diff --git a/.gitlab/CODEOWNERS b/.gitlab/CODEOWNERS
index 133b1920c28..cea797ef75f 100644
--- a/.gitlab/CODEOWNERS
+++ b/.gitlab/CODEOWNERS
@@ -1251,6 +1251,7 @@ lib/gitlab/checks/**
/app/assets/javascripts/packages_and_registries/dependency_proxy/
/app/assets/javascripts/packages_and_registries/harbor_registry/
/ee/app/services/ee/auth/container_registry_authentication_service.rb
+app/services/auth/container_registry_authentication_service.rb
[Authentication] @gitlab-org/software-supply-chain-security/authentication/approvers
/app/assets/javascripts/access_tokens/
diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml
index ab82a1b31aa..c4ef7ff11d7 100644
--- a/.gitlab/ci/rules.gitlab-ci.yml
+++ b/.gitlab/ci/rules.gitlab-ci.yml
@@ -725,6 +725,12 @@
- "tooling/custom_roles/docs/templates/custom_abilities.md.erb"
- "ee/{lib/,spec/}tasks/gitlab/custom_roles/*"
+.ci-job-token-policies-patterns: &ci-job-token-policies-patterns
+ - "{,ee/}lib/api/*.rb"
+ - "app/validators/json_schemas/ci_job_token_policies.json"
+ - "doc/ci/jobs/fine_grained_permissions.md"
+ - "tooling/ci/job_tokens/docs/templates/fine_grained_permissions.md.erb"
+
.cng-orchestrator-patterns: &cng-orchestrator-patterns
- "qa/gems/gitlab-cng/**/*.rb"
- "qa/gems/gitlab-cng/{Gemfile,Gemfile.lock}"
@@ -1262,6 +1268,14 @@
- <<: *if-default-refs
changes: *custom-roles-patterns
+#############################
+# CI job token policy rules #
+#############################
+.ci-job-token-policies:rules:ci-job-token-policies-verify:
+ rules:
+ - <<: *if-default-refs
+ changes: *ci-job-token-policies-patterns
+
##################
# Frontend rules #
##################
diff --git a/.gitlab/ci/static-analysis.gitlab-ci.yml b/.gitlab/ci/static-analysis.gitlab-ci.yml
index a540f634cff..197add3f142 100644
--- a/.gitlab/ci/static-analysis.gitlab-ci.yml
+++ b/.gitlab/ci/static-analysis.gitlab-ci.yml
@@ -243,6 +243,19 @@ custom-roles-verify:
script:
- bundle exec rake gitlab:custom_roles:check_docs
+ci-job-token-policies-verify:
+ variables:
+ SETUP_DB: "false"
+ extends:
+ - .default-retry
+ - .ruby-cache
+ - .default-before_script
+ - .ci-job-token-policies:rules:ci-job-token-policies-verify
+ stage: lint
+ needs: []
+ script:
+ - bundle exec rake ci:job_tokens:check_policies
+
templates-shellcheck:
extends:
- .ci-templates:rules:shellcheck
diff --git a/.gitlab/ci/test-on-omnibus/main.gitlab-ci.yml b/.gitlab/ci/test-on-omnibus/main.gitlab-ci.yml
index 18f10146eb3..333a52e9d82 100644
--- a/.gitlab/ci/test-on-omnibus/main.gitlab-ci.yml
+++ b/.gitlab/ci/test-on-omnibus/main.gitlab-ci.yml
@@ -268,6 +268,17 @@ importers:
rules:
- if: $QA_SUITES =~ /Test::Integration::Import/
+import-with-smtp:
+ extends:
+ - .qa
+ - .failure-videos
+ variables:
+ QA_SCENARIO: Test::Integration::ImportWithSMTP
+ rules:
+ - !reference [.rules:test:qa, rules]
+ - if: $QA_SUITES =~ /Test::Integration::ImportWithSMTP/
+ - !reference [.rules:test:manual, rules]
+
# ========== ai-gateway ===========
ai-gateway:
extends:
diff --git a/.rubocop_todo/gitlab/bounded_contexts.yml b/.rubocop_todo/gitlab/bounded_contexts.yml
index 05957e372dc..6b4b5300313 100644
--- a/.rubocop_todo/gitlab/bounded_contexts.yml
+++ b/.rubocop_todo/gitlab/bounded_contexts.yml
@@ -239,7 +239,6 @@ Gitlab/BoundedContexts:
- 'app/graphql/resolvers/board_lists_resolver.rb'
- 'app/graphql/resolvers/board_resolver.rb'
- 'app/graphql/resolvers/boards_resolver.rb'
- - 'app/graphql/resolvers/branch_commit_resolver.rb'
- 'app/graphql/resolvers/bulk_labels_resolver.rb'
- 'app/graphql/resolvers/codequality_reports_comparer_resolver.rb'
- 'app/graphql/resolvers/commit_pipelines_resolver.rb'
@@ -3209,7 +3208,6 @@ Gitlab/BoundedContexts:
- 'ee/app/services/elastic/data_migration_service.rb'
- 'ee/app/services/elastic/index_projects_by_id_service.rb'
- 'ee/app/services/elastic/index_projects_by_range_service.rb'
- - 'ee/app/services/elastic/indexing_control_service.rb'
- 'ee/app/services/elastic/process_bookkeeping_service.rb'
- 'ee/app/services/elastic/process_initial_bookkeeping_service.rb'
- 'ee/app/services/epic_issues/create_service.rb'
@@ -3448,7 +3446,6 @@ Gitlab/BoundedContexts:
- 'ee/app/workers/click_house/events_sync_worker.rb'
- 'ee/app/workers/click_house/rebuild_materialized_view_cron_worker.rb'
- 'ee/app/workers/concerns/elastic/bulk_cron_worker.rb'
- - 'ee/app/workers/concerns/elastic/indexing_control.rb'
- 'ee/app/workers/concerns/elastic/migration_backfill_helper.rb'
- 'ee/app/workers/concerns/elastic/migration_create_index.rb'
- 'ee/app/workers/concerns/elastic/migration_helper.rb'
diff --git a/.rubocop_todo/layout/line_length.yml b/.rubocop_todo/layout/line_length.yml
index 7fe8c9fffda..d5a35a16f06 100644
--- a/.rubocop_todo/layout/line_length.yml
+++ b/.rubocop_todo/layout/line_length.yml
@@ -1734,7 +1734,6 @@ Layout/LineLength:
- 'ee/spec/services/ee/users/destroy_service_spec.rb'
- 'ee/spec/services/ee/users/update_service_spec.rb'
- 'ee/spec/services/elastic/data_migration_service_spec.rb'
- - 'ee/spec/services/elastic/indexing_control_service_spec.rb'
- 'ee/spec/services/elastic/process_initial_bookkeeping_service_spec.rb'
- 'ee/spec/services/epic_issues/create_service_spec.rb'
- 'ee/spec/services/epics/issue_promote_service_spec.rb'
diff --git a/.rubocop_todo/lint/unused_method_argument.yml b/.rubocop_todo/lint/unused_method_argument.yml
index a8ab58dafd8..0229e6ae938 100644
--- a/.rubocop_todo/lint/unused_method_argument.yml
+++ b/.rubocop_todo/lint/unused_method_argument.yml
@@ -20,7 +20,6 @@ Lint/UnusedMethodArgument:
- 'app/graphql/mutations/notes/create/image_diff_note.rb'
- 'app/graphql/resolvers/base_resolver.rb'
- 'app/graphql/resolvers/board_list_issues_resolver.rb'
- - 'app/graphql/resolvers/branch_commit_resolver.rb'
- 'app/graphql/resolvers/ci/runner_groups_resolver.rb'
- 'app/graphql/resolvers/ci/runner_platforms_resolver.rb'
- 'app/graphql/resolvers/ci/runner_setup_resolver.rb'
diff --git a/.rubocop_todo/rspec/any_instance_of.yml b/.rubocop_todo/rspec/any_instance_of.yml
index e02d2fe91d1..8f4f1112452 100644
--- a/.rubocop_todo/rspec/any_instance_of.yml
+++ b/.rubocop_todo/rspec/any_instance_of.yml
@@ -52,7 +52,6 @@ RSpec/AnyInstanceOf:
- 'ee/spec/support/shared_examples/lib/gitlab/geo/geo_logs_event_source_info_shared_examples.rb'
- 'ee/spec/support/shared_examples/models/member_shared_examples.rb'
- 'ee/spec/support/shared_examples/services/base_sync_service_shared_examples.rb'
- - 'ee/spec/workers/concerns/elastic/indexing_control_spec.rb'
- 'ee/spec/workers/geo/registry_sync_worker_spec.rb'
- 'ee/spec/workers/project_cache_worker_spec.rb'
- 'ee/spec/workers/repository_import_worker_spec.rb'
diff --git a/.rubocop_todo/rspec/be_eq.yml b/.rubocop_todo/rspec/be_eq.yml
index d1bd2086139..c415088857f 100644
--- a/.rubocop_todo/rspec/be_eq.yml
+++ b/.rubocop_todo/rspec/be_eq.yml
@@ -23,8 +23,6 @@ RSpec/BeEq:
- 'ee/spec/controllers/projects/settings/operations_controller_spec.rb'
- 'ee/spec/controllers/projects/settings/repository_controller_spec.rb'
- 'ee/spec/controllers/projects_controller_spec.rb'
- - 'ee/spec/elastic/migrate/20240814231502_remove_work_item_access_level_from_work_item_spec.rb'
- - 'ee/spec/elastic/migrate/20241002103536_reindex_merge_requests_for_title_completion_spec.rb'
- 'ee/spec/elastic/migrate/20241017094601_add_embedding_to_work_items_opensearch_spec.rb'
- 'ee/spec/features/admin/admin_emails_spec.rb'
- 'ee/spec/features/admin/admin_settings_spec.rb'
@@ -529,7 +527,6 @@ RSpec/BeEq:
- 'ee/spec/workers/ee/repository_check/batch_worker_spec.rb'
- 'ee/spec/workers/ee/repository_check/single_repository_worker_spec.rb'
- 'ee/spec/workers/elastic_cluster_reindexing_cron_worker_spec.rb'
- - 'ee/spec/workers/elastic_index_bulk_cron_worker_spec.rb'
- 'ee/spec/workers/elastic_remove_expired_namespace_subscriptions_from_index_cron_worker_spec.rb'
- 'ee/spec/workers/llm/completion_worker_spec.rb'
- 'ee/spec/workers/product_analytics/initialize_snowplow_product_analytics_worker_spec.rb'
diff --git a/.rubocop_todo/rspec/context_wording.yml b/.rubocop_todo/rspec/context_wording.yml
index 3f945187a52..597f2a64dfd 100644
--- a/.rubocop_todo/rspec/context_wording.yml
+++ b/.rubocop_todo/rspec/context_wording.yml
@@ -657,7 +657,6 @@ RSpec/ContextWording:
- 'ee/spec/services/ee/users/update_service_spec.rb'
- 'ee/spec/services/ee/vulnerability_feedback_module/update_service_spec.rb'
- 'ee/spec/services/elastic/data_migration_service_spec.rb'
- - 'ee/spec/services/elastic/indexing_control_service_spec.rb'
- 'ee/spec/services/epic_issues/destroy_service_spec.rb'
- 'ee/spec/services/epic_issues/list_service_spec.rb'
- 'ee/spec/services/epic_issues/update_service_spec.rb'
@@ -811,7 +810,6 @@ RSpec/ContextWording:
- 'ee/spec/workers/ci/runners/stale_group_runners_prune_cron_worker_spec.rb'
- 'ee/spec/workers/ci/upstream_projects_subscriptions_cleanup_worker_spec.rb'
- 'ee/spec/workers/ee/repository_check/batch_worker_spec.rb'
- - 'ee/spec/workers/elastic_indexing_control_worker_spec.rb'
- 'ee/spec/workers/geo/prune_event_log_worker_spec.rb'
- 'ee/spec/workers/geo/verification_timeout_worker_spec.rb'
- 'ee/spec/workers/group_saml_group_sync_worker_spec.rb'
diff --git a/.rubocop_todo/rspec/expect_change.yml b/.rubocop_todo/rspec/expect_change.yml
index 110044f2bcf..44f2a5d7e36 100644
--- a/.rubocop_todo/rspec/expect_change.yml
+++ b/.rubocop_todo/rspec/expect_change.yml
@@ -97,7 +97,6 @@ RSpec/ExpectChange:
- 'ee/spec/services/ee/users/block_service_spec.rb'
- 'ee/spec/services/ee/users/create_service_spec.rb'
- 'ee/spec/services/ee/users/destroy_service_spec.rb'
- - 'ee/spec/services/elastic/indexing_control_service_spec.rb'
- 'ee/spec/services/epic_issues/create_service_spec.rb'
- 'ee/spec/services/epics/issue_promote_service_spec.rb'
- 'ee/spec/services/epics/transfer_service_spec.rb'
diff --git a/.rubocop_todo/rspec/expect_in_hook.yml b/.rubocop_todo/rspec/expect_in_hook.yml
index 040f573de4d..82373b3b1a7 100644
--- a/.rubocop_todo/rspec/expect_in_hook.yml
+++ b/.rubocop_todo/rspec/expect_in_hook.yml
@@ -67,7 +67,6 @@ RSpec/ExpectInHook:
- 'ee/spec/tasks/gitlab/license_rake_spec.rb'
- 'ee/spec/tasks/gitlab/spdx_rake_spec.rb'
- 'ee/spec/workers/analytics/cycle_analytics/consistency_worker_spec.rb'
- - 'ee/spec/workers/elastic_indexing_control_worker_spec.rb'
- 'ee/spec/workers/geo/secondary/registry_consistency_worker_spec.rb'
- 'ee/spec/workers/geo/verification_state_backfill_worker_spec.rb'
- 'qa/qa/specs/features/ee/browser_ui/11_fulfillment/license/cloud_activation_spec.rb'
diff --git a/.rubocop_todo/rspec/feature_category.yml b/.rubocop_todo/rspec/feature_category.yml
index d29c0d7423f..cac9a0613ec 100644
--- a/.rubocop_todo/rspec/feature_category.yml
+++ b/.rubocop_todo/rspec/feature_category.yml
@@ -1441,7 +1441,6 @@ RSpec/FeatureCategory:
- 'spec/graphql/resolvers/board_lists_resolver_spec.rb'
- 'spec/graphql/resolvers/board_resolver_spec.rb'
- 'spec/graphql/resolvers/boards_resolver_spec.rb'
- - 'spec/graphql/resolvers/branch_commit_resolver_spec.rb'
- 'spec/graphql/resolvers/ci/template_resolver_spec.rb'
- 'spec/graphql/resolvers/ci/test_report_summary_resolver_spec.rb'
- 'spec/graphql/resolvers/ci/test_suite_resolver_spec.rb'
diff --git a/.rubocop_todo/rspec/named_subject.yml b/.rubocop_todo/rspec/named_subject.yml
index 6698145500b..bc89b3cfe33 100644
--- a/.rubocop_todo/rspec/named_subject.yml
+++ b/.rubocop_todo/rspec/named_subject.yml
@@ -912,7 +912,6 @@ RSpec/NamedSubject:
- 'ee/spec/services/ee/users/build_service_spec.rb'
- 'ee/spec/services/ee/work_items/import_csv_service_spec.rb'
- 'ee/spec/services/elastic/data_migration_service_spec.rb'
- - 'ee/spec/services/elastic/indexing_control_service_spec.rb'
- 'ee/spec/services/elastic/metrics_update_service_spec.rb'
- 'ee/spec/services/epic_issues/create_service_spec.rb'
- 'ee/spec/services/epic_issues/destroy_service_spec.rb'
@@ -1074,7 +1073,6 @@ RSpec/NamedSubject:
- 'ee/spec/workers/ee/repository_check/batch_worker_spec.rb'
- 'ee/spec/workers/elastic/namespace_update_worker_spec.rb'
- 'ee/spec/workers/elastic_full_index_worker_spec.rb'
- - 'ee/spec/workers/elastic_indexing_control_worker_spec.rb'
- 'ee/spec/workers/elastic_namespace_rollout_worker_spec.rb'
- 'ee/spec/workers/geo/destroy_worker_spec.rb'
- 'ee/spec/workers/geo/registry_sync_worker_spec.rb'
diff --git a/.rubocop_todo/search/namespaced_class.yml b/.rubocop_todo/search/namespaced_class.yml
index ad94ba53c2a..fdebee1797c 100644
--- a/.rubocop_todo/search/namespaced_class.yml
+++ b/.rubocop_todo/search/namespaced_class.yml
@@ -38,12 +38,10 @@ Search/NamespacedClass:
- 'ee/app/services/elastic/data_migration_service.rb'
- 'ee/app/services/elastic/index_projects_by_id_service.rb'
- 'ee/app/services/elastic/index_projects_by_range_service.rb'
- - 'ee/app/services/elastic/indexing_control_service.rb'
- 'ee/app/services/elastic/process_bookkeeping_service.rb'
- 'ee/app/services/elastic/process_initial_bookkeeping_service.rb'
- 'ee/app/services/protected_environments/search_service.rb'
- 'ee/app/workers/concerns/elastic/bulk_cron_worker.rb'
- - 'ee/app/workers/concerns/elastic/indexing_control.rb'
- 'ee/app/workers/concerns/elastic/migration_backfill_helper.rb'
- 'ee/app/workers/concerns/elastic/migration_create_index.rb'
- 'ee/app/workers/concerns/elastic/migration_helper.rb'
diff --git a/.rubocop_todo/style/inline_disable_annotation.yml b/.rubocop_todo/style/inline_disable_annotation.yml
index c49bc025aa4..442351c60ce 100644
--- a/.rubocop_todo/style/inline_disable_annotation.yml
+++ b/.rubocop_todo/style/inline_disable_annotation.yml
@@ -1289,7 +1289,6 @@ Style/InlineDisableAnnotation:
- 'ee/app/services/ee/users/destroy_service.rb'
- 'ee/app/services/ee/users/update_service.rb'
- 'ee/app/services/elastic/index_projects_by_range_service.rb'
- - 'ee/app/services/elastic/indexing_control_service.rb'
- 'ee/app/services/elastic/process_bookkeeping_service.rb'
- 'ee/app/services/epic_issues/create_service.rb'
- 'ee/app/services/epics/strategies/base_dates_strategy.rb'
diff --git a/.rubocop_todo/style/mutable_constant.yml b/.rubocop_todo/style/mutable_constant.yml
index 4f214c4154e..fe608f65462 100644
--- a/.rubocop_todo/style/mutable_constant.yml
+++ b/.rubocop_todo/style/mutable_constant.yml
@@ -11,7 +11,6 @@ Style/MutableConstant:
- 'app/services/packages/maven/metadata/append_package_file_service.rb'
- 'app/workers/concerns/worker_context.rb'
- 'danger/architecture/Dangerfile'
- - 'ee/app/services/elastic/indexing_control_service.rb'
- 'ee/app/services/security/ingestion/tasks/ingest_vulnerability_statistics.rb'
- 'ee/app/services/vulnerabilities/statistics/adjustment_service.rb'
- 'ee/app/services/vulnerabilities/statistics/update_service.rb'
diff --git a/GITLAB_KAS_VERSION b/GITLAB_KAS_VERSION
index 4f2b1fc00de..b6a83a8e655 100644
--- a/GITLAB_KAS_VERSION
+++ b/GITLAB_KAS_VERSION
@@ -1 +1 @@
-75f33270bda9bf257949abfc1fcbe6ca90c7a479
+eb969b365e75ba081eebc768e59e546c915ea185
diff --git a/app/assets/javascripts/members/placeholders/components/placeholders_table.vue b/app/assets/javascripts/members/placeholders/components/placeholders_table.vue
index 79dfe109127..f18095b08b9 100644
--- a/app/assets/javascripts/members/placeholders/components/placeholders_table.vue
+++ b/app/assets/javascripts/members/placeholders/components/placeholders_table.vue
@@ -266,6 +266,7 @@ export default {
v-if="statusBadge(item)"
v-gl-tooltip="statusBadge(item).tooltip"
:variant="statusBadge(item).variant"
+ data-testid="placeholder-status"
tabindex="0"
>{{ statusBadge(item).text }}
@@ -279,6 +280,7 @@ export default {
:src="reassignedUser(item).avatarUrl"
:label="reassignedUser(item).name"
:sub-label="`@${reassignedUser(item).username}`"
+ data-testid="placeholder-reassigned"
/>
diff --git a/app/assets/javascripts/vue_shared/issuable/show/components/issuable_header.vue b/app/assets/javascripts/vue_shared/issuable/show/components/issuable_header.vue
index 26693b65bb1..b4ab447299b 100644
--- a/app/assets/javascripts/vue_shared/issuable/show/components/issuable_header.vue
+++ b/app/assets/javascripts/vue_shared/issuable/show/components/issuable_header.vue
@@ -190,7 +190,12 @@ export default {
{{ serviceDeskReplyTo }}
-
+
{{ author.name }}
diff --git a/app/graphql/resolvers/branch_commit_resolver.rb b/app/graphql/resolvers/branch_commit_resolver.rb
deleted file mode 100644
index c9ad723c3fa..00000000000
--- a/app/graphql/resolvers/branch_commit_resolver.rb
+++ /dev/null
@@ -1,22 +0,0 @@
-# frozen_string_literal: true
-
-module Resolvers
- class BranchCommitResolver < BaseResolver
- type Types::Repositories::CommitType, null: true
-
- alias_method :branch, :object
-
- def resolve(**args)
- commit = branch&.dereferenced_target
- return unless commit
-
- lazy_project = BatchLoader::GraphQL.for(commit.repository.gl_project_path).batch do |paths, loader|
- paths.each { |path| loader.call(path, Project.find_by_full_path(path)) }
- end
-
- ::Gitlab::Graphql::Lazy.with_value(lazy_project) do |project|
- ::Commit.new(commit, project) if project
- end
- end
- end
-end
diff --git a/app/graphql/resolvers/repositories/ref_commit_resolver.rb b/app/graphql/resolvers/repositories/ref_commit_resolver.rb
new file mode 100644
index 00000000000..2d2d1b0d9d5
--- /dev/null
+++ b/app/graphql/resolvers/repositories/ref_commit_resolver.rb
@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Resolvers
+ module Repositories
+ class RefCommitResolver < BaseResolver
+ type Types::Repositories::CommitType, null: true
+
+ def resolve(**_args)
+ commit = object&.dereferenced_target
+ return unless commit
+
+ lazy_project = BatchLoader::GraphQL.for(commit.repository.gl_project_path).batch do |paths, loader|
+ paths.each { |path| loader.call(path, Project.find_by_full_path(path)) }
+ end
+
+ ::Gitlab::Graphql::Lazy.with_value(lazy_project) do |project|
+ ::Commit.new(commit, project) if project
+ end
+ end
+ end
+ end
+end
diff --git a/app/graphql/types/branch_type.rb b/app/graphql/types/branch_type.rb
index 10823ea0152..be8101c34ce 100644
--- a/app/graphql/types/branch_type.rb
+++ b/app/graphql/types/branch_type.rb
@@ -11,7 +11,7 @@ module Types
description: 'Name of the branch.'
field :commit, Types::Repositories::CommitType,
- null: true, resolver: Resolvers::BranchCommitResolver,
+ null: true, resolver: Resolvers::Repositories::RefCommitResolver,
description: 'Commit for the branch.'
end
# rubocop: enable Graphql/AuthorizeTypes
diff --git a/app/graphql/types/repositories/tag_type.rb b/app/graphql/types/repositories/tag_type.rb
index d3bee2a6361..b796f7d250d 100644
--- a/app/graphql/types/repositories/tag_type.rb
+++ b/app/graphql/types/repositories/tag_type.rb
@@ -18,7 +18,7 @@ module Types
description: 'Tagging message.'
field :commit, Types::Repositories::CommitType,
- null: true, resolver: Resolvers::BranchCommitResolver,
+ null: true, resolver: Resolvers::Repositories::RefCommitResolver,
description: 'Commit for the tag.'
end
end
diff --git a/app/helpers/projects_helper.rb b/app/helpers/projects_helper.rb
index 2d773b0bef5..044072c1139 100644
--- a/app/helpers/projects_helper.rb
+++ b/app/helpers/projects_helper.rb
@@ -67,7 +67,8 @@ module ProjectsHelper
data_attrs = {
user_id: author.id,
username: author.username,
- name: author.name
+ name: author.name,
+ testid: "author-link"
}
inject_classes = ["author-link", opts[:extra_class]]
diff --git a/app/models/ci/build.rb b/app/models/ci/build.rb
index 547eaae43ee..5c24f4bf39b 100644
--- a/app/models/ci/build.rb
+++ b/app/models/ci/build.rb
@@ -817,10 +817,14 @@ module Ci
return unless project
return if user&.blocked?
- ActiveRecord::Associations::Preloader.new(records: [self], associations: { runner: :tags }).call
+ if Feature.enabled?(:ci_async_build_hooks_execution, project)
+ return unless project.has_active_hooks?(:job_hooks) || project.has_active_integrations?(:job_hooks)
- project.execute_hooks(build_data.dup, :job_hooks) if project.has_active_hooks?(:job_hooks)
- project.execute_integrations(build_data.dup, :job_hooks) if project.has_active_integrations?(:job_hooks)
+ Ci::ExecuteBuildHooksWorker.perform_async(project.id, build_data)
+ else
+ project.execute_hooks(build_data.dup, :job_hooks) if project.has_active_hooks?(:job_hooks)
+ project.execute_integrations(build_data.dup, :job_hooks) if project.has_active_integrations?(:job_hooks)
+ end
end
def browsable_artifacts?
@@ -1259,7 +1263,10 @@ module Ci
end
def build_data
- strong_memoize(:build_data) { Gitlab::DataBuilder::Build.build(self) }
+ strong_memoize(:build_data) do
+ ActiveRecord::Associations::Preloader.new(records: [self], associations: { runner: :tags }).call
+ Gitlab::DataBuilder::Build.build(self)
+ end
end
def job_artifacts_for_types(report_types)
diff --git a/app/models/system/broadcast_message.rb b/app/models/system/broadcast_message.rb
index 28fd9c0422c..9ed41f1ea70 100644
--- a/app/models/system/broadcast_message.rb
+++ b/app/models/system/broadcast_message.rb
@@ -64,8 +64,8 @@ module System
end
end
- def current_show_in_cli_banner_messages
- current_banner_messages.select(&:show_in_cli?)
+ def current_show_in_cli_banner_messages(user_access_level: nil)
+ current_banner_messages(user_access_level: user_access_level).select(&:show_in_cli?)
end
def current_notification_messages(current_path: nil, user_access_level: nil)
diff --git a/app/services/post_receive_service.rb b/app/services/post_receive_service.rb
index d54ab94e238..ee947777649 100644
--- a/app/services/post_receive_service.rb
+++ b/app/services/post_receive_service.rb
@@ -87,17 +87,23 @@ class PostReceiveService
def broadcast_message
banner = nil
+ user_access_level = if project && user && Feature.enabled?(:derisk_user_access_level_in_git_hook, project)
+ user.max_member_access_for_project(project.id)
+ end
if project
scoped_messages =
- System::BroadcastMessage.current_banner_messages(current_path: project.full_path).select do |message|
+ System::BroadcastMessage.current_banner_messages(
+ current_path: project.full_path,
+ user_access_level: user_access_level
+ ).select do |message|
message.target_path.present? && message.matches_current_path(project.full_path) && message.show_in_cli?
end
banner = scoped_messages.last
end
- banner ||= System::BroadcastMessage.current_show_in_cli_banner_messages.last
+ banner ||= System::BroadcastMessage.current_show_in_cli_banner_messages(user_access_level: user_access_level).last
banner&.message
end
diff --git a/app/views/import/source_users/show.html.haml b/app/views/import/source_users/show.html.haml
index 434ae1a22b7..9a4b709e951 100644
--- a/app/views/import/source_users/show.html.haml
+++ b/app/views/import/source_users/show.html.haml
@@ -48,7 +48,9 @@
- c.with_footer do
.gl-flex.gl-gap-3
- = render Pajamas::ButtonComponent.new(variant: :danger, method: :post, href: accept_import_source_user_path(@source_user.reassignment_token)) do
+ = render Pajamas::ButtonComponent.new(variant: :danger, method: :post,
+ href: accept_import_source_user_path(@source_user.reassignment_token),
+ button_options: { data: { testid: 'approve-reassignment-button' } }) do
= s_('UserMapping|Approve reassignment')
= render Pajamas::ButtonComponent.new(method: :post, href: decline_import_source_user_path(@source_user.reassignment_token)) do
= s_('UserMapping|Reject')
diff --git a/app/workers/all_queues.yml b/app/workers/all_queues.yml
index 007d8162cb5..2bb1efc8acd 100644
--- a/app/workers/all_queues.yml
+++ b/app/workers/all_queues.yml
@@ -2919,6 +2919,15 @@
:weight: 1
:idempotent: true
:tags: []
+- :name: ci_execute_build_hooks
+ :worker_name: Ci::ExecuteBuildHooksWorker
+ :feature_category: :pipeline_composition
+ :has_external_dependencies: false
+ :urgency: :low
+ :resource_boundary: :unknown
+ :weight: 1
+ :idempotent: true
+ :tags: []
- :name: ci_initialize_pipelines_iid_sequence
:worker_name: Ci::InitializePipelinesIidSequenceWorker
:feature_category: :continuous_integration
diff --git a/app/workers/ci/execute_build_hooks_worker.rb b/app/workers/ci/execute_build_hooks_worker.rb
new file mode 100644
index 00000000000..2c0fbaf7e09
--- /dev/null
+++ b/app/workers/ci/execute_build_hooks_worker.rb
@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Ci
+ class ExecuteBuildHooksWorker
+ include ApplicationWorker
+
+ data_consistency :delayed
+
+ feature_category :pipeline_composition
+ urgency :low
+
+ idempotent!
+
+ def perform(project_id, build_data)
+ project = Project.find_by_id(project_id)
+ return unless project
+
+ project.execute_hooks(build_data, :job_hooks) if project.has_active_hooks?(:job_hooks)
+ project.execute_integrations(build_data, :job_hooks) if project.has_active_integrations?(:job_hooks)
+ end
+ end
+end
diff --git a/config/events/1647273260_projectsclustersindex_open_modal.yml b/config/events/1647273260_projectsclustersindex_open_modal.yml
index 3d8872cd3e2..99bb3bc965d 100644
--- a/config/events/1647273260_projectsclustersindex_open_modal.yml
+++ b/config/events/1647273260_projectsclustersindex_open_modal.yml
@@ -5,9 +5,6 @@ action: open_modal
product_group: environments
milestone: "14.9"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/82690
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1647273493_projectsclustersindex_click_button.yml b/config/events/1647273493_projectsclustersindex_click_button.yml
index 5a4061df67d..e4239d04cb5 100644
--- a/config/events/1647273493_projectsclustersindex_click_button.yml
+++ b/config/events/1647273493_projectsclustersindex_click_button.yml
@@ -5,9 +5,6 @@ action: click_button
product_group: environments
milestone: "14.9"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/82690
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1649272430_projectsnew_visit_docs.yml b/config/events/1649272430_projectsnew_visit_docs.yml
index 7a951a7f566..bf961ac70d5 100644
--- a/config/events/1649272430_projectsnew_visit_docs.yml
+++ b/config/events/1649272430_projectsnew_visit_docs.yml
@@ -5,9 +5,6 @@ action: visit_docs
product_group: environments
milestone: "14.10"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/84224
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1651053267_event_create_service_project_action.yml b/config/events/1651053267_event_create_service_project_action.yml
index 599e68ac9cb..d05aa8648ec 100644
--- a/config/events/1651053267_event_create_service_project_action.yml
+++ b/config/events/1651053267_event_create_service_project_action.yml
@@ -7,9 +7,6 @@ identifiers:
product_group: source_code
milestone: "15.0"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/83795
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1651580551_groups_controller_show_render.yml b/config/events/1651580551_groups_controller_show_render.yml
index e773c33bb37..a3fe9833488 100644
--- a/config/events/1651580551_groups_controller_show_render.yml
+++ b/config/events/1651580551_groups_controller_show_render.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: acquisition
milestone: "15.0"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/58118
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1651581659_projects_controller_show_render.yml b/config/events/1651581659_projects_controller_show_render.yml
index efe60bfa993..b428f3addc1 100644
--- a/config/events/1651581659_projects_controller_show_render.yml
+++ b/config/events/1651581659_projects_controller_show_render.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: acquisition
milestone: "15.0"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/58118
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1654698269_merge_request_action_create.yml b/config/events/1654698269_merge_request_action_create.yml
index 3ee1f3b1eca..9c50f4160c1 100644
--- a/config/events/1654698269_merge_request_action_create.yml
+++ b/config/events/1654698269_merge_request_action_create.yml
@@ -12,9 +12,6 @@ product_categories:
- code_review_workflow
milestone: "15.1"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/89544
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1654698359_merge_request_action_close.yml b/config/events/1654698359_merge_request_action_close.yml
index 4fd116b360a..6230367532a 100644
--- a/config/events/1654698359_merge_request_action_close.yml
+++ b/config/events/1654698359_merge_request_action_close.yml
@@ -12,9 +12,6 @@ product_categories:
- code_review_workflow
milestone: "15.1"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/89544
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1654698407_merge_request_action_merge.yml b/config/events/1654698407_merge_request_action_merge.yml
index b467c74d270..631e6b4082e 100644
--- a/config/events/1654698407_merge_request_action_merge.yml
+++ b/config/events/1654698407_merge_request_action_merge.yml
@@ -12,9 +12,6 @@ product_categories:
- code_review_workflow
milestone: "15.1"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/89544
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1655179428_design_actions_create_.yml b/config/events/1655179428_design_actions_create_.yml
index a8971c2e94b..43a1b85fa8c 100644
--- a/config/events/1655179428_design_actions_create_.yml
+++ b/config/events/1655179428_design_actions_create_.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: product_planning
milestone: "15.1"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/90107
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1655179485_design_actions_update_.yml b/config/events/1655179485_design_actions_update_.yml
index 50d4fea295a..255f5a5b538 100644
--- a/config/events/1655179485_design_actions_update_.yml
+++ b/config/events/1655179485_design_actions_update_.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: product_planning
milestone: "15.1"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/90107
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1655179517_design_actions_destroy_.yml b/config/events/1655179517_design_actions_destroy_.yml
index a790fb3e96e..ed2c72a37c1 100644
--- a/config/events/1655179517_design_actions_destroy_.yml
+++ b/config/events/1655179517_design_actions_destroy_.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: product_planning
milestone: "15.1"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/90107
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1658833247_integrations_class_perform_integrations_action.yml b/config/events/1658833247_integrations_class_perform_integrations_action.yml
index 67d19247733..fa625cffa85 100644
--- a/config/events/1658833247_integrations_class_perform_integrations_action.yml
+++ b/config/events/1658833247_integrations_class_perform_integrations_action.yml
@@ -11,9 +11,6 @@ product_categories:
- integrations
milestone: "15.3"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/93468
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1659626567_analytics_usage_action_perform_analytics_usage_action.yml b/config/events/1659626567_analytics_usage_action_perform_analytics_usage_action.yml
index 149ae4b5783..2071a1d5063 100644
--- a/config/events/1659626567_analytics_usage_action_perform_analytics_usage_action.yml
+++ b/config/events/1659626567_analytics_usage_action_perform_analytics_usage_action.yml
@@ -9,9 +9,6 @@ identifiers:
product_group: optimize
milestone: "15.3"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/94369
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1662373051_Projects__GoogleCloud__ConfigurationController_error_invalid_user.yml b/config/events/1662373051_Projects__GoogleCloud__ConfigurationController_error_invalid_user.yml
index df1ba8dadd2..6ad7f34af60 100644
--- a/config/events/1662373051_Projects__GoogleCloud__ConfigurationController_error_invalid_user.yml
+++ b/config/events/1662373051_Projects__GoogleCloud__ConfigurationController_error_invalid_user.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: 5-min-app
milestone: "15.4"
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96683"
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1662373057_Projects__GoogleCloud__ConfigurationController_error_google_oauth2_not_enabled.yml b/config/events/1662373057_Projects__GoogleCloud__ConfigurationController_error_google_oauth2_not_enabled.yml
index 5e93343443c..dfff3564692 100644
--- a/config/events/1662373057_Projects__GoogleCloud__ConfigurationController_error_google_oauth2_not_enabled.yml
+++ b/config/events/1662373057_Projects__GoogleCloud__ConfigurationController_error_google_oauth2_not_enabled.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: 5-min-app
milestone: "15.4"
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96683"
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1662373062_Projects__GoogleCloud__ConfigurationController_error_feature_flag_not_enabled.yml b/config/events/1662373062_Projects__GoogleCloud__ConfigurationController_error_feature_flag_not_enabled.yml
index cda35fe7049..21423f09cfd 100644
--- a/config/events/1662373062_Projects__GoogleCloud__ConfigurationController_error_feature_flag_not_enabled.yml
+++ b/config/events/1662373062_Projects__GoogleCloud__ConfigurationController_error_feature_flag_not_enabled.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: 5-min-app
milestone: "15.4"
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96683"
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1662373069_Projects__GoogleCloud__ConfigurationController_render_page.yml b/config/events/1662373069_Projects__GoogleCloud__ConfigurationController_render_page.yml
index 3cba7ff15c2..54a2d53f424 100644
--- a/config/events/1662373069_Projects__GoogleCloud__ConfigurationController_render_page.yml
+++ b/config/events/1662373069_Projects__GoogleCloud__ConfigurationController_render_page.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: 5-min-app
milestone: "15.4"
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96683"
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1662373075_Projects__GoogleCloud__ServiceAccountsController_error_invalid_user.yml b/config/events/1662373075_Projects__GoogleCloud__ServiceAccountsController_error_invalid_user.yml
index bd45ac57053..87114d675a5 100644
--- a/config/events/1662373075_Projects__GoogleCloud__ServiceAccountsController_error_invalid_user.yml
+++ b/config/events/1662373075_Projects__GoogleCloud__ServiceAccountsController_error_invalid_user.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: 5-min-app
milestone: "15.4"
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96683"
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1662373081_Projects__GoogleCloud__ServiceAccountsController_error_google_oauth2_not_enabled.yml b/config/events/1662373081_Projects__GoogleCloud__ServiceAccountsController_error_google_oauth2_not_enabled.yml
index 52899431244..0853df70ea9 100644
--- a/config/events/1662373081_Projects__GoogleCloud__ServiceAccountsController_error_google_oauth2_not_enabled.yml
+++ b/config/events/1662373081_Projects__GoogleCloud__ServiceAccountsController_error_google_oauth2_not_enabled.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: 5-min-app
milestone: "15.4"
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96683"
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1662373087_Projects__GoogleCloud__ServiceAccountsController_error_feature_flag_not_enabled.yml b/config/events/1662373087_Projects__GoogleCloud__ServiceAccountsController_error_feature_flag_not_enabled.yml
index c0dd42b5f86..6740fc02880 100644
--- a/config/events/1662373087_Projects__GoogleCloud__ServiceAccountsController_error_feature_flag_not_enabled.yml
+++ b/config/events/1662373087_Projects__GoogleCloud__ServiceAccountsController_error_feature_flag_not_enabled.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: 5-min-app
milestone: "15.4"
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96683"
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1662373092_Projects__GoogleCloud__ServiceAccountsController_render_form.yml b/config/events/1662373092_Projects__GoogleCloud__ServiceAccountsController_render_form.yml
index f0154135b47..66bb61d10ee 100644
--- a/config/events/1662373092_Projects__GoogleCloud__ServiceAccountsController_render_form.yml
+++ b/config/events/1662373092_Projects__GoogleCloud__ServiceAccountsController_render_form.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: 5-min-app
milestone: "15.4"
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96683"
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1662373098_Projects__GoogleCloud__ServiceAccountsController_error_no_gcp_projects.yml b/config/events/1662373098_Projects__GoogleCloud__ServiceAccountsController_error_no_gcp_projects.yml
index adba3e323a2..5a4352c7b0f 100644
--- a/config/events/1662373098_Projects__GoogleCloud__ServiceAccountsController_error_no_gcp_projects.yml
+++ b/config/events/1662373098_Projects__GoogleCloud__ServiceAccountsController_error_no_gcp_projects.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: 5-min-app
milestone: "15.4"
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96683"
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1662373103_Projects__GoogleCloud__ServiceAccountsController_create_service_account.yml b/config/events/1662373103_Projects__GoogleCloud__ServiceAccountsController_create_service_account.yml
index 7b6a86ea083..7d596bc7fa1 100644
--- a/config/events/1662373103_Projects__GoogleCloud__ServiceAccountsController_create_service_account.yml
+++ b/config/events/1662373103_Projects__GoogleCloud__ServiceAccountsController_create_service_account.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: 5-min-app
milestone: "15.4"
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96683"
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1662373109_Projects__GoogleCloud__ServiceAccountsController_error_google_api.yml b/config/events/1662373109_Projects__GoogleCloud__ServiceAccountsController_error_google_api.yml
index 3a01cb8b0bb..c713a68b1c6 100644
--- a/config/events/1662373109_Projects__GoogleCloud__ServiceAccountsController_error_google_api.yml
+++ b/config/events/1662373109_Projects__GoogleCloud__ServiceAccountsController_error_google_api.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: 5-min-app
milestone: "15.4"
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96683"
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1662373114_Projects__GoogleCloud__GcpRegionsController_error_invalid_user.yml b/config/events/1662373114_Projects__GoogleCloud__GcpRegionsController_error_invalid_user.yml
index 9530a6b3d77..0a9434f841b 100644
--- a/config/events/1662373114_Projects__GoogleCloud__GcpRegionsController_error_invalid_user.yml
+++ b/config/events/1662373114_Projects__GoogleCloud__GcpRegionsController_error_invalid_user.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: 5-min-app
milestone: "15.4"
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96683"
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1662373120_Projects__GoogleCloud__GcpRegionsController_error_google_oauth2_not_enabled.yml b/config/events/1662373120_Projects__GoogleCloud__GcpRegionsController_error_google_oauth2_not_enabled.yml
index 508c216f5f3..224fd22813d 100644
--- a/config/events/1662373120_Projects__GoogleCloud__GcpRegionsController_error_google_oauth2_not_enabled.yml
+++ b/config/events/1662373120_Projects__GoogleCloud__GcpRegionsController_error_google_oauth2_not_enabled.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: 5-min-app
milestone: "15.4"
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96683"
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1662373125_Projects__GoogleCloud__GcpRegionsController_error_feature_flag_not_enabled.yml b/config/events/1662373125_Projects__GoogleCloud__GcpRegionsController_error_feature_flag_not_enabled.yml
index aea97f45ccb..6e3f08b9745 100644
--- a/config/events/1662373125_Projects__GoogleCloud__GcpRegionsController_error_feature_flag_not_enabled.yml
+++ b/config/events/1662373125_Projects__GoogleCloud__GcpRegionsController_error_feature_flag_not_enabled.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: 5-min-app
milestone: "15.4"
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96683"
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1662373131_Projects__GoogleCloud__GcpRegionsController_render_form.yml b/config/events/1662373131_Projects__GoogleCloud__GcpRegionsController_render_form.yml
index 37cc55b692d..9081cb586d9 100644
--- a/config/events/1662373131_Projects__GoogleCloud__GcpRegionsController_render_form.yml
+++ b/config/events/1662373131_Projects__GoogleCloud__GcpRegionsController_render_form.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: 5-min-app
milestone: "15.4"
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96683"
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1662373136_Projects__GoogleCloud__GcpRegionsController_configure_region.yml b/config/events/1662373136_Projects__GoogleCloud__GcpRegionsController_configure_region.yml
index 37d5b78cd8b..ab1daeca9d3 100644
--- a/config/events/1662373136_Projects__GoogleCloud__GcpRegionsController_configure_region.yml
+++ b/config/events/1662373136_Projects__GoogleCloud__GcpRegionsController_configure_region.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: 5-min-app
milestone: "15.4"
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96683"
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1662373142_Projects__GoogleCloud__GcpRegionsController_error_create.yml b/config/events/1662373142_Projects__GoogleCloud__GcpRegionsController_error_create.yml
index 2c2153e7d76..8db561d254a 100644
--- a/config/events/1662373142_Projects__GoogleCloud__GcpRegionsController_error_create.yml
+++ b/config/events/1662373142_Projects__GoogleCloud__GcpRegionsController_error_create.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: 5-min-app
milestone: "15.4"
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96683"
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1662373147_Projects__GoogleCloud__RevokeOauthController_error_invalid_user.yml b/config/events/1662373147_Projects__GoogleCloud__RevokeOauthController_error_invalid_user.yml
index bc5ff6da979..9557b7b7dd0 100644
--- a/config/events/1662373147_Projects__GoogleCloud__RevokeOauthController_error_invalid_user.yml
+++ b/config/events/1662373147_Projects__GoogleCloud__RevokeOauthController_error_invalid_user.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: 5-min-app
milestone: "15.4"
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96683"
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1662373153_Projects__GoogleCloud__RevokeOauthController_error_google_oauth2_not_enabled.yml b/config/events/1662373153_Projects__GoogleCloud__RevokeOauthController_error_google_oauth2_not_enabled.yml
index cc30466d6b2..a6f272f5e39 100644
--- a/config/events/1662373153_Projects__GoogleCloud__RevokeOauthController_error_google_oauth2_not_enabled.yml
+++ b/config/events/1662373153_Projects__GoogleCloud__RevokeOauthController_error_google_oauth2_not_enabled.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: 5-min-app
milestone: "15.4"
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96683"
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1662373158_Projects__GoogleCloud__RevokeOauthController_error_feature_flag_not_enabled.yml b/config/events/1662373158_Projects__GoogleCloud__RevokeOauthController_error_feature_flag_not_enabled.yml
index 84c07363f7c..74171d6adee 100644
--- a/config/events/1662373158_Projects__GoogleCloud__RevokeOauthController_error_feature_flag_not_enabled.yml
+++ b/config/events/1662373158_Projects__GoogleCloud__RevokeOauthController_error_feature_flag_not_enabled.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: 5-min-app
milestone: "15.4"
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96683"
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1662373164_Projects__GoogleCloud__RevokeOauthController_revoke_oauth.yml b/config/events/1662373164_Projects__GoogleCloud__RevokeOauthController_revoke_oauth.yml
index e89d9a13f38..64777d496eb 100644
--- a/config/events/1662373164_Projects__GoogleCloud__RevokeOauthController_revoke_oauth.yml
+++ b/config/events/1662373164_Projects__GoogleCloud__RevokeOauthController_revoke_oauth.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: 5-min-app
milestone: "15.4"
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96683"
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1662373170_Projects__GoogleCloud__DeploymentsController_error_invalid_user.yml b/config/events/1662373170_Projects__GoogleCloud__DeploymentsController_error_invalid_user.yml
index e110cfa063a..1c09b9b615d 100644
--- a/config/events/1662373170_Projects__GoogleCloud__DeploymentsController_error_invalid_user.yml
+++ b/config/events/1662373170_Projects__GoogleCloud__DeploymentsController_error_invalid_user.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: 5-min-app
milestone: "15.4"
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96683"
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1662373175_Projects__GoogleCloud__DeploymentsController_error_google_oauth2_not_enabled.yml b/config/events/1662373175_Projects__GoogleCloud__DeploymentsController_error_google_oauth2_not_enabled.yml
index 71aec8af1fa..07da14a1ee1 100644
--- a/config/events/1662373175_Projects__GoogleCloud__DeploymentsController_error_google_oauth2_not_enabled.yml
+++ b/config/events/1662373175_Projects__GoogleCloud__DeploymentsController_error_google_oauth2_not_enabled.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: 5-min-app
milestone: "15.4"
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96683"
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1662373181_Projects__GoogleCloud__DeploymentsController_error_feature_flag_not_enabled.yml b/config/events/1662373181_Projects__GoogleCloud__DeploymentsController_error_feature_flag_not_enabled.yml
index c627fb46195..92491610ad6 100644
--- a/config/events/1662373181_Projects__GoogleCloud__DeploymentsController_error_feature_flag_not_enabled.yml
+++ b/config/events/1662373181_Projects__GoogleCloud__DeploymentsController_error_feature_flag_not_enabled.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: 5-min-app
milestone: "15.4"
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96683"
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1662373187_Projects__GoogleCloud__DeploymentsController_render_page.yml b/config/events/1662373187_Projects__GoogleCloud__DeploymentsController_render_page.yml
index 10f454cafc7..157b52136fc 100644
--- a/config/events/1662373187_Projects__GoogleCloud__DeploymentsController_render_page.yml
+++ b/config/events/1662373187_Projects__GoogleCloud__DeploymentsController_render_page.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: 5-min-app
milestone: "15.4"
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96683"
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1662373192_Projects__GoogleCloud__DeploymentsController_generate_cloudrun_pipeline.yml b/config/events/1662373192_Projects__GoogleCloud__DeploymentsController_generate_cloudrun_pipeline.yml
index be7c79033e5..c036cd785a5 100644
--- a/config/events/1662373192_Projects__GoogleCloud__DeploymentsController_generate_cloudrun_pipeline.yml
+++ b/config/events/1662373192_Projects__GoogleCloud__DeploymentsController_generate_cloudrun_pipeline.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: 5-min-app
milestone: "15.4"
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96683"
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1662373198_Projects__GoogleCloud__DeploymentsController_error_enable_cloudrun_services.yml b/config/events/1662373198_Projects__GoogleCloud__DeploymentsController_error_enable_cloudrun_services.yml
index b84e6645b86..8f19b068f07 100644
--- a/config/events/1662373198_Projects__GoogleCloud__DeploymentsController_error_enable_cloudrun_services.yml
+++ b/config/events/1662373198_Projects__GoogleCloud__DeploymentsController_error_enable_cloudrun_services.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: 5-min-app
milestone: "15.4"
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96683"
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1662373204_Projects__GoogleCloud__DeploymentsController_error_generate_cloudrun_pipeline.yml b/config/events/1662373204_Projects__GoogleCloud__DeploymentsController_error_generate_cloudrun_pipeline.yml
index 6cfbbb164ec..c0c002d835a 100644
--- a/config/events/1662373204_Projects__GoogleCloud__DeploymentsController_error_generate_cloudrun_pipeline.yml
+++ b/config/events/1662373204_Projects__GoogleCloud__DeploymentsController_error_generate_cloudrun_pipeline.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: 5-min-app
milestone: "15.4"
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96683"
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1662373209_Projects__GoogleCloud__DeploymentsController_error_google_api.yml b/config/events/1662373209_Projects__GoogleCloud__DeploymentsController_error_google_api.yml
index 590696e58d7..b2172f0be0a 100644
--- a/config/events/1662373209_Projects__GoogleCloud__DeploymentsController_error_google_api.yml
+++ b/config/events/1662373209_Projects__GoogleCloud__DeploymentsController_error_google_api.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: 5-min-app
milestone: "15.4"
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96683"
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1662373215_Projects__GoogleCloud__DatabasesController_error_invalid_user.yml b/config/events/1662373215_Projects__GoogleCloud__DatabasesController_error_invalid_user.yml
index cc2896960d9..74c52abef37 100644
--- a/config/events/1662373215_Projects__GoogleCloud__DatabasesController_error_invalid_user.yml
+++ b/config/events/1662373215_Projects__GoogleCloud__DatabasesController_error_invalid_user.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: 5-min-app
milestone: "15.4"
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96683"
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1662373220_Projects__GoogleCloud__DatabasesController_error_google_oauth2_not_enabled.yml b/config/events/1662373220_Projects__GoogleCloud__DatabasesController_error_google_oauth2_not_enabled.yml
index fbf4ee403e1..8fcc4242481 100644
--- a/config/events/1662373220_Projects__GoogleCloud__DatabasesController_error_google_oauth2_not_enabled.yml
+++ b/config/events/1662373220_Projects__GoogleCloud__DatabasesController_error_google_oauth2_not_enabled.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: 5-min-app
milestone: "15.4"
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96683"
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1662373226_Projects__GoogleCloud__DatabasesController_error_feature_flag_not_enabled.yml b/config/events/1662373226_Projects__GoogleCloud__DatabasesController_error_feature_flag_not_enabled.yml
index 0e9857ef4a3..36b8030d9f8 100644
--- a/config/events/1662373226_Projects__GoogleCloud__DatabasesController_error_feature_flag_not_enabled.yml
+++ b/config/events/1662373226_Projects__GoogleCloud__DatabasesController_error_feature_flag_not_enabled.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: 5-min-app
milestone: "15.4"
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96683"
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1662373232_Projects__GoogleCloud__DatabasesController_render_page.yml b/config/events/1662373232_Projects__GoogleCloud__DatabasesController_render_page.yml
index e6a67fe15e7..9879c287a8c 100644
--- a/config/events/1662373232_Projects__GoogleCloud__DatabasesController_render_page.yml
+++ b/config/events/1662373232_Projects__GoogleCloud__DatabasesController_render_page.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: 5-min-app
milestone: "15.4"
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96683"
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1662373237_Projects__GoogleCloud__DatabasesController_render_cloudsql_form.yml b/config/events/1662373237_Projects__GoogleCloud__DatabasesController_render_cloudsql_form.yml
index 5cdc6d9ae7c..96210c5f610 100644
--- a/config/events/1662373237_Projects__GoogleCloud__DatabasesController_render_cloudsql_form.yml
+++ b/config/events/1662373237_Projects__GoogleCloud__DatabasesController_render_cloudsql_form.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: 5-min-app
milestone: "15.4"
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96683"
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1662373243_Projects__GoogleCloud__DatabasesController_create_cloudsql_instance.yml b/config/events/1662373243_Projects__GoogleCloud__DatabasesController_create_cloudsql_instance.yml
index c6ad5816831..8977aec403f 100644
--- a/config/events/1662373243_Projects__GoogleCloud__DatabasesController_create_cloudsql_instance.yml
+++ b/config/events/1662373243_Projects__GoogleCloud__DatabasesController_create_cloudsql_instance.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: 5-min-app
milestone: "15.4"
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96683"
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1662373249_Projects__GoogleCloud__DatabasesController_error_enable_cloudsql_services.yml b/config/events/1662373249_Projects__GoogleCloud__DatabasesController_error_enable_cloudsql_services.yml
index 1a6e1f983c6..b89975fb48d 100644
--- a/config/events/1662373249_Projects__GoogleCloud__DatabasesController_error_enable_cloudsql_services.yml
+++ b/config/events/1662373249_Projects__GoogleCloud__DatabasesController_error_enable_cloudsql_services.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: 5-min-app
milestone: "15.4"
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96683"
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1662373254_Projects__GoogleCloud__DatabasesController_error_create_cloudsql_instance.yml b/config/events/1662373254_Projects__GoogleCloud__DatabasesController_error_create_cloudsql_instance.yml
index a7ec29f9203..6d1149acf22 100644
--- a/config/events/1662373254_Projects__GoogleCloud__DatabasesController_error_create_cloudsql_instance.yml
+++ b/config/events/1662373254_Projects__GoogleCloud__DatabasesController_error_create_cloudsql_instance.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: 5-min-app
milestone: "15.4"
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96683"
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1666038724_Gitlab__Tracking__Helpers__WeakPasswordErrorEvent_track_weak_password_error.yml b/config/events/1666038724_Gitlab__Tracking__Helpers__WeakPasswordErrorEvent_track_weak_password_error.yml
index 2f3135b4176..310756369f6 100644
--- a/config/events/1666038724_Gitlab__Tracking__Helpers__WeakPasswordErrorEvent_track_weak_password_error.yml
+++ b/config/events/1666038724_Gitlab__Tracking__Helpers__WeakPasswordErrorEvent_track_weak_password_error.yml
@@ -13,9 +13,6 @@ identifiers:
product_group: authentication
milestone: "15.6"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/100237
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1669277827_API__Commits_commit.yml b/config/events/1669277827_API__Commits_commit.yml
index 4bb2f5c2d80..96a536a21c2 100644
--- a/config/events/1669277827_API__Commits_commit.yml
+++ b/config/events/1669277827_API__Commits_commit.yml
@@ -12,9 +12,6 @@ product_categories:
- web_ide
milestone: "15.7"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/104947
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1669814629_StatusPage__PublishService_incident_management_incident_published.yml b/config/events/1669814629_StatusPage__PublishService_incident_management_incident_published.yml
index 230069e03bb..841593fdbb1 100644
