Add latest changes from gitlab-org/gitlab@master
This commit is contained in:
parent
b509bf0a57
commit
24f32a55ee
27 changed files with 215 additions and 324 deletions
|
@ -1456,6 +1456,24 @@
|
|||
- <<: *if-merge-request
|
||||
changes: *ci-patterns
|
||||
|
||||
.semgrep-appsec-custom-rules:rules:
|
||||
rules:
|
||||
- <<: *if-not-ee
|
||||
when: never
|
||||
- <<: *if-merge-request
|
||||
changes: *code-backstage-qa-patterns
|
||||
|
||||
.ping-appsec-for-sast-findings:rules:
|
||||
rules:
|
||||
# Requiring $CUSTOM_SAST_RULES_BOT_PAT prevents the bot from running on forks or CE
|
||||
# Without it the script would fail too.
|
||||
- if: "$CUSTOM_SAST_RULES_BOT_PAT == null"
|
||||
when: never
|
||||
- <<: *if-not-ee
|
||||
when: never
|
||||
- <<: *if-merge-request
|
||||
changes: *code-backstage-qa-patterns
|
||||
|
||||
#######################
|
||||
# Vendored gems rules #
|
||||
#######################
|
||||
|
|
|
@ -152,3 +152,39 @@ feature-flags-usage:
|
|||
when: always
|
||||
paths:
|
||||
- tmp/feature_flags/
|
||||
|
||||
semgrep-appsec-custom-rules:
|
||||
stage: lint
|
||||
extends:
|
||||
- .semgrep-appsec-custom-rules:rules
|
||||
image: returntocorp/semgrep
|
||||
needs: []
|
||||
script:
|
||||
# Required to avoid a timeout https://github.com/returntocorp/semgrep/issues/5395
|
||||
- git fetch origin master
|
||||
# Include/exclude list isn't ideal https://github.com/returntocorp/semgrep/issues/5399
|
||||
- |
|
||||
semgrep ci --gitlab-sast --metrics off --config $CUSTOM_RULES_URL \
|
||||
--include app --include lib --include workhorse \
|
||||
--exclude '*_test.go' --exclude spec --exclude qa > gl-sast-report.json || true
|
||||
variables:
|
||||
CUSTOM_RULES_URL: https://gitlab.com/gitlab-com/gl-security/appsec/sast-custom-rules/-/raw/main/appsec-pings/rules.yml
|
||||
artifacts:
|
||||
paths:
|
||||
- gl-sast-report.json
|
||||
reports:
|
||||
sast: gl-sast-report.json
|
||||
|
||||
ping-appsec-for-sast-findings:
|
||||
stage: lint
|
||||
image: alpine:latest
|
||||
extends:
|
||||
- .ping-appsec-for-sast-findings:rules
|
||||
variables:
|
||||
# Project Access Token bot ID for /gitlab-com/gl-security/appsec/sast-custom-rules
|
||||
BOT_USER_ID: 11727358
|
||||
needs:
|
||||
- semgrep-appsec-custom-rules
|
||||
script:
|
||||
- apk add jq curl
|
||||
- scripts/process_custom_semgrep_results.sh
|
||||
|
|
|
@ -779,3 +779,6 @@ Migration/BackgroundMigrationBaseClass:
|
|||
|
||||
Style/ClassAndModuleChildren:
|
||||
Enabled: true
|
||||
|
||||
Fips/OpenSSL:
|
||||
Enabled: false
|
||||
|
|
|
@ -1,222 +0,0 @@
|
|||
---
|
||||
# Cop supports --auto-correct.
|
||||
Fips/OpenSSL:
|
||||
Exclude:
|
||||
- 'app/controllers/application_controller.rb'
|
||||
- 'app/controllers/concerns/authenticates_with_two_factor.rb'
|
||||
- 'app/controllers/projects/merge_requests/diffs_controller.rb'
|
||||
- 'app/controllers/projects/merge_requests_controller.rb'
|
||||
- 'app/helpers/application_helper.rb'
|
||||
- 'app/models/ci/artifact_blob.rb'
|
||||
- 'app/models/concerns/analytics/cycle_analytics/stage.rb'
|
||||
- 'app/models/concerns/checksummable.rb'
|
||||
- 'app/models/concerns/token_authenticatable_strategies/encryption_helper.rb'
|
||||
- 'app/models/diff_discussion.rb'
|
||||
- 'app/models/discussion.rb'
|
||||
- 'app/models/legacy_diff_note.rb'
|
||||
- 'app/models/namespace.rb'
|
||||
- 'app/models/note.rb'
|
||||
- 'app/models/performance_monitoring/prometheus_panel.rb'
|
||||
- 'app/models/protected_branch.rb'
|
||||
- 'app/models/release_highlight.rb'
|
||||
- 'app/models/repository.rb'
|
||||
- 'app/models/resource_event.rb'
|
||||
- 'app/models/snippet.rb'
|
||||
- 'app/models/storage/hashed.rb'
|
||||
- 'app/models/token_with_iv.rb'
|
||||
- 'app/presenters/packages/composer/packages_presenter.rb'
|
||||
- 'app/services/ci/build_report_result_service.rb'
|
||||
- 'app/services/metrics/dashboard/transient_embed_service.rb'
|
||||
- 'app/services/packages/debian/generate_distribution_service.rb'
|
||||
- 'app/services/packages/go/create_package_service.rb'
