root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2025-01-08 21:37:37 +00:00
parent 0b12b085f6
commit 4f2eee5adc
34 changed files with 359 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/controllers/projects/merge_requests_controller.rb
View File

@ -43,7 +43,6 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
push_frontend_feature_flag(:mr_pipelines_graphql, project)
push_frontend_feature_flag(:ci_graphql_pipeline_mini_graph, project)
push_frontend_feature_flag(:notifications_todos_buttons, current_user)
push_frontend_feature_flag(:vulnerability_code_flow, project)
push_frontend_feature_flag(:mr_vulnerability_code_flow, project)
push_frontend_feature_flag(:mr_show_reports_immediately, project)
end

19
app/models/concerns/bulk_insert_safe.rb
View File

@ -205,7 +205,7 @@ module BulkInsertSafe
attributes[name] = item.read_attribute(name)
end
_bulk_insert_reject_primary_key!(attributes, item.class.primary_key)
_bulk_insert_reject_primary_key!(attributes, item.class)
yield attributes if block_given?
@ -213,10 +213,19 @@ module BulkInsertSafe
end
end
def _bulk_insert_reject_primary_key!(attributes, primary_key)
if existing_pk = attributes.delete(primary_key)
raise PrimaryKeySetError, "Primary key set: #{primary_key}:#{existing_pk}\n" \
"Bulk-inserts are only supported for rows that don't already have PK set"
def _bulk_insert_reject_primary_key!(attributes, model_class)
primary_key = model_class.primary_key
existing_pk = attributes.delete(primary_key)
if existing_pk
if model_class.columns_hash[primary_key].serial?
raise PrimaryKeySetError, "Primary key set: #{primary_key}:#{existing_pk}\n" \
"#{primary_key} is a serial primary key, this is probably a mistake"
else
# If the PK is serial, then we need to delete it from attributes to avoid setting
# explicit NULLs in the insert statement. If the PK is not serial, then we'll use
# the value set in the attributes.
attributes[primary_key] = existing_pk
end
end
end

9
config/feature_flags/beta/vulnerability_code_flow.yml
View File

@ -1,9 +0,0 @@
---
name: vulnerability_code_flow
feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/458062
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/157858
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/465776
milestone: '17.2'
group: group::security platform management
type: beta
default_enabled: true

2
doc/administration/reporting/git_abuse_rate_limit.md
View File

@ -1,6 +1,6 @@
---
stage: Software Supply Chain Security
group: Anti-Abuse
group: Authorization
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/administration/reporting/ip_addr_restrictions.md
View File

@ -1,6 +1,6 @@
---
stage: Software Supply Chain Security
group: Anti-Abuse
group: Authorization
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/administration/review_abuse_reports.md
View File

@ -1,6 +1,6 @@
---
stage: Software Supply Chain Security
group: Anti-Abuse
group: Authorization
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/administration/review_spam_logs.md
View File

@ -1,6 +1,6 @@
---
stage: Software Supply Chain Security
group: Anti-Abuse
group: Authorization
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

