root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2024-02-09 06:07:05 +00:00
parent 8a1ac16ed4
commit cd70cfa314
19 changed files with 183 additions and 132 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/models/ci/build.rb
View File

@ -105,7 +105,6 @@ module Ci
delegate :trigger_short_token, to: :trigger_request, allow_nil: true
delegate :ensure_persistent_ref, to: :pipeline
delegate :enable_debug_trace!, to: :metadata
delegate :debug_trace_enabled?, to: :metadata
serialize :options # rubocop:disable Cop/ActiveRecordSerialize
serialize :yaml_variables, Gitlab::Serializer::Ci::Variables # rubocop:disable Cop/ActiveRecordSerialize
@ -1018,7 +1017,7 @@ module Ci
def debug_mode?
# perform the check on both sides in case the runner version is old
debug_trace_enabled? ||
metadata&.debug_trace_enabled? ||
Gitlab::Utils.to_boolean(variables['CI_DEBUG_SERVICES']&.value, default: false) ||
Gitlab::Utils.to_boolean(variables['CI_DEBUG_TRACE']&.value, default: false)
end

2
app/models/ci/pipeline.rb
View File

@ -1468,8 +1468,6 @@ module Ci
end
def track_ci_pipeline_created_event
return unless Feature.enabled?(:track_ci_pipeline_created_event, project, type: :gitlab_com_derisk)
Gitlab::InternalEvents.track_event('create_ci_internal_pipeline', project: project, user: user)
end
end

80
app/workers/personal_access_tokens/expiring_worker.rb
View File

@ -3,6 +3,7 @@
module PersonalAccessTokens
class ExpiringWorker # rubocop:disable Scalability/IdempotentWorker
include ApplicationWorker
include Gitlab::Utils::StrongMemoize
data_consistency :always
@ -12,44 +13,73 @@ module PersonalAccessTokens
MAX_TOKENS = 100
# For the worker is timing out with a bigger batch size
# https://gitlab.com/gitlab-org/gitlab/-/issues/432518
BATCH_SIZE = 100
def perform(*args)
notification_service = NotificationService.new
limit_date = PersonalAccessToken::DAYS_TO_EXPIRE.days.from_now.to_date
User.with_expiring_and_not_notified_personal_access_tokens(limit_date).find_each do |user|
with_context(user: user) do
expiring_user_tokens = user.personal_access_tokens.without_impersonation.expiring_and_not_notified(limit_date)
# rubocop: disable CodeReuse/ActiveRecord -- We need to specify batch size to avoid timing out of worker
loop do
tokens = PersonalAccessToken.without_impersonation.expiring_and_not_notified(limit_date)
.select(:user_id).limit(BATCH_SIZE).to_a
# rubocop: disable CodeReuse/ActiveRecord
# We never materialise the token instances. We need the names to mention them in the
# email. Later we trigger an update query on the entire relation, not on individual instances.
token_names = expiring_user_tokens.limit(MAX_TOKENS).pluck(:name)
# We're limiting to 100 tokens so we avoid loading too many tokens into memory.
# At the time of writing this would only affect 69 users on GitLab.com
break if tokens.empty?
# rubocop: enable CodeReuse/ActiveRecord
users = User.where(id: tokens.pluck(:user_id).uniq)
message = if user.project_bot?
notification_service.resource_access_tokens_about_to_expire(user, token_names)
users.each do |user|
with_context(user: user) do
expiring_user_tokens = user.personal_access_tokens
.without_impersonation.expiring_and_not_notified(limit_date)
"Notifying Bot User resource owners about expiring tokens"
else
notification_service.access_token_about_to_expire(user, token_names)
next if expiring_user_tokens.empty?
"Notifying User about expiring tokens"
end
# We never materialise the token instances. We need the names to mention them in the
# email. Later we trigger an update query on the entire relation, not on individual instances.
token_names = expiring_user_tokens.limit(MAX_TOKENS).pluck(:name)
# We're limiting to 100 tokens so we avoid loading too many tokens into memory.
# At the time of writing this would only affect 69 users on GitLab.com
Gitlab::AppLogger.info(
message: message,
class: self.class,
user_id: user.id
)
# rubocop: enable CodeReuse/ActiveRecord
if user.project_bot?
deliver_bot_notifications(token_names, user)
else
deliver_user_notifications(token_names, user)
end
expiring_user_tokens.each_batch do |expiring_tokens|
expiring_tokens.update_all(expire_notification_delivered: true)
expiring_user_tokens.update_all(expire_notification_delivered: true)
end
end
end
end
private
def deliver_bot_notifications(token_names, user)
notification_service.resource_access_tokens_about_to_expire(user, token_names)
Gitlab::AppLogger.info(
message: "Notifying Bot User resource owners about expiring tokens",
class: self.class,
user_id: user.id
)
end
def deliver_user_notifications(token_names, user)
notification_service.access_token_about_to_expire(user, token_names)
Gitlab::AppLogger.info(
message: "Notifying User about expiring tokens",
class: self.class,
user_id: user.id
)
end
def notification_service
NotificationService.new
end
strong_memoize_attr :notification_service
end
end

