root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2025-04-10 18:18:24 +00:00
parent d024f170c7
commit 45402502ac
114 changed files with 1194 additions and 433 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.eslint_todo/vue-no-unused-properties.mjs
View File

@ -69,7 +69,6 @@ export default {
'app/assets/javascripts/content_editor/components/wrappers/paragraph.vue',
'app/assets/javascripts/content_editor/components/wrappers/table_of_contents.vue',
'app/assets/javascripts/contribution_events/components/contribution_event/contribution_event_closed.vue',
'app/assets/javascripts/contributors/components/contributors.vue',
'app/assets/javascripts/custom_emoji/pages/index.vue',
'app/assets/javascripts/deploy_freeze/components/deploy_freeze_modal.vue',
'app/assets/javascripts/deploy_freeze/components/deploy_freeze_table.vue',

8
app/assets/javascripts/contributors/components/contributors.vue
View File

@ -1,7 +1,7 @@
<!-- eslint-disable vue/multi-word-component-names -->
<script>
import { GlButton, GlLoadingIcon } from '@gitlab/ui';
import { debounce, uniq } from 'lodash';
import { debounce } from 'lodash';
// eslint-disable-next-line no-restricted-imports
import { mapActions, mapState, mapGetters } from 'vuex';
import { visitUrl } from '~/lib/utils/url_utility';
@ -54,13 +54,12 @@ export default {
data() {
return {
masterChart: null,
individualCharts: [],
individualChartZoom: {},
selectedBranch: this.branch,
};
},
computed: {
...mapState(['chartData', 'loading']),
...mapState(['loading']),
...mapGetters(['showChart', 'parsedData']),
masterChartData() {
const data = {};
@ -144,9 +143,6 @@ export default {
lastContributionDate() {
return this.xAxisRange[this.xAxisRange.length - 1];
},
charts() {
return uniq(this.individualCharts);
},
},
mounted() {
this.fetchChartData(this.endpoint);

2
app/assets/javascripts/pages/projects/edit/index.js
View File

@ -4,6 +4,7 @@ import dirtySubmitFactory from '~/dirty_submit/dirty_submit_factory';
import initFilePickers from '~/file_pickers';
import mountBadgeSettings from '~/pages/shared/mount_badge_settings';
import initProjectDeleteButton from '~/projects/project_delete_button';
import initProjectDelayedDeleteButton from '~/projects/project_delayed_delete_button';
import initServiceDesk from '~/projects/settings_service_desk';
import initTransferProjectForm from '~/projects/settings/init_transfer_project_form';
import initSearchSettings from '~/search_settings';
@ -19,6 +20,7 @@ initFilePickers();
initConfirmDanger();
initSettingsPanels();
initProjectDeleteButton();
initProjectDelayedDeleteButton();
initPruneObjectsButton();
mountBadgeSettings(PROJECT_BADGE);

92
app/assets/javascripts/projects/components/project_delayed_delete_button.vue Normal file
View File

@ -0,0 +1,92 @@
<script>
import { GlLink, GlSprintf } from '@gitlab/ui';
import { __ } from '~/locale';
import SharedDeleteButton from './shared/delete_button.vue';
export default {
components: {
GlSprintf,
GlLink,
SharedDeleteButton,
},
props: {
confirmPhrase: {
type: String,
required: true,
},
nameWithNamespace: {
type: String,
required: true,
},
formPath: {
type: String,
required: true,
},
delayedDeletionDate: {
type: String,
required: true,
},
restoreHelpPath: {
type: String,
required: true,
},
isFork: {
type: Boolean,
required: true,
},
issuesCount: {
type: Number,
required: true,
},
mergeRequestsCount: {
type: Number,
required: true,
},
forksCount: {
type: Number,
required: true,
},
starsCount: {
type: Number,
required: true,
},
buttonText: {
type: String,
required: true,
},
},
strings: {
restoreLabel: __('Restoring projects'),
restoreMessage: __('This project can be restored until %{date}.'),
},
};
</script>
<template>
<shared-delete-button
:confirm-phrase="confirmPhrase"
:name-with-namespace="nameWithNamespace"
:form-path="formPath"
:is-fork="isFork"
:issues-count="issuesCount"
:merge-requests-count="mergeRequestsCount"
:forks-count="forksCount"
:stars-count="starsCount"
:button-text="buttonText"
>
<template #modal-footer>
<p class="gl-mb-0 gl-mt-3 gl-flex gl-items-center gl-text-subtle">
<gl-sprintf :message="$options.strings.restoreMessage">
<template #date>{{ delayedDeletionDate }}</template>
</gl-sprintf>
<gl-link
:aria-label="$options.strings.restoreLabel"
class="gl-ml-2 gl-flex"
:href="restoreHelpPath"
>{{ __('Learn More.') }}
</gl-link>
</p>
</template>
</shared-delete-button>
</template>

45
app/assets/javascripts/projects/project_delayed_delete_button.js Normal file
View File

@ -0,0 +1,45 @@
import Vue from 'vue';
import { parseBoolean } from '~/lib/utils/common_utils';
import ProjectDelayedDeleteButton from './components/project_delayed_delete_button.vue';
export default (selector = '#js-project-delayed-delete-button') => {
const el = document.querySelector(selector);
if (!el) return;
const {
delayedDeletionDate,
confirmPhrase,
nameWithNamespace,
formPath,
restoreHelpPath,
isFork,
issuesCount,
mergeRequestsCount,
forksCount,
starsCount,
buttonText,
} = el.dataset;
// eslint-disable-next-line no-new
new Vue({
el,
render(createElement) {
return createElement(ProjectDelayedDeleteButton, {
props: {
delayedDeletionDate,
confirmPhrase,
nameWithNamespace,
formPath,
restoreHelpPath,
isFork: parseBoolean(isFork),
issuesCount: parseInt(issuesCount, 10),
mergeRequestsCount: parseInt(mergeRequestsCount, 10),
forksCount: parseInt(forksCount, 10),
starsCount: parseInt(starsCount, 10),
buttonText,
},
});
},
});
};

6
app/assets/javascripts/repository/components/header_area/blob_controls.vue
View File

@ -277,7 +277,11 @@ export default {
};
</script>
<template>
<div v-if="showBlobControls" class="gl-flex gl-flex-wrap gl-items-center gl-gap-3">
<div
v-if="showBlobControls"
class="gl-flex gl-flex-wrap gl-items-center gl-gap-3"
data-testid="blob-controls"
>
<open-mr-badge
v-if="glFeatures.filterBlobPath"
:project-path="projectPath"

6
app/assets/javascripts/repository/components/header_area/blob_overflow_menu.vue
View File

@ -151,7 +151,7 @@ export default {
v-gl-tooltip-directive.hover="$options.i18n.dropdownTooltip"
no-caret
icon="ellipsis_v"
data-testid="default-actions-container"
data-testid="blob-overflow-menu"
:toggle-text="$options.i18n.dropdownLabel"
text-sr-only
class="gl-mr-0"
@ -166,7 +166,7 @@ export default {
:user-permissions="userPermissions"
:is-loading="isLoading"
:can-lock="canLock"
:is-replace-disabled="!canModifyFile"
:is-replace-disabled="!canModifyFile && isLocked"
:is-locked="isLocked"
@showForkSuggestion="onShowForkSuggestion"
/>
@ -184,7 +184,7 @@ export default {
:is-empty-repository="isEmptyRepository"
:is-using-lfs="isUsingLfs"
:user-permissions="userPermissions"
:disabled="!canModifyFile"
:disabled="!canModifyFile && isLocked"
@showForkSuggestion="onShowForkSuggestion"
/>
</gl-disclosure-dropdown>

2
app/assets/javascripts/repository/components/header_area/repository_overflow_menu.vue
View File

@ -36,7 +36,7 @@ export default {
v-gl-tooltip-directive="$options.i18n.dropdownLabel"
no-caret
icon="ellipsis_v"
data-testid="default-actions-container"
data-testid="repository-overflow-menu"
placement="bottom-end"
category="tertiary"
:toggle-text="$options.i18n.dropdownLabel"

6
app/assets/javascripts/sidebar/components/lock/issuable_lock_form.vue
View File

@ -1,5 +1,6 @@
<script>
import {
GlIcon,
GlLoadingIcon,
GlDisclosureDropdownItem,
GlTooltipDirective,
@ -25,6 +26,7 @@ export default {
displayText: __('Unlocked'),
},
components: {
GlIcon,
GlLoadingIcon,
GlDisclosureDropdownItem,
},
@ -82,6 +84,9 @@ export default {
lockToggleText() {
return this.isLocked ? this.unlockMergeRequestText : this.lockMergeRequestText;
},
lockToggleIcon() {
return this.isLocked ? 'lock-open' : 'lock';
},
lockingMergeRequestText() {
return sprintf(this.$options.i18n.lockingMergeRequest, {
issuableDisplayName: this.issuableDisplayName,
@ -188,6 +193,7 @@ export default {
<gl-loading-icon inline size="sm" /> {{ lockToggleInProgressText }}
</template>
<template v-else>
<gl-icon :name="lockToggleIcon" class="gl-mr-2" variant="subtle" />
{{ lockToggleText }}
</template>
</span>

15
app/assets/javascripts/token_access/constants.js
View File

@ -5,6 +5,7 @@ export const RESOURCE_DEPLOYMENTS = { value: 'DEPLOYMENTS', text: s__('JobToken|
export const RESOURCE_ENVIRONMENTS = { value: 'ENVIRONMENTS', text: s__('JobToken|Environments') };
export const RESOURCE_JOBS = { value: 'JOBS', text: s__('JobToken|Jobs') };
export const RESOURCE_PACKAGES = { value: 'PACKAGES', text: s__('JobToken|Packages') };
export const RESOURCE_PIPELINES = { value: 'PIPELINES', text: s__('JobToken|Pipelines') };
export const RESOURCE_RELEASES = { value: 'RELEASES', text: s__('JobToken|Releases') };
export const RESOURCE_SECURE_FILES = { value: 'SECURE_FILES', text: s__('JobToken|Secure files') };
export const RESOURCE_TERRAFORM_STATE = {
@ -55,6 +56,16 @@ export const POLICY_ADMIN_PACKAGES = {
text: READ_AND_WRITE,
resource: RESOURCE_PACKAGES,
};
export const POLICY_READ_PIPELINES = {
value: 'READ_PIPELINES',
text: READ,
resource: RESOURCE_PIPELINES,
};
export const POLICY_ADMIN_PIPELINES = {
value: 'ADMIN_PIPELINES',
text: READ_AND_WRITE,
resource: RESOURCE_PIPELINES,
};
export const POLICY_READ_RELEASES = {
value: 'READ_RELEASES',
text: READ,
@ -104,6 +115,10 @@ export const POLICIES_BY_RESOURCE = [
resource: RESOURCE_PACKAGES,
policies: [POLICY_NONE, POLICY_READ_PACKAGES, POLICY_ADMIN_PACKAGES],
},
{
resource: RESOURCE_PIPELINES,
policies: [POLICY_NONE, POLICY_READ_PIPELINES, POLICY_ADMIN_PIPELINES],
},
{
resource: RESOURCE_RELEASES,
policies: [POLICY_NONE, POLICY_READ_RELEASES, POLICY_ADMIN_RELEASES],

16
app/assets/javascripts/vue_shared/components/mr_more_dropdown.vue
View File

@ -139,6 +139,9 @@ export default {
draftLabel() {
return this.draft ? this.$options.i18n.markAsReady : this.$options.i18n.markAsDraft;
},
draftIcon() {
return this.draft ? 'check-circle' : 'review-list';
},
draftState() {
return this.draft ? 'ready' : 'draft';
},
@ -277,7 +280,12 @@ export default {
class="sm:!gl-hidden"
data-testid="edit-merge-request"
:item="editItem"
/>
>
<template #list-item>
<gl-icon name="pencil" class="gl-mr-2" variant="subtle" />
{{ $options.i18n.edit }}
</template>
</gl-disclosure-dropdown-item>
<gl-disclosure-dropdown-item
v-if="isOpen && canUpdateMergeRequest"
@ -286,6 +294,7 @@ export default {
>
<template #list-item>
<gl-loading-icon v-if="isLoadingDraft" inline size="sm" />
<gl-icon v-else :name="draftIcon" class="gl-mr-2" variant="subtle" />
{{ draftLabel }}
</template>
</gl-disclosure-dropdown-item>
@ -304,6 +313,7 @@ export default {
}}
</template>
<template v-else>
<gl-icon name="merge-request-close" class="gl-mr-2" variant="subtle" />
{{ sprintf($options.i18n.close, { issuableType: $options.i18n.issuableName }) }}
</template>
</template>
@ -324,6 +334,7 @@ export default {
}}
</template>
<template v-else>
<gl-icon name="merge-request-open" class="gl-mr-2" variant="subtle" />
{{ sprintf($options.i18n.reopen, { issuableType: $options.i18n.issuableName }) }}
</template>
</template>
@ -335,6 +346,7 @@ export default {
class="js-sidebar-lock-root"
>
<template #list-item>
<gl-icon name="lock" class="gl-mr-2" variant="subtle" />
{{ sprintf($options.i18n.lock, { issuableType: $options.i18n.issuableName }) }}
</template>
</gl-disclosure-dropdown-item>
@ -346,6 +358,7 @@ export default {
@action="copyClipboardAction"
>
<template #list-item>
<gl-icon name="copy-to-clipboard" class="gl-mr-2" variant="subtle" />
{{ $options.i18n.copyReferenceText }}
</template>
</gl-disclosure-dropdown-item>
@ -362,6 +375,7 @@ export default {
@action="reportAbuseAction(true)"
>
<template #list-item>
<gl-icon name="abuse" class="gl-mr-2" variant="subtle" />
{{ $options.i18n.reportAbuse }}
</template>
</gl-disclosure-dropdown-item>

2
app/finders/concerns/ci/pipeline_ref_filter_including_reserved_ref_names.rb
View File

@ -16,7 +16,7 @@ module Ci
# @param pipeline_sources [Array<String>, String, nil] The pipeline sources to consider
# @return [Array<String>] Array of refs including the original and any reserved refs
def ref_and_associated_reserved_refs(container, ref, pipeline_sources = nil)
return [ref] unless ref && Feature.enabled?(:include_reserved_refs_in_pipeline_refs_filter, actor(container))
return [] unless ref
normalized_sources = Array.wrap(pipeline_sources || Pipeline.sources.keys).map(&:to_s)

4
app/helpers/projects_helper.rb
View File

@ -742,6 +742,10 @@ module ProjectsHelper
dashboard_projects_landing_paths.include?(request.path) && !current_user.authorized_projects.exists?
end
def scheduled_for_deletion?(project)
project.marked_for_deletion_at.present?
end
def delete_delayed_message(project)
date = permanent_deletion_date_formatted(Date.current)

1
app/services/ci/collect_pipeline_analytics_service_base.rb
View File

@ -9,7 +9,6 @@ module Ci
STATUS_TO_STATUS_GROUP = STATUS_GROUP_TO_STATUSES.flat_map { |k, v| v.product([k]) }.to_h
ALLOWED_PERCENTILES = [50, 75, 90, 95, 99].freeze
MERGE_REQUEST_LIMIT = 100
attr_reader :current_user, :container, :from_time, :to_time, :source, :ref, :status_groups, :duration_percentiles

2
app/services/ci/create_pipeline_service.rb
View File

@ -93,7 +93,7 @@ module Ci
variables_attributes: params[:variables_attributes],
project: project,
current_user: current_user,
push_options: params[:push_options] || {},
push_options: ::Ci::PipelineCreation::PushOptions.fabricate(params[:push_options]),
chat_data: params[:chat_data],
bridge: bridge,
logger: @logger,

