root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2021-02-23 06:11:16 +00:00
parent bf562015bb
commit d5f3372f10
33 changed files with 433 additions and 147 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.gitlab/issue_templates/Adoption Engineering.md
View File

@ -1,14 +1,14 @@
#Design
# Design
<!-- This should include the contexts that determine the reproducibility (stickiness) of an experiment. This means that if you want the same behavior for a user, the context would be user, or if you want all users when viewing a specific project, the context would be the project being viewed, etc. -->
#Rollout strategy
# Rollout strategy
<!-- This is currently called A/B test, which isn't accurate for multi-variants. Let's call this rollout strategy. It should outline the percentages for variants and if there's more than one step to this, each of those steps and the timing for those steps (e.g. 30 days after initial rollout). -->
#Inclusions and exclusions
# Inclusions and exclusions
<!-- These would be the rules for which given context (and are limited to context or resolvable at experiment time details) is included or excluded from the test. An example of this would be to only run an experiment on groups less than N number of days old. -->
#Segmentation
# Segmentation
<!-- Rules for always saying context with these criteria always get this variant. For instance, if you want to always give groups less than N number of days old the experiment experience, they are specified here. This is different from the exclusion rules above. -->
#Tracking
# Tracking

92
.gitlab/issue_templates/experiment_tracking_template.md Normal file
View File

@ -0,0 +1,92 @@
<!-- Title suggestion: [Experiment Tracking] experiment-key - description of experiment -->
## What
Track the status of an experiment through to removal.
1. Experiment key: `<experiment-key>`
1. Framework: `experimentation.rb` | `gitlab_experiment`
1. Feature flag name: <experiment-key>_experiment_percentage` | `<experiment-key>`
This is an experiment tracking issue for: `<issue or epic link>`
using the scoped [experiment label](https://about.gitlab.com/handbook/engineering/development/growth/#experiment-tracking-issue).
As well as defining the experiment rollout and cleanup, this issue incorporates the relevant
[`Feature Flag Roll Out`](https://gitlab.com/gitlab-org/gitlab/-/edit/master/.gitlab/issue_templates/Feature%20Flag%20Roll%20Out.md) steps.
## Owners
- Team: `group::TEAM_NAME`
- Most appropriate slack channel to reach out to: `#g_TEAM_NAME`
- Best individual to reach out to: NAME
## Expectations
### What are we expecting to happen?
### What might happen if this goes wrong?
### What can we monitor to detect problems with this?
<!-- Which dashboards from https://dashboards.gitlab.net are most relevant? Sentry errors reports can alse be useful to review -->
### Tracked data
<!-- brief description or link to issue or Sisense dashboard -->
### Staging Test
<!-- For experiments using `experimentation.rb`: To force this experiment on staging use `?force_experiment=<experiment-key>` -->
<!-- list any steps required to setup this experiment, and link to a separate Staging environment test issue is applicable -->
<!-- uncomment if testing with specific groups/projects on GitLab.com
## Beta groups/projects
If applicable, any groups/projects that are happy to have this feature turned on early. Some organizations may wish to test big changes they are interested in with a small subset of users ahead of time for example.
- `gitlab-org/gitlab` project
- `gitlab-org`/`gitlab-com` groups
- ...
-->
### Experiment tracking log
<!-- Add an overview and method for modifying the feature flag
* Runtime: 30 days or until we reach statistical significance
* We will roll this out behind a feature flag and expose this to 20% of users to start then ramp it up from there.
* feature flag based on experiment key `<experiment-key>` (see `experimentation.rb` in GitLab, append '_experiment_percentage')
`/chatops run feature set <experiment-key>_experiment_percentage <INITIAL_PERCENTAGE>`
-->
<!-- Add bullet points to track changes to the rollout of this experiment (feature flag changes)
* YYYY-MM-DD UTC - initial rollout to 20% of users
* TBD - review - increase to 50% of users
-->
### Experiment Results
<!-- update when experiment in/validated, set the scoped `~experiment::` status accordingly -->
## Roll Out Steps
- [ ] Confirm that QA tests pass with the feature flag enabled (if you're unsure how, contact the relevant [stable counterpart in the Quality department](https://about.gitlab.com/handbook/engineering/quality/#individual-contributors))
- [ ] Enable on staging (`/chatops run feature set feature_name true --staging`)
- [ ] Test on staging
- [ ] Ensure that documentation has been updated
- [ ] Enable on GitLab.com for individual groups/projects listed above and verify behaviour (`/chatops run feature set --project=gitlab-org/gitlab feature_name true`)
- [ ] Coordinate a time to enable the flag with the SRE oncall and release managers
- In `#production` mention `@sre-oncall` and `@release-managers`. Once an SRE on call and Release Manager on call confirm, you can proceed with the rollout
- [ ] Announce on the issue an estimated time this will be enabled on GitLab.com
- [ ] Enable on GitLab.com by running chatops command in `#production` (`/chatops run feature set feature_name true`)
- [ ] Cross post chatops Slack command to `#support_gitlab-com` ([more guidance when this is necessary in the dev docs](https://docs.gitlab.com/ee/development/feature_flags/controls.html#where-to-run-commands)) and in your team channel
- [ ] Announce on the issue that the flag has been enabled
- [ ] Remove experiment code and feature flag and add changelog entry - a separate [cleanup issue](https://gitlab.com/gitlab-org/gitlab/-/issues/new?issuable_template=Experiment%20Successful%20Cleanup) might be required
- [ ] After the flag removal is deployed, [clean up the feature flag](https://docs.gitlab.com/ee/development/feature_flags/controls.html#cleaning-up) by running chatops command in `#production` channel
## Rollback Steps
- [ ] This feature can be disabled by running the following Chatops command:
```
/chatops run feature set feature_name false
```
/label ~"feature flag" ~"devops::growth" ~"growth experiment" ~"experiment tracking" ~Engineering ~"workflow::scheduling" ~"experiment::pending"

