit _('Save changes'), class: "btn btn-success"

5
changelogs/unreleased/14707-add-modsec-logging-sidecar-to-ingress-controller.yml Normal file
View File

@ -0,0 +1,5 @@
---
title: Add modsecurity logging sidecar to ingress controller
merge_request: 19600
author:
type: added

5
changelogs/unreleased/32935-preventing-accidental-project-deletion-index.yml Normal file
View File

@ -0,0 +1,5 @@
---
title: Add index on marked_for_deletion_at in projects table
merge_request: 19788
author:
type: other

5
changelogs/unreleased/ab-projects-api-indexes-authenticated.yml Normal file
View File

@ -0,0 +1,5 @@
---
title: Add index for authenticated requests to projects API default endpoint
merge_request: 19993
author:
type: performance

5
changelogs/unreleased/gitlab_ci_path.yml Normal file
View File

@ -0,0 +1,5 @@
---
title: Allow to define a default CI configuration path for new projects
merge_request: 18073
author: Mathieu Parent
type: added

5
changelogs/unreleased/id-optimize-mergeable-discussions-state.yml Normal file
View File

@ -0,0 +1,5 @@
---
title: Optimize MergeRequest#mergeable_discussions_state? method
merge_request: 19988
author:
type: performance

17
db/migrate/20191107220314_add_index_to_projects_on_marked_for_deletion.rb Normal file
View File

@ -0,0 +1,17 @@
# frozen_string_literal: true
class AddIndexToProjectsOnMarkedForDeletion < ActiveRecord::Migration[5.2]
include Gitlab::Database::MigrationHelpers
DOWNTIME = false
disable_ddl_transaction!
def up
add_concurrent_index :projects, :marked_for_deletion_at, where: 'marked_for_deletion_at IS NOT NULL'
end
def down
remove_concurrent_index :projects, :marked_for_deletion_at
end
end

13
db/migrate/20191111121500_default_ci_config_path.rb Normal file
View File

@ -0,0 +1,13 @@
# frozen_string_literal: true
class DefaultCiConfigPath < ActiveRecord::Migration[5.2]
DOWNTIME = false
def up
add_column :application_settings, :default_ci_config_path, :string, limit: 255
end
def down
remove_column :application_settings, :default_ci_config_path
end
end

19
db/migrate/20191112221821_add_indexes_for_projects_api_default_params_authenticated.rb Normal file
View File

@ -0,0 +1,19 @@
# frozen_string_literal: true
class AddIndexesForProjectsApiDefaultParamsAuthenticated < ActiveRecord::Migration[5.2]
include Gitlab::Database::MigrationHelpers
DOWNTIME = false
disable_ddl_transaction!
def up
add_concurrent_index :projects, %i(created_at id)
remove_concurrent_index_by_name :projects, 'index_projects_on_created_at'
end
def down
add_concurrent_index :projects, :created_at
remove_concurrent_index_by_name :projects, 'index_projects_on_created_at_and_id'
end
end

