root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2025-02-07 06:12:33 +00:00
parent 5b3014ad70
commit 8511eaaf7f
358 changed files with 1836 additions and 1535 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
GITLAB_KAS_VERSION
View File

@ -1 +1 @@
12d49304c0163157cce8cf5aa46d5caf7384f976
3a23637937e7907cf4b45ecbb68142198becaf10

2
app/assets/javascripts/ci/pipelines_page/components/pipeline_labels.vue
View File

@ -45,7 +45,7 @@ export default {
return `pipeline-url-autodevops-${this.pipeline.id}`;
},
autoDevopsHelpPath() {
return helpPagePath('topics/autodevops/index.md');
return helpPagePath('topics/autodevops/_index.md');
},
isApi() {
return this.pipeline.source === API_ORIGIN;

2
app/assets/javascripts/clusters_list/components/agent_empty_state.vue
View File

@ -5,7 +5,7 @@ import { I18N_AGENTS_EMPTY_STATE } from '../constants';
export default {
i18n: I18N_AGENTS_EMPTY_STATE,
agentDocsUrl: helpPagePath('user/clusters/agent/index'),
agentDocsUrl: helpPagePath('user/clusters/agent/_index'),
components: {
GlEmptyState,
GlLink,

4
app/assets/javascripts/clusters_list/components/agent_table.vue
View File

@ -57,10 +57,10 @@ export default {
mixins: [timeagoMixin],
AGENT_STATUSES,
troubleshootingLink: helpPagePath('user/clusters/agent/troubleshooting'),
versionUpdateLink: helpPagePath('user/clusters/agent/install/index', {
versionUpdateLink: helpPagePath('user/clusters/agent/install/_index', {
anchor: 'update-the-agent-version',
}),
configHelpLink: helpPagePath('user/clusters/agent/install/index', {
configHelpLink: helpPagePath('user/clusters/agent/install/_index', {
anchor: 'create-an-agent-configuration-file',
}),
props: {

2
app/assets/javascripts/clusters_list/components/agent_token.vue
View File

@ -8,7 +8,7 @@ import { I18N_AGENT_TOKEN, HELM_VERSION_POLICY_URL } from '../constants';
export default {
i18n: I18N_AGENT_TOKEN,
advancedInstallPath: helpPagePath('user/clusters/agent/install/index', {
advancedInstallPath: helpPagePath('user/clusters/agent/install/_index', {
anchor: 'advanced-installation-method',
}),
HELM_VERSION_POLICY_URL,

2
app/assets/javascripts/clusters_list/components/clusters_main_view.vue
View File

@ -25,7 +25,7 @@ export default {
'ClusterAgents|Optionally, for additional configuration settings, a %{linkStart}configuration file%{linkEnd} can be created in the repository. You can do so within the default branch by creating the file at: %{codeStart}.gitlab/agents/%{agentName}/config.yaml%{codeEnd}',
),
},
configurationDocsLink: helpPagePath('user/clusters/agent/install/index', {
configurationDocsLink: helpPagePath('user/clusters/agent/install/_index', {
anchor: 'create-an-agent-configuration-file',
}),
components: {

4
app/assets/javascripts/clusters_list/components/install_agent_modal.vue
View File

@ -39,10 +39,10 @@ export default {
EVENT_LABEL_MODAL,
glabCommand: 'glab cluster agent bootstrap <agent-name>',
enableKasPath: helpPagePath('administration/clusters/kas'),
registerAgentPath: helpPagePath('user/clusters/agent/install/index', {
registerAgentPath: helpPagePath('user/clusters/agent/install/_index', {
anchor: 'register-the-agent-with-gitlab',
}),
bootstrapAgentWithFluxHelpPath: helpPagePath('user/clusters/agent/install/index', {
bootstrapAgentWithFluxHelpPath: helpPagePath('user/clusters/agent/install/_index', {
anchor: 'bootstrap-the-agent-with-flux-support-recommended',
}),
commandLanguage: 'shell',

2
app/assets/javascripts/clusters_list/constants.js
View File

@ -206,7 +206,7 @@ export const AGENT_CARD_INFO = {
'ClusterAgents|The GitLab agent provides an increased level of security when connecting Kubernetes clusters to GitLab. %{linkStart}Learn more about the GitLab agent.%{linkEnd}',
),
),
link: helpPagePath('user/clusters/agent/index'),
link: helpPagePath('user/clusters/agent/_index'),
},
footerText: sprintf(s__('ClusterAgents|View all %{number} agents')),
};

2
app/assets/javascripts/environments/components/environment_namespace_selector.vue
View File

@ -31,7 +31,7 @@ export default {
default: '',
},
},
clustersHelpPagePath: helpPagePath('user/clusters/agent/index.md'),
clustersHelpPagePath: helpPagePath('user/clusters/agent/_index.md'),
i18n: {
namespaceLabel: s__('Environments|Kubernetes namespace (optional)'),
namespaceHelpText: s__('Environments|Select namespace'),

2
app/assets/javascripts/environments/environment_details/components/kubernetes/kubernetes_overview.vue
View File

@ -276,7 +276,7 @@ export default {
actions: __('Actions'),
error: __('Error: '),
},
learnMoreLink: helpPagePath('user/clusters/agent/index'),
learnMoreLink: helpPagePath('user/clusters/agent/_index'),
getStartedLink: helpPagePath('ci/environments/kubernetes_dashboard'),
CLUSTER_EMPTY_SVG,
CONNECT_MODAL_ID,

14
app/assets/javascripts/pages/shared/wikis/wiki_notes/components/wiki_comment_form.vue
View File

@ -9,7 +9,7 @@ import createWikiPageNoteMuatation from '~/wikis/graphql/notes/create_wiki_page_
import updateWikiPageMutation from '~/wikis/graphql/notes/update_wiki_page_note.mutation.graphql';
import { detectAndConfirmSensitiveTokens } from '~/lib/utils/secret_detection';
import { COMMENT_FORM } from '~/notes/i18n';
import { __, sprintf } from '~/locale';
import { __ } from '~/locale';
import HelpIcon from '~/vue_shared/components/help_icon/help_icon.vue';
import { trackSavedUsingEditor } from '~/vue_shared/components/markdown/tracking';
import * as constants from '~/notes/constants';
@ -145,15 +145,13 @@ export default {
return this.$emit('cancel');
}
const actionText = this.isEdit ? 'editing' : 'creating';
const msg = sprintf(__('Are you sure you want to cancel %{actionText} this comment?'), {
actionText,
});
const msg = this.isEdit
? __('Are you sure you want to cancel editing this comment?')
: __('Are you sure you want to cancel creating this comment?');
const confirmed = await confirmAction(msg, {
primaryBtnText: __('Discard Changes'),
cancelBtnText: sprintf(__('continue %{actionText}'), { actionText }),
primaryBtnText: __('Discard changes'),
cancelBtnText: this.isEdit ? __('Continue editing') : __('Continue creating'),
});
if (confirmed) {

6
app/assets/javascripts/pages/shared/wikis/wiki_notes/components/wiki_notes_app.vue
View File

@ -66,6 +66,9 @@ export default {
wikiPageData() {
return this.$apollo.queries.wikiPage;
},
isLoading() {
return this.$apollo.queries.wikiPage.loading;
},
},
mounted() {
eventHub.$on(EVENT_EDIT_WIKI_START, () => {
@ -126,8 +129,9 @@ export default {
<ordered-layout :slot-keys="slotKeys">
<template #form>
<wiki-comment-form
v-if="!isLoading"
:noteable-id="noteableId"
:note-id="containerId"
:note-id="noteableId"
@creating-note:start="setPlaceHolderNote"
@creating-note:done="removePlaceholder"
@creating-note:success="updateDiscussions"

2
app/assets/javascripts/projects/new/components/deployment_target_select.vue
View File

@ -26,7 +26,7 @@ export default {
VISIT_DOCS_EVENT,
DEPLOYMENT_TARGET_LABEL,
selectId: 'deployment-target-select',
helpPageUrl: helpPagePath('user/clusters/agent/index'),
helpPageUrl: helpPagePath('user/clusters/agent/_index'),
components: {
GlFormGroup,
GlFormSelect,

5
app/assets/javascripts/projects/settings/components/access_dropdown.vue
View File

@ -268,7 +268,10 @@ export default {
this.initialLoading = false;
this.loading = false;
});
} else if (this.glAbilities.adminProtectedBranch) {
} else if (
this.glAbilities.adminProtectedBranch ||
this.glAbilities.adminProtectedEnvironments
) {
Promise.all([getUsers(this.query), this.getGroups()])
.then(([usersResponse, groupsResponse]) => {
this.consolidateData(null, usersResponse.data, groupsResponse.data);

2
app/assets/javascripts/repository/components/commit_changes_modal.vue
View File

@ -241,7 +241,7 @@ export default {
this.$emit('submit-form', formData);
},
},
deleteLfsHelpPath: helpPagePath('topics/git/lfs', {
deleteLfsHelpPath: helpPagePath('topics/git/lfs/_index', {
anchor: 'delete-a-git-lfs-file-from-repository-history',
}),
protectedBranchHelpPath: helpPagePath('user/project/repository/branches/protected'),

2
app/assets/javascripts/vue_merge_request_widget/constants.js
View File

@ -229,7 +229,7 @@ export const CLICK_FULL_REPORT_ON_MERGE_REQUEST_WIDGET =
export { STATE_MACHINE };
export const INVALID_RULES_DOCS_PATH = helpPagePath(
'user/project/merge_requests/approvals/index.md',
'user/project/merge_requests/approvals/_index.md',
{
anchor: 'invalid-rules',
},

2
app/assets/javascripts/vue_shared/components/groups_list/group_list_item_prevent_delete_modal.vue
View File

@ -48,7 +48,7 @@ export default {
<gl-sprintf :message="$options.i18n.message">
<template #link="{ content }">
<help-page-link
href="subscriptions/gitlab_com/index"
href="subscriptions/gitlab_com/_index"
anchor="link-subscription-to-a-group"
>{{ content }}</help-page-link
>

2
app/assets/javascripts/work_items/components/work_item_development/work_item_create_branch_merge_request_modal.vue
View File

@ -44,7 +44,7 @@ export default {
checkingBranchValidity: __('Checking branch validity'),
},
createMRModalId: 'create-merge-request-modal',
mergeRequestHelpPagePath: helpPagePath('user/project/merge_requests/index.md'),
mergeRequestHelpPagePath: helpPagePath('user/project/merge_requests/_index.md'),
inject: ['groupPath'],
props: {
showModal: {

8
app/assets/javascripts/work_items/notes/collapse_utils.js
View File

@ -50,14 +50,14 @@ export const collapseSystemNotes = (notes) => {
if (
timeDifferenceMinutes > TIME_DIFFERENCE_VALUE ||
note.author.id !== lastDescriptionSystemNote.author.id ||
lastDescriptionSystemNote.systemNoteMetadata.descriptionVersion?.deleted
lastDescriptionSystemNote.systemNoteMetadata?.descriptionVersion?.deleted
) {
// update the previous system note
lastDescriptionSystemNote = note;
} else {
// set the first version to fetch grouped system note versions
lastStartVersionId = lastDescriptionSystemNote.systemNoteMetadata.descriptionVersion?.id;
lastStartVersionId = lastDescriptionSystemNote.systemNoteMetadata?.descriptionVersion?.id;
// delete the previous one
acc.splice(lastDescriptionSystemNoteIndex, 1);
@ -73,9 +73,9 @@ export const collapseSystemNotes = (notes) => {
{
...note,
systemNoteMetadata: {
...note.systemNoteMetadata,
...note?.systemNoteMetadata,
descriptionVersion: {
...note.systemNoteMetadata.descriptionVersion,
...note?.systemNoteMetadata?.descriptionVersion,
startVersionId: lastStartVersionId,
},
},

