diff --git a/app/assets/images/confluence.svg b/app/assets/images/confluence.svg
new file mode 100644
index 00000000000..f51d4318b6b
--- /dev/null
+++ b/app/assets/images/confluence.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/app/controllers/projects/confluences_controller.rb b/app/controllers/projects/confluences_controller.rb
new file mode 100644
index 00000000000..d563b34a362
--- /dev/null
+++ b/app/controllers/projects/confluences_controller.rb
@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+class Projects::ConfluencesController < Projects::ApplicationController
+ before_action :ensure_confluence
+
+ def show
+ end
+
+ private
+
+ def ensure_confluence
+ render_404 unless project.has_confluence?
+ end
+end
diff --git a/app/views/layouts/nav/sidebar/_project.html.haml b/app/views/layouts/nav/sidebar/_project.html.haml
index 9e7b2c6ef77..44d71cd6e65 100644
--- a/app/views/layouts/nav/sidebar/_project.html.haml
+++ b/app/views/layouts/nav/sidebar/_project.html.haml
@@ -294,11 +294,11 @@
= render 'layouts/nav/sidebar/analytics_links', links: project_analytics_navbar_links(@project, current_user)
- if project_nav_tab?(:confluence)
- - confluence_url = @project.confluence_service.confluence_url
+ - confluence_url = project_wikis_confluence_path(@project)
= nav_link do
= link_to confluence_url, class: 'shortcuts-confluence' do
.nav-icon-container
- = sprite_icon('external-link')
+ = image_tag 'confluence.svg', alt: _('Confluence')
%span.nav-item-name
= _('Confluence')
%ul.sidebar-sub-level-items.is-fly-out-only
diff --git a/app/views/projects/confluences/show.html.haml b/app/views/projects/confluences/show.html.haml
new file mode 100644
index 00000000000..b87780db4cd
--- /dev/null
+++ b/app/views/projects/confluences/show.html.haml
@@ -0,0 +1,13 @@
+- breadcrumb_title _('Confluence')
+- page_title _('Confluence')
+= render layout: 'shared/empty_states/wikis_layout', locals: { image_path: 'illustrations/wiki_login_empty.svg' } do
+ %h4
+ = s_('WikiEmpty|Confluence is enabled')
+ %p
+ - wiki_confluence_epic_link_url = 'https://gitlab.com/groups/gitlab-org/-/epics/3629'
+ - wiki_confluence_epic_link_start = ''.html_safe % { url: wiki_confluence_epic_link_url }
+ = s_("WikiEmpty|You've enabled the Confluence Workspace integration. Your wiki will be viewable directly within Confluence. We are hard at work integrating Confluence more seamlessly into GitLab. If you'd like to stay up to date, follow our %{wiki_confluence_epic_link_start}Confluence epic%{wiki_confluence_epic_link_end}.").html_safe % { wiki_confluence_epic_link_start: wiki_confluence_epic_link_start, wiki_confluence_epic_link_end: ''.html_safe }
+ = link_to @project.confluence_service.confluence_url, target: '_blank', rel: 'noopener noreferrer', class: 'btn btn-success external-url', title: s_('WikiEmpty|Go to Confluence') do
+ = sprite_icon('external-link')
+ = s_('WikiEmpty|Go to Confluence')
+
diff --git a/changelogs/unreleased/220934-confluence-wiki-icon.yml b/changelogs/unreleased/220934-confluence-wiki-icon.yml
new file mode 100644
index 00000000000..b64d29470c8
--- /dev/null
+++ b/changelogs/unreleased/220934-confluence-wiki-icon.yml
@@ -0,0 +1,5 @@
+---
+title: Use a Confluence icon for the project Confluence integration nav item
+merge_request: 36780
+author:
+type: changed
diff --git a/changelogs/unreleased/cluster-applications-0-24-2.yml b/changelogs/unreleased/cluster-applications-0-24-2.yml
new file mode 100644
index 00000000000..d30a4e149ef
--- /dev/null
+++ b/changelogs/unreleased/cluster-applications-0-24-2.yml
@@ -0,0 +1,5 @@
+---
+title: Update cluster-applications to 0.24.2
+merge_request: 36768
+author:
+type: added
