root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2024-07-15 18:14:45 +00:00
parent f0471bfa61
commit 380d41a71b
80 changed files with 1484 additions and 208 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.gitlab/ci/rails.gitlab-ci.yml
View File

@ -336,28 +336,27 @@ rspec system pg14 no_gitaly_transactions:
rspec-ee migration pg14 no_gitaly_transactions:
extends:
- rspec-ee migration pg14
- .gitaly-without-transactions
- .ee-only-gitaly-without-transactions
rspec-ee background_migration pg14 no_gitaly_transactions:
extends:
- rspec-ee background_migration pg14
- .gitaly-without-transactions
- .ee-only-gitaly-without-transactions
rspec-ee unit pg14 no_gitaly_transactions:
extends:
- rspec-ee unit pg14
- .gitaly-without-transactions
- .ee-only-gitaly-without-transactions
rspec-ee integration pg14 no_gitaly_transactions:
extends:
- rspec-ee integration pg14
- .gitaly-without-transactions
- .ee-only-gitaly-without-transactions
rspec-ee system pg14 no_gitaly_transactions:
extends:
- rspec-ee system pg14
- .gitaly-without-transactions
- .ee-only-gitaly-without-transactions
# Dedicated job to test DB library code against PG13.
# Note that these are already tested against PG13 in the `rspec unit pg13` / `rspec-ee unit pg13` jobs.

6
.gitlab/ci/rails/shared.gitlab-ci.yml
View File

@ -66,6 +66,12 @@ include:
variables:
GITALY_TRANSACTIONS_ENABLED: "false"
.ee-only-gitaly-without-transactions:
extends:
- .rails:rules:ee-only-gitaly-without-transactions
variables:
GITALY_TRANSACTIONS_ENABLED: "false"
.rspec-base-needs:
needs:
- !reference [.repo-from-artifacts, needs]

6
.gitlab/ci/rules.gitlab-ci.yml
View File

@ -2002,6 +2002,12 @@
- <<: *if-schedule-maintenance
- <<: *if-merge-request-labels-run-without-gitaly-transactions
.rails:rules:ee-only-gitaly-without-transactions:
rules:
- <<: *if-not-ee
when: never
- !reference [".rails:rules:gitaly-without-transactions", rules]
.rails:rules:ee-and-foss-migration:
rules:
- <<: *if-fork-merge-request

1
.rubocop_todo/rspec/file_path.yml
View File

@ -65,6 +65,7 @@ RSpec/FilePath:
- 'spec/services/ci/create_pipeline_service/rate_limit_spec.rb'
- 'spec/services/ci/create_pipeline_service/rules_spec.rb'
- 'spec/services/ci/create_pipeline_service/scripts_spec.rb'
- 'spec/services/ci/create_pipeline_service/run_spec.rb'
- 'spec/services/ci/create_pipeline_service/tags_spec.rb'
- 'spec/services/ci/create_pipeline_service/variables_spec.rb'
- 'spec/services/ci/create_pipeline_service/workflow_auto_cancel_spec.rb'

2
GITALY_SERVER_VERSION
View File

@ -1 +1 @@
47c3c8bc2d5a93e83eee6b250a06e4c39d9c929c
8274bcec3ce5fd5059d83e724a4671bc3dcd2d68

2
Gemfile
View File

@ -565,7 +565,7 @@ group :test do
# Moved in `test` because https://gitlab.com/gitlab-org/gitlab/-/issues/217527
gem 'derailed_benchmarks', require: false # rubocop:todo Gemfile/MissingFeatureCategory
gem 'gitlab_quality-test_tooling', '~> 1.30.0', require: false, feature_category: :tooling
gem 'gitlab_quality-test_tooling', '~> 1.31.0', require: false, feature_category: :tooling
end
gem 'octokit', '~> 9.0', feature_category: :importers

2
Gemfile.checksum
View File

@ -234,7 +234,7 @@
{"name":"gitlab-styles","version":"12.0.1","platform":"ruby","checksum":"d8a302b0ab0e1f18e2d11501760f1b85c5e70b5e5ca628828a0786c7984ed133"},
{"name":"gitlab_chronic_duration","version":"0.12.0","platform":"ruby","checksum":"0d766944d415b5c831f176871ee8625783fc0c5bfbef2d79a3a616f207ffc16d"},
{"name":"gitlab_omniauth-ldap","version":"2.2.0","platform":"ruby","checksum":"bb4d20acb3b123ed654a8f6a47d3fac673ece7ed0b6992edb92dca14bad2838c"},
{"name":"gitlab_quality-test_tooling","version":"1.30.0","platform":"ruby","checksum":"06722db6aed571e2ec22e04a4179215cf0b49c9658ef14f71b8bd2245bc0c56c"},
{"name":"gitlab_quality-test_tooling","version":"1.31.0","platform":"ruby","checksum":"c13d38f2ba01469179db7211008722b1f4a55270cca561d832b1eee438124f52"},
{"name":"globalid","version":"1.1.0","platform":"ruby","checksum":"b337e1746f0c8cb0a6c918234b03a1ddeb4966206ce288fbb57779f59b2d154f"},
{"name":"gon","version":"6.4.0","platform":"ruby","checksum":"e3a618d659392890f1aa7db420f17c75fd7d35aeb5f8fe003697d02c4b88d2f0"},
{"name":"google-apis-androidpublisher_v3","version":"0.34.0","platform":"ruby","checksum":"d7e1d7dd92f79c498fe2082222a1740d788e022e660c135564b3fd299cab5425"},

4
Gemfile.lock
View File

@ -754,7 +754,7 @@ GEM
omniauth (>= 1.3, < 3)
pyu-ruby-sasl (>= 0.0.3.3, < 0.1)
rubyntlm (~> 0.5)
gitlab_quality-test_tooling (1.30.0)
gitlab_quality-test_tooling (1.31.0)
activesupport (>= 7.0, < 7.2)
amatch (~> 0.4.1)
gitlab (~> 4.19)
@ -2044,7 +2044,7 @@ DEPENDENCIES
gitlab-utils!
gitlab_chronic_duration (~> 0.12)
gitlab_omniauth-ldap (~> 2.2.0)
gitlab_quality-test_tooling (~> 1.30.0)
gitlab_quality-test_tooling (~> 1.31.0)
gon (~> 6.4.0)
google-apis-androidpublisher_v3 (~> 0.34.0)
google-apis-cloudbilling_v1 (~> 0.21.0)

47
app/assets/javascripts/editor/schema/ci.json
View File

@ -880,6 +880,49 @@
}
]
},
"steps": {
"type": "array",
"items": {
"oneOf": [
{
"required": [
"step"
]
},
{
"required": [
"script"
]
}
],
"properties": {
"name": {
"type": "string",
"description": "Unique identifier for this step."
},
"step": {
"type": "string",
"description": "Reference to the step to invoke."
},
"env": {
"$ref": "#/definitions/globalVariables"
},
"inputs": {
"$ref": "#/definitions/inputs"
},
"script": {
"type": "string",
"description": "Shell script to evaluate."
}
},
"additionalProperties": false,
"type": "object",
"required": [
"name"
],
"description": "A single step invocation."
}
},
"optional_script": {
"oneOf": [
{
@ -1742,6 +1785,10 @@
"$ref": "#/definitions/script",
"markdownDescription": "Shell scripts executed by the Runner. The only required property of jobs. Be careful with special characters (e.g. `:`, `{`, `}`, `&`) and use single or double quotes to avoid issues. [Learn More](https://docs.gitlab.com/ee/ci/yaml/#script)"
},
"run": {
"$ref": "#/definitions/steps",
"markdownDescription": "Specifies a list of steps to execute in the job. The `run` keyword is an alternative to `script` and allows for more advanced job configuration. Each step is an object that defines a single task or command. Use either `run` or `script` in a job, but not both, otherwise the pipeline will error out."
},
"stage": {
"description": "Define what stage the job will run in.",
"anyOf": [

6
app/assets/javascripts/issues/list/components/issue_card_time_info.vue
View File

@ -97,11 +97,7 @@ export default {
<template>
<span>
<span
v-if="milestone"
class="issuable-milestone gl-mr-3 gl-text-truncate gl-max-w-26 gl-display-inline-block gl-align-bottom"
data-testid="issuable-milestone"
>
<span v-if="milestone" class="issuable-milestone gl-mr-3" data-testid="issuable-milestone">
<gl-link
v-gl-tooltip
:href="milestoneLink"

2
app/assets/javascripts/pages/projects/shared/permissions/components/settings_panel.vue
View File

@ -77,7 +77,7 @@ export default {
),
duoLabel: s__('ProjectSettings|GitLab Duo'),
duoHelpText: s__('ProjectSettings|Use AI-powered features in this project.'),
securityAndComplianceLabel: s__('ProjectSettings|Security and Compliance'),
securityAndComplianceLabel: s__('ProjectSettings|Security and compliance'),
snippetsLabel: s__('ProjectSettings|Snippets'),
wikiLabel: s__('ProjectSettings|Wiki'),
pucWarningLabel: s__('ProjectSettings|Warn about Potentially Unwanted Characters'),

2
app/assets/javascripts/security_configuration/utils.js
View File

@ -11,7 +11,7 @@ import { REPORT_TYPE_DAST } from '~/vue_shared/security_reports/constants';
* It then filters out any scanner features that lack a security config for rednering in the UI
* @param [{}] features
* @param {Object} securityFeatures Object containing client side UI options
* @returns {Object} Object with enriched features from constants divided into Security and Compliance Features
* @returns {Object} Object with enriched features from constants divided into Security and compliance Features
*/
export const augmentFeatures = (securityFeatures, features = []) => {

4
app/controllers/concerns/integrations/actions.rb
View File

@ -13,8 +13,8 @@ module Integrations::Actions
before_action :integration, only: [:edit, :update, :overrides, :test]
# rubocop:enable Rails/LexicallyScopedActionFilter
before_action :render_404, only: :edit, if: -> do
integration.to_param == 'prometheus' && Feature.enabled?(:remove_monitor_metrics)
before_action :render_404, only: [:edit, :update, :overrides, :test], if: -> do
integration.is_a?(::Integrations::Prometheus) && Feature.enabled?(:remove_monitor_metrics)
end
urgency :low, [:test]

8
app/controllers/projects/settings/integrations_controller.rb
View File

@ -13,6 +13,10 @@ module Projects
before_action :web_hook_logs, only: [:edit, :update]
before_action -> { check_test_rate_limit! }, only: :test
before_action :render_404, only: [:edit, :update, :test], if: -> do
integration.is_a?(::Integrations::Prometheus) && Feature.enabled?(:remove_monitor_metrics)
end
respond_to :html
layout "project_settings"
@ -24,9 +28,7 @@ module Projects
@integrations = @project.find_or_initialize_integrations
end
def edit
render_404 if integration.to_param == 'prometheus' && Feature.enabled?(:remove_monitor_metrics)
end
def edit; end
def update
attributes = integration_params[:integration]

2
app/finders/banzai/uploads_finder.rb
View File

@ -2,6 +2,8 @@
module Banzai
class UploadsFinder
include FinderMethods
def initialize(parent:)
@parent = parent
end

2
app/finders/organizations/groups_finder.rb
View File

@ -4,7 +4,7 @@ module Organizations
class GroupsFinder < GroupsFinder
def execute
groups = find_union(filtered_groups, Group)
groups = groups.without_deleted if Feature.enabled?(:filter_deleted_groups, current_user)
groups = groups.without_deleted
unless default_organization?
cte = Gitlab::SQL::CTE.new(:filtered_groups_cte, groups, materialized: false)

2
app/models/ci/build.rb
View File

@ -233,7 +233,7 @@ module Ci
yaml_variables when environment coverage_regex
description tag_list protected needs_attributes
job_variables_attributes resource_group scheduling_type
ci_stage partition_id id_tokens interruptible].freeze
ci_stage partition_id id_tokens interruptible execution_config_id].freeze
end
def supported_keyset_orderings

