root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2024-02-09 18:11:31 +00:00
parent 1fa5d56fec
commit ed0bfef6b7
210 changed files with 1939 additions and 571 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.gitlab/merge_request_templates/Documentation.md
View File

@ -13,9 +13,9 @@
- [Documentation process](https://docs.gitlab.com/ee/development/documentation/workflow.html).
- [Documentation guidelines](https://docs.gitlab.com/ee/development/documentation/).
- [Style Guide](https://docs.gitlab.com/ee/development/documentation/styleguide/).
- [ ] If you're adding or changing the main heading of the page (H1), ensure that the [product tier badge](https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#product-tier-badges) is added.
- [ ] If you're adding a new page, add the [product tier badge](https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#product-tier-badges) under the H1 topic title.
- [ ] If you are a GitLab team member, [request a review](https://docs.gitlab.com/ee/development/code_review.html#dogfooding-the-reviewers-feature) based on:
- The documentation page's [metadata](https://docs.gitlab.com/ee/development/documentation/#metadata).
- The documentation page's [metadata](https://docs.gitlab.com/ee/development/documentation/metadata.html).
- The [associated Technical Writer](https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments).
If you are a GitLab team member and only adding documentation, do not add any of the following labels:
@ -36,9 +36,9 @@ If you aren't sure which tech writer to ask, use [roulette](https://gitlab-org.g
- [ ] If the content requires it, ensure the information is reviewed by a subject matter expert.
- Technical writer review items:
- [ ] Ensure docs metadata is present and up-to-date.
- [ ] Ensure the appropriate [labels](https://about.gitlab.com/handbook/product/ux/technical-writing/workflow/#labels) are added to this MR.
- [ ] Ensure the appropriate [labels](https://handbook.gitlab.com/handbook/product/ux/technical-writing/workflow/#labels) are added to this MR.
- [ ] Ensure a release milestone is set.
- If relevant to this MR, ensure [content topic type](https://docs.gitlab.com/ee/development/documentation/structure.html) principles are in use, including:
- If relevant to this MR, ensure [content topic type](https://docs.gitlab.com/ee/development/documentation/topic_types/) principles are in use, including:
- [ ] The headings should be something you'd do a Google search for. Instead of `Default behavior`, say something like `Default behavior when you close an issue`.
- [ ] The headings (other than the page title) should be active. Instead of `Configuring GDK`, say something like `Configure GDK`.
- [ ] Any task steps should be written as a numbered list.

14
.rubocop_todo/capybara/testid_finders.yml
View File

@ -1,20 +1,6 @@
---
Capybara/TestidFinders:
Exclude:
- 'spec/features/issues/issue_sidebar_spec.rb'
- 'spec/features/issues/issue_state_spec.rb'
- 'spec/features/issues/user_creates_issue_spec.rb'
- 'spec/features/issues/user_edits_issue_spec.rb'
- 'spec/features/issues/user_resets_their_incoming_email_token_spec.rb'
- 'spec/features/issues/user_sees_sidebar_updates_in_realtime_spec.rb'
- 'spec/features/issues/user_toggles_subscription_spec.rb'
- 'spec/features/labels_hierarchy_spec.rb'
- 'spec/features/merge_request/merge_request_discussion_lock_spec.rb'
- 'spec/features/merge_request/user_accepts_merge_request_spec.rb'
- 'spec/features/merge_request/user_assigns_themselves_spec.rb'
- 'spec/features/merge_request/user_comments_on_diff_spec.rb'
- 'spec/features/merge_request/user_comments_on_whitespace_hidden_diff_spec.rb'
- 'spec/features/merge_request/user_creates_mr_spec.rb'
- 'spec/features/merge_request/user_interacts_with_batched_mr_diffs_spec.rb'
- 'spec/features/merge_request/user_sees_pipelines_spec.rb'
- 'spec/features/merge_request/user_sees_suggest_pipeline_spec.rb'

2
.rubocop_todo/fips/md5.yml
View File

@ -3,7 +3,6 @@ Fips/MD5:
Exclude:
- 'app/experiments/application_experiment.rb'
- 'app/models/concerns/checksummable.rb'
- 'app/services/gravatar_service.rb'
- 'app/services/packages/debian/generate_distribution_service.rb'
- 'app/services/packages/go/create_package_service.rb'
- 'app/services/packages/maven/metadata/append_package_file_service.rb'
@ -16,4 +15,3 @@ Fips/MD5:
- 'spec/lib/gitlab/ci/trace/archive_spec.rb'
- 'spec/lib/gitlab/ci/trace/remote_checksum_spec.rb'
- 'spec/models/concerns/checksummable_spec.rb'
- 'spec/services/gravatar_service_spec.rb'

30
app/assets/javascripts/accordion/index.js Normal file
View File

@ -0,0 +1,30 @@
import { spriteIcon } from '~/lib/utils/common_utils';
/**
* This adds interactivity to accordions created via HAML
*/
export default (el) => {
if (!el) return;
const accordionTrigger = el.querySelector('button');
const accordionItem = el.querySelector('.accordion-item');
const iconClass = 's16 gl-icon gl-button-icon js-chevron-icon';
const chevronRight = spriteIcon('chevron-right', iconClass);
const chevronDown = spriteIcon('chevron-down', iconClass);
accordionTrigger.addEventListener('click', () => {
const chevronIcon = el.querySelector('.js-chevron-icon');
accordionItem.classList.toggle('show');
if (accordionItem.classList.contains('show')) {
// eslint-disable-next-line no-unsanitized/property
chevronIcon.outerHTML = chevronDown;
accordionTrigger.setAttribute('aria-expanded', 'true');
return;
}
// eslint-disable-next-line no-unsanitized/property
chevronIcon.outerHTML = chevronRight;
accordionTrigger.setAttribute('aria-expanded', 'false');
});
};

106
app/assets/javascripts/achievements/components/achievements_app.vue
View File

@ -1,31 +1,105 @@
<script>
import { GlEmptyState, GlKeysetPagination, GlLoadingIcon, GlTableLite } from '@gitlab/ui';
import { getIdFromGraphQLId } from '~/graphql_shared/utils';
import { s__ } from '~/locale';
import getGroupAchievements from './graphql/get_group_achievements.query.graphql';
const ENTRIES_PER_PAGE = 20;
export default {
components: {
GlEmptyState,
GlKeysetPagination,
GlLoadingIcon,
GlTableLite,
},
inject: {
canAdminAchievement: {
type: Boolean,
required: true,
},
canAwardAchievement: {
type: Boolean,
required: true,
},
groupFullPath: {
type: String,
required: true,
},
groupId: {
type: Number,
required: true,
},
data() {
return {
achievements: [],
cursor: {
first: ENTRIES_PER_PAGE,
after: null,
last: null,
before: null,
},
pageInfo: {},
};
},
apollo: {
achievements: {
query: getGroupAchievements,
variables() {
return {
groupFullPath: this.groupFullPath,
...this.cursor,
};
},
result({ data }) {
this.pageInfo = data?.group?.achievements?.pageInfo;
},
update(data) {
return data?.group?.achievements?.nodes || [];
},
},
textQuery: {
type: String,
required: false,
default: null,
},
computed: {
isLoading() {
return this.$apollo.queries.achievements.loading;
},
items() {
return this.achievements.map((achievement) => ({
id: getIdFromGraphQLId(achievement.id),
name: achievement.name,
description: achievement.description,
}));
},
showPagination() {
return this.pageInfo?.hasPreviousPage || this.pageInfo?.hasNextPage;
},
},
methods: {
nextPage(item) {
this.cursor = {
first: ENTRIES_PER_PAGE,
after: item,
last: null,
before: null,
};
},
prevPage(item) {
this.cursor = {
first: null,
after: null,
last: ENTRIES_PER_PAGE,
before: item,
};
},
},
i18n: {
emptyStateTitle: s__('Achievements|There are currently no achievements.'),
},
};
</script>
<template>
<div></div>
<div class="gl-display-flex gl-flex-direction-column">
<gl-loading-icon v-if="isLoading" size="lg" class="gl-mt-5" />
<gl-empty-state v-else-if="!items.length" :title="$options.i18n.emptyStateTitle" />
<template v-else>
<gl-table-lite :items="items" />
<gl-keyset-pagination
v-if="showPagination"
v-bind="pageInfo"
class="gl-mt-3 gl-align-self-center"
@prev="prevPage"
@next="nextPage"
/>
</template>
</div>
</template>

23
app/assets/javascripts/achievements/components/graphql/get_group_achievements.query.graphql Normal file
View File

@ -0,0 +1,23 @@
#import "~/graphql_shared/fragments/page_info.fragment.graphql"
query getGroupAchievements(
$groupFullPath: ID!
$first: Int
$last: Int
$before: String
$after: String
) {
group(fullPath: $groupFullPath) {
id
achievements(first: $first, last: $last, after: $after, before: $before) {
nodes {
id
name
description
}
pageInfo {
...PageInfo
}
}
}
}

11
app/assets/javascripts/issues/show/components/header_actions.vue
View File

@ -325,7 +325,7 @@ export default {
:auto-close="false"
data-testid="mobile-dropdown"
:loading="isToggleStateButtonLoading"
placement="right"
placement="left"
>
<template v-if="showMovedSidebarOptions && !glFeatures.notificationsTodosButtons">
<sidebar-subscriptions-widget
@ -338,10 +338,6 @@ export default {
<gl-dropdown-divider />
</template>
<template v-if="showLockIssueOption">
<issuable-lock-form :is-editable="false" data-testid="lock-issue-toggle" />
</template>
<gl-disclosure-dropdown-item v-if="canUpdateIssue" @action="edit">
<template #list-item>{{ $options.i18n.edit }}</template>
</gl-disclosure-dropdown-item>
@ -356,6 +352,9 @@ export default {
<gl-disclosure-dropdown-item v-if="canPromoteToEpic" @action="promoteToEpic">
<template #list-item>{{ __('Promote to epic') }}</template>
</gl-disclosure-dropdown-item>
<template v-if="showLockIssueOption">
<issuable-lock-form :is-editable="false" data-testid="lock-issue-toggle" />
</template>
<gl-disclosure-dropdown-item
:data-clipboard-text="issuableReference"
class="js-copy-reference"
@ -370,7 +369,7 @@ export default {
:data-clipboard-text="issuableEmailAddress"
data-testid="copy-email"
@action="copyEmailAddress"
>{{ copyMailAddressText }}</gl-disclosure-dropdown-item
><template #list-item>{{ copyMailAddressText }}</template></gl-disclosure-dropdown-item
>
<gl-disclosure-dropdown-item
v-if="canReportSpam"

1
app/assets/javascripts/pages/groups/achievements/index.js
View File

@ -31,6 +31,7 @@ const init = () => {
return new Vue({
el,
name: 'AchievementsAppRoot',
router,
apolloProvider,
provide: convertObjectPropsToCamelCase(provide),

3
app/assets/javascripts/projects/new/index.js
View File

@ -2,6 +2,7 @@ import Vue from 'vue';
import VueApollo from 'vue-apollo';
import createDefaultClient from '~/lib/graphql';
import { parseBoolean } from '~/lib/utils/common_utils';
import initAccordion from '~/accordion';
import NewProjectCreationApp from './components/app.vue';
import NewProjectUrlSelect from './components/new_project_url_select.vue';
import DeploymentTargetSelect from './components/deployment_target_select.vue';
@ -89,3 +90,5 @@ export function initDeploymentTargetSelect() {
render: (createElement) => createElement(DeploymentTargetSelect),
});
}
initAccordion(document.getElementById('js-experimental-setting-accordion'));

3
app/assets/javascripts/work_items/components/shared/work_item_sidebar_dropdown_widget_with_edit.vue
View File

@ -164,7 +164,7 @@ export default {
data-testid="edit-button"
category="tertiary"
size="small"
class="gl-ml-auto gl-mr-2"
class="gl-ml-auto"
:disabled="updateInProgress"
@click="isEditing = true"
>{{ $options.i18n.editButtonLabel }}</gl-button
@ -177,7 +177,6 @@ export default {
data-testid="apply-button"
category="tertiary"
size="small"
class="gl-mr-2"
:disabled="updateInProgress"
@click="isEditing = false"
>{{ $options.i18n.applyButtonLabel }}</gl-button

3
app/assets/javascripts/work_items/components/work_item_due_date_with_edit.vue
View File

@ -219,7 +219,7 @@ export default {
data-testid="edit-button"
category="tertiary"
size="small"
class="gl-ml-auto gl-mr-2"
class="gl-ml-auto"
:disabled="isUpdating"
@click="expandWidget"
>{{ __('Edit') }}</gl-button
@ -234,7 +234,6 @@ export default {
data-testid="apply-button"
category="tertiary"
size="small"
class="gl-mr-2"
:disabled="isUpdating"
@click="collapseWidget"
>{{ __('Apply') }}</gl-button

3
app/assets/javascripts/work_items/components/work_item_parent_with_edit.vue
View File

@ -224,7 +224,7 @@ export default {
data-testid="edit-parent"
category="tertiary"
size="small"
class="gl-ml-auto gl-mr-2"
class="gl-ml-auto"
:disabled="updateInProgress"
@click="isEditing = true"
>{{ __('Edit') }}</gl-button
@ -237,7 +237,6 @@ export default {
data-testid="apply-parent"
category="tertiary"
size="small"
class="gl-mr-2"
:disabled="updateInProgress"
@click="isEditing = false"
>{{ __('Apply') }}</gl-button

1
app/assets/stylesheets/page_bundles/work_items.scss
View File

@ -177,6 +177,7 @@ $work-item-overview-gap-width: 2rem;
top: calc(#{$calc-application-header-height} + #{$work-item-sticky-header-height});
height: calc(#{$calc-application-viewport-height} - #{$work-item-sticky-header-height});
margin-bottom: calc(#{$content-wrapper-padding} * -1);
padding-inline: 0.5rem;
position: sticky;
overflow-y: auto;
overflow-x: hidden;

