diff --git a/app/models/ci/build_metadata.rb b/app/models/ci/build_metadata.rb
index 0df5ebfe843..c756a9b546a 100644
--- a/app/models/ci/build_metadata.rb
+++ b/app/models/ci/build_metadata.rb
@@ -83,3 +83,5 @@ module Ci
end
end
end
+
+Ci::BuildMetadata.prepend_if_ee('EE::Ci::BuildMetadata')
diff --git a/app/validators/json_schemas/build_metadata_secrets.json b/app/validators/json_schemas/build_metadata_secrets.json
new file mode 100644
index 00000000000..e745a266777
--- /dev/null
+++ b/app/validators/json_schemas/build_metadata_secrets.json
@@ -0,0 +1,30 @@
+{
+ "description": "CI builds metadata secrets",
+ "type": "object",
+ "patternProperties": {
+ ".*": {
+ "type": "object",
+ "patternProperties": {
+ "^vault$": {
+ "type": "object",
+ "required": ["path", "field", "engine"],
+ "properties": {
+ "path": { "type": "string" },
+ "field": { "type": "string" },
+ "engine": {
+ "type": "object",
+ "required": ["name", "path"],
+ "properties": {
+ "path": { "type": "string" },
+ "name": { "type": "string" }
+ },
+ "additionalProperties": false
+ }
+ },
+ "additionalProperties": false
+ }
+ },
+ "additionalProperties": false
+ }
+ }
+}
diff --git a/app/views/admin/users/show.html.haml b/app/views/admin/users/show.html.haml
index e76f1f6444c..c2ceb7e7cbb 100644
--- a/app/views/admin/users/show.html.haml
+++ b/app/views/admin/users/show.html.haml
@@ -86,34 +86,22 @@
%li
%span.light Current sign-in IP:
%strong
- - if @user.current_sign_in_ip # rubocop:disable Style/RedundantCondition
- = @user.current_sign_in_ip
- - else
- never
+ = @user.current_sign_in_ip || _('never')
%li
%span.light Current sign-in at:
%strong
- - if @user.current_sign_in_at
- = @user.current_sign_in_at.to_s(:medium)
- - else
- never
+ = @user.current_sign_in_at&.to_s(:medium) || _('never')
%li
%span.light Last sign-in IP:
%strong
- - if @user.last_sign_in_ip # rubocop:disable Style/RedundantCondition
- = @user.last_sign_in_ip
- - else
- never
+ = @user.last_sign_in_ip || _('never')
%li
%span.light Last sign-in at:
%strong
- - if @user.last_sign_in_at
- = @user.last_sign_in_at.to_s(:medium)
- - else
- never
+ = @user.last_sign_in_at&.to_s(:medium) || _('never')
%li
%span.light Sign-in count:
diff --git a/app/views/shared/_field.html.haml b/app/views/shared/_field.html.haml
index 2480014ea42..076c87400e0 100644
--- a/app/views/shared/_field.html.haml
+++ b/app/views/shared/_field.html.haml
@@ -22,7 +22,7 @@
- elsif type == 'checkbox'
= form.check_box name
- elsif type == 'select'
- = form.select name, options_for_select(choices, value ? value : default_choice), {}, { class: "form-control"} # rubocop:disable Style/RedundantCondition
+ = form.select name, options_for_select(choices, value || default_choice), {}, { class: "form-control"}
- elsif type == 'password'
= form.password_field name, autocomplete: "new-password", placeholder: placeholder, class: "form-control", required: value.blank? && required, data: { qa_selector: "#{name.downcase.gsub('\s', '')}_field" }
- if help
diff --git a/changelogs/unreleased/ci-secrets-persistence.yml b/changelogs/unreleased/ci-secrets-persistence.yml
new file mode 100644
index 00000000000..9105801c352
--- /dev/null
+++ b/changelogs/unreleased/ci-secrets-persistence.yml
@@ -0,0 +1,5 @@
+---
+title: Add ci_builds_metadata.secrets column
+merge_request: 34480
+author:
+type: added
