root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2025-05-12 21:18:45 +00:00
parent d275f7ab34
commit aaaa025f81
39 changed files with 321 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.rubocop_todo/rspec/no_expectation_example.yml
View File

@ -47,7 +47,6 @@ RSpec/NoExpectationExample:
- 'qa/qa/specs/features/browser_ui/4_verify/ci_variable/ui_variable_inheritable_when_forward_pipeline_variables_true_spec.rb'
- 'qa/qa/specs/features/browser_ui/4_verify/ci_variable/ui_variable_non_inheritable_when_forward_pipeline_variables_false_spec.rb'
- 'qa/qa/specs/features/ee/api/2_plan/epics_to_work_items_sync_spec.rb'
- 'qa/qa/specs/features/ee/api/9_tenant_scale/elasticsearch/elasticsearch_api_spec.rb'
- 'qa/qa/specs/features/ee/browser_ui/10_govern/change_vulnerability_status_spec.rb'
- 'qa/qa/specs/features/ee/browser_ui/10_govern/group/group_ldap_sync_spec.rb'
- 'qa/qa/specs/features/ee/browser_ui/10_govern/security_reports_spec.rb'

8
app/assets/javascripts/ci/reports/codequality_report/components/codequality_issue_body.vue
View File

@ -4,8 +4,10 @@
* Fixed: [name] in [link]:[line]
*/
import { GlIcon, GlTooltipDirective } from '@gitlab/ui';
import { renderMarkdown } from '~/notes/utils';
import { s__ } from '~/locale';
import ReportLink from '~/ci/reports/components/report_link.vue';
import GlSafeHtmlDirective from '~/vue_shared/directives/safe_html';
import { STATUS_SUCCESS, STATUS_NEUTRAL } from '~/ci/reports/constants';
import { SEVERITY_CLASSES, SEVERITY_ICONS } from '../constants';
@ -17,6 +19,7 @@ export default {
},
directives: {
tooltip: GlTooltipDirective,
SafeHtml: GlSafeHtmlDirective,
},
props: {
status: {
@ -48,6 +51,9 @@ export default {
severityLabel() {
return this.$options.severityText[this.issueSeverity] || this.$options.severityText.unknown;
},
renderMarkdown() {
return renderMarkdown(this.issueName);
},
},
severityText: {
info: s__('severity|Info'),
@ -67,7 +73,7 @@ export default {
<div class="gl-grow">
<div>
<strong v-if="isStatusSuccess">{{ s__('ciReport|Fixed:') }}</strong>
{{ issueName }}
<div v-safe-html="renderMarkdown" data-testid="codequality-name"></div>
</div>
<report-link v-if="issue.path" :issue="issue" />

BIN
doc/administration/geo/replication/img/geo_uploads_file_missing_details_v17_11.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 81 KiB

BIN
doc/administration/geo/replication/img/geo_uploads_file_missing_v17_11.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 45 KiB

198
doc/administration/geo/replication/troubleshooting/synchronization_verification.md
View File

