root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2025-04-30 18:11:43 +00:00
parent 7d48c9bdf7
commit 3bb07f497b
35 changed files with 344 additions and 205 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitlab/ci/openapi.gitlab-ci.yml
View File

@ -9,4 +9,4 @@ openapi-doc-check:
stage: lint
needs: []
script:
- bundle exec rake gitlab:openapi:check_docs
- bundle exec rake gitlab:openapi:check_docs OPENAPI_CHECK_DEBUG=true

2
doc/administration/geo/_index.md
View File

@ -124,7 +124,7 @@ the difference between Geo and Gitaly Cluster, see [Comparison to Geo](../gitaly
## How it works
This is a brief summary of how Geo works in your GitLab environment. For a more detailed information, see the [Geo Development page](../../development/geo.md).
This is a brief summary of how Geo works in your GitLab environment. For more details, see the Geo development documentation.
Your Geo instance can be used for cloning and fetching projects, in addition to reading any data. This makes working with large repositories over large distances much faster.

10
doc/administration/geo/replication/datatypes.md
View File

@ -94,7 +94,7 @@ on a machine:
GitLab does not require a special file system and can work with a mounted Storage Appliance. However, there can be
performance limitations and consistency issues when using a remote file system.
Geo triggers garbage collection in Gitaly to [deduplicate forked repositories](../../../development/git_object_deduplication.md#git-object-deduplication-and-gitlab-geo) on Geo secondary sites.
Geo triggers garbage collection in Gitaly to deduplicate forked repositories on Geo secondary sites.
The Gitaly gRPC API does the communication, with three possible ways of synchronization:
@ -203,8 +203,8 @@ successfully, you must replicate their data using some other means.
| Feature | Replicated (added in GitLab version) | Verified (added in GitLab version) | GitLab-managed object storage replication (added in GitLab version) | GitLab-managed object storage verification (added in GitLab version) | Notes |
|:----------------------------------------------------------------------------------------------------------------------|:------------------------------------------------------------------------------|:------------------------------------------------------------------------------|:--------------------------------------------------------------------------------|:--------------------------------------------------------------------------------|:------|
| [Application data in PostgreSQL](../../postgresql/_index.md) | **Yes** (10.2) | **Yes** (10.2) | Not applicable | Not applicable | |
| [Project repository](../../../user/project/repository/_index.md) | **Yes** (10.2) | **Yes** (10.7) | Not applicable | Not applicable | Migrated to [self-service framework](../../../development/geo/framework.md) in 16.2. See GitLab issue [#367925](https://gitlab.com/gitlab-org/gitlab/-/issues/367925) for more details.<br /><br />Behind feature flag `geo_project_repository_replication`, enabled by default in (16.3).<br /><br /> All projects, including [archived projects](../../../user/project/working_with_projects.md#archive-a-project), are replicated. |
| [Project wiki repository](../../../user/project/wiki/_index.md) | **Yes** (10.2)<sup>2</sup> | **Yes** (10.7)<sup>2</sup> | Not applicable | Not applicable | Migrated to [self-service framework](../../../development/geo/framework.md) in 15.11. See GitLab issue [#367925](https://gitlab.com/gitlab-org/gitlab/-/issues/367925) for more details.<br /><br />Behind feature flag `geo_project_wiki_repository_replication`, enabled by default in (15.11). |
| [Project repository](../../../user/project/repository/_index.md) | **Yes** (10.2) | **Yes** (10.7) | Not applicable | Not applicable | Migrated to self-service framework in 16.2. See GitLab issue [#367925](https://gitlab.com/gitlab-org/gitlab/-/issues/367925) for more details.<br /><br />Behind feature flag `geo_project_repository_replication`, enabled by default in (16.3).<br /><br /> All projects, including [archived projects](../../../user/project/working_with_projects.md#archive-a-project), are replicated. |
| [Project wiki repository](../../../user/project/wiki/_index.md) | **Yes** (10.2)<sup>2</sup> | **Yes** (10.7)<sup>2</sup> | Not applicable | Not applicable | Migrated to self-service framework in 15.11. See GitLab issue [#367925](https://gitlab.com/gitlab-org/gitlab/-/issues/367925) for more details.<br /><br />Behind feature flag `geo_project_wiki_repository_replication`, enabled by default in (15.11). |
| [Group wiki repository](../../../user/project/wiki/group.md) | [**Yes** (13.10)](https://gitlab.com/gitlab-org/gitlab/-/issues/208147) | [**Yes** (16.3)](https://gitlab.com/gitlab-org/gitlab/-/issues/323897) | Not applicable | Not applicable | Behind feature flag `geo_group_wiki_repository_replication`, enabled by default. |
| [Uploads](../../uploads.md) | **Yes** (10.2) | **Yes** (14.6) | [**Yes** (15.1)](https://gitlab.com/groups/gitlab-org/-/epics/5551) | [**Yes** (16.4)<sup>3</sup>](https://gitlab.com/groups/gitlab-org/-/epics/8056) | Replication is behind the feature flag `geo_upload_replication`, enabled by default. Verification was behind the feature flag `geo_upload_verification`, removed in 14.8. |
| [LFS objects](../../lfs/_index.md) | **Yes** (10.2) | **Yes** (14.6) | [**Yes** (15.1)](https://gitlab.com/groups/gitlab-org/-/epics/5551) | [**Yes** (16.4)<sup>3</sup>](https://gitlab.com/groups/gitlab-org/-/epics/8056) | GitLab versions 11.11.x and 12.0.x are affected by [a bug that prevents any new LFS objects from replicating](https://gitlab.com/gitlab-org/gitlab/-/issues/32696).<br /><br />Replication is behind the feature flag `geo_lfs_object_replication`, enabled by default. Verification was behind the feature flag `geo_lfs_object_verification`, removed in 14.7. |
@ -232,6 +232,6 @@ successfully, you must replicate their data using some other means.
**Footnotes:**
1. Migrated to [self-service framework](../../../development/geo/framework.md) in 15.5. See GitLab issue [#337436](https://gitlab.com/gitlab-org/gitlab/-/issues/337436) for more details.
1. Migrated to [self-service framework](../../../development/geo/framework.md) in 15.11. Behind feature flag `geo_project_wiki_repository_replication`, enabled by default. See GitLab issue [#367925](https://gitlab.com/gitlab-org/gitlab/-/issues/367925) for more details.
1. Migrated to self-service framework in 15.5. See GitLab issue [#337436](https://gitlab.com/gitlab-org/gitlab/-/issues/337436) for more details.
1. Migrated to self-service framework in 15.11. Behind feature flag `geo_project_wiki_repository_replication`, enabled by default. See GitLab issue [#367925](https://gitlab.com/gitlab-org/gitlab/-/issues/367925) for more details.
1. Verification of files stored in object storage was [introduced](https://gitlab.com/groups/gitlab-org/-/epics/8056) in GitLab 16.4 [with a feature flag](../../feature_flags.md) named `geo_object_storage_verification`, enabled by default.

3
doc/administration/geo/replication/troubleshooting/synchronization_verification.md
View File

@ -30,7 +30,7 @@ secondary Geo site, you can:
[You can force a resync and reverify individual items](https://gitlab.com/gitlab-org/gitlab/-/issues/364727)
for all component types managed by the
[self-service framework](../../../../development/geo/framework.md) using the UI. On the secondary
self-service framework using the UI. On the secondary
site, visit **Admin > Geo > Replication**.
However, if this doesn't work, you can perform the same action using the Rails console. The
@ -469,7 +469,6 @@ destroy_artifacts_not_checksummable
The `last_sync_failure` error
`Error syncing repository: 13:fatal: could not read Username for 'https://gitlab.example.com': terminal prompts disabled`
indicates that JWT authentication is failing during a Geo clone or fetch request.
See [Geo (development) > Authentication](../../../../development/geo.md#authentication) for more context.
First, check that system clocks are synced. Run the [Health check Rake task](common.md#health-check-rake-task), or
manually check that `date`, on all Sidekiq nodes on the secondary site and all Puma nodes on the primary site, are the

1
doc/administration/get_started.md
View File

@ -105,7 +105,6 @@ Unlike other monitoring solutions (for example, Zabbix or New Relic), Prometheus
[these GitLab metrics](monitoring/prometheus/gitlab_metrics.md#metrics-available).
- Learn more about GitLab [bundled software metrics](monitoring/prometheus/_index.md#bundled-software-metrics).
- Prometheus and its exporters are on by default. However, you need to [configure the service](monitoring/prometheus/_index.md#configuring-prometheus).
- Learn more about [GitLab architecture](../development/architecture.md).
- Find out why [application performance metrics](https://about.gitlab.com/blog/2020/05/07/working-with-performance-metrics/) matter.
- Integrate Grafana to [build visual dashboards](https://youtu.be/f4R7s0An1qE) based on performance metrics.

