Add latest changes from gitlab-org/gitlab@master
This commit is contained in:
parent
cab5a484fe
commit
040df42a88
|
@ -77,6 +77,11 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy
|
|||
|
||||
condition(:crm_enabled, score: 0, scope: :subject) { Feature.enabled?(:customer_relations, @subject) }
|
||||
|
||||
with_scope :subject
|
||||
condition(:group_runner_registration_allowed, score: 0, scope: :subject) do
|
||||
Feature.disabled?(:runner_registration_control) || Gitlab::CurrentSettings.valid_runner_registrars.include?('group')
|
||||
end
|
||||
|
||||
rule { can?(:read_group) & design_management_enabled }.policy do
|
||||
enable :read_design_activity
|
||||
end
|
||||
|
@ -200,6 +205,10 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy
|
|||
enable :read_nested_project_resources
|
||||
end
|
||||
|
||||
rule { can?(:admin_group_runners) }.policy do
|
||||
enable :register_group_runners
|
||||
end
|
||||
|
||||
rule { owner }.enable :create_subgroup
|
||||
rule { maintainer & maintainer_can_create_group }.enable :create_subgroup
|
||||
|
||||
|
@ -262,6 +271,10 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy
|
|||
prevent :admin_crm_organization
|
||||
end
|
||||
|
||||
rule { ~group_runner_registration_allowed }.policy do
|
||||
prevent :register_group_runners
|
||||
end
|
||||
|
||||
def access_level(for_any_session: false)
|
||||
return GroupMember::NO_ACCESS if @user.nil?
|
||||
return GroupMember::NO_ACCESS unless user_is_user?
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
= _('These runners are shared across projects in this group.')
|
||||
= _('Group runners can be managed with the %{link}.').html_safe % { link: link }
|
||||
|
||||
- if can?(current_user, :admin_pipeline, @group) && valid_runner_registrars.include?('group')
|
||||
- if can?(current_user, :register_group_runners, @group)
|
||||
- if params[:ci_runner_templates]
|
||||
%hr
|
||||
= render partial: 'ci/runner/setup_runner_in_aws',
|
||||
|
|
|
@ -26,16 +26,16 @@
|
|||
%li.commits-tab.new-tab
|
||||
= link_to url_for(safe_params), data: {target: 'div#commits', action: 'new', toggle: 'tabvue'} do
|
||||
Commits
|
||||
%span.badge.gl-tab-counter-badge.badge-muted.badge-pill.gl-badge.sm= @total_commit_count
|
||||
= gl_badge_tag @total_commit_count, { size: :sm }, { class: 'gl-tab-counter-badge' }
|
||||
- if @pipelines.any?
|
||||
%li.builds-tab
|
||||
= link_to url_for(safe_params.merge(action: 'pipelines')), data: {target: 'div#pipelines', action: 'pipelines', toggle: 'tabvue'} do
|
||||
Pipelines
|
||||
%span.badge.gl-tab-counter-badge.badge-muted.badge-pill.gl-badge.sm= @pipelines.size
|
||||
= gl_badge_tag @pipelines.size, { size: :sm }, { class: 'gl-tab-counter-badge' }
|
||||
%li.diffs-tab
|
||||
= link_to url_for(safe_params.merge(action: 'diffs')), data: {target: 'div#diffs', action: 'diffs', toggle: 'tabvue', qa_selector: 'diffs_tab'} do
|
||||
Changes
|
||||
%span.badge.gl-tab-counter-badge.badge-muted.badge-pill.gl-badge.sm= @merge_request.diff_size
|
||||
= gl_badge_tag @merge_request.diff_size, { size: :sm }, { class: 'gl-tab-counter-badge' }
|
||||
|
||||
#diff-notes-app.tab-content
|
||||
#new.commits.tab-pane.active
|
||||
|
|
|
@ -25,21 +25,21 @@
|
|||
= render "projects/merge_requests/tabs/tab", class: "notes-tab", qa_selector: "notes_tab" do
|
||||
= tab_link_for @merge_request, :show, force_link: @commit.present? do
|
||||
= _("Overview")
|
||||
%span.badge.badge-pill.gl-badge.badge-muted.sm= @merge_request.related_notes.user.count
|
||||
= gl_badge_tag @merge_request.related_notes.user.count, { size: :sm }
|
||||
- if @merge_request.source_project
|
||||
= render "projects/merge_requests/tabs/tab", name: "commits", class: "commits-tab", qa_selector: "commits_tab" do
|
||||
= tab_link_for @merge_request, :commits do
|
||||
= _("Commits")
|
||||
%span.badge.badge-pill.gl-badge.badge-muted.sm= @commits_count
|
||||
= gl_badge_tag @commits_count, { size: :sm }
|
||||
- if @number_of_pipelines.nonzero?
