root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2024-10-18 15:18:27 +00:00
parent bde92d8989
commit ff09936938
49 changed files with 604 additions and 358 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
GITLAB_KAS_VERSION
View File

@ -1 +1 @@
d640111e807a3551540e72a1b79b381f33b9105b
fc8928109f97c8239cde31aafc11c6b84bbd24c3

1
app/assets/javascripts/work_items/graphql/notes/work_item_notes_by_iid.query.graphql
View File

@ -13,6 +13,7 @@ query workItemNotesByIid($fullPath: ID!, $iid: String!, $after: String, $pageSiz
widgets {
... on WorkItemWidgetNotes {
type
discussionLocked
discussions(first: $pageSize, after: $after, filter: ALL_NOTES) {
pageInfo {
...PageInfo

23
app/helpers/search_helper.rb
View File

@ -365,8 +365,14 @@ module SearchHelper
# Autocomplete results for the current user's projects
def projects_autocomplete(term, limit = 5)
current_user.authorized_projects.order_id_desc.search(term, include_namespace: true, use_minimum_char_limit: false)
.sorted_by_stars_desc.non_archived.limit(limit).map do |p|
projects = if Feature.enabled?(:autocomplete_projects_use_search_service, current_user)
search_using_search_service(current_user, 'projects', term, limit)
else
current_user.authorized_projects.order_id_desc.search(term, include_namespace: true, use_minimum_char_limit: false)
.sorted_by_stars_desc.non_archived.limit(limit)
end
projects.map do |p|
{
category: "Projects",
id: p.id,
@ -385,10 +391,7 @@ module SearchHelper
return []
end
::SearchService
.new(current_user, { scope: 'users', per_page: limit, search: term })
.search_objects
.map do |user|
search_using_search_service(current_user, 'users', term, limit).map do |user|
{
category: "Users",
id: user.id,
@ -603,6 +606,14 @@ module SearchHelper
def wiki_blob_link(wiki_blob)
project_wiki_path(wiki_blob.project, wiki_blob.basename)
end
def search_using_search_service(user, scope, term, limit, additional_params = {})
params = { scope: scope, search: term }.merge(additional_params)
::SearchService
.new(user, params)
.search_objects
.first(limit)
end
end
SearchHelper.prepend_mod_with('SearchHelper')

2
app/models/namespace.rb
View File

@ -159,7 +159,7 @@ class Namespace < ApplicationRecord
validate :parent_organization_match, if: :require_organization?
attribute :organization_id, :integer, default: -> do
return 1 if Feature.enabled?(:namespace_model_default_org)
return 1 if Feature.enabled?(:namespace_model_default_org, Feature.current_request)
columns_hash['organization_id'].default
end

2
app/services/ci/job_token_scope/remove_group_service.rb
View File

@ -14,7 +14,7 @@ module Ci
return ServiceResponse.error(message: 'Target group is not in the job token scope') unless link
if link.destroy
ServiceResponse.success
ServiceResponse.success(payload: link)
else
ServiceResponse.error(message: link.errors.full_messages.to_sentence, payload: { group_link: link })
end

2
app/services/ci/job_token_scope/remove_project_service.rb
View File

@ -21,7 +21,7 @@ module Ci
end
if link.destroy
ServiceResponse.success
ServiceResponse.success(payload: link)
else
ServiceResponse.error(message: link.errors.full_messages.to_sentence, payload: { project_link: link })
end

9
config/feature_flags/gitlab_com_derisk/autocomplete_projects_use_search_service.yml Normal file
View File

@ -0,0 +1,9 @@
---
name: autocomplete_projects_use_search_service
feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/472011
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/169425
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/499540
milestone: '17.6'
group: group::global search
type: gitlab_com_derisk
default_enabled: false

2
db/docs/batched_background_migrations/backfill_packages_nuget_symbols_project_id.yml
View File

@ -3,6 +3,6 @@ migration_job_name: BackfillPackagesNugetSymbolsProjectId
description: Populates the `project_id` column of `packages_nuget_symbols` table from the `packages_packages` table
feature_category: package_registry
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/166743
milestone: '17.5'
milestone: '17.6'
queued_migration_version: 20240911173549
finalized_by: # version of the migration that finalized this BBM

2
db/docs/batched_background_migrations/delete_orphaned_deploy_tokens.yml
View File

@ -5,4 +5,4 @@ feature_category: continuous_delivery
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/162957
milestone: '17.4'
queued_migration_version: 20240814025044
finalized_by: # version of the migration that finalized this BBM
finalized_by: 20241016215438

6
db/docs/import_export_uploads.yml
View File

@ -8,5 +8,7 @@ description: Used to store the location of the imported or exported archives fil
of groups or projects when using the feature Import/Export
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/commit/a2bf1641546a1d3eeb3e9f44734854f655c0adef
milestone: '11.1'
gitlab_schema: gitlab_main
sharding_key_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/463854
gitlab_schema: gitlab_main_cell
sharding_key:
project_id: projects
group_id: namespaces

2
db/migrate/20240911173251_add_project_id_to_packages_nuget_symbols.rb
View File

@ -1,7 +1,7 @@
# frozen_string_literal: true
class AddProjectIdToPackagesNugetSymbols < Gitlab::Database::Migration[2.2]
milestone '17.5'
milestone '17.6'
def change
add_column :packages_nuget_symbols, :project_id, :bigint

2
db/post_migrate/20240911173549_queue_backfill_packages_nuget_symbols_project_id.rb
View File

@ -1,7 +1,7 @@
# frozen_string_literal: true
class QueueBackfillPackagesNugetSymbolsProjectId < Gitlab::Database::Migration[2.2]
milestone '17.5'
milestone '17.6'
disable_ddl_transaction
restrict_gitlab_migration gitlab_schema: :gitlab_main

2
db/post_migrate/20240920141026_add_index_on_project_id_to_packages_nuget_symbols.rb
View File

@ -2,7 +2,7 @@
class AddIndexOnProjectIdToPackagesNugetSymbols < Gitlab::Database::Migration[2.2]
disable_ddl_transaction!
milestone '17.5'
milestone '17.6'
INDEX_NAME = :index_packages_nuget_symbols_on_project_id

19
db/post_migrate/20241008163123_add_project_id_not_null_constraint_to_ci_stages.rb Normal file
View File

@ -0,0 +1,19 @@
# frozen_string_literal: true
class AddProjectIdNotNullConstraintToCiStages < Gitlab::Database::Migration[2.2]
milestone '17.6'
disable_ddl_transaction!
TABLE_NAME = :p_ci_stages
COLUMN_NAME = :project_id
CONSTRAINT_NAME = :check_74835fc631
def up
add_not_null_constraint(TABLE_NAME, COLUMN_NAME, constraint_name: CONSTRAINT_NAME, validate: false)
end
def down
remove_not_null_constraint(TABLE_NAME, COLUMN_NAME, constraint_name: CONSTRAINT_NAME)
end
end

16
db/post_migrate/20241008181924_prepare_project_id_not_null_validation_on_ci_stages.rb Normal file
View File

@ -0,0 +1,16 @@
# frozen_string_literal: true
class PrepareProjectIdNotNullValidationOnCiStages < Gitlab::Database::Migration[2.2]
milestone '17.6'
PARTITIONED_TABLE_NAME = :p_ci_stages
CONSTRAINT_NAME = 'check_74835fc631'
def up
prepare_partitioned_async_check_constraint_validation PARTITIONED_TABLE_NAME, name: CONSTRAINT_NAME
end
def down
unprepare_partitioned_async_check_constraint_validation PARTITIONED_TABLE_NAME, name: CONSTRAINT_NAME
end
end

17
db/post_migrate/20241010101254_delete_import_export_uploads_without_project_id_or_group_id.rb Normal file
View File

@ -0,0 +1,17 @@
# frozen_string_literal: true
class DeleteImportExportUploadsWithoutProjectIdOrGroupId < Gitlab::Database::Migration[2.2]
milestone '17.6'
restrict_gitlab_migration gitlab_schema: :gitlab_main
def up
define_batchable_model('import_export_uploads').each_batch(of: 10_000) do |batch|
batch.where('project_id IS NULL AND group_id IS NULL').delete_all
end
end
def down
# no-op
end
end

