root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2023-10-09 15:08:32 +00:00
parent 37281069ca
commit fa0535cda4
30 changed files with 161 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitlab/CODEOWNERS
View File

@ -546,7 +546,6 @@ lib/gitlab/checks/**
/doc/administration/settings/gitaly_timeouts.md @eread
/doc/administration/settings/import_and_export_settings.md @eread @ashrafkhamis
/doc/administration/settings/import_export_rate_limits.md @eread @ashrafkhamis
/doc/administration/settings/index.md @msedlakjakubowski
/doc/administration/settings/instance_template_repository.md @msedlakjakubowski
/doc/administration/settings/jira_cloud_app.md @eread @ashrafkhamis
/doc/administration/settings/package_registry_rate_limits.md @phillipwells
@ -771,6 +770,7 @@ lib/gitlab/checks/**
/doc/development/cascading_settings.md @jglassman1
/doc/development/chatops_on_gitlabcom.md @phillipwells
/doc/development/cicd/ @marcel.amirault
/doc/development/cloud_connector/ @jglassman1
/doc/development/code_intelligence/ @aqualls
/doc/development/code_owners/ @msedlakjakubowski
/doc/development/code_suggestions/ @jglassman1

2
Gemfile
View File

@ -495,7 +495,7 @@ group :test do
# Moved in `test` because https://gitlab.com/gitlab-org/gitlab/-/issues/217527
gem 'derailed_benchmarks', require: false # rubocop:todo Gemfile/MissingFeatureCategory
gem 'gitlab_quality-test_tooling', '~> 1.1.0', require: false # rubocop:todo Gemfile/MissingFeatureCategory
gem 'gitlab_quality-test_tooling', '~> 1.2.0', require: false # rubocop:todo Gemfile/MissingFeatureCategory
end
gem 'octokit', '~> 6.0' # rubocop:todo Gemfile/MissingFeatureCategory

2
Gemfile.checksum
View File

@ -217,7 +217,7 @@
{"name":"gitlab-styles","version":"10.1.0","platform":"ruby","checksum":"f42745f5397d042fe24cf2d0eb56c995b37f9f43d8fb79b834d197a1cafdc84a"},
{"name":"gitlab_chronic_duration","version":"0.12.0","platform":"ruby","checksum":"0d766944d415b5c831f176871ee8625783fc0c5bfbef2d79a3a616f207ffc16d"},
{"name":"gitlab_omniauth-ldap","version":"2.2.0","platform":"ruby","checksum":"bb4d20acb3b123ed654a8f6a47d3fac673ece7ed0b6992edb92dca14bad2838c"},
{"name":"gitlab_quality-test_tooling","version":"1.1.0","platform":"ruby","checksum":"1c1a7e2dc9a10d975c6901404a046597c34213f774082865cf4fda25ee511b71"},
{"name":"gitlab_quality-test_tooling","version":"1.2.0","platform":"ruby","checksum":"e2e9623c3e17a1d80751d8f2687a59edd4e4c86faf05cd94cd874aac6e2d089b"},
{"name":"globalid","version":"1.1.0","platform":"ruby","checksum":"b337e1746f0c8cb0a6c918234b03a1ddeb4966206ce288fbb57779f59b2d154f"},
{"name":"gon","version":"6.4.0","platform":"ruby","checksum":"e3a618d659392890f1aa7db420f17c75fd7d35aeb5f8fe003697d02c4b88d2f0"},
{"name":"google-apis-androidpublisher_v3","version":"0.34.0","platform":"ruby","checksum":"d7e1d7dd92f79c498fe2082222a1740d788e022e660c135564b3fd299cab5425"},

6
Gemfile.lock
View File

@ -687,8 +687,8 @@ GEM
omniauth (>= 1.3, < 3)
pyu-ruby-sasl (>= 0.0.3.3, < 0.1)
rubyntlm (~> 0.5)
gitlab_quality-test_tooling (1.1.0)
activesupport (>= 6.1, < 7.1)
gitlab_quality-test_tooling (1.2.0)
activesupport (>= 6.1, < 7.2)
gitlab (~> 4.19)
http (~> 5.0)
nokogiri (~> 1.10)
@ -1835,7 +1835,7 @@ DEPENDENCIES
gitlab-utils!
gitlab_chronic_duration (~> 0.12)
gitlab_omniauth-ldap (~> 2.2.0)
gitlab_quality-test_tooling (~> 1.1.0)
gitlab_quality-test_tooling (~> 1.2.0)
gon (~> 6.4.0)
google-apis-androidpublisher_v3 (~> 0.34.0)
google-apis-cloudbilling_v1 (~> 0.21.0)