--- a/config/events/1669814629_StatusPage__PublishService_incident_management_incident_published.yml
+++ b/config/events/1669814629_StatusPage__PublishService_incident_management_incident_published.yml
@@ -10,8 +10,6 @@ identifiers:
product_group: platform_insights
milestone: "15.7"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/105223
-distributions:
-- ee
tiers:
- premium
- ultimate
diff --git a/config/events/1669815074_Mutations__AlertManagement__Alerts__Todo__Create_incident_management_alert_todo.yml b/config/events/1669815074_Mutations__AlertManagement__Alerts__Todo__Create_incident_management_alert_todo.yml
index 7f287b9d649..d31ac8790e8 100644
--- a/config/events/1669815074_Mutations__AlertManagement__Alerts__Todo__Create_incident_management_alert_todo.yml
+++ b/config/events/1669815074_Mutations__AlertManagement__Alerts__Todo__Create_incident_management_alert_todo.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: platform_insights
milestone: "15.7"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/105223/diffs
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1669817378_Mutations__AlertManagement__Alerts__SetAssignees_incident_management_alert_assigned.yml b/config/events/1669817378_Mutations__AlertManagement__Alerts__SetAssignees_incident_management_alert_assigned.yml
index d49b0400968..82212f5ea50 100644
--- a/config/events/1669817378_Mutations__AlertManagement__Alerts__SetAssignees_incident_management_alert_assigned.yml
+++ b/config/events/1669817378_Mutations__AlertManagement__Alerts__SetAssignees_incident_management_alert_assigned.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: platform_insights
milestone: "15.7"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/105223
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1669817630_Mutations__AlertManagement__CreateAlertIssue_incident_management_incident_created.yml b/config/events/1669817630_Mutations__AlertManagement__CreateAlertIssue_incident_management_incident_created.yml
index 4f4d732ab75..42b23b8a647 100644
--- a/config/events/1669817630_Mutations__AlertManagement__CreateAlertIssue_incident_management_incident_created.yml
+++ b/config/events/1669817630_Mutations__AlertManagement__CreateAlertIssue_incident_management_incident_created.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: platform_insights
milestone: "15.7"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/105223
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1669817815_Mutations__AlertManagement__UpdateAlertStatus_incident_management_alert_status_change.yml b/config/events/1669817815_Mutations__AlertManagement__UpdateAlertStatus_incident_management_alert_status_change.yml
index f3f8d03f37a..1f2b6b84117 100644
--- a/config/events/1669817815_Mutations__AlertManagement__UpdateAlertStatus_incident_management_alert_status_change.yml
+++ b/config/events/1669817815_Mutations__AlertManagement__UpdateAlertStatus_incident_management_alert_status_change.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: platform_insights
milestone: "15.7"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/105223
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1669818009_IncidentManagement__TimelineEvents__CreateService_incident_management_timeline_event_.yml b/config/events/1669818009_IncidentManagement__TimelineEvents__CreateService_incident_management_timeline_event_.yml
index 8a73ade37b2..a9b78713c3e 100644
--- a/config/events/1669818009_IncidentManagement__TimelineEvents__CreateService_incident_management_timeline_event_.yml
+++ b/config/events/1669818009_IncidentManagement__TimelineEvents__CreateService_incident_management_timeline_event_.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: platform_insights
milestone: "15.7"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/105223
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1669902189_IncidentManagement__TimelineEvents__DestroyService_incident_management_timeline_event.yml b/config/events/1669902189_IncidentManagement__TimelineEvents__DestroyService_incident_management_timeline_event.yml
index 99d2ec03ff5..0d5ebae0e17 100644
--- a/config/events/1669902189_IncidentManagement__TimelineEvents__DestroyService_incident_management_timeline_event.yml
+++ b/config/events/1669902189_IncidentManagement__TimelineEvents__DestroyService_incident_management_timeline_event.yml
@@ -10,9 +10,6 @@ description: "Event migrates from Service Ping metric. Count of unique users del
product_group: platform_insights
milestone: "15.7"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/105223
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1669902383_IncidentManagement__TimelineEvents__UpdateService_incident_management_timeline_event_.yml b/config/events/1669902383_IncidentManagement__TimelineEvents__UpdateService_incident_management_timeline_event_.yml
index 3cc0c2a134a..fbe0c517a90 100644
--- a/config/events/1669902383_IncidentManagement__TimelineEvents__UpdateService_incident_management_timeline_event_.yml
+++ b/config/events/1669902383_IncidentManagement__TimelineEvents__UpdateService_incident_management_timeline_event_.yml
@@ -10,9 +10,6 @@ description: "Event migrated form Service Ping metric. Count of unique users edi
product_group: platform_insights
milestone: "15.7"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/105223
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1669902538_IssueLinks__CreateService_incident_management_incident_relate.yml b/config/events/1669902538_IssueLinks__CreateService_incident_management_incident_relate.yml
index 220280ee91e..624a6c57f10 100644
--- a/config/events/1669902538_IssueLinks__CreateService_incident_management_incident_relate.yml
+++ b/config/events/1669902538_IssueLinks__CreateService_incident_management_incident_relate.yml
@@ -10,9 +10,6 @@ description: "Count of unique users adding issues per that are related to an inc
product_group: platform_insights
milestone: "15.7"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/105223
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1669902705_IssueLinks__DestroyService_incident_management_incident_unrelate.yml b/config/events/1669902705_IssueLinks__DestroyService_incident_management_incident_unrelate.yml
index aba65faa90b..17c559352e5 100644
--- a/config/events/1669902705_IssueLinks__DestroyService_incident_management_incident_unrelate.yml
+++ b/config/events/1669902705_IssueLinks__DestroyService_incident_management_incident_unrelate.yml
@@ -10,9 +10,6 @@ milestone: "15.7"
description: "Count of unique users removing issue that are related to an incident. Migrated from Service Ping metric"
product_group: platform_insights
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/105223
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1669902889_Issues__CloseService_incident_management_incident_closed.yml b/config/events/1669902889_Issues__CloseService_incident_management_incident_closed.yml
index e0d4bd56eab..aa7e986d6da 100644
--- a/config/events/1669902889_Issues__CloseService_incident_management_incident_closed.yml
+++ b/config/events/1669902889_Issues__CloseService_incident_management_incident_closed.yml
@@ -10,9 +10,6 @@ description: "Count of users closing incidents. Migrated from Service Ping metri
product_group: platform_insights
milestone: "15.7"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/105223
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1669903092_Issues__ReopenService_incident_management_incident_reopened.yml b/config/events/1669903092_Issues__ReopenService_incident_management_incident_reopened.yml
index 9d1cb9dd6cd..05ead037129 100644
--- a/config/events/1669903092_Issues__ReopenService_incident_management_incident_reopened.yml
+++ b/config/events/1669903092_Issues__ReopenService_incident_management_incident_reopened.yml
@@ -10,9 +10,6 @@ description: "Count of unique users reopening incidents. Migrated from Service P
product_group: platform_insights
milestone: "15.7"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/105223
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1669903273_Issues__UpdateService_incident_management_incident_change_confidential.yml b/config/events/1669903273_Issues__UpdateService_incident_management_incident_change_confidential.yml
index 5da9bb9a45c..f9f5300548c 100644
--- a/config/events/1669903273_Issues__UpdateService_incident_management_incident_change_confidential.yml
+++ b/config/events/1669903273_Issues__UpdateService_incident_management_incident_change_confidential.yml
@@ -10,9 +10,6 @@ description: "Count of unique users changing incidents to confidential. Event mi
product_group: platform_insights
milestone: "15.7"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/105223
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1669903414_Issues__ZoomLinkService_incident_management_incident_zoom_meeting.yml b/config/events/1669903414_Issues__ZoomLinkService_incident_management_incident_zoom_meeting.yml
index dc98287b91c..c2170a4ec54 100644
--- a/config/events/1669903414_Issues__ZoomLinkService_incident_management_incident_zoom_meeting.yml
+++ b/config/events/1669903414_Issues__ZoomLinkService_incident_management_incident_zoom_meeting.yml
@@ -10,9 +10,6 @@ description: "Count of unique users creating Zoom meetings about incidents. Even
product_group: platform_insights
milestone: "15.7"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/105223
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1669903530_Notes__CreateService_incident_management_incident_comment.yml b/config/events/1669903530_Notes__CreateService_incident_management_incident_comment.yml
index 56e35b05a2f..f8f9cd06e6c 100644
--- a/config/events/1669903530_Notes__CreateService_incident_management_incident_comment.yml
+++ b/config/events/1669903530_Notes__CreateService_incident_management_incident_comment.yml
@@ -10,9 +10,6 @@ description: "Count of unique users adding comments on incidents. Event migrated
product_group: platform_insights
milestone: "15.7"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/105223
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1669903650_TodoService_incident_management_incident_todo.yml b/config/events/1669903650_TodoService_incident_management_incident_todo.yml
index 9bcbb1ccf2b..820e171788f 100644
--- a/config/events/1669903650_TodoService_incident_management_incident_todo.yml
+++ b/config/events/1669903650_TodoService_incident_management_incident_todo.yml
@@ -10,9 +10,6 @@ description: "Count of unique users adding incidents to the TODO list. Event mig
product_group: platform_insights
milestone: "15.7"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/105223
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1670570965_Issues__UpdateService_incident_management_incident_assigned.yml b/config/events/1670570965_Issues__UpdateService_incident_management_incident_assigned.yml
index d3879e066e3..b307e7b7ab9 100644
--- a/config/events/1670570965_Issues__UpdateService_incident_management_incident_assigned.yml
+++ b/config/events/1670570965_Issues__UpdateService_incident_management_incident_assigned.yml
@@ -10,10 +10,7 @@ identifiers:
product_group: platform_insights
milestone: "15.7"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/105223
-distributions:
-- ce
-- ee
-tiers:
+tiers:
- free
- premium
- ultimate
diff --git a/config/events/1671198983_Gitlab__UsageDataCounters__MergeRequestActivityUniqueCounter_create.yml b/config/events/1671198983_Gitlab__UsageDataCounters__MergeRequestActivityUniqueCounter_create.yml
index de6e044986d..8d2d70530b0 100644
--- a/config/events/1671198983_Gitlab__UsageDataCounters__MergeRequestActivityUniqueCounter_create.yml
+++ b/config/events/1671198983_Gitlab__UsageDataCounters__MergeRequestActivityUniqueCounter_create.yml
@@ -12,9 +12,6 @@ product_categories:
- code_review_workflow
milestone: "15.7"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/106869
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1671588492_Notes__CreateService_create_commit_comment.yml b/config/events/1671588492_Notes__CreateService_create_commit_comment.yml
index 4ecac0674f4..6531ba33253 100644
--- a/config/events/1671588492_Notes__CreateService_create_commit_comment.yml
+++ b/config/events/1671588492_Notes__CreateService_create_commit_comment.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: source_code
milestone: "15.8"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/105148
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1671713111_Users__ActivityService_perform_action.yml b/config/events/1671713111_Users__ActivityService_perform_action.yml
index be5c045dd74..f783dafa30f 100644
--- a/config/events/1671713111_Users__ActivityService_perform_action.yml
+++ b/config/events/1671713111_Users__ActivityService_perform_action.yml
@@ -7,9 +7,6 @@ identifiers:
product_group: organizations
milestone: "15.8"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/108108
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1674504208_API__PackagesHelpers_push_package_by_deploy_token.yml b/config/events/1674504208_API__PackagesHelpers_push_package_by_deploy_token.yml
index 053a1f8efe4..3e20528e10b 100644
--- a/config/events/1674504208_API__PackagesHelpers_push_package_by_deploy_token.yml
+++ b/config/events/1674504208_API__PackagesHelpers_push_package_by_deploy_token.yml
@@ -12,9 +12,6 @@ product_categories:
- package_registry
milestone: "15.9"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/108798
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1674843937_Ci__Build_create_id_tokens.yml b/config/events/1674843937_Ci__Build_create_id_tokens.yml
index 0269fee2aec..c01f6d0d866 100644
--- a/config/events/1674843937_Ci__Build_create_id_tokens.yml
+++ b/config/events/1674843937_Ci__Build_create_id_tokens.yml
@@ -12,9 +12,6 @@ product_categories:
- secrets_management
milestone: "15.9"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110422
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1675075830_API__PackagesHelpers_pull_package_by_guest.yml b/config/events/1675075830_API__PackagesHelpers_pull_package_by_guest.yml
index b9d64a9e58c..171b19c2f6b 100644
--- a/config/events/1675075830_API__PackagesHelpers_pull_package_by_guest.yml
+++ b/config/events/1675075830_API__PackagesHelpers_pull_package_by_guest.yml
@@ -12,9 +12,6 @@ product_categories:
- package_registry
milestone: "15.9"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/111372
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1675167870_Gitlab__Ci__Pipeline__Chain__Metrics_create_pipeline_with_name.yml b/config/events/1675167870_Gitlab__Ci__Pipeline__Chain__Metrics_create_pipeline_with_name.yml
index ad594fb936a..6b24a72fc4e 100644
--- a/config/events/1675167870_Gitlab__Ci__Pipeline__Chain__Metrics_create_pipeline_with_name.yml
+++ b/config/events/1675167870_Gitlab__Ci__Pipeline__Chain__Metrics_create_pipeline_with_name.yml
@@ -12,9 +12,6 @@ product_categories:
- continuous_integration
milestone: "15.9"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/109549
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/1676085625_Admin__CredentialsController_visit_compliance_credential_inventory.yml b/config/events/1676085625_Admin__CredentialsController_visit_compliance_credential_inventory.yml
index f3c1bb8c712..3a1a125c724 100644
--- a/config/events/1676085625_Admin__CredentialsController_visit_compliance_credential_inventory.yml
+++ b/config/events/1676085625_Admin__CredentialsController_visit_compliance_credential_inventory.yml
@@ -7,7 +7,5 @@ identifiers:
product_group: authentication
milestone: "15.9"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/107120
-distributions:
-- ee
tiers:
- ultimate
diff --git a/config/events/202108302307_security__ci_configuration__sast_create_service_create.yml b/config/events/202108302307_security__ci_configuration__sast_create_service_create.yml
index 74778a249f5..679115d0efa 100644
--- a/config/events/202108302307_security__ci_configuration__sast_create_service_create.yml
+++ b/config/events/202108302307_security__ci_configuration__sast_create_service_create.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: static_analysis
milestone: "13.12"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/58230
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/202108302307_security__ci_configuration__sast_create_service_update.yml b/config/events/202108302307_security__ci_configuration__sast_create_service_update.yml
index 07f85f6b56e..078da1039c3 100644
--- a/config/events/202108302307_security__ci_configuration__sast_create_service_update.yml
+++ b/config/events/202108302307_security__ci_configuration__sast_create_service_update.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: static_analysis
milestone: "13.12"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/58230
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/202108302307_security__ci_configuration__secret_detection_create_service_create.yml b/config/events/202108302307_security__ci_configuration__secret_detection_create_service_create.yml
index c183f726339..e0406bceca4 100644
--- a/config/events/202108302307_security__ci_configuration__secret_detection_create_service_create.yml
+++ b/config/events/202108302307_security__ci_configuration__secret_detection_create_service_create.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: secret_detection
milestone: "13.12"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/58230
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/202108302307_security__ci_configuration__secret_detection_create_service_update.yml b/config/events/202108302307_security__ci_configuration__secret_detection_create_service_update.yml
index 5de3e41aba8..e28e024c679 100644
--- a/config/events/202108302307_security__ci_configuration__secret_detection_create_service_update.yml
+++ b/config/events/202108302307_security__ci_configuration__secret_detection_create_service_update.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: secret_detection
milestone: "13.12"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/58230
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/202109151015_api__group_container_repositories_list_repositories.yml b/config/events/202109151015_api__group_container_repositories_list_repositories.yml
index 83df1bfe09a..b3749e8fda8 100644
--- a/config/events/202109151015_api__group_container_repositories_list_repositories.yml
+++ b/config/events/202109151015_api__group_container_repositories_list_repositories.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: container_registry
milestone: "13.5"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/41846
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/202109151015_api__project_container_repositories_delete_repository.yml b/config/events/202109151015_api__project_container_repositories_delete_repository.yml
index 3fd00f85b10..98c9bda5707 100644
--- a/config/events/202109151015_api__project_container_repositories_delete_repository.yml
+++ b/config/events/202109151015_api__project_container_repositories_delete_repository.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: container_registry
milestone: "13.5"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/41846
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/202109151015_api__project_container_repositories_delete_tag.yml b/config/events/202109151015_api__project_container_repositories_delete_tag.yml
index 25fc56d4281..1d33f042e0e 100644
--- a/config/events/202109151015_api__project_container_repositories_delete_tag.yml
+++ b/config/events/202109151015_api__project_container_repositories_delete_tag.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: container_registry
milestone: "13.5"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/41846
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/202109151015_api__project_container_repositories_delete_tag_bulk.yml b/config/events/202109151015_api__project_container_repositories_delete_tag_bulk.yml
index 89f808db5c5..b173a17d207 100644
--- a/config/events/202109151015_api__project_container_repositories_delete_tag_bulk.yml
+++ b/config/events/202109151015_api__project_container_repositories_delete_tag_bulk.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: container_registry
milestone: "13.5"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/41846
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/202109151015_api__project_container_repositories_list_repositories.yml b/config/events/202109151015_api__project_container_repositories_list_repositories.yml
index 856e47fe4f9..55b59403a0d 100644
--- a/config/events/202109151015_api__project_container_repositories_list_repositories.yml
+++ b/config/events/202109151015_api__project_container_repositories_list_repositories.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: container_registry
milestone: "13.5"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/41846
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/202109151015_api__project_container_repositories_list_tags.yml b/config/events/202109151015_api__project_container_repositories_list_tags.yml
index 69116538513..731c98bc1ef 100644
--- a/config/events/202109151015_api__project_container_repositories_list_tags.yml
+++ b/config/events/202109151015_api__project_container_repositories_list_tags.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: container_registry
milestone: "13.5"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/41846
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/202109151015_api__pypi_packages_list_package.yml b/config/events/202109151015_api__pypi_packages_list_package.yml
index 80d75106e64..6a8f32eb24f 100644
--- a/config/events/202109151015_api__pypi_packages_list_package.yml
+++ b/config/events/202109151015_api__pypi_packages_list_package.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: package_registry
milestone: "13.5"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/41846
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/202109151015_cluster_services_prometheus_disabled_manual_prometheus.yml b/config/events/202109151015_cluster_services_prometheus_disabled_manual_prometheus.yml
index 6fb6f228efb..67130da7155 100644
--- a/config/events/202109151015_cluster_services_prometheus_disabled_manual_prometheus.yml
+++ b/config/events/202109151015_cluster_services_prometheus_disabled_manual_prometheus.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: import_and_integrate
milestone: "14.0"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/62645
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/202109151015_cluster_services_prometheus_enabled_manual_prometheus.yml b/config/events/202109151015_cluster_services_prometheus_enabled_manual_prometheus.yml
index 461a496555c..8121ab17cfe 100644
--- a/config/events/202109151015_cluster_services_prometheus_enabled_manual_prometheus.yml
+++ b/config/events/202109151015_cluster_services_prometheus_enabled_manual_prometheus.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: import_and_integrate
milestone: "14.0"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/62645
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/202109151015_container_registry_notification_create_repository.yml b/config/events/202109151015_container_registry_notification_create_repository.yml
index f59a65bacc0..ba87407fadd 100644
--- a/config/events/202109151015_container_registry_notification_create_repository.yml
+++ b/config/events/202109151015_container_registry_notification_create_repository.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: container_registry
milestone: "12.10"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/27001
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/202109151015_container_registry_notification_delete_repository.yml b/config/events/202109151015_container_registry_notification_delete_repository.yml
index 9853b94a3d1..8dc5a4e5e14 100644
--- a/config/events/202109151015_container_registry_notification_delete_repository.yml
+++ b/config/events/202109151015_container_registry_notification_delete_repository.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: container_registry
milestone: "12.10"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/27001
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/202109151015_container_registry_notification_delete_tag.yml b/config/events/202109151015_container_registry_notification_delete_tag.yml
index 077c672d9f6..d9a5f67f47f 100644
--- a/config/events/202109151015_container_registry_notification_delete_tag.yml
+++ b/config/events/202109151015_container_registry_notification_delete_tag.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: container_registry
milestone: "12.10"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/27001
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/202109151015_container_registry_notification_push_repository.yml b/config/events/202109151015_container_registry_notification_push_repository.yml
index 6a3036a07b7..6cebc4784c3 100644
--- a/config/events/202109151015_container_registry_notification_push_repository.yml
+++ b/config/events/202109151015_container_registry_notification_push_repository.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: container_registry
milestone: "12.10"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/27001
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/202109151015_container_registry_notification_push_tag.yml b/config/events/202109151015_container_registry_notification_push_tag.yml
index c636fd1562c..f94fd0865d2 100644
--- a/config/events/202109151015_container_registry_notification_push_tag.yml
+++ b/config/events/202109151015_container_registry_notification_push_tag.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: container_registry
milestone: "12.10"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/27001
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/202109151015_delete_repository_container.yml b/config/events/202109151015_delete_repository_container.yml
index 04e4f5d03cb..ec79404aeed 100644
--- a/config/events/202109151015_delete_repository_container.yml
+++ b/config/events/202109151015_delete_repository_container.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: container_registry
milestone: "13.6"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/47175
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/202109151015_delete_tag_bulk_tag.yml b/config/events/202109151015_delete_tag_bulk_tag.yml
index 2d11c5f5efb..f1c4b95cffe 100644
--- a/config/events/202109151015_delete_tag_bulk_tag.yml
+++ b/config/events/202109151015_delete_tag_bulk_tag.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: container_registry
milestone: "13.7"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/48617
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/202109151015_experiment_name_initial_write.yml b/config/events/202109151015_experiment_name_initial_write.yml
index 676a0044feb..73402b9808a 100644
--- a/config/events/202109151015_experiment_name_initial_write.yml
+++ b/config/events/202109151015_experiment_name_initial_write.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: activation
milestone: "13.12"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/59713
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/202109151015_experiment_name_write.yml b/config/events/202109151015_experiment_name_write.yml
index 6ea2cf6bd42..6f84eacf47c 100644
--- a/config/events/202109151015_experiment_name_write.yml
+++ b/config/events/202109151015_experiment_name_write.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: activation
milestone: "13.12"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/59713
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/202109151015_groups__registry__repositories_controller_list_repositories.yml b/config/events/202109151015_groups__registry__repositories_controller_list_repositories.yml
index d6c5a91315c..7294b9a3cb9 100644
--- a/config/events/202109151015_groups__registry__repositories_controller_list_repositories.yml
+++ b/config/events/202109151015_groups__registry__repositories_controller_list_repositories.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: container_registry
milestone: "13.5"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/41846
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/202109151015_incident_management__zoom_integration_add_zoom_meeting.yml b/config/events/202109151015_incident_management__zoom_integration_add_zoom_meeting.yml
index 16b75412c41..92ed71807ce 100644
--- a/config/events/202109151015_incident_management__zoom_integration_add_zoom_meeting.yml
+++ b/config/events/202109151015_incident_management__zoom_integration_add_zoom_meeting.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: platform_insights
milestone: "12.4"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/18620
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/202109151015_incident_management__zoom_integration_remove_zoom_meeting.yml b/config/events/202109151015_incident_management__zoom_integration_remove_zoom_meeting.yml
index c916e60aed8..692dd20f654 100644
--- a/config/events/202109151015_incident_management__zoom_integration_remove_zoom_meeting.yml
+++ b/config/events/202109151015_incident_management__zoom_integration_remove_zoom_meeting.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: platform_insights
milestone: "12.4"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/18620
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/202109151015_list_repositories_container.yml b/config/events/202109151015_list_repositories_container.yml
index 95948f162b5..02e93fa79cd 100644
--- a/config/events/202109151015_list_repositories_container.yml
+++ b/config/events/202109151015_list_repositories_container.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: container_registry
milestone: "13.6"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/44926
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/202109151015_package_class_pull_package.yml b/config/events/202109151015_package_class_pull_package.yml
index b2caf15c270..754c986004e 100644
--- a/config/events/202109151015_package_class_pull_package.yml
+++ b/config/events/202109151015_package_class_pull_package.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: package_registry
milestone: "13.5"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/41846
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/202109151015_package_class_push_package.yml b/config/events/202109151015_package_class_push_package.yml
index 1e4871dd89b..9f9f701b34b 100644
--- a/config/events/202109151015_package_class_push_package.yml
+++ b/config/events/202109151015_package_class_push_package.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: package_registry
milestone: "13.5"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/41846
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/202109151015_projects__registry__repositories_controller_delete_repository.yml b/config/events/202109151015_projects__registry__repositories_controller_delete_repository.yml
index 20510ddaa52..42984304680 100644
--- a/config/events/202109151015_projects__registry__repositories_controller_delete_repository.yml
+++ b/config/events/202109151015_projects__registry__repositories_controller_delete_repository.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: package_registry
milestone: "13.5"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/41846
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/202109151015_projects__registry__repositories_controller_list_repositories.yml b/config/events/202109151015_projects__registry__repositories_controller_list_repositories.yml
index db87b208421..8550898d22c 100644
--- a/config/events/202109151015_projects__registry__repositories_controller_list_repositories.yml
+++ b/config/events/202109151015_projects__registry__repositories_controller_list_repositories.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: package_registry
milestone: "13.5"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/41846
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/202109151015_projects__registry__tags_controller_delete_tag.yml b/config/events/202109151015_projects__registry__tags_controller_delete_tag.yml
index 4ed55dc1311..cfe452897f8 100644
--- a/config/events/202109151015_projects__registry__tags_controller_delete_tag.yml
+++ b/config/events/202109151015_projects__registry__tags_controller_delete_tag.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: package_registry
milestone: "13.5"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/41846
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/202109151015_projects__registry__tags_controller_delete_tag_bulk.yml b/config/events/202109151015_projects__registry__tags_controller_delete_tag_bulk.yml
index 7365f37d6f1..208833fa98c 100644
--- a/config/events/202109151015_projects__registry__tags_controller_delete_tag_bulk.yml
+++ b/config/events/202109151015_projects__registry__tags_controller_delete_tag_bulk.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: package_registry
milestone: "13.5"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/41846
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/202109151015_projects__registry__tags_controller_list_tags.yml b/config/events/202109151015_projects__registry__tags_controller_list_tags.yml
index c0bcc16b2bb..aa96d914b7b 100644
--- a/config/events/202109151015_projects__registry__tags_controller_list_tags.yml
+++ b/config/events/202109151015_projects__registry__tags_controller_list_tags.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: package_registry
milestone: "13.5"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/41846
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205037_alert_integrations_view_alert_integrations_list.yml b/config/events/20210915205037_alert_integrations_view_alert_integrations_list.yml
index 15147c143a0..00b9f6c50c2 100644
--- a/config/events/20210915205037_alert_integrations_view_alert_integrations_list.yml
+++ b/config/events/20210915205037_alert_integrations_view_alert_integrations_list.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: platform_insights
milestone: "13.5"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/44549
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205038_default_click_button.yml b/config/events/20210915205038_default_click_button.yml
index ace2161187e..32489aa1942 100644
--- a/config/events/20210915205038_default_click_button.yml
+++ b/config/events/20210915205038_default_click_button.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: compliance
milestone: "13.7"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/49510
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205039_default_copy_keyboard_shortcut.yml b/config/events/20210915205039_default_copy_keyboard_shortcut.yml
index ca02e3b38c0..b1a8e7c08bc 100644
--- a/config/events/20210915205039_default_copy_keyboard_shortcut.yml
+++ b/config/events/20210915205039_default_copy_keyboard_shortcut.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: compliance
milestone: "13.7"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/49510
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205041_default_generic.yml b/config/events/20210915205041_default_generic.yml
index 44dfb7c0b29..3e2a625b506 100644
--- a/config/events/20210915205041_default_generic.yml
+++ b/config/events/20210915205041_default_generic.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: activation
milestone: "12.9"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/26605
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205100_default_execute_toolbar_control.yml b/config/events/20210915205100_default_execute_toolbar_control.yml
index 0c8d448b750..284ebe2e9d2 100644
--- a/config/events/20210915205100_default_execute_toolbar_control.yml
+++ b/config/events/20210915205100_default_execute_toolbar_control.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: remote_development
milestone: "13.12"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/61065
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205101_default_execute_keyboard_shortcut.yml b/config/events/20210915205101_default_execute_keyboard_shortcut.yml
index 9c49620192d..df25979a645 100644
--- a/config/events/20210915205101_default_execute_keyboard_shortcut.yml
+++ b/config/events/20210915205101_default_execute_keyboard_shortcut.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: remote_development
milestone: "14.0"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/61248
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205102_default_execute_input_rule.yml b/config/events/20210915205102_default_execute_input_rule.yml
index fa1999f3eea..e05f5f7bca1 100644
--- a/config/events/20210915205102_default_execute_input_rule.yml
+++ b/config/events/20210915205102_default_execute_input_rule.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: remote_development
milestone: "14.0"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/61248
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205103_default_execute_bubble_menu_control.yml b/config/events/20210915205103_default_execute_bubble_menu_control.yml
index a7747bae2cf..3c90fd8917b 100644
--- a/config/events/20210915205103_default_execute_bubble_menu_control.yml
+++ b/config/events/20210915205103_default_execute_bubble_menu_control.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: remote_development
milestone: "14.2"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/67363
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205108_default_type_search_query.yml b/config/events/20210915205108_default_type_search_query.yml
index 98d84f3551d..773fc3fb59c 100644
--- a/config/events/20210915205108_default_type_search_query.yml
+++ b/config/events/20210915205108_default_type_search_query.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: remote_development
milestone: "13.7"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/47589
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205109_default_invite_members_banner_button_clicked.yml b/config/events/20210915205109_default_invite_members_banner_button_clicked.yml
index d4bbcc254a0..b8dbbf760bf 100644
--- a/config/events/20210915205109_default_invite_members_banner_button_clicked.yml
+++ b/config/events/20210915205109_default_invite_members_banner_button_clicked.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: activation
milestone: "13.4"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/41774
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205110_default_invite_members_banner_dismissed.yml b/config/events/20210915205110_default_invite_members_banner_dismissed.yml
index 05ad40a466d..c42117c02f2 100644
--- a/config/events/20210915205110_default_invite_members_banner_dismissed.yml
+++ b/config/events/20210915205110_default_invite_members_banner_dismissed.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: activation
milestone: "13.4"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/41774
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205111_default_change_discussion_sort_direction.yml b/config/events/20210915205111_default_change_discussion_sort_direction.yml
index 07de2c23016..7b5d16ce0bc 100644
--- a/config/events/20210915205111_default_change_discussion_sort_direction.yml
+++ b/config/events/20210915205111_default_change_discussion_sort_direction.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: product_planning
milestone: "12.10"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/28717
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205112_packages_delete_package.yml b/config/events/20210915205112_packages_delete_package.yml
index cec92c2847d..cc8d6c5e684 100644
--- a/config/events/20210915205112_packages_delete_package.yml
+++ b/config/events/20210915205112_packages_delete_package.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: package_registry
milestone: "13.4"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/41668
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205113_packages_request_delete_package_file.yml b/config/events/20210915205113_packages_request_delete_package_file.yml
index 683e88848b1..5061662405a 100644
--- a/config/events/20210915205113_packages_request_delete_package_file.yml
+++ b/config/events/20210915205113_packages_request_delete_package_file.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: package_registry
milestone: "14.0"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/62179
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205114_packages_delete_package_file.yml b/config/events/20210915205114_packages_delete_package_file.yml
index dc67d0abef9..1635ac21cd1 100644
--- a/config/events/20210915205114_packages_delete_package_file.yml
+++ b/config/events/20210915205114_packages_delete_package_file.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: package_registry
milestone: "14.0"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/62179
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205115_packages_pull_package.yml b/config/events/20210915205115_packages_pull_package.yml
index 6186cbd3b63..5780ae81f85 100644
--- a/config/events/20210915205115_packages_pull_package.yml
+++ b/config/events/20210915205115_packages_pull_package.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: package_registry
milestone: "13.7"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/48451
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205116_packages_cancel_delete_package.yml b/config/events/20210915205116_packages_cancel_delete_package.yml
index 0c9e34f798f..a9ba956c5e0 100644
--- a/config/events/20210915205116_packages_cancel_delete_package.yml
+++ b/config/events/20210915205116_packages_cancel_delete_package.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: package_registry
milestone: "14.0"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/62179
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205117_packages_cancel_delete_package_file.yml b/config/events/20210915205117_packages_cancel_delete_package_file.yml
index b814be73885..217a768cc4d 100644
--- a/config/events/20210915205117_packages_cancel_delete_package_file.yml
+++ b/config/events/20210915205117_packages_cancel_delete_package_file.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: package_registry
milestone: "14.0"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/62179
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205118_default_copy_composer_registry_include_command.yml b/config/events/20210915205118_default_copy_composer_registry_include_command.yml
index faaddcc216a..389c19a6089 100644
--- a/config/events/20210915205118_default_copy_composer_registry_include_command.yml
+++ b/config/events/20210915205118_default_copy_composer_registry_include_command.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: package_registry
milestone: "13.3"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/38779
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205119_default_copy_composer_package_include_command.yml b/config/events/20210915205119_default_copy_composer_package_include_command.yml
index 3e185271bd7..94c071f719a 100644
--- a/config/events/20210915205119_default_copy_composer_package_include_command.yml
+++ b/config/events/20210915205119_default_copy_composer_package_include_command.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: package_registry
milestone: "13.3"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/38779
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205125_default_copy_gradle_install_command.yml b/config/events/20210915205125_default_copy_gradle_install_command.yml
index 2a788f816a8..e0f5cd0e37f 100644
--- a/config/events/20210915205125_default_copy_gradle_install_command.yml
+++ b/config/events/20210915205125_default_copy_gradle_install_command.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: package_registry
milestone: "13.10"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/55738
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205126_default_copy_gradle_add_to_source_command.yml b/config/events/20210915205126_default_copy_gradle_add_to_source_command.yml
index 6c29bb1de8c..a7c35b6218b 100644
--- a/config/events/20210915205126_default_copy_gradle_add_to_source_command.yml
+++ b/config/events/20210915205126_default_copy_gradle_add_to_source_command.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: package_registry
milestone: "13.10"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/55738
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205127_default_copy_kotlin_install_command.yml b/config/events/20210915205127_default_copy_kotlin_install_command.yml
index 2fd5cde991e..ef2735ac504 100644
--- a/config/events/20210915205127_default_copy_kotlin_install_command.yml
+++ b/config/events/20210915205127_default_copy_kotlin_install_command.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: package_registry
milestone: "13.12"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/60097
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205128_default_copy_kotlin_add_to_source_command.yml b/config/events/20210915205128_default_copy_kotlin_add_to_source_command.yml
index f9262b956fd..8c6506d5173 100644
--- a/config/events/20210915205128_default_copy_kotlin_add_to_source_command.yml
+++ b/config/events/20210915205128_default_copy_kotlin_add_to_source_command.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: package_registry
milestone: "13.12"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/60097
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205140_default_reset_form.yml b/config/events/20210915205140_default_reset_form.yml
index fe9df5397a7..3ea0fb9c26b 100644
--- a/config/events/20210915205140_default_reset_form.yml
+++ b/config/events/20210915205140_default_reset_form.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: container_registry
milestone: "12.8"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/23844
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205141_default_submit_form.yml b/config/events/20210915205141_default_submit_form.yml
index a761402b9d6..6709edbfe95 100644
--- a/config/events/20210915205141_default_submit_form.yml
+++ b/config/events/20210915205141_default_submit_form.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: container_registry
milestone: "12.8"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/23844
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205142_default_click_dismiss.yml b/config/events/20210915205142_default_click_dismiss.yml
index 63cd84258e9..6c3b1c52e9c 100644
--- a/config/events/20210915205142_default_click_dismiss.yml
+++ b/config/events/20210915205142_default_click_dismiss.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: activation
milestone: "13.4"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/39752
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205143_default_show_home_page_banner.yml b/config/events/20210915205143_default_show_home_page_banner.yml
index 79d051c4f61..85ff6a24b9c 100644
--- a/config/events/20210915205143_default_show_home_page_banner.yml
+++ b/config/events/20210915205143_default_show_home_page_banner.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: activation
milestone: "13.4"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/39752
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205145_default_content_editor_loaded.yml b/config/events/20210915205145_default_content_editor_loaded.yml
index 45f73f37730..7eee79d39b3 100644
--- a/config/events/20210915205145_default_content_editor_loaded.yml
+++ b/config/events/20210915205145_default_content_editor_loaded.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: remote_development
milestone: "14.0"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/62919
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205146_default_saved_using_content_editor.yml b/config/events/20210915205146_default_saved_using_content_editor.yml
index 117469511bb..e12b506d0b7 100644
--- a/config/events/20210915205146_default_saved_using_content_editor.yml
+++ b/config/events/20210915205146_default_saved_using_content_editor.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: remote_development
milestone: "14.0"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/62919
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205147_default_browse_templates.yml b/config/events/20210915205147_default_browse_templates.yml
index 240fecdfb6a..a6b6259af1a 100644
--- a/config/events/20210915205147_default_browse_templates.yml
+++ b/config/events/20210915205147_default_browse_templates.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: pipeline_authoring
milestone: "14.1"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/64349
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205148_default_template_clicked.yml b/config/events/20210915205148_default_template_clicked.yml
index 4a4f35cd5ae..e9e8c355529 100644
--- a/config/events/20210915205148_default_template_clicked.yml
+++ b/config/events/20210915205148_default_template_clicked.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: activation
milestone: "13.11"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/58808
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205149_default_dismiss_banner.yml b/config/events/20210915205149_default_dismiss_banner.yml
index c1461a603d9..63375308441 100644
--- a/config/events/20210915205149_default_dismiss_banner.yml
+++ b/config/events/20210915205149_default_dismiss_banner.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: environments
milestone: "14.3"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68467
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205150_default_click_button.yml b/config/events/20210915205150_default_click_button.yml
index 9c860330321..52b41f7336b 100644
--- a/config/events/20210915205150_default_click_button.yml
+++ b/config/events/20210915205150_default_click_button.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: environments
milestone: "14.3"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68467
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205151_default_click_dropdown.yml b/config/events/20210915205151_default_click_dropdown.yml
index 3965cf53c3c..027c01d393a 100644
--- a/config/events/20210915205151_default_click_dropdown.yml
+++ b/config/events/20210915205151_default_click_dropdown.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: container_registry
milestone: "12.10"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/27990
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205152_default_click_copy_login.yml b/config/events/20210915205152_default_click_copy_login.yml
index 7ee0bdf3201..0ef86660f17 100644
--- a/config/events/20210915205152_default_click_copy_login.yml
+++ b/config/events/20210915205152_default_click_copy_login.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: container_registry
milestone: "12.10"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/27990
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205153_default_click_copy_build.yml b/config/events/20210915205153_default_click_copy_build.yml
index 6966529180d..23c17f7726b 100644
--- a/config/events/20210915205153_default_click_copy_build.yml
+++ b/config/events/20210915205153_default_click_copy_build.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: container_registry
milestone: "12.10"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/27990
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205154_default_click_copy_push.yml b/config/events/20210915205154_default_click_copy_push.yml
index 3f596b793d6..421c8e72cf4 100644
--- a/config/events/20210915205154_default_click_copy_push.yml
+++ b/config/events/20210915205154_default_click_copy_push.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: container_registry
milestone: "12.10"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/27990
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205155_default_click_button.yml b/config/events/20210915205155_default_click_button.yml
index b96deca1a51..c1d1001fcd7 100644
--- a/config/events/20210915205155_default_click_button.yml
+++ b/config/events/20210915205155_default_click_button.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: package_registry
milestone: "12.8"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/23154
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205156_default_confirm_delete.yml b/config/events/20210915205156_default_confirm_delete.yml
index 85fa1884537..197333b83ed 100644
--- a/config/events/20210915205156_default_confirm_delete.yml
+++ b/config/events/20210915205156_default_confirm_delete.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: package_registry
milestone: "12.8"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/23154
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205157_default_cancel_delete.yml b/config/events/20210915205157_default_cancel_delete.yml
index ef7402a4754..bdbb57d715d 100644
--- a/config/events/20210915205157_default_cancel_delete.yml
+++ b/config/events/20210915205157_default_cancel_delete.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: package_registry
milestone: "12.8"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/23154
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205158_default_click_button.yml b/config/events/20210915205158_default_click_button.yml
index 3d0ea91b66c..113c648885a 100644
--- a/config/events/20210915205158_default_click_button.yml
+++ b/config/events/20210915205158_default_click_button.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: package_registry
milestone: "12.8"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/23154
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205159_default_confirm_delete.yml b/config/events/20210915205159_default_confirm_delete.yml
index a85c4f32c50..d4fe09f9824 100644
--- a/config/events/20210915205159_default_confirm_delete.yml
+++ b/config/events/20210915205159_default_confirm_delete.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: package_registry
milestone: "12.8"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/23154
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205200_default_cancel_delete.yml b/config/events/20210915205200_default_cancel_delete.yml
index 83908d0778a..2cebd769180 100644
--- a/config/events/20210915205200_default_cancel_delete.yml
+++ b/config/events/20210915205200_default_cancel_delete.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: package_registry
milestone: "12.8"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/23154
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205202_default_generic.yml b/config/events/20210915205202_default_generic.yml
index 082016fb8f8..67cdac92064 100644
--- a/config/events/20210915205202_default_generic.yml
+++ b/config/events/20210915205202_default_generic.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: activation
milestone: "13.12"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/35069
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205203_default_click_tab.yml b/config/events/20210915205203_default_click_tab.yml
index 2c78fd08964..d54c0111bdc 100644
--- a/config/events/20210915205203_default_click_tab.yml
+++ b/config/events/20210915205203_default_click_tab.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: import_and_integrate
