root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2023-07-13 09:10:21 +00:00
parent a48b98b75d
commit a4772171f9
57 changed files with 239 additions and 958 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
.rubocop.yml
View File

@ -621,15 +621,6 @@ Graphql/AuthorizeTypes:
- 'spec/**/*.rb'
- 'ee/spec/**/*.rb'
Graphql/GIDExpectedType:
Enabled: true
Include:
- 'app/graphql/**/*'
- 'ee/app/graphql/**/*'
Exclude:
- 'spec/**/*.rb'
- 'ee/spec/**/*.rb'
Graphql/IDType:
Enabled: true
Include:

1
.rubocop_todo/rspec/missing_feature_category.yml
View File

@ -5269,7 +5269,6 @@ RSpec/MissingFeatureCategory:
- 'spec/rubocop/cop/graphql/descriptions_spec.rb'
- 'spec/rubocop/cop/graphql/enum_names_spec.rb'
- 'spec/rubocop/cop/graphql/enum_values_spec.rb'
- 'spec/rubocop/cop/graphql/gid_expected_type_spec.rb'
- 'spec/rubocop/cop/graphql/graphql_name_position_spec.rb'
- 'spec/rubocop/cop/graphql/id_type_spec.rb'
- 'spec/rubocop/cop/graphql/json_type_spec.rb'

3
.rubocop_todo/search/avoid_checking_finished_on_deprecated_migrations.yml
View File

@ -1,3 +0,0 @@
---
Search/AvoidCheckingFinishedOnDeprecatedMigrations:
Details: grace period

2
GITLAB_SHELL_VERSION
View File

@ -1 +1 @@
14.23.0
14.24.0

2
app/assets/javascripts/diffs/components/commit_item.vue
View File

@ -133,7 +133,7 @@ export default {
/>
</div>
<div
class="commit-detail flex-list gl-display-flex gl-justify-content-space-between gl-align-items-flex-start gl-flex-grow-1 gl-min-w-0"
class="commit-detail flex-list gl-display-flex gl-justify-content-space-between gl-align-items-center gl-flex-grow-1 gl-min-w-0"
>
<div class="commit-content" data-qa-selector="commit_content">
<a

6
app/assets/javascripts/jira_connect/subscriptions/components/add_namespace_modal/groups_list.vue
View File

@ -111,11 +111,7 @@ export default {
/>
<p class="gl-mb-3">
{{
s__(
'JiraConnect|Not seeing your groups? Only groups you have at least the Maintainer role for appear here.',
)
}}
{{ s__('JiraConnect|Not seeing your groups? Only groups you have access to appear here.') }}
</p>
<gl-loading-icon v-if="isLoadingInitial" size="lg" />

2
app/assets/javascripts/repository/components/last_commit.vue
View File

@ -138,7 +138,7 @@ export default {
:size="32"
/>
<div
class="commit-detail flex-list gl-display-flex gl-justify-content-space-between gl-align-items-flex-start gl-flex-grow-1 gl-min-w-0"
class="commit-detail flex-list gl-display-flex gl-justify-content-space-between gl-align-items-center gl-flex-grow-1 gl-min-w-0"
>
<div class="commit-content" data-qa-selector="commit_content">
<gl-link

9
app/finders/group_projects_finder.rb
View File

@ -24,6 +24,7 @@
# with_issues_enabled: boolean
# with_merge_requests_enabled: boolean
# min_access_level: int
# owned: boolean
#
class GroupProjectsFinder < ProjectsFinder
DEFAULT_PROJECTS_LIMIT = 100
@ -83,7 +84,9 @@ class GroupProjectsFinder < ProjectsFinder
def filter_by_visibility(relation)
if current_user
if min_access_level?
if owned_projects?
relation.visible_to_user_and_access_level(current_user, Gitlab::Access::OWNER)
elsif min_access_level?
relation.visible_to_user_and_access_level(current_user, params[:min_access_level])
else
relation.public_or_visible_to_user(current_user)
@ -105,6 +108,10 @@ class GroupProjectsFinder < ProjectsFinder
options.fetch(:only_owned, false)
end
def owned_projects?
params.fetch(:owned, false)
end
def only_shared?
options.fetch(:only_shared, false)
end

2
app/helpers/jira_connect_helper.rb
View File

@ -5,7 +5,7 @@ module JiraConnectHelper
skip_groups = subscriptions.map(&:namespace_id)
{
groups_path: api_v4_groups_path(params: { min_access_level: Gitlab::Access::MAINTAINER, skip_groups: skip_groups }),
groups_path: api_v4_groups_path(params: { all_available: true, skip_groups: skip_groups }),
subscriptions: subscriptions.map { |s| serialize_subscription(s) }.to_json,
subscriptions_path: jira_connect_subscriptions_path(format: :json),
gitlab_user_path: current_user ? user_path(current_user) : nil,

2
app/views/layouts/_mailer.html.haml
View File

@ -1,5 +1,5 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
%html{ lang: "en" }
%html{ lang: I18n.locale }
%head
%meta{ content: "text/html; charset=UTF-8", "http-equiv" => "Content-Type" }/
%meta{ content: "width=device-width, initial-scale=1", name: "viewport" }/

2
app/views/layouts/errors.html.haml
View File

@ -1,5 +1,5 @@
!!! 5
%html{ lang: "en" }
%html{ lang: I18n.locale }
%head
%meta{ :content => "width=device-width, initial-scale=1, maximum-scale=1", :name => "viewport" }
%title= yield(:title)

2
app/views/layouts/in_product_marketing_mailer.html.haml
View File

@ -1,5 +1,5 @@
!!!
%html{ lang: "en" }
%html{ lang: I18n.locale }
%head
%meta{ content: "text/html; charset=utf-8", "http-equiv" => "Content-Type" }
%meta{ content: "width=device-width, initial-scale=1", name: "viewport" }

2
app/views/layouts/jira_connect.html.haml
View File

@ -1,4 +1,4 @@
%html{ lang: "en" }
%html{ lang: I18n.locale }
%head
%meta{ content: "text/html; charset=utf-8", "http-equiv" => "Content-Type" }
%title

2
app/views/layouts/notify.html.haml
View File

@ -1,4 +1,4 @@
%html{ lang: "en" }
%html{ lang: I18n.locale }
%head
%meta{ content: "text/html; charset=utf-8", "http-equiv" => "Content-Type" }
%title

2
app/views/layouts/oauth_error.html.haml
View File

@ -1,5 +1,5 @@
!!! 5
%html{ lang: "en" }
%html{ lang: I18n.locale }
%head
%meta{ :content => "width=device-width, initial-scale=1, maximum-scale=1", :name => "viewport" }
%title= yield(:title)

2
app/views/layouts/service_desk.html.haml
View File

@ -1,4 +1,4 @@
%html{ lang: "en" }
%html{ lang: I18n.locale }
%head
%meta{ content: "text/html; charset=utf-8", "http-equiv" => "Content-Type" }
-# haml-lint:disable NoPlainNodes

2
app/views/notify/approved_merge_request_email.html.haml
View File

@ -1,5 +1,5 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional //EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
%html{ lang: "en" }
%html{ lang: I18n.locale }
%head
%meta{ content: "text/html; charset=UTF-8", "http-equiv" => "Content-Type" }/
%meta{ content: "width=device-width, initial-scale=1", name: "viewport" }/

2
app/views/notify/merge_when_pipeline_succeeds_email.html.haml
View File

@ -1,5 +1,5 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional //EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
%html{ lang: "en" }
%html{ lang: I18n.locale }
%head
%meta{ content: "text/html; charset=UTF-8", "http-equiv" => "Content-Type" }
%meta{ content: "width=device-width, initial-scale=1", name: "viewport" }

2
app/views/notify/unapproved_merge_request_email.html.haml
View File

@ -1,5 +1,5 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional //EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
%html{ lang: "en" }
%html{ lang: I18n.locale }
%head
%meta{ content: "text/html; charset=UTF-8", "http-equiv" => "Content-Type" }/
%meta{ content: "width=device-width, initial-scale=1", name: "viewport" }/

2
app/views/projects/commits/_commit.html.haml
View File

@ -25,7 +25,7 @@
.avatar-cell.d-none.d-sm-block
= author_avatar(commit, size: 40, has_tooltip: false)
.commit-detail.flex-list.gl-display-flex.gl-justify-content-space-between.gl-align-items-flex-start.gl-flex-grow-1.gl-min-w-0
.commit-detail.flex-list.gl-display-flex.gl-justify-content-space-between.gl-align-items-center.gl-flex-grow-1.gl-min-w-0
.commit-content{ data: { qa_selector: 'commit_content' } }
- if view_details && merge_request
= link_to commit.title, project_commit_path(project, commit.id, merge_request_iid: merge_request.iid), class: ["commit-row-message item-title js-onboarding-commit-item", ("font-italic" if commit.message.empty?)]

