root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2023-07-19 00:07:13 +00:00
parent 355a4a17eb
commit a94adeb6b2
66 changed files with 262 additions and 137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
.rubocop_todo/style/redundant_freeze.yml
View File

@ -212,24 +212,3 @@ Style/RedundantFreeze:
- 'lib/gitlab/zoom_link_extractor.rb'
- 'lib/sbom/package_url/argument_validator.rb'
- 'lib/tasks/gitlab/db/decomposition/rollback/bump_ci_sequences.rake'
- 'qa/qa/support/parallel_pipeline_jobs.rb'
- 'qa/qa/tools/ci/qa_changes.rb'
- 'rubocop/cop/gitlab/doc_url.rb'
- 'rubocop/cop/gitlab/finder_with_find_by.rb'
- 'rubocop/cop/inject_enterprise_edition_module.rb'
- 'rubocop/cop/project_path_helper.rb'
- 'rubocop/cop/qa/selector_usage.rb'
- 'scripts/lint-docs-blueprints.rb'
- 'scripts/qa/testcases-check'
- 'scripts/validate_migration_timestamps'
- 'spec/contracts/provider/helpers/contract_source_helper.rb'
- 'spec/initializers/secret_token_spec.rb'
- 'spec/support/helpers/next_found_instance_of.rb'
- 'spec/support/helpers/require_migration.rb'
- 'spec/support/matchers/exceed_query_limit.rb'
- 'tooling/danger/config_files.rb'
- 'tooling/danger/customer_success.rb'
- 'tooling/danger/datateam.rb'
- 'tooling/danger/stable_branch.rb'
- 'tooling/lib/tooling/kubernetes_client.rb'
- 'tooling/lib/tooling/mappings/view_to_js_mappings.rb'

4
app/views/shared/form_elements/_apply_generated_description_warning.haml
View File

@ -5,9 +5,9 @@
= sprite_icon("close")
%p
= _("AI|Replace the existing description with an AI-generated description? Any changes you have made will be lost.")
= s_("AI|Replace the existing description with an AI-generated description? Any changes you have made will be lost.")
= render Pajamas::ButtonComponent.new(variant: :confirm, button_options: { class: 'gl-mr-3 js-ai-override-description' }) do
= _("AI|Apply AI-generated description")
= s_("AI|Apply AI-generated description")
= render Pajamas::ButtonComponent.new(button_options: { class: 'js-cancel-btn' }) do
= _("Cancel")

7
db/migrate/20230712214613_add_read_dependency_to_member_roles.rb Normal file
View File

@ -0,0 +1,7 @@
# frozen_string_literal: true
class AddReadDependencyToMemberRoles < Gitlab::Database::Migration[2.1]
def change
add_column :member_roles, :read_dependency, :boolean, default: false, null: false
end
end

1
db/schema_migrations/20230712214613 Normal file
View File

@ -0,0 +1 @@
56415a907d3bba749b9d42b5f37919981e779f0422c86793028d128350875f2d

3
db/structure.sql
View File

@ -17909,7 +17909,8 @@ CREATE TABLE member_roles (
base_access_level integer NOT NULL,
read_code boolean DEFAULT false,
read_vulnerability boolean DEFAULT false NOT NULL,
admin_vulnerability boolean DEFAULT false NOT NULL
admin_vulnerability boolean DEFAULT false NOT NULL,
read_dependency boolean DEFAULT false NOT NULL
);
CREATE SEQUENCE member_roles_id_seq

2
doc/api/broadcast_messages.md
View File

@ -9,7 +9,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
- > `target_access_levels` [introduced](https://gitlab.com/gitlab-org/growth/team-tasks/-/issues/461) in GitLab 14.8 [with a flag](../administration/feature_flags.md) named `role_targeted_broadcast_messages`. Disabled by default.
- > `color` parameter [removed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/95829) in GitLab 15.6.
Broadcast messages API operates on [broadcast messages](../user/admin_area/broadcast_messages.md).
Broadcast messages API operates on [broadcast messages](../administration/broadcast_messages.md).
As of GitLab 12.8, GET requests do not require authentication. All other broadcast message API endpoints are accessible only to administrators. Non-GET requests by:

4
doc/api/group_import_export.md
View File

@ -93,8 +93,8 @@ returns either:
The maximum import file size can be set by the Administrator on self-managed instances (default is `0` (unlimited)).
As an administrator, you can modify the maximum import file size either:
- The admin [Admin Area](../user/admin_area/settings/account_and_limit_settings.md).
- The `max_import_size` option in the [Application settings API](settings.md#change-application-settings).
- In the [Admin Area](../administration/settings/account_and_limit_settings.md).
- By using the `max_import_size` option in the [Application settings API](settings.md#change-application-settings).
For information on the maximum import file size on GitLab.com, see
[Account and limit settings](../user/gitlab_com/index.md#account-and-limit-settings).

2
doc/api/issues.md
View File

@ -1142,7 +1142,7 @@ Please use `iid` of the `epic` attribute instead.
## Rate limits
To help avoid abuse, users can be limited to a specific number of `Create` requests per minute.
See [Issues rate limits](../user/admin_area/settings/rate_limit_on_issues_creation.md).
See [Issues rate limits](../administration/settings/rate_limit_on_issues_creation.md).
## Edit issue

2
doc/api/lint.md
View File

@ -119,7 +119,7 @@ and:
- Does not have an [allowlist or denylist](../administration/settings/sign_up_restrictions.md#allow-or-deny-sign-ups-using-specific-email-domains).
- Does not [require administrator approval for new sign ups](../administration/settings/sign_up_restrictions.md#require-administrator-approval-for-new-sign-ups).
- Does not have additional [sign up restrictions](../user/admin_area/settings/sign_up_restrictions.md).
- Does not have additional [sign up restrictions](../administration/settings/sign_up_restrictions.md).
Otherwise, authentication is required.

2
doc/api/notes.md
View File

@ -39,7 +39,7 @@ Read more on [pagination](rest/index.md#pagination).
## Rate limits
To help avoid abuse, you can limit your users to a specific number of `Create` request per minute.
See [Notes rate limits](../user/admin_area/settings/rate_limit_on_notes_creation.md).
See [Notes rate limits](../administration/settings/rate_limit_on_notes_creation.md).
## Issues

4
doc/api/project_import_export.md
View File

@ -32,7 +32,7 @@ project to a web server or to any S3-compatible platform. For exports, GitLab:
time and is available throughout the export process.
- Administrators can modify the maximum export file size. By default, the maximum is unlimited (`0`). To change this,
edit `max_export_size` using either:
- [GitLab UI](../user/admin_area/settings/account_and_limit_settings.md).
- [GitLab UI](../administration/settings/account_and_limit_settings.md).
- [Application settings API](settings.md#change-application-settings)
- Has a fixed limit for the maximum import file size on GitLab.com. For more information, see
[Account and limit settings](../user/gitlab_com/index.md#account-and-limit-settings).
@ -203,7 +203,7 @@ requests.post(url, headers=headers, data=data, files=files)
NOTE:
The maximum import file size can be set by the Administrator. It defaults to `0` (unlimited).
As an administrator, you can modify the maximum import file size. To do so, use the `max_import_size` option in the [Application settings API](settings.md#change-application-settings) or the [Admin Area](../user/admin_area/settings/account_and_limit_settings.md). Default [modified](https://gitlab.com/gitlab-org/gitlab/-/issues/251106) from 50 MB to 0 in GitLab 13.8.
As an administrator, you can modify the maximum import file size. To do so, use the `max_import_size` option in the [Application settings API](settings.md#change-application-settings) or the [Admin Area](../administration/settings/account_and_limit_settings.md). Default [modified](https://gitlab.com/gitlab-org/gitlab/-/issues/251106) from 50 MB to 0 in GitLab 13.8.
## Import a file from a remote object storage (Beta)

2
doc/api/project_snippets.md
View File

@ -14,7 +14,7 @@ You can set it with the `visibility` field in the snippet.
Constants for snippet visibility levels are:
- **Private**: The snippet is visible only to project members.
- **Internal**: The snippet is visible for any authenticated user except [external users](../user/admin_area/external_users.md).
- **Internal**: The snippet is visible for any authenticated user except [external users](../administration/external_users.md).
- **Public**: The snippet can be accessed without any authentication.
NOTE:

4
doc/api/projects.md
View File

@ -1552,7 +1552,7 @@ curl --request POST --header "PRIVATE-TOKEN: <your-token>" \
| `template_name` | string | **{dotted-circle}** No | When used without `use_custom_template`, name of a [built-in project template](../user/project/index.md#create-a-project-from-a-built-in-template). When used with `use_custom_template`, name of a custom project template. |
| `template_project_id` **(PREMIUM)** | integer | **{dotted-circle}** No | When used with `use_custom_template`, project ID of a custom project template. Using a project ID is preferable to using `template_name` since `template_name` may be ambiguous. |
| `topics` | array | **{dotted-circle}** No | The list of topics for a project; put array of topics, that should be finally assigned to a project. _([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/328226) in GitLab 14.0.)_ |
| `use_custom_template` **(PREMIUM)** | boolean | **{dotted-circle}** No | Use either custom [instance](../user/admin_area/custom_project_templates.md) or [group](../user/group/custom_project_templates.md) (with `group_with_project_templates_id`) project template. |
| `use_custom_template` **(PREMIUM)** | boolean | **{dotted-circle}** No | Use either custom [instance](../administration/custom_project_templates.md) or [group](../user/group/custom_project_templates.md) (with `group_with_project_templates_id`) project template. |
| `visibility` | string | **{dotted-circle}** No | See [project visibility level](#project-visibility-level). |
| `wiki_access_level` | string | **{dotted-circle}** No | One of `disabled`, `private`, or `enabled`. |
| `wiki_enabled` | boolean | **{dotted-circle}** No | _(Deprecated)_ Enable wiki for this project. Use `wiki_access_level` instead. |
@ -1640,7 +1640,7 @@ POST /projects/user/:user_id
| `tag_list` | array | **{dotted-circle}** No | _([Deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/328226) in GitLab 14.0)_ The list of tags for a project; put array of tags, that should be finally assigned to a project. Use `topics` instead. |
| `template_name` | string | **{dotted-circle}** No | When used without `use_custom_template`, name of a [built-in project template](../user/project/index.md#create-a-project-from-a-built-in-template). When used with `use_custom_template`, name of a custom project template. |
| `topics` | array | **{dotted-circle}** No | The list of topics for the project. _([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/328226) in GitLab 14.0.)_ |
| `use_custom_template` **(PREMIUM)** | boolean | **{dotted-circle}** No | Use either custom [instance](../user/admin_area/custom_project_templates.md) or [group](../user/group/custom_project_templates.md) (with `group_with_project_templates_id`) project template. |
| `use_custom_template` **(PREMIUM)** | boolean | **{dotted-circle}** No | Use either custom [instance](../administration/custom_project_templates.md) or [group](../user/group/custom_project_templates.md) (with `group_with_project_templates_id`) project template. |
| `visibility` | string | **{dotted-circle}** No | See [project visibility level](#project-visibility-level). |
| `wiki_access_level` | string | **{dotted-circle}** No | One of `disabled`, `private`, or `enabled`. |
| `wiki_enabled` | boolean | **{dotted-circle}** No | _(Deprecated)_ Enable wiki for this project. Use `wiki_access_level` instead. |

20
doc/api/protected_branches.md
View File

@ -228,10 +228,10 @@ curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitla
| -------------------------------------------- | ---- | -------- | ----------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the project](rest/index.md#namespaced-path-encoding) owned by the authenticated user.
| `name` | string | yes | The name of the branch or wildcard.
| `allow_force_push` | boolean | no | Allow all users with push access to force push. (default: `false`)
| `allowed_to_merge` **(PREMIUM)** | array | no | Array of access levels allowed to merge, with each described by a hash of the form `{user_id: integer}`, `{group_id: integer}`, or `{access_level: integer}`.
| `allowed_to_push` **(PREMIUM)** | array | no | Array of access levels allowed to push, with each described by a hash of the form `{user_id: integer}`, `{group_id: integer}`, or `{access_level: integer}`.
| `allowed_to_unprotect` **(PREMIUM)** | array | no | Array of access levels allowed to unprotect, with each described by a hash of the form `{user_id: integer}`, `{group_id: integer}`, or `{access_level: integer}`. The access level `No access` is not available for this field. |
| `allow_force_push` | boolean | no | When enabled, members who can push to this branch can also force push. (default: `false`)
| `allowed_to_merge` **(PREMIUM)** | array | no | Array of merge access levels, with each described by a hash of the form `{user_id: integer}`, `{group_id: integer}`, or `{access_level: integer}`.
| `allowed_to_push` **(PREMIUM)** | array | no | Array of push access levels, with each described by a hash of the form `{user_id: integer}`, `{group_id: integer}`, or `{access_level: integer}`.
| `allowed_to_unprotect` **(PREMIUM)** | array | no | Array of unprotect access levels, with each described by a hash of the form `{user_id: integer}`, `{group_id: integer}`, or `{access_level: integer}`. The access level `No access` is not available for this field. |
| `code_owner_approval_required` **(PREMIUM)** | boolean | no | Prevent pushes to this branch if it matches an item in the [`CODEOWNERS` file](../user/project/codeowners/index.md). (defaults: false)
| `merge_access_level` | integer | no | Access levels allowed to merge. (defaults: `40`, Maintainer role)
| `push_access_level` | integer | no | Access levels allowed to push. (defaults: `40`, Maintainer role)
@ -458,12 +458,12 @@ curl --request PATCH --header "PRIVATE-TOKEN: <your_access_token>" "https://gitl
| Attribute | Type | Required | Description |
| -------------------------------------------- | ---- | -------- | ----------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the project](rest/index.md#namespaced-path-encoding) owned by the authenticated user.
| `name` | string | yes | The name of the branch.
| `allow_force_push` | boolean | no | When enabled, members who can push to this branch can also force push.
| `allowed_to_push` **(PREMIUM)** | array | no | Array of push access levels, with each described by a hash.
| `allowed_to_merge` **(PREMIUM)** | array | no | Array of merge access levels, with each described by a hash.
| `allowed_to_unprotect` **(PREMIUM)** | array | no | Array of unprotect access levels, with each described by a hash. The access level `No access` is not available for this field.
| `code_owner_approval_required` **(PREMIUM)** | boolean | no | Prevent pushes to this branch if it matches an item in the [`CODEOWNERS` file](../user/project/codeowners/index.md). Defaults to `false`. |
| `name` | string | yes | The name of the branch or wildcard.
| `allow_force_push` | boolean | no | When enabled, members who can push to this branch can also force push.
| `allowed_to_merge` **(PREMIUM)** | array | no | Array of merge access levels, with each described by a hash of the form `{user_id: integer}`, `{group_id: integer}`, or `{access_level: integer}`.
| `allowed_to_push` **(PREMIUM)** | array | no | Array of push access levels, with each described by a hash of the form `{user_id: integer}`, `{group_id: integer}`, or `{access_level: integer}`.
| `allowed_to_unprotect` **(PREMIUM)** | array | no | Array of unprotect access levels, with each described by a hash of the form `{user_id: integer}`, `{group_id: integer}`, `{access_level: integer}`, or `{id: integer, _destroy: true}` to destroy an existing access level. The access level `No access` is not available for this field. |
| `code_owner_approval_required` **(PREMIUM)** | boolean | no | Prevent pushes to this branch if it matches an item in the [`CODEOWNERS` file](../user/project/codeowners/index.md). |
Elements in the `allowed_to_push`, `allowed_to_merge` and `allowed_to_unprotect` arrays should be one of `user_id`, `group_id` or
`access_level`, and take the form `{user_id: integer}`, `{group_id: integer}` or

2
doc/api/repository_files.md
View File

@ -8,7 +8,7 @@ type: reference, api
# Repository files API **(FREE)**
You can fetch, create, update, and delete files in your repository with this API.
You can also [configure rate limits](../user/admin_area/settings/files_api_rate_limits.md)
You can also [configure rate limits](../administration/settings/files_api_rate_limits.md)
for this API.
## Available scopes for personal access tokens

