root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2025-05-09 15:11:36 +00:00
parent a089720fb7
commit 915d10b20d
31 changed files with 228 additions and 276 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
.gitlab/ci/global.gitlab-ci.yml
View File

@ -344,16 +344,6 @@
alias: postgres
- !reference [.redis-services, services]
.zoekt-variables:
variables:
ZOEKT_INDEX_BASE_URL: http://zoekt-ci-image:6060
ZOEKT_SEARCH_BASE_URL: http://zoekt-ci-image:6070
.zoekt-services:
services:
- name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:zoekt-ci-image-1.10
alias: zoekt-ci-image
.use-pg14:
extends:
- .pg-base-variables
@ -396,14 +386,12 @@
.es7-services:
services:
- !reference [.zoekt-services, services]
- name: elasticsearch:7.17.6
command: ["elasticsearch", "-E", "discovery.type=single-node", "-E", "xpack.security.enabled=false", "-E", "cluster.routing.allocation.disk.threshold_enabled=false"]
.use-pg14-es7-ee:
extends:
- .use-pg14
- .zoekt-variables
services:
- !reference [.db-services-with-auto-explain, services]
- !reference [.es7-services, services]
@ -411,7 +399,6 @@
.use-pg15-es7-ee:
extends:
- .use-pg15
- .zoekt-variables
services:
- !reference [.db-services-with-auto-explain, services]
- !reference [.es7-services, services]
@ -419,7 +406,6 @@
.use-pg16-es7-ee:
extends:
- .use-pg16
- .zoekt-variables
services:
- !reference [.db-services-with-auto-explain, services]
- !reference [.es7-services, services]
@ -427,14 +413,12 @@
.use-pg17-es7-ee:
extends:
- .use-pg17
- .zoekt-variables
services:
- !reference [.db-services-with-auto-explain, services]
- !reference [.es7-services, services]
.es8-services:
services:
- !reference [.zoekt-services, services]
- name: elasticsearch:8.17.4
.es8-variables:
@ -446,7 +430,6 @@
.use-pg14-es8-ee:
extends:
- .use-pg14
- .zoekt-variables
- .es8-variables
services:
- !reference [.db-services-with-auto-explain, services]
@ -455,7 +438,6 @@
.use-pg15-es8-ee:
extends:
- .use-pg15
- .zoekt-variables
- .es8-variables
services:
- !reference [.db-services-with-auto-explain, services]
@ -464,7 +446,6 @@
.use-pg16-es8-ee:
extends:
- .use-pg16
- .zoekt-variables
- .es8-variables
services:
- !reference [.db-services-with-auto-explain, services]
@ -473,7 +454,6 @@
.use-pg17-es8-ee:
extends:
- .use-pg17
- .zoekt-variables
- .es8-variables
services:
- !reference [.db-services-with-auto-explain, services]
@ -481,7 +461,6 @@
.opensearch-latest-services:
services:
- !reference [.zoekt-services, services]
- name: opensearchproject/opensearch:latest
alias: elasticsearch
command: ["bin/opensearch", "-E", "discovery.type=single-node", "-E", "plugins.security.disabled=true", "-E", "cluster.routing.allocation.disk.threshold_enabled=false"]
@ -489,14 +468,12 @@
.use-pg16-opensearch-latest-ee:
extends:
- .use-pg16
- .zoekt-variables
services:
- !reference [.db-services-with-auto-explain, services]
- !reference [.opensearch-latest-services, services]
.os1-services:
services:
- !reference [.zoekt-services, services]
- name: opensearchproject/opensearch:1.3.18
alias: elasticsearch
command: ["bin/opensearch", "-E", "discovery.type=single-node", "-E", "plugins.security.disabled=true", "-E", "cluster.routing.allocation.disk.threshold_enabled=false"]
@ -504,7 +481,6 @@
.use-pg14-opensearch1-ee:
extends:
- .use-pg14
- .zoekt-variables
services:
- !reference [.db-services-with-auto-explain, services]
- !reference [.os1-services, services]
@ -512,7 +488,6 @@
.use-pg15-opensearch1-ee:
extends:
- .use-pg15
- .zoekt-variables
services:
- !reference [.db-services-with-auto-explain, services]
- !reference [.os1-services, services]
@ -520,7 +495,6 @@
.use-pg16-opensearch1-ee:
extends:
- .use-pg16
- .zoekt-variables
services:
- !reference [.db-services-with-auto-explain, services]
- !reference [.os1-services, services]
@ -528,14 +502,12 @@
.use-pg17-opensearch1-ee:
extends:
- .use-pg17
- .zoekt-variables
services:
- !reference [.db-services-with-auto-explain, services]
- !reference [.os1-services, services]
.os2-services:
services:
- !reference [.zoekt-services, services]
- name: opensearchproject/opensearch:2.15.0
alias: elasticsearch
command: ["bin/opensearch", "-E", "discovery.type=single-node", "-E", "plugins.security.disabled=true", "-E", "cluster.routing.allocation.disk.threshold_enabled=false"]
@ -543,7 +515,6 @@
.use-pg14-opensearch2-ee:
extends:
- .use-pg14
- .zoekt-variables
services:
- !reference [.db-services-with-auto-explain, services]
- !reference [.os2-services, services]
@ -551,7 +522,6 @@
.use-pg15-opensearch2-ee:
extends:
- .use-pg15
- .zoekt-variables
services:
- !reference [.db-services-with-auto-explain, services]
- !reference [.os2-services, services]
@ -559,7 +529,6 @@
.use-pg16-opensearch2-ee:
extends:
- .use-pg16
- .zoekt-variables
services:
- !reference [.db-services-with-auto-explain, services]
- !reference [.os2-services, services]
@ -567,7 +536,6 @@
.use-pg17-opensearch2-ee:
extends:
- .use-pg17
- .zoekt-variables
services:
- !reference [.db-services-with-auto-explain, services]
- !reference [.os2-services, services]

1
.gitlab/ci/rails.gitlab-ci.yml
View File

@ -44,6 +44,7 @@ setup-test-env:
- ${TMP_TEST_FOLDER}/gitaly/praefect.config.toml
- ${TMP_TEST_FOLDER}/gitaly/praefect-db.config.toml
- ${TMP_TEST_FOLDER}/gitlab-elasticsearch-indexer/bin/gitlab-elasticsearch-indexer
- ${TMP_TEST_FOLDER}/gitlab-zoekt/bin/gitlab-zoekt
- ${TMP_TEST_FOLDER}/gitlab-shell/
- ${TMP_TEST_FOLDER}/gitlab-test-fork/
- ${TMP_TEST_FOLDER}/gitlab-test-fork.bundle

