root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2025-03-25 06:12:01 +00:00
parent 556a02f52c
commit b8d6e3aad9
19 changed files with 244 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitlab/ci/qa-common/variables.gitlab-ci.yml
View File

@ -16,7 +16,7 @@ variables:
# Retry failed specs in separate process
QA_RETRY_FAILED_SPECS: "true"
# Helm chart ref used by test-on-cng pipeline
GITLAB_HELM_CHART_REF: "3f89420cf319778195403711af12c57b4aab6511"
GITLAB_HELM_CHART_REF: "be52d36697ab1513512670a5f1456e294d15dbcd"
# Specific ref for cng-mirror project to trigger builds for
GITLAB_CNG_MIRROR_REF: "ea1b126a34dc702f4e7c84ebcc1504e4ab5008a3"
# Makes sure some of the common scripts from pipeline-common use bundler to execute commands

27
app/assets/javascripts/access_tokens/constants.js
View File

@ -14,14 +14,6 @@ export const STATIC_OBJECT_TOKEN = 'staticObjectToken';
export const DEFAULT_SORT = { value: 'expires', isAsc: true };
export const SORT_OPTIONS = [
{
text: __('Name'),
value: 'name',
sort: {
asc: 'name_asc',
desc: 'name_desc',
},
},
{
text: __('Created date'),
value: 'created',
@ -34,7 +26,24 @@ export const SORT_OPTIONS = [
text: __('Expiration date'),
value: 'expires',
sort: {
asc: 'expires_at_asc_id_desc',
asc: 'expires_asc',
desc: 'expires_desc',
},
},
{
text: __('Last used date'),
value: 'last_used',
sort: {
asc: 'last_used_asc',
desc: 'last_used_desc',
},
},
{
text: __('Name'),
value: 'name',
sort: {
asc: 'name_asc',
desc: 'name_desc',
},
},
];

2
app/assets/javascripts/credentials/utils.js
View File

@ -56,7 +56,7 @@ function initializeSort(sort) {
let sorting = DEFAULT_SORT;
const sortOption = SORT_OPTIONS.find((item) => [item.sort.desc, item.sort.asc].includes(sort));
if (sort && sortOption) {
if (sortOption) {
sorting = {
value: sortOption.value,
isAsc: sortOption.sort.asc === sort,

4
app/models/description_version.rb
View File

@ -38,7 +38,9 @@ class DescriptionVersion < ApplicationRecord
end
def ensure_namespace_id
self.namespace_id ||= parent_namespace_id
return if namespace_id && namespace_id > 0
self.namespace_id = parent_namespace_id
end
def exactly_one_issuable

3
config/gitlab_loose_foreign_keys.yml
View File

@ -501,6 +501,9 @@ projects:
- table: users
column: creator_id
on_delete: async_nullify
- table: pool_repositories
column: pool_repository_id
on_delete: async_nullify
projects_visits:
- table: projects
column: entity_id

15
db/post_migrate/20250227180753_add_lfk_trigger_to_pool_repositories.rb Normal file
View File

@ -0,0 +1,15 @@
# frozen_string_literal: true
class AddLfkTriggerToPoolRepositories < Gitlab::Database::Migration[2.2]
include Gitlab::Database::MigrationHelpers::LooseForeignKeyHelpers
milestone '17.11'
def up
track_record_deletions(:pool_repositories)
end
def down
untrack_record_deletions(:pool_repositories)
end
end

21
db/post_migrate/20250227181231_remove_pool_repositories_projects_pool_repository_id_fk.rb Normal file
View File

@ -0,0 +1,21 @@
# frozen_string_literal: true
class RemovePoolRepositoriesProjectsPoolRepositoryIdFk < Gitlab::Database::Migration[2.2]
milestone '17.11'
disable_ddl_transaction!
FOREIGN_KEY_NAME = "fk_6e5c14658a"
def up
with_lock_retries do
remove_foreign_key_if_exists(:projects, :pool_repositories,
name: FOREIGN_KEY_NAME, reverse_lock_order: true)
end
end
def down
add_concurrent_foreign_key(:projects, :pool_repositories,
name: FOREIGN_KEY_NAME, column: :pool_repository_id,
target_column: :id, on_delete: :nullify)
end
end

