root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2021-10-07 21:11:49 +00:00
parent 5a71c032e8
commit 4fcfdad283
34 changed files with 374 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
app/assets/stylesheets/pages/settings.scss
View File

@ -192,19 +192,28 @@
}
}
.initialize-with-readme-setting {
.form-check {
margin-bottom: 10px;
.nested-settings {
padding-left: 20px;
}
.option-title {
font-weight: $gl-font-weight-normal;
display: inline-block;
color: $gl-text-color;
}
.input-btn-group {
display: flex;
.option-description {
color: $project-option-descr-color;
}
.input-large {
flex: 1;
}
.btn {
margin-left: 10px;
}
}
.content-list > .settings-flex-row {
display: flex;
align-items: center;
.float-right {
margin-left: auto;
}
}

8
app/controllers/projects_controller.rb
View File

@ -73,6 +73,13 @@ class ProjectsController < Projects::ApplicationController
@project = ::Projects::CreateService.new(current_user, project_params(attributes: project_params_create_attributes)).execute
if @project.saved?
experiment(:new_project_sast_enabled, user: current_user).track(:created,
property: active_new_project_tab,
checked: Gitlab::Utils.to_boolean(project_params[:initialize_with_sast]),
project: @project,
namespace: @project.namespace
)
redirect_to(
project_path(@project, custom_import_params),
notice: _("Project '%{project_name}' was successfully created.") % { project_name: @project.name }
@ -436,6 +443,7 @@ class ProjectsController < Projects::ApplicationController
:template_name,
:template_project_id,
:merge_method,
:initialize_with_sast,
:initialize_with_readme,
:autoclose_referenced_issues,
:suggestion_commit_message,

15
app/experiments/new_project_sast_enabled_experiment.rb Normal file
View File

@ -0,0 +1,15 @@
# frozen_string_literal: true
class NewProjectSastEnabledExperiment < ApplicationExperiment # rubocop:disable Gitlab/NamespacedClass
def publish(_result = nil)
super
publish_to_database
end
def candidate_behavior
end
def free_indicator_behavior
end
end

8
app/services/projects/after_rename_service.rb
View File

@ -12,6 +12,8 @@ module Projects
#
# Projects::AfterRenameService.new(project).execute
class AfterRenameService
include BaseServiceUtility
# @return [String] The Project being renamed.
attr_reader :project
@ -78,7 +80,7 @@ module Projects
def execute_system_hooks
project.old_path_with_namespace = full_path_before
SystemHooksService.new.execute_hooks_for(project, :rename)
system_hook_service.execute_hooks_for(project, :rename)
end
def update_repository_configuration
@ -110,7 +112,7 @@ module Projects
end
def log_completion
Gitlab::AppLogger.info(
log_info(
"Project #{project.id} has been renamed from " \
"#{full_path_before} to #{full_path_after}"
)
@ -140,7 +142,7 @@ module Projects
def rename_failed!
error = "Repository #{full_path_before} could not be renamed to #{full_path_after}"
Gitlab::AppLogger.error(error)
log_error(error)
raise RenameFailedError, error
end

6
app/services/projects/create_service.rb
View File

@ -8,6 +8,7 @@ module Projects
@current_user = user
@params = params.dup
@skip_wiki = @params.delete(:skip_wiki)
@initialize_with_sast = Gitlab::Utils.to_boolean(@params.delete(:initialize_with_sast))
@initialize_with_readme = Gitlab::Utils.to_boolean(@params.delete(:initialize_with_readme))
@import_data = @params.delete(:import_data)
@relations_block = @params.delete(:relations_block)
@ -118,6 +119,7 @@ module Projects
Projects::PostCreationWorker.perform_async(@project.id)
create_readme if @initialize_with_readme
create_sast_commit if @initialize_with_sast
end
# Add an authorization for the current user authorizations inline
@ -160,6 +162,10 @@ module Projects
Files::CreateService.new(@project, current_user, commit_attrs).execute
end
def create_sast_commit
::Security::CiConfiguration::SastCreateService.new(@project, current_user, {}, commit_on_default: true).execute
end
def readme_content
@readme_template.presence || experiment(:new_project_readme_content, namespace: @project.namespace).run_with(@project)
end

