root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2024-02-21 18:07:23 +00:00
parent 05709610ef
commit f33e404bda
82 changed files with 1007 additions and 448 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitlab/CODEOWNERS
View File

@ -1289,7 +1289,6 @@ lib/gitlab/checks/**
/app/views/projects/pipeline_schedules/
/app/views/projects/pipelines/
/app/views/projects/triggers/
/app/workers/build_hooks_worker.rb
/app/workers/build_queue_worker.rb
/app/workers/build_success_worker.rb
/app/workers/ci_platform_metrics_update_cron_worker.rb

2
.gitlab/ci/qa-common/main.gitlab-ci.yml
View File

@ -15,7 +15,7 @@ include:
gitlab_auth_token_variable_name: "PROJECT_TOKEN_FOR_CI_SCRIPTS_API_USAGE"
allure_job_name: "${QA_RUN_TYPE}"
- project: gitlab-org/quality/pipeline-common
ref: 8.4.0
ref: 8.4.3
file:
- /ci/base.gitlab-ci.yml
- /ci/knapsack-report.yml

1
.rubocop_todo/gitlab/namespaced_class.yml
View File

@ -712,7 +712,6 @@ Gitlab/NamespacedClass:
- 'app/workers/authorized_projects_worker.rb'
- 'app/workers/auto_merge_process_worker.rb'
- 'app/workers/background_migration_worker.rb'
- 'app/workers/build_hooks_worker.rb'
- 'app/workers/build_queue_worker.rb'
- 'app/workers/build_success_worker.rb'
- 'app/workers/bulk_import_worker.rb'

1
.rubocop_todo/lint/redundant_cop_disable_directive.yml
View File

@ -59,7 +59,6 @@ Lint/RedundantCopDisableDirective:
- 'app/services/web_hook_service.rb'
- 'app/uploaders/object_storage/cdn/google_ip_cache.rb'
- 'app/workers/authorized_project_update/user_refresh_over_user_range_worker.rb'
- 'app/workers/build_hooks_worker.rb'
- 'app/workers/bulk_imports/entity_worker.rb'
- 'app/workers/ci/track_failed_build_worker.rb'
- 'app/workers/container_registry/migration/enqueuer_worker.rb'

1
.rubocop_todo/rspec/any_instance_of.yml
View File

@ -332,7 +332,6 @@ RSpec/AnyInstanceOf:
- 'spec/uploaders/records_uploads_spec.rb'
- 'spec/uploaders/workers/object_storage/migrate_uploads_worker_spec.rb'
- 'spec/views/layouts/_head.html.haml_spec.rb'
- 'spec/workers/build_hooks_worker_spec.rb'
- 'spec/workers/ci/build_schedule_worker_spec.rb'
- 'spec/workers/ci/daily_build_group_report_results_worker_spec.rb'
- 'spec/workers/clusters/cleanup/project_namespace_worker_spec.rb'

1
.rubocop_todo/style/inline_disable_annotation.yml
View File

@ -791,7 +791,6 @@ Style/InlineDisableAnnotation:
- 'app/workers/background_migration/ci_database_worker.rb'
- 'app/workers/background_migration_worker.rb'
- 'app/workers/batched_git_ref_updates/cleanup_scheduler_worker.rb'
- 'app/workers/build_hooks_worker.rb'
- 'app/workers/build_queue_worker.rb'
- 'app/workers/build_success_worker.rb'
- 'app/workers/bulk_imports/finish_batched_pipeline_worker.rb'

1
.rubocop_todo/style/redundant_self.yml
View File

@ -151,7 +151,6 @@ Style/RedundantSelf:
- 'app/uploaders/gitlab_uploader.rb'
- 'app/uploaders/object_storage.rb'
- 'app/workers/background_migration/single_database_worker.rb'
- 'app/workers/build_hooks_worker.rb'
- 'app/workers/concerns/application_worker.rb'
- 'app/workers/concerns/limited_capacity/worker.rb'
- 'app/workers/concerns/project_start_import.rb'

63
CHANGELOG.md
View File

@ -2,6 +2,26 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
## 16.9.1 (2024-02-20)
### Fixed (2 changes)
- [Fix Duo Chat CORS issue by updating web-ide package](gitlab-org/security/gitlab@6c4fccdd4d33fd40550197699a990a0d07a65137)
- [Fix deny_all_requests_except_allowed of AddressableUrlValidator](gitlab-org/security/gitlab@18ff795a3b9fdd54705c1a8898ad15b5dd84e2f0)
### Security (10 changes)
- [Add a limit to CodeOwners reference extractor regex](gitlab-org/security/gitlab@b090b503c47300d708d7e51192a486467fdecefd) ([merge request](gitlab-org/security/gitlab!3894))
- [Ensure LDAP user cannot sign in with password](gitlab-org/security/gitlab@1c2de5ef077c5710e213b668373557c01ff8ba26) ([merge request](gitlab-org/security/gitlab!3891))
- [Ensure LDAP users cannot reset local password to bypass LDAP](gitlab-org/security/gitlab@07621ad26d2db3656c99b332e697a6b0857f6e07) ([merge request](gitlab-org/security/gitlab!3879))
- [Disallow assigning higher role than current user](gitlab-org/security/gitlab@c9d8ffebe020dfdc1435e073516a098a8d188ff0) ([merge request](gitlab-org/security/gitlab!3889))
- [Check project read access in Environment and Operations dashboard](gitlab-org/security/gitlab@83fdac099562fa4aebcc43e400b0da2026c730a6) ([merge request](gitlab-org/security/gitlab!3873))
- [Fix Stored-XSS in user's profile page: Change markup used for pronouns](gitlab-org/security/gitlab@0fafb29660c08e72b87bd79d792da802c566b650) ([merge request](gitlab-org/security/gitlab!3882))
- [Invalidate markdown cache to clear up stored XSS](gitlab-org/security/gitlab@3411c25e77642fddc3619bf24ee956d4ba4d99b2) ([merge request](gitlab-org/security/gitlab!3884))
- [Disallow users to modify deploy key title](gitlab-org/security/gitlab@46ffceb9c94b6f4ba207ddf035ae67e8de413d57) ([merge request](gitlab-org/security/gitlab!3876))
- [Adds authorization for analytics settings](gitlab-org/security/gitlab@01e2c82cb79b6b4a9f6cf3428890149d023aacfb) ([merge request](gitlab-org/security/gitlab!3877))
- [Use merge_head_diff for codeowners when merge request is mergeable](gitlab-org/security/gitlab@eafc00662cb6e604b35278a5f59c25d418ef00c9) ([merge request](gitlab-org/security/gitlab!3878))
## 16.9.0 (2024-02-14)
### Added (145 changes)
@ -739,6 +759,30 @@ entry.
- [Add remediation badge to vulnerability report](gitlab-org/gitlab@e6236197509eae1bb27edf8fb2c63ccf769c2642) ([merge request](gitlab-org/gitlab!142455))
## 16.8.3 (2024-02-20)
### Added (1 change)
- [Allow creation of group-level custom-roles on self-managed instances](gitlab-org/security/gitlab@72eeb80a95e7190b5a6a9a4b113dd88d3f66bdd4) **GitLab Enterprise Edition**
### Fixed (3 changes)
- [Avoid mutating OpenSSL::PKey::EC keys](gitlab-org/security/gitlab@f562d0d13834ec09123d49019265a1202d8c2cc2)
- [Fix X509::Signature#x509_issuer not working with OpenSSL 3](gitlab-org/security/gitlab@7ad0ea9d286e003814032275cd1bcc487b7ecac7)
- [Fix urlblocker validate calls with more options](gitlab-org/security/gitlab@04111c2e90b8e40668ccb74a4f64c3a2853bc3c0)
### Security (9 changes)
- [Add a limit to CodeOwners reference extractor regex](gitlab-org/security/gitlab@55d0ba98eaa460f86b6d750d91d1eb21a0759836) ([merge request](gitlab-org/security/gitlab!3860))
- [Ensure LDAP user cannot sign in with password](gitlab-org/security/gitlab@085b95fd9ec3ad3a4fa3aab7136ce29ae3dac507) ([merge request](gitlab-org/security/gitlab!3892))
- [Ensure LDAP users cannot reset local password to bypass LDAP](gitlab-org/security/gitlab@746702abea2a7703f75885f4a52df4d4ec2f8a41) ([merge request](gitlab-org/security/gitlab!3880))
- [Disallow assigning higher role than current user](gitlab-org/security/gitlab@d018ba8f447e0ae98f4ee74011d1aa4dcaab7432) ([merge request](gitlab-org/security/gitlab!3851))
- [Check project read access in Environments and Operations dashboard](gitlab-org/security/gitlab@d7c1e953fb21c2aa793156eb035cd170072cffca) ([merge request](gitlab-org/security/gitlab!3872))
- [Invalidate markdown cache to clear up stored XSS](gitlab-org/security/gitlab@d3dfc38783578bfecc3dfaa26546867b9f63694a) ([merge request](gitlab-org/security/gitlab!3885))
- [Disallow users to modify deploy key title](gitlab-org/security/gitlab@6bc3fca49ec264873100509683490b91c136b29e) ([merge request](gitlab-org/security/gitlab!3866))
- [Adds authorization for analytics settings](gitlab-org/security/gitlab@01a31cdf0d9879f048cdff21fcb20f368307ed11) ([merge request](gitlab-org/security/gitlab!3850))
- [Use merge_head_diff for codeowners when merge request is mergeable](gitlab-org/security/gitlab@6da2d42bfb260dcb387f2ea692df06c6054afd45) ([merge request](gitlab-org/security/gitlab!3868))
## 16.8.2 (2024-02-07)
### Fixed (3 changes)
@ -1256,6 +1300,25 @@ entry.
- [Bump the finalize_after date of backfill migration](gitlab-org/gitlab@770ab7faa2048bfeb8bddd506e6f37fe18bb4d06) ([merge request](gitlab-org/gitlab!140109))
- [Remove code_suggestions_completion_api feature](gitlab-org/gitlab@988e2f57f9635ed9cc3896b15965b608fce54756) ([merge request](gitlab-org/gitlab!138174)) **GitLab Enterprise Edition**
## 16.7.6 (2024-02-20)
### Fixed (2 changes)
- [Avoid mutating OpenSSL::PKey::EC keys](gitlab-org/security/gitlab@3d15d7efb953ff7abe9837caa99dd9be776c1a58)
- [Fix X509::Signature#x509_issuer not working with OpenSSL 3](gitlab-org/security/gitlab@e1fb88e53d6a699f3b26db233ec275fc6dbaeeb9)
### Security (9 changes)
- [Add a limit to CodeOwners reference extractor regex](gitlab-org/security/gitlab@df77f98beec6c91605b697a84dabcabe12a9aa8e) ([merge request](gitlab-org/security/gitlab!3861))
- [Ensure LDAP user cannot sign in with password](gitlab-org/security/gitlab@a711d3d91d2c66b97fef6987107838b68f471b68) ([merge request](gitlab-org/security/gitlab!3893))
- [Ensure LDAP users cannot reset local password to bypass LDAP](gitlab-org/security/gitlab@4c0cb71664cc31f93a3adbc71aa2339c8ce8ee20) ([merge request](gitlab-org/security/gitlab!3881))
- [Disallow assigning higher role than current user](gitlab-org/security/gitlab@9699f280e711fd75e8c02e6849efbc09e6162b59) ([merge request](gitlab-org/security/gitlab!3852))
- [Check project read access in Environments and Operations dashboard](gitlab-org/security/gitlab@0a6b7ffd36aafd377065e61e6806734e9fcf449c) ([merge request](gitlab-org/security/gitlab!3871))
- [Invalidate markdown cache to clear up stored XSS](gitlab-org/security/gitlab@d17f1b2b42c5d0872392e0c26f244e4ae55f4c2c) ([merge request](gitlab-org/security/gitlab!3886))
- [Disallow users to modify deploy key title](gitlab-org/security/gitlab@b581173dbe86002261584a16a13360e2e6497274) ([merge request](gitlab-org/security/gitlab!3865))
- [Adds authorization for analytics settings](gitlab-org/security/gitlab@b4eec07d6a987d1ae508ba7aacc66f39ec2dd30d) ([merge request](gitlab-org/security/gitlab!3857))
- [Use merge_head_diff for codeowners when merge request is mergeable](gitlab-org/security/gitlab@52e8d1a80ae99ac8c68b1df3581c1817e6fb7d49) ([merge request](gitlab-org/security/gitlab!3869))
## 16.7.5 (2024-02-07)
### Fixed (1 change)