40
app/assets/stylesheets/framework/calendar.scss
View File

@ -1,3 +1,19 @@
:root {
--user-contribution-graph-cell-level-0: var(--gl-color-neutral-50);
--user-contribution-graph-cell-level-1: var(--gl-color-data-blue-100);
--user-contribution-graph-cell-level-2: var(--gl-color-data-blue-400);
--user-contribution-graph-cell-level-3: var(--gl-color-data-blue-600);
--user-contribution-graph-cell-level-4: var(--gl-color-data-blue-900);
}
:root.gl-dark {
--user-contribution-graph-cell-level-0: var(--gl-color-neutral-900);
--user-contribution-graph-cell-level-1: var(--gl-color-data-blue-900);
--user-contribution-graph-cell-level-2: var(--gl-color-data-blue-600);
--user-contribution-graph-cell-level-3: var(--gl-color-data-blue-400);
--user-contribution-graph-cell-level-4: var(--gl-color-data-blue-100);
}
.user-contrib-cell {
&:hover,
&:focus,
@ -12,13 +28,23 @@
stroke-width: 2px;
}
// `app/assets/javascripts/pages/users/activity_calendar.js` sets this attribute
@for $i from 1 through length($calendar-activity-colors) {
$color: nth($calendar-activity-colors, $i);
$level: $i - 1;
&[data-level="0"] {
fill: var(--user-contribution-graph-cell-level-0);
}
&[data-level='#{$level}'] {
fill: $color;
}
&[data-level="1"] {
fill: var(--user-contribution-graph-cell-level-1);
}
&[data-level="2"] {
fill: var(--user-contribution-graph-cell-level-2);
}
&[data-level="3"] {
fill: var(--user-contribution-graph-cell-level-3);
}
&[data-level="4"] {
fill: var(--user-contribution-graph-cell-level-4);
}
}

12
app/assets/stylesheets/framework/variables.scss
View File

@ -291,18 +291,6 @@ $issue-boards-card-shadow: rgba(0, 0, 0, 0.1);
$builds-log-bg: #111;
$job-line-number-width: 50px;
/*
* Calendar
*/
// See https://gitlab.com/gitlab-org/gitlab/-/issues/332150 to align with Pajamas Design System
$calendar-activity-colors: (
var(--gray-50),
var(--data-viz-blue-100),
var(--data-viz-blue-400),
var(--data-viz-blue-600),
var(--data-viz-blue-900)
) !default;
/*
* Commit Page
*/

13
app/controllers/projects/settings/ci_cd_controller.rb
View File

@ -8,8 +8,9 @@ module Projects
NUMBER_OF_RUNNERS_PER_PAGE = 20
layout 'project_settings'
before_action :authorize_admin_pipeline!, except: [:reset_cache, :show]
before_action :authorize_admin_pipeline!, except: [:reset_cache, :show, :update]
before_action :authorize_show_cicd_settings!, only: :show
before_action :authorize_update_cicd_settings!, only: :update
before_action :authorize_reset_cache!, only: :reset_cache
before_action :check_builds_available!
before_action :define_variables
@ -21,6 +22,7 @@ module Projects
push_frontend_feature_flag(:authentication_logs_migration_for_allowlist, @project)
push_frontend_ability(ability: :admin_project, resource: @project, user: current_user)
push_frontend_ability(ability: :admin_protected_environments, resource: @project, user: current_user)
end
helper_method :highlight_badge
@ -120,6 +122,15 @@ module Projects
access_denied!
end
def authorize_update_cicd_settings!
return if can_any?(current_user, [
:admin_pipeline,
:admin_protected_environments
], project)
access_denied!
end
def highlight_badge(name, content, language = nil)
Gitlab::Highlight.highlight(name, content, language: language)
end

2
app/helpers/clusters_helper.rb
View File

@ -37,7 +37,7 @@ module ClustersHelper
editable: can_edit.to_s,
environment_scope: cluster.environment_scope,
base_domain: cluster.base_domain,
auto_devops_help_path: help_page_path('topics/autodevops/index.md'),
auto_devops_help_path: help_page_path('topics/autodevops/_index.md'),
external_endpoint_help_path: help_page_path('user/project/clusters/gitlab_managed_clusters.md', anchor: 'base-domain')
}
end

4
app/helpers/mirror_helper.rb
View File

@ -14,7 +14,7 @@ module MirrorHelper
'for the project%{docs_link_end}.'
)
docs_link = link_to('', help_page_path('topics/git/lfs/index.md'), target: '_blank', rel: 'noopener noreferrer')
docs_link = link_to('', help_page_path('topics/git/lfs/_index.md'), target: '_blank', rel: 'noopener noreferrer')
safe_format(template, tag_pair(docs_link, :docs_link_start, :docs_link_end))
end
@ -25,7 +25,7 @@ module MirrorHelper
'for the project%{docs_link_end}.'
)
docs_link = link_to('', help_page_path('topics/git/lfs/index.md'), target: '_blank', rel: 'noopener noreferrer')
docs_link = link_to('', help_page_path('topics/git/lfs/_index.md'), target: '_blank', rel: 'noopener noreferrer')
safe_format(template, tag_pair(docs_link, :docs_link_start, :docs_link_end))
end

4
app/helpers/projects_helper.rb
View File

@ -462,9 +462,9 @@ module ProjectsHelper
registryAvailable: Gitlab.config.registry.enabled,
registryHelpPath: help_page_path('user/packages/container_registry/index.md'),
lfsAvailable: Gitlab.config.lfs.enabled,
lfsHelpPath: help_page_path('topics/git/lfs/index.md'),
lfsHelpPath: help_page_path('topics/git/lfs/_index.md'),
lfsObjectsExist: project.lfs_objects.exists?,
lfsObjectsRemovalHelpPath: help_page_path('topics/git/lfs/index.md',
lfsObjectsRemovalHelpPath: help_page_path('topics/git/lfs/_index.md',
anchor: 'delete-a-git-lfs-file-from-repository-history'),
pagesAvailable: Gitlab.config.pages.enabled,
pagesAccessControlEnabled: Gitlab.config.pages.access_control,

14
app/mailers/emails/members.rb
View File

@ -47,20 +47,6 @@ module Emails
subject: subject('Invitation accepted'))
end
def member_invite_declined_email(member_source_type, source_id, invite_email, created_by_id)
return unless created_by_id
@member_source_type = member_source_type
@member_source = member_source_class.find(source_id)
@invite_email = invite_email
user = User.find(created_by_id)
email_with_layout(
to: user.notification_email_for(notification_group),
subject: subject('Invitation declined'))
end
def member_expiration_date_updated_email(member_source_type, member_id)
@member_source_type = member_source_type
@member_id = member_id

35
app/mailers/members/invite_declined_mailer.rb Normal file
View File

@ -0,0 +1,35 @@
# frozen_string_literal: true
module Members
class InviteDeclinedMailer < ApplicationMailer
helper EmailsHelper
helper_method :member_source, :member_invite_email
layout 'mailer'
def email
return unless valid_to_email?
mail_with_locale(
to: member_created_by.notification_email_for(member_source.notification_group),
subject: EmailsHelper.subject_with_suffix(['Invitation declined'])
)
end
private
delegate :source, :invite_email, :created_by, to: :member, prefix: true
delegate :user, to: :member
def valid_to_email?
# Must always send, regardless of project/namespace configuration since it's a
# response to the user's action.
member && member_created_by.present?
end
def member
params[:member]
end
end
end

15
app/mailers/previews/members/invite_declined_mailer_preview.rb Normal file
View File

@ -0,0 +1,15 @@
# frozen_string_literal: true
module Members
class InviteDeclinedMailerPreview < ActionMailer::Preview
def email
Members::InviteDeclinedMailer.with(member: member).email.message # rubocop:disable CodeReuse/ActiveRecord -- false positive
end
private
def member
Member.with_created_by.connected_to_user.last
end
end
end

9
app/mailers/previews/notify_preview.rb
View File

@ -183,15 +183,6 @@ class NotifyPreview < ActionMailer::Preview
Notify.member_invite_accepted_email(member.source_type, member.id).message
end
def member_invite_declined_email
Notify.member_invite_declined_email(
'project',
project.id,
'invite@example.com',
user.id
).message
end
def member_about_to_expire_email
cleanup do
member = project.add_member(user, Gitlab::Access::GUEST, expires_at: 7.days.from_now.to_date)

2
app/models/member.rb
View File

@ -724,7 +724,7 @@ class Member < ApplicationRecord
end
def after_decline_invite
notification_service.decline_invite(self)
Members::InviteDeclinedMailer.with(member: self).email.deliver_later
end
def after_accept_request

2
app/presenters/dev_ops_report/metric_presenter.rb
View File

@ -44,7 +44,7 @@ module DevOpsReport
description: 'per active user',
feature: 'merge_requests',
blog: 'https://8thlight.com/blog/uncle-bob/2013/02/01/The-Humble-Craftsman.html',
docs: help_page_path('user/project/merge_requests/index.md')
docs: help_page_path('user/project/merge_requests/_index.md')
),
Card.new(
metric: metric,

2
app/presenters/projects/security/configuration_presenter.rb
View File

@ -11,7 +11,7 @@ module Projects
def to_h
{
auto_devops_enabled: auto_devops_source?,
auto_devops_help_page_path: help_page_path('topics/autodevops/index.md'),
auto_devops_help_page_path: help_page_path('topics/autodevops/_index.md'),
auto_devops_path: auto_devops_settings_path(project),
can_enable_auto_devops: can_enable_auto_devops?,
features: features,

12
app/services/notification_service.rb
View File

@ -514,18 +514,6 @@ class NotificationService
recipients.each { |recipient| deliver_access_request_email(recipient, member) }
end
def decline_invite(member)
# Must always send, regardless of project/namespace configuration since it's a
# response to the user's action.
mailer.member_invite_declined_email(
member.real_source_type,
member.source.id,
member.invite_email,
member.created_by_id
).deliver_later
end
def new_member(member)
notifiable_options = case member.source
when Group

2
app/views/admin/application_settings/_ci_cd.html.haml
View File

@ -4,7 +4,7 @@
%fieldset
.form-group
- devops_help_link_url = help_page_path('topics/autodevops/index.md')
- devops_help_link_url = help_page_path('topics/autodevops/_index.md')
- devops_help_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: devops_help_link_url }
= f.gitlab_ui_checkbox_component :auto_devops_enabled, s_('CICD|Default to Auto DevOps pipeline for all projects'), help_text: s_('CICD|The Auto DevOps pipeline runs by default in all projects with no CI/CD configuration file. %{link_start}What is Auto DevOps?%{link_end}').html_safe % { link_start: devops_help_link_start, link_end: '</a>'.html_safe }
.form-group

2
app/views/admin/groups/show.html.haml
View File

@ -50,7 +50,7 @@
.gl-col-span-2
%strong
= group_lfs_status(@group)
= link_to sprite_icon('question-o', css_class: 'gl-fill-icon-info'), help_page_path('topics/git/lfs/index.md')
= link_to sprite_icon('question-o', css_class: 'gl-fill-icon-info'), help_page_path('topics/git/lfs/_index.md')
= render_if_exists 'namespaces/shared_runner_status', namespace: @group
= render_if_exists 'namespaces/additional_minutes_status', namespace: @group

2
app/views/admin/projects/show.html.haml
View File

@ -107,7 +107,7 @@
= _('Git LFS status:')
%strong
= project_lfs_status(@project)
= link_to sprite_icon('question-o'), help_page_path('topics/git/lfs/index.md')
= link_to sprite_icon('question-o'), help_page_path('topics/git/lfs/_index.md')
- else
%li{ class: '!gl-px-5' }
%span.light