2
app/services/projects/transfer_service.rb
View File

@ -187,7 +187,7 @@ module Projects
end
def execute_system_hooks
SystemHooksService.new.execute_hooks_for(project, :transfer)
system_hook_service.execute_hooks_for(project, :transfer)
end
def move_project_folders(project)

6
app/services/security/ci_configuration/base_create_service.rb
View File

@ -25,7 +25,7 @@ module Security
rescue Gitlab::Git::PreReceiveError => e
ServiceResponse.error(message: e.message)
rescue StandardError
project.repository.rm_branch(current_user, branch_name) if project.repository.branch_exists?(branch_name)
remove_branch_on_exception
raise
end
@ -50,6 +50,10 @@ module Security
Gitlab::Routing.url_helpers.project_new_merge_request_url(project, merge_request: merge_request_params)
end
def remove_branch_on_exception
project.repository.rm_branch(current_user, branch_name) if project.repository.branch_exists?(branch_name)
end
def track_event(attributes_for_commit)
action = attributes_for_commit[:actions].first

17
app/services/security/ci_configuration/sast_create_service.rb
View File

@ -5,15 +5,28 @@ module Security
class SastCreateService < ::Security::CiConfiguration::BaseCreateService
attr_reader :params
def initialize(project, current_user, params)
def initialize(project, current_user, params, commit_on_default: false)
super(project, current_user)
@params = params
@commit_on_default = commit_on_default
@branch_name = project.default_branch if @commit_on_default
end
private
def remove_branch_on_exception
super unless @commit_on_default
end
def action
Security::CiConfiguration::SastBuildAction.new(project.auto_devops_enabled?, params, existing_gitlab_ci_content).generate
existing_content = begin
existing_gitlab_ci_content # this can fail on the very first commit
rescue StandardError
nil
end
Security::CiConfiguration::SastBuildAction.new(project.auto_devops_enabled?, params, existing_content).generate
end
def next_branch

39
app/views/projects/_new_project_fields.html.haml
View File

@ -58,15 +58,36 @@
= render 'shared/visibility_level', f: f, visibility_level: visibility_level.to_i, can_change_visibility_level: true, form_model: @project, with_label: false
- if !hide_init_with_readme
.form-group.row.initialize-with-readme-setting
%div{ :class => "col-sm-12" }
.form-check
= check_box_tag 'project[initialize_with_readme]', '1', true, class: 'form-check-input', data: { qa_selector: "initialize_with_readme_checkbox", track_label: "#{track_label}", track_action: "activate_form_input", track_property: "init_with_readme", track_value: "" }
= label_tag 'project[initialize_with_readme]', class: 'form-check-label' do
.option-title
%strong= s_('ProjectsNew|Initialize repository with a README')
.option-description
= s_('ProjectsNew|Allows you to immediately clone this projects repository. Skip this if you plan to push up an existing repository.')
= f.label :project_configuration, class: 'label-bold' do
= s_('ProjectsNew|Project Configuration')
.form-group
.form-check.gl-mb-3
= check_box_tag 'project[initialize_with_readme]', '1', true, class: 'form-check-input', data: { qa_selector: 'initialize_with_readme_checkbox', track_label: track_label, track_action: 'activate_form_input', track_property: 'init_with_readme' }
= label_tag 'project[initialize_with_readme]', s_('ProjectsNew|Initialize repository with a README'), class: 'form-check-label'
.form-text.text-muted
= s_('ProjectsNew|Allows you to immediately clone this projects repository. Skip this if you plan to push up an existing repository.')
- experiment(:new_project_sast_enabled, user: current_user) do |e|
- e.try do
.form-group
.form-check.gl-mb-3
= check_box_tag 'project[initialize_with_sast]', '1', true, class: 'form-check-input', data: { track_experiment: e.name, track_label: track_label, track_action: 'activate_form_input', track_property: 'init_with_sast' }
= label_tag 'project[initialize_with_sast]', class: 'form-check-label' do
= s_('ProjectsNew|Enable Static Application Security Testing (SAST)')
.form-text.text-muted
= s_('ProjectsNew|Analyze your source code for known security vulnerabilities.')
= link_to _('Learn more.'), help_page_path('user/application_security/sast/index'), target: '_blank', rel: 'noopener noreferrer', data: { track_action: 'followed', track_experiment: e.name }
- e.try(:free_indicator) do
.form-group
.form-check.gl-mb-3
= check_box_tag 'project[initialize_with_sast]', '1', true, class: 'form-check-input', data: { track_experiment: e.name, track_label: track_label, track_action: 'activate_form_input', track_property: 'init_with_sast' }
= label_tag 'project[initialize_with_sast]', class: 'form-check-label' do
= s_('ProjectsNew|Enable Static Application Security Testing (SAST)')
%span.badge.badge-info.badge-pill.gl-badge.sm= _('Free')
.form-text.text-muted
= s_('ProjectsNew|Analyze your source code for known security vulnerabilities.')
= link_to _('Learn more.'), help_page_path('user/application_security/sast/index'), target: '_blank', rel: 'noopener noreferrer', data: { track_action: 'followed', track_experiment: e.name }
= f.submit _('Create project'), class: "btn gl-button btn-confirm", data: { track_label: "#{track_label}", track_action: "click_button", track_property: "create_project", track_value: "" }
= link_to _('Cancel'), dashboard_projects_path, class: 'btn gl-button btn-default btn-cancel', data: { track_label: "#{track_label}", track_action: "click_button", track_property: "cancel", track_value: "" }