@ -361,6 +361,158 @@ component on one **secondary** site from the UI:
## Errors
### Message: `The file is missing on the Geo primary site`
The sync failure `The file is missing on the Geo primary site` is common when
setting up a secondary Geo site for the first time, which is caused by data
inconsistencies on the primary site.
Data inconsistencies and missing files can occur due to system or human errors
when operating GitLab. For example, an instance administrator manually deletes
several artifacts on the local file system. Such changes are not properly
propagated to the database and result in inconsistencies. These inconsistencies
remain and can cause frictions. Geo secondaries might continue to try
replicating those files as they are still referenced in the database but no
longer exist.
{{< alert type="note" >}}
In case of a recent migration from local to object storage, see the dedicated
[object storage troubleshooting section](../../../object_storage.md#inconsistencies-after-migrating-to-object-storage).
{{< /alert >}}
#### Identify inconsistencies
When missing files or inconsistencies are present, you can encounter entries in `geo.log` such as the following. Take note of the field `"primary_missing_file" : true`:
```json
{
"bytes_downloaded" : 0,
"class" : "Geo::BlobDownloadService",
"correlation_id" : "01JT69C1ECRBEMZHA60E5SAX8E",
"download_success" : false,
"download_time_s" : 0.196,
"gitlab_host" : "gitlab.example.com",
"mark_as_synced" : false,
"message" : "Blob download",
"model_record_id" : 55,
"primary_missing_file" : true,
"reason" : "Not Found",
"replicable_name" : "upload",
"severity" : "WARN",
"status_code" : 404,
"time" : "2025-05-01T16:02:44.836Z",
"url" : "http://gitlab.example.com/api/v4/geo/retrieve/upload/55"
}
```
The same errors are also reflected in the UI under **Admin > Geo > Sites** when reviewing the synchronization status of specific replicables. In this scenario, a specific *upload* is missing:
![The Geo Uploads replicable dashboard displaying all failed errors.](../img/geo_uploads_file_missing_v17_11.png)
![The Geo Uploads replicable dashboard displaying missing file error.](../img/geo_uploads_file_missing_details_v17_11.png)
#### Clean up inconsistencies
{{< alert type="warning" >}}
Ensure you have a recent and working backup at hand before issuing any deletion commands.
{{< /alert >}}
To remove those errors, first identify which particular resources are affected. Then, run the appropriate `destroy` commands to ensure the deletion is propagated across all Geo sites and their databases. Based on the previous scenario, an **upload** is causing those errors which is used as an example below.
1. Map the identified inconsistencies to their respective [Geo Model class](#geo-data-type-model-classes) name. The class name is needed in the following steps. In this scenario, for *uploads* it corresponds to `Upload`.
1. Start a [Rails console](../../../operations/rails_console.md#starting-a-rails-console-session) on the **Geo primary site**.
1. Query all resources where verification failed due to missing files based on the *Geo Model class* of the previous step. Adjust or remove the `limit(20)` to display more results. Observe how the listed resources should match the failed ones shown in the UI:
```ruby
Upload.verification_failed.where("verification_failure like '%File is not checksummable%'").limit(20)
=> #<Upload:0x00007b362bb6c4e8
id: 55,
size: 13346,
path: "503d99159e2aa8a3ac23602058cfdf58/openbao.png",
checksum: "db29d233de49b25d2085dcd8610bac787070e721baa8dcedba528a292b6e816b",
model_id: 1,
model_type: "Project",
uploader: "FileUploader",
created_at: Thu, 01 May 2025 15:54:10.549178000 UTC +00:00,
store: 1,
mount_point: nil,
secret: "[FILTERED]",
version: 2,
uploaded_by_user_id: 1,
organization_id: nil,
namespace_id: nil,
project_id: 1,
verification_checksum: nil>
```
1. Optionally, use the `id` of the affected resources to determine if they are still needed:
```ruby
Upload.find(55)
=> #<Upload:0x00007b362bb6c4e8
id: 55,
size: 13346,
path: "503d99159e2aa8a3ac23602058cfdf58/openbao.png",
checksum: "db29d233de49b25d2085dcd8610bac787070e721baa8dcedba528a292b6e816b",
model_id: 1,
model_type: "Project",
uploader: "FileUploader",
created_at: Thu, 01 May 2025 15:54:10.549178000 UTC +00:00,
store: 1,
mount_point: nil,
secret: "[FILTERED]",
version: 2,
uploaded_by_user_id: 1,
organization_id: nil,
namespace_id: nil,
project_id: 1,
verification_checksum: nil>
```
- If you determine that the affected resources need to be recovered, then you can explore the following options (non-exhaustive) to recover them:
- Check if the secondary site has the object and manually copy them to the primary.
- Look through old backups and manually copy the object back into the primary site.
- Spot check some to try to determine that it's probably fine to destroy the records, for example, if they are all very old artifacts, then maybe they are not critical data.
1. Use the `id` of the identified resources to properly delete them individually or in bulk by using `destroy`. Ensure to use the appropriate *Geo Model class* name.
- Delete individual resources:
```ruby
Upload.find(55).destroy
```
- Delete all affected resources:
```ruby
def destroy_uploads_not_checksummable
uploads = Upload.verification_failed.where("verification_failure like '%File is not checksummable%'");1
puts "Found #{uploads.count} resources that failed verification with 'File is not checksummable'."
puts "Enter 'y' to continue: "
prompt = STDIN.gets.chomp
if prompt != 'y'
puts "Exiting without action..."
return
end
puts "Destroying all..."
uploads.destroy_all
end
destroy_uploads_not_checksummable
```
Repeat the steps for all affected resources and Geo data types.
### Message: `"Error during verification","error":"File is not checksummable"`
The error `"Error during verification","error":"File is not checksummable"` is caused by inconsistencies on the primary site. Follow the instructions provided in [The file is missing on the Geo primary site](#message-the-file-is-missing-on-the-geo-primary-site).
### Failed verification of Uploads on the primary Geo site
If verification of some uploads is failing on the primary Geo site with `verification_checksum = nil` and with `verification_failure` containing ``Error during verification: undefined method `underscore' for NilClass:Class`` or ``The model which owns this Upload is missing.``, this is due to orphaned Uploads. The parent record owning the Upload (the upload's "model") has somehow been deleted, but the Upload record still exists. This is usually due to a bug in the application, introduced by implementing bulk delete of the "model" while forgetting to bulk delete its associated Upload records. These verification failures are therefore not failures to verify, rather, the errors are a result of bad data in Postgres.
@ -418,52 +570,6 @@ And to actually delete the orphaned upload rows:
delete_orphaned_uploads(dry_run: false)
```
### Message: `"Error during verification","error":"File is not checksummable"`
If you encounter these errors in your primary site `geo.log`, they're also reflected in the UI under **Admin > Geo > Sites**. To remove those errors, you can identify the particular blob that generates the message so that you can inspect it.
1. In a Puma or Sidekiq node in the primary site, [open a Rails console](../../../operations/rails_console.md#starting-a-rails-console-session).
1. Run the following snippet to find the affected artifacts containing the `File is not checksummable` message:
{{< alert type="note" >}}
The example provided below uses `JobArtifact` blob type; however, the same solution applies to any blob type that Geo uses.
{{< /alert >}}
```ruby
artifacts = Ci::JobArtifact.verification_failed.where("verification_failure like '%File is not checksummable%'");1
puts "Found #{artifacts.count} artifacts that failed verification with 'File is not checksummable'. The first one:"
pp artifacts.first
```
If you determine that the affected files need to be recovered then you can explore these options (non-exhaustive) to recover the missing files:
- Check if the secondary site has the object and manually copy them to the primary.
- Look through old backups and manually copy the object back into the primary site.
- Spot check some to try to determine that it's probably fine to destroy the records, for example, if they are all very old artifacts, then maybe they are not critical data.
Often, these kinds of errors happen when a file is checksummed by Geo, and then goes missing from the primary site. After you identify the affected files, you should check the projects that the files belong to from the UI to decide if it's acceptable to delete the file reference. If so, you can destroy the references with the following irreversible snippet:
```ruby
def destroy_artifacts_not_checksummable
artifacts = Ci::JobArtifact.verification_failed.where("verification_failure like '%File is not checksummable%'");1
puts "Found #{artifacts.count} artifacts that failed verification with 'File is not checksummable'."
puts "Enter 'y' to continue: "
prompt = STDIN.gets.chomp
if prompt != 'y'
puts "Exiting without action..."
return
end
puts "Destroying all..."
artifacts.destroy_all
end
destroy_artifacts_not_checksummable
```
### Error: `Error syncing repository: 13:fatal: could not read Username`
The `last_sync_failure` error

2
doc/administration/pages/troubleshooting.md
View File

@ -30,7 +30,7 @@ For more information, see [Getting the correlation ID from your logs](../logs/tr
The following sequence diagram illustrates how GitLab Pages requests are served.
For more information on how a GitLab Pages site is deployed and serves static content from Object Storage,
see [GitLab Pages Architecture](https://handbook.gitlab.com/handbook/engineering/architecture/design-documents/cloud_native_gitlab_pages/#new-gitlab-pages-architecture).
see the GitLab Pages Architecture documentation.
```mermaid
%%{init: { "fontFamily": "GitLab Sans" }}%%

