root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2025-05-13 12:11:33 +00:00
parent 5d22ba4cf2
commit 3f588195fd
48 changed files with 427 additions and 142 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.gitlab/ci/libbehave.gitlab-ci.yml Normal file
View File

@ -0,0 +1,10 @@
include:
- component: $CI_SERVER_FQDN/security-products/experiments/libbehave/libbehave@v0.1.0
inputs:
stage: lint
token: $BEHAVE_TOKEN
libbehave-experiment:
extends:
- .appsec-libbehave:rules
needs: []

2
.gitlab/ci/release-environments/security.gitlab-ci.yml
View File

@ -6,7 +6,7 @@ include:
inputs:
cng_path: 'charts/components/images'
- project: 'gitlab-org/quality/pipeline-common'
ref: '10.1.0'
ref: '11.0.0'
file: ci/base.gitlab-ci.yml
stages:

9
.gitlab/ci/rules.gitlab-ci.yml
View File

@ -2773,6 +2773,15 @@
- <<: *if-merge-request
changes: *dependency-patterns
.appsec-libbehave:rules:
rules:
# Requiring $DEPENDENCY_REVIEW_PAT prevents the bot from running on forks or CE
# Without it the script would fail too.
# Run only when the merge request have dependency file modifications
- <<: *if-merge-request
changes: *dependency-patterns
##################
# Releases rules #
##################

1
.gitlab/ci/static-analysis.gitlab-ci.yml
View File

@ -12,6 +12,7 @@
BROWSERSLIST_IGNORE_OLD_DATA: "true"
GRAPHQL_SCHEMA_APOLLO_FILE: "tmp/tests/graphql/gitlab_schema_apollo.graphql"
update-static-analysis-cache:
extends:
- .static-analysis-base

2
.gitlab/ci/test-on-omnibus/external.gitlab-ci.yml
View File

@ -3,7 +3,7 @@
include:
- project: gitlab-org/quality/pipeline-common
ref: 10.1.0
ref: 11.0.0
file:
- /ci/base.gitlab-ci.yml

100
.gitlab/issue_templates/Frontend Spike.md Normal file
View File

@ -0,0 +1,100 @@
<!--
This template offers a structured approach — Map, Architecture & Planning, Prototype (MAP) for frontend spikes. A spike is a time-boxed investigation intended to research a concept or build a simple prototype to better understand how to implement a feature.
-->
# Goal
<!-- Provide an overview of what this spike aims to achieve. Include as much detail as possible. -->
*This spike aims to investigate [feature/component] to determine the best approach for implementation.*
## Phase 1: Map
<!-- This phase is about understanding the current landscape - existing code and/or requirements for new features -->
### For existing features:
<!-- If working with an existing feature, complete these sections -->
#### UI discovery
- [ ] Observe the UI (note, some UI elements might be hidden) and list all of the features
- [ ] Observe user interactions (clicking, filtering, expanding components, etc.)
- [ ] Observe responsive behavior across different screen sizes
- [ ] Screenshot key UI states for reference during development
#### Code discovery
- [ ] Identify HTML/HAML entrypoint(s)
- [ ] Identify JavaScript entry point(s)
- [ ] Map out the current code responsibilities:
- [ ] HTML/HAML (note any hidden partials or conditionally rendered elements)
- [ ] JavaScript (list key modules/submodules with their purposes)
- [ ] Vue components (if applicable)
#### Data flow mapping
- [ ] Identify server-side rendered (SSR) data
- [ ] Identify client-side loaded data (e.g., via API calls, GraphQL)
- [ ] Note any pagination, infinite scroll, or lazy loading mechanisms
- [ ] Identify API/GraphQL endpoint requirements and limitations
### For new features:
<!-- If working on a new feature, complete these sections -->
#### Requirements Mapping
- [ ] Identify core user requirements and expected behaviors
- [ ] Document technical constraints and integration points
- [ ] Map user journeys and interactions
## Phase 2: Architecture & Planning
<!-- Design the solution based on findings from the Map phase -->
### State Management
- [ ] Determine state management approach
- [ ] Identify local vs. global state needs
- [ ] Consider data sharing between components
### Component Architecture
- [ ] Identify potential Vue component structure
- [ ] Map component relationships and data flow
- [ ] Note reusability opportunities (e.g., existing GitLab UI components, re-usable partials, etc.)
- [ ] Create an architecture diagram showing component relationships
### Technical Considerations
- [ ] Note accessibility requirements
- [ ] Evaluate feature flag requirements for progressive rollout
- [ ] Identify potential performance bottlenecks
- [ ] Consider adding performance marks and/or Sitespeed monitoring
- [ ] Plan for data that is loaded async (e.g., paginated data, progressive disclosure, etc.) if appropriate
## Phase 3: Prototype
<!-- Build a minimal proof of concept to validate the architecture -->
### Implementation
- [ ] Implement core functionality
- [ ] Test key user flows
- [ ] Validate technical assumptions
- [ ] Measure performance impacts (if applicable)
### Documentation
- [ ] Document prototype limitations
- [ ] Outline any technical debt or future considerations
- [ ] Create implementation plan for full feature development
## Findings and Recommendations
<!-- Document your findings here as you complete the spike -->
### Summary of Findings
*
### Recommended Approach
*
### Potential Challenges
*
### Open Questions
*
### Time Estimation
<!-- Add estimates for implementation based on spike findings -->
*
<!--
Remember that a spike is time-boxed. If you find yourself going down rabbit holes,
reconsider the scope of your investigation and focus on answering the core questions.
-->

3
app/assets/javascripts/constants.js
View File

@ -11,13 +11,12 @@ const DEFAULT_DOCS_URL = 'https://docs.gitlab.com';
// eslint-disable-next-line no-restricted-syntax
const DEFAULT_PROMO_URL = 'https://about.gitlab.com';
const DEFAULT_CONTRIBUTE_URL = 'https://contributors.gitlab.com';
const CONTRIBUTE_URL = 'https://contributors.gitlab.com';
const {
forum_url: FORUM_URL = DEFAULT_FORUM_URL,
docs_url: DOCS_URL = DEFAULT_DOCS_URL,
promo_url: PROMO_URL = DEFAULT_PROMO_URL,
contribute_url: CONTRIBUTE_URL = DEFAULT_CONTRIBUTE_URL,
} = window.gon;
// eslint-disable-next-line no-restricted-syntax

