Add latest changes from gitlab-org/gitlab@master

2023-06-20 06:07:06 +00:00 · 2023-06-20 06:07:06 +00:00 · dd4c30182c
parent accf0d7db3
commit dd4c30182c
19 changed files with 91 additions and 46 deletions
--- a/.rubocop_todo/lint/empty_class.yml
+++ b/.rubocop_todo/lint/empty_class.yml
@ -1,4 +0,0 @@
---
-Lint/EmptyClass:
-  Exclude:
-    - 'spec/lib/gitlab/multi_destination_logger_spec.rb'
--- a/2
+++ b/2
@ -1 +1 @@
-d687ebe4b114fce6d74deed3d7f45c0b58e3bbc4
+c8e24f24ed55dc90cd7f3ad4272421b4fce368f7
--- a/app/models/merge_request/diff_llm_summary.rb
+++ b/app/models/merge_request/diff_llm_summary.rb
@ -1,14 +0,0 @@
-# rubocop:disable Style/ClassAndModuleChildren
-# frozen_string_literal: true
-
-class MergeRequest::DiffLlmSummary < ApplicationRecord
-  belongs_to :merge_request_diff
-  belongs_to :user, optional: true
-
-  validates :merge_request_diff_id, uniqueness: true
-  validates :provider, presence: true
-  validates :content, presence: true, length: { maximum: 2056 }
-
-  enum provider: { openai: 0 }
-end
-# rubocop:enable Style/ClassAndModuleChildren
--- a/app/policies/merge_request_policy.rb
+++ b/app/policies/merge_request_policy.rb
@ -16,6 +16,10 @@ class MergeRequestPolicy < IssuablePolicy
    prevent :accept_merge_request
  end

+  rule { can?(:read_merge_request) }.policy do
+    enable :generate_diff_summary
+  end
+
  rule { can_approve }.policy do
    enable :approve_merge_request
  end
@ -43,6 +47,10 @@ class MergeRequestPolicy < IssuablePolicy
    enable :set_merge_request_metadata
  end

+  rule { llm_bot }.policy do
+    enable :generate_diff_summary
+  end
+
  private

  def can_approve?
--- a/app/validators/json_schemas/scan_result_policy_vulnerability_attributes.json
+++ b/app/validators/json_schemas/scan_result_policy_vulnerability_attributes.json
@ -0,0 +1,14 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "description": "Scan result policy vulnerability_attributes",
+  "type": "object",
+  "properties": {
+    "false_positive": {
+      "type": "boolean"
+    },
+    "fix_available": {
+      "type": "boolean"
+    }
+  },
+  "additionalProperties": false
+}
--- a/db/migrate/20230613122211_add_vulnerability_attributes_to_scan_result_policies.rb
+++ b/db/migrate/20230613122211_add_vulnerability_attributes_to_scan_result_policies.rb
@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class AddVulnerabilityAttributesToScanResultPolicies < Gitlab::Database::Migration[2.1]
+  def change
+    add_column :scan_result_policies, :vulnerability_attributes, :jsonb, default: {}
+  end
+end
--- a/db/schema_migrations/20230613122211
+++ b/db/schema_migrations/20230613122211
@ -0,0 +1 @@
+da2cc429052e2db307e8eff2de61049ce93db4a7f6321a265889edeff1e7897d
--- a/db/structure.sql
+++ b/db/structure.sql
@ -22303,6 +22303,7 @@ CREATE TABLE scan_result_policies (
    age_value integer,
    age_operator smallint,
    age_interval smallint,
+    vulnerability_attributes jsonb DEFAULT '{}'::jsonb,
    CONSTRAINT age_value_null_or_positive CHECK (((age_value IS NULL) OR (age_value >= 0)))
 );

--- a/doc/administration/audit_event_streaming/index.md
+++ b/doc/administration/audit_event_streaming/index.md
@ -226,6 +226,25 @@ To list streaming destinations for an instance and see the verification tokens:
 1. On the main area, select the **Streams**.
 1. View the verification token on the right side of each item.