47
app/services/git/base_hooks_service.rb
View File

@ -98,17 +98,17 @@ module Git
before: oldrev,
after: newrev,
ref: ref,
variables_attributes: generate_vars_from_push_options || [],
push_options: params[:push_options] || {},
variables_attributes: ci_push_options.variables,
push_options: ci_push_options,
checkout_sha: Gitlab::DataBuilder::Push.checkout_sha(
project.repository, newrev, ref)
}
end
end
def ci_variables_from_push_options
strong_memoize(:ci_variables_from_push_options) do
push_options&.dig(:ci, :variable)
def ci_push_options
strong_memoize(:ci_push_options) do
Ci::PipelineCreation::PushOptions.fabricate(push_options)
end
end
@ -124,23 +124,6 @@ module Git
end
end
def generate_vars_from_push_options
return [] unless ci_variables_from_push_options
ci_variables_from_push_options.map do |var_definition, _count|
key, value = var_definition.to_s.split("=", 2)
# Accept only valid format. We ignore the following formats
# 1. "=123". In this case, `key` will be an empty string
# 2. "FOO". In this case, `value` will be nil.
# However, the format "FOO=" will result in key being `FOO` and value
# being an empty string. This is acceptable.
next if key.blank? || value.nil?
{ "key" => key, "variable_type" => "env_var", "secret_value" => value }
end.compact
end
def push_data_params(commits:, with_changed_files: true)
{
oldrev: oldrev,
@ -172,29 +155,11 @@ module Git
# merges with EE override
def pipeline_options
return {} unless ci_inputs_from_push_options
{
inputs: generate_ci_inputs_from_push_options || {}
inputs: ci_push_options.inputs
}
end
def ci_inputs_from_push_options
strong_memoize(:ci_inputs_from_push_options) do
push_options&.dig(:ci, :input)
end
end
def generate_ci_inputs_from_push_options
return {} unless ci_inputs_from_push_options
params = ci_inputs_from_push_options.map do |input, _|
input.to_s.split("=", 2)
end
::Ci::PipelineCreation::Inputs.parse_params(params.to_h)
end
def log_pipeline_errors(error_message)
data = {
class: self.class.name,

2
app/validators/json_schemas/ci_job_token_policies.json
View File

@ -13,6 +13,8 @@
"admin_jobs",
"read_packages",
"admin_packages",
"read_pipelines",
"admin_pipelines",
"read_releases",
"admin_releases",
"read_secure_files",

6
app/validators/json_schemas/cloud_connector_access_catalog.json Normal file
View File

@ -0,0 +1,6 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"description": "Cloud Connector Access Catalog",
"type": "object",
"additionalProperties": true
}

12
app/views/projects/_delete_card_body.html.haml
View File

@ -1 +1,11 @@
= render 'delete_immediately'
- if @project.adjourned_deletion?
-# Adjourned deletion feature is configured and available globally or at the namespace level
- if scheduled_for_deletion?(@project)
-# Project has already been marked for delayed deletion, permanently delete this project
= render 'delete_immediately', button_text: _('Delete project immediately')
- else
-# Mark for delayed deletion
= render 'delete_delayed'
- else
-# Adjourned deletion feature is not available, permanently delete the project
= render 'delete_immediately'

7
app/views/projects/_delete_delayed.html.haml Normal file
View File

@ -0,0 +1,7 @@
%p= delete_delayed_message(@project)
- if @project.adjourned_deletion?
#js-project-delayed-delete-button{ data: project_delete_delayed_button_data(@project) }
- else
-# This is a free project, it will use delayed deletion but can only be restored by an admin.
-# Use the standard delete button so there is no message about it being able to be restored.
#js-project-delete-button{ data: project_delete_delayed_button_data(@project) }

2
app/views/projects/runners/_group_runners.html.haml
View File

@ -31,8 +31,6 @@
= _('Ask your group owner to set up a group runner.')
- else
%h3.gl-heading-5.gl-mt-5.gl-mb-0.gl-px-5
= _('Available group runners: %{runners}') % { runners: @group_runners_count }
%ul.content-list
= render partial: 'projects/runners/runner', collection: @group_runners, as: :runner
= paginate @group_runners, theme: "gitlab", param_name: "group_runners_page", params: { expand_runners: true, anchor: 'js-runners-settings' }

2
app/views/projects/runners/_shared_runners.html.haml
View File

@ -1,4 +1,4 @@
= render ::Layouts::CrudComponent.new(s_('Runners|Available instance runners'),
= render ::Layouts::CrudComponent.new(s_('Runners|Instance runners'),
icon: 'users',
count: @shared_runners_count,
options: { data: { testid: 'available-shared-runners' } }) do |c|

23
app/views/shared/groups_projects/settings/_restore.html.haml Normal file
View File

@ -0,0 +1,23 @@
- return unless context.is_a?(Group) || context.is_a?(Project)
- return unless context.marked_for_deletion?
-# FIXME: Replace `context.marked_for_deletion_on` with `context` after https://gitlab.com/gitlab-org/gitlab/-/work_items/527085
- date = permanent_deletion_date_formatted(context.marked_for_deletion_on)
- if context.is_a?(Group)
- context_name = _('group')
- restore_path = group_restore_path(context)
- else
- context_name = _('project')
- restore_path = namespace_project_restore_path(context.namespace, context)
= render Pajamas::CardComponent.new(body_options: { class: 'gl-bg-orange-50' }) do |c|
- c.with_header do
.gl-flex.gl-grow
%h4.gl-text-base.gl-text-warning.gl-leading-24.gl-m-0= _('Restore %{context}') % { context: context_name }
- c.with_body do
%p
= (_("This %{context} has been scheduled for deletion on %{strongStart}%{date}%{strongEnd}. To cancel the scheduled deletion, you can restore this %{context}, including all its resources.") % { context: context_name, strongStart: "<strong>", strongEnd: "</strong>", date: date }).html_safe
= render Pajamas::ButtonComponent.new(variant: :confirm, method: :post, href: restore_path) do
= _('Restore %{context}') % { context: context_name }

7
app/views/shared/projects/_actions.html.haml Normal file
View File

@ -0,0 +1,7 @@
- if project.adjourned_deletion_configured? && scheduled_for_deletion?(project)
= render Pajamas::ButtonComponent.new(category: :tertiary,
href: project_restore_path(project),
method: :post,
variant: :link,
button_options: { class: 'gl-ml-3' }) do
= _("Restore")

6
config/feature_flags/wip/blob_overflow_menu.yml → config/feature_flags/gitlab_com_derisk/blob_overflow_menu.yml
View File

@ -2,8 +2,8 @@
name: blob_overflow_menu
feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/450774
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/174992
rollout_issue_url:
milestone: '17.7'
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/522993
milestone: '17.10'
group: group::source code
type: wip
type: gitlab_com_derisk
default_enabled: false

9
config/feature_flags/gitlab_com_derisk/include_reserved_refs_in_pipeline_refs_filter.yml
View File

@ -1,9 +0,0 @@
---
name: include_reserved_refs_in_pipeline_refs_filter
feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/527279
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/186590
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/532291
milestone: '17.11'
group: group::runner
type: gitlab_com_derisk
default_enabled: false

9
db/migrate/20250327160810_add_catalog_to_cloud_connector_access.rb Normal file
View File

@ -0,0 +1,9 @@
# frozen_string_literal: true
class AddCatalogToCloudConnectorAccess < Gitlab::Database::Migration[2.2]
milestone '17.11'
def change
add_column :cloud_connector_access, :catalog, :jsonb
end
end

1
db/schema_migrations/20250327160810 Normal file
View File

@ -0,0 +1 @@
5b31226559f9ca4171e1b2f77334b4a188c539677b3776bde64edd889181517d

3
db/structure.sql
View File

@ -12281,7 +12281,8 @@ CREATE TABLE cloud_connector_access (
id bigint NOT NULL,
created_at timestamp with time zone NOT NULL,
updated_at timestamp with time zone NOT NULL,
data jsonb NOT NULL
data jsonb NOT NULL,
catalog jsonb
);
CREATE SEQUENCE cloud_connector_access_id_seq

2
doc/.vale/gitlab_docs/InternalLinkCase.yml
View File

@ -11,4 +11,4 @@ vocab: false
level: error
scope: raw
raw:
- '[^\`]\[[^\[\]]+\]\((https?:){0}[\w\/\.]*?#[^\s]*?[A-Z][^\) ]*\)[^\`]'
- '(?<!\`)\[[^\[\]]+\]\((?!https?:)[^\)]*?#[^\s\)]*?[A-Z][^\)]*?\)(?!\`)'

4
doc/administration/dedicated/configure_instance/_index.md
View File

@ -54,13 +54,15 @@ For all other instance configurations, submit a support ticket according to the
### Apply configuration changes in Switchboard
You can apply configuration changes made in Switchboard immediately or defer them until your next scheduled weekly [maintenance window](../../dedicated/maintenance.md#maintenance-windows).
You can apply configuration changes made in Switchboard immediately or defer them until your next scheduled weekly [maintenance window](../maintenance.md#maintenance-windows).
When you apply changes immediately:
- Deployment can take up to 90 minutes.
- Changes are applied in the order they're saved.
- You can save multiple changes and apply them in one batch.
- Your GitLab Dedicated instance remains available during the deployment.
- Changes to private hosted zones can disrupt services that use these records for up to 5 minutes.
After the deployment job is complete, you receive an email notification. Check your spam folder if you do not see a notification in your main inbox.
All users with access to view or edit your tenant in Switchboard receive a notification for each change. For more information, see [Manage Switchboard notification preferences](users_notifications.md#manage-notification-preferences).

2
doc/administration/geo/disaster_recovery/_index.md
View File

@ -460,7 +460,7 @@ must disable the **primary** site:
{{< alert type="warning" >}}
If the secondary site [has been paused](../../geo/_index.md#pausing-and-resuming-replication), this performs
If the secondary site [has been paused](../_index.md#pausing-and-resuming-replication), this performs
a point-in-time recovery to the last known state.
Data that was created on the primary while the secondary was paused is lost.

2
doc/administration/geo/replication/troubleshooting/client_http.md
View File

@ -96,7 +96,7 @@ Geo::TrackingBase::SecondaryNotConfigured: Geo secondary database is not configu
On a Geo primary site this error can be ignored.
This happens because GitLab is attempting to display registries from the [Geo tracking database](../../../geo/_index.md#geo-tracking-database) which doesn't exist on the primary site (only the original projects exist on the primary; no replicated projects are present, therefore no tracking database exists).
This happens because GitLab is attempting to display registries from the [Geo tracking database](../../_index.md#geo-tracking-database) which doesn't exist on the primary site (only the original projects exist on the primary; no replicated projects are present, therefore no tracking database exists).
### Secondary site returns 400 error "Request header or cookie too large"

