root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2023-12-05 12:07:48 +00:00
parent 01625f2465
commit b35f7ce1f3
67 changed files with 1027 additions and 521 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/assets/javascripts/ci_secure_files/components/secure_files_list.vue
View File

@ -223,7 +223,6 @@ export default {
ref="fileUpload"
type="file"
class="hidden"
data-qa-selector="file_upload_field"
@change="uploadSecureFile"
/>
</div>

1
app/assets/javascripts/ci_settings_pipeline_triggers/components/triggers_list.vue
View File

@ -121,7 +121,6 @@ export default {
v-if="item.hasTokenExposed"
:text="item.token"
data-testid="clipboard-btn"
data-qa-selector="clipboard_button"
:title="$options.i18n.copyTrigger"
css-class="gl-border-none gl-py-0 gl-px-2"
/>

1
app/assets/javascripts/content_editor/components/bubble_menus/media_bubble_menu.vue
View File

@ -238,7 +238,6 @@ export default {
name="content_editor_image"
:accept="$options.acceptedMimes[mediaType]"
class="gl-display-none"
data-qa-selector="file_upload_field"
@change="onFileSelect"
/>
<gl-link

2
app/assets/javascripts/graphql_shared/constants.js
View File

@ -27,7 +27,7 @@ export const TYPENAME_TODO = 'Todo';
export const TYPENAME_USER = 'User';
export const TYPENAME_VULNERABILITY = 'Vulnerability';
export const TYPENAME_WORK_ITEM = 'WorkItem';
export const TYPENAME_ORGANIZATION = 'Organization';
export const TYPE_ORGANIZATION = 'Organizations::Organization';
export const TYPE_USERS_SAVED_REPLY = 'Users::SavedReply';
export const TYPE_WORKSPACE = 'RemoteDevelopment::Workspace';
export const TYPE_COMPLIANCE_FRAMEWORK = 'ComplianceManagement::Framework';

2
app/assets/javascripts/organizations/index/components/app.vue
View File

@ -3,7 +3,7 @@ import { GlButton } from '@gitlab/ui';
import { __, s__ } from '~/locale';
import { createAlert } from '~/alert';
import { DEFAULT_PER_PAGE } from '~/api';
import organizationsQuery from '../graphql/organizations.query.graphql';
import organizationsQuery from '../../shared/graphql/queries/organizations.query.graphql';
import OrganizationsView from './organizations_view.vue';
export default {

14
app/assets/javascripts/organizations/index/graphql/organizations_client.query.graphql
View File

@ -1,14 +0,0 @@
query getCurrentUserOrganizationsClient {
currentUser {
id
organizations @client {
nodes {
id
name
descriptionHtml
avatarUrl
webUrl
}
}
}
}

9
app/assets/javascripts/organizations/mock_data.js
View File

@ -6,7 +6,7 @@
export const organizations = [
{
id: 'gid://gitlab/Organization/1',
id: 'gid://gitlab/Organizations::Organization/1',
name: 'My First Organization',
descriptionHtml:
'<p>This is where an organization can be explained in <strong>detail</strong></p>',
@ -15,7 +15,7 @@ export const organizations = [
__typename: 'Organization',
},
{
id: 'gid://gitlab/Organization/2',
id: 'gid://gitlab/Organizations::Organization/2',
name: 'Vegetation Co.',
descriptionHtml:
'<p> Lorem ipsum dolor sit amet Lorem ipsum dolor sit amet Lorem ipsum dolor sit amet Lorem ipsum dolor sit amet Lorem ipsum dolt Lorem ipsum dolor sit amet Lorem ipsum dolt Lorem ipsum dolor sit amet Lorem ipsum dolt Lorem ipsum dolor sit amet Lorem ipsum dolt Lorem ipsum dolor sit amet Lorem ipsum dolt Lorem ipsum dolor sit amet Lorem ipsum dolt Lorem ipsum dolor sit amet Lorem ipsum dolt Lorem ipsum dolor sit amet Lorem ipsum dolt Lorem ipsum dolor sit amet Lorem ipsum dolt<script>alert(1)</script></p>',
@ -24,7 +24,7 @@ export const organizations = [
__typename: 'Organization',
},
{
id: 'gid://gitlab/Organization/3',
id: 'gid://gitlab/Organizations::Organization/3',
name: 'Dude where is my car?',
descriptionHtml: null,
avatarUrl: null,
@ -316,6 +316,7 @@ export const pageInfo = {
hasNextPage: true,
hasPreviousPage: true,
startCursor: 'eyJpZCI6IjEwNzIifQ',
__typename: 'PageInfo',
};
export const pageInfoOnePage = {
@ -323,6 +324,7 @@ export const pageInfoOnePage = {
hasNextPage: false,
hasPreviousPage: false,
startCursor: 'eyJpZCI6IjEwNzIifQ',
__typename: 'PageInfo',
};
export const pageInfoEmpty = {
@ -330,4 +332,5 @@ export const pageInfoEmpty = {
hasNextPage: false,
hasPreviousPage: false,
startCursor: null,
__typename: 'PageInfo',
};

7
app/assets/javascripts/organizations/shared/graphql/fragments/organization.fragment.graphql Normal file
View File

@ -0,0 +1,7 @@
fragment Organization on Organization {
id
name
descriptionHtml
avatarUrl
webUrl
}

12
app/assets/javascripts/organizations/shared/graphql/queries/organization.query.graphql
View File

@ -1,9 +1,7 @@
query getOrganization($id: ID!) {
organization(id: $id) @client {
id
name
descriptionHtml
avatarUrl
webUrl
#import "../fragments/organization.fragment.graphql"
query getOrganization($id: OrganizationsOrganizationID!) {
organization(id: $id) {
...Organization
}
}

14
app/assets/javascripts/organizations/index/graphql/organizations.query.graphql → app/assets/javascripts/organizations/shared/graphql/queries/organizations.query.graphql
View File

@ -1,19 +1,15 @@
#import "~/graphql_shared/fragments/page_info.fragment.graphql"
#import "../fragments/organization.fragment.graphql"
query getCurrentUserOrganizations($first: Int, $last: Int, $before: String, $after: String) {
currentUser {
id
organizations(first: $first, last: $last, before: $before, after: $after) {
nodes {
id
name
descriptionHtml
avatarUrl
webUrl
...Organization
}
pageInfo {
endCursor
hasNextPage
hasPreviousPage
startCursor
...PageInfo
}
}
}

9
app/assets/javascripts/organizations/shared/graphql/resolvers.js
View File

@ -24,15 +24,6 @@ export default {
};
},
},
UserCore: {
organizations: async () => {
await simulateLoading();
return {
nodes: organizations,
};
},
},
Mutation: {
updateOrganization: async () => {
// Simulate API loading

31
app/assets/javascripts/vue_shared/components/entity_select/organization_select.vue
View File

@ -1,10 +1,11 @@
<script>
import { GlAlert } from '@gitlab/ui';
import * as Sentry from '~/sentry/sentry_browser_wrapper';
import getCurrentUserOrganizationsClientQuery from '~/organizations/index/graphql/organizations_client.query.graphql';
import getCurrentUserOrganizationsQuery from '~/organizations/shared/graphql/queries/organizations.query.graphql';
import getOrganizationQuery from '~/organizations/shared/graphql/queries/organization.query.graphql';
import { getIdFromGraphQLId, convertToGraphQLId } from '~/graphql_shared/utils';
import { TYPENAME_ORGANIZATION } from '~/graphql_shared/constants';
import { TYPE_ORGANIZATION } from '~/graphql_shared/constants';
import { DEFAULT_PER_PAGE } from '~/api';
import {
ORGANIZATION_TOGGLE_TEXT,
ORGANIZATION_HEADER_TEXT,
@ -62,31 +63,43 @@ export default {
data() {
return {
errorMessage: '',
endCursor: null,
};
},
methods: {
async fetchOrganizations() {
async fetchOrganizations(search, page = 1) {
if (page === 1) {
this.endCursor = null;
}
try {
const {
data: {
currentUser: {
organizations: { nodes },
organizations: { nodes, pageInfo },
},
},
} = await this.$apollo.query({
query: getCurrentUserOrganizationsClientQuery,
// TODO: implement search support - https://gitlab.com/gitlab-org/gitlab/-/issues/429999.
query: getCurrentUserOrganizationsQuery,
// TODO: implement search support - https://gitlab.com/gitlab-org/gitlab/-/issues/433954.
variables: { after: this.endCursor, first: DEFAULT_PER_PAGE },
});
this.endCursor = pageInfo.endCursor;
return {
items: nodes.map((organization) => ({
text: organization.name,
value: getIdFromGraphQLId(organization.id),
})),
// TODO: implement pagination - https://gitlab.com/gitlab-org/gitlab/-/issues/429999.
totalPages: 1,
// `EntitySelect` expects a `totalPages` key but GraphQL requests don't provide this data
// because it uses keyset pagination. Since the dropdown uses infinite scroll it
// only needs to know if there is a next page. We pass `page + 1` if there is a next page,
// otherwise we just set this to the current page.
totalPages: pageInfo.hasNextPage ? page + 1 : page,
};
} catch (error) {
this.endCursor = null;
this.handleError({ message: FETCH_ORGANIZATIONS_ERROR, error });
return { items: [], totalPages: 0 };
@ -100,7 +113,7 @@ export default {
},
} = await this.$apollo.query({
query: getOrganizationQuery,
variables: { id: convertToGraphQLId(TYPENAME_ORGANIZATION, id) },
variables: { id: convertToGraphQLId(TYPE_ORGANIZATION, id) },
});
return name;

4
app/assets/stylesheets/framework/super_sidebar.scss
View File

@ -431,7 +431,7 @@ $scroll-scrim-height: 2.25rem;
margin-bottom: -$scroll-scrim-height;
.top-scrim {
background: linear-gradient(180deg, var(--sidebar-background, $gray-10) 0%, $transparent-rgba 100%);
background: linear-gradient(180deg, var(--super-sidebar-bg, $gray-10) 0%, $transparent-rgba 100%);
}
}
@ -440,7 +440,7 @@ $scroll-scrim-height: 2.25rem;
margin-top: -$scroll-scrim-height;
.bottom-scrim {
background: linear-gradient(180deg, $transparent-rgba 0%, var(--sidebar-background, $gray-10));
background: linear-gradient(180deg, $transparent-rgba 0%, var(--super-sidebar-bg, $gray-10));
}
}

29
app/controllers/search_controller.rb
View File

@ -191,17 +191,7 @@ class SearchController < ApplicationController
# Merging to :metadata will ensure these are logged as top level keys
payload[:metadata] ||= {}
payload[:metadata]['meta.search.group_id'] = params[:group_id]
payload[:metadata]['meta.search.project_id'] = params[:project_id]
payload[:metadata]['meta.search.scope'] = params[:scope] || @scope
payload[:metadata]['meta.search.filters.confidential'] = params[:confidential]
payload[:metadata]['meta.search.filters.state'] = params[:state]
payload[:metadata]['meta.search.force_search_results'] = params[:force_search_results]
payload[:metadata]['meta.search.project_ids'] = params[:project_ids]
payload[:metadata]['meta.search.filters.language'] = params[:language]
payload[:metadata]['meta.search.type'] = @search_type if @search_type.present?
payload[:metadata]['meta.search.level'] = @search_level if @search_level.present?
payload[:metadata][:global_search_duration_s] = @global_search_duration_s if @global_search_duration_s.present?
payload[:metadata].merge!(payload_metadata)
if search_service.abuse_detected?
payload[:metadata]['abuse.confidence'] = Gitlab::Abuse.confidence(:certain)
@ -209,6 +199,23 @@ class SearchController < ApplicationController
end
end
def payload_metadata
{}.tap do |metadata|
metadata['meta.search.group_id'] = params[:group_id]
metadata['meta.search.project_id'] = params[:project_id]
metadata['meta.search.scope'] = params[:scope] || @scope
metadata['meta.search.page'] = params[:page] || '1'
metadata['meta.search.filters.confidential'] = params[:confidential]
metadata['meta.search.filters.state'] = params[:state]
metadata['meta.search.force_search_results'] = params[:force_search_results]
metadata['meta.search.project_ids'] = params[:project_ids]
metadata['meta.search.filters.language'] = params[:language]
metadata['meta.search.type'] = @search_type if @search_type.present?
metadata['meta.search.level'] = @search_level if @search_level.present?
metadata[:global_search_duration_s] = @global_search_duration_s if @global_search_duration_s.present?
end
end
def block_anonymous_global_searches
return unless search_service.global_search?
return if current_user

15
app/finders/autocomplete/group_users_finder.rb
View File

@ -12,9 +12,8 @@ module Autocomplete
class GroupUsersFinder
include Gitlab::Utils::StrongMemoize
def initialize(group:, members_relation: false)
def initialize(group:)
@group = group
@members_relation = members_relation # If true, it will return Member relation instead
end
def execute
@ -23,8 +22,6 @@ module Autocomplete
.with(descendant_projects_cte.to_arel) # rubocop:disable CodeReuse/ActiveRecord
.from_union(member_relations, remove_duplicates: false)
return members if @members_relation
User
.id_in(members.select(:user_id))
.allow_cross_joins_across_databases(url: "https://gitlab.com/gitlab-org/gitlab/-/issues/420387")
@ -34,11 +31,11 @@ module Autocomplete
def member_relations
[
members_from_group_hierarchy,
members_from_hierarchy_group_shares,
members_from_descendant_projects,
members_from_descendant_project_shares
].map { |relation| relation.select(:id, :user_id) }
members_from_group_hierarchy.select(:user_id),
members_from_hierarchy_group_shares.select(:user_id),
members_from_descendant_projects.select(:user_id),
members_from_descendant_project_shares.select(:user_id)
]
end
def members_from_group_hierarchy

45
app/finders/autocomplete/users_finder.rb
View File

@ -9,7 +9,6 @@ module Autocomplete
# consistent and removes the need for implementing keyset pagination to
# ensure good performance.
LIMIT = 20
BATCH_SIZE = 1000
attr_reader :current_user, :project, :group, :search,
:author_id, :todo_filter, :todo_state_filter,
@ -63,19 +62,7 @@ module Autocomplete
# When changing the order of these method calls, make sure that
# reorder_by_name() is called _before_ optionally_search(), otherwise
# reorder_by_name will break the ORDER BY applied in optionally_search().
if project
project.authorized_users.union_with_user(author_id).merge(users_relation)
elsif group
find_group_users(group)
elsif current_user
users_relation
else
User.none
end.to_a
end
def users_relation
User
find_users
.where(state: states)
.non_internal
.reorder_by_name
@ -86,6 +73,7 @@ module Autocomplete
todo_state: todo_state_filter
)
.limit(LIMIT)
.to_a
end
# rubocop: enable CodeReuse/ActiveRecord
@ -97,28 +85,15 @@ module Autocomplete
author_id.present? && current_user
end
def find_group_users(group)
if Feature.enabled?(:group_users_autocomplete_using_batch_reduction, current_user)
members_relation = ::Autocomplete::GroupUsersFinder.new(group: group, members_relation: true).execute # rubocop: disable CodeReuse/Finder
user_relations = []
members_relation.distinct_each_batch(column: :user_id, of: BATCH_SIZE) do |relation|
user_relations << users_relation.id_in(relation.pluck_user_ids)
end
# When there is more than 1 batch, we need to apply users_relation again on
# the top results per-batch so that we return results in the correct order.
if user_relations.empty?
User.none
elsif user_relations.one?
user_relations.first
else
# We pluck the ids per batch so that we don't send an unbounded number of ids in one query
user_ids = user_relations.flat_map(&:pluck_primary_key)
users_relation.id_in(user_ids)
end
def find_users
if project
project.authorized_users.union_with_user(author_id)
elsif group
::Autocomplete::GroupUsersFinder.new(group: group).execute # rubocop: disable CodeReuse/Finder
elsif current_user
User.all
else
::Autocomplete::GroupUsersFinder.new(group: group).execute.merge(users_relation) # rubocop: disable CodeReuse/Finder
User.none
end
end

12
app/graphql/types/project_feature_access_level_enum.rb Normal file
View File

@ -0,0 +1,12 @@
# frozen_string_literal: true
module Types
class ProjectFeatureAccessLevelEnum < BaseEnum
graphql_name 'ProjectFeatureAccessLevel'
description 'Access level of a project feature'
value 'DISABLED', value: ProjectFeature::DISABLED, description: 'Not enabled for anyone.'
value 'PRIVATE', value: ProjectFeature::PRIVATE, description: 'Enabled only for team members.'
value 'ENABLED', value: ProjectFeature::ENABLED, description: 'Enabled for everyone able to access the project.'
end
end

18
app/graphql/types/project_feature_access_level_type.rb Normal file
View File

@ -0,0 +1,18 @@
# frozen_string_literal: true
# rubocop:disable Graphql/AuthorizeTypes -- It just returns the value of an enum as an integer and a string
module Types
class ProjectFeatureAccessLevelType < Types::BaseObject
graphql_name 'ProjectFeatureAccess'
description 'Represents the access level required by the user to access a project feature'
field :integer_value, GraphQL::Types::Int, null: true,
description: 'Integer representation of access level.',
method: :to_i
field :string_value, Types::ProjectFeatureAccessLevelEnum, null: true,
description: 'String representation of access level.',
method: :to_i
end
end
# rubocop:enable Graphql/AuthorizeTypes

