diff --git a/.eslint_todo/vue-no-unused-properties.mjs b/.eslint_todo/vue-no-unused-properties.mjs index 48b6d32b0b2..7419aafde70 100644 --- a/.eslint_todo/vue-no-unused-properties.mjs +++ b/.eslint_todo/vue-no-unused-properties.mjs @@ -609,7 +609,6 @@ export default { 'ee/app/assets/javascripts/work_items/components/work_item_links/work_item_rolled_up_health_status.vue', 'ee/app/assets/javascripts/work_items/components/work_item_progress.vue', 'ee/app/assets/javascripts/work_items/components/work_item_rolledup_dates.vue', - 'ee/app/assets/javascripts/work_items/components/work_item_weight.vue', 'ee/app/assets/javascripts/workspaces/common/components/workspaces_list/workspaces_table.vue', 'ee/app/assets/javascripts/workspaces/dropdown_group/components/workspace_dropdown_item.vue', 'ee/app/assets/javascripts/workspaces/user/pages/list.vue', diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION index 67dad5b678c..30754fe562d 100644 --- a/GITALY_SERVER_VERSION +++ b/GITALY_SERVER_VERSION @@ -1 +1 @@ -8ee24aca568eff50b309b6555a96545d71b77979 +5ba826bb0ae2842ea51fbfb42d6cdb5a0fd12f2f diff --git a/app/assets/javascripts/graphql_shared/possible_types.json b/app/assets/javascripts/graphql_shared/possible_types.json index eb34e3ee0d8..6b6d1cb39d9 100644 --- a/app/assets/javascripts/graphql_shared/possible_types.json +++ b/app/assets/javascripts/graphql_shared/possible_types.json @@ -68,6 +68,17 @@ "Submodule", "TreeEntry" ], + "EventTargetType": [ + "Design", + "Issue", + "MergeRequest", + "Milestone", + "Note", + "Project", + "Snippet", + "UserCore", + "WikiPage" + ], "Eventable": [ "BoardEpic", "Epic" diff --git a/app/assets/javascripts/projects/pipelines/charts/components/app.vue b/app/assets/javascripts/projects/pipelines/charts/components/app.vue index b48c6d71030..3233eecc2f9 100644 --- a/app/assets/javascripts/projects/pipelines/charts/components/app.vue +++ b/app/assets/javascripts/projects/pipelines/charts/components/app.vue @@ -21,7 +21,7 @@ export default { import('ee_component/dora/components/change_failure_rate_charts.vue'), ProjectQualitySummary: () => import('ee_component/project_quality_summary/app.vue'), }, - piplelinesTabEvent: 'p_analytics_ci_cd_pipelines', + pipelinesTabEvent: 'p_analytics_ci_cd_pipelines', deploymentFrequencyTabEvent: 'p_analytics_ci_cd_deployment_frequency', leadTimeTabEvent: 'p_analytics_ci_cd_lead_time', timeToRestoreServiceTabEvent: 'visit_ci_cd_time_to_restore_service_tab', @@ -94,7 +94,7 @@ export default { diff --git a/app/assets/javascripts/projects/pipelines/charts/components/dashboard_header.vue b/app/assets/javascripts/projects/pipelines/charts/components/dashboard_header.vue new file mode 100644 index 00000000000..3a0b1498d73 --- /dev/null +++ b/app/assets/javascripts/projects/pipelines/charts/components/dashboard_header.vue @@ -0,0 +1,13 @@ + + diff --git a/app/assets/javascripts/projects/pipelines/charts/components/pipeline_charts.vue b/app/assets/javascripts/projects/pipelines/charts/components/pipeline_charts.vue index 629d3835f72..c6d3bc33b6d 100644 --- a/app/assets/javascripts/projects/pipelines/charts/components/pipeline_charts.vue +++ b/app/assets/javascripts/projects/pipelines/charts/components/pipeline_charts.vue @@ -20,6 +20,7 @@ import { } from '../constants'; import getPipelineCountByStatus from '../graphql/queries/get_pipeline_count_by_status.query.graphql'; import getProjectPipelineStatistics from '../graphql/queries/get_project_pipeline_statistics.query.graphql'; +import DashboardHeader from './dashboard_header.vue'; import StatisticsList from './statistics_list.vue'; const defaultAnalyticsValues = { @@ -51,6 +52,7 @@ export default { GlColumnChart, GlChartSeriesLabel, GlSkeletonLoader, + DashboardHeader, StatisticsList, CiCdAnalyticsCharts, }, @@ -316,9 +318,9 @@ export default { {{ failure.text }} -
-

{{ s__('PipelineCharts|CI/CD Analytics') }}

-
+ + {{ s__('PipelineCharts|Pipelines') }} +

{{ __('Pipelines charts') }}

diff --git a/app/assets/javascripts/projects/pipelines/charts/components/pipeline_charts_new.vue b/app/assets/javascripts/projects/pipelines/charts/components/pipeline_charts_new.vue index 4e72b2d8c82..8e3b8b22d67 100644 --- a/app/assets/javascripts/projects/pipelines/charts/components/pipeline_charts_new.vue +++ b/app/assets/javascripts/projects/pipelines/charts/components/pipeline_charts_new.vue @@ -10,6 +10,7 @@ import { DATE_RANGE_LAST_180_DAYS, } from '../constants'; import getPipelineAnalytics from '../graphql/queries/get_pipeline_analytics.query.graphql'; +import DashboardHeader from './dashboard_header.vue'; import StatisticsList from './statistics_list.vue'; import PipelineDurationChart from './pipeline_duration_chart.vue'; import PipelineStatusChart from './pipeline_status_chart.vue'; @@ -18,6 +19,7 @@ export default { components: { GlCollapsibleListbox, GlFormGroup, + DashboardHeader, StatisticsList, PipelineDurationChart, PipelineStatusChart, @@ -106,7 +108,9 @@ export default { -import { GlButton, GlOutsideDirective as Outside } from '@gitlab/ui'; +import { GlButton, GlLoadingIcon, GlOutsideDirective as Outside } from '@gitlab/ui'; import { Mousetrap } from '~/lib/mousetrap'; import { keysFor, SIDEBAR_CLOSE_WIDGET } from '~/behaviors/shortcuts/keybindings'; export default { components: { GlButton, + GlLoadingIcon, }, directives: { Outside, @@ -56,6 +57,7 @@ export default {

+ = MAX_NUM_DELETIONS end + + log_extra_metadata_on_done(:deactivate_expired_pages_deployments, { + deactivated_deployments: count, + duration: Time.current - start + }) end end end diff --git a/app/workers/personal_access_tokens/expiring_worker.rb b/app/workers/personal_access_tokens/expiring_worker.rb index d81d866afbb..8f27cf0713d 100644 --- a/app/workers/personal_access_tokens/expiring_worker.rb +++ b/app/workers/personal_access_tokens/expiring_worker.rb @@ -129,12 +129,7 @@ module PersonalAccessTokens # project bot does not have more than 1 token expiring_user_token = project_bot.personal_access_tokens.first - # If feature flag is not enabled webhooks will only execute if interval is seven_days - resource_namespace = bot_resource_namepace(project_bot.resource_bot_resource) - if Feature.enabled?(:extended_expiry_webhook_execution_setting, resource_namespace) || - interval == :seven_days - execute_web_hooks(project_bot, expiring_user_token, { interval: interval }) - end + execute_web_hooks(project_bot, expiring_user_token, { interval: interval }) interval_days = PersonalAccessToken.notification_interval(interval) deliver_bot_notifications(project_bot, expiring_user_token.name, days_to_expire: interval_days) @@ -221,13 +216,5 @@ module PersonalAccessTokens NotificationService.new end strong_memoize_attr :notification_service - - def bot_resource_namepace(resource) - if resource.is_a?(Project) - resource.namespace - else - resource - end - end end end diff --git a/config/dependency_cruiser.js b/config/dependency_cruiser.js index d5b26c11236..e511fc150cb 100644 --- a/config/dependency_cruiser.js +++ b/config/dependency_cruiser.js @@ -72,9 +72,9 @@ module.exports = { fileName: './config/webpack.config.js', }, cache: { - // Use Yarn's cache directory folder: './tmp/cache/depcruise-cache', - strategy: 'content', + // NOTE: if we want to store cache on CI, set the value to 'content' + strategy: 'metadata', // With compression the cache is around 2MB // Without Compression, cache is 20 times larger compress: true, diff --git a/config/feature_flags/gitlab_com_derisk/extended_expiry_webhook_execution_setting.yml b/config/feature_flags/beta/activity_stream_graphql.yml similarity index 59% rename from config/feature_flags/gitlab_com_derisk/extended_expiry_webhook_execution_setting.yml rename to config/feature_flags/beta/activity_stream_graphql.yml index 5d73d12d580..e868433ce29 100644 --- a/config/feature_flags/gitlab_com_derisk/extended_expiry_webhook_execution_setting.yml +++ b/config/feature_flags/beta/activity_stream_graphql.yml @@ -1,9 +1,9 @@ --- -name: extended_expiry_webhook_execution_setting -feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/499732 -introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/178266 -rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/513684 -milestone: '17.9' -group: group::authentication -type: gitlab_com_derisk +name: activity_stream_graphql +feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/514804 +introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/183872 +rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/524717 +milestone: '17.10' +group: group::personal productivity +type: beta default_enabled: false diff --git a/db/migrate/20250305000001_add_actual_state_updated_at_to_workspaces.rb b/db/migrate/20250305000001_add_actual_state_updated_at_to_workspaces.rb new file mode 100644 index 00000000000..349129dfbd5 --- /dev/null +++ b/db/migrate/20250305000001_add_actual_state_updated_at_to_workspaces.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +class AddActualStateUpdatedAtToWorkspaces < Gitlab::Database::Migration[2.2] + milestone '17.11' + + def change + add_column :workspaces, :actual_state_updated_at, :datetime_with_timezone, null: false, default: '1970-01-01' + end +end diff --git a/db/schema_migrations/20250305000001 b/db/schema_migrations/20250305000001 new file mode 100644 index 00000000000..fea6d4a9943 --- /dev/null +++ b/db/schema_migrations/20250305000001 @@ -0,0 +1 @@ +9f7a9198505162ceb254c9c9ed141395be5a34306e0619c9f1ef4ae0323fc8c7 \ No newline at end of file diff --git a/db/structure.sql b/db/structure.sql index e320d2edfdf..a64f166d769 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -24660,6 +24660,7 @@ CREATE TABLE workspaces ( workspaces_agent_config_version integer NOT NULL, desired_config_generator_version integer, project_ref text, + actual_state_updated_at timestamp with time zone DEFAULT '1970-01-01 00:00:00+00'::timestamp with time zone NOT NULL, CONSTRAINT check_15543fb0fa CHECK ((char_length(name) <= 64)), CONSTRAINT check_157d5f955c CHECK ((char_length(namespace) <= 64)), CONSTRAINT check_2b401b0034 CHECK ((char_length(deployment_resource_version) <= 64)), diff --git a/doc/administration/appearance.md b/doc/administration/appearance.md index a0c6ed82644..29d68310c75 100644 --- a/doc/administration/appearance.md +++ b/doc/administration/appearance.md @@ -204,7 +204,7 @@ To [change the default color theme](../user/profile/preferences.md#change-the-co 1. [Reconfigure and restart GitLab](restart_gitlab.md#reconfigure-a-linux-package-installation). -As of GitLab 17.8, `gitlab_default_theme` can specify [a value from 1 to 10](https://gitlab.com/gitlab-org/omnibus-gitlab/-/blob/17.8.0+ee.0/files/gitlab-config-template/gitlab.rb.template?ref_type=tags#L137) to set the default theme. +As of GitLab 17.8, `gitlab_default_theme` can specify [a value from 1 to 10](https://gitlab.com/gitlab-org/omnibus-gitlab/-/blob/17.8.0+ee.0/files/gitlab-config-template/gitlab.rb.template?ref_type=tags#L137) to set the default theme. | Value | Color | | ------ | ------ | diff --git a/doc/administration/auth/oidc.md b/doc/administration/auth/oidc.md index 6e24292fbd2..6e3b412e986 100644 --- a/doc/administration/auth/oidc.md +++ b/doc/administration/auth/oidc.md @@ -156,7 +156,7 @@ The OpenID Connect provider provides you with a client's details and secret for but you can override these icons by specifying this parameter. GitLab accepts both local paths and absolute URLs. GitLab includes icons for most major social login platforms, - but you can override these icons by specifying an external URL or + but you can override these icons by specifying an external URL or an absolute or relative path to your own icon file. - For local absolute paths, configure the provider settings as `icon: //`. - Store the icon file in `/opt/gitlab/embedded/service/gitlab-rails/public///`. diff --git a/doc/administration/geo/replication/troubleshooting/common.md b/doc/administration/geo/replication/troubleshooting/common.md index f7b20eaf489..d148a989481 100644 --- a/doc/administration/geo/replication/troubleshooting/common.md +++ b/doc/administration/geo/replication/troubleshooting/common.md @@ -429,7 +429,7 @@ This situation can occur: ``` 1. Reconfigure GitLab: - + ```shell sudo gitlab-ctl reconfigure ``` diff --git a/doc/administration/geo/secondary_proxy/_index.md b/doc/administration/geo/secondary_proxy/_index.md index a89b01c7921..ac46e63812c 100644 --- a/doc/administration/geo/secondary_proxy/_index.md +++ b/doc/administration/geo/secondary_proxy/_index.md @@ -243,8 +243,6 @@ To request acceleration of a feature, check if an issue already exists in [epic Secondary site HTTP proxying is enabled by default on a secondary site when it uses a unified URL, meaning, it is configured with the same `external_url` as the primary site. Disabling proxying in this case tends not to be helpful due to completely different behavior being served at the same URL, depending on routing. -Secondary site HTTP proxying is enabled by default on a secondary site when it uses a unified URL, meaning, it is configured with the same `external_url` as the primary site. Disabling proxying in this case tends not to be helpful due to completely different behavior being served at the same URL, depending on routing. - ### What happens if you disable secondary proxying Disabling the proxying feature flag has the following general effects: diff --git a/doc/administration/packages/container_registry_metadata_database.md b/doc/administration/packages/container_registry_metadata_database.md index 0a48fe3c658..4feb9dc570c 100644 --- a/doc/administration/packages/container_registry_metadata_database.md +++ b/doc/administration/packages/container_registry_metadata_database.md @@ -394,7 +394,7 @@ to see how to monitor the progress and health of the online garbage collector. The container registry supports two types of migrations: - **Regular schema migrations**: Changes to the database structure that must run before deploying new application code. These should be fast (no more than a few minutes) to avoid deployment delays. - + - **Post-deployment migrations**: Changes to the database structure that can run while the application is running. Used for longer operations like creating indexes on large tables, avoiding startup delays and extended upgrade downtimes. By default, the registry applies both regular schema and post-deployment migrations simultaneously. To reduce downtime during upgrades, you can skip post-deployment migrations and apply them manually after the application starts. diff --git a/doc/administration/pages/_index.md b/doc/administration/pages/_index.md index dbe7eb35841..3badc1c0ee1 100644 --- a/doc/administration/pages/_index.md +++ b/doc/administration/pages/_index.md @@ -489,7 +489,7 @@ control over how the Pages daemon runs and serves content in your environment. | `sentry_dsn` | The address for sending Sentry crash reporting to. | | `sentry_enabled` | Enable reporting and logging with Sentry, true/false. | | `sentry_environment` | The environment for Sentry crash reporting. | -| `status_uri` | The URL path for a status page, for example, `/@status`. | +| `status_uri` | The URL path for a status page, for example, `/@status`. Configure to enable health check endpoint on GitLab Pages. | | `tls_max_version` | Specifies the maximum TLS version ("tls1.2" or "tls1.3"). | | `tls_min_version` | Specifies the minimum TLS version ("tls1.2" or "tls1.3"). | | `use_http2` | Enable HTTP2 support. | diff --git a/doc/api/graphql/reference/_index.md b/doc/api/graphql/reference/_index.md index 6e60b5851f7..d81441887e9 100644 --- a/doc/api/graphql/reference/_index.md +++ b/doc/api/graphql/reference/_index.md @@ -19826,6 +19826,33 @@ Representation of a GitLab user. | `updatedAt` | [`Time!