9
config/feature_flags/gitlab_com_derisk/track_ci_pipeline_created_event.yml
View File

@ -1,9 +0,0 @@
---
name: track_ci_pipeline_created_event
feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/429065
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/142356
rollout_issue_url: https://gitlab.com/gitlab-com/gl-infra/production/-/issues/17445
milestone: '16.9'
group: group::pipeline execution
type: gitlab_com_derisk
default_enabled: false

4
doc/administration/audit_event_reports.md
View File

@ -51,7 +51,7 @@ To view a group's audit events:
1. Select **Secure > Audit events**.
1. Filter the audit events by the member of the project (user) who performed the action and date range.
Group audit events can also be accessed using the [Group Audit Events API](../api/audit_events.md#group-audit-events). Group audit event queries are limited to a maximum of 30 days.
Group audit events can also be accessed using the [Group Audit Events API](../api/audit_events.md#group-audit-events). Group audit event queries `created_after` and `created_before` parameters are limited to a maximum 30 day difference between the dates.
### Project audit events
@ -59,7 +59,7 @@ Group audit events can also be accessed using the [Group Audit Events API](../ap
1. Select **Secure > Audit events**.
1. Filter the audit events by the member of the project (user) who performed the action and date range.
Project audit events can also be accessed using the [Project Audit Events API](../api/audit_events.md#project-audit-events). Project audit event queries are limited to a maximum of 30 days.
Project audit events can also be accessed using the [Project Audit Events API](../api/audit_events.md#project-audit-events). Project audit event queries `created_after` and `created_before` parameters are limited to a maximum 30 day difference between the dates.
### Instance audit events

31
doc/administration/logs/log_parsing.md
View File

@ -165,24 +165,25 @@ CT: 190 ROUTE: /api/:version/projects/:id/repository/commits DURS: 1079.02,
#### Print top API user agents
```shell
jq --raw-output '[.route, .ua] | @tsv' api_json.log | sort | uniq -c | sort -n
jq --raw-output 'select(.remote_ip != "127.0.0.1") | [.remote_ip, .username, .route, .ua] | @tsv' api_json.log |
sort | uniq -c | sort -n | tail
```
**Example output**:
```plaintext
89 /api/:version/usage_data/increment_unique_users # plus browser details
567 /api/:version/jobs/:id/trace gitlab-runner # plus version details
1234 /api/:version/internal/allowed GitLab-Shell
89 1.2.3.4, 127.0.0.1 some_user /api/:version/projects/:id/pipelines # plus browser details; OK
567 5.6.7.8, 127.0.0.1 /api/:version/jobs/:id/trace gitlab-runner # plus version details; OK
1234 98.76.54.31, 127.0.0.1 some_bot /api/:version/projects/:id/repository/files/:file_path/raw
```
This sample response seems typical. A custom tool or script might be causing a high load
if the output contains many:
This example shows a custom tool or script causing an unexpectedly high number of requests.
User agents in this situation can be:
- Third party libraries like `python-requests` or `curl`.
- [GitLab CLI clients](https://about.gitlab.com/partners/technology-partners/#cli-clients).
You can also [use `fast-stats top`](#parsing-gitlab-logs-with-jq) to extract performance statistics.
You can also [use `fast-stats top`](#parsing-gitlab-logs-with-jq) to extract performance statistics for those users or bots.
### Parsing `gitlab-rails/importer.log`
@ -200,19 +201,13 @@ For common issues, see [troubleshooting](../../administration/raketasks/project_
#### Print top Workhorse user agents
```shell
jq --raw-output '[.uri, .user_agent] | @tsv' current | sort | uniq -c | sort -n
jq --raw-output 'select(.remote_ip != "127.0.0.1") | [.remote_ip, .uri, .user_agent] | @tsv' current |
sort | uniq -c | sort -n | tail
```
**Example output**:
```plaintext
89 /api/graphql # plus browser details
567 /api/v4/internal/allowed GitLab-Shell
1234 /api/v4/jobs/request gitlab-runner # plus version details
```
Similar to the [API `ua` data](#print-top-api-user-agents),
deviations from this common order might indicate scripts that could be optimized.
Similar to the [API `ua` example](#print-top-api-user-agents),
many unexpected user agents in this output indicate unoptimized scripts.
Expected user agents include `gitlab-runner`, `GitLab-Shell`, and browsers.
The performance impact of runners checking for new jobs can be reduced by increasing
[the `check_interval` setting](https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section),