|
||||
- 'app/services/packages/maven/metadata/append_package_file_service.rb'
|
||||
- 'app/services/packages/rubygems/create_gemspec_service.rb'
|
||||
- 'app/services/pages/migrate_legacy_storage_to_deployment_service.rb'
|
||||
- 'app/services/projects/lfs_pointers/lfs_download_service.rb'
|
||||
- 'app/uploaders/ci/secure_file_uploader.rb'
|
||||
- 'config/initializers/doorkeeper_openid_connect.rb'
|
||||
- 'config/initializers/session_store.rb'
|
||||
- 'config/settings.rb'
|
||||
- 'db/post_migrate/20210731132939_backfill_stage_event_hash.rb'
|
||||
- 'ee/app/models/storage_shard.rb'
|
||||
- 'ee/app/services/elastic/bookkeeping_shard_service.rb'
|
||||
- 'ee/app/services/security/track_scan_service.rb'
|
||||
- 'ee/app/services/vulnerabilities/create_service_base.rb'
|
||||
- 'ee/app/services/vulnerabilities/manually_create_service.rb'
|
||||
- 'ee/app/services/vulnerabilities/starboard_vulnerability_create_service.rb'
|
||||
- 'ee/lib/ee/gitlab/background_migration/populate_latest_pipeline_ids.rb'
|
||||
- 'ee/lib/ee/gitlab/background_migration/populate_resolved_on_default_branch_column.rb'
|
||||
- 'ee/lib/ee/gitlab/background_migration/recalculate_vulnerability_finding_signatures_for_findings.rb'
|
||||
- 'ee/lib/gitlab/analytics/cycle_analytics/stage_events/label_based_stage_event.rb'
|
||||
- 'ee/lib/gitlab/ci/reports/dependency_list/dependency.rb'
|
||||
- 'ee/lib/gitlab/ci/reports/security/remediation.rb'
|
||||
- 'ee/lib/gitlab/geo/replication/blob_downloader.rb'
|
||||
- 'ee/spec/factories/vulnerabilities/feedback.rb'
|
||||
- 'ee/spec/factories/vulnerabilities/finding_signatures.rb'
|
||||
- 'ee/spec/factories/vulnerabilities/remediations.rb'
|
||||
- 'ee/spec/finders/security/pipeline_vulnerabilities_finder_spec.rb'
|
||||
- 'ee/spec/lib/ee/gitlab/alert_management/payload/generic_spec.rb'
|
||||
- 'ee/spec/lib/ee/gitlab/background_migration/populate_uuids_for_security_findings_spec.rb'
|
||||
- 'ee/spec/lib/ee/gitlab/background_migration/recalculate_vulnerability_finding_signatures_for_findings_spec.rb'
|
||||
- 'ee/spec/lib/ee/gitlab/background_migration/update_vulnerability_occurrences_location_spec.rb'
|
||||
- 'ee/spec/lib/gitlab/analytics/cycle_analytics/stage_events/issue_label_added_spec.rb'
|
||||
- 'ee/spec/lib/gitlab/analytics/cycle_analytics/stage_events/issue_label_removed_spec.rb'
|
||||
- 'ee/spec/lib/gitlab/analytics/cycle_analytics/stage_events/merge_request_label_added_spec.rb'
|
||||
- 'ee/spec/lib/gitlab/analytics/cycle_analytics/stage_events/merge_request_label_removed_spec.rb'
|
||||
- 'ee/spec/lib/gitlab/ci/reports/security/locations/cluster_image_scanning_spec.rb'
|
||||
- 'ee/spec/lib/gitlab/ci/reports/security/locations/container_scanning_spec.rb'
|
||||
- 'ee/spec/lib/gitlab/ci/reports/security/locations/dast_spec.rb'
|
||||
- 'ee/spec/lib/gitlab/ci/reports/security/locations/dependency_scanning_spec.rb'
|
||||
- 'ee/spec/migrations/update_vulnerability_occurrences_location_spec.rb'
|
||||
- 'ee/spec/models/merge_train_spec.rb'
|
||||
- 'ee/spec/models/resource_weight_event_spec.rb'
|
||||
- 'ee/spec/models/vulnerabilities/finding_signature_spec.rb'
|
||||
- 'ee/spec/models/vulnerabilities/finding_spec.rb'
|
||||
- 'ee/spec/services/alert_management/process_prometheus_alert_service_spec.rb'
|
||||
- 'ee/spec/services/merge_trains/check_status_service_spec.rb'
|
||||
- 'ee/spec/services/projects/alerting/notify_service_spec.rb'
|
||||
- 'ee/spec/services/security/ingestion/tasks/ingest_identifiers_spec.rb'
|
||||
- 'ee/spec/services/security/ingestion/tasks/ingest_remediations_spec.rb'
|
||||
- 'ee/spec/services/security/override_uuids_service_spec.rb'
|
||||
- 'ee/spec/services/security/track_scan_service_spec.rb'
|
||||
- 'ee/spec/services/vulnerabilities/manually_create_service_spec.rb'
|
||||
- 'ee/spec/support/matchers/locked_schema.rb'
|
||||
- 'lib/api/files.rb'
|
||||
- 'lib/api/maven_packages.rb'
|
||||
- 'lib/atlassian/jira_connect/serializers/branch_entity.rb'
|
||||
- 'lib/container_registry/client.rb'
