Add latest changes from gitlab-org/gitlab@master
This commit is contained in:
parent
fbab5fcae1
commit
29dd7eefc9
|
@ -5,7 +5,7 @@ module MergeRequests
|
|||
def execute
|
||||
# If performing a squash would result in no change, then
|
||||
# immediately return a success message without performing a squash
|
||||
if merge_request.commits_count == 1 && message == merge_request.first_commit.safe_message
|
||||
if merge_request.commits_count == 1 && message&.strip == merge_request.first_commit.safe_message&.strip
|
||||
return success(squash_sha: merge_request.diff_head_sha)
|
||||
end
|
||||
|
||||
|
|
|
@ -25,7 +25,8 @@ For a video introduction to Geo, see [Introduction to GitLab Geo - GitLab Featur
|
|||
|
||||
To make sure you're using the right version of the documentation, navigate to [the Geo page on GitLab.com](https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/administration/geo/index.md) and choose the appropriate release from the **Switch branch/tag** dropdown. For example, [`v13.7.6-ee`](https://gitlab.com/gitlab-org/gitlab/-/blob/v13.7.6-ee/doc/administration/geo/index.md).
|
||||
|
||||
Geo uses a set of defined terms that is described in the [Geo Glossary](glossary.md), please familiarize yourself with those terms.
|
||||
Geo uses a set of defined terms that are described in the [Geo Glossary](glossary.md).
|
||||
Be sure to familiarize yourself with those terms.
|
||||
|
||||
## Use cases
|
||||
|
||||
|
|
|
@ -199,20 +199,21 @@ keys must be manually replicated to the **secondary** site.
|
|||
gitlab-ctl reconfigure
|
||||
```
|
||||
|
||||
1. On the top bar, select **Menu > Admin**.
|
||||
1. On the left sidebar, select **Geo > Sites**.
|
||||
1. Select **New site**.
|
||||
1. Navigate to the Primary Node GitLab Instance:
|
||||
1. On the top bar, select **Menu > Admin**.
|
||||
1. On the left sidebar, select **Geo > Sites**.
|
||||
1. Select **Add site**.
|
||||
![Add secondary site](img/adding_a_secondary_v13_3.png)
|
||||
1. Fill in **Name** with the `gitlab_rails['geo_node_name']` in
|
||||
1. Fill in **Name** with the `gitlab_rails['geo_node_name']` in
|
||||
`/etc/gitlab/gitlab.rb`. These values must always match *exactly*, character
|
||||
for character.
|
||||
1. Fill in **URL** with the `external_url` in `/etc/gitlab/gitlab.rb`. These
|
||||
1. Fill in **URL** with the `external_url` in `/etc/gitlab/gitlab.rb`. These
|
||||
values must always match, but it doesn't matter if one ends with a `/` and
|
||||
the other doesn't.
|
||||
1. Optionally, choose which groups or storage shards should be replicated by the
|
||||
1. (Optional) Choose which groups or storage shards should be replicated by the
|
||||
**secondary** site. Leave blank to replicate all. Read more in
|
||||
[selective synchronization](#selective-synchronization).
|
||||
1. Select **Add site** to add the **secondary** site.
|
||||
1. Select **Save changes** to add the **secondary** site.
|
||||
1. SSH into **each Rails, and Sidekiq node on your secondary** site and restart the services:
|
||||
|
||||
```shell
|
||||
|
|
|
@ -2,7 +2,6 @@
|
|||
stage: Enablement
|
||||
group: Geo
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
type: howto
|
||||
---
|
||||
|
||||
# Geo with external PostgreSQL instances **(PREMIUM SELF)**
|
||||
|
@ -184,7 +183,7 @@ To configure the connection to the external read-replica database and enable Log
|
|||
database to keep track of replication status and automatically recover from
|
||||
potential replication issues. Omnibus automatically configures a tracking database
|
||||
when `roles ['geo_secondary_role']` is set.
