Add latest changes from gitlab-org/gitlab@master
This commit is contained in:
parent
51d1545877
commit
20b517258a
|
@ -19,14 +19,7 @@ Rails/IncludeUrlHelper:
|
|||
- app/models/integrations/redmine.rb
|
||||
- app/models/integrations/webex_teams.rb
|
||||
- app/models/integrations/youtrack.rb
|
||||
- app/presenters/alert_management/alert_presenter.rb
|
||||
- app/presenters/environment_presenter.rb
|
||||
- app/presenters/gitlab/blame_presenter.rb
|
||||
- app/presenters/merge_request_presenter.rb
|
||||
- app/presenters/project_presenter.rb
|
||||
- app/presenters/release_presenter.rb
|
||||
- app/presenters/releases/evidence_presenter.rb
|
||||
- ee/app/helpers/license_helper.rb
|
||||
- ee/app/models/integrations/github.rb
|
||||
- ee/spec/helpers/ee/projects/security/configuration_helper_spec.rb
|
||||
- ee/spec/lib/banzai/filter/cross_project_issuable_information_filter_spec.rb
|
||||
|
|
|
@ -78,7 +78,12 @@ export default class TemplateSelector {
|
|||
setEditorContent(file, { skipFocus } = {}) {
|
||||
if (!file) return;
|
||||
|
||||
const newValue = file.content;
|
||||
let newValue = file.content;
|
||||
|
||||
const urlParams = new URLSearchParams(window.location.search);
|
||||
if (urlParams.has('issue[description]')) {
|
||||
newValue += `\n${urlParams.get('issue[description]')}`;
|
||||
}
|
||||
|
||||
this.editor.setValue(newValue, 1);
|
||||
|
||||
|
|
|
@ -18,6 +18,15 @@ class Clusters::ClustersController < Clusters::BaseController
|
|||
helper_method :token_in_session
|
||||
|
||||
STATUS_POLLING_INTERVAL = 10_000
|
||||
AWS_CSP_DOMAINS = %w[https://ec2.ap-east-1.amazonaws.com https://ec2.ap-northeast-1.amazonaws.com https://ec2.ap-northeast-2.amazonaws.com https://ec2.ap-northeast-3.amazonaws.com https://ec2.ap-south-1.amazonaws.com https://ec2.ap-southeast-1.amazonaws.com https://ec2.ap-southeast-2.amazonaws.com https://ec2.ca-central-1.amazonaws.com https://ec2.eu-central-1.amazonaws.com https://ec2.eu-north-1.amazonaws.com https://ec2.eu-west-1.amazonaws.com https://ec2.eu-west-2.amazonaws.com https://ec2.eu-west-3.amazonaws.com https://ec2.me-south-1.amazonaws.com https://ec2.sa-east-1.amazonaws.com https://ec2.us-east-1.amazonaws.com https://ec2.us-east-2.amazonaws.com https://ec2.us-west-1.amazonaws.com https://ec2.us-west-2.amazonaws.com https://ec2.af-south-1.amazonaws.com https://iam.amazonaws.com].freeze
|
||||
|
||||
content_security_policy do |p|
|
||||
next if p.directives.blank?
|
||||
|
||||
default_connect_src = p.directives['connect-src'] || p.directives['default-src']
|
||||
connect_src_values = Array.wrap(default_connect_src) | AWS_CSP_DOMAINS
|
||||
p.connect_src(*connect_src_values)
|
||||
end
|
||||
|
||||
def index
|
||||
@clusters = cluster_list
|
||||
|
|
|
@ -3,7 +3,6 @@
|
|||
module AlertManagement
|
||||
class AlertPresenter < Gitlab::View::Presenter::Delegated
|
||||
include IncidentManagement::Settings
|
||||
include ActionView::Helpers::UrlHelper
|
||||
|
||||
presents ::AlertManagement::Alert
|
||||
delegator_override_with Gitlab::Utils::StrongMemoize # This module inclusion is expected. See https://gitlab.com/gitlab-org/gitlab/-/issues/352884.
|
||||
|
|
|
@ -1,8 +1,6 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
class EnvironmentPresenter < Gitlab::View::Presenter::Delegated
|
||||
include ActionView::Helpers::UrlHelper
|
||||
|
||||
presents ::Environment, as: :environment
|
||||
|
||||
def path
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
class MergeRequestPresenter < Gitlab::View::Presenter::Delegated
|
||||
include ActionView::Helpers::UrlHelper
|
||||
include GitlabRoutingHelper
|
||||
include MarkupHelper
|
||||
include TreeHelper
|
||||
|
@ -290,6 +289,11 @@ class MergeRequestPresenter < Gitlab::View::Presenter::Delegated
|
|||
def user_can_fork_project?