diff --git a/db/migrate/20200604001128_add_secrets_to_ci_builds_metadata.rb b/db/migrate/20200604001128_add_secrets_to_ci_builds_metadata.rb
new file mode 100644
index 00000000000..9a67993cf5c
--- /dev/null
+++ b/db/migrate/20200604001128_add_secrets_to_ci_builds_metadata.rb
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+class AddSecretsToCiBuildsMetadata < ActiveRecord::Migration[6.0]
+ include Gitlab::Database::MigrationHelpers
+
+ DOWNTIME = false
+
+ def up
+ with_lock_retries do
+ add_column :ci_builds_metadata, :secrets, :jsonb, default: {}, null: false
+ end
+ end
+
+ def down
+ with_lock_retries do
+ remove_column :ci_builds_metadata, :secrets
+ end
+ end
+end
diff --git a/db/structure.sql b/db/structure.sql
index 42fcfe0ef9a..1be04406542 100644
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -1075,7 +1075,8 @@ CREATE TABLE public.ci_builds_metadata (
config_variables jsonb,
has_exposed_artifacts boolean,
environment_auto_stop_in character varying(255),
- expanded_environment_name character varying(255)
+ expanded_environment_name character varying(255),
+ secrets jsonb DEFAULT '{}'::jsonb NOT NULL
);
CREATE SEQUENCE public.ci_builds_metadata_id_seq
@@ -14047,6 +14048,7 @@ COPY "schema_migrations" (version) FROM STDIN;
20200602143020
20200603073101
20200603180338
+20200604001128
20200604143628
20200604145731
20200604174544
diff --git a/doc/administration/object_storage.md b/doc/administration/object_storage.md
index 1dea2de73f6..b6452fdad6f 100644
--- a/doc/administration/object_storage.md
+++ b/doc/administration/object_storage.md
@@ -163,7 +163,7 @@ configuration.
#### Encrypted S3 buckets
-> Introduced in [GitLab 13.1](https://gitlab.com/gitlab-org/gitlab-workhorse/-/merge_requests/466) only for instance profiles.
+> Introduced in [GitLab 13.1](https://gitlab.com/gitlab-org/gitlab-workhorse/-/merge_requests/466) for instance profiles only.
When configured to use an instance profile, GitLab Workhorse
will properly upload files to S3 buckets that have [SSE-S3 or SSE-KMS
@@ -185,44 +185,48 @@ that properly computes and sends the `Content-MD5` header to the server,
which eliminates the need for comparing ETag headers. If the data is
corrupted in transit, the S3 server will reject the file.
-#### IAM Permissions
+##### Disabling the feature
-To set up an instance profile, create an Amazon Identity Access and
-Management (IAM) role with the necessary permissions. The following
-example is a role for an S3 bucket named `test-bucket`:
+The Workhorse S3 client is enabled by default when the
+[`use_iam_profile` configuration option](#iam-permissions) is set to `true`.
-```json
-{
- "Version": "2012-10-17",
- "Statement": [
- {
- "Sid": "VisualEditor0",
- "Effect": "Allow",
- "Action": [
- "s3:PutObject",
- "s3:GetObject",
- "s3:AbortMultipartUpload",
- "s3:DeleteObject"
- ],
- "Resource": "arn:aws:s3:::test-bucket/*"
- }
- ]
-}
-```
-
-Associate this role with your GitLab instance, and then configure GitLab
-to use it via the `use_iam_profile` configuration option. For example,
-when configuring uploads to use object storage, see the `AWS IAM profiles`
-section in [S3 compatible connection settings](uploads.md#s3-compatible-connection-settings).
-
-#### Disabling the feature
-
-The Workhorse S3 client is only enabled when the `use_iam_profile`
-configuration flag is `true`.