|
||||
If you want to run this database external to Omnibus, please follow the instructions below.
|
||||
If you want to run this database external to Omnibus GitLab, use the following instructions.
|
||||
|
||||
If you are using a cloud-managed service for the tracking database, you may need
|
||||
to grant additional roles to your tracking database user (by default, this is
|
||||
|
|
|
@ -619,7 +619,7 @@ GET /users/:user_id/projects
|
|||
|
||||
## List projects starred by a user
|
||||
|
||||
Get a list of visible projects owned by the given user. When accessed without
|
||||
Get a list of visible projects starred by the given user. When accessed without
|
||||
authentication, only public projects are returned.
|
||||
|
||||
```plaintext
|
||||
|
|
|
@ -0,0 +1,130 @@
|
|||
---
|
||||
stage: Configure
|
||||
group: Configure
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Connect to cloud services
|
||||
|
||||
GitLab CI/CD supports [OpenID Connect (OIDC)](https://openid.net/connect/faq/) that allows your build and deployment job access to cloud credentials and services. Historically, teams stored secrets in projects or applied permissions on the GitLab Runner instance to build and deploy. To support this, a predefined variable named `CI_JOB_JWT_V2` is included in the CI/CD job allowing you to follow a scalable and least-privilege security approach.
|
||||
|
||||
## Requirements
|
||||
|
||||
- Account on GitLab.
|
||||
- Access to a cloud provider that supports OIDC to configure authorization and create roles.
|
||||
|
||||
The original implementation of `CI_JOB_JWT` supports [HashiCorp Vault integration](../examples/authenticating-with-hashicorp-vault/). The updated implementation of `CI_JOB_JWT_V2` supports additional cloud providers with OIDC including AWS, GCP, and Vault.
|
||||
|
||||
WARNING:
|
||||
The `CI_JOB_JWT_V2` variable is under development [(alpha)](https://about.gitlab.com/handbook/product/gitlab-the-product/#alpha) and is not yet suitable for production use.
|
||||
|
||||
## Use cases
|
||||
|
||||
- Removes the need to store secrets in your GitLab group or project. Temporary credentials can be retrieved from your cloud provider through OIDC.
|
||||
- Provides temporary access to cloud resources with granular GitLab conditionals including a group, project, branch, or tag.
|
||||
- Enables you to define separation of duties in the CI/CD job with conditional access to environments. Historically, apps may have been deployed with a designated GitLab Runner that had only access to staging or production environments. This led to Runner sprawl as each machine had dedicated permissions.
|
||||
- Allows shared runners to securely access multiple cloud accounts. The access is determined by the JWT token, which is specific to the user running the pipeline.
|
||||
- Removes the need to create logic to rotate secrets by retrieving temporary credentials by default.
|
||||
|
||||
## How it works
|
||||
|
||||
Each job has a JSON web token (JWT) provided as a CI/CD [predefined variable](../variables/predefined_variables.md) named `CI_JOB_JWT` or `CI_JOB_JWT_V2`. This JWT can be used to authenticate with the OIDC-supported cloud provider such as AWS, GCP, or Vault.