|
||||
can?(current_user, :fork_project, project)
|
||||
end
|
||||
|
||||
# Avoid including ActionView::Helpers::UrlHelper
|
||||
def link_to(*args)
|
||||
ApplicationController.helpers.link_to(*args)
|
||||
end
|
||||
end
|
||||
|
||||
MergeRequestPresenter.prepend_mod_with('MergeRequestPresenter')
|
||||
|
|
|
@ -2,7 +2,6 @@
|
|||
|
||||
class ProjectPresenter < Gitlab::View::Presenter::Delegated
|
||||
include ActionView::Helpers::NumberHelper
|
||||
include ActionView::Helpers::UrlHelper
|
||||
include GitlabRoutingHelper
|
||||
include StorageHelper
|
||||
include TreeHelper
|
||||
|
@ -473,6 +472,11 @@ class ProjectPresenter < Gitlab::View::Presenter::Delegated
|
|||
project.topics.map(&:name)
|
||||
end
|
||||
end
|
||||
|
||||
# Avoid including ActionView::Helpers::UrlHelper
|
||||
def content_tag(*args)
|
||||
ActionController::Base.helpers.content_tag(*args)
|
||||
end
|
||||
end
|
||||
|
||||
ProjectPresenter.prepend_mod_with('ProjectPresenter')
|
||||
|
|
|
@ -1,8 +1,6 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
class ReleasePresenter < Gitlab::View::Presenter::Delegated
|
||||
include ActionView::Helpers::UrlHelper
|
||||
|
||||
presents ::Release, as: :release
|
||||
|
||||
# TODO: Remove `delegate` as it's redundant due to SimpleDelegator.
|
||||
|
|
|
@ -2,8 +2,6 @@
|
|||
|
||||
module Releases
|
||||
class EvidencePresenter < Gitlab::View::Presenter::Delegated
|
||||
include ActionView::Helpers::UrlHelper
|
||||
|
||||
presents ::Releases::Evidence, as: :evidence
|
||||
|
||||
def filepath
|
||||
|
|
|
@ -37,7 +37,7 @@ module Projects
|
|||
system_hook_service.execute_hooks_for(project, :destroy)
|
||||
log_info("Project \"#{project.full_path}\" was deleted")
|
||||
|
||||
publish_project_deleted_event_for(project) if Feature.enabled?(:publish_project_deleted_event, default_enabled: :yaml)
|
||||
publish_project_deleted_event_for(project)
|
||||
|
||||
current_user.invalidate_personal_projects_count
|
||||
|
||||
|
|
|
@ -19,8 +19,9 @@
|
|||
.row
|
||||
= f.label :name, _('Token name'), class: 'label-bold col-md-12'
|
||||
.col-md-6
|
||||
- resource_type = resource.is_a?(Group) ? "group" : "project"
|
||||
= f.text_field :name, class: 'form-control gl-form-input', required: true, data: { qa_selector: 'access_token_name_field' }, :'aria-describedby' => 'access_token_help_text'
|
||||
%span.form-text.text-muted.col-md-12#access_token_help_text= _('For example, the application using the token or the purpose of the token.')
|
||||
%span.form-text.text-muted.col-md-12#access_token_help_text= _("For example, the application using the token or the purpose of the token. Do not give sensitive information for the name of the token, as it will be visible to all %{resource_type} members.") % { resource_type: resource_type }
|
||||
|
||||
.row
|
||||
.form-group.col-md-6
|
||||
|
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
name: publish_project_deleted_event
|
||||
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/78862
|
||||
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/351073
|
||||
milestone: '14.8'
|
||||
type: development
|
||||
group: group::pipeline insights
|
||||
default_enabled: false
|
|
@ -1,8 +1,8 @@
|
|||
- name: "Secure and Protect analyzer major version update" # The name of the feature to be deprecated
|
||||
announcement_milestone: "14.8" # The milestone when this feature was first announced as deprecated.
|
||||
announcement_date: "2022-02-22" # The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
|
||||
removal_milestone: "15.00" # The milestone when this feature is planned to be removed
|
||||
removal_date: # The date of the milestone release when this feature is planned to be removed. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
|
||||
removal_milestone: "15.0" # The milestone when this feature is planned to be removed
|
||||
removal_date: "2022-05-22" # The date of the milestone release when this feature is planned to be removed. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
|
||||
breaking_change: true # If this deprecation is a breaking change, set this value to true
|
||||
reporter: NicoleSchwartz # GitLab username of the person reporting the deprecation
|
||||
body: | # Do not modify this line, instead modify the lines below.