4
doc/administration/maintenance_mode/_index.md
View File

@ -113,7 +113,7 @@ For most JSON requests, `POST`, `PUT`, `PATCH`, and `DELETE` are blocked, and th
| `POST` | `/admin/session`, `/admin/session/destroy` | To allow [Admin Mode for GitLab administrators](https://gitlab.com/groups/gitlab-org/-/epics/2158) |
| `POST` | Paths ending with `/compare`| Git revision routes. |
| `POST` | `.git/git-upload-pack` | To allow Git pull/clone. |
| `POST` | `/api/v4/internal` | [internal API routes](../../development/internal_api/_index.md) |
| `POST` | `/api/v4/internal` | internal API routes |
| `POST` | `/admin/sidekiq` | To allow management of background jobs in the **Admin** area |
| `POST` | `/admin/geo` | To allow updating Geo Nodes in the administrator UI |
| `POST` | `/api/v4/geo_replication`| To allow certain Geo-specific administrator UI actions on secondary sites |
@ -190,7 +190,7 @@ To monitor queues and disable jobs:
### Feature flags
- [Development feature flags](../../development/feature_flags/_index.md) cannot be turned on or off through the API, but can be toggled through the Rails console.
- Development feature flags cannot be turned on or off through the API, but can be toggled through the Rails console.
- [The feature flag service](../../operations/feature_flags.md) responds to feature flag checks but feature flags cannot be toggled
### Geo secondaries

2
doc/administration/silent_mode/_index.md
View File

@ -126,6 +126,6 @@ Outbound communications from the following features are not silenced by Silent M
| [File hooks](../file_hooks.md) | |
| [Server hooks](../server_hooks.md) | |
| [Advanced search](../../integration/advanced_search/elasticsearch.md) | If two GitLab instances are using the same Advanced Search instance, then they can both modify Search data. This is a split-brain scenario which can occur for example after promoting a secondary Geo site while the primary Geo site is live. |
| [Snowplow](../../development/internal_analytics/product_analytics.md) | There is [a proposal to silence these requests](https://gitlab.com/gitlab-org/gitlab/-/issues/409661). |
| Snowplow | There is [a proposal to silence these requests](https://gitlab.com/gitlab-org/gitlab/-/issues/409661). |
| [Deprecated Kubernetes Connections](../../user/clusters/agent/_index.md) | There is [a proposal to silence these requests](https://gitlab.com/gitlab-org/gitlab/-/issues/396470). |
| [Container registry webhooks](../packages/container_registry.md#configure-container-registry-notifications) | There is [a proposal to silence these requests](https://gitlab.com/gitlab-org/gitlab/-/issues/409682). |

27
doc/api/openapi/openapi_v2.yaml
View File

@ -43577,6 +43577,9 @@ definitions:
username:
type: string
example: admin
public_email:
type: string
example: john@example.com
name:
type: string
example: Administrator
@ -43661,6 +43664,9 @@ definitions:
username:
type: string
example: admin
public_email:
type: string
example: john@example.com
name:
type: string
example: Administrator
@ -45209,6 +45215,9 @@ definitions:
username:
type: string
example: admin
public_email:
type: string
example: john@example.com
name:
type: string
example: Administrator
@ -45236,8 +45245,6 @@ definitions:
type: string
location:
type: string
public_email:
type: string
skype:
type: string
linkedin:
@ -48228,6 +48235,9 @@ definitions:
username:
type: string
example: admin
public_email:
type: string
example: john@example.com
name:
type: string
example: Administrator
@ -48241,6 +48251,9 @@ definitions:
username:
type: string
example: admin
public_email:
type: string
example: john@example.com
name:
type: string
example: Administrator
@ -49570,6 +49583,9 @@ definitions:
username:
type: string
example: admin
public_email:
type: string
example: john@example.com
name:
type: string
example: Administrator
@ -49597,8 +49613,6 @@ definitions:
type: string
location:
type: string
public_email:
type: string
skype:
type: string
linkedin:
@ -64688,6 +64702,9 @@ definitions:
username:
type: string
example: admin
public_email:
type: string
example: john@example.com
name:
type: string
example: Administrator
@ -64715,8 +64732,6 @@ definitions:
type: string
location:
type: string
public_email:
type: string
skype:
type: string
linkedin:

8
doc/ci/components/_index.md
View File

@ -144,6 +144,12 @@ For example:
## Use a component
Prerequisites:
If you are a member of a parent group that contains the current group or project:
- You must have the minimum role set by the visibility level of the project's parent group. For example, you must have at least the Reporter role if a parent project is set to **Private**.
To add a component to a project's CI/CD configuration, use the [`include: component`](../yaml/_index.md#includecomponent)
keyword. The component reference is formatted as `<fully-qualified-domain-name>/<project-path>/<component-name>@<specific-version>`,
for example:
@ -612,7 +618,7 @@ in your project, you can select **CI/CD Catalog**.
Visibility of components in the CI/CD catalog follows the component source project's
[visibility setting](../../user/public_access.md). Components with source projects set to:
- Private are visible only to users assigned at least the Guest role for the source component project.
- Private are visible only to users assigned at least the Guest role for the source component project. To use a component, you must have at least the Reporter role.
- Internal are visible only to users logged into the GitLab instance.
- Public are visible to anyone with access to the GitLab instance.

6
doc/cloud_seed/_index.md
View File

@ -1,7 +1,7 @@
---
stage: none
group: unassigned
info: This is a GitLab Incubation Engineering program. No technical writer assigned to this group.
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Cloud Seed
---
@ -20,7 +20,7 @@ title: Cloud Seed
{{< /history >}}
Cloud Seed is an open-source program led
by [GitLab Incubation Engineering](https://handbook.gitlab.com/handbook/engineering/development/incubation/) in collaboration with
by GitLab in collaboration with
[Google Cloud](https://cloud.google.com/).
Cloud Seed combines Heroku-like ease-of-use with hyper-cloud flexibility. We do this by using OAuth 2 to provision
@ -170,7 +170,7 @@ There are several ways you can contribute to Cloud Seed:
- Use Cloud Seed and [share feedback](https://gitlab.com/gitlab-org/incubation-engineering/five-minute-production/feedback/-/issues/new?template=general_feedback).
- If you are familiar with Ruby on Rails or Vue.js,
consider [contributing to GitLab](../development/contributing/_index.md) as a developer.
consider contributing to GitLab as a developer.
- Much of Cloud Seed is an internal module in the GitLab codebase.
- If you are familiar with GitLab pipelines, consider contributing to
the [Cloud Seed Library](https://gitlab.com/gitlab-org/incubation-engineering/five-minute-production/library) project.

1
doc/solutions/integrations/aws_googlecloud_ollama.md
View File

@ -156,7 +156,6 @@ Key Highlights:
Designed for simplicity and performance, Ollama empowers users to harness the power of LLMs without the complexity of traditional AI infrastructure. Further details on setup and supported models will be covered later in the documentation.
- [Ollama Installation](../../development/ai_features/local_models.md)
- [Ollama Model Support](https://ollama.com/search)
## Installation

2
doc/tutorials/more_tutorials.md
View File

@ -15,4 +15,4 @@ If you're learning about GitLab, to find more tutorial content:
to find video tutorials.
If you find an article, video, or other resource that would be a
great addition to the tutorial pages, add it in a [merge request](../development/documentation/_index.md).
great addition to the tutorial pages, add it in a merge request.

