root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2024-09-23 00:11:20 +00:00
parent 2db593d932
commit f1abdd4b54
24 changed files with 289 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/graphql/mutations/design_management/base.rb
View File

@ -9,7 +9,7 @@ module Mutations
required: true,
description: "Project where the issue is to upload designs for."
argument :iid, GraphQL::Types::ID,
argument :iid, GraphQL::Types::ID, # rubocop:disable Graphql/IDType -- Legacy argument using ID type kept for backwards compatibility
required: true,
description: "IID of the issue to modify designs for."

2
app/graphql/resolvers/ci/project_pipeline_resolver.rb
View File

@ -14,7 +14,7 @@ module Resolvers
description: 'Global ID of the Pipeline. For example, "gid://gitlab/Ci::Pipeline/314".',
prepare: ->(pipeline_id, _ctx) { pipeline_id.model_id }
argument :iid, GraphQL::Types::ID,
argument :iid, GraphQL::Types::ID, # rubocop:disable Graphql/IDType -- Legacy argument using ID type kept for backwards compatibility
required: false,
description: 'IID of the Pipeline. For example, "1".'

2
app/graphql/resolvers/deployment_resolver.rb
View File

@ -2,7 +2,7 @@
module Resolvers
class DeploymentResolver < BaseResolver
argument :iid,
argument :iid, # rubocop:disable Graphql/IDType -- Legacy argument using ID type kept for backwards compatibility
GraphQL::Types::ID,
required: true,
description: 'Project-level internal ID of the Deployment.'

2
app/graphql/types/milestone_type.rb
View File

@ -14,7 +14,7 @@ module Types
field :id, GraphQL::Types::ID, null: false,
description: 'ID of the milestone.'
field :iid, GraphQL::Types::ID, null: false,
field :iid, GraphQL::Types::ID, null: false, # rubocop:disable Graphql/IDType -- Legacy argument using ID type kept for backwards compatibility
description: "Internal ID of the milestone."
field :title, GraphQL::Types::String, null: false,

9
db/docs/batched_background_migrations/backfill_milestone_releases_project_id.yml Normal file
View File

@ -0,0 +1,9 @@
---
migration_job_name: BackfillMilestoneReleasesProjectId
description: Backfills sharding key `milestone_releases.project_id` from `releases`.
feature_category: release_orchestration
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/166466
milestone: '17.5'
queued_migration_version: 20240918111138
finalize_after: '2024-10-22'
finalized_by: # version of the migration that finalized this BBM

3
db/docs/milestone_releases.yml
View File

@ -16,4 +16,5 @@ desired_sharding_key:
foreign_key: release_id
table: releases
sharding_key: project_id
belongs_to: release
belongs_to: release
desired_sharding_key_migration_job_name: BackfillMilestoneReleasesProjectId

9
db/migrate/20240918111134_add_project_id_to_milestone_releases.rb Normal file
View File

@ -0,0 +1,9 @@
# frozen_string_literal: true
class AddProjectIdToMilestoneReleases < Gitlab::Database::Migration[2.2]
milestone '17.5'
def change
add_column :milestone_releases, :project_id, :bigint
end
end

16
db/post_migrate/20240918111135_index_milestone_releases_on_project_id.rb Normal file
View File

@ -0,0 +1,16 @@
# frozen_string_literal: true
class IndexMilestoneReleasesOnProjectId < Gitlab::Database::Migration[2.2]
milestone '17.5'
disable_ddl_transaction!
INDEX_NAME = 'index_milestone_releases_on_project_id'
def up
add_concurrent_index :milestone_releases, :project_id, name: INDEX_NAME
end
def down
remove_concurrent_index_by_name :milestone_releases, INDEX_NAME
end
end

16
db/post_migrate/20240918111136_add_milestone_releases_project_id_fk.rb Normal file
View File

@ -0,0 +1,16 @@
# frozen_string_literal: true
class AddMilestoneReleasesProjectIdFk < Gitlab::Database::Migration[2.2]
milestone '17.5'
disable_ddl_transaction!
def up
add_concurrent_foreign_key :milestone_releases, :projects, column: :project_id, on_delete: :cascade
end
def down
with_lock_retries do
remove_foreign_key :milestone_releases, column: :project_id
end
end
end

25
db/post_migrate/20240918111137_add_milestone_releases_project_id_trigger.rb Normal file
View File