1
.gitlab/ci/rules.gitlab-ci.yml
View File

@ -442,6 +442,7 @@
- "{,jh/}Gemfile.lock"
- "{,jh/}Gemfile.next.lock"
- "GITLAB_ELASTICSEARCH_INDEXER_VERSION"
- "GITLAB_ZOEKT_VERSION"
# List explicitly all the app/ dirs that are backend (i.e. all except app/assets).
- "{,ee/,jh/}{app/channels,app/components,app/controllers,app/finders,app/graphql,app/helpers,app/mailers,app/models,app/policies,app/presenters,app/serializers,app/services,app/uploaders,app/validators,app/views,app/workers}/**/*"
- "{,ee/,jh/}{bin,config,db,elastic,gems,generator_templates,lib}/**/*"

1
.rubocop_todo/gitlab/feature_flag_without_actor.yml
View File

@ -105,7 +105,6 @@ Gitlab/FeatureFlagWithoutActor:
- 'ee/lib/gitlab/geo/replication/blob_downloader.rb'
- 'ee/lib/gitlab/geo/replicator.rb'
- 'ee/lib/gitlab/llm/tanuki_bot.rb'
- 'ee/lib/gitlab/search/zoekt/client.rb'
- 'ee/lib/gitlab/usage_data_counters/epic_activity_unique_counter.rb'
- 'ee/lib/search/zoekt/circuit_breaker.rb'
- 'ee/spec/lib/gitlab/product_analytics/developments/setup_spec.rb'

1
.rubocop_todo/layout/class_structure.yml
View File

@ -2,7 +2,6 @@
# Cop supports --autocorrect.
Layout/ClassStructure:
Exclude:
- 'app/finders/group_members_finder.rb'
- 'app/finders/groups/environment_scopes_finder.rb'
- 'app/finders/issuable_finder.rb'
- 'app/graphql/mutations/base_mutation.rb'

1
.rubocop_todo/style/map_into_array.yml
View File

@ -8,7 +8,6 @@ Style/MapIntoArray:
- 'config/settings.rb'
- 'ee/app/workers/product_analytics/move_funnels_worker.rb'
- 'ee/lib/elastic/latest/user_class_proxy.rb'
- 'ee/lib/gitlab/search/zoekt/client.rb'
- 'ee/spec/lib/search/elastic/references/embedding_spec.rb'
- 'lib/gitlab/database/query_analyzers/prevent_set_operator_mismatch/node.rb'
- 'lib/gitlab/git/blame.rb'

1
GITLAB_ZOEKT_VERSION Normal file
View File

@ -0,0 +1 @@
0.16.0

2
Gemfile
View File

@ -533,7 +533,7 @@ group :development, :test do
gem 'influxdb-client', '~> 3.1', require: false, feature_category: :tooling
gem 'knapsack', '~> 4.0.0', feature_category: :tooling
gem 'crystalball', '~> 0.7.0', require: false, feature_category: :tooling
gem 'gitlab-crystalball', '~> 0.7.2', require: false, feature_category: :tooling
gem 'test_file_finder', '~> 0.3.1', feature_category: :tooling
gem 'simple_po_parser', '~> 1.1.6', require: false, feature_category: :shared

2
Gemfile.checksum
View File

@ -94,7 +94,6 @@
{"name":"crack","version":"0.4.3","platform":"ruby","checksum":"5318ba8cd9cf7e0b5feb38948048503ba4b1fdc1b6ff30a39f0a00feb6036b29"},
{"name":"crass","version":"1.0.6","platform":"ruby","checksum":"dc516022a56e7b3b156099abc81b6d2b08ea1ed12676ac7a5657617f012bd45d"},
{"name":"creole","version":"0.5.0","platform":"ruby","checksum":"951701e2d80760f156b1cb2a93471ca97c076289becc067a33b745133ed32c03"},
{"name":"crystalball","version":"0.7.0","platform":"ruby","checksum":"6e729f372a5071daec877adb40c5df4cb25fe21f350635e2a9624373fc151ef2"},
{"name":"css_parser","version":"1.14.0","platform":"ruby","checksum":"f2ce6148cd505297b07bdbe7a5db4cce5cf530071f9b732b9a23538d6cdc0113"},
{"name":"cssbundling-rails","version":"1.4.3","platform":"ruby","checksum":"53aecd5a7d24ac9c8fcd92975acd0e830fead4ee4583d3d3d49bb64651946e41"},
{"name":"csv","version":"3.3.0","platform":"ruby","checksum":"0bbd1defdc31134abefed027a639b3723c2753862150f4c3ee61cab71b20d67d"},
@ -220,6 +219,7 @@
{"name":"gitlab","version":"4.19.0","platform":"ruby","checksum":"3f645e3e195dbc24f0834fbf83e8ccfb2056d8e9712b01a640aad418a6949679"},
{"name":"gitlab-chronic","version":"0.10.6","platform":"ruby","checksum":"a244d11a1396d2aac6ae9b2f326adf1605ec1ad20c29f06e8b672047d415a9ac"},
{"name":"gitlab-cloud-connector","version":"1.11.0","platform":"ruby","checksum":"fb131bb3d04a7d014a08311cd7ff669ed3c5577d9d0b11df7216f768dfd5c0c8"},
{"name":"gitlab-crystalball","version":"0.7.2","platform":"ruby","checksum":"c4ed7871d5952377ba38dedc2d64febc204273b5a7d98c954b777b4a9aceb49a"},
{"name":"gitlab-dangerfiles","version":"4.9.1","platform":"ruby","checksum":"296b19d8aca5e4da8d391234914a1c4dfedc29700ddbcd9c554b6ffaa7fdf1b2"},
{"name":"gitlab-experiment","version":"0.9.1","platform":"ruby","checksum":"f230ee742154805a755d5f2539dc44d93cdff08c5bbbb7656018d61f93d01f48"},
{"name":"gitlab-fog-azure-rm","version":"2.2.0","platform":"ruby","checksum":"31aa7c2170f57874053144e7f716ec9e15f32e71ffbd2c56753dce46e2e78ba9"},

6
Gemfile.lock
View File

@ -479,8 +479,6 @@ GEM
safe_yaml (~> 1.0.0)
crass (1.0.6)
creole (0.5.0)
crystalball (0.7.0)
git
css_parser (1.14.0)
addressable
cssbundling-rails (1.4.3)
@ -753,6 +751,8 @@ GEM
gitlab-cloud-connector (1.11.0)
activesupport (~> 7.0)
jwt (~> 2.9.3)
gitlab-crystalball (0.7.2)
git (< 4)
gitlab-dangerfiles (4.9.1)
danger (>= 9.3.0)
danger-gitlab (>= 8.0.0)
@ -2107,7 +2107,6 @@ DEPENDENCIES
countries (~> 4.0.0)
coverband (= 6.1.5)
creole (~> 0.5.0)
crystalball (~> 0.7.0)
cssbundling-rails (= 1.4.3)
csv_builder!
cvss-suite (~> 3.3.0)
@ -2163,6 +2162,7 @@ DEPENDENCIES
gitlab-backup-cli!
gitlab-chronic (~> 0.10.5)
gitlab-cloud-connector (~> 1.11)
gitlab-crystalball (~> 0.7.2)
gitlab-dangerfiles (~> 4.9.0)
gitlab-duo-workflow-service-client (~> 0.1)!
gitlab-experiment (~> 0.9.1)

