diff --git a/GITLAB_KAS_VERSION b/GITLAB_KAS_VERSION index 58221198648..3133cce81ba 100644 --- a/GITLAB_KAS_VERSION +++ b/GITLAB_KAS_VERSION @@ -1 +1 @@ -d640111e807a3551540e72a1b79b381f33b9105b +fc8928109f97c8239cde31aafc11c6b84bbd24c3 diff --git a/app/assets/javascripts/work_items/graphql/notes/work_item_notes_by_iid.query.graphql b/app/assets/javascripts/work_items/graphql/notes/work_item_notes_by_iid.query.graphql index 1c629821c04..8e71b4813ad 100644 --- a/app/assets/javascripts/work_items/graphql/notes/work_item_notes_by_iid.query.graphql +++ b/app/assets/javascripts/work_items/graphql/notes/work_item_notes_by_iid.query.graphql @@ -13,6 +13,7 @@ query workItemNotesByIid($fullPath: ID!, $iid: String!, $after: String, $pageSiz widgets { ... on WorkItemWidgetNotes { type + discussionLocked discussions(first: $pageSize, after: $after, filter: ALL_NOTES) { pageInfo { ...PageInfo diff --git a/app/helpers/search_helper.rb b/app/helpers/search_helper.rb index 23ae23409df..165374f6090 100644 --- a/app/helpers/search_helper.rb +++ b/app/helpers/search_helper.rb @@ -365,8 +365,14 @@ module SearchHelper # Autocomplete results for the current user's projects def projects_autocomplete(term, limit = 5) - current_user.authorized_projects.order_id_desc.search(term, include_namespace: true, use_minimum_char_limit: false) - .sorted_by_stars_desc.non_archived.limit(limit).map do |p| + projects = if Feature.enabled?(:autocomplete_projects_use_search_service, current_user) + search_using_search_service(current_user, 'projects', term, limit) + else + current_user.authorized_projects.order_id_desc.search(term, include_namespace: true, use_minimum_char_limit: false) + .sorted_by_stars_desc.non_archived.limit(limit) + end + + projects.map do |p| { category: "Projects", id: p.id, @@ -385,10 +391,7 @@ module SearchHelper return [] end - ::SearchService - .new(current_user, { scope: 'users', per_page: limit, search: term }) - .search_objects - .map do |user| + search_using_search_service(current_user, 'users', term, limit).map do |user| { category: "Users", id: user.id, @@ -603,6 +606,14 @@ module SearchHelper def wiki_blob_link(wiki_blob) project_wiki_path(wiki_blob.project, wiki_blob.basename) end + + def search_using_search_service(user, scope, term, limit, additional_params = {}) + params = { scope: scope, search: term }.merge(additional_params) + ::SearchService + .new(user, params) + .search_objects + .first(limit) + end end SearchHelper.prepend_mod_with('SearchHelper') diff --git a/app/models/namespace.rb b/app/models/namespace.rb index 27bd3e83354..43afde16e77 100644 --- a/app/models/namespace.rb +++ b/app/models/namespace.rb @@ -159,7 +159,7 @@ class Namespace < ApplicationRecord validate :parent_organization_match, if: :require_organization? attribute :organization_id, :integer, default: -> do - return 1 if Feature.enabled?(:namespace_model_default_org) + return 1 if Feature.enabled?(:namespace_model_default_org, Feature.current_request) columns_hash['organization_id'].default end diff --git a/app/services/ci/job_token_scope/remove_group_service.rb b/app/services/ci/job_token_scope/remove_group_service.rb index aef9742c7ff..30c7d27e564 100644 --- a/app/services/ci/job_token_scope/remove_group_service.rb +++ b/app/services/ci/job_token_scope/remove_group_service.rb @@ -14,7 +14,7 @@ module Ci return ServiceResponse.error(message: 'Target group is not in the job token scope') unless link if link.destroy - ServiceResponse.success + ServiceResponse.success(payload: link) else ServiceResponse.error(message: link.errors.full_messages.to_sentence, payload: { group_link: link }) end diff --git a/app/services/ci/job_token_scope/remove_project_service.rb b/app/services/ci/job_token_scope/remove_project_service.rb index eddd4d79484..ae94090f4f6 100644 --- a/app/services/ci/job_token_scope/remove_project_service.rb +++ b/app/services/ci/job_token_scope/remove_project_service.rb @@ -21,7 +21,7 @@ module Ci end if link.destroy - ServiceResponse.success + ServiceResponse.success(payload: link) else ServiceResponse.error(message: link.errors.full_messages.to_sentence, payload: { project_link: link }) end diff --git a/config/feature_flags/gitlab_com_derisk/autocomplete_projects_use_search_service.yml b/config/feature_flags/gitlab_com_derisk/autocomplete_projects_use_search_service.yml new file mode 100644 index 00000000000..8c81783ba88 --- /dev/null +++ b/config/feature_flags/gitlab_com_derisk/autocomplete_projects_use_search_service.yml @@ -0,0 +1,9 @@ +--- +name: autocomplete_projects_use_search_service +feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/472011 +introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/169425 +rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/499540 +milestone: '17.6' +group: group::global search +type: gitlab_com_derisk +default_enabled: false diff --git a/db/docs/batched_background_migrations/backfill_packages_nuget_symbols_project_id.yml b/db/docs/batched_background_migrations/backfill_packages_nuget_symbols_project_id.yml index cf0e3234b2e..ffd7d4fa978 100644 --- a/db/docs/batched_background_migrations/backfill_packages_nuget_symbols_project_id.yml +++ b/db/docs/batched_background_migrations/backfill_packages_nuget_symbols_project_id.yml @@ -3,6 +3,6 @@ migration_job_name: BackfillPackagesNugetSymbolsProjectId description: Populates the `project_id` column of `packages_nuget_symbols` table from the `packages_packages` table feature_category: package_registry introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/166743 -milestone: '17.5' +milestone: '17.6' queued_migration_version: 20240911173549 finalized_by: # version of the migration that finalized this BBM diff --git a/db/docs/batched_background_migrations/delete_orphaned_deploy_tokens.yml b/db/docs/batched_background_migrations/delete_orphaned_deploy_tokens.yml index c93f23e9f55..295102e6021 100644 --- a/db/docs/batched_background_migrations/delete_orphaned_deploy_tokens.yml +++ b/db/docs/batched_background_migrations/delete_orphaned_deploy_tokens.yml @@ -5,4 +5,4 @@ feature_category: continuous_delivery introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/162957 milestone: '17.4' queued_migration_version: 20240814025044 -finalized_by: # version of the migration that finalized this BBM +finalized_by: 20241016215438 diff --git a/db/docs/import_export_uploads.yml b/db/docs/import_export_uploads.yml index 0928c4e2ae0..72bd5416181 100644 --- a/db/docs/import_export_uploads.yml +++ b/db/docs/import_export_uploads.yml @@ -8,5 +8,7 @@ description: Used to store the location of the imported or exported archives fil of groups or projects when using the feature Import/Export introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/commit/a2bf1641546a1d3eeb3e9f44734854f655c0adef milestone: '11.1' -gitlab_schema: gitlab_main -sharding_key_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/463854 +gitlab_schema: gitlab_main_cell +sharding_key: + project_id: projects + group_id: namespaces diff --git a/db/migrate/20240911173251_add_project_id_to_packages_nuget_symbols.rb b/db/migrate/20240911173251_add_project_id_to_packages_nuget_symbols.rb index 281ac95848c..0ef9524648d 100644 --- a/db/migrate/20240911173251_add_project_id_to_packages_nuget_symbols.rb +++ b/db/migrate/20240911173251_add_project_id_to_packages_nuget_symbols.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true class AddProjectIdToPackagesNugetSymbols < Gitlab::Database::Migration[2.2] - milestone '17.5' + milestone '17.6' def change add_column :packages_nuget_symbols, :project_id, :bigint diff --git a/db/post_migrate/20240911173549_queue_backfill_packages_nuget_symbols_project_id.rb b/db/post_migrate/20240911173549_queue_backfill_packages_nuget_symbols_project_id.rb index e04ff1e82da..850f1396878 100644 --- a/db/post_migrate/20240911173549_queue_backfill_packages_nuget_symbols_project_id.rb +++ b/db/post_migrate/20240911173549_queue_backfill_packages_nuget_symbols_project_id.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true class QueueBackfillPackagesNugetSymbolsProjectId < Gitlab::Database::Migration[2.2] - milestone '17.5' + milestone '17.6' disable_ddl_transaction restrict_gitlab_migration gitlab_schema: :gitlab_main diff --git a/db/post_migrate/20240920141026_add_index_on_project_id_to_packages_nuget_symbols.rb b/db/post_migrate/20240920141026_add_index_on_project_id_to_packages_nuget_symbols.rb index a12856a5b5c..6d41c53f985 100644 --- a/db/post_migrate/20240920141026_add_index_on_project_id_to_packages_nuget_symbols.rb +++ b/db/post_migrate/20240920141026_add_index_on_project_id_to_packages_nuget_symbols.rb @@ -2,7 +2,7 @@ class AddIndexOnProjectIdToPackagesNugetSymbols < Gitlab::Database::Migration[2.2] disable_ddl_transaction! - milestone '17.5' + milestone '17.6' INDEX_NAME = :index_packages_nuget_symbols_on_project_id diff --git a/db/post_migrate/20241008163123_add_project_id_not_null_constraint_to_ci_stages.rb b/db/post_migrate/20241008163123_add_project_id_not_null_constraint_to_ci_stages.rb new file mode 100644 index 00000000000..db1f8cb25d5 --- /dev/null +++ b/db/post_migrate/20241008163123_add_project_id_not_null_constraint_to_ci_stages.rb @@ -0,0 +1,19 @@ +# frozen_string_literal: true + +class AddProjectIdNotNullConstraintToCiStages < Gitlab::Database::Migration[2.2] + milestone '17.6' + + disable_ddl_transaction! + + TABLE_NAME = :p_ci_stages + COLUMN_NAME = :project_id + CONSTRAINT_NAME = :check_74835fc631 + + def up + add_not_null_constraint(TABLE_NAME, COLUMN_NAME, constraint_name: CONSTRAINT_NAME, validate: false) + end + + def down + remove_not_null_constraint(TABLE_NAME, COLUMN_NAME, constraint_name: CONSTRAINT_NAME) + end +end diff --git