2
doc/api/epic_issues.md
View File

@ -17,7 +17,7 @@ title: Epic Issues API
The Epics REST API was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/460668) in GitLab 17.0
and is planned for removal in v5 of the API.
In GitLab 17.4 or later, if [the new look for epics](../user/group/epics/epic_work_items.md) is enabled, use the
[Work Items API](https://handbook.gitlab.com/handbook/engineering/architecture/design-documents/work_items/) instead. For more information, see the [guide how to migrate your existing APIs](graphql/epic_work_items_api_migration_guide.md).
Work Items API instead. For more information, see [migrate epic APIs to work items](graphql/epic_work_items_api_migration_guide.md).
This change is a breaking change.
{{< /alert >}}

2
doc/api/epic_links.md
View File

@ -17,7 +17,7 @@ title: Epic Links API
The Epics REST API was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/460668) in GitLab 17.0
and is planned for removal in v5 of the API.
In GitLab 17.4 or later, if [the new look for epics](../user/group/epics/epic_work_items.md) is enabled, use the
[Work Items API](https://handbook.gitlab.com/handbook/engineering/architecture/design-documents/work_items/) instead. For more information, see the [guide how to migrate your existing APIs](graphql/epic_work_items_api_migration_guide.md).
Work Items API instead. For more information, see [migrate epic APIs to work items](graphql/epic_work_items_api_migration_guide.md).
This change is a breaking change.
{{< /alert >}}

2
doc/api/epics.md
View File

@ -17,7 +17,7 @@ title: Epics API (deprecated)
The Epics REST API was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/460668) in GitLab 17.0
and is planned for removal in v5 of the API.
In GitLab 17.4 or later, if [the new look for epics](../user/group/epics/epic_work_items.md) is enabled, use the
[Work Items API](https://handbook.gitlab.com/handbook/engineering/architecture/design-documents/work_items/) instead. For more information, see the [guide how to migrate your existing APIs](graphql/epic_work_items_api_migration_guide.md).
Work Items API instead. For more information, see [migrate epic APIs to work items](graphql/epic_work_items_api_migration_guide.md).
This change is a breaking change.
{{< /alert >}}

2
doc/api/linked_epics.md
View File

@ -24,7 +24,7 @@ title: Linked epics API
The Epics REST API was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/460668) in GitLab 17.0
and is planned for removal in v5 of the API.
In GitLab 17.4 or later, if [the new look for epics](../user/group/epics/epic_work_items.md) is enabled, use the
[Work Items API](https://handbook.gitlab.com/handbook/engineering/architecture/design-documents/work_items/) instead. For more information, see the [guide how to migrate your existing APIs](graphql/epic_work_items_api_migration_guide.md).
Work Items API instead. For more information, see [migrate epic APIs to work items](graphql/epic_work_items_api_migration_guide.md).
This change is a breaking change.
{{< /alert >}}

2
doc/api/notes.md
View File

@ -515,7 +515,7 @@ curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" \
The Epics REST API was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/460668) in GitLab 17.0
and is planned for removal in v5 of the API.
In GitLab 17.4 or later, if [the new look for epics](../user/group/epics/epic_work_items.md) is enabled, use the
[Work Items API](https://handbook.gitlab.com/handbook/engineering/architecture/design-documents/work_items/) instead. For more information, see the [guide how to migrate your existing APIs](graphql/epic_work_items_api_migration_guide.md).
Work Items API instead. For more information, see [migrate epic APIs to work items](graphql/epic_work_items_api_migration_guide.md).
This change is a breaking change.
{{< /alert >}}

9
doc/api/openapi/openapi_v2.yaml
View File

@ -1,3 +1,12 @@
#############################################################################################
# This documentation is auto-generated by a script. #
# Please do not edit this file directly. #
# #
# To edit the introductory text, modify `lib/tasks/gitlab/openapi.rake`. #
# #
# Run `bin/rake gitlab:openapi:generate` #
#############################################################################################
---
info:
title: GitLab API

2
doc/api/resource_label_events.md
View File

@ -115,7 +115,7 @@ curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/a
The Epics REST API was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/460668) in GitLab 17.0
and is planned for removal in v5 of the API.
In GitLab 17.4 or later, if [the new look for epics](../user/group/epics/epic_work_items.md) is enabled, use the
[Work Items API](https://handbook.gitlab.com/handbook/engineering/architecture/design-documents/work_items/) instead. For more information, see the [guide how to migrate your existing APIs](graphql/epic_work_items_api_migration_guide.md).
Work Items API instead. For more information, see [migrate epic APIs to work items](graphql/epic_work_items_api_migration_guide.md).
This change is a breaking change.
{{< /alert >}}

2
doc/api/resource_state_events.md
View File

@ -233,7 +233,7 @@ Example response:
The Epics REST API was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/460668) in GitLab 17.0
and is planned for removal in v5 of the API.
In GitLab 17.4 or later, if [the new look for epics](../user/group/epics/epic_work_items.md) is enabled, use the
[Work Items API](https://handbook.gitlab.com/handbook/engineering/architecture/design-documents/work_items/) instead. For more information, see the [guide how to migrate your existing APIs](graphql/epic_work_items_api_migration_guide.md).
Work Items API instead. For more information, see [migrate epic APIs to work items](graphql/epic_work_items_api_migration_guide.md).
This change is a breaking change.
{{< /alert >}}

2
doc/integration/arkose.md
View File

@ -156,7 +156,7 @@ index 191ae0b5cf82..b2d888b98c95 100644
## Additional resources
<!-- markdownlint-disable MD044 -->
The [Anti-abuse team](https://handbook.gitlab.com/handbook/engineering/development/sec/software-supply-chain-security/anti-abuse/#group-members) owns the ArkoseLabs Protect feature. You can join the ArkoseLabs and GitLab collaboration channel on Slack: [#ext-gitlab-arkose](https://gitlab.slack.com/archives/C02SGF6RLPQ).
The Anti-abuse team owns the ArkoseLabs Protect feature. You can join the ArkoseLabs and GitLab collaboration channel on Slack: [#ext-gitlab-arkose](https://gitlab.slack.com/archives/C02SGF6RLPQ).
<!-- markdownlint-enable MD044 -->
ArkoseLabs also maintains the following resources:

1
doc/security/_index.md
View File

@ -82,7 +82,6 @@ GitLab Self-Managed customers and administrators are responsible for the securit
- [How to use correlation ID to trace logs](../administration/logs/tracing_correlation_id.md).
- [Logging configuration and access](https://docs.gitlab.com/omnibus/settings/logs.html).
- [How to configure audit event streaming](../administration/audit_event_streaming/_index.md).
- [Providing assistance to GitLab.com customers during customer-based security incidents](https://handbook.gitlab.com/handbook/security/customer-requests/#conditions-and-requirements).
## Response

4
doc/security/email_verification.md
View File

@ -56,7 +56,3 @@ amount defined in the [configurable locked user policy](unlock_user.md#gitlab-se
Accounts with 2FA or OAuth are automatically unlocked after ten minutes, or more than the
amount defined in the [configurable locked user policy](unlock_user.md#gitlab-self-managed-and-gitlab-dedicated-users).
To unlock an account manually, reset your password.
## Related topics
- [Locked and blocked account support](https://handbook.gitlab.com/handbook/support/workflows/reinstating-blocked-accounts/)

4
doc/security/identity_verification.md
View File

@ -102,7 +102,3 @@ Users with phone numbers from partially supported countries can try [credit card
In addition to email and phone number verification, you might have to provide a valid credit card number.
You cannot verify an account with a credit card number associated with a banned user.
## Related topics
- [Changing risk assessment support](https://handbook.gitlab.com/handbook/support/workflows/reinstating-blocked-accounts/#change-risk-assessment-credit-card-verification)

2
doc/security/unlock_user.md
View File

@ -21,7 +21,7 @@ If two-factor authentication (2FA) is enabled, accounts are locked after three f
If 2FA is not enabled user accounts are locked after three failed sign-in attempts within 24 hours. Accounts remain locked until:
- The next successful sign-in, at which point the user must verify their identity with a code sent to their email.
- GitLab Support verifies the identity of the user and [manually unlocks](https://handbook.gitlab.com/handbook/support/workflows/reinstating-blocked-accounts/#manual-unlock) the account.
- GitLab Support verifies the identity of the user and manually unlocks the account.
## GitLab Self-Managed and GitLab Dedicated users

6
doc/subscriptions/community_programs.md
View File

@ -10,11 +10,11 @@ GitLab provides the following community program subscriptions.
## GitLab for Education
For qualifying non-profit educational institutions, the [GitLab for Education Program](https://about.gitlab.com/solutions/education/) provides GitLab Ultimate, plus 50,000 compute minutes per month. The subscription granted under GitLab for Education can only be used for instructional use or non-commercial academic research. For more information, including instructions for applying to the program and renewing program membership, see the [GitLab for Education Program page](https://about.gitlab.com/solutions/education/) and the [GitLab handbook](https://handbook.gitlab.com/handbook/marketing/developer-relations/community-programs/education-program/).
For qualifying non-profit educational institutions, the [GitLab for Education Program](https://about.gitlab.com/solutions/education/) provides GitLab Ultimate, plus 50,000 compute minutes per month. The subscription granted under GitLab for Education can only be used for instructional use or non-commercial academic research. For more information, including instructions for applying to the program and renewing program membership, see the [GitLab for Education Program page](https://about.gitlab.com/solutions/education/) and the GitLab handbook.
## GitLab for Open Source
For qualifying open source projects, the [GitLab for Open Source Program](https://about.gitlab.com/solutions/open-source/) provides GitLab Ultimate, plus 50,000 compute minutes per month. For more information, including instructions for applying to the program and renewing program membership, see the [GitLab for Open Source Program page](https://about.gitlab.com/solutions/open-source/) and the [GitLab handbook](https://handbook.gitlab.com/handbook/marketing/developer-relations/community-programs/open-source-program/).
For qualifying open source projects, the [GitLab for Open Source Program](https://about.gitlab.com/solutions/open-source/) provides GitLab Ultimate, plus 50,000 compute minutes per month. For more information, including instructions for applying to the program and renewing program membership, see the [GitLab for Open Source Program page](https://about.gitlab.com/solutions/open-source/) and the GitLab handbook.
### Meeting GitLab for Open Source Program requirements
@ -56,4 +56,4 @@ Benefits of the GitLab Open Source Program apply to all projects in a GitLab nam
## GitLab for Startups
For qualifying startups, the [GitLab for Startups](https://about.gitlab.com/solutions/startups/) program provides GitLab Ultimate, plus 50,000 compute minutes per month for 12 months. For more information, including instructions for applying to the program and renewing program membership, see the [GitLab for Startups Program page](https://about.gitlab.com/solutions/startups/) and the [GitLab handbook](https://handbook.gitlab.com/handbook/marketing/developer-relations/community-programs/startups-program/).
For qualifying startups, the [GitLab for Startups](https://about.gitlab.com/solutions/startups/) program provides GitLab Ultimate, plus 50,000 compute minutes per month for 12 months. For more information, including instructions for applying to the program and renewing program membership, see the [GitLab for Startups Program page](https://about.gitlab.com/solutions/startups/) and the GitLab handbook.

2
doc/subscriptions/gitlab_dedicated/_index.md
View File

@ -118,7 +118,7 @@ When you add a custom hostname:
- The hostname is included in the external URL used to access your instance.
- Any connections to your instance using the previous domain names are no longer available.
To add a custom hostname after your instance is created, submit a [support ticket](https://support.gitlab.com/hc/en-us/requests/new?ticket_form_id=4414917877650).
For more information about using a custom hostname for your GitLab Dedicated instance, see [bring your own domain (BYOD)](../../administration/dedicated/configure_instance/network_security.md#bring-your-own-domain-byod).
{{< alert type="note" >}}

2
doc/topics/plan_and_track.md
View File

@ -17,7 +17,7 @@ use Git to interact with GitLab.
For a thorough demo of Plan features, see
[Multi-team planning with GitLab Ultimate](https://www.youtube.com/watch?v=KmASFwSap7c).
In this video, Gabe describes a use case of a multi-team organization that uses GitLab
with [Scaled Agile Framework (SAFe)](https://handbook.gitlab.com/handbook/marketing/brand-and-product-marketing/product-and-solution-marketing/demo/executive-demo/#scaled-agile-framework-safe).
with Scaled Agile Framework (SAFe).
Alternatively, to learn how to map the SAFe to what you can do in GitLab see
[SAFe without silos in GitLab](https://about.gitlab.com/blog/2025/04/08/safe-without-silos-in-gitlab/).