|
||||
= render "projects/merge_requests/tabs/tab", name: "pipelines", class: "pipelines-tab" do
|
||||
= tab_link_for @merge_request, :pipelines do
|
||||
= _("Pipelines")
|
||||
%span.badge.badge-pill.gl-badge.badge-muted.sm.js-pipelines-mr-count= @number_of_pipelines
|
||||
= gl_badge_tag @number_of_pipelines, { size: :sm }, { class: 'js-pipelines-mr-count' }
|
||||
= render "projects/merge_requests/tabs/tab", name: "diffs", class: "diffs-tab", id: "diffs-tab", qa_selector: "diffs_tab" do
|
||||
= tab_link_for @merge_request, :diffs do
|
||||
= _("Changes")
|
||||
%span.badge.badge-pill.gl-badge.badge-muted.sm= @diffs_count
|
||||
= gl_badge_tag @diffs_count, { size: :sm }
|
||||
.d-flex.flex-wrap.align-items-center.justify-content-lg-end
|
||||
#js-vue-discussion-counter
|
||||
|
||||
|
|
|
@ -1,10 +1,7 @@
|
|||
|
||||
- if runner.instance_type?
|
||||
%span.badge.badge-pill.gl-badge.badge-success
|
||||
= s_('Runners|shared')
|
||||
= gl_badge_tag s_('Runners|shared'), variant: :success
|
||||
- elsif runner.group_type?
|
||||
%span.badge.badge-pill.gl-badge.badge-success
|
||||
= s_('Runners|group')
|
||||
= gl_badge_tag s_('Runners|group'), variant: :success
|
||||
- else
|
||||
%span.badge.badge-pill.gl-badge.badge-info
|
||||
= s_('Runners|specific')
|
||||
= gl_badge_tag s_('Runners|specific'), variant: :info
|
||||
|
|
|
@ -761,7 +761,7 @@ Run `gitlab-ctl patroni members` to query Patroni for a summary of the cluster s
|
|||
To verify the status of replication:
|
||||
|
||||
```shell
|
||||
echo 'select * from pg_stat_wal_receiver\x\g\x \n select * from pg_stat_replication\x\g\x' | gitlab-psql
|
||||
echo -e 'select * from pg_stat_wal_receiver\x\g\x \n select * from pg_stat_replication\x\g\x' | gitlab-psql
|
||||
```
|
||||
|
||||
The same command can be run on all three database servers. It returns any information
|
||||
|
|
|
@ -26,8 +26,9 @@ You can take advantage of License Compliance by either:
|
|||
[Auto License Compliance](../../../topics/autodevops/stages.md#auto-license-compliance),
|
||||
provided by [Auto DevOps](../../../topics/autodevops/index.md).
|
||||
|
||||
The [License Finder](https://github.com/pivotal/LicenseFinder) scan tool runs as part of the CI/CD
|
||||
pipeline, and detects the licenses in use. GitLab checks the License Compliance report, compares the
|
||||
To detect the licenses in use, License Compliance uses the [License Finder](https://github.com/pivotal/LicenseFinder) scan tool that runs as part of the CI/CD pipeline.
|
||||
For the job to activate, License Finder needs to find a compatible package definition in the project directory. For details, see the [Activation on License Finder documentation](https://github.com/pivotal/LicenseFinder#activation).