1
db/schema_migrations/20250227180753 Normal file
View File

@ -0,0 +1 @@
f55c31806d87c72794d3793e66cd335cb04986b4161f4095c02ea9fffb0a30ec

1
db/schema_migrations/20250227181231 Normal file
View File

@ -0,0 +1 @@
d32ccfa062cfca68e05d4ad90a9c4a367b4223accc90d22052e6db68c900b527

5
db/structure.sql
View File

@ -40734,6 +40734,8 @@ CREATE TRIGGER p_ci_pipelines_loose_fk_trigger AFTER DELETE ON p_ci_pipelines RE
CREATE TRIGGER plans_loose_fk_trigger AFTER DELETE ON plans REFERENCING OLD TABLE AS old_table FOR EACH STATEMENT EXECUTE FUNCTION insert_into_loose_foreign_keys_deleted_records();
CREATE TRIGGER pool_repositories_loose_fk_trigger AFTER DELETE ON pool_repositories REFERENCING OLD TABLE AS old_table FOR EACH STATEMENT EXECUTE FUNCTION insert_into_loose_foreign_keys_deleted_records();
CREATE TRIGGER prevent_delete_of_default_organization_before_destroy BEFORE DELETE ON organizations FOR EACH ROW EXECUTE FUNCTION prevent_delete_of_default_organization();
CREATE TRIGGER project_type_ci_runner_machines_loose_fk_trigger AFTER DELETE ON project_type_ci_runner_machines REFERENCING OLD TABLE AS old_table FOR EACH STATEMENT EXECUTE FUNCTION insert_into_loose_foreign_keys_deleted_records_override_table('ci_runner_machines');
@ -42108,9 +42110,6 @@ ALTER TABLE ONLY organization_cluster_agent_mappings
ALTER TABLE ONLY audit_events_streaming_instance_namespace_filters
ADD CONSTRAINT fk_6e0be28087 FOREIGN KEY (external_streaming_destination_id) REFERENCES audit_events_instance_external_streaming_destinations(id) ON DELETE CASCADE;
ALTER TABLE ONLY projects
ADD CONSTRAINT fk_6e5c14658a FOREIGN KEY (pool_repository_id) REFERENCES pool_repositories(id) ON DELETE SET NULL;
ALTER TABLE ONLY terraform_state_versions
ADD CONSTRAINT fk_6e81384d7f FOREIGN KEY (created_by_user_id) REFERENCES users(id) ON DELETE SET NULL;

22
doc/api/graphql/reference/_index.md
View File

@ -8427,6 +8427,7 @@ Input type: `NamespaceCreateRemoteDevelopmentClusterAgentMappingInput`
| ---- | ---- | ----------- |
| <a id="mutationnamespacecreateremotedevelopmentclusteragentmappingclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
| <a id="mutationnamespacecreateremotedevelopmentclusteragentmappingerrors"></a>`errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. |
