root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2025-02-12 00:08:12 +00:00
parent fc7097e255
commit f69881cf87
115 changed files with 778 additions and 434 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/assets/javascripts/issues/list/components/issues_list_app.vue
View File

@ -294,6 +294,7 @@ export default {
iid: isIidSearch ? this.searchQuery.slice(1) : undefined,
isProject: this.isProject,
isSignedIn: this.isSignedIn,
searchByEpic: Boolean(this.apiFilterParams.epicId),
sort: this.sortKey,
state: this.state,
...this.pageParams,

5
app/assets/javascripts/pages/groups/new/components/app.vue
View File

@ -1,7 +1,4 @@
<script>
import GROUP_IMPORT_SVG_URL from '@gitlab/svgs/dist/illustrations/group-import.svg?url';
import GROUP_NEW_SVG_URL from '@gitlab/svgs/dist/illustrations/group-new.svg?url';
import { s__ } from '~/locale';
import NewNamespacePage from '~/vue_shared/new_namespace/new_namespace_page.vue';
import createGroupDescriptionDetails from './create_group_description_details.vue';
@ -74,7 +71,6 @@ export default {
parentGroupName: this.parentGroupName,
importExistingGroupPath: this.importExistingGroupPath,
},
imageSrc: GROUP_NEW_SVG_URL,
},
{
name: 'import-group-pane',
@ -84,7 +80,6 @@ export default {
'GroupsNew|Import a group and related data from another GitLab instance.',
),
details: 'Migrate your existing groups from another instance of GitLab.',
imageSrc: GROUP_IMPORT_SVG_URL,
},
];
},

36
app/assets/javascripts/pages/projects/shared/permissions/components/settings_panel.vue
View File

@ -11,6 +11,7 @@ import {
import SecretManagerSettings from 'ee_component/pages/projects/shared/permissions/components/secret_manager_settings.vue';
import ConfirmDanger from '~/vue_shared/components/confirm_danger/confirm_danger.vue';
import settingsMixin from 'ee_else_ce/pages/projects/shared/permissions/mixins/settings_pannel_mixin';
import glFeatureFlagMixin from '~/vue_shared/mixins/gl_feature_flags_mixin';
import { __, s__ } from '~/locale';
import {
VISIBILITY_LEVEL_PRIVATE_INTEGER,
@ -30,6 +31,7 @@ import {
duoHelpPath,
amazonQHelpPath,
pipelineExecutionPoliciesHelpPath,
extendedPratExpiryWebhooksExecuteHelpPath,
} from '../constants';
import { toggleHiddenClassBySelector } from '../external';
import ProjectFeatureSetting from './project_feature_setting.vue';
@ -95,6 +97,12 @@ export default {
),
confirmButtonText: __('Save changes'),
emailsLabel: s__('ProjectSettings|Email notifications'),
extendedPratExpiryWebhooksExecuteLabel: s__(
'ProjectSettings|Add additional webhook triggers for project access token expiry.',
),
extendedPratExpiryWebhooksExecuteHelpText: s__(
'ProjectSettings|If enabled, project access tokens expiry webhooks execute 60, 30, and 7 days before the token expires. If disabled, these webhooks only execute 7 days before the token expires. %{linkStart}Learn more%{linkEnd}',
),
showDiffPreviewLabel: s__('ProjectSettings|Include diff previews'),
showDiffPreviewHelpText: s__(
'ProjectSettings|Emails are not encrypted. Concerned administrators may want to disable diff previews.',
@ -113,6 +121,7 @@ export default {
modelExperimentsHelpPath,
modelRegistryHelpPath,
pipelineExecutionPoliciesHelpPath,
extendedPratExpiryWebhooksExecuteHelpPath,
components: {
CiCatalogSettings,
ProjectFeatureSetting,
@ -132,7 +141,7 @@ export default {
'jh_component/pages/projects/shared/permissions/components/other_project_settings.vue'
),
},
mixins: [settingsMixin],
mixins: [settingsMixin, glFeatureFlagMixin()],
inject: ['cascadingSettingsData'],
props: {
requestCveAvailable: {
@ -346,6 +355,7 @@ export default {
enforceAuthChecksOnUploads: true,
emailsEnabled: true,
showDiffPreviewInEmail: true,
extendedPratExpiryWebhooksExecute: false,
cveIdRequestEnabled: true,
duoFeaturesEnabled: false,
sppRepositoryPipelineAccess: false,
@ -1115,6 +1125,30 @@ export default {
<template #help>{{ $options.i18n.pucWarningHelpText }}</template>
</gl-form-checkbox>
</project-setting-row>
<project-setting-row v-if="glFeatures.extendedExpiryWebhookExecutionSetting">
<input
:value="extendedPratExpiryWebhooksExecute"
type="hidden"
name="project[project_setting_attributes][extended_prat_expiry_webhooks_execute]"
/>
<gl-form-checkbox
v-model="extendedPratExpiryWebhooksExecute"
name="project[project_setting_attributes][extended_prat_expiry_webhooks_execute]"
>
{{ $options.i18n.extendedPratExpiryWebhooksExecuteLabel }}
<template #help>
<gl-sprintf :message="$options.i18n.extendedPratExpiryWebhooksExecuteHelpText">
<template #link="{ content }">
<gl-link
:href="$options.extendedPratExpiryWebhooksExecuteHelpPath"
target="_blank"
>{{ content }}</gl-link
>
</template>
</gl-sprintf>
</template>
</gl-form-checkbox>
</project-setting-row>
<ci-catalog-settings v-if="canAddCatalogResource" :full-path="confirmationPhrase" />
<secret-manager-settings v-if="canManageSecretManager" :full-path="confirmationPhrase" />
<other-project-settings />

5
app/assets/javascripts/pages/projects/shared/permissions/constants.js
View File

@ -51,6 +51,11 @@ export const modelExperimentsHelpPath = helpPagePath(
export const modelRegistryHelpPath = helpPagePath('user/project/ml/model_registry/_index.md');
export const extendedPratExpiryWebhooksExecuteHelpPath = helpPagePath(
'user/project/settings/_index.md',
{ anchor: 'add-additional-webhook-triggers-for-project-access-token-expiration' },
);
export const duoHelpPath = helpPagePath('user/ai_features');
export const amazonQHelpPath = helpPagePath('user/duo_amazon_q/_index.md');

8
app/assets/javascripts/projects/new/components/app.vue
View File

@ -1,8 +1,4 @@
<script>
import PROJECT_CREATE_FROM_TEMPLATE_SVG_URL from '@gitlab/svgs/dist/illustrations/project-create-from-template-sm.svg?url';
import PROJECT_CREATE_NEW_SVG_URL from '@gitlab/svgs/dist/illustrations/project-create-new-sm.svg?url';
import PROJECT_IMPORT_SVG_URL from '@gitlab/svgs/dist/illustrations/project-import-sm.svg?url';
import PROJECT_RUN_CICD_PIPELINES_SVG_URL from '@gitlab/svgs/dist/illustrations/empty-state/empty-devops-md.svg?url';
import SafeHtml from '~/vue_shared/directives/safe_html';
import { s__ } from '~/locale';
import NewNamespacePage from '~/vue_shared/new_namespace/new_namespace_page.vue';
@ -19,7 +15,6 @@ const PANELS = [
description: s__(
'ProjectsNew|Create a blank project to store your files, plan your work, and collaborate on code, among other things.',
),
imageSrc: PROJECT_CREATE_NEW_SVG_URL,
},
{
key: 'template',
@ -29,7 +24,6 @@ const PANELS = [
description: s__(
'ProjectsNew|Create a project pre-populated with the necessary files to get you started quickly.',
),
imageSrc: PROJECT_CREATE_FROM_TEMPLATE_SVG_URL,
},
{
key: 'import',
@ -39,7 +33,6 @@ const PANELS = [
description: s__(
'ProjectsNew|Migrate your data from an external source like GitHub, Bitbucket, or another instance of GitLab.',
),
imageSrc: PROJECT_IMPORT_SVG_URL,
},
{
key: 'ci',
@ -47,7 +40,6 @@ const PANELS = [
selector: '#ci-cd-project-pane',
title: s__('ProjectsNew|Run CI/CD for external repository'),
description: s__('ProjectsNew|Connect your external repository to GitLab CI/CD.'),
imageSrc: PROJECT_RUN_CICD_PIPELINES_SVG_URL,
},
];

20
app/assets/javascripts/vue_shared/new_namespace/new_namespace_page.vue
View File

@ -4,12 +4,14 @@ import NewTopLevelGroupAlert from '~/groups/components/new_top_level_group_alert
import SuperSidebarToggle from '~/super_sidebar/components/super_sidebar_toggle.vue';
import { sidebarState, JS_TOGGLE_EXPAND_CLASS } from '~/super_sidebar/constants';
import { s__ } from '~/locale';
import PageHeading from '~/vue_shared/components/page_heading.vue';
import LegacyContainer from './components/legacy_container.vue';
import WelcomePage from './components/welcome.vue';
export default {
JS_TOGGLE_EXPAND_CLASS,
components: {
PageHeading,
NewTopLevelGroupAlert,
GlBreadcrumb,
GlIcon,
@ -150,19 +152,13 @@ export default {
</div>
<template v-if="activePanel">
<div data-testid="active-panel-template" class="gl-flex gl-items-center gl-py-5">
<div class="col-auto">
<img aria-hidden="true" :src="activePanel.imageSrc" :alt="activePanel.title" />
</div>
<div class="col">
<h1 class="gl-heading-2-fixed gl-my-3">{{ activePanel.title }}</h1>
<p v-if="hasTextDetails">{{ details }}</p>
<page-heading :heading="activePanel.title" data-testid="active-panel-template">
<template #description>
<template v-if="hasTextDetails">{{ details }}</template>
<component :is="details" v-else v-bind="detailProps" />
</div>
<slot name="extra-description"></slot>
</div>
<slot name="extra-description"></slot>
</template>
</page-heading>
<gl-alert
v-if="identityVerificationRequired"

4
app/assets/stylesheets/framework/crud.scss
View File

@ -113,3 +113,7 @@ $crud-header-min-height: px-to-rem(49px);
margin-bottom: 0;
}
}
.crud-body .gl-alert {
@apply dark:gl-bg-strong;
}

11
app/controllers/projects_controller.rb
View File

@ -54,6 +54,8 @@ class ProjectsController < Projects::ApplicationController
push_force_frontend_feature_flag(:work_items, @project&.work_items_feature_flag_enabled?)
push_force_frontend_feature_flag(:work_items_beta, @project&.work_items_beta_feature_flag_enabled?)
push_force_frontend_feature_flag(:work_items_alpha, @project&.work_items_alpha_feature_flag_enabled?)
# FF to enable setting to allow webhook execution on 30D and 60D notification delivery too
push_frontend_feature_flag(:extended_expiry_webhook_execution_setting, @project&.namespace)
push_frontend_feature_flag(:work_item_description_templates, @project&.group)
end
@ -460,7 +462,7 @@ class ProjectsController < Projects::ApplicationController
end
def project_setting_attributes
%i[
attributes = %i[
show_default_award_emojis
show_diff_preview_in_email
squash_option
@ -469,6 +471,13 @@ class ProjectsController < Projects::ApplicationController
enforce_auth_checks_on_uploads
emails_enabled
]
if ::Feature.enabled?(:extended_expiry_webhook_execution_setting, @project&.namespace) &&
can?(current_user, :admin_project, project)
attributes << :extended_prat_expiry_webhooks_execute
end
attributes
end
def project_params_attributes

12
app/finders/issuable_finder.rb
View File

@ -524,18 +524,16 @@ class IssuableFinder
end
def can_filter_by_crm_contact?
current_user&.can?(:read_crm_contact, root_group)
current_user&.can?(:read_crm_contact, crm_group)
end
def can_filter_by_crm_organization?
current_user&.can?(:read_crm_organization, root_group)
current_user&.can?(:read_crm_organization, crm_group)
end
def root_group
strong_memoize(:root_group) do
base_group = params.group || params.project&.group
base_group&.root_ancestor
def crm_group
strong_memoize(:crm_group) do
params.group&.crm_group || params.project&.crm_group
end
end
end

7
app/graphql/resolvers/wikis/wiki_page_resolver.rb
View File

@ -5,6 +5,8 @@ module Resolvers
class WikiPageResolver < BaseResolver
description 'Retrieve a wiki page'
calls_gitaly!
type Types::Wikis::WikiPageType, null: true
argument :slug, GraphQL::Types::String, required: false, description: 'Wiki page slug.'
@ -28,7 +30,10 @@ module Resolvers
return unless slug.present? && container.present?
::WikiPage::Meta.find_by_canonical_slug(slug, container)
wiki = Wiki.for_container(container, current_user)
page = wiki.find_page(slug, load_content: false)
page&.find_or_create_meta
end
private