|
||||
- 'lib/extracts_path.rb'
|
||||
- 'lib/gitlab/alert_management/fingerprint.rb'
|
||||
- 'lib/gitlab/analytics/cycle_analytics/stage_events/stage_event.rb'
|
||||
- 'lib/gitlab/background_migration/backfill_note_discussion_id.rb'
|
||||
- 'lib/gitlab/background_migration/backfill_project_repositories.rb'
|
||||
- 'lib/gitlab/ci/pipeline/seed/build/cache.rb'
|
||||
- 'lib/gitlab/ci/reports/security/finding.rb'
|
||||
- 'lib/gitlab/ci/reports/security/finding_signature.rb'
|
||||
- 'lib/gitlab/ci/reports/security/identifier.rb'
|
||||
- 'lib/gitlab/ci/reports/security/locations/base.rb'
|
||||
- 'lib/gitlab/ci/reports/test_case.rb'
|
||||
- 'lib/gitlab/color.rb'
|
||||
- 'lib/gitlab/composer/version_index.rb'
|
||||
- 'lib/gitlab/crypto_helper.rb'
|
||||
- 'lib/gitlab/database/migration_helpers.rb'
|
||||
- 'lib/gitlab/database/migration_helpers/v2.rb'
|
||||
- 'lib/gitlab/database/partitioning_migration_helpers/foreign_key_helpers.rb'
|
||||
- 'lib/gitlab/database/schema_helpers.rb'
|
||||
- 'lib/gitlab/database/schema_migrations/migrations.rb'
|
||||
- 'lib/gitlab/database/unidirectional_copy_trigger.rb'
|
||||
- 'lib/gitlab/diff/file.rb'
|
||||
- 'lib/gitlab/diff/formatters/base_formatter.rb'
|
||||
- 'lib/gitlab/diff/position.rb'
|
||||
- 'lib/gitlab/experimentation/controller_concern.rb'
|
||||
- 'lib/gitlab/git.rb'
|
||||
- 'lib/gitlab/git/branch.rb'
|
||||
- 'lib/gitlab/git/lfs_pointer_file.rb'
|
||||
- 'lib/gitlab/git/tag.rb'
|
||||
- 'lib/gitlab/hashed_path.rb'
|
||||
- 'lib/gitlab/insecure_key_fingerprint.rb'
|
||||
- 'lib/gitlab/sidekiq_middleware/duplicate_jobs/duplicate_job.rb'
|
||||
- 'lib/gitlab/slug/environment.rb'
|
||||
- 'lib/gitlab/verify/job_artifacts.rb'
|
||||
- 'lib/json_web_token/rsa_token.rb'
|
||||
- 'lib/tasks/gitlab/assets.rake'
|
||||
- 'lib/tasks/tanuki_emoji.rake'
|
||||
- 'qa/qa/service/praefect_manager.rb'
|
||||
- 'qa/qa/specs/features/browser_ui/6_release/deploy_key/clone_using_deploy_key_spec.rb'
|
||||
- 'qa/qa/specs/features/ee/browser_ui/1_manage/group/group_saml_non_enforced_sso_spec.rb'
|
||||
- 'scripts/security-harness'
|
||||
- 'spec/components/diffs/stats_component_spec.rb'
|
||||
- 'spec/controllers/projects/blob_controller_spec.rb'
|
||||
- 'spec/factories/ci/job_artifacts.rb'
|
||||
- 'spec/factories/ci/reports/security/finding_keys.rb'
|
||||
- 'spec/factories/ci/unit_test.rb'
|
||||
- 'spec/factories/commit_signature/gpg_signature.rb'
|
||||
- 'spec/factories/commit_signature/ssh_signature.rb'
|
||||
- 'spec/factories/commit_signature/x509_commit_signature.rb'
|
||||
- 'spec/factories/design_management/designs.rb'
|
||||
- 'spec/factories/diff_position.rb'
|
||||
- 'spec/factories/gitaly/commit.rb'
|
||||
- 'spec/factories/merge_request_context_commit.rb'
|
||||
- 'spec/factories/merge_request_context_commit_diff_file.rb'
|
||||
- 'spec/factories/merge_request_diff_commits.rb'
|
||||
- 'spec/factories/merge_request_diffs.rb'
|
||||
- 'spec/factories/pages_deployments.rb'
|
||||
- 'spec/factories/sequences.rb'
|
||||
- 'spec/factories/token_with_ivs.rb'
|
||||
- 'spec/features/file_uploads/git_lfs_spec.rb'
|
||||
- 'spec/features/merge_request/user_sees_diff_spec.rb'
|
||||
- 'spec/features/merge_request/user_suggests_changes_on_diff_spec.rb'
|
||||
- 'spec/finders/merge_requests/oldest_per_commit_finder_spec.rb'
|
||||
- 'spec/lib/gitlab/alert_management/fingerprint_spec.rb'
|
||||
- 'spec/lib/gitlab/alert_management/payload/base_spec.rb'
|
||||
- 'spec/lib/gitlab/alert_management/payload/generic_spec.rb'
|
||||
- 'spec/lib/gitlab/alert_management/payload/prometheus_spec.rb'
|
||||
- 'spec/lib/gitlab/background_migration/backfill_note_discussion_id_spec.rb'
|
||||
- 'spec/lib/gitlab/background_migration/populate_vulnerability_reads_spec.rb'
|
||||
- 'spec/lib/gitlab/ci/reports/security/finding_signature_spec.rb'
|
||||
- 'spec/lib/gitlab/ci/reports/security/locations/sast_spec.rb'
|
||||
- 'spec/lib/gitlab/ci/reports/security/locations/secret_detection_spec.rb'
|
||||
- 'spec/lib/gitlab/ci/reports/test_case_spec.rb'
