root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2025-03-06 09:11:04 +00:00
parent df6c675ac5
commit f2d71682a9
57 changed files with 887 additions and 253 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
GITLAB_KAS_VERSION
View File

@ -1 +1 @@
b54405cd2d14a8a25aa2a5a464008ec9421b7aa6
ee993f8401e0537797a6ea65c8a25b255ad17932

35
app/assets/javascripts/ide/mount_oauth_callback.js
View File

@ -1,12 +1,33 @@
import { oauthCallback } from '@gitlab/web-ide';
import { IDE_ELEMENT_ID } from '~/ide/constants';
import { createAlert } from '~/alert';
import { s__ } from '~/locale';
import { getBaseConfig, getOAuthConfig } from './lib/gitlab_web_ide';
export const mountOAuthCallback = () => {
const el = document.getElementById('ide');
export const mountOAuthCallback = async () => {
const el = document.getElementById(IDE_ELEMENT_ID);
return oauthCallback({
...getBaseConfig(),
username: gon.current_username,
auth: getOAuthConfig(el.dataset),
});
try {
await oauthCallback({
...getBaseConfig(),
username: gon.current_username,
auth: getOAuthConfig(el.dataset),
});
} catch (error) {
// eslint-disable-next-line no-console
console.error(error);
createAlert({
message: s__(
'WebIdeOAuthCallback|Unable to authorize GitLab Web IDE access. For more information, see the developer console.',
),
dismissible: false,
containerSelector: '.alert-wrapper',
primaryButton: {
text: s__('WebIdeOAuthCallback|Close tab'),
clickHandler: () => window.close(),
},
});
}
};

2
app/presenters/packages/conan/package_presenter.rb
View File

@ -80,7 +80,7 @@ module Packages
def package_files
return unless @package
@package.installable_package_files.preload_conan_file_metadata
@package.installable_package_files.without_conan_recipe_revision.preload_conan_file_metadata
end
strong_memoize_attr :package_files

13
config/gitlab.yml.example
View File

@ -1279,22 +1279,13 @@ production: &base
# Default is '.gitlab_workhorse_secret' relative to Rails.root (i.e. root of the GitLab app).
# secret_file: /home/git/gitlab/.gitlab_workhorse_secret
# This section to be removed when we merge https://gitlab.com/gitlab-org/gitlab-development-kit/-/merge_requests/4382
topology_service:
# enabled: false
# address: topology-service.gitlab.example.com:443
# ca_file: /home/git/gitlab/config/topology-service-ca.pem
# certificate_file: /home/git/gitlab/config/topology-service-cert.pem
# private_key_file: /home/git/gitlab/config/topology-service-key.pem
cell:
# enabled: false
# id: null
# name: null
# skip_sequence_alteration: false # To be removed with https://gitlab.com/gitlab-org/gitlab-development-kit/-/merge_requests/4382
# database:
# skip_sequence_alteration: false
# topology_service:
# enabled: false
# topology_service_client:
# address: topology-service.gitlab.example.com:443
# ca_file: /home/git/gitlab/config/topology-service-ca.pem
# certificate_file: /home/git/gitlab/config/topology-service-cert.pem

15
config/initializers/1_settings.rb
View File

@ -1072,16 +1072,17 @@ Settings.workhorse['secret_file'] ||= Rails.root.join('.gitlab_workhorse_secret'
# Cells
#
Settings['cell'] ||= {}
Settings.cell['enabled'] ||= false # All Cells Features are disabled by default
Settings.cell['id'] ||= nil
Settings.cell['database'] ||= {}
Settings.cell.database['skip_sequence_alteration'] ||= false
# This ternary operation expression to be removed when we merge https://gitlab.com/gitlab-org/gitlab-development-kit/-/merge_requests/4382
Settings.cell['topology_service'] ||= Settings.respond_to?(:topology_service) ? Settings.topology_service || {} : {}
Settings.cell.topology_service['enabled'] ||= false
Settings.cell.topology_service['address'] ||= 'topology-service.gitlab.example.com:443'
Settings.cell.topology_service['ca_file'] ||= '/home/git/gitlab/config/topology-service-ca.pem'
Settings.cell.topology_service['certificate_file'] ||= '/home/git/gitlab/config/topology-service-cert.pem'
Settings.cell.topology_service['private_key_file'] ||= '/home/git/gitlab/config/topology-service-key.pem'
# Topology Service Client Settings
Settings.cell['topology_service_client'] ||= Settings.respond_to?(:topology_service) ? Settings.topology_service || {} : {}
Settings.cell.topology_service_client['address'] ||= 'topology-service.gitlab.example.com:443'
Settings.cell.topology_service_client['ca_file'] ||= '/home/git/gitlab/config/topology-service-ca.pem'
Settings.cell.topology_service_client['certificate_file'] ||= '/home/git/gitlab/config/topology-service-cert.pem'
Settings.cell.topology_service_client['private_key_file'] ||= '/home/git/gitlab/config/topology-service-key.pem'
#
# GitLab KAS

2
config/initializers/irb.rb
View File

@ -1,5 +1,7 @@
# frozen_string_literal: true
require 'irb'
if Gitlab::Runtime.console?
# Stop irb from writing a history file by default.
module IrbNoHistory

4
config/initializers/session_store.rb
View File

@ -18,7 +18,9 @@ raw_config = if File.exist?(Rails.root.join('config/session_store.yml'))
{}
end
cell_id = Gitlab.config.cell.id
# If session_cookie_token_prefix is not set, we fall back to cell id
# only if the instance was enabled as a cell
cell_id = Gitlab.config.cell.id if Gitlab.config.cell.enabled
session_cookie_token_prefix = if raw_config.fetch(:session_cookie_token_prefix, '').present?
raw_config.fetch(:session_cookie_token_prefix)
elsif cell_id.present?

13
config/initializers/validate_cell_config.rb
View File

@ -4,10 +4,13 @@ return if Gitlab::Utils.to_boolean(ENV['SKIP_CELL_CONFIG_VALIDATION'], default:
ValidationError = Class.new(StandardError)
if Gitlab.config.cell.id.present? && !Gitlab.config.cell.topology_service.enabled
raise ValidationError, "Topology Service is not configured, but Cell ID is set"
end
if Gitlab.config.cell.enabled
raise ValidationError, "Cell ID is not set to a valid positive integer" if Gitlab.config.cell.id.to_i < 1
if Gitlab.config.cell.topology_service.enabled && Gitlab.config.cell.id.blank?
raise ValidationError, "Topology Service is enabled, but Cell ID is not set"
Settings.topology_service_settings.each do |setting|
setting_value = Gitlab.config.cell.topology_service_client.send(setting)
raise ValidationError, "Topology Service setting '#{setting}' is not set" if setting_value.blank?
end
elsif Gitlab.config.cell.id.present?
raise ValidationError, "Cell ID is set but Cell is not enabled"
end

9
config/settings.rb
View File

@ -179,13 +179,8 @@ Settings = GitlabSettings.load(file, Rails.env) do
[[Gitlab::SidekiqConfig::WorkerMatcher::WILDCARD_MATCH, 'default']]
end
# This method dictates whether the GitLab instance is part of a cells cluster
def topology_service_enabled?
cell.topology_service.enabled
end
def skip_sequence_alteration?
cell.database.respond_to?(:skip_sequence_alteration) && cell.database.skip_sequence_alteration
def topology_service_settings
%w[address ca_file certificate_file private_key_file]
end
private

13
data/deprecations/17-7-list-endpoint-response-code.yml Normal file
View File

@ -0,0 +1,13 @@
- title: 'Error handling for `/repository/tree` REST API endpoint returns `404`'
announcement_milestone: '16.5'
removal_milestone: '17.7'
breaking_change: true
reporter: phikai
stage: Create
issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/420865
body: |
In GitLab 17.7, the error handling behavior for the list repository tree API endpoint, `/projects/:id/repository/tree`, is updated when a requested path is not found. The endpoint now returns a status code `404 Not Found`. Previously, the status code was `200 OK`.
This change was enabled on GitLab.com in GitLab 16.5, and will be available for self-managed instances in GitLab 17.7.
If your implementation relies on receiving a `200` status code with an empty array for missing paths, you must update your error handling to handle the new `404` responses.

8
db/docs/batched_background_migrations/backfill_incident_management_pending_issue_escalations_namespace_id.yml Normal file
View File

@ -0,0 +1,8 @@
---
migration_job_name: BackfillIncidentManagementPendingIssueEscalationsNamespaceId
description: Backfills sharding key `incident_management_pending_issue_escalations.namespace_id` from `issues`.
feature_category: incident_management
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/183047
milestone: '17.10'
queued_migration_version: 20250228142823
finalized_by: # version of the migration that finalized this BBM

1
db/docs/incident_management_pending_issue_escalations.yml
View File

@ -19,3 +19,4 @@ desired_sharding_key:
sharding_key: namespace_id
belongs_to: issue
table_size: small
desired_sharding_key_migration_job_name: BackfillIncidentManagementPendingIssueEscalationsNamespaceId

9
db/migrate/20250228142819_add_namespace_id_to_incident_management_pending_issue_escalations.rb Normal file
View File

@ -0,0 +1,9 @@
# frozen_string_literal: true
class AddNamespaceIdToIncidentManagementPendingIssueEscalations < Gitlab::Database::Migration[2.2]
milestone '17.10'
def change
add_column :incident_management_pending_issue_escalations, :namespace_id, :bigint
end
end

18
db/post_migrate/20250228142820_index_incident_management_pending_issue_escalations_on_namespace_id.rb Normal file
View File

@ -0,0 +1,18 @@
# frozen_string_literal: true
class IndexIncidentManagementPendingIssueEscalationsOnNamespaceId < Gitlab::Database::Migration[2.2]
include Gitlab::Database::PartitioningMigrationHelpers
milestone '17.10'
disable_ddl_transaction!
INDEX_NAME = 'idx_incident_management_pending_issue_esc_on_namespace_id'
def up
add_concurrent_partitioned_index(:incident_management_pending_issue_escalations, :namespace_id, name: INDEX_NAME)
end
def down
remove_concurrent_partitioned_index_by_name(:incident_management_pending_issue_escalations, INDEX_NAME)
end
end

19
db/post_migrate/20250228142821_add_incident_management_pending_issue_escalations_namespace_id_fk.rb Normal file
View File

@ -0,0 +1,19 @@
# frozen_string_literal: true
class AddIncidentManagementPendingIssueEscalationsNamespaceIdFk < Gitlab::Database::Migration[2.2]
include Gitlab::Database::PartitioningMigrationHelpers
milestone '17.10'
disable_ddl_transaction!
def up
add_concurrent_partitioned_foreign_key :incident_management_pending_issue_escalations, :namespaces,
column: :namespace_id, on_delete: :cascade
end
def down
with_lock_retries do
remove_foreign_key :incident_management_pending_issue_escalations, column: :namespace_id
end
end
end