| <a id="mutationnamespacecreateremotedevelopmentclusteragentmappingnamespaceclusteragentmapping"></a>`namespaceClusterAgentMapping` {{< icon name="warning-solid" >}} | [`NamespaceClusterAgentMapping`](#namespaceclusteragentmapping) | **Deprecated:** **Status**: Experiment. Introduced in GitLab 17.10. |
### `Mutation.namespaceDeleteRemoteDevelopmentClusterAgentMapping`
@ -32684,6 +32685,21 @@ four standard [pagination arguments](#pagination-arguments):
| <a id="namespacecicdsettingallowstalerunnerpruning"></a>`allowStaleRunnerPruning` | [`Boolean`](#boolean) | Indicates if stale runners directly belonging to the namespace should be periodically pruned. |
| <a id="namespacecicdsettingnamespace"></a>`namespace` | [`Namespace`](#namespace) | Namespace the CI/CD settings belong to. |
### `NamespaceClusterAgentMapping`
Represents a namespace-cluster-agent mapping.
#### Fields
| Name | Type | Description |
| ---- | ---- | ----------- |
| <a id="namespaceclusteragentmappingclusteragentid"></a>`clusterAgentId` | [`ClustersAgentID!`](#clustersagentid) | Global ID of the cluster agent. |
| <a id="namespaceclusteragentmappingcreatedat"></a>`createdAt` | [`Time!`](#time) | Timestamp when the namespace-cluster-agent mapping was created. |
| <a id="namespaceclusteragentmappingcreatorid"></a>`creatorId` | [`UserID!`](#userid) | Global ID of the creator. |
| <a id="namespaceclusteragentmappingid"></a>`id` | [`RemoteDevelopmentNamespaceClusterAgentMappingID!`](#remotedevelopmentnamespaceclusteragentmappingid) | Global ID of the namespace-cluster-agent mapping. |
| <a id="namespaceclusteragentmappingnamespaceid"></a>`namespaceId` | [`NamespaceID!`](#namespaceid) | Global ID of the namespace. |
| <a id="namespaceclusteragentmappingupdatedat"></a>`updatedAt` | [`Time!`](#time) | Timestamp when the namespace-cluster-agent mapping was last updated. |
### `NamespaceCommitEmail`
#### Fields
@ -46011,6 +46027,12 @@ A `ReleasesLinkID` is a global ID. It is encoded as a string.
An example `ReleasesLinkID` is: `"gid://gitlab/Releases::Link/1"`.
### `RemoteDevelopmentNamespaceClusterAgentMappingID`
A `RemoteDevelopmentNamespaceClusterAgentMappingID` is a global ID. It is encoded as a string.
An example `RemoteDevelopmentNamespaceClusterAgentMappingID` is: `"gid://gitlab/RemoteDevelopment::NamespaceClusterAgentMapping/1"`.
### `RemoteDevelopmentWorkspaceID`
A `RemoteDevelopmentWorkspaceID` is a global ID. It is encoded as a string.