3
app/graphql/types/query_type.rb
View File

@ -196,7 +196,8 @@ module Types
null: true,
resolver: Resolvers::Wikis::WikiPageResolver,
experiment: { milestone: '17.6' },
description: 'Find a wiki page.'
description: 'Find a wiki page.',
calls_gitaly: true
field :work_item, Types::WorkItemType,
null: true,
resolver: Resolvers::WorkItemResolver,

8
app/helpers/issues_helper.rb
View File

@ -165,8 +165,8 @@ module IssuesHelper
can_create_issue: can?(current_user, :create_issue, project).to_s,
can_edit: can?(current_user, :admin_project, project).to_s,
can_import_issues: can?(current_user, :import_issues, @project).to_s,
can_read_crm_contact: can?(current_user, :read_crm_contact, project.group).to_s,
can_read_crm_organization: can?(current_user, :read_crm_organization, project.group).to_s,
can_read_crm_contact: can?(current_user, :read_crm_contact, project.crm_group).to_s,
can_read_crm_organization: can?(current_user, :read_crm_organization, project.crm_group).to_s,
email: current_user&.notification_email_or_default,
emails_help_page_path: help_page_path('development/emails.md', anchor: 'email-namespace'),
export_csv_path: export_csv_project_issues_path(project),
@ -188,8 +188,8 @@ module IssuesHelper
def group_issues_list_data(group, current_user)
common_issues_list_data(group, current_user).merge(
can_create_projects: can?(current_user, :create_projects, group).to_s,
can_read_crm_contact: can?(current_user, :read_crm_contact, group).to_s,
can_read_crm_organization: can?(current_user, :read_crm_organization, group).to_s,
can_read_crm_contact: can?(current_user, :read_crm_contact, group.crm_group).to_s,
can_read_crm_organization: can?(current_user, :read_crm_organization, group.crm_group).to_s,
group_id: group.id,
has_any_issues: @has_issues.to_s,
has_any_projects: @has_projects.to_s,

1
app/helpers/projects_helper.rb
View File

@ -949,6 +949,7 @@ module ProjectsHelper
containerRegistryEnabled: !!project.container_registry_enabled,
lfsEnabled: !!project.lfs_enabled,
emailsEnabled: project.emails_enabled?,
extendedPratExpiryWebhooksExecute: project.extended_prat_expiry_webhooks_execute?,
showDiffPreviewInEmail: project.show_diff_preview_in_email?,
monitorAccessLevel: feature.monitor_access_level,
showDefaultAwardEmojis: project.show_default_award_emojis?,

19
app/models/project.rb
View File

@ -580,6 +580,7 @@ class Project < ApplicationRecord
delegate :mr_default_target_self, :mr_default_target_self=
delegate :previous_default_branch, :previous_default_branch=
delegate :squash_option, :squash_option=
delegate :extended_prat_expiry_webhooks_execute, :extended_prat_expiry_webhooks_execute=
with_options allow_nil: true do
delegate :merge_commit_template, :merge_commit_template=
@ -1235,6 +1236,10 @@ class Project < ApplicationRecord
!!project_setting&.warn_about_potentially_unwanted_characters?
end
def extended_prat_expiry_webhooks_execute?
!!project_setting&.extended_prat_expiry_webhooks_execute?
end
def no_import?
!!import_state&.no_import?
end
@ -1980,7 +1985,19 @@ class Project < ApplicationRecord
def triggered_hooks(hooks_scope, data)
triggered = ::Projects::TriggeredHooks.new(hooks_scope, data)
triggered.add_hooks(hooks)
# By default the webhook resource_access_token_hooks will execute for
# seven_days interval but we have a setting to allow webhook execution
# for thirty_days and sixty_days interval too.
if hooks_scope == :resource_access_token_hooks &&
::Feature.enabled?(:extended_expiry_webhook_execution_setting, self.namespace) &&
data[:interval] != :seven_days &&
!self.extended_prat_expiry_webhooks_execute?
triggered
else
triggered.add_hooks(hooks)
end
end
def execute_integrations(data, hooks_scope = :push_hooks, skip_ci: false)

4
app/models/wiki_page.rb
View File

@ -71,8 +71,8 @@ class WikiPage
set_attributes if persisted?
end
def meta
WikiPage::Meta.find_by_canonical_slug(slug, container)
def find_or_create_meta
WikiPage::Meta.find_or_create(slug, self)
end
# The escaped URL path of this page.

2
app/services/concerns/integrations/project_test_data.rb
View File

@ -107,7 +107,7 @@ module Integrations
expires_at: 2.days.from_now
)
Gitlab::DataBuilder::ResourceAccessToken.build(resource_access_token, :expiring, project)
Gitlab::DataBuilder::ResourceAccessTokenPayload.build(resource_access_token, :expiring, project)
end
def vulnerability_events_data

99
app/views/groups/_import_group_from_another_instance_panel.html.haml
View File

@ -1,57 +1,56 @@
- bulk_imports_enabled = Gitlab::CurrentSettings.bulk_import_enabled?
= gitlab_ui_form_with url: configure_import_bulk_imports_path(namespace_id: params[:parent_id]), class: 'gl-show-field-errors' do |f|
.gl-border-l-solid.gl-border-r-solid.gl-border-t-solid.gl-border-default.gl-border-1.gl-p-5.gl-mt-4
.gl-flex.gl-items-center.gl-justify-between
%h2.gl-flex.gl-heading-2-fixed.gl-my-3
= s_('GroupsNew|Import groups by direct transfer')
= render Pajamas::ButtonComponent.new(href: history_import_bulk_imports_path, category: :secondary, variant: :confirm, size: :small) do
= s_('BulkImport|View import history')
.gl-flex.gl-flex-col.gl-gap-5
- if !bulk_imports_enabled
= render Pajamas::AlertComponent.new(dismissible: false, variant: :tip) do |c|
- c.with_body do
= s_('GroupsNew|Importing groups by direct transfer is currently disabled.')
- if !bulk_imports_enabled
= render Pajamas::AlertComponent.new(dismissible: false, variant: :tip) do |c|
- c.with_body do
= s_('GroupsNew|Importing groups by direct transfer is currently disabled.')
- if current_user.admin?
- admin_link = link_to('', general_admin_application_settings_path(anchor: 'js-import-export-settings'))
- if current_user.admin?
- admin_link = link_to('', general_admin_application_settings_path(anchor: 'js-import-export-settings'))
= safe_format(s_('GroupsNew|Please %{admin_link_start}enable it in the Admin settings%{admin_link_end}.'), tag_pair(admin_link, :admin_link_start, :admin_link_end))
- else
= s_('GroupsNew|Please ask your Administrator to enable it in the Admin settings.')
= safe_format(s_('GroupsNew|Please %{admin_link_start}enable it in the Admin settings%{admin_link_end}.'), tag_pair(admin_link, :admin_link_start, :admin_link_end))
- else
= s_('GroupsNew|Please ask your Administrator to enable it in the Admin settings.')
= s_('GroupsNew|Remember to enable it also on the instance you are migrating from.')
- else
= render ::Layouts::CrudComponent.new(s_('GroupsNew|Import groups by direct transfer')) do |c|
- c.with_actions do
= render Pajamas::ButtonComponent.new(href: history_import_bulk_imports_path, size: :small) do
= s_('BulkImport|View import history')
- c.with_body do
= render Pajamas::AlertComponent.new(dismissible: false,
variant: :warning) do |c|
- c.with_body do
- docs_link = link_to('', help_page_path('user/group/import/migrated_items.md', anchor: 'migrated-group-items'), target: '_blank', rel: 'noopener noreferrer')
= safe_format(s_('GroupsNew|Not all group items are migrated. %{docs_link_start}What items are migrated%{docs_link_end}?'), tag_pair(docs_link, :docs_link_start, :docs_link_end))
= s_('GroupsNew|Remember to enable it also on the instance you are migrating from.')
- else
= render Pajamas::AlertComponent.new(dismissible: false,
variant: :warning) do |c|
- c.with_body do
- docs_link = link_to('', help_page_path('user/group/import/migrated_items.md', anchor: 'migrated-group-items'), target: '_blank', rel: 'noopener noreferrer')
= safe_format(s_('GroupsNew|Not all group items are migrated. %{docs_link_start}What items are migrated%{docs_link_end}?'), tag_pair(docs_link, :docs_link_start, :docs_link_end))
= gitlab_ui_form_with url: configure_import_bulk_imports_path(namespace_id: params[:parent_id]), class: 'gl-show-field-errors' do |f|
%p.gl-mt-5.gl-mb-3
- url_link = link_to('', help_page_path('user/group/import/direct_transfer_migrations.md', anchor: 'connect-the-source-gitlab-instance'), target: '_blank', rel: 'noopener noreferrer')
= safe_format(s_('GroupsNew|Provide credentials for the %{url_link_start}source instance%{url_link_end} to import from. You can provide this instance as a source to move groups within this instance.'), tag_pair(url_link, :url_link_start, :url_link_end))
.form-group.gl-form-group.gl-flex.gl-flex-col
= f.label :bulk_import_gitlab_url, s_('GroupsNew|GitLab source instance base URL'), for: 'import_gitlab_url'
= f.text_field :bulk_import_gitlab_url, disabled: !bulk_imports_enabled, placeholder: 'https://gitlab.example.com', class: 'gl-form-input col-xs-12 col-sm-8',
required: true,
title: s_('GroupsNew|Enter the URL for the source instance.'),
id: 'import_gitlab_url',
data: { testid: 'import-gitlab-url' }
%small.form-text.gl-text-subtle
= s_('Import|Must only contain the base URL of the source GitLab instance.')
.form-group.gl-form-group.gl-flex.gl-flex-col
= f.label :bulk_import_gitlab_access_token, s_('GroupsNew|Personal access token'), for: 'import_gitlab_token', class: 'col-form-label'
.gl-text-subtle
- pat_link = link_to('', help_page_path('user/profile/personal_access_tokens.md'), target: '_blank')
- short_living_link = link_to('', help_page_path('security/tokens/_index.md', anchor: 'security-considerations'), target: '_blank')
= safe_format(s_('GroupsNew|Create a token in the %{pat_link_start}user settings%{pat_link_end} of the source GitLab instance with the %{code_start}api%{code_end} scope. For source instances on GitLab 15.0 or earlier, the token must additionally have the %{code_start}read_repository%{code_end} scope. For %{short_living_link_start}security reasons%{short_living_link_end}, set a short expiration date for the token. Keep in mind that large migrations take more time.'), tag_pair('<code></code>'.html_safe, :code_start , :code_end), tag_pair(pat_link, :pat_link_start, :pat_link_end), tag_pair(short_living_link, :short_living_link_start, :short_living_link_end))
= f.password_field :bulk_import_gitlab_access_token, placeholder: s_('GroupsNew|e.g. h8d3f016698e...'), class: 'gl-form-input gl-mt-3 col-xs-12 col-sm-8',
required: true,
disabled: !bulk_imports_enabled,
autocomplete: 'off',
title: s_('GroupsNew|Please fill in your personal access token.'),
id: 'import_gitlab_token',
data: { testid: 'import-gitlab-token' }
%p.gl-mt-5.gl-mb-3
- url_link = link_to('', help_page_path('user/group/import/direct_transfer_migrations.md', anchor: 'connect-the-source-gitlab-instance'), target: '_blank', rel: 'noopener noreferrer')
= safe_format(s_('GroupsNew|Provide credentials for the %{url_link_start}source instance%{url_link_end} to import from. You can provide this instance as a source to move groups within this instance.'), tag_pair(url_link, :url_link_start, :url_link_end))
.form-group.gl-form-group.gl-flex.gl-flex-col
= f.label :bulk_import_gitlab_url, s_('GroupsNew|GitLab source instance base URL'), for: 'import_gitlab_url'
= f.text_field :bulk_import_gitlab_url, disabled: !bulk_imports_enabled, placeholder: 'https://gitlab.example.com', class: 'gl-form-input col-xs-12 col-sm-8',
required: true,
title: s_('GroupsNew|Enter the URL for the source instance.'),
id: 'import_gitlab_url',
data: { testid: 'import-gitlab-url' }
%small.form-text.gl-text-subtle
= s_('Import|Must only contain the base URL of the source GitLab instance.')
.form-group.gl-form-group.gl-flex.gl-flex-col
= f.label :bulk_import_gitlab_access_token, s_('GroupsNew|Personal access token'), for: 'import_gitlab_token', class: 'col-form-label'
.gl-font-normal
- pat_link = link_to('', help_page_path('user/profile/personal_access_tokens.md'), target: '_blank')
- short_living_link = link_to('', help_page_path('security/tokens/_index.md', anchor: 'security-considerations'), target: '_blank')
= safe_format(s_('GroupsNew|Create a token in the %{pat_link_start}user settings%{pat_link_end} of the source GitLab instance with the %{code_start}api%{code_end} scope. For source instances on GitLab 15.0 or earlier, the token must additionally have the %{code_start}read_repository%{code_end} scope. For %{short_living_link_start}security reasons%{short_living_link_end}, set a short expiration date for the token. Keep in mind that large migrations take more time.'), tag_pair('<code></code>'.html_safe, :code_start , :code_end), tag_pair(pat_link, :pat_link_start, :pat_link_end), tag_pair(short_living_link, :short_living_link_start, :short_living_link_end))
= f.password_field :bulk_import_gitlab_access_token, placeholder: s_('GroupsNew|e.g. h8d3f016698e...'), class: 'gl-form-input gl-mt-3 col-xs-12 col-sm-8',
required: true,
disabled: !bulk_imports_enabled,
autocomplete: 'off',
title: s_('GroupsNew|Please fill in your personal access token.'),
id: 'import_gitlab_token',
data: { testid: 'import-gitlab-token' }
.gl-border-default.gl-border-solid.gl-border-1.gl-p-5
= f.submit s_('GroupsNew|Connect instance'), disabled: !bulk_imports_enabled, pajamas_button: true, data: { testid: 'connect-instance-button' }
= f.submit s_('GroupsNew|Connect instance'), disabled: !bulk_imports_enabled, pajamas_button: true, data: { testid: 'connect-instance-button' }