`](#time) | Timestamp the achievement was last updated. | | `userAchievements` {{< icon name="warning-solid" >}} | [`UserAchievementConnection`](#userachievementconnection) | **Introduced** in GitLab 15.10. **Status**: Experiment. Recipients for the achievement. | +### `ActivityStream` + +Activity streams associated with a user. + +#### Fields with arguments + +##### `ActivityStream.followedUsersActivity` + +Activity from users followed by the current user. + +{{< details >}} +**Introduced** in GitLab 17.10. +**Status**: Experiment. +{{< /details >}} + +Returns [`EventConnection`](#eventconnection). + +This field returns a [connection](#connections). It accepts the +four standard [pagination arguments](#pagination-arguments): +`before: String`, `after: String`, `first: Int`, and `last: Int`. + +###### Arguments + +| Name | Type | Description | +| ---- | ---- | ----------- | +| `target` | [`EventTarget!`](#eventtarget) | Event target. | + ### `AddOnPurchase` Represents AddOn purchase for Namespace. @@ -23621,6 +23648,7 @@ The currently authenticated GitLab user. | Name | Type | Description | | ---- | ---- | ----------- | | `active` | [`Boolean`](#boolean) | Indicates if the user is active. | +| `activity` {{< icon name="warning-solid" >}} | [`ActivityStream`](#activitystream) | **Introduced** in GitLab 17.10. **Status**: Experiment. Recent user activity. | | `avatarUrl` | [`String`](#string) | URL of the user's avatar. | | `bio` | [`String`](#string) | Bio of the user. | | `bot` | [`Boolean!`](#boolean) | Indicates if the user is a bot. | @@ -26061,6 +26089,8 @@ Representing an event. | `author` | [`UserCore!`](#usercore) | Author of this event. | | `createdAt` | [`Time!`](#time) | When this event was created. | | `id` | [`ID!`](#id) | ID of the event. | +| `project` | [`Project`](#project) | Project of this event. | +| `target` | [`EventTargetType`](#eventtargettype) | The target of the event. | | `updatedAt` | [`Time!`](#time) | When this event was updated. | ### `ExternalAuditEventDestination` @@ -42251,6 +42281,22 @@ Event action. | `REOPENED` | Reopened action. | | `UPDATED` | Updated action. | +### `EventTarget` + +Event target. + +| Value | Description | +| ----- | ----------- | +| `ALL` | All events. | +| `COMMENTS` | Comments events. | +| `DESIGNS` | Designs events. | +| `EPIC` | Epic events. | +| `ISSUE` | Issue events. | +| `MERGED` | Merged events. | +| `PUSH` | Push events. | +| `TEAM` | Team events. | +| `WIKI` | Wiki events. | + ### `ExclusionScannerEnum` Enum for the security scanners used with exclusions. @@ -45843,6 +45889,22 @@ One of: - [`NugetDependencyLinkMetadata`](#nugetdependencylinkmetadata) +#### `EventTargetType` + +Represents an object that can be the subject of an event. + +One of: + +- [`Design`](#design) +- [`Issue`](#issue) +- [`MergeRequest`](#mergerequest) +- [`Milestone`](#milestone) +- [`Note`](#note) +- [`Project`](#project) +- [`Snippet`](#snippet) +- [`UserCore`](#usercore) +- [`WikiPage`](#wikipage) + #### `ExpressionValue` Represents possible value types for an expression. diff --git a/doc/api/group_service_accounts.md b/doc/api/group_service_accounts.md index 2c4ac724781..d90ed60efe4 100644 --- a/doc/api/group_service_accounts.md +++ b/doc/api/group_service_accounts.md @@ -116,6 +116,52 @@ Example response: } ``` +## Update a service account user + +{{< history >}} + +- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/182607/) in GitLab 17.10. + +{{< /history >}} + +Updates a service account user in a given top-level group. + +{{< alert type="note" >}} + +This endpoint only works on top-level groups. + +{{< /alert >}} + +```plaintext +PATCH /groups/:id/service_accounts/:user_id +``` + +Parameters: + +| Attribute | Type | Required | Description | +|:-----------|:---------------|:---------|:----------------------------------------------------------------| +| `id` | integer/string | yes | The ID or [URL-encoded path of the target group](rest/_index.md#namespaced-paths). | +| `user_id` | integer | yes | The ID of the service account user. | +| `name` | string | no | Name of the user. | +| `username` | string | no | Username of the user. | + +Example request: + +```shell +curl --request PATCH --header "PRIVATE-TOKEN: " "https://gitlab.example.com/api/v4/groups/345/service_accounts/57" --data "name=Updated Service Account" +``` + +Example response: + +```json +{ + "id": 57, + "username": "service_account_group_345_6018816a18e515214e0c34c2b33523fc", + "name": "Updated Service Account", + "email": "service_account_group_345_@noreply.gitlab.example.com" +} +``` + ## Delete a service account user {{< history >}} diff --git a/doc/ci/docker/using_docker_build.md b/doc/ci/docker/using_docker_build.md index 06653d1eb6d..baf14d8c004 100644 --- a/doc/ci/docker/using_docker_build.md +++ b/doc/ci/docker/using_docker_build.md @@ -971,14 +971,14 @@ environment where custom or private certificates are used (for example, Zscaler error pulling image configuration: download failed after attempts=6: tls: failed to verify certificate: x509: certificate signed by unknown authority ``` -This error occurs because Docker commands in a Docker-in-Docker environment +This error occurs because Docker commands in a Docker-in-Docker environment use two separate containers: - The **build container** runs the Docker client (`/usr/bin/docker`) and executes your job's script commands. - The **service container** (often named `svc`) runs the Docker daemon that processes most Docker commands. -When your organization uses custom certificates, both containers need these certificates. -Without proper certificate configuration in both containers, Docker operations that connect to external +When your organization uses custom certificates, both containers need these certificates. +Without proper certificate configuration in both containers, Docker operations that connect to external registries or services will fail with certificate errors. To resolve this issue: diff --git a/doc/ci/environments/_index.md b/doc/ci/environments/_index.md index bee9be7d2ef..93429d7e50f 100644 --- a/doc/ci/environments/_index.md +++ b/doc/ci/environments/_index.md @@ -479,9 +479,9 @@ the `stop` trigger is automatically enabled. In the following example, the `deploy_review` job calls a `stop_review` job to clean up and stop the environment. -- When the [**Pipelines must succeed**](../../user/project/merge_requests/auto_merge.md#require-a-successful-pipeline-for-merge) setting is turned on, - you can configure the [`allow_failure: true`](../yaml/_index.md#allow_failure) -keyword on the `stop_review` job to prevent it from +- When the [**Pipelines must succeed**](../../user/project/merge_requests/auto_merge.md#require-a-successful-pipeline-for-merge) setting is turned on, + you can configure the [`allow_failure: true`](../yaml/_index.md#allow_failure) +keyword on the `stop_review` job to prevent it from blocking your pipelines and merge requests. ```yaml diff --git a/doc/development/ai_features/amazon_q_integration.md b/doc/development/ai_features/amazon_q_integration.md new file mode 100644 index 00000000000..05af77ed950 --- /dev/null +++ b/doc/development/ai_features/amazon_q_integration.md @@ -0,0 +1,72 @@ +--- +stage: AI-powered +group: Custom Models +info: Any user with at least the Maintainer role can merge updates to this content. For details, see https://docs.gitlab.com/ee/development/development_processes.html#development-guidelines-review. +title: Amazon Q integration for testing and evaluation +--- + +> This guide combines and build on top of the following guides and sources. It describes Amazon Q setup for testing and evaluation purposes: +> +> - [Set up GitLab Duo with Amazon Q](../../user/duo_amazon_q/setup.md) +> - [code-suggestions development guide](../code_suggestions/_index.md) + +This guide describes how to set up Amazon Q in a GitLab Linux package running in a VM, using the staging AI Gateway. The reason we need a GitLab Linux package instance instead of GDK is that the GitLab instance needs an HTTPS URL that can be accessed by Amazon Q. + +## Install and configure a GitLab Linux package on a virtual machine + +1. Create a VM in either GCP or AWS + + - Follow this [guide](../../install/google_cloud_platform/_index.md) on how to create a VM in GCP + - Create a VM in AWS + 1. Go to [cloud sandbox](https://gitlabsandbox.cloud/cloud), and login with OKTA + 1. Click "Create Individual Account", and choose `aws-***` (not `aws-services-***` or `aws-dedicated-***`). This will create a AWS sandbox and display login credentials + 1. Configure an EC2 machine of similar spec as GCP VM + + A few things to note: + - Need to enable both http and https traffic under firewall setting. + - Copy the external IP of the VM instance created. + +1. Install GitLab + 1. Follow this [guide](https://about.gitlab.com/install/#ubuntu) on how to install GitLab Linux package. + We need to set up the external URL and an initial password. Install GitLab using the following command: + + ```shell + sudo GITLAB_ROOT_PASSWORD="your_password" EXTERNAL_URL="https://.nip.io" apt install gitlab-ee + ``` + + This will use nip.io as the DNS service so the GitLab instance can be accessed through HTTPs + +1. Config the newly installed GitLab instance + 1. SSH into the VM, and add the following config into `/etc/gitlab/gitlab.rb` + + ```ruby + gitlab_rails['env'] = { + "GITLAB_LICENSE_MODE" => "test", + "CUSTOMER_PORTAL_URL" => "https://customers.staging.gitlab.com", + "AI_GATEWAY_URL" => "https://cloud.staging.gitlab.com/ai" + } + ``` + + 1. Apply the config changes by `sudo gitlab-ctl reconfigure` +1. Obtain and activate a self-managed ultimate license + 1. Go to [staging customers portal](https://customers.staging.gitlab.com/), select "Signin with GitLab.com account". + 1. Instead of clicking "Buy new subscription", go to the [product page](https://customers.staging.gitlab.com/subscriptions/new?plan_id=2c92a00c76f0c6c20176f2f9328b33c9) directly. For reason of this, see [buy_subscription](https://gitlab.com/gitlab-org/customers-gitlab-com/-/blob/8aa922840091ad5c5d96ada43d0065a1b6198841/doc/flows/buy_subscription.md) + 1. Purchase the subscription using [a test credit card](https://gitlab.com/gitlab-org/customers-gitlab-com/#testing-credit-card-information). An activation code will be given. Do not purchase a duo-pro add-on, because currently duo-pro and Q are mutually exclusive. + 1. Go to the GitLab instance created earlier (`https://.nip.io`), log in with root account. Then on the left sidebar, go to **Admin > Subscription**, and enter the activation code + +## Create and configure an AWS sandbox + +1. Follow the [same step](#install-and-configure-a-gitlab-linux-package-on-a-virtual-machine) described above on how to create an AWS sandbox if you haven't had one already. +1. Login into the newly created AWS account and create an **Identity Provider** following this [instruction](../../user/duo_amazon_q/setup.md#create-an-iam-identity-provider) with slight modifications: + + - Provider URL: `https://glgo.staging.runway.gitlab.net/cc/oidc/` + - Audience: `gitlab-cc-` + + The GitLab instance ID can be found at `/admin/ai/amazon_q_settings` +1. Create a new role using the identity provider. For this, we can follow [this section](../../user/duo_amazon_q/setup.md#create-an-iam-role) exactly. + +## Add Amazon Q to GitLab + +1. Follow [Enter the ARN in GitLab and enable Amazon Q](../../user/duo_amazon_q/setup.md#enter-the-arn-in-gitlab-and-enable-amazon-q) exactly +1. [Invite Amazon Q user to your project](../../user/duo_amazon_q/setup.md#add-the-amazon-q-user-to-your-project). For this step, we do not need to configure AI Gateway again, because we've already done it when configuring our GitLab instance. +1. Now Q should be working. We can test it like [this](https://gitlab.com/gitlab-com/ops-sub-department/aws-gitlab-ai-integration/integration-motion-planning/-/wikis/integration-docs#testing-q) diff --git a/doc/development/api_styleguide.md b/doc/development/api_styleguide.md index a356991bd17..626fe94f416 100644 --- a/doc/development/api_styleguide.md +++ b/doc/development/api_styleguide.md @@ -77,7 +77,7 @@ end We must not make breaking changes to our REST API v4, even in major GitLab releases. See [what is a breaking change](#what-is-a-breaking-change) and [what is not a breaking change](#what-is-not-a-breaking-change). Our REST API maintains its own versioning independent of GitLab versioning. -The current REST API version is `4`. Because [we commit to follow semantic versioning for our REST API](../api/rest/_index.md), we cannot make breaking changes to it. A major version change for our REST API (most likely, `5`) is currently not planned, or scheduled. +The current REST API version is `4`. Because [we commit to follow semantic versioning for our REST API](../api/rest/_index.md), we cannot make breaking changes to it. A major version change for our REST API (most likely, `5`) is currently not planned, or scheduled. The exception is API features that are [marked as experimental or beta](#experimental-beta-and-generally-available-features). These features can be removed or changed at any time. diff --git a/doc/development/deleting_data.md b/doc/development/deleting_data.md index 672689c2955..dc36f359aab 100644 --- a/doc/development/deleting_data.md +++ b/doc/development/deleting_data.md @@ -26,7 +26,7 @@ Specifically, avoid invoking the following classes: ### For projects -Instead of using `Projects::DestroyService`, use `Projects::MarkForDeletionService`. +Instead of using `Projects::DestroyService`, use `Projects::MarkForDeletionService`. ```ruby Projects::MarkForDeletionService.new(project, current_user).execute @@ -34,7 +34,7 @@ Projects::MarkForDeletionService.new(project, current_user).execute ### For groups -Instead of using `Groups::DestroyService`, use `Groups::MarkForDeletionService`. +Instead of using `Groups::DestroyService`, use `Groups::MarkForDeletionService`. ```ruby Groups::MarkForDeletionService.new(group, current_user).execute diff --git a/doc/development/documentation/styleguide/word_list.md b/doc/development/documentation/styleguide/word_list.md index 81d672845e7..abcdadf8804 100644 --- a/doc/development/documentation/styleguide/word_list.md +++ b/doc/development/documentation/styleguide/word_list.md @@ -1103,6 +1103,16 @@ unless we've gone through a legal review and have been told to promote the partn This guidance follows the [Use of Third-party Trademarks](https://handbook.gitlab.com/handbook/legal/policies/product-third-party-trademarks-guidelines/#dos--donts-for-use-of-third-party-trademarks-in-gitlab). +## GitLab AI vendor model + +Use **GitLab AI vendor model** to refer to a [language model](#language-model-large-language-model) +that is hosted by GitLab, and that customers access through the GitLab-hosted +[AI gateway](#ai-gateway). + +Do not use this term when the [language model is hosted by a customer](#self-hosted-model), +or when the customer is using the [GitLab Duo Self-Hosted](#gitlab-duo-self-hosted) +feature. + ## GitLab Dedicated Use **GitLab Dedicated** to refer to the product offering. It refers to a GitLab instance that's hosted and managed by GitLab for customers. diff --git a/doc/development/graphql_guide/monitoring.md b/doc/development/graphql_guide/monitoring.md index 12830cbaaf7..d8b05abd357 100644 --- a/doc/development/graphql_guide/monitoring.md +++ b/doc/development/graphql_guide/monitoring.md @@ -74,7 +74,7 @@ Below are some examples of common Kibana filters. [See example filter](https://log.gprd.gitlab.net/app/r/s/cWkK1). -As mentioned [above](#logs-of-each-graphql-query), `json.meta.caller_id` appears as `graphql:` for queries that +As mentioned [above](#logs-of-each-graphql-query), `json.meta.caller_id` appears as `graphql:` for queries that came from the GitLab frontend, otherwise as `graphql:unknown`. This filter be used to identify internal versus external queries. 