82
doc/development/sec/analyzer_development_guide.md
View File

@ -129,6 +129,16 @@ To use Docker with `replace` in the `go.mod` file:
1. Update the `replace` statement to make sure it matches the destination of the `COPY` statement in the step above:
`replace gitlab.com/gitlab-org/security-products/analyzers/command/v3 => /command`
### Testing container orchestration compatibility
Users may use tools other than Docker to orchestrate their containers and run their analyzers,
such as [containerd](https://containerd.io/), [Podman](https://podman.io/), or [skopeo](https://github.com/containers/skopeo).
In order to avoid inadvertently adding proprietary Docker features which might break customer tools, we [run a periodic test](https://gitlab.com/gitlab-org/security-products/tests/analyzer-containerization-support/-/blob/main/.gitlab-ci.yml?ref_type=heads) for all analyzers, to ensure that these tools still function as expected, and a Slack alert is raised if a failure occurs.
In addition to the periodic test, analyzers using the [`ci-templates` `docker-test.yml` template](https://gitlab.com/gitlab-org/security-products/ci-templates/-/blob/master/includes-dev/docker-test.yml) include a [`check docker manifest`](https://gitlab.com/gitlab-org/security-products/ci-templates/-/blob/c0f217560b134f4ebe6024b26a41f77cea885c2c/includes-dev/docker-test.yml#L157-165) test in their pipelines, to prevent proprietary Docker features from being merged in the first place.
When creating a new analyzer, or changing the location of existing analyzer images, ensure that the analyzer is accounted for in the periodic test and consider using the shared [`ci-templates`](https://gitlab.com/gitlab-org/security-products/ci-templates/).
## Analyzer scripts
The [analyzer-scripts](https://gitlab.com/gitlab-org/secure/tools/analyzer-scripts) repository contains scripts that can be used to interact with most analyzers. They enable you to build, run, and debug analyzers in a GitLab CI-like environment, and are particularly useful for locally validating changes to an analyzer.
@ -297,17 +307,41 @@ To backport a critical fix or patch to an earlier version, follow the steps belo
### Preparing analyzers for a major version release
This major version release process applies to analyzers belonging to the following groups:
This process applies to the following groups:
- [Composition Analysis](https://handbook.gitlab.com/handbook/engineering/development/sec/secure/composition-analysis)
- [Static Analysis (SAST)](https://handbook.gitlab.com/handbook/engineering/development/sec/secure/static-analysis)
- [Secret Detection](https://handbook.gitlab.com/handbook/engineering/development/sec/secure/secret-detection)
Other groups are reponsible for documenting their own major version release process.
Choose one of the following scenarios based on whether the major version release contains breaking changes:
1. [Major version release without breaking changes](#major-version-release-without-breaking-changes)
1. [Major version release with breaking changes](#major-version-release-with-breaking-changes)
#### Major version release without breaking changes
Assuming the current analyzer release is `v{N}`:
1. [Configure protected tags and branches](#configure-protected-tags-and-branches).
1. When the milestone of the major release is almost complete, and there are no more changes to be merged into the `default` branch:
1. Create a `v{N}` branch from the `default` branch.
1. Create and merge a new Merge Request in the `default` branch containing only the following change to the `CHANGELOG.md` file:
```markdown
## v{N+1}.0.0
- Major version release (!<MR-ID>)
```
1. [Configure scheduled pipelines](#configure-scheduled-pipelines).
#### Major version release with breaking changes
Assuming the current analyzer release is `v{N}`:
1. [Configure protected tags and branches](#configure-protected-tags-and-branches).
1. Create a new branch `v{N+1}` to "stage" breaking changes.
1. Ensure the wildcard `v*` is set as both a [Protected Tag](../../user/project/protected_tags.md) and [Protected Branch](../../user/project/repository/branches/protected.md) for the project, and that the `gl-service-dev-secure-analyzers-automation` service account is `Allowed to create` protected tags. See step `3.1` of the [Officially supported images](#officially-supported-images) section for more details.
1. In the milestones leading up to the major release milestone:
- Merge non-breaking changes to the `default` branch (aka `master` or `main`)
- Merge breaking changes to the `v{N+1}` branch, and create a separate `release candidate` entry in the `CHANGELOG.md` file for each change:
@ -347,20 +381,31 @@ Assuming the current analyzer release is `v{N}`:
1. Create a Merge Request to merge all the breaking changes from the `v{N+1}` branch into the `default` branch.
1. Delete the `v{N+1}` branch, since it's no longer needed, as the `default` branch now contains all the changes from the `v{N+1}` branch.
1. Ensure three scheduled pipelines exist, creating them if necessary, and set `PUBLISH_IMAGES: true` for all of them:
- `Republish images v{N}` (against the `v{N}` branch)
This scheduled pipeline needs to be created