8
app/assets/javascripts/merge_request_tabs.js
View File

@ -171,11 +171,11 @@ function toggleLoader(state) {
$('.mr-loading-status .loading').toggleClass('hide', !state);
}
function getActionFromHref(href) {
let action = new URL(href).pathname.match(/\/(commits|diffs|pipelines).*$/);
export function getActionFromHref(pathName) {
let action = pathName.match(/\/(\d+)\/(commits|diffs|pipelines).*$/);
if (action) {
action = action[0].replace(/(^\/|\.html)/g, '');
action = action.at(-1).replace(/(^\/|\.html)/g, '');
} else {
action = 'show';
}
@ -239,7 +239,7 @@ export default class MergeRequestTabs {
$('.merge-request-tabs a[data-toggle="tabvue"]').on('click', this.clickTab);
window.addEventListener('popstate', (event) => {
if (event?.state?.skipScrolling) return;
const action = getActionFromHref(location.href);
const action = getActionFromHref(window.location.pathname);
this.tabShown(action, location.href);
this.eventHub.$emit('MergeRequestTabChange', action);

8
app/assets/stylesheets/page_bundles/settings.scss
View File

@ -120,6 +120,14 @@
margin-top: 0;
}
.instance-runners-info {
.gl-alert-body {
p:last-child {
margin-bottom: 0;
}
}
}
.form-check .form-text.text-muted {
margin-bottom: $grid-size;
}

6
app/controllers/passwords_controller.rb
View File

@ -60,11 +60,7 @@ class PasswordsController < Devise::PasswordsController
end
def check_password_authentication_available
if resource
return if resource.allow_password_authentication?
elsif Gitlab::CurrentSettings.password_authentication_enabled?
return
end
return if Gitlab::CurrentSettings.password_authentication_enabled?
redirect_to after_sending_reset_password_instructions_path_for(resource_name),
alert: _("Password authentication is unavailable.")

2
app/controllers/projects/deploy_keys_controller.rb
View File

@ -117,7 +117,7 @@ class Projects::DeployKeysController < Projects::ApplicationController
def update_params
permitted_params = [deploy_keys_projects_attributes: [:can_push]]
permitted_params << :title if can?(current_user, :update_deploy_key, deploy_key)
permitted_params << :title if can?(current_user, :update_deploy_key_title, deploy_key)
key_update_params = params.require(:deploy_key).permit(*permitted_params)
key_update_params.dig(:deploy_keys_projects_attributes, '0')&.merge!(id: deploy_keys_project.id)

16
app/controllers/sessions_controller.rb
View File

@ -26,8 +26,10 @@ class SessionsController < Devise::SessionsController
prepend_before_action :check_captcha, only: [:create]
prepend_before_action :store_redirect_uri, only: [:new]
prepend_before_action :require_no_authentication_without_flash, only: [:new, :create]
prepend_before_action :check_forbidden_password_based_login, if: -> { action_name == 'create' && password_based_login? }
prepend_before_action :ensure_password_authentication_enabled!, if: -> { action_name == 'create' && password_based_login? }
prepend_before_action :ensure_user_allowed_to_password_authenticate,
if: -> { action_name == 'create' && password_based_login? }
prepend_before_action :ensure_password_authentication_enabled!,
if: -> { action_name == 'create' && password_based_login? }
before_action :auto_sign_in_with_provider, only: [:new]
before_action :init_preferred_language, only: :new
before_action :store_unauthenticated_sessions, only: [:new]
@ -317,11 +319,11 @@ class SessionsController < Devise::SessionsController
@invite_email = ActionController::Base.helpers.sanitize(params[:invite_email])
end
def check_forbidden_password_based_login
if find_user&.password_based_login_forbidden?
flash[:alert] = _('You are not allowed to log in using password')
redirect_to new_user_session_path
end
def ensure_user_allowed_to_password_authenticate
return unless find_user
return if find_user.allow_password_authentication_for_web? && !find_user.password_based_login_forbidden?
redirect_to new_user_session_path, alert: I18n.t('devise.failure.invalid')
end
end

2
app/graphql/types/ci/pipeline_type.rb
View File

@ -202,6 +202,8 @@ module Types
field :yaml_errors, GraphQL::Types::Boolean, method: :yaml_errors?, null: false, description: "If the pipeline has YAML errors."
field :yaml_error_messages, GraphQL::Types::String, method: :yaml_errors, null: true, description: "The pipeline YAML errors."
field :trigger, GraphQL::Types::Boolean, method: :trigger?, null: false, description: "If the pipeline was created by a Trigger request."
def commit

6
app/models/concerns/recoverable_by_any_email.rb
View File

@ -14,6 +14,7 @@ module RecoverableByAnyEmail
return super unless email
recoverable = email.user
return recoverable.password_auth_unavailable_error! unless recoverable.allow_password_authentication_for_web?
recoverable.send_reset_password_instructions(to: email.email)
recoverable
@ -28,6 +29,11 @@ module RecoverableByAnyEmail
token
end
def password_auth_unavailable_error!
errors.add(:password, :unavailable, message: _('Password authentication is unavailable.'))
self
end
protected
def send_reset_password_instructions_notification(token, opts = {})

4
app/models/member.rb
View File

@ -540,6 +540,10 @@ class Member < ApplicationRecord
end
end
def prevent_role_assignement?(_current_user, _params)
false
end
private
# TODO: https://gitlab.com/groups/gitlab-org/-/epics/7054

12
app/models/namespaces/traversal/linear.rb
View File

@ -261,7 +261,17 @@ module Namespaces
skope = self.class
if top
skope = skope.where("traversal_ids @> ('{?}')", top.id)
if ::Feature.enabled?(:optimize_top_bound_lineage_search, self)
lower = top.traversal_ids
upper = lower.dup
upper[-1] = upper[-1].next
skope = skope
.where("traversal_ids >= ('{?}')", lower)
.where("traversal_ids < ('{?}')", upper)
else
skope = skope.where("traversal_ids @> ('{?}')", top.id)
end
end
if bottom

8
app/policies/deploy_key_policy.rb
View File

@ -5,6 +5,11 @@ class DeployKeyPolicy < BasePolicy
condition(:private_deploy_key) { @subject.private? }
condition(:public_deploy_key) { @subject.public? }
condition(:has_deploy_key) { @user.project_deploy_keys.any? { |pdk| pdk.id.eql?(@subject.id) } }
condition(:orphaned_deploy_key) { @subject.orphaned? }
condition(:is_maintainer_of_deploy_key_project) do
# Note: 'almost_orphaned' deploy key has only one project record and we can check it as 'first'
@subject.almost_orphaned? && can?(:maintainer_access, @subject.deploy_keys_projects.first)
end
rule { anonymous }.prevent_all
rule { public_deploy_key | admin | has_deploy_key }.policy do
@ -13,4 +18,7 @@ class DeployKeyPolicy < BasePolicy
rule { admin | (private_deploy_key & has_deploy_key) }.policy do
enable :update_deploy_key
end
rule { can?(:update_deploy_key) & (admin | orphaned_deploy_key | is_maintainer_of_deploy_key_project) }.policy do
enable :update_deploy_key_title
end
end

37
app/views/projects/runners/_group_runners.html.haml
View File

@ -3,23 +3,28 @@
%h4
= _('Group runners')
.bs-callout.bs-callout-warning
= _('These runners are shared across projects in this group.')
%br
%br
= _('Group runners can be managed with the %{link}.').html_safe % { link: link }
= render Pajamas::AlertComponent.new(variant: :warning,
dismissible: false,
show_icon: false,
alert_options: { class: 'gl-mb-5' }) do |c|
- c.with_body do
= _('These runners are shared across projects in this group.')
%br
%br
= _('Group runners can be managed with the %{link}.').html_safe % { link: link }
- if @project.group
%br
%br
- if @project.group_runners_enabled?
= link_button_to toggle_group_runners_project_runners_path(@project), method: :post do
= _('Disable group runners')
- else
= link_button_to toggle_group_runners_project_runners_path(@project), method: :post, variant: :confirm, category: :secondary do
= _('Enable group runners')
&nbsp;
= _('for this project')
- c.with_actions do
%br
%br
%div
- if @project.group_runners_enabled?
= link_button_to toggle_group_runners_project_runners_path(@project), method: :post do
= _('Disable group runners')
- else
= link_button_to toggle_group_runners_project_runners_path(@project), method: :post, variant: :confirm, category: :secondary do
= _('Enable group runners')
&nbsp;
= _('for this project')
- if !@project.group
= _('This project does not belong to a group and cannot make use of group runners.')

22
app/views/projects/runners/_project_runners.html.haml
View File

@ -1,17 +1,17 @@
%h4
= s_('Runners|Project runners')
.bs-callout.help-callout
%p= s_('Runners|These runners are assigned to this project.')
- if can?(current_user, :create_runner, @project)
= render Pajamas::ButtonComponent.new(href: new_project_runner_path(@project), variant: :confirm) do
= s_('Runners|New project runner')
.gl-display-inline
#js-project-runner-registration-dropdown{ data: { registration_token: @project.runners_token, project_id: @project.id } }
- else
= _('Please contact an admin to create runners.')
= link_to _('Learn more.'), help_page_path('administration/settings/continuous_integration', anchor: 'restrict-runner-registration-by-all-users-in-an-instance'), target: '_blank', rel: 'noopener noreferrer'
= render Pajamas::AlertComponent.new(dismissible: false, show_icon: false, alert_options: { class: 'gl-mb-5' }) do |c|
- c.with_body do
%p= s_('Runners|These runners are assigned to this project.')
- if can?(current_user, :create_runner, @project)
= render Pajamas::ButtonComponent.new(href: new_project_runner_path(@project), variant: :confirm) do
= s_('Runners|New project runner')
.gl-display-inline
#js-project-runner-registration-dropdown{ data: { registration_token: @project.runners_token, project_id: @project.id } }
- else
= _('Please contact an admin to create runners.')
= link_to _('Learn more.'), help_page_path('administration/settings/continuous_integration', anchor: 'restrict-runner-registration-by-all-users-in-an-instance'), target: '_blank', rel: 'noopener noreferrer'
%hr
- if @project_runners.any?

4
app/views/shared/deploy_keys/_form.html.haml
View File

@ -6,7 +6,7 @@
.form-group
= form.label :title
= form.text_field :title, class: 'form-control gl-form-input', data: { testid: 'deploy-key-title-field' }, readonly: ('readonly' unless can?(current_user, :update_deploy_key, deploy_key))
= form.text_field :title, class: 'form-control gl-form-input', data: { testid: 'deploy-key-title-field' }, readonly: ('readonly' unless can?(current_user, :update_deploy_key_title, deploy_key))
- if deploy_key.new_record?
.form-group
@ -39,4 +39,4 @@
= form.fields_for :deploy_keys_projects, deploy_keys_project do |deploy_keys_project_form|
.form-group
= deploy_keys_project_form.gitlab_ui_checkbox_component :can_push, _('Grant write permissions to this key'),
help_text: _('Allow this key to push to this repository')
help_text: _('Allow this key to push to this repository')

11
app/views/shared/runners/_shared_runners_description.html.haml
View File

@ -3,7 +3,10 @@
%h4
= s_('Runners|Instance runners')
.bs-callout{ data: { testid: 'shared-runners-description' } }
%p= s_('Runners|%{link_start}These runners%{link_end} are available to all groups and projects.').html_safe % { link_start: shared_link_start, link_end: '</a>'.html_safe }
- if Gitlab::CurrentSettings.shared_runners_text.present?
= markdown(Gitlab::CurrentSettings.current_application_settings.shared_runners_text)
= render Pajamas::AlertComponent.new(dismissible: false,
show_icon: false,
alert_options: { class: 'instance-runners-info gl-mb-5', data: { testid: 'shared-runners-description' } }) do |c|
- c.with_body do
%p= s_('Runners|%{link_start}These runners%{link_end} are available to all groups and projects.').html_safe % { link_start: shared_link_start, link_end: '</a>'.html_safe }
- if Gitlab::CurrentSettings.shared_runners_text.present?
= markdown(Gitlab::CurrentSettings.current_application_settings.shared_runners_text)