|
||||
|
@ -20,9 +20,10 @@
|
|||
- Coverage-guided fuzz testing: version 2
|
||||
- Dependency Scanning: version 2
|
||||
- Dynamic Application Security Testing (DAST): version 2
|
||||
- Infrastructure as Code (IaC) Scanning: version 1
|
||||
- License Scanning: version 3
|
||||
- Secret Detection: version 3
|
||||
- Static Application Security Testing (SAST): version 2, except security-code-scan which is version 3
|
||||
- Static Application Security Testing (SAST): version 2 of [all analyzers](https://docs.gitlab.com/ee/user/application_security/sast/#supported-languages-and-frameworks), except `gosec` which is currently at version 3
|
||||
- `bandit`: version 2
|
||||
- `brakeman`: version 2
|
||||
- `eslint`: version 2
|
||||
|
@ -33,7 +34,7 @@
|
|||
- `nodejs-scan`: version 2
|
||||
- `phpcs-security-audit`: version 2
|
||||
- `pmd-apex`: version 2
|
||||
- `security-code-scan`: version 3
|
||||
- `security-code-scan`: version 2
|
||||
- `semgrep`: version 2
|
||||
- `sobelow`: version 2
|
||||
- `spotbugs`: version 2
|
|
@ -18,6 +18,13 @@ GitLab CI/CD supports [OpenID Connect (OIDC)](https://openid.net/connect/faq/) t
|
|||
|
||||
The original implementation of `CI_JOB_JWT` supports [HashiCorp Vault integration](../examples/authenticating-with-hashicorp-vault/). The updated implementation of `CI_JOB_JWT_V2` supports additional cloud providers with OIDC including AWS, GCP, and Vault.
|
||||
|
||||
NOTE:
|
||||
Configuring OIDC enables JWT token access to the target environments for all pipelines.
|
||||
When you configure OIDC for a pipeline, you should complete a software supply chain security
|
||||
review for the pipeline, focusing on the additional access. You can use the [software supply chain security awareness assessment](https://about.gitlab.com/quiz/software-supply-chain-security/)
|
||||
as a starting point, and for more information about supply chain attacks, see
|
||||
[How a DevOps Platform helps protect against supply chain attacks](https://about.gitlab.com/blog/2021/04/28/devops-platform-supply-chain-attacks/).
|
||||
|
||||
WARNING:
|
||||
The `CI_JOB_JWT_V2` variable is under development [(alpha)](../../policy/alpha-beta-support.md#alpha-features) and is not yet suitable for production use.
|
||||
|
||||
|
|
Binary file not shown.
Before Width: | Height: | Size: 14 KiB |
Binary file not shown.
After Width: | Height: | Size: 42 KiB |
|
@ -35,7 +35,7 @@ To view a list of environments and deployments:
|
|||
1. On the left sidebar, select **Deployments > Environments**.
|
||||
The environments are displayed.
|
||||
|
||||
![Environments list](img/environments_list_v14_3.png)
|
||||
![Environments list](img/environments_list_v14_8.png)
|
||||
|
||||
1. To view a list of deployments for an environment, select the environment name,
|
||||
for example, `staging`.
|
||||
|
|
|
@ -1292,7 +1292,7 @@ See the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/352564
|
|||
### Secure and Protect analyzer major version update
|
||||
|
||||
WARNING:
|
||||
This feature will be changed or removed in 15.00
|
||||
This feature will be changed or removed in 15.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
@ -1311,9 +1311,10 @@ Specifically, the following are being deprecated and will no longer be updated a
|
|||
- Coverage-guided fuzz testing: version 2
|
||||
- Dependency Scanning: version 2
|
||||
- Dynamic Application Security Testing (DAST): version 2
|
||||
- Infrastructure as Code (IaC) Scanning: version 1
|
||||
- License Scanning: version 3
|
||||
- Secret Detection: version 3
|
||||
- Static Application Security Testing (SAST): version 2, except security-code-scan which is version 3
|
||||
- Static Application Security Testing (SAST): version 2 of [all analyzers](https://docs.gitlab.com/ee/user/application_security/sast/#supported-languages-and-frameworks), except `gosec` which is currently at version 3
|
||||
- `bandit`: version 2
|
||||
- `brakeman`: version 2
|
||||
- `eslint`: version 2
|
||||
|
@ -1324,12 +1325,12 @@ Specifically, the following are being deprecated and will no longer be updated a
|
|||
- `nodejs-scan`: version 2
|
||||
- `phpcs-security-audit`: version 2
|
||||
- `pmd-apex`: version 2
|
||||
- `security-code-scan`: version 3
|
||||
- `security-code-scan`: version 2
|
||||
- `semgrep`: version 2
|
||||
- `sobelow`: version 2
|
||||
- `spotbugs`: version 2
|
||||
|
||||
**Planned removal milestone: 15.00 ()**
|
||||
**Planned removal milestone: 15.0 (2022-05-22)**
|
||||
|
||||
### Support for gRPC-aware proxy deployed between Gitaly and rest of GitLab
|
||||
|
||||
|
|
|
@ -0,0 +1,119 @@
|
|||
---
|
||||
stage: Configure
|
||||
group: Configure
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Create a new EKS cluster through IaC
|
||||
|
||||
Learn how to create a new cluster on Amazon Elastic Kubernetes Service (EKS) through
|
||||
[Infrastructure as Code (IaC)](../../index.md).