1
doc/tutorials/boards_for_standups/_index.md
View File

@ -179,4 +179,3 @@ Your team can now use this board to run effective stand-ups.
- [Plan and track work tutorials](../plan_and_track.md).
- [Stand-ups, retrospectives, and velocity](../scrum_events/standups_retrospectives_velocity.md)
- [Product Development Flow](https://handbook.gitlab.com/handbook/product-development-flow/): how we use workflow labels at GitLab.

1
doc/tutorials/boards_for_teams/_index.md
View File

@ -19,7 +19,6 @@ This tutorial shows you how to set up [issue boards](../../user/project/issue_bo
In this example, you'll create two issue boards for the UX and Frontend teams.
Using the following steps, you can create issue boards and workflows for more sub-teams, like Backend
or Quality Assurance.
To learn how we use workflow labels at GitLab, see [Product Development Flow](https://handbook.gitlab.com/handbook/product-development-flow/).
To set up issue boards for multiple teams:

2
doc/user/application_security/api_fuzzing/_index.md
View File

@ -58,7 +58,7 @@ Example projects using these methods are available:
To get support for your particular problem use the [getting help channels](https://about.gitlab.com/get-help/).
The [GitLab issue tracker on GitLab.com](https://gitlab.com/gitlab-org/gitlab/-/issues) is the right place for bugs and feature proposals about API Security and API Fuzzing.
Use `~"Category:API Security"` label when opening a new issue regarding API fuzzing to ensure it is quickly reviewed by the right people. Refer to our [review response SLO](https://handbook.gitlab.com/handbook/engineering/workflow/code-review/#review-response-slo) to understand when you should receive a response.
Use `~"Category:API Security"` label when opening a new issue regarding API fuzzing to ensure it is quickly reviewed by the right people. Refer to our review response SLO to understand when you should receive a response.
[Search the issue tracker](https://gitlab.com/gitlab-org/gitlab/-/issues) for similar entries before submitting your own, there's a good chance somebody else had the same issue or feature proposal. Show your support with an emoji reaction or join the discussion.

2
doc/user/application_security/api_security/api_discovery/_index.md
View File

@ -173,7 +173,7 @@ After the API Discovery job has successfully run, the OpenAPI document is availa
To get support for your particular problem, use the [getting help channels](https://about.gitlab.com/get-help/).
The [GitLab issue tracker on GitLab.com](https://gitlab.com/gitlab-org/gitlab/-/issues) is the right place for bugs and feature proposals about API Discovery.
Use `~"Category:API Security"` label when opening a new issue regarding API Discovery to ensure it is quickly reviewed by the right people. Refer to our [review response SLO](https://handbook.gitlab.com/handbook/engineering/workflow/code-review/#review-response-slo) to understand when you should receive a response.
Use `~"Category:API Security"` label when opening a new issue regarding API Discovery to ensure it is quickly reviewed by the right people. Refer to our review response SLO to understand when you should receive a response.
[Search the issue tracker](https://gitlab.com/gitlab-org/gitlab/-/issues) for similar entries before submitting your own, there's a good chance somebody else had the same issue or feature proposal. Show your support with an emoji reaction or join the discussion.

2
doc/user/application_security/api_security_testing/_index.md
View File

@ -76,7 +76,7 @@ The following projects demonstrate API security testing scanning:
To get support for your particular problem, use the [getting help channels](https://about.gitlab.com/get-help/).
The [GitLab issue tracker on GitLab.com](https://gitlab.com/gitlab-org/gitlab/-/issues) is the right place for bugs and feature proposals about API Security and API security testing.
Use `~"Category:API Security"` label when opening a new issue regarding API security testing to ensure it is quickly reviewed by the right people. Refer to our [review response SLO](https://handbook.gitlab.com/handbook/engineering/workflow/code-review/#review-response-slo) to understand when you should receive a response.
Use `~"Category:API Security"` label when opening a new issue regarding API security testing to ensure it is quickly reviewed by the right people. Refer to our review response SLO to understand when you should receive a response.
[Search the issue tracker](https://gitlab.com/gitlab-org/gitlab/-/issues) for similar entries before submitting your own, there's a good chance somebody else had the same issue or feature proposal. Show your support with an emoji reaction or join the discussion.

2
doc/user/group/epics/linked_epics.md
View File

@ -193,7 +193,7 @@ The relationship only shows up in the UI if the user can see both items.
When you try to close an epic linked to an open blocker, a warning is displayed.
To manage linked epics through our API, see the
[Work Items API](https://handbook.gitlab.com/handbook/engineering/architecture/design-documents/work_items/).
Work Items API.
### Add a linked item

2
doc/user/group/epics/manage_epics.md
View File

@ -859,8 +859,6 @@ You can create a spreadsheet template to manage a pattern of consistently repeat
<i class="fa fa-youtube-play youtube" aria-hidden="true"></i>
For an introduction to epic templates, see [GitLab Epics and Epic Template Tip](https://www.youtube.com/watch?v=D74xKFNw8vg).
For more on epic templates, see [Epic Templates - Repeatable sets of issues](https://handbook.gitlab.com/handbook/marketing/brand-and-product-marketing/product-and-solution-marketing/getting-started/104/).
## Multi-level child epics
{{< details >}}

2
doc/user/group/saml_sso/troubleshooting_scim.md
View File

@ -161,7 +161,7 @@ To resolve this issue, you can do either of the following:
{{< /details >}}
GitLab.com administrators can search for SCIM requests in the `api_json.log` using the `pubsub-rails-inf-gprd-*` index in
[Kibana](https://handbook.gitlab.com/handbook/support/workflows/kibana/#using-kibana). Use the following filters based
Kibana. Use the following filters based
on the internal [group SCIM API](../../../development/internal_api/_index.md#group-scim-api):
- `json.path`: `/scim/v2/groups/<group-path>`