7
app/components/pajamas/accordion_item_component.html.haml Normal file
View File

@ -0,0 +1,7 @@
.gl-accordion-item
%h3.gl-accordion-item-header
= render Pajamas::ButtonComponent.new(variant: :link, icon: icon, icon_classes: "js-chevron-icon", button_options: { "aria-controls": "accordion-item", "aria-expanded": expanded }) do
= @title
.accordion-item.gl-mt-3.gl-font-base.collapse{ **body_class }
= content

29
app/components/pajamas/accordion_item_component.rb Normal file
View File

@ -0,0 +1,29 @@
# frozen_string_literal: true
# Renders a accordion component
module Pajamas
class AccordionItemComponent < Pajamas::Component
# @param [String] title
# @param [Symbol] state
def initialize(title: nil, state: :closed)
@title = title
@state = filter_attribute(state.to_sym, STATE_OPTIONS)
end
delegate :sprite_icon, to: :helpers
STATE_OPTIONS = [:opened, :closed].freeze
def icon
@state == :opened ? "chevron-down" : "chevron-right"
end
def body_class
@state == :opened ? { class: 'show' } : {}
end
def expanded
@state == :opened
end
end
end

2
app/controllers/users_controller.rb
View File

@ -249,7 +249,7 @@ class UsersController < ApplicationController
end
def load_contributed_projects
@contributed_projects = contributed_projects.joined(user)
@contributed_projects = contributed_projects.with_route.joined(user).page(params[:page]).without_count
prepare_projects_for_rendering(@contributed_projects)
end

28
app/graphql/mutations/branch_rules/delete.rb Normal file
View File

@ -0,0 +1,28 @@
# frozen_string_literal: true
module Mutations
module BranchRules
class Delete < BaseMutation
graphql_name 'BranchRuleDelete'
authorize :destroy_branch_rule
argument :id, ::Types::GlobalIDType[::Projects::BranchRule],
required: true,
description: 'Global ID of the branch rule to destroy.'
field :branch_rule,
::Types::Projects::BranchRuleType,
null: true,
description: 'Branch rule after mutation.'
def resolve(id:)
branch_rule = authorized_find!(id: id)
response = ::BranchRules::DestroyService.new(branch_rule, current_user).execute
{ branch_rule: (branch_rule if response.error?), errors: response.errors }
end
end
end
end

1
app/graphql/types/mutation_type.rb
View File

@ -206,6 +206,7 @@ module Types
mount_mutation Mutations::WorkItems::Subscribe, alpha: { milestone: '16.3' }
mount_mutation Mutations::Admin::AbuseReportLabels::Create, alpha: { milestone: '16.4' }
mount_mutation Mutations::Ml::Models::Create, alpha: { milestone: '16.8' }
mount_mutation Mutations::BranchRules::Delete, alpha: { milestone: '16.9' }
end
end

10
app/models/bulk_imports/failure.rb
View File

@ -12,7 +12,11 @@ class BulkImports::Failure < ApplicationRecord
validates :entity, presence: true
def relation
pipeline_relation || default_relation
importing_relation = pipeline_relation || default_relation
return importing_relation unless subrelation
"#{importing_relation}, #{subrelation}"
end
def exception_message=(message)
@ -27,6 +31,10 @@ class BulkImports::Failure < ApplicationRecord
super(url&.truncate(255, omission: ''))
end
def subrelation=(url)
super(url&.truncate(255, omission: ''))
end
private
def pipeline_relation

1
app/models/ci/job_artifact.rb
View File

@ -15,6 +15,7 @@ module Ci
include Gitlab::Utils::StrongMemoize
self.primary_key = :id
self.sequence_name = :ci_job_artifacts_id_seq
enum accessibility: { public: 0, private: 1 }, _suffix: true

3
app/models/concerns/semantic_versionable.rb
View File

@ -4,11 +4,12 @@ module SemanticVersionable
extend ActiveSupport::Concern
included do
# sets the default value for require_valid_semver to false
self.require_valid_semver = false
validate :semver_format, if: :require_valid_semver?
scope :order_by_semantic_version_desc, -> { order(semver_major: :desc, semver_minor: :desc, semver_patch: :desc) }
scope :order_by_semantic_version_asc, -> { order(semver_major: :asc, semver_minor: :asc, semver_patch: :asc) }
private
def semver_format

2
app/models/group.rb
View File

@ -854,7 +854,7 @@ class Group < Namespace
end
def crm_enabled?
crm_settings&.enabled?
crm_settings.nil? || crm_settings.enabled?
end
def shared_with_group_links_visible_to_user(user)

4
app/models/group/crm_settings.rb
View File

@ -1,10 +1,14 @@
# frozen_string_literal: true
class Group::CrmSettings < ApplicationRecord
include SafelyChangeColumnDefault
self.primary_key = :group_id
self.table_name = 'group_crm_settings'
belongs_to :group, -> { where(type: Group.sti_name) }, foreign_key: 'group_id'
validates :group, presence: true
columns_changing_default :enabled
end

8
app/models/project.rb
View File

@ -2401,12 +2401,8 @@ class Project < ApplicationRecord
end
def has_ci_config_file?
if ::Feature.enabled?(:ci_refactor_has_ci_config_file, self, type: :gitlab_com_derisk)
strong_memoize(:has_ci_config_file) do
ci_config_for('HEAD').present?
end
else
repository.gitlab_ci_yml.present?
strong_memoize(:has_ci_config_file) do
ci_config_for('HEAD').present?
end
end

4
app/models/repository.rb
View File

@ -675,7 +675,6 @@ class Repository
cache_method :gitignore
# Deprecated, use `project.has_ci_config_file?` instead.
# Can be removed with the FF `ci_refactor_has_ci_config_file`.
def gitlab_ci_yml
file_on_head(:gitlab_ci)
end
@ -1296,8 +1295,7 @@ class Repository
end
def blank_ref
return Gitlab::Git::SHA1_BLANK_SHA unless exists? &&
Feature.enabled?(:determine_blank_ref_based_on_gitaly_object_format, project, type: :gitlab_com_derisk)
return Gitlab::Git::SHA1_BLANK_SHA unless exists?
case object_format
when FORMAT_SHA1

3
app/services/gravatar_service.rb
View File

@ -2,13 +2,12 @@
class GravatarService
def execute(email, size = nil, scale = 2, username: nil)
return if Gitlab::FIPS.enabled?
return unless Gitlab::CurrentSettings.gravatar_enabled?
identifier = email.presence || username.presence
return unless identifier
hash = Digest::MD5.hexdigest(identifier.strip.downcase)
hash = Digest::SHA256.hexdigest(identifier.strip.downcase)
size = Groups::GroupMembersHelper::AVATAR_SIZE unless size && size > 0
sprintf gravatar_url,

15
app/views/projects/_new_project_fields.html.haml
View File

@ -93,12 +93,15 @@
= link_to _('Learn more.'), help_page_path('user/application_security/sast/index'), target: '_blank', rel: 'noopener noreferrer', data: { track_action: 'followed' }
- if display_sha256_repository
.form-group
= render Pajamas::CheckboxTagComponent.new(name: 'project[use_sha256_repository]') do |c|
- c.with_label do
= s_('ProjectsNew|Use SHA-256 as the repository hashing algorithm')
- c.with_help_text do
= s_('ProjectsNew|Default hashing algorithm is SHA-1.')
#js-experimental-setting-accordion.form-group.gl-mb-6
= render Pajamas::AccordionItemComponent.new(title: s_("ProjectsNew|Experimental settings"), state: :closed) do
= render Pajamas::CheckboxTagComponent.new(name: 'project[use_sha256_repository]') do |c|
- c.with_label do
= s_('ProjectsNew|Use SHA-256 for repository hashing algorithm')
= render_if_exists 'shared/experimental_badge_tag'
- c.with_help_text do
= s_("ProjectsNew|Might break existing functionality with other repositories or APIs. It's not possible to change SHA-256 repositories back to the default SHA-1 hashing algorithm.")
-# this partial is from JiHu, see details in https://jihulab.com/gitlab-cn/gitlab/-/merge_requests/675
= render_if_exists 'shared/other_project_options', f: f, visibility_level: visibility_level, track_label: track_label

3
app/views/projects/commits/_commit.html.haml
View File

@ -20,6 +20,7 @@
- link_data_attrs = local_assigns.fetch(:link_data_attrs, {})
- link = commit_path(project, commit, merge_request: merge_request)
- show_project_name = local_assigns.fetch(:show_project_name, false)
- toggle_commit_message = _("Toggle commit description")
%li{ class: ["commit flex-row", ("js-toggle-container" if collapsible)], id: "commit-#{commit.short_id}" }
.avatar-cell.d-none.d-sm-block
@ -36,7 +37,7 @@
= commit.short_id
- if commit.description? && collapsible
= render Pajamas::ButtonComponent.new(icon: 'ellipsis_h',
button_options: { class: 'button-ellipsis-horizontal text-expander js-toggle-button', data: { toggle: 'tooltip', container: 'body', collapse_title: _("Toggle commit description"), expand_title: _("Toggle commit description") }, :title => _("Toggle commit description"), aria: { label: _("Toggle commit description") }})
button_options: { class: 'button-ellipsis-horizontal text-expander js-toggle-button', data: { toggle: 'tooltip', container: 'body', collapse_title: toggle_commit_message, expand_title: toggle_commit_message }, title: toggle_commit_message, aria: { label: toggle_commit_message }})
.committer
- commit_author_link = commit_author_link(commit, avatar: false, size: 24)

2
app/views/shared/runners/_shared_runners_description.html.haml
View File

@ -1,4 +1,4 @@
- shared_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: help_page_path('ci/runners/runners_scope', anchor: 'shared-runners') }
- shared_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: help_page_path('ci/runners/runners_scope', anchor: 'instance-runners') }
%h4
= s_('Runners|Instance runners')

9
config/feature_flags/gitlab_com_derisk/ci_refactor_has_ci_config_file.yml
View File

@ -1,9 +0,0 @@
---
name: ci_refactor_has_ci_config_file
feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/26169
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/141990
rollout_issue_url: https://gitlab.com/gitlab-com/gl-infra/production/-/issues/17406
milestone: '16.9'
group: group::pipeline authoring
type: gitlab_com_derisk
default_enabled: false

9
config/feature_flags/gitlab_com_derisk/determine_blank_ref_based_on_gitaly_object_format.yml
View File

@ -1,9 +0,0 @@
---
name: determine_blank_ref_based_on_gitaly_object_format
feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/434693
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/140395
rollout_issue_url: https://gitlab.com/gitlab-com/gl-infra/production/-/issues/17317
milestone: '16.8'
group: group::source code
type: gitlab_com_derisk
default_enabled: false

4
config/gitlab_loose_foreign_keys.yml
View File

@ -334,6 +334,10 @@ projects_visits:
- table: users
column: user_id
on_delete: async_delete
push_rules:
- table: organizations
column: organization_id
on_delete: async_delete
requirements_management_test_reports:
- table: ci_builds
column: build_id

2
config/sidekiq_queues.yml
View File

@ -753,6 +753,8 @@
- 1
- - vulnerabilities_mark_dropped_as_resolved
- 1
- - vulnerabilities_process_transfer_events
- 1
- - vulnerabilities_remove_all_vulnerabilities
- 1
- - vulnerabilities_statistics_adjustment

26
data/deprecations/16-9-markdown-anchors.yml Normal file
View File

@ -0,0 +1,26 @@
- title: "Autogenerated Markdown anchor links with dash (`-`) characters"
# The milestones for the deprecation announcement, and the removal.
removal_milestone: "17.0"
announcement_milestone: "16.9"
# Change breaking_change to false if needed.
breaking_change: true
# The stage and GitLab username of the person reporting the change,
# and a link to the deprecation issue
reporter: digitalmoksha
stage: plan
issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/440733
impact: low # Can be one of: [critical, high, medium, low]
scope: project # Can be one or a combination of: [instance, group, project]
resolution_role: Developer # Can be one of: [Admin, Owner, Maintainer, Developer]
manual_task: true # Can be true or false. Use this to denote whether a resolution action must be performed manually (true), or if it can be automated by using the API or other automation (false).
body: | # (required) Don't change this line.
GitLab automatically creates anchor links for all headings, so you can link to
a specific place in a Markdown document or wiki page. But in some edge cases,
the autogenerated anchor is created with fewer dash (`-`) characters than many users expect.
For example, with a heading with `## Step - 1`, most other Markdown tools and linters would expect `#step---1`.
But GitLab generates an anchor of `#step-1`, with consecutive dashes compressed down to one.
In GitLab 17.0, we will align our autogenerated anchors to the industry standard by no longer stripping consecutive dashes.
If you have Markdown documents and link to headings that could have multiple dashes in 17.0,
you should update the heading to avoid this edge case. With the example above, you
can change `## Step - 1` to `## Step 1` to ensure in-page links continue to work.

