Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2021-11-30 21:10:33 +00:00
parent 99f37f7ebd
commit 16d8ebae46
19 changed files with 75 additions and 148 deletions

View file

@ -11,7 +11,7 @@ module SourcegraphDecorator
next unless Gitlab::CurrentSettings.sourcegraph_enabled
default_connect_src = p.directives['connect-src'] || p.directives['default-src']
connect_src_values = Array.wrap(default_connect_src) | [Gitlab::CurrentSettings.sourcegraph_url]
connect_src_values = Array.wrap(default_connect_src) | [Gitlab::Utils.append_path(Gitlab::CurrentSettings.sourcegraph_url, '.api/')]
p.connect_src(*connect_src_values)
end
end

View file

@ -7,7 +7,6 @@ module Ci
self.limit_name = 'ci_registered_group_runners'
self.limit_scope = :group
self.limit_relation = :recent_runners
self.limit_feature_flag_for_override = :ci_runner_limits_override
belongs_to :runner, inverse_of: :runner_namespaces
belongs_to :namespace, inverse_of: :runner_namespaces, class_name: '::Namespace'

View file

@ -7,7 +7,6 @@ module Ci
self.limit_name = 'ci_registered_project_runners'
self.limit_scope = :project
self.limit_relation = :recent_runners
self.limit_feature_flag_for_override = :ci_runner_limits_override
belongs_to :runner, inverse_of: :runner_projects
belongs_to :project, inverse_of: :runner_projects

View file

@ -1,8 +1,8 @@
---
name: ci_runner_limits_override
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/67152
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/337224
milestone: '14.2'
name: linear_groups_template_finder_extended_group_search_ancestors_scopes
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/74599
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/345786
milestone: '14.6'
type: development
group: group::runner
group: group::access
default_enabled: false

View file

@ -551,8 +551,8 @@ Plan.default.actual_limits.update!(pages_file_entries: 100)
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/321368) in GitLab 13.12. Disabled by default.
> - Enabled on GitLab.com in GitLab 14.3.
> - Enabled on self-managed in GitLab 14.4.
> - Feature flag `ci_runner_limits` removed in GitLab 14.4. You can still use `ci_runner_limits_override`
to remove limits for a given scope.
> - Feature flag `ci_runner_limits` removed in GitLab 14.4.
> - Feature flag `ci_runner_limits_override` removed in GitLab 14.6.
The total number of registered runners is limited at the group and project levels. Each time a new runner is registered,
GitLab checks these limits against runners that have been active in the last 3 months.

View file

@ -47,7 +47,7 @@ Capitalize these words when you refer to the UI. Otherwise use lowercase.
Use **administrator** instead of **admin** when talking about a user's access level.
Use lowercase unless you are referring to the **Admin** access level you select in the UI.
To view the administrator access type, in the GitLab UI, go to the Admin Area and select
To view the administrator access level, in the GitLab UI, go to the Admin Area and select
**Users**. Then select **New user**.
![admin access level](img/admin_access_level.png)

