root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2025-02-27 00:07:37 +00:00
parent 0abf7c0dde
commit a05b64a221
66 changed files with 1247 additions and 1005 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.eslint_todo/vue-no-unused-properties.mjs
View File

@ -385,7 +385,6 @@ export default {
'app/assets/javascripts/work_items/components/notes/work_item_note_body.vue',
'app/assets/javascripts/work_items/components/shared/work_item_link_child_metadata.vue',
'app/assets/javascripts/work_items/components/shared/work_item_token_input.vue',
'app/assets/javascripts/work_items/components/work_item_actions.vue',
'app/assets/javascripts/work_items/components/work_item_assignees.vue',
'app/assets/javascripts/work_items/components/work_item_attributes_wrapper.vue',
'app/assets/javascripts/work_items/components/work_item_change_type_modal.vue',

3
.gitlab/ci/rails.gitlab-ci.yml
View File

@ -594,8 +594,7 @@ rspec:undercoverage:
stage: post-test
needs: ["rspec:coverage"]
script:
- apt install -y jq
- if [[ $(curl "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/merge_requests/${CI_MERGE_REQUEST_IID}" | jq ".labels" | grep "pipeline:skip-undercoverage") ]]; then
- if [[ ",${CI_MERGE_REQUEST_LABELS}," == *",pipeline:skip-undercoverage,"* ]]; then
echo "The 'pipeline:skip-undercoverage' label is set on the MR, exiting early.";
exit 0;
else

2
app/assets/javascripts/ci/ci_variable_list/components/ci_variable_drawer.vue
View File

@ -662,7 +662,7 @@ export default {
/>
<p
v-if="variable.key.length > 0 && !isKeyValid"
class="gl-mb-0 gl-border-none !gl-pb-0 !gl-pt-3 gl-text-red-500"
class="gl-mb-0 gl-border-none !gl-pb-0 !gl-pt-3 gl-text-danger"
>
{{ $options.i18n.keyFeedback }}
</p>

162
app/assets/javascripts/lib/utils/datetime/timeago_utility.js
View File

@ -1,7 +1,7 @@
import * as timeago from 'timeago.js';
import { newDate } from '~/lib/utils/datetime/date_calculation_utility';
import { DEFAULT_DATE_TIME_FORMAT, localeDateFormat } from '~/lib/utils/datetime/locale_dateformat';
import { languageCode, s__ } from '~/locale';
import { languageCode, getPluralFormIndex, s__, n__ } from '~/locale';
/**
* Timeago uses underscores instead of dashes to separate language from country code.
@ -10,64 +10,104 @@ import { languageCode, s__ } from '~/locale';
*/
export const timeagoLanguageCode = languageCode().replace(/-/g, '_');
const i18n = {
justNow: s__('Timeago|just now'),
rightNow: s__('Timeago|right now'),
secondsAgoPlural: (n) => n__('Timeago|1 second ago', 'Timeago|%s seconds ago', n),
secondsRemainingPlural: (n) =>
n__('Timeago|1 second remaining', 'Timeago|%s seconds remaining', n),
inSecondsPlural: (n) => n__('Timeago|in 1 second', 'Timeago|in %s seconds', n),
durationSecondsPlural: (n) => n__('Duration|1 second', 'Duration|%s seconds', n),
minutesAgoPlural: (n) => n__('Timeago|1 minute ago', 'Timeago|%s minutes ago', n),
minutesRemainingPlural: (n) =>
n__('Timeago|1 minute remaining', 'Timeago|%s minutes remaining', n),
inMinutesPlural: (n) => n__('Timeago|in 1 minute', 'Timeago|in %s minutes', n),
durationMinutesPlural: (n) => n__('Duration|1 minute', 'Duration|%s minutes', n),
hoursAgoPlural: (n) => n__('Timeago|1 hour ago', 'Timeago|%s hours ago', n),
hoursRemainingPlural: (n) => n__('Timeago|1 hour remaining', 'Timeago|%s hours remaining', n),
inHoursPlural: (n) => n__('Timeago|in 1 hour', 'Timeago|in %s hours', n),
durationHoursPlural: (n) => n__('Duration|1 hour', 'Duration|%s hours', n),
daysAgoPlural: (n) => n__('Timeago|1 day ago', 'Timeago|%s days ago', n),
daysRemainingPlural: (n) => n__('Timeago|1 day remaining', 'Timeago|%s days remaining', n),
inDaysPlural: (n) => n__('Timeago|in 1 day', 'Timeago|in %s days', n),
durationDaysPlural: (n) => n__('Duration|1 day', 'Duration|%s days', n),
weeksAgoPlural: (n) => n__('Timeago|1 week ago', 'Timeago|%s weeks ago', n),
weeksRemainingPlural: (n) => n__('Timeago|1 week remaining', 'Timeago|%s weeks remaining', n),
inWeeksPlural: (n) => n__('Timeago|in 1 week', 'Timeago|in %s weeks', n),
durationWeeksPlural: (n) => n__('Duration|1 week', 'Duration|%s weeks', n),
monthsAgoPlural: (n) => n__('Timeago|1 month ago', 'Timeago|%s months ago', n),
monthsRemainingPlural: (n) => n__('Timeago|1 month remaining', 'Timeago|%s months remaining', n),
inMonthsPlural: (n) => n__('Timeago|in 1 month', 'Timeago|in %s months', n),
durationMonthsPlural: (n) => n__('Duration|1 month', 'Duration|%s months', n),
yearsAgoPlural: (n) => n__('Timeago|1 year ago', 'Timeago|%s years ago', n),
yearsRemainingPlural: (n) => n__('Timeago|1 year remaining', 'Timeago|%s years remaining', n),
inYearsPlural: (n) => n__('Timeago|in 1 year', 'Timeago|in %s years', n),
durationYearsPlural: (n) => n__('Duration|1 year', 'Duration|%s years', n),
pastDue: s__('Timeago|Past due'),
};
/**
* Registers timeago locales
*/
const memoizedLocaleRemaining = () => {
const cache = [];
const timeAgoLocaleRemaining = [
() => [s__('Timeago|just now'), s__('Timeago|right now')],
() => [s__('Timeago|just now'), s__('Timeago|%s seconds remaining')],
() => [s__('Timeago|1 minute ago'), s__('Timeago|1 minute remaining')],
() => [s__('Timeago|%s minutes ago'), s__('Timeago|%s minutes remaining')],
() => [s__('Timeago|1 hour ago'), s__('Timeago|1 hour remaining')],
() => [s__('Timeago|%s hours ago'), s__('Timeago|%s hours remaining')],
() => [s__('Timeago|1 day ago'), s__('Timeago|1 day remaining')],
() => [s__('Timeago|%s days ago'), s__('Timeago|%s days remaining')],
() => [s__('Timeago|1 week ago'), s__('Timeago|1 week remaining')],
() => [s__('Timeago|%s weeks ago'), s__('Timeago|%s weeks remaining')],
() => [s__('Timeago|1 month ago'), s__('Timeago|1 month remaining')],
() => [s__('Timeago|%s months ago'), s__('Timeago|%s months remaining')],
() => [s__('Timeago|1 year ago'), s__('Timeago|1 year remaining')],
() => [s__('Timeago|%s years ago'), s__('Timeago|%s years remaining')],
const locales = [
() => [i18n.justNow, i18n.rightNow],
(n) => [i18n.secondsAgoPlural(n), i18n.secondsRemainingPlural(n)],
() => [i18n.minutesAgoPlural(1), i18n.minutesRemainingPlural(1)],
(n) => [i18n.minutesAgoPlural(n), i18n.minutesRemainingPlural(n)],
() => [i18n.hoursAgoPlural(1), i18n.hoursRemainingPlural(1)],
(n) => [i18n.hoursAgoPlural(n), i18n.hoursRemainingPlural(n)],
() => [i18n.daysAgoPlural(1), i18n.daysRemainingPlural(1)],
(n) => [i18n.daysAgoPlural(n), i18n.daysRemainingPlural(n)],
() => [i18n.weeksAgoPlural(1), i18n.weeksRemainingPlural(1)],
(n) => [i18n.weeksAgoPlural(n), i18n.weeksRemainingPlural(n)],
() => [i18n.monthsAgoPlural(1), i18n.monthsRemainingPlural(1)],
(n) => [i18n.monthsAgoPlural(n), i18n.monthsRemainingPlural(n)],
() => [i18n.yearsAgoPlural(1), i18n.yearsRemainingPlural(1)],
(n) => [i18n.yearsAgoPlural(n), i18n.yearsRemainingPlural(n)],
];
return (number, index) => {
if (cache[index]) {
return cache[index];
const form = getPluralFormIndex(number);
const cacheKey = `${index}-${form}`;
if (!cache[cacheKey]) {
cache[cacheKey] = locales[index] && locales[index](number);
}
cache[index] = timeAgoLocaleRemaining[index] && timeAgoLocaleRemaining[index]();
return cache[index];
return cache[cacheKey];
};
};
const memoizedLocale = () => {
const cache = [];
const timeAgoLocale = [
() => [s__('Timeago|just now'), s__('Timeago|right now')],
() => [s__('Timeago|just now'), s__('Timeago|in %s seconds')],
() => [s__('Timeago|1 minute ago'), s__('Timeago|in 1 minute')],
() => [s__('Timeago|%s minutes ago'), s__('Timeago|in %s minutes')],
() => [s__('Timeago|1 hour ago'), s__('Timeago|in 1 hour')],
() => [s__('Timeago|%s hours ago'), s__('Timeago|in %s hours')],
() => [s__('Timeago|1 day ago'), s__('Timeago|in 1 day')],
() => [s__('Timeago|%s days ago'), s__('Timeago|in %s days')],
() => [s__('Timeago|1 week ago'), s__('Timeago|in 1 week')],
() => [s__('Timeago|%s weeks ago'), s__('Timeago|in %s weeks')],
() => [s__('Timeago|1 month ago'), s__('Timeago|in 1 month')],
() => [s__('Timeago|%s months ago'), s__('Timeago|in %s months')],
() => [s__('Timeago|1 year ago'), s__('Timeago|in 1 year')],
() => [s__('Timeago|%s years ago'), s__('Timeago|in %s years')],
const locales = [
() => [i18n.justNow, i18n.rightNow],
(n) => [i18n.secondsAgoPlural(n), i18n.inSecondsPlural(n)],
() => [i18n.minutesAgoPlural(1), i18n.inMinutesPlural(1)],
(n) => [i18n.minutesAgoPlural(n), i18n.inMinutesPlural(n)],
() => [i18n.hoursAgoPlural(1), i18n.inHoursPlural(1)],
(n) => [i18n.hoursAgoPlural(n), i18n.inHoursPlural(n)],
() => [i18n.daysAgoPlural(1), i18n.inDaysPlural(1)],
(n) => [i18n.daysAgoPlural(n), i18n.inDaysPlural(n)],
() => [i18n.weeksAgoPlural(1), i18n.inWeeksPlural(1)],
(n) => [i18n.weeksAgoPlural(n), i18n.inWeeksPlural(n)],
() => [i18n.monthsAgoPlural(1), i18n.inMonthsPlural(1)],
(n) => [i18n.monthsAgoPlural(n), i18n.inMonthsPlural(n)],
() => [i18n.yearsAgoPlural(1), i18n.inYearsPlural(1)],
(n) => [i18n.yearsAgoPlural(n), i18n.inYearsPlural(n)],
];
return (number, index) => {
if (cache[index]) {
return cache[index];
const form = getPluralFormIndex(number);
const cacheKey = `${index}-${form}`;
if (!cache[cacheKey]) {
cache[cacheKey] = locales[index] && locales[index](number);
}
cache[index] = timeAgoLocale[index] && timeAgoLocale[index]();
return cache[index];
return cache[cacheKey];
};
};
@ -77,29 +117,31 @@ const memoizedLocale = () => {
const memoizedLocaleDuration = () => {
const cache = [];
const durations = [
() => [s__('Duration|%s seconds')],
() => [s__('Duration|%s seconds')],
() => [s__('Duration|1 minute')],
() => [s__('Duration|%s minutes')],
() => [s__('Duration|1 hour')],
() => [s__('Duration|%s hours')],
() => [s__('Duration|1 day')],
() => [s__('Duration|%s days')],
() => [s__('Duration|1 week')],
() => [s__('Duration|%s weeks')],
() => [s__('Duration|1 month')],
() => [s__('Duration|%s months')],
() => [s__('Duration|1 year')],
() => [s__('Duration|%s years')],
const locales = [
(n) => [i18n.durationSecondsPlural(n)],
(n) => [i18n.durationSecondsPlural(n)],
() => [i18n.durationMinutesPlural(1)],
(n) => [i18n.durationMinutesPlural(n)],
() => [i18n.durationHoursPlural(1)],
(n) => [i18n.durationHoursPlural(n)],
() => [i18n.durationDaysPlural(1)],
(n) => [i18n.durationDaysPlural(n)],
() => [i18n.durationWeeksPlural(1)],
(n) => [i18n.durationWeeksPlural(n)],
() => [i18n.durationMonthsPlural(1)],
(n) => [i18n.durationMonthsPlural(n)],
() => [i18n.durationYearsPlural(1)],
(n) => [i18n.durationYearsPlural(n)],
];
return (_, index) => {
if (cache[index]) {
return cache[index];
return (number, index) => {
const form = getPluralFormIndex(number);
const cacheKey = `${index}-${form}`;
if (!cache[cacheKey]) {
cache[cacheKey] = locales[index] && locales[index](number);
}
cache[index] = durations[index] && durations[index]();
return cache[index];
return cache[cacheKey];
};
};
@ -147,7 +189,7 @@ export const timeFor = (time, expiredLabel) => {
return '';
}
if (new Date(time) < new Date()) {
return expiredLabel || s__('Timeago|Past due');
return expiredLabel || i18n.pastDue;
}
return timeago.format(time, `${timeagoLanguageCode}-remaining`).trim();
};

16
app/assets/javascripts/locale/index.js
View File

@ -44,6 +44,21 @@ const ngettext = (text, pluralText, count) => {
return translated[translated.length - 1];
};
/**
* Get the plural form index for a number.
*
* @param {number} number - The number to get the plural form for
* @returns {number} The plural form index for the number
*/
const getPluralFormIndex = (number) => {
const pluralFormFunc = Jed.PF.compile(
locale.options.locale_data[locale.options.domain][''].plural_forms,
);
return pluralFormFunc(number);
};
/**
* Translate context based text.
* @example
@ -130,6 +145,7 @@ function formatNumber(value, options = {}, langCode = languageCode()) {
export { languageCode };
export { gettext as __ };
export { ngettext as n__ };
export { getPluralFormIndex };
export { pgettext as s__ };
export { sprintf };
export { createDateTimeFormat };

2
app/assets/javascripts/super_sidebar/components/super_sidebar.vue
View File

@ -200,7 +200,7 @@ export default {
<div ref="overlay" class="super-sidebar-overlay" @click="collapseSidebar"></div>
<gl-button
v-if="sidebarData.is_logged_in"
class="super-sidebar-skip-to gl-sr-only !gl-fixed gl-left-0 gl-m-3 focus:gl-not-sr-only"
class="super-sidebar-skip-to gl-sr-only !gl-fixed gl-left-0 !gl-m-3 !gl-px-4 focus:gl-not-sr-only"
data-testid="super-sidebar-skip-to"
href="#content-body"
variant="confirm"

53
app/assets/javascripts/work_items/components/work_item_actions.vue
View File

@ -25,15 +25,6 @@ import {
I18N_WORK_ITEM_DELETE,
I18N_WORK_ITEM_ARE_YOU_SURE_DELETE,
I18N_WORK_ITEM_ARE_YOU_SURE_DELETE_HIERARCHY,
TEST_ID_CONFIDENTIALITY_TOGGLE_ACTION,
TEST_ID_NOTIFICATIONS_TOGGLE_FORM,
TEST_ID_DELETE_ACTION,
TEST_ID_PROMOTE_ACTION,
TEST_ID_CHANGE_TYPE_ACTION,
TEST_ID_MOVE_ACTION,
TEST_ID_COPY_CREATE_NOTE_EMAIL_ACTION,
TEST_ID_COPY_REFERENCE_ACTION,
TEST_ID_TOGGLE_ACTION,
I18N_WORK_ITEM_ERROR_CONVERTING,
WORK_ITEM_TYPE_VALUE_KEY_RESULT,
WORK_ITEM_TYPE_VALUE_OBJECTIVE,
@ -41,9 +32,6 @@ import {
I18N_WORK_ITEM_ERROR_COPY_REFERENCE,
I18N_WORK_ITEM_ERROR_COPY_EMAIL,
I18N_WORK_ITEM_NEW_RELATED_ITEM,
TEST_ID_LOCK_ACTION,
TEST_ID_REPORT_ABUSE,
TEST_ID_NEW_RELATED_WORK_ITEM,
WORK_ITEM_TYPE_ENUM_EPIC,
WORK_ITEM_TYPE_VALUE_EPIC,
WORK_ITEM_TYPE_VALUE_MAP,
@ -95,18 +83,6 @@ export default {
},
mixins: [glFeatureFlagMixin(), Tracking.mixin({ label: 'actions_menu' })],
isLoggedIn: isLoggedIn(),
notificationsToggleFormTestId: TEST_ID_NOTIFICATIONS_TOGGLE_FORM,
confidentialityTestId: TEST_ID_CONFIDENTIALITY_TOGGLE_ACTION,
copyReferenceTestId: TEST_ID_COPY_REFERENCE_ACTION,
copyCreateNoteEmailTestId: TEST_ID_COPY_CREATE_NOTE_EMAIL_ACTION,
deleteActionTestId: TEST_ID_DELETE_ACTION,
promoteActionTestId: TEST_ID_PROMOTE_ACTION,
changeTypeTestId: TEST_ID_CHANGE_TYPE_ACTION,
moveTestId: TEST_ID_MOVE_ACTION,
lockDiscussionTestId: TEST_ID_LOCK_ACTION,
stateToggleTestId: TEST_ID_TOGGLE_ACTION,
reportAbuseActionTestId: TEST_ID_REPORT_ABUSE,
newRelatedItemTestId: TEST_ID_NEW_RELATED_WORK_ITEM,
inject: ['hasOkrsFeature'],
props: {
fullPath: {
@ -133,11 +109,6 @@ export default {
required: false,
default: null,
},
workItemTypeId: {
type: String,
required: false,
default: null,
},
projectId: {
type: String,
required: true,
@ -542,7 +513,7 @@ export default {
<template v-if="$options.isLoggedIn && !hideSubscribe">
<gl-disclosure-dropdown-item
class="gl-flex gl-w-full gl-justify-end"
:data-testid="$options.notificationsToggleFormTestId"
data-testid="notifications-toggle-form"
>
<template #list-item>
<gl-toggle
@ -559,7 +530,7 @@ export default {
<work-item-state-toggle
v-if="canUpdate"
:data-testid="$options.stateToggleTestId"
data-testid="state-toggle-action"
:work-item-id="workItemId"
:work-item-iid="workItemIid"
:work-item-state="workItemState"
@ -573,7 +544,7 @@ export default {
<gl-disclosure-dropdown-item
v-if="canCreateRelatedItem && canUpdate"
:data-testid="$options.newRelatedItemTestId"
data-testid="new-related-work-item"
@action="isCreateWorkItemModalVisible = true"
>
<template #list-item>{{ newRelatedItemLabel }}</template>
@ -581,7 +552,7 @@ export default {
<gl-disclosure-dropdown-item
v-if="canPromoteToObjective"
:data-testid="$options.promoteActionTestId"
data-testid="promote-action"
@action="promoteToObjective"
>
<template #list-item>{{ __('Promote to objective') }}</template>
@ -589,7 +560,7 @@ export default {
<gl-disclosure-dropdown-item
v-if="showChangeType"
:data-testid="$options.changeTypeTestId"
data-testid="change-type-action"
@action="showChangeTypeModal"
>
<template #list-item>{{ $options.i18n.changeWorkItemType }}</template>
@ -597,7 +568,7 @@ export default {
<gl-disclosure-dropdown-item
v-if="showMoveButton"
:data-testid="$options.moveTestId"
data-testid="move-action"
@action="isMoveWorkItemModalVisible = true"
>
<template #list-item>{{ __('Move') }}</template>
@ -605,7 +576,7 @@ export default {
<gl-disclosure-dropdown-item
v-if="canUpdateMetadata"
:data-testid="$options.lockDiscussionTestId"
data-testid="lock-action"
@action="toggleDiscussionLock"
>
<template #list-item>
@ -618,12 +589,12 @@ export default {
v-if="canUpdateMetadata"
v-gl-tooltip.left.viewport.d0="confidentialTooltip"
:item="confidentialItem"
:data-testid="$options.confidentialityTestId"
data-testid="confidentiality-toggle-action"
@action="handleToggleWorkItemConfidentiality"
/>
<gl-disclosure-dropdown-item
:data-testid="$options.copyReferenceTestId"
data-testid="copy-reference-action"
:data-clipboard-text="workItemReference"
class="shortcut-copy-reference"
@action="copyToClipboard(workItemReference, $options.i18n.referenceCopied)"
@ -633,7 +604,7 @@ export default {
<gl-disclosure-dropdown-item
v-if="$options.isLoggedIn && workItemCreateNoteEmail"
:data-testid="$options.copyCreateNoteEmailTestId"
data-testid="copy-create-note-email-action"
:data-clipboard-text="workItemCreateNoteEmail"
@action="copyToClipboard(workItemCreateNoteEmail, $options.i18n.emailAddressCopied)"
>
@ -644,7 +615,7 @@ export default {
<gl-disclosure-dropdown-item
v-if="!isAuthor"
:data-testid="$options.reportAbuseActionTestId"
data-testid="report-abuse-action"
@action="handleToggleReportAbuseModal"
>
<template #list-item>{{ $options.i18n.reportAbuse }}</template>
@ -658,7 +629,7 @@ export default {
<template v-if="canDelete">
<gl-disclosure-dropdown-item
:data-testid="$options.deleteActionTestId"
data-testid="delete-action"
variant="danger"
@action="handleDelete"
>