2
doc/administration/geo/replication/troubleshooting/common.md
View File

@ -225,7 +225,7 @@ Example:
```
All objects are replicated and verified, which are defined in the [Geo glossary](../../glossary.md). Read more about the
methods we use for replicating and verifying each data type in [supported Geo data types](../../replication/datatypes.md#data-types).
methods we use for replicating and verifying each data type in [supported Geo data types](../datatypes.md#data-types).
To find more details about failed items, check
[the `gitlab-rails/geo.log` file](../../../logs/log_parsing.md#find-most-common-geo-sync-errors)

2
doc/administration/gitlab_duo_self_hosted/configure_duo_features.md
View File

@ -149,7 +149,7 @@ When configuring GitLab Duo Chat sub-features, if you do not select a specific s
### Self-host the GitLab documentation
If your setup of GitLab Duo Self-Hosted stops you from accessing the GitLab documentation at `docs.gitlab.com`, you can self-host the documentation instead. For more information, see how to [host the GitLab product documentation](../../administration/docs_self_host.md).
If your setup of GitLab Duo Self-Hosted stops you from accessing the GitLab documentation at `docs.gitlab.com`, you can self-host the documentation instead. For more information, see how to [host the GitLab product documentation](../docs_self_host.md).
### Disable GitLab Duo features

6
doc/administration/raketasks/_index.md
View File

@ -27,7 +27,7 @@ The following Rake tasks are available for use with GitLab:
| Tasks | Description |
|:-----------------------------------------------------------------------------------------------------------|:------------|
| [Access token expiration tasks](tokens/_index.md) | Bulk extend or remove expiration dates for access tokens. |
| [Back up and restore](../../administration/backup_restore/_index.md) | Back up, restore, and migrate GitLab instances between servers. |
| [Back up and restore](../backup_restore/_index.md) | Back up, restore, and migrate GitLab instances between servers. |
| [Clean up](cleanup.md) | Clean up unneeded items from GitLab instances. |
| [Development](../../development/rake_tasks.md) | Tasks for GitLab contributors. |
| [Elasticsearch](../../integration/advanced_search/elasticsearch.md#gitlab-advanced-search-rake-tasks) | Maintain Elasticsearch in a GitLab instance. |
@ -36,9 +36,9 @@ The following Rake tasks are available for use with GitLab:
| [Import large project exports](project_import_export.md#import-large-projects) | Import large GitLab [project exports](../../user/project/settings/import_export.md). |
| [Incoming email](incoming_email.md) | Incoming email-related tasks. |
| [Integrity checks](check.md) | Check the integrity of repositories, files, LDAP, and more. |
| [LDAP maintenance](ldap.md) | [LDAP](../../administration/auth/ldap/_index.md)-related tasks. |
| [LDAP maintenance](ldap.md) | [LDAP](../auth/ldap/_index.md)-related tasks. |
| [Password](password.md) | Password management tasks. |
| [Praefect Rake tasks](praefect.md) | [Praefect](../../administration/gitaly/praefect.md)-related tasks. |
| [Praefect Rake tasks](praefect.md) | [Praefect](../gitaly/praefect.md)-related tasks. |
| [Project import/export](project_import_export.md) | Prepare for [project exports and imports](../../user/project/settings/import_export.md). |
| [Sidekiq job migration](../sidekiq/sidekiq_job_migration.md) | Migrate Sidekiq jobs scheduled for future dates to a new queue. |
| [Service Desk email](service_desk_email.md) | Service Desk email-related tasks. |

2
doc/administration/settings/account_and_limit_settings.md
View File

@ -115,7 +115,7 @@ You can also configure the prefix by using the
{{< history >}}
- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/179852) in GitLab 17.10 [with a flag](../../administration/feature_flags.md) named `custom_prefix_for_all_token_types`. Disabled by default.
- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/179852) in GitLab 17.10 [with a flag](../feature_flags.md) named `custom_prefix_for_all_token_types`. Disabled by default.
{{< /history >}}

4
doc/administration/settings/continuous_integration.md
View File

@ -181,7 +181,7 @@ You can set the maximum size of distinct [job artifacts](../cicd/job_artifacts.m
The default maximum size for each artifact file in a job is 100 MB.
For GitLab.com, see [Artifacts maximum size](../../user/gitlab_com/_index.md#cicd).
Job artifacts defined with `artifacts:reports` can have [different limits](../../administration/instance_limits.md#maximum-file-size-per-type-of-artifact).
Job artifacts defined with `artifacts:reports` can have [different limits](../instance_limits.md#maximum-file-size-per-type-of-artifact).
In this case, the smaller value is used.
{{< alert type="note" >}}
@ -414,7 +414,7 @@ for all projects from the **Admin** area.
Incremental logging uses Redis instead of disk space for temporary caching of job logs.
When turned on, archived job logs are incrementally uploaded to object storage.
For more information, see [incremental logging](../../administration/cicd/job_logs.md#incremental-logging).
For more information, see [incremental logging](../cicd/job_logs.md#incremental-logging).
Prerequisites:

2
doc/api/graphql/reference/_index.md
View File

@ -42184,6 +42184,7 @@ CI_JOB_TOKEN policy.
| <a id="cijobtokenscopepoliciesadmin_environments"></a>`ADMIN_ENVIRONMENTS` | Admin Environments. |
| <a id="cijobtokenscopepoliciesadmin_jobs"></a>`ADMIN_JOBS` | Admin Jobs. |
| <a id="cijobtokenscopepoliciesadmin_packages"></a>`ADMIN_PACKAGES` | Admin Packages. |
| <a id="cijobtokenscopepoliciesadmin_pipelines"></a>`ADMIN_PIPELINES` | Admin Pipelines. |
| <a id="cijobtokenscopepoliciesadmin_releases"></a>`ADMIN_RELEASES` | Admin Releases. |
| <a id="cijobtokenscopepoliciesadmin_secure_files"></a>`ADMIN_SECURE_FILES` | Admin Secure Files. |
| <a id="cijobtokenscopepoliciesadmin_terraform_state"></a>`ADMIN_TERRAFORM_STATE` | Admin Terraform State. |
@ -42191,6 +42192,7 @@ CI_JOB_TOKEN policy.
| <a id="cijobtokenscopepoliciesread_environments"></a>`READ_ENVIRONMENTS` | Read Environments. |
| <a id="cijobtokenscopepoliciesread_jobs"></a>`READ_JOBS` | Read Jobs. |
| <a id="cijobtokenscopepoliciesread_packages"></a>`READ_PACKAGES` | Read Packages. |
| <a id="cijobtokenscopepoliciesread_pipelines"></a>`READ_PIPELINES` | Read Pipelines. |
| <a id="cijobtokenscopepoliciesread_releases"></a>`READ_RELEASES` | Read Releases. |
| <a id="cijobtokenscopepoliciesread_secure_files"></a>`READ_SECURE_FILES` | Read Secure Files. |
| <a id="cijobtokenscopepoliciesread_terraform_state"></a>`READ_TERRAFORM_STATE` | Read Terraform State. |

16
doc/api/openapi/openapi_v2.yaml
View File

@ -44314,6 +44314,10 @@ definitions:
cluster_agents:
type: string
example: https://gitlab.example.com/api/v4/projects/4/cluster_agents
marked_for_deletion_at:
type: string
marked_for_deletion_on:
type: string
packages_enabled:
type: boolean
empty_repo:
@ -44559,10 +44563,6 @@ definitions:
type: string
external_authorization_classification_label:
type: string
marked_for_deletion_at:
type: string
marked_for_deletion_on:
type: string
requirements_enabled:
type: string
requirements_access_level:
@ -59773,6 +59773,10 @@ definitions:
cluster_agents:
type: string
example: https://gitlab.example.com/api/v4/projects/4/cluster_agents
marked_for_deletion_at:
type: string
marked_for_deletion_on:
type: string
packages_enabled:
type: boolean
empty_repo:
@ -60018,10 +60022,6 @@ definitions:
type: string
external_authorization_classification_label:
type: string
marked_for_deletion_at:
type: string
marked_for_deletion_on:
type: string
requirements_enabled:
type: string
requirements_access_level:

52
doc/ci/jobs/_index.md
View File

@ -388,17 +388,17 @@ If a pipeline has multiple failed or canceled jobs, you can retry all of them at
- Go to a merge request and select the **Pipelines** tab.
1. For the pipeline with failed or canceled jobs, select **Retry all failed or canceled jobs** ({{< icon name="retry" >}}).
## Cancel a job
## Cancel jobs
You can cancel a CI/CD job depending on its current state and the runner's capabilities.
You can cancel a CI/CD job that hasn't completed yet.
When you cancel a job, what happens next depends on the job state and runner capabilities:
When you cancel a job, what happens next depends on its state and the GitLab Runner version:
- For a `pending` job (not yet executing), the job is canceled immediately.
- For a `running` job:
- If the runner supports graceful cancellation, the job enters the `canceling` state.
The runner can complete its [`after_script`](../yaml/_index.md#after_script) before the job is marked as `canceled`.
- If the runner doesn't support graceful cancellation, the job moves to the `canceled` state immediately.
- For jobs that haven't started executing yet, the job is canceled immediately.
- For running jobs:
- For GitLab Runner 16.10 and later with GitLab 17.0 and later, the job is marked as `canceling` while the runner runs the job's [`after_script`](../yaml/_index.md#after_script).
When `after_script` completes, the job is marked as `canceled`.
- For GitLab Runner 16.9 and earlier with GitLab 16.11 and earlier, the job is `canceled` immediately without running `after_script`.
```mermaid
%%{init: { "fontFamily": "GitLab Sans" }}%%
@ -407,7 +407,7 @@ stateDiagram-v2
accDescr: Shows possible state transitions for CI/CD jobs, including cancellation paths.
direction TB
state if_graceful <>
state if_versions <>
[*] --> pending: Job created
pending --> canceled: Cancel requested
canceled --> [*]
@ -416,13 +416,16 @@ stateDiagram-v2
success --> [*]
running --> failed: Job fails
failed --> [*]
running --> if_graceful: Cancel requested
if_graceful --> canceling: Runner supports graceful cancellation
if_graceful --> canceled: Runner doesn't support graceful cancellation
canceling --> canceled: Graceful cancellation complete
note right of if_graceful: Does the runner support graceful cancellation?
running --> if_versions: Cancel requested
if_versions --> canceling: GitLab 17.0 and later with GitLab Runner 16.10 and later
if_versions --> canceled: GitLab 16.11 and earlier with GitLab Runner 16.9 and earlier
canceling --> canceled: after_script complete
```
If you need to cancel a job immediately without waiting for the `after_script`, use [force cancel](#force-cancel-a-job).
### Cancel a job
Prerequisites:
- You must have at least the Developer role for the project,
@ -466,23 +469,24 @@ You can cancel all jobs in a running pipeline at once.
{{< /history >}}
If a job is stuck in the `canceling` state, you can force it to the `canceled` state.
If you don't want to wait for `after_script` to finish or a job is unresponsive, you can force cancel it.
Force cancel immediately moves a job from the `canceling` state to `canceled`.
When you force cancel a job, the [job token](ci_job_token.md) is immediately revoked.
If the runner is still executing the job, it loses access to GitLab.
The runner aborts the job without waiting for `after_script` to complete.
Prerequisites:
- You must have at least the Maintainer role for the project.
- The job must be in the `canceling` state, which requires:
- GitLab 17.0 and later.
- GitLab Runner 16.10 and later.
To force cancel a job:
- From the job log, select **Force cancel**.
{{< alert type="warning" >}}
When you force cancel a job, the [job token](ci_job_token.md) is revoked.
If the runner is still trying to execute the job, it loses access to GitLab.
The runner aborts the job without waiting for `after_script` to complete.
{{< /alert >}}
1. Go to the job's log page.
1. In the upper-right corner, select **Force cancel**.
## Troubleshoot a failed job

4
doc/ci/jobs/fine_grained_permissions.md
View File

@ -99,7 +99,6 @@ The following endpoints are available for CI/CD job tokens.
| Environments: Read and write | `ADMIN_ENVIRONMENTS` | `PUT /projects/:id/environments/:environment_id` | Update an existing environment |
| Environments: Read | `READ_ENVIRONMENTS` | `GET /projects/:id/environments/:environment_id` | Get a specific environment |
| Environments: Read | `READ_ENVIRONMENTS` | `GET /projects/:id/environments` | List environments |
| Jobs: Read and write | `ADMIN_JOBS` | `PUT /projects/:id/pipelines/:pipeline_id/metadata` | Updates pipeline metadata |
| Jobs: Read | `READ_JOBS` | `GET /jobs/:id/artifacts` | Download the artifacts file for job |
| Jobs: Read | `READ_JOBS` | `GET /projects/:id/jobs/:job_id/artifacts/*artifact_path` | Download a specific file from artifacts archive |
| Jobs: Read | `READ_JOBS` | `GET /projects/:id/jobs/:job_id/artifacts` | Download the artifacts archive from a job |
@ -176,7 +175,6 @@ The following endpoints are available for CI/CD job tokens.
| Packages: Read | `READ_PACKAGES` | `GET /packages/maven/*path/:file_name` | Download the maven package file at instance level |
| Packages: Read | `READ_PACKAGES` | `GET /packages/npm/-/package/*package_name/dist-tags` | Get all tags for a given an NPM package |
| Packages: Read | `READ_PACKAGES` | `GET /projects/:id/packages/:package_id/package_files` | List package files |
| Packages: Read | `READ_PACKAGES` | `GET /projects/:id/packages/:package_id/pipelines` | Get the pipelines for a single project package |
| Packages: Read | `READ_PACKAGES` | `GET /projects/:id/packages/:package_id` | Get a single project package |
| Packages: Read | `READ_PACKAGES` | `GET /projects/:id/packages/composer/archives/*package_name` | Composer package endpoint to download a package archive |
| Packages: Read | `READ_PACKAGES` | `GET /projects/:id/packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel/digest` | Recipe Digest |
@ -214,6 +212,8 @@ The following endpoints are available for CI/CD job tokens.
| Packages: Read | `READ_PACKAGES` | `POST /projects/:id/packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel/upload_urls` | Recipe Upload Urls |
| Packages: Read | `READ_PACKAGES` | `POST /projects/:id/packages/npm/-/npm/v1/security/advisories/bulk` | NPM registry bulk advisory endpoint |
| Packages: Read | `READ_PACKAGES` | `POST /projects/:id/packages/npm/-/npm/v1/security/audits/quick` | NPM registry quick audit endpoint |
| Pipelines: Read and write | `ADMIN_PIPELINES` | `PUT /projects/:id/pipelines/:pipeline_id/metadata` | Updates pipeline metadata |
| Pipelines: Read | `READ_PIPELINES` | `GET /projects/:id/packages/:package_id/pipelines` | Get the pipelines for a single project package |
| Releases: Read and write | `ADMIN_RELEASES` | `DELETE /projects/:id/releases/:tag_name/assets/links/:link_id` | Delete a release link |
| Releases: Read and write | `ADMIN_RELEASES` | `DELETE /projects/:id/releases/:tag_name` | Delete a release |
| Releases: Read and write | `ADMIN_RELEASES` | `POST /projects/:id/catalog/publish` | Publish a new component project release as version to the CI/CD catalog |

2
doc/ci/variables/predefined_variables.md
View File

@ -169,7 +169,7 @@ Predefined variables become available at three different phases of pipeline exec
These variables are available before GitLab creates the pipeline
(Pre-pipeline). These variables can be used with
[`include:rules`](../../ci/yaml/includes.md#use-rules-with-include)
[`include:rules`](../yaml/includes.md#use-rules-with-include)
and as environment variables in jobs.
The pipeline must be a [merge request pipeline](../pipelines/merge_request_pipelines.md),

2
doc/ci/yaml/_index.md
View File

@ -3939,7 +3939,7 @@ deploystacks: [vultr, processing]
PROVIDER: [aws, gcp]
```
- There's a [known issue](../debugging.md#config-should-be-an-array-of-hashes-error-message) when using [`!reference` tags](../yaml/yaml_optimization.md#reference-tags) with `parallel:matrix`.
- There's a [known issue](../debugging.md#config-should-be-an-array-of-hashes-error-message) when using [`!reference` tags](yaml_optimization.md#reference-tags) with `parallel:matrix`.
**Related topics**:

2
doc/development/ai_features/glossary.md
View File

@ -133,7 +133,7 @@ A mechanism used to take an input (such as a user question) into a system, retri
### Self-hosted model
A LLM hosted externally to GitLab by an organisation and interacting with GitLab AI features. See also the [style guide reference](../../development/documentation/styleguide/word_list.md#self-hosted-model).
A LLM hosted externally to GitLab by an organisation and interacting with GitLab AI features. See also the [style guide reference](../documentation/styleguide/word_list.md#self-hosted-model).
### Similarity Score

8
doc/development/deprecation_guidelines/_index.md
View File

@ -67,18 +67,18 @@ Our APIs have special rules regarding deprecations and breaking changes.
### REST API v4
REST API v4 [cannot have breaking changes made to it](../../development/api_styleguide.md#breaking-changes)
REST API v4 [cannot have breaking changes made to it](../api_styleguide.md#breaking-changes)
unless the API feature was previously
[marked as experimental or beta](../../development/api_styleguide.md#experimental-beta-and-generally-available-features).
[marked as experimental or beta](../api_styleguide.md#experimental-beta-and-generally-available-features).
See [What to do instead of a breaking change?](../../development/api_styleguide.md#what-to-do-instead-of-a-breaking-change)
See [What to do instead of a breaking change?](../api_styleguide.md#what-to-do-instead-of-a-breaking-change)
### GraphQL API
The GraphQL API has a requirement for a [longer deprecation cycle](../../api/graphql/_index.md#deprecation-and-removal-process)
than the [standard cycle](#when-can-a-feature-be-removedchanged) before a breaking change can be made.
See the [GraphQL deprecation process](../../development/api_graphql_styleguide.md#deprecating-schema-items).
See the [GraphQL deprecation process](../api_graphql_styleguide.md#deprecating-schema-items).
## How are Community Contributions to a deprecated feature handled?

2
doc/development/documentation/styleguide/_index.md
View File

@ -1042,6 +1042,8 @@ Examples:
### Link to specific lines of code
<!-- when blob_overflow_menu is removed, change 'button' to 'dropdown item' -->
When linking to specific lines in a file, link to a commit instead of to the
branch. Lines of code change over time. Linking to a line by using
the commit link ensures the user lands on the line you're referring to. The

2
doc/development/documentation/topic_types/troubleshooting.md
View File

@ -60,7 +60,7 @@ The workaround is...
If multiple causes or solutions exist, consider putting them into a table format.
If you use the exact error message, surround it in backticks so it's styled as code.
For more guidance on solution types, see [workaround](../../documentation/styleguide/word_list.md#workaround) and [resolution, resolve](../../documentation/styleguide/word_list.md#resolution-resolve).
For more guidance on solution types, see [workaround](../styleguide/word_list.md#workaround) and [resolution, resolve](../styleguide/word_list.md#resolution-resolve).
## Troubleshooting topic titles

2
doc/development/integrations/_index.md
View File

@ -534,7 +534,7 @@ In the major milestone of intended removal (M.0), disable the integration and de
- Remove the integration from `Integration::INTEGRATION_NAMES`.
- Delete the integration model's `#execute` and `#test` methods (if defined), but keep the model.
- Add a post-migration to delete the integration records from PostgreSQL (see [example merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/114721)).
- [Mark the integration documentation as removed](../../development/documentation/styleguide/deprecations_and_removals.md#remove-a-page).
- [Mark the integration documentation as removed](../documentation/styleguide/deprecations_and_removals.md#remove-a-page).
- Update the [project](../../api/integrations.md) and [group](../../api/group_integrations.md) integrations API pages.
In the next minor release (M.1):

2
doc/development/merge_request_concepts/keep_around_refs.md
View File

@ -14,7 +14,7 @@ history. By creating a keep-around ref, we ensure these commits remain in the re
they're no longer part of the active branch history.
For more information about developing with Git references on Gitaly, see
[Git references used by Gitaly](../../development/gitaly.md#git-references-used-by-gitaly).
[Git references used by Gitaly](../gitaly.md#git-references-used-by-gitaly).
## Downsides of keep-around refs

2
doc/development/testing_guide/best_practices.md
View File

@ -1200,7 +1200,7 @@ between specs, so calls to `Rails.cache.read` and `Rails.cache.write` are safe.
However, if a spec makes direct Redis calls, it should mark itself with the
`:clean_gitlab_redis_cache`, `:clean_gitlab_redis_shared_state` or
`:clean_gitlab_redis_queues` traits depending on
[which Redis instance](../../development/redis.md#gitlabrediscachesharedstatequeues) is being used.
[which Redis instance](../redis.md#gitlabrediscachesharedstatequeues) is being used.
#### Background jobs / Sidekiq

2
doc/development/testing_guide/end_to_end/best_practices/rspec_metadata_tests.md
View File

@ -16,7 +16,7 @@ This is a partial list of the [RSpec metadata](https://rspec.info/features/3-12/
| `:except` | The test is to be run in their typical execution contexts _except_ as specified. See [test execution context selection](execution_context_selection.md) for more information. |
| `:external_api_calls` | The test requires interaction with a network external to the Docker network. |
| `:external_ai_provider` | The test requires an environment that is integrated with a real external AI provider. |
| `:feature_flag` | The test uses a feature flag and therefore requires an administrator account to run. When `scope` is set to `:global`, the test will be skipped on all live .com environments. Otherwise, it will be skipped only on Canary, Production, and Pre-production. See [testing with feature flags](../../../testing_guide/end_to_end/best_practices/feature_flags.md) for more details. |
| `:feature_flag` | The test uses a feature flag and therefore requires an administrator account to run. When `scope` is set to `:global`, the test will be skipped on all live .com environments. Otherwise, it will be skipped only on Canary, Production, and Pre-production. See [testing with feature flags](feature_flags.md) for more details. |
| `:geo` | The test requires two GitLab Geo instances - a primary and a secondary - to be spun up. |
| `:gitaly_cluster` | The test runs against a GitLab instance where repositories are stored on redundant Gitaly nodes behind a Praefect node. All nodes are [separate containers](../../../../administration/gitaly/praefect.md#requirements). Tests that use this tag have a longer setup time since there are three additional containers that need to be started. |
| `:github` | The test requires a GitHub personal access token. |

3
doc/install/docker/installation.md
View File

@ -274,8 +274,7 @@ process with:
and the password from the following command:
```shell
sudo docker exec -it gitlab grep 'Password:'
/etc/gitlab/initial_root_password
sudo docker exec -it gitlab grep 'Password:' /etc/gitlab/initial_root_password
```
{{< alert type="note" >}}