23
app/graphql/types/project_type.rb
View File

@ -151,6 +151,10 @@ module Types
null: true,
description: 'Number of open issues for the project.'
field :open_merge_requests_count, GraphQL::Types::Int,
null: true,
description: 'Number of open merge requests for the project.'
field :allow_merge_on_skipped_pipeline, GraphQL::Types::Boolean,
null: true,
description: 'If `only_allow_merge_if_pipeline_succeeds` is true, indicates if merge requests of ' \
@ -675,6 +679,19 @@ module Types
end
end
[:issues, :forking, :merge_requests].each do |feature|
field_name = "#{feature}_access_level"
feature_name = feature.to_s.tr("_", " ")
field field_name, Types::ProjectFeatureAccessLevelType,
null: true,
description: "Access level required for #{feature_name} access."
define_method field_name do
project.project_feature&.access_level(feature)
end
end
markdown_field :description_html, null: true
def avatar_url
@ -689,6 +706,12 @@ module Types
BatchLoader::GraphQL.wrap(object.open_issues_count) if object.feature_available?(:issues, context[:current_user])
end
def open_merge_requests_count
return unless object.feature_available?(:merge_requests, context[:current_user])
BatchLoader::GraphQL.wrap(object.open_merge_requests_count)
end
def forks_count
BatchLoader::GraphQL.wrap(object.forks_count)
end

3
app/models/packages/nuget/symbol.rb
View File

@ -26,6 +26,9 @@ module Packages
scope :stale, -> { where(package_id: nil) }
scope :pending_destruction, -> { stale.default }
scope :with_file_name, ->(file_name) { where(file: file_name) }
scope :with_signature, ->(signature) { where(signature: signature) }
scope :with_file_sha256, ->(checksums) { where(file_sha256: checksums) }
private

8
config/feature_flags/development/group_users_autocomplete_using_batch_reduction.yml → config/feature_flags/development/nuget_symbolfiles_endpoint.yml
View File

@ -1,8 +1,8 @@
---
name: group_users_autocomplete_using_batch_reduction
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/134915
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/430268
name: nuget_symbolfiles_endpoint
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/134564
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/433528
milestone: '16.7'
type: development
group: group::tenant scale
group: group::package registry
default_enabled: false

4
config/gitlab_loose_foreign_keys.yml
View File

@ -227,6 +227,10 @@ deployments:
- table: clusters
column: cluster_id
on_delete: async_nullify
events:
- table: users
column: author_id
on_delete: async_delete
external_pull_requests:
- table: projects
column: project_id

21
db/post_migrate/20231129154701_remove_users_events_author_id_fk.rb Normal file
View File

@ -0,0 +1,21 @@
# frozen_string_literal: true
class RemoveUsersEventsAuthorIdFk < Gitlab::Database::Migration[2.2]
disable_ddl_transaction!
milestone '16.7'
FOREIGN_KEY_NAME = "fk_edfd187b6f"
def up
with_lock_retries do
remove_foreign_key_if_exists(:events, :users,
name: FOREIGN_KEY_NAME, reverse_lock_order: true)
end
end
def down
add_concurrent_foreign_key(:events, :users,
name: FOREIGN_KEY_NAME, column: :author_id,
target_column: :id, on_delete: :cascade)
end
end

16
db/post_migrate/20231204090310_add_unique_index_id_partition_id_to_ci_job_artifact.rb Normal file
View File

@ -0,0 +1,16 @@
# frozen_string_literal: true
class AddUniqueIndexIdPartitionIdToCiJobArtifact < Gitlab::Database::Migration[2.2]
milestone '16.7'
disable_ddl_transaction!
TABLE_NAME = :ci_job_artifacts
INDEX_NAME = :index_ci_job_artifacts_on_id_partition_id_unique
def up
add_concurrent_index(TABLE_NAME, %i[id partition_id], unique: true, name: INDEX_NAME)
end
def down
remove_concurrent_index_by_name(TABLE_NAME, INDEX_NAME)
end
end

16
db/post_migrate/20231204090413_add_unique_index_job_id_filte_type_partition_id_to_ci_job_artifact.rb Normal file
View File

@ -0,0 +1,16 @@
# frozen_string_literal: true
class AddUniqueIndexJobIdFilteTypePartitionIdToCiJobArtifact < Gitlab::Database::Migration[2.2]
milestone '16.7'
disable_ddl_transaction!
TABLE_NAME = :ci_job_artifacts
INDEX_NAME = :idx_ci_job_artifacts_on_job_id_file_type_and_partition_id_uniq
def up
add_concurrent_index(TABLE_NAME, %i[job_id file_type partition_id], unique: true, name: INDEX_NAME)
end
def down
remove_concurrent_index_by_name(TABLE_NAME, INDEX_NAME)
end
end

1
db/schema_migrations/20231129154701 Normal file
View File

@ -0,0 +1 @@
c6f925431403ca302529581263208ac10949ac8cabc05cdc4ec257614f5b5349

1
db/schema_migrations/20231204090310 Normal file
View File

@ -0,0 +1 @@
eae9f28293f6d4de373d6f78c8c1995369ceb91cc922aa63b590c37a289523a1

1
db/schema_migrations/20231204090413 Normal file
View File

@ -0,0 +1 @@
97d2e9828fd963ca329ba63970ee3c52e733555aa2a42bf444a0bc9243b1b7a1

7
db/structure.sql
View File

@ -31384,6 +31384,8 @@ CREATE INDEX idx_award_emoji_on_user_emoji_name_awardable_type_awardable_id ON a
CREATE INDEX idx_build_artifacts_size_refreshes_state_updated_at ON project_build_artifacts_size_refreshes USING btree (state, updated_at);
CREATE UNIQUE INDEX idx_ci_job_artifacts_on_job_id_file_type_and_partition_id_uniq ON ci_job_artifacts USING btree (job_id, file_type, partition_id);
CREATE INDEX idx_ci_pipelines_artifacts_locked ON ci_pipelines USING btree (ci_ref_id, id) WHERE (locked = 1);
CREATE INDEX idx_compliance_security_policies_on_policy_configuration_id ON compliance_framework_security_policies USING btree (policy_configuration_id);
@ -32096,6 +32098,8 @@ CREATE INDEX index_ci_job_artifacts_on_file_store ON ci_job_artifacts USING btre
CREATE INDEX index_ci_job_artifacts_on_file_type_for_devops_adoption ON ci_job_artifacts USING btree (file_type, project_id, created_at) WHERE (file_type = ANY (ARRAY[5, 6, 8, 23]));
CREATE UNIQUE INDEX index_ci_job_artifacts_on_id_partition_id_unique ON ci_job_artifacts USING btree (id, partition_id);
CREATE INDEX index_ci_job_artifacts_on_id_project_id_and_created_at ON ci_job_artifacts USING btree (project_id, created_at, id);
CREATE INDEX index_ci_job_artifacts_on_id_project_id_and_file_type ON ci_job_artifacts USING btree (project_id, file_type, id);
@ -38128,9 +38132,6 @@ ALTER TABLE ONLY merge_requests_compliance_violations
ALTER TABLE ONLY work_item_widget_definitions
ADD CONSTRAINT fk_ecf57512f7 FOREIGN KEY (namespace_id) REFERENCES namespaces(id) ON DELETE CASCADE;
ALTER TABLE ONLY events
ADD CONSTRAINT fk_edfd187b6f FOREIGN KEY (author_id) REFERENCES users(id) ON DELETE CASCADE;
ALTER TABLE ONLY coverage_fuzzing_corpuses
ADD CONSTRAINT fk_ef5ebf339f FOREIGN KEY (package_id) REFERENCES packages_packages(id) ON DELETE CASCADE;

25
doc/api/graphql/reference/index.md
View File

@ -23819,6 +23819,7 @@ Represents vulnerability finding of a security report on the pipeline.
| <a id="projectdetailedimportstatus"></a>`detailedImportStatus` | [`DetailedImportStatus`](#detailedimportstatus) | Detailed import status of the project. |
| <a id="projectdora"></a>`dora` | [`Dora`](#dora) | Project's DORA metrics. |
| <a id="projectflowmetrics"></a>`flowMetrics` **{warning-solid}** | [`ProjectValueStreamAnalyticsFlowMetrics`](#projectvaluestreamanalyticsflowmetrics) | **Introduced** in 15.10. This feature is an Experiment. It can be changed or removed at any time. Flow metrics for value stream analytics. |
| <a id="projectforkingaccesslevel"></a>`forkingAccessLevel` | [`ProjectFeatureAccess`](#projectfeatureaccess) | Access level required for forking access. |
| <a id="projectforkscount"></a>`forksCount` | [`Int!`](#int) | Number of times the project has been forked. |
| <a id="projectfullpath"></a>`fullPath` | [`ID!`](#id) | Full path of the project. |
| <a id="projectgrafanaintegration"></a>`grafanaIntegration` | [`GrafanaIntegration`](#grafanaintegration) | Grafana integration details for the project. |
@ -23829,6 +23830,7 @@ Represents vulnerability finding of a security report on the pipeline.
| <a id="projectimportstatus"></a>`importStatus` | [`String`](#string) | Status of import background job of the project. |
| <a id="projectincidentmanagementtimelineeventtags"></a>`incidentManagementTimelineEventTags` | [`[TimelineEventTagType!]`](#timelineeventtagtype) | Timeline event tags for the project. |
| <a id="projectiscatalogresource"></a>`isCatalogResource` **{warning-solid}** | [`Boolean`](#boolean) | **Introduced** in 15.11. This feature is an Experiment. It can be changed or removed at any time. Indicates if a project is a catalog resource. |
| <a id="projectissuesaccesslevel"></a>`issuesAccessLevel` | [`ProjectFeatureAccess`](#projectfeatureaccess) | Access level required for issues access. |
| <a id="projectissuesenabled"></a>`issuesEnabled` | [`Boolean`](#boolean) | Indicates if Issues are enabled for the current user. |
| <a id="projectjiraimportstatus"></a>`jiraImportStatus` | [`String`](#string) | Status of Jira import background job of the project. |
| <a id="projectjiraimports"></a>`jiraImports` | [`JiraImportConnection`](#jiraimportconnection) | Jira imports into the project. (see [Connections](#connections)) |
@ -23837,6 +23839,7 @@ Represents vulnerability finding of a security report on the pipeline.
| <a id="projectlastactivityat"></a>`lastActivityAt` | [`Time`](#time) | Timestamp of the project last activity. |
| <a id="projectlfsenabled"></a>`lfsEnabled` | [`Boolean`](#boolean) | Indicates if the project has Large File Storage (LFS) enabled. |
| <a id="projectmergecommittemplate"></a>`mergeCommitTemplate` | [`String`](#string) | Template used to create merge commit message in merge requests. |
| <a id="projectmergerequestsaccesslevel"></a>`mergeRequestsAccessLevel` | [`ProjectFeatureAccess`](#projectfeatureaccess) | Access level required for merge requests access. |
| <a id="projectmergerequestsdisablecommittersapproval"></a>`mergeRequestsDisableCommittersApproval` | [`Boolean!`](#boolean) | Indicates that committers of the given merge request cannot approve. |
| <a id="projectmergerequestsenabled"></a>`mergeRequestsEnabled` | [`Boolean`](#boolean) | Indicates if Merge Requests are enabled for the current user. |
| <a id="projectmergerequestsffonlyenabled"></a>`mergeRequestsFfOnlyEnabled` | [`Boolean`](#boolean) | Indicates if no merge commits should be created and all merges should instead be fast-forwarded, which means that merging is only allowed if the branch could be fast-forwarded. |
@ -23847,6 +23850,7 @@ Represents vulnerability finding of a security report on the pipeline.
| <a id="projectonlyallowmergeifallstatuscheckspassed"></a>`onlyAllowMergeIfAllStatusChecksPassed` | [`Boolean`](#boolean) | Indicates that merges of merge requests should be blocked unless all status checks have passed. |
| <a id="projectonlyallowmergeifpipelinesucceeds"></a>`onlyAllowMergeIfPipelineSucceeds` | [`Boolean`](#boolean) | Indicates if merge requests of the project can only be merged with successful jobs. |
| <a id="projectopenissuescount"></a>`openIssuesCount` | [`Int`](#int) | Number of open issues for the project. |
| <a id="projectopenmergerequestscount"></a>`openMergeRequestsCount` | [`Int`](#int) | Number of open merge requests for the project. |
| <a id="projectpackagescleanuppolicy"></a>`packagesCleanupPolicy` | [`PackagesCleanupPolicy`](#packagescleanuppolicy) | Packages cleanup policy for the project. |
| <a id="projectpackagesprotectionrules"></a>`packagesProtectionRules` | [`PackagesProtectionRuleConnection`](#packagesprotectionruleconnection) | Packages protection rules for the project. (see [Connections](#connections)) |
| <a id="projectpath"></a>`path` | [`String!`](#string) | Path of the project. |
@ -25373,6 +25377,17 @@ four standard [pagination arguments](#connection-pagination-arguments):
| <a id="projectdatatransferegressnodes"></a>`egressNodes` | [`EgressNodeConnection`](#egressnodeconnection) | Data nodes. (see [Connections](#connections)) |
| <a id="projectdatatransfertotalegress"></a>`totalEgress` | [`BigInt`](#bigint) | Total egress for that project in that period of time. |
### `ProjectFeatureAccess`
Represents the access level required by the user to access a project feature.
#### Fields
| Name | Type | Description |
| ---- | ---- | ----------- |
| <a id="projectfeatureaccessintegervalue"></a>`integerValue` | [`Int`](#int) | Integer representation of access level. |
| <a id="projectfeatureaccessstringvalue"></a>`stringValue` | [`ProjectFeatureAccessLevel`](#projectfeatureaccesslevel) | String representation of access level. |
### `ProjectMember`
Represents a Project Membership.
@ -30740,6 +30755,16 @@ Current state of the product analytics stack.
| <a id="productanalyticsstateloading_instance"></a>`LOADING_INSTANCE` | Stack is currently initializing. |
| <a id="productanalyticsstatewaiting_for_events"></a>`WAITING_FOR_EVENTS` | Stack is waiting for events from users. |
### `ProjectFeatureAccessLevel`
Access level of a project feature.
| Value | Description |
| ----- | ----------- |
| <a id="projectfeatureaccessleveldisabled"></a>`DISABLED` | Not enabled for anyone. |
| <a id="projectfeatureaccesslevelenabled"></a>`ENABLED` | Enabled for everyone able to access the project. |
| <a id="projectfeatureaccesslevelprivate"></a>`PRIVATE` | Enabled only for team members. |
### `ProjectMemberRelation`
Project member relation.

107
doc/architecture/blueprints/ci_gcp_secrets_manager/index.md Normal file
View File

@ -0,0 +1,107 @@
---
status: proposed
creation-date: "2023-11-29"
authors: [ "@alberts-gitlab" ]
coach: "@grzesiek"
approvers: [ "@jocelynjane", "@shampton" ]
owning-stage: "~devops::verify"
participating-stages: []
---
<!-- Blueprints often contain forward-looking statements -->
<!-- vale gitlab.FutureTense = NO -->
# Support GCP Secrets Manager for CI External Secrets
## Summary
This blueprint describes the architecture to add GCP Secrets Manager as one of the
sources for CI External Secrets.
## Motivation
GitLab CI allows users to pull secrets from external sources into GitLab CI jobs.
Prior to this, the supported secret managers are HashiCorp Vault and Azure Key Vault.
GCP Secrets Manager is another major secret manager product and there has been
multiple requests and feedback to add GCP Secrets Manager to the list of
supported secret managers.
### Goals
The goal of this feature is to allow GitLab CI users to use secrets stored in
GCP Secrets Manager in their CI jobs.
### Non-Goals
This feature does not cover the following:
- Using secrets from GCP Secrets Manager in other GitLab workloads.
- Managing secrets in GCP Secrets Manager or other secret managers through GitLab.
## Proposal
This feature requires a tight integration between GCP Secrets Manager, GitLab Rails and GitLab Runner.
The solution to this feature involves three main parts:
1. Authentication with GCP Secrets Manager
1. CI configuration on GitLab Rails
1. Secrets access by GitLab Runner
### Authentication with GCP Secrets Manager
GCP Secrets Manager needs to authenticate secret access requests coming from GitLab Runner.
Since GitLab Runner can operate in many modes (GitLab.com SaaS runners, SaaS with self-managed runner, GitLab Self-Managed, etc),
there is no direct correlation between the Runner instance and any GCP identities that can have access to the secrets.
To solve this, we would use OIDC and GCP's Workload Identity Federation mechanism to authorize the requests.
CI jobs already have support for OIDC through CI variables containing ID tokens issued by the GitLab instance.
These ID tokens already carry `claim`s that describe the context of the CI job.
For example, it includes details such as `group_id`, `group_path`, `project_id`, and `project_path`.
On the GCP side, Workload Identity Federation allows the use of OIDC to grant GCP IAM roles to the external identities
represented by the ID tokens. Through Workload Identity Federation, the GCP user can grant specific IAM roles to
specific principals identified through the OIDC `claim`. For example, a particular `group_id` claim can be given an IAM role
to access a particular set of secrets in GCP Secrets Manager. This would allow the GCP user to grant granular
access to the secrets in GCP Secrets Manager.
### CI configuration on GitLab Rails
GitLab Rails will be the interface where users configure the CI jobs. For the GCP Secrets Manager integration,
there needs to be additional configuration to specify GCP Secrets Manager as a source for external secrets as well as
GCP specific information in order to enable authentication between GitLab Runner and GCP Secrets Manager.
The proposed CI keyword would be the following:
```yaml
job_name:
id_tokens:
GCP_SM_ID_TOKEN:
aud: https://iam.googleapis.com/projects/$GCP_PROJECT_NUMBER/locations/global/workloadIdentityPools/$GCP_WORKLOAD_FEDERATION_POOL_ID/providers/$GCP_WORKLOAD_FEDERATION_PROVIDER_ID # or a custom audience as configured in GCP Workload Identity Pool Provider.
secrets:
DATABASE_PASSWORD:
gcp_sm:
name: my-project-secret # This is the name of the secret defined in GCP Secrets Manager
version: 1 # optional: default to `latest`.
token: GCP_SM_ID_TOKEN
```
In addition, GitLab Runner needs to know the following in order to perform the authentication and access the secret.
These should be included as CI variables in the job.
- GCP Project Number `GCP_PROJECT_NUMBER`
- GCP Workload Federation Pool ID `GCP_WORKLOAD_FEDERATION_POOL_ID`
- GCP Workload Federation Provider ID `GCP_WORKLOAD_FEDERATION_PROVIDER_ID`
### Secrets access by GitLab Runner
Based on the job specification defined above, GitLab Runner needs to implement the following:
1. OIDC authentication with GCP Secure Token Service to obtain an access token.
1. Secret access requests to GCP Secrets Manager to obtain the payload of the desired secret version.
1. Adding the secrets to the build.
## Alternative Solutions
N/A.