milestone: "13.12"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/59452
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205204_default_click_whats_new_drawer.yml b/config/events/20210915205204_default_click_whats_new_drawer.yml
index 282c0609886..0cf385a4b05 100644
--- a/config/events/20210915205204_default_click_whats_new_drawer.yml
+++ b/config/events/20210915205204_default_click_whats_new_drawer.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: activation
milestone: "13.5"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/42653
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20210915205207_default_click_dropdown.yml b/config/events/20210915205207_default_click_dropdown.yml
index 4bc0d9c4c00..670681ede5a 100644
--- a/config/events/20210915205207_default_click_dropdown.yml
+++ b/config/events/20210915205207_default_click_dropdown.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: product_planning
milestone: "14.0"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/63765
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20211215022206_default_click_button.yml b/config/events/20211215022206_default_click_button.yml
index e76fd983974..cccf8f182c1 100644
--- a/config/events/20211215022206_default_click_button.yml
+++ b/config/events/20211215022206_default_click_button.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: analytics_instrumentation
milestone:
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/73809
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20211215022206_default_click_link.yml b/config/events/20211215022206_default_click_link.yml
index e4098ad49ca..5780110f99f 100644
--- a/config/events/20211215022206_default_click_link.yml
+++ b/config/events/20211215022206_default_click_link.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: environments
milestone: "13.12"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/57160
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20211215022206_default_click_menu.yml b/config/events/20211215022206_default_click_menu.yml
index 284b6b02f3b..b66135b2a80 100644
--- a/config/events/20211215022206_default_click_menu.yml
+++ b/config/events/20211215022206_default_click_menu.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: remote_development
milestone: "14.0"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/62030
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20211215022206_default_click_menu_item.yml b/config/events/20211215022206_default_click_menu_item.yml
index 64cb78ea6d3..9500da4f380 100644
--- a/config/events/20211215022206_default_click_menu_item.yml
+++ b/config/events/20211215022206_default_click_menu_item.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: remote_development
milestone: "14.0"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/62030
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20211215022206_default_comment_button_title_button_click_button.yml b/config/events/20211215022206_default_comment_button_title_button_click_button.yml
index 561143217e3..e9182da6931 100644
--- a/config/events/20211215022206_default_comment_button_title_button_click_button.yml
+++ b/config/events/20211215022206_default_comment_button_title_button_click_button.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: product_planning
milestone: "13.10"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/50933
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20211215022206_default_create_or_import_a_repository_click_link.yml b/config/events/20211215022206_default_create_or_import_a_repository_click_link.yml
index bb045096977..086ddfbf10c 100644
--- a/config/events/20211215022206_default_create_or_import_a_repository_click_link.yml
+++ b/config/events/20211215022206_default_create_or_import_a_repository_click_link.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: acquisition
milestone: "13.12"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/58689
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20211215022206_default_create_value_stream_form_open_click_button.yml b/config/events/20211215022206_default_create_value_stream_form_open_click_button.yml
index bddad1f49ac..18c3e55fe50 100644
--- a/config/events/20211215022206_default_create_value_stream_form_open_click_button.yml
+++ b/config/events/20211215022206_default_create_value_stream_form_open_click_button.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: optimize
milestone: "14.0"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/62865
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20211215022206_default_create_value_stream_form_open_click_dropdown.yml b/config/events/20211215022206_default_create_value_stream_form_open_click_dropdown.yml
index c8841a5e8d9..fdbd09484f9 100644
--- a/config/events/20211215022206_default_create_value_stream_form_open_click_dropdown.yml
+++ b/config/events/20211215022206_default_create_value_stream_form_open_click_dropdown.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: optimize
milestone: "14.0"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/62865
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20211215022206_default_delete_value_stream_form_open_click_dropdown.yml b/config/events/20211215022206_default_delete_value_stream_form_open_click_dropdown.yml
index a8cadaa8213..eaaa268677d 100644
--- a/config/events/20211215022206_default_delete_value_stream_form_open_click_dropdown.yml
+++ b/config/events/20211215022206_default_delete_value_stream_form_open_click_dropdown.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: optimize
milestone: "14.0"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/62865
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20211215022206_default_diff_copy_file_path_button_click_copy_file_button.yml b/config/events/20211215022206_default_diff_copy_file_path_button_click_copy_file_button.yml
index c59fa48a57e..d66c3c0fb19 100644
--- a/config/events/20211215022206_default_diff_copy_file_path_button_click_copy_file_button.yml
+++ b/config/events/20211215022206_default_diff_copy_file_path_button_click_copy_file_button.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: code_review
milestone:
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/73809
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20211215022206_default_diff_toggle_external_button_click_toggle_external_button.yml b/config/events/20211215022206_default_diff_toggle_external_button_click_toggle_external_button.yml
index b64f112c54b..264c86a53d6 100644
--- a/config/events/20211215022206_default_diff_toggle_external_button_click_toggle_external_button.yml
+++ b/config/events/20211215022206_default_diff_toggle_external_button_click_toggle_external_button.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: code_review
milestone:
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/73809
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20211215022206_default_edit_assignee_click_invite_members.yml b/config/events/20211215022206_default_edit_assignee_click_invite_members.yml
index 7dee382d38d..694773832d3 100644
--- a/config/events/20211215022206_default_edit_assignee_click_invite_members.yml
+++ b/config/events/20211215022206_default_edit_assignee_click_invite_members.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: activation
milestone: "14.0"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/62505
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20211215022206_default_edit_reviewer_click_invite_members.yml b/config/events/20211215022206_default_edit_reviewer_click_invite_members.yml
index 0052068153b..1cc08562546 100644
--- a/config/events/20211215022206_default_edit_reviewer_click_invite_members.yml
+++ b/config/events/20211215022206_default_edit_reviewer_click_invite_members.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: activation
milestone: "14.0"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/62505
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20211215022206_default_edit_value_stream_form_open_click_button.yml b/config/events/20211215022206_default_edit_value_stream_form_open_click_button.yml
index cf467f0c9dd..297f2e88caa 100644
--- a/config/events/20211215022206_default_edit_value_stream_form_open_click_button.yml
+++ b/config/events/20211215022206_default_edit_value_stream_form_open_click_button.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: optimize
milestone: "14.0"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/62865
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20211215022206_default_environment_actions_click_dropdown.yml b/config/events/20211215022206_default_environment_actions_click_dropdown.yml
index eea3fd0fa25..a73aed4cae3 100644
--- a/config/events/20211215022206_default_environment_actions_click_dropdown.yml
+++ b/config/events/20211215022206_default_environment_actions_click_dropdown.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: environments
milestone: "14.2"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/66968
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20211215022206_default_environment_delete_click_button.yml b/config/events/20211215022206_default_environment_delete_click_button.yml
index 6883bfb74c3..e342938da65 100644
--- a/config/events/20211215022206_default_environment_delete_click_button.yml
+++ b/config/events/20211215022206_default_environment_delete_click_button.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: environments
milestone: "14.2"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/66968
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20211215022206_default_environment_monitoring_click_button.yml b/config/events/20211215022206_default_environment_monitoring_click_button.yml
index 76fad3bcd79..09445861d1d 100644
--- a/config/events/20211215022206_default_environment_monitoring_click_button.yml
+++ b/config/events/20211215022206_default_environment_monitoring_click_button.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: environments
milestone: "14.2"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/66968
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20211215022206_default_environment_pin_click_button.yml b/config/events/20211215022206_default_environment_pin_click_button.yml
index 2dae73dbf96..2d953a47796 100644
--- a/config/events/20211215022206_default_environment_pin_click_button.yml
+++ b/config/events/20211215022206_default_environment_pin_click_button.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: environments
milestone: "14.2"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/66968
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20211215022206_default_environment_rollback_click_button.yml b/config/events/20211215022206_default_environment_rollback_click_button.yml
index f867f9d2894..3c06b965ad0 100644
--- a/config/events/20211215022206_default_environment_rollback_click_button.yml
+++ b/config/events/20211215022206_default_environment_rollback_click_button.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: environments
milestone: "14.2"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/66968
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20211215022206_default_environment_stop_click_button.yml b/config/events/20211215022206_default_environment_stop_click_button.yml
index 0c10b9060ad..b94d482a90c 100644
--- a/config/events/20211215022206_default_environment_stop_click_button.yml
+++ b/config/events/20211215022206_default_environment_stop_click_button.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: environments
milestone: "14.2"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/66968
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20211215022206_default_environment_terminal_click_button.yml b/config/events/20211215022206_default_environment_terminal_click_button.yml
index 6ff803036d1..412d0adb5e9 100644
--- a/config/events/20211215022206_default_environment_terminal_click_button.yml
+++ b/config/events/20211215022206_default_environment_terminal_click_button.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: environments
milestone: "14.2"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/66968
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20211215022206_default_environment_url_click_button.yml b/config/events/20211215022206_default_environment_url_click_button.yml
index aacb39e4fc0..cfe215b0f55 100644
--- a/config/events/20211215022206_default_environment_url_click_button.yml
+++ b/config/events/20211215022206_default_environment_url_click_button.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: environments
milestone: "14.2"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/66968
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20211215022206_default_export_issuable_type_csv_click_button.yml b/config/events/20211215022206_default_export_issuable_type_csv_click_button.yml
index 9266e49b1f7..1e7e69c6785 100644
--- a/config/events/20211215022206_default_export_issuable_type_csv_click_button.yml
+++ b/config/events/20211215022206_default_export_issuable_type_csv_click_button.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: optimize
milestone: "13.10"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54214
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20211215022206_default_feature_flag_toggle_click_button.yml b/config/events/20211215022206_default_feature_flag_toggle_click_button.yml
index 6a2d659da12..97411937caf 100644
--- a/config/events/20211215022206_default_feature_flag_toggle_click_button.yml
+++ b/config/events/20211215022206_default_feature_flag_toggle_click_button.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: environments
milestone: "13.4"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/40023
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20211215022206_default_feature_title_click_whats_new_item.yml b/config/events/20211215022206_default_feature_title_click_whats_new_item.yml
index ddd51b906fb..61fd9d33056 100644
--- a/config/events/20211215022206_default_feature_title_click_whats_new_item.yml
+++ b/config/events/20211215022206_default_feature_title_click_whats_new_item.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: activation
milestone: "13.12"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/60804
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20211215022206_default_home_page_click_go_to_preferences.yml b/config/events/20211215022206_default_home_page_click_go_to_preferences.yml
index eed8f7e866a..5dfe58d69fe 100644
--- a/config/events/20211215022206_default_home_page_click_go_to_preferences.yml
+++ b/config/events/20211215022206_default_home_page_click_go_to_preferences.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: analytics_instrumentation
milestone:
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/73809
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20211215022206_default_mr_next_unresolved_thread_click_button.yml b/config/events/20211215022206_default_mr_next_unresolved_thread_click_button.yml
index 050992073f7..f3defca37ce 100644
--- a/config/events/20211215022206_default_mr_next_unresolved_thread_click_button.yml
+++ b/config/events/20211215022206_default_mr_next_unresolved_thread_click_button.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: analytics_instrumentation
milestone:
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/73809
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20211215022206_default_mr_widget_terraform_mr_plan_button_click_terraform_mr_plan_button.yml b/config/events/20211215022206_default_mr_widget_terraform_mr_plan_button_click_terraform_mr_plan_button.yml
index 63f38d10196..10da966e651 100644
--- a/config/events/20211215022206_default_mr_widget_terraform_mr_plan_button_click_terraform_mr_plan_button.yml
+++ b/config/events/20211215022206_default_mr_widget_terraform_mr_plan_button_click_terraform_mr_plan_button.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: environments
milestone: "13.2"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/34392
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20211215022206_default_no_pipeline_noticed_click_button.yml b/config/events/20211215022206_default_no_pipeline_noticed_click_button.yml
index 4fe9f7399ac..361e727d2bf 100644
--- a/config/events/20211215022206_default_no_pipeline_noticed_click_button.yml
+++ b/config/events/20211215022206_default_no_pipeline_noticed_click_button.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: activation
milestone: "12.9"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/23823
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20211215022206_default_reply_comment_button_click_button.yml b/config/events/20211215022206_default_reply_comment_button_click_button.yml
index ae0675f91ff..ee1cb462d87 100644
--- a/config/events/20211215022206_default_reply_comment_button_click_button.yml
+++ b/config/events/20211215022206_default_reply_comment_button_click_button.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: product_planning
milestone: "13.9"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/53753
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20211215022206_default_review_app_open_review_app.yml b/config/events/20211215022206_default_review_app_open_review_app.yml
index 10c0927c589..6e91f333c87 100644
--- a/config/events/20211215022206_default_review_app_open_review_app.yml
+++ b/config/events/20211215022206_default_review_app_open_review_app.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: pipeline_execution
milestone: "12.6"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/18141
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20211215022206_default_right_sidebar_click_edit_button.yml b/config/events/20211215022206_default_right_sidebar_click_edit_button.yml
index 5adcbf2686a..64a0002f625 100644
--- a/config/events/20211215022206_default_right_sidebar_click_edit_button.yml
+++ b/config/events/20211215022206_default_right_sidebar_click_edit_button.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: code_review
milestone:
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/73809
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20211215022206_default_search_autocomplete_suggestion_click_text.yml b/config/events/20211215022206_default_search_autocomplete_suggestion_click_text.yml
index 9ff9a152ba8..0d2d79396e1 100644
--- a/config/events/20211215022206_default_search_autocomplete_suggestion_click_text.yml
+++ b/config/events/20211215022206_default_search_autocomplete_suggestion_click_text.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: global_search
milestone: "13.4"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/40822
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20211215022206_default_show_labels_toggle.yml b/config/events/20211215022206_default_show_labels_toggle.yml
index b9cca826c22..ae89b6a8996 100644
--- a/config/events/20211215022206_default_show_labels_toggle.yml
+++ b/config/events/20211215022206_default_show_labels_toggle.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: project_management
milestone:
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/73809
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20211215022206_default_slugged_stream_name_click_dropdown.yml b/config/events/20211215022206_default_slugged_stream_name_click_dropdown.yml
index e6b77c08311..3a03ef008be 100644
--- a/config/events/20211215022206_default_slugged_stream_name_click_dropdown.yml
+++ b/config/events/20211215022206_default_slugged_stream_name_click_dropdown.yml
@@ -6,9 +6,6 @@ identifiers:
product_group: optimize
milestone: "14.0"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/62865
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20230228151130_invite_members_modal_click_cancel.yml b/config/events/20230228151130_invite_members_modal_click_cancel.yml
index 0f8fcc7a2dd..31e92b23a56 100644
--- a/config/events/20230228151130_invite_members_modal_click_cancel.yml
+++ b/config/events/20230228151130_invite_members_modal_click_cancel.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: activation
milestone: "15.10"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/112958
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20230228151130_invite_members_modal_click_x.yml b/config/events/20230228151130_invite_members_modal_click_x.yml
index 00dfa4823c9..4f691ea2312 100644
--- a/config/events/20230228151130_invite_members_modal_click_x.yml
+++ b/config/events/20230228151130_invite_members_modal_click_x.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: activation
milestone: "15.10"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/112958
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20230228151130_invite_members_modal_invite_successful.yml b/config/events/20230228151130_invite_members_modal_invite_successful.yml
index fe2a36a348b..3b16eba10af 100644
--- a/config/events/20230228151130_invite_members_modal_invite_successful.yml
+++ b/config/events/20230228151130_invite_members_modal_invite_successful.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: activation
milestone: "15.10"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/112958
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20230228151130_invite_members_modal_render.yml b/config/events/20230228151130_invite_members_modal_render.yml
index 9846fb46dde..6272bef3668 100644
--- a/config/events/20230228151130_invite_members_modal_render.yml
+++ b/config/events/20230228151130_invite_members_modal_render.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: activation
milestone: "15.10"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/112958
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20230321151607_github_create.yml b/config/events/20230321151607_github_create.yml
index 36d477e7fbf..a4f2205f872 100644
--- a/config/events/20230321151607_github_create.yml
+++ b/config/events/20230321151607_github_create.yml
@@ -16,10 +16,7 @@ product_categories:
- importers
milestone: "15.10"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/112062
-distributions:
-- ce
-- ee
-tiers:
+tiers:
- free
- premium
- ultimate
diff --git a/config/events/20230327141223_API__NpmProjectPackages_list_tags.yml b/config/events/20230327141223_API__NpmProjectPackages_list_tags.yml
index d173318c85a..cee2503a07b 100644
--- a/config/events/20230327141223_API__NpmProjectPackages_list_tags.yml
+++ b/config/events/20230327141223_API__NpmProjectPackages_list_tags.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: package_registry
milestone: "15.11"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/115545
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20230327141524_API__NpmProjectPackages_create_tag.yml b/config/events/20230327141524_API__NpmProjectPackages_create_tag.yml
index 46a10de65b4..37bace558aa 100644
--- a/config/events/20230327141524_API__NpmProjectPackages_create_tag.yml
+++ b/config/events/20230327141524_API__NpmProjectPackages_create_tag.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: package_registry
milestone: "15.11"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/115545
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20230327141627_API__NpmProjectPackages_delete_tag.yml b/config/events/20230327141627_API__NpmProjectPackages_delete_tag.yml
index a6459cb0462..fa72f16f28b 100644
--- a/config/events/20230327141627_API__NpmProjectPackages_delete_tag.yml
+++ b/config/events/20230327141627_API__NpmProjectPackages_delete_tag.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: package_registry
milestone: "15.11"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/115545
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20230327142004_API__NpmInstancePackages_list_tags.yml b/config/events/20230327142004_API__NpmInstancePackages_list_tags.yml
index bcc62b7a681..8bcc52e9202 100644
--- a/config/events/20230327142004_API__NpmInstancePackages_list_tags.yml
+++ b/config/events/20230327142004_API__NpmInstancePackages_list_tags.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: package_registry
milestone: "15.11"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/115545
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20230327142151_API__NpmInstancePackages_create_tag.yml b/config/events/20230327142151_API__NpmInstancePackages_create_tag.yml
index c4ef41b0aa0..9433dadd4ca 100644
--- a/config/events/20230327142151_API__NpmInstancePackages_create_tag.yml
+++ b/config/events/20230327142151_API__NpmInstancePackages_create_tag.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: package_registry
milestone: "15.11"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/115545
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20230327142237_API__NpmInstancePackages_delete_tag.yml b/config/events/20230327142237_API__NpmInstancePackages_delete_tag.yml
index dffebeccab7..42050774412 100644
--- a/config/events/20230327142237_API__NpmInstancePackages_delete_tag.yml
+++ b/config/events/20230327142237_API__NpmInstancePackages_delete_tag.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: package_registry
milestone: "15.11"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/115545
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20230407142541_Gitlab__GithubGistsImport__ImportGistWorker_create.yml b/config/events/20230407142541_Gitlab__GithubGistsImport__ImportGistWorker_create.yml
index 15a837b7360..c5d95a1514b 100644
--- a/config/events/20230407142541_Gitlab__GithubGistsImport__ImportGistWorker_create.yml
+++ b/config/events/20230407142541_Gitlab__GithubGistsImport__ImportGistWorker_create.yml
@@ -13,10 +13,7 @@ product_categories:
- importers
milestone: "15.11"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/117057
-distributions:
-- ce
-- ee
-tiers:
+tiers:
- free
- premium
- ultimate
diff --git a/config/events/20230727165222_default_save_markdown.yml b/config/events/20230727165222_default_save_markdown.yml
index ec5cbcf1bf6..647be4f2c5c 100644
--- a/config/events/20230727165222_default_save_markdown.yml
+++ b/config/events/20230727165222_default_save_markdown.yml
@@ -7,9 +7,6 @@ identifiers:
product_group: knowledge
milestone: "16.3"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/127218
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20230727180523_default_click_consolidated_edit.yml b/config/events/20230727180523_default_click_consolidated_edit.yml
index 92f2ca15c35..3afa271a4ba 100644
--- a/config/events/20230727180523_default_click_consolidated_edit.yml
+++ b/config/events/20230727180523_default_click_consolidated_edit.yml
@@ -7,9 +7,6 @@ identifiers:
product_group: remote_development
milestone: "16.3"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/127163
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20230807084242_InternalEventTracking_g_edit_by_snippet_ide.yml b/config/events/20230807084242_InternalEventTracking_g_edit_by_snippet_ide.yml
index a2712ad6593..172b46c0315 100644
--- a/config/events/20230807084242_InternalEventTracking_g_edit_by_snippet_ide.yml
+++ b/config/events/20230807084242_InternalEventTracking_g_edit_by_snippet_ide.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: source_code
milestone: "16.3"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/128592
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20230807084603_InternalEventTracking_g_edit_by_web_ide.yml b/config/events/20230807084603_InternalEventTracking_g_edit_by_web_ide.yml
index 5b6af45f955..2eecfaa294d 100644
--- a/config/events/20230807084603_InternalEventTracking_g_edit_by_web_ide.yml
+++ b/config/events/20230807084603_InternalEventTracking_g_edit_by_web_ide.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: source_code
milestone: "16.3"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/128592
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/20230808041008_InternalEventTracking_g_edit_by_sfe.yml b/config/events/20230808041008_InternalEventTracking_g_edit_by_sfe.yml
index 6e960193eaa..5611aaf501a 100644
--- a/config/events/20230808041008_InternalEventTracking_g_edit_by_sfe.yml
+++ b/config/events/20230808041008_InternalEventTracking_g_edit_by_sfe.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: source_code
milestone: "16.3"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/128592
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/accepted.yml b/config/events/accepted.yml
index f29cc446fb9..1e4759249e5 100644
--- a/config/events/accepted.yml
+++ b/config/events/accepted.yml
@@ -8,9 +8,6 @@ identifiers:
product_group: acquisition
milestone: '14.0'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/164498
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/agent_users_using_ci_tunnel.yml b/config/events/agent_users_using_ci_tunnel.yml
index 86b7877f5a7..4642aa605a1 100644
--- a/config/events/agent_users_using_ci_tunnel.yml
+++ b/config/events/agent_users_using_ci_tunnel.yml
@@ -9,9 +9,6 @@ identifiers:
product_group: environments
milestone: '16.8'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/140038
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/apply_wiki_template.yml b/config/events/apply_wiki_template.yml
index 733b4c544cc..634b6751599 100644
--- a/config/events/apply_wiki_template.yml
+++ b/config/events/apply_wiki_template.yml
@@ -9,9 +9,6 @@ identifiers:
product_group: knowledge
milestone: '17.3'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/161130
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/assignment.yml b/config/events/assignment.yml
index 951676fe754..6adb88b52dc 100644
--- a/config/events/assignment.yml
+++ b/config/events/assignment.yml
@@ -7,9 +7,6 @@ identifiers:
product_group: activation
milestone: '14.0'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/169895
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/authorize_job_token_with_disabled_scope.yml b/config/events/authorize_job_token_with_disabled_scope.yml
index fd242ad74f9..1ea657f2de7 100644
--- a/config/events/authorize_job_token_with_disabled_scope.yml
+++ b/config/events/authorize_job_token_with_disabled_scope.yml
@@ -11,9 +11,6 @@ additional_properties:
product_group: pipeline_security
milestone: '17.7'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/173400
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/bitbucket_sso.yml b/config/events/bitbucket_sso.yml
index b4ef3b45fc8..d23ead95feb 100644
--- a/config/events/bitbucket_sso.yml
+++ b/config/events/bitbucket_sso.yml
@@ -6,8 +6,6 @@ identifiers:
product_group: authentication
milestone: '15.7'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/168787
-distributions:
-- ce
tiers:
- free
- premium
diff --git a/config/events/change_allow_force_push.yml b/config/events/change_allow_force_push.yml
index da2871fa304..f66dd158b10 100644
--- a/config/events/change_allow_force_push.yml
+++ b/config/events/change_allow_force_push.yml
@@ -9,13 +9,10 @@ identifiers:
product_group: source_code
milestone: '17.3'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/160591
-distributions:
-- ce
-- ee
tiers:
- free
- premium
- ultimate
additional_properties:
label:
- description: location where the event happened - repository_settings or branch_rule_details
+ description: location where the event happened - repository_settings or branch_rule_details
diff --git a/config/events/change_allowed_to_merge.yml b/config/events/change_allowed_to_merge.yml
index 44b8772c1e8..098aab2d4a6 100644
--- a/config/events/change_allowed_to_merge.yml
+++ b/config/events/change_allowed_to_merge.yml
@@ -9,13 +9,10 @@ identifiers:
product_group: source_code
milestone: '17.3'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/160591
-distributions:
-- ce
-- ee
tiers:
- free
- premium
- ultimate
additional_properties:
label:
- description: location where the event happened - repository_settings or branch_rule_details
+ description: location where the event happened - repository_settings or branch_rule_details
diff --git a/config/events/change_allowed_to_push_and_merge.yml b/config/events/change_allowed_to_push_and_merge.yml
index de141e8f4e9..31f667a16f3 100644
--- a/config/events/change_allowed_to_push_and_merge.yml
+++ b/config/events/change_allowed_to_push_and_merge.yml
@@ -9,13 +9,10 @@ identifiers:
product_group: source_code
milestone: '17.3'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/160591
-distributions:
-- ce
-- ee
tiers:
- free
- premium
- ultimate
additional_properties:
label:
- description: location where the event happened - repository_settings or branch_rule_details
+ description: location where the event happened - repository_settings or branch_rule_details
diff --git a/config/events/change_branch_rule_target.yml b/config/events/change_branch_rule_target.yml
index 3bcb1c49d6b..4c435727529 100644
--- a/config/events/change_branch_rule_target.yml
+++ b/config/events/change_branch_rule_target.yml
@@ -9,14 +9,11 @@ identifiers:
product_group: source_code
milestone: '17.3'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/160591
-distributions:
-- ce
-- ee
tiers:
- free
- premium
- ultimate
additional_properties:
label:
- description: location where the event happened - repository_settings or branch_rule_details
+ description: location where the event happened - repository_settings or branch_rule_details
diff --git a/config/events/change_require_codeowner_approval.yml b/config/events/change_require_codeowner_approval.yml
index 228a90e4577..e7dbf72775f 100644
--- a/config/events/change_require_codeowner_approval.yml
+++ b/config/events/change_require_codeowner_approval.yml
@@ -9,9 +9,6 @@ identifiers:
product_group: source_code
milestone: '17.3'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/160591
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/ci_catalog_component_included.yml b/config/events/ci_catalog_component_included.yml
index 084ebc12b05..ee0bbb9568c 100644
--- a/config/events/ci_catalog_component_included.yml
+++ b/config/events/ci_catalog_component_included.yml
@@ -12,9 +12,6 @@ identifiers:
product_group: pipeline_authoring
milestone: '16.11'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/146834
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/ci_template_included.yml b/config/events/ci_template_included.yml
index 534f0f34a3e..ac706d8c56d 100644
--- a/config/events/ci_template_included.yml
+++ b/config/events/ci_template_included.yml
@@ -10,9 +10,6 @@ identifiers:
product_group: pipeline_authoring
milestone: "16.5"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/132819
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/cli_metadata.yml b/config/events/cli_metadata.yml
index e74b93b12a1..8aba4924ade 100644
--- a/config/events/cli_metadata.yml
+++ b/config/events/cli_metadata.yml
@@ -8,8 +8,6 @@ identifiers:
product_group: package_registry
milestone: '13.5'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/41846#note_419970912
-distributions:
-- ce
tiers:
- free
- premium
diff --git a/config/events/click_all_gitlab_scoped_search_to_advanced_search.yml b/config/events/click_all_gitlab_scoped_search_to_advanced_search.yml
index 3fd16dea7ec..f1d391bb799 100644
--- a/config/events/click_all_gitlab_scoped_search_to_advanced_search.yml
+++ b/config/events/click_all_gitlab_scoped_search_to_advanced_search.yml
@@ -8,9 +8,6 @@ identifiers:
product_group: global_search
milestone: '17.1'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/154395
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/click_blame_control_on_blob_page.yml b/config/events/click_blame_control_on_blob_page.yml
index 1cf303dffec..1ac58f90869 100644
--- a/config/events/click_blame_control_on_blob_page.yml
+++ b/config/events/click_blame_control_on_blob_page.yml
@@ -9,9 +9,6 @@ identifiers:
product_group: source_code
milestone: '16.11'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/147673
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/click_blob_results_show_more_less.yml b/config/events/click_blob_results_show_more_less.yml
index 482a427d322..88a4435c41c 100644
--- a/config/events/click_blob_results_show_more_less.yml
+++ b/config/events/click_blob_results_show_more_less.yml
@@ -14,9 +14,6 @@ additional_properties:
product_group: global_search
milestone: '17.4'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/161308
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/click_chunk_blame_on_blob_page.yml b/config/events/click_chunk_blame_on_blob_page.yml
index 12bc33c5972..a745797a2a8 100644
--- a/config/events/click_chunk_blame_on_blob_page.yml
+++ b/config/events/click_chunk_blame_on_blob_page.yml
@@ -9,9 +9,6 @@ identifiers:
product_group: source_code
milestone: '16.11'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/147673
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/click_clipboard_button_in_multimatch_file_header.yml b/config/events/click_clipboard_button_in_multimatch_file_header.yml
index 743c0e59ef5..5c06d139e96 100644
--- a/config/events/click_clipboard_button_in_multimatch_file_header.yml
+++ b/config/events/click_clipboard_button_in_multimatch_file_header.yml
@@ -9,9 +9,6 @@ identifiers:
product_group: global_search
milestone: '17.4'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/161308
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/click_commands_sub_menu_in_command_palette.yml b/config/events/click_commands_sub_menu_in_command_palette.yml
index e882401cff9..3a172e46c8d 100644
--- a/config/events/click_commands_sub_menu_in_command_palette.yml
+++ b/config/events/click_commands_sub_menu_in_command_palette.yml
@@ -8,9 +8,6 @@ identifiers:
product_group: global_search
milestone: '17.1'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/154150
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/click_comment_filter_toggle_bot_comments_in_mr.yml b/config/events/click_comment_filter_toggle_bot_comments_in_mr.yml
index b2fcb8bb4c5..7a34ff1ce74 100644
--- a/config/events/click_comment_filter_toggle_bot_comments_in_mr.yml
+++ b/config/events/click_comment_filter_toggle_bot_comments_in_mr.yml
@@ -9,9 +9,6 @@ identifiers:
product_group: code_review
milestone: '17.0'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/146940
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/click_comment_filter_toggle_user_comments_in_mr.yml b/config/events/click_comment_filter_toggle_user_comments_in_mr.yml
index 7ddf5433761..76e8f668a86 100644
--- a/config/events/click_comment_filter_toggle_user_comments_in_mr.yml
+++ b/config/events/click_comment_filter_toggle_user_comments_in_mr.yml
@@ -9,9 +9,6 @@ identifiers:
product_group: code_review
milestone: '17.0'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/146939
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/click_delete_pod.yml b/config/events/click_delete_pod.yml
index 160ac914f33..fb5e3b3e9f7 100644
--- a/config/events/click_delete_pod.yml
+++ b/config/events/click_delete_pod.yml
@@ -14,9 +14,6 @@ additional_properties:
product_group: environments
milestone: '17.3'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/160635
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/click_dismiss_button_jenkins_migration_callout.yml b/config/events/click_dismiss_button_jenkins_migration_callout.yml
index aea61006af1..9e136895347 100644
--- a/config/events/click_dismiss_button_jenkins_migration_callout.yml
+++ b/config/events/click_dismiss_button_jenkins_migration_callout.yml
@@ -9,9 +9,6 @@ identifiers:
product_group: pipeline_execution
milestone: '17.1'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/153344
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/click_expand_panel_on_settings.yml b/config/events/click_expand_panel_on_settings.yml
index de4cc0443f3..586259dac9c 100644
--- a/config/events/click_expand_panel_on_settings.yml
+++ b/config/events/click_expand_panel_on_settings.yml
@@ -9,9 +9,6 @@ identifiers:
product_group: personal_productivity
milestone: '16.11'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/issues/451458
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/click_explore_in_command_palette.yml b/config/events/click_explore_in_command_palette.yml
index 6494a878f71..2c0606e4c90 100644
--- a/config/events/click_explore_in_command_palette.yml
+++ b/config/events/click_explore_in_command_palette.yml
@@ -8,9 +8,6 @@ identifiers:
product_group: global_search
milestone: '17.1'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/154395
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/click_find_file_button_on_repository_pages.yml b/config/events/click_find_file_button_on_repository_pages.yml
index b2cf16b238f..7557b177859 100644
--- a/config/events/click_find_file_button_on_repository_pages.yml
+++ b/config/events/click_find_file_button_on_repository_pages.yml
@@ -9,9 +9,6 @@ identifiers:
product_group: source_code
milestone: '17.1'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/155457
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/click_frequent_group_in_command_palette.yml b/config/events/click_frequent_group_in_command_palette.yml
index 31abc40fcb1..38585e7a245 100644
--- a/config/events/click_frequent_group_in_command_palette.yml
+++ b/config/events/click_frequent_group_in_command_palette.yml
@@ -8,9 +8,6 @@ identifiers:
product_group: global_search
milestone: '17.1'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/154150
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/click_frequent_project_in_command_palette.yml b/config/events/click_frequent_project_in_command_palette.yml
index 50a5135a307..064e2071702 100644
--- a/config/events/click_frequent_project_in_command_palette.yml
+++ b/config/events/click_frequent_project_in_command_palette.yml
@@ -8,9 +8,6 @@ identifiers:
product_group: global_search
milestone: '17.1'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/154150
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/click_go_to_file_shortcut.yml b/config/events/click_go_to_file_shortcut.yml
index 3fbb3028518..edb1b317bed 100644
--- a/config/events/click_go_to_file_shortcut.yml
+++ b/config/events/click_go_to_file_shortcut.yml
@@ -9,9 +9,6 @@ identifiers:
product_group: source_code
milestone: '17.1'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/155457
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/click_group_result_in_command_palette.yml b/config/events/click_group_result_in_command_palette.yml
index a5604d1396e..4e04696ecc3 100644
--- a/config/events/click_group_result_in_command_palette.yml
+++ b/config/events/click_group_result_in_command_palette.yml
@@ -8,9 +8,6 @@ identifiers:
product_group: global_search
milestone: '17.1'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/151657
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/click_group_scoped_search_to_advanced_search.yml b/config/events/click_group_scoped_search_to_advanced_search.yml
index 1fbc0d0d6f5..a3c1fd64cdd 100644
--- a/config/events/click_group_scoped_search_to_advanced_search.yml
+++ b/config/events/click_group_scoped_search_to_advanced_search.yml
@@ -8,9 +8,6 @@ identifiers:
product_group: global_search
milestone: '17.1'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/154395
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/click_header_link_of_blob_result.yml b/config/events/click_header_link_of_blob_result.yml
index a8eff68ca11..eb20d4827c3 100644
--- a/config/events/click_header_link_of_blob_result.yml
+++ b/config/events/click_header_link_of_blob_result.yml
@@ -9,9 +9,6 @@ identifiers:
product_group: global_search
milestone: '17.4'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/161308
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/click_history_control_on_blob_page.yml b/config/events/click_history_control_on_blob_page.yml
index 2d54771b4ea..89c2ddf6fe1 100644
--- a/config/events/click_history_control_on_blob_page.yml
+++ b/config/events/click_history_control_on_blob_page.yml
@@ -9,9 +9,6 @@ identifiers:
product_group: source_code
milestone: '16.11'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/147673
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/click_issue_result_in_command_palette.yml b/config/events/click_issue_result_in_command_palette.yml
index 6c6d2fb53e9..f716e3e5eb1 100644
--- a/config/events/click_issue_result_in_command_palette.yml
+++ b/config/events/click_issue_result_in_command_palette.yml
@@ -8,9 +8,6 @@ identifiers:
product_group: global_search
milestone: '17.1'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/154576
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/click_issues_assigned_to_me_in_command_palette.yml b/config/events/click_issues_assigned_to_me_in_command_palette.yml
index 2dee45296d9..ddcc5a9bc6f 100644
--- a/config/events/click_issues_assigned_to_me_in_command_palette.yml
+++ b/config/events/click_issues_assigned_to_me_in_command_palette.yml
@@ -8,9 +8,6 @@ identifiers:
product_group: global_search
milestone: '17.1'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/147919
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/click_issues_i_created_in_command_palette.yml b/config/events/click_issues_i_created_in_command_palette.yml
index 5a328f56f7f..18ece6adabb 100644
--- a/config/events/click_issues_i_created_in_command_palette.yml
+++ b/config/events/click_issues_i_created_in_command_palette.yml
@@ -8,9 +8,6 @@ identifiers:
product_group: global_search
milestone: '17.1'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/147919
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/click_merge_request_result_in_command_palette.yml b/config/events/click_merge_request_result_in_command_palette.yml
index c054e49f080..724ced74c76 100644
--- a/config/events/click_merge_request_result_in_command_palette.yml
+++ b/config/events/click_merge_request_result_in_command_palette.yml
@@ -8,9 +8,6 @@ identifiers:
product_group: global_search
milestone: '17.1'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/154576
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/click_merge_requests_assigned_to_me_in_command_palette.yml b/config/events/click_merge_requests_assigned_to_me_in_command_palette.yml
index 6a60a99a2f9..21f5bea6974 100644
--- a/config/events/click_merge_requests_assigned_to_me_in_command_palette.yml
+++ b/config/events/click_merge_requests_assigned_to_me_in_command_palette.yml
@@ -8,9 +8,6 @@ identifiers:
product_group: global_search
milestone: '17.1'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/147919
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/click_merge_requests_i_created_in_command_palette.yml b/config/events/click_merge_requests_i_created_in_command_palette.yml
index 97f1b0cba80..1c7ac15d30e 100644
--- a/config/events/click_merge_requests_i_created_in_command_palette.yml
+++ b/config/events/click_merge_requests_i_created_in_command_palette.yml
@@ -8,9 +8,6 @@ identifiers:
product_group: global_search
milestone: '17.1'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/147919
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/click_merge_requests_that_im_a_reviewer_in_command_palette.yml b/config/events/click_merge_requests_that_im_a_reviewer_in_command_palette.yml
index 5d9d89d148b..07b42fe7f5d 100644
--- a/config/events/click_merge_requests_that_im_a_reviewer_in_command_palette.yml
+++ b/config/events/click_merge_requests_that_im_a_reviewer_in_command_palette.yml
@@ -8,9 +8,6 @@ identifiers:
product_group: global_search
milestone: '17.1'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/147919
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/click_new_project_projects_explore.yml b/config/events/click_new_project_projects_explore.yml
index 317bcdf84fd..8e83ad3dbf7 100644
--- a/config/events/click_new_project_projects_explore.yml
+++ b/config/events/click_new_project_projects_explore.yml
@@ -7,9 +7,6 @@ identifiers:
product_group: organizations
milestone: '17.3'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/158282
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/click_outside_of_command_palette.yml b/config/events/click_outside_of_command_palette.yml
index d14942f42c5..069f4242702 100644
--- a/config/events/click_outside_of_command_palette.yml
+++ b/config/events/click_outside_of_command_palette.yml
@@ -8,9 +8,6 @@ identifiers:
product_group: global_search
milestone: '17.1'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/151681
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/click_preferences_in_command_palette.yml b/config/events/click_preferences_in_command_palette.yml
index e71b603accb..58e27a4a0b5 100644
--- a/config/events/click_preferences_in_command_palette.yml
+++ b/config/events/click_preferences_in_command_palette.yml
@@ -8,9 +8,6 @@ identifiers:
product_group: global_search
milestone: '17.1'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/154395
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/click_previous_blame_on_blob_page.yml b/config/events/click_previous_blame_on_blob_page.yml
index 8200ef94de7..fa28269496b 100644
--- a/config/events/click_previous_blame_on_blob_page.yml
+++ b/config/events/click_previous_blame_on_blob_page.yml
@@ -9,9 +9,6 @@ identifiers:
product_group: source_code
milestone: '16.11'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/147673
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/click_print_as_pdf_in_wiki_page.yml b/config/events/click_print_as_pdf_in_wiki_page.yml
index bd4afb4d43c..c48cada3ad4 100644
--- a/config/events/click_print_as_pdf_in_wiki_page.yml
+++ b/config/events/click_print_as_pdf_in_wiki_page.yml
@@ -9,9 +9,6 @@ identifiers:
product_group: knowledge
milestone: '17.4'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/161978
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/click_profile_in_command_palette.yml b/config/events/click_profile_in_command_palette.yml
index 5b31a01ffa4..1bd8f8e5d00 100644
--- a/config/events/click_profile_in_command_palette.yml
+++ b/config/events/click_profile_in_command_palette.yml
@@ -8,9 +8,6 @@ identifiers:
product_group: global_search
milestone: '17.1'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/154395
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/click_project_result_in_command_palette.yml b/config/events/click_project_result_in_command_palette.yml
index d0abfe5e267..a8c43aaceef 100644
--- a/config/events/click_project_result_in_command_palette.yml
+++ b/config/events/click_project_result_in_command_palette.yml
@@ -8,9 +8,6 @@ identifiers:
product_group: global_search
milestone: '17.1'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/151655
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/click_project_scoped_search_to_advanced_search.yml b/config/events/click_project_scoped_search_to_advanced_search.yml
index 7b330607485..e3f442f25a2 100644
--- a/config/events/click_project_scoped_search_to_advanced_search.yml
+++ b/config/events/click_project_scoped_search_to_advanced_search.yml
@@ -8,9 +8,6 @@ identifiers:
product_group: global_search
milestone: '17.1'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/154395
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/events/click_project_setting_in_command_palette.yml b/config/events/click_project_setting_in_command_palette.yml
index 52fe6d8618a..b23f5da10f2 100644
--- a/config/events/click_project_setting_in_command_palette.yml
+++ b/config/events/click_project_setting_in_command_palette.yml
@@ -12,9 +12,6 @@ additional_properties:
product_group: personal_productivity
milestone: '17.4'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/163735
-distributions:
-- ce
-- ee
tiers:
- free
- premium
diff --git a/config/feature_flags/gitlab_com_derisk/ci_async_build_hooks_execution.yml b/config/feature_flags/gitlab_com_derisk/ci_async_build_hooks_execution.yml
new file mode 100644
index 00000000000..3a029edb775
--- /dev/null
+++ b/config/feature_flags/gitlab_com_derisk/ci_async_build_hooks_execution.yml
@@ -0,0 +1,9 @@
+---
+name: ci_async_build_hooks_execution
+feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/499290
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177706
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/512832
+milestone: '17.9'
+group: group::pipeline authoring
+type: gitlab_com_derisk
+default_enabled: false
diff --git a/config/feature_flags/gitlab_com_derisk/derisk_user_access_level_in_git_hook.yml b/config/feature_flags/gitlab_com_derisk/derisk_user_access_level_in_git_hook.yml
new file mode 100644
index 00000000000..8bfd766fea5
--- /dev/null
+++ b/config/feature_flags/gitlab_com_derisk/derisk_user_access_level_in_git_hook.yml
@@ -0,0 +1,9 @@
+---
+name: derisk_user_access_level_in_git_hook
+feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/497152
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176156
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/512882
+milestone: '17.9'
+group: group::personal productivity
+type: gitlab_com_derisk
+default_enabled: false
diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb
index 79552083ada..bdcc83921d4 100644
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -817,9 +817,6 @@ Gitlab.ee do
Settings.cron_jobs['elastic_index_bulk_cron_worker'] ||= {}
Settings.cron_jobs['elastic_index_bulk_cron_worker']['cron'] ||= '*/1 * * * *'
Settings.cron_jobs['elastic_index_bulk_cron_worker']['job_class'] ||= 'ElasticIndexBulkCronWorker'
- Settings.cron_jobs['elastic_indexing_control_worker'] ||= {}
- Settings.cron_jobs['elastic_indexing_control_worker']['cron'] ||= '*/1 * * * *'
- Settings.cron_jobs['elastic_indexing_control_worker']['job_class'] ||= 'ElasticIndexingControlWorker'
Settings.cron_jobs['elastic_index_embedding_bulk_cron_worker'] ||= {}
Settings.cron_jobs['elastic_index_embedding_bulk_cron_worker']['cron'] ||= '*/1 * * * *'
Settings.cron_jobs['elastic_index_embedding_bulk_cron_worker']['job_class'] ||= 'Search::ElasticIndexEmbeddingBulkCronWorker'
diff --git a/config/sidekiq_queues.yml b/config/sidekiq_queues.yml
index e44d845d079..0ff45997cb2 100644
--- a/config/sidekiq_queues.yml
+++ b/config/sidekiq_queues.yml
@@ -189,6 +189,8 @@
- 1
- - ci_destroy_old_pipelines
- 1
+- - ci_execute_build_hooks
+ - 1
- - ci_initialize_pipelines_iid_sequence
- 1
- - ci_job_artifacts_expire_project_build_artifacts
diff --git a/db/docs/operations_strategies_user_lists.yml b/db/docs/operations_strategies_user_lists.yml
index f93c69ad22d..e907488e0dc 100644
--- a/db/docs/operations_strategies_user_lists.yml
+++ b/db/docs/operations_strategies_user_lists.yml
@@ -8,14 +8,6 @@ description: https://docs.gitlab.com/ee/operations/feature_flags.html#user-list
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/30243
milestone: '13.0'
gitlab_schema: gitlab_main_cell
-desired_sharding_key:
- project_id:
- references: projects
- backfill_via:
- parent:
- foreign_key: user_list_id
- table: operations_user_lists
- sharding_key: project_id
- belongs_to: user_list
-desired_sharding_key_migration_job_name: BackfillOperationsStrategiesUserListsProjectId
table_size: small
+sharding_key:
+ project_id: projects
diff --git a/db/post_migrate/20250109070247_add_operations_strategies_user_lists_project_id_not_null_constraint.rb b/db/post_migrate/20250109070247_add_operations_strategies_user_lists_project_id_not_null_constraint.rb
new file mode 100644
index 00000000000..585001707e3
--- /dev/null
+++ b/db/post_migrate/20250109070247_add_operations_strategies_user_lists_project_id_not_null_constraint.rb
@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+class AddOperationsStrategiesUserListsProjectIdNotNullConstraint < Gitlab::Database::Migration[2.2]
+ disable_ddl_transaction!