7
doc/api/geo_nodes.md
View File

@ -4,12 +4,17 @@ group: Geo
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
---
# Geo Nodes API
# Geo Nodes API (deprecated)
DETAILS:
**Tier:** Premium, Ultimate
**Offering:** Self-managed
WARNING:
The Geo Nodes API was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/369140) in GitLab 16.0
and is planned for removal in v5 of the API. Use the [Geo Sites API](geo_sites.md) instead.
This change is a breaking change.
To interact with Geo node endpoints, you must authenticate yourself as an
administrator.

9
doc/user/application_security/breach_and_attack_simulation/index.md
View File

@ -4,13 +4,18 @@ group: Incubation
info: Breach and Attack Simulation is a GitLab Incubation Engineering program. No technical writer assigned to this group.
---
# Breach and Attack Simulation
<!--- start_remove The following content will be removed on remove_date: '2024-08-15' -->
# Breach and Attack Simulation (deprecated)
DETAILS:
**Tier:** Ultimate
**Offering:** SaaS, self-managed
**Status:** Experiment
WARNING:
This feature was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/430966) in GitLab 16.9 and will be removed in 17.0. This change is a breaking change.
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/402784) in GitLab 15.11 as an Incubating feature.
> - [Included](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/119981) in the `Security/BAS.latest.gitlab-ci.yml` in GitLab 16.0.
@ -147,3 +152,5 @@ You can also manually enable callback attacks by making sure to:
1. Enable both the application being tested and callback service container using [services](../../../ci/services/index.md).
1. Enable container-to-container networking [making the callback service accessible](../../../ci/services/index.md#connecting-services) in the job.
1. Set `DAST_BROWSER_CALLBACK` to include `Address:$YOUR_CALLBACK_URL` key/value pair where the callback service is accessible to the Runner/DAST container.
<!--- end_remove -->

25
doc/user/application_security/dast/browser/index.md
View File

@ -11,26 +11,29 @@ DETAILS:
**Tier:** Ultimate
**Offering:** SaaS, self-managed
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/323423) in GitLab 13.12 as a Beta feature.
> - [Generally available](https://gitlab.com/groups/gitlab-org/-/epics/9023) in GitLab 15.7 (GitLab DAST v3.0.50).
Browser-based DAST helps you identify security weaknesses (CWEs) in your web applications. After you deploy your web application, it
becomes exposed to new types of attacks, many of which cannot be detected prior to deployment. For example, misconfigurations of your
application server or incorrect assumptions about security controls may not be visible from the source code, but they can be detected with browser-based DAST.
Browser-based DAST helps you identify security weaknesses (CWEs) in your web applications. After you
deploy your web application, it becomes exposed to new types of attacks, many of which cannot be
detected prior to deployment. For example, misconfigurations of your application server or incorrect
assumptions about security controls may not be visible from the source code, but they can be
detected with browser-based DAST.
Dynamic Application Security Testing (DAST) examines applications for
vulnerabilities like these in deployed environments.
Dynamic Application Security Testing (DAST) examines applications for vulnerabilities like these in
deployed environments.
<i class="fa fa-youtube-play youtube" aria-hidden="true"></i>
For an overview, see [Dynamic Application Security Testing (DAST)](https://www.youtube.com/watch?v=nbeDUoLZJTo).
WARNING:
Do not run DAST scans against a production server. Not only can it perform *any* function that
a user can, such as clicking buttons or submitting forms, but it may also trigger bugs, leading to modification or loss of production data. Only run DAST scans against a test server.
Do not run DAST scans against a production server. Not only can it perform *any* function that a
user can, such as clicking buttons or submitting forms, but it may also trigger bugs, leading to
modification or loss of production data. Only run DAST scans against a test server.
The DAST browser-based analyzer was built by GitLab to scan modern-day web applications for vulnerabilities.
Scans run in a browser to optimize testing applications heavily dependent on JavaScript, such as single-page applications.
See [how DAST scans an application](#how-dast-scans-an-application) for more information.
The DAST browser-based analyzer was built by GitLab to scan modern-day web applications for
vulnerabilities. Scans run in a browser to optimize testing applications heavily dependent on
JavaScript, such as single-page applications. See
[how DAST scans an application](#how-dast-scans-an-application) for more information.
To add the analyzer to your CI/CD pipeline, see [enabling the analyzer](configuration/enabling_the_analyzer.md).