@ -0,0 +1,25 @@
# frozen_string_literal: true
class AddMilestoneReleasesProjectIdTrigger < Gitlab::Database::Migration[2.2]
milestone '17.5'
def up
install_sharding_key_assignment_trigger(
table: :milestone_releases,
sharding_key: :project_id,
parent_table: :releases,
parent_sharding_key: :project_id,
foreign_key: :release_id
)
end
def down
remove_sharding_key_assignment_trigger(
table: :milestone_releases,
sharding_key: :project_id,
parent_table: :releases,
parent_sharding_key: :project_id,
foreign_key: :release_id
)
end
end

41
db/post_migrate/20240918111138_queue_backfill_milestone_releases_project_id.rb Normal file
View File

@ -0,0 +1,41 @@
# frozen_string_literal: true
class QueueBackfillMilestoneReleasesProjectId < Gitlab::Database::Migration[2.2]
milestone '17.5'
restrict_gitlab_migration gitlab_schema: :gitlab_main_cell
MIGRATION = "BackfillMilestoneReleasesProjectId"
DELAY_INTERVAL = 2.minutes
BATCH_SIZE = 1000
SUB_BATCH_SIZE = 100
def up
queue_batched_background_migration(
MIGRATION,
:milestone_releases,
:milestone_id,
:project_id,
:releases,
:project_id,
:release_id,
job_interval: DELAY_INTERVAL,
batch_size: BATCH_SIZE,
batch_class_name: 'LooseIndexScanBatchingStrategy',
sub_batch_size: SUB_BATCH_SIZE
)
end
def down
delete_batched_background_migration(
MIGRATION,
:milestone_releases,
:milestone_id,
[
:project_id,
:releases,
:project_id,
:release_id
]
)
end
end

1
db/schema_migrations/20240918111134 Normal file
View File

@ -0,0 +1 @@
f80294496e28fb6c7b5a278e15f64cfc3d8e1e3fa5556fcd7ff8c6b595aba7e4

1
db/schema_migrations/20240918111135 Normal file
View File

@ -0,0 +1 @@
088b61c4370cdc3a9f8d34507d369d41beb76b72fa7ea889701316dbd564b6e8

1
db/schema_migrations/20240918111136 Normal file
View File

@ -0,0 +1 @@
83c8253dc8d504ef92b94ac0f4d62e5a112a0836ff2911745e3ab2ef551ce7dc

1
db/schema_migrations/20240918111137 Normal file
View File

@ -0,0 +1 @@
da7c3531c1615d54025b05ede595d9e73c21269986b7a213db7252ca2207e269

1
db/schema_migrations/20240918111138 Normal file
View File

@ -0,0 +1 @@
cbc52a16fc5f89abb6567e298a5e96eacc34a6a7c0222c2ba9fc1c3299b84438

26
db/structure.sql
View File

@ -2073,6 +2073,22 @@ RETURN NEW;
END
$$;
CREATE FUNCTION trigger_cf646a118cbb() RETURNS trigger
LANGUAGE plpgsql
AS $$
BEGIN
IF NEW."project_id" IS NULL THEN
SELECT "project_id"
INTO NEW."project_id"
FROM "releases"
WHERE "releases"."id" = NEW."release_id";
END IF;
RETURN NEW;
END
$$;
CREATE FUNCTION trigger_d4487a75bd44() RETURNS trigger
LANGUAGE plpgsql
AS $$
@ -13590,7 +13606,8 @@ ALTER SEQUENCE metrics_users_starred_dashboards_id_seq OWNED BY metrics_users_st
CREATE TABLE milestone_releases (
milestone_id bigint NOT NULL,
release_id bigint NOT NULL
release_id bigint NOT NULL,
project_id bigint
);
CREATE TABLE milestones (
@ -29304,6 +29321,8 @@ CREATE INDEX index_migration_jobs_on_migration_id_and_finished_at ON batched_bac
CREATE INDEX index_migration_jobs_on_migration_id_and_max_value ON batched_background_migration_jobs USING btree (batched_background_migration_id, max_value);
CREATE INDEX index_milestone_releases_on_project_id ON milestone_releases USING btree (project_id);
CREATE INDEX index_milestone_releases_on_release_id ON milestone_releases USING btree (release_id);
CREATE INDEX index_milestones_on_description_trigram ON milestones USING gin (description gin_trgm_ops);
@ -33308,6 +33327,8 @@ CREATE TRIGGER trigger_cac7c0698291 BEFORE INSERT OR UPDATE ON evidences FOR EAC
CREATE TRIGGER trigger_catalog_resource_sync_event_on_project_update AFTER UPDATE ON projects FOR EACH ROW WHEN ((((old.name)::text IS DISTINCT FROM (new.name)::text) OR (old.description IS DISTINCT FROM new.description) OR (old.visibility_level IS DISTINCT FROM new.visibility_level))) EXECUTE FUNCTION insert_catalog_resource_sync_event();
CREATE TRIGGER trigger_cf646a118cbb BEFORE INSERT OR UPDATE ON milestone_releases FOR EACH ROW EXECUTE FUNCTION trigger_cf646a118cbb();
CREATE TRIGGER trigger_d4487a75bd44 BEFORE INSERT OR UPDATE ON terraform_state_versions FOR EACH ROW EXECUTE FUNCTION trigger_d4487a75bd44();
CREATE TRIGGER trigger_d5c895007948 BEFORE INSERT OR UPDATE ON protected_environment_approval_rules FOR EACH ROW EXECUTE FUNCTION trigger_d5c895007948();
@ -33941,6 +33962,9 @@ ALTER TABLE ONLY issue_assignees
ALTER TABLE ONLY csv_issue_imports
ADD CONSTRAINT fk_5e1572387c FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE;
ALTER TABLE ONLY milestone_releases
ADD CONSTRAINT fk_5e73b8cad2 FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE;
ALTER TABLE ONLY project_access_tokens
ADD CONSTRAINT fk_5f7e8450e1 FOREIGN KEY (personal_access_token_id) REFERENCES personal_access_tokens(id) ON DELETE CASCADE;

