Add latest changes from gitlab-org/gitlab@master
This commit is contained in:
parent
e52d49e87e
commit
0e521d4280
|
@ -65,6 +65,9 @@ _Consider adding links to check for Sentry errors, Production logs for 5xx, 302s
|
|||
- [ ] `/chatops run feature set <feature-flag-name> true --dev`
|
||||
- [ ] `/chatops run feature set <feature-flag-name> true --staging`
|
||||
- [ ] Verify that the feature works as expected. Posting the QA result in this issue is preferable.
|
||||
The best environment to validate the feature in is [staging-canary](https://about.gitlab.com/handbook/engineering/infrastructure/environments/#staging-canary)
|
||||
as this is the first environment deployed to. Note you will need to make sure you are configured to use canary as outlined [here](https://about.gitlab.com/handbook/engineering/infrastructure/environments/canary-stage/)
|
||||
when accessing the staging environment in order to make sure you are testing appropriately.
|
||||
|
||||
### Specific rollout on production
|
||||
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
name: arkose_labs_prevent_login
|
||||
introduced_by_url:
|
||||
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/358838
|
||||
milestone: '14.10'
|
||||
type: development
|
||||
group: group::antiabuse
|
||||
default_enabled: false
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
name: ci_secure_files_read_only
|
||||
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/84089
|
||||
rollout_issue_url:
|
||||
milestone: '14.10'
|
||||
type: ops
|
||||
group: group::incubation
|
||||
default_enabled: false
|
|
@ -0,0 +1,19 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
class AddWorkItemTypeNameUniqueIndexNullNamespaces < Gitlab::Database::Migration[1.0]
|
||||
INDEX_NAME = :idx_work_item_types_on_namespace_id_and_name_null_namespace
|
||||
|
||||
disable_ddl_transaction!
|
||||
|
||||
def up
|
||||
add_concurrent_index :work_item_types,
|
||||
'TRIM(BOTH FROM LOWER(name)), (namespace_id IS NULL)',
|
||||
unique: true,
|
||||
name: INDEX_NAME,
|
||||
where: 'namespace_id IS NULL'
|
||||
end
|
||||
|
||||
def down
|
||||
remove_concurrent_index_by_name :work_item_types, INDEX_NAME
|
||||
end
|
||||
end
|
|
@ -0,0 +1 @@
|
|||
42d7864cdcec589b7de8bc3a872e2743496d81788a60ddcd213f049fda12474e
|
|
@ -26645,6 +26645,8 @@ CREATE UNIQUE INDEX idx_vulnerability_issue_links_on_vulnerability_id_and_issue_
|
|||
|
||||
CREATE UNIQUE INDEX idx_vulnerability_issue_links_on_vulnerability_id_and_link_type ON vulnerability_issue_links USING btree (vulnerability_id, link_type) WHERE (link_type = 2);
|
||||
|
||||
CREATE UNIQUE INDEX idx_work_item_types_on_namespace_id_and_name_null_namespace ON work_item_types USING btree (btrim(lower(name)), ((namespace_id IS NULL))) WHERE (namespace_id IS NULL);
|
||||
|
||||
CREATE INDEX index_abuse_reports_on_user_id ON abuse_reports USING btree (user_id);
|
||||
|
||||
CREATE INDEX index_agent_activity_events_on_agent_id_and_recorded_at_and_id ON agent_activity_events USING btree (agent_id, recorded_at, id);
|
||||
|
|
|
@ -24,6 +24,7 @@ The following lists the currently supported OSs and their possible EOL dates.