2
app/views/projects/merge_requests/_widget.html.haml
View File

@ -13,7 +13,7 @@
window.gl.mrWidgetData.pipeline_must_succeed_docs_path = '#{help_page_path('user/project/merge_requests/merge_when_pipeline_succeeds.md', anchor: 'require-a-successful-pipeline-for-merge')}';
window.gl.mrWidgetData.code_coverage_check_help_page_path = '#{help_page_path('ci/testing/code_coverage.md', anchor: 'coverage-check-approval-rule')}';
window.gl.mrWidgetData.security_configuration_path = '#{project_security_configuration_path(@project)}';
window.gl.mrWidgetData.license_compliance_docs_path = '#{help_page_path('user/compliance/license_compliance/index.md')}';
window.gl.mrWidgetData.license_compliance_docs_path = '#{help_page_path('user/compliance/license_scanning_of_cyclonedx_files')}';
window.gl.mrWidgetData.eligible_approvers_docs_path = '#{help_page_path('user/project/merge_requests/approvals/rules.md', anchor: 'eligible-approvers')}';
window.gl.mrWidgetData.approvals_help_path = '#{help_page_path("user/project/merge_requests/approvals/index.md")}';
window.gl.mrWidgetData.pipelines_empty_svg_path = '#{image_path('illustrations/empty-state/empty-pipeline-md.svg')}';

54
db/post_migrate/20230712064637_replace_old_fk_p_ci_builds_metadata_to_builds_v2.rb Normal file
View File

@ -0,0 +1,54 @@
# frozen_string_literal: true
class ReplaceOldFkPCiBuildsMetadataToBuildsV2 < Gitlab::Database::Migration[2.1]
include Gitlab::Database::PartitioningMigrationHelpers
include Gitlab::Database::MigrationHelpers::WraparoundAutovacuum
disable_ddl_transaction!
def up
return unless should_run?
return if new_foreign_key_exists?
with_lock_retries do
remove_foreign_key_if_exists :p_ci_builds_metadata, :ci_builds,
name: :fk_e20479742e_p, reverse_lock_order: true
rename_constraint :p_ci_builds_metadata, :temp_fk_e20479742e_p, :fk_e20479742e_p
Gitlab::Database::PostgresPartitionedTable.each_partition(:p_ci_builds_metadata) do |partition|
rename_constraint partition.identifier, :temp_fk_e20479742e_p, :fk_e20479742e_p
end
end
end
def down
return unless should_run?
return unless new_foreign_key_exists?
add_concurrent_partitioned_foreign_key :p_ci_builds_metadata, :ci_builds,
name: :temp_fk_e20479742e_p,
column: [:partition_id, :build_id],
target_column: [:partition_id, :id],
on_update: :cascade,
on_delete: :cascade,
validate: true,
reverse_lock_order: true
switch_constraint_names :p_ci_builds_metadata, :fk_e20479742e_p, :temp_fk_e20479742e_p
Gitlab::Database::PostgresPartitionedTable.each_partition(:p_ci_builds_metadata) do |partition|
switch_constraint_names partition.identifier, :fk_e20479742e_p, :temp_fk_e20479742e_p
end
end
private
def should_run?
can_execute_on?(:ci_builds_metadata, :ci_builds)
end
def new_foreign_key_exists?
foreign_key_exists?(:p_ci_builds_metadata, :p_ci_builds, name: :fk_e20479742e_p)
end
end

54
db/post_migrate/20230712064655_replace_old_fk_p_ci_runner_machine_builds_to_builds_v2.rb Normal file
View File

@ -0,0 +1,54 @@
# frozen_string_literal: true
class ReplaceOldFkPCiRunnerMachineBuildsToBuildsV2 < Gitlab::Database::Migration[2.1]
include Gitlab::Database::PartitioningMigrationHelpers
include Gitlab::Database::MigrationHelpers::WraparoundAutovacuum
disable_ddl_transaction!
def up
return unless should_run?
return if new_foreign_key_exists?
with_lock_retries do
remove_foreign_key_if_exists :p_ci_runner_machine_builds, :ci_builds,
name: :fk_bb490f12fe_p, reverse_lock_order: true
rename_constraint :p_ci_runner_machine_builds, :temp_fk_bb490f12fe_p, :fk_bb490f12fe_p
Gitlab::Database::PostgresPartitionedTable.each_partition(:p_ci_runner_machine_builds) do |partition|
rename_constraint partition.identifier, :temp_fk_bb490f12fe_p, :fk_bb490f12fe_p
end
end
end
def down
return unless should_run?
return unless new_foreign_key_exists?
add_concurrent_partitioned_foreign_key :p_ci_runner_machine_builds, :ci_builds,
name: :temp_fk_bb490f12fe_p,
column: [:partition_id, :build_id],
target_column: [:partition_id, :id],
on_update: :cascade,
on_delete: :cascade,
validate: true,
reverse_lock_order: true
switch_constraint_names :p_ci_runner_machine_builds, :fk_bb490f12fe_p, :temp_fk_bb490f12fe_p
Gitlab::Database::PostgresPartitionedTable.each_partition(:p_ci_runner_machine_builds) do |partition|
switch_constraint_names partition.identifier, :fk_bb490f12fe_p, :temp_fk_bb490f12fe_p
end
end
private
def should_run?
can_execute_on?(:ci_builds)
end
def new_foreign_key_exists?
foreign_key_exists?(:p_ci_runner_machine_builds, :p_ci_builds, name: :fk_bb490f12fe_p)
end
end

1
db/schema_migrations/20230712064637 Normal file
View File

@ -0,0 +1 @@
b39d83cc2257d75ece3dfa1c5f6faa1ef6eb1c40d3de0a1899a2860d5a1c7ed1

1
db/schema_migrations/20230712064655 Normal file
View File

@ -0,0 +1 @@
25d0b4c560dcec564a268d96e969b07fbfe18f1d902fdafe415cf747bdb1302c

2
doc/administration/compliance.md
View File

@ -69,7 +69,7 @@ These features can also help with compliance requirements:
| [Enforce ToS acceptance](../user/admin_area/settings/terms.md) | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | Enforce your users accepting new terms of service by blocking GitLab traffic. |
| [External Status Checks](../user/project/merge_requests/status_checks.md) | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | Interface with third-party systems you already use during development to ensure you remain compliant. |
| [Generate reports on permission<br/>levels of users](../administration/admin_area.md#user-permission-export) | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | Generate a report listing all users' access permissions for groups and projects in the instance. |
| [License compliance](../user/compliance/license_compliance/index.md) | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | Search dependencies for their licenses. This lets you determine if the licenses of your project's dependencies are compatible with your project's license. |
| [License approval policies](../user/compliance/license_approval_policies.md) | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | Search dependencies for their licenses. This lets you determine if the licenses of your project's dependencies are compatible with your project's license. |
| [Lock project membership to group](../user/group/access_and_permissions.md#prevent-members-from-being-added-to-projects-in-a-group) | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | Group owners can prevent new members from being added to projects in a group. |
| [LDAP group sync](auth/ldap/ldap_synchronization.md#group-sync) | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | Automatically synchronize groups and manage SSH keys, permissions, and authentication, so you can focus on building your product, not configuring your tools. |
| [LDAP group sync filters](auth/ldap/ldap_synchronization.md#group-sync) | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | Gives more flexibility to synchronize with LDAP based on filters, meaning you can leverage LDAP attributes to map GitLab permissions. |

2
doc/api/graphql/reference/index.md
View File

@ -17104,6 +17104,7 @@ Represents an external resource to send instance audit events to.
| Name | Type | Description |
| ---- | ---- | ----------- |
| <a id="instanceexternalauditeventdestinationdestinationurl"></a>`destinationUrl` | [`String!`](#string) | External destination to send audit events to. |
| <a id="instanceexternalauditeventdestinationeventtypefilters"></a>`eventTypeFilters` | [`[String!]!`](#string) | List of event type filters added for streaming. |
| <a id="instanceexternalauditeventdestinationheaders"></a>`headers` | [`AuditEventsStreamingInstanceHeaderConnection!`](#auditeventsstreaminginstanceheaderconnection) | List of additional HTTP headers sent with each event. (see [Connections](#connections)) |
| <a id="instanceexternalauditeventdestinationid"></a>`id` | [`ID!`](#id) | ID of the destination. |
| <a id="instanceexternalauditeventdestinationverificationtoken"></a>`verificationToken` | [`String!`](#string) | Verification token to validate source of event. |
@ -28187,6 +28188,7 @@ Implementations:
| Name | Type | Description |
| ---- | ---- | ----------- |
| <a id="externalauditeventdestinationinterfacedestinationurl"></a>`destinationUrl` | [`String!`](#string) | External destination to send audit events to. |
| <a id="externalauditeventdestinationinterfaceeventtypefilters"></a>`eventTypeFilters` | [`[String!]!`](#string) | List of event type filters added for streaming. |
| <a id="externalauditeventdestinationinterfaceid"></a>`id` | [`ID!`](#id) | ID of the destination. |
| <a id="externalauditeventdestinationinterfaceverificationtoken"></a>`verificationToken` | [`String!`](#string) | Verification token to validate source of event. |

2
doc/ci/index.md
View File

@ -104,7 +104,7 @@ GitLab CI/CD features, grouped by DevOps stage, include:
| [Dynamic Application Security Testing](../user/application_security/dast/index.md) | Test your application's runtime behavior for vulnerabilities. |
| [Dependency Scanning](../user/application_security/dependency_scanning/index.md) | Analyze your dependencies for known vulnerabilities. |
| [Infrastructure as Code scanning](../user/application_security/iac_scanning/index.md) | Scan your IaC configuration files for known vulnerabilities. |
| [License Compliance](../user/compliance/license_compliance/index.md) | Search your project dependencies for their licenses. |
| [License Scanning](../user/compliance/license_scanning_of_cyclonedx_files/index.md) | Search your project dependencies for their licenses. |
| [Secret Detection](../user/application_security/secret_detection/index.md) | Search your application's source code for secrets. |
| [Static Application Security Testing](../user/application_security/sast/index.md) | Test your application's source code for known vulnerabilities. |
| [Web API fuzz testing](../user/application_security/api_fuzzing/index.md) | Test your application's API behavior by providing randomized input. |