4
app/assets/javascripts/work_items/components/work_item_detail.vue
View File

@ -298,9 +298,6 @@ export default {
workItemType() {
return this.workItem.workItemType?.name;
},
workItemTypeId() {
return this.workItem.workItemType?.id;
},
workItemAuthorId() {
return getIdFromGraphQLId(this.workItem.author?.id);
},
@ -903,7 +900,6 @@ export default {
:hide-subscribe="newTodoAndNotificationsEnabled"
:subscribed-to-notifications="workItemNotificationsSubscribed"
:work-item-type="workItemType"
:work-item-type-id="workItemTypeId"
:work-item-iid="iid"
:project-id="workItemProjectId"
:can-delete="canDelete"

4
app/assets/javascripts/work_items/components/work_item_sticky_header.vue
View File

@ -115,9 +115,6 @@ export default {
workItemType() {
return this.workItem.workItemType?.name;
},
workItemTypeId() {
return this.workItem.workItemType?.id;
},
projectFullPath() {
return this.workItem.namespace?.fullPath;
},
@ -197,7 +194,6 @@ export default {
:hide-subscribe="newTodoAndNotificationsEnabled"
:subscribed-to-notifications="workItemNotificationsSubscribed"
:work-item-type="workItemType"
:work-item-type-id="workItemTypeId"
:can-delete="canDelete"
:can-report-spam="canReportSpam"
:can-update="canUpdate"

13
app/assets/javascripts/work_items/constants.js
View File

@ -284,19 +284,6 @@ export const WORK_ITEM_ACTIVITY_SORT_OPTIONS = [
{ value: 'asc', text: __('Oldest first') },
];
export const TEST_ID_CONFIDENTIALITY_TOGGLE_ACTION = 'confidentiality-toggle-action';
export const TEST_ID_NOTIFICATIONS_TOGGLE_FORM = 'notifications-toggle-form';
export const TEST_ID_DELETE_ACTION = 'delete-action';
export const TEST_ID_PROMOTE_ACTION = 'promote-action';
export const TEST_ID_CHANGE_TYPE_ACTION = 'change-type-action';
export const TEST_ID_MOVE_ACTION = 'move-action';
export const TEST_ID_LOCK_ACTION = 'lock-action';
export const TEST_ID_COPY_REFERENCE_ACTION = 'copy-reference-action';
export const TEST_ID_COPY_CREATE_NOTE_EMAIL_ACTION = 'copy-create-note-email-action';
export const TEST_ID_TOGGLE_ACTION = 'state-toggle-action';
export const TEST_ID_REPORT_ABUSE = 'report-abuse-action';
export const TEST_ID_NEW_RELATED_WORK_ITEM = 'new-related-work-item';
export const TODO_ADD_ICON = 'todo-add';
export const TODO_DONE_ICON = 'todo-done';
export const TODO_DONE_STATE = 'done';

3
app/assets/stylesheets/framework/awards.scss
View File

@ -9,8 +9,11 @@
// Show active state.
.gl-button.selected {
@apply gl-text-default #{!important};
@apply gl-bg-blue-50 #{!important};
@apply gl-border-blue-500 #{!important};
@apply gl-shadow-none #{!important};
@apply gl-border-2 #{!important};
}
}

1
app/assets/stylesheets/framework/super_sidebar.scss
View File

@ -17,7 +17,6 @@ $command-palette-spacing: px-to-rem(14px);
.super-sidebar-skip-to {
top: $calc-application-bars-height;
width: calc(#{$super-sidebar-width} - #{$gl-spacing-scale-5});
z-index: $super-sidebar-skip-to-z-index;
}

2
app/models/concerns/encrypted_user_password.rb
View File

@ -91,6 +91,8 @@ module EncryptedUserPassword
return true if PBKDF2_SHA512_STRATEGY == password_strategy
end
# We do not want to send a "your password changed" notification on stretch update
skip_password_change_notification!
update_attribute(:password, password)
end

1
db/docs/ai_feature_settings.yml
View File

@ -8,4 +8,5 @@ description: The table links an AI feature with the self-hosted model
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/152380
milestone: '17.1'
gitlab_schema: gitlab_main_clusterwide
notes: Used only for self-managed. Not used in GitLab.com, nor Cells
table_size: small

1
db/docs/ai_self_hosted_models.yml
View File

@ -8,4 +8,5 @@ description: An AI Self Hosted Model definition
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/151793
milestone: '17.0'
gitlab_schema: gitlab_main_clusterwide
notes: Used only for self-managed. Not used in GitLab.com, nor Cells
table_size: small

4
db/docs/batched_background_migrations/backfill_ci_build_pending_states_project_id.yml
View File

@ -2,8 +2,8 @@
migration_job_name: BackfillCiBuildPendingStatesProjectId
description: Backfills sharding key `ci_build_pending_states.project_id` from `p_ci_builds`.
feature_category: continuous_integration
introduced_by_url: 'https://gitlab.com/gitlab-org/gitlab/-/merge_requests/171427'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/171427
milestone: '17.7'
queued_migration_version: 20241126151234
finalize_after: '2024-12-22'
finalized_by: # version of the migration that finalized this BBM
finalized_by: '20250220232338'

2
db/docs/batched_background_migrations/backfill_ci_build_trace_chunks_project_id.yml
View File

@ -6,4 +6,4 @@ introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/173767
milestone: '17.7'
queued_migration_version: 20241125174339
finalize_after: '2025-01-07'
finalized_by: # version of the migration that finalized this BBM
finalized_by: '20250220232412'

5
db/docs/batched_background_migrations/backfill_error_tracking_error_events_project_id.yml
View File

@ -1,8 +1,9 @@
---
migration_job_name: BackfillErrorTrackingErrorEventsProjectId
description: Backfills sharding key `error_tracking_error_events.project_id` from `error_tracking_errors`.
description: Backfills sharding key `error_tracking_error_events.project_id` from
`error_tracking_errors`.
feature_category: error_tracking
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/161341
milestone: '17.3'
queued_migration_version: 20240731160144
finalized_by: # version of the migration that finalized this BBM
finalized_by: '20250225231521'

2
db/migrate/20240730113710_create_compliance_requirements.rb
View File

@ -4,7 +4,7 @@ class CreateComplianceRequirements < Gitlab::Database::Migration[2.2]
milestone '17.3'
def change
create_table :compliance_requirements do |t| # rubocop:disable Migration/EnsureFactoryForTable -- https://gitlab.com/gitlab-org/gitlab/-/issues/468630
create_table :compliance_requirements do |t|
t.timestamps_with_timezone null: false
t.bigint :framework_id, null: false
t.bigint :namespace_id, null: false

2
db/migrate/20240821171027_create_security_policy_requirements.rb
View File

@ -4,7 +4,7 @@ class CreateSecurityPolicyRequirements < Gitlab::Database::Migration[2.2]
milestone '17.4'
def change
create_table :security_policy_requirements do |t| # rubocop:disable Migration/EnsureFactoryForTable -- https://gitlab.com/gitlab-org/gitlab/-/issues/468630
create_table :security_policy_requirements do |t|
t.bigint :compliance_framework_security_policy_id, null: false
t.bigint :compliance_requirement_id, null: false
t.bigint :namespace_id, null: false

21
db/post_migrate/20250220232338_finalize_hk_backfill_ci_build_pending_states_project_id.rb Normal file
View File

@ -0,0 +1,21 @@
# frozen_string_literal: true
class FinalizeHkBackfillCiBuildPendingStatesProjectId < Gitlab::Database::Migration[2.2]
milestone '17.10'
disable_ddl_transaction!
restrict_gitlab_migration gitlab_schema: :gitlab_ci
def up
ensure_batched_background_migration_is_finished(
job_class_name: 'BackfillCiBuildPendingStatesProjectId',
table_name: :ci_build_pending_states,
column_name: :id,
job_arguments: [:project_id, :p_ci_builds, :project_id, :build_id, :partition_id],
finalize: true
)
end
def down; end
end

21
db/post_migrate/20250220232412_finalize_hk_backfill_ci_build_trace_chunks_project_id.rb Normal file
View File

@ -0,0 +1,21 @@
# frozen_string_literal: true
class FinalizeHkBackfillCiBuildTraceChunksProjectId < Gitlab::Database::Migration[2.2]
milestone '17.10'
disable_ddl_transaction!
restrict_gitlab_migration gitlab_schema: :gitlab_ci
def up
ensure_batched_background_migration_is_finished(
job_class_name: 'BackfillCiBuildTraceChunksProjectId',
table_name: :ci_build_trace_chunks,
column_name: :id,
job_arguments: [:project_id, :p_ci_builds, :project_id, :build_id, :partition_id],
finalize: true
)
end
def down; end
end

21
db/post_migrate/20250225231521_finalize_hk_backfill_error_tracking_error_events_project_id.rb Normal file
View File

@ -0,0 +1,21 @@
# frozen_string_literal: true
class FinalizeHkBackfillErrorTrackingErrorEventsProjectId < Gitlab::Database::Migration[2.2]
milestone '17.10'
disable_ddl_transaction!
restrict_gitlab_migration gitlab_schema: :gitlab_main_cell
def up
ensure_batched_background_migration_is_finished(
job_class_name: 'BackfillErrorTrackingErrorEventsProjectId',
table_name: :error_tracking_error_events,
column_name: :id,
job_arguments: [:project_id, :error_tracking_errors, :project_id, :error_id],
finalize: true
)
end
def down; end
end

1
db/schema_migrations/20250220232338 Normal file
View File

@ -0,0 +1 @@
d90b344608c30dc7ef2ef1ec234ec63a1557c37d7e89a76479278cd4050190ca

1
db/schema_migrations/20250220232412 Normal file
View File

@ -0,0 +1 @@
3b58d555605800561fa124daa4280f9358fcafa1b3ca9dfb4d8e0c1fc202639a

1
db/schema_migrations/20250225231521 Normal file
View File

@ -0,0 +1 @@
75780b364dd180b5a078030963fc54ac898c492a679a593831e47c8ae05cfd6f

28
db/structure.sql
View File

@ -4297,20 +4297,6 @@ CREATE TABLE loose_foreign_keys_deleted_records (
)
PARTITION BY LIST (partition);
CREATE TABLE merge_request_diff_commits_b5377a7a34 (
authored_date timestamp without time zone,
committed_date timestamp without time zone,
sha bytea NOT NULL,
message text,
trailers jsonb DEFAULT '{}'::jsonb NOT NULL,
commit_author_id bigint,
committer_id bigint,
merge_request_diff_id bigint NOT NULL,
relative_order integer NOT NULL,
project_id bigint
)
PARTITION BY RANGE (merge_request_diff_id);
CREATE TABLE p_batched_git_ref_updates_deletions (
id bigint NOT NULL,
project_id bigint NOT NULL,
@ -16049,6 +16035,20 @@ CREATE TABLE merge_request_diff_commits (
committer_id bigint
);
CREATE TABLE merge_request_diff_commits_b5377a7a34 (
authored_date timestamp without time zone,
committed_date timestamp without time zone,
sha bytea NOT NULL,
message text,
trailers jsonb DEFAULT '{}'::jsonb NOT NULL,
commit_author_id bigint,
committer_id bigint,
merge_request_diff_id bigint NOT NULL,
relative_order integer NOT NULL,
project_id bigint
)
PARTITION BY RANGE (merge_request_diff_id);
CREATE TABLE merge_request_diff_details (
merge_request_diff_id bigint NOT NULL,
verification_retry_at timestamp with time zone,

2
doc/.vale/gitlab_base/SubstitutionWarning.yml
View File

@ -22,6 +22,8 @@ swap:
(?<!right-)click(?!-through): "select"
cancelled: "canceled"
cancelling: "canceling"
case sensitive: "case-sensitive"
case insensitive: "case-insensitive"
cherry pick: "cherry-pick"
code base: "codebase"
config: "configuration"

2
doc/administration/admin_area.md
View File

@ -160,7 +160,7 @@ You can impersonate a user in the following ways:
1. On the top right, select **Impersonate**.
- With the API, using [impersonation tokens](../api/rest/authentication.md#impersonation-tokens).
All impersonation activities are [captured with audit events](audit_event_reports.md#user-impersonation).
All impersonation activities are [captured with audit events](compliance/audit_event_reports.md#user-impersonation).
By default, impersonation is enabled. GitLab can be configured to [disable impersonation](../api/rest/authentication.md#disable-impersonation).
### User identities

113
doc/administration/audit_event_reports.md
View File

@ -1,110 +1,13 @@
---
stage: Software Supply Chain Security
group: Compliance
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Audit events administration
redirect_to: 'compliance/audit_event_reports.md'
remove_date: '2025-05-26'
---
In addition to [audit events](../user/compliance/audit_events.md), as an administrator, you can access additional
features.
<!-- markdownlint-disable -->
## Instance audit events
This document was moved to [another location](compliance/audit_event_reports.md).
{{< details >}}
- Tier: Premium, Ultimate
- Offering: GitLab Self-Managed
{{< /details >}}
You can view audit events from user actions across an entire GitLab instance.
To view instance audit events:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Monitoring > Audit events**.
1. Filter by the following:
- Member of the project (user) who performed the action
- Group
- Project
- Date Range
Instance audit events can also be accessed using the [instance audit events API](../api/audit_events.md#instance-audit-events). Instance audit event queries are limited to a maximum of 30 days.
## Exporting audit events
{{< details >}}
- Tier: Premium, Ultimate
- Offering: GitLab Self-Managed
{{< /details >}}
{{< history >}}
- Entity type `Gitlab::Audit::InstanceScope` for instance audit events [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/418185) in GitLab 16.2.
{{< /history >}}
You can export the current view (including filters) of your instance audit events as a
CSV(comma-separated values) file. To export the instance audit events to CSV:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Monitoring > Audit events**.
1. Select the available search filters.
1. Select **Export as CSV**.
A download confirmation dialog then appears for you to download the CSV file. The exported CSV is limited
to a maximum of 100000 events. The remaining records are truncated when this limit is reached.
### Audit event CSV encoding
The exported CSV file is encoded as follows:
- `,` is used as the column delimiter
- `"` is used to quote fields if necessary.
- `\n` is used to separate rows.
The first row contains the headers, which are listed in the following table along
with a description of the values:
| Column | Description |
| --------------------- | ---------------------------------------------------------------------------------- |
| **ID** | Audit event `id`. |
| **Author ID** | ID of the author. |
| **Author Name** | Full name of the author. |
| **Entity ID** | ID of the scope. |
| **Entity Type** | Type of the scope (`Project`, `Group`, `User`, or `Gitlab::Audit::InstanceScope`). |
| **Entity Path** | Path of the scope. |
| **Target ID** | ID of the target. |
| **Target Type** | Type of the target. |
| **Target Details** | Details of the target. |
| **Action** | Description of the action. |
| **IP Address** | IP address of the author who performed the action. |
| **Created At (UTC)** | Formatted as `YYYY-MM-DD HH:MM:SS`. |
All items are sorted by `created_at` in ascending order.
## User impersonation
{{< details >}}
- Tier: Premium, Ultimate
- Offering: GitLab Self-Managed
{{< /details >}}
When a user is [impersonated](admin_area.md#user-impersonation), their actions are logged as audit events with the following additional details:
- Audit events include information about the impersonating administrator.
- Extra audit events are recorded for the start and end of the administrator's impersonation session.
![An audit event with an impersonated user.](img/impersonated_audit_events_v15_7.png)
## Time zones
For information on timezones and audit events, see [Time zones](../user/compliance/audit_events.md#time-zones).
## Contribute to audit events
For information on contributing to audit events, see
[Contribute to audit events](../user/compliance/audit_events.md#contribute-to-audit-events).
<!-- This redirect file can be deleted after <2025-05-26>. -->
<!-- Redirects that point to other docs in the same project expire in three months. -->
<!-- Redirects that point to docs in a different project or site (for example, link is not relative and starts with `https:`) expire in one year. -->
<!-- Before deletion, see: https://docs.gitlab.com/development/documentation/redirects -->