25
db/post_migrate/20250228142822_add_incident_management_pending_issue_escalations_namespace_id_trigger.rb Normal file
View File

@ -0,0 +1,25 @@
# frozen_string_literal: true
class AddIncidentManagementPendingIssueEscalationsNamespaceIdTrigger < Gitlab::Database::Migration[2.2]
milestone '17.10'
def up
install_sharding_key_assignment_trigger(
table: :incident_management_pending_issue_escalations,
sharding_key: :namespace_id,
parent_table: :issues,
parent_sharding_key: :namespace_id,
foreign_key: :issue_id
)
end
def down
remove_sharding_key_assignment_trigger(
table: :incident_management_pending_issue_escalations,
sharding_key: :namespace_id,
parent_table: :issues,
parent_sharding_key: :namespace_id,
foreign_key: :issue_id
)
end
end

56
db/post_migrate/20250228142823_queue_backfill_incident_management_pending_issue_escalations_namespace_id.rb Normal file
View File

@ -0,0 +1,56 @@
# frozen_string_literal: true
class QueueBackfillIncidentManagementPendingIssueEscalationsNamespaceId < Gitlab::Database::Migration[2.2]
milestone '17.10'
restrict_gitlab_migration gitlab_schema: :gitlab_main_cell
MIGRATION = "BackfillIncidentManagementPendingIssueEscalationsNamespaceId"
STRATEGY = 'PrimaryKeyBatchingStrategy'
DELAY_INTERVAL = 2.minutes
BATCH_SIZE = 1000
SUB_BATCH_SIZE = 100
def up
(max_id, max_order) = define_batchable_model('incident_management_pending_issue_escalations')
.order(id: :desc, process_at: :desc)
.pick(:id, :process_at)
max_id ||= 0
max_order ||= Time.current.to_s
Gitlab::Database::BackgroundMigration::BatchedMigration.create!(
gitlab_schema: :gitlab_main_cell,
job_class_name: MIGRATION,
job_arguments: [
:namespace_id,
:issues,
:namespace_id,
:issue_id
],
table_name: :incident_management_pending_issue_escalations,
column_name: :id,
min_cursor: [0, 2.months.ago.to_s],
max_cursor: [max_id, max_order],
interval: DELAY_INTERVAL,
pause_ms: 100,
batch_class_name: STRATEGY,
batch_size: BATCH_SIZE,
sub_batch_size: SUB_BATCH_SIZE,
status_event: :execute
)
end
def down
delete_batched_background_migration(
MIGRATION,
:incident_management_pending_issue_escalations,
:id,
[
:namespace_id,
:issues,
:namespace_id,
:issue_id
]
)
end
end

19
db/post_migrate/20250304231245_increase_token_encrypted_constraint.rb Normal file
View File

@ -0,0 +1,19 @@
# frozen_string_literal: true
class IncreaseTokenEncryptedConstraint < Gitlab::Database::Migration[2.2]
disable_ddl_transaction!
milestone '17.10'
TABLE_NAME = 'ci_runners_e59bb2812d'
def up
# rubocop:disable Layout/LineLength -- This is more readable
add_text_limit TABLE_NAME, :token_encrypted, 512, constraint_name: check_constraint_name(TABLE_NAME, :token_encrypted, 'max_length_512')
remove_text_limit TABLE_NAME, :token_encrypted, constraint_name: check_constraint_name(TABLE_NAME, :token_encrypted, 'max_length')
# rubocop:enable Layout/LineLength
end
def down
# no-op: Danger of failing if there are records with length(token_encrypted) > 128
end
end

1
db/schema_migrations/20250228142819 Normal file
View File

@ -0,0 +1 @@
d2115cbb3758ca37f62ab4edcc14e3a2d6fb1377100f73d46cddecd1ffcf49dd

1
db/schema_migrations/20250228142820 Normal file
View File

@ -0,0 +1 @@
ca8b553e1b2dda6a24ffd87083023b5737da2d229c06d80c19a36b6f4aa22cfe

1
db/schema_migrations/20250228142821 Normal file
View File

@ -0,0 +1 @@
2e5767f77360b00c0f978a867f422d44d016c91eb33d97fc34e6c6a684282620

1
db/schema_migrations/20250228142822 Normal file
View File

@ -0,0 +1 @@
baf683a242ce43327314166c641e0a96cf658a235860562dac7a552d99263539

1
db/schema_migrations/20250228142823 Normal file
View File

@ -0,0 +1 @@
a7657b520fb788847f55211252398c48024a9dc32ea29600a430a9f30ed0bd20

1
db/schema_migrations/20250304231245 Normal file
View File

@ -0,0 +1 @@
21335417f8af95ccf2c49294d626b3e9b5b53b616119dd4406b8b644dc55c0a5

34
db/structure.sql
View File

@ -3251,6 +3251,22 @@ RETURN NEW;
END
$$;
CREATE FUNCTION trigger_c52d215d50a1() RETURNS trigger
LANGUAGE plpgsql
AS $$
BEGIN
IF NEW."namespace_id" IS NULL THEN
SELECT "namespace_id"
INTO NEW."namespace_id"
FROM "issues"
WHERE "issues"."id" = NEW."issue_id";
END IF;
RETURN NEW;
END
$$;
CREATE FUNCTION trigger_c59fe6f31e71() RETURNS trigger
LANGUAGE plpgsql
AS $$
@ -4324,7 +4340,8 @@ CREATE TABLE incident_management_pending_issue_escalations (
issue_id bigint NOT NULL,
process_at timestamp with time zone NOT NULL,
created_at timestamp with time zone NOT NULL,
updated_at timestamp with time zone NOT NULL
updated_at timestamp with time zone NOT NULL,
namespace_id bigint
)
PARTITION BY RANGE (process_at);
@ -11248,9 +11265,9 @@ CREATE TABLE ci_runners_e59bb2812d (
maintainer_note text,
allowed_plans text[] DEFAULT '{}'::text[] NOT NULL,
allowed_plan_ids bigint[] DEFAULT '{}'::bigint[] NOT NULL,
CONSTRAINT check_030ad0773d CHECK ((char_length(token_encrypted) <= 512)),
CONSTRAINT check_1f8618ab23 CHECK ((char_length(name) <= 256)),
CONSTRAINT check_24b281f5bf CHECK ((char_length(maintainer_note) <= 1024)),
CONSTRAINT check_31c16b2a99 CHECK ((char_length(token_encrypted) <= 128)),
CONSTRAINT check_5db8ae9d30 CHECK ((char_length(description) <= 1024)),
CONSTRAINT check_af25130d5a CHECK ((char_length(token) <= 128))
)
@ -14487,9 +14504,9 @@ CREATE TABLE group_type_ci_runners_e59bb2812d (
maintainer_note text,
allowed_plans text[] DEFAULT '{}'::text[] NOT NULL,
allowed_plan_ids bigint[] DEFAULT '{}'::bigint[] NOT NULL,
CONSTRAINT check_030ad0773d CHECK ((char_length(token_encrypted) <= 512)),
CONSTRAINT check_1f8618ab23 CHECK ((char_length(name) <= 256)),
CONSTRAINT check_24b281f5bf CHECK ((char_length(maintainer_note) <= 1024)),
CONSTRAINT check_31c16b2a99 CHECK ((char_length(token_encrypted) <= 128)),
CONSTRAINT check_5db8ae9d30 CHECK ((char_length(description) <= 1024)),
CONSTRAINT check_af25130d5a CHECK ((char_length(token) <= 128)),
CONSTRAINT check_sharding_key_id_nullness CHECK ((sharding_key_id IS NOT NULL))
@ -15084,9 +15101,9 @@ CREATE TABLE instance_type_ci_runners_e59bb2812d (
maintainer_note text,
allowed_plans text[] DEFAULT '{}'::text[] NOT NULL,
allowed_plan_ids bigint[] DEFAULT '{}'::bigint[] NOT NULL,
CONSTRAINT check_030ad0773d CHECK ((char_length(token_encrypted) <= 512)),
CONSTRAINT check_1f8618ab23 CHECK ((char_length(name) <= 256)),
CONSTRAINT check_24b281f5bf CHECK ((char_length(maintainer_note) <= 1024)),
CONSTRAINT check_31c16b2a99 CHECK ((char_length(token_encrypted) <= 128)),
CONSTRAINT check_5db8ae9d30 CHECK ((char_length(description) <= 1024)),
CONSTRAINT check_af25130d5a CHECK ((char_length(token) <= 128)),
CONSTRAINT check_sharding_key_id_nullness CHECK ((sharding_key_id IS NULL))
@ -20272,9 +20289,9 @@ CREATE TABLE project_type_ci_runners_e59bb2812d (
maintainer_note text,
allowed_plans text[] DEFAULT '{}'::text[] NOT NULL,
allowed_plan_ids bigint[] DEFAULT '{}'::bigint[] NOT NULL,
CONSTRAINT check_030ad0773d CHECK ((char_length(token_encrypted) <= 512)),
CONSTRAINT check_1f8618ab23 CHECK ((char_length(name) <= 256)),
CONSTRAINT check_24b281f5bf CHECK ((char_length(maintainer_note) <= 1024)),
CONSTRAINT check_31c16b2a99 CHECK ((char_length(token_encrypted) <= 128)),
CONSTRAINT check_5db8ae9d30 CHECK ((char_length(description) <= 1024)),
CONSTRAINT check_af25130d5a CHECK ((char_length(token) <= 128)),
CONSTRAINT check_sharding_key_id_nullness CHECK ((sharding_key_id IS NOT NULL))
@ -31233,6 +31250,8 @@ CREATE INDEX idx_import_source_user_placeholder_references_on_user_model_id ON i
CREATE INDEX idx_incident_management_pending_alert_escalations_on_project_id ON ONLY incident_management_pending_alert_escalations USING btree (project_id);
CREATE INDEX idx_incident_management_pending_issue_esc_on_namespace_id ON ONLY incident_management_pending_issue_escalations USING btree (namespace_id);
CREATE INDEX idx_incident_management_timeline_event_tag_links_on_project_id ON incident_management_timeline_event_tag_links USING btree (project_id);
CREATE INDEX idx_installable_conan_pkgs_on_project_id_id ON packages_packages USING btree (project_id, id) WHERE ((package_type = 3) AND (status = ANY (ARRAY[0, 1])));
@ -38749,6 +38768,8 @@ CREATE TRIGGER trigger_b9839c6d713f BEFORE INSERT ON application_settings FOR EA
CREATE TRIGGER trigger_c17a166692a2 BEFORE INSERT OR UPDATE ON audit_events_streaming_headers FOR EACH ROW EXECUTE FUNCTION trigger_c17a166692a2();
CREATE TRIGGER trigger_c52d215d50a1 BEFORE INSERT OR UPDATE ON incident_management_pending_issue_escalations FOR EACH ROW EXECUTE FUNCTION trigger_c52d215d50a1();
CREATE TRIGGER trigger_c59fe6f31e71 BEFORE INSERT OR UPDATE ON security_orchestration_policy_rule_schedules FOR EACH ROW EXECUTE FUNCTION trigger_c59fe6f31e71();
CREATE TRIGGER trigger_c5eec113ea76 BEFORE INSERT OR UPDATE ON dast_pre_scan_verifications FOR EACH ROW EXECUTE FUNCTION trigger_c5eec113ea76();
@ -41914,6 +41935,9 @@ ALTER TABLE ONLY clusters_kubernetes_namespaces
ALTER TABLE ONLY security_policies
ADD CONSTRAINT fk_rails_802ceea0c8 FOREIGN KEY (security_orchestration_policy_configuration_id) REFERENCES security_orchestration_policy_configurations(id) ON DELETE CASCADE;
ALTER TABLE incident_management_pending_issue_escalations
ADD CONSTRAINT fk_rails_8069e80242 FOREIGN KEY (namespace_id) REFERENCES namespaces(id) ON DELETE CASCADE;
ALTER TABLE ONLY dependency_proxy_manifest_states
ADD CONSTRAINT fk_rails_806cf07a3c FOREIGN KEY (dependency_proxy_manifest_id) REFERENCES dependency_proxy_manifests(id) ON DELETE CASCADE;