2
app/assets/javascripts/import_entities/import_groups/components/import_actions_cell.vue
View File

@ -129,7 +129,7 @@ export default {
<gl-sprintf
:message="
s__(
`BulkImport|You cannot import projects with this group. To import projects, reconfigure the source GitLab instance or group. %{linkStart}Learn more.%{linkEnd}`,
`BulkImport|You cannot import projects with this group. To import projects, reconfigure the source GitLab instance or group. %{linkStart}Learn more%{linkEnd}.`,
)
"
>

2
app/assets/javascripts/import_entities/import_groups/constants.js
View File

@ -13,7 +13,7 @@ export const i18n = {
ERROR_IMPORT: s__('BulkImport|Importing the group failed.'),
ERROR_IMPORT_COMPLETED: s__('BulkImport|Enter another name to re-import.'),
ERROR_TOO_MANY_REQUESTS: s__(
'Bulkmport|More than six imports were attempted in one minute. Try again after a minute.',
'BulkImport|More than six imports were attempted in one minute. Try again after a minute.',
),
NO_GROUPS_FOUND: s__('BulkImport|No groups found'),

4
app/assets/javascripts/pages/import/history/components/import_error_details.vue
View File

@ -37,7 +37,5 @@ export default {
</script>
<template>
<gl-loading-icon v-if="loading" size="lg" />
<pre
v-else
><code>{{ error || s__('BulkImport|No additional information provided.') }}</code></pre>
<pre v-else><code>{{ error || s__('BulkImport|No additional information provided') }}</code></pre>
</template>

8
app/services/clusters/migration/create_service.rb
View File

@ -44,9 +44,7 @@ module Clusters
private
def validate_inputs
message = if !feature_enabled?
_('Feature disabled')
elsif !current_user.can?(:admin_cluster, cluster)
message = if !current_user.can?(:admin_cluster, cluster)
_('Unauthorized')
elsif configuration_project.nil?
s_('ClusterIntegration|Invalid configuration project')
@ -78,10 +76,6 @@ module Clusters
clusterable.root_ancestor.all_projects.find_by_id(project_id)
end
def feature_enabled?
Feature.enabled?(:cluster_agent_migrations, clusterable)
end
def error_response(message:)
ServiceResponse.error(message: message)
end

5
app/services/clusters/migration/update_service.rb
View File

@ -13,7 +13,6 @@ module Clusters
end
def execute
return error_response(message: _('Feature disabled')) unless feature_enabled?
return error_response(message: _('Unauthorized')) unless current_user.can?(:admin_cluster, cluster)
return error_response(message: s_('ClusterIntegration|No migration found')) unless migration.present?
@ -44,10 +43,6 @@ module Clusters
extractor.issues&.first
end
def feature_enabled?
Feature.enabled?(:cluster_agent_migrations, clusterable)
end
def error_response(message:)
ServiceResponse.error(message:)
end

2
app/services/packages/update_package_file_service.rb
View File

@ -27,7 +27,7 @@ module Packages
# package file is in mode REMOTE: don't pass the `file` to the update
# instead, pass the new file path. This will move the file
# in object storage.
@package_file.new_file_path = File.join(file.store_dir, @package_file.file_name)
@package_file.new_file_path = file.store_path
end
@package_file.save!

2
app/views/clusters/clusters/_migrate_tab.html.haml
View File

@ -1,6 +1,6 @@
- active = params[:tab] == 'migrate'
- if Feature.enabled?(:cluster_agent_migrations, clusterable) && can_admin_cluster?(current_user, @cluster)
- if can_admin_cluster?(current_user, @cluster)
= gl_tab_link_to clusterable.cluster_path(@cluster.id, params: { tab: 'migrate' }), { item_active: active } do
= sprite_icon('warning', css_class: 'gl-mr-2')
= s_('ClusterIntegration|Migrate')

9
config/feature_flags/gitlab_com_derisk/cluster_agent_migrations.yml
View File

@ -1,9 +0,0 @@
---
name: cluster_agent_migrations
feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/510703
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/179947
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/516955
milestone: '17.9'
group: group::environments
type: gitlab_com_derisk
default_enabled: false

8
db/docs/batched_background_migrations/backfill_licenses_outside_spdx_catalogue.yml Normal file
View File

@ -0,0 +1,8 @@
---
migration_job_name: BackfillLicensesOutsideSpdxCatalogue
description: Backfill software license policies with custom_license_id for licenses outside the spdx catalogue
feature_category: security_policy_management
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/190394
milestone: '18.1'
queued_migration_version: 20250505171359
finalized_by: # version of the migration that finalized this BBM

14
db/docs/workspace_agentk_states.yml Normal file
View File

@ -0,0 +1,14 @@
---
table_name: workspace_agentk_states
classes:
- RemoteDevelopment::WorkspaceAgentkState
feature_categories:
- workspaces
description: Stores desired configuration for a workspace when used in conjunction
with agentk
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/190027
milestone: '18.1'
gitlab_schema: gitlab_main_cell
sharding_key:
project_id: projects
table_size: small

18
db/migrate/20250430125816_create_workspace_agentk_states_table.rb Normal file
View File

@ -0,0 +1,18 @@
# frozen_string_literal: true
class CreateWorkspaceAgentkStatesTable < Gitlab::Database::Migration[2.3]
milestone '18.1'
def up
create_table :workspace_agentk_states do |t|
t.timestamps_with_timezone null: false
t.bigint :workspace_id, null: false, index: { unique: true }
t.bigint :project_id, null: false, index: true
t.jsonb :desired_config, null: false
end
end
def down
drop_table :workspace_agentk_states
end
end

16
db/migrate/20250502104400_add_project_id_workspace_agentk_state_foreign_key.rb Normal file
View File