13
app/models/upload.rb
View File

@ -20,6 +20,7 @@ class Upload < ApplicationRecord
scope :for_model_type_and_id, ->(type, id) { where(model_type: type, model_id: id) }
scope :for_uploader, ->(uploader_class) { where(uploader: uploader_class.to_s) }
scope :order_by_created_at_desc, -> { reorder(created_at: :desc) }
scope :preload_uploaded_by_user, -> { preload(:uploaded_by_user) }
before_save :calculate_checksum!, if: :foreground_checksummable?
# as the FileUploader is not mounted, the default CarrierWave ActiveRecord
@ -98,7 +99,7 @@ class Upload < ApplicationRecord
# @return [GitlabUploader] one of the subclasses, defined at the model's uploader attribute
def retrieve_uploader(mounted_as = nil)
build_uploader(mounted_as).tap do |uploader|
uploader.retrieve_from_store!(identifier)
uploader.retrieve_from_store!(filename)
end
end
@ -124,7 +125,7 @@ class Upload < ApplicationRecord
def uploader_context
{
identifier: identifier,
identifier: filename,
secret: secret,
uploaded_by_user_id: uploaded_by_user_id
}.compact
@ -144,6 +145,10 @@ class Upload < ApplicationRecord
checksum.nil? && local? && exist?
end
def filename
File.basename(path)
end
private
def delete_file!
@ -166,10 +171,6 @@ class Upload < ApplicationRecord
Object.const_get(uploader, false)
end
def identifier
File.basename(path)
end
def mount_point
super&.to_sym
end

1
app/policies/group_policy.rb
View File

@ -256,6 +256,7 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy
enable :create_jira_connect_subscription
enable :maintainer_access
enable :read_upload
enable :admin_upload
enable :destroy_upload
enable :admin_push_rules
end

1
app/policies/project_policy.rb
View File

@ -613,6 +613,7 @@ class ProjectPolicy < BasePolicy
enable :admin_project_aws
enable :admin_secure_files
enable :read_upload
enable :admin_upload
enable :destroy_upload
enable :admin_incident_management_timeline_event_tag
enable :stop_environment

2
app/validators/json_schema_validator.rb
View File

@ -25,7 +25,7 @@ class JsonSchemaValidator < ActiveModel::EachValidator
end
def validate_each(record, attribute, value)
value = value.to_h.deep_stringify_keys if options[:hash_conversion] == true
value = Gitlab::Json.parse(Gitlab::Json.dump(value)) if options[:hash_conversion] == true
value = Gitlab::Json.parse(value.to_s) if options[:parse_json] == true && !value.nil?
if options[:detail_errors]

4
app/views/projects/merge_requests/_merge_request.html.haml
View File

@ -26,13 +26,13 @@
&middot;
#{s_('IssueList|created %{timeAgoString} by %{user}').html_safe % { timeAgoString: time_ago_with_tooltip(merge_request.created_at, placement: 'bottom'), user: link_to_member(@project, merge_request.author, avatar: false, extra_class: 'gl-text-gray-500!') }}
- if merge_request.milestone
%span.issuable-milestone.gl-inline-block.gl-text-truncate.gl-max-w-26.gl-align-bottom
%span.issuable-milestone.gl-inline-block
&nbsp;
= link_to project_merge_requests_path(merge_request.project, milestone_title: merge_request.milestone.title), class: 'gl-text-gray-500!', data: { html: 'true', toggle: 'tooltip', title: milestone_tooltip_due_date(merge_request.milestone) } do
= sprite_icon('milestone', size: 12, css_class: 'gl-vertical-align-text-bottom')
= merge_request.milestone.title
- if merge_request.target_project.default_branch != merge_request.target_branch
%span.project-ref-path.has-tooltip.gl-inline-block.gl-text-truncate.gl-max-w-26.gl-align-bottom{ title: _('Target branch: %{target_branch}') % {target_branch: merge_request.target_branch} }
%span.project-ref-path.has-tooltip.gl-inline-block{ title: _('Target branch: %{target_branch}') % {target_branch: merge_request.target_branch} }
&nbsp;
= link_to project_ref_path(merge_request.project, merge_request.target_branch), class: 'ref-name gl-text-gray-500!' do
= sprite_icon('branch', size: 12, css_class: 'fork-sprite')

10
config/feature_flags/gitlab_com_derisk/filter_deleted_groups.yml → config/feature_flags/gitlab_com_derisk/pipeline_run_keyword.yml
View File

@ -1,9 +1,9 @@
---
name: filter_deleted_groups
feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/455871
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/158309
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/470628
name: pipeline_run_keyword
feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/440487
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/146333
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/471925
milestone: '17.2'
group: group::tenant scale
group: group::pipeline authoring
type: gitlab_com_derisk
default_enabled: false

2
doc/administration/custom_project_templates.md
View File

@ -57,7 +57,7 @@ Prerequisites:
1. Review the project's
[feature settings](../user/project/settings/index.md#configure-project-features-and-permissions).
All enabled project features should be set to **Everyone With Access**, except
**GitLab Pages** and **Security and Compliance**.
**GitLab Pages** and **Security and compliance**.
Repository and database information that are copied over to each new project are
identical to the data exported with the [GitLab Project Import/Export](../user/project/settings/import_export.md).

4
doc/administration/settings/security_and_compliance.md
View File

@ -4,7 +4,7 @@ group: Composition Analysis
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
---
# Security and Compliance Admin area settings
# Security and compliance Admin area settings
DETAILS:
**Tier:** Ultimate
@ -17,7 +17,7 @@ The settings for package metadata synchronization are located in the [Admin area
To choose the packages you want to synchronize with the GitLab Package Metadata Database for [License Compliance](../../user/compliance/license_scanning_of_cyclonedx_files/index.md) and [Continuous Vulnerability Scanning](../../user/application_security/continuous_vulnerability_scanning/index.md):
1. On the left sidebar, at the bottom, select **Admin area**.
1. Select **Settings > Security and Compliance**.
1. Select **Settings > Security and compliance**.
1. In **Package registry metadata to sync**, select or clear checkboxes for the
package registries that you want to sync.
1. Select **Save changes**.