22
doc/administration/cells.md
View File

@ -34,26 +34,26 @@ The cells related configuration in `config/gitlab.yml` is in this format:
```yaml
cell:
enabled: true
id: 1
database:
skip_sequence_alteration: false
topology_service:
enabled: true
topology_service_client:
address: topology-service.gitlab.example.com:443
ca_file: /home/git/gitlab/config/topology-service-ca.pem
certificate_file: /home/git/gitlab/config/topology-service-cert.pem
private_key_file: /home/git/gitlab/config/topology-service-key.pem
```
| Configuration | Default value | Description |
| ------ |---------------|-------------------------------------------------------------------------------------------------------------------------------------|
| `cell.id` | `nil` | Unique integer identifier for the cell in a cluster. For use when the instance is part of a cell cluster. |
| `database.skip_sequence_alteration` | `false` | When `true`, skips database sequence alteration for the cell. Enable for the legacy cell (`cell-1`) before the monolith cell is available for use, being tracked in this epic: [Phase 6: Monolith Cell](https://gitlab.com/groups/gitlab-org/-/epics/14513). |
| `topology_service.enabled` | `false` | When `true`, enables the topology service client to connect to the topology service, which is required to be considered a cell. |
| `topology_service.address` | `nil` | Address and port of the topology service. |
| `topology_service.ca_file` | `nil` | Path to the CA certificate file for secure communication. |
| `topology_service.certificate_file` | `nil` | Path to the client certificate file. |
| `topology_service.private_key_file` | `nil` | Path to the private key file. |
| Configuration | Default value | Description |
|--------------------------------------------|-------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `cell.enabled` | `false` | To configure whether the instance is a Cell or not. `false` means all Cell features are disabled. `session_cookie_prefix_token` is not affected, and can be set separately. |
| `cell.id` | `nil` | Required to be a positive integer when `cell.enabled` is `true`. Otherwise, it must be `nil`. This is the unique integer identifier for the cell in a cluster. This ID is used inside the routable tokens. When `cell.id` is `nil`, the other attributes inside the routable tokens, like `organization_id` will still be used |
| `cell.database.skip_sequence_alteration` | `false` | When `true`, skips database sequence alteration for the cell. Enable for the legacy cell (`cell-1`) before the monolith cell is available for use, being tracked in this epic: [Phase 6: Monolith Cell](https://gitlab.com/groups/gitlab-org/-/epics/14513). |
| `cell.topology_service_client.address` | `"topology-service.gitlab.example.com:443"` | Required when `cell.enabled` is `true`. Address and port of the topology service server. |
| `cell.topology_service_client.ca_file` | `"/home/git/gitlab/config/topology-service-ca.pem"` | Required when `cell.enabled` is `true`. Path to the CA certificate file for secure communication. |
| `cell.topology_service_client.certificate_file` | `"/home/git/gitlab/config/topology-service-cert.pem"` | Required when `cell.enabled` is `true`. Path to the client certificate file. |
| `cell.topology_service_client.private_key_file` | `"/home/git/gitlab/config/topology-service-key.pem"` | Required when `cell.enabled` is `true`. Path to the private key file. |
## Related configuration

7
doc/administration/docs_self_host.md
View File

@ -302,3 +302,10 @@ For example:
```plaintext
registry.gitlab.com/gitlab-org/gitlab-docs:17.2
```
### Docker-hosted documentation site fails to redirect
When previewing the GitLab documentation in Docker on macOS, you may encounter an issue preventing
redirection to the documentation, yielding the message `If you are not redirected automatically, click here.`
To escape the redirect, you need to append the version number to the URL, such as `http://127.0.0.0.1:4000/16.8/`.