|
||||
|
||||
This process combines the AWS and Kubernetes Terraform providers to help you create EKS clusters
|
||||
and connect them to GitLab using the [GitLab agent for Kubernetes](../../../clusters/agent/index.md).
|
||||
|
||||
This document describes how to set up a Kubernetes cluster on EKS by importing an example project to get you started.
|
||||
You can then modify the project files according to your needs.
|
||||
|
||||
**Prerequisites:**
|
||||
|
||||
- An Amazon Web Services (AWS) account, with a set of configured
|
||||
[security credentials](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-prereqs.html).
|
||||
- [Configured GitLab Runners](https://docs.gitlab.com/runner/install/) to run the infrastructure pipeline from GitLab CI/CD.
|
||||
|
||||
**Steps:**
|
||||
|
||||
1. [Import the example project](#import-the-example-project).
|
||||
1. [Register the Agent](#register-the-agent).
|
||||
1. [Configure your project](#configure-your-project).
|
||||
1. [Provision your cluster](#provision-your-cluster).
|
||||
|
||||
## Import the example project
|
||||
|
||||
To create a new cluster from GitLab using Infrastructure as Code, it is necessary
|
||||
to create a project to manage the cluster from. In this tutorial, we import a pre-configured
|
||||
sample project to help you get started.
|
||||
|
||||
Start by [importing the example project by URL](../../../project/import/repo_by_url.md). Use `https://gitlab.com/gitlab-org/configure/examples/gitlab-terraform-eks.git` as the URL.
|
||||
|
||||
This project provides you with the following resources:
|
||||
|
||||
- An Amazon [Virtual Private Cloud (VPC)](https://gitlab.com/gitlab-org/configure/examples/gitlab-terraform-eks/-/blob/main/vpc.tf).
|
||||
- An Amazon [Elastic Kubernetes Service (EKS)](https://gitlab.com/gitlab-org/configure/examples/gitlab-terraform-eks/-/blob/main/eks.tf) cluster.
|
||||
- The [GitLab agent for Kubernetes](https://gitlab.com/gitlab-org/configure/examples/gitlab-terraform-eks/-/blob/main/agent.tf) installed into the cluster.
|
||||
|
||||
## Register the Agent
|
||||
|
||||
To create an Agent in GitLab:
|
||||
|
||||
1. From your project's sidebar, select **Infrastructure > Kubernetes clusters**.
|
||||
1. Select **Actions**.
|
||||
1. From the **Select an Agent** dropdown list, select `eks-agent` and select **Register an Agent**.
|
||||
1. GitLab generates a registration token for this Agent. Securely store this secret token, as you will need it to [configure your project](#configure-your-project) below.
|
||||
1. GitLab provides you with a KAS address, which will also be needed when configuring your project below.
|
||||
|
||||
## Configure your project
|
||||
|
||||
Use CI/CD environment variables to configure your project as detailed below.
|
||||
|
||||
**Required configuration:**
|
||||
|
||||
1. On the left sidebar, select **Settings > CI/CD**.
|
||||
1. Expand **Variables**.
|
||||
1. Set the variable `AWS_ACCESS_KEY_ID` to your AWS access key ID.
|
||||
1. Set the variable `AWS_SECRET_ACCESS_KEY` to your AWS secret access key.
|
||||
1. Set the variable `TF_VAR_agent_token` to the Agent token displayed in the previous step.
|
||||
1. Set the variable `TF_VAR_kas_address` to the KAS address displayed in the previous step.
|
||||
|
||||
**Optional configuration:**
|
||||
|
||||
The file [`variables.tf`](https://gitlab.com/gitlab-org/configure/examples/gitlab-terraform-eks/-/blob/main/variables.tf)
|
||||
contains other variables that you can override according to your needs:
|
||||
|
||||
- `TF_VAR_region`: Set your cluster's region.
|
||||
- `TF_VAR_cluster_name`: Set your cluster's name.
|
||||
- `TF_VAR_cluster_version`: Set the version of Kubernetes.
|
||||
- `TF_VAR_instance_type`: Set the instance type for the Kubernetes nodes.
|
||||
- `TF_VAR_instance_count`: Set the number of Kubernetes nodes.
|
||||
- `TF_VAR_agent_version`: Set the version of the GitLab Agent.
|
||||
- `TF_VAR_agent_namespace`: Set the Kubernetes namespace for the GitLab Agent.
|
||||
|
||||
Refer to the [AWS Terraform provider](https://registry.terraform.io/providers/hashicorp/aws/latest/docs) and the [Kubernetes Terraform provider](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs) documentation for further resource options.
