From 63dd1256859e6d1e480a701608990cf2ab4f830b Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Mon, 20 Jan 2025 15:39:51 +0000 Subject: [PATCH] Add latest changes from gitlab-org/gitlab@master --- .gitlab/CODEOWNERS | 1 + .gitlab/ci/rules.gitlab-ci.yml | 14 + .gitlab/ci/static-analysis.gitlab-ci.yml | 13 + .gitlab/ci/test-on-omnibus/main.gitlab-ci.yml | 11 + .rubocop_todo/gitlab/bounded_contexts.yml | 3 - .rubocop_todo/layout/line_length.yml | 1 - .rubocop_todo/lint/unused_method_argument.yml | 1 - .rubocop_todo/rspec/any_instance_of.yml | 1 - .rubocop_todo/rspec/be_eq.yml | 3 - .rubocop_todo/rspec/context_wording.yml | 2 - .rubocop_todo/rspec/expect_change.yml | 1 - .rubocop_todo/rspec/expect_in_hook.yml | 1 - .rubocop_todo/rspec/feature_category.yml | 1 - .rubocop_todo/rspec/named_subject.yml | 2 - .rubocop_todo/search/namespaced_class.yml | 2 - .../style/inline_disable_annotation.yml | 1 - .rubocop_todo/style/mutable_constant.yml | 1 - GITLAB_KAS_VERSION | 2 +- .../components/placeholders_table.vue | 2 + .../show/components/issuable_header.vue | 7 +- .../resolvers/branch_commit_resolver.rb | 22 -- .../repositories/ref_commit_resolver.rb | 22 ++ app/graphql/types/branch_type.rb | 2 +- app/graphql/types/repositories/tag_type.rb | 2 +- app/helpers/projects_helper.rb | 3 +- app/models/ci/build.rb | 15 +- app/models/system/broadcast_message.rb | 4 +- app/services/post_receive_service.rb | 10 +- app/views/import/source_users/show.html.haml | 4 +- app/workers/all_queues.yml | 9 + app/workers/ci/execute_build_hooks_worker.rb | 22 ++ ...73260_projectsclustersindex_open_modal.yml | 3 - ...493_projectsclustersindex_click_button.yml | 3 - .../1649272430_projectsnew_visit_docs.yml | 3 - ...67_event_create_service_project_action.yml | 3 - ...51580551_groups_controller_show_render.yml | 3 - ...581659_projects_controller_show_render.yml | 3 - ...1654698269_merge_request_action_create.yml | 3 - .../1654698359_merge_request_action_close.yml | 3 - .../1654698407_merge_request_action_merge.yml | 3 - .../1655179428_design_actions_create_.yml | 3 - .../1655179485_design_actions_update_.yml | 3 - .../1655179517_design_actions_destroy_.yml | 3 - ...ions_class_perform_integrations_action.yml | 3 - ..._action_perform_analytics_usage_action.yml | 3 - ...igurationController_error_invalid_user.yml | 3 - ...roller_error_google_oauth2_not_enabled.yml | 3 - ...troller_error_feature_flag_not_enabled.yml | 3 - ...d__ConfigurationController_render_page.yml | 3 - ...eAccountsController_error_invalid_user.yml | 3 - ...roller_error_google_oauth2_not_enabled.yml | 3 - ...troller_error_feature_flag_not_enabled.yml | 3 - ..._ServiceAccountsController_render_form.yml | 3 - ...countsController_error_no_gcp_projects.yml | 3 - ...ountsController_create_service_account.yml | 3 - ...iceAccountsController_error_google_api.yml | 3 - ...cpRegionsController_error_invalid_user.yml | 3 - ...roller_error_google_oauth2_not_enabled.yml | 3 - ...troller_error_feature_flag_not_enabled.yml | 3 - ...loud__GcpRegionsController_render_form.yml | 3 - ..._GcpRegionsController_configure_region.yml | 3 - ...oud__GcpRegionsController_error_create.yml | 3 - ...vokeOauthController_error_invalid_user.yml | 3 - ...roller_error_google_oauth2_not_enabled.yml | 3 - ...troller_error_feature_flag_not_enabled.yml | 3 - ...ud__RevokeOauthController_revoke_oauth.yml | 3 - ...ploymentsController_error_invalid_user.yml | 3 - ...roller_error_google_oauth2_not_enabled.yml | 3 - ...troller_error_feature_flag_not_enabled.yml | 3 - ...oud__DeploymentsController_render_page.yml | 3 - ...sController_generate_cloudrun_pipeline.yml | 3 - ...troller_error_enable_cloudrun_services.yml | 3 - ...oller_error_generate_cloudrun_pipeline.yml | 3 - ...DeploymentsController_error_google_api.yml | 3 - ...DatabasesController_error_invalid_user.yml | 3 - ...roller_error_google_oauth2_not_enabled.yml | 3 - ...troller_error_feature_flag_not_enabled.yml | 3 - ...Cloud__DatabasesController_render_page.yml | 3 - ...tabasesController_render_cloudsql_form.yml | 3 - ...sesController_create_cloudsql_instance.yml | 3 - ...troller_error_enable_cloudsql_services.yml | 3 - ...troller_error_create_cloudsql_instance.yml | 3 - ...rdErrorEvent_track_weak_password_error.yml | 3 - .../events/1669277827_API__Commits_commit.yml | 3 - ...incident_management_incident_published.yml | 2 - ..._Create_incident_management_alert_todo.yml | 3 - ...ees_incident_management_alert_assigned.yml | 3 - ...e_incident_management_incident_created.yml | 3 - ...ncident_management_alert_status_change.yml | 3 - ...ce_incident_management_timeline_event_.yml | 3 - ...ice_incident_management_timeline_event.yml | 3 - ...ce_incident_management_timeline_event_.yml | 3 - ...ce_incident_management_incident_relate.yml | 3 - ..._incident_management_incident_unrelate.yml | 3 - ...ce_incident_management_incident_closed.yml | 3 - ..._incident_management_incident_reopened.yml | 3 - ...anagement_incident_change_confidential.yml | 3 - ...ident_management_incident_zoom_meeting.yml | 3 - ...e_incident_management_incident_comment.yml | 3 - ...vice_incident_management_incident_todo.yml | 3 - ..._incident_management_incident_assigned.yml | 5 +- ...rgeRequestActivityUniqueCounter_create.yml | 3 - ...s__CreateService_create_commit_comment.yml | 3 - ..._Users__ActivityService_perform_action.yml | 3 - ...esHelpers_push_package_by_deploy_token.yml | 3 - .../1674843937_Ci__Build_create_id_tokens.yml | 3 - ..._PackagesHelpers_pull_package_by_guest.yml | 3 - ...ain__Metrics_create_pipeline_with_name.yml | 3 - ..._visit_compliance_credential_inventory.yml | 2 - ...figuration__sast_create_service_create.yml | 3 - ...figuration__sast_create_service_update.yml | 3 - ...secret_detection_create_service_create.yml | 3 - ...secret_detection_create_service_update.yml | 3 - ...ntainer_repositories_list_repositories.yml | 3 - ...ntainer_repositories_delete_repository.yml | 3 - ...ject_container_repositories_delete_tag.yml | 3 - ...container_repositories_delete_tag_bulk.yml | 3 - ...ntainer_repositories_list_repositories.yml | 3 - ...oject_container_repositories_list_tags.yml | 3 - ...151015_api__pypi_packages_list_package.yml | 3 - ..._prometheus_disabled_manual_prometheus.yml | 3 - ...s_prometheus_enabled_manual_prometheus.yml | 3 - ...egistry_notification_create_repository.yml | 3 - ...egistry_notification_delete_repository.yml | 3 - ...ainer_registry_notification_delete_tag.yml | 3 - ..._registry_notification_push_repository.yml | 3 - ...ntainer_registry_notification_push_tag.yml | 3 - ...2109151015_delete_repository_container.yml | 3 - .../202109151015_delete_tag_bulk_tag.yml | 3 - ...09151015_experiment_name_initial_write.yml | 3 - .../202109151015_experiment_name_write.yml | 3 - ...ositories_controller_list_repositories.yml | 3 - ...ent__zoom_integration_add_zoom_meeting.yml | 3 - ...__zoom_integration_remove_zoom_meeting.yml | 3 - ...2109151015_list_repositories_container.yml | 3 - ...02109151015_package_class_pull_package.yml | 3 - ...02109151015_package_class_push_package.yml | 3 - ...ositories_controller_delete_repository.yml | 3 - ...ositories_controller_list_repositories.yml | 3 - ...__registry__tags_controller_delete_tag.yml | 3 - ...istry__tags_controller_delete_tag_bulk.yml | 3 - ...s__registry__tags_controller_list_tags.yml | 3 - ...egrations_view_alert_integrations_list.yml | 3 - .../20210915205038_default_click_button.yml | 3 - ...5205039_default_copy_keyboard_shortcut.yml | 3 - .../events/20210915205041_default_generic.yml | 3 - ...205100_default_execute_toolbar_control.yml | 3 - ...5101_default_execute_keyboard_shortcut.yml | 3 - ...10915205102_default_execute_input_rule.yml | 3 - ...03_default_execute_bubble_menu_control.yml | 3 - ...210915205108_default_type_search_query.yml | 3 - ...t_invite_members_banner_button_clicked.yml | 3 - ...efault_invite_members_banner_dismissed.yml | 3 - ...fault_change_discussion_sort_direction.yml | 3 - ...20210915205112_packages_delete_package.yml | 3 - ...3_packages_request_delete_package_file.yml | 3 - ...915205114_packages_delete_package_file.yml | 3 - .../20210915205115_packages_pull_package.yml | 3 - ...5205116_packages_cancel_delete_package.yml | 3 - ...17_packages_cancel_delete_package_file.yml | 3 - ...copy_composer_registry_include_command.yml | 3 - ..._copy_composer_package_include_command.yml | 3 - ...25_default_copy_gradle_install_command.yml | 3 - ...ault_copy_gradle_add_to_source_command.yml | 3 - ...27_default_copy_kotlin_install_command.yml | 3 - ...ault_copy_kotlin_add_to_source_command.yml | 3 - .../20210915205140_default_reset_form.yml | 3 - .../20210915205141_default_submit_form.yml | 3 - .../20210915205142_default_click_dismiss.yml | 3 - ...15205143_default_show_home_page_banner.yml | 3 - ...15205145_default_content_editor_loaded.yml | 3 - ...146_default_saved_using_content_editor.yml | 3 - ...0210915205147_default_browse_templates.yml | 3 - ...0210915205148_default_template_clicked.yml | 3 - .../20210915205149_default_dismiss_banner.yml | 3 - .../20210915205150_default_click_button.yml | 3 - .../20210915205151_default_click_dropdown.yml | 3 - ...0210915205152_default_click_copy_login.yml | 3 - ...0210915205153_default_click_copy_build.yml | 3 - ...20210915205154_default_click_copy_push.yml | 3 - .../20210915205155_default_click_button.yml | 3 - .../20210915205156_default_confirm_delete.yml | 3 - .../20210915205157_default_cancel_delete.yml | 3 - .../20210915205158_default_click_button.yml | 3 - .../20210915205159_default_confirm_delete.yml | 3 - .../20210915205200_default_cancel_delete.yml | 3 - .../events/20210915205202_default_generic.yml | 3 - .../20210915205203_default_click_tab.yml | 3 - ...5205204_default_click_whats_new_drawer.yml | 3 - .../20210915205207_default_click_dropdown.yml | 3 - .../20211215022206_default_click_button.yml | 3 - .../20211215022206_default_click_link.yml | 3 - .../20211215022206_default_click_menu.yml | 3 - ...20211215022206_default_click_menu_item.yml | 3 - ...mment_button_title_button_click_button.yml | 3 - ...eate_or_import_a_repository_click_link.yml | 3 - ...te_value_stream_form_open_click_button.yml | 3 - ..._value_stream_form_open_click_dropdown.yml | 3 - ..._value_stream_form_open_click_dropdown.yml | 3 - ...ile_path_button_click_copy_file_button.yml | 3 - ...al_button_click_toggle_external_button.yml | 3 - ...ult_edit_assignee_click_invite_members.yml | 3 - ...ult_edit_reviewer_click_invite_members.yml | 3 - ...it_value_stream_form_open_click_button.yml | 3 - ...ult_environment_actions_click_dropdown.yml | 3 - ...efault_environment_delete_click_button.yml | 3 - ...lt_environment_monitoring_click_button.yml | 3 - ...6_default_environment_pin_click_button.yml | 3 - ...ault_environment_rollback_click_button.yml | 3 - ..._default_environment_stop_click_button.yml | 3 - ...ault_environment_terminal_click_button.yml | 3 - ...6_default_environment_url_click_button.yml | 3 - ..._export_issuable_type_csv_click_button.yml | 3 - ...fault_feature_flag_toggle_click_button.yml | 3 - ...ult_feature_title_click_whats_new_item.yml | 3 - ...ault_home_page_click_go_to_preferences.yml | 3 - ...mr_next_unresolved_thread_click_button.yml | 3 - ..._button_click_terraform_mr_plan_button.yml | 3 - ...fault_no_pipeline_noticed_click_button.yml | 3 - ...ault_reply_comment_button_click_button.yml | 3 - ...206_default_review_app_open_review_app.yml | 3 - ...efault_right_sidebar_click_edit_button.yml | 3 - ...rch_autocomplete_suggestion_click_text.yml | 3 - ...11215022206_default_show_labels_toggle.yml | 3 - ...ult_slugged_stream_name_click_dropdown.yml | 3 - ...1130_invite_members_modal_click_cancel.yml | 3 - ...228151130_invite_members_modal_click_x.yml | 3 - ...invite_members_modal_invite_successful.yml | 3 - ...0228151130_invite_members_modal_render.yml | 3 - .../events/20230321151607_github_create.yml | 5 +- ...1223_API__NpmProjectPackages_list_tags.yml | 3 - ...524_API__NpmProjectPackages_create_tag.yml | 3 - ...627_API__NpmProjectPackages_delete_tag.yml | 3 - ...004_API__NpmInstancePackages_list_tags.yml | 3 - ...51_API__NpmInstancePackages_create_tag.yml | 3 - ...37_API__NpmInstancePackages_delete_tag.yml | 3 - ...ubGistsImport__ImportGistWorker_create.yml | 5 +- .../20230727165222_default_save_markdown.yml | 3 - ...180523_default_click_consolidated_edit.yml | 3 - ...nalEventTracking_g_edit_by_snippet_ide.yml | 3 - ...nternalEventTracking_g_edit_by_web_ide.yml | 3 - ...08_InternalEventTracking_g_edit_by_sfe.yml | 3 - config/events/accepted.yml | 3 - config/events/agent_users_using_ci_tunnel.yml | 3 - config/events/apply_wiki_template.yml | 3 - config/events/assignment.yml | 3 - ...uthorize_job_token_with_disabled_scope.yml | 3 - config/events/bitbucket_sso.yml | 2 - config/events/change_allow_force_push.yml | 5 +- config/events/change_allowed_to_merge.yml | 5 +- .../change_allowed_to_push_and_merge.yml | 5 +- config/events/change_branch_rule_target.yml | 5 +- .../change_require_codeowner_approval.yml | 3 - .../events/ci_catalog_component_included.yml | 3 - config/events/ci_template_included.yml | 3 - config/events/cli_metadata.yml | 2 - ...itlab_scoped_search_to_advanced_search.yml | 3 - .../click_blame_control_on_blob_page.yml | 3 - .../click_blob_results_show_more_less.yml | 3 - .../events/click_chunk_blame_on_blob_page.yml | 3 - ...board_button_in_multimatch_file_header.yml | 3 - ...k_commands_sub_menu_in_command_palette.yml | 3 - ...mment_filter_toggle_bot_comments_in_mr.yml | 3 - ...ment_filter_toggle_user_comments_in_mr.yml | 3 - config/events/click_delete_pod.yml | 3 - ...smiss_button_jenkins_migration_callout.yml | 3 - .../events/click_expand_panel_on_settings.yml | 3 - .../click_explore_in_command_palette.yml | 3 - ...k_find_file_button_on_repository_pages.yml | 3 - ...lick_frequent_group_in_command_palette.yml | 3 - ...ck_frequent_project_in_command_palette.yml | 3 - config/events/click_go_to_file_shortcut.yml | 3 - .../click_group_result_in_command_palette.yml | 3 - ...group_scoped_search_to_advanced_search.yml | 3 - .../click_header_link_of_blob_result.yml | 3 - .../click_history_control_on_blob_page.yml | 3 - .../click_issue_result_in_command_palette.yml | 3 - ...sues_assigned_to_me_in_command_palette.yml | 3 - ...ck_issues_i_created_in_command_palette.yml | 3 - ...erge_request_result_in_command_palette.yml | 3 - ...ests_assigned_to_me_in_command_palette.yml | 3 - ..._requests_i_created_in_command_palette.yml | 3 - ..._that_im_a_reviewer_in_command_palette.yml | 3 - .../click_new_project_projects_explore.yml | 3 - .../click_outside_of_command_palette.yml | 3 - .../click_preferences_in_command_palette.yml | 3 - .../click_previous_blame_on_blob_page.yml | 3 - .../click_print_as_pdf_in_wiki_page.yml | 3 - .../click_profile_in_command_palette.yml | 3 - ...lick_project_result_in_command_palette.yml | 3 - ...oject_scoped_search_to_advanced_search.yml | 3 - ...ick_project_setting_in_command_palette.yml | 3 - .../ci_async_build_hooks_execution.yml | 9 + .../derisk_user_access_level_in_git_hook.yml | 9 + config/initializers/1_settings.rb | 3 - config/sidekiq_queues.yml | 2 + db/docs/operations_strategies_user_lists.yml | 12 +- ...er_lists_project_id_not_null_constraint.rb | 14 + db/schema_migrations/20250109070247 | 1 + db/structure.sql | 3 +- doc/api/graphql/reference/index.md | 70 +++++ doc/ci/jobs/fine_grained_permissions.md | 181 +++++++++++ .../internal_analytics/browser_sdk.md | 280 +++++++++++++++++ .../instrumentation/browser_sdk.md | 283 +----------------- .../instrumentation/index.md | 21 +- .../index.md | 2 +- doc/user/compliance/audit_event_types.md | 1 + lefthook.yml | 5 + lib/api/ci/catalog.rb | 1 + lib/api/ci/job_artifacts.rb | 4 + lib/api/ci/jobs.rb | 2 + lib/api/ci/pipelines.rb | 1 + lib/api/ci/runner.rb | 2 + lib/api/ci/secure_files.rb | 5 + lib/api/composer_packages.rb | 7 + lib/api/conan/v2/project_packages.rb | 3 + .../packages/conan/shared_endpoints.rb | 2 + .../concerns/packages/conan/v1_endpoints.rb | 17 ++ lib/api/concerns/packages/npm_endpoints.rb | 5 + .../packages/npm_namespace_endpoints.rb | 3 + lib/api/deployments.rb | 5 + lib/api/environments.rb | 7 + lib/api/generic_packages.rb | 6 + lib/api/go_proxy.rb | 1 + lib/api/helpers.rb | 13 +- lib/api/helpers/packages_helpers.rb | 2 + lib/api/maven_packages.rb | 12 +- lib/api/npm_project_packages.rb | 3 + lib/api/package_files.rb | 2 + lib/api/project_container_repositories.rb | 1 + lib/api/project_packages.rb | 4 + lib/api/pypi_packages.rb | 20 +- lib/api/release/links.rb | 5 + lib/api/releases.rb | 7 + lib/api/repositories.rb | 1 + lib/api/terraform/state.rb | 5 + lib/api/terraform/state_version.rb | 2 + lib/tasks/ci/job_tokens.rake | 37 +++ lib/tasks/ci/job_tokens_task.rb | 170 +++++++++++ locale/gitlab.pot | 6 + qa/qa.rb | 3 +- qa/qa/page/component/issuable/common.rb | 10 + qa/qa/page/component/note.rb | 6 + .../placeholders/placeholders_table.rb | 54 ++++ qa/qa/page/group/members.rb | 18 ++ qa/qa/page/import/review_reassignment.rb | 17 ++ qa/qa/page/merge_request/show.rb | 10 + qa/qa/resource/bulk_import_group.rb | 1 + .../test/integration/import_with_smtp.rb | 13 + .../migration/gitlab_migration_group_spec.rb | 2 +- .../migration/gitlab_migration_issue_spec.rb | 4 +- .../gitlab_migration_large_project_spec.rb | 4 +- .../gitlab_migration_members_spec.rb | 4 +- .../migration/gitlab_migration_mr_spec.rb | 4 +- .../gitlab_migration_pipeline_spec.rb | 4 +- .../gitlab_migration_project_spec.rb | 4 +- .../gitlab_migration_release_spec.rb | 4 +- .../migration/gitlab_migration_group_spec.rb | 2 +- ...ion_user_contribution_reassignment_spec.rb | 148 +++++++++ .../import/gitlab_group_migration_common.rb | 7 +- qa/qa/vendor/mail_hog/api.rb | 4 + .../ref_commit_resolver_spec.rb} | 12 +- spec/lib/api/helpers_spec.rb | 8 + spec/models/ci/build_spec.rb | 119 +++++--- spec/models/system/broadcast_message_spec.rb | 7 +- spec/requests/api/ci/catalog_spec.rb | 10 + spec/requests/api/ci/job_artifacts_spec.rb | 36 ++- spec/requests/api/ci/pipelines_spec.rb | 7 + .../api/ci/runner/jobs_artifacts_spec.rb | 5 + spec/requests/api/ci/secure_files_spec.rb | 39 +++ spec/requests/api/composer_packages_spec.rb | 20 +- .../api/conan/v1/instance_packages_spec.rb | 22 +- .../api/conan/v1/project_packages_spec.rb | 16 +- .../api/conan/v2/project_packages_spec.rb | 6 + spec/requests/api/deployments_spec.rb | 38 ++- spec/requests/api/environments_spec.rb | 58 +++- spec/requests/api/generic_packages_spec.rb | 26 ++ spec/requests/api/go_proxy_spec.rb | 24 ++ spec/requests/api/maven_packages_spec.rb | 28 ++ .../requests/api/npm_project_packages_spec.rb | 10 +- spec/requests/api/package_files_spec.rb | 12 + spec/requests/api/project_packages_spec.rb | 22 +- spec/requests/api/pypi_packages_spec.rb | 30 +- spec/requests/api/release/links_spec.rb | 40 +++ spec/requests/api/releases_spec.rb | 50 ++++ spec/requests/api/repositories_spec.rb | 12 + spec/requests/api/terraform/state_spec.rb | 26 ++ .../api/terraform/state_version_spec.rb | 10 + spec/services/post_receive_service_spec.rb | 62 ++++ spec/support/rspec_order_todo.yml | 5 - .../ci/job_token_policies_shared_examples.rb | 25 +- .../api/conan_packages_shared_examples.rb | 36 ++- .../api/npm_packages_shared_examples.rb | 30 +- .../requests/api/packages_shared_examples.rb | 6 + spec/tasks/ci/job_tokens_rake_spec.rb | 64 ++++ spec/tasks/ci/job_tokens_task_spec.rb | 249 +++++++++++++++ .../ci/execute_build_hooks_worker_spec.rb | 77 +++++ .../templates/fine_grained_permissions.md.erb | 30 ++ 398 files changed, 2558 insertions(+), 1277 deletions(-) delete mode 100644 app/graphql/resolvers/branch_commit_resolver.rb create mode 100644 app/graphql/resolvers/repositories/ref_commit_resolver.rb create mode 100644 app/workers/ci/execute_build_hooks_worker.rb create mode 100644 config/feature_flags/gitlab_com_derisk/ci_async_build_hooks_execution.yml create mode 100644 config/feature_flags/gitlab_com_derisk/derisk_user_access_level_in_git_hook.yml create mode 100644 db/post_migrate/20250109070247_add_operations_strategies_user_lists_project_id_not_null_constraint.rb create mode 100644 db/schema_migrations/20250109070247 create mode 100644 doc/ci/jobs/fine_grained_permissions.md create mode 100644 doc/development/internal_analytics/browser_sdk.md create mode 100644 lib/tasks/ci/job_tokens.rake create mode 100644 lib/tasks/ci/job_tokens_task.rb create mode 100644 qa/qa/page/component/placeholders/placeholders_table.rb create mode 100644 qa/qa/page/import/review_reassignment.rb create mode 100644 qa/qa/scenario/test/integration/import_with_smtp.rb create mode 100644 qa/qa/specs/features/browser_ui/1_manage/migration/gitlab_migration_user_contribution_reassignment_spec.rb rename spec/graphql/resolvers/{branch_commit_resolver_spec.rb => repositories/ref_commit_resolver_spec.rb} (72%) create mode 100644 spec/tasks/ci/job_tokens_rake_spec.rb create mode 100644 spec/tasks/ci/job_tokens_task_spec.rb create mode 100644 spec/workers/ci/execute_build_hooks_worker_spec.rb create mode 100644 tooling/ci/job_tokens/docs/templates/fine_grained_permissions.md.erb diff --git a/.gitlab/CODEOWNERS b/.gitlab/CODEOWNERS index 133b1920c28..cea797ef75f 100644 --- a/.gitlab/CODEOWNERS +++ b/.gitlab/CODEOWNERS @@ -1251,6 +1251,7 @@ lib/gitlab/checks/** /app/assets/javascripts/packages_and_registries/dependency_proxy/ /app/assets/javascripts/packages_and_registries/harbor_registry/ /ee/app/services/ee/auth/container_registry_authentication_service.rb +app/services/auth/container_registry_authentication_service.rb [Authentication] @gitlab-org/software-supply-chain-security/authentication/approvers /app/assets/javascripts/access_tokens/ diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml index ab82a1b31aa..c4ef7ff11d7 100644 --- a/.gitlab/ci/rules.gitlab-ci.yml +++ b/.gitlab/ci/rules.gitlab-ci.yml @@ -725,6 +725,12 @@ - "tooling/custom_roles/docs/templates/custom_abilities.md.erb" - "ee/{lib/,spec/}tasks/gitlab/custom_roles/*" +.ci-job-token-policies-patterns: &ci-job-token-policies-patterns + - "{,ee/}lib/api/*.rb" + - "app/validators/json_schemas/ci_job_token_policies.json" + - "doc/ci/jobs/fine_grained_permissions.md" + - "tooling/ci/job_tokens/docs/templates/fine_grained_permissions.md.erb" + .cng-orchestrator-patterns: &cng-orchestrator-patterns - "qa/gems/gitlab-cng/**/*.rb" - "qa/gems/gitlab-cng/{Gemfile,Gemfile.lock}" @@ -1262,6 +1268,14 @@ - <<: *if-default-refs changes: *custom-roles-patterns +############################# +# CI job token policy rules # +############################# +.ci-job-token-policies:rules:ci-job-token-policies-verify: + rules: + - <<: *if-default-refs + changes: *ci-job-token-policies-patterns + ################## # Frontend rules # ################## diff --git a/.gitlab/ci/static-analysis.gitlab-ci.yml b/.gitlab/ci/static-analysis.gitlab-ci.yml index a540f634cff..197add3f142 100644 --- a/.gitlab/ci/static-analysis.gitlab-ci.yml +++ b/.gitlab/ci/static-analysis.gitlab-ci.yml @@ -243,6 +243,19 @@ custom-roles-verify: script: - bundle exec rake gitlab:custom_roles:check_docs +ci-job-token-policies-verify: + variables: + SETUP_DB: "false" + extends: + - .default-retry + - .ruby-cache + - .default-before_script + - .ci-job-token-policies:rules:ci-job-token-policies-verify + stage: lint + needs: [] + script: + - bundle exec rake ci:job_tokens:check_policies + templates-shellcheck: extends: - .ci-templates:rules:shellcheck diff --git a/.gitlab/ci/test-on-omnibus/main.gitlab-ci.yml b/.gitlab/ci/test-on-omnibus/main.gitlab-ci.yml index 18f10146eb3..333a52e9d82 100644 --- a/.gitlab/ci/test-on-omnibus/main.gitlab-ci.yml +++ b/.gitlab/ci/test-on-omnibus/main.gitlab-ci.yml @@ -268,6 +268,17 @@ importers: rules: - if: $QA_SUITES =~ /Test::Integration::Import/ +import-with-smtp: + extends: + - .qa + - .failure-videos + variables: + QA_SCENARIO: Test::Integration::ImportWithSMTP + rules: + - !reference [.rules:test:qa, rules] + - if: $QA_SUITES =~ /Test::Integration::ImportWithSMTP/ + - !reference [.rules:test:manual, rules] + # ========== ai-gateway =========== ai-gateway: extends: diff --git a/.rubocop_todo/gitlab/bounded_contexts.yml b/.rubocop_todo/gitlab/bounded_contexts.yml index 05957e372dc..6b4b5300313 100644 --- a/.rubocop_todo/gitlab/bounded_contexts.yml +++ b/.rubocop_todo/gitlab/bounded_contexts.yml @@ -239,7 +239,6 @@ Gitlab/BoundedContexts: - 'app/graphql/resolvers/board_lists_resolver.rb' - 'app/graphql/resolvers/board_resolver.rb' - 'app/graphql/resolvers/boards_resolver.rb' - - 'app/graphql/resolvers/branch_commit_resolver.rb' - 'app/graphql/resolvers/bulk_labels_resolver.rb' - 'app/graphql/resolvers/codequality_reports_comparer_resolver.rb' - 'app/graphql/resolvers/commit_pipelines_resolver.rb' @@ -3209,7 +3208,6 @@ Gitlab/BoundedContexts: - 'ee/app/services/elastic/data_migration_service.rb' - 'ee/app/services/elastic/index_projects_by_id_service.rb' - 'ee/app/services/elastic/index_projects_by_range_service.rb' - - 'ee/app/services/elastic/indexing_control_service.rb' - 'ee/app/services/elastic/process_bookkeeping_service.rb' - 'ee/app/services/elastic/process_initial_bookkeeping_service.rb' - 'ee/app/services/epic_issues/create_service.rb' @@ -3448,7 +3446,6 @@ Gitlab/BoundedContexts: - 'ee/app/workers/click_house/events_sync_worker.rb' - 'ee/app/workers/click_house/rebuild_materialized_view_cron_worker.rb' - 'ee/app/workers/concerns/elastic/bulk_cron_worker.rb' - - 'ee/app/workers/concerns/elastic/indexing_control.rb' - 'ee/app/workers/concerns/elastic/migration_backfill_helper.rb' - 'ee/app/workers/concerns/elastic/migration_create_index.rb' - 'ee/app/workers/concerns/elastic/migration_helper.rb' diff --git a/.rubocop_todo/layout/line_length.yml b/.rubocop_todo/layout/line_length.yml index 7fe8c9fffda..d5a35a16f06 100644 --- a/.rubocop_todo/layout/line_length.yml +++ b/.rubocop_todo/layout/line_length.yml @@ -1734,7 +1734,6 @@ Layout/LineLength: - 'ee/spec/services/ee/users/destroy_service_spec.rb' - 'ee/spec/services/ee/users/update_service_spec.rb' - 'ee/spec/services/elastic/data_migration_service_spec.rb' - - 'ee/spec/services/elastic/indexing_control_service_spec.rb' - 'ee/spec/services/elastic/process_initial_bookkeeping_service_spec.rb' - 'ee/spec/services/epic_issues/create_service_spec.rb' - 'ee/spec/services/epics/issue_promote_service_spec.rb' diff --git a/.rubocop_todo/lint/unused_method_argument.yml b/.rubocop_todo/lint/unused_method_argument.yml index a8ab58dafd8..0229e6ae938 100644 --- a/.rubocop_todo/lint/unused_method_argument.yml +++ b/.rubocop_todo/lint/unused_method_argument.yml @@ -20,7 +20,6 @@ Lint/UnusedMethodArgument: - 'app/graphql/mutations/notes/create/image_diff_note.rb' - 'app/graphql/resolvers/base_resolver.rb' - 'app/graphql/resolvers/board_list_issues_resolver.rb' - - 'app/graphql/resolvers/branch_commit_resolver.rb' - 'app/graphql/resolvers/ci/runner_groups_resolver.rb' - 'app/graphql/resolvers/ci/runner_platforms_resolver.rb' - 'app/graphql/resolvers/ci/runner_setup_resolver.rb' diff --git a/.rubocop_todo/rspec/any_instance_of.yml b/.rubocop_todo/rspec/any_instance_of.yml index e02d2fe91d1..8f4f1112452 100644 --- a/.rubocop_todo/rspec/any_instance_of.yml +++ b/.rubocop_todo/rspec/any_instance_of.yml @@ -52,7 +52,6 @@ RSpec/AnyInstanceOf: - 'ee/spec/support/shared_examples/lib/gitlab/geo/geo_logs_event_source_info_shared_examples.rb' - 'ee/spec/support/shared_examples/models/member_shared_examples.rb' - 'ee/spec/support/shared_examples/services/base_sync_service_shared_examples.rb' - - 'ee/spec/workers/concerns/elastic/indexing_control_spec.rb' - 'ee/spec/workers/geo/registry_sync_worker_spec.rb' - 'ee/spec/workers/project_cache_worker_spec.rb' - 'ee/spec/workers/repository_import_worker_spec.rb' diff --git a/.rubocop_todo/rspec/be_eq.yml b/.rubocop_todo/rspec/be_eq.yml index d1bd2086139..c415088857f 100644 --- a/.rubocop_todo/rspec/be_eq.yml +++ b/.rubocop_todo/rspec/be_eq.yml @@ -23,8 +23,6 @@ RSpec/BeEq: - 'ee/spec/controllers/projects/settings/operations_controller_spec.rb' - 'ee/spec/controllers/projects/settings/repository_controller_spec.rb' - 'ee/spec/controllers/projects_controller_spec.rb' - - 'ee/spec/elastic/migrate/20240814231502_remove_work_item_access_level_from_work_item_spec.rb' - - 'ee/spec/elastic/migrate/20241002103536_reindex_merge_requests_for_title_completion_spec.rb' - 'ee/spec/elastic/migrate/20241017094601_add_embedding_to_work_items_opensearch_spec.rb' - 'ee/spec/features/admin/admin_emails_spec.rb' - 'ee/spec/features/admin/admin_settings_spec.rb' @@ -529,7 +527,6 @@ RSpec/BeEq: - 'ee/spec/workers/ee/repository_check/batch_worker_spec.rb' - 'ee/spec/workers/ee/repository_check/single_repository_worker_spec.rb' - 'ee/spec/workers/elastic_cluster_reindexing_cron_worker_spec.rb' - - 'ee/spec/workers/elastic_index_bulk_cron_worker_spec.rb' - 'ee/spec/workers/elastic_remove_expired_namespace_subscriptions_from_index_cron_worker_spec.rb' - 'ee/spec/workers/llm/completion_worker_spec.rb' - 'ee/spec/workers/product_analytics/initialize_snowplow_product_analytics_worker_spec.rb' diff --git a/.rubocop_todo/rspec/context_wording.yml b/.rubocop_todo/rspec/context_wording.yml index 3f945187a52..597f2a64dfd 100644 --- a/.rubocop_todo/rspec/context_wording.yml +++ b/.rubocop_todo/rspec/context_wording.yml @@ -657,7 +657,6 @@ RSpec/ContextWording: - 'ee/spec/services/ee/users/update_service_spec.rb' - 'ee/spec/services/ee/vulnerability_feedback_module/update_service_spec.rb' - 'ee/spec/services/elastic/data_migration_service_spec.rb' - - 'ee/spec/services/elastic/indexing_control_service_spec.rb' - 'ee/spec/services/epic_issues/destroy_service_spec.rb' - 'ee/spec/services/epic_issues/list_service_spec.rb' - 'ee/spec/services/epic_issues/update_service_spec.rb' @@ -811,7 +810,6 @@ RSpec/ContextWording: - 'ee/spec/workers/ci/runners/stale_group_runners_prune_cron_worker_spec.rb' - 'ee/spec/workers/ci/upstream_projects_subscriptions_cleanup_worker_spec.rb' - 'ee/spec/workers/ee/repository_check/batch_worker_spec.rb' - - 'ee/spec/workers/elastic_indexing_control_worker_spec.rb' - 'ee/spec/workers/geo/prune_event_log_worker_spec.rb' - 'ee/spec/workers/geo/verification_timeout_worker_spec.rb' - 'ee/spec/workers/group_saml_group_sync_worker_spec.rb' diff --git a/.rubocop_todo/rspec/expect_change.yml b/.rubocop_todo/rspec/expect_change.yml index 110044f2bcf..44f2a5d7e36 100644 --- a/.rubocop_todo/rspec/expect_change.yml +++ b/.rubocop_todo/rspec/expect_change.yml @@ -97,7 +97,6 @@ RSpec/ExpectChange: - 'ee/spec/services/ee/users/block_service_spec.rb' - 'ee/spec/services/ee/users/create_service_spec.rb' - 'ee/spec/services/ee/users/destroy_service_spec.rb' - - 'ee/spec/services/elastic/indexing_control_service_spec.rb' - 'ee/spec/services/epic_issues/create_service_spec.rb' - 'ee/spec/services/epics/issue_promote_service_spec.rb' - 'ee/spec/services/epics/transfer_service_spec.rb' diff --git a/.rubocop_todo/rspec/expect_in_hook.yml b/.rubocop_todo/rspec/expect_in_hook.yml index 040f573de4d..82373b3b1a7 100644 --- a/.rubocop_todo/rspec/expect_in_hook.yml +++ b/.rubocop_todo/rspec/expect_in_hook.yml @@ -67,7 +67,6 @@ RSpec/ExpectInHook: - 'ee/spec/tasks/gitlab/license_rake_spec.rb' - 'ee/spec/tasks/gitlab/spdx_rake_spec.rb' - 'ee/spec/workers/analytics/cycle_analytics/consistency_worker_spec.rb' - - 'ee/spec/workers/elastic_indexing_control_worker_spec.rb' - 'ee/spec/workers/geo/secondary/registry_consistency_worker_spec.rb' - 'ee/spec/workers/geo/verification_state_backfill_worker_spec.rb' - 'qa/qa/specs/features/ee/browser_ui/11_fulfillment/license/cloud_activation_spec.rb' diff --git a/.rubocop_todo/rspec/feature_category.yml b/.rubocop_todo/rspec/feature_category.yml index d29c0d7423f..cac9a0613ec 100644 --- a/.rubocop_todo/rspec/feature_category.yml +++ b/.rubocop_todo/rspec/feature_category.yml @@ -1441,7 +1441,6 @@ RSpec/FeatureCategory: - 'spec/graphql/resolvers/board_lists_resolver_spec.rb' - 'spec/graphql/resolvers/board_resolver_spec.rb' - 'spec/graphql/resolvers/boards_resolver_spec.rb' - - 'spec/graphql/resolvers/branch_commit_resolver_spec.rb' - 'spec/graphql/resolvers/ci/template_resolver_spec.rb' - 'spec/graphql/resolvers/ci/test_report_summary_resolver_spec.rb' - 'spec/graphql/resolvers/ci/test_suite_resolver_spec.rb' diff --git a/.rubocop_todo/rspec/named_subject.yml b/.rubocop_todo/rspec/named_subject.yml index 6698145500b..bc89b3cfe33 100644 --- a/.rubocop_todo/rspec/named_subject.yml +++ b/.rubocop_todo/rspec/named_subject.yml @@ -912,7 +912,6 @@ RSpec/NamedSubject: - 'ee/spec/services/ee/users/build_service_spec.rb' - 