5
app/assets/javascripts/vue_shared/new_namespace/new_namespace_page.vue
View File

@ -138,7 +138,10 @@ export default {
</div>
<template v-if="activePanel">
<div class="gl-display-flex gl-align-items-center gl-py-5">
<div
data-testid="active-panel-template"
class="gl-display-flex gl-align-items-center gl-py-5"
>
<div class="col-auto">
<img aria-hidden :src="activePanel.imageSrc" />
</div>

2
app/models/concerns/protected_ref_access.rb
View File

@ -71,6 +71,8 @@ module ProtectedRefAccess
return false if current_user.nil? || no_access?
return current_user.admin? if admin_access?
return false if Feature.enabled?(:check_membership_in_protected_ref_access) && !project.member?(current_user)
yield if block_given?
user_can_access?(current_user)

2
app/views/layouts/header/_super_sidebar_logged_out.haml
View File

@ -1,7 +1,7 @@
%header.navbar.navbar-gitlab.super-sidebar-logged-out{ data: { testid: 'navbar' } }
%a.gl-sr-only.gl-accessibility{ href: "#content-body" } Skip to content
.container-fluid
.header-content.gl-displax-flex
%nav.header-content.gl-displax-flex{ 'aria-label': s_('LoggedOutMarketingHeader|Explore GitLab') }
.title-container.gl-display-flex.gl-align-items-stretch.gl-pt-0.gl-mr-3
= render 'layouts/header/title'

10
app/workers/ci/unlock_pipelines_in_queue_worker.rb
View File

@ -11,19 +11,21 @@ module Ci
feature_category :build_artifacts
idempotent!
MAX_RUNNING_LOW = 5
MAX_RUNNING_MEDIUM = 10
MAX_RUNNING_HIGH = 20
MAX_RUNNING_LOW = 50
MAX_RUNNING_MEDIUM = 500
MAX_RUNNING_HIGH = 1500
def perform_work(*_)
pipeline_id = Ci::UnlockPipelineRequest.next!
return log_extra_metadata_on_done(:remaining_pending, 0) unless pipeline_id
Ci::Pipeline.find_by_id(pipeline_id).try do |pipeline|
log_extra_metadata_on_done(:pipeline_id, pipeline.id)
log_extra_metadata_on_done(:project, pipeline.project.full_path)
result = Ci::UnlockPipelineService.new(pipeline).execute
log_extra_metadata_on_done(:remaining_pending, Ci::UnlockPipelineRequest.total_pending)
log_extra_metadata_on_done(:pipeline_id, pipeline_id)
log_extra_metadata_on_done(:skipped_already_leased, result[:skipped_already_leased])
log_extra_metadata_on_done(:skipped_already_unlocked, result[:skipped_already_unlocked])
log_extra_metadata_on_done(:exec_timeout, result[:exec_timeout])

8
config/feature_flags/development/check_membership_in_protected_ref_access.yml Normal file
View File

@ -0,0 +1,8 @@
---
name: check_membership_in_protected_ref_access
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/132380
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/425926
milestone: '16.5'
type: development
group: group::source code
default_enabled: false

2
config/sidekiq_queues.yml
View File

@ -465,6 +465,8 @@
- 1
- - namespaces_process_sync_events
- 1
- - namespaces_storage_usage_export
- 1
- - namespaces_sync_namespace_name
- 1
- - namespaces_update_root_statistics

3
db/click_house/main/20230705124511_create_events.sql
View File

@ -6,10 +6,11 @@ CREATE TABLE events
target_id UInt64 DEFAULT 0,
target_type LowCardinality(String) DEFAULT '',
action UInt8 DEFAULT 0,
deleted UInt8 DEFAULT 0,
created_at DateTime64(6, 'UTC') DEFAULT now(),
updated_at DateTime64(6, 'UTC') DEFAULT now()
)
ENGINE = ReplacingMergeTree(updated_at)
ENGINE = ReplacingMergeTree(updated_at, deleted)
PRIMARY KEY (id)
ORDER BY (id)
PARTITION BY toYear(created_at)