278
doc/ci/variables/predefined_variables.md
View File

@ -9,142 +9,147 @@ type: reference
Predefined [CI/CD variables](index.md) are available in every GitLab CI/CD pipeline.
Some variables are only available with more recent versions of [GitLab Runner](https://docs.gitlab.com/runner/).
Predefined CI/CD variables become available at two different phases of pipeline execution.
Some variables are available when GitLab creates the pipeline, and can be used to configure
the pipeline or in job scripts. The other variables become available when a runner runs the job,
and can only be used in job scripts.
You can [output the values of all variables available for a job](index.md#list-all-variables)
with a `script` command.
Predefined variables made available by the runner cannot be used with [trigger jobs](../pipelines/downstream_pipelines.md#trigger-a-downstream-pipeline-from-a-job-in-the-gitlab-ciyml-file)
or these keywords:
There are also a number of [variables you can use to configure runner behavior](../runners/configure_runners.md#configure-runner-behavior-with-variables) globally or for individual jobs.
- [`workflow`](../yaml/index.md#workflow)
- [`include`](../yaml/index.md#include)
- [`rules`](../yaml/index.md#rules)
NOTE:
You should avoid [overriding](index.md#override-a-defined-cicd-variable) predefined variables,
Avoid [overriding](index.md#override-a-defined-cicd-variable) predefined variables,
as it can cause the pipeline to behave unexpectedly.
| Variable | GitLab | Runner | Description |
|------------------------------------------|--------|--------|-------------|
| `CHAT_CHANNEL` | 10.6 | all | The Source chat channel that triggered the [ChatOps](../chatops/index.md) command. |
| `CHAT_INPUT` | 10.6 | all | The additional arguments passed with the [ChatOps](../chatops/index.md) command. |
| `CHAT_USER_ID` | 14.4 | all | The chat service's user ID of the user who triggered the [ChatOps](../chatops/index.md) command. |
| `CI` | all | 0.4 | Available for all jobs executed in CI/CD. `true` when available. |
| `CI_API_V4_URL` | 11.7 | all | The GitLab API v4 root URL. |
| `CI_API_GRAPHQL_URL` | 15.11 | all | The GitLab API GraphQL root URL. |
| `CI_BUILDS_DIR` | all | 11.10 | The top-level directory where builds are executed. |
| `CI_COMMIT_AUTHOR` | 13.11 | all | The author of the commit in `Name <email>` format. |
| `CI_COMMIT_BEFORE_SHA` | 11.2 | all | The previous latest commit present on a branch or tag. Is always `0000000000000000000000000000000000000000` for merge request pipelines, the first commit in pipelines for branches or tags, or when manually running a pipeline. |
| `CI_COMMIT_BRANCH` | 12.6 | 0.5 | The commit branch name. Available in branch pipelines, including pipelines for the default branch. Not available in merge request pipelines or tag pipelines. |
| `CI_COMMIT_DESCRIPTION` | 10.8 | all | The description of the commit. If the title is shorter than 100 characters, the message without the first line. |
| `CI_COMMIT_MESSAGE` | 10.8 | all | The full commit message. |
| `CI_COMMIT_REF_NAME` | 9.0 | all | The branch or tag name for which project is built. |
| `CI_COMMIT_REF_PROTECTED` | 11.11 | all | `true` if the job is running for a protected reference, `false` otherwise. |
| `CI_COMMIT_REF_SLUG` | 9.0 | all | `CI_COMMIT_REF_NAME` in lowercase, shortened to 63 bytes, and with everything except `0-9` and `a-z` replaced with `-`. No leading / trailing `-`. Use in URLs, host names and domain names. |
| `CI_COMMIT_SHA` | 9.0 | all | The commit revision the project is built for. |
| `CI_COMMIT_SHORT_SHA` | 11.7 | all | The first eight characters of `CI_COMMIT_SHA`. |
| `CI_COMMIT_TAG` | 9.0 | 0.5 | The commit tag name. Available only in pipelines for tags. |
| `CI_COMMIT_TAG_MESSAGE` | 15.5 | all | The commit tag message. Available only in pipelines for tags. |
| `CI_COMMIT_TIMESTAMP` | 13.4 | all | The timestamp of the commit in the [ISO 8601](https://www.rfc-editor.org/rfc/rfc3339#appendix-A) format. For example, `2022-01-31T16:47:55Z`. |
| `CI_COMMIT_TITLE` | 10.8 | all | The title of the commit. The full first line of the message. |
| `CI_CONCURRENT_ID` | all | 11.10 | The unique ID of build execution in a single executor. |
| `CI_CONCURRENT_PROJECT_ID` | all | 11.10 | The unique ID of build execution in a single executor and project. |
| `CI_CONFIG_PATH` | 9.4 | 0.5 | The path to the CI/CD configuration file. Defaults to `.gitlab-ci.yml`. Read-only inside a running pipeline. |
| `CI_DEBUG_TRACE` | all | 1.7 | `true` if [debug logging (tracing)](index.md#enable-debug-logging) is enabled. |
| `CI_DEBUG_SERVICES` | 15.7 | 15.7 | `true` if [service container logging](../services/index.md#capturing-service-container-logs) is enabled. |
| `CI_DEFAULT_BRANCH` | 12.4 | all | The name of the project's default branch. |
| `CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX` | 13.7 | all | The top-level group image prefix for pulling images through the Dependency Proxy. |
| `CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX` | 14.3 | all | The direct group image prefix for pulling images through the Dependency Proxy. |
| `CI_DEPENDENCY_PROXY_PASSWORD` | 13.7 | all | The password to pull images through the Dependency Proxy. |
| `CI_DEPENDENCY_PROXY_SERVER` | 13.7 | all | The server for logging in to the Dependency Proxy. This is equivalent to `$CI_SERVER_HOST:$CI_SERVER_PORT`. |
| `CI_DEPENDENCY_PROXY_USER` | 13.7 | all | The username to pull images through the Dependency Proxy. |
| `CI_DEPLOY_FREEZE` | 13.2 | all | Only available if the pipeline runs during a [deploy freeze window](../../user/project/releases/index.md#prevent-unintentional-releases-by-setting-a-deploy-freeze). `true` when available. |
| `CI_DEPLOY_PASSWORD` | 10.8 | all | The authentication password of the [GitLab Deploy Token](../../user/project/deploy_tokens/index.md#gitlab-deploy-token), if the project has one. |
| `CI_DEPLOY_USER` | 10.8 | all | The authentication username of the [GitLab Deploy Token](../../user/project/deploy_tokens/index.md#gitlab-deploy-token), if the project has one. |
| `CI_DISPOSABLE_ENVIRONMENT` | all | 10.1 | Only available if the job is executed in a disposable environment (something that is created only for this job and disposed of/destroyed after the execution - all executors except `shell` and `ssh`). `true` when available. |
| `CI_ENVIRONMENT_NAME` | 8.15 | all | The name of the environment for this job. Available if [`environment:name`](../yaml/index.md#environmentname) is set. |
| `CI_ENVIRONMENT_SLUG` | 8.15 | all | The simplified version of the environment name, suitable for inclusion in DNS, URLs, Kubernetes labels, and so on. Available if [`environment:name`](../yaml/index.md#environmentname) is set. The slug is [truncated to 24 characters](https://gitlab.com/gitlab-org/gitlab/-/issues/20941). A random suffix is automatically added to [uppercase environment names](https://gitlab.com/gitlab-org/gitlab/-/issues/415526). |
| `CI_ENVIRONMENT_URL` | 9.3 | all | The URL of the environment for this job. Available if [`environment:url`](../yaml/index.md#environmenturl) is set. |
| `CI_ENVIRONMENT_ACTION` | 13.11 | all | The action annotation specified for this job's environment. Available if [`environment:action`](../yaml/index.md#environmentaction) is set. Can be `start`, `prepare`, or `stop`. |
| `CI_ENVIRONMENT_TIER` | 14.0 | all | The [deployment tier of the environment](../environments/index.md#deployment-tier-of-environments) for this job. |
| `CI_RELEASE_DESCRIPTION` | 15.5 | all | The description of the release. Available only on pipelines for tags. Description length is limited to first 1024 characters.|
| `CI_GITLAB_FIPS_MODE` | 14.10 | all | Only available if [FIPS mode](../../development/fips_compliance.md) is enabled in the GitLab instance. `true` when available. |
| `CI_HAS_OPEN_REQUIREMENTS` | 13.1 | all | Only available if the pipeline's project has an open [requirement](../../user/project/requirements/index.md). `true` when available. |
| `CI_JOB_ID` | 9.0 | all | The internal ID of the job, unique across all jobs in the GitLab instance. |
| `CI_JOB_IMAGE` | 12.9 | 12.9 | The name of the Docker image running the job. |
| `CI_JOB_JWT` (Deprecated) | 12.10 | all | A RS256 JSON web token to authenticate with third party systems that support JWT authentication, for example [HashiCorp's Vault](../secrets/index.md). [Deprecated in GitLab 15.9](../../update/deprecations.md#old-versions-of-json-web-tokens-are-deprecated) and scheduled to be removed in GitLab 17.0. Use [ID tokens](../yaml/index.md#id_tokens) instead. |
| `CI_JOB_JWT_V1` (Deprecated) | 14.6 | all | The same value as `CI_JOB_JWT`. [Deprecated in GitLab 15.9](../../update/deprecations.md#old-versions-of-json-web-tokens-are-deprecated) and scheduled to be removed in GitLab 17.0. Use [ID tokens](../yaml/index.md#id_tokens) instead. |
| `CI_JOB_JWT_V2` (Deprecated) | 14.6 | all | A newly formatted RS256 JSON web token to increase compatibility. Similar to `CI_JOB_JWT`, except the issuer (`iss`) claim is changed from `gitlab.com` to `https://gitlab.com`, `sub` has changed from `job_id` to a string that contains the project path, and an `aud` claim is added. The `aud` field is a constant value. Trusting JWTs in multiple relying parties can lead to [one RP sending a JWT to another one and acting maliciously as a job](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/72555#note_769112331). [Deprecated in GitLab 15.9](../../update/deprecations.md#old-versions-of-json-web-tokens-are-deprecated) and scheduled to be removed in GitLab 17.0. Use [ID tokens](../yaml/index.md#id_tokens) instead. |
| `CI_JOB_MANUAL` | 8.12 | all | Only available if the job was started manually. `true` when available. |
| `CI_JOB_NAME` | 9.0 | 0.5 | The name of the job. |
| `CI_JOB_NAME_SLUG` | 15.4 | all | `CI_JOB_NAME` in lowercase, shortened to 63 bytes, and with everything except `0-9` and `a-z` replaced with `-`. No leading / trailing `-`. Use in paths. |
| `CI_JOB_STAGE` | 9.0 | 0.5 | The name of the job's stage. |
| `CI_JOB_STATUS` | all | 13.5 | The status of the job as each runner stage is executed. Use with [`after_script`](../yaml/index.md#after_script). Can be `success`, `failed`, or `canceled`. |
| `CI_JOB_TIMEOUT` | 15.7 | 15.7 | The job timeout, in seconds. |
| `CI_JOB_TOKEN` | 9.0 | 1.2 | A token to authenticate with [certain API endpoints](../jobs/ci_job_token.md). The token is valid as long as the job is running. |
| `CI_JOB_URL` | 11.1 | 0.5 | The job details URL. |
| `CI_JOB_STARTED_AT` | 13.10 | all | The UTC datetime when a job started, in [ISO 8601](https://www.rfc-editor.org/rfc/rfc3339#appendix-A) format. For example, `2022-01-31T16:47:55Z`. |
| `CI_KUBERNETES_ACTIVE` | 13.0 | all | Only available if the pipeline has a Kubernetes cluster available for deployments. `true` when available. |
| `CI_NODE_INDEX` | 11.5 | all | The index of the job in the job set. Only available if the job uses [`parallel`](../yaml/index.md#parallel). |
| `CI_NODE_TOTAL` | 11.5 | all | The total number of instances of this job running in parallel. Set to `1` if the job does not use [`parallel`](../yaml/index.md#parallel). |
| `CI_OPEN_MERGE_REQUESTS` | 13.8 | all | A comma-separated list of up to four merge requests that use the current branch and project as the merge request source. Only available in branch and merge request pipelines if the branch has an associated merge request. For example, `gitlab-org/gitlab!333,gitlab-org/gitlab-foss!11`. |
| `CI_PAGES_DOMAIN` | 11.8 | all | The configured domain that hosts GitLab Pages. |
| `CI_PAGES_URL` | 11.8 | all | The URL for a GitLab Pages site. Always a subdomain of `CI_PAGES_DOMAIN`. |
| `CI_PIPELINE_ID` | 8.10 | all | The instance-level ID of the current pipeline. This ID is unique across all projects on the GitLab instance. |
| `CI_PIPELINE_IID` | 11.0 | all | The project-level IID (internal ID) of the current pipeline. This ID is unique only within the current project. |
| `CI_PIPELINE_SOURCE` | 10.0 | all | How the pipeline was triggered. Can be `push`, `web`, `schedule`, `api`, `external`, `chat`, `webide`, `merge_request_event`, `external_pull_request_event`, `parent_pipeline`, [`trigger`, or `pipeline`](../triggers/index.md#configure-cicd-jobs-to-run-in-triggered-pipelines). For a description of each value, see [Common `if` clauses for `rules`](../jobs/job_control.md#common-if-clauses-for-rules), which uses this variable to control when jobs run. |
| `CI_PIPELINE_TRIGGERED` | all | all | `true` if the job was [triggered](../triggers/index.md). |
| `CI_PIPELINE_URL` | 11.1 | 0.5 | The URL for the pipeline details. |
| `CI_PIPELINE_CREATED_AT` | 13.10 | all | The UTC datetime when the pipeline was created, in [ISO 8601](https://www.rfc-editor.org/rfc/rfc3339#appendix-A) format. For example, `2022-01-31T16:47:55Z`. |
| `CI_PIPELINE_NAME` | 16.3 | all | The pipeline name defined in [`workflow:name`](../yaml/index.md#workflowname) |
| `CI_PROJECT_DIR` | all | all | The full path the repository is cloned to, and where the job runs from. If the GitLab Runner `builds_dir` parameter is set, this variable is set relative to the value of `builds_dir`. For more information, see the [Advanced GitLab Runner configuration](https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-section). |
| `CI_PROJECT_ID` | all | all | The ID of the current project. This ID is unique across all projects on the GitLab instance. |
| `CI_PROJECT_NAME` | 8.10 | 0.5 | The name of the directory for the project. For example if the project URL is `gitlab.example.com/group-name/project-1`, `CI_PROJECT_NAME` is `project-1`. |
| `CI_PROJECT_NAMESPACE` | 8.10 | 0.5 | The project namespace (username or group name) of the job. |
| `CI_PROJECT_NAMESPACE_ID` | 15.7 | 0.5 | The project namespace ID of the job. |
| `CI_PROJECT_PATH_SLUG` | 9.3 | all | `$CI_PROJECT_PATH` in lowercase with characters that are not `a-z` or `0-9` replaced with `-` and shortened to 63 bytes. Use in URLs and domain names. |
| `CI_PROJECT_PATH` | 8.10 | 0.5 | The project namespace with the project name included. |
| `CI_PROJECT_REPOSITORY_LANGUAGES` | 12.3 | all | A comma-separated, lowercase list of the languages used in the repository. For example `ruby,javascript,html,css`. The maximum number of languages is limited to 5. An issue [proposes to increase the limit](https://gitlab.com/gitlab-org/gitlab/-/issues/368925). |
| `CI_PROJECT_ROOT_NAMESPACE` | 13.2 | 0.5 | The root project namespace (username or group name) of the job. For example, if `CI_PROJECT_NAMESPACE` is `root-group/child-group/grandchild-group`, `CI_PROJECT_ROOT_NAMESPACE` is `root-group`. |
| `CI_PROJECT_TITLE` | 12.4 | all | The human-readable project name as displayed in the GitLab web interface. |
| `CI_PROJECT_DESCRIPTION` | 15.1 | all | The project description as displayed in the GitLab web interface. |
| `CI_PROJECT_URL` | 8.10 | 0.5 | The HTTP(S) address of the project. |
| `CI_PROJECT_VISIBILITY` | 10.3 | all | The project visibility. Can be `internal`, `private`, or `public`. |
| `CI_PROJECT_CLASSIFICATION_LABEL` | 14.2 | all | The project [external authorization classification label](../../administration/settings/external_authorization.md). |
| `CI_REGISTRY` | 8.10 | 0.5 | Address of the [container registry](../../user/packages/container_registry/index.md) server, formatted as `<host>[:<port>]`. For example: `registry.gitlab.example.com`. Only available if the container registry is enabled for the GitLab instance. |
| `CI_REGISTRY_IMAGE` | 8.10 | 0.5 | Base address for the container registry to push, pull, or tag project's images, formatted as `<host>[:<port>]/<project_full_path>`. For example: `registry.gitlab.example.com/my_group/my_project`. Image names must follow the [container registry naming convention](../../user/packages/container_registry/index.md#naming-convention-for-your-container-images). Only available if the container registry is enabled for the project. |
| `CI_REGISTRY_PASSWORD` | 9.0 | all | The password to push containers to the GitLab project's container registry. Only available if the container registry is enabled for the project. This password value is the same as the `CI_JOB_TOKEN` and is valid only as long as the job is running. Use the `CI_DEPLOY_PASSWORD` for long-lived access to the registry |
| `CI_REGISTRY_USER` | 9.0 | all | The username to push containers to the project's GitLab container registry. Only available if the container registry is enabled for the project. |
| `CI_REPOSITORY_URL` | 9.0 | all | The full path to Git clone (HTTP) the repository with a [CI/CD job token](../jobs/ci_job_token.md), in the format `https://gitlab-ci-token:$CI_JOB_TOKEN@gitlab.example.com/my-group/my-project.git`. |
| `CI_RUNNER_DESCRIPTION` | 8.10 | 0.5 | The description of the runner. |
| `CI_RUNNER_EXECUTABLE_ARCH` | all | 10.6 | The OS/architecture of the GitLab Runner executable. Might not be the same as the environment of the executor. |
| `CI_RUNNER_ID` | 8.10 | 0.5 | The unique ID of the runner being used. |
| `CI_RUNNER_REVISION` | all | 10.6 | The revision of the runner running the job. |
| `CI_RUNNER_SHORT_TOKEN` | all | 12.3 | The runner's unique ID, used to authenticate new job requests. In [GitLab 14.9](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/2251) and later, the token contains a prefix, and the first 17 characters are used. Prior to 14.9, the first eight characters are used. |
| `CI_RUNNER_TAGS` | 8.10 | 0.5 | A comma-separated list of the runner tags. |
| `CI_RUNNER_VERSION` | all | 10.6 | The version of the GitLab Runner running the job. |
| `CI_SERVER_HOST` | 12.1 | all | The host of the GitLab instance URL, without protocol or port. For example `gitlab.example.com`. |
| `CI_SERVER_NAME` | all | all | The name of CI/CD server that coordinates jobs. |
| `CI_SERVER_PORT` | 12.8 | all | The port of the GitLab instance URL, without host or protocol. For example `8080`. |
| `CI_SERVER_PROTOCOL` | 12.8 | all | The protocol of the GitLab instance URL, without host or port. For example `https`. |
| `CI_SERVER_SHELL_SSH_HOST` | 15.11 | all | The SSH host of the GitLab instance, used for access to Git repositories via SSH. For example `gitlab.com`. |
| `CI_SERVER_SHELL_SSH_PORT` | 15.11 | all | The SSH port of the GitLab instance, used for access to Git repositories via SSH. For example `22`. |
| `CI_SERVER_REVISION` | all | all | GitLab revision that schedules jobs. |
| `CI_SERVER_TLS_CA_FILE` | all | all | File containing the TLS CA certificate to verify the GitLab server when `tls-ca-file` set in [runner settings](https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-section). |
| `CI_SERVER_TLS_CERT_FILE` | all | all | File containing the TLS certificate to verify the GitLab server when `tls-cert-file` set in [runner settings](https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-section). |
| `CI_SERVER_TLS_KEY_FILE` | all | all | File containing the TLS key to verify the GitLab server when `tls-key-file` set in [runner settings](https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-section). |
| `CI_SERVER_URL` | 12.7 | all | The base URL of the GitLab instance, including protocol and port. For example `https://gitlab.example.com:8080`. |
| `CI_SERVER_VERSION_MAJOR` | 11.4 | all | The major version of the GitLab instance. For example, if the GitLab version is `13.6.1`, the `CI_SERVER_VERSION_MAJOR` is `13`. |
| `CI_SERVER_VERSION_MINOR` | 11.4 | all | The minor version of the GitLab instance. For example, if the GitLab version is `13.6.1`, the `CI_SERVER_VERSION_MINOR` is `6`. |
| `CI_SERVER_VERSION_PATCH` | 11.4 | all | The patch version of the GitLab instance. For example, if the GitLab version is `13.6.1`, the `CI_SERVER_VERSION_PATCH` is `1`. |
| `CI_SERVER_VERSION` | all | all | The full version of the GitLab instance. |
| `CI_SERVER` | all | all | Available for all jobs executed in CI/CD. `yes` when available. |
| `CI_SHARED_ENVIRONMENT` | all | 10.1 | Only available if the job is executed in a shared environment (something that is persisted across CI/CD invocations, like the `shell` or `ssh` executor). `true` when available. |
| `CI_TEMPLATE_REGISTRY_HOST` | 15.3 | all | The host of the registry used by CI/CD templates. Defaults to `registry.gitlab.com`. |
| `GITLAB_CI` | all | all | Available for all jobs executed in CI/CD. `true` when available. |
| `GITLAB_FEATURES` | 10.6 | all | The comma-separated list of licensed features available for the GitLab instance and license. |
| `GITLAB_USER_EMAIL` | 8.12 | all | The email of the user who started the pipeline, unless the job is a manual job. In manual jobs, the value is the email of the user who started the job. |
| `GITLAB_USER_ID` | 8.12 | all | The numeric ID of the user who started the pipeline, unless the job is a manual job. In manual jobs, the value is the ID of the user who started the job. |
| `GITLAB_USER_LOGIN` | 10.0 | all | The username of the user who started the pipeline, unless the job is a manual job. In manual jobs, the value is the username of the user who started the job. |
| `GITLAB_USER_NAME` | 10.0 | all | The display name of the user who started the pipeline, unless the job is a manual job. In manual jobs, the value is the name of the user who started the job. |
| `KUBECONFIG` | 14.2 | all | The path to the `kubeconfig` file with contexts for every shared agent connection. Only available when a [GitLab agent is authorized to access the project](../../user/clusters/agent/ci_cd_workflow.md#authorize-the-agent). |
| `TRIGGER_PAYLOAD` | 13.9 | all | The webhook payload. Only available when a pipeline is [triggered with a webhook](../triggers/index.md#access-webhook-payload). |
| Variable | Defined for | GitLab | Runner | Description |
|-----------------------------------|-------------|--------|--------|-------------|
| `CHAT_CHANNEL` | Pipeline | 10.6 | all | The Source chat channel that triggered the [ChatOps](../chatops/index.md) command. |
| `CHAT_INPUT` | Pipeline | 10.6 | all | The additional arguments passed with the [ChatOps](../chatops/index.md) command. |
| `CHAT_USER_ID` | Pipeline | 14.4 | all | The chat service's user ID of the user who triggered the [ChatOps](../chatops/index.md) command. |
| `CI` | Pipeline | all | 0.4 | Available for all jobs executed in CI/CD. `true` when available. |
| `CI_API_V4_URL` | Pipeline | 11.7 | all | The GitLab API v4 root URL. |
| `CI_API_GRAPHQL_URL` | Pipeline | 15.11 | all | The GitLab API GraphQL root URL. |
| `CI_BUILDS_DIR` | Jobs only | all | 11.10 | The top-level directory where builds are executed. |
| `CI_COMMIT_AUTHOR` | Pipeline | 13.11 | all | The author of the commit in `Name <email>` format. |
| `CI_COMMIT_BEFORE_SHA` | Pipeline | 11.2 | all | The previous latest commit present on a branch or tag. Is always `0000000000000000000000000000000000000000` for merge request pipelines, the first commit in pipelines for branches or tags, or when manually running a pipeline. |
| `CI_COMMIT_BRANCH` | Pipeline | 12.6 | 0.5 | The commit branch name. Available in branch pipelines, including pipelines for the default branch. Not available in merge request pipelines or tag pipelines. |
| `CI_COMMIT_DESCRIPTION` | Pipeline | 10.8 | all | The description of the commit. If the title is shorter than 100 characters, the message without the first line. |
| `CI_COMMIT_MESSAGE` | Pipeline | 10.8 | all | The full commit message. |
| `CI_COMMIT_REF_NAME` | Pipeline | 9.0 | all | The branch or tag name for which project is built. |
| `CI_COMMIT_REF_PROTECTED` | Pipeline | 11.11 | all | `true` if the job is running for a protected reference, `false` otherwise. |
| `CI_COMMIT_REF_SLUG` | Pipeline | 9.0 | all | `CI_COMMIT_REF_NAME` in lowercase, shortened to 63 bytes, and with everything except `0-9` and `a-z` replaced with `-`. No leading / trailing `-`. Use in URLs, host names and domain names. |