377
doc/administration/audit_event_streaming/_index.md
View File

@ -1,374 +1,13 @@
---
stage: Software Supply Chain Security
group: Compliance
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Audit event streaming for instances
redirect_to: '../compliance/audit_event_streaming.md'
remove_date: '2025-05-26'
---
{{< details >}}
<!-- markdownlint-disable -->
- Tier: Ultimate
- Offering: GitLab Self-Managed, GitLab Dedicated
This document was moved to [another location](../compliance/audit_event_streaming.md).
{{< /details >}}
{{< history >}}
- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/398107) in GitLab 16.1 [with a flag](../feature_flags.md) named `ff_external_audit_events`. Disabled by default.
- [Feature flag `ff_external_audit_events`](https://gitlab.com/gitlab-org/gitlab/-/issues/393772) enabled by default in GitLab 16.2.
- Instance streaming destinations [made generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/393772) in GitLab 16.4. [Feature flag `ff_external_audit_events`](https://gitlab.com/gitlab-org/gitlab/-/issues/417708) removed.
- Custom HTTP headers UI [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/361630) in GitLab 15.2 [with a flag](../feature_flags.md) named `custom_headers_streaming_audit_events_ui`. Disabled by default.
- Custom HTTP headers UI [made generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/365259) in GitLab 15.3. [Feature flag `custom_headers_streaming_audit_events_ui`](https://gitlab.com/gitlab-org/gitlab/-/issues/365259) removed.
- [Improved user experience](https://gitlab.com/gitlab-org/gitlab/-/issues/367963) in GitLab 15.3.
- HTTP destination **Name** field [added](https://gitlab.com/gitlab-org/gitlab/-/issues/411357) in GitLab 16.3.
- Functionality for the **Active** checkbox [added](https://gitlab.com/gitlab-org/gitlab/-/issues/415268) in GitLab 16.5.
{{< /history >}}
Audit event streaming for instances, administrators can:
- Set a streaming destination for an entire instance to receive all audit events about that instance as structured JSON.
- Manage their audit logs in third-party systems. Any service that can receive structured JSON data can be used as the
streaming destination.
Each streaming destination can have up to 20 custom HTTP headers included with each streamed event.
GitLab can stream a single event more than once to the same destination. Use the `id` key in the payload to deduplicate
incoming data.
Audit events are sent using the POST request method protocol supported by HTTP.
{{< alert type="warning" >}}
Streaming destinations receive **all** audit event data, which could include sensitive information. Make sure you trust
the streaming destination.
{{< /alert >}}
Manage streaming destinations for an entire instance.
## HTTP destinations
Prerequisites:
- For better security, you should use an SSL certificate on the destination URL.
Manage HTTP streaming destinations for an entire instance.
### Add a new HTTP destination
Add a new HTTP streaming destination to an instance.
Prerequisites:
- Administrator access on the instance.
To add a streaming destination for an instance:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Monitoring > Audit events**.
1. On the main area, select the **Streams** tab.
1. Select **Add streaming destination** and select **HTTP endpoint** to show the section for adding destinations.
1. In the **Name** and **Destination URL** fields, add a destination name and URL.
1. Optional. To add custom HTTP headers, select **Add header** to create a new name and value pair, and input their values. Repeat this step for as many name and value pairs are required. You can add up to 20 headers per streaming destination.
1. To make the header active, select the **Active** checkbox. The header will be sent with the audit event.
1. Select **Add header** to create a new name and value pair. Repeat this step for as many name and value pairs are required. You can add up to
20 headers per streaming destination.
1. After all headers have been filled out, select **Add** to add the new streaming destination.
### List HTTP destinations
Prerequisites:
- Administrator access on the instance.
To list the streaming destinations for an instance:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Monitoring > Audit events**.
1. On the main area, select the **Streams** tab.
1. Select the stream to expand it and see all the custom HTTP headers.
### Update an HTTP destination
Prerequisites:
- Administrator access on the instance.
To update a instance streaming destination's name:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Monitoring > Audit events**.
1. On the main area, select the **Streams** tab.
1. Select the stream to expand.
1. In the **Name** fields, add a destination name to update.
1. Select **Save** to update the streaming destination.
To update a instance streaming destination's custom HTTP headers:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Monitoring > Audit events**.
1. On the main area, select the **Streams** tab.
1. Select the stream to expand.
1. Locate the **Custom HTTP headers** table.
1. Locate the header that you wish to update.
1. To make the header active, select the **Active** checkbox. The header will be sent with the audit event.
1. Select **Add header** to create a new name and value pair. Enter as many name and value pairs as required. You can add up to
20 headers per streaming destination.
1. Select **Save** to update the streaming destination.
### Delete an HTTP destination
Delete streaming destinations for an entire instance. When the last destination is successfully deleted, streaming is
disabled for the instance.
Prerequisites:
- Administrator access on the instance.
To delete the streaming destinations for an instance:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Monitoring > Audit events**.
1. On the main area, select the **Streams** tab.
1. Select the stream to expand.
1. Select **Delete destination**.
1. Confirm by selecting **Delete destination** in the dialog.
To delete only the custom HTTP headers for a streaming destination:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Monitoring > Audit events**.
1. On the main area, select the **Streams** tab.
1. To the right of the item, select **Edit** ({{< icon name="pencil" >}}).
1. Locate the **Custom HTTP headers** table.
1. Locate the header that you wish to remove.
1. To the right of the header, select **Delete** ({{< icon name="remove" >}}).
1. Select **Save** to update the streaming destination.
### Verify event authenticity
{{< history >}}
- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/398107) in GitLab 16.1 [with a flag](../feature_flags.md) named `ff_external_audit_events`. Disabled by default.
- [Feature flag `ff_external_audit_events`](https://gitlab.com/gitlab-org/gitlab/-/issues/393772) enabled by default in GitLab 16.2.
- Instance streaming destinations [made generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/393772) in GitLab 16.4. [Feature flag `ff_external_audit_events`](https://gitlab.com/gitlab-org/gitlab/-/issues/417708) removed.
{{< /history >}}
Each streaming destination has a unique verification token (`verificationToken`) that can be used to verify the authenticity of the event. This
token is either specified by the Owner or generated automatically when the event destination is created and cannot be changed.
Each streamed event contains the verification token in the `X-Gitlab-Event-Streaming-Token` HTTP header that can be verified against
the destination's value when listing streaming destinations.
Prerequisites:
- Administrator access on the instance.
To list streaming destinations for an instance and see the verification tokens:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Monitoring > Audit events**.
1. On the main area, select the **Streams** tab.
1. View the verification token on the right side of each item.
### Update event filters
{{< history >}}
- Event type filtering in the UI with a defined list of audit event types [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/415013) in GitLab 16.3.
{{< /history >}}
When this feature is enabled, you can permit users to filter streamed audit events per destination.
If the feature is enabled with no filters, the destination receives all audit events.
A streaming destination that has an event type filter set has a **filtered** ({{< icon name="filter" >}}) label.
To update a streaming destination's event filters:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Monitoring > Audit events**.
1. On the main area, select the **Streams** tab.
1. Select the stream to expand.
1. Locate the **Filter by audit event type** dropdown list.
1. Select the dropdown list and select or clear the required event types.
1. Select **Save** to update the event filters.
### Override default content type header
By default, streaming destinations use a `content-type` header of `application/x-www-form-urlencoded`. However, you
might want to set the `content-type` header to something else. For example ,`application/json`.
To override the `content-type` header default value for an instance streaming destination, use either:
- The [GitLab UI](#update-an-http-destination).
- The [GraphQL API](../../api/graphql/audit_event_streaming_instances.md#update-streaming-destinations).
## Google Cloud Logging destinations
{{< history >}}
- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/131851) in GitLab 16.5.
{{< /history >}}
Manage Google Cloud Logging destinations for an entire instance.
### Prerequisites
Before setting up Google Cloud Logging streaming audit events, you must:
1. Enable [Cloud Logging API](https://console.cloud.google.com/marketplace/product/google/logging.googleapis.com) on your Google Cloud project.
1. Create a service account for Google Cloud with the appropriate credentials and permissions. This account is used to configure audit log streaming authentication.
For more information, see [Creating and managing service accounts in the Google Cloud documentation](https://cloud.google.com/iam/docs/service-accounts-create#creating).
1. Enable the **Logs Writer** role for the service account to enable logging on Google Cloud. For more information, see [Access control with IAM](https://cloud.google.com/logging/docs/access-control#logging.logWriter).
1. Create a JSON key for the service account. For more information, see [Creating a service account key](https://cloud.google.com/iam/docs/keys-create-delete#creating).
### Add a new Google Cloud Logging destination
Prerequisites:
- Administrator access on the instance.
To add Google Cloud Logging streaming destinations to an instance:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Monitoring > Audit events**.
1. On the main area, select the **Streams** tab.
1. Select **Add streaming destination** and select **Google Cloud Logging** to show the section for adding destinations.
1. Enter a random string to use as a name for the new destination.
1. Enter the Google project ID, Google client email, and Google private key from previously-created Google Cloud service account key to add to the new destination.
1. Enter a random string to use as a log ID for the new destination. You can use this later to filter log results in Google Cloud.
1. Select **Add** to add the new streaming destination.
### List Google Cloud Logging destinations
Prerequisites:
- Administrator access on the instance.
To list Google Cloud Logging streaming destinations for an instance:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Monitoring > Audit events**.
1. On the main area, select the **Streams** tab.
1. Select the Google Cloud Logging stream to expand and see all the fields.
### Update a Google Cloud Logging destination
Prerequisites:
- Administrator access on the instance.
To update Google Cloud Logging streaming destinations to an instance:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Monitoring > Audit events**.
1. On the main area, select the **Streams** tab.
1. Select the Google Cloud Logging stream to expand.
1. Enter a random string to use as a name for the destination.
1. Enter the Google project ID and Google client email from previously-created Google Cloud service account key to update the destination.
1. Enter a random string to update the log ID for the destination. You can use this later to filter log results in Google Cloud.
1. Select **Add a new private key** and enter a Google private key to update the private key.
1. Select **Save** to update the streaming destination.
### Delete a Google Cloud Logging streaming destination
Prerequisites:
- Administrator access on the instance.
To delete Google Cloud Logging streaming destinations to an instance:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Monitoring > Audit events**.
1. On the main area, select the **Streams** tab.
1. Select the Google Cloud Logging stream to expand.
1. Select **Delete destination**.
1. Confirm by selecting **Delete destination** in the dialog.
## AWS S3 destinations
{{< history >}}
- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/138245) in GitLab 16.7 [with a flag](../feature_flags.md) named `allow_streaming_instance_audit_events_to_amazon_s3`. Disabled by default.
- [Feature flag `allow_streaming_instance_audit_events_to_amazon_s3`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/137391) removed in GitLab 16.8.
{{< /history >}}
Manage AWS S3 destinations for entire instance.
### Prerequisites
Before setting up AWS S3 streaming audit events, you must:
1. Create a access key for AWS with the appropriate credentials and permissions. This account is used to configure audit log streaming authentication.
For more information, see [Managing access keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html?icmpid=docs_iam_console#Using_CreateAccessKey).
1. Create a AWS S3 bucket. This bucket is used to store audit log streaming data. For more information, see [Creating a bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-bucket-overview.html)
### Add a new AWS S3 destination
Prerequisites:
- Administrator access on the instance.
To add AWS S3 streaming destinations to an instance:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Monitoring > Audit events**.
1. On the main area, select the **Streams** tab.
1. Select **Add streaming destination** and select **AWS S3** to show the section for adding destinations.
1. Enter a random string to use as a name for the new destination.
1. Enter the Access Key ID, Secret Access Key, Bucket Name, and AWS Region from previously-created AWS access key and bucket to add to the new destination.
1. Select **Add** to add the new streaming destination.
### List AWS S3 destinations
Prerequisites:
- Administrator access on the instance.
To list AWS S3 streaming destinations for an instance.
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Monitoring > Audit events**.
1. On the main area, select the **Streams** tab.
1. Select the AWS S3 stream to expand and see all the fields.
### Update an AWS S3 destination
Prerequisites:
- Administrator access on the instance.
To update AWS S3 streaming destinations to an instance:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Monitoring > Audit events**.
1. On the main area, select the **Streams** tab.
1. Select the AWS S3 stream to expand.
1. Enter a random string to use as a name for the destination.
1. Enter the Access Key ID, Secret Access Key, Bucket Name, and AWS Region from previously-created AWS access key and bucket to update the destination.
1. Select **Add a new Secret Access Key** and enter a AWS Secret Access Key to update the Secret Access Key.
1. Select **Save** to update the streaming destination.
### Delete an AWS S3 streaming destination
Prerequisites:
- Administrator access on the instance.
To delete AWS S3 streaming destinations on an instance:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Monitoring > Audit events**.
1. On the main area, select the **Streams** tab.
1. Select the AWS S3 stream to expand.
1. Select **Delete destination**.
1. Confirm by selecting **Delete destination** in the dialog.
## Related topics
- [Audit event streaming for top-level groups](../../user/compliance/audit_event_streaming.md)
<!-- This redirect file can be deleted after <2025-05-26>. -->
<!-- Redirects that point to other docs in the same project expire in three months. -->
<!-- Redirects that point to docs in a different project or site (for example, link is not relative and starts with `https:`) expire in one year. -->
<!-- Before deletion, see: https://docs.gitlab.com/development/documentation/redirects -->

85
doc/administration/compliance.md
View File

@ -1,82 +1,13 @@
---
stage: Software Supply Chain Security
group: Compliance
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Compliance features
redirect_to: 'compliance/compliance_features.md'
remove_date: '2025-05-26'
---
{{< details >}}
<!-- markdownlint-disable -->
- Tier: Free, Premium, Ultimate
- Offering: GitLab Self-Managed
This document was moved to [another location](compliance/compliance_features.md).
{{< /details >}}
GitLab compliance features ensure your GitLab instance meets common compliance standards, and are available at various pricing tiers. For more information about compliance management, see the compliance
management [solutions page](https://about.gitlab.com/solutions/compliance/).
The [security features](../security/_index.md) in GitLab may also help you meet relevant compliance standards.
For more information on all GitLab compliance features to ensure your GitLab group meets common compliance standards, see
[Compliance features](../user/compliance/_index.md).
## Compliant workflow automation
It is important for compliance teams to be confident that their controls and
requirements are set up correctly, but also that they _stay_ set up correctly.
One way of doing this is manually checking settings periodically, but this is
error prone and time consuming. A better approach is to use single-source-of-truth
settings and automation to ensure that whatever a compliance team has configured,
stays configured and working correctly. These features can help you automate
compliance:
| Feature | Instances | Groups | Projects | Description |
|:----------------------------------------------------------------------------------------------------------------------------------------------|:--------------------------------------|:-------------------------------------|:--------------------------------------|:------------|
| [Merge request approval policy approval settings](../user/application_security/policies/merge_request_approval_policies.md#approval_settings) | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | Enforce a merge request approval policy enforcing multiple approvers and override various project settings in all enforced groups or projects across your GitLab instance or group. |
## Audit management
An important part of any compliance program is being able to go back and understand
what happened, when it happened, and who was responsible. You can use this in audit
situations as well as for understanding the root cause of issues when they occur.
It is helpful to have both low-level, raw lists of audit data as well as high-level,
summary lists of audit data. Between these two, compliance teams can quickly
identify if problems exist and then drill down into the specifics of those issues.
These features can help provide visibility into GitLab and audit what is happening:
| Feature | Instances | Groups | Projects | Description |
|:---------------------------------------------------------|:-------------------------------------|:-------------------------------------|:-------------------------------------|:------------|
| [Audit events](audit_event_reports.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | To maintain the integrity of your code, audit events give administrators the ability to view any modifications made in the GitLab server in an advanced audit events system, so you can control, analyze, and track every change. |
| [Audit reports](audit_event_reports.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | Create and access reports based on the audit events that have occurred. Use pre-built GitLab reports or the API to build your own. |
| [Audit event streaming](audit_event_streaming/_index.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | Stream GitLab audit events to a HTTP endpoint or third party service, such as AWS S3 or GCP Logging. |
| [Auditor users](auditor_users.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No | {{< icon name="dotted-circle" >}} No | Auditor users are users who are given read-only access to all projects, groups, and other resources on the GitLab instance. |
## Policy management
Organizations have unique policy requirements, either due to organizational
standards or mandates from regulatory bodies. The following features help you
define rules and policies to adhere to workflow requirements, separation of duties,
and secure supply chain best practices:
| Feature | Instances | Groups | Projects | Description |
|:------------------------------------------------------------------------------|:-------------------------------------|:-------------------------------------|:-------------------------------------|:------------|
| [Credentials inventory](credentials_inventory.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No | {{< icon name="dotted-circle" >}} No | Keep track of the credentials used by all of the users in a GitLab instance. |
| [Granular user roles<br/>and flexible permissions](../user/permissions.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | Manage access and permissions with five different user roles and settings for external users. Set permissions according to people's role, rather than either read or write access to a repository. Don't share the source code with people that only need access to the issue tracker. |
| [Merge request approvals](../user/project/merge_requests/approvals/_index.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | Configure approvals required for merge requests. |
| [Push rules](../user/project/repository/push_rules.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | Control pushes to your repositories. |
| [Security policies](../user/application_security/policies/_index.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | Configure customizable policies that require merge request approval based on policy rules, or enforce security scanners to execute in project pipelines for compliance requirements. Policies can be enforced granularly against specific projects, or all projects in a group or subgroup. |
## Other compliance features
These features can also help with compliance requirements:
| Feature | Instances | Groups | Projects | Description |
|:--------------------------------------------------------------------------------------------------------------------------------|:-------------------------------------|:-------------------------------------|:-------------------------------------|:------------|
| [Email all users of a project,<br/>group, or entire server](email_from_gitlab.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No | {{< icon name="dotted-circle" >}} No | Email groups of users based on project or group membership, or email everyone using the GitLab instance. These emails are great for scheduled maintenance or upgrades. |
| [Enforce ToS acceptance](settings/terms.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No | {{< icon name="dotted-circle" >}} No | Enforce your users accepting new terms of service by blocking GitLab traffic. |
| [Generate reports on permission<br/>levels of users](admin_area.md#user-permission-export) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No | {{< icon name="dotted-circle" >}} No | Generate a report listing all users' access permissions for groups and projects in the instance. |
| [LDAP group sync](auth/ldap/ldap_synchronization.md#group-sync) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No | {{< icon name="dotted-circle" >}} No | Automatically synchronize groups and manage SSH keys, permissions, and authentication, so you can focus on building your product, not configuring your tools. |
| [LDAP group sync filters](auth/ldap/ldap_synchronization.md#group-sync) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No | {{< icon name="dotted-circle" >}} No | Gives more flexibility to synchronize with LDAP based on filters, meaning you can leverage LDAP attributes to map GitLab permissions. |
| [Linux package installations support<br/>log forwarding](https://docs.gitlab.com/omnibus/settings/logs.html#udp-log-forwarding) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No | {{< icon name="dotted-circle" >}} No | Forward your logs to a central system. |
| [Restrict SSH Keys](../security/ssh_keys_restrictions.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No | {{< icon name="dotted-circle" >}} No | Control the technology and key length of SSH keys used to access GitLab. |
<!-- This redirect file can be deleted after <2025-05-26>. -->
<!-- Redirects that point to other docs in the same project expire in three months. -->
<!-- Redirects that point to docs in a different project or site (for example, link is not relative and starts with `https:`) expire in one year. -->
<!-- Before deletion, see: https://docs.gitlab.com/development/documentation/redirects -->