2
app/views/clusters/clusters/_deprecation_alert.html.haml
View File

@ -2,6 +2,6 @@
- c.with_body do
- link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe
- issue_link_start = link_start % { url: 'https://gitlab.com/gitlab-org/configure/general/-/issues/199' }
- docs_link_start = link_start % { url: help_page_path('user/clusters/agent/index.md') }
- docs_link_start = link_start % { url: help_page_path('user/clusters/agent/_index.md') }
- link_end = '</a>'.html_safe
= s_('ClusterIntegration|This process is %{issue_link_start}deprecated%{issue_link_end}. Use the %{docs_link_start}the GitLab agent for Kubernetes%{docs_link_end} instead.').html_safe % { docs_link_start: docs_link_start, docs_link_end: link_end, issue_link_start: issue_link_start, issue_link_end: link_end }

2
app/views/groups/_group_admin_settings.html.haml
View File

@ -4,7 +4,7 @@
= f.gitlab_ui_checkbox_component :lfs_enabled, checkbox_options: { checked: @group.lfs_enabled? } do |c|
- c.with_label do
= _('Projects in this group can use Git LFS')
= link_to sprite_icon('question-o'), help_page_path('topics/git/lfs/index.md'), class: 'gl-ml-2'
= link_to sprite_icon('question-o'), help_page_path('topics/git/lfs/_index.md'), class: 'gl-ml-2'
- c.with_help_text do
= _('This setting can be overridden in each project.')
.form-group.gl-form-group{ role: 'group' }

2
app/views/groups/settings/_lfs.html.haml
View File

@ -1,4 +1,4 @@
- docs_link_url = help_page_path('topics/git/lfs/index.md')
- docs_link_url = help_page_path('topics/git/lfs/_index.md')
- docs_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: docs_link_url }
%h5= _('Large File Storage')

2
app/views/groups/settings/_remove_button.html.haml
View File

@ -4,6 +4,6 @@
- if group.linked_to_subscription?
= render Pajamas::AlertComponent.new(variant: :tip, dismissible: false, alert_options: { class: 'gl-mb-5', data: { testid: 'group-has-linked-subscription-alert' }}) do |c|
- c.with_body do
= html_escape(_("This group can't be removed because it is linked to a subscription. To remove this group, %{linkStart}link the subscription%{linkEnd} with a different group.")) % { linkStart: "<a href=\"#{help_page_path('subscriptions/gitlab_com/index.md', anchor: 'link-subscription-to-a-group')}\">".html_safe, linkEnd: '</a>'.html_safe }
= html_escape(_("This group can't be removed because it is linked to a subscription. To remove this group, %{linkStart}link the subscription%{linkEnd} with a different group.")) % { linkStart: "<a href=\"#{help_page_path('subscriptions/gitlab_com/_index.md', anchor: 'link-subscription-to-a-group')}\">".html_safe, linkEnd: '</a>'.html_safe }
.js-confirm-danger{ data: group_confirm_modal_data(group: group, remove_form_id: remove_form_id, button_text: button_text) }

2
app/views/groups/settings/_transfer.html.haml
View File

@ -21,5 +21,5 @@
- if group.paid?
= render Pajamas::AlertComponent.new(variant: :tip, dismissible: false, alert_options: { class: 'gl-mb-5' }) do |c|
- c.with_body do
= html_escape(_("This group can't be transferred because it is linked to a subscription. To transfer this group, %{linkStart}link the subscription%{linkEnd} with a different group.")) % { linkStart: "<a href=\"#{help_page_path('subscriptions/gitlab_com/index.md', anchor: 'link-subscription-to-a-group')}\">".html_safe, linkEnd: '</a>'.html_safe }
= html_escape(_("This group can't be transferred because it is linked to a subscription. To transfer this group, %{linkStart}link the subscription%{linkEnd} with a different group.")) % { linkStart: "<a href=\"#{help_page_path('subscriptions/gitlab_com/_index.md', anchor: 'link-subscription-to-a-group')}\">".html_safe, linkEnd: '</a>'.html_safe }
.js-transfer-group-form{ data: initial_data }

2
app/views/groups/settings/ci_cd/_auto_devops_form.html.haml
View File

@ -4,7 +4,7 @@
.form-group
= render Pajamas::CardComponent.new(card_options: { class: 'gl-mb-3' }) do |c|
- c.with_body do
- learn_more_link = link_to _('Learn more.'), help_page_path('topics/autodevops/index.md'), target: '_blank', rel: 'noopener noreferrer'
- learn_more_link = link_to _('Learn more.'), help_page_path('topics/autodevops/_index.md'), target: '_blank', rel: 'noopener noreferrer'
- help_text = s_('GroupSettings|The Auto DevOps pipeline runs if no alternative CI configuration file is found.')
- badge = gl_badge_tag badge_for_auto_devops_scope(group), variant: :info
- label = s_('GroupSettings|Default to Auto DevOps pipeline for all projects within this group')

2
app/views/groups/settings/ci_cd/show.html.haml
View File

@ -42,7 +42,7 @@
id: 'auto-devops-settings',
expanded: expanded) do |c|
- c.with_description do
- auto_devops_url = help_page_path('topics/autodevops/index.md')
- auto_devops_url = help_page_path('topics/autodevops/_index.md')
- quickstart_url = help_page_path('topics/autodevops/cloud_deployments/auto_devops_with_gke.md')
- auto_devops_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: auto_devops_url }
- quickstart_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: quickstart_url }

2
app/views/notify/member_invite_declined_email.html.haml → app/views/members/invite_declined_mailer/email.html.haml
View File

@ -1,7 +1,7 @@
%tr
%td.text-content
%p
- invited_user = content_tag :span, @invite_email, class: :highlight
- invited_user = content_tag :span, member_invite_email, class: :highlight
- target_link = link_to member_source.human_name, strip_tags(member_source.web_url), class: :highlight
- target_name = sanitize_name(member_source.model_name.singular)
= sanitize(html_escape(s_('Notify|%{invited_user} has %{highlight_start}declined%{highlight_end} your invitation to join the %{target_link} %{target_name}.')) % { invited_user: invited_user,

3
app/views/members/invite_declined_mailer/email.text.erb Normal file
View File

@ -0,0 +1,3 @@
<%= member_invite_email %> has declined your invitation to join the <%= member_source.human_name %> <%= member_source.model_name.singular %>.
<%= member_source.web_url %>

2
app/views/notify/autodevops_disabled_email.html.haml
View File

@ -17,7 +17,7 @@
%tr.pre-section
%td{ style: 'text-align: center;border-bottom:1px solid #ededed' }
%a{ href: help_page_url('topics/autodevops/index.md'), style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;" }
%a{ href: help_page_url('topics/autodevops/_index.md'), style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;" }
%button{ type: 'button', style: 'border-color: #dfdfdf; border-style: solid; border-width: 1px; border-radius: 4px; font-size: 14px; padding: 8px 16px; background-color:#fff; margin: 8px 0; cursor: pointer;' }
= s_('Notify|Learn more about Auto DevOps')

3
app/views/notify/member_invite_declined_email.text.erb
View File

@ -1,3 +0,0 @@
<%= @invite_email %> has declined your invitation to join the <%= member_source.human_name %> <%= member_source.model_name.singular %>.
<%= member_source.web_url %>

2
app/views/projects/_lfs_misconfiguration_banner.html.haml
View File

@ -2,4 +2,4 @@
= render Pajamas::AlertComponent.new(variant: :warning, dismissible: false, alert_options: { class: 'gl-hidden sm:gl-block' }) do |c|
- c.with_body do
= _('Possible LFS configuration issue. This project contains LFS objects but there is no .gitattributes file. You can ignore this message if you recently added a `.gitattributes` file.')
= link_to('Learn more.', help_page_path('topics/git/lfs/index.md'), target: '_blank', rel: 'noopener noreferrer')
= link_to('Learn more.', help_page_path('topics/git/lfs/_index.md'), target: '_blank', rel: 'noopener noreferrer')

2
app/views/projects/empty.html.haml
View File

@ -34,7 +34,7 @@
.git-empty.js-git-empty
%h3.h4= _('Configure your Git identity')
- git_get_started_doc = link_to('', help_page_path('topics/git/get_started.md'), target: '_blank', rel: 'noopener noreferrer')
- git_config_doc = link_to('', help_page_path('topics/git/how_to_install_git/index.md', anchor: 'configure-git'), target: '_blank', rel: 'noopener noreferrer')
- git_config_doc = link_to('', help_page_path('topics/git/how_to_install_git/_index.md', anchor: 'configure-git'), target: '_blank', rel: 'noopener noreferrer')
%p= safe_format(_("%{get_started}Get started with Git%{get_started_end} and learn %{git_config}how to configure it%{git_config_end}."), tag_pair(git_get_started_doc, :get_started, :get_started_end), tag_pair(git_config_doc, :git_config, :git_config_end))
.scrolling-tabs-container.inner-page-scroll-tabs
= gl_tabs_nav({ class: 'js-configure-git-tabs' }) do

2
app/views/projects/issues/_new_branch.html.haml
View File

@ -45,7 +45,7 @@
%li.droplab-item-ignore.gl-ml-3.gl-mr-3.gl-mt-5
- if can_create_confidential_merge_request?
#js-forked-project{ data: { namespace_path: @project.namespace.full_path, project_path: @project.full_path, new_fork_path: new_project_fork_path(@project), help_page_path: help_page_path('user/project/merge_requests/index.md') } }
#js-forked-project{ data: { namespace_path: @project.namespace.full_path, project_path: @project.full_path, new_fork_path: new_project_fork_path(@project), help_page_path: help_page_path('user/project/merge_requests/_index.md') } }
.form-group
%label{ for: 'new-branch-name' }
= _('Branch name')

6
app/views/projects/merge_requests/_widget.html.haml
View File

@ -10,13 +10,13 @@
window.gl.mrWidgetData.pipeline_etag = '#{graphql_etag_pipeline_sha_path(@merge_request.diff_head_sha)}';
window.gl.mrWidgetData.squash_before_merge_help_path = '#{help_page_path("user/project/merge_requests/squash_and_merge.md")}';
window.gl.mrWidgetData.ci_troubleshooting_docs_path = '#{help_page_path('ci/debugging.md')}';
window.gl.mrWidgetData.mr_troubleshooting_docs_path = '#{help_page_path('user/project/merge_requests/reviews/index.md', anchor: 'troubleshooting')}';
window.gl.mrWidgetData.mr_troubleshooting_docs_path = '#{help_page_path('user/project/merge_requests/reviews/_index.md', anchor: 'troubleshooting')}';
window.gl.mrWidgetData.pipeline_must_succeed_docs_path = '#{help_page_path('user/project/merge_requests/merge_when_pipeline_succeeds.md', anchor: 'require-a-successful-pipeline-for-merge')}';
window.gl.mrWidgetData.code_coverage_check_help_page_path = '#{help_page_path('ci/testing/code_coverage.md', anchor: 'add-a-coverage-check-approval-rule')}';
window.gl.mrWidgetData.code_coverage_check_help_page_path = '#{help_page_path('ci/testing/code_coverage/_index.md', anchor: 'add-a-coverage-check-approval-rule')}';
window.gl.mrWidgetData.security_configuration_path = '#{project_security_configuration_path(@project)}';
window.gl.mrWidgetData.license_compliance_docs_path = '#{help_page_path('user/compliance/license_scanning_of_cyclonedx_files/index.md')}';
window.gl.mrWidgetData.eligible_approvers_docs_path = '#{help_page_path('user/project/merge_requests/approvals/rules.md', anchor: 'eligible-approvers')}';
window.gl.mrWidgetData.approvals_help_path = '#{help_page_path("user/project/merge_requests/approvals/index.md")}';
window.gl.mrWidgetData.approvals_help_path = '#{help_page_path("user/project/merge_requests/approvals/_index.md")}';
window.gl.mrWidgetData.codequality_help_path = '#{help_page_path("ci/testing/code_quality.md", anchor: "code-quality-reports")}';
window.gl.mrWidgetData.false_positive_doc_url = '#{help_page_path('user/application_security/vulnerabilities/index.md')}';
window.gl.mrWidgetData.can_view_false_positive = '#{@merge_request.project.licensed_feature_available?(:sast_fp_reduction).to_s}';