6
db/schema.rb
View File

@ -10,7 +10,7 @@
#
# It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 2019_11_12_214305) do
ActiveRecord::Schema.define(version: 2019_11_12_221821) do
# These are extensions that must be enabled in order to support this database
enable_extension "pg_trgm"
@ -351,6 +351,7 @@ ActiveRecord::Schema.define(version: 2019_11_12_214305) do
t.text "encrypted_eks_secret_access_key"
t.string "snowplow_app_id"
t.datetime_with_timezone "productivity_analytics_start_date"
t.string "default_ci_config_path", limit: 255
t.index ["custom_project_templates_group_id"], name: "index_application_settings_on_custom_project_templates_group_id"
t.index ["file_template_project_id"], name: "index_application_settings_on_file_template_project_id"
t.index ["instance_administration_project_id"], name: "index_applicationsettings_on_instance_administration_project_id"
@ -3121,7 +3122,7 @@ ActiveRecord::Schema.define(version: 2019_11_12_214305) do
t.integer "marked_for_deletion_by_user_id"
t.index "lower((name)::text)", name: "index_projects_on_lower_name"
t.index ["archived", "pending_delete", "merge_requests_require_code_owner_approval"], name: "projects_requiring_code_owner_approval", where: "((pending_delete = false) AND (archived = false) AND (merge_requests_require_code_owner_approval = true))"
t.index ["created_at"], name: "index_projects_on_created_at"
t.index ["created_at", "id"], name: "index_projects_on_created_at_and_id"
t.index ["creator_id"], name: "index_projects_on_creator_id"
t.index ["description"], name: "index_projects_on_description_trigram", opclass: :gin_trgm_ops, using: :gin
t.index ["id", "repository_storage", "last_repository_updated_at"], name: "idx_projects_on_repository_storage_last_repository_updated_at"
@ -3131,6 +3132,7 @@ ActiveRecord::Schema.define(version: 2019_11_12_214305) do
t.index ["last_repository_check_at"], name: "index_projects_on_last_repository_check_at", where: "(last_repository_check_at IS NOT NULL)"
t.index ["last_repository_check_failed"], name: "index_projects_on_last_repository_check_failed"
t.index ["last_repository_updated_at"], name: "index_projects_on_last_repository_updated_at"
t.index ["marked_for_deletion_at"], name: "index_projects_on_marked_for_deletion_at", where: "(marked_for_deletion_at IS NOT NULL)"
t.index ["marked_for_deletion_by_user_id"], name: "index_projects_on_marked_for_deletion_by_user_id", where: "(marked_for_deletion_by_user_id IS NOT NULL)"
t.index ["mirror_last_successful_update_at"], name: "index_projects_on_mirror_last_successful_update_at"
t.index ["mirror_user_id"], name: "index_projects_on_mirror_user_id"

4
doc/administration/operations/sidekiq_memory_killer.md
View File

@ -34,7 +34,7 @@ The MemoryKiller is controlled using environment variables.
In _daemon_ mode, the MemoryKiller checks the Sidekiq process RSS every 3 seconds
(defined by `SIDEKIQ_MEMORY_KILLER_CHECK_INTERVAL`).
- `SIDEKIQ_MEMORY_KILLER_MAX_RSS`: if this variable is set, and its value is greater
- `SIDEKIQ_MEMORY_KILLER_MAX_RSS` (KB): if this variable is set, and its value is greater
than 0, the MemoryKiller is enabled. Otherwise the MemoryKiller is disabled.
`SIDEKIQ_MEMORY_KILLER_MAX_RSS` defines the Sidekiq process allowed RSS.
@ -52,7 +52,7 @@ The MemoryKiller is controlled using environment variables.
[in the Omnibus GitLab
repository](https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/attributes/default.rb).
- `SIDEKIQ_MEMORY_KILLER_HARD_LIMIT_RSS`: is used by _daemon_ mode. If the Sidekiq
- `SIDEKIQ_MEMORY_KILLER_HARD_LIMIT_RSS` (KB): is used by _daemon_ mode. If the Sidekiq
process RSS (expressed in kilobytes) exceeds `SIDEKIQ_MEMORY_KILLER_HARD_LIMIT_RSS`,
an immediate graceful restart of Sidekiq is triggered.