-
-To disable this feature, ask a GitLab administrator with [Rails console access](feature_flags.md#how-to-enable-and-disable-features-behind-flags) to run the
+The feature can be disabled using the `:use_workhorse_s3_client` feature flag. To disable the
+feature, ask a GitLab administrator with
+[Rails console access](feature_flags.md#how-to-enable-and-disable-features-behind-flags) to run the
following command:
```ruby
Feature.disable(:use_workhorse_s3_client)
```
+
+#### IAM Permissions
+
+To set up an instance profile:
+
+1. Create an Amazon Identity Access and Management (IAM) role with the necessary permissions. The
+ following example is a role for an S3 bucket named `test-bucket`:
+
+ ```json
+ {
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Sid": "VisualEditor0",
+ "Effect": "Allow",
+ "Action": [
+ "s3:PutObject",
+ "s3:GetObject",
+ "s3:AbortMultipartUpload",
+ "s3:DeleteObject"
+ ],
+ "Resource": "arn:aws:s3:::test-bucket/*"
+ }
+ ]
+ }
+ ```
+
+1. [Attach this role](https://aws.amazon.com/premiumsupport/knowledge-center/attach-replace-ec2-instance-profile/)
+ to the EC2 instance hosting your GitLab instance.
+1. Configure GitLab to use it via the `use_iam_profile` configuration option. For example, when
+ configuring uploads to use object storage, see the `AWS IAM profiles` section in
+ [S3-compatible connection settings](uploads.md#s3-compatible-connection-settings).
diff --git a/doc/administration/uploads.md b/doc/administration/uploads.md
index 620f349912c..aa54ae9a046 100644
--- a/doc/administration/uploads.md
+++ b/doc/administration/uploads.md
@@ -70,7 +70,7 @@ For source installations the following settings are nested under `uploads:` and
| `proxy_download` | Set to true to enable proxying all files served. Option allows to reduce egress traffic as this allows clients to download directly from remote storage instead of proxying all data | `false` |
| `connection` | Various connection options described below | |
-### S3 compatible connection settings
+### S3-compatible connection settings
The connection settings match those provided by [Fog](https://github.com/fog), and are as follows:
diff --git a/doc/ci/cloud_deployment/index.md b/doc/ci/cloud_deployment/index.md
index 26eb99bd55a..29ce8bdf625 100644
--- a/doc/ci/cloud_deployment/index.md
+++ b/doc/ci/cloud_deployment/index.md
@@ -15,7 +15,7 @@ cloud provider more easily.
## AWS
-GitLab provides Docker images to simplify working with AWS, and a template to make
+GitLab provides Docker images that you can use to [run AWS commands from GitLab CI/CD](#run-aws-commands-from-gitlab-cicd), and a template to make
it easier to [deploy to AWS](#deploy-your-application-to-the-aws-elastic-container-service-ecs).
### Run AWS commands from GitLab CI/CD
@@ -87,6 +87,11 @@ GitLab provides a series of [CI templates that you can include in your project](
To automate deployments of your application to your [Amazon Elastic Container Service](https://aws.amazon.com/ecs/) (AWS ECS)
cluster, you can `include` the `Deploy-ECS.gitlab-ci.yml` template in your `.gitlab-ci.yml` file.
+GitLab also provides [Docker images](https://gitlab.com/gitlab-org/cloud-deploy/-/tree/master/aws) that can be used in your `gitlab-ci.yml` file to simplify working with AWS:
+
+- Use `registry.gitlab.com/gitlab-org/cloud-deploy/aws-base:latest` to use AWS CLI commands.
+- Use `registry.gitlab.com/gitlab-org/cloud-deploy/aws-ecs:latest` to deploy your application to AWS ECS.
+
Before getting started with this process, you need a cluster on AWS ECS, as well as related
components, like an ECS service, ECS task definition, a database on AWS RDS, etc.