- `Daily build` (against the `default` branch)
This scheduled pipeline should already exist
- `Republish images v{N-1}` (against the `v{N-1}` branch)
This scheduled pipeline should already exist
1. Delete the scheduled pipeline for the `v{N-2}` branch (if it exists), since we only support [two previous major versions](https://about.gitlab.com/support/statement-of-support/#version-support).
1. [Configure scheduled pipelines](#configure-scheduled-pipelines).
When the above steps have been completed for all the secure stage analyzers, and images for the `v{N+1}` release are available under `registry.gitlab.com/security-products/<ANALYZER-NAME>:<TAG>`, create a new MR to bump the major version for each analyzer in the [`SAST.gitlab-ci.yml`](https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml) and [`SAST.latest.gitlab-ci.yml`](https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/SAST.latest.gitlab-ci.yml) CI templates.
##### Configure protected tags and branches
1. Ensure the wildcard `v*` is set as both a [Protected Tag](../../user/project/protected_tags.md) and [Protected Branch](../../user/project/repository/branches/protected.md) for the project.
1. Verify the [gl-service-dev-secure-analyzers-automation](https://gitlab.com/gl-service-dev-secure-analyzers-automation) service account is `Allowed to create` protected tags.
See step `3.1` of the [Officially supported images](#officially-supported-images) section for more details.
##### Configure scheduled pipelines
1. Ensure three scheduled pipelines exist, creating them if necessary, and set `PUBLISH_IMAGES: true` for all of them:
- `Republish images v{N}` (against the `v{N}` branch)
This scheduled pipeline needs to be created
- `Daily build` (against the `default` branch)
This scheduled pipeline should already exist
- `Republish images v{N-1}` (against the `v{N-1}` branch)
This scheduled pipeline should already exist
1. Delete the scheduled pipeline for the `v{N-2}` branch (if it exists), since we only support [two previous major versions](https://about.gitlab.com/support/statement-of-support/#version-support).
## Development of new analyzers
We occasionally need to build out new analyzer projects to support new frameworks and tools.
@ -379,10 +424,17 @@ Verify whether the underlying tool has:
- Bundle-able dependencies to be packaged as a Docker image, to be executed using GitLab Runner's [Linux or Windows Docker executor](https://docs.gitlab.com/runner/executors/docker.html).
- Compatible projects that can be detected based on filenames or extensions.
- Offline execution (no internet access) or can be configured to use custom proxies and/or CA certificates.
- The image is compatible with other container orchestration tools (see [testing container orchestration compatibility](#testing-container-orchestration-compatibility)).
#### Dockerfile
The `Dockerfile` should use an unprivileged user with the name `GitLab`. The reason this is necessary is to provide compatibility with Red Hat OpenShift instances, which don't allow containers to run as an admin (root) user. There are certain limitations to keep in mind when running a container as an unprivileged user, such as the fact that any files that need to be written on the Docker filesystem will require the appropriate permissions for the `GitLab` user. Please see the following merge request for more details: [Use GitLab user instead of root in Docker image](https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium/-/merge_requests/130).
The `Dockerfile` should use an unprivileged user with the name `GitLab`.
This is necessary is to provide compatibility with Red Hat OpenShift instances,
which don't allow containers to run as an admin (root) user.
There are certain limitations to keep in mind when running a container as an unprivileged user,
such as the fact that any files that need to be written on the Docker filesystem will require the appropriate permissions for the `GitLab` user.
Please see the following merge request for more details:
[Use GitLab user instead of root in Docker image](https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium/-/merge_requests/130).
#### Minimal vulnerability data
@ -505,7 +557,7 @@ In order to push images to this location:
1. Add the wildcard `v*` as a [Protected Tag](../../user/project/protected_tags.md).
Ensure the `gl-service-dev-secure-analyzers-automation` account has been explicitly added to the list of accounts `Allowed to create` protected tags. This is required to allow the [`upsert git tag`](https://gitlab.com/gitlab-org/security-products/ci-templates/blob/2a3519d/includes-dev/upsert-git-tag.yml#L35-44) job to create new releases for the analyzer project.
Ensure the [gl-service-dev-secure-analyzers-automation](https://gitlab.com/gl-service-dev-secure-analyzers-automation) service account has been explicitly added to the list of accounts `Allowed to create` protected tags. This is required to allow the [`upsert git tag`](https://gitlab.com/gitlab-org/security-products/ci-templates/blob/2a3519d/includes-dev/upsert-git-tag.yml#L35-44) job to create new releases for the analyzer project.
1. Add the wildcard `v*` as a [Protected Branch](../../user/project/repository/branches/protected.md).