71
doc/user/application_security/detect/_index.md
View File

@ -5,8 +5,18 @@ info: To determine the technical writer assigned to the Stage/Group associated w
title: Detect
---
Detect vulnerabilities in your project's repository and your application's behavior. Enable GitLab
security tools for your project's entire lifecycle, starting before the first commit.
Detect vulnerabilities in your project's repository and your application's behavior throughout the
software development lifecycle. During development, automated scanning provides immediate contextual
feedback, enabling developers to address potential vulnerabilities early. After development, you can
schedule or run security scanning manually, to identify new risks. A vulnerability report collates
all relevant details, enabling efficient vulnerability management.
To get the best from GitLab vulnerability detection it's important to understand:
- What aspects of your application or repository are scanned.
- What determines which scanners run.
- When vulnerability detection occurs.
- How to evaluate the results of vulnerability detection.
## Detection coverage
@ -42,43 +52,38 @@ Behavioral testing tools include:
- API security testing: Test your application's API for known attacks and vulnerabilities to input.
- Coverage-guided fuzz testing: Test your application for unexpected behavior.
## Early detection
## Scanner selection
Enable GitLab application security scanning tools from before the first commit. Early detection
provides benefits such as easier, quicker, and cheaper remediation, compared to detection later in
the software development lifecycle. GitLab provides developers immediate feedback of security
scanning, enabling them to address vulnerabilities early.
Security scanners are enabled for a project by either:
Security scans:
- Adding the scanner's CI/CD template to the `.gitlab-ci.yml` file, either directly or by using
AutoDevOps.
- Enforcing the scanner by using a scan execution policy, pipeline execution policy, or
compliance framework. This enforcement can be applied directly to the project or inherited from
the project's parent group.
- Run automatically in the CI/CD pipeline when developers commit changes. Vulnerabilities detected
in a feature branch are listed, enabling you to investigate and address them before they're merged
into the default branch. For more details, see
[Security scan results](security_scan_results.md).
- Can be scheduled or run manually to detect vulnerabilities. When a project is idle and no changes
are being made, security scans configured to run in a CI/CD pipeline are not run. Risks such as
newly-discovered vulnerabilities can go undetected in this situation. Running security scans
outside a CI/CD pipeline helps address this risk. For more details, see
[Scan execution policies](../policies/scan_execution_policies.md).
## Vulnerability detection
## Prevention
Vulnerability detection runs in a CI/CD pipeline when:
Security scanning in the pipeline can help minimize the risk of vulnerabilities in the default
branch:
- Code changes are committed and pushed to the repository.
- A pipeline is run manually.
- Started manually, for example, a DAST on-demand scan.
- Scheduled by a scan execution policy.
- Extra approval can be enforced on merge requests according to the results of pipeline
security scanning. For example, you can require that a member of the security team **also**
approve a merge request if one or more critical vulnerabilities are detected in the code
changes. For more details, see
[Merge request approval policies](../policies/merge_request_approval_policies.md).
- Secret push protection can prevent commits being pushed to GitLab if they contain secret
information - for example, a GitLab personal access token.
Vulnerability detection runs by default in branch pipelines, and in merge request pipelines if it's
enabled in the CI/CD template.
## Vulnerability management workflow
- On branch pipelines:
Vulnerabilities detected in the default branch are listed in the vulnerability report. To address
these vulnerabilities, follow the vulnerability management workflow:
- Detect vulnerabilities on feature branches before you merge them into the default branch.
- Investigate and respond to new vulnerabilities in your long-lived branches.
- Run periodic, scheduled scans of your projects to identify new vulnerabilities, even if development has stopped.
- Triage: Evaluate vulnerabilities to identify those that need immediate attention.
- Analyze: Examine details of a vulnerability to determine if it can and should be remediated.
- Remediate: Resolve the root cause of the vulnerability, reduce the associated risks, or both.
- On merge request pipelines:
- Enforce additional approval requirements to manage the risk of new vulnerabilities.
- Keep your project open to contributions while securing it against adversarial changes.
View the results of security scanning in either the branch pipeline or the merge request.
Vulnerabilities detected in the default branch are listed in the vulnerability report.

6
doc/user/application_security/get-started-security.md
View File

@ -1,6 +1,6 @@
---
stage: DevSecOps
group: Technical writing
stage: Application Security Testing
group: Secret Detection
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Get started securing your application
---
@ -146,4 +146,4 @@ For more information, see:
- [DAST](dast/_index.md)
- [Fuzz testing](coverage_fuzzing/_index.md)
- [Web API fuzzing](api_fuzzing/_index.md)
- [Review apps](../../development/testing_guide/review_apps.md)
- [Review apps](../../ci/review_apps/_index.md)

12
doc/user/application_security/policies/scheduled_pipeline_execution_policies.md
View File

@ -2,22 +2,30 @@
stage: Security Risk Management
group: Security Policies
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Scheduled pipeline execution policies (Experimental)
title: Scheduled pipeline execution policies
---
{{< details >}}
- Tier: Ultimate
- Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated
- Status: Experiment
{{< /details >}}
{{< history >}}
- [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/14147) as an experiment in GitLab 18.0 with an experimental flag named `scheduled_pipeline_execution_policy_type` defined in the `policy.yml` file.
- [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/14147) as an experiment in GitLab 18.0 with a flag named `scheduled_pipeline_execution_policy_type` defined in the `policy.yml` file.
{{< /history >}}
{{< alert type="flag" >}}
The availability of this feature is controlled by a feature flag.
For more information, see the history. This feature is available for testing, but not ready for production use.
{{< /alert >}}
Pipeline execution policies enforce custom CI/CD jobs in your projects' pipelines. With scheduled pipeline execution policies, you can extend this enforcement to run the CI/CD job on a regular cadence (daily, weekly, or monthly), ensuring that compliance scripts, security scans, or other custom CI/CD job are executed even when there are no new commits.
## Scheduling your pipeline execution policies

2
doc/user/gitlab_com/_index.md
View File

@ -373,7 +373,7 @@ For more information, see the history.
{{< /alert >}}
GitLab limits each merge request to 1,000,000 (one million) [diff commits](../../development/merge_request_concepts/diffs/development.md#mergerequestdiffcommit).
GitLab limits each merge request to 1,000,000 (one million) diff commits.
Merge requests that reach this limit cannot be updated further. Instead,
close the affected merge request and create a new merge request.

1
doc/user/organization/_index.md
View File

@ -155,5 +155,4 @@ The Organization description field supports a limited subset of [GitLab Flavored
## Related topics
- [Organization developer documentation](../../development/organization/_index.md)
- [Organization design document](https://handbook.gitlab.com/handbook/engineering/architecture/design-documents/organization/)