+ milestone '17.9'
+
+ def up
+ add_not_null_constraint :operations_strategies_user_lists, :project_id
+ end
+
+ def down
+ remove_not_null_constraint :operations_strategies_user_lists, :project_id
+ end
+end
diff --git a/db/schema_migrations/20250109070247 b/db/schema_migrations/20250109070247
new file mode 100644
index 00000000000..bfc5b2bbe55
--- /dev/null
+++ b/db/schema_migrations/20250109070247
@@ -0,0 +1 @@
+1b50ee93b3bbbe07f14a21202e7264001f560c41a7e363b716bd5d6bdd342495
\ No newline at end of file
diff --git a/db/structure.sql b/db/structure.sql
index 6ac39ec938c..5ca626681eb 100644
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -16809,7 +16809,8 @@ CREATE TABLE operations_strategies_user_lists (
id bigint NOT NULL,
strategy_id bigint NOT NULL,
user_list_id bigint NOT NULL,
- project_id bigint
+ project_id bigint,
+ CONSTRAINT check_be4b61e4d3 CHECK ((project_id IS NOT NULL))
);
CREATE SEQUENCE operations_strategies_user_lists_id_seq
diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md
index aadec987a17..f324a843c9b 100644
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -3736,6 +3736,30 @@ Input type: `CreateComplianceRequirementInput`
| `errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. |
| `requirement` | [`ComplianceRequirement`](#compliancerequirement) | Created compliance requirement. |
+### `Mutation.createComplianceRequirementsControl`
+
+DETAILS:
+**Introduced** in GitLab 17.9.
+**Status**: Experiment.
+
+Input type: `CreateComplianceRequirementsControlInput`
+
+#### Arguments
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
+| `complianceRequirementId` | [`ComplianceManagementComplianceFrameworkComplianceRequirementID!`](#compliancemanagementcomplianceframeworkcompliancerequirementid) | Global ID of the compliance requirement of the new control. |
+| `params` | [`ComplianceRequirementsControlInput!`](#compliancerequirementscontrolinput) | Parameters to create the compliance requirement control. |
+
+#### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
+| `errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. |
+| `requirementsControl` | [`ComplianceRequirementsControl`](#compliancerequirementscontrol) | Created compliance requirements control. |
+
### `Mutation.createContainerProtectionRepositoryRule`
Creates a repository protection rule to restrict access to a project's container registry.
@@ -13367,6 +13391,29 @@ The edge type for [`ComplianceRequirement`](#compliancerequirement).
| `cursor` | [`String!`](#string) | A cursor for use in pagination. |
| `node` | [`ComplianceRequirement`](#compliancerequirement) | The item at the end of the edge. |
+#### `ComplianceRequirementsControlConnection`
+
+The connection type for [`ComplianceRequirementsControl`](#compliancerequirementscontrol).
+
+##### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| `edges` | [`[ComplianceRequirementsControlEdge]`](#compliancerequirementscontroledge) | A list of edges. |
+| `nodes` | [`[ComplianceRequirementsControl]`](#compliancerequirementscontrol) | A list of nodes. |
+| `pageInfo` | [`PageInfo!`](#pageinfo) | Information to aid in pagination. |
+
+#### `ComplianceRequirementsControlEdge`
+
+The edge type for [`ComplianceRequirementsControl`](#compliancerequirementscontrol).
+
+##### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| `cursor` | [`String!`](#string) | A cursor for use in pagination. |
+| `node` | [`ComplianceRequirementsControl`](#compliancerequirementscontrol) | The item at the end of the edge. |
+
#### `ComplianceStandardsAdherenceConnection`
The connection type for [`ComplianceStandardsAdherence`](#compliancestandardsadherence).
@@ -21721,6 +21768,7 @@ Represents a ComplianceRequirement associated with a ComplianceFramework.
| Name | Type | Description |
| ---- | ---- | ----------- |
+| `complianceRequirementsControls` | [`ComplianceRequirementsControlConnection`](#compliancerequirementscontrolconnection) | Compliance controls of the compliance requirement. (see [Connections](#connections)) |
| `controlExpression` | [`String`](#string) | Control expression of the compliance requirement. |
| `description` | [`String!`](#string) | Description of the compliance requirement. |
| `id` | [`ID!`](#id) | Compliance requirement ID. |
@@ -21737,6 +21785,19 @@ Lists down all the possible types of requirement controls.
| ---- | ---- | ----------- |
| `controlExpressions` | [`[ControlExpression!]!`](#controlexpression) | List of requirement controls. |
+### `ComplianceRequirementsControl`
+
+Represents a ComplianceRequirementsControl associated with a ComplianceRequirement.
+
+#### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| `controlType` | [`String!`](#string) | Type of the compliance control. |
+| `expression` | [`String`](#string) | Expression of the compliance control. |
+| `id` | [`ID!`](#id) | Compliance requirements control ID. |
+| `name` | [`String!`](#string) | Name of the compliance control. |
+
### `ComplianceStandardsAdherence`
Compliance standards adherence for a project.
@@ -44818,6 +44879,15 @@ Attributes for defining a CI/CD variable.
| `description` | [`String`](#string) | New description for the compliance requirement. |
| `name` | [`String`](#string) | New name for the compliance requirement. |
+### `ComplianceRequirementsControlInput`
+
+#### Arguments
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| `expression` | [`String`](#string) | Expression of the compliance control. |
+| `name` | [`String`](#string) | New name for the compliance requirement control. |
+
### `ComplianceStandardsAdherenceInput`
#### Arguments
diff --git a/doc/ci/jobs/fine_grained_permissions.md b/doc/ci/jobs/fine_grained_permissions.md
new file mode 100644
index 00000000000..e6820f8bf4d
--- /dev/null
+++ b/doc/ci/jobs/fine_grained_permissions.md
@@ -0,0 +1,181 @@
+---
+stage: Software Supply Chain Security
+group: Pipeline Security
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+
+
+# Fine-grained permissions for CI/CD job tokens
+
+DETAILS:
+**Tier:** Free, Premium, Ultimate
+**Offering:** GitLab.com, GitLab Self-Managed, GitLab Dedicated
+
+## Available API endpoints
+
+The following endpoints are available for CI job tokens.
+You can use fine-grained permissions to explicitly allow access to a limited set of the following API endpoints.
+
+`None` means fine-grained permissions cannot control access to this endpoint.
+
+| Permissions | Permission Names | Path | Description |
+| ----------- | ---------------- | ---- | ----------- |
+| Deployments: Read and write | `ADMIN_DEPLOYMENTS` | `DELETE /projects/:id/deployments/:deployment_id` | Delete a specific deployment |
+| Deployments: Read and write | `ADMIN_DEPLOYMENTS` | `POST /projects/:id/deployments/:deployment_id/approval` | Approve or reject a blocked deployment |
+| Deployments: Read and write | `ADMIN_DEPLOYMENTS` | `PUT /projects/:id/deployments/:deployment_id` | Update a deployment |
+| Deployments: Read and write, Environments: Read and write | `ADMIN_DEPLOYMENTS`, `ADMIN_ENVIRONMENTS` | `POST /projects/:id/deployments` | Create a deployment |
+| Deployments: Read | `READ_DEPLOYMENTS` | `GET /projects/:id/deployments/:deployment_id/merge_requests` | List of merge requests associated with a deployment |
+| Deployments: Read | `READ_DEPLOYMENTS` | `GET /projects/:id/deployments/:deployment_id` | Get a specific deployment |
+| Deployments: Read | `READ_DEPLOYMENTS` | `GET /projects/:id/deployments` | List project deployments |
+| Environments: Read and write | `ADMIN_ENVIRONMENTS` | `DELETE /projects/:id/environments/:environment_id` | Delete an environment |
+| Environments: Read and write | `ADMIN_ENVIRONMENTS` | `DELETE /projects/:id/environments/review_apps` | Delete multiple stopped review apps |
+| Environments: Read and write | `ADMIN_ENVIRONMENTS` | `POST /projects/:id/environments/:environment_id/stop` | Stop an environment |
+| Environments: Read and write | `ADMIN_ENVIRONMENTS` | `POST /projects/:id/environments/stop_stale` | Stop stale environments |
+| Environments: Read and write | `ADMIN_ENVIRONMENTS` | `POST /projects/:id/environments` | Create a new environment |
+| Environments: Read and write | `ADMIN_ENVIRONMENTS` | `PUT /projects/:id/environments/:environment_id` | Update an existing environment |
+| Environments: Read | `READ_ENVIRONMENTS` | `GET /projects/:id/environments/:environment_id` | Get a specific environment |
+| Environments: Read | `READ_ENVIRONMENTS` | `GET /projects/:id/environments` | List environments |
+| Jobs: Read and write | `ADMIN_JOBS` | `PUT /projects/:id/pipelines/:pipeline_id/metadata` | Updates pipeline metadata |
+| Jobs: Read | `READ_JOBS` | `GET /jobs/:id/artifacts` | Download the artifacts file for job |
+| Jobs: Read | `READ_JOBS` | `GET /projects/:id/jobs/:job_id/artifacts/*artifact_path` | Download a specific file from artifacts archive |
+| Jobs: Read | `READ_JOBS` | `GET /projects/:id/jobs/:job_id/artifacts` | Download the artifacts archive from a job |
+| Jobs: Read | `READ_JOBS` | `GET /projects/:id/jobs/artifacts/:ref_name/download` | Download the artifacts archive from a job |
+| Jobs: Read | `READ_JOBS` | `GET /projects/:id/jobs/artifacts/:ref_name/raw/*artifact_path` | Download a specific file from artifacts archive from a ref |
+| None | | `DELETE /projects/:id/registry/repositories/:repository_id/tags/:tag_name` | Delete repository tag |
+| None | | `DELETE /projects/:id/registry/repositories/:repository_id/tags` | Delete repository tags (in bulk) |
+| None | | `DELETE /projects/:id/registry/repositories/:repository_id` | Delete repository |
+| None | | `GET /group/:id/-/packages/composer/*package_name` | Composer packages endpoint at group level for package versions metadata |
+| None | | `GET /group/:id/-/packages/composer/p/:sha` | Composer packages endpoint at group level for packages list |
+| None | | `GET /group/:id/-/packages/composer/p2/*package_name` | Composer v2 packages p2 endpoint at group level for package versions metadata |
+| None | | `GET /group/:id/-/packages/composer/packages` | Composer packages endpoint at group level |
+| None | | `GET /groups/:id/-/packages/pypi/simple/*package_name` | The PyPi Simple Group Package Endpoint |
+| None | | `GET /groups/:id/-/packages/pypi/simple` | The PyPi Simple Group Index Endpoint |
+| None | | `GET /job/allowed_agents` | Get current agents |
+| None | | `GET /job` | Get current job using job token |
+| None | | `GET /packages/conan/v1/conans/search` | Search for packages |
+| None | | `GET /packages/conan/v1/ping` | Ping the Conan API |
+| None | | `GET /packages/conan/v1/users/authenticate` | Authenticate user against conan CLI |
+| None | | `GET /packages/conan/v1/users/check_credentials` | Check for valid user credentials per conan CLI |
+| None | | `GET /projects/:id/packages/conan/v1/conans/search` | Search for packages |
+| None | | `GET /projects/:id/packages/conan/v1/ping` | Ping the Conan API |
+| None | | `GET /projects/:id/packages/conan/v1/users/authenticate` | Authenticate user against conan CLI |
+| None | | `GET /projects/:id/packages/conan/v1/users/check_credentials` | Check for valid user credentials per conan CLI |
+| None | | `GET /projects/:id/packages/conan/v2/conans/search` | Search for packages |
+| None | | `GET /projects/:id/packages/conan/v2/users/check_credentials` | Check for valid user credentials per conan CLI |
+| None | | `GET /projects/:id/registry/repositories/:repository_id/tags/:tag_name` | Get details about a repository tag |
+| None | | `GET /projects/:id/registry/repositories/:repository_id/tags` | List tags of a repository |
+| None | | `GET /projects/:id/registry/repositories` | List container repositories within a project |
+| None | | `POST /internal/dast/site_validations/:id/transition` | Transitions a DAST site validation to a new state. |
+| Packages: Read and write | `ADMIN_PACKAGES` | `DELETE /groups/:id/-/packages/npm/-/package/*package_name/dist-tags/:tag` | Deletes the given tag |
+| Packages: Read and write | `ADMIN_PACKAGES` | `DELETE /packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel` | Delete Package |
+| Packages: Read and write | `ADMIN_PACKAGES` | `DELETE /packages/npm/-/package/*package_name/dist-tags/:tag` | Deletes the given tag |
+| Packages: Read and write | `ADMIN_PACKAGES` | `DELETE /projects/:id/packages/:package_id/package_files/:package_file_id` | Delete a package file |
+| Packages: Read and write | `ADMIN_PACKAGES` | `DELETE /projects/:id/packages/:package_id` | Delete a project package |
+| Packages: Read and write | `ADMIN_PACKAGES` | `DELETE /projects/:id/packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel` | Delete Package |
+| Packages: Read and write | `ADMIN_PACKAGES` | `DELETE /projects/:id/packages/npm/-/package/*package_name/dist-tags/:tag` | Deletes the given tag |
+| Packages: Read and write | `ADMIN_PACKAGES` | `POST /projects/:id/packages/composer` | Composer packages endpoint for registering packages |
+| Packages: Read and write | `ADMIN_PACKAGES` | `POST /projects/:id/packages/pypi/authorize` | Authorize the PyPi package upload from workhorse |
+| Packages: Read and write | `ADMIN_PACKAGES` | `POST /projects/:id/packages/pypi` | The PyPi Package upload endpoint |
+| Packages: Read and write | `ADMIN_PACKAGES` | `PUT /groups/:id/-/packages/npm/-/package/*package_name/dist-tags/:tag` | Create or Update the given tag for the given NPM package and version |
+| Packages: Read and write | `ADMIN_PACKAGES` | `PUT /packages/conan/v1/files/:package_name/:package_version/:package_username/:package_channel/:recipe_revision/export/:file_name/authorize` | Workhorse authorize the conan recipe file |
+| Packages: Read and write | `ADMIN_PACKAGES` | `PUT /packages/conan/v1/files/:package_name/:package_version/:package_username/:package_channel/:recipe_revision/export/:file_name` | Upload recipe package files |
+| Packages: Read and write | `ADMIN_PACKAGES` | `PUT /packages/conan/v1/files/:package_name/:package_version/:package_username/:package_channel/:recipe_revision/package/:conan_package_reference/:package_revision/:file_name/authorize` | Workhorse authorize the conan package file |
+| Packages: Read and write | `ADMIN_PACKAGES` | `PUT /packages/conan/v1/files/:package_name/:package_version/:package_username/:package_channel/:recipe_revision/package/:conan_package_reference/:package_revision/:file_name` | Upload package files |
+| Packages: Read and write | `ADMIN_PACKAGES` | `PUT /packages/npm/-/package/*package_name/dist-tags/:tag` | Create or Update the given tag for the given NPM package and version |
+| Packages: Read and write | `ADMIN_PACKAGES` | `PUT /projects/:id/packages/conan/v1/files/:package_name/:package_version/:package_username/:package_channel/:recipe_revision/export/:file_name/authorize` | Workhorse authorize the conan recipe file |
+| Packages: Read and write | `ADMIN_PACKAGES` | `PUT /projects/:id/packages/conan/v1/files/:package_name/:package_version/:package_username/:package_channel/:recipe_revision/export/:file_name` | Upload recipe package files |
+| Packages: Read and write | `ADMIN_PACKAGES` | `PUT /projects/:id/packages/conan/v1/files/:package_name/:package_version/:package_username/:package_channel/:recipe_revision/package/:conan_package_reference/:package_revision/:file_name/authorize` | Workhorse authorize the conan package file |
+| Packages: Read and write | `ADMIN_PACKAGES` | `PUT /projects/:id/packages/conan/v1/files/:package_name/:package_version/:package_username/:package_channel/:recipe_revision/package/:conan_package_reference/:package_revision/:file_name` | Upload package files |
+| Packages: Read and write | `ADMIN_PACKAGES` | `PUT /projects/:id/packages/generic/:package_name/*package_version/(*path/):file_name/authorize` | Workhorse authorize generic package file |
+| Packages: Read and write | `ADMIN_PACKAGES` | `PUT /projects/:id/packages/generic/:package_name/*package_version/(*path/):file_name` | Upload package file |
+| Packages: Read and write | `ADMIN_PACKAGES` | `PUT /projects/:id/packages/maven/*path/:file_name/authorize` | Workhorse authorize the maven package file upload |
+| Packages: Read and write | `ADMIN_PACKAGES` | `PUT /projects/:id/packages/maven/*path/:file_name` | Upload the maven package file |
+| Packages: Read and write | `ADMIN_PACKAGES` | `PUT /projects/:id/packages/npm/-/package/*package_name/dist-tags/:tag` | Create or Update the given tag for the given NPM package and version |
+| Packages: Read and write | `ADMIN_PACKAGES` | `PUT /projects/:id/packages/npm/:package_name` | Create or deprecate NPM package |
+| Packages: Read | `READ_PACKAGES` | `GET /groups/:id/-/packages/maven/*path/:file_name` | Download the maven package file at a group level |
+| Packages: Read | `READ_PACKAGES` | `GET /groups/:id/-/packages/npm/*package_name` | NPM registry metadata endpoint |
+| Packages: Read | `READ_PACKAGES` | `GET /groups/:id/-/packages/npm/-/package/*package_name/dist-tags` | Get all tags for a given an NPM package |
+| Packages: Read | `READ_PACKAGES` | `GET /groups/:id/-/packages/pypi/files/:sha256/*file_identifier` | Download a package file from a group |
+| Packages: Read | `READ_PACKAGES` | `GET /packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel/digest` | Recipe Digest |
+| Packages: Read | `READ_PACKAGES` | `GET /packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel/download_urls` | Recipe Download Urls |
+| Packages: Read | `READ_PACKAGES` | `GET /packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel/packages/:conan_package_reference/digest` | Package Digest |
+| Packages: Read | `READ_PACKAGES` | `GET /packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel/packages/:conan_package_reference/download_urls` | Package Download Urls |
+| Packages: Read | `READ_PACKAGES` | `GET /packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel/packages/:conan_package_reference` | Package Snapshot |
+| Packages: Read | `READ_PACKAGES` | `GET /packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel` | Recipe Snapshot |
+| Packages: Read | `READ_PACKAGES` | `GET /packages/conan/v1/files/:package_name/:package_version/:package_username/:package_channel/:recipe_revision/export/:file_name` | Download recipe files |
+| Packages: Read | `READ_PACKAGES` | `GET /packages/conan/v1/files/:package_name/:package_version/:package_username/:package_channel/:recipe_revision/package/:conan_package_reference/:package_revision/:file_name` | Download package files |
+| Packages: Read | `READ_PACKAGES` | `GET /packages/maven/*path/:file_name` | Download the maven package file at instance level |
+| Packages: Read | `READ_PACKAGES` | `GET /packages/npm/*package_name` | NPM registry metadata endpoint |
+| Packages: Read | `READ_PACKAGES` | `GET /packages/npm/-/package/*package_name/dist-tags` | Get all tags for a given an NPM package |
+| Packages: Read | `READ_PACKAGES` | `GET /projects/:id/packages/:package_id/package_files` | List package files |
+| Packages: Read | `READ_PACKAGES` | `GET /projects/:id/packages/:package_id/pipelines` | Get the pipelines for a single project package |
+| Packages: Read | `READ_PACKAGES` | `GET /projects/:id/packages/:package_id` | Get a single project package |
+| Packages: Read | `READ_PACKAGES` | `GET /projects/:id/packages/composer/archives/*package_name` | Composer package endpoint to download a package archive |
+| Packages: Read | `READ_PACKAGES` | `GET /projects/:id/packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel/digest` | Recipe Digest |
+| Packages: Read | `READ_PACKAGES` | `GET /projects/:id/packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel/download_urls` | Recipe Download Urls |
+| Packages: Read | `READ_PACKAGES` | `GET /projects/:id/packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel/packages/:conan_package_reference/digest` | Package Digest |
+| Packages: Read | `READ_PACKAGES` | `GET /projects/:id/packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel/packages/:conan_package_reference/download_urls` | Package Download Urls |
+| Packages: Read | `READ_PACKAGES` | `GET /projects/:id/packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel/packages/:conan_package_reference` | Package Snapshot |
+| Packages: Read | `READ_PACKAGES` | `GET /projects/:id/packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel` | Recipe Snapshot |
+| Packages: Read | `READ_PACKAGES` | `GET /projects/:id/packages/conan/v1/files/:package_name/:package_version/:package_username/:package_channel/:recipe_revision/export/:file_name` | Download recipe files |
+| Packages: Read | `READ_PACKAGES` | `GET /projects/:id/packages/conan/v1/files/:package_name/:package_version/:package_username/:package_channel/:recipe_revision/package/:conan_package_reference/:package_revision/:file_name` | Download package files |
+| Packages: Read | `READ_PACKAGES` | `GET /projects/:id/packages/conan/v2/conans/:package_name/:package_version/:package_username/:package_channel/revisions/:recipe_revision/files/:file_name` | Download recipe files |
+| Packages: Read | `READ_PACKAGES` | `GET /projects/:id/packages/generic/:package_name/*package_version/(*path/):file_name` | Download package file |
+| Packages: Read | `READ_PACKAGES` | `GET /projects/:id/packages/go/*module_name/@v/:module_version.info` | Version metadata |
+| Packages: Read | `READ_PACKAGES` | `GET /projects/:id/packages/go/*module_name/@v/:module_version.mod` | Download module file |
+| Packages: Read | `READ_PACKAGES` | `GET /projects/:id/packages/go/*module_name/@v/:module_version.zip` | Download module source |
+| Packages: Read | `READ_PACKAGES` | `GET /projects/:id/packages/go/*module_name/@v/list` | List |
+| Packages: Read | `READ_PACKAGES` | `GET /projects/:id/packages/maven/*path/:file_name` | Download the maven package file at a project level |
+| Packages: Read | `READ_PACKAGES` | `GET /projects/:id/packages/npm/*package_name/-/*file_name` | Download the NPM tarball |
+| Packages: Read | `READ_PACKAGES` | `GET /projects/:id/packages/npm/*package_name` | NPM registry metadata endpoint |
+| Packages: Read | `READ_PACKAGES` | `GET /projects/:id/packages/npm/-/package/*package_name/dist-tags` | Get all tags for a given an NPM package |
+| Packages: Read | `READ_PACKAGES` | `GET /projects/:id/packages/pypi/files/:sha256/*file_identifier` | The PyPi package download endpoint |
+| Packages: Read | `READ_PACKAGES` | `GET /projects/:id/packages/pypi/simple/*package_name` | The PyPi Simple Project Package Endpoint |
+| Packages: Read | `READ_PACKAGES` | `GET /projects/:id/packages/pypi/simple` | The PyPi Simple Project Index Endpoint |
+| Packages: Read | `READ_PACKAGES` | `GET /projects/:id/packages` | Get a list of project packages |
+| Packages: Read | `READ_PACKAGES` | `POST /groups/:id/-/packages/npm/-/npm/v1/security/advisories/bulk` | NPM registry bulk advisory endpoint |
+| Packages: Read | `READ_PACKAGES` | `POST /groups/:id/-/packages/npm/-/npm/v1/security/audits/quick` | NPM registry quick audit endpoint |
+| Packages: Read | `READ_PACKAGES` | `POST /packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel/packages/:conan_package_reference/upload_urls` | Package Upload Urls |
+| Packages: Read | `READ_PACKAGES` | `POST /packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel/upload_urls` | Recipe Upload Urls |
+| Packages: Read | `READ_PACKAGES` | `POST /packages/npm/-/npm/v1/security/advisories/bulk` | NPM registry bulk advisory endpoint |
+| Packages: Read | `READ_PACKAGES` | `POST /packages/npm/-/npm/v1/security/audits/quick` | NPM registry quick audit endpoint |
+| Packages: Read | `READ_PACKAGES` | `POST /projects/:id/packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel/packages/:conan_package_reference/upload_urls` | Package Upload Urls |
+| Packages: Read | `READ_PACKAGES` | `POST /projects/:id/packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel/upload_urls` | Recipe Upload Urls |
+| Packages: Read | `READ_PACKAGES` | `POST /projects/:id/packages/npm/-/npm/v1/security/advisories/bulk` | NPM registry bulk advisory endpoint |
+| Packages: Read | `READ_PACKAGES` | `POST /projects/:id/packages/npm/-/npm/v1/security/audits/quick` | NPM registry quick audit endpoint |
+| Releases: Read and write | `ADMIN_RELEASES` | `DELETE /projects/:id/releases/:tag_name/assets/links/:link_id` | Delete a release link |
+| Releases: Read and write | `ADMIN_RELEASES` | `DELETE /projects/:id/releases/:tag_name` | Delete a release |
+| Releases: Read and write | `ADMIN_RELEASES` | `POST /projects/:id/catalog/publish` | Publish a new component project release as version to the CI/CD catalog |
+| Releases: Read and write | `ADMIN_RELEASES` | `POST /projects/:id/releases/:tag_name/assets/links` | Create a release link |
+| Releases: Read and write | `ADMIN_RELEASES` | `POST /projects/:id/releases/:tag_name/evidence` | Collect release evidence |
+| Releases: Read and write | `ADMIN_RELEASES` | `POST /projects/:id/releases` | Create a release |
+| Releases: Read and write | `ADMIN_RELEASES` | `PUT /projects/:id/releases/:tag_name/assets/links/:link_id` | Update a release link |
+| Releases: Read and write | `ADMIN_RELEASES` | `PUT /projects/:id/releases/:tag_name` | Update a release |
+| Releases: Read | `READ_RELEASES` | `GET /projects/:id/releases/:tag_name/assets/links/:link_id` | Get a release link |
+| Releases: Read | `READ_RELEASES` | `GET /projects/:id/releases/:tag_name/assets/links` | List links of a release |
+| Releases: Read | `READ_RELEASES` | `GET /projects/:id/releases/:tag_name/downloads/*direct_asset_path` | Download a project release asset file |
+| Releases: Read | `READ_RELEASES` | `GET /projects/:id/releases/:tag_name` | Get a release by a tag name |
+| Releases: Read | `READ_RELEASES` | `GET /projects/:id/releases/permalink/latest(/)(*suffix_path)` | Get the latest project release |
+| Releases: Read | `READ_RELEASES` | `GET /projects/:id/releases` | List Releases |
+| Releases: Read | `READ_RELEASES` | `GET /projects/:id/repository/changelog` | Generates a changelog section for a release and returns it |
+| Secure files: Read and write | `ADMIN_SECURE_FILES` | `DELETE /projects/:id/secure_files/:secure_file_id` | Remove a secure file |
+| Secure files: Read and write | `ADMIN_SECURE_FILES` | `POST /projects/:id/secure_files` | Create a secure file |
+| Secure files: Read | `READ_SECURE_FILES` | `GET /projects/:id/secure_files/:secure_file_id/download` | Download secure file |
+| Secure files: Read | `READ_SECURE_FILES` | `GET /projects/:id/secure_files/:secure_file_id` | Get the details of a specific secure file in a project |
+| Secure files: Read | `READ_SECURE_FILES` | `GET /projects/:id/secure_files` | Get list of secure files in a project |
+| Terraform state: Read and write | `ADMIN_TERRAFORM_STATE` | `DELETE /projects/:id/terraform/state/:name/lock` | Unlock a Terraform state of a certain name |
+| Terraform state: Read and write | `ADMIN_TERRAFORM_STATE` | `DELETE /projects/:id/terraform/state/:name/versions/:serial` | Delete a Terraform state version |
+| Terraform state: Read and write | `ADMIN_TERRAFORM_STATE` | `DELETE /projects/:id/terraform/state/:name` | Delete a Terraform state of a certain name |
+| Terraform state: Read and write | `ADMIN_TERRAFORM_STATE` | `POST /projects/:id/terraform/state/:name/lock` | Lock a Terraform state of a certain name |
+| Terraform state: Read and write | `ADMIN_TERRAFORM_STATE` | `POST /projects/:id/terraform/state/:name` | Add a new Terraform state or update an existing one |
+| Terraform state: Read | `READ_TERRAFORM_STATE` | `GET /projects/:id/terraform/state/:name/versions/:serial` | Get a Terraform state version |
+| Terraform state: Read | `READ_TERRAFORM_STATE` | `GET /projects/:id/terraform/state/:name` | Get a Terraform state by its name |
diff --git a/doc/development/internal_analytics/browser_sdk.md b/doc/development/internal_analytics/browser_sdk.md
new file mode 100644
index 00000000000..258830549a0
--- /dev/null
+++ b/doc/development/internal_analytics/browser_sdk.md
@@ -0,0 +1,280 @@
+---
+stage: Monitor
+group: Analytics Instrumentation
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Browser SDK
+
+This SDK is for instrumenting web sites and applications to send data for the GitLab [product analytics functionality](../index.md).
+
+## How to use the Browser SDK
+
+### Using the NPM package
+
+Add the NPM package to your package JSON using your preferred package manager:
+
+::Tabs
+
+:::TabTitle yarn
+
+```shell
+yarn add @gitlab/application-sdk-browser
+```
+
+:::TabTitle npm
+
+```shell
+npm i @gitlab/application-sdk-browser
+```
+
+::EndTabs
+
+Then, for browser usage import the client SDK:
+
+```javascript
+import { glClientSDK } from '@gitlab/application-sdk-browser';
+
+this.glClient = glClientSDK({ appId, host });
+```
+
+### Using the script directly
+
+Add the script to the page and assign the client SDK to `window`:
+
+```html
+
+
+```
+
+You can use a specific version of the SDK like this:
+
+```html
+
+```
+
+## Browser SDK initialization options
+
+Apart from `appId` and `host`, you can configure the Browser SDK with the following options:
+
+```typescript
+interface GitLabClientSDKOptions {
+ appId: string;
+ host: string;
+ hasCookieConsent?: boolean;
+ trackerId?: string;
+ pagePingTracking?:
+ | boolean
+ | {
+ minimumVisitLength?: number;
+ heartbeatDelay?: number;
+ };
+ plugins?: AllowedPlugins;
+}
+```
+
+| Option | Description |
+| :---------------------------- | :---------- |
+| `appId` | The ID provided by the GitLab Project Analytics setup guide. This ID ensures your data is sent to your analytics instance. |
+| `host` | The GitLab Project Analytics instance provided by the setup guide. |
+| `hasCookieConsent` | Whether to use cookies to identify unique users. Set to `false` by default. When `false`, users are considered anonymous users. No cookies or other storage mechanisms are used to identify users. |
+| `trackerId` | Used to differentiate between multiple trackers running on the same page or application, because each tracker instance can be configured differently to capture different sets of data. This identifier helps ensure that the data sent to the collector is correctly associated with the correct tracker configuration. Default value is `gitlab`. |
+| `pagePingTracking` | Option to track user engagement on your website or application by sending periodic events while a user is actively browsing a page. Page pings provide valuable insight into how users interact with your content, such as how long they spend on a page, which sections they are viewing, and whether they are scrolling. `pagePingTracking` can be boolean or an object. As a boolean, set to `true` it enables page ping with default options, and set to `false` it disables page ping tracking. As an object, it has two options: `minimumVisitLength` (the minimum time that must have elapsed before the first heartbeat) and `heartbeatDelay` (the interval at which the callback is fired). |
+| `plugins` | Specify which plugins to enable or disable. By default all plugins are enabled. |
+
+### Plugins
+
+- `Client Hints`: An alternative to tracking the User Agent, which is particularly useful in browsers that are freezing the User Agent string.
+ Enabling this plugin will automatically capture the following context:
+
+ For example,
+ [iglu:org.ietf/http_client_hints/jsonschema/1-0-0](https://github.com/snowplow/iglu-central/blob/master/schemas/org.ietf/http_client_hints/jsonschema/1-0-0)
+ has the following configuration:
+
+ ```json
+ {
+ "isMobile":false,
+ "brands":[
+ {
+ "brand":"Google Chrome",
+ "version":"89"
+ },
+ {
+ "brand":"Chromium",
+ "version":"89"
+ }
+ ]
+ }
+ ```
+
+- `Link Click Tracking`: With this plugin, the tracker adds click event listeners to all link elements. Link clicks are tracked as self-describing events. Each link-click event captures the link's `href` attribute. The event also has fields for the link's ID, classes, and target (where the linked document is opened, such as a new tab or new window).
+
+- `Performance Timing`: It collects performance-related data from a user's browser using the `Navigation Timing API`. This API provides detailed information about the various stages of loading a web page, such as domain lookup, connection time, content download, and rendering times. This plugin helps to gather insights into how well a website performs for users, identify potential performance bottlenecks, and improve the overall user experience.
+
+- `Error Tracking`: It helps to capture and track errors that occur on a website or application. By monitoring these errors, you can gain insights into potential issues with code or third-party libraries, which can help to improve the overall user experience, and maintain the quality of the website or application.
+
+By default all plugins are enabled. You can disable or enable these plugins through the `plugins` object:
+
+```typescript
+const tracker = glClientSDK({
+ ...options,
+ plugins: {
+ clientHints: true,
+ linkTracking: true,
+ performanceTiming: true,
+ errorTracking: true,
+ },
+});
+```
+
+## Methods
+
+### `identify`
+
+Used to associate a user and their attributes with the session and tracking events.
+
+```javascript
+glClient.identify(userId, userAttributes);
+```
+
+| Property | Type | Description |
+| :--------------- | :-------------------------- | :---------------------------------------------------------------------------- |
+| `userId` | `String` | The user identifier your application uses to identify individual users. |
+| `userAttributes` | `Object`/`Null`/`undefined` | The user attributes that need to be added to the session and tracking events. |
+
+### `page`
+
+Used to trigger a pageview event.
+
+```javascript
+glClient.page(eventAttributes);
+```
+
+| Property | Type | Description |
+| :---------------- | :-------------------------- | :---------------------------------------------------------------- |
+| `eventAttributes` | `Object`/`Null`/`undefined` | The event attributes that need to be added to the pageview event. |
+
+The `eventAttributes` object supports the following optional properties:
+
+| Property | Type | Description |
+|:------------------|:------------|:------------|
+| `title` | `String` | Override the default page title. |
+| `contextCallback` | `Function` | A callback that fires on the page view. |
+| `context` | `Object` | Add context (additional information) on the page view. |
+| `timestamp` | `timestamp` | Set the true timestamp or overwrite the device-sent timestamp on an event. |
+
+### `track`
+
+Used to trigger a custom event.
+
+```javascript
+glClient.track(eventName, eventAttributes);
+```
+
+| Property | Type | Description |
+| :---------------- | :-------------------------- | :--------------------------------------------------------------- |
+| `eventName` | `String` | The name of the custom event. |
+| `eventAttributes` | `Object`/`Null`/`undefined` | The event attributes that need to be added to the tracked event. |
+
+### `refreshLinkClickTracking`
+
+`enableLinkClickTracking` tracks only clicks on links that exist when the page has loaded. To track new links added to the page after it has been loaded, use `refreshLinkClickTracking`.
+
+```javascript
+glClient.refreshLinkClickTracking();
+```
+
+### `trackError`
+
+NOTE:
+`trackError` is supported on the Browser SDK, but the resulting events are not used or available.
+
+Used to capture errors. This works only when the `errorTracking` plugin is enabled. The [plugin](#plugins) is enabled by default.
+
+```javascript
+glClient.trackError(eventAttributes);
+```
+
+For example, `trackError` can be used in `try...catch` like below:
+
+```javascript
+try {
+ // Call the function that throws an error
+ throwError();
+} catch (error) {
+ glClient.trackError({
+ message: error.message, // "This is a custom error"
+ filename: error.fileName || 'unknown', // The file in which the error occurred (e.g., "index.html")
+ lineno: error.lineNumber || 0, // The line number where the error occurred (e.g., 2)
+ colno: error.columnNumber || 0, // The column number where the error occurred (e.g., 6)
+ error: error, // The Error object itself
+ });
+}
+```
+
+| Property | Type | Description |
+| :---------------- | :------- | :------------------------------------------------------------------------------------------------------------------- |
+| `eventAttributes` | `Object` | The event attributes that need to be added to the tracked event. `message` is a mandatory key in `eventAttributes`. |
+
+### `addCookieConsent`
+
+`addCookieConsent` is used to allow tracking of user identifiers via cookies. By default `hasCookieConsent` is false, and no user identifiers are passed. To enable tracking of user identifiers, call the `addCookieConsent` method. This step is not needed if you initialized the Browser SDK with `hasCookieConsent` set to true.
+
+```javascript
+glClient.addCookieConsent();
+```
+
+### `setCustomUrl`
+
+Used to set a custom URL for tracking.
+
+```javascript
+glClient.setCustomUrl(url);
+```
+
+| Property | Type | Description |
+| :------- | :------- | :------------------------------------------------ |
+| `url` | `String` | The custom URL that you want to set for tracking. |
+
+### `setReferrerUrl`
+
+Used to set a referrer URL for tracking.
+
+```javascript
+glClient.setReferrerUrl(url);
+```
+
+| Property | Type | Description |
+| :------- | :------- | :-------------------------------------------------- |
+| `url` | `String` | The referrer URL that you want to set for tracking. |
+
+### `setDocumentTitle`
+
+Used to override the document title.
+
+```javascript
+glClient.setDocumentTitle(title);
+```
+
+| Property | Type | Description |
+| :------- | :------- | :--------------------------------- |
+| `title` | `String` | The document title you want to set. |
+
+## Contribute
+
+If you would like to contribute to Browser SDK, follow the [contributing guide](https://gitlab.com/gitlab-org/analytics-section/product-analytics/gl-application-sdk-js/-/blob/main/docs/Contributing.md).