2
Gemfile.next.checksum
View File

@ -94,7 +94,6 @@
{"name":"crack","version":"0.4.3","platform":"ruby","checksum":"5318ba8cd9cf7e0b5feb38948048503ba4b1fdc1b6ff30a39f0a00feb6036b29"},
{"name":"crass","version":"1.0.6","platform":"ruby","checksum":"dc516022a56e7b3b156099abc81b6d2b08ea1ed12676ac7a5657617f012bd45d"},
{"name":"creole","version":"0.5.0","platform":"ruby","checksum":"951701e2d80760f156b1cb2a93471ca97c076289becc067a33b745133ed32c03"},
{"name":"crystalball","version":"0.7.0","platform":"ruby","checksum":"6e729f372a5071daec877adb40c5df4cb25fe21f350635e2a9624373fc151ef2"},
{"name":"css_parser","version":"1.14.0","platform":"ruby","checksum":"f2ce6148cd505297b07bdbe7a5db4cce5cf530071f9b732b9a23538d6cdc0113"},
{"name":"cssbundling-rails","version":"1.4.3","platform":"ruby","checksum":"53aecd5a7d24ac9c8fcd92975acd0e830fead4ee4583d3d3d49bb64651946e41"},
{"name":"csv","version":"3.3.0","platform":"ruby","checksum":"0bbd1defdc31134abefed027a639b3723c2753862150f4c3ee61cab71b20d67d"},
@ -220,6 +219,7 @@
{"name":"gitlab","version":"4.19.0","platform":"ruby","checksum":"3f645e3e195dbc24f0834fbf83e8ccfb2056d8e9712b01a640aad418a6949679"},
{"name":"gitlab-chronic","version":"0.10.6","platform":"ruby","checksum":"a244d11a1396d2aac6ae9b2f326adf1605ec1ad20c29f06e8b672047d415a9ac"},
{"name":"gitlab-cloud-connector","version":"1.11.0","platform":"ruby","checksum":"fb131bb3d04a7d014a08311cd7ff669ed3c5577d9d0b11df7216f768dfd5c0c8"},
{"name":"gitlab-crystalball","version":"0.7.2","platform":"ruby","checksum":"c4ed7871d5952377ba38dedc2d64febc204273b5a7d98c954b777b4a9aceb49a"},
{"name":"gitlab-dangerfiles","version":"4.9.1","platform":"ruby","checksum":"296b19d8aca5e4da8d391234914a1c4dfedc29700ddbcd9c554b6ffaa7fdf1b2"},
{"name":"gitlab-experiment","version":"0.9.1","platform":"ruby","checksum":"f230ee742154805a755d5f2539dc44d93cdff08c5bbbb7656018d61f93d01f48"},
{"name":"gitlab-fog-azure-rm","version":"2.2.0","platform":"ruby","checksum":"31aa7c2170f57874053144e7f716ec9e15f32e71ffbd2c56753dce46e2e78ba9"},

6
Gemfile.next.lock
View File

@ -479,8 +479,6 @@ GEM
safe_yaml (~> 1.0.0)
crass (1.0.6)
creole (0.5.0)
crystalball (0.7.0)
git
css_parser (1.14.0)
addressable
cssbundling-rails (1.4.3)
@ -753,6 +751,8 @@ GEM
gitlab-cloud-connector (1.11.0)
activesupport (~> 7.0)
jwt (~> 2.9.3)
gitlab-crystalball (0.7.2)
git (< 4)
gitlab-dangerfiles (4.9.1)
danger (>= 9.3.0)
danger-gitlab (>= 8.0.0)
@ -2107,7 +2107,6 @@ DEPENDENCIES
countries (~> 4.0.0)
coverband (= 6.1.5)
creole (~> 0.5.0)
crystalball (~> 0.7.0)
cssbundling-rails (= 1.4.3)
csv_builder!
cvss-suite (~> 3.3.0)
@ -2163,6 +2162,7 @@ DEPENDENCIES
gitlab-backup-cli!
gitlab-chronic (~> 0.10.5)
gitlab-cloud-connector (~> 1.11)
gitlab-crystalball (~> 0.7.2)
gitlab-dangerfiles (~> 4.9.0)
gitlab-duo-workflow-service-client (~> 0.1)!
gitlab-experiment (~> 0.9.1)

3
app/assets/javascripts/issues/list/components/issue_card_time_info.vue
View File

@ -77,8 +77,9 @@ export default {
<work-item-attribute
v-if="dueDateText"
anchor-id="issuable-due-date"
wrapper-component-class="issuable-due-date"
:title="dueDateText"
title-component-class="issuable-due-date gl-mr-3"
title-component-class="gl-mr-3"
:tooltip-text="dueDateTitle"
tooltip-placement="top"
>

5
app/assets/javascripts/profile/preferences/components/profile_preferences.vue
View File

@ -1,4 +1,5 @@
<script>
import { isEqual } from 'lodash';
import { GlButton } from '@gitlab/ui';
import { createAlert, VARIANT_DANGER } from '~/alert';
import SettingsSection from '~/vue_shared/components/settings/settings_section.vue';
@ -103,8 +104,8 @@ export default {
// Reload the page if the theme has changed from light to dark mode or vice versa
// or if color scheme has changed to correctly load all required styles.
if (
this.colorModeOnCreate !== this.getSelectedColorMode() ||
this.schemeOnCreate !== this.getSelectedScheme()
!isEqual(this.colorModeOnCreate, this.getSelectedColorMode()) ||
!isEqual(this.schemeOnCreate, this.getSelectedScheme())
) {
window.location.reload();
return;

6
app/finders/group_members_finder.rb
View File

@ -1,6 +1,9 @@
# frozen_string_literal: true
class GroupMembersFinder < UnionFinder
include CreatedAtFilter
include Members::RoleParser
RELATIONS = %i[direct inherited descendants shared_from_groups].freeze
DEFAULT_RELATIONS = %i[direct inherited].freeze
INVALID_RELATION_TYPE_ERROR_MSG =
@ -13,9 +16,6 @@ class GroupMembersFinder < UnionFinder
shared_from_groups: "Invited group's members"
}.freeze
include CreatedAtFilter
include Members::RoleParser
# Params can be any of the following:
# two_factor: string. 'enabled' or 'disabled' are returning different set of data, other values are not effective.
# sort: string