273
doc/user/permissions.md
View File

@ -230,47 +230,52 @@ Project permissions for monitoring including [error tracking](../operations/erro
Project permissions for [issues](project/issues/_index.md):
| Action | Guest | Planner | Reporter | Developer | Maintainer | Owner | Notes |
| --------------------------------------------------------------------- | :---: | :-----: | :------: | :-------: | :--------: | :---: | ----- |
| View issues | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Create issues | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| View [confidential issues](project/issues/confidential_issues.md) | | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Action | Guest | Planner | Reporter | Developer | Maintainer | Owner | Notes |
|-----------------------------------------------------------------------|:-----:|:-------:|:--------:|:---------:|:----------:|:-----:|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| View issues | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| [Search](search/_index.md) issues and comments | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Create issues | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| View [confidential issues](project/issues/confidential_issues.md) | | ✓ | ✓ | ✓ | ✓ | ✓ | |
| [Search](search/_index.md) confidential issues and comments | | | ✓ | ✓ | ✓ | ✓ | |
| Edit issues, including metadata, item locking, and resolving threads | | ✓ | ✓ | ✓ | ✓ | ✓ | Metadata includes labels, assignees, milestones, epics, weight, confidentiality, time tracking, and more.<br /><br />Guest users can only set metadata when creating an issue. They cannot change the metadata on existing issues. Guest users can modify the title and description of issues that they authored or are assigned to. |
| Add internal note | | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Close and reopen issues | | ✓ | ✓ | ✓ | ✓ | ✓ | Guest users can close and reopen issues that they authored or are assigned to. |
| Manage [design management](project/issues/design_management.md) files | | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Manage [issue boards](project/issue_board.md) | | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Manage [milestones](project/milestones/_index.md) | | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Archive or reopen [requirements](project/requirements/_index.md) | | ✓ | ✓ | ✓ | ✓ | ✓ | Guest users can archive and reopen issues that they authored or are assigned to. |
| Create or edit [requirements](project/requirements/_index.md) | | ✓ | ✓ | ✓ | ✓ | ✓ | Guest users can modify the title and description that they authored or are assigned to. |
| Import or export [requirements](project/requirements/_index.md) | | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Archive [test cases](../ci/test_cases/_index.md) | | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Create [test cases](../ci/test_cases/_index.md) | | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Move [test cases](../ci/test_cases/_index.md) | | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Reopen [test cases](../ci/test_cases/_index.md) | | ✓ | ✓ | ✓ | ✓ | ✓ | |
| [Import](project/issues/csv_import.md) issues from a CSV file | | ✓ | | ✓ | ✓ | ✓ | |
| [Export](project/issues/csv_export.md) issues to a CSV file | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Delete issues | | ✓ | | | | ✓ | |
| Manage [Feature flags](../operations/feature_flags.md) | | | | ✓ | ✓ | ✓ | |
| Add internal note | | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Close and reopen issues | | ✓ | ✓ | ✓ | ✓ | ✓ | Guest users can close and reopen issues that they authored or are assigned to. |
| Manage [design management](project/issues/design_management.md) files | | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Manage [issue boards](project/issue_board.md) | | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Manage [milestones](project/milestones/_index.md) | | ✓ | ✓ | ✓ | ✓ | ✓ | |
| [Search](search/_index.md) milestones | | | ✓ | ✓ | ✓ | ✓ | |
| Archive or reopen [requirements](project/requirements/_index.md) | | ✓ | ✓ | ✓ | ✓ | ✓ | Guest users can archive and reopen issues that they authored or are assigned to. |
| Create or edit [requirements](project/requirements/_index.md) | | ✓ | ✓ | ✓ | ✓ | ✓ | Guest users can modify the title and description that they authored or are assigned to. |
| Import or export [requirements](project/requirements/_index.md) | | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Archive [test cases](../ci/test_cases/_index.md) | | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Create [test cases](../ci/test_cases/_index.md) | | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Move [test cases](../ci/test_cases/_index.md) | | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Reopen [test cases](../ci/test_cases/_index.md) | | ✓ | ✓ | ✓ | ✓ | ✓ | |
| [Import](project/issues/csv_import.md) issues from a CSV file | | ✓ | | ✓ | ✓ | ✓ | |
| [Export](project/issues/csv_export.md) issues to a CSV file | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Delete issues | | ✓ | | | | ✓ | |
| Manage [Feature flags](../operations/feature_flags.md) | | | | ✓ | ✓ | ✓ | |
Project permissions for [tasks](tasks.md):
| Action | Guest | Planner | Reporter | Developer | Maintainer | Owner | Notes |
| ------------------------------------------------------------------- | :---: | :-----: | :------: | :-------: | :--------: | :---: | ----- |
| View tasks | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| [Search](search/_index.md) tasks | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Create tasks | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Edit tasks, including metadata, item locking, and resolving threads | | ✓ | ✓ | ✓ | ✓ | ✓ | Guest users can modify the title and description that they authored or are assigned to. |
| Add a linked item | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Convert to another item type | | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Remove from issue | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Add internal note | | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Delete tasks | | ✓ | | | | ✓ | Users who don't have the Planner or Owner role can delete the tasks they authored. |
| Add a linked item | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Convert to another item type | | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Remove from issue | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Add internal note | | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Delete tasks | | ✓ | | | | ✓ | Users who don't have the Planner or Owner role can delete the tasks they authored. |
Project permissions for [OKRs](okrs.md):
| Action | Guest | Planner | Reporter | Developer | Maintainer | Owner | Notes |
| ------------------------------------------------------------------ | :---: | :-----: | :------: | :-------: | :--------: | :---: | ----- |
| View OKRs | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| [Search](search/_index.md) OKRs | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Create OKRs | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Edit OKRs, including metadata, item locking, and resolving threads | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Add a child OKR | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
@ -282,12 +287,13 @@ Project permissions for [OKRs](okrs.md):
Project permissions for [wikis](project/wiki/_index.md):
| Action | Guest | Planner | Reporter | Developer | Maintainer | Owner | Notes |
| ----------------- | :---: | :-----: | :------: | :-------: | :--------: | :---: | ----- |
| View wiki | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Create wiki pages | | ✓ | | ✓ | ✓ | ✓ | |
| Edit wiki pages | | ✓ | | ✓ | ✓ | ✓ | |
| Delete wiki pages | | ✓ | | ✓ | ✓ | ✓ | |
| Action | Guest | Planner | Reporter | Developer | Maintainer | Owner | Notes |
|----------------------------------|:-----:|:-------:|:--------:|:---------:|:----------:|:-----:|-------|
| View wiki | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| [Search](search/_index.md) wikis | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Create wiki pages | | ✓ | | ✓ | ✓ | ✓ | |
| Edit wiki pages | | ✓ | | ✓ | ✓ | ✓ | |
| Delete wiki pages | | ✓ | | ✓ | ✓ | ✓ | |
### Packages and registry
@ -313,38 +319,39 @@ Project permissions for [package registry](packages/_index.md):
Project permissions for [project features](project/organize_work_with_projects.md):
| Action | Guest | Planner | Reporter | Developer | Maintainer | Owner | Notes |
| ------------------------------------------------------------------------- | :---: | :-----: | :------: | :-------: | :--------: | :---: | ----- |
| Download project | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | On GitLab Self-Managed, users with the Guest role are able to perform this action only on public and internal projects (not on private projects). [External users](../administration/external_users.md) must be given explicit access (at least the **Reporter** role) even if the project is internal. Users with the Guest role on GitLab.com are only able to perform this action on public projects because internal visibility is not available. |
| Leave comments | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Reposition comments on images (posted by any user) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | Applies only to comments on [Design Management](project/issues/design_management.md) designs. |
| View [Insights](project/insights/_index.md) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| View [Requirements](project/requirements/_index.md) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| View [time tracking](project/time_tracking.md) reports | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | On GitLab Self-Managed, users with the Guest role are able to perform this action only on public and internal projects (not on private projects). [External users](../administration/external_users.md) must be given explicit access (at least the **Reporter** role) even if the project is internal. Users with the Guest role on GitLab.com are only able to perform this action on public projects because internal visibility is not available. |
| View [snippets](snippets.md) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| View [project traffic statistics](../api/project_statistics.md) | | | ✓ | ✓ | ✓ | ✓ | |
| Create [snippets](snippets.md) | | | ✓ | ✓ | ✓ | ✓ | |
| View [releases](project/releases/_index.md) | | ✓ | | ✓ | ✓ | ✓ | Guest users can access GitLab [**Releases**](project/releases/_index.md) for downloading assets but are not allowed to download the source code nor see [repository information like commits and release evidence](project/releases/_index.md#view-a-release-and-download-assets). |
| Manage [releases](project/releases/_index.md) | | | | | ✓ | ✓ | If the [tag is protected](project/protected_tags.md), this depends on the access given to Developers and Maintainers. |
| Configure [webhooks](project/integrations/webhooks.md) | | | | | ✓ | ✓ | |
| Manage [project access tokens](project/settings/project_access_tokens.md) | | | | | ✓ | ✓ | For GitLab Self-Managed, project access tokens are available in all tiers. For GitLab.com, project access tokens are supported in the Premium and Ultimate tier (excluding [trial licenses](https://about.gitlab.com/free-trial/)). |
| [Export project](project/settings/import_export.md) | | | | | ✓ | ✓ | |
| Rename project | | | | | ✓ | ✓ | |
| Edit project badges | | | | | ✓ | ✓ | |
| Edit project settings | | | | | ✓ | ✓ | |
| Change [project features visibility](public_access.md) level | | | | | ✓ | ✓ | A Maintainer or Owner can't change project features visibility level if [project visibility](public_access.md) is set to private. |
| Change custom settings for [project integrations](project/integrations/_index.md) | | | | | ✓ | ✓ | |
| Edit comments (posted by any user) | | | | | ✓ | ✓ | |
| Add [deploy keys](project/deploy_keys/_index.md) | | | | | ✓ | ✓ | |
| Manage [Project Operations](../operations/_index.md) | | | | | ✓ | ✓ | |
| View [Usage Quotas](storage_usage_quotas.md) page | | | | | ✓ | ✓ | |
| Globally delete [snippets](snippets.md) | | | | | ✓ | ✓ | |
| Globally edit [snippets](snippets.md) | | | | | ✓ | ✓ | |
| Archive project | | | | | | ✓ | |
| Change project visibility level | | | | | | ✓ | |
| Delete project | | | | | | ✓ | |
| Disable notification emails | | | | | | ✓ | |
| Transfer project | | | | | | ✓ | |
| Action | Guest | Planner | Reporter | Developer | Maintainer | Owner | Notes |