93
doc/api/groups.md
View File

@ -1701,6 +1701,99 @@ Example response:
}
```
## Markdown uploads
Markdown uploads are files uploaded to a group that can be referenced in Markdown text in an epic or wiki page.
### List uploads
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/157066) in GitLab 17.2.
Get all uploads of the group sorted by `created_at` in descending order.
You must have at least the Maintainer role to use this endpoint.
```plaintext
GET /groups/:id/uploads
```
| Attribute | Type | Required | Description |
|-----------|-------------------|----------|-------------|
| `id` | integer or string | Yes | The ID or [URL-encoded path of the group](rest/index.md#namespaced-path-encoding). |
Example request:
```shell
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/5/uploads"
```
Returned object:
```json
[
{
"id": 1,
"size": 1024,
"filename": "image.png",
"created_at":"2024-06-20T15:53:03.067Z",
"uploaded_by": {
"id": 18,
"name" : "Alexandra Bashirian",
"username" : "eileen.lowe"
}
},
{
"id": 2,
"size": 512,
"filename": "other-image.png",
"created_at":"2024-06-19T15:53:03.067Z",
"uploaded_by": null
}
]
```
### Download an uploaded file
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/157066) in GitLab 17.2.
You must have at least the Maintainer role to use this endpoint.
```plaintext
GET /groups/:id/uploads/:upload_id
```
| Attribute | Type | Required | Description |
|-------------|-------------------|----------|-------------|
| `id` | integer or string | Yes | The ID or [URL-encoded path of the group](rest/index.md#namespaced-path-encoding). |
| `upload_id` | integer | Yes | The ID of the upload. |
Example request:
```shell
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/5/uploads/1"
```
### Delete an uploaded file
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/157066) in GitLab 17.2.
You must have at least the Maintainer role to use this endpoint.
```plaintext
DELETE /groups/:id/uploads/:upload_id
```
| Attribute | Type | Required | Description |
|-------------|-------------------|----------|-------------|
| `id` | integer or string | Yes | The ID or [URL-encoded path of the group](rest/index.md#namespaced-path-encoding). |
| `upload_id` | integer | Yes | The ID of the upload. |
Example request:
```shell
curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/5/uploads/1"
```
## Hooks
DETAILS:

94
doc/api/integrations.md
View File

@ -99,7 +99,7 @@ Parameters:
| `app_store_private_key_file_name` | string | yes | Apple App Store Connect private key filename. |
| `app_store_private_key` | string | yes | Apple App Store Connect private key. |
| `app_store_protected_refs` | boolean | no | Set variables on protected branches and tags only. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable Apple App Store Connect
@ -133,7 +133,7 @@ Parameters:
| --------- | ---- | -------- | ----------- |
| `api_key` | string | yes | User API token. The user must have access to the task. All comments are attributed to this user. |
| `restrict_to_branch` | string | no | Comma-separated list of branches to be automatically inspected. Leave blank to include all branches. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable Asana
@ -167,7 +167,7 @@ Parameters:
| --------- | ---- | -------- | ----------- |
| `token` | string | yes | The authentication token. |
| `subdomain` | string | no | The subdomain setting. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable Assembla
@ -206,7 +206,7 @@ Parameters:
| `build_key` | string | yes | Bamboo build plan key (for example, `KEY`). |
| `username` | string | yes | User with API access to the Bamboo server. |
| `password` | string | yes | Password of the user. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable Atlassian Bamboo
@ -241,7 +241,7 @@ Parameters:
| `new_issue_url` | string | yes | URL of the new issue. |
| `issues_url` | string | yes | URL of the issue. |
| `project_url` | string | yes | URL of the project. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable Bugzilla
@ -279,7 +279,7 @@ Parameters:
| `push_events` | boolean | no | Enable notifications for push events. |
| `merge_requests_events` | boolean | no | Enable notifications for merge request events. |
| `tag_push_events` | boolean | no | Enable notifications for tag push events. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable Buildkite
@ -317,7 +317,7 @@ Parameters:
| `token` | string | yes | API authentication token from Campfire Classic. To get the token, sign in to Campfire Classic and select **My info**. |
| `subdomain` | string | no | `.campfirenow.com` subdomain when you're signed in. |
| `room` | string | no | ID portion of the Campfire Classic room URL. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable Campfire Classic
@ -353,7 +353,7 @@ Parameters:
| ------------- | ------ | -------- | -------------- |
| `issues_url` | string | yes | URL of the issue. |
| `project_url` | string | yes | URL of the project. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable ClickUp
@ -386,7 +386,7 @@ Parameters:
| Parameter | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `confluence_url` | string | yes | URL of the Confluence Workspace hosted on `atlassian.net`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable Confluence Workspace
@ -421,7 +421,7 @@ Parameters:
| `new_issue_url` | string | yes | URL of the new issue. |
| `issues_url` | string | yes | URL of the issue. |
| `project_url` | string | yes | URL of the project. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable a custom issue tracker
@ -460,7 +460,7 @@ Parameters:
| `datadog_site` | string | no | The Datadog site to send data to. To send data to the EU site, use `datadoghq.eu`. |
| `datadog_tags` | string | no | Custom tags in Datadog. Specify one tag per line in the format `key:value\nkey2:value2` |
| `archive_trace_events` | boolean | no | When enabled, job logs are collected by Datadog and displayed along with pipeline execution traces ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/346339) in GitLab 15.3). |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable Datadog
@ -495,7 +495,7 @@ Parameters:
| `diffblue_license_key` | string | yes | Diffblue Cover license key. |
| `diffblue_access_token_name` | string | yes | Access token name used by Diffblue Cover in pipelines. |
| `diffblue_access_token_secret` | string | yes | Access token secret used by Diffblue Cover in pipelines. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable Diffblue Cover
@ -556,7 +556,7 @@ Parameters:
| `tag_push_channel` | string | no | The webhook override to receive notifications for tag push events. |
| `wiki_page_events` | boolean | no | Enable notifications for wiki page events. |
| `wiki_page_channel` | string | no | The webhook override to receive notifications for wiki page events. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable Discord Notifications
@ -594,7 +594,7 @@ Parameters:
| `push_events` | boolean | no | Enable notifications for push events. |
| `merge_requests_events` | boolean | no | Enable notifications for merge request events. |
| `tag_push_events` | boolean | no | Enable notifications for tag push events. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable Drone
@ -632,7 +632,7 @@ Parameters:
| `push_events` | boolean | no | Enable notifications for push events. |
| `tag_push_events` | boolean | no | Enable notifications for tag push events. |
| `branches_to_be_notified` | string | no | Branches to send notifications for. Valid options are `all`, `default`, `protected`, and `default_and_protected`. Notifications are always fired for tag pushes. The default value is `all`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable emails on push
@ -667,7 +667,7 @@ Parameters:
| `new_issue_url` | string | yes | URL of the new issue. |
| `project_url` | string | yes | URL of the project. |
| `issues_url` | string | yes | URL of the issue. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable EWM
@ -700,7 +700,7 @@ Parameters:
| Parameter | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `external_wiki_url` | string | yes | URL of the external wiki. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable an external wiki
@ -760,7 +760,7 @@ Parameters:
| Parameter | Type | Required | Description |
| --------- | ---- | -------- |-----------------------------------------------|
| `token` | string | yes | GitGuardian API token with `scan` scope. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable GitGuardian
@ -799,7 +799,7 @@ Parameters:
| `token` | string | yes | GitHub API token with `repo:status` OAuth scope. |
| `repository_url` | string | yes | GitHub repository URL. |
| `static_context` | boolean | no | Append the hostname of your GitLab instance to the [status check name](../user/project/integrations/github.md#static-or-dynamic-status-check-names). |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable GitHub
@ -853,7 +853,7 @@ Parameters:
| `tag_push_events` | boolean | no | Enable notifications for tag push events. |
| `vulnerability_events` | boolean | no | Enable notifications for vulnerability events. |
| `wiki_page_events` | boolean | no | Enable notifications for wiki page events. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable GitLab for Slack app
@ -898,7 +898,7 @@ Parameters:
| `confidential_note_events` | boolean | no | Enable notifications for confidential note events. |
| `pipeline_events` | boolean | no | Enable notifications for pipeline events. |
| `wiki_page_events` | boolean | no | Enable notifications for wiki page events. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable Google Chat
@ -943,7 +943,7 @@ Parameters:
| `artifact_registry_project_id` | string | yes | ID of the Google Cloud project. |
| `artifact_registry_location` | string | yes | Location of the Artifact Registry repository. |
| `artifact_registry_repositories` | string | yes | Repository of Artifact Registry. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable Google Artifact Management
@ -989,7 +989,7 @@ Parameters:
| `workload_identity_federation_project_number` | integer | yes | Google Cloud project number for the Workload Identity Federation. |
| `workload_identity_pool_id` | string | yes | ID of the Workload Identity Pool. |
| `workload_identity_pool_provider_id` | string | yes | ID of the Workload Identity Pool provider. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable Google Cloud Identity and Access Management
@ -1025,7 +1025,7 @@ Parameters:
| `service_account_key` | string | yes | Google Play service account key. |
| `service_account_key_file_name` | string | yes | File name of the Google Play service account key. |
| `google_play_protected_refs` | boolean | no | Set variables on protected branches and tags only. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable Google Play
@ -1061,7 +1061,7 @@ Parameters:
| `project_name` | string | yes | The name of the project in the Harbor instance. For example, `testproject`. |
| `username` | string | yes | The username created in the Harbor interface. |
| `password` | string | yes | The password of the user. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable Harbor
@ -1098,7 +1098,7 @@ Parameters:
| `server_host` | string | no | localhost. |
| `server_port` | integer | no | 6659. |
| `colorize_messages` | boolean | no | Colorize messages. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable irker
@ -1138,7 +1138,7 @@ Parameters:
| `push_events` | boolean | no | Enable notifications for push events. |
| `merge_requests_events` | boolean | no | Enable notifications for merge request events. |
| `tag_push_events` | boolean | no | Enable notifications for tag push events. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable Jenkins
@ -1180,7 +1180,7 @@ Parameters:
| `password` | string | yes | The password of the user. |
| `push_events` | boolean | no | Enable notifications for push events. |
| `merge_requests_events` | boolean | no | Enable notifications for merge request events. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable JetBrains TeamCity
@ -1227,7 +1227,7 @@ Parameters:
| `comment_on_event_enabled` | boolean | no | Enable comments in Jira issues on each GitLab event (commit or merge request). |
| `issues_enabled` | boolean | no | Enable viewing Jira issues in GitLab. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/267015) in GitLab 17.0. |
| `project_keys` | array of strings | no | Keys of Jira projects. When `issues_enabled` is `true`, this setting specifies which Jira projects to view issues from in GitLab. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/267015) in GitLab 17.0. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable Jira
@ -1285,7 +1285,7 @@ Parameters:
| `tag_push_channel` | string | no | The name of the channel to receive notifications for tag push events. |
| `pipeline_channel` | string | no | The name of the channel to receive notifications for pipeline events. |