4
doc/development/contributing/style_guides.md
View File

@ -15,7 +15,7 @@ If your editor or IDE does not automatically support `.editorconfig`, we suggest
[see if a plugin exists](https://editorconfig.org/#download). For example, a
[plugin for vim](https://github.com/editorconfig/editorconfig-vim).
## Pre-push static analysis with Lefthook
## Pre-commit and pre-push static analysis with Lefthook
[Lefthook](https://github.com/evilmartians/lefthook) is a Git hooks manager that allows
custom logic to be executed prior to Git committing or pushing. GitLab comes with
@ -86,7 +86,7 @@ LEFTHOOK=0 git push ...
### Run Lefthook hooks manually
To run the `pre-push` Git hook, run:
You can run the `pre-commit`, `pre-push`, and `auto-fix` hooks manually. For example:
```shell
bundle exec lefthook run pre-push

11
doc/development/documentation/styleguide/deprecations_and_removals.md
View File

@ -17,6 +17,17 @@ REST API docs [have a separate deprecation style](../restful_api_styleguide.md#d
The GraphQL API [has a separate deprecation process](../../../api/graphql/index.md#deprecation-and-removal-process),
and [style for the deprecation reason](../../api_graphql_styleguide.md#deprecation-reason-style-guide).
## Features not actively being developed
When a feature is no longer actively developed, but not deprecated, add the following note under
the topic title and version history:
```markdown
NOTE:
This feature is not under active development, but
[community contributions](https://about.gitlab.com/community/contribute/) are welcome.
```
## Deprecate a page or topic
To deprecate a page or topic:

8
doc/development/documentation/testing/index.md
View File

@ -259,15 +259,15 @@ Git [pre-push hooks](https://git-scm.com/book/en/v2/Customizing-Git-Git-Hooks) a
- Run tests or other processes before pushing a branch.
- Avoid pushing a branch if failures occur with these tests.
[`lefthook`](https://github.com/Arkweid/lefthook) is a Git hooks manager. It makes configuring,
[Lefthook](https://github.com/Arkweid/lefthook) is a Git hooks manager. It makes configuring,
installing, and removing Git hooks simpler. Configuration for it is available in the
[`lefthook.yml`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lefthook.yml)
file for the [`gitlab`](https://gitlab.com/gitlab-org/gitlab) project.
To set up `lefthook` for documentation linting, see
[Pre-push static analysis](../../contributing/style_guides.md#pre-push-static-analysis-with-lefthook).
To set up Lefthook for documentation linting, see
[Pre-commit and pre-push static analysis with Lefthook](../../contributing/style_guides.md#pre-commit-and-pre-push-static-analysis-with-lefthook).
To show Vale errors on push, see [Show Vale warnings on push](vale.md#show-vale-warnings-on-push).
To show Vale errors on commit or push, see [Show Vale warnings on commit or push](vale.md#show-vale-warnings-on-commit-or-push).
## Disable linting on documentation

16
doc/development/documentation/testing/vale.md
View File

@ -191,31 +191,31 @@ Ignore statements do not work for Vale rules with the `raw` scope. For more info
For more information on Vale scoping rules, see
[Vale's documentation](https://vale.sh/docs/topics/scoping/).
## Show Vale warnings on push
## Show Vale warnings on commit or push
By default, `lefthook` shows only Vale errors when pushing changes to a branch. The default branches
have no Vale errors, so any errors listed here are introduced by commits to the branch.
By default, the Vale check in Lefthook only shows error-level issues. The default branches
have no Vale errors, so any errors listed here are introduced by the commit to the branch.
To also see the Vale warnings when pushing to a branch, set a local environment variable: `VALE_WARNINGS=true`.
To also see the Vale warnings, set a local environment variable: `VALE_WARNINGS=true`.
Enable Vale warnings on push to improve the documentation suite by:
Enable Vale warnings on commit or push to improve the documentation suite by:
- Detecting warnings you might be introducing with your commits.
- Identifying warnings that already exist in the page, which you can resolve to reduce technical debt.
These warnings:
- Don't stop the push from working.
- Don't stop the commit from working.
- Don't result in a broken pipeline.
- Include all warnings for a file, not just warnings that are introduced by the commits.
To enable Vale warnings on push:
To enable Vale warnings with Lefthook:
- Automatically, add `VALE_WARNINGS=true` to your shell configuration.
- Manually, prepend `VALE_WARNINGS=true` to invocations of `lefthook`. For example:
```shell
VALE_WARNINGS=true bundle exec lefthook run pre-push
VALE_WARNINGS=true bundle exec lefthook run pre-commit
```
You can also [configure your editor](#configure-vale-in-your-editor) to show Vale warnings.

2
doc/development/identity_verification.md
View File

@ -1,6 +1,6 @@
---
stage: Software Supply Chain Security
group: Anti-Abuse
group: Authorization
info: Any user with at least the Maintainer role can merge updates to this content. For details, see https://docs.gitlab.com/ee/development/development_processes.html#development-guidelines-review.
---

2
doc/development/spam_protection_and_captcha/exploratory_testing.md
View File

@ -1,6 +1,6 @@
---
stage: Software Supply Chain Security
group: Anti-Abuse
group: Authorization
info: Any user with at least the Maintainer role can merge updates to this content. For details, see https://docs.gitlab.com/ee/development/development_processes.html#development-guidelines-review.
---

2
doc/development/spam_protection_and_captcha/graphql_api.md
View File

@ -1,6 +1,6 @@
---
stage: Software Supply Chain Security
group: Anti-Abuse
group: Authorization
info: Any user with at least the Maintainer role can merge updates to this content. For details, see https://docs.gitlab.com/ee/development/development_processes.html#development-guidelines-review.
---

2
doc/development/spam_protection_and_captcha/index.md
View File

@ -1,6 +1,6 @@
---
stage: Software Supply Chain Security
group: Anti-Abuse
group: Authorization
info: Any user with at least the Maintainer role can merge updates to this content. For details, see https://docs.gitlab.com/ee/development/development_processes.html#development-guidelines-review.
---

2
doc/development/spam_protection_and_captcha/model_and_services.md
View File

@ -1,6 +1,6 @@
---
stage: Software Supply Chain Security
group: Anti-Abuse
group: Authorization
info: Any user with at least the Maintainer role can merge updates to this content. For details, see https://docs.gitlab.com/ee/development/development_processes.html#development-guidelines-review.
---

2
doc/development/spam_protection_and_captcha/rest_api.md
View File

@ -1,6 +1,6 @@
---
stage: Software Supply Chain Security
group: Anti-Abuse
group: Authorization
info: Any user with at least the Maintainer role can merge updates to this content. For details, see https://docs.gitlab.com/ee/development/development_processes.html#development-guidelines-review.
---

2
doc/development/spam_protection_and_captcha/web_ui.md
View File

@ -1,6 +1,6 @@
---
stage: Software Supply Chain Security
group: Anti-Abuse
group: Authorization
info: Any user with at least the Maintainer role can merge updates to this content. For details, see https://docs.gitlab.com/ee/development/development_processes.html#development-guidelines-review.
---

2
doc/integration/akismet.md
View File

@ -1,6 +1,6 @@
---
stage: Software Supply Chain Security
group: Anti-Abuse
group: Authorization
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/integration/arkose.md
View File

@ -1,6 +1,6 @@
---
stage: Software Supply Chain Security
group: Anti-Abuse
group: Authorization
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/integration/recaptcha.md
View File

@ -1,6 +1,6 @@
---
stage: Software Supply Chain Security
group: Anti-Abuse
group: Authorization
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/security/email_verification.md
View File

@ -1,6 +1,6 @@
---
stage: Software Supply Chain Security
group: Anti-Abuse
group: Authorization
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/security/identity_verification.md
View File

@ -1,6 +1,6 @@
---
stage: Software Supply Chain Security
group: Anti-Abuse
group: Authorization
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

4
doc/user/application_security/policies/pipeline_execution_policies.md
View File

@ -399,7 +399,7 @@ pipeline_execution_policy:
You can customize enforced jobs, based on the presence of a project variable. In this example,
the value of `CS_IMAGE` is defined in the policy as `alpine:latest`. However, if the project
also defines the value of `CS_IMAGE`, that value is used instead. The CI/CD variable must be a
also defines the value of `PROJECT_CS_IMAGE`, that value is used instead. The CI/CD variable must be a
predefined project variable, not defined in the project's `.gitlab-ci.yml` file.
```yaml
@ -410,7 +410,7 @@ variables:
policy::container-security:
stage: .pipeline-policy-pre
rules:
- if: $CS_IMAGE
- if: $PROJECT_CS_IMAGE
variables:
CS_IMAGE: $PROJECT_CS_IMAGE
- when: always

