root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2023-09-11 09:09:10 +00:00
parent 810d16f4d0
commit 3fc19e1442
12 changed files with 188 additions and 131 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitlab/ci/qa-common/main.gitlab-ci.yml
View File

@ -6,7 +6,7 @@ workflow:
include:
- project: gitlab-org/quality/pipeline-common
ref: 7.5.0
ref: 7.5.1
file:
- /ci/base.gitlab-ci.yml
- /ci/knapsack-report.yml

2
GITALY_SERVER_VERSION
View File

@ -1 +1 @@
0279bd27cb92941ba71936f10a63cd52bd081c63
2da899b99c7bc3536b1658f54ed1e8fdb6e02f23

4
doc/administration/audit_event_streaming/audit_event_types.md
View File

@ -91,8 +91,8 @@ Every audit event is associated with an event type. The association with the eve
| [`email_confirmation_sent`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/129261) | Triggered when users add or change and email address and it needs to be confirmed. | **{dotted-circle}** No | **{check-circle}** Yes | `user_profile` | GitLab [16.3](https://gitlab.com/gitlab-org/gitlab/-/issues/377625) |
| [`email_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/114546) | Event triggered when an email is created | **{check-circle}** Yes | **{check-circle}** Yes | `compliance_management` | GitLab [15.11](https://gitlab.com/gitlab-org/gitlab/-/issues/374107) |
| [`email_destroyed`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/114546) | Event triggered when an email is destroyed | **{check-circle}** Yes | **{check-circle}** Yes | `compliance_management` | GitLab [15.11](https://gitlab.com/gitlab-org/gitlab/-/issues/374107) |
| [`environment_protected`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/108247) | This event is triggered when a protected environment is created. | **{check-circle}** Yes | **{dotted-circle}** No | `environment_management` | GitLab [15.8](https://gitlab.com/gitlab-org/gitlab/-/issues/216164) |
| [`environment_unprotected`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/108247) | This event is triggered when a protected environment is deleted. | **{check-circle}** Yes | **{dotted-circle}** No | `environment_management` | GitLab [15.8](https://gitlab.com/gitlab-org/gitlab/-/issues/216164) |
| [`environment_protected`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/108247) | This event is triggered when a protected environment is created. | **{check-circle}** Yes | **{check-circle}** Yes | `environment_management` | GitLab [15.8](https://gitlab.com/gitlab-org/gitlab/-/issues/216164) |
| [`environment_unprotected`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/108247) | This event is triggered when a protected environment is deleted. | **{check-circle}** Yes | **{check-circle}** Yes | `environment_management` | GitLab [15.8](https://gitlab.com/gitlab-org/gitlab/-/issues/216164) |
| [`epic_closed_by_project_bot`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/121485) | Triggered when an epic is closed by a group access token | **{check-circle}** Yes | **{check-circle}** Yes | `portfolio_management` | GitLab [16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/323299) |
| [`epic_created_by_project_bot`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/121485) | Triggered when an epic is created by a group access token | **{check-circle}** Yes | **{check-circle}** Yes | `portfolio_management` | GitLab [16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/323299) |
| [`epic_reopened_by_project_bot`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/121485) | Triggered when an epic is reopened by a group access token | **{check-circle}** Yes | **{check-circle}** Yes | `portfolio_management` | GitLab [16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/323299) |

8
doc/administration/audit_event_streaming/graphql_api.md
View File

@ -6,9 +6,9 @@ info: To determine the technical writer assigned to the Stage/Group associated w
# Audit event streaming GraphQL API **(ULTIMATE ALL)**
> - API [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/332747) in GitLab 14.5 [with a flag](../feature_flags.md) named `ff_external_audit_events_namespace`. Disabled by default.
> - API [Enabled on GitLab.com and by default on self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/338939) in GitLab 14.7.
> - API [Feature flag `ff_external_audit_events_namespace`](https://gitlab.com/gitlab-org/gitlab/-/issues/349588) removed in GitLab 14.8.