+
+## Troubleshooting
+
+If the Browser SDK is not sending events, or behaving in an unexpected way, take the following actions:
+
+1. Verify that the `appId` and host values in the options object are correct.
+1. Check if any browser privacy settings, extensions, or ad blockers are interfering with the Browser SDK.
+
+For more information and assistance, see the [Snowplow documentation](https://docs.snowplow.io/docs/collecting-data/collecting-from-own-applications/javascript-trackers/web-tracker/)
+or contact the [Analytics Instrumentation team](https://handbook.gitlab.com/handbook/engineering/development/analytics/analytics-instrumentation/#team-members).
diff --git a/doc/operations/product_analytics/instrumentation/browser_sdk.md b/doc/operations/product_analytics/instrumentation/browser_sdk.md
index 258830549a0..ad0196937bf 100644
--- a/doc/operations/product_analytics/instrumentation/browser_sdk.md
+++ b/doc/operations/product_analytics/instrumentation/browser_sdk.md
@@ -1,280 +1,13 @@
---
-stage: Monitor
-group: Analytics Instrumentation
-info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+redirect_to: '../../../development/internal_analytics/browser_sdk.md'
+remove_date: '2025-04-17'
---
-# Browser SDK
+
-This SDK is for instrumenting web sites and applications to send data for the GitLab [product analytics functionality](../index.md).
+This document was moved to [another location](../../../development/internal_analytics/browser_sdk.md).
-## How to use the Browser SDK
-
-### Using the NPM package
-
-Add the NPM package to your package JSON using your preferred package manager:
-
-::Tabs
-
-:::TabTitle yarn
-
-```shell
-yarn add @gitlab/application-sdk-browser
-```
-
-:::TabTitle npm
-
-```shell
-npm i @gitlab/application-sdk-browser
-```
-
-::EndTabs
-
-Then, for browser usage import the client SDK:
-
-```javascript
-import { glClientSDK } from '@gitlab/application-sdk-browser';
-
-this.glClient = glClientSDK({ appId, host });
-```
-
-### Using the script directly
-
-Add the script to the page and assign the client SDK to `window`:
-
-```html
-
-
-```
-
-You can use a specific version of the SDK like this:
-
-```html
-
-```
-
-## Browser SDK initialization options
-
-Apart from `appId` and `host`, you can configure the Browser SDK with the following options:
-
-```typescript
-interface GitLabClientSDKOptions {
- appId: string;
- host: string;
- hasCookieConsent?: boolean;
- trackerId?: string;
- pagePingTracking?:
- | boolean
- | {
- minimumVisitLength?: number;
- heartbeatDelay?: number;
- };
- plugins?: AllowedPlugins;
-}
-```
-
-| Option | Description |
-| :---------------------------- | :---------- |
-| `appId` | The ID provided by the GitLab Project Analytics setup guide. This ID ensures your data is sent to your analytics instance. |
-| `host` | The GitLab Project Analytics instance provided by the setup guide. |
-| `hasCookieConsent` | Whether to use cookies to identify unique users. Set to `false` by default. When `false`, users are considered anonymous users. No cookies or other storage mechanisms are used to identify users. |
-| `trackerId` | Used to differentiate between multiple trackers running on the same page or application, because each tracker instance can be configured differently to capture different sets of data. This identifier helps ensure that the data sent to the collector is correctly associated with the correct tracker configuration. Default value is `gitlab`. |
-| `pagePingTracking` | Option to track user engagement on your website or application by sending periodic events while a user is actively browsing a page. Page pings provide valuable insight into how users interact with your content, such as how long they spend on a page, which sections they are viewing, and whether they are scrolling. `pagePingTracking` can be boolean or an object. As a boolean, set to `true` it enables page ping with default options, and set to `false` it disables page ping tracking. As an object, it has two options: `minimumVisitLength` (the minimum time that must have elapsed before the first heartbeat) and `heartbeatDelay` (the interval at which the callback is fired). |
-| `plugins` | Specify which plugins to enable or disable. By default all plugins are enabled. |
-
-### Plugins
-
-- `Client Hints`: An alternative to tracking the User Agent, which is particularly useful in browsers that are freezing the User Agent string.
- Enabling this plugin will automatically capture the following context:
-
- For example,
- [iglu:org.ietf/http_client_hints/jsonschema/1-0-0](https://github.com/snowplow/iglu-central/blob/master/schemas/org.ietf/http_client_hints/jsonschema/1-0-0)
- has the following configuration:
-
- ```json
- {
- "isMobile":false,
- "brands":[
- {
- "brand":"Google Chrome",
- "version":"89"
- },
- {
- "brand":"Chromium",
- "version":"89"
- }
- ]
- }
- ```
-
-- `Link Click Tracking`: With this plugin, the tracker adds click event listeners to all link elements. Link clicks are tracked as self-describing events. Each link-click event captures the link's `href` attribute. The event also has fields for the link's ID, classes, and target (where the linked document is opened, such as a new tab or new window).
-
-- `Performance Timing`: It collects performance-related data from a user's browser using the `Navigation Timing API`. This API provides detailed information about the various stages of loading a web page, such as domain lookup, connection time, content download, and rendering times. This plugin helps to gather insights into how well a website performs for users, identify potential performance bottlenecks, and improve the overall user experience.
-
-- `Error Tracking`: It helps to capture and track errors that occur on a website or application. By monitoring these errors, you can gain insights into potential issues with code or third-party libraries, which can help to improve the overall user experience, and maintain the quality of the website or application.
-
-By default all plugins are enabled. You can disable or enable these plugins through the `plugins` object:
-
-```typescript
-const tracker = glClientSDK({
- ...options,
- plugins: {
- clientHints: true,
- linkTracking: true,
- performanceTiming: true,
- errorTracking: true,
- },
-});
-```
-
-## Methods
-
-### `identify`
-
-Used to associate a user and their attributes with the session and tracking events.
-
-```javascript
-glClient.identify(userId, userAttributes);
-```
-
-| Property | Type | Description |
-| :--------------- | :-------------------------- | :---------------------------------------------------------------------------- |
-| `userId` | `String` | The user identifier your application uses to identify individual users. |
-| `userAttributes` | `Object`/`Null`/`undefined` | The user attributes that need to be added to the session and tracking events. |
-
-### `page`
-
-Used to trigger a pageview event.
-
-```javascript
-glClient.page(eventAttributes);
-```
-
-| Property | Type | Description |
-| :---------------- | :-------------------------- | :---------------------------------------------------------------- |
-| `eventAttributes` | `Object`/`Null`/`undefined` | The event attributes that need to be added to the pageview event. |
-
-The `eventAttributes` object supports the following optional properties:
-
-| Property | Type | Description |
-|:------------------|:------------|:------------|
-| `title` | `String` | Override the default page title. |
-| `contextCallback` | `Function` | A callback that fires on the page view. |
-| `context` | `Object` | Add context (additional information) on the page view. |
-| `timestamp` | `timestamp` | Set the true timestamp or overwrite the device-sent timestamp on an event. |
-
-### `track`
-
-Used to trigger a custom event.
-
-```javascript
-glClient.track(eventName, eventAttributes);
-```
-
-| Property | Type | Description |
-| :---------------- | :-------------------------- | :--------------------------------------------------------------- |
-| `eventName` | `String` | The name of the custom event. |
-| `eventAttributes` | `Object`/`Null`/`undefined` | The event attributes that need to be added to the tracked event. |
-
-### `refreshLinkClickTracking`
-
-`enableLinkClickTracking` tracks only clicks on links that exist when the page has loaded. To track new links added to the page after it has been loaded, use `refreshLinkClickTracking`.
-
-```javascript
-glClient.refreshLinkClickTracking();
-```
-
-### `trackError`
-
-NOTE:
-`trackError` is supported on the Browser SDK, but the resulting events are not used or available.
-
-Used to capture errors. This works only when the `errorTracking` plugin is enabled. The [plugin](#plugins) is enabled by default.
-
-```javascript
-glClient.trackError(eventAttributes);
-```
-
-For example, `trackError` can be used in `try...catch` like below:
-
-```javascript
-try {
- // Call the function that throws an error
- throwError();
-} catch (error) {
- glClient.trackError({
- message: error.message, // "This is a custom error"
- filename: error.fileName || 'unknown', // The file in which the error occurred (e.g., "index.html")
- lineno: error.lineNumber || 0, // The line number where the error occurred (e.g., 2)
- colno: error.columnNumber || 0, // The column number where the error occurred (e.g., 6)
- error: error, // The Error object itself
- });
-}
-```
-
-| Property | Type | Description |
-| :---------------- | :------- | :------------------------------------------------------------------------------------------------------------------- |
-| `eventAttributes` | `Object` | The event attributes that need to be added to the tracked event. `message` is a mandatory key in `eventAttributes`. |
-
-### `addCookieConsent`
-
-`addCookieConsent` is used to allow tracking of user identifiers via cookies. By default `hasCookieConsent` is false, and no user identifiers are passed. To enable tracking of user identifiers, call the `addCookieConsent` method. This step is not needed if you initialized the Browser SDK with `hasCookieConsent` set to true.
-
-```javascript
-glClient.addCookieConsent();
-```
-
-### `setCustomUrl`
-
-Used to set a custom URL for tracking.
-
-```javascript
-glClient.setCustomUrl(url);
-```
-
-| Property | Type | Description |
-| :------- | :------- | :------------------------------------------------ |
-| `url` | `String` | The custom URL that you want to set for tracking. |
-
-### `setReferrerUrl`
-
-Used to set a referrer URL for tracking.
-
-```javascript
-glClient.setReferrerUrl(url);
-```
-
-| Property | Type | Description |
-| :------- | :------- | :-------------------------------------------------- |
-| `url` | `String` | The referrer URL that you want to set for tracking. |
-
-### `setDocumentTitle`
-
-Used to override the document title.
-
-```javascript
-glClient.setDocumentTitle(title);
-```
-
-| Property | Type | Description |
-| :------- | :------- | :--------------------------------- |
-| `title` | `String` | The document title you want to set. |
-
-## Contribute
-
-If you would like to contribute to Browser SDK, follow the [contributing guide](https://gitlab.com/gitlab-org/analytics-section/product-analytics/gl-application-sdk-js/-/blob/main/docs/Contributing.md).
-
-## Troubleshooting
-
-If the Browser SDK is not sending events, or behaving in an unexpected way, take the following actions:
-
-1. Verify that the `appId` and host values in the options object are correct.
-1. Check if any browser privacy settings, extensions, or ad blockers are interfering with the Browser SDK.
-
-For more information and assistance, see the [Snowplow documentation](https://docs.snowplow.io/docs/collecting-data/collecting-from-own-applications/javascript-trackers/web-tracker/)
-or contact the [Analytics Instrumentation team](https://handbook.gitlab.com/handbook/engineering/development/analytics/analytics-instrumentation/#team-members).
+
+
+
+
diff --git a/doc/operations/product_analytics/instrumentation/index.md b/doc/operations/product_analytics/instrumentation/index.md
index 6070eec862a..65e21804257 100644
--- a/doc/operations/product_analytics/instrumentation/index.md
+++ b/doc/operations/product_analytics/instrumentation/index.md
@@ -1,18 +1,13 @@
---
-stage: Monitor
-group: Analytics Instrumentation
-info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+redirect_to: '../../../development/internal_analytics/index.md'
+remove_date: '2025-04-17'
---
-# Instrumentation
+
-To instrument an application to send events to GitLab product analytics you can use one of the following language and platform specific tracking SDKs:
+This document was moved to [another location](../../../development/internal_analytics/index.md).
-- [Browser SDK](browser_sdk.md)
-- [Ruby SDK](https://gitlab.com/gitlab-org/analytics-section/product-analytics/gl-application-sdk-rb)
-- [Python SDK](https://gitlab.com/gitlab-org/analytics-section/product-analytics/gl-application-sdk-python)
-- [Node SDK](https://gitlab.com/gitlab-org/analytics-section/product-analytics/gl-application-sdk-node)
-- [.NET SDK](https://gitlab.com/gitlab-org/analytics-section/product-analytics/gl-application-sdk-dotnet)
-- [Snowplow SDK](https://docs.snowplow.io/docs/collecting-data/collecting-from-own-applications/) is compatible, but not supported by GitLab.
-
-If you are interested in other SDKs to be supported, please comment in [issue 391970](https://gitlab.com/gitlab-org/gitlab/-/issues/391970).
+
+
+
+
diff --git a/doc/tutorials/product_analytics_onboarding_website_project/index.md b/doc/tutorials/product_analytics_onboarding_website_project/index.md
index 7a4ff92cac4..b9c013684d3 100644
--- a/doc/tutorials/product_analytics_onboarding_website_project/index.md
+++ b/doc/tutorials/product_analytics_onboarding_website_project/index.md
@@ -74,7 +74,7 @@ Your project is now onboarded and ready for your application to start sending ev
To collect and send usage events to GitLab, you must include a code snippet in your website.
You can choose from several platform and technology-specific tracking SDKs to integrate with your application.
-For this example website, we use the [Browser SDK](../../operations/product_analytics/instrumentation/browser_sdk.md).
+For this example website, we use the [Browser SDK](../../development/internal_analytics/browser_sdk.md).
To instrument your new website:
diff --git a/doc/user/compliance/audit_event_types.md b/doc/user/compliance/audit_event_types.md
index 4feaf5ffe54..b33cf8caa24 100644
--- a/doc/user/compliance/audit_event_types.md
+++ b/doc/user/compliance/audit_event_types.md
@@ -148,6 +148,7 @@ Audit event types belong to the following product categories.
| [`create_compliance_framework`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/74292) | A compliance framework is successfully created | **{check-circle}** Yes | GitLab [14.6](https://gitlab.com/gitlab-org/gitlab/-/issues/340649) | Group |
| [`create_status_check`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/84624) | An external status check is created | **{check-circle}** Yes | GitLab [15.9](https://gitlab.com/gitlab-org/gitlab/-/issues/355805) | Project |
| [`created_compliance_requirement`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/169485) | A requirement is added to a compliance framework | **{check-circle}** Yes | GitLab [17.6](https://gitlab.com/gitlab-org/gitlab/-/issues/470695) | Group |
+| [`created_compliance_requirement_control`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177557) | A control is added to a compliance requirement. | **{check-circle}** Yes | GitLab [17.9](https://gitlab.com/gitlab-org/gitlab/-/issues/512381) | Group |
| [`delete_status_check`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/84624) | An external status check is deleted | **{check-circle}** Yes | GitLab [15.9](https://gitlab.com/gitlab-org/gitlab/-/issues/355805) | Project |
| [`destroy_compliance_framework`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/74292) | A compliance framework is successfully deleted | **{check-circle}** Yes | GitLab [14.6](https://gitlab.com/gitlab-org/gitlab/-/issues/340649) | Group |
| [`destroyed_compliance_requirement`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/170380) | A compliance framework requirement is destroyed | **{check-circle}** Yes | GitLab [17.7](https://gitlab.com/gitlab-org/gitlab/-/issues/470695) | Group |
diff --git a/lefthook.yml b/lefthook.yml
index e1e957fc087..e948f9d71f2 100644
--- a/lefthook.yml
+++ b/lefthook.yml
@@ -122,6 +122,11 @@ pre-push:
files: git diff --name-only --diff-filter=d $(git merge-base origin/master HEAD)..HEAD
glob: '{ee/config/custom_abilities/*yml,doc/user/custom_roles/abilities.md,tooling/custom_roles/docs/templates/custom_abilities.md.erb}'
run: bundle exec rake gitlab:custom_roles:check_docs
+ verify_job_token_policies:
+ tags: backend
+ files: git diff --name-only $(git merge-base origin/master HEAD)..HEAD
+ glob: '{{,ee/}lib/api/*.rb,app/validators/json_schemas/ci_job_token_policies.json,doc/ci/jobs/granular_permissions.md,tooling/ci/job_tokens/docs/templates/granular_permissions.md.erb}'
+ run: bundle exec rake ci:job_tokens:check_policies
rubocop:
tags: backend style
files: git diff --name-only --diff-filter=d $(git merge-base origin/master HEAD)..HEAD
diff --git a/lib/api/ci/catalog.rb b/lib/api/ci/catalog.rb
index abdcab90ada..2acca534d77 100644
--- a/lib/api/ci/catalog.rb
+++ b/lib/api/ci/catalog.rb
@@ -25,6 +25,7 @@ module API
requires :metadata, type: Hash, desc: 'The metadata for the release'
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :admin_releases
# Note: This endpoint should only be used by `release-cli` and should be authenticated with a job token.
# For this reason, we should not document the endpoint in the API docs.
post ':id/catalog/publish' do
diff --git a/lib/api/ci/job_artifacts.rb b/lib/api/ci/job_artifacts.rb
index 71ebdb9da9c..e64e8c348f6 100644
--- a/lib/api/ci/job_artifacts.rb
+++ b/lib/api/ci/job_artifacts.rb
@@ -39,6 +39,7 @@ module API
'available only on Premium and Ultimate tiers.'
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :read_jobs
get ':id/jobs/artifacts/:ref_name/download',
urgency: :low,
requirements: { ref_name: /.+/ } do
@@ -69,6 +70,7 @@ module API
'available only on Premium and Ultimate tiers.'
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :read_jobs
get ':id/jobs/artifacts/:ref_name/raw/*artifact_path',
urgency: :low,
format: false,
@@ -101,6 +103,7 @@ module API
'available only on Premium and Ultimate tiers.'
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :read_jobs
get ':id/jobs/:job_id/artifacts', urgency: :low do
authorize_download_artifacts!
@@ -127,6 +130,7 @@ module API
'available only on Premium and Ultimate tiers.'
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :read_jobs
get ':id/jobs/:job_id/artifacts/*artifact_path', urgency: :low, format: false do
authorize_download_artifacts!
diff --git a/lib/api/ci/jobs.rb b/lib/api/ci/jobs.rb
index 88b1d1b6bfb..94ee4020e5e 100644
--- a/lib/api/ci/jobs.rb
+++ b/lib/api/ci/jobs.rb
@@ -240,6 +240,7 @@ module API
]
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, skip_job_token_policies: true
get '', feature_category: :continuous_integration, urgency: :low do
validate_current_authenticated_job
@@ -256,6 +257,7 @@ module API
]
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, skip_job_token_policies: true
get '/allowed_agents', urgency: :default, feature_category: :deployment_management do
validate_current_authenticated_job
diff --git a/lib/api/ci/pipelines.rb b/lib/api/ci/pipelines.rb
index 267798dd80d..d46f0f7f640 100644
--- a/lib/api/ci/pipelines.rb
+++ b/lib/api/ci/pipelines.rb
@@ -287,6 +287,7 @@ module API
requires :name, type: String, desc: 'The name of the pipeline', documentation: { example: 'Deployment to production' }
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :admin_jobs
put ':id/pipelines/:pipeline_id/metadata', urgency: :low, feature_category: :continuous_integration do
authorize! :update_pipeline, pipeline
diff --git a/lib/api/ci/runner.rb b/lib/api/ci/runner.rb
index 43c03fd01aa..de71077ad11 100644
--- a/lib/api/ci/runner.rb
+++ b/lib/api/ci/runner.rb
@@ -395,8 +395,10 @@ module API
optional :direct_download, default: false, type: Boolean, desc: 'Perform direct download from remote storage instead of proxying artifacts'
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :read_jobs
get '/:id/artifacts', feature_category: :job_artifacts do
authenticate_job_via_dependent_job!
+ authorize_job_token_policies!(current_job.project)
audit_download(current_job, current_job.artifacts_file&.filename) if current_job.artifacts_file
present_artifacts_file!(current_job.artifacts_file, supports_direct_download: params[:direct_download])
diff --git a/lib/api/ci/secure_files.rb b/lib/api/ci/secure_files.rb
index a5f4a604dc8..eca1e282b74 100644
--- a/lib/api/ci/secure_files.rb
+++ b/lib/api/ci/secure_files.rb
@@ -29,6 +29,7 @@ module API
use :pagination
end
route_setting :authentication, basic_auth_personal_access_token: true, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :read_secure_files
get ':id/secure_files' do
secure_files = user_project.secure_files.order_by_created_at
present paginate(secure_files), with: Entities::Ci::SecureFile
@@ -44,6 +45,7 @@ module API
end
route_setting :authentication, basic_auth_personal_access_token: true, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :read_secure_files
get ':id/secure_files/:secure_file_id' do
secure_file = user_project.secure_files.find(params[:secure_file_id])
present secure_file, with: Entities::Ci::SecureFile
@@ -54,6 +56,7 @@ module API
tags %w[secure_files]
end
route_setting :authentication, basic_auth_personal_access_token: true, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :read_secure_files
get ':id/secure_files/:secure_file_id/download' do
secure_file = user_project.secure_files.find(params[:secure_file_id])
@@ -79,6 +82,7 @@ module API
requires :file, types: [Rack::Multipart::UploadedFile, ::API::Validations::Types::WorkhorseFile], desc: 'The secure file being uploaded', documentation: { type: 'file' }
end
route_setting :authentication, basic_auth_personal_access_token: true, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :admin_secure_files
post ':id/secure_files' do
secure_file = user_project.secure_files.new(
name: Gitlab::PathTraversal.check_path_traversal!(params[:name])
@@ -101,6 +105,7 @@ module API
failure [{ code: 404, message: '404 Not found' }]
end
route_setting :authentication, basic_auth_personal_access_token: true, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :admin_secure_files
delete ':id/secure_files/:secure_file_id' do
secure_file = user_project.secure_files.find(params[:secure_file_id])
diff --git a/lib/api/composer_packages.rb b/lib/api/composer_packages.rb
index 4a3be01e3d8..736a27ae8ff 100644
--- a/lib/api/composer_packages.rb
+++ b/lib/api/composer_packages.rb
@@ -79,6 +79,7 @@ module API
tags %w[composer_packages]
end
route_setting :authentication, job_token_allowed: :basic_auth, basic_auth_personal_access_token: true, deploy_token_allowed: true
+ route_setting :authorization, skip_job_token_policies: true
get ':id/-/packages/composer/packages', urgency: :low do
presenter.root
end
@@ -96,6 +97,7 @@ module API
requires :sha, type: String, desc: 'Shasum of current json', documentation: { example: '673594f85a55fe3c0eb45df7bd2fa9d95a1601ab' }
end
route_setting :authentication, job_token_allowed: :basic_auth, basic_auth_personal_access_token: true, deploy_token_allowed: true
+ route_setting :authorization, skip_job_token_policies: true
get ':id/-/packages/composer/p/:sha', urgency: :low do
presenter.provider
end
@@ -113,6 +115,7 @@ module API
requires :package_name, type: String, file_path: true, desc: 'The Composer package name', documentation: { example: 'my-composer-package' }
end
route_setting :authentication, job_token_allowed: :basic_auth, basic_auth_personal_access_token: true, deploy_token_allowed: true
+ route_setting :authorization, skip_job_token_policies: true
get ':id/-/packages/composer/p2/*package_name', requirements: COMPOSER_ENDPOINT_REQUIREMENTS, file_path: true, urgency: :low do
not_found! if packages.empty?
@@ -132,6 +135,7 @@ module API
requires :package_name, type: String, file_path: true, desc: 'The Composer package name', documentation: { example: 'my-composer-package' }
end
route_setting :authentication, job_token_allowed: :basic_auth, basic_auth_personal_access_token: true, deploy_token_allowed: true
+ route_setting :authorization, skip_job_token_policies: true
get ':id/-/packages/composer/*package_name', requirements: COMPOSER_ENDPOINT_REQUIREMENTS, file_path: true, urgency: :low do
not_found! if packages.empty?
not_found! if params[:sha].blank?
@@ -147,6 +151,7 @@ module API
resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
namespace ':id/packages/composer' do
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true, deploy_token_allowed: true
+ route_setting :authorization, job_token_policies: :admin_packages
desc 'Composer packages endpoint for registering packages' do
detail 'This feature was introduced in GitLab 13.1'
@@ -199,8 +204,10 @@ module API
requires :package_name, type: String, file_path: true, desc: 'The Composer package name', documentation: { example: 'my-composer-package' }
end
route_setting :authentication, job_token_allowed: :basic_auth, basic_auth_personal_access_token: true, deploy_token_allowed: true
+ route_setting :authorization, job_token_policies: :read_packages
get 'archives/*package_name', urgency: :default do
project = authorized_user_project(action: :read_package)
+ authorize_job_token_policies!(project)
package = ::Packages::Composer::Package
.for_projects(project)
diff --git a/lib/api/conan/v2/project_packages.rb b/lib/api/conan/v2/project_packages.rb
index d69e7f75257..ca4d5e02587 100644
--- a/lib/api/conan/v2/project_packages.rb
+++ b/lib/api/conan/v2/project_packages.rb
@@ -58,8 +58,11 @@ module API
end
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+ route_setting :authorization, job_token_policies: :read_packages
get 'revisions/:recipe_revision/files/:file_name', requirements: FILE_NAME_REQUIREMENTS do
+ authorize_job_token_policies!(project)
+
render_api_error!('Not supported', :not_found)
end
end
diff --git a/lib/api/concerns/packages/conan/shared_endpoints.rb b/lib/api/concerns/packages/conan/shared_endpoints.rb
index 0f7c52f93ab..2b8f9413189 100644
--- a/lib/api/concerns/packages/conan/shared_endpoints.rb
+++ b/lib/api/concerns/packages/conan/shared_endpoints.rb
@@ -67,6 +67,7 @@ module API
end
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+ route_setting :authorization, skip_job_token_policies: true
get 'check_credentials', urgency: :default do
:ok
@@ -87,6 +88,7 @@ module API
end
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+ route_setting :authorization, skip_job_token_policies: true
get 'conans/search', urgency: :low do
service = ::Packages::Conan::SearchService.new(search_project, current_user, query: params[:q]).execute
diff --git a/lib/api/concerns/packages/conan/v1_endpoints.rb b/lib/api/concerns/packages/conan/v1_endpoints.rb
index 555b0646524..cae70eb2de9 100644
--- a/lib/api/concerns/packages/conan/v1_endpoints.rb
+++ b/lib/api/concerns/packages/conan/v1_endpoints.rb
@@ -38,6 +38,7 @@ module API
end
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+ route_setting :authorization, skip_job_token_policies: true
get 'ping', urgency: :default do
header 'X-Conan-Server-Capabilities', x_conan_server_capabilities_header.join(',')
@@ -62,6 +63,7 @@ module API
end
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+ route_setting :authorization, skip_job_token_policies: true
get 'authenticate', urgency: :low do
unauthorized! unless token
@@ -108,6 +110,7 @@ module API
end
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+ route_setting :authorization, job_token_policies: :read_packages
get 'packages/:conan_package_reference', urgency: :low do
authorize_read_package!(project)
@@ -134,6 +137,7 @@ module API
end
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+ route_setting :authorization, job_token_policies: :read_packages
get urgency: :low do
authorize_read_package!(project)
@@ -164,6 +168,7 @@ module API
end
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+ route_setting :authorization, job_token_policies: :read_packages
get 'packages/:conan_package_reference/digest', urgency: :low do
present_package_download_urls
@@ -181,6 +186,7 @@ module API
end
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+ route_setting :authorization, job_token_policies: :read_packages
get 'digest', urgency: :low do
present_recipe_download_urls
@@ -209,6 +215,7 @@ module API
end
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+ route_setting :authorization, job_token_policies: :read_packages
get 'packages/:conan_package_reference/download_urls', urgency: :low do
present_package_download_urls
@@ -226,6 +233,7 @@ module API
end
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+ route_setting :authorization, job_token_policies: :read_packages
get 'download_urls', urgency: :low do
present_recipe_download_urls
@@ -255,6 +263,7 @@ module API
end
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+ route_setting :authorization, job_token_policies: :read_packages
post 'packages/:conan_package_reference/upload_urls', urgency: :low do
authorize_read_package!(project)
@@ -275,6 +284,7 @@ module API
end
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+ route_setting :authorization, job_token_policies: :read_packages
post 'upload_urls', urgency: :low do
authorize_read_package!(project)
@@ -295,6 +305,7 @@ module API
end
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+ route_setting :authorization, job_token_policies: :admin_packages
delete urgency: :low do
authorize!(:destroy_package, project)
@@ -347,6 +358,7 @@ module API
end
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+ route_setting :authorization, job_token_policies: :read_packages
get urgency: :low do
download_package_file(:recipe_file)
@@ -371,6 +383,7 @@ module API
end
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+ route_setting :authorization, job_token_policies: :admin_packages
put urgency: :low do
upload_package_file(:recipe_file)
@@ -389,6 +402,7 @@ module API
end
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+ route_setting :authorization, job_token_policies: :admin_packages
put 'authorize', urgency: :low do
authorize_workhorse!(subject: project, maximum_size: project.actual_limits.conan_max_file_size)
@@ -416,6 +430,7 @@ module API
end
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+ route_setting :authorization, job_token_policies: :read_packages
get urgency: :low do
download_package_file(:package_file)
@@ -434,6 +449,7 @@ module API
end
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+ route_setting :authorization, job_token_policies: :admin_packages
put 'authorize', urgency: :low do
authorize_workhorse!(subject: project, maximum_size: project.actual_limits.conan_max_file_size)
@@ -458,6 +474,7 @@ module API
end
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+ route_setting :authorization, job_token_policies: :admin_packages
put urgency: :low do
upload_package_file(:package_file)
diff --git a/lib/api/concerns/packages/npm_endpoints.rb b/lib/api/concerns/packages/npm_endpoints.rb
index c267419ad3c..15053871925 100644
--- a/lib/api/concerns/packages/npm_endpoints.rb
+++ b/lib/api/concerns/packages/npm_endpoints.rb
@@ -79,6 +79,7 @@ module API
end
route_setting :authentication, job_token_allowed: true, deploy_token_allowed: true,
authenticate_non_public: true
+ route_setting :authorization, job_token_policies: :read_packages
get 'dist-tags', format: false, requirements: ::API::Helpers::Packages::Npm::NPM_ENDPOINT_REQUIREMENTS do
package_name = params[:package_name]
@@ -113,6 +114,7 @@ module API
tags %w[npm_packages]
end
route_setting :authentication, job_token_allowed: true, deploy_token_allowed: true
+ route_setting :authorization, job_token_policies: :admin_packages
put format: false do
package_name = params[:package_name]
version = env['api.request.body']
@@ -150,6 +152,7 @@ module API
tags %w[npm_packages]
end
route_setting :authentication, job_token_allowed: true, deploy_token_allowed: true
+ route_setting :authorization, job_token_policies: :admin_packages
delete format: false do
package_name = params[:package_name]
tag = params[:tag]
@@ -191,6 +194,7 @@ module API
tags %w[npm_packages]
end
route_setting :authentication, job_token_allowed: true, deploy_token_allowed: true
+ route_setting :authorization, job_token_policies: :read_packages
post '-/npm/v1/security/advisories/bulk' do
redirect_or_present_audit_report
end
@@ -210,6 +214,7 @@ module API
tags %w[npm_packages]
end
route_setting :authentication, job_token_allowed: true, deploy_token_allowed: true
+ route_setting :authorization, job_token_policies: :read_packages
post '-/npm/v1/security/audits/quick' do
redirect_or_present_audit_report
end
diff --git a/lib/api/concerns/packages/npm_namespace_endpoints.rb b/lib/api/concerns/packages/npm_namespace_endpoints.rb
index 53e85ed0f01..f3224702a3c 100644
--- a/lib/api/concerns/packages/npm_namespace_endpoints.rb
+++ b/lib/api/concerns/packages/npm_namespace_endpoints.rb
@@ -59,6 +59,7 @@ module API
end
route_setting :authentication, job_token_allowed: true, deploy_token_allowed: true,
authenticate_non_public: true
+ route_setting :authorization, job_token_policies: :read_packages
get '*package_name', format: false, requirements: ::API::Helpers::Packages::Npm::NPM_ENDPOINT_REQUIREMENTS do
package_name = declared_params[:package_name]
packages =
@@ -79,6 +80,8 @@ module API
target: project_or_nil,
package_name: package_name
) do
+ authorize_job_token_policies!(project_or_nil) if project_or_nil
+
if Feature.enabled?(:npm_allow_packages_in_multiple_projects, group_or_namespace)
available_packages_to_user = ::Packages::Npm::PackagesForUserFinder.new(
current_user,
diff --git a/lib/api/deployments.rb b/lib/api/deployments.rb
index d36120e2bc1..614cd55ca30 100644
--- a/lib/api/deployments.rb
+++ b/lib/api/deployments.rb
@@ -69,6 +69,7 @@ module API
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :read_deployments
get ':id/deployments' do
authorize! :read_deployment, user_project
@@ -94,6 +95,7 @@ module API
requires :deployment_id, type: Integer, desc: 'The ID of the deployment'
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :read_deployments
get ':id/deployments/:deployment_id' do
authorize! :read_deployment, user_project
@@ -182,6 +184,7 @@ module API
values: %w[running success failed canceled]
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :admin_deployments
put ':id/deployments/:deployment_id' do
authorize!(:read_deployment, user_project)
@@ -215,6 +218,7 @@ module API
requires :deployment_id, type: Integer, desc: 'The ID of the deployment'
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :admin_deployments
delete ':id/deployments/:deployment_id' do
deployment = user_project.deployments.find(params[:deployment_id])
@@ -249,6 +253,7 @@ module API
use :merge_requests_base_params
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :read_deployments
get ':id/deployments/:deployment_id/merge_requests' do
authorize! :read_deployment, user_project
diff --git a/lib/api/environments.rb b/lib/api/environments.rb
index 4e1d0917061..95e27867a37 100644
--- a/lib/api/environments.rb
+++ b/lib/api/environments.rb
@@ -74,6 +74,7 @@ module API
optional :auto_stop_setting, type: String, default: "always", values: Environment.auto_stop_settings.keys, desc: 'The auto stop setting for the environment. Allowed values are `always` and `with_action`'
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :admin_environments
post ':id/environments' do
authorize! :create_environment, user_project
@@ -116,6 +117,7 @@ module API
optional :auto_stop_setting, type: String, values: Environment.auto_stop_settings.keys, desc: 'The auto stop setting for the environment. Allowed values are `always` and `with_action`'
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :admin_environments
put ':id/environments/:environment_id' do
authorize! :update_environment, user_project
@@ -155,6 +157,7 @@ module API
optional :dry_run, type: Boolean, desc: "Defaults to true for safety reasons. It performs a dry run where no actual deletion will be performed. Set to false to actually delete the environment", default: true
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :admin_environments
delete ":id/environments/review_apps" do
authorize! :read_environment, user_project
@@ -186,6 +189,7 @@ module API
requires :environment_id, type: Integer, desc: 'The ID of the environment'
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :admin_environments
delete ':id/environments/:environment_id' do
authorize! :read_environment, user_project
@@ -209,6 +213,7 @@ module API
optional :force, type: Boolean, default: false, desc: 'Force environment to stop without executing `on_stop` actions'
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :admin_environments
post ':id/environments/:environment_id/stop' do
authorize! :read_environment, user_project
@@ -234,6 +239,7 @@ module API
desc: 'Stop all environments that were last modified or deployed to before this date.'
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :admin_environments
post ':id/environments/stop_stale' do
authorize! :stop_environment, user_project
@@ -262,6 +268,7 @@ module API
requires :environment_id, type: Integer, desc: 'The ID of the environment'
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :read_environments
get ':id/environments/:environment_id' do
authorize! :read_environment, user_project
diff --git a/lib/api/generic_packages.rb b/lib/api/generic_packages.rb
index e41e062c38c..9404e5e1397 100644
--- a/lib/api/generic_packages.rb
+++ b/lib/api/generic_packages.rb
@@ -38,6 +38,7 @@ module API
end
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true, deploy_token_allowed: true
+ route_setting :authorization, job_token_policies: :admin_packages
params do
requires :package_name, type: String, desc: 'Package name', regexp: Gitlab::Regex.generic_package_name_regex, file_path: true
@@ -47,6 +48,7 @@ module API
end
put 'authorize' do
+ authorize_job_token_policies!(authorized_user_project)
authorize_workhorse!(**authorize_workhorse_params)
end
@@ -76,11 +78,13 @@ module API
end
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true, deploy_token_allowed: true
+ route_setting :authorization, job_token_policies: :admin_packages
put do
project = authorized_user_project
authorize_upload!(project)
+ authorize_job_token_policies!(project)
bad_request!('File is too large') if max_file_size_exceeded?
track_package_event('push_package', :generic, project: project, namespace: project.namespace)
@@ -124,11 +128,13 @@ module API
end
route_setting :authentication, job_token_allowed: %i[request basic_auth], basic_auth_personal_access_token: true, deploy_token_allowed: true
+ route_setting :authorization, job_token_policies: :read_packages
get do
project = authorized_user_project(action: :read_package)
authorize_read_package!(project)
+ authorize_job_token_policies!(project)
package = ::Packages::Generic::PackageFinder.new(project).execute!(params[:package_name], params[:package_version])
package_file = ::Packages::PackageFileFinder.new(package, encoded_file_name).execute!
diff --git a/lib/api/go_proxy.rb b/lib/api/go_proxy.rb
index fb3d6d005a6..eaedc1531db 100755
--- a/lib/api/go_proxy.rb
+++ b/lib/api/go_proxy.rb
@@ -69,6 +69,7 @@ module API
end
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true,
authenticate_non_public: true
+ route_setting :authorization, job_token_policies: :read_packages
resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
before do
authorize_read_package!(project)
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index 5f8d88293f6..31525ad5235 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -169,7 +169,7 @@ module API
return handle_job_token_failure!(project)
end
- return forbidden!(job_token_policies_unauthorized_message(project)) unless job_token_policies_authorized?(project)
+ authorize_job_token_policies!(project) && return
if project_moved?(id, project)
return not_allowed!('Non GET methods are not allowed for moved projects') unless request.get?
@@ -180,6 +180,10 @@ module API
project
end
+ def authorize_job_token_policies!(project)
+ forbidden!(job_token_policies_unauthorized_message(project)) unless job_token_policies_authorized?(project)
+ end
+
def read_project_ability
:read_project
end
@@ -1021,6 +1025,7 @@ module API
def job_token_policies_authorized?(project)
return true unless current_user&.from_ci_job_token?
return true unless Feature.enabled?(:enforce_job_token_policies, current_user)
+ return true if skip_job_token_policies?
current_user.ci_job_token_scope.policies_allowed?(project, job_token_policies)
end
@@ -1046,6 +1051,12 @@ module API
Array(route_setting(:authorization).try(:fetch, :job_token_policies, nil))
end
+
+ def skip_job_token_policies?
+ return false unless respond_to?(:route_setting)
+
+ route_setting(:authorization).try(:fetch, :skip_job_token_policies, false)
+ end
end
end
diff --git a/lib/api/helpers/packages_helpers.rb b/lib/api/helpers/packages_helpers.rb
index ca02ed3e704..479811e510c 100644
--- a/lib/api/helpers/packages_helpers.rb
+++ b/lib/api/helpers/packages_helpers.rb
@@ -87,6 +87,8 @@ module API
return forbidden! unless authorized_project_scope?(project)
+ project && authorize_job_token_policies!(project) && return
+
return project if can?(current_user, :read_package, project&.packages_policy_subject)
# guest users can have :read_project but not :read_package
return forbidden! if can?(current_user, :read_project, project)
diff --git a/lib/api/maven_packages.rb b/lib/api/maven_packages.rb
index a62e84f51ef..d10a2f12fcb 100644
--- a/lib/api/maven_packages.rb
+++ b/lib/api/maven_packages.rb
@@ -102,6 +102,7 @@ module API
use :path_and_file_name
end
route_setting :authentication, job_token_allowed: true, deploy_token_allowed: true, basic_auth_personal_access_token: true
+ route_setting :authorization, job_token_policies: :read_packages
get 'packages/maven/*path/:file_name', requirements: MAVEN_ENDPOINT_REQUIREMENTS do
# return a similar failure to authorize_read_package!(project)
@@ -115,6 +116,7 @@ module API
project = find_project_by_path(params[:path])
authorize_read_package!(project)
+ authorize_job_token_policies!(project)
package = fetch_package(file_name: file_name, project: project)
@@ -156,6 +158,7 @@ module API
use :path_and_file_name
end
route_setting :authentication, job_token_allowed: true, deploy_token_allowed: true, basic_auth_personal_access_token: true
+ route_setting :authorization, job_token_policies: :read_packages
get ':id/-/packages/maven/*path/:file_name', requirements: MAVEN_ENDPOINT_REQUIREMENTS do
# return a similar failure to group = find_group(params[:id])
group = find_authorized_group!(action: :read_package_within_public_registries)
@@ -167,7 +170,10 @@ module API
file_name, format = extract_format(params[:file_name])
package = fetch_package(file_name: file_name, group: group)
- authorize_read_package!(package.project) if package
+ if package
+ authorize_read_package!(package.project)
+ authorize_job_token_policies!(package.project)
+ end
find_and_present_package_file(package, file_name, format, params.merge(target: group))
end
@@ -194,6 +200,7 @@ module API
use :path_and_file_name
end
route_setting :authentication, job_token_allowed: true, deploy_token_allowed: true, basic_auth_personal_access_token: true
+ route_setting :authorization, job_token_policies: :read_packages
get ':id/packages/maven/*path/:file_name', requirements: MAVEN_ENDPOINT_REQUIREMENTS do
project = authorized_user_project(action: :read_package)
@@ -203,6 +210,7 @@ module API
end
authorize_read_package!(project)
+ authorize_job_token_policies!(project)
file_name, format = extract_format(params[:file_name])
@@ -227,6 +235,7 @@ module API
requires :file_name, type: String, desc: 'Package file name', regexp: Gitlab::Regex.maven_file_name_regex, documentation: { example: 'mypkg-1.0-SNAPSHOT.pom' }
end
route_setting :authentication, job_token_allowed: true, deploy_token_allowed: true, basic_auth_personal_access_token: true
+ route_setting :authorization, job_token_policies: :admin_packages
put ':id/packages/maven/*path/:file_name/authorize', requirements: MAVEN_ENDPOINT_REQUIREMENTS do
authorize_upload!
@@ -253,6 +262,7 @@ module API
requires :file, type: ::API::Validations::Types::WorkhorseFile, desc: 'The package file to be published (generated by Multipart middleware)', documentation: { type: 'file' }
end
route_setting :authentication, job_token_allowed: true, deploy_token_allowed: true, basic_auth_personal_access_token: true
+ route_setting :authorization, job_token_policies: :admin_packages
put ':id/packages/maven/*path/:file_name', requirements: MAVEN_ENDPOINT_REQUIREMENTS do
unprocessable_entity! if Gitlab::FIPS.enabled? && params[:file].md5
authorize_upload!
diff --git a/lib/api/npm_project_packages.rb b/lib/api/npm_project_packages.rb
index fa05fd2dfed..31529343901 100644
--- a/lib/api/npm_project_packages.rb
+++ b/lib/api/npm_project_packages.rb
@@ -61,6 +61,7 @@ module API
requires :file_name, type: String, desc: 'Package file name'
end
route_setting :authentication, job_token_allowed: true, deploy_token_allowed: true
+ route_setting :authorization, job_token_policies: :read_packages
get '*package_name/-/*file_name', format: false do
authorize_read_package!(project)
@@ -94,6 +95,7 @@ module API
requires :versions, type: Hash, desc: 'Package version info'
end
route_setting :authentication, job_token_allowed: true, deploy_token_allowed: true
+ route_setting :authorization, job_token_policies: :admin_packages
put ':package_name', requirements: ::API::Helpers::Packages::Npm::NPM_ENDPOINT_REQUIREMENTS do
if headers['Npm-Command'] == 'deprecate'
authorize_destroy_package!(project)
@@ -139,6 +141,7 @@ module API
end
route_setting :authentication, job_token_allowed: true, deploy_token_allowed: true,
authenticate_non_public: true
+ route_setting :authorization, job_token_policies: :read_packages
get '*package_name', format: false, requirements: ::API::Helpers::Packages::Npm::NPM_ENDPOINT_REQUIREMENTS do
package_name = declared_params[:package_name]
packages = ::Packages::Npm::PackageFinder.new(project: project_or_nil, params: { package_name: package_name }).execute
diff --git a/lib/api/package_files.rb b/lib/api/package_files.rb
index 6a02769519f..df0ceddb5eb 100644
--- a/lib/api/package_files.rb
+++ b/lib/api/package_files.rb
@@ -31,6 +31,7 @@ module API
use :pagination
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :read_packages
get ':id/packages/:package_id/package_files' do
package = ::Packages::PackageFinder
.new(user_project, params[:package_id]).execute
@@ -54,6 +55,7 @@ module API
requires :package_file_id, type: Integer, desc: 'ID of a package file'
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :admin_packages
delete ':id/packages/:package_id/package_files/:package_file_id' do
authorize_destroy_package!(user_project)
diff --git a/lib/api/project_container_repositories.rb b/lib/api/project_container_repositories.rb
index f6f9b96b068..ef47245aa51 100644
--- a/lib/api/project_container_repositories.rb
+++ b/lib/api/project_container_repositories.rb
@@ -20,6 +20,7 @@ module API
requires :id, types: [String, Integer], desc: 'The ID or URL-encoded path of the project'
end
route_setting :authentication, job_token_allowed: true, job_token_scope: :project
+ route_setting :authorization, skip_job_token_policies: true
resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
desc 'List container repositories within a project' do
detail 'This feature was introduced in GitLab 11.8.'
diff --git a/lib/api/project_packages.rb b/lib/api/project_packages.rb
index d9a8613069a..9be1a97a4e7 100644
--- a/lib/api/project_packages.rb
+++ b/lib/api/project_packages.rb
@@ -54,6 +54,7 @@ module API
desc: 'Return packages with specified status'
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :read_packages
get ':id/packages' do
packages = ::Packages::PackagesFinder.new(
user_project,
@@ -76,6 +77,7 @@ module API
requires :package_id, type: Integer, desc: 'The ID of a package'
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :read_packages
get ':id/packages/:package_id' do
render_api_error!('Package not found', 404) unless package.detailed_info?