3
config/initializers/1_settings.rb
View File

@ -266,6 +266,9 @@ end
Gitlab.ee do
Settings['elasticsearch'] ||= {}
Settings.elasticsearch['indexer_path'] ||= Gitlab::Utils.which('gitlab-elasticsearch-indexer')
Settings['zoekt'] ||= {}
Settings.zoekt['bin_path'] ||= Gitlab::Utils.which('gitlab-zoekt')
end
#

1
doc/administration/package_information/postgresql_versions.md
View File

@ -40,6 +40,7 @@ Read more about update policies and warnings in the PostgreSQL
| First GitLab version | PostgreSQL versions | Default version for fresh installs | Default version for upgrades | Notes |
| -------------- | ------------------- | ---------------------------------- | ---------------------------- | ----- |
| 18.0.0 | 16.8 | 16.8 | 16.8 | Package upgrades are aborted if PostgreSQL is not upgraded to 16 already. |
| 17.11.0 | 14.17, 16.8 | 16.8 | 16.8 | Package upgrades automatically perform an upgrade to PostgreSQL 16 for nodes that are not part of a Geo or HA cluster, unless [opted out](https://docs.gitlab.com/omnibus/settings/database/#opt-out-of-automatic-postgresql-upgrades). |
| 17.10.0 | 14.17, 16.8 | 16.8 | 16.8 | Fresh installs now default to PostgreSQL 16. |
| 17.9.2, 17.8.5, 17.7.7 | 14.17, 16.8 | 14.17 | 16.8 | |

24
doc/api/graphql/reference/_index.md
View File

@ -9385,6 +9385,30 @@ Input type: `ProjectSecretDeleteInput`
| <a id="mutationprojectsecretdeleteerrors"></a>`errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. |
| <a id="mutationprojectsecretdeleteprojectsecret"></a>`projectSecret` | [`ProjectSecret`](#projectsecret) | Deleted project secret. |
### `Mutation.projectSecretUpdate`
Input type: `ProjectSecretUpdateInput`
#### Arguments
| Name | Type | Description |
| ---- | ---- | ----------- |
| <a id="mutationprojectsecretupdatebranch"></a>`branch` | [`String`](#string) | New branches that can access the secret. |
| <a id="mutationprojectsecretupdateclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
| <a id="mutationprojectsecretupdatedescription"></a>`description` | [`String`](#string) | New description of the project secret. |
| <a id="mutationprojectsecretupdateenvironment"></a>`environment` | [`String`](#string) | New environments that can access the secret. |
| <a id="mutationprojectsecretupdatename"></a>`name` | [`String!`](#string) | Name of the project secret to update. |
| <a id="mutationprojectsecretupdateprojectpath"></a>`projectPath` | [`ID!`](#id) | Project of the secret. |
| <a id="mutationprojectsecretupdatevalue"></a>`value` | [`String`](#string) | New value of the project secret. |
#### Fields
| Name | Type | Description |
| ---- | ---- | ----------- |
| <a id="mutationprojectsecretupdateclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
| <a id="mutationprojectsecretupdateerrors"></a>`errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. |
| <a id="mutationprojectsecretupdateprojectsecret"></a>`projectSecret` | [`ProjectSecret`](#projectsecret) | Updated project secret. |
### `Mutation.projectSecretsManagerInitialize`
Input type: `ProjectSecretsManagerInitializeInput`

2
doc/ci/pipelines/_index.md
View File

@ -491,7 +491,7 @@ status icon to go to the detail page of that downstream pipeline.
## Pipeline success and duration charts
Pipeline analytics are available on the [**CI/CD Analytics** page](../../user/analytics/ci_cd_analytics.md#pipeline-success-and-duration-charts).
Pipeline analytics are available on the [**CI/CD Analytics** page](../../user/analytics/ci_cd_analytics.md).
## Pipeline badges

21
doc/development/ai_features/duo_chat.md
View File

@ -529,6 +529,27 @@ team member because
[you can make yourself an instance Admin in Staging Ref](https://handbook.gitlab.com/handbook/engineering/infrastructure/environments/staging-ref/#admin-access)
and, as an Admin, easily create licensed groups for testing.
### Important Testing Considerations
**Note**: A user who has a seat in multiple groups with different tiers of Duo add-on gets the highest tier experience across the entire instance.
It's not possible to test feature separation between different Duo add-ons if your test account has a seat in a higher tier add-on.
To properly test different tiers, create a separate test account for each tier you need to test.
### Staging testing groups
To simplify testing on [staging](https://staging.gitlab.com), several pre-configured groups have been created with the appropriate licenses and add-ons:
| Group | Duo Add-on | GitLab license |
| --- | --- | --- |
| [`duo_pro_gitlab_premium`](https://staging.gitlab.com/groups/duo_pro_gitlab_premium) | Pro | Premium |
| [`duo_pro_gitlab_ultimate`](https://staging.gitlab.com/groups/duo_pro_gitlab_ultimate) | Pro | Ultimate |
| [`duo_enterprise_gitlab_ultimate`](https://staging.gitlab.com/groups/duo_enterprise_gitlab_ultimate) | Enterprise | Ultimate |
Ask in the `#g_duo_chat` channel on Slack to be added as an Owner to these groups.
Once added as an Owner, you can add your secondary accounts to the group with a role Developer and assign them a seat in the Duo add-on.
Then you can sign in as your Developer user and test access control to Duo Chat.
### GitLab Duo Chat End-to-End Tests in live environments
Duo Chat end-to-end tests run continuously against [Staging](https://staging.gitlab.com/users/sign_in) and [Production](https://gitlab.com/) GitLab environments.