28
app/views/groups/_import_group_from_file_panel.html.haml
View File

@ -2,10 +2,8 @@
- group_path = root_url
- group_path << parent.full_path + '/' if parent
= gitlab_ui_form_for '', url: import_gitlab_group_path, namespace: 'import_group', class: 'group-form gl-show-field-errors', multipart: true do |f|
.gl-border-l-solid.gl-border-r-solid.gl-border-default.gl-border-1.gl-p-5
%h2.gl-heading-2-fixed.gl-my-3
= _('Import group from file')
= render ::Layouts::CrudComponent.new(_('Import group from file')) do |c|
- c.with_body do
= render Pajamas::AlertComponent.new(variant: :warning,
alert_options: { class: 'gl-mb-5' },
dismissible: false) do |c|
@ -13,13 +11,15 @@
- docs_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: help_page_path('user/group/import/_index.md') }
- link_end = '</a>'.html_safe
= s_('GroupsNew|This feature is deprecated and replaced by group migration by direct transfer. %{docs_link_start}Learn more%{docs_link_end}.').html_safe % { docs_link_start: docs_link_start, docs_link_end: link_end }
= render 'shared/groups/group_name_and_path_fields', f: f
.form-group
= f.label :file, s_('GroupsNew|Upload file')
.gl-font-normal
- import_export_link_start = '<a href="%{url}" target="_blank">'.html_safe % { url: help_page_path('user/project/settings/import_export.md', anchor: 'migrate-groups-by-uploading-an-export-file-deprecated') }
= s_('GroupsNew|To import a group, navigate to the group settings for the GitLab source instance, %{link_start}generate an export file%{link_end}, and upload it here.').html_safe % { link_start: import_export_link_start, link_end: '</a>'.html_safe }
.gl-mt-3
= render 'shared/file_picker_button', f: f, field: :file, help_text: nil
.gl-border-default.gl-border-solid.gl-border-1.gl-p-5
= f.submit _('Import'), pajamas_button: true
= gitlab_ui_form_for '', url: import_gitlab_group_path, namespace: 'import_group', class: 'group-form gl-show-field-errors', multipart: true do |f|
= render 'shared/groups/group_name_and_path_fields', f: f
.form-group
= f.label :file, s_('GroupsNew|Upload file')
.gl-text-subtle
- import_export_link_start = '<a href="%{url}" target="_blank">'.html_safe % { url: help_page_path('user/project/settings/import_export.md', anchor: 'migrate-groups-by-uploading-an-export-file-deprecated') }
= s_('GroupsNew|To import a group, navigate to the group settings for the GitLab source instance, %{link_start}generate an export file%{link_end}, and upload it here.').html_safe % { link_start: import_export_link_start, link_end: '</a>'.html_safe }
.gl-mt-3
= render 'shared/file_picker_button', f: f, field: :file, help_text: nil
= f.submit _('Import'), pajamas_button: true

4
app/views/groups/_new_group_fields.html.haml
View File

@ -7,7 +7,7 @@
.form-group.gl-form-group.col-sm-12
%label.label-bold
= _('Visibility level')
%p
%p.gl-text-subtle
= _('Who will be able to see this group?')
= link_to _('View the documentation'), help_page_path("user/public_access.md"), target: '_blank', rel: 'noopener noreferrer'
= render 'shared/visibility_level', f: f, visibility_level: default_group_visibility, can_change_visibility_level: true, form_model: @group, with_label: false
@ -29,7 +29,7 @@
.col-sm-4
= recaptcha_tags nonce: content_security_policy_nonce
.row
.col-sm-12
.col-sm-12.gl-flex.gl-gap-3
= f.submit submit_label, pajamas_button: true, data: { testid: 'create-group-button' }
= render Pajamas::ButtonComponent.new(href: @parent_group || dashboard_groups_path) do
= _('Cancel')

2
app/views/groups/_personalize.html.haml
View File

@ -2,7 +2,7 @@
.form-group.col-sm-12.gl-mb-0
%label.label-bold
= _('Now, personalize your GitLab experience')
%p
%p.gl-text-subtle
= _("We'll use this to help surface the right features and information to you.")
.row

3
app/views/groups/new.html.haml
View File

@ -15,7 +15,6 @@
= gitlab_ui_form_for @group, html: { class: 'group-form gl-show-field-errors gl-mt-3' } do |f|
= render 'new_group_fields', f: f, group_name_id: 'create-group-name'
#import-group-pane.tab-pane
#import-group-pane.tab-pane.gl-flex.gl-flex-col.gl-gap-5
= render 'import_group_from_another_instance_panel'
.gl-mt-7.gl-border-b-solid.gl-border-default.gl-border-1
= render 'import_group_from_file_panel'

1
app/views/groups/settings/_permissions.html.haml
View File

@ -39,6 +39,7 @@
= render_if_exists 'groups/settings/prevent_forking', f: f, group: @group
= render_if_exists 'groups/settings/service_access_tokens_expiration_enforced', f: f, group: @group
= render_if_exists 'groups/settings/enforce_ssh_certificates', f: f, group: @group
= render_if_exists 'groups/settings/extended_grat_expiry_webhook_execute', f: f, group: @group
= render 'groups/settings/two_factor_auth', f: f, group: @group
= render_if_exists 'groups/personal_access_token_expiration_policy', f: f, group: @group
= render 'groups/settings/membership', f: f, group: @group

17
app/views/import/bitbucket_server/new.html.haml
View File

@ -2,14 +2,13 @@
- header_title _("New project"), new_project_path
- add_to_breadcrumbs s_('ProjectsNew|Import project'), new_project_path(anchor: 'import_project')
%h1.page-title.gl-text-size-h-display.gl-flex.gl-items-center
.gl-flex.gl-items-center.gl-justify-center
= sprite_icon('bitbucket', css_class: 'gl-mr-3', size: 48)
= _('Import repositories from Bitbucket Server')
%hr
%p
= _('Enter in your Bitbucket Server URL and personal access token below')
= render ::Layouts::PageHeadingComponent.new('') do |c|
- c.with_heading do
%span.gl-inline-flex.gl-items-center.gl-gap-3
= sprite_icon('bitbucket', size: 32)
= _('Import repositories from Bitbucket Server')
- c.with_description do
= _('Enter in your Bitbucket Server URL and personal access token below')
= form_tag configure_import_bitbucket_server_path(namespace_id: params[:namespace_id]), method: :post do
.form-group.row
@ -24,6 +23,6 @@
= label_tag :personal_access_token, 'Password/Personal access token', class: 'col-form-label col-md-2'
.col-md-4
= password_field_tag :personal_access_token, '', class: 'form-control gl-form-input gl-mr-3', placeholder: _('Personal access token'), size: 40
.form-actions
.col-sm-12.gl-mt-5
= render Pajamas::ButtonComponent.new(type: 'submit', variant: :confirm) do
= _('List your Bitbucket Server repositories')

9
app/views/projects/_new_project_fields.html.haml
View File

@ -103,7 +103,8 @@
= s_("ProjectsNew|Might break existing functionality with other repositories or APIs. It's not possible to change SHA-256 repositories back to the default SHA-1 hashing algorithm.")
-# this partial is from JiHu, see details in https://jihulab.com/gitlab-cn/gitlab/-/merge_requests/675
= render_if_exists 'shared/other_project_options', f: f, visibility_level: visibility_level, track_label: track_label
= f.submit _('Create project'), class: "js-create-project-button", data: { testid: 'project-create-button', track_label: "#{track_label}", track_action: "click_button", track_property: "create_project", track_value: "" }, pajamas_button: true
= link_button_to _('Cancel'), @parent_group || dashboard_groups_path, data: { track_label: "#{track_label}", track_action: "click_button", track_property: "cancel", track_value: "" }
.gl-flex.gl-gap-3
-# this partial is from JiHu, see details in https://jihulab.com/gitlab-cn/gitlab/-/merge_requests/675
= render_if_exists 'shared/other_project_options', f: f, visibility_level: visibility_level, track_label: track_label
= f.submit _('Create project'), class: "js-create-project-button", data: { testid: 'project-create-button', track_label: "#{track_label}", track_action: "click_button", track_property: "create_project", track_value: "" }, pajamas_button: true
= link_button_to _('Cancel'), @parent_group || dashboard_groups_path, data: { track_label: "#{track_label}", track_action: "click_button", track_property: "cancel", track_value: "" }

21
app/workers/personal_access_tokens/expiring_worker.rb
View File

@ -129,9 +129,12 @@ module PersonalAccessTokens
# project bot does not have more than 1 token
expiring_user_token = project_bot.personal_access_tokens.first
# webhooks do not include information about when the token expires, so
# only trigger on seven_days interval to avoid changing existing behavior
execute_web_hooks(project_bot, expiring_user_token) if interval == :seven_days
# If feature flag is not enabled webhooks will only execute if interval is seven_days
resource_namespace = bot_resource_namepace(project_bot.resource_bot_resource)
if Feature.enabled?(:extended_expiry_webhook_execution_setting, resource_namespace) ||
interval == :seven_days
execute_web_hooks(project_bot, expiring_user_token, { interval: interval })
end
interval_days = PersonalAccessToken.notification_interval(interval)
deliver_bot_notifications(project_bot, expiring_user_token.name, days_to_expire: interval_days)
@ -204,13 +207,13 @@ module PersonalAccessTokens
)
end
def execute_web_hooks(bot_user, token)
def execute_web_hooks(bot_user, token, data = {})
resource = bot_user.resource_bot_resource
return unless resource
return if resource.is_a?(Project) && !resource.has_active_hooks?(:resource_access_token_hooks)
hook_data = Gitlab::DataBuilder::ResourceAccessToken.build(token, :expiring, resource)
hook_data = Gitlab::DataBuilder::ResourceAccessTokenPayload.build(token, :expiring, resource, data)
resource.execute_hooks(hook_data, :resource_access_token_hooks)
end
@ -218,5 +221,13 @@ module PersonalAccessTokens
NotificationService.new
end
strong_memoize_attr :notification_service
def bot_resource_namepace(resource)
if resource.is_a?(Project)
resource.namespace
else
resource
end
end
end
end

4
config/application_setting_columns/secret_push_protection_available.yml
View File

@ -6,9 +6,7 @@ column: secret_push_protection_available
db_type: boolean
default: 'false'
description: Allow projects to enable secret push protection. This does not enable
secret push protection. When you enable this feature, you accept the [GitLab Testing
Agreement](https://handbook.gitlab.com/handbook/legal/testing-agreement/). Ultimate
only.
secret push protection. Ultimate only.
encrypted: false
gitlab_com_different_than_default: true
jihu: false

9
config/feature_flags/gitlab_com_derisk/extended_expiry_webhook_execution_setting.yml Normal file
View File

@ -0,0 +1,9 @@
---
name: extended_expiry_webhook_execution_setting
feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/499732
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/178266
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/513684
milestone: '17.9'
group: group::authentication
type: gitlab_com_derisk
default_enabled: false

10
db/migrate/20250108062227_add_extended_grat_expiry_webhook_execute_to_namespace_settings.rb Normal file
View File

@ -0,0 +1,10 @@
# frozen_string_literal: true
class AddExtendedGratExpiryWebhookExecuteToNamespaceSettings < Gitlab::Database::Migration[2.2]
enable_lock_retries!
milestone '17.9'
def change
add_column :namespace_settings, :extended_grat_expiry_webhooks_execute, :boolean, default: false, null: false
end
end

10
db/migrate/20250108062256_add_extended_prat_expiry_webhook_execute_to_project_settings.rb Normal file
View File