8
config/feature_flags/experiment/new_project_sast_enabled.yml Normal file
View File

@ -0,0 +1,8 @@
---
name: new_project_sast_enabled
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/70548
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/340929
milestone: '14.4'
type: experiment
group: group::adoption
default_enabled: false

18
db/migrate/20211004062942_create_coverage_fuzzing_corpuses.rb Normal file
View File

@ -0,0 +1,18 @@
# frozen_string_literal: true
class CreateCoverageFuzzingCorpuses < Gitlab::Database::Migration[1.0]
def change
create_table :coverage_fuzzing_corpuses do |t|
t.bigint :project_id, null: false
t.bigint :user_id
t.bigint :package_id, null: false
t.datetime_with_timezone :file_updated_at, null: false, default: -> { 'NOW()' }
t.timestamps_with_timezone null: false
t.index :project_id
t.index :user_id
t.index :package_id
end
end
end

15
db/migrate/20211005063519_add_foreign_key_to_corpuses_on_project.rb Normal file
View File

@ -0,0 +1,15 @@
# frozen_string_literal: true
class AddForeignKeyToCorpusesOnProject < Gitlab::Database::Migration[1.0]
disable_ddl_transaction!
def up
add_concurrent_foreign_key :coverage_fuzzing_corpuses, :projects, column: :project_id, on_delete: :cascade
end
def down
with_lock_retries do
remove_foreign_key :coverage_fuzzing_corpuses, column: :project_id
end
end
end

15
db/migrate/20211005063616_add_foreign_key_to_corpuses_on_user.rb Normal file
View File

@ -0,0 +1,15 @@
# frozen_string_literal: true
class AddForeignKeyToCorpusesOnUser < Gitlab::Database::Migration[1.0]
disable_ddl_transaction!
def up
add_concurrent_foreign_key :coverage_fuzzing_corpuses, :users, column: :user_id, on_delete: :cascade
end
def down
with_lock_retries do
remove_foreign_key :coverage_fuzzing_corpuses, column: :user_id
end
end
end

15
db/migrate/20211005063723_add_foreign_key_to_corpuses_on_package.rb Normal file
View File

@ -0,0 +1,15 @@
# frozen_string_literal: true
class AddForeignKeyToCorpusesOnPackage < Gitlab::Database::Migration[1.0]
disable_ddl_transaction!
def up
add_concurrent_foreign_key :coverage_fuzzing_corpuses, :packages_packages, column: :package_id, on_delete: :cascade
end
def down
with_lock_retries do
remove_foreign_key :coverage_fuzzing_corpuses, column: :package_id
end
end
end