|
||||
- 'spec/lib/gitlab/crypto_helper_spec.rb'
|
||||
- 'spec/lib/gitlab/database/migration_helpers_spec.rb'
|
||||
- 'spec/lib/gitlab/database/schema_migrations/migrations_spec.rb'
|
||||
- 'spec/lib/gitlab/diff/file_spec.rb'
|
||||
- 'spec/lib/gitlab/diff/position_spec.rb'
|
||||
- 'spec/lib/gitlab/diff/position_tracer/image_strategy_spec.rb'
|
||||
- 'spec/lib/gitlab/diff/position_tracer/line_strategy_spec.rb'
|
||||
- 'spec/lib/gitlab/experimentation/controller_concern_spec.rb'
|
||||
- 'spec/lib/gitlab/git/branch_spec.rb'
|
||||
- 'spec/lib/gitlab/git/tag_spec.rb'
|
||||
- 'spec/lib/gitlab/sidekiq_middleware/duplicate_jobs/duplicate_job_spec.rb'
|
||||
- 'spec/lib/gitlab/slug/environment_spec.rb'
|
||||
- 'spec/migrations/20220107064845_populate_vulnerability_reads_spec.rb'
|
||||
- 'spec/migrations/20220524074947_finalize_backfill_null_note_discussion_ids_spec.rb'
|
||||
- 'spec/migrations/delete_security_findings_without_uuid_spec.rb'
|
||||
- 'spec/migrations/schedule_recalculate_vulnerability_finding_signatures_for_findings_spec.rb'
|
||||
- 'spec/models/ci/artifact_blob_spec.rb'
|
||||
- 'spec/models/ci/job_artifact_spec.rb'
|
||||
- 'spec/models/ci/pipeline_spec.rb'
|
||||
- 'spec/models/ci/secure_file_spec.rb'
|
||||
- 'spec/models/ci/unit_test_spec.rb'
|
||||
- 'spec/models/concerns/checksummable_spec.rb'
|
||||
- 'spec/models/concerns/token_authenticatable_strategies/encryption_helper_spec.rb'
|
||||
- 'spec/models/design_management/version_spec.rb'
|
||||
- 'spec/models/diff_discussion_spec.rb'
|
||||
- 'spec/models/discussion_spec.rb'
|
||||
- 'spec/models/lfs_object_spec.rb'
|
||||
- 'spec/models/merge_request_diff_spec.rb'
|
||||
- 'spec/models/merge_request_spec.rb'
|
||||
- 'spec/models/note_spec.rb'
|
||||
- 'spec/models/pages_deployment_spec.rb'
|
||||
- 'spec/models/performance_monitoring/prometheus_panel_spec.rb'
|
||||
- 'spec/models/project_spec.rb'
|
||||
- 'spec/models/release_highlight_spec.rb'
|
||||
- 'spec/models/repository_spec.rb'
|
||||
- 'spec/models/token_with_iv_spec.rb'
|
||||
- 'spec/models/upload_spec.rb'
|
||||
- 'spec/requests/api/ci/runner/jobs_artifacts_spec.rb'
|
||||
- 'spec/requests/api/ci/secure_files_spec.rb'
|
||||
- 'spec/requests/openid_connect_spec.rb'
|
||||
- 'spec/services/dependency_proxy/find_cached_manifest_service_spec.rb'
|
||||
- 'spec/services/dependency_proxy/head_manifest_service_spec.rb'
|
||||
- 'spec/services/dependency_proxy/request_token_service_spec.rb'
|
||||
- 'spec/services/import_export_clean_up_service_spec.rb'
|
||||
- 'spec/services/pages/migrate_legacy_storage_to_deployment_service_spec.rb'
|
||||
- 'spec/services/projects/after_rename_service_spec.rb'
|
||||
- 'spec/services/projects/create_service_spec.rb'
|
||||
- 'spec/services/projects/lfs_pointers/lfs_download_service_spec.rb'
|
||||
- 'spec/support/helpers/workhorse_helpers.rb'
|
||||
- 'spec/support/migrations_helpers/vulnerabilities_findings_helper.rb'
|
||||
- 'spec/support/shared_examples/lib/gitlab/ci/ci_trace_shared_examples.rb'
|
||||
- 'spec/support/shared_examples/lib/gitlab/cycle_analytics/event_shared_examples.rb'
|
||||
- 'spec/support/shared_examples/lib/gitlab/position_formatters_shared_examples.rb'
|
||||
- 'spec/support/shared_examples/services/alert_management/alert_processing/alert_firing_shared_examples.rb'
|
||||
- 'spec/support/shared_examples/services/alert_management/alert_processing/alert_recovery_shared_examples.rb'
|
||||
- 'spec/support/shared_examples/services/metrics/dashboard_shared_examples.rb'
|
||||
- 'spec/support/shared_examples/services/packages/debian/generate_distribution_shared_examples.rb'
|
||||
- 'spec/support/shared_examples/uploaders/object_storage_shared_examples.rb'
|
||||
- 'spec/support/trace/trace_helpers.rb'
|
||||
- 'spec/uploaders/ci/secure_file_uploader_spec.rb'
|
||||
- 'spec/uploaders/job_artifact_uploader_spec.rb'
|
||||
- 'spec/validators/sha_validator_spec.rb'
|
||||
- 'spec/workers/update_head_pipeline_for_merge_request_worker_spec.rb'
|
|
@ -1 +1 @@
|
|||