16
doc/api/settings.md
View File

@ -478,7 +478,7 @@ listed in the descriptions of the relevant settings.
| `projects_api_rate_limit_unauthenticated` | integer | no | [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/112283) in GitLab 15.10. Max number of requests per 10 minutes per IP address for unauthenticated requests to the [list all projects API](projects.md#list-all-projects). Default: 400. To disable throttling set to 0.|
| `prometheus_metrics_enabled` | boolean | no | Enable Prometheus metrics. |
| `protected_ci_variables` | boolean | no | CI/CD variables are protected by default. |
| `push_event_activities_limit` | integer | no | Maximum number of changes (branches or tags) in a single push above which a [bulk push event is created](../user/admin_area/settings/push_event_activities_limit.md). Setting to `0` does not disable throttling. |
| `push_event_activities_limit` | integer | no | Maximum number of changes (branches or tags) in a single push above which a [bulk push event is created](../administration/settings/push_event_activities_limit.md). Setting to `0` does not disable throttling. |
| `push_event_hooks_limit` | integer | no | Maximum number of changes (branches or tags) in a single push above which webhooks and integrations are not triggered. Setting to `0` does not disable throttling. |
| `rate_limiting_response_text` | string | no | When rate limiting is enabled via the `throttle_*` settings, send this plain text response when a rate limit is exceeded. 'Retry later' is sent if this is blank. |
| `raw_blob_request_limit` | integer | no | Maximum number of requests per minute for each raw path (default is `300`). Set to `0` to disable throttling.|
@ -502,7 +502,7 @@ listed in the descriptions of the relevant settings.
| `shared_runners_enabled` | boolean | no | (**If enabled, requires:** `shared_runners_text` and `shared_runners_minutes`) Enable shared runners for new projects. |
| `shared_runners_minutes` **(PREMIUM)** | integer | required by: `shared_runners_enabled` | Set the maximum number of compute minutes that a group can use on shared runners per month. |
| `shared_runners_text` | string | required by: `shared_runners_enabled` | Shared runners text. |
| `sidekiq_job_limiter_mode` | string | no | `track` or `compress`. Sets the behavior for [Sidekiq job size limits](../user/admin_area/settings/sidekiq_job_limits.md). Default: 'compress'. |
| `sidekiq_job_limiter_mode` | string | no | `track` or `compress`. Sets the behavior for [Sidekiq job size limits](../administration/settings/sidekiq_job_limits.md). Default: 'compress'. |
| `sidekiq_job_limiter_compression_threshold_bytes` | integer | no | The threshold in bytes at which Sidekiq jobs are compressed before being stored in Redis. Default: 100,000 bytes (100 KB). |
| `sidekiq_job_limiter_limit_bytes` | integer | no | The threshold in bytes at which Sidekiq jobs are rejected. Default: 0 bytes (doesn't reject any job). |
| `sign_in_text` | string | no | Deprecated: Use `description` parameter in the [Appearance API](../api/appearance.md). Custom text in sign-in page. |
@ -531,9 +531,9 @@ listed in the descriptions of the relevant settings.
| `throttle_authenticated_api_enabled` | boolean | no | (**If enabled, requires:** `throttle_authenticated_api_period_in_seconds` and `throttle_authenticated_api_requests_per_period`) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). |
| `throttle_authenticated_api_period_in_seconds` | integer | required by:<br>`throttle_authenticated_api_enabled` | Rate limit period (in seconds). |
| `throttle_authenticated_api_requests_per_period` | integer | required by:<br>`throttle_authenticated_api_enabled` | Maximum requests per period per user. |
| `throttle_authenticated_packages_api_enabled` | boolean | no | (**If enabled, requires:** `throttle_authenticated_packages_api_period_in_seconds` and `throttle_authenticated_packages_api_requests_per_period`) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View [Package Registry rate limits](../user/admin_area/settings/package_registry_rate_limits.md) for more details. |
| `throttle_authenticated_packages_api_period_in_seconds` | integer | required by:<br>`throttle_authenticated_packages_api_enabled` | Rate limit period (in seconds). View [Package Registry rate limits](../user/admin_area/settings/package_registry_rate_limits.md) for more details. |
| `throttle_authenticated_packages_api_requests_per_period` | integer | required by:<br>`throttle_authenticated_packages_api_enabled` | Maximum requests per period per user. View [Package Registry rate limits](../user/admin_area/settings/package_registry_rate_limits.md) for more details. |
| `throttle_authenticated_packages_api_enabled` | boolean | no | (**If enabled, requires:** `throttle_authenticated_packages_api_period_in_seconds` and `throttle_authenticated_packages_api_requests_per_period`) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View [Package Registry rate limits](../administration/settings/package_registry_rate_limits.md) for more details. |
| `throttle_authenticated_packages_api_period_in_seconds` | integer | required by:<br>`throttle_authenticated_packages_api_enabled` | Rate limit period (in seconds). View [Package Registry rate limits](../administration/settings/package_registry_rate_limits.md) for more details. |
| `throttle_authenticated_packages_api_requests_per_period` | integer | required by:<br>`throttle_authenticated_packages_api_enabled` | Maximum requests per period per user. View [Package Registry rate limits](../administration/settings/package_registry_rate_limits.md) for more details. |
| `throttle_authenticated_web_enabled` | boolean | no | (**If enabled, requires:** `throttle_authenticated_web_period_in_seconds` and `throttle_authenticated_web_requests_per_period`) Enable authenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). |
| `throttle_authenticated_web_period_in_seconds` | integer | required by:<br>`throttle_authenticated_web_enabled` | Rate limit period (in seconds). |
| `throttle_authenticated_web_requests_per_period` | integer | required by:<br>`throttle_authenticated_web_enabled` | Maximum requests per period per user. |
@ -543,9 +543,9 @@ listed in the descriptions of the relevant settings.
| `throttle_unauthenticated_api_enabled` | boolean | no | (**If enabled, requires:** `throttle_unauthenticated_api_period_in_seconds` and `throttle_unauthenticated_api_requests_per_period`) Enable unauthenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). |
| `throttle_unauthenticated_api_period_in_seconds` | integer | required by:<br>`throttle_unauthenticated_api_enabled` | Rate limit period in seconds. |
| `throttle_unauthenticated_api_requests_per_period` | integer | required by:<br>`throttle_unauthenticated_api_enabled` | Max requests per period per IP. |
| `throttle_unauthenticated_packages_api_enabled` | boolean | no | (**If enabled, requires:** `throttle_unauthenticated_packages_api_period_in_seconds` and `throttle_unauthenticated_packages_api_requests_per_period`) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View [Package Registry rate limits](../user/admin_area/settings/package_registry_rate_limits.md) for more details. |
| `throttle_unauthenticated_packages_api_period_in_seconds` | integer | required by:<br>`throttle_unauthenticated_packages_api_enabled` | Rate limit period (in seconds). View [Package Registry rate limits](../user/admin_area/settings/package_registry_rate_limits.md) for more details. |
| `throttle_unauthenticated_packages_api_requests_per_period` | integer | required by:<br>`throttle_unauthenticated_packages_api_enabled` | Maximum requests per period per user. View [Package Registry rate limits](../user/admin_area/settings/package_registry_rate_limits.md) for more details. |
| `throttle_unauthenticated_packages_api_enabled` | boolean | no | (**If enabled, requires:** `throttle_unauthenticated_packages_api_period_in_seconds` and `throttle_unauthenticated_packages_api_requests_per_period`) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View [Package Registry rate limits](../administration/settings/package_registry_rate_limits.md) for more details. |
| `throttle_unauthenticated_packages_api_period_in_seconds` | integer | required by:<br>`throttle_unauthenticated_packages_api_enabled` | Rate limit period (in seconds). View [Package Registry rate limits](../administration/settings/package_registry_rate_limits.md) for more details. |
| `throttle_unauthenticated_packages_api_requests_per_period` | integer | required by:<br>`throttle_unauthenticated_packages_api_enabled` | Maximum requests per period per user. View [Package Registry rate limits](../administration/settings/package_registry_rate_limits.md) for more details. |
| `throttle_unauthenticated_web_enabled` | boolean | no | (**If enabled, requires:** `throttle_unauthenticated_web_period_in_seconds` and `throttle_unauthenticated_web_requests_per_period`) Enable unauthenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). |
| `throttle_unauthenticated_web_period_in_seconds` | integer | required by:<br>`throttle_unauthenticated_web_enabled` | Rate limit period in seconds. |
| `throttle_unauthenticated_web_requests_per_period` | integer | required by:<br>`throttle_unauthenticated_web_enabled` | Max requests per period per IP. |

2
doc/api/snippets.md
View File

@ -20,7 +20,7 @@ Valid values for snippet visibility levels are:
| Visibility | Description |
|:-----------|:----------------------------------------------------|
| `private` | Snippet is visible only to the snippet creator. |
| `internal` | Snippet is visible for any authenticated user except [external users](../user/admin_area/external_users.md). |
| `internal` | Snippet is visible for any authenticated user except [external users](../administration/external_users.md). |
| `public` | Snippet can be accessed without any authentication. |
## List all snippets for a user