12
app/assets/javascripts/vue_merge_request_widget/components/mr_widget_how_to_merge_modal.vue
View File

@ -108,9 +108,7 @@ export default {
{{ $options.i18n.steps.step1.help }}
</p>
<div class="gl-display-flex">
<pre class="gl-overflow-scroll gl-w-full" data-testid="how-to-merge-instructions">{{
mergeInfo1
}}</pre>
<pre class="gl-w-full" data-testid="how-to-merge-instructions">{{ mergeInfo1 }}</pre>
<clipboard-button
:text="mergeInfo1"
:title="$options.i18n.copyCommands"
@ -131,9 +129,7 @@ export default {
{{ $options.i18n.steps.step3.help }}
</p>
<div class="gl-display-flex">
<pre class="gl-overflow-scroll gl-w-full" data-testid="how-to-merge-instructions">{{
mergeInfo2
}}</pre>
<pre class="gl-w-full" data-testid="how-to-merge-instructions">{{ mergeInfo2 }}</pre>
<clipboard-button
:text="mergeInfo2"
:title="$options.i18n.copyCommands"
@ -147,9 +143,7 @@ export default {
{{ $options.i18n.steps.step4.help }}
</p>
<div class="gl-display-flex">
<pre class="gl-overflow-scroll gl-w-full" data-testid="how-to-merge-instructions">{{
mergeInfo3
}}</pre>
<pre class="gl-w-full" data-testid="how-to-merge-instructions">{{ mergeInfo3 }}</pre>
<clipboard-button
:text="mergeInfo3"
:title="$options.i18n.copyCommands"

18
app/assets/stylesheets/components/milestone_combobox.scss
View File

@ -1,8 +1,14 @@
.selected-item {
/* stylelint-disable-next-line function-url-quotes */
background: url(asset_path('checkmark.png')) no-repeat 0 2px;
}
.milestone-combobox {
.selected-item {
/* stylelint-disable-next-line function-url-quotes */
background: url(asset_path('checkmark.png')) no-repeat 0 2px;
}
.dropdown-item-space {
padding: 8px 12px;
.dropdown-item-space {
padding: 8px 12px;
}
.dropdown-menu.show {
overflow: hidden;
}
}

1
app/models/merge_request.rb
View File

@ -1039,6 +1039,7 @@ class MergeRequest < ApplicationRecord
def work_in_progress?
self.class.work_in_progress?(title)
end
alias_method :draft?, :work_in_progress?
def wipless_title
self.class.wipless_title(self.title)

10
app/services/alert_management/create_alert_issue_service.rb
View File

@ -4,6 +4,8 @@ module AlertManagement
class CreateAlertIssueService
include Gitlab::Utils::StrongMemoize
DEFAULT_ALERT_TITLE = ::Gitlab::AlertManagement::Payload::Generic::DEFAULT_TITLE
# @param alert [AlertManagement::Alert]
# @param user [User]
def initialize(alert, user)
@ -21,6 +23,8 @@ module AlertManagement
issue = result.payload[:issue]
return error(object_errors(alert), issue) unless associate_alert_with_issue(issue)
update_title_for(issue)
SystemNoteService.new_alert_issue(alert, issue, user)
result
@ -50,6 +54,12 @@ module AlertManagement
alert.update(issue_id: issue.id)
end
def update_title_for(issue)
return unless issue.title == DEFAULT_ALERT_TITLE
issue.update!(title: _('New: Incident %{iid}' % { iid: issue.iid }))
end
def error(message, issue = nil)
ServiceResponse.error(payload: { issue: issue }, message: message)
end