|--------------------------------------------------------------------------------------|:-----:|:-------:|:--------:|:---------:|:----------:|:-----:|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Download project | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | On GitLab Self-Managed, users with the Guest role are able to perform this action only on public and internal projects (not on private projects). [External users](../administration/external_users.md) must be given explicit access (at least the **Reporter** role) even if the project is internal. Users with the Guest role on GitLab.com are only able to perform this action on public projects because internal visibility is not available. |
| Leave comments | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Reposition comments on images (posted by any user) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | Applies only to comments on [Design Management](project/issues/design_management.md) designs. |
| View [Insights](project/insights/_index.md) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| View [Requirements](project/requirements/_index.md) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| View [time tracking](project/time_tracking.md) reports | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | On GitLab Self-Managed, users with the Guest role are able to perform this action only on public and internal projects (not on private projects). [External users](../administration/external_users.md) must be given explicit access (at least the **Reporter** role) even if the project is internal. Users with the Guest role on GitLab.com are only able to perform this action on public projects because internal visibility is not available. |
| View [snippets](snippets.md) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| [Search](search/_index.md) [snippets](snippets.md) and comments | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| View [project traffic statistics](../api/project_statistics.md) | | | ✓ | ✓ | ✓ | ✓ | |
| Create [snippets](snippets.md) | | | ✓ | ✓ | ✓ | ✓ | |
| View [releases](project/releases/_index.md) | | ✓ | | ✓ | ✓ | ✓ | Guest users can access GitLab [**Releases**](project/releases/_index.md) for downloading assets but are not allowed to download the source code nor see [repository information like commits and release evidence](project/releases/_index.md#view-a-release-and-download-assets). |
| Manage [releases](project/releases/_index.md) | | | | | ✓ | ✓ | If the [tag is protected](project/protected_tags.md), this depends on the access given to Developers and Maintainers. |
| Configure [webhooks](project/integrations/webhooks.md) | | | | | ✓ | ✓ | |
| Manage [project access tokens](project/settings/project_access_tokens.md) | | | | | ✓ | ✓ | For GitLab Self-Managed, project access tokens are available in all tiers. For GitLab.com, project access tokens are supported in the Premium and Ultimate tier (excluding [trial licenses](https://about.gitlab.com/free-trial/)). |
| [Export project](project/settings/import_export.md) | | | | | ✓ | ✓ | |
| Rename project | | | | | ✓ | ✓ | |
| Edit project badges | | | | | ✓ | ✓ | |
| Edit project settings | | | | | ✓ | ✓ | |
| Change [project features visibility](public_access.md) level | | | | | ✓ | ✓ | A Maintainer or Owner can't change project features visibility level if [project visibility](public_access.md) is set to private. |
| Change custom settings for [project integrations](project/integrations/_index.md) | | | | | ✓ | ✓ | |
| Edit comments (posted by any user) | | | | | ✓ | ✓ | |
| Add [deploy keys](project/deploy_keys/_index.md) | | | | | ✓ | ✓ | |
| Manage [Project Operations](../operations/_index.md) | | | | | ✓ | ✓ | |
| View [Usage Quotas](storage_usage_quotas.md) page | | | | | ✓ | ✓ | |
| Globally delete [snippets](snippets.md) | | | | | ✓ | ✓ | |
| Globally edit [snippets](snippets.md) | | | | | ✓ | ✓ | |
| Archive project | | | | | | ✓ | |
| Change project visibility level | | | | | | ✓ | |
| Delete project | | | | | | ✓ | |
| Disable notification emails | | | | | | ✓ | |
| Transfer project | | | | | | ✓ | |
Project permissions for [GitLab Pages](project/pages/_index.md):
@ -359,42 +366,45 @@ Project permissions for [GitLab Pages](project/pages/_index.md):
Project permissions for [repository](project/repository/_index.md) features including source code, branches, push rules, and more:
| Action | Guest | Planner | Reporter | Developer | Maintainer | Owner | Notes |
| --------------------------------------------------------------------- | :---: | :-----: | :------: | :-------: | :--------: | :---: | ----- |
| Action | Guest | Planner | Reporter | Developer | Maintainer | Owner | Notes |
|-----------------------------------------------------------------------|:-----:|:-------:|:--------:|:---------:|:----------:|:-----:|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| View project code | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | On GitLab Self-Managed, users with the Guest role are able to perform this action only on public and internal projects (not on private projects). [External users](../administration/external_users.md) must be given explicit access (at least the **Reporter** role) even if the project is internal. Users with the Guest role on GitLab.com are only able to perform this action on public projects because internal visibility is not available. In GitLab 15.9 and later, users with the Guest role and an Ultimate license can view private repository content if an administrator (on GitLab Self-Managed or GitLab Dedicated) or group owner (on GitLab.com) gives those users permission. The administrator or group owner can create a [custom role](custom_roles/_index.md) through the API or UI and assign that role to the users. |
| Pull project code | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | On GitLab Self-Managed, users with the Guest role are able to perform this action only on public and internal projects (not on private projects). [External users](../administration/external_users.md) must be given explicit access (at least the **Reporter** role) even if the project is internal. Users with the Guest role on GitLab.com are only able to perform this action on public projects because internal visibility is not available. |
| View commit status | | | ✓ | ✓ | ✓ | ✓ | |
| Create commit status | | | | ✓ | ✓ | ✓ | If the [branch is protected](project/repository/branches/protected.md), this depends on the access given to Developers and Maintainers. |
| Update commit status | | | | ✓ | ✓ | ✓ | If the [branch is protected](project/repository/branches/protected.md), this depends on the access given to Developers and Maintainers. |
| Create [Git tags](project/repository/tags/_index.md) | | | | ✓ | ✓ | ✓ | |
| Delete [Git tags](project/repository/tags/_index.md) | | | | ✓ | ✓ | ✓ | |
| Create new [branches](project/repository/branches/_index.md) | | | | ✓ | ✓ | ✓ | |
| Delete non-protected branches | | | | ✓ | ✓ | ✓ | |
| Force push to non-protected branches | | | | ✓ | ✓ | ✓ | |
| Push to non-protected branches | | | | ✓ | ✓ | ✓ | |
| Manage [protected branches](project/repository/branches/protected.md) | | | | | ✓ | ✓ | |
| Delete protected branches | | | | | ✓ | ✓ | |
| Push to protected branches | | | | | ✓ | ✓ | If the [branch is protected](project/repository/branches/protected.md), this depends on the access given to Developers and Maintainers. |
| Manage [protected tags](project/protected_tags.md) | | | | | ✓ | ✓ | |
| Manage [push rules](project/repository/push_rules.md) | | | | | ✓ | ✓ | |
| Remove fork relationship | | | | | | ✓ | |
| Force push to protected branches | | | | | | | Not allowed for Guest, Reporter, Developer, Maintainer, or Owner. See [protected branches](project/repository/branches/protected.md#allow-force-push-on-a-protected-branch). |
| [Search](search/_index.md) project code | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | On GitLab Self-Managed, users with the Guest role are able to perform this action only on public and internal projects (not on private projects). [External users](../administration/external_users.md) must be given explicit access (at least the **Reporter** role) even if the project is internal. Users with the Guest role on GitLab.com are only able to perform this action on public projects because internal visibility is not available. In GitLab 15.9 and later, users with the Guest role and an Ultimate license can search private repository content if an administrator (on GitLab Self-Managed or GitLab Dedicated) or group owner (on GitLab.com) gives those users permission. The administrator or group owner can create a [custom role](custom_roles/_index.md) through the API or UI and assign that role to the users. |
| Pull project code | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | On GitLab Self-Managed, users with the Guest role are able to perform this action only on public and internal projects (not on private projects). [External users](../administration/external_users.md) must be given explicit access (at least the **Reporter** role) even if the project is internal. Users with the Guest role on GitLab.com are only able to perform this action on public projects because internal visibility is not available. |
| View commit status | | | ✓ | ✓ | ✓ | ✓ | |
| Create commit status | | | | ✓ | ✓ | ✓ | If the [branch is protected](project/repository/branches/protected.md), this depends on the access given to Developers and Maintainers. |
| Update commit status | | | | ✓ | ✓ | ✓ | If the [branch is protected](project/repository/branches/protected.md), this depends on the access given to Developers and Maintainers. |
| [Search](search/_index.md) commits and comments | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | On GitLab Self-Managed, users with the Guest role are able to perform this action only on public and internal projects (not on private projects). [External users](../administration/external_users.md) must be given explicit access (at least the **Reporter** role) even if the project is internal. Users with the Guest role on GitLab.com are only able to perform this action on public projects because internal visibility is not available. In GitLab 15.9 and later, users with the Guest role and an Ultimate license can view private repository content if an administrator (on GitLab Self-Managed or GitLab Dedicated) or group owner (on GitLab.com) gives those users permission. The administrator or group owner can create a [custom role](custom_roles/_index.md) through the API or UI and assign that role to the users. |
| Create [Git tags](project/repository/tags/_index.md) | | | | ✓ | ✓ | ✓ | |
| Delete [Git tags](project/repository/tags/_index.md) | | | | ✓ | ✓ | ✓ | |
| Create new [branches](project/repository/branches/_index.md) | | | | ✓ | ✓ | ✓ | |
| Delete non-protected branches | | | | ✓ | ✓ | ✓ | |
| Force push to non-protected branches | | | | ✓ | ✓ | ✓ | |
| Push to non-protected branches | | | | ✓ | ✓ | ✓ | |
| Manage [protected branches](project/repository/branches/protected.md) | | | | | ✓ | ✓ | |
| Delete protected branches | | | | | ✓ | ✓ | |
| Push to protected branches | | | | | ✓ | ✓ | If the [branch is protected](project/repository/branches/protected.md), this depends on the access given to Developers and Maintainers. |
| Manage [protected tags](project/protected_tags.md) | | | | | ✓ | ✓ | |
| Manage [push rules](project/repository/push_rules.md) | | | | | ✓ | ✓ | |
| Remove fork relationship | | | | | | ✓ | |
| Force push to protected branches | | | | | | | Not allowed for Guest, Reporter, Developer, Maintainer, or Owner. See [protected branches](project/repository/branches/protected.md#allow-force-push-on-a-protected-branch). |
### Merge requests
Project permissions for [merge requests](project/merge_requests/_index.md):
| Action | Guest | Planner | Reporter | Developer | Maintainer | Owner | Notes |
| ---------------------------------------------------------------------------------------------------------- | :---: | :-----: | :------: | :-------: | :--------: | :---: | ----- |
| [View](project/merge_requests/_index.md#view-merge-requests) a merge request | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | On GitLab Self-Managed, users with the Guest role are able to perform this action only on public and internal projects (not on private projects). [External users](../administration/external_users.md) must be given explicit access (at least the **Reporter** role) even if the project is internal. Users with the Guest role on GitLab.com are only able to perform this action on public projects because internal visibility is not available. |
| Create [snippets](snippets.md) | | | ✓ | ✓ | ✓ | ✓ | |
| Create [merge request](project/merge_requests/creating_merge_requests.md) | | | | ✓ | ✓ | ✓ | In projects that accept contributions from external members, users can create, edit, and close their own merge requests. For **private** projects, this excludes the Guest role as those users [cannot clone private projects](public_access.md#private-projects-and-groups). For **internal** projects, includes users with read-only access to the project, as [they can clone internal projects](public_access.md#internal-projects-and-groups). |