@ -0,0 +1,10 @@
# frozen_string_literal: true
class AddExtendedPratExpiryWebhookExecuteToProjectSettings < Gitlab::Database::Migration[2.2]
enable_lock_retries!
milestone '17.9'
def change
add_column :project_settings, :extended_prat_expiry_webhooks_execute, :boolean, default: false, null: false
end
end

1
db/schema_migrations/20250108062227 Normal file
View File

@ -0,0 +1 @@
d221b3a52a8446515e264adc177c912a39deb8633e57de13addbc778f965ae19

1
db/schema_migrations/20250108062256 Normal file
View File

@ -0,0 +1 @@
1a5a6cff5bd53bff910fd918c1580ce455b55a4f9ba5c16e071bb70ee1cde6cd

2
db/structure.sql
View File

@ -16937,6 +16937,7 @@ CREATE TABLE namespace_settings (
lock_resource_access_token_notify_inherited boolean DEFAULT false NOT NULL,
pipeline_variables_default_role smallint DEFAULT 2 NOT NULL,
force_pages_access_control boolean DEFAULT false NOT NULL,
extended_grat_expiry_webhooks_execute boolean DEFAULT false NOT NULL,
CONSTRAINT check_0ba93c78c7 CHECK ((char_length(default_branch_name) <= 255)),
CONSTRAINT namespace_settings_unique_project_download_limit_alertlist_size CHECK ((cardinality(unique_project_download_limit_alertlist) <= 100)),
CONSTRAINT namespace_settings_unique_project_download_limit_allowlist_size CHECK ((cardinality(unique_project_download_limit_allowlist) <= 100))
@ -19977,6 +19978,7 @@ CREATE TABLE project_settings (
spp_repository_pipeline_access boolean,
max_number_of_vulnerabilities integer,
pages_primary_domain text,
extended_prat_expiry_webhooks_execute boolean DEFAULT false NOT NULL,
CONSTRAINT check_1a30456322 CHECK ((char_length(pages_unique_domain) <= 63)),
CONSTRAINT check_3a03e7557a CHECK ((char_length(previous_default_branch) <= 4096)),
CONSTRAINT check_3ca5cbffe6 CHECK ((char_length(issue_branch_template) <= 255)),

2
doc/api/graphql/reference/_index.md
View File

@ -11677,7 +11677,7 @@ Input type: `vulnerabilitiesSeverityOverrideInput`
| Name | Type | Description |
| ---- | ---- | ----------- |
| <a id="mutationvulnerabilitiesseverityoverrideclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
| <a id="mutationvulnerabilitiesseverityoverridecomment"></a>`comment` | [`String`](#string) | Comment why vulnerability severity was changed (maximum 50,000 characters). |
| <a id="mutationvulnerabilitiesseverityoverridecomment"></a>`comment` | [`String!`](#string) | Comment why vulnerability severity was changed (maximum 50,000 characters). |
| <a id="mutationvulnerabilitiesseverityoverrideseverity"></a>`severity` | [`VulnerabilitySeverity!`](#vulnerabilityseverity) | New severity value for the severities. |
| <a id="mutationvulnerabilitiesseverityoverridevulnerabilityids"></a>`vulnerabilityIds` | [`[VulnerabilityID!]!`](#vulnerabilityid) | IDs of the vulnerabilities for which severity needs to be changed (maximum 100 entries). |

4
doc/api/openapi/openapi_v2.yaml
View File

@ -42543,7 +42543,7 @@ definitions:
type: string
security_and_compliance_enabled:
type: string
pre_receive_secret_detection_enabled:
secret_push_protection_enabled:
type: boolean
compliance_frameworks:
type: string
@ -56069,7 +56069,7 @@ definitions:
type: string
security_and_compliance_enabled:
type: string
pre_receive_secret_detection_enabled:
secret_push_protection_enabled:
type: boolean
compliance_frameworks:
type: string

12
doc/api/project_security_settings.md
View File

@ -47,13 +47,13 @@ Example response:
"auto_fix_sast": true,
"continuous_vulnerability_scans_enabled": true,
"container_scanning_for_registry_enabled": false,
"pre_receive_secret_detection_enabled": true
"secret_push_protection_enabled": true
}
```
## Update `pre_receive_secret_detection_enabled` setting
## Update `secret_push_protection_enabled` setting
Update the `pre_receive_secret_detection_enabled` setting for the project to the provided value.
Update the `secret_push_protection_enabled` setting for the project to the provided value.
Set to `true` to enable [secret push protection](../user/application_security/secret_detection/secret_push_protection/_index.md) for the project.
@ -64,10 +64,10 @@ Prerequisites:
| Attribute | Type | Required | Description |
| ------------------- | ----------------- | ---------- | -----------------------------------------------------------------------------------------------------------------------------|
| `id` | integer or string | yes | The ID or [URL-encoded path of the project](rest/_index.md#namespaced-paths) which the authenticated user is a member of |
| `pre_receive_secret_detection_enabled` | boolean | yes | The value to update `pre_receive_secret_detection_enabled` to |
| `secret_push_protection_enabled` | boolean | yes | The value to update `secret_push_protection_enabled` to |
```shell
curl --request PUT --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/7/security_settings?pre_receive_secret_detection_enabled=false"
curl --request PUT --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/7/security_settings?secret_push_protection_enabled=false"
```
Example response:
@ -83,6 +83,6 @@ Example response:
"auto_fix_sast": true,
"continuous_vulnerability_scans_enabled": true,
"container_scanning_for_registry_enabled": false,
"pre_receive_secret_detection_enabled": false
"secret_push_protection_enabled": false
}
```

24
doc/api/projects.md
View File

@ -222,7 +222,7 @@ Example response:
"marked_for_deletion_on": "2020-04-03",
"compliance_frameworks": [ "sox" ],
"warn_about_potentially_unwanted_characters": true,
"pre_receive_secret_detection_enabled": false,
"secret_push_protection_enabled": false,
"statistics": {
"commit_count": 37,
"storage_size": 1038090,
@ -575,7 +575,7 @@ When the user is authenticated and `simple` is not set, this endpoint returns so
"requirements_enabled": false,
"requirements_access_level": "enabled",
"security_and_compliance_enabled": false,
"pre_receive_secret_detection_enabled": false,
"secret_push_protection_enabled": false,
"compliance_frameworks": [],
"warn_about_potentially_unwanted_characters": true,
"permissions": {
@ -746,7 +746,7 @@ Example response:
"suggestion_commit_message": null,
"merge_commit_template": null,
"squash_commit_template": null,
"pre_receive_secret_detection_enabled": false,
"secret_push_protection_enabled": false,
"issue_branch_template": "gitlab/%{id}-%{title}",
"marked_for_deletion_at": "2020-04-03", // Deprecated in favor of marked_for_deletion_on. Planned for removal in a future version of the REST API.
"marked_for_deletion_on": "2020-04-03",
@ -884,7 +884,7 @@ Example response:
"suggestion_commit_message": null,
"merge_commit_template": null,
"squash_commit_template": null,
"pre_receive_secret_detection_enabled": false,
"secret_push_protection_enabled": false,
"issue_branch_template": "gitlab/%{id}-%{title}",
"statistics": {
"commit_count": 12,
@ -1014,7 +1014,7 @@ Example response:
"suggestion_commit_message": null,
"merge_commit_template": null,
"squash_commit_template": null,
"pre_receive_secret_detection_enabled": false,
"secret_push_protection_enabled": false,
"issue_branch_template": "gitlab/%{id}-%{title}",
"statistics": {
"commit_count": 37,
@ -1137,7 +1137,7 @@ Example response:
"suggestion_commit_message": null,
"merge_commit_template": null,
"squash_commit_template": null,
"pre_receive_secret_detection_enabled": false,
"secret_push_protection_enabled": false,
"issue_branch_template": "gitlab/%{id}-%{title}",
"statistics": {
"commit_count": 12,
@ -1943,7 +1943,7 @@ Example response:
"enforce_auth_checks_on_uploads": true,
"suggestion_commit_message": null,
"merge_commit_template": null,
"pre_receive_secret_detection_enabled": false,
"secret_push_protection_enabled": false,
"container_registry_image_prefix": "registry.example.com/diaspora/diaspora-project-site",
"_links": {
"self": "http://example.com/api/v4/projects",
@ -2088,7 +2088,7 @@ Example response:
"suggestion_commit_message": null,
"merge_commit_template": null,
"container_registry_image_prefix": "registry.example.com/diaspora/diaspora-project-site",
"pre_receive_secret_detection_enabled": false,
"secret_push_protection_enabled": false,
"_links": {
"self": "http://example.com/api/v4/projects",
"issues": "http://example.com/api/v4/projects/1/issues",
@ -2288,7 +2288,7 @@ Example response:
"mirror": false,
"compliance_frameworks": [],
"warn_about_potentially_unwanted_characters": true,
"pre_receive_secret_detection_enabled": false
"secret_push_protection_enabled": false
}
```
@ -2576,10 +2576,10 @@ DETAILS:
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/160960) in GitLab 17.3.
If you have at least the Developer role, the following requests could also return the `pre_receive_secret_detection_enabled` value.
If you have at least the Developer role, the following requests could also return the `secret_push_protection_enabled` value.
Note that some of these requests have stricter requirements about roles. Refer to the endpoints above for clarification.
Use this information to determine whether secret push protection is enabled for a project.
To modify the `pre_receive_secret_detection_enabled` value, please use the [Project Security Settings API](project_security_settings.md).
To modify the `secret_push_protection_enabled` value, please use the [Project Security Settings API](project_security_settings.md).
- `GET /projects`
- `GET /projects/:id`
@ -2598,7 +2598,7 @@ Example response:
{
"id": 1,
"project_id": 3,
"pre_receive_secret_detection_enabled": true,
"secret_push_protection_enabled": true,
...
}
```