2
doc/administration/application_settings_cache.md
View File

@ -1,6 +1,6 @@
---
stage: Data Stores
group: Application Performance
group: Cloud Connector
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/administration/monitoring/ip_allowlist.md
View File

@ -1,6 +1,6 @@
---
stage: Data Stores
group: Application Performance
group: Cloud Connector
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/administration/monitoring/performance/index.md
View File

@ -1,6 +1,6 @@
---
stage: Data Stores
group: Application Performance
group: Cloud Connector
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/administration/monitoring/performance/performance_bar.md
View File

@ -1,6 +1,6 @@
---
stage: Data Stores
group: Application Performance
group: Cloud Connector
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/administration/monitoring/prometheus/gitlab_exporter.md
View File

@ -1,6 +1,6 @@
---
stage: Data Stores
group: Application Performance
group: Cloud Connector
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/administration/monitoring/prometheus/web_exporter.md
View File

@ -1,6 +1,6 @@
---
stage: Data Stores
group: Application Performance
group: Cloud Connector
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/administration/sidekiq/sidekiq_memory_killer.md
View File

@ -1,6 +1,6 @@
---
stage: Data Stores
group: Application Performance
group: Cloud Connector
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/development/cached_queries.md
View File

@ -1,6 +1,6 @@
---
stage: Data Stores
group: Application Performance
group: Cloud Connector
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/development/real_time.md
View File

@ -1,6 +1,6 @@
---
stage: Data Stores
group: Application Performance
group: Cloud Connector
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

6
doc/user/project/repository/branches/index.md
View File

@ -288,11 +288,7 @@ To do this:
## Configure rules for target branches **(PREMIUM ALL)**
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/127115) in GitLab 16.4 [with a flag](../../../../administration/feature_flags.md) named `target_branch_rules_flag`. Disabled by default.
FLAG:
On self-managed GitLab, by default this feature is not available. To make it available, an administrator can [enable the feature flag](../../../../administration/feature_flags.md) named `target_branch_rules_flag`.
On GitLab.com, this feature is not available.
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/127115) in GitLab 16.4 [with a flag](../../../../administration/feature_flags.md) named `target_branch_rules_flag`. Enabled by default.
Some projects use multiple long-term branches for development, like `develop` and `qa`.
In these projects, you might want to keep `main` as the default branch, but expect

30
doc/user/project/repository/reducing_the_repo_size_using_git.md
View File

@ -324,3 +324,33 @@ are accurate.
To expedite this process, see the
['Prune Unreachable Objects' housekeeping task](../../../administration/housekeeping.md).
### Sidekiq process fails to export a project
Occasionally the Sidekiq process can fail to export a project, for example if
it is terminated during execution.
To bypass the Sidekiq process, use the Rails console to manually trigger the project export:
```ruby
project = Project.find(1)
current_user = User.find_by(username: 'my-user-name')
RequestStore.begin!
ActiveRecord::Base.logger = Logger.new(STDOUT)
params = {}
::Projects::ImportExport::ExportService.new(project, current_user, params).execute(nil)
```
This makes the export available through the UI, but does not trigger an email to the user.
To manually trigger the project export and send an email:
```ruby
project = Project.find(1)
current_user = User.find_by(username: 'my-user-name')
RequestStore.begin!
ActiveRecord::Base.logger = Logger.new(STDOUT)
params = {}
ProjectExportWorker.new.perform(current_user.id, project.id)
```

2
lib/gitlab/sidekiq_middleware/extra_done_log_metadata.rb
View File

@ -5,7 +5,7 @@ module Gitlab
class ExtraDoneLogMetadata
def call(worker, job, queue)
yield
ensure
# We needed a way to pass state from a worker in to the
# Gitlab::SidekiqLogging::StructuredLogger . Unfortunately the
# StructuredLogger itself is not a middleware so cannot access the

2
lib/tasks/gitlab/tw/codeowners.rake
View File

@ -25,7 +25,7 @@ namespace :tw do
CodeOwnerRule.new('AI Model Validation', '@sselhorn'),
CodeOwnerRule.new('Analytics Instrumentation', '@lciutacu'),
CodeOwnerRule.new('Anti-Abuse', '@phillipwells'),
CodeOwnerRule.new('Application Performance', '@jglassman1'),
CodeOwnerRule.new('Cloud Connector', '@jglassman1'),
CodeOwnerRule.new('Authentication and Authorization', '@jglassman1'),
# CodeOwnerRule.new('Billing and Subscription Management', ''),
CodeOwnerRule.new('Code Creation', '@jglassman1'),