1. Combine the [subcomponent filter](#logs-of-each-graphql-query) with the following Kibana filter: diff --git a/doc/development/npmjs.md b/doc/development/npmjs.md index 1cbc7e1e577..ebac8b321a9 100644 --- a/doc/development/npmjs.md +++ b/doc/development/npmjs.md @@ -76,7 +76,7 @@ To set up publishing through GitLab CI/CD: ### Example CI/CD configuration -Below is an example `.gitlab-ci.yml` configuration for publishing an NPM package. This codeblock isn't meant to be used as-is and will require changes depending on your configuration. This means that you will need to modify the example below to include the location of your npmjs publishing token. +Below is an example `.gitlab-ci.yml` configuration for publishing an NPM package. This codeblock isn't meant to be used as-is and will require changes depending on your configuration. This means that you will need to modify the example below to include the location of your npmjs publishing token. ```yaml stages: diff --git a/doc/development/prometheus_metrics.md b/doc/development/prometheus_metrics.md index c6543695d06..b8c699b2484 100644 --- a/doc/development/prometheus_metrics.md +++ b/doc/development/prometheus_metrics.md @@ -37,8 +37,19 @@ generate them from a cron-based Sidekiq job: - For Geo related metrics, check `Geo::MetricsUpdateService`. - For other "global" / instance-wide metrics, check: `Metrics::GlobalMetricsUpdateService`. -When exporting data from Sidekiq in an installation with more than one Sidekiq instance, -you are not guaranteed that the same exporter will always be queried. +{{< alert type="warning" >}} -You can read more and understand the caveats in [issue 406583](https://gitlab.com/gitlab-org/gitlab/-/issues/406583), +When exporting metrics from Sidekiq in a multi-instance deployment: + +- The same exporter is not guaranteed to be queried consistently. +- This is especially problematic for gauge metrics, as each Sidekiq worker will continue reporting the last recorded value +until that specific worker runs the metric collection code again. +- This can lead to inconsistent or stale metrics data across your monitoring system. + +For more reliable metrics collection, consider creating the exporter as a custom exporter +in [`gitlab-exporter`](https://gitlab.com/gitlab-org/ruby/gems/gitlab-exporter/) + +{{< /alert >}} + +For more details, see [issue 406583](https://gitlab.com/gitlab-org/gitlab/-/issues/406583), where we also discuss a possible solution using a push-gateway. diff --git a/doc/development/python_guide/deployment.md b/doc/development/python_guide/deployment.md index faec13aec54..f95258d9a3b 100644 --- a/doc/development/python_guide/deployment.md +++ b/doc/development/python_guide/deployment.md @@ -90,7 +90,7 @@ version `19.5`, this would need three deployments of the service: - One for service version `18.11`, which provides support for all GitLab `18.x` versions - One for service version `19.5`, which provides support for GitLab versions `19.0`-`19.5`. -Once version 18.0 is released, unused code from versions 17.x can be safely removed, since a legacy deployment will be present. +Once version 18.0 is released, unused code from versions 17.x can be safely removed, since a legacy deployment will be present. Then, once version 20.0 is released, and GitLab version 17.x is not supported anymore, the legacy deployment can also be removed. #### Publishing images diff --git a/doc/development/testing_guide/end_to_end/_index.md b/doc/development/testing_guide/end_to_end/_index.md index 0258ae174ff..18514b26d07 100644 --- a/doc/development/testing_guide/end_to_end/_index.md +++ b/doc/development/testing_guide/end_to_end/_index.md @@ -119,7 +119,7 @@ There is a risk in skipping end-to-end tests. Use caution and discretion when ap #### Dynamic parallel job scaling -To maintain consistent pipeline run times, the CI/CD job count for each particular E2E test suite is scaled dynamically based on total run time of tests in the suite. +To maintain consistent pipeline run times, the CI/CD job count for each particular E2E test suite is scaled dynamically based on total run time of tests in the suite. The [`generate_e2e_pipelines`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/qa/tasks/ci.rake?ref_type=heads) Rake task creates CI/CD YAML files that: - Create the correct number of parallel jobs. diff --git a/doc/install/requirements.md b/doc/install/requirements.md index aaf1df4e8aa..21a0f25f5e3 100644 --- a/doc/install/requirements.md +++ b/doc/install/requirements.md @@ -183,7 +183,7 @@ More threads would lead to excessive swapping and lower performance. [Redis](https://redis.io/) stores all user sessions and background tasks and requires about 25 kB per user on average. -In GitLab 16.0 and later, Redis 6.x or 7.x is required. +In GitLab 16.0 and later, Redis 6.2.x or 7.x is required. For more information about end-of-life dates, see the [Redis documentation](https://redis.io/docs/latest/operate/rs/installing-upgrading/product-lifecycle/). diff --git a/doc/integration/jira/configure.md b/doc/integration/jira/configure.md index 45d6f25f1f3..3c6220e134e 100644 --- a/doc/integration/jira/configure.md +++ b/doc/integration/jira/configure.md @@ -246,7 +246,7 @@ To copy the API token, select **Copy**. To migrate from one Jira site to another in GitLab and maintain your Jira issues integration: 1. Follow the steps in [configure the integration](#configure-the-integration). -1. Enter the new Jira site URL (for example, `https://myjirasite.atlassian.net`). +1. Enter the new Jira site URL (for example, `https://myjirasite.atlassian.net`). To update existing Jira issue references in GitLab to use the new Jira site URL, you must [invalidate the Markdown cache](../../administration/invalidate_markdown_cache.md#invalidate-the-cache). diff --git a/doc/solutions/components/_index.md b/doc/solutions/components/_index.md index 70b4562ed58..767c0de943c 100644 --- a/doc/solutions/components/_index.md +++ b/doc/solutions/components/_index.md @@ -6,9 +6,9 @@ title: Solution Components --- This documentation section covers a variety of Solution components developed and provided by GitLab. -To download and run these solution components, request your account team for invitation code. +To download and run these solution components, request your account team for invitation code. -The use of any Solution component is subject to the [GitLab Subscription Agreement](https://handbook.gitlab.com/handbook/legal/subscription-agreement/) (the "Agreement") and constitutes Free Software as defined within the Agreement. +The use of any Solution component is subject to the [GitLab Subscription Agreement](https://handbook.gitlab.com/handbook/legal/subscription-agreement/) (the "Agreement") and constitutes Free Software as defined within the Agreement. ## DevSecOps Workflow diff --git a/doc/solutions/components/duo_workflow/_index.md b/doc/solutions/components/duo_workflow/_index.md index 6309ac927db..46b97cfe811 100644 --- a/doc/solutions/components/duo_workflow/_index.md +++ b/doc/solutions/components/duo_workflow/_index.md @@ -6,9 +6,9 @@ title: GitLab AI Solution Components --- This documentation section covers a variety of Solution components developed and provided by GitLab. -To download and run these solution components, request your account team for invitation code. +To download and run these solution components, request your account team for invitation code. -The use of any Solution component is subject to the [GitLab Subscription Agreement](https://handbook.gitlab.com/handbook/legal/subscription-agreement/) (the "Agreement") and constitutes Free Software as defined within the Agreement. +The use of any Solution component is subject to the [GitLab Subscription Agreement](https://handbook.gitlab.com/handbook/legal/subscription-agreement/) (the "Agreement") and constitutes Free Software as defined within the Agreement. ## GitLab Duo Workflow diff --git a/doc/solutions/components/duo_workflow/duo_workflow_codestyle.md b/doc/solutions/components/duo_workflow/duo_workflow_codestyle.md index 54dafed7ff5..41afa24a371 100644 --- a/doc/solutions/components/duo_workflow/duo_workflow_codestyle.md +++ b/doc/solutions/components/duo_workflow/duo_workflow_codestyle.md @@ -20,14 +20,14 @@ title: Duo Workflow Use Case for Applying Coding Style 1. Obtain the invitation code from your account team. 1. Download the solution component from [the solution component webstore](https://cloud.gitlab-accelerator-marketplace.com) by using your invitation code. -## Duo Workflow Use Case: Improve Java Application with Style Guide +## Duo Workflow Use Case: Improve Java Application with Style Guide -The document describes GitLab Duo Workflow Solution with prompt and context library. The purpose of the solution is to improve appliction coding based on defined style. +The document describes GitLab Duo Workflow Solution with prompt and context library. The purpose of the solution is to improve appliction coding based on defined style. -This solution provides a GitLab issue as the prompt and the style guide as the context, designed to automate Java style guidelines to codebases using GitLab Duo Workflow. The prompt and context library enables Duo Workflow to: +This solution provides a GitLab issue as the prompt and the style guide as the context, designed to automate Java style guidelines to codebases using GitLab Duo Workflow. The prompt and context library enables Duo Workflow to: -1. Access centralized style guide content stored in GitLab repository, -1. Understand domain-specific coding standards, and +1. Access centralized style guide content stored in GitLab repository, +1. Understand domain-specific coding standards, and 1. Apply consistent formatting to Java code while preserving functionality. For detailed information about GitLab Duo Workflow, review [the document here](../../../user/duo_workflow/_index.md). @@ -57,7 +57,7 @@ To run the agentic workflow to review and apply style to your application, you n 1. **Set up the prompt and contet library** by cloning `Enterprise Code Quality Standards` project 1. **Create a GitLab issue** `Review and Apply Style` with the prompt content from the library file `.gitlab/workflows/java-style-workflow.md` -1. **In the issue** `Review and Apply Style` configure the workflow variables as detailed in the [Configuration section](#configuration-guide) +1. **In the issue** `Review and Apply Style` configure the workflow variables as detailed in the [Configuration section](#configuration-guide) 1. **In your VS code** with the project `Enterprise Code Quality Standards`, start the Duo Workflow with a simple [workflow prompt](#example-duo-workflow-prompt) 1. **Work with the Duo Workflow** by reviewing the proposed plan and automated tasks, if needed add further input to the workflow 1. **Review and commit** the styled code changes to your repository @@ -77,7 +77,7 @@ This simple prompt is powerful because it instructs Duo Workflow to: ## Configuration Guide -The prompt is defined in the `.gitlab/workflows/java-style-workflow.md` file in the solution package. This file serves as your template for creating GitLab issues that instruct the workflow agent to build out the plan to automate the style guide review on your application and apply the changes. +The prompt is defined in the `.gitlab/workflows/java-style-workflow.md` file in the solution package. This file serves as your template for creating GitLab issues that instruct the workflow agent to build out the plan to automate the style guide review on your application and apply the changes. In the first section of `.gitlab/workflows/java-style-workflow.md`, it defines variables you need to configure for the prompt. @@ -121,7 +121,7 @@ TARGET_FILES=asset-management-api/src/main/java/com/royal/reserve/bank/asset/man ### Important Notes About AI-Generated Code -**⚠️ Important Disclaimer**: +**⚠️ Important Disclaimer**: GitLab Workflow uses Agentic AI which is non-deterministic, meaning: @@ -195,12 +195,12 @@ The AI assistant first creates an execution plan with specific tools: 1. Access the Java style guidelines by retrieving content from Enterprise Java Standards project using `run_read_only_git_command` on `https://gitlab.com/gl-demo-ultimate-zhenderson/sandbox/enterprise-java-standards.git` for file `coding-style/java/guidelines/java-coding-standards.md`, supported by: `run_read_only_git_command` 1. Read and analyze the current content of `AssetManagementService.java` using the `read_file` tool to understand its structure and identify areas that need style updates, supported by `read_file` 1. Search for any similar files in the project using find_files to ensure consistent style application across related service classes, supported by `find_files` -1. Edit AssetManagementService.java using the edit_file tool to apply the style guidelines, focusing on: +1. Edit AssetManagementService.java using the edit_file tool to apply the style guidelines, focusing on: - - Package and import organization - - Class and method documentation - - Code indentation and spacing - - Annotation placement + - Package and import organization + - Class and method documentation + - Code indentation and spacing + - Annotation placement - Method parameter formatting, supported by `edit_file` 1. Verify all Lombok annotations (@Service, @RequiredArgsConstructor, @Slf4j) are properly formatted according to the style guide using grep_files to check annotation patterns across the codebase, supported by `grep_files` diff --git a/doc/solutions/components/duo_workflow_codestyle.md b/doc/solutions/components/duo_workflow_codestyle.md index d983b7631d4..1810babc4fa 100644 --- a/doc/solutions/components/duo_workflow_codestyle.md +++ b/doc/solutions/components/duo_workflow_codestyle.md @@ -20,14 +20,14 @@ title: Duo Workflow Use Case for Applying Coding Style 1. Obtain the invitation code from your account team. 1. Download the solution component from [the solution component webstore](https://cloud.gitlab-accelerator-marketplace.com) by using your invitation code. -## Duo Workflow Use Case: Improve Java Application with Style Guide +## Duo Workflow Use Case: Improve Java Application with Style Guide -The document describes GitLab Duo Workflow Solution with prompt and context library. The purpose of the solution is to improve appliction coding based on defined style. +The document describes GitLab Duo Workflow Solution with prompt and context library. The purpose of the solution is to improve appliction coding based on defined style. -This solution provides a GitLab issue as the prompt and the style guide as the context, designed to automate Java style guidelines to codebases using GitLab Duo Workflow. The prompt and context library enables Duo Workflow to: +This solution provides a GitLab issue as the prompt and the style guide as the context, designed to automate Java style guidelines to codebases using GitLab Duo Workflow. The prompt and context library enables Duo Workflow