110
doc/administration/compliance/audit_event_reports.md Normal file
View File

@ -0,0 +1,110 @@
---
stage: Software Supply Chain Security
group: Compliance
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Audit events administration
---
In addition to [audit events](../../user/compliance/audit_events.md), as an administrator, you can access additional
features.
## Instance audit events
{{< details >}}
- Tier: Premium, Ultimate
- Offering: GitLab Self-Managed
{{< /details >}}
You can view audit events from user actions across an entire GitLab instance.
To view instance audit events:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Monitoring > Audit events**.
1. Filter by the following:
- Member of the project (user) who performed the action
- Group
- Project
- Date Range
Instance audit events can also be accessed using the [instance audit events API](../../api/audit_events.md#instance-audit-events). Instance audit event queries are limited to a maximum of 30 days.
## Exporting audit events
{{< details >}}
- Tier: Premium, Ultimate
- Offering: GitLab Self-Managed
{{< /details >}}
{{< history >}}
- Entity type `Gitlab::Audit::InstanceScope` for instance audit events [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/418185) in GitLab 16.2.
{{< /history >}}
You can export the current view (including filters) of your instance audit events as a
CSV(comma-separated values) file. To export the instance audit events to CSV:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Monitoring > Audit events**.
1. Select the available search filters.
1. Select **Export as CSV**.
A download confirmation dialog then appears for you to download the CSV file. The exported CSV is limited
to a maximum of 100000 events. The remaining records are truncated when this limit is reached.
### Audit event CSV encoding
The exported CSV file is encoded as follows:
- `,` is used as the column delimiter
- `"` is used to quote fields if necessary.
- `\n` is used to separate rows.
The first row contains the headers, which are listed in the following table along
with a description of the values:
| Column | Description |
| --------------------- | ---------------------------------------------------------------------------------- |
| **ID** | Audit event `id`. |
| **Author ID** | ID of the author. |
| **Author Name** | Full name of the author. |
| **Entity ID** | ID of the scope. |
| **Entity Type** | Type of the scope (`Project`, `Group`, `User`, or `Gitlab::Audit::InstanceScope`). |
| **Entity Path** | Path of the scope. |
| **Target ID** | ID of the target. |
| **Target Type** | Type of the target. |
| **Target Details** | Details of the target. |
| **Action** | Description of the action. |
| **IP Address** | IP address of the author who performed the action. |
| **Created At (UTC)** | Formatted as `YYYY-MM-DD HH:MM:SS`. |
All items are sorted by `created_at` in ascending order.
## User impersonation
{{< details >}}
- Tier: Premium, Ultimate
- Offering: GitLab Self-Managed
{{< /details >}}
When a user is [impersonated](../admin_area.md#user-impersonation), their actions are logged as audit events with the following additional details:
- Audit events include information about the impersonating administrator.
- Extra audit events are recorded for the start and end of the administrator's impersonation session.
![An audit event with an impersonated user.](../img/impersonated_audit_events_v15_7.png)
## Time zones
For information on timezones and audit events, see [Time zones](../../user/compliance/audit_events.md#time-zones).
## Contribute to audit events
For information on contributing to audit events, see
[Contribute to audit events](../../user/compliance/audit_events.md#contribute-to-audit-events).

374
doc/administration/compliance/audit_event_streaming.md Normal file
View File

@ -0,0 +1,374 @@
---
stage: Software Supply Chain Security
group: Compliance
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Audit event streaming for instances
---
{{< details >}}
- Tier: Ultimate
- Offering: GitLab Self-Managed, GitLab Dedicated
{{< /details >}}
{{< history >}}
- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/398107) in GitLab 16.1 [with a flag](../feature_flags.md) named `ff_external_audit_events`. Disabled by default.
- [Feature flag `ff_external_audit_events`](https://gitlab.com/gitlab-org/gitlab/-/issues/393772) enabled by default in GitLab 16.2.
- Instance streaming destinations [made generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/393772) in GitLab 16.4. [Feature flag `ff_external_audit_events`](https://gitlab.com/gitlab-org/gitlab/-/issues/417708) removed.
- Custom HTTP headers UI [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/361630) in GitLab 15.2 [with a flag](../feature_flags.md) named `custom_headers_streaming_audit_events_ui`. Disabled by default.
- Custom HTTP headers UI [made generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/365259) in GitLab 15.3. [Feature flag `custom_headers_streaming_audit_events_ui`](https://gitlab.com/gitlab-org/gitlab/-/issues/365259) removed.
- [Improved user experience](https://gitlab.com/gitlab-org/gitlab/-/issues/367963) in GitLab 15.3.
- HTTP destination **Name** field [added](https://gitlab.com/gitlab-org/gitlab/-/issues/411357) in GitLab 16.3.
- Functionality for the **Active** checkbox [added](https://gitlab.com/gitlab-org/gitlab/-/issues/415268) in GitLab 16.5.
{{< /history >}}
Audit event streaming for instances, administrators can:
- Set a streaming destination for an entire instance to receive all audit events about that instance as structured JSON.
- Manage their audit logs in third-party systems. Any service that can receive structured JSON data can be used as the
streaming destination.
Each streaming destination can have up to 20 custom HTTP headers included with each streamed event.
GitLab can stream a single event more than once to the same destination. Use the `id` key in the payload to deduplicate
incoming data.
Audit events are sent using the POST request method protocol supported by HTTP.
{{< alert type="warning" >}}
Streaming destinations receive **all** audit event data, which could include sensitive information. Make sure you trust
the streaming destination.
{{< /alert >}}
Manage streaming destinations for an entire instance.
## HTTP destinations
Prerequisites:
- For better security, you should use an SSL certificate on the destination URL.
Manage HTTP streaming destinations for an entire instance.
### Add a new HTTP destination
Add a new HTTP streaming destination to an instance.
Prerequisites:
- Administrator access on the instance.
To add a streaming destination for an instance:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Monitoring > Audit events**.
1. On the main area, select the **Streams** tab.
1. Select **Add streaming destination** and select **HTTP endpoint** to show the section for adding destinations.
1. In the **Name** and **Destination URL** fields, add a destination name and URL.
1. Optional. To add custom HTTP headers, select **Add header** to create a new name and value pair, and input their values. Repeat this step for as many name and value pairs are required. You can add up to 20 headers per streaming destination.
1. To make the header active, select the **Active** checkbox. The header will be sent with the audit event.
1. Select **Add header** to create a new name and value pair. Repeat this step for as many name and value pairs are required. You can add up to
20 headers per streaming destination.
1. After all headers have been filled out, select **Add** to add the new streaming destination.
### List HTTP destinations
Prerequisites:
- Administrator access on the instance.
To list the streaming destinations for an instance:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Monitoring > Audit events**.
1. On the main area, select the **Streams** tab.
1. Select the stream to expand it and see all the custom HTTP headers.
### Update an HTTP destination
Prerequisites:
- Administrator access on the instance.
To update a instance streaming destination's name:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Monitoring > Audit events**.
1. On the main area, select the **Streams** tab.
1. Select the stream to expand.
1. In the **Name** fields, add a destination name to update.
1. Select **Save** to update the streaming destination.
To update a instance streaming destination's custom HTTP headers:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Monitoring > Audit events**.
1. On the main area, select the **Streams** tab.
1. Select the stream to expand.
1. Locate the **Custom HTTP headers** table.
1. Locate the header that you wish to update.
1. To make the header active, select the **Active** checkbox. The header will be sent with the audit event.
1. Select **Add header** to create a new name and value pair. Enter as many name and value pairs as required. You can add up to
20 headers per streaming destination.
1. Select **Save** to update the streaming destination.
### Delete an HTTP destination
Delete streaming destinations for an entire instance. When the last destination is successfully deleted, streaming is
disabled for the instance.
Prerequisites:
- Administrator access on the instance.
To delete the streaming destinations for an instance:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Monitoring > Audit events**.
1. On the main area, select the **Streams** tab.
1. Select the stream to expand.
1. Select **Delete destination**.
1. Confirm by selecting **Delete destination** in the dialog.
To delete only the custom HTTP headers for a streaming destination:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Monitoring > Audit events**.
1. On the main area, select the **Streams** tab.
1. To the right of the item, select **Edit** ({{< icon name="pencil" >}}).
1. Locate the **Custom HTTP headers** table.
1. Locate the header that you wish to remove.
1. To the right of the header, select **Delete** ({{< icon name="remove" >}}).
1. Select **Save** to update the streaming destination.
### Verify event authenticity
{{< history >}}
- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/398107) in GitLab 16.1 [with a flag](../feature_flags.md) named `ff_external_audit_events`. Disabled by default.
- [Feature flag `ff_external_audit_events`](https://gitlab.com/gitlab-org/gitlab/-/issues/393772) enabled by default in GitLab 16.2.
- Instance streaming destinations [made generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/393772) in GitLab 16.4. [Feature flag `ff_external_audit_events`](https://gitlab.com/gitlab-org/gitlab/-/issues/417708) removed.
{{< /history >}}
Each streaming destination has a unique verification token (`verificationToken`) that can be used to verify the authenticity of the event. This
token is either specified by the Owner or generated automatically when the event destination is created and cannot be changed.
Each streamed event contains the verification token in the `X-Gitlab-Event-Streaming-Token` HTTP header that can be verified against
the destination's value when listing streaming destinations.
Prerequisites:
- Administrator access on the instance.
To list streaming destinations for an instance and see the verification tokens:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Monitoring > Audit events**.
1. On the main area, select the **Streams** tab.
1. View the verification token on the right side of each item.
### Update event filters
{{< history >}}
- Event type filtering in the UI with a defined list of audit event types [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/415013) in GitLab 16.3.
{{< /history >}}
When this feature is enabled, you can permit users to filter streamed audit events per destination.
If the feature is enabled with no filters, the destination receives all audit events.
A streaming destination that has an event type filter set has a **filtered** ({{< icon name="filter" >}}) label.
To update a streaming destination's event filters:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Monitoring > Audit events**.
1. On the main area, select the **Streams** tab.
1. Select the stream to expand.
1. Locate the **Filter by audit event type** dropdown list.
1. Select the dropdown list and select or clear the required event types.
1. Select **Save** to update the event filters.
### Override default content type header
By default, streaming destinations use a `content-type` header of `application/x-www-form-urlencoded`. However, you
might want to set the `content-type` header to something else. For example ,`application/json`.
To override the `content-type` header default value for an instance streaming destination, use either:
- The [GitLab UI](#update-an-http-destination).
- The [GraphQL API](../../api/graphql/audit_event_streaming_instances.md#update-streaming-destinations).
## Google Cloud Logging destinations
{{< history >}}
- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/131851) in GitLab 16.5.
{{< /history >}}
Manage Google Cloud Logging destinations for an entire instance.
### Prerequisites
Before setting up Google Cloud Logging streaming audit events, you must:
1. Enable [Cloud Logging API](https://console.cloud.google.com/marketplace/product/google/logging.googleapis.com) on your Google Cloud project.
1. Create a service account for Google Cloud with the appropriate credentials and permissions. This account is used to configure audit log streaming authentication.
For more information, see [Creating and managing service accounts in the Google Cloud documentation](https://cloud.google.com/iam/docs/service-accounts-create#creating).
1. Enable the **Logs Writer** role for the service account to enable logging on Google Cloud. For more information, see [Access control with IAM](https://cloud.google.com/logging/docs/access-control#logging.logWriter).
1. Create a JSON key for the service account. For more information, see [Creating a service account key](https://cloud.google.com/iam/docs/keys-create-delete#creating).
### Add a new Google Cloud Logging destination
Prerequisites:
- Administrator access on the instance.
To add Google Cloud Logging streaming destinations to an instance:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Monitoring > Audit events**.
1. On the main area, select the **Streams** tab.
1. Select **Add streaming destination** and select **Google Cloud Logging** to show the section for adding destinations.
1. Enter a random string to use as a name for the new destination.
1. Enter the Google project ID, Google client email, and Google private key from previously-created Google Cloud service account key to add to the new destination.
1. Enter a random string to use as a log ID for the new destination. You can use this later to filter log results in Google Cloud.
1. Select **Add** to add the new streaming destination.
### List Google Cloud Logging destinations
Prerequisites:
- Administrator access on the instance.
To list Google Cloud Logging streaming destinations for an instance:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Monitoring > Audit events**.
1. On the main area, select the **Streams** tab.
1. Select the Google Cloud Logging stream to expand and see all the fields.
### Update a Google Cloud Logging destination
Prerequisites:
- Administrator access on the instance.
To update Google Cloud Logging streaming destinations to an instance:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Monitoring > Audit events**.
1. On the main area, select the **Streams** tab.
1. Select the Google Cloud Logging stream to expand.
1. Enter a random string to use as a name for the destination.
1. Enter the Google project ID and Google client email from previously-created Google Cloud service account key to update the destination.
1. Enter a random string to update the log ID for the destination. You can use this later to filter log results in Google Cloud.
1. Select **Add a new private key** and enter a Google private key to update the private key.
1. Select **Save** to update the streaming destination.
### Delete a Google Cloud Logging streaming destination
Prerequisites:
- Administrator access on the instance.
To delete Google Cloud Logging streaming destinations to an instance:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Monitoring > Audit events**.
1. On the main area, select the **Streams** tab.
1. Select the Google Cloud Logging stream to expand.
1. Select **Delete destination**.
1. Confirm by selecting **Delete destination** in the dialog.
## AWS S3 destinations
{{< history >}}
- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/138245) in GitLab 16.7 [with a flag](../feature_flags.md) named `allow_streaming_instance_audit_events_to_amazon_s3`. Disabled by default.
- [Feature flag `allow_streaming_instance_audit_events_to_amazon_s3`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/137391) removed in GitLab 16.8.
{{< /history >}}
Manage AWS S3 destinations for entire instance.
### Prerequisites
Before setting up AWS S3 streaming audit events, you must:
1. Create a access key for AWS with the appropriate credentials and permissions. This account is used to configure audit log streaming authentication.
For more information, see [Managing access keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html?icmpid=docs_iam_console#Using_CreateAccessKey).
1. Create a AWS S3 bucket. This bucket is used to store audit log streaming data. For more information, see [Creating a bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-bucket-overview.html)
### Add a new AWS S3 destination
Prerequisites:
- Administrator access on the instance.
To add AWS S3 streaming destinations to an instance:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Monitoring > Audit events**.
1. On the main area, select the **Streams** tab.
1. Select **Add streaming destination** and select **AWS S3** to show the section for adding destinations.
1. Enter a random string to use as a name for the new destination.
1. Enter the Access Key ID, Secret Access Key, Bucket Name, and AWS Region from previously-created AWS access key and bucket to add to the new destination.
1. Select **Add** to add the new streaming destination.
### List AWS S3 destinations
Prerequisites:
- Administrator access on the instance.
To list AWS S3 streaming destinations for an instance.
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Monitoring > Audit events**.
1. On the main area, select the **Streams** tab.
1. Select the AWS S3 stream to expand and see all the fields.
### Update an AWS S3 destination
Prerequisites:
- Administrator access on the instance.
To update AWS S3 streaming destinations to an instance:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Monitoring > Audit events**.
1. On the main area, select the **Streams** tab.
1. Select the AWS S3 stream to expand.
1. Enter a random string to use as a name for the destination.
1. Enter the Access Key ID, Secret Access Key, Bucket Name, and AWS Region from previously-created AWS access key and bucket to update the destination.
1. Select **Add a new Secret Access Key** and enter a AWS Secret Access Key to update the Secret Access Key.
1. Select **Save** to update the streaming destination.
### Delete an AWS S3 streaming destination
Prerequisites:
- Administrator access on the instance.
To delete AWS S3 streaming destinations on an instance:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Monitoring > Audit events**.
1. On the main area, select the **Streams** tab.
1. Select the AWS S3 stream to expand.
1. Select **Delete destination**.
1. Confirm by selecting **Delete destination** in the dialog.
## Related topics
- [Audit event streaming for top-level groups](../../user/compliance/audit_event_streaming.md)