[Read more about AWS ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/Welcome.html).
diff --git a/doc/ci/pipelines/pipeline_architectures.md b/doc/ci/pipelines/pipeline_architectures.md
index 9176444660d..ace765ddb41 100644
--- a/doc/ci/pipelines/pipeline_architectures.md
+++ b/doc/ci/pipelines/pipeline_architectures.md
@@ -133,28 +133,28 @@ build_b:
test_a:
stage: test
- needs: build_a
+ needs: [build_a]
script:
- echo "This test job will start as soon as build_a finishes."
- echo "It will not wait for build_b, or other jobs in the build stage, to finish."
test_b:
stage: test
- needs: build_b
+ needs: [build_b]
script:
- echo "This test job will start as soon as build_b finishes."
- echo "It will not wait for other jobs in the build stage to finish."
deploy_a:
stage: deploy
- needs: test_a
+ needs: [test_a]
script:
- echo "Since build_a and test_a run quickly, this deploy job can run much earlier."
- echo "It does not need to wait for build_b or test_b."
deploy_b:
stage: deploy
- needs: test_b
+ needs: [test_b]
script:
- echo "Since build_b and test_b run slowly, this deploy job will run much later."
```
@@ -228,13 +228,13 @@ build_a:
test_a:
stage: test
- needs: build_a
+ needs: [build_a]
script:
- echo "This job tests something."
deploy_a:
stage: deploy
- needs: test_a
+ needs: [test_a]
script:
- echo "This job deploys something."
```
@@ -257,13 +257,13 @@ build_b:
test_b:
stage: test
- needs: build_b
+ needs: [build_b]
script:
- echo "This job tests something else."
deploy_b:
stage: deploy
- needs: test_b
+ needs: [test_b]
script:
- echo "This job deploys something else."
```
diff --git a/doc/ci/runners/README.md b/doc/ci/runners/README.md
index 86fabd5d54f..9466e394a0e 100644
--- a/doc/ci/runners/README.md
+++ b/doc/ci/runners/README.md
@@ -38,9 +38,14 @@ multiple projects.
If you are using a self-managed instance of GitLab, your administrator can create
shared Runners and configure them to use the
[executor](https://docs.gitlab.com/runner/executors/README.html) you want.
+The administrator can also configure a maximum number of Shared Runner [pipeline minutes for
+each group](../../user/admin_area/settings/continuous_integration.md#shared-runners-pipeline-minutes-quota-starter-only).
If you are using GitLab.com, you can select from a list of
[shared Runners that GitLab maintains](../../user/gitlab_com/index.md#shared-runners).
+You can use Shared Runners for a limited number of
+[minutes](../../subscriptions/index.md#ci-pipeline-minutes) each month, based on
+your [GitLab.com tier](https://about.gitlab.com/pricing/).
#### How shared Runners pick jobs
diff --git a/doc/user/admin_area/settings/continuous_integration.md b/doc/user/admin_area/settings/continuous_integration.md
index ca459203246..48458887a41 100644
--- a/doc/user/admin_area/settings/continuous_integration.md
+++ b/doc/user/admin_area/settings/continuous_integration.md
@@ -18,7 +18,7 @@ To enable (or disable) [Auto DevOps](../../../topics/autodevops/index.md)
for all projects:
1. Go to **Admin Area > Settings > CI/CD**
-1. Check (or uncheck to disable) the box that says "Default to Auto DevOps pipeline for all projects"
+1. Check (or uncheck to disable) the box that says **Default to Auto DevOps pipeline for all projects**.
1. Optionally, set up the [Auto DevOps base domain](../../../topics/autodevops/index.md#auto-devops-base-domain)
which is going to be used for Auto Deploy and Auto Review Apps.
1. Hit **Save changes** for the changes to take effect.
@@ -48,19 +48,19 @@ To change it at the:
1. Go to **Admin Area > Settings > CI/CD**.
1. Change the value of maximum artifacts size (in MB).
- 1. Hit **Save changes** for the changes to take effect.
+ 1. Click **Save changes** for the changes to take effect.