2
doc/ci/testing/index.md
View File

@ -18,7 +18,7 @@ display reports or link to important information directly from [merge requests](
| [Code Quality](code_quality.md) | Analyze your source code quality using the [Code Climate](https://codeclimate.com/) analyzer and show the Code Climate report right in the merge request widget area. |
| [Display arbitrary job artifacts](../yaml/index.md#artifactsexpose_as) | Configure CI pipelines with the `artifacts:expose_as` parameter to directly link to selected [artifacts](../jobs/job_artifacts.md) in merge requests. |
| [Unit test reports](unit_test_reports.md) | Configure your CI jobs to use Unit test reports, and let GitLab display a report on the merge request so that it's easier and faster to identify the failure without having to check the entire job log. |
| [License Compliance](../../user/compliance/license_compliance/index.md) | Manage the licenses of your dependencies. |
| [License Scanning](../../user/compliance/license_scanning_of_cyclonedx_files/index.md) | Manage the licenses of your dependencies. |
| [Metrics Reports](metrics_reports.md) | Display the Metrics Report on the merge request so that it's fast and easier to identify changes to important metrics. |
| [Test Coverage visualization](test_coverage_visualization.md) | See test coverage results for merge requests, in the file diff. |
| [Fail fast testing](fail_fast_testing.md) | Run a subset of your RSpec test suite, so failed tests stop the pipeline before the full suite of tests run, saving resources. |

4
doc/ci/yaml/artifacts_reports.md
View File

@ -249,12 +249,12 @@ concatenate them into a single file. Use either:
> Introduced in GitLab 12.8.
The License Compliance report collects [Licenses](../../user/compliance/license_compliance/index.md). The License
The License Compliance report collects [Licenses](../../user/compliance/license_scanning_of_cyclonedx_files/index.md). The License
Compliance report uploads to GitLab as an artifact.
GitLab can display the results of one or more reports in:
- The merge request [license compliance widget](../../user/compliance/license_compliance/index.md).
- The merge request [license compliance widget](../../user/compliance/license_scanning_of_cyclonedx_files/index.md).
- The [license list](../../user/compliance/license_list.md).
## `artifacts:reports:load_performance` **(PREMIUM)**

1
doc/development/fips_compliance.md
View File

@ -60,7 +60,6 @@ listed here that also do not work properly in FIPS mode:
- [Code Quality](../ci/testing/code_quality.md) does not support operating in FIPS-compliant mode.
- [Dependency scanning](../user/application_security/dependency_scanning/index.md) support for Gradle.
- [Dynamic Application Security Testing (DAST)](../user/application_security/dast/proxy-based.md) supports a reduced set of analyzers. The proxy-based analyzer is not available in FIPS mode today, however browser-based DAST, DAST API, and DAST API Fuzzing images are available.
- [License compliance](../user/compliance/license_compliance/index.md).
- [Solutions for vulnerabilities](../user/application_security/vulnerabilities/index.md#resolve-a-vulnerability)
for yarn projects.
- [Static Application Security Testing (SAST)](../user/application_security/sast/index.md)

3
doc/development/go_guide/index.md
View File

@ -146,8 +146,7 @@ Go GitLab linter plugins are maintained in the [`gitlab-org/language-tools/go/li
Dependencies should be kept to the minimum. The introduction of a new
dependency should be argued in the merge request, as per our [Approval Guidelines](../code_review.md#approval-guidelines).
Both [License Scanning](../../user/compliance/license_compliance/index.md)
and [Dependency Scanning](../../user/application_security/dependency_scanning/index.md)
[Dependency Scanning](../../user/application_security/dependency_scanning/index.md)
should be activated on all projects to ensure new dependencies
security status and license compatibility.

2
doc/development/sec/analyzer_development_guide.md
View File

@ -342,7 +342,7 @@ This issue will guide you through the whole release process. In general, you hav
- Check the list of supported technologies in GitLab documentation.
- [Supported languages in SAST](../../user/application_security/sast/index.md#supported-languages-and-frameworks)
- [Supported languages in DS](../../user/application_security/dependency_scanning/index.md#supported-languages-and-package-managers)
- [Supported languages in LM](../../user/compliance/license_compliance/index.md#supported-languages-and-package-managers)
- [Supported languages in LS](../../user/compliance/license_scanning_of_cyclonedx_files/index.md#supported-languages-and-package-managers)
- Check that CI **_job definitions are still accurate_** in vendored CI/CD templates and **_all of the ENV vars are propagated_** to the Docker containers upon `docker run` per tool.

2
doc/install/openshift_and_gitlab/index.md
View File

@ -31,7 +31,7 @@ The GitLab Operator does not include the GitLab Runner. To install and manage a
### Secure
- [License Compliance via the `License-Scanning.gitlab-ci.yml` CI/CD template](../../user/compliance/license_compliance/index.md). [License scanning of CycloneDX files](../../user/compliance/license_scanning_of_cyclonedx_files/index.md) is supported on OpenShift.
- [License Scanning](../../user/compliance/license_scanning_of_cyclonedx_files/index.md) is supported on OpenShift.
- [Code Quality scanning](../../ci/testing/code_quality.md)
- [Operational Container Scanning](../../user/clusters/agent/vulnerabilities.md) (Note: Pipeline [Container Scanning](../../user/application_security/container_scanning/index.md) is supported)

2
doc/raketasks/index.md
View File

@ -38,7 +38,7 @@ The following Rake tasks are available for use with GitLab:
| [Sidekiq job migration](../administration/sidekiq/sidekiq_job_migration.md) | Migrate Sidekiq jobs scheduled for future dates to a new queue. |
| [Service Desk email](../administration/raketasks/service_desk_email.md) | Service Desk email-related tasks. |
| [SMTP maintenance](../administration/raketasks/smtp.md) | SMTP-related tasks. |
| [SPDX license list import](spdx.md) | Import a local copy of the [SPDX license list](https://spdx.org/licenses/) for matching [License Compliance policies](../user/compliance/license_compliance/index.md). |
| [SPDX license list import](spdx.md) | Import a local copy of the [SPDX license list](https://spdx.org/licenses/) for matching [License Approval policies](../user/compliance/license_approval_policies.md). |
| [Repository storage](../administration/raketasks/storage.md) | List and migrate existing projects and attachments from legacy storage to hashed storage. |
| [Reset user passwords](../security/reset_user_password.md#use-a-rake-task) | Reset user passwords using Rake. |
| [Uploads migrate](../administration/raketasks/uploads/migrate.md) | Migrate uploads between local storage and object storage. |

2
doc/raketasks/spdx.md
View File

@ -7,7 +7,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
# SPDX license list import Rake task **(ULTIMATE SELF)**
GitLab provides a Rake task for uploading a fresh copy of the [SPDX license list](https://spdx.org/licenses/)
to a GitLab instance. This list is needed for matching the names of [License Compliance policies](../user/compliance/license_compliance/index.md).
to a GitLab instance. This list is needed for matching the names of [License approval policies](../user/compliance/license_approval_policies.md).
To import a fresh copy of the PDX license list, run:

2
doc/topics/autodevops/cloud_deployments/auto_devops_with_eks.md
View File

@ -180,7 +180,7 @@ The jobs are separated into stages:
- The `secret-detection` job checks for leaked secrets and is allowed to fail ([Auto Secret Detection](../stages.md#auto-secret-detection))
- The `license_scanning` job searches the application's dependencies to determine each of their
licenses and is allowed to fail
([Auto License Compliance](../stages.md#auto-license-compliance))
([Auto License Scanning](../stages.md#auto-license-scanning))
- **Review** - Pipelines on the default branch include this stage with a `dast_environment_deploy` job.
To learn more, see [Dynamic Application Security Testing (DAST)](../../../user/application_security/dast/index.md).

2
doc/topics/autodevops/cloud_deployments/auto_devops_with_gke.md
View File

@ -184,7 +184,7 @@ The jobs are separated into stages:
- The `secret-detection` job checks for leaked secrets and is allowed to fail ([Auto Secret Detection](../stages.md#auto-secret-detection))
- The `license_scanning` job searches the application's dependencies to determine each of their
licenses and is allowed to fail
([Auto License Compliance](../stages.md#auto-license-compliance))
([Auto License Scanning](../stages.md#auto-license-scanning))
- **Review** - Pipelines on the default branch include this stage with a `dast_environment_deploy` job.
For more information, see [Dynamic Application Security Testing (DAST)](../../../user/application_security/dast/index.md).