22
doc/user/application_security/dast/index.md
View File

@ -10,11 +10,27 @@ DETAILS:
**Tier:** Ultimate
**Offering:** SaaS, Self-managed
Dynamic Application Security Testing (DAST) runs automated penetration tests to find vulnerabilities in your web applications and APIs as they are running. DAST automates a hackers approach and simulates real-world attacks for critical threats such as cross-site scripting (XSS), SQL injection (SQLi), and cross-site request forgery (CSRF) to uncover vulnerabilities and misconfigurations that other security tools cannot detect.
WARNING:
Proxy-based DAST was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/430966) in GitLab
16.9 and is planned for removal in 17.0. Use [browser-based DAST](browser_based.md) instead. This
change is a breaking change.
DAST is completely language agnostic and examines your application from the outside in. With a running application in a test environment, DAST scans can be automated via your CI/CD pipeline, automated on a schedule, or run independently via on-demand scans. Utilizing DAST during the SDLC enables teams to uncover vulnerabilities before their applications are in production. DAST is a foundational component of software security and should be used in tandem with SAST, dependency and license scanning, and secret detection to provide a comprehensive security assessment of your applications.
Dynamic Application Security Testing (DAST) runs automated penetration tests to find vulnerabilities
in your web applications and APIs as they are running. DAST automates a hackers approach and
simulates real-world attacks for critical threats such as cross-site scripting (XSS), SQL injection
(SQLi), and cross-site request forgery (CSRF) to uncover vulnerabilities and misconfigurations that
other security tools cannot detect.
GitLabs Browser-based DAST and DAST API are proprietary runtime tools, which provide broad security coverage for modern-day web applications and APIs.
DAST is completely language agnostic and examines your application from the outside in. With a
running application in a test environment, DAST scans can be automated in a CI/CD pipeline,
automated on a schedule, or run independently by using on-demand scans. Using DAST during the
software development life cycle enables teams to uncover vulnerabilities before their applications
are in production. DAST is a foundational component of software security and should be used in
tandem with SAST, dependency and license scanning, and secret detection, to provide a comprehensive
security assessment of your applications.
GitLabs Browser-based DAST and DAST API are proprietary runtime tools, which provide broad security
coverage for modern-day web applications and APIs.
<i class="fa fa-youtube-play youtube" aria-hidden="true"></i>
For an overview, see [Dynamic Application Security Testing (DAST)](https://www.youtube.com/watch?v=nbeDUoLZJTo).