67
doc/integration/advanced_search/elasticsearch.md
View File

@ -531,7 +531,7 @@ The following Elasticsearch settings are available:
| `Username` | The `username` of your Elasticsearch instance. |
| `Password` | The password of your Elasticsearch instance. |
| `Number of Elasticsearch shards and replicas per index` | Elasticsearch indices are split into multiple shards for performance reasons. In general, you should use at least five shards. Indices with tens of millions of documents should have more shards ([see the guidance](#guidance-on-choosing-optimal-cluster-configuration)). Changes to this value do not take effect until you re-create the index. For more information about scalability and resilience, see the [Elasticsearch documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/scalability.html). Each Elasticsearch shard can have a number of replicas. These replicas are a complete copy of the shard and can provide increased query performance or resilience against hardware failure. Increasing this value increases the total disk space required by the index. You can set the number of shards and replicas for each of the indices. |
| `Limit the amount of namespace and project data to index` | When you enable this setting, you can specify namespaces and projects to index. All other namespaces and projects use database search instead. If you enable this setting but do not specify any namespace or project, [only project records are indexed](#all-project-records-are-indexed). For more information, see [Limit the amount of namespace and project data to index](#limit-the-amount-of-namespace-and-project-data-to-index). |
| `Limit the amount of namespace and project data to index` | When you enable this setting, you can specify namespaces and projects to index. All other namespaces and projects use database search instead. If you enable this setting but do not specify any namespace or project, only project records are indexed. For more information, see [Limit the amount of namespace and project data to index](#limit-the-amount-of-namespace-and-project-data-to-index). |
| `Use AWS OpenSearch Service with IAM credentials` | Sign your OpenSearch requests using [AWS IAM authorization](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html), [AWS EC2 Instance Profile Credentials](https://docs.aws.amazon.com/codedeploy/latest/userguide/getting-started-create-iam-instance-profile.html#getting-started-create-iam-instance-profile-cli), or [AWS ECS Tasks Credentials](https://docs.aws.amazon.com/AmazonECS/latest/userguide/task-iam-roles.html). Refer to [Identity and Access Management in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ac.html) for details of AWS hosted OpenSearch domain access policy configuration. |
| `AWS Region` | The AWS region in which your OpenSearch Service is located. |
| `AWS Access Key` | The AWS access key. |
@ -556,38 +556,55 @@ in your Sidekiq logs. For more information, see
### Limit the amount of namespace and project data to index
When you select the **Limit the amount of namespace and project data to index**
checkbox, you can specify namespaces and projects to index. If the namespace is a group,
any subgroups and projects belonging to those subgroups are also indexed.
Advanced search only provides cross-group code/commit search (global) if all name-spaces are indexed. In this particular scenario where only a subset of namespaces are indexed, a global search does not provide a code or commit scope. This is possible only in the scope of an indexed namespace. There is no way to code/commit search in multiple indexed namespaces (when only a subset of namespaces has been indexed). For example if two groups are indexed, there is no way to run a single code search on both. You can only run a code search on the first group and then on the second.
If you do not specify any namespace or project, [only project records are indexed](#all-project-records-are-indexed).
{{< alert type="warning" >}}
If you have already indexed your instance, you must regenerate the index to delete all existing data
for filtering to work correctly. To do this, run the Rake tasks `gitlab:elastic:recreate_index` and
`gitlab:elastic:clear_index_status`. Afterwards, removing a namespace or a project from the list deletes the data
from the Elasticsearch index as expected.
{{< /alert >}}
#### All project records are indexed
{{< history >}}
- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/428070) in GitLab 16.7 [with a flag](../../administration/feature_flags.md) named `search_index_all_projects`. Disabled by default.
- Indexing all project records [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/428070) in GitLab 16.7 [with a flag](../../administration/feature_flags.md) named `search_index_all_projects`. Disabled by default.
- [Generally available](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/148111) in GitLab 16.11. Feature flag `search_index_all_projects` removed.
{{< /history >}}
When you select the **Limit the amount of namespace and project data to index** checkbox:
When you select the **Limit the amount of namespace and project data to index** checkbox,
you can specify namespaces and projects to index.
If the namespace is a group, any subgroups and projects in these subgroups are also indexed.
- All project records are indexed.
- Associated data (issues, merge requests, or code) is not indexed.
When you enable this setting:
If you do not specify any namespace or project, only project records are indexed.
- Namespaces or projects must be specified for full indexing.
- Project records (metadata like project names and descriptions) are always indexed for all projects.
- [Associated data](#advanced-search-index-scopes) is indexed only for the namespaces and projects you specify.
{{< alert type="warning" >}}
If you do not specify any namespace or project after you enable this setting,
only project records are indexed and no associated data can be searched.
{{< /alert >}}
#### Indexed namespaces
{{< history >}}
- Global search for limited indexing [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/41041) in GitLab 13.4 [with a flag](../../administration/feature_flags.md) named `advanced_global_search_for_limited_indexing`. Disabled by default.
- [Enabled on GitLab.com](https://gitlab.com/gitlab-org/gitlab/-/issues/244276) in GitLab 14.2.
{{< /history >}}
When you index all namespaces, you can use advanced search for global code and commit search.
When you index only some namespaces:
- Global search does not include a code or commit search scope.
- Code and commit searches are available only in a single indexed namespace.
- A single code or commit search is not possible across multiple indexed namespaces.
- Cross-project search is available in an indexed namespace.
For example, if you index two separate groups, you must run separate code searches on each group individually.
{{< alert type="warning" >}}
If you've already indexed your instance, you must [reindex the instance](#index-the-instance)
to delete all existing data for filtering to work correctly.
{{< /alert >}}
## Enable custom language analyzers