2
doc/topics/autodevops/index.md
View File

@ -37,7 +37,7 @@ Auto DevOps supports development during each of the [DevOps stages](stages.md).
| Test | [Auto Code Intelligence](stages.md#auto-code-intelligence) |
| Test | [Auto Code Quality](stages.md#auto-code-quality) |
| Test | [Auto Container Scanning](stages.md#auto-container-scanning) |
| Test | [Auto License Compliance](stages.md#auto-license-compliance) |
| Test | [Auto License Scanning](stages.md#auto-license-scanning) |
| Deploy | [Auto Review Apps](stages.md#auto-review-apps) |
| Deploy | [Auto Deploy](stages.md#auto-deploy) |
| Secure | [Auto Dynamic Application Security Testing (DAST)](stages.md#auto-dast) |

17
doc/topics/autodevops/stages.md
View File

@ -240,20 +240,15 @@ check out. The merge request widget displays any security warnings detected,
For more information, see
[Dependency Scanning](../../user/application_security/dependency_scanning/index.md).
## Auto License Compliance **(ULTIMATE)**
## Auto License Scanning **(ULTIMATE)**
> Introduced in GitLab 11.0.
License Compliance uses the
[License Compliance Docker image](https://gitlab.com/gitlab-org/security-products/analyzers/license-finder)
to search the project dependencies for their license. The Auto License Compliance stage
is skipped on licenses other than [Ultimate](https://about.gitlab.com/pricing/).
After creating the report, it's uploaded as an artifact which you can later download and
check out. The merge request displays any detected licenses.
License Scanning detects licenses in project dependencies using the
CycloneDX Software Bill of Materials (SBOM) file generated by Dependency
Scanning. License approval policies enforces approved licenses in a project.
For more information, see
[License Compliance](../../user/compliance/license_compliance/index.md).
[License Scanning](../../user/compliance/license_scanning_of_cyclonedx_files/index.md) and
[License Approval Policies](../../user/compliance/license_approval_policies.md).
## Auto Container Scanning

4
doc/user/application_security/configuration/index.md
View File

@ -77,8 +77,8 @@ You can configure the following security controls:
You can configure the following security controls:
- [License Compliance](../../../user/compliance/license_compliance/index.md)
- Can be configured with `.gitlab-ci.yml`. For more details, read [License Compliance](../../../user/compliance/license_compliance/index.md#enable-license-compliance).
- [License Scanning](../../../user/compliance/license_scanning_of_cyclonedx_files/index.md)
- Can be configured with `.gitlab-ci.yml`. For more details, read [License Scanning](../../../user/compliance/license_scanning_of_cyclonedx_files/index.md#enable-license-scanning).
- [Security Training](../../../user/application_security/vulnerabilities/index.md#enable-security-training-for-vulnerabilities)
- Enable **Security training** for the current project. For more details, read [security training](../../../user/application_security/vulnerabilities/index.md#enable-security-training-for-vulnerabilities).

4
doc/user/application_security/dependency_list/index.md
View File

@ -75,8 +75,8 @@ Dependency paths are supported for the following package managers:
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/10536) in GitLab 12.3.
If the [License Compliance](../../compliance/license_compliance/index.md) CI job is configured,
[discovered licenses](../../compliance/license_compliance/index.md#supported-languages-and-package-managers) are displayed on this page.
If the [Dependency Scanning](../../application_security/dependency_scanning/index.md) CI job is configured,
[discovered licenses](../../compliance/license_scanning_of_cyclonedx_files/index.md#enable-license-scanning) are displayed on this page.
## Downloading the dependency list

3
doc/user/application_security/index.md
View File

@ -124,7 +124,7 @@ To enable all GitLab Security scanning tools, with default settings, enable
- [Auto Secret Detection](../../topics/autodevops/stages.md#auto-secret-detection)
- [Auto DAST](../../topics/autodevops/stages.md#auto-dast)
- [Auto Dependency Scanning](../../topics/autodevops/stages.md#auto-dependency-scanning)
- [Auto License Compliance](../../topics/autodevops/stages.md#auto-license-compliance)
- [Auto License Scanning](../../topics/autodevops/stages.md#auto-license-scanning)
- [Auto Container Scanning](../../topics/autodevops/stages.md#auto-container-scanning)
While you cannot directly customize Auto DevOps, you can [include the Auto DevOps template in your project's `.gitlab-ci.yml` file](../../topics/autodevops/customize.md#customize-gitlab-ciyml).
@ -417,7 +417,6 @@ For more information about overriding security jobs, see:
- [Overriding Container Scanning jobs](container_scanning/index.md#overriding-the-container-scanning-template).
- [Overriding Secret Detection jobs](secret_detection/index.md#configure-scan-settings).
- [Overriding DAST jobs](dast/proxy-based.md#customize-dast-settings).
- [Overriding License Compliance jobs](../compliance/license_compliance/index.md#overriding-the-template).
All the security scanning tools define their stage, so this error can occur with all of them.

2
doc/user/application_security/offline_deployments/index.md
View File

@ -93,7 +93,7 @@ above. You can find more information at each of the pages below:
- [Secret Detection offline directions](../secret_detection/index.md#running-secret-detection-in-an-offline-environment)
- [DAST offline directions](../dast/run_dast_offline.md#run-dast-in-an-offline-environment)
- [API Fuzzing offline directions](../api_fuzzing/index.md#running-api-fuzzing-in-an-offline-environment)
- [License Compliance offline directions](../../compliance/license_compliance/index.md#running-license-compliance-in-an-offline-environment)
- [License Scanning offline directions](../../compliance/license_scanning_of_cyclonedx_files/index.md#running-in-an-offline-environment)
- [Dependency Scanning offline directions](../dependency_scanning/index.md#running-dependency-scanning-in-an-offline-environment)
## Loading Docker images onto your offline host