@@ -102,6 +104,7 @@ module API
values: 1..20
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :read_packages
get ':id/packages/:package_id/pipelines' do
not_found!('Package not found') unless package.detailed_info?
@@ -129,6 +132,7 @@ module API
requires :package_id, type: Integer, desc: 'The ID of a package'
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :admin_packages
delete ':id/packages/:package_id' do
authorize_destroy_package!(user_project)
diff --git a/lib/api/pypi_packages.rb b/lib/api/pypi_packages.rb
index 9cd114994b2..d50ce9a6798 100644
--- a/lib/api/pypi_packages.rb
+++ b/lib/api/pypi_packages.rb
@@ -131,6 +131,7 @@ module API
end
route_setting :authentication, deploy_token_allowed: true, basic_auth_personal_access_token: true, job_token_allowed: :basic_auth
+ route_setting :authorization, job_token_policies: :read_packages
get 'files/:sha256/*file_identifier' do
group = find_authorized_group!
authorize_read_package!(group)
@@ -139,6 +140,7 @@ module API
package = Packages::Pypi::PackageFinder.new(current_user, group, { filename: filename, sha256: params[:sha256] }).execute
package_file = ::Packages::PackageFileFinder.new(package, filename, with_file_name_like: false).execute
+ authorize_job_token_policies!(package.project)
track_package_event('pull_package', :pypi, namespace: group, project: package.project)
present_package_file!(package_file, supports_direct_download: true)
@@ -158,6 +160,7 @@ module API
# An API entry point but returns an HTML file instead of JSON.
# PyPi simple API returns a list of packages as a simple HTML file.
route_setting :authentication, deploy_token_allowed: true, basic_auth_personal_access_token: true, job_token_allowed: :basic_auth
+ route_setting :authorization, skip_job_token_policies: true
get 'simple', format: :txt do
present_simple_index(find_authorized_group!)
end
@@ -180,6 +183,7 @@ module API
# An API entry point but returns an HTML file instead of JSON.
# PyPi simple API returns the package descriptor as a simple HTML file.
route_setting :authentication, deploy_token_allowed: true, basic_auth_personal_access_token: true, job_token_allowed: :basic_auth
+ route_setting :authorization, skip_job_token_policies: true
get 'simple/*package_name', format: :txt do
present_simple_package(find_authorized_group!)
end
@@ -208,8 +212,10 @@ module API
end
route_setting :authentication, deploy_token_allowed: true, basic_auth_personal_access_token: true, job_token_allowed: :basic_auth
+ route_setting :authorization, job_token_policies: :read_packages
get 'files/:sha256/*file_identifier' do
project = project!
+ authorize_job_token_policies!(project)
filename = "#{params[:file_identifier]}.#{params[:format]}"
package = Packages::Pypi::PackageFinder.new(current_user, project, { filename: filename, sha256: params[:sha256] }).execute
@@ -234,8 +240,11 @@ module API
# An API entry point but returns an HTML file instead of JSON.
# PyPi simple API returns a list of packages as a simple HTML file.
route_setting :authentication, deploy_token_allowed: true, basic_auth_personal_access_token: true, job_token_allowed: :basic_auth
+ route_setting :authorization, job_token_policies: :read_packages
get 'simple', format: :txt do
- present_simple_index(project!)
+ project = project!
+ authorize_job_token_policies!(project)
+ present_simple_index(project)
end
desc 'The PyPi Simple Project Package Endpoint' do
@@ -256,8 +265,11 @@ module API
# An API entry point but returns an HTML file instead of JSON.
# PyPi simple API returns the package descriptor as a simple HTML file.
route_setting :authentication, deploy_token_allowed: true, basic_auth_personal_access_token: true, job_token_allowed: :basic_auth
+ route_setting :authorization, job_token_policies: :read_packages
get 'simple/*package_name', format: :txt do
- present_simple_package(project!)
+ project = project!
+ authorize_job_token_policies!(project)
+ present_simple_package(project)
end
desc 'The PyPi Package upload endpoint' do
@@ -290,9 +302,11 @@ module API
end
route_setting :authentication, deploy_token_allowed: true, basic_auth_personal_access_token: true, job_token_allowed: :basic_auth
+ route_setting :authorization, job_token_policies: :admin_packages
post do
project = project!(action: :read_project)
authorize_upload!(project)
+ authorize_job_token_policies!(project)
if project.actual_limits.exceeded?(:pypi_max_file_size, params[:content].size)
bad_request!('File is too large')
@@ -331,8 +345,10 @@ module API
end
route_setting :authentication, deploy_token_allowed: true, basic_auth_personal_access_token: true, job_token_allowed: :basic_auth
+ route_setting :authorization, job_token_policies: :admin_packages
post 'authorize' do
project = project!(action: :read_project)
+ authorize_job_token_policies!(project)
authorize_workhorse!(
subject: project,
has_length: false,
diff --git a/lib/api/release/links.rb b/lib/api/release/links.rb
index d0234439057..06dd5e06754 100644
--- a/lib/api/release/links.rb
+++ b/lib/api/release/links.rb
@@ -38,6 +38,7 @@ module API
use :pagination
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :read_releases
get 'links' do
authorize! :read_release, release
@@ -65,6 +66,7 @@ module API
desc: 'The type of the link: `other`, `runbook`, `image`, or `package`. Defaults to `other`'
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :admin_releases
post 'links' do
result = ::Releases::Links::CreateService
.new(release, current_user, declared_params(include_missing: false))
@@ -93,6 +95,7 @@ module API
tags release_links_tags
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :read_releases
get do
authorize! :read_release, release
@@ -122,6 +125,7 @@ module API
at_least_one_of :name, :url
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :admin_releases
put do
result = ::Releases::Links::UpdateService
.new(release, current_user, declared_params(include_missing: false))
@@ -146,6 +150,7 @@ module API
tags release_links_tags
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :admin_releases
delete do
result = ::Releases::Links::DestroyService
.new(release, current_user)
diff --git a/lib/api/releases.rb b/lib/api/releases.rb
index 1289ecb026d..e02aad88d31 100644
--- a/lib/api/releases.rb
+++ b/lib/api/releases.rb
@@ -98,6 +98,7 @@ module API
optional :updated_after, type: DateTime, desc: 'Return releases updated after the specified datetime. Format: ISO 8601 YYYY-MM-DDTHH:MM:SSZ'
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :read_releases
get ':id/releases' do
releases = ::ReleasesFinder.new(user_project, current_user, declared_params.slice(:order_by, :sort, :updated_before, :updated_after)).execute
@@ -133,6 +134,7 @@ module API
desc: 'If `true`, a response includes HTML rendered markdown of the release description'
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :read_releases
get ':id/releases/:tag_name', requirements: RELEASE_ENDPOINT_REQUIREMENTS do
authorize_read_code!
@@ -160,6 +162,7 @@ module API
as: :filepath
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :read_releases
get ':id/releases/:tag_name/downloads/*direct_asset_path', format: false, requirements: RELEASE_ENDPOINT_REQUIREMENTS do
authorize_read_code!
@@ -188,6 +191,7 @@ module API
desc: 'The path to be suffixed to the latest release'
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :read_releases
get ':id/releases/permalink/latest(/)(*suffix_path)', format: false, requirements: RELEASE_ENDPOINT_REQUIREMENTS do
authorize_read_code!
@@ -272,6 +276,7 @@ module API
'and the release will published to the CI catalog as it was before this parameter was introduced.'
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :admin_releases
post ':id/releases' do
authorize_create_release!
@@ -317,6 +322,7 @@ module API
mutually_exclusive :milestones, :milestone_ids, message: 'Cannot specify milestones and milestone_ids at the same time'
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :admin_releases
put ':id/releases/:tag_name', requirements: RELEASE_ENDPOINT_REQUIREMENTS do
authorize_update_release!
@@ -347,6 +353,7 @@ module API
requires :tag_name, type: String, desc: 'The Git tag the release is associated with', as: :tag
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :admin_releases
delete ':id/releases/:tag_name', requirements: RELEASE_ENDPOINT_REQUIREMENTS do
authorize_destroy_release!
diff --git a/lib/api/repositories.rb b/lib/api/repositories.rb
index 39ac79705ac..d41fc0b63e8 100644
--- a/lib/api/repositories.rb
+++ b/lib/api/repositories.rb
@@ -287,6 +287,7 @@ module API
desc: "The file path to the configuration file as stored in the project's Git repository. Defaults to '.gitlab/changelog_config.yml'"
end
route_setting :authentication, job_token_allowed: true
+ route_setting :authorization, job_token_policies: :read_releases
get ':id/repository/changelog' do
check_rate_limit!(:project_repositories_changelog, scope: [current_user, user_project]) do
render_api_error!({ error: 'This changelog has been requested too many times. Try again later.' }, 429)
diff --git a/lib/api/terraform/state.rb b/lib/api/terraform/state.rb
index 88f8c309023..4826f6405ce 100644
--- a/lib/api/terraform/state.rb
+++ b/lib/api/terraform/state.rb
@@ -69,6 +69,7 @@ module API
tags %w[terraform_state]
end
route_setting :authentication, basic_auth_personal_access_token: true, job_token_allowed: :basic_auth
+ route_setting :authorization, job_token_policies: :read_terraform_state
get do
remote_state_handler.find_with_lock do |state|
no_content! unless state.latest_file && state.latest_file.exists?
@@ -92,6 +93,7 @@ module API
tags %w[terraform_state]
end
route_setting :authentication, basic_auth_personal_access_token: true, job_token_allowed: :basic_auth
+ route_setting :authorization, job_token_policies: :admin_terraform_state
post do
authorize! :admin_terraform_state, user_project
@@ -120,6 +122,7 @@ module API
tags %w[terraform_state]
end
route_setting :authentication, basic_auth_personal_access_token: true, job_token_allowed: :basic_auth
+ route_setting :authorization, job_token_policies: :admin_terraform_state
delete do
authorize! :admin_terraform_state, user_project
@@ -143,6 +146,7 @@ module API
tags %w[terraform_state]
end
route_setting :authentication, basic_auth_personal_access_token: true, job_token_allowed: :basic_auth
+ route_setting :authorization, job_token_policies: :admin_terraform_state
params do
requires :ID, type: String, limit: 255, desc: 'Terraform state lock ID'
requires :Operation, type: String, desc: 'Terraform operation'
@@ -192,6 +196,7 @@ module API
tags %w[terraform_state]
end
route_setting :authentication, basic_auth_personal_access_token: true, job_token_allowed: :basic_auth
+ route_setting :authorization, job_token_policies: :admin_terraform_state
params do
optional :ID, type: String, limit: 255, desc: 'Terraform state lock ID'
end
diff --git a/lib/api/terraform/state_version.rb b/lib/api/terraform/state_version.rb
index f98aeb5860e..c83899b6a5c 100644
--- a/lib/api/terraform/state_version.rb
+++ b/lib/api/terraform/state_version.rb
@@ -52,6 +52,7 @@ module API
tags %w[terraform_state]
end
route_setting :authentication, basic_auth_personal_access_token: true, job_token_allowed: :basic_auth
+ route_setting :authorization, job_token_policies: :read_terraform_state
get do
find_version(params[:serial]) do |version|
env['api.format'] = :binary # Bypass json serialization
@@ -70,6 +71,7 @@ module API
tags %w[terraform_state]
end
route_setting :authentication, basic_auth_personal_access_token: true, job_token_allowed: :basic_auth
+ route_setting :authorization, job_token_policies: :admin_terraform_state
delete do
authorize! :admin_terraform_state, user_project
diff --git a/lib/tasks/ci/job_tokens.rake b/lib/tasks/ci/job_tokens.rake
new file mode 100644
index 00000000000..94db6dea422
--- /dev/null
+++ b/lib/tasks/ci/job_tokens.rake
@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+return if Rails.env.production?
+
+namespace :ci do
+ namespace :job_tokens do
+ require_relative './job_tokens_task'
+
+ desc 'CI | Job Tokens | Check if all CI/CD job token allowed endpoints are correctly tagged and documented'
+ task check_policies: :environment do
+ task_class = Tasks::Ci::JobTokensTask.new
+ task_class.check_policies_completeness
+ task_class.check_policies_correctness
+ task_class.check_docs
+ end
+
+ desc 'CI | Job Tokens | Check if all CI/CD job token allowed endpoints are tagged with job_token_policies'
+ task check_policies_completeness: :environment do
+ Tasks::Ci::JobTokensTask.new.check_policies_completeness
+ end
+
+ desc 'CI | Job Tokens | Check if all defined policies for CI/CD job token allowed endpoints are correct'
+ task check_policies_correctness: :environment do
+ Tasks::Ci::JobTokensTask.new.check_policies_correctness
+ end
+
+ desc 'CI | Job Tokens | Check if CI/CD job token allowed endpoints documentation is up to date'
+ task check_docs: :environment do
+ Tasks::Ci::JobTokensTask.new.check_docs
+ end
+
+ desc 'CI | Job Tokens | Compile CI/CD job token allowed endpoints documentation'
+ task compile_docs: :environment do
+ Tasks::Ci::JobTokensTask.new.compile_docs
+ end
+ end
+end
diff --git a/lib/tasks/ci/job_tokens_task.rb b/lib/tasks/ci/job_tokens_task.rb
new file mode 100644
index 00000000000..34c0fb07d99
--- /dev/null
+++ b/lib/tasks/ci/job_tokens_task.rb
@@ -0,0 +1,170 @@
+# frozen_string_literal: true
+
+module Tasks
+ module Ci
+ class JobTokensTask
+ def initialize
+ @routes = API::API.endpoints.flat_map(&:routes)
+ @doc_path = Rails.root.join('doc/ci/jobs/fine_grained_permissions.md')
+ @template_path = Rails.root.join('tooling/ci/job_tokens/docs/templates/fine_grained_permissions.md.erb')
+ end
+
+ def check_policies_completeness
+ allowed_routes_without_policies = find_allowed_routes_without_policies
+ if allowed_routes_without_policies.empty?
+ puts 'All allowed endpoints for CI/CD job tokens have policies defined.'
+ else
+ puts '##########'
+ puts '#'
+ puts '# The following endpoints allowed for CI/CD job tokens should define job token policies:'
+ puts '#'
+ puts table_for_routes(allowed_routes_without_policies)
+ puts '#'
+ puts '##########'
+
+ abort
+ end
+ end
+
+ def check_policies_correctness
+ routes_with_invalid_policies = find_routes_with_invalid_policies
+ if routes_with_invalid_policies.empty?
+ puts 'All defined CI/CD job token policies are valid.'
+ else
+ puts '##########'
+ puts '#'
+ puts '# The following endpoints have invalid CI/CD job token policies:'
+ puts '#'
+ puts table_for_routes(routes_with_invalid_policies, include_policies: true)
+ puts '#'
+ puts '##########'
+
+ abort
+ end
+ end
+
+ def check_docs
+ doc = File.read(doc_path)
+
+ template = ERB.new(File.read(template_path))
+ if doc == template.result(binding)
+ puts 'CI/CD job token allowed endpoints documentation is up to date.'
+ else
+ puts '##########'
+ puts '#'
+ puts '# CI/CD job token allowed endpoints documentation is outdated! Please update it by running ' \
+ '`bundle exec rake ci:job_tokens:compile_docs`.'
+ puts '#'
+ puts '##########'
+
+ abort
+ end
+ end
+
+ def compile_docs
+ template = ERB.new(File.read(template_path))
+ File.write(doc_path, template.result(binding))
+
+ puts 'CI/CD job token allowed endpoints documentation compiled.'
+ end
+
+ def allowed_endpoints
+ routes_for_table = routes.select { |route| allowed_route?(route) }
+ table_for_routes(routes_for_table, user_docs: true)
+ end
+
+ private
+
+ attr_reader :routes, :doc_path, :template_path
+
+ def find_allowed_routes_without_policies
+ routes.select { |route| allowed_route?(route) && policies_for(route).empty? && !skip_route?(route) }
+ end
+
+ def find_routes_with_invalid_policies
+ routes.select { |route| (policies_for(route) - valid_policies).present? }
+ end
+
+ def valid_policies
+ @valid_policies ||= ::Ci::JobToken::Policies::POLICIES
+ end
+
+ def table_for_routes(routes, include_policies: false, user_docs: false)
+ header = []
+ header << 'Policies' if include_policies
+
+ if user_docs
+ header << 'Permissions'
+ header << 'Permission Names'
+ end
+
+ header += %w[Path Description]
+
+ table = []
+ table << markdown_row(header)
+ table << markdown_row(header.map { |item| '-' * item.length })
+
+ formatted_routes = routes.map { |route| format_route(route, include_policies, user_docs) }
+ table += formatted_routes.uniq.sort
+ table.join("\n")
+ end
+
+ def format_route(route, include_policies, user_docs)
+ row = []
+ row << policies_for(route).join(', ') if include_policies
+
+ if user_docs
+ row << resource_and_permissions_for(route)
+ row << permission_names(route)
+ end
+
+ row << [
+ "`#{route_path(route)}`",
+ route.description
+ ]
+
+ markdown_row(row)
+ end
+
+ def markdown_row(row)
+ "| #{row.join(' | ')} |"
+ end
+
+ def resource_and_permissions_for(route)
+ policies = policies_for(route)
+ return 'None' unless policies.present?
+
+ policies.map do |policy|
+ _, permission, category = policy.match(/^(read|admin)_(.+)/).to_a
+ next policy unless permission && category
+
+ permission = 'read_and_write' if permission == 'admin'
+ "#{category.humanize}: #{permission.humanize}"
+ end.join(', ')
+ end
+
+ def permission_names(route)
+ policies = policies_for(route)
+ return unless policies.present?
+
+ policies.map { |policy| "`#{policy.upcase}`" }.join(', ')
+ end
+
+ def route_path(route)
+ [route.request_method, route.origin.delete_prefix('/api/:version')].join(' ')
+ end
+
+ def allowed_route?(route)
+ route.settings.dig(:authentication, :job_token_allowed)
+ end
+
+ def skip_route?(route)
+ route.settings.dig(:authorization, :skip_job_token_policies)
+ end
+
+ def policies_for(route)
+ Array(route.settings.dig(:authorization, :job_token_policies))
+ end
+ end
+ end
+end
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index 1b3dcfa9410..ff39de6992c 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -23872,6 +23872,9 @@ msgstr ""
msgid "Failed to create compliance requirement"
msgstr ""
+msgid "Failed to create compliance requirement control"
+msgstr ""
+
msgid "Failed to create framework"
msgstr ""
@@ -37930,6 +37933,9 @@ msgstr ""
msgid "Not found."
msgstr ""
+msgid "Not permitted to create compliance control"
+msgstr ""
+
msgid "Not permitted to destroy framework"
msgstr ""
diff --git a/qa/qa.rb b/qa/qa.rb
index 938f4146f83..49942be17e4 100644
--- a/qa/qa.rb
+++ b/qa/qa.rb
@@ -85,7 +85,8 @@ module QA
"registry_with_cdn" => "RegistryWithCDN",
"fips" => "FIPS",
"ci_cd_settings" => "CICDSettings",
- "cli" => "CLI"
+ "cli" => "CLI",
+ "import_with_smtp" => "ImportWithSMTP"
)
loader.setup
diff --git a/qa/qa/page/component/issuable/common.rb b/qa/qa/page/component/issuable/common.rb
index 9c452cc2b69..9833ef5dd48 100644
--- a/qa/qa/page/component/issuable/common.rb
+++ b/qa/qa/page/component/issuable/common.rb
@@ -21,6 +21,16 @@ module QA
base.view 'app/assets/javascripts/related_issues/components/related_issuable_input.vue' do
element 'add-issue-field'
end
+
+ base.view 'app/assets/javascripts/vue_shared/issuable/show/components/issuable_header.vue' do
+ element 'issue-author'
+ end
+ end
+
+ def has_author?(author_username)
+ within_element('issue-author') do
+ has_text?(author_username)
+ end
end
end
end
diff --git a/qa/qa/page/component/note.rb b/qa/qa/page/component/note.rb
index d18778f9f16..5844a8cd538 100644
--- a/qa/qa/page/component/note.rb
+++ b/qa/qa/page/component/note.rb
@@ -105,6 +105,12 @@ module QA
)
end
+ def has_comment_author?(author_username)
+ within_element('noteable-note-container') do
+ has_element?('author-name', text: author_username, wait: QA::Support::Repeater::DEFAULT_MAX_WAIT_TIME)
+ end
+ end
+
def has_system_note?(note_text)
has_element?('system-note-content', text: note_text, wait: QA::Support::Repeater::DEFAULT_MAX_WAIT_TIME)
end
diff --git a/qa/qa/page/component/placeholders/placeholders_table.rb b/qa/qa/page/component/placeholders/placeholders_table.rb
new file mode 100644
index 00000000000..db9409addfb
--- /dev/null
+++ b/qa/qa/page/component/placeholders/placeholders_table.rb
@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+module QA
+ module Page
+ module Component
+ module Placeholders
+ module PlaceholdersTable
+ extend QA::Page::PageConcern
+ include QA::Page::Component::Dropdown
+
+ def self.included(base)
+ super
+
+ base.class_eval do
+ include ConfirmModal
+ end
+
+ base.view 'app/assets/javascripts/members/placeholders/components/placeholders_table.vue' do
+ element 'placeholder-status'
+ element 'placeholder-reassigned'
+ end
+ end
+
+ def reassign_placeholder_user(placeholder, username)
+ within_element(placeholder.to_s.to_sym) do
+ click_element('base-dropdown-toggle')
+ wait_for_requests
+ search_and_select(username)
+ click_element('confirm-button')
+ end
+ end
+
+ def has_reassignment_status?(placeholder, status, wait: QA::Support::WaitForRequests::DEFAULT_MAX_WAIT_TIME)
+ within_element(placeholder.to_s.to_sym) do
+ has_element?('placeholder-status', text: status, wait: wait)
+ end
+ end
+
+ def has_reassigned_user?(placeholder, username, wait: QA::Support::WaitForRequests::DEFAULT_MAX_WAIT_TIME)
+ within_element(placeholder.to_s.to_sym) do
+ has_element?('placeholder-reassigned', text: username, wait: wait)
+ end
+ end
+
+ def wait_until_reassignment_completed!
+ retry_until(sleep_interval: 10, reload: true, max_attempts: 10) do
+ has_element?('gl-empty-state-content')
+ end
+ end
+ end
+ end
+ end
+ end
+end
diff --git a/qa/qa/page/group/members.rb b/qa/qa/page/group/members.rb
index 9aae52f07c6..97ccf0dd9ba 100644
--- a/qa/qa/page/group/members.rb
+++ b/qa/qa/page/group/members.rb
@@ -6,6 +6,24 @@ module QA
class Members < Page::Base
include Page::Component::Members::InviteMembersModal
include Page::Component::Members::MembersTable
+ include Page::Component::Placeholders::PlaceholdersTable
+
+ def find_tab(tab_name)
+ find('a[role="tab"]', text: tab_name)
+ end
+
+ def has_tab?(tab_name)
+ find_tab(tab_name)
+ end
+
+ def has_tab_count?(tab_name, expected_count)
+ has_tab?(tab_name)
+ find_tab(tab_name).text.split("\n")[1].to_i == expected_count
+ end
+
+ def click_tab(tab_name)
+ find_tab(tab_name).click
+ end
end
end
end
diff --git a/qa/qa/page/import/review_reassignment.rb b/qa/qa/page/import/review_reassignment.rb
new file mode 100644
index 00000000000..445b64418f6
--- /dev/null
+++ b/qa/qa/page/import/review_reassignment.rb
@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module QA
+ module Page
+ module Import
+ class ReviewReassignment < Page::Base
+ view 'app/views/import/source_users/show.html.haml' do
+ element 'approve-reassignment-button'
+ end
+
+ def click_approve_reassignment
+ find_element('approve-reassignment-button').click
+ end
+ end
+ end
+ end
+end
diff --git a/qa/qa/page/merge_request/show.rb b/qa/qa/page/merge_request/show.rb
index c3ced75d1c9..6fc41c1f5ee 100644
--- a/qa/qa/page/merge_request/show.rb
+++ b/qa/qa/page/merge_request/show.rb
@@ -152,6 +152,10 @@ module QA
element 'mr-collapsible-title'
end
+ view 'app/helpers/projects_helper.rb' do
+ element 'author-link'
+ end
+
def start_review
has_active_element?('start-review-button', wait: 0.5)
click_element('start-review-button')
@@ -290,6 +294,12 @@ module QA
has_element?('title-content', text: title)
end
+ def has_author?(author_username)
+ within_element('author-link') do
+ has_text?(author_username)
+ end
+ end
+
def has_description?(description)
has_element?('description-content', text: description)
end
diff --git a/qa/qa/resource/bulk_import_group.rb b/qa/qa/resource/bulk_import_group.rb
index 5196be39a12..7e309443917 100644
--- a/qa/qa/resource/bulk_import_group.rb
+++ b/qa/qa/resource/bulk_import_group.rb
@@ -31,6 +31,7 @@ module QA
Page::Group::BulkImport.perform do |import_page|
import_page.import_group(destination_group_path, sandbox.full_path)
+ import_page.has_imported_group?(destination_group_path)
end
reload!
diff --git a/qa/qa/scenario/test/integration/import_with_smtp.rb b/qa/qa/scenario/test/integration/import_with_smtp.rb
new file mode 100644
index 00000000000..c2beb547f4e
--- /dev/null
+++ b/qa/qa/scenario/test/integration/import_with_smtp.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module QA
+ module Scenario
+ module Test
+ module Integration
+ class ImportWithSMTP < Test::Instance::All
+ tags :import_with_smtp
+ end
+ end
+ end
+ end
+end
diff --git a/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_group_spec.rb b/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_group_spec.rb
index 1ac89b58b95..e3dda3c2713 100644
--- a/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_group_spec.rb
+++ b/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_group_spec.rb
@@ -4,7 +4,7 @@ module QA
RSpec.describe "Manage", product_group: :import_and_integrate do
include_context "with gitlab group migration"
- describe "Gitlab migration" do
+ describe "Gitlab migration", :import, :orchestrated, requires_admin: 'creates a user via API' do
context 'with subgroups and labels' do
let(:subgroup) do
create(:group,
diff --git a/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_issue_spec.rb b/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_issue_spec.rb
index e35c7ceb765..d8ed4acdbf2 100644
--- a/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_issue_spec.rb
+++ b/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_issue_spec.rb
@@ -1,8 +1,8 @@
# frozen_string_literal: true
module QA
- RSpec.describe 'Manage' do
- describe 'Gitlab migration', product_group: :import_and_integrate do
+ RSpec.describe 'Manage', product_group: :import_and_integrate do
+ describe 'Gitlab migration', :import, :orchestrated, requires_admin: 'creates a user via API' do
include_context 'with gitlab project migration'
let!(:source_issue) do
diff --git a/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_large_project_spec.rb b/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_large_project_spec.rb
index 2549d594af6..6e1d16d19f9 100644
--- a/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_large_project_spec.rb
+++ b/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_large_project_spec.rb
@@ -4,12 +4,12 @@
# rubocop:disable Rails/Pluck, Layout/LineLength, RSpec/MultipleMemoizedHelpers
module QA
- RSpec.describe "Manage", :skip_live_env,
+ RSpec.describe "Manage", :skip_live_env, product_group: :import_and_integrate,
only: { condition: -> { ENV["CI_PROJECT_NAME"] == "import-metrics" } },
custom_test_metrics: {
tags: { import_type: ENV["QA_IMPORT_TYPE"], import_repo: ENV["QA_LARGE_IMPORT_REPO"] || "migration-test-project" }
} do
- describe "Gitlab migration", orchestrated: false, product_group: :import_and_integrate do
+ describe "Gitlab migration", :import, orchestrated: false, requires_admin: 'creates a user via API' do
include_context "with gitlab group migration"
let!(:logger) { Runtime::Logger.logger }
diff --git a/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_members_spec.rb b/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_members_spec.rb
index b4a83fbbf35..3f816d284b9 100644
--- a/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_members_spec.rb
+++ b/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_members_spec.rb
@@ -1,8 +1,8 @@
# frozen_string_literal: true
module QA
- RSpec.describe 'Manage' do
- describe 'Gitlab migration', product_group: :import_and_integrate do
+ RSpec.describe 'Manage', product_group: :import_and_integrate do
+ describe 'Gitlab migration', :import, :orchestrated, requires_admin: 'creates a user via API' do
include_context 'with gitlab project migration'
let!(:source_member) { create(:user, :set_public_email, api_client: source_admin_api_client) }
diff --git a/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_mr_spec.rb b/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_mr_spec.rb
index a32da1f5880..468dd506981 100644
--- a/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_mr_spec.rb
+++ b/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_mr_spec.rb
@@ -1,8 +1,8 @@
# frozen_string_literal: true
module QA
- RSpec.describe 'Manage' do
- describe 'Gitlab migration', product_group: :import_and_integrate do
+ RSpec.describe 'Manage', product_group: :import_and_integrate do
+ describe 'Gitlab migration', :import, :orchestrated, requires_admin: 'creates a user via API' do
include_context 'with gitlab project migration'
let!(:source_project_with_readme) { true }
diff --git a/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_pipeline_spec.rb b/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_pipeline_spec.rb
index 285d1f0b3b2..96450713677 100644
--- a/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_pipeline_spec.rb
+++ b/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_pipeline_spec.rb
@@ -1,8 +1,8 @@
# frozen_string_literal: true
module QA
- RSpec.describe 'Manage' do
- describe 'Gitlab migration', product_group: :import_and_integrate do
+ RSpec.describe 'Manage', product_group: :import_and_integrate do
+ describe 'Gitlab migration', :import, :orchestrated, requires_admin: 'creates a user via API' do
include_context 'with gitlab project migration'
context 'with ci pipeline' do
diff --git a/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_project_spec.rb b/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_project_spec.rb
index 64c76e54e66..d2b69de5149 100644
--- a/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_project_spec.rb
+++ b/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_project_spec.rb
@@ -1,8 +1,8 @@
# frozen_string_literal: true
module QA
- RSpec.describe 'Manage' do
- describe 'Gitlab migration', product_group: :import_and_integrate do
+ RSpec.describe 'Manage', product_group: :import_and_integrate do
+ describe 'Gitlab migration', :import, :orchestrated, requires_admin: 'creates a user via API' do
include_context 'with gitlab project migration'
# this spec is used as a sanity test for gitlab migration because it can run outside of orchestrated setup
diff --git a/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_release_spec.rb b/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_release_spec.rb
index 57efe759a5c..c1b576e4ad8 100644
--- a/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_release_spec.rb
+++ b/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_release_spec.rb
@@ -1,8 +1,8 @@
# frozen_string_literal: true
module QA
- RSpec.describe 'Manage' do
- describe 'Gitlab migration', product_group: :import_and_integrate do
+ RSpec.describe 'Manage', product_group: :import_and_integrate do
+ describe 'Gitlab migration', :import, :orchestrated, requires_admin: 'creates a user via API' do
include_context 'with gitlab project migration'
context 'with release' do
diff --git a/qa/qa/specs/features/browser_ui/1_manage/migration/gitlab_migration_group_spec.rb b/qa/qa/specs/features/browser_ui/1_manage/migration/gitlab_migration_group_spec.rb
index 2c1ca82f4e6..325df28c3b7 100644
--- a/qa/qa/specs/features/browser_ui/1_manage/migration/gitlab_migration_group_spec.rb
+++ b/qa/qa/specs/features/browser_ui/1_manage/migration/gitlab_migration_group_spec.rb
@@ -2,7 +2,7 @@
module QA
describe 'Manage', product_group: :import_and_integrate do
- describe 'Gitlab migration' do
+ describe 'Gitlab migration', :import, :orchestrated, requires_admin: 'creates a user via API' do
include_context "with gitlab group migration"
let!(:imported_group) do
diff --git a/qa/qa/specs/features/browser_ui/1_manage/migration/gitlab_migration_user_contribution_reassignment_spec.rb b/qa/qa/specs/features/browser_ui/1_manage/migration/gitlab_migration_user_contribution_reassignment_spec.rb
new file mode 100644
index 00000000000..a0420a4bcc3
--- /dev/null
+++ b/qa/qa/specs/features/browser_ui/1_manage/migration/gitlab_migration_user_contribution_reassignment_spec.rb
@@ -0,0 +1,148 @@
+# frozen_string_literal: true
+
+module QA
+ describe 'Manage', product_group: :import_and_integrate do
+ describe 'Gitlab migration',
+ feature_flag: {
+ name: [:importer_user_mapping, :bulk_import_importer_user_mapping],
+ scope: :global
+ } do
+ include_context "with gitlab project migration"
+
+ context 'with user contribution reassignment', :orchestrated, :import_with_smtp do
+ let(:mail_hog) { Vendor::MailHog::API.new }
+ let(:reassignment_email_subject) { "Reassignments in #{target_sandbox.name} waiting for review" }
+ let!(:source_project_with_readme) { true }
+
+ let!(:source_issue) do
+ create(:issue, project: source_project, labels: %w[label_one label_two],
+ api_client: source_admin_api_client)
+ end
+
+ let!(:source_issue_comment) { source_issue.add_comment(body: 'This is a test issue comment!') }
+
+ let!(:source_mr) do
+ create(:merge_request, project: source_project, api_client: source_admin_api_client)
+ end
+
+ let!(:source_mr_comment) { source_mr.add_comment(body: 'This is a test mr comment!') }
+
+ let(:imported_issue) { imported_project.issues.first }
+
+ let(:imported_merge_request) { imported_project.merge_requests.first }
+
+ let(:placeholder_user) do
+ build(:user,
+ name: "Placeholder #{source_admin_user.name}")
+ end
+
+ before do
+ Runtime::Feature.enable(:importer_user_mapping)
+ Runtime::Feature.enable(:bulk_import_importer_user_mapping)
+
+ Flow::Login.sign_in(as: user)
+ end
+
+ it 'reassigns placeholder users in issues and merge requests after reassignment',
+ testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/504548' do
+ expect_project_import_finished_successfully
+
+ page.visit imported_issue[:web_url]
+
+ Page::Project::Issue::Show.perform do |issue|
+ expect(issue).to have_author(placeholder_user.name)
+ expect(issue).to have_comment_author(placeholder_user.name)
+ end
+
+ page.visit imported_merge_request[:web_url]
+
+ Page::MergeRequest::Show.perform do |merge_request|
+ expect(merge_request).to have_author(placeholder_user.name)
+ expect(merge_request).to have_comment_author(placeholder_user.name)
+ end
+
+ target_sandbox.visit!
+ Page::Group::Menu.perform(&:go_to_members)
+ Page::Group::Members.perform do |members_page|
+ aggregate_failures do
+ expect(members_page).to have_tab_count("Placeholders", 1)
+
+ members_page.click_tab("Placeholders")
+
+ expect(members_page).to have_tab_count("Awaiting reassignment", 1)
+ expect(members_page).to have_tab_count("Reassigned", 0)
+ expect(members_page).to have_reassignment_status("placeholders-table-unassigned", "Not started")
+
+ members_page.reassign_placeholder_user("placeholders-table-unassigned", user.username)
+
+ expect(members_page).to have_reassignment_status("placeholders-table-unassigned", "Pending approval")
+ end
+ end
+
+ expect { email_subjects }.to eventually_include(reassignment_email_subject).within(max_duration: 300)
+
+ reassignment_url = fetch_reassignment_url(reassignment_email_subject)
+ Runtime::Logger.debug("Visiting reassignment url #{reassignment_url}")
+ page.visit reassignment_url
+ Page::Import::ReviewReassignment.perform(&:click_approve_reassignment)
+
+ target_sandbox.visit!
+ Page::Group::Menu.perform(&:go_to_members)
+ Page::Group::Members.perform do |members_page|
+ members_page.click_tab("Placeholders")
+ members_page.wait_until_reassignment_completed!
+ members_page.click_tab("Reassigned")
+
+ aggregate_failures do
+ expect(members_page).to have_reassignment_status("placeholders-table-reassigned", "Success")
+ expect(members_page).to have_reassigned_user("placeholders-table-reassigned", user.username)
+ expect(members_page).to have_tab_count("Reassigned", 1)
+ end
+ end
+
+ page.visit imported_issue[:web_url]
+
+ Page::Project::Issue::Show.perform do |issue|
+ expect(issue).to have_author(user.name)
+ expect(issue).to have_comment_author(user.name)
+ end
+
+ page.visit imported_merge_request[:web_url]
+
+ Page::MergeRequest::Show.perform do |merge_request|
+ expect(merge_request).to have_author(user.name)
+ expect(merge_request).to have_comment_author(user.name)
+ end
+ end
+ end
+
+ private
+
+ def mail_hog_messages
+ Runtime::Logger.debug('Fetching email...')