15
db/post_migrate/20241010101414_add_multi_not_null_constraint_to_import_export_upload.rb Normal file
View File

@ -0,0 +1,15 @@
# frozen_string_literal: true
class AddMultiNotNullConstraintToImportExportUpload < Gitlab::Database::Migration[2.2]
milestone '17.6'
disable_ddl_transaction!
def up
add_multi_column_not_null_constraint(:import_export_uploads, :group_id, :project_id)
end
def down
remove_multi_column_not_null_constraint(:import_export_uploads, :group_id, :project_id)
end
end

21
db/post_migrate/20241016215438_finalize_delete_orphaned_deploy_tokens.rb Normal file
View File

@ -0,0 +1,21 @@
# frozen_string_literal: true
class FinalizeDeleteOrphanedDeployTokens < Gitlab::Database::Migration[2.2]
disable_ddl_transaction!
restrict_gitlab_migration gitlab_schema: :gitlab_main
milestone '17.6'
def up
ensure_batched_background_migration_is_finished(
job_class_name: 'DeleteOrphanedDeployTokens',
table_name: :deploy_tokens,
column_name: :id,
job_arguments: []
)
end
def down
# no-op
end
end

1
db/schema_migrations/20241008163123 Normal file
View File

@ -0,0 +1 @@
04ec88c92b45d6e2db902b5bb057b6a0de08b8920ba10ee8dc7e6e89b29c930a

1
db/schema_migrations/20241008181924 Normal file
View File

@ -0,0 +1 @@
6f21a5069492944edbd966dfced73fa62b68a65c2c234b4ae673e2d7b25265cb

1
db/schema_migrations/20241010101254 Normal file
View File

@ -0,0 +1 @@
13eb17b6a07fcff6a68834c7544418ac9615aff61e059d2fd782e144e5b76653

1
db/schema_migrations/20241010101414 Normal file
View File

@ -0,0 +1 @@
21a33cd460df6d4f02a040603e9c5ad0fbd02f01aae1a6c48bdd3cca21c426b1

1
db/schema_migrations/20241016215438 Normal file
View File

@ -0,0 +1 @@
7f9ae96c208be20b969cb6f4706bc8db36b1693ef6a1a8a72e8d645f6db34d79

6
db/structure.sql
View File

@ -12295,7 +12295,8 @@ CREATE TABLE import_export_uploads (
group_id bigint,
remote_import_url text,
user_id bigint,
CONSTRAINT check_58f0d37481 CHECK ((char_length(remote_import_url) <= 2048))
CONSTRAINT check_58f0d37481 CHECK ((char_length(remote_import_url) <= 2048)),
CONSTRAINT check_e54579866d CHECK ((num_nonnulls(group_id, project_id) = 1))
);
CREATE SEQUENCE import_export_uploads_id_seq
@ -24190,6 +24191,9 @@ ALTER TABLE ci_job_variables
ALTER TABLE p_ci_pipeline_variables
ADD CONSTRAINT check_6e932dbabf CHECK ((project_id IS NOT NULL)) NOT VALID;
ALTER TABLE p_ci_stages
ADD CONSTRAINT check_74835fc631 CHECK ((project_id IS NOT NULL)) NOT VALID;
ALTER TABLE sprints
ADD CONSTRAINT check_ccd8a1eae0 CHECK ((start_date IS NOT NULL)) NOT VALID;

103
doc/administration/cicd/index.md
View File

@ -116,110 +116,9 @@ balanced across many projects.
### Disable compute quota enforcement
To disable the enforcement of [compute quotas](../../ci/pipelines/compute_minutes.md) on instance runners, you can temporarily
To disable the enforcement of [compute minutes quotas](compute_minutes.md) on instance runners, you can temporarily
enable the `ci_queueing_disaster_recovery_disable_quota` [feature flag](../feature_flags.md).
This flag reduces system resource usage on the `jobs/request` endpoint.
When enabled, jobs created in the last hour can run in projects which are out of quota.
Earlier jobs are already canceled by a periodic background worker (`StuckCiJobsWorker`).
## CI/CD troubleshooting Rails console commands
The following commands are run in the [Rails console](../operations/rails_console.md#starting-a-rails-console-session).
WARNING:
Any command that changes data directly could be damaging if not run correctly, or under the right conditions.
We highly recommend running them in a test environment with a backup of the instance ready to be restored, just in case.
### Cancel all running pipelines and their jobs
```ruby
admin = User.find(user_id) # replace user_id with the id of the admin you want to cancel the pipeline
# Iterate over each cancelable pipeline
Ci::Pipeline.cancelable.find_each do |pipeline|
Ci::CancelPipelineService.new(
pipeline: pipeline,
current_user: user,
cascade_to_children: false # the children are included in the outer loop
)
end
```
### Cancel stuck pending pipelines
```ruby
project = Project.find_by_full_path('<project_path>')
Ci::Pipeline.where(project_id: project.id).where(status: 'pending').count
Ci::Pipeline.where(project_id: project.id).where(status: 'pending').each {|p| p.cancel if p.stuck?}
Ci::Pipeline.where(project_id: project.id).where(status: 'pending').count
```
### Try merge request integration
```ruby
project = Project.find_by_full_path('<project_path>')
mr = project.merge_requests.find_by(iid: <merge_request_iid>)
mr.project.try(:ci_integration)
```
### Validate the `.gitlab-ci.yml` file
```ruby
project = Project.find_by_full_path('<project_path>')
content = p.ci_config_for(project.repository.root_ref_sha)
Gitlab::Ci::Lint.new(project: project, current_user: User.first).validate(content)
```
### Disable AutoDevOps on Existing Projects
```ruby
Project.all.each do |p|
p.auto_devops_attributes={"enabled"=>"0"}
p.save
end
```
### Obtain runners registration token
WARNING:
The ability to pass a runner registration token, and support for certain configuration arguments, was
[deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/380872) in GitLab 15.6 and is planned for removal
in GitLab 18.0. Runner authentication tokens should be used instead. For more information, see
[Migrating to the new runner registration workflow](../../ci/runners/new_creation_workflow.md).
Prerequisites:
- Runner registration tokens must be [enabled](../settings/continuous_integration.md#enable-runner-registrations-tokens) in the **Admin** area.
```ruby
Gitlab::CurrentSettings.current_application_settings.runners_registration_token
```
### Seed runners registration token
WARNING:
The ability to pass a runner registration token, and support for certain configuration arguments, was
[deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/380872) in GitLab 15.6 and is planned for removal
in GitLab 18.0. Runner authentication tokens should be used instead. For more information, see
[Migrating to the new runner registration workflow](../../ci/runners/new_creation_workflow.md).
```ruby
appSetting = Gitlab::CurrentSettings.current_application_settings
appSetting.set_runners_registration_token('<new-runners-registration-token>')
appSetting.save!
```
### Run pipeline schedules manually
You can run pipeline schedules manually through the Rails console to reveal any errors that are usually not visible.
```ruby
# schedule_id can be obtained from Edit Pipeline Schedule page
schedule = Ci::PipelineSchedule.find_by(id: <schedule_id>)
# Select the user that you want to run the schedule for
user = User.find_by_username('<username>')
# Run the schedule
ps = Ci::CreatePipelineService.new(schedule.project, user, ref: schedule.ref).execute!(:schedule, ignore_skip_ci: true, save_on_errors: false, schedule: schedule)
```