1
db/schema_migrations/20211004062942 Normal file
View File

@ -0,0 +1 @@
95dcfdc6c03705b0db5e96d669051edf335b5d6501243f70588f9b73478116a6

1
db/schema_migrations/20211005063519 Normal file
View File

@ -0,0 +1 @@
e45163c2d0d691fb5deab86d024c4edb8e3cd350271418e1ff132c31e2ca90a3

1
db/schema_migrations/20211005063616 Normal file
View File

@ -0,0 +1 @@
20d35e9baae343bccbb67a25eacd7fdb4b32fd4cedd95e6f8f7a2933470350fb

1
db/schema_migrations/20211005063723 Normal file
View File

@ -0,0 +1 @@
4659ab6d971b03d9b44dda72fe1b571c5050fd6892cb4f16f2ca1ced0905c1ce

39
db/structure.sql
View File

@ -12765,6 +12765,25 @@ CREATE SEQUENCE conversational_development_index_metrics_id_seq
ALTER SEQUENCE conversational_development_index_metrics_id_seq OWNED BY conversational_development_index_metrics.id;
CREATE TABLE coverage_fuzzing_corpuses (
id bigint NOT NULL,
project_id bigint NOT NULL,
user_id bigint,
package_id bigint NOT NULL,
file_updated_at timestamp with time zone DEFAULT now() NOT NULL,
created_at timestamp with time zone NOT NULL,
updated_at timestamp with time zone NOT NULL
);
CREATE SEQUENCE coverage_fuzzing_corpuses_id_seq
START WITH 1
INCREMENT BY 1
NO MINVALUE
NO MAXVALUE
CACHE 1;
ALTER SEQUENCE coverage_fuzzing_corpuses_id_seq OWNED BY coverage_fuzzing_corpuses.id;
CREATE TABLE csv_issue_imports (
id bigint NOT NULL,
project_id bigint NOT NULL,
@ -21188,6 +21207,8 @@ ALTER TABLE ONLY container_repositories ALTER COLUMN id SET DEFAULT nextval('con
ALTER TABLE ONLY conversational_development_index_metrics ALTER COLUMN id SET DEFAULT nextval('conversational_development_index_metrics_id_seq'::regclass);
ALTER TABLE ONLY coverage_fuzzing_corpuses ALTER COLUMN id SET DEFAULT nextval('coverage_fuzzing_corpuses_id_seq'::regclass);
ALTER TABLE ONLY csv_issue_imports ALTER COLUMN id SET DEFAULT nextval('csv_issue_imports_id_seq'::regclass);
ALTER TABLE ONLY custom_emoji ALTER COLUMN id SET DEFAULT nextval('custom_emoji_id_seq'::regclass);
@ -22704,6 +22725,9 @@ ALTER TABLE ONLY container_repositories
ALTER TABLE ONLY conversational_development_index_metrics
ADD CONSTRAINT conversational_development_index_metrics_pkey PRIMARY KEY (id);
ALTER TABLE ONLY coverage_fuzzing_corpuses
ADD CONSTRAINT coverage_fuzzing_corpuses_pkey PRIMARY KEY (id);
ALTER TABLE ONLY csv_issue_imports
ADD CONSTRAINT csv_issue_imports_pkey PRIMARY KEY (id);
@ -24856,6 +24880,12 @@ CREATE UNIQUE INDEX index_container_repositories_on_project_id_and_name ON conta
CREATE INDEX index_container_repository_on_name_trigram ON container_repositories USING gin (name gin_trgm_ops);
CREATE INDEX index_coverage_fuzzing_corpuses_on_package_id ON coverage_fuzzing_corpuses USING btree (package_id);
CREATE INDEX index_coverage_fuzzing_corpuses_on_project_id ON coverage_fuzzing_corpuses USING btree (project_id);
CREATE INDEX index_coverage_fuzzing_corpuses_on_user_id ON coverage_fuzzing_corpuses USING btree (user_id);
CREATE INDEX index_created_at_on_codeowner_approval_merge_request_rules ON approval_merge_request_rules USING btree (created_at) WHERE ((rule_type = 2) AND (section <> 'codeowners'::text));
CREATE INDEX index_csv_issue_imports_on_project_id ON csv_issue_imports USING btree (project_id);
@ -27555,6 +27585,9 @@ ALTER TABLE ONLY boards
ALTER TABLE ONLY epics
ADD CONSTRAINT fk_1fbed67632 FOREIGN KEY (start_date_sourcing_milestone_id) REFERENCES milestones(id) ON DELETE SET NULL;
ALTER TABLE ONLY coverage_fuzzing_corpuses
ADD CONSTRAINT fk_204d40056a FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE;
ALTER TABLE ONLY geo_container_repository_updated_events
ADD CONSTRAINT fk_212c89c706 FOREIGN KEY (container_repository_id) REFERENCES container_repositories(id) ON DELETE CASCADE;
@ -27594,6 +27627,9 @@ ALTER TABLE ONLY geo_event_log
ALTER TABLE ONLY deployments
ADD CONSTRAINT fk_289bba3222 FOREIGN KEY (cluster_id) REFERENCES clusters(id) ON DELETE SET NULL;
ALTER TABLE ONLY coverage_fuzzing_corpuses
ADD CONSTRAINT fk_29f6f15f82 FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE;
ALTER TABLE ONLY agent_group_authorizations
ADD CONSTRAINT fk_2c9f941965 FOREIGN KEY (group_id) REFERENCES namespaces(id) ON DELETE CASCADE;
@ -28236,6 +28272,9 @@ ALTER TABLE ONLY application_settings
ALTER TABLE ONLY events
ADD CONSTRAINT fk_edfd187b6f FOREIGN KEY (author_id) REFERENCES users(id) ON DELETE CASCADE;
ALTER TABLE ONLY coverage_fuzzing_corpuses
ADD CONSTRAINT fk_ef5ebf339f FOREIGN KEY (package_id) REFERENCES packages_packages(id) ON DELETE CASCADE;
ALTER TABLE ONLY vulnerabilities
ADD CONSTRAINT fk_efb96ab1e2 FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE;