2
doc/user/application_security/sast/gitlab_advanced_sast.md
View File

@ -50,6 +50,8 @@ GitLab Advanced SAST includes the following features:
- Cross-file analysis: Tracks data flow across different files, discovering vulnerabilities at a deeper level.
- Sanitizer detection: Avoid false positive results in case the user input is properly sanitized.
For a product tour, see the [GitLab Advanced SAST product tour](https://gitlab.navattic.com/advanced-sast).
## Supported languages
GitLab Advanced SAST supports the following languages with cross-function and cross-file taint analysis:

10
lib/gitlab/background_migration/backfill_milestone_releases_project_id.rb Normal file
View File

@ -0,0 +1,10 @@
# frozen_string_literal: true
module Gitlab
module BackgroundMigration
class BackfillMilestoneReleasesProjectId < BackfillDesiredShardingKeyJob
operation_name :backfill_milestone_releases_project_id
feature_category :release_orchestration
end
end
end

27
rubocop/cop/graphql/id_type.rb
View File

@ -4,27 +4,40 @@ module RuboCop
module Cop
module Graphql
class IDType < RuboCop::Cop::Base
MSG = 'Do not use GraphQL::Types::ID, use a specific GlobalIDType instead'
MSG_USE_STRING_FOR_IID = 'Do not use GraphQL::Types::ID for IIDs, use GraphQL::Types::String instead'
MSG_USE_GLOBAL_ID = 'Do not use GraphQL::Types::ID, use a specific GlobalIDType instead'
ALLOWLISTED_ARGUMENTS = %i[
iid full_path project_path group_path target_project_path target_group_path target_path namespace_path
full_path project_path group_path target_project_path target_group_path target_path namespace_path
context_namespace_path
].freeze
def_node_search :graphql_id_type?, <<~PATTERN
def_node_matcher :iid_with_id?, <<~PATTERN
(send nil? {:field :argument}
(sym #iid?)
(const (const (const nil? :GraphQL) :Types) :ID)
(...)?)
PATTERN
def_node_search :graphql_id_allowed?, <<~PATTERN
(send nil? :argument (_ #does_not_match?) (const (const (const nil? :GraphQL) :Types) :ID) ...)
PATTERN
def on_send(node)
return unless graphql_id_type?(node)
return add_offense(node, message: MSG_USE_STRING_FOR_IID) if iid_with_id?(node)
return unless graphql_id_allowed?(node)
add_offense(node)
add_offense(node, message: MSG_USE_GLOBAL_ID)
end
private
def does_not_match?(arg)
!ALLOWLISTED_ARGUMENTS.include?(arg) # rubocop:disable Rails/NegateInclude
def does_not_match?(arg_name)
ALLOWLISTED_ARGUMENTS.exclude?(arg_name)
end
def iid?(arg_name)
arg_name == :iid || arg_name.end_with?('_iid')
end
end
end

16
spec/lib/gitlab/background_migration/backfill_milestone_releases_project_id_spec.rb Normal file
View File