8
doc/api/repositories.md
View File

@ -474,6 +474,14 @@ curl --request POST \
--url "https://gitlab.com/api/v4/projects/42/repository/changelog"
```
To specify a branch as a parameter, use the `to` attribute:
```shell
curl --request GET \
--header "PRIVATE-TOKEN: token" \
--url "https://gitlab.com/api/v4/projects/42/repository/changelog?version=1.0.0&to=release/x.x.x"
```
## Generate changelog data
{{< history >}}

221
doc/api/runners.md
View File

@ -26,19 +26,17 @@ GET /groups/:id/runners
## Registration and authentication tokens
There are two tokens to take into account when connecting a runner with GitLab.
To connect a runner with GitLab, you need two tokens.
| Token | Description |
| ----- | ----------- |
| Registration token | Token used to [register the runner](https://docs.gitlab.com/runner/register/). It can be [obtained through GitLab](../ci/runners/_index.md). |
| Authentication token | Token used to authenticate the runner with the GitLab instance. The token is obtained automatically when you [register a runner](https://docs.gitlab.com/runner/register/) or by the Runners API when you manually [register a runner](#create-a-runner) or [reset the authentication token](#reset-runners-authentication-token-by-using-the-runner-id). You can also obtain the token by using the [`POST /user/runners`](users.md#create-a-runner-linked-to-a-user) endpoint. |
Here's an example of how the two tokens are used in runner registration:
Here's an example of how you can use the tokens for runner registration:
1. You register the runner via the GitLab API using a registration token, and an
authentication token is returned.
1. You use that authentication token and add it to the
[runner's configuration file](https://docs.gitlab.com/runner/commands/#configuration-file):
1. Register the runner by using the GitLab API with a registration token to receive an authentication token.
1. Add the authentication token to the [runner's configuration file](https://docs.gitlab.com/runner/commands/#configuration-file):
```toml
[[runners]]
@ -78,27 +76,32 @@ GET /runners?tag_list=tag1,tag2
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/runners"
```
{{< alert type="note" >}}
{{< alert type="warning" >}}
The `active` and `paused` values in the `status` query parameter were deprecated
and will be removed in [a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109). They are replaced by the `paused` query parameter.
The `active` and `paused` values in the `status` query parameter are deprecated
and scheduled for removal in [a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109).
Use the `paused` query parameter instead.
{{< /alert >}}
{{< alert type="note" >}}
{{< alert type="warning" >}}
The `active` attribute in the response is deprecated
and is scheduled for removal in [a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109).
Use the `paused` attribute instead.
The `active` attribute in the response was deprecated
and will be removed in [a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109). It is replaced by the `paused` attribute.
{{< /alert >}}
{{< alert type="note" >}}
{{< alert type="warning" >}}
The `ip_address` attribute in the response was deprecated
[in GitLab 16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/415159) and will be removed in
The `ip_address` attribute in the response is deprecated
[in GitLab 16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/415159) and is scheduled for removal in
[a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109).
This attribute will start returning an empty string in GitLab 17.0.
The `ipAddress` attribute can be found inside the respective runner manager, currently only available through the GraphQL
In GitLab 17.0, this attribute returns an empty string.
The `ipAddress` attribute can be found inside the respective runner manager.
It is only available through the GraphQL
[`CiRunnerManager` type](graphql/reference/_index.md#cirunnermanager).
{{< /alert >}}
Example response:
@ -171,27 +174,32 @@ GET /runners/all?tag_list=tag1,tag2
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/runners/all"
```
{{< alert type="note" >}}
{{< alert type="warning" >}}
The `active` and `paused` values in the `status` query parameter were deprecated
and will be removed in [a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109). They are replaced by the `paused` query parameter.
The `active` and `paused` values in the `status` query parameter are deprecated
and are scheduled for removal in [a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109).
Use the `paused` query parameter instead.
{{< /alert >}}
{{< alert type="note" >}}
{{< alert type="warning" >}}
The `active` attribute in the response is deprecated
and is scheduled for removal in [a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109).
Use the `paused` attribute instead.
The `active` attribute in the response was deprecated
and will be removed in [a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109). It is replaced by the `paused` attribute.
{{< /alert >}}
{{< alert type="note" >}}
{{< alert type="warning" >}}
The `ip_address` attribute in the response was deprecated
[in GitLab 16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/415159) and will be removed in
The `ip_address` attribute in the response is deprecated
[in GitLab 16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/415159) and is scheduled for removal in
[a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109).
This attribute will start returning an empty string in GitLab 17.0.
The `ipAddress` attribute can be found inside the respective runner manager, currently only available through the GraphQL
In GitLab 17.0, this attribute returns an empty string.
The `ipAddress` attribute can be found inside the respective runner manager.
It is only available through the GraphQL
[`CiRunnerManager` type](graphql/reference/_index.md#cirunnermanager).
{{< /alert >}}
Example response:
@ -255,7 +263,7 @@ To view more than the first 20 runners, use [pagination](rest/_index.md#paginati
Get details of a runner.
Instance-level runner details via this endpoint are available to all authenticated users.
Instance runner details through this endpoint are available to all authenticated users.
Prerequisites:
@ -274,36 +282,35 @@ GET /runners/:id
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/runners/6"
```
{{< alert type="note" >}}
{{< alert type="warning" >}}
The `token` attribute in the response was deprecated [in GitLab 12.10](https://gitlab.com/gitlab-org/gitlab/-/issues/214320)
and removed in [GitLab 13.0](https://gitlab.com/gitlab-org/gitlab/-/issues/214322).
The `active` attribute in the response is deprecated
and is scheduled for removal in [a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109).
Use the `paused` attribute instead.
{{< /alert >}}
{{< alert type="note" >}}
{{< alert type="warning" >}}
The `active` attribute in the response was deprecated
and will be removed in [a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109). It is replaced by the `paused` attribute.
{{< /alert >}}
{{< alert type="note" >}}
The `ip_address` attribute in the response was deprecated
[in GitLab 16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/415159) and will be removed in
The `ip_address` attribute in the response is deprecated
[in GitLab 16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/415159) and is scheduled for removal in
[a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109).
This attribute will start returning an empty string in GitLab 17.0.
The `ipAddress` attribute can be found inside the respective runner manager, currently only available through the GraphQL
In GitLab 17.0, this attribute returns an empty string.
The `ipAddress` attribute can be found inside the respective runner manager.
It is only available through the GraphQL
[`CiRunnerManager` type](graphql/reference/_index.md#cirunnermanager).
{{< /alert >}}
{{< alert type="note" >}}
The `version`, `revision`, `platform`, and `architecture` attributes in the response were deprecated
[in GitLab 17.0](https://gitlab.com/gitlab-org/gitlab/-/issues/457128) and will be removed in
The `version`, `revision`, `platform`, and `architecture` attributes in the response are deprecated
[in GitLab 17.0](https://gitlab.com/gitlab-org/gitlab/-/issues/457128) and are scheduled for removal in
[a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109).
The same attributes can be found inside the respective runner manager, currently only available through the GraphQL
The same attributes can be found inside the respective runner manager.
It is only available through the GraphQL
[`CiRunnerManager` type](graphql/reference/_index.md#cirunnermanager).
{{< /alert >}}
Example response:
@ -377,27 +384,24 @@ curl --request PUT --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab
--form "description=test-1-20150125-test" --form "tag_list=ruby,mysql,tag1,tag2"
```
{{< alert type="note" >}}
{{< alert type="warning" >}}
The `token` attribute in the response was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/214320) in GitLab 12.10
and [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/214322) in GitLab 13.0.
The `active` query parameter is deprecated
and is scheduled for removal in [a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109).
Use the `paused` attribute instead.
{{< /alert >}}
{{< alert type="note" >}}
{{< alert type="warning" >}}
The `active` query parameter was deprecated
and will be removed in [a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109). It is replaced by the `paused` attribute.
{{< /alert >}}
{{< alert type="note" >}}
The `ip_address` attribute in the response was deprecated
[in GitLab 16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/415159) and will be removed in
The `ip_address` attribute in the response is deprecated
[in GitLab 16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/415159) and is scheduled for removal in
[a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109).
This attribute will start returning an empty string in GitLab 17.0.
The `ipAddress` attribute can be found inside the respective runner manager, currently only available through the GraphQL
In GitLab 17.0, this attribute returns an empty string.
The `ipAddress` attribute can be found inside the respective runner manager.
It is only available through the GraphQL
[`CiRunnerManager` type](graphql/reference/_index.md#cirunnermanager).
{{< /alert >}}
Example response:
@ -474,21 +478,16 @@ curl --request PUT --header "PRIVATE-TOKEN: <your_access_token>" \
--form "active=false" "https://gitlab.example.com/api/v4/runners/6"
```
{{< alert type="note" >}}
{{< alert type="warning" >}}
The `active` form attribute was deprecated
and will be removed in [a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109). It is replaced by the `paused` attribute.
The `active` form attribute is deprecated
and is scheduled for removal in [a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109).
Use the `paused` attribute instead.
{{< /alert >}}
## List jobs processed by a runner
{{< history >}}
- [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/15432) in GitLab 10.3.
{{< /history >}}
List jobs that are being processed or were processed by the specified runner. The list of jobs is limited
to projects where the user has at least the Reporter role.
@ -657,27 +656,32 @@ GET /projects/:id/runners?tag_list=tag1,tag2
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/9/runners"
```
{{< alert type="note" >}}
{{< alert type="warning" >}}
The `active` and `paused` values in the `status` query parameter were deprecated
and will be removed in [a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109). They are replaced by the `paused` query parameter.
The `active` and `paused` values in the `status` query parameter are deprecated
and are scheduled for removal in [a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109).
Use the `paused` query parameter instead.
{{< /alert >}}
{{< alert type="note" >}}
{{< alert type="warning" >}}
The `active` attribute in the response is deprecated
and is scheduled for removal in [a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109).
Use the `paused` attribute instead.
The `active` attribute in the response was deprecated
and will be removed in [a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109). It is replaced by the `paused` attribute.
{{< /alert >}}
{{< alert type="note" >}}
{{< alert type="warning" >}}
The `ip_address` attribute in the response was deprecated
[in GitLab 16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/415159) and will be removed in