@ -0,0 +1,16 @@
# frozen_string_literal: true
class AddProjectIdWorkspaceAgentkStateForeignKey < Gitlab::Database::Migration[2.3]
disable_ddl_transaction!
milestone '18.1'
def up
add_concurrent_foreign_key :workspace_agentk_states, :projects, column: :project_id, on_delete: :cascade
end
def down
with_lock_retries do
remove_foreign_key :workspace_agentk_states, column: :project_id
end
end
end

16
db/migrate/20250507141312_add_workspace_id_workspace_agentk_state_foreign_key.rb Normal file
View File

@ -0,0 +1,16 @@
# frozen_string_literal: true
class AddWorkspaceIdWorkspaceAgentkStateForeignKey < Gitlab::Database::Migration[2.3]
disable_ddl_transaction!
milestone '18.1'
def up
add_concurrent_foreign_key :workspace_agentk_states, :workspaces, column: :workspace_id, on_delete: :cascade
end
def down
with_lock_retries do
remove_foreign_key :workspace_agentk_states, column: :workspace_id
end
end
end

25
db/post_migrate/20250505171359_queue_backfill_licenses_outside_spdx_catalogue.rb Normal file
View File

@ -0,0 +1,25 @@
# frozen_string_literal: true
class QueueBackfillLicensesOutsideSpdxCatalogue < Gitlab::Database::Migration[2.3]
milestone '18.1'
restrict_gitlab_migration gitlab_schema: :gitlab_main
MIGRATION = "BackfillLicensesOutsideSpdxCatalogue"
BATCH_SIZE = 1000
SUB_BATCH_SIZE = 100
def up
queue_batched_background_migration(
MIGRATION,
:software_license_policies,
:id,
batch_size: BATCH_SIZE,
sub_batch_size: SUB_BATCH_SIZE
)
end
def down
delete_batched_background_migration(MIGRATION, :software_license_policies, :id, [])
end
end

1
db/schema_migrations/20250430125816 Normal file
View File

@ -0,0 +1 @@
4b501429153c6dc109b2e33b43e501f9bd4c0dfe6b535ab6f4e8269a3fff2456

1
db/schema_migrations/20250502104400 Normal file
View File

@ -0,0 +1 @@
209572b9d0dc6a135afb3dc2b1e3716617c0af981ec6b9f9bbf0cd31a9b1fd69

1
db/schema_migrations/20250505171359 Normal file
View File

@ -0,0 +1 @@
4be3354e5e5922ebfe1b1719961e759db2582a646df7707a75bfa06898ebb703

1
db/schema_migrations/20250507141312 Normal file
View File

@ -0,0 +1 @@
28610c421b71e49edcec55037dd73c7597670a9c66f6b9d5abdd428deb6b6b02

33
db/structure.sql
View File

@ -25828,6 +25828,24 @@ CREATE SEQUENCE work_item_widget_definitions_id_seq
ALTER SEQUENCE work_item_widget_definitions_id_seq OWNED BY work_item_widget_definitions.id;
CREATE TABLE workspace_agentk_states (
id bigint NOT NULL,
created_at timestamp with time zone NOT NULL,
updated_at timestamp with time zone NOT NULL,
workspace_id bigint NOT NULL,
project_id bigint NOT NULL,
desired_config jsonb NOT NULL
);
CREATE SEQUENCE workspace_agentk_states_id_seq
START WITH 1
INCREMENT BY 1
NO MINVALUE
NO MAXVALUE
CACHE 1;
ALTER SEQUENCE workspace_agentk_states_id_seq OWNED BY workspace_agentk_states.id;
CREATE TABLE workspace_variables (
id bigint NOT NULL,
workspace_id bigint NOT NULL,
@ -28048,6 +28066,8 @@ ALTER TABLE ONLY work_item_type_user_preferences ALTER COLUMN id SET DEFAULT nex
ALTER TABLE ONLY work_item_widget_definitions ALTER COLUMN id SET DEFAULT nextval('work_item_widget_definitions_id_seq'::regclass);
ALTER TABLE ONLY workspace_agentk_states ALTER COLUMN id SET DEFAULT nextval('workspace_agentk_states_id_seq'::regclass);
ALTER TABLE ONLY workspace_variables ALTER COLUMN id SET DEFAULT nextval('workspace_variables_id_seq'::regclass);
ALTER TABLE ONLY workspaces ALTER COLUMN id SET DEFAULT nextval('workspaces_id_seq'::regclass);
@ -31273,6 +31293,9 @@ ALTER TABLE ONLY work_item_weights_sources
ALTER TABLE ONLY work_item_widget_definitions
ADD CONSTRAINT work_item_widget_definitions_pkey PRIMARY KEY (id);
ALTER TABLE ONLY workspace_agentk_states
ADD CONSTRAINT workspace_agentk_states_pkey PRIMARY KEY (id);
ALTER TABLE ONLY workspace_variables
ADD CONSTRAINT workspace_variables_pkey PRIMARY KEY (id);
@ -38061,6 +38084,10 @@ CREATE UNIQUE INDEX index_work_item_widget_definitions_on_type_id_and_name ON wo
CREATE INDEX index_work_item_widget_definitions_on_work_item_type_id ON work_item_widget_definitions USING btree (work_item_type_id);
CREATE INDEX index_workspace_agentk_states_on_project_id ON workspace_agentk_states USING btree (project_id);
CREATE UNIQUE INDEX index_workspace_agentk_states_on_workspace_id ON workspace_agentk_states USING btree (workspace_id);
CREATE INDEX index_workspace_variables_on_project_id ON workspace_variables USING btree (project_id);
CREATE INDEX index_workspace_variables_on_workspace_id ON workspace_variables USING btree (workspace_id);
@ -42381,6 +42408,9 @@ ALTER TABLE ONLY catalog_resource_component_last_usages
ALTER TABLE ONLY user_namespace_callouts
ADD CONSTRAINT fk_4b1257f385 FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE;
ALTER TABLE ONLY workspace_agentk_states
ADD CONSTRAINT fk_4b1428e43a FOREIGN KEY (workspace_id) REFERENCES workspaces(id) ON DELETE CASCADE;
ALTER TABLE ONLY sbom_occurrences
ADD CONSTRAINT fk_4b88e5b255 FOREIGN KEY (component_version_id) REFERENCES sbom_component_versions(id) ON DELETE CASCADE;
@ -43737,6 +43767,9 @@ ALTER TABLE ONLY cluster_agent_migrations
ALTER TABLE ONLY events
ADD CONSTRAINT fk_eea90e3209 FOREIGN KEY (personal_namespace_id) REFERENCES namespaces(id) ON DELETE CASCADE;
ALTER TABLE ONLY workspace_agentk_states
ADD CONSTRAINT fk_eeddb6a618 FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE;
ALTER TABLE ONLY coverage_fuzzing_corpuses
ADD CONSTRAINT fk_ef5ebf339f FOREIGN KEY (package_id) REFERENCES packages_packages(id) ON DELETE CASCADE;