2
app/views/projects/settings/ci_cd/_autodevops_form.html.haml
View File

@ -22,7 +22,7 @@
= f.fields_for :auto_devops_attributes, @auto_devops do |form|
= render Pajamas::CardComponent.new(card_options: { class: 'gl-mb-3' }, footer_options: { class: "js-extra-settings #{auto_devops_enabled || 'hidden'}", data: { testid: 'extra-auto-devops-settings' } }) do |c|
- c.with_body do
- autodevops_help_link = link_to _('Learn more.'), help_page_path('topics/autodevops/index.md'), target: '_blank', rel: 'noopener noreferrer'
- autodevops_help_link = link_to _('Learn more.'), help_page_path('topics/autodevops/_index.md'), target: '_blank', rel: 'noopener noreferrer'
- auto_devops_badge = auto_devops_enabled ? (gl_badge_tag badge_for_auto_devops_scope(@project), { variant: :info }, { class: 'js-instance-default-badge gl-ml-3 -gl-mt-1'}) : ''
= form.gitlab_ui_checkbox_component :enabled,
(s_('CICD|Default to Auto DevOps pipeline') + auto_devops_badge).html_safe,

2
app/views/projects/settings/ci_cd/show.html.haml
View File

@ -21,7 +21,7 @@
testid: 'autodevops-settings-content',
expanded: expanded) do |c|
- c.with_description do
- auto_devops_url = help_page_path('topics/autodevops/index.md')
- auto_devops_url = help_page_path('topics/autodevops/_index.md')
- quickstart_url = help_page_path('topics/autodevops/cloud_deployments/auto_devops_with_gke.md')
- auto_devops_link = link_to('', auto_devops_url, target: '_blank', rel: 'noopener noreferrer')
- quickstart_link = link_to('', quickstart_url, target: '_blank', rel: 'noopener noreferrer')

2
app/views/projects/settings/merge_requests/_merge_request_merge_method_settings.html.haml
View File

@ -21,7 +21,7 @@
= s_('ProjectSettings|Merge method')
%p.gl-text-subtle{ id: :merge_methods_description }
= s_('ProjectSettings|Determine what happens to the commit history when you merge a merge request.')
= link_to s_('ProjectSettings|How do they differ?'), help_page_path('user/project/merge_requests/methods/index.md'), target: '_blank', rel: 'noopener noreferrer'
= link_to s_('ProjectSettings|How do they differ?'), help_page_path('user/project/merge_requests/methods/_index.md'), target: '_blank', rel: 'noopener noreferrer'
= form.gitlab_ui_radio_component :merge_method,
:merge,
labelMerge,

2
app/views/shared/_auto_devops_callout.html.haml
View File

@ -8,6 +8,6 @@
= s_('AutoDevOps|Auto DevOps')
%p
- link = link_to(s_('AutoDevOps|Auto DevOps documentation'), help_page_path('topics/autodevops/index.md'), target: '_blank', rel: 'noopener noreferrer')
- link = link_to(s_('AutoDevOps|Auto DevOps documentation'), help_page_path('topics/autodevops/_index.md'), target: '_blank', rel: 'noopener noreferrer')
= s_('AutoDevOps|Automatically build, test, and deploy your application based on a predefined CI/CD configuration.')
= s_('AutoDevOps|Learn more in the %{link_to_documentation}.').html_safe % { link_to_documentation: link }

2
app/views/shared/_auto_devops_implicitly_enabled_banner.html.haml
View File

@ -9,4 +9,4 @@
= _('Container registry is not enabled on this GitLab instance. Ask an administrator to enable it in order for Auto DevOps to work.')
- c.with_actions do
= link_button_to _('Settings'), project_settings_ci_cd_path(project), class: 'alert-link', variant: :confirm
= link_button_to _('More information'), help_page_path('topics/autodevops/index.md'), target: '_blank', class: 'alert-link gl-ml-3'
= link_button_to _('More information'), help_page_path('topics/autodevops/_index.md'), target: '_blank', class: 'alert-link gl-ml-3'

12
db/docs/ml_candidate_metadata.yml
View File

@ -8,14 +8,6 @@ gitlab_schema: gitlab_main_cell
description: A Candidate Metadata record holds extra information about the candidate
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/104267
milestone: '15.7'
desired_sharding_key:
project_id:
references: projects
backfill_via:
parent:
foreign_key: candidate_id
table: ml_candidates
sharding_key: project_id
belongs_to: candidate
desired_sharding_key_migration_job_name: BackfillMlCandidateMetadataProjectId
table_size: small
sharding_key:
project_id: projects

14
db/post_migrate/20250124061606_add_merge_request_blocks_project_id_not_null_constraint.rb Normal file
View File

@ -0,0 +1,14 @@
# frozen_string_literal: true
class AddMergeRequestBlocksProjectIdNotNullConstraint < Gitlab::Database::Migration[2.2]
disable_ddl_transaction!
milestone '17.9'
def up
add_not_null_constraint :merge_request_blocks, :project_id, validate: false
end
def down
remove_not_null_constraint :merge_request_blocks, :project_id
end
end

16
db/post_migrate/20250124061619_prepare_merge_request_blocks_project_id_not_null_validation.rb Normal file
View File

@ -0,0 +1,16 @@
# frozen_string_literal: true
class PrepareMergeRequestBlocksProjectIdNotNullValidation < Gitlab::Database::Migration[2.2]
disable_ddl_transaction!
milestone '17.9'
CONSTRAINT_NAME = :check_f8034ca45e
def up
prepare_async_check_constraint_validation :merge_request_blocks, name: CONSTRAINT_NAME
end
def down
unprepare_async_check_constraint_validation :merge_request_blocks, name: CONSTRAINT_NAME
end
end

14
db/post_migrate/20250131091444_add_ml_candidate_metadata_project_id_not_null_constraint.rb Normal file
View File

@ -0,0 +1,14 @@
# frozen_string_literal: true
class AddMlCandidateMetadataProjectIdNotNullConstraint < Gitlab::Database::Migration[2.2]
disable_ddl_transaction!
milestone '17.9'
def up
add_not_null_constraint :ml_candidate_metadata, :project_id
end
def down
remove_not_null_constraint :ml_candidate_metadata, :project_id
end
end

1
db/schema_migrations/20250124061606 Normal file
View File

@ -0,0 +1 @@
2374c6c83a3272e792746068092f75598607ce70621a4a7222bace59688326a4

1
db/schema_migrations/20250124061619 Normal file
View File

@ -0,0 +1 @@
9d6ef39fe79a044cb93b63c509dd3e214bffa2a50454327ce2e2557a0da46cc2

1
db/schema_migrations/20250131091444 Normal file
View File

@ -0,0 +1 @@
9aa4f8bb138e18dd52572df7eb2b42858f35ddf30e05c753af62efafa768c90a

6
db/structure.sql
View File

@ -16318,7 +16318,8 @@ CREATE TABLE ml_candidate_metadata (
value text NOT NULL,
project_id bigint,
CONSTRAINT check_6b38a286a5 CHECK ((char_length(name) <= 255)),
CONSTRAINT check_9453f4a8e9 CHECK ((char_length(value) <= 5000))
CONSTRAINT check_9453f4a8e9 CHECK ((char_length(value) <= 5000)),
CONSTRAINT check_b964e2ac27 CHECK ((project_id IS NOT NULL))
);
CREATE SEQUENCE ml_candidate_metadata_id_seq
@ -27045,6 +27046,9 @@ ALTER TABLE project_relation_exports
ALTER TABLE vulnerability_finding_signatures
ADD CONSTRAINT check_f4ab9ffc5a CHECK ((project_id IS NOT NULL)) NOT VALID;
ALTER TABLE merge_request_blocks
ADD CONSTRAINT check_f8034ca45e CHECK ((project_id IS NOT NULL)) NOT VALID;
ALTER TABLE approval_merge_request_rule_sources
ADD CONSTRAINT check_f82666a937 CHECK ((project_id IS NOT NULL)) NOT VALID;

2
doc/administration/admin_area.md
View File

@ -195,7 +195,7 @@ The following totals are also included:
- Blocked users
- Total users
GitLab billing is based on the number of [**Billable users**](../subscriptions/self_managed/index.md#billable-users).
GitLab billing is based on the number of [**Billable users**](../subscriptions/self_managed/_index.md#billable-users).
### Add email to user

0
doc/administration/analytics/index.md → doc/administration/analytics/_index.md
View File

2
doc/administration/auth/ldap/index.md
View File

@ -24,7 +24,7 @@ GitLab does not support [Microsoft Active Directory Trusts](https://learn.micros
Users added through LDAP:
- Usually use a [licensed seat](../../../subscriptions/self_managed/index.md#billable-users).
- Usually use a [licensed seat](../../../subscriptions/self_managed/_index.md#billable-users).
- Can authenticate with Git using either their GitLab username or their email and LDAP password,
even if password authentication for Git
[is disabled](../../settings/sign_in_restrictions.md#password-authentication-enabled).

2
doc/administration/backup_restore/index.md
View File

@ -58,7 +58,7 @@ on how GitLab creates this archive, see [Backup archive process](backup_archive_
## Related topics
- [Geo](../geo/index.md)
- [Disaster Recovery (Geo)](../geo/disaster_recovery/index.md)
- [Disaster Recovery (Geo)](../geo/disaster_recovery/_index.md)
- [Migrating GitLab groups](../../user/group/import/index.md)
- [Import and migrate projects](../../user/project/import/index.md)
- [GitLab Linux package (Omnibus) - Backup and Restore](https://docs.gitlab.com/omnibus/settings/backups.html)

2
doc/administration/cicd/index.md → doc/administration/cicd/_index.md
View File

@ -80,7 +80,7 @@ configured to use `needs` then return the error `job can only need 0 others`.
## Change maximum scheduled pipeline frequency
[Scheduled pipelines](../../ci/pipelines/schedules.md) can be configured with any [cron value](../../topics/cron/index.md),
[Scheduled pipelines](../../ci/pipelines/schedules.md) can be configured with any [cron value](../../topics/cron/_index.md),
but they do not always run exactly when scheduled. An internal process, called the
_pipeline schedule worker_, queues all the scheduled pipelines, but does not
run continuously. The worker runs on its own schedule, and scheduled pipelines that

2
doc/administration/cicd/job_artifacts.md
View File

@ -292,7 +292,7 @@ an expiry for the artifacts, they are marked for deletion right after that date
Otherwise, they expire per the [default artifacts expiration setting](../settings/continuous_integration.md#default-artifacts-expiration).
Artifacts are deleted by the `expire_build_artifacts_worker` cron job which Sidekiq
runs every 7 minutes (`*/7 * * * *` in [Cron](../../topics/cron/index.md) syntax).
runs every 7 minutes (`*/7 * * * *` in [Cron](../../topics/cron/_index.md) syntax).
To change the default schedule on which expired artifacts are deleted:

2
doc/administration/clusters/kas.md
View File

@ -253,7 +253,7 @@ DETAILS:
> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/12180) in GitLab 17.4.
[Receptive agents](../../user/clusters/agent/index.md#receptive-agents) allow GitLab to integrate with Kubernetes clusters
[Receptive agents](../../user/clusters/agent/_index.md#receptive-agents) allow GitLab to integrate with Kubernetes clusters
that cannot establish a network connection to the GitLab instance, but can be connected to by GitLab.
To enable receptive agents:

4
doc/administration/compliance.md
View File

@ -25,7 +25,7 @@ and secure supply chain best practices:
|:--------------|:------------------|:--------------------|:-----------------------|:-------------------------------|
| [Credentials inventory](credentials_inventory.md) | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | Keep track of the credentials used by all of the users in a GitLab instance. |
| [Granular user roles<br/>and flexible permissions](../user/permissions.md) | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | Manage access and permissions with five different user roles and settings for external users. Set permissions according to people's role, rather than either read or write access to a repository. Don't share the source code with people that only need access to the issue tracker. |
| [Merge request approvals](../user/project/merge_requests/approvals/index.md) | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | Configure approvals required for merge requests. |
| [Merge request approvals](../user/project/merge_requests/approvals/_index.md) | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | Configure approvals required for merge requests. |
| [Push rules](../user/project/repository/push_rules.md) | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | Control pushes to your repositories. |
| Separation of duties using<br/>[protected branches](../user/project/repository/branches/protected.md#require-code-owner-approval-on-a-protected-branch) and<br/>[custom CI/CD configuration paths](../ci/pipelines/settings.md#specify-a-custom-cicd-configuration-file) | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | Leverage the GitLab cross-project YAML configurations to define deployers of code and developers of code. See how to use this setup to define these roles in the [Separation of Duties deploy project](https://gitlab.com/guided-explorations/separation-of-duties-deploy/blob/master/README.md) and the [Separation of Duties project](https://gitlab.com/guided-explorations/separation-of-duties/blob/master/README.md). |
| [Security policies](../user/application_security/policies/index.md) | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | Configure customizable policies that require merge request approval based on policy rules, or enforce security scanners to execute in project pipelines for compliance requirements. Policies can be enforced granularly against specific projects, or all projects in a group or subgroup. |
@ -62,7 +62,7 @@ These features can help provide visibility into GitLab and audit what is happeni
| [Audit events](audit_event_reports.md) | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | To maintain the integrity of your code, audit events give administrators the ability to view any modifications made in the GitLab server in an advanced audit events system, so you can control, analyze, and track every change. |
| [Audit reports](audit_event_reports.md) | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | Create and access reports based on the audit events that have occurred. Use pre-built GitLab reports or the API to build your own. |
| [Auditor users](auditor_users.md) | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | Auditor users are users who are given read-only access to all projects, groups, and other resources on the GitLab instance. |
| [Compliance center](../user/compliance/compliance_center/index.md) | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | Quickly get visibility into the compliance posture of your organization through compliance standards adherence reporting and violations reports. Manage your groups compliance frameworks centrally. |
| [Compliance center](../user/compliance/compliance_center/_index.md) | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | Quickly get visibility into the compliance posture of your organization through compliance standards adherence reporting and violations reports. Manage your groups compliance frameworks centrally. |
## Other compliance features

4
doc/administration/configure.md
View File

@ -13,7 +13,7 @@ DETAILS:
Customize and configure GitLab Self-Managed.
- [Authentication](auth/index.md)
- [CI/CD](cicd/index.md)
- [CI/CD](cicd/_index.md)
- [Configuration](admin_area.md)
- [Consul](consul.md)
- [Environment variables](environment_variables.md)
@ -34,7 +34,7 @@ Customize and configure GitLab Self-Managed.
- [Merge request diffs storage](merge_request_diffs.md)
- [Static objects external storage](static_objects_external_storage.md)
- [Geo](geo/index.md)
- [Disaster recovery (Geo)](geo/disaster_recovery/index.md)
- [Disaster recovery (Geo)](geo/disaster_recovery/_index.md)
- [Agent server for Kubernetes](clusters/kas.md)
- [Server hooks](server_hooks.md)
- [Terraform state](terraform_state.md)

14
doc/administration/dedicated/index.md → doc/administration/dedicated/_index.md
View File

@ -12,7 +12,7 @@ DETAILS:
Use GitLab Dedicated to run GitLab on a fully-managed, single-tenant instance hosted on AWS. You maintain control over your instance configuration through Switchboard, the GitLab Dedicated management portal, while GitLab manages the underlying infrastructure.
For more information about this offering, see the [subscription page](../../subscriptions/gitlab_dedicated/index.md).
For more information about this offering, see the [subscription page](../../subscriptions/gitlab_dedicated/_index.md).
## Architecture overview
@ -45,8 +45,8 @@ To learn more, see [GitLab Dedicated Architecture](architecture.md).
| [SAML SSO](configure_instance/saml.md) | You configure the connection to your identity provider. GitLab handles the authentication flow. | Switchboard |
| [IP allowlists](configure_instance/network_security.md#ip-allowlist) | You specify approved IP addresses. GitLab blocks unauthorized access attempts. | Switchboard |
| [Custom certificates](configure_instance/network_security.md#custom-certificates) | You import your SSL certificates. GitLab maintains secure connections to your private services. | Switchboard |
| [Compliance frameworks](../../subscriptions/gitlab_dedicated/index.md#monitoring) | GitLab maintains compliance with SOC 2, ISO 27001, and other frameworks. You can access reports through the [Trust Center](https://trust.gitlab.com/?product=gitlab-dedicated). | Available by <br>default |
| [Emergency access protocols](../../subscriptions/gitlab_dedicated/index.md#access-controls) | GitLab provides controlled break-glass procedures for urgent situations. | Available by <br>default |
| [Compliance frameworks](../../subscriptions/gitlab_dedicated/_index.md#monitoring) | GitLab maintains compliance with SOC 2, ISO 27001, and other frameworks. You can access reports through the [Trust Center](https://trust.gitlab.com/?product=gitlab-dedicated). | Available by <br>default |
| [Emergency access protocols](../../subscriptions/gitlab_dedicated/_index.md#access-controls) | GitLab provides controlled break-glass procedures for urgent situations. | Available by <br>default |
## Set up networking
@ -61,7 +61,7 @@ To learn more, see [GitLab Dedicated Architecture](architecture.md).
| Feature | How it works | Set up with |
|------------|-------------|-----------------|
| [GitLab Pages](../../subscriptions/gitlab_dedicated/index.md#gitlab-pages) | GitLab hosts your static websites on a dedicated domain. You can publish sites from your repositories. | Available by <br>default |
| [GitLab Pages](../../subscriptions/gitlab_dedicated/_index.md#gitlab-pages) | GitLab hosts your static websites on a dedicated domain. You can publish sites from your repositories. | Available by <br>default |
| [Advanced search](../../integration/advanced_search/elasticsearch.md) | GitLab maintains the search infrastructure. You can search across your code, issues, and merge requests. | Available by <br>default |
| [Hosted runners (beta)](hosted_runners.md) | You purchase a subscription and configure your hosted runners. GitLab manages the auto-scaling CI/CD infrastructure. | Switchboard |
@ -77,6 +77,6 @@ To learn more, see [GitLab Dedicated Architecture](architecture.md).
To get started with GitLab Dedicated:
1. [Create your GitLab Dedicated instance](../dedicated/create_instance.md).
1. [Configure your GitLab Dedicated instance](../dedicated/configure_instance/index.md).
1. [Create a hosted runner](../dedicated/hosted_runners.md).
1. [Create your GitLab Dedicated instance](create_instance.md).
1. [Configure your GitLab Dedicated instance](configure_instance/_index.md).
1. [Create a hosted runner](hosted_runners.md).

4
doc/administration/dedicated/configure_instance.md
View File

@ -1,11 +1,11 @@
---
redirect_to: 'configure_instance/index.md'
redirect_to: 'configure_instance/_index.md'
remove_date: '2025-03-13'
---
<!-- markdownlint-disable -->
This document was moved to [another location](configure_instance/index.md).
This document was moved to [another location](configure_instance/_index.md).
<!-- This redirect file can be deleted after <2025-03-13>. -->
<!-- Redirects that point to other docs in the same project expire in three months. -->

6
doc/administration/dedicated/configure_instance/index.md → doc/administration/dedicated/configure_instance/_index.md
View File

@ -10,13 +10,13 @@ DETAILS:
**Tier:** Ultimate
**Offering:** GitLab Dedicated
The instructions on this page guide you through configuring your GitLab Dedicated instance, including enabling and updating the settings for [available functionality](../../../subscriptions/gitlab_dedicated/index.md#available-features).
The instructions on this page guide you through configuring your GitLab Dedicated instance, including enabling and updating the settings for [available functionality](../../../subscriptions/gitlab_dedicated/_index.md#available-features).
Administrators can configure additional settings in their GitLab application by using the [**Admin** area](../../admin_area.md).
As a GitLab-managed solution, you cannot change any GitLab functionality controlled by SaaS environment settings. Examples of such SaaS environment settings include `gitlab.rb` configurations and access to shell, Rails console, and PostgreSQL console.
GitLab Dedicated engineers do not have direct access to your environment, except for [break glass situations](../../../subscriptions/gitlab_dedicated/index.md#access-controls).
GitLab Dedicated engineers do not have direct access to your environment, except for [break glass situations](../../../subscriptions/gitlab_dedicated/_index.md#access-controls).
NOTE:
An instance refers to a GitLab Dedicated deployment, whereas a tenant refers to a customer.
@ -44,7 +44,7 @@ To make a configuration change:
1. Follow the instructions in the relevant sections below.
For all other instance configurations, submit a support ticket according to the
[configuration change request policy](../configure_instance/index.md#request-configuration-changes-with-a-support-ticket).
[configuration change request policy](_index.md#request-configuration-changes-with-a-support-ticket).
### Apply configuration changes in Switchboard

2
doc/administration/dedicated/configure_instance/network_security.md
View File

@ -12,7 +12,7 @@ DETAILS:
## Bring your own domain (BYOD)
You can use a [custom hostname](../../../subscriptions/gitlab_dedicated/index.md#bring-your-own-domain) to access your GitLab Dedicated instance. You can also provide a custom hostname for the bundled container registry and Kubernetes Agent Server (KAS) services.
You can use a [custom hostname](../../../subscriptions/gitlab_dedicated/_index.md#bring-your-own-domain) to access your GitLab Dedicated instance. You can also provide a custom hostname for the bundled container registry and Kubernetes Agent Server (KAS) services.
### Let's Encrypt certificates

2
doc/administration/dedicated/configure_instance/users_notifications.md
View File

@ -44,6 +44,6 @@ You will see an alert confirming that your notification preferences have been up
## SMTP email service
You can configure an [SMTP](../../../subscriptions/gitlab_dedicated/index.md#email-service) email service for your GitLab Dedicated instance.
You can configure an [SMTP](../../../subscriptions/gitlab_dedicated/_index.md#email-service) email service for your GitLab Dedicated instance.
To configure an SMTP email service, submit a [support ticket](https://support.gitlab.com/hc/en-us/requests/new?ticket_form_id=4414917877650) with the credentials and settings for your SMTP server.