3
doc/api/settings.md
View File

@ -40,6 +40,7 @@ Example response:
"domain_blacklist_enabled" : false,
"domain_blacklist" : [],
"created_at" : "2016-01-04T15:44:55.176Z",
"default_ci_config_path" : null,
"default_project_visibility" : "private",
"default_group_visibility" : "private",
"gravatar_enabled" : true,
@ -113,6 +114,7 @@ Example response:
"restricted_visibility_levels": [],
"max_attachment_size": 10,
"session_expire_delay": 10080,
"default_ci_config_path" : null,
"default_project_visibility": "internal",
"default_snippet_visibility": "private",
"default_group_visibility": "private",
@ -198,6 +200,7 @@ are listed in the descriptions of the relevant settings.
| `container_registry_token_expire_delay` | integer | no | Container Registry token duration in minutes. |
| `default_artifacts_expire_in` | string | no | Set the default expiration time for each job's artifacts. |
| `default_branch_protection` | integer | no | Determine if developers can push to master. Can take: `0` _(not protected, both developers and maintainers can push new commits, force push, or delete the branch)_, `1` _(partially protected, developers and maintainers can push new commits, but cannot force push or delete the branch)_ or `2` _(fully protected, developers cannot push new commits, but maintainers can; no-one can force push or delete the branch)_ as a parameter. Default is `2`. |
| `default_ci_config_path` | string | no | Default CI configuration path for new projects (`.gitlab-ci.yml` if not set). |
| `default_group_visibility` | string | no | What visibility level new groups receive. Can take `private`, `internal` and `public` as a parameter. Default is `private`. |
| `default_project_creation` | integer | no | Default project creation protection. Can take: `0` _(No one)_, `1` _(Maintainers)_ or `2` _(Developers + Maintainers)_|
| `default_projects_limit` | integer | no | Project limit per user. Default is `100000`. |

2
doc/ci/yaml/README.md
View File

@ -2023,8 +2023,6 @@ Defining an empty array will skip downloading any artifacts for that job.
The status of the previous job is not considered when using `dependencies`, so
if it failed or it is a manual job that was not run, no error occurs.
---
In the following example, we define two jobs with artifacts, `build:osx` and
`build:linux`. When the `test:osx` is executed, the artifacts from `build:osx`
will be downloaded and extracted in the context of the build. The same happens

2
doc/development/documentation/index.md
View File

@ -67,8 +67,6 @@ This document was moved to [another location](path/to/new_doc.md).
where `path/to/new_doc.md` is the relative path to the root directory `doc/`.
---
For example, if you move `doc/workflow/lfs/lfs_administration.md` to
`doc/administration/lfs.md`, then the steps would be:

3
doc/development/documentation/styleguide.md
View File

@ -604,9 +604,6 @@ Inside the document:
- Always use a proper description for what the image is about. That way, when a
browser fails to show the image, this text will be used as an alternative
description.
- If there are consecutive images with little text between them, always add
three dashes (`---`) between the image and the text to create a horizontal
line for better clarity.
- If a heading is placed right after an image, always add three dashes (`---`)
between the image and the heading.

2
doc/install/openshift_and_gitlab/index.md
View File

@ -23,8 +23,6 @@ tools that will help us achieve our goal.
For a video demonstration on installing GitLab on OpenShift, check the article [In 13 minutes from Kubernetes to a complete application development tool](https://about.gitlab.com/blog/2016/11/14/idea-to-production/).
---
## Prerequisites
CAUTION: **Caution:** This information is no longer up to date, as the current versions

13
doc/user/admin_area/settings/continuous_integration.md
View File

@ -134,6 +134,19 @@ Once that time passes, the jobs will be archived and no longer able to be
retried. Make it empty to never expire jobs. It has to be no less than 1 day,
for example: <code>15 days</code>, <code>1 month</code>, <code>2 years</code>.
## Default CI configuration path
> [Introduced](https://gitlab.com/gitlab-org/gitlab/merge_requests/18073) in GitLab 12.5.
The default CI configuration file path for new projects can be set in the Admin
area of your GitLab instance (`.gitlab-ci.yml` if not set):
1. Go to **Admin area > Settings > Continuous Integration and Deployment**.
1. Input the new path in the **Default CI configuration path** field.
1. Hit **Save changes** for the changes to take effect.
It is also possible to specify a [custom CI configuration path for a specific project](../../project/pipelines/settings.md#custom-ci-configuration-path).
<!-- ## Troubleshooting
Include any troubleshooting steps that you can foresee. If you know beforehand what issues