85
doc/user/analytics/ci_cd_analytics.md
View File

@ -12,12 +12,12 @@ title: CI/CD analytics
{{< /details >}}
Use the CI/CD analytics page to view pipeline success rates and duration, and the history of [DevOps Research and Assessment (DORA) metrics](dora_metrics.md) over time.
Use CI/CD analytics to gain insights into your pipeline performance and success rates.
## Pipeline success and duration charts
The CI/CD analytics page provides visualizations for critical CI/CD pipeline metrics directly in the GitLab UI.
This helps development teams quickly understand the health and efficiency of their software development process.
CI/CD analytics shows the history of your pipeline successes and failures, as well as how long each pipeline
ran.
## View CI/CD analytics
{{< history >}}
@ -25,66 +25,51 @@ ran.
{{< /history >}}
To view CI/CD analytics:
1. On the left sidebar, select **Search or go to** and find your project.
1. Select **CI/CD > Analytics**.
## Pipeline metrics
You can view the history of your pipeline successes and failures, and how long each pipeline ran.
Pipeline statistics are gathered by collecting all available pipelines for the
project, regardless of status. The data available for each individual day is based
on when the pipeline was created.
The total pipeline calculation includes child
pipelines and pipelines that failed with an invalid YAML. To filter pipelines based on other attributes, use the [Pipelines API](../../api/pipelines.md#list-project-pipelines).
CI/CD analytics displays key metrics about your pipelines:
## DevOps Research and Assessment (DORA) metrics charts
- **Total pipeline runs**: The total number of pipelines that have run in the selected time period. The total pipeline calculation includes child pipelines and pipelines that failed with an invalid YAML.
To filter pipelines based on other attributes, use the [Pipelines API](../../api/pipelines.md#list-project-pipelines).
- **Median duration**: The median time it takes for pipelines to complete.
- **Failure rate**: The percentage of pipelines that failed.
- **Success rate**: The percentage of pipelines that completed successfully.
{{< details >}}
## Filter your results
- Tier: Ultimate
You can filter the analytics data to focus on specific areas:
{{< /details >}}
- **Source**: Filter by pipeline trigger source.
- **Branch**: Filter by the branch where the pipeline ran.
- **Date range**: Select the time period to analyze (for example, last week).
{{< history >}}
Filtering allows you to analyze the performance of specific workflow components or compare different branches.
- Time to restore service chart [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/356959) in GitLab 15.1.
## Pipeline duration chart
{{< /history >}}
The duration chart shows how your pipeline execution times changed over time. The chart displays:
CI/CD analytics also display metrics and charts for DORA metrics.
The charts display the evolution of each DORA metric over time, for the last week, month, 90 days, or 180 days.
This information provides insights into the health of your organization.
- **Median (50th percentile)**: The typical pipeline duration.
- **95th percentile**: 95% of pipelines complete in this time or less, while only 5% take longer.
## View CI/CD analytics
This visualization helps you identify trends in pipeline duration, which can help you determine your CI/CD process efficiency over time.
You can view CI/CD analytics for a group or project.
## Pipeline status chart
Prerequisites:
The status chart shows the distribution of pipeline statuses over time:
- To view DORA metrics, the group or project must have an environment in the [production deployment tier](../../ci/environments/_index.md#deployment-tier-of-environments).
- **Successful**: Pipelines that completed without errors.
- **Failed**: Pipelines that did not complete successfully due to errors.
- **Other**: Pipelines with other statuses (canceled, skipped).
### For a group
{{< details >}}
- Tier: Ultimate
{{< /details >}}
To view CI/CD analytics for a group:
1. On the left sidebar, select **Search or go to** and find your group.
1. Select **Analyze > CI/CD analytics**.
The page displays metrics and charts for:
- Release statistics
- DORA metrics
### For a project
To view CI/CD analytics for a project:
1. On the left sidebar, select **Search or go to** and find your project.
1. Select **Analyze > CI/CD analytics**.
The page displays metrics and charts for:
- Pipelines
- DORA metrics
- Project quality
This visualization helps you track the stability of your pipelines and identify periods with higher failure rates.

6
doc/user/analytics/dora_metrics.md
View File

@ -117,6 +117,12 @@ The first step is to benchmark the CI/CD pipelines' efficiency between groups an
## Time to restore service
{{< history >}}
- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/356959) in GitLab 15.1.
{{< /history >}}
Time to restore service is the amount of time it takes an organization to recover from a failure in production.
For software leaders, time to restore service reflects how long it takes an organization to recover from a failure in production.

50
doc/user/analytics/dora_metrics_charts.md Normal file
View File

@ -0,0 +1,50 @@
---
stage: Deploy
group: Environments
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: DevOps Research and Assessment (DORA) metrics charts
---
{{< details >}}
- Tier: Ultimate
- Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated
{{< /details >}}
CI/CD analytics page display metrics and charts for [DevOps Research and Assessment (DORA) metrics](dora_metrics.md).
The charts display the evolution of each DORA metric over time, for the last week, month, 90 days, or 180 days.
This information provides insights into the health of your organization.
## View CI/CD analytics
You can view CI/CD analytics for a group or project.
Prerequisites:
- To view DORA metrics, the group or project must have an environment in the [production deployment tier](../../ci/environments/_index.md#deployment-tier-of-environments).
### For a group
To view CI/CD analytics for a group:
1. On the left sidebar, select **Search or go to** and find your group.
1. Select **Analyze > CI/CD analytics**.
The page displays metrics and charts for:
- Release statistics
- DORA metrics
### For a project
To view CI/CD analytics for a project:
1. On the left sidebar, select **Search or go to** and find your project.
1. Select **Analyze > CI/CD analytics**.
The page displays metrics and charts for:
- Pipelines
- DORA metrics
- Project quality

11
doc/user/application_security/dependency_scanning/static_reachability.md
View File