3
doc/user/infrastructure/clusters/_index.md
View File

@ -49,9 +49,6 @@ scheduled yet.
Follow this [epic](https://gitlab.com/groups/gitlab-org/configure/-/epics/8)
for updates.
You can find technical information about why we moved away from cluster certificates into
the GitLab agent model on the [agent's design document](https://handbook.gitlab.com/handbook/engineering/architecture/design-documents/gitlab_to_kubernetes_communication/).
If you need more time to migrate to GitLab agent, you can [enable the feature flag](../../../administration/feature_flags.md)
named `certificate_based_clusters`, which was [introduced in GitLab 15.0](../../../update/deprecations.md#gitlab-self-managed-certificate-based-integration-with-kubernetes).
This feature flag re-enables the certificate-based Kubernetes integration.

2
doc/user/infrastructure/clusters/migrate_to_gitlab_agent.md
View File

@ -81,7 +81,7 @@ With GitLab-managed Kubernetes resources, you can:
- Set up environments securely without manual intervention.
- Control resource creation and access without giving developers administrative cluster permissions.
- Provide self-service capabilities for [developers](https://handbook.gitlab.com/handbook/product/personas/#sasha-software-developer) when they create a new project or environment.
- Provide self-service capabilities for developers when they create a new project or environment.
- Allow developers to deploy testing and development versions in dedicated or shared namespaces.
Prerequisites:

1
doc/user/permissions.md
View File

@ -666,7 +666,6 @@ To work around the issue, give these users the Guest role or higher to any proje
## Related topics
- [Custom roles](custom_roles/_index.md)
- [The GitLab principles behind permissions](https://handbook.gitlab.com/handbook/product/categories/gitlab-the-product/#permissions-in-gitlab)
- [Members](project/members/_index.md)
- Customize permissions on [protected branches](project/repository/branches/protected.md)
- [LDAP user permissions](group/access_and_permissions.md#manage-group-memberships-with-ldap)

3
doc/user/profile/_index.md
View File

@ -84,8 +84,7 @@ Prerequisites:
- Your namespace must not:
- Contain a project with [Container Registry](../packages/container_registry/_index.md) tags.
- Have a project that hosts [GitLab Pages](../project/pages/_index.md). For more information,
see [changing your username in the GitLab Team Handbook](https://handbook.gitlab.com/handbook/tools-and-tips/#change-your-username-at-gitlabcom).
- Have a project that hosts [GitLab Pages](../project/pages/_index.md).
- Your username:
- Must be between 2 and 255 characters in length.
- Must only include non-accented letters, digits, `_`, `-`, and `.`.

34
doc/user/profile/service_accounts.md
View File

@ -55,7 +55,7 @@ You can also manage service accounts through the API.
{{< /history >}}
The Service Accounts page displays information about service accounts in your top-level group or instance. Each top-level group and GitLab Self-Managed instance has a separate Service Accounts page. From these pages, you can:
The service accounts page displays information about service accounts in your top-level group or instance. Each top-level group and GitLab Self-Managed instance has a separate service accounts page. From these pages, you can:
- View all service accounts for your group or instance.
- Delete a service account.
@ -69,7 +69,7 @@ The Service Accounts page displays information about service accounts in your to
To view service accounts for the entire instance:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Settings > Service Accounts**.
1. Select **Settings > Service accounts**.
{{< /tab >}}
@ -78,7 +78,7 @@ To view service accounts for the entire instance:
To view service accounts for a top-level group:
1. On the left sidebar, select **Search or go to** and find your group.
1. Select **Settings > Service Accounts**.
1. Select **Settings > Service accounts**.
{{< /tab >}}
@ -107,7 +107,7 @@ The number of service accounts you can create is limited by your license:
To create a service account:
1. Go to the [Service Accounts](#view-and-manage-service-accounts) page.
1. Go to the [Service accounts](#view-and-manage-service-accounts) page.
1. Select **Add service account**.
1. Enter a name for the service account. A username is automatically generated based on the name. You can modify the username if needed.
1. Select **Create service account**.
@ -118,7 +118,7 @@ You can edit the name or username of a service account.
To edit a service account:
1. Go to the [Service Accounts](#view-and-manage-service-accounts) page.
1. Go to the [Service accounts](#view-and-manage-service-accounts) page.
1. Identify a service account.
1. Select the vertical ellipsis ({{< icon name="ellipsis_v" >}}) > **Edit**.
1. Edit the name or username for the service account.
@ -148,18 +148,18 @@ merge requests, issues, projects, and groups.
To delete a service account:
1. Go to the [Service Accounts](#view-and-manage-service-accounts) page.
1. Go to the [Service accounts](#view-and-manage-service-accounts) page.
1. Identify a service account.
1. Select the vertical ellipsis ({{< icon name="ellipsis_v" >}}) > **Delete Account**.
1. Select the vertical ellipsis ({{< icon name="ellipsis_v" >}}) > **Delete account**.
1. Enter the name of the service account.
1. Select **Delete user**.
You can also delete the service account and any contributions made by the account. These
contributions can include activity such as merge requests, issues, groups, and projects.
1. Go to the [Service Accounts](#view-and-manage-service-accounts) page.
1. Go to the [Service accounts](#view-and-manage-service-accounts) page.
1. Identify a service account.
1. Select the vertical ellipsis ({{< icon name="ellipsis_v" >}}) > **Delete Account and Contributions**.
1. Select the vertical ellipsis ({{< icon name="ellipsis_v" >}}) > **Delete account and contributions**.
1. Enter the name of the service account.
1. Select **Delete user and contributions**.
@ -183,9 +183,9 @@ You can also manage personal access tokens for service accounts through the API.
To view the personal access tokens page for a service account:
1. Go to the [Service Accounts](#view-and-manage-service-accounts) page.
1. Go to the [Service accounts](#view-and-manage-service-accounts) page.
1. Identify a service account.
1. Select the vertical ellipsis ({{< icon name="ellipsis_v" >}}) > **Manage Access Tokens**.
1. Select the vertical ellipsis ({{< icon name="ellipsis_v" >}}) > **Manage access tokens**.
### Create a personal access token for a service account
@ -193,9 +193,9 @@ To use a service account, you must create a personal access token to authenticat
To create a personal access token for a service account:
1. Go to the [Service Accounts](#view-and-manage-service-accounts) page.
1. Go to the [Service accounts](#view-and-manage-service-accounts) page.
1. Identify a service account.
1. Select the vertical ellipsis ({{< icon name="ellipsis_v" >}}) > **Manage Access Tokens**.
1. Select the vertical ellipsis ({{< icon name="ellipsis_v" >}}) > **Manage access tokens**.
1. Select **Add new token**.
1. In **Token name**, enter a name for the token.
1. Optional. In **Token description**, enter a description for the token.
@ -218,9 +218,9 @@ This cannot be undone. Any services that rely on the rotated token will stop wor
To rotate a personal access token for a service account:
1. Go to the [Service Accounts](#view-and-manage-service-accounts) page.
1. Go to the [Service accounts](#view-and-manage-service-accounts) page.
1. Identify a service account.
1. Select the vertical ellipsis ({{< icon name="ellipsis_v" >}}) > **Manage Access Tokens**.
1. Select the vertical ellipsis ({{< icon name="ellipsis_v" >}}) > **Manage access tokens**.
1. Select **Rotate**.
1. On the confirmation dialog, select **Rotate**.
@ -236,9 +236,9 @@ This cannot be undone. Any services that rely on the revoked token will stop wor
To revoke a personal access token for a service account:
1. Go to the [Service Accounts](#view-and-manage-service-accounts) page.
1. Go to the [Service accounts](#view-and-manage-service-accounts) page.
1. Identify a service account.
1. Select the vertical ellipsis ({{< icon name="ellipsis_v" >}}) > **Manage Access Tokens**.
1. Select the vertical ellipsis ({{< icon name="ellipsis_v" >}}) > **Manage access tokens**.
1. Select **Revoke**.
1. On the confirmation dialog, select **Revoke**.