5caf724a8305ea04370dc49f0d9a7d5f3bc8dd4a
|
||||
2b069d8536df98547acba92719b7554d1c7f2262
|
||||
|
|
2
Gemfile
2
Gemfile
|
@ -407,7 +407,7 @@ group :development, :test do
|
|||
end
|
||||
|
||||
group :development, :test, :danger do
|
||||
gem 'gitlab-dangerfiles', '~> 3.4.0', require: false
|
||||
gem 'gitlab-dangerfiles', '~> 3.3.0', require: false
|
||||
end
|
||||
|
||||
group :development, :test, :coverage do
|
||||
|
|
|
@ -475,7 +475,7 @@ GEM
|
|||
terminal-table (~> 1.5, >= 1.5.1)
|
||||
gitlab-chronic (0.10.5)
|
||||
numerizer (~> 0.2)
|
||||
gitlab-dangerfiles (3.4.0)
|
||||
gitlab-dangerfiles (3.3.0)
|
||||
danger (>= 8.4.5)
|
||||
danger-gitlab (>= 8.0.0)
|
||||
rake
|
||||
|
@ -1534,7 +1534,7 @@ DEPENDENCIES
|
|||
gitaly (~> 15.1.0.pre.rc1)
|
||||
github-markup (~> 1.7.0)
|
||||
gitlab-chronic (~> 0.10.5)
|
||||
gitlab-dangerfiles (~> 3.4.0)
|
||||
gitlab-dangerfiles (~> 3.3.0)
|
||||
gitlab-experiment (~> 0.7.1)
|
||||
gitlab-fog-azure-rm (~> 1.3.0)
|
||||
gitlab-labkit (~> 0.23.0)
|
||||
|
|
|
@ -134,7 +134,9 @@ export default {
|
|||
class="avatar-cell d-none d-sm-block"
|
||||
/>
|
||||
</div>
|
||||
<div class="commit-detail flex-list">
|
||||
<div
|
||||
class="commit-detail flex-list gl-display-flex gl-justify-content-space-between gl-align-items-flex-start gl-flex-grow-1 gl-min-w-0"
|
||||
>
|
||||
<div class="commit-content" data-qa-selector="commit_content">
|
||||
<a
|
||||
v-safe-html:[$options.safeHtmlConfig]="commit.title_html"
|
||||
|
|
|
@ -131,7 +131,9 @@ export default {
|
|||
:css-classes="'gl-mr-0!' /* NOTE: this is needed only while we migrate user-avatar-image to GlAvatar (7731 epics) */"
|
||||
:size="32"
|
||||
/>
|
||||
<div class="commit-detail flex-list">
|
||||
<div
|
||||
class="commit-detail flex-list gl-display-flex gl-justify-content-space-between gl-align-items-flex-start gl-flex-grow-1 gl-min-w-0"
|
||||
>
|
||||
<div class="commit-content qa-commit-content">
|
||||
<gl-link
|
||||
v-safe-html:[$options.safeHtmlConfig]="commit.titleHtml"
|
||||
|
|
|
@ -1,9 +1,3 @@
|
|||
.content-list > .branch-item,
|
||||
.branch-title {
|
||||
display: flex;
|
||||
align-items: center;
|
||||
}
|
||||
|
||||
.branch-info {
|
||||
flex: auto;
|
||||
min-width: 0;
|
||||
|
|
|
@ -133,18 +133,6 @@
|
|||
}
|
||||
}
|
||||
|
||||
.commit-detail {
|
||||
display: flex;
|
||||
justify-content: space-between;
|
||||
align-items: start;
|
||||
flex-grow: 1;
|
||||
min-width: 0;
|
||||
|
||||
.project-namespace {
|
||||
color: $gl-text-color-tertiary;
|
||||
}
|
||||
}
|
||||
|
||||
.commit-content {
|
||||
padding-right: 10px;
|
||||
white-space: normal;
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
- merged = local_assigns.fetch(:merged, false)
|
||||
- commit = @repository.commit(branch.dereferenced_target)
|
||||
- merge_project = merge_request_source_project_for_project(@project)
|
||||
%li{ class: "branch-item js-branch-item js-branch-#{branch.name}", data: { name: branch.name } }
|
||||
%li{ class: "branch-item gl-display-flex! gl-align-items-center! js-branch-item js-branch-#{branch.name}", data: { name: branch.name } }
|
||||
.branch-info
|
||||
.branch-title
|
||||
.gl-display-flex.gl-align-items-center
|
||||
= sprite_icon('branch', size: 12, css_class: 'gl-flex-shrink-0')
|
||||
= link_to project_tree_path(@project, branch.name), class: 'item-title str-truncated-100 ref-name gl-ml-3 qa-branch-name' do
|
||||
= branch.name
|
||||
|
|
|
@ -24,7 +24,7 @@
|
|||
.avatar-cell.d-none.d-sm-block
|
||||
= author_avatar(commit, size: 40, has_tooltip: false)
|
||||
|
||||
.commit-detail.flex-list
|
||||
.commit-detail.flex-list.gl-display-flex.gl-justify-content-space-between.gl-align-items-flex-start.gl-flex-grow-1.gl-min-w-0
|
||||
.commit-content{ data: { qa_selector: 'commit_content' } }
|
||||
- if view_details && merge_request
|
||||
= link_to commit.title, project_commit_path(project, commit.id, merge_request_iid: merge_request.iid), class: ["commit-row-message item-title js-onboarding-commit-item", ("font-italic" if commit.message.empty?)]