> - API [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/332747) in GitLab 14.5 [with a flag](../feature_flags.md) named `ff_external_audit_events_namespace`. Disabled by default.
> - API [enabled on GitLab.com and by default on self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/338939) in GitLab 14.7.
> - API [feature flag `ff_external_audit_events_namespace`](https://gitlab.com/gitlab-org/gitlab/-/issues/349588) removed in GitLab 14.8.
> - Custom HTTP headers API [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/361216) in GitLab 15.1 [with a flag](../feature_flags.md) named `streaming_audit_event_headers`. Disabled by default.
> - Custom HTTP headers API [enabled on GitLab.com and self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/362941) in GitLab 15.2.
> - Custom HTTP headers API [made generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/366524) in GitLab 15.3. [Feature flag `streaming_audit_event_headers`](https://gitlab.com/gitlab-org/gitlab/-/issues/362941) removed.
@ -16,7 +16,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
> - APIs for custom HTTP headers for instance level streaming destinations [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/404560) in GitLab 16.1 [with a flag](../feature_flags.md) named `ff_external_audit_events`. Disabled by default.
> - [Feature flag `ff_external_audit_events`](https://gitlab.com/gitlab-org/gitlab/-/issues/393772) enabled by default in GitLab 16.2.
> - User-specified destination name API support [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/413894) in GitLab 16.2.
> - API [Feature flag `ff_external_audit_events`](https://gitlab.com/gitlab-org/gitlab/-/issues/417708) removed in GitLab 16.2.
> - API [feature flag `ff_external_audit_events`](https://gitlab.com/gitlab-org/gitlab/-/issues/417708) removed in GitLab 16.4.
Audit event streaming destinations can be maintained using a GraphQL API.

40
doc/integration/advanced_search/elasticsearch.md
View File

@ -14,16 +14,14 @@ advanced search provides faster search response times and [improved search featu
### Elasticsearch version requirements
> Support for Elasticsearch 6.8 was [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/350275) in GitLab 15.0.
> Support for Elasticsearch 6.8 [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/350275) in GitLab 15.0.
Advanced search works with the following versions of Elasticsearch.
| GitLab version | Elasticsearch version |
|-----------------------|--------------------------|
| GitLab 15.0 or later | Elasticsearch 7.x - 8.x |
| GitLab 13.9 - 14.10 | Elasticsearch 6.8 - 7.x |
| GitLab 13.3 - 13.8 | Elasticsearch 6.4 - 7.x |
| GitLab 12.7 - 13.2 | Elasticsearch 6.x - 7.x |
|-----------------------|-----------------------------|
| GitLab 15.0 and later | Elasticsearch 7.x and later |
| GitLab 14.0 to 14.10 | Elasticsearch 6.8 to 7.x |
Advanced search follows the [Elasticsearch end-of-life policy](https://www.elastic.co/support/eol).
When we change Elasticsearch supported versions in GitLab, we announce them in [deprecation notes](https://about.gitlab.com/handbook/marketing/blog/release-posts/#deprecations) in monthly release posts
@ -32,9 +30,9 @@ before we remove them.
### OpenSearch version requirements
| GitLab version | OpenSearch version |
|-------------------------|---------------------------|
| GitLab 15.0 to 15.5.2 | OpenSearch 1.x |
|-------------------------|--------------------------|
| GitLab 15.5.3 and later | OpenSearch 1.x and later |
| GitLab 15.0 to 15.5.2 | OpenSearch 1.x |
If your version of Elasticsearch or OpenSearch is incompatible, to prevent data loss, indexing pauses and
a message is logged in the
@ -47,7 +45,7 @@ If you are using a compatible version and after connecting to OpenSearch, you ge
Elasticsearch requires additional resources to those documented in the
[GitLab system requirements](../../install/requirements.md).
Memory, CPU, and storage resource amounts vary depending on the amount of data you index into the Elasticsearch cluster. Heavily used Elasticsearch clusters may require more resources. The [`estimate_cluster_size`](#gitlab-advanced-search-rake-tasks) Rake task ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/221177) in GitLab 13.10) uses the total repository size to estimate the advanced search storage requirements.