9
doc/topics/git/lfs/_index.md
View File

@ -103,7 +103,12 @@ To enable or disable Git LFS for your project:
You can add large files to Git LFS. This helps you manage files in Git repositories.
When you track files with Git LFS, they are replaced with text pointers in Git,
and stored on a remote server. For more information, see [Git LFS](../../git/file_management.md#git-lfs).
and stored on a remote server. For more information, see [Git LFS](../file_management.md#git-lfs).
When you [configure Git LFS for a project](#configure-git-lfs-for-a-project), ensure you have a
`.gitattributes` file in the root directory of the project. Without a root-level `.gitattributes` file,
the UI displays a warning even if you correctly configured LFS in your project subdirectories.
For more information, see [LFS configuration warning message](troubleshooting.md#warning-possible-lfs-configuration-issue).
## Clone a repository that uses Git LFS
@ -156,7 +161,7 @@ the total size of your repository, see
- Use Git LFS to set up [exclusive file locks](../file_management.md#configure-file-locks).
- Blog post: [Getting started with Git LFS](https://about.gitlab.com/blog/2017/01/30/getting-started-with-git-lfs-tutorial/)
- [Git LFS with Git](../../git/file_management.md#git-lfs)
- [Git LFS with Git](../file_management.md#git-lfs)
- [Git LFS developer information](../../../development/lfs.md)
- [GitLab Git Large File Storage (LFS) Administration](../../../administration/lfs/_index.md) for GitLab Self-Managed
- [Troubleshooting Git LFS](troubleshooting.md)