| `CI_COMMIT_SHA` | Pipeline | 9.0 | all | The commit revision the project is built for. |
| `CI_COMMIT_SHORT_SHA` | Pipeline | 11.7 | all | The first eight characters of `CI_COMMIT_SHA`. |
| `CI_COMMIT_TAG` | Pipeline | 9.0 | 0.5 | The commit tag name. Available only in pipelines for tags. |
| `CI_COMMIT_TAG_MESSAGE` | Pipeline | 15.5 | all | The commit tag message. Available only in pipelines for tags. |
| `CI_COMMIT_TIMESTAMP` | Pipeline | 13.4 | all | The timestamp of the commit in the [ISO 8601](https://www.rfc-editor.org/rfc/rfc3339#appendix-A) format. For example, `2022-01-31T16:47:55Z`. |
| `CI_COMMIT_TITLE` | Pipeline | 10.8 | all | The title of the commit. The full first line of the message. |
| `CI_CONCURRENT_ID` | Jobs only | all | 11.10 | The unique ID of build execution in a single executor. |
| `CI_CONCURRENT_PROJECT_ID` | Jobs only | all | 11.10 | The unique ID of build execution in a single executor and project. |
| `CI_CONFIG_PATH` | Pipeline | 9.4 | 0.5 | The path to the CI/CD configuration file. Defaults to `.gitlab-ci.yml`. Read-only inside a running pipeline. |
| `CI_DEBUG_TRACE` | Pipeline | all | 1.7 | `true` if [debug logging (tracing)](index.md#enable-debug-logging) is enabled. |
| `CI_DEBUG_SERVICES` | Pipeline | 15.7 | 15.7 | `true` if [service container logging](../services/index.md#capturing-service-container-logs) is enabled. |
| `CI_DEFAULT_BRANCH` | Pipeline | 12.4 | all | The name of the project's default branch. |
| `CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX`| Pipeline | 14.3 | all | The direct group image prefix for pulling images through the Dependency Proxy. |
| `CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX` | Pipeline | 13.7 | all | The top-level group image prefix for pulling images through the Dependency Proxy. |
| `CI_DEPENDENCY_PROXY_PASSWORD` | Pipeline | 13.7 | all | The password to pull images through the Dependency Proxy. |
| `CI_DEPENDENCY_PROXY_SERVER` | Pipeline | 13.7 | all | The server for logging in to the Dependency Proxy. This is equivalent to `$CI_SERVER_HOST:$CI_SERVER_PORT`. |
| `CI_DEPENDENCY_PROXY_USER` | Pipeline | 13.7 | all | The username to pull images through the Dependency Proxy. |
| `CI_DEPLOY_FREEZE` | Pipeline | 13.2 | all | Only available if the pipeline runs during a [deploy freeze window](../../user/project/releases/index.md#prevent-unintentional-releases-by-setting-a-deploy-freeze). `true` when available. |
| `CI_DEPLOY_PASSWORD` | Jobs only | 10.8 | all | The authentication password of the [GitLab Deploy Token](../../user/project/deploy_tokens/index.md#gitlab-deploy-token), if the project has one. |
| `CI_DEPLOY_USER` | Jobs only | 10.8 | all | The authentication username of the [GitLab Deploy Token](../../user/project/deploy_tokens/index.md#gitlab-deploy-token), if the project has one. |
| `CI_DISPOSABLE_ENVIRONMENT` | Pipeline | all | 10.1 | Only available if the job is executed in a disposable environment (something that is created only for this job and disposed of/destroyed after the execution - all executors except `shell` and `ssh`). `true` when available. |
| `CI_ENVIRONMENT_NAME` | Pipeline | 8.15 | all | The name of the environment for this job. Available if [`environment:name`](../yaml/index.md#environmentname) is set. |
| `CI_ENVIRONMENT_SLUG` | Pipeline | 8.15 | all | The simplified version of the environment name, suitable for inclusion in DNS, URLs, Kubernetes labels, and so on. Available if [`environment:name`](../yaml/index.md#environmentname) is set. The slug is [truncated to 24 characters](https://gitlab.com/gitlab-org/gitlab/-/issues/20941). A random suffix is automatically added to [uppercase environment names](https://gitlab.com/gitlab-org/gitlab/-/issues/415526). |
| `CI_ENVIRONMENT_URL` | Pipeline | 9.3 | all | The URL of the environment for this job. Available if [`environment:url`](../yaml/index.md#environmenturl) is set. |
| `CI_ENVIRONMENT_ACTION` | Pipeline | 13.11 | all | The action annotation specified for this job's environment. Available if [`environment:action`](../yaml/index.md#environmentaction) is set. Can be `start`, `prepare`, or `stop`. |
| `CI_ENVIRONMENT_TIER` | Pipeline | 14.0 | all | The [deployment tier of the environment](../environments/index.md#deployment-tier-of-environments) for this job. |
| `CI_RELEASE_DESCRIPTION` | Pipeline | 15.5 | all | The description of the release. Available only on pipelines for tags. Description length is limited to first 1024 characters. |
| `CI_GITLAB_FIPS_MODE` | Pipeline | 14.10 | all | Only available if [FIPS mode](../../development/fips_compliance.md) is enabled in the GitLab instance. `true` when available. |
| `CI_HAS_OPEN_REQUIREMENTS` | Pipeline | 13.1 | all | Only available if the pipeline's project has an open [requirement](../../user/project/requirements/index.md). `true` when available. |
| `CI_JOB_ID` | Jobs only | 9.0 | all | The internal ID of the job, unique across all jobs in the GitLab instance. |
| `CI_JOB_IMAGE` | Pipeline | 12.9 | 12.9 | The name of the Docker image running the job. |
| `CI_JOB_JWT` (Deprecated) | Pipeline | 12.10 | all | A RS256 JSON web token to authenticate with third party systems that support JWT authentication, for example [HashiCorp's Vault](../secrets/index.md). [Deprecated in GitLab 15.9](../../update/deprecations.md#old-versions-of-json-web-tokens-are-deprecated) and scheduled to be removed in GitLab 17.0. Use [ID tokens](../yaml/index.md#id_tokens) instead. |
| `CI_JOB_JWT_V1` (Deprecated) | Pipeline | 14.6 | all | The same value as `CI_JOB_JWT`. [Deprecated in GitLab 15.9](../../update/deprecations.md#old-versions-of-json-web-tokens-are-deprecated) and scheduled to be removed in GitLab 17.0. Use [ID tokens](../yaml/index.md#id_tokens) instead. |
| `CI_JOB_JWT_V2` (Deprecated) | Pipeline | 14.6 | all | A newly formatted RS256 JSON web token to increase compatibility. Similar to `CI_JOB_JWT`, except the issuer (`iss`) claim is changed from `gitlab.com` to `https://gitlab.com`, `sub` has changed from `job_id` to a string that contains the project path, and an `aud` claim is added. The `aud` field is a constant value. Trusting JWTs in multiple relying parties can lead to [one RP sending a JWT to another one and acting maliciously as a job](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/72555#note_769112331). [Deprecated in GitLab 15.9](../../update/deprecations.md#old-versions-of-json-web-tokens-are-deprecated) and scheduled to be removed in GitLab 17.0. Use [ID tokens](../yaml/index.md#id_tokens) instead. |
| `CI_JOB_MANUAL` | Pipeline | 8.12 | all | Only available if the job was started manually. `true` when available. |
| `CI_JOB_NAME` | Pipeline | 9.0 | 0.5 | The name of the job. |
| `CI_JOB_NAME_SLUG` | Pipeline | 15.4 | all | `CI_JOB_NAME` in lowercase, shortened to 63 bytes, and with everything except `0-9` and `a-z` replaced with `-`. No leading / trailing `-`. Use in paths. |
| `CI_JOB_STAGE` | Pipeline | 9.0 | 0.5 | The name of the job's stage. |
| `CI_JOB_STATUS` | Jobs only | all | 13.5 | The status of the job as each runner stage is executed. Use with [`after_script`](../yaml/index.md#after_script). Can be `success`, `failed`, or `canceled`. |
| `CI_JOB_TIMEOUT` | Jobs only | 15.7 | 15.7 | The job timeout, in seconds. |
| `CI_JOB_TOKEN` | Jobs only | 9.0 | 1.2 | A token to authenticate with [certain API endpoints](../jobs/ci_job_token.md). The token is valid as long as the job is running. |
| `CI_JOB_URL` | Jobs only | 11.1 | 0.5 | The job details URL. |
| `CI_JOB_STARTED_AT` | Jobs only | 13.10 | all | The UTC datetime when a job started, in [ISO 8601](https://www.rfc-editor.org/rfc/rfc3339#appendix-A) format. For example, `2022-01-31T16:47:55Z`. |
| `CI_KUBERNETES_ACTIVE` | Pipeline | 13.0 | all | Only available if the pipeline has a Kubernetes cluster available for deployments. `true` when available. |
| `CI_NODE_INDEX` | Pipeline | 11.5 | all | The index of the job in the job set. Only available if the job uses [`parallel`](../yaml/index.md#parallel). |
| `CI_NODE_TOTAL` | Pipeline | 11.5 | all | The total number of instances of this job running in parallel. Set to `1` if the job does not use [`parallel`](../yaml/index.md#parallel). |
| `CI_OPEN_MERGE_REQUESTS` | Pipeline | 13.8 | all | A comma-separated list of up to four merge requests that use the current branch and project as the merge request source. Only available in branch and merge request pipelines if the branch has an associated merge request. For example, `gitlab-org/gitlab!333,gitlab-org/gitlab-foss!11`. |
| `CI_PAGES_DOMAIN` | Pipeline | 11.8 | all | The configured domain that hosts GitLab Pages. |
| `CI_PAGES_URL` | Pipeline | 11.8 | all | The URL for a GitLab Pages site. Always a subdomain of `CI_PAGES_DOMAIN`. |
| `CI_PIPELINE_ID` | Jobs only | 8.10 | all | The instance-level ID of the current pipeline. This ID is unique across all projects on the GitLab instance. |
| `CI_PIPELINE_IID` | Pipeline | 11.0 | all | The project-level IID (internal ID) of the current pipeline. This ID is unique only within the current project. |
| `CI_PIPELINE_SOURCE` | Pipeline | 10.0 | all | How the pipeline was triggered. Can be `push`, `web`, `schedule`, `api`, `external`, `chat`, `webide`, `merge_request_event`, `external_pull_request_event`, `parent_pipeline`, [`trigger`, or `pipeline`](../triggers/index.md#configure-cicd-jobs-to-run-in-triggered-pipelines). For a description of each value, see [Common `if` clauses for `rules`](../jobs/job_control.md#common-if-clauses-for-rules), which uses this variable to control when jobs run. |
| `CI_PIPELINE_TRIGGERED` | Pipeline | all | all | `true` if the job was [triggered](../triggers/index.md). |
| `CI_PIPELINE_URL` | Jobs only | 11.1 | 0.5 | The URL for the pipeline details. |
| `CI_PIPELINE_CREATED_AT` | Pipeline | 13.10 | all | The UTC datetime when the pipeline was created, in [ISO 8601](https://www.rfc-editor.org/rfc/rfc3339#appendix-A) format. For example, `2022-01-31T16:47:55Z`. |
| `CI_PIPELINE_NAME` | Pipeline | 16.3 | all | The pipeline name defined in [`workflow:name`](../yaml/index.md#workflowname) |
| `CI_PROJECT_DIR` | Jobs only | all | all | The full path the repository is cloned to, and where the job runs from. If the GitLab Runner `builds_dir` parameter is set, this variable is set relative to the value of `builds_dir`. For more information, see the [Advanced GitLab Runner configuration](https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-section). |
| `CI_PROJECT_ID` | Pipeline | all | all | The ID of the current project. This ID is unique across all projects on the GitLab instance. |
| `CI_PROJECT_NAME` | Pipeline | 8.10 | 0.5 | The name of the directory for the project. For example if the project URL is `gitlab.example.com/group-name/project-1`, `CI_PROJECT_NAME` is `project-1`. |
| `CI_PROJECT_NAMESPACE` | Pipeline | 8.10 | 0.5 | The project namespace (username or group name) of the job. |
| `CI_PROJECT_NAMESPACE_ID` | Pipeline | 15.7 | 0.5 | The project namespace ID of the job. |
| `CI_PROJECT_PATH_SLUG` | Pipeline | 9.3 | all | `$CI_PROJECT_PATH` in lowercase with characters that are not `a-z` or `0-9` replaced with `-` and shortened to 63 bytes. Use in URLs and domain names. |
| `CI_PROJECT_PATH` | Pipeline | 8.10 | 0.5 | The project namespace with the project name included. |
| `CI_PROJECT_REPOSITORY_LANGUAGES` | Pipeline | 12.3 | all | A comma-separated, lowercase list of the languages used in the repository. For example `ruby,javascript,html,css`. The maximum number of languages is limited to 5. An issue [proposes to increase the limit](https://gitlab.com/gitlab-org/gitlab/-/issues/368925). |
| `CI_PROJECT_ROOT_NAMESPACE` | Pipeline | 13.2 | 0.5 | The root project namespace (username or group name) of the job. For example, if `CI_PROJECT_NAMESPACE` is `root-group/child-group/grandchild-group`, `CI_PROJECT_ROOT_NAMESPACE` is `root-group`. |
| `CI_PROJECT_TITLE` | Pipeline | 12.4 | all | The human-readable project name as displayed in the GitLab web interface. |
| `CI_PROJECT_DESCRIPTION` | Pipeline | 15.1 | all | The project description as displayed in the GitLab web interface. |
| `CI_PROJECT_URL` | Pipeline | 8.10 | 0.5 | The HTTP(S) address of the project. |
| `CI_PROJECT_VISIBILITY` | Pipeline | 10.3 | all | The project visibility. Can be `internal`, `private`, or `public`. |
| `CI_PROJECT_CLASSIFICATION_LABEL` | Pipeline | 14.2 | all | The project [external authorization classification label](../../administration/settings/external_authorization.md). |
| `CI_REGISTRY` | Pipeline | 8.10 | 0.5 | Address of the [container registry](../../user/packages/container_registry/index.md) server, formatted as `<host>[:<port>]`. For example: `registry.gitlab.example.com`. Only available if the container registry is enabled for the GitLab instance. |
| `CI_REGISTRY_IMAGE` | Pipeline | 8.10 | 0.5 | Base address for the container registry to push, pull, or tag project's images, formatted as `<host>[:<port>]/<project_full_path>`. For example: `registry.gitlab.example.com/my_group/my_project`. Image names must follow the [container registry naming convention](../../user/packages/container_registry/index.md#naming-convention-for-your-container-images). Only available if the container registry is enabled for the project. |
| `CI_REGISTRY_PASSWORD` | Jobs only | 9.0 | all | The password to push containers to the GitLab project's container registry. Only available if the container registry is enabled for the project. This password value is the same as the `CI_JOB_TOKEN` and is valid only as long as the job is running. Use the `CI_DEPLOY_PASSWORD` for long-lived access to the registry |
| `CI_REGISTRY_USER` | Jobs only | 9.0 | all | The username to push containers to the project's GitLab container registry. Only available if the container registry is enabled for the project. |
| `CI_REPOSITORY_URL` | Jobs only | 9.0 | all | The full path to Git clone (HTTP) the repository with a [CI/CD job token](../jobs/ci_job_token.md), in the format `https://gitlab-ci-token:$CI_JOB_TOKEN@gitlab.example.com/my-group/my-project.git`. |
| `CI_RUNNER_DESCRIPTION` | Jobs only | 8.10 | 0.5 | The description of the runner. |
| `CI_RUNNER_EXECUTABLE_ARCH` | Jobs only | all | 10.6 | The OS/architecture of the GitLab Runner executable. Might not be the same as the environment of the executor. |
| `CI_RUNNER_ID` | Jobs only | 8.10 | 0.5 | The unique ID of the runner being used. |
| `CI_RUNNER_REVISION` | Jobs only | all | 10.6 | The revision of the runner running the job. |
| `CI_RUNNER_SHORT_TOKEN` | Jobs only | all | 12.3 | The runner's unique ID, used to authenticate new job requests. In [GitLab 14.9](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/2251) and later, the token contains a prefix, and the first 17 characters are used. Prior to 14.9, the first eight characters are used. |
| `CI_RUNNER_TAGS` | Jobs only | 8.10 | 0.5 | A comma-separated list of the runner tags. |
| `CI_RUNNER_VERSION` | Jobs only | all | 10.6 | The version of the GitLab Runner running the job. |
| `CI_SERVER_HOST` | Pipeline | 12.1 | all | The host of the GitLab instance URL, without protocol or port. For example `gitlab.example.com`. |
| `CI_SERVER_NAME` | Pipeline | all | all | The name of CI/CD server that coordinates jobs. |
| `CI_SERVER_PORT` | Pipeline | 12.8 | all | The port of the GitLab instance URL, without host or protocol. For example `8080`. |
| `CI_SERVER_PROTOCOL` | Pipeline | 12.8 | all | The protocol of the GitLab instance URL, without host or port. For example `https`. |
| `CI_SERVER_SHELL_SSH_HOST` | Pipeline | 15.11 | all | The SSH host of the GitLab instance, used for access to Git repositories via SSH. For example `gitlab.com`. |
| `CI_SERVER_SHELL_SSH_PORT` | Pipeline | 15.11 | all | The SSH port of the GitLab instance, used for access to Git repositories via SSH. For example `22`. |
| `CI_SERVER_REVISION` | Pipeline | all | all | GitLab revision that schedules jobs. |
| `CI_SERVER_TLS_CA_FILE` | Pipeline | all | all | File containing the TLS CA certificate to verify the GitLab server when `tls-ca-file` set in [runner settings](https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-section). |
| `CI_SERVER_TLS_CERT_FILE` | Pipeline | all | all | File containing the TLS certificate to verify the GitLab server when `tls-cert-file` set in [runner settings](https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-section). |
| `CI_SERVER_TLS_KEY_FILE` | Pipeline | all | all | File containing the TLS key to verify the GitLab server when `tls-key-file` set in [runner settings](https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-section). |
| `CI_SERVER_URL` | Pipeline | 12.7 | all | The base URL of the GitLab instance, including protocol and port. For example `https://gitlab.example.com:8080`. |
| `CI_SERVER_VERSION_MAJOR` | Pipeline | 11.4 | all | The major version of the GitLab instance. For example, if the GitLab version is `13.6.1`, the `CI_SERVER_VERSION_MAJOR` is `13`. |
| `CI_SERVER_VERSION_MINOR` | Pipeline | 11.4 | all | The minor version of the GitLab instance. For example, if the GitLab version is `13.6.1`, the `CI_SERVER_VERSION_MINOR` is `6`. |
| `CI_SERVER_VERSION_PATCH` | Pipeline | 11.4 | all | The patch version of the GitLab instance. For example, if the GitLab version is `13.6.1`, the `CI_SERVER_VERSION_PATCH` is `1`. |
| `CI_SERVER_VERSION` | Pipeline | all | all | The full version of the GitLab instance. |
| `CI_SERVER` | Jobs only | all | all | Available for all jobs executed in CI/CD. `yes` when available. |
| `CI_SHARED_ENVIRONMENT` | Pipeline | all | 10.1 | Only available if the job is executed in a shared environment (something that is persisted across CI/CD invocations, like the `shell` or `ssh` executor). `true` when available. |
| `CI_TEMPLATE_REGISTRY_HOST` | Pipeline | 15.3 | all | The host of the registry used by CI/CD templates. Defaults to `registry.gitlab.com`. |
| `GITLAB_CI` | Pipeline | all | all | Available for all jobs executed in CI/CD. `true` when available. |
| `GITLAB_FEATURES` | Pipeline | 10.6 | all | The comma-separated list of licensed features available for the GitLab instance and license. |
| `GITLAB_USER_EMAIL` | Pipeline | 8.12 | all | The email of the user who started the pipeline, unless the job is a manual job. In manual jobs, the value is the email of the user who started the job. |
| `GITLAB_USER_ID` | Pipeline | 8.12 | all | The numeric ID of the user who started the pipeline, unless the job is a manual job. In manual jobs, the value is the ID of the user who started the job. |
| `GITLAB_USER_LOGIN` | Pipeline | 10.0 | all | The username of the user who started the pipeline, unless the job is a manual job. In manual jobs, the value is the username of the user who started the job. |
| `GITLAB_USER_NAME` | Pipeline | 10.0 | all | The display name of the user who started the pipeline, unless the job is a manual job. In manual jobs, the value is the name of the user who started the job. |
| `KUBECONFIG` | Pipeline | 14.2 | all | The path to the `kubeconfig` file with contexts for every shared agent connection. Only available when a [GitLab agent is authorized to access the project](../../user/clusters/agent/ci_cd_workflow.md#authorize-the-agent). |
| `TRIGGER_PAYLOAD` | Pipeline | 13.9 | all | The webhook payload. Only available when a pipeline is [triggered with a webhook](../triggers/index.md#access-webhook-payload). |
## Predefined variables for merge request pipelines
@ -157,6 +162,9 @@ These variables are available when:
|---------------------------------------------|--------|--------|-------------|
| `CI_MERGE_REQUEST_APPROVED` | 14.1 | all | Approval status of the merge request. `true` when [merge request approvals](../../user/project/merge_requests/approvals/index.md) is available and the merge request has been approved. |
| `CI_MERGE_REQUEST_ASSIGNEES` | 11.9 | all | Comma-separated list of usernames of assignees for the merge request. |
| `CI_MERGE_REQUEST_DIFF_BASE_SHA` | 13.7 | all | The base SHA of the merge request diff. |
| `CI_MERGE_REQUEST_DIFF_ID` | 13.7 | all | The version of the merge request diff. |
| `CI_MERGE_REQUEST_EVENT_TYPE` | 12.3 | all | The event type of the merge request. Can be `detached`, `merged_result` or `merge_train`. |
| `CI_MERGE_REQUEST_ID` | 11.6 | all | The instance-level ID of the merge request. This is a unique ID across all projects on the GitLab instance. |
| `CI_MERGE_REQUEST_DESCRIPTION` | 16.7 | all | The description of the merge request. |
| `CI_MERGE_REQUEST_IID` | 11.6 | all | The project-level IID (internal ID) of the merge request. This ID is unique for the current project, and is the number used in the merge request URL, page title, and other visible locations. |
@ -166,20 +174,17 @@ These variables are available when:
| `CI_MERGE_REQUEST_PROJECT_PATH` | 11.6 | all | The path of the project of the merge request. For example `namespace/awesome-project`. |
| `CI_MERGE_REQUEST_PROJECT_URL` | 11.6 | all | The URL of the project of the merge request. For example, `http://192.168.10.15:3000/namespace/awesome-project`. |
| `CI_MERGE_REQUEST_REF_PATH` | 11.6 | all | The ref path of the merge request. For example, `refs/merge-requests/1/head`. |
| `CI_MERGE_REQUEST_SQUASH_ON_MERGE` | 16.4 | all | `true` when the [squash on merge](../../user/project/merge_requests/squash_and_merge.md) option is set. |
| `CI_MERGE_REQUEST_SOURCE_BRANCH_NAME` | 11.6 | all | The source branch name of the merge request. |
| `CI_MERGE_REQUEST_SOURCE_BRANCH_PROTECTED` | 16.4 | all | `true` when the source branch of the merge request is [protected](../../user/project/protected_branches.md). |
| `CI_MERGE_REQUEST_SOURCE_BRANCH_SHA` | 11.9 | all | The HEAD SHA of the source branch of the merge request. The variable is empty in merge request pipelines. The SHA is present only in [merged results pipelines](../pipelines/merged_results_pipelines.md). |
| `CI_MERGE_REQUEST_SOURCE_PROJECT_ID` | 11.6 | all | The ID of the source project of the merge request. |
| `CI_MERGE_REQUEST_SOURCE_PROJECT_PATH` | 11.6 | all | The path of the source project of the merge request. |
| `CI_MERGE_REQUEST_SOURCE_PROJECT_URL` | 11.6 | all | The URL of the source project of the merge request. |
| `CI_MERGE_REQUEST_SQUASH_ON_MERGE` | 16.4 | all | `true` when the [squash on merge](../../user/project/merge_requests/squash_and_merge.md) option is set. |
| `CI_MERGE_REQUEST_TARGET_BRANCH_NAME` | 11.6 | all | The target branch name of the merge request. |
| `CI_MERGE_REQUEST_TARGET_BRANCH_PROTECTED` | 15.2 | all | `true` when the target branch of the merge request is [protected](../../user/project/protected_branches.md). |
| `CI_MERGE_REQUEST_TARGET_BRANCH_SHA` | 11.9 | all | The HEAD SHA of the target branch of the merge request. The variable is empty in merge request pipelines. The SHA is present only in [merged results pipelines](../pipelines/merged_results_pipelines.md). |
| `CI_MERGE_REQUEST_TITLE` | 11.9 | all | The title of the merge request. |
| `CI_MERGE_REQUEST_EVENT_TYPE` | 12.3 | all | The event type of the merge request. Can be `detached`, `merged_result` or `merge_train`. |
| `CI_MERGE_REQUEST_DIFF_ID` | 13.7 | all | The version of the merge request diff. |
| `CI_MERGE_REQUEST_DIFF_BASE_SHA` | 13.7 | all | The base SHA of the merge request diff. |
## Predefined variables for external pull request pipelines
@ -209,3 +214,8 @@ defines deployment variables that you can use with the integration.
The [documentation for each integration](../../user/project/integrations/index.md)
explains if the integration has any deployment variables available.
## Troubleshooting
You can [output the values of all variables available for a job](index.md#list-all-variables)
with a `script` command.