Memory, CPU, and storage resource amounts vary depending on the amount of data you index into the Elasticsearch cluster. Heavily used Elasticsearch clusters may require more resources. The [`estimate_cluster_size`](#gitlab-advanced-search-rake-tasks) Rake task uses the total repository size to estimate the advanced search storage requirements.
## Install Elasticsearch
@ -68,10 +66,14 @@ The search index updates after you:
## Upgrade to a new Elasticsearch major version
> - Elasticsearch 6.8 support is removed with GitLab 15.0.
> - Upgrading from GitLab 14.10 to 15.0 requires that you are using any version of Elasticsearch 7.x.
> Support for Elasticsearch 6.8 [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/350275) in GitLab 15.0.
You don't have to change the GitLab configuration when you upgrade Elasticsearch. You should pause indexing during an Elasticsearch upgrade so changes can still be tracked. When the Elasticsearch cluster is fully upgraded and active, [resume indexing](#unpause-indexing).
You don't have to change the GitLab configuration when you upgrade Elasticsearch.
You should pause indexing during an Elasticsearch upgrade so changes can still be tracked.
When the Elasticsearch cluster is fully upgraded and active, [resume indexing](#unpause-indexing).
When you upgrade to GitLab 15.0 and later, you must use Elasticsearch 7.x and later.
## Elasticsearch repository indexer
@ -82,7 +84,7 @@ Depending on your GitLab version, there are different installation procedures fo
- For Linux package installations, the Go indexer is included.
- For self-compiled installations, see [Install the indexer from source](#install-the-indexer-from-source).
- If you're using the GitLab Development Kit, see [Elasticsearch in the GDK](https://gitlab.com/gitlab-org/gitlab-development-kit/-/blob/main/doc/howto/elasticsearch.md).
- If you're running a Helm deployment of GitLab 11.10 and later, [the indexer is already included](https://gitlab.com/gitlab-org/build/CNG/-/merge_requests/213).
- If you're using the GitLab Helm chart, [the indexer is already included](https://gitlab.com/gitlab-org/build/CNG/-/merge_requests/213).
### Install the indexer from source
@ -462,10 +464,6 @@ You can use zero-downtime reindexing to configure index settings or mappings tha
### Trigger the reindex via the advanced search administration
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/34069) in GitLab 13.2.
> - A scheduled index deletion and the ability to cancel it was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/38914) in GitLab 13.3.
> - Support for retries during reindexing was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/55681) in GitLab 13.12.
To trigger the reindexing process:
1. Sign in to your GitLab instance as an administrator.
@ -485,8 +483,6 @@ While the reindexing is running, you can follow its progress under that same sec
#### Elasticsearch zero-downtime reindexing
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/55681) in GitLab 13.12.
1. On the left sidebar, select **Search or go to**.
1. Select **Admin Area**.
1. On the left sidebar, select **Settings > Advanced Search**.
@ -545,8 +541,6 @@ Sometimes, you might want to abandon the unfinished reindex job and resume the i
## Index integrity
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/112369) in GitLab 15.10 [with a flag](../../administration/feature_flags.md) named `search_index_integrity`. Disabled by default.
> - [Enabled on GitLab.com](https://gitlab.com/gitlab-org/gitlab/-/issues/392981) in GitLab 16.0.
> - [Enabled on self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/392981) in GitLab 16.3.
> - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/392981) in GitLab 16.4. Feature flag `search_index_integrity` removed.
Index integrity detects and fixes missing repository data.
@ -555,8 +549,6 @@ scoped to a group or project return no results.
## Advanced search migrations
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/234046) in GitLab 13.6.
With reindex migrations running in the background, there's no need for a manual
intervention. This usually happens in situations where new features are added to
advanced search, which means adding or changing the way content is indexed.
