root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2022-11-17 06:08:13 +00:00
parent 4d528bfd73
commit da92a12093
37 changed files with 615 additions and 229 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
app/models/user.rb
View File

@ -58,16 +58,16 @@ class User < ApplicationRecord
add_authentication_token_field :feed_token
add_authentication_token_field :static_object_token, encrypted: :optional
default_value_for :admin, false
default_value_for(:external) { Gitlab::CurrentSettings.user_default_external }
default_value_for(:can_create_group) { Gitlab::CurrentSettings.can_create_group }
default_value_for :can_create_team, false
default_value_for :hide_no_ssh_key, false
default_value_for :hide_no_password, false
default_value_for :project_view, :files
default_value_for :notified_of_own_activity, false
default_value_for :preferred_language, I18n.default_locale
default_value_for :theme_id, gitlab_config.default_theme
attribute :admin, default: false
attribute :external, default: -> { Gitlab::CurrentSettings.user_default_external }
attribute :can_create_group, default: -> { Gitlab::CurrentSettings.can_create_group }
attribute :can_create_team, default: false
attribute :hide_no_ssh_key, default: false
attribute :hide_no_password, default: false
attribute :project_view, default: :files
attribute :notified_of_own_activity, default: false
attribute :preferred_language, default: -> { I18n.default_locale }
attribute :theme_id, default: -> { gitlab_config.default_theme }
attr_encrypted :otp_secret,
key: Gitlab::Application.secrets.otp_key_base,

69
app/models/user_preference.rb
View File

@ -26,10 +26,10 @@ class UserPreference < ApplicationRecord
ignore_columns :experience_level, remove_with: '14.10', remove_after: '2021-03-22'
default_value_for :tab_width, value: Gitlab::TabWidth::DEFAULT, allows_nil: false
default_value_for :time_display_relative, value: true, allows_nil: false
default_value_for :time_format_in_24h, value: false, allows_nil: false
default_value_for :render_whitespace_in_code, value: false, allows_nil: false
attribute :tab_width, default: -> { Gitlab::TabWidth::DEFAULT }
attribute :time_display_relative, default: true
attribute :time_format_in_24h, default: false
attribute :render_whitespace_in_code, default: false
class << self
def notes_filters
@ -59,6 +59,67 @@ class UserPreference < ApplicationRecord
self[notes_filter_field_for(resource)]
end
def tab_width
read_attribute(:tab_width) || self.class.column_defaults['tab_width']
end
def tab_width=(value)
if value.nil?
default = self.class.column_defaults['tab_width']
super(default)
else
super(value)
end
end
def time_display_relative
value = read_attribute(:time_display_relative)
return value unless value.nil?
self.class.column_defaults['time_display_relative']
end
def time_display_relative=(value)
if value.nil?
default = self.class.column_defaults['time_display_relative']
super(default)
else
super(value)
end
end
def time_format_in_24h
value = read_attribute(:time_format_in_24h)
return value unless value.nil?
self.class.column_defaults['time_format_in_24h']
end
def time_format_in_24h=(value)
if value.nil?
default = self.class.column_defaults['time_format_in_24h']
super(default)
else
super(value)
end
end
def render_whitespace_in_code
value = read_attribute(:render_whitespace_in_code)
return value unless value.nil?
self.class.column_defaults['render_whitespace_in_code']
end
def render_whitespace_in_code=(value)
if value.nil?
default = self.class.column_defaults['render_whitespace_in_code']
super(default)
else
super(value)
end
end
private
def notes_filter_field_for(resource)

2
app/workers/namespaces/root_statistics_worker.rb
View File

@ -4,7 +4,7 @@ module Namespaces
class RootStatisticsWorker
include ApplicationWorker
data_consistency :sticky, feature_flag: :root_statistics_worker_read_replica
data_consistency :sticky
sidekiq_options retry: 3

8
config/feature_flags/development/root_statistics_worker_read_replica.yml
View File

@ -1,8 +0,0 @@
---
name: root_statistics_worker_read_replica
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/102516
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/379678
milestone: '15.6'
type: development
group: group::utilization
default_enabled: false

8
config/feature_flags/ops/jira_raise_timeouts.yml
View File

@ -1,8 +0,0 @@
---
name: jira_raise_timeouts
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/86439
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/375587
milestone: '15.0'
type: ops
group: group::integrations
default_enabled: false

3
config/metrics/counts_28d/20210216184559_ci_templates_total_unique_counts_monthly.yml
View File

@ -94,6 +94,8 @@ options:
- p_ci_templates_jobs_secret_detection_latest
- p_ci_templates_jobs_code_intelligence
- p_ci_templates_jobs_code_quality
- p_ci_templates_jobs_container_scanning
- p_ci_templates_jobs_container_scanning_latest
- p_ci_templates_jobs_dependency_scanning
- p_ci_templates_jobs_dependency_scanning_latest
- p_ci_templates_jobs_license_scanning
@ -142,6 +144,7 @@ options:
- p_ci_templates_implicit_jobs_secret_detection
- p_ci_templates_implicit_jobs_code_intelligence
- p_ci_templates_implicit_jobs_code_quality
- p_ci_templates_implicit_jobs_container_scanning
- p_ci_templates_implicit_jobs_dependency_scanning
- p_ci_templates_implicit_jobs_license_scanning
- p_ci_templates_implicit_jobs_deploy_ecs

25
config/metrics/counts_28d/20221108092725_p_ci_templates_implicit_jobs_container_scanning_monthly.yml Normal file
View File