| Comment and add suggestions to a merge request | | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Update merge request including assign, review, approve, labels, lock threads, and resolve threads | | | | ✓ | ✓ | ✓ | For information on eligible approvers for merge requests, see [Eligible approvers](project/merge_requests/approvals/rules.md#eligible-approvers). |
| Manage [merge request settings](project/merge_requests/approvals/settings.md) | | | | | ✓ | ✓ | |
| Manage [merge request approval rules](project/merge_requests/approvals/rules.md) | | | | | ✓ | ✓ | |
| Add internal note | | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Delete merge request | | | | | | ✓ | |
| Action | Guest | Planner | Reporter | Developer | Maintainer | Owner | Notes |
|---------------------------------------------------------------------------------------------------|:-----:|:-------:|:--------:|:---------:|:----------:|:-----:|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| [View](project/merge_requests/_index.md#view-merge-requests) a merge request | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | On GitLab Self-Managed, users with the Guest role are able to perform this action only on public and internal projects (not on private projects). [External users](../administration/external_users.md) must be given explicit access (at least the **Reporter** role) even if the project is internal. Users with the Guest role on GitLab.com are only able to perform this action on public projects because internal visibility is not available. |
| [Search](search/_index.md) merge requests and comments | ✓ | | ✓ | ✓ | ✓ | ✓ | On GitLab Self-Managed, users with the Guest role are able to perform this action only on public and internal projects (not on private projects). [External users](../administration/external_users.md) must be given explicit access (at least the **Reporter** role) even if the project is internal. Users with the Guest role on GitLab.com are only able to perform this action on public projects because internal visibility is not available. |
| Create [snippets](snippets.md) | | | ✓ | ✓ | ✓ | ✓ | |
| Create [merge request](project/merge_requests/creating_merge_requests.md) | | | | ✓ | ✓ | ✓ | In projects that accept contributions from external members, users can create, edit, and close their own merge requests. For **private** projects, this excludes the Guest role as those users [cannot clone private projects](public_access.md#private-projects-and-groups). For **internal** projects, includes users with read-only access to the project, as [they can clone internal projects](public_access.md#internal-projects-and-groups). |
| Comment and add suggestions to a merge request | | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Update merge request including assign, review, approve, labels, lock threads, and resolve threads | | | | ✓ | ✓ | ✓ | For information on eligible approvers for merge requests, see [Eligible approvers](project/merge_requests/approvals/rules.md#eligible-approvers). |
| Manage [merge request settings](project/merge_requests/approvals/settings.md) | | | | | ✓ | ✓ | |
| Manage [merge request approval rules](project/merge_requests/approvals/rules.md) | | | | | ✓ | ✓ | |
| Add internal note | | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Delete merge request | | | | | | ✓ | |
### User management
@ -491,26 +501,27 @@ Group permissions for [GitLab Duo](gitlab_duo/_index.md):
Group permissions for [group features](group/_index.md):
| Action | Guest | Planner | Reporter | Developer | Maintainer | Owner | Notes |
| ------------------------------------------------------------------------------------------ | :---: | :-----: | :------: | :-------: | :--------: | :---: | ----- |
| Browse group | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| View group [audit events](compliance/audit_events.md) | | | | ✓ | ✓ | ✓ | Developers and Maintainers can only view events based on their individual actions. For more details, see the [prerequisites](compliance/audit_events.md#prerequisites). |
| Create project in group | | | | ✓ | ✓ | ✓ | Developers, Maintainers and Owners: Only if the project creation role is set [for the instance](../administration/settings/visibility_and_access_controls.md#define-which-roles-can-create-projects) or [for the group](group/_index.md#specify-who-can-add-projects-to-a-group).<br><br>Developers: Developers can push commits to the default branch of a new project only if the [default branch protection](group/manage.md#change-the-default-branch-protection-of-a-group) is set to "Partially protected" or "Not protected". |
| Create subgroup | | | | | ✓ | ✓ | Maintainers: Only if users with the Maintainer role [can create subgroups](group/subgroups/_index.md#change-who-can-create-subgroups). |
| Change custom settings for [project integrations](project/integrations/_index.md) | | | | | | ✓ | |
| Edit [epic](group/epics/_index.md) comments (posted by any user) | | ✓ | | | ✓ | ✓ | |
| Fork project into a group | | | | | ✓ | ✓ | |
| View [Billing](../subscriptions/gitlab_com/_index.md#view-gitlabcom-subscription) | | | | | | ✓ | Does not apply to subgroups |
| View group [Usage Quotas](storage_usage_quotas.md) page | | | | | | ✓ | Does not apply to subgroups |
| [Migrate group](group/import/_index.md) | | | | | | ✓ | |
| Delete group | | | | | | ✓ | |
| Manage [subscriptions, storage, and compute minutes](../subscriptions/gitlab_com/_index.md) | | | | | | ✓ | |
| Manage [group access tokens](group/settings/group_access_tokens.md) | | | | | | ✓ | |
| Change group visibility level | | | | | | ✓ | |
| Edit group settings | | | | | | ✓ | |
| Configure project templates | | | | | | ✓ | |
| Configure [SAML SSO](group/saml_sso/_index.md) | | | | | | ✓ | Does not apply to subgroups |
| Disable notification emails | | | | | | ✓ | |
| Action | Guest | Planner | Reporter | Developer | Maintainer | Owner | Notes |
|---------------------------------------------------------------------------------------------|:-----:|:-------:|:--------:|:---------:|:----------:|:-----:|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Browse group | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| [Search](search/_index.md) projects in group | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| View group [audit events](compliance/audit_events.md) | | | | ✓ | ✓ | ✓ | Developers and Maintainers can only view events based on their individual actions. For more details, see the [prerequisites](compliance/audit_events.md#prerequisites). |
| Create project in group | | | | ✓ | ✓ | ✓ | Developers, Maintainers and Owners: Only if the project creation role is set [for the instance](../administration/settings/visibility_and_access_controls.md#define-which-roles-can-create-projects) or [for the group](group/_index.md#specify-who-can-add-projects-to-a-group).<br><br>Developers: Developers can push commits to the default branch of a new project only if the [default branch protection](group/manage.md#change-the-default-branch-protection-of-a-group) is set to "Partially protected" or "Not protected". |
| Create subgroup | | | | | ✓ | ✓ | Maintainers: Only if users with the Maintainer role [can create subgroups](group/subgroups/_index.md#change-who-can-create-subgroups). |
| Change custom settings for [project integrations](project/integrations/_index.md) | | | | | | ✓ | |
| Edit [epic](group/epics/_index.md) comments (posted by any user) | | ✓ | | | ✓ | ✓ | |
| Fork project into a group | | | | | ✓ | ✓ | |
| View [Billing](../subscriptions/gitlab_com/_index.md#view-gitlabcom-subscription) | | | | | | ✓ | Does not apply to subgroups |
| View group [Usage Quotas](storage_usage_quotas.md) page | | | | | | ✓ | Does not apply to subgroups |
| [Migrate group](group/import/_index.md) | | | | | | ✓ | |
| Delete group | | | | | | ✓ | |
| Manage [subscriptions, storage, and compute minutes](../subscriptions/gitlab_com/_index.md) | | | | | | ✓ | |
| Manage [group access tokens](group/settings/group_access_tokens.md) | | | | | | ✓ | |
| Change group visibility level | | | | | | ✓ | |
| Edit group settings | | | | | | ✓ | |
| Configure project templates | | | | | | ✓ | |
| Configure [SAML SSO](group/saml_sso/_index.md) | | | | | | ✓ | Does not apply to subgroups |
| Disable notification emails | | | | | | ✓ | |
### Project planning group permissions
@ -524,25 +535,27 @@ Group permissions for project planning features including iterations, milestones
Group permissions for [epics](group/epics/_index.md):
| Action | Guest | Planner | Reporter | Developer | Maintainer | Owner | Notes |
| ----------------------------------------------------------------------------- | ----- | ------- | -------- | --------- | ---------- | ----- | ----- |
| View epic | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Create epic | | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Edit epic, including metadata, item locking, and resolving threads | | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Delete epic | | ✓ | | | | ✓ | |
| Manage [epic boards](group/epics/epic_boards.md) | | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Add issue to an [epic](group/epics/_index.md) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | You must have permission to [view the epic](group/epics/manage_epics.md#who-can-view-an-epic) and edit the issue. |
| Add/remove [child epics](group/epics/manage_epics.md#multi-level-child-epics) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | You must have permission to [view](group/epics/manage_epics.md#who-can-view-an-epic) the parent and child epics. |
| Add internal note | | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Action | Guest | Planner | Reporter | Developer | Maintainer | Owner | Notes |
|-------------------------------------------------------------------------------|:-----:|:-------:|:--------:|:---------:|:----------:|:-----:|-------------------------------------------------------------------------------------------------------------------|
| View epic | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| [Search](search/_index.md) epics | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | You must have permission to [view the epic](group/epics/manage_epics.md#who-can-view-an-epic). |
| Create epic | | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Edit epic, including metadata, item locking, and resolving threads | | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Delete epic | | ✓ | | | | ✓ | |
| Manage [epic boards](group/epics/epic_boards.md) | | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Add issue to an [epic](group/epics/_index.md) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | You must have permission to [view the epic](group/epics/manage_epics.md#who-can-view-an-epic) and edit the issue. |
| Add/remove [child epics](group/epics/manage_epics.md#multi-level-child-epics) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | You must have permission to [view](group/epics/manage_epics.md#who-can-view-an-epic) the parent and child epics. |
| Add internal note | | ✓ | ✓ | ✓ | ✓ | ✓ | |
Group permissions for [wikis](project/wiki/group.md):
| Action | Guest | Planner | Reporter | Developer | Maintainer | Owner | Notes |
| ----------------------- | :---: | :-----: | :------: | :-------: | :--------: | :---: | ----- |
| View group wiki | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | Guests: In addition, if your group is public or internal, all users who can see the group can also see group wiki pages. |
| Create group wiki pages | | ✓ | | ✓ | ✓ | ✓ | |
| Edit group wiki pages | | ✓ | | ✓ | ✓ | ✓ | |
| Delete group wiki pages | | ✓ | | ✓ | ✓ | ✓ | |
| Action | Guest | Planner | Reporter | Developer | Maintainer | Owner | Notes |
|----------------------------------------|:-----:|:-------:|:--------:|:---------:|:----------:|:-----:|-----------------------------------------------------------------------------------------------------------------------------|
| View group wiki | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | Guests: In addition, if your group is public or internal, all users who can see the group can also see group wiki pages. |
| [Search](search/_index.md) group wikis | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | Guests: In addition, if your group is public or internal, all users who can see the group can also search group wiki pages. |
| Create group wiki pages | | ✓ | | ✓ | ✓ | ✓ | |
| Edit group wiki pages | | ✓ | | ✓ | ✓ | ✓ | |
| Delete group wiki pages | | ✓ | | ✓ | ✓ | ✓ | |
### Packages and registries group permissions