34
app/services/import/github_service.rb
View File

@ -2,6 +2,9 @@
module Import
class GithubService < Import::BaseService
include ActiveSupport::NumberHelper
include Gitlab::Utils::StrongMemoize
attr_accessor :client
attr_reader :params, :current_user
@ -14,6 +17,10 @@ module Import
return error(_('This namespace has already been taken! Please choose another one.'), :unprocessable_entity)
end
if oversized?
return error(oversize_error_message, :unprocessable_entity)
end
project = create_project(access_params, provider)
if project.persisted?
@ -32,7 +39,8 @@ module Import
target_namespace,
current_user,
type: provider,
**access_params).execute(extra_project_attrs)
**access_params
).execute(extra_project_attrs)
end
def repo
@ -55,6 +63,30 @@ module Import
{}
end
def oversized?
repository_size_limit > 0 && repo.size > repository_size_limit
end
def oversize_error_message
_('"%{repository_name}" size (%{repository_size}) is larger than the limit of %{limit}.') % {
repository_name: repo.name,
repository_size: number_to_human_size(repo.size),
limit: number_to_human_size(repository_size_limit)
}
end
def repository_size_limit
strong_memoize :repository_size_limit do
namespace_limit = target_namespace.repository_size_limit.to_i
if namespace_limit > 0
namespace_limit
else
Gitlab::CurrentSettings.repository_size_limit.to_i
end
end
end
def authorized?
can?(current_user, :create_projects, target_namespace)
end

4
app/views/shared/issuable/_form.html.haml
View File

@ -64,11 +64,11 @@
.row-content-block{ class: (is_footer ? "footer-block" : "middle-block") }
.float-right
- if issuable.new_record?
= link_to 'Cancel', polymorphic_path([@project, issuable.class]), class: 'gl-button btn btn-cancel'
= link_to _('Cancel'), polymorphic_path([@project, issuable.class]), class: 'gl-button btn btn-cancel'
- else
- if can?(current_user, :"destroy_#{issuable.to_ability_name}", @project)
= link_to 'Delete', polymorphic_path([@project, issuable], params: { destroy_confirm: true }), data: { confirm: "#{issuable.human_class_name} will be removed! Are you sure?" }, method: :delete, class: 'btn btn-danger btn-grouped'
= link_to 'Cancel', polymorphic_path([@project, issuable]), class: 'gl-button btn btn-grouped btn-cancel'
= link_to _('Cancel'), polymorphic_path([@project, issuable]), class: 'gl-button btn btn-grouped btn-default btn-cancel'
%span.gl-mr-3
- if issuable.new_record?

5
changelogs/unreleased/btn-default-mr-cancel.yml Normal file
View File

@ -0,0 +1,5 @@
---
title: Add btn-default for cancel button in issueable form
merge_request: 53458
author: Yogi (@yo)
type: other

5
changelogs/unreleased/kassio-githubimporter-validate-repository-size.yml Normal file
View File

@ -0,0 +1,5 @@
---
title: 'Github Importer: Validate repository size before importing'
merge_request: 54449
author:
type: changed

5
changelogs/unreleased/nfriend-fix-milestone-combobox-double-scrollbar.yml Normal file
View File

@ -0,0 +1,5 @@
---
title: Fix double scrollbar issue in milestone selector dropdown
merge_request: 54734
author:
type: fixed

5
changelogs/unreleased/remove-scroll-merge-instruction.yml Normal file
View File

@ -0,0 +1,5 @@
---
title: Remove gl-overflow-scroll in merge instructions modal
merge_request: 54144
author: Yogi (@yo)
type: changed

5
changelogs/unreleased/sy-update-alert-title.yml Normal file
View File

@ -0,0 +1,5 @@
---
title: 'Update default title of alerts to New: Alert'
merge_request: 54621
author:
type: changed

8
config/feature_flags/development/query_deploymenys_via_finished_at_in_vsa.yml
View File

@ -1,8 +0,0 @@
---
name: query_deploymenys_via_finished_at_in_vsa
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/53050
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/300649
milestone: '13.9'
type: development
group: group::optimize
default_enabled: true