'ee/spec/services/ee/work_items/import_csv_service_spec.rb' - 'ee/spec/services/elastic/data_migration_service_spec.rb' - - 'ee/spec/services/elastic/indexing_control_service_spec.rb' - 'ee/spec/services/elastic/metrics_update_service_spec.rb' - 'ee/spec/services/epic_issues/create_service_spec.rb' - 'ee/spec/services/epic_issues/destroy_service_spec.rb' @@ -1074,7 +1073,6 @@ RSpec/NamedSubject: - 'ee/spec/workers/ee/repository_check/batch_worker_spec.rb' - 'ee/spec/workers/elastic/namespace_update_worker_spec.rb' - 'ee/spec/workers/elastic_full_index_worker_spec.rb' - - 'ee/spec/workers/elastic_indexing_control_worker_spec.rb' - 'ee/spec/workers/elastic_namespace_rollout_worker_spec.rb' - 'ee/spec/workers/geo/destroy_worker_spec.rb' - 'ee/spec/workers/geo/registry_sync_worker_spec.rb' diff --git a/.rubocop_todo/search/namespaced_class.yml b/.rubocop_todo/search/namespaced_class.yml index ad94ba53c2a..fdebee1797c 100644 --- a/.rubocop_todo/search/namespaced_class.yml +++ b/.rubocop_todo/search/namespaced_class.yml @@ -38,12 +38,10 @@ Search/NamespacedClass: - 'ee/app/services/elastic/data_migration_service.rb' - 'ee/app/services/elastic/index_projects_by_id_service.rb' - 'ee/app/services/elastic/index_projects_by_range_service.rb' - - 'ee/app/services/elastic/indexing_control_service.rb' - 'ee/app/services/elastic/process_bookkeeping_service.rb' - 'ee/app/services/elastic/process_initial_bookkeeping_service.rb' - 'ee/app/services/protected_environments/search_service.rb' - 'ee/app/workers/concerns/elastic/bulk_cron_worker.rb' - - 'ee/app/workers/concerns/elastic/indexing_control.rb' - 'ee/app/workers/concerns/elastic/migration_backfill_helper.rb' - 'ee/app/workers/concerns/elastic/migration_create_index.rb' - 'ee/app/workers/concerns/elastic/migration_helper.rb' diff --git a/.rubocop_todo/style/inline_disable_annotation.yml b/.rubocop_todo/style/inline_disable_annotation.yml index c49bc025aa4..442351c60ce 100644 --- a/.rubocop_todo/style/inline_disable_annotation.yml +++ b/.rubocop_todo/style/inline_disable_annotation.yml @@ -1289,7 +1289,6 @@ Style/InlineDisableAnnotation: - 'ee/app/services/ee/users/destroy_service.rb' - 'ee/app/services/ee/users/update_service.rb' - 'ee/app/services/elastic/index_projects_by_range_service.rb' - - 'ee/app/services/elastic/indexing_control_service.rb' - 'ee/app/services/elastic/process_bookkeeping_service.rb' - 'ee/app/services/epic_issues/create_service.rb' - 'ee/app/services/epics/strategies/base_dates_strategy.rb' diff --git a/.rubocop_todo/style/mutable_constant.yml b/.rubocop_todo/style/mutable_constant.yml index 4f214c4154e..fe608f65462 100644 --- a/.rubocop_todo/style/mutable_constant.yml +++ b/.rubocop_todo/style/mutable_constant.yml @@ -11,7 +11,6 @@ Style/MutableConstant: - 'app/services/packages/maven/metadata/append_package_file_service.rb' - 'app/workers/concerns/worker_context.rb' - 'danger/architecture/Dangerfile' - - 'ee/app/services/elastic/indexing_control_service.rb' - 'ee/app/services/security/ingestion/tasks/ingest_vulnerability_statistics.rb' - 'ee/app/services/vulnerabilities/statistics/adjustment_service.rb' - 'ee/app/services/vulnerabilities/statistics/update_service.rb' diff --git a/GITLAB_KAS_VERSION b/GITLAB_KAS_VERSION index 4f2b1fc00de..b6a83a8e655 100644 --- a/GITLAB_KAS_VERSION +++ b/GITLAB_KAS_VERSION @@ -1 +1 @@ -75f33270bda9bf257949abfc1fcbe6ca90c7a479 +eb969b365e75ba081eebc768e59e546c915ea185 diff --git a/app/assets/javascripts/members/placeholders/components/placeholders_table.vue b/app/assets/javascripts/members/placeholders/components/placeholders_table.vue index 79dfe109127..f18095b08b9 100644 --- a/app/assets/javascripts/members/placeholders/components/placeholders_table.vue +++ b/app/assets/javascripts/members/placeholders/components/placeholders_table.vue @@ -266,6 +266,7 @@ export default { v-if="statusBadge(item)" v-gl-tooltip="statusBadge(item).tooltip" :variant="statusBadge(item).variant" + data-testid="placeholder-status" tabindex="0" >{{ statusBadge(item).text }} @@ -279,6 +280,7 @@ export default { :src="reassignedUser(item).avatarUrl" :label="reassignedUser(item).name" :sub-label="`@${reassignedUser(item).username}`" + data-testid="placeholder-reassigned" /> diff --git a/app/assets/javascripts/vue_shared/issuable/show/components/issuable_header.vue b/app/assets/javascripts/vue_shared/issuable/show/components/issuable_header.vue index 26693b65bb1..b4ab447299b 100644 --- a/app/assets/javascripts/vue_shared/issuable/show/components/issuable_header.vue +++ b/app/assets/javascripts/vue_shared/issuable/show/components/issuable_header.vue @@ -190,7 +190,12 @@ export default { {{ serviceDeskReplyTo }}