82
doc/administration/compliance/compliance_features.md Normal file
View File

@ -0,0 +1,82 @@
---
stage: Software Supply Chain Security
group: Compliance
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Compliance features
---
{{< details >}}
- Tier: Free, Premium, Ultimate
- Offering: GitLab Self-Managed
{{< /details >}}
GitLab compliance features ensure your GitLab instance meets common compliance standards, and are available at various pricing tiers. For more information about compliance management, see the compliance
management [solutions page](https://about.gitlab.com/solutions/compliance/).
The [security features](../../security/_index.md) in GitLab may also help you meet relevant compliance standards.
For more information on all GitLab compliance features to ensure your GitLab group meets common compliance standards, see
[Compliance features](../../user/compliance/_index.md).
## Compliant workflow automation
It is important for compliance teams to be confident that their controls and
requirements are set up correctly, but also that they _stay_ set up correctly.
One way of doing this is manually checking settings periodically, but this is
error prone and time consuming. A better approach is to use single-source-of-truth
settings and automation to ensure that whatever a compliance team has configured,
stays configured and working correctly. These features can help you automate
compliance:
| Feature | Instances | Groups | Projects | Description |
|:----------------------------------------------------------------------------------------------------------------------------------------------|:--------------------------------------|:-------------------------------------|:--------------------------------------|:------------|
| [Merge request approval policy approval settings](../../user/application_security/policies/merge_request_approval_policies.md#approval_settings) | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | Enforce a merge request approval policy enforcing multiple approvers and override various project settings in all enforced groups or projects across your GitLab instance or group. |
## Audit management
An important part of any compliance program is being able to go back and understand
what happened, when it happened, and who was responsible. You can use this in audit
situations as well as for understanding the root cause of issues when they occur.
It is helpful to have both low-level, raw lists of audit data as well as high-level,
summary lists of audit data. Between these two, compliance teams can quickly
identify if problems exist and then drill down into the specifics of those issues.
These features can help provide visibility into GitLab and audit what is happening:
| Feature | Instances | Groups | Projects | Description |
|:---------------------------------------------------------|:-------------------------------------|:-------------------------------------|:-------------------------------------|:------------|
| [Audit events](audit_event_reports.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | To maintain the integrity of your code, audit events give administrators the ability to view any modifications made in the GitLab server in an advanced audit events system, so you can control, analyze, and track every change. |
| [Audit reports](audit_event_reports.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | Create and access reports based on the audit events that have occurred. Use pre-built GitLab reports or the API to build your own. |
| [Audit event streaming](audit_event_streaming.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | Stream GitLab audit events to a HTTP endpoint or third party service, such as AWS S3 or GCP Logging. |
| [Auditor users](../auditor_users.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No | {{< icon name="dotted-circle" >}} No | Auditor users are users who are given read-only access to all projects, groups, and other resources on the GitLab instance. |
## Policy management
Organizations have unique policy requirements, either due to organizational
standards or mandates from regulatory bodies. The following features help you
define rules and policies to adhere to workflow requirements, separation of duties,
and secure supply chain best practices:
| Feature | Instances | Groups | Projects | Description |
|:------------------------------------------------------------------------------|:-------------------------------------|:-------------------------------------|:-------------------------------------|:------------|
| [Credentials inventory](../credentials_inventory.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No | {{< icon name="dotted-circle" >}} No | Keep track of the credentials used by all of the users in a GitLab instance. |
| [Granular user roles<br/>and flexible permissions](../../user/permissions.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | Manage access and permissions with five different user roles and settings for external users. Set permissions according to people's role, rather than either read or write access to a repository. Don't share the source code with people that only need access to the issue tracker. |
| [Merge request approvals](../../user/project/merge_requests/approvals/_index.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | Configure approvals required for merge requests. |
| [Push rules](../../user/project/repository/push_rules.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | Control pushes to your repositories. |
| [Security policies](../../user/application_security/policies/_index.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | Configure customizable policies that require merge request approval based on policy rules, or enforce security scanners to execute in project pipelines for compliance requirements. Policies can be enforced granularly against specific projects, or all projects in a group or subgroup. |
## Other compliance features
These features can also help with compliance requirements:
| Feature | Instances | Groups | Projects | Description |
|:--------------------------------------------------------------------------------------------------------------------------------|:-------------------------------------|:-------------------------------------|:-------------------------------------|:------------|
| [Email all users of a project,<br/>group, or entire server](../email_from_gitlab.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No | {{< icon name="dotted-circle" >}} No | Email groups of users based on project or group membership, or email everyone using the GitLab instance. These emails are great for scheduled maintenance or upgrades. |
| [Enforce ToS acceptance](../settings/terms.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No | {{< icon name="dotted-circle" >}} No | Enforce your users accepting new terms of service by blocking GitLab traffic. |
| [Generate reports on permission<br/>levels of users](../admin_area.md#user-permission-export) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No | {{< icon name="dotted-circle" >}} No | Generate a report listing all users' access permissions for groups and projects in the instance. |
| [LDAP group sync](../auth/ldap/ldap_synchronization.md#group-sync) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No | {{< icon name="dotted-circle" >}} No | Automatically synchronize groups and manage SSH keys, permissions, and authentication, so you can focus on building your product, not configuring your tools. |
| [LDAP group sync filters](../auth/ldap/ldap_synchronization.md#group-sync) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No | {{< icon name="dotted-circle" >}} No | Gives more flexibility to synchronize with LDAP based on filters, meaning you can leverage LDAP attributes to map GitLab permissions. |
| [Linux package installations support<br/>log forwarding](https://docs.gitlab.com/omnibus/settings/logs.html#udp-log-forwarding) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No | {{< icon name="dotted-circle" >}} No | Forward your logs to a central system. |
| [Restrict SSH Keys](../../security/ssh_keys_restrictions.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No | {{< icon name="dotted-circle" >}} No | Control the technology and key length of SSH keys used to access GitLab. |

7
doc/administration/gitlab_duo_self_hosted/supported_models_and_hardware_requirements.md
View File

@ -2,7 +2,7 @@
stage: AI-Powered
group: Custom Models
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
description: Supported Models and Hardware Requirements.
description: Supported models and hardware requirements.
title: Supported GitLab Duo Self-Hosted models and hardware requirements
---
@ -23,7 +23,10 @@ title: Supported GitLab Duo Self-Hosted models and hardware requirements
{{< /history >}}
The following table shows the supported models along with their specific features and hardware requirements to help you select the model that best fits your infrastructure needs for optimal performance.
GitLab Duo Self-Hosted supports integration with industry-leading models from Mistral,
Claude, and GPT
through your preferred serving platform. Choose from these models to match your specific performance
needs and use cases.
## Supported models

6
doc/administration/monitoring/performance/performance_bar.md
View File

@ -12,8 +12,10 @@ title: Performance bar
{{< /details >}}
You can display the performance bar to see statistics for the performance of a GitLab UI page.
For example:
The performance bar displays real-time metrics directly in your browser, giving you insights without
making you look through logs or run separate profiling tools.
For development teams, the performance bar simplifies debugging by showing exactly where they should focus their efforts.
![Performance bar](img/performance_bar_v14_4.png)

11
doc/administration/sidekiq/sidekiq_memory_killer.md
View File

@ -5,6 +5,17 @@ info: To determine the technical writer assigned to the Stage/Group associated w
title: Reducing memory use
---
The Sidekiq memory killer automatically manages background job processes that
consume too much memory.
This feature monitors worker processes and restarts them before they crash your instance.
Background jobs continue processing with minimal interruption.
The detailed logging makes troubleshooting easier by identifying which jobs trigger
high memory usage.
## Memory management
The GitLab Rails application code suffers from memory leaks. For web requests
this problem is made manageable using a [supervision thread](../operations/puma.md#reducing-memory-use)
that automatically restarts workers if they exceed a given resident set size (RSS) threshold

6
doc/api/deploy_keys.md
View File

@ -26,7 +26,11 @@ The deploy keys API can return in responses fingerprints of the public key in th
{{< /details >}}
> `projects_with_readonly_access` [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/119147) in GitLab 16.0.
{{< history >}}
- `projects_with_readonly_access` [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/119147) in GitLab 16.0.
{{< /history >}}
Get a list of all deploy keys across all projects of the GitLab instance. This
endpoint requires administrator access and is not available on GitLab.com.

6
doc/api/deployments.md
View File

@ -12,7 +12,11 @@ title: Deployments API
{{< /details >}}
> Support for [GitLab CI/CD job token](../ci/jobs/ci_job_token.md) authentication [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/414549) in GitLab 16.2.
{{< history >}}
- Support for [GitLab CI/CD job token](../ci/jobs/ci_job_token.md) authentication [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/414549) in GitLab 16.2.
{{< /history >}}
## List project deployments

6
doc/api/emoji_reactions.md
View File

@ -12,7 +12,11 @@ title: Emoji reactions API
{{< /details >}}
> [Renamed](https://gitlab.com/gitlab-org/gitlab/-/issues/409884) from "award emoji" to "emoji reactions" in GitLab 16.0.
{{< history >}}
- [Renamed](https://gitlab.com/gitlab-org/gitlab/-/issues/409884) from "award emoji" to "emoji reactions" in GitLab 16.0.
{{< /history >}}
An [emoji reaction](../user/emoji_reactions.md) tells a thousand words.

8
doc/api/environments.md
View File

@ -12,8 +12,12 @@ title: Environments API
{{< /details >}}
> Parameter `auto_stop_setting` [added](https://gitlab.com/gitlab-org/gitlab/-/issues/428625) in GitLab 17.8.
> Support for [GitLab CI/CD job token](../ci/jobs/ci_job_token.md) authentication [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/414549) in GitLab 16.2.
{{< history >}}
- Parameter `auto_stop_setting` [added](https://gitlab.com/gitlab-org/gitlab/-/issues/428625) in GitLab 17.8.
- Support for [GitLab CI/CD job token](../ci/jobs/ci_job_token.md) authentication [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/414549) in GitLab 16.2.
{{< /history >}}
## List environments

2
doc/api/graphql/audit_event_streaming_instances.md
View File

@ -304,7 +304,7 @@ Event type filters are removed if:
Manage Google Cloud Logging destinations for an entire instance.
Before setting up Google Cloud Logging streaming audit events, you must satisfy [the prerequisites](../../administration/audit_event_streaming/_index.md#prerequisites).
Before setting up Google Cloud Logging streaming audit events, you must satisfy [the prerequisites](../../administration/compliance/audit_event_streaming.md#prerequisites).
### Add a new Google Cloud Logging destination