4
doc/user/application_security/dast/proxy-based.md
View File

@ -12,9 +12,7 @@ DETAILS:
**Offering:** SaaS, Self-managed
WARNING:
This feature was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/430966) in GitLab 16.9
and is planned for removal in 17.0. Use [browser-based DAST](browser_based.md) instead.
This change is a breaking change.
This feature was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/430966) in GitLab 16.9 and will be removed in 17.0. Use [browser-based DAST](browser_based.md) instead. This change is a breaking change.
The DAST proxy-based analyzer can be added to your [GitLab CI/CD](../../../ci/index.md) pipeline.
This helps you discover vulnerabilities in web applications that do not use JavaScript heavily. For applications that do,

18
doc/user/application_security/policies/scan-result-policies.md
View File

@ -144,15 +144,15 @@ This rule enforces the defined actions based on security scan findings.
This rule enforces the defined actions based on license findings.
| Field | Type | Required | Possible values | Description |
|------------|------|----------|-----------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `type` | `string` | true | `license_finding` | The rule's type. |
| `branches` | `array` of `string` | true if `branch_type` field does not exist | `[]` or the branch's name | Applicable only to protected target branches. An empty array, `[]`, applies the rule to all protected target branches. Cannot be used with the `branch_type` field. |
| `branch_type` | `string` | true if `branches` field does not exist | `default` or `protected` | The types of protected branches the given policy applies to. Cannot be used with the `branches` field. Default branches must also be `protected`. |
| `branch_exceptions` | `array` of `string` | false | Names of branches | Branches to exclude from this rule. |
| `match_on_inclusion` | `boolean` | true | `true`, `false` | **{warning}** **[Deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/424513)** in GitLab 16.9. Whether the rule matches inclusion or exclusion of licenses listed in `license_types`. |
| `license_types` | `array` of `string` | true | license types | [SPDX license names](https://spdx.org/licenses) to match on, for example `Affero General Public License v1.0` or `MIT License`. |
| `license_states` | `array` of `string` | true | `newly_detected`, `detected` | Whether to match newly detected and/or previously detected licenses. The `newly_detected` state triggers approval when either a new package is introduced or when a new license for an existing package is detected. |
| Field | Type | Required | Possible values | Description |
|----------------------|---------------------|--------------------------------------------|------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `type` | `string` | true | `license_finding` | The rule's type. |
| `branches` | `array` of `string` | true if `branch_type` field does not exist | `[]` or the branch's name | Applicable only to protected target branches. An empty array, `[]`, applies the rule to all protected target branches. Cannot be used with the `branch_type` field. |
| `branch_type` | `string` | true if `branches` field does not exist | `default` or `protected` | The types of protected branches the given policy applies to. Cannot be used with the `branches` field. Default branches must also be `protected`. |
| `branch_exceptions` | `array` of `string` | false | Names of branches | Branches to exclude from this rule. |
| `match_on_inclusion` | `boolean` | true | `true`, `false` | **{warning}** **[Deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/424513)** in GitLab 16.9. Whether the rule matches inclusion or exclusion of licenses listed in `license_types`. When `false`, any detected licenses excluded from `license_types` require approval. |
| `license_types` | `array` of `string` | true | license types | [SPDX license names](https://spdx.org/licenses) to match on, for example `Affero General Public License v1.0` or `MIT License`. |
| `license_states` | `array` of `string` | true | `newly_detected`, `detected` | Whether to match newly detected and/or previously detected licenses. The `newly_detected` state triggers approval when either a new package is introduced or when a new license for an existing package is detected. |
## `any_merge_request` rule type