The `ip_address` attribute in the response is deprecated
[in GitLab 16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/415159) and is scheduled for removal in
[a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109).
This attribute will start returning an empty string in GitLab 17.0.
The `ipAddress` attribute can be found inside the respective runner manager, currently only available through the GraphQL
In GitLab 17.0, this attribute returns an empty string in GitLab 17.0.
The `ipAddress` attribute can be found inside the respective runner manager.
It is only available through the GraphQL
[`CiRunnerManager` type](graphql/reference/_index.md#cirunnermanager).
{{< /alert >}}
Example response:
@ -735,13 +739,13 @@ curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitla
--form "runner_id=9"
```
{{< alert type="note" >}}
{{< alert type="warning" >}}
The `ip_address` attribute in the response was deprecated
[in GitLab 16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/415159) and will be removed in
The `ip_address` attribute in the response is deprecated
[in GitLab 16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/415159) and is scheduled for removal in
[a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109).
This attribute will start returning an empty string in GitLab 17.0.
The `ipAddress` attribute can be found inside the respective runner manager, currently only available through the GraphQL
In GitLab 17.0, this attribute returns an empty string.
The `ipAddress` attribute can be found inside the respective runner manager. It is only available through the GraphQL
[`CiRunnerManager` type](graphql/reference/_index.md#cirunnermanager).
{{< /alert >}}
@ -789,7 +793,7 @@ curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" "https://git
## List group's runners
List all runners available in the group as well as its ancestor groups, including [any allowed instance runners](../ci/runners/runners_scope.md#enable-instance-runners-for-a-group).
List all runners available in the group and its ancestor groups, including [any allowed instance runners](../ci/runners/runners_scope.md#enable-instance-runners-for-a-group).
Prerequisites:
@ -806,7 +810,7 @@ GET /groups/:id/runners?tag_list=tag1,tag2
| Attribute | Type | Required | Description |
|------------------|----------------|----------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `id` | integer | yes | The ID of the group |
| `type` | string | no | The type of runners to return, one of: `instance_type`, `group_type`, `project_type`. The `project_type` value is [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/351466) and will be removed in GitLab 15.0 |
| `type` | string | no | The type of runners to return, one of: `instance_type`, `group_type`, `project_type`. The `project_type` value is [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/351466) and is scheduled for removal in GitLab 15.0 |
| `status` | string | no | The status of runners to return, one of: `online`, `offline`, `stale`, or `never_contacted`.<br/>Other possible values are the deprecated `active` and `paused`.<br/>Requesting `offline` runners might also return `stale` runners because `stale` is included in `offline`. |
| `paused` | boolean | no | Whether to include only runners that are accepting or ignoring new jobs |
| `tag_list` | string array | no | A list of runner tags |
@ -816,27 +820,31 @@ GET /groups/:id/runners?tag_list=tag1,tag2
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/9/runners"
```
{{< alert type="note" >}}
{{< alert type="warning" >}}
The `active` and `paused` values in the `status` query parameter were deprecated
and will be removed in [a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109). They are replaced by the `paused` query parameter.
The `active` and `paused` values in the `status` query parameter are deprecated
and are scheduled for removal in [a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109).
Use the `paused` query parameter instead.
{{< /alert >}}
{{< alert type="note" >}}
{{< alert type="warning" >}}
The `active` attribute in the response is deprecated
and is scheduled for removal in [a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109).
Use the `paused` attribute instead.
The `active` attribute in the response was deprecated
and will be removed in [a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109). It is replaced by the `paused` attribute.
{{< /alert >}}
{{< alert type="note" >}}
{{< alert type="warning" >}}
The `ip_address` attribute in the response was deprecated
[in GitLab 16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/415159) and will be removed in
The `ip_address` attribute in the response is deprecated
[in GitLab 16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/415159) and is scheduled for removal in
[a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109).
This attribute will start returning an empty string in GitLab 17.0.
The `ipAddress` attribute can be found inside the respective runner manager, currently only available through the GraphQL
In GitLab, t attribute returns an empty string.
The `ipAddress` attribute can be found inside the respective runner manager. It is only available through the GraphQL
[`CiRunnerManager` type](graphql/reference/_index.md#cirunnermanager).
{{< /alert >}}
Example response:
@ -940,10 +948,10 @@ Example response:
## Delete a runner
There are two ways to delete a runner:
You can delete a runner by specifying the:
- By specifying the runner ID.
- By specifying the runner's authentication token.
- Runner ID
- Runner's authentication token
### Delete a runner by ID
@ -962,7 +970,7 @@ DELETE /runners/:id
| Attribute | Type | Required | Description |
|-------------|---------|----------|---------------------|
| `id` | integer | yes | The ID of a runner. The ID is visible in the UI under **Settings > CI/CD**. Expand **Runners**, and below the **Remove Runner** button is an ID preceded by the pound sign, for example, `#6`. |
| `id` | integer | yes | The ID of a runner. The ID is visible in the UI under **Settings > CI/CD**. Expand **Runners**, and below **Remove Runner** is an ID preceded by the pound sign, for example, `#6`. |
```shell
curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/runners/6"
@ -1035,7 +1043,8 @@ Example response:
{{< alert type="warning" >}}
Runner registration tokens, and support for certain configuration arguments, were [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/380872) in GitLab 15.6 and will be removed in GitLab 17.0. After GitLab 17.0, you will no longer be able to reset runner registration tokens and the `reset_registration_token` endpoint will not function.
Runner registration tokens and support for certain configuration arguments were [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/380872) in GitLab 15.6. These features are scheduled for removal in GitLab 17.0.
After GitLab 17.0, you can no longer reset runner registration tokens and the `reset_registration_token` endpoint cannot function.
{{< /alert >}}
@ -1054,7 +1063,8 @@ curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" \
{{< alert type="warning" >}}
Runner registration tokens, and support for certain configuration arguments, were [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/380872) in GitLab 15.6 and will be removed in GitLab 17.0. After GitLab 17.0, you will no longer be able to reset runner registration tokens and the `reset_registration_token` endpoint will not function.
Runner registration tokens and support for certain configuration arguments were [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/380872) in GitLab 15.6. These features scheduled for removal in GitLab 17.0.
After GitLab 17.0, you can no longer reset runner registration tokens and the `reset_registration_token` endpoint cannot function.
{{< /alert >}}
@ -1073,7 +1083,8 @@ curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" \
{{< alert type="warning" >}}
Runner registration tokens, and support for certain configuration arguments, were [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/380872) in GitLab 15.6 and will be removed in GitLab 17.0. After GitLab 17.0, you will no longer be able to reset runner registration tokens and the `reset_registration_token` endpoint will not function.
Runner registration tokens and support for certain configuration arguments were [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/380872) in GitLab 15.6. These features are scheduled for removal in GitLab 17.0.
After GitLab 17.0, you can no longer reset runner registration tokens and the `reset_registration_token` endpoint cannot function.
{{< /alert >}}

41
doc/ci/runners/new_creation_workflow.md
View File

@ -15,15 +15,14 @@ title: Migrating to the new runner registration workflow
{{< alert type="disclaimer" />}}
In GitLab 16.0, we introduced a new runner creation workflow that uses runner authentication tokens to register
runners. The legacy workflow that uses registration tokens is deprecated and will be removed in GitLab 18.0.
runners. The legacy workflow that uses registration tokens is deprecated and is scheduled for removal in GitLab 18.0.
For information about the current development status of the new workflow, see [epic 7663](https://gitlab.com/groups/gitlab-org/-/epics/7663).
For information about the technical design and reasons for the new architecture, see [Next GitLab Runner Token Architecture](https://handbook.gitlab.com/handbook/engineering/architecture/design-documents/runner_tokens/).
If you experience problems or have concerns about the new runner registration workflow,
or if the following information is not sufficient,
you can let us know in the [feedback issue](https://gitlab.com/gitlab-org/gitlab/-/issues/387993).
or need more information, let us know in the [feedback issue](https://gitlab.com/gitlab-org/gitlab/-/issues/387993).
## The new runner registration workflow
@ -49,13 +48,11 @@ The new runner registration workflow has the following benefits:
## Prevent your runner registration workflow from breaking
Until GitLab 17.0, you can still use the legacy runner registration workflow.
In GitLab 16.11 and earlier, you can use the legacy runner registration workflow.
In GitLab 17.0, the legacy runner registration workflow will be disabled automatically. You will be able to manually re-enable the legacy runner registration workflow for a limited time. For more information, see
[Using registration tokens after GitLab 17.0](#using-registration-tokens-after-gitlab-170).
In GitLab 17.0, the legacy runner registration workflow is disabled by default. You can temporarily re-enable the legacy runner registration workflow. For more information, see [Using registration tokens after GitLab 17.0](#using-registration-tokens-after-gitlab-170).
If no action is taken before your GitLab instance is upgraded to GitLab 17.0, then your runner registration
workflow will break, and the `gitlab-runner register` command will receive a `410 Gone - runner registration disallowed` error.
If you don't migrate to the new workflow when you upgrade to GitLab 17.0, the runner registration breaks and the `gitlab-runner register` command returns a `410 Gone - runner registration disallowed` error.
To avoid a broken workflow, you must:
@ -82,7 +79,7 @@ To continue using registration tokens after GitLab 17.0:
## Impact on existing runners
Existing runners will continue to work as usual even after 18.0. This change only affects registration of new runners.
Existing runners will continue to work as usual after upgrading to GitLab 18.0. This change only affects registration of new runners.
The [GitLab Runner Helm chart](https://docs.gitlab.com/runner/install/kubernetes.html) generates new runner pods every time a job is executed.
For these runners, [enable legacy runner registration](#using-registration-tokens-after-gitlab-170) to use registration tokens.
@ -90,8 +87,8 @@ In GitLab 18.0 and later, you must migrate to the [new runner registration workf
## Changes to the `gitlab-runner register` command syntax
The `gitlab-runner register` command will stop accepting registration tokens and instead accept new runner
authentication tokens generated in the GitLab runners administration page.
The `gitlab-runner register` command accepts runner authentication tokens instead of registration tokens.
You can generate tokens from the **Runners** page in the **Admin** area.
The runner authentication tokens are recognizable by their `glrt-` prefix.
When you create a runner in the GitLab UI, you specify configuration values that were previously command-line options