View file

@ -8,40 +8,24 @@ info: To determine the technical writer assigned to the Stage/Group associated w
> Introduced in GitLab Ultimate 11.2, more statistics.
This guide describes Service Ping's purpose and how it's implemented.
For more information about Product Intelligence, see:
- [Product Intelligence Guide](https://about.gitlab.com/handbook/product/product-intelligence-guide/)
- [Snowplow Guide](../snowplow/index.md)
More links:
- [Product Intelligence Direction](https://about.gitlab.com/direction/product-intelligence/)
- [Data Analysis Process](https://about.gitlab.com/handbook/business-technology/data-team/#data-analysis-process/)
- [Data for Product Managers](https://about.gitlab.com/handbook/business-technology/data-team/programs/data-for-product-managers/)
- [Data Infrastructure](https://about.gitlab.com/handbook/business-technology/data-team/platform/infrastructure/)
## What is Service Ping?
Service Ping is a process in GitLab that collects and sends a weekly payload to GitLab Inc.
Service Ping is a GitLab process that collects and sends a weekly payload to GitLab.
The payload provides important high-level data that helps our product, support,
and sales teams understand how GitLab is used. For example, the data helps to:
and sales teams understand how GitLab is used. The data helps to:
- Compare counts month over month (or week over week) to get a rough sense for how an instance uses
different product features.
- Collect other facts that help us classify and understand GitLab installations.
- Calculate our Stage Monthly Active Users (SMAU), which helps to measure the success of our stages
- Calculate our stage monthly active users (SMAU), which helps to measure the success of our stages
and features.
Service Ping information is not anonymous. It's linked to the instance's hostname. However, it does
Service Ping information is not anonymous. It's linked to the instance's hostname, but does
not contain project names, usernames, or any other specific data.
Sending a Service Ping payload is optional and can be [disabled](#disable-service-ping) on any self-managed instance.
When Service Ping is enabled, GitLab gathers data from the other instances
Sending a Service Ping payload is optional and you can [disable](#disable-service-ping) it on any
self-managed instance. When Service Ping is enabled, GitLab gathers data from the other instances
and can show your instance's usage statistics to your users.
### Terminology
## Service Ping terminology
We use the following terminology to describe the Service Ping components:
@ -53,12 +37,18 @@ We use the following terminology to describe the Service Ping components:
- **MAU**: monthly active users.
- **WAU**: weekly active users.
### Why should we enable Service Ping?
### Why enable Service Ping?
The main purpose of Service Ping is to build a better GitLab. We collect data about how GitLab is used
to understand feature or stage adoption and usage. This data gives an insight into how GitLab adds
value and helps our team understand the reasons why people use GitLab, and with this knowledge we're able to
make better product decisions.
There are several other benefits to enabling Service Ping:
- The main purpose of Service Ping is to build a better GitLab. Data about how GitLab is used is collected to better understand feature/stage adoption and usage, which helps us understand how GitLab is adding value and helps our team better understand the reasons why people use GitLab and with this knowledge we're able to make better product decisions.
- As a benefit of having Service Ping active, GitLab lets you analyze the users' activities over time of your GitLab installation.
- As a benefit of having Service Ping active, GitLab provides you with [DevOps Score](../../user/admin_area/analytics/dev_ops_report.md#devops-score), which gives you an overview of your entire instance's adoption of Concurrent DevOps from planning to monitoring.
- You get better, more proactive support. (assuming that our TAMs and support organization used the data to deliver more value)
- You get better, more proactive support (assuming that our TAMs and support organization used the data to deliver more value).
- You get insight and advice into how to get the most value out of your investment in GitLab. Wouldn't you want to know that a number of features or values are not being adopted in your organization?
- You get a report that illustrates how you compare against other similar organizations (anonymized), with specific advice and recommendations on how to improve your DevOps processes.
- Service Ping is enabled by default. To disable it, see [Disable Service Ping](#disable-service-ping).
@ -78,7 +68,7 @@ Because of these limitations we recommend you:
> Introduced in GitLab 14.1.
In GitLab versions 14.1 and later, free self-managed users running [GitLab EE](../ee_features.md) can receive paid features by registering with GitLab and sending us activity data through [Service Ping](#what-is-service-ping). Features introduced here do not remove the feature from its paid tier. Users can continue to access the features in a paid tier without sharing usage data.
In GitLab versions 14.1 and later, free self-managed users running [GitLab EE](../ee_features.md) can receive paid features by registering with GitLab and sending us activity data through Service Ping. Features introduced here do not remove the feature from its paid tier. Users can continue to access the features in a paid tier without sharing usage data.
#### Features available in 14.1 and later
@ -609,3 +599,12 @@ To work around this bug, you have two options:
1. Expand **Usage Statistics**.
1. Clear the **Enable Service Ping** checkbox.
1. Select **Save Changes**.
## Related topics
- [Product Intelligence Guide](https://about.gitlab.com/handbook/product/product-intelligence-guide/)
- [Snowplow Guide](../snowplow/index.md)
- [Product Intelligence Direction](https://about.gitlab.com/direction/product-intelligence/)
- [Data Analysis Process](https://about.gitlab.com/handbook/business-technology/data-team/#data-analysis-process/)
- [Data for Product Managers](https://about.gitlab.com/handbook/business-technology/data-team/programs/data-for-product-managers/)
- [Data Infrastructure](https://about.gitlab.com/handbook/business-technology/data-team/platform/infrastructure/)