2
doc/administration/external_users.md
View File

@ -33,7 +33,7 @@ always take into account the
as well as the permission level of the user.
NOTE:
External users still count towards a license seat, unless the user has the [Guest role](../subscriptions/self_managed/index.md#free-guest-users) in the Ultimate tier.
External users still count towards a license seat, unless the user has the [Guest role](../subscriptions/self_managed/_index.md#free-guest-users) in the Ultimate tier.
An administrator can flag a user as external by either of the following methods:

4
doc/administration/geo/disaster_recovery/index.md → doc/administration/geo/disaster_recovery/_index.md
View File

@ -89,7 +89,7 @@ Note the following when promoting a secondary:
error message during this process, for more information, see this
[troubleshooting advice](failover_troubleshooting.md#fixing-errors-during-a-failover-or-when-promoting-a-secondary-to-a-primary-site).
- If you are using separate URLs, you should [point the primary domain DNS at the newly promoted site](#step-4-optional-updating-the-primary-domain-dns-record). Otherwise, runners must be registered again with the newly promoted site, and all Git remotes, bookmarks, and external integrations must be updated.
- If you are using [location-aware DNS](../secondary_proxy/index.md#configure-location-aware-dns), the runners should automatically connect to the new primary after the old primary is removed from the DNS entry.
- If you are using [location-aware DNS](../secondary_proxy/_index.md#configure-location-aware-dns), the runners should automatically connect to the new primary after the old primary is removed from the DNS entry.
- If you don't expect the runners connected to the previous primary to come back, you should remove them:
- Through the UI:
1. On the left sidebar, at the bottom, select **Admin**.
@ -312,7 +312,7 @@ changing Git remotes and API URLs.
Promoting a **secondary** site to **primary** site using the process above does not enable
Geo on the new **primary** site.
To bring a new **secondary** site online, follow the [Geo setup instructions](../setup/index.md).
To bring a new **secondary** site online, follow the [Geo setup instructions](../setup/_index.md).
### Step 6. Removing the former secondary's tracking database