4
doc/api/settings.md
View File

@ -179,7 +179,7 @@ these parameters:
- `duo_features_enabled`
- `lock_duo_features_enabled`
- `use_clickhouse_for_analytics`
- `pre_receive_secret_detection_enabled`
- `secret_push_protection_available`
```json
{
@ -732,7 +732,7 @@ to configure other related settings. These requirements are
| `lock_duo_features_enabled` | boolean | no | Indicates whether the GitLab Duo features enabled setting is enforced for all subgroups. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/144931) in GitLab 16.10. GitLab Self-Managed, Premium and Ultimate only. |
| `nuget_skip_metadata_url_validation` | boolean | no | Indicates whether to skip metadata URL validation for the NuGet package. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/145887) in GitLab 17.0. |
| `require_admin_two_factor_authentication` | boolean | no | Allow administrators to require 2FA for all administrators on the instance. |
| `pre_receive_secret_detection_enabled` | boolean | no | Allow projects to enable secret push protection. This does not enable secret push protection. When you enable this feature, you accept the [GitLab Testing Agreement](https://handbook.gitlab.com/handbook/legal/testing-agreement/). Ultimate only. |
| `secret_push_protection_available` | boolean | no | Allow projects to enable secret push protection. This does not enable secret push protection. Ultimate only. |
### Inactive project settings

3
doc/development/cells/application_settings_analysis.md
View File

@ -349,7 +349,6 @@ info: Analysis of Application Settings for Cells 1.0.
| `plantuml_enabled` | `false` | `boolean` | `boolean` | `false` | `null` | `true` | `true`| `true` |
| `plantuml_url` | `false` | `character` | `string` | `false` | `null` | `true` | `true`| `true` |
| `polling_interval_multiplier` | `false` | `numeric` | `float` | `true` | `1.0` | `false` | `false`| `true` |
| `pre_receive_secret_detection_enabled` | `false` | `boolean` | `boolean` | `true` | `false` | `false` | `true`| `true` |
| `prevent_merge_requests_author_approval` | `false` | `boolean` | `boolean` | `true` | `false` | `false` | `false`| `true` |
| `prevent_merge_requests_committers_approval` | `false` | `boolean` | `boolean` | `true` | `false` | `false` | `false`| `true` |
| `product_analytics_configurator_connection_string` | `true` | `bytea` | `` | `false` | `null` | `true` | `false`| `false` |
@ -410,7 +409,7 @@ info: Analysis of Application Settings for Cells 1.0.
| `secret_detection_token_revocation_enabled` | `false` | `boolean` | `` | `true` | `false` | `true` | `false`| `false` |
| `secret_detection_token_revocation_token` | `true` | `text` | `` | `false` | `null` | `true` | `false`| `false` |
| `secret_detection_token_revocation_url` | `false` | `text` | `` | `false` | `null` | `true` | `false`| `false` |
| `secret_push_protection_available` | `false` | `boolean` | `` | `false` | `false` | `true` | `true`| `false` |
| `secret_push_protection_available` | `false` | `boolean` | `boolean` | `true` | `false` | `true` | `true`| `true` |
| `security_approval_policies_limit` | `false` | `integer` | `integer` | `true` | `5` | `false` | `false`| `true` |
| `security_policies` | `false` | `jsonb` | `` | `true` | `'{}'::jsonb` | `true` | `false`| `false` |
| `security_policy_global_group_approvers_enabled` | `false` | `boolean` | `boolean` | `true` | `true` | `true` | `false`| `true` |

28
doc/development/cloud_connector/_index.md
View File

@ -84,34 +84,6 @@ For backward compatibility where instances are still using the old [legacy struc
Follow our [release checklist](https://gitlab.com/gitlab-org/cloud-connector/gitlab-cloud-connector/-/blob/main/.gitlab/merge_request_templates/Release.md#checklist) for publishing the new version of the library and using it in GitLab project.
#### Transition from old configuration
We are transitioning away from separate [CustomersDot](configuration.md#customersdot-configuration) and [GitLab.com](configuration.md#gitlabcom-configuration) configurations, as outlined in our [ADR-003 Migration Path](https://handbook.gitlab.com/handbook/engineering/architecture/design-documents/cloud_connector/decisions/003_unit_primitives/).
##### Current state and ongoing changes
- New features are added as **unit primitives** in the [`gitlab-cloud-connector` configuration](configuration.md#configuration-format-and-structure).
- Migration to the `gitlab-cloud-connector` gem as the Single Source of Truth (SSoT) is in progress in [epic 15949](https://gitlab.com/groups/gitlab-org/-/epics/15949).
- `access_data.yml` was removed in [issue 507518](https://gitlab.com/gitlab-org/gitlab/-/issues/507518).
- `cloud_connector.yml` file is slated for deprecation and removal, as detailed in [issue 11268](https://gitlab.com/gitlab-org/customers-gitlab-com/-/issues/11268).
##### Transition period guidelines
- Maintain both [new](configuration.md#configuration-format-and-structure) and [CustomersDot configuration](configuration.md#customersdot-configuration) configurations.
##### Register new features
###### Process
After adding a [new unit primitive to `gitlab-cloud-connector`](#register-new-feature-for-self-managed-dedicated-and-gitlabcom-customers),
open a separate merge request to update [CustomersDot configuration](configuration.md#customersdot-configuration) for GitLab Dedicated and self-managed instances.
1. Make sure that merge request for adding [new unit primitive to `gitlab-cloud-connector`](#register-new-feature-for-self-managed-dedicated-and-gitlabcom-customers) has been merged.
1. Download the latest generated [`cloud-connector.yml` file](https://gitlab.com/api/v4/projects/58733651/jobs/artifacts/main/raw/config/cloud_connector.yml?job=generate_cloud_connector_yml)
1. Replace the [`cloud-connector.yml` file](https://gitlab.com/gitlab-org/customers-gitlab-com/-/blob/main/config/cloud_connector.yml)
1. Ensure that the generated file reflects the changes you have made. Additionally, carefully verify that no changes have been inadvertently removed in the file.
#### Implement Permission checks in GitLab Rails
##### New feature is delivered as stand-alone service

22
doc/development/cloud_connector/configuration.md
View File

@ -214,25 +214,3 @@ services:
| `min_gitlab_version` | string | Minimum required GitLab version (for example, `17.8`). If not set, available for all versions. |
| `min_gitlab_version_for_free_access` | string | Minimum version for free access period (for example, `17.8`). If not set, available for all versions. |
| `backend` | string | Name of the backend service hosting this feature, used as token audience claim (for example, `gitlab-ai-gateway`). |
#### GitLab.com configuration
Because the GitLab.com deployment enjoys special trust, it can [self-sign and create Instance JSON Web Tokens (IJWTs)](architecture.md#gitlabcom) for every request to a Cloud Connector feature.
To issue tokens with the proper scopes, GitLab.com needs access to the configuration.
Configuration is stored in the `gitlab-cloud-connector` gem using a [unit primitive configuration format and structure](#configuration-format-and-structure).
GitLab.com still uses the [legacy `available_services` structure](#legacy-structure).
The `Gitlab::CloudConnector::AvailableServicesGenerator` generates legacy structure for compatibility.
To add a new unit primitive, follow [Register new feature for Self-Managed, Dedicated and GitLab.com customers](_index.md#register-new-feature-for-self-managed-dedicated-and-gitlabcom-customers)
#### CustomersDot configuration
For GitLab Dedicated and GitLab Self-Managed we are delegating trust to the CustomersDot, the access token issuer.
The configuration is located in [`cloud_connector.yml`](https://gitlab.com/gitlab-org/customers-gitlab-com/-/blob/main/config/cloud_connector.yml),
and represents an almost exact copy of the GitLab.com configuration.
We are in the process of removing `cloud_connector.yml` as part of our effort to use the `gitlab-cloud-connector` gem as the Single Source of Truth (SSoT) for unit primitive configuration.
To add a new unit primitive during this transition period, follow the [Transition period from old configuration process](_index.md#transition-from-old-configuration).

2
doc/integration/jenkins.md
View File

@ -52,7 +52,7 @@ To configure a Jenkins integration with GitLab:
- [Create a project access token](../user/project/settings/project_access_tokens.md#create-a-project-access-token)
to use the token at the project level only. For instance, you can revoke
the token in a project without affecting Jenkins integrations in other projects.
- [Create a group access token](../user/group/settings/group_access_tokens.md#create-a-group-access-token-using-ui)
- [Create a group access token](../user/group/settings/group_access_tokens.md#create-a-group-access-token)
to use the token for all Jenkins integrations in all projects of that group.
1. Set the access token scope to **API**.

2
doc/security/tokens/token_troubleshooting.md
View File

@ -80,7 +80,7 @@ To replace the token:
or [User tokens API](../../api/user_tokens.md#create-a-personal-access-token).
- For a project access token, [use the UI](../../user/project/settings/project_access_tokens.md#create-a-project-access-token)
or [project access tokens API](../../api/project_access_tokens.md#create-a-project-access-token).
- For a group access token, [use the UI](../../user/group/settings/group_access_tokens.md#create-a-group-access-token-using-ui)
- For a group access token, [use the UI](../../user/group/settings/group_access_tokens.md#create-a-group-access-token)
or [group access tokens API](../../api/group_access_tokens.md#create-a-group-access-token).
1. Replace the old access token with the new access token. This process varies
depending on how you use the token, for example if configured as a secret or

2
doc/user/application_security/dast/browser/configuration/variables.md
View File

@ -58,7 +58,7 @@ For authentication CI/CD variables, see [Authentication](authentication.md).
| `DAST_PASSIVE_SCAN_WORKER_COUNT` | int | `5` | Number of workers that passive scan in parallel. Defaults to the number of available CPUs. |
| `DAST_PKCS12_CERTIFICATE_BASE64` | string | `ZGZkZ2p5NGd...` | The PKCS12 certificate used for sites that require Mutual TLS. Must be encoded as base64 text. |
| `DAST_PKCS12_PASSWORD` | string | `password` | The password of the certificate used in `DAST_PKCS12_CERTIFICATE_BASE64`. Create sensitive [custom CI/CI variables](../../../../../ci/variables/_index.md#define-a-cicd-variable-in-the-ui) using the GitLab UI. |
| `DAST_REQUEST_ADVERTISE_SCAN` | boolean | `true` | Set to `true` to add a `Via` header to every request sent, advertising that the request was sent as part of a GitLab DAST scan. Default: `false`. |
| `DAST_REQUEST_ADVERTISE_SCAN` | boolean | `true` | Set to `true` to add a `Via: GitLab DAST <version>` header to every request sent, advertising that the request was sent as part of a GitLab DAST scan. Default: `false`. |
| `DAST_REQUEST_COOKIES` | dictionary | `abtesting_group:3,region:locked` | A cookie name and value to be added to every request. |
| `DAST_REQUEST_HEADERS` | string | `Cache-control:no-cache` | Set to a comma-separated list of request header names and values. The following headers are not supported: `content-length`, `cookie2`, `keep-alive`, `hosts`, `trailer`, `transfer-encoding`, and all headers with a `proxy-` prefix. |
| `DAST_SCOPE_ALLOW_HOSTS` | List of strings | `site.com,another.com` | Hostnames included in this variable are considered in scope when crawled. By default the `DAST_TARGET_URL` hostname is included in the allowed hosts list. Headers set using `DAST_REQUEST_HEADERS` are added to every request made to these hostnames. |

17
doc/user/group/manage.md
View File

@ -200,6 +200,23 @@ For more information, see:
- For groups, the [group access tokens documentation](settings/group_access_tokens.md#group-access-token-expiry-emails).
- For projects, the [project access tokens documentation](../project/settings/project_access_tokens.md#project-access-token-expiry-emails).
## Add additional webhook triggers for group access token expiration
> - [Added](https://gitlab.com/gitlab-org/gitlab/-/issues/463016) 60 day and 30 days triggers to project and group access tokens webhooks in GitLab 17.9 [with a flag](../../administration/feature_flags.md) named `pat_expiry_inherited_members_notification`. Disabled by default.
FLAG:
The availability of this feature is controlled by a feature flag. For more information, see the history.
GitLab sends multiple [expiry emails](../group/settings/group_access_tokens.md#group-access-token-expiry-emails) and triggers a related [webhook](../project/integrations/webhook_events.md#project-and-group-access-token-events) before a group token expires. By default, GitLab only triggers these webhooks 7 days before the token expires. When this feature is enabled, GitLab also can trigger these webhooks 60 days and 30 days before the token expires.
To enable additional triggers for these webhooks:
1. On the left sidebar, select **Search or go to** and find your group.
1. Select **Settings > General**.
1. Expand the **Permissions and group features** section.
1. Select the **Extended Group Access Tokens Expiry Webhook execution** checkbox.
1. Select **Save changes**.
## Disable group mentions
You can prevent users from being added to a conversation and getting notified when

8
doc/user/group/settings/group_access_tokens.md
View File

@ -41,7 +41,7 @@ You cannot use group access tokens to create other group, project, or personal a
Group access tokens inherit the [default prefix setting](../../../administration/settings/account_and_limit_settings.md#personal-access-token-prefix)
configured for personal access tokens.
## Create a group access token using UI
## Create a group access token
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/348660) in GitLab 15.3, default expiration of 30 days and default role of Guest is populated in the UI.