50
doc/topics/git/lfs/troubleshooting.md
View File

@ -190,3 +190,53 @@ Linux distributions, you can use simpler patterns. For example:
*.jpg filter=lfs diff=lfs merge=lfs -text
*.jpeg filter=lfs diff=lfs merge=lfs -text
```
## Warning: Possible LFS configuration issue
You might see a warning in the GitLab UI that states:
```plaintext
Possible LFS configuration issue. This project contains LFS objects but there is no .gitattributes file.
You can ignore this message if you recently added a .gitattributes file.
```
This warning occurs when Git LFS is enabled and contains LFS objects, but no `.gitattributes` file
is detected in the root directory of your project. Git supports placing `.gitattributes` files in
subdirectories, but GitLab only checks for this file in the root directory.
The workaround is to create an empty `.gitattributes` file in the root directory:
{{< tabs >}}
{{< tab title="With Git" >}}
1. Clone your repository::
```shell
git clone <repository>
cd repository
```
1. Create an empty `.gitattributes` file:
```shell
touch .gitattributes
git add .gitattributes
git commit -m "Add empty .gitattributes file to root directory"
git push
```
{{< /tab >}}
{{< tab title="In the UI" >}}
1. Select **Search or go to** and find your project.
1. Select the plus icon (**+**) and **New file**.
1. In the **Filename** field, enter `.gitattributes`.
1. Select **Commit changes**.
1. In the **Commit message** field, enter a commit message.
1. Select **Commit changes**.
{{< /tab >}}
{{< /tabs >}}

2
doc/user/analytics/_index.md
View File

@ -13,7 +13,7 @@ title: Analyze GitLab usage
{{< /history >}}
GitLab provides different types of analytics insights for instances, groups, and [projects](../project/settings/_index.md#turn-off-project-analytics).
Analytics features require different [roles and permissions](../../user/permissions.md#analytics) for projects and groups.
Analytics features require different [roles and permissions](../permissions.md#analytics) for projects and groups.
## Analytics features

12
doc/user/application_security/policies/pipeline_execution_policies.md
View File

@ -286,6 +286,14 @@ To link the project:
The project becomes a security policy project, and the setting becomes available.
{{< alert type="note" >}}
To create downstream pipelines using `$CI_JOB_TOKEN`, you need to make sure that projects and groups are authorized to request the security policy project.
In the security policy project, go to **Settings > CI/CD > Job token permissions** and add the authorized groups and projects to the allowlist. Alternatively, you can authorize all groups and projects.
If you don't see the **CI/CD** settings, go to **Settings > General > Visibility, project features, permissions** and enable **CI/CD**.
{{< /alert >}}
#### Configuration
1. In the policy project, select **Settings** > **General** > **Visibility, project features, permissions**.
@ -627,8 +635,8 @@ include:
file: $CI_CONFIG_PATH
rules:
- exists:
paths:
- '$CI_CONFIG_PATH'
paths:
- '$CI_CONFIG_PATH'
project: '$CI_PROJECT_PATH'
ref: '$CI_COMMIT_SHA'

2
doc/user/clusters/agent/getting_started.md
View File

@ -52,7 +52,7 @@ the `api` scope:
1. Select the `api` scope.
1. Select **Create personal access token**.
You can also use a [project](../../../user/project/settings/project_access_tokens.md) or [group access token](../../../user/group/settings/group_access_tokens.md) with the `api` scope and the `developer` role.
You can also use a [project](../../project/settings/project_access_tokens.md) or [group access token](../../group/settings/group_access_tokens.md) with the `api` scope and the `developer` role.
### Bootstrap Flux

90
doc/user/compliance/compliance_frameworks.md
View File

@ -196,62 +196,62 @@ This table documents all available controls that can be used in GitLab complianc
| Name | ID | Description | Documentation Link |
|------|----|-----------|--------------------|
| SAST running | `scanner_sast_running` | Ensures Static Application Security Testing (SAST) is configured and running in the project pipelines. | [SAST Configuration](../../user/application_security/sast/_index.md) |
| At least two approvals | `minimum_approvals_required_2` | Ensures that merge requests require at least two approvals before merging. | [Merge request approvals](../../user/project/merge_requests/approvals/_index.md) |
| Author approved merge request | `merge_request_prevent_author_approval` | Ensures that the author of a merge request cannot approve their own changes. | [Merge request approvals](../../user/project/merge_requests/approvals/_index.md) |
| Committers approved merge request | `merge_request_prevent_committers_approval` | Ensures that users who have committed to a merge request cannot approve it. | [Merge Request Approvals](../../user/project/merge_requests/approvals/_index.md) |
| Internal visibility is forbidden | `project_visibility_not_internal` | Ensures projects are not set to internal visibility. | [Project Visibility](../../user/public_access.md) |
| Default branch protected | `default_branch_protected` | Ensures the default branch has protection rules enabled. | [Protected Branches](../../user/project/repository/branches/protected.md) |
| Auth SSO enabled | `auth_sso_enabled` | Ensures Single Sign-On (SSO) authentication is enabled for the project. | [SSO for GitLab.com Groups](../../user/group/saml_sso/_index.md) |
| Secret detection running | `scanner_secret_detection_running` | Ensures secret detection scanning is configured and running in the project pipelines. | [Secret Detection](../../user/application_security/secret_detection/_index.md) |
| Dependency scanning running | `scanner_dep_scanning_running` | Ensures dependency scanning is configured and running in the project pipelines. | [Dependency Scanning](../../user/application_security/dependency_scanning/_index.md) |
| Container scanning running | `scanner_container_scanning_running` | Ensures container scanning is configured and running in the project pipelines. | [Container Scanning](../../user/application_security/container_scanning/_index.md) |
| License compliance running | `scanner_license_compliance_running` | Ensures license compliance scanning is configured and running in the project pipelines. | [License Compliance](../../user/compliance/license_approval_policies.md) |
| DAST running | `scanner_dast_running` | Ensures Dynamic Application Security Testing (DAST) is configured and running in the project pipelines. | [DAST Configuration](../../user/application_security/dast/_index.md) |
| API security running | `scanner_api_security_running` | Ensures API security scanning is configured and running in the project pipelines. | [API Security](../../user/application_security/api_security/_index.md) |
| Fuzz testing running | `scanner_fuzz_testing_running` | Ensures fuzz testing is configured and running in the project pipelines. | [Fuzz Testing](../../user/application_security/coverage_fuzzing/_index.md) |
| SAST running | `scanner_sast_running` | Ensures Static Application Security Testing (SAST) is configured and running in the project pipelines. | [SAST Configuration](../application_security/sast/_index.md) |
| At least two approvals | `minimum_approvals_required_2` | Ensures that merge requests require at least two approvals before merging. | [Merge request approvals](../project/merge_requests/approvals/_index.md) |
| Author approved merge request | `merge_request_prevent_author_approval` | Ensures that the author of a merge request cannot approve their own changes. | [Merge request approvals](../project/merge_requests/approvals/_index.md) |
| Committers approved merge request | `merge_request_prevent_committers_approval` | Ensures that users who have committed to a merge request cannot approve it. | [Merge Request Approvals](../project/merge_requests/approvals/_index.md) |
| Internal visibility is forbidden | `project_visibility_not_internal` | Ensures projects are not set to internal visibility. | [Project Visibility](../public_access.md) |
| Default branch protected | `default_branch_protected` | Ensures the default branch has protection rules enabled. | [Protected Branches](../project/repository/branches/protected.md) |
| Auth SSO enabled | `auth_sso_enabled` | Ensures Single Sign-On (SSO) authentication is enabled for the project. | [SSO for GitLab.com Groups](../group/saml_sso/_index.md) |
| Secret detection running | `scanner_secret_detection_running` | Ensures secret detection scanning is configured and running in the project pipelines. | [Secret Detection](../application_security/secret_detection/_index.md) |
| Dependency scanning running | `scanner_dep_scanning_running` | Ensures dependency scanning is configured and running in the project pipelines. | [Dependency Scanning](../application_security/dependency_scanning/_index.md) |
| Container scanning running | `scanner_container_scanning_running` | Ensures container scanning is configured and running in the project pipelines. | [Container Scanning](../application_security/container_scanning/_index.md) |
| License compliance running | `scanner_license_compliance_running` | Ensures license compliance scanning is configured and running in the project pipelines. | [License Compliance](license_approval_policies.md) |
| DAST running | `scanner_dast_running` | Ensures Dynamic Application Security Testing (DAST) is configured and running in the project pipelines. | [DAST Configuration](../application_security/dast/_index.md) |
| API security running | `scanner_api_security_running` | Ensures API security scanning is configured and running in the project pipelines. | [API Security](../application_security/api_security/_index.md) |
| Fuzz testing running | `scanner_fuzz_testing_running` | Ensures fuzz testing is configured and running in the project pipelines. | [Fuzz Testing](../application_security/coverage_fuzzing/_index.md) |
| Code quality running | `scanner_code_quality_running` | Ensures code quality scanning is configured and running in the project pipelines. | [Code Quality](../../ci/testing/code_quality.md) |
| IaC scanning running | `scanner_iac_running` | Ensures Infrastructure as Code (IaC) scanning is configured and running in the project pipelines. | [IaC Security](../../user/application_security/iac_scanning/_index.md) |
| Code changes requires code owners | `code_changes_requires_code_owners` | Ensures code changes require approval from code owners. | [Code Owners](../../user/project/codeowners/_index.md) |
| Reset approvals on push | `reset_approvals_on_push` | Ensures approvals are reset when new commits are pushed to the merge request. | [Reset Approvals on Push](../../user/project/merge_requests/approvals/settings.md) |
| Status checks required | `status_checks_required` | Ensures status checks must pass before merging is allowed. | [Status Checks](../../user/project/merge_requests/status_checks.md) |
| Require branch up to date | `require_branch_up_to_date` | Ensures the source branch is up to date with the target branch before merging. | [Merge Requests](../../user/project/merge_requests/methods/_index.md) |
| Resolve discussions required | `resolve_discussions_required` | Ensures all discussions must be resolved before merging is allowed. | [Resolve Discussions](../../user/discussions/_index.md) |
| Require linear history | `require_linear_history` | Ensures a linear commit history by forbidding merge commits. | [Merge Request Fast-forward Merges](../../user/project/merge_requests/methods/_index.md#fast-forward-merge) |
| Restrict push/merge access | `restrict_push_merge_access` | Restricts who can push to or merge into protected branches. | [Protected Branches](../../user/project/repository/branches/protected.md) |
| Force push disabled | `force_push_disabled` | Prevents force pushing to repositories. | [Protected Branches](../../user/project/repository/branches/protected.md) |
| IaC scanning running | `scanner_iac_running` | Ensures Infrastructure as Code (IaC) scanning is configured and running in the project pipelines. | [IaC Security](../application_security/iac_scanning/_index.md) |
| Code changes requires code owners | `code_changes_requires_code_owners` | Ensures code changes require approval from code owners. | [Code Owners](../project/codeowners/_index.md) |
| Reset approvals on push | `reset_approvals_on_push` | Ensures approvals are reset when new commits are pushed to the merge request. | [Reset Approvals on Push](../project/merge_requests/approvals/settings.md) |
| Status checks required | `status_checks_required` | Ensures status checks must pass before merging is allowed. | [Status Checks](../project/merge_requests/status_checks.md) |
| Require branch up to date | `require_branch_up_to_date` | Ensures the source branch is up to date with the target branch before merging. | [Merge Requests](../project/merge_requests/methods/_index.md) |
| Resolve discussions required | `resolve_discussions_required` | Ensures all discussions must be resolved before merging is allowed. | [Resolve Discussions](../discussions/_index.md) |
| Require linear history | `require_linear_history` | Ensures a linear commit history by forbidding merge commits. | [Merge Request Fast-forward Merges](../project/merge_requests/methods/_index.md#fast-forward-merge) |
| Restrict push/merge access | `restrict_push_merge_access` | Restricts who can push to or merge into protected branches. | [Protected Branches](../project/repository/branches/protected.md) |
| Force push disabled | `force_push_disabled` | Prevents force pushing to repositories. | [Protected Branches](../project/repository/branches/protected.md) |
| Terraform enabled | `terraform_enabled` | Ensures Terraform integration is enabled for the project. | [Terraform in GitLab](../../administration/terraform_state.md) |
| Version control enabled | `version_control_enabled` | Ensures version control functionality is enabled for the project. | [Git in GitLab](../../topics/git/_index.md) |
| Issue tracking enabled | `issue_tracking_enabled` | Ensures issue tracking functionality is enabled for the project. | [GitLab Issues](../../user/project/issues/_index.md) |
| Stale branch cleanup enabled | `stale_branch_cleanup_enabled` | Ensures automatic cleanup of stale branches is enabled. | [Deleting Branches](../../user/project/repository/branches/_index.md) |
| Branch deletion disabled | `branch_deletion_disabled` | Prevents deletion of branches. | [Protected Branches](../../user/project/repository/branches/protected.md) |
| Review and archive stale repositories | `review_and_archive_stale_repos` | Ensures stale repositories are reviewed and archived. | [Archiving Projects](../../user/project/settings/_index.md) |
| Issue tracking enabled | `issue_tracking_enabled` | Ensures issue tracking functionality is enabled for the project. | [GitLab Issues](../project/issues/_index.md) |
| Stale branch cleanup enabled | `stale_branch_cleanup_enabled` | Ensures automatic cleanup of stale branches is enabled. | [Deleting Branches](../project/repository/branches/_index.md) |
| Branch deletion disabled | `branch_deletion_disabled` | Prevents deletion of branches. | [Protected Branches](../project/repository/branches/protected.md) |
| Review and archive stale repositories | `review_and_archive_stale_repos` | Ensures stale repositories are reviewed and archived. | [Archiving Projects](../project/settings/_index.md) |
| Review and remove inactive users | `review_and_remove_inactive_users` | Ensures inactive users are reviewed and removed. | [Managing Users](../../administration/admin_area.md) |
| Minimum number of admins | `minimum_number_of_admins` | Ensures a minimum number of administrators are assigned to the project. | [Project Members](../../user/project/members/_index.md) |
| Require MFA for contributors | `require_mfa_for_contributors` | Ensures contributors have Multi-Factor Authentication enabled. | [MFA for Contributors](../../user/profile/account/two_factor_authentication.md) |
| Require MFA at org level | `require_mfa_at_org_level` | Ensures Multi-Factor Authentication is required at the organization level. | [Group-level MFA Enforcement](../../user/profile/account/two_factor_authentication.md) |
| Ensure 2 admins per repository | `ensure_2_admins_per_repo` | Ensures at least two administrators are assigned to each repository. | [Project Members](../../user/project/members/_index.md) |
| Strict permission for repository | `strict_permissions_for_repo` | Ensures strict permissions are set for repository access. | [Project Members Permissions](../../user/permissions.md) |
| Secure webhooks | `secure_webhooks` | Ensures webhooks are securely configured. | [Webhooks](../../user/project/integrations/webhooks.md) |
| Minimum number of admins | `minimum_number_of_admins` | Ensures a minimum number of administrators are assigned to the project. | [Project Members](../project/members/_index.md) |
| Require MFA for contributors | `require_mfa_for_contributors` | Ensures contributors have Multi-Factor Authentication enabled. | [MFA for Contributors](../profile/account/two_factor_authentication.md) |
| Require MFA at org level | `require_mfa_at_org_level` | Ensures Multi-Factor Authentication is required at the organization level. | [Group-level MFA Enforcement](../profile/account/two_factor_authentication.md) |
| Ensure 2 admins per repository | `ensure_2_admins_per_repo` | Ensures at least two administrators are assigned to each repository. | [Project Members](../project/members/_index.md) |
| Strict permission for repository | `strict_permissions_for_repo` | Ensures strict permissions are set for repository access. | [Project Members Permissions](../permissions.md) |
| Secure webhooks | `secure_webhooks` | Ensures webhooks are securely configured. | [Webhooks](../project/integrations/webhooks.md) |
| Restricted build access | `restricted_build_access` | Restricts access to build artifacts and pipeline outputs. | [Pipeline Security](../../ci/pipelines/settings.md) |
| GitLab license level ultimate | `gitlab_license_level_ultimate` | Ensures the GitLab instance is using an Ultimate license level. | [GitLab Licensing](https://about.gitlab.com/pricing/feature-comparison/) |
| Status page configured | `status_page_configured` | Ensures a status page is configured for the project. | [Status Page](../../operations/incident_management/status_page.md) |
| Has valid CI config | `has_valid_ci_config` | Ensures the project has a valid CI/CD configuration. | [CI/CD Pipeline Configuration](../../ci/yaml/_index.md) |
| Error tracking enabled | `error_tracking_enabled` | Ensures error tracking is enabled for the project. | [Error Tracking](../../operations/error_tracking.md) |
| Default branch users can push | `default_branch_users_can_push` | Controls whether users can push directly to the default branch. | [Protected Branches](../../user/project/repository/branches/protected.md) |
| Default branch protected from direct push | `default_branch_protected_from_direct_push` | Prevents direct pushes to the default branch. | [Protected Branches](../../user/project/repository/branches/protected.md) |
| Push protection enabled | `push_protection_enabled` | Ensures push protection is enabled for sensitive files. | [Push Rules](../../user/project/repository/push_rules.md) |
| Project marked for deletion | `project_marked_for_deletion` | Checks if project is marked for deletion (false is compliant). | [Project Settings](../../user/project/settings/_index.md) |
| Project archived | `project_archived` | Checks if project is archived (typically false is compliant). | [Archiving Projects](../../user/project/settings/_index.md) |
| Default branch users can merge | `default_branch_users_can_merge` | Controls whether users can merge changes to the default branch. | [Protected Branches](../../user/project/repository/branches/protected.md) |
| Merge request commit reset approvals | `merge_request_commit_reset_approvals` | Ensures new commits to merge requests reset approvals. | [Reset Approvals on Push](../../user/project/merge_requests/approvals/settings.md) |
| Project visibility not public | `project_visibility_not_public` | Ensures projects are not set to public visibility. | [Project Visibility](../../user/public_access.md) |