+## Event type filters
+
+> Event type filtering in the UI with a defined list of audit event types [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/413581) in GitLab 16.1.
+
+When this feature is enabled for a group, you can permit users to filter streamed audit events per destination.
+If the feature is enabled with no filters, the destination receives all audit events.
+
+A streaming destination that has an event type filter set has a **filtered** (**{filter}**) label.
+
+To update a streaming destination's event filters:
+
+1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group.
+1. Select **Secure > Audit events**.
+1. On the main area, select the **Streams** tab.
+1. To the right of the item, select **Edit** (**{pencil}**).
+1. Select **Filter by stream event**.
+1. Select the dropdown list and select or clear the required event types.
+1. Select **Save** to update the event filters.
+
 ## Override default content type header

 By default, streaming destinations use a `content-type` header of `application/x-www-form-urlencoded`. However, you
--- a/doc/user/group/compliance_frameworks.md
+++ b/doc/user/group/compliance_frameworks.md
@ -12,7 +12,8 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 You can create a compliance framework that is a label to identify that your project has certain compliance
 requirements or needs additional oversight. The label can optionally enforce
 [compliance pipeline configuration](#compliance-pipelines) to the projects on which it is
-[applied](../project/settings/index.md#add-a-compliance-framework-to-a-project).
+applied. Refer to our
+applied. For more information, see [Add a compliance framework to a project](../project/settings/index.md#add-a-compliance-framework-to-a-project).

 Compliance frameworks are created on top-level groups. Group owners can create, edit, and delete compliance frameworks:

--- a/doc/user/project/merge_requests/approvals/index.md
+++ b/doc/user/project/merge_requests/approvals/index.md
@ -115,7 +115,7 @@ FLAG:
 On self-managed GitLab, by default this feature is available. To hide the feature,
 ask an administrator to [disable the feature flag](../../../../administration/feature_flags.md) named `invalid_scan_result_policy_prevents_merge`.

-Whenever an approval rule cannot be satisfied, the rule is displayed as **(!) Auto approved**. This applies to the following conditions:
+Whenever an approval rule cannot be satisfied, the rule is displayed as **Auto approved**. This applies to the following conditions:

 - The only eligible approver is the author of the merge request.
 - No eligible approvers (either groups or users) have been assigned to the approval rule.
@ -124,7 +124,7 @@ Whenever an approval rule cannot be satisfied, the rule is displayed as **(!) Au
 These rules are automatically approved to unblock their respective merge requests, unless they were
 created through a [scan result policy](../../../application_security/policies/scan-result-policies.md).
 Invalid approval rules created through a scan result policy are presented with
-**(!) Action Required** and are not automatically approved, blocking their respective merge requests.
+**Action required** and are not automatically approved, blocking their respective merge requests.

 ## Related topics

--- a/qa/gdk/Dockerfile.gdk
+++ b/qa/gdk/Dockerfile.gdk
@ -99,6 +99,7 @@ RUN set -eux; \
 #
 COPY --chown=gdk:gdk Gemfile Gemfile.lock ./gitlab/
 COPY --chown=gdk:gdk vendor/gems ./gitlab/vendor/gems
+COPY --chown=gdk:gdk gems ./gitlab/gems
 RUN make .gitlab-bundle && rm -rf ${GEM_HOME}/cache

 # Install gitlab npm dependencies
--- a/spec/lib/gitlab/background_migration/legacy_upload_mover_spec.rb
+++ b/spec/lib/gitlab/background_migration/legacy_upload_mover_spec.rb
@ -139,7 +139,7 @@ RSpec.describe Gitlab::BackgroundMigration::LegacyUploadMover, :aggregate_failur
    end

    context 'when an upload belongs to a legacy_diff_note' do
-      let!(:merge_request) { create(:merge_request, source_project: project) }
+      let!(:merge_request) { create(:merge_request, :skip_diff_creation, source_project: project) }

      let!(:note) do
        create(:legacy_diff_note_on_merge_request,
--- a/spec/lib/gitlab/import_export/all_models.yml
+++ b/spec/lib/gitlab/import_export/all_models.yml
@ -249,6 +249,7 @@ merge_request_diff:
 - merge_request_diff_commits
 - merge_request_diff_detail
 - merge_request_diff_files
+- merge_request_diff_llm_summary
 merge_request_diff_commits:
 - merge_request_diff
 - commit_author
--- a/spec/lib/gitlab/multi_destination_logger_spec.rb
+++ b/spec/lib/gitlab/multi_destination_logger_spec.rb
@ -2,9 +2,6 @@

 require 'spec_helper'