844
doc/user/compliance/license_compliance/index.md
View File

@ -3,845 +3,13 @@ type: reference, howto
stage: Secure
group: Composition Analysis
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
remove_date: '2023-10-12'
redirect_to: '../license_approval_policies.md'
---
# License Compliance (deprecated) **(ULTIMATE)**
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/5483) in GitLab 11.0.
> - [Deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/387561) in GitLab 15.9.
# License Compliance (removed) **(ULTIMATE)**
WARNING:
This feature was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/387561) in GitLab 15.9. You should instead migrate to use [License approval policies](../license_approval_policies.md) and the [new method of license scanning](../license_scanning_of_cyclonedx_files/index.md) prior to GitLab 16.1.
If you're using [GitLab CI/CD](../../../ci/index.md), you can use License Compliance to search your
project's dependencies for their licenses. You can then decide whether to allow or deny the use of
each license. For example, if your application uses an external (open source) library whose license
is incompatible with yours, then you can deny the use of that license.
To detect the licenses in use, License Compliance uses the [License Finder](https://github.com/pivotal/LicenseFinder) scan tool that runs as part of the CI/CD pipeline. The License Compliance job is not dependent on any other job in
a pipeline.
For the job to activate, License Finder needs to find a compatible package definition in the project directory. For details, see the [Activation on License Finder documentation](https://github.com/pivotal/LicenseFinder#activation).
GitLab checks the License Compliance report, compares the
licenses between the source and target branches, and shows the information right on the merge
request. Denied licenses are indicated by a `x` red icon next to them as well as new licenses that
need a decision from you. In addition, you can [manually allow or deny](../license_approval_policies.md) licenses in your
project's security policies section. If a denied license is detected in a new commit,
GitLab blocks any merge requests containing that commit and instructs the developer to remove the
license.
NOTE:
Starting with GitLab 15.9, License Compliance can detect the licenses in use
[using Dependency Scanning CI jobs](../license_scanning_of_cyclonedx_files/index.md)
instead of the License Scanning ones.
NOTE:
If the license compliance report doesn't have anything to compare to, no information
is displayed in the merge request area. That is the case when you add the
`license_scanning` job in your `.gitlab-ci.yml` for the first time.
Consecutive merge requests have something to compare to and the license
compliance report is shown properly.
The results are saved as a
[License Compliance report artifact](../../../ci/yaml/artifacts_reports.md#artifactsreportslicense_scanning)
that you can later download and analyze.
WARNING:
License Compliance Scanning does not support run-time installation of compilers and interpreters.
## Enable License Compliance
To enable License Compliance in your project's pipeline, either:
- Enable [Auto License Compliance](../../../topics/autodevops/stages.md#auto-license-compliance)
(provided by [Auto DevOps](../../../topics/autodevops/index.md)).
- Include the [`License-Scanning.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/License-Scanning.gitlab-ci.yml) in your `.gitlab-ci.yml` file.
License Compliance is not supported when GitLab is run with FIPS mode enabled.
### Include the License Scanning template
Prerequisites:
- [GitLab Runner](../../../ci/runners/index.md) available, with the
[`docker` executor](https://docs.gitlab.com/runner/executors/docker.html). If you're using the
shared runners on GitLab.com, this is enabled by default.
- License Scanning runs in the `test` stage, which is available by default. If you redefine the stages in the
`.gitlab-ci.yml` file, the `test` stage is required.
- [FIPS mode](../../../development/fips_compliance.md#enable-fips-mode) must be disabled.
To [include](../../../ci/yaml/index.md#includetemplate) the
[`License-Scanning.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/License-Scanning.gitlab-ci.yml), add it to your `.gitlab-ci.yml` file:
```yaml
include:
- template: Security/License-Scanning.gitlab-ci.yml
```
The included template creates a `license_scanning` job in your CI/CD pipeline and scans your
dependencies to find their licenses.
## License expressions
GitLab has limited support for [composite licenses](https://spdx.github.io/spdx-spec/v2-draft/SPDX-license-expressions/).
License compliance can read multiple licenses, but always considers them combined using the `AND` operator. For example,
if a dependency has two licenses, and one of them is allowed and the other is denied by the project [license approval policy](../license_approval_policies.md),
GitLab evaluates the composite license as _denied_, as this is the safer option.
The ability to support other license expression operators (like `OR`, `WITH`) is tracked
in [this epic](https://gitlab.com/groups/gitlab-org/-/epics/6571).
## Supported languages and package managers
The following languages and package managers are supported.
Gradle 1.x projects are not supported. The minimum supported version of Maven is 3.2.5.
| Language | Package managers | Notes |
|------------|----------------------------------------------------------------------------------------------|-------|
| JavaScript | [Bower](https://bower.io/), [npm](https://www.npmjs.com/) (7 and earlier) | |
| Go | [Godep](https://github.com/tools/godep) ([deprecated](../../../update/deprecations.md#godep-support-in-license-compliance)), [go mod](https://github.com/golang/go/wiki/Modules) | |
| Java | [Gradle](https://gradle.org/), [Maven](https://maven.apache.org/) | |
| .NET | [NuGet](https://www.nuget.org/) | The .NET Framework is supported via the [mono project](https://www.mono-project.com/). There are, however, some limitations. The scanner doesn't support Windows-specific dependencies and doesn't report dependencies of your project's listed dependencies. Also, the scanner always marks detected licenses for all dependencies as `unknown`. |
| Python | [pip](https://pip.pypa.io/en/stable/) | Python is supported through [requirements.txt](https://pip.pypa.io/en/stable/user_guide/#requirements-files) and [Pipfile.lock](https://github.com/pypa/pipfile#pipfilelock). |
| Ruby | [gem](https://rubygems.org/) | |
### Experimental support
The following languages and package managers are [supported experimentally](https://github.com/pivotal/LicenseFinder#experimental-project-types).
The reported licenses might be incomplete or inaccurate.
| Language | Package managers |
|------------|---------------------------------------------------------------------------------------------------------------|
| JavaScript | [Yarn](https://yarnpkg.com/) |
| Go | `go get`, `gvt`, `glide`, `dep`, `trash`, `govendor` |
| Erlang | [Rebar](https://rebar3.org/) |
| Objective-C, Swift | [Carthage](https://github.com/Carthage/Carthage), [CocoaPods](https://cocoapods.org/) v0.39 and below |
| Elixir | [Mix](https://elixir-lang.org/getting-started/mix-otp/introduction-to-mix.html) |
| C++/C | [Conan](https://conan.io/) |
| Rust | [Cargo](https://crates.io/) |
| PHP | [Composer](https://getcomposer.org/) |
## Available CI/CD variables
License Compliance can be configured using CI/CD variables.
| CI/CD variable | Required | Description |
|-----------------------------|----------|-------------|
| `ADDITIONAL_CA_CERT_BUNDLE` | no | Bundle of trusted CA certificates (currently supported in Pip, Pipenv, Maven, Gradle, Yarn, and npm projects). |
| `ASDF_JAVA_VERSION` | no | Version of Java to use for the scan. |
| `ASDF_NODEJS_VERSION` | no | Version of Node.js to use for the scan. |
| `ASDF_PYTHON_VERSION` | no | Version of Python to use for the scan. [Configuration](#selecting-the-version-of-python) |
| `ASDF_RUBY_VERSION` | no | Version of Ruby to use for the scan. |
| `GRADLE_CLI_OPTS` | no | Additional arguments for the Gradle executable. If not supplied, defaults to `--exclude-task=test`. |
| `LICENSE_FINDER_CLI_OPTS` | no | Additional arguments for the `license_finder` executable. For example, if you have multiple projects in nested directories, you can update your `.gitlab-ci.yml` template to specify a recursive scan, like `LICENSE_FINDER_CLI_OPTS: '--recursive'`. |
| `LM_JAVA_VERSION` | no | Version of Java. If set to `11`, Maven and Gradle use Java 11 instead of Java 8. [Configuration](#selecting-the-version-of-java) |
| `LM_PYTHON_VERSION` | no | Version of Python. If set to `3`, dependencies are installed using Python 3 instead of Python 2.7. [Configuration](#selecting-the-version-of-python) |
| `MAVEN_CLI_OPTS` | no | Additional arguments for the `mvn` executable. If not supplied, defaults to `-DskipTests`. |
| `PIP_INDEX_URL` | no | Base URL of Python Package Index (default: `https://pypi.org/simple/`). |
| `SECURE_ANALYZERS_PREFIX` | no | Set the Docker registry base address to download the analyzer from. |
| `SETUP_CMD` | no | Custom setup for the dependency installation (experimental). |
## Installing custom dependencies
> Introduced in GitLab 11.4.
The `license_finder` image already embeds many auto-detection scripts, languages,
and packages. Nevertheless, it's almost impossible to cover all cases for all projects.
That's why sometimes it's necessary to install extra packages, or to have extra steps
in the project automated setup, like the download and installation of a certificate.
For that, a `SETUP_CMD` CI/CD variable can be passed to the container,
with the required commands to run before the license detection.
If present, this variable overrides the setup step necessary to install all the packages
of your application (for example: for a project with a `Gemfile`, the setup step could be
`bundle install`).
For example:
```yaml
include:
- template: Security/License-Scanning.gitlab-ci.yml
variables:
SETUP_CMD: sh my-custom-install-script.sh
```
In this example, `my-custom-install-script.sh` is a shell script at the root
directory of your project.
## Working with Monorepos
Depending on your language, you may need to specify the path to the individual
projects of a monorepo using the `LICENSE_FINDER_CLI_OPTS` variable. Passing in
the project paths can significantly speed up builds over using the `--recursive`
License Finder option.
```yaml
include:
- template: Security/License-Scanning.gitlab-ci.yml
variables:
LICENSE_FINDER_CLI_OPTS: "--aggregate_paths=relative-path/to/sub-project/one relative-path/to/sub-project/two"
```
## Overriding the template
WARNING:
Beginning in GitLab 13.0, the use of [`only` and `except`](../../../ci/yaml/index.md#only--except)
is no longer supported. When overriding the template, you must use [`rules`](../../../ci/yaml/index.md#rules) instead.
If you want to override the job definition (for example, change properties like
`variables` or `dependencies`), you need to declare a `license_scanning` job
after the template inclusion and specify any additional keys under it. For example:
```yaml
include:
- template: Security/License-Scanning.gitlab-ci.yml
license_scanning:
variables:
CI_DEBUG_TRACE: "true"
```
## Configuring Maven projects
The License Compliance tool provides a `MAVEN_CLI_OPTS` CI/CD variable which can hold
the command line arguments to pass to the `mvn install` command which is executed under the hood.
Feel free to use it for the customization of Maven execution. For example:
```yaml
include:
- template: Security/License-Scanning.gitlab-ci.yml
license_scanning:
variables:
MAVEN_CLI_OPTS: --debug
```
`mvn install` runs through all of the [build life cycle](https://maven.apache.org/guides/introduction/introduction-to-the-lifecycle.html)