|
||||
|
||||
The following fields are included in the JWT:
|
||||
|
||||
| Field | When | Description |
|
||||
| ----------------------- | ------ | ----------- |
|
||||
| `jti` | Always | Unique identifier for this token |
|
||||
| `iss` | Always | Issuer, the domain of your GitLab instance |
|
||||
| `iat` | Always | Issued at |
|
||||
| `nbf` | Always | Not valid before |
|
||||
| `exp` | Always | Expires at |
|
||||
| `aud` | Always | Issuer, the domain of your GitLab instance |
|
||||
| `sub` | Always |`project_path:{group}/{project}:ref_type:{type}:ref:{branch_name}` |
|
||||
| `namespace_id` | Always | Use this to scope to group or user level namespace by ID |
|
||||
| `namespace_path` | Always | Use this to scope to group or user level namespace by path |
|
||||
| `project_id` | Always | Use this to scope to project by ID |
|
||||
| `project_path` | Always | Use this to scope to project by path |
|
||||
| `user_id` | Always | ID of the user executing the job |
|
||||
| `user_login` | Always | Username of the user executing the job |
|
||||
| `user_email` | Always | Email of the user executing the job |
|
||||
| `pipeline_id` | Always | ID of this pipeline |
|
||||
| `pipeline_source` | Always | [Pipeline source](../jobs/job_control.md#common-if-clauses-for-rules) |
|
||||
| `job_id` | Always | ID of this job |
|
||||
| `ref` | Always | Git ref for this job |
|
||||
| `ref_type` | Always | Git ref type, either `branch` or `tag` |
|
||||
| `ref_protected` | Always | `true` if this Git ref is protected, `false` otherwise |
|
||||
| `environment` | Job is creating a deployment | Environment this job deploys to ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/294440) in GitLab 13.9) |
|
||||
| `environment_protected` | Job is creating a deployment |`true` if deployed environment is protected, `false` otherwise ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/294440) in GitLab 13.9) |
|
||||
|
||||
```json
|
||||
{
|
||||
"jti": "c82eeb0c-5c6f-4a33-abf5-4c474b92b558",
|
||||
"iss": "https://gitlab.example.com",
|
||||
"aud": "https://gitlab.example.com",
|
||||
"iat": 1585710286,
|
||||
"nbf": 1585798372,
|
||||
"exp": 1585713886,
|
||||
"sub": "project_path:mygroup/myproject:ref_type:branch:ref:main",
|
||||
"namespace_id": "1",
|
||||
"namespace_path": "mygroup",
|
||||
"project_id": "22",
|
||||
"project_path": "mygroup/myproject",
|
||||
"user_id": "42",
|
||||
"user_login": "myuser",
|
||||
"user_email": "myuser@example.com",
|
||||
"pipeline_id": "1212",
|
||||
"pipeline_source": "web",
|
||||
"job_id": "1212",
|
||||
"ref": "auto-deploy-2020-04-01",
|
||||
"ref_type": "branch",
|
||||
"ref_protected": "true",
|
||||
"environment": "production",
|
||||
"environment_protected": "true"
|
||||
}
|
||||
```
|
||||
|
||||
### Authorization workflow
|
||||
|
||||
```mermaid
|
||||
sequenceDiagram
|
||||
participant GitLab
|
||||
Note right of Cloud: Create OIDC identity provider
|
||||
Note right of Cloud: Create role with conditionals
|
||||
Note left of GitLab: CI/CD job with CI_JOB_JWT_V2
|
||||
GitLab->>+Cloud: Call cloud API with CI_JOB_JWT_V2
|
||||
Note right of Cloud: Decode & verify JWT with public key (https://gitlab/-/jwks)
|
||||
Note right of Cloud: Validate audience defined in OIDC
|
||||
Note right of Cloud: Validate conditional (sub, aud) role
|
||||
Note right of Cloud: Generate credential or fetch secret
|
||||
Cloud->>GitLab: Return temporary credential
|
||||
Note left of GitLab: Perform operation
|
||||
|
||||
```
|
||||
|
||||
1. Create an OIDC identity provider in the cloud (for example, AWS, GCP, Vault).
|
||||
1. Create a conditional role in the cloud service that filters to a group, project, branch, or tag.
|
||||
1. The CI/CD job includes a predefined variable `CI_JOB_JWT_V2` that is a JWT token. You can use this token for authorization with your cloud API.
|
||||
1. The cloud verifies the token, validates the conditional role from the payload, and returns a temporary credential.
|
||||
|
||||
## Configure a conditional role with OIDC claims
|
||||
|
||||
To configure the trust between GitLab and OIDC, you must create a conditional role in the cloud provider that checks against the JWT token. The condition is validated against the JWT to create a trust specifically against two claims, the audience and subject.