+
+ messages = mail_hog.fetch_messages
+ logs = messages.map { |m| "#{m.to}: #{m.subject}" }
+
+ Runtime::Logger.debug("MailHog Logs: #{logs.join("\n")}")
+
+ messages
+ end
+
+ def email_subjects
+ mail_hog_messages.map(&:subject)
+ end
+
+ def find_email(reassignment_email_subject)
+ Runtime::Logger.debug("Looking for email with subject containing: #{reassignment_email_subject}")
+ mail_hog_messages.find { |m| m.subject&.include?(reassignment_email_subject) }
+ end
+
+ def fetch_reassignment_url(reassignment_email_subject)
+ pattern = %r{https?://[\S]+/import/source_users/[-A-Z0-9]+}i
+ email = find_email(reassignment_email_subject)
+ email.body&.match(pattern).to_s
+ end
+ end
+ end
+end
diff --git a/qa/qa/specs/features/shared_contexts/import/gitlab_group_migration_common.rb b/qa/qa/specs/features/shared_contexts/import/gitlab_group_migration_common.rb
index bf4a030286b..2e95af83a1d 100644
--- a/qa/qa/specs/features/shared_contexts/import/gitlab_group_migration_common.rb
+++ b/qa/qa/specs/features/shared_contexts/import/gitlab_group_migration_common.rb
@@ -1,12 +1,7 @@
# frozen_string_literal: true
module QA
- RSpec.shared_context(
- 'with gitlab group migration',
- :import,
- :orchestrated,
- requires_admin: 'creates a user via API'
- ) do
+ RSpec.shared_context 'with gitlab group migration' do
let!(:import_wait_duration) { { max_duration: 120, sleep_interval: 2 } }
# source instance objects
diff --git a/qa/qa/vendor/mail_hog/api.rb b/qa/qa/vendor/mail_hog/api.rb
index 3e83971d9b8..6e357826d40 100644
--- a/qa/qa/vendor/mail_hog/api.rb
+++ b/qa/qa/vendor/mail_hog/api.rb
@@ -39,6 +39,10 @@ module QA
def subject
data.dig('Content', 'Headers', 'Subject', 0)
end
+
+ def body
+ data.dig('Content', 'Body')
+ end
end
class API
diff --git a/spec/graphql/resolvers/branch_commit_resolver_spec.rb b/spec/graphql/resolvers/repositories/ref_commit_resolver_spec.rb
similarity index 72%
rename from spec/graphql/resolvers/branch_commit_resolver_spec.rb
rename to spec/graphql/resolvers/repositories/ref_commit_resolver_spec.rb
index f901306a355..352e2514599 100644
--- a/spec/graphql/resolvers/branch_commit_resolver_spec.rb
+++ b/spec/graphql/resolvers/repositories/ref_commit_resolver_spec.rb
@@ -2,14 +2,14 @@
require 'spec_helper'
-RSpec.describe Resolvers::BranchCommitResolver do
+RSpec.describe Resolvers::Repositories::RefCommitResolver, feature_category: :source_code_management do
include GraphqlHelpers
- subject(:commit) { resolve(described_class, obj: branch) }
+ subject(:commit) { resolve(described_class, obj: ref) }
let_it_be(:repository) { create(:project, :repository).repository }
- let(:branch) { repository.find_branch('master') }
+ let(:ref) { repository.find_branch('master') }
describe '#resolve' do
it 'resolves commit' do
@@ -20,8 +20,8 @@ RSpec.describe Resolvers::BranchCommitResolver do
expect(sync(commit).container).to eq(repository.project)
end
- context 'when branch does not exist' do
- let(:branch) { nil }
+ context 'when ref does not exist' do
+ let(:ref) { nil }
it 'returns nil' do
is_expected.to be_nil
@@ -34,7 +34,7 @@ RSpec.describe Resolvers::BranchCommitResolver do
commits = batch_sync(max_queries: 2) do
[
- resolve(described_class, obj: branch),
+ resolve(described_class, obj: ref),
resolve(described_class, obj: repository.find_branch('spooky-stuff'))
]
end
diff --git a/spec/lib/api/helpers_spec.rb b/spec/lib/api/helpers_spec.rb
index db66559deee..311ae9c6142 100644
--- a/spec/lib/api/helpers_spec.rb
+++ b/spec/lib/api/helpers_spec.rb
@@ -319,6 +319,14 @@ RSpec.describe API::Helpers, feature_category: :shared do
end
end
+ context 'when job token policies are skipped' do
+ before do
+ allow(helper).to receive(:route_setting).with(:authorization).and_return(skip_job_token_policies: true)
+ end
+
+ it { is_expected.to eq project }
+ end
+
context 'when the `enforce_job_token_policies` feature flag is disabled' do
before do
stub_feature_flags(enforce_job_token_policies: false)
diff --git a/spec/models/ci/build_spec.rb b/spec/models/ci/build_spec.rb
index d6806131edb..7177007ac71 100644
--- a/spec/models/ci/build_spec.rb
+++ b/spec/models/ci/build_spec.rb
@@ -5077,28 +5077,71 @@ RSpec.describe Ci::Build, feature_category: :continuous_integration, factory_def
build.clear_memoization(:build_data)
end
- context 'with project hooks' do
- let(:build_data) { double(:BuildData, dup: double(:DupedData)) }
-
+ context 'when ci_async_build_hooks_execution flag is disabled' do
before do
- create(:project_hook, project: project, job_events: true)
+ stub_feature_flags(ci_async_build_hooks_execution: false)
end
- it 'calls project.execute_hooks(build_data, :job_hooks)' do
- expect(::Gitlab::DataBuilder::Build)
- .to receive(:build).with(build).and_return(build_data)
- expect(build.project)
- .to receive(:execute_hooks).with(build_data.dup, :job_hooks)
-
- build.execute_hooks
- end
-
- context 'with blocked users' do
+ context 'with project services' do
before do
- allow(build).to receive(:user) { FactoryBot.build(:user, :blocked) }
+ create(:integration, active: true, job_events: true, project: project)
end
- it 'does not call project.execute_hooks' do
+ it 'executes services' do
+ allow_next_instance_of(Integration) do |integration|
+ expect(integration).to receive(:async_execute)
+ end
+
+ build.execute_hooks
+ end
+ end
+
+ context 'without relevant project services' do
+ before do
+ create(:integration, active: true, job_events: false, project: project)
+ end
+
+ it 'does not execute services' do
+ allow_next_instance_of(Integration) do |integration|
+ expect(integration).not_to receive(:async_execute)
+ end
+
+ build.execute_hooks
+ end
+ end
+
+ context 'with project hooks' do
+ let(:build_data) { double(:BuildData, dup: double(:DupedData)) }
+
+ before do
+ create(:project_hook, project: project, job_events: true)
+ end
+
+ it 'executes hooks' do
+ expect(::Gitlab::DataBuilder::Build)
+ .to receive(:build).with(build).and_return(build_data)
+
+ expect(build.project)
+ .to receive(:execute_hooks).with(build_data.dup, :job_hooks)
+
+ build.execute_hooks
+ end
+
+ context 'with blocked users' do
+ before do
+ allow(build).to receive(:user) { FactoryBot.build(:user, :blocked) }
+ end
+
+ it 'does not execute hooks' do
+ expect(build.project).not_to receive(:execute_hooks)
+
+ build.execute_hooks
+ end
+ end
+ end
+
+ context 'without project hooks' do
+ it 'does not execute hooks' do
expect(build.project).not_to receive(:execute_hooks)
build.execute_hooks
@@ -5106,39 +5149,35 @@ RSpec.describe Ci::Build, feature_category: :continuous_integration, factory_def
end
end
- context 'without project hooks' do
- it 'does not call project.execute_hooks' do
- expect(build.project).not_to receive(:execute_hooks)
+ context 'when ci_async_build_hooks_execution flag is enabled' do
+ let(:build_data) { double(:BuildData) }
+
+ before do
+ create(:project_hook, project: project, job_events: true)
+ allow(Ci::ExecuteBuildHooksWorker).to receive(:perform_async)
+ end
+
+ it 'enqueues ExecuteBuildHooksWorker' do
+ expect(::Gitlab::DataBuilder::Build)
+ .to receive(:build).with(build).and_return(build_data)
build.execute_hooks
- end
- end
- context 'with project services' do
- before do
- create(:integration, active: true, job_events: true, project: project)
+ expect(Ci::ExecuteBuildHooksWorker)
+ .to have_received(:perform_async)
+ .with(project.id, build_data)
end
- it 'executes services' do
- allow_next_found_instance_of(Integration) do |integration|
- expect(integration).to receive(:async_execute)
+ context 'with blocked users' do
+ before do
+ allow(build).to receive(:user) { FactoryBot.build(:user, :blocked) }
end
- build.execute_hooks
- end
- end
+ it 'does not enqueue ExecuteBuildHooksWorker' do
+ build.execute_hooks
- context 'without relevant project services' do
- before do
- create(:integration, active: true, job_events: false, project: project)
- end
-
- it 'does not execute services' do
- allow_next_found_instance_of(Integration) do |integration|
- expect(integration).not_to receive(:async_execute)
+ expect(Ci::ExecuteBuildHooksWorker).not_to receive(:perform_async)
end
-
- build.execute_hooks
end
end
end
diff --git a/spec/models/system/broadcast_message_spec.rb b/spec/models/system/broadcast_message_spec.rb
index ca6944cd979..d435a5572d4 100644
--- a/spec/models/system/broadcast_message_spec.rb
+++ b/spec/models/system/broadcast_message_spec.rb
@@ -342,7 +342,7 @@ RSpec.describe System::BroadcastMessage, feature_category: :notifications do
end
describe '.current_show_in_cli_banner_messages', :use_clean_rails_memory_store_caching do
- subject { -> { described_class.current_show_in_cli_banner_messages } }
+ subject { -> { described_class.current_show_in_cli_banner_messages(user_access_level: 50) } }
it 'only returns banner messages that has show_in_cli as true' do
show_in_cli_message = create(:broadcast_message)
@@ -351,6 +351,11 @@ RSpec.describe System::BroadcastMessage, feature_category: :notifications do
expect(subject.call).to contain_exactly(show_in_cli_message)
end
+
+ it 'filters by user access level' do
+ expect(described_class).to receive(:current_banner_messages).with(user_access_level: 50).and_call_original
+ subject.call
+ end
end
describe '#attributes' do
diff --git a/spec/requests/api/ci/catalog_spec.rb b/spec/requests/api/ci/catalog_spec.rb
index 6953231520f..41c001bb4bd 100644
--- a/spec/requests/api/ci/catalog_spec.rb
+++ b/spec/requests/api/ci/catalog_spec.rb
@@ -28,6 +28,16 @@ RSpec.describe API::Ci::Catalog, feature_category: :pipeline_composition do
post api(url, user), params: { version: release.tag, metadata: metadata }
end
+ it_behaves_like 'enforcing job token policies', :admin_releases do
+ before_all do
+ project.add_developer(user)
+ end
+
+ let(:request) do
+ post api(url), params: { version: release.tag, metadata: metadata, job_token: target_job.token }
+ end
+ end
+
context 'when the project does not exist' do
let(:url) { "/projects/invalid-path/catalog/publish" }
diff --git a/spec/requests/api/ci/job_artifacts_spec.rb b/spec/requests/api/ci/job_artifacts_spec.rb
index 2109d33cac9..90b0540dd37 100644
--- a/spec/requests/api/ci/job_artifacts_spec.rb
+++ b/spec/requests/api/ci/job_artifacts_spec.rb
@@ -176,6 +176,21 @@ RSpec.describe API::Ci::JobArtifacts, feature_category: :job_artifacts do
'other_artifacts_0.1.2/another-subdirectory/banana_sample.gif'
end
+ it_behaves_like 'enforcing job token policies', :read_jobs do
+ before do
+ stub_licensed_features(cross_project_pipelines: true)
+ end
+
+ around do |example|
+ Sidekiq::Testing.inline! { example.run }
+ end
+
+ let(:request) do
+ get api("/projects/#{source_project.id}/jobs/#{job.id}/artifacts/#{artifact}"),
+ params: { job_token: target_job.token }
+ end
+ end
+
context 'when user is anonymous' do
let(:api_user) { nil }
@@ -305,12 +320,16 @@ RSpec.describe API::Ci::JobArtifacts, feature_category: :job_artifacts do
context 'when job token is used' do
let(:other_job) { create(:ci_build, :running, user: user) }
- subject { get api("/projects/#{project.id}/jobs/#{job.id}/artifacts", job_token: other_job.token) }
+ subject(:request) { get api("/projects/#{project.id}/jobs/#{job.id}/artifacts", job_token: other_job.token) }
before do
stub_licensed_features(cross_project_pipelines: true)
end
+ it_behaves_like 'enforcing job token policies', :read_jobs do
+ let(:other_job) { target_job }
+ end
+
context 'when job token scope is enabled' do
before do
other_job.project.ci_cd_settings.update!(
@@ -484,6 +503,21 @@ RSpec.describe API::Ci::JobArtifacts, feature_category: :job_artifacts do
get api("/projects/#{project.id}/jobs/artifacts/#{ref}/download", api_user), params: { job: job_name }
end
+ it_behaves_like 'enforcing job token policies', :read_jobs do
+ before do
+ stub_licensed_features(cross_project_pipelines: true)
+ end
+
+ around do |example|
+ Sidekiq::Testing.inline! { example.run }
+ end
+
+ let(:request) do
+ get api("/projects/#{source_project.id}/jobs/artifacts/#{pipeline.ref}/download"),
+ params: { job: job.name, job_token: target_job.token }
+ end
+ end
+
context 'when not logged in' do
let(:api_user) { nil }
diff --git a/spec/requests/api/ci/pipelines_spec.rb b/spec/requests/api/ci/pipelines_spec.rb
index 1952ac91c74..540b6e7d9cf 100644
--- a/spec/requests/api/ci/pipelines_spec.rb
+++ b/spec/requests/api/ci/pipelines_spec.rb
@@ -1164,6 +1164,13 @@ RSpec.describe API::Ci::Pipelines, feature_category: :continuous_integration do
put api("/projects/#{project.id}/pipelines/#{pipeline.id}/metadata", current_user), params: { name: name }
end
+ it_behaves_like 'enforcing job token policies', :admin_jobs do
+ let(:request) do
+ put api("/projects/#{source_project.id}/pipelines/#{pipeline.id}/metadata"),
+ params: { name: name, job_token: target_job.token }
+ end
+ end
+
context 'authorized user' do
let(:current_user) { create(:user) }
diff --git a/spec/requests/api/ci/runner/jobs_artifacts_spec.rb b/spec/requests/api/ci/runner/jobs_artifacts_spec.rb
index 20bc233220d..499d52d6f6b 100644
--- a/spec/requests/api/ci/runner/jobs_artifacts_spec.rb
+++ b/spec/requests/api/ci/runner/jobs_artifacts_spec.rb
@@ -1075,6 +1075,11 @@ RSpec.describe API::Ci::Runner, :clean_gitlab_redis_shared_state, feature_catego
expect(response).to have_gitlab_http_status(:forbidden)
end
+
+ it_behaves_like 'enforcing job token policies', :read_jobs do
+ let(:token) { target_job.token }
+ let(:request) { download_artifact }
+ end
end
context 'when using runnners token' do
diff --git a/spec/requests/api/ci/secure_files_spec.rb b/spec/requests/api/ci/secure_files_spec.rb
index 46e45eaf4ac..971e2bd9fd1 100644
--- a/spec/requests/api/ci/secure_files_spec.rb
+++ b/spec/requests/api/ci/secure_files_spec.rb
@@ -23,6 +23,13 @@ RSpec.describe API::Ci::SecureFiles, feature_category: :mobile_devops do
end
describe 'GET /projects/:id/secure_files' do
+ it_behaves_like 'enforcing job token policies', :read_secure_files do
+ let_it_be(:user) { developer }
+ let(:request) do
+ get api("/projects/#{source_project.id}/secure_files"), params: { job_token: target_job.token }
+ end
+ end
+
context 'authenticated user with admin permissions' do
it 'returns project secure files' do
get api("/projects/#{project.id}/secure_files", maintainer)
@@ -75,6 +82,14 @@ RSpec.describe API::Ci::SecureFiles, feature_category: :mobile_devops do
end
describe 'GET /projects/:id/secure_files/:secure_file_id' do
+ it_behaves_like 'enforcing job token policies', :read_secure_files do
+ let_it_be(:user) { developer }
+ let(:request) do
+ get api("/projects/#{source_project.id}/secure_files/#{secure_file.id}"),
+ params: { job_token: target_job.token }
+ end
+ end
+
context 'authenticated user with admin permissions' do
it 'returns project secure file details' do
get api("/projects/#{project.id}/secure_files/#{secure_file.id}", maintainer)
@@ -139,6 +154,14 @@ RSpec.describe API::Ci::SecureFiles, feature_category: :mobile_devops do
end
describe 'GET /projects/:id/secure_files/:secure_file_id/download' do
+ it_behaves_like 'enforcing job token policies', :read_secure_files do
+ let_it_be(:user) { developer }
+ let(:request) do
+ get api("/projects/#{source_project.id}/secure_files/#{secure_file.id}/download"),
+ params: { job_token: target_job.token }
+ end
+ end
+
context 'authenticated user with admin permissions' do
it 'returns a secure file' do
sample_file = fixture_file('ci_secure_files/upload-keystore.jks')
@@ -197,6 +220,14 @@ RSpec.describe API::Ci::SecureFiles, feature_category: :mobile_devops do
end
describe 'POST /projects/:id/secure_files' do
+ it_behaves_like 'enforcing job token policies', :admin_secure_files do
+ let_it_be(:user) { maintainer }
+ let(:request) do
+ post api("/projects/#{source_project.id}/secure_files"),
+ params: file_params.merge(job_token: target_job.token)
+ end
+ end
+
context 'authenticated user with admin permissions' do
it 'creates a secure file' do
expect do
@@ -347,6 +378,14 @@ RSpec.describe API::Ci::SecureFiles, feature_category: :mobile_devops do
end
describe 'DELETE /projects/:id/secure_files/:secure_file_id' do
+ it_behaves_like 'enforcing job token policies', :admin_secure_files do
+ let_it_be(:user) { maintainer }
+ let(:request) do
+ delete api("/projects/#{source_project.id}/secure_files/#{secure_file.id}"),
+ params: { job_token: target_job.token }
+ end
+ end
+
context 'authenticated user with admin permissions' do
it 'deletes the secure file' do
expect do
diff --git a/spec/requests/api/composer_packages_spec.rb b/spec/requests/api/composer_packages_spec.rb
index 9f5a58a6d64..7126a31d49f 100644
--- a/spec/requests/api/composer_packages_spec.rb
+++ b/spec/requests/api/composer_packages_spec.rb
@@ -411,7 +411,15 @@ RSpec.describe API::ComposerPackages, feature_category: :package_registry do
project.repository.add_tag(user, 'v1.2.99', 'master')
end
- subject { post api(url), headers: headers, params: params }
+ subject(:request) { post api(url), headers: headers, params: params }
+
+ it_behaves_like 'enforcing job token policies', :admin_packages do
+ before_all do
+ project.add_developer(user)
+ end
+
+ let(:params) { { tag: 'v1.2.99', job_token: target_job.token } }
+ end
shared_examples 'composer package publish' do
where(:project_visibility_level, :member_role, :token_type, :valid_token, :shared_examples_name, :expected_status) do
@@ -546,7 +554,7 @@ RSpec.describe API::ComposerPackages, feature_category: :package_registry do
let(:url) { "/projects/#{project.id}/packages/composer/archives/#{package_name}.zip" }
let(:params) { { sha: sha } }
- subject { get api(url), headers: headers, params: params }
+ subject(:request) { get api(url), headers: headers, params: params }
context 'with valid project' do
let!(:package) { create(:composer_package, :with_metadatum, name: package_name, project: project) }
@@ -587,6 +595,14 @@ RSpec.describe API::ComposerPackages, feature_category: :package_registry do
let(:branch) { project.repository.find_branch('master') }
let(:sha) { branch.target }
+ it_behaves_like 'enforcing job token policies', :read_packages do
+ before_all do
+ project.add_developer(user)
+ end
+
+ let(:headers) { job_basic_auth_header(target_job) }
+ end
+
context 'with basic auth' do
where(:project_visibility_level, :member_role, :token_type, :valid_token, :expected_status) do
'PUBLIC' | :developer | :user | true | :success
diff --git a/spec/requests/api/conan/v1/instance_packages_spec.rb b/spec/requests/api/conan/v1/instance_packages_spec.rb
index db55fa523ee..955bedbed68 100644
--- a/spec/requests/api/conan/v1/instance_packages_spec.rb
+++ b/spec/requests/api/conan/v1/instance_packages_spec.rb
@@ -64,14 +64,14 @@ RSpec.describe API::Conan::V1::InstancePackages, feature_category: :package_regi
describe 'GET /api/v4/packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel' \
'/digest' do
- subject { get api("/packages/conan/v1/conans/#{recipe_path}/digest"), headers: headers }
+ subject(:request) { get api("/packages/conan/v1/conans/#{recipe_path}/digest"), headers: headers }
it_behaves_like 'recipe download_urls endpoint'
end
describe 'GET /api/v4/packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel' \
'/packages/:conan_package_reference/download_urls' do
- subject do
+ subject(:request) do
get api("/packages/conan/v1/conans/#{recipe_path}/packages/#{conan_package_reference}/download_urls"),
headers: headers
end
@@ -81,14 +81,14 @@ RSpec.describe API::Conan::V1::InstancePackages, feature_category: :package_regi
describe 'GET /api/v4/packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel' \
'/download_urls' do
- subject { get api("/packages/conan/v1/conans/#{recipe_path}/download_urls"), headers: headers }
+ subject(:request) { get api("/packages/conan/v1/conans/#{recipe_path}/download_urls"), headers: headers }
it_behaves_like 'recipe download_urls endpoint'
end
describe 'GET /api/v4/packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel' \
'/packages/:conan_package_reference/digest' do
- subject do
+ subject(:request) do
get api("/packages/conan/v1/conans/#{recipe_path}/packages/#{conan_package_reference}/digest"), headers: headers
end
@@ -97,7 +97,7 @@ RSpec.describe API::Conan::V1::InstancePackages, feature_category: :package_regi
describe 'POST /api/v4/packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel' \
'/upload_urls' do
- subject do
+ subject(:request) do
post api("/packages/conan/v1/conans/#{recipe_path}/upload_urls"), params: params.to_json, headers: headers
end
@@ -106,7 +106,7 @@ RSpec.describe API::Conan::V1::InstancePackages, feature_category: :package_regi
describe 'POST /api/v4/packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel' \
'/packages/:conan_package_reference/upload_urls' do
- subject do
+ subject(:request) do
post api("/packages/conan/v1/conans/#{recipe_path}/packages/123456789/upload_urls"), params: params.to_json,
headers: headers
end
@@ -118,7 +118,7 @@ RSpec.describe API::Conan::V1::InstancePackages, feature_category: :package_regi
'/:package_channel' do
let_it_be_with_reload(:package) { create(:conan_package, project: project) }
- subject { delete api("/packages/conan/v1/conans/#{recipe_path}"), headers: headers }
+ subject(:request) { delete api("/packages/conan/v1/conans/#{recipe_path}"), headers: headers }
it_behaves_like 'delete package endpoint'
end
@@ -129,7 +129,7 @@ RSpec.describe API::Conan::V1::InstancePackages, feature_category: :package_regi
describe 'GET /api/v4/packages/conan/v1/files/:package_name/:package_version/:package_username/:package_channel' \
'/:recipe_revision/export/:file_name' do
- subject do
+ subject(:request) do
get api("/packages/conan/v1/files/#{recipe_path}/#{metadata.recipe_revision_value}/export/" \
"#{recipe_file.file_name}"),
headers: headers
@@ -141,7 +141,7 @@ RSpec.describe API::Conan::V1::InstancePackages, feature_category: :package_regi
describe 'GET /api/v4/packages/conan/v1/files/:package_name/:package_version/:package_username/:package_channel' \
'/:recipe_revision/package/:conan_package_reference/:package_revision/:file_name' do
- subject do
+ subject(:request) do
get api("/packages/conan/v1/files/#{recipe_path}/#{metadata.recipe_revision_value}/package" \
"/#{metadata.conan_package_reference}/#{metadata.package_revision_value}/#{package_file.file_name}"),
headers: headers
@@ -159,7 +159,7 @@ RSpec.describe API::Conan::V1::InstancePackages, feature_category: :package_regi
'/:recipe_revision/export/:file_name/authorize' do
let(:file_name) { 'conanfile.py' }
- subject do
+ subject(:request) do
put api("/packages/conan/v1/files/#{recipe_path}/0/export/#{file_name}/authorize"), headers: headers_with_token
end
@@ -170,7 +170,7 @@ RSpec.describe API::Conan::V1::InstancePackages, feature_category: :package_regi
'/:recipe_revision/export/:conan_package_reference/:package_revision/:file_name/authorize' do
let(:file_name) { 'conaninfo.txt' }
- subject do
+ subject(:request) do
put api("/packages/conan/v1/files/#{recipe_path}/0/package/123456789/0/#{file_name}/authorize"),
headers: headers_with_token
end
diff --git a/spec/requests/api/conan/v1/project_packages_spec.rb b/spec/requests/api/conan/v1/project_packages_spec.rb
index 7883066b58f..42fb639f910 100644
--- a/spec/requests/api/conan/v1/project_packages_spec.rb
+++ b/spec/requests/api/conan/v1/project_packages_spec.rb
@@ -70,7 +70,7 @@ RSpec.describe API::Conan::V1::ProjectPackages, feature_category: :package_regis
let(:url_prefix) { "#{Settings.gitlab.base_url}/api/v4/projects/#{project_id}" }
let(:recipe_path) { package.conan_recipe_path }
- subject { get api(url), headers: headers }
+ subject(:request) { get api(url), headers: headers }
describe 'GET /api/v4/projects/:id/packages/conan/v1/conans/:package_name/package_version/:package_username' \
'/:package_channel' do
@@ -129,7 +129,7 @@ RSpec.describe API::Conan::V1::ProjectPackages, feature_category: :package_regis
describe 'POST /api/v4/projects/:id/packages/conan/v1/conans/:package_name/package_version/:package_username' \
'/:package_channel/upload_urls' do
- subject do
+ subject(:request) do
post api("/projects/#{project_id}/packages/conan/v1/conans/#{recipe_path}/upload_urls"), params: params.to_json,
headers: headers
end
@@ -139,7 +139,7 @@ RSpec.describe API::Conan::V1::ProjectPackages, feature_category: :package_regis
describe 'POST /api/v4/projects/:id/packages/conan/v1/conans/:package_name/package_version/:package_username' \
'/:package_channel/packages/:conan_package_reference/upload_urls' do
- subject do
+ subject(:request) do
post api("/projects/#{project_id}/packages/conan/v1/conans/#{recipe_path}/packages/123456789/upload_urls"),
params: params.to_json, headers: headers
end
@@ -151,7 +151,9 @@ RSpec.describe API::Conan::V1::ProjectPackages, feature_category: :package_regis
'/:package_channel' do
let_it_be_with_reload(:package) { create(:conan_package, project: project) }
- subject { delete api("/projects/#{project_id}/packages/conan/v1/conans/#{recipe_path}"), headers: headers }
+ subject(:request) do
+ delete api("/projects/#{project_id}/packages/conan/v1/conans/#{recipe_path}"), headers: headers
+ end
it_behaves_like 'delete package endpoint'
end
@@ -160,7 +162,7 @@ RSpec.describe API::Conan::V1::ProjectPackages, feature_category: :package_regis
context 'with file download endpoints' do
include_context 'conan file download endpoints'
- subject { get api(url), headers: headers }
+ subject(:request) { get api(url), headers: headers }
describe 'GET /api/v4/projects/:id/packages/conan/v1/files/:package_name/:package_version/:package_username' \
'/:package_channel/:recipe_revision/export/:file_name' do
@@ -194,7 +196,7 @@ RSpec.describe API::Conan::V1::ProjectPackages, feature_category: :package_regis
'/:package_channel/:recipe_revision/export/:file_name/authorize' do
let(:file_name) { 'conanfile.py' }
- subject do
+ subject(:request) do
put api("/projects/#{project_id}/packages/conan/v1/files/#{recipe_path}/0/export/#{file_name}/authorize"),
headers: headers_with_token
end
@@ -206,7 +208,7 @@ RSpec.describe API::Conan::V1::ProjectPackages, feature_category: :package_regis
'/:package_channel/:recipe_revision/export/:conan_package_reference/:package_revision/:file_name/authorize' do
let(:file_name) { 'conaninfo.txt' }
- subject do
+ subject(:request) do
put api("/projects/#{project_id}/packages/conan/v1/files/#{recipe_path}/0/package/123456789/0/#{file_name}" \
"/authorize"),
headers: headers_with_token
diff --git a/spec/requests/api/conan/v2/project_packages_spec.rb b/spec/requests/api/conan/v2/project_packages_spec.rb
index 94aca17b032..06d5f08e53a 100644
--- a/spec/requests/api/conan/v2/project_packages_spec.rb
+++ b/spec/requests/api/conan/v2/project_packages_spec.rb
@@ -42,6 +42,12 @@ RSpec.describe API::Conan::V2::ProjectPackages, feature_category: :package_regis
it_behaves_like 'project not found by project id'
+ # TODO remove expected_success_status: :not_found when endpoint is implemented
+ it_behaves_like 'enforcing job token policies', :read_packages, expected_success_status: :not_found do
+ let(:request) { get_request }
+ let(:headers) { job_basic_auth_header(target_job) }
+ end
+
context 'when feature flag is disabled' do
before do
stub_feature_flags(conan_package_revisions_support: false)
diff --git a/spec/requests/api/deployments_spec.rb b/spec/requests/api/deployments_spec.rb
index fd14fb5773b..51f979e3853 100644
--- a/spec/requests/api/deployments_spec.rb
+++ b/spec/requests/api/deployments_spec.rb
@@ -23,6 +23,12 @@ RSpec.describe API::Deployments, feature_category: :continuous_delivery do
get api("/projects/#{project.id}/deployments", user), params: params
end
+ it_behaves_like 'enforcing job token policies', :read_deployments do
+ let(:request) do
+ get api("/projects/#{source_project.id}/deployments"), params: { job_token: target_job.token }
+ end
+ end
+
context 'as member of the project' do
it 'returns projects deployments sorted by id asc' do
perform_request
@@ -168,6 +174,13 @@ RSpec.describe API::Deployments, feature_category: :continuous_delivery do
shared_examples "returns project deployments" do
let(:project) { deployment.environment.project }
+ it_behaves_like 'enforcing job token policies', :read_deployments do
+ let(:request) do
+ get api("/projects/#{source_project.id}/deployments/#{deployment.id}"),
+ params: { job_token: target_job.token }
+ end
+ end
+
it 'returns the expected response' do
get api("/projects/#{project.id}/deployments/#{deployment.id}", user)
@@ -242,12 +255,11 @@ RSpec.describe API::Deployments, feature_category: :continuous_delivery do
end
it_behaves_like 'enforcing job token policies', [:admin_deployments, :admin_environments] do
- # let(:accessed_project) { project }
let(:request) do
post(
- api("/projects/#{project.id}/deployments"),
+ api("/projects/#{source_project.id}/deployments"),
params: {
- job_token: job.token,
+ job_token: target_job.token,
environment: 'production',
sha: sha,
ref: 'master',
@@ -460,6 +472,13 @@ RSpec.describe API::Deployments, feature_category: :continuous_delivery do
)
end
+ it_behaves_like 'enforcing job token policies', :admin_deployments do
+ let(:request) do
+ put api("/projects/#{source_project.id}/deployments/#{deploy.id}"),
+ params: { status: 'success', job_token: target_job.token }
+ end
+ end
+
context 'as a maintainer' do
it 'returns a 403 when updating a deployment with a build' do
deploy.update!(deployable: build)
@@ -592,6 +611,13 @@ RSpec.describe API::Deployments, feature_category: :continuous_delivery do
)
end
+ it_behaves_like 'enforcing job token policies', :admin_deployments do
+ let(:request) do
+ delete api("/projects/#{source_project.id}/deployments/#{old_deploy.id}"),
+ params: { job_token: target_job.token }
+ end
+ end
+
context 'as an maintainer' do
it 'deletes a deployment' do
delete api("/projects/#{project.id}/deployments/#{old_deploy.id}", user)
@@ -644,6 +670,12 @@ RSpec.describe API::Deployments, feature_category: :continuous_delivery do
subject { get api("/projects/#{project.id}/deployments/#{deployment.id}/merge_requests", user) }
+ it_behaves_like 'enforcing job token policies', :read_deployments do
+ let(:request) do
+ get api("/projects/#{source_project.id}/deployments/#{deployment.id}/merge_requests"), params: { job_token: target_job.token }
+ end
+ end
+
context 'when a user is not a member of the deployment project' do
let(:user) { build(:user) }
diff --git a/spec/requests/api/environments_spec.rb b/spec/requests/api/environments_spec.rb
index 246a46d48c9..43f4e282013 100644
--- a/spec/requests/api/environments_spec.rb
+++ b/spec/requests/api/environments_spec.rb
@@ -126,12 +126,19 @@ RSpec.describe API::Environments, feature_category: :continuous_delivery do
it_behaves_like 'enforcing job token policies', :read_environments do
let(:request) do
- get api("/projects/#{project.id}/environments"), params: { job_token: job.token }
+ get api("/projects/#{source_project.id}/environments"), params: { job_token: target_job.token }
end
end
end
describe 'POST /projects/:id/environments' do
+ it_behaves_like 'enforcing job token policies', :admin_environments do
+ let(:request) do
+ post api("/projects/#{source_project.id}/environments"),
+ params: { name: "mepmep", tier: 'staging', description: 'description', job_token: target_job.token }
+ end
+ end
+
context 'as a member' do
it 'creates an environment with valid params' do
post api("/projects/#{project.id}/environments", user), params: { name: "mepmep", tier: 'staging', description: 'description' }
@@ -262,6 +269,13 @@ RSpec.describe API::Environments, feature_category: :continuous_delivery do
end
describe 'POST /projects/:id/environments/stop_stale' do
+ it_behaves_like 'enforcing job token policies', :admin_environments do
+ let(:request) do
+ post api("/projects/#{source_project.id}/environments/stop_stale"),
+ params: { before: 1.week.ago.to_date.to_s, job_token: target_job.token }
+ end
+ end
+
context 'as a maintainer' do
it 'returns a 200' do
post api("/projects/#{project.id}/environments/stop_stale", user), params: { before: 1.week.ago.to_date.to_s }
@@ -317,6 +331,13 @@ RSpec.describe API::Environments, feature_category: :continuous_delivery do
describe 'PUT /projects/:id/environments/:environment_id' do
let_it_be(:url) { 'https://mepmep.whatever.ninja' }
+ it_behaves_like 'enforcing job token policies', :admin_environments do
+ let(:request) do
+ put api("/projects/#{source_project.id}/environments/#{environment.id}"),
+ params: { tier: 'production', job_token: target_job.token }
+ end
+ end
+
it 'returns a 200 if external_url is changed' do
put api("/projects/#{project.id}/environments/#{environment.id}", user),
params: { external_url: url }
@@ -492,6 +513,17 @@ RSpec.describe API::Environments, feature_category: :continuous_delivery do
end
describe 'DELETE /projects/:id/environments/:environment_id' do
+ it_behaves_like 'enforcing job token policies', :admin_environments do
+ before do
+ environment.stop
+ end
+
+ let(:request) do
+ delete api("/projects/#{source_project.id}/environments/#{environment.id}"),
+ params: { job_token: target_job.token }
+ end
+ end
+
context 'as a maintainer' do
it "rejects the requests in environment isn't stopped" do
delete api("/projects/#{project.id}/environments/#{environment.id}", user)
@@ -544,6 +576,13 @@ RSpec.describe API::Environments, feature_category: :continuous_delivery do
end
describe 'POST /projects/:id/environments/:environment_id/stop' do
+ it_behaves_like 'enforcing job token policies', :admin_environments do
+ let(:request) do
+ post api("/projects/#{source_project.id}/environments/#{environment.id}/stop"),
+ params: { job_token: target_job.token }
+ end
+ end
+
context 'as a maintainer' do
context 'with a stoppable environment' do
before do
@@ -589,6 +628,13 @@ RSpec.describe API::Environments, feature_category: :continuous_delivery do
let_it_be(:bridge_job) { create(:ci_bridge, :running, project: project, user: user) }
let_it_be(:build_job) { create(:ci_build, :running, project: project, user: user) }
+ it_behaves_like 'enforcing job token policies', :read_environments do
+ let(:request) do
+ get api("/projects/#{source_project.id}/environments/#{environment.id}"),
+ params: { job_token: target_job.token }
+ end
+ end
+
context 'as member of the project' do
shared_examples "returns project environments" do
it 'returns expected response' do
@@ -745,6 +791,16 @@ RSpec.describe API::Environments, feature_category: :continuous_delivery do
end
end
+ it_behaves_like 'enforcing job token policies', :admin_environments do
+ before_all do
+ create(:environment, :with_review_app, :stopped, created_at: 31.days.ago, project: project)
+ end
+
+ let(:request) do
+ delete api("/projects/#{source_project.id}/environments/review_apps"), params: { job_token: target_job.token }
+ end
+ end
+
context "as a maintainer" do
it_behaves_like "delete stopped review environments" do
let(:current_user) { user }
diff --git a/spec/requests/api/generic_packages_spec.rb b/spec/requests/api/generic_packages_spec.rb
index 61e22553f34..93d95a15945 100644
--- a/spec/requests/api/generic_packages_spec.rb
+++ b/spec/requests/api/generic_packages_spec.rb
@@ -86,6 +86,14 @@ RSpec.describe API::GenericPackages, feature_category: :package_registry do
end
describe 'PUT /api/v4/projects/:id/packages/generic/:package_name/:package_version/(*path)/:file_name/authorize' do
+ it_behaves_like 'enforcing job token policies', :admin_packages do
+ before do
+ source_project.add_developer(user)
+ end
+
+ let(:request) { authorize_upload_file(workhorse_headers.merge(job_token_header(target_job.token))) }
+ end
+
context 'with valid project' do
where(:project_visibility, :user_role, :member?, :authenticate_with, :expected_status) do
'PUBLIC' | :developer | true | :personal_access_token | :success
@@ -207,6 +215,14 @@ RSpec.describe API::GenericPackages, feature_category: :package_registry do
let(:file_upload) { fixture_file_upload('spec/fixtures/packages/generic/myfile.tar.gz') }
let(:params) { { file: file_upload } }
+ it_behaves_like 'enforcing job token policies', :admin_packages do
+ before do
+ source_project.add_developer(user)
+ end
+
+ let(:request) { upload_file(params, workhorse_headers.merge(job_token_header(target_job.token))) }
+ end
+
context 'authentication' do
where(:project_visibility, :user_role, :member?, :authenticate_with, :expected_status) do
'PUBLIC' | :guest | true | :personal_access_token | :forbidden
@@ -751,6 +767,16 @@ RSpec.describe API::GenericPackages, feature_category: :package_registry do
let_it_be(:package) { create(:generic_package, project: project) }
let_it_be(:package_file) { create(:package_file, :generic, package: package) }
+ it_behaves_like 'enforcing job token policies', :read_packages do
+ before do
+ source_project.add_developer(user)
+ end
+
+ let(:request) do
+ download_file(job_token_header(target_job.token))
+ end
+ end
+
context 'authentication' do
where(:project_visibility, :user_role, :member?, :authenticate_with, :expected_status) do
'PUBLIC' | :developer | true | :personal_access_token | :success
diff --git a/spec/requests/api/go_proxy_spec.rb b/spec/requests/api/go_proxy_spec.rb
index 5dac887f077..6277647a749 100644
--- a/spec/requests/api/go_proxy_spec.rb
+++ b/spec/requests/api/go_proxy_spec.rb
@@ -189,6 +189,12 @@ RSpec.describe API::GoProxy, feature_category: :package_registry do
it_behaves_like 'a missing module version list resource'
end
+
+ it_behaves_like 'enforcing job token policies', :read_packages do
+ let(:module_name) { base }
+ let(:resource) { 'list' }
+ let(:request) { get_resource(job_token: target_job.token) }
+ end
end
describe 'GET /projects/:id/packages/go/*module_name/@v/:module_version.info' do
@@ -243,6 +249,12 @@ RSpec.describe API::GoProxy, feature_category: :package_registry do
let(:version) { "v1.0.4-0.#{commit.committed_date.strftime('%Y%m%d%H%M%S')}-#{modules[:sha][0][0..10]}" }
end
end
+
+ it_behaves_like 'enforcing job token policies', :read_packages do
+ let(:module_name) { base }
+ let(:resource) { 'v1.0.1.info' }
+ let(:request) { get_resource(job_token: target_job.token) }
+ end
end
describe 'GET /projects/:id/packages/go/*module_name/@v/:module_version.mod' do
@@ -265,6 +277,12 @@ RSpec.describe API::GoProxy, feature_category: :package_registry do
context 'with an invalid version' do
it_behaves_like 'a missing module file resource', 'v1.0.1', path: '/mod'
end
+
+ it_behaves_like 'enforcing job token policies', :read_packages do
+ let(:module_name) { base }
+ let(:resource) { 'v1.0.1.mod' }
+ let(:request) { get_resource(job_token: target_job.token) }
+ end
end
describe 'GET /projects/:id/packages/go/*module_name/@v/:module_version.zip' do
@@ -287,6 +305,12 @@ RSpec.describe API::GoProxy, feature_category: :package_registry do
context 'with the root module v2.0.0' do
it_behaves_like 'a module archive resource', 'v2.0.0', ['go.mod', 'a.go', 'x.go'], path: '/v2'
end
+
+ it_behaves_like 'enforcing job token policies', :read_packages do
+ let(:module_name) { base }
+ let(:resource) { 'v1.0.1.zip' }
+ let(:request) { get_resource(job_token: target_job.token) }
+ end
end
context 'with an invalid module directive' do
diff --git a/spec/requests/api/maven_packages_spec.rb b/spec/requests/api/maven_packages_spec.rb
index faec16b7192..0c35b3b2454 100644
--- a/spec/requests/api/maven_packages_spec.rb
+++ b/spec/requests/api/maven_packages_spec.rb
@@ -479,6 +479,14 @@ RSpec.describe API::MavenPackages, feature_category: :package_registry do
end
end
+ it_behaves_like 'enforcing job token policies', :read_packages do
+ before_all do
+ project.add_maintainer(user)
+ end
+
+ let(:request) { download_file(file_name: package_file.file_name, params: { job_token: target_job.token }) }
+ end
+
it_behaves_like 'rejecting request with invalid params'
it_behaves_like 'handling groups, subgroups and user namespaces for', 'getting a file', visibilities: { public: :redirect, internal: :not_found, private: :not_found }
@@ -645,6 +653,12 @@ RSpec.describe API::MavenPackages, feature_category: :package_registry do
end
end
+ it_behaves_like 'enforcing job token policies', :read_packages do
+ let(:request) do
+ download_file(file_name: package_file.file_name, params: { job_token: target_job.token })
+ end
+ end
+
context 'with the duplicate packages in the two projects' do
let_it_be(:recent_project) { create(:project, :private, namespace: group) }
@@ -832,6 +846,12 @@ RSpec.describe API::MavenPackages, feature_category: :package_registry do
subject { download_file_with_token(file_name: package_file.file_name) }
+ it_behaves_like 'enforcing job token policies', :read_packages do
+ let(:request) do
+ download_file(file_name: package_file.file_name, params: { job_token: target_job.token })
+ end
+ end
+
it_behaves_like 'tracking the file download event'
it_behaves_like 'bumping the package last downloaded at field'
it_behaves_like 'successfully returning the file'
@@ -890,6 +910,10 @@ RSpec.describe API::MavenPackages, feature_category: :package_registry do
end
describe 'PUT /api/v4/projects/:id/packages/maven/*path/:file_name/authorize' do
+ it_behaves_like 'enforcing job token policies', :admin_packages do
+ let(:request) { authorize_upload(job_token: target_job.token) }
+ end
+
it 'rejects a malicious request' do
put api("/projects/#{project.id}/packages/maven/com/example/my-app/#{version}/%2e%2e%2F.ssh%2Fauthorized_keys/authorize"), headers: headers_with_token
@@ -988,6 +1012,10 @@ RSpec.describe API::MavenPackages, feature_category: :package_registry do
allow(Packages::PackageFileUploader).to receive(:workhorse_upload_path).and_return('/')
end
+ it_behaves_like 'enforcing job token policies', :admin_packages do
+ let(:request) { upload_file(params: { file: file_upload, job_token: target_job.token }) }
+ end
+
it 'rejects requests without a file from workhorse' do
upload_file_with_token
diff --git a/spec/requests/api/npm_project_packages_spec.rb b/spec/requests/api/npm_project_packages_spec.rb
index 8d18024fe68..37048305b20 100644
--- a/spec/requests/api/npm_project_packages_spec.rb
+++ b/spec/requests/api/npm_project_packages_spec.rb
@@ -142,7 +142,7 @@ RSpec.describe API::NpmProjectPackages, feature_category: :package_registry do
let(:headers) { {} }
let(:url) { api("/projects/#{project.id}/packages/npm/#{package.name}/-/#{package_file.file_name}") }
- subject { get(url, headers: headers) }
+ subject(:request) { get(url, headers: headers) }
before do
project.add_developer(user)
@@ -203,6 +203,10 @@ RSpec.describe API::NpmProjectPackages, feature_category: :package_registry do
project.update!(visibility_level: Gitlab::VisibilityLevel::PRIVATE)
end
+ it_behaves_like 'enforcing job token policies', :read_packages do
+ let(:headers) { build_token_auth_header(target_job.token) }
+ end
+
it_behaves_like 'a package file that requires auth'
context 'when allow_guest_plus_roles_to_pull_packages is disabled' do
@@ -366,6 +370,10 @@ RSpec.describe API::NpmProjectPackages, feature_category: :package_registry do
context 'with a scoped name' do
let(:package_name) { "@#{group.path}/my_package_name" }
+ it_behaves_like 'enforcing job token policies', :admin_packages do
+ let(:request) { upload_package(package_name, params.merge(job_token: target_job.token)) }
+ end
+
it_behaves_like 'handling upload with different authentications'
end
diff --git a/spec/requests/api/package_files_spec.rb b/spec/requests/api/package_files_spec.rb
index a70fd129f83..910e82a5d2f 100644
--- a/spec/requests/api/package_files_spec.rb
+++ b/spec/requests/api/package_files_spec.rb
@@ -23,6 +23,10 @@ RSpec.describe API::PackageFiles, feature_category: :package_registry do
project.add_developer(user)
end
+ it_behaves_like 'enforcing job token policies', :read_packages do
+ let(:request) { get api(url), params: { job_token: target_job.token } }
+ end
+
context 'without the need for a license' do
context 'project is public' do
it 'returns 200' do
@@ -147,6 +151,14 @@ RSpec.describe API::PackageFiles, feature_category: :package_registry do
end
end
+ it_behaves_like 'enforcing job token policies', :admin_packages do
+ before do
+ source_project.add_maintainer(user)
+ end
+
+ let(:request) { delete api(url), params: { job_token: target_job.token } }
+ end
+
context 'project is public' do
context 'without user' do
let(:user) { nil }
diff --git a/spec/requests/api/project_packages_spec.rb b/spec/requests/api/project_packages_spec.rb
index 88677e2acce..52c2823cac6 100644
--- a/spec/requests/api/project_packages_spec.rb
+++ b/spec/requests/api/project_packages_spec.rb
@@ -20,7 +20,11 @@ RSpec.describe API::ProjectPackages, feature_category: :package_registry do
let(:url) { "/projects/#{project.id}/packages" }
let(:package_schema) { 'public_api/v4/packages/packages' }
- subject { get api(url), params: params }
+ subject(:request) { get api(url), params: params }
+
+ it_behaves_like 'enforcing job token policies', :read_packages do
+ let(:params) { { job_token: target_job.token } }
+ end
context 'without the need for a license' do
context 'project is public' do
@@ -227,6 +231,10 @@ RSpec.describe API::ProjectPackages, feature_category: :package_registry do
subject { get api(package_url, user) }
+ it_behaves_like 'enforcing job token policies', :read_packages do
+ let(:request) { get api(package_url), params: { job_token: target_job.token } }
+ end
+
shared_examples 'no destroy url' do
it 'returns no destroy url' do
subject
@@ -413,6 +421,10 @@ RSpec.describe API::ProjectPackages, feature_category: :package_registry do
end
end
+ it_behaves_like 'enforcing job token policies', :read_packages do
+ let(:request) { get api(package_pipelines_url), params: { job_token: target_job.token } }
+ end
+
context 'without the need for a license' do
context 'when the package does not exist' do
let(:package_pipelines_url) { "/projects/#{project.id}/packages/0/pipelines" }
@@ -621,6 +633,14 @@ RSpec.describe API::ProjectPackages, feature_category: :package_registry do
end
describe 'DELETE /projects/:id/packages/:package_id' do
+ it_behaves_like 'enforcing job token policies', :admin_packages do
+ before_all do
+ project.add_maintainer(user)
+ end
+
+ let(:request) { delete api(package_url), params: { job_token: target_job.token } }
+ end
+
context 'without the need for a license' do