@ -56,10 +56,13 @@ Prerequisites:
To enable static reachability analysis:
- Edit the project `.gitlab-ci.yml` file and set `DS_STATIC_REACHABILITY_ENABLED` to `true`.
- Set the CI/CD variable DS_STATIC_REACHABILITY_ENABLED to `true`
<details><summary>If you are using GitLab release `17.11.x` continue with these instructions</summary>
- Make sure you extend `dependency-scanning-with-reachability` needs section to depend on the build job that creates the artifact required by the DS analyzer.
Enabling static reachability:
Enabling static reachability for non SaaS users using `17.11.x` release:
```yaml
stages:
@ -111,6 +114,10 @@ dependency scanning without adding reachability data to the SBOM.
{{< /alert >}}
</details>
Static reachability is currently integrated into the `dependency-scanning` job of the latest dependency scanning template for GitLab.com users, and will be available to all GitLab users with the 18.0 release.
Static reachability analysis functionality is supported in [Dependency Scanning analyzer](https://gitlab.com/gitlab-org/security-products/analyzers/dependency-scanning) version `0.23.0` and all subsequent versions.
{{< alert type="warning" >}}

7
doc/user/group/import/direct_transfer_migrations.md
View File

@ -122,9 +122,10 @@ has an existing membership in the destination namespace with a [higher role](../
the one being mapped, the membership is mapped as a direct membership instead. This ensures the member does not get
elevated permissions.
[In GitLab 18.0 and later](https://gitlab.com/gitlab-org/gitlab/-/issues/510673),
for top-level groups with at least one enterprise user, you can map
contributions and memberships only to [enterprise users](../../enterprise_user/_index.md).
[In GitLab 18.0 and later](https://gitlab.com/gitlab-org/gitlab/-/issues/510673), if your top-level group has at least one
[enterprise user](../../enterprise_user/_index.md), you can only reassign users' contributions to enterprise users claimed
by your organization. This significantly reduces the potential for errors during user reassignment. The same scoping is
also applied to CSV-based reassignment, preventing accidental assignment to users outside your organization.
{{< alert type="note" >}}

14
doc/user/project/import/_index.md
View File

@ -290,6 +290,20 @@ subsequent imports from the same source instance to the same top-level group or
subgroup on the destination instance do not create placeholder users.
Instead, contributions are mapped automatically to the user.
#### Placeholder user deletion
When you delete a top-level group that contains placeholder users, those placeholder users are
automatically removed. However, placeholder users remain in the system if they are also associated
with projects or groups outside the deleted top-level group.
{{< alert type="note" >}}
There is no other way to delete placeholder users, but support for improvements is proposed in
[issue 519391](https://gitlab.com/gitlab-org/gitlab/-/issues/519391) and
[issue 537340](https://gitlab.com/gitlab-org/gitlab/-/issues/537340).
{{< /alert >}}
#### Placeholder user limits
If importing to GitLab.com, placeholder users are limited per top-level group on the destination instance. The limits differ depending on your plan and seat count. Placeholder users do not count towards license limits.

9
doc/user/project/milestones/_index.md
View File

@ -313,14 +313,5 @@ When filtering by milestone, in addition to choosing a specific project mileston
- **None**: Show issues or merge requests with no assigned milestone.
- **Any**: Show issues or merge requests with an assigned milestone.
- **Upcoming**: Show issues or merge requests with an open assigned milestone starting in the future.
In GitLab 17.11 and earlier, this filter showed items with an open assigned milestone that had the nearest due date in
the future. The GitLab REST API continues to use the filtering
logic from GitLab 17.11 and earlier to avoid introducing a breaking change.
- **Started**: Show issues or merge requests with an open assigned milestone that overlaps with the current date. The
list excludes milestones without a defined start and due date.
In GitLab 17.11 and earlier, this filter showed items that had an open assigned milestone with a start date that was
before today. The GitLab REST API continues to use the filtering
logic from GitLab 17.11 and earlier to avoid introducing a breaking change.

20
doc/user/project/pages/getting_started/pages_from_scratch.md
View File

@ -45,16 +45,16 @@ Create three files in the root (top-level) directory:
- `index.html`: An HTML file you can populate with whatever HTML content
you'd like, for example:
```html
<html>
<head>
<title>Home</title>
</head>
<body>
<h1>Hello World!</h1>
</body>
</html>
```
```html
<html>
<head>
<title>Home</title>
</head>
<body>
<h1>Hello World!</h1>
</body>
</html>
```
- [`Gemfile`](https://bundler.io/gemfile.html): A file that describes dependencies for Ruby programs.

179
lib/gitlab/ci/templates/Jobs/Dependency-Scanning.latest.gitlab-ci.yml
View File

@ -265,116 +265,28 @@ gemnasium-python-dependency_scanning:
- '**/{$ANALYZER_SUPPORTED_FILES,$ADDITIONAL_SUPPORTED_FILES}'
dependency-scanning:
variables:
ANALYZER_SUPPORTED_FILES: "packages.lock.json,conan.lock,conda-lock.yml,pubspec.lock,go.mod,go.graph,ivy-report.xml,maven.graph.json,dependencies.lock,package-lock.json,npm-shrinkwrap.json,pnpm-lock.yaml,yarn.lock,Podfile.lock,composer.lock,pipdeptree.json,requirements.txt,Pipfile.lock,pipenv.graph.json,poetry.lock,uv.lock,Gemfile.lock,gems.locked,Cargo.lock,dependencies-compile.dot,Package.resolved"
ADDITIONAL_SUPPORTED_FILES: "pom.xml,build.gradle,build.gradle.kts,build.sbt,requirements.pip,Pipfile,requires.txt,setup.py"
stage: !reference [.ds-analyzer, stage]
image:
name: "$SECURE_ANALYZERS_PREFIX/dependency-scanning:v0"
script:
- /analyzer run
allow_failure: true
artifacts:
access: "developer"
paths:
- "**/gl-sbom-*.cdx.json"
reports:
cyclonedx: "**/gl-sbom-*.cdx.json"
rules:
- if: $DEPENDENCY_SCANNING_DISABLED == 'true' || $DEPENDENCY_SCANNING_DISABLED == '1'
when: never
# If Static Reachability is enabled, this job is replaced by the dependency-scanning-with-reachability job
- if: $DS_STATIC_REACHABILITY_ENABLED == 'true'
when: never
- if: $DS_EXCLUDED_ANALYZERS =~ /dependency-scanning/