22
lib/tasks/gitlab/openapi.rake
View File

@ -1,5 +1,17 @@
# frozen_string_literal: true
YAML_DOC_INTRODUCTION = <<-INTRO
#############################################################################################
# This documentation is auto-generated by a script. #
# Please do not edit this file directly. #
# #
# To edit the introductory text, modify `lib/tasks/gitlab/openapi.rake`. #
# #
# Run `bin/rake gitlab:openapi:generate` #
#############################################################################################
INTRO
if Rails.env.development? || Rails.env.test?
require 'grape-swagger/rake/oapi_tasks'
GrapeSwagger::Rake::OapiTasks.new('::API::API')
@ -17,14 +29,16 @@ namespace :gitlab do
end
task :generate do
raise 'This task can only be run in the development environment' unless Rails.env.development?
unless Rails.env.development? || Rails.env.test?
raise 'This task can only be run in the development or test environment'
end
ENV['store'] = 'tmp/openapi.json'
Rake::Task["oapi:fetch"].invoke(['openapi.json'])
yaml_content = Gitlab::Json.parse(File.read('tmp/openapi_swagger_doc.json')).to_yaml
File.write("doc/api/openapi/openapi_v2.yaml", yaml_content)
File.write("doc/api/openapi/openapi_v2.yaml", YAML_DOC_INTRODUCTION + yaml_content)
end
task generate_and_check: [:generate, :validate]
@ -35,7 +49,9 @@ namespace :gitlab do
Rake::Task["oapi:fetch"].invoke(['openapi.json'])
current_doc = Digest::SHA512.hexdigest(File.read('doc/api/openapi/openapi_v2.yaml'))
generated_doc = Digest::SHA512.hexdigest(Gitlab::Json.parse(File.read('tmp/openapi_swagger_doc.json')).to_yaml)
generated_doc = Digest::SHA512.hexdigest(
YAML_DOC_INTRODUCTION + Gitlab::Json.parse(File.read('tmp/openapi_swagger_doc.json')).to_yaml
)
if current_doc == generated_doc
puts "OpenAPI documentation is up to date"