22
doc/administration/gitlab_duo_self_hosted/_index.md
View File

@ -60,18 +60,22 @@ The following table lists the GitLab Duo features, and whether they are availabl
| [Test Generation](../../user/gitlab_duo_chat/examples.md#write-tests-in-the-ide) | {{< icon name="check-circle-filled" >}} Yes | GitLab 17.9 and later |
| [Refactor Code](../../user/gitlab_duo_chat/examples.md#refactor-code-in-the-ide) | {{< icon name="check-circle-filled" >}} Yes | GitLab 17.9 and later |
| [Fix Code](../../user/gitlab_duo_chat/examples.md#fix-code-in-the-ide) | {{< icon name="check-circle-filled" >}} Yes | GitLab 17.9 and later |
| [AI Impact Dashboard](../../user/analytics/ai_impact_analytics.md) | {{< icon name="check-circle-dashed" >}} Beta | GitLab 17.9 and later |
| [Root Cause Analysis](../../user/gitlab_duo_chat/examples.md#troubleshoot-failed-cicd-jobs-with-root-cause-analysis) | {{< icon name="check-circle-dashed" >}} Beta | GitLab 17.10 and later |
| [Vulnerability Explanation](../../user/application_security/vulnerabilities/_index.md#explaining-a-vulnerability) | {{< icon name="check-circle-dashed" >}} Beta | GitLab 17.11 and later |
| [Vulnerability Resolution](../../user/application_security/vulnerabilities/_index.md#vulnerability-resolution) | {{< icon name="check-circle-dashed" >}} Beta | GitLab 17.11 and later |
| [Discussion Summary](../../user/discussions/_index.md#summarize-issue-discussions-with-duo-chat) | {{< icon name="check-circle-dashed" >}} Beta | GitLab 17.11 and later |
| [GitLab Duo for the CLI](../../editor_extensions/gitlab_cli/_index.md#gitlab-duo-for-the-cli) | {{< icon name="check-circle-dashed" >}} Beta | GitLab 17.11 and later |
| [Summarize a Code Review](../../user/project/merge_requests/duo_in_merge_requests.md#summarize-a-code-review) | {{< icon name="check-circle-dashed" >}} Experiment | GitLab 17.11 and later |
| [AI Impact Dashboard](../../user/analytics/ai_impact_analytics.md) | {{< icon name="check-circle-dashed" >}} Beta <sup>1</sup> | GitLab 17.9 and later |
| [Root Cause Analysis](../../user/gitlab_duo_chat/examples.md#troubleshoot-failed-cicd-jobs-with-root-cause-analysis) | {{< icon name="check-circle-dashed" >}} Beta <sup>1</sup> | GitLab 17.10 and later |
| [Vulnerability Explanation](../../user/application_security/vulnerabilities/_index.md#explaining-a-vulnerability) | {{< icon name="check-circle-dashed" >}} Beta <sup>1</sup> | GitLab 17.11 and later |
| [Vulnerability Resolution](../../user/application_security/vulnerabilities/_index.md#vulnerability-resolution) | {{< icon name="check-circle-dashed" >}} Beta <sup>1</sup> | GitLab 17.11 and later |
| [Discussion Summary](../../user/discussions/_index.md#summarize-issue-discussions-with-duo-chat) | {{< icon name="check-circle-dashed" >}} Beta <sup>1</sup> | GitLab 17.11 and later |
| [GitLab Duo for the CLI](../../editor_extensions/gitlab_cli/_index.md#gitlab-duo-for-the-cli) | {{< icon name="check-circle-dashed" >}} Beta <sup>1</sup> | GitLab 17.11 and later |
| [Summarize a Code Review](../../user/project/merge_requests/duo_in_merge_requests.md#summarize-a-code-review) | {{< icon name="check-circle-dashed" >}} Experiment <sup>1</sup> | GitLab 17.11 and later |
| [Code Review](../../user/project/merge_requests/duo_in_merge_requests.md#have-gitlab-duo-review-your-code) | {{< icon name="dash-circle" >}} No | Not applicable |
| [Merge Commit Message Generation](../../user/project/merge_requests/duo_in_merge_requests.md#generate-a-merge-commit-message) | {{< icon name="check-circle-dashed" >}} Beta | GitLab 17.11 and later |
| [Summarize New Merge Request](../../user/project/merge_requests/duo_in_merge_requests.md#generate-a-description-by-summarizing-code-changes) | {{< icon name="check-circle-dashed" >}} Beta | GitLab 17.11 and later |
| [Merge Commit Message Generation](../../user/project/merge_requests/duo_in_merge_requests.md#generate-a-merge-commit-message) | {{< icon name="check-circle-dashed" >}} Beta <sup>1</sup> | GitLab 17.11 and later |
| [Summarize New Merge Request](../../user/project/merge_requests/duo_in_merge_requests.md#generate-a-description-by-summarizing-code-changes) | {{< icon name="check-circle-dashed" >}} Beta <sup>1</sup> | GitLab 17.11 and later |
| [Issue Description Generation](../../user/project/issues/managing_issues.md#populate-an-issue-with-issue-description-generation) | {{< icon name="dash-circle" >}} No | Not applicable |
**Footnotes:**
1. Features released to beta in GitLab 17.11 are experiencing a known bug. For more information, see [issue 541259](https://gitlab.com/gitlab-org/gitlab/-/issues/541259).
#### Supported Duo Chat features
You can use the following GitLab Duo Chat features with GitLab Duo Self-Hosted:

2
doc/administration/gitlab_duo_self_hosted/configuration_types.md
View File

@ -72,8 +72,6 @@ sequenceDiagram
SelfHostedGitLab -->> User: Forward AI response
```
For more information, see the [self-hosted model deployment blueprint](https://handbook.gitlab.com/handbook/engineering/architecture/design-documents/custom_models/).
## Authentication for GitLab Duo Self-Hosted
The authentication process for GitLab Duo Self-Hosted is secure, efficient, and made up of the following key components:

88
doc/api/container_registry.md
View File

@ -46,12 +46,12 @@ for more details about the permissions that this setting grants to users.
```shell
curl --request PUT "https://gitlab.example.com/api/v4/projects/5/" \
--header 'PRIVATE-TOKEN: <your_access_token>' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data-raw '{
"container_registry_access_level": "private"
}'
--header 'PRIVATE-TOKEN: <your_access_token>' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data-raw '{
"container_registry_access_level": "private"
}'
```
Example response:
@ -87,7 +87,8 @@ GET /projects/:id/registry/repositories
| `tags_count` | boolean | no | If the parameter is included as true, each repository includes `"tags_count"` in the response . |
```shell
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/5/registry/repositories"
curl --header "PRIVATE-TOKEN: <your_access_token>" \
--url "https://gitlab.example.com/api/v4/projects/5/registry/repositories"
```
Example response:
@ -137,7 +138,7 @@ GET /groups/:id/registry/repositories
```shell
curl --header "PRIVATE-TOKEN: <your_access_token>" \
"https://gitlab.example.com/api/v4/groups/2/registry/repositories"
--url "https://gitlab.example.com/api/v4/groups/2/registry/repositories"
```
Example response:
@ -182,7 +183,7 @@ GET /registry/repositories/:id
```shell
curl --header "PRIVATE-TOKEN: <your_access_token>" \
"https://gitlab.example.com/api/v4/registry/repositories/2?tags=true&tags_count=true&size=true"
--url "https://gitlab.example.com/api/v4/registry/repositories/2?tags=true&tags_count=true&size=true"
```
Example response:
@ -225,8 +226,9 @@ DELETE /projects/:id/registry/repositories/:repository_id
| `repository_id` | integer | yes | The ID of registry repository. |
```shell
curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" \
"https://gitlab.example.com/api/v4/projects/5/registry/repositories/2"
curl --request DELETE \
--header "PRIVATE-TOKEN: <your_access_token>" \
--url "https://gitlab.example.com/api/v4/projects/5/registry/repositories/2"
```
## List registry repository tags
@ -258,7 +260,7 @@ GET /projects/:id/registry/repositories/:repository_id/tags
```shell
curl --header "PRIVATE-TOKEN: <your_access_token>" \
"https://gitlab.example.com/api/v4/projects/5/registry/repositories/2/tags"
--url "https://gitlab.example.com/api/v4/projects/5/registry/repositories/2/tags"
```
Example response:
@ -294,7 +296,7 @@ GET /projects/:id/registry/repositories/:repository_id/tags/:tag_name
```shell
curl --header "PRIVATE-TOKEN: <your_access_token>" \
"https://gitlab.example.com/api/v4/projects/5/registry/repositories/2/tags/v10.0.0"
--url "https://gitlab.example.com/api/v4/projects/5/registry/repositories/2/tags/v10.0.0"
```
Example response:
@ -330,8 +332,9 @@ DELETE /projects/:id/registry/repositories/:repository_id/tags/:tag_name
| `tag_name` | string | yes | The name of tag. |
```shell
curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" \
"https://gitlab.example.com/api/v4/projects/5/registry/repositories/2/tags/v10.0.0"
curl --request DELETE \
--header "PRIVATE-TOKEN: <your_access_token>" \
--url "https://gitlab.example.com/api/v4/projects/5/registry/repositories/2/tags/v10.0.0"
```
This operation does not delete blobs. To reclaim disk space, [run garbage collection](../administration/packages/container_registry.md#container-registry-garbage-collection).
@ -392,29 +395,42 @@ Examples:
and remove ones that are older than 2 days:
```shell
curl --request DELETE --data 'name_regex_delete=[0-9a-z]{40}' --data 'keep_n=5' --data 'older_than=2d' \
--header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/5/registry/repositories/2/tags"
curl --request DELETE \
--data 'name_regex_delete=[0-9a-z]{40}' \
--data 'keep_n=5' \
--data 'older_than=2d' \
--header "PRIVATE-TOKEN: <your_access_token>" \
--url "https://gitlab.example.com/api/v4/projects/5/registry/repositories/2/tags"
```
- Remove all tags, but keep always the latest 5:
```shell
curl --request DELETE --data 'name_regex_delete=.*' --data 'keep_n=5' \
--header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/5/registry/repositories/2/tags"
curl --request DELETE \
--data 'name_regex_delete=.*' \
--data 'keep_n=5' \
--header "PRIVATE-TOKEN: <your_access_token>" \
--url "https://gitlab.example.com/api/v4/projects/5/registry/repositories/2/tags"
```
- Remove all tags, but keep always tags beginning with `stable`:
```shell
curl --request DELETE --data 'name_regex_delete=.*' --data 'name_regex_keep=stable.*' \
--header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/5/registry/repositories/2/tags"
curl --request DELETE \
--data 'name_regex_delete=.*' \
--data 'name_regex_keep=stable.*' \
--header "PRIVATE-TOKEN: <your_access_token>" \
--url "https://gitlab.example.com/api/v4/projects/5/registry/repositories/2/tags"
```
- Remove all tags that are older than 1 month:
```shell
curl --request DELETE --data 'name_regex_delete=.*' --data 'older_than=1month' \
--header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/5/registry/repositories/2/tags"
curl --request DELETE \
--data 'name_regex_delete=.*' \
--data 'older_than=1month' \
--header "PRIVATE-TOKEN: <your_access_token>" \
