kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2022-04-12 21:10:16 +00:00
parent e52d49e87e
commit 0e521d4280
16 changed files with 191 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitlab/issue_templates/Feature Flag Roll Out.md
View File

@ -65,6 +65,9 @@ _Consider adding links to check for Sentry errors, Production logs for 5xx, 302s
- [ ] `/chatops run feature set <feature-flag-name> true --dev`
- [ ] `/chatops run feature set <feature-flag-name> true --staging`
- [ ] Verify that the feature works as expected. Posting the QA result in this issue is preferable.
The best environment to validate the feature in is [staging-canary](https://about.gitlab.com/handbook/engineering/infrastructure/environments/#staging-canary)
as this is the first environment deployed to. Note you will need to make sure you are configured to use canary as outlined [here](https://about.gitlab.com/handbook/engineering/infrastructure/environments/canary-stage/)
when accessing the staging environment in order to make sure you are testing appropriately.
### Specific rollout on production

8
config/feature_flags/development/arkose_labs_prevent_login.yml Normal file
View File

@ -0,0 +1,8 @@
---
name: arkose_labs_prevent_login
introduced_by_url:
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/358838
milestone: '14.10'
type: development
group: group::antiabuse
default_enabled: false

8
config/feature_flags/ops/ci_secure_files_read_only.yml Normal file
View File

@ -0,0 +1,8 @@
---
name: ci_secure_files_read_only
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/84089
rollout_issue_url:
milestone: '14.10'
type: ops
group: group::incubation
default_enabled: false

19
db/migrate/20220408001450_add_work_item_type_name_unique_index_null_namespaces.rb Normal file
View File

@ -0,0 +1,19 @@
# frozen_string_literal: true
class AddWorkItemTypeNameUniqueIndexNullNamespaces < Gitlab::Database::Migration[1.0]
INDEX_NAME = :idx_work_item_types_on_namespace_id_and_name_null_namespace
disable_ddl_transaction!
def up
add_concurrent_index :work_item_types,
'TRIM(BOTH FROM LOWER(name)), (namespace_id IS NULL)',
unique: true,
name: INDEX_NAME,
where: 'namespace_id IS NULL'
end
def down
remove_concurrent_index_by_name :work_item_types, INDEX_NAME
end
end

1
db/schema_migrations/20220408001450 Normal file
View File

@ -0,0 +1 @@
42d7864cdcec589b7de8bc3a872e2743496d81788a60ddcd213f049fda12474e

2
db/structure.sql
View File

@ -26645,6 +26645,8 @@ CREATE UNIQUE INDEX idx_vulnerability_issue_links_on_vulnerability_id_and_issue_
CREATE UNIQUE INDEX idx_vulnerability_issue_links_on_vulnerability_id_and_link_type ON vulnerability_issue_links USING btree (vulnerability_id, link_type) WHERE (link_type = 2);
CREATE UNIQUE INDEX idx_work_item_types_on_namespace_id_and_name_null_namespace ON work_item_types USING btree (btrim(lower(name)), ((namespace_id IS NULL))) WHERE (namespace_id IS NULL);
CREATE INDEX index_abuse_reports_on_user_id ON abuse_reports USING btree (user_id);
CREATE INDEX index_agent_activity_events_on_agent_id_and_recorded_at_and_id ON agent_activity_events USING btree (agent_id, recorded_at, id);