|
|||
| Debian 10 | GitLab CE / GitLab EE 12.2.0 | amd64, arm64 | 2024 | <https://wiki.debian.org/LTS> |
|
||||
| Debian 11 | GitLab CE / GitLab EE 14.6.0 | amd64, arm64 | 2026 | <https://wiki.debian.org/LTS> |
|
||||
| OpenSUSE 15.3 | GitLab CE / GitLab EE 14.5.0 | x86_64, aarch64 | Nov 2022 | <https://en.opensuse.org/Lifetime> |
|
||||
| RHEL 8 | GitLab CE / GitLab EE 12.8.1 | x86_64, arm64 | May 2024 | <https://access.redhat.com/support/policy/updates/errata/#Life_Cycle_Dates> |
|
||||
| SLES 12 | GitLab EE 9.0.0 | x86_64 | Oct 2027 | <https://www.suse.com/lifecycle/> |
|
||||
| Ubuntu 18.04 | GitLab CE / GitLab EE 10.7.0 | amd64 | April 2023 | <https://wiki.ubuntu.com/Releases> |
|
||||
| Ubuntu 20.04 | GitLab CE / GitLab EE 13.2.0 | amd64, arm64 | April 2025 | <https://wiki.ubuntu.com/Releases> |
|
||||
|
|
|
@ -453,6 +453,11 @@ curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" "https://git
|
|||
|
||||
Gets a list of all notes for a single epic. Epic notes are comments users can post to an epic.
|
||||
|
||||
NOTE:
|
||||
The epics notes API uses the epic ID instead of epic IID. If you use the epic's IID, GitLab returns either a 404
|
||||
error or notes for the wrong epic. It's different from the [issue notes API](#issues) and
|
||||
[merge requests notes API](#merge-requests).
|
||||
|
||||
```plaintext
|
||||
GET /groups/:id/epics/:epic_id/notes
|
||||
GET /groups/:id/epics/:epic_id/notes?sort=asc&order_by=updated_at
|
||||
|
|
|
@ -281,6 +281,7 @@ Continued reading:
|
|||
- [Flows](flows.md)
|
||||
- [RSpec metadata/tags](rspec_metadata_tests.md)
|
||||
- [Execution context selection](execution_context_selection.md)
|
||||
- [Troubleshooting](troubleshooting.md)
|
||||
|
||||
## Where can I ask for help?
|
||||
|
||||
|
|
|
@ -0,0 +1,69 @@
|
|||
---
|
||||
stage: none
|
||||
group: unassigned
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Troubleshooting end-to-end tests
|
||||
|
||||
## See what the browser is doing
|
||||
|
||||
If end-to-end tests fail, it can be very helpful to see what is happening in your
|
||||
browser when it fails. For example, if tests don't run at all, the test framework
|
||||
might be trying to open a URL that isn't valid on your machine. This problem becomes
|
||||
clearer if you see the page fail in the browser.
|
||||
|
||||
To make the test framework show the browser as it runs the tests,
|
||||
set `WEBDRIVER_HEADLESS=false`. For example:
|
||||
|
||||
```shell
|
||||
cd gitlab/qa
|
||||
WEBDRIVER_HEADLESS=false bundle exec bin/qa Test::Instance::All http://localhost:3000
|
||||
```
|
||||
|
||||
## Enable logging
|
||||
|
||||
Sometimes a test might fail and the failure stack trace doesn't provide enough
|
||||
information to determine what went wrong. You can get more information by enabling
|
||||
debug logs by setting `QA_DEBUG=true`, to see what the test framework is attempting.