View file

@ -17,6 +17,10 @@ Only [scoped](https://docs.npmjs.com/misc/scope/) packages are supported.
For documentation of the specific API endpoints that the npm package manager
client uses, see the [npm API documentation](../../../api/packages/npm.md).
WARNING:
Never hardcode GitLab tokens (or any tokens) directly in `.npmrc` files or any other files that can
be committed to a repository.
## Build an npm package
This section covers how to install npm or Yarn and build a package for your
@ -430,14 +434,16 @@ You can route package requests to organizations and users outside of GitLab.
To do this, add lines to your `.npmrc` file. Replace `my-org` with the namespace or group that owns your project's repository,
and use your organization's URL. The name is case-sensitive and must match the name of your group or namespace exactly.
Use environment variables to set up your tokens: `export MY_TOKEN="<your token>"`.
```shell
@foo:registry=https://gitlab.example.com/api/v4/packages/npm/
//gitlab.example.com/api/v4/packages/npm/:_authToken= "<your_token>"
//gitlab.example.com/api/v4/projects/<your_project_id>/packages/npm/:_authToken= "<your_token>"
//gitlab.example.com/api/v4/packages/npm/:_authToken=${MY_TOKEN}
//gitlab.example.com/api/v4/projects/<your_project_id>/packages/npm/:_authToken=${MY_TOKEN}
@my-other-org:registry=https://gitlab.example.com/api/v4/packages/npm/
//gitlab.example.com/api/v4/packages/npm/:_authToken= "<your_token>"
//gitlab.example.com/api/v4/projects/<your_project_id>/packages/npm/:_authToken= "<your_token>"
//gitlab.example.com/api/v4/packages/npm/:_authToken=${MY_TOKEN}
//gitlab.example.com/api/v4/projects/<your_project_id>/packages/npm/:_authToken=${MY_TOKEN}
```
### npm metadata

View file

@ -147,10 +147,7 @@ module Gitlab
# Using 'self' in the CSP introduces several CSP bypass opportunities
# for this reason we list the URLs where GitLab frames itself instead
def self.allow_framed_gitlab_paths(directives)
# We need the version without trailing / for the sidekiq page itself
# and we also need the version with trailing / for "deeper" pages
# like /admin/sidekiq/busy
['/admin/sidekiq', '/admin/sidekiq/', '/-/speedscope/index.html'].map do |path|
['/admin/', '/assets/', '/-/speedscope/index.html'].map do |path|
append_to_directive(directives, 'frame_src', Gitlab::Utils.append_path(Gitlab.config.gitlab.url, path))
end
end

View file

@ -12,7 +12,7 @@ RSpec.describe 'IDE Clientside Preview CSP' do
end
it_behaves_like 'setting CSP', 'frame-src' do
let(:whitelisted_url) { 'https://sandbox.gitlab-static.test' }
let(:allowlisted_url) { 'https://sandbox.gitlab-static.test' }
let(:extended_controller_class) { IdeController }
subject do
@ -23,7 +23,7 @@ RSpec.describe 'IDE Clientside Preview CSP' do
before do
stub_application_setting(web_ide_clientside_preview_enabled: true)
stub_application_setting(web_ide_clientside_preview_bundler_url: whitelisted_url)
stub_application_setting(web_ide_clientside_preview_bundler_url: allowlisted_url)
sign_in(user)
end

View file

@ -12,7 +12,7 @@ RSpec.describe 'Static Object External Storage Content Security Policy' do
end
it_behaves_like 'setting CSP', 'connect-src' do
let_it_be(:whitelisted_url) { 'https://static-objects.test' }
let_it_be(:allowlisted_url) { 'https://static-objects.test' }
let_it_be(:extended_controller_class) { IdeController }
subject do
@ -22,7 +22,7 @@ RSpec.describe 'Static Object External Storage Content Security Policy' do
end
before do
allow_any_instance_of(ApplicationSetting).to receive(:static_objects_external_storage_url).and_return(whitelisted_url)
allow_any_instance_of(ApplicationSetting).to receive(:static_objects_external_storage_url).and_return(allowlisted_url)
allow_any_instance_of(ApplicationSetting).to receive(:static_objects_external_storage_auth_token).and_return('letmein')
sign_in(user)

View file

@ -13,7 +13,8 @@ RSpec.describe 'Sourcegraph Content Security Policy' do
end
it_behaves_like 'setting CSP', 'connect-src' do
let_it_be(:whitelisted_url) { 'https://sourcegraph.test' }
let_it_be(:sourcegraph_url) { 'https://sourcegraph.test' }
let_it_be(:allowlisted_url) { "#{sourcegraph_url}/.api/" }
let_it_be(:extended_controller_class) { Projects::BlobController }
subject do
@ -23,7 +24,7 @@ RSpec.describe 'Sourcegraph Content Security Policy' do
end
before do
allow(Gitlab::CurrentSettings).to receive(:sourcegraph_url).and_return(whitelisted_url)
allow(Gitlab::CurrentSettings).to receive(:sourcegraph_url).and_return(sourcegraph_url)
allow(Gitlab::CurrentSettings).to receive(:sourcegraph_enabled).and_return(true)
sign_in(user)