|
||||
|
||||
## Provision your cluster
|
||||
|
||||
After configuring your project, manually trigger the provisioning of your cluster. In GitLab:
|
||||
|
||||
1. From your project's sidebar, go to **CI/CD > Pipelines**.
|
||||
1. Select the dropdown icon (**{angle-down}**) next to the play icon (**{play}**).
|
||||
1. Select **deploy** to manually trigger the deployment job.
|
||||
|
||||
When the pipeline finishes successfully, you can see your new cluster:
|
||||
|
||||
- In AWS: from the [EKS console](https://console.aws.amazon.com/eks/home) select **Amazon EKS > Clusters**.
|
||||
- In GitLab: from your project's sidebar, select **Infrastructure > Kubernetes clusters**.
|
||||
|
||||
## Removing the cluster
|
||||
|
||||
A cleanup job is not included in your pipeline by default. To remove all created resources, you
|
||||
need to modify your GitLab CI/CD template before running the cleanup job.
|
||||
|
||||
To remove all resources:
|
||||
|
||||
1. Add the following to your `.gitlab-ci.yml`:
|
||||
|
||||
```yaml
|
||||
stages:
|
||||
- init
|
||||
- validate
|
||||
- build
|
||||
- deploy
|
||||
- cleanup
|
||||
|
||||
destroy:
|
||||
extends: .destroy
|
||||
needs: []
|
||||
```
|
||||
|
||||
1. From your project's sidebar, go to **CI/CD > Pipelines** and select the most recent pipeline.
|
||||
1. Click the play icon (**{play}**) for the `destroy` job.
|
|
@ -105,12 +105,13 @@ owned by GitLab, where everyone can contribute.
|
|||
The [documentation of the provider](https://registry.terraform.io/providers/gitlabhq/gitlab/latest/docs)
|
||||
is available as part of the official Terraform provider documentation.
|
||||
|
||||
## Create a new cluster through IaC (DEPRECATED)
|
||||
## Create a new cluster through IaC
|
||||
|
||||
Learn how to [create a new cluster on Google Kubernetes Engine (GKE)](../clusters/connect/new_gke_cluster.md).
|
||||
- Learn how to [create a new cluster on Amazon Elastic Kubernetes Service (EKS)](../clusters/connect/new_eks_cluster.md).
|
||||
- Learn how to [create a new cluster on Google Kubernetes Engine (GKE)](../clusters/connect/new_gke_cluster.md) (DEPRECATED).
|
||||
|
||||
NOTE:
|
||||
The linked tutorial connects the cluster to GitLab through cluster certificates,
|
||||
The linked GKE tutorial connects the cluster to GitLab through cluster certificates,
|
||||
and this method was [deprecated](https://gitlab.com/groups/gitlab-org/configure/-/epics/8)
|
||||
in GitLab 14.5. You can still create a cluster through IaC and then connect it to GitLab
|
||||
through the [agent](../../clusters/agent/index.md), the default and fully supported
|
||||
|
|
|
@ -10,7 +10,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
|
|||
> - [Deprecated](https://gitlab.com/groups/gitlab-org/configure/-/epics/8) in GitLab 14.5.
|
||||
|
||||
WARNING:
|
||||
This feature was deprecated in GitLab 14.5. Use [Infrastructure as Code](../../infrastructure/iac/index.md#create-a-new-cluster-through-iac-deprecated)
|
||||
This feature was deprecated in GitLab 14.5. Use [Infrastructure as Code](../../infrastructure/iac/index.md#create-a-new-cluster-through-iac)
|
||||
to create new clusters.
|
||||
|
||||
Through GitLab, you can create new clusters and add existing clusters hosted on Amazon Elastic
|
||||
|
@ -23,7 +23,7 @@ use the [GitLab Agent](../../clusters/agent/index.md).
|
|||
|
||||
## Create a new EKS cluster
|
||||
|
||||
To create a new cluster from GitLab, use [Infrastructure as Code](../../infrastructure/iac/index.md#create-a-new-cluster-through-iac-deprecated).
|
||||
To create a new cluster from GitLab, use [Infrastructure as Code](../../infrastructure/iac/index.md#create-a-new-cluster-through-iac).
|
||||
|
||||
### How to create a new cluster on EKS through cluster certificates (DEPRECATED)
|
||||
|
||||
|
|
|
@ -10,7 +10,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
|
|||
|
||||
WARNING:
|
||||
This feature was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/327908) in GitLab 14.0.
|
||||
To create a new cluster use [Infrastructure as Code](../../infrastructure/iac/index.md#create-a-new-cluster-through-iac-deprecated).
|
||||
To create a new cluster use [Infrastructure as Code](../../infrastructure/iac/index.md#create-a-new-cluster-through-iac).
|
||||
|
||||
NOTE:
|
||||
Every new Google Cloud Platform (GCP) account receives
|
||||
|
@ -29,7 +29,7 @@ in a few clicks.
|
|||
|
||||
> [Deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/327908) in GitLab 14.0.