@ -682,7 +674,7 @@ The following are some available Rake tasks:
| [`sudo gitlab-rake gitlab:elastic:index_snippets`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/tasks/gitlab/elastic.rake) | Performs an Elasticsearch import that indexes the snippets data. |
| [`sudo gitlab-rake gitlab:elastic:index_users`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/tasks/gitlab/elastic.rake) | Imports all users into Elasticsearch. |
| [`sudo gitlab-rake gitlab:elastic:projects_not_indexed`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/tasks/gitlab/elastic.rake) | Displays which projects are not indexed. |
| [`sudo gitlab-rake gitlab:elastic:reindex_cluster`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/tasks/gitlab/elastic.rake) | Schedules a zero-downtime cluster reindexing task. This feature should be used with an index that was created after GitLab 13.0. |
| [`sudo gitlab-rake gitlab:elastic:reindex_cluster`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/tasks/gitlab/elastic.rake) | Schedules a zero-downtime cluster reindexing task. |
| [`sudo gitlab-rake gitlab:elastic:mark_reindex_failed`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/tasks/gitlab/elastic.rake) | Mark the most recent re-index job as failed. |
| [`sudo gitlab-rake gitlab:elastic:list_pending_migrations`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/tasks/gitlab/elastic.rake) | List pending migrations. Pending migrations include those that have not yet started, have started but not finished, and those that are halted. |
| [`sudo gitlab-rake gitlab:elastic:estimate_cluster_size`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/tasks/gitlab/elastic.rake) | Get an estimate of cluster size based on the total repository size. |

2
doc/user/project/integrations/slack.md
View File

@ -156,7 +156,7 @@ Commands that change data can cause damage if not run correctly or under the rig
```ruby
# Grab all projects that have the Slack notifications enabled
p = Project.find_by_sql("SELECT p.id FROM projects p LEFT JOIN integrations s ON p.id = s.project_id WHERE s.type_new = 'Slack' AND s.active = true")
p = Project.find_by_sql("SELECT p.id FROM projects p LEFT JOIN integrations s ON p.id = s.project_id WHERE s.type_new = 'Integrations::Slack' AND s.active = true")
# Disable the integration on each of the projects that were found.
p.each do |project|

6
doc/user/workspace/configuration.md
View File

@ -25,6 +25,8 @@ which you can customize to meet the specific needs of each project.
## Set up a workspace
> Support for private projects [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/124273) in GitLab 16.4.
### Prerequisites
- Set up a Kubernetes cluster that the GitLab agent for Kubernetes supports.
@ -56,8 +58,6 @@ which you can customize to meet the specific needs of each project.
### Create a workspace
> Support for private projects [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/124273) in GitLab 16.4.
To create a workspace:
1. On the left sidebar, select **Search or go to**.
@ -76,6 +76,8 @@ You also have access to the terminal and can install any necessary dependencies.
## Connect to a workspace with SSH
> [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/10478) in GitLab 16.3.
Prerequisites:
- SSH must be enabled for the workspace.

11
lib/banzai/filter/code_language_filter.rb
View File

@ -32,12 +32,17 @@ module Banzai
lang, lang_params = parse_lang_params(code_node)
pre_node = code_node.parent
pre_node.remove_attribute('lang') if lang.present?
if lang.present?
code_node.remove_attribute('lang')
pre_node.remove_attribute('lang')
end
pre_node.set_attribute(LANG_ATTR, escape_once(lang)) if lang.present?
pre_node.set_attribute(LANG_PARAMS_ATTR, escape_once(lang_params)) if lang_params.present?