@ -0,0 +1,25 @@
---
key_path: redis_hll_counters.ci_templates.p_ci_templates_implicit_jobs_container_scanning_monthly
description: Monthly counts for implicit use of Container Scanning CI template (Jobs folder)
product_section: sec
product_stage: secure
product_group: composition_analysis
product_category: container_scanning
value_type: number
status: active
milestone: '15.6'
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/103262"
time_frame: 28d
data_source: redis_hll
data_category: optional
instrumentation_class: RedisHLLMetric
distribution:
- ce
- ee
tier:
- free
- premium
- ultimate
options:
events:
- p_ci_templates_implicit_jobs_container_scanning

25
config/metrics/counts_28d/20221108092725_p_ci_templates_jobs_container_scanning_latest_monthly.yml Normal file
View File

@ -0,0 +1,25 @@
---
key_path: redis_hll_counters.ci_templates.p_ci_templates_jobs_container_scanning_latest_monthly
description: Monthly counts for Container Scanning CI Latest template (Jobs folder)
product_section: sec
product_stage: secure
product_group: composition_analysis
product_category: container_scanning
value_type: number
status: active
milestone: '15.6'
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/103262"
time_frame: 28d
data_source: redis_hll
data_category: optional
instrumentation_class: RedisHLLMetric
distribution:
- ce
- ee
tier:
- free
- premium
- ultimate
options:
events:
- p_ci_templates_jobs_container_scanning_latest

25
config/metrics/counts_28d/20221108092725_p_ci_templates_jobs_container_scanning_monthly.yml Normal file
View File

@ -0,0 +1,25 @@
---
key_path: redis_hll_counters.ci_templates.p_ci_templates_jobs_container_scanning_monthly
description: Monthly counts for Container Scanning CI template (Jobs folder)
product_section: sec
product_stage: secure
product_group: composition_analysis
product_category: container_scanning
value_type: number
status: active
milestone: '15.6'
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/103262"
time_frame: 28d
data_source: redis_hll
data_category: optional
instrumentation_class: RedisHLLMetric
distribution:
- ce
- ee
tier:
- free
- premium
- ultimate
options:
events:
- p_ci_templates_jobs_container_scanning

3
config/metrics/counts_7d/20210216184557_ci_templates_total_unique_counts_weekly.yml
View File

@ -94,6 +94,8 @@ options:
- p_ci_templates_jobs_secret_detection_latest
- p_ci_templates_jobs_code_intelligence
- p_ci_templates_jobs_code_quality
- p_ci_templates_jobs_container_scanning
- p_ci_templates_jobs_container_scanning_latest
- p_ci_templates_jobs_dependency_scanning
- p_ci_templates_jobs_dependency_scanning_latest
- p_ci_templates_jobs_license_scanning
@ -142,6 +144,7 @@ options:
- p_ci_templates_implicit_jobs_secret_detection
- p_ci_templates_implicit_jobs_code_intelligence
- p_ci_templates_implicit_jobs_code_quality
- p_ci_templates_implicit_jobs_container_scanning
- p_ci_templates_implicit_jobs_dependency_scanning
- p_ci_templates_implicit_jobs_license_scanning
- p_ci_templates_implicit_jobs_deploy_ecs

25
config/metrics/counts_7d/20221108092725_p_ci_templates_implicit_jobs_container_scanning_weekly.yml Normal file
View File

@ -0,0 +1,25 @@
---
key_path: redis_hll_counters.ci_templates.p_ci_templates_implicit_jobs_container_scanning_weekly
description: Weekly counts for implicit use of Container Scanning CI template (Jobs folder)
product_section: sec
product_stage: secure
product_group: composition_analysis
product_category: container_scanning
value_type: number
status: active
milestone: '15.6'
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/103262"
time_frame: 7d
data_source: redis_hll
data_category: optional
instrumentation_class: RedisHLLMetric
distribution:
- ce
- ee
tier:
- free
- premium
- ultimate
options:
events:
- p_ci_templates_implicit_jobs_container_scanning

25
config/metrics/counts_7d/20221108092725_p_ci_templates_jobs_container_scanning_latest_weekly.yml Normal file
View File

@ -0,0 +1,25 @@
---
key_path: redis_hll_counters.ci_templates.p_ci_templates_jobs_container_scanning_latest_weekly
description: Weekly counts for Container Scanning CI Latest template (Jobs folder)
product_section: sec
product_stage: secure
product_group: composition_analysis
product_category: container_scanning
value_type: number
status: active
milestone: '15.6'
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/103262"
time_frame: 7d
data_source: redis_hll
data_category: optional
instrumentation_class: RedisHLLMetric
distribution:
- ce
- ee
tier:
- free
- premium
- ultimate
options:
events:
- p_ci_templates_jobs_container_scanning_latest

25
config/metrics/counts_7d/20221108092725_p_ci_templates_jobs_container_scanning_weekly.yml Normal file
View File

@ -0,0 +1,25 @@
---
key_path: redis_hll_counters.ci_templates.p_ci_templates_jobs_container_scanning_weekly
description: Weekly counts for Container Scanning CI template (Jobs folder)
product_section: sec
product_stage: secure
product_group: composition_analysis
product_category: container_scanning
value_type: number
status: active
milestone: '15.6'
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/103262"
time_frame: 7d
data_source: redis_hll
data_category: optional
instrumentation_class: RedisHLLMetric
distribution:
- ce
- ee
tier:
- free
- premium
- ultimate
options:
events:
- p_ci_templates_jobs_container_scanning