46
locale/gitlab.pot
View File

@ -5885,6 +5885,9 @@ msgstr ""
msgid "AiPowered|GitLab Duo Workflow is now on for the instance and the service account (%{accountId}) was created. To use Workflow in your groups, you must turn on AI features for specific groups."
msgstr ""
msgid "AiPowered|GitLab Duo Workflow is now on for the instance. To use Workflow in your groups, you must turn on AI features for specific groups."
msgstr ""
msgid "AiPowered|GitLab Duo seat assignment is now located in GitLab Duo settings."
msgstr ""
@ -27878,6 +27881,9 @@ msgstr ""
msgid "GiB"
msgstr ""
msgid "Git"
msgstr ""
msgid "Git HTTP rate limits"
msgstr ""
@ -28007,6 +28013,9 @@ msgstr ""
msgid "GitLab Billing Team."
msgstr ""
msgid "GitLab CI/CD"
msgstr ""
msgid "GitLab CLI"
msgstr ""
@ -35803,6 +35812,9 @@ msgstr[1] ""
msgid "LearnGitLab|%{percentage}%{percentSymbol} completed"
msgstr ""
msgid "LearnGitLab|10 best practices for using GitLab Duo"
msgstr ""
msgid "LearnGitLab|Add code"
msgstr ""
@ -35851,6 +35863,9 @@ msgstr ""
msgid "LearnGitLab|Enable require merge approvals"
msgstr ""
msgid "LearnGitLab|Enroll"
msgstr ""
msgid "LearnGitLab|Follow these steps to get familiar with the GitLab workflow."
msgstr ""
@ -35863,6 +35878,9 @@ msgstr ""
msgid "LearnGitLab|GitLab works best as a team. Invite your colleague to enjoy all features."
msgstr ""
msgid "LearnGitLab|In this tutorial, we explore 10 tips and best practices to integrate GitLab Duo Chat into your AI-powered DevSecOps workflows and refine your prompts for the best results."
msgstr ""
msgid "LearnGitLab|Included in trial"
msgstr ""
@ -35875,6 +35893,9 @@ msgstr ""
msgid "LearnGitLab|Learn GitLab"
msgstr ""
msgid "LearnGitLab|Learn more"
msgstr ""
msgid "LearnGitLab|Next steps"
msgstr ""
@ -36651,6 +36672,9 @@ msgstr ""
msgid "Managed Account"
msgstr ""
msgid "Managing code"
msgstr ""
msgid "Managing users"
msgstr ""
@ -42817,6 +42841,9 @@ msgstr ""
msgid "Organization|my-organization"
msgstr ""
msgid "Organize work with projects"
msgstr ""
msgid "Orphaned member"
msgstr ""
@ -56742,9 +56769,6 @@ msgstr ""
msgid "Service Account Key"
msgstr ""
msgid "Service Accounts"
msgstr ""
msgid "Service Accounts keys authorize GitLab to deploy your Google Cloud project"
msgstr ""
@ -56772,10 +56796,7 @@ msgstr ""
msgid "Service accounts"
msgstr ""
msgid "ServiceAccounts|Access Tokens"
msgstr ""
msgid "ServiceAccounts|Add Service Account"
msgid "ServiceAccounts|Add service account"
msgstr ""
msgid "ServiceAccounts|An error occurred creating the service account."
@ -56790,16 +56811,16 @@ msgstr ""
msgid "ServiceAccounts|An error occurred while fetching the service accounts."
msgstr ""
msgid "ServiceAccounts|Delete Account"
msgid "ServiceAccounts|Delete account"
msgstr ""
msgid "ServiceAccounts|Delete Account and Contributions"
msgid "ServiceAccounts|Delete account and contributions"
msgstr ""
msgid "ServiceAccounts|Edit"
msgstr ""
msgid "ServiceAccounts|Manage Access Tokens"
msgid "ServiceAccounts|Manage access tokens"
msgstr ""
msgid "ServiceAccounts|Name"
@ -56808,7 +56829,10 @@ msgstr ""
msgid "ServiceAccounts|No service accounts"
msgstr ""
msgid "ServiceAccounts|Service Accounts"
msgid "ServiceAccounts|Personal access tokens"
msgstr ""
msgid "ServiceAccounts|Service accounts"
msgstr ""
msgid "ServiceAccounts|Service accounts are non-human accounts that allow interactions between software applications, systems, or services. %{learnMore}"

10
spec/frontend/ci/reports/codequality_report/components/codequality_issue_body_spec.js
View File

@ -9,9 +9,12 @@ describe('code quality issue body issue body', () => {
const findSeverityIcon = () => wrapper.findByTestId('codequality-severity-icon');
const findGlIcon = () => wrapper.findComponent(GlIcon);
const findName = () => wrapper.findByTestId('codequality-name');
const issueName =
'rubygem-rest-client: session fixation vulnerability via Set-Cookie headers in 30x redirection responses.';
const codequalityIssue = {
name: 'rubygem-rest-client: session fixation vulnerability via Set-Cookie headers in 30x redirection responses',
name: `${issueName} See [here](https://example.org) for details.`,
path: 'Gemfile.lock',
severity: 'normal',
type: 'Issue',
@ -82,7 +85,10 @@ describe('code quality issue body issue body', () => {
it('renders name', () => {
createComponent(STATUS_NEUTRAL);
expect(wrapper.text()).toContain(codequalityIssue.name);
const link = findName().find('a');
expect(link.attributes('href')).toBe('https://example.org');
expect(wrapper.text()).toContain(issueName);
});
});

53
spec/tasks/gitlab/openapi_rake_spec.rb
View File

@ -9,6 +9,56 @@ RSpec.describe 'gitlab:openapi namespace rake tasks', :silence_stdout, feature_c
Rake::Task.define_task(:enable_feature_flags)
end
let(:yaml_doc_introduction) do
<<~INTRO
#############################################################################################
# This documentation is auto-generated by a script. #
# Please do not edit this file directly. #
# #
# To edit the introductory text, modify `lib/tasks/gitlab/openapi.rake`. #
# #
# Run `bin/rake gitlab:openapi:generate` #
#############################################################################################
INTRO
end
describe 'gitlab:openapi:generate' do
let(:json_content) { '{"key": "value"}' }
let(:yaml_content) { "---\nkey: value\n" }
before do
allow(Rake::Task['oapi:fetch']).to receive(:invoke)
allow(File).to receive(:read).with('tmp/openapi_swagger_doc.json').and_return(json_content)
allow(File).to(
receive(:read).with(Rails.root.join('deprecations/tasks/gitlab/openapi_rake.yml').to_s).and_call_original
)
end
it 'generates the OpenAPI documentation' do
expect(ENV).to receive(:[]=).with('store', 'tmp/openapi.json')
expect(Rake::Task['oapi:fetch']).to receive(:invoke).with(['openapi.json'])
expect(File).to receive(:write).with(
'doc/api/openapi/openapi_v2.yaml',
yaml_doc_introduction + yaml_content
)
run_rake_task('gitlab:openapi:generate')
end
context 'when not on test or development environments' do
before do
allow(Rails).to receive_message_chain(:env, :test?).and_return(false)
allow(Rails).to receive_message_chain(:env, :development?).and_return(false)
end
it 'raises an error' do
expect { run_rake_task('gitlab:openapi:generate') }
.to raise_error(RuntimeError, 'This task can only be run in the development or test environment')
end
end
end
describe 'gitlab:openapi:check_docs' do
let(:documentation) { {} }
@ -16,7 +66,8 @@ RSpec.describe 'gitlab:openapi namespace rake tasks', :silence_stdout, feature_c
allow(Rake::Task['oapi:fetch']).to receive(:invoke)
allow(File).to receive(:read).and_call_original
allow(File).to receive(:read).with('tmp/openapi_swagger_doc.json').and_return('{}')
allow(File).to receive(:read).with('doc/api/openapi/openapi_v2.yaml').and_return(documentation.to_yaml)
allow(File).to receive(:read).with('doc/api/openapi/openapi_v2.yaml')
.and_return(yaml_doc_introduction + documentation.to_yaml)
end
it 'passes when documentation is up to date' do