2
doc/api/templates/dockerfiles.md
View File

@ -16,7 +16,7 @@ in the GitLab repository.
In [GitLab Premium and Ultimate](https://about.gitlab.com/pricing/) tiers, GitLab instance
administrators can override templates in the
[Admin Area](../../user/admin_area/settings/instance_template_repository.md).
[Admin Area](../../administration/settings/instance_template_repository.md).
## List Dockerfile templates

2
doc/ci/examples/index.md
View File

@ -102,7 +102,7 @@ to [the templates list](https://gitlab.com/gitlab-org/gitlab/-/tree/master/lib/g
### Adding templates to your GitLab installation **(PREMIUM SELF)**
You can add custom examples and templates to your self-managed GitLab instance.
Your GitLab administrator can [designate an instance template repository](../../user/admin_area/settings/instance_template_repository.md)
Your GitLab administrator can [designate an instance template repository](../../administration/settings/instance_template_repository.md)
that contains examples and templates specific to your organization.
## Other resources

2
doc/ci/migration/circleci.md
View File

@ -16,7 +16,7 @@ We have collected several resources that you may find useful before starting to
The [Quick Start Guide](../quick_start/index.md) is a good overview of how GitLab CI/CD works. You may also be interested in [Auto DevOps](../../topics/autodevops/index.md) which can be used to build, test, and deploy your applications with little to no configuration needed at all.
For advanced CI/CD teams, [custom project templates](../../user/admin_area/custom_project_templates.md) can enable the reuse of pipeline configurations.
For advanced CI/CD teams, [custom project templates](../../administration/custom_project_templates.md) can enable the reuse of pipeline configurations.
If you have questions that are not answered here, the [GitLab community forum](https://forum.gitlab.com/) can be a great resource.

4
doc/ci/migration/jenkins.md
View File

@ -209,10 +209,10 @@ Refer to this index if these features aren't working as expected, or if you'd li
For advanced CI/CD teams, project templates can enable the reuse of pipeline configurations,
as well as encourage inner sourcing.
In self-managed GitLab instances, you can build an [Instance Template Repository](../../user/admin_area/settings/instance_template_repository.md).
In self-managed GitLab instances, you can build an [Instance Template Repository](../../administration/settings/instance_template_repository.md).
Development teams across the whole organization can select templates from a dropdown list.
A group maintainer or a group owner is able to set a group to use as the source for the
[custom project templates](../../user/admin_area/custom_project_templates.md). This can
[custom project templates](../../administration/custom_project_templates.md). This can
be used by all projects in the group. An instance administrator can set a group as
the source for [instance project templates](../../user/group/custom_project_templates.md),
which can be used by projects in that instance.

4
doc/ci/pipelines/settings.md
View File

@ -31,7 +31,7 @@ To change the visibility of your pipelines and related features:
When it is selected, pipelines and related features are visible:
- For [**Public**](../../user/public_access.md) projects, to everyone.
- For **Internal** projects, to all authenticated users except [external users](../../user/admin_area/external_users.md).
- For **Internal** projects, to all authenticated users except [external users](../../administration/external_users.md).
- For **Private** projects, to all project members (Guest or higher).
When it is cleared:
@ -40,7 +40,7 @@ To change the visibility of your pipelines and related features:
and the **CI/CD** menu items are visible only to project members (Reporter or higher).
Other users, including guest users, can only view the status of pipelines and jobs, and only
when viewing merge requests or commits.
- For **Internal** projects, pipelines are visible to all authenticated users except [external users](../../user/admin_area/external_users.md).
- For **Internal** projects, pipelines are visible to all authenticated users except [external users](../../administration/external_users.md).
Related features are visible only to project members (Reporter or higher).
- For **Private** projects, pipelines and related features are visible to project members (Reporter or higher) only.

2
doc/ci/variables/predefined_variables.md
View File

@ -105,7 +105,7 @@ as it can cause the pipeline to behave unexpectedly.
| `CI_PROJECT_DESCRIPTION` | 15.1 | all | The project description as displayed in the GitLab web interface. |
| `CI_PROJECT_URL` | 8.10 | 0.5 | The HTTP(S) address of the project. |
| `CI_PROJECT_VISIBILITY` | 10.3 | all | The project visibility. Can be `internal`, `private`, or `public`. |
| `CI_PROJECT_CLASSIFICATION_LABEL` | 14.2 | all | The project [external authorization classification label](../../user/admin_area/settings/external_authorization.md). |
| `CI_PROJECT_CLASSIFICATION_LABEL` | 14.2 | all | The project [external authorization classification label](../../administration/settings/external_authorization.md). |
| `CI_REGISTRY_IMAGE` | 8.10 | 0.5 | The address of the project's Container Registry. Only available if the Container Registry is enabled for the project. |
| `CI_REGISTRY_PASSWORD` | 9.0 | all | The password to push containers to the project's GitLab Container Registry. Only available if the Container Registry is enabled for the project. This password value is the same as the `CI_JOB_TOKEN` and is valid only as long as the job is running. Use the `CI_DEPLOY_PASSWORD` for long-lived access to the registry |
| `CI_REGISTRY_USER` | 9.0 | all | The username to push containers to the project's GitLab Container Registry. Only available if the Container Registry is enabled for the project. |

2
doc/development/application_limits.md
View File

@ -171,7 +171,7 @@ The process for adding a new throttle is loosely:
1. Extend `Gitlab::RackAttack` and `Gitlab::RackAttack::Request` to configure the new rate limit,
and apply it to the desired requests.
1. Add the new settings to the Admin Area form in `app/views/admin/application_settings/_ip_limits.html.haml`.
1. Document the new settings in [User and IP rate limits](../user/admin_area/settings/user_and_ip_rate_limits.md) and [Application settings API](../api/settings.md).
1. Document the new settings in [User and IP rate limits](../administration/settings/user_and_ip_rate_limits.md) and [Application settings API](../api/settings.md).
1. Configure the rate limit for GitLab.com and document it in [GitLab.com-specific rate limits](../user/gitlab_com/index.md#gitlabcom-specific-rate-limits).
Refer to these past issues for implementation details:

2
doc/development/cicd/cicd_reference_documentation_guide.md
View File

@ -125,7 +125,7 @@ can include changes introduced in different GitLab versions. For example:
**Additional details**:
- The expiration time period begins when the artifact is uploaded and stored on GitLab.
If the expiry time is not defined, it defaults to the [instance wide setting](../../user/admin_area/settings/continuous_integration.md#default-artifacts-expiration).
If the expiry time is not defined, it defaults to the [instance wide setting](../../administration/settings/continuous_integration.md#default-artifacts-expiration).
- To override the expiration date and protect artifacts from being automatically deleted:
- Select **Keep** on the job page.
- [In GitLab 13.3 and later](https://gitlab.com/gitlab-org/gitlab/-/issues/22761), set the value of

13
doc/development/documentation/site_architecture/folder_structure.md
View File

@ -26,7 +26,7 @@ Put files for a specific product area into the related folder:
| Directory | Contents |
|:----------------------|:------------------|
| `doc/user/` | Documentation for users. Anything that can be done in the GitLab user interface goes here, including usage of the `/admin` interface. |
| `doc/administration/` | Documentation that requires the user to have access to the server where GitLab is installed. Administrator settings in the GitLab user interface are under `doc/user/admin_area/`. |
| `doc/administration/` | Documentation that requires the user to have access to the server where GitLab is installed. Administrator settings in the GitLab user interface are under `doc/administration/`. |
| `doc/api/` | Documentation for the API. |
| `doc/development/` | Documentation related to the development of GitLab, whether contributing code or documentation. Related process and style guides should go here. |
| `doc/legal/` | Legal documents about contributing to GitLab. |
@ -61,14 +61,9 @@ When working with directories and files:
- `doc/user/profile/` should contain all profile related documentation.
Every page you would navigate under `/profile` should have its own document,
for example, `account.md`, `applications.md`, or `emails.md`.
- `doc/user/admin_area/` should contain all administrator-related
documentation describing what can be achieved by accessing the GitLab
administrator interface (not to be confused with `doc/administration` where
server access is required).
- Every category under `/admin/application_settings/` should have its
own document located at `doc/user/admin_area/settings/`. For example,
the **Visibility and Access Controls** category should have a document
located at `doc/user/admin_area/settings/visibility_and_access_controls.md`.
1. In the `doc/administration/` directory: all administrator-related
documentation for administrators, including admin tasks done in both
the UI and on the backend servers.
If you're unsure where to place a document or a content addition, this shouldn't
stop you from authoring and contributing. Use your best judgment, and then ask