2
doc/development/integrations/secure_partner_integration.md
View File

@ -90,7 +90,7 @@ and complete an integration with the Secure stage.
- Documentation for [SAST reports](../../user/application_security/sast/index.md#reports-json-format).
- Documentation for [Dependency Scanning reports](../../user/application_security/dependency_scanning/index.md#reports-json-format).
- Documentation for [Container Scanning reports](../../user/application_security/container_scanning/index.md#reports-json-format).
- See this [example secure job definition that also defines the artifact created](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml).
- See this [example secure job definition that also defines the artifact created](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml).
- If you need a new kind of scan or report, [create an issue](https://gitlab.com/gitlab-org/gitlab/-/issues/new#)
and add the label `devops::secure`.
- Once the job is completed, the data can be seen:

24
doc/user/application_security/container_scanning/index.md
View File

@ -90,12 +90,12 @@ To enable container scanning in your pipeline, you need the following:
## Configuration
To enable container scanning, add the
[`Container-Scanning.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml)
[`Container-Scanning.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml)
to your `.gitlab-ci.yml` file:
```yaml
include:
- template: Security/Container-Scanning.gitlab-ci.yml
- template: Jobs/Container-Scanning.gitlab-ci.yml
```
The included template:
@ -117,7 +117,7 @@ registry, and scans the image:
```yaml
include:
- template: Jobs/Build.gitlab-ci.yml
- template: Security/Container-Scanning.gitlab-ci.yml
- template: Jobs/Container-Scanning.gitlab-ci.yml
container_scanning:
variables:
@ -142,7 +142,7 @@ enables verbose output for the analyzer:
```yaml
include:
- template: Security/Container-Scanning.gitlab-ci.yml
- template: Jobs/Container-Scanning.gitlab-ci.yml
variables:
SECURE_LOG_LEVEL: 'debug'
@ -154,7 +154,7 @@ To scan images located in a registry other than the project's, use the following
```yaml
include:
- template: Security/Container-Scanning.gitlab-ci.yml
- template: Jobs/Container-Scanning.gitlab-ci.yml
container_scanning:
variables:
@ -178,7 +178,7 @@ container_scanning:
- export AWS_ECR_PASSWORD=$(aws ecr get-login-password --region region)
include:
- template: Security/Container-Scanning.gitlab-ci.yml
- template: Jobs/Container-Scanning.gitlab-ci.yml
CS_IMAGE: <aws_account_id>.dkr.ecr.<region>.amazonaws.com/<image>:<tag>
CS_REGISTRY_USER: AWS
CS_REGISTRY_PASSWORD: "$AWS_ECR_PASSWORD"
@ -199,7 +199,7 @@ For example:
```yaml
include:
- template: Security/Container-Scanning.gitlab-ci.yml
- template: Jobs/Container-Scanning.gitlab-ci.yml
container_scanning:
variables:
@ -223,7 +223,7 @@ By default, the report only includes packages managed by the Operating System (O
```yaml
include:
- template: Security/Container-Scanning.gitlab-ci.yml
- template: Jobs/Container-Scanning.gitlab-ci.yml
container_scanning:
variables:
@ -345,7 +345,7 @@ This example sets `GIT_STRATEGY` to `fetch`:
```yaml
include:
- template: Security/Container-Scanning.gitlab-ci.yml
- template: Jobs/Container-Scanning.gitlab-ci.yml
container_scanning:
variables:
@ -391,7 +391,7 @@ duplicated:
```yaml
include:
- template: Security/Container-Scanning.gitlab-ci.yml
- template: Jobs/Container-Scanning.gitlab-ci.yml
container_scanning:
variables:
@ -577,7 +577,7 @@ For details on saving and transporting Docker images as a file, see Docker's doc
```yaml
include:
- template: Security/Container-Scanning.gitlab-ci.yml
- template: Jobs/Container-Scanning.gitlab-ci.yml
container_scanning:
image: $CI_REGISTRY/namespace/gitlab-container-scanning
@ -628,7 +628,7 @@ This example shows the configuration needed to scan images in a private [Google
```yaml
include:
- template: Security/Container-Scanning.gitlab-ci.yml
- template: Jobs/Container-Scanning.gitlab-ci.yml
container_scanning:
variables:

10
lib/api/ci/runner.rb
View File

@ -256,7 +256,7 @@ module API
header 'X-GitLab-Trace-Update-Interval', job.trace.update_interval.to_s
end
desc 'Authorize artifacts uploading for job' do
desc 'Authorize uploading job artifact' do
http_codes [[200, 'Upload allowed'],
[403, 'Forbidden'],
[405, 'Artifacts support not enabled'],
@ -270,7 +270,7 @@ module API
# In current runner, filesize parameter would be empty here. This is because archive is streamed by runner,
# so the archive size is not known ahead of time. Streaming is done to not use additional I/O on
# Runner to first save, and then send via Network.
optional :filesize, type: Integer, desc: %q(Artifacts filesize)
optional :filesize, type: Integer, desc: %q(Size of artifact file)
optional :artifact_type, type: String, desc: %q(The type of artifact),
default: 'archive', values: ::Ci::JobArtifact.file_types.keys
@ -292,7 +292,7 @@ module API
end
end
desc 'Upload artifacts for job' do
desc 'Upload a job artifact' do
success Entities::Ci::JobRequest::Response
http_codes [[201, 'Artifact uploaded'],
[400, 'Bad request'],
@ -304,7 +304,7 @@ module API
requires :id, type: Integer, desc: %q(Job's ID)
requires :file, type: ::API::Validations::Types::WorkhorseFile, desc: %(The artifact file to store (generated by Multipart middleware)), documentation: { type: 'file' }
optional :token, type: String, desc: %q(Job's authentication token)