a/db/post_migrate/20241008181924_prepare_project_id_not_null_validation_on_ci_stages.rb b/db/post_migrate/20241008181924_prepare_project_id_not_null_validation_on_ci_stages.rb new file mode 100644 index 00000000000..7baeb21a201 --- /dev/null +++ b/db/post_migrate/20241008181924_prepare_project_id_not_null_validation_on_ci_stages.rb @@ -0,0 +1,16 @@ +# frozen_string_literal: true + +class PrepareProjectIdNotNullValidationOnCiStages < Gitlab::Database::Migration[2.2] + milestone '17.6' + + PARTITIONED_TABLE_NAME = :p_ci_stages + CONSTRAINT_NAME = 'check_74835fc631' + + def up + prepare_partitioned_async_check_constraint_validation PARTITIONED_TABLE_NAME, name: CONSTRAINT_NAME + end + + def down + unprepare_partitioned_async_check_constraint_validation PARTITIONED_TABLE_NAME, name: CONSTRAINT_NAME + end +end diff --git a/db/post_migrate/20241010101254_delete_import_export_uploads_without_project_id_or_group_id.rb b/db/post_migrate/20241010101254_delete_import_export_uploads_without_project_id_or_group_id.rb new file mode 100644 index 00000000000..4881cb74c98 --- /dev/null +++ b/db/post_migrate/20241010101254_delete_import_export_uploads_without_project_id_or_group_id.rb @@ -0,0 +1,17 @@ +# frozen_string_literal: true + +class DeleteImportExportUploadsWithoutProjectIdOrGroupId < Gitlab::Database::Migration[2.2] + milestone '17.6' + + restrict_gitlab_migration gitlab_schema: :gitlab_main + + def up + define_batchable_model('import_export_uploads').each_batch(of: 10_000) do |batch| + batch.where('project_id IS NULL AND group_id IS NULL').delete_all + end + end + + def down + # no-op + end +end diff --git a/db/post_migrate/20241010101414_add_multi_not_null_constraint_to_import_export_upload.rb b/db/post_migrate/20241010101414_add_multi_not_null_constraint_to_import_export_upload.rb new file mode 100644 index 00000000000..7cd5386376e --- /dev/null +++ b/db/post_migrate/20241010101414_add_multi_not_null_constraint_to_import_export_upload.rb @@ -0,0 +1,15 @@ +# frozen_string_literal: true + +class AddMultiNotNullConstraintToImportExportUpload < Gitlab::Database::Migration[2.2] + milestone '17.6' + + disable_ddl_transaction! + + def up + add_multi_column_not_null_constraint(:import_export_uploads, :group_id, :project_id) + end + + def down + remove_multi_column_not_null_constraint(:import_export_uploads, :group_id, :project_id) + end +end diff --git a/db/post_migrate/20241016215438_finalize_delete_orphaned_deploy_tokens.rb b/db/post_migrate/20241016215438_finalize_delete_orphaned_deploy_tokens.rb new file mode 100644 index 00000000000..21c591cef2b --- /dev/null +++ b/db/post_migrate/20241016215438_finalize_delete_orphaned_deploy_tokens.rb @@ -0,0 +1,21 @@ +# frozen_string_literal: true + +class FinalizeDeleteOrphanedDeployTokens < Gitlab::Database::Migration[2.2] + disable_ddl_transaction! + restrict_gitlab_migration gitlab_schema: :gitlab_main + + milestone '17.6' + + def up + ensure_batched_background_migration_is_finished( + job_class_name: 'DeleteOrphanedDeployTokens', + table_name: :deploy_tokens, + column_name: :id, + job_arguments: [] + ) + end + + def down + # no-op + end +end diff --git a/db/schema_migrations/20241008163123 b/db/schema_migrations/20241008163123 new file mode 100644 index 00000000000..29963b744d5 --- /dev/null +++ b/db/schema_migrations/20241008163123 @@ -0,0 +1 @@ +04ec88c92b45d6e2db902b5bb057b6a0de08b8920ba10ee8dc7e6e89b29c930a \ No newline at end of file diff --git a/db/schema_migrations/20241008181924 b/db/schema_migrations/20241008181924 new file mode 100644 index 00000000000..8d57dd48320 --- /dev/null +++ b/db/schema_migrations/20241008181924 @@ -0,0 +1 @@ +6f21a5069492944edbd966dfced73fa62b68a65c2c234b4ae673e2d7b25265cb \ No newline at end of file diff --git a/db/schema_migrations/20241010101254 b/db/schema_migrations/20241010101254 new file mode 100644 index 00000000000..88fccf740cd --- /dev/null +++ b/db/schema_migrations/20241010101254 @@ -0,0 +1 @@ +13eb17b6a07fcff6a68834c7544418ac9615aff61e059d2fd782e144e5b76653 \ No newline at end of file diff --git a/db/schema_migrations/20241010101414 b/db/schema_migrations/20241010101414 new file mode 100644 index 00000000000..dd0f8772c1b --- /dev/null +++ b/db/schema_migrations/20241010101414 @@ -0,0 +1 @@ +21a33cd460df6d4f02a040603e9c5ad0fbd02f01aae1a6c48bdd3cca21c426b1 \ No newline at end of file diff --git a/db/schema_migrations/20241016215438 b/db/schema_migrations/20241016215438 new file mode 100644 index 00000000000..3a4ae986da9 --- /dev/null +++ b/db/schema_migrations/20241016215438 @@ -0,0 +1 @@ +7f9ae96c208be20b969cb6f4706bc8db36b1693ef6a1a8a72e8d645f6db34d79 \ No newline at end of file diff --git a/db/structure.sql b/db/structure.sql index 86a565b1e9e..8ab23026441 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -12295,7 +12295,8 @@ CREATE TABLE import_export_uploads ( group_id bigint, remote_import_url text, user_id bigint, - CONSTRAINT check_58f0d37481 CHECK ((char_length(remote_import_url) <= 2048)) + CONSTRAINT check_58f0d37481 CHECK ((char_length(remote_import_url) <= 2048)), + CONSTRAINT check_e54579866d CHECK ((num_nonnulls(group_id, project_id) = 1)) ); CREATE SEQUENCE import_export_uploads_id_seq @@ -24190,6 +24191,9 @@ ALTER TABLE ci_job_variables ALTER TABLE p_ci_pipeline_variables ADD CONSTRAINT check_6e932dbabf CHECK ((project_id IS NOT NULL)) NOT VALID; +ALTER TABLE p_ci_stages + ADD CONSTRAINT check_74835fc631 CHECK ((project_id IS NOT NULL)) NOT VALID; + ALTER TABLE sprints ADD CONSTRAINT check_ccd8a1eae0 CHECK ((start_date IS NOT NULL)) NOT VALID; diff --git a/doc/administration/cicd/index.md b/doc/administration/cicd/index.md index 26560cc5e04..a00d18ef15e 100644 --- a/doc/administration/cicd/index.md +++ b/doc/administration/cicd/index.md @@ -116,110 +116,9 @@ balanced across many projects. ### Disable compute quota enforcement -To disable the enforcement of [compute quotas](../../ci/pipelines/compute_minutes.md) on instance runners, you can temporarily +To disable the enforcement of [compute minutes quotas](compute_minutes.md) on instance runners, you can temporarily enable the `ci_queueing_disaster_recovery_disable_quota` [feature flag](../feature_flags.md). This flag reduces system resource usage on the `jobs/request` endpoint. When enabled, jobs created in the last hour can run in projects which are out of quota. Earlier jobs are already canceled by a periodic background worker (`StuckCiJobsWorker`). - -## CI/CD troubleshooting Rails console commands - -The following commands are run in the [Rails console](../operations/rails_console.md#starting-a-rails-console-session). - -WARNING: -Any command that changes data directly could be damaging if not run correctly, or under the right conditions. -We highly recommend running them in a test environment with a backup of the instance ready to be restored, just in case. - -### Cancel all running pipelines and their jobs - -```ruby -admin = User.find(user_id) # replace user_id with the id of the admin you want to cancel the pipeline -# Iterate over each cancelable pipeline -Ci::Pipeline.cancelable.find_each do |pipeline| - Ci::CancelPipelineService.new( - pipeline: pipeline, - current_user: user, - cascade_to_children: false # the children are included in the outer loop - ) -end -``` - -### Cancel stuck pending pipelines - -```ruby -project = Project.find_by_full_path('') -Ci::Pipeline.where(project_id: project.id).where(status: 'pending').count -Ci::Pipeline.where(project_id: project.id).where(status: 'pending').each {|p| p.cancel if p.stuck?} -Ci::Pipeline.where(project_id: project.id).where(status: 'pending').count -``` - -### Try merge request integration - -```ruby -project = Project.find_by_full_path('') -mr = project.merge_requests.find_by(iid: ) -mr.project.try(:ci_integration) -``` - -### Validate the `.gitlab-ci.yml` file - -```ruby -project = Project.find_by_full_path('') -content = p.ci_config_for(project.repository.root_ref_sha) -Gitlab::Ci::Lint.new(project: project, current_user: User.first).validate(content) -``` - -### Disable AutoDevOps on Existing Projects - -```ruby -Project.all.each do |p| - p.auto_devops_attributes={"enabled"=>"0"} - p.save -end -``` - -### Obtain runners registration token - -WARNING: -The ability to pass a runner registration token, and support for certain configuration arguments, was -[deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/380872) in GitLab 15.6 and is planned for removal -in GitLab 18.0. Runner authentication tokens should be used instead. For more information, see -[Migrating to the new runner registration workflow](../../ci/runners/new_creation_workflow.md). - -Prerequisites: - -- Runner registration tokens must be [enabled](../settings/continuous_integration.md#enable-runner-registrations-tokens) in the **Admin** area. - -```ruby -Gitlab::CurrentSettings.current_application_settings.runners_registration_token -``` - -### Seed runners registration token - -WARNING: -The ability to pass a runner registration token, and support for certain configuration arguments, was -[deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/380872) in GitLab 15.6 and is planned for removal -in GitLab 18.0. Runner authentication tokens should be used instead. For more information, see -[Migrating to the new runner registration workflow](../../ci/runners/new_creation_workflow.md). - -```ruby -appSetting = Gitlab::CurrentSettings.current_application_settings -appSetting.set_runners_registration_token('') -appSetting.save! -``` - -### Run pipeline schedules manually - -You can run pipeline schedules manually through the Rails console to reveal any errors that are usually not visible. - -```ruby -# schedule_id can be obtained from Edit Pipeline Schedule page -schedule = Ci::PipelineSchedule.find_by(id: ) - -# Select the user that you want to run the schedule for -user = User.find_by_username('') - -# Run the schedule -ps = Ci::CreatePipelineService.new(schedule.project, user, ref: schedule.ref).execute!