View file

@ -3,7 +3,7 @@ import MockAdapter from 'axios-mock-adapter';
import { nextTick } from 'vue';
import Vuex from 'vuex';
import DiffContentComponent from '~/diffs/components/diff_content.vue';
import DiffContentComponent from 'jh_else_ce/diffs/components/diff_content.vue';
import DiffFileComponent from '~/diffs/components/diff_file.vue';
import DiffFileHeaderComponent from '~/diffs/components/diff_file_header.vue';

View file

@ -85,7 +85,7 @@ RSpec.describe Gitlab::ContentSecurityPolicy::ConfigLoader do
expect(directives['style_src']).to eq("'self' 'unsafe-inline' https://cdn.example.com")
expect(directives['font_src']).to eq("'self' https://cdn.example.com")
expect(directives['worker_src']).to eq('http://localhost/assets/ blob: data: https://cdn.example.com')
expect(directives['frame_src']).to eq(::Gitlab::ContentSecurityPolicy::Directives.frame_src + " https://cdn.example.com http://localhost/admin/sidekiq http://localhost/admin/sidekiq/ http://localhost/-/speedscope/index.html")
expect(directives['frame_src']).to eq(::Gitlab::ContentSecurityPolicy::Directives.frame_src + " https://cdn.example.com http://localhost/admin/ http://localhost/assets/ http://localhost/-/speedscope/index.html")
end
end
@ -113,7 +113,7 @@ RSpec.describe Gitlab::ContentSecurityPolicy::ConfigLoader do
end
it 'does not add CUSTOMER_PORTAL_URL to CSP' do
expect(directives['frame_src']).to eq(::Gitlab::ContentSecurityPolicy::Directives.frame_src + " http://localhost/admin/sidekiq http://localhost/admin/sidekiq/ http://localhost/-/speedscope/index.html")
expect(directives['frame_src']).to eq(::Gitlab::ContentSecurityPolicy::Directives.frame_src + " http://localhost/admin/ http://localhost/assets/ http://localhost/-/speedscope/index.html")
end
end
@ -123,7 +123,7 @@ RSpec.describe Gitlab::ContentSecurityPolicy::ConfigLoader do
end
it 'adds CUSTOMER_PORTAL_URL to CSP' do
expect(directives['frame_src']).to eq(::Gitlab::ContentSecurityPolicy::Directives.frame_src + " http://localhost/rails/letter_opener/ https://customers.example.com http://localhost/admin/sidekiq http://localhost/admin/sidekiq/ http://localhost/-/speedscope/index.html")
expect(directives['frame_src']).to eq(::Gitlab::ContentSecurityPolicy::Directives.frame_src + " http://localhost/rails/letter_opener/ https://customers.example.com http://localhost/admin/ http://localhost/assets/ http://localhost/-/speedscope/index.html")
end
end
end

View file

@ -4,12 +4,6 @@ require 'spec_helper'
RSpec.describe Ci::RunnerNamespace do
it_behaves_like 'includes Limitable concern' do
before do
skip_default_enabled_yaml_check
stub_feature_flags(ci_runner_limits_override: false)
end
subject { build(:ci_runner_namespace, group: create(:group, :nested), runner: create(:ci_runner, :group)) }
end
end

View file

@ -4,12 +4,6 @@ require 'spec_helper'
RSpec.describe Ci::RunnerProject do
it_behaves_like 'includes Limitable concern' do
before do
skip_default_enabled_yaml_check
stub_feature_flags(ci_runner_limits_override: false)
end
subject { build(:ci_runner_project, project: create(:project), runner: create(:ci_runner, :project)) }
end
end