-class FakeLogger
-end
-
 class LoggerA < Gitlab::Logger
  def self.file_name_noext
    'loggerA'
--- a/spec/models/concerns/batch_destroy_dependent_associations_spec.rb
+++ b/spec/models/concerns/batch_destroy_dependent_associations_spec.rb
@ -27,7 +27,7 @@ RSpec.describe BatchDestroyDependentAssociations do
    let_it_be(:build) { create(:ci_build, project: project) }
    let_it_be(:notification_setting) { create(:notification_setting, project: project) }
    let_it_be(:note) { create(:note, project: project) }
-    let_it_be(:merge_request) { create(:merge_request, source_project: project) }
+    let_it_be(:merge_request) { create(:merge_request, :skip_diff_creation, source_project: project) }

    it 'destroys multiple notes' do
      create(:note, project: project)
--- a/spec/models/merge_request/diff_llm_summary_spec.rb
+++ b/spec/models/merge_request/diff_llm_summary_spec.rb
@ -1,18 +0,0 @@
-# frozen_string_literal: true
-
-require 'spec_helper'
-
-RSpec.describe ::MergeRequest::DiffLlmSummary, feature_category: :code_review_workflow do
-  let_it_be_with_reload(:project) { create(:project, :repository) }
-
-  subject(:merge_request_diff_llm_summary) { build(:merge_request_diff_llm_summary) }
-
-  describe 'associations' do
-    it { is_expected.to belong_to(:merge_request_diff) }
-    it { is_expected.to belong_to(:user).optional }
-    it { is_expected.to validate_uniqueness_of(:merge_request_diff_id) }
-    it { is_expected.to validate_presence_of(:content) }
-    it { is_expected.to validate_length_of(:content).is_at_most(2056) }
-    it { is_expected.to validate_presence_of(:provider) }
-  end
-end
--- a/spec/policies/merge_request_policy_spec.rb
+++ b/spec/policies/merge_request_policy_spec.rb
@ -462,6 +462,37 @@ RSpec.describe MergeRequestPolicy do
    end
  end

+  context 'when enabling generate diff summary permission' do
+    let_it_be(:project) { create(:project) }
+    let_it_be(:mr) { create(:merge_request, target_project: project, source_project: project) }
+    let_it_be(:user) { create(:user) }
+    let(:policy) { permissions(user, mr) }
+
+    context 'when can read_merge_request' do
+      before do
+        project.add_developer(user)
+      end
+
+      it 'allows to generate_diff_summary' do
+        expect(policy).to be_allowed(:generate_diff_summary)
+      end
+    end
+
+    context 'when can not read_merge_request' do
+      it 'does not allow to generate_diff_summary' do
+        expect(policy).not_to be_allowed(:generate_diff_summary)
+      end
+
+      context 'and when is the LLM bot' do
+        let(:user) { create(:user, :llm_bot) }
+
+        it 'allows to generate_diff_summary' do
+          expect(policy).to be_allowed(:generate_diff_summary)
+        end
+      end
+    end
+  end
+
  context 'when the author of the merge request is banned', feature_category: :insider_threat do
    let_it_be(:user) { create(:user) }
    let_it_be(:admin) { create(:user, :admin) }
--- a/spec/requests/api/statistics_spec.rb
+++ b/spec/requests/api/statistics_spec.rb
@ -59,7 +59,7 @@ RSpec.describe API::Statistics, 'Statistics', :aggregate_failures, feature_categ
        create_list(:note, 2, author: admin, project: projects.first, noteable: issues.first)
        create_list(:milestone, 3, project: projects.first)
        create(:key, user: admin)
-        create(:merge_request, source_project: projects.first)
+        create(:merge_request, :skip_diff_creation, source_project: projects.first)
        fork_project(projects.first, admin)

        # Make sure the reltuples have been updated
				`@ -0,0 +1 @@`
				`da2cc429052e2db307e8eff2de61049ce93db4a7f6321a265889edeff1e7897d`