optional :expire_in, type: String, desc: %q(Specify when artifacts should expire)
optional :expire_in, type: String, desc: %q(Specify when artifact should expire)
optional :artifact_type, type: String, desc: %q(The type of artifact),
default: 'archive', values: ::Ci::JobArtifact.file_types.keys
optional :artifact_format, type: String, desc: %q(The format of artifact),
@ -333,7 +333,7 @@ module API
end
desc 'Download the artifacts file for job' do
http_codes [[200, 'Upload allowed'],
http_codes [[200, 'Download allowed'],
[401, 'Unauthorized'],
[403, 'Forbidden'],
[404, 'Artifact not found']]

10
lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml
View File

@ -177,11 +177,11 @@ include:
- template: Jobs/Browser-Performance-Testing.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Browser-Performance-Testing.gitlab-ci.yml
- template: Jobs/Helm-2to3.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Helm-2to3.gitlab-ci.yml
- template: Security/DAST.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml
- template: Security/Container-Scanning.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml
- template: Security/Dependency-Scanning.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
- template: Security/License-Scanning.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Security/License-Scanning.gitlab-ci.yml
- template: Security/SAST.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml
- template: Security/Secret-Detection.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml
- template: Jobs/Container-Scanning.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml
- template: Jobs/Dependency-Scanning.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.gitlab-ci.yml
- template: Jobs/License-Scanning.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml
- template: Jobs/SAST.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml
- template: Jobs/Secret-Detection.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml
# The latest build job generates a dotenv report artifact with a CI_APPLICATION_TAG
# that also includes the image digest. This configures Auto Deploy to receive

2
lib/gitlab/ci/templates/Jobs/Browser-Performance-Testing.gitlab-ci.yml
View File

@ -7,7 +7,7 @@ browser_performance:
variables:
DOCKER_TLS_CERTDIR: ""
SITESPEED_IMAGE: sitespeedio/sitespeed.io
SITESPEED_VERSION: 14.1.0
SITESPEED_VERSION: 26.1.0
SITESPEED_OPTIONS: ''
services:
- name: 'docker:20.10.12-dind'

2
lib/gitlab/ci/templates/Jobs/Browser-Performance-Testing.latest.gitlab-ci.yml
View File

@ -7,7 +7,7 @@ browser_performance:
variables:
DOCKER_TLS_CERTDIR: ""
SITESPEED_IMAGE: sitespeedio/sitespeed.io
SITESPEED_VERSION: 14.1.0
SITESPEED_VERSION: latest
SITESPEED_OPTIONS: ''
services:
- name: 'docker:20.10.12-dind'

54
lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml Normal file
View File

@ -0,0 +1,54 @@
# To contribute improvements to CI/CD templates, please follow the Development guide at:
# https://docs.gitlab.com/ee/development/cicd/templates.html
# This specific template is located at:
# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml
# Use this template to enable container scanning in your project.
# You should add this template to an existing `.gitlab-ci.yml` file by using the `include:`
# keyword.
# The template should work without modifications but you can customize the template settings if
# needed: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
#
# Requirements:
# - A `test` stage to be present in the pipeline.
# - You must define the image to be scanned in the CS_IMAGE variable. If CS_IMAGE is the
# same as $CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG, you can skip this.
# - Container registry credentials defined by `CS_REGISTRY_USER` and `CS_REGISTRY_PASSWORD` variables if the
# image to be scanned is in a private registry.
# - For auto-remediation, a readable Dockerfile in the root of the project or as defined by the
# CS_DOCKERFILE_PATH variable.
#
# Configure container scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html).
# List of available variables: https://docs.gitlab.com/ee/user/application_security/container_scanning/#available-variables
variables:
CS_ANALYZER_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/security-products/container-scanning:5"
container_scanning:
image: "$CS_ANALYZER_IMAGE$CS_IMAGE_SUFFIX"
stage: test
variables:
# To provide a `vulnerability-allowlist.yml` file, override the GIT_STRATEGY variable in your
# `.gitlab-ci.yml` file and set it to `fetch`.
# For details, see the following links:
# https://docs.gitlab.com/ee/user/application_security/container_scanning/index.html#overriding-the-container-scanning-template
# https://docs.gitlab.com/ee/user/application_security/container_scanning/#vulnerability-allowlisting
GIT_STRATEGY: none
allow_failure: true
artifacts:
reports:
container_scanning: gl-container-scanning-report.json
dependency_scanning: gl-dependency-scanning-report.json
paths: [gl-container-scanning-report.json, gl-dependency-scanning-report.json]
dependencies: []
script:
- gtcs scan
rules:
- if: $CONTAINER_SCANNING_DISABLED
when: never
- if: $CI_COMMIT_BRANCH &&
$CI_GITLAB_FIPS_MODE == "true" &&
$CS_ANALYZER_IMAGE !~ /-(fips|ubi)\z/
variables:
CS_IMAGE_SUFFIX: -fips
- if: $CI_COMMIT_BRANCH

68
lib/gitlab/ci/templates/Jobs/Container-Scanning.latest.gitlab-ci.yml Normal file
View File

@ -0,0 +1,68 @@