2
doc/user/clusters/applications.md
View File

@ -263,7 +263,7 @@ This feature:
For example:
```sh
kubectl -n gitlab-managed-apps exec -it $(kubectl get pods -n gitlab-managed-apps | grep 'ingress-controller' | awk '{print $1}') -- tail -f /var/log/modsec_audit.log
kubectl -n gitlab-managed-apps exec -it $(kubectl get pods -n gitlab-managed-apps | grep 'ingress-controller' | awk '{print $1}') -- tail -f /var/log/modsec/audit.log
```
There is a small performance overhead by enabling `modsecurity`. However, if this is

4
doc/user/permissions.md
View File

@ -73,7 +73,7 @@ The following table depicts the various user permission levels in a project.
| See a commit status | | ✓ | ✓ | ✓ | ✓ |
| See a container registry | | ✓ | ✓ | ✓ | ✓ |
| See environments | | ✓ | ✓ | ✓ | ✓ |
| See a list of merge requests | ✓ (*1*) | ✓ | ✓ | ✓ | ✓ |
| See a list of merge requests | | ✓ | ✓ | ✓ | ✓ |
| View project statistics | | ✓ | ✓ | ✓ | ✓ |
| View Error Tracking list | | ✓ | ✓ | ✓ | ✓ |
| Pull from [Conan repository](packages/conan_repository/index.md), [Maven repository](packages/maven_repository/index.md), or [NPM registry](packages/npm_registry/index.md) **(PREMIUM)** | | ✓ | ✓ | ✓ | ✓ |
@ -83,7 +83,7 @@ The following table depicts the various user permission levels in a project.
| Push to non-protected branches | | | ✓ | ✓ | ✓ |
| Force push to non-protected branches | | | ✓ | ✓ | ✓ |
| Remove non-protected branches | | | ✓ | ✓ | ✓ |
| Create new merge request | ✓ (*1*) | ✓ | ✓ | ✓ | ✓ |
| Create new merge request | | ✓ | ✓ | ✓ | ✓ |
| Assign merge requests | | | ✓ | ✓ | ✓ |
| Label merge requests | | | ✓ | ✓ | ✓ |
| Lock merge request threads | | | ✓ | ✓ | ✓ |

2
doc/user/profile/notifications.md
View File

@ -77,7 +77,7 @@ To select a notification level for a project, use either of these methods:
1. Locate the project in the **Projects** section.
1. Select the desired [notification level](#notification-levels).
---
Or:
1. Navigate to the project's page.
1. Click the notification dropdown, marked with a bell icon.

2
doc/user/project/import/gitea.md
View File

@ -75,7 +75,5 @@ You also can:
![Gitea importer page](img/import_projects_from_gitea_importer_v12_3.png)
---
You can also choose a different name for the project and a different namespace,
if you have the privileges to do so.

2
doc/user/project/merge_requests/merge_request_approvals.md
View File

@ -219,8 +219,6 @@ and the project level approvers are changed after a merge request is created,
the merge request retains the previous approvers.
However, the approvers can be changed by [editing the merge request](#overriding-the-merge-request-approvals-default-settings).
---
The default approval settings can now be overridden when creating a
[merge request](index.md) or by editing it after it's been created:

1
lib/api/settings.rb
View File

@ -42,6 +42,7 @@ module API
optional :asset_proxy_whitelist, type: Array[String], coerce_with: Validations::Types::CommaSeparatedToArray.coerce, desc: 'Assets that match these domain(s) will NOT be proxied. Wildcards allowed. Your GitLab installation URL is automatically whitelisted.'
optional :container_registry_token_expire_delay, type: Integer, desc: 'Authorization token duration (minutes)'
optional :default_artifacts_expire_in, type: String, desc: "Set the default expiration time for each job's artifacts"
optional :default_ci_config_path, type: String, desc: 'The instance default CI configuration path for new projects'
optional :default_project_creation, type: Integer, values: ::Gitlab::Access.project_creation_values, desc: 'Determine if developers can create projects in the group'
optional :default_branch_protection, type: Integer, values: ::Gitlab::Access.protection_values, desc: 'Determine if developers can push to master'
optional :default_group_visibility, type: String, values: Gitlab::VisibilityLevel.string_values, desc: 'The default group visibility'