> - Ability to create non-expiring group access tokens [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/392855) in GitLab 16.0.
@ -55,6 +55,8 @@ For more information, see the history.
WARNING:
The ability to create group access tokens without an expiry date was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/369122) in GitLab 15.4 and [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/392855) in GitLab 16.0. For more information on expiry dates added to existing tokens, see the documentation on [access token expiration](#access-token-expiration).
### With the UI
To create a group access token:
1. On the left sidebar, select **Search or go to** and find your group.
@ -79,7 +81,7 @@ Group access tokens are treated as [internal users](../../../administration/inte
If an internal user creates a group access token, that token is able to access
all projects that have visibility level set to [Internal](../../public_access.md).
## Create a group access token using Rails console
### With the Rails console
If you are an administrator, you can create group access tokens in the Rails console:
@ -133,8 +135,6 @@ The inactive group access tokens table displays revoked and expired tokens for 3
Tokens that belong to [an active token family](../../../api/personal_access_tokens.md#automatic-reuse-detection) are displayed for 30 days after the latest active token from the family is expired or revoked.
### Use the UI
To revoke or rotate a group access token:
1. On the left sidebar, select **Search or go to** and find your group.

17
doc/user/project/settings/_index.md
View File

@ -151,3 +151,20 @@ To set this default:
1. Select **Settings > Merge requests**.
1. Select **Enable "Delete source branch" option by default**.
1. Select **Save changes**.
## Add additional webhook triggers for project access token expiration
> - [Added](https://gitlab.com/gitlab-org/gitlab/-/issues/463016) 60 day and 30 days triggers to project and group access tokens webhooks in GitLab 17.9 [with a flag](../../../administration/feature_flags.md) named `pat_expiry_inherited_members_notification`. Disabled by default.
FLAG:
The availability of this feature is controlled by a feature flag. For more information, see the history.
GitLab sends multiple [expiry emails](project_access_tokens.md#project-access-token-expiry-emails) and triggers a related [webhook](../integrations/webhook_events.md#project-and-group-access-token-events) before a project token expires. By default, GitLab only triggers these webhooks 7 days before the token expires. When this feature is enabled, GitLab also triggers these webhooks 60 days and 30 days before the token expires.
To enable additional triggers for these webhooks:
1. On the left sidebar, select **Search or go to** and find your project.
1. Select **Settings > General**.
1. Expand the **Visibility, project features, permissions** section.
1. Select the **Extended Group Access Tokens Expiry Webhook execution** checkbox.
1. Select **Save changes**.

2
doc/user/project/settings/project_access_tokens.md
View File

@ -86,8 +86,6 @@ The inactive project access tokens table displays revoked and expired tokens for
Tokens that belong to [an active token family](../../../api/personal_access_tokens.md#automatic-reuse-detection) are displayed for 30 days after the latest active token from the family is expired or revoked.
### Use the UI
To revoke or rotate a project access token:
1. On the left sidebar, select **Search or go to** and find your project.

37
keeps/overdue_finalize_background_migration.rb
View File

@ -29,7 +29,7 @@ module Keeps
next unless before_cuttoff_milestone?(migration['milestone'])
job_name = migration['migration_job_name']
next if migration_finalized?(job_name)
next if migration_finalized?(migration, job_name)
migration_record = fetch_migration_status(job_name)
next unless migration_record
@ -41,31 +41,26 @@ module Keeps
queue_method_node = find_queue_method_node(last_migration_file)
migration_name = truncate_migration_name("Finalize#{migration['migration_job_name']}")
migration_name = truncate_migration_name("FinalizeHK#{job_name}")
PostDeploymentMigration::PostDeploymentMigrationGenerator
.source_root('generator_templates/post_deployment_migration/post_deployment_migration/')
generator = ::PostDeploymentMigration::PostDeploymentMigrationGenerator.new([migration_name])
migration_file = generator.invoke_all.first
change.changed_files = [migration_file]
begin
generator = ::PostDeploymentMigration::PostDeploymentMigrationGenerator.new([migration_name])
migration_file = generator.invoke_all.first
change.changed_files = [migration_file]
add_ensure_call_to_migration(migration_file, queue_method_node, job_name, migration_record)
::Gitlab::Housekeeper::Shell.rubocop_autocorrect(migration_file)
add_ensure_call_to_migration(migration_file, queue_method_node, job_name, migration_record)
::Gitlab::Housekeeper::Shell.rubocop_autocorrect(migration_file)
digest = Digest::SHA256.hexdigest(generator.migration_number)
digest_file = Pathname.new('db').join('schema_migrations', generator.migration_number.to_s).to_s
File.open(digest_file, 'w') { |f| f.write(digest) }
digest = Digest::SHA256.hexdigest(generator.migration_number)
digest_file = Pathname.new('db').join('schema_migrations', generator.migration_number.to_s).to_s
File.open(digest_file, 'w') { |f| f.write(digest) }
add_finalized_by_to_yaml(migration_yaml_file, generator.migration_number)
add_finalized_by_to_yaml(migration_yaml_file, generator.migration_number)
change.changed_files << digest_file
change.changed_files << migration_yaml_file
change.changed_files << digest_file
change.changed_files << migration_yaml_file
yield(change)
rescue Rails::Generators::Error
next
end
yield(change)
end
end
@ -204,7 +199,9 @@ module Keeps
@postgres_ai ||= Keeps::Helpers::PostgresAi.new
end
def migration_finalized?(job_name)
def migration_finalized?(migration, job_name)
return true if migration['finalized_by'].present?
result = `git grep --name-only "#{job_name}"`.chomp
result.each_line.select do |file|
File.read(file.chomp).include?('ensure_batched_background_migration_is_finished')

2
lib/banzai/filter/kroki_filter.rb
View File

@ -32,7 +32,7 @@ module Banzai
diagram_type = node.parent['data-canonical-lang'] || node['data-canonical-lang']
next unless diagram_selectors.include?(diagram_type)
diagram_src = node.content
diagram_src = node.content.chomp
image_src = create_image_src(diagram_type, diagram_format, diagram_src)
img_tag = Nokogiri::HTML::DocumentFragment.parse(content_tag(:img, nil, src: image_src))
img_tag = img_tag.children.first

5
lib/banzai/filter/plantuml_filter.rb
View File

@ -16,13 +16,14 @@ module Banzai
Gitlab::Plantuml.configure
doc.xpath(lang_tag).each do |node|
diagram_src = node.content.chomp
img_tag = Nokogiri::HTML::DocumentFragment.parse(
Asciidoctor::PlantUml::Processor.plantuml_content(node.content, {})).css('img').first
Asciidoctor::PlantUml::Processor.plantuml_content(diagram_src, {})).css('img').first
next if img_tag.nil?
img_tag.set_attribute('data-diagram', 'plantuml')
img_tag.set_attribute('data-diagram-src', "data:text/plain;base64,#{Base64.strict_encode64(node.content)}")
img_tag.set_attribute('data-diagram-src', "data:text/plain;base64,#{Base64.strict_encode64(diagram_src)}")
node.parent.replace(img_tag)
end

2
lib/feature.rb
View File

@ -240,7 +240,7 @@ module Feature
# This method is called from config/initializers/0_inject_feature_flags.rb and can be used
# to register Flipper groups.
# See https://docs.gitlab.com/ee/development/feature_flags/index.html
# See https://docs.gitlab.com/ee/development/feature_flags/
#
# EE feature groups should go inside the ee/lib/ee/feature.rb version of this method.
def register_feature_groups; end

2
lib/gitlab/ci/templates/Bash.gitlab-ci.yml
View File

@ -6,7 +6,7 @@
# This specific template is located at:
# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Bash.gitlab-ci.yml
# See https://docs.gitlab.com/ee/ci/yaml/index.html for all available options
# See https://docs.gitlab.com/ee/ci/yaml/ for all available options
# you can delete this line if you're not using Docker
image: busybox:latest

2
lib/gitlab/ci/templates/Crystal.gitlab-ci.yml
View File

@ -12,7 +12,7 @@ image: "crystallang/crystal:latest"
# Pick zero or more services to be used on all builds.
# Only needed when using a docker container to run your tests in.
# Check out: https://docs.gitlab.com/ee/ci/services/index.html
# Check out: https://docs.gitlab.com/ee/ci/services/
# services:
# - mysql:latest
# - redis:latest

2
lib/gitlab/ci/templates/Django.gitlab-ci.yml
View File

@ -41,7 +41,7 @@ default:
#
# Pick zero or more services to be used on all builds.
# Only needed when using a docker container to run your tests in.
# Check out: https://docs.gitlab.com/ee/ci/services/index.html
# Check out: https://docs.gitlab.com/ee/ci/services/
services:
- mysql:8.0
#

2
lib/gitlab/ci/templates/Elixir.gitlab-ci.yml
View File

@ -10,7 +10,7 @@ image: elixir:latest
# Pick zero or more services to be used on all builds.
# Only needed when using a docker container to run your tests in.
# Check out: https://docs.gitlab.com/ee/ci/services/index.html
# Check out: https://docs.gitlab.com/ee/ci/services/
services:
- mysql:latest
- redis:latest

2
lib/gitlab/ci/templates/Getting-Started.gitlab-ci.yml
View File

@ -5,7 +5,7 @@
# A pipeline is composed of independent jobs that run scripts, grouped into stages.
# Stages run in sequential order, but jobs within stages run in parallel.
#
# For more information, see: https://docs.gitlab.com/ee/ci/yaml/index.html#stages
# For more information, see: https://docs.gitlab.com/ee/ci/yaml/#stages
#
# You can copy and paste this template into a new `.gitlab-ci.yml` file.
# You should not add this template to an existing `.gitlab-ci.yml` file by using the `include:` keyword.

4
lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml
View File

@ -18,7 +18,7 @@
# - For auto-remediation, a readable Dockerfile in the root of the project or as defined by the
# CS_DOCKERFILE_PATH variable.
#
# Configure container scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html).
# Configure container scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/).
# List of available variables: https://docs.gitlab.com/ee/user/application_security/container_scanning/#available-variables
variables:
@ -32,7 +32,7 @@ container_scanning:
# To provide a `vulnerability-allowlist.yml` file, override the GIT_STRATEGY variable in your
# `.gitlab-ci.yml` file and set it to `fetch`.
# For details, see the following links:
# https://docs.gitlab.com/ee/user/application_security/container_scanning/index.html#overriding-the-container-scanning-template
# https://docs.gitlab.com/ee/user/application_security/container_scanning/#overriding-the-container-scanning-template
# https://docs.gitlab.com/ee/user/application_security/container_scanning/#vulnerability-allowlisting
GIT_STRATEGY: none
allow_failure: true

4
lib/gitlab/ci/templates/Jobs/Container-Scanning.latest.gitlab-ci.yml
View File

@ -18,7 +18,7 @@
# - For auto-remediation, a readable Dockerfile in the root of the project or as defined by the
# CS_DOCKERFILE_PATH variable.
#
# Configure container scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html).
# Configure container scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/).
# List of available variables: https://docs.gitlab.com/ee/user/application_security/container_scanning/#available-variables
variables:
@ -33,7 +33,7 @@ variables:
# To provide a `vulnerability-allowlist.yml` file, override the GIT_STRATEGY variable in your
# `.gitlab-ci.yml` file and set it to `fetch`.
# For details, see the following links:
# https://docs.gitlab.com/ee/user/application_security/container_scanning/index.html#overriding-the-container-scanning-template
# https://docs.gitlab.com/ee/user/application_security/container_scanning/#overriding-the-container-scanning-template
# https://docs.gitlab.com/ee/user/application_security/container_scanning/#vulnerability-allowlisting
GIT_STRATEGY: none
allow_failure: true

4
lib/gitlab/ci/templates/Jobs/Dependency-Scanning.gitlab-ci.yml
View File

@ -5,8 +5,8 @@
# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/
#
# Configure dependency scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html).
# List of available variables: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/index.html#available-variables
# Configure dependency scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/).
# List of available variables: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#available-cicd-variables
variables:
# Setting this variable will affect all Security templates

4
lib/gitlab/ci/templates/Jobs/Dependency-Scanning.latest.gitlab-ci.yml
View File

@ -5,8 +5,8 @@
# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/
#
# Configure dependency scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html).
# List of available variables: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/index.html#available-variables
# Configure dependency scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/).
# List of available variables: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#available-cicd-variables
variables:
# Setting this variable will affect all Security templates

4
lib/gitlab/ci/templates/Jobs/SAST-IaC.gitlab-ci.yml
View File

@ -1,7 +1,7 @@
# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/iac_scanning/
#
# Configure SAST with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html).
# List of available variables: https://docs.gitlab.com/ee/user/application_security/iac_scanning/index.html
# Configure SAST with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/).
# List of available variables: https://docs.gitlab.com/ee/user/application_security/iac_scanning/
variables:
# Setting this variable will affect all Security templates

4