context 'project is public' do
it 'returns 403 for non authenticated user' do
diff --git a/spec/requests/api/pypi_packages_spec.rb b/spec/requests/api/pypi_packages_spec.rb
index 657e736109f..a415ef3ae4e 100644
--- a/spec/requests/api/pypi_packages_spec.rb
+++ b/spec/requests/api/pypi_packages_spec.rb
@@ -43,7 +43,7 @@ RSpec.describe API::PypiPackages, feature_category: :package_registry do
let_it_be(:package) { create(:pypi_package, project: project) }
let_it_be(:package2) { create(:pypi_package, project: project) }
- subject { get api(url), headers: headers }
+ subject(:request) { get api(url), headers: headers }
describe 'GET /api/v4/groups/:id/-/packages/pypi/simple' do
let(:url) { "/groups/#{group.id}/-/packages/pypi/simple" }
@@ -86,6 +86,7 @@ RSpec.describe API::PypiPackages, feature_category: :package_registry do
let(:url) { "/projects/#{project.id}/packages/pypi/simple" }
let(:snowplow_gitlab_standard_context) { { project: nil, namespace: group, property: 'i_package_pypi_user' } }
+ it_behaves_like 'enforcing read_packages job token policy'
it_behaves_like 'pypi simple index API endpoint'
it_behaves_like 'rejects PyPI access with unknown project id'
it_behaves_like 'deploy token for package GET requests'
@@ -103,7 +104,7 @@ RSpec.describe API::PypiPackages, feature_category: :package_registry do
context 'simple package API endpoint' do
let_it_be(:package) { create(:pypi_package, project: project) }
- subject { get api(url), headers: headers }
+ subject(:request) { get api(url), headers: headers }
describe 'GET /api/v4/groups/:id/-/packages/pypi/simple/:package_name' do
let(:package_name) { package.name }
@@ -148,6 +149,7 @@ RSpec.describe API::PypiPackages, feature_category: :package_registry do
let(:url) { "/projects/#{project.id}/packages/pypi/simple/#{package_name}" }
let(:snowplow_context) { { project: project, namespace: project.namespace, property: 'i_package_pypi_user' } }
+ it_behaves_like 'enforcing read_packages job token policy'
it_behaves_like 'pypi simple API endpoint'
it_behaves_like 'rejects PyPI access with unknown project id'
it_behaves_like 'deploy token for package GET requests'
@@ -168,7 +170,15 @@ RSpec.describe API::PypiPackages, feature_category: :package_registry do
let(:url) { "/projects/#{project.id}/packages/pypi/authorize" }
let(:headers) { {} }
- subject { post api(url), headers: headers }
+ subject(:request) { post api(url), headers: headers }
+
+ it_behaves_like 'enforcing job token policies', :admin_packages do
+ before_all do
+ project.add_developer(user)
+ end
+
+ let(:headers) { build_token_auth_header(target_job.token).merge(workhorse_headers) }
+ end
context 'with valid project' do
where(:visibility_level, :user_role, :member, :user_token, :shared_examples_name, :expected_status) do
@@ -246,7 +256,7 @@ RSpec.describe API::PypiPackages, feature_category: :package_registry do
let(:send_rewritten_field) { true }
let(:snowplow_gitlab_standard_context) { { project: project, namespace: project.namespace, user: user, property: 'i_package_pypi_user' } }
- subject do
+ subject(:request) do
workhorse_finalize(
api(url),
method: :post,
@@ -257,6 +267,14 @@ RSpec.describe API::PypiPackages, feature_category: :package_registry do
)
end
+ it_behaves_like 'enforcing job token policies', :admin_packages do
+ before_all do
+ project.add_developer(user)
+ end
+
+ let(:headers) { build_token_auth_header(target_job.token).merge(workhorse_headers) }
+ end
+
context 'with valid project' do
where(:visibility_level, :user_role, :member, :user_token, :shared_examples_name, :expected_status) do
:public | :developer | true | true | 'PyPI package creation' | :created
@@ -514,11 +532,12 @@ RSpec.describe API::PypiPackages, feature_category: :package_registry do
end
end
- subject { get api(url), headers: headers }
+ subject(:request) { get api(url), headers: headers }
describe 'GET /api/v4/groups/:id/-/packages/pypi/files/:sha256/*file_identifier' do
let(:url) { "/groups/#{group.id}/-/packages/pypi/files/#{package.package_files.first.file_sha256}/#{package_name}-1.0.0.tar.gz" }
+ it_behaves_like 'enforcing read_packages job token policy'
it_behaves_like 'pypi file download endpoint'
it_behaves_like 'rejects PyPI access with unknown group id'
it_behaves_like 'a pypi user namespace endpoint'
@@ -527,6 +546,7 @@ RSpec.describe API::PypiPackages, feature_category: :package_registry do
describe 'GET /api/v4/projects/:id/packages/pypi/files/:sha256/*file_identifier' do
let(:url) { "/projects/#{project.id}/packages/pypi/files/#{package.package_files.first.file_sha256}/#{package_name}-1.0.0.tar.gz" }
+ it_behaves_like 'enforcing read_packages job token policy'
it_behaves_like 'pypi file download endpoint'
it_behaves_like 'rejects PyPI access with unknown project id'
it_behaves_like 'allow access for everyone with public package_registry_access_level'
diff --git a/spec/requests/api/release/links_spec.rb b/spec/requests/api/release/links_spec.rb
index caa24f42df3..d6f37ca3dc3 100644
--- a/spec/requests/api/release/links_spec.rb
+++ b/spec/requests/api/release/links_spec.rb
@@ -25,6 +25,14 @@ RSpec.describe API::Release::Links, feature_category: :release_orchestration do
end
describe 'GET /projects/:id/releases/:tag_name/assets/links' do
+ it_behaves_like 'enforcing job token policies', :read_releases do
+ let_it_be(:user) { maintainer }
+ let(:request) do
+ get api("/projects/#{source_project.id}/releases/v0.1/assets/links"),
+ params: { job_token: target_job.token }
+ end
+ end
+
context 'when there are two release links' do
let!(:release_link_1) { create(:release_link, release: release, created_at: 2.days.ago) }
let!(:release_link_2) { create(:release_link, release: release, created_at: 1.day.ago) }
@@ -106,6 +114,14 @@ RSpec.describe API::Release::Links, feature_category: :release_orchestration do
describe 'GET /projects/:id/releases/:tag_name/assets/links/:link_id' do
let!(:release_link) { create(:release_link, release: release) }
+ it_behaves_like 'enforcing job token policies', :read_releases do
+ let_it_be(:user) { maintainer }
+ let(:request) do
+ get api("/projects/#{source_project.id}/releases/v0.1/assets/links/#{release_link.id}"),
+ params: { job_token: target_job.token }
+ end
+ end
+
it 'returns 200 HTTP status' do
get api("/projects/#{project.id}/releases/v0.1/assets/links/#{release_link.id}", maintainer)
@@ -198,6 +214,14 @@ RSpec.describe API::Release::Links, feature_category: :release_orchestration do
let(:last_release_link) { release.links.last }
+ it_behaves_like 'enforcing job token policies', :admin_releases do
+ let_it_be(:user) { maintainer }
+ let(:request) do
+ post api("/projects/#{source_project.id}/releases/v0.1/assets/links"),
+ params: params.merge(job_token: target_job.token)
+ end
+ end
+
it 'accepts the request' do
post api("/projects/#{project.id}/releases/v0.1/assets/links", maintainer), params: params
@@ -343,6 +367,14 @@ RSpec.describe API::Release::Links, feature_category: :release_orchestration do
let(:params) { { name: 'awesome-app.msi' } }
let!(:release_link) { create(:release_link, release: release) }
+ it_behaves_like 'enforcing job token policies', :admin_releases do
+ let_it_be(:user) { maintainer }
+ let(:request) do
+ put api("/projects/#{source_project.id}/releases/v0.1/assets/links/#{release_link.id}"),
+ params: params.merge(job_token: target_job.token)
+ end
+ end
+
it 'accepts the request' do
put api("/projects/#{project.id}/releases/v0.1/assets/links/#{release_link.id}", maintainer),
params: params
@@ -483,6 +515,14 @@ RSpec.describe API::Release::Links, feature_category: :release_orchestration do
create(:release_link, release: release)
end
+ it_behaves_like 'enforcing job token policies', :admin_releases do
+ let_it_be(:user) { maintainer }
+ let(:request) do
+ delete api("/projects/#{source_project.id}/releases/v0.1/assets/links/#{release_link.id}"),
+ params: { job_token: target_job.token }
+ end
+ end
+
it 'accepts the request' do
delete api("/projects/#{project.id}/releases/v0.1/assets/links/#{release_link.id}", maintainer)
diff --git a/spec/requests/api/releases_spec.rb b/spec/requests/api/releases_spec.rb
index 86460f0613d..3836d4462e3 100644
--- a/spec/requests/api/releases_spec.rb
+++ b/spec/requests/api/releases_spec.rb
@@ -19,6 +19,13 @@ RSpec.describe API::Releases, :aggregate_failures, feature_category: :release_or
end
describe 'GET /projects/:id/releases', :use_clean_rails_redis_caching do
+ it_behaves_like 'enforcing job token policies', :read_releases do
+ let(:user) { developer }
+ let(:request) do
+ get api("/projects/#{source_project.id}/releases"), params: { job_token: target_job.token }
+ end
+ end
+
context 'when there are two releases' do
let!(:release_1) do
create(:release, project: project, tag: 'v0.1', author: maintainer, released_at: 2.days.ago)
@@ -319,6 +326,13 @@ RSpec.describe API::Releases, :aggregate_failures, feature_category: :release_or
)
end
+ it_behaves_like 'enforcing job token policies', :read_releases do
+ let(:user) { developer }
+ let(:request) do
+ get api("/projects/#{source_project.id}/releases/v0.1"), params: { job_token: target_job.token }
+ end
+ end
+
it 'returns 200 HTTP status' do
get api("/projects/#{project.id}/releases/v0.1", maintainer)
@@ -581,6 +595,14 @@ RSpec.describe API::Releases, :aggregate_failures, feature_category: :release_or
context 'with a valid release tag' do
context 'when filepath is provided' do
context 'when filepath exists' do
+ it_behaves_like 'enforcing job token policies', :read_releases, expected_success_status: :redirect do
+ let(:user) { developer }
+ let(:request) do
+ get api("/projects/#{source_project.id}/releases/v0.1/downloads#{filepath}"),
+ params: { job_token: target_job.token }
+ end
+ end
+
it 'redirects to the file download URL' do
get api("/projects/#{project.id}/releases/v0.1/downloads#{filepath}", maintainer)
@@ -709,6 +731,13 @@ RSpec.describe API::Releases, :aggregate_failures, feature_category: :release_or
)
end
+ it_behaves_like 'enforcing job token policies', :read_releases, expected_success_status: :redirect do
+ let(:user) { developer }
+ let(:request) do
+ get api("/projects/#{source_project.id}/releases/permalink/latest"), params: { job_token: target_job.token }
+ end
+ end
+
it 'redirects to the latest release tag' do
get api("/projects/#{project.id}/releases/permalink/latest", maintainer)
@@ -809,6 +838,13 @@ RSpec.describe API::Releases, :aggregate_failures, feature_category: :release_or
initialize_tags
end
+ it_behaves_like 'enforcing job token policies', :admin_releases do
+ let(:user) { developer }
+ let(:request) do
+ post api("/projects/#{source_project.id}/releases"), params: params.merge(job_token: target_job.token)
+ end
+ end
+
it 'accepts the request' do
post api("/projects/#{project.id}/releases", maintainer), params: params
@@ -1363,6 +1399,13 @@ RSpec.describe API::Releases, :aggregate_failures, feature_category: :release_or
initialize_tags
end
+ it_behaves_like 'enforcing job token policies', :admin_releases do
+ let(:user) { developer }
+ let(:request) do
+ put api("/projects/#{source_project.id}/releases/v0.1"), params: params.merge(job_token: target_job.token)
+ end
+ end
+
it 'accepts the request' do
put api("/projects/#{project.id}/releases/v0.1", maintainer), params: params
@@ -1604,6 +1647,13 @@ RSpec.describe API::Releases, :aggregate_failures, feature_category: :release_or
)
end
+ it_behaves_like 'enforcing job token policies', :admin_releases do
+ let(:user) { developer }
+ let(:request) do
+ delete api("/projects/#{source_project.id}/releases/v0.1"), params: { job_token: target_job.token }
+ end
+ end
+
it 'accepts the request' do
delete api("/projects/#{project.id}/releases/v0.1", maintainer)
diff --git a/spec/requests/api/repositories_spec.rb b/spec/requests/api/repositories_spec.rb
index 73781f24eb6..11db4fe47b3 100644
--- a/spec/requests/api/repositories_spec.rb
+++ b/spec/requests/api/repositories_spec.rb
@@ -807,6 +807,18 @@ RSpec.describe API::Repositories, feature_category: :source_code_management do
end
describe 'GET /projects/:id/repository/changelog' do
+ it_behaves_like 'enforcing job token policies', :read_releases do
+ before do
+ allow(Repositories::ChangelogService).to receive(:new)
+ .and_return(instance_spy(Repositories::ChangelogService))
+ end
+
+ let(:request) do
+ get api("/projects/#{source_project.id}/repository/changelog"),
+ params: { version: '1.0.0', job_token: target_job.token }
+ end
+ end
+
it 'generates the changelog for a version' do
spy = instance_spy(::Repositories::ChangelogService)
release_notes = 'Release notes'
diff --git a/spec/requests/api/terraform/state_spec.rb b/spec/requests/api/terraform/state_spec.rb
index bae6b5306ea..4f7a0457c32 100644
--- a/spec/requests/api/terraform/state_spec.rb
+++ b/spec/requests/api/terraform/state_spec.rb
@@ -149,6 +149,11 @@ RSpec.describe API::Terraform::State, :snowplow, feature_category: :infrastructu
context 'job token authentication' do
let(:auth_header) { job_basic_auth_header(job) }
+ it_behaves_like 'enforcing job token policies', :read_terraform_state do
+ let_it_be(:user) { maintainer }
+ let(:job) { target_job }
+ end
+
context 'with maintainer permissions' do
let(:job) { create(:ci_build, status: :running, project: project, user: maintainer) }
@@ -295,6 +300,11 @@ RSpec.describe API::Terraform::State, :snowplow, feature_category: :infrastructu
let(:job) { create(:ci_build, status: :running, project: project, user: maintainer) }
let(:auth_header) { job_basic_auth_header(job) }
+ it_behaves_like 'enforcing job token policies', :admin_terraform_state do
+ let_it_be(:user) { maintainer }
+ let(:job) { target_job }
+ end
+
it 'associates the job with the newly created state version' do
expect { request }.to change { state.versions.count }.by(1)
@@ -349,6 +359,11 @@ RSpec.describe API::Terraform::State, :snowplow, feature_category: :infrastructu
describe 'DELETE /projects/:id/terraform/state/:name' do
subject(:request) { delete api(state_path), headers: auth_header }
+ it_behaves_like 'enforcing job token policies', :admin_terraform_state do
+ let_it_be(:user) { maintainer }
+ let(:auth_header) { job_basic_auth_header(target_job) }
+ end
+
it_behaves_like 'endpoint with unique user tracking'
it_behaves_like 'it depends on value of the `terraform_state.enabled` config'
@@ -414,6 +429,11 @@ RSpec.describe API::Terraform::State, :snowplow, feature_category: :infrastructu
subject(:request) { post api("#{state_path}/lock"), headers: auth_header, params: params }
+ it_behaves_like 'enforcing job token policies', :admin_terraform_state do
+ let_it_be(:user) { maintainer }
+ let(:auth_header) { job_basic_auth_header(target_job) }
+ end
+
it_behaves_like 'endpoint with unique user tracking'
it_behaves_like 'cannot access a state that is scheduled for deletion'
@@ -492,6 +512,12 @@ RSpec.describe API::Terraform::State, :snowplow, feature_category: :infrastructu
subject(:request) { delete api("#{state_path}/lock"), headers: auth_header, params: params }
+ it_behaves_like 'enforcing job token policies', :admin_terraform_state do
+ let_it_be(:user) { maintainer }
+ let(:auth_header) { job_basic_auth_header(target_job) }
+ let(:lock_id) { '123.456' }
+ end
+
it_behaves_like 'endpoint with unique user tracking' do
let(:lock_id) { 'irrelevant to this test, just needs to be present' }
end
diff --git a/spec/requests/api/terraform/state_version_spec.rb b/spec/requests/api/terraform/state_version_spec.rb
index 541432586c1..6af39a72b0d 100644
--- a/spec/requests/api/terraform/state_version_spec.rb
+++ b/spec/requests/api/terraform/state_version_spec.rb
@@ -98,6 +98,11 @@ RSpec.describe API::Terraform::StateVersion, feature_category: :infrastructure_a
context 'job token authentication' do
let(:auth_header) { job_basic_auth_header(job) }
+ it_behaves_like 'enforcing job token policies', :read_terraform_state do
+ let_it_be(:user) { maintainer }
+ let(:auth_header) { job_basic_auth_header(target_job) }
+ end
+
context 'with maintainer permissions' do
let(:job) { create(:ci_build, status: :running, project: project, user: maintainer) }
@@ -153,6 +158,11 @@ RSpec.describe API::Terraform::StateVersion, feature_category: :infrastructure_a
describe 'DELETE /projects/:id/terraform/state/:name/versions/:serial' do
subject(:request) { delete api(state_version_path), headers: auth_header }
+ it_behaves_like 'enforcing job token policies', :admin_terraform_state do
+ let_it_be(:user) { maintainer }
+ let(:auth_header) { job_basic_auth_header(target_job) }
+ end
+
it_behaves_like 'it depends on value of the `terraform_state.enabled` config', { success_status: :no_content }
context 'with invalid authentication' do
diff --git a/spec/services/post_receive_service_spec.rb b/spec/services/post_receive_service_spec.rb
index d1974b9ce71..745818553af 100644
--- a/spec/services/post_receive_service_spec.rb
+++ b/spec/services/post_receive_service_spec.rb
@@ -301,6 +301,68 @@ RSpec.describe PostReceiveService, feature_category: :team_planning do
end
end
+ context "when broadcast message has a target_access_level" do
+ let_it_be(:unscoped_message) do
+ create(:broadcast_message, message: "Hello world!")
+ end
+
+ let_it_be(:guest_message) do
+ create(:broadcast_message, message: "Guests welcome!", target_access_levels: [Gitlab::Access::GUEST])
+ end
+
+ let_it_be(:dev_message) do
+ create(:broadcast_message, message: "Hi dev team!", target_access_levels: [Gitlab::Access::DEVELOPER, Gitlab::Access::MAINTAINER])
+ end
+
+ context "with limited access" do
+ before do
+ allow(user).to receive(:max_member_access_for_project).and_return(Gitlab::Access::GUEST)
+ end
+
+ it "does not show message for higher access levels" do
+ expect(subject).not_to include(build_alert_message(dev_message.message))
+ expect(subject).to include(build_alert_message(guest_message.message))
+ end
+ end
+
+ context "with multiple allowed access levels" do
+ before do
+ allow(user).to receive(:max_member_access_for_project).and_return(Gitlab::Access::DEVELOPER)
+ end
+
+ it "shows the correct message" do
+ expect(subject).not_to include(build_alert_message(guest_message.message))
+ expect(subject).to include(build_alert_message(dev_message.message))
+ end
+ end
+
+ context "with no matching access level" do
+ before do
+ allow(user).to receive(:max_member_access_for_project).and_return(Gitlab::Access::REPORTER)
+ end
+
+ it "shows the unscoped message" do
+ expect(subject).to include(build_alert_message(unscoped_message.message))
+ end
+ end
+
+ context "with derisk feature flag disabled" do
+ before do
+ stub_feature_flags(derisk_user_access_level_in_git_hook: false)
+ end
+
+ it "does not query the user's max_member_access_for_project" do
+ expect(user).not_to receive(:max_member_access_for_project)
+ end
+
+ it "shows the unscoped message instead of any scoped" do
+ expect(subject).not_to include(build_alert_message(dev_message.message))
+ expect(subject).not_to include(build_alert_message(guest_message.message))
+ expect(subject).to include(build_alert_message(unscoped_message.message))
+ end
+ end
+ end
+
context 'with a redirected data' do
it 'returns redirected message on the response' do
project_moved = Gitlab::Checks::ContainerMoved.new(project.repository, user, 'http', 'foo/baz')
diff --git a/spec/support/rspec_order_todo.yml b/spec/support/rspec_order_todo.yml
index a8ebf95a9c8..67de625f405 100644
--- a/spec/support/rspec_order_todo.yml
+++ b/spec/support/rspec_order_todo.yml
@@ -2050,10 +2050,8 @@
- './ee/spec/services/ee/users/update_service_spec.rb'
- './ee/spec/services/ee/vulnerability_feedback_module/update_service_spec.rb'
- './ee/spec/services/elastic/data_migration_service_spec.rb'
-- './ee/spec/services/elastic/indexing_control_service_spec.rb'
- './ee/spec/services/elastic/index_projects_by_id_service_spec.rb'
- './ee/spec/services/elastic/index_projects_by_range_service_spec.rb'
-- './ee/spec/services/elastic/metrics_update_service_spec.rb'
- './ee/spec/services/elastic/process_initial_bookkeeping_service_spec.rb'
- './ee/spec/services/emails/create_service_spec.rb'
- './ee/spec/services/emails/destroy_service_spec.rb'
@@ -2382,7 +2380,6 @@
- './ee/spec/workers/ci/upstream_projects_subscriptions_cleanup_worker_spec.rb'
- './ee/spec/workers/compliance_management/chain_of_custody_report_worker_spec.rb'
- './ee/spec/workers/compliance_management/merge_requests/compliance_violations_worker_spec.rb'
-- './ee/spec/workers/concerns/elastic/indexing_control_spec.rb'
- './ee/spec/workers/concerns/elastic/migration_obsolete_spec.rb'
- './ee/spec/workers/concerns/elastic/migration_options_spec.rb'
- './ee/spec/workers/concerns/update_orchestration_policy_configuration_spec.rb'
@@ -2399,7 +2396,6 @@
- './ee/spec/workers/elastic_cluster_reindexing_cron_worker_spec.rb'
- './ee/spec/workers/elastic_delete_project_worker_spec.rb'
- './ee/spec/workers/elastic_full_index_worker_spec.rb'
-- './ee/spec/workers/elastic_indexing_control_worker_spec.rb'
- './ee/spec/workers/elastic_index_initial_bulk_cron_worker_spec.rb'
- './ee/spec/workers/elastic_namespace_indexer_worker_spec.rb'
- './ee/spec/workers/elastic_namespace_rollout_worker_spec.rb'
@@ -3678,7 +3674,6 @@
- './spec/graphql/resolvers/board_lists_resolver_spec.rb'
- './spec/graphql/resolvers/board_resolver_spec.rb'
- './spec/graphql/resolvers/boards_resolver_spec.rb'
-- './spec/graphql/resolvers/branch_commit_resolver_spec.rb'
- './spec/graphql/resolvers/ci/config_resolver_spec.rb'
- './spec/graphql/resolvers/ci/group_runners_resolver_spec.rb'
- './spec/graphql/resolvers/ci/jobs_resolver_spec.rb'
diff --git a/spec/support/shared_examples/ci/job_token_policies_shared_examples.rb b/spec/support/shared_examples/ci/job_token_policies_shared_examples.rb
index 9d93df84561..73f7bef2744 100644
--- a/spec/support/shared_examples/ci/job_token_policies_shared_examples.rb
+++ b/spec/support/shared_examples/ci/job_token_policies_shared_examples.rb
@@ -1,15 +1,16 @@
# frozen_string_literal: true
-RSpec.shared_examples 'enforcing job token policies' do |policies|
- context 'when authenticating with a CI Job Token from another project' do
- let_it_be(:job) { create(:ci_build, :running, user: user) }
- let_it_be(:allowed_policies) { Array(policies) }
- let_it_be(:default_permissions) { false }
+RSpec.shared_examples 'enforcing job token policies' do |policies, expected_success_status: :success|
+ context 'when authenticating with a CI job token from another project' do
+ let(:source_project) { project }
+ let(:target_job) { create(:ci_build, :running, user: user) }
+ let(:allowed_policies) { Array(policies) }
+ let(:default_permissions) { false }
before do
create(:ci_job_token_project_scope_link,
- source_project: project,
- target_project: job.project,
+ source_project: source_project,
+ target_project: target_job.project,
direction: :inbound,
job_token_policies: allowed_policies,
default_permissions: default_permissions
@@ -21,7 +22,7 @@ RSpec.shared_examples 'enforcing job token policies' do |policies|
response
end
- it { is_expected.to have_gitlab_http_status(:success) }
+ it { is_expected.to have_gitlab_http_status(expected_success_status) }
context 'when the policies are not allowed' do
let(:allowed_policies) { [] }
@@ -32,7 +33,7 @@ RSpec.shared_examples 'enforcing job token policies' do |policies|
do_request
expected_message = '403 Forbidden - Insufficient permissions to access this resource ' \
- "in project #{project.path}. "
+ "in project #{source_project.path}. "
expected_message << if Array(policies).size == 1
"The following token permission is required: #{policies}."
@@ -44,9 +45,9 @@ RSpec.shared_examples 'enforcing job token policies' do |policies|
end
context 'when fine grained permissions are disabled' do
- let_it_be(:default_permissions) { true }
+ let(:default_permissions) { true }
- it { is_expected.to have_gitlab_http_status(:success) }
+ it { is_expected.to have_gitlab_http_status(expected_success_status) }
end
context 'when the `enforce_job_token_policies` feature flag is disabled' do
@@ -54,7 +55,7 @@ RSpec.shared_examples 'enforcing job token policies' do |policies|
stub_feature_flags(enforce_job_token_policies: false)
end
- it { is_expected.to have_gitlab_http_status(:success) }
+ it { is_expected.to have_gitlab_http_status(expected_success_status) }
end
end
end
diff --git a/spec/support/shared_examples/requests/api/conan_packages_shared_examples.rb b/spec/support/shared_examples/requests/api/conan_packages_shared_examples.rb
index a1938d97402..17b0fee41ca 100644
--- a/spec/support/shared_examples/requests/api/conan_packages_shared_examples.rb
+++ b/spec/support/shared_examples/requests/api/conan_packages_shared_examples.rb
@@ -391,6 +391,8 @@ end
RSpec.shared_examples 'recipe download_urls' do
let(:recipe_path) { package.conan_recipe_path }
+ it_behaves_like 'enforcing read_packages job token policy'
+
it 'returns the download_urls for the recipe files' do
expected_response = {
'conanfile.py' => "#{url_prefix}/packages/conan/v1/files/#{package.conan_recipe_path}/0/export/conanfile.py",
@@ -408,6 +410,8 @@ end
RSpec.shared_examples 'package download_urls' do
let(:recipe_path) { package.conan_recipe_path }
+ it_behaves_like 'enforcing read_packages job token policy'
+
it 'returns the download_urls for the package files' do
expected_response = {
'conaninfo.txt' => "#{url_prefix}/packages/conan/v1/files/#{package.conan_recipe_path}/0/package/#{conan_package_reference}/0/conaninfo.txt",
@@ -436,8 +440,9 @@ RSpec.shared_examples 'rejects invalid upload_url params' do
end
RSpec.shared_examples 'recipe snapshot endpoint' do
- subject { get api(url), headers: headers }
+ subject(:request) { get api(url), headers: headers }
+ it_behaves_like 'enforcing read_packages job token policy'
it_behaves_like 'conan FIPS mode'
it_behaves_like 'rejects invalid recipe'
it_behaves_like 'rejects recipe for invalid project'
@@ -462,8 +467,9 @@ RSpec.shared_examples 'recipe snapshot endpoint' do
end
RSpec.shared_examples 'package snapshot endpoint' do
- subject { get api(url), headers: headers }
+ subject(:request) { get api(url), headers: headers }
+ it_behaves_like 'enforcing read_packages job token policy'
it_behaves_like 'conan FIPS mode'
it_behaves_like 'rejects invalid recipe'
it_behaves_like 'rejects recipe for invalid project'
@@ -515,6 +521,7 @@ RSpec.shared_examples 'recipe upload_urls endpoint' do
'conanmanifest.txt': 123 }
end
+ it_behaves_like 'enforcing read_packages job token policy'
it_behaves_like 'conan FIPS mode'
it_behaves_like 'rejects invalid recipe'
it_behaves_like 'rejects invalid upload_url params'
@@ -578,6 +585,7 @@ RSpec.shared_examples 'package upload_urls endpoint' do
'conan_package.tgz': 523 }
end
+ it_behaves_like 'enforcing read_packages job token policy'
it_behaves_like 'conan FIPS mode'
it_behaves_like 'rejects invalid recipe'
it_behaves_like 'rejects invalid upload_url params'
@@ -631,6 +639,10 @@ RSpec.shared_examples 'delete package endpoint' do
project.add_maintainer(user)
end
+ it_behaves_like 'enforcing job token policies', :admin_packages do
+ let(:headers) { job_basic_auth_header(target_job) }
+ end
+
it 'triggers an internal event' do
expect { subject }
.to trigger_internal_events('delete_package_from_registry')
@@ -705,6 +717,7 @@ RSpec.shared_examples 'a private project with packages' do
project.update_column(:visibility_level, Gitlab::VisibilityLevel::PRIVATE)
end
+ it_behaves_like 'enforcing read_packages job token policy'
it_behaves_like 'denies download with no token'
it_behaves_like 'bumping the package last downloaded at field'
@@ -773,6 +786,7 @@ RSpec.shared_examples 'project not found by project id' do
end
RSpec.shared_examples 'workhorse authorize endpoint' do
+ it_behaves_like 'enforcing admin_packages job token policy'
it_behaves_like 'conan FIPS mode'
it_behaves_like 'rejects invalid recipe'
it_behaves_like 'rejects invalid file_name', 'conanfile.py.git%2fgit-upload-pack'
@@ -854,7 +868,7 @@ RSpec.shared_examples 'workhorse recipe file upload endpoint' do
let(:file_name) { 'conanfile.py' }
let(:params) { { file: temp_file(file_name) } }
- subject do
+ subject(:request) do
workhorse_finalize(
url,
method: :put,
@@ -865,6 +879,7 @@ RSpec.shared_examples 'workhorse recipe file upload endpoint' do
)
end
+ it_behaves_like 'enforcing admin_packages job token policy'
it_behaves_like 'conan FIPS mode'
it_behaves_like 'rejects invalid recipe'
it_behaves_like 'rejects invalid file_name', 'conanfile.py.git%2fgit-upload-pack'
@@ -879,7 +894,7 @@ RSpec.shared_examples 'workhorse package file upload endpoint' do
let(:file_name) { 'conaninfo.txt' }
let(:params) { { file: temp_file(file_name) } }
- subject do
+ subject(:request) do
workhorse_finalize(
url,
method: :put,
@@ -890,6 +905,7 @@ RSpec.shared_examples 'workhorse package file upload endpoint' do
)
end
+ it_behaves_like 'enforcing admin_packages job token policy'
it_behaves_like 'rejects invalid recipe'
it_behaves_like 'rejects invalid file_name', 'conaninfo.txttest'
it_behaves_like 'uploads a package file'
@@ -1127,3 +1143,15 @@ RSpec.shared_examples 'conan FIPS mode' do
it_behaves_like 'returning response status', :not_found
end
end
+
+RSpec.shared_examples 'enforcing read_packages job token policy' do
+ it_behaves_like 'enforcing job token policies', :read_packages do
+ let(:headers) { job_basic_auth_header(target_job) }
+ end
+end
+
+RSpec.shared_examples 'enforcing admin_packages job token policy' do
+ it_behaves_like 'enforcing job token policies', :admin_packages do
+ let(:headers_with_token) { job_basic_auth_header(target_job).merge(workhorse_headers) }
+ end
+end
diff --git a/spec/support/shared_examples/requests/api/npm_packages_shared_examples.rb b/spec/support/shared_examples/requests/api/npm_packages_shared_examples.rb
index 3e48c10c9c7..2e24d0005d8 100644
--- a/spec/support/shared_examples/requests/api/npm_packages_shared_examples.rb
+++ b/spec/support/shared_examples/requests/api/npm_packages_shared_examples.rb
@@ -14,7 +14,7 @@ RSpec.shared_examples 'handling get metadata requests' do |scope: :project|
let(:headers) { {} }
- subject { get(url, headers: headers) }
+ subject(:request) { get(url, headers: headers) }
shared_examples 'accept metadata request' do |status:|
it 'accepts the metadata request' do
@@ -131,6 +131,10 @@ RSpec.shared_examples 'handling get metadata requests' do |scope: :project|
end
end
+ it_behaves_like 'enforcing job token policies', :read_packages do
+ let(:headers) { build_token_auth_header(target_job.token) }
+ end
+
context 'with a group namespace' do
it_behaves_like 'handles authentication'
end
@@ -270,7 +274,7 @@ RSpec.shared_examples 'handling audit request' do |path:, scope: :project|
{ 'HTTP_CONTENT_ENCODING' => 'gzip', 'CONTENT_TYPE' => 'application/json' }
end
- subject { post(url, headers: headers.merge(default_headers), params: params) }
+ subject(:request) { post(url, headers: headers.merge(default_headers), params: params) }
shared_examples 'accept audit request' do |status:|
it 'accepts the audit request' do
@@ -342,6 +346,14 @@ RSpec.shared_examples 'handling audit request' do |path:, scope: :project|
it_behaves_like 'accept audit request', status: :ok
end
+ it_behaves_like 'enforcing job token policies', :read_packages do
+ before_all do
+ project.add_reporter(user)
+ end
+
+ let(:headers) { build_token_auth_header(target_job.token) }
+ end
+
%i[oauth personal_access_token job_token deploy_token].each do |auth|
context "with #{auth}" do
let(:auth) { auth }
@@ -399,7 +411,7 @@ RSpec.shared_examples 'handling get dist tags requests' do |scope: :project|
let(:headers) { {} }
- subject { get(url, headers: headers) }
+ subject(:request) { get(url, headers: headers) }
shared_examples 'reject package tags request' do |status:|
before do
@@ -479,6 +491,10 @@ RSpec.shared_examples 'handling get dist tags requests' do |scope: :project|
end
end
+ it_behaves_like 'enforcing job token policies', :read_packages do
+ let(:headers) { build_token_auth_header(target_job.token) }
+ end
+
context 'with a group namespace' do
it_behaves_like 'handles authentication'
end
@@ -578,7 +594,7 @@ RSpec.shared_examples 'handling create dist tag requests' do |scope: :project|
end
shared_examples 'handling all conditions' do
- subject { put(url, env: env, headers: headers) }
+ subject(:request) { put(url, env: env, headers: headers) }
context 'with unauthenticated requests' do
let(:package_name) { 'unscoped-package' }
@@ -622,7 +638,7 @@ RSpec.shared_examples 'handling delete dist tag requests' do |scope: :project|
end
shared_examples 'handling all conditions' do
- subject { delete(url, headers: headers) }
+ subject(:request) { delete(url, headers: headers) }
context 'with unauthenticated requests' do
let(:package_name) { 'unscoped-package' }
@@ -715,6 +731,10 @@ RSpec.shared_examples 'handles authenticated requests, for tags create or delete
project.update!(visibility: 'private')
end
+ it_behaves_like 'enforcing job token policies', :admin_packages do
+ let(:headers) { build_token_auth_header(target_job.token) }
+ end
+
context 'with authentication methods' do
%i[oauth personal_access_token job_token deploy_token].each do |auth|
context "with #{auth}" do
diff --git a/spec/support/shared_examples/requests/api/packages_shared_examples.rb b/spec/support/shared_examples/requests/api/packages_shared_examples.rb
index 283ab565dc4..cadf04a1ccc 100644
--- a/spec/support/shared_examples/requests/api/packages_shared_examples.rb
+++ b/spec/support/shared_examples/requests/api/packages_shared_examples.rb
@@ -100,6 +100,12 @@ RSpec.shared_examples 'job token for package GET requests' do
end
end
+RSpec.shared_examples 'enforcing read_packages job token policy' do
+ it_behaves_like 'enforcing job token policies', :read_packages do
+ let(:headers) { build_token_auth_header(target_job.token) }
+ end
+end
+
RSpec.shared_examples 'job token for package uploads' do |authorize_endpoint: false, accept_invalid_username: false|
context 'with job token headers' do
let(:headers) { basic_auth_header(::Gitlab::Auth::CI_JOB_USER, job.token).merge(workhorse_headers) }
diff --git a/spec/tasks/ci/job_tokens_rake_spec.rb b/spec/tasks/ci/job_tokens_rake_spec.rb
new file mode 100644
index 00000000000..a41d7dc7add
--- /dev/null
+++ b/spec/tasks/ci/job_tokens_rake_spec.rb
@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe 'ci:job_tokens rake tasks', feature_category: :permissions do
+ let(:task_class) { Tasks::Ci::JobTokensTask }
+ let(:task) { instance_double(task_class) }
+
+ before do
+ Rake.application.rake_require('tasks/ci/job_tokens')
+ end
+
+ describe 'check_policies' do
+ it 'invokes the check methods of Ci::JobTokensTask' do
+ expect(task_class).to receive(:new).and_return(task)
+
+ expect(task).to receive(:check_policies_completeness)
+ expect(task).to receive(:check_policies_correctness)
+ expect(task).to receive(:check_docs)
+
+ run_rake_task('ci:job_tokens:check_policies')
+ end
+ end
+
+ describe 'check_policies_completeness' do
+ it 'invokes the check_policies_completeness method of Ci::JobTokensTask' do
+ expect(task_class).to receive(:new).and_return(task)
+
+ expect(task).to receive(:check_policies_completeness)
+
+ run_rake_task('ci:job_tokens:check_policies_completeness')
+ end
+ end
+
+ describe 'check_policies_correctness' do
+ it 'invokes the check_policies_correctness method of Ci::JobTokensTask' do
+ expect(task_class).to receive(:new).and_return(task)
+
+ expect(task).to receive(:check_policies_correctness)
+
+ run_rake_task('ci:job_tokens:check_policies_correctness')
+ end
+ end
+
+ describe 'check_docs' do
+ it 'invokes the check_docs method of Ci::JobTokensTask' do
+ expect(task_class).to receive(:new).and_return(task)
+
+ expect(task).to receive(:check_docs)
+
+ run_rake_task('ci:job_tokens:check_docs')
+ end
+ end
+
+ describe 'compile_docs' do
+ it 'invokes the compile_docs method of Ci::JobTokensTask' do
+ expect(task_class).to receive(:new).and_return(task)
+
+ expect(task).to receive(:compile_docs)
+
+ run_rake_task('ci:job_tokens:compile_docs')
+ end
+ end
+end
diff --git a/spec/tasks/ci/job_tokens_task_spec.rb b/spec/tasks/ci/job_tokens_task_spec.rb
new file mode 100644
index 00000000000..e5c7d33f012
--- /dev/null
+++ b/spec/tasks/ci/job_tokens_task_spec.rb
@@ -0,0 +1,249 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require_relative '../../../lib/tasks/ci/job_tokens_task'
+
+RSpec.describe Tasks::Ci::JobTokensTask, :silence_stdout, feature_category: :permissions do
+ let(:task) { described_class.new }
+ let(:path) { Rails.root.join('tmp/tests/doc/ci/jobs') }
+ let(:doc) { 'fine_grained_permissions.md' }
+ let(:doc_path) { Rails.root.join(path, doc) }
+ let(:routes) do
+ [
+ allowed_route_without_policies,
+ allowed_route_with_invalid_policies,
+ allowed_route_with_valid_policies,
+ allowed_route_with_skipped_policies,
+ not_allowed_route
+ ]
+ end
+
+ before do
+ allow(task).to receive_messages(routes: routes, doc_path: doc_path)
+ end
+
+ describe '#check_policies_completeness' do
+ subject(:check_policies_completeness) { task.check_policies_completeness }
+
+ context 'when no allowed routes without policies are found' do
+ let(:routes) { [allowed_route_with_valid_policies] }
+
+ it 'outputs a success message' do
+ expect { check_policies_completeness }
+ .to output("All allowed endpoints for CI/CD job tokens have policies defined.\n")
+ .to_stdout
+ end
+ end
+
+ context 'when allowed routes without policies are found' do
+ let(:error_message) do
+ <<~OUTPUT
+ ##########
+ #
+ # The following endpoints allowed for CI/CD job tokens should define job token policies:
+ #
+ | Path | Description |
+ | ---- | ----------- |
+ | `GET path/to/allowed_route_without_policies` | route description |
+ #
+ ##########
+ OUTPUT
+ end
+
+ it 'raises an error and outputs a routes table' do
+ expect { check_policies_completeness }.to raise_error(SystemExit).and output(error_message).to_stdout
+ end
+ end
+ end
+
+ describe '#check_policies_correctness' do
+ subject(:check_policies_correctness) { task.check_policies_correctness }
+
+ context 'when no routes with invalid policies are found' do
+ let(:routes) { [allowed_route_with_valid_policies] }
+
+ it 'outputs a success message' do
+ expect { check_policies_correctness }
+ .to output("All defined CI/CD job token policies are valid.\n")
+ .to_stdout
+ end
+ end
+
+ context 'when routes with invalid policies are found' do
+ let(:error_message) do
+ <<~OUTPUT
+ ##########
+ #
+ # The following endpoints have invalid CI/CD job token policies:
+ #
+ | Policies | Path | Description |
+ | -------- | ---- | ----------- |
+ | invalid_policy | `GET path/to/allowed_route_with_invalid_policies` | route description |
+ #
+ ##########
+ OUTPUT
+ end
+
+ it 'raises an error and outputs a routes table' do
+ expect { check_policies_correctness }.to raise_error(SystemExit).and output(error_message).to_stdout
+ end
+ end
+ end
+
+ describe '#check_docs' do
+ subject(:check_docs) { task.check_docs }
+
+ before do
+ FileUtils.mkdir_p(path)
+ task.compile_docs
+ end
+
+ context 'when the docs are up to date' do
+ it 'outputs a success message' do
+ expect { check_docs }
+ .to output("CI/CD job token allowed endpoints documentation is up to date.\n")
+ .to_stdout
+ end
+ end
+
+ context 'when the doc is updated manually' do
+ before do
+ File.write(doc_path, 'Manually adding this line at the end of the the doc', mode: 'a+')
+ end
+
+ let(:error_message) do
+ <<~OUTPUT
+ ##########
+ #
+ # CI/CD job token allowed endpoints documentation is outdated! Please update it by running `bundle exec rake ci:job_tokens:compile_docs`.
+ #
+ ##########
+ OUTPUT
+ end
+
+ it 'raises an error' do
+ expect { check_docs }.to raise_error(SystemExit).and output(error_message).to_stdout
+ end
+ end
+
+ context 'when the doc is not up to date' do
+ before do
+ allow(task).to receive(:routes).and_return([])
+ end
+
+ let(:error_message) do
+ <<~OUTPUT
+ ##########
+ #
+ # CI/CD job token allowed endpoints documentation is outdated! Please update it by running `bundle exec rake ci:job_tokens:compile_docs`.
+ #
+ ##########
+ OUTPUT
+ end
+
+ it 'raises an error' do
+ expect { check_docs }.to raise_error(SystemExit).and output(error_message).to_stdout
+ end
+ end
+ end
+
+ describe '#compile_docs' do
+ subject(:compile_docs) { task.compile_docs }
+
+ before do
+ FileUtils.mkdir_p(path)
+ end
+
+ it 'outputs a success message' do
+ expect { compile_docs }
+ .to output("CI/CD job token allowed endpoints documentation compiled.\n")
+ .to_stdout
+ end
+
+ it 'creates fine_grained_permissions.md', :aggregate_failures do
+ FileUtils.rm_f(doc_path)
+ expect { File.read(doc_path) }.to raise_error(Errno::ENOENT)
+ expect(task).to receive(:allowed_endpoints)
+
+ compile_docs
+
+ expect(File.read(doc_path)).to match(/This documentation is auto generated by a Rake task/)
+ end
+ end
+
+ describe '#allowed_endpoints' do
+ let(:table) do
+ <<~TABLE.chomp
+ | Permissions | Permission Names | Path | Description |
+ | ----------- | ---------------- | ---- | ----------- |
+ | None | | `GET path/to/allowed_route_with_skipped_policies` | route description |
+ | None | | `GET path/to/allowed_route_without_policies` | route description |
+ | Packages: Read | `READ_PACKAGES` | `GET path/to/allowed_route_with_valid_policies` | route description |
+ | invalid_policy | `INVALID_POLICY` | `GET path/to/allowed_route_with_invalid_policies` | route description |
+ TABLE
+ end
+
+ it 'returns a sorted table for the docs that includes allowed routes only' do
+ expect(task.allowed_endpoints).to eq(table)
+ end
+ end
+
+ def allowed_route_without_policies
+ instance_double(Grape::Router::Route,
+ settings: {
+ authentication: { job_token_allowed: true }
+ },
+ request_method: 'GET',
+ description: 'route description',
+ origin: 'path/to/allowed_route_without_policies'
+ )
+ end
+
+ def allowed_route_with_invalid_policies
+ instance_double(Grape::Router::Route,
+ settings: {
+ authentication: { job_token_allowed: true },
+ authorization: { job_token_policies: :invalid_policy }
+ },
+ request_method: 'GET',
+ description: 'route description',
+ origin: 'path/to/allowed_route_with_invalid_policies'
+ )
+ end
+
+ def allowed_route_with_valid_policies
+ instance_double(Grape::Router::Route,
+ settings: {
+ authentication: { job_token_allowed: true },
+ authorization: { job_token_policies: :read_packages }
+ },
+ request_method: 'GET',
+ description: 'route description',
+ origin: 'path/to/allowed_route_with_valid_policies'
+ )
+ end
+
+ def allowed_route_with_skipped_policies
+ instance_double(Grape::Router::Route,
+ settings: {
+ authentication: { job_token_allowed: true },
+ authorization: { skip_job_token_policies: true }
+ },
+ request_method: 'GET',
+ description: 'route description',
+ origin: 'path/to/allowed_route_with_skipped_policies'
+ )
+ end
+
+ def not_allowed_route
+ instance_double(Grape::Router::Route,
+ settings: {
+ authentication: { job_token_allowed: false },
+ authorization: { job_token_policies: :read_packages }
+ },
+ request_method: 'GET',
+ description: 'route description',
+ origin: 'path/to/route'
+ )
+ end
+end
diff --git a/spec/workers/ci/execute_build_hooks_worker_spec.rb b/spec/workers/ci/execute_build_hooks_worker_spec.rb
new file mode 100644
index 00000000000..ecba8a4ce9c
--- /dev/null
+++ b/spec/workers/ci/execute_build_hooks_worker_spec.rb
@@ -0,0 +1,77 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Ci::ExecuteBuildHooksWorker, feature_category: :pipeline_composition do
+ let_it_be(:project) { create(:project) }
+ let_it_be(:pipeline) { create(:ci_pipeline, project: project) }
+ let_it_be(:build) { create(:ci_build, pipeline: pipeline) }
+
+ let(:build_data) do
+ {
+ object_kind: 'build',
+ ref: 'main',
+ tag: false,
+ build_id: build.id,
+ build_name: build.name,
+ build_stage: build.stage_name,
+ build_status: build.status,
+ project_id: project.id,
+ project_name: project.full_name
+ }
+ end
+
+ describe '#perform' do
+ subject(:perform) { described_class.new.perform(project.id, build_data) }
+
+ context 'when project exists' do
+ context 'with project services' do
+ let!(:integration) { create(:integration, active: true, job_events: true, project: project) }
+
+ it 'executes services' do
+ allow_next_instance_of(Project) do |project|
+ expect(project).to receive(:execute_integrations).with(build_data, :job_hooks)
+ end
+
+ perform
+ end
+ end
+
+ context 'with project hooks' do
+ let!(:hook) { create(:project_hook, project: project, job_events: true) }
+
+ it 'executes hooks' do
+ allow_next_instance_of(Project) do |project|
+ expect(project).to receive(:execute_hooks).with(build_data, :job_hooks)
+ end
+
+ perform
+ end
+ end
+
+ context 'without hooks or services' do
+ it 'does not execute hooks or services' do
+ allow_next_instance_of(Project) do |project|
+ expect(project).not_to receive(:execute_hooks)
+ expect(project).not_to receive(:execute_integrations)
+ end
+
+ perform
+ end
+ end
+ end
+
+ context 'when project does not exist' do
+ subject(:perform) { described_class.new.perform(non_existing_record_id, build_data) }
+
+ it 'does nothing' do
+ allow_next_instance_of(Project) do |project|
+ expect(project).not_to receive(:execute_hooks)
+ expect(project).not_to receive(:execute_integrations)
+ end
+
+ perform
+ end
+ end
+ end
+end
diff --git a/tooling/ci/job_tokens/docs/templates/fine_grained_permissions.md.erb b/tooling/ci/job_tokens/docs/templates/fine_grained_permissions.md.erb
new file mode 100644
index 00000000000..3e7ffa964e6
--- /dev/null
+++ b/tooling/ci/job_tokens/docs/templates/fine_grained_permissions.md.erb
@@ -0,0 +1,30 @@
+---
+stage: Software Supply Chain Security
+group: Pipeline Security
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+
+
+# Fine-grained permissions for CI/CD job tokens
+
+DETAILS:
+**Tier:** Free, Premium, Ultimate
+**Offering:** GitLab.com, GitLab Self-Managed, GitLab Dedicated
+
+## Available API endpoints
+
+The following endpoints are available for CI job tokens.
+You can use fine-grained permissions to explicitly allow access to a limited set of the following API endpoints.
+
+`None` means fine-grained permissions cannot control access to this endpoint.
+
+<%= allowed_endpoints %>