| `wiki_page_channel` | string | no | The name of the channel to receive notifications for wiki page events. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable Mattermost notifications
@ -1318,7 +1318,7 @@ Parameters:
| Parameter | Type | Required | Description |
| --------- | ------ | -------- | --------------------- |
| `token` | string | yes | The Mattermost token. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable Mattermost slash commands
@ -1363,7 +1363,7 @@ Parameters:
| `confidential_note_events` | boolean | no | Enable notifications for confidential note events. |
| `pipeline_events` | boolean | no | Enable notifications for pipeline events. |
| `wiki_page_events` | boolean | no | Enable notifications for wiki page events. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable Microsoft Teams notifications
@ -1400,7 +1400,7 @@ Parameters:
| --------- | ---- | -------- | ----------- |
| `mock_service_url` | string | yes | URL of the Mock CI integration. |
| `enable_ssl_verification` | boolean | no | Enable SSL verification. Defaults to `true` (enabled). |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable Mock CI
@ -1438,7 +1438,7 @@ Parameters:
| `push_events` | boolean | no | Enable notifications for push events. |
| `merge_requests_events` | boolean | no | Enable notifications for merge request events. |
| `tag_push_events` | boolean | no | Enable notifications for tag push events. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable Packagist
@ -1474,7 +1474,7 @@ Parameters:
|-----------------|--------|----------|-----------------------|
| `issues_url` | string | yes | URL of the issue. |
| `project_url` | string | yes | URL of the project. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable Phorge
@ -1511,7 +1511,7 @@ Parameters:
| `branches_to_be_notified` | string | no | Branches to send notifications for. Valid options are `all`, `default`, `protected`, and `default_and_protected`. The default value is `default`. |
| `notify_only_default_branch` | boolean | no | Send notifications for the default branch. |
| `pipeline_events` | boolean | no | Enable notifications for pipeline events. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable pipeline status emails
@ -1545,7 +1545,7 @@ Parameters:
| --------- | ---- | -------- | ----------- |
| `token` | string | yes | The Pivotal Tracker token. |
| `restrict_to_branch` | boolean | no | Comma-separated list of branches to automatically inspect. Leave blank to include all branches. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable Pivotal Tracker
@ -1589,7 +1589,7 @@ Parameters:
| `push_events` | boolean | no | Enable notifications for push events. |
| `tag_push_events` | boolean | no | Enable notifications for tag push events. |
| `wiki_page_events` | boolean | no | Enable notifications for wiki page events. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable Pumble
@ -1626,7 +1626,7 @@ Parameters:
| `priority` | string | yes | The priority. |
| `device` | string | no | Leave blank for all active devices. |
| `sound` | string | no | The sound of the notification. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable Pushover
@ -1661,7 +1661,7 @@ Parameters:
| `new_issue_url` | string | yes | URL of the new issue. |
| `project_url` | string | yes | URL of the project. |
| `issues_url` | string | yes | URL of the issue. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable Redmine
@ -1727,7 +1727,7 @@ Parameters:
| `tag_push_events` | boolean | no | Enable notifications for tag push events. |
| `wiki_page_channel` | string | no | The name of the channel to receive notifications for wiki page events. |
| `wiki_page_events` | boolean | no | Enable notifications for wiki page events. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable Slack notifications
@ -1760,7 +1760,7 @@ Parameters:
| Parameter | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `token` | string | yes | The Slack token. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable Slack slash commands
@ -1822,7 +1822,7 @@ Parameters:
|-------------------------|--------|----------|-------------------------------|
| `url` | string | yes | URL of the Squash TM webhook. |
| `token` | string | no | Secret token. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable Squash TM
@ -1869,7 +1869,7 @@ Parameters:
| `confidential_note_events` | boolean | yes | Enable notifications for confidential note events. |
| `pipeline_events` | boolean | yes | Enable notifications for pipeline events. |
| `wiki_page_events` | boolean | yes | Enable notifications for wiki page events. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable Telegram
@ -1913,7 +1913,7 @@ Parameters:
| `confidential_note_events` | boolean | no | Enable notifications for confidential note events. |
| `pipeline_events` | boolean | no | Enable notifications for pipeline events. |
| `wiki_page_events` | boolean | no | Enable notifications for wiki page events. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable Unify Circuit
@ -1957,7 +1957,7 @@ Parameters:
| `confidential_note_events` | boolean | no | Enable notifications for confidential note events. |
| `pipeline_events` | boolean | no | Enable notifications for pipeline events. |
| `wiki_page_events` | boolean | no | Enable notifications for wiki page events. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable Webex Teams
@ -1991,7 +1991,7 @@ Parameters:
| --------- | ---- | -------- | ----------- |
| `issues_url` | string | yes | URL of the issue. |
| `project_url` | string | yes | URL of the project. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. |
| `use_inherited_settings` | boolean | no | Indicates whether or not to inherit default settings. Defaults to `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/467089) in GitLab 17.2. |
### Disable YouTrack

95
doc/api/projects.md
View File

@ -2599,7 +2599,11 @@ POST /projects/:id/restore
|-----------|-------------------|----------|-------------|
| `id` | integer or string | Yes | The ID or [URL-encoded path of the project](rest/index.md#namespaced-path-encoding). |
## Upload a file
## Markdown uploads
Markdown uploads are files uploaded to a project that can be referenced in Markdown text in an issue, merge request, snippet, or wiki page.
### Upload a file
> - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/112450) in GitLab 15.10. Feature flag `enforce_max_attachment_size_upload_api` removed.
@ -2640,6 +2644,95 @@ The returned `url` is relative to the project path. The returned `full_path` is
the absolute path to the file. In Markdown contexts, the link is expanded when
the format in `markdown` is used.
### List uploads
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/157066) in GitLab 17.2.
Get all uploads of the project sorted by `created_at` in descending order.
You must have at least the Maintainer role to use this endpoint.
```plaintext
GET /projects/:id/uploads
```
| Attribute | Type | Required | Description |
|-----------|-------------------|----------|-------------|
| `id` | integer or string | Yes | The ID or [URL-encoded path of the project](rest/index.md#namespaced-path-encoding). |
Example request:
```shell
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/5/uploads"
```
Returned object:
```json
[
{
"id": 1,
"size": 1024,
"filename": "image.png",
"created_at":"2024-06-20T15:53:03.067Z",
"uploaded_by": {
"id": 18,
"name" : "Alexandra Bashirian",
"username" : "eileen.lowe"
}
},
{
"id": 2,
"size": 512,
"filename": "other-image.png",
"created_at":"2024-06-19T15:53:03.067Z",
"uploaded_by": null
}
]
```
### Download an uploaded file
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/157066) in GitLab 17.2.
You must have at least the Maintainer role to use this endpoint.
```plaintext
GET /projects/:id/uploads/:upload_id
```
| Attribute | Type | Required | Description |
|-------------|-------------------|----------|-------------|
| `id` | integer or string | Yes | The ID or [URL-encoded path of the project](rest/index.md#namespaced-path-encoding). |
| `upload_id` | integer | Yes | The ID of the upload. |
Example request:
```shell
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/5/uploads/1"
```
### Delete an uploaded file
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/157066) in GitLab 17.2.
You must have at least the Maintainer role to use this endpoint.
```plaintext
DELETE /projects/:id/uploads/:upload_id
```
| Attribute | Type | Required | Description |
|-------------|-------------------|----------|-------------|
| `id` | integer or string | Yes | The ID or [URL-encoded path of the project](rest/index.md#namespaced-path-encoding). |
| `upload_id` | integer | Yes | The ID of the upload. |
Example request:
```shell
curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/5/uploads/1"
```
## Upload a project avatar
Uploads an avatar to the specified project.

2
doc/ci/pipelines/settings.md
View File

@ -87,7 +87,7 @@ running job can be cancelled before it completes. After a job with
## Prevent outdated deployment jobs
> - In GitLab 15.5, the behavior was [changed](https://gitlab.com/gitlab-org/gitlab/-/issues/363328) to prevent outdated job runs.
> - Also preventing outdated manual or retried deployment jobs from running [added](https://gitlab.com/gitlab-org/gitlab/-/issues/363328) in GitLab 15.5.
Your project may have multiple concurrent deployment jobs that are
scheduled to run in the same time frame.

8
doc/ci/yaml/includes.md
View File

@ -17,11 +17,15 @@ You can use [`include`](index.md#include) to include external YAML files in your
To include a single configuration file, use `include` by itself with a single file
with either of these syntax options:
- ```yaml
- On the same line:
```yaml
include: 'my-config.yml'
```
- ```yaml
- As a single item in an array:
```yaml
include:
- 'my-config.yml'
```

18
doc/development/documentation/styleguide/word_list.md
View File

@ -1177,12 +1177,20 @@ Use the full phrase **dropdown list** instead.
## license
When writing about licenses:
Licenses are different than subscriptions.
- Do not use variations such as [**cloud license**](#cloud-licensing), **offline license**, or **legacy license**.
- Do not use interchangeably with **subscription**:
- A license grants users access to the subscription they purchased, and contains information such as the number of seats they purchased and subscription dates.
- A subscription is the subscription tier that the user purchases.
- A license grants users access to the subscription they purchased. The license includes information like the number of seats and subscription dates.
- A subscription is the subscription tier that the user purchases.
Do not use the term [**cloud license**](#cloud-licensing).
The following terms are displayed in the UI and in emails. You can use them when necessary:
- **Online license** - a license synchronized with GitLab
- **Offline license** - a license not synchronized with GitLab
- **Legacy license** - a license created before synchronization was possible
However, if you can, rather than using the term, use the more specific description instead.
Use:

2
doc/development/permissions/predefined_roles.md
View File

@ -57,7 +57,7 @@ Additionally, the following project features can have different visibility level
- Pipelines
- Analytics
- Requirements
- Security and Compliance
- Security and compliance
- Wiki
- Snippets
- Pages

3
doc/security/user_file_uploads.md
View File

@ -65,6 +65,7 @@ You cannot select this option for public projects.
## Delete uploaded files
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/92791) in GitLab 15.3.
> - REST API [added](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/157066) support in GitLab 17.2.
You should delete an uploaded file when that file contains sensitive or confidential information. When you have deleted that file, users cannot access the file and the direct URL returns a 404 error.
@ -87,6 +88,8 @@ mutation{
Project members that do not have the Owner or Maintainer role cannot access this GraphQL endpoint.
You can also use the REST API for [projects](../api/projects.md#delete-an-uploaded-file) or [groups](../api/groups.md#delete-an-uploaded-file) to delete an uploaded file.
<!-- ## Troubleshooting
Include any troubleshooting steps that you can foresee. If you know beforehand what issues

2
doc/user/application_security/api_fuzzing/configuration/enabling_the_analyzer.md
View File

@ -841,7 +841,7 @@ When configured correctly, a CI/CD pipeline contains a `fuzz` stage and an `apif
typical operation, the job always succeeds even if faults are identified during fuzz testing.
Faults are displayed on the **Security** pipeline tab with the suite name. When testing against the
repositories default branch, the fuzzing faults are also shown on the Security and Compliance's
repositories default branch, the fuzzing faults are also shown on the Security and compliance's
Vulnerability Report page.
To prevent an excessive number of reported faults, the API fuzzing scanner limits the number of