(:schedule, ignore_skip_ci: true, save_on_errors: false, schedule: schedule) -``` diff --git a/doc/administration/cicd/job_artifacts_troubleshooting.md b/doc/administration/cicd/job_artifacts_troubleshooting.md index d673e4bf2e6..d4d3bf36f3b 100644 --- a/doc/administration/cicd/job_artifacts_troubleshooting.md +++ b/doc/administration/cicd/job_artifacts_troubleshooting.md @@ -248,7 +248,9 @@ To change the number of job artifacts listed, change the number in `limit(50)`. ### Delete old builds and artifacts WARNING: -These commands remove data permanently from database and storage. Before running them, we highly recommend seeking guidance from a Support Engineer, or running them in a test environment with a backup of the instance ready to be restored, just in case. +These commands remove data permanently. Before running them in a production environment, +you should try them in a test environment first and make a backup of the instance +that can be restored if needed. #### Delete old artifacts for a project @@ -355,6 +357,48 @@ Rerun the deletion with shorter durations as needed, for example `3.months.ago`, The method `erase_erasable_artifacts!` is synchronous, and upon execution the artifacts are immediately removed; they are not scheduled by a background queue. +### Delete old pipelines + +WARNING: +These commands remove data permanently. Before running them in a production environment, +consider seeking guidance from a Support Engineer. You should also try them in a test environment first +and make a backup of the instance that can be restored if needed. + +Deleting a pipeline also removes that pipeline's: + +- Job artifacts +- Job logs +- Job metadata +- Pipeline metadata + +Removing job and pipeline metadata can help reduce the size of the CI tables in the database. +The CI tables are usually the largest tables in an instance's database. + +#### Delete old pipelines for a project + +```ruby +project = Project.find_by_full_path('path/to/project') +user = User.find(1) +project.ci_pipelines.where("finished_at < ?", 1.year.ago).each_batch do |batch| + batch.each do |pipeline| + puts "Erasing pipeline #{pipeline.id}" + ::Ci::DestroyPipelineService.new(pipeline.project, user).execute(pipeline) + end +end +``` + +#### Delete old pipelines instance-wide + +```ruby +user = User.find(1) +Ci::Pipeline.where("finished_at < ?", 1.year.ago).each_batch do |batch| + batch.each do |pipeline| + puts "Erasing pipeline #{pipeline.id} for project #{pipeline.project_id}" + ::Ci::DestroyPipelineService.new(pipeline.project, user).execute(pipeline) + end +end +``` + ## Job artifact upload fails with error 500 If you are using object storage for artifacts and a job artifact fails to upload, @@ -546,3 +590,17 @@ sequenceDiagram W->>C: 401 Unauthorized end ``` + +## `413 Request Entity Too Large` error + +If the artifacts are too large, the job might fail with the following error: + +```plaintext +Uploading artifacts as "archive" to coordinator... too large archive responseStatus=413 Request Entity Too Large status=413" at end of a build job on pipeline when trying to store artifacts to . +``` + +You might need to: + +- Increase the [maximum artifacts size](../settings/continuous_integration.md#maximum-artifacts-size). +- If you are using NGINX as a proxy server, increase the file upload size limit which is limited to 1 MB by default. + Set a higher value for `client-max-body-size` in the NGINX configuration file. diff --git a/doc/administration/cicd/maintenance.md b/doc/administration/cicd/maintenance.md new file mode 100644 index 00000000000..c59b211cda5 --- /dev/null +++ b/doc/administration/cicd/maintenance.md @@ -0,0 +1,114 @@ +--- +stage: Verify +group: Pipeline Execution +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +--- + +# CI/CD maintenance console commands + +DETAILS: +**Tier:** Free, Premium, Ultimate +**Offering:** Self-managed + +The following commands are run in the [Rails console](../operations/rails_console.md#starting-a-rails-console-session). + +WARNING: +Any command that changes data directly could be damaging if not run correctly, or under the right conditions. +We highly recommend running them in a test environment with a backup of the instance ready to be restored, just in case. + +## Cancel all running pipelines and their jobs + +```ruby +admin = User.find(user_id) # replace user_id with the id of the admin you want to cancel the pipeline +# Iterate over each cancelable pipeline +Ci::Pipeline.cancelable.find_each do |pipeline| + Ci::CancelPipelineService.new( + pipeline: pipeline, + current_user: user, + cascade_to_children: false # the children are included in the outer loop + ) +end +``` + +## Cancel stuck pending pipelines + +```ruby +project = Project.find_by_full_path('') +Ci::Pipeline.where(project_id: project.id).where(status: 'pending').count +Ci::Pipeline.where(project_id: project.id).where(status: 'pending').each {|p| p.cancel if p.stuck?} +Ci::Pipeline.where(project_id: project.id).where(status: 'pending').count +``` + +## Try merge request integration + +```ruby +project = Project.find_by_full_path('') +mr = project.merge_requests.find_by(iid: ) +mr.project.try(:ci_integration) +``` + +## Validate the `.gitlab-ci.yml` file + +```ruby +project = Project.find_by_full_path('') +content = p.ci_config_for(project.repository.root_ref_sha) +Gitlab::Ci::Lint.new(project: project, current_user: User.first).validate(content) +``` + +## Disable AutoDevOps on Existing Projects + +```ruby +Project.all.each do |p| + p.auto_devops_attributes={"enabled"=>"0"} + p.save +end +``` + +## Run pipeline schedules manually + +You can run pipeline schedules manually through the Rails console to reveal any errors that are usually not visible. + +```ruby +# schedule_id can be obtained from Edit Pipeline Schedule page +schedule = Ci::PipelineSchedule.find_by(id: ) + +# Select the user that you want to run the schedule for +user = User.find_by_username('') + +# Run the schedule +ps = Ci::CreatePipelineService.new(schedule.project, user, ref: schedule.ref).execute!(:schedule, ignore_skip_ci: true, save_on_errors: false, schedule: schedule) +``` + + + +## Obtain runners registration token (deprecated) + +WARNING: +The ability to pass a runner registration token, and support for certain configuration arguments, was +[deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/380872) in GitLab 15.6 and is planned for removal +in GitLab 18.0. Runner authentication tokens should be used instead. For more information, see +[Migrating to the new runner registration workflow](../../ci/runners/new_creation_workflow.md). + +Prerequisites: + +- Runner registration tokens must be [enabled](../settings/continuous_integration.md#allow-runner-registrations-tokens) in the **Admin** area. + +```ruby +Gitlab::CurrentSettings.current_application_settings.runners_registration_token +``` + +## Seed runners registration token (deprecated) + +WARNING: +The ability to pass a runner registration token, and support for certain configuration arguments, was +[deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/380872) in GitLab 15.6 and is planned for removal +in GitLab 18.0. Runner authentication tokens should be used instead. For more information, see +[Migrating to the new runner registration workflow](../../ci/runners/new_creation_workflow.md). + +```ruby +appSetting = Gitlab::CurrentSettings.current_application_settings +appSetting.set_runners_registration_token('') +appSetting.save! +``` + + \ No newline at end of file diff --git a/doc/administration/dedicated/configure_instance.md b/doc/administration/dedicated/configure_instance.md index f035494621d..f0f76f900c5 100644 --- a/doc/administration/dedicated/configure_instance.md +++ b/doc/administration/dedicated/configure_instance.md @@ -438,25 +438,30 @@ Switchboard Tenant Admins can also manage email notifications for other users wi You will see an alert confirming that your notification preferences have been updated. -### Access to application logs +### Application logs -GitLab [application logs](../../administration/logs/index.md) are delivered to an S3 bucket in the GitLab tenant account, which can be shared with you. Logs stored in the S3 bucket are retained indefinitely, until the 1 year retention policy is fully enforced. GitLab team members can view more information in this confidential issue: -`https://gitlab.com/gitlab-com/gl-infra/gitlab-dedicated/team/-/issues/483`. +GitLab delivers [application logs](../../administration/logs/index.md) to an Amazon S3 bucket in the GitLab tenant account, which can be shared with you. -To gain read only access to this bucket: +Logs stored in the S3 bucket are retained indefinitely, until the one year retention policy is fully enforced. GitLab team members can view more information in confidential issue [483](https://gitlab.com/gitlab-com/gl-infra/gitlab-dedicated/team/-/issues/483). -1. Open a [support ticket](https://support.gitlab.com/hc/en-us/requests/new?ticket_form_id=4414917877650) with the title "Customer Log Access". In the body of the ticket, include a list of IAM Principal ARNs (users or roles) that are fetching the logs from S3. -1. GitLab then informs you of the name of the S3 bucket. Your nominated users/roles are then able to list and get all objects in the S3 bucket. +#### Request bucket access -You can use the [AWS CLI](https://aws.amazon.com/cli/) to verify that access to the S3 bucket works as expected. +To gain read only access to the S3 bucket with your application logs: + +1. Open