Add latest changes from gitlab-org/gitlab@master

2021-07-02 21:07:51 +00:00 · 2021-07-02 21:07:51 +00:00 · 20d532d397
parent 888bb81daa
commit 20d532d397
7 changed files with 76 additions and 20 deletions
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@ -30,7 +30,6 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
  before_action :check_user_can_push_to_source_branch!, only: [:rebase]
  before_action only: [:show] do
    push_frontend_feature_flag(:file_identifier_hash)
-    push_frontend_feature_flag(:approvals_commented_by, @project, default_enabled: true)
    push_frontend_feature_flag(:merge_request_widget_graphql, @project, default_enabled: :yaml)
    push_frontend_feature_flag(:default_merge_ref_for_diffs, @project, default_enabled: :yaml)
    push_frontend_feature_flag(:core_security_mr_widget_counts, @project)
--- a/app/views/admin/projects/show.html.haml
+++ b/app/views/admin/projects/show.html.haml
@ -15,8 +15,11 @@
 - if @project.last_repository_check_failed?
  .row
    .col-md-12
-      .gl-alert.gl-alert-danger.gl-mb-5{ data: { testid: 'last-repository-check-failed-alert' } }
-        = sprite_icon('error', size: 16, css_class: 'gl-icon gl-alert-icon gl-alert-icon-no-title')
+      = render 'shared/global_alert',
+        variant: :danger,
+        alert_class: 'gl-mb-5',
+        alert_data: { testid: 'last-repository-check-failed-alert' },
+        is_container: true do
        .gl-alert-body
          - last_check_message = _("Last repository check (%{last_check_timestamp}) failed. See the 'repocheck.log' file for error messages.")
          - last_check_message = last_check_message % { last_check_timestamp: time_ago_with_tooltip(@project.last_repository_check_at) }
--- a/config/feature_flags/development/approvals_commented_by.yml
+++ b/config/feature_flags/development/approvals_commented_by.yml
@ -1,8 +0,0 @@
---
-name: approvals_commented_by
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/38136
-rollout_issue_url: 
-milestone: '13.3'
-type: development
-group: group::source code
-default_enabled: true
--- a/doc/user/application_security/secret_detection/index.md
+++ b/doc/user/application_security/secret_detection/index.md
@ -350,6 +350,21 @@ Support for custom certificate authorities was introduced in the following versi
 | -------- | ------- |
 | secrets | [v3.0.0](https://gitlab.com/gitlab-org/security-products/analyzers/secrets/-/releases/v3.0.0) |

+To trust a custom Certificate Authority, set the `ADDITIONAL_CA_CERT_BUNDLE` variable to the bundle
+of CA certs that you want to trust in the SAST environment. The `ADDITIONAL_CA_CERT_BUNDLE` value should contain the [text representation of the X.509 PEM public-key certificate](https://tools.ietf.org/html/rfc7468#section-5.1). For example, to configure this value in the `.gitlab-ci.yml` file, use the following:
+
+```yaml
+variables:
+  ADDITIONAL_CA_CERT_BUNDLE: |
+      -----BEGIN CERTIFICATE-----
+      MIIGqTCCBJGgAwIBAgIQI7AVxxVwg2kch4d56XNdDjANBgkqhkiG9w0BAQsFADCB
+      ...
+      jWgmPqF3vUbZE0EyScetPJquRFRKIesyJuBFMAs=
+      -----END CERTIFICATE-----
+```
+
+The `ADDITIONAL_CA_CERT_BUNDLE` value can also be configured as a [custom variable in the UI](../../../ci/variables/index.md#custom-cicd-variables), either as a `file`, which requires the path to the certificate, or as a variable, which requires the text representation of the certificate.
+
 ### Set Secret Detection CI/CD variables to use local Secret Detection analyzer

 Add the following configuration to your `.gitlab-ci.yml` file. You must replace
--- a/lib/api/helpers/caching.rb
+++ b/lib/api/helpers/caching.rb
@ -14,6 +14,12 @@ module API
        race_condition_ttl: 5.seconds
      }.freeze