4
doc/development/geo.md
View File

@ -111,7 +111,7 @@ projects that need updating. Those projects can be:
timestamp that is more recent than the `last_repository_successful_sync_at`
timestamp in the `Geo::ProjectRegistry` model.
- Manual: The administrator can manually flag a repository to resync in the
[Geo Admin Area](../user/admin_area/geo_sites.md).
[Geo Admin Area](../administration/geo_sites.md).
When we fail to fetch a repository on the secondary `RETRIES_BEFORE_REDOWNLOAD`
times, Geo does a so-called _re-download_. It will do a clean clone
@ -466,7 +466,7 @@ basically hashes all Git refs together and stores that hash in the
The **secondary** site does the same to calculate the hash of its
clone, and compares the hash with the value the **primary** site
calculated. If there is a mismatch, Geo will mark this as a mismatch
and the administrator can see this in the [Geo Admin Area](../user/admin_area/geo_sites.md).
and the administrator can see this in the [Geo Admin Area](../administration/geo_sites.md).
## Geo proxying

6
doc/install/aws/manual_install_aws.md
View File

@ -268,7 +268,7 @@ On the EC2 dashboard, look for Load Balancer in the left navigation bar:
1. Select **Configure Health Check** and set up a health check for your EC2 instances.
1. For **Ping Protocol**, select HTTP.
1. For **Ping Port**, enter 80.
1. For **Ping Path** - we recommend that you [use the Readiness check endpoint](../../administration/load_balancer.md#readiness-check). You must add [the VPC IP Address Range (CIDR)](https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-groups.html#elb-vpc-nacl) to the [IP allowlist](../../administration/monitoring/ip_allowlist.md) for the [Health Check endpoints](../../user/admin_area/monitoring/health_check.md)
1. For **Ping Path** - we recommend that you [use the Readiness check endpoint](../../administration/load_balancer.md#readiness-check). You must add [the VPC IP Address Range (CIDR)](https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-groups.html#elb-vpc-nacl) to the [IP allowlist](../../administration/monitoring/ip_allowlist.md) for the [Health Check endpoints](../../administration/monitoring/health_check.md)
1. Keep the default **Advanced Details** or adjust them according to your needs.
1. Select **Add EC2 Instances** - don't add anything as we create an Auto Scaling Group later to manage instances for us.
1. Select **Add Tags** and add any tags you need.
@ -741,7 +741,7 @@ GitLab provides its own integrated monitoring solution based on Prometheus.
For more information about how to set it up, see
[GitLab Prometheus](../../administration/monitoring/prometheus/index.md).
GitLab also has various [health check endpoints](../../user/admin_area/monitoring/health_check.md)
GitLab also has various [health check endpoints](../../administration/monitoring/health_check.md)
that you can ping and get reports.
## GitLab Runner
@ -833,7 +833,7 @@ to request additional material:
Geo is the solution for widely distributed development teams.
- [Linux package](https://docs.gitlab.com/omnibus/) - Everything you must know
about administering your GitLab instance.
- [Add a license](../../user/admin_area/license.md):
- [Add a license](../../administration/license.md):
Activate all GitLab Enterprise Edition functionality with a license.
- [Pricing](https://about.gitlab.com/pricing/): Pricing for the different tiers.

2
doc/integration/omniauth.md
View File

@ -309,7 +309,7 @@ To enable automatic linking for SAML, see the [SAML setup instructions](saml.md#
## Create an external providers list
You can define a list of external OmniAuth providers.
Users who create accounts or sign in to GitLab through the listed providers do not get access to [internal projects](../user/public_access.md#internal-projects-and-groups) and are marked as [external users](../user/admin_area/external_users.md).
Users who create accounts or sign in to GitLab through the listed providers do not get access to [internal projects](../user/public_access.md#internal-projects-and-groups) and are marked as [external users](../administration/external_users.md).
To define the external providers list, use the full name of the provider,
for example, `google_oauth2` for Google. For provider names, see the

8
doc/security/hardening_application_recommendations.md
View File

@ -121,7 +121,7 @@ select the **Disabled feed token** checkbox.
If all of your users are coming from specific IP addresses, use **Global-allowed IP ranges**
to specifically allow only those addresses.
For more details on **Visibility and access control**, see [visibility and access controls](../user/admin_area/settings/visibility_and_access_controls.md).
For more details on **Visibility and access control**, see [visibility and access controls](../administration/settings/visibility_and_access_controls.md).
For information on SSH settings, see
[SSH keys restrictions](../security/ssh_keys_restrictions.md).
@ -134,7 +134,7 @@ restricted. Account avatars can be manually uploaded by users.
The settings in this section are intended to help enforce a custom implementation
of your own specific standards on your users. As the various scenarios are too many
and too varied, you should review the
[account and limit settings documentation](../user/admin_area/settings/account_and_limit_settings.md)
[account and limit settings documentation](../administration/settings/account_and_limit_settings.md)
and apply changes to enforce your own policies.
### Sign-up restrictions
@ -158,7 +158,7 @@ email addresses, then list that domain in **Allowed domains for sign-ups**. This
prevents those with email addresses in other domains from signing up.
For more detailed information, see
[sign-up restrictions](../user/admin_area/settings/sign_up_restrictions.md).
[sign-up restrictions](../administration/settings/sign_up_restrictions.md).
### Sign-in restrictions
@ -176,7 +176,7 @@ In **Email notification for unknown sign-ins**, ensure that **Enable email notif
is selected. This sends an email to users when a sign-in occurs from an unrecognized location.
For more detailed information, see
[sign-in restrictions](../user/admin_area/settings/sign_in_restrictions.md).
[sign-in restrictions](../administration/settings/sign_in_restrictions.md).
## Integrations

2
doc/security/index.md
View File

@ -27,6 +27,6 @@ type: index
- [Project Import decompressed archive size limits](project_import_decompressed_archive_size_limits.md)
- [Responding to security incidents](responding_to_security_incidents.md)
To harden your GitLab instance and minimize the risk of unwanted user account creation, consider access control features like [Sign up restrictions](../user/admin_area/settings/sign_up_restrictions.md) and [Authentication options](../topics/authentication/index.md). For more detailed information, refer to [Hardening](hardening.md).
To harden your GitLab instance and minimize the risk of unwanted user account creation, consider access control features like [Sign up restrictions](../administration/settings/sign_up_restrictions.md) and [Authentication options](../topics/authentication/index.md). For more detailed information, refer to [Hardening](hardening.md).
Self-managed GitLab customers and administrators are responsible for the security of their underlying hosts, and for keeping GitLab itself up to date. It is important to [regularly patch GitLab](../policy/maintenance.md), patch your operating system and its software, and harden your hosts in accordance with vendor guidance.

28
doc/security/rate_limits.md
View File

@ -31,21 +31,21 @@ similarly mitigated by a rate limit.
You can set these rate limits in the Admin Area of your instance:
- [Import/Export rate limits](../user/admin_area/settings/import_export_rate_limits.md)
- [Issue rate limits](../user/admin_area/settings/rate_limit_on_issues_creation.md)
- [Note rate limits](../user/admin_area/settings/rate_limit_on_notes_creation.md)
- [Protected paths](../user/admin_area/settings/protected_paths.md)
- [Raw endpoints rate limits](../user/admin_area/settings/rate_limits_on_raw_endpoints.md)
- [User and IP rate limits](../user/admin_area/settings/user_and_ip_rate_limits.md)
- [Package registry rate limits](../user/admin_area/settings/package_registry_rate_limits.md)
- [Git LFS rate limits](../user/admin_area/settings/git_lfs_rate_limits.md)
- [Rate limits on Git SSH operations](../user/admin_area/settings/rate_limits_on_git_ssh_operations.md)
- [Files API rate limits](../user/admin_area/settings/files_api_rate_limits.md)
- [Deprecated API rate limits](../user/admin_area/settings/deprecated_api_rate_limits.md)
- [Import/Export rate limits](../administration/settings/import_export_rate_limits.md)
- [Issue rate limits](../administration/settings/rate_limit_on_issues_creation.md)
- [Note rate limits](../administration/settings/rate_limit_on_notes_creation.md)
- [Protected paths](../administration/settings/protected_paths.md)
- [Raw endpoints rate limits](../administration/settings/rate_limits_on_raw_endpoints.md)
- [User and IP rate limits](../administration/settings/user_and_ip_rate_limits.md)
- [Package registry rate limits](../administration/settings/package_registry_rate_limits.md)
- [Git LFS rate limits](../administration/settings/git_lfs_rate_limits.md)
- [Rate limits on Git SSH operations](../administration/settings/rate_limits_on_git_ssh_operations.md)
- [Files API rate limits](../administration/settings/files_api_rate_limits.md)
- [Deprecated API rate limits](../administration/settings/deprecated_api_rate_limits.md)
- [GitLab Pages rate limits](../administration/pages/index.md#rate-limits)
- [Pipeline rate limits](../user/admin_area/settings/rate_limit_on_pipelines_creation.md)
- [Incident management rate limits](../user/admin_area/settings/incident_management_rate_limits.md)
- [Unauthenticated access to Projects List API rate limits](../user/admin_area/settings/rate_limit_on_projects_api.md)
- [Pipeline rate limits](../administration/settings/rate_limit_on_pipelines_creation.md)
- [Incident management rate limits](../administration/settings/incident_management_rate_limits.md)
- [Unauthenticated access to Projects List API rate limits](../administration/settings/rate_limit_on_projects_api.md)
You can set these rate limits using the Rails console:

2
doc/security/responding_to_security_incidents.md
View File

@ -45,7 +45,7 @@ If you suspect that your GitLab instance has been compromised, consider taking t
- [Review the audit events](../administration/audit_events.md) available to you for suspicious account behavior.
- [Review all users](../administration/moderate_users.md) (including the Administrative root user), and follow the steps in [Suspected compromised user account](#suspected-compromised-user-account) if necessary.
- Review the [Credentials Inventory](../user/admin_area/credentials_inventory.md), if available to you.
- Review the [Credentials Inventory](../administration/credentials_inventory.md), if available to you.
- Change any sensitive credentials, variables, tokens, and secrets. For example, those located in instance configuration, database,
CI/CD pipelines, or elsewhere.
- Upgrade to the latest version of GitLab and adopt a plan to upgrade after every security patch release.

2
doc/subscriptions/bronze_starter.md
View File

@ -21,7 +21,7 @@ the tiers are no longer mentioned in GitLab documentation:
- [Code owners](../user/project/codeowners/index.md)
- Description templates:
- [Setting a default template for merge requests and issues](../user/project/description_templates.md#set-a-default-template-for-merge-requests-and-issues)
- [Email from GitLab](../user/admin_area/email_from_gitlab.md)
- [Email from GitLab](../administration/email_from_gitlab.md)
- Groups:
- [Creating group memberships via CN](../user/group/access_and_permissions.md#create-group-links-via-cn)
- [Group push rules](../user/group/access_and_permissions.md#group-push-rules)

6
doc/subscriptions/self_managed/index.md
View File

@ -101,7 +101,7 @@ The user must not be assigned any other role, anywhere in the instance.
NOTE:
If a user creates a project, they are assigned the Maintainer or Owner role.
To prevent a user from creating projects, as an administrator, you can mark the user
as [external](../../user/admin_area/external_users.md).
as [external](../../administration/external_users.md).
## Tips for managing users and subscription seats
@ -119,7 +119,7 @@ GitLab has several features which can help you manage the number of users:
- Enable `block_auto_created_users` for new sign-ups via [LDAP](../../administration/auth/ldap/index.md#basic-configuration-settings) or [OmniAuth](../../integration/omniauth.md#configure-common-settings).
- Enable the [User cap](../../administration/settings/sign_up_restrictions.md#user-cap)
option. **Available in GitLab 13.7 and later**.
- [Disable new sign-ups](../../user/admin_area/settings/sign_up_restrictions.md), and instead manage new
- [Disable new sign-ups](../../administration/settings/sign_up_restrictions.md), and instead manage new
users manually.
- View a breakdown of users by role in the [Users statistics](../../administration/admin_area.md#users-statistics) page.
@ -421,7 +421,7 @@ The following is emailed to you:
[**View invoices**](https://customers.gitlab.com/receipts).
- A new activation code for your license.
[Add the activation code](../../user/admin_area/license.md) to your instance.
[Add the activation code](../../administration/license.md) to your instance.
The new tier takes effect when the new license is activated.
## Add or change the contacts for your subscription

1
doc/user/clusters/create/index.md
View File

@ -11,4 +11,5 @@ You connect the clusters to GitLab by using the agent for Kubernetes.
- [Create a cluster on Google GKE](../../infrastructure/clusters/connect/new_gke_cluster.md)
- [Create a cluster on Amazon EKS](../../infrastructure/clusters/connect/new_eks_cluster.md)
- [Create a cluster on Azure AKS](../../infrastructure/clusters/connect/new_aks_cluster.md)
- [Create a cluster on Civo](../../infrastructure/clusters/connect/new_civo_cluster.md)

2
doc/user/gitlab_com/index.md
View File

@ -351,7 +351,7 @@ after the limits change in January, 2021:
More details are available on the rate limits for
[protected paths](#protected-paths-throttle) and
[raw endpoints](../../user/admin_area/settings/rate_limits_on_raw_endpoints.md).
[raw endpoints](../../administration/settings/rate_limits_on_raw_endpoints.md).
GitLab can rate-limit requests at several layers. The rate limits listed here
are configured in the application. These limits are the most

132
doc/user/infrastructure/clusters/connect/new_aks_cluster.md Normal file
View File

@ -0,0 +1,132 @@
---
stage: Deploy
group: Environments
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---
# Create an Azure AKS cluster
You can create a cluster on Azure Kubernetes Service (AKS) through
[Infrastructure as Code (IaC)](../../index.md). This process uses the Azure and
Kubernetes Terraform providers to create AKS clusters. You connect the clusters to GitLab
by using the GitLab agent for Kubernetes.
**Prerequisites:**
- A Microsoft Azure account, with a set of configured
[security credentials](https://learn.microsoft.com/en-us/cli/azure/authenticate-azure-cli).
- [A runner](https://docs.gitlab.com/runner/install/) you can use to run the GitLab CI/CD pipeline.
**Steps:**
1. [Import the example project](#import-the-example-project).
1. [Register the agent for Kubernetes](#register-the-agent).
1. [Configure your project](#configure-your-project).
1. [Provision your cluster](#provision-your-cluster).
## Import the example project
To create a cluster from GitLab using Infrastructure as Code, you must
create a project to manage the cluster from. In this tutorial, you start with
a sample project and modify it according to your needs.
Start by [importing the example project by URL](../../../project/import/repo_by_url.md).
To import the project:
1. On the left sidebar, at the top, select **Create new** (**{plus}**) and **New project/repository**.
1. Select **Import project**.
1. Select **Repository by URL**.
1. For the **Git repository URL**, enter `https://gitlab.com/gitlab-org/ci-cd/deploy-stage/environments-group/examples/gitlab-terraform-aks.git`.
1. Complete the fields and select **Create project**.
This project provides you with:
- An [Azure Kubernetes Service (AKS)](https://gitlab.com/gitlab-org/ci-cd/deploy-stage/environments-group/examples/gitlab-terraform-aks/-/blob/main/aks.tf) cluster.
- The [GitLab agent for Kubernetes](https://gitlab.com/gitlab-org/ci-cd/deploy-stage/environments-group/examples/gitlab-terraform-aks/-/blob/main/agent.tf) installed in the cluster.
## Register the agent
To create a GitLab agent for Kubernetes:
1. On the left sidebar, select **Operate > Kubernetes clusters**.
1. Select **Connect a cluster (agent)**.
1. From the **Select an agent** dropdown list, select `aks-agent` and select **Register an agent**.
1. GitLab generates a registration token for the agent. Securely store this secret token, as you will need it later.
1. GitLab provides an address for the agent server (KAS), which you will also need later.
## Configure your project
Use CI/CD environment variables to configure your project.
**Required configuration:**
1. On the left sidebar, select **Settings > CI/CD**.
1. Expand **Variables**.
1. Set the variable `AZURE_CLIENT_ID` to your Azure client ID.
1. Set the variable `AZURE_CLIENT_SECRET` to your Azure client secret.
1. Set the variable `AZURE_TENANT_ID` to your service principal.
1. Set the variable `TF_VAR_agent_token` to the agent token displayed in the previous task.
1. Set the variable `TF_VAR_kas_address` to the agent server address displayed in the previous task.
**Optional configuration:**
The file [`variables.tf`](https://gitlab.com/gitlab-org/ci-cd/deploy-stage/environments-group/examples/gitlab-terraform-aks/-/blob/main/variables.tf)
contains other variables that you can override according to your needs:
- `TF_VAR_location`: Set your cluster's region.
- `TF_VAR_cluster_name`: Set your cluster's name.
- `TF_VAR_kubernetes_version`: Set the version of Kubernetes.
- `TF_VAR_create_resource_group`: Allow to enable or disable the creation of a new resource group. (Default set to true).
- `TF_VAR_resource_group_name`: Set the name of resource group.
- `TF_VAR_agent_namespace`: Set the Kubernetes namespace for the GitLab agent.
See the [Azure Terraform provider](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs) and the [Kubernetes Terraform provider](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs) documentation for further resource options.
## Provision your cluster
After configuring your project, manually trigger the provisioning of your cluster. In GitLab:
1. On the left sidebar, select **Build > Pipelines**.
1. Next to **Play** (**{play}**), select the dropdown list icon (**{chevron-lg-down}**).
1. Select **Deploy** to manually trigger the deployment job.
When the pipeline finishes successfully, you can view the new cluster:
- In Azure: From the [Azure portal](https://portal.azure.com/#home), select **Kubernetes services > View**.
- In GitLab: On the left sidebar, select **Operate > Kubernetes clusters**.
## Use your cluster
After you provision the cluster, it is connected to GitLab and is ready for deployments. To check the connection:
1. On the left sidebar, select **Operate > Kubernetes clusters**.
1. In the list, view the **Connection status** column.
For more information about the capabilities of the connection, see [the GitLab agent for Kubernetes documentation](../index.md).
## Remove the cluster
A cleanup job is not included in your pipeline by default. To remove all created resources, you
must modify your GitLab CI/CD template before running the cleanup job.
To remove all resources:
1. Add the following to your `.gitlab-ci.yml` file:
```yaml
stages:
- init
- validate
- test
- build
- deploy
- cleanup
destroy:
extends: .terraform:destroy
needs: []
```
1. On the left sidebar, select **Build > Pipelines** and select the most recent pipeline.
1. For the `destroy` job, select **Play** (**{play}**).