|
||||
For example:
|
||||
|
||||
```shell
|
||||
cd gitlab/qa
|
||||
QA_DEBUG=true bundle exec bin/qa Test::Instance::All http://localhost:3000
|
||||
```
|
||||
|
||||
The test framework then outputs many logs showing the actions taken during
|
||||
the tests:
|
||||
|
||||
```plaintext
|
||||
[date=2022-03-31 23:19:47 from=QA Tests] INFO -- Starting test: Create Merge request creation from fork can merge feature branch fork to mainline
|
||||
[date=2022-03-31 23:19:49 from=QA Tests] DEBUG -- has_element? :login_page (wait: 0) returned: true
|
||||
[date=2022-03-31 23:19:52 from=QA Tests] DEBUG -- filling :login_field with "root"
|
||||
[date=2022-03-31 23:19:52 from=QA Tests] DEBUG -- filling :password_field with "*****"
|
||||
[date=2022-03-31 23:19:52 from=QA Tests] DEBUG -- clicking :sign_in_button
|
||||
```
|
||||
|
||||
## Tests don't run at all
|
||||
|
||||
This section assumes you're running the tests locally (such as the GDK) and you're doing
|
||||
so from the `gitlab/qa/` folder, not from `gitlab-qa`. For example, if you receive a
|
||||
`Net::ReadTimeout` error, the browser might be unable to load the specified URL:
|
||||
|
||||
```shell
|
||||
cd gitlab/qa
|
||||
bundle exec bin/qa Test::Instance::All http://localhost:3000
|
||||
|
||||
bundler: failed to load command: bin/qa (bin/qa)
|
||||
Net::ReadTimeout: Net::ReadTimeout with #<TCPSocket:(closed)>
|
||||
```
|
||||
|
||||
This error can happen if GitLab runs on an address that does not resolve from
|
||||
`localhost`. For example, if you set GDK's `hostname`
|
||||
[to a specific local IP address](https://gitlab.com/gitlab-org/gitlab-qa/-/blob/master/docs/run_qa_against_gdk.md#run-qa-tests-against-your-gdk-setup),
|
||||
you must use that IP address instead of `localhost` in the command.
|
||||
For example, if your IP is `192.168.0.12`:
|
||||
|
||||
```shell
|
||||
bundle exec bin/qa Test::Instance::All http://192.168.0.12:3000
|
||||
```
|
|
@ -1080,6 +1080,12 @@ If `ElasticCommitIndexerWorker` Sidekiq workers are failing with this error duri
|
|||
- To decrease the indexing throughput you can decrease `Bulk request concurrency` (see [Advanced Search settings](#advanced-search-configuration)). This is set to `10` by default, but you change it to as low as 1 to reduce the number of concurrent indexing operations.
|
||||
- If changing `Bulk request concurrency` didn't help, you can use the [queue selector](../administration/operations/extra_sidekiq_processes.md#queue-selector) option to [limit indexing jobs only to specific Sidekiq nodes](#index-large-instances-with-dedicated-sidekiq-nodes-or-processes), which should reduce the number of indexing requests.
|
||||
|
||||
### Indexing is very slow or fails with `rejected execution of coordinating operation` messages
|
||||
|
||||
Bulk requests are getting rejected by the Elasticsearch node(s) likely due to load and lack of available memory.
|
||||
Ensure that your Elasticsearch cluster meets the [system requirements](#system-requirements) and has enough resources
|
||||
to perform bulk operations. See also the error ["429 (Too Many Requests)"](#indexing-fails-with-error-elastic-error-429-too-many-requests).
|
||||
|
||||
### Access requirements for the self-managed AWS OpenSearch Service
|
||||
|
||||
To use the self-managed AWS OpenSearch Service with GitLab, configure your instance's domain access policies
|
||||
|
|
|
@ -186,7 +186,7 @@ The `CS_DISABLE_LANGUAGE_VULNERABILITY_SCAN` CI/CD variable controls whether the
|
|||
findings related to programming languages. The languages supported depend on the
|
||||
[scanner used](#change-scanners):
|
||||
|
||||
- [Trivy](https://aquasecurity.github.io/trivy/latest/vulnerability/detection/language/).
|
||||
- [Trivy](https://aquasecurity.github.io/trivy/latest/docs/vulnerability/detection/language/).
|
||||
- [Grype](https://github.com/anchore/grype#features).
|
||||
|
||||
By default, the report only includes packages managed by the Operating System (OS) package manager
|
||||
|
@ -237,7 +237,7 @@ You can [configure](#customizing-the-container-scanning-settings) analyzers by u
|
|||
Support depends on the scanner:
|
||||
|
||||
- [Grype](https://github.com/anchore/grype#grype)
|
||||
- [Trivy](https://aquasecurity.github.io/trivy/latest/vulnerability/detection/os/) (Default).
|
||||
- [Trivy](https://aquasecurity.github.io/trivy/latest/docs/vulnerability/detection/os/) (Default).