1
doc/administration/package_information/supported_os.md
View File

@ -24,6 +24,7 @@ The following lists the currently supported OSs and their possible EOL dates.
| Debian 10 | GitLab CE / GitLab EE 12.2.0 | amd64, arm64 | 2024 | <https://wiki.debian.org/LTS> |
| Debian 11 | GitLab CE / GitLab EE 14.6.0 | amd64, arm64 | 2026 | <https://wiki.debian.org/LTS> |
| OpenSUSE 15.3 | GitLab CE / GitLab EE 14.5.0 | x86_64, aarch64 | Nov 2022 | <https://en.opensuse.org/Lifetime> |
| RHEL 8 | GitLab CE / GitLab EE 12.8.1 | x86_64, arm64 | May 2024 | <https://access.redhat.com/support/policy/updates/errata/#Life_Cycle_Dates> |
| SLES 12 | GitLab EE 9.0.0 | x86_64 | Oct 2027 | <https://www.suse.com/lifecycle/> |
| Ubuntu 18.04 | GitLab CE / GitLab EE 10.7.0 | amd64 | April 2023 | <https://wiki.ubuntu.com/Releases> |
| Ubuntu 20.04 | GitLab CE / GitLab EE 13.2.0 | amd64, arm64 | April 2025 | <https://wiki.ubuntu.com/Releases> |