a [support ticket](https://support.gitlab.com/hc/en-us/requests/new?ticket_form_id=4414917877650) with the title `Customer Log Access`. +1. In the body of the ticket, include a list of IAM Principal Amazon Resource Names (users or roles) that require access to the logs from the S3 bucket. + +GitLab provides the name of the S3 bucket. Your authorized users or roles can then access all objects in the bucket. To verify access, you can use the [AWS CLI](https://aws.amazon.com/cli/). #### Bucket contents and structure -The S3 bucket contains a combination of **infrastructure logs** and **application logs** from the GitLab [log system](../../administration/logs/index.md). The logs in the bucket are encrypted using an AWS KMS key that is managed by GitLab. If you choose to enable [BYOK](../../administration/dedicated/create_instance.md#encrypted-data-at-rest-byok), the application logs are not encrypted with the key you provide. +The Amazon S3 bucket contains a combination of infrastructure logs and application logs from the GitLab [log system](../../administration/logs/index.md). + +The logs in the bucket are encrypted using an AWS KMS key managed by GitLab. If you choose to enable [BYOK](../../administration/dedicated/create_instance.md#encrypted-data-at-rest-byok), the application logs are not encrypted with the key you provide. -The logs in the S3 bucket are organized by date in `YYYY/MM/DD/HH` format. For example, there would be a directory like `2023/10/12/13`. That directory would contain the logs from October 12, 2023 at 1300 UTC. The logs are streamed into the bucket with [Amazon Kinesis Data Firehose](https://aws.amazon.com/firehose/). +The logs in the S3 bucket are organized by date in `YYYY/MM/DD/HH` format. For example, a directory named `2023/10/12/13` contains logs from October 12, 2023 at 13:00 UTC. The logs are streamed into the bucket with [Amazon Kinesis Data Firehose](https://aws.amazon.com/firehose/). diff --git a/doc/administration/settings/continuous_integration.md b/doc/administration/settings/continuous_integration.md index ab086aa8eeb..0c57cbb74fc 100644 --- a/doc/administration/settings/continuous_integration.md +++ b/doc/administration/settings/continuous_integration.md @@ -4,14 +4,14 @@ group: Pipeline Execution info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments --- -# Continuous Integration and Deployment Admin area settings +# CI/CD Admin area settings DETAILS: **Tier:** Free, Premium, Ultimate **Offering:** Self-managed -The [**Admin** area](index.md) has the instance settings for Auto DevOps, runners, and -job artifacts. +The [**Admin** area](index.md) has the instance settings for CI/CD-related features, +including runners, job artifacts, and the package registry. ## Auto DevOps @@ -25,13 +25,12 @@ for all projects: which is used for Auto Deploy and Auto Review Apps. 1. Select **Save changes** for the changes to take effect. -From now on, every existing project and newly created ones that don't have a +Every existing project and newly created ones that don't have a `.gitlab-ci.yml` use the Auto DevOps pipelines. -If you want to disable it for a specific project, you can do so in -[its settings](../../topics/autodevops/index.md#enable-or-disable-auto-devops). +## Runners -## Enable instance runners for new projects +### Enable instance runners for new projects You can set all new projects to have instance runners available by default. @@ -42,44 +41,7 @@ You can set all new projects to have instance runners available by default. Any time a new project is created, the instance runners are available. -## Enable runner registrations tokens - -> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/147559) in GitLab 16.11 - -WARNING: -The ability to pass a runner registration token, and support for certain configuration arguments was deprecated in GitLab 15.6 and will be removed in GitLab 18.0. Runner authentication tokens should be used instead. For more information, see [Migrating to the new runner registration workflow](../../ci/runners/new_creation_workflow.md). - -In GitLab 17.0, the use of runner registration tokens to create runners will be disabled in all GitLab instances. -Users must use runner authentication tokens instead. -If you have not yet [migrated to the use of runner authentication tokens](../../ci/runners/new_creation_workflow.md), -you can enable runner registration tokens. This setting and support for runner registration tokens will be removed in GitLab 18.0. - -1. On the left sidebar, at the bottom, select **Admin**. -1. Select **Settings > CI/CD**. -1. Expand **Runners**. -1. Select the **Allow runner registration token** checkbox. - -## Instance runners compute quota - -As an administrator you can set either a global or namespace-specific -limit on the number of [compute minutes](../../ci/pipelines/compute_minutes.md) you can use. - -## Enable a project runner for multiple projects - -If you have already registered a [project runner](../../ci/runners/runners_scope.md#project-runners) -you can assign that runner to other projects. - -To enable a project runner for more than one project: - -1. On the left sidebar, at the bottom, select **Admin**. -1. From the left sidebar, select **CI/CD > Runners**. -1. Select the runner you want to edit. -1. In the upper-right corner, select **Edit** (**{pencil}**). -1. Under **Restrict projects for this runner**, search for a project. -1. To the left of the project, select **Enable**. -1. Repeat this process for each additional project. - -## Add a message for instance runners +### Add a message for instance runners To display details about the instance runners in all projects' runner settings: @@ -97,7 +59,98 @@ To view the rendered details: ![A project's runner settings shows a message about shared runner guidelines.](img/continuous_integration_shared_runner_details_v14_10.png) -## Maximum artifacts size +### Enable a project runner for multiple projects + +If you have already registered a [project runner](../../ci/runners/runners_scope.md#project-runners) +you can assign that runner to other projects. + +To enable a project runner for more than one project: + +1. On the left sidebar, at the bottom, select **Admin**. +1. From the left sidebar, select **CI/CD > Runners**. +1. Select the runner you want to edit. +1. In the upper-right corner, select **Edit** (**{pencil}**). +1. Under **Restrict projects for this runner**, search for a project. +1. To the left of the project, select **Enable**. +1. Repeat this process for each additional project. + +### Disable runner version management + +> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/114041) in GitLab 15.10. + +By default, GitLab instances periodically fetch official runner version data from GitLab.com to [determine whether the runners need upgrades](../../ci/runners/runners_scope.md#determine-which-runners-need-to-be-upgraded). + +To disable your instance fetching this data: + +1. On the left sidebar, at the bottom, select **Admin**. +1. Select **Settings > CI/CD**. +1. Expand **Runners**. +1. In the **Runner version management** section, clear the **Fetch GitLab Runner release version data from GitLab.com** checkbox. +1. Select **Save changes**. + +### Restrict runner registration by all users in an instance + +> - [Enabled on GitLab.com and self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/368008) in GitLab 15.5. + +GitLab administrators can adjust who is allowed to register runners, by showing and hiding areas of the UI. +This setting does not affect the ability to create a runner from the UI or through an authenticated API call. + +When the registration sections are hidden in the UI, members of the project or group must contact administrators to enable runner registration in the group or project. If you plan to prevent registration, ensure users have access to the runners they need to run jobs. + +By default, all members of a project and group are able to register runners. + +To restrict all users in an instance from registering runners: + +1. On the left sidebar, at the bottom, select **Admin**. +1. Select **Settings > CI/CD**. +1. Expand **Runners**. +1. In the **Runner registration** section, clear the **Members of the project can register runners** and + **Members of the group can register runners** checkboxes to remove runner registration from the UI. +1. Select **Save changes**. + +NOTE: +After you disable runner registration by members of a project, the registration +token automatically rotates. The token is no longer valid and you must +use the new registration token for the project. + +### Restrict runner registration by all members in a group + +Prerequisites: + +- Runner registration must be enabled for [all users in the instance](#restrict-runner-registration-by-all-users-in-an-instance). + +GitLab administrators can adjust group permissions to restrict runner registration by group members. + +To restrict runner registration by members in a specific group: + +1. On the left sidebar, at the bottom, select **Admin**. +1. Select **Overview > Groups** and find your group. +1. Select **Edit**. +1. Clear the **New group runners can be registered** checkbox if you want to disable runner registration by all members in the group. If the setting is read-only, you must enable runner registration for the [instance](#restrict-runner-registration-by-all-users-in-an-instance). +1. Select **Save changes**. + +### Allow runner registrations tokens + +> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/147559) in GitLab 16.11 + +WARNING: +The ability to pass a runner registration token, and support for certain configuration arguments +was deprecated in GitLab 15.6 and will be removed in GitLab 18.0. Runner authentication tokens should be used instead. +For more information, see [Migrating to the new runner registration workflow](../../ci/runners/new_creation_workflow.md). + +In GitLab 17.0, the use of runner registration tokens to create runners will be disabled in all GitLab instances. +Users must use runner authentication tokens instead. +If you have not yet [migrated to the use of runner authentication tokens](../../ci/runners/new_creation_workflow.md), +you can allow runner registration tokens. This setting and support for runner registration tokens will be removed in GitLab 18.0. + +1. On the left sidebar, at the bottom, select **Admin**. +1. Select **Settings > CI/CD**. +1. Expand **Runners**. +1. Select the **Allow runner registration token** checkbox. + +## Artifacts + +### Maximum artifacts size An administrator can set the maximum size of the [job artifacts](../../administration/cicd/job_artifacts.md) for: @@ -129,7 +182,7 @@ The value is in MB, and the default value is 100 MB per job. An administrator ca 1. Change the value of **Maximum artifacts size** (in MB). 