|
||||
|
||||
#### FIPS-enabled images
|
||||
|
||||
|
@ -761,7 +761,7 @@ The images include the latest advisory database available for their respective s
|
|||
scanner includes data from multiple sources:
|
||||
|
||||
- [Grype](https://github.com/anchore/grype#grypes-database).
|
||||
- [Trivy](https://aquasecurity.github.io/trivy/latest/vulnerability/detection/data-source/).
|
||||
- [Trivy](https://aquasecurity.github.io/trivy/latest/docs/vulnerability/detection/data-source/).
|
||||
|
||||
Database update information for other analyzers is available in the
|
||||
[maintenance table](../index.md#vulnerability-scanner-maintenance).
|
||||
|
|
|
@ -626,13 +626,18 @@ Use your own URLs to complete the following steps:
|
|||
docker pull gitlab.example.com/org/build/sample_project/cr:v2.9.1
|
||||
```
|
||||
|
||||
NOTE:
|
||||
For container registry authentication, use either a
|
||||
[personal access token](../../profile/personal_access_tokens.md) or a
|
||||
[deploy token](../../project/deploy_tokens/index.md).
|
||||
|
||||
1. Rename the images to match the new project name:
|
||||
|
||||
```shell
|
||||
docker tag gitlab.example.com/org/build/sample_project/cr:v2.9.1 gitlab.example.com/new_org/build/new_sample_project/cr:v2.9.1
|
||||
```
|
||||
|
||||
1. Delete the images in both projects by using the [UI](#delete-images) or [API](../../../api/packages.md#delete-a-project-package).
|
||||
1. Delete the images in the old project by using the [UI](#delete-images) or [API](../../../api/packages.md#delete-a-project-package).
|
||||
There may be a delay while the images are queued and deleted.
|
||||
1. Change the path or transfer the project by going to **Settings > General**
|
||||
and expanding **Advanced**.
|
||||
|
|
|
@ -54,7 +54,7 @@ External status checks have the following states:
|
|||
|
||||
Support for adding a `failed` state is tracked [in this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/338827).
|
||||
|
||||
If something changes outside of GitLab, you can manually [set the status external status check](../../../api/status_checks.md#set-status-of-an-external-status-check)
|
||||
If something changes outside of GitLab, you can [set the status of an external status check](../../../api/status_checks.md#set-status-of-an-external-status-check)
|
||||
using the API. You don't need to wait for a merge request webhook payload to be sent first.
|
||||
|
||||
## View the status checks on a project
|
||||
|
|
|
@ -54,6 +54,7 @@ module API
|
|||
|
||||
resource do
|
||||
before do
|
||||
read_only_feature_flag_enabled?
|
||||
authorize! :admin_secure_files, user_project
|
||||
end
|
||||
|
||||
|
@ -97,6 +98,10 @@ module API
|
|||
def feature_flag_enabled?
|
||||
service_unavailable! unless Feature.enabled?(:ci_secure_files, user_project, default_enabled: :yaml)
|
||||
end
|
||||
|
||||
def read_only_feature_flag_enabled?