16
doc/ci/variables/where_variables_can_be_used.md
View File

@ -149,15 +149,15 @@ Pipeline-level persisted variables:
Job-level persisted variables:
- `CI_JOB_ID`
- `CI_JOB_URL`
- `CI_JOB_TOKEN`
- `CI_JOB_STARTED_AT`
- `CI_REGISTRY_USER`
- `CI_REGISTRY_PASSWORD`
- `CI_REPOSITORY_URL`
- `CI_DEPLOY_USER`
- `CI_DEPLOY_PASSWORD`
- `CI_DEPLOY_USER`
- `CI_JOB_ID`
- `CI_JOB_STARTED_AT`
- `CI_JOB_TOKEN`
- `CI_JOB_URL`
- `CI_REGISTRY_PASSWORD`
- `CI_REGISTRY_USER`
- `CI_REPOSITORY_URL`
Persisted variables are:

3
doc/ci/yaml/index.md
View File

@ -452,6 +452,9 @@ start. Jobs in the current stage are not stopped and continue to run.
Use [`workflow`](workflow.md) to control pipeline behavior.
You can use some [predefined CI/CD variables](../variables/predefined_variables.md) in
`workflow` configuration, but not variables that are only defined when jobs start.
**Related topics**:
- [`workflow: rules` examples](workflow.md#workflow-rules-examples)