5
doc/api/notes.md
View File

@ -453,6 +453,11 @@ curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" "https://git
Gets a list of all notes for a single epic. Epic notes are comments users can post to an epic.
NOTE:
The epics notes API uses the epic ID instead of epic IID. If you use the epic's IID, GitLab returns either a 404
error or notes for the wrong epic. It's different from the [issue notes API](#issues) and
[merge requests notes API](#merge-requests).
```plaintext
GET /groups/:id/epics/:epic_id/notes
GET /groups/:id/epics/:epic_id/notes?sort=asc&order_by=updated_at

1
doc/development/testing_guide/end_to_end/index.md
View File

@ -281,6 +281,7 @@ Continued reading:
- [Flows](flows.md)
- [RSpec metadata/tags](rspec_metadata_tests.md)
- [Execution context selection](execution_context_selection.md)
- [Troubleshooting](troubleshooting.md)
## Where can I ask for help?

69
doc/development/testing_guide/end_to_end/troubleshooting.md Normal file
View File

@ -0,0 +1,69 @@
---
stage: none
group: unassigned
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
---
# Troubleshooting end-to-end tests
## See what the browser is doing
If end-to-end tests fail, it can be very helpful to see what is happening in your
browser when it fails. For example, if tests don't run at all, the test framework
might be trying to open a URL that isn't valid on your machine. This problem becomes
clearer if you see the page fail in the browser.
To make the test framework show the browser as it runs the tests,
set `WEBDRIVER_HEADLESS=false`. For example:
```shell
cd gitlab/qa
WEBDRIVER_HEADLESS=false bundle exec bin/qa Test::Instance::All http://localhost:3000
```
## Enable logging
Sometimes a test might fail and the failure stack trace doesn't provide enough
information to determine what went wrong. You can get more information by enabling
debug logs by setting `QA_DEBUG=true`, to see what the test framework is attempting.
For example:
```shell
cd gitlab/qa
QA_DEBUG=true bundle exec bin/qa Test::Instance::All http://localhost:3000
```
The test framework then outputs many logs showing the actions taken during
the tests:
```plaintext
[date=2022-03-31 23:19:47 from=QA Tests] INFO -- Starting test: Create Merge request creation from fork can merge feature branch fork to mainline
[date=2022-03-31 23:19:49 from=QA Tests] DEBUG -- has_element? :login_page (wait: 0) returned: true
[date=2022-03-31 23:19:52 from=QA Tests] DEBUG -- filling :login_field with "root"
[date=2022-03-31 23:19:52 from=QA Tests] DEBUG -- filling :password_field with "*****"
[date=2022-03-31 23:19:52 from=QA Tests] DEBUG -- clicking :sign_in_button
```
## Tests don't run at all
This section assumes you're running the tests locally (such as the GDK) and you're doing
so from the `gitlab/qa/` folder, not from `gitlab-qa`. For example, if you receive a
`Net::ReadTimeout` error, the browser might be unable to load the specified URL:
```shell
cd gitlab/qa
bundle exec bin/qa Test::Instance::All http://localhost:3000
bundler: failed to load command: bin/qa (bin/qa)
Net::ReadTimeout: Net::ReadTimeout with #<TCPSocket:(closed)>
```
This error can happen if GitLab runs on an address that does not resolve from
`localhost`. For example, if you set GDK's `hostname`
[to a specific local IP address](https://gitlab.com/gitlab-org/gitlab-qa/-/blob/master/docs/run_qa_against_gdk.md#run-qa-tests-against-your-gdk-setup),
you must use that IP address instead of `localhost` in the command.
For example, if your IP is `192.168.0.12`:
```shell
bundle exec bin/qa Test::Instance::All http://192.168.0.12:3000
```

6
doc/integration/elasticsearch.md
View File

@ -1080,6 +1080,12 @@ If `ElasticCommitIndexerWorker` Sidekiq workers are failing with this error duri
- To decrease the indexing throughput you can decrease `Bulk request concurrency` (see [Advanced Search settings](#advanced-search-configuration)). This is set to `10` by default, but you change it to as low as 1 to reduce the number of concurrent indexing operations.
- If changing `Bulk request concurrency` didn't help, you can use the [queue selector](../administration/operations/extra_sidekiq_processes.md#queue-selector) option to [limit indexing jobs only to specific Sidekiq nodes](#index-large-instances-with-dedicated-sidekiq-nodes-or-processes), which should reduce the number of indexing requests.
### Indexing is very slow or fails with `rejected execution of coordinating operation` messages
Bulk requests are getting rejected by the Elasticsearch node(s) likely due to load and lack of available memory.
Ensure that your Elasticsearch cluster meets the [system requirements](#system-requirements) and has enough resources
to perform bulk operations. See also the error ["429 (Too Many Requests)"](#indexing-fails-with-error-elastic-error-429-too-many-requests).
### Access requirements for the self-managed AWS OpenSearch Service
To use the self-managed AWS OpenSearch Service with GitLab, configure your instance's domain access policies

6
doc/user/application_security/container_scanning/index.md
View File

@ -186,7 +186,7 @@ The `CS_DISABLE_LANGUAGE_VULNERABILITY_SCAN` CI/CD variable controls whether the
findings related to programming languages. The languages supported depend on the
[scanner used](#change-scanners):
- [Trivy](https://aquasecurity.github.io/trivy/latest/vulnerability/detection/language/).
- [Trivy](https://aquasecurity.github.io/trivy/latest/docs/vulnerability/detection/language/).
- [Grype](https://github.com/anchore/grype#features).
By default, the report only includes packages managed by the Operating System (OS) package manager
@ -237,7 +237,7 @@ You can [configure](#customizing-the-container-scanning-settings) analyzers by u
Support depends on the scanner:
- [Grype](https://github.com/anchore/grype#grype)
- [Trivy](https://aquasecurity.github.io/trivy/latest/vulnerability/detection/os/) (Default).
- [Trivy](https://aquasecurity.github.io/trivy/latest/docs/vulnerability/detection/os/) (Default).
#### FIPS-enabled images
@ -761,7 +761,7 @@ The images include the latest advisory database available for their respective s
scanner includes data from multiple sources:
- [Grype](https://github.com/anchore/grype#grypes-database).
- [Trivy](https://aquasecurity.github.io/trivy/latest/vulnerability/detection/data-source/).
- [Trivy](https://aquasecurity.github.io/trivy/latest/docs/vulnerability/detection/data-source/).
Database update information for other analyzers is available in the
[maintenance table](../index.md#vulnerability-scanner-maintenance).

7
doc/user/packages/container_registry/index.md
View File

@ -626,13 +626,18 @@ Use your own URLs to complete the following steps:
docker pull gitlab.example.com/org/build/sample_project/cr:v2.9.1
```
NOTE:
For container registry authentication, use either a
[personal access token](../../profile/personal_access_tokens.md) or a
[deploy token](../../project/deploy_tokens/index.md).
1. Rename the images to match the new project name:
```shell
docker tag gitlab.example.com/org/build/sample_project/cr:v2.9.1 gitlab.example.com/new_org/build/new_sample_project/cr:v2.9.1
```
1. Delete the images in both projects by using the [UI](#delete-images) or [API](../../../api/packages.md#delete-a-project-package).
1. Delete the images in the old project by using the [UI](#delete-images) or [API](../../../api/packages.md#delete-a-project-package).
There may be a delay while the images are queued and deleted.
1. Change the path or transfer the project by going to **Settings > General**
and expanding **Advanced**.