|
||||
GitLab checks the License Compliance report, compares the
|
||||
licenses between the source and target branches, and shows the information right on the merge
|
||||
request. Denied licenses are indicated by a `x` red icon next to them as well as new licenses that
|
||||
need a decision from you. In addition, you can [manually allow or deny](#policies) licenses in your
|
||||
|
|
|
@ -1033,6 +1033,86 @@ RSpec.describe GroupPolicy do
|
|||
end
|
||||
end
|
||||
|
||||
describe 'register_group_runners' do
|
||||
shared_examples 'expected outcome based on runner registration control' do
|
||||
context 'with runner_registration_control FF disabled' do
|
||||
before do
|
||||
stub_feature_flags(runner_registration_control: false)
|
||||
end
|
||||
|
||||
it { is_expected.to be_allowed(:register_group_runners) }
|
||||
end
|
||||
|
||||
context 'with runner_registration_control FF enabled' do
|
||||
before do
|
||||
stub_feature_flags(runner_registration_control: true)
|
||||
end
|
||||
|
||||
context 'with group runner registration disabled' do
|
||||
before do
|
||||
stub_application_setting(valid_runner_registrars: ['project'])
|
||||
end
|
||||
|
||||
it { is_expected.to be_disallowed(:register_group_runners) }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context 'admin' do
|
||||
let(:current_user) { admin }
|
||||
|
||||
context 'when admin mode is enabled', :enable_admin_mode do
|
||||
it { is_expected.to be_allowed(:register_group_runners) }
|
||||
|
||||
it_behaves_like 'expected outcome based on runner registration control'
|
||||
end
|
||||
|
||||
context 'when admin mode is disabled' do
|
||||
it { is_expected.to be_disallowed(:register_group_runners) }
|
||||
end
|
||||
end
|
||||
|
||||
context 'with owner' do
|
||||
let(:current_user) { owner }
|
||||
|
||||
it { is_expected.to be_allowed(:register_group_runners) }
|
||||
|
||||
it_behaves_like 'expected outcome based on runner registration control'
|
||||
end
|
||||
|
||||
context 'with maintainer' do
|
||||
let(:current_user) { maintainer }
|
||||
|
||||
it { is_expected.to be_allowed(:register_group_runners) }
|
||||
|
||||
it_behaves_like 'expected outcome based on runner registration control'
|
||||
end
|
||||
|
||||
context 'with reporter' do
|
||||
let(:current_user) { reporter }
|
||||
|
||||
it { is_expected.to be_disallowed(:register_group_runners) }
|
||||
end
|
||||
|
||||
context 'with guest' do
|
||||
let(:current_user) { guest }
|
||||
|
||||
it { is_expected.to be_disallowed(:register_group_runners) }
|
||||
end
|
||||
|
||||
context 'with non member' do
|
||||
let(:current_user) { create(:user) }
|
||||
|
||||
it { is_expected.to be_disallowed(:register_group_runners) }
|
||||
end
|
||||
|
||||
context 'with anonymous' do
|
||||
let(:current_user) { nil }
|
||||
|
||||
it { is_expected.to be_disallowed(:register_group_runners) }
|
||||
end
|
||||
end
|
||||
|
||||
context 'with customer_relations feature flag disabled' do
|
||||
let(:current_user) { owner }
|
||||
|
||||
|
|
|
@ -11,12 +11,11 @@ RSpec.describe 'groups/runners/group_runners.html.haml' do
|
|||
@group = group
|
||||
allow(view).to receive(:current_user).and_return(user)
|
||||
allow(view).to receive(:reset_registration_token_group_settings_ci_cd_path).and_return('banana_url')
|
||||
allow(view).to receive(:can?).with(user, :admin_pipeline, group).and_return(true)
|
||||
end
|
||||
|
||||
context 'when group runner registration is allowed' do
|
||||
before do
|
||||
stub_application_setting(valid_runner_registrars: ['group'])
|
||||
allow(view).to receive(:can?).with(user, :register_group_runners, group).and_return(true)
|
||||
end
|
||||
|
||||
it 'enables the Remove group button for a group' do
|
||||
|
@ -29,7 +28,7 @@ RSpec.describe 'groups/runners/group_runners.html.haml' do
|
|||
|
||||
context 'when group runner registration is not allowed' do
|
||||
before do
|
||||
stub_application_setting(valid_runner_registrars: ['project'])
|
||||
allow(view).to receive(:can?).with(user, :register_group_runners, group).and_return(false)
|
||||
end
|
||||
|
||||
it 'does not enable the the Remove group button for a group' do
|
||||
|
|
Loading…
Reference in New Issue