Moving the check out of the general requests, makes sure we don't have
any slowdown in the regular requests.
To keep the process performing this checks small, the check is still
performed inside a unicorn. But that is called from a process running
on the same server.
Because the checks are now done outside normal request, we can have a
simpler failure strategy:
The check is now performed in the background every
`circuitbreaker_check_interval`. Failures are logged in redis. The
failures are reset when the check succeeds. Per check we will try
`circuitbreaker_access_retries` times within
`circuitbreaker_storage_timeout` seconds.
When the number of failures exceeds
`circuitbreaker_failure_count_threshold`, we will block access to the
storage.
After `failure_reset_time` of no checks, we will clear the stored
failures. This could happen when the process that performs the checks
is not running.
This enables skipping a lesser housekeeping task
(incremental or full repack) by consistently
scheduling a higher task (respectively full repack or gc)
with the same period.
Cf. #34981
Behind an application setting, which defaults to false, this commit
implements the implied CI/CD config. Which means that in the case we
can't find the `.gitlab-ci.yml` on the commit we want to start a
pipeline for, we fall back to an implied configuration.
For now the Bash template has been copied to
`Auto-Devops.gitlab-ci.yml` so the tests actually work.
Fixes#34777
`allowed_key_types` is removed and the `minimum_<type>_bits` fields are
renamed to `<tech>_key_restriction`. A special sentinel value (`-1`) signifies
that the key type is disabled.
This also feeds through to the UI - checkboxes per key type are out, inline
selection of "forbidden" and "allowed" (i.e., no restrictions) are in.
As with the previous model, unknown key types are disallowed, even if the
underlying ssh daemon happens to support them. The defaults have also been
changed from the lowest known bit size to "no restriction". So if someone
does happen to have a 768-bit RSA key, it will continue to work on upgrade, at
least until the administrator restricts them.
This is an amalgamation of:
* Cory Hinshaw: Initial implementation !5552
* Rémy Coutable: Updates !9350
* Nick Thomas: Resolve conflicts and add ED25519 support !13712
Setting `usage_ping_enabled` to false in `gitlab.yml`:
1. Disables the usage ping, regardless of the value stored in the database.
2. Prevents the usage ping from being enabled through the admin panel. It can
only be enabled by either removing the line from `gitlab.yml` and configuring
through the admin panel, or setting it to true in `gitlab.yml`.
* upstream/master: (247 commits)
Switched CONTRIBUTING.md style guide recommendation for method chaining
Fix new offenses
Stylistic tweaks
Fix OAuth/SAML user blocking behavior
Revert "Enable Style/DotPosition"
Revert "Prefer leading style for Style/DotPosition"
Revert "Enable Style/BarePercentLiterals"
Manually correct autocorrect
Move up delegate calls
Exclude migrations from Style/MutableConstant
ActiveSupport delegation is preferred over Forwardable
Update haml_lint to work with newest rubocop
Add explanations to cops
Update rubocop and rubocop-rspec and regenerate .rubocop_todo.yml
Update rubocop and rubocop-rspec and regenerate .rubocop_todo.yml
Order cops alphabetically
Don’t exclude some file in lib from rubocop
Fix new offenses
Enable Rails/Delegate
Enable Style/WordArray
...
In 8278b763d9 the default behaviour of annotation
has changes, which was causing a lot of noise in diffs. We decided in #17382
that it is better to get rid of the whole annotate gem, and instead let people
look at schema.rb for the columns in a table.
Fixes: #17382
Bob Van Landuyt
Andrew Newdigate
Markus Koller
Kamil Trzcinski
Yorick Peterse
Alex Lossent
Zeger-Jan van de Weg
Nick Thomas
Rémy Coutable
Robert Speicher
Sean McGivern
Douglas Barbosa Alexandre
Lin Jen-Shin
Douwe Maan
Jacob Vosmaer
tiagonbotelho
Patricio Cano
Alejandro Rodríguez
Andrei Gliga
Jeroen van Baarsen
connorshea
Grzegorz Bizon
Jeroen Nijhof