2
doc/administration/geo/replication/troubleshooting.md
View File

@ -428,7 +428,7 @@ To solve this:
1. Log into the secondary Geo node.
1. Back up [the `.git` folder](../../repository_storage_types.md#translating-hashed-storage-paths).
1. Back up [the `.git` folder](../../repository_storage_types.md#translate-hashed-storage-paths).
1. Optional: [Spot-check](../../troubleshooting/log_parsing.md#find-all-projects-affected-by-a-fatal-git-problem))
a few of those IDs whether they indeed correspond

4
doc/administration/repository_storage_paths.md
View File

@ -13,7 +13,9 @@ GitLab stores [repositories](../user/project/repository/index.md) on repository
storage is either:
- A `gitaly_address`, which points to a [Gitaly node](gitaly/index.md).
- A `path`, which points directly a directory where the repository is stored.
- A `path`, which points directly a directory where the repositories are stored. This method is
deprecated and [scheduled to be removed](https://gitlab.com/gitlab-org/gitaly/-/issues/1690) in
GitLab 14.0.
GitLab allows you to define multiple repository storages to distribute the storage load between
several mount points. For example:

128
doc/administration/repository_storage_types.md
View File

@ -7,51 +7,53 @@ type: reference, howto
# Repository storage types **(FREE SELF)**
> - [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/28283) in GitLab 10.0.
> - Hashed storage became the default for new installations in GitLab 12.0
> - Hashed storage is enabled by default for new and renamed projects in GitLab 13.0.
GitLab can be configured to use one or multiple repository storages. These storages can be:
GitLab can be configured to use one or multiple repository storage paths/shard
locations that can be:
- Accessed via [Gitaly](gitaly/index.md), optionally on
[its own server](gitaly/index.md#run-gitaly-on-its-own-server).
- Mounted to the local disk. This [method](repository_storage_paths.md#configure-repository-storage-paths)
is deprecated and [scheduled to be removed](https://gitlab.com/groups/gitlab-org/-/epics/2320) in
GitLab 14.0.
- Exposed as an NFS shared volume. This method is deprecated and
[scheduled to be removed](https://gitlab.com/groups/gitlab-org/-/epics/3371) in GitLab 14.0.
- Mounted to the local disk
- Exposed as an NFS shared volume
- Accessed via [Gitaly](gitaly/index.md) on its own machine.
In GitLab:
In GitLab, this is configured in `/etc/gitlab/gitlab.rb` by the `git_data_dirs({})`
configuration hash. The storage layouts discussed here apply to any shard
defined in it.
- Repository storages are configured in:
- `/etc/gitlab/gitlab.rb` by the `git_data_dirs({})` configuration hash for Omnibus GitLab
installations.
- `gitlab.yml` by the `repositories.storages` key for installations from source.
- The `default` repository storage is available in any installations that haven't customized it. By
default, it points to a Gitaly node.
The `default` repository shard that is available in any installations
that haven't customized it, points to the local folder: `/var/opt/gitlab/git-data`.
Anything discussed below is expected to be part of that folder.
The repository storage types documented here apply to any repository storage defined in
`git_data_dirs({})` or `repositories.storages`.
## Hashed storage
NOTE:
In GitLab 13.0, hashed storage is enabled by default and the legacy storage is
deprecated. Support for legacy storage is scheduled to be removed in GitLab 14.0.
If you haven't migrated yet, check the
[migration instructions](raketasks/storage.md#migrate-to-hashed-storage).
The option to choose between hashed and legacy storage in the admin area has
been disabled.
> - [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/28283) in GitLab 10.0.
> - Made the default for new installations in GitLab 12.0.
> - Enabled by default for new and renamed projects in GitLab 13.0.
Hashed storage is the storage behavior we rolled out with 10.0. Instead
of coupling project URL and the folder structure where the repository is
stored on disk, we couple a hash based on the project's ID. This makes
the folder structure immutable, and therefore eliminates any requirement to
synchronize state from URLs to disk structure. This means that renaming a group,
user, or project costs only the database transaction, and takes effect
immediately.
Hashed storage stores projects on disk in a location based on a hash of the project's ID. Hashed
storage is different to [legacy storage](#legacy-storage) where a project is stored based on:
The hash also helps spread the repositories more evenly on the disk. The
top-level directory contains fewer folders than the total number of top-level
namespaces.
- The project's URL.