--url "https://gitlab.example.com/api/v4/projects/5/registry/repositories/2/tags"
```
### Use cURL with a regular expression that contains `+`
@ -424,8 +440,10 @@ When using cURL, the `+` character in regular expressions must be
to be processed correctly by the GitLab Rails backend. For example:
```shell
curl --request DELETE --data-urlencode 'name_regex_delete=dev-.+' \
--header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/5/registry/repositories/2/tags"
curl --request DELETE \
--data-urlencode 'name_regex_delete=dev-.+' \
--header "PRIVATE-TOKEN: <your_access_token>" \
--url "https://gitlab.example.com/api/v4/projects/5/registry/repositories/2/tags"
```
## Instance-wide endpoints
@ -452,8 +470,9 @@ You must specify the correct [scopes and actions](https://distribution.github.io
```shell
$ SCOPE="repository:${CI_REGISTRY_IMAGE}:delete" #or push,pull
$ curl --request GET --user "${CI_REGISTRY_USER}:${CI_REGISTRY_PASSWORD}" \
"https://gitlab.example.com/jwt/auth?service=container_registry&scope=${SCOPE}"
$ curl --request GET \
--user "${CI_REGISTRY_USER}:${CI_REGISTRY_PASSWORD}" \
--url "https://gitlab.example.com/jwt/auth?service=container_registry&scope=${SCOPE}"
{"token":" ... "}
```
@ -473,9 +492,10 @@ You can use the token retrieved with the predefined `CI_REGISTRY_USER` and `CI_R
The `tag_delete` [Container-Registry-Feature](https://gitlab.com/gitlab-org/container-registry/-/blob/master/docs/spec/docker/v2/api.md#delete-tag) must be enabled.
```shell
$ curl --request DELETE --header "Authorization: Bearer <token_from_above>" \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
"https://gitlab.example.com:5050/v2/${CI_REGISTRY_IMAGE}/manifests/${CI_COMMIT_SHORT_SHA}"
$ curl --request DELETE \
--header "Authorization: Bearer <token_from_above>" \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
--url "https://gitlab.example.com:5050/v2/${CI_REGISTRY_IMAGE}/manifests/${CI_COMMIT_SHORT_SHA}"
```
### Listing all container repositories
@ -489,9 +509,11 @@ To list all container repositories on your GitLab instance, administrator creden
```shell
$ SCOPE="registry:catalog:*"
$ curl --request GET --user "<admin-username>:<admin-password>" \
"https://gitlab.example.com/jwt/auth?service=container_registry&scope=${SCOPE}"
$ curl --request GET \
--user "<admin-username>:<admin-password>" \
--url "https://gitlab.example.com/jwt/auth?service=container_registry&scope=${SCOPE}"
{"token":" ... "}
$ curl --header "Authorization: Bearer <token_from_above>" https://gitlab.example.com:5050/v2/_catalog
$ curl --header "Authorization: Bearer <token_from_above>" \
--url "https://gitlab.example.com:5050/v2/_catalog"
```

2
doc/install/install_ai_gateway.md
View File

@ -6,7 +6,7 @@ description: Set up your self-hosted model GitLab AI gateway
title: Install the GitLab AI gateway
---
The [AI gateway](https://handbook.gitlab.com/handbook/engineering/architecture/design-documents/ai_gateway/)
The [AI gateway](../user/gitlab_duo/gateway.md)
is a standalone service that gives access to AI-native GitLab Duo features.
## Install by using Docker

4
doc/user/gitlab_duo/_index.md
View File

@ -23,10 +23,6 @@ Some features are also available as part of [GitLab Duo Chat](../gitlab_duo_chat
- [Get started with GitLab Duo](../get_started/getting_started_gitlab_duo.md).
- [View a walkthrough of GitLab Duo Enterprise features](https://gitlab.navattic.com/duo-enterprise).
GitLab is [transparent](https://handbook.gitlab.com/handbook/values/#transparency).
As GitLab Duo features mature, the documentation will be updated to clearly state
how and where you can access these features.
## GitLab Duo language models
The language models that are the source for GitLab Duo depend on where you're using it.

2
doc/user/gitlab_duo/data_usage.md
View File

@ -45,7 +45,7 @@ For more information on our AI [sub-processors](https://about.gitlab.com/privacy
## Telemetry
GitLab Duo collects aggregated or de-identified first-party usage data through a [Snowplow collector](https://handbook.gitlab.com/handbook/business-technology/data-team/platform/snowplow/). This usage data includes the following metrics:
GitLab Duo collects aggregated or de-identified first-party usage data through a Snowplow collector. This usage data includes the following metrics:
- Number of unique users
- Number of unique instances

2
doc/user/gitlab_duo/gateway.md
View File

@ -5,7 +5,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
title: AI gateway
---
The [AI gateway](https://handbook.gitlab.com/handbook/engineering/architecture/design-documents/ai_gateway/) is a standalone service that gives access to AI-native GitLab Duo features.
The AI gateway is a standalone service that gives access to AI-native GitLab Duo features.
GitLab operates an instance of AI gateway that is used by GitLab Self-Managed, GitLab Dedicated, and GitLab.com through the Cloud Connector.

1
doc/user/gitlab_duo/use_cases.md
View File

@ -1520,7 +1520,6 @@ The AI-generated source code examples are available in the [`typescript` directo
## Resources
Many of the use cases are available as hands-on recordings in the [GitLab Duo Coffee Chat YouTube playlist](https://www.youtube.com/playlist?list=PL05JrBw4t0Kp5uj_JgQiSvHw1jQu0mSVZ).
The [GitLab Duo Coffee Chat](https://handbook.gitlab.com/handbook/marketing/developer-relations/developer-advocacy/projects/#gitlab-duo-coffee-chat) is a learning series maintained by the [Developer Relations team](https://handbook.gitlab.com/handbook/marketing/developer-relations/).
### Blog resources

2
doc/user/group/import/direct_transfer_migrations.md
View File

@ -50,13 +50,13 @@ To maximize the chance of a successful and performant migration, you should:
For more information, see [epic 9036](https://gitlab.com/groups/gitlab-org/-/epics/9036).
- Migrate between versions that are as new as possible. Update the source and destination instances to as late a version
as possible to take advantage of bug fixes and improvements added over time.
- [Configure Sidekiq](../../project/import/_index.md#sidekiq-configuration) properly.
We have successfully tested migrations between a source instance running GitLab 16.2 and a destination instance running
GitLab 16.8.
### Configuration
- Ensure [Sidekiq is properly configured](../../project/import/_index.md#sidekiq-configuration).
- Both GitLab instances must have group migration by direct transfer
[enabled in application settings](../../../administration/settings/import_and_export_settings.md#enable-migration-of-groups-and-projects-by-direct-transfer)
by an instance administrator.

2
gems/gem-pg.gitlab-ci.yml
View File

@ -68,7 +68,7 @@ default:
parallel:
matrix:
- RUBY_VERSION: ["${RUBY_VERSION_DEFAULT}", "${RUBY_VERSION_NEXT}"]
POSTGRES_VERSION: ["12", "13", "14"]
POSTGRES_VERSION: ["14", "15", "16"]
validate-gem:
rules:

13
lib/gitlab/background_migration/backfill_licenses_outside_spdx_catalogue.rb Normal file
View File

@ -0,0 +1,13 @@
# frozen_string_literal: true
module Gitlab
module BackgroundMigration
class BackfillLicensesOutsideSpdxCatalogue < BatchedMigrationJob
feature_category :security_policy_management
def perform; end
end
end
end
Gitlab::BackgroundMigration::BackfillLicensesOutsideSpdxCatalogue.prepend_mod

16
locale/gitlab.pot
View File

@ -11408,10 +11408,13 @@ msgstr ""
msgid "BulkImport|Migration history"
msgstr ""
msgid "BulkImport|More than six imports were attempted in one minute. Try again after a minute."
msgstr ""
msgid "BulkImport|New group"
msgstr ""
msgid "BulkImport|No additional information provided."
msgid "BulkImport|No additional information provided"
msgstr ""
msgid "BulkImport|No groups found"
@ -11510,7 +11513,7 @@ msgstr ""
msgid "BulkImport|View placeholders"
msgstr ""
msgid "BulkImport|You cannot import projects with this group. To import projects, reconfigure the source GitLab instance or group. %{linkStart}Learn more.%{linkEnd}"
msgid "BulkImport|You cannot import projects with this group. To import projects, reconfigure the source GitLab instance or group. %{linkStart}Learn more%{linkEnd}."
msgstr ""
msgid "BulkImport|Your imported groups and projects appear here."
@ -11531,9 +11534,6 @@ msgstr ""
msgid "BulkImport|must have a relative path with no HTTP protocol characters or leading or trailing forward slashes. Path segments must not start or end with a special character or contain consecutive special characters."
msgstr ""
msgid "Bulkmport|More than six imports were attempted in one minute. Try again after a minute."
msgstr ""
msgid "Bullet list"
msgstr ""
@ -20872,9 +20872,6 @@ msgstr ""
msgid "Delete account"
msgstr ""
msgid "Delete all messages in the current conversation."
msgstr ""
msgid "Delete asset"
msgstr ""
@ -51342,9 +51339,6 @@ msgstr ""
msgid "Reset approvals on push"
msgstr ""
msgid "Reset conversation and ignore previous messages."
msgstr ""
msgid "Reset error tracking access token"
msgstr ""

1
scripts/frontend/quarantined_vue3_specs.txt
View File

@ -34,7 +34,6 @@ ee/spec/frontend/members/components/modals/ldap_override_confirmation_modal_spec
ee/spec/frontend/members/components/table/drawer/role_updater_spec.js
ee/spec/frontend/members/components/table/max_role_spec.js
ee/spec/frontend/members/components/table/members_table_spec.js
ee/spec/frontend/metrics/details/filter_bar/groupby_filter_spec.js
ee/spec/frontend/metrics/details/metrics_details_spec.js
ee/spec/frontend/metrics/details/related_traces_spec.js
ee/spec/frontend/ml/ai_agents/views/edit_agent_spec.js

1
spec/features/clusters/cluster_detail_page_spec.rb
View File

@ -102,7 +102,6 @@ RSpec.describe 'Clusterable > Show page', feature_category: :deployment_manageme
shared_examples 'migration tab' do
describe 'migration tab' do
before do
stub_feature_flags(cluster_agent_migrations: true)
visit cluster_path
click_link 'Migrate'
end

2
spec/frontend/pages/import/history/components/import_error_details_spec.js
View File

@ -52,7 +52,7 @@ describe('ImportErrorDetails', () => {
await axios.waitForAll();
expect(wrapper.findComponent(GlLoadingIcon).exists()).toBe(false);
expect(wrapper.find('pre').text()).toBe('No additional information provided.');
expect(wrapper.find('pre').text()).toBe('No additional information provided');
});
});
});

1
spec/lib/gitlab/import_export/all_models.yml
View File

@ -595,6 +595,7 @@ project:
- ci_access_project_authorizations
- cluster_project
- workspaces
- workspace_agentk_states
- creator
- cycle_analytics_stages
- value_streams

26
spec/migrations/20250505171359_queue_backfill_licenses_outside_spdx_catalogue_spec.rb Normal file
View File

@ -0,0 +1,26 @@
# frozen_string_literal: true
require 'spec_helper'
require_migration!
RSpec.describe QueueBackfillLicensesOutsideSpdxCatalogue, migration: :gitlab_main_cell, feature_category: :security_policy_management do
let!(:batched_migration) { described_class::MIGRATION }
it 'schedules a new batched migration' do
reversible_migration do |migration|
migration.before -> {
expect(batched_migration).not_to have_scheduled_batched_migration
}
migration.after -> {
expect(batched_migration).to have_scheduled_batched_migration(
gitlab_schema: :gitlab_main,
table_name: :software_license_policies,
column_name: :id,
batch_size: described_class::BATCH_SIZE,
sub_batch_size: described_class::SUB_BATCH_SIZE
)
}
end
end
end

13
spec/services/clusters/migration/create_service_spec.rb