60
doc/administration/cicd/job_artifacts_troubleshooting.md
View File

@ -248,7 +248,9 @@ To change the number of job artifacts listed, change the number in `limit(50)`.
### Delete old builds and artifacts
WARNING:
These commands remove data permanently from database and storage. Before running them, we highly recommend seeking guidance from a Support Engineer, or running them in a test environment with a backup of the instance ready to be restored, just in case.
These commands remove data permanently. Before running them in a production environment,
you should try them in a test environment first and make a backup of the instance
that can be restored if needed.
#### Delete old artifacts for a project
@ -355,6 +357,48 @@ Rerun the deletion with shorter durations as needed, for example `3.months.ago`,
The method `erase_erasable_artifacts!` is synchronous, and upon execution the artifacts are immediately removed;
they are not scheduled by a background queue.
### Delete old pipelines
WARNING:
These commands remove data permanently. Before running them in a production environment,
consider seeking guidance from a Support Engineer. You should also try them in a test environment first
and make a backup of the instance that can be restored if needed.
Deleting a pipeline also removes that pipeline's:
- Job artifacts
- Job logs
- Job metadata
- Pipeline metadata
Removing job and pipeline metadata can help reduce the size of the CI tables in the database.
The CI tables are usually the largest tables in an instance's database.
#### Delete old pipelines for a project
```ruby
project = Project.find_by_full_path('path/to/project')
user = User.find(1)
project.ci_pipelines.where("finished_at < ?", 1.year.ago).each_batch do |batch|
batch.each do |pipeline|
puts "Erasing pipeline #{pipeline.id}"
::Ci::DestroyPipelineService.new(pipeline.project, user).execute(pipeline)
end
end
```
#### Delete old pipelines instance-wide
```ruby
user = User.find(1)
Ci::Pipeline.where("finished_at < ?", 1.year.ago).each_batch do |batch|
batch.each do |pipeline|
puts "Erasing pipeline #{pipeline.id} for project #{pipeline.project_id}"
::Ci::DestroyPipelineService.new(pipeline.project, user).execute(pipeline)
end
end
```
## Job artifact upload fails with error 500
If you are using object storage for artifacts and a job artifact fails to upload,
@ -546,3 +590,17 @@ sequenceDiagram
W->>C: 401 Unauthorized
end
```
## `413 Request Entity Too Large` error
If the artifacts are too large, the job might fail with the following error:
```plaintext
Uploading artifacts as "archive" to coordinator... too large archive <job-id> responseStatus=413 Request Entity Too Large status=413" at end of a build job on pipeline when trying to store artifacts to <object-storage>.
```
You might need to:
- Increase the [maximum artifacts size](../settings/continuous_integration.md#maximum-artifacts-size).
- If you are using NGINX as a proxy server, increase the file upload size limit which is limited to 1 MB by default.
Set a higher value for `client-max-body-size` in the NGINX configuration file.

114
doc/administration/cicd/maintenance.md Normal file
View File

@ -0,0 +1,114 @@
---
stage: Verify
group: Pipeline Execution
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
---
# CI/CD maintenance console commands
DETAILS:
**Tier:** Free, Premium, Ultimate
**Offering:** Self-managed
The following commands are run in the [Rails console](../operations/rails_console.md#starting-a-rails-console-session).
WARNING:
Any command that changes data directly could be damaging if not run correctly, or under the right conditions.
We highly recommend running them in a test environment with a backup of the instance ready to be restored, just in case.
## Cancel all running pipelines and their jobs
```ruby
admin = User.find(user_id) # replace user_id with the id of the admin you want to cancel the pipeline
# Iterate over each cancelable pipeline
Ci::Pipeline.cancelable.find_each do |pipeline|
Ci::CancelPipelineService.new(
pipeline: pipeline,
current_user: user,
cascade_to_children: false # the children are included in the outer loop
)
end
```
## Cancel stuck pending pipelines
```ruby
project = Project.find_by_full_path('<project_path>')
Ci::Pipeline.where(project_id: project.id).where(status: 'pending').count
Ci::Pipeline.where(project_id: project.id).where(status: 'pending').each {|p| p.cancel if p.stuck?}
Ci::Pipeline.where(project_id: project.id).where(status: 'pending').count
```
## Try merge request integration
```ruby
project = Project.find_by_full_path('<project_path>')
mr = project.merge_requests.find_by(iid: <merge_request_iid>)
mr.project.try(:ci_integration)
```
## Validate the `.gitlab-ci.yml` file
```ruby
project = Project.find_by_full_path('<project_path>')
content = p.ci_config_for(project.repository.root_ref_sha)
Gitlab::Ci::Lint.new(project: project, current_user: User.first).validate(content)
```
## Disable AutoDevOps on Existing Projects
```ruby
Project.all.each do |p|
p.auto_devops_attributes={"enabled"=>"0"}
p.save
end
```
## Run pipeline schedules manually
You can run pipeline schedules manually through the Rails console to reveal any errors that are usually not visible.
```ruby
# schedule_id can be obtained from Edit Pipeline Schedule page
schedule = Ci::PipelineSchedule.find_by(id: <schedule_id>)
# Select the user that you want to run the schedule for
user = User.find_by_username('<username>')
# Run the schedule
ps = Ci::CreatePipelineService.new(schedule.project, user, ref: schedule.ref).execute!(:schedule, ignore_skip_ci: true, save_on_errors: false, schedule: schedule)
```
<!--- start_remove The following content will be removed on remove_date: '2025-08-15' -->
## Obtain runners registration token (deprecated)
WARNING:
The ability to pass a runner registration token, and support for certain configuration arguments, was
[deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/380872) in GitLab 15.6 and is planned for removal
in GitLab 18.0. Runner authentication tokens should be used instead. For more information, see
[Migrating to the new runner registration workflow](../../ci/runners/new_creation_workflow.md).
Prerequisites:
- Runner registration tokens must be [enabled](../settings/continuous_integration.md#allow-runner-registrations-tokens) in the **Admin** area.
```ruby
Gitlab::CurrentSettings.current_application_settings.runners_registration_token
```
## Seed runners registration token (deprecated)
WARNING:
The ability to pass a runner registration token, and support for certain configuration arguments, was
[deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/380872) in GitLab 15.6 and is planned for removal
in GitLab 18.0. Runner authentication tokens should be used instead. For more information, see
[Migrating to the new runner registration workflow](../../ci/runners/new_creation_workflow.md).
```ruby
appSetting = Gitlab::CurrentSettings.current_application_settings
appSetting.set_runners_registration_token('<new-runners-registration-token>')
appSetting.save!
```
<!--- end_remove -->

23
doc/administration/dedicated/configure_instance.md
View File

@ -438,25 +438,30 @@ Switchboard Tenant Admins can also manage email notifications for other users wi
You will see an alert confirming that your notification preferences have been updated.
### Access to application logs
### Application logs
GitLab [application logs](../../administration/logs/index.md) are delivered to an S3 bucket in the GitLab tenant account, which can be shared with you. Logs stored in the S3 bucket are retained indefinitely, until the 1 year retention policy is fully enforced. GitLab team members can view more information in this confidential issue:
`https://gitlab.com/gitlab-com/gl-infra/gitlab-dedicated/team/-/issues/483`.
GitLab delivers [application logs](../../administration/logs/index.md) to an Amazon S3 bucket in the GitLab tenant account, which can be shared with you.
To gain read only access to this bucket:
Logs stored in the S3 bucket are retained indefinitely, until the one year retention policy is fully enforced. GitLab team members can view more information in confidential issue [483](https://gitlab.com/gitlab-com/gl-infra/gitlab-dedicated/team/-/issues/483).
1. Open a [support ticket](https://support.gitlab.com/hc/en-us/requests/new?ticket_form_id=4414917877650) with the title "Customer Log Access". In the body of the ticket, include a list of IAM Principal ARNs (users or roles) that are fetching the logs from S3.
1. GitLab then informs you of the name of the S3 bucket. Your nominated users/roles are then able to list and get all objects in the S3 bucket.
#### Request bucket access
You can use the [AWS CLI](https://aws.amazon.com/cli/) to verify that access to the S3 bucket works as expected.
To gain read only access to the S3 bucket with your application logs:
1. Open a [support ticket](https://support.gitlab.com/hc/en-us/requests/new?ticket_form_id=4414917877650) with the title `Customer Log Access`.
1. In the body of the ticket, include a list of IAM Principal Amazon Resource Names (users or roles) that require access to the logs from the S3 bucket.
GitLab provides the name of the S3 bucket. Your authorized users or roles can then access all objects in the bucket. To verify access, you can use the [AWS CLI](https://aws.amazon.com/cli/).
#### Bucket contents and structure
The S3 bucket contains a combination of **infrastructure logs** and **application logs** from the GitLab [log system](../../administration/logs/index.md). The logs in the bucket are encrypted using an AWS KMS key that is managed by GitLab. If you choose to enable [BYOK](../../administration/dedicated/create_instance.md#encrypted-data-at-rest-byok), the application logs are not encrypted with the key you provide.
The Amazon S3 bucket contains a combination of infrastructure logs and application logs from the GitLab [log system](../../administration/logs/index.md).
The logs in the bucket are encrypted using an AWS KMS key managed by GitLab. If you choose to enable [BYOK](../../administration/dedicated/create_instance.md#encrypted-data-at-rest-byok), the application logs are not encrypted with the key you provide.
<!-- vale gitlab_base.Spelling = NO -->
The logs in the S3 bucket are organized by date in `YYYY/MM/DD/HH` format. For example, there would be a directory like `2023/10/12/13`. That directory would contain the logs from October 12, 2023 at 1300 UTC. The logs are streamed into the bucket with [Amazon Kinesis Data Firehose](https://aws.amazon.com/firehose/).
The logs in the S3 bucket are organized by date in `YYYY/MM/DD/HH` format. For example, a directory named `2023/10/12/13` contains logs from October 12, 2023 at 13:00 UTC. The logs are streamed into the bucket with [Amazon Kinesis Data Firehose](https://aws.amazon.com/firehose/).
<!-- vale gitlab_base.Spelling = YES -->

260
doc/administration/settings/continuous_integration.md
View File

@ -4,14 +4,14 @@ group: Pipeline Execution
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
---
# Continuous Integration and Deployment Admin area settings
# CI/CD Admin area settings
DETAILS:
**Tier:** Free, Premium, Ultimate
**Offering:** Self-managed
The [**Admin** area](index.md) has the instance settings for Auto DevOps, runners, and
job artifacts.
The [**Admin** area](index.md) has the instance settings for CI/CD-related features,
including runners, job artifacts, and the package registry.
## Auto DevOps
@ -25,13 +25,12 @@ for all projects:
which is used for Auto Deploy and Auto Review Apps.
1. Select **Save changes** for the changes to take effect.
From now on, every existing project and newly created ones that don't have a
Every existing project and newly created ones that don't have a
`.gitlab-ci.yml` use the Auto DevOps pipelines.
If you want to disable it for a specific project, you can do so in
[its settings](../../topics/autodevops/index.md#enable-or-disable-auto-devops).
## Runners
## Enable instance runners for new projects
### Enable instance runners for new projects
You can set all new projects to have instance runners available by default.
@ -42,44 +41,7 @@ You can set all new projects to have instance runners available by default.
Any time a new project is created, the instance runners are available.
## Enable runner registrations tokens
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/147559) in GitLab 16.11
WARNING:
The ability to pass a runner registration token, and support for certain configuration arguments was deprecated in GitLab 15.6 and will be removed in GitLab 18.0. Runner authentication tokens should be used instead. For more information, see [Migrating to the new runner registration workflow](../../ci/runners/new_creation_workflow.md).
In GitLab 17.0, the use of runner registration tokens to create runners will be disabled in all GitLab instances.
Users must use runner authentication tokens instead.
If you have not yet [migrated to the use of runner authentication tokens](../../ci/runners/new_creation_workflow.md),
you can enable runner registration tokens. This setting and support for runner registration tokens will be removed in GitLab 18.0.
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Settings > CI/CD**.
1. Expand **Runners**.
1. Select the **Allow runner registration token** checkbox.
## Instance runners compute quota
As an administrator you can set either a global or namespace-specific
limit on the number of [compute minutes](../../ci/pipelines/compute_minutes.md) you can use.
## Enable a project runner for multiple projects
If you have already registered a [project runner](../../ci/runners/runners_scope.md#project-runners)
you can assign that runner to other projects.
To enable a project runner for more than one project:
1. On the left sidebar, at the bottom, select **Admin**.
1. From the left sidebar, select **CI/CD > Runners**.
1. Select the runner you want to edit.
1. In the upper-right corner, select **Edit** (**{pencil}**).
1. Under **Restrict projects for this runner**, search for a project.
1. To the left of the project, select **Enable**.
1. Repeat this process for each additional project.
## Add a message for instance runners
### Add a message for instance runners
To display details about the instance runners in all projects'
runner settings:
@ -97,7 +59,98 @@ To view the rendered details:
![A project's runner settings shows a message about shared runner guidelines.](img/continuous_integration_shared_runner_details_v14_10.png)
## Maximum artifacts size
### Enable a project runner for multiple projects
If you have already registered a [project runner](../../ci/runners/runners_scope.md#project-runners)
you can assign that runner to other projects.
To enable a project runner for more than one project:
1. On the left sidebar, at the bottom, select **Admin**.
1. From the left sidebar, select **CI/CD > Runners**.
1. Select the runner you want to edit.
1. In the upper-right corner, select **Edit** (**{pencil}**).
1. Under **Restrict projects for this runner**, search for a project.
1. To the left of the project, select **Enable**.
1. Repeat this process for each additional project.
### Disable runner version management
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/114041) in GitLab 15.10.
By default, GitLab instances periodically fetch official runner version data from GitLab.com to [determine whether the runners need upgrades](../../ci/runners/runners_scope.md#determine-which-runners-need-to-be-upgraded).
To disable your instance fetching this data:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Settings > CI/CD**.
1. Expand **Runners**.
1. In the **Runner version management** section, clear the **Fetch GitLab Runner release version data from GitLab.com** checkbox.
1. Select **Save changes**.
### Restrict runner registration by all users in an instance
> - [Enabled on GitLab.com and self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/368008) in GitLab 15.5.
GitLab administrators can adjust who is allowed to register runners, by showing and hiding areas of the UI.
This setting does not affect the ability to create a runner from the UI or through an authenticated API call.
When the registration sections are hidden in the UI, members of the project or group must contact administrators to enable runner registration in the group or project. If you plan to prevent registration, ensure users have access to the runners they need to run jobs.
By default, all members of a project and group are able to register runners.
To restrict all users in an instance from registering runners:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Settings > CI/CD**.
1. Expand **Runners**.
1. In the **Runner registration** section, clear the **Members of the project can register runners** and
**Members of the group can register runners** checkboxes to remove runner registration from the UI.
1. Select **Save changes**.
NOTE:
After you disable runner registration by members of a project, the registration
token automatically rotates. The token is no longer valid and you must
use the new registration token for the project.
### Restrict runner registration by all members in a group
Prerequisites:
- Runner registration must be enabled for [all users in the instance](#restrict-runner-registration-by-all-users-in-an-instance).
GitLab administrators can adjust group permissions to restrict runner registration by group members.
To restrict runner registration by members in a specific group:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Overview > Groups** and find your group.
1. Select **Edit**.