41
doc/user/gitlab_com/index.md
View File

@ -343,28 +343,27 @@ code. The client should wait before attempting the request again. There
are also informational headers with this response detailed in
[rate limiting responses](#rate-limiting-responses).
The following table describes the rate limits for GitLab.com, both before and
after the limits change in January, 2021:
The following table describes the rate limits for GitLab.com:
| Rate limit | From 2021-02-12 | From 2022-02-03 |
|:---------------------------------------------------------------------------|:------------------------------|:-------------------------------------|
| **Protected paths** (for a given **IP address**) | **10** requests per minute | **10** requests per minute |
| **Raw endpoint** traffic (for a given **project, commit, and file path**) | **300** requests per minute | **300** requests per minute |
| **Unauthenticated** traffic (from a given **IP address**) | **500** requests per minute | **500** requests per minute |
| **Authenticated** API traffic (for a given **user**) | **2,000** requests per minute | **2,000** requests per minute |
| **Authenticated** non-API HTTP traffic (for a given **user**) | **1,000** requests per minute | **1,000** requests per minute |
| **All** traffic (from a given **IP address**) | **2,000** requests per minute | **2,000** requests per minute |
| **Issue creation** | **300** requests per minute | **200** requests per minute |
| **Note creation** (on issues and merge requests) | **60** requests per minute | **60** requests per minute |
| **Advanced, project, and group search** API (for a given **IP address**) | **10** requests per minute | **10** requests per minute |
| **GitLab Pages** requests (for a given **IP address**) | | **1000** requests per **50 seconds** |
| **GitLab Pages** requests (for a given **GitLab Pages domain**) | | **5000** requests per **10 seconds** |
| **GitLab Pages** TLS connections (for a given **IP address**) | | **1000** requests per **50 seconds** |
| **GitLab Pages** TLS connections (for a given **GitLab Pages domain**) | | **400** requests per **10 seconds** |
| **Pipeline creation** requests (for a given **project, user, and commit**) | | **25** requests per minute |
| **Alert integration endpoint** requests (for a given **project**) | | **3600** requests per hour |
| **[Pull mirroring](../project/repository/mirror/pull.md)** intervals | **5** minutes | **5** minutes |
| **API Requests** (from a given **user**) to `/api/v4/users/:id` | | **300** requests per **10 minutes** |
| Rate limit | Setting |
|:---------------------------------------------------------------------------|:-------------------------------------|
| **Protected paths** (for a given **IP address**) | **10** requests per minute |
| **Raw endpoint** traffic (for a given **project, commit, and file path**) | **300** requests per minute |
| **Unauthenticated** traffic (from a given **IP address**) | **500** requests per minute |
| **Authenticated** API traffic (for a given **user**) | **2,000** requests per minute |
| **Authenticated** non-API HTTP traffic (for a given **user**) | **1,000** requests per minute |
| **All** traffic (from a given **IP address**) | **2,000** requests per minute |
| **Issue creation** | **200** requests per minute |
| **Note creation** (on issues and merge requests) | **60** requests per minute |
| **Advanced, project, and group search** API (for a given **IP address**) | **10** requests per minute |
| **GitLab Pages** requests (for a given **IP address**) | **1000** requests per **50 seconds** |
| **GitLab Pages** requests (for a given **GitLab Pages domain**) | **5000** requests per **10 seconds** |
| **GitLab Pages** TLS connections (for a given **IP address**) | **1000** requests per **50 seconds** |
| **GitLab Pages** TLS connections (for a given **GitLab Pages domain**) | **400** requests per **10 seconds** |
| **Pipeline creation** requests (for a given **project, user, and commit**) | **25** requests per minute |
| **Alert integration endpoint** requests (for a given **project**) | **3600** requests per hour |
| **[Pull mirroring](../project/repository/mirror/pull.md)** intervals | **5** minutes |
| **API Requests** (from a given **user**) to `/api/v4/users/:id` | **300** requests per **10 minutes** |
More details are available on the rate limits for
[protected paths](#protected-paths-throttle) and

5
doc/user/project/import/gitea.md
View File

@ -31,6 +31,11 @@ in your GitLab instance. This means the project creator (usually the user that
started the import process) is set as the author. A reference, however, is kept
on the issue about the original Gitea author.
## Known issue
Because of [issue 434175](https://gitlab.com/gitlab-org/gitlab/-/issues/434175), projects with a dot
in their path must be renamed for all items to be imported correctly.
## Prerequisites
> - Requirement for Maintainer role instead of Developer role introduced in GitLab 16.0 and backported to GitLab 15.11.1 and GitLab 15.10.5.

2
package.json
View File

@ -61,7 +61,7 @@
"@gitlab/favicon-overlay": "2.0.0",
"@gitlab/fonts": "^1.3.0",
"@gitlab/svgs": "3.83.0",
"@gitlab/ui": "^74.2.0",
"@gitlab/ui": "^74.3.0",
"@gitlab/visual-review-tools": "1.7.3",
"@gitlab/web-ide": "^0.0.1-dev-20240208022507",
"@mattiasbuelens/web-streams-adapter": "^0.1.0",

10
spec/models/ci/build_spec.rb
View File

@ -121,7 +121,7 @@ RSpec.describe Ci::Build, feature_category: :continuous_integration, factory_def
context 'when transitioning to any state from running' do
it 'removes runner_session' do
%w[success drop cancel].each do |event|
build = FactoryBot.create(:ci_build, :running, :with_runner_session, pipeline: pipeline)
build = create(:ci_build, :running, :with_runner_session, pipeline: pipeline)
build.fire_events!(event)
@ -5064,6 +5064,14 @@ RSpec.describe Ci::Build, feature_category: :continuous_integration, factory_def
it { is_expected.to eq false }
end
context 'when metadata does not exist' do
before do
build.metadata.destroy!
end
it { is_expected.to eq false }
end
end
describe '#drop_with_exit_code!' do