| Package hunter no findings untriaged | `package_hunter_no_findings_untriaged` | Ensures all package hunter findings are triaged. | [Package Hunter](../../user/application_security/triage/_index.md) |
| Default branch users can push | `default_branch_users_can_push` | Controls whether users can push directly to the default branch. | [Protected Branches](../project/repository/branches/protected.md) |
| Default branch protected from direct push | `default_branch_protected_from_direct_push` | Prevents direct pushes to the default branch. | [Protected Branches](../project/repository/branches/protected.md) |
| Push protection enabled | `push_protection_enabled` | Ensures push protection is enabled for sensitive files. | [Push Rules](../project/repository/push_rules.md) |
| Project marked for deletion | `project_marked_for_deletion` | Checks if project is marked for deletion (false is compliant). | [Project Settings](../project/settings/_index.md) |
| Project archived | `project_archived` | Checks if project is archived (typically false is compliant). | [Archiving Projects](../project/settings/_index.md) |
| Default branch users can merge | `default_branch_users_can_merge` | Controls whether users can merge changes to the default branch. | [Protected Branches](../project/repository/branches/protected.md) |
| Merge request commit reset approvals | `merge_request_commit_reset_approvals` | Ensures new commits to merge requests reset approvals. | [Reset Approvals on Push](../project/merge_requests/approvals/settings.md) |
| Project visibility not public | `project_visibility_not_public` | Ensures projects are not set to public visibility. | [Project Visibility](../public_access.md) |
| Package hunter no findings untriaged | `package_hunter_no_findings_untriaged` | Ensures all package hunter findings are triaged. | [Package Hunter](../application_security/triage/_index.md) |
| Project pipelines not public | `project_pipelines_not_public` | Ensures project pipelines are not publicly visible. | [Pipeline Settings](../../ci/pipelines/settings.md) |
| Vulnerabilities SLO days over threshold | `vulnerabilities_slo_days_over_threshold` | Ensures vulnerabilities are addressed within SLO thresholds. | [Vulnerability Management](../../user/application_security/vulnerabilities/_index.md) |
| Merge requests approval rules prevent editing | `merge_requests_approval_rules_prevent_editing` | Prevents editing of merge request approval rules. | [Merge Request Approvals Settings](../../user/project/merge_requests/approvals/settings.md) |
| Vulnerabilities SLO days over threshold | `vulnerabilities_slo_days_over_threshold` | Ensures vulnerabilities are addressed within SLO thresholds. | [Vulnerability Management](../application_security/vulnerabilities/_index.md) |
| Merge requests approval rules prevent editing | `merge_requests_approval_rules_prevent_editing` | Prevents editing of merge request approval rules. | [Merge Request Approvals Settings](../project/merge_requests/approvals/settings.md) |
| Project user defined variables restricted to maintainers | `project_user_defined_variables_restricted_to_maintainers` | Restricts creation of project variables to maintainers only. | [Project CI/CD Variables](../../ci/variables/_index.md) |
| Merge requests require code owner approval | `merge_requests_require_code_owner_approval` | Ensures merge requests require approval from code owners. | [Code Owners](../../user/project/codeowners/_index.md) |
| Merge requests require code owner approval | `merge_requests_require_code_owner_approval` | Ensures merge requests require approval from code owners. | [Code Owners](../project/codeowners/_index.md) |
| CI/CD job token scope enabled | `cicd_job_token_scope_enabled` | Ensures CI/CD job token scope restrictions are enabled. | [CI/CD Job Token](../../ci/jobs/ci_job_token.md) |
#### External controls

20
doc/user/duo_amazon_q/_index.md
View File

@ -148,16 +148,16 @@ In addition, these features are available on GitLab Duo with Amazon Q.
| Feature | GitLab version |
|----------------------------------------------------------------------------------------------------------------------------------------|----------------|
| [GitLab Duo Chat](../../user/gitlab_duo_chat/_index.md) | GitLab 17.11 and later |
| [Code Suggestions](../../user/project/repository/code_suggestions/_index.md) | GitLab 17.11 and later |
| [Code Explanation](../../user/project/repository/code_explain.md) | GitLab 17.11 and later |
| [Test Generation](../../user/gitlab_duo_chat/examples.md#write-tests-in-the-ide) | GitLab 17.11 and later |
| [Refactor Code](../../user/gitlab_duo_chat/examples.md#refactor-code-in-the-ide) | GitLab 17.11 and later |
| [Fix Code](../../user/gitlab_duo_chat/examples.md#fix-code-in-the-ide) | GitLab 17.11 and later |
| [Root Cause Analysis](../../user/gitlab_duo_chat/examples.md#troubleshoot-failed-cicd-jobs-with-root-cause-analysis) | GitLab 17.11 and later |
| [Discussion Summary](../../user/discussions/_index.md#summarize-issue-discussions-with-duo-chat) | GitLab 17.11 and later |
| [Vulnerability Explanation](../../user/application_security/vulnerabilities/_index.md#explaining-a-vulnerability) | GitLab 17.11 and later |
| [Vulnerability Resolution](../../user/application_security/vulnerabilities/_index.md#vulnerability-resolution) | GitLab 17.11 and later |
| [GitLab Duo Chat](../gitlab_duo_chat/_index.md) | GitLab 17.11 and later |
| [Code Suggestions](../project/repository/code_suggestions/_index.md) | GitLab 17.11 and later |
| [Code Explanation](../project/repository/code_explain.md) | GitLab 17.11 and later |
| [Test Generation](../gitlab_duo_chat/examples.md#write-tests-in-the-ide) | GitLab 17.11 and later |
| [Refactor Code](../gitlab_duo_chat/examples.md#refactor-code-in-the-ide) | GitLab 17.11 and later |
| [Fix Code](../gitlab_duo_chat/examples.md#fix-code-in-the-ide) | GitLab 17.11 and later |
| [Root Cause Analysis](../gitlab_duo_chat/examples.md#troubleshoot-failed-cicd-jobs-with-root-cause-analysis) | GitLab 17.11 and later |
| [Discussion Summary](../discussions/_index.md#summarize-issue-discussions-with-duo-chat) | GitLab 17.11 and later |
| [Vulnerability Explanation](../application_security/vulnerabilities/_index.md#explaining-a-vulnerability) | GitLab 17.11 and later |
| [Vulnerability Resolution](../application_security/vulnerabilities/_index.md#vulnerability-resolution) | GitLab 17.11 and later |
## Related topics

2
doc/user/duo_workflow/troubleshooting.md
View File

@ -138,7 +138,7 @@ To close projects:
GitLab Duo Workflow requires that projects belong to a group namespace.
To determine the namespace your project is in, [look at the URL](../../user/namespace/_index.md#determine-which-type-of-namespace-youre-in).
To determine the namespace your project is in, [look at the URL](../namespace/_index.md#determine-which-type-of-namespace-youre-in).
If necessary, you can
[transfer your project to a group namespace](../../tutorials/move_personal_project_to_group/_index.md#move-your-project-to-a-group).

8
doc/user/get_started/_index.md
View File

@ -9,7 +9,7 @@ If you're new to GitLab, get started learning about how GitLab works.
| | | |
|--|--|--|
| [**Get started with Git**](../../topics/git/get_started.md)<br>Learn Git basics. | [**Get started with GitLab Duo**](../../user/get_started/getting_started_gitlab_duo.md)<br>Use AI as part of your workflow. | [**Get started organizing work with projects**](../../user/get_started/get_started_projects.md)<br>Use projects as a starting point. |
| [**Get started planning work**](../../user/get_started/get_started_planning_work.md)<br>Organize your backlog. | [**Get started managing code**](../../user/get_started/get_started_managing_code.md)<br>Use merge requests to iterate on code. | [**Get started with GitLab CI/CD**](../../ci/_index.md)<br>Build your application. |
| [**Get started securing your application**](../../user/application_security/get-started-security.md)<br>Secure your application. | [**Get started deploying and releasing your application**](../../user/get_started/get_started_deploy_release.md)<br>Get your app out to customers. | [**Get started managing your infrastructure**](../../user/get_started/get_started_managing_infrastructure.md)<br>Manage your infrastructure. |
| [**Get started with monitoring your application in GitLab**](../../user/get_started/get_started_monitoring.md)<br>Monitor performance. | [**Get started extending GitLab**](../../api/get_started/get_started_extending.md)<br>Work with the API or integrate with third-party applications. | |
| [**Get started with Git**](../../topics/git/get_started.md)<br>Learn Git basics. | [**Get started with GitLab Duo**](getting_started_gitlab_duo.md)<br>Use AI as part of your workflow. | [**Get started organizing work with projects**](get_started_projects.md)<br>Use projects as a starting point. |
| [**Get started planning work**](get_started_planning_work.md)<br>Organize your backlog. | [**Get started managing code**](get_started_managing_code.md)<br>Use merge requests to iterate on code. | [**Get started with GitLab CI/CD**](../../ci/_index.md)<br>Build your application. |
| [**Get started securing your application**](../application_security/get-started-security.md)<br>Secure your application. | [**Get started deploying and releasing your application**](get_started_deploy_release.md)<br>Get your app out to customers. | [**Get started managing your infrastructure**](get_started_managing_infrastructure.md)<br>Manage your infrastructure. |
| [**Get started with monitoring your application in GitLab**](get_started_monitoring.md)<br>Monitor performance. | [**Get started extending GitLab**](../../api/get_started/get_started_extending.md)<br>Work with the API or integrate with third-party applications. | |

18
doc/user/gitlab_duo/choose_path.md
View File

@ -36,7 +36,7 @@ Follow this path to learn how to:
- Generate, understand, and refactor code
- Create tests automatically
[Start here: Code Suggestions →](../../user/project/repository/code_suggestions/_index.md)
[Start here: Code Suggestions →](../project/repository/code_suggestions/_index.md)
{{< /tab >}}
@ -50,7 +50,7 @@ Follow this path to learn how to:
- Get AI-powered code reviews
- Summarize review comments and generate commit messages
[Start here: GitLab Duo in merge requests →](../../user/project/merge_requests/duo_in_merge_requests.md)
[Start here: GitLab Duo in merge requests →](../project/merge_requests/duo_in_merge_requests.md)
{{< /tab >}}
@ -87,10 +87,10 @@ Need to do something specific? Here are some common tasks:
| Task | Description | Quick Guide |
|------|-------------|-------------|
| Get AI assistance | Ask GitLab Duo questions about code, projects, or GitLab | [GitLab Duo Chat →](../gitlab_duo_chat/_index.md) |
| Generate code | Get code suggestions as you type in your IDE | [Code Suggestions →](../../user/project/repository/code_suggestions/_index.md) |
| Understand code | Have code explained in plain language | [Code Explanation →](../../user/project/repository/code_explain.md) |
| Generate code | Get code suggestions as you type in your IDE | [Code Suggestions →](../project/repository/code_suggestions/_index.md) |
| Understand code | Have code explained in plain language | [Code Explanation →](../project/repository/code_explain.md) |
| Fix CI/CD issues | Analyze and fix failed jobs | [Root Cause Analysis →](../gitlab_duo_chat/examples.md#troubleshoot-failed-cicd-jobs-with-root-cause-analysis) |
| Summarize changes | Generate descriptions for merge requests | [Merge Request Summary →](../../user/project/merge_requests/duo_in_merge_requests.md#generate-a-description-by-summarizing-code-changes) |
| Summarize changes | Generate descriptions for merge requests | [Merge Request Summary →](../project/merge_requests/duo_in_merge_requests.md#generate-a-description-by-summarizing-code-changes) |
## How GitLab Duo integrates with your workflow
@ -108,14 +108,14 @@ GitLab Duo is integrated with your development processes and is available:
If you're new to GitLab Duo, start with these features:
- **[GitLab Duo Chat](../gitlab_duo_chat/_index.md)** - Ask questions about GitLab and get help with basic tasks
- **[Code Explanation](../../user/project/repository/code_explain.md)** - Understand code in files or merge requests
- **[Merge Request Summary](../../user/project/merge_requests/duo_in_merge_requests.md#generate-a-description-by-summarizing-code-changes)** - Generate descriptions for your changes automatically
- **[Code Explanation](../project/repository/code_explain.md)** - Understand code in files or merge requests
- **[Merge Request Summary](../project/merge_requests/duo_in_merge_requests.md#generate-a-description-by-summarizing-code-changes)** - Generate descriptions for your changes automatically
### For intermediate users
After you're comfortable with the basics, try these more advanced features:
- **[Code Suggestions](../../user/project/repository/code_suggestions/_index.md)** - Get AI-powered code completion in your IDE
- **[Code Suggestions](../project/repository/code_suggestions/_index.md)** - Get AI-powered code completion in your IDE
- **[Test Generation](../gitlab_duo_chat/examples.md#write-tests-in-the-ide)** - Create tests for your code automatically
- **[Root Cause Analysis](../gitlab_duo_chat/examples.md#troubleshoot-failed-cicd-jobs-with-root-cause-analysis)** - Troubleshoot failed CI/CD jobs
@ -125,7 +125,7 @@ When you're ready to maximize your productivity with GitLab Duo:
- **[GitLab Duo Self-Hosted](../../administration/gitlab_duo_self_hosted/_index.md)** - Host LLMs on your own infrastructure
- **[GitLab Duo Workflow](../duo_workflow/_index.md)** - Automate tasks in your development workflow
- **[Vulnerability Resolution](../../user/application_security/vulnerabilities/_index.md#vulnerability-resolution)** - Automatically generate merge requests to fix security issues
- **[Vulnerability Resolution](../application_security/vulnerabilities/_index.md#vulnerability-resolution)** - Automatically generate merge requests to fix security issues
## Best practices

2
doc/user/group/access_and_permissions.md
View File

@ -124,7 +124,7 @@ Keep in mind that restricting group access by IP address has the following impli
### GitLab.com access restrictions
IP address-based group access restriction doesn't work with [hosted runners for GitLab.com](../../ci/runners/hosted_runners/_index.md).
These runners operate as ephemeral virtual machines with [dynamic IP addresses](../../user/gitlab_com/_index.md#ip-range) from large
These runners operate as ephemeral virtual machines with [dynamic IP addresses](../gitlab_com/_index.md#ip-range) from large
cloud provider pools (AWS, Google Cloud). To allow these broad IP ranges defeat the purpose of IP address-based access restriction.
## Restrict group access by domain

2
doc/user/group/contribution_analytics/_index.md
View File

@ -56,7 +56,7 @@ To view contribution analytics:
- On the **Contribution analytics** bar charts, hover over the bar with the member's name.
- In the **Contributions per group member** table, select the member's name.
The member's GitLab profile is displayed, and you can explore their [contributions calendar](../../../user/profile/contributions_calendar.md).
The member's GitLab profile is displayed, and you can explore their [contributions calendar](../../profile/contributions_calendar.md).
To retrieve metrics for user contributions, you can also use the [GraphQL API](../../../api/graphql/reference/_index.md#groupcontributions).

4
doc/user/group/saml_sso/troubleshooting.md
View File

@ -453,7 +453,9 @@ If all users are receiving a `404` after signing in to the identity provider (Id
- Verify if the `404` is related to [the user having too many groups assigned to them in their Azure IdP](group_sync.md#microsoft-azure-active-directory-integration).
If a subset of users are receiving a `404` after signing in to the IdP, first verify audit events if the user gets added to the group and then immediately removed. Alternatively, if the user can successfully sign in, but they do not show as [a member of the top-level group](../_index.md#search-a-group):
- Verify the clocks on the IdP server and GitLab are synced to the same time.
If a subset of users recieve a `404` error after they sign in to the IdP, first verify what audit events are returned if the user is added to the group and then immediately removed. Alternatively, if the user can successfully sign in, but they do not show as [a member of the top-level group](../_index.md#search-a-group):
- Ensure the user has been [added to the SAML identity provider](_index.md#user-access-and-management), and [SCIM](scim_setup.md) if configured.
- Ensure the user's SCIM identity's `active` attribute is `true` using the [SCIM API](../../../api/scim.md).

2
doc/user/packages/container_registry/_index.md
View File

@ -52,7 +52,7 @@ tags on this page. You can share a filtered view by copying the URL from your br
View container registry storage usage to track and manage the size of your container repositories across projects and groups.
For more information, see [View container registry usage](../../../user/packages/container_registry/reduce_container_registry_storage.md#view-container-registry-usage).
For more information, see [View container registry usage](reduce_container_registry_storage.md#view-container-registry-usage).
## Use container images from the container registry

2
doc/user/packages/container_registry/protected_container_tags.md
View File

@ -120,7 +120,7 @@ To ensure tag protection, direct manifest deletion requests are only allowed whe
## Deleting container images
You cannot [delete container images](../../packages/container_registry/delete_container_registry_images.md) if all the following conditions are true:
You cannot [delete container images](delete_container_registry_images.md) if all the following conditions are true:
- The container image has tags.
- The project has container registry tag protection rules.

6
doc/user/packages/maven_repository/_index.md
View File

@ -525,7 +525,7 @@ correct location:
If you protect a Maven package before publishing it, the package will be rejected with a `403 Forbidden` error and an `Authorization failed` error message.
Ensure the Maven package is not protected when publishing.
For more information about package protection rules, see [how to protect a package](../../../user/packages/package_registry/package_protection_rules.md#protect-a-package).
For more information about package protection rules, see [how to protect a package](../package_registry/package_protection_rules.md#protect-a-package).
{{< /alert >}}
@ -1281,8 +1281,8 @@ For example, "1.0.0", "1.0-SNAPSHOT", and "1.0.0-alpha" are valid, but "1..0" or
The `403 Forbidden` error with the message `Authorization failed` usually indicates either an authentication or permissions issue. Check that:
- You're using the correct token type (personal access token, deploy token, or CI/CD job token). For more information, see [Authenticate to the package registry](#authenticate-to-the-package-registry).
- The token has the necessary permissions. Only users with the Developer role or higher can publish packages. For more information, see [GitLab permissions](../../../user/permissions.md#packages-and-registry).
- The package you're publishing is not protected by push protection rules. For more information about package protection rules, see [how to protect a package](../../../user/packages/package_registry/package_protection_rules.md#protect-a-package).
- The token has the necessary permissions. Only users with the Developer role or higher can publish packages. For more information, see [GitLab permissions](../../permissions.md#packages-and-registry).
- The package you're publishing is not protected by push protection rules. For more information about package protection rules, see [how to protect a package](../package_registry/package_protection_rules.md#protect-a-package).
### "Artifact already exists" errors when publishing

6
doc/user/packages/nuget_repository/_index.md
View File