2
doc/user/application_security/api_security_testing/configuration/enabling_the_analyzer.md
View File

@ -771,7 +771,7 @@ variables:
When configured correctly, a CI/CD pipeline contains a `dast` stage and an `dast_api` job. The job only fails when an invalid configuration is provided. During typical operation, the job always succeeds even if vulnerabilities are identified during testing.
Vulnerabilities are displayed on the **Security** pipeline tab with the suite name. When testing against the repositories default branch, the API security testing vulnerabilities are also shown on the Security and Compliance's Vulnerability Report page.
Vulnerabilities are displayed on the **Security** pipeline tab with the suite name. When testing against the repositories default branch, the API security testing vulnerabilities are also shown on the Security and compliance's Vulnerability Report page.
To prevent an excessive number of reported vulnerabilities, the API security testing scanner limits the number of vulnerabilities it reports per operation.

4
doc/user/application_security/policies/index.md
View File

@ -71,7 +71,7 @@ GitLab SaaS users may enforce policies against their top-level group or across s
The following example illustrates two groups and their structure:
- Alpha group contains two subgroups, each of which contains multiple projects.
- Security and Compliance group contains two policies.
- Security and compliance group contains two policies.
**Alpha** group (contains code projects)
@ -85,7 +85,7 @@ The following example illustrates two groups and their structure:
- Project L
- Project M
**Security and Compliance** group (contains security policy projects)
**Security and compliance** group (contains security policy projects)
- Security Policy Management
- Security Policy Management - security policy project

2
doc/user/application_security/secret_detection/secret_push_protection/index.md
View File

@ -68,7 +68,7 @@ Prerequisites:
1. Sign in to your GitLab instance as an administrator.
1. On the left sidebar, at the bottom, select **Admin area**.
1. Select **Settings > Security and Compliance**.
1. Select **Settings > Security and compliance**.
1. Under **Secret Detection**, select or clear **Allow secret push protection**.
### Enable secret push protection in a project

2
doc/user/group/custom_project_templates.md
View File

@ -44,7 +44,7 @@ Projects in nested subgroups are not included in the template list.
- Public and internal projects can be selected by any authenticated user as a template for a new project,
if all [project features](../project/settings/index.md#configure-project-features-and-permissions)
except for **GitLab Pages** and **Security and Compliance** are set to **Everyone With Access**.
except for **GitLab Pages** and **Security and compliance** are set to **Everyone With Access**.
- Private projects can be selected only by users who are members of the projects.
There is a [known issue](https://gitlab.com/gitlab-org/gitlab/-/issues/295646):

13
lib/api/entities/ci/job_request/response.rb
View File

@ -22,7 +22,11 @@ module API
end
expose :runner_variables, as: :variables
expose :steps, using: Entities::Ci::JobRequest::Step
expose :steps, using: Entities::Ci::JobRequest::Step, unless: ->(job) do
::Feature.enabled?(:pipeline_run_keyword, job.project) &&
job.execution_config&.run_steps.present?
end
expose :runtime_hooks, as: :hooks, using: Entities::Ci::JobRequest::Hook
expose :image, using: Entities::Ci::JobRequest::Image
expose :services, using: Entities::Ci::JobRequest::Service
@ -33,6 +37,13 @@ module API
expose :dependencies do |job, options|
Entities::Ci::JobRequest::Dependency.represent(job.all_dependencies, options.merge(running_job: job))
end
expose :run, if: ->(job) {
::Feature.enabled?(:pipeline_run_keyword, job.project) &&
job.execution_config&.run_steps.present?
} do |job|
job.execution_config.run_steps.to_json
end
end
end
end

13
lib/api/entities/markdown_upload_admin.rb Normal file
View File

@ -0,0 +1,13 @@
# frozen_string_literal: true
module API
module Entities
class MarkdownUploadAdmin < Grape::Entity
expose :id
expose :size
expose :filename
expose :created_at
expose :uploaded_by_user, as: :uploaded_by, using: Entities::UserSafe
end
end
end

143
lib/api/markdown_uploads.rb
View File

@ -2,8 +2,21 @@
module API
class MarkdownUploads < ::API::Base
include PaginationParams
feature_category :team_planning
helpers do
def find_uploads(parent)
uploads = Banzai::UploadsFinder.new(parent: parent).execute
uploads.preload_uploaded_by_user
end
def find_upload(parent, upload_id)
Banzai::UploadsFinder.new(parent: parent).find(upload_id)
end
end
resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
desc 'Workhorse authorize the file upload' do
detail 'This feature was introduced in GitLab 13.11'
@ -37,6 +50,136 @@ module API
present upload, with: Entities::ProjectUpload
end
desc 'Get the list of uploads of a project' do
success code: 200, model: Entities::MarkdownUploadAdmin
failure [
{ code: 403, message: 'Unauthenticated' },
{ code: 404, message: 'Not found' }
]
is_array true
tags %w[projects]
end
params do
use :pagination
end
get ':id/uploads' do
authorize! :admin_upload, user_project
uploads = find_uploads(user_project)
present paginate(uploads), with: Entities::MarkdownUploadAdmin
end
desc 'Download a single project upload' do
success File
failure [
{ code: 403, message: 'Unauthenticated' },
{ code: 404, message: 'Not found' }
]
tags %w[projects]
end
params do
requires :upload_id, type: Integer, desc: 'The ID of a project upload'
end
get ':id/uploads/:upload_id' do
authorize! :admin_upload, user_project
upload = find_upload(user_project, params[:upload_id])
present_carrierwave_file!(upload.retrieve_uploader)
end
desc 'Delete a single project upload' do
success code: 204
failure [
{ code: 400, message: 'Bad request' },
{ code: 403, message: 'Unauthenticated' },
{ code: 404, message: 'Not found' }
]
tags %w[projects]
end
params do
requires :upload_id, type: Integer, desc: 'The ID of a project upload'
end
delete ':id/uploads/:upload_id' do
authorize! :destroy_upload, user_project
upload = find_upload(user_project, params[:upload_id])
result = Uploads::DestroyService.new(user_project, current_user).execute(upload)
if result[:status] == :success
status 204
else
bad_request!(result[:message])
end
end
end
resource :groups, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
desc 'Get the list of uploads of a group' do
success code: 200, model: Entities::MarkdownUploadAdmin
failure [
{ code: 403, message: 'Unauthenticated' },
{ code: 404, message: 'Not found' }
]
is_array true
tags %w[groups]
end
params do
use :pagination
end
get ':id/uploads' do
authorize! :admin_upload, user_group
uploads = find_uploads(user_group)
present paginate(uploads), with: Entities::MarkdownUploadAdmin
end
desc 'Download a single group upload' do
success File
failure [
{ code: 403, message: 'Unauthenticated' },
{ code: 404, message: 'Not found' }
]
tags %w[groups]
end
params do
requires :upload_id, type: Integer, desc: 'The ID of a group upload'
end
get ':id/uploads/:upload_id' do
authorize! :admin_upload, user_group
upload = find_upload(user_group, params[:upload_id])
present_carrierwave_file!(upload.retrieve_uploader)
end
desc 'Delete a single group upload' do
success code: 204
failure [
{ code: 400, message: 'Bad request' },
{ code: 403, message: 'Unauthenticated' },
{ code: 404, message: 'Not found' }
]
tags %w[groups]
end
params do
requires :upload_id, type: Integer, desc: 'The ID of a group upload'
end
delete ':id/uploads/:upload_id' do
authorize! :destroy_upload, user_group
upload = find_upload(user_group, params[:upload_id])
result = Uploads::DestroyService.new(user_group, current_user).execute(upload)
if result[:status] == :success
status 204
else
bad_request!(result[:message])
end
end
end
end
end

35
lib/gitlab/ci/config.rb
View File

@ -76,36 +76,55 @@ module Gitlab
##
# Temporary method that should be removed after refactoring
#
# rubocop:disable Gitlab/NoCodeCoverageComment -- This is an existing method and probably never called
# :nocov:
def variables
root.variables_value
Gitlab::Ci::Config::FeatureFlags.with_actor(@project) do
root.variables_value
end
end
# rubocop:enable Gitlab/NoCodeCoverageComment
def variables_with_data
root.variables_entry.value_with_data
Gitlab::Ci::Config::FeatureFlags.with_actor(@project) do
root.variables_entry.value_with_data
end
end
def variables_with_prefill_data
root.variables_entry.value_with_prefill_data
Gitlab::Ci::Config::FeatureFlags.with_actor(@project) do
root.variables_entry.value_with_prefill_data
end
end
def stages
root.stages_value
Gitlab::Ci::Config::FeatureFlags.with_actor(@project) do
root.stages_value
end
end
def jobs
root.jobs_value
Gitlab::Ci::Config::FeatureFlags.with_actor(@project) do
root.jobs_value
end
end
def workflow_rules
root.workflow_entry.rules_value
Gitlab::Ci::Config::FeatureFlags.with_actor(@project) do
root.workflow_entry.rules_value
end
end
def workflow_name
root.workflow_entry.name
Gitlab::Ci::Config::FeatureFlags.with_actor(@project) do
root.workflow_entry.name
end
end
def workflow_auto_cancel
root.workflow_entry.auto_cancel_value
Gitlab::Ci::Config::FeatureFlags.with_actor(@project) do
root.workflow_entry.auto_cancel_value
end
end
def normalized_jobs

23
lib/gitlab/ci/config/entry/job.rb
View File

@ -14,11 +14,12 @@ module Gitlab
ALLOWED_KEYS = %i[tags script image services start_in artifacts
cache dependencies before_script after_script hooks
coverage retry parallel timeout
release id_tokens publish pages manual_confirmation].freeze
release id_tokens publish pages manual_confirmation run].freeze
validations do
validates :config, allowed_keys: Gitlab::Ci::Config::Entry::Job.allowed_keys + PROCESSABLE_ALLOWED_KEYS
validates :script, presence: true
validates :config, mutually_exclusive_keys: %i[script run]
validates :script, presence: true, if: -> { config.is_a?(Hash) && !config.key?(:run) }
with_options allow_nil: true do
validates :when, type: String, inclusion: {
@ -29,6 +30,12 @@ module Gitlab
validates :dependencies, array_of_strings: true
validates :allow_failure, hash_or_boolean: true
validates :manual_confirmation, type: String
validates :run, json_schema: {
base_directory: 'app/validators/json_schemas',
detail_errors: true,
filename: 'run_steps',
hash_conversion: true
}
end
validates :start_in, duration: { limit: '1 week' }, if: :delayed?
@ -137,11 +144,14 @@ module Gitlab
attributes :script, :tags, :when, :dependencies,
:needs, :retry, :parallel, :start_in,
:timeout, :release,
:allow_failure, :publish, :pages, :manual_confirmation
:allow_failure, :publish, :pages, :manual_confirmation, :run
def self.matching?(name, config)
!name.to_s.start_with?('.') &&
config.is_a?(Hash) && config.key?(:script)
if ::Gitlab::Ci::Config::FeatureFlags.enabled?(:pipeline_run_keyword, type: :gitlab_com_derisk)
!name.to_s.start_with?('.') && config.is_a?(Hash) && (config.key?(:script) || config.key?(:run))
else
!name.to_s.start_with?('.') && config.is_a?(Hash) && config.key?(:script)
end
end
def self.visible?
@ -178,7 +188,8 @@ module Gitlab
id_tokens: id_tokens_value,
publish: publish,
pages: pages,
manual_confirmation: self.manual_confirmation
manual_confirmation: self.manual_confirmation,
run: ::Gitlab::Ci::Config::FeatureFlags.enabled?(:pipeline_run_keyword, type: :gitlab_com_derisk) ? run : nil
).compact
end

2
lib/gitlab/ci/config/entry/jobs.rb
View File

@ -15,7 +15,7 @@ module Gitlab
validate do
each_unmatched_job do |name|
errors.add(name.to_s, 'config should implement a script: or a trigger: keyword')
errors.add(name.to_s, 'config should implement the script:, run:, or trigger: keyword')
end
unless has_visible_job?

14
lib/gitlab/ci/pipeline/seed/build.rb
View File

@ -70,6 +70,7 @@ module Gitlab
.deep_merge(allow_failure_criteria_attributes)
.deep_merge(@cache.cache_attributes)
.deep_merge(runner_tags)
.deep_merge(build_execution_config_attribute)
end
def bridge?
@ -94,6 +95,19 @@ module Gitlab
delegate :logger, to: :@context
def build_execution_config_attribute
run_value = @seed_attributes.dig(:options, :run)
return {} unless ::Feature.enabled?(:pipeline_run_keyword, @pipeline.project) && run_value.present?
execution_config = ::Ci::BuildExecutionConfig.new(
project: @pipeline.project,
pipeline: @pipeline,
run_steps: run_value
)
{ execution_config: execution_config }
end
def all_of_only?
@only.all? { |spec| spec.satisfied_by?(@pipeline, evaluate_context) }
end

1
lib/gitlab/ci/yaml_processor/result.rb
View File

@ -126,6 +126,7 @@ module Gitlab
before_script: job[:before_script],
script: job[:script],
manual_confirmation: job[:manual_confirmation],
run: job[:run],
after_script: job[:after_script],
hooks: job[:hooks],
environment: job[:environment],

2
lib/sidebars/projects/menus/security_compliance_menu.rb
View File

@ -17,7 +17,7 @@ module Sidebars
override :title
def title
_('Security and Compliance')
_('Security and compliance')
end
override :sprite_icon

4
locale/gitlab.pot