|
||||
|
|
|
@ -21,10 +21,10 @@
|
|||
= _('You can get started by cloning the repository or start adding files to it with one of the following options.')
|
||||
|
||||
.project-buttons.qa-quick-actions
|
||||
.project-clone-holder.d-block.d-md-none.mt-2.mr-2
|
||||
.project-clone-holder.d-block.d-md-none.gl-mt-3.gl-mr-3
|
||||
= render "shared/mobile_clone_panel"
|
||||
|
||||
.project-clone-holder.d-none.d-md-inline-block.mb-2.mr-2.float-left
|
||||
.project-clone-holder.d-none.d-md-inline-block.gl-mb-3.gl-mr-3.float-left
|
||||
= render "projects/buttons/clone"
|
||||
= render 'stat_anchor_list', anchors: @project.empty_repo_statistics_buttons, project_buttons: true
|
||||
|
||||
|
|
|
@ -5,10 +5,6 @@ module Projects
|
|||
include ApplicationWorker
|
||||
include LimitedCapacity::Worker
|
||||
|
||||
MAX_RUNNING_LOW = 2
|
||||
MAX_RUNNING_MEDIUM = 20
|
||||
MAX_RUNNING_HIGH = 50
|
||||
|
||||
data_consistency :always
|
||||
|
||||
feature_category :build_artifacts
|
||||
|
@ -37,12 +33,8 @@ module Projects
|
|||
end
|
||||
|
||||
def max_running_jobs
|
||||
if ::Feature.enabled?(:projects_build_artifacts_size_refresh_high)
|
||||
MAX_RUNNING_HIGH
|
||||
elsif ::Feature.enabled?(:projects_build_artifacts_size_refresh_medium)
|
||||
MAX_RUNNING_MEDIUM
|
||||
elsif ::Feature.enabled?(:projects_build_artifacts_size_refresh_low)
|
||||
MAX_RUNNING_LOW
|
||||
if ::Feature.enabled?(:projects_build_artifacts_size_refresh, type: :ops)
|
||||
10
|
||||
else
|
||||
0
|
||||
end
|
||||
|
|
|
@ -5,4 +5,4 @@ rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/363623
|
|||
milestone: '15.1'
|
||||
type: development
|
||||
group: group::workspace
|
||||
default_enabled: false
|
||||
default_enabled: true
|
||||
|
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
name: projects_build_artifacts_size_refresh_high
|
||||
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/81306
|
||||
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/356018
|
||||
milestone: '14.9'
|
||||
type: development
|
||||
group: group::pipeline insights
|
||||
default_enabled: false
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
name: projects_build_artifacts_size_refresh_low
|
||||
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/81306
|
||||
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/356018
|
||||
milestone: '14.9'
|
||||
type: development
|
||||
group: group::pipeline insights
|
||||
default_enabled: false
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
name: projects_build_artifacts_size_refresh_medium
|
||||
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/81306
|
||||
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/356018
|
||||
milestone: '14.9'
|
||||
type: development
|
||||
group: group::pipeline insights
|
||||
default_enabled: false
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
name: projects_build_artifacts_size_refresh
|
||||
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/84701
|
||||
rollout_issue_url:
|
||||
milestone: '15.1'
|
||||
type: ops
|
||||
group: group::pipeline insights
|
||||
default_enabled: true
|
|
@ -111,10 +111,6 @@ if changes.any?
|
|||
markdown_row_for_spin(spin.category, spin)
|
||||
end
|
||||
|
||||
roulette.required_approvals.each do |approval|
|
||||
rows << markdown_row_for_spin(approval.category, approval.spin)
|
||||
end
|
||||
|
||||
markdown(REVIEW_ROULETTE_SECTION)
|
||||
|
||||
if rows.empty?
|
||||
|
|
|
@ -175,15 +175,7 @@ at GitLab so far:
|
|||
- Database review
|
||||
- Documentation review
|
||||
- Merge request metrics
|
||||
- Reviewer roulette. Reviewers and maintainers are chosen based on:
|
||||
- Their roles (backend, frontend, database, etc).
|
||||
- Their availability:
|
||||
- No "OOO"/"PTO"/"Parental Leave" in their GitLab or Slack status.
|
||||
- No `:red_circle:`/`:palm_tree:`/`:beach:`/`:beach_umbrella:`/`:beach_with_umbrella:` emojis in GitLab or Slack status.
|
||||
- (Experimental) Their time zone: people for which the local hour is between
|
||||
6 AM and 2 PM are eligible to be picked. This is to ensure they have a good
|
||||
chance to get to perform a review during their current work day. The experimentation is tracked in
|
||||
[this issue](https://gitlab.com/gitlab-org/quality/team-tasks/-/issues/563)
|
||||
- [Reviewer roulette](code_review.md#reviewer-roulette)
|
||||
- Single codebase effort
|
||||
|
||||
## Limitations
|
||||
|
|
|
@ -367,5 +367,68 @@ namespace :gitlab do
|
|||
Rake::Task['gitlab:db:execute_batched_migrations'].invoke
|
||||
end
|
||||
end
|
||||
|
||||
namespace :dictionary do
|
||||
DB_DOCS_PATH = File.join(Rails.root, 'db', 'docs')
|
||||
|
||||
desc 'Generate database docs yaml'
|
||||
task generate: :environment do
|
||||
FileUtils.mkdir_p(DB_DOCS_PATH) unless Dir.exist?(DB_DOCS_PATH)
|
||||
|
||||
Rails.application.eager_load!