2
package.json
View File

@ -257,7 +257,7 @@
"cheerio": "^1.0.0-rc.9",
"commander": "^2.20.3",
"custom-jquery-matchers": "^2.1.0",
"eslint": "8.50.0",
"eslint": "8.51.0",
"eslint-import-resolver-jest": "3.0.2",
"eslint-import-resolver-webpack": "0.13.7",
"eslint-plugin-import": "^2.28.1",

22
spec/lib/gitlab/database/click_house_client_spec.rb
View File

@ -112,6 +112,28 @@ RSpec.describe 'ClickHouse::Client', :click_house, feature_category: :database d
results = ClickHouse::Client.select(select_query, :main)
expect(results).to be_empty
# Async, lazy deletion
# Set the `deleted` field to 1 and update the `updated_at` timestamp.
# Based on the highest version of the given row (updated_at), CH will eventually remove the row.
# See: https://clickhouse.com/docs/en/engines/table-engines/mergetree-family/replacingmergetree#is_deleted
soft_delete_query = ClickHouse::Client::Query.new(
raw_query: %{
INSERT INTO events (id, deleted, updated_at)
VALUES ({id:UInt64}, 1, {updated_at:DateTime64(6, 'UTC')})
},
placeholders: { id: event2.id, updated_at: (event2.updated_at + 2.hours).utc.to_f }
)
ClickHouse::Client.execute(soft_delete_query, :main)
select_query = ClickHouse::Client::Query.new(
raw_query: 'SELECT * FROM events FINAL WHERE id = {id:UInt64}',
placeholders: { id: event2.id }
)
results = ClickHouse::Client.select(select_query, :main)
expect(results).to be_empty
end
end
end

10
spec/lib/gitlab/sidekiq_middleware/extra_done_log_metadata_spec.rb
View File

@ -26,10 +26,18 @@ RSpec.describe Gitlab::SidekiqMiddleware::ExtraDoneLogMetadata do
expect(job).to eq({ 'jid' => 123, 'extra.admin_email_worker.key1' => 15, 'extra.admin_email_worker.key2' => 16 })
end
it 'does not raise when the worker does not respond to #done_log_extra_metadata' do
it 'does not raise when the worker does not respond to #logging_extras' do
expect { |b| subject.call(worker_without_application_worker, job, queue, &b) }.to yield_control
expect(job).to eq({ 'jid' => 123 })
end
it 'still merges logging_extras even when an error is raised during job execution' do
worker.log_extra_metadata_on_done(:key1, 15)
worker.log_extra_metadata_on_done(:key2, 16)
expect { subject.call(worker, job, queue) { raise 'an error' } }.to raise_error(StandardError, 'an error')
expect(job).to eq({ 'jid' => 123, 'extra.admin_email_worker.key1' => 15, 'extra.admin_email_worker.key2' => 16 })
end
end
end

45
spec/support/shared_examples/models/concerns/protected_ref_access_examples.rb
View File

@ -52,7 +52,11 @@ RSpec.shared_examples 'protected ref access' do |association|
end
describe '#check_access' do
let_it_be(:group) { create(:group) }
# Making a project public to avoid false positives tests
let_it_be(:project) { create(:project, :public, group: group) }
let_it_be(:current_user) { create(:user) }
let_it_be(:protected_ref) { create(association, project: project) }
let(:access_level) { ::Gitlab::Access::DEVELOPER }
@ -71,6 +75,47 @@ RSpec.shared_examples 'protected ref access' do |association|
it { expect(subject.check_access(nil)).to eq(false) }
end
context 'when current_user access exists without membership' do
let(:other_user) { create(:user) }
let(:user_access) do
described_class.new(association => protected_ref, access_level: access_level, user_id: other_user.id)
end
let(:enable_ff) { false }
before do
stub_feature_flags(check_membership_in_protected_ref_access: enable_ff)
end
it 'does not check membership if check_membership_in_protected_ref_access FF is disabled' do
expect(project).not_to receive(:member?).with(other_user)
user_access.check_access(other_user)
end
context 'when check_membership_in_protected_ref_access FF is enabled' do
let(:enable_ff) { true }
it 'does check membership' do
expect(project).to receive(:member?).with(other_user)
user_access.check_access(other_user)
end
it 'returns false' do
expect(user_access.check_access(other_user)).to be_falsey
end
context 'when user has inherited membership' do
let!(:inherited_membership) { create(:group_member, group: group, user: other_user) }
it do
expect(user_access.check_access(other_user)).to be_truthy
end
end
end
end
context 'when access_level is NO_ACCESS' do
let(:access_level) { ::Gitlab::Access::NO_ACCESS }