8
doc/user/application_security/sast/gitlab_advanced_sast.md
View File

@ -165,10 +165,10 @@ On GitLab self-managed, you can activate the view by [enabling the required feat
| Location | Availability on GitLab.com | Availability on GitLab self-managed | Feature flags required |
|-------------------------------------------------------------------|-----------------------------------|-----------------------------------------------------------------------|---------------------------------------------------------------------|
| [Vulnerability Report](../vulnerability_report/index.md) | Enabled by default in GitLab 17.3 | Enabled by default in GitLab 17.6. Available in GitLab 17.3 or later. | `vulnerability_code_flow` |
| [Merge request widget](index.md#merge-request-widget) | Enabled by default in GitLab 17.6 | Enabled by default in GitLab 17.6. Available in GitLab 17.5 or later. | `vulnerability_code_flow` |
| [Pipeline security report](../vulnerability_report/pipeline.md) | Enabled by default in GitLab 17.6 | Enabled by default in GitLab 17.6. Available in GitLab 17.5 or later. | `vulnerability_code_flow` |
| [Merge request changes view](index.md#merge-request-changes-view) | Enabled by default in GitLab 17.7 | Enabled by default in GitLab 17.7. Available in GitLab 17.7 or later. | Both `vulnerability_code_flow` and `mr_vulnerability_code_flow` |
| [Vulnerability Report](../vulnerability_report/index.md) | Enabled by default in GitLab 17.3 | Enabled by default in GitLab 17.6. Available in GitLab 17.3 or later. | |
| [Merge request widget](index.md#merge-request-widget) | Enabled by default in GitLab 17.6 | Enabled by default in GitLab 17.6. Available in GitLab 17.5 or later. | |
| [Pipeline security report](../vulnerability_report/pipeline.md) | Enabled by default in GitLab 17.6 | Enabled by default in GitLab 17.6. Available in GitLab 17.5 or later. | |
| [Merge request changes view](index.md#merge-request-changes-view) | Enabled by default in GitLab 17.7 | Enabled by default in GitLab 17.7. Available in GitLab 17.7 or later. | `mr_vulnerability_code_flow` |
## Troubleshooting