# To contribute improvements to CI/CD templates, please follow the Development guide at:
# https://docs.gitlab.com/ee/development/cicd/templates.html
# This specific template is located at:
# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/Container-Scanning.latest.gitlab-ci.yml
# Use this template to enable container scanning in your project.
# You should add this template to an existing `.gitlab-ci.yml` file by using the `include:`
# keyword.
# The template should work without modifications but you can customize the template settings if
# needed: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
#
# Requirements:
# - A `test` stage to be present in the pipeline.
# - You must define the image to be scanned in the CS_IMAGE variable. If CS_IMAGE is the
# same as $CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG, you can skip this.
# - Container registry credentials defined by `CS_REGISTRY_USER` and `CS_REGISTRY_PASSWORD` variables if the
# image to be scanned is in a private registry.
# - For auto-remediation, a readable Dockerfile in the root of the project or as defined by the
# CS_DOCKERFILE_PATH variable.
#
# Configure container scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html).
# List of available variables: https://docs.gitlab.com/ee/user/application_security/container_scanning/#available-variables
variables:
CS_ANALYZER_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/security-products/container-scanning:5"
container_scanning:
image: "$CS_ANALYZER_IMAGE$CS_IMAGE_SUFFIX"
stage: test
variables:
# To provide a `vulnerability-allowlist.yml` file, override the GIT_STRATEGY variable in your
# `.gitlab-ci.yml` file and set it to `fetch`.
# For details, see the following links:
# https://docs.gitlab.com/ee/user/application_security/container_scanning/index.html#overriding-the-container-scanning-template
# https://docs.gitlab.com/ee/user/application_security/container_scanning/#vulnerability-allowlisting
GIT_STRATEGY: none
allow_failure: true
artifacts:
reports:
container_scanning: gl-container-scanning-report.json
dependency_scanning: gl-dependency-scanning-report.json
paths: [gl-container-scanning-report.json, gl-dependency-scanning-report.json]
dependencies: []
script:
- gtcs scan
rules:
- if: $CONTAINER_SCANNING_DISABLED
when: never
# Add the job to merge request pipelines if there's an open merge request.
- if: $CI_PIPELINE_SOURCE == "merge_request_event" &&
$CI_GITLAB_FIPS_MODE == "true" &&
$CS_ANALYZER_IMAGE !~ /-(fips|ubi)\z/
variables:
CS_IMAGE_SUFFIX: -fips
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
# Don't add it to a *branch* pipeline if it's already in a merge request pipeline.
- if: $CI_OPEN_MERGE_REQUESTS
when: never
# Add the job to branch pipelines.
- if: $CI_COMMIT_BRANCH &&
$CI_GITLAB_FIPS_MODE == "true" &&
$CS_ANALYZER_IMAGE !~ /-(fips|ubi)\z/
variables:
CS_IMAGE_SUFFIX: -fips
- if: $CI_COMMIT_BRANCH

4
lib/gitlab/ci/templates/Jobs/Load-Performance-Testing.gitlab-ci.yml
View File

@ -4,8 +4,8 @@ load_performance:
allow_failure: true
variables:
DOCKER_TLS_CERTDIR: ""
K6_IMAGE: loadimpact/k6
K6_VERSION: 0.27.0
K6_IMAGE: grafana/k6
K6_VERSION: 0.41.0
K6_TEST_FILE: raw.githubusercontent.com/grafana/k6/master/samples/http_get.js
K6_OPTIONS: ''
K6_DOCKER_OPTIONS: ''

57
lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml
View File

@ -1,54 +1,5 @@
# To contribute improvements to CI/CD templates, please follow the Development guide at:
# https://docs.gitlab.com/ee/development/cicd/templates.html
# This specific template is located at:
# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml
# This template moved to Jobs/Container-Scanning.gitlab-ci.yml in GitLab 15.6
# Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/381665
# Use this template to enable container scanning in your project.
# You should add this template to an existing `.gitlab-ci.yml` file by using the `include:`
# keyword.
# The template should work without modifications but you can customize the template settings if
# needed: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
#
# Requirements:
# - A `test` stage to be present in the pipeline.
# - You must define the image to be scanned in the CS_IMAGE variable. If CS_IMAGE is the
# same as $CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG, you can skip this.
# - Container registry credentials defined by `CS_REGISTRY_USER` and `CS_REGISTRY_PASSWORD` variables if the
# image to be scanned is in a private registry.
# - For auto-remediation, a readable Dockerfile in the root of the project or as defined by the
# CS_DOCKERFILE_PATH variable.
#
# Configure container scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html).
# List of available variables: https://docs.gitlab.com/ee/user/application_security/container_scanning/#available-variables
variables:
CS_ANALYZER_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/security-products/container-scanning:5"
container_scanning:
image: "$CS_ANALYZER_IMAGE$CS_IMAGE_SUFFIX"
stage: test
variables:
# To provide a `vulnerability-allowlist.yml` file, override the GIT_STRATEGY variable in your
# `.gitlab-ci.yml` file and set it to `fetch`.
# For details, see the following links:
# https://docs.gitlab.com/ee/user/application_security/container_scanning/index.html#overriding-the-container-scanning-template
# https://docs.gitlab.com/ee/user/application_security/container_scanning/#vulnerability-allowlisting
GIT_STRATEGY: none