10
app/views/users/show.html.haml
View File

@ -110,11 +110,15 @@
%h2.gl-font-base.gl-mb-2.gl-mt-4= s_('UserProfile|About')
.gl-display-flex.gl-gap-2.gl-flex-direction-column
- if @user.pronouns.present? || @user.pronunciation.present?
%div
.gl-mb-2
- if @user.pronunciation.present?
%div= sprintf(s_("UserProfile|Pronounced as: %{div_start}%{pronunciation}%{div_end}"), { pronunciation: @user.pronunciation, div_start: '<div class="gl-font-sm gl-text-secondary gl-display-inline-flex">', div_end: '</div>' }).html_safe
%p.gl-m-0
= s_("UserProfile|Pronounced as:")
%span.gl-font-sm.gl-text-secondary.gl-display-inline-flex= @user.pronunciation
- if @user.pronouns.present?
%div= sprintf(s_("UserProfile|Pronouns: %{div_start}%{pronouns}%{div_end}"), { pronouns: @user.pronouns, div_start: '<div class="gl-font-sm gl-text-secondary gl-display-inline-flex">', div_end: '</div>' }).html_safe
%p.gl-m-0
= s_("UserProfile|Pronouns:")
%span.gl-font-sm.gl-text-secondary.gl-display-inline-flex= @user.pronouns
- if @user.bio.present?
%p.profile-user-bio.gl-mb-0
= @user.bio

9
app/workers/all_queues.yml
View File

@ -2145,15 +2145,6 @@
:weight: 3
:idempotent: false
:tags: []
- :name: pipeline_hooks:build_hooks
:worker_name: BuildHooksWorker
:feature_category: :continuous_integration
:has_external_dependencies: false
:urgency: :high
:resource_boundary: :unknown
:weight: 2
:idempotent: false
:tags: []
- :name: pipeline_hooks:pipeline_hooks
:worker_name: PipelineHooksWorker
:feature_category: :continuous_integration

33
app/workers/build_hooks_worker.rb
View File

@ -1,33 +0,0 @@
# frozen_string_literal: true
class BuildHooksWorker # rubocop:disable Scalability/IdempotentWorker
include ApplicationWorker
sidekiq_options retry: 3
include PipelineQueue
queue_namespace :pipeline_hooks
feature_category :continuous_integration
urgency :high
data_consistency :delayed
# rubocop: disable CodeReuse/ActiveRecord
def perform(build_id)
build = Ci::Build.find_by_id(build_id)
build.execute_hooks if build
end
# rubocop: enable CodeReuse/ActiveRecord
def self.perform_async(build)
Gitlab::AppLogger.info(
message: "Enqueuing hooks for Build #{build.id}: #{build.status}",
class: self.name,
build_id: build.id,
pipeline_id: build.pipeline_id,
project_id: build.project_id,
build_status: build.status)
super(build.id)
end
end

9
config/feature_flags/gitlab_com_derisk/optimize_top_bound_lineage_search.yml Normal file
View File

@ -0,0 +1,9 @@
---
name: optimize_top_bound_lineage_search
feature_issue_url:
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/144835
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/442634
milestone: '16.10'
group: group::threat insights
type: gitlab_com_derisk
default_enabled: false

2
config/metrics/counts_28d/20210216181152_projects_jira_dvcs_cloud_active.yml
View File

@ -5,7 +5,7 @@ description: Distinct count of creator_id from projects with an active Jira Clou
DVCS integration.
product_section: dev
product_stage: manage
product_group: integration
product_group: import_and_integrate
value_type: number
status: removed
time_frame: 28d

2
config/metrics/counts_28d/20210216181154_projects_jira_dvcs_server_active.yml
View File

@ -5,7 +5,7 @@ description: Distinct count of creator_id from projects with an active Jira Serv
DVCS integration.
product_section: dev
product_stage: manage
product_group: integration
product_group: import_and_integrate
value_type: number
status: active
time_frame: 28d

2
config/metrics/counts_all/20210216181128_projects_jira_dvcs_cloud_active.yml
View File

@ -5,7 +5,7 @@ description: Distinct count of creator_id from projects with an active Jira Clou
DVCS integration.
product_section: dev
product_stage: manage
product_group: integration
product_group: import_and_integrate
value_type: number
status: removed
time_frame: all

2
config/metrics/counts_all/20210216181130_projects_jira_dvcs_server_active.yml
View File

@ -5,7 +5,7 @@ description: Distinct count of creator_id from projects with an active Jira Serv
DVCS integration.
product_section: dev
product_stage: manage
product_group: integration
product_group: import_and_integrate
value_type: number
status: active
time_frame: all

4
config/sidekiq_queues.yml
View File

@ -189,12 +189,12 @@
- 1
- - compliance_management_chain_of_custody_report
- 1
- - compliance_management_framework_export_mailer
- 1
- - compliance_management_merge_requests_compliance_violations
- 1
- - compliance_management_pending_status_check
- 1
- - compliance_management_project_framework_export_mailer
- 1
- - compliance_management_standards_adherence_export_mailer
- 1
- - compliance_management_standards_gitlab_at_least_two_approvals

18
db/docs/packages_conan_file_metadata.yml
View File

@ -7,4 +7,20 @@ feature_categories:
description: Conan package file metadata
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/16418
milestone: '12.5'
gitlab_schema: gitlab_main
gitlab_schema: gitlab_main_cell
allow_cross_joins:
- gitlab_main_clusterwide
allow_cross_transactions:
- gitlab_main_clusterwide
allow_cross_foreign_keys:
- gitlab_main_clusterwide
desired_sharding_key:
project_id:
references: projects
backfill_via:
parent:
foreign_key: package_file_id
table: packages_package_files
sharding_key: project_id
belongs_to: package_file
awaiting_backfill_on_parent: true

18
db/docs/packages_debian_file_metadata.yml
View File

@ -7,4 +7,20 @@ feature_categories:
description: Debian package file metadata
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/49692
milestone: '13.8'
gitlab_schema: gitlab_main
gitlab_schema: gitlab_main_cell
allow_cross_joins:
- gitlab_main_clusterwide
allow_cross_transactions:
- gitlab_main_clusterwide
allow_cross_foreign_keys:
- gitlab_main_clusterwide
desired_sharding_key:
project_id:
references: projects
backfill_via:
parent:
foreign_key: package_file_id
table: packages_package_files
sharding_key: project_id
belongs_to: package_file
awaiting_backfill_on_parent: true

18
db/docs/packages_debian_project_component_files.yml
View File

@ -7,4 +7,20 @@ feature_categories:
description: Debian project-level component files
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/52885
milestone: '13.9'
gitlab_schema: gitlab_main
gitlab_schema: gitlab_main_cell
allow_cross_joins:
- gitlab_main_clusterwide
allow_cross_transactions:
- gitlab_main_clusterwide
allow_cross_foreign_keys:
- gitlab_main_clusterwide
desired_sharding_key:
project_id:
references: projects
backfill_via:
parent:
foreign_key: component_id
table: packages_debian_project_components
sharding_key: project_id
belongs_to: component
awaiting_backfill_on_parent: true

18
db/docs/packages_helm_file_metadata.yml
View File

@ -7,4 +7,20 @@ feature_categories:
description: Helm package file metadata
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/57017
milestone: '13.12'
gitlab_schema: gitlab_main
gitlab_schema: gitlab_main_cell
allow_cross_joins:
- gitlab_main_clusterwide
allow_cross_transactions:
- gitlab_main_clusterwide
allow_cross_foreign_keys:
- gitlab_main_clusterwide
desired_sharding_key:
project_id:
references: projects
backfill_via:
parent:
foreign_key: package_file_id
table: packages_package_files
sharding_key: project_id
belongs_to: package_file
awaiting_backfill_on_parent: true

18
db/docs/packages_nuget_dependency_link_metadata.yml
View File

@ -7,4 +7,20 @@ feature_categories:
description: Join table between nuget target frameworks and packages_dependency_links
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/30618
milestone: '13.0'
gitlab_schema: gitlab_main
gitlab_schema: gitlab_main_cell
allow_cross_joins:
- gitlab_main_clusterwide
allow_cross_transactions:
- gitlab_main_clusterwide
allow_cross_foreign_keys:
- gitlab_main_clusterwide
desired_sharding_key:
project_id:
references: projects
backfill_via:
parent:
foreign_key: dependency_link_id
table: packages_dependency_links
sharding_key: project_id
belongs_to: dependency_link
awaiting_backfill_on_parent: true

18
db/docs/packages_package_file_build_infos.yml
View File

@ -7,4 +7,20 @@ feature_categories:
description: Join table relating packages_package_files and ci_pipelines
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/44348
milestone: '13.6'
gitlab_schema: gitlab_main
gitlab_schema: gitlab_main_cell
allow_cross_joins:
- gitlab_main_clusterwide
allow_cross_transactions:
- gitlab_main_clusterwide
allow_cross_foreign_keys:
- gitlab_main_clusterwide
desired_sharding_key:
project_id:
references: projects
backfill_via:
parent:
foreign_key: package_file_id
table: packages_package_files
sharding_key: project_id
belongs_to: package_file
awaiting_backfill_on_parent: true

9
db/migrate/20240216133415_rename_type_column_of_group_external_streaming_destination.rb Normal file
View File

@ -0,0 +1,9 @@
# frozen_string_literal: true
class RenameTypeColumnOfGroupExternalStreamingDestination < Gitlab::Database::Migration[2.2]
milestone '16.10'
def change
rename_column :audit_events_group_external_streaming_destinations, :type, :category
end
end

9
db/migrate/20240216133523_rename_type_column_of_instance_external_streaming_destination.rb Normal file
View File

@ -0,0 +1,9 @@
# frozen_string_literal: true
class RenameTypeColumnOfInstanceExternalStreamingDestination < Gitlab::Database::Migration[2.2]
milestone '16.10'
def change
rename_column :audit_events_instance_external_streaming_destinations, :type, :category
end
end

18
db/migrate/20240221100732_remove_build_hooks_worker.rb Normal file
View File

@ -0,0 +1,18 @@
# frozen_string_literal: true
class RemoveBuildHooksWorker < Gitlab::Database::Migration[2.2]
milestone '16.10'
disable_ddl_transaction!
DEPRECATED_JOB_CLASSES = %w[
BuildHooksWorker
]
def up
sidekiq_remove_jobs(job_klasses: DEPRECATED_JOB_CLASSES)
end
def down
# This migration removes any instances of deprecated workers and cannot be undone.
end
end

1
db/schema_migrations/20240216133415 Normal file
View File

@ -0,0 +1 @@
2f0111d20042ca30b154bc409b0e9437d598c20e32a4ce00bc9babc659798152

1
db/schema_migrations/20240216133523 Normal file
View File

@ -0,0 +1 @@
adf1ba23379a6be9f5ab0b7af1c24fed51d5739152e518fb5cfe0f84e504c544

1
db/schema_migrations/20240221100732 Normal file
View File

@ -0,0 +1 @@
6677d9a0a9b8255855fcb0e14cce4d0dd22e2c7284d1a00cd3ffecf42a6b20f3

4
db/structure.sql
View File

@ -4618,7 +4618,7 @@ CREATE TABLE audit_events_group_external_streaming_destinations (
created_at timestamp with time zone NOT NULL,
updated_at timestamp with time zone NOT NULL,
group_id bigint NOT NULL,
type smallint NOT NULL,
category smallint NOT NULL,
name text NOT NULL,
config jsonb NOT NULL,
encrypted_secret_token bytea NOT NULL,
@ -4694,7 +4694,7 @@ CREATE TABLE audit_events_instance_external_streaming_destinations (
id bigint NOT NULL,
created_at timestamp with time zone NOT NULL,
updated_at timestamp with time zone NOT NULL,
type smallint NOT NULL,
category smallint NOT NULL,
name text NOT NULL,
config jsonb NOT NULL,
encrypted_secret_token bytea NOT NULL,

1
doc/administration/dedicated/create_instance.md
View File

@ -23,6 +23,7 @@ provide the following information to your account team:
- Email addresses of the users who are responsible to complete the onboarding and create your
GitLab Dedicated instance.
- Whether you want to [bring your own encryption keys (BYOK)](#encrypted-data-at-rest-byok). If so, GitLab provides an AWS account ID, which is necessary to enable BYOK.
- Whether you want to use Geo migration for inbound migration of your Dedicated instance.
If you've been granted access to Switchboard, you will receive an email invitation with temporary
credentials to sign in.