diff --git a/changelogs/unreleased/secret-detection-remove-extra-job.yml b/changelogs/unreleased/secret-detection-remove-extra-job.yml
new file mode 100644
index 00000000000..66d05c9f4a6
--- /dev/null
+++ b/changelogs/unreleased/secret-detection-remove-extra-job.yml
@@ -0,0 +1,5 @@
+---
+title: Remove extra Secret-Detection job on merge requests
+merge_request: 36884
+author:
+type: fixed
diff --git a/config/routes/wiki.rb b/config/routes/wiki.rb
index 0e1f39a23ea..49ad39e8369 100644
--- a/config/routes/wiki.rb
+++ b/config/routes/wiki.rb
@@ -5,6 +5,9 @@ scope(controller: :wikis) do
get :new
get '/', to: redirect { |params, request| "#{request.path}/home" }
post '/', to: 'wikis#create'
+ scope '-' do
+ resource :confluence, only: :show
+ end
end
scope(path: 'wikis/*id', as: :wiki, format: false) do
diff --git a/doc/user/clusters/applications.md b/doc/user/clusters/applications.md
index e1285846c0c..090f708d6e1 100644
--- a/doc/user/clusters/applications.md
+++ b/doc/user/clusters/applications.md
@@ -984,21 +984,20 @@ Major upgrades might require additional setup steps, please consult
the official [upgrade guide](https://docs.cilium.io/en/stable/install/upgrade/) for more
information.
-By default, Cilium drops all disallowed packets upon policy
-deployment. In
-[auditmode](https://docs.cilium.io/en/v1.8/gettingstarted/policy-creation/?highlight=policy-audit#enable-policy-audit-mode),
-however, Cilium doesn't drop disallowed packets. You can use
-`policy-verdict` log to observe policy-related decisions. You can
-enable audit mode by adding the following to
+By default, Cilium's [audit
+mode](https://docs.cilium.io/en/v1.8/gettingstarted/policy-creation/?highlight=policy-audit#enable-policy-audit-mode)
+is enabled. In audit mode, Cilium doesn't drop disallowed packets. You
+can use `policy-verdict` log to observe policy-related decisions. You
+can disable audit mode by adding the following to
`.gitlab/managed-apps/cilium/values.yaml`:
```yaml
config:
- policyAuditMode: true
+ policyAuditMode: false
agent:
monitor:
- eventTypes: ["drop", "policy-verdict"]
+ eventTypes: ["drop"]
```
The Cilium monitor log for traffic is logged out by the
@@ -1453,6 +1452,45 @@ podAnnotations:
The only information to be changed here is the profile name which is `profile-one` in this example. Refer to the [AppArmor tutorial](https://kubernetes.io/docs/tutorials/clusters/apparmor/#securing-a-pod) for more information on how AppArmor is integrated in Kubernetes.
+#### Using PodSecurityPolicy in your deployments
+
+NOTE: **Note:**
+To enable AppArmor annotations on a Pod Security Policy you must first
+load the correspondingAppArmor profile.
+
+[Pod Security Policies](https://kubernetes.io/docs/concepts/policy/pod-security-policy/)are
+resources at the cluster level that control security-related
+properties of deployed pods. You can use such a policy to enable
+loaded AppArmor profiles and apply necessary pod restrictions across a
+cluster. You can deploy a new policy by adding the following
+to`.gitlab/managed-apps/apparmor/values.yaml`:
+
+```yaml
+securityPolicies:
+ example:
+ defaultProfile: profile-one
+ allowedProfiles:
+ - profile-one
+ - profile-two
+ spec:
+ privileged: false
+ seLinux:
+ rule: RunAsAny
+ supplementalGroups:
+ rule: RunAsAny
+ runAsUser:
+ rule: RunAsAny
+ fsGroup:
+ rule: RunAsAny
+ volumes:
+ - '*'
+```
+
+This example creates a single policy named `example` with the provided
+specification, and enables [AppArmor
+annotations](https://kubernetes.io/docs/tutorials/clusters/apparmor/#podsecuritypolicy-annotations)on
+it.
+
NOTE: **Note:**
Support for installing the AppArmor managed application is provided by the GitLab Container Security group.