2
doc/user/project/merge_requests/status_checks.md
View File

@ -54,7 +54,7 @@ External status checks have the following states:
Support for adding a `failed` state is tracked [in this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/338827).
If something changes outside of GitLab, you can manually [set the status external status check](../../../api/status_checks.md#set-status-of-an-external-status-check)
If something changes outside of GitLab, you can [set the status of an external status check](../../../api/status_checks.md#set-status-of-an-external-status-check)
using the API. You don't need to wait for a merge request webhook payload to be sent first.
## View the status checks on a project

5
lib/api/ci/secure_files.rb
View File

@ -54,6 +54,7 @@ module API
resource do
before do
read_only_feature_flag_enabled?
authorize! :admin_secure_files, user_project
end
@ -97,6 +98,10 @@ module API
def feature_flag_enabled?
service_unavailable! unless Feature.enabled?(:ci_secure_files, user_project, default_enabled: :yaml)
end
def read_only_feature_flag_enabled?
service_unavailable! if Feature.enabled?(:ci_secure_files_read_only, user_project, type: :ops, default_enabled: :yaml)
end
end
end
end

102
spec/requests/api/ci/secure_files_spec.rb
View File

@ -6,6 +6,7 @@ RSpec.describe API::Ci::SecureFiles do
before do
stub_ci_secure_file_object_storage
stub_feature_flags(ci_secure_files: true)
stub_feature_flags(ci_secure_files_read_only: false)
end
let_it_be(:maintainer) { create(:user) }
@ -16,6 +17,13 @@ RSpec.describe API::Ci::SecureFiles do
let_it_be(:project) { create(:project, creator_id: maintainer.id) }
let_it_be(:secure_file) { create(:ci_secure_file, project: project) }
let(:file_params) do
{
file: fixture_file_upload('spec/fixtures/ci_secure_files/upload-keystore.jks'),
name: 'upload-keystore.jks'
}
end
before_all do
project.add_maintainer(maintainer)
project.add_developer(developer)
@ -40,6 +48,43 @@ RSpec.describe API::Ci::SecureFiles do
end
end
context 'ci_secure_files_read_only feature flag' do
context 'when the flag is enabled' do
before do
stub_feature_flags(ci_secure_files_read_only: true)
end
it 'returns a 503 when attempting to upload a file' do
stub_feature_flags(ci_secure_files_read_only: true)
expect do
post api("/projects/#{project.id}/secure_files", maintainer), params: file_params
end.not_to change {project.secure_files.count}
expect(response).to have_gitlab_http_status(:service_unavailable)
end
it 'returns a 200 when downloading a file' do
stub_feature_flags(ci_secure_files_read_only: true)
get api("/projects/#{project.id}/secure_files", developer)
expect(response).to have_gitlab_http_status(:ok)
expect(json_response).to be_a(Array)
end
end
context 'when the flag is disabled' do
it 'returns a 201 when uploading a file when the ci_secure_files_read_only feature flag is disabled' do
expect do
post api("/projects/#{project.id}/secure_files", maintainer), params: file_params
end.to change {project.secure_files.count}.by(1)
expect(response).to have_gitlab_http_status(:created)
end
end
end
context 'authenticated user with admin permissions' do
it 'returns project secure files' do
get api("/projects/#{project.id}/secure_files", maintainer)
@ -204,14 +249,8 @@ RSpec.describe API::Ci::SecureFiles do
describe 'POST /projects/:id/secure_files' do
context 'authenticated user with admin permissions' do
it 'creates a secure file' do
params = {
file: fixture_file_upload('spec/fixtures/ci_secure_files/upload-keystore.jks'),
name: 'upload-keystore.jks',
permissions: 'execute'
}
expect do
post api("/projects/#{project.id}/secure_files", maintainer), params: params
post api("/projects/#{project.id}/secure_files", maintainer), params: file_params.merge(permissions: 'execute')