allow_failure: true
artifacts:
reports:
container_scanning: gl-container-scanning-report.json
dependency_scanning: gl-dependency-scanning-report.json
paths: [gl-container-scanning-report.json, gl-dependency-scanning-report.json]
dependencies: []
script:
- gtcs scan
rules:
- if: $CONTAINER_SCANNING_DISABLED
when: never
- if: $CI_COMMIT_BRANCH &&
$CI_GITLAB_FIPS_MODE == "true" &&
$CS_ANALYZER_IMAGE !~ /-(fips|ubi)\z/
variables:
CS_IMAGE_SUFFIX: -fips
- if: $CI_COMMIT_BRANCH
include:
template: Jobs/Container-Scanning.gitlab-ci.yml

71
lib/gitlab/ci/templates/Security/Container-Scanning.latest.gitlab-ci.yml
View File

@ -1,68 +1,5 @@
# To contribute improvements to CI/CD templates, please follow the Development guide at:
# https://docs.gitlab.com/ee/development/cicd/templates.html
# This specific template is located at:
# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml
# This template moved to Jobs/Container-Scanning.latest.gitlab-ci.yml in GitLab 15.6
# Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/381665
# Use this template to enable container scanning in your project.
# You should add this template to an existing `.gitlab-ci.yml` file by using the `include:`
# keyword.
# The template should work without modifications but you can customize the template settings if
# needed: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
#
# Requirements:
# - A `test` stage to be present in the pipeline.
# - You must define the image to be scanned in the CS_IMAGE variable. If CS_IMAGE is the
# same as $CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG, you can skip this.
# - Container registry credentials defined by `CS_REGISTRY_USER` and `CS_REGISTRY_PASSWORD` variables if the
# image to be scanned is in a private registry.
# - For auto-remediation, a readable Dockerfile in the root of the project or as defined by the
# CS_DOCKERFILE_PATH variable.
#
# Configure container scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html).
# List of available variables: https://docs.gitlab.com/ee/user/application_security/container_scanning/#available-variables
variables:
CS_ANALYZER_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/security-products/container-scanning:5"
container_scanning:
image: "$CS_ANALYZER_IMAGE$CS_IMAGE_SUFFIX"
stage: test
variables:
# To provide a `vulnerability-allowlist.yml` file, override the GIT_STRATEGY variable in your
# `.gitlab-ci.yml` file and set it to `fetch`.
# For details, see the following links:
# https://docs.gitlab.com/ee/user/application_security/container_scanning/index.html#overriding-the-container-scanning-template
# https://docs.gitlab.com/ee/user/application_security/container_scanning/#vulnerability-allowlisting
GIT_STRATEGY: none
allow_failure: true
artifacts:
reports:
container_scanning: gl-container-scanning-report.json
dependency_scanning: gl-dependency-scanning-report.json
paths: [gl-container-scanning-report.json, gl-dependency-scanning-report.json]
dependencies: []
script:
- gtcs scan
rules:
- if: $CONTAINER_SCANNING_DISABLED
when: never
# Add the job to merge request pipelines if there's an open merge request.
- if: $CI_PIPELINE_SOURCE == "merge_request_event" &&
$CI_GITLAB_FIPS_MODE == "true" &&
$CS_ANALYZER_IMAGE !~ /-(fips|ubi)\z/
variables:
CS_IMAGE_SUFFIX: -fips
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
# Don't add it to a *branch* pipeline if it's already in a merge request pipeline.
- if: $CI_OPEN_MERGE_REQUESTS
when: never
# Add the job to branch pipelines.
- if: $CI_COMMIT_BRANCH &&
$CI_GITLAB_FIPS_MODE == "true" &&
$CS_ANALYZER_IMAGE !~ /-(fips|ubi)\z/
variables:
CS_IMAGE_SUFFIX: -fips
- if: $CI_COMMIT_BRANCH
include:
template: Jobs/Container-Scanning.latest.gitlab-ci.yml

2
lib/gitlab/ci/templates/Security/Secure-Binaries.gitlab-ci.yml
View File

@ -38,7 +38,7 @@ variables:
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: ""
services:
- docker:stable-dind
- docker:dind
script:
- docker info
- env

4
lib/gitlab/ci/templates/Verify/Browser-Performance.gitlab-ci.yml
View File

@ -17,10 +17,10 @@ browser_performance:
variables:
URL: ''
SITESPEED_IMAGE: sitespeedio/sitespeed.io
SITESPEED_VERSION: 14.1.0
SITESPEED_VERSION: 26.1.0
SITESPEED_OPTIONS: ''
services:
- docker:stable-dind
- docker:dind
script:
- mkdir gitlab-exporter
# Busybox wget does not support proxied HTTPS, get the real thing.

4
lib/gitlab/ci/templates/Verify/Browser-Performance.latest.gitlab-ci.yml
View File

@ -17,10 +17,10 @@ browser_performance:
variables:
URL: ''
SITESPEED_IMAGE: sitespeedio/sitespeed.io
SITESPEED_VERSION: 14.1.0
SITESPEED_VERSION: latest
SITESPEED_OPTIONS: ''
services:
- docker:stable-dind
- docker:dind
script:
- mkdir gitlab-exporter
# Busybox wget does not support proxied HTTPS, get the real thing.

6
lib/gitlab/ci/templates/Verify/Load-Performance-Testing.gitlab-ci.yml
View File

@ -15,13 +15,13 @@ load_performance:
stage: performance
image: docker:git
variables:
K6_IMAGE: loadimpact/k6
K6_VERSION: 0.27.0
K6_IMAGE: grafana/k6
K6_VERSION: 0.41.0
K6_TEST_FILE: raw.githubusercontent.com/grafana/k6/master/samples/http_get.js
K6_OPTIONS: ''
K6_DOCKER_OPTIONS: ''
services:
- docker:stable-dind
- docker:dind
script:
- docker run --rm -v "$(pwd)":/k6 -w /k6 $K6_DOCKER_OPTIONS $K6_IMAGE:$K6_VERSION run $K6_TEST_FILE --summary-export=load-performance.json $K6_OPTIONS
artifacts:

6