# cmark-gfm added this, it's now in data-lang-params
pre_node.remove_attribute('data-meta')
code_node.remove_attribute('data-meta')
end
private
@ -55,14 +60,14 @@ module Banzai
# "```suggestion:+1-10 more```" -> '<pre data-canonical-lang="suggestion" data-lang-params="+1-10 more">'.
def parse_lang_params(code_node)
pre_node = code_node.parent
language = pre_node.attr('lang')
language = pre_node.attr('lang') || code_node.attr('lang')
return unless language
language, language_params = language.split(LANG_PARAMS_DELIMITER, 2)
# cmark-gfm places extra lang parameters into data-meta
language_params = [pre_node.attr('data-meta'), language_params].compact.join(' ')
language_params = [pre_node.attr('data-meta'), code_node.attr('data-meta'), language_params].compact.join(' ')
[language, language_params]
end

2
qa/gdk/Dockerfile.gdk
View File

@ -1,4 +1,4 @@
FROM registry.gitlab.com/gitlab-org/gitlab-development-kit/asdf-bootstrapped-verify:main@sha256:af7e6e7a9d6338ca7045e878b9717a1c8feb507dbd1e69db7ef407af4074f27d as base
FROM registry.gitlab.com/gitlab-org/gitlab-development-kit/asdf-bootstrapped-verify:main@sha256:f752d46a2008e6b7e0ce0c3473994cc2b3ad8084dbb7dbfce8758297c0929112 as base
ENV GITLAB_LICENSE_MODE=test \
GDK_KILL_CONFIRM=true

117
qa/qa/specs/features/api/4_verify/file_variable_downstream_pipeline_spec.rb
View File

@ -8,12 +8,12 @@ module QA
describe 'Pipeline with file variables and downstream pipelines' do
let(:random_string) { Faker::Alphanumeric.alphanumeric(number: 8) }
let(:executor) { "qa-runner-#{Faker::Alphanumeric.alphanumeric(number: 8)}" }
let!(:project) { create(:project, name: 'upstream-project-with-file-variables') }
let!(:upstream_project) { create(:project, name: 'upstream-project-with-file-variables') }
let!(:downstream_project) { create(:project, name: 'downstream-project') }
let!(:project_runner) do
let!(:upstream_project_runner) do
Resource::ProjectRunner.fabricate! do |runner|
runner.project = project
runner.project = upstream_project
runner.name = executor
runner.tags = [executor]
end
@ -27,11 +27,7 @@ module QA
end
end
let(:add_ci_file) do
Resource::Repository::Commit.fabricate_via_api! do |commit|
commit.project = project
commit.commit_message = 'Add .gitlab-ci.yml and child.yml'
commit.add_files(
let(:upstream_project_files) do
[
{
file_path: '.gitlab-ci.yml',
@ -78,15 +74,9 @@ module QA
YAML
}
]
)
end
end
let(:add_downstream_project_ci_file) do
Resource::Repository::Commit.fabricate_via_api! do |commit|
commit.project = downstream_project
commit.commit_message = 'Add .gitlab-ci.yml'
commit.add_files(
let(:downstream_project_file) do
[
{
file_path: '.gitlab-ci.yml',
@ -108,57 +98,35 @@ module QA
YAML
}
]
)
end
end
let(:add_project_file_variables) do
{
'TEST_PROJECT_FILE' => "hello, this is test\n",
'DOCKER_CA_CERT' => "This is secret\n"
}.each do |file_name, content|
add_file_variable_to_project(project, file_name, content)
end
end
let(:upstream_pipeline) { create(:pipeline, project: project) }
def child_pipeline
create(:pipeline, project: project, id: upstream_pipeline.downstream_pipeline_id(bridge_name: 'trigger_child'))
end
def downstream_project_pipeline
create(:pipeline,
project: downstream_project,
id: upstream_pipeline.downstream_pipeline_id(bridge_name: 'trigger_downstream_project'))
end
around do |example|
Runtime::Feature.enable(:ci_prevent_file_var_expansion_downstream_pipeline, project: project)
Runtime::Feature.enable(:ci_prevent_file_var_expansion_downstream_pipeline, project: upstream_project)
example.run
Runtime::Feature.disable(:ci_prevent_file_var_expansion_downstream_pipeline, project: project)
Runtime::Feature.disable(:ci_prevent_file_var_expansion_downstream_pipeline, project: upstream_project)
end
before do
add_project_file_variables
add_downstream_project_ci_file
add_ci_file
upstream_pipeline
wait_for_pipelines
add_file_variables_to_upstream_project
add_ci_file(downstream_project, downstream_project_file)
add_ci_file(upstream_project, upstream_project_files)
Support::Waiter.wait_until(message: 'Wait for first pipeline creation') { upstream_project.pipelines.present? }
wait_for_pipelines_to_finish
end
after do
project_runner.remove_via_api!
downstream_project_runner.remove_via_api!