6
locale/gitlab.pot
View File

@ -5241,6 +5241,9 @@ msgstr ""
msgid "Default Branch"
msgstr ""
msgid "Default CI configuration path"
msgstr ""
msgid "Default artifacts expiration"
msgstr ""
@ -16840,6 +16843,9 @@ msgstr ""
msgid "The content of this page is not encoded in UTF-8. Edits can only be made via the Git repository."
msgstr ""
msgid "The default CI configuration path for new projects."
msgstr ""
msgid "The dependency list details information about the components used within your project."
msgstr ""

1
spec/lib/gitlab/import_export/all_models.yml
View File

@ -120,6 +120,7 @@ merge_requests:
- pipelines_for_merge_request
- merge_request_assignees
- suggestions
- unresolved_notes
- assignees
- reviews
- approval_rules

12
spec/models/clusters/applications/ingress_spec.rb
View File

@ -165,6 +165,12 @@ describe Clusters::Applications::Ingress do
expect(subject.values).to include('extraVolumes')
expect(subject.values).to include('extraVolumeMounts')
end
it 'includes modsecurity sidecar container' do
expect(subject.values).to include('modsecurity-log-volume')
expect(subject.values).to include('extraContainers')
end
end
context 'when ingress_modsecurity is disabled' do
@ -190,6 +196,12 @@ describe Clusters::Applications::Ingress do
expect(subject.values).not_to include('extraVolumes')
expect(subject.values).not_to include('extraVolumeMounts')
end
it 'excludes modsecurity sidecar container' do
expect(subject.values).not_to include('modsecurity-log-volume')
expect(subject.values).not_to include('extraContainers')
end
end
end
end

44
spec/models/concerns/noteable_spec.rb
View File

@ -177,50 +177,6 @@ describe Noteable do
end
end
describe "#discussions_to_be_resolved?" do
context "when discussions are not resolvable" do
before do
allow(subject).to receive(:discussions_resolvable?).and_return(false)
end
it "returns false" do
expect(subject.discussions_to_be_resolved?).to be false
end
end
context "when discussions are resolvable" do
before do
allow(subject).to receive(:discussions_resolvable?).and_return(true)
allow(first_discussion).to receive(:resolvable?).and_return(true)
allow(second_discussion).to receive(:resolvable?).and_return(false)
allow(third_discussion).to receive(:resolvable?).and_return(true)
end
context "when all resolvable discussions are resolved" do
before do
allow(first_discussion).to receive(:resolved?).and_return(true)
allow(third_discussion).to receive(:resolved?).and_return(true)
end
it "returns false" do
expect(subject.discussions_to_be_resolved?).to be false
end
end
context "when some resolvable discussions are not resolved" do
before do
allow(first_discussion).to receive(:resolved?).and_return(true)
allow(third_discussion).to receive(:resolved?).and_return(false)
end
it "returns true" do
expect(subject.discussions_to_be_resolved?).to be true
end
end
end
end
describe "#discussions_to_be_resolved" do
before do
allow(first_discussion).to receive(:to_be_resolved?).and_return(true)