when: never
# The following 3 blocks of rules define whether the job runs in a an *MR pipeline* or a *branch pipeline*
# when an MR exists. If the job has additional rules to observe they should be added in the blocks 1 and 3
# to cover both the *MR pipeline* and the *branch pipeline* workflows.
# 1. Run the job in an *MR pipeline* if MR pipelines for AST are enabled and there's an open merge request.
## If the new DS analyzer is enforced, run this job for all possibly supported projects including those
## that might need additional file(s) to be provided dynamically by the user. To do that, we use the list in
## ADDITIONAL_SUPPORTED_FILES to trigger the job based on non-scannable files present in the repository, and expect
## the scannable file(s) to be provided at runtime.
- if: $AST_ENABLE_MR_PIPELINES == "true" &&
$DS_ENFORCE_NEW_ANALYZER == 'true' &&
$CI_PIPELINE_SOURCE == "merge_request_event" &&
$GITLAB_FEATURES =~ /\bdependency_scanning\b/
exists:
- '**/{$ANALYZER_SUPPORTED_FILES,$ADDITIONAL_SUPPORTED_FILES}'
## When DS_PIPCOMPILE_REQUIREMENTS_FILE_NAME_PATTERN is configured
- if: $AST_ENABLE_MR_PIPELINES == "true" &&
$DS_PIPCOMPILE_REQUIREMENTS_FILE_NAME_PATTERN &&
$DS_ENFORCE_NEW_ANALYZER == 'true' &&
$CI_PIPELINE_SOURCE == "merge_request_event" &&
$GITLAB_FEATURES =~ /\bdependency_scanning\b/
## Otherwise, if the new DS analyzer is NOT enforced, run the job only if the project has files supported by the new DS analyzer
## and not already supported by any gemnasium job and ensure to exclude the files already covered by the gemnasium jobs from the analysis.
- if: $AST_ENABLE_MR_PIPELINES == "true" &&
$CI_PIPELINE_SOURCE == "merge_request_event" &&
$GITLAB_FEATURES =~ /\bdependency_scanning\b/
exists:
- '**/{conda-lock.yml,pubspec.lock,Podfile.lock,Cargo.lock,Package.resolved}'
variables:
DS_EXCLUDED_PATHS: 'spec, test, tests, tmp, **/build.gradle, **/build.gradle.kts, **/build.sbt, **/pom.xml, **/requirements.txt, **/requirements.pip, **/Pipfile, **/Pipfile.lock, **/requires.txt, **/setup.py, **/poetry.lock, **/uv.lock, **/packages.lock.json, **/conan.lock, **/package-lock.json, **/npm-shrinkwrap.json, **/pnpm-lock.yaml, **/yarn.lock, **/composer.lock, **/Gemfile.lock, **/gems.locked, **/go.graph, **/ivy-report.xml, **/maven.graph.json, **/dependencies.lock, **/pipdeptree.json, **/pipenv.graph.json, **/dependencies-compile.dot'
# 2. Don't run the job in a *branch pipeline* if *MR pipelines* for AST are enabled and there's an open merge request.
- if: $AST_ENABLE_MR_PIPELINES == "true" &&
$CI_OPEN_MERGE_REQUESTS
when: never
# 3. Finally, run the job in a *branch pipeline* (When MR pipelines are disabled for AST, or it is enabled but no open MRs exist for the branch).
## If the new DS analyzer is enforced, run this job for all possibly supported projects including those
## that might need additional file(s) to be provided dynamically by the user. To do that, we use the list in
## ADDITIONAL_SUPPORTED_FILES to trigger the job based on non-scannable files present in the repository, and expect
## the scannable file(s) to be provided at runtime.
- if: $DS_ENFORCE_NEW_ANALYZER == 'true' &&
$CI_COMMIT_BRANCH &&
$GITLAB_FEATURES =~ /\bdependency_scanning\b/
exists:
- '**/{$ANALYZER_SUPPORTED_FILES,$ADDITIONAL_SUPPORTED_FILES}'
## When DS_PIPCOMPILE_REQUIREMENTS_FILE_NAME_PATTERN is configured
- if: $DS_PIPCOMPILE_REQUIREMENTS_FILE_NAME_PATTERN &&
$DS_ENFORCE_NEW_ANALYZER == 'true' &&
$CI_COMMIT_BRANCH &&
$GITLAB_FEATURES =~ /\bdependency_scanning\b/
## Otherwise, if the new DS analyzer is NOT enforced, run the job only if the project has files supported by the new DS analyzer
## and not already supported by any gemnasium job and ensure to exclude the files already covered by the gemnasium jobs from the analysis.
- if: $CI_COMMIT_BRANCH &&
$GITLAB_FEATURES =~ /\bdependency_scanning\b/
exists:
- '**/{conda-lock.yml,pubspec.lock,Podfile.lock,Cargo.lock,Package.resolved}'
variables:
DS_EXCLUDED_PATHS: 'spec, test, tests, tmp, **/build.gradle, **/build.gradle.kts, **/build.sbt, **/pom.xml, **/requirements.txt, **/requirements.pip, **/Pipfile, **/Pipfile.lock, **/requires.txt, **/setup.py, **/poetry.lock, **/uv.lock, **/packages.lock.json, **/conan.lock, **/package-lock.json, **/npm-shrinkwrap.json, **/pnpm-lock.yaml, **/yarn.lock, **/composer.lock, **/Gemfile.lock, **/gems.locked, **/go.graph, **/ivy-report.xml, **/maven.graph.json, **/dependencies.lock, **/pipdeptree.json, **/pipenv.graph.json, **/dependencies-compile.dot'
# This job only runs if Static Reachability is enabled and the new DS analyzer is enforced
# It replaces the dependency-scanning job with a new one that depends on the gitlab-static-reachability job (using `needs`)
dependency-scanning-with-reachability:
stage: !reference [.ds-analyzer, stage]
variables:
ANALYZER_SUPPORTED_FILES: "packages.lock.json,conan.lock,conda-lock.yml,pubspec.lock,go.mod,go.graph,ivy-report.xml,maven.graph.json,dependencies.lock,package-lock.json,npm-shrinkwrap.json,pnpm-lock.yaml,yarn.lock,Podfile.lock,composer.lock,pipdeptree.json,requirements.txt,Pipfile.lock,pipenv.graph.json,poetry.lock,uv.lock,Gemfile.lock,gems.locked,Cargo.lock,dependencies-compile.dot,Package.resolved"
ADDITIONAL_SUPPORTED_FILES: "pom.xml,build.gradle,build.gradle.kts,build.sbt,requirements.pip,Pipfile,requires.txt,setup.py"
SCA_TO_SARIF_MATCHER_VERSION: "v2.0.2"
stage: !reference [.ds-analyzer, stage]
image:
name: "$SECURE_ANALYZERS_PREFIX/dependency-scanning:v0"
needs:
- job: gitlab-static-reachability
optional: true
artifacts: true
script:
- |
/analyzer run || exit $?
if [ -f "reachable_packages.json" ]; then
echo "Found reachable_packages.json"
echo "Downloading SCA-to-sarif-matcher ${SCA_TO_SARIF_MATCHER_VERSION}"
curl -L "gitlab.com/api/v4/projects/60962090/packages/generic/sca-to-sarif-matcher/${SCA_TO_SARIF_MATCHER_VERSION}/matcher" -o /home/gitlab/sbom-enricher
chmod +x /home/gitlab/sbom-enricher
/home/gitlab/sbom-enricher process --glas_report="reachable_packages.json"
if [ "$DS_STATIC_REACHABILITY_ENABLED" != "true" ]; then
exit 0
fi
/analyzer reachability || exit $?
if [ -f "reachable_packages.json" ]; then
echo "Found reachable_packages.json"
echo "Downloading SCA-to-sarif-matcher ${SCA_TO_SARIF_MATCHER_VERSION}"