33
doc/development/cells/_index.md
View File

@ -294,12 +294,43 @@ On another cell, the `plans` table has differing ids for the same `name`:
10 | opensource | Opensource
```
This `plans.id` column is then used in the `gitlab_subscriptions` table.
This `plans.id` column is then used as a reference in the `hosted_plan_id`
column of `gitlab_subscriptions` table.
Solution: Use globally unique references, not a database sequence.
If possible, hard-code static data in application code, instead of using the
database.
In this case, the `plans` table can be dropped, and replaced with a fixed model:
```ruby
class Plan
include ActiveModel::Model
include ActiveModel::Attributes
include ActiveRecord::FixedItemsModel::Model
ITEMS = [
{:id=>1, :name=>"default", :title=>"Default"},
{:id=>2, :name=>"bronze", :title=>"Bronze"},
{:id=>3, :name=>"silver", :title=>"Silver"},
{:id=>4, :name=>"premium", :title=>"Premium"},
{:id=>5, :name=>"gold", :title=>"Gold"},
{:id=>6, :name=>"ultimate", :title=>"Ultimate"},
{:id=>7, :name=>"ultimate_trial", :title=>"Ultimate Trial"},
{:id=>8, :name=>"ultimate_trial_paid_customer", :title=>"Ultimate Trial Paid Customer"},
{:id=>9, :name=>"premium_trial", :title=>"Premium Trial"},
{:id=>10, :name=>"opensource", :title=>"Opensource"}
]
attribute :id, :integer
attribute :name, :string
attribute :title, :string
end
```
The `hosted_plan_id` column will also be updated to refer to the fixed model's
`id` value.
Examples of hard-coding static data include:
- [VisibilityLevel](https://gitlab.com/gitlab-org/gitlab/-/blob/5ae43dface737373c50798ccd909174bcdd9b664/lib/gitlab/visibility_level.rb#L25-27)

2
doc/development/export_csv.md
View File

@ -9,7 +9,7 @@ This document lists the different implementations of CSV export in GitLab codeba
| Export type | How it works | Advantages | Disadvantages | Existing examples |
|---|---|---|---|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Streaming | - Query and yield data in batches to a response stream.<br>- Download starts immediately. | - Report available immediately. | - No progress indicator.<br>- Requires a reliable connection. | [Export audit event log](../administration/audit_event_reports.md#exporting-audit-events) |
| Streaming | - Query and yield data in batches to a response stream.<br>- Download starts immediately. | - Report available immediately. | - No progress indicator.<br>- Requires a reliable connection. | [Export audit event log](../administration/compliance/audit_event_reports.md#exporting-audit-events) |
| Downloading | - Query and write data in batches to a temporary file.<br>- Loads the file into memory.<br>- Sends the file to the client. | - Report available immediately. | - Large amount of data might cause request timeout.<br>- Memory intensive.<br>- Request expires when the user goes to a different page. | - [Export Chain of Custody Report](../user/compliance/compliance_center/compliance_chain_of_custody_report.md)<br>- [Export License Usage File](../subscriptions/self_managed/_index.md#export-your-license-usage) |
| As email attachment | - Asynchronously process the query with background job.<br>- Email uses the export as an attachment. | - Asynchronous processing. | - Requires users use a different app (email) to download the CSV.<br>- Email providers may limit attachment size. | - [Export issues](../user/project/issues/csv_export.md)<br>- [Export merge requests](../user/project/merge_requests/csv_export.md) |
| As downloadable link in email (*) | - Asynchronously process the query with background job.<br>- Email uses an export link. | - Asynchronous processing.<br>- Bypasses email provider attachment size limit. | - Requires users use a different app (email).<br>- Requires additional storage and cleanup. | [Export User Permissions](https://gitlab.com/gitlab-org/gitlab/-/issues/1772) |

2
doc/security/hardening_nist_800_53.md
View File

@ -35,7 +35,7 @@ Before you handle government data, you should:
## Compliance features
GitLab offers several [compliance features](../administration/compliance.md) you can use to automate critical controls and workflows in GitLab. Before you make configurations aligned with NIST 800-53, you should enable these foundational features.
GitLab offers several [compliance features](../administration/compliance/compliance_features.md) you can use to automate critical controls and workflows in GitLab. Before you make configurations aligned with NIST 800-53, you should enable these foundational features.
## Configuration by control family

12
doc/security/tls_support.md
View File

@ -91,13 +91,17 @@ with the Linux package are compatible with OpenSSL 3. However, before upgrading
to GitLab 17.7, use the [OpenSSL 3 guide](https://docs.gitlab.com/omnibus/settings/ssl/openssl_3.html)
to identify and assess the compatibility of your external integrations.
## Bypassing OpenSSL 3's requirement for close_notify
## Bypassing OpenSSL 3's requirement for `close_notify`
- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/181759) in GitLab 17.10.
{{< history >}}
- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/181759) in GitLab 17.10 and backported to GitLab 17.9.1, 17.8.4, and 17.7.6.
{{< /history >}}
[Per RFC 52460](https://www.rfc-editor.org/rfc/rfc5246#section-7.2.1), a
SSL connection should be terminated with a close_notify message. OpenSSL
3 now enforces this as a security measure. Some services, such as third-party S3 providers,
SSL connection should be terminated with a `close_notify` message. OpenSSL
3 enforces this as a security measure. Some services, such as third-party S3 providers,
may report an `unexpected eof while reading` error because of this enforcement.
This requirement may be disabled by setting the

2
doc/topics/set_up_organization.md
View File

@ -13,5 +13,5 @@ and give everyone access to the projects they need.
|--|--|--|
| [**Tutorial: Set up your organization**](../tutorials/manage_user/_index.md)<br>Setup, configuration, onboarding, organization structure. | [**Namespaces**](../user/namespace/_index.md)<br>Organization, hierarchy, project grouping. | [**Members**](../user/project/members/_index.md)<br>User management, roles, permissions, access levels. |
| [**Organization** (in development)](../user/organization/_index.md)<br>Namespace hierarchy. | [**Groups**](../user/group/_index.md)<br>Project management, access control, client groups, team groups. | [**Sharing projects and groups**](../user/project/members/sharing_projects_groups.md)<br>Invitations, group inheritance, project visibility. |
| [**Compliance**](../administration/compliance.md)<br>Compliance center, audit events, security policies, compliance frameworks. | [**Enterprise users**](../user/enterprise_user/_index.md)<br>Domain verification, two-factor authentication, enterprise user management, SAML response. | [**Service accounts**](../user/profile/service_accounts.md)<br>Machine user, rate limits, personal access tokens. |
| [**Compliance**](../administration/compliance/compliance_features.md)<br>Compliance center, audit events, security policies, compliance frameworks. | [**Enterprise users**](../user/enterprise_user/_index.md)<br>Domain verification, two-factor authentication, enterprise user management, SAML response. | [**Service accounts**](../user/profile/service_accounts.md)<br>Machine user, rate limits, personal access tokens. |
| [**User account options**](../user/profile/_index.md)<br>Profile settings, preferences, authentication, notifications. | [**SSH keys**](../user/ssh.md)<br>Authentication, permissions, key types, ownership. | [**GitLab.com settings**](../user/gitlab_com/_index.md)<br>Instance configurations. |

21
doc/user/application_security/vulnerability_report/_index.md
View File

@ -26,14 +26,25 @@ For more information, see the history.
{{< /alert >}}
The Vulnerability Report provides information about vulnerabilities from scans of the default branch. It contains
cumulative results of all successful jobs, regardless of whether the pipeline was successful. The scan results from a
pipeline are ingested either after the job in the pipeline is complete or when the pipeline is [blocked by manual jobs](../vulnerability_report/pipeline.md#security-reports-from-pipelines-in-a-blocked-or-incomplete-state). The report is updated by the last scan pipeline to run against the default branch.
The Vulnerability Report provides a consolidated view of security vulnerabilities found in your codebase.
Sort vulnerabilities by severity, tool, and other attributes to determine which issues need attention first.
Track vulnerabilities through their lifecycle with status indicators and activity icons that show
remediation progress.
Access detailed information for each vulnerability, including Common Vulnerability Scoring System (CVSS) scores
and file locations when available. Filter and group similar vulnerabilities to address them systematically. When
you're ready to fix issues, create linked merge requests directly from the report and use AI-powered resolution
suggestions for supported vulnerability types.
<i class="fa fa-youtube-play youtube" aria-hidden="true"></i>
For an overview, see [Vulnerability Management](https://www.youtube.com/watch?v=alMRIq5UPbw).
For projects and groups the Vulnerability Report contains:
## Contents of the Vulnerability Report
The report contains data from the default branch, showing cumulative results from all successful security scan jobs.
Scan results appear after job completion or when a pipeline is blocked by manual jobs.
For projects and groups, the Vulnerability Report contains:
- Totals of vulnerabilities per severity level.
- Filters for common vulnerability attributes.
@ -43,7 +54,7 @@ For some vulnerabilities, the details include a link to the relevant file and li
For projects, the Vulnerability Report also contains:
- A time stamp showing when it was updated, including a link to the latest pipeline. This is updated only when a pipeline is run against the default branch.
- A time stamp shows when the default branch was last updated, including a link to the latest pipeline. Pipelines that run against non-default branches do not update the time stamp.
- The number of failures that occurred in the most recent pipeline. Select the failure
notification to view the **Failed jobs** tab of the pipeline's page.

2
doc/user/compliance/_index.md
View File

@ -18,7 +18,7 @@ management [solutions page](https://about.gitlab.com/solutions/compliance/).
The [security features](../../security/_index.md) in GitLab may also help you meet relevant compliance standards.
For more information on all GitLab compliance features to ensure your GitLab instance meets common compliance standards, see
[Compliance features](../../administration/compliance.md).
[Compliance features](../../administration/compliance/compliance_features.md).
## Compliant workflow automation

51
doc/user/compliance/audit_event_types.md
View File

@ -30,7 +30,7 @@ title: Audit event types
Audit event types are used to filter streamed audit events:
- [For instances](../../administration/audit_event_streaming/_index.md#update-event-filters).
- [For instances](../../administration/compliance/audit_event_streaming.md#update-event-filters).
- [For top-level groups](audit_event_streaming.md#update-event-filters)
Every audit event is associated with an event type. Audit event types can allow:
@ -44,7 +44,7 @@ Every audit event is associated with an event type. Audit event types can allow:
An audit event type's scope limits the availability of the audit event type to either:
- [Project, group, or user](audit_events.md) audit events.
- [Instance](../../administration/audit_event_reports.md) audit events.
- [Instance](../../administration/compliance/audit_event_reports.md) audit events.
## Available audit event types
@ -117,6 +117,7 @@ Audit event types belong to the following product categories.
| Type name | Event triggered when | Saved to database | Introduced in | Scope |
|:----------|:---------------------|:------------------|:--------------|:------|
| [`delete_merge_request`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96773) | A merge request is successfully deleted | {{< icon name="dotted-circle" >}} No | GitLab [15.4](https://gitlab.com/gitlab-org/gitlab/-/issues/370487) | Project |
| [`group_merge_request_approval_setting_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/87880) | Merge request approval settings are added to a group | {{< icon name="check-circle" >}} Yes | GitLab [15.1](https://gitlab.com/gitlab-org/gitlab/-/issues/356152) | Group |
### Code review workflow
@ -160,13 +161,8 @@ Audit event types belong to the following product categories.
| [`destroy_compliance_framework`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/74292) | A compliance framework is successfully deleted | {{< icon name="check-circle" >}} Yes | GitLab [14.6](https://gitlab.com/gitlab-org/gitlab/-/issues/340649) | Group |
| [`destroyed_compliance_requirement`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/170380) | A compliance framework requirement is destroyed | {{< icon name="check-circle" >}} Yes | GitLab [17.7](https://gitlab.com/gitlab-org/gitlab/-/issues/470695) | Group |
| [`destroyed_compliance_requirement_control`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177878) | A compliance requirement control is destroyed. | {{< icon name="check-circle" >}} Yes | GitLab [17.9](https://gitlab.com/gitlab-org/gitlab/-/issues/512381) | Group |
| [`email_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/114546) | An email is created | {{< icon name="check-circle" >}} Yes | GitLab [15.11](https://gitlab.com/gitlab-org/gitlab/-/issues/374107) | User |
| [`email_destroyed`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/114546) | An email is destroyed | {{< icon name="check-circle" >}} Yes | GitLab [15.11](https://gitlab.com/gitlab-org/gitlab/-/issues/374107) | User |
| [`external_status_check_name_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/106095) | The name of an external status check is updated | {{< icon name="check-circle" >}} Yes | GitLab [15.7](https://gitlab.com/gitlab-org/gitlab/-/issues/369333) | Project |
| [`external_status_check_url_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/84624) | The URL that is used for external status checks for a pipeline is updated | {{< icon name="check-circle" >}} Yes | GitLab [15.0](https://gitlab.com/gitlab-org/gitlab/-/issues/355805) | Project |
| [`group_deletion_marked`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/116986) | A group is marked for deletion | {{< icon name="check-circle" >}} Yes | GitLab [15.11](https://gitlab.com/gitlab-org/gitlab/-/issues/374106) | Group |
| [`group_destroyed`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/116986) | A group is destroyed | {{< icon name="check-circle" >}} Yes | GitLab [15.11](https://gitlab.com/gitlab-org/gitlab/-/issues/374106) | Group |
| [`group_restored`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/116986) | A group is restored | {{< icon name="check-circle" >}} Yes | GitLab [15.11](https://gitlab.com/gitlab-org/gitlab/-/issues/374106) | Group |
| [`group_saml_provider_create`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/111227) | A group SAML provider is created | {{< icon name="check-circle" >}} Yes | GitLab [15.9](https://gitlab.com/gitlab-org/gitlab/-/issues/373964) | Group |
| [`group_saml_provider_update`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/111227) | A group SAML provider is updated | {{< icon name="check-circle" >}} Yes | GitLab [15.9](https://gitlab.com/gitlab-org/gitlab/-/issues/373964) | Group |
| [`inactive_project_scheduled_for_deletion`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/130699) | An inactive project is scheduled for deletion | {{< icon name="check-circle" >}} Yes | GitLab [16.4](https://gitlab.com/gitlab-org/gitlab/-/issues/423263) | Project |
@ -335,34 +331,27 @@ Audit event types belong to the following product categories.
| Type name | Event triggered when | Saved to database | Introduced in | Scope |
|:----------|:---------------------|:------------------|:--------------|:------|
| [`allow_mfa_for_subgroups_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/164973) | Setting for Subgroups can set up their own two-factor authentication rules updated | {{< icon name="check-circle" >}} Yes | GitLab [17.4](https://gitlab.com/gitlab-org/gitlab/-/issues/486532) | Group |
| [`allow_runner_registration_token_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/164973) | Setting Allow members of projects and groups to create runners with runner registration tokens is updated | {{< icon name="check-circle" >}} Yes | GitLab [16.0](https://gitlab.com/gitlab-org/gitlab/-/issues/486532) | Group, Project |
| [`allowed_email_domain_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/166105) | Group setting allowed email domain entry is updated | {{< icon name="check-circle" >}} Yes | GitLab [17.5](https://gitlab.com/gitlab-org/gitlab/-/issues/486532) | Group |
| [`create_ssh_certificate`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/134556) | An SSH certificate is created | {{< icon name="check-circle" >}} Yes | GitLab [16.6](https://gitlab.com/gitlab-org/gitlab/-/issues/427413) | Group |
| [`default_branch_name_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/164973) | Default branch name for the group repository is changed | {{< icon name="check-circle" >}} Yes | GitLab [17.4](https://gitlab.com/gitlab-org/gitlab/-/issues/486532) | Group |
| [`delete_ssh_certificate`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/134556) | An SSH certificate is deleted | {{< icon name="check-circle" >}} Yes | GitLab [16.6](https://gitlab.com/gitlab-org/gitlab/-/issues/427413) | Group |
| [`disable_personal_access_tokens_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/164973) | Setting Disable personal access tokens is updated | {{< icon name="check-circle" >}} Yes | GitLab [17.4](https://gitlab.com/gitlab-org/gitlab/-/issues/486532) | Group |
| [`emails_enabled_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/164973) | Setting Enable email notifications is updated | {{< icon name="check-circle" >}} Yes | GitLab [17.4](https://gitlab.com/gitlab-org/gitlab/-/issues/486532) | Group |
| [`enabled_git_access_protocol_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/164973) | Setting Enabled Git access protocols is updated | {{< icon name="check-circle" >}} Yes | GitLab [17.4](https://gitlab.com/gitlab-org/gitlab/-/issues/486532) | Group |
| [`enforce_ssh_certificates_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/164973) | Setting Enforce SSH Certificates is updated | {{< icon name="check-circle" >}} Yes | GitLab [17.4](https://gitlab.com/gitlab-org/gitlab/-/issues/486532) | Group |
| [`group_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/121005) | A group is created | {{< icon name="check-circle" >}} Yes | GitLab [16.3](https://gitlab.com/gitlab-org/gitlab/-/issues/411595) | Group |
| [`group_deletion_marked`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/116986) | A group is marked for deletion | {{< icon name="check-circle" >}} Yes | GitLab [15.11](https://gitlab.com/gitlab-org/gitlab/-/issues/374106) | Group |
| [`group_description_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/164973/) | Group description is updated | {{< icon name="check-circle" >}} Yes | GitLab [17.4](https://gitlab.com/gitlab-org/gitlab/-/issues/486532) | Group |
| [`group_destroyed`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/116986) | A group is destroyed | {{< icon name="check-circle" >}} Yes | GitLab [15.11](https://gitlab.com/gitlab-org/gitlab/-/issues/374106) | Group |
| [`group_lfs_enabled_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/106079) | LFS enabled for a group is updated | {{< icon name="check-circle" >}} Yes | GitLab [15.7](https://gitlab.com/gitlab-org/gitlab/-/issues/369323) | Group |
| [`group_membership_lock_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/106079) | Membership lock for a group is updated | {{< icon name="check-circle" >}} Yes | GitLab [15.7](https://gitlab.com/gitlab-org/gitlab/-/issues/369323) | Group |
| [`group_mentions_disabled_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/164973) | A group's setting to notify group members on group mention is updated | {{< icon name="check-circle" >}} Yes | GitLab [17.4](https://gitlab.com/gitlab-org/gitlab/-/issues/486532) | Group |
| [`group_merge_request_approval_setting_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/87880) | Merge request approval settings are added to a group | {{< icon name="check-circle" >}} Yes | GitLab [15.1](https://gitlab.com/gitlab-org/gitlab/-/issues/356152) | Group |
| [`group_name_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/106079) | A group's name is updated | {{< icon name="check-circle" >}} Yes | GitLab [15.7](https://gitlab.com/gitlab-org/gitlab/-/issues/369320) | Group |
| [`group_path_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/106079) | A group's path is updated | {{< icon name="check-circle" >}} Yes | GitLab [15.7](https://gitlab.com/gitlab-org/gitlab/-/issues/369321) | Group |
| [`group_project_creation_level_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/106079) | A group's project creation level is updated | {{< icon name="check-circle" >}} Yes | GitLab [15.7](https://gitlab.com/gitlab-org/gitlab/-/issues/369327) | Group |
| [`group_repository_size_limit_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/106079) | A group's repository size limit is updated | {{< icon name="check-circle" >}} Yes | GitLab [15.7](https://gitlab.com/gitlab-org/gitlab/-/issues/369322) | Group |
| [`group_request_access_enabled_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/106079) | A group's request access enabled is updated | {{< icon name="check-circle" >}} Yes | GitLab [15.7](https://gitlab.com/gitlab-org/gitlab/-/issues/369323) | Group |
| [`group_require_two_factor_authentication_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/106079) | A group's require two factor authentication setting is updated | {{< icon name="check-circle" >}} Yes | GitLab [15.7](https://gitlab.com/gitlab-org/gitlab/-/issues/369325) | Group |
| [`group_restored`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/116986) | A group is restored | {{< icon name="check-circle" >}} Yes | GitLab [15.11](https://gitlab.com/gitlab-org/gitlab/-/issues/374106) | Group |
| [`group_share_with_group_link_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/112719) | You invite a group to another group by using the group's membership page | {{< icon name="check-circle" >}} Yes | GitLab [15.10](https://gitlab.com/gitlab-org/gitlab/-/issues/327909) | Group |
| [`group_share_with_group_link_removed`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/112719) | You remove a group from another group by using the group's membership page | {{< icon name="check-circle" >}} Yes | GitLab [15.10](https://gitlab.com/gitlab-org/gitlab/-/issues/327909) | Group |
| [`group_share_with_group_link_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/112719) | You update a group's access settings to another group by using the group's membership page | {{< icon name="check-circle" >}} Yes | GitLab [15.10](https://gitlab.com/gitlab-org/gitlab/-/issues/327909) | Group |
| [`group_shared_runners_minutes_limit_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/106079) | A group's shared runners minutes limit is updated | {{< icon name="check-circle" >}} Yes | GitLab [15.7](https://gitlab.com/gitlab-org/gitlab/-/issues/369324) | Group |
| [`group_shared_with_group_lock_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/164973/) | Group can be shared with other group setting is updated | {{< icon name="check-circle" >}} Yes | GitLab [17.4](https://gitlab.com/gitlab-org/gitlab/-/issues/486532) | Group |
| [`group_two_factor_grace_period_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/106079) | A group's two factor grace period is updated | {{< icon name="check-circle" >}} Yes | GitLab [15.7](https://gitlab.com/gitlab-org/gitlab/-/issues/369326) | Group |
| [`group_visibility_level_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/106079) | A group's visibility level is updated | {{< icon name="check-circle" >}} Yes | GitLab [15.7](https://gitlab.com/gitlab-org/gitlab/-/issues/369322) | Group |
| [`merge_commit_template_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/107533) | Merge commit template is updated | {{< icon name="check-circle" >}} Yes | GitLab [15.8](https://gitlab.com/gitlab-org/gitlab/-/issues/369314) | Project |
| [`new_user_signups_cap_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/164973) | Setting Number of users for user cap is updated | {{< icon name="check-circle" >}} Yes | GitLab [17.4](https://gitlab.com/gitlab-org/gitlab/-/issues/486532) | Group |
@ -411,8 +400,6 @@ Audit event types belong to the following product categories.
| [`project_visibility_level_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/106652) | A project's visibility level setting is updated | {{< icon name="check-circle" >}} Yes | GitLab [15.7](https://gitlab.com/gitlab-org/gitlab/-/issues/369288) | Project |
| [`remove_dormant_members_period_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/164973) | Setting Days of inactivity before removal is updated | {{< icon name="check-circle" >}} Yes | GitLab [17.4](https://gitlab.com/gitlab-org/gitlab/-/issues/486532) | Group |
| [`remove_dormant_members_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/164973) | Setting Dormant members is updated | {{< icon name="check-circle" >}} Yes | GitLab [17.4](https://gitlab.com/gitlab-org/gitlab/-/issues/486532) | Group |
| [`resource_access_token_creation_allowed_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/164973) | Setting for Users can create project access tokens and group access tokens in this group is updated | {{< icon name="check-circle" >}} Yes | GitLab [17.4](https://gitlab.com/gitlab-org/gitlab/-/issues/486532) | Group, Project |
| [`runner_registration_enabled_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/164973) | Setting Runner registration is updated | {{< icon name="check-circle" >}} Yes | GitLab [17.4](https://gitlab.com/gitlab-org/gitlab/-/issues/486532) | Group |
| [`seat_control_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/164973) | Setting Seat control is updated | {{< icon name="check-circle" >}} Yes | GitLab [17.4](https://gitlab.com/gitlab-org/gitlab/-/issues/486532) | Group |
| [`service_access_tokens_expiration_enforced_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/164973) | Setting Service account token expiration is updated | {{< icon name="check-circle" >}} Yes | GitLab [17.4](https://gitlab.com/gitlab-org/gitlab/-/issues/486532) | Group |
| [`show_diff_preview_in_email_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/164973) | Setting Email notification to include diff preview is updated | {{< icon name="check-circle" >}} Yes | GitLab [17.4](https://gitlab.com/gitlab-org/gitlab/-/issues/486532) | Group, Project |
@ -481,15 +468,6 @@ Audit event types belong to the following product categories.
|:----------|:---------------------|:------------------|:--------------|:------|
| [`product_analytics_settings_update`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/154101) | Product analytics settings are changed | {{< icon name="check-circle" >}} Yes | GitLab [17.1](https://gitlab.com/gitlab-org/gitlab/-/issues/463318) | Project |
### Project
| Type name | Event triggered when | Saved to database | Introduced in | Scope |
|:----------|:---------------------|:------------------|:--------------|:------|
| [`project_access_token_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/92225) | A project access token is created | {{< icon name="check-circle" >}} Yes | GitLab [15.2](https://gitlab.com/gitlab-org/gitlab/-/issues/363087) | Project |
| [`project_access_token_creation_failed`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/92225) | Creating a project access token fails | {{< icon name="check-circle" >}} Yes | GitLab [15.2](https://gitlab.com/gitlab-org/gitlab/-/issues/363087) | Project |
| [`project_access_token_deleted`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/92225) | A project access token is deleted | {{< icon name="check-circle" >}} Yes | GitLab [15.2](https://gitlab.com/gitlab-org/gitlab/-/issues/363087) | Project |
| [`project_access_token_deletion_failed`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/92225) | Deleting a project access token fails | {{< icon name="check-circle" >}} Yes | GitLab [15.2](https://gitlab.com/gitlab-org/gitlab/-/issues/363087) | Project |
### Quality management
| Type name | Event triggered when | Saved to database | Introduced in | Scope |
@ -502,11 +480,14 @@ Audit event types belong to the following product categories.
| Type name | Event triggered when | Saved to database | Introduced in | Scope |
|:----------|:---------------------|:------------------|:--------------|:------|
| [`allow_runner_registration_token_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/164973) | Setting Allow members of projects and groups to create runners with runner registration tokens is updated | {{< icon name="check-circle" >}} Yes | GitLab [16.0](https://gitlab.com/gitlab-org/gitlab/-/issues/486532) | Group, Project |
| [`ci_runner_assigned_to_project`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/81508) | A runner is assigned to a project | {{< icon name="check-circle" >}} Yes | GitLab [14.9](https://gitlab.com/gitlab-org/gitlab/-/issues/349542) | Project |
| [`ci_runner_registered`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/77109) | An instance, group, or project runner is registered | {{< icon name="check-circle" >}} Yes | GitLab [14.8](https://gitlab.com/gitlab-org/gitlab/-/issues/359958) | Instance, Group, Project |
| [`ci_runner_token_reset`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/85535) | A runner's token is reset | {{< icon name="check-circle" >}} Yes | GitLab [15.0](https://gitlab.com/gitlab-org/gitlab/-/issues/355637) | Instance, Group, Project |
| [`ci_runner_unassigned_from_project`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/81540) | A runner is unassigned from a project | {{< icon name="check-circle" >}} Yes | GitLab [14.9](https://gitlab.com/gitlab-org/gitlab/-/issues/349542) | Project |
| [`ci_runner_unregistered`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/79754) | An instance, group, or project runner is unregistered | {{< icon name="check-circle" >}} Yes | GitLab [14.9](https://gitlab.com/gitlab-org/gitlab/-/issues/349540) | Instance, Group, Project |
| [`group_shared_runners_minutes_limit_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/106079) | A group's shared runners minutes limit is updated | {{< icon name="check-circle" >}} Yes | GitLab [15.7](https://gitlab.com/gitlab-org/gitlab/-/issues/369324) | Group |
| [`runner_registration_enabled_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/164973) | Setting Runner registration is updated | {{< icon name="check-circle" >}} Yes | GitLab [17.4](https://gitlab.com/gitlab-org/gitlab/-/issues/486532) | Group |
| [`set_runner_associated_projects`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/97666) | Associated projects are successfully assigned to a CI/CD runner | {{< icon name="check-circle" >}} Yes | GitLab [15.4](https://gitlab.com/gitlab-org/gitlab/-/issues/359958) | Project |
### Secret detection
@ -548,6 +529,7 @@ Audit event types belong to the following product categories.
|:----------|:---------------------|:------------------|:--------------|:------|
| [`approval_rule_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/89939) | A merge request approval rule is created | {{< icon name="check-circle" >}} Yes | GitLab [15.2](https://gitlab.com/gitlab-org/gitlab/-/issues/363092) | Project |
| [`approval_rule_deleted`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/82297) | A merge request approval rule is deleted | {{< icon name="check-circle" >}} Yes | GitLab [14.9](https://gitlab.com/gitlab-org/gitlab/-/issues/329514) | Project |
| [`default_branch_name_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/164973) | Default branch name for the group repository is changed | {{< icon name="check-circle" >}} Yes | GitLab [17.4](https://gitlab.com/gitlab-org/gitlab/-/issues/486532) | Group |
| [`group_push_rules_author_email_regex_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/105791) | A group's push rules settings is changed for author email regex | {{< icon name="check-circle" >}} Yes | GitLab [15.7](https://gitlab.com/gitlab-org/gitlab/-/issues/369343) | Group |
| [`group_push_rules_branch_name_regex_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/105791) | A group's push rules settings is changed for branch name regex | {{< icon name="check-circle" >}} Yes | GitLab [15.7](https://gitlab.com/gitlab-org/gitlab/-/issues/369340) | Group |
| [`group_push_rules_commit_committer_check_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/86046) | A group's push rule setting is updated for reject unverified users | {{< icon name="check-circle" >}} Yes | GitLab [15.0](https://gitlab.com/gitlab-org/gitlab/-/issues/227629) | Group |
@ -560,6 +542,7 @@ Audit event types belong to the following product categories.
| [`group_push_rules_reject_member_check_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/86046) | A group's push rule setting is updated to check if commit author is a GitLab user | {{< icon name="check-circle" >}} Yes | GitLab [15.0](https://gitlab.com/gitlab-org/gitlab/-/issues/227629) | Group |
| [`group_push_rules_reject_non_dco_commits_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/86046) | A group's push rule setting is updated for reject non DCO certified commits | {{< icon name="check-circle" >}} Yes | GitLab [15.0](https://gitlab.com/gitlab-org/gitlab/-/issues/227629) | Group |
| [`group_push_rules_reject_unsigned_commits_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/86046) | A group push's rule setting is updated for reject unsigned commits | {{< icon name="check-circle" >}} Yes | GitLab [15.0](https://gitlab.com/gitlab-org/gitlab/-/issues/227629) | Group |
| [`group_repository_size_limit_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/106079) | A group's repository size limit is updated | {{< icon name="check-circle" >}} Yes | GitLab [15.7](https://gitlab.com/gitlab-org/gitlab/-/issues/369322) | Group |
| [`merged_merge_request_deleted`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/118793) | A merged merge request is deleted | {{< icon name="dotted-circle" >}} No | GitLab [16.0](https://gitlab.com/gitlab-org/gitlab/-/issues/408288) | Project |
| [`merged_merge_request_deletion_started`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/118793) | A merged merge request's deletion is started | {{< icon name="dotted-circle" >}} No | GitLab [16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/408288) | Project |
| [`project_fork_operation`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/90916) | A project is forked | {{< icon name="check-circle" >}} Yes | GitLab [15.2](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/90916) | Project |
@ -579,15 +562,27 @@ Audit event types belong to the following product categories.
| Type name | Event triggered when | Saved to database | Introduced in | Scope |
|:----------|:---------------------|:------------------|:--------------|:------|
| [`allow_mfa_for_subgroups_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/164973) | Setting for Subgroups can set up their own two-factor authentication rules updated | {{< icon name="check-circle" >}} Yes | GitLab [17.4](https://gitlab.com/gitlab-org/gitlab/-/issues/486532) | Group |
| [`allowed_email_domain_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/166105) | Group setting allowed email domain entry is updated | {{< icon name="check-circle" >}} Yes | GitLab [17.5](https://gitlab.com/gitlab-org/gitlab/-/issues/486532) | Group |
| [`application_setting_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/124639) | An application setting is updated | {{< icon name="check-circle" >}} Yes | GitLab [16.3](https://gitlab.com/gitlab-org/gitlab/-/issues/282428) | Instance |
| [`disable_personal_access_tokens_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/164973) | Setting Disable personal access tokens is updated | {{< icon name="check-circle" >}} Yes | GitLab [17.4](https://gitlab.com/gitlab-org/gitlab/-/issues/486532) | Group |
| [`email_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/114546) | An email is created | {{< icon name="check-circle" >}} Yes | GitLab [15.11](https://gitlab.com/gitlab-org/gitlab/-/issues/374107) | User |
| [`email_destroyed`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/114546) | An email is destroyed | {{< icon name="check-circle" >}} Yes | GitLab [15.11](https://gitlab.com/gitlab-org/gitlab/-/issues/374107) | User |
| [`group_access_token_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/92225) | A group access token is created | {{< icon name="check-circle" >}} Yes | GitLab [15.2](https://gitlab.com/gitlab-org/gitlab/-/issues/363087) | Group |
| [`group_access_token_creation_failed`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/92225) | Creating a group access token failed | {{< icon name="check-circle" >}} Yes | GitLab [15.2](https://gitlab.com/gitlab-org/gitlab/-/issues/363087) | Group |
| [`group_access_token_deleted`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/92225) | A group access token is deleted | {{< icon name="check-circle" >}} Yes | GitLab [15.2](https://gitlab.com/gitlab-org/gitlab/-/issues/363087) | Group |
| [`group_access_token_deletion_failed`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/92225) | Deleting a group access token failed | {{< icon name="check-circle" >}} Yes | GitLab [15.2](https://gitlab.com/gitlab-org/gitlab/-/issues/363087) | Group |
| [`group_require_two_factor_authentication_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/106079) | A group's require two factor authentication setting is updated | {{< icon name="check-circle" >}} Yes | GitLab [15.7](https://gitlab.com/gitlab-org/gitlab/-/issues/369325) | Group |
| [`group_two_factor_grace_period_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/106079) | A group's two factor grace period is updated | {{< icon name="check-circle" >}} Yes | GitLab [15.7](https://gitlab.com/gitlab-org/gitlab/-/issues/369326) | Group |
| [`ip_restrictions_changed`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/86037) | Any changes in the IP allowlist | {{< icon name="check-circle" >}} Yes | GitLab [15.0](https://gitlab.com/gitlab-org/gitlab/-/issues/358986) | Group |
| [`login_failed_with_otp_authentication`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/129595) | Sign-in fails because of an incorrect OTP | {{< icon name="check-circle" >}} Yes | GitLab [16.4](https://gitlab.com/gitlab-org/gitlab/-/issues/377758) | User |
| [`login_failed_with_standard_authentication`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/129595) | Sign-in to GitLab fails with standard authentication, such as password | {{< icon name="check-circle" >}} Yes | GitLab [16.4](https://gitlab.com/gitlab-org/gitlab/-/issues/377758) | Instance |
| [`login_failed_with_webauthn_authentication`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/129595) | Sign-in fails when using a WebAuthn device | {{< icon name="check-circle" >}} Yes | GitLab [16.4](https://gitlab.com/gitlab-org/gitlab/-/issues/377758) | User |
| [`project_access_token_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/92225) | A project access token is created | {{< icon name="check-circle" >}} Yes | GitLab [15.2](https://gitlab.com/gitlab-org/gitlab/-/issues/363087) | Project |
| [`project_access_token_creation_failed`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/92225) | Creating a project access token fails | {{< icon name="check-circle" >}} Yes | GitLab [15.2](https://gitlab.com/gitlab-org/gitlab/-/issues/363087) | Project |
| [`project_access_token_deleted`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/92225) | A project access token is deleted | {{< icon name="check-circle" >}} Yes | GitLab [15.2](https://gitlab.com/gitlab-org/gitlab/-/issues/363087) | Project |
| [`project_access_token_deletion_failed`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/92225) | Deleting a project access token fails | {{< icon name="check-circle" >}} Yes | GitLab [15.2](https://gitlab.com/gitlab-org/gitlab/-/issues/363087) | Project |
| [`resource_access_token_creation_allowed_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/164973) | Setting for Users can create project access tokens and group access tokens in this group is updated | {{< icon name="check-circle" >}} Yes | GitLab [17.4](https://gitlab.com/gitlab-org/gitlab/-/issues/486532) | Group, Project |
| [`update_mismatched_group_saml_extern_uid`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/104791) | The external UID is changed on a SAML identity | {{< icon name="check-circle" >}} Yes | GitLab [15.7](https://gitlab.com/gitlab-org/gitlab/-/issues/382256) | User |
| [`user_access_locked`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/124169) | User access to the instance is locked | {{< icon name="check-circle" >}} Yes | GitLab [16.2](https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/244) | User |
| [`user_access_unlocked`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/124973) | User access to the instance is unlocked | {{< icon name="check-circle" >}} Yes | GitLab [16.2](https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/244) | User |

2
doc/user/compliance/compliance_center/_index.md
View File

@ -29,4 +29,4 @@ The compliance center comprises the:
- [Compliance projects report](compliance_projects_report.md).
For more information on other GitLab compliance features for projects, groups, and instances, see
[Compliance features](../../../administration/compliance.md).
[Compliance features](../../../administration/compliance/compliance_features.md).

69
doc/user/duo_workflow/_index.md
View File

@ -41,18 +41,55 @@ GitLab Duo Workflow helps you complete development tasks directly in the VS Code
Workflow:
- Runs in your IDE so that you do not have to switch contexts or tools.
- In response to your prompt, creates and works through a plan.
Workflow then stages the corresponding changes in your project's repository.
You control when to accept, modify, or reject the suggestions from Workflow.
- Is context-aware. Workflow understands your project structure, codebase, and history.
- Creates and works through a plan, in response to your prompt.
- Stages proposed changes in your project's repository.
You control when to accept, modify, or reject the suggestions.
- Understands the context of your project structure, codebase, and history.
You can also add your own context, such as relevant GitLab issues or merge requests.
For more information, see [context](context.md).
For more information, see:
## Use Workflow in VS Code
- [Set up Workflow](set_up.md).
- [Use Workflow in your IDE](use_in_your_ide.md).
- [Best practices](best_practices.md).
Prerequisites:
- You must have [set up Workflow](set_up.md).
- The repository you want to work with should be small or medium-sized.
Workflow can be slow or fail for large repositories.
To use Workflow in VS Code:
1. In VS Code, open the Git repository folder for your GitLab project.
1. Check out the branch for the code you would like to change.
- If you do not check out a GitLab project and branch, Workflow will not work.
1. Open the command palette:
- On macOS: <kbd>Cmd</kbd> + <kbd>Shift</kbd> + <kbd>P</kbd>
- On Windows and Linux: <kbd>Ctrl</kbd> + <kbd>P</kbd>.
1. Type `GitLab Duo Workflow` and select **GitLab: Show Duo Workflow**.
1. To create a workflow, select **New workflow**.
1. For **Task description**, specify a junior-level code task in detail.
- Workflow is aware of all files available to Git in the project and branch you have open in your editor.
- You can also give Workflow [additional context](#the-context-workflow-is-aware-of).
- Workflow cannot access external sources or the web.
1. Select **Start**.
After you describe your task, Workflow generates and executes on a plan to address it.
While it executes, you can pause or ask it to adjust the plan.
For more information about how to interact with Workflow, see [best practices](best_practices.md).
## The context Workflow is aware of
When you ask Workflow for help with a task, it is aware of some files by default.
You can also provide it with additional context.
| Area | How to use GitLab Workflow |
|-------------------------------|--------------------------------|
| Epics | Enter the epic ID and the name of the group the epic is in. The group must include a project that meets the [prerequisites](set_up.md#prerequisites). |
| Issues | Enter the issue ID if it's in the current project. You can also enter a project ID from a different project, as long as it meets the [prerequisites](set_up.md#prerequisites). |
| Local files | Workflow is aware of all files available to Git in the project you have open in your editor. You can also reference a specific file by its file path. |
| Merge requests | Enter the merge request ID if it's in the current project. You can also enter a project ID from a different project, as long as it meets the [prerequisites](set_up.md#prerequisites). |
| Merge request pipelines | Enter the merge request ID that has the pipeline, if it's in the current project. You can also enter a project ID from a different project, as long as it meets the [prerequisites](set_up.md#prerequisites). |
Workflow also has access to the GitLab [Search API](../../api/search.md) to find related issues or merge requests.
## Supported languages
@ -86,21 +123,11 @@ to the following APIs:
- [Notes API](../../api/notes.md)
- [Usage Data API](../../api/usage_data.md)
## Current limitations
Workflow has the following limitations:
- Requires the workspace folder in VS Code to have a Git repository for a GitLab project.
- Only runs workflows for the GitLab project that's open in VS Code.
- Only accesses files in the current branch and project.
- Only accesses GitLab references in the GitLab instance of your project. For example, if your project is in GitLab.com, Workflow only accesses GitLab references in that instance. It cannot access external sources or the web.
- Only reliably accesses GitLab references if provided with their IDs. For example, issue ID and not issue URL.
- Can be slow or fail in large repositories.
## Audit log
An audit event is created for each API request done by Workflow.
On your GitLab Self-Managed instance, you can view these events on the [instance audit events](../../administration/audit_event_reports.md#instance-audit-events) page.
On your GitLab Self-Managed instance, you can view these events on the
[instance audit events](../../administration/compliance/audit_event_reports.md#instance-audit-events) page.
## Give feedback

8
doc/user/duo_workflow/best_practices.md
View File

@ -26,7 +26,9 @@ Follow these best practices to get the most value from GitLab Duo Workflow.
A prompt is the text input that you give to Workflow. To create an effective prompt:
- Define a clear goal with measurable outcomes.
- Provide clear context by including relevant files, merge requests, or issues. For information about the types of context Workflow understands, see [context](context.md).
- Provide clear context by including relevant files, merge requests, or issues.
For information about the types of context Workflow understands, see
[context](_index.md#the-context-workflow-is-aware-of).
- Provide examples of expected changes.
- Include or link to any technical requirements or rules.
@ -96,7 +98,3 @@ Add aria-label attributes to buttons without text content.
Use the button's function for the label value.
Required format: aria-label="Action description"
```
## Related topics
- [Use GitLab Duo Workflow in your IDE](use_in_your_ide.md)