|
||||
service_unavailable! if Feature.enabled?(:ci_secure_files_read_only, user_project, type: :ops, default_enabled: :yaml)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -6,6 +6,7 @@ RSpec.describe API::Ci::SecureFiles do
|
|||
before do
|
||||
stub_ci_secure_file_object_storage
|
||||
stub_feature_flags(ci_secure_files: true)
|
||||
stub_feature_flags(ci_secure_files_read_only: false)
|
||||
end
|
||||
|
||||
let_it_be(:maintainer) { create(:user) }
|
||||
|
@ -16,6 +17,13 @@ RSpec.describe API::Ci::SecureFiles do
|
|||
let_it_be(:project) { create(:project, creator_id: maintainer.id) }
|
||||
let_it_be(:secure_file) { create(:ci_secure_file, project: project) }
|
||||
|
||||
let(:file_params) do
|
||||
{
|
||||
file: fixture_file_upload('spec/fixtures/ci_secure_files/upload-keystore.jks'),
|
||||
name: 'upload-keystore.jks'
|
||||
}
|
||||
end
|
||||
|
||||
before_all do
|
||||
project.add_maintainer(maintainer)
|
||||
project.add_developer(developer)
|
||||
|
@ -40,6 +48,43 @@ RSpec.describe API::Ci::SecureFiles do
|
|||
end
|
||||
end
|
||||
|
||||
context 'ci_secure_files_read_only feature flag' do
|
||||
context 'when the flag is enabled' do
|
||||
before do
|
||||
stub_feature_flags(ci_secure_files_read_only: true)
|
||||
end
|
||||
|
||||
it 'returns a 503 when attempting to upload a file' do
|
||||
stub_feature_flags(ci_secure_files_read_only: true)
|
||||
|
||||
expect do
|
||||
post api("/projects/#{project.id}/secure_files", maintainer), params: file_params
|
||||
end.not_to change {project.secure_files.count}
|
||||
|
||||
expect(response).to have_gitlab_http_status(:service_unavailable)
|
||||
end
|
||||
|
||||
it 'returns a 200 when downloading a file' do
|
||||
stub_feature_flags(ci_secure_files_read_only: true)
|
||||
|
||||
get api("/projects/#{project.id}/secure_files", developer)
|
||||
|
||||
expect(response).to have_gitlab_http_status(:ok)
|
||||
expect(json_response).to be_a(Array)
|
||||
end
|
||||
end
|
||||
|
||||
context 'when the flag is disabled' do
|
||||
it 'returns a 201 when uploading a file when the ci_secure_files_read_only feature flag is disabled' do
|
||||
expect do
|
||||
post api("/projects/#{project.id}/secure_files", maintainer), params: file_params
|
||||
end.to change {project.secure_files.count}.by(1)
|
||||
|
||||
expect(response).to have_gitlab_http_status(:created)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context 'authenticated user with admin permissions' do
|
||||
it 'returns project secure files' do
|
||||
get api("/projects/#{project.id}/secure_files", maintainer)
|
||||
|
@ -204,14 +249,8 @@ RSpec.describe API::Ci::SecureFiles do
|
|||
describe 'POST /projects/:id/secure_files' do
|
||||
context 'authenticated user with admin permissions' do
|
||||
it 'creates a secure file' do
|
||||
params = {
|
||||
file: fixture_file_upload('spec/fixtures/ci_secure_files/upload-keystore.jks'),
|
||||
name: 'upload-keystore.jks',
|
||||
permissions: 'execute'
|
||||
}
|
||||
|
||||
expect do
|
||||
post api("/projects/#{project.id}/secure_files", maintainer), params: params
|
||||
post api("/projects/#{project.id}/secure_files", maintainer), params: file_params.merge(permissions: 'execute')
|
||||
end.to change {project.secure_files.count}.by(1)
|
||||
|
||||
expect(response).to have_gitlab_http_status(:created)
|
||||
|
@ -229,26 +268,15 @@ RSpec.describe API::Ci::SecureFiles do
|
|||
end
|
||||
|
||||
it 'creates a secure file with read_only permissions by default' do
|
||||
params = {
|
||||
file: fixture_file_upload('spec/fixtures/ci_secure_files/upload-keystore.jks'),
|
||||
name: 'upload-keystore.jks'
|
||||
}
|
||||
|
||||
expect do
|
||||
post api("/projects/#{project.id}/secure_files", maintainer), params: params
|
||||
post api("/projects/#{project.id}/secure_files", maintainer), params: file_params
|
||||
end.to change {project.secure_files.count}.by(1)