|
||||
|
||||
tables = Gitlab::Database.database_base_models.flat_map { |_, m| m.connection.tables }
|
||||
classes = tables.to_h { |t| [t, []] }
|
||||
|
||||
Gitlab::Database.database_base_models.each do |_, model_class|
|
||||
model_class
|
||||
.descendants
|
||||
.reject(&:abstract_class)
|
||||
.reject { |c| c.name =~ /^(?:EE::)?Gitlab::(?:BackgroundMigration|DatabaseImporters)::/ }
|
||||
.reject { |c| c.name =~ /^HABTM_/ }
|
||||
.each { |c| classes[c.table_name] << c.name if classes.has_key?(c.table_name) }
|
||||
end
|
||||
|
||||
version = Gem::Version.new(File.read('VERSION'))
|
||||
milestone = version.release.segments[0..1].join('.')
|
||||
|
||||
tables.each do |table_name|
|
||||
file = File.join(DB_DOCS_PATH, "#{table_name}.yml")
|
||||
|
||||
table_metadata = {
|
||||
'table_name' => table_name,
|
||||
'classes' => classes[table_name]&.sort&.uniq,
|
||||
'feature_categories' => [],
|
||||
'description' => nil,
|
||||
'introduced_by_url' => nil,
|
||||
'milestone' => milestone
|
||||
}
|
||||
|
||||
if File.exist?(file)
|
||||
outdated = false
|
||||
|
||||
existing_metadata = YAML.safe_load(File.read(file))
|
||||
|
||||
if existing_metadata['table_name'] != table_metadata['table_name']
|
||||
existing_metadata['table_name'] = table_metadata['table_name']
|
||||
outdated = true
|
||||
end
|
||||
|
||||
if existing_metadata['classes'].difference(table_metadata['classes']).any?
|
||||
existing_metadata['classes'] = table_metadata['classes']
|
||||
outdated = true
|
||||
end
|
||||
|
||||
File.write(file, existing_metadata.to_yaml) if outdated
|
||||
else
|
||||
File.write(file, table_metadata.to_yaml)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
Rake::Task['db:migrate'].enhance do
|
||||
Rake::Task['gitlab:db:dictionary:generate'].invoke if Rails.env.development?
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -34110,6 +34110,9 @@ msgstr ""
|
|||
msgid "SecurityOrchestration|Enforce security for this project. %{linkStart}More information.%{linkEnd}"
|
||||
msgstr ""
|
||||
|
||||
msgid "SecurityOrchestration|Failed to load cluster agents."
|
||||
msgstr ""
|
||||
|
||||
msgid "SecurityOrchestration|If any scanner finds a newly detected critical vulnerability in an open merge request targeting the master branch, then require two approvals from any member of App security."
|
||||
msgstr ""
|
||||
|
||||
|
@ -34401,6 +34404,9 @@ msgstr ""
|
|||
msgid "SecurityReports|Check the messages generated while parsing the following security reports, as they may prevent the results from being ingested by GitLab. Ensure the security report conforms to a supported %{helpPageLinkStart}JSON schema%{helpPageLinkEnd}."
|
||||
msgstr ""
|
||||
|
||||
msgid "SecurityReports|Cluster"
|
||||
msgstr ""
|
||||
|
||||
msgid "SecurityReports|Comment added to '%{vulnerabilityName}'"
|
||||
msgstr ""
|
||||
|
||||
|
@ -44751,6 +44757,9 @@ msgstr ""
|
|||
msgid "ciReport|API fuzzing"
|
||||
msgstr ""
|
||||
|
||||
msgid "ciReport|All clusters"
|
||||
msgstr ""
|
||||
|
||||
msgid "ciReport|All projects"
|
||||
msgstr ""
|
||||
|
||||
|
|
55
scripts/process_custom_semgrep_results.sh
Executable file
55
scripts/process_custom_semgrep_results.sh
Executable file
|
@ -0,0 +1,55 @@
|
|||
# This script requires BOT_USER_ID, CUSTOM_SAST_RULES_BOT_PAT and CI_MERGE_REQUEST_IID variables to be set
|
||||
|
||||
echo "Processing vuln report"
|
||||
|
||||
# Preparing the message for the comment that will be posted by the bot
|
||||
# Empty string if there are no findings
|
||||
jq -crM '.vulnerabilities |
|
||||
map( select( .identifiers[0].name | test( "glappsec_" ) ) |
|
||||
"- `" + .location.file + "` line " + ( .location.start_line | tostring ) +
|
||||
(
|
||||
if .location.start_line = .location.end_line then ""
|
||||
else ( " to " + ( .location.end_line | tostring ) ) end
|
||||
) + ": " + .message
|
||||
) |
|
||||
sort |
|
||||
if length > 0 then
|
||||
{ body: ("The findings below have been detected based on the [AppSec custom Semgrep rules](https://gitlab.com/gitlab-com/gl-security/appsec/sast-custom-rules/) and need attention:\n\n" + join("\n") + "\n\n/cc @gitlab-com/gl-security/appsec") }