View File

@ -41880,7 +41880,7 @@ msgstr ""
msgid "ProjectSettings|Search for topic"
msgstr ""
msgid "ProjectSettings|Security and Compliance"
msgid "ProjectSettings|Security and compliance"
msgstr ""
msgid "ProjectSettings|Security and compliance for this project."
@ -47455,7 +47455,7 @@ msgstr ""
msgid "Security Policy project already exists."
msgstr ""
msgid "Security and Compliance"
msgid "Security and compliance"
msgstr ""
msgid "Security capabilities"

6
spec/controllers/projects/ci/lints_controller_spec.rb
View File

@ -145,7 +145,7 @@ RSpec.describe Projects::Ci::LintsController do
it 'assigns result with errors' do
expect(parsed_body['errors']).to match_array(
[
'jobs rubocop config should implement a script: or a trigger: keyword',
'jobs rubocop config should implement the script:, run:, or trigger: keyword',
'jobs config should contain at least one visible job'
])
end
@ -154,7 +154,9 @@ RSpec.describe Projects::Ci::LintsController do
subject { post :create, params: params.merge(dry_run: 'true') }
it 'assigns result with errors' do
expect(parsed_body['errors']).to eq(['jobs rubocop config should implement a script: or a trigger: keyword'])
expect(
parsed_body['errors']
).to match_array(['jobs rubocop config should implement the script:, run:, or trigger: keyword'])
end
it_behaves_like 'returns a successful validation'

19
spec/controllers/projects/settings/integrations_controller_spec.rb
View File

@ -232,6 +232,16 @@ RSpec.describe Projects::Settings::IntegrationsController, feature_category: :in
expect(response).to have_gitlab_http_status(:ok)
end
end
context 'when prometheus integration' do
let_it_be(:integration) { create(:prometheus_integration, project: project) }
it 'returns 404' do
put :test, params: project_params(service: { active: 'true' })
# because remove_monitor_metrics feature flag is enabled
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
describe 'PUT #update' do
@ -399,6 +409,15 @@ RSpec.describe Projects::Settings::IntegrationsController, feature_category: :in
end
end
end
context 'when prometheus integration' do
let_it_be(:integration) { create(:prometheus_integration, project: project) }
it 'returns 404' do
# because remove_monitor_metrics feature flag is enabled
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
describe 'as JSON' do

2
spec/factories/ci/builds.rb
View File

@ -32,6 +32,8 @@ FactoryBot.define do
runner_manager { nil }
execution_config { nil }
after(:build) do |build, evaluator|
if evaluator.runner_manager
build.runner = evaluator.runner_manager.runner

12
spec/finders/organizations/groups_finder_spec.rb
View File

@ -70,17 +70,5 @@ RSpec.describe Organizations::GroupsFinder, feature_category: :groups_and_projec
expect(result).not_to include(public_group)
end
context 'when filter_deleted_groups feature flag is disabled' do
before do
stub_feature_flags(filter_deleted_groups: false)
end
it 'includes deleted groups' do
public_group.namespace_details.update!(pending_delete: true)
expect(result).to include(public_group)
end
end
end
end

4
spec/frontend/editor/schema/ci/ci_schema_spec.js
View File

@ -29,6 +29,7 @@ import FilterYaml from './yaml_tests/positive_tests/filter.yml';
import IncludeYaml from './yaml_tests/positive_tests/include.yml';
import RulesYaml from './yaml_tests/positive_tests/rules.yml';
import RulesNeedsYaml from './yaml_tests/positive_tests/rules_needs.yml';
import RunYaml from './yaml_tests/positive_tests/run.yml';
import ProjectPathYaml from './yaml_tests/positive_tests/project_path.yml';
import VariablesYaml from './yaml_tests/positive_tests/variables.yml';
import JobWhenYaml from './yaml_tests/positive_tests/job_when.yml';
@ -59,6 +60,7 @@ import ProjectPathIncludeNoSlashYaml from './yaml_tests/negative_tests/project_p
import ProjectPathIncludeTailSlashYaml from './yaml_tests/negative_tests/project_path/include/tailing_slash.yml';
import RulesNegativeYaml from './yaml_tests/negative_tests/rules.yml';
import RulesNeedsNegativeYaml from './yaml_tests/negative_tests/rules_needs.yml';
import RunNegativeYaml from './yaml_tests/negative_tests/run.yml';
import TriggerNegative from './yaml_tests/negative_tests/trigger.yml';
import VariablesInvalidOptionsYaml from './yaml_tests/negative_tests/variables/invalid_options.yml';
import VariablesInvalidSyntaxDescYaml from './yaml_tests/negative_tests/variables/invalid_syntax_desc.yml';
@ -114,6 +116,7 @@ describe('positive tests', () => {
HooksYaml,
RulesYaml,
RulesNeedsYaml,
RunYaml,
VariablesYaml,
ProjectPathYaml,
IdTokensYaml,
@ -179,6 +182,7 @@ describe('negative tests', () => {
JobWhenNegativeYaml,
RulesNegativeYaml,
RulesNeedsNegativeYaml,
RunNegativeYaml,
TriggerNegative,
VariablesInvalidOptionsYaml,
VariablesInvalidSyntaxDescYaml,

58
spec/frontend/editor/schema/ci/yaml_tests/negative_tests/run.yml Normal file
View File

@ -0,0 +1,58 @@
run_with_step_script:
run:
- name: hello_steps
step: gitlab.com/gitlab-org/ci-cd/runner-tools/echo-step
script: echo 'Hello!'
inputs:
echo: hello steps!
run_without_name:
run:
step: some reference
run_without_name_script:
run:
script: rspec
run_with_invalid_key:
run:
- name: step1
invalid_key: value1
run_with_empty_string:
run: ''
run_with_non_array:
run: "not an array"
run_with_invalid_env:
run:
- name: invalid_env
script: echo 'Test'
env:
- not_a_key_value_pair
run_with_invalid_inputs:
run:
- name: invalid_inputs
step: gitlab.com/gitlab-org/ci-cd/runner-tools/step1
inputs:
- not_an_object
run_with_missing_step_and_script:
run:
- name: missing_required
env:
TEST: 'value'
run_with_invalid_step_value:
run:
- name: invalid_step
step: 123 # Should be a string
run_with_invalid_script_value:
run:
- name: invalid_script
script:
- not_a_string
- 123

63
spec/frontend/editor/schema/ci/yaml_tests/positive_tests/run.yml Normal file
View File

@ -0,0 +1,63 @@
hello_steps:
run:
- name: hello_steps
step: gitlab.com/gitlab-org/ci-cd/runner-tools/echo-step
inputs:
echo: hello steps!
hello_script:
run:
- name: hello_script1
script: echo 'Hello script'
env:
MY_VAR: 'some value'
multiple_steps:
run:
- name: step1
step: gitlab.com/gitlab-org/ci-cd/runner-tools/echo-step
inputs:
echo: Step 1 executed
- name: step2
script: echo 'Step 2 executed'
- name: step3
step: gitlab.com/gitlab-org/ci-cd/runner-tools/another-step
env:
DEBUG: 'true'
complex_script:
run:
- name: complex_script_example
script: |
echo 'Multi-line script'
ls -la
mkdir test_dir
cd test_dir
touch test_file.txt
env:
WORKSPACE: '/tmp/workspace'
LOG_LEVEL: 'info'
step_with_multiple_inputs:
run:
- name: multi_input_step
step: gitlab.com/gitlab-org/ci-cd/runner-tools/complex-step
inputs:
param1: value1
param2: 42
param3:
nested: data
array:
- item1
- item2
mixed_steps_and_scripts:
run:
- name: first_step
step: gitlab.com/gitlab-org/ci-cd/runner-tools/setup-step
- name: script_step
script: echo 'Intermediate script'
- name: final_step
step: gitlab.com/gitlab-org/ci-cd/runner-tools/cleanup-step
env:
CLEANUP_MODE: 'full'

26
spec/lib/api/entities/markdown_upload_admin_spec.rb Normal file
View File

@ -0,0 +1,26 @@
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe API::Entities::MarkdownUploadAdmin, feature_category: :team_planning do
describe '#as_json' do
let_it_be(:user) { create(:user) }
let_it_be(:upload) { create(:upload, :issuable_upload, uploaded_by_user: user) }
subject { described_class.new(upload).as_json }
it 'exposes correct attributes' do
is_expected.to include(
id: upload.id,
size: upload.size,
filename: upload.filename,
created_at: upload.created_at,
uploaded_by: {
id: user.id,
name: user.name,
username: user.username
}
)
end
end
end

158
spec/lib/gitlab/ci/config/entry/job_spec.rb
View File

@ -58,6 +58,28 @@ RSpec.describe Gitlab::Ci::Config::Entry::Job, feature_category: :pipeline_compo
it { is_expected.to be_truthy }
end
context 'when config is a regular job with run keyword' do
let(:name) { :rspec }
let(:config) do
{ run: [{ name: 'step1', step: 'some reference' }] }
end
it { is_expected.to be_truthy }
context 'when pipeline_run_keyword feature flag is disabled' do
before do
stub_feature_flags(pipeline_run_keyword: false)
end
context 'when config has run key' do
let(:name) { :rspec }
let(:config) { { run: [{ name: 'step1', step: 'some reference' }] } }
it { is_expected.to be_falsey }
end
end
end
context 'when config is a bridge job' do
let(:name) { :rspec }
let(:config) do
@ -235,12 +257,81 @@ RSpec.describe Gitlab::Ci::Config::Entry::Job, feature_category: :pipeline_compo
end
end
context 'when script and run are used together' do
let(:config) { { script: 'rspec', run: [{ name: 'step1', step: 'some reference' }] } }
it 'returns error about using script and run' do
expect(entry).not_to be_valid
expect(entry.errors).to include 'job config these keys cannot be used together: script, run'
end
end
context 'when run value is invalid' do
using RSpec::Parameterized::TableSyntax
where(:case_name, :config, :error) do
'when only step is used without name' | { stage: 'build',
run: [{ step: 'some reference' }] } | 'job run \'/0\' must be a valid \'required\''
'when only script is used without name' | { stage: 'build',
run: [{ script: 'echo' }] } | 'job run \'/0\' must be a valid \'required\''
'when step and script are used together' | { stage: 'build',
run: [{ name: 'step1', step: 'some reference', script: 'echo' }] } | 'job run \'/0\' must be a valid \'oneof\''
'when a subkey does not exist' | { stage: 'build',
run: [{ name: 'step1', invalid_key: 'some value' }] } | 'job run \'/0\' must be a valid \'required\''
end
with_them do
it 'returns error about invalid run' do
expect(entry).not_to be_valid
expect(entry.errors).to include(error)
end
end
context 'when run value is not an array' do
let(:config) { { stage: 'build', run: 'invalid' } }
it 'returns error about invalid run' do
expect(entry).not_to be_valid
expect(entry.errors).to include 'job run \'\' must be a valid \'array\''
end
end
context 'with invalid env value type' do
let(:config) do
{
stage: 'build',
run: [
{
name: 'step1',
script: 'echo $MY_VAR',
env: { MY_VAR: 123 }
}
]
}
end
it 'returns error about invalid env' do
expect(entry).not_to be_valid
expect(entry.errors).to include 'job run \'/0/env/my_var\' must be a valid \'string\''
end
end
context 'when run value does not match steps schema' do
let(:config) { { stage: 'build', run: [{ name: 'step1' }] } }
it 'returns error about invalid run' do
expect(entry).not_to be_valid
expect(entry.errors).to include 'job run \'/0\' must be a valid \'required\''
end
end
end
context 'when script is not provided' do
let(:config) { { stage: 'test' } }
it 'returns error about missing script entry' do
expect(entry).not_to be_valid
expect(entry.errors).to include "job script can't be blank"
expect(entry.errors).to include 'job script can\'t be blank'
end
end
@ -249,7 +340,7 @@ RSpec.describe Gitlab::Ci::Config::Entry::Job, feature_category: :pipeline_compo
it 'returns error about wrong value type' do
expect(entry).not_to be_valid
expect(entry.errors).to include "job extends should be an array of strings or a string"
expect(entry.errors).to include 'job extends should be an array of strings or a string'
end
end
@ -807,6 +898,69 @@ RSpec.describe Gitlab::Ci::Config::Entry::Job, feature_category: :pipeline_compo
end
end
context 'when run keyword is used' do
let(:run_value) do
[
{ name: 'step1', step: 'some reference' },
{ name: 'step2', script: 'echo' }
]
end
let(:config) { { run: run_value } }
it 'returns the run value' do
expect(entry.value).to include({ run: run_value })
end
context 'with valid inputs' do
let(:config) do
{
stage: 'build',
run: [
{
name: 'step1',
script: 'echo $MY_INPUT',
inputs: { MY_INPUT: 'some value' }
}
]
}
end
it 'is valid' do
expect(entry).to be_valid
end
context 'with valid env key' do
let(:config) do
{
stage: 'build',
run: [
{
name: 'step1',
script: 'echo $MY_VAR',
env: { MY_VAR: 'some value' }
}
]
}
end
it 'is valid' do
expect(entry).to be_valid
end
end
end
context 'when feature flag is disabled' do
before do
stub_feature_flags(pipeline_run_keyword: false)
end
it 'return nil for run value' do
expect(entry.value[:run]).to be_nil
end
end
end
context 'with retry present in the config' do
let(:config) do
{

4
spec/lib/gitlab/ci/config/entry/jobs_spec.rb
View File

@ -68,14 +68,14 @@ RSpec.describe Gitlab::Ci::Config::Entry::Jobs do
let(:config) { { rspec: nil } }
it 'reports error' do
expect(entry.errors).to include 'jobs rspec config should implement a script: or a trigger: keyword'
expect(entry.errors).to include 'jobs rspec config should implement the script:, run:, or trigger: keyword'
end
context 'when the job name cannot be cast directly to a symbol' do
let(:config) { { true => nil } }
it 'properly parses the job name without raising a NoMethodError' do
expect(entry.errors).to include 'jobs true config should implement a script: or a trigger: keyword'
expect(entry.errors).to include 'jobs true config should implement the script:, run:, or trigger: keyword'
end
end
end

2
spec/lib/gitlab/ci/config/entry/root_spec.rb
View File

@ -433,7 +433,7 @@ RSpec.describe Gitlab::Ci::Config::Entry::Root do
