Kubernetes deployments on new clusters will now have
a separate namespace per project environment, instead
of sharing a single namespace for the project.
Behaviour of existing clusters is unchanged.
All new functionality is controlled by the
:kubernetes_namespace_per_environment feature flag,
which is safe to enable/disable at any time.
- Closes#60024
- Change PrometheusClient.new to accept a base url instead of an
already created RestClient
- Use Gitlab::HTTP in PrometheusClient instead of creating RestClient
in PrometheusService
- Move http_options from PrometheusService to
PrometheusClient (follow_redirects: false)
- ensure that base urls don't have the trailing slash
- Created a `PrometheusClient#url` method that might not be strictly
required
- Change rescued exceptions from RestClient::* to
HTTParty::ResponseError where possible and StandardError for the
rest
A nonce-based Content-Security-Policy thwarts XSS attacks by allowing
inline JavaScript to execute if the script nonce matches the header
value. Rails 5.2 supports nonce-based Content-Security-Policy headers,
so provide configuration to enable this and make it work.
To support this, we need to change all `:javascript` HAML filters to the
following form:
```
= javascript_tag nonce: true do
:plain
...
```
We use `%script` throughout our HAML to store JSON and other text, but
since this doesn't execute, browsers don't appear to block this content
from being used and require the nonce value to be present.
Instead of highlighting all lines when not all of them are
needed, only highlight specific lines.
The `BlobPresenter#highlight` method has been updated to
support `since` and `to` params. These params will be used to
limit the content to be highlighted.
Modify `Gitlab::Highlight` to support `since` param which will
then be used to determine the starting line number.
API endpoints for requesting container repositories
and container repositories with their tag information
are enabled for users that want to specify the group
containing the repository rather than the specific project.
- ci_builds.artifacts_expire_at are copied to
ci_job_artifacts.expire_at with incorrect timestamps when the
database timezone is NOT utc
- ci_builds.artifacts_expire_at is `timestamp without time zone` and
ci_job_artifacts.expire_at is `timestamp with time zone` on
postgresql
- Tests fail locally for `rspec
./spec/lib/gitlab/import_export/import_export_spec.rb` without this
change
In dev environments, Sidekiq was encountering the message:
Circular dependency detected while autoloading constant Gitlab::Profiler
This saves some overhead during normal usage.
- Added Importable to models/list.rb
- Did unless: :importable? on board validation
- Created changelog
- Modified haml to show issue boards are importable
- Added needed spec tests
- Modified project.json to include board information
- Added relevant models to all_models
- Added relevant models to import_export
- Added relevant models to safe_model_attributes
Also creates specs
Only allow Helm to be uninstalled if it's the only app
- Remove Tiller leftovers after reser command
- Fixes specs and offenses
Adds changelog file
Fix reset_command specs
This changes `needs:` from weak reference
to have a strong reference.
This means that job will not be created
unless all needs are present as part of
a pipeline.
Simplify SystemHookUrlValidator to inherit from PublicUrlValidator
Refactor specs to move out shared examples to be used in both
system hooks and public url validators.
This MR adds new application setting to network section
`allow_local_requests_from_system_hooks`. Prior to this change
system hooks were allowed to do local network requests by default
and we are adding an ability for admins to control it.
Currently we write out empty CSS classes (`class=""`) every time we
create a new tag. This adds 9 unnecessary bytes per span element. In a
recent trace, I have counted 11950 span elements. So we transported 105
unnecessary kilobytes!
Previously, both InfluxSampler and RubySampler were relying on the
`GC::Profiler.total_time` data which is the sum over the list
of captured GC events. Also, both samplers asynchronously called
`GC::Profiler.clear` which led to incorrect metric data because
each sampler has the wrong assumption it is the only object who calls
`GC::Profiler.clear` and thus could rely on the gathered results between
such calls.
We should ensure that `GC::Profiler.total_time` is called only in one
place making it possible to rely on accumulated data between such wipes.
Also, we need to track the amount of profiler reports we lost.
Remove project from NotesFinder constructor
Add project parameter to specs
Also look for methods in private scope
Fix specs to match new NotesFinder constructor
Concurrent calls to UserMergeToRef RPC updating a single ref
can lead to an opaque fail that is being rescued at Gitaly.
So this commit adds an exclusive lease to the mergeability
check process with the key as the current MR ID.
Peek attempts to serialize results with `to_json`, which calls
`ActiveSupport::JSON`. If an object is passed to `to_json` that contains
instance variables, `ActiveSupport` will attempt to recursively traverse
all variables.
The problem is that we can get into an infinite loop if the instance
references to an instance that references to something else that points
back to the same instance.
To avoid this mess, we just call `to_s` on the object. It appears only
`Gitlab::Git::Repository` and `::Repository` are the culprits here.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/65404
- After uninstalling the knative helm chart it's necessary to also
remove some leftover resources to allow the cluster to be clean
and knative to be reinstalleable.
- Adds knative uninstall disclaimer
- Uninstall ksvc before uninstalling knative
Make list of Knative and Ingres resources explicit
- To avoid deleting unwanted resources we are listing exact
which resources will be deleted rather than simply deleting any
resource that contains istio or knative words.
Ash McKenzie
Tiger Watson
David Wilkins
Stan Hu
Kelly Hair
Bob Van Landuyt
Sean McGivern
Patrick Bajao
Gosia Ksionek
Steve Abrams
Douglas Barbosa Alexandre
Jason Colyer
Rémy Coutable
Cameron Boulton
David H. Wilkins
mo
Dylan Griffith
Kamil Trzciński
Robert Speicher
George Koltsov
Lukas '+ alert('Eipi') + ' Eipert
Aleksei Lipniagov
Marcel Amirault
Heinrich Lee Yu
Douwe Maan
Patrick Derichs
Oswaldo Ferreira
Lin Jen-Shin
Andrew Newdigate
drew
João Cunha
Shinya Maeda