1. Clear the **New group runners can be registered** checkbox if you want to disable runner registration by all members in the group. If the setting is read-only, you must enable runner registration for the [instance](#restrict-runner-registration-by-all-users-in-an-instance).
1. Select **Save changes**.
### Allow runner registrations tokens
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/147559) in GitLab 16.11
WARNING:
The ability to pass a runner registration token, and support for certain configuration arguments
was deprecated in GitLab 15.6 and will be removed in GitLab 18.0. Runner authentication tokens should be used instead.
For more information, see [Migrating to the new runner registration workflow](../../ci/runners/new_creation_workflow.md).
In GitLab 17.0, the use of runner registration tokens to create runners will be disabled in all GitLab instances.
Users must use runner authentication tokens instead.
If you have not yet [migrated to the use of runner authentication tokens](../../ci/runners/new_creation_workflow.md),
you can allow runner registration tokens. This setting and support for runner registration tokens will be removed in GitLab 18.0.
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Settings > CI/CD**.
1. Expand **Runners**.
1. Select the **Allow runner registration token** checkbox.
## Artifacts
### Maximum artifacts size
An administrator can set the maximum size of the
[job artifacts](../../administration/cicd/job_artifacts.md) for:
@ -129,7 +182,7 @@ The value is in MB, and the default value is 100 MB per job. An administrator ca
1. Change the value of **Maximum artifacts size** (in MB).
1. Select **Save changes** for the changes to take effect.
## Default artifacts expiration
### Default artifacts expiration
The default expiration time of the [job artifacts](../../administration/cicd/job_artifacts.md)
can be set in the **Admin** area of your GitLab instance. The syntax of duration is
@ -151,7 +204,7 @@ be updated for artifacts created before this setting was changed.
The administrator may need to manually search for and expire previously-created
artifacts, as described in the [troubleshooting documentation](../../administration/cicd/job_artifacts_troubleshooting.md#delete-old-builds-and-artifacts).
## Keep the latest artifacts for all jobs in the latest successful pipelines
### Keep the latest artifacts for all jobs in the latest successful pipelines
When enabled (default), the artifacts of the most recent pipeline for each Git ref
([branches and tags](https://git-scm.com/book/en/v2/Git-Internals-Git-References))
@ -177,6 +230,21 @@ A new pipeline must run before the latest artifacts can expire and be deleted.
NOTE:
All application settings have a [customizable cache expiry interval](../../administration/application_settings_cache.md) which can delay the settings affect.
### Disable the external redirect page for job artifacts
By default, GitLab Pages shows an external redirect page when a user tries to view
a job artifact served by GitLab Pages. This page warns about the potential for
malicious user-generated content, as described in
[issue 352611](https://gitlab.com/gitlab-org/gitlab/-/issues/352611).
Self-managed administrators can disable the external redirect warning page,
so you can view job artifact pages directly:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Settings > CI/CD**.
1. Expand **Continuous Integration and Deployment**.
1. Deselect **Enable the external redirect page for job artifacts**.
## Archive jobs
You can archive old jobs to prevent them from being re-run individually. Archived jobs
@ -252,7 +320,7 @@ from the **Admin** area:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Settings > CI/CD**.
1. Expand the **Continuous Integration and Deployment** section.
<!-- vale gitlab_base.CurrentStatus = NO -->
<!-- vale gitlab_base.CurrentStatus = NO -->
1. In the **CI/CD limits** section, you can set the following limits:
- **Maximum number of jobs in a single pipeline**
- **Total number of jobs in currently active pipelines**
@ -262,37 +330,22 @@ from the **Admin** area:
- **Maximum number of runners registered per group**
- **Maximum number of runners registered per project**
- **Maximum number of downstream pipelines in a pipeline's hierarchy tree**
<!-- vale gitlab_base.CurrentStatus = YES -->
<!-- vale gitlab_base.CurrentStatus = YES -->
## Enable or disable the pipeline suggestion banner
## Disable the pipeline suggestion banner
By default, a banner displays in merge requests with no pipeline suggesting a
walkthrough on how to add one.
![A banner displays guidance on how to get started with GitLab Pipelines.](img/suggest_pipeline_banner_v14_5.png)
To enable or disable the banner:
To disable the banner:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Settings > CI/CD**.
1. Select or clear the **Enable pipeline suggestion banner** checkbox.
1. Clear the **Enable pipeline suggestion banner** checkbox.
1. Select **Save changes**.
## Enable or disable the external redirect page for job artifacts
By default, GitLab Pages shows an external redirect page when a user tries to view
a job artifact served by GitLab Pages. This page warns about the potential for
malicious user-generated content, as described in
[issue 352611](https://gitlab.com/gitlab-org/gitlab/-/issues/352611).
Self-managed administrators can disable the external redirect warning page,
so you can view job artifact pages directly:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Settings > CI/CD**.
1. Expand **Continuous Integration and Deployment**.
1. Deselect **Enable the external redirect page for job artifacts**.
## Required pipeline configuration
DETAILS:
@ -398,74 +451,3 @@ To set the maximum file size:
1. Find the package type you would like to adjust.
1. Enter the maximum file size, in bytes.
1. Select **Save size limits**.
## Restrict runner registration by all users in an instance
> - [Enabled on GitLab.com and self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/368008) in GitLab 15.5.
GitLab administrators can adjust who is allowed to register runners, by showing and hiding areas of the UI.
This setting does not affect the ability to create a runner from the UI or through an authenticated API call.
When the registration sections are hidden in the UI, members of the project or group must contact administrators to enable runner registration in the group or project. If you plan to prevent registration, ensure users have access to the runners they need to run jobs.
By default, all members of a project and group are able to register runners.
To restrict all users in an instance from registering runners:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Settings > CI/CD**.
1. Expand **Runners**.
1. In the **Runner registration** section, clear the **Members of the project can register runners** and
**Members of the group can register runners** checkboxes to remove runner registration from the UI.
1. Select **Save changes**.
NOTE:
After you disable runner registration by members of a project, the registration
token automatically rotates. The token is no longer valid and you must
use the new registration token for the project.
## Restrict runner registration by all members in a group
Prerequisites:
- Runner registration must be enabled for [all users in the instance](#restrict-runner-registration-by-all-users-in-an-instance).
GitLab administrators can adjust group permissions to restrict runner registration by group members.
To restrict runner registration by members in a specific group:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Overview > Groups** and find your group.
1. Select **Edit**.
1. Clear the **New group runners can be registered** checkbox if you want to disable runner registration by all members in the group. If the setting is read-only, you must enable runner registration for the [instance](#restrict-runner-registration-by-all-users-in-an-instance).
1. Select **Save changes**.
## Disable runner version management
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/114041) in GitLab 15.10.
By default, GitLab instances periodically fetch official runner version data from GitLab.com to [determine whether the runners need upgrades](../../ci/runners/runners_scope.md#determine-which-runners-need-to-be-upgraded).
To disable your instance fetching this data:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Settings > CI/CD**.
1. Expand **Runners**.
1. In the **Runner version management** section, clear the **Fetch GitLab Runner release version data from GitLab.com** checkbox.
1. Select **Save changes**.
## Troubleshooting
### `413 Request Entity Too Large` error
If the artifacts are too large, the job might fail with the following error:
```plaintext
Uploading artifacts as "archive" to coordinator... too large archive <job-id> responseStatus=413 Request Entity Too Large status=413" at end of a build job on pipeline when trying to store artifacts to <object-storage>.