|
||||
else
|
||||
empty
|
||||
end' gl-sast-report.json >findings.txt
|
||||
|
||||
echo "Resulting file:"
|
||||
cat findings.txt
|
||||
|
||||
EXISTING_COMMENT_ID=$(curl "https://gitlab.com/api/v4/projects/$CI_PROJECT_ID/merge_requests/$CI_MERGE_REQUEST_IID/notes" \
|
||||
--header "Private-Token: $CUSTOM_SAST_RULES_BOT_PAT" |
|
||||
jq -crM 'map( select( .author.id == (env.BOT_USER_ID | tonumber) ) | .id ) | first')
|
||||
|
||||
echo "EXISTING_COMMENT_ID: $EXISTING_COMMENT_ID"
|
||||
|
||||
if [ "$EXISTING_COMMENT_ID" == "null" ]; then
|
||||
if [ -s findings.txt ]; then
|
||||
echo "No existing comment and there are findings: a new comment will be posted"
|
||||
curl "https://gitlab.com/api/v4/projects/$CI_PROJECT_ID/merge_requests/$CI_MERGE_REQUEST_IID/notes" \
|
||||
--header "Private-Token: $CUSTOM_SAST_RULES_BOT_PAT" \
|
||||
--header 'Content-Type: application/json' \
|
||||
--data '@findings.txt'
|
||||
else
|
||||
echo "No existing comment and no findings: nothing to do"
|
||||
fi
|
||||
else
|
||||
if [ -s findings.txt ]; then
|
||||
echo "There is an existing comment and there are findings: the existing comment will be updated"
|
||||
curl --request PUT "https://gitlab.com/api/v4/projects/$CI_PROJECT_ID/merge_requests/$CI_MERGE_REQUEST_IID/notes/$EXISTING_COMMENT_ID" \
|
||||
--header "Private-Token: $CUSTOM_SAST_RULES_BOT_PAT" \
|
||||
--header 'Content-Type: application/json' \
|
||||
--data '@findings.txt'
|
||||
else
|
||||
echo "There is an existing comment but no findings: the existing comment will be updated to mention everything is resolved"
|
||||
curl --request PUT "https://gitlab.com/api/v4/projects/$CI_PROJECT_ID/merge_requests/$CI_MERGE_REQUEST_IID/notes/$EXISTING_COMMENT_ID" \
|
||||
--header "Private-Token: $CUSTOM_SAST_RULES_BOT_PAT" \
|
||||
--header 'Content-Type: application/json' \
|
||||
--data '{"body":"All findings based on the [AppSec custom Semgrep rules](https://gitlab.com/gitlab-com/gl-security/appsec/sast-custom-rules/) have been resolved! :tada:"}'
|
||||
fi
|
||||
fi
|
|
@ -17,7 +17,7 @@ exports[`Repository last commit component renders commit widget 1`] = `
|
|||
/>
|
||||
|
||||
<div
|
||||
class="commit-detail flex-list"
|
||||
class="commit-detail flex-list gl-display-flex gl-justify-content-space-between gl-align-items-flex-start gl-flex-grow-1 gl-min-w-0"
|
||||
>
|
||||
<div
|
||||
class="commit-content qa-commit-content"
|
||||
|
|
|
@ -62,32 +62,11 @@ RSpec.describe Projects::RefreshBuildArtifactsSizeStatisticsWorker do
|
|||
describe '#max_running_jobs' do
|
||||
subject { worker.max_running_jobs }
|
||||
|
||||
context 'when all projects_build_artifacts_size_refresh flags are enabled' do
|
||||
it { is_expected.to eq(described_class::MAX_RUNNING_HIGH) }
|
||||
end
|
||||
it { is_expected.to eq(10) }
|
||||
|
||||
context 'when projects_build_artifacts_size_refresh_high flags is disabled' do
|
||||
context 'when projects_build_artifacts_size_refresh flag is disabled' do
|
||||
before do
|
||||
stub_feature_flags(projects_build_artifacts_size_refresh_high: false)
|
||||
end
|
||||
|
||||
it { is_expected.to eq(described_class::MAX_RUNNING_MEDIUM) }
|
||||
end
|
||||
|
||||
context 'when projects_build_artifacts_size_refresh_high and projects_build_artifacts_size_refresh_medium flags are disabled' do
|
||||
before do
|
||||
stub_feature_flags(projects_build_artifacts_size_refresh_high: false)
|
||||
stub_feature_flags(projects_build_artifacts_size_refresh_medium: false)
|
||||
end
|
||||
|
||||
it { is_expected.to eq(described_class::MAX_RUNNING_LOW) }
|
||||
end
|
||||
|
||||
context 'when all projects_build_artifacts_size_refresh flags are disabled' do
|
||||
before do
|
||||
stub_feature_flags(projects_build_artifacts_size_refresh_low: false)
|
||||
stub_feature_flags(projects_build_artifacts_size_refresh_medium: false)
|
||||
stub_feature_flags(projects_build_artifacts_size_refresh_high: false)
|
||||
stub_feature_flags(projects_build_artifacts_size_refresh: false)
|
||||
end
|
||||
|
||||
it { is_expected.to eq(0) }
|
||||
|
|
Loading…
Reference in a new issue