@ -128,7 +125,7 @@ gitlab-runner register \
--registration-token "REDACTED"
```
In GitLab 15.10 and later, you create the runner and some of the attributes in the UI, like the
In GitLab 15.10 and later, you can create the runner and set attributes in the UI, like
tag list, locked status, and access level.
In GitLab 15.11 and later, these attributes are no longer accepted as arguments to `register` when a runner authentication token with the `glrt-` prefix is specified.
@ -145,7 +142,7 @@ gitlab-runner register \
## Impact on autoscaling
In autoscaling scenarios such as GitLab Runner Operator or GitLab Runner Helm Chart, the
registration token is replaced with the runner authentication token generated from the UI.
runner authentication token generated from the UI replaces the registration token.
This means that the same runner configuration is reused across jobs, instead of creating a runner
for each job.
The specific runner can be identified by the unique system ID that is generated when the runner
@ -182,7 +179,7 @@ runUntagged: true
protected: true
```
The replacement field for the invalid `runnerRegistrationToken` field is the `runnerToken` field. In the context of the GitLab Runner on Kubernetes, Helm deploy passes the runner `authentication token` to the runner worker pod and the runner configuration is created. If you continue to use the `runnerRegistrationToken` token field on Kubernetes hosted runners attached to GitLab.com, then the runner worker pod tries, on creation, to use the Registration API method that is no longer supported as of GitLab 17.0.
The `runnerRegistrationToken` field replaces the `runnerToken` field. For GitLab Runner on Kubernetes, Helm deploy passes the runner `authentication token` to the runner worker pod and creates the runner configuration. In GitLab 17.0, if Kubernetes hosted runners attached to GitLab.com use `runnerRegistrationToken`, the runner worker pod uses an unsupported Registration API method at creation.
If you store the runner authentication token in `secrets`, you must also modify them.
@ -215,7 +212,7 @@ data:
{{< alert type="note" >}}
If your secret management solution doesn't allow you to set an empty string for `runner-registration-token`,
you can set it to any string - it will be ignored when `runner-token` is present.
you can set it to any string. This value is ignored when `runner-token` is present.
{{< /alert >}}
@ -223,24 +220,24 @@ you can set it to any string - it will be ignored when `runner-token` is present
### Pod name is not visible in runner details page
When you use the new registration workflow to register your runners with the Helm chart, the pod name is not visible
in the runner details page.
When you use the new registration workflow to register your runners with Helm chart, the pod name doesn't appear
on the runner details page.
For more information, see [issue 423523](https://gitlab.com/gitlab-org/gitlab/-/issues/423523).
### Runner authentication token does not update when rotated
#### Token rotation with the same runner registered in multiple runner managers
When you use the new workflow to register your runners on multiple host machines and
the runner authentication token rotates automatically, only the first runner manager
to handle the token renewal request receives the new token.
When you register runners on multiple host machines through the new workflow with
automatic token rotation, only the first runner manager receives the new token.
The remaining runner managers continue to use the invalid token and become disconnected.
You must update these managers manually to use the new token.
#### Token rotation in GitLab Operator
When you use the new registration workflow to register your runners with the GitLab Operator,
the runner authentication token referenced by the Custom Resource Definition does not update when the token is rotated.
During runner registration with GitLab Operator through the new workflow,
the runner authentication token in the Custom Resource Definition doesn't update
during token rotation.
This occurs when:
- You're using a runner authentication token (prefixed with `glrt-`) in a secret

10
doc/integration/elasticsearch/troubleshooting/indexing.md
View File

@ -104,6 +104,16 @@ If `ElasticCommitIndexerWorker` Sidekiq workers are failing with this error duri
- To decrease the indexing throughput you can decrease `Bulk request concurrency` (see [Advanced search settings](../../advanced_search/elasticsearch.md#advanced-search-configuration)). This is set to `10` by default, but you change it to as low as 1 to reduce the number of concurrent indexing operations.
- If changing `Bulk request concurrency` didn't help, you can use the [routing rules](../../../administration/sidekiq/processing_specific_job_classes.md#routing-rules) option to [limit indexing jobs only to specific Sidekiq nodes](../../advanced_search/elasticsearch.md#index-large-instances-with-dedicated-sidekiq-nodes-or-processes), which should reduce the number of indexing requests.
## Error: `Elasticsearch::Transport::Transport::Errors::RequestEntityTooLarge`
```plaintext
[413] {"Message":"Request size exceeded 10485760 bytes"}
```
This exception is seen when your Elasticsearch cluster is configured to reject requests above a certain size (10 MiB in this case). This corresponds to the `http.max_content_length` setting in `elasticsearch.yml`. Increase it to a larger size and restart your Elasticsearch cluster.
AWS has [network limits](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#network-limits) on the maximum size of HTTP request payloads based on the size of the underlying instance. Set the maximum bulk request size to a value lower than 10 MiB.
## Indexing is very slow or fails with `rejected execution of coordinating operation`
Bulk requests getting rejected by the Elasticsearch nodes are likely due to load and lack of available memory.

10
doc/integration/elasticsearch/troubleshooting/migrations.md
View File

@ -23,16 +23,6 @@ For more information, see [advanced search migrations](../../advanced_search/ela
If you have a similar exception, ensure you have the correct Elasticsearch version and you meet the [system requirements](../../advanced_search/elasticsearch.md#system-requirements).
You can also check the version automatically by using the `sudo gitlab-rake gitlab:check` command.
## Error: `Elasticsearch::Transport::Transport::Errors::RequestEntityTooLarge`
```plaintext
[413] {"Message":"Request size exceeded 10485760 bytes"}
```
This exception is seen when your Elasticsearch cluster is configured to reject requests above a certain size (10 MiB in this case). This corresponds to the `http.max_content_length` setting in `elasticsearch.yml`. Increase it to a larger size and restart your Elasticsearch cluster.
AWS has [network limits](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#network-limits) on the maximum size of HTTP request payloads based on the size of the underlying instance. Set the maximum bulk request size to a value lower than 10 MiB.
## Error: `Faraday::TimeoutError (execution expired)`
When you use a proxy, set a custom `gitlab_rails['env']` environment variable

20
doc/update/deprecations.md
View File

@ -2539,6 +2539,26 @@ another RHEL-compatible operating system.
## GitLab 17.7
<div class="deprecation breaking-change" data-milestone="17.7">
### Error handling for `/repository/tree` REST API endpoint returns `404`
<div class="deprecation-notes">
- Announced in GitLab <span class="milestone">16.5</span>
- Removal in GitLab <span class="milestone">17.7</span> ([breaking change](https://docs.gitlab.com/update/terminology/#breaking-change))
- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/420865).
</div>
In GitLab 17.7, the error handling behavior for the list repository tree API endpoint, `/projects/:id/repository/tree`, is updated when a requested path is not found. The endpoint now returns a status code `404 Not Found`. Previously, the status code was `200 OK`.
This change was enabled on GitLab.com in GitLab 16.5, and will be available for self-managed instances in GitLab 17.7.
If your implementation relies on receiving a `200` status code with an empty array for missing paths, you must update your error handling to handle the new `404` responses.
</div>
<div class="deprecation " data-milestone="17.7">
### TLS 1.0 and 1.1 no longer supported

6
doc/user/compliance/audit_event_types.md
View File

@ -526,6 +526,12 @@ Audit event types belong to the following product categories.
|:----------|:---------------------|:------------------|:--------------|:------|
| [`policy_project_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/102154) | The security policy project is updated for a project | {{< icon name="check-circle" >}} Yes | GitLab [15.6](https://gitlab.com/gitlab-org/gitlab/-/issues/377877) | Group, Project |
### Security testing configuration
| Type name | Event triggered when | Saved to database | Introduced in | Scope |
|:----------|:---------------------|:------------------|:--------------|:------|
| [`vulnerability_severity_override`](https://gitlab.com/gitlab-org/gitlab/-/issues/515327) | When user overrides vulnerability severity | {{< icon name="check-circle" >}} Yes | GitLab [17.10](https://gitlab.com/gitlab-org/gitlab/-/issues/515327) | Project |
### Self-hosted models
| Type name | Event triggered when | Saved to database | Introduced in | Scope |

2
lib/authn/token_field/generator/routable_token.rb
View File

@ -12,7 +12,7 @@ module Authn
MAXIMUM_SIZE_OF_ROUTING_PAYLOAD = 159
DEFAULT_ROUTING_PAYLOAD_HASH =
{
c: ->(_) { Settings.cell[:id] }
c: ->(_) { Gitlab.config.cell.id }
}.freeze
PayloadTooLarge = Class.new(RuntimeError)

27
lib/gitlab/background_migration/backfill_incident_management_pending_issue_escalations_namespace_id.rb Normal file
View File

@ -0,0 +1,27 @@
# frozen_string_literal: true
module Gitlab
module BackgroundMigration
class BackfillIncidentManagementPendingIssueEscalationsNamespaceId < BatchedMigrationJob
operation_name :backfill_incident_management_pending_issue_escalations_namespace_id
feature_category :incident_management
cursor :id, :process_at
def perform
each_sub_batch do |relation|
connection.execute(<<~SQL)
WITH batched_relation AS (
#{relation.where(namespace_id: nil).select(:id, :process_at).to_sql}
)
UPDATE incident_management_pending_issue_escalations
SET namespace_id = issues.namespace_id
FROM batched_relation
INNER JOIN issues ON batched_relation.id = issues.id
WHERE incident_management_pending_issue_escalations.id = batched_relation.id
AND incident_management_pending_issue_escalations.process_at = batched_relation.process_at;
SQL
end
end
end
end
end

4
lib/gitlab/topology_service_client/base_service.rb
View File

@ -28,11 +28,11 @@ module Gitlab
end
def topology_service_address
Gitlab.config.cell.topology_service.address
Gitlab.config.cell.topology_service_client.address
end
def enabled?
Gitlab.config.topology_service_enabled?
Gitlab.config.cell.enabled
end
end
end

4
lib/tasks/gitlab/db.rake
View File

@ -149,9 +149,9 @@ namespace :gitlab do
end
def alter_cell_sequences_range
return unless Gitlab.config.topology_service_enabled?
return unless Gitlab.config.cell.enabled
return puts "Skipping altering cell sequences range" if Gitlab.config.skip_sequence_alteration?
return puts "Skipping altering cell sequences range" if Gitlab.config.cell.database.skip_sequence_alteration
sequence_range = Gitlab::TopologyServiceClient::CellService.new.cell_sequence_range

4
lib/tasks/gitlab/db/alter_cell_sequences_range.rake
View File

@ -7,8 +7,8 @@ namespace :gitlab do
task :alter_cell_sequences_range, [:minval, :maxval] => :environment do |_t, args|
next unless Gitlab.com_except_jh? || Gitlab.dev_or_test_env?
# This is a safety check to ensure this rake does not alters the sequences for the Legacy Cell
next if Gitlab.config.skip_sequence_alteration?
# This is a safety check to ensure this rake does not alter the sequences for the Legacy Cell
next if Gitlab.config.cell.database.skip_sequence_alteration
Gitlab::Database::EachDatabase.each_connection do |connection, _database_name|
Gitlab::Database::AlterCellSequencesRange.new(args.minval&.to_i, args.maxval&.to_i, connection).execute

6
locale/gitlab.pot
View File

@ -65054,6 +65054,12 @@ msgstr ""
msgid "WebIDE|You need permission to edit files directly in this project."
msgstr ""
msgid "WebIdeOAuthCallback|Close tab"
msgstr ""
msgid "WebIdeOAuthCallback|Unable to authorize GitLab Web IDE access. For more information, see the developer console."
msgstr ""
msgid "WebexTeamsService|Send notifications about project events to Webex Teams."