13
doc/administration/pages/index.md
View File

@ -7,12 +7,6 @@ description: 'Learn how to administer GitLab Pages.'
# GitLab Pages administration **(FREE SELF)**
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/80) in GitLab EE 8.3.
> - Custom CNAMEs with TLS support were [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/173) in GitLab EE 8.5.
> - GitLab Pages [was ported](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/14605) to Community Edition in GitLab 8.17.
> - Support for subgroup project's websites was
> [introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/30548) in GitLab 11.8.
GitLab Pages allows for hosting of static sites. It must be configured by an
administrator. Separate [user documentation](../../user/project/pages/index.md) is available.
@ -382,8 +376,6 @@ To enable it:
### Access control
> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/33422) in GitLab 11.5.
GitLab Pages access control can be configured per-project, and allows access to a Pages
site to be controlled based on a user's membership to that project.
@ -524,9 +516,6 @@ After an archive reaches `zip_cache_expiration`, it's marked as expired and remo
## Activate verbose logging for daemon
Verbose logging was [introduced](https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/2533) in
Omnibus GitLab 11.1.
Follow the steps below to configure verbose logging of GitLab Pages daemon.
1. By default the daemon only logs with `INFO` level.
@ -603,8 +592,6 @@ the below steps to do a no downtime transfer to a new storage location.
## Configure listener for reverse proxy requests
> [Introduced](https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/2533) in Omnibus GitLab 11.1.
Follow the steps below to configure the proxy listener of GitLab Pages.
1. By default the listener is configured to listen for requests on `localhost:8090`.

2
doc/integration/elasticsearch.md
View File

@ -461,6 +461,8 @@ The following are some available Rake tasks:
| Task | Description |
|:--------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| [`sudo gitlab-rake gitlab:elastic:index`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/tasks/gitlab/elastic.rake) | Enables Elasticsearch indexing and run `gitlab:elastic:create_empty_index`, `gitlab:elastic:clear_index_status`, `gitlab:elastic:index_projects`, and `gitlab:elastic:index_snippets`. |
| [`sudo gitlab-rake gitlab:elastic:pause_indexing`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/tasks/gitlab/elastic.rake) | Pauses Elasticsearch indexing. Changes are still tracked. Useful for cluster/index migrations. |
| [`sudo gitlab-rake gitlab:elastic:resume_indexing`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/tasks/gitlab/elastic.rake) | Resumes Elasticsearch indexing. |
| [`sudo gitlab-rake gitlab:elastic:index_projects`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/tasks/gitlab/elastic.rake) | Iterates over all projects and queues Sidekiq jobs to index them in the background. |
| [`sudo gitlab-rake gitlab:elastic:index_projects_status`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/tasks/gitlab/elastic.rake) | Determines the overall status of the indexing. It is done by counting the total number of indexed projects, dividing by a count of the total number of projects, then multiplying by 100. |
| [`sudo gitlab-rake gitlab:elastic:clear_index_status`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/tasks/gitlab/elastic.rake) | Deletes all instances of IndexStatus for all projects. Note that this command will result in a complete wipe of the index, and it should be used with caution. |