describe '#errors' do
it 'reports errors about missing script or trigger' do
expect(root.errors)
.to include 'jobs rspec config should implement a script: or a trigger: keyword'
.to include 'jobs rspec config should implement the script:, run:, or trigger: keyword'
end
end
end

2
spec/lib/gitlab/ci/lint_spec.rb
View File

@ -144,7 +144,7 @@ RSpec.describe Gitlab::Ci::Lint, feature_category: :pipeline_composition do
it 'returns a result with errors' do
expect(subject).not_to be_valid
expect(subject.errors).to include(/jobs build config should implement a script: or a trigger: keyword/)
expect(subject.errors).to include(/jobs build config should implement the script:, run:, or trigger: keyword/)
end
end

50
spec/lib/gitlab/ci/pipeline/seed/build_spec.rb
View File

@ -47,6 +47,56 @@ RSpec.describe Gitlab::Ci::Pipeline::Seed::Build, feature_category: :pipeline_co
end
end
context 'with job:run attribute' do
let(:run_value) do
[
{ name: 'step1', step: 'some_step_reference', env: { VAR1: 'value1', VAR2: 'value2' } },
{ name: 'step2', script: "echo 'Hello, World!'", inputs: { input1: 'input_value1', input2: 'input_value1223' } }
].map(&:deep_stringify_keys)
end
let(:attributes) do
{
name: 'rspec',
ref: 'master',
options: {
run: run_value
}
}
end
it 'includes execution_config attribute with run steps' do
expect(subject[:execution_config]).to an_object_having_attributes(
project: pipeline.project,
pipeline: pipeline,
run_steps: run_value
)
end
context 'when feature flag is disabled' do
before do
stub_feature_flags(pipeline_run_keyword: false)
end
it 'does not include execution_config attribute' do
expect(subject).not_to include(:execution_config)
end
end
context 'when job:run attribute is not specified' do
let(:attributes) do
{
name: 'rspec',
ref: 'master'
}
end
it 'does not include execution_config attribute' do
expect(subject).not_to include(:execution_config)
end
end
end
context 'with job:rules:[when:delayed]' do
context 'is matched' do
let(:attributes) { { name: 'rspec', ref: 'master', rules: [{ if: '$VAR == null', when: 'delayed', start_in: '3 hours' }] } }

4
spec/lib/gitlab/ci/yaml_processor_spec.rb
View File

@ -3233,7 +3233,7 @@ module Gitlab
context 'returns error if job configuration is invalid' do
let(:config) { YAML.dump({ extra: "bundle update" }) }
it_behaves_like 'returns errors', 'jobs extra config should implement a script: or a trigger: keyword'
it_behaves_like 'returns errors', 'jobs extra config should implement the script:, run:, or trigger: keyword'
end
context 'returns errors if services configuration is not correct' do
@ -3251,7 +3251,7 @@ module Gitlab
context 'returns errors if the job script is not defined' do
let(:config) { YAML.dump({ rspec: { before_script: "test" } }) }
it_behaves_like 'returns errors', 'jobs rspec config should implement a script: or a trigger: keyword'
it_behaves_like 'returns errors', 'jobs rspec config should implement the script:, run:, or trigger: keyword'
end
context 'returns errors if there are no visible jobs defined' do

4
spec/lib/sidebars/projects/menus/security_compliance_menu_spec.rb
View File

@ -20,7 +20,7 @@ RSpec.describe Sidebars::Projects::Menus::SecurityComplianceMenu do
end
context 'when user is authenticated' do
context 'when the Security and Compliance is disabled' do
context 'when the Security and compliance is disabled' do
let_it_be(:project) { create(:project, :security_and_compliance_disabled) }
before do
@ -32,7 +32,7 @@ RSpec.describe Sidebars::Projects::Menus::SecurityComplianceMenu do
it { is_expected.to be_falsey }
end
context 'when the Security and Compliance is not disabled' do
context 'when the Security and compliance is not disabled' do
it { is_expected.to be_truthy }
end
end

13
spec/models/ci/build_spec.rb
View File

@ -5688,6 +5688,19 @@ RSpec.describe Ci::Build, feature_category: :continuous_integration, factory_def
describe '#clone' do
let_it_be(:user) { create(:user) }
context 'when build execution config is given' do
let(:build_execution_config) { create(:ci_builds_execution_configs, pipeline: pipeline) }
it 'clones the config id' do
build = create(:ci_build, pipeline: pipeline, execution_config: build_execution_config)
new_build = build.clone(current_user: user)
new_build.save!
expect(new_build.execution_config_id).to eq(build_execution_config.id)
end
end
context 'when given new job variables' do
context 'when the cloned build has an action' do
it 'applies the new job variables' do

4
spec/policies/project_policy_spec.rb
View File

@ -2615,7 +2615,7 @@ RSpec.describe ProjectPolicy, feature_category: :system_access do
end
describe 'access_security_and_compliance' do
context 'when the "Security and Compliance" is enabled' do
context 'when the "Security and compliance" is enabled' do
before do
project.project_feature.update!(security_and_compliance_access_level: Featurable::PRIVATE)
end
@ -2661,7 +2661,7 @@ RSpec.describe ProjectPolicy, feature_category: :system_access do
end
end
context 'when the "Security and Compliance" is not enabled' do
context 'when the "Security and compliance" is not enabled' do
before do
project.project_feature.update!(security_and_compliance_access_level: Featurable::DISABLED)
end

74
spec/requests/admin/integrations_controller_spec.rb
View File

@ -10,12 +10,9 @@ RSpec.describe Admin::IntegrationsController, :enable_admin_mode, feature_catego
end
describe 'GET #edit' do
context 'when remove_monitor_metrics is true' do
before do
stub_feature_flags(remove_monitor_metrics: true)
end
it 'renders a 404 for the prometheus integration' do
context 'for prometheus integration' do
# feature flag remove_monitor_metrics is enabled by default in specs
it 'renders a 404' do
get edit_admin_application_settings_integration_path(:prometheus)
expect(response).to have_gitlab_http_status(:not_found)
@ -24,41 +21,56 @@ RSpec.describe Admin::IntegrationsController, :enable_admin_mode, feature_catego
end
describe 'GET #overrides' do
let_it_be(:integration) { create(:jira_integration, :instance) }
let_it_be(:overridden_integration) { create(:jira_integration) }
let_it_be(:overridden_other_integration) { create(:confluence_integration) }
let(:overrides_path) { overrides_admin_application_settings_integration_path(integration, format: format) }
context 'format html' do
let(:format) { :html }
context 'for jira integration' do
let_it_be(:integration) { create(:jira_integration, :instance) }
let_it_be(:overridden_integration) { create(:jira_integration) }
let_it_be(:overridden_other_integration) { create(:confluence_integration) }
it 'renders' do
get overrides_path
context 'when format is html' do
let(:format) { :html }
expect(response).to have_gitlab_http_status(:ok)
expect(response).to render_template('shared/integrations/overrides')
it 'renders' do
get overrides_path
expect(response).to have_gitlab_http_status(:ok)
expect(response).to render_template('shared/integrations/overrides')
end
end
context 'when format is json' do
let(:format) { :json }
let(:project) { overridden_integration.project }
it 'returns the project overrides data' do
get overrides_path
expect(response).to have_gitlab_http_status(:ok)
expect(response).to include_pagination_headers
expect(json_response).to contain_exactly(
{
'id' => project.id,
'avatar_url' => project.avatar_url,
'full_name' => project.full_name,
'name' => project.name,
'full_path' => project_path(project)
}
)
end
end
end
context 'format json' do
let(:format) { :json }
let(:project) { overridden_integration.project }
context 'for prometheus integration' do
# feature flag remove_monitor_metrics is enabled by default in specs
let_it_be(:integration) { create(:prometheus_integration, :instance) }
it 'returns the project overrides data' do
let(:format) { :html }
it 'renders a 404' do
get overrides_path
expect(response).to have_gitlab_http_status(:ok)
expect(response).to include_pagination_headers
expect(json_response).to contain_exactly(
{
'id' => project.id,
'avatar_url' => project.avatar_url,
'full_name' => project.full_name,
'name' => project.name,
'full_path' => project_path(project)
}
)
expect(response).to have_gitlab_http_status(:not_found)
end
end
end

93
spec/requests/api/ci/runner/jobs_request_post_spec.rb
View File

@ -475,6 +475,99 @@ RSpec.describe API::Ci::Runner, :clean_gitlab_redis_shared_state, feature_catego
end
end
context 'with run keyword' do
let(:execution_config) { create(:ci_builds_execution_configs, :with_step_and_script) }
context 'when job has execution_config with run_steps' do
let(:job) do
create(
:ci_build,
:pending,
:queued,
pipeline: pipeline,
name: 'spinach',
stage: 'test',
stage_idx: 0,
execution_config: execution_config
)
end
it 'returns job with the run steps' do
request_job
expect(response).to have_gitlab_http_status(:created)
expect(json_response['run']).to eq(execution_config.run_steps.to_json)
end
it 'returns nil for the steps' do
request_job
expect(response).to have_gitlab_http_status(:created)
expect(json_response['steps']).to be_nil
end
context 'when feature flag is disabled' do
before do
stub_feature_flags(pipeline_run_keyword: false)
end
it 'returns nil for run steps' do
request_job
expect(response).to have_gitlab_http_status(:created)
expect(json_response['run']).to be_nil
end
end
end
context 'when job does not have execution config' do
let(:job) do
create(
:ci_build,
:pending,
:queued,
pipeline: pipeline,
name: 'spinach',
stage: 'test',
stage_idx: 0
)
end
let(:expected_steps) do
[
{
"name" => "script",
"script" => ["ls -a"],
"timeout" => 3600,
"when" => "on_success",
"allow_failure" => false
}
]
end
it 'returns nil for run steps' do
request_job
expect(response).to have_gitlab_http_status(:created)
expect(json_response['run']).to be_nil
end
context 'when feature flag is disabled' do
before do
stub_feature_flags(pipeline_run_keyword: false)
end
it 'returns nil for run steps' do
request_job
expect(response).to have_gitlab_http_status(:created)
expect(json_response['run']).to be_nil
expect(json_response['steps']).to eq(expected_steps)
end
end
end
end
describe 'updates runner info' do
it { expect { request_job }.to change { runner.reload.contacted_at } }

133
spec/requests/api/markdown_uploads_spec.rb
View File

@ -3,8 +3,13 @@
require 'spec_helper'
RSpec.describe API::MarkdownUploads, feature_category: :team_planning do
let_it_be(:group) { create(:group, :private) }
let_it_be(:group_maintainer) { create(:user, maintainer_of: group) }
let_it_be(:project) { create(:project, :private) }
let_it_be(:user) { create(:user, guest_of: project) }
let_it_be(:project_maintainer) { create(:user, maintainer_of: project) }
let_it_be(:user) { create(:user, guest_of: [project, group]) }
describe "POST /projects/:id/uploads/authorize" do
include WorkhorseHelpers
@ -77,4 +82,130 @@ RSpec.describe API::MarkdownUploads, feature_category: :team_planning do
expect(File.exist?(path)).to be(false)
end
end
shared_examples 'a request from an unauthorized user' do
it 'returns 403' do
get api(path, user)
expect(response).to have_gitlab_http_status(:forbidden)
end
end
describe "GET /projects/:id/uploads" do
let_it_be(:uploads) { create_list(:upload, 3, :issuable_upload, model: project) }
let_it_be(:other_upload) { create(:upload, :issuable_upload, model: create(:project)) }
let(:path) { "/projects/#{project.id}/uploads" }
it 'returns uploads ordered by created_at' do
get api(path, project_maintainer)
expect_paginated_array_response(uploads.reverse.map(&:id))
end
it_behaves_like 'a request from an unauthorized user'
end
describe "GET /projects/:id/uploads/:upload_id" do
let_it_be(:upload) { create(:upload, :issuable_upload, :with_file, model: project, filename: 'test.jpg') }
let(:path) { "/projects/#{project.id}/uploads/#{upload.id}" }
it 'returns the uploaded file' do
get api(path, project_maintainer)
expect(response).to have_gitlab_http_status(:ok)
expect(response.headers['Content-Disposition'])
.to eq(%(attachment; filename="test.jpg"; filename*=UTF-8''test.jpg))
end
it_behaves_like 'a request from an unauthorized user'
end
describe "DELETE /projects/:id/uploads/:upload_id" do
let_it_be(:upload) { create(:upload, :issuable_upload, model: project) }
let(:path) { "/projects/#{project.id}/uploads/#{upload.id}" }
it 'deletes the given upload' do
expect do
delete api(path, project_maintainer)
end.to change { Upload.count }.by(-1)
expect(response).to have_gitlab_http_status(:no_content)
end
it 'returns an error when deletion fails' do
expect_next_instance_of(Banzai::UploadsFinder) do |finder|
expect(finder).to receive(:find).with(upload.id).and_return(upload)
end
expect(upload).to receive(:destroy).and_return(false)
delete api(path, project_maintainer)
expect(response).to have_gitlab_http_status(:bad_request)
expect(json_response['message']).to include(_('Upload could not be deleted.'))
end
it_behaves_like 'a request from an unauthorized user'
end
describe "GET /groups/:id/uploads" do
let_it_be(:uploads) { create_list(:upload, 3, :namespace_upload, model: group) }
let_it_be(:other_upload) { create(:upload, :namespace_upload, model: create(:group)) }