12
doc/administration/geo/disaster_recovery/bring_primary_back.md
View File

@ -23,7 +23,7 @@ If you have any doubts about the consistency of the data on this site, we recomm
Since the former **primary** site is out of sync with the current **primary** site, the first step is to bring the former **primary** site up to date. Note, deletion of data stored on disk like
repositories and uploads is not replayed when bringing the former **primary** site back
into sync, which may result in increased disk usage.
Alternatively, you can [set up a new **secondary** GitLab instance](../setup/index.md) to avoid this.
Alternatively, you can [set up a new **secondary** GitLab instance](../setup/_index.md) to avoid this.
To bring the former **primary** site up to date:
@ -45,19 +45,19 @@ To bring the former **primary** site up to date:
```
NOTE:
If you [disabled the **primary** site permanently](index.md#step-2-permanently-disable-the-primary-site),
If you [disabled the **primary** site permanently](_index.md#step-2-permanently-disable-the-primary-site),
you need to undo those steps now. For distributions with systemd, such as Debian/Ubuntu/CentOS7+, you must run
`sudo systemctl enable gitlab-runsvdir`. For distributions without systemd, such as CentOS 6, you need to install
the GitLab instance from scratch and set it up as a **secondary** site by
following [Setup instructions](../setup/index.md). In this case, you don't need to follow the next step.
following [Setup instructions](../setup/_index.md). In this case, you don't need to follow the next step.
NOTE:
If you [changed the DNS records](index.md#step-4-optional-updating-the-primary-domain-dns-record)
If you [changed the DNS records](_index.md#step-4-optional-updating-the-primary-domain-dns-record)
for this site during disaster recovery procedure you may need to
[block all the writes to this site](planned_failover.md#prevent-updates-to-the-primary-site)
during this procedure.
1. [Set up Geo](../setup/index.md). In this case, the **secondary** site
1. [Set up Geo](../setup/_index.md). In this case, the **secondary** site
refers to the former **primary** site.
1. If [PgBouncer](../../postgresql/pgbouncer.md) was enabled on the **current secondary** site
(when it was a primary site) disable it by editing `/etc/gitlab/gitlab.rb`
@ -65,7 +65,7 @@ To bring the former **primary** site up to date:
1. You can then set up database replication on the **secondary** site.
If you have lost your original **primary** site, follow the
[setup instructions](../setup/index.md) to set up a new **secondary** site.
[setup instructions](../setup/_index.md) to set up a new **secondary** site.
## Promote the **secondary** site to **primary** site

4
doc/administration/geo/disaster_recovery/failover_troubleshooting.md
View File

@ -16,7 +16,7 @@ when promoting a secondary to a primary site with strategies to resolve them.
### Message: `ActiveRecord::RecordInvalid: Validation failed: Name has already been taken`
When [promoting a **secondary** site](../disaster_recovery/index.md#step-3-promoting-a-secondary-site),
When [promoting a **secondary** site](_index.md#step-3-promoting-a-secondary-site),
you might encounter the following error message:
```plaintext
@ -45,7 +45,7 @@ or `gitlab-ctl promote-to-primary-node`, enter a Rails console and run:
### Message: ``NoMethodError: undefined method `secondary?' for nil:NilClass``
When [promoting a **secondary** site](../disaster_recovery/index.md#step-3-promoting-a-secondary-site),
When [promoting a **secondary** site](_index.md#step-3-promoting-a-secondary-site),
you might encounter the following error message:
```plaintext

6
doc/administration/geo/disaster_recovery/planned_failover.md
View File

@ -21,7 +21,7 @@ length of this window is determined by your replication capacity - when the
data loss.
This document assumes you already have a fully configured, working Geo setup.
Read this document and the [Disaster Recovery](index.md) failover
Read this document and the [Disaster Recovery](_index.md) failover
documentation in full before proceeding. Planned failover is a major operation,
and if performed incorrectly, there is a high risk of data loss. Consider
rehearsing the procedure until you are comfortable with the necessary steps and
@ -88,7 +88,7 @@ Each step is described in more detail below.
### DNS TTL
If you plan to [update the primary domain DNS record](index.md#step-4-optional-updating-the-primary-domain-dns-record),
If you plan to [update the primary domain DNS record](_index.md#step-4-optional-updating-the-primary-domain-dns-record),
you may wish to maintain a low TTL to ensure fast propagation of DNS changes.
### Object storage
@ -246,7 +246,7 @@ At this point, your **secondary** site contains an up-to-date copy of everything
## Promote the **secondary** site
After the replication is finished, [promote the **secondary** site to a **primary** site](index.md). This process causes a brief outage on the **secondary** site, and users may need to sign in again. If you follow the steps correctly, the old primary Geo site should still be disabled and user traffic should go to the newly-promoted site instead.
After the replication is finished, [promote the **secondary** site to a **primary** site](_index.md). This process causes a brief outage on the **secondary** site, and users may need to sign in again. If you follow the steps correctly, the old primary Geo site should still be disabled and user traffic should go to the newly-promoted site instead.
When the promotion is completed, the maintenance window is over, and your new **primary** site now
begins to diverge from the old one. If problems do arise at this point, failing

6
doc/administration/geo/disaster_recovery/runbooks/planned_failover_multi_node.md
View File

@ -15,7 +15,7 @@ Disaster Recovery (Geo) promotion runbooks.
WARNING:
This runbook is an [experiment](../../../../policy/development_stages_support.md#experiment). For complete, production-ready documentation, see the
[disaster recovery documentation](../index.md).
[disaster recovery documentation](../_index.md).
## Geo planned failover for a multi-node configuration
@ -140,7 +140,7 @@ follow these steps to avoid unnecessary data loss:
as lost if you proceed.
NOTE:
If you plan to [update the **primary** domain DNS record](../index.md#step-4-optional-updating-the-primary-domain-dns-record),
If you plan to [update the **primary** domain DNS record](../_index.md#step-4-optional-updating-the-primary-domain-dns-record),
you may wish to lower the TTL now to speed up propagation.
When performing a failover, we want to avoid a split-brain situation where
@ -220,6 +220,6 @@ follow these steps to avoid unnecessary data loss:
### Next steps
To regain geographic redundancy as quickly as possible, you should
[add a new **secondary** site](../../setup/index.md). To
[add a new **secondary** site](../../setup/_index.md). To
do that, you can re-add the old **primary** as a new secondary and bring it back
online.

6
doc/administration/geo/disaster_recovery/runbooks/planned_failover_single_node.md
View File

@ -15,7 +15,7 @@ Disaster Recovery (Geo) promotion runbooks.
WARNING:
This runbook is an [experiment](../../../../policy/development_stages_support.md#experiment). For complete, production-ready documentation, see the
[disaster recovery documentation](../index.md).
[disaster recovery documentation](../_index.md).
## Geo planned failover for a single-node configuration
@ -169,7 +169,7 @@ follow these steps to avoid unnecessary data loss:
as lost if you proceed.
NOTE:
If you plan to [update the **primary** domain DNS record](../index.md#step-4-optional-updating-the-primary-domain-dns-record),
If you plan to [update the **primary** domain DNS record](../_index.md#step-4-optional-updating-the-primary-domain-dns-record),
you may wish to lower the TTL now to speed up propagation.
When performing a failover, we want to avoid a split-brain situation where
@ -246,6 +246,6 @@ To promote the secondary site:
### Next steps
To regain geographic redundancy as quickly as possible, you should
[add a new **secondary** site](../../setup/index.md). To
[add a new **secondary** site](../../setup/_index.md). To
do that, you can re-add the old **primary** as a new secondary and bring it back
online.

30
doc/administration/geo/index.md
View File

@ -35,7 +35,7 @@ Implementing Geo addresses several use cases. This section provides some of the
### Regional disaster recovery
Geo as a [disaster recovery](disaster_recovery/index.md) solution gives you a warm-standby secondary site in a different region from your primary site. Data is continuously synchronized to the secondary site ensuring it is always up to date. In the event of a disaster, such as data center or network outage or hardware failure, you can failover to a fully operational secondary site. You can test your disaster recovery processes and infrastructure with [planned failovers](disaster_recovery/planned_failover.md).
Geo as a [disaster recovery](disaster_recovery/_index.md) solution gives you a warm-standby secondary site in a different region from your primary site. Data is continuously synchronized to the secondary site ensuring it is always up to date. In the event of a disaster, such as data center or network outage or hardware failure, you can failover to a fully operational secondary site. You can test your disaster recovery processes and infrastructure with [planned failovers](disaster_recovery/planned_failover.md).
Benefits:
@ -46,7 +46,7 @@ Benefits:
### Remote team acceleration
Establish Geo secondary sites geographically closer to your remote teams to provide local caches that accelerate read operations. You can have multiple Geo secondary sites, each tailored to synchronize only the projects your remote teams need. [Transparent proxying](secondary_proxy/index.md) and geographic routing with [unified URL](replication/location_aware_git_url.md) ensures a consistent and seamless developer experience.
Establish Geo secondary sites geographically closer to your remote teams to provide local caches that accelerate read operations. You can have multiple Geo secondary sites, each tailored to synchronize only the projects your remote teams need. [Transparent proxying](secondary_proxy/_index.md) and geographic routing with [unified URL](replication/location_aware_git_url.md) ensures a consistent and seamless developer experience.
Benefits:
@ -80,7 +80,7 @@ Benefits:
#### Migration to GitLab Dedicated
You can also use Geo to migrate GitLab Self-Managed to [GitLab Dedicated](../../subscriptions/gitlab_dedicated/index.md). A migration to GitLab Dedicated is similar to an infrastructure migration.
You can also use Geo to migrate GitLab Self-Managed to [GitLab Dedicated](../../subscriptions/gitlab_dedicated/_index.md). A migration to GitLab Dedicated is similar to an infrastructure migration.
Benefits:
@ -97,7 +97,7 @@ While Geo's [selective synchronization](replication/selective_synchronization.md
### Provide access control
Geo [read-only secondary site](secondary_proxy/index.md#disable-secondary-site-git-proxying) functionality is not a first-class feature, and might not be supported in the future. You should not rely on this functionality for access control purposes. GitLab provides [authentication and authorization](../auth/index.md) controls that better serve this purpose.
Geo [read-only secondary site](secondary_proxy/_index.md#disable-secondary-site-git-proxying) functionality is not a first-class feature, and might not be supported in the future. You should not rely on this functionality for access control purposes. GitLab provides [authentication and authorization](../auth/index.md) controls that better serve this purpose.
### An alternative to zero downtime upgrades
@ -150,7 +150,7 @@ In this diagram:
- There is the **primary** site and the details of one **secondary** site.
- Writes to the database can only be performed on the **primary** site. A **secondary** site receives database
updates by using [PostgreSQL streaming replication](https://wiki.postgresql.org/wiki/Streaming_Replication).
- If present, the [LDAP server](#ldap) should be configured to replicate for [Disaster Recovery](disaster_recovery/index.md) scenarios.
- If present, the [LDAP server](#ldap) should be configured to replicate for [Disaster Recovery](disaster_recovery/_index.md) scenarios.
- A **secondary** site performs different type of synchronizations against the **primary** site, using a special
authorization protected by JWT:
- Repositories are cloned/updated via Git over HTTPS.
@ -159,12 +159,12 @@ In this diagram:
From the perspective of a user performing Git operations:
- The **primary** site behaves as a full read-write GitLab instance.
- **Secondary** sites behave as full read-write GitLab instances. **Secondary** sites transparently proxy all operations to the **primary** site, with [some notable exceptions](secondary_proxy/index.md#features-accelerated-by-secondary-geo-sites). In particular, Git fetches are served by the **secondary** site when it is up-to-date.
- **Secondary** sites behave as full read-write GitLab instances. **Secondary** sites transparently proxy all operations to the **primary** site, with [some notable exceptions](secondary_proxy/_index.md#features-accelerated-by-secondary-geo-sites). In particular, Git fetches are served by the **secondary** site when it is up-to-date.
From the perspective of a user browsing the GitLab UI, or using the API:
- The **primary** site behaves as a full read-write GitLab instance.
- **Secondary** sites behave as full read-write GitLab instances. **Secondary** sites transparently proxy all operations to the **primary** site, with [some notable exceptions](secondary_proxy/index.md#features-accelerated-by-secondary-geo-sites). In particular, web UI assets are served by the **secondary** site.
- **Secondary** sites behave as full read-write GitLab instances. **Secondary** sites transparently proxy all operations to the **primary** site, with [some notable exceptions](secondary_proxy/_index.md#features-accelerated-by-secondary-geo-sites). In particular, web UI assets are served by the **secondary** site.
To simplify the diagram, some necessary components are omitted.
@ -272,10 +272,10 @@ These known issues reflect only the latest version of GitLab. If you are using a
[GitLab Environment Toolkit](https://gitlab.com/gitlab-org/gitlab-environment-toolkit) Terraform and Ansible scripts to deploy and operate production
GitLab instances based on our [Reference Architectures](../reference_architectures/index.md), including automation of common daily tasks.
[Epic 1465](https://gitlab.com/groups/gitlab-org/-/epics/1465) proposes to improve Geo installation even more.
- Real-time updates of issues/merge requests (for example, via long polling) doesn't work on **secondary** sites where [http proxying is disabled](secondary_proxy/index.md#disable-secondary-site-http-proxying).
- Real-time updates of issues/merge requests (for example, via long polling) doesn't work on **secondary** sites where [http proxying is disabled](secondary_proxy/_index.md#disable-secondary-site-http-proxying).
- [Selective synchronization](replication/selective_synchronization.md) only limits what repositories and files are replicated. The entire PostgreSQL data is still replicated. Selective synchronization is not built to accommodate compliance / export control use cases.
- [Pages access control](../../user/project/pages/pages_access_control.md) doesn't work on secondaries. See [GitLab issue #9336](https://gitlab.com/gitlab-org/gitlab/-/issues/9336) for details.
- [Disaster recovery](disaster_recovery/index.md) for deployments that have multiple secondary sites causes downtime due to the need to re-initialize PostgreSQL streaming replication on all non-promoted secondaries to follow the new primary site.
- [Disaster recovery](disaster_recovery/_index.md) for deployments that have multiple secondary sites causes downtime due to the need to re-initialize PostgreSQL streaming replication on all non-promoted secondaries to follow the new primary site.
- For Git over SSH, to make the project clone URL display correctly regardless of which site you are browsing, secondary sites must use the same port as the primary.
For more information, see [issue 339262](https://gitlab.com/gitlab-org/gitlab/-/issues/339262).
- Git push over SSH against a secondary site does not work for pushes over 1.86 GB. [GitLab issue #413109](https://gitlab.com/gitlab-org/gitlab/-/issues/413109) tracks this bug.
@ -283,11 +283,11 @@ These known issues reflect only the latest version of GitLab. If you are using a
- Git push with options over SSH against a secondary site does not work and terminates the connection. For more information, see [issue 417186](https://gitlab.com/gitlab-org/gitlab/-/issues/417186).
- The Geo secondary site does not accelerate (serve) the clone request for the first stage of the pipeline in most cases. Later stages are not guaranteed to be served by the secondary site either, for example if the Git change is large, bandwidth is small, or pipeline stages are short. In general, it does serve the clone request for subsequent stages. [Issue 446176](https://gitlab.com/gitlab-org/gitlab/-/issues/446176) discusses the reasons for this and proposes an enhancement to increase the chance that Runner clone requests are served from the secondary site.
- When a single Git repository receives pushes at a high-enough rate, the secondary site's local copy can be perpetually out-of-date. This causes all Git fetches of that repository to be forwarded to the primary site. See [GitLab issue #455870](https://gitlab.com/gitlab-org/gitlab/-/issues/455870).
- [Proxying](secondary_proxy/index.md) is implemented only in the GitLab application in the Puma service or Web service, so other services do not benefit from this behavior. You should use a [separate URL](secondary_proxy/index.md#set-up-a-separate-url-for-a-secondary-geo-site) to ensure requests are always sent to the primary. These services include:
- [Proxying](secondary_proxy/_index.md) is implemented only in the GitLab application in the Puma service or Web service, so other services do not benefit from this behavior. You should use a [separate URL](secondary_proxy/_index.md#set-up-a-separate-url-for-a-secondary-geo-site) to ensure requests are always sent to the primary. These services include:
- GitLab container registry - [can be configured to use a separate domain](../packages/container_registry.md#configure-container-registry-under-its-own-domain), such as `registry.example.com`. Secondary site container registries are intended only for disaster recovery. Users should not be routed to them, especially not for pushes, because the data is not propagated to the primary site.
- GitLab Pages - should always use a separate domain, as part of [the prerequisites for running GitLab Pages](../pages/index.md#prerequisites).
- With a [unified URL](secondary_proxy/index.md#set-up-a-unified-url-for-geo-sites), Let's Encrypt can't generate certificates unless it can reach both IPs through the same domain. To use TLS certificates with Let's Encrypt, you can manually point the domain to one of the Geo sites, generate the certificate, then copy it to all other sites.