17
db/docs/cluster_agent_tokens.yml
View File

@ -7,4 +7,19 @@ feature_categories:
description: Tokens used by cluster agents to connect to GitLab
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/33228
milestone: '13.3'
gitlab_schema: gitlab_main
gitlab_schema: gitlab_main_cell
allow_cross_joins:
- gitlab_main_clusterwide
allow_cross_transactions:
- gitlab_main_clusterwide
allow_cross_foreign_keys:
- gitlab_main_clusterwide
desired_sharding_key:
project_id:
references: projects
backfill_via:
parent:
foreign_key: agent_id
table: cluster_agents
sharding_key: project_id
belongs_to: agent

10
db/docs/csv_issue_imports.yml
View File

@ -7,4 +7,12 @@ feature_categories:
description: Used to report the unique user usage of the CSV Issue Import feature
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/44742
milestone: '13.6'
gitlab_schema: gitlab_main
gitlab_schema: gitlab_main_cell
allow_cross_joins:
- gitlab_main_clusterwide
allow_cross_transactions:
- gitlab_main_clusterwide
allow_cross_foreign_keys:
- gitlab_main_clusterwide
sharding_key:
project_id: projects

17
db/docs/deployment_clusters.yml
View File

@ -7,4 +7,19 @@ feature_categories:
description: "(Deprecated) Join table between `deployments` and `clusters`"
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/24235
milestone: '12.8'
gitlab_schema: gitlab_main
gitlab_schema: gitlab_main_cell
allow_cross_joins:
- gitlab_main_clusterwide
allow_cross_transactions:
- gitlab_main_clusterwide
allow_cross_foreign_keys:
- gitlab_main_clusterwide
desired_sharding_key:
project_id:
references: projects
backfill_via:
parent:
foreign_key: deployment_id
table: deployments
sharding_key: project_id
belongs_to: deployment

5
db/docs/group_import_states.yml
View File

@ -4,7 +4,10 @@ classes:
- GroupImportState
feature_categories:
- importers
description: Used to store and track the group import status when using the Import/Export feature
description: Used to store and track the group import status when using the Import/Export
feature
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/29588
milestone: '13.0'
gitlab_schema: gitlab_main_cell
sharding_key:
group_id: namespaces

10
db/docs/p_ci_job_artifacts.yml Normal file
View File

@ -0,0 +1,10 @@
---
table_name: p_ci_job_artifacts
classes:
- Ci::JobArtifact
feature_categories:
- continuous_integration
description: Routing table for ci_job_artifacts
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/143039
milestone: '16.10'
gitlab_schema: gitlab_ci

10
db/docs/project_export_jobs.yml
View File

@ -7,4 +7,12 @@ feature_categories:
description: Used to track and control project export status
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/23664
milestone: '12.9'
gitlab_schema: gitlab_main
gitlab_schema: gitlab_main_cell
allow_cross_joins:
- gitlab_main_clusterwide
allow_cross_transactions:
- gitlab_main_clusterwide
allow_cross_foreign_keys:
- gitlab_main_clusterwide
sharding_key:
project_id: projects

13
db/docs/project_mirror_data.yml
View File

@ -4,7 +4,16 @@ classes:
- ProjectImportState
feature_categories:
- importers
description: Used to store and track the project import status when using the Import/Export feature
description: Used to store and track the project import status when using the Import/Export
feature
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/commit/0ca479d1ce0eadfcdc0e29d0e18136f5790d5b2f
milestone: '9.3'
gitlab_schema: gitlab_main
gitlab_schema: gitlab_main_cell
allow_cross_joins:
- gitlab_main_clusterwide
allow_cross_transactions:
- gitlab_main_clusterwide
allow_cross_foreign_keys:
- gitlab_main_clusterwide
sharding_key:
project_id: projects

20
db/docs/vulnerability_external_issue_links.yml
View File

@ -4,7 +4,23 @@ classes:
- Vulnerabilities::ExternalIssueLink
feature_categories:
- vulnerability_management
description: Stores information about connections between external issue trackers and vulnerabilities
description: Stores information about connections between external issue trackers
and vulnerabilities
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/48465
milestone: '13.7'
gitlab_schema: gitlab_main
gitlab_schema: gitlab_main_cell
allow_cross_joins:
- gitlab_main_clusterwide
allow_cross_transactions:
- gitlab_main_clusterwide
allow_cross_foreign_keys:
- gitlab_main_clusterwide
desired_sharding_key:
project_id:
references: projects
backfill_via:
parent:
foreign_key: vulnerability_id
table: vulnerabilities
sharding_key: project_id
belongs_to: vulnerability

17
db/docs/vulnerability_finding_evidences.yml
View File

@ -7,4 +7,19 @@ feature_categories:
description: Stores evidence used to identify presence of a vulnerability
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/56790
milestone: '13.11'
gitlab_schema: gitlab_main
gitlab_schema: gitlab_main_cell
allow_cross_joins:
- gitlab_main_clusterwide
allow_cross_transactions:
- gitlab_main_clusterwide
allow_cross_foreign_keys:
- gitlab_main_clusterwide
desired_sharding_key:
project_id:
references: projects
backfill_via:
parent:
foreign_key: vulnerability_occurrence_id
table: vulnerability_occurrences
sharding_key: project_id
belongs_to: finding

17
db/docs/vulnerability_finding_links.yml
View File

@ -7,4 +7,19 @@ feature_categories:
description: Stores URLs relevant to the vulnerability findings
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/46555
milestone: '13.6'
gitlab_schema: gitlab_main
gitlab_schema: gitlab_main_cell
allow_cross_joins:
- gitlab_main_clusterwide
allow_cross_transactions:
- gitlab_main_clusterwide
allow_cross_foreign_keys:
- gitlab_main_clusterwide
desired_sharding_key:
project_id:
references: projects
backfill_via:
parent:
foreign_key: vulnerability_occurrence_id
table: vulnerability_occurrences
sharding_key: project_id
belongs_to: finding

20
db/docs/vulnerability_finding_signatures.yml
View File

@ -4,7 +4,23 @@ classes:
- Vulnerabilities::FindingSignature
feature_categories:
- vulnerability_management
description: Stores signatures of vulnerability locations which are used to improve tracking
description: Stores signatures of vulnerability locations which are used to improve
tracking
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/57840
milestone: '13.11'
gitlab_schema: gitlab_main
gitlab_schema: gitlab_main_cell
allow_cross_joins:
- gitlab_main_clusterwide
allow_cross_transactions:
- gitlab_main_clusterwide
allow_cross_foreign_keys:
- gitlab_main_clusterwide
desired_sharding_key:
project_id:
references: projects
backfill_via:
parent:
foreign_key: finding_id
table: vulnerability_occurrences
sharding_key: project_id
belongs_to: finding

20
db/docs/vulnerability_flags.yml
View File

@ -4,7 +4,23 @@ classes:
- Vulnerabilities::Flag
feature_categories:
- vulnerability_management
description: Stores additional information for vulnerabilities, for example if a vulnerability is identified as a false positive
description: Stores additional information for vulnerabilities, for example if a vulnerability
is identified as a false positive
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/65573
milestone: '14.1'
gitlab_schema: gitlab_main
gitlab_schema: gitlab_main_cell
allow_cross_joins:
- gitlab_main_clusterwide
allow_cross_transactions:
- gitlab_main_clusterwide
allow_cross_foreign_keys:
- gitlab_main_clusterwide
desired_sharding_key:
project_id:
references: projects
backfill_via:
parent:
foreign_key: vulnerability_occurrence_id
table: vulnerability_occurrences
sharding_key: project_id
belongs_to: finding

17
db/docs/vulnerability_issue_links.yml
View File

@ -7,4 +7,19 @@ feature_categories:
description: Join table between Vulnerabilities and Issues
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/19852
milestone: '12.5'
gitlab_schema: gitlab_main
gitlab_schema: gitlab_main_cell
allow_cross_joins:
- gitlab_main_clusterwide
allow_cross_transactions:
- gitlab_main_clusterwide
allow_cross_foreign_keys:
- gitlab_main_clusterwide
desired_sharding_key:
project_id:
references: projects
backfill_via:
parent:
foreign_key: vulnerability_id
table: vulnerabilities
sharding_key: project_id
belongs_to: vulnerability

17
db/docs/vulnerability_merge_request_links.yml
View File

@ -7,4 +7,19 @@ feature_categories:
description: Join table between Vulnerabilities and Merge Requests
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/92096
milestone: '15.2'
gitlab_schema: gitlab_main
gitlab_schema: gitlab_main_cell
allow_cross_joins:
- gitlab_main_clusterwide
allow_cross_transactions:
- gitlab_main_clusterwide
allow_cross_foreign_keys:
- gitlab_main_clusterwide
desired_sharding_key:
project_id:
references: projects
backfill_via:
parent:
foreign_key: vulnerability_id
table: vulnerabilities
sharding_key: project_id
belongs_to: vulnerability

17
db/docs/vulnerability_occurrence_identifiers.yml
View File

@ -7,4 +7,19 @@ feature_categories:
description: Join table between Findings and Identifiers
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/6896
milestone: '11.4'
gitlab_schema: gitlab_main
gitlab_schema: gitlab_main_cell
allow_cross_joins:
- gitlab_main_clusterwide
allow_cross_transactions:
- gitlab_main_clusterwide
allow_cross_foreign_keys:
- gitlab_main_clusterwide
desired_sharding_key:
project_id:
references: projects
backfill_via:
parent:
foreign_key: occurrence_id
table: vulnerability_occurrences
sharding_key: project_id
belongs_to: finding

17
db/docs/vulnerability_occurrence_pipelines.yml
View File

@ -7,4 +7,19 @@ feature_categories:
description: Join table between Findings and Pipelines
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/7578
milestone: '11.5'
gitlab_schema: gitlab_main
gitlab_schema: gitlab_main_cell
allow_cross_joins:
- gitlab_main_clusterwide
allow_cross_transactions:
- gitlab_main_clusterwide
allow_cross_foreign_keys:
- gitlab_main_clusterwide
desired_sharding_key:
project_id:
references: projects
backfill_via:
parent:
foreign_key: occurrence_id
table: vulnerability_occurrences
sharding_key: project_id
belongs_to: finding

17
db/docs/vulnerability_state_transitions.yml
View File

@ -7,4 +7,19 @@ feature_categories:
description: Stores state transitions of a Vulnerability
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/87957
milestone: '15.1'
gitlab_schema: gitlab_main
gitlab_schema: gitlab_main_cell
allow_cross_joins:
- gitlab_main_clusterwide
allow_cross_transactions:
- gitlab_main_clusterwide
allow_cross_foreign_keys:
- gitlab_main_clusterwide
desired_sharding_key:
project_id:
references: projects
backfill_via:
parent:
foreign_key: vulnerability_id
table: vulnerabilities
sharding_key: project_id
belongs_to: vulnerability

17
db/docs/vulnerability_user_mentions.yml
View File

@ -7,4 +7,19 @@ feature_categories:
description: Stores notes for a given vulnerability
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/27515
milestone: '13.0'
gitlab_schema: gitlab_main
gitlab_schema: gitlab_main_cell
allow_cross_joins:
- gitlab_main_clusterwide
allow_cross_transactions:
- gitlab_main_clusterwide
allow_cross_foreign_keys:
- gitlab_main_clusterwide
desired_sharding_key:
project_id:
references: projects
backfill_via:
parent:
foreign_key: vulnerability_id
table: vulnerabilities
sharding_key: project_id
belongs_to: vulnerability

11
db/migrate/20240126095808_add_subrelation_column_to_bulk_import_failures.rb Normal file
View File

@ -0,0 +1,11 @@
# frozen_string_literal: true
class AddSubrelationColumnToBulkImportFailures < Gitlab::Database::Migration[2.2]
milestone '16.9'
# rubocop:disable Migration/AddLimitToTextColumns -- added in a separate migration
def change
add_column :bulk_import_failures, :subrelation, :text
end
# rubocop:enable Migration/AddLimitToTextColumns
end

14
db/migrate/20240126100509_add_text_limit_to_bulk_import_failures_subrelation_column.rb Normal file
View File

@ -0,0 +1,14 @@
# frozen_string_literal: true
class AddTextLimitToBulkImportFailuresSubrelationColumn < Gitlab::Database::Migration[2.2]
milestone '16.9'
disable_ddl_transaction!
def up
add_text_limit :bulk_import_failures, :subrelation, 255
end
def down
remove_text_limit :bulk_import_failures, :subrelation
end
end

21
db/migrate/20240201141351_add_organization_id_to_push_rules.rb Normal file
View File

@ -0,0 +1,21 @@
# frozen_string_literal: true
class AddOrganizationIdToPushRules < Gitlab::Database::Migration[2.2]
milestone '16.9'
INDEX_NAME = 'index_push_rules_on_organization_id'
disable_ddl_transaction!
def up
add_column :push_rules, :organization_id, :bigint, null: true
add_concurrent_index :push_rules, :organization_id, name: INDEX_NAME
end
def down
remove_concurrent_index_by_name :push_rules, INDEX_NAME
remove_column :push_rules, :organization_id
end
end

18
db/migrate/20240201141705_assign_default_organization_id_to_push_rules.rb Normal file
View File

@ -0,0 +1,18 @@
# frozen_string_literal: true
class AssignDefaultOrganizationIdToPushRules < Gitlab::Database::Migration[2.2]
DEFAULT_ORGANIZATION_ID = 1
restrict_gitlab_migration gitlab_schema: :gitlab_main
enable_lock_retries!
milestone '16.9'
def up
execute "UPDATE push_rules SET organization_id = #{DEFAULT_ORGANIZATION_ID} WHERE is_sample = true"
end
def down
execute 'UPDATE push_rules SET organization_id = NULL WHERE is_sample = true'
end
end

84
db/post_migrate/20240129082324_partition_ci_job_artifacts_add_fk_to_ci_builds.rb Normal file
View File