+      # @return Integer
+      VERSION = 1
+
+      # @return [Array]
+      PAGINATION_HEADERS = %w[X-Per-Page X-Page X-Next-Page X-Prev-Page Link X-Total X-Total-Pages].freeze
+
      # This is functionally equivalent to the standard `#present` used in
      # Grape endpoints, but the JSON for the object, or for each object of
      # a collection, will be cached.
@ -72,15 +78,22 @@ module API
      # @param key [Object] any object that can be converted into a cache key
      # @param expires_in [ActiveSupport::Duration, Integer] an expiry time for the cache entry
      # @return [Gitlab::Json::PrecompiledJson]
-      def cache_action(key, **cache_opts)
-        json = cache.fetch(key, **apply_default_cache_options(cache_opts)) do
+      def cache_action(key, **custom_cache_opts)
+        cache_opts = apply_default_cache_options(custom_cache_opts)
+
+        json, cached_headers = cache.fetch([key, VERSION], **cache_opts) do
          response = yield

-          if response.is_a?(Gitlab::Json::PrecompiledJson)
-            response.to_s
-          else
-            Gitlab::Json.dump(response.as_json)
-          end
+          cached_body = response.is_a?(Gitlab::Json::PrecompiledJson) ? response.to_s : Gitlab::Json.dump(response.as_json)
+          cached_headers = header.slice(*PAGINATION_HEADERS)
+
+          [cached_body, cached_headers]
+        end
+
+        cached_headers.each do |key, value|
+          next if header.key?(key)
+
+          header key, value
        end

        body Gitlab::Json::PrecompiledJson.new(json)
--- a/spec/lib/api/helpers/caching_spec.rb
+++ b/spec/lib/api/helpers/caching_spec.rb
@ -3,7 +3,7 @@
 require "spec_helper"

 RSpec.describe API::Helpers::Caching, :use_clean_rails_redis_caching do
-  subject(:instance) { Class.new.include(described_class).new }
+  subject(:instance) { Class.new.include(described_class, Grape::DSL::Headers).new }

  let_it_be(:project) { create(:project) }
  let_it_be(:user) { create(:user) }
@ -81,7 +81,7 @@ RSpec.describe API::Helpers::Caching, :use_clean_rails_redis_caching do
      expected_kwargs = described_class::DEFAULT_CACHE_OPTIONS.merge(kwargs)

      expect(expensive_thing).to receive(:do_very_expensive_action).once
-      expect(instance.cache).to receive(:fetch).with(cache_key, **expected_kwargs).exactly(5).times.and_call_original
+      expect(instance.cache).to receive(:fetch).with([cache_key, 1], **expected_kwargs).exactly(5).times.and_call_original

      5.times { perform }
    end
@ -95,6 +95,32 @@ RSpec.describe API::Helpers::Caching, :use_clean_rails_redis_caching do

      expect(nested_call.to_s).to eq(subject.to_s)
    end
+
+    context 'Cache for pagination headers' do
+      described_class::PAGINATION_HEADERS.each do |pagination_header|
+        context pagination_header do
+          before do
+            instance.header(pagination_header, 100)
+          end
+
+          it 'stores and recovers pagination headers from cache' do
+            expect { perform }.not_to change { instance.header[pagination_header] }
+
+            instance.header.delete(pagination_header)
+
+            expect { perform }.to change { instance.header[pagination_header] }.from(nil).to(100)
+          end
+
+          it 'prefers headers from request than from cache' do
+            expect { perform }.not_to change { instance.header[pagination_header] }
+
+            instance.header(pagination_header, 50)
+
+            expect { perform }.not_to change { instance.header[pagination_header] }.from(50)
+          end
+        end
+      end
+    end
  end

  describe "#cache_action_if" do
--- a/spec/requests/api/branches_spec.rb
+++ b/spec/requests/api/branches_spec.rb
@ -75,6 +75,14 @@ RSpec.describe API::Branches do

            check_merge_status(json_response)
          end
+
+          it 'recovers pagination headers from cache between consecutive requests' do
+            2.times do
+              get api(route, current_user), params: base_params
+
+              expect(response.headers).to include('X-Page')
+            end
+          end
        end

        context 'with gitaly pagination params' do