let(:path) { "/groups/#{group.id}/uploads" }
it 'returns uploads ordered by created_at' do
get api(path, group_maintainer)
expect_paginated_array_response(uploads.reverse.map(&:id))
end
it_behaves_like 'a request from an unauthorized user'
end
describe "GET /groups/:id/uploads/:upload_id" do
let_it_be(:upload) { create(:upload, :namespace_upload, :with_file, model: group, filename: 'test.jpg') }
let(:path) { "/groups/#{group.id}/uploads/#{upload.id}" }
it 'returns the uploaded file' do
get api(path, group_maintainer)
expect(response).to have_gitlab_http_status(:ok)
expect(response.headers['Content-Disposition'])
.to eq(%(attachment; filename="test.jpg"; filename*=UTF-8''test.jpg))
end
it_behaves_like 'a request from an unauthorized user'
end
describe "DELETE /groups/:id/uploads/:upload_id" do
let_it_be(:upload) { create(:upload, :namespace_upload, model: group) }
let(:path) { "/groups/#{group.id}/uploads/#{upload.id}" }
it 'deletes the given upload' do
expect do
delete api(path, group_maintainer)
end.to change { Upload.count }.by(-1)
expect(response).to have_gitlab_http_status(:no_content)
end
it 'returns an error when deletion fails' do
expect_next_instance_of(Banzai::UploadsFinder) do |finder|
expect(finder).to receive(:find).with(upload.id).and_return(upload)
end
expect(upload).to receive(:destroy).and_return(false)
delete api(path, group_maintainer)
expect(response).to have_gitlab_http_status(:bad_request)
expect(json_response['message']).to include(_('Upload could not be deleted.'))
end
it_behaves_like 'a request from an unauthorized user'
end
end

6
spec/services/ci/create_downstream_pipeline_service_spec.rb
View File

@ -203,7 +203,8 @@ RSpec.describe Ci::CreateDownstreamPipelineService, '#execute', feature_category
expect { subject }
.to change { Ci::Pipeline.count }.by(1)
expect(subject).to be_error
expect(subject.message).to match_array(["jobs job config should implement a script: or a trigger: keyword"])
expect(subject.message)
.to match_array(["jobs job config should implement the script:, run:, or trigger: keyword"])
end
it 'creates a new pipeline in a downstream project' do
@ -590,7 +591,8 @@ RSpec.describe Ci::CreateDownstreamPipelineService, '#execute', feature_category
expect { subject }
.to change { Ci::Pipeline.count }.by(1)
expect(subject).to be_error
expect(subject.message).to match_array(["jobs invalid config should implement a script: or a trigger: keyword"])
expect(subject.message)
.to match_array(["jobs invalid config should implement the script:, run:, or trigger: keyword"])
end
it 'creates a new pipeline in the downstream project' do

2
spec/services/ci/create_pipeline_service/creation_errors_and_warnings_spec.rb
View File

@ -106,7 +106,7 @@ RSpec.describe Ci::CreatePipelineService, :ci_config_feature_flag_correctness, f
end
it 'contains only errors' do
error_message = 'jobs invalid config should implement a script: or a trigger: keyword'
error_message = 'jobs invalid config should implement the script:, run:, or trigger: keyword'
expect(pipeline.yaml_errors).to eq(error_message)
expect(pipeline.error_messages.map(&:content)).to contain_exactly(error_message)
expect(pipeline.errors.full_messages).to contain_exactly(error_message)

144
spec/services/ci/create_pipeline_service/run_spec.rb Normal file
View File

@ -0,0 +1,144 @@
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Ci::CreatePipelineService, :ci_config_feature_flag_correctness,
feature_category: :pipeline_composition do
let_it_be(:project) { create(:project, :repository) }
let_it_be(:user) { project.first_owner }
let(:service) { described_class.new(project, user, { ref: 'master' }) }
let(:pipeline) { service.execute(:push).payload }
before do
stub_ci_pipeline_yaml_file(config)
end
context 'when job has valid run configuration' do
let(:config) do
<<-CI_CONFIG
job:
run:
- name: step1
script: echo 'hello step1'
- name: step2
step: some_predefined_step
env:
VAR1: 'value1'
inputs:
input1: 'value1'
CI_CONFIG
end
it 'creates a job with run data' do
expect(pipeline).to be_created_successfully
job = pipeline.builds.first
expect(job.execution_config.run_steps).to eq([
{
'name' => 'step1',
'script' => "echo 'hello step1'"
},
{
'name' => 'step2',
'step' => 'some_predefined_step',
'env' => { 'VAR1' => 'value1' },
'inputs' => { 'input1' => 'value1' }
}
])
end
context 'when feature flag is disabled' do
before do
stub_feature_flags(pipeline_run_keyword: false)
end
it 'does not create a pipeline' do
expect(pipeline).not_to be_created_successfully
end
end
end
context 'when job has multiple run steps with different configurations' do
let(:config) do
<<-CI_CONFIG
job1:
run:
- name: script_step
script: echo 'hello script'
- name: predefined_step
step: some_step
env:
DEBUG: 'true'
job2:
run:
- name: complex_script
script: |
echo 'multi-line'
echo 'script'
- name: step_with_inputs
step: another_step
inputs:
param1: value1
param2: value2
CI_CONFIG
end
it 'creates jobs with correct execution_config data' do
expect(pipeline).to be_created_successfully
job1 = pipeline.builds.find_by(name: 'job1')
expect(job1.execution_config.run_steps).to eq([
{
'name' => 'script_step',
'script' => "echo 'hello script'"
},
{
'name' => 'predefined_step',
'step' => 'some_step',
'env' => { 'DEBUG' => 'true' }
}
])
job2 = pipeline.builds.find_by(name: 'job2')
expect(job2.execution_config.run_steps).to eq([
{
'name' => 'complex_script',
'script' => "echo 'multi-line'\necho 'script'\n"
},
{
'name' => 'step_with_inputs',
'step' => 'another_step',
'inputs' => {
'param1' => 'value1',
'param2' => 'value2'
}
}
])
end
end
context 'when job has invalid run configuration' do
let(:config) do
<<-CI_CONFIG
job:
run:
- script: echo 'missing name'
- name: invalid_step
step: 123
- name: invalid_env
script: echo 'test'
env:
KEY: null
CI_CONFIG
end
it 'returns errors for invalid configuration' do
expect(pipeline).not_to be_created_successfully
expect(pipeline.errors.full_messages).to include(
"jobs:job run '/0' must be a valid 'required'"
)
end
end
end

2
spec/support/shared_contexts/policies/group_policy_shared_context.rb
View File

@ -63,7 +63,7 @@ RSpec.shared_context 'GroupPolicy context' do
destroy_package
create_projects
create_cluster update_cluster admin_cluster add_cluster
destroy_upload
admin_upload destroy_upload
admin_achievement
award_achievement
read_group_runners

2
spec/support/shared_contexts/policies/project_policy_shared_context.rb
View File

@ -70,7 +70,7 @@ RSpec.shared_context 'ProjectPolicy context' do
admin_project admin_project_member admin_push_rules admin_runner admin_snippet admin_terraform_state
admin_wiki create_deploy_token destroy_deploy_token manage_deploy_tokens
push_to_delete_protected_branch read_deploy_token update_snippet
destroy_upload admin_member_access_request rename_project manage_merge_request_settings
admin_upload destroy_upload admin_member_access_request rename_project manage_merge_request_settings
admin_integrations
]
end

4
spec/support/shared_contexts/security_and_compliance_permissions_shared_context.rb
View File

@ -1,6 +1,6 @@
# frozen_string_literal: true
RSpec.shared_context '"Security and Compliance" permissions' do
RSpec.shared_context '"Security and compliance" permissions' do
let(:project_instance) { an_instance_of(Project) }
let(:user_instance) { an_instance_of(User) }
let(:before_request_defined) { false }
@ -18,7 +18,7 @@ RSpec.shared_context '"Security and Compliance" permissions' do
allow(Ability).to receive(:allowed?).with(user_instance, :access_security_and_compliance, project_instance).and_return(true)
end
context 'when the "Security and Compliance" feature is disabled' do
context 'when the "Security and compliance" feature is disabled' do
subject { response }
before do

11
vendor/gems/bundler-checksum/.gitlab-ci.yml vendored
View File

@ -5,6 +5,15 @@ include:
gem_path_prefix: "vendor/gems/"
rspec:
extends: .ruby_matrix
variables:
BUNDLER_LATEST: "2.5.15"
# Note, needed to copy the matrix definition because
# Theres a known issue when using !reference tags with the parallel:matrix keyword.
# https://docs.gitlab.com/ee/ci/debugging.html#config-should-be-an-array-of-hashes-error-message
parallel:
matrix:
- RUBY_VERSION: ["${RUBY_VERSION_DEFAULT}", "${RUBY_VERSION_NEXT}"]
BUNDLER_VERSION: ["2.4.22", "2.5.4", "2.5.12", "${BUNDLER_LATEST}"]
script:
- gem install bundler -v "$BUNDLER_VERSION"
- pushd test/project_with_checksum_lock && scripts/test

48
vendor/gems/bundler-checksum/lib/bundler_checksum/command/init.rb vendored
View File

@ -6,23 +6,15 @@ module BundlerChecksum::Command
module Init
extend self
BUNDLER_2_5_0 = Gem::Version.new("2.5.0")
BUNDLER_2_5_12 = Gem::Version.new("2.5.12")
def execute
$stderr.puts "Initializing checksum file #{checksum_file}"
checksums = []
require "bundler/vendored_uri"
# RubyGems v3.5.6 got rid of Bundler::URI in favor of a vendored Gem::URI: https://github.com/rubygems/rubygems/pull/7386
rubygems_source = 'https://rubygems.org'
remote = defined?(Gem::URI) ? Gem::URI(rubygems_source) : Bundler::URI(rubygems_source)
args = [nil, Bundler::Source::Rubygems::Remote.new(remote), nil]
# gem_remote_fetcher added in https://github.com/rubygems/rubygems/pull/7092/
args << nil if Gem::Version.new(Bundler::VERSION) >= Gem::Version.new("2.5.0")
compact_index_cache = Bundler::Fetcher::CompactIndex
.new(*args)
.send(:compact_index_client)
.instance_variable_get(:@cache)
Bundler.definition.resolve.sort_by(&:name).each do |spec|
next unless spec.source.is_a?(Bundler::Source::Rubygems)
@ -41,7 +33,7 @@ module BundlerChecksum::Command
$stderr.puts "Adding #{spec_identifier}"
compact_index_dependencies = compact_index_cache.dependencies(spec.name).select { |item| item.first == spec.version.to_s }
compact_index_dependencies = compact_index_dependencies(spec.name).select { |item| item.first == spec.version.to_s }
if !compact_index_dependencies.empty?
compact_index_checksums = compact_index_dependencies.map do |version, platform, dependencies, requirements|
@ -70,6 +62,38 @@ module BundlerChecksum::Command
private
def compact_index_dependencies(name)
if current_bundler_version >= BUNDLER_2_5_12
compact_index_cache.dependencies([name])
else
compact_index_cache.dependencies(name)
end
end
def compact_index_cache
# RubyGems v3.5.6 got rid of Bundler::URI in favor of a vendored Gem::URI: https://github.com/rubygems/rubygems/pull/7386
rubygems_source = 'https://rubygems.org'
remote_uri = defined?(Gem::URI) ? Gem::URI(rubygems_source) : Bundler::URI(rubygems_source)
remote = Bundler::Source::Rubygems::Remote.new(remote_uri)
# Constructor changed with https://github.com/rubygems/rubygems/pull/7678/
@compact_index_cache ||= if current_bundler_version >= BUNDLER_2_5_12
cache_path = Bundler.user_cache.join("compact_index", remote.cache_slug)
Bundler::CompactIndexClient.new(cache_path)
else
args = [nil, remote, nil]
# gem_remote_fetcher added in https://github.com/rubygems/rubygems/pull/7092/
args << nil if current_bundler_version >= BUNDLER_2_5_0
Bundler::Fetcher::CompactIndex
.new(*args)
.send(:compact_index_client)
.instance_variable_get(:@cache)
end
end
def current_bundler_version
@bundler_version ||= Gem::Version.new(Bundler::VERSION)
end
def previous_checksums
@previous_checksums ||=
if File.exist?(checksum_file)

2
vendor/gems/bundler-checksum/test/project_with_checksum_lock/Gemfile.lock vendored
View File

@ -135,4 +135,4 @@ DEPENDENCIES
rails (~> 6.1.6.1)
BUNDLED WITH
2.5.4
2.4.22

11
vendor/gems/bundler-checksum/test/project_with_checksum_lock/scripts/test vendored
View File

@ -1,6 +1,13 @@
#!/bin/sh
#!/bin/bash
set -euo pipefail
IFS=$'\n\t'
set -xe
if [[ $(bundler -v) == *"$BUNDLER_VERSION"* ]]; then
echo "Bundler version matches desired version: ${BUNDLER_VERSION}"
else
echo "Bundler version $(bundler -v) does not match desired version: ${BUNDLER_VERSION}"
exit 1
fi
# Check there's no differences after re-initialising
ruby -I ../../lib ../../bin/bundler-checksum init

2
workhorse/go.mod
View File

@ -10,7 +10,7 @@ require (
github.com/alecthomas/chroma/v2 v2.14.0
github.com/aws/aws-sdk-go v1.54.6
github.com/disintegration/imaging v1.6.2
github.com/dlclark/regexp2 v1.11.0
github.com/dlclark/regexp2 v1.11.1
github.com/getsentry/raven-go v0.2.0
github.com/golang-jwt/jwt/v5 v5.2.1
github.com/golang/gddo v0.0.0-20210115222349-20d68f94ee1f

4
workhorse/go.sum
View File

@ -173,8 +173,8 @@ github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/r
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
github.com/disintegration/imaging v1.6.2 h1:w1LecBlG2Lnp8B3jk5zSuNqd7b4DXhcjwek1ei82L+c=
github.com/disintegration/imaging v1.6.2/go.mod h1:44/5580QXChDfwIclfc/PCwrr44amcmDAg8hxG0Ewe4=
github.com/dlclark/regexp2 v1.11.0 h1:G/nrcoOa7ZXlpoa/91N3X7mM3r8eIlMBBJZvsz/mxKI=
github.com/dlclark/regexp2 v1.11.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
github.com/dlclark/regexp2 v1.11.1 h1:CJs78ewKXO9PuNf6Xwlw6eibMadBkXTRpOeUdv+IcWM=
github.com/dlclark/regexp2 v1.11.1/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ=
github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=