15
doc/development/database/loose_foreign_keys.md
View File

@ -119,9 +119,9 @@ To match foreign key (FK), write one or many filters to match against FROM/TO/CO
- scripts/decomposition/generate-loose-foreign-key dast_site_profiles_pipelines
```
The command accepts a list of filters to match from, to, or column for the purpose of the foreign key generation.
For example, run this to swap all foreign keys for `ci_job_token_project_scope_links` for the
decomposed database:
The command accepts a list of regular expressions to match from, to, or column
for the purpose of the foreign key generation. For example, run this to swap
all foreign keys for `ci_job_token_project_scope_links` for the decomposed database:
```shell
scripts/decomposition/generate-loose-foreign-key -c ci_job_token_project_scope_links
@ -133,6 +133,15 @@ To swap only the `source_project_id` of `ci_job_token_project_scope_links` for t
scripts/decomposition/generate-loose-foreign-key -c ci_job_token_project_scope_links source_project_id
```
To match the exact name of a table or columns, you can make use of the regular expressions
position anchors `^` and `$`. For example, this command matches only the
foreign keys on the `events` table only, but not on the table
`incident_management_timeline_events`.
```shell
scripts/decomposition/generate-loose-foreign-key -n ^events$
```
To swap all the foreign keys (all having `_id` appended), but not create a new branch (only commit
the changes) and not create RSpec tests, run:

2
doc/development/documentation/styleguide/word_list.md
View File

@ -674,7 +674,7 @@ Learn more about [documenting multiple fields at once](index.md#documenting-mult
## file name
Use two words for **file name**.
Use two words for **file name**. When using file name as a variable, use `<file_name>`.
([Vale](../testing.md#vale) rule: [`SubstitutionWarning.yml`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/.vale/gitlab/SubstitutionWarning.yml))

12
doc/user/application_security/vulnerability_report/index.md
View File

@ -202,11 +202,11 @@ apply to the export.
Fields included are:
- Status (See the following table for details of how the status value is exported.)
- Group name
- Project name
- Tool
- Scanner name
- Status
- Vulnerability
- Basic details
- Additional information
@ -227,6 +227,16 @@ Full details are available through our
Use one of the `gl-*-report.json` report filenames in place of `*artifact_path`
to obtain, for example, the path of files in which vulnerabilities were detected.
The Status field's values shown in the vulnerability report are different to those contained
in the vulnerability export. Use the following reference table to match them.
| Vulnerability report | Vulnerability export |
|:---------------------|:---------------------|
| Needs triage | detected |
| Dismissed | dismissed |
| Resolved | resolved |
| Confirmed | confirmed |
### Export details in CSV format
To export details of all vulnerabilities listed in the Vulnerability Report, select **Export**.

4
doc/user/group/saml_sso/troubleshooting.md
View File

@ -366,10 +366,10 @@ This error appears when the SAML response does not contain the user's email addr
</Attribute>
```
Attribute names starting with phrases such as `http://schemas.microsoft.com/ws/2008/06/identity/claims/` like in the following example are not supported. Remove this type of attribute name from the SAML response on the IDP side.
Attribute names starting with phrases such as `http://schemas.xmlsoap.org/ws/2005/05/identity/claims` and `http://schemas.microsoft.com/ws/2008/06/identity/claims/` are supported.
```xml
<Attribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/email">
<Attribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/emailaddress">
<AttributeValue>user@domain.com/AttributeValue>
</Attribute>
```

4
doc/user/profile/personal_access_tokens.md
View File

@ -143,9 +143,9 @@ Personal access tokens expire on the date you define, at midnight, 00:00 AM UTC.
[maximum allowed lifetime for the token](../../administration/settings/account_and_limit_settings.md#limit-the-lifetime-of-access-tokens).
If the maximum allowed lifetime is not set, the default expiry date is 365 days from the date of creation.
### Service Accounts
### Create a service account personal access token with no expiry date
You can [create a personal access token for a service account](../../api/groups.md#create-personal-access-token-for-service-account-user) with no expiry date.
You can [create a personal access token for a service account](../../api/groups.md#create-personal-access-token-for-service-account-user) with no expiry date. These personal access tokens never expire, unlike non-service account personal access tokens.
NOTE:
Allowing personal access tokens for service accounts to be created with no expiry date only affects tokens created after you change this setting. It does not affect existing tokens.

52
lib/api/concerns/packages/nuget/public_endpoints.rb
View File

@ -14,6 +14,8 @@ module API
module PublicEndpoints
extend ActiveSupport::Concern
SHA256_REGEX = /SHA256:([a-f0-9]{64})/i
included do
# https://docs.microsoft.com/en-us/nuget/api/service-index
desc 'The NuGet V3 Feed Service Index' do
@ -43,6 +45,56 @@ module API
]
tags %w[nuget_packages]
end
namespace :symbolfiles do
after_validation do
not_found! if Feature.disabled?(:nuget_symbolfiles_endpoint, project_or_group_without_auth)
end
desc 'The NuGet Symbol File Download Endpoint' do
detail 'This feature was introduced in GitLab 16.7'
success code: 200
failure [
{ code: 400, message: 'Bad Request' },
{ code: 404, message: 'Not Found' }
]
headers Symbolchecksum: {
type: String,
desc: 'The SHA256 checksums of the symbol file',
required: true
}
tags %w[nuget_packages]
end
params do
requires :file_name, allow_blank: false, type: String, desc: 'The symbol file name',
regexp: API::NO_SLASH_URL_PART_REGEX, documentation: { example: 'mynugetpkg.pdb' }
requires :signature, allow_blank: false, type: String, desc: 'The symbol file signature',
regexp: API::NO_SLASH_URL_PART_REGEX,
documentation: { example: 'k813f89485474661234z7109cve5709eFFFFFFFF' }
requires :same_file_name, same_as: :file_name
end
get '*file_name/*signature/*same_file_name', format: false, urgency: :low do
bad_request!('Missing checksum header') if headers['Symbolchecksum'].blank?
project_or_group_without_auth
# upcase the age part of the signature in case we received it in lowercase:
# https://github.com/dotnet/symstore/blob/main/docs/specs/SSQP_Key_Conventions.md#key-formatting-basic-rules
signature = declared_params[:signature].sub(/.{8}\z/, &:upcase)
checksums = headers['Symbolchecksum'].scan(SHA256_REGEX).flatten
symbol = ::Packages::Nuget::Symbol
.with_signature(signature)
.with_file_name(declared_params[:file_name])
.with_file_sha256(checksums)
.first
not_found!('Symbol') unless symbol
present_carrierwave_file!(symbol.file)
end
end
namespace '/v2' do
get format: :xml, urgency: :low do
env['api.format'] = :xml

2
lib/gitlab/internal_events.rb
View File

@ -111,7 +111,7 @@ module Gitlab
user = kwargs[:user]
gitlab_sdk_client.identify(user&.id)
gitlab_sdk_client.track(event_name)
gitlab_sdk_client.track(event_name, nil)
end
def gitlab_sdk_client

2
qa/Gemfile
View File

@ -2,7 +2,7 @@
source 'https://rubygems.org'
gem 'gitlab-qa', '~> 12', '>= 12.5.0', require: 'gitlab/qa'
gem 'gitlab-qa', '~> 12', '>= 12.5.1', require: 'gitlab/qa'
gem 'gitlab_quality-test_tooling', '~> 1.8.1', require: false
gem 'gitlab-utils', path: '../gems/gitlab-utils'
gem 'activesupport', '~> 7.0.8' # This should stay in sync with the root's Gemfile

4
qa/Gemfile.lock
View File

@ -123,7 +123,7 @@ GEM
gitlab (4.19.0)
httparty (~> 0.20)
terminal-table (>= 1.5.1)
gitlab-qa (12.5.0)
gitlab-qa (12.5.1)
activesupport (>= 6.1, < 7.1)
gitlab (~> 4.19)
http (~> 5.0)
@ -363,7 +363,7 @@ DEPENDENCIES
faraday-retry (~> 2.2)
fog-core (= 2.1.0)
fog-google (~> 1.19)
gitlab-qa (~> 12, >= 12.5.0)
gitlab-qa (~> 12, >= 12.5.1)
gitlab-utils!
gitlab_quality-test_tooling (~> 1.8.1)
influxdb-client (~> 2.9)

7
qa/qa/page/project/web_ide/vscode.rb
View File

@ -168,11 +168,16 @@ module QA
create_item("New File...", file_name)
end
def commit_and_push(file_name)
def commit_and_push_to_new_branch(file_name)
commit_toggle(file_name)
push_to_new_branch
end
def commit_and_push_to_existing_branch(file_name)
commit_toggle(file_name)
push_to_existing_branch
end
def commit_toggle(message)
within_vscode_editor do
if has_commit_pending_tab?

49
qa/qa/specs/features/browser_ui/3_create/web_ide/add_first_file_in_web_ide_spec.rb Normal file
View File

@ -0,0 +1,49 @@
# frozen_string_literal: true
module QA
RSpec.describe 'Create', :skip_live_env, product_group: :ide do
describe 'Add first file in Web IDE' do
let(:project) { create(:project, :with_readme, name: 'webide-create-file-project') }
before do
Flow::Login.sign_in
project.visit!
Page::Project::Show.perform(&:open_web_ide!)
Page::Project::WebIDE::VSCode.perform(&:wait_for_ide_to_load)
end
context 'when a file with the same name already exists' do
let(:file_name) { 'README.md' }
it 'throws an error', testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/432899' do
Page::Project::WebIDE::VSCode.perform do |ide|
ide.create_new_file(file_name)
expect(ide)
.to have_message("A file or folder README.md already exists at this location")
end
end
end
context 'when user adds a new file' do
let(:file_name) { 'first_file.txt' }
it 'shows successfully added and visible in project',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/432898' do
Page::Project::WebIDE::VSCode.perform do |ide|
ide.create_new_file(file_name)
ide.commit_and_push_to_existing_branch(file_name)
expect(ide).to have_message('Success! Your changes have been committed.')
end
project.visit!
Page::Project::Show.perform do |project|
expect(project).to have_file(file_name)
end
end
end
end
end
end

6
qa/qa/specs/features/browser_ui/3_create/web_ide/upload_new_file_in_web_ide_spec.rb
View File

@ -30,9 +30,13 @@ module QA
it "verifies it successfully uploads and commits to a MR" do
Page::Project::WebIDE::VSCode.perform do |ide|
ide.upload_file(file_path)
ide.commit_and_push(file_name)
ide.commit_and_push_to_new_branch(file_name)
expect(ide).to have_message('Success! Your changes have been committed.')
ide.create_merge_request
end
# Opens the MR in new tab and verify the file is in the MR
page.driver.browser.switch_to.window(page.driver.browser.window_handles.last)

12
scripts/decomposition/generate-loose-foreign-key
View File

@ -12,7 +12,7 @@ $options = {
}
OptionParser.new do |opts|
opts.banner = "Usage: #{$0} [options] <filters...>"
opts.banner = "Usage: #{$0} [options] <regexp filters...>"
opts.on("-c", "--cross-schema", "Show only cross-schema foreign keys") do |v|
$options[:cross_schema] = v
@ -94,11 +94,11 @@ def has_lfk?(definition)
end
end
def matching_filter?(definition, filters)
def foreign_key_matching?(definition, filters)
filters.all? do |filter|
definition.from_table.include?(filter) ||
definition.to_table.include?(filter) ||
definition.column.include?(filter)
definition.from_table.match?(filter) ||
definition.to_table.match?(filter) ||
definition.column.match?(filter)
end
end
@ -291,7 +291,7 @@ puts
puts "Generating Loose Foreign Key for given filters: #{ARGV}"
all_foreign_keys.each_with_index do |definition, idx|
next unless matching_filter?(definition, ARGV)
next unless foreign_key_matching?(definition, ARGV.map { |arg| Regexp.new(arg) })
puts "Matched: #{idx} (#{definition.from_table}, #{definition.to_table}, #{definition.column})"

109
scripts/verify-tff-mapping
View File

@ -13,180 +13,180 @@ require 'test_file_finder'
tests = [
{
explanation: 'EE code should map to respective spec',
source: 'ee/app/controllers/admin/licenses_controller.rb',
changed_file: 'ee/app/controllers/admin/licenses_controller.rb',
expected: ['ee/spec/controllers/admin/licenses_controller_spec.rb']
},
{
explanation: 'FOSS code should map to respective spec',
source: 'app/finders/admin/projects_finder.rb',
changed_file: 'app/finders/admin/projects_finder.rb',
expected: ['spec/finders/admin/projects_finder_spec.rb']
},
{
explanation: 'EE extension should map to its EE extension spec and its FOSS class spec',
source: 'ee/app/finders/ee/projects_finder.rb',
changed_file: 'ee/app/finders/ee/projects_finder.rb',
expected: ['ee/spec/finders/ee/projects_finder_spec.rb', 'spec/finders/projects_finder_spec.rb']
},
{
explanation: 'EE lib should map to respective spec.',
source: 'ee/lib/world.rb',
changed_file: 'ee/lib/world.rb',
expected: ['ee/spec/lib/world_spec.rb']
},
{
explanation: 'FOSS lib should map to respective spec',
source: 'lib/gitaly/server.rb',
changed_file: 'lib/gitaly/server.rb',
expected: ['spec/lib/gitaly/server_spec.rb']
},
{
explanation: 'https://gitlab.com/gitlab-org/gitlab/-/issues/368628',
source: 'lib/gitlab/usage_data_counters/wiki_page_counter.rb',
changed_file: 'lib/gitlab/usage_data_counters/wiki_page_counter.rb',
expected: ['spec/lib/gitlab/usage_data_spec.rb', 'spec/lib/gitlab/usage_data_counters/wiki_page_counter_spec.rb']
},
{
explanation: 'EE usage counters map to usage data spec',
source: 'ee/lib/gitlab/usage_data_counters/licenses_list.rb',
changed_file: 'ee/lib/gitlab/usage_data_counters/licenses_list.rb',
expected: ['ee/spec/lib/gitlab/usage_data_counters/licenses_list_spec.rb', 'spec/lib/gitlab/usage_data_spec.rb']
},
{
explanation: 'https://gitlab.com/gitlab-org/quality/engineering-productivity/master-broken-incidents/-/issues/54#note_1160811638',
source: 'lib/gitlab/ci/config/base.rb',
changed_file: 'lib/gitlab/ci/config/base.rb',
expected: ['spec/lib/gitlab/ci/yaml_processor_spec.rb']
},
{
explanation: 'https://gitlab.com/gitlab-org/quality/engineering-productivity/master-broken-incidents/-/issues/54#note_1160811638',
source: 'ee/lib/gitlab/ci/config/base.rb',
changed_file: 'ee/lib/gitlab/ci/config/base.rb',
expected: ['spec/lib/gitlab/ci/yaml_processor_spec.rb', 'ee/spec/lib/gitlab/ci/yaml_processor_spec.rb']
},
{
explanation: 'Tooling should map to respective spec',
source: 'tooling/danger/specs/project_factory_suggestion.rb',
changed_file: 'tooling/danger/specs/project_factory_suggestion.rb',
expected: ['spec/tooling/danger/specs/project_factory_suggestion_spec.rb']
},
{
explanation: 'Map RuboCop related files to respective specs',
source: 'rubocop/cop/gettext/static_identifier.rb',
changed_file: 'rubocop/cop/gettext/static_identifier.rb',
expected: ['spec/rubocop/cop/gettext/static_identifier_spec.rb']
},
{
explanation: 'Initializers should map to respective spec',
source: 'config/initializers/action_mailer_hooks.rb',
changed_file: 'config/initializers/action_mailer_hooks.rb',
expected: ['spec/initializers/action_mailer_hooks_spec.rb']
},
{
explanation: 'DB structure should map to schema spec',
source: 'db/structure.sql',
changed_file: 'db/structure.sql',
expected: ['spec/db/schema_spec.rb']
},
{
explanation: 'Migration should map to its non-timestamped spec',
source: 'db/migrate/20221011062254_sync_new_amount_used_for_ci_project_monthly_usages.rb',
changed_file: 'db/migrate/20221011062254_sync_new_amount_used_for_ci_project_monthly_usages.rb',
expected: ['spec/migrations/sync_new_amount_used_for_ci_project_monthly_usages_spec.rb']
},
# rubocop:disable Layout/LineLength
{
explanation: 'Migration should map to its timestamped spec',
source: 'db/post_migrate/20230105172120_sync_new_amount_used_with_amount_used_on_ci_namespace_monthly_usages_table.rb',
changed_file: 'db/post_migrate/20230105172120_sync_new_amount_used_with_amount_used_on_ci_namespace_monthly_usages_table.rb',
expected: ['spec/migrations/20230105172120_sync_new_amount_used_with_amount_used_on_ci_namespace_monthly_usages_table_spec.rb']
},
# rubocop:enable Layout/LineLength
{
explanation: 'FOSS views should map to respective spec',
source: 'app/views/admin/dashboard/index.html.haml',
changed_file: 'app/views/admin/dashboard/index.html.haml',
expected: ['spec/views/admin/dashboard/index.html.haml_spec.rb']
},
{
explanation: 'EE views should map to respective spec',
source: 'ee/app/views/subscriptions/new.html.haml',
changed_file: 'ee/app/views/subscriptions/new.html.haml',
expected: ['ee/spec/views/subscriptions/new.html.haml_spec.rb']
},
{
explanation: 'FOSS spec code should map to itself',
source: 'spec/models/issue_spec.rb',
changed_file: 'spec/models/issue_spec.rb',
expected: ['spec/models/issue_spec.rb']
},
{
explanation: 'EE spec code should map to itself',
source: 'ee/spec/models/ee/user_spec.rb',
changed_file: 'ee/spec/models/ee/user_spec.rb',
expected: ['ee/spec/models/ee/user_spec.rb', 'spec/models/user_spec.rb']
},
{
explanation: 'EE extension spec should map to itself and the FOSS class spec',
source: 'ee/spec/services/ee/notification_service_spec.rb',
changed_file: 'ee/spec/services/ee/notification_service_spec.rb',
expected: ['ee/spec/services/ee/notification_service_spec.rb', 'spec/services/notification_service_spec.rb']
},
{
explanation: 'FOSS factory should map to factories spec',
source: 'spec/factories/users.rb',
changed_file: 'spec/factories/users.rb',
expected: ['ee/spec/models/factories_spec.rb']
},
{
explanation: 'EE factory should map to factories spec',
source: 'ee/spec/factories/users.rb',
changed_file: 'ee/spec/factories/users.rb',
expected: ['ee/spec/models/factories_spec.rb']
},
{
explanation: 'Whats New should map to its respective spec',
source: 'data/whats_new/202101140001_13_08.yml',
changed_file: 'data/whats_new/202101140001_13_08.yml',
expected: ['spec/lib/release_highlights/validator_spec.rb']
},
{
explanation: 'The documentation index page is used in this haml_lint spec',
source: 'doc/index.md',
changed_file: 'doc/index.md',
expected: ['spec/haml_lint/linter/documentation_links_spec.rb']
},
{
explanation: 'Spec for FOSS sidekiq worker',
source: 'app/workers/new_worker.rb',
changed_file: 'app/workers/new_worker.rb',
expected: ['spec/workers/every_sidekiq_worker_spec.rb']
},
{
explanation: 'Spec for EE sidekiq worker',
source: 'ee/app/workers/new_worker.rb',
changed_file: 'ee/app/workers/new_worker.rb',
expected: ['spec/workers/every_sidekiq_worker_spec.rb']
},
{
explanation: 'FOSS mailer previews',
source: 'app/mailers/previews/foo.rb',
changed_file: 'app/mailers/previews/foo.rb',
expected: ['spec/mailers/previews_spec.rb']
},
{
explanation: 'EE mailer previews',
source: 'ee/app/mailers/previews/foo.rb',
changed_file: 'ee/app/mailers/previews/foo.rb',
expected: ['spec/mailers/previews_spec.rb']
},
{
explanation: 'EE mailer extension previews',
source: 'ee/app/mailers/previews/license_mailer_preview.rb',
changed_file: 'ee/app/mailers/previews/license_mailer_preview.rb',
expected: ['spec/mailers/previews_spec.rb']
},
{
explanation: 'GLFM spec and config files for CE and EE should map to respective markdown snapshot specs',
source: 'glfm_specification/foo',
changed_file: 'glfm_specification/foo',
expected: ['spec/requests/api/markdown_snapshot_spec.rb', 'ee/spec/requests/api/markdown_snapshot_spec.rb']
},
@ -194,46 +194,46 @@ tests = [
explanation: 'https://gitlab.com/gitlab-org/quality/engineering-productivity/master-broken-incidents/-/issues/287#note_1192008962',
# Note: The metrics seem to be changed every year or so, so this test will fail once a year or so.
# You will need to change the metric below for another metric present in the project.
source: 'ee/config/metrics/counts_all/20221114065035_delete_merge_request.yml',
changed_file: 'ee/config/metrics/counts_all/20221114065035_delete_merge_request.yml',
expected: ['ee/spec/config/metrics/every_metric_definition_spec.rb']
},
{
explanation: 'https://gitlab.com/gitlab-org/quality/engineering-productivity/team/-/issues/146',
source: 'config/feature_categories.yml',
changed_file: 'config/feature_categories.yml',
expected: ['spec/db/docs_spec.rb', 'ee/spec/lib/ee/gitlab/database/docs/docs_spec.rb']
},
{
explanation: 'https://gitlab.com/gitlab-org/quality/engineering-productivity/master-broken-incidents/-/issues/1360',
source: 'vendor/project_templates/gitbook.tar.gz',
changed_file: 'vendor/project_templates/gitbook.tar.gz',
expected: ['spec/lib/gitlab/project_template_spec.rb']
},
{
explanation: 'https://gitlab.com/gitlab-org/quality/engineering-productivity/master-broken-incidents/-/issues/1683#note_1385966977',
source: 'app/finders/members_finder.rb',
changed_file: 'app/finders/members_finder.rb',
expected: ['spec/finders/members_finder_spec.rb', 'spec/graphql/types/project_member_relation_enum_spec.rb']
},
{
explanation: 'Map FOSS rake tasks',
source: 'lib/tasks/import.rake',
changed_file: 'lib/tasks/import.rake',
expected: ['spec/tasks/import_rake_spec.rb']
},
{
explanation: 'Map EE rake tasks',
source: 'ee/lib/tasks/geo.rake',
changed_file: 'ee/lib/tasks/geo.rake',
expected: ['ee/spec/tasks/geo_rake_spec.rb']
},
{
explanation: 'Map controllers to request specs',
source: 'app/controllers/admin/abuse_reports_controller.rb',
changed_file: 'app/controllers/admin/abuse_reports_controller.rb',
expected: ['spec/requests/admin/abuse_reports_controller_spec.rb']
},
{
explanation: 'Map EE controllers to controller and request specs',
source: 'ee/app/controllers/users_controller.rb',
changed_file: 'ee/app/controllers/users_controller.rb',
expected: [
'ee/spec/controllers/users_controller_spec.rb',
'ee/spec/requests/users_controller_spec.rb'
@ -242,16 +242,16 @@ tests = [
]
class MappingTest
def initialize(explanation:, source:, expected:, strategy:)
def initialize(explanation:, changed_file:, expected:, strategy:)
@explanation = explanation
@source = source
@changed_file = changed_file
@strategy = strategy
@expected_set = Set.new(expected)
@actual_set = Set.new(actual)
end
def passed?
expected_set.eql?(actual_set)
expected_set == actual_set
end
def failed?
@ -261,24 +261,25 @@ class MappingTest
def failure_message
<<~MESSAGE
#{explanation}:
Source #{source}
Expected #{expected_set.to_a}
Actual #{actual_set.to_a}
Changed file #{changed_file}
Expected #{expected_set.to_a}
Actual #{actual_set.to_a}
MESSAGE
end
private
attr_reader :explanation, :source, :expected_set, :actual_set, :mapping
attr_reader :explanation, :changed_file, :expected_set, :actual_set, :mapping
def actual
tff = TestFileFinder::FileFinder.new(paths: [source])
tff = TestFileFinder::FileFinder.new(paths: [changed_file])
tff.use @strategy
tff.test_files
end
end
strategy = TestFileFinder::MappingStrategies::PatternMatching.load('tests.yml')
mapping_file = 'tests.yml'
strategy = TestFileFinder::MappingStrategies::PatternMatching.load(mapping_file)
results = tests.map { |test| MappingTest.new(strategy: strategy, **test) }
failed_tests = results.select(&:failed?)
@ -292,4 +293,18 @@ if failed_tests.any?
exit 1
end
bad_sources = YAML.load_file(mapping_file)['mapping'].filter_map do |map|
map['source'].match(/(?<!\\)\.\w+\z/)&.string
end
if bad_sources.any?
puts "Suspicious metacharacter detected. Are these correct?"
bad_sources.each do |bad|
puts " #{bad} => Did you mean: #{bad.sub(/(\.\w+)\z/, '\\\\\1')}"
end
exit 1
end
puts 'tff mapping verification passed.'