[upstream_project_runner, downstream_project_runner].each(&:remove_via_api!)
end
it(
'creates variable with file path in downstream pipelines and can read file variable content',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/416337'
) do
child_echo_job = create(:job, project: project, id: project.job_by_name('child_job_echo')[:id])
child_echo_job = create(:job, project: upstream_project,
id: upstream_project.job_by_name('child_job_echo')[:id])
child_cat_job = create(:job, project: project, id: project.job_by_name('child_job_cat')[:id])
child_cat_job = create(:job, project: upstream_project, id: upstream_project.job_by_name('child_job_cat')[:id])
downstream_project_echo_job = create(:job,
project: downstream_project,
@ -170,10 +138,10 @@ module QA
aggregate_failures do
trace = child_echo_job.trace
expect(trace).to include('run something -f', "#{project.name}.tmp/TEST_PROJECT_FILE")
expect(trace).to include('docker run --tlscacert=', "#{project.name}.tmp/DOCKER_CA_CERT")
expect(trace).to include('run --output=', "#{project.name}.tmp/DOCKER_CA_CERT.crt")
expect(trace).to include('Will read private key from', "#{project.name}.tmp/TEST_PROJECT_FILE")
expect(trace).to include('run something -f', "#{upstream_project.name}.tmp/TEST_PROJECT_FILE")
expect(trace).to include('docker run --tlscacert=', "#{upstream_project.name}.tmp/DOCKER_CA_CERT")
expect(trace).to include('run --output=', "#{upstream_project.name}.tmp/DOCKER_CA_CERT.crt")
expect(trace).to include('Will read private key from', "#{upstream_project.name}.tmp/TEST_PROJECT_FILE")
trace = child_cat_job.trace
expect(trace).to have_content('hello, this is test')
@ -193,23 +161,54 @@ module QA
private
def add_file_variable_to_project(project, key, value)
def add_file_variables_to_upstream_project
{
'TEST_PROJECT_FILE' => "hello, this is test\n",
'DOCKER_CA_CERT' => "This is secret\n"
}.each do |file_name, content|
Resource::CiVariable.fabricate_via_api! do |ci_variable|
ci_variable.project = project
ci_variable.key = key
ci_variable.value = value
ci_variable.project = upstream_project
ci_variable.key = file_name
ci_variable.value = content
ci_variable.variable_type = 'file'
end
end
end
def wait_for_pipelines
def add_ci_file(project, files)
Resource::Repository::Commit.fabricate_via_api! do |commit|
commit.project = project
commit.commit_message = 'Add CI files to project'
commit.add_files(files)
end
end
def wait_for_pipelines_to_finish
Support::Waiter.wait_until(max_duration: 300, sleep_interval: 10) do
upstream_pipeline.reload!