3
locale/gitlab.pot
View File

@ -34356,6 +34356,9 @@ msgstr ""
msgid "Last used %{last_used_at} ago"
msgstr ""
msgid "Last used date"
msgstr ""
msgid "Last week"
msgstr ""

27
scripts/verify-tff-mapping
View File

@ -84,9 +84,9 @@ tests = [
{
explanation: 'tests.yml map to related tooling specs',
changed_file: 'tests.yml',
expected: [
'spec/tooling/lib/tooling/find_tests_spec.rb',
'spec/tooling/lib/tooling/predictive_tests_spec.rb'
expected: %w[
spec/tooling/lib/tooling/find_tests_spec.rb
spec/tooling/lib/tooling/predictive_tests_spec.rb
]
},
@ -205,18 +205,18 @@ tests = [
{
explanation: 'Spec for FOSS model',
changed_file: 'app/models/uploads/base.rb',
expected: [
'spec/models/every_model_spec.rb',
'spec/lib/gitlab/import_export/model_configuration_spec.rb'
expected: %w[
spec/models/every_model_spec.rb
spec/lib/gitlab/import_export/model_configuration_spec.rb
]
},
{
explanation: 'Spec for EE model',
changed_file: 'ee/app/models/geo/base_registry.rb',
expected: [
'spec/models/every_model_spec.rb',
'spec/lib/gitlab/import_export/model_configuration_spec.rb'
expected: %w[
spec/models/every_model_spec.rb
spec/lib/gitlab/import_export/model_configuration_spec.rb
]
},
@ -596,6 +596,15 @@ tests = [
ee/spec/requests/api/graphql/mutations/remote_development/workspace_operations/create_spec.rb
]
},
{
explanation: 'Map Remote Development GraphQL type specs',
changed_file: 'ee/app/graphql/types/remote_development/namespace_cluster_agent_mapping_type.rb',
expected: [
'ee/spec/graphql/types/remote_development/namespace_cluster_agent_mapping_type_spec.rb',
'ee/spec/requests/api/graphql/mutations/remote_development/' \
'namespace_cluster_agent_mapping_operations/create_spec.rb'
]
},
## END Remote development GraphQL types
{

1
spec/lib/gitlab/database/no_cross_db_foreign_keys_spec.rb
View File

@ -33,7 +33,6 @@ RSpec.describe 'cross-database foreign keys' do
'pages_deployment_states.project_id',
'pool_repositories.source_project_id',
'project_repositories.project_id',
'projects.pool_repository_id',
'snippet_repositories.snippet_id',
'snippet_repositories.snippet_organization_id',
'snippet_repositories.snippet_project_id',

14
spec/models/description_version_spec.rb
View File

@ -45,6 +45,20 @@ RSpec.describe DescriptionVersion do
expect(version.namespace_id).to eq(issue.namespace.id)
end
context 'when namespace_id is 0' do
before do
version.namespace_id = 0
end
it 'sets the namespace id from the issue namespace id' do
expect(version.namespace_id).to eq(0)
version.valid?
expect(version.namespace_id).to eq(issue.namespace.id)
end
end
end
context 'when version belongs to a group issue' do

7
spec/models/project_spec.rb
View File

@ -10016,4 +10016,11 @@ RSpec.describe Project, factory_default: :keep, feature_category: :groups_and_pr
it { is_expected.to eq(result) }
end
end
context 'with loose foreign key on projects.pool_repository_id' do
it_behaves_like 'cleanup by a loose foreign key' do
let_it_be(:parent) { create(:pool_repository) }
let_it_be(:model) { create(:project, pool_repository: parent) }
end
end
end

5
tests.yml
View File

@ -181,6 +181,11 @@ mapping:
test:
- 'ee/spec/requests/api/graphql/mutations/remote_development/workspace_operations/create_spec.rb'
- source: 'ee/app/graphql/types/remote_development/namespace_cluster_agent_mapping_type\.rb'
test:
- 'ee/spec/graphql/types/remote_development/namespace_cluster_agent_mapping_type_spec.rb'
- 'ee/spec/requests/api/graphql/mutations/remote_development/namespace_cluster_agent_mapping_operations/create_spec.rb'
## END Remote development GraphQL types
# Usage metric schema changes should trigger validations for all metrics and tooling