|
||||
|
||||
As of GitLab 14.0, use [Infrastructure as Code](../../infrastructure/iac/index.md#create-a-new-cluster-through-iac-deprecated)
|
||||
As of GitLab 14.0, use [Infrastructure as Code](../../infrastructure/iac/index.md#create-a-new-cluster-through-iac)
|
||||
to **safely create new clusters from GitLab**.
|
||||
|
||||
Creating clusters from GitLab using cluster certificates is still available on the
|
||||
|
|
|
@ -160,6 +160,8 @@ To regenerate the email address:
|
|||
|
||||
### Using a URL with prefilled values
|
||||
|
||||
> Ability to use both `issuable_template` and `issue[description]` in the same URL [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/340529) in GitLab 14.8.
|
||||
|
||||
To link directly to the new issue page with prefilled fields, use query
|
||||
string parameters in a URL. You can embed a URL in an external
|
||||
HTML page to create issues with certain fields prefilled.
|
||||
|
@ -168,8 +170,8 @@ HTML page to create issues with certain fields prefilled.
|
|||
| -------------------- | --------------------- | ------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| Title | `issue[title]` | Must be [URL-encoded](../../../api/index.md#namespaced-path-encoding). |
|
||||
| Issue type | `issue[issue_type]` | Either `incident` or `issue`. |
|
||||
| Description template | `issuable_template` | Cannot be used at the same time as `issue[description]`. Must be [URL-encoded](../../../api/index.md#namespaced-path-encoding). |
|
||||
| Description | `issue[description]` | Cannot be used at the same time as `issuable_template`. Must be [URL-encoded](../../../api/index.md#namespaced-path-encoding). |
|
||||
| Description template | `issuable_template` | Must be [URL-encoded](../../../api/index.md#namespaced-path-encoding). |
|
||||
| Description | `issue[description]` | Must be [URL-encoded](../../../api/index.md#namespaced-path-encoding). If used in combination with `issuable_template` or a [default issue template](../description_templates.md#set-a-default-template-for-merge-requests-and-issues), the `issue[description]` value is appended to the template. |
|
||||
| Confidential | `issue[confidential]` | If `true`, the issue is marked as confidential. |
|
||||
|
||||
Adapt these examples to form your new issue URL with prefilled fields.
|
||||
|
|
|
@ -42,7 +42,7 @@ pre-push:
|
|||
tags: documentation style
|
||||
files: git diff --name-only --diff-filter=d $(git merge-base origin/master HEAD)..HEAD
|
||||
glob: 'doc/*.md'
|
||||
run: if command -v vale 2> /dev/null; then vale --config .vale.ini --minAlertLevel error {files}; else echo "Vale not found. Install Vale"; fi
|
||||
run: 'if command -v vale > /dev/null 2>&1; then if ! vale --config .vale.ini --minAlertLevel error {files}; then echo "ERROR: Fix any linting errors and make sure you are using the latest version of Vale."; fi; else echo "ERROR: Vale not found. For more information, see https://docs.errata.ai/vale/install."; fi'
|
||||
gettext:
|
||||
skip: true # This is disabled by default. You can enable this check by adding skip: false in lefhook-local.yml https://github.com/evilmartians/lefthook/blob/master/docs/full_guide.md#skipping-commands
|
||||
tags: backend frontend view haml
|
||||
|
|
|
@ -15,7 +15,7 @@ module Gitlab
|
|||
directives = {
|
||||
'default_src' => "'self'",
|
||||
'base_uri' => "'self'",
|
||||
'connect_src' => "'self'",
|
||||
'connect_src' => ContentSecurityPolicy::Directives.connect_src,
|
||||
'font_src' => "'self'",
|
||||
'form_action' => "'self' https: http:",
|
||||
'frame_ancestors' => "'self'",
|
||||
|
|
|
@ -7,6 +7,10 @@
|
|||
module Gitlab
|
||||
module ContentSecurityPolicy
|
||||
module Directives
|
||||
def self.connect_src
|
||||
"'self'"
|
||||
end
|
||||
|
||||
def self.frame_src
|
||||
"https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com https://www.googletagmanager.com/ns.html"
|
||||
end
|
||||
|
|
|
@ -15700,7 +15700,7 @@ msgstr ""
|
|||
msgid "For each job, re-use the project workspace. If the workspace doesn't exist, use %{code_open}git clone%{code_close}."
|
||||
msgstr ""
|
||||
|
||||
msgid "For example, the application using the token or the purpose of the token."
|
||||
msgid "For example, the application using the token or the purpose of the token. Do not give sensitive information for the name of the token, as it will be visible to all %{resource_type} members."
|
||||
msgstr ""
|
||||
|
||||
msgid "For files larger than this limit, only index the file name. The file content is neither indexed nor searchable."