1
doc/api/graphql/reference/index.md
View File

@ -24724,6 +24724,7 @@ Returns [`UserMergeRequestInteraction`](#usermergerequestinteraction).
| <a id="pipelineusesneeds"></a>`usesNeeds` | [`Boolean`](#boolean) | Indicates if the pipeline has jobs with `needs` dependencies. |
| <a id="pipelinewarningmessages"></a>`warningMessages` | [`[PipelineMessage!]`](#pipelinemessage) | Pipeline warning messages. |
| <a id="pipelinewarnings"></a>`warnings` | [`Boolean!`](#boolean) | Indicates if a pipeline has warnings. |
| <a id="pipelineyamlerrormessages"></a>`yamlErrorMessages` | [`String`](#string) | The pipeline YAML errors. |
| <a id="pipelineyamlerrors"></a>`yamlErrors` | [`Boolean!`](#boolean) | If the pipeline has YAML errors. |
#### Fields with arguments

13
doc/api/integrations.md
View File

@ -712,9 +712,6 @@ FLAG:
On self-managed GitLab, by default this feature is available. To hide the feature, ask an administrator to [disable the feature flag](../administration/feature_flags.md) named `git_guardian_integration`.
On GitLab.com, this feature is not available.
WARNING:
Pushes can be delayed or can time out. With the GitGuardian integration, pushes are sent to a third-party, and GitLab has no control over the connection with GitGuardian or the GitGuardian process.
[GitGuardian](https://www.gitguardian.com/) is a cybersecurity service that detects sensitive data such as API keys
and passwords in source code repositories.
It scans Git repositories, alerts on policy violations, and helps organizations
@ -722,6 +719,16 @@ fix security issues before hackers can exploit them.
You can configure GitLab to reject commits based on GitGuardian policies.
### Known issues
- Pushes can be delayed or can time out. With the GitGuardian integration, pushes are sent to a third-party, and GitLab has no control over the connection with GitGuardian or the GitGuardian process.
- Due to a [GitGuardian API limitation](https://api.gitguardian.com/docs#operation/multiple_scan), the integration ignores files over the size of 1 MB. They are not scanned.
- If a pushed file has a name over 256 characters long the push won't go through.
For more information, see [GitGuardian API documentation](https://api.gitguardian.com/docs#operation/multiple_scan) .
Troubleshooting steps on [the integration page](../user/project/integrations/git_guardian.md#troubleshooting)
show how to mitigate some of these problems.
### Set up GitGuardian
Set up the GitGuardian integration for a project.

74
doc/api/merge_request_approvals.md
View File

@ -103,6 +103,80 @@ Example response:
}
```
### Update group-level approval rules
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/440639) in GitLab 16.10.
Group admins can update group level approval rules using the following endpoint:
```shell
PUT /groups/:id/approval_rules/:approval_rule_id
```
Supported attributes:
| Attribute | Type | Required | Description |
|----------------------|-------------------|----------|------------------------------------------------------------------------------------------------------------------------------------------------------|
| `approval_rule_id`. | integer | Yes | The ID of the approval rule. |
| `id` | integer or string | Yes | The ID or [URL-encoded path of a group](rest/index.md#namespaced-path-encoding). |
| `approvals_required` | string | No | The number of required approvals for this rule. |
| `group_ids` | integer | No | The IDs of users as approvers. |
| `name` | string | No | The name of the approval rule. |
| `rule_type` | array | No | The type of rule. `any_approver` is a pre-configured default rule with `approvals_required` at `0`. Other rules are `regular` and `report_approver`. |
| `user_ids` | array | No | The IDs of groups as approvers. |
Example request:
```shell
curl --request PUT --header "PRIVATE-TOKEN: <your_access_token>" \
--url "https://gitlab.example.com/api/v4/groups/29/approval_rules/5?name=security2&approvals_required=1"
```
Example response:
```json
{
"id": 5,
"name": "security2",
"rule_type": "any_approver",
"eligible_approvers": [],
"approvals_required": 1,
"users": [],
"groups": [],
"contains_hidden_groups": false,
"protected_branches": [
{
"id": 5,
"name": "master",
"push_access_levels": [
{
"id": 5,
"access_level": 40,
"access_level_description": "Maintainers",
"deploy_key_id": null,
"user_id": null,
"group_id": null
}
],
"merge_access_levels": [
{
"id": 5,
"access_level": 40,
"access_level_description": "Maintainers",
"user_id": null,
"group_id": null
}
],
"allow_force_push": false,
"unprotect_access_levels": [],
"code_owner_approval_required": false,
"inherited": false
}
],
"applies_to_all_protected_branches": true
}
```
## Project-level MR approvals
### Get Configuration

2
doc/api/merge_requests.md
View File

@ -1149,7 +1149,7 @@ following response attributes:
| `new_file` | boolean | Indicates if the file has just been added. |
| `renamed_file` | boolean | Indicates if the file has been renamed. |
| `deleted_file` | boolean | Indicates if the file has been removed. |
| `generated_file` | boolean | Indicates if the file is marked as generated. |
| `generated_file` | boolean | Indicates if the file is [marked as generated](../user/project/merge_requests/changes.md#collapse-generated-files). [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/141576) in GitLab 16.9. |
Example request:

14
doc/architecture/blueprints/cells/infrastructure/deployments.md
View File

@ -12,15 +12,15 @@ Disclaimer: This blueprint requires more cross-functional alignment - **Confiden
# Application Deployment with a Cellular Architecture
This blueprint describes a deployment strategy that can support the new scaling dimension intruduced by the Cell Architecture.
This blueprint describes a deployment strategy that can support the new scaling dimension introduced by the Cell Architecture.
The complexity of this transition will demand participation from many team in the Platforms section to take ownership of the features necessary to reach the production grade rating on this architecture.
The complexity of this transition will require many teams in the Platforms section to participate by taking ownership of the features necessary to reach the production grade rating on this architecture.
## Introduction
### Preamble
From an high level perspective, a Cell Cluster is a system made of only 3 items:
From a high level perspective, a Cell Cluster is a system made of only 3 items:
1. **Router** - An HA routing system deployed independently from the GitLab application.
1. **Primary Cell** - The GitLab installation that is the leader for all the cluster wide data and services. This will be the legacy GitLab.com deployment.
@ -55,12 +55,12 @@ It is important to note that even if a Secondary Cell supports GitLab Geo out of
- Deployment - The GitLab application and its components being installed into infrastructure
- `auto-deploy` version - The active version that creates a package viable for deployment
- ring - A logical partition of the cell cluster. In order to deploy to the next ring a package must be validated inside the current ring
- ring - A logical partition of the cell cluster. In order to deploy to the next ring a package must be validated inside the current ring.
- `perimeter` - the ring marking the "definition of done" for Release Managers, a package validated inside the perimeter is allowed to rollout in the rest of the fleet
- `graduated` version - The version deemed safe to deploy to cells outside of the perimeter
- `.com` - refers to our old existing or currently running infrastructure
- `.com` - Our old existing or currently running infrastructure
- Primary Cell - The GitLab installation that is the leader for all the cluster wide data and services. Initially this will be the legacy GitLab.com deployment. This implicitly includes .com as our legacy infrastructure.
- Secondary Cell(s) - GitLab installation(s) authoritative for a limited number of Organizations. Cell(s) are deployed using GitLab Dedicated tools.
- Secondary Cell(s) - GitLab installation(s) authoritative for a limited number of Organizations. Deployed using GitLab Dedicated tools.
### Ring deployment
@ -123,7 +123,7 @@ In the image above we are showing a possible ring layout with a cluster made of
The general rule is that:
1. The deployment process progresses from Ring 0 to the outer rings
1. The deployment process progresses from Ring 0 to the outer rings.
1. Rings are a collection of Cells sharing the same risk factor associated to a deployment.
1. Deployments can get halted at any stage and the package will not reach the outer rings.
1. We define the "perimeter" ring that marks the "definition of done" for the Release Managers.

38
doc/architecture/blueprints/cells/infrastructure/index.md
View File

@ -17,34 +17,34 @@ status: proposed
## Philosophy
- **Cell local by default**: All services should be cell local, and not global unless there are documented and good reasons why they aren't.
If we keep things cell local communication between the cell and service stays internal, the service has to run at a smaller scale, and the blast radius is much smaller.
Example, Gitaly and GitLab Registry are cell local.
- **Cell-local by default**: All services should be cell-local, and not global, unless there are documented and good reasons why they aren't cell-local.
If we keep things cell-local, communication between the cell and service stays internal, the service has to run at a smaller scale, and the blast radius is much smaller.
Example, Gitaly and GitLab Registry are cell-local.
- **homogeneous environments**: For now, every GitLab cell should look the same. Bootstrapping and provisioning should be done in an automated way.
For the first iteration all Cells is the same size, there are benefits of running different sizes but this adds complexity, and scope.
For the first iteration all Cells are the same size, there are benefits of running different sizes but this adds complexity and scope.
- **Fresh start, but not so much**: Brand new GitLab instances are created, so it's tempting to redo everything. We have to balance the existing infrastructure, dedicated tooling, and time.
- **All operations get rolled out the same**: Configuration changes, Feature Flags, Deployments, and operational tasks ideally go through the same process of rolling out a change.
Having 1 way of doing things can bring efficiencies and a single source of truth for automation.
- **Centralize Tooling**: We have a lot of tooling to manage GitLab.com and separate tooling for GitLab Dedicated,
which creates silos, duplication of effort and less portability.
We have to provision multiple Cells for GitLab.com we need new tooling, GitLab Dedicated built tooling just for this reason.
We should try use this tooling as much as possible, if there are things we don't agree with we should try [disagree, commit, and disagree](https://handbook.gitlab.com/handbook/values/#disagree-commit-and-disagree) to improve a single tool.
which creates silos, duplication of effort, and less portability.
We have to provision multiple Cells for GitLab.com, we need new tooling, GitLab Dedicated built tooling just for this reason.
We should try to use this tooling as much as possible, if there are things we don't agree with we should try [disagree, commit, and disagree](https://handbook.gitlab.com/handbook/values/#disagree-commit-and-disagree) to improve a single tool.
It is ok to start with tooling that has shortcomings, an iterative approach leads to _one_ mature product instead of two.
## Glossary/[Ubiquitous Language](https://martinfowler.com/bliki/UbiquitousLanguage.html)
- `Provision`: When we create a new Cell. Example; We _provisioned_ Cell 5, which is a brand new Cell.
- `Deploy`: When we change the running code inside of an existing Cell. Example; We _deployed_ the new auto-deploy version on GitLab.com.
- `Provision`: When we create a new Cell. Example: We _provisioned_ Cell 5, which is a brand new Cell.
- `Deploy`: When we change the running code inside of an existing Cell. Example: We _deployed_ the new auto-deploy version on GitLab.com.
- [Blueprint](deployments.md)
- `Configuration change`: When we change any configuration on the application or infrastructure. Example; We did a _configuration change_ on labels added to VMs.
- `Configuration change`: When we change any configuration on the application or infrastructure. Example: We did a _configuration change_ on labels added to VMs.
- `Cell`: A single unit, and instance of GitLab. Not used to refer to Dedicated, where an instance of GitLab is called a Tenant.
- `Cluster`: A collection of Cells, and the existing GitLab.com infrastructure. Example; We need to change the version of Registry in the Cluster.
- `Cluster`: A collection of Cells, and the existing GitLab.com infrastructure. Example: We need to change the version of Registry in the Cluster.
- `Fleet`: The collection of all SaaS environments, both single-tenant and multi-tenant, that collectively form our production environments.
This includes existing GitLab.com infrastructure, Cells, and Dedicated.
## Architecture
Below is the Cell architecture you can find the current GitLab.com architecture (pre-Cells) in <https://handbook.gitlab.com/handbook/engineering/infrastructure/production/architecture/>
Below is the Cell architecture. You can find the current GitLab.com architecture (pre-Cells) in <https://handbook.gitlab.com/handbook/engineering/infrastructure/production/architecture/>.
```plantuml
@startuml
@ -208,8 +208,8 @@ frame "Google Cloud Platform" <<gcp>> {
The infrastructure is multifaceted and all teams have a role in setting up the cell infrastructure.
The `Confidence` column is to get a sense of how confident we are with the specific domain and it's path forward for Cells.
When we have a blueprint merged ideally the confidence should move to 👍 because we have a blueprint that provides direction to that domain.
The `Confidence` column refers to how confident we are with the specific domain and its path forward for Cells.
When we have a blueprint merged ideally the confidence should move to 👍 because we have a blueprint that provides direction to that domain.
| Domain | Owner | Blueprint | Confidence |
|----------------------------------|-----------------------------------|--------------------------------------|------------|
@ -262,7 +262,7 @@ component "Configuration Management"
## Stakeholders
We have several teams partaking in the operations of Cell.
The first distinction is between teams implementing and maintaining the tools and teams using those tools.
The first distinction is between teams implementing and maintaining the tools, and teams using those tools.
| Areas | Features | Owners |
|---------------------------------------------------|-----------------------------------------------------------|---------------------------------|
@ -270,7 +270,7 @@ The first distinction is between teams implementing and maintaining the tools an
| | Integration with Release Managers' workflows | team::Delivery-Deployments |
| | Deployment mechanics using `Instrumentor` and `AMP` | team::Foundations |
| | Cell application reference architectures and overlays | team::Ops |
| | Cell bootstrapping, tooling and supporting infrastructure | team::Ops |
| | Cell bootstrapping, tooling, and supporting infrastructure | team::Ops |
| | Cell deprovisioning | team::Ops |
| Control Plane for cluster state** | | |
| | Investigate GitOps model | team::Delivery-Deployments |
@ -295,12 +295,12 @@ The first distinction is between teams implementing and maintaining the tools an
| | Load Balancing and networking | team::Foundations |
| | Rate Limiting | team::Foundations |
> \* These items may require contributions from various stakeholders in SaaS Platforms and Core Platform. This work should be heavily collaborated on as to help ensure appropriate alignment to meet the needs of the owning team and customer teams.
> \* These items may require contributions from various stakeholders in SaaS Platforms and Core Platform. Stakeholders should closely collaborate on this work to ensure appropriate alignment to meet the needs of the owning team and customer teams.
>
> \*\* These items are for consideration after Cell 2.0 iteration .
> \*\* These items are for consideration after the Cell 2.0 iteration.
The users of those features are the Release Managers, the Engineer On Call, and the Team:Ops.
The following list define the tasks those groups can perform in the cell cluster:
The following list defines the tasks those groups can perform in the cell cluster:
1. Release Managers
- Command deployments inside the perimeter