@ -212,7 +212,7 @@ nuget source Add -Name <source_name> -Source "https://gitlab.example.com/api/v4/
Replace:
- `<source_name>` with your source name
- `<group_id>` with the group ID found on the [Group overview page](../../../user/group/_index.md#access-a-group-by-using-the-group-id)
- `<group_id>` with the group ID found on the [Group overview page](../../group/_index.md#access-a-group-by-using-the-group-id)
- `<gitlab_username>` with your GitLab username
- `<personal_access_token>` with your personal access token
@ -235,7 +235,7 @@ dotnet nuget add source "https://gitlab.example.com/api/v4/groups/<group_id>/-/p
Replace:
- `<source_name>` with your source name
- `<group_id>` with the group ID found on the [Group overview page](../../../user/group/_index.md#access-a-group-by-using-the-group-id)
- `<group_id>` with the group ID found on the [Group overview page](../../group/_index.md#access-a-group-by-using-the-group-id)
- `<gitlab_username>` with your GitLab username
- `<personal_access_token>` with your personal access token
@ -327,7 +327,7 @@ Prerequisites:
When publishing packages:
- Review the maximum file size limits for your GitLab instance:
- The [package registry limits on GitLab.com instances](../../../user/gitlab_com/_index.md#package-registry-limits) vary by file format, and are not configurable.
- The [package registry limits on GitLab.com instances](../../gitlab_com/_index.md#package-registry-limits) vary by file format, and are not configurable.
- The [package registry limits on GitLab Self-Managed instances](../../../administration/instance_limits.md#file-size-limits) vary by file format, and are configurable.
- If duplicates are allowed, and you publish the same package with the same version multiple times, each
consecutive upload is saved as a separate file. When installing a package,

2
doc/user/packages/package_registry/tutorial_generate_sbom.md
View File

@ -19,7 +19,7 @@ An SBOM is a machine-readable inventory of all the software components that comp
An organization that's interested in using a software product may require an SBOM to determine how secure the product is before adopting it.
If you're familiar with the GitLab package registry, you might wonder what the difference is between an SBOM and a [dependency list](../../../user/application_security/dependency_list/_index.md). The following table highlights the key differences:
If you're familiar with the GitLab package registry, you might wonder what the difference is between an SBOM and a [dependency list](../../application_security/dependency_list/_index.md). The following table highlights the key differences:
| Differences | Dependency list | SBOM |
|---|---|---|

4
doc/user/profile/account/delete_account.md
View File

@ -169,7 +169,7 @@ You can delete the root account using either the UI or the [GitLab Rails console
Before you delete the root account:
1. If you have created any [project](../../project/settings/project_access_tokens.md) or [personal access tokens](../../profile/personal_access_tokens.md) for the root account and use them in your workflow, transfer any necessary permissions or ownership from the root account to the new administrator.
1. If you have created any [project](../../project/settings/project_access_tokens.md) or [personal access tokens](../personal_access_tokens.md) for the root account and use them in your workflow, transfer any necessary permissions or ownership from the root account to the new administrator.
1. [Back up your GitLab Self-Managed instance](../../../administration/backup_restore/backup_gitlab.md).
1. Consider [deactivating](../../../administration/moderate_users.md#deactivate-a-user) or [blocking](../../../administration/moderate_users.md#block-and-unblock-users) the root account instead.
@ -181,7 +181,7 @@ Prerequisites:
To delete the root account:
1. In the **Admin** area, [create a new user with administrator access](../../profile/account/create_accounts.md#create-users-in-admin-area). This ensures that you maintain administrator access to the instance whilst mitigating the risks associated with deleting the root account.
1. In the **Admin** area, [create a new user with administrator access](create_accounts.md#create-users-in-admin-area). This ensures that you maintain administrator access to the instance whilst mitigating the risks associated with deleting the root account.
1. [Delete the root account](#delete-users-and-user-contributions).
### Use the GitLab Rails console

2
doc/user/profile/account/two_factor_authentication_troubleshooting.md
View File

@ -37,7 +37,7 @@ To resolve this error:
- For [dependency proxy](../../packages/dependency_proxy/_index.md#authenticate-with-the-dependency-proxy-for-container-images)
requests: `read_registry` and `write_registry`
- If you configured LDAP, use an [LDAP password](../../../administration/auth/ldap/_index.md).
- Use an [OAuth credential helper](../../profile/account/two_factor_authentication.md#oauth-credential-helpers).
- Use an [OAuth credential helper](two_factor_authentication.md#oauth-credential-helpers).
## Error: `invalid pin code`

32
doc/user/project/file_lock.md
View File

@ -19,7 +19,7 @@ design files, videos, and other non-text content.
GitLab supports two different types of file locking:
- [Exclusive file locks](../../topics/git/file_management.md#file-locks): Applied through the
command line with Git LFS and [`.gitattributes`](../../user/project/repository/files/git_attributes.md).
command line with Git LFS and [`.gitattributes`](repository/files/git_attributes.md).
These locks prevent modifications to locked files on any branch.
- [Default branch file and directory locks](#default-branch-file-and-directory-locks): Applied
through the GitLab UI. These locks prevent modifications to files and directories on the
@ -28,7 +28,7 @@ GitLab supports two different types of file locking:
## Permissions
You must have at least the Developer role for the project to create, view, or manage file locks.
For more information, see [Roles and permissions](../../user/permissions.md).
For more information, see [Roles and permissions](../permissions.md).
## Default branch file and directory locks
@ -73,8 +73,32 @@ To lock a file or directory:
If **Lock** is not enabled, you don't have the required permissions to lock the file.
To see who locked a directory, if it wasn't you, hover over the **Lock**. For a similar function
for locked files, see [issue 4623](https://gitlab.com/gitlab-org/gitlab/-/issues/4623).
To view the user who locked a directory (if it was not you), hover over the button. Reinstatement of
similar functionality for locked files is discussed in
[issue 376222](https://gitlab.com/gitlab-org/gitlab/-/issues/376222).
### File operations from the Actions menu
{{< history >}}
- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/519325) in GitLab 17.10 [with a flag](../../administration/feature_flags.md) named `blob_overflow_menu`. Disabled by default.
{{< /history >}}
{{< alert type="flag" >}}
The availability of this feature is controlled by a feature flag. For more information, see the history.
{{< /alert >}}
To lock a file:
1. On the left sidebar, select **Search or go to** and find your project.
1. Go to the file you want to lock.
1. In the upper-right corner, next to a filename, select **Actions** ({{< icon name="ellipsis_v" >}}) **> Lock**.
1. On the confirmation dialog, select **OK**.
If you do not have permission to lock the file, the menu item is disabled.
## View and remove locks

4
doc/user/project/import/_index.md
View File

@ -157,7 +157,7 @@ When you reassign a contribution to a user on the destination instance, the user
{{< alert type="note" >}}
User contribution mapping is not supported when you import projects to a [personal namespace](../../../user/namespace/_index.md#types-of-namespaces).
User contribution mapping is not supported when you import projects to a [personal namespace](../../namespace/_index.md#types-of-namespaces).
When you import to a personal namespace, all contributions are assigned to
a single non-functional user called `Import User` and they cannot be reassigned.
[Issue 525342](https://gitlab.com/gitlab-org/gitlab/-/issues/525342) proposes to map all contributions to the importing user instead.
@ -196,7 +196,7 @@ A placeholder user is created for each user on the source instance, except in th
Contributions from these "ghost users" are mapped to the user who imported the project and not to a placeholder user.
- You have exceeded your [placeholder user limit](#placeholder-user-limits). Contributions from any new users after exceeding your limit are
mapped to a single non-functional user called `Import User`.
- You are importing to a [personal namespace](../../../user/namespace/_index.md#types-of-namespaces).
- You are importing to a [personal namespace](../../namespace/_index.md#types-of-namespaces).
Contributions are assigned to a single non-functional user called `Import User`.
[Issue 525342](https://gitlab.com/gitlab-org/gitlab/-/issues/525342) proposes to map all contributions to the importing user instead.

2
doc/user/project/merge_requests/cherry_pick_changes.md
View File

@ -99,7 +99,7 @@ when you view that file in your project's Git repository:
1. On the left sidebar, select **Search or go to** and find your project.
1. Select **Code > Repository**.
1. Go to the file changed by the commit. In the upper-right corner, select **History**.
1. Go to the file changed by the commit. In the last commit block, select **History**.
1. Select the [title](https://git-scm.com/docs/git-commit#_discussion)
of the commit you want to cherry-pick.
1. In the upper-right corner, select **Options > Cherry-pick**.

2
doc/user/project/merge_requests/duo_in_merge_requests.md
View File

@ -99,7 +99,7 @@ Interactions with GitLab Duo can help to improve the suggestions and feedback as
### Automatic reviews from GitLab Duo
To enable `@GitLabDuo` to automatically review merge requests, edit your
[merge request template](../../../user/project/description_templates.md#create-a-merge-request-template)
[merge request template](../description_templates.md#create-a-merge-request-template)
and add the line `/assign_reviewer @GitLabDuo`. Add this line to your default template,
and any other templates in your project where you want `@GitLabDuo` to perform a review.

2
doc/user/project/repository/code_suggestions/troubleshooting.md
View File

@ -26,7 +26,7 @@ You can run a [health check](../../../gitlab_duo/turn_on_off.md) to test if your
For more information on troubleshooting GitLab Duo, see:
- [Troubleshooting GitLab Duo](../../../../user/gitlab_duo/troubleshooting.md).
- [Troubleshooting GitLab Duo](../../../gitlab_duo/troubleshooting.md).
- [GitLab Duo Chat troubleshooting](../../../gitlab_duo_chat/troubleshooting.md).
- [Troubleshooting GitLab Duo Self-Hosted](../../../../administration/gitlab_duo_self_hosted/troubleshooting.md).

2
doc/user/project/repository/files/git_history.md
View File

@ -43,7 +43,7 @@ To see a file's Git history in the UI:
1. On the left sidebar, select **Search or go to** and find your project.
1. Select **Code > Repository**.
1. Go to your desired file in the repository.
1. In the upper-right corner, select **History**.
1. In the last commit block, select **History**.
## Limit history range of results

28
doc/user/project/repository/web_editor.md
View File

@ -264,6 +264,34 @@ To cancel changes, edit, upload, or delete a file, from the Web Editor:
- Confirm you want to cancel changes: Select **OK**.
- Don't cancel changes: Select **Cancel**.
### File operations from the Actions menu
{{< history >}}
- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/519325) in GitLab 17.10 [with a flag](../../../administration/feature_flags.md) named `blob_overflow_menu`. Disabled by default.
{{< /history >}}
{{< alert type="flag" >}}
The availability of this feature is controlled by a feature flag. For more information, see the history.
{{< /alert >}}
The **Actions** ({{< icon name="ellipsis_v" >}}) menu consolidates file operations into the
dropdown list. From this menu, you can:
- Edit a file.
- Upload a file.
- Delete a file.
- Replace a file.
To complete these actions:
1. Open the file in GitLab.
1. In the upper-right corner, next to a file name, select **Actions** ({{< icon name="ellipsis_v" >}}).
1. Select your desired action.
## Create a directory
To create a directory in the Web Editor:

2
lib/api/ci/pipelines.rb
View File

@ -291,7 +291,7 @@ module API
requires :name, type: String, desc: 'The name of the pipeline', documentation: { example: 'Deployment to production' }
end
route_setting :authentication, job_token_allowed: true
route_setting :authorization, job_token_policies: :admin_jobs
route_setting :authorization, job_token_policies: :admin_pipelines
put ':id/pipelines/:pipeline_id/metadata', urgency: :low, feature_category: :continuous_integration do
authorize! :update_pipeline, pipeline

3
lib/api/entities/project.rb
View File

@ -41,6 +41,9 @@ module API
end
end
expose :marked_for_deletion_at, if: ->(project, _) { project.adjourned_deletion? }
expose :marked_for_deletion_at, as: :marked_for_deletion_on, if: ->(project, _) { project.adjourned_deletion? }
expose :packages_enabled, documentation: { type: 'boolean' }
expose :empty_repo?, as: :empty_repo, documentation: { type: 'boolean' }
expose :archived?, as: :archived, documentation: { type: 'boolean' }

2
lib/api/project_packages.rb
View File

@ -106,7 +106,7 @@ module API
values: 1..20
end
route_setting :authentication, job_token_allowed: true
route_setting :authorization, job_token_policies: :read_packages,
route_setting :authorization, job_token_policies: :read_pipelines,
allow_public_access_for_enabled_project_features: :package_registry
get ':id/packages/:package_id/pipelines' do
not_found!('Package not found') unless package.detailed_info?

2
lib/ci/job_token/policies.rb
View File

@ -12,6 +12,8 @@ module Ci
:admin_jobs,
:read_packages,
:admin_packages,
:read_pipelines,
:admin_pipelines,
:read_releases,
:admin_releases,
:read_secure_files,

67
lib/ci/pipeline_creation/push_options.rb Normal file
View File

@ -0,0 +1,67 @@
# frozen_string_literal: true
module Ci
module PipelineCreation
class PushOptions
def self.fabricate(push_options)
if push_options.is_a?(self)
push_options
elsif push_options.is_a?(Hash)
new(push_options)
elsif push_options.blank?
new({})
else
raise ArgumentError, 'Unknown type of push_option'
end
end
def initialize(push_options)
@push_options = push_options&.deep_symbolize_keys || {}
end
def skips_ci?
push_options.dig(:ci, :skip).present?
end
def variables
raw_push_options_variables = push_options.dig(:ci, :variable)
return [] unless raw_push_options_variables
raw_vars = extract_key_value_pairs_from_push_option(raw_push_options_variables)
raw_vars.map do |key, value|
{ "key" => key, "variable_type" => "env_var", "secret_value" => value }
end
end
def inputs
raw_push_options_inputs = push_options.dig(:ci, :input)
return {} unless raw_push_options_inputs
raw_inputs = extract_key_value_pairs_from_push_option(raw_push_options_inputs)
::Ci::PipelineCreation::Inputs.parse_params(raw_inputs.to_h)
end
private
attr_reader :push_options
def extract_key_value_pairs_from_push_option(push_option)
# When extracting variables and encountering a missing `key` or `value`, this is valid:
# "ABC=" -> `key` would be `ABC` and value an empty string
# These formats are invalid and will be ignored:
# "=123" -> `key` would be an empty string
# "ABC" -> `value` would be nil
return [] unless push_option
push_option.each_with_object([]) do |(raw_value, _), result|
key, value = raw_value.to_s.split("=", 2)
next if key.blank? || value.nil?
result << [key, value]
end
end
end
end
end

7
lib/gitlab/ci/pipeline/chain/skip.rb
View File

@ -29,7 +29,7 @@ module Gitlab
private
def skipped?
!@command.ignore_skip_ci && (commit_message_skips_ci? || push_option_skips_ci?)
!@command.ignore_skip_ci && (commit_message_skips_ci? || !!@command.push_options&.skips_ci?)
end
def commit_message_skips_ci?
@ -39,11 +39,6 @@ module Gitlab
!!(@pipeline.git_commit_message =~ SKIP_PATTERN)
end
end
def push_option_skips_ci?
@command.push_options.present? &&
@command.push_options.deep_symbolize_keys.dig(:ci, :skip).present?
end
end
end
end

125
lib/gitlab/ci/templates/Jobs/Dependency-Scanning.latest.gitlab-ci.yml
View File

@ -231,7 +231,7 @@ dependency-scanning:
variables:
ANALYZER_SUPPORTED_FILES: "packages.lock.json,conan.lock,conda-lock.yml,pubspec.lock,go.mod,go.graph,ivy-report.xml,maven.graph.json,dependencies.lock,package-lock.json,npm-shrinkwrap.json,pnpm-lock.yaml,yarn.lock,Podfile.lock,composer.lock,pipdeptree.json,requirements.txt,Pipfile.lock,pipenv.graph.json,poetry.lock,uv.lock,Gemfile.lock,gems.locked,Cargo.lock,dependencies-compile.dot,Package.resolved"
ADDITIONAL_SUPPORTED_FILES: "pom.xml,build.gradle,build.gradle.kts,build.sbt,requirements.pip,Pipfile,requires.txt,setup.py"
stage: test
stage: !reference [.ds-analyzer, stage]
image:
name: "$CI_TEMPLATE_REGISTRY_HOST/security-products/dependency-scanning:v0"
script:
@ -246,6 +246,8 @@ dependency-scanning:
rules:
- if: $DEPENDENCY_SCANNING_DISABLED == 'true' || $DEPENDENCY_SCANNING_DISABLED == '1'
when: never
- if: $DS_STATIC_REACHABILITY_ENABLED == 'true'
when: never
- if: $DS_EXCLUDED_ANALYZERS =~ /dependency-scanning/
when: never
@ -306,3 +308,124 @@ dependency-scanning:
- '**/{conda-lock.yml,pubspec.lock,Podfile.lock,Cargo.lock,Package.resolved}'
variables:
DS_EXCLUDED_PATHS: 'spec, test, tests, tmp, **/build.gradle, **/build.gradle.kts, **/build.sbt, **/pom.xml, **/requirements.txt, **/requirements.pip, **/Pipfile, **/Pipfile.lock, **/requires.txt, **/setup.py, **/poetry.lock, **/uv.lock, **/packages.lock.json, **/conan.lock, **/package-lock.json, **/npm-shrinkwrap.json, **/pnpm-lock.yaml, **/yarn.lock, **/composer.lock, **/Gemfile.lock, **/gems.locked, **/go.graph, **/ivy-report.xml, **/maven.graph.json, **/dependencies.lock, **/pipdeptree.json, **/pipenv.graph.json, **/dependencies-compile.dot'
# this job should run only if SR is enabled
dependency-scanning-with-reachability:
stage: !reference [.ds-analyzer, stage]
variables:
ANALYZER_SUPPORTED_FILES: "packages.lock.json,conan.lock,conda-lock.yml,pubspec.lock,go.mod,go.graph,ivy-report.xml,maven.graph.json,dependencies.lock,package-lock.json,npm-shrinkwrap.json,pnpm-lock.yaml,yarn.lock,Podfile.lock,composer.lock,pipdeptree.json,requirements.txt,Pipfile.lock,pipenv.graph.json,poetry.lock,uv.lock,Gemfile.lock,gems.locked,Cargo.lock,dependencies-compile.dot,Package.resolved"
ADDITIONAL_SUPPORTED_FILES: "pom.xml,build.gradle,build.gradle.kts,build.sbt,requirements.pip,Pipfile,requires.txt,setup.py"
SCA_TO_SARIF_MATCHER_VERSION: "v2.0.2"
image:
name: "$CI_TEMPLATE_REGISTRY_HOST/security-products/dependency-scanning:v0"
needs:
- job: gitlab-static-reachability
optional: true
artifacts: true
# For supporting Scan Execution Policies.
- job: gitlab-static-reachability-0
optional: true
artifacts: true
# For dependency scanning getting artifacts from build job
- job: build
optional: true
artifacts: true
script:
- |
/analyzer run || exit $?
if [ -f "reachable_packages.json" ]; then
echo "Found reachable_packages.json"
echo "Downloading SCA-to-sarif-matcher ${SCA_TO_SARIF_MATCHER_VERSION}"
curl -L "gitlab.com/api/v4/projects/60962090/packages/generic/sca-to-sarif-matcher/${SCA_TO_SARIF_MATCHER_VERSION}/matcher" -o /home/gitlab/sbom-enricher
chmod +x /home/gitlab/sbom-enricher
/home/gitlab/sbom-enricher process --glas_report="reachable_packages.json"
fi
allow_failure: true
artifacts:
access: "developer"
paths:
- "**/gl-sbom-*.cdx.json"
reports:
cyclonedx: "**/gl-sbom-*.cdx.json"
rules:
- if: $DEPENDENCY_SCANNING_DISABLED == 'true' || $DEPENDENCY_SCANNING_DISABLED == '1'
when: never
- if: $DS_STATIC_REACHABILITY_ENABLED != 'true' || $DS_ENFORCE_NEW_ANALYZER != 'true'
when: never
- if: $DS_EXCLUDED_ANALYZERS =~ /dependency-scanning/
when: never
# Add the job to merge request pipelines if there's an open merge request.
## If the new DS analyzer is enforced, run this job for all possibly supported projects including those
## that might need additional file(s) to be provided dynamically by the user. To do that, we use the list in
## ADDITIONAL_SUPPORTED_FILES to trigger the job based on non-scannable files present in the repository, and expect
## the scannable file(s) to be provided at runtime.
- if: $DS_ENFORCE_NEW_ANALYZER == 'true' &&