|
||||
|
|
|
@ -327,6 +327,22 @@ module QA
|
|||
end
|
||||
end
|
||||
|
||||
def accept_dataloss_for_project(project_id, authoritative_storage)
|
||||
repository_hash = "#{Digest::SHA256.hexdigest(project_id.to_s)}"
|
||||
repository = "@hashed/#{repository_hash[0, 2]}/#{repository_hash[2, 2]}/#{repository_hash}.git"
|
||||
|
||||
cmd = %{
|
||||
docker exec #{@praefect} \
|
||||
praefect \
|
||||
-config /var/opt/gitlab/praefect/config.toml \
|
||||
accept-dataloss \
|
||||
--virtual-storage=default \
|
||||
--repository=#{repository} \
|
||||
--authoritative-storage=#{authoritative_storage}
|
||||
}
|
||||
shell(cmd)
|
||||
end
|
||||
|
||||
def wait_for_health_check_all_nodes
|
||||
wait_for_gitaly_health_check(@primary_node)
|
||||
wait_for_gitaly_health_check(@secondary_node)
|
||||
|
@ -415,6 +431,27 @@ module QA
|
|||
Support::Waiter.wait_until(sleep_interval: 1) { replication_queue_incomplete_count == 0 && replicated?(project_id) }
|
||||
end
|
||||
|
||||
def wait_for_replication_to_node(project_id, node)
|
||||
Support::Waiter.wait_until(sleep_interval: 1) do
|
||||
result = []
|
||||
shell sql_to_docker_exec_cmd(%{
|
||||
select * from replication_queue
|
||||
where state = 'ready'
|
||||
and job ->> 'change' = 'update'
|
||||
and job ->> 'target_node_storage' = '#{node}'
|
||||
and job ->> 'relative_path' = '#{Digest::SHA256.hexdigest(project_id.to_s)}.git';
|
||||
}) do |line|
|
||||
result << line.strip
|
||||
QA::Runtime::Logger.debug(line.strip)
|
||||
end
|
||||
# The result should look like this when all items are replicated
|
||||
# id | state | created_at | updated_at | attempt | lock_id | job | meta
|
||||
# ----+-------+------------+------------+---------+---------+-----+------
|
||||
# (0 rows)
|
||||
result[2] == '(0 rows)'
|
||||
end
|
||||
end
|
||||
|
||||
def replication_pending?
|
||||
result = []
|
||||
shell sql_to_docker_exec_cmd(
|
||||
|
|
|
@ -52,6 +52,53 @@ module QA
|
|||
expect(project_data_loss).to include('gitaly3, assigned host, unhealthy')
|
||||
end
|
||||
end
|
||||
|
||||
it 'allows admin resolve scenario where data cannot be recovered', testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/352708' do
|
||||
# Ensure everything is in sync before begining test
|
||||
praefect_manager.wait_for_project_synced_across_all_storages(project.id)
|
||||
|
||||
Resource::Repository::Commit.fabricate_via_api! do |commit|
|
||||
commit.project = project
|
||||
commit.commit_message = 'accept-dataloss-1'
|
||||
commit.add_files([
|
||||
{ file_path: "new_file-#{SecureRandom.hex(8)}.txt", content: 'Add a commit to gitaly1,gitaly2,gitaly3' }
|
||||
])
|
||||
end
|
||||
|
||||
praefect_manager.wait_for_replication_to_node(project.id, praefect_manager.primary_node)
|
||||
praefect_manager.stop_primary_node
|
||||
Resource::Repository::Commit.fabricate_via_api! do |commit|
|
||||
commit.project = project
|
||||
commit.commit_message = 'accept-dataloss-2'
|
||||
commit.add_files([
|
||||
{ file_path: "new_file-#{SecureRandom.hex(8)}.txt", content: 'Add a commit to gitaly2,gitaly3' }
|
||||
])
|
||||
end
|
||||
|
||||
praefect_manager.wait_for_replication_to_node(project.id, praefect_manager.secondary_node)
|
||||
praefect_manager.stop_secondary_node
|
||||
Resource::Repository::Commit.fabricate_via_api! do |commit|
|
||||
commit.project = project
|
||||
commit.commit_message = 'accept-dataloss-3'
|
||||
commit.add_files([
|
||||
{ file_path: "new_file-#{SecureRandom.hex(8)}.txt", content: 'Add a commit to gitaly3' }
|
||||
])
|
||||
end
|
||||
|
||||
# Confirms that they want to accept dataloss, using gitaly2 as authoritative storage to use as a base
|
||||
praefect_manager.accept_dataloss_for_project(project.id, praefect_manager.secondary_node)
|
||||
|
||||
# Restart nodes, and allow replication to apply dataloss changes
|
||||
praefect_manager.start_all_nodes
|
||||
praefect_manager.wait_for_project_synced_across_all_storages(project.id)
|
||||
|
||||
# Validate that gitaly2 was accepted as the authorative storage
|
||||
aggregate_failures "validate correct set of commits available" do
|
||||
expect(project.commits.map { |commit| commit[:message].chomp }).to include('accept-dataloss-1')
|
||||
expect(project.commits.map { |commit| commit[:message].chomp }).to include('accept-dataloss-2')
|
||||