- The folder structure where the repository is stored on disk.
The hash format is based on the hexadecimal representation of SHA256:
`SHA256(project.id)`. The top-level folder uses the first 2 characters, followed
by another folder with the next 2 characters. They are both stored in a special
`@hashed` folder, to be able to co-exist with existing Legacy Storage projects:
This makes the folder structure immutable and eliminates the need to synchronize state from URLs to
disk structure. This means that renaming a group, user, or project:
- Costs only the database transaction.
- Takes effect immediately.
The hash also helps spread the repositories more evenly on the disk. The top-level directory
contains fewer folders than the total number of top-level namespaces.
The hash format is based on the hexadecimal representation of a SHA256, calculated with
`SHA256(project.id)`. The top-level folder uses the first two characters, followed by another folder
with the next two characters. They are both stored in a special `@hashed` folder so they can
co-exist with existing legacy storage projects. For example:
```ruby
# Project's repository:
@ -61,53 +63,59 @@ by another folder with the next 2 characters. They are both stored in a special
"@hashed/#{hash[0..1]}/#{hash[2..3]}/#{hash}.wiki.git"
```
### Translating hashed storage paths
### Translate hashed storage paths
Troubleshooting problems with the Git repositories, adding hooks, and other
tasks requires you translate between the human readable project name
and the hashed storage path.
Troubleshooting problems with the Git repositories, adding hooks, and other tasks requires you
translate between the human-readable project name and the hashed storage path. You can translate:
- From a [project's name to its hashed path](#from-project-name-to-hashed-path).
- From a [hashed path to a project's name](#from-hashed-path-to-project-name).
#### From project name to hashed path
The hashed path is shown on the project's page in the [admin area](../user/admin_area/index.md#administering-projects).
Administrators can look up a project's hashed path from its name or ID using:
To access the Projects page, go to **Admin Area > Overview > Projects** and then
open up the page for the project.
- The [Admin area](../user/admin_area/index.md#administering-projects).
- A Rails console.
The "Gitaly relative path" is shown there, for example:
To look up a project's hash path in the Admin Area:
1. Go to the **Admin Area** (**{admin}**).
1. Go to **Overview > Projects** and select the project.
The **Gitaly relative path** is displayed there and looks similar to:
```plaintext
"@hashed/b1/7e/b17ef6d19c7a5b1ee83b907c595526dcb1eb06db8227d650d5dda0a9f4ce8cd9.git"
```
This is the path under `/var/opt/gitlab/git-data/repositories/` on a
default Omnibus installation.
To look up a project's hash path using a Rails console:
In a [Rails console](operations/rails_console.md#starting-a-rails-console-session),
get this information using either the numeric project ID or the full path:
1. Start a [Rails console](operations/rails_console.md#starting-a-rails-console-session).
1. Run a command similar to this example (use either the project's ID or its name):
```ruby
Project.find(16).disk_path
Project.find_by_full_path('group/project').disk_path
```
```ruby
Project.find(16).disk_path
Project.find_by_full_path('group/project').disk_path
```
#### From hashed path to project name
To translate from a hashed storage path to a project name:
Administrators can look up a project's name from its hashed storage path using a Rails console. To
look up a project's name from its hashed storage path:
1. Start a [Rails console](operations/rails_console.md#starting-a-rails-console-session).
1. Run the following:
1. Run a command similar to this example:
```ruby
ProjectRepository.find_by(disk_path: '@hashed/b1/7e/b17ef6d19c7a5b1ee83b907c595526dcb1eb06db8227d650d5dda0a9f4ce8cd9').project
```
```ruby
ProjectRepository.find_by(disk_path: '@hashed/b1/7e/b17ef6d19c7a5b1ee83b907c595526dcb1eb06db8227d650d5dda0a9f4ce8cd9').project
```
The quoted string in that command is the directory tree you can find on your
GitLab server. For example, on a default Omnibus installation this would be
`/var/opt/gitlab/git-data/repositories/@hashed/b1/7e/b17ef6d19c7a5b1ee83b907c595526dcb1eb06db8227d650d5dda0a9f4ce8cd9.git`
The quoted string in that command is the directory tree you can find on your GitLab server. For
example, on a default Omnibus installation this would be `/var/opt/gitlab/git-data/repositories/@hashed/b1/7e/b17ef6d19c7a5b1ee83b907c595526dcb1eb06db8227d650d5dda0a9f4ce8cd9.git`
with `.git` from the end of the directory name removed.