1. Select **Save changes** for the changes to take effect. -## Default artifacts expiration +### Default artifacts expiration The default expiration time of the [job artifacts](../../administration/cicd/job_artifacts.md) can be set in the **Admin** area of your GitLab instance. The syntax of duration is @@ -151,7 +204,7 @@ be updated for artifacts created before this setting was changed. The administrator may need to manually search for and expire previously-created artifacts, as described in the [troubleshooting documentation](../../administration/cicd/job_artifacts_troubleshooting.md#delete-old-builds-and-artifacts). -## Keep the latest artifacts for all jobs in the latest successful pipelines +### Keep the latest artifacts for all jobs in the latest successful pipelines When enabled (default), the artifacts of the most recent pipeline for each Git ref ([branches and tags](https://git-scm.com/book/en/v2/Git-Internals-Git-References)) @@ -177,6 +230,21 @@ A new pipeline must run before the latest artifacts can expire and be deleted. NOTE: All application settings have a [customizable cache expiry interval](../../administration/application_settings_cache.md) which can delay the settings affect. +### Disable the external redirect page for job artifacts + +By default, GitLab Pages shows an external redirect page when a user tries to view +a job artifact served by GitLab Pages. This page warns about the potential for +malicious user-generated content, as described in +[issue 352611](https://gitlab.com/gitlab-org/gitlab/-/issues/352611). + +Self-managed administrators can disable the external redirect warning page, +so you can view job artifact pages directly: + +1. On the left sidebar, at the bottom, select **Admin**. +1. Select **Settings > CI/CD**. +1. Expand **Continuous Integration and Deployment**. +1. Deselect **Enable the external redirect page for job artifacts**. + ## Archive jobs You can archive old jobs to prevent them from being re-run individually. Archived jobs @@ -252,7 +320,7 @@ from the **Admin** area: 1. On the left sidebar, at the bottom, select **Admin**. 1. Select **Settings > CI/CD**. 1. Expand the **Continuous Integration and Deployment** section. - + 1. In the **CI/CD limits** section, you can set the following limits: - **Maximum number of jobs in a single pipeline** - **Total number of jobs in currently active pipelines** @@ -262,37 +330,22 @@ from the **Admin** area: - **Maximum number of runners registered per group** - **Maximum number of runners registered per project** - **Maximum number of downstream pipelines in a pipeline's hierarchy tree** - + -## Enable or disable the pipeline suggestion banner +## Disable the pipeline suggestion banner By default, a banner displays in merge requests with no pipeline suggesting a walkthrough on how to add one. ![A banner displays guidance on how to get started with GitLab Pipelines.](img/suggest_pipeline_banner_v14_5.png) -To enable or disable the banner: +To disable the banner: 1. On the left sidebar, at the bottom, select **Admin**. 1. Select **Settings > CI/CD**. -1. Select or clear the **Enable pipeline suggestion banner** checkbox. +1. Clear the **Enable pipeline suggestion banner** checkbox. 1. Select **Save changes**. -## Enable or disable the external redirect page for job artifacts - -By default, GitLab Pages shows an external redirect page when a user tries to view -a job artifact served by GitLab Pages. This page warns about the potential for -malicious user-generated content, as described in -[issue 352611](https://gitlab.com/gitlab-org/gitlab/-/issues/352611). - -Self-managed administrators can disable the external redirect warning page, -so you can view job artifact pages directly: - -1. On the left sidebar, at the bottom, select **Admin**. -1. Select **Settings > CI/CD**. -1. Expand **Continuous Integration and Deployment**. -1. Deselect **Enable the external redirect page for job artifacts**. - ## Required pipeline configuration DETAILS: @@ -398,74 +451,3 @@ To set the maximum file size: 1. Find the package type you would like to adjust. 1. Enter the maximum file size, in bytes. 1. Select **Save size limits**. - -## Restrict runner registration by all users in an instance - -> - [Enabled on GitLab.com and self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/368008) in GitLab 15.5. - -GitLab administrators can adjust who is allowed to register runners, by showing and hiding areas of the UI. -This setting does not affect the ability to create a runner from the UI or through an authenticated API call. - -When the registration sections are hidden in the UI, members of the project or group must contact administrators to enable runner registration in the group or project. If you plan to prevent registration, ensure users have access to the runners they need to run jobs. - -By default, all members of a project and group are able to register runners. - -To restrict all users in an instance from registering runners: - -1. On the left sidebar, at the bottom, select **Admin**. -1. Select **Settings > CI/CD**. -1. Expand **Runners**. -1. In the **Runner registration** section, clear the **Members of the project can register runners** and - **Members of the group can register runners** checkboxes to remove runner registration from the UI. -1. Select **Save changes**. - -NOTE: -After you disable runner registration by members of a project, the registration -token automatically rotates. The token is no longer valid and you must -use the new registration token for the project. - -## Restrict runner registration by all members in a group - -Prerequisites: - -- Runner registration must be enabled for [all users in the instance](#restrict-runner-registration-by-all-users-in-an-instance). - -GitLab administrators can adjust group permissions to restrict runner registration by group members. - -To restrict runner registration by members in a specific group: - -1. On the left sidebar, at the bottom, select **Admin**. -1. Select **Overview > Groups** and find your group. -1. Select **Edit**. -1. Clear the **New group runners can be registered** checkbox if you want to disable runner registration by all members in the group. If the setting is read-only, you must enable runner registration for the [instance](#restrict-runner-registration-by-all-users-in-an-instance). -1. Select **Save changes**. - -## Disable runner version management - -> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/114041) in GitLab 15.10. - -By default, GitLab instances periodically fetch official runner version data from GitLab.com to [determine whether the runners need upgrades](../../ci/runners/runners_scope.md#determine-which-runners-need-to-be-upgraded). - -To disable your instance fetching this data: - -1. On the left sidebar, at the bottom, select **Admin**. -1. Select **Settings > CI/CD**. -1. Expand **Runners**. -1. In the **Runner version management** section, clear the **Fetch GitLab Runner release version data from GitLab.com** checkbox. -1. Select **Save changes**. - -## Troubleshooting - -### `413 Request Entity Too Large` error - -If the artifacts are too large, the job might fail with the following error: - -```plaintext -Uploading artifacts as "archive" to coordinator... too large archive responseStatus=413 Request Entity Too Large status=413" at end of a build job on pipeline when trying to store artifacts to . -``` - -You might need to: - -- Increase the [maximum artifacts size](#maximum-artifacts-size). -- If you are using NGINX as a proxy server, increase the file upload size limit which is limited to 1 MB by default. - Set a higher value for `client-max-body-size` in the NGINX configuration file. diff --git a/doc/administration/troubleshooting/gitlab_rails_cheat_sheet.md b/doc/administration/troubleshooting/gitlab_rails_cheat_sheet.md index 8d1e849f47e..b55a6007ecd 100644 --- a/doc/administration/troubleshooting/gitlab_rails_cheat_sheet.md +++ b/doc/administration/troubleshooting/gitlab_rails_cheat_sheet.md @@ -50,7 +50,7 @@ This content has been moved to [Troubleshooting Repository mirroring](../../user ## CI -This content has been moved to [Troubleshooting CI/CD](../cicd/index.md#cicd-troubleshooting-rails-console-commands). +This content has been moved to [CI/CD maintenance](../cicd/maintenance.md). ## License diff --git a/doc/api/repositories.md b/doc/api/repositories.md index 21abe93e1a4..fa1d3884b48 100644 --- a/doc/api/repositories.md +++ b/doc/api/repositories.md @@ -20,7 +20,7 @@ be accessed without authentication if the repository is publicly accessible. This command provides essentially the same features