22
doc/architecture/blueprints/cells/rejected/deployment-architecture.md
View File

@ -17,7 +17,7 @@ of GitLab.com and contrasts it with the expected Cells architecture.
<img src="diagrams/deployment-before-cells.drawio.png" width="800">
The diagram represents simplified GitLab.com deployment components before the introduction of a Cells architecture.
This diagram intentionally misses some services that are not relevant for the architecture overview (Cloudflare, Consul, PgBouncers, ...).
This diagram intentionally omits some services that are not relevant for the architecture overview (Cloudflare, Consul, PgBouncers, ...).
Those services are considered to be Cell-local, with the exception of Cloudflare.
The component blocks are:
@ -25,16 +25,16 @@ The component blocks are:
- Separate components that can be deployed independently.
- Components that are independent from other components and offer a wide range of version compatibility.
The application layer services are:
The application layer services:
- Strongly interconnected and require to run the same version of the application.
- Are strongly interconnected and require to run the same version of the application.
Read more in [!131657](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/131657#note_1563513431).
- Each service is run across many nodes and scaled horizontally to provide sufficient throughput.
- Services that interact with other services using an API (REST, gRPC), Redis or DB.
The dependent services are:
The dependent services:
- Updated infrequently and selectively.
- Are updated infrequently and selectively.
- Might use cloud managed services.
- Each service is clustered and might be run across different availability zones to provide high availability.
- Object storage is also accessible directly to users if a pre-signed URL is provided.
@ -43,7 +43,7 @@ The dependent services are:
<img src="diagrams/deployment-development-cells.drawio.png" width="800">
The purpose of **Development Cells** is to model a production-like architecture for the purpose of testing and validating the changes introduced.
The purpose of **Development Cells** is to model a production-like architecture to test and validate the changes introduced.
This could be achieved with testing Cells on top of the [Reference Architectures](../../../../administration/reference_architectures/index.md).
Read more in [#425197](https://gitlab.com/gitlab-org/gitlab/-/issues/425197).
@ -63,9 +63,9 @@ The differences compared to [Development Cells](#2-development-cells---adapting-
- A Cluster-wide Data Provider is introduced by Cells.
- The Cluster-wide Data Provider is deployed with Cell 1 to be able to access cluster-wide data directly.
- The cluster-wide database is isolated from the main PostgreSQL database.
- The Cluster-wide database is isolated from the main PostgreSQL database.
- A Cluster-wide Data Provider is responsible for storing and sharing user data,
user sessions (currently stored in Redis sessions cluster), routing information
user sessions (currently stored in Redis sessions cluster), routing information,
and cluster-wide settings across all Cells.
- Access to the cluster-wide database is done asynchronously:
- Read access always uses a database replica.
@ -129,7 +129,7 @@ As per the architecture, the above services are required to be run cluster-wide:
As per the architecture, the above services are required to be run Cell-local:
- The consumer data held by the Cell-local services needs to be migratable to another Cell.
- The compute generated by the service is substational and is strongly desired to reduce impact of [single Cell failure](../goals.md#high-resilience-to-a-single-cell-failure).
- The compute generated by the service is substatial, and it is strongly desired to reduce impact of [single Cell failure](../goals.md#high-resilience-to-a-single-cell-failure).
- It is complex to run the service cluster-wide from the Cells architecture perspective.
### Hybrid Services
@ -139,7 +139,7 @@ As per the architecture, the above services are required to be run Cell-local:
| **GitLab Pages** | GitLab-built | Routing Service, Rails API | No problem | Serving CI generated pages under `.gitlab.io` or custom domains |
| **GitLab Registry** | GitLab-built | Object Storage, PostgreSQL | Non-trivial data migration in case of split | Service to provide GitLab container registry |
| **Gitaly Cluster** | GitLab-built | Disk storage, PostgreSQL | No problem: Built-in migration routines to balance Gitaly nodes | Gitaly holds Git repository data. Many Gitaly clusters can be configured in application. |
| **Elasticsearch** | Managed service | Many nodes required by sharding | Time consuming: Rebuild cluster from scratch | Search across all projects |
| **Elasticsearch** | Managed service | Many nodes required by sharding | Time-consuming: Rebuild cluster from scratch | Search across all projects |
| **Object Storage** | Managed service | | Not straightforward: Rather hard to selectively migrate between buckets | Holds all user and CI uploaded files that is served by GitLab |
As per the architecture, the above services are allowed to be run either cluster-wide or Cell-local:
@ -149,7 +149,7 @@ As per the architecture, the above services are allowed to be run either cluster
| Service | Type | Uses | Description |
| ------------------------------ | ------------ | ------------------------------- | --------------------------------------------------------------------------------------------------- |
| **Elasticsearch** | Managed service | Many nodes requires by sharding | Time consuming: Rebuild cluster from scratch | Search across all projects |
| **Elasticsearch** | Managed service | Many nodes requires by sharding | Time-consuming: Rebuild cluster from scratch | Search across all projects |
| **Object Storage** | Managed service | | Not straightforward: Rather hard to selectively migrate between buckets | Holds all user and CI uploaded files that is served by GitLab |
As per the architecture, the above services are allowed to be run either cluster-wide or Cell-local:

14
doc/ci/services/index.md
View File

@ -262,13 +262,13 @@ test:
> - Introduced in GitLab and GitLab Runner 9.4.
| Setting | Required | GitLab version | Description |
|------------|----------|----------------| ----------- |
| `name` | yes, when used with any other option | 9.4 | Full name of the image to use. If the full image name includes a registry hostname, use the `alias` option to define a shorter service access name. For more information, see [Accessing the services](#accessing-the-services). |
| `entrypoint` | no | 9.4 |Command or script to execute as the container's entrypoint. It's translated to the Docker `--entrypoint` option while creating the container. The syntax is similar to [`Dockerfile`'s `ENTRYPOINT`](https://docs.docker.com/engine/reference/builder/#entrypoint) directive, where each shell token is a separate string in the array. |
| `command` | no | 9.4 |Command or script that should be used as the container's command. It's translated to arguments passed to Docker after the image's name. The syntax is similar to [`Dockerfile`'s `CMD`](https://docs.docker.com/engine/reference/builder/#cmd) directive, where each shell token is a separate string in the array. |
| `alias` (1) | no | 9.4 | Additional alias that can be used to access the service from the job's container. Read [Accessing the services](#accessing-the-services) for more information. |
| `variables` (2) | no | 14.5 | Additional environment variables that are passed exclusively to the service. The syntax is the same as [Job Variables](../variables/index.md). Service variables cannot reference themselves. |
| Setting | Required | GitLab version | Description |
|-----------------|--------------------------------------|----------------|-------------|
| `name` | yes, when used with any other option | 9.4 | Full name of the image to use. If the full image name includes a registry hostname, use the `alias` option to define a shorter service access name. For more information, see [Accessing the services](#accessing-the-services). |
| `entrypoint` | no | 9.4 | Command or script to execute as the container's entrypoint. It's translated to the Docker `--entrypoint` option while creating the container. The syntax is similar to [`Dockerfile`'s `ENTRYPOINT`](https://docs.docker.com/engine/reference/builder/#entrypoint) directive, where each shell token is a separate string in the array. |
| `command` | no | 9.4 | Command or script that should be used as the container's command. It's translated to arguments passed to Docker after the image's name. The syntax is similar to [`Dockerfile`'s `CMD`](https://docs.docker.com/engine/reference/builder/#cmd) directive, where each shell token is a separate string in the array. |
| `alias` (1) | no | 9.4 | Additional alias that can be used to access the service from the job's container. Read [Accessing the services](#accessing-the-services) for more information. |
| `variables` (2) | no | 14.5 | Additional environment variables that are passed exclusively to the service. The syntax is the same as [Job Variables](../variables/index.md). Service variables cannot reference themselves. |
(1) Alias support for the Kubernetes executor was [introduced](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/2229) in GitLab Runner 12.8, and is only available for Kubernetes version 1.7 or later.

2
doc/ci/yaml/index.md
View File

@ -2557,6 +2557,8 @@ The name of the Docker image that the job runs in. Similar to [`image`](#image)
- `<image-name>:<tag>`
- `<image-name>@<digest>`
CI/CD variables [are supported](../variables/where_variables_can_be_used.md#gitlab-ciyml-file).
**Example of `image:name`**:
```yaml

4
doc/operations/error_tracking.md
View File

@ -228,3 +228,7 @@ you might see an error when you try to [enable Sentry integration for a project]
The resulting request to `/project/path/-/error_tracking/projects.json?api_host=https:%2F%2Fsentry.example.com%2F&token=<token>` returns a 404 status.
To fix this issue, enable the Monitor feature for the project.
## Data Retention
GitLab has a retention limit of 90 days for all errors.

4
doc/operations/tracing.md
View File

@ -93,3 +93,7 @@ Tracing ingests a maximum of 102,400 bytes per minute.
After the limit is exceeded, a `429 Too Many Requests` response is returned.
To request a limit increase to 104,8576 bytes per minute, contact GitLab support.
## Data Retention
GitLab has a retention limit of 30 days for all traces.

4
doc/user/analytics/analytics_dashboards.md
View File

@ -161,6 +161,10 @@ To view the Value Streams Dashboard as an analytics dashboard for a group:
You can change the location of your project or group dashboards.
Prerequisites:
- You must have at least the Maintainer role for the project or group the project belongs to.
### Group dashboards
NOTE:

2
doc/user/project/deploy_keys/index.md
View File

@ -103,7 +103,7 @@ Prerequisites:
1. Optional. Update the **Expiration date**.
A project deploy key is enabled when it is created. You can modify only a project deploy key's
name and permissions.
name and permissions. If the deploy key is enabled in more than one project, you can't modify the deploy key name.
## Create a public deploy key

4
doc/user/project/file_lock.md
View File

@ -27,8 +27,8 @@ said to have "released the lock".
GitLab supports two different modes of file locking:
- [Exclusive file locks](#exclusive-file-locks) for binary files: done **through
the command line** with Git LFS and `.gitattributes`, it prevents locked
- [Exclusive file locks](#exclusive-file-locks) for binary files: done
**through the command line** with Git LFS and `.gitattributes`, it prevents locked
files from being modified on any branch.
- [Default branch locks](#default-branch-file-and-directory-locks): done
**through the GitLab UI**, it prevents locked files and directories being

18
doc/user/project/git_attributes.md
View File

@ -10,12 +10,16 @@ DETAILS:
**Tier:** Free, Premium, Ultimate
**Offering:** SaaS, self-managed
GitLab supports defining custom [Git attributes](https://git-scm.com/docs/gitattributes) such as what
files to treat as binary, and what language to use for syntax highlighting
diffs.
GitLab supports defining custom Git attributes in a `.gitattributes` file in the
root directory of your repository. Use the `.gitattributes` file to declare changes
to file handling and display, such as:
To define these attributes, create a file called `.gitattributes` in the root
directory of your repository and push it to the default branch of your project.
- [Collapse generated files](merge_requests/changes.md#collapse-generated-files) in diffs.
- Create [custom merge drivers](#custom-merge-drivers).
- Create [exclusive lock files](file_lock.md) to mark files as read-only.
- Change [syntax highlighting](highlighting.md) in diffs.
- Declare binary file handling with [Git LFS](../../topics/git/lfs/index.md).
- Declare [languages used in your repository](repository/index.md#add-repository-languages).
## Encoding requirements
@ -128,3 +132,7 @@ config/* merge=foo
```
In this case, every file under the `config/` folder uses the custom merge driver called `foo` defined in the GitLab configuration.
## Resources
- Official Git documentation for [Git attributes](https://git-scm.com/docs/gitattributes)