2
doc/user/profile/preferences.md
View File

@ -294,7 +294,7 @@ Change localization settings such as your language, calendar start day, and time
### Change your display language on the GitLab UI
GitLab supports multiple languages on the UI. To help improve translations or request support for an unlisted language, view [Translating GitLab](../../development/i18n/translation.md).
GitLab supports multiple languages on the UI.
To choose a language for the GitLab UI:

2
doc/user/project/_index.md
View File

@ -40,7 +40,7 @@ To create a blank project:
Built-in templates populate a new project with files to help you get started.
These templates are sourced from the [`project-templates`](https://gitlab.com/gitlab-org/project-templates)
and [`pages`](https://gitlab.com/pages) groups.
Anyone can [contribute to built-in project templates](../../development/project_templates/add_new_template.md).
Anyone can contribute to built-in project templates.
To create a project from a built-in template:

9
doc/user/project/import/_index.md
View File

@ -276,6 +276,15 @@ Placeholder users are created per [import source](#supported-import-sources) and
- If you import the same project twice, but to a different top-level group on the destination instance, the second import
creates new placeholder users under that top-level group.
{{< alert type="note" >}}
Placeholder users are associated only with the top-level group.
When you delete a subgroup or project, their placeholder users
no longer reference any contributions in the top-level group.
For testing, you should use a designated top-level group.
{{< /alert >}}
When a user [accepts the reassignment](#accept-contribution-reassignment),
subsequent imports from the same source instance to the same top-level group or
subgroup on the destination instance do not create placeholder users.

4
doc/user/project/integrations/apple_app_store.md
View File

@ -1,7 +1,7 @@
---
stage: none
group: unassigned
info: This is a GitLab Incubation Engineering program. No technical writer assigned to this group.
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Apple App Store Connect
---
@ -19,7 +19,7 @@ title: Apple App Store Connect
{{< /history >}}
This feature is part of [Mobile DevOps](../../../ci/mobile_devops/_index.md) developed by [GitLab Incubation Engineering](https://handbook.gitlab.com/handbook/engineering/development/incubation/).
This feature is part of [Mobile DevOps](../../../ci/mobile_devops/_index.md) developed by GitLab.
The feature is still in development, but you can:
- [Request a feature](https://gitlab.com/gitlab-org/incubation-engineering/mobile-devops/feedback/-/issues/new?issuable_template=feature_request).