as the `git ls-tree` command. For more information, refer to the section -[Tree Objects](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects/#_tree_objects) +[Tree Objects](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects.html#_tree_objects) in the Git internals documentation. WARNING: diff --git a/doc/ci/runners/new_creation_workflow.md b/doc/ci/runners/new_creation_workflow.md index 029b5e34a85..c7930bd5fdd 100644 --- a/doc/ci/runners/new_creation_workflow.md +++ b/doc/ci/runners/new_creation_workflow.md @@ -69,7 +69,7 @@ To avoid a broken workflow, you must: WARNING: In GitLab 17.0 and later, runner registration tokens are disabled. To use stored runner registration tokens to register new runners, -you must [enable the tokens](../../administration/settings/continuous_integration.md#enable-runner-registrations-tokens). +you must [enable the tokens](../../administration/settings/continuous_integration.md#allow-runner-registrations-tokens). ## Using registration tokens after GitLab 17.0 @@ -77,7 +77,7 @@ To continue using registration tokens after GitLab 17.0: - On GitLab.com, you can manually [enable the legacy runner registration process](runners_scope.md#enable-use-of-runner-registration-tokens-in-projects-and-groups) in the top-level group settings until GitLab 18.0. -- On GitLab self-managed, you can manually [enable the legacy runner registration process](../../administration/settings/continuous_integration.md#enable-runner-registrations-tokens) +- On GitLab self-managed, you can manually [enable the legacy runner registration process](../../administration/settings/continuous_integration.md#allow-runner-registrations-tokens) in the **Admin** area settings until GitLab 18.0. ## Impact on existing runners diff --git a/doc/ci/runners/runners_scope.md b/doc/ci/runners/runners_scope.md index b74a1789fe9..bc1a74e110e 100644 --- a/doc/ci/runners/runners_scope.md +++ b/doc/ci/runners/runners_scope.md @@ -81,7 +81,7 @@ should be used instead. For more information, see [Migrating to the new runner r Prerequisites: -- Runner registration tokens must be [enabled](../../administration/settings/continuous_integration.md#enable-runner-registrations-tokens) in the **Admin** area. +- Runner registration tokens must be [enabled](../../administration/settings/continuous_integration.md#allow-runner-registrations-tokens) in the **Admin** area. - You must be an administrator. To create an instance runner: @@ -689,7 +689,7 @@ you can enable runner registration tokens for projects and groups. This setting Prerequisites: -- Runner registration tokens must be [enabled](../../administration/settings/continuous_integration.md#enable-runner-registrations-tokens) in the **Admin** area. +- Runner registration tokens must be [enabled](../../administration/settings/continuous_integration.md#allow-runner-registrations-tokens) in the **Admin** area. 1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > CI/CD**. diff --git a/doc/subscriptions/gitlab_dedicated/index.md b/doc/subscriptions/gitlab_dedicated/index.md index d9b77db4ada..9fa84b7c666 100644 --- a/doc/subscriptions/gitlab_dedicated/index.md +++ b/doc/subscriptions/gitlab_dedicated/index.md @@ -80,7 +80,7 @@ Inside tenant accounts, GitLab leverages Intrusion Detection and Malware Scannin #### Audit and observability -GitLab Dedicated provides access to [audit and system logs](../../administration/dedicated/configure_instance.md#access-to-application-logs) generated by the application. +GitLab Dedicated provides access to [application logs](../../administration/dedicated/configure_instance.md#application-logs). ### Bring your own domain diff --git a/doc/topics/autodevops/index.md b/doc/topics/autodevops/index.md index aa1f6deda8a..cfb2d972cb9 100644 --- a/doc/topics/autodevops/index.md +++ b/doc/topics/autodevops/index.md @@ -74,24 +74,20 @@ If you want to build, test, and deploy your app: Auto DevOps runs pipelines automatically only if a [`Dockerfile` or matching buildpack](stages.md#auto-build) exists. -Depending on your instance type, you can enable or disable Auto DevOps at the -following levels: +You can enable or disable Auto DevOps for a project or an entire group. Instance administrators +can also [set Auto DevOps as the default](../../administration/settings/continuous_integration.md#auto-devops) +for all projects in an instance. -| Instance type | [Project](#per-project) | [Group](#per-group) | [Instance](#per-instance) (**Admin** area) | -|---------------------|------------------------|------------------------|------------------------| -| GitLab SaaS | **{check-circle}** Yes | **{check-circle}** Yes | **{dotted-circle}** No | -| GitLab self-managed | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | - -Before enabling Auto DevOps, consider [preparing it for deployment](requirements.md). If you don't, Auto DevOps can build and test your app, -but cannot deploy it. +Before enabling Auto DevOps, consider [preparing it for deployment](requirements.md). +If you don't, Auto DevOps can build and test your app, but cannot deploy it. #### Per project To use Auto DevOps for individual projects, you can enable it in a project-by-project basis. If you intend to use it for more projects, you can enable it for a [group](#per-group) or an -[instance](#per-instance). This can save you the time of -enabling it in each project. +[instance](../../administration/settings/continuous_integration.md#auto-devops). +This can save you the time of enabling it in each project. Prerequisites: @@ -147,42 +143,6 @@ Auto DevOps pipeline for any project that belongs to that group: 1. Select **Build > Pipelines**. 1. To trigger the Auto DevOps pipeline, select **New pipeline**. -#### Per instance - -DETAILS: -**Tier:** Free, Premium, Ultimate -**Offering:** Self-managed, GitLab Dedicated - -To enable Auto DevOps by default for all projects, you can enable it for the entire instance. -You can still disable Auto DevOps for each group and project -where you don't want to run it. - -Even when disabled for an instance, group Owners and project Maintainers -can still enable Auto DevOps for specific groups and projects. - -Prerequisites: - -- You must be an administrator for the instance. - -To enable Auto DevOps for your instance: - -1. On the left sidebar, at the bottom, select **Admin**. -1. Select **Settings > CI/CD**. -1. Expand **Auto DevOps**. -1. Select the **Default to Auto DevOps pipeline** checkbox. -1. Optional. Add the Auto DevOps [base domain](requirements.md#auto-devops-base-domain). -1. Select **Save changes**. - -When enabled, Auto DevOps attempts to run pipelines in every project. If the -pipeline fails in a particular project, it disables itself. -GitLab administrators can change this in the [Auto DevOps settings](../../administration/settings/continuous_integration.md#auto-devops). - -If a `.gitlab-ci.yml` file is present, -it remains unchanged and Auto DevOps does not affect it. - -To disable Auto DevOps for the instance, follow the same process -and clear the **Default to Auto DevOps pipeline** checkbox. - ### Deploy your app to a cloud provider - [Use Auto DevOps to deploy to a Kubernetes cluster on Google Kubernetes Engine (GKE)](cloud_deployments/auto_devops_with_gke.md) diff --git a/doc/topics/git/git_rebase.md b/doc/topics/git/git_rebase.md index 415c56ebae7..968137ae7e2 100644 --- a/doc/topics/git/git_rebase.md +++ b/doc/topics/git/git_rebase.md @@ -274,11 +274,9 @@ If, after using the `/rebase` [quick action](../../user/project/quick_actions.md#issues-merge-requests-and-epics), you see this error, a rebase cannot be scheduled: - ```plaintext This merge request is currently in an unmergeable state, and cannot be rebased. ``` - This error occurs if any of these conditions are true: diff --git a/doc/user/gitlab_com/index.md b/doc/user/gitlab_com/index.md index 2db8969f727..393bdb8fc75 100644 --- a/doc/user/gitlab_com/index.md +++ b/doc/user/gitlab_com/index.md @@ -207,23 +207,23 @@ Below are the current settings regarding [GitLab CI/CD](../../ci/index.md). Any settings or feature limits not listed here are using the defaults listed in the related documentation. -| Setting | GitLab.com | Default (self-managed) | -|----------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------|------------------------| -| Artifacts maximum size (compressed) | 1 GB | See [Maximum artifacts size](../../administration/settings/continuous_integration.md#maximum-artifacts-size). | -| Artifacts [expiry time](../../ci/yaml/index.md#artifactsexpire_in) | From June 22, 2020, deleted after 30 days unless otherwise specified (artifacts created before that date have no expiry). | See [Default artifacts expiration](../../administration/settings/continuous_integration.md#default-artifacts-expiration). | -| Scheduled Pipeline Cron | `*/5 * * * *` | See [Pipeline schedules advanced configuration](../../administration/cicd/index.md#change-maximum-scheduled-pipeline-frequency). | -| Maximum jobs in active pipelines | `500` for Free tier, `1000` for all trial tiers, `20000` for Premium, and `100000` for Ultimate. | See [Number of jobs in active pipelines](../../administration/instance_limits.md#number-of-jobs-in-active-pipelines). | -| Maximum CI/CD subscriptions to a project | `2` | See [Number of CI/CD subscriptions to a project](../../administration/instance_limits.md#number-of-cicd-subscriptions-to-a-project). | -| Maximum number of pipeline triggers in a project | `25000` for all tiers | See [Limit the number of pipeline triggers](../../administration/instance_limits.md#limit-the-number-of-pipeline-triggers). | -| Maximum pipeline schedules in projects | `10` for Free tier, `50` for all paid tiers | See [Number of pipeline schedules](../../administration/instance_limits.md#number-of-pipeline-schedules). | -| Maximum pipelines per schedule | `24` for Free tier, `288` for all paid tiers | See [Limit the number of pipelines created by a pipeline schedule per day](../../administration/instance_limits.md#limit-the-number-of-pipelines-created-by-a-pipeline-schedule-per-day). | -| Maximum number of schedule rules defined for each security policy project | Unlimited for all paid tiers | See [Number of schedule rules defined for each security policy project](../../administration/instance_limits.md#limit-the-number-of-schedule-rules-defined-for-security-policy-project). | -| Scheduled job archiving | 3 months (from June 22, 2020). Jobs created before that date were archived after September 22, 2020. | Never. | -| Maximum test cases per [unit test report](../../ci/testing/unit_test_reports.md) | `500000` | Unlimited. | -| Maximum registered runners | Free tier: `50` per-group / `50` per-project