25
doc/user/application_security/security_dashboard/index.md
View File

@ -112,7 +112,11 @@ To view group security dashboard:
## Security Center
The Security Center is a configurable personal space where you can view vulnerabilities across all the
projects you belong to. The Security Center includes:
projects you belong to. You can add up to 1,000 projects to the Security Center, however the **Project** listing in
the **Security Center** settings page displays a maximum of 100 projects. You can use the search filter to find projects not
shown in the first 100 projects.
The Security Center includes:
- The group Security Dashboard
- A [vulnerability report](../vulnerability_report/index.md)
@ -128,9 +132,9 @@ To view the Security Center:
The Security Center is blank by default. You must add a project which have been configured with at least one security scanner.
### Adding Projects to the Security Center
### Adding projects to the Security Center
To add projects to the Security Center:
To add projects:
1. On the left sidebar, select **Search or go to**.
1. Select **Your work**.
@ -139,7 +143,20 @@ To add projects to the Security Center:
1. Use the **Search your projects** text box to search for and select projects.
1. Select **Add projects**.
After you add projects, the security dashboard and vulnerability report show the vulnerabilities found in those projects' default branches. You can add a maximum of 1,000 projects, however the **Project** filter in the **Vulnerability Report** is limited to 100 projects.
After you add projects, the security dashboard and vulnerability report show the vulnerabilities found in those projects' default branches.
### Removing projects from the Security Center
The Security Center displays a maximum of 100 projects, so you may need to use the search function to remove a project. To remove projects:
1. On the left sidebar, select **Search or go to**.
1. Select **Your work**.
1. Expand **Security**.
1. Select **Settings**.
1. Use the **Search your projects** text box to search for the project.
1. Select **Remove project from dashboard** (**{remove}**).
After you remove projects, the security dashboard and vulnerability report no longer show the vulnerabilities found in those projects' default branches.
## Related topics

1
doc/user/group/epics/epic_work_items.md
View File

@ -19,7 +19,6 @@ DETAILS:
FLAG:
The availability of this feature is controlled by a feature flag.
For more information, see the history.
This feature is available for testing, but not ready for production use.
<!-- When epics as work items are generally available and `work_item_epics` flag is removed,
incorporate this content into epics/index.md and redirect this page there -->

2
doc/user/group/moderate_users.md
View File

@ -1,6 +1,6 @@
---
stage: Software Supply Chain Security
group: Anti-Abuse
group: Authorization
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/user/group/reporting/git_abuse_rate_limit.md
View File

@ -1,6 +1,6 @@
---
stage: Software Supply Chain Security
group: Anti-Abuse
group: Authorization
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

211
doc/user/packages/container_registry/migrate_containers_ecr_tutorial.md Normal file
View File