@ -0,0 +1,84 @@
# frozen_string_literal: true
class PartitionCiJobArtifactsAddFkToCiBuilds < Gitlab::Database::Migration[2.2]
include Gitlab::Database::PartitioningMigrationHelpers::TableManagementHelpers
milestone '16.10'
disable_ddl_transaction!
TABLE_NAME = :ci_job_artifacts
PARENT_TABLE_NAME = :p_ci_job_artifacts
FIRST_PARTITION = [100, 101]
PARTITION_COLUMN = :partition_id
BUILDS_TABLE = :p_ci_builds
def up
convert_table_to_first_list_partition(
table_name: TABLE_NAME,
partitioning_column: PARTITION_COLUMN,
parent_table_name: PARENT_TABLE_NAME,
initial_partitioning_value: FIRST_PARTITION
)
end
def down
# rubocop:disable Migration/WithLockRetriesDisallowedMethod -- we're calling methods defined here
with_lock_retries(raise_on_exhaustion: true) do
drop_foreign_key
execute(<<~SQL)
ALTER TABLE #{PARENT_TABLE_NAME} DETACH PARTITION #{TABLE_NAME};
ALTER SEQUENCE ci_job_artifacts_id_seq OWNED BY #{TABLE_NAME}.id;
SQL
drop_table PARENT_TABLE_NAME
recreate_foreign_key
end
# rubocop:enable Migration/WithLockRetriesDisallowedMethod
finalize_foreign_key_creation
prepare_constraint_for_list_partitioning(
table_name: TABLE_NAME,
partitioning_column: PARTITION_COLUMN,
parent_table_name: PARENT_TABLE_NAME,
initial_partitioning_value: FIRST_PARTITION
)
end
private
def foreign_key
@foreign_key ||= Gitlab::Database::PostgresForeignKey
.by_constrained_table_name(PARENT_TABLE_NAME)
.by_referenced_table_name(BUILDS_TABLE)
.first
end
def drop_foreign_key
raise "Expected to find a foreign key between #{PARENT_TABLE_NAME} and #{BUILDS_TABLE}" unless foreign_key.present?
remove_foreign_key_if_exists PARENT_TABLE_NAME, name: foreign_key.name
end
def recreate_foreign_key
execute(<<~SQL)
ALTER TABLE #{TABLE_NAME}
ADD CONSTRAINT #{foreign_key.name} FOREIGN KEY (partition_id, job_id)
REFERENCES #{BUILDS_TABLE}(partition_id, id)
ON UPDATE CASCADE ON DELETE CASCADE NOT VALID;
SQL
end
def finalize_foreign_key_creation
fk = foreign_key || new_foreign_key
validate_foreign_key TABLE_NAME, nil, name: fk.name
end
def new_foreign_key
Gitlab::Database::PostgresForeignKey
.by_constrained_table_name(TABLE_NAME)
.by_referenced_table_name(BUILDS_TABLE)
.first
end
end

11
db/post_migrate/20240207130350_change_group_crm_settings_enabled_default.rb Normal file
View File

@ -0,0 +1,11 @@
# frozen_string_literal: true
class ChangeGroupCrmSettingsEnabledDefault < Gitlab::Database::Migration[2.2]
milestone '16.9'
enable_lock_retries!
def change
change_column_default('group_crm_settings', 'enabled', from: false, to: true)
end
end

31
db/post_migrate/20240208094017_add_partitioning_constraint_for_ci_stages.rb Normal file
View File

@ -0,0 +1,31 @@
# frozen_string_literal: true
class AddPartitioningConstraintForCiStages < Gitlab::Database::Migration[2.2]
include Gitlab::Database::PartitioningMigrationHelpers::TableManagementHelpers
milestone '16.10'
disable_ddl_transaction!
TABLE_NAME = :ci_stages
PARENT_TABLE_NAME = :p_ci_stages
FIRST_PARTITION = [100, 101]
PARTITION_COLUMN = :partition_id
def up
prepare_constraint_for_list_partitioning(
table_name: TABLE_NAME,
partitioning_column: PARTITION_COLUMN,
parent_table_name: PARENT_TABLE_NAME,
initial_partitioning_value: FIRST_PARTITION,
async: true
)
end
def down
revert_preparing_constraint_for_list_partitioning(
table_name: TABLE_NAME,
partitioning_column: PARTITION_COLUMN,
parent_table_name: PARENT_TABLE_NAME,
initial_partitioning_value: FIRST_PARTITION
)
end
end