msgstr ""

2
package.json
View File

@ -66,7 +66,7 @@
"@gitlab/ui": "109.0.0",
"@gitlab/vue-router-vue3": "npm:vue-router@4.5.0",
"@gitlab/vuex-vue3": "npm:vuex@4.1.0",
"@gitlab/web-ide": "^0.0.1-dev-20250211142744",
"@gitlab/web-ide": "^0.0.1-dev-20250213173537",
"@gleam-lang/highlight.js-gleam": "^1.5.0",
"@mattiasbuelens/web-streams-adapter": "^0.1.0",
"@rails/actioncable": "7.0.807",

42
spec/frontend/ide/mount_oauth_callback_spec.js
View File

@ -1,9 +1,11 @@
import { oauthCallback } from '@gitlab/web-ide';
import { TEST_HOST } from 'helpers/test_constants';
import { createAlert } from '~/alert';
import { mountOAuthCallback } from '~/ide/mount_oauth_callback';
import { getMockCallbackUrl } from './helpers';
jest.mock('@gitlab/web-ide');
jest.mock('~/alert');
const TEST_USERNAME = 'gandalf.the.grey';
const TEST_GITLAB_WEB_IDE_PUBLIC_PATH = 'test/webpack/assets/gitlab-web-ide/public/path';
@ -33,10 +35,10 @@ describe('~/ide/mount_oauth_callback', () => {
document.body.innerHTML = '';
});
it('calls oauthCallback', () => {
it('calls oauthCallback', async () => {
expect(oauthCallback).not.toHaveBeenCalled();
mountOAuthCallback();
await mountOAuthCallback();
expect(oauthCallback).toHaveBeenCalledTimes(1);
expect(oauthCallback).toHaveBeenCalledWith({
@ -54,4 +56,40 @@ describe('~/ide/mount_oauth_callback', () => {
'https://{{uuid}}.cdn.web-ide.gitlab-static.net/web-ide-vscode/{{quality}}/{{commit}}',
});
});
describe('when oauthCallback fails', () => {
const mockError = new Error('oauthCallback failed');
beforeEach(() => {
jest.spyOn(console, 'error').mockImplementation();
oauthCallback.mockRejectedValueOnce(mockError);
});
it('displays an alert when oauthCallback fails', async () => {
expect(createAlert).not.toHaveBeenCalled();
await mountOAuthCallback();
expect(oauthCallback).toHaveBeenCalledTimes(1);
expect(createAlert).toHaveBeenCalledTimes(1);
expect(createAlert).toHaveBeenCalledWith({
message:
'Unable to authorize GitLab Web IDE access. For more information, see the developer console.',
containerSelector: '.alert-wrapper',
dismissible: false,
primaryButton: {
clickHandler: expect.any(Function),
text: 'Close tab',
},
});
});
it('logs the error in the console', async () => {
await mountOAuthCallback();
// eslint-disable-next-line no-console
expect(console.error).toHaveBeenCalledTimes(1);
// eslint-disable-next-line no-console
expect(console.error).toHaveBeenCalledWith(mockError);
});
});
});

23
spec/initializers/1_settings_spec.rb
View File

@ -54,4 +54,27 @@ RSpec.describe '1_settings', feature_category: :shared do
it { expect(Settings.gitlab.log_decompressed_response_bytesize).to eq(10) }
end
end
describe 'cell configuration' do
let(:config) do
{
address: 'test-topology-service-host:8080',
ca_file: '/test/topology-service-ca.pem',
certificate_file: '/test/topology-service-cert.pem',
private_key_file: '/test/topology-service-key.pem'
}
end
context 'when legacy topology service config is provided' do
before do
stub_config({ cell: { enabled: true, id: 1 }, topology_service: config })
load_settings
end
it { expect(Settings.cell.topology_service_client.address).to eq(config[:address]) }
it { expect(Settings.cell.topology_service_client.ca_file).to eq(config[:ca_file]) }
it { expect(Settings.cell.topology_service_client.certificate_file).to eq(config[:certificate_file]) }
it { expect(Settings.cell.topology_service_client.private_key_file).to eq(config[:private_key_file]) }
end
end
end

8
spec/initializers/session_store_spec.rb
View File

@ -25,9 +25,9 @@ RSpec.describe 'Session initializer for GitLab' do
load_session_store
end
context 'when cell.id is configured' do
context 'when cell is enabled' do
before do
stub_config(cell: { id: 1 })
stub_config(cell: { enabled: true, id: 1 })
end
it 'initialized as a `redis_store` with session cookies prefix that includes cell id' do
@ -43,9 +43,9 @@ RSpec.describe 'Session initializer for GitLab' do
end
end
context 'when cell.id is not configured' do
context 'when cell is disabled' do
before do
stub_config(cell: { id: nil })
stub_config(cell: { enabled: false })
end
it 'initialized as a `redis_store` with empty session cookie prefix' do

73
spec/initializers/validate_cell_config_spec.rb
View File

@ -6,6 +6,23 @@ RSpec.describe 'validate database config', feature_category: :cell do
include StubENV
let(:rails_configuration) { Rails::Application::Configuration.new(Rails.root) }
let(:valid_topology_service_client_config) do
{
address: 'topology-service.gitlab.example.com:443',
ca_file: '/home/git/gitlab/config/topology-service-ca.pem',
certificate_file: '/home/git/gitlab/config/topology-service-cert.pem',
private_key_file: '/home/git/gitlab/config/topology-service-key.pem'
}
end
let(:incomplete_topology_service_client_config) do
{
address: '',
ca_file: '/home/git/gitlab/config/topology-service-ca.pem',
certificate_file: '/home/git/gitlab/config/topology-service-cert.pem',
private_key_file: '/home/git/gitlab/config/topology-service-key.pem'
}
end
subject(:validate_config) do
load Rails.root.join('config/initializers/validate_cell_config.rb')
@ -18,6 +35,8 @@ RSpec.describe 'validate database config', feature_category: :cell do
shared_examples 'with SKIP_CELL_CONFIG_VALIDATION=true' do
before do
stub_env('SKIP_CELL_CONFIG_VALIDATION', 'true')
# Wrong Cell configuration, because cell.id is missing
stub_config(cell: { enabled: true, id: nil, topology_service_client: valid_topology_service_client_config })
end
it 'does not raise exception' do
@ -25,9 +44,9 @@ RSpec.describe 'validate database config', feature_category: :cell do
end
end
context 'when topology service is correctly configured' do
context 'when cell is correctly configured' do
before do
stub_config(cell: { id: 1, topology_service: { enabled: true } })
stub_config(cell: { id: 1, enabled: true, topology_service_client: valid_topology_service_client_config })
end
it 'does not raise exception' do
@ -35,36 +54,60 @@ RSpec.describe 'validate database config', feature_category: :cell do
end
end
context 'when topology service is not configured' do
before do
stub_config(cell: { id: nil, topology_service: { enabled: false } })
context 'when cell is not configured' do
context 'when cell id is nil' do
before do
stub_config(cell: { enabled: false, id: nil })
end
it 'does not raise exception' do
expect { validate_config }.not_to raise_error
end
end
it 'does not raise exception' do
expect { validate_config }.not_to raise_error
context 'when cell id is not nil' do
before do
stub_config(cell: { enabled: false, id: 3 })
end
it 'raises an exception' do
expect { validate_config }.to raise_error("Cell ID is set but Cell is not enabled")
end
end
end
context 'when configuration is wrong' do
context 'when only cell.id is configured' do
context 'when cell is enabled by cell id is not set' do
before do
stub_config(cell: { id: 1, topology_service: { enabled: false } })
stub_config(cell: { enabled: true, id: nil, topology_service_client: valid_topology_service_client_config })
end
it 'does not raise exception' do
expect { validate_config }.to raise_error("Topology Service is not configured, but Cell ID is set")
it 'raises exception about missing cell id' do
expect { validate_config }.to raise_error("Cell ID is not set to a valid positive integer")
end
it_behaves_like 'with SKIP_CELL_CONFIG_VALIDATION=true'
end
context 'when only topology service is enabled' do
context 'when cell is enabled by cell id is not valid' do
before do
stub_config(cell: { id: nil, topology_service: { enabled: true } })
stub_config(cell: { enabled: true, id: 0, topology_service_client: valid_topology_service_client_config })
end
it 'does not raise exception' do
expect { validate_config }.to raise_error("Topology Service is enabled, but Cell ID is not set")
it 'raises exception about missing cell id' do
expect { validate_config }.to raise_error("Cell ID is not set to a valid positive integer")
end
it_behaves_like 'with SKIP_CELL_CONFIG_VALIDATION=true'
end
context 'when cell is enabled' do
before do
stub_config(cell: { enabled: true, id: 1, topology_service_client: incomplete_topology_service_client_config })
end
it 'raises exception about missing topology service client config' do
expect { validate_config }.to raise_error("Topology Service setting 'address' is not set")
end
it_behaves_like 'with SKIP_CELL_CONFIG_VALIDATION=true'

8
spec/lib/authn/token_field/generator/routable_token_spec.rb
View File

@ -48,14 +48,14 @@ RSpec.describe Authn::TokenField::Generator::RoutableToken, feature_category: :s
describe '#generate_token' do
let(:random_bytes) { 'a' * described_class::RANDOM_BYTES_LENGTH }
let(:cell_setting) { {} }
let(:cell_setting) { { enabled: false, id: nil } }
subject(:token) { generator.generate_token }
before do
allow(described_class)
.to receive(:random_bytes).with(described_class::RANDOM_BYTES_LENGTH).and_return(random_bytes)
allow(Settings).to receive(:cell).and_return(cell_setting)
stub_config({ cell: cell_setting })
end
shared_examples 'a routable token' do
@ -67,8 +67,8 @@ RSpec.describe Authn::TokenField::Generator::RoutableToken, feature_category: :s
end
end
context 'when Settings.cells.id is present' do
let(:cell_setting) { { id: 100 } }
context 'when Settings.cells.id is present and cell is enabled' do
let(:cell_setting) { { enabled: true, id: 100 } }
it 'generates a routable token' do
expect(token)

22
spec/lib/ci/job_token/jwt_spec.rb
View File

@ -63,7 +63,7 @@ RSpec.describe Ci::JobToken::Jwt, feature_category: :secrets_management do
subject(:decoded_token) { described_class.decode(encoded_token) }
before do
allow(Gitlab.config.cell).to receive(:id).and_return(cell_id)
stub_config(cell: { enabled: true, id: cell_id })
end
context 'with a valid token' do
@ -212,12 +212,24 @@ RSpec.describe Ci::JobToken::Jwt, feature_category: :secrets_management do
let(:encoded_token) { described_class.encode(job) }
let(:decoded_token) { described_class.decode(encoded_token) }
before do
allow(Gitlab.config.cell).to receive(:id).and_return(cell_id)
context 'when cell is enabled' do
before do
stub_config(cell: { enabled: true, id: cell_id })
end
it 'encodes the cell_id in the JWT payload' do
expect(decoded_token.cell_id).to eq(cell_id)
end
end
it 'encodes the cell_id in the JWT payload' do
expect(decoded_token.cell_id).to eq(cell_id)
context 'when cell is disabled' do
before do
stub_config(cell: { enabled: false, id: nil })
end
it 'cell_id should not be encoded' do
expect(decoded_token.cell_id).to be_nil
end
end
end

173
spec/lib/gitlab/background_migration/backfill_incident_management_pending_issue_escalations_namespace_id_spec.rb Normal file
View File

@ -0,0 +1,173 @@
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Gitlab::BackgroundMigration::BackfillIncidentManagementPendingIssueEscalationsNamespaceId, feature_category: :incident_management do
let(:connection) { ApplicationRecord.connection }
let(:organization) { organizations.create!(name: 'organization', path: 'organization') }
let(:start_cursor) { [0, 2.months.ago.to_s] }
let(:end_cursor) { [issues.maximum(:id), Time.current.to_s] }
let(:migration) do
described_class.new(
start_cursor: start_cursor,
end_cursor: end_cursor,
batch_table: :incident_management_pending_issue_escalations,
batch_column: :id,
sub_batch_size: 2,
pause_ms: 0,
connection: connection
)
end
shared_context 'for database tables' do
let(:namespaces) { table(:namespaces) }
let(:organizations) { table(:organizations) }
let(:issues) { table(:issues) { |t| t.primary_key = :id } }
let(:incident_management_pending_issue_escalations) do
table(:incident_management_pending_issue_escalations) { |t| t.primary_key = :id }
end
let(:projects) { table(:projects) }
let(:incident_management_escalation_policies) { table(:incident_management_escalation_policies) }
let(:incident_management_escalation_rules) { table(:incident_management_escalation_rules) }
let(:incident_management_oncall_schedules) { table(:incident_management_oncall_schedules) }
end
shared_context 'for namespaces' do
let(:namespace1) { namespaces.create!(name: 'namespace 1', path: 'namespace1', organization_id: organization.id) }
let(:namespace2) { namespaces.create!(name: 'namespace 2', path: 'namespace2', organization_id: organization.id) }
let(:namespace3) { namespaces.create!(name: 'namespace 3', path: 'namespace3', organization_id: organization.id) }
let(:namespace4) { namespaces.create!(name: 'namespace 4', path: 'namespace4', organization_id: organization.id) }
let(:namespace5) { namespaces.create!(name: 'namespace 5', path: 'namespace5', organization_id: organization.id) }
end
shared_context 'for projects' do
let(:project1) do
projects.create!(
namespace_id: namespace1.id,