All paid tiers: `1000` per-group / `1000` per-project | See [Number of registered runners per scope](../../administration/instance_limits.md#number-of-registered-runners-per-scope). | -| Limit of dotenv variables | Free tier: `50` / Premium tier: `100` / Ultimate tier: `150` | See [Limit dotenv variables](../../administration/instance_limits.md#limit-dotenv-variables). | -| Authorization token duration (minutes) | `15` | To set a custom value, in the Rails console, run `ApplicationSetting.last.update(container_registry_token_expire_delay: )`, where `` is the desired number of minutes. | -| Maximum downstream pipeline trigger rate (for a given project, user, and commit) | `350` per minute | See [Maximum downstream pipeline trigger rate](../../administration/settings/continuous_integration.md#maximum-downstream-pipeline-trigger-rate). | +| Setting | GitLab.com | Default (self-managed) | +|----------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------|------------------------| +| Artifacts maximum size (compressed) | 1 GB | See [Maximum artifacts size](../../administration/settings/continuous_integration.md#maximum-artifacts-size). | +| Artifacts [expiry time](../../ci/yaml/index.md#artifactsexpire_in) | 30 days unless otherwise specified | See [Default artifacts expiration](../../administration/settings/continuous_integration.md#default-artifacts-expiration). Artifacts created before June 22, 2020 have no expiry. | +| Scheduled Pipeline Cron | `*/5 * * * *` | See [Pipeline schedules advanced configuration](../../administration/cicd/index.md#change-maximum-scheduled-pipeline-frequency). | +| Maximum jobs in active pipelines | `500` for Free tier, `1000` for all trial tiers, `20000` for Premium, and `100000` for Ultimate. | See [Number of jobs in active pipelines](../../administration/instance_limits.md#number-of-jobs-in-active-pipelines). | +| Maximum CI/CD subscriptions to a project | `2` | See [Number of CI/CD subscriptions to a project](../../administration/instance_limits.md#number-of-cicd-subscriptions-to-a-project). | +| Maximum number of pipeline triggers in a project | `25000` | See [Limit the number of pipeline triggers](../../administration/instance_limits.md#limit-the-number-of-pipeline-triggers). | +| Maximum pipeline schedules in projects | `10` for Free tier, `50` for all paid tiers | See [Number of pipeline schedules](../../administration/instance_limits.md#number-of-pipeline-schedules). | +| Maximum pipelines per schedule | `24` for Free tier, `288` for all paid tiers | See [Limit the number of pipelines created by a pipeline schedule per day](../../administration/instance_limits.md#limit-the-number-of-pipelines-created-by-a-pipeline-schedule-per-day). | +| Maximum number of schedule rules defined for each security policy project | Unlimited for all paid tiers | See [Number of schedule rules defined for each security policy project](../../administration/instance_limits.md#limit-the-number-of-schedule-rules-defined-for-security-policy-project). | +| Scheduled job archiving | 3 months | Never. Jobs created before June 22, 2020 were archived after September 22, 2020. | +| Maximum test cases per [unit test report](../../ci/testing/unit_test_reports.md) | `500000` | Unlimited. | +| Maximum registered runners | Free tier: `50` per group and `50` per project
All paid tiers: `1000` per group and `1000` per project | See [Number of registered runners per scope](../../administration/instance_limits.md#number-of-registered-runners-per-scope). | +| Limit of dotenv variables | Free tier: `50`
Premium tier: `100`
Ultimate tier: `150` | See [Limit dotenv variables](../../administration/instance_limits.md#limit-dotenv-variables). | +| Authorization token duration (minutes) | `15` | To set a custom value, in the Rails console, run `ApplicationSetting.last.update(container_registry_token_expire_delay: )`, where `` is the desired number of minutes. | +| Maximum downstream pipeline trigger rate (for a given project, user, and commit) | `350` per minute | See [Maximum downstream pipeline trigger rate](../../administration/settings/continuous_integration.md#maximum-downstream-pipeline-trigger-rate). | ## Package registry limits diff --git a/doc/user/project/settings/import_export_troubleshooting.md b/doc/user/project/settings/import_export_troubleshooting.md index 866cb212a00..c9a8a5d7164 100644 --- a/doc/user/project/settings/import_export_troubleshooting.md +++ b/doc/user/project/settings/import_export_troubleshooting.md @@ -46,8 +46,6 @@ If there are too many users for manual configuration to be feasible, you can set all user profiles to use a public email address using the [Rails console](../../../administration/operations/rails_console.md#starting-a-rails-console-session): - - ```ruby User.where("public_email IS NULL OR public_email = '' ").find_each do |u| next if u.bot? @@ -58,8 +56,6 @@ User.where("public_email IS NULL OR public_email = '' ").find_each do |u| end ``` - - ## Import workarounds for large repositories [Maximum import size limitations](import_export.md#import-a-project-and-its-data) diff --git a/lib/gitlab/search_results.rb b/lib/gitlab/search_results.rb index cd08db48356..b94184cfe8c 100644 --- a/lib/gitlab/search_results.rb +++ b/lib/gitlab/search_results.rb @@ -181,7 +181,7 @@ module Gitlab scope = limit_projects scope = scope.non_archived unless filters[:include_archived] - scope.search(query) + scope.search(query, include_namespace: true, use_minimum_char_limit: false) end def issues(finder_params = {}) diff --git a/spec/factories/import_export_uploads.rb b/spec/factories/import_export_uploads.rb index 53ac35837d1..21eb4d90412 100644 --- a/spec/factories/import_export_uploads.rb +++ b/spec/factories/import_export_uploads.rb @@ -2,7 +2,7 @@ FactoryBot.define do factory :import_export_upload do - project { association(:project) } + project { association(:project) if group.nil? } user { association(:user) } export_file { fixture_file_upload('spec/fixtures/group_export.tar.gz') } end diff --git a/spec/frontend/work_items/mock_data.js b/spec/frontend/work_items/mock_data.js index 1acc0fffc12..1d367be3922 100644 --- a/spec/frontend/work_items/mock_data.js +++ b/spec/frontend/work_items/mock_data.js @@ -3248,6 +3248,7 @@ export const mockWorkItemNotesByIidResponse = { }, { type: 'NOTES', + discussionLocked: false, discussions: { pageInfo: { hasNextPage: true, @@ -3483,6 +3484,7 @@ export const mockMoreWorkItemNotesResponse = { }, { type: 'NOTES', + discussionLocked: false, discussions: { pageInfo: { hasNextPage: true, @@ -3840,6 +3842,7 @@ export const mockWorkItemNotesResponseWithComments = (resolved = false) => { }, { type: 'NOTES', + discussionLocked: false, discussions: { pageInfo: { hasNextPage: false, @@ -4263,6 +4266,7 @@ export const workItemNotesWithSystemNotesWithChangedDescription = { }, { type: 'NOTES', + discussionLocked: false, discussions: { pageInfo: { hasNextPage: false, diff --git a/spec/helpers/search_helper_spec.rb b/spec/helpers/search_helper_spec.rb index 54877a435bd..2d694293af5 100644 --- a/spec/helpers/search_helper_spec.rb +++ b/spec/helpers/search_helper_spec.rb @@ -561,6 +561,14 @@ RSpec.describe SearchHelper, feature_category: :global_search do expect(projects_autocomplete(search_term).pluck(:id)).to eq([project_2.id]) end + context 'when the search term is Gitlab::Search::Params::MIN_TERM_LENGTH characters long' do + let(:search_term) { 'te' } + + it 'returns the project' do + expect(projects_autocomplete(search_term).pluck(:id)).to eq([project_2.id]) + end + end + context 'when a project namespace matches the search term but the project does not' do let_it_be(:group) { create(:group, name: 'test group') } let_it_be(:project_3) { create(:project, name: 'nothing', namespace: group) } @@ -573,6 +581,37 @@ RSpec.describe SearchHelper, feature_category: :global_search do expect(projects_autocomplete(search_term).pluck(:id)).to match_array([project_2.id, project_3.id]) end end + + context 'with feature flag autocomplete_projects_use_search_service disabled' do + before do + stub_feature_flags(autocomplete_projects_use_search_service: false) + end + + it 'returns the project' do + expect(projects_autocomplete(search_term).pluck(:id)).to eq([project_2.id]) + end + + context 'when the search term is Gitlab::Search::Params::MIN_TERM_LENGTH characters long' do + let(:search_term) { 'te' } + + it 'returns the project' do + expect(projects_autocomplete(search_term).pluck(:id)).to eq([project_2.id]) + end + end + + context 'when a project namespace matches the search term but the project does not' do + let_it_be(:group) { create(:group, name: 'test group') } + let_it_be(:project_3) { create(:project, name: 'nothing', namespace: group) } + + before do + group.add_owner(user) + end + + it 'returns all projects matching the term' do + expect(projects_autocomplete(search_term).pluck(:id)).to match_array([project_2.id, project_3.id]) + end + end + end end end diff --git a/spec/lib/gitlab/database/sharding_key_spec.rb b/spec/lib/gitlab/database/sharding_key_spec.rb index 3d0fce518e3..56db71bd180 100644 --- a/spec/lib/gitlab/database/sharding_key_spec.rb +++ b/spec/lib/gitlab/database/sharding_key_spec.rb @@ -167,6 +167,8 @@ RSpec.describe 'new tables missing sharding_key', feature_category: :cell do end it 'ensures all organization_id columns are not nullable, have no default, and have a foreign key' do + loose_foreign_keys = Gitlab::Database::LooseForeignKeys.definitions.group_by(&:from_table) + sql = <<~SQL SELECT c.table_name, CASE WHEN c.column_default IS NOT NULL THEN 'has default' ELSE NULL END, @@ -184,21 +186,16 @@ RSpec.describe 'new tables missing sharding_key', feature_category: :cell do # To add a table to this list, create an issue under https://gitlab.com/groups/gitlab-org/-/epics/11670. # Use https://gitlab.com/gitlab-org/gitlab/-/issues/476206 as an example. work_in_progress = { - "dependency_list_export_parts" => 'https://gitlab.com/gitlab-org/gitlab/-/issues/476207', "dependency_list_exports" => 'https://gitlab.com/gitlab-org/gitlab/-/issues/476208', "namespaces" => 'https://gitlab.com/gitlab-org/gitlab/-/issues/476209', "organization_users" => 'https://gitlab.com/gitlab-org/gitlab/-/issues/476210', "projects" => 'https://gitlab.com/gitlab-org/gitlab/-/issues/476211', "push_rules" => 'https://gitlab.com/gitlab-org/gitlab/-/issues/476212', "raw_usage_data" => 'https://gitlab.com/gitlab-org/gitlab/-/issues/476213', - "sbom_source_packages" => 'https://gitlab.com/gitlab-org/gitlab/-/issues/476214', - "sbom_sources" => 'https://gitlab.com/gitlab-org/gitlab/-/issues/476215', "snippets" => 'https://gitlab.com/gitlab-org/gitlab/-/issues/476216', - "vulnerability_export_parts" => 'https://gitlab.com/gitlab-org/gitlab/-/issues/476218', + "upcoming_reconciliations" => 'https://gitlab.com/gitlab-org/gitlab/-/issues/476217', "vulnerability_exports" => 'https://gitlab.com/gitlab-org/gitlab/-/issues/476219', "personal_access_tokens" => 'https://gitlab.com/gitlab-org/gitlab/-/issues/477750', - "sbom_components" => 'https://gitlab.com/gitlab-org/gitlab/-/issues/469436', - "sbom_component_versions" => 'https://gitlab.com/gitlab-org/gitlab/-/issues/483194', "subscription_user_add_on_assignments" => "https://gitlab.com/gitlab-org/gitlab/-/issues/480697", "topics" => 'https://gitlab.com/gitlab-org/gitlab/-/issues/463254', "oauth_access_tokens" => "https://gitlab.com/gitlab-org/gitlab/-/issues/496717", @@ -206,6 +203,8 @@ RSpec.describe 'new tables missing sharding_key', feature_category: :cell do "oauth_openid_requests" => "https://gitlab.com/gitlab-org/gitlab/-/issues/496717" } + has_lfk = ->(lfks) { lfks.any? { |k| k.options[:column] == 'organization_id' && k.to_table == 'organizations' } } + organization_id_columns = ApplicationRecord.connection.select_rows(sql) violations = organization_id_columns.reject { |column| work_in_progress[column[0]] } messages = violations.filter_map do |violation| @@ -217,6 +216,8 @@ RSpec.describe 'new tables missing sharding_key', feature_category: :cell do end end + violation.delete_at(3) if violation[3] && has_lfk.call(loose_foreign_keys.fetch(violation[0], {})) + " #{violation[0]} - #{violation[1..].compact.join(', ')}" if violation[1..].any? end diff --git a/spec/lib/gitlab/search_results_spec.rb b/spec/lib/gitlab/search_results_spec.rb index ebe39d51bb6..80a74483ac7 100644 --- a/spec/lib/gitlab/search_results_spec.rb +++ b/spec/lib/gitlab/search_results_spec.rb @@ -276,11 +276,39 @@ RSpec.describe Gitlab::SearchResults, feature_category: :global_search do let(:query) { 'Test' } describe 'filtering' do - let_it_be(:group) { create(:group) } + let_it_be(:group) { create(:group, name: 'my-group') } let_it_be(:unarchived_result) { create(:project, :public, group: group, name: 'Test1') } let_it_be(:archived_result) { create(:project, :archived, :public, group: group, name: 'Test2') } it_behaves_like 'search results filtered by archived' + + it 'returns the project' do + expect(results.objects('projects')).to eq([unarchived_result]) + end + + context 'when the query is Gitlab::Search::Params::MIN_TERM_LENGTH characters long' do + let(:query) { 'Te' } + + it 'returns the project' do + expect(results.objects('projects')).to eq([unarchived_result]) + end + end + + context 'when the query is less than Gitlab::Search::Params::MIN_TERM_LENGTH characters long' do + let(:query) { 'T' } + + it 'does not return the project' do + expect(results.objects('projects')).not_to eq([unarchived_result]) + end + end + + context 'when the query does not match the project name but it matches the group name' do + let(:query) { 'group' } + + it 'returns the project' do + expect(results.objects('projects')).to eq([unarchived_result]) + end + end end end diff --git a/spec/migrations/20241010101254_delete_import_export_uploads_without_project_id_or_group_id_spec.rb b/spec/migrations/20241010101254_delete_import_export_uploads_without_project_id_or_group_id_spec.rb new file mode 100644 index 00000000000..3c558d1bca7 --- /dev/null +++ b/spec/migrations/20241010101254_delete_import_export_uploads_without_project_id_or_group_id_spec.rb @@ -0,0 +1,40 @@ +# frozen_string_literal: true + +require 'spec_helper' +require_migration! + +RSpec.describe DeleteImportExportUploadsWithoutProjectIdOrGroupId, feature_category: :importers do + let!(:namespace) { table(:namespaces).create!(name: 'namespace', path: 'namespace') } + let!(:import_export_uploads_table) { table(:import_export_uploads) } + let!(:project) { table(:projects).create!(namespace_id: namespace.id, project_namespace_id: namespace.id) } + + let(:user) do + table(:users).create!(name: 'test', email: 'example.user@gitlab.com', projects_limit: 5) + end + + let(:bulk_import) do + table(:bulk_imports).create!(user_id: user.id, source_type: 0, status: 0) + end + + let!(:import_export_upload_without_project_or_group) do + import_export_uploads_table.create!(project_id: nil, group_id: nil, remote_import_url: "https://example.gitlab.com") + end + + let!(:import_export_upload_with_project) do + import_export_uploads_table.create!(project_id: project.id, remote_import_url: "https://example.gitlab.com") + end + + let!(:import_export_upload_with_group) do + import_export_uploads_table.create!(group_id: namespace.id, remote_import_url: "https://example.gitlab.com") + end + + describe '#up' do + it 'deletes import_export_uploads without a project_id or group_id' do + migrate! + + expect(import_export_uploads_table.where(project_id: nil, group_id: nil)).to be_empty + expect(import_export_uploads_table.where(project_id: project.id)).not_to be_empty + expect(import_export_uploads_table.where(group_id: namespace.id)).not_to be_empty + end + end +end diff --git a/spec/services/ci/job_token_scope/add_group_service_spec.rb b/spec/services/ci/job_token_scope/add_group_service_spec.rb index f695c742c47..358f6665d29 100644 --- a/spec/services/ci/job_token_scope/add_group_service_spec.rb +++ b/spec/services/ci/job_token_scope/add_group_service_spec.rb @@ -3,13 +3,13 @@ require 'spec_helper' RSpec.describe Ci::JobTokenScope::AddGroupService, feature_category: :continuous_integration do - let(:service) { described_class.new(project, current_user) } - let_it_be(:project) { create(:project, ci_outbound_job_token_scope_enabled: true).tap(&:save!) } let_it_be(:target_group) { create(:group, :private) } let_it_be(:current_user) { create(:user) } let_it_be(:policies) { %w[read_project read_package] } + let(:service) { described_class.new(project, current_user) } + shared_examples 'adds group' do |_context| it 'adds the group to the scope', :aggregate_failures do expect { result }.to change { Ci::JobToken::GroupScopeLink.count }.by(1) diff --git a/spec/services/ci/job_token_scope/remove_group_service_spec.rb b/spec/services/ci/job_token_scope/remove_group_service_spec.rb index 25143aa517f..402c8683d56 100644 --- a/spec/services/ci/job_token_scope/remove_group_service_spec.rb +++ b/spec/services/ci/job_token_scope/remove_group_service_spec.rb @@ -19,6 +19,7 @@ RSpec.describe Ci::JobTokenScope::RemoveGroupService, feature_category: :continu it 'removes the group from the scope' do expect do expect(result).to be_success + expect(result.payload).to eq(link) end.to change { Ci::JobToken::GroupScopeLink.count }.by(-1) end end diff --git a/spec/services/ci/job_token_scope/remove_project_service_spec.rb b/spec/services/ci/job_token_scope/remove_project_service_spec.rb index c1f28ea4523..b20130abe4c 100644 --- a/spec/services/ci/job_token_scope/remove_project_service_spec.rb +++ b/spec/services/ci/job_token_scope/remove_project_service_spec.rb @@ -18,6 +18,7 @@ RSpec.describe Ci::JobTokenScope::RemoveProjectService, feature_category: :conti it 'removes the project from the scope' do expect do expect(result).to be_success + expect(result.payload).to eq(link) end.to change { Ci::JobToken::ProjectScopeLink.count }.by(-1) end end diff --git a/spec/uploaders/import_export_uploader_spec.rb b/spec/uploaders/import_export_uploader_spec.rb index 1a2041df3d0..af456bbbaab 100644 --- a/spec/uploaders/import_export_uploader_spec.rb +++ b/spec/uploaders/import_export_uploader_spec.rb @@ -5,7 +5,7 @@ require 'spec_helper' RSpec.describe ImportExportUploader do let(:model) { build_stubbed(:import_export_upload) } let(:upload) { create(:upload, model: model) } - let(:import_export_upload) { ImportExportUpload.new } + let(:import_export_upload) { build(:import_export_upload) } subject { described_class.new(model, :import_file) }