38
doc/user/project/integrations/git_guardian.md
View File

@ -16,9 +16,6 @@ FLAG:
On self-managed GitLab, by default this feature is available. To hide the feature, ask an administrator to [disable the feature flag](../../../administration/feature_flags.md) named `git_guardian_integration`.
On GitLab.com, this feature is not available.
WARNING:
Pushes can be delayed or can time out. With the GitGuardian integration, pushes are sent to a third-party, and GitLab has no control over the connection with GitGuardian or the GitGuardian process.
[GitGuardian](https://www.gitguardian.com/) is a cybersecurity service that detects sensitive data such as API keys
and passwords in source code repositories.
It scans Git repositories, alerts on policy violations, and helps organizations
@ -74,3 +71,38 @@ To enable the integration for your project:
1. Select **Save changes**.
GitLab is now ready to reject commits based on GitGuardian policies.
## Known issues
- Pushes can be delayed or can time out. With the GitGuardian integration, pushes are sent to a third-party, and GitLab has no control over the connection with GitGuardian or the GitGuardian process.
- Due to a [GitGuardian API limitation](https://api.gitguardian.com/docs#operation/multiple_scan), the integration ignores files over the size of 1 MB. They are not scanned.
- If a pushed file has a name over 256 characters long the push won't go through.
- For more information, see [GitGuardian API documentation](https://api.gitguardian.com/docs#operation/multiple_scan).
Troubleshooting steps below show how to mitigate some of these problems.
## Troubleshooting
When working with the GitGuardian integration, you might encounter the following issues.
### `500` HTTP errors
You might get a HTTP `500` error.
This issue occurs for when requests time out for commits with a lot of changed files.
If this happens with a commit with more than 50 files changed,
the workaround is to break down your changes into smaller commits and push
them one by one.
### `Filename: ensure this value has at most 256 characters`
You might get a HTTP `400` error that states `Filename: ensure this value has at most 256 characters`.
This issue occurs when some of the changed files you are pushing in that commit have the file name
(not the path) longer then 256 characters.
The workaround is to shorten the file name if possible.
In case the file name cannot be shortened, for example, because it was automatically generated by a framework,
disable the integration and try to push again.
Don't forget to re-enable the integration afterwards if needed.

15
doc/user/project/merge_requests/changes.md
View File

@ -63,12 +63,18 @@ Files with many changes are collapsed to improve performance. GitLab displays th
### Collapse generated files
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/140180) in GitLab 16.8 [with a flag](../../../administration/feature_flags.md) named `collapse_generated_diff_files`. Disabled by default.
> - [Enabled on GitLab.com and self-managed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/145100) in GitLab 16.10.
DETAILS:
**Tier:** Free, Premium, Ultimate
**Offering:** Self-managed
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/140180) in GitLab 16.8 [with a flag](../../../administration/feature_flags.md) named `collapse_generated_diff_files`. Disabled by default.
> - [Enabled on GitLab.com and self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/432670) in GitLab 16.10.
FLAG:
On self-managed GitLab, by default this feature is available. To disable it,
an administrator can [disable the feature flag](../../../administration/feature_flags.md)
named `collapse_generated_diff_files`.
On GitLab.com, this feature is available.
To help reviewers focus on the files needed to perform a code review, GitLab collapses
several common types of generated files. These files are collapsed by default, because
@ -81,9 +87,8 @@ they are unlikely to require code reviews:
1. Source map reference files.
1. Generated Go files, including the generated files by protocol buffer compiler.
If you want to automatically collapse additional files or file types, you can use
the `gitlab-generated` attribute, which marks or unmarks certain files/paths as generated. See [overriding syntax highlighting](../highlighting.md#override-syntax-highlighting-for-a-file-type) for more
detail on how to use override attributes.
To mark a file or path as generated, set the `gitlab-generated` attribute for it
in your [`.gitattributes` file](../git_attributes.md).
#### View a collapsed file

18
doc/user/project/service_desk/using_service_desk.md
View File

@ -152,20 +152,34 @@ In GitLab 15.9 and earlier, uploads to a comment are sent as links in the email.
## Convert a regular issue to a Service Desk ticket
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/433376) in GitLab 16.9 [with a flag](../../../administration/feature_flags.md) named `convert_to_ticket_quick_action`. Disabled by default.
> - Enabled on GitLab.com in GitLab 16.10.
FLAG:
On self-managed GitLab, by default this feature is not available. To make it available per group,
an administrator can [enable the feature flag](../../../administration/feature_flags.md) named `convert_to_ticket_quick_action`.
On GitLab.com, this feature is not available.
On GitLab.com, this feature is available.
Use the quick action `/convert_to_ticket external-issue-author@example.com` to convert any regular issue
into a Service Desk ticket. This assigns the provided email address as the external author of the ticket
and add them to the list of external participants. They receive Service Desk emails for any public
and adds them to the list of external participants. They receive Service Desk emails for any public
comment on the ticket and can reply to these emails. Replies add a new comment on the ticket.
GitLab doesn't send [the default `thank_you` email](configure.md#customize-emails-sent-to-the-requester).
You can add a public comment on the ticket to let the end user know that the ticket has been created.
<!--
When the feature flag convert_to_ticket_quick_action is removed, move the steps below
into a new topic called "### Create a Service Desk ticket in GitLab UI"
and nest it under "## As an end user (issue creator)".
-->
To create a Service Desk ticket from the UI:
1. [Create an issue](../issues/create_issues.md)
1. Add a comment that contains only the quick action `/convert_to_ticket user@example.com`.
You should see a comment from the [GitLab Support Bot](configure.md#support-bot-user).
1. Reload the page so the UI reflects the type change.
1. Optional. Add a comment on the ticket to send an initial Service Desk email to the external participant.
## Privacy considerations
> - [Changed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/108901) the minimum required role to view the creator's and participant's email in GitLab 15.9.

2
lib/api/deploy_keys.rb
View File

@ -172,7 +172,7 @@ module API
update_params[:can_push] = params[:can_push] if params.key?(:can_push)
update_params[:deploy_key_attributes] = { id: params[:key_id] }
if can?(current_user, :update_deploy_key, deploy_keys_project.deploy_key)
if can?(current_user, :update_deploy_key_title, deploy_keys_project.deploy_key)
update_params[:deploy_key_attributes][:title] = params[:title] if params.key?(:title)
end

2
lib/gitlab/markdown_cache.rb
View File

@ -11,7 +11,7 @@ module Gitlab
# this if the change to the renderer output is a new feature or a
# minor bug fix.
# See: https://gitlab.com/gitlab-org/gitlab/-/issues/330313
CACHE_COMMONMARK_VERSION = 32
CACHE_COMMONMARK_VERSION = 33
CACHE_COMMONMARK_VERSION_START = 10
BaseError = Class.new(StandardError)

13
locale/gitlab.pot
View File

@ -12691,7 +12691,7 @@ msgstr ""
msgid "ComplianceFrameworksReport|Edit framework"
msgstr ""
msgid "ComplianceFrameworks| Frameworks export"
msgid "ComplianceFrameworks| Project frameworks export"
msgstr ""
msgid "ComplianceFrameworks|Active compliance frameworks"
@ -12820,10 +12820,10 @@ msgstr ""
msgid "ComplianceFrameworks|You are about to permanently delete the compliance framework %{framework} from all projects which currently have it applied, which may remove other functionality. This cannot be undone."
msgstr ""
msgid "ComplianceFrameworks|Your Compliance Frameworks CSV export for the group \"%{group_name}\" has been attached to this email."
msgid "ComplianceFrameworks|Your Compliance Project Frameworks CSV export for the group \"%{group_name}\" has been attached to this email."
msgstr ""
msgid "ComplianceFrameworks|Your Compliance Frameworks CSV export for the group %{group_link} has been attached to this email."
msgid "ComplianceFrameworks|Your Compliance Project Frameworks CSV export for the group %{group_link} has been attached to this email."
msgstr ""
msgid "ComplianceFrameworks|default"
@ -54290,10 +54290,10 @@ msgstr ""
msgid "UserProfile|Personal projects"
msgstr ""
msgid "UserProfile|Pronounced as: %{div_start}%{pronunciation}%{div_end}"
msgid "UserProfile|Pronounced as:"
msgstr ""
msgid "UserProfile|Pronouns: %{div_start}%{pronouns}%{div_end}"
msgid "UserProfile|Pronouns:"
msgstr ""
msgid "UserProfile|Retry"
@ -57077,9 +57077,6 @@ msgstr ""
msgid "You are not allowed to download code from this project."
msgstr ""
msgid "You are not allowed to log in using password"
msgstr ""
msgid "You are not allowed to reject a user"
msgstr ""

2
qa/qa/page/project/show.rb
View File

@ -136,7 +136,7 @@ module QA
end
def new_merge_request
wait_until(reload: true) do
wait_until(reload: true, message: 'Wait for `Create merge request` push notification') do
has_create_merge_request_button?
end

10
spec/controllers/passwords_controller_spec.rb
View File

@ -21,16 +21,6 @@ RSpec.describe PasswordsController, feature_category: :system_access do
expect(flash[:alert]).to eq _('Password authentication is unavailable.')
end
end
context 'when reset email belongs to an ldap user' do
let(:user) { create(:omniauth_user, provider: 'ldapmain', email: 'ldapuser@gitlab.com') }
it 'prevents a password reset' do
post :create, params: { user: { email: user.email } }
expect(flash[:alert]).to eq _('Password authentication is unavailable.')
end
end
end
describe '#update' do