@ -0,0 +1,16 @@
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Gitlab::BackgroundMigration::BackfillMilestoneReleasesProjectId,
feature_category: :release_orchestration,
schema: 20240918111134 do
include_examples 'desired sharding key backfill job' do
let(:batch_table) { :milestone_releases }
let(:batch_column) { :milestone_id }
let(:backfill_column) { :project_id }
let(:backfill_via_table) { :releases }
let(:backfill_via_column) { :project_id }
let(:backfill_via_foreign_key) { :release_id }
end
end

2
spec/lib/gitlab/import_export/safe_model_attributes.yml
View File

@ -127,6 +127,8 @@ Milestone:
- updated_at
- state
- iid
MilestoneRelease:
- project_id
ProjectSnippet:
- id
- title

34
spec/migrations/20240918111138_queue_backfill_milestone_releases_project_id_spec.rb Normal file
View File

@ -0,0 +1,34 @@
# frozen_string_literal: true
require 'spec_helper'
require_migration!
RSpec.describe QueueBackfillMilestoneReleasesProjectId, feature_category: :release_orchestration do
let!(:batched_migration) { described_class::MIGRATION }
it 'schedules a new batched migration' do
reversible_migration do |migration|
migration.before -> {
expect(batched_migration).not_to have_scheduled_batched_migration
}
migration.after -> {
expect(batched_migration).to have_scheduled_batched_migration(
table_name: :milestone_releases,
column_name: :milestone_id,
interval: described_class::DELAY_INTERVAL,
batch_size: described_class::BATCH_SIZE,
batch_class_name: 'LooseIndexScanBatchingStrategy',
sub_batch_size: described_class::SUB_BATCH_SIZE,
gitlab_schema: :gitlab_main_cell,
job_arguments: [
:project_id,
:releases,
:project_id,
:release_id
]
)
}
end
end
end

54
spec/rubocop/cop/graphql/id_type_spec.rb
View File

@ -4,7 +4,7 @@ require 'rubocop_spec_helper'
require_relative '../../../../rubocop/cop/graphql/id_type'
RSpec.describe RuboCop::Cop::Graphql::IDType do
RSpec.describe RuboCop::Cop::Graphql::IDType, feature_category: :api do
it 'adds an offense when GraphQL::Types::ID is used as a param to #argument' do
expect_offense(<<~TYPE)
argument :some_arg, GraphQL::Types::ID, some: other, params: do_not_matter
@ -27,4 +27,56 @@ RSpec.describe RuboCop::Cop::Graphql::IDType do
argument :some_arg, ::Types::GlobalIDType[::Awardable], some: other, params: do_not_matter
TYPE
end
it 'adds an offense when GraphQL::Types::ID is used with an IID field' do
expect_offense(<<~TYPE)
field :iid, GraphQL::Types::ID, some: other, params: do_not_matter
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Do not use GraphQL::Types::ID for IIDs, use GraphQL::Types::String instead
TYPE
end
it 'adds an offense when GraphQL::Types::ID is used with an IID-like field' do
expect_offense(<<~TYPE)
field :issue_iid, GraphQL::Types::ID, some: other, params: do_not_matter
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Do not use GraphQL::Types::ID for IIDs, use GraphQL::Types::String instead
TYPE
end
it 'adds an offense when GraphQL::Types::ID is used with an IID argument' do
expect_offense(<<~TYPE)
argument :iid, GraphQL::Types::ID, some: other, params: do_not_matter
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Do not use GraphQL::Types::ID for IIDs, use GraphQL::Types::String instead
TYPE
end
it 'adds an offense when GraphQL::Types::ID is used with an IID-like argument' do
expect_offense(<<~TYPE)
argument :merge_request_iid, GraphQL::Types::ID, some: other, params: do_not_matter
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Do not use GraphQL::Types::ID for IIDs, use GraphQL::Types::String instead
TYPE
end
it 'does not add an offense when GraphQL::Types::String is used with an IID field' do
expect_no_offenses(<<~TYPE)
field :iid, GraphQL::Types::String, some: other, params: do_not_matter
TYPE
end
it 'does not add an offense when GraphQL::Types::String is used with an IID-like field' do
expect_no_offenses(<<~TYPE)
field :issue_iid, GraphQL::Types::String, some: other, params: do_not_matter
TYPE
end
it 'does not add an offense when GraphQL::Types::String is used with an IID argument' do
expect_no_offenses(<<~TYPE)
argument :iid, GraphQL::Types::String, some: other, params: do_not_matter
TYPE
end
it 'does not add an offense when GraphQL::Types::String is used with an IID-like argument' do
expect_no_offenses(<<~TYPE)
argument :merge_request_iid, GraphQL::Types::String, some: other, params: do_not_matter
TYPE
end
end