32
doc/user/duo_workflow/context.md
View File

@ -1,32 +0,0 @@
---
stage: AI-powered
group: Duo Workflow
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Context in GitLab Duo Workflow
---
{{< details >}}
- Tier: Ultimate
- Offering: GitLab.com
- Status: Experiment
{{< /details >}}
{{< alert type="warning" >}}
This feature is considered [experimental](../../policy/development_stages_support.md) and is not intended for customer usage outside of initial design partners. We expect major changes to this feature.
{{< /alert >}}
Workflow is aware of the context you're working in, specifically:
| Area | How to use GitLab Workflow |
|-------------------------------|--------------------------------|
| Epics | Enter the epic ID and the name of the group the epic is in. The group must include a project that meets the [prerequisites](set_up.md#prerequisites). |
| Issues | Enter the issue ID if it's in the current project. In addition, enter the project ID if it is in a different project. The other project must also meet the [prerequisites](set_up.md#prerequisites). |
| Local files | Workflow can access all files available to Git in the project you have open in your editor. Enter the file path to reference a specific file. |
| Merge requests | Enter the merge request ID if it's in the current project. In addition, enter the project ID if it's in a different project. The other project must also meet the [prerequisites](set_up.md#prerequisites). |
| Merge request pipelines | Enter the merge request ID that has the pipeline, if it's in the current project. In addition, enter the project ID if it's in a different project. The other project must also meet the [prerequisites](set_up.md#prerequisites). |
Workflow also has access to the GitLab [Search API](../../api/search.md) to find related issues or merge requests.

4
doc/user/duo_workflow/set_up.md
View File

@ -93,7 +93,3 @@ that get installed with the script.
```json
"gitlab.duoWorkflow.dockerSocket": "/Users/<your_user>/.colima/default/docker.sock",
```
## Next steps
Try [using GitLab Duo Workflow in your IDE](use_in_your_ide.md).

35
doc/user/duo_workflow/use_in_your_ide.md
View File

@ -1,35 +0,0 @@
---
stage: AI-powered
group: Duo Workflow
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Use GitLab Duo Workflow in your IDE
---
{{< details >}}
- Tier: Ultimate
- Offering: GitLab.com
- Status: Experiment
{{< /details >}}
{{< alert type="warning" >}}
This feature is considered [experimental](../../policy/development_stages_support.md) and is not intended for customer usage outside of initial design partners. We expect major changes to this feature.
{{< /alert >}}
To use Workflow in VS Code:
1. In VS Code, open the Git repository folder for your GitLab project.
- You must check out the branch for the code you would like to change.
1. Open the command palette:
- On macOS: <kbd>Cmd</kbd> + <kbd>Shift</kbd> + <kbd>P</kbd>
- On Windows and Linux: <kbd>Ctrl</kbd> + <kbd>P</kbd>.
1. Type `GitLab Duo Workflow` and select **GitLab: Show Duo Workflow**.
1. To create a workflow, select **New workflow**.
1. For **Task description**, specify a junior-level code task in detail,
and then select **Start**.
After you describe your task, Workflow generates and executes on a plan to address it.
While it executes, you can pause or ask it to adjust the plan.