259
spec/controllers/projects/deploy_keys_controller_spec.rb
View File

@ -320,105 +320,200 @@ RSpec.describe Projects::DeployKeysController, feature_category: :continuous_del
{ deploy_key: { title: title, deploy_keys_projects_attributes: deploy_keys_projects_attributes } }
end
let(:deploy_key) { create(:deploy_key, public: true) }
let(:project) { create(:project) }
let!(:deploy_keys_project) do
create(:deploy_keys_project, project: project, deploy_key: deploy_key)
end
context 'with project maintainer' do
before do
project.add_maintainer(user)
context 'public deploy key' do
let(:deploy_key) { create(:deploy_key, public: true) }
let!(:deploy_keys_project) do
create(:deploy_keys_project, project: project, deploy_key: deploy_key)
end
context 'public deploy key attached to project' do
let(:extra_params) { deploy_key_params('updated title', '1') }
it 'does not update the title of the deploy key' do
expect { subject }.not_to change { deploy_key.reload.title }
context 'with project maintainer' do
before do
project.add_maintainer(user)
end
it 'updates can_push of deploy_keys_project' do
expect { subject }.to change { deploy_keys_project.reload.can_push }.from(false).to(true)
end
end
end
context 'public deploy key attached to project' do
let(:extra_params) { deploy_key_params('updated title', '1') }
context 'with admin', :enable_admin_mode do
before do
sign_in(admin)
end
context 'public deploy key attached to project' do
let(:extra_params) { deploy_key_params('updated title', '1') }
it 'updates the title of the deploy key' do
expect { subject }.to change { deploy_key.reload.title }.to('updated title')
end
it 'updates can_push of deploy_keys_project' do
expect { subject }.to change { deploy_keys_project.reload.can_push }.from(false).to(true)
end
end
context 'when a different deploy key id param is injected' do
let(:extra_params) { deploy_key_params('updated title', '1') }
let(:hacked_params) do
extra_params.reverse_merge(id: other_deploy_key_id, namespace_id: project.namespace, project_id: project)
end
subject { put :update, params: hacked_params }
context 'and that deploy key id exists' do
let(:other_project) { create(:project) }
let(:other_deploy_key) do
key = create(:deploy_key)
project.deploy_keys << key
key
end
let(:other_deploy_key_id) { other_deploy_key.id }
it 'does not update the can_push attribute' do
expect { subject }.not_to change { deploy_key.deploy_keys_project_for(project).can_push }
end
end
context 'and that deploy key id does not exist' do
let(:other_deploy_key_id) { 9999 }
it 'returns 404' do
subject
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
end
context 'with admin as project maintainer' do
before do
sign_in(admin)
project.add_maintainer(admin)
end
context 'public deploy key attached to project' do
let(:extra_params) { deploy_key_params('updated title', '1') }
context 'admin mode disabled' do
it 'does not update the title of the deploy key' do
expect { subject }.not_to change { deploy_key.reload.title }
end
it 'updates can_push of deploy_keys_project' do
expect { subject }.to change { deploy_keys_project.reload.can_push }.from(false).to(true)
end
end
end
context 'with admin', :enable_admin_mode do
before do
sign_in(admin)
end
context 'admin mode enabled', :enable_admin_mode do
context 'public deploy key attached to project' do
let(:extra_params) { deploy_key_params('updated title', '1') }
it 'updates the title of the deploy key' do
expect { subject }.to change { deploy_key.reload.title }.to('updated title')
end
it 'updates can_push of deploy_keys_project' do
expect { subject }.to change { deploy_keys_project.reload.can_push }.from(false).to(true)
end
end
context 'when a different deploy key id param is injected' do
let(:extra_params) { deploy_key_params('updated title', '1') }
let(:hacked_params) do
extra_params.reverse_merge(id: other_deploy_key_id, namespace_id: project.namespace, project_id: project)
end
subject { put :update, params: hacked_params }
context 'and that deploy key id exists' do
let(:other_project) { create(:project) }
let(:other_deploy_key) do
key = create(:deploy_key)
project.deploy_keys << key
key
end
let(:other_deploy_key_id) { other_deploy_key.id }
it 'does not update the can_push attribute' do
expect { subject }.not_to change { deploy_key.deploy_keys_project_for(project).can_push }
end
end
context 'and that deploy key id does not exist' do
let(:other_deploy_key_id) { 9999 }
it 'returns 404' do
subject
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
end
context 'with admin as project maintainer' do
before do
sign_in(admin)
project.add_maintainer(admin)
end
context 'public deploy key attached to project' do
let(:extra_params) { deploy_key_params('updated title', '1') }
context 'admin mode disabled' do
it 'does not update the title of the deploy key' do
expect { subject }.not_to change { deploy_key.reload.title }
end
end
context 'admin mode enabled', :enable_admin_mode do
it 'updates the title of the deploy key' do
expect { subject }.to change { deploy_key.reload.title }.to('updated title')
end
end
it 'updates can_push of deploy_keys_project' do
expect { subject }.to change { deploy_keys_project.reload.can_push }.from(false).to(true)
end
end
end
end
context 'private deploy key' do
let_it_be(:deploy_key) { create(:deploy_key) }
let_it_be(:extra_params) { deploy_key_params('updated title', '1') }
context 'when attached to one project' do
let!(:deploy_keys_project) do
create(:deploy_keys_project, project: project, deploy_key: deploy_key)
end
context 'with admin', :enable_admin_mode do
before do
sign_in(admin)
end
it 'updates the title of the deploy key' do
expect { subject }.to change { deploy_key.reload.title }.to('updated title')
end
it 'updates can_push of deploy_keys_project' do
expect { subject }.to change { deploy_keys_project.reload.can_push }.from(false).to(true)
end
end
context 'with project maintainer' do
before do
project.add_maintainer(user)
end
it 'updates the title of the deploy key' do
expect { subject }.to change { deploy_key.reload.title }.to('updated title')
end
it 'updates can_push of deploy_keys_project' do
expect { subject }.to change { deploy_keys_project.reload.can_push }.from(false).to(true)
end
end
context 'with project guest' do
before do
project.add_guest(user)
end
it 'does not update the title of the deploy key' do
expect { subject }.not_to change { deploy_key.reload.title }
end
it 'does not update can_push of deploy_keys_project' do
expect { subject }.not_to change { deploy_keys_project.reload.can_push }
end
end
end
context 'when attached to multiple projects' do
let_it_be(:another_project) { create(:project) }
before do
create(:deploy_keys_project, project: project, deploy_key: deploy_key)
create(:deploy_keys_project, project: another_project, deploy_key: deploy_key)
end
context 'with admin', :enable_admin_mode do
before do
sign_in(admin)
end
it 'updates the title of the deploy key' do
expect { subject }.to change { deploy_key.reload.title }.to('updated title')
end
end
it 'updates can_push of deploy_keys_project' do
expect { subject }.to change { deploy_keys_project.reload.can_push }.from(false).to(true)
context 'with project maintainer' do
before do
project.add_maintainer(user)
end
it 'does not update the title of the deploy key' do
expect { subject }.not_to change { deploy_key.reload.title }
end
end
context 'with project guest' do
before do
project.add_guest(user)
end
it 'does not update the title of the deploy key' do
expect { subject }.not_to change { deploy_key.reload.title }
end
end
end
end

9
spec/features/users/login_spec.rb
View File

@ -509,6 +509,15 @@ RSpec.describe 'Login', :clean_gitlab_redis_sessions, feature_category: :system_
expect(page).not_to have_content(I18n.t('devise.failure.already_authenticated'))
end
it 'does not allow LDAP user to sign in with local password' do
create(:identity, provider: 'ldapmain', user: user)
gitlab_sign_in(user)
expect(page).to have_content(I18n.t('devise.failure.invalid'))
expect(user.reload.failed_attempts).to eq(0)
end
it 'does not show already signed in message when opening sign in page after login' do
expect(authentication_metrics)
.to increment(:user_authenticated_counter)

15
spec/frontend/merge_request_tabs_spec.js
View File

@ -5,7 +5,7 @@ import { setHTMLFixture, resetHTMLFixture } from 'helpers/fixtures';
import initMrPage from 'helpers/init_vue_mr_page_helper';
import { stubPerformanceWebAPI } from 'helpers/performance';
import axios from '~/lib/utils/axios_utils';
import MergeRequestTabs from '~/merge_request_tabs';
import MergeRequestTabs, { getActionFromHref } from '~/merge_request_tabs';
import Diff from '~/diff';
import '~/lib/utils/common_utils';
import '~/lib/utils/url_utility';
@ -476,4 +476,17 @@ describe('MergeRequestTabs', () => {
});
});
});
describe('getActionFromHref', () => {
it.each`
pathName | action
${'/user/pipelines/-/merge_requests/1/diffs'} | ${'diffs'}
${'/user/diffs/-/merge_requests/1/pipelines'} | ${'pipelines'}
${'/user/pipelines/-/merge_requests/1/commits'} | ${'commits'}
${'/user/pipelines/1/-/merge_requests/1/diffs'} | ${'diffs'}
${'/user/pipelines/-/merge_requests/1'} | ${'show'}
`('returns $action for $location', ({ pathName, action }) => {
expect(getActionFromHref(pathName)).toBe(action);
});
});
});

2
spec/graphql/types/ci/pipeline_type_spec.rb
View File

@ -16,7 +16,7 @@ RSpec.describe Types::Ci::PipelineType do
upstream path project active user_permissions warnings commit commit_path uses_needs
test_report_summary test_suite ref ref_path warning_messages merge_request_event_type
name total_jobs triggered_by_path child source stuck
latest merge_request ref_text failure_reason yaml_errors trigger
latest merge_request ref_text failure_reason yaml_errors yaml_error_messages trigger
]
if Gitlab.ee?

52
spec/lib/gitlab/ci/config/yaml/fixtures/complex-included-ci.yml Normal file
View File

@ -0,0 +1,52 @@
spec:
inputs:
compiler:
default: gcc
optimization_level:
type: number
default: 2
test_framework:
default: unittest
coverage_enabled:
type: boolean
default: false
environment:
default: staging
deploy_strategy:
type: string
options: ['blue-green', 'rolling']
job_prefix:
description: Define a prefix for the job name
default: my-job
job_stage:
version:
type: string
regex: ^\d+\.\d+\.\d+$
default: 1.0.0
parallel_jobs:
type: number
default: 2
allow_failure:
type: boolean
default: false
---
"$[[ inputs.job_prefix ]]-build":
stage: $[[ inputs.job_stage ]]
script:
- echo "Building with $[[ inputs.compiler ]] and optimization level $[[ inputs.optimization_level ]]"
- echo "$[[ inputs.version ]]"
parallel: $[[ inputs.parallel_jobs ]]
"$[[ inputs.job_prefix ]]-test":
stage: $[[ inputs.job_stage ]]
script:
- echo "Testing with $[[ inputs.test_framework | expand_vars ]]"
- if [ $[[ inputs.coverage_enabled ]] == true ]; then echo "Coverage is enabled"; fi
allow_failure: $[[ inputs.allow_failure ]]
"$[[ inputs.job_prefix ]]-deploy":
stage: $[[ inputs.job_stage ]]
script:
- echo "Deploying to $[[ inputs.environment ]] using $[[ inputs.deploy_strategy ]] strategy"

163
spec/lib/gitlab/ci/config/yaml/loader_spec.rb
View File

@ -4,29 +4,56 @@ require 'spec_helper'
RSpec.describe ::Gitlab::Ci::Config::Yaml::Loader, feature_category: :pipeline_composition do
describe '#load' do
let_it_be(:project) { create(:project) }
let_it_be(:yaml) do
File.read(Rails.root.join('spec/lib/gitlab/ci/config/yaml/fixtures/complex-included-ci.yml'))
end
let(:inputs) { { test_input: 'hello test' } }
let(:variables) { [] }
let(:expected_config) do
{
'my-job-build': {
stage: 'build',
script: [
'echo "Building with clang and optimization level 3"',
'echo "1.0.0"'
],
parallel: '2'
},
'my-job-test': {
stage: 'build',
script: [
'echo "Testing with pytest"',
'if [ true == true ]; then echo "Coverage is enabled"; fi'
],
allow_failure: 'false'
},
'my-job-deploy': {
stage: 'build',
script: ['echo "Deploying to production using blue-green strategy"']
}
}
end
let(:yaml) do
<<~YAML
---
spec:
inputs:
test_input:
---
test_job:
script:
- echo "$[[ inputs.test_input ]]"
YAML
let(:inputs) do
{
compiler: 'clang',
optimization_level: 3,
test_framework: '$TEST_FRAMEWORK',
coverage_enabled: true,
environment: 'production',
deploy_strategy: 'blue-green',
job_stage: 'build'
}
end
let(:variables) do
Gitlab::Ci::Variables::Collection.new([
{ key: 'TEST_FRAMEWORK', value: 'pytest', masked: false }
])
end
subject(:result) { described_class.new(yaml, inputs: inputs, variables: variables).load }
it 'loads and interpolates CI config YAML' do
expected_config = { test_job: { script: ['echo "hello test"'] } }
expect(result).to be_valid
expect(result).to be_interpolated
expect(result.content).to eq(expected_config)
@ -50,102 +77,22 @@ RSpec.describe ::Gitlab::Ci::Config::Yaml::Loader, feature_category: :pipeline_c
end
end
context 'when there is an error interpolating the YAML' do
let(:inputs) { {} }
it 'returns an error result' do
expect(result).not_to be_valid
expect(result.error).to eq('`test_input` input: required value has not been provided')
end
end
context 'when interpolating into a YAML key' do
let(:yaml) do
<<~YAML
---
spec:
inputs:
test_input:
---
"$[[ inputs.test_input ]]_job":
script:
- echo "test"
YAML
end
it 'loads and interpolates CI config YAML' do
expected_config = { 'hello test_job': { script: ['echo "test"'] } }
expect(result).to be_valid
expect(result).to be_interpolated
expect(result.content).to eq(expected_config)
end
end
context 'when interpolating values of different types' do
context 'when there are errors with the inputs' do
let(:inputs) do
{
test_boolean: true,
test_number: 8,
test_string: 'test'
coverage_enabled: 'true',
deploy_strategy: 'not-an-option',
version: 'test-version'
}
end
let(:yaml) do
<<~YAML
---
spec:
inputs:
test_string:
type: string
test_boolean:
type: boolean
test_number:
type: number
---
"$[[ inputs.test_string ]]_job":
allow_failure: $[[ inputs.test_boolean ]]
parallel: $[[ inputs.test_number ]]
YAML
end
it 'loads and interpolates CI config YAML', quarantine: 'https://gitlab.com/gitlab-org/gitlab/-/issues/434826' do
expected_config = { test_job: { allow_failure: true, parallel: 8 } }
expect(result).to be_valid
expect(result).to be_interpolated
expect(result.content).to eq(expected_config)
end
end
context 'when interpolating and expanding variables' do
let(:inputs) { { test_input: '$TEST_VAR' } }
let(:variables) do
Gitlab::Ci::Variables::Collection.new([
{ key: 'TEST_VAR', value: 'test variable', masked: false }
])
end
let(:yaml) do
<<~YAML
---
spec:
inputs:
test_input:
---
"test_job":
script:
- echo "$[[ inputs.test_input | expand_vars ]]"
YAML
end
it 'loads and interpolates CI config YAML' do
expected_config = { test_job: { script: ['echo "test variable"'] } }
expect(result).to be_valid
expect(result).to be_interpolated
expect(result.content).to eq(expected_config)
it 'returns up to 3 error messages for input errors' do
expect(result).not_to be_valid
expect(result.error).to eq(
'`coverage_enabled` input: provided value is not a boolean, ' \
'`deploy_strategy` input: `not-an-option` cannot be used because it is not in the list of allowed options, ' \
'`job_stage` input: required value has not been provided'
)
end
end
@ -189,6 +136,8 @@ RSpec.describe ::Gitlab::Ci::Config::Yaml::Loader, feature_category: :pipeline_c
YAML
end
let(:inputs) { { test_input: 'test' } }
it 'returns an error result' do
stub_const('::Gitlab::Ci::Config::Interpolation::Block::MAX_FUNCTIONS', 1)