$CI_PIPELINE_SOURCE == "merge_request_event" &&
$GITLAB_FEATURES =~ /\bdependency_scanning\b/
exists:
- '**/{$ANALYZER_SUPPORTED_FILES,$ADDITIONAL_SUPPORTED_FILES}'
# Support DS_PIPCOMPILE_REQUIREMENTS_FILE_NAME_PATTERN
- if: $DS_PIPCOMPILE_REQUIREMENTS_FILE_NAME_PATTERN &&
$DS_ENFORCE_NEW_ANALYZER == 'true' &&
$CI_PIPELINE_SOURCE == "merge_request_event" &&
$GITLAB_FEATURES =~ /\bdependency_scanning\b/
# Don't add it to a *branch* pipeline if it's already in a merge request pipeline.
- if: $CI_OPEN_MERGE_REQUESTS
when: never
# Add the job to branch pipelines.
## If the new DS analyzer is enforced, run this job for all possibly supported projects including those
## that might need additional file(s) to be provided dynamically by the user. To do that, we use the list in
## ADDITIONAL_SUPPORTED_FILES to trigger the job based on non-scannable files present in the repository, and expect
## the scannable file(s) to be provided at runtime.
- if: $DS_ENFORCE_NEW_ANALYZER == 'true' &&
$CI_COMMIT_BRANCH &&
$GITLAB_FEATURES =~ /\bdependency_scanning\b/
exists:
- '**/{$ANALYZER_SUPPORTED_FILES,$ADDITIONAL_SUPPORTED_FILES}'
# Support DS_PIPCOMPILE_REQUIREMENTS_FILE_NAME_PATTERN
- if: $DS_PIPCOMPILE_REQUIREMENTS_FILE_NAME_PATTERN &&
$DS_ENFORCE_NEW_ANALYZER == 'true' &&
$CI_COMMIT_BRANCH &&
$GITLAB_FEATURES =~ /\bdependency_scanning\b/
gitlab-static-reachability:
stage: !reference [.ds-analyzer, stage]
variables:
SEARCH_MAX_DEPTH: 20
STATIC_REACHABILITY_ANALYZER_IMAGE_TAG: 1
# For now we are using GLAS as our static reachability analyzer
STATIC_REACHABILITY_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/gitlab-advanced-sast:$STATIC_REACHABILITY_ANALYZER_IMAGE_TAG"
image:
name: "$STATIC_REACHABILITY_ANALYZER_IMAGE"
cache: []
allow_failure: true
script:
- |
FOUND_FILES=$(find . -name "*.py" -type f -maxdepth "${SEARCH_MAX_DEPTH}" -not -path "*/\.*" | wc -l)
if [ "$FOUND_FILES" -eq 0 ]; then
echo "No Python files found within depth $SEARCH_MAX_DEPTH . Skiping gitlab-static-reachability"
exit 1
fi
export SAST_SCANNER_ALLOWED_CLI_OPTS="--sca-output-path reachable_packages.json"
echo keep-builtin-rules: false >> /lightz-aio_default_config.yaml
/analyzer run
chmod 644 reachable_packages.json
artifacts:
access: 'developer'
paths:
- reachable_packages.json
rules:
- if: $DS_STATIC_REACHABILITY_ENABLED != 'true' || $DS_ENFORCE_NEW_ANALYZER != 'true'
when: never
# if DS is disabled then static reachability cannot execute
- if: $DEPENDENCY_SCANNING_DISABLED == 'true' || $DEPENDENCY_SCANNING_DISABLED == '1'
when: never
# Add the job to merge request pipelines if there's an open merge request.
- if: $CI_PIPELINE_SOURCE == "merge_request_event" &&
$GITLAB_FEATURES =~ /\bsast_advanced\b/
# Don't add it to a *branch* pipeline if it's already in a merge request pipeline.
- if: $CI_OPEN_MERGE_REQUESTS
when: never
# If there's no open merge request, add it to a *branch* pipeline instead.
- if: $CI_COMMIT_BRANCH &&
$GITLAB_FEATURES =~ /\bsast_advanced\b/

85
lib/gitlab/ci/templates/Jobs/SAST.latest.gitlab-ci.yml
View File

@ -17,7 +17,6 @@ variables:
DEFAULT_SAST_EXCLUDED_PATHS: "spec, test, tests, tmp"
SAST_EXCLUDED_PATHS: "$DEFAULT_SAST_EXCLUDED_PATHS"
SCAN_KUBERNETES_MANIFESTS: "false"
GITLAB_ADVANCED_SAST_SCA_FILENAME: "GLAS_SCA.json"
sast:
stage: test
@ -92,90 +91,6 @@ gitlab-advanced-sast:
- '**/*.cs'
- '**/*.rb'
.static-reachability-rules:
rules:
- if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1'
when: never
- if: $SAST_EXCLUDED_ANALYZERS =~ /gitlab-advanced-sast/
when: never
- if: $GITLAB_STATIC_REACHABILITY_ENABLED != 'true'
when: never
# Add the job to merge request pipelines if there's an open merge request.
- if: $CI_PIPELINE_SOURCE == "merge_request_event" &&
$GITLAB_FEATURES =~ /\bsast_advanced\b/
exists:
- '**/*.py'
- '**/*.java'
- '**/*.jsp'
- if: $CI_OPEN_MERGE_REQUESTS # Don't add it to a *branch* pipeline if it's already in a merge request pipeline.
when: never
# If there's no open merge request, add it to a *branch* pipeline instead.
- if: $CI_COMMIT_BRANCH &&
$GITLAB_FEATURES =~ /\bsast_advanced\b/
exists:
- '**/*.py'
- '**/*.java'
- '**/*.jsp'
gitlab-static-reachability:
extends:
- gitlab-advanced-sast
variables:
SAST_SCANNER_ALLOWED_CLI_OPTS: --sca-output-path ${GITLAB_ADVANCED_SAST_SCA_FILENAME}
before_script:
- |
echo keep-builtin-rules: false >> /lightz-aio_default_config.yaml
artifacts:
paths:
- $GITLAB_ADVANCED_SAST_SCA_FILENAME
rules:
- if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1'
when: never
- if: $SAST_EXCLUDED_ANALYZERS =~ /gitlab-advanced-sast/
when: never
- if: $GITLAB_STATIC_REACHABILITY_ENABLED != 'true'
when: never
# Add the job to merge request pipelines if there's an open merge request.
- if: $CI_PIPELINE_SOURCE == "merge_request_event" &&
$GITLAB_FEATURES =~ /\bsast_advanced\b/
exists:
- '**/*.py'
- '**/*.java'
- '**/*.jsp'
- if: $CI_OPEN_MERGE_REQUESTS # Don't add it to a *branch* pipeline if it's already in a merge request pipeline.
when: never
# If there's no open merge request, add it to a *branch* pipeline instead.
- if: $CI_COMMIT_BRANCH &&
$GITLAB_FEATURES =~ /\bsast_advanced\b/
exists:
- '**/*.py'
- '**/*.java'
- '**/*.jsp'
gitlab-enrich-cdx-results:
stage: .post
extends: .static-reachability-rules
variables:
GLAS_STATIC_REACHABILITY_MATCHER_VERSION: "v1.0.3"
GLAS_REPORT: $GITLAB_ADVANCED_SAST_SCA_FILENAME
SCA_TO_SARIF_PROJECT_ID: 60962090
DEPENDENCY_SCANNING_PATTERN: "**/gl-sbom-*-*.cdx.json"
image:
name: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"
entrypoint: [""]
before_script:
- |
wget "gitlab.com/api/v4/projects/${SCA_TO_SARIF_PROJECT_ID}/packages/generic/sca-to-sarif-matcher/${GLAS_STATIC_REACHABILITY_MATCHER_VERSION}/matcher" \
--no-verbose -O /matcher
- chmod +x /matcher
script:
- /matcher process
artifacts:
paths:
- "**/gl-sbom-*.cdx.json"
reports:
cyclonedx: "**/gl-sbom-*.cdx.json"
kubesec-sast:
extends: .sast-analyzer
image:

23
locale/gitlab.pot
View File

@ -9150,9 +9150,6 @@ msgstr ""
msgid "Available ID"
msgstr ""
msgid "Available group runners: %{runners}"
msgstr ""
msgid "Available on demand"
msgstr ""
@ -23003,7 +23000,10 @@ msgstr ""
msgid "DuoCodeReview|:wave: There's nothing for me to review."
msgstr ""
msgid "DuoCodeReview|Hey :wave: I'm starting to review your merge request and I will let you know when I'm finished."
msgid "DuoCodeReview|Can't access the merge request. When SAML single sign-on is enabled on a group or its parent, Duo Code Reviews can't be requested from the API. Request a review from the GitLab UI instead."
msgstr ""
msgid "DuoCodeReview|Hey :wave: I'm reviewing your merge request now. I will let you know when I'm finished."
msgstr ""
msgid "DuoCodeReview|I encountered some problems while responding to your query. Please try again later."
@ -23015,6 +23015,9 @@ msgstr ""
msgid "DuoCodeReview|I have encountered some problems while I was reviewing. Please try again later."
msgstr ""
msgid "DuoCodeReview|I've received your Duo Code Review request, and will review your code shortly."
msgstr ""
msgid "DuoEnterpriseDiscover|AI Impact Dashboard measures the ROI of AI"
msgstr ""
@ -34501,6 +34504,9 @@ msgstr ""
msgid "JobToken|Packages"
msgstr ""
msgid "JobToken|Pipelines"
msgstr ""
msgid "JobToken|Read"
msgstr ""
@ -51494,9 +51500,6 @@ msgstr ""
msgid "Runners|Available"
msgstr ""
msgid "Runners|Available instance runners"
msgstr ""
msgid "Runners|Available to all projects"
msgstr ""
@ -51739,6 +51742,9 @@ msgstr ""
msgid "Runners|Instance"
msgstr ""
msgid "Runners|Instance runners"
msgstr ""
msgid "Runners|Instance runners are disabled in the group settings."
msgstr ""
@ -59023,6 +59029,9 @@ msgstr ""
msgid "Successfully deleted WebAuthn device."
msgstr ""
msgid "Successfully deleted requirement statuses"
msgstr ""
msgid "Successfully deleted requirement statuses."
msgstr ""

10
qa/qa/specs/features/browser_ui/9_tenant_scale/user/parent_group_access_termination_spec.rb
View File

@ -2,7 +2,11 @@
module QA
RSpec.describe 'Tenant Scale' do
describe 'User', :requires_admin, product_group: :organizations do
describe(
'User', :requires_admin,
product_group: :organizations,
feature_flag: { name: :blob_overflow_menu }
) do
let(:admin_api_client) { Runtime::API::Client.as_admin }
let!(:user) { create(:user, api_client: admin_api_client) }
@ -14,7 +18,7 @@ module QA
context 'with terminated parent group membership' do
before do
group.add_member(user)
Runtime::Feature.enable(:blob_overflow_menu)
Flow::Login.while_signed_in_as_admin do
group.visit!
@ -37,7 +41,7 @@ module QA
Page::File::Show.perform(&:click_edit)
expect(page).to have_text("You cant edit files directly in this project.")
expect(page).to have_text("You're not allowed to make changes to this project directly.")
end
end
end

9
qa/qa/specs/features/browser_ui/9_tenant_scale/user/user_inherited_access_spec.rb
View File

@ -2,7 +2,11 @@
module QA
RSpec.describe 'Tenant Scale' do
describe 'User', :requires_admin, product_group: :organizations do
describe(
'User', :requires_admin,
product_group: :organizations,
feature_flag: { name: :blob_overflow_menu }
) do
let!(:parent_group) do
create(:group, path: "parent-group-to-test-user-access-#{SecureRandom.hex(8)}")
end
@ -21,6 +25,7 @@ module QA
before do
parent_group.add_member(parent_group_user)
Runtime::Feature.enable(:blob_overflow_menu)
end
it(
@ -68,7 +73,7 @@ module QA
Page::File::Show.perform(&:click_edit)
expect(page).to have_text("You cant edit files directly in this project.")
expect(page).to have_text("You're not allowed to make changes to this project directly.")
end
end
end

5
spec/features/projects/blobs/blob_show_spec.rb
View File

@ -29,10 +29,6 @@ RSpec.describe 'File blob', :js, feature_category: :source_code_management do
).execute
end
before do
stub_feature_flags(blob_overflow_menu: false)
end
context 'Ruby file' do
before do
visit_blob('files/ruby/popen.rb')
@ -471,6 +467,7 @@ RSpec.describe 'File blob', :js, feature_category: :source_code_management do
expect(page).to have_link('Download (23.81 KiB)')
# does not show a viewer switcher
expect(page).not_to have_selector('.js-blob-viewer-switcher')
expect(page).not_to have_selector('.js-copy-blob-source-btn:not(.disabled)')
expect(page).not_to have_link('Open raw')
end

20
spec/features/projects/files/user_browses_files_spec.rb
View File

@ -17,8 +17,6 @@ RSpec.describe "User browses files", :js, feature_category: :source_code_managem
before do
sign_in(user)
stub_feature_flags(blob_overflow_menu: false)
end
it "shows last commit for current directory", :js do
@ -80,13 +78,12 @@ RSpec.describe "User browses files", :js, feature_category: :source_code_managem
expect(page).to have_link("Browse Files").and have_no_link("Browse Directory")
end
it "redirects to the permalink URL" do
it "copies permalink URL" do
click_link(".gitignore")
click_link("Permalink")
click_button("File actions")
click_button("Copy permalink")
permalink_path = project_blob_path(project, "#{project.repository.commit.sha}/.gitignore")
expect(page).to have_current_path(permalink_path, ignore_query: true)
expect(page).to have_text("Permalink copied to clipboard.")
end
end
@ -144,13 +141,12 @@ RSpec.describe "User browses files", :js, feature_category: :source_code_managem
visit(project_tree_path(project, "markdown"))
end
it "redirects to the permalink URL" do
it "copies permalink URL" do
click_link(".gitignore")
click_link("Permalink")
click_button("File actions")
click_button("Copy permalink")
permalink_path = project_blob_path(project, "#{project.repository.commit('markdown').sha}/.gitignore")
expect(page).to have_current_path(permalink_path, ignore_query: true)
expect(page).to have_text("Permalink copied to clipboard.")
end
it "shows correct files and links" do

13
spec/features/projects/files/user_browses_lfs_files_spec.rb
View File

@ -7,7 +7,6 @@ RSpec.describe 'Projects > Files > User browses LFS files', feature_category: :s
let(:user) { project.first_owner }
before do
stub_feature_flags(blob_overflow_menu: false)
sign_in(user)
end
@ -63,15 +62,19 @@ RSpec.describe 'Projects > Files > User browses LFS files', feature_category: :s
expect(page).not_to have_content('size 1575078')
page.within('.content') do
expect(page).to have_content('Delete')
expect(page).to have_content('History')
expect(page).to have_content('Permalink')
expect(page).to have_content('Replace')
expect(page).to have_link('Download')
expect(page).not_to have_content('Annotate')
expect(page).not_to have_content('Blame')
click_button 'File actions'
expect(page).to have_button('Copy permalink')
expect(page).to have_button('Replace')
expect(page).to have_button('Delete')
click_button 'File actions' # close dropdown to make Download visible
expect(page).to have_link('Download')
click_button 'Edit'
expect(page).not_to have_selector(:link_or_button, text: /^Edit single file$/)

16
spec/features/projects/files/user_deletes_files_spec.rb
View File

@ -20,6 +20,10 @@ RSpec.describe 'Projects > Files > User deletes files', :js, feature_category: :
let_it_be(:project_tree_path_root_ref) { project_tree_path(project, project.repository.root_ref) }
let_it_be(:project2_tree_path_root_ref) { project_tree_path(project2, project2.repository.root_ref) }
let_it_be(:project2_non_default_branch_tree_path) do
project_tree_path(project2, 'non-default-branch')
end
let_it_be(:project3_protected_branch_tree_path_root_ref) do
project_tree_path(project3, 'protected-branch', project3.repository.root_ref)
end
@ -27,7 +31,6 @@ RSpec.describe 'Projects > Files > User deletes files', :js, feature_category: :
let_it_be(:user) { create(:user) }
before do
stub_feature_flags(blob_overflow_menu: false)
sign_in(user)
end
@ -46,6 +49,7 @@ RSpec.describe 'Projects > Files > User deletes files', :js, feature_category: :
expect(page).to have_content('.gitignore')
click_button 'File actions'
click_on('Delete')
fill_in(:commit_message, with: commit_message, visible: true)
click_button('Commit changes')
@ -56,21 +60,19 @@ RSpec.describe 'Projects > Files > User deletes files', :js, feature_category: :
end
end
context 'when an user does not have write access', :js do
context 'when a user does not have write access', :js do
before_all do
project2.add_reporter(user)
end
before do
it 'deletes the file in a forked project', :js, :sidekiq_might_not_need_inline do
visit(project2_tree_path_root_ref)
wait_for_requests
end
it 'deletes the file in a forked project', :js, :sidekiq_might_not_need_inline do
click_link('.gitignore')
expect(page).to have_content('.gitignore')
click_button 'File actions'
click_on('Delete')
expect(page).to have_link('Fork')
@ -80,6 +82,7 @@ RSpec.describe 'Projects > Files > User deletes files', :js, feature_category: :
expect(page).to have_content(fork_message)
click_button 'File actions'
click_on('Delete')
fill_in(:commit_message, with: commit_message, visible: true)
click_button('Commit changes')
@ -106,6 +109,7 @@ RSpec.describe 'Projects > Files > User deletes files', :js, feature_category: :
expect(page).to have_content('.gitignore')
click_button 'File actions'
click_on('Delete')
epoch = Time.zone.now.strftime('%s%L').last(5)

17
spec/features/projects/files/user_replaces_files_spec.rb
View File

@ -20,6 +20,10 @@ RSpec.describe 'Projects > Files > User replaces files', :js, feature_category:
let_it_be(:project_tree_path_root_ref) { project_tree_path(project, project.repository.root_ref) }
let_it_be(:project2_tree_path_root_ref) { project_tree_path(project2, project2.repository.root_ref) }
let_it_be(:project2_non_default_branch_tree_path) do
project_tree_path(project2, 'non-default-branch', project2.repository.root_ref)
end
let_it_be(:project3_protected_branch_tree_path_root_ref) do
project_tree_path(project3, 'protected-branch', project3.repository.root_ref)
end
@ -27,7 +31,6 @@ RSpec.describe 'Projects > Files > User replaces files', :js, feature_category:
let_it_be(:user) { create(:user) }
before do
stub_feature_flags(blob_overflow_menu: false)
sign_in(user)
end
@ -46,6 +49,7 @@ RSpec.describe 'Projects > Files > User replaces files', :js, feature_category:
expect(page).to have_content('.gitignore')
click_button 'File actions'
click_on('Replace')
find(".upload-dropzone-card").drop(File.join(Rails.root, 'spec', 'fixtures', 'doc_sample.txt'))
@ -60,21 +64,20 @@ RSpec.describe 'Projects > Files > User replaces files', :js, feature_category:
end
end
context 'when an user does not have write access' do
context 'when a user does not have write access' do
before_all do
project2.add_reporter(user)
end
before do
it 'replaces an existed file with a new one in a forked project',
:sidekiq_might_not_need_inline do
visit(project2_tree_path_root_ref)
wait_for_requests
end
it 'replaces an existed file with a new one in a forked project', :sidekiq_might_not_need_inline do
click_link('.gitignore')
expect(page).to have_content('.gitignore')
click_button 'File actions'
click_on('Replace')
expect(page).to have_link('Fork')
@ -84,6 +87,7 @@ RSpec.describe 'Projects > Files > User replaces files', :js, feature_category:
expect(page).to have_content(fork_message)
click_button 'File actions'
click_on('Replace')
find(".upload-dropzone-card").drop(File.join(Rails.root, 'spec', 'fixtures', 'doc_sample.txt'))
@ -120,6 +124,7 @@ RSpec.describe 'Projects > Files > User replaces files', :js, feature_category:
expect(page).to have_content('.gitignore')
click_button 'File actions'
click_on('Replace')
epoch = Time.zone.now.strftime('%s%L').last(5)

4
spec/features/projects/runners/maintainer_manages_group_runners_spec.rb
View File

@ -66,7 +66,7 @@ RSpec.describe 'Maintainer manages group runners related to project', feature_ca
it 'group runners are available' do
visit project_runners_path(project)
expect(page).to have_content 'Available group runners: 1'
expect(page).to have_content 'Group runners 1'
expect(page).to have_content 'group-runner'
end
@ -91,7 +91,7 @@ RSpec.describe 'Maintainer manages group runners related to project', feature_ca
visit project_runners_path(project)
within_testid 'group-runners' do
expect(page).to have_content format(_('Available group runners: %{runners}'), { runners: 2 })
expect(page).to have_content 'Group runners 2'
end
end

2
spec/features/projects/runners/maintainer_manages_project_runners_spec.rb
View File

@ -120,7 +120,7 @@ RSpec.describe 'Maintainer manages project runners', feature_category: :fleet_vi
within_testid 'available-shared-runners' do
within_testid 'crud-title' do
expect(page).to have_content _('Available instance runners')
expect(page).to have_content _('Instance runners')
end
within_testid 'crud-count' do
expect(page).to have_content 2

2
spec/features/projects/show/user_sees_collaboration_links_spec.rb
View File

@ -24,7 +24,6 @@ RSpec.describe 'Projects > Show > Collaboration links', :js, feature_category: :
end
before do
stub_feature_flags(blob_overflow_menu: false)
stub_feature_flags(directory_code_dropdown_updates: true)
end
@ -97,7 +96,6 @@ RSpec.describe 'Projects > Show > Collaboration links', :js, feature_category: :
end
before do
stub_feature_flags(blob_overflow_menu: false)
stub_feature_flags(directory_code_dropdown_updates: false)
end

4
spec/features/projects/view_on_env_spec.rb
View File

@ -41,8 +41,6 @@ RSpec.describe 'View on environment', :js, feature_category: :groups_and_project
file_path: file_path,
file_content: '# Noop'
).execute
stub_feature_flags(blob_overflow_menu: false)
end
context 'and an active deployment' do
@ -88,6 +86,7 @@ RSpec.describe 'View on environment', :js, feature_category: :groups_and_project
end
it 'has a "View on env" button' do
click_button 'File actions'
expect(page).to have_link('View on feature.review.example.com', href: 'http://feature.review.example.com/ruby/feature')
end
end
@ -102,6 +101,7 @@ RSpec.describe 'View on environment', :js, feature_category: :groups_and_project
end
it 'has a "View on env" button' do
click_button 'File actions'
expect(page).to have_link('View on feature.review.example.com', href: 'http://feature.review.example.com/ruby/feature')
end
end

Some files were not shown because too many files have changed in this diff Show More