stages prior to `install`, including `test`. Running unit tests is not directly
necessary for the license scanning purposes and consumes time, so it's skipped
by having the default value of `MAVEN_CLI_OPTS` as `-DskipTests`. If you want
to supply custom `MAVEN_CLI_OPTS` and skip tests at the same time, don't forget
to explicitly add `-DskipTests` to your options.
If you still need to run tests during `mvn install`, add `-DskipTests=false` to
`MAVEN_CLI_OPTS`.
### Using private Maven repositories
If you have a private Maven repository which requires login credentials,
you can use the `MAVEN_CLI_OPTS` CI/CD variable.
Read more on [how to use private Maven repositories](../../application_security/index.md#using-private-maven-repositories).
You can also use `MAVEN_CLI_OPTS` to connect to a trusted Maven repository that uses a self-signed
or internally trusted certificate. For example:
```yaml
include:
- template: Security/License-Scanning.gitlab-ci.yml
license_scanning:
variables:
MAVEN_CLI_OPTS: -Dmaven.wagon.http.ssl.allowall=true -Dmaven.wagon.http.ssl.ignore.validity.dates=true -Dmaven.wagon.http.ssl.insecure=true
```
Alternatively, you can use a Java key store to verify the TLS connection. For instructions on how to
generate a key store file, see the
[Maven Guide to Remote repository access through authenticated HTTPS](https://maven.apache.org/guides/mini/guide-repository-ssl.html).
## Selecting the version of Java
License Compliance uses Java 8 by default. You can specify a different Java version using `LM_JAVA_VERSION`.
`LM_JAVA_VERSION` only accepts versions: 8, 11, 14, 15.
## Selecting the version of Python
> - [Introduced](https://gitlab.com/gitlab-org/security-products/license-management/-/merge_requests/36) in GitLab 12.0.
> - In [GitLab 12.2](https://gitlab.com/gitlab-org/gitlab/-/issues/12032), Python 3.5 became the default.
> - In [GitLab 12.7](https://gitlab.com/gitlab-org/security-products/license-management/-/merge_requests/101), Python 3.8 became the default.
License Compliance uses Python 3.8 and pip 19.1 by default.
If your project requires Python 2, you can switch to Python 2.7 and pip 10.0
by setting the `LM_PYTHON_VERSION` CI/CD variable to `2`.
```yaml
include:
- template: Security/License-Scanning.gitlab-ci.yml
license_scanning:
variables:
LM_PYTHON_VERSION: 2
```
`LM_PYTHON_VERSION` or `ASDF_PYTHON_VERSION` can be used to specify the desired version of Python. When both variables are specified `LM_PYTHON_VERSION` takes precedence.
## Custom root certificates for Python
You can supply a custom root certificate to complete TLS verification by using the
`ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-cicd-variables).
### Using private Python repositories
If you have a private Python repository you can use the `PIP_INDEX_URL` [CI/CD variable](#available-cicd-variables)
to specify its location.
## Configuring npm projects
You can configure npm projects by using an [`.npmrc`](https://docs.npmjs.com/configuring-npm/npmrc.html/)
file.
### Using private npm registries
If you have a private npm registry you can use the
[`registry`](https://docs.npmjs.com/using-npm/config/#registry)
setting to specify its location.
For example:
```plaintext
registry = https://npm.example.com
```
### Custom root certificates for npm
You can supply a custom root certificate to complete TLS verification by using the
`ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-cicd-variables).
To disable TLS verification you can provide the [`strict-ssl`](https://docs.npmjs.com/using-npm/config/#strict-ssl)
setting.
For example:
```plaintext
strict-ssl = false
```
## Configuring Yarn projects
You can configure Yarn projects by using a [`.yarnrc.yml`](https://yarnpkg.com/configuration/yarnrc/)
file.
### Using private Yarn registries
If you have a private Yarn registry you can use the
[`npmRegistryServer`](https://yarnpkg.com/configuration/yarnrc/#npmRegistryServer)
setting to specify its location.
For example:
```plaintext
npmRegistryServer: "https://npm.example.com"
```
### Custom root certificates for Yarn
You can supply a custom root certificate to complete TLS verification by using the
`ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-cicd-variables).
## Configuring Bower projects
You can configure Bower projects by using a [`.bowerrc`](https://bower.io/docs/config/#bowerrc-specification)
file.
### Using private Bower registries
If you have a private Bower registry you can use the
[`registry`](https://bower.io/docs/config/#bowerrc-specification)
setting to specify its location.
For example:
```plaintext
{
"registry": "https://registry.bower.io"
}
```
### Custom root certificates for Bower
You can supply a custom root certificate to complete TLS verification by using the
`ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-cicd-variables), or by
specifying a `ca` setting in a [`.bowerrc`](https://bower.io/docs/config/#bowerrc-specification)
file.
## Configuring Bundler projects
### Using private Bundler registries
If you have a private Bundler registry you can use the
[`source`](https://bundler.io/man/gemfile.5.html#GLOBAL-SOURCES)
setting to specify its location.
For example:
```plaintext
source "https://gems.example.com"
```
### Custom root certificates for Bundler
You can supply a custom root certificate to complete TLS verification by using the
`ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-cicd-variables), or by
specifying a [`BUNDLE_SSL_CA_CERT`](https://bundler.io/v2.0/man/bundle-config.1.html)
[variable](../../../ci/variables/index.md#define-a-cicd-variable-in-the-gitlab-ciyml-file)
in the job definition.
## Configuring Cargo projects
### Using private Cargo registries
If you have a private Cargo registry you can use the
[`registries`](https://doc.rust-lang.org/cargo/reference/registries.html)
setting to specify its location.
For example:
```toml
[registries]
my-registry = { index = "https://my-intranet:8080/git/index" }
```
### Custom root certificates for Cargo
To supply a custom root certificate to complete TLS verification, do one of the following:
- Use the `ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-cicd-variables).
- Specify a [`CARGO_HTTP_CAINFO`](https://doc.rust-lang.org/cargo/reference/environment-variables.html)
[variable](../../../ci/variables/index.md#define-a-cicd-variable-in-the-gitlab-ciyml-file)
in the job definition.
## Configuring Composer projects
### Using private Composer registries
If you have a private Composer registry you can use the
[`repositories`](https://getcomposer.org/doc/05-repositories.md)
setting to specify its location.
For example:
```json
{
"repositories": [
{ "packagist.org": false },
{
"type": "composer",
"url": "https://composer.example.com"
}
],
"require": {
"monolog/monolog": "1.0.*"
}
}
```
### Custom root certificates for Composer
You can supply a custom root certificate to complete TLS verification by using the
`ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-cicd-variables), or by
specifying a [`COMPOSER_CAFILE`](https://getcomposer.org/doc/03-cli.md#composer-cafile)
[variable](../../../ci/variables/index.md#define-a-cicd-variable-in-the-gitlab-ciyml-file)
in the job definition.
## Configuring Conan projects
You can configure [Conan](https://conan.io/) projects by adding a `.conan` directory to your
project root. The project root serves as the [`CONAN_USER_HOME`](https://docs.conan.io/en/latest/reference/env_vars.html#conan-user-home).
Consult the [Conan](https://docs.conan.io/en/latest/reference/config_files/conan.conf.html#conan-conf)
documentation for a list of settings that you can apply.
The `license_scanning` job runs in a [Debian 10](https://www.debian.org/releases/buster/) Docker
image. The supplied image ships with some build tools such as [CMake](https://cmake.org/) and [GCC](https://gcc.gnu.org/).
However, not all project types are supported by default. To install additional tools needed to
compile dependencies, use a [`before_script`](../../../ci/yaml/index.md#before_script)
to install the necessary build tools using the [`apt`](https://wiki.debian.org/PackageManagementTools)
package manager. For a comprehensive list, consult [the Conan documentation](https://docs.conan.io/en/latest/introduction.html#all-platforms-all-build-systems-and-compilers).
The default [Conan](https://conan.io/) configuration sets [`CONAN_LOGIN_USERNAME`](https://docs.conan.io/en/latest/reference/env_vars.html#conan-login-username-conan-login-username-remote-name)
to `ci_user`, and binds [`CONAN_PASSWORD`](https://docs.conan.io/en/latest/reference/env_vars.html#conan-password-conan-password-remote-name)
to the [`CI_JOB_TOKEN`](../../../ci/variables/predefined_variables.md)
for the running job. This allows Conan projects to fetch packages from a [GitLab Conan Repository](../../packages/conan_repository/index.md#fetch-conan-package-information-from-the-package-registry)
if a GitLab remote is specified in the `.conan/remotes.json` file.
To override the default credentials specify a [`CONAN_LOGIN_USERNAME_{REMOTE_NAME}`](https://docs.conan.io/en/latest/reference/env_vars.html#conan-login-username-conan-login-username-remote-name)
matching the name of the remote specified in the `.conan/remotes.json` file.
NOTE:
[MSBuild](https://github.com/mono/msbuild#microsoftbuild-msbuild) projects aren't supported. The
`license_scanning` image ships with [Mono](https://www.mono-project.com/) and [MSBuild](https://github.com/mono/msbuild#microsoftbuild-msbuild).
Additional setup may be required to build packages for this project configuration.
### Using private Conan registries
By default, [Conan](https://conan.io/) uses the `conan-center` remote. For example:
```json
{
"remotes": [
{
"name": "conan-center",
"url": "https://conan.bintray.com",
"verify_ssl": true
}
]
}
```
To fetch dependencies from an alternate remote, specify that remote in a `.conan/remotes.json`. For
example:
```json
{
"remotes": [
{
"name": "gitlab",
"url": "https://gitlab.com/api/v4/packages/conan",
"verify_ssl": true
}
]
}
```
If credentials are required to authenticate then you can configure a [protected CI/CD variable](../../../ci/variables/index.md#protect-a-cicd-variable)
following the naming convention described in the [`CONAN_LOGIN_USERNAME` documentation](https://docs.conan.io/en/latest/reference/env_vars.html#conan-login-username-conan-login-username-remote-name).
### Custom root certificates for Conan
You can provide custom certificates by adding a `.conan/cacert.pem` file to the project root and
setting [`CA_CERT_PATH`](https://docs.conan.io/en/latest/reference/env_vars.html#conan-cacert-path)
to `.conan/cacert.pem`.
If you specify the `ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-cicd-variables), this
variable's X.509 certificates are installed in the Docker image's default trust store and Conan is
configured to use this as the default `CA_CERT_PATH`.
## Configuring Go projects
To configure [Go modules](https://github.com/golang/go/wiki/Modules)
based projects, specify [CI/CD variables](https://pkg.go.dev/cmd/go#hdr-Environment_variables)
in the `license_scanning` job's [variables](#available-cicd-variables) section in `.gitlab-ci.yml`.
If a project has [vendored](https://pkg.go.dev/cmd/go#hdr-Vendor_Directories) its modules,
then the combination of the `vendor` directory and `mod.sum` file are used to detect the software
licenses associated with the Go module dependencies.
### Using private Go registries
You can use the [`GOPRIVATE`](https://pkg.go.dev/cmd/go#hdr-Environment_variables)
and [`GOPROXY`](https://pkg.go.dev/cmd/go#hdr-Environment_variables)
environment variables to control where modules are sourced from. Alternatively, you can use
[`go mod vendor`](https://go.dev/ref/mod#tmp_28) to vendor a project's modules.