lib/gitlab/ci/templates/Jobs/SAST-IaC.latest.gitlab-ci.yml
View File

@ -1,7 +1,7 @@
# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/iac_scanning/
#
# Configure SAST with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html).
# List of available variables: https://docs.gitlab.com/ee/user/application_security/iac_scanning/index.html
# Configure SAST with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/).
# List of available variables: https://docs.gitlab.com/ee/user/application_security/iac_scanning/
variables:
# Setting this variable will affect all Security templates

4
lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml
View File

@ -1,7 +1,7 @@
# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/sast/
#
# Configure SAST with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html).
# List of available variables: https://docs.gitlab.com/ee/user/application_security/sast/index.html#available-cicd-variables
# Configure SAST with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/).
# List of available variables: https://docs.gitlab.com/ee/user/application_security/sast/#available-cicd-variables
variables:
# Setting this variable will affect all Security templates

4
lib/gitlab/ci/templates/Jobs/SAST.latest.gitlab-ci.yml
View File

@ -1,7 +1,7 @@
# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/sast/
#
# Configure SAST with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html).
# List of available variables: https://docs.gitlab.com/ee/user/application_security/sast/index.html#available-variables
# Configure SAST with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/).
# List of available variables: https://docs.gitlab.com/ee/user/application_security/sast/#available-cicd-variables
variables:
# Setting this variable will affect all Security templates

4
lib/gitlab/ci/templates/Laravel.gitlab-ci.yml
View File

@ -12,7 +12,7 @@ image: php:latest
# Pick zero or more services to be used on all builds.
# Only needed when using a docker container to run your tests in.
# Check out: https://docs.gitlab.com/ee/ci/services/index.html
# Check out: https://docs.gitlab.com/ee/ci/services/
services:
- mysql:latest
@ -21,7 +21,7 @@ variables:
MYSQL_ROOT_PASSWORD: secret
# This folder is cached between builds
# https://docs.gitlab.com/ee/ci/yaml/index.html#cache
# https://docs.gitlab.com/ee/ci/yaml/#cache
cache:
paths:
- vendor/

4
lib/gitlab/ci/templates/Maven.gitlab-ci.yml
View File

@ -65,14 +65,14 @@ verify:jdk8:
- .verify
# To deploy packages from CI, create a `ci_settings.xml` file
# For deploying packages to GitLab's Maven Repository: See https://docs.gitlab.com/ee/user/packages/maven_repository/index.html#create-maven-packages-with-gitlab-cicd for more details.
# For deploying packages to GitLab's Maven Repository: See https://docs.gitlab.com/ee/user/packages/maven_repository/#create-maven-packages-with-gitlab-cicd for more details.
# Please note: The GitLab Maven Repository is currently only available in GitLab Premium / Ultimate.
# For `master` or `main` branch run `mvn deploy` automatically.
deploy:jdk8:
stage: deploy
script:
- if [ ! -f ci_settings.xml ]; then
echo "CI settings missing\! If deploying to GitLab Maven Repository, please see https://docs.gitlab.com/ee/user/packages/maven_repository/index.html#create-maven-packages-with-gitlab-cicd for instructions.";
echo "CI settings missing\! If deploying to GitLab Maven Repository, please see https://docs.gitlab.com/ee/user/packages/maven_repository/#create-maven-packages-with-gitlab-cicd for instructions.";
fi
- 'mvn $MAVEN_CLI_OPTS deploy --settings ci_settings.xml'
only:

4
lib/gitlab/ci/templates/Nodejs.gitlab-ci.yml
View File

@ -12,14 +12,14 @@ image: node:latest
# Pick zero or more services to be used on all builds.
# Only needed when using a docker container to run your tests in.
# Check out: https://docs.gitlab.com/ee/ci/services/index.html
# Check out: https://docs.gitlab.com/ee/ci/services/
services:
- mysql:latest
- redis:latest
- postgres:latest
# This folder is cached between builds
# https://docs.gitlab.com/ee/ci/yaml/index.html#cache
# https://docs.gitlab.com/ee/ci/yaml/#cache
cache:
paths:
- node_modules/

2
lib/gitlab/ci/templates/PHP.gitlab-ci.yml
View File

@ -26,7 +26,7 @@ before_script:
- curl -sS https://getcomposer.org/installer | php
- php composer.phar install
# Bring in any services we need https://docs.gitlab.com/ee/ci/services/index.html
# Bring in any services we need https://docs.gitlab.com/ee/ci/services/
# See http://docs.gitlab.com/ee/ci/services/README.html for examples.
services:
- mysql:5.7

2
lib/gitlab/ci/templates/Pages/Gatsby.gitlab-ci.yml
View File

@ -7,7 +7,7 @@ default:
image: node:21.7.3
# This folder is cached between builds
# https://docs.gitlab.com/ee/ci/yaml/index.html#cache
# https://docs.gitlab.com/ee/ci/yaml/#cache
cache:
paths:
- node_modules/

2
lib/gitlab/ci/templates/Ruby.gitlab-ci.yml
View File

@ -12,7 +12,7 @@ image: ruby:latest
# Pick zero or more services to be used on all builds.
# Only needed when using a docker container to run your tests in.
# Check out: https://docs.gitlab.com/ee/ci/services/index.html
# Check out: https://docs.gitlab.com/ee/ci/services/
services:
- mysql:latest
- redis:latest

2
lib/gitlab/ci/templates/Rust.gitlab-ci.yml
View File

@ -12,7 +12,7 @@ image: "rust:latest"
# Optional: Pick zero or more services to be used on all builds.
# Only needed when using a docker container to run your tests in.
# Check out: https://docs.gitlab.com/ee/ci/services/index.html
# Check out: https://docs.gitlab.com/ee/ci/services/
# services:
# - mysql:latest
# - redis:latest

2
lib/gitlab/ci/templates/Security/API-Discovery.gitlab-ci.yml
View File

@ -5,7 +5,7 @@
# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/api_discovery/
#
# Configure API Discovery with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html).
# Configure API Discovery with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/).
# List of available variables: https://docs.gitlab.com/ee/user/application_security/api_discovery/#available-cicd-variables
variables:

2
lib/gitlab/ci/templates/Security/API-Fuzzing.gitlab-ci.yml
View File

@ -18,7 +18,7 @@
# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/api_fuzzing/
#
# Configure API Fuzzing with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html).
# Configure API Fuzzing with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/).
# List of available variables: https://docs.gitlab.com/ee/user/application_security/api_fuzzing/#available-cicd-variables
variables:

2
lib/gitlab/ci/templates/Security/API-Fuzzing.latest.gitlab-ci.yml
View File

@ -18,7 +18,7 @@
# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/api_fuzzing/
#
# Configure API Fuzzing with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html).
# Configure API Fuzzing with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/).
# List of available variables: https://docs.gitlab.com/ee/user/application_security/api_fuzzing/#available-cicd-variables
variables:

6
lib/gitlab/ci/templates/Security/API-Security.gitlab-ci.yml
View File

@ -16,10 +16,10 @@
# - deploy
# - dast
# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/dast_api/index.html
# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/api_security_testing/
# Configure API Security scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html).
# List of available variables: https://docs.gitlab.com/ee/user/application_security/dast_api/index.html#available-cicd-variables
# Configure API Security scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/).
# List of available variables: https://docs.gitlab.com/ee/user/application_security/api_security_testing/configuration/variables.html#available-cicd-variables
variables:
# Setting this variable affects all Security templates

6
lib/gitlab/ci/templates/Security/API-Security.latest.gitlab-ci.yml
View File

@ -16,10 +16,10 @@
# - deploy
# - dast
# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/dast_api/index.html
# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/dast_api/
# Configure API Security scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html).
# List of available variables: https://docs.gitlab.com/ee/user/application_security/dast_api/index.html#available-cicd-variables
# Configure API Security scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/).
# List of available variables: https://docs.gitlab.com/ee/user/application_security/api_security_testing/configuration/variables.html#available-cicd-variables
variables:
# Setting this variable affects all Security templates

2
lib/gitlab/ci/templates/Security/Coverage-Fuzzing.gitlab-ci.yml
View File

@ -5,7 +5,7 @@
# Read more about this feature https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing
#
# Configure coverage fuzzing with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html).
# Configure coverage fuzzing with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/).
# List of available variables: https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing/#available-cicd-variables
variables:

2
lib/gitlab/ci/templates/Security/Coverage-Fuzzing.latest.gitlab-ci.yml
View File

@ -5,7 +5,7 @@
# Read more about this feature https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing
#
# Configure coverage fuzzing with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html).
# Configure coverage fuzzing with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/).
# List of available variables: https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing/#available-cicd-variables
variables:

6
lib/gitlab/ci/templates/Security/DAST-API.gitlab-ci.yml
View File

@ -16,10 +16,10 @@
# - deploy
# - dast
# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/dast_api/index.html
# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/dast_api/
# Configure DAST API scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html).
# List of available variables: https://docs.gitlab.com/ee/user/application_security/dast_api/index.html#available-cicd-variables
# Configure DAST API scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/).
# List of available variables: https://docs.gitlab.com/ee/user/application_security/api_security_testing/configuration/variables.html#available-cicd-variables
variables:
# Setting this variable affects all Security templates

6
lib/gitlab/ci/templates/Security/DAST-API.latest.gitlab-ci.yml
View File

@ -16,10 +16,10 @@
# - deploy
# - dast
# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/dast_api/index.html
# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/dast_api/
# Configure DAST API scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html).
# List of available variables: https://docs.gitlab.com/ee/user/application_security/dast_api/index.html#available-cicd-variables
# Configure DAST API scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/).
# List of available variables: https://docs.gitlab.com/ee/user/application_security/api_security_testing/configuration/variables.html#available-cicd-variables
variables:
# Setting this variable affects all Security templates

2
lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml
View File

@ -18,7 +18,7 @@
#
# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/dast/
#
# Configure DAST with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html).
# Configure DAST with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/).
# List of available variables: https://docs.gitlab.com/ee/user/application_security/dast/#available-variables
variables:

4
lib/gitlab/ci/templates/Security/DAST.latest.gitlab-ci.yml
View File

@ -18,8 +18,8 @@
#
# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/dast/
#
# Configure DAST with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html).
# List of available variables: https://docs.gitlab.com/ee/user/application_security/dast/#available-variables
# Configure DAST with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/).
# List of available variables: https://docs.gitlab.com/ee/user/application_security/dast/browser/configuration/variables.html
variables:
DAST_VERSION: 5

2
lib/gitlab/ci/templates/dotNET-Core.gitlab-ci.yml
View File

@ -82,7 +82,7 @@ cache:
# for 'dotnet restore' command. In this example, a temporary directory is created
# in the root of project repository, so its content can be cached.
#
# Learn more about GitLab cache: https://docs.gitlab.com/ee/ci/caching/index.html
# Learn more about GitLab cache: https://docs.gitlab.com/ee/ci/caching/
before_script:
- 'dotnet restore --packages $NUGET_PACKAGES_DIRECTORY'

2
lib/gitlab/ci/templates/npm.gitlab-ci.yml
View File

@ -14,7 +14,7 @@ publish:
# If no .npmrc is included in the repo, generate a temporary one that is configured to publish to GitLab's NPM registry
- |
if [[ ! -f .npmrc ]]; then
echo 'No .npmrc found! Creating one now. Please review the following link for more information: https://docs.gitlab.com/ee/user/packages/npm_registry/index.html#project-level-npm-endpoint-1'
echo 'No .npmrc found! Creating one now. Please review the following link for more information: https://docs.gitlab.com/ee/user/packages/npm_registry/#with-the-npmrc-file'
{
echo "@${CI_PROJECT_ROOT_NAMESPACE}:registry=${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/npm/"
echo "${CI_API_V4_URL#http*:}/projects/${CI_PROJECT_ID}/packages/npm/:_authToken=\${CI_JOB_TOKEN}"

6
lib/gitlab/data_builder/resource_access_token.rb → lib/gitlab/data_builder/resource_access_token_payload.rb
View File

@ -2,10 +2,10 @@
module Gitlab
module DataBuilder
module ResourceAccessToken
module ResourceAccessTokenPayload
extend self
def build(resource_access_token, event, resource)
def build(resource_access_token, event, resource, data = {})
base_data = {
object_kind: 'access_token'
}
@ -13,7 +13,7 @@ module Gitlab
base_data[resource.model_name.param_key.to_sym] = resource.hook_attrs
base_data[:object_attributes] = resource_access_token.hook_attrs