12
spec/models/ci/pipeline_spec.rb
View File

@ -190,18 +190,6 @@ RSpec.describe Ci::Pipeline, :mailer, factory_default: :keep, feature_category:
pipeline.save!
end
end
context 'with FF track_ci_pipeline_created_event disabled' do
before do
stub_feature_flags(track_ci_pipeline_created_event: false)
end
it 'does not track the creation event' do
expect(Gitlab::InternalEvents).not_to receive(:track_event)
pipeline.save!
end
end
end
end

23
spec/workers/personal_access_tokens/expiring_worker_spec.rb
View File

@ -25,15 +25,26 @@ RSpec.describe PersonalAccessTokens::ExpiringWorker, type: :worker, feature_cate
it 'marks the notification as delivered' do
expect { worker.perform }.to change { expiring_token.reload.expire_notification_delivered }.from(false).to(true)
end
it 'avoids N+1 queries', :use_sql_query_cache do
control = ActiveRecord::QueryRecorder.new(skip_cached: false) { worker.perform }
user1 = create(:user)
create(:personal_access_token, user: user1, expires_at: 5.days.from_now)
user2 = create(:user)
create(:personal_access_token, user: user2, expires_at: 5.days.from_now)
# Query count increased for the user look up
expect { worker.perform }.not_to exceed_all_query_limit(control).with_threshold(4)
end
end
context 'when no tokens need to be notified' do
let_it_be(:pat) { create(:personal_access_token, expires_at: 5.days.from_now, expire_notification_delivered: true) }
it "doesn't use notification service to send the email" do
expect_next_instance_of(NotificationService) do |notification_service|
expect(notification_service).not_to receive(:access_token_about_to_expire).with(pat.user, [pat.name])
end
it "doesn't call notification services" do
expect(worker).not_to receive(:notification_service)
worker.perform
end
@ -47,9 +58,7 @@ RSpec.describe PersonalAccessTokens::ExpiringWorker, type: :worker, feature_cate
let_it_be(:pat) { create(:personal_access_token, :impersonation, expires_at: 5.days.from_now) }
it "doesn't use notification service to send the email" do
expect_next_instance_of(NotificationService) do |notification_service|
expect(notification_service).not_to receive(:access_token_about_to_expire).with(pat.user, [pat.name])
end
expect(worker).not_to receive(:notification_service)
worker.perform
end

8
yarn.lock
View File

@ -1321,10 +1321,10 @@
resolved "https://registry.yarnpkg.com/@gitlab/svgs/-/svgs-3.83.0.tgz#5d6799e5fe3fb564b7e4190d90876469bd1608ba"
integrity sha512-881f6OsxREgBXYn9fkg+XGweBFbrGdrssrIzFIZFSG95GF/K+HILw1mXZ9nq7C5Xb5JDWPKJGYnKuHw5vvWm5Q==
"@gitlab/ui@^74.2.0":
version "74.2.0"
resolved "https://registry.yarnpkg.com/@gitlab/ui/-/ui-74.2.0.tgz#520bbf06eddd0da61cd79bd5678b610ecfd291ef"
integrity sha512-bSYWZ9tlzl8oX57Xou2aQN4bnEVzEr/vzBqGpdpTizjsf3RF4K3BHhD2CuRXex3AwFYxQX89QIO5LZKlX2KhrA==
"@gitlab/ui@^74.3.0":
version "74.3.0"
resolved "https://registry.yarnpkg.com/@gitlab/ui/-/ui-74.3.0.tgz#f5a7ee3f31fd8cd221ccf56b82f65e390ef8f142"
integrity sha512-q5twfOd8nrD0bGK+UiUnJ3c2yIJlYG+qdl3/HKoMBcqXu0IJA4XcvM9Fp1gUYdZ23ritSbFwPVjPGoryeGjjbw==
dependencies:
"@floating-ui/dom" "1.4.3"
bootstrap-vue "2.23.1"