### Custom root certificates for Go
You can specify the [`-insecure`](https://pkg.go.dev/cmd/go/internal/get) flag by exporting the
[`GOFLAGS`](https://pkg.go.dev/cmd/go#hdr-Environment_variables)
environment variable. For example:
```yaml
include:
- template: Security/License-Scanning.gitlab-ci.yml
license_scanning:
variables:
GOFLAGS: '-insecure'
```
### Using private NuGet registries
If you have a private NuGet registry you can add it as a source
by adding it to the [`packageSources`](https://learn.microsoft.com/en-us/nuget/reference/nuget-config-file#package-source-sections)
section of a [`nuget.config`](https://learn.microsoft.com/en-us/nuget/reference/nuget-config-file) file.
For example:
```xml
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<packageSources>
<clear />
<add key="custom" value="https://nuget.example.com/v3/index.json" />
</packageSources>
</configuration>
```
### Custom root certificates for NuGet
You can supply a custom root certificate to complete TLS verification by using the
`ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-cicd-variables).
### Migration from `license_management` to `license_scanning`
WARNING:
The `license_management` job was deprecated in GitLab 12.8. The `License-Management.gitlab-ci.yml` template was removed from GitLab 14.0.
In GitLab 12.8 a new name for `license_management` job was introduced. This change was made to improve clarity around the purpose of the scan, which is to scan and collect the types of licenses present in a projects dependencies.
GitLab 13.0 drops support for `license_management`.
If you're using a custom setup for License Compliance, you're required
to update your CI configuration accordingly:
1. Change the CI template to `License-Scanning.gitlab-ci.yml`.
1. Change the job name to `license_scanning` (if you mention it in `.gitlab-ci.yml`).
1. Change the artifact name to `license_scanning`, and the filename to `gl-license-scanning-report.json` (if you mention it in `.gitlab-ci.yml`).
For example, the following `.gitlab-ci.yml`:
```yaml
include:
- template: License-Management.gitlab-ci.yml
license_management:
artifacts:
reports:
license_management: gl-license-management-report.json
```
Should be changed to:
```yaml
include:
- template: Security/License-Scanning.gitlab-ci.yml
license_scanning:
artifacts:
reports:
license_scanning: gl-license-scanning-report.json
```
If you use the `license_management` artifact in GitLab 13.0 or later, the License Compliance job generates this error:
```plaintext
WARNING: Uploading artifacts to coordinator... failed id=:id responseStatus=400 Bad Request status=400 Bad Request token=:sha
FATAL: invalid_argument
```
If you encounter this error, follow the instructions described in this section.
## Running License Compliance in an offline environment
For self-managed GitLab instances in an environment with limited, restricted, or intermittent access
to external resources through the internet, some adjustments are required for the License Compliance job to
successfully run. For more information, see [Offline environments](../../application_security/offline_deployments/index.md).
### Requirements for offline License Compliance
To use License Compliance in an offline environment, you need:
- To meet the standard [License Compliance prerequisites](#include-the-license-scanning-template).
- Docker Container Registry with locally available copies of License Compliance [analyzer](https://gitlab.com/gitlab-org/security-products/analyzers) images.
NOTE:
GitLab Runner has a [default `pull policy` of `always`](https://docs.gitlab.com/runner/executors/docker.html#using-the-always-pull-policy),
meaning the runner tries to pull Docker images from the GitLab container registry even if a local
copy is available. The GitLab Runner [`pull_policy` can be set to `if-not-present`](https://docs.gitlab.com/runner/executors/docker.html#using-the-if-not-present-pull-policy)
in an offline environment if you prefer using only locally available Docker images. However, we
recommend keeping the pull policy setting to `always` if not in an offline environment, as this
enables the use of updated scanners in your CI/CD pipelines.
### Make GitLab License Compliance analyzer images available inside your Docker registry
For License Compliance with all [supported languages and package managers](#supported-languages-and-package-managers),
import the following default License Compliance analyzer images from `registry.gitlab.com` to your
offline [local Docker container registry](../../packages/container_registry/index.md):
```plaintext
registry.gitlab.com/security-products/license-finder:latest
```
The process for importing Docker images into a local offline Docker registry depends on
**your network security policy**. Consult your IT staff to find an accepted and approved
process by which external resources can be imported or temporarily accessed. These scanners are [updated periodically](../../application_security/index.md#vulnerability-scanner-maintenance)
with new definitions, so consider if you are able to make periodic updates yourself.
For details on saving and transporting Docker images as a file, see the Docker documentation on
[`docker save`](https://docs.docker.com/engine/reference/commandline/save/), [`docker load`](https://docs.docker.com/engine/reference/commandline/load/),
[`docker export`](https://docs.docker.com/engine/reference/commandline/export/), and [`docker import`](https://docs.docker.com/engine/reference/commandline/import/).
### Set License Compliance CI/CD variables to use local License Compliance analyzers
Add the following configuration to your `.gitlab-ci.yml` file. You must replace `image` to refer to
the License Compliance Docker image hosted on your local Docker container registry:
```yaml
include:
- template: Security/License-Scanning.gitlab-ci.yml
license_scanning:
image:
name: localhost:5000/analyzers/license-management:latest
```
The License Compliance job should now use local copies of the License Compliance analyzers to scan
your code and generate security reports, without requiring internet access.
Additional configuration may be needed for connecting to private registries for:
- [Bower](#using-private-bower-registries),
- [Bundler](#using-private-bundler-registries),
- [Conan](#using-private-bower-registries),
- [Go](#using-private-go-registries),
- [Maven repositories](#using-private-maven-repositories),
- [npm](#using-private-npm-registries),
- [Python repositories](#using-private-python-repositories),
- [Yarn](#using-private-yarn-registries).
### SPDX license list name matching
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/212388) in GitLab 13.3.
Prior to GitLab 13.3, offline environments required an exact name match for [project policies](../license_approval_policies.md).
In GitLab 13.3 and later, GitLab matches the name of [project policies](../license_approval_policies.md)
with license names from the [SPDX license list](https://spdx.org/licenses/).
A local copy of the SPDX license list is distributed with the GitLab instance. If needed, the GitLab
instance's administrator can manually update it with a [Rake task](../../../raketasks/spdx.md).
## Warnings
We recommend that you use the most recent version of all containers, and the most recent supported version of all package managers and languages. Using previous versions carries an increased security risk because unsupported versions may no longer benefit from active security reporting and backporting of security fixes.
## Troubleshooting
### `ASDF_PYTHON_VERSION` does not automatically install the version
Defining a non-latest Python version in `ASDF_PYTHON_VERSION` [doesn't have it automatically installed](https://gitlab.com/gitlab-org/gitlab/-/issues/325604). If your project requires a non-latest version of Python:
1. Define the required version by setting the `ASDF_PYTHON_VERSION` CI/CD variable.
1. Pass a custom script to the `SETUP_CMD` CI/CD variable to install the required version and dependencies.
For example:
```yaml
include:
- template: Security/License-Scanning.gitlab-ci.yml
license_scanning:
SETUP_CMD: ./setup.sh
ASDF_PYTHON_VERSION: "3.7.2"
before_script:
- echo "asdf install python 3.7.2 && pip install -r requirements.txt" > setup.sh
- chmod +x setup.sh
- apt-get -y update
- apt-get -y install build-essential libssl-dev zlib1g-dev libbz2-dev libreadline-dev libsqlite3-dev wget curl llvm libncurses5-dev libncursesw5-dev xz-utils tk-dev libffi-dev liblzma-dev python-openssl git
```
### `ERROR -- : asdf: No preset version installed for command`
This error occurs when the version of the tools used by your project
do not match the version of the pre-installed tools available in the
`license_scanning` Docker image. The `license_scanning` job uses
[asdf-vm](https://asdf-vm.com/) to activate the appropriate version of
a tool that your project relies on. For example, if your project relies on a specific
version of [Node.js](https://nodejs.org/) or any other supported tool you can
specify the desired version by adding a
[`.tool-versions`](https://asdf-vm.com/#/core-configuration?id=tool-versions) file to the project
or using the appropriate [`ASDF_<tool>_VERSION`](https://asdf-vm.com/#/core-configuration?id=environment-variables) environment variable to
activate the appropriate version.
For example, the following `.tool-versions` file activates version `12.16.3` of [Node.js](https://nodejs.org/)
and version `2.7.4` of [Ruby](https://www.ruby-lang.org/).
```plaintext
nodejs 12.16.3
ruby 2.7.4
```
The next example shows how to activate the same versions of the tools mentioned above by using CI/CD variables defined in your
project's `.gitlab-ci.yml` file.
```yaml
include:
- template: Security/License-Scanning.gitlab-ci.yml
license_scanning:
variables:
ASDF_NODEJS_VERSION: '12.16.3'
ASDF_RUBY_VERSION: '2.7.4'
```
A full list of variables can be found in [CI/CD variables](#available-cicd-variables).
To find out what tools are pre-installed in the `license_scanning` Docker image use the following command:
```shell
$ docker run --entrypoint='' -ti --rm registry.gitlab.com/security-products/license-finder:4 \
/bin/bash -c 'dpkg -i /opt/toolcache/*.deb && asdf list'
...
dotnet-core
3.1.302
elixir
1.10.4
golang
1.15.5
1.16.2
gradle
No versions installed
java
11
14
15
8
maven
No versions installed
nodejs
10.21.0
12.18.2
14.17.1
php
7.4.8
python
2.7.18
3.3.7
3.4.10
3.5.9
3.6.11
3.7.7
3.8.5
ruby
2.4.10
2.4.5
2.4.9
2.5.8
2.6.0
2.6.1
2.6.2
2.6.3
2.6.4
2.6.5
2.6.6
2.7.0
2.7.1
2.7.2
rust
1.45.0
```
It might take more than 10 minutes to run the command above.
This is because it installs every single tool version available in the Docker image.
To interact with the `license_scanning` runtime environment use the following command:
```shell
$ docker run -it --entrypoint='' registry.gitlab.com/security-products/license-finder:4 /bin/bash -l
root@6abb70e9f193:~#
```
NOTE:
Selecting a custom version of [Mono](https://www.mono-project.com/) or [.NET Core](https://dotnet.microsoft.com/download/dotnet) is currently not supported.
### LicenseFinder::Maven: is not installed error
If your project contains a `mvnw` or `mvnw.cmd` file, then the license scanning job may fail with the `LicenseFinder::Maven: is not installed error` error. To resolve this, modify the license scanning job to remove the files in the `before_script` section. Example:
```yaml
include:
- template: License-Scanning.gitlab-ci.yml
license_scanning:
before_script:
- rm mvnw
- rm mvnw.cmd
```
This feature was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/387561) in GitLab 15.9.
and [removed](https://gitlab.com/groups/gitlab-org/-/epics/8093) in GitLab 16.0.
Use [License Approval Policies](https://gitlab.com/groups/gitlab-org/-/epics/8092) instead.