If you run into unknown issues, please [open a new issue](https://gitlab.com/gitlab-org/gitlab/-/issues/new) and ping at least 2 people from the [Container Security group](https://about.gitlab.com/handbook/product/product-categories/#container-security-group).
diff --git a/lib/gitlab/ci/templates/Managed-Cluster-Applications.gitlab-ci.yml b/lib/gitlab/ci/templates/Managed-Cluster-Applications.gitlab-ci.yml
index b2f49db421e..3d0bacda853 100644
--- a/lib/gitlab/ci/templates/Managed-Cluster-Applications.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Managed-Cluster-Applications.gitlab-ci.yml
@@ -1,6 +1,6 @@
apply:
stage: deploy
- image: "registry.gitlab.com/gitlab-org/cluster-integration/cluster-applications:v0.23.0"
+ image: "registry.gitlab.com/gitlab-org/cluster-integration/cluster-applications:v0.24.2"
environment:
name: production
variables:
diff --git a/lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml
index 9f86d0d3585..441a57048e1 100644
--- a/lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml
@@ -31,7 +31,7 @@ secret_detection:
rules:
- if: $SECRET_DETECTION_DISABLED
when: never
- - if: $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH &&
+ - if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH &&
$GITLAB_FEATURES =~ /\bsecret_detection\b/
script:
- git fetch origin $CI_DEFAULT_BRANCH $CI_BUILD_REF_NAME
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index 025b2bcd994..4a76d90732f 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -26435,12 +26435,18 @@ msgstr ""
msgid "WikiEmpty|A wiki is where you can store all the details about your project. This can include why you've created it, its principles, how to use it, and so on."
msgstr ""
+msgid "WikiEmpty|Confluence is enabled"
+msgstr ""
+
msgid "WikiEmpty|Create your first page"
msgstr ""
msgid "WikiEmpty|Enable the Confluence Wiki integration"
msgstr ""
+msgid "WikiEmpty|Go to Confluence"
+msgstr ""
+
msgid "WikiEmpty|Suggest wiki improvement"
msgstr ""
@@ -26462,6 +26468,9 @@ msgstr ""
msgid "WikiEmpty|You must be a project member in order to add wiki pages."
msgstr ""
+msgid "WikiEmpty|You've enabled the Confluence Workspace integration. Your wiki will be viewable directly within Confluence. We are hard at work integrating Confluence more seamlessly into GitLab. If you'd like to stay up to date, follow our %{wiki_confluence_epic_link_start}Confluence epic%{wiki_confluence_epic_link_end}."
+msgstr ""
+
msgid "WikiHistoricalPage|This is an old version of this page."
msgstr ""
diff --git a/spec/features/projects/confluence/user_views_confluence_page_spec.rb b/spec/features/projects/confluence/user_views_confluence_page_spec.rb
new file mode 100644
index 00000000000..d39c97291db
--- /dev/null
+++ b/spec/features/projects/confluence/user_views_confluence_page_spec.rb
@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe 'User views the Confluence page' do
+ let_it_be(:user) { create(:user) }
+ let(:project) { create(:project, :public) }
+
+ before do
+ sign_in(user)
+ end
+
+ it 'shows the page when the Confluence integration is enabled' do
+ service = create(:confluence_service, project: project)
+
+ visit project_wikis_confluence_path(project)
+
+ element = page.find('.row.empty-state')
+
+ expect(element).to have_link('Go to Confluence', href: service.confluence_url)
+ end
+
+ it 'does not show the page when the Confluence integration disabled' do
+ visit project_wikis_confluence_path(project)
+
+ expect(page).to have_gitlab_http_status(:not_found)
+ end
+end
diff --git a/spec/views/layouts/nav/sidebar/_project.html.haml_spec.rb b/spec/views/layouts/nav/sidebar/_project.html.haml_spec.rb
index d748e1f8756..bf0bf63e164 100644
--- a/spec/views/layouts/nav/sidebar/_project.html.haml_spec.rb
+++ b/spec/views/layouts/nav/sidebar/_project.html.haml_spec.rb
@@ -120,7 +120,7 @@ RSpec.describe 'layouts/nav/sidebar/_project' do
let(:active) { true }
it 'shows the Confluence tab' do
- expect(rendered).to have_link('Confluence', href: service.confluence_url)
+ expect(rendered).to have_link('Confluence', href: project_wikis_confluence_path(project))
end
it 'does not show the GitLab wiki tab' do