|
||||
|
||||
expect(json_response['permissions']).to eq('read_only')
|
||||
end
|
||||
|
||||
it 'uploads and downloads a secure file' do
|
||||
post_params = {
|
||||
file: fixture_file_upload('spec/fixtures/ci_secure_files/upload-keystore.jks'),
|
||||
name: 'upload-keystore.jks',
|
||||
permissions: 'read_write'
|
||||
}
|
||||
|
||||
post api("/projects/#{project.id}/secure_files", maintainer), params: post_params
|
||||
post api("/projects/#{project.id}/secure_files", maintainer), params: file_params
|
||||
|
||||
secure_file_id = json_response['id']
|
||||
|
||||
|
@ -268,12 +296,8 @@ RSpec.describe API::Ci::SecureFiles do
|
|||
end
|
||||
|
||||
it 'returns an error when no file is uploaded' do
|
||||
post_params = {
|
||||
name: 'upload-keystore.jks'
|
||||
}
|
||||
|
||||
expect do
|
||||
post api("/projects/#{project.id}/secure_files", maintainer), params: post_params
|
||||
post api("/projects/#{project.id}/secure_files", maintainer), params: { name: 'upload-keystore.jks' }
|
||||
end.not_to change { project.secure_files.count }
|
||||
|
||||
expect(response).to have_gitlab_http_status(:bad_request)
|
||||
|
@ -281,12 +305,8 @@ RSpec.describe API::Ci::SecureFiles do
|
|||
end
|
||||
|
||||
it 'returns an error when the file name is missing' do
|
||||
post_params = {
|
||||
file: fixture_file_upload('spec/fixtures/ci_secure_files/upload-keystore.jks')
|
||||
}
|
||||
|
||||
expect do
|
||||
post api("/projects/#{project.id}/secure_files", maintainer), params: post_params
|
||||
post api("/projects/#{project.id}/secure_files", maintainer), params: { file: fixture_file_upload('spec/fixtures/ci_secure_files/upload-keystore.jks') }
|
||||
end.not_to change { project.secure_files.count }
|
||||
|
||||
expect(response).to have_gitlab_http_status(:bad_request)
|
||||
|
@ -308,14 +328,8 @@ RSpec.describe API::Ci::SecureFiles do
|
|||
end
|
||||
|
||||
it 'returns an error when an unexpected permission is supplied' do
|
||||
post_params = {
|
||||
file: fixture_file_upload('spec/fixtures/ci_secure_files/upload-keystore.jks'),
|
||||
name: 'upload-keystore.jks',
|
||||
permissions: 'foo'
|
||||
}
|
||||
|
||||
expect do
|
||||
post api("/projects/#{project.id}/secure_files", maintainer), params: post_params
|
||||
post api("/projects/#{project.id}/secure_files", maintainer), params: file_params.merge(permissions: 'foo')
|
||||
end.not_to change { project.secure_files.count }
|
||||
|
||||
expect(response).to have_gitlab_http_status(:bad_request)
|
||||
|
@ -329,13 +343,8 @@ RSpec.describe API::Ci::SecureFiles do
|
|||
allow(instance).to receive_message_chain(:errors, :messages).and_return(['Error 1', 'Error 2'])
|
||||
end
|
||||
|
||||
post_params = {
|
||||
file: fixture_file_upload('spec/fixtures/ci_secure_files/upload-keystore.jks'),
|
||||
name: 'upload-keystore.jks'
|
||||
}
|
||||
|
||||
expect do
|
||||
post api("/projects/#{project.id}/secure_files", maintainer), params: post_params
|
||||
post api("/projects/#{project.id}/secure_files", maintainer), params: file_params
|
||||
end.not_to change { project.secure_files.count }
|
||||
|
||||
expect(response).to have_gitlab_http_status(:bad_request)
|
||||
|
@ -346,13 +355,8 @@ RSpec.describe API::Ci::SecureFiles do
|
|||
allow(instance).to receive_message_chain(:file, :size).and_return(6.megabytes.to_i)
|
||||
end
|
||||
|
||||
post_params = {
|
||||
file: fixture_file_upload('spec/fixtures/ci_secure_files/upload-keystore.jks'),
|
||||
name: 'upload-keystore.jks'
|
||||
}
|
||||
|
||||
expect do
|
||||
post api("/projects/#{project.id}/secure_files", maintainer), params: post_params
|
||||
post api("/projects/#{project.id}/secure_files", maintainer), params: file_params
|
||||
end.not_to change { project.secure_files.count }
|
||||
|
||||
expect(response).to have_gitlab_http_status(:payload_too_large)
|
||||
|
|
Loading…
Reference in New Issue