4
doc/user/project/integrations/google_play.md
View File

@ -1,7 +1,7 @@
---
stage: none
group: unassigned
info: This is a GitLab Incubation Engineering program. No technical writer assigned to this group.
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Google Play
---
@ -19,7 +19,7 @@ title: Google Play
{{< /history >}}
This feature is part of [Mobile DevOps](../../../ci/mobile_devops/_index.md) developed by [GitLab Incubation Engineering](https://handbook.gitlab.com/handbook/engineering/development/incubation/).
This feature is part of [Mobile DevOps](../../../ci/mobile_devops/_index.md) developed by GitLab.
The feature is still in development, but you can:
- [Request a feature](https://gitlab.com/gitlab-org/incubation-engineering/mobile-devops/feedback/-/issues/new?issuable_template=feature_request).

4
doc/user/project/use_project_as_go_package.md
View File

@ -78,8 +78,8 @@ Configure Git to either:
## Disable Go module fetching for private projects
To [fetch modules or packages](../../development/go_guide/dependencies.md#fetching), Go uses
the [environment variables](../../development/go_guide/dependencies.md#proxies):
To fetch modules or packages, Go uses
the environment variables:
- `GOPRIVATE`
- `GONOPROXY`

11
doc/user/search/_index.md
View File

@ -25,6 +25,17 @@ For code search, GitLab uses these types in this order:
or when you search against a non-default branch.
This type does not support group or global search.
## Available scopes
Scopes describe the type of data you're searching.
The following scopes are available for basic search:
| Search level | Code | Comments | Commits | Epics | Issues | Merge requests | Milestones | Projects | Users | Wikis | Notes |
|--------------|:----:|:--------:|:-------:|:-----:|:------:|:--------------:|:----------:|:--------:|:-----:|:-----:|----------------------------------------------------|
| Global | | | | | ✓ | ✓ | ✓ | ✓ | ✓ | | An administrator can [disable global search scopes](#disable-global-search-scopes). |
| Group | | | | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | | |
| Project | ✓ | ✓ | ✓ | | ✓ | ✓ | ✓ | | ✓ | ✓ | |
## Specify a search type
{{< history >}}

11
doc/user/search/advanced_search.md
View File

@ -38,6 +38,17 @@ users, epics, code, comments, commits, and wikis.
- For [GitLab Self-Managed](../../subscriptions/self_managed/_index.md), an administrator must
[enable advanced search](../../integration/advanced_search/elasticsearch.md#enable-advanced-search).
## Available scopes
Scopes describe the type of data you're searching.
The following scopes are available for advanced search:
| Search level | Code | Comments | Commits | Epics | Issues | Merge requests | Milestones | Projects | Users | Wikis | Notes |
|--------------|:----:|:--------:|:-------:|:-----:|:------:|:--------------:|:----------:|:--------:|:-----:|:-----:|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Global | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | An administrator can [disable global search scopes](_index.md#disable-global-search-scopes). On GitLab Self-Managed, global search is not available when limited indexing is enabled by default. An administrator can [enable global search for limited indexing](../../integration/advanced_search/elasticsearch.md#indexed-namespaces). |
| Group | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Project | ✓ | ✓ | ✓ | | ✓ | ✓ | ✓ | | ✓ | ✓ | |
## Syntax
<!-- Remember to also update the tables in `doc/drawers/advanced_search_syntax.md` -->

11
doc/user/search/exact_code_search.md
View File

@ -47,6 +47,17 @@ and is used by default in groups where the feature is enabled.
In user preferences, you can [disable exact code search](../profile/preferences.md#disable-exact-code-search)
to use [advanced search](advanced_search.md) instead.
## Available scopes
Scopes describe the type of data you're searching.
The following scopes are available for exact code search:
| Search level | Code | Notes |
|--------------|:----:|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Global | | An administrator can [disable global search scopes](_index.md#disable-global-search-scopes). On GitLab Self-Managed, an administrator can enable global search with the [`zoekt_cross_namespace_search`](exact_code_search.md#global-code-search) feature flag. |
| Group | ✓ | |
| Project | ✓ | |
## Zoekt search API
{{< history >}}

2
lib/api/entities/user.rb
View File

@ -8,7 +8,7 @@ module API
include Gitlab::Utils::StrongMemoize
expose :created_at, if: ->(user, opts) { Ability.allowed?(opts[:current_user], :read_user_profile, user) }
expose :bio, :location, :public_email, :skype, :linkedin, :twitter, :discord, :website_url, :organization, :job_title, :pronouns
expose :bio, :location, :skype, :linkedin, :twitter, :discord, :website_url, :organization, :job_title, :pronouns
expose :bot?, as: :bot
expose :work_information do |user|
work_information(user)

1
lib/api/entities/user_safe.rb
View File

@ -7,6 +7,7 @@ module API
expose :id, documentation: { type: 'integer', example: 1 }
expose :username, documentation: { type: 'string', example: 'admin' }
expose :public_email, documentation: { type: 'string', example: 'john@example.com' }
expose :name, documentation: { type: 'string', example: 'Administrator' } do |user|
current_user = request.respond_to?(:current_user) ? request.current_user : options.fetch(:current_user, nil)

6
lib/tasks/gitlab/openapi.rake
View File

@ -48,6 +48,12 @@ namespace :gitlab do
puts '#'
puts heading
if ENV['OPENAPI_CHECK_DEBUG'] == 'true'
yaml_content = Gitlab::Json.parse(File.read('tmp/openapi_swagger_doc.json')).to_yaml
File.write("doc/api/openapi/openapi_v2.yaml.generated", yaml_content)
sh 'diff -u doc/api/openapi/openapi_v2.yaml doc/api/openapi/openapi_v2.yaml.generated'
end
abort
end
end

3
spec/fixtures/api/schemas/entities/user.json vendored
View File

@ -38,6 +38,9 @@
"username": {
"type": "string"
},
"public_email": {
"type": ["string", "null"]
},
"status_tooltip_html": {
"$ref": "../types/nullable_string.json"
}

3
spec/fixtures/api/schemas/pipeline_schedule.json vendored
View File

@ -95,6 +95,9 @@
"username": {
"type": "string"
},
"public_email": {
"type": ["string", "null"]
},
"id": {
"type": "integer"
},

15
spec/fixtures/api/schemas/public_api/v4/issue.json vendored
View File

@ -144,6 +144,9 @@
"username": {
"type": "string"
},
"public_email": {
"type": ["string", "null"]
},
"id": {
"type": "integer"
},
@ -177,6 +180,12 @@
"username": {
"type": "string"
},
"public_email": {
"type": [
"string",
"null"
]
},
"id": {
"type": "integer"
},
@ -206,6 +215,12 @@
"username": {
"type": "string"
},
"public_email": {
"type": [
"string",
"null"
]
},
"id": {
"type": "integer"
},

3
spec/lib/api/entities/markdown_upload_admin_spec.rb
View File

@ -18,7 +18,8 @@ RSpec.describe API::Entities::MarkdownUploadAdmin, feature_category: :team_plann
uploaded_by: {
id: user.id,
name: user.name,
username: user.username
username: user.username,
public_email: nil
}
)
end

25
spec/tasks/gitlab/openapi_rake_spec.rb
View File

@ -37,5 +37,30 @@ RSpec.describe 'gitlab:openapi namespace rake tasks', :silence_stdout, feature_c
.and raise_error(SystemExit)
end
end
context 'when debug is enabled' do
let(:documentation) { { 'outdated' => true } }
let(:verbose) { Rake::FileUtilsExt.verbose }
let(:nowrite) { Rake::FileUtilsExt.nowrite }
before do
stub_env('OPENAPI_CHECK_DEBUG', 'true')
Rake::FileUtilsExt.verbose(false)
Rake::FileUtilsExt.nowrite(true)
end
after do
Rake::FileUtilsExt.verbose(verbose)
Rake::FileUtilsExt.nowrite(nowrite)
end
it 'outputs a diff' do
expected_command = 'diff -u doc/api/openapi/openapi_v2.yaml doc/api/openapi/openapi_v2.yaml.generated'
expect(main_object).to receive(:sh).with(expected_command).and_return(true)
expect { run_rake_task('gitlab:openapi:check_docs') }.to raise_error(SystemExit)
end
end
end
end