@ -0,0 +1,211 @@
---
stage: Package
group: Container Registry
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
---
# Tutorial: Migrate container images from Amazon ECR to GitLab
Migrating container images between registries can be time-consuming when done manually. This tutorial describes how to set up a CI/CD pipeline to automate the bulk migration of container images from Amazon Elastic Container Registry (ECR) to the GitLab container registry.
To migrate container images from ECR:
1. [Configure AWS permissions](#configure-aws-permissions)
1. [Add AWS credentials as variables in the UI](#add-aws-credentials-as-variables-in-the-ui)
1. [Create the migration pipeline](#create-the-migration-pipeline)
1. [Run and verify the migration](#run-and-verify-the-migration)
When you put it all together, your `.gitlab-ci.yml` should look similar to the [sample configuration](#example-gitlab-ciyml-configuration) provided at the end of this tutorial.
## Before you begin
You must have:
- Maintainer role or higher in your GitLab project
- Access to your AWS account with permissions to create IAM users
- Your AWS account ID
- Your AWS region where ECR repositories are located
- Sufficient storage space in your GitLab container registry
## Configure AWS permissions
In AWS IAM, create a new policy and user with read-only access to ECR:
1. In the AWS Management Console, go to IAM.
1. Create a new policy:
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:DescribeRepositories",
"ecr:ListImages",
"ecr:DescribeImages",
"ecr:BatchGetImage"
],
"Resource": "*"
}
]
}
```
1. Create a new IAM user and attach the policy.
1. Generate and save access keys for the IAM user.
## Add AWS credentials as variables in the UI
Configure the required AWS credentials as variables in your GitLab project:
1. On the left sidebar, select **Search or go to** and find your project.
1. Select **Settings > CI/CD**.
1. Expand **Variables**.
1. Select **Add variable** and add:
- `AWS_ACCOUNT_ID`: Your AWS account number.
- `AWS_DEFAULT_REGION`: Your ECR region. For example, `us-east-1`.
- `AWS_ACCESS_KEY_ID`: The access key ID from your IAM user.
- Select **Mask variable**.
- `AWS_SECRET_ACCESS_KEY`: The secret access key from your IAM user.
- Select **Mask variable**.
## Create the migration pipeline
Create a new `.gitlab-ci.yml` file in your repository with the following configurations:
### Set image and service
Use Docker-in-Docker to handle container operations:
```yaml
image: docker:20.10
services:
- docker:20.10-dind
```
### Define pipeline variables
Set up the required variables for the pipeline:
```yaml
variables:
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: ""
BULK_MIGRATE: "true"
```
### Configure the migration job
Create the migration job that handles the transfer:
```yaml
migration:
stage: deploy
script:
# Install required tools
- apk add --no-cache aws-cli jq
# Verify AWS credentials
- aws sts get-caller-identity
# Log in to registries
- aws ecr get-login-password | docker login --username AWS --password-stdin ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com
- docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY}
# Get list of ECR repositories
- REPOS=$(aws ecr describe-repositories --query 'repositories[*].repositoryName' --output text)
# Process each repository
- |
for repo in $REPOS; do
echo "Processing repository: $repo"
# Get all tags for this repository
TAGS=$(aws ecr describe-images --repository-name $repo --query 'imageDetails[*].imageTags[]' --output text)
# Process each tag
for tag in $TAGS; do
echo "Processing tag: $tag"
# Pull image from ECR
docker pull ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com/${repo}:${tag}
# Tag for GitLab registry
docker tag ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com/${repo}:${tag} ${CI_REGISTRY_IMAGE}/${repo}:${tag}
# Push to GitLab
docker push ${CI_REGISTRY_IMAGE}/${repo}:${tag}
done
done
```
## Run and verify the migration
After setting up the pipeline:
1. Commit and push the `.gitlab-ci.yml` file to your repository.
1. Go to **CI/CD > Pipelines** to monitor the migration progress.
1. After completion, verify the migration:
- Go to **Packages and registries > Container Registry**.
- Verify all repositories and tags are present.
- Test pulling some migrated images.
## Example `.gitlab-ci.yml` configuration
When you follow all the steps mentioned above, your complete `.gitlab-ci.yml` should look similar to this:
```yaml
image: docker:20.10
services:
- docker:20.10-dind
variables:
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: ""
BULK_MIGRATE: "true"
migration:
stage: deploy
script:
# Install required tools
- apk add --no-cache aws-cli jq
# Verify AWS credentials
- aws sts get-caller-identity
# Log in to registries
- aws ecr get-login-password | docker login --username AWS --password-stdin ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com
- docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY}
# Get list of ECR repositories
- REPOS=$(aws ecr describe-repositories --query 'repositories[*].repositoryName' --output text)
# Process each repository
- |
for repo in $REPOS; do
echo "Processing repository: $repo"
# Get all tags for this repository
TAGS=$(aws ecr describe-images --repository-name $repo --query 'imageDetails[*].imageTags[]' --output text)
# Process each tag
for tag in $TAGS; do
echo "Processing tag: $tag"
# Pull image from ECR
docker pull ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com/${repo}:${tag}
# Tag for GitLab registry
docker tag ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com/${repo}:${tag} ${CI_REGISTRY_IMAGE}/${repo}:${tag}
# Push to GitLab
docker push ${CI_REGISTRY_IMAGE}/${repo}:${tag}
done
done
rules:
- if: $BULK_MIGRATE == "true"
```

2
doc/user/report_abuse.md
View File

@ -1,6 +1,6 @@
---
stage: Software Supply Chain Security
group: Anti-Abuse
group: Authorization
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

32
lefthook.yml
View File

@ -162,6 +162,38 @@ pre-commit:
secrets-detection:
tags: secrets
run: .lefthook/gitleaks.sh pre-commit
docs-metadata: # See https://docs.gitlab.com/ee/development/documentation/metadata.html
tags: documentation style
files: git diff --name-only --diff-filter=d --staged
glob: 'doc/*.md'
run: scripts/lint-docs-metadata.sh {files}
docs-deprecations:
tags: documentation
files: git diff --name-only --diff-filter=d --staged
glob: 'data/deprecations/*.yml'
run: echo "Changes to deprecation files detected. Checking deprecations..\n"; bundle exec rake gitlab:docs:check_deprecations
docs-link-check:
tags: documentation
files: git diff --name-only --diff-filter=d --staged
glob: 'doc/*.md'
run: scripts/lint-docs-link-check.sh
markdownlint:
tags: documentation style
files: git diff --name-only --diff-filter=d --staged
exclude: 'doc/api/graphql/reference/index.md'
glob: 'doc/*.md'
run: yarn markdownlint {files}
mermaidlint:
tags: documentation style,backend style,frontend style
files: git diff --name-only --diff-filter=d --staged
glob: '{app,lib,ee,spec,doc,scripts}/**/*.md'
run: scripts/lint/check_mermaid.mjs {files}
vale: # Requires Vale: https://docs.gitlab.com/ee/development/documentation/testing/vale.html
tags: documentation style
files: git diff --name-only --diff-filter=d --staged
exclude: 'doc/api/graphql/reference/index.md'
glob: 'doc/*.md'
run: 'if [ $VALE_WARNINGS ]; then minWarnings=warning; else minWarnings=error; fi; if command -v vale > /dev/null 2>&1; then if ! vale --config .vale.ini --minAlertLevel $minWarnings {files}; then echo "ERROR: Fix any linting errors and make sure you are using the latest version of Vale."; exit 1; fi; else echo "ERROR: Vale not found. For more information, see https://vale.sh/docs/vale-cli/installation/."; exit 1; fi'
auto-fix:
parallel: true

2
locale/gitlab.pot
View File

@ -6863,7 +6863,7 @@ msgstr ""
msgid "Analytics|Invalid visualization configuration"
msgstr ""
msgid "Analytics|Learn more about %{docsLinkStart}AI impact analytics%{docsLinkEnd} and %{subscriptionLinkStart}GitLab Duo Pro seat usage%{subscriptionLinkEnd}."
msgid "Analytics|Learn more about %{docsLinkStart}AI impact analytics%{docsLinkEnd} and %{subscriptionLinkStart}GitLab Duo seats%{subscriptionLinkEnd}."
msgstr ""
msgid "Analytics|Line chart"

30
spec/models/concerns/bulk_insert_safe_spec.rb
View File

@ -28,6 +28,16 @@ RSpec.describe BulkInsertSafe, feature_category: :database do
end
execute("ALTER TABLE _test_bulk_insert_items_with_composite_pk ADD PRIMARY KEY (instance_id,name);")
create_table :_test_bulk_insert_with_non_serial_pk, id: false, force: true do |t|
t.integer :project_id, null: false
t.string :name
end
execute("ALTER TABLE _test_bulk_insert_with_non_serial_pk ADD PRIMARY KEY (project_id);")
execute("ALTER TABLE _test_bulk_insert_with_non_serial_pk
ADD CONSTRAINT fk_test_bulk_insert_with_non_serial_pk_fk
FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE;")
end
end
@ -36,6 +46,7 @@ RSpec.describe BulkInsertSafe, feature_category: :database do
drop_table :_test_bulk_insert_items, force: true
drop_table :_test_bulk_insert_parent_items, force: true
drop_table :_test_bulk_insert_items_with_composite_pk, force: true
drop_table :_test_bulk_insert_with_non_serial_pk, force: true
end
end
@ -270,5 +281,24 @@ RSpec.describe BulkInsertSafe, feature_category: :database do
)
end
end
context 'when the primary key is not serial' do
let_it_be(:project) { create(:project) }
let_it_be(:bulk_insert_item_class) do
Class.new(ActiveRecord::Base) do
self.table_name = '_test_bulk_insert_with_non_serial_pk'
include BulkInsertSafe
end
end
let(:new_object) { bulk_insert_item_class.new(project_id: project.id, name: 'one-to-one') }
it 'successfully inserts an item' do
expect { bulk_insert_item_class.bulk_insert!([new_object]) }.to(
change(bulk_insert_item_class, :count).from(0).to(1)
)
end
end
end
end