2
spec/controllers/search_controller_spec.rb
View File

@ -583,12 +583,14 @@ RSpec.describe SearchController, feature_category: :global_search do
expect(payload[:metadata]['meta.search.type']).to eq('basic')
expect(payload[:metadata]['meta.search.level']).to eq('global')
expect(payload[:metadata]['meta.search.filters.language']).to eq('ruby')
expect(payload[:metadata]['meta.search.page']).to eq('2')
end
get :show, params: {
scope: 'issues',
search: 'hello world',
group_id: '123',
page: '2',
project_id: '456',
project_ids: %w[456 789],
confidential: true,

17
spec/finders/autocomplete/group_users_finder_spec.rb
View File

@ -11,13 +11,9 @@ RSpec.describe Autocomplete::GroupUsersFinder, feature_category: :team_planning
let_it_be(:group_project) { create(:project, namespace: group) }
let_it_be(:subgroup_project) { create(:project, namespace: subgroup) }
let(:members_relation) { false }
let(:finder) { described_class.new(group: group, members_relation: members_relation) }
let(:finder) { described_class.new(group: group) }
describe '#execute' do
subject { finder.execute }
context 'with group members' do
let_it_be(:parent_group_member) { create(:user).tap { |u| parent_group.add_developer(u) } }
let_it_be(:group_member) { create(:user).tap { |u| group.add_developer(u) } }
@ -33,17 +29,6 @@ RSpec.describe Autocomplete::GroupUsersFinder, feature_category: :team_planning
subgroup_member
)
end
context 'when requesting members_relation' do
let(:members_relation) { true }
let(:expected_members) do
[parent_group_member, group_member, subgroup_member].map do |user|
Member.where(user: user).select(:id, :user_id).first
end
end
it { is_expected.to match_array(expected_members) }
end
end
context 'with project members' do

113
spec/finders/autocomplete/users_finder_spec.rb
View File

@ -2,7 +2,7 @@
require 'spec_helper'
RSpec.describe Autocomplete::UsersFinder, feature_category: :team_planning do
RSpec.describe Autocomplete::UsersFinder do
# TODO update when multiple owners are possible in projects
# https://gitlab.com/gitlab-org/gitlab/-/issues/21432
@ -21,10 +21,6 @@ RSpec.describe Autocomplete::UsersFinder, feature_category: :team_planning do
subject { described_class.new(params: params, current_user: current_user, project: project, group: group).execute.to_a }
before do
stub_feature_flags(group_users_autocomplete_using_batch_reduction: false)
end
context 'when current_user not passed or nil' do
let(:current_user) { nil }
@ -85,86 +81,6 @@ RSpec.describe Autocomplete::UsersFinder, feature_category: :team_planning do
expect(subject).to contain_exactly(user1)
end
end
context 'when querying the users with cross joins disabled' do
before do
stub_const("#{described_class.name}::BATCH_SIZE", 5)
stub_const("#{described_class.name}::LIMIT", 3)
stub_feature_flags(group_users_autocomplete_using_batch_reduction: true)
end
# Testing the 0 batches case
context 'when the group has no matching users' do
let(:params) { { search: 'non_matching_query' } }
it { is_expected.to eq([]) }
end
context 'when the group is smaller than the batch size' do
let(:params) { { search: 'zzz' } }
let_it_be(:user2) { create(:user, name: 'zzz', username: 'zzz_john_doe') }
before do
group.add_developer(user2)
end
specify do
expect_next_instance_of(described_class) do |instance|
expect(instance).to receive(:users_relation).once.and_call_original
end
# order is important. user2 comes first because it matches the username
is_expected.to eq([user2, user1])
end
end
context 'when the group has more users than the batch size' do
let_it_be(:users_a) do
build_list(:user, 2) do |record, i|
record.assign_attributes({ name: "Oliver Doe #{i}", username: "oliver_#{i}" })
record.save!
end
end
let_it_be(:users_b) do
build_list(:user, 4) do |record, i|
record.assign_attributes({ name: "Peter Doe #{i}", username: "peter_#{i}" })
record.save!
end
end
let_it_be(:user2) { create(:user, name: 'John Foobar', username: 'john_foobar') }
let_it_be(:user3) { create(:user, name: 'Johanna Doe', username: 'johanna_doe') }
let_it_be(:user4) { create(:user, name: 'Oliver Foobar', username: 'oliver_foobar') }
let_it_be(:non_member) { create(:user, name: 'Johanna Doe', username: 'johanna_doe_2') }
before do
group.members.delete_all
group.add_members(users_a, GroupMember::DEVELOPER)
group.add_members(users_b, GroupMember::DEVELOPER)
group.add_members([user2, user3, user4], GroupMember::DEVELOPER)
end
context 'when the query matches several users that span over different batches' do
let(:params) { { search: 'Oliver' } }
specify do
# the relation is called once per batch (2 batches), and once at the end to reduce the batches
expect_next_instance_of(described_class) do |instance|
expect(instance).to receive(:users_relation).exactly(3).times.and_call_original
end
is_expected.to eq(users_a + [user4])
end
end
context 'when the query matches only one user' do
let(:params) { { search: 'johanna_doe' } }
it { is_expected.to eq([user3]) }
end
end
end
end
context 'when passed a subgroup' do
@ -187,33 +103,6 @@ RSpec.describe Autocomplete::UsersFinder, feature_category: :team_planning do
child_project_user
)
end
context 'when querying the users with cross joins disabled' do
let(:params) { { search: 'zzz' } }
let_it_be(:user2) { create(:user, name: 'John Doe', username: 'zzz1') }
let_it_be(:user3) { create(:user, name: 'John Doe', username: 'zzz2') }
let_it_be(:user4) { create(:user, name: 'John Doe', username: 'zzz3') }
before do
stub_const("#{described_class.name}::BATCH_SIZE", 3)
stub_const("#{described_class.name}::LIMIT", 2)
stub_feature_flags(group_users_autocomplete_using_batch_reduction: true)
GroupMember.delete_all
ProjectMember.delete_all
group.add_members([user2, user3, user4], GroupMember::DEVELOPER)
parent.add_members([user2, user3, user4], GroupMember::DEVELOPER)
grandparent.add_members([user2, user3, user4], GroupMember::DEVELOPER)
end
it 'deduplicates the user_ids in batches to reduce database queries' do
expect_next_instance_of(described_class) do |instance|
expect(instance).to receive(:users_relation).once.and_call_original
end
# order is important. user2 comes first because it matches the username
is_expected.to eq([user2, user3])
end
end
end
it { is_expected.to match_array([user1, external_user, omniauth_user, current_user]) }

2
spec/frontend/organizations/index/components/app_spec.js
View File

@ -7,7 +7,7 @@ import waitForPromises from 'helpers/wait_for_promises';
import { createAlert } from '~/alert';
import { DEFAULT_PER_PAGE } from '~/api';
import { organizations as nodes, pageInfo, pageInfoEmpty } from '~/organizations/mock_data';
import organizationsQuery from '~/organizations/index/graphql/organizations.query.graphql';
import organizationsQuery from '~/organizations/shared/graphql/queries/organizations.query.graphql';
import OrganizationsIndexApp from '~/organizations/index/components/app.vue';
import OrganizationsView from '~/organizations/index/components/organizations_view.vue';
import { MOCK_NEW_ORG_URL } from '../mock_data';

3
spec/frontend/organizations/index/components/organizations_list_spec.js
View File

@ -1,4 +1,5 @@
import { GlKeysetPagination } from '@gitlab/ui';
import { omit } from 'lodash';
import { shallowMount } from '@vue/test-utils';
import OrganizationsList from '~/organizations/index/components/organizations_list.vue';
import OrganizationsListItem from '~/organizations/index/components/organizations_list_item.vue';
@ -52,7 +53,7 @@ describe('OrganizationsList', () => {
});
it('renders pagination', () => {
expect(findPagination().props()).toMatchObject(pageInfo);
expect(findPagination().props()).toMatchObject(omit(pageInfo, '__typename'));
});
describe('when `GlKeysetPagination` emits `next` event', () => {

123
spec/frontend/vue_shared/components/entity_select/organization_select_spec.js
View File

@ -1,31 +1,35 @@
import VueApollo from 'vue-apollo';
import Vue, { nextTick } from 'vue';
import { GlCollapsibleListbox } from '@gitlab/ui';
import { chunk } from 'lodash';
import { shallowMountExtended } from 'helpers/vue_test_utils_helper';
import OrganizationSelect from '~/vue_shared/components/entity_select/organization_select.vue';
import EntitySelect from '~/vue_shared/components/entity_select/entity_select.vue';
import { DEFAULT_PER_PAGE } from '~/api';
import {
ORGANIZATION_TOGGLE_TEXT,
ORGANIZATION_HEADER_TEXT,
FETCH_ORGANIZATIONS_ERROR,
FETCH_ORGANIZATION_ERROR,
} from '~/vue_shared/components/entity_select/constants';
import resolvers from '~/organizations/shared/graphql/resolvers';
import organizationsClientQuery from '~/organizations/index/graphql/organizations_client.query.graphql';
import { organizations as organizationsMock } from '~/organizations/mock_data';
import getCurrentUserOrganizationsQuery from '~/organizations/shared/graphql/queries/organizations.query.graphql';
import getOrganizationQuery from '~/organizations/shared/graphql/queries/organization.query.graphql';
import { organizations as nodes, pageInfo, pageInfoEmpty } from '~/organizations/mock_data';
import waitForPromises from 'helpers/wait_for_promises';
import createMockApollo from 'helpers/mock_apollo_helper';
Vue.use(VueApollo);
jest.useFakeTimers();
describe('OrganizationSelect', () => {
let wrapper;
let mockApollo;
// Mocks
const [organizationMock] = organizationsMock;
const [organization] = nodes;
const organizations = {
nodes,
pageInfo,
};
// Stubs
const GlAlert = {
@ -44,21 +48,24 @@ describe('OrganizationSelect', () => {
const findEntitySelect = () => wrapper.findComponent(EntitySelect);
const findAlert = () => wrapper.findComponent(GlAlert);
// Mock handlers
const handleInput = jest.fn();
const getCurrentUserOrganizationsQueryHandler = jest.fn().mockResolvedValue({
data: { currentUser: { id: 'gid://gitlab/User/1', __typename: 'CurrentUser', organizations } },
});
const getOrganizationQueryHandler = jest.fn().mockResolvedValue({
data: { organization },
});
// Helpers
const createComponent = ({ props = {}, mockResolvers = resolvers, handlers } = {}) => {
mockApollo = createMockApollo(
handlers || [
[
organizationsClientQuery,
jest.fn().mockResolvedValueOnce({
data: { currentUser: { id: 1, organizations: { nodes: organizationsMock } } },
}),
],
],
mockResolvers,
);
const createComponent = ({
props = {},
handlers = [
[getCurrentUserOrganizationsQuery, getCurrentUserOrganizationsQueryHandler],
[getOrganizationQuery, getOrganizationQueryHandler],
],
} = {}) => {
mockApollo = createMockApollo(handlers);
wrapper = shallowMountExtended(OrganizationSelect, {
apolloProvider: mockApollo,
@ -107,40 +114,30 @@ describe('OrganizationSelect', () => {
describe('on mount', () => {
it('fetches organizations when the listbox is opened', async () => {
createComponent();
await nextTick();
jest.runAllTimers();
await waitForPromises();
openListbox();
jest.runAllTimers();
await waitForPromises();
expect(findListbox().props('items')).toEqual([
{ text: organizationsMock[0].name, value: 1 },
{ text: organizationsMock[1].name, value: 2 },
{ text: organizationsMock[2].name, value: 3 },
{ text: nodes[0].name, value: 1 },
{ text: nodes[1].name, value: 2 },
{ text: nodes[2].name, value: 3 },
]);
});
describe('with an initial selection', () => {
it("fetches the initially selected value's name", async () => {
createComponent({ props: { initialSelection: organizationMock.id } });
await nextTick();
jest.runAllTimers();
createComponent({ props: { initialSelection: organization.id } });
await waitForPromises();
expect(findListbox().props('toggleText')).toBe(organizationMock.name);
expect(findListbox().props('toggleText')).toBe(organization.name);
});
it('show an error if fetching initially selected fails', async () => {
const mockResolvers = {
Query: {
organization: jest.fn().mockRejectedValueOnce(new Error()),
},
};
createComponent({ props: { initialSelection: organizationMock.id }, mockResolvers });
await nextTick();
jest.runAllTimers();
createComponent({
props: { initialSelection: organization.id },
handlers: [[getOrganizationQuery, jest.fn().mockRejectedValueOnce(new Error())]],
});
expect(findAlert().exists()).toBe(false);
@ -152,18 +149,62 @@ describe('OrganizationSelect', () => {
});
});
describe('when listbox bottom is reached and there are more organizations to load', () => {
const [firstPage, secondPage] = chunk(nodes, Math.ceil(nodes.length / 2));
const getCurrentUserOrganizationsQueryMultiplePagesHandler = jest
.fn()
.mockResolvedValueOnce({
data: {
currentUser: {
id: 'gid://gitlab/User/1',
__typename: 'CurrentUser',
organizations: { nodes: firstPage, pageInfo },
},
},
})
.mockResolvedValueOnce({
data: {
currentUser: {
id: 'gid://gitlab/User/1',
__typename: 'CurrentUser',
organizations: { nodes: secondPage, pageInfo: pageInfoEmpty },
},
},
});
beforeEach(async () => {
createComponent({
handlers: [
[getCurrentUserOrganizationsQuery, getCurrentUserOrganizationsQueryMultiplePagesHandler],
[getOrganizationQuery, getOrganizationQueryHandler],
],
});
openListbox();
await waitForPromises();
findListbox().vm.$emit('bottom-reached');
await nextTick();
await waitForPromises();
});
it('calls graphQL query correct `after` variable', () => {
expect(getCurrentUserOrganizationsQueryMultiplePagesHandler).toHaveBeenCalledWith({
after: pageInfo.endCursor,
first: DEFAULT_PER_PAGE,
});
expect(findListbox().props('infiniteScroll')).toBe(false);
});
});
it('shows an error when fetching organizations fails', async () => {
createComponent({
handlers: [[organizationsClientQuery, jest.fn().mockRejectedValueOnce(new Error())]],
handlers: [[getCurrentUserOrganizationsQuery, jest.fn().mockRejectedValueOnce(new Error())]],
});
await nextTick();
jest.runAllTimers();
await waitForPromises();
openListbox();
expect(findAlert().exists()).toBe(false);
jest.runAllTimers();
await waitForPromises();
expect(findAlert().exists()).toBe(true);