1
db/schema_migrations/20240126095808 Normal file
View File

@ -0,0 +1 @@
d76973ec94918d5c96c95fb98b76e89ec1ea762b98ed8b2859be69441313adb4

1
db/schema_migrations/20240126100509 Normal file
View File

@ -0,0 +1 @@
6d39c0690922407f3abef747fa9d7e50a7be65d8a0351276616d2a8858a6927e

1
db/schema_migrations/20240129082324 Normal file
View File

@ -0,0 +1 @@
330758b6a63cd5f4e5f1de986c99082c502e9499568bf600765eba2e8a7eee0e

1
db/schema_migrations/20240201141351 Normal file
View File

@ -0,0 +1 @@
633790bdc2e2024ff5a88bd7c69854d847f5bd5e057aa994fd9139f48c3648c8

1
db/schema_migrations/20240201141705 Normal file
View File

@ -0,0 +1 @@
d30b986a177b8a2806a6f0e307a6d17a4e40db895794e988b10379a9c200b090

1
db/schema_migrations/20240207130350 Normal file
View File

@ -0,0 +1 @@
555c4cad3d4d75edd6bc75e504ebd551a6f51172b267a3924bcc75ada25d1775

1
db/schema_migrations/20240208094017 Normal file
View File

@ -0,0 +1 @@
74cf13414b035b623dd44401794ac00e0377b1340110a9719f4f9e73cf6a21b4

117
db/structure.sql
View File

@ -13983,13 +13983,15 @@ CREATE TABLE bulk_import_failures (
pipeline_step text,
source_url text,
source_title text,
subrelation text,
CONSTRAINT check_053d65c7a4 CHECK ((char_length(pipeline_class) <= 255)),
CONSTRAINT check_6eca8f972e CHECK ((char_length(exception_message) <= 255)),
CONSTRAINT check_721a422375 CHECK ((char_length(pipeline_step) <= 255)),
CONSTRAINT check_74414228d4 CHECK ((char_length(source_title) <= 255)),
CONSTRAINT check_c7dba8398e CHECK ((char_length(exception_class) <= 255)),
CONSTRAINT check_e035a720ad CHECK ((char_length(source_url) <= 255)),
CONSTRAINT check_e787285882 CHECK ((char_length(correlation_id_value) <= 255))
CONSTRAINT check_e787285882 CHECK ((char_length(correlation_id_value) <= 255)),
CONSTRAINT check_f99665a440 CHECK ((char_length(subrelation) <= 255))
);
CREATE SEQUENCE bulk_import_failures_id_seq
@ -14496,7 +14498,7 @@ CREATE TABLE ci_job_artifact_states (
CONSTRAINT check_df832b66ea CHECK ((char_length(verification_failure) <= 255))
);
CREATE TABLE ci_job_artifacts (
CREATE TABLE p_ci_job_artifacts (
project_id integer NOT NULL,
file_type integer NOT NULL,
size bigint,
@ -14515,9 +14517,9 @@ CREATE TABLE ci_job_artifacts (
accessibility smallint DEFAULT 0 NOT NULL,
file_final_path text,
CONSTRAINT check_27f0f6dbab CHECK ((file_store IS NOT NULL)),
CONSTRAINT check_9f04410cf4 CHECK ((char_length(file_final_path) <= 1024)),
CONSTRAINT partitioning_constraint CHECK ((partition_id = ANY (ARRAY[(100)::bigint, (101)::bigint])))
);
CONSTRAINT check_9f04410cf4 CHECK ((char_length(file_final_path) <= 1024))
)
PARTITION BY LIST (partition_id);
CREATE SEQUENCE ci_job_artifacts_id_seq
START WITH 1
@ -14526,7 +14528,29 @@ CREATE SEQUENCE ci_job_artifacts_id_seq
NO MAXVALUE
CACHE 1;
ALTER SEQUENCE ci_job_artifacts_id_seq OWNED BY ci_job_artifacts.id;
ALTER SEQUENCE ci_job_artifacts_id_seq OWNED BY p_ci_job_artifacts.id;
CREATE TABLE ci_job_artifacts (
project_id integer NOT NULL,
file_type integer NOT NULL,
size bigint,
created_at timestamp with time zone NOT NULL,
updated_at timestamp with time zone NOT NULL,
expire_at timestamp with time zone,
file character varying,
file_store integer DEFAULT 1,
file_sha256 bytea,
file_format smallint,
file_location smallint,
id bigint DEFAULT nextval('ci_job_artifacts_id_seq'::regclass) NOT NULL,
job_id bigint NOT NULL,
locked smallint DEFAULT 2,
partition_id bigint NOT NULL,
accessibility smallint DEFAULT 0 NOT NULL,
file_final_path text,
CONSTRAINT check_27f0f6dbab CHECK ((file_store IS NOT NULL)),
CONSTRAINT check_9f04410cf4 CHECK ((char_length(file_final_path) <= 1024))
);
CREATE TABLE ci_job_token_group_scope_links (
id bigint NOT NULL,
@ -17735,7 +17759,7 @@ CREATE TABLE group_crm_settings (
group_id bigint NOT NULL,
created_at timestamp with time zone NOT NULL,
updated_at timestamp with time zone NOT NULL,
enabled boolean DEFAULT false NOT NULL
enabled boolean DEFAULT true NOT NULL
);
CREATE SEQUENCE group_crm_settings_group_id_seq
@ -23185,6 +23209,7 @@ CREATE TABLE push_rules (
commit_message_negative_regex character varying,
reject_non_dco_commits boolean,
commit_committer_name_check boolean DEFAULT false NOT NULL,
organization_id bigint,
CONSTRAINT author_email_regex_size_constraint CHECK ((char_length((author_email_regex)::text) <= 511)),
CONSTRAINT branch_name_regex_size_constraint CHECK ((char_length((branch_name_regex)::text) <= 511)),
CONSTRAINT commit_message_negative_regex_size_constraint CHECK ((char_length((commit_message_negative_regex)::text) <= 2047)),
@ -26964,6 +26989,8 @@ ALTER TABLE ONLY p_ci_builds ATTACH PARTITION ci_builds FOR VALUES IN ('100');
ALTER TABLE ONLY p_ci_builds_metadata ATTACH PARTITION ci_builds_metadata FOR VALUES IN ('100');
ALTER TABLE ONLY p_ci_job_artifacts ATTACH PARTITION ci_job_artifacts FOR VALUES IN ('100', '101');
ALTER TABLE ONLY p_ci_pipeline_variables ATTACH PARTITION ci_pipeline_variables FOR VALUES IN ('100', '101');
ALTER TABLE ONLY abuse_events ALTER COLUMN id SET DEFAULT nextval('abuse_events_id_seq'::regclass);
@ -27180,8 +27207,6 @@ ALTER TABLE ONLY ci_group_variables ALTER COLUMN id SET DEFAULT nextval('ci_grou
ALTER TABLE ONLY ci_instance_variables ALTER COLUMN id SET DEFAULT nextval('ci_instance_variables_id_seq'::regclass);
ALTER TABLE ONLY ci_job_artifacts ALTER COLUMN id SET DEFAULT nextval('ci_job_artifacts_id_seq'::regclass);
ALTER TABLE ONLY ci_job_token_group_scope_links ALTER COLUMN id SET DEFAULT nextval('ci_job_token_group_scope_links_id_seq'::regclass);
ALTER TABLE ONLY ci_job_token_project_scope_links ALTER COLUMN id SET DEFAULT nextval('ci_job_token_project_scope_links_id_seq'::regclass);
@ -27714,6 +27739,8 @@ ALTER TABLE ONLY p_ci_builds_metadata ALTER COLUMN id SET DEFAULT nextval('ci_bu
ALTER TABLE ONLY p_ci_job_annotations ALTER COLUMN id SET DEFAULT nextval('p_ci_job_annotations_id_seq'::regclass);
ALTER TABLE ONLY p_ci_job_artifacts ALTER COLUMN id SET DEFAULT nextval('ci_job_artifacts_id_seq'::regclass);
ALTER TABLE ONLY packages_build_infos ALTER COLUMN id SET DEFAULT nextval('packages_build_infos_id_seq'::regclass);
ALTER TABLE ONLY packages_composer_cache_files ALTER COLUMN id SET DEFAULT nextval('packages_composer_cache_files_id_seq'::regclass);
@ -29267,6 +29294,9 @@ ALTER TABLE ONLY ci_instance_variables
ALTER TABLE ONLY ci_job_artifact_states
ADD CONSTRAINT ci_job_artifact_states_pkey PRIMARY KEY (job_artifact_id);
ALTER TABLE ONLY p_ci_job_artifacts
ADD CONSTRAINT p_ci_job_artifacts_pkey PRIMARY KEY (id, partition_id);
ALTER TABLE ONLY ci_job_artifacts
ADD CONSTRAINT ci_job_artifacts_pkey PRIMARY KEY (id, partition_id);
@ -30338,6 +30368,9 @@ ALTER TABLE ONLY pages_domain_acme_orders
ALTER TABLE ONLY pages_domains
ADD CONSTRAINT pages_domains_pkey PRIMARY KEY (id);
ALTER TABLE ci_stages
ADD CONSTRAINT partitioning_constraint CHECK ((partition_id = ANY (ARRAY[(100)::bigint, (101)::bigint]))) NOT VALID;
ALTER TABLE ONLY path_locks
ADD CONSTRAINT path_locks_pkey PRIMARY KEY (id);
@ -32425,6 +32458,8 @@ CREATE INDEX idx_award_emoji_on_user_emoji_name_awardable_type_awardable_id ON a
CREATE INDEX idx_build_artifacts_size_refreshes_state_updated_at ON project_build_artifacts_size_refreshes USING btree (state, updated_at);
CREATE UNIQUE INDEX p_ci_job_artifacts_job_id_file_type_partition_id_idx ON ONLY p_ci_job_artifacts USING btree (job_id, file_type, partition_id);
CREATE UNIQUE INDEX idx_ci_job_artifacts_on_job_id_file_type_and_partition_id_uniq ON ci_job_artifacts USING btree (job_id, file_type, partition_id);
CREATE INDEX idx_ci_pipelines_artifacts_locked ON ci_pipelines USING btree (ci_ref_id, id) WHERE (locked = 1);
@ -33155,30 +33190,56 @@ CREATE UNIQUE INDEX index_ci_instance_variables_on_key ON ci_instance_variables
CREATE INDEX index_ci_job_artifact_states_on_job_artifact_id_partition_id ON ci_job_artifact_states USING btree (job_artifact_id, partition_id);
CREATE INDEX p_ci_job_artifacts_expire_at_idx ON ONLY p_ci_job_artifacts USING btree (expire_at) WHERE ((locked = 0) AND (file_type <> 3) AND (expire_at IS NOT NULL));
CREATE INDEX index_ci_job_artifacts_expire_at_unlocked_non_trace ON ci_job_artifacts USING btree (expire_at) WHERE ((locked = 0) AND (file_type <> 3) AND (expire_at IS NOT NULL));
CREATE INDEX p_ci_job_artifacts_project_id_id_idx ON ONLY p_ci_job_artifacts USING btree (project_id, id) WHERE (file_type = 18);
CREATE INDEX index_ci_job_artifacts_for_terraform_reports ON ci_job_artifacts USING btree (project_id, id) WHERE (file_type = 18);
CREATE INDEX p_ci_job_artifacts_id_idx ON ONLY p_ci_job_artifacts USING btree (id) WHERE (file_type = 18);
CREATE INDEX index_ci_job_artifacts_id_for_terraform_reports ON ci_job_artifacts USING btree (id) WHERE (file_type = 18);
CREATE INDEX p_ci_job_artifacts_expire_at_job_id_idx ON ONLY p_ci_job_artifacts USING btree (expire_at, job_id);
CREATE INDEX index_ci_job_artifacts_on_expire_at_and_job_id ON ci_job_artifacts USING btree (expire_at, job_id);
CREATE INDEX p_ci_job_artifacts_file_final_path_idx ON ONLY p_ci_job_artifacts USING btree (file_final_path) WHERE (file_final_path IS NOT NULL);
CREATE INDEX index_ci_job_artifacts_on_file_final_path ON ci_job_artifacts USING btree (file_final_path) WHERE (file_final_path IS NOT NULL);
CREATE INDEX p_ci_job_artifacts_file_store_idx ON ONLY p_ci_job_artifacts USING btree (file_store);
CREATE INDEX index_ci_job_artifacts_on_file_store ON ci_job_artifacts USING btree (file_store);
CREATE INDEX p_ci_job_artifacts_file_type_project_id_created_at_idx ON ONLY p_ci_job_artifacts USING btree (file_type, project_id, created_at) WHERE (file_type = ANY (ARRAY[5, 6, 8, 23]));
CREATE INDEX index_ci_job_artifacts_on_file_type_for_devops_adoption ON ci_job_artifacts USING btree (file_type, project_id, created_at) WHERE (file_type = ANY (ARRAY[5, 6, 8, 23]));
CREATE INDEX p_ci_job_artifacts_project_id_created_at_id_idx ON ONLY p_ci_job_artifacts USING btree (project_id, created_at, id);
CREATE INDEX index_ci_job_artifacts_on_id_project_id_and_created_at ON ci_job_artifacts USING btree (project_id, created_at, id);
CREATE INDEX p_ci_job_artifacts_project_id_file_type_id_idx ON ONLY p_ci_job_artifacts USING btree (project_id, file_type, id);
CREATE INDEX index_ci_job_artifacts_on_id_project_id_and_file_type ON ci_job_artifacts USING btree (project_id, file_type, id);
CREATE INDEX p_ci_job_artifacts_partition_id_job_id_idx ON ONLY p_ci_job_artifacts USING btree (partition_id, job_id);
CREATE INDEX index_ci_job_artifacts_on_partition_id_job_id ON ci_job_artifacts USING btree (partition_id, job_id);
CREATE INDEX p_ci_job_artifacts_project_id_idx ON ONLY p_ci_job_artifacts USING btree (project_id);
CREATE INDEX index_ci_job_artifacts_on_project_id ON ci_job_artifacts USING btree (project_id);
CREATE INDEX p_ci_job_artifacts_project_id_id_idx1 ON ONLY p_ci_job_artifacts USING btree (project_id, id);
CREATE INDEX index_ci_job_artifacts_on_project_id_and_id ON ci_job_artifacts USING btree (project_id, id);
CREATE INDEX p_ci_job_artifacts_project_id_idx1 ON ONLY p_ci_job_artifacts USING btree (project_id) WHERE (file_type = ANY (ARRAY[5, 6, 7, 8]));
CREATE INDEX index_ci_job_artifacts_on_project_id_for_security_reports ON ci_job_artifacts USING btree (project_id) WHERE (file_type = ANY (ARRAY[5, 6, 7, 8]));
CREATE INDEX index_ci_job_token_group_scope_links_on_added_by_id ON ci_job_token_group_scope_links USING btree (added_by_id);
@ -35361,6 +35422,8 @@ CREATE UNIQUE INDEX index_protected_tags_on_project_id_and_name ON protected_tag
CREATE INDEX index_push_rules_on_is_sample ON push_rules USING btree (is_sample) WHERE is_sample;
CREATE INDEX index_push_rules_on_organization_id ON push_rules USING btree (organization_id);
CREATE INDEX index_push_rules_on_project_id ON push_rules USING btree (project_id);
CREATE UNIQUE INDEX index_raw_usage_data_on_recorded_at ON raw_usage_data USING btree (recorded_at);
@ -36297,6 +36360,8 @@ CREATE INDEX p_ci_builds_scheduled_at_idx ON ONLY p_ci_builds USING btree (sched
CREATE UNIQUE INDEX p_ci_builds_token_encrypted_partition_id_idx ON ONLY p_ci_builds USING btree (token_encrypted, partition_id) WHERE (token_encrypted IS NOT NULL);
CREATE INDEX p_ci_job_artifacts_expire_at_job_id_idx1 ON ONLY p_ci_job_artifacts USING btree (expire_at, job_id) WHERE ((locked = 2) AND (expire_at IS NOT NULL));
CREATE INDEX package_name_index ON packages_packages USING btree (name);
CREATE INDEX packages_packages_failed_verification ON packages_package_files USING btree (verification_retry_at NULLS FIRST) WHERE (verification_state = 3);
@ -38177,8 +38242,12 @@ ALTER INDEX p_ci_builds_metadata_pkey ATTACH PARTITION ci_builds_metadata_pkey;
ALTER INDEX p_ci_builds_pkey ATTACH PARTITION ci_builds_pkey;
ALTER INDEX p_ci_job_artifacts_pkey ATTACH PARTITION ci_job_artifacts_pkey;
ALTER INDEX p_ci_pipeline_variables_pkey ATTACH PARTITION ci_pipeline_variables_pkey;
ALTER INDEX p_ci_job_artifacts_job_id_file_type_partition_id_idx ATTACH PARTITION idx_ci_job_artifacts_on_job_id_file_type_and_partition_id_uniq;
ALTER INDEX p_ci_builds_commit_id_bigint_artifacts_expire_at_id_idx ATTACH PARTITION index_357cc39ca4;
ALTER INDEX p_ci_builds_upstream_pipeline_id_bigint_idx ATTACH PARTITION index_89477d6012;
@ -38229,6 +38298,32 @@ ALTER INDEX p_ci_builds_project_id_status_idx ATTACH PARTITION index_ci_builds_p
ALTER INDEX p_ci_builds_runner_id_idx ATTACH PARTITION index_ci_builds_runner_id_running;
ALTER INDEX p_ci_job_artifacts_expire_at_idx ATTACH PARTITION index_ci_job_artifacts_expire_at_unlocked_non_trace;
ALTER INDEX p_ci_job_artifacts_project_id_id_idx ATTACH PARTITION index_ci_job_artifacts_for_terraform_reports;
ALTER INDEX p_ci_job_artifacts_id_idx ATTACH PARTITION index_ci_job_artifacts_id_for_terraform_reports;
ALTER INDEX p_ci_job_artifacts_expire_at_job_id_idx ATTACH PARTITION index_ci_job_artifacts_on_expire_at_and_job_id;
ALTER INDEX p_ci_job_artifacts_file_final_path_idx ATTACH PARTITION index_ci_job_artifacts_on_file_final_path;
ALTER INDEX p_ci_job_artifacts_file_store_idx ATTACH PARTITION index_ci_job_artifacts_on_file_store;
ALTER INDEX p_ci_job_artifacts_file_type_project_id_created_at_idx ATTACH PARTITION index_ci_job_artifacts_on_file_type_for_devops_adoption;
ALTER INDEX p_ci_job_artifacts_project_id_created_at_id_idx ATTACH PARTITION index_ci_job_artifacts_on_id_project_id_and_created_at;
ALTER INDEX p_ci_job_artifacts_project_id_file_type_id_idx ATTACH PARTITION index_ci_job_artifacts_on_id_project_id_and_file_type;
ALTER INDEX p_ci_job_artifacts_partition_id_job_id_idx ATTACH PARTITION index_ci_job_artifacts_on_partition_id_job_id;
ALTER INDEX p_ci_job_artifacts_project_id_idx ATTACH PARTITION index_ci_job_artifacts_on_project_id;
ALTER INDEX p_ci_job_artifacts_project_id_id_idx1 ATTACH PARTITION index_ci_job_artifacts_on_project_id_and_id;
ALTER INDEX p_ci_job_artifacts_project_id_idx1 ATTACH PARTITION index_ci_job_artifacts_on_project_id_for_security_reports;
ALTER INDEX p_ci_builds_commit_id_bigint_type_ref_idx ATTACH PARTITION index_fc42f73fa6;
ALTER INDEX p_ci_builds_commit_id_bigint_type_name_ref_idx ATTACH PARTITION index_feafb4d370;
@ -38245,6 +38340,8 @@ ALTER INDEX p_ci_builds_name_id_idx ATTACH PARTITION index_security_ci_builds_on
ALTER INDEX p_ci_builds_scheduled_at_idx ATTACH PARTITION partial_index_ci_builds_on_scheduled_at_with_scheduled_jobs;
ALTER INDEX p_ci_job_artifacts_expire_at_job_id_idx1 ATTACH PARTITION tmp_index_ci_job_artifacts_on_expire_at_where_locked_unknown;
ALTER INDEX p_ci_builds_token_encrypted_partition_id_idx ATTACH PARTITION unique_ci_builds_token_encrypted_and_partition_id;
CREATE TRIGGER assign_p_ci_builds_id_trigger BEFORE INSERT ON p_ci_builds FOR EACH ROW EXECUTE FUNCTION assign_p_ci_builds_id_value();
@ -40946,7 +41043,7 @@ ALTER TABLE ONLY related_epic_links
ALTER TABLE ONLY boards_epic_board_recent_visits
ADD CONSTRAINT fk_rails_c4dcba4a3e FOREIGN KEY (group_id) REFERENCES namespaces(id) ON DELETE CASCADE;
ALTER TABLE ONLY ci_job_artifacts
ALTER TABLE p_ci_job_artifacts
ADD CONSTRAINT fk_rails_c5137cb2c1_p FOREIGN KEY (partition_id, job_id) REFERENCES p_ci_builds(partition_id, id) ON UPDATE CASCADE ON DELETE CASCADE;
ALTER TABLE ONLY organization_settings

6
doc/administration/cicd.md
View File

@ -105,18 +105,18 @@ to a cron value of `0 */12 * * *` (`00:00` and `12:00` every day).
You can disable some important but computationally expensive parts of the application
to relieve stress on the database during ongoing downtime.
### Disable fair scheduling on shared runners
### Disable fair scheduling on instance runners
When clearing a large backlog of jobs, you can temporarily enable the `ci_queueing_disaster_recovery_disable_fair_scheduling`
[feature flag](../administration/feature_flags.md). This flag disables fair scheduling
on shared runners, which reduces system resource usage on the `jobs/request` endpoint.
on instance runners, which reduces system resource usage on the `jobs/request` endpoint.
When enabled, jobs are processed in the order they were put in the system, instead of
balanced across many projects.
### Disable compute quota enforcement
To disable the enforcement of [compute quotas](../ci/pipelines/cicd_minutes.md) on shared runners, you can temporarily
To disable the enforcement of [compute quotas](../ci/pipelines/cicd_minutes.md) on instance runners, you can temporarily
enable the `ci_queueing_disaster_recovery_disable_quota` [feature flag](../administration/feature_flags.md).
This flag reduces system resource usage on the `jobs/request` endpoint.

5
doc/administration/libravatar.md
View File

@ -18,13 +18,8 @@ other websites. The Libravatar API is
switch to the Libravatar avatar service or even your own Libravatar
server.
You cannot use any Libravatar service including Gravatar in [FIPS mode](../development/fips_compliance.md).
## Change the Libravatar service to your own service
NOTE:
You can use only the MD5 hash in the URL for the Libravatar service. See [issue 370057](https://gitlab.com/gitlab-org/gitlab/-/issues/370057) for adding SHA-256 support.
In the [`gitlab.yml` gravatar section](https://gitlab.com/gitlab-org/gitlab/-/blob/68dac188ec6b1b03d53365e7579422f44cbe7a1c/config/gitlab.yml.example#L469-476), set
the configuration options as follows:

2
doc/administration/pages/index.md
View File

@ -60,7 +60,7 @@ Before proceeding with the Pages configuration, you must:
1. Configure a **wildcard DNS record**.
1. Optional. Have a **wildcard certificate** for that domain if you decide to
serve Pages under HTTPS.
1. Optional but recommended. Enable [Shared runners](../../ci/runners/index.md)
1. Optional but recommended. Enable [instance runners](../../ci/runners/index.md)
so that your users don't have to bring their own.
1. For custom domains, have a **secondary IP**.