upstream_pipeline.status == 'success' &&
child_pipeline.status == 'success' &&
downstream_project_pipeline.status == 'success'
end
end
# Fetch upstream project's parent pipeline
def upstream_pipeline
create(:pipeline, project: upstream_project, id: upstream_project.latest_pipeline[:id])
end
# Fetch upstream project's child pipeline
def child_pipeline
create(:pipeline,
project: upstream_project,
id: upstream_pipeline.downstream_pipeline_id(bridge_name: 'trigger_child'))
end
# Fetch downstream project's pipeline
def downstream_project_pipeline
create(:pipeline,
project: downstream_project,
id: upstream_pipeline.downstream_pipeline_id(bridge_name: 'trigger_downstream_project'))
end
end
end
end

32
spec/lib/banzai/filter/code_language_filter_spec.rb
View File

@ -27,7 +27,7 @@ RSpec.describe Banzai::Filter::CodeLanguageFilter, feature_category: :team_plann
end
end
context 'when lang is specified' do
context 'when lang is specified on `pre`' do
it 'adds data-canonical-lang and removes lang attribute' do
result = filter('<pre lang="ruby"><code>def fun end</code></pre>')
@ -36,20 +36,40 @@ RSpec.describe Banzai::Filter::CodeLanguageFilter, feature_category: :team_plann
end
end
context 'when lang has extra params' do
let(:lang_params) { 'foo-bar-kux' }
let(:xss_lang) { %(ruby data-meta="foo-bar-kux"&lt;script&gt;alert(1)&lt;/script&gt;) }
context 'when lang is specified on `code`' do
it 'adds data-canonical-lang to `pre` and removes lang attribute' do
result = filter('<pre><code lang="ruby">def fun end</code></pre>')
it 'includes data-lang-params tag with extra information and removes data-meta' do
expected_result = <<~HTML
expect(result.to_html.delete("\n"))
.to eq('<pre data-canonical-lang="ruby"><code>def fun end</code></pre>')
end
end
context 'when lang has extra params' do
let_it_be(:lang_params) { 'foo-bar-kux' }
let_it_be(:xss_lang) { %(ruby data-meta="foo-bar-kux"&lt;script&gt;alert(1)&lt;/script&gt;) }
let_it_be(:expected_result) do
<<~HTML
<pre data-canonical-lang="ruby" data-lang-params="#{lang_params}">
<code>This is a test</code></pre>
HTML
end
context 'when lang is specified on `pre`' do
it 'includes data-lang-params tag with extra information and removes data-meta' do
result = filter(%(<pre lang="ruby" data-meta="#{lang_params}"><code>This is a test</code></pre>))
expect(result.to_html.delete("\n")).to eq(expected_result.delete("\n"))
end
end
context 'when lang is specified on `code`' do
it 'includes data-lang-params tag with extra information and removes data-meta' do
result = filter(%(<pre><code lang="ruby" data-meta="#{lang_params}">This is a test</code></pre>))
expect(result.to_html.delete("\n")).to eq(expected_result.delete("\n"))
end
end
include_examples 'XSS prevention', 'ruby'

41
spec/lib/gitlab/other_markup_spec.rb
View File

@ -2,9 +2,48 @@
require 'spec_helper'
RSpec.describe Gitlab::OtherMarkup do
RSpec.describe Gitlab::OtherMarkup, feature_category: :wiki do
let(:context) { {} }
context 'when restructured text' do
it 'renders' do
input = <<~RST
Header
======
*emphasis*; **strong emphasis**; `interpreted text`
RST
output = <<~HTML
<h1>Header</h1>
<p><em>emphasis</em>; <strong>strong emphasis</strong>; <cite>interpreted text</cite></p>
HTML
expect(render('unimportant_name.rst', input, context)).to include(output.strip)
end
context 'when PlantUML is enabled' do
it 'generates the diagram' do
Gitlab::CurrentSettings.current_application_settings.update!(plantuml_enabled: true, plantuml_url: 'https://plantuml.com/plantuml')
input = <<~RST
.. plantuml::
:caption: Caption with **bold** and *italic*
Bob -> Alice: hello
Alice -> Bob: hi
RST
output = <<~HTML
<img class="plantuml" src="https://plantuml.com/plantuml/png/U9npoazIqBLJSCp9J4wrKiX8pSd9vm9pGA9E-Kb0iKm0o4SAt000" data-diagram="plantuml" data-diagram-src="data:text/plain;base64,Qm9iIC0+IEFsaWNlOiBoZWxsbwpBbGljZSAtPiBCb2I6IGhp">
<p>Caption with <strong>bold</strong> and <em>italic</em></p>
HTML
expect(render('unimportant_name.rst', input, context)).to include(output.strip)
end
end
end
context 'XSS Checks' do
links = {
'links' => {