View file

@ -98,14 +98,8 @@ RSpec.describe API::Ci::Runner, :clean_gitlab_redis_shared_state do
before do
create(:ci_runner, runner_type: :project_type, projects: [project], contacted_at: 1.second.ago)
create(:plan_limits, :default_plan, ci_registered_project_runners: 1)
skip_default_enabled_yaml_check
stub_feature_flags(ci_runner_limits_override: ci_runner_limits_override)
end
context 'with ci_runner_limits_override FF disabled' do
let(:ci_runner_limits_override) { false }
it 'does not create runner' do
request
@ -115,26 +109,10 @@ RSpec.describe API::Ci::Runner, :clean_gitlab_redis_shared_state do
end
end
context 'with ci_runner_limits_override FF enabled' do
let(:ci_runner_limits_override) { true }
it 'creates runner' do
request
expect(response).to have_gitlab_http_status(:created)
expect(json_response['message']).to be_nil
expect(project.runners.reload.size).to eq(2)
end
end
end
context 'when abandoned runners cause application limits to not be exceeded' do
before do
create(:ci_runner, runner_type: :project_type, projects: [project], created_at: 14.months.ago, contacted_at: 13.months.ago)
create(:plan_limits, :default_plan, ci_registered_project_runners: 1)
skip_default_enabled_yaml_check
stub_feature_flags(ci_runner_limits_override: false)
end
it 'creates runner' do
@ -204,14 +182,8 @@ RSpec.describe API::Ci::Runner, :clean_gitlab_redis_shared_state do
before do
create(:ci_runner, runner_type: :group_type, groups: [group], contacted_at: nil, created_at: 1.month.ago)
create(:plan_limits, :default_plan, ci_registered_group_runners: 1)
skip_default_enabled_yaml_check
stub_feature_flags(ci_runner_limits_override: ci_runner_limits_override)
end
context 'with ci_runner_limits_override FF disabled' do
let(:ci_runner_limits_override) { false }
it 'does not create runner' do
request
@ -221,27 +193,11 @@ RSpec.describe API::Ci::Runner, :clean_gitlab_redis_shared_state do
end
end
context 'with ci_runner_limits_override FF enabled' do
let(:ci_runner_limits_override) { true }
it 'creates runner' do
request
expect(response).to have_gitlab_http_status(:created)
expect(json_response['message']).to be_nil
expect(group.runners.reload.size).to eq(2)
end
end
end
context 'when abandoned runners cause application limits to not be exceeded' do
before do
create(:ci_runner, runner_type: :group_type, groups: [group], created_at: 4.months.ago, contacted_at: 3.months.ago)
create(:ci_runner, runner_type: :group_type, groups: [group], contacted_at: nil, created_at: 4.months.ago)
create(:plan_limits, :default_plan, ci_registered_group_runners: 1)
skip_default_enabled_yaml_check
stub_feature_flags(ci_runner_limits_override: false)
end
it 'creates runner' do

View file

@ -1101,14 +1101,8 @@ RSpec.describe API::Ci::Runners do
context 'when it exceeds the application limits' do
before do
create(:plan_limits, :default_plan, ci_registered_project_runners: 1)
skip_default_enabled_yaml_check
stub_feature_flags(ci_runner_limits_override: ci_runner_limits_override)
end
context 'with ci_runner_limits_override FF disabled' do
let(:ci_runner_limits_override) { false }
it 'does not enable specific runner' do
expect do
post api("/projects/#{project.id}/runners", admin), params: { runner_id: new_project_runner.id }
@ -1116,18 +1110,6 @@ RSpec.describe API::Ci::Runners do
expect(response).to have_gitlab_http_status(:bad_request)
end
end
context 'with ci_runner_limits_override FF enabled' do
let(:ci_runner_limits_override) { true }
it 'enables specific runner' do
expect do
post api("/projects/#{project.id}/runners", admin), params: { runner_id: new_project_runner.id }
end.to change { project.runners.count }
expect(response).to have_gitlab_http_status(:created)
end
end
end
end
it 'enables a instance type runner' do

View file

@ -28,7 +28,7 @@ RSpec.shared_examples 'setting CSP' do |rule_name|
context 'when feature is enabled' do
it "appends to #{rule_name}" do
is_expected.to eql("#{rule_name} #{default_csp_values} #{whitelisted_url}")
is_expected.to eql("#{rule_name} #{default_csp_values} #{allowlisted_url}")
end
end
@ -46,7 +46,7 @@ RSpec.shared_examples 'setting CSP' do |rule_name|
context 'when feature is enabled' do
it "uses default-src values in #{rule_name}" do
is_expected.to eql("default-src #{default_csp_values}; #{rule_name} #{default_csp_values} #{whitelisted_url}")
is_expected.to eql("default-src #{default_csp_values}; #{rule_name} #{default_csp_values} #{allowlisted_url}")
end
end
@ -64,7 +64,7 @@ RSpec.shared_examples 'setting CSP' do |rule_name|
context 'when feature is enabled' do
it "uses default-src values in #{rule_name}" do
is_expected.to eql("font-src #{default_csp_values}; #{rule_name} #{whitelisted_url}")
is_expected.to eql("font-src #{default_csp_values}; #{rule_name} #{allowlisted_url}")
end
end