3
doc/integration/vault.md
View File

@ -2,13 +2,10 @@
stage: Release
group: Release
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
type: reference, howto
---
# Vault Authentication with GitLab OpenID Connect **(FREE)**
> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/22323) in GitLab 9.0
[Vault](https://www.vaultproject.io/) is a secrets management application offered by HashiCorp.
It allows you to store and manage sensitive information such as secret environment variables, encryption keys, and authentication tokens.
Vault offers Identity-based Access, which means Vault users can authenticate through several of their preferred cloud providers.

2
doc/subscriptions/bronze_starter.md
View File

@ -68,7 +68,7 @@ the tiers are no longer mentioned in GitLab documentation:
- [Full code quality reports in the code quality tab](../user/project/merge_requests/code_quality.md#code-quality-reports)
- [Merge request approvals](../user/project/merge_requests/approvals/index.md)
- [Multiple assignees](../user/project/merge_requests/getting_started.md#multiple-assignees)
- [Approval Rule information for Reviewers](../user/project/merge_requests/reviews/index.md#approval-rule-information-for-reviewers) **(PREMIUM)**
- [Approval Rule information for Reviewers](../user/project/merge_requests/reviews/index.md#approval-rule-information-for-reviewers)
- [Required Approvals](../user/project/merge_requests/approvals/index.md#required-approvals)
- [Code Owners as eligible approvers](../user/project/merge_requests/approvals/rules.md#code-owners-as-eligible-approvers)
- [Approval rules](../user/project/merge_requests/approvals/rules.md) features

2
doc/subscriptions/quarterly_reconciliation.md
View File

@ -4,7 +4,7 @@ group: Purchase
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
---
# The quarterly subscription reconciliation process
# The quarterly subscription reconciliation process **(PREMIUM)**
GitLab reviews your seat usage every quarter and sends you an invoice for
any overages.

4
doc/subscriptions/self_managed/index.md
View File

@ -25,8 +25,8 @@ changes to their subscription.
The cost of a GitLab self-managed subscription is determined by the following:
- GitLab tier
- Subscription seats
- [GitLab tier](https://about.gitlab.com/pricing/)
- [Subscription seats](#subscription-seats)
## Choose a GitLab tier

2
doc/topics/application_development_platform/index.md
View File

@ -4,7 +4,7 @@ group: unassigned
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
---
# Application Development Platform
# Application Development Platform **(FREE)**
The GitLab Application Development Platform refers to the set of GitLab features used to create, configure, and manage
a complete software development environment. It provides development, operations, and security teams with a robust feature set aimed at supporting best practices out of the box.

8
doc/user/project/deploy_tokens/index.md
View File

@ -2,12 +2,10 @@
stage: Release
group: Release
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
type: howto
---
# Deploy tokens
> - [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/17894) in GitLab 10.7.
> - [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/199370) from **Settings > Repository** in GitLab 12.9.
> - [Added `write_registry` scope](https://gitlab.com/gitlab-org/gitlab/-/issues/22743) in GitLab 12.10.
> - [Moved](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/29280) from **Settings > CI/CD** in GitLab 12.10.1.
@ -59,8 +57,8 @@ following table along with GitLab version it was introduced in:
| Scope | Description | Introduced in GitLab Version |
|--------------------------|-------------|------------------------------|
| `read_repository` | Allows read-access to the repository through `git clone` | 10.7 |
| `read_registry` | Allows read-access to [container registry](../../packages/container_registry/index.md) images if a project is private and authorization is required. | 10.7 |
| `read_repository` | Allows read-access to the repository through `git clone` | -- |
| `read_registry` | Allows read-access to [container registry](../../packages/container_registry/index.md) images if a project is private and authorization is required. | -- |
| `write_registry` | Allows write-access (push) to [container registry](../../packages/container_registry/index.md). | 12.10 |
| `read_package_registry` | Allows read access to the package registry. | 13.0 |
| `write_package_registry` | Allows write access to the package registry. | 13.0 |
@ -185,8 +183,6 @@ To pull images from the Dependency Proxy, you must:
### GitLab deploy token
> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/18414) in GitLab 10.8.
There's a special case when it comes to deploy tokens. If a user creates one
named `gitlab-deploy-token`, the username and token of the deploy token is
automatically exposed to the CI/CD jobs as CI/CD variables: `CI_DEPLOY_USER`