37
spec/models/project_spec.rb
View File

@ -2029,24 +2029,37 @@ describe Project do
end
describe '#ci_config_path=' do
using RSpec::Parameterized::TableSyntax
let(:project) { create(:project) }
it 'sets nil' do
project.update!(ci_config_path: nil)
expect(project.ci_config_path).to be_nil
where(:default_ci_config_path, :project_ci_config_path, :expected_ci_config_path) do
nil | :notset | :default
nil | nil | :default
nil | '' | :default
nil | "cust\0om/\0/path" | 'custom//path'
'' | :notset | :default
'' | nil | :default
'' | '' | :default
'' | "cust\0om/\0/path" | 'custom//path'
'global/path' | :notset | 'global/path'
'global/path' | nil | :default
'global/path' | '' | :default
'global/path' | "cust\0om/\0/path" | 'custom//path'
end
it 'sets a string' do
project.update!(ci_config_path: 'foo/.gitlab_ci.yml')
with_them do
before do
stub_application_setting(default_ci_config_path: default_ci_config_path)
expect(project.ci_config_path).to eq('foo/.gitlab_ci.yml')
end
if project_ci_config_path != :notset
project.ci_config_path = project_ci_config_path
end
end
it 'sets a string but removes all null characters' do
project.update!(ci_config_path: "f\0oo/\0/.gitlab_ci.yml")
expect(project.ci_config_path).to eq('foo//.gitlab_ci.yml')
it 'returns the correct path' do
expect(project.ci_config_path.presence || :default).to eq(expected_ci_config_path)
end
end
end

20
spec/requests/api/merge_requests_spec.rb
View File

@ -701,16 +701,20 @@ describe API::MergeRequests do
expect(json_response.first['id']).to eq merge_request_closed.id
end
it 'avoids N+1 queries' do
control = ActiveRecord::QueryRecorder.new do
get api("/projects/#{project.id}/merge_requests", user)
end.count
context 'a project which enforces all discussions to be resolved' do
let!(:project) { create(:project, :repository, only_allow_merge_if_all_discussions_are_resolved: true) }
create(:merge_request, author: user, assignees: [user], source_project: project, target_project: project, created_at: base_time)
it 'avoids N+1 queries' do
control = ActiveRecord::QueryRecorder.new do
get api("/projects/#{project.id}/merge_requests", user)
end.count
expect do
get api("/projects/#{project.id}/merge_requests", user)
end.not_to exceed_query_limit(control)
create(:merge_request, author: user, assignees: [user], source_project: project, target_project: project, created_at: base_time)
expect do
get api("/projects/#{project.id}/merge_requests", user)
end.not_to exceed_query_limit(control)
end
end
end

3
spec/requests/api/settings_spec.rb
View File

@ -18,6 +18,7 @@ describe API::Settings, 'Settings' do
expect(json_response['password_authentication_enabled']).to be_truthy
expect(json_response['plantuml_enabled']).to be_falsey
expect(json_response['plantuml_url']).to be_nil
expect(json_response['default_ci_config_path']).to be_nil
expect(json_response['default_project_visibility']).to be_a String
expect(json_response['default_snippet_visibility']).to be_a String
expect(json_response['default_group_visibility']).to be_a String
@ -49,6 +50,7 @@ describe API::Settings, 'Settings' do
it "updates application settings" do
put api("/application/settings", admin),
params: {
default_ci_config_path: 'debian/salsa-ci.yml',
default_projects_limit: 3,
default_project_creation: 2,
password_authentication_enabled_for_web: false,
@ -80,6 +82,7 @@ describe API::Settings, 'Settings' do
}
expect(response).to have_gitlab_http_status(200)
expect(json_response['default_ci_config_path']).to eq('debian/salsa-ci.yml')
expect(json_response['default_projects_limit']).to eq(3)
expect(json_response['default_project_creation']).to eq(::Gitlab::Access::DEVELOPER_MAINTAINER_PROJECT_ACCESS)
expect(json_response['password_authentication_enabled_for_web']).to be_falsey

3
vendor/ingress/modsecurity.conf vendored
View File

@ -236,7 +236,8 @@ SecAuditLogParts ABIJDEFHZ
# assumes that you will use the audit log only ocassionally.
#
# SecAuditLogType Serial
SecAuditLog /var/log/modsec_audit.log
SecAuditLogFormat JSON
SecAuditLog /var/log/modsec/audit.log
# Specify the path for concurrent audit logging.
#SecAuditLogStorageDir /opt/modsecurity/var/audit/