expect(project.commits.map { |commit| commit[:message].chomp }).not_to include('accept-dataloss-3')
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -36,6 +36,20 @@ RSpec.describe 'Clusterable > Show page' do
|
|||
|
||||
expect(page).not_to have_selector('[data-testid="cluster-environments-tab"]')
|
||||
end
|
||||
|
||||
context 'content-security policy' do
|
||||
it 'has AWS domains in the CSP' do
|
||||
visit cluster_path
|
||||
|
||||
expect(response_headers['Content-Security-Policy']).to include(::Clusters::ClustersController::AWS_CSP_DOMAINS.join(' '))
|
||||
end
|
||||
|
||||
it 'keeps existing connect-src in the CSP' do
|
||||
visit cluster_path
|
||||
|
||||
expect(response_headers['Content-Security-Policy']).to include("connect-src #{Gitlab::ContentSecurityPolicy::Directives.connect_src}")
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
shared_examples 'editing a GCP cluster' do
|
||||
|
|
|
@ -5,7 +5,7 @@ require 'spec_helper'
|
|||
RSpec.describe 'New/edit issue', :js do
|
||||
include ActionView::Helpers::JavaScriptHelper
|
||||
|
||||
let_it_be(:project) { create(:project) }
|
||||
let_it_be(:project) { create(:project, :repository) }
|
||||
let_it_be(:user) { create(:user) }
|
||||
let_it_be(:user2) { create(:user) }
|
||||
let_it_be(:milestone) { create(:milestone, project: project) }
|
||||
|
@ -310,6 +310,53 @@ RSpec.describe 'New/edit issue', :js do
|
|||
end
|
||||
end
|
||||
|
||||
describe 'new issue with query parameters' do
|
||||
before do
|
||||
project.repository.create_file(
|
||||
current_user,
|
||||
'.gitlab/issue_templates/test_template.md',
|
||||
'description from template',
|
||||
message: 'Add test_template.md',
|
||||
branch_name: project.default_branch_or_main
|
||||
)
|
||||
end
|
||||
|
||||
after do
|
||||
project.repository.delete_file(
|
||||
current_user,
|
||||
'.gitlab/issue_templates/test_template.md',
|
||||
message: 'Remove test_template.md',
|
||||
branch_name: project.default_branch_or_main
|
||||
)
|
||||
end
|
||||
|
||||
it 'leaves the description blank if no query parameters are specified' do
|
||||
visit new_project_issue_path(project)
|
||||
|
||||
expect(find('#issue_description').value).to be_empty
|
||||
end
|
||||
|
||||
it 'fills the description from the issue[description] query parameter' do
|
||||
visit new_project_issue_path(project, issue: { description: 'description from query parameter' })
|
||||
|
||||
expect(find('#issue_description').value).to match('description from query parameter')
|
||||
end
|
||||
|
||||
it 'fills the description from the issuable_template query parameter' do
|
||||
visit new_project_issue_path(project, issuable_template: 'test_template')
|
||||
wait_for_requests
|
||||
|
||||
expect(find('#issue_description').value).to match('description from template')
|
||||
end
|
||||
|
||||
it 'fills the description from the issuable_template and issue[description] query parameters' do
|
||||
visit new_project_issue_path(project, issuable_template: 'test_template', issue: { description: 'description from query parameter' })
|
||||
wait_for_requests
|
||||
|
||||
expect(find('#issue_description').value).to match('description from template\ndescription from query parameter')
|
||||
end
|
||||
end
|
||||
|
||||
describe 'edit issue' do
|
||||
before do
|
||||
visit edit_project_issue_path(project, issue)
|
||||
|
|
|
@ -36,18 +36,6 @@ RSpec.describe Projects::DestroyService, :aggregate_failures do
|
|||
|
||||
destroy_project(project, user, {})
|
||||
end
|
||||
|
||||
context 'when feature flag publish_project_deleted_event is disabled' do
|
||||
before do
|
||||
stub_feature_flags(publish_project_deleted_event: false)
|
||||
end
|
||||
|
||||
it 'does not publish an event' do
|
||||
expect(Gitlab::EventStore).not_to receive(:publish).with(event_type(Projects::ProjectDeletedEvent))
|
||||
|
||||
destroy_project(project, user, {})
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
shared_examples 'deleting the project with pipeline and build' do
|
||||
|
|
|
@ -155,7 +155,7 @@ RSpec.shared_examples 'AtomicInternalId' do |validate_presence: true|
|
|||
end
|
||||
|
||||
def expect_iid_to_be_set_and_rollback
|
||||
ActiveRecord::Base.transaction(requires_new: true) do
|
||||
instance.transaction(requires_new: true) do
|
||||
instance.save!
|
||||
|
||||
expect(read_internal_id).not_to be_nil
|
||||
|
|
Loading…
Reference in New Issue