The output includes the project ID and the project name:
The output includes the project ID and the project name. For example:
```plaintext
=> #<Project id:16 it/supportteam/ticketsystem>

4
doc/administration/server_hooks.md
View File

@ -54,7 +54,7 @@ Follow the steps below to set up a server-side hook for a repository:
1. Navigate to **Admin area > Projects** and click on the project you want to add a server hook to.
1. Locate the **Gitaly relative path** on the page that appears. This is where the server hook
must be implemented. For information on interpreting the relative path, see
[Translating hashed storage paths](repository_storage_types.md#translating-hashed-storage-paths).
[Translate hashed storage paths](repository_storage_types.md#translate-hashed-storage-paths).
1. On the file system, create a new directory in this location called `custom_hooks`.
1. Inside the new `custom_hooks` directory, create a file with a name matching the hook type. For
example, for a pre-receive hook the filename should be `pre-receive` with no extension.
@ -128,7 +128,7 @@ Any other names are ignored.
Files in `.d` directories must be executable and not match the backup file pattern (`*~`).
For `<project>.git` you need to [translate](repository_storage_types.md#translating-hashed-storage-paths)
For `<project>.git` you need to [translate](repository_storage_types.md#translate-hashed-storage-paths)
your project name into the hashed storage format that GitLab uses.
## Environment Variables

2
doc/operations/incident_management/integrations.md
View File

@ -79,7 +79,7 @@ to configure alerts for this integration.
## Customize the alert payload outside of GitLab
For all integration types, you can customize the payload by sending the following
parameters. All fields are optional. If the incoming alert does not contain a value for the `Title` field, a default value of `New: Incident` will be applied.
parameters. All fields are optional. If the incoming alert does not contain a value for the `Title` field, a default value of `New: Alert` will be applied.
| Property | Type | Description |
| ------------------------- | --------------- | ----------- |

BIN
doc/user/application_security/security_dashboard/img/pipeline_security_dashboard_v13_10.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 163 KiB

After

Width:  |  Height:  |  Size: 78 KiB

12
doc/user/application_security/security_dashboard/index.md
View File

@ -35,9 +35,7 @@ The security dashboard and vulnerability report displays information about vulne
- [Static Application Security Testing](../sast/index.md)
- And [others](../index.md#security-scanning-tools)!
## Requirements
To use the security dashboards and vulnerability reports:
## Prerequisites
1. At least one project inside a group must be configured with at least one of
the [supported reports](#supported-reports).
@ -63,6 +61,14 @@ job finishes but the DAST job fails, the security dashboard doesn't show SAST re
the analyzer outputs an
[exit code](../../../development/integrations/secure.md#exit-code).
### Scan details
> [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/3728) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.10.
The **Scan details** section lists the scans run in the pipeline and the total number of
vulnerabilities per scan. For the DAST scan, select **Download scanned resources** to download a
CSV file containing details of the resources scanned.
## Project Security Dashboard
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/235558) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.6.

27
doc/user/application_security/vulnerabilities/index.md
View File

@ -19,8 +19,7 @@ Each security vulnerability in a project's [Vulnerability Report](../vulnerabili
On the vulnerability's page, you can:
- [Change the vulnerability's status](#change-vulnerability-status).
- [Create a GitLab issue](#create-a-gitlab-issue-for-a-vulnerability).
- [Create a Jira issue](#create-a-jira-issue-for-a-vulnerability).
- [Create an issue](#create-an-issue-for-a-vulnerability).
- [Link issues to the vulnerability](#link-gitlab-issues-to-the-vulnerability).
- [Automatically remediate the vulnerability](#automatically-remediate-the-vulnerability), if an
automatic solution is available.
@ -40,7 +39,21 @@ the following values:
A timeline shows you when the vulnerability status has changed
and allows you to comment on a change.
## Create a GitLab issue for a vulnerability
## Create an issue for a vulnerability
From a vulnerability's page you can create an issue to track all action taken to resolve or
mitigate it.
From a vulnerability you can create either:
- [A GitLab issue](#create-a-gitlab-issue-for-a-vulnerability) (default).