3
lib/gitlab/database/sos.rb
View File

@ -5,7 +5,8 @@ module Gitlab
module Database
module Sos
TASKS = [
Sos::DbStatsActivity
Sos::DbStatsActivity,
Sos::PgSchemaDump
].freeze
def self.run(output_file)

28
lib/gitlab/database/sos/pg_schema_dump.rb Normal file
View File

@ -0,0 +1,28 @@
# frozen_string_literal: true
module Gitlab
module Database
module Sos
class PgSchemaDump
attr_reader :connection, :name, :output
def initialize(connection, name, output)
@connection = connection
@name = name
@output = output
end
def run
file_path = File.join(name, "#{name}_schema_dump.sql")
output.write_file(file_path) do |f|
File.open(f, 'w') do |file|
connection.create_schema_dumper({}).dump(file)
end
end
rescue StandardError => e
Gitlab::AppLogger.error("Error writing schema dump for DB:#{name} with error message:#{e.message}")
end
end
end
end
end

197
locale/gitlab.pot
View File

@ -21972,44 +21972,40 @@ msgstr ""
msgid "Duration (min)"
msgstr ""
msgid "Duration|%s days"
msgstr ""
msgid "Duration|%s hours"
msgstr ""
msgid "Duration|%s minutes"
msgstr ""
msgid "Duration|%s months"
msgstr ""
msgid "Duration|%s seconds"
msgstr ""
msgid "Duration|%s weeks"
msgstr ""
msgid "Duration|%s years"
msgstr ""
msgid "Duration|1 day"
msgstr ""
msgid_plural "Duration|%s days"
msgstr[0] ""
msgstr[1] ""
msgid "Duration|1 hour"
msgstr ""
msgid_plural "Duration|%s hours"
msgstr[0] ""
msgstr[1] ""
msgid "Duration|1 minute"
msgstr ""
msgid_plural "Duration|%s minutes"
msgstr[0] ""
msgstr[1] ""
msgid "Duration|1 month"
msgstr ""
msgid_plural "Duration|%s months"
msgstr[0] ""
msgstr[1] ""
msgid "Duration|1 second"
msgid_plural "Duration|%s seconds"
msgstr[0] ""
msgstr[1] ""
msgid "Duration|1 week"
msgstr ""
msgid_plural "Duration|%s weeks"
msgstr[0] ""
msgstr[1] ""
msgid "Duration|1 year"
msgstr ""
msgid_plural "Duration|%s years"
msgstr[0] ""
msgstr[1] ""
msgid "During this process, youll be asked for URLs from GitLabs side. Use the URLs shown below."
msgstr ""
@ -59862,122 +59858,113 @@ msgstr ""
msgid "TimeTracking|View time tracking report"
msgstr ""
msgid "Timeago|%s days ago"
msgstr ""
msgid "Timeago|%s days remaining"
msgstr ""
msgid "Timeago|%s hours ago"
msgstr ""
msgid "Timeago|%s hours remaining"
msgstr ""
msgid "Timeago|%s minutes ago"
msgstr ""
msgid "Timeago|%s minutes remaining"
msgstr ""
msgid "Timeago|%s months ago"
msgstr ""
msgid "Timeago|%s months remaining"
msgstr ""
msgid "Timeago|%s seconds remaining"
msgstr ""
msgid "Timeago|%s weeks ago"
msgstr ""
msgid "Timeago|%s weeks remaining"
msgstr ""
msgid "Timeago|%s years ago"
msgstr ""
msgid "Timeago|%s years remaining"
msgstr ""
msgid "Timeago|1 day ago"
msgstr ""
msgid_plural "Timeago|%s days ago"
msgstr[0] ""
msgstr[1] ""
msgid "Timeago|1 day remaining"
msgstr ""
msgid_plural "Timeago|%s days remaining"
msgstr[0] ""
msgstr[1] ""
msgid "Timeago|1 hour ago"
msgstr ""
msgid_plural "Timeago|%s hours ago"
msgstr[0] ""
msgstr[1] ""
msgid "Timeago|1 hour remaining"
msgstr ""
msgid_plural "Timeago|%s hours remaining"
msgstr[0] ""
msgstr[1] ""
msgid "Timeago|1 minute ago"
msgstr ""
msgid_plural "Timeago|%s minutes ago"
msgstr[0] ""
msgstr[1] ""
msgid "Timeago|1 minute remaining"
msgstr ""
msgid_plural "Timeago|%s minutes remaining"
msgstr[0] ""
msgstr[1] ""
msgid "Timeago|1 month ago"
msgstr ""
msgid_plural "Timeago|%s months ago"
msgstr[0] ""
msgstr[1] ""
msgid "Timeago|1 month remaining"
msgstr ""
msgid_plural "Timeago|%s months remaining"
msgstr[0] ""
msgstr[1] ""
msgid "Timeago|1 second ago"
msgid_plural "Timeago|%s seconds ago"
msgstr[0] ""
msgstr[1] ""
msgid "Timeago|1 second remaining"
msgid_plural "Timeago|%s seconds remaining"
msgstr[0] ""
msgstr[1] ""
msgid "Timeago|1 week ago"
msgstr ""
msgid_plural "Timeago|%s weeks ago"
msgstr[0] ""
msgstr[1] ""
msgid "Timeago|1 week remaining"
msgstr ""
msgid_plural "Timeago|%s weeks remaining"
msgstr[0] ""
msgstr[1] ""
msgid "Timeago|1 year ago"
msgstr ""
msgid_plural "Timeago|%s years ago"
msgstr[0] ""
msgstr[1] ""
msgid "Timeago|1 year remaining"
msgstr ""
msgid_plural "Timeago|%s years remaining"
msgstr[0] ""
msgstr[1] ""
msgid "Timeago|Past due"
msgstr ""
msgid "Timeago|in %s days"
msgstr ""
msgid "Timeago|in %s hours"
msgstr ""
msgid "Timeago|in %s minutes"
msgstr ""
msgid "Timeago|in %s months"
msgstr ""
msgid "Timeago|in %s seconds"
msgstr ""
msgid "Timeago|in %s weeks"
msgstr ""
msgid "Timeago|in %s years"
msgstr ""
msgid "Timeago|in 1 day"
msgstr ""
msgid_plural "Timeago|in %s days"
msgstr[0] ""
msgstr[1] ""
msgid "Timeago|in 1 hour"
msgstr ""
msgid_plural "Timeago|in %s hours"
msgstr[0] ""
msgstr[1] ""
msgid "Timeago|in 1 minute"
msgstr ""
msgid_plural "Timeago|in %s minutes"
msgstr[0] ""
msgstr[1] ""
msgid "Timeago|in 1 month"
msgstr ""
msgid_plural "Timeago|in %s months"
msgstr[0] ""
msgstr[1] ""
msgid "Timeago|in 1 second"
msgid_plural "Timeago|in %s seconds"
msgstr[0] ""
msgstr[1] ""
msgid "Timeago|in 1 week"
msgstr ""
msgid_plural "Timeago|in %s weeks"
msgstr[0] ""
msgstr[1] ""
msgid "Timeago|in 1 year"
msgstr ""
msgid_plural "Timeago|in %s years"
msgstr[0] ""
msgstr[1] ""
msgid "Timeago|just now"
msgstr ""

2
scripts/frontend/quarantined_vue3_specs.txt
View File

@ -74,7 +74,7 @@ ee/spec/frontend/roles_and_permissions/components/role_selector_spec.js
ee/spec/frontend/security_configuration/components/app_spec.js
ee/spec/frontend/security_configuration/components/dynamic_fields_spec.js
ee/spec/frontend/security_configuration/dast_profiles/components/dast_profiles_list_spec.js
ee/spec/frontend/security_configuration/dast_profiles/dast_profile_selector/scanner_profile_selector_spec.js
ee/spec/frontend/security_configuration/dast_profiles/dast_profile_selector/site_profile_selector_spec.js
ee/spec/frontend/security_dashboard/components/shared/filters/querystring_sync_spec.js
ee/spec/frontend/security_dashboard/components/shared/vulnerability_details_graphql/details_section_spec.js
ee/spec/frontend/security_dashboard/components/shared/vulnerability_report/vulnerability_list_graphql_spec.js

57
spec/frontend/lib/utils/datetime/timeago_utility_spec.js
View File

@ -15,6 +15,36 @@ describe('TimeAgo utils', () => {
[new Date().getTime(), 'just now'],
[new Date(), 'just now'],
[null, 'just now'],
// test relative time in future
[new Date().getTime() + 30e3, 'in 30 seconds'],
[new Date().getTime() + 59e3, 'in 59 seconds'],
[new Date().getTime() + 60e3, 'in 1 minute'],
[new Date().getTime() + 60e3 * 30, 'in 30 minutes'],
[new Date().getTime() + 60e3 * 59, 'in 59 minutes'],
[new Date().getTime() + 60e3 * 60, 'in 1 hour'],
[new Date().getTime() + 60e3 * 60 * 2, 'in 2 hours'],
[new Date().getTime() + 60e3 * 60 * 23, 'in 23 hours'],
[new Date().getTime() + 60e3 * 60 * 24, 'in 1 day'],
[new Date().getTime() + 60e3 * 60 * 24 * 2, 'in 2 days'],
[new Date().getTime() + 60e3 * 60 * 24 * 31, 'in 1 month'],
[new Date().getTime() + 60e3 * 60 * 24 * 61, 'in 2 months'],
[new Date().getTime() + 60e3 * 60 * 24 * 366, 'in 1 year'],
[new Date().getTime() + 60e3 * 60 * 24 * 366 * 2, 'in 2 years'],
// test relative time in past
[new Date().getTime() - 30e3, '30 seconds ago'],
[new Date().getTime() - 59e3, '59 seconds ago'],
[new Date().getTime() - 60e3, '1 minute ago'],
[new Date().getTime() - 60e3 * 30, '30 minutes ago'],
[new Date().getTime() - 60e3 * 59, '59 minutes ago'],
[new Date().getTime() - 60e3 * 60, '1 hour ago'],
[new Date().getTime() - 60e3 * 60 * 2, '2 hours ago'],
[new Date().getTime() - 60e3 * 60 * 23, '23 hours ago'],
[new Date().getTime() - 60e3 * 60 * 24, '1 day ago'],
[new Date().getTime() - 60e3 * 60 * 24 * 2, '2 days ago'],
[new Date().getTime() - 60e3 * 60 * 24 * 31, '1 month ago'],
[new Date().getTime() - 60e3 * 60 * 24 * 61, '2 months ago'],
[new Date().getTime() - 60e3 * 60 * 24 * 366, '1 year ago'],
[new Date().getTime() - 60e3 * 60 * 24 * 366 * 2, '2 years ago'],
])('formats date `%p` as `%p`', (date, result) => {
expect(getTimeago().format(date)).toEqual(result);
});
@ -67,15 +97,24 @@ describe('TimeAgo utils', () => {
expect(timeFor(date)).toBe('Past due');
});
it('returns localized remaining time when in the future', () => {
const date = new Date();
date.setFullYear(date.getFullYear() + 1);
// Add a day to prevent a transient error. If date is even 1 second
// short of a full year, timeFor will return '11 months remaining'
date.setDate(date.getDate() + 1);
expect(timeFor(date)).toBe('1 year remaining');
it.each([
[new Date().getTime(), 'just now'],
[new Date().getTime() + 30e3, '30 seconds remaining'],
[new Date().getTime() + 59e3, '59 seconds remaining'],
[new Date().getTime() + 60e3, '1 minute remaining'],
[new Date().getTime() + 60e3 * 30, '30 minutes remaining'],
[new Date().getTime() + 60e3 * 59, '59 minutes remaining'],
[new Date().getTime() + 60e3 * 60, '1 hour remaining'],
[new Date().getTime() + 60e3 * 60 * 2, '2 hours remaining'],
[new Date().getTime() + 60e3 * 60 * 23, '23 hours remaining'],
[new Date().getTime() + 60e3 * 60 * 24, '1 day remaining'],
[new Date().getTime() + 60e3 * 60 * 24 * 2, '2 days remaining'],
[new Date().getTime() + 60e3 * 60 * 24 * 31, '1 month remaining'],
[new Date().getTime() + 60e3 * 60 * 24 * 61, '2 months remaining'],
[new Date().getTime() + 60e3 * 60 * 24 * 366, '1 year remaining'],
[new Date().getTime() + 60e3 * 60 * 24 * 366 * 2, '2 years remaining'],
])('formats date `%p` as `%p`', (date, result) => {
expect(timeFor(date)).toEqual(result);
});
});

57
spec/frontend/work_items/components/work_item_actions_spec.js
View File

@ -19,23 +19,11 @@ import WorkItemChangeTypeModal from 'ee_else_ce/work_items/components/work_item_
import MoveWorkItemModal from '~/work_items/components/move_work_item_modal.vue';
import {
STATE_OPEN,
TEST_ID_CONFIDENTIALITY_TOGGLE_ACTION,
TEST_ID_COPY_CREATE_NOTE_EMAIL_ACTION,
TEST_ID_COPY_REFERENCE_ACTION,
TEST_ID_DELETE_ACTION,
TEST_ID_LOCK_ACTION,
TEST_ID_NOTIFICATIONS_TOGGLE_FORM,
TEST_ID_PROMOTE_ACTION,
TEST_ID_CHANGE_TYPE_ACTION,
TEST_ID_TOGGLE_ACTION,
TEST_ID_REPORT_ABUSE,
TEST_ID_NEW_RELATED_WORK_ITEM,
WORK_ITEM_TYPE_VALUE_INCIDENT,
WORK_ITEM_TYPE_VALUE_ISSUE,
WORK_ITEM_TYPE_VALUE_KEY_RESULT,
WORK_ITEM_TYPE_VALUE_OBJECTIVE,
WORK_ITEM_TYPE_VALUE_TASK,
TEST_ID_MOVE_ACTION,
} from '~/work_items/constants';
import updateWorkItemMutation from '~/work_items/graphql/update_work_item.mutation.graphql';
import updateWorkItemNotificationsMutation from '~/work_items/graphql/update_work_item_notifications.mutation.graphql';
@ -63,18 +51,17 @@ describe('WorkItemActions component', () => {
const findModal = () => wrapper.findComponent(GlModal);
const findConfidentialityToggleButton = () =>
wrapper.findByTestId(TEST_ID_CONFIDENTIALITY_TOGGLE_ACTION);
const findLockDiscussionButton = () => wrapper.findByTestId(TEST_ID_LOCK_ACTION);
const findDeleteButton = () => wrapper.findByTestId(TEST_ID_DELETE_ACTION);
const findPromoteButton = () => wrapper.findByTestId(TEST_ID_PROMOTE_ACTION);
const findCopyReferenceButton = () => wrapper.findByTestId(TEST_ID_COPY_REFERENCE_ACTION);
wrapper.findByTestId('confidentiality-toggle-action');
const findLockDiscussionButton = () => wrapper.findByTestId('lock-action');
const findDeleteButton = () => wrapper.findByTestId('delete-action');
const findPromoteButton = () => wrapper.findByTestId('promote-action');
const findCopyReferenceButton = () => wrapper.findByTestId('copy-reference-action');
const findWorkItemToggleOption = () => wrapper.findComponent(WorkItemStateToggle);
const findCopyCreateNoteEmailButton = () =>
wrapper.findByTestId(TEST_ID_COPY_CREATE_NOTE_EMAIL_ACTION);
const findReportAbuseButton = () => wrapper.findByTestId(TEST_ID_REPORT_ABUSE);
const findCopyCreateNoteEmailButton = () => wrapper.findByTestId('copy-create-note-email-action');
const findReportAbuseButton = () => wrapper.findByTestId('report-abuse-action');
const findSubmitAsSpamItem = () => wrapper.findByTestId('submit-as-spam-item');
const findNewRelatedItemButton = () => wrapper.findByTestId(TEST_ID_NEW_RELATED_WORK_ITEM);
const findChangeTypeButton = () => wrapper.findByTestId(TEST_ID_CHANGE_TYPE_ACTION);
const findNewRelatedItemButton = () => wrapper.findByTestId('new-related-work-item');
const findChangeTypeButton = () => wrapper.findByTestId('change-type-action');
const findReportAbuseModal = () => wrapper.findComponent(WorkItemAbuseModal);
const findCreateWorkItemModal = () => wrapper.findComponent(CreateWorkItemModal);
const findWorkItemChangeTypeModal = () => wrapper.findComponent(WorkItemChangeTypeModal);
@ -93,7 +80,7 @@ describe('WorkItemActions component', () => {
};
});
const findNotificationsToggle = () => wrapper.findComponent(GlToggle);
const findMoveButton = () => wrapper.findByTestId(TEST_ID_MOVE_ACTION);
const findMoveButton = () => wrapper.findByTestId('move-action');
const findMoveModal = () => wrapper.findComponent(MoveWorkItemModal);
const modalShowSpy = jest.fn();
@ -233,50 +220,50 @@ describe('WorkItemActions component', () => {
expect(findDropdownItemsActual()).toEqual([
{
testId: TEST_ID_NOTIFICATIONS_TOGGLE_FORM,
testId: 'notifications-toggle-form',
text: '',
},
{
divider: true,
},
{
testId: TEST_ID_TOGGLE_ACTION,
testId: 'state-toggle-action',
text: '',
},
{
testId: TEST_ID_NEW_RELATED_WORK_ITEM,
testId: 'new-related-work-item',
text: 'New related item',
},
{
testId: TEST_ID_CHANGE_TYPE_ACTION,
testId: 'change-type-action',
text: 'Change type',
},
{
testId: TEST_ID_MOVE_ACTION,
testId: 'move-action',
text: 'Move',
},
{
testId: TEST_ID_LOCK_ACTION,
testId: 'lock-action',
text: 'Lock discussion',
},
{
testId: TEST_ID_CONFIDENTIALITY_TOGGLE_ACTION,
testId: 'confidentiality-toggle-action',
text: 'Turn on confidentiality',
},
{
testId: TEST_ID_COPY_REFERENCE_ACTION,
testId: 'copy-reference-action',
text: 'Copy reference',
},
{
testId: TEST_ID_COPY_CREATE_NOTE_EMAIL_ACTION,
testId: 'copy-create-note-email-action',
text: 'Copy issue email address',
},
{
divider: true,
},
{
testId: TEST_ID_REPORT_ABUSE,
testId: 'report-abuse-action',
text: 'Report abuse',
},
{
@ -284,7 +271,7 @@ describe('WorkItemActions component', () => {
text: 'Submit as spam',
},
{
testId: TEST_ID_DELETE_ACTION,
testId: 'delete-action',
text: 'Delete issue',
},
]);
@ -296,7 +283,7 @@ describe('WorkItemActions component', () => {
expect(findDropdownItemsActual()).toEqual(
expect.arrayContaining([
{
testId: TEST_ID_NEW_RELATED_WORK_ITEM,
testId: 'new-related-work-item',
text: 'New related epic',
},
]),

2
spec/lib/gitlab/database/sos/base_db_stats_handler_spec.rb
View File

@ -89,7 +89,7 @@ RSpec.describe Gitlab::Database::Sos::BaseDbStatsHandler, feature_category: :dat
context 'when an error occurs' do
before do
allow(output).to receive(:write_file).and_raise(StandardError.new('Something when wrong'))
allow(output).to receive(:write_file).and_raise(StandardError.new('Something went wrong'))
end
it 'logs the error' do

53
spec/lib/gitlab/database/sos/pg_schema_dump_spec.rb Normal file
View File

@ -0,0 +1,53 @@
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Gitlab::Database::Sos::PgSchemaDump, feature_category: :database do
let(:temp_directory) { Dir.mktmpdir }
let(:output) { Gitlab::Database::Sos::Output.new(temp_directory, mode: :directory) }
let(:db_name) { 'test_db' }
let(:connection) { ApplicationRecord.connection }
let(:handler) { described_class.new(connection, db_name, output) }
let(:file) { instance_double(File) }
after do
FileUtils.remove_entry(temp_directory)
end
describe '#initialize' do
it 'sets the attributes' do
expect(handler.connection).to eq(connection)
expect(handler.name).to eq(db_name)
expect(handler.output).to eq(output)
end
end
describe '#run' do
it 'successfully writes the schema dump results to an sql file' do
relative_file_path = "#{db_name}/#{db_name}_schema_dump.sql"
File.join(temp_directory, relative_file_path)
expect(output).to receive(:write_file).with(relative_file_path).and_yield(StringIO.new)
expect(File).to receive(:open).with(instance_of(StringIO), 'w').and_return(:file)
handler.run
end
context 'when an error occurs' do
let(:error_message) { 'Something went wrong' }
before do
allow(output).to receive(:write_file).and_raise(StandardError.new(error_message))
end
it 'logs the error' do
expect(Gitlab::AppLogger).to receive(:error).with(
"Error writing schema dump for DB:#{db_name} " \
"with error message:#{error_message}"
)
handler.run
end
end
end
end

4
tooling/audit_events/docs/templates/audit_event_types.md.erb vendored
View File

@ -50,7 +50,7 @@ title: Audit event types
Audit event types are used to filter streamed audit events:
- [For instances](../../administration/audit_event_streaming/_index.md#update-event-filters).
- [For instances](../../administration/compliance/audit_event_streaming.md#update-event-filters).
- [For top-level groups](audit_event_streaming.md#update-event-filters)
Every audit event is associated with an event type. Audit event types can allow:
@ -64,7 +64,7 @@ Every audit event is associated with an event type. Audit event types can allow:
An audit event type's scope limits the availability of the audit event type to either:
- [Project, group, or user](audit_events.md) audit events.
- [Instance](../../administration/audit_event_reports.md) audit events.
- [Instance](../../administration/compliance/audit_event_reports.md) audit events.
## Available audit event types