```
You might need to:
- Increase the [maximum artifacts size](#maximum-artifacts-size).
- If you are using NGINX as a proxy server, increase the file upload size limit which is limited to 1 MB by default.
Set a higher value for `client-max-body-size` in the NGINX configuration file.

2
doc/administration/troubleshooting/gitlab_rails_cheat_sheet.md
View File

@ -50,7 +50,7 @@ This content has been moved to [Troubleshooting Repository mirroring](../../user
## CI
This content has been moved to [Troubleshooting CI/CD](../cicd/index.md#cicd-troubleshooting-rails-console-commands).
This content has been moved to [CI/CD maintenance](../cicd/maintenance.md).
## License

2
doc/api/repositories.md
View File

@ -20,7 +20,7 @@ be accessed without authentication if the repository is publicly accessible.
This command provides essentially the same features as the `git ls-tree`
command. For more information, refer to the section
[Tree Objects](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects/#_tree_objects)
[Tree Objects](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects.html#_tree_objects)
in the Git internals documentation.
WARNING:

4
doc/ci/runners/new_creation_workflow.md
View File

@ -69,7 +69,7 @@ To avoid a broken workflow, you must:
WARNING:
In GitLab 17.0 and later, runner registration tokens are disabled.
To use stored runner registration tokens to register new runners,
you must [enable the tokens](../../administration/settings/continuous_integration.md#enable-runner-registrations-tokens).
you must [enable the tokens](../../administration/settings/continuous_integration.md#allow-runner-registrations-tokens).
## Using registration tokens after GitLab 17.0
@ -77,7 +77,7 @@ To continue using registration tokens after GitLab 17.0:
- On GitLab.com, you can manually [enable the legacy runner registration process](runners_scope.md#enable-use-of-runner-registration-tokens-in-projects-and-groups)
in the top-level group settings until GitLab 18.0.
- On GitLab self-managed, you can manually [enable the legacy runner registration process](../../administration/settings/continuous_integration.md#enable-runner-registrations-tokens)
- On GitLab self-managed, you can manually [enable the legacy runner registration process](../../administration/settings/continuous_integration.md#allow-runner-registrations-tokens)
in the **Admin** area settings until GitLab 18.0.
## Impact on existing runners

4
doc/ci/runners/runners_scope.md
View File

@ -81,7 +81,7 @@ should be used instead. For more information, see [Migrating to the new runner r
Prerequisites:
- Runner registration tokens must be [enabled](../../administration/settings/continuous_integration.md#enable-runner-registrations-tokens) in the **Admin** area.
- Runner registration tokens must be [enabled](../../administration/settings/continuous_integration.md#allow-runner-registrations-tokens) in the **Admin** area.
- You must be an administrator.
To create an instance runner:
@ -689,7 +689,7 @@ you can enable runner registration tokens for projects and groups. This setting
Prerequisites:
- Runner registration tokens must be [enabled](../../administration/settings/continuous_integration.md#enable-runner-registrations-tokens) in the **Admin** area.
- Runner registration tokens must be [enabled](../../administration/settings/continuous_integration.md#allow-runner-registrations-tokens) in the **Admin** area.
1. On the left sidebar, select **Search or go to** and find your group.
1. Select **Settings > CI/CD**.

2
doc/subscriptions/gitlab_dedicated/index.md
View File

@ -80,7 +80,7 @@ Inside tenant accounts, GitLab leverages Intrusion Detection and Malware Scannin
#### Audit and observability
GitLab Dedicated provides access to [audit and system logs](../../administration/dedicated/configure_instance.md#access-to-application-logs) generated by the application.
GitLab Dedicated provides access to [application logs](../../administration/dedicated/configure_instance.md#application-logs).
### Bring your own domain

54
doc/topics/autodevops/index.md
View File

@ -74,24 +74,20 @@ If you want to build, test, and deploy your app:
Auto DevOps runs pipelines automatically only if a [`Dockerfile` or matching buildpack](stages.md#auto-build) exists.
Depending on your instance type, you can enable or disable Auto DevOps at the
following levels:
You can enable or disable Auto DevOps for a project or an entire group. Instance administrators
can also [set Auto DevOps as the default](../../administration/settings/continuous_integration.md#auto-devops)
for all projects in an instance.
| Instance type | [Project](#per-project) | [Group](#per-group) | [Instance](#per-instance) (**Admin** area) |
|---------------------|------------------------|------------------------|------------------------|
| GitLab SaaS | **{check-circle}** Yes | **{check-circle}** Yes | **{dotted-circle}** No |
| GitLab self-managed | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes |
Before enabling Auto DevOps, consider [preparing it for deployment](requirements.md). If you don't, Auto DevOps can build and test your app,
but cannot deploy it.
Before enabling Auto DevOps, consider [preparing it for deployment](requirements.md).
If you don't, Auto DevOps can build and test your app, but cannot deploy it.
#### Per project
To use Auto DevOps for individual projects, you can enable it in a
project-by-project basis. If you intend to use it for more projects,
you can enable it for a [group](#per-group) or an
[instance](#per-instance). This can save you the time of
enabling it in each project.
[instance](../../administration/settings/continuous_integration.md#auto-devops).
This can save you the time of enabling it in each project.
Prerequisites:
@ -147,42 +143,6 @@ Auto DevOps pipeline for any project that belongs to that group:
1. Select **Build > Pipelines**.
1. To trigger the Auto DevOps pipeline, select **New pipeline**.
#### Per instance
DETAILS:
**Tier:** Free, Premium, Ultimate
**Offering:** Self-managed, GitLab Dedicated
To enable Auto DevOps by default for all projects, you can enable it for the entire instance.
You can still disable Auto DevOps for each group and project
where you don't want to run it.
Even when disabled for an instance, group Owners and project Maintainers
can still enable Auto DevOps for specific groups and projects.
Prerequisites:
- You must be an administrator for the instance.
To enable Auto DevOps for your instance:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Settings > CI/CD**.
1. Expand **Auto DevOps**.
1. Select the **Default to Auto DevOps pipeline** checkbox.
1. Optional. Add the Auto DevOps [base domain](requirements.md#auto-devops-base-domain).
1. Select **Save changes**.
When enabled, Auto DevOps attempts to run pipelines in every project. If the
pipeline fails in a particular project, it disables itself.
GitLab administrators can change this in the [Auto DevOps settings](../../administration/settings/continuous_integration.md#auto-devops).
If a `.gitlab-ci.yml` file is present,
it remains unchanged and Auto DevOps does not affect it.
To disable Auto DevOps for the instance, follow the same process
and clear the **Default to Auto DevOps pipeline** checkbox.
### Deploy your app to a cloud provider
- [Use Auto DevOps to deploy to a Kubernetes cluster on Google Kubernetes Engine (GKE)](cloud_deployments/auto_devops_with_gke.md)

2
doc/topics/git/git_rebase.md
View File

@ -274,11 +274,9 @@ If, after using the `/rebase`
[quick action](../../user/project/quick_actions.md#issues-merge-requests-and-epics),
you see this error, a rebase cannot be scheduled:
<!-- vale gitlab_base.CurrentStatus = NO -->
```plaintext
This merge request is currently in an unmergeable state, and cannot be rebased.
```
<!-- vale gitlab_base.CurrentStatus = YES -->
This error occurs if any of these conditions are true:

34
doc/user/gitlab_com/index.md
View File

@ -207,23 +207,23 @@ Below are the current settings regarding [GitLab CI/CD](../../ci/index.md).
Any settings or feature limits not listed here are using the defaults listed in
the related documentation.
| Setting | GitLab.com | Default (self-managed) |
|----------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------|------------------------|
| Artifacts maximum size (compressed) | 1 GB | See [Maximum artifacts size](../../administration/settings/continuous_integration.md#maximum-artifacts-size). |
| Artifacts [expiry time](../../ci/yaml/index.md#artifactsexpire_in) | From June 22, 2020, deleted after 30 days unless otherwise specified (artifacts created before that date have no expiry). | See [Default artifacts expiration](../../administration/settings/continuous_integration.md#default-artifacts-expiration). |
| Scheduled Pipeline Cron | `*/5 * * * *` | See [Pipeline schedules advanced configuration](../../administration/cicd/index.md#change-maximum-scheduled-pipeline-frequency). |