- [A Jira issue](#create-a-jira-issue-for-a-vulnerability).
Creating a Jira issue requires that
[Jira integration](../../project/integrations/jira_integrations.md) is enabled on the project. Note
that when Jira integration is enabled, the GitLab issue feature is not available.
### Create a GitLab issue for a vulnerability
To create a GitLab issue for a vulnerability:
@ -50,7 +63,7 @@ To create a GitLab issue for a vulnerability:
An issue is created in the project, prepopulated with information from the vulnerability report.
The issue is then opened so you can take further action.
## Create a Jira issue for a vulnerability
### Create a Jira issue for a vulnerability
> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/4677) in GitLab 13.9.
> - It's [deployed behind a feature flag](../../../user/feature_flags.md), enabled by default.
@ -64,9 +77,9 @@ This feature might not be available to you. Check the **version history** note a
Prerequisites:
- [Enable Jira integration for vulnerabilities](../../project/integrations/jira.md).
Select **Enable Jira issues creation from vulnerabilities** when configuring the integration.
- A Jira user account with permission to create issues in the target project.
- [Enable Jira integration](../../project/integrations/jira.md).
The **Enable Jira issues creation from vulnerabilities** option must be selected as part of the configuration.
- Each user must have a personal Jira user account with permission to create issues in the target project.
To create a Jira issue for a vulnerability:

2
lib/gitlab/alert_management/payload/generic.rb
View File

@ -5,7 +5,7 @@ module Gitlab
module AlertManagement
module Payload
class Generic < Base
DEFAULT_TITLE = 'New: Incident'
DEFAULT_TITLE = 'New: Alert'
attribute :description, paths: 'description'
attribute :ends_at, paths: 'end_time', type: :time

9
lib/gitlab/ci/reports/reports_comparer.rb
View File

@ -8,6 +8,7 @@ module Gitlab
STATUS_SUCCESS = 'success'
STATUS_FAILED = 'failed'
STATUS_NOT_FOUND = 'not_found'
attr_reader :base_report, :head_report
@ -17,7 +18,13 @@ module Gitlab
end
def status
success? ? STATUS_SUCCESS : STATUS_FAILED
if success?
STATUS_SUCCESS
elsif base_report.nil? || head_report.nil?
STATUS_NOT_FOUND
else
STATUS_FAILED
end
end
def success?

14
lib/gitlab/cycle_analytics/summary/deploy.rb
View File

@ -15,16 +15,10 @@ module Gitlab
private
def deployments_count
if Feature.enabled?(:query_deploymenys_via_finished_at_in_vsa, default_enabled: :yaml)
DeploymentsFinder
.new(project: @project, finished_after: @from, finished_before: @to, status: :success)
.execute
.count
else
query = @project.deployments.success.where("created_at >= ?", @from)
query = query.where("created_at <= ?", @to) if @to
query.count
end
DeploymentsFinder
.new(project: @project, finished_after: @from, finished_before: @to, status: :success)
.execute
.count
end
end
end

6
locale/gitlab.pot
View File

@ -74,6 +74,9 @@ msgstr ""
msgid "\"%{path}\" did not exist on \"%{ref}\""
msgstr ""
msgid "\"%{repository_name}\" size (%{repository_size}) is larger than the limit of %{limit}."
msgstr ""
msgid "\"el\" parameter is required for createInstance()"
msgstr ""
@ -20112,6 +20115,9 @@ msgstr ""
msgid "New..."
msgstr ""
msgid "New: Incident %{iid}"
msgstr ""
msgid "Newest first"
msgstr ""

2
spec/frontend/incidents/mocks/incidents.json
View File

@ -1,7 +1,7 @@
[
{
"iid": "15",
"title": "New: Incident",
"title": "New: Alert",
"createdAt": "2020-06-03T15:46:08Z",
"assignees": {},
"state": "opened",

2
spec/lib/gitlab/alert_management/payload/generic_spec.rb
View File

@ -13,7 +13,7 @@ RSpec.describe Gitlab::AlertManagement::Payload::Generic do
describe '#title' do
subject { parsed_payload.title }
it_behaves_like 'parsable alert payload field with fallback', 'New: Incident', 'title'
it_behaves_like 'parsable alert payload field with fallback', 'New: Alert', 'title'
end
describe '#severity' do

24
spec/lib/gitlab/ci/reports/reports_comparer_spec.rb
View File

@ -45,6 +45,30 @@ RSpec.describe Gitlab::Ci::Reports::ReportsComparer do
expect(status).to eq('failed')
end
end
context 'when base_report is nil' do
let(:base_report) { nil }
before do
allow(comparer).to receive(:success?).and_return(false)
end
it 'returns status not_found' do
expect(status).to eq('not_found')
end
end
context 'when head_report is nil' do
let(:head_report) { nil }
before do
allow(comparer).to receive(:success?).and_return(false)
end
it 'returns status not_found' do
expect(status).to eq('not_found')
end
end
end
describe '#success?' do

33
spec/lib/gitlab/cycle_analytics/stage_summary_spec.rb
View File

@ -230,34 +230,13 @@ RSpec.describe Gitlab::CycleAnalytics::StageSummary do
end
context 'when `from` and `to` are within a day' do