2
doc/user/project/pages/custom_domains_ssl_tls_certification/index.md
View File

@ -290,8 +290,6 @@ Sublime Text, Atom, Dreamweaver, Brackets, etc).
## Force HTTPS for GitLab Pages websites
> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/28857) in GitLab 10.7.
To make your website's visitors even more secure, you can choose to
force HTTPS for GitLab Pages. By doing so, all attempts to visit your
website through HTTP are automatically redirected to HTTPS through 301.

24
locale/gitlab.pot
View File

@ -14860,6 +14860,9 @@ msgstr ""
msgid "Framework successfully deleted"
msgstr ""
msgid "Free"
msgstr ""
msgid "Free Trial of GitLab.com Ultimate"
msgstr ""
@ -19192,6 +19195,9 @@ msgstr ""
msgid "Iterations|The duration for each iteration (in weeks)"
msgstr ""
msgid "Iterations|The iteration has been deleted."
msgstr ""
msgid "Iterations|The start date of your first iteration"
msgstr ""
@ -23684,6 +23690,9 @@ msgstr ""
msgid "OnDemandScans|My daily scan"
msgstr ""
msgid "OnDemandScans|New DAST scan"
msgstr ""
msgid "OnDemandScans|New on-demand DAST scan"
msgstr ""
@ -23696,6 +23705,12 @@ msgstr ""
msgid "OnDemandScans|On-demand Scans"
msgstr ""
msgid "OnDemandScans|On-demand scans"
msgstr ""
msgid "OnDemandScans|On-demand scans run outside of DevOps cycle and find vulnerabilities in your projects. %{learnMoreLinkStart}Lean more%{learnMoreLinkEnd}."
msgstr ""
msgid "OnDemandScans|On-demand scans run outside the DevOps cycle and find vulnerabilities in your projects. %{learnMoreLinkStart}Learn more%{learnMoreLinkEnd}"
msgstr ""
@ -27049,6 +27064,9 @@ msgstr ""
msgid "ProjectsNew|Allows you to immediately clone this projects repository. Skip this if you plan to push up an existing repository."
msgstr ""
msgid "ProjectsNew|Analyze your source code for known security vulnerabilities."
msgstr ""
msgid "ProjectsNew|Connect your external repository to GitLab CI/CD."
msgstr ""
@ -27076,6 +27094,9 @@ msgstr ""
msgid "ProjectsNew|Description format"
msgstr ""
msgid "ProjectsNew|Enable Static Application Security Testing (SAST)"
msgstr ""
msgid "ProjectsNew|Import"
msgstr ""
@ -27091,6 +27112,9 @@ msgstr ""
msgid "ProjectsNew|No import options available"
msgstr ""
msgid "ProjectsNew|Project Configuration"
msgstr ""
msgid "ProjectsNew|Project description %{tag_start}(optional)%{tag_end}"
msgstr ""