3
spec/workers/ci/unlock_pipelines_in_queue_worker_spec.rb
View File

@ -31,8 +31,9 @@ RSpec.describe Ci::UnlockPipelinesInQueueWorker, :unlock_pipelines, :clean_gitla
unlocked_pipeline_artifacts: 2
)
expect(worker).to receive(:log_extra_metadata_on_done).with(:remaining_pending, 1)
expect(worker).to receive(:log_extra_metadata_on_done).with(:pipeline_id, pipeline_1.id)
expect(worker).to receive(:log_extra_metadata_on_done).with(:project, pipeline_1.project.full_path)
expect(worker).to receive(:log_extra_metadata_on_done).with(:remaining_pending, 1)
expect(worker).to receive(:log_extra_metadata_on_done).with(:skipped_already_leased, false)
expect(worker).to receive(:log_extra_metadata_on_done).with(:skipped_already_unlocked, false)
expect(worker).to receive(:log_extra_metadata_on_done).with(:exec_timeout, false)

18
yarn.lock
View File

@ -1194,10 +1194,10 @@
minimatch "^3.1.2"
strip-json-comments "^3.1.1"
"@eslint/js@8.50.0":
version "8.50.0"
resolved "https://registry.yarnpkg.com/@eslint/js/-/js-8.50.0.tgz#9e93b850f0f3fa35f5fa59adfd03adae8488e484"
integrity sha512-NCC3zz2+nvYd+Ckfh87rA47zfu2QsQpvc6k1yzTk+b9KzRj0wkGa8LSoGOXN6Zv4lRf/EIoZ80biDh9HOI+RNQ==
"@eslint/js@8.51.0":
version "8.51.0"
resolved "https://registry.yarnpkg.com/@eslint/js/-/js-8.51.0.tgz#6d419c240cfb2b66da37df230f7e7eef801c32fa"
integrity sha512-HxjQ8Qn+4SI3/AFv6sOrDB+g6PpUTDwSJiQqOrnneEk8L71161srI9gjzzZvYVbzHiVg/BvcH95+cK/zfIt4pg==
"@floating-ui/core@^1.2.6":
version "1.2.6"
@ -6329,15 +6329,15 @@ eslint-visitor-keys@^3.3.0, eslint-visitor-keys@^3.4.1, eslint-visitor-keys@^3.4
resolved "https://registry.yarnpkg.com/eslint-visitor-keys/-/eslint-visitor-keys-3.4.3.tgz#0cd72fe8550e3c2eae156a96a4dddcd1c8ac5800"
integrity sha512-wpc+LXeiyiisxPlEkUzU6svyS1frIO3Mgxj1fdy7Pm8Ygzguax2N3Fa/D/ag1WqbOprdI+uY6wMUl8/a2G+iag==
eslint@8.50.0:
version "8.50.0"
resolved "https://registry.yarnpkg.com/eslint/-/eslint-8.50.0.tgz#2ae6015fee0240fcd3f83e1e25df0287f487d6b2"
integrity sha512-FOnOGSuFuFLv/Sa+FDVRZl4GGVAAFFi8LecRsI5a1tMO5HIE8nCm4ivAlzt4dT3ol/PaaGC0rJEEXQmHJBGoOg==
eslint@8.51.0:
version "8.51.0"
resolved "https://registry.yarnpkg.com/eslint/-/eslint-8.51.0.tgz#4a82dae60d209ac89a5cff1604fea978ba4950f3"
integrity sha512-2WuxRZBrlwnXi+/vFSJyjMqrNjtJqiasMzehF0shoLaW7DzS3/9Yvrmq5JiT66+pNjiX4UBnLDiKHcWAr/OInA==
dependencies:
"@eslint-community/eslint-utils" "^4.2.0"
"@eslint-community/regexpp" "^4.6.1"
"@eslint/eslintrc" "^2.1.2"
"@eslint/js" "8.50.0"
"@eslint/js" "8.51.0"
"@humanwhocodes/config-array" "^0.11.11"
"@humanwhocodes/module-importer" "^1.0.1"
"@nodelib/fs.walk" "^1.2.8"