45
spec/models/concerns/recoverable_by_any_email_spec.rb
View File

@ -67,11 +67,38 @@ RSpec.describe RecoverableByAnyEmail, feature_category: :system_access do
end
end
shared_examples "does not send 'Reset password instructions' email when password auth is not allowed" do
it 'find the user with error' do
expect(send_reset_password_instructions).to be_instance_of User
expect(send_reset_password_instructions.errors[:password])
.to include(_('Password authentication is unavailable.'))
end
it 'does not send email to anyone' do
reset_delivered_emails!
expect { send_reset_password_instructions }
.not_to have_enqueued_mail(DeviseMailer, :reset_password_instructions)
perform_enqueued_jobs
should_not_email_anyone
end
end
context "when email param matches user's confirmed primary email" do
let(:expected_user) { user }
let(:email) { user_confirmed_primary_email }
it_behaves_like "sends 'Reset password instructions' email"
context 'when password authentication is not allowed' do
before do
allow(Gitlab::CurrentSettings).to receive_messages(password_authentication_enabled_for_web?: false)
end
it_behaves_like "does not send 'Reset password instructions' email when password auth is not allowed"
end
end
context "when email param matches user's unconfirmed primary email" do
@ -139,5 +166,23 @@ RSpec.describe RecoverableByAnyEmail, feature_category: :system_access do
it_behaves_like "does not send 'Reset password instructions' email"
end
context 'with an LDAP user' do
let_it_be(:ldap_user) { create(:omniauth_user, :ldap) }
context 'with a confirmed primary email' do
let(:email) { ldap_user.email }
it_behaves_like "does not send 'Reset password instructions' email when password auth is not allowed"
end
context 'with a confirmed secondary email' do
let(:email) do
create(:email, :confirmed, user: ldap_user, email: 'confirmed-secondary-ldap-email@example.com').email
end
it_behaves_like "does not send 'Reset password instructions' email when password auth is not allowed"
end
end
end
end

21
spec/models/group_spec.rb
View File

@ -694,19 +694,32 @@ RSpec.describe Group, feature_category: :groups_and_projects do
it_behaves_like 'namespace traversal'
describe '#self_and_descendants' do
it { expect(group.self_and_descendants.to_sql).to include 'traversal_ids @>' }
it { expect(group.self_and_descendants.to_sql).to include('traversal_ids >=').and(include('traversal_ids <')) }
end
describe '#self_and_descendant_ids' do
it { expect(group.self_and_descendant_ids.to_sql).to include 'traversal_ids @>' }
it { expect(group.self_and_descendant_ids.to_sql).to include('traversal_ids >=').and(include('traversal_ids <')) }
end
describe '#descendants' do
it { expect(group.descendants.to_sql).to include 'traversal_ids @>' }
it { expect(group.descendants.to_sql).to include('traversal_ids >=').and(include('traversal_ids <')) }
end
describe '#self_and_hierarchy' do
it { expect(group.self_and_hierarchy.to_sql).to include 'traversal_ids @>' }
it { expect(group.self_and_hierarchy.to_sql).to include('traversal_ids >=').and(include('traversal_ids <')) }
end
context 'when optimize_top_bound_lineage_search is off' do
before do
stub_feature_flags(optimize_top_bound_lineage_search: false)
end
it 'uses @> operator in queries' do
expect(group.self_and_descendants.to_sql).to include('traversal_ids @>')
expect(group.self_and_descendant_ids.to_sql).to include('traversal_ids @>')
expect(group.descendants.to_sql).to include('traversal_ids @>')
expect(group.self_and_hierarchy.to_sql).to include('traversal_ids @>')
end
end
describe '#ancestors' do

36
spec/policies/deploy_key_policy_spec.rb
View File

@ -17,12 +17,16 @@ RSpec.describe DeployKeyPolicy, feature_category: :groups_and_projects do
it { is_expected.to be_disallowed(:read_deploy_key) }
it { is_expected.to be_disallowed(:update_deploy_key) }
it { is_expected.to be_disallowed(:update_deploy_key_title) }
end
context 'and current_user is present' do
it { is_expected.to be_allowed(:read_deploy_key) }
it { is_expected.to be_disallowed(:update_deploy_key) }
it { is_expected.to be_disallowed(:update_deploy_key_title) }
end
context 'when current_user is admin' do
@ -32,12 +36,16 @@ RSpec.describe DeployKeyPolicy, feature_category: :groups_and_projects do
it { is_expected.to be_allowed(:read_deploy_key) }
it { is_expected.to be_allowed(:update_deploy_key) }
it { is_expected.to be_allowed(:update_deploy_key_title) }
end
context 'when admin mode disabled' do
it { is_expected.to be_allowed(:read_deploy_key) }
it { is_expected.to be_disallowed(:update_deploy_key) }
it { is_expected.to be_disallowed(:update_deploy_key_title) }
end
end
end
@ -51,6 +59,8 @@ RSpec.describe DeployKeyPolicy, feature_category: :groups_and_projects do
it { is_expected.to be_disallowed(:read_deploy_key) }
it { is_expected.to be_disallowed(:update_deploy_key) }
it { is_expected.to be_disallowed(:update_deploy_key_title) }
end
context 'when current_user is admin' do
@ -60,12 +70,16 @@ RSpec.describe DeployKeyPolicy, feature_category: :groups_and_projects do
it { is_expected.to be_allowed(:read_deploy_key) }
it { is_expected.to be_allowed(:update_deploy_key) }
it { is_expected.to be_allowed(:update_deploy_key_title) }
end
context 'when admin mode disabled' do
it { is_expected.to be_disallowed(:read_deploy_key) }
it { is_expected.to be_disallowed(:update_deploy_key) }
it { is_expected.to be_disallowed(:update_deploy_key_title) }
end
end
@ -79,12 +93,34 @@ RSpec.describe DeployKeyPolicy, feature_category: :groups_and_projects do
it { is_expected.to be_allowed(:read_deploy_key) }
it { is_expected.to be_allowed(:update_deploy_key) }
it { is_expected.to be_allowed(:update_deploy_key_title) }
end
context 'when assigned to another project' do
it { is_expected.to be_disallowed(:read_deploy_key) }
it { is_expected.to be_disallowed(:update_deploy_key) }
it { is_expected.to be_disallowed(:update_deploy_key_title) }
end
context 'when assigned to miltiple projects' do
let_it_be(:project_one) { create(:project) }
let_it_be(:project_two) { create(:project) }
before_all do
create(:deploy_keys_project, project: project_one, deploy_key: deploy_key)
create(:deploy_keys_project, project: project_two, deploy_key: deploy_key)
project_one.add_maintainer(current_user)
end
it { is_expected.to be_allowed(:read_deploy_key) }
it { is_expected.to be_allowed(:update_deploy_key) }
it { is_expected.to be_disallowed(:update_deploy_key_title) }
end
end
end

45
spec/requests/api/deploy_keys_spec.rb
View File

@ -367,6 +367,51 @@ RSpec.describe API::DeployKeys, :aggregate_failures, feature_category: :continuo
expect(response).to have_gitlab_http_status(:ok)
end
end
context 'private deploy key attached to one project' do
let_it_be(:deploy_key) { create(:deploy_key, public: false) }
let_it_be(:deploy_keys_project) do
create(:deploy_keys_project, project: project, deploy_key: deploy_key)
end
let_it_be(:extra_params) { { title: 'new title', can_push: true } }
it 'updates the title of the deploy key' do
expect { subject }.to change { deploy_key.reload.title }.to('new title')
expect(response).to have_gitlab_http_status(:ok)
end
it 'updates can_push of deploy_keys_project' do
expect { subject }.to change { deploy_keys_project.reload.can_push }.from(false).to(true)
expect(response).to have_gitlab_http_status(:ok)
end
end
context 'private deploy key attached to multiple projects' do
let_it_be(:deploy_key) { create(:deploy_key, public: false) }
let_it_be(:another_project) { create(:project, title: 'hello world') }
let_it_be(:extra_params) { { title: 'new title', can_push: true } }
let_it_be(:deploy_keys_project) do
create(:deploy_keys_project, project: project, deploy_key: deploy_key)
end
before do
create(:deploy_keys_project, project: another_project, deploy_key: deploy_key)
another_project.add_maintainer(maintainer)
end
it 'does not update the title of the deploy key' do
expect { subject }.not_to change { deploy_key.reload.title }
expect(response).to have_gitlab_http_status(:ok)
end
it 'updates can_push of deploy_keys_project' do
expect { subject }.to change { deploy_keys_project.reload.can_push }.from(false).to(true)
expect(response).to have_gitlab_http_status(:ok)
end
end
end
end

2
spec/requests/api/members_spec.rb
View File

@ -665,7 +665,7 @@ RSpec.describe API::Members, feature_category: :groups_and_projects do
it 'returns 400 when access level is not valid' do
put api("/#{source_type.pluralize}/#{source.id}/members/#{developer.id}", maintainer),
params: { access_level: non_existing_record_access_level }
params: { access_level: 15 }
expect(response).to have_gitlab_http_status(:bad_request)
end

1
spec/support/rspec_order_todo.yml
View File

@ -9364,7 +9364,6 @@
- './spec/workers/auto_merge_process_worker_spec.rb'
- './spec/workers/background_migration/ci_database_worker_spec.rb'
- './spec/workers/background_migration_worker_spec.rb'
- './spec/workers/build_hooks_worker_spec.rb'
- './spec/workers/build_queue_worker_spec.rb'
- './spec/workers/bulk_imports/entity_worker_spec.rb'
- './spec/workers/bulk_imports/export_request_worker_spec.rb'

46
spec/workers/build_hooks_worker_spec.rb
View File

@ -1,46 +0,0 @@
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe BuildHooksWorker, feature_category: :continuous_integration do
describe '#perform' do
context 'when build exists' do
let!(:build) { create(:ci_build) }
it 'calls build hooks' do
expect_any_instance_of(Ci::Build)
.to receive(:execute_hooks)
described_class.new.perform(build.id)
end
end
context 'when build does not exist' do
it 'does not raise exception' do
expect { described_class.new.perform(123) }
.not_to raise_error
end
end
end
describe '.perform_async', :sidekiq_inline do
it 'sends a message to the application logger, before performing' do
build = create(:ci_build)
expect(Gitlab::AppLogger).to receive(:info).with(
message: include('Enqueuing hooks for Build'),
class: described_class.name,
build_id: build.id,
pipeline_id: build.pipeline_id,
project_id: build.project_id,
build_status: build.status
)
expect_any_instance_of(Ci::Build).to receive(:execute_hooks)
described_class.perform_async(build)
end
end
it_behaves_like 'worker with data consistency', described_class, data_consistency: :delayed
end

1
spec/workers/every_sidekiq_worker_spec.rb
View File

@ -135,7 +135,6 @@ RSpec.describe 'Every Sidekiq worker', feature_category: :shared do
'AutoMergeProcessWorker' => 3,
'BackgroundMigrationWorker' => 3,
'BackgroundMigration::CiDatabaseWorker' => 3,
'BuildHooksWorker' => 3,
'BuildQueueWorker' => 3,
'BuildSuccessWorker' => 3,
'BulkImportWorker' => 3,