| Maximum jobs in active pipelines | `500` for Free tier, `1000` for all trial tiers, `20000` for Premium, and `100000` for Ultimate. | See [Number of jobs in active pipelines](../../administration/instance_limits.md#number-of-jobs-in-active-pipelines). |
| Maximum CI/CD subscriptions to a project | `2` | See [Number of CI/CD subscriptions to a project](../../administration/instance_limits.md#number-of-cicd-subscriptions-to-a-project). |
| Maximum number of pipeline triggers in a project | `25000` for all tiers | See [Limit the number of pipeline triggers](../../administration/instance_limits.md#limit-the-number-of-pipeline-triggers). |
| Maximum pipeline schedules in projects | `10` for Free tier, `50` for all paid tiers | See [Number of pipeline schedules](../../administration/instance_limits.md#number-of-pipeline-schedules). |
| Maximum pipelines per schedule | `24` for Free tier, `288` for all paid tiers | See [Limit the number of pipelines created by a pipeline schedule per day](../../administration/instance_limits.md#limit-the-number-of-pipelines-created-by-a-pipeline-schedule-per-day). |
| Maximum number of schedule rules defined for each security policy project | Unlimited for all paid tiers | See [Number of schedule rules defined for each security policy project](../../administration/instance_limits.md#limit-the-number-of-schedule-rules-defined-for-security-policy-project). |
| Scheduled job archiving | 3 months (from June 22, 2020). Jobs created before that date were archived after September 22, 2020. | Never. |
| Maximum test cases per [unit test report](../../ci/testing/unit_test_reports.md) | `500000` | Unlimited. |
| Maximum registered runners | Free tier: `50` per-group / `50` per-project<br/>All paid tiers: `1000` per-group / `1000` per-project | See [Number of registered runners per scope](../../administration/instance_limits.md#number-of-registered-runners-per-scope). |
| Limit of dotenv variables | Free tier: `50` / Premium tier: `100` / Ultimate tier: `150` | See [Limit dotenv variables](../../administration/instance_limits.md#limit-dotenv-variables). |
| Authorization token duration (minutes) | `15` | To set a custom value, in the Rails console, run `ApplicationSetting.last.update(container_registry_token_expire_delay: <integer>)`, where `<integer>` is the desired number of minutes. |
| Maximum downstream pipeline trigger rate (for a given project, user, and commit) | `350` per minute | See [Maximum downstream pipeline trigger rate](../../administration/settings/continuous_integration.md#maximum-downstream-pipeline-trigger-rate). |
| Setting | GitLab.com | Default (self-managed) |
|----------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------|------------------------|
| Artifacts maximum size (compressed) | 1 GB | See [Maximum artifacts size](../../administration/settings/continuous_integration.md#maximum-artifacts-size). |
| Artifacts [expiry time](../../ci/yaml/index.md#artifactsexpire_in) | 30 days unless otherwise specified | See [Default artifacts expiration](../../administration/settings/continuous_integration.md#default-artifacts-expiration). Artifacts created before June 22, 2020 have no expiry. |
| Scheduled Pipeline Cron | `*/5 * * * *` | See [Pipeline schedules advanced configuration](../../administration/cicd/index.md#change-maximum-scheduled-pipeline-frequency). |
| Maximum jobs in active pipelines | `500` for Free tier, `1000` for all trial tiers, `20000` for Premium, and `100000` for Ultimate. | See [Number of jobs in active pipelines](../../administration/instance_limits.md#number-of-jobs-in-active-pipelines). |
| Maximum CI/CD subscriptions to a project | `2` | See [Number of CI/CD subscriptions to a project](../../administration/instance_limits.md#number-of-cicd-subscriptions-to-a-project). |
| Maximum number of pipeline triggers in a project | `25000` | See [Limit the number of pipeline triggers](../../administration/instance_limits.md#limit-the-number-of-pipeline-triggers). |
| Maximum pipeline schedules in projects | `10` for Free tier, `50` for all paid tiers | See [Number of pipeline schedules](../../administration/instance_limits.md#number-of-pipeline-schedules). |
| Maximum pipelines per schedule | `24` for Free tier, `288` for all paid tiers | See [Limit the number of pipelines created by a pipeline schedule per day](../../administration/instance_limits.md#limit-the-number-of-pipelines-created-by-a-pipeline-schedule-per-day). |
| Maximum number of schedule rules defined for each security policy project | Unlimited for all paid tiers | See [Number of schedule rules defined for each security policy project](../../administration/instance_limits.md#limit-the-number-of-schedule-rules-defined-for-security-policy-project). |
| Scheduled job archiving | 3 months | Never. Jobs created before June 22, 2020 were archived after September 22, 2020. |
| Maximum test cases per [unit test report](../../ci/testing/unit_test_reports.md) | `500000` | Unlimited. |
| Maximum registered runners | Free tier: `50` per group and `50` per project<br/>All paid tiers: `1000` per group and `1000` per project | See [Number of registered runners per scope](../../administration/instance_limits.md#number-of-registered-runners-per-scope). |
| Limit of dotenv variables | Free tier: `50`<br>Premium tier: `100`<br>Ultimate tier: `150` | See [Limit dotenv variables](../../administration/instance_limits.md#limit-dotenv-variables). |
| Authorization token duration (minutes) | `15` | To set a custom value, in the Rails console, run `ApplicationSetting.last.update(container_registry_token_expire_delay: <integer>)`, where `<integer>` is the desired number of minutes. |
| Maximum downstream pipeline trigger rate (for a given project, user, and commit) | `350` per minute | See [Maximum downstream pipeline trigger rate](../../administration/settings/continuous_integration.md#maximum-downstream-pipeline-trigger-rate). |
## Package registry limits

4
doc/user/project/settings/import_export_troubleshooting.md
View File

@ -46,8 +46,6 @@ If there are too many users for manual configuration to be feasible,
you can set all user profiles to use a public email address using the
[Rails console](../../../administration/operations/rails_console.md#starting-a-rails-console-session):
<!-- vale gitlab_base.CurrentStatus = NO -->
```ruby
User.where("public_email IS NULL OR public_email = '' ").find_each do |u|
next if u.bot?
@ -58,8 +56,6 @@ User.where("public_email IS NULL OR public_email = '' ").find_each do |u|
end
```
<!-- vale gitlab_base.CurrentStatus = YES -->
## Import workarounds for large repositories
[Maximum import size limitations](import_export.md#import-a-project-and-its-data)

2
lib/gitlab/search_results.rb
View File

@ -181,7 +181,7 @@ module Gitlab
scope = limit_projects
scope = scope.non_archived unless filters[:include_archived]
scope.search(query)
scope.search(query, include_namespace: true, use_minimum_char_limit: false)
end
def issues(finder_params = {})

2
spec/factories/import_export_uploads.rb
View File

@ -2,7 +2,7 @@
FactoryBot.define do
factory :import_export_upload do
project { association(:project) }
project { association(:project) if group.nil? }
user { association(:user) }
export_file { fixture_file_upload('spec/fixtures/group_export.tar.gz') }
end

4
spec/frontend/work_items/mock_data.js
View File

@ -3248,6 +3248,7 @@ export const mockWorkItemNotesByIidResponse = {
},
{
type: 'NOTES',
discussionLocked: false,
discussions: {
pageInfo: {
hasNextPage: true,
@ -3483,6 +3484,7 @@ export const mockMoreWorkItemNotesResponse = {
},
{
type: 'NOTES',
discussionLocked: false,
discussions: {
pageInfo: {
hasNextPage: true,
@ -3840,6 +3842,7 @@ export const mockWorkItemNotesResponseWithComments = (resolved = false) => {
},
{
type: 'NOTES',
discussionLocked: false,
discussions: {
pageInfo: {
hasNextPage: false,
@ -4263,6 +4266,7 @@ export const workItemNotesWithSystemNotesWithChangedDescription = {
},
{
type: 'NOTES',
discussionLocked: false,
discussions: {
pageInfo: {
hasNextPage: false,

39
spec/helpers/search_helper_spec.rb
View File

@ -561,6 +561,14 @@ RSpec.describe SearchHelper, feature_category: :global_search do
expect(projects_autocomplete(search_term).pluck(:id)).to eq([project_2.id])
end
context 'when the search term is Gitlab::Search::Params::MIN_TERM_LENGTH characters long' do
let(:search_term) { 'te' }
it 'returns the project' do
expect(projects_autocomplete(search_term).pluck(:id)).to eq([project_2.id])
end
end
context 'when a project namespace matches the search term but the project does not' do
let_it_be(:group) { create(:group, name: 'test group') }
let_it_be(:project_3) { create(:project, name: 'nothing', namespace: group) }
@ -573,6 +581,37 @@ RSpec.describe SearchHelper, feature_category: :global_search do