base_data[:event_name] = event_data(event)
base_data
base_data.merge(data)
end
private

2
lib/gitlab/slash_commands/presenters/help.rb
View File

@ -49,7 +49,7 @@ module Gitlab
*Documentation*
For more information about GitLab chatops, refer to its
documentation: https://docs.gitlab.com/ee/ci/chatops/index.html.
documentation: https://docs.gitlab.com/ee/ci/chatops/.
MESSAGE
message

2
lib/gitlab/tracking.rb
View File

@ -1,7 +1,7 @@
# frozen_string_literal: true
# WARNING: This module has been deprecated and will be removed in the future
# Use InternalEvents.track_event instead https://docs.gitlab.com/ee/development/internal_analytics/internal_event_instrumentation/index.html
# Use InternalEvents.track_event instead https://docs.gitlab.com/ee/development/internal_analytics/internal_event_instrumentation/
module Gitlab
module Tracking

2
lib/gitlab/usage_data_counters/hll_redis_counter.rb
View File

@ -1,7 +1,7 @@
# frozen_string_literal: true
# WARNING: This module has been deprecated and will be removed in the future
# Use InternalEvents.track_event instead https://docs.gitlab.com/ee/development/internal_analytics/internal_event_instrumentation/index.html
# Use InternalEvents.track_event instead https://docs.gitlab.com/ee/development/internal_analytics/internal_event_instrumentation/
module Gitlab
module UsageDataCounters

2
lib/gitlab/usage_data_counters/redis_counter.rb
View File

@ -1,7 +1,7 @@
# frozen_string_literal: true
# WARNING: This module has been deprecated and will be removed in the future
# Use InternalEvents.track_event instead https://docs.gitlab.com/ee/development/internal_analytics/internal_event_instrumentation/index.html
# Use InternalEvents.track_event instead https://docs.gitlab.com/ee/development/internal_analytics/internal_event_instrumentation/
module Gitlab
module UsageDataCounters

2
lib/gitlab/usage_data_counters/redis_sum.rb
View File

@ -1,7 +1,7 @@
# frozen_string_literal: true
# WARNING: This module has been deprecated and will be removed in the future
# Use InternalEvents.track_event instead https://docs.gitlab.com/ee/development/internal_analytics/internal_event_instrumentation/index.html
# Use InternalEvents.track_event instead https://docs.gitlab.com/ee/development/internal_analytics/internal_event_instrumentation/
module Gitlab
module UsageDataCounters

12
locale/gitlab.pot
View File

@ -27937,6 +27937,9 @@ msgstr ""
msgid "GroupSelect|Select a group"
msgstr ""
msgid "GroupSettings|Add additional webhook triggers for group access token expiration"
msgstr ""
msgid "GroupSettings|After the instance reaches the user cap, any user who is added or requests access must be approved by an administrator. Leave empty for an unlimited user cap. If you change the user cap to unlimited, you must re-enable %{project_sharing_docs_link_start}project sharing%{link_end} and %{group_sharing_docs_link_start}group sharing%{link_end}."
msgstr ""
@ -28072,6 +28075,9 @@ msgstr ""
msgid "GroupSettings|If enabled, enterprise user accounts will not be able to use personal access tokens."
msgstr ""
msgid "GroupSettings|If enabled, group access tokens expiry webhooks execute 60, 30, and 7 days before the token expires. If disabled, these webhooks only execute 7 days before the token expires."
msgstr ""
msgid "GroupSettings|If enabled, individual user accounts will be able to use only issued SSH certificates for Git access. It doesn't apply to service accounts, deploy keys, and other types of internal accounts."
msgstr ""
@ -45063,6 +45069,9 @@ msgstr ""
msgid "ProjectSettings|A default branch cannot be chosen for an empty project."
msgstr ""
msgid "ProjectSettings|Add additional webhook triggers for project access token expiry."
msgstr ""
msgid "ProjectSettings|Add badges to display information about this project."
msgstr ""
@ -45267,6 +45276,9 @@ msgstr ""
msgid "ProjectSettings|If GitLab manages your cluster, then GitLab retains your analytics data for 1 year. %{link_start}Learn more about data retention policy%{link_end}."
msgstr ""
msgid "ProjectSettings|If enabled, project access tokens expiry webhooks execute 60, 30, and 7 days before the token expires. If disabled, these webhooks only execute 7 days before the token expires. %{linkStart}Learn more%{linkEnd}"
msgstr ""
msgid "ProjectSettings|If merge trains are enabled, merging is only possible if the branch can be rebased without conflicts."
msgstr ""

2
qa/gems/gitlab-cng/Gemfile
View File

@ -6,7 +6,7 @@ gemspec
group :test do
gem "climate_control", "~> 1.2.0"
gem "gitlab-styles", "~> 13.0.2"
gem "gitlab-styles", "~> 13.1.0"
gem "pry", "~> 0.15.2"
gem "rspec", "~> 3.13"
gem "simplecov", "~> 0.22.0"

18
qa/gems/gitlab-cng/Gemfile.lock
View File

@ -34,8 +34,8 @@ GEM
diff-lcs (1.5.1)
docile (1.4.0)
drb (2.2.1)
gitlab-styles (13.0.2)
rubocop (~> 1.68.0)
gitlab-styles (13.1.0)
rubocop (= 1.71.1)
rubocop-capybara (~> 2.21.0)
rubocop-factory_bot (~> 2.26.1)
rubocop-graphql (~> 1.5.4)
@ -62,7 +62,7 @@ GEM
racc (1.8.1)
rack (3.1.8)
rainbow (3.1.1)
regexp_parser (2.9.2)
regexp_parser (2.10.0)
require_all (3.0.0)
rspec (3.13.0)
rspec-core (~> 3.13.0)
@ -77,17 +77,17 @@ GEM
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.13.0)
rspec-support (3.13.1)
rubocop (1.68.0)
rubocop (1.71.1)
json (~> 2.3)
language_server-protocol (>= 3.17.0)
parallel (~> 1.10)
parser (>= 3.3.0.2)
rainbow (>= 2.2.2, < 4.0)
regexp_parser (>= 2.4, < 3.0)
rubocop-ast (>= 1.32.2, < 2.0)
regexp_parser (>= 2.9.3, < 3.0)
rubocop-ast (>= 1.38.0, < 2.0)
ruby-progressbar (~> 1.7)
unicode-display_width (>= 2.4.0, < 3.0)
rubocop-ast (1.32.3)
unicode-display_width (>= 2.4.0, < 4.0)
rubocop-ast (1.38.0)
parser (>= 3.3.1.0)
rubocop-capybara (2.21.0)
rubocop (~> 1.41)
@ -141,7 +141,7 @@ PLATFORMS
DEPENDENCIES
climate_control (~> 1.2.0)
gitlab-cng!
gitlab-styles (~> 13.0.2)
gitlab-styles (~> 13.1.0)
pry (~> 0.15.2)
rspec (~> 3.13)
simplecov (~> 0.22.0)

26
spec/controllers/projects_controller_spec.rb
View File

@ -939,7 +939,8 @@ RSpec.describe ProjectsController, feature_category: :groups_and_projects do
project_setting_attributes: {
show_default_award_emojis: boolean_value,
enforce_auth_checks_on_uploads: boolean_value,
emails_enabled: boolean_value
emails_enabled: boolean_value,
extended_prat_expiry_webhooks_execute: boolean_value
}
}
}
@ -950,6 +951,29 @@ RSpec.describe ProjectsController, feature_category: :groups_and_projects do
expect(project.enforce_auth_checks_on_uploads?).to eq(result)
expect(project.emails_enabled?).to eq(result)
expect(project.emails_disabled?).to eq(!result)
expect(project.extended_prat_expiry_webhooks_execute?).to eq(result)
end
context 'when extended_expiry_webhook_execution_setting feature flag is false' do
before do
stub_feature_flags(extended_expiry_webhook_execution_setting: false)
end
it "does not update extended_expiry_webhook_execution_setting" do
put :update, params: {
namespace_id: project.namespace,
id: project.path,
project: {
project_setting_attributes: {
extended_prat_expiry_webhooks_execute: boolean_value
}
}
}
project.reload
expect(project.extended_prat_expiry_webhooks_execute?).to be false
end
end
end
end

8
spec/features/groups/import_export/connect_instance_spec.rb
View File

@ -84,10 +84,10 @@ RSpec.describe 'Import/Export - Connect to another instance', :js, feature_categ
open_import_group
end
it 'renders fields and button disabled' do
expect(page).to have_field('GitLab source instance base URL', disabled: true)
expect(page).to have_field('Personal access token', disabled: true)
expect(page).to have_button('Connect instance', disabled: true)
it "doesn't render fields and button" do
expect(page).not_to have_field('GitLab source instance base URL')
expect(page).not_to have_field('Personal access token')
expect(page).not_to have_button('Connect instance')
end
end

4
spec/frontend/pages/groups/new/components/app_spec.js
View File

@ -1,6 +1,4 @@
import { shallowMount } from '@vue/test-utils';
import GROUP_IMPORT_SVG_URL from '@gitlab/svgs/dist/illustrations/group-import.svg?url';
import GROUP_NEW_SVG_URL from '@gitlab/svgs/dist/illustrations/group-new.svg?url';
import App from '~/pages/groups/new/components/app.vue';
import NewNamespacePage from '~/vue_shared/new_namespace/new_namespace_page.vue';
@ -30,7 +28,6 @@ describe('App component', () => {
{ href: '#', text: 'New group' },
]);
expect(findCreateGroupPanel().title).toBe('Create group');
expect(findCreateGroupPanel().imageSrc).toBe(GROUP_NEW_SVG_URL);
});
it('creates correct component for subgroup creation', () => {
@ -49,6 +46,5 @@ describe('App component', () => {
]);
expect(findCreateGroupPanel().title).toBe('Create subgroup');
expect(findCreateGroupPanel().detailProps).toEqual(detailProps);
expect(findCreateGroupPanel().imageSrc).toBe(GROUP_IMPORT_SVG_URL);
});
});

23
spec/frontend/pages/projects/shared/permissions/components/settings_panel_spec.js
View File

@ -44,6 +44,7 @@ const defaultProps = {
packagesEnabled: true,
showDefaultAwardEmojis: true,
warnAboutPotentiallyUnwantedCharacters: true,
extendedPratExpiryWebhooksExecute: false,
},
isGitlabCom: true,
canAddCatalogResource: false,
@ -151,6 +152,10 @@ describe('Settings Panel', () => {
wrapper.find(
'input[name="project[project_setting_attributes][warn_about_potentially_unwanted_characters]"]',
);
const findExtendedPratExpiryWebhooksExecute = () =>
wrapper.find(
'input[name="project[project_setting_attributes][extended_prat_expiry_webhooks_execute]"]',
);
const findConfirmDangerButton = () => wrapper.findComponent(ConfirmDanger);
const findEnvironmentsSettings = () => wrapper.findComponent({ ref: 'environments-settings' });
const findFeatureFlagsSettings = () => wrapper.findComponent({ ref: 'feature-flags-settings' });
@ -819,6 +824,24 @@ describe('Settings Panel', () => {
});
});
describe('Setting to allow webhook execution for extended intervals', () => {
it('should have a "Extended Project Access Tokens Expiry Webhook execution" input when feature is enabled', () => {
wrapper = mountComponent({
glFeatures: { extendedExpiryWebhookExecutionSetting: true },
});
expect(findExtendedPratExpiryWebhooksExecute().exists()).toBe(true);
});
it('should not have a "Extended Project Access Tokens Expiry Webhook execution" input when feature is disabled', () => {
wrapper = mountComponent({
glFeatures: { extendedExpiryWebhookExecutionSetting: false },
});
expect(findExtendedPratExpiryWebhooksExecute().exists()).toBe(false);
});
});
describe('Analytics', () => {
it('should show the analytics toggle', () => {
wrapper = mountComponent();

3
spec/frontend/projects/new/components/__snapshots__/app_spec.js.snap
View File

@ -4,7 +4,6 @@ exports[`Experimental new project creation app creates correct panels 1`] = `
[
{
"description": "Create a blank project to store your files, plan your work, and collaborate on code, among other things.",
"imageSrc": "file-mock",
"key": "blank",
"name": "blank_project",
"selector": "#blank-project-pane",
@ -12,7 +11,6 @@ exports[`Experimental new project creation app creates correct panels 1`] = `
},
{
"description": "Create a project pre-populated with the necessary files to get you started quickly.",
"imageSrc": "file-mock",
"key": "template",
"name": "create_from_template",
"selector": "#create-from-template-pane",
@ -20,7 +18,6 @@ exports[`Experimental new project creation app creates correct panels 1`] = `
},
{
"description": "Migrate your data from an external source like GitHub, Bitbucket, or another instance of GitLab.",
"imageSrc": "file-mock",
"key": "import",
"name": "import_project",
"selector": "#import-project-pane",

9
spec/frontend/vue_shared/new_namespace/new_namespace_page_spec.js
View File

@ -16,7 +16,6 @@ describe('Experimental new namespace creation app', () => {
const findLegacyContainer = () => wrapper.findComponent(LegacyContainer);
const findTopBar = () => wrapper.findByTestId('top-bar');
const findBreadcrumb = () => wrapper.findComponent(GlBreadcrumb);
const findImage = () => wrapper.find('img');
const findNewTopLevelGroupAlert = () => wrapper.findComponent(NewTopLevelGroupAlert);
const findSuperSidebarToggle = () => wrapper.findComponent(SuperSidebarToggle);
const findAccountVerificationAlert = () => wrapper.findComponent(GlAlert);
@ -25,8 +24,8 @@ describe('Experimental new namespace creation app', () => {
title: 'Create something',
initialBreadcrumbs: [{ text: 'Something', href: '#' }],
panels: [
{ name: 'panel1', selector: '#some-selector1', imageSrc: 'panel1.svg' },
{ name: 'panel2', selector: '#some-selector2', imageSrc: 'panel2.svg' },
{ name: 'panel1', selector: '#some-selector1' },
{ name: 'panel2', selector: '#some-selector2' },
],
persistenceKey: 'DEMO-PERSISTENCE-KEY',
};
@ -89,10 +88,6 @@ describe('Experimental new namespace creation app', () => {
expect(breadcrumb.exists()).toBe(true);
expect(breadcrumb.props().items[0].text).toBe(DEFAULT_PROPS.initialBreadcrumbs[0].text);
});
it('renders images', () => {
expect(findImage().element.src).toBe(DEFAULT_PROPS.panels[1].imageSrc);
});
});
it('renders extra description if provided', () => {

10
spec/graphql/resolvers/wikis/wiki_page_resolver_spec.rb
View File

@ -9,7 +9,7 @@ RSpec.describe Resolvers::Wikis::WikiPageResolver, feature_category: :wiki do
let_it_be(:user) { create(:user) }
let_it_be(:project) { create(:project, :private, developers: user) }
let(:slug) { wiki_page_meta.slugs.first.slug }
let(:slug) { wiki_page_meta.canonical_slug }
context 'for project wikis' do
let_it_be(:wiki_page_meta) { create(:wiki_page_meta, :for_wiki_page, container: project) }
@ -25,6 +25,14 @@ RSpec.describe Resolvers::Wikis::WikiPageResolver, feature_category: :wiki do
it { is_expected.to be_nil }
end
context 'when page exists, but does not have a meta record' do
it 'creates a new WikiPage::Meta record' do
wiki_page_meta.delete
expect { resolved_wiki_page }.to change { WikiPage::Meta.count }.by(1)
end
end
end
context 'when both project_id and namespace_id are passed' do

Some files were not shown because too many files have changed in this diff Show More