project_namespace_id: namespace1.id,
organization_id: organization.id
)
end
let(:project2) do
projects.create!(
namespace_id: namespace2.id,
project_namespace_id: namespace2.id,
organization_id: organization.id
)
end
let(:project3) do
projects.create!(
namespace_id: namespace3.id,
project_namespace_id: namespace3.id,
organization_id: organization.id
)
end
let(:project4) do
projects.create!(
namespace_id: namespace4.id,
project_namespace_id: namespace4.id,
organization_id: organization.id
)
end
let(:policy) { incident_management_escalation_policies.create!(project_id: project1.id, name: 'Test Policy') }
let(:oncall_schedule) do
incident_management_oncall_schedules.create!(project_id: project1.id, iid: 1, name: 'Test Oncall')
end
let(:rule) do
incident_management_escalation_rules.create!(policy_id: policy.id, status: 1, elapsed_time_seconds: 800,
oncall_schedule_id: oncall_schedule.id)
end
end
shared_context 'for issues and escalations' do
let!(:work_item_type_id) { table(:work_item_types).where(base_type: 1).first.id }
let!(:issue1) do
issues.create!(
namespace_id: namespace1.id,
project_id: project1.id,
created_at: 5.days.ago,
closed_at: 3.days.ago,
work_item_type_id: work_item_type_id
)
end
let!(:issue2) do
issues.create!(
namespace_id: namespace2.id,
project_id: project2.id,
created_at: 4.days.ago,
closed_at: 3.days.ago,
work_item_type_id: work_item_type_id
)
end
let!(:issue3) do
issues.create!(
namespace_id: namespace3.id,
project_id: project3.id,
created_at: 3.days.ago,
closed_at: 2.days.ago,
work_item_type_id: work_item_type_id
)
end
let!(:issue4) do
issues.create!(
namespace_id: namespace4.id,
project_id: project4.id,
created_at: 2.days.ago,
closed_at: 2.days.ago,
work_item_type_id: work_item_type_id
)
end
let!(:incident_management_pending_issue_escalations_1) do
incident_management_pending_issue_escalations.create!(
issue_id: issue1.id, process_at: 3.minutes.from_now, rule_id: rule.id, namespace_id: nil)
end
let!(:incident_management_pending_issue_escalations_2) do
incident_management_pending_issue_escalations.create!(
issue_id: issue2.id, process_at: 5.minutes.from_now, rule_id: rule.id, namespace_id: nil)
end
let!(:incident_management_pending_issue_escalations_3) do
incident_management_pending_issue_escalations.create!(
issue_id: issue3.id, process_at: 7.minutes.from_now, rule_id: rule.id, namespace_id: nil)
end
let!(:incident_management_pending_issue_escalations_4) do
incident_management_pending_issue_escalations.create!(
issue_id: issue4.id, process_at: 10.minutes.from_now, rule_id: rule.id, namespace_id: namespace5.id)
end
end
include_context 'for database tables'
include_context 'for namespaces'
include_context 'for projects'
include_context 'for issues and escalations'
describe '#perform' do
it 'backfills incident_management_pending_issue_escalations.namespace_id correctly for relevant records' do
migration.perform
expect(incident_management_pending_issue_escalations_1.reload.namespace_id).to eq(issue1.namespace_id)
expect(incident_management_pending_issue_escalations_2.reload.namespace_id).to eq(issue2.namespace_id)
expect(incident_management_pending_issue_escalations_3.reload.namespace_id).to eq(issue3.namespace_id)
end
it 'does not update incident_management_pending_issue_escalations with pre-existing namespace_id' do
expect { migration.perform }
.not_to change { incident_management_pending_issue_escalations_4.reload.namespace_id }
end
end
end

6
spec/lib/gitlab/topology_service_client/base_service_spec.rb
View File

@ -6,9 +6,9 @@ RSpec.describe Gitlab::TopologyServiceClient::BaseService, feature_category: :ce
subject(:base_service) { described_class.new }
describe '#initialize' do
context 'when topology service is disabled' do
it 'raises an error when topology service is not enabled' do
expect(Gitlab.config.cell.topology_service).to receive(:enabled).and_return(false)
context 'when cell is disabled' do
it 'raises an error when cell is not enabled' do
expect(Gitlab.config.cell).to receive(:enabled).and_return(false)
expect { base_service }.to raise_error(NotImplementedError)
end

10
spec/lib/gitlab/topology_service_client/cell_service_spec.rb
View File

@ -18,16 +18,16 @@ RSpec.describe Gitlab::TopologyServiceClient::CellService, feature_category: :ce
describe '#get_cell_info' do
context 'when topology service is disabled' do
it 'raises an error when topology service is not enabled' do
expect(Gitlab.config.cell.topology_service).to receive(:enabled).and_return(false)
expect(Gitlab.config.cell).to receive(:enabled).and_return(false)
expect { cell_service }.to raise_error(NotImplementedError)
end
end
context 'when topology service is enabled' do
context 'when cell is enabled' do
before do
allow(Gitlab.config.cell).to receive(:id).twice.and_return(1)
allow(Gitlab.config.cell.topology_service).to receive(:enabled).once.and_return(true)
allow(Gitlab.config.cell).to receive(:enabled).and_return(true)
end
it 'returns the cell information' do
@ -55,10 +55,10 @@ RSpec.describe Gitlab::TopologyServiceClient::CellService, feature_category: :ce
end
describe '#cell_sequence_range' do
context 'when topology service is enabled' do
context 'when cell is enabled' do
before do
allow(Gitlab.config.cell).to receive(:id).twice.and_return(1)
allow(Gitlab.config.cell.topology_service).to receive(:enabled).once.and_return(true)
allow(Gitlab.config.cell).to receive(:enabled).and_return(true)
end
context 'when a cell exists in topology service' do

33
spec/migrations/20250228142823_queue_backfill_incident_management_pending_issue_escalations_namespace_id_spec.rb Normal file
View File

@ -0,0 +1,33 @@
# frozen_string_literal: true
require 'spec_helper'
require_migration!
RSpec.describe QueueBackfillIncidentManagementPendingIssueEscalationsNamespaceId, feature_category: :incident_management do
let!(:batched_migration) { described_class::MIGRATION }
it 'schedules a new batched migration' do
reversible_migration do |migration|
migration.before -> {
expect(batched_migration).not_to have_scheduled_batched_migration
}
migration.after -> {
expect(batched_migration).to have_scheduled_batched_migration(
table_name: :incident_management_pending_issue_escalations,
column_name: :id,
interval: described_class::DELAY_INTERVAL,
batch_size: described_class::BATCH_SIZE,
sub_batch_size: described_class::SUB_BATCH_SIZE,
gitlab_schema: :gitlab_main_cell,
job_arguments: [
:namespace_id,
:issues,
:namespace_id,
:issue_id
]
)
}
end
end
end

2
spec/models/personal_access_token_spec.rb
View File

@ -706,7 +706,7 @@ RSpec.describe PersonalAccessToken, feature_category: :system_access do
.to receive(:random_bytes).with(Authn::TokenField::Generator::RoutableToken::RANDOM_BYTES_LENGTH)
.and_return(random_bytes)
allow(Devise).to receive(:friendly_token).and_return(devise_token)
allow(Settings).to receive(:cell).and_return({ id: 1 })
stub_config(cell: { enabled: true, id: 1 })
end
context 'when :routable_pat feature flag is disabled' do

17
spec/presenters/packages/conan/package_presenter_spec.rb
View File

@ -41,6 +41,15 @@ RSpec.describe ::Packages::Conan::PackagePresenter, feature_category: :package_r
end
end
shared_examples 'excludes files with recipe revisions' do
context 'when there are files with recipe revisions' do
let_it_be(:recipe_revision) { create(:conan_recipe_revision, package: package) }
let_it_be(:conan_package_file) { create(:conan_package_file, :conan_recipe_file, package: package, conan_recipe_revision: recipe_revision) }
it { is_expected.to eq(expected_result) }
end
end
describe '#recipe_urls' do
subject { presenter.recipe_urls }
@ -57,6 +66,8 @@ RSpec.describe ::Packages::Conan::PackagePresenter, feature_category: :package_r
it { is_expected.to eq(expected_result) }
it_behaves_like 'excludes files with recipe revisions'
context 'when there are multiple channels for the same package' do
let(:conan_metadatum) { create(:conan_metadatum, package_channel: 'newest') }
let!(:newest_package) { create(:conan_package, name: package.name, version: package.version, project: project, conan_metadatum: conan_metadatum) }
@ -97,6 +108,8 @@ RSpec.describe ::Packages::Conan::PackagePresenter, feature_category: :package_r
end
it { is_expected.to eq(expected_result) }
it_behaves_like 'excludes files with recipe revisions'
end
end
@ -130,6 +143,8 @@ RSpec.describe ::Packages::Conan::PackagePresenter, feature_category: :package_r
it { is_expected.to eq(expected_result) }
it_behaves_like 'excludes files with recipe revisions'
context 'with package_scope of project' do
# #package_file_url checks for params[:id]
let(:params) do
@ -198,6 +213,8 @@ RSpec.describe ::Packages::Conan::PackagePresenter, feature_category: :package_r
it { is_expected.to eq(expected_result) }
it_behaves_like 'excludes files with recipe revisions'
context 'when requested with invalid reference' do
let(:reference) { 'invalid' }

2
spec/support/shared_contexts/models/concerns/token_authenticatable_shared_context.rb
View File

@ -9,6 +9,6 @@ RSpec.shared_context 'with token authenticatable routable token context' do
.to receive(:random_bytes).with(Authn::TokenField::Generator::RoutableToken::RANDOM_BYTES_LENGTH)
.and_return(random_bytes)
allow(Devise).to receive(:friendly_token).and_return(devise_token)
allow(Settings).to receive(:cell).and_return({ id: 1 })
stub_config(cell: { enabled: true, id: 1 })
end
end

12
spec/tasks/gitlab/db/alter_cell_sequences_range_rake_spec.rb
View File

@ -37,16 +37,18 @@ RSpec.describe 'gitlab:db:alter_cell_sequences_range', :silence_stdout, feature_
context 'when run in non Gitlab.com/dev/test environment' do
before do
allow(Gitlab).to receive_messages(com_except_jh?: false, dev_or_test_env?: false)
allow(Settings).to receive(:skip_sequence_alteration?).and_return(false)
stub_config(cell: { enabled: true, database: { skip_sequence_alteration: false } })
end
it_behaves_like 'does not alter cell sequences range'
end
context 'when run for legacy cell' do
# This setting (skip_sequence_alteration) is meant for the Legacy cell
# All additional Cells are still considered .com
context 'when skipping database sequence alteration' do
before do
allow(Gitlab).to receive_messages(com_except_jh?: true, dev_or_test_env?: true)
allow(Settings).to receive(:skip_sequence_alteration?).and_return(true)
stub_config(cell: { enabled: true, database: { skip_sequence_alteration: true } })
end
it_behaves_like 'does not alter cell sequences range'
@ -55,7 +57,7 @@ RSpec.describe 'gitlab:db:alter_cell_sequences_range', :silence_stdout, feature_
context 'when run in Gitlab.com but not jh instance' do
before do
allow(Gitlab).to receive(:com_except_jh?).and_return(true)
allow(Settings).to receive(:skip_sequence_alteration?).and_return(false)
stub_config(cell: { enabled: true, database: { skip_sequence_alteration: false } })
end
it_behaves_like 'alters cell sequences range'
@ -64,7 +66,7 @@ RSpec.describe 'gitlab:db:alter_cell_sequences_range', :silence_stdout, feature_
context 'when run in dev or test env' do
before do
allow(Gitlab).to receive(:dev_or_test_env?).and_return(true)
allow(Settings).to receive(:skip_sequence_alteration?).and_return(false)
stub_config(cell: { enabled: true, database: { skip_sequence_alteration: false } })
end
it_behaves_like 'alters cell sequences range'

4
spec/tasks/gitlab/db_rake_spec.rb
View File

@ -150,13 +150,11 @@ RSpec.describe 'gitlab:db namespace rake task', :silence_stdout, feature_categor
end
describe 'configure' do
let(:topology_service_enabled) { true }
let(:configured_cell) { true }
let(:skip_sequence_alteration) { false }
before do
allow(Settings).to receive(:topology_service_enabled?).and_return(topology_service_enabled)
allow(Settings).to receive(:skip_sequence_alteration?).and_return(skip_sequence_alteration)
stub_config(cell: { enabled: true, id: 1, database: { skip_sequence_alteration: skip_sequence_alteration } })
end
context 'with a single database' do

8
yarn.lock
View File

@ -1465,10 +1465,10 @@
dependencies:
"@vue/devtools-api" "^6.0.0-beta.11"
"@gitlab/web-ide@^0.0.1-dev-20250211142744":
version "0.0.1-dev-20250211142744"
resolved "https://registry.yarnpkg.com/@gitlab/web-ide/-/web-ide-0.0.1-dev-20250211142744.tgz#9b53c8d4b0549bf78033d0d9d87fb2ba4a3cc9c5"
integrity sha512-seHOZGf/xenUXxXVURcnB4Kny0rAHiydy6A/oYsN7tJsLLvtiDhwkorjcBt7Ie5xBxvr3YAKuh3SxnUH8NtNZQ==
"@gitlab/web-ide@^0.0.1-dev-20250213173537":
version "0.0.1-dev-20250213173537"
resolved "https://registry.yarnpkg.com/@gitlab/web-ide/-/web-ide-0.0.1-dev-20250213173537.tgz#3bc847910e8fddf9aba816e19d2317d619a80130"
integrity sha512-ZDX2d821q8b6v9wIbKQnxfKA5i918ELudV1SmK6EhA4tvHlJ1T/OccmBKc5Ftm0q42h9O+Bx3k89egwOGD4cAw==
"@gleam-lang/highlight.js-gleam@^1.5.0":
version "1.5.0"