11
spec/graphql/types/project_feature_access_level_enum_spec.rb Normal file
View File

@ -0,0 +1,11 @@
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe GitlabSchema.types['ProjectFeatureAccessLevel'], feature_category: :groups_and_projects do
specify { expect(described_class.graphql_name).to eq('ProjectFeatureAccessLevel') }
it 'exposes all the existing access levels' do
expect(described_class.values.keys).to include(*%w[DISABLED PRIVATE ENABLED])
end
end

14
spec/graphql/types/project_feature_access_level_type_spec.rb Normal file
View File

@ -0,0 +1,14 @@
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe GitlabSchema.types['ProjectFeatureAccess'], feature_category: :groups_and_projects do
specify { expect(described_class.graphql_name).to eq('ProjectFeatureAccess') }
specify { expect(described_class).to require_graphql_authorizations(nil) }
it 'has expected fields' do
expected_fields = [:integer_value, :string_value]
expect(described_class).to have_graphql_fields(*expected_fields)
end
end

61
spec/graphql/types/project_type_spec.rb
View File

@ -5,6 +5,7 @@ require 'spec_helper'
RSpec.describe GitlabSchema.types['Project'] do
include GraphqlHelpers
include ProjectForksHelper
using RSpec::Parameterized::TableSyntax
specify { expect(described_class).to expose_permissions_using(Types::PermissionTypes::Project) }
@ -21,7 +22,8 @@ RSpec.describe GitlabSchema.types['Project'] do
container_registry_enabled shared_runners_enabled
lfs_enabled merge_requests_ff_only_enabled avatar_url
issues_enabled merge_requests_enabled wiki_enabled
snippets_enabled jobs_enabled public_jobs open_issues_count import_status
forking_access_level issues_access_level merge_requests_access_level
snippets_enabled jobs_enabled public_jobs open_issues_count open_merge_requests_count import_status
only_allow_merge_if_pipeline_succeeds request_access_enabled
only_allow_merge_if_all_discussions_are_resolved printing_merge_request_link_enabled
namespace group statistics statistics_details_paths repository merge_requests merge_request issues
@ -704,6 +706,63 @@ RSpec.describe GitlabSchema.types['Project'] do
end
end
describe 'project features access level' do
let_it_be(:project) { create(:project, :public) }
where(project_feature: %w[forkingAccessLevel issuesAccessLevel mergeRequestsAccessLevel])
with_them do
let(:query) do
%(
query {
project(fullPath: "#{project.full_path}") {
#{project_feature} {
integerValue
stringValue
}
}
}
)
end
subject { GitlabSchema.execute(query).as_json.dig('data', 'project', project_feature) }
it { is_expected.to eq({ "integerValue" => ProjectFeature::ENABLED, "stringValue" => "ENABLED" }) }
end
end
describe 'open_merge_requests_count' do
let_it_be(:project, reload: true) { create(:project, :public) }
let_it_be(:open_merge_request) { create(:merge_request, source_project: project) }
let_it_be(:closed_merge_request) { create(:merge_request, :closed, source_project: project) }
let(:query) do
%(
query {
project(fullPath: "#{project.full_path}") {
openMergeRequestsCount
}
}
)
end
subject(:open_merge_requests_count) do
GitlabSchema.execute(query).as_json.dig('data', 'project', 'openMergeRequestsCount')
end
context 'when the user can access merge requests' do
it { is_expected.to eq(1) }
end
context 'when the user cannot access merge requests' do
before do
project.project_feature.update!(merge_requests_access_level: ProjectFeature::PRIVATE)
end
it { is_expected.to be_nil }
end
end
describe 'branch_rules' do
let_it_be(:user) { create(:user) }
let_it_be(:project, reload: true) { create(:project, :public) }

12
spec/lib/gitlab/internal_events_spec.rb
View File

@ -272,6 +272,7 @@ RSpec.describe Gitlab::InternalEvents, :snowplow, feature_category: :product_ana
describe 'Product Analytics tracking' do
let(:app_id) { 'foobar' }
let(:url) { 'http://localhost:4000' }
let(:sdk_client) { instance_double('GitlabSDK::Client') }
before do
described_class.clear_memoization(:gitlab_sdk_client)
@ -293,13 +294,16 @@ RSpec.describe Gitlab::InternalEvents, :snowplow, feature_category: :product_ana
context 'when internal_events_for_product_analytics FF is enabled' do
before do
stub_feature_flags(internal_events_for_product_analytics: true)
allow(GitlabSDK::Client)
.to receive(:new)
.with(app_id: app_id, host: url)
.and_return(sdk_client)
end
it 'calls Product Analytics Ruby SDK', :aggregate_failures do
expect_next_instance_of(GitlabSDK::Client) do |sdk_client|
expect(sdk_client).to receive(:identify).with(user.id)
expect(sdk_client).to receive(:track).with(event_name)
end
expect(sdk_client).to receive(:identify).with(user.id)
expect(sdk_client).to receive(:track).with(event_name, nil)
track_event
end

7
spec/models/event_spec.rb
View File

@ -1176,4 +1176,11 @@ RSpec.describe Event, feature_category: :user_profile do
event
end
context 'with loose foreign key on events.author_id' do
it_behaves_like 'cleanup by a loose foreign key' do
let_it_be(:parent) { create(:user) }
let_it_be(:model) { create(:event, author: parent) }
end
end
end

37
spec/models/packages/nuget/symbol_spec.rb
View File

@ -45,6 +45,43 @@ RSpec.describe Packages::Nuget::Symbol, type: :model, feature_category: :package
it { is_expected.to contain_exactly(stale_symbol) }
end
describe '.with_signature' do
subject(:with_signature) { described_class.with_signature(signature) }
let_it_be(:signature) { 'signature' }
let_it_be(:symbol) { create(:nuget_symbol, signature: signature) }
it 'returns symbols with the given signature' do
expect(with_signature).to eq([symbol])
end
end
describe '.with_file_name' do
subject(:with_file_name) { described_class.with_file_name(file_name) }
let_it_be(:file_name) { 'file_name' }
let_it_be(:symbol) { create(:nuget_symbol) }
before do
symbol.update_column(:file, file_name)
end
it 'returns symbols with the given file_name' do
expect(with_file_name).to eq([symbol])
end
end
describe '.with_file_sha256' do
subject(:with_file_sha256) { described_class.with_file_sha256(checksums) }
let_it_be(:checksums) { OpenSSL::Digest.hexdigest('SHA256', 'checksums') }
let_it_be(:symbol) { create(:nuget_symbol, file_sha256: checksums) }
it 'returns symbols with the given checksums' do
expect(with_file_sha256).to eq([symbol])
end
end
end
describe 'callbacks' do

8
spec/requests/api/nuget_group_packages_spec.rb
View File

@ -188,6 +188,14 @@ RSpec.describe API::NugetGroupPackages, feature_category: :package_registry do
end
end
describe 'GET /api/v4/groups/:id/-/packages/nuget/token/*token/symbolfiles/*file_name/*signature/*file_name' do
it_behaves_like 'nuget symbol file endpoint' do
let(:url) do
"/groups/#{target.id}/-/packages/nuget/symbolfiles/#{filename}/#{signature}/#{filename}"
end
end
end
def update_visibility_to(visibility)
project.update!(visibility_level: visibility)
subgroup.update!(visibility_level: visibility)

6
spec/requests/api/nuget_project_packages_spec.rb
View File

@ -419,6 +419,12 @@ RSpec.describe API::NugetProjectPackages, feature_category: :package_registry do
end
end
describe 'GET /api/v4/projects/:id/packages/nuget/symbolfiles/*file_name/*signature/*file_name' do
it_behaves_like 'nuget symbol file endpoint' do
let(:url) { "/projects/#{target.id}/packages/nuget/symbolfiles/#{filename}/#{signature}/#{filename}" }
end
end
def update_visibility_to(visibility)
project.update!(visibility_level: visibility)
end

4
spec/support/rspec_run_time.rb
View File

@ -30,8 +30,8 @@ module Support
duration = time_now - @start_time
elapsed_time = time_now - @rspec_test_suite_start_time
output.puts "\nExample group #{notification.group.description} took #{readable_duration(duration)}."
output.puts "\nRSpec timer is at #{time_now}. RSpec elapsed time: #{readable_duration(elapsed_time)}.\n\n"
output.puts "\n# Example group #{notification.group.description} took #{readable_duration(duration)}."
output.puts "# RSpec elapsed time: #{readable_duration(elapsed_time)}.\n\n"
end
end
end

58
spec/support/shared_examples/requests/api/nuget_packages_shared_examples.rb
View File

@ -741,3 +741,61 @@ RSpec.shared_examples 'process nuget delete request' do |user_type, status|
end
end
end
RSpec.shared_examples 'nuget symbol file endpoint' do
let_it_be(:symbol) { create(:nuget_symbol) }
let_it_be(:filename) { symbol.file.filename }
let_it_be(:signature) { symbol.signature }
let_it_be(:checksum) { symbol.file_sha256.delete("\n") }
let(:headers) { { 'Symbolchecksum' => "SHA256:#{checksum}" } }
subject { get api(url), headers: headers }
it { is_expected.to have_request_urgency(:low) }
context 'with valid target' do
it 'returns the symbol file' do
subject
expect(response).to have_gitlab_http_status(:ok)
expect(response.media_type).to eq('application/octet-stream')
expect(response.body).to eq(symbol.file.read)
end
end
context 'when nuget_symbolfiles_endpoint feature flag is disabled' do
before do
stub_feature_flags(nuget_symbolfiles_endpoint: false)
end
it_behaves_like 'returning response status', :not_found
end
context 'when target does not exist' do
let(:target) { double(id: 1234567890) }
it_behaves_like 'returning response status', :not_found
end
context 'when target exists' do
context 'when symbol file does not exist' do
let(:filename) { 'non-existent-file.pdb' }
let(:signature) { 'non-existent-signature' }
it_behaves_like 'returning response status', :not_found
end
context 'when symbol file checksum does not match' do
let(:checksum) { 'non-matching-checksum' }
it_behaves_like 'returning response status', :not_found
end
context 'when symbol file checksum is missing' do
let(:headers) { {} }
it_behaves_like 'returning response status', :bad_request
end
end
end

14
spec/tooling/lib/tooling/parallel_rspec_runner_spec.rb
View File

@ -19,7 +19,6 @@ RSpec.describe Tooling::ParallelRSpecRunner, feature_category: :tooling do # rub
before do
allow(Knapsack::AllocatorBuilder).to receive(:new).and_return(allocator_builder)
allow(Knapsack.logger).to receive(:info)
end
after do
@ -36,6 +35,10 @@ RSpec.describe Tooling::ParallelRSpecRunner, feature_category: :tooling do # rub
shared_examples 'runs node tests' do
let(:rspec_args) { nil }
before do
allow(Knapsack.logger).to receive(:info)
end
it 'runs rspec with tests allocated for this node' do
expect(allocator_builder).to receive(:filter_tests=).with(filter_tests)
expect_command(%W[bundle exec rspec#{rspec_args} --] + node_tests)
@ -124,10 +127,14 @@ RSpec.describe Tooling::ParallelRSpecRunner, feature_category: :tooling do # rub
end
it 'does not parse expected rspec report' do
expect($stdout).not_to receive(:puts).with('Parsing expected rspec suite duration...')
expected_output = <<~MARKDOWN.chomp
Running command: bundle exec rspec -- 01_spec.rb 03_spec.rb
MARKDOWN
expect(File).not_to receive(:write).with(expected_report_file_path, expected_report_content)
runner.run
expect { runner.run }.to output(expected_output).to_stdout
end
end
@ -141,6 +148,7 @@ RSpec.describe Tooling::ParallelRSpecRunner, feature_category: :tooling do # rub
Parsing expected rspec suite duration...
03_spec.rb not found in master report
RSpec suite is expected to take 1 minute 5 seconds.
Running command: bundle exec rspec -- 01_spec.rb 03_spec.rb
MARKDOWN

14
tests.yml
View File

@ -42,7 +42,7 @@ mapping:
test: 'spec/initializers/%s_spec.rb'
# DB structure should map to schema spec
- source: 'db/structure.sql'
- source: 'db/structure\.sql'
test: 'spec/db/schema_spec.rb'
# Migration should map to either timestamped or non-timestamped spec
@ -72,11 +72,11 @@ mapping:
test: 'ee/spec/models/factories_spec.rb'
# Whats New should map to its respective spec
- source: 'data/whats_new/\w*.yml'
- source: 'data/whats_new/\w*\.yml'
test: 'spec/lib/release_highlights/validator_spec.rb'
# The documentation index page is used in this haml_lint spec
- source: 'doc/index.md'
- source: 'doc/index\.md'
test: 'spec/haml_lint/linter/documentation_links_spec.rb'
- source: '(ee/)?app/workers/.+\.rb'
@ -97,11 +97,11 @@ mapping:
# Note: We only have those tests for ee, even though we have non-ee metrics.
#
# See https://gitlab.com/gitlab-org/quality/engineering-productivity/master-broken-incidents/-/issues/287#note_1192008962
- source: 'ee/config/metrics/.*.yml'
- source: 'ee/config/metrics/.*\.yml'
test: 'ee/spec/config/metrics/every_metric_definition_spec.rb'
# See https://gitlab.com/gitlab-org/quality/engineering-productivity/team/-/issues/146
- source: 'config/feature_categories.yml'
- source: 'config/feature_categories\.yml'
test:
- 'spec/db/docs_spec.rb'
- 'ee/spec/lib/ee/gitlab/database/docs/docs_spec.rb'
@ -111,7 +111,7 @@ mapping:
test: 'spec/lib/gitlab/project_template_spec.rb'
# See https://gitlab.com/gitlab-org/quality/engineering-productivity/master-broken-incidents/-/issues/1683#note_1385966977
- source: 'app/finders/members_finder.rb'
- source: 'app/finders/members_finder\.rb'
test: 'spec/graphql/types/project_member_relation_enum_spec.rb'
- source: 'app/finders/group_members_finder.rb'
- source: 'app/finders/group_members_finder\.rb'
test: 'spec/graphql/types/group_member_relation_enum_spec.rb'

6
tooling/lib/tooling/parallel_rspec_runner.rb
View File

@ -110,7 +110,7 @@ module Tooling
master_report = JSON.parse(File.read(ENV['KNAPSACK_RSPEC_SUITE_REPORT_PATH']))
return unless master_report
puts "Parsing expected rspec suite duration..."
Knapsack.logger.info "Parsing expected rspec suite duration..."
duration_total = 0
expected_duration_report = {}
@ -120,11 +120,11 @@ module Tooling
duration_total += master_report[file]
expected_duration_report[file] = master_report[file]
else
puts "#{file} not found in master report"
Knapsack.logger.info "#{file} not found in master report"
end
end
puts "RSpec suite is expected to take #{readable_duration(duration_total)}."
Knapsack.logger.info "RSpec suite is expected to take #{readable_duration(duration_total)}."
expected_duration_report
end