curl -L "gitlab.com/api/v4/projects/60962090/packages/generic/sca-to-sarif-matcher/${SCA_TO_SARIF_MATCHER_VERSION}/matcher" -o /home/gitlab/sbom-enricher
chmod +x /home/gitlab/sbom-enricher
/home/gitlab/sbom-enricher process --glas_report="reachable_packages.json"
fi
allow_failure: true
artifacts:
access: "developer"
@ -385,8 +297,6 @@ dependency-scanning-with-reachability:
rules:
- if: $DEPENDENCY_SCANNING_DISABLED == 'true' || $DEPENDENCY_SCANNING_DISABLED == '1'
when: never
- if: $DS_STATIC_REACHABILITY_ENABLED != 'true' || $DS_ENFORCE_NEW_ANALYZER != 'true'
when: never
- if: $DS_EXCLUDED_ANALYZERS =~ /dependency-scanning/
when: never
@ -412,6 +322,16 @@ dependency-scanning-with-reachability:
$CI_PIPELINE_SOURCE == "merge_request_event" &&
$GITLAB_FEATURES =~ /\bdependency_scanning\b/
## Otherwise, if the new DS analyzer is NOT enforced, run the job only if the project has files supported by the new DS analyzer
## and not already supported by any gemnasium job and ensure to exclude the files already covered by the gemnasium jobs from the analysis.
- if: $AST_ENABLE_MR_PIPELINES == "true" &&
$CI_PIPELINE_SOURCE == "merge_request_event" &&
$GITLAB_FEATURES =~ /\bdependency_scanning\b/
exists:
- '**/{conda-lock.yml,pubspec.lock,Podfile.lock,Cargo.lock,Package.resolved}'
variables:
DS_EXCLUDED_PATHS: 'spec, test, tests, tmp, **/build.gradle, **/build.gradle.kts, **/build.sbt, **/pom.xml, **/requirements.txt, **/requirements.pip, **/Pipfile, **/Pipfile.lock, **/requires.txt, **/setup.py, **/poetry.lock, **/uv.lock, **/packages.lock.json, **/conan.lock, **/package-lock.json, **/npm-shrinkwrap.json, **/pnpm-lock.yaml, **/yarn.lock, **/composer.lock, **/Gemfile.lock, **/gems.locked, **/go.graph, **/ivy-report.xml, **/maven.graph.json, **/dependencies.lock, **/pipdeptree.json, **/pipenv.graph.json, **/dependencies-compile.dot'
# 2. Don't run the job in a *branch pipeline* if *MR pipelines* for AST are enabled and there's an open merge request.
- if: $AST_ENABLE_MR_PIPELINES == "true" &&
$CI_OPEN_MERGE_REQUESTS
@ -433,52 +353,11 @@ dependency-scanning-with-reachability:
$CI_COMMIT_BRANCH &&
$GITLAB_FEATURES =~ /\bdependency_scanning\b/
# This job only runs if Static Reachability is enabled and the new DS analyzer is enforced
gitlab-static-reachability:
stage: !reference [.ds-analyzer, stage]
variables:
SEARCH_MAX_DEPTH: 20
STATIC_REACHABILITY_ANALYZER_IMAGE_TAG: 2
# For now we are using GLAS as our static reachability analyzer
STATIC_REACHABILITY_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/gitlab-advanced-sast:$STATIC_REACHABILITY_ANALYZER_IMAGE_TAG"
image:
name: "$STATIC_REACHABILITY_ANALYZER_IMAGE"
cache: []
allow_failure: true
script:
- |
FOUND_FILES=$(find . -name "*.py" -type f -maxdepth "${SEARCH_MAX_DEPTH}" -not -path "*/\.*" | wc -l)
if [ "$FOUND_FILES" -eq 0 ]; then
echo "No Python files found within depth $SEARCH_MAX_DEPTH . Skiping gitlab-static-reachability"
exit 1
fi
export SAST_SCANNER_ALLOWED_CLI_OPTS="--sca-output-path reachable_packages.json"
echo keep-builtin-rules: false >> /lightz-aio_default_config.yaml
/analyzer run
chmod 644 reachable_packages.json
artifacts:
access: 'developer'
paths:
- reachable_packages.json
rules:
- if: $DS_STATIC_REACHABILITY_ENABLED != 'true' || $DS_ENFORCE_NEW_ANALYZER != 'true'
when: never
# if DS is disabled then static reachability cannot execute
- if: $DEPENDENCY_SCANNING_DISABLED == 'true' || $DEPENDENCY_SCANNING_DISABLED == '1'
when: never
# The following 3 blocks of rules define whether the job runs in a an *MR pipeline* or a *branch pipeline*
# when an MR exists. If the job has additional rules to observe they should be added in the blocks 1 and 3
# to cover both the *MR pipeline* and the *branch pipeline* workflows.
# 1. Run the job in an *MR* pipeline if MR pipelines for AST are enabled and there's an open merge request.
- if: $AST_ENABLE_MR_PIPELINES == "true" &&
$CI_PIPELINE_SOURCE == "merge_request_event" &&
$GITLAB_FEATURES =~ /\bsast_advanced\b/
# 2. Don't run the job in a *branch pipeline* if *MR pipelines* for AST are enabled and there's an open merge request.
- if: $AST_ENABLE_MR_PIPELINES == "true" &&
$CI_OPEN_MERGE_REQUESTS
when: never
# 3. Finally, run the job in a *branch pipeline* (When MR pipelines are disabled for AST, or it is enabled but no open MRs exist for the branch).
## Otherwise, if the new DS analyzer is NOT enforced, run the job only if the project has files supported by the new DS analyzer
## and not already supported by any gemnasium job and ensure to exclude the files already covered by the gemnasium jobs from the analysis.
- if: $CI_COMMIT_BRANCH &&
$GITLAB_FEATURES =~ /\bsast_advanced\b/
$GITLAB_FEATURES =~ /\bdependency_scanning\b/
exists:
- '**/{conda-lock.yml,pubspec.lock,Podfile.lock,Cargo.lock,Package.resolved}'
variables:
DS_EXCLUDED_PATHS: 'spec, test, tests, tmp, **/build.gradle, **/build.gradle.kts, **/build.sbt, **/pom.xml, **/requirements.txt, **/requirements.pip, **/Pipfile, **/Pipfile.lock, **/requires.txt, **/setup.py, **/poetry.lock, **/uv.lock, **/packages.lock.json, **/conan.lock, **/package-lock.json, **/npm-shrinkwrap.json, **/pnpm-lock.yaml, **/yarn.lock, **/composer.lock, **/Gemfile.lock, **/gems.locked, **/go.graph, **/ivy-report.xml, **/maven.graph.json, **/dependencies.lock, **/pipdeptree.json, **/pipenv.graph.json, **/dependencies-compile.dot'

1
scripts/frontend/quarantined_vue3_specs.txt
View File

@ -134,7 +134,6 @@ spec/frontend/pages/projects/pipeline_schedules/shared/components/interval_patte
spec/frontend/pages/shared/wikis/components/delete_wiki_modal_spec.js
spec/frontend/performance_bar/index_spec.js
spec/frontend/pipeline_wizard/components/step_spec.js
spec/frontend/profile/preferences/components/profile_preferences_spec.js
spec/frontend/projects/commit/components/form_modal_spec.js
spec/frontend/projects/commits/components/author_select_spec.js
spec/frontend/projects/report_abuse/components/report_abuse_dropdown_item_spec.js

1
scripts/setup-test-env
View File

@ -44,6 +44,7 @@ require_relative '../config/initializers/1_settings'
Gitlab.ee do
load File.expand_path('../ee/lib/tasks/gitlab/indexer.rake', __dir__)
load File.expand_path('../ee/lib/tasks/gitlab/zoekt.rake', __dir__)
load File.expand_path('../ee/lib/tasks/gitlab/secrets_management/openbao.rake', __dir__)
require_relative '../ee/lib/gitlab/elastic/indexer'