2
doc/administration/pages/source.md
View File

@ -60,7 +60,7 @@ Before proceeding with the Pages configuration, make sure that:
Pages artifacts.
- Optional. You have a **wildcard certificate** for the Pages domain if you
decide to serve Pages (`*.example.io`) under HTTPS.
- Optional but recommended. You have configured and enabled the [shared runners](../../ci/runners/index.md)
- Optional but recommended. You have configured and enabled the [instance runners](../../ci/runners/index.md)
so your users don't have to bring their own.
### DNS configuration

20
doc/administration/settings/continuous_integration.md
View File

@ -31,18 +31,18 @@ From now on, every existing project and newly created ones that don't have a
If you want to disable it for a specific project, you can do so in
[its settings](../../topics/autodevops/index.md#enable-or-disable-auto-devops).
## Enable shared runners for new projects
## Enable instance runners for new projects
You can set all new projects to have the instance's shared runners available by default.
You can set all new projects to have instance runners available by default.
1. On the left sidebar, at the bottom, select **Admin Area**.
1. Select **Settings > CI/CD**.
1. Expand **Continuous Integration and Deployment**.
1. Select the **Enable shared runners for new projects** checkbox.
1. Select the **Enable instance runners for new projects** checkbox.
Any time a new project is created, the shared runners are available.
Any time a new project is created, the instance runners are available.
## Shared runners compute quota
## Instance runners compute quota
As an administrator you can set either a global or namespace-specific
limit on the number of [compute minutes](../../ci/pipelines/cicd_minutes.md) you can use.
@ -62,17 +62,15 @@ To enable a project runner for more than one project:
1. To the left of the project, select **Enable**.
1. Repeat this process for each additional project.
## Add a message for shared runners
## Add a message for instance runners
To display details about the instance's shared runners in all projects'
To display details about the instance runners in all projects'
runner settings:
1. On the left sidebar, at the bottom, select **Admin Area**.
1. Select **Settings > CI/CD**.
1. Expand **Continuous Integration and Deployment**.
1. Enter text, including Markdown if you want, in the **Shared runner details** field. For example:
![Shared runner details input](img/continuous_integration_shared_runner_details_input_v14_10.png)
1. Enter text, including Markdown if you want, in the **Instance runner details** field.
To view the rendered details:
@ -80,7 +78,7 @@ To view the rendered details:
1. Select **Settings > CI/CD**.
1. Expand **Runners**.
![Shared runner details example](img/continuous_integration_shared_runner_details_v14_10.png)
![Instance runner details example](img/continuous_integration_shared_runner_details_v14_10.png)
## Maximum artifacts size

BIN
doc/administration/settings/img/continuous_integration_shared_runner_details_input_v14_10.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 10 KiB

23
doc/api/graphql/reference/index.md
View File

@ -2064,6 +2064,29 @@ Input type: `BranchRuleCreateInput`
| <a id="mutationbranchrulecreateclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
| <a id="mutationbranchrulecreateerrors"></a>`errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. |
### `Mutation.branchRuleDelete`
NOTE:
**Introduced** in 16.9.
**Status**: Experiment.
Input type: `BranchRuleDeleteInput`
#### Arguments
| Name | Type | Description |
| ---- | ---- | ----------- |
| <a id="mutationbranchruledeleteclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
| <a id="mutationbranchruledeleteid"></a>`id` | [`ProjectsBranchRuleID!`](#projectsbranchruleid) | Global ID of the branch rule to destroy. |
#### Fields
| Name | Type | Description |
| ---- | ---- | ----------- |
| <a id="mutationbranchruledeletebranchrule"></a>`branchRule` | [`BranchRule`](#branchrule) | Branch rule after mutation. |
| <a id="mutationbranchruledeleteclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
| <a id="mutationbranchruledeleteerrors"></a>`errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. |
### `Mutation.branchRuleUpdate`
NOTE:

4
doc/api/member_roles.md
View File

@ -75,7 +75,7 @@ Example response:
{
"id": 2,
"name": "Custom + code",
"description: "Custom guest that can read code",
"description": "Custom guest that can read code",
"group_id": 84,
"base_access_level": 10,
"admin_merge_request": false,
@ -92,7 +92,7 @@ Example response:
{
"id": 3,
"name": "Guest + security",
"description: "Custom guest that read and admin security entities",
"description": "Custom guest that read and admin security entities",
"group_id": 84,
"base_access_level": 10,
"admin_vulnerability": true,

4
doc/api/runners.md
View File

@ -471,7 +471,7 @@ Example response:
## List project's runners
List all runners available in the project, including from ancestor groups and [any allowed shared runners](../ci/runners/runners_scope.md#enable-shared-runners-for-a-project).
List all runners available in the project, including from ancestor groups and [any allowed shared runners](../ci/runners/runners_scope.md#enable-instance-runners-for-a-project).
```plaintext
GET /projects/:id/runners
@ -590,7 +590,7 @@ curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" "https://git
## List group's runners
List all runners available in the group as well as its ancestor groups, including [any allowed shared runners](../ci/runners/runners_scope.md#enable-shared-runners-for-a-group).
List all runners available in the group as well as its ancestor groups, including [any allowed shared runners](../ci/runners/runners_scope.md#enable-instance-runners-for-a-group).
```plaintext
GET /groups/:id/runners

84
doc/architecture/blueprints/ci_build_speed/benchmark.md Normal file
View File

@ -0,0 +1,84 @@
---
status: ongoing
creation-date: "2024-01-12"
authors: [ "@grzesiek" ]
coach: "@grzesiek"
approvers: [ "@gabrielengel_gl"]
---
# CI Build Speed Benchmarking Framework
In order to understand how GitLab CI performs in terms of CI build speed, we
plan to build CI Build Speed Benchmarking Framework.
## Benchmark
In order to run the benchmark, we will:
1. Install the benchmarking tool.
1. Start the tool.
1. Runs scenarios.
1. Report results back to GitLab data warehouse.
In the first iteration, we will focus on measuring the speed of GitLab CI, GitHub Actions, and CircleCI.
## Principles
There are a few design principles we should abide by:
1. Make it CI-platform agnostic. Can run on any Continuous Integration platform.
1. Do not depend on any specific technology that might not be available on some platforms.
1. Easy installation setup, not requiring many dependencies. Zero-dependency would be ideal.
1. Send results back to GitLab through an HTTP request, unless there is a better way.
1. Read as much data about the environment running a build and send details in the telemetry.
## Benchmarking: Client Side
The benchmarking tool should be able to measure every step of CI build
execution:
1. Time from build requested to scenario execution started.
1. Monotonic time to execute each of the steps of the scenario.
1. Thread time to execute each of the steps of the scenario.
1. Time required to report results back to GitLab.
Ideally the tool could collect this data in the
[Open Telemetry Tracing](https://opentelemetry.io/docs/specs/otel/trace/api/)
format.
### Go-based tool
One of the solutions that could meet the requirements / principles listed
above, could be a Go-based binary, which would be installed on different CI
platform using `wget` / `curl` or in a different convinient way. The benefits
of using the binary are:
1. Easy installation method, without the need to use containers.
1. Few external dependencies for a statically-linked binary.
1. Many libraries available, for tracing or HTTP / API integrations.
1. Multi-threaded execution mode that broadens benchmarking scope.
1. Expressive language that can make it easier to maintain the scenarios.
### Benchmarking: Server Side
## Pipelines scheduler
In order to run the benchmark a new build / pipeline / job will have to be
started on a continuous integration platform under test. Some platforms support
scheduled pipelines, but this could make it difficult to measure the build
start-up time. On alternative to consider during the implementation is to start
pipelines using API trigger endpoints. Most of the CI platforms support this
way of running pipelines, and we could pass the start-up time / pipeline
creation request time in an argument, that then will be consumed by the
benchmarking tool, and forwarded to the data warehouse along with the build
benchmark telemetry.
## Data warehouse
The server side, that will receive benchmarking telemetry, will eventually need
to forward the data to a data warehouse, in which we will be able to visualize
results, like Kibana or our Observability / Tracing tooling.
Before doing that, it could be advisable to persist the payload in object
storage, just in case we need to migrate historical entries to a different data
warehouse later on.

73
doc/architecture/blueprints/ci_build_speed/index.md Normal file
View File

@ -0,0 +1,73 @@
---
status: ongoing
creation-date: "2024-01-12"
authors: [ "@grzesiek" ]
coach: "@grzesiek"
approvers: [ "@gabrielengel_gl"]
---
<!-- vale gitlab.FutureTense = NO -->
# CI/CD Build Speed
## Summary
GitLab CI is a Continuous Integration platform which is widely used to run a
variety of jobs, builds, pipelines. It was [integrated into GitLab in September 2015](https://about.gitlab.com/releases/2015/09/22/gitlab-8-0-released/)
and has become [one of the most beloved CI/CD solutions](https://about.gitlab.com/blog/2017/09/27/gitlab-leader-continuous-integration-forrester-wave/).
With years we've added a lot of new features and code to the GitLab CI
platform. In order to retain the "one of the most beloved solutions" status, we
also need keep attention to making it fast, reliable and secure. This design
doc is describing the path towards the former: making GitLab CI fast by
improving CI build speed.
## Goals
1. Establish a CI Speed Benchmark, used to compare GitLab CI to other platforms.
1. Build CI Benchmark Framework to measure the GitLab CI speed over the long term.
1. Describe next steps for improving GitLab CI Build Speed.
## Proposal
### CI Speed Benchmark
First, we plan to build a [CI Speed Benchmark](benchmark.md) solution, that
will allow us to run specific scenarios on various CI/CD platform and ingest
results into our data warehouse.
This will make it possible to define a baseline of the CI Build Speed for many
different scenarios and track the progress we, and other providers, are making
over time.
The core part of this goal is to define a set of scenarios that will allow us
to build a proxy metrics for build speed. For example, we could run following
scenarios:
1. Time to first byte of build log for `echo "Hello World"` build.
1. Time to result to perform a CPU-intensive cryptographic operation.
1. Time to result to perform a memory-intensive for a given amount of bytes.
1. Time to result to build a Linux kernel.
The scenarios should be idempotent and deterministic.
In the first iteration, we will only focus on the total job execution time, and not go into detail e.g. comparing specific startup times.
### CI Benchmark Framework
Once we define scenarios that we want to implement, we should build a
[CI Benchmark Framework](benchmark.md). The framework will be used to run
scenarios in a Continuous Integration environment, and to send the results back
to our data warehouse, for analysis and comparison.
The main principles behind design choices for the framework, are:
1. Make it CI-platform agnostic. Can run on any Continuous Integration platform.
1. Do not depend on any specific technology that might not be available on some platforms.
1. Easy installation setup, not requiring many dependencies. Zero-dependency would be ideal.
1. Send results back to GitLab through an HTTP request, unless there is a better way.
#### Improve CI Build Speed
Once we can measure CI Build Speed, improving it can be possible. We will
define the next steps for improving the speed once we have initial results.

2
doc/architecture/blueprints/gitlab_services/index.md
View File

@ -110,7 +110,7 @@ and grouping it by the **name** of the environments. For example:
classDiagram
Group "1" o-- "*" Project : There may be multiple projects with services in a group
Project "1" <.. "*" Service : A service is part of a project
Project "1" <.. "*" Environment :
Project "1" <.. "*" Environment : An environment is part of project
Environment "*" .. "*" Service : A service is linked to 1+ environments
Service "1" <|-- "*" ReleaseArtifact : A release artifact packages a specific version of a service
ReleaseArtifact "1" <|-- "*" Deployment : A release artifact can be deployed

2
doc/ci/caching/index.md
View File

@ -60,7 +60,7 @@ For runners to work with caches efficiently, you must do one of the following:
- Use a single runner for all your jobs.
- Use multiple runners that have
[distributed caching](https://docs.gitlab.com/runner/configuration/autoscale.html#distributed-runners-caching),
where the cache is stored in S3 buckets. Shared runners on GitLab.com behave this way. These runners can be in autoscale mode,
where the cache is stored in S3 buckets. Instance runners on GitLab.com behave this way. These runners can be in autoscale mode,
but they don't have to be. To manage cache objects,
apply lifecycle rules to delete the cache objects after a period of time.
Lifecycle rules are available on the object storage server.

2
doc/ci/cloud_services/index.md
View File

@ -50,7 +50,7 @@ review for the pipeline, focusing on the additional access. For more information
- Removes the need to store secrets in your GitLab group or project. Temporary credentials can be retrieved from your cloud provider through OIDC.
- Provides temporary access to cloud resources with granular GitLab conditionals including a group, project, branch, or tag.
- Enables you to define separation of duties in the CI/CD job with conditional access to environments. Historically, apps may have been deployed with a designated GitLab Runner that had only access to staging or production environments. This led to Runner sprawl as each machine had dedicated permissions.
- Allows shared runners to securely access multiple cloud accounts. The access is determined by the JWT token, which is specific to the user running the pipeline.
- Allows instance runners to securely access multiple cloud accounts. The access is determined by the JWT token, which is specific to the user running the pipeline.
- Removes the need to create logic to rotate secrets by retrieving temporary credentials by default.
## How it works

4
doc/ci/docker/using_docker_build.md
View File

@ -92,7 +92,7 @@ The Docker image includes all of the `docker` tools and can run
the job script in context of the image in privileged mode.
You should use Docker-in-Docker with TLS enabled,
which is supported by [GitLab.com shared runners](../runners/index.md).
which is supported by [GitLab.com instance runners](../runners/index.md).
You should always pin a specific version of the image, like `docker:24.0.5`.
If you use a tag like `docker:latest`, you have no control over which version is used.
@ -638,7 +638,7 @@ When using Docker-in-Docker, Docker downloads all layers of your image every tim
## Use the OverlayFS driver
NOTE:
The shared runners on GitLab.com use the `overlay2` driver by default.
The instance runners on GitLab.com use the `overlay2` driver by default.
By default, when using `docker:dind`, Docker uses the `vfs` storage driver, which
copies the file system on every run. You can avoid this disk-intensive operation by using a different driver, for example `overlay2`.