context 'when query_deploymenys_via_finished_at_in_vsa feature flag is off' do
before do
stub_feature_flags(query_deploymenys_via_finished_at_in_vsa: false)
end
it 'returns the number of deployments made on that day' do
freeze_time do
create(:deployment, :success, project: project, finished_at: Time.zone.now)
options[:from] = Time.zone.now.at_beginning_of_day
options[:to] = Time.zone.now.at_end_of_day
it 'returns the number of deployments made on that day' do
freeze_time do
create(:deployment, :success, project: project)
options[:from] = options[:to] = Time.zone.now
expect(subject).to eq('1')
end
end
end
context 'when query_deploymenys_via_finished_at_in_vsa feature flag is off' do
before do
stub_feature_flags(query_deploymenys_via_finished_at_in_vsa: true)
end
it 'returns the number of deployments made on that day' do
freeze_time do
create(:deployment, :success, project: project, finished_at: Time.zone.now)
options[:from] = Time.zone.now.at_beginning_of_day
options[:to] = Time.zone.now.at_end_of_day
expect(subject).to eq('1')
end
expect(subject).to eq('1')
end
end
end

4
spec/models/merge_request_spec.rb
View File

@ -1366,6 +1366,10 @@ RSpec.describe MergeRequest, factory_default: :keep do
it "doesn't detect WIP by default" do
expect(subject.work_in_progress?).to eq false
end
it "is aliased to #draft?" do
expect(subject.method(:work_in_progress?)).to eq(subject.method(:draft?))
end
end
describe "#wipless_title" do

27
spec/services/alert_management/create_alert_issue_service_spec.rb
View File

@ -118,9 +118,36 @@ RSpec.describe AlertManagement::CreateAlertIssueService do
context 'when the alert is generic' do
let(:alert) { generic_alert }
let(:issue) { subject.payload[:issue] }
let(:default_alert_title) { described_class::DEFAULT_ALERT_TITLE }
it_behaves_like 'creating an alert issue'
it_behaves_like 'setting an issue attributes'
context 'when alert title matches the default title exactly' do
before do
generic_alert.update!(title: default_alert_title)
end
it 'updates issue title with the IID' do
execute
expect(created_issue.title).to eq("New: Incident #{created_issue.iid}")
end
end
context 'when the alert title contains the default title' do
let(:non_default_alert_title) { "Not #{default_alert_title}" }
before do
generic_alert.update!(title: non_default_alert_title)
end
it 'does not change issue title' do
execute
expect(created_issue.title).to eq(non_default_alert_title)
end
end
end
context 'when issue cannot be created' do

64
spec/services/import/github_service_spec.rb
View File

@ -54,6 +54,62 @@ RSpec.describe Import::GithubService do
expect { subject.execute(access_params, :github) }.to raise_error(exception)
end
context 'repository size validation' do
let(:repository_double) { double(name: 'repository', size: 99) }
before do
expect(client).to receive(:repository).and_return(repository_double)
allow_next_instance_of(Gitlab::LegacyGithubImport::ProjectCreator) do |creator|
allow(creator).to receive(:execute).and_return(double(persisted?: true))
end
end
context 'when there is no repository size limit defined' do
it 'skips the check and succeeds' do
expect(subject.execute(access_params, :github)).to include(status: :success)
end
end
context 'when the target namespace repository size limit is defined' do
let_it_be(:group) { create(:group, repository_size_limit: 100) }
before do
params[:target_namespace] = group.full_path
end
it 'succeeds when the repository is smaller than the limit' do
expect(subject.execute(access_params, :github)).to include(status: :success)
end
it 'returns error when the repository is larger than the limit' do
allow(repository_double).to receive(:size).and_return(101)
expect(subject.execute(access_params, :github)).to include(size_limit_error)
end
end
context 'when target namespace repository limit is not defined' do
let_it_be(:group) { create(:group) }
before do
stub_application_setting(repository_size_limit: 100)
end
context 'when application size limit is defined' do
it 'succeeds when the repository is smaller than the limit' do
expect(subject.execute(access_params, :github)).to include(status: :success)
end
it 'returns error when the repository is larger than the limit' do
allow(repository_double).to receive(:size).and_return(101)
expect(subject.execute(access_params, :github)).to include(size_limit_error)
end
end
end
end
end
context 'when remove_legacy_github_client feature flag is enabled' do
@ -71,4 +127,12 @@ RSpec.describe Import::GithubService do
include_examples 'handles errors', Gitlab::LegacyGithubImport::Client
end
def size_limit_error
{
status: :error,
http_status: :unprocessable_entity,
message: '"repository" size (101 Bytes) is larger than the limit of 100 Bytes.'
}
end
end