2
doc/user/project/index.md
View File

@ -68,7 +68,7 @@ For this reason, the creation date of imported objects can be older than the cre
Custom project templates are available at:
- The [instance-level](../../user/admin_area/custom_project_templates.md)
- The [instance-level](../../administration/custom_project_templates.md)
- The [group-level](../../user/group/custom_project_templates.md)
1. On the left sidebar, at the top, select **Create new** (**{plus}**) and **New project/repository**.

2
doc/user/snippets.md
View File

@ -253,7 +253,7 @@ GitLab forwards the spam to Akismet.
### Reduce snippets repository size
Because versioned snippets are considered as part of the [namespace storage size](../user/admin_area/settings/account_and_limit_settings.md),
Because versioned snippets are considered as part of the [namespace storage size](../administration/settings/account_and_limit_settings.md),
it's recommended to keep snippets' repositories as compact as possible.
For more information about tools to compact repositories,

2
lib/gitlab/database/load_balancing/service_discovery.rb
View File

@ -22,7 +22,7 @@ module Gitlab
MAX_SLEEP_ADJUSTMENT = 10
MAX_DISCOVERY_RETRIES = 3
DISCOVERY_THREAD_REFRESH_DELTA = 3
DISCOVERY_THREAD_REFRESH_DELTA = 5
RETRY_DELAY_RANGE = (0.1..0.2).freeze

1
lib/sidebars/groups/super_sidebar_menus/analyze_menu.rb
View File

@ -17,6 +17,7 @@ module Sidebars
override :configure_menu_items
def configure_menu_items
[
:analytics_dashboards,
:dashboards_analytics,
:cycle_analytics,
:ci_cd_analytics,

6
locale/gitlab.pot
View File

@ -5253,6 +5253,9 @@ msgstr ""
msgid "Analytics"
msgstr ""
msgid "Analytics dashboards"
msgstr ""
msgid "Analytics|A visualization with that name already exists."
msgstr ""
@ -14019,6 +14022,9 @@ msgstr ""
msgid "DORA4Metrics|All labels"
msgstr ""
msgid "DORA4Metrics|Analytics Dashboards"
msgstr ""
msgid "DORA4Metrics|Average (last %{days}d)"
msgstr ""

2
qa/qa/page/project/snippet/new.rb
View File

@ -20,7 +20,7 @@ module QA
# webdriver to miss the hit so we wait for the svg to load before
# clicking the button.
within_element(:svg_content) do
has_element?(:js_lazy_loaded)
has_element?(:js_lazy_loaded_content)
end
click_element(:create_first_snippet_link)
end

1
qa/qa/support/matchers/have_matcher.rb
View File

@ -8,6 +8,7 @@ module QA
auto_devops_container
element
file_content
file_name
assignee
child_pipeline
linked_pipeline

2
qa/qa/support/parallel_pipeline_jobs.rb
View File

@ -7,7 +7,7 @@ module QA
class ParallelPipelineJobs
include API
PARALLEL_JOB_NAME_PATTERN = %r{^\S+ \d+/\d+$}.freeze
PARALLEL_JOB_NAME_PATTERN = %r{^\S+ \d+/\d+$}
def initialize(stage_name:, project_id:, pipeline_id:, access_token:)
@stage_name = stage_name

4
qa/qa/tools/ci/qa_changes.rb
View File

@ -9,8 +9,8 @@ module QA
class QaChanges
include Helpers
QA_PATTERN = %r{^qa/}.freeze
SPEC_PATTERN = %r{^qa/qa/specs/features/\S+_spec\.rb}.freeze
QA_PATTERN = %r{^qa/}
SPEC_PATTERN = %r{^qa/qa/specs/features/\S+_spec\.rb}
DEPENDENCY_PATTERN = Regexp.union(
/_VERSION/,
/Gemfile\.lock/,

2
rubocop/cop/gitlab/doc_url.rb
View File

@ -21,7 +21,7 @@ module RuboCop
MSG = 'Use `#help_page_url` instead of directly including link. ' \
'See https://docs.gitlab.com/ee/development/documentation/#linking-to-help-in-ruby.'
DOCS_URL_REGEXP = %r{https://docs.gitlab.com/ee/[\w#%./-]+}.freeze
DOCS_URL_REGEXP = %r{https://docs.gitlab.com/ee/[\w#%./-]+}
def on_str(node)
match = DOCS_URL_REGEXP.match(node.source)

2
rubocop/cop/gitlab/finder_with_find_by.rb
View File

@ -6,7 +6,7 @@ module RuboCop
class FinderWithFindBy < RuboCop::Cop::Base
extend RuboCop::Cop::AutoCorrector
FIND_PATTERN = /\Afind(_by!?)?\z/.freeze
FIND_PATTERN = /\Afind(_by!?)?\z/
ALLOWED_MODULES = ['FinderMethods'].freeze
def message(used_method)

2
rubocop/cop/inject_enterprise_edition_module.rb
View File

@ -20,7 +20,7 @@ module RuboCop
DISALLOW_METHODS = Set.new(%i[include extend prepend]).freeze
COMMENT_OR_EMPTY_LINE = /^\s*(#.*|$)/.freeze
COMMENT_OR_EMPTY_LINE = /^\s*(#.*|$)/
CHECK_LINE_METHODS_REGEXP = Regexp.union((CHECK_LINE_METHODS + DISALLOW_METHODS).map(&:to_s) + [COMMENT_OR_EMPTY_LINE]).freeze

2
rubocop/cop/project_path_helper.rb
View File

@ -9,7 +9,7 @@ module RuboCop
'`foo_project_bar_path(project, bar)` instead of ' \
'`foo_namespace_project_bar_path(project.namespace, project, bar)`.'
METHOD_NAME_PATTERN = /\A([a-z_]+_)?namespace_project(?:_[a-z_]+)?_(?:url|path)\z/.freeze
METHOD_NAME_PATTERN = /\A([a-z_]+_)?namespace_project(?:_[a-z_]+)?_(?:url|path)\z/
def on_send(node)
return unless METHOD_NAME_PATTERN.match?(method_name(node).to_s)

2
rubocop/cop/qa/selector_usage.rb
View File

@ -20,7 +20,7 @@ module RuboCop
include QAHelpers
include CodeReuseHelpers
SELECTORS = /\.qa-\w+|data-qa-\w+/.freeze
SELECTORS = /\.qa-\w+|data-qa-\w+/
MESSAGE = %(Do not use `%s` as this is reserved for the end-to-end specs. Use a different selector or a data-testid instead.)
def on_str(node)