View File

@ -22,19 +22,6 @@ RSpec.describe Clusters::Migration::CreateService, feature_category: :deployment
subject(:response) { service.execute }
shared_examples 'migrating a legacy cluster to use the agent' do
context 'when the cluster_agent_migrations feature flag is disabled' do
before do
stub_feature_flags(cluster_agent_migrations: false)
end
it 'returns an error' do
expect(Clusters::Agents::CreateService).not_to receive(:new)
expect(response).to be_error
expect(response.message).to eq('Feature disabled')
end
end
context 'when the user does not have permission' do
before do
allow(user).to receive(:can?).with(:admin_cluster, cluster).and_return(false)

11
spec/services/clusters/migration/update_service_spec.rb
View File

@ -26,17 +26,6 @@ RSpec.describe Clusters::Migration::UpdateService, feature_category: :deployment
subject(:execute_service) { service.execute }
context 'when the feature flag is disabled' do
before do
stub_feature_flags(cluster_agent_migrations: false)
end
it 'returns an error' do
expect(execute_service).to be_error
expect(execute_service.message).to eq('Feature disabled')
end
end
context 'when the user does not have permission' do
before do
allow(current_user).to receive(:can?).with(:admin_cluster, cluster).and_return(false)

29
spec/services/packages/update_package_file_service_spec.rb
View File

@ -11,7 +11,7 @@ RSpec.describe Packages::UpdatePackageFileService, feature_category: :package_re
let(:service) { described_class.new(package_file, params) }
describe '#execute' do
subject { service.execute }
subject(:execute) { service.execute }
shared_examples 'updating package file with valid parameters' do
context 'with both parameters set' do
@ -114,6 +114,33 @@ RSpec.describe Packages::UpdatePackageFileService, feature_category: :package_re
expect(package_file.file.file).not_to receive(:copy_to)
end
end
context 'when a bucket prefix is configured' do
let(:bucket_prefix) { 'my-packages' }
before do
stub_package_file_object_storage(
config: Gitlab.config.packages.object_store.merge(
connection: {
provider: 'AWS',
aws_access_key_id: 'AWS_ACCESS_KEY_ID',
aws_secret_access_key: 'AWS_SECRET_ACCESS_KEY',
region: 'eu-central-1',
path_style: true
},
enabled: true,
remote_directory: 'gitlab-registry',
bucket_prefix: bucket_prefix
)
)
end
it 'moves the file to the correct prefixed folder in the bucket' do
execute
expect(package_file.new_file_path).to start_with(bucket_prefix)
end
end
end
end
end

2
spec/support/shared_examples/security/policies_shared_examples.rb
View File

@ -18,7 +18,7 @@ RSpec.shared_examples 'policies list' do
# Scan Execution Policy from ee/spec/fixtures/security_orchestration.yml
expect(page).to have_content 'Run DAST in every pipeline'
# Scan Result Policy from ee/spec/fixtures/security_orchestration.yml
# Approval Policy from ee/spec/fixtures/security_orchestration.yml
expect(page).to have_content 'critical vulnerability CS approvals'
end
end

32
spec/support/shared_examples/services/protected_branches_shared_examples.rb
View File

@ -1,6 +1,6 @@
# frozen_string_literal: true
RSpec.shared_context 'with scan result policy' do
RSpec.shared_context 'with approval policy' do
include RepoHelpers
let(:policy_path) { Security::OrchestrationPolicyConfiguration::POLICY_PATH }
@ -8,10 +8,10 @@ RSpec.shared_context 'with scan result policy' do
let(:default_branch) { policy_project.default_branch }
let(:policy_yaml) do
build(:orchestration_policy_yaml, scan_execution_policy: [], approval_policy: scan_result_policies)
build(:orchestration_policy_yaml, scan_execution_policy: [], approval_policy: approval_policies)
end
let(:scan_result_policies) { [scan_result_policy] }
let(:approval_policies) { [approval_policy] }
before do
policy_configuration.update_attribute(:security_policy_management_project, policy_project)
@ -28,33 +28,33 @@ RSpec.shared_context 'with scan result policy' do
end
end
RSpec.shared_context 'with scan result policy blocking protected branches' do
include_context 'with scan result policy' do
let(:scan_result_policy) do
build(:scan_result_policy, branches: [branch_name], approval_settings: { block_branch_modification: true })
RSpec.shared_context 'with approval policy blocking protected branches' do
include_context 'with approval policy' do
let(:approval_policy) do
build(:approval_policy, branches: [branch_name], approval_settings: { block_branch_modification: true })
end
end
end
RSpec.shared_context 'with scan result policy blocking group-level protected branches' do
include_context 'with scan result policy' do
let(:scan_result_policy) do
build(:scan_result_policy, branches: [branch_name], approval_settings: { block_group_branch_modification: true })
RSpec.shared_context 'with approval policy blocking group-level protected branches' do
include_context 'with approval policy' do
let(:approval_policy) do
build(:approval_policy, branches: [branch_name], approval_settings: { block_group_branch_modification: true })
end
end
end
RSpec.shared_context 'with scan result policy preventing force pushing' do
include_context 'with scan result policy' do
RSpec.shared_context 'with approval policy preventing force pushing' do
include_context 'with approval policy' do
let(:prevent_pushing_and_force_pushing) { true }
let(:scan_result_policy) do
build(:scan_result_policy, branches: [branch_name],
let(:approval_policy) do
build(:approval_policy, branches: [branch_name],
approval_settings: { prevent_pushing_and_force_pushing: prevent_pushing_and_force_pushing })
end
let(:policy_yaml) do
build(:orchestration_policy_yaml, approval_policy: [scan_result_policy])
build(:orchestration_policy_yaml, approval_policy: [approval_policy])
end
end