expect(projects_autocomplete(search_term).pluck(:id)).to match_array([project_2.id, project_3.id])
end
end
context 'with feature flag autocomplete_projects_use_search_service disabled' do
before do
stub_feature_flags(autocomplete_projects_use_search_service: false)
end
it 'returns the project' do
expect(projects_autocomplete(search_term).pluck(:id)).to eq([project_2.id])
end
context 'when the search term is Gitlab::Search::Params::MIN_TERM_LENGTH characters long' do
let(:search_term) { 'te' }
it 'returns the project' do
expect(projects_autocomplete(search_term).pluck(:id)).to eq([project_2.id])
end
end
context 'when a project namespace matches the search term but the project does not' do
let_it_be(:group) { create(:group, name: 'test group') }
let_it_be(:project_3) { create(:project, name: 'nothing', namespace: group) }
before do
group.add_owner(user)
end
it 'returns all projects matching the term' do
expect(projects_autocomplete(search_term).pluck(:id)).to match_array([project_2.id, project_3.id])
end
end
end
end
end

13
spec/lib/gitlab/database/sharding_key_spec.rb
View File

@ -167,6 +167,8 @@ RSpec.describe 'new tables missing sharding_key', feature_category: :cell do
end
it 'ensures all organization_id columns are not nullable, have no default, and have a foreign key' do
loose_foreign_keys = Gitlab::Database::LooseForeignKeys.definitions.group_by(&:from_table)
sql = <<~SQL
SELECT c.table_name,
CASE WHEN c.column_default IS NOT NULL THEN 'has default' ELSE NULL END,
@ -184,21 +186,16 @@ RSpec.describe 'new tables missing sharding_key', feature_category: :cell do
# To add a table to this list, create an issue under https://gitlab.com/groups/gitlab-org/-/epics/11670.
# Use https://gitlab.com/gitlab-org/gitlab/-/issues/476206 as an example.
work_in_progress = {
"dependency_list_export_parts" => 'https://gitlab.com/gitlab-org/gitlab/-/issues/476207',
"dependency_list_exports" => 'https://gitlab.com/gitlab-org/gitlab/-/issues/476208',
"namespaces" => 'https://gitlab.com/gitlab-org/gitlab/-/issues/476209',
"organization_users" => 'https://gitlab.com/gitlab-org/gitlab/-/issues/476210',
"projects" => 'https://gitlab.com/gitlab-org/gitlab/-/issues/476211',
"push_rules" => 'https://gitlab.com/gitlab-org/gitlab/-/issues/476212',
"raw_usage_data" => 'https://gitlab.com/gitlab-org/gitlab/-/issues/476213',
"sbom_source_packages" => 'https://gitlab.com/gitlab-org/gitlab/-/issues/476214',
"sbom_sources" => 'https://gitlab.com/gitlab-org/gitlab/-/issues/476215',
"snippets" => 'https://gitlab.com/gitlab-org/gitlab/-/issues/476216',
"vulnerability_export_parts" => 'https://gitlab.com/gitlab-org/gitlab/-/issues/476218',
"upcoming_reconciliations" => 'https://gitlab.com/gitlab-org/gitlab/-/issues/476217',
"vulnerability_exports" => 'https://gitlab.com/gitlab-org/gitlab/-/issues/476219',
"personal_access_tokens" => 'https://gitlab.com/gitlab-org/gitlab/-/issues/477750',
"sbom_components" => 'https://gitlab.com/gitlab-org/gitlab/-/issues/469436',
"sbom_component_versions" => 'https://gitlab.com/gitlab-org/gitlab/-/issues/483194',
"subscription_user_add_on_assignments" => "https://gitlab.com/gitlab-org/gitlab/-/issues/480697",
"topics" => 'https://gitlab.com/gitlab-org/gitlab/-/issues/463254',
"oauth_access_tokens" => "https://gitlab.com/gitlab-org/gitlab/-/issues/496717",
@ -206,6 +203,8 @@ RSpec.describe 'new tables missing sharding_key', feature_category: :cell do
"oauth_openid_requests" => "https://gitlab.com/gitlab-org/gitlab/-/issues/496717"
}
has_lfk = ->(lfks) { lfks.any? { |k| k.options[:column] == 'organization_id' && k.to_table == 'organizations' } }
organization_id_columns = ApplicationRecord.connection.select_rows(sql)
violations = organization_id_columns.reject { |column| work_in_progress[column[0]] }
messages = violations.filter_map do |violation|
@ -217,6 +216,8 @@ RSpec.describe 'new tables missing sharding_key', feature_category: :cell do
end
end
violation.delete_at(3) if violation[3] && has_lfk.call(loose_foreign_keys.fetch(violation[0], {}))
" #{violation[0]} - #{violation[1..].compact.join(', ')}" if violation[1..].any?
end

30
spec/lib/gitlab/search_results_spec.rb
View File

@ -276,11 +276,39 @@ RSpec.describe Gitlab::SearchResults, feature_category: :global_search do
let(:query) { 'Test' }
describe 'filtering' do
let_it_be(:group) { create(:group) }
let_it_be(:group) { create(:group, name: 'my-group') }
let_it_be(:unarchived_result) { create(:project, :public, group: group, name: 'Test1') }
let_it_be(:archived_result) { create(:project, :archived, :public, group: group, name: 'Test2') }
it_behaves_like 'search results filtered by archived'
it 'returns the project' do
expect(results.objects('projects')).to eq([unarchived_result])
end
context 'when the query is Gitlab::Search::Params::MIN_TERM_LENGTH characters long' do
let(:query) { 'Te' }
it 'returns the project' do
expect(results.objects('projects')).to eq([unarchived_result])
end
end
context 'when the query is less than Gitlab::Search::Params::MIN_TERM_LENGTH characters long' do
let(:query) { 'T' }
it 'does not return the project' do
expect(results.objects('projects')).not_to eq([unarchived_result])
end
end
context 'when the query does not match the project name but it matches the group name' do
let(:query) { 'group' }
it 'returns the project' do
expect(results.objects('projects')).to eq([unarchived_result])
end
end
end
end

40
spec/migrations/20241010101254_delete_import_export_uploads_without_project_id_or_group_id_spec.rb Normal file
View File

@ -0,0 +1,40 @@
# frozen_string_literal: true
require 'spec_helper'
require_migration!
RSpec.describe DeleteImportExportUploadsWithoutProjectIdOrGroupId, feature_category: :importers do
let!(:namespace) { table(:namespaces).create!(name: 'namespace', path: 'namespace') }
let!(:import_export_uploads_table) { table(:import_export_uploads) }
let!(:project) { table(:projects).create!(namespace_id: namespace.id, project_namespace_id: namespace.id) }
let(:user) do
table(:users).create!(name: 'test', email: 'example.user@gitlab.com', projects_limit: 5)
end
let(:bulk_import) do
table(:bulk_imports).create!(user_id: user.id, source_type: 0, status: 0)
end
let!(:import_export_upload_without_project_or_group) do
import_export_uploads_table.create!(project_id: nil, group_id: nil, remote_import_url: "https://example.gitlab.com")
end
let!(:import_export_upload_with_project) do
import_export_uploads_table.create!(project_id: project.id, remote_import_url: "https://example.gitlab.com")
end
let!(:import_export_upload_with_group) do
import_export_uploads_table.create!(group_id: namespace.id, remote_import_url: "https://example.gitlab.com")
end
describe '#up' do
it 'deletes import_export_uploads without a project_id or group_id' do
migrate!
expect(import_export_uploads_table.where(project_id: nil, group_id: nil)).to be_empty
expect(import_export_uploads_table.where(project_id: project.id)).not_to be_empty
expect(import_export_uploads_table.where(group_id: namespace.id)).not_to be_empty
end
end
end

4
spec/services/ci/job_token_scope/add_group_service_spec.rb
View File

@ -3,13 +3,13 @@
require 'spec_helper'
RSpec.describe Ci::JobTokenScope::AddGroupService, feature_category: :continuous_integration do
let(:service) { described_class.new(project, current_user) }
let_it_be(:project) { create(:project, ci_outbound_job_token_scope_enabled: true).tap(&:save!) }
let_it_be(:target_group) { create(:group, :private) }
let_it_be(:current_user) { create(:user) }
let_it_be(:policies) { %w[read_project read_package] }
let(:service) { described_class.new(project, current_user) }
shared_examples 'adds group' do |_context|
it 'adds the group to the scope', :aggregate_failures do
expect { result }.to change { Ci::JobToken::GroupScopeLink.count }.by(1)

1
spec/services/ci/job_token_scope/remove_group_service_spec.rb
View File

@ -19,6 +19,7 @@ RSpec.describe Ci::JobTokenScope::RemoveGroupService, feature_category: :continu
it 'removes the group from the scope' do
expect do
expect(result).to be_success
expect(result.payload).to eq(link)
end.to change { Ci::JobToken::GroupScopeLink.count }.by(-1)
end
end

1
spec/services/ci/job_token_scope/remove_project_service_spec.rb
View File

@ -18,6 +18,7 @@ RSpec.describe Ci::JobTokenScope::RemoveProjectService, feature_category: :conti
it 'removes the project from the scope' do
expect do
expect(result).to be_success
expect(result.payload).to eq(link)
end.to change { Ci::JobToken::ProjectScopeLink.count }.by(-1)
end
end

2
spec/uploaders/import_export_uploader_spec.rb
View File

@ -5,7 +5,7 @@ require 'spec_helper'
RSpec.describe ImportExportUploader do
let(:model) { build_stubbed(:import_export_upload) }
let(:upload) { create(:upload, model: model) }
let(:import_export_upload) { ImportExportUpload.new }
let(:import_export_upload) { build(:import_export_upload) }
subject { described_class.new(model, :import_file) }