2
doc/ci/docker/using_docker_images.md
View File

@ -228,7 +228,7 @@ To define which option should be used, the runner process reads the configuratio
in GitLab Runner 13.1 and later.
- [Credentials Store](#use-a-credentials-store) and [Credential Helpers](#use-credential-helpers)
require binaries to be added to the GitLab Runner `$PATH`, and require access to do so. Therefore,
these features are not available on shared runners, or any other runner where the user does not
these features are not available on instance runners, or any other runner where the user does not
have access to the environment where the runner is installed.
### Use statically-defined credentials

2
doc/ci/docker/using_kaniko.md
View File

@ -148,7 +148,7 @@ The [Least Privilege Container Builds with Kaniko on GitLab](https://www.youtube
video is a walkthrough of the [Kaniko Docker Build](https://gitlab.com/guided-explorations/containers/kaniko-docker-build)
Guided Exploration project pipeline. It was tested on:
- [GitLab.com shared runners](../runners/index.md)
- [GitLab.com instance runners](../runners/index.md)
- [The Kubernetes runner executor](https://docs.gitlab.com/runner/executors/kubernetes.html)
The example can be copied to your own group or instance for testing. More details

2
doc/ci/examples/php.md
View File

@ -273,7 +273,7 @@ gitlab-runner exec shell test:app
We have set up an [Example PHP Project](https://gitlab.com/gitlab-examples/php) for your convenience
that runs on [GitLab.com](https://gitlab.com) using our publicly available
[shared runners](../runners/index.md).
[instance runners](../runners/index.md).
Want to hack on it? Fork it, commit, and push your changes. Within a few
moments the changes are picked by a public runner and the job begins.

2
doc/ci/interactive_web_terminal/index.md
View File

@ -20,7 +20,7 @@ is deployed, some [security precautions](../../administration/integration/termin
taken to protect the users.
NOTE:
[Shared runners on GitLab.com](../runners/index.md) do not
[Instance runners on GitLab.com](../runners/index.md) do not
provide an interactive web terminal. Follow
[this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/24674) for progress on
adding support. For groups and projects hosted on GitLab.com, interactive web

2
doc/ci/migration/circleci.md
View File

@ -285,7 +285,7 @@ Self-managed runners:
- Windows
- macOS
GitLab.com shared runners:
GitLab.com instance runners:
- Linux
- [Windows](../runners/saas/windows_saas_runner.md) ([Beta](../../policy/experiment-beta-support.md#beta)).

2
doc/ci/migration/examples/jenkins-maven.md
View File

@ -159,7 +159,7 @@ It also increases flexibility for expanding and extending the functionality of t
Prerequisites:
- A GitLab Runner with the Docker executor that can be used by the project.
If you are using GitLab.com, you can use the public shared runners.
If you are using GitLab.com, you can use the public instance runners.
This migrated pipeline configuration consists of three global keywords (`stages`, `default`, and `variables`)
followed by 3 jobs. This configuration makes use of additional GitLab CI/CD features

2
doc/ci/migration/github_actions.md
View File

@ -464,7 +464,7 @@ deploy_staging:
#### Runners
Runners are the services that execute jobs. If you are using GitLab.com, you can use the
[shared runner fleet](../runners/index.md) to run jobs without provisioning your own self-managed runners.
[instance runner fleet](../runners/index.md) to run jobs without provisioning your own self-managed runners.
Some key details about runners:

2
doc/ci/migration/jenkins.md
View File

@ -475,7 +475,7 @@ deploy_staging:
#### Runners
Like Jenkins agents, GitLab runners are the hosts that run jobs. If you are using GitLab.com,
you can use the [shared runner fleet](../runners/index.md) to run jobs without provisioning
you can use the [instance runner fleet](../runners/index.md) to run jobs without provisioning
your own runners.
To convert a Jenkins agent for use with GitLab CI/CD, uninstall the agent and then