lib/gitlab/jira/http_client.rb
View File

@ -35,12 +35,6 @@ module Gitlab
request_params[:base_uri] = uri.to_s
request_params.merge!(auth_params)
if Feature.enabled?(:jira_raise_timeouts, type: :ops)
request_params[:open_timeout] = 2.minutes
request_params[:read_timeout] = 2.minutes
request_params[:write_timeout] = 2.minutes
end
result = Gitlab::HTTP.public_send(http_method, path, **request_params) # rubocop:disable GitlabSecurity/PublicSend
@authenticated = result.response.is_a?(Net::HTTPOK)
store_cookies(result) if options[:use_cookies]

12
lib/gitlab/usage_data_counters/known_events/ci_templates.yml
View File

@ -347,6 +347,14 @@
category: ci_templates
redis_slot: ci_templates
aggregation: weekly
- name: p_ci_templates_jobs_container_scanning
category: ci_templates
redis_slot: ci_templates
aggregation: weekly
- name: p_ci_templates_jobs_container_scanning_latest
category: ci_templates
redis_slot: ci_templates
aggregation: weekly
- name: p_ci_templates_jobs_dependency_scanning_latest
category: ci_templates
redis_slot: ci_templates
@ -519,6 +527,10 @@
category: ci_templates
redis_slot: ci_templates
aggregation: weekly
- name: p_ci_templates_implicit_jobs_container_scanning
category: ci_templates
redis_slot: ci_templates
aggregation: weekly
- name: p_ci_templates_implicit_jobs_dast_default_branch_deploy
category: ci_templates
redis_slot: ci_templates

2
lib/security/ci_configuration/container_scanning_build_action.rb
View File

@ -12,7 +12,7 @@ module Security
def template
return 'Auto-DevOps.gitlab-ci.yml' if @auto_devops_enabled
'Security/Container-Scanning.gitlab-ci.yml'
'Jobs/Container-Scanning.gitlab-ci.yml'
end
def comment

27
qa/qa/support/data/license.rb Normal file
View File

@ -0,0 +1,27 @@
# frozen_string_literal: true
module QA
module Support
module Data
module License
def license_user
'GitLab QA'
end
def license_company
'QA User'
end
def license_user_count
10_000
end
def license_plan
QA::ULTIMATE_SELF_MANAGED
end
end
end
end
end
QA::Support::Data::License.prepend_mod_with('Support::Data::License', namespace: QA)

10
spec/lib/security/ci_configuration/container_scanning_build_action_spec.rb
View File

@ -33,7 +33,7 @@ RSpec.describe Security::CiConfiguration::ContainerScanningBuildAction do
RANDOM: make sure this persists
include:
- template: existing.yml
- template: Security/Container-Scanning.gitlab-ci.yml
- template: Jobs/Container-Scanning.gitlab-ci.yml
CI_YML
end
@ -85,7 +85,7 @@ RSpec.describe Security::CiConfiguration::ContainerScanningBuildAction do
variables:
RANDOM: make sure this persists
include:
- template: Security/Container-Scanning.gitlab-ci.yml
- template: Jobs/Container-Scanning.gitlab-ci.yml
CI_YML
end
@ -93,7 +93,7 @@ RSpec.describe Security::CiConfiguration::ContainerScanningBuildAction do
let(:gitlab_ci_content) do
{ "stages" => %w(test),
"variables" => { "RANDOM" => "make sure this persists" },
"include" => [{ "template" => "Security/Container-Scanning.gitlab-ci.yml" }] }
"include" => [{ "template" => "Jobs/Container-Scanning.gitlab-ci.yml" }] }
end
it 'generates the correct YML' do
@ -106,7 +106,7 @@ RSpec.describe Security::CiConfiguration::ContainerScanningBuildAction do
let(:gitlab_ci_content) do
{ "stages" => %w(test),
"variables" => { "RANDOM" => "make sure this persists" },
"include" => { "template" => "Security/Container-Scanning.gitlab-ci.yml" } }
"include" => { "template" => "Jobs/Container-Scanning.gitlab-ci.yml" } }
end
it 'generates the correct YML' do
@ -138,7 +138,7 @@ RSpec.describe Security::CiConfiguration::ContainerScanningBuildAction do
# DOCKER_USER: ...
# DOCKER_PASSWORD: ...
include:
- template: Security/Container-Scanning.gitlab-ci.yml
- template: Jobs/Container-Scanning.gitlab-ci.yml
CI_YML
end

29
spec/models/integrations/jira_spec.rb
View File

@ -466,7 +466,8 @@ RSpec.describe Integrations::Jira do
end
describe '#client' do
subject do
it 'uses the default GitLab::HTTP timeouts' do
timeouts = Gitlab::HTTP::DEFAULT_TIMEOUT_OPTIONS
stub_request(:get, 'http://jira.example.com/foo')
expect(Gitlab::HTTP).to receive(:httparty_perform_request)
@ -474,32 +475,6 @@ RSpec.describe Integrations::Jira do
jira_integration.client.get('/foo')
end
context 'when the FF :jira_raise_timeouts is enabled' do
let(:timeouts) do
{
open_timeout: 2.minutes,
read_timeout: 2.minutes,
write_timeout: 2.minutes
}
end
it 'uses custom timeouts' do
subject
end
end
context 'when the FF :jira_raise_timeouts is disabled' do
before do
stub_feature_flags(jira_raise_timeouts: false)
end
let(:timeouts) { Gitlab::HTTP::DEFAULT_TIMEOUT_OPTIONS }
it 'uses the default GitLab::HTTP timeouts' do
subject
end
end
end
describe '#find_issue' do

157
spec/models/user_preference_spec.rb
View File

@ -3,7 +3,9 @@
require 'spec_helper'
RSpec.describe UserPreference do
let(:user_preference) { create(:user_preference) }
let_it_be(:user) { create(:user) }
let(:user_preference) { create(:user_preference, user: user) }
describe 'validations' do
describe 'diffs_deletion_color and diffs_addition_color' do
@ -132,10 +134,24 @@ RSpec.describe UserPreference do
describe '#tab_width' do
it 'is set to 8 by default' do
# Intentionally not using factory here to test the constructor.
pref = UserPreference.new
pref = described_class.new
expect(pref.tab_width).to eq(8)
end
it 'returns default value when assigning nil' do
pref = described_class.new(tab_width: nil)
expect(pref.tab_width).to eq(8)
end