2
scripts/lint-docs-blueprints.rb
View File

@ -4,7 +4,7 @@
# Taken from Jekyll
# https://github.com/jekyll/jekyll/blob/3.5-stable/lib/jekyll/document.rb#L13
YAML_FRONT_MATTER_REGEXP = /\A(---\s*\n.*?\n?)^((---|\.\.\.)\s*$\n?)/m.freeze
YAML_FRONT_MATTER_REGEXP = /\A(---\s*\n.*?\n?)^((---|\.\.\.)\s*$\n?)/m
READ_LIMIT_BYTES = 1024
require 'yaml'

2
scripts/qa/testcases-check
View File

@ -3,7 +3,7 @@
require 'json'
TESTCASE_FORMAT = %r{https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/\d+}.freeze
TESTCASE_FORMAT = %r{https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/\d+}
testcases = []
missing_testcases = []

2
scripts/validate_migration_timestamps
View File

@ -6,7 +6,7 @@ require 'time'
MIGRATION_DIRS = %w[db/migrate db/post_migrate].freeze
VERSION_DIGITS = 14
MIGRATION_TIMESTAMP_REGEX = /\A(?<version>\d{#{VERSION_DIGITS}})_/.freeze
MIGRATION_TIMESTAMP_REGEX = /\A(?<version>\d{#{VERSION_DIGITS}})_/
maximum_timestamp = Time.now.utc.strftime('%Y%m%d%H%M%S').to_i

4
spec/initializers/secret_token_spec.rb
View File

@ -7,8 +7,8 @@ RSpec.describe 'create_tokens' do
include StubENV
let(:secrets) { ActiveSupport::OrderedOptions.new }
let(:hex_key) { /\h{128}/.freeze }
let(:rsa_key) { /\A-----BEGIN RSA PRIVATE KEY-----\n.+\n-----END RSA PRIVATE KEY-----\n\Z/m.freeze }
let(:hex_key) { /\h{128}/ }
let(:rsa_key) { /\A-----BEGIN RSA PRIVATE KEY-----\n.+\n-----END RSA PRIVATE KEY-----\n\Z/m }
before do
allow(Rails).to receive_message_chain(:application, :secrets).and_return(secrets)

1
spec/lib/sidebars/groups/super_sidebar_menus/analyze_menu_spec.rb
View File

@ -15,6 +15,7 @@ RSpec.describe Sidebars::Groups::SuperSidebarMenus::AnalyzeMenu, feature_categor
it 'defines list of NilMenuItem placeholders' do
expect(items.map(&:class).uniq).to eq([Sidebars::NilMenuItem])
expect(items.map(&:item_id)).to eq([
:analytics_dashboards,
:dashboards_analytics,
:cycle_analytics,
:ci_cd_analytics,

2
spec/support/helpers/next_found_instance_of.rb
View File

@ -2,7 +2,7 @@
module NextFoundInstanceOf
ERROR_MESSAGE = 'NextFoundInstanceOf mock helpers can only be used with ActiveRecord targets'
HELPER_METHOD_PATTERN = /(?:allow|expect)_next_found_(?<number>\d+)_instances_of/.freeze
HELPER_METHOD_PATTERN = /(?:allow|expect)_next_found_(?<number>\d+)_instances_of/
def method_missing(method_name, ...)
return super unless match_data = method_name.match(HELPER_METHOD_PATTERN)

2
spec/support/helpers/require_migration.rb
View File

@ -15,7 +15,7 @@ class RequireMigration
end
MIGRATION_FOLDERS = %w[db/migrate db/post_migrate].freeze
SPEC_FILE_PATTERN = %r{.+/(?:\d+_)?(?<file_name>.+)_spec\.rb}.freeze
SPEC_FILE_PATTERN = %r{.+/(?:\d+_)?(?<file_name>.+)_spec\.rb}
class << self
def require_migration!(file_name)

2
spec/support/matchers/exceed_query_limit.rb
View File

@ -63,7 +63,7 @@ module ExceedQueryLimitHelpers
end
end
MARGINALIA_ANNOTATION_REGEX = %r{\s*/\*.*\*/}.freeze
MARGINALIA_ANNOTATION_REGEX = %r{\s*/\*.*\*/}
DB_QUERY_RE = Regexp.union(
[

2
tooling/danger/config_files.rb
View File

@ -8,7 +8,7 @@ module Tooling
module ConfigFiles
include ::Tooling::Danger::Suggestor
MISSING_INTRODUCED_BY_REGEX = /^\+?(?<attr_name>\s*introduced_by_url):\s*$/.freeze
MISSING_INTRODUCED_BY_REGEX = /^\+?(?<attr_name>\s*introduced_by_url):\s*$/
CONFIG_DIRS = %w[
config/feature_flags

4
tooling/danger/customer_success.rb
View File

@ -11,8 +11,8 @@ module Tooling
The following files require a review:
MSG
FILE_PATH_REGEX = %r{((ee|jh)/)?config/metrics/.+\.yml}.freeze
CATEGORY_CHANGED = /data_category: operational/i.freeze
FILE_PATH_REGEX = %r{((ee|jh)/)?config/metrics/.+\.yml}
CATEGORY_CHANGED = /data_category: operational/i
def build_message
return unless impacted?

8
tooling/danger/datateam.rb
View File

@ -13,10 +13,10 @@ module Tooling
MSG
DATA_WAREHOUSE_SCOPE = 'Data Warehouse::'
FILE_PATH_REGEX = %r{((ee|jh)/)?config/metrics(/.+\.yml)}.freeze
PERFORMANCE_INDICATOR_REGEX = %r{gmau|smau|paid_gmau|umau}.freeze
METRIC_REMOVED = %r{\+status: removed}.freeze
DATABASE_REGEX = %r{\Adb/structure\.sql}.freeze
FILE_PATH_REGEX = %r{((ee|jh)/)?config/metrics(/.+\.yml)}
PERFORMANCE_INDICATOR_REGEX = %r{gmau|smau|paid_gmau|umau}
METRIC_REMOVED = %r{\+status: removed}
DATABASE_REGEX = %r{\Adb/structure\.sql}
STRUCTURE_SQL_FILE = %w(db/structure.sql).freeze
def build_message

4
tooling/danger/stable_branch.rb
View File

@ -5,7 +5,7 @@ module Tooling
module StableBranch
VersionApiError = Class.new(StandardError)
STABLE_BRANCH_REGEX = %r{\A(?<version>\d+-\d+)-stable-ee\z}.freeze
STABLE_BRANCH_REGEX = %r{\A(?<version>\d+-\d+)-stable-ee\z}
FAILING_PACKAGE_AND_TEST_STATUSES = %w[manual canceled].freeze
# rubocop:disable Lint/MixedRegexpCaptureTypes
@ -16,7 +16,7 @@ module Tooling
(-(?<rc>rc(?<rc_number>\d*)))?
(-\h+\.\h+)?
(-ee|\.ee\.\d+)?\z
}x.freeze
}x
# rubocop:enable Lint/MixedRegexpCaptureTypes
MAINTENANCE_POLICY_URL = 'https://docs.gitlab.com/ee/policy/maintenance.html'

2
tooling/lib/tooling/kubernetes_client.rb
View File

@ -6,7 +6,7 @@ require_relative '../../../lib/gitlab/popen' unless defined?(Gitlab::Popen)
module Tooling
class KubernetesClient
K8S_ALLOWED_NAMESPACES_REGEX = /^review-(?!apps).+/.freeze
K8S_ALLOWED_NAMESPACES_REGEX = /^review-(?!apps).+/
CommandFailedError = Class.new(StandardError)
def cleanup_namespaces_by_created_at(created_before:)

4
tooling/lib/tooling/mappings/view_to_js_mappings.rb
View File

@ -10,10 +10,10 @@ module Tooling
include Helpers::PredictiveTestsHelper
# The HTML attribute value pattern we're looking for to match an HTML file to a JS file.
HTML_ATTRIBUTE_VALUE_REGEXP = /js-[-\w]+/.freeze
HTML_ATTRIBUTE_VALUE_REGEXP = /js-[-\w]+/
# Search for Rails partials included in an HTML file
RAILS_PARTIAL_INVOCATION_REGEXP = %r{(?:render|render_if_exists)(?: |\()(?:partial: ?)?['"]([\w/-]+)['"]}.freeze
RAILS_PARTIAL_INVOCATION_REGEXP = %r{(?:render|render_if_exists)(?: |\()(?:partial: ?)?['"]([\w/-]+)['"]}
def initialize(
changed_files_pathname, predictive_tests_pathname,