66
spec/controllers/projects_controller_spec.rb
View File

@ -420,42 +420,66 @@ RSpec.describe ProjectsController do
end
describe 'POST create' do
let!(:params) do
{
path: 'foo',
description: 'bar',
import_url: project.http_url_to_repo,
namespace_id: user.namespace.id
}
end
subject { post :create, params: { project: params } }
before do
sign_in(user)
end
context 'when import by url is disabled' do
before do
stub_application_setting(import_sources: [])
context 'on import' do
let(:params) do
{
path: 'foo',
description: 'bar',
namespace_id: user.namespace.id,
import_url: project.http_url_to_repo
}
end
it 'does not create project and reports an error' do
expect { subject }.not_to change { Project.count }
context 'when import by url is disabled' do
before do
stub_application_setting(import_sources: [])
end
expect(response).to have_gitlab_http_status(:not_found)
it 'does not create project and reports an error' do
expect { subject }.not_to change { Project.count }
expect(response).to have_gitlab_http_status(:not_found)
end
end
context 'when import by url is enabled' do
before do
stub_application_setting(import_sources: ['git'])
end
it 'creates project' do
expect { subject }.to change { Project.count }
expect(response).to have_gitlab_http_status(:redirect)
end
end
end
context 'when import by url is enabled' do
before do
stub_application_setting(import_sources: ['git'])
context 'with new_project_sast_enabled', :experiment do
let(:params) do
{
path: 'foo',
description: 'bar',
namespace_id: user.namespace.id,
initialize_with_sast: '1'
}
end
it 'creates project' do
expect { subject }.to change { Project.count }
it 'tracks an event on project creation' do
expect(experiment(:new_project_sast_enabled)).to track(:created,
property: 'blank',
checked: true,
project: an_instance_of(Project),
namespace: user.namespace
).on_next_instance.with_context(user: user)
expect(response).to have_gitlab_http_status(:redirect)
post :create, params: { project: params }
end
end
end

15
spec/experiments/new_project_sast_enabled_experiment_spec.rb Normal file
View File

@ -0,0 +1,15 @@
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe NewProjectSastEnabledExperiment do
it "defines the expected behaviors and variants" do
expect(subject.behaviors.keys).to match_array(%w[control candidate free_indicator])
end
it "publishes to the database" do
expect(subject).to receive(:publish_to_database)
subject.publish
end
end

23
spec/features/projects/user_creates_project_spec.rb
View File

@ -33,6 +33,29 @@ RSpec.describe 'User creates a project', :js do
expect(page).to have_content(project.url_to_repo)
end
it 'creates a new project that is not blank' do
stub_experiments(new_project_sast_enabled: 'candidate')
visit(new_project_path)
find('[data-qa-panel-name="blank_project"]').click # rubocop:disable QA/SelectorUsage
fill_in(:project_name, with: 'With initial commits')
expect(page).to have_checked_field 'Initialize repository with a README'
expect(page).to have_checked_field 'Enable Static Application Security Testing (SAST)'
page.within('#content-body') do
click_button('Create project')
end
project = Project.last
expect(current_path).to eq(project_path(project))
expect(page).to have_content('With initial commits')
expect(page).to have_content('Configure SAST in `.gitlab-ci.yml`, creating this file if it does not already exist')
expect(page).to have_content('README.md Initial commit')
end
context 'in a subgroup they do not own' do
let(:parent) { create(:group) }
let!(:subgroup) { create(:group, parent: parent) }

16
spec/services/projects/create_service_spec.rb
View File

@ -622,6 +622,22 @@ RSpec.describe Projects::CreateService, '#execute' do
end
end
context 'when SAST initialization is requested' do
let(:project) { create_project(user, opts) }
before do
opts[:initialize_with_sast] = '1'
allow(Gitlab::CurrentSettings).to receive(:default_branch_name).and_return('main')
end
it 'creates a commit for SAST', :aggregate_failures do
expect(project.repository.commit_count).to be(1)
expect(project.repository.commit.message).to eq(
'Configure SAST in `.gitlab-ci.yml`, creating this file if it does not already exist'
)
end
end
describe 'create integration for the project' do
subject(:project) { create_project(user, opts) }

23
spec/services/security/ci_configuration/sast_create_service_spec.rb
View File

@ -23,4 +23,27 @@ RSpec.describe Security::CiConfiguration::SastCreateService, :snowplow do
end
include_examples 'services security ci configuration create service'
context "when committing to the default branch", :aggregate_failures do
subject(:result) { described_class.new(project, user, params, commit_on_default: true).execute }
let(:params) { {} }
before do
project.add_developer(user)
end
it "doesn't try to remove that branch on raised exceptions" do
expect(Files::MultiService).to receive(:new).and_raise(StandardError, '_exception_')
expect(project.repository).not_to receive(:rm_branch)
expect { result }.to raise_error(StandardError, '_exception_')
end
it "commits directly to the default branch" do
expect(result.status).to eq(:success)
expect(result.payload[:success_path]).to match(/#{Gitlab::Routing.url_helpers.project_new_merge_request_url(project, {})}(.*)description(.*)source_branch/)
expect(result.payload[:branch]).to eq('master')
end
end
end