it 'returns default value when the value is NULL' do
pref = create(:user_preference, user: user)
pref.update_column(:tab_width, nil)
expect(pref.reload.tab_width).to eq(8)
end
it do
is_expected.to validate_numericality_of(:tab_width)
.only_integer
@ -143,4 +159,141 @@ RSpec.describe UserPreference do
.is_less_than_or_equal_to(12)
end
end
describe '#tab_width=' do
it 'sets to default value when nil' do
pref = described_class.new(tab_width: nil)
expect(pref.read_attribute(:tab_width)).to eq(8)
end
it 'sets user values' do
pref = described_class.new(tab_width: 12)
expect(pref.read_attribute(:tab_width)).to eq(12)
end
end
describe '#time_display_relative' do
it 'is set to true by default' do
pref = described_class.new
expect(pref.time_display_relative).to eq(true)
end
it 'returns default value when assigning nil' do
pref = described_class.new(time_display_relative: nil)
expect(pref.time_display_relative).to eq(true)
end
it 'returns default value when the value is NULL' do
pref = create(:user_preference, user: user)
pref.update_column(:time_display_relative, nil)
expect(pref.reload.time_display_relative).to eq(true)
end
it 'returns assigned value' do
pref = described_class.new(time_display_relative: false)
expect(pref.time_display_relative).to eq(false)
end
end
describe '#time_display_relative=' do
it 'sets to default value when nil' do
pref = described_class.new(time_display_relative: nil)
expect(pref.read_attribute(:time_display_relative)).to eq(true)
end
it 'sets user values' do
pref = described_class.new(time_display_relative: false)
expect(pref.read_attribute(:time_display_relative)).to eq(false)
end
end
describe '#time_format_in_24h' do
it 'is set to false by default' do
pref = described_class.new
expect(pref.time_format_in_24h).to eq(false)
end
it 'returns default value when assigning nil' do
pref = described_class.new(time_format_in_24h: nil)
expect(pref.time_format_in_24h).to eq(false)
end
it 'returns default value when the value is NULL' do
pref = create(:user_preference, user: user)
pref.update_column(:time_format_in_24h, nil)
expect(pref.reload.time_format_in_24h).to eq(false)
end
it 'returns assigned value' do
pref = described_class.new(time_format_in_24h: true)
expect(pref.time_format_in_24h).to eq(true)
end
end
describe '#time_format_in_24h=' do
it 'sets to default value when nil' do
pref = described_class.new(time_format_in_24h: nil)
expect(pref.read_attribute(:time_format_in_24h)).to eq(false)
end
it 'sets user values' do
pref = described_class.new(time_format_in_24h: true)
expect(pref.read_attribute(:time_format_in_24h)).to eq(true)
end
end
describe '#render_whitespace_in_code' do
it 'is set to false by default' do
pref = described_class.new
expect(pref.render_whitespace_in_code).to eq(false)
end
it 'returns default value when assigning nil' do
pref = described_class.new(render_whitespace_in_code: nil)
expect(pref.render_whitespace_in_code).to eq(false)
end
it 'returns default value when the value is NULL' do
pref = create(:user_preference, user: user)
pref.update_column(:render_whitespace_in_code, nil)
expect(pref.reload.render_whitespace_in_code).to eq(false)
end
it 'returns assigned value' do
pref = described_class.new(render_whitespace_in_code: true)
expect(pref.render_whitespace_in_code).to eq(true)
end
end
describe '#render_whitespace_in_code=' do
it 'sets to default value when nil' do
pref = described_class.new(render_whitespace_in_code: nil)
expect(pref.read_attribute(:render_whitespace_in_code)).to eq(false)
end
it 'sets user values' do
pref = described_class.new(render_whitespace_in_code: true)
expect(pref.read_attribute(:render_whitespace_in_code)).to eq(true)
end
end
end

17
spec/models/user_spec.rb
View File

@ -146,6 +146,21 @@ RSpec.describe User do
it { is_expected.to have_many(:project_callouts).class_name('Users::ProjectCallout') }
it { is_expected.to have_many(:created_projects).dependent(:nullify).class_name('Project') }
describe 'default values' do
let(:user) { described_class.new }
it { expect(user.admin).to be_falsey }
it { expect(user.external).to eq(Gitlab::CurrentSettings.user_default_external) }
it { expect(user.can_create_group).to eq(Gitlab::CurrentSettings.can_create_group) }
it { expect(user.can_create_team).to be_falsey }
it { expect(user.hide_no_ssh_key).to be_falsey }
it { expect(user.hide_no_password).to be_falsey }
it { expect(user.project_view).to eq('files') }
it { expect(user.notified_of_own_activity).to be_falsey }
it { expect(user.preferred_language).to eq(I18n.default_locale.to_s) }
it { expect(user.theme_id).to eq(described_class.gitlab_config.default_theme) }
end
describe '#user_detail' do
it 'does not persist `user_detail` by default' do
expect(create(:user).user_detail).not_to be_persisted
@ -417,7 +432,7 @@ RSpec.describe User do
end
it 'falls back to english when I18n.default_locale is not an available language' do
I18n.default_locale = :kl
allow(I18n).to receive(:default_locale) { :kl }
default_preferred_language = user.send(:default_preferred_language)
expect(user.preferred_language).to eq default_preferred_language

1
spec/workers/namespaces/root_statistics_worker_spec.rb
View File

@ -92,7 +92,6 @@ RSpec.describe Namespaces::RootStatisticsWorker, '#perform' do
it_behaves_like 'worker with data consistency',
described_class,
feature_flag: :root_statistics_worker_read_replica,
data_consistency: :sticky
it 'has the `until_executed` deduplicate strategy' do