end.to change {project.secure_files.count}.by(1)
expect(response).to have_gitlab_http_status(:created)
@ -229,26 +268,15 @@ RSpec.describe API::Ci::SecureFiles do
end
it 'creates a secure file with read_only permissions by default' do
params = {
file: fixture_file_upload('spec/fixtures/ci_secure_files/upload-keystore.jks'),
name: 'upload-keystore.jks'
}
expect do
post api("/projects/#{project.id}/secure_files", maintainer), params: params
post api("/projects/#{project.id}/secure_files", maintainer), params: file_params
end.to change {project.secure_files.count}.by(1)
expect(json_response['permissions']).to eq('read_only')
end
it 'uploads and downloads a secure file' do
post_params = {
file: fixture_file_upload('spec/fixtures/ci_secure_files/upload-keystore.jks'),
name: 'upload-keystore.jks',
permissions: 'read_write'
}
post api("/projects/#{project.id}/secure_files", maintainer), params: post_params
post api("/projects/#{project.id}/secure_files", maintainer), params: file_params
secure_file_id = json_response['id']
@ -268,12 +296,8 @@ RSpec.describe API::Ci::SecureFiles do
end
it 'returns an error when no file is uploaded' do
post_params = {
name: 'upload-keystore.jks'
}
expect do
post api("/projects/#{project.id}/secure_files", maintainer), params: post_params
post api("/projects/#{project.id}/secure_files", maintainer), params: { name: 'upload-keystore.jks' }
end.not_to change { project.secure_files.count }
expect(response).to have_gitlab_http_status(:bad_request)
@ -281,12 +305,8 @@ RSpec.describe API::Ci::SecureFiles do
end
it 'returns an error when the file name is missing' do
post_params = {
file: fixture_file_upload('spec/fixtures/ci_secure_files/upload-keystore.jks')
}
expect do
post api("/projects/#{project.id}/secure_files", maintainer), params: post_params
post api("/projects/#{project.id}/secure_files", maintainer), params: { file: fixture_file_upload('spec/fixtures/ci_secure_files/upload-keystore.jks') }
end.not_to change { project.secure_files.count }
expect(response).to have_gitlab_http_status(:bad_request)
@ -308,14 +328,8 @@ RSpec.describe API::Ci::SecureFiles do
end
it 'returns an error when an unexpected permission is supplied' do
post_params = {
file: fixture_file_upload('spec/fixtures/ci_secure_files/upload-keystore.jks'),
name: 'upload-keystore.jks',
permissions: 'foo'
}
expect do
post api("/projects/#{project.id}/secure_files", maintainer), params: post_params
post api("/projects/#{project.id}/secure_files", maintainer), params: file_params.merge(permissions: 'foo')
end.not_to change { project.secure_files.count }
expect(response).to have_gitlab_http_status(:bad_request)
@ -329,13 +343,8 @@ RSpec.describe API::Ci::SecureFiles do
allow(instance).to receive_message_chain(:errors, :messages).and_return(['Error 1', 'Error 2'])
end
post_params = {
file: fixture_file_upload('spec/fixtures/ci_secure_files/upload-keystore.jks'),
name: 'upload-keystore.jks'
}
expect do
post api("/projects/#{project.id}/secure_files", maintainer), params: post_params
post api("/projects/#{project.id}/secure_files", maintainer), params: file_params
end.not_to change { project.secure_files.count }
expect(response).to have_gitlab_http_status(:bad_request)
@ -346,13 +355,8 @@ RSpec.describe API::Ci::SecureFiles do
allow(instance).to receive_message_chain(:file, :size).and_return(6.megabytes.to_i)
end
post_params = {
file: fixture_file_upload('spec/fixtures/ci_secure_files/upload-keystore.jks'),
name: 'upload-keystore.jks'
}
expect do
post api("/projects/#{project.id}/secure_files", maintainer), params: post_params
post api("/projects/#{project.id}/secure_files", maintainer), params: file_params
end.not_to change { project.secure_files.count }
expect(response).to have_gitlab_http_status(:payload_too_large)