- When a [secondary site uses a separate URL](secondary_proxy/index.md#set-up-a-separate-url-for-a-secondary-geo-site) from the primary site, [signing in the secondary site using SAML](replication/single_sign_on.md#saml-with-separate-url-with-proxying-enabled) is only supported if the SAML Identity Provider (IdP) allows an application to be configured with multiple callback URLs.
- With a [unified URL](secondary_proxy/_index.md#set-up-a-unified-url-for-geo-sites), Let's Encrypt can't generate certificates unless it can reach both IPs through the same domain. To use TLS certificates with Let's Encrypt, you can manually point the domain to one of the Geo sites, generate the certificate, then copy it to all other sites.
- When a [secondary site uses a separate URL](secondary_proxy/_index.md#set-up-a-separate-url-for-a-secondary-geo-site) from the primary site, [signing in the secondary site using SAML](replication/single_sign_on.md#saml-with-separate-url-with-proxying-enabled) is only supported if the SAML Identity Provider (IdP) allows an application to be configured with multiple callback URLs.
- Git clone and fetch requests with option `--depth` over SSH against a secondary site does not work and hangs indefinitely if the secondary site is not up to date at the time the request is initiated. This is due to problems related to translating Git SSH to Git https during proxying. For more information, see [issue 391980](https://gitlab.com/gitlab-org/gitlab/-/issues/391980). A new workflow that does not involve the aforementioned translation step is now available for Linux-packaged GitLab Geo secondary sites which can be enabled with a feature flag. For more details, see [comment in issue 454707](https://gitlab.com/gitlab-org/gitlab/-/issues/454707#note_2102067451). The fix for Cloud Native GitLab Geo secondary sites is tracked in [issue 5641](https://gitlab.com/gitlab-org/charts/gitlab/-/issues/5641).
- Some customers have reported that `git fetch` over SSH when the secondary site is out of date hangs and/or times out and fails. `git clone` requests over SSH are not impacted. For more information, see [issue 454707](https://gitlab.com/gitlab-org/gitlab/-/issues/454707). A fix available for Linux-packaged GitLab Geo secondary sites which can be enabled with a feature flag. For more details, see [comment in issue 454707](https://gitlab.com/gitlab-org/gitlab/-/issues/454707#note_2102067451). The fix for Cloud Native GitLab Geo secondary sites is tracked in [issue 5641](https://gitlab.com/gitlab-org/charts/gitlab/-/issues/5641).
@ -302,7 +302,7 @@ After installing GitLab on the **secondary** sites and performing the initial co
### Setting up Geo
For information on configuring Geo, see [Set up Geo](setup/index.md).
For information on configuring Geo, see [Set up Geo](setup/_index.md).
### Configuring Geo with Object Storage
@ -314,7 +314,7 @@ For more information on how to replicate the container registry, see [Container
### Set up a unified URL for Geo sites
For an example of how to set up a single, location-aware URL with AWS Route53 or Google Cloud DNS, see [Set up a unified URL for Geo sites](secondary_proxy/index.md#set-up-a-unified-url-for-geo-sites).
For an example of how to set up a single, location-aware URL with AWS Route53 or Google Cloud DNS, see [Set up a unified URL for Geo sites](secondary_proxy/_index.md#set-up-a-unified-url-for-geo-sites).
### Single Sign On (SSO)
@ -371,7 +371,7 @@ For more information on how to access and consume Geo logs, see the [Geo section
## Disaster Recovery
For information on using Geo in disaster recovery situations to mitigate data-loss and restore services, see [Disaster Recovery](disaster_recovery/index.md).
For information on using Geo in disaster recovery situations to mitigate data-loss and restore services, see [Disaster Recovery](disaster_recovery/_index.md).
## Frequently Asked Questions

4
doc/administration/geo/replication/configuration.md
View File

@ -12,7 +12,7 @@ DETAILS:
NOTE:
This is the final step in setting up a **secondary** Geo site. Stages of the
setup process must be completed in the documented order.
If not, [complete all prior stages](../setup/index.md#using-linux-package-installations) before proceeding.
If not, [complete all prior stages](../setup/_index.md#using-linux-package-installations) before proceeding.
The basic steps of configuring a **secondary** site are to:
@ -90,7 +90,7 @@ they must be manually replicated to **all nodes of the secondary site**.
GitLab integrates with the system-installed SSH daemon, designating a user
(typically named `git`) through which all access requests are handled.
In a [Disaster Recovery](../disaster_recovery/index.md) situation, GitLab system
In a [Disaster Recovery](../disaster_recovery/_index.md) situation, GitLab system
administrators promote a **secondary** site to the **primary** site. DNS records for the
**primary** domain should also be updated to point to the new **primary** site
(previously a **secondary** site). Doing so avoids the need to update Git remotes and API URLs.

2
doc/administration/geo/replication/disable_geo.md
View File

@ -30,7 +30,7 @@ To disable Geo, you need to first remove all your secondary Geo sites, which mea
anymore on these sites. You can follow our documentation to [remove your secondary Geo sites](remove_geo_site.md).
If the current site that you want to keep using is a secondary site, you need to first promote it to primary.
You can use our steps on [how to promote a secondary site](../disaster_recovery/index.md#step-3-promoting-a-secondary-site)
You can use our steps on [how to promote a secondary site](../disaster_recovery/_index.md#step-3-promoting-a-secondary-site)
to do that.
## Remove the primary site from the UI

4
doc/administration/geo/replication/faq.md
View File

@ -43,7 +43,7 @@ So even if we have an outdated tracking database, the validation should activate
Yes, but there are limitations to what we replicate (see
[What data is replicated to a **secondary** site?](#what-data-is-replicated-to-a-secondary-site)).
Read the documentation for [Disaster Recovery](../disaster_recovery/index.md).
Read the documentation for [Disaster Recovery](../disaster_recovery/_index.md).
## What data is replicated to a **secondary** site?
@ -95,6 +95,6 @@ Yes, projects scheduled for deletion by [delayed deletion](../../settings/visibi
## What happens to my secondary sites with when my primary site goes down?
When a primary site goes down,
[your secondary will not be accessible through the UI](../secondary_proxy/index.md#behavior-of-secondary-sites-when-the-primary-geo-site-is-down)
[your secondary will not be accessible through the UI](../secondary_proxy/_index.md#behavior-of-secondary-sites-when-the-primary-geo-site-is-down)
unless your restore the services on your primary site or you perform a promotion
on your secondary site.

4
doc/administration/geo/replication/location_aware_git_url.md
View File

@ -10,7 +10,7 @@ DETAILS:
**Offering:** GitLab Self-Managed
NOTE:
[GitLab Geo supports location-aware DNS including web UI and API traffic.](../secondary_proxy/index.md#configure-location-aware-dns)
[GitLab Geo supports location-aware DNS including web UI and API traffic.](../secondary_proxy/_index.md#configure-location-aware-dns)
This configuration is recommended over the location-aware Git remote URL
described in this document.
@ -45,7 +45,7 @@ In any case, you require:
- A Route53 Hosted Zone managing your domain.
If you haven't yet set up a Geo _primary_ site and _secondary_ site, see the
[Geo setup instructions](../setup/index.md).
[Geo setup instructions](../setup/_index.md).
## Create a traffic policy

2
doc/administration/geo/replication/selective_synchronization.md
View File

@ -23,7 +23,7 @@ Selective synchronization:
1. Does not restrict permissions from **secondary** sites.
1. Does not prevent users from viewing, interacting with, cloning, and pushing to project repositories that are not included in the selective sync.
- For more details, see [Geo proxying for secondary sites](../secondary_proxy/index.md).
- For more details, see [Geo proxying for secondary sites](../secondary_proxy/_index.md).
1. Does not hide project metadata from **secondary** sites.
- Since Geo relies on PostgreSQL replication, all project metadata
gets replicated to **secondary** sites, but repositories that have not been

8
doc/administration/geo/replication/single_sign_on.md
View File

@ -23,9 +23,9 @@ You only configure SAML on the primary site. Configuring `gitlab_rails['omniauth
How you configure instance-wide SAML differs depending on your secondary site configuration. Determine if your secondary site uses a:
- [Unified URL](../secondary_proxy/index.md#set-up-a-unified-url-for-geo-sites), meaning the `external_url` exactly matches the `external_url` of the primary site.
- [Separate URL](../secondary_proxy/index.md#set-up-a-separate-url-for-a-secondary-geo-site) with proxying enabled. Proxying is enabled by default in GitLab 15.1 and later.
- [Separate URL](../secondary_proxy/index.md#set-up-a-separate-url-for-a-secondary-geo-site) with proxying disabled.
- [Unified URL](../secondary_proxy/_index.md#set-up-a-unified-url-for-geo-sites), meaning the `external_url` exactly matches the `external_url` of the primary site.
- [Separate URL](../secondary_proxy/_index.md#set-up-a-separate-url-for-a-secondary-geo-site) with proxying enabled. Proxying is enabled by default in GitLab 15.1 and later.
- [Separate URL](../secondary_proxy/_index.md#set-up-a-separate-url-for-a-secondary-geo-site) with proxying disabled.
### SAML with Unified URL
@ -132,6 +132,6 @@ in most cases, it should work without an issue:
If you use LDAP on your **primary** site, you should also set up secondary LDAP servers on each **secondary** site. Otherwise, users cannot perform Git operations over HTTP(s) on the **secondary** site using HTTP basic authentication. However, users can still use Git with SSH and personal access tokens.
NOTE:
It is possible for all **secondary** sites to share an LDAP server, but additional latency can be an issue. Also, consider what LDAP server is available in a [disaster recovery](../disaster_recovery/index.md) scenario if a **secondary** site is promoted to be a **primary** site.
It is possible for all **secondary** sites to share an LDAP server, but additional latency can be an issue. Also, consider what LDAP server is available in a [disaster recovery](../disaster_recovery/_index.md) scenario if a **secondary** site is promoted to be a **primary** site.
Check your LDAP service documentation for instructions on how to set up replication in your LDAP service. The process differs depending on the software or service used. For example, OpenLDAP provides this [replication documentation](https://www.openldap.org/doc/admin24/replication.html).

2
doc/administration/geo/replication/troubleshooting/client_http.md
View File

@ -56,7 +56,7 @@ When upgrading a Geo site, you might not be able to sign into a secondary site t
### Secondary site returns 502 errors with Geo proxying
When [Geo proxying for secondary sites](../../secondary_proxy/index.md) is enabled, and the secondary site user interface returns
When [Geo proxying for secondary sites](../../secondary_proxy/_index.md) is enabled, and the secondary site user interface returns
502 errors, it is possible that the response header proxied from the primary site is too large.
Check the NGINX logs for errors similar to this example:

2
doc/administration/geo/replication/troubleshooting/common.md
View File

@ -552,7 +552,7 @@ This error message indicates that the replica database in the **secondary** site
To restore the database and resume replication, you can do one of the following:
- [Reset the Geo secondary site replication](synchronization_verification.md#resetting-geo-secondary-site-replication).
- [Set up a new Geo secondary using the Linux package](../../setup/index.md#using-linux-package-installations).
- [Set up a new Geo secondary using the Linux package](../../setup/_index.md#using-linux-package-installations).
If you set up a new secondary from scratch, you must also [remove the old site from the Geo cluster](../remove_geo_site.md).

2
doc/administration/geo/replication/usage.md
View File

@ -12,7 +12,7 @@ DETAILS:
**Tier:** Premium, Ultimate
**Offering:** GitLab Self-Managed
After you set up the [database replication and configure the Geo nodes](../setup/index.md), use your closest GitLab site as you would do with the primary one.
After you set up the [database replication and configure the Geo nodes](../setup/_index.md), use your closest GitLab site as you would do with the primary one.
## Git operations

2
doc/administration/geo/secondary_proxy/index.md → doc/administration/geo/secondary_proxy/_index.md
View File

@ -59,7 +59,7 @@ requests:
For this example, you need:
- A working Geo **primary** site and **secondary** site, see the [Geo setup instructions](../setup/index.md).
- A working Geo **primary** site and **secondary** site, see the [Geo setup instructions](../setup/_index.md).
- A DNS zone managing your domain. Although the following instructions use
[AWS Route53](https://aws.amazon.com/route53/)
and [GCP cloud DNS](https://cloud.google.com/dns/), other services such as

8
doc/administration/geo/secondary_proxy/runners.md
View File

@ -12,14 +12,14 @@ DETAILS:
> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/9779) in GitLab 16.8 [with a flag](../../feature_flags.md) named `geo_proxy_check_pipeline_refs`. Disabled by default.
> - [Enabled by default](https://gitlab.com/gitlab-org/gitlab/-/issues/434041) in GitLab 16.9.
With [Geo proxying for secondary sites](index.md), it is possible to register a `gitlab-runner` with a secondary site. This offloads load from the primary instance.
With [Geo proxying for secondary sites](_index.md), it is possible to register a `gitlab-runner` with a secondary site. This offloads load from the primary instance.
NOTE:
The jobs that start during the first stage of a pipeline almost always have their Git clone requests forwarded to the primary site. This is because those clones usually occur before the Git data is replicated and verified by the secondary site. Later stages are not guaranteed to be served by the secondary site either, for example if the Git change is large, bandwidth is small, or pipeline stages are short. In most cases, the subsequent stages of the pipeline serve Git data from the secondary site. [Issue 446176](https://gitlab.com/gitlab-org/gitlab/-/issues/446176) proposes an enhancement to increase the chance of the first stage clone request is served from the secondary site.
## Use secondary runners with a Location Aware public URL (Unified URL)
Using [Location-Aware DNS](index.md#configure-location-aware-dns), with the feature flag enabled works with no extra configuration. After you install and register a runner in the same location as a secondary site, it automatically talks to the closest site, and only proxies to the primary if the secondary is out of date.
Using [Location-Aware DNS](_index.md#configure-location-aware-dns), with the feature flag enabled works with no extra configuration. After you install and register a runner in the same location as a secondary site, it automatically talks to the closest site, and only proxies to the primary if the secondary is out of date.
## Use secondary runners with separate URLs
@ -34,12 +34,12 @@ When executing [a planned failover](../disaster_recovery/planned_failover.md), s
### With Location Aware public URL
When using [Location-Aware DNS](index.md#configure-location-aware-dns), all runners automatically connect to the closest Geo site.
When using [Location-Aware DNS](_index.md#configure-location-aware-dns), all runners automatically connect to the closest Geo site.
When failing over to a new primary:
- While the old primary is still in the DNS record, any runners previously connected to your old primary still attempt to pick up jobs from the old primary. If it is unreachable, the runners [detect this](https://docs.gitlab.com/runner/configuration/advanced-configuration.html#how-unhealthy_requests_limit-and-unhealthy_interval-works), and stop requesting for an extended period of time after the instance returns.
- If you have [multiple secondary nodes](../disaster_recovery/index.md#promoting-secondary-geo-replica-in-multi-secondary-configurations), after the initial failover the remaining secondaries are in an unhealthy state until they are [replicated](../disaster_recovery/index.md#step-2-initiate-the-replication-process) with the new primary. The runners attached to them are then unable to check in, and their health check also kicks in.
- If you have [multiple secondary nodes](../disaster_recovery/_index.md#promoting-secondary-geo-replica-in-multi-secondary-configurations), after the initial failover the remaining secondaries are in an unhealthy state until they are [replicated](../disaster_recovery/_index.md#step-2-initiate-the-replication-process) with the new primary. The runners attached to them are then unable to check in, and their health check also kicks in.
- If you remove any of the unhealthy nodes from the Geo DNS entry, the runners pick the next closest instance. Depending on your architecture, this may not be what you want, as you could overwhelm your site in its reduced state.
To alleviate any of these issues, you can [pause](#pausing-runners) or shutdown some of the runners until the site is back up to 100%.

2
doc/administration/geo/setup/index.md → doc/administration/geo/setup/_index.md
View File

@ -63,7 +63,7 @@ Depending on how you use GitLab, the following configuration might be required:
For more information, see [LDAP with Geo](../replication/single_sign_on.md#ldap).
- If you use the container registry, [configure the container registry for replication](../replication/container_registry.md) on the **primary** and **secondary** sites.
You should [configure unified URLs](../secondary_proxy/index.md#set-up-a-unified-url-for-geo-sites) to use a single, unified URL for all Geo sites.
You should [configure unified URLs](../secondary_proxy/_index.md#set-up-a-unified-url-for-geo-sites) to use a single, unified URL for all Geo sites.
## Using GitLab Charts

2
doc/administration/geo/setup/database.md
View File

@ -20,7 +20,7 @@ the roles cannot perform all necessary configuration steps. In this case, use th
NOTE:
The stages of the setup process must be completed in the documented order.
If not, [complete all prior stages](../setup/index.md#using-linux-package-installations) before proceeding.
If not, [complete all prior stages](../setup/_index.md#using-linux-package-installations) before proceeding.
Ensure the **secondary** site is running the same version of GitLab Enterprise Edition as the **primary** site. Confirm you have added a license for a [Premium or Ultimate subscription](https://about.gitlab.com/pricing/) to your **primary** site.

2
doc/administration/get_started.md
View File

@ -199,7 +199,7 @@ DETAILS:
Geo provides local, read-only instances of your GitLab instances.
While GitLab Geo helps remote teams work more efficiently by using a local GitLab node, it can also be used as a disaster recovery solution.
Learn more about using [Geo as a disaster recovery solution](geo/disaster_recovery/index.md).
Learn more about using [Geo as a disaster recovery solution](geo/disaster_recovery/_index.md).
Geo replicates your database, your Git repositories, and a few other assets.
Learn more about the [data types Geo replicates](geo/replication/datatypes.md#replicated-data-types).

Some files were not shown because too many files have changed in this diff Show More