24
doc/ci/pipelines/cicd_minutes.md
View File

@ -17,7 +17,7 @@ NOTE:
The term `CI/CD minutes` is being renamed to `compute minutes`. During this transition, you might see references in the UI and documentation to `CI/CD minutes`, `CI minutes`, `pipeline minutes`, `CI pipeline minutes`, `pipeline minutes quota`, `compute credits`, `compute units`, and `compute minutes`. For more information, see [epic 2150](https://gitlab.com/groups/gitlab-com/-/epics/2150).
Administrators can limit the amount of time that projects can use to run jobs on
[shared runners](../runners/runners_scope.md#shared-runners) each month. This limit
[instance runners](../runners/runners_scope.md#instance-runners) each month. This limit
is tracked with a compute quota.
By default, one minute of execution time by a single job uses
@ -106,7 +106,7 @@ Prerequisites:
### View Usage Quota Reports for a group
> - Displaying shared runners duration per project [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/355666) in GitLab 15.0.
> - Displaying instance runners duration per project [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/355666) in GitLab 15.0.
Prerequisites:
@ -119,13 +119,13 @@ To view compute usage for your group:
1. Select **Settings > Usage Quotas**.
1. Select the **Pipelines** tab.
The projects list shows projects with compute usage or shared runners usage
The projects list shows projects with compute usage or instance runners usage
in the current month only. The list includes all projects in the namespace and its
subgroups, sorted in descending order of compute usage.
### View Usage Quota reports for a personal namespace
> - Displaying shared runners duration [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/345795) in GitLab 15.0.
> - Displaying instance runners duration [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/345795) in GitLab 15.0.
Prerequisites:
@ -138,7 +138,7 @@ You can view the compute usage for a personal namespace:
1. On the left sidebar, select **Usage Quotas**.
The projects list shows [personal projects](../../user/project/working_with_projects.md#view-personal-projects)
with compute usage or shared runners usage in the current month only. The list
with compute usage or instance runners usage in the current month only. The list
is sorted in descending order of compute usage.
## Purchase additional compute minutes
@ -221,7 +221,7 @@ GitLab uses this formula to calculate the compute usage of a job:
Job duration * Cost factor
```
- **Job duration**: The time, in seconds, that a job took to run on a shared runner,
- **Job duration**: The time, in seconds, that a job took to run on a instance runner,
not including time spent in the `created` or `pending` statuses.
- [**Cost factor**](#cost-factor): A number based on project visibility.
@ -241,7 +241,7 @@ can be higher than the end-to-end duration of a pipeline.
### Cost factor
The cost factors for jobs running on shared runners on GitLab.com are:
The cost factors for jobs running on instance runners on GitLab.com are:
- `1` for internal, public, and private projects.
- Exceptions for public projects:
@ -257,8 +257,8 @@ The cost factors on self-managed instances are:
#### Cost factor for community contributions to GitLab projects
Community contributors can use up to 300,000 minutes on shared runners when contributing to open source projects
maintained by GitLab. The maximum of 300,000 minutes would only be possible if contributing exclusively to projects [part of the GitLab product](https://handbook.gitlab.com/handbook/engineering/metrics/#projects-that-are-part-of-the-product). The total number of minutes available on shared runners
Community contributors can use up to 300,000 minutes on instance runners when contributing to open source projects
maintained by GitLab. The maximum of 300,000 minutes would only be possible if contributing exclusively to projects [part of the GitLab product](https://handbook.gitlab.com/handbook/engineering/metrics/#projects-that-are-part-of-the-product). The total number of minutes available on instance runners
is reduced by the compute minutes used by pipelines from other projects.
The 300,000 minutes applies to all SaaS tiers, and the cost factor calculation is:
@ -297,7 +297,7 @@ GitLab SaaS runners have different cost factors, depending on the runner type (L
### Monthly reset of compute usage
On the first day of each calendar month, the accumulated compute usage is reset to `0`
for all namespaces that use shared runners. This means your full quota is available, and
for all namespaces that use instance runners. This means your full quota is available, and
calculations start again from `0`.
For example, if you have a monthly quota of `10,000` compute minutes:
@ -327,7 +327,7 @@ Additional compute minutes are a one-time purchase and do not renew or refresh e
When the compute quota is used for the current month, GitLab stops
processing new jobs.
- Any non-running job that should be picked by shared runners is automatically dropped.
- Any non-running job that should be picked by instance runners is automatically dropped.
- Any job being retried is automatically dropped.
- Any running job can be dropped at any point if the overall namespace usage goes over-quota
by a grace period.
@ -349,7 +349,7 @@ On GitLab SaaS an in-app banner is displayed and an email notification sent to t
In some cases, the quota limit is replaced by one of the following labels:
- **Unlimited**: For namespaces with unlimited compute quota.
- **Not supported**: For namespaces where active shared runners are not enabled.
- **Not supported**: For namespaces where active instance runners are not enabled.
## Reduce compute quota usage

2
doc/ci/quick_start/index.md
View File

@ -30,7 +30,7 @@ To create and run your first pipeline:
1. [Ensure you have runners available](#ensure-you-have-runners-available) to run your jobs.
If you're using GitLab.com, you can skip this step. GitLab.com provides shared runners for you.
If you're using GitLab.com, you can skip this step. GitLab.com provides instance runners for you.
1. [Create a `.gitlab-ci.yml` file](#create-a-gitlab-ciyml-file)
at the root of your repository. This file is where you define the CI/CD jobs.

32
doc/ci/runners/configure_runners.md
View File

@ -21,13 +21,13 @@ You can specify a maximum job timeout for each runner to prevent projects
with longer job timeouts from using the runner. The maximum job timeout is
used of it is shorter than the job timeout defined in the project.
### For a shared runner
### For an instance runner
Prerequisites:
- You must be an administrator.
On GitLab.com, you cannot override the job timeout for shared runners and must use the [project defined timeout](../pipelines/settings.md#set-a-limit-for-how-long-jobs-can-run) instead.
On GitLab.com, you cannot override the job timeout for instance runners and must use the [project defined timeout](../pipelines/settings.md#set-a-limit-for-how-long-jobs-can-run) instead.
To set the maximum job timeout:
@ -131,28 +131,28 @@ job-artifact-upload-on-timeout:
## Protecting sensitive information
To avoid exposing sensitive information, you can restrict the usage
of shared runners on large GitLab instances. This ensures that you
of instance runners on large GitLab instances. This ensures that you
control access to your GitLab instances and secure [runner executors](https://docs.gitlab.com/runner/executors/).
If certain executors run a job, the file system, the code the runner executes,
and the runner authentication token may be exposed. This means that anyone who runs jobs
on a _shared runner_ can access another user's code that runs on the runner.
on an _instance runner_ can access another user's code that runs on the runner.
Users with access to the runner authentication token can use it to create a clone of
a runner and submit false jobs in a vector attack. For more information, see [Security Considerations](https://docs.gitlab.com/runner/security/).
### Using shared runners in forked projects
### Using instance runners in forked projects
When a project is forked, the job settings related to jobs are copied. If you have shared runners
configured for a project and a user forks that project, the shared runners serve jobs of this project.
When a project is forked, the job settings related to jobs are copied. If you have instance runners
configured for a project and a user forks that project, the instance runners serve jobs of this project.
Due to a [known issue](https://gitlab.com/gitlab-org/gitlab/-/issues/364303), if the runner settings
of the forked project does not match the new project namespace, the following message displays:
`An error occurred while forking the project. Please try again.`.
To work around this issue, ensure that the shared runner settings are consistent in the forked project and the new namespace.
To work around this issue, ensure that the instance runner settings are consistent in the forked project and the new namespace.
- If shared runners are **enabled** on the forked project, then this should also be **enabled** on the new namespace.
- If shared runners are **disabled** on the forked project, then this should also be **disabled** on the new namespace.
- If instance runners are **enabled** on the forked project, then this should also be **enabled** on the new namespace.
- If instance runners are **disabled** on the forked project, then this should also be **disabled** on the new namespace.
### Reset the runner registration token for a project (deprecated)
@ -202,11 +202,11 @@ If a runner authentication token is revealed, an attacker could use the token to
To reset the runner authentication token:
1. Delete the runner:
- [Delete a shared runner](runners_scope.md#delete-shared-runners).
- [Delete an instance runner](runners_scope.md#delete-instance-runners).
- [Delete a group runner](runners_scope.md#delete-a-group-runner).
- [Delete a project runner](runners_scope.md#delete-a-project-runner).
1. Create a new runner so that it is assigned a new runner authentication token:
- [Create a shared runner](runners_scope.md#create-a-shared-runner-with-a-runner-authentication-token).
- [Create an instance runner](runners_scope.md#create-an-instance-runner-with-a-runner-authentication-token).
- [Create a group runner](runners_scope.md#create-a-group-runner-with-a-runner-authentication-token).
- [Create a project runner](runners_scope.md#create-a-project-runner-with-a-runner-authentication-token).
1. Optional. To verify that the previous runner authentication token has been revoked, use the [Runners API](../../api/runners.md#verify-authentication-for-a-registered-runner).
@ -238,7 +238,7 @@ on [protected branches](../../user/project/protected_branches.md), or jobs that
Runners configured to run jobs on protected branches cannot run jobs in [merge request pipelines](../pipelines/merge_request_pipelines.md).
### For a shared runner
### For an instance runner
Prerequisites:
@ -284,7 +284,7 @@ Rails test suites.
GitLab CI/CD tags are different to Git tags. GitLab CI/CD tags are associated with runners.
Git tags are associated with commits.
### For a shared runner
### For an instance runner
Prerequisites:
@ -863,9 +863,9 @@ variables:
You can set them globally or per-job in the [`variables`](../yaml/index.md#variables) section.
## System calls not available on GitLab.com shared runners
## System calls not available on GitLab.com instance runners
GitLab.com shared runners run on CoreOS. This means that you cannot use some system calls, like `getlogin`, from the C standard library.
GitLab.com instance runners run on CoreOS. This means that you cannot use some system calls, like `getlogin`, from the C standard library.
## Artifact and cache settings

2
doc/ci/runners/new_creation_workflow.md
View File

@ -63,7 +63,7 @@ workflow will break.
To avoid a broken workflow, you must:
1. [Create a shared runner](runners_scope.md#create-a-shared-runner-with-a-runner-authentication-token) and obtain the authentication token.
1. [Create an instance runner](runners_scope.md#create-an-instance-runner-with-a-runner-authentication-token) and obtain the authentication token.
1. Replace the registration token in your runner registration workflow with the
authentication token.

101
doc/ci/runners/runners_scope.md
View File

@ -12,32 +12,31 @@ DETAILS:
GitLab Runner has the following types of runners, which are available based on who you want to have access:
- [Shared runners](#shared-runners) are available to all groups and projects in a GitLab instance.
- [Instance runners](#instance-runners) are available to all groups and projects in a GitLab instance.
- [Group runners](#group-runners) are available to all projects and subgroups in a group.
- [Project runners](#project-runners) are associated with specific projects.
Typically, project runners are used by one project at a time.
## Shared runners
## Instance runners
*Shared runners* are available to every project in a GitLab instance.
*Instance runners* are available to every project in a GitLab instance.
Use shared runners when you have multiple jobs with similar requirements. Rather than
Use instance runners when you have multiple jobs with similar requirements. Rather than
having multiple runners idling for many projects, you can have a few runners that handle
multiple projects.
If you are using a self-managed instance of GitLab:
If you are using a self-managed instance of GitLab, administrators can:
- Your administrator can [install GitLab Runner](https://docs.gitlab.com/runner/install/index.html) and register a shared runner.
- The administrator can also configure a maximum number of shared runner
[compute minutes for each group](../pipelines/cicd_minutes.md#set-the-compute-quota-for-a-specific-namespace).
- [Install GitLab Runner](https://docs.gitlab.com/runner/install/index.html) and register an instance runner.
- Configure a maximum number of instance runner [compute minutes for each group](../pipelines/cicd_minutes.md#set-the-compute-quota-for-a-specific-namespace).
If you are using GitLab.com:
- You can select from a list of [shared runners that GitLab maintains](index.md).
- The shared runners consume the [compute minutes](../pipelines/cicd_minutes.md)
- You can select from a list of [instance runners that GitLab maintains](index.md).
- The instance runners consume the [compute minutes](../pipelines/cicd_minutes.md)
included with your account.
### Create a shared runner with a runner authentication token
### Create an instance runner with a runner authentication token
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/383139) in GitLab 15.10. Deployed behind the `create_runner_workflow_for_admin` [flag](../../administration/feature_flags.md)
> - [Enabled by default](https://gitlab.com/gitlab-org/gitlab/-/issues/389269) in GitLab 16.0.
@ -49,7 +48,7 @@ Prerequisites:
When you create a runner, it is assigned a runner authentication token that you use to register it. The runner uses the token to authenticate with GitLab when picking up jobs from the job queue.
To create a shared runner:
To create an instance runner:
1. On the left sidebar, at the bottom, select **Admin Area**.
1. Select **CI/CD > Runners**.
@ -73,7 +72,7 @@ NOTE:
The runner authentication token displays in the UI for a limited period of time during registration. After you register the runner,
the authentication token is stored in the `config.toml`.
### Create a shared runner with a registration token (deprecated)
### Create an instance runner with a registration token (deprecated)
WARNING:
The ability to pass a runner registration token, and support for certain configuration arguments was
@ -84,7 +83,7 @@ Prerequisites:
- You must be an administrator.
To create a shared runner:
To create an instance runner:
1. On the left sidebar, at the bottom, select **Admin Area**.
1. Select **CI/CD > Runners**.
@ -92,7 +91,7 @@ To create a shared runner:
1. Copy the registration token.
1. [Register the runner](https://docs.gitlab.com/runner/register/#register-with-a-runner-registration-token-deprecated).
### Pause or resume a shared runner
### Pause or resume an instance runner
Prerequisites:
@ -107,92 +106,92 @@ You can pause a runner so that it does not accept jobs from groups and projects
- To pause the runner, select **Pause** (**{pause}**).
- To resume the runner, select **Resume** (**{play}**).
### Delete shared runners
### Delete instance runners
Prerequisites:
- You must be an administrator.
When you delete a shared runner, it is permanently deleted from the GitLab instance and can
When you delete an instance runner, it is permanently deleted from the GitLab instance and can
no longer be used by groups and projects. If you want to temporarily stop the runner from accepting
jobs, you can [pause](#pause-or-resume-a-shared-runner) the runner instead.
jobs, you can [pause](#pause-or-resume-an-instance-runner) the runner instead.
To delete a single or multiple shared runners:
To delete a single or multiple instance runners:
1. On the left sidebar, at the bottom, select **Admin Area**.
1. Select **CI/CD > Runners**.
1. In the search box, enter the runner description or filter the list of runners.
1. Delete the shared runner:
1. Delete the instance runner:
- To delete a single runner, next to the runner, select **Delete runner** (**{remove}**).
- To delete multiple shared runners, select the checkbox for each runner and select **Delete selected**.
- To delete multiple instance runners, select the checkbox for each runner and select **Delete selected**.
- To delete all runners, select the checkbox at the top of the runner list and select **Delete selected**.
1. Select **Permanently delete runner**.
### Enable shared runners for a project
### Enable instance runners for a project
On GitLab.com, [shared runners](index.md) are enabled in all projects by
On GitLab.com, [instance runners](index.md) are enabled in all projects by
default.
On self-managed instances of GitLab, an administrator can
[enable them for all new projects](../../administration/settings/continuous_integration.md#enable-shared-runners-for-new-projects).
[enable them for all new projects](../../administration/settings/continuous_integration.md#enable-instance-runners-for-new-projects).
For existing projects, an administrator must
[install](https://docs.gitlab.com/runner/install/index.html) and
[register](https://docs.gitlab.com/runner/register/index.html) them.
To enable shared runners for a project:
To enable instance runners for a project:
1. On the left sidebar, select **Search or go to** and find your project.
1. Select **Settings > CI/CD**.
1. Expand **Runners**.
1. Turn on the **Enable shared runners for this project** toggle.
1. Turn on the **Enable instance runners for this project** toggle.
### Enable shared runners for a group
### Enable instance runners for a group
To enable shared runners for a group:
To enable instance runners for a group:
1. On the left sidebar, select **Search or go to** and find your group.
1. Select **Settings > CI/CD**.
1. Expand **Runners**.
1. Turn on the **Enable shared runners for this group** toggle.
1. Turn on the **Enable instance runners for this group** toggle.
### Disable shared runners for a project
### Disable instance runners for a project
You can disable shared runners for individual projects or for groups.
You can disable instance runners for individual projects or for groups.
You must have the Owner role for the project
or group.
To disable shared runners for a project:
To disable instance runners for a project:
1. On the left sidebar, select **Search or go to** and find your project.
1. Select **Settings > CI/CD**.
1. Expand **Runners**.
1. In the **Shared runners** area, turn off the **Enable shared runners for this project** toggle.
1. In the **Instance runners** area, turn off the **Enable instance runners for this project** toggle.
Shared runners are automatically disabled for a project:
instance runners are automatically disabled for a project:
- If the shared runners setting for the parent group is disabled, and
- If the instance runners setting for the parent group is disabled, and
- If overriding this setting is not permitted at the project level.
### Disable shared runners for a group
### Disable instance runners for a group
To disable shared runners for a group:
To disable instance runners for a group:
1. On the left sidebar, select **Search or go to** and find your group.
1. Select **Settings > CI/CD**.
1. Expand **Runners**.
1. Turn off the **Enable shared runners for this group** toggle.
1. Optional. To allow shared runners to be enabled for individual projects or subgroups,
1. Turn off the **Enable instance runners for this group** toggle.
1. Optional. To allow instance runners to be enabled for individual projects or subgroups,
select **Allow projects and subgroups to override the group setting**.
### How shared runners pick jobs
### How instance runners pick jobs
Shared runners process jobs by using a fair usage queue. This queue prevents
Instance runners process jobs by using a fair usage queue. This queue prevents
projects from creating hundreds of jobs and using all available
shared runner resources.
instance runner resources.
The fair usage queue algorithm assigns jobs based on the projects that have the
fewest number of jobs already running on shared runners.
fewest number of jobs already running on instance runners.
For example, if these jobs are in the queue:
@ -314,7 +313,7 @@ those that are inherited from the instance or other groups.
By default, only those that are inherited are shown.
To show all runners available in the instance, including shared runners and
To show all runners available in the instance, including instance runners and
those in other groups:
1. On the left sidebar, select **Search or go to** and find your group.
@ -356,7 +355,7 @@ To delete a single or multiple group runners:
1. In the search box, enter the runner description or filter the list of runners.
1. Delete the group runner:
- To delete a single runner, next to the runner, select **Delete runner** (**{remove}**).
- To delete multiple shared runners, select the checkbox for each runner and select **Delete selected**.
- To delete multiple instance runners, select the checkbox for each runner and select **Delete selected**.
- To delete all runners, select the checkbox at the top of the runner list and select **Delete selected**.
1. Select **Permanently delete runner**.
@ -424,7 +423,7 @@ must be enabled for each project explicitly.
Project runners process jobs by using a first in, first out ([FIFO](https://en.wikipedia.org/wiki/FIFO_(computing_and_electronics))) queue.
NOTE:
Project runners do not get shared with forked projects automatically.
Project runners do not get instance with forked projects automatically.
A fork *does* copy the CI/CD settings of the cloned repository.
### Create a project runner with a runner authentication token
@ -562,7 +561,7 @@ To lock or unlock a project runner:
find the project where you want to enable the runner.
1. Select **Settings > CI/CD**.
1. Expand **Runners**.
1. Find the project runner you want to lock or unlock. Make sure it's enabled. You cannot lock shared or group runners.
1. Find the project runner you want to lock or unlock. Make sure it's enabled. You cannot lock instance or group runners.
1. Select **Edit** (**{pencil}**).
1. Select the **Lock to current projects** checkbox.
1. Select **Save changes**.
@ -638,22 +637,22 @@ the source of the HTTP requests it makes to GitLab when polling for jobs. The
IP address is always kept up to date so if the runner IP changes it
automatically updates in GitLab.
The IP address for shared runners and project runners can be found in
The IP address for instance runners and project runners can be found in
different places.
### Determine the IP address of a shared runner
### Determine the IP address of an instance runner
Prerequisites:
- You must have administrator access to the instance.
To determine the IP address of a shared runner:
To determine the IP address of an instance runner:
1. On the left sidebar, at the bottom, select **Admin Area**.
1. Select **CI/CD > Runners**.
1. Find the runner in the table and view the **IP Address** column.
![shared runner IP address](img/shared_runner_ip_address_14_5.png)
![Instance runner IP address](img/shared_runner_ip_address_14_5.png)
### Determine the IP address of a project runner

2
doc/ci/services/mysql.md
View File

@ -131,5 +131,5 @@ GitLab Runner with the Shell executor.
## Example project
To view a MySQL example, create a fork of this [sample project](https://gitlab.com/gitlab-examples/mysql).
This project uses publicly-available [shared runners](../runners/index.md) on [GitLab.com](https://gitlab.com).
This project uses publicly-available [instance runners](../runners/index.md) on [GitLab.com](https://gitlab.com).
Update the README.md file, commit your changes, and view the CI/CD pipeline to see it in action.

2
doc/ci/services/postgres.md
View File

@ -146,7 +146,7 @@ Database: nice_marmot
We have set up an [Example PostgreSQL Project](https://gitlab.com/gitlab-examples/postgres) for your
convenience that runs on [GitLab.com](https://gitlab.com) using our publicly
available [shared runners](../runners/index.md).
available [instance runners](../runners/index.md).
Want to hack on it? Fork it, commit, and push your changes. Within a few
moments the changes are picked by a public runner and the job begins.

2
doc/ci/services/redis.md
View File

@ -70,7 +70,7 @@ Host: localhost
We have set up an [Example Redis Project](https://gitlab.com/gitlab-examples/redis) for your convenience
that runs on [GitLab.com](https://gitlab.com) using our publicly available
[shared runners](../runners/index.md).
[instance runners](../runners/index.md).
Want to hack on it? Fork it, commit and push your changes. Within a few
moments the changes are picked by a public runner and the job begins.

2
doc/ci/testing/code_quality.md
View File

@ -105,7 +105,7 @@ The project quality view displays an overview of the code quality findings. The
Prerequisites:
- GitLab CI/CD configuration (`.gitlab-ci.yml`) must include the `test` stage.
- If you're using shared runners, the Code Quality job must be configured for the
- If you're using instance runners, the Code Quality job must be configured for the
[Docker-in-Docker workflow](../docker/using_docker_build.md#use-docker-in-docker).
- If you're using private runners, you should use an
[alternative configuration](#improve-code-quality-performance-with-private-runners)

1
doc/development/fips_compliance.md
View File

@ -66,7 +66,6 @@ listed here that also do not work properly in FIPS mode:
supports a reduced set of [analyzers](../user/application_security/sast/index.md#fips-enabled-images)
when operating in FIPS-compliant mode.
- Advanced search is currently not included in FIPS mode. It must not be enabled to be FIPS-compliant.
- [Gravatar or Libravatar-based profile images](../administration/libravatar.md) are not FIPS-compliant.
- [Operational Container Scanning](../user/clusters/agent/vulnerabilities.md).
Additionally, these package repositories are disabled in FIPS mode:

Some files were not shown because too many files have changed in this diff Show More