|
||||
|
||||
- Audience or `aud`: The URL of the GitLab instance. This is defined when the identity provider is first configured in your cloud provider.
|
||||
- Subject or `sub`: A concatenation of metadata describing the GitLab CI/CD workflow including the group, project, branch, and tag. The `sub` field is in the following format:
|
||||
- `project_path:{group}/{project}:ref_type:{type}:ref:{branch_name}`
|
||||
|
||||
| Filter type | Example |
|
||||
| ------------------------------------ | ------------------------------------------------------------ |
|
||||
| Filter to main branch | `project_path:mygroup/myproject:ref_type:branch:ref:main` |
|
||||
| Filter to any branch | Wildcard supported. `project_path:mygroup/myproject:ref_type:branch:ref:*` |
|
||||
| Filter to specific project | `project_path:mygroup/myproject:ref_type:branch:ref:main` |
|
||||
| Filter to all projects under a group | Wildcard supported. `project_path:acme/*:ref_type:branch:ref:main` |
|
||||
| Filter to a Git tag | Wildcard supported. `project_path:acme/*:ref_type:tag:ref:1.0` |
|
||||
|
||||
## OIDC authorization with your cloud provider
|
||||
|
||||
To connect with your cloud provider, see the following tutorials:
|
||||
|
||||
- Configure OpenID Connect in AWS
|
|
@ -81,6 +81,7 @@ GitLab CI/CD features, grouped by DevOps stage, include:
|
|||
| **Configure** | |
|
||||
| [Auto DevOps](../topics/autodevops/index.md) | Set up your app's entire lifecycle. |
|
||||
| [ChatOps](chatops/index.md) | Trigger CI jobs from chat, with results sent back to the channel. |
|
||||
| [Connect to cloud services](cloud_services/index.md) | Connect to cloud providers using OpenID Connect (OIDC) to retrieve temporary credentials to access services or secrets. |
|
||||
|-------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------|
|
||||
| **Verify** | |
|
||||
| [Browser Performance Testing](../user/project/merge_requests/browser_performance_testing.md) | Quickly determine the browser performance impact of pending code changes. |
|
||||
|
|
|
@ -89,6 +89,3 @@ To add a [namespace](../../user/group/index.md#namespaces) to Jira:
|
|||
`--cookies "<cookies from the request>"`.
|
||||
1. Submit the cURL request.
|
||||
1. If the response is `{"success":true}`, the namespace was added.
|
||||
1. Append the cookies to the cURL command in your terminal `--cookies "PASTE COOKIES HERE"`.
|
||||
1. Submit the cURL request.
|
||||
1. If the response is `{"success":true}` the namespace was added.
|
||||
|
|
|
@ -8,35 +8,31 @@ info: To determine the technical writer assigned to the Stage/Group associated w
|
|||
|
||||
> [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/222788) from GitLab Ultimate to GitLab Free in 13.3.
|
||||
|
||||
A recurring problem when developing applications is that developers may unintentionally commit
|
||||
secrets and credentials to their remote repositories. If other people have access to the source,
|
||||
or if the project is public, the sensitive information is then exposed and can be leveraged by
|
||||
malicious users to gain access to resources like deployment environments.
|
||||
A recurring problem when developing applications is that people may accidentally commit secrets to
|
||||
their remote Git repositories. Secrets include keys, passwords, API tokens, and other sensitive
|
||||
information. Anyone with access to the repository could use the secrets for malicious purposes.
|
||||
Secrets exposed in this way must be treated as compromised, and be replaced, which can be costly.
|
||||
It's important to prevent secrets from being committed to a Git repository.
|
||||
|
||||
GitLab includes a check called Secret Detection. It scans the content of the repository
|
||||
to find API keys and other information that should not be there.
|
||||
Secret Detection uses the [Gitleaks](https://github.com/zricethezav/gitleaks) tool to scan the
|
||||
repository for secrets. All identified secrets are reported in the:
|
||||
|
||