6
doc/user/compliance/license_list.md
View File

@ -16,13 +16,13 @@ For the licenses to appear under the license list, the following
requirements must be met:
1. You must be generating an SBOM file with components from one of our [one of our supported languages](license_scanning_of_cyclonedx_files/index.md#supported-languages-and-package-managers).
1. If using our [`Dependency-Scanning.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml) to generate the SBOM file, then your project must use at least one of the [supported languages and package managers](license_compliance/index.md#supported-languages-and-package-managers).
1. If using our [`Dependency-Scanning.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml) to generate the SBOM file, then your project must use at least one of the [supported languages and package managers](license_scanning_of_cyclonedx_files/index.md#supported-languages-and-package-managers).
Alternatively, licenses will also appear under the license list when using our deprecated [`License-Scanning.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml) as long as the following requirements are met:
1. The License Compliance CI/CD job must be [enabled](license_compliance/index.md#enable-license-compliance) for your project.
1. The Dependency Scanning CI/CD job must be [enabled](license_scanning_of_cyclonedx_files/index.md#enable-license-scanning) for your project.
1. Your project must use at least one of the
[supported languages and package managers](license_compliance/index.md#supported-languages-and-package-managers).
[supported languages and package managers](license_scanning_of_cyclonedx_files/index.md#supported-languages-and-package-managers).
When everything is configured, on the left sidebar, select **Secure > License compliance**.

2
doc/user/group/index.md
View File

@ -211,7 +211,7 @@ In lists of group members, entries can display the following badges:
### Search a group
You can search for members by name, username, or email.
You can search for members by name, username, or [public email](../profile/index.md#set-your-public-email).
1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group.
1. Select **Manage > Members**.

8
doc/user/permissions.md
View File

@ -116,10 +116,10 @@ The following table lists project permissions available for each role:
| [Issues](project/issues/index.md):<br>Archive [Design Management](project/issues/design_management.md) files | | | ✓ | ✓ | ✓ |
| [Issues](project/issues/index.md):<br>Upload [Design Management](project/issues/design_management.md) files | | | ✓ | ✓ | ✓ |
| [Issues](project/issues/index.md):<br>Delete | | | | | ✓ |
| [License Compliance](compliance/license_compliance/index.md):<br>View allowed and denied licenses | ✓ (1) | ✓ | ✓ | ✓ | ✓ |
| [License Compliance](compliance/license_compliance/index.md):<br>View License Compliance reports | ✓ (1) | ✓ | ✓ | ✓ | ✓ |
| [License Compliance](compliance/license_compliance/index.md):<br>View License list | | ✓ | ✓ | ✓ | ✓ |
| [License Compliance](compliance/license_compliance/index.md):<br>Manage license policy | | | | ✓ | ✓ |
| [License Scanning](compliance/license_scanning_of_cyclonedx_files/index.md):<br>View allowed and denied licenses | ✓ (1) | ✓ | ✓ | ✓ | ✓ |
| [License Scanning](compliance/license_scanning_of_cyclonedx_files/index.md):<br>View License Compliance reports | ✓ (1) | ✓ | ✓ | ✓ | ✓ |
| [License Scanning](compliance/license_scanning_of_cyclonedx_files/index.md):<br>View License list | | ✓ | ✓ | ✓ | ✓ |
| [License approval policies](../user/compliance/license_approval_policies.md):<br>Manage license policy | | | | ✓ | ✓ |
| [Merge requests](project/merge_requests/index.md):<br>Assign reviewer | | ✓ | ✓ | ✓ | ✓ |
| [Merge requests](project/merge_requests/index.md):<br>See list | | ✓ | ✓ | ✓ | ✓ |
| [Merge requests](project/merge_requests/index.md):<br>Apply code change suggestions | | | ✓ | ✓ | ✓ |

2
doc/user/project/merge_requests/index.md
View File

@ -284,7 +284,7 @@ For a software developer working in a team:
1. You gather feedback from your team.
1. You work on the implementation optimizing code with [Code Quality reports](../../../ci/testing/code_quality.md).
1. You verify your changes with [Unit test reports](../../../ci/testing/unit_test_reports.md) in GitLab CI/CD.
1. You avoid using dependencies whose license is not compatible with your project with [License Compliance reports](../../compliance/license_compliance/index.md).
1. You avoid using dependencies whose license is not compatible with your project with [License approval policies](../../../user/compliance/license_approval_policies.md).
1. You request the [approval](approvals/index.md) from your manager.
1. Your manager:
1. Pushes a commit with their final review.

2
locale/gitlab.pot
View File

@ -25848,7 +25848,7 @@ msgstr ""
msgid "JiraConnect|No linked groups"
msgstr ""
msgid "JiraConnect|Not seeing your groups? Only groups you have at least the Maintainer role for appear here."
msgid "JiraConnect|Not seeing your groups? Only groups you have access to appear here."
msgstr ""
msgid "JiraConnect|Setting up this integration is only possible if you're a GitLab administrator."

21
rubocop/cop/graphql/gid_expected_type.rb
View File

@ -1,21 +0,0 @@
# frozen_string_literal: true
module RuboCop
module Cop
module Graphql
class GIDExpectedType < RuboCop::Cop::Base
MSG = 'Add an expected_type parameter to #object_from_id calls if possible.'
def_node_search :id_from_object?, <<~PATTERN
(send ... :object_from_id (...))
PATTERN
def on_send(node)
return unless id_from_object?(node)
add_offense(node)
end
end
end
end
end

10
spec/finders/group_projects_finder_spec.rb
View File

@ -87,6 +87,16 @@ RSpec.describe GroupProjectsFinder do
end
end
context "owned" do
before do
root_group.add_owner(current_user)
end
let(:params) { { owned: true } }
it { is_expected.to match_array([private_project, public_project]) }
end
context "all" do
context 'with subgroups projects' do
before do

2
spec/frontend/repository/components/__snapshots__/last_commit_spec.js.snap
View File

@ -20,7 +20,7 @@ exports[`Repository last commit component renders commit widget 1`] = `
/>
<div
class="commit-detail flex-list gl-display-flex gl-justify-content-space-between gl-align-items-flex-start gl-flex-grow-1 gl-min-w-0"
class="commit-detail flex-list gl-display-flex gl-justify-content-space-between gl-align-items-center gl-flex-grow-1 gl-min-w-0"
>
<div
class="commit-content"

4
spec/helpers/jira_connect_helper_spec.rb
View File

@ -75,6 +75,10 @@ RSpec.describe JiraConnectHelper, feature_category: :integrations do
end
end
it 'passes "all_available" param to groups_path' do
expect(subject[:groups_path]).to include('all_available=true')
end
it 'passes group as "skip_groups" param' do
skip_groups_param = CGI.escape('skip_groups[]')

44
spec/requests/api/groups_spec.rb
View File

@ -1091,6 +1091,50 @@ RSpec.describe API::Groups, feature_category: :groups_and_projects do
end
end
context 'with owned' do
let(:group) { create(:group) }
let(:project1) { create(:project, group: group) }
let(:project1_guest) { create(:user) }
let(:project1_owner) { create(:user) }
let(:project1_maintainer) { create(:user) }
let(:project2) { create(:project, group: group) }
before do
project1.add_guest(project1_guest)
project1.add_owner(project1_owner)
project1.add_maintainer(project1_maintainer)
project2_owner = project1_owner
project2.add_owner(project2_owner)
end
context "as a guest" do
it 'returns no projects' do
get api("/groups/#{group.id}/projects", project1_guest), params: { owned: true }
project_ids = json_response.map { |proj| proj['id'] }
expect(project_ids).to match_array([])
end
end
context "as a maintainer" do
it 'returns no projects' do
get api("/groups/#{group.id}/projects", project1_maintainer), params: { owned: true }
project_ids = json_response.map { |proj| proj['id'] }
expect(project_ids).to match_array([])
end
end
context "as an owner" do
it 'returns projects with owner access level' do
get api("/groups/#{group.id}/projects", project1_owner), params: { owned: true }
project_ids = json_response.map { |proj| proj['id'] }
expect(project_ids).to match_array([project1.id, project2.id])
end
end
end
it "returns the group's projects", :aggregate_failures do
get api("/groups/#{group1.id}/projects", user1)

20
spec/rubocop/cop/graphql/gid_expected_type_spec.rb
View File

@ -1,20 +0,0 @@
# frozen_string_literal: true
require 'rubocop_spec_helper'
require_relative '../../../../rubocop/cop/graphql/gid_expected_type'
RSpec.describe RuboCop::Cop::Graphql::GIDExpectedType do
it 'adds an offense when there is no expected_type parameter' do
expect_offense(<<~TYPE)
GitlabSchema.object_from_id(received_id)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Add an expected_type parameter to #object_from_id calls if possible.
TYPE
end
it 'does not add an offense for calls that have an expected_type parameter' do
expect_no_offenses(<<~TYPE.strip)
GitlabSchema.object_from_id("some_id", expected_type: SomeClass)
TYPE
end
end

2
spec/views/notify/approved_merge_request_email.html.haml_spec.rb
View File

@ -23,4 +23,6 @@ RSpec.describe 'notify/approved_merge_request_email.html.haml' do
expect(rendered).to have_content("was approved by")
expect(rendered).to have_content(user.name.to_s)
end
it_behaves_like 'a layout which reflects the preferred language'
end