- [Group level](../../group/index.md#group-settings) (this will override the instance setting):
1. Go to the group's **Settings > CI / CD > General Pipelines**.
1. Change the value of **maximum artifacts size (in MB)**.
- 1. Press **Save changes** for the changes to take effect.
+ 1. Click **Save changes** for the changes to take effect.
- [Project level](../../../ci/pipelines/settings.md) (this will override the instance and group settings):
1. Go to the project's **Settings > CI / CD > General Pipelines**.
1. Change the value of **maximum artifacts size (in MB)**.
- 1. Press **Save changes** for the changes to take effect.
+ 1. Click **Save changes** for the changes to take effect.
NOTE: **Note**
The setting at all levels is only available to GitLab administrators.
@@ -74,7 +74,7 @@ and the default value is `30 days`.
1. Go to **Admin Area > Settings > CI/CD**.
1. Change the value of default expiration time.
-1. Hit **Save changes** for the changes to take effect.
+1. Click **Save changes** for the changes to take effect.
This setting is set per job and can be overridden in
[`.gitlab-ci.yml`](../../../ci/yaml/README.md#artifactsexpire_in).
@@ -100,9 +100,10 @@ On GitLab.com, the quota is calculated based on your
To change the pipelines minutes quota:
-1. Go to **Admin Area > Settings > CI/CD**
-1. Set the pipeline minutes quota limit.
-1. Hit **Save changes** for the changes to take effect
+1. Go to **Admin Area > Settings > CI/CD**.
+1. Expand **Continuous Integration and Deployment**.
+1. In the **Pipeline minutes quota** box, enter the maximum number of minutes.
+1. Click **Save changes** for the changes to take effect.
---
@@ -111,8 +112,8 @@ also change each group's pipeline minutes quota to override the global value.
1. Navigate to the **Admin Area > Overview > Groups** and hit the **Edit**
button for the group you wish to change the pipeline minutes quota.
-1. Set the pipeline minutes quota to the desired value
-1. Hit **Save changes** for the changes to take effect.
+1. In the **Pipeline Minutes Quota** box, enter the maximum number of minutes.
+1. Click **Save changes** for the changes to take effect.
Once saved, you can see the build quota in the group admin view.
The quota can also be viewed in the project admin view if shared Runners
@@ -142,6 +143,8 @@ Once that time passes, the jobs will be archived and no longer able to be
retried. Make it empty to never expire jobs. It has to be no less than 1 day,
for example: 15 days, 1 month, 2 years.
+As of June 22, 2020 the [value is set](../../gitlab_com/index.md#gitlab-cicd) to 3 months on GitLab.com. Jobs created before that date will be archived after September 22, 2020.
+
## Default CI configuration path
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/18073) in GitLab 12.5.
diff --git a/doc/user/gitlab_com/index.md b/doc/user/gitlab_com/index.md
index 8c6dc48d924..38fda74edcf 100644
--- a/doc/user/gitlab_com/index.md
+++ b/doc/user/gitlab_com/index.md
@@ -83,6 +83,7 @@ Below are the current settings regarding [GitLab CI/CD](../../ci/README.md).
| [Max jobs in active pipelines](../../administration/instance_limits.md#number-of-jobs-in-active-pipelines) | `500` for Free tier, unlimited otherwise | Unlimited
| [Max pipeline schedules in projects](../../administration/instance_limits.md#number-of-pipeline-schedules) | `10` for Free tier, `50` for all paid tiers | Unlimited |
| [Max number of instance level variables](../../administration/instance_limits.md#number-of-instance-level-variables) | `25` | `25` |
+| [Scheduled Job Archival](../../user/admin_area/settings/continuous_integration.md#archive-jobs-core-only) | 3 months | Never |
## Repository size limit
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index b0f6ac23ed9..8fea777c0bf 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -27428,6 +27428,9 @@ msgstr ""
msgid "needs to be between 10 minutes and 1 month"
msgstr ""
+msgid "never"
+msgstr ""
+
msgid "never expires"
msgstr ""