to: -1. Access centralized style guide content stored in GitLab repository, -1. Understand domain-specific coding standards, and +1. Access centralized style guide content stored in GitLab repository, +1. Understand domain-specific coding standards, and 1. Apply consistent formatting to Java code while preserving functionality. For detailed information about GitLab Duo Workflow, review [the document here](../../user/duo_workflow/_index.md). @@ -57,7 +57,7 @@ To run the agentic workflow to review and apply style to your application, you n 1. **Set up the prompt and contet library** by cloning `Enterprise Code Quality Standards` project 1. **Create a GitLab issue** `Review and Apply Style` with the prompt content from the library file `.gitlab/workflows/java-style-workflow.md` -1. **In the issue** `Review and Apply Style` configure the workflow variables as detailed in the [Configuration section](#configuration-guide) +1. **In the issue** `Review and Apply Style` configure the workflow variables as detailed in the [Configuration section](#configuration-guide) 1. **In your VS code** with the project `Enterprise Code Quality Standards`, start the Duo Workflow with a simple [workflow prompt](#example-duo-workflow-prompt) 1. **Work with the Duo Workflow** by reviewing the proposed plan and automated tasks, if needed add further input to the workflow 1. **Review and commit** the styled code changes to your repository @@ -77,7 +77,7 @@ This simple prompt is powerful because it instructs Duo Workflow to: ## Configuration Guide -The prompt is defined in the `.gitlab/workflows/java-style-workflow.md` file in the solution package. This file serves as your template for creating GitLab issues that instruct the workflow agent to build out the plan to automate the style guide review on your application and apply the changes. +The prompt is defined in the `.gitlab/workflows/java-style-workflow.md` file in the solution package. This file serves as your template for creating GitLab issues that instruct the workflow agent to build out the plan to automate the style guide review on your application and apply the changes. In the first section of `.gitlab/workflows/java-style-workflow.md`, it defines variables you need to configure for the prompt. @@ -121,7 +121,7 @@ TARGET_FILES=asset-management-api/src/main/java/com/royal/reserve/bank/asset/man ### Important Notes About AI-Generated Code -**⚠️ Important Disclaimer**: +**⚠️ Important Disclaimer**: GitLab Workflow uses Agentic AI which is non-deterministic, meaning: @@ -195,12 +195,12 @@ The AI assistant first creates an execution plan with specific tools: 1. Access the Java style guidelines by retrieving content from Enterprise Java Standards project using `run_read_only_git_command` on `https://gitlab.com/gl-demo-ultimate-zhenderson/sandbox/enterprise-java-standards.git` for file `coding-style/java/guidelines/java-coding-standards.md`, supported by: `run_read_only_git_command` 1. Read and analyze the current content of `AssetManagementService.java` using the `read_file` tool to understand its structure and identify areas that need style updates, supported by `read_file` 1. Search for any similar files in the project using find_files to ensure consistent style application across related service classes, supported by `find_files` -1. Edit AssetManagementService.java using the edit_file tool to apply the style guidelines, focusing on: +1. Edit AssetManagementService.java using the edit_file tool to apply the style guidelines, focusing on: - - Package and import organization - - Class and method documentation - - Code indentation and spacing - - Annotation placement + - Package and import organization + - Class and method documentation + - Code indentation and spacing + - Annotation placement - Method parameter formatting, supported by `edit_file` 1. Verify all Lombok annotations (@Service, @RequiredArgsConstructor, @Slf4j) are properly formatted according to the style guide using grep_files to check annotation patterns across the codebase, supported by `grep_files` diff --git a/doc/solutions/components/integrated_servicenow.md b/doc/solutions/components/integrated_servicenow.md index 486ca810ba4..590f2fcb7df 100644 --- a/doc/solutions/components/integrated_servicenow.md +++ b/doc/solutions/components/integrated_servicenow.md @@ -19,9 +19,9 @@ With the ServiceNow DevOps Change Velocity integration, it's able to track infor It automates the creation of change requests and automatically approve the change requests based on the policy critieria when it's integrated with GitLab CI/CD pipelines. -This document shows you how to +This document shows you how to -1. Integrate ServiceNow with GitLab with Change Velocity for change management, +1. Integrate ServiceNow with GitLab with Change Velocity for change management, 1. Create in the GitLab CI/CD pipeline automatically the change request in ServiceNow, 1. Approve the change request in ServiceNow if it requires CAB review and approval, 1. Start the production deployment based on the change request approval. @@ -43,7 +43,7 @@ There are multiple ways to integrate GitLab with ServiceNow. The followings opti ## ServiceNow DevOps Change Velocity -Upon installing and configuring DevOps Change Velocity from ServiceNow store, enable change control through automated change creation in the DevOps Change Workspace Directly. +Upon installing and configuring DevOps Change Velocity from ServiceNow store, enable change control through automated change creation in the DevOps Change Workspace Directly. ### Built-in Change Request Process @@ -53,8 +53,8 @@ The normal change process requires the change request to be approved before the #### Setup the Pipeline and Change Request Jobs -Use the `gitlab-ci-workflow1.yml` sample pipeline in the solution repository as a starting point. -Check below for the steps to enable the automatic change creation and pass the change attributes through the pipeline. +Use the `gitlab-ci-workflow1.yml` sample pipeline in the solution repository as a starting point. +Check below for the steps to enable the automatic change creation and pass the change attributes through the pipeline. Note: for more detailed instructions, please see [the ServiceNow documentation](https://www.servicenow.com/docs/bundle/yokohama-it-service-management/page/product/enterprise-dev-ops/task/automate-devops-change-request.html) @@ -76,19 +76,19 @@ Below are the high-level steps: #### Run Pipeline with Change Management -Once the above steps are completed, the project CD pipeline can incorporate the jobs illustrated in the `gitlab-ci-workflow1.yml` sample pipeline. Below are the Change Management steps: +Once the above steps are completed, the project CD pipeline can incorporate the jobs illustrated in the `gitlab-ci-workflow1.yml` sample pipeline. Below are the Change Management steps: 1. In ServiceNow, Change control is enabled for one of the stages in the pipeline. ![change control enabled](img/snow_change_control_enabled_v17_9.png) 1. In GitLab, the pipeline job with the change control function runs. ![pipeline paused](img/snow_pipeline_pause_for_approval_v17_9.png) 1. In ServiceNow, a change request is automatically created in ServiceNow. ![change request waiting for approval](img/snow_cr_waiting_for_approval_v17_9.png) -1. In ServiceNow, approve the change request +1. In ServiceNow, approve the change request ![change request approved](img/snow_cr_approved_v17_9.png) -1. Pipeline resumes and begins the next job for deploying to the production environment upon the approval of the change request. +1. Pipeline resumes and begins the next job for deploying to the production environment upon the approval of the change request. ![pipeline resumes](img/snow_pipeline_resumes_v17_9.png) ### Custom Actions with Velocity Container Image -Use the ServiceNow custom actions via the DevOps Change Velocity Docker image to set Change Request title, description, change plan, rollback plan, and data related to artifacts to be deployed, and package registration. This allows you to customize the change request descriptions instead of passing the pipeline metadata as the change request description. +Use the ServiceNow custom actions via the DevOps Change Velocity Docker image to set Change Request title, description, change plan, rollback plan, and data related to artifacts to be deployed, and package registration. This allows you to customize the change request descriptions instead of passing the pipeline metadata as the change request description. #### Setup the Pipeline and Change Request Jobs @@ -126,7 +126,7 @@ Use the `gitlab-ci-workflow2.yml` sample pipeline in this repository as an examp #### Run Pipeline with Custom Change Management Use the `gitlab-ci-workflow2.yml` sample pipeline as a starting point. -Once the above steps are completed, the project CD pipeline can incorporate the jobs illustrated in the `gitlab-ci-workflow2.yml` sample pipeline. Below are the Change Management steps: +Once the above steps are completed, the project CD pipeline can incorporate the jobs illustrated in the `gitlab-ci-workflow2.yml` sample pipeline. Below are the Change Management steps: 1. In ServiceNow, change control is enabled for one of the stages in the pipeline. ![change control enabled](img/snow_change_control_enabled_v17_9.png) 1. In GitLab, the pipeline job with the change control function runs. ![change request creation workflow2](img/snow_cr_creation_workflow2_v17_9.png) @@ -134,5 +134,5 @@ Once the above steps are completed, the project CD pipeline can incorporate the 1. In GitLab, change request number and other information can be found in the pipeline details. The pipeline job will remain running until the change request is approved, then it will proceed to the next job. ![pipeline change details after approval workflow2](img/snow_pipeline_details_workflow2_v17_9.png) 1. In ServiceNow, approve the change request. ![pipeline details workflow2](img/snow_pipeline_cr_details_workflow2_v17_9.png) -1. In GitLab, the Pipeline job resumes and begins the next job which is the deployment to the production environment upon the approval of the change request. +1. In GitLab, the Pipeline job resumes and begins the next job which is the deployment to the production environment upon the approval of the change request. ![pipeline resumes workflow2](img/snow_pipeline_resumes_workflow2_v17_9.png) diff --git a/doc/solutions/components/oss_license_check.md b/doc/solutions/components/oss_license_check.md index d7aa5849521..802267e3e8a 100644 --- a/doc/solutions/components/oss_license_check.md +++ b/doc/solutions/components/oss_license_check.md @@ -109,7 +109,7 @@ If you already have a security policy project but don't have dependency and/or l 1. Make sure to: - Maintain the existing YAML structure - Place these sections at the same level as other top-level sections - - Set `user_approvers_ids` and/or `group_approvers_ids` and/or `role_approvers` (only one is needed) + - Set `user_approvers_ids` and/or `group_approvers_ids` and/or `role_approvers` (only one is needed) - Replace `YOUR_USER_ID_HERE` or `YOUR_GROUP_ID_HERE` with appropriate user/group IDs (ensure you paste the user/group IDs e.g. 1234567 and NOT the usernames) - Replace `YOUR_PROJECT_ID_HERE` if you'd like to exclude any projects from the policy (ensure you paste the project IDs e.g. 1234 and NOT the project names/paths) - Set `approvals_required: 1` to the number of approvals you want to require diff --git a/doc/solutions/components/secret_detection.md b/doc/solutions/components/secret_detection.md index d1635e3912e..fd8502c03a7 100644 --- a/doc/solutions/components/secret_detection.md +++ b/doc/solutions/components/secret_detection.md @@ -23,7 +23,7 @@ title: Secret Detection - GitLab Ultimate tier - Administrator access to your GitLab instance or group -- [Secret Detection](../../user/application_security/secret_detection/_index.md) enabled for your projects +- [Secret Detection](../../user/application_security/secret_detection/_index.md) enabled for your projects ## Configure Secret Detection Custom Rules @@ -91,7 +91,7 @@ To set the access and authentication, follow these steps: This guide covers the steps to configure the policy to run secret detection for all projects using centralized custom ruleset. -### Configure Secret Detection Policy +### Configure Secret Detection Policy To run secret detection automatically in the pipeline as the enforced global policy, set up the policy at the highest level, in this case the top group level. Follow the steps outlined below to create the new secret detection policy. @@ -102,11 +102,11 @@ To run secret detection automatically in the pipeline as the enforced global pol 1. Set the **Policy scope** by selecting either "All projects in this group" (and optionally set exceptions) or "Specific projects" (and select the projects from the dropdown). 1. Under the **Actions** section, select "Dependency scanning" instead of "Secret Detection" (default). 1. Under the **Conditions** section, you can optionally change "Triggers:" to "Schedules:" if you want to run the scan on a schedule instead of at every commit. -1. Setup access to the custom ruleset: add CI variables with the value of the bot user, group variable and the URL of the custom ruleset project. +1. Setup access to the custom ruleset: add CI variables with the value of the bot user, group variable and the URL of the custom ruleset project. - Since the custom ruleset is hosted in a different project and considered as the remote ruleset, the `SECRET_DETECTION_RULESET_GIT_REFERENCE` must be used. + Since the custom ruleset is hosted in a different project and considered as the remote ruleset, the `SECRET_DETECTION_RULESET_GIT_REFERENCE` must be used. - ```yaml + ```yaml variables: SECRET_DETECTION_RULESET_GIT_REFERENCE: "group_[group_id]_bot_[random_number]:$SECRET_DETECTION_GROUP_TOKEN@[custom ruleset project URL]" SECRET_DETECTION_HISTORIC_SCAN: "true" @@ -121,7 +121,7 @@ For detailed information about this CI variable, see [this document for details] Upon creating the policy, for reference, here is the complete policy configuration: -```yaml +```yaml --- scan_execution_policy: - name: Scan Execution for Secret Detection with Custom Rules diff --git a/doc/solutions/components/securitykpi.md b/doc/solutions/components/securitykpi.md index 40d578c7879..5889d964a63 100644 --- a/doc/solutions/components/securitykpi.md +++ b/doc/solutions/components/securitykpi.md @@ -12,7 +12,7 @@ title: Security Metrics and KPIs {{< /details >}} -The document describes the installation, configuration and user guide of GitLab Security Metrics and KPIs Solution Component. This security solution component provides metrics and KPIs that can be viewed by business units, time range, vulnerability severity and security types. It can provide snapshot of the seucrity posture on the monthly and quarterly basis with pdf documents. The dashboard and visualization of data are displayed as Dashboard in Splunk. +The document describes the installation, configuration and user guide of GitLab Security Metrics and KPIs Solution Component. This security solution component provides metrics and KPIs that can be viewed by business units, time range, vulnerability severity and security types. It can provide snapshot of the seucrity posture on the monthly and quarterly basis with pdf documents. The dashboard and visualization of data are displayed as Dashboard in Splunk. ![Security Metrics and KPIs](img/security_metrics_kpi_v17_9.png) diff --git a/doc/topics/autodevops/_index.md b/doc/topics/autodevops/_index.md index e132b8b11cf..0922a60fd82 100644 --- a/doc/topics/autodevops/_index.md +++ b/doc/topics/autodevops/_index.md @@ -12,9 +12,9 @@ title: Auto DevOps {{< /details >}} -Auto DevOps turns your code into production-ready applications without the usual configuration overhead. -The entire DevOps lifecycle is pre-configured using industry best practices. Start with the defaults -to ship quickly, then customize when you need more control. No complex configuration files or deep +Auto DevOps turns your code into production-ready applications without the usual configuration overhead. +The entire DevOps lifecycle is pre-configured using industry best practices. Start with the defaults +to ship quickly, then customize when you need more control. No complex configuration files or deep DevOps expertise is required. With Auto DevOps you get: diff --git a/doc/tutorials/build_application.md b/doc/tutorials/build_application.md index 8d552fe6464..7392107c106 100644 --- a/doc/tutorials/build_application.md +++ b/doc/tutorials/build_application.md @@ -24,7 +24,7 @@ Use CI/CD pipelines to automatically build, test, and deploy your code. | [Use Auto DevOps to deploy an application](../topics/autodevops/cloud_deployments/auto_devops_with_gke.md) | Deploy an application to Google Kubernetes Engine (GKE). | | | [Using Buildah in a rootless container with GitLab Runner Operator on OpenShift](../ci/docker/buildah_rootless_tutorial.md) | Learn how to set up GitLab Runner Operator on OpenShift to build Docker images with Buildah in a rootless container | | | [Automatically build and publish packages with CI/CD](../user/packages/pypi_repository/auto_publish_tutorial.md) | Learn how to automatically build, test, and publish a PyPI package to the package registry. | | -| [Structure the package registry for enterprise scale](../user/packages/package_registry/enterprise_structure_tutorial.md) | Set up your organization to upload, manage, and consume packages at scale. | | +| [Structure the package registry for enterprise scale](../user/packages/package_registry/enterprise_structure_tutorial.md) | Set up your organization to upload, manage, and consume packages at scale. | | | [Set up CI/CD steps](setup_steps/_index.md) | Learn how to set up the steps component and configure a CI/CD pipeline to use the step in a job. | | | [Build and sign Python packages with GitLab CI/CD](../user/packages/package_registry/pypi_cosign_tutorial.md) | Learn how to build a secure pipeline for Python packages using GitLab CI/CD and Sigstore Cosign. | | diff --git a/doc/update/zero_downtime.md b/doc/update/zero_downtime.md index 3eedefb46a2..28f19383ceb 100644 --- a/doc/update/zero_downtime.md +++ b/doc/update/zero_downtime.md @@ -38,14 +38,15 @@ or the [Support team](https://about.gitlab.com/support/). The zero-downtime upgrade process has the following requirements: -- Zero-downtime upgrades are only supported on multi-node GitLab environments built with the Linux package that have Load Balancing and HA mechanisms configured as follows: +- Zero-downtime upgrades are only supported on multi-node GitLab environments built with the Linux package that have Load Balancing and available HA mechanisms configured as follows: - External Load Balancer configured for Rails nodes with health checks enabled against the [Readiness](../administration/monitoring/health_check.md#readiness) (`/-/readiness`) endpoint. - Internal Load Balancer configured for any PgBouncer and Praefect components with TCP health checks enabled. - - HA mechanisms configured for the Consul, Postgres and Redis components if present. - - Any of these components that are not deployed in a HA fashion will need to be upgraded separately with downtime. + - HA mechanisms configured for the Consul, Postgres, Redis components if present. + - Any of these components that are not deployed in a HA fashion need to be upgraded separately with downtime. + - For databases, the [Linux package only supports HA for the main GitLab database](https://gitlab.com/groups/gitlab-org/-/epics/7814). For any other databases, such as the [Praefect database](#praefect-gitaly-cluster), a third party database solution is required to achieve HA and subsequently to avoid downtime. - **You can only upgrade one minor release at a time**. So from `16.1` to `16.2`, not to `16.3`. If you skip releases, database modifications may be run in the wrong sequence [and leave the database schema in a broken state](https://gitlab.com/gitlab-org/gitlab/-/issues/321542). - You have to use [post-deployment migrations](../development/database/post_deployment_migrations.md). -- [Zero-downtime upgrades are not available with the GitLab Charts](https://docs.gitlab.com/charts/installation/upgrade.html) but are with [GitLab Operator](https://docs.gitlab.com/operator/gitlab_upgrades.html). +- [Zero-downtime upgrades are not available with the GitLab Charts](https://docs.gitlab.com/charts/installation/upgrade.html). Support is available with the [GitLab Operator](https://docs.gitlab.com/operator/gitlab_upgrades.html) but there are [known limitations](https://docs.gitlab.com/operator/#known-issues) with this deployment method and as such it's not covered in this guide at this time. In addition to the above, please be aware of the following considerations: @@ -59,9 +60,10 @@ In addition to the above, please be aware of the following considerations: - Certain major or minor releases may require a set of background migrations to be finished. While this doesn't require downtime (if the above conditions are met), it's required that you [wait for background migrations to complete](background_migrations.md) between each major or minor release upgrade. - The time necessary to complete these migrations can be reduced by increasing the number of Sidekiq workers that can process jobs in the `background_migration` queue. To see the size of this queue, [check for background migrations before upgrading](background_migrations.md). +- Zero downtime upgrades can be performed for [Gitaly](#gitaly) when it's set up in its Cluster or Sharded setups due to a graceful reload mechanism. For the [Praefect (Gitaly Cluster)](#praefect-gitaly-cluster) component it can also be directly upgraded without downtime, however the GitLab Linux package does not offer HA and subsequently Zero Downtime support for it's database - A third party database solution is required to avoid downtime. - [PostgreSQL major version upgrades](../administration/postgresql/replication_and_failover.md#near-zero-downtime-upgrade-of-postgresql-in-a-patroni-cluster) are a separate process and not covered by zero-downtime upgrades (smaller upgrades are covered). -- Zero-downtime upgrades are supported for any GitLab components you've deployed with the GitLab Linux package. If you've deployed select components through a supported third party service, such as PostgreSQL in AWS RDS or Redis in GCP Memorystore, upgrades for those services will need to be performed separately as per their standard processes. -- As a general guideline, the larger amount of data you have, the more time it will take for the upgrade to complete. In testing, any database smaller than 10 GB shouldn't generally take longer than an hour, but your mileage may vary. +- Zero-downtime upgrades are supported for the noted GitLab components you've deployed with the GitLab Linux package. If you've deployed select components through a supported third party service, such as PostgreSQL in AWS RDS or Redis in GCP Memorystore, upgrades for those services need to be performed separately as per their standard processes. +- As a general guideline, the larger amount of data you have, the more time is needed for the upgrade to complete. In testing, any database smaller than 10 GB shouldn't generally take longer than an hour, but your mileage may vary. {{< alert type="note" >}} @@ -153,7 +155,7 @@ This process applies to both Gitaly Sharded and Cluster setups. Run through the sudo gitlab-ctl restart consul node-exporter logrotate ``` -### Praefect +#### Praefect (Gitaly Cluster) For Gitaly Cluster setups, you must deploy and upgrade Praefect in a similar way by using a graceful reload. @@ -165,6 +167,12 @@ In the future this functionality may be changed, [refer to this Epic](https://gi {{< /alert >}} +{{< alert type="note" >}} + +This section focuses exclusively on the Praefect component, not its [required PostgreSQL database](../administration/gitaly/praefect.md#postgresql). The [GitLab Linux package does not offer HA](https://gitlab.com/groups/gitlab-org/-/epics/7814) and subsequently Zero Downtime support for the Praefect database. A third party database solution is required to avoid downtime. + +{{< /alert >}} + One additional step though for Praefect is that it will also need to run through its database migrations to upgrade its data. Migrations need to be run on only one Praefect node to avoid clashes. This is best done by selecting one of the nodes to be a deploy node. This target node will be configured to run migrations while the rest are not. We'll refer to this as the **Praefect deploy node** below: diff --git a/doc/user/clusters/agent/enterprise_considerations.md b/doc/user/clusters/agent/enterprise_considerations.md index 42cbebd79de..95959de9fa6 100644 --- a/doc/user/clusters/agent/enterprise_considerations.md +++ b/doc/user/clusters/agent/enterprise_considerations.md @@ -21,7 +21,7 @@ For a description of the advantages of GitOps, see [the OpenGitOps initiative](h - For scaling, Flux supports [vertical](https://fluxcd.io/flux/installation/configuration/vertical-scaling/) and [horizontal sharding](https://fluxcd.io/flux/installation/configuration/sharding/). - For Flux-specific guidance, see the [Flux guides](https://fluxcd.io/flux/guides/) in the Flux documentation. - To simplify maintenance, you should run a single GitLab agent for Kubernetes installation per cluster. You can share the agent connection with impersonation features across the GitLab domain. -- Consider using the Flux `OCIRepository` for storing and retrieving manifests. +- Consider using the Flux `OCIRepository` for storing and retrieving manifests. You can use GitLab pipelines to build and push the OCI images to the container registry. - To shorten the feedback loop, trigger an immediate GitOps reconciliation from the related GitLab pipeline. - You should sign generated OCI images, and deploy only images signed and verified by Flux. @@ -29,7 +29,7 @@ For a description of the advantages of GitOps, see [the OpenGitOps initiative](h ### OCI containers -When you use OCI containers instead of Git repositories, the source of truth for the manifests is still the Git repository. +When you use OCI containers instead of Git repositories, the source of truth for the manifests is still the Git repository. You can think of the OCI container as a caching layer between the Git repository and the cluster. There are several benefits to using OCI containers: @@ -37,7 +37,7 @@ There are several benefits to using OCI containers: - OCI was designed for scalability. Although the GitLab Git repositories scale well, they were not designed for this use case. - A single Git repository can be the source of several OCI containers, each packaging a small set of manifests. This way, if you need to retrieve a set of manifests, you don't need to download the whole Git repository. -- OCI repositories can follow a well-known versioning scheme, and Flux can be configured to auto-update following that scheme. +- OCI repositories can follow a well-known versioning scheme, and Flux can be configured to auto-update following that scheme. For example, if you use semantic versioning, Flux can deploy all the minor and patch changes automatically, while major versions require a manual update. - OCI images can be signed, and the signature can be verified by Flux. - OCI repositories can be scanned by the container registry, even after the image is built. diff --git a/doc/user/enterprise_user/_index.md b/doc/user/enterprise_user/_index.md index 317a1284064..5db71e6643d 100644 --- a/doc/user/enterprise_user/_index.md +++ b/doc/user/enterprise_user/_index.md @@ -51,7 +51,7 @@ If the organization moves its verified domains to another paid group, its enterp ### Identifying unclaimed users -If a user is not automatically claimed as an Enterprise User, their existing access will not be revoked. +If a user is not automatically claimed as an Enterprise User, their existing access will not be revoked. A group with domain verification enabled can have both claimed and unclaimed users as members. The only difference between a member claimed as an Enterprise User and one that isn't is that a Group Owner cannot [manage unclaimed users](#manage-enterprise-users-in-a-namespace). diff --git a/doc/user/infrastructure/iac/terraform_state.md b/doc/user/infrastructure/iac/terraform_state.md index 2cf1aa1050f..5f174426e86 100644 --- a/doc/user/infrastructure/iac/terraform_state.md +++ b/doc/user/infrastructure/iac/terraform_state.md @@ -19,9 +19,9 @@ title: GitLab-managed Terraform/OpenTofu state {{< /history >}} -Managing infrastructure state files across teams requires both security and reliability. GitLab-managed +Managing infrastructure state files across teams requires both security and reliability. GitLab-managed OpenTofu state eliminates the typical challenges of state management. -With minimal configuration, your OpenTofu states become a natural extension of your GitLab project. +With minimal configuration, your OpenTofu states become a natural extension of your GitLab project. This integration keeps your infrastructure definitions, code, and state all in one secure location. With GitLab-managed OpenTofu state, you: diff --git a/doc/user/packages/maven_repository/_index.md b/doc/user/packages/maven_repository/_index.md index 9579a4a2b03..6c13ac35def 100644 --- a/doc/user/packages/maven_repository/_index.md +++ b/doc/user/packages/maven_repository/_index.md @@ -523,8 +523,8 @@ correct location: {{< alert type="note" >}} -If you protect a Maven package before publishing it, the package will be rejected with a `403 Forbidden` error and an `Authorization failed` error message. -Ensure the Maven package is not protected when publishing. +If you protect a Maven package before publishing it, the package will be rejected with a `403 Forbidden` error and an `Authorization failed` error message. +Ensure the Maven package is not protected when publishing. For more information about package protection rules, see [how to protect a package](../../../user/packages/package_registry/package_protection_rules.md#protect-a-package). {{< /alert >}} diff --git a/doc/user/packages/yarn_repository/_index.md b/doc/user/packages/yarn_repository/_index.md index aae58628097..11a3e596447 100644 --- a/doc/user/packages/yarn_repository/_index.md +++ b/doc/user/packages/yarn_repository/_index.md @@ -129,7 +129,7 @@ in your package project root directory where `package.json` is found: For example, to trigger only on any tag push: In Yarn 1: - + ```yaml image: node:lts diff --git a/doc/user/profile/user_passwords.md b/doc/user/profile/user_passwords.md index acfc747773f..af02279ac8a 100644 --- a/doc/user/profile/user_passwords.md +++ b/doc/user/profile/user_passwords.md @@ -62,7 +62,7 @@ In both situations, you are redirected to the sign-in page and see the following {{< alert type="note" >}} Your account can have more than one verified email address, and any email address -associated with your account can be verified. However, only the primary email address +associated with your account can be verified. However, only the primary email address can be used to sign in once the password is reset. {{< /alert >}} diff --git a/doc/user/project/deploy_tokens/_index.md b/doc/user/project/deploy_tokens/_index.md index b2a48fbaf10..ea037deb8e8 100644 --- a/doc/user/project/deploy_tokens/_index.md +++ b/doc/user/project/deploy_tokens/_index.md @@ -12,7 +12,7 @@ title: Deploy tokens {{< /details >}} -Deploy tokens provide secure access to GitLab resources without tying permissions to individual user accounts. Use them with Git operations, container registries, and package registries, giving your deployment +Deploy tokens provide secure access to GitLab resources without tying permissions to individual user accounts. Use them with Git operations, container registries, and package registries, giving your deployment automation access to exactly what it needs. With deploy tokens, you have: diff --git a/doc/user/project/releases/_index.md b/doc/user/project/releases/_index.md index 287f646d8f1..85e4585c1a6 100644 --- a/doc/user/project/releases/_index.md +++ b/doc/user/project/releases/_index.md @@ -12,7 +12,7 @@ title: Releases {{< /details >}} -Create a release to package your project at critical milestones. Releases combine code, binaries, documentation, +Create a release to package your project at critical milestones. Releases combine code, binaries, documentation, and release notes into a complete snapshot of your project. When a release is created, GitLab automatically tags your code, archives a snapshot, and generates audit-ready evidence. This creates a permanent record that's perfect for compliance requirements and diff --git a/doc/user/project/settings/_index.md b/doc/user/project/settings/_index.md index 3d0b6e9794b..2e2eded57f7 100644 --- a/doc/user/project/settings/_index.md +++ b/doc/user/project/settings/_index.md @@ -172,6 +172,7 @@ To set this default: - [Added](https://gitlab.com/gitlab-org/gitlab/-/issues/463016) 60 day and 30 days triggers to project and group access tokens webhooks in GitLab 17.9 [with a flag](../../../administration/feature_flags.md) named `extended_expiry_webhook_execution_setting`. Disabled by default. - [Enabled on GitLab.com](https://gitlab.com/gitlab-org/gitlab/-/issues/513684) in GitLab 17.10. +- [Generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/513684) in GitLab 17.10. Feature flag `extended_expiry_webhook_execution_setting` removed. {{< /history >}} diff --git a/doc/user/project/settings/migrate_projects.md b/doc/user/project/settings/migrate_projects.md index a4746b40beb..3f36076aba4 100644 --- a/doc/user/project/settings/migrate_projects.md +++ b/doc/user/project/settings/migrate_projects.md @@ -34,8 +34,8 @@ A project transfer includes: - Membership invitations {{< alert type="note" >}} - - Members with [inherited membership](../members/_index.md#membership-types) + + Members with [inherited membership](../members/_index.md#membership-types) in the project lose access unless they are also members of the target group. The project inherits new member permissions from the group you transfer it to. diff --git a/gems/gitlab-active-context/lib/active_context/embeddings.rb b/gems/gitlab-active-context/lib/active_context/embeddings.rb new file mode 100644 index 00000000000..fcccaba0e80 --- /dev/null +++ b/gems/gitlab-active-context/lib/active_context/embeddings.rb @@ -0,0 +1,13 @@ +# frozen_string_literal: true + +module ActiveContext + class Embeddings + def self.generate_embeddings(content) + embeddings = Gitlab::Llm::VertexAi::Embeddings::Text + .new(content, user: nil, tracking_context: { action: 'embedding' }, unit_primitive: 'semantic_search_issue') + .execute + + embeddings.all?(Array) ? embeddings : [embeddings] + end + end +end diff --git a/gems/gitlab-active-context/lib/active_context/preprocessors/embeddings.rb b/gems/gitlab-active-context/lib/active_context/preprocessors/embeddings.rb new file mode 100644 index 00000000000..729d95a2ade --- /dev/null +++ b/gems/gitlab-active-context/lib/active_context/preprocessors/embeddings.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: true + +module ActiveContext + module Preprocessors + module Embeddings + extend ActiveSupport::Concern + + IndexingError = Class.new(StandardError) + + # Vertex bulk limit is 250 so we choose a lower batch size + # Gitlab::Llm::VertexAi::Embeddings::Text::BULK_LIMIT + BATCH_SIZE = 100 + + class_methods do + def bulk_embeddings(refs) + unless respond_to?(:embedding_content) + raise IndexingError, "#{self} should implement :embedding_content method" + end + + refs.each_slice(BATCH_SIZE) do |batch| + contents = batch.map { |ref| embedding_content(ref) } + embeddings = ActiveContext::Embeddings.generate_embeddings(contents) + + batch.each_with_index do |ref, index| + ref.embedding = embeddings[index] + end + end + + refs + rescue StandardError => e + ::ActiveContext::Logger.exception(e) + refs # we will generate each embedding on the fly if bulk fails + end + end + end + end +end diff --git a/gems/gitlab-active-context/spec/lib/active_context/preprocessors/embeddings_spec.rb b/gems/gitlab-active-context/spec/lib/active_context/preprocessors/embeddings_spec.rb new file mode 100644 index 00000000000..1ead9be3379 --- /dev/null +++ b/gems/gitlab-active-context/spec/lib/active_context/preprocessors/embeddings_spec.rb @@ -0,0 +1,104 @@ +# frozen_string_literal: true + +RSpec.describe ActiveContext::Preprocessors::Embeddings do + let(:reference_class) do + Class.new(Test::References::MockWithDatabaseRecord) do + include ::ActiveContext::Preprocessors::Embeddings + + add_preprocessor :bulk_embeddings do |refs| + bulk_embeddings(refs) + end + + attr_accessor :embedding + end + end + + let(:reference_1) { reference_class.new(collection_id, partition, object_id) } + let(:reference_2) { reference_class.new(collection_id, partition, object_id) } + + let(:mock_adapter) { double } + let(:mock_collection) { double(name: collection_name, partition_for: partition) } + let(:mock_object) { double(id: object_id) } + let(:mock_relation) { double(find_by: mock_object) } + let(:mock_connection) { double(id: connection_id) } + + let(:connection_id) { 3 } + let(:partition) { 2 } + let(:collection_id) { 1 } + let(:object_id) { 5 } + let(:collection_name) { 'mock_collection' } + let(:embeddings) { [[1, 2], [3, 4]] } + let(:embedding_content) { 'some text' } + + subject(:preprocess_refs) { ActiveContext::Reference.preprocess_references([reference_1, reference_2]) } + + before do + allow(ActiveContext).to receive(:adapter).and_return(mock_adapter) + allow(ActiveContext::CollectionCache).to receive(:fetch).and_return(mock_collection) + allow(ActiveContext::Logger).to receive(:exception).and_return(nil) + allow(reference_class).to receive(:model_klass).and_return(mock_relation) + end + + context 'when the reference klass implements :embedding_content' do + before do + allow(reference_class).to receive(:embedding_content).and_return(embedding_content) + end + + it 'generates embeddings in bulk and sets the embeddings for each reference' do + expect(ActiveContext::Embeddings).to receive(:generate_embeddings) + .with([embedding_content, embedding_content]) + .and_return(embeddings) + + preprocess_refs + + expect(reference_1.embedding).to eq(embeddings.first) + expect(reference_2.embedding).to eq(embeddings.last) + end + + context 'when generating for a single reference' do + it 'generates embeddings in bulk and sets the embeddings for the reference' do + expect(ActiveContext::Embeddings).to receive(:generate_embeddings) + .with([embedding_content]) + .and_return([embeddings.first]) + + ActiveContext::Reference.preprocess_references([reference_1]) + + expect(reference_1.embedding).to eq(embeddings.first) + end + end + + context 'when generate_embeddings returns an error' do + let(:error) { StandardError } + + before do + allow(ActiveContext::Embeddings).to receive(:generate_embeddings).and_raise(error) + end + + it 'logs and returns all references without embeddings' do + expect(::ActiveContext::Logger).to receive(:exception).with(error) + + expect(preprocess_refs).to eq([reference_1, reference_2]) + + expect(reference_1.embedding).to be_nil + expect(reference_2.embedding).to be_nil + end + end + end + + context 'when the reference does not implement :embedding_content' do + it 'logs and does not raise an error' do + expect(ActiveContext::Embeddings).not_to receive(:generate_embeddings) + expect(::ActiveContext::Logger).to receive(:exception) + .with(ActiveContext::Preprocessors::Embeddings::IndexingError) + + expect { preprocess_refs }.not_to raise_error + end + + it 'returns references without embeddings' do + expect(preprocess_refs).to eq([reference_1, reference_2]) + + expect(reference_1.embedding).to be_nil + expect(reference_2.embedding).to be_nil + end + end +end diff --git a/lib/event_filter.rb b/lib/event_filter.rb index 4d9f4d0f763..7eea1630710 100644 --- a/lib/event_filter.rb +++ b/lib/event_filter.rb @@ -119,6 +119,14 @@ class EventFilter end end + def filters + [ALL, PUSH, MERGED, ISSUE, COMMENTS, TEAM, WIKI, DESIGNS] + end + + def ==(other) + other.is_a?(self.class) && filter == other.filter + end + private def in_operator_params(array_data:, scope: nil, in_column: nil, in_values: nil, order_hint_column: nil) @@ -213,10 +221,6 @@ class EventFilter def design_events(events) events.for_design end - - def filters - [ALL, PUSH, MERGED, ISSUE, COMMENTS, TEAM, WIKI, DESIGNS] - end end # rubocop: enable CodeReuse/ActiveRecord diff --git a/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml index d7cdb332a61..5471cfdf194 100644 --- a/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml @@ -197,6 +197,15 @@ semgrep-sast: - '**/*.swift' - '**/*.m' - '**/*.kt' + - '**/*.properties' + - '**/application*.yml' + - '**/management*.yml' + - '**/actuator*.yml' + - '**/bootstrap*.yml' + - '**/application*.yaml' + - '**/management*.yaml' + - '**/actuator*.yaml' + - '**/bootstrap*.yaml' ## In case gitlab-advanced-sast already covers all the files that semgrep-sast would have scanned - if: $CI_COMMIT_BRANCH && $GITLAB_FEATURES =~ /\bsast_advanced\b/ && @@ -230,6 +239,15 @@ semgrep-sast: - '**/*.m' - '**/*.rb' - '**/*.kt' + - '**/*.properties' + - '**/application*.yml' + - '**/management*.yml' + - '**/actuator*.yml' + - '**/bootstrap*.yml' + - '**/application*.yaml' + - '**/management*.yaml' + - '**/actuator*.yaml' + - '**/bootstrap*.yaml' sobelow-sast: extends: .sast-analyzer diff --git a/lib/gitlab/ci/templates/Jobs/SAST.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/SAST.latest.gitlab-ci.yml index 8c426e1ea71..9838ce62cb1 100644 --- a/lib/gitlab/ci/templates/Jobs/SAST.latest.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/SAST.latest.gitlab-ci.yml @@ -250,6 +250,15 @@ semgrep-sast: - '**/*.swift' - '**/*.m' - '**/*.kt' + - '**/*.properties' + - '**/application*.yml' + - '**/management*.yml' + - '**/actuator*.yml' + - '**/bootstrap*.yml' + - '**/application*.yaml' + - '**/management*.yaml' + - '**/actuator*.yaml' + - '**/bootstrap*.yaml' ## In case gitlab-advanced-sast already covers all the files that semgrep-sast would have scanned - if: $CI_PIPELINE_SOURCE == "merge_request_event" && $GITLAB_FEATURES =~ /\bsast_advanced\b/ && @@ -283,6 +292,15 @@ semgrep-sast: - '**/*.m' - '**/*.rb' - '**/*.kt' + - '**/*.properties' + - '**/application*.yml' + - '**/management*.yml' + - '**/actuator*.yml' + - '**/bootstrap*.yml' + - '**/application*.yaml' + - '**/management*.yaml' + - '**/actuator*.yaml' + - '**/bootstrap*.yaml' - if: $CI_OPEN_MERGE_REQUESTS # Don't add it to a *branch* pipeline if it's already in a merge request pipeline. when: never # If there's no open merge request, add it to a *branch* pipeline instead. @@ -308,6 +326,15 @@ semgrep-sast: - '**/*.swift' - '**/*.m' - '**/*.kt' + - '**/*.properties' + - '**/application*.yml' + - '**/management*.yml' + - '**/actuator*.yml' + - '**/bootstrap*.yml' + - '**/application*.yaml' + - '**/management*.yaml' + - '**/actuator*.yaml' + - '**/bootstrap*.yaml' ## In case gitlab-advanced-sast already covers all the files that semgrep-sast would have scanned - if: $CI_COMMIT_BRANCH && $GITLAB_FEATURES =~ /\bsast_advanced\b/ && @@ -341,6 +368,15 @@ semgrep-sast: - '**/*.m' - '**/*.rb' - '**/*.kt' + - '**/*.properties' + - '**/application*.yml' + - '**/management*.yml' + - '**/actuator*.yml' + - '**/bootstrap*.yml' + - '**/application*.yaml' + - '**/management*.yaml' + - '**/actuator*.yaml' + - '**/bootstrap*.yaml' sobelow-sast: extends: .sast-analyzer diff --git a/lib/gitlab/quick_actions/work_item_actions.rb b/lib/gitlab/quick_actions/work_item_actions.rb index e87afc866f5..8ab158a8d64 100644 --- a/lib/gitlab/quick_actions/work_item_actions.rb +++ b/lib/gitlab/quick_actions/work_item_actions.rb @@ -45,14 +45,7 @@ module Gitlab end command :set_parent, :epic do |parent_param| if quick_action_target.instance_of?(WorkItem) - parent = extract_work_items(parent_param).first - - if parent && current_user.can?(:read_work_item, parent) - @updates[:set_parent] = parent - @execution_message[:set_parent] = success_msg[:set_parent] - else - @execution_message[:set_parent] = _("This parent does not exist or you don't have sufficient permission.") - end + handle_set_parent(parent_param) elsif quick_action_target.instance_of?(Issue) handle_set_epic(parent_param) end @@ -210,6 +203,35 @@ module Gitlab # overridden in EE def handle_set_epic(parent_param); end + # rubocop:disable Gitlab/ModuleWithInstanceVariables -- @updates is already defined and part of + # Gitlab::QuickActions::Dsl implementation + def handle_set_parent(parent_param) + parent = extract_work_items(parent_param).first + child = quick_action_target + + message = + if parent && current_user.can?(:read_work_item, parent) + if child&.work_item_parent == parent + format(_('Work item %{work_item_reference} has already been added to parent %{parent_reference}.'), + work_item_reference: child&.to_reference, parent_reference: parent.to_reference) + elsif parent.confidential? && !child&.confidential? + _("Cannot assign a confidential parent to a non-confidential work item. Make the work item " \ + "confidential and try again") + elsif ::WorkItems::HierarchyRestriction.find_by_parent_type_id_and_child_type_id(parent.work_item_type_id, + child&.work_item_type_id).nil? + _("Cannot assign this work item type to parent type") + else + @updates[:set_parent] = parent + success_msg[:set_parent] + end + else + _("This parent does not exist or you don't have sufficient permission.") + end + + @execution_message[:set_parent] = message + end + # rubocop:enable Gitlab/ModuleWithInstanceVariables + # overridden in EE def show_epic_alias?; end end diff --git a/locale/gitlab.pot b/locale/gitlab.pot index e8466f339c2..1cf7d100cc9 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -11694,6 +11694,12 @@ msgstr "" msgid "Cannot assign a confidential epic to a non-confidential issue. Make the issue confidential and try again" msgstr "" +msgid "Cannot assign a confidential parent to a non-confidential work item. Make the work item confidential and try again" +msgstr "" + +msgid "Cannot assign this work item type to parent type" +msgstr "" + msgid "Cannot be merged automatically" msgstr "" @@ -42621,9 +42627,6 @@ msgstr "" msgid "PipelineCharts|An unknown error occurred while processing CI/CD analytics." msgstr "" -msgid "PipelineCharts|CI/CD Analytics" -msgstr "" - msgid "PipelineCharts|Failure rate" msgstr "" @@ -48241,6 +48244,9 @@ msgstr "" msgid "RegistrationFeatures|use this feature" msgstr "" +msgid "Registration|There are no seats left on your GitLab instance. Please contact your GitLab administrator." +msgstr "" + msgid "Registries enqueued to be resynced" msgstr "" @@ -54673,6 +54679,9 @@ msgstr "" msgid "Service account token expiration" msgstr "" +msgid "Service account was successfully updated." +msgstr "" + msgid "Service accounts" msgstr "" @@ -54715,6 +54724,9 @@ msgstr "" msgid "ServiceAccount|User does not have permission to delete a service account." msgstr "" +msgid "ServiceAccount|You are not authorized to update service accounts in this namespace." +msgstr "" + msgid "ServiceDesk|%{customEmail} with SMTP host %{smtpAddress} is %{badgeStart}verified%{badgeEnd}" msgstr "" @@ -63362,6 +63374,9 @@ msgstr[1] "" msgid "User is blocked" msgstr "" +msgid "User is not a service account" +msgstr "" + msgid "User is not allowed to resolve thread" msgstr "" @@ -66167,6 +66182,9 @@ msgstr "" msgid "Work in progress limit: %{wipLimit}" msgstr "" +msgid "Work item %{work_item_reference} has already been added to parent %{parent_reference}." +msgstr "" + msgid "Work item not supported" msgstr "" diff --git a/package.json b/package.json index 2f74fe391e4..4cdfff6649d 100644 --- a/package.json +++ b/package.json @@ -65,7 +65,7 @@ "@gitlab/fonts": "^1.3.0", "@gitlab/query-language-rust": "0.4.2", "@gitlab/svgs": "3.123.0", - "@gitlab/ui": "110.1.0", + "@gitlab/ui": "111.0.0", "@gitlab/vue-router-vue3": "npm:vue-router@4.5.0", "@gitlab/vuex-vue3": "npm:vuex@4.1.0", "@gitlab/web-ide": "^0.0.1-dev-20250309164831", diff --git a/scripts/frontend/eslint.js b/scripts/frontend/eslint.js index fa458aac0e5..e56adefc93b 100644 --- a/scripts/frontend/eslint.js +++ b/scripts/frontend/eslint.js @@ -7,7 +7,7 @@ To see the full list of circular dependencies, run the command ${chalk.bold.cyan If you have fixed existing circular dependencies or find false positives, you can add/remove them from the exclusions list in the 'config/dependency-cruiser.js' file.\n ${chalk.italic('If the above command fails because of memory issues, increase the memory by prepending it with the following')} -${chalk.bold.cyan('NODE_OPTIONS="--max_old_space_size=4096"')} +${chalk.bold.cyan('NODE_OPTIONS="--max-old-space-size=4096"')} `); }; diff --git a/scripts/static-analysis b/scripts/static-analysis index 1603846b68f..f205b42d9a4 100755 --- a/scripts/static-analysis +++ b/scripts/static-analysis @@ -51,7 +51,7 @@ class StaticAnalysis Task.new(%w[scripts/lint-vendored-gems.sh], 10), Task.new(%w[yarn run check-dependencies], 1), Task.new(%w[scripts/gemfile_lock_changed.sh], 1), - Task.new(%w[yarn run deps:check:all], 60) + Task.new(%w[yarn run deps:check:all --no-cache], 60) ].compact.freeze def run_tasks!(options = {}) diff --git a/spec/controllers/projects_controller_spec.rb b/spec/controllers/projects_controller_spec.rb index d4ad55f4230..40b88088c15 100644 --- a/spec/controllers/projects_controller_spec.rb +++ b/spec/controllers/projects_controller_spec.rb @@ -953,28 +953,6 @@ RSpec.describe ProjectsController, feature_category: :groups_and_projects do expect(project.emails_disabled?).to eq(!result) expect(project.extended_prat_expiry_webhooks_execute?).to eq(result) end - - context 'when extended_expiry_webhook_execution_setting feature flag is false' do - before do - stub_feature_flags(extended_expiry_webhook_execution_setting: false) - end - - it "does not update extended_expiry_webhook_execution_setting" do - put :update, params: { - namespace_id: project.namespace, - id: project.path, - project: { - project_setting_attributes: { - extended_prat_expiry_webhooks_execute: boolean_value - } - } - } - - project.reload - - expect(project.extended_prat_expiry_webhooks_execute?).to be false - end - end end end diff --git a/spec/features/projects/jobs_spec.rb b/spec/features/projects/jobs_spec.rb index 542bc386f2a..09f94da688d 100644 --- a/spec/features/projects/jobs_spec.rb +++ b/spec/features/projects/jobs_spec.rb @@ -659,8 +659,8 @@ RSpec.describe 'Jobs', :clean_gitlab_redis_shared_state, feature_category: :grou context 'when deployment does not have a deployable' do let!(:second_deployment) { create(:deployment, :success, environment: environment, deployable: nil) } - it 'has an empty href' do - expect(find_by_testid('job-deployment-link')['href']).to be_empty + it 'has a href of #' do + expect(page).to have_selector('[data-testid="job-deployment-link"][href="#"]') end end end diff --git a/spec/frontend/ci/jobs_mock_data.js b/spec/frontend/ci/jobs_mock_data.js index 39cf99595ac..e7cb72f6057 100644 --- a/spec/frontend/ci/jobs_mock_data.js +++ b/spec/frontend/ci/jobs_mock_data.js @@ -1267,6 +1267,7 @@ export const mockPipelineWithoutMR = { path: 'pipeline/28029444', ref: { name: 'test-branch', + path: 'test-branch', }, }; diff --git a/spec/frontend/clusters/components/__snapshots__/new_cluster_spec.js.snap b/spec/frontend/clusters/components/__snapshots__/new_cluster_spec.js.snap index f90acb5cb22..f10f1eee440 100644 --- a/spec/frontend/clusters/components/__snapshots__/new_cluster_spec.js.snap +++ b/spec/frontend/clusters/components/__snapshots__/new_cluster_spec.js.snap @@ -9,12 +9,12 @@ exports[`NewCluster renders the cluster component correctly 1`] = `

Enter details about your cluster. - How do I use a certificate to connect to my cluster? - +

`; diff --git a/spec/frontend/jira_connect/subscriptions/components/browser_support_alert_spec.js b/spec/frontend/jira_connect/subscriptions/components/browser_support_alert_spec.js index a8aa383d917..8ba4c4a4cad 100644 --- a/spec/frontend/jira_connect/subscriptions/components/browser_support_alert_spec.js +++ b/spec/frontend/jira_connect/subscriptions/components/browser_support_alert_spec.js @@ -27,7 +27,7 @@ describe('BrowserSupportAlert', () => { createComponent({ mountFn: mount }); expect(findLink().attributes()).toMatchObject({ target: '_blank', - rel: 'noopener', + rel: 'noopener noreferrer', }); }); }); diff --git a/spec/frontend/organizations/groups/new/components/app_spec.js b/spec/frontend/organizations/groups/new/components/app_spec.js index 05de5d80f42..5fd2129dc31 100644 --- a/spec/frontend/organizations/groups/new/components/app_spec.js +++ b/spec/frontend/organizations/groups/new/components/app_spec.js @@ -79,13 +79,11 @@ describe('OrganizationGroupsNewApp', () => { expect(findAllParagraphs().at(0).text()).toMatchInterpolatedText( 'Groups allow you to manage and collaborate across multiple projects. Members of a group have access to all of its projects.', ); - expect(findAllLinks().at(0).attributes('href')).toBe(helpPagePath('user/group/index')); + expect(findAllLinks().at(0).props('href')).toBe(helpPagePath('user/group/index')); expect(findAllParagraphs().at(1).text()).toContain( 'Groups can also be nested by creating subgroups.', ); - expect(findAllLinks().at(1).attributes('href')).toBe( - helpPagePath('user/group/subgroups/index'), - ); + expect(findAllLinks().at(1).props('href')).toBe(helpPagePath('user/group/subgroups/index')); }); it('renders form and passes correct props', () => { diff --git a/spec/frontend/packages_and_registries/infrastructure_registry/components/list/components/__snapshots__/packages_list_app_spec.js.snap b/spec/frontend/packages_and_registries/infrastructure_registry/components/list/components/__snapshots__/packages_list_app_spec.js.snap index faba582bac8..f483e033f24 100644 --- a/spec/frontend/packages_and_registries/infrastructure_registry/components/list/components/__snapshots__/packages_list_app_spec.js.snap +++ b/spec/frontend/packages_and_registries/infrastructure_registry/components/list/components/__snapshots__/packages_list_app_spec.js.snap @@ -34,13 +34,14 @@ exports[`packages_list_app renders 1`] = ` class="gl-mb-0 gl-mt-4 gl-text-subtle" > Learn how to - publish and share your packages - + with GitLab.

see the documentation diff --git a/spec/frontend/projects/pipelines/charts/components/dashboard_header_spec.js b/spec/frontend/projects/pipelines/charts/components/dashboard_header_spec.js new file mode 100644 index 00000000000..1ab74a5f32b --- /dev/null +++ b/spec/frontend/projects/pipelines/charts/components/dashboard_header_spec.js @@ -0,0 +1,30 @@ +import { shallowMount } from '@vue/test-utils'; +import DashboardHeader from '~/projects/pipelines/charts/components/dashboard_header.vue'; + +describe('DashboardHeader', () => { + let wrapper; + + const createComponent = ({ ...options }) => { + wrapper = shallowMount(DashboardHeader, { ...options }); + }; + + it('shows heading', () => { + createComponent({ + slots: { + default: 'My Heading', + }, + }); + + expect(wrapper.find('h2').text()).toBe('My Heading'); + }); + + it('shows description', () => { + createComponent({ + slots: { + description: '

My Description

', + }, + }); + + expect(wrapper.find('p').text()).toContain('My Description'); + }); +}); diff --git a/spec/frontend/projects/settings/branch_rules/components/view/protection_spec.js b/spec/frontend/projects/settings/branch_rules/components/view/protection_spec.js index eb5f707a4a2..f71b855510d 100644 --- a/spec/frontend/projects/settings/branch_rules/components/view/protection_spec.js +++ b/spec/frontend/projects/settings/branch_rules/components/view/protection_spec.js @@ -108,15 +108,34 @@ describe('Branch rule protection', () => { }); describe('When `edit_branch_rules` FF is disabled', () => { - beforeEach(() => createComponent({ editBranchRules: false })); - it('does not render `Edit` button', () => { + createComponent({ editBranchRules: false }); + expect(findEditButton().exists()).toBe(false); }); - it('renders link to manage branch protections', () => { - expect(findLink().text()).toBe(protectionPropsMock.headerLinkTitle); - expect(findLink().attributes('href')).toBe(protectionPropsMock.headerLinkHref); + describe('when headerLinkHref and headerLinkTitle are set', () => { + beforeEach(() => { + createComponent({ editBranchRules: false }); + }); + + it('renders link to manage branch protections', () => { + expect(findLink().text()).toBe(protectionPropsMock.headerLinkTitle); + expect(findLink().attributes('href')).toBe(protectionPropsMock.headerLinkHref); + }); + }); + + describe('when headerLinkHref and headerLinkTitle are not set', () => { + beforeEach(() => { + createComponent( + { editBranchRules: false }, + { headerLinkHref: null, headerLinkTitle: null }, + ); + }); + + it('does not render link to manage branch protections', () => { + expect(findLink().exists()).toBe(false); + }); }); it('renders a protection row for status checks', () => { diff --git a/spec/frontend/work_items/components/shared/work_item_sidebar_widget_spec.js b/spec/frontend/work_items/components/shared/work_item_sidebar_widget_spec.js index 68794022a1a..78ec7608aa5 100644 --- a/spec/frontend/work_items/components/shared/work_item_sidebar_widget_spec.js +++ b/spec/frontend/work_items/components/shared/work_item_sidebar_widget_spec.js @@ -1,3 +1,4 @@ +import { GlLoadingIcon } from '@gitlab/ui'; import { nextTick } from 'vue'; import { shallowMountExtended } from 'helpers/vue_test_utils_helper'; import { Mousetrap } from '~/lib/mousetrap'; @@ -111,11 +112,17 @@ describe('WorkItemSidebarWidget component', () => { }); describe('when updating', () => { - it('renders Edit button as disabled', () => { + beforeEach(() => { createComponent({ canUpdate: true, isUpdating: true }); + }); + it('renders Edit button as disabled', () => { expect(findEditButton().props('disabled')).toBe(true); }); + + it('shows loading icon', () => { + expect(wrapper.findComponent(GlLoadingIcon).exists()).toBe(true); + }); }); }); diff --git a/spec/graphql/types/event_type_spec.rb b/spec/graphql/types/event_type_spec.rb index 10c3b5e18ca..f4d36e7ef0e 100644 --- a/spec/graphql/types/event_type_spec.rb +++ b/spec/graphql/types/event_type_spec.rb @@ -7,5 +7,7 @@ RSpec.describe Types::EventType do specify { expect(described_class).to require_graphql_authorizations(:read_event) } - specify { expect(described_class).to have_graphql_fields(:id, :author, :action, :created_at, :updated_at) } + specify do + expect(described_class).to have_graphql_fields(:id, :author, :action, :project, :target, :created_at, :updated_at) + end end diff --git a/spec/graphql/types/users/activity_stream_type_spec.rb b/spec/graphql/types/users/activity_stream_type_spec.rb new file mode 100644 index 00000000000..e71792dfe0d --- /dev/null +++ b/spec/graphql/types/users/activity_stream_type_spec.rb @@ -0,0 +1,48 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe GitlabSchema.types['ActivityStream'], feature_category: :user_profile do + include GraphqlHelpers + + let_it_be(:current_user) { create(:user) } + let_it_be(:project) { create(:project, :public) } + + before_all do + project.add_developer(current_user) + end + + specify { expect(described_class.graphql_name).to eq('ActivityStream') } + + specify { expect(described_class).to require_graphql_authorizations(:read_user_profile) } + + it 'exposes the expected fields' do + expected_fields = %i[followed_users_activity] + + expect(described_class).to have_graphql_fields(*expected_fields) + end + + describe "#followed_users_activity" do + let_it_be(:followed_user) { create(:user) } + let_it_be(:joined_project_event) { create(:event, :joined, project: project, author: followed_user) } + let_it_be(:issue) { create(:issue, project: project) } + let_it_be(:closed_issue_event) { create(:event, :closed, author: followed_user, project: project, target: issue) } + let(:scope) { current_user.followees } + let(:filter) { EventFilter.new('ALL') } + let(:params) { { limit: 20 } } + let(:field) { resolve_field(:followed_users_activity, current_user, ctx: { current_user: current_user }) } + + before do + current_user.follow(followed_user) + end + + it 'calls UserRecentEventsFinder' do + expect_next_instance_of(UserRecentEventsFinder, current_user, scope, filter, params) do |finder| + expect(finder).to receive(:execute).and_call_original + end + expect(field.items.length).to be(2) + expect(field.items.first.action).to eq "closed" + expect(field.items.second.action).to eq "joined" + end + end +end diff --git a/spec/graphql/types/users/event_target_enum_spec.rb b/spec/graphql/types/users/event_target_enum_spec.rb new file mode 100644 index 00000000000..5045dd17401 --- /dev/null +++ b/spec/graphql/types/users/event_target_enum_spec.rb @@ -0,0 +1,12 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe GitlabSchema.types['EventTarget'], feature_category: :user_profile do + specify { expect(described_class.graphql_name).to eq('EventTarget') } + + it 'exposes all the existing event target types' do + expected = EventFilter.new('').filters.map(&:upcase) # varies between foss/ee + expect(described_class.values.keys).to match_array(expected) + end +end diff --git a/spec/graphql/types/users/event_target_type_spec.rb b/spec/graphql/types/users/event_target_type_spec.rb new file mode 100644 index 00000000000..955cfbe96d2 --- /dev/null +++ b/spec/graphql/types/users/event_target_type_spec.rb @@ -0,0 +1,40 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Types::Users::EventTargetType, feature_category: :user_profile do + it 'returns possible types' do + expect(described_class.possible_types).to include(Types::IssueType, Types::MilestoneType, + Types::MergeRequestType, Types::ProjectType, + Types::SnippetType, Types::UserType, Types::Wikis::WikiPageType, + Types::DesignManagement::DesignType, Types::Notes::NoteType) + end + + describe '.resolve_type' do + using RSpec::Parameterized::TableSyntax + + where(:factory, :graphql_type) do + :issue | Types::IssueType + :milestone | Types::MilestoneType + :merge_request | Types::MergeRequestType + :note | Types::Notes::NoteType + :project | Types::ProjectType + :project_snippet | Types::SnippetType + :user | Types::UserType + :wiki_page_meta | Types::Wikis::WikiPageType + :design | Types::DesignManagement::DesignType + end + + with_them do + it 'correctly maps type in object to GraphQL type' do + expect(described_class.resolve_type(build(factory), {})).to eq(graphql_type) + end + end + + it 'raises an error if the type is not supported' do + expect do + described_class.resolve_type(build(:group), {}) + end.to raise_error(RuntimeError, /Unsupported event target type/) + end + end +end diff --git a/spec/keeps/overdue_finalize_background_migration_spec.rb b/spec/keeps/overdue_finalize_background_migration_spec.rb index 1025ee18331..bab19213410 100644 --- a/spec/keeps/overdue_finalize_background_migration_spec.rb +++ b/spec/keeps/overdue_finalize_background_migration_spec.rb @@ -120,11 +120,17 @@ RSpec.describe Keeps::OverdueFinalizeBackgroundMigration, feature_category: :too end end - context 'when schema is gitlab_ci' do - let(:gitlab_schema) { 'gitlab_ci' } + context 'when using multiple databases' do + before do + skip_if_shared_database(:ci) + end - it 'returns the database name' do - expect(database_name).to eq(database_exists?(:ci) ? 'ci' : 'main') + context 'when schema is gitlab_ci' do + let(:gitlab_schema) { 'gitlab_ci' } + + it 'returns the database name' do + expect(database_name).to eq('ci') + end end end end diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb index c892da72ba1..fdbacb39a43 100644 --- a/spec/models/project_spec.rb +++ b/spec/models/project_spec.rb @@ -6453,16 +6453,6 @@ RSpec.describe Project, factory_default: :keep, feature_category: :groups_and_pr it_behaves_like 'webhook is added to execution list' end - context 'when feature flag is disabled' do - let(:data) { { interval: :thirty_days } } - - before do - stub_feature_flags(extended_expiry_webhook_execution_setting: false) - end - - it_behaves_like 'webhook is added to execution list' - end - context 'when setting extended_prat_expiry_webhooks_execute is disabled' do before do project.update!(extended_prat_expiry_webhooks_execute: false) diff --git a/spec/requests/api/graphql/users/activity_stream_type_spec.rb b/spec/requests/api/graphql/users/activity_stream_type_spec.rb new file mode 100644 index 00000000000..01d53b988b1 --- /dev/null +++ b/spec/requests/api/graphql/users/activity_stream_type_spec.rb @@ -0,0 +1,123 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe 'ActivityStream GraphQL Query', feature_category: :user_profile do + include GraphqlHelpers + + let_it_be(:user) { create(:user) } + let_it_be(:followed_user_1) { create(:user) } + let_it_be(:followed_user_2) { create(:user) } + let_it_be(:project) { create(:project, :public) } + let(:graphql_response) { post_graphql(query, current_user: user) } + let(:activity_stream) { graphql_data_at(:current_user, :activity, :followed_users_activity, :nodes) } + let(:query) do + <<~GRAPHQL + query UserActivity { + currentUser { + activity { + followedUsersActivity { + nodes { + author { + name + } + action + project { + name + } + target { + ... on Design { + id + } + ... on Issue { + title + } + ... on Note { + id + } + ... on MergeRequest { + title + } + ... on Milestone { + title + } + ... on Project { + fullPath + } + ... on Snippet { + title + } + ... on UserCore { + username + } + ... on WikiPage { + title + } + } + } + } + } + } + } + GRAPHQL + end + + before do + user.follow(followed_user_1) + user.follow(followed_user_2) + end + + context 'when there are no events in the activity stream' do + it 'returns empty nodes array' do + graphql_response + + expect(activity_stream).to eq([]) + end + end + + context 'when there are events in the activity stream' do + let_it_be(:joined_project_event) { create(:event, :joined, project: project, author: followed_user_1) } + let_it_be(:issue) { create(:issue, project: project) } + let_it_be(:closed_issue_event) { create(:event, :closed, author: followed_user_1, project: project, target: issue) } + let_it_be(:left_event) { create(:event, :left, author: followed_user_2, target: project) } + + it 'returns followed user\'s activity' do + graphql_response + + expect(activity_stream).to eq( + [ + { + "action" => "LEFT", + "author" => { "name" => followed_user_2.name }, + "project" => nil, + "target" => { "fullPath" => project.full_path } + }, + { + "action" => "CLOSED", + "author" => { "name" => followed_user_1.name }, + "project" => { "name" => project.name }, + "target" => { "title" => issue.title } + }, + { + "action" => "JOINED", + "author" => { "name" => followed_user_1.name }, + "project" => { "name" => project.name }, + "target" => nil + } + ] + ) + end + end + + context 'when the activity_stream_graphql feature flag is disabled' do + before do + stub_feature_flags(activity_stream_graphql: false) + end + + it 'returns `nil`' do + graphql_response + + expect(activity_stream).to be_nil + end + end +end diff --git a/spec/services/quick_actions/interpret_service_spec.rb b/spec/services/quick_actions/interpret_service_spec.rb index 2eb1aeae9e8..757ee4d4961 100644 --- a/spec/services/quick_actions/interpret_service_spec.rb +++ b/spec/services/quick_actions/interpret_service_spec.rb @@ -3316,7 +3316,7 @@ RSpec.describe QuickActions::InterpretService, feature_category: :text_editors d let_it_be(:parent_ref) { parent.to_reference(project) } context 'on a work item' do - context 'when the parent reference is valid' do + context 'with a valid parent reference' do let(:content) { "/set_parent #{parent_ref}" } it 'returns success message' do @@ -3342,11 +3342,54 @@ RSpec.describe QuickActions::InterpretService, feature_category: :text_editors d expect(updates).to be_empty expect(message).to eq("This parent does not exist or you don't have sufficient permission.") + expect(task_work_item.reload.work_item_parent).to be_nil + end + end + + context 'when the parent is already set to the same work item' do + let_it_be(:task_work_item_with_parent) do + create(:work_item, :task, project: project, work_item_parent: parent) + end + + it 'does not assign the parent and returns an appropriate error' do + _, updates, message = service.execute(content, task_work_item_with_parent) + + expect(updates).to be_empty + expect(message).to eq("Work item #{task_work_item_with_parent.to_reference} has already been added to " \ + "parent #{parent.to_reference}.") + expect(task_work_item_with_parent.reload.work_item_parent).to eq parent + end + end + + context 'when the child is not confidential but the parent is confidential' do + let_it_be(:confidential_parent) { create(:work_item, :issue, :confidential, project: project) } + let(:content) { "/set_parent #{confidential_parent.to_reference(project)}" } + + it 'does not assign the parent and returns an appropriate error' do + _, updates, message = service.execute(content, task_work_item) + + expect(updates).to be_empty + expect(message).to eq("Cannot assign a confidential parent to a non-confidential work item. Make the " \ + "work item confidential and try again") + expect(task_work_item.reload.work_item_parent).to be_nil + end + end + + context 'when the child and parent are incompatible types' do + let(:other_task_work_item) { create(:work_item, :task, project: project) } + let(:content) { "/set_parent #{other_task_work_item.to_reference(project)}" } + + it 'does not assign the parent and returns an appropriate error' do + _, updates, message = service.execute(content, task_work_item) + + expect(updates).to be_empty + expect(message).to eq("Cannot assign this work item type to parent type") + expect(task_work_item.reload.work_item_parent).to be_nil end end end - context 'when the parent reference is invalid' do + context 'with an invalid parent reference' do let(:content) { "/set_parent not_a_valid_parent" } it 'does not assign the parent and returns an appropriate error' do diff --git a/spec/services/users/auto_ban_service_spec.rb b/spec/services/users/auto_ban_service_spec.rb index e40f28eabeb..52409a6f522 100644 --- a/spec/services/users/auto_ban_service_spec.rb +++ b/spec/services/users/auto_ban_service_spec.rb @@ -51,7 +51,7 @@ RSpec.describe Users::AutoBanService, feature_category: :instance_resiliency do response = execute expect(response[:status]).to eq(:error) - expect(response[:message]).to match('State cannot transition via "ban"') + expect(response[:message]).to match('You cannot ban blocked users.') end it 'does not modify the BannedUser record or user state' do @@ -76,7 +76,7 @@ RSpec.describe Users::AutoBanService, feature_category: :instance_resiliency do end it 'raises an error and does not ban the user', :aggregate_failures do - expect { execute! }.to raise_error(StateMachines::InvalidTransition) + expect { execute! }.to raise_error(described_class::Error) .and not_change { Users::BannedUser.count } .and not_change { user.state } end diff --git a/spec/support/shared_examples/quick_actions/work_item/hierarchy_quick_actions_shared_examples.rb b/spec/support/shared_examples/quick_actions/work_item/hierarchy_quick_actions_shared_examples.rb index a5d35b4ea63..16fbbe15243 100644 --- a/spec/support/shared_examples/quick_actions/work_item/hierarchy_quick_actions_shared_examples.rb +++ b/spec/support/shared_examples/quick_actions/work_item/hierarchy_quick_actions_shared_examples.rb @@ -1,6 +1,10 @@ # frozen_string_literal: true RSpec.shared_examples 'sets work item parent' do + after do + noteable.reload + end + it 'leaves the note empty' do expect(execute(note)).to be_empty end diff --git a/spec/workers/pages/deactivate_expired_deployments_cron_worker_spec.rb b/spec/workers/pages/deactivate_expired_deployments_cron_worker_spec.rb index 0da97133621..cd289f951be 100644 --- a/spec/workers/pages/deactivate_expired_deployments_cron_worker_spec.rb +++ b/spec/workers/pages/deactivate_expired_deployments_cron_worker_spec.rb @@ -5,9 +5,9 @@ require 'spec_helper' RSpec.describe Pages::DeactivateExpiredDeploymentsCronWorker, feature_category: :pages do subject(:worker) { described_class.new } - let(:expired_pages_deployment) { create(:pages_deployment, expires_at: 3.minutes.ago) } - let(:not_yet_expired_pages_deployment) { create(:pages_deployment, expires_at: 1.hour.from_now) } - let(:never_expire_pages_deployment) { create(:pages_deployment, expires_at: nil) } + let!(:expired_pages_deployment) { create(:pages_deployment, expires_at: 3.minutes.ago) } + let!(:not_yet_expired_pages_deployment) { create(:pages_deployment, expires_at: 1.hour.from_now) } + let!(:never_expire_pages_deployment) { create(:pages_deployment, expires_at: nil) } it 'deactivates all expired pages deployments' do expect { worker.perform } @@ -15,4 +15,34 @@ RSpec.describe Pages::DeactivateExpiredDeploymentsCronWorker, feature_category: .and not_change { not_yet_expired_pages_deployment.reload.active? } .and not_change { never_expire_pages_deployment.reload.active? } end + + it 'logs extra metadata on done' do + expect(worker).to receive(:log_extra_metadata_on_done).with(:deactivate_expired_pages_deployments, { + deactivated_deployments: 1, + duration: be > 0 + }) + + worker.perform + end + + it 'uses the expected values for batching and limiting' do + expect(Pages::DeactivateExpiredDeploymentsCronWorker::MAX_NUM_DELETIONS).to be(10000) + expect(Pages::DeactivateExpiredDeploymentsCronWorker::BATCH_SIZE).to be(1000) + end + + describe 'batching and limiting' do + before do + stub_const('Pages::DeactivateExpiredDeploymentsCronWorker::MAX_NUM_DELETIONS', 9) + stub_const('Pages::DeactivateExpiredDeploymentsCronWorker::BATCH_SIZE', 5) + + 11.times do # we already have 1 deployment from the outer scope + create(:pages_deployment, expires_at: 3.minutes.ago) + end + end + + it 'processes a maximum number of deletions, but will complete the last batch of deletions' do + expect { worker.perform } + .to change { PagesDeployment.active.expired.count }.from(12).to(2) + end + end end diff --git a/spec/workers/personal_access_tokens/expiring_worker_spec.rb b/spec/workers/personal_access_tokens/expiring_worker_spec.rb index e4fc6204fb6..647c9e01e54 100644 --- a/spec/workers/personal_access_tokens/expiring_worker_spec.rb +++ b/spec/workers/personal_access_tokens/expiring_worker_spec.rb @@ -266,29 +266,6 @@ RSpec.describe PersonalAccessTokens::ExpiringWorker, type: :worker, feature_cate worker.perform end - context 'when feature flag extended_expiry_webhook_execution_setting is disabled' do - before do - stub_feature_flags(extended_expiry_webhook_execution_setting: false) - end - - it "does not call execute_web_hooks for interval 30 days" do - expiring_token.update!(expires_at: 30.days.from_now) - project_hook = create(:project_hook, project: project, resource_access_token_events: true) - - expect(Gitlab::DataBuilder::ResourceAccessTokenPayload).not_to receive(:build) - expect(WebHookService) - .not_to receive(:new) - .with( - project_hook, - {}, - 'resource_access_token_hooks', - idempotency_key: anything - ) { fake_wh_service } - - worker.perform - end - end - context 'with multiple batches of tokens' do let_it_be(:expiring_tokens) { create_list(:resource_access_token, 4, expires_at: 6.days.from_now) } diff --git a/yarn.lock b/yarn.lock index 55e64491ca0..49bc28e6ec4 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1417,7 +1417,8 @@ resolved "https://registry.yarnpkg.com/@gitlab/fonts/-/fonts-1.3.0.tgz#df89c1bb6714e4a8a5d3272568aa4de7fb337267" integrity sha512-DoMUIN3DqjEn7wvcxBg/b7Ite5fTdF5EmuOZoBRo2j0UBGweDXmNBi+9HrTZs4cBU660dOxcf1hATFcG3npbPg== -"@gitlab/noop@^1.0.1": +"@gitlab/noop@^1.0.1", jackspeak@^3.1.2, "jackspeak@npm:@gitlab/noop@1.0.1": + name jackspeak version "1.0.1" resolved "https://registry.yarnpkg.com/@gitlab/noop/-/noop-1.0.1.tgz#71a831146ee02732b4a61d2d3c11204564753454" integrity sha512-s++4wjMYeDvBp9IO59DBrWjy8SE/gFkjTDO5ck2W0S6Vv7OlqgErwL7pHngAnrSmTJAzyUG8wHGqo0ViS4jn5Q== @@ -1441,10 +1442,10 @@ resolved "https://registry.yarnpkg.com/@gitlab/svgs/-/svgs-3.123.0.tgz#1fa3b1a709755ff7c8ef67e18c0442101655ebf0" integrity sha512-yjVn+utOTIKk8d9JlvGo6EgJ4TQ+CKpe3RddflAqtsQqQuL/2MlVdtaUePybxYzWIaumFuh5LouQ6BrWyw1niQ== -"@gitlab/ui@110.1.0": - version "110.1.0" - resolved "https://registry.yarnpkg.com/@gitlab/ui/-/ui-110.1.0.tgz#5a38aafb92d67b589318c39f72b5ba622fa89b83" - integrity sha512-tCezdqWgSNKuksfvVfm8TWBSIbkuK0jhCoffFFKl3HzBf9FWnCqS5+XEHLU3nPttZBTi5T761BTNqqHx8SZUAg== +"@gitlab/ui@111.0.0": + version "111.0.0" + resolved "https://registry.yarnpkg.com/@gitlab/ui/-/ui-111.0.0.tgz#b827f61df673074d1cb0d3d074314635bcb74aff" + integrity sha512-AynSxduL6i5xIMSysKZWhXaSXYkJGZlmCpPz2gWCBy0+IX0r8giXwHfhGqNJ/VYaZCpkTVYeY1gTiFguPlCsbg== dependencies: "@floating-ui/dom" "1.4.3" echarts "^5.3.2" @@ -9487,11 +9488,6 @@ iterall@^1.2.1: resolved "https://registry.yarnpkg.com/iterall/-/iterall-1.3.0.tgz#afcb08492e2915cbd8a0884eb93a8c94d0d72fea" integrity sha512-QZ9qOMdF+QLHxy1QIpUHUU1D5pS2CG2P69LF6L6CPjPYA/XMOmKV3PZpawHoAjHNyB0swdVTRxdYT4tbBbxqwg== -jackspeak@^3.1.2, "jackspeak@npm:@gitlab/noop@1.0.1": - version "1.0.1" - resolved "https://registry.yarnpkg.com/@gitlab/noop/-/noop-1.0.1.tgz#71a831146ee02732b4a61d2d3c11204564753454" - integrity sha512-s++4wjMYeDvBp9IO59DBrWjy8SE/gFkjTDO5ck2W0S6Vv7OlqgErwL7pHngAnrSmTJAzyUG8wHGqo0ViS4jn5Q== - jed@^1.1.1: version "1.1.1" resolved "https://registry.yarnpkg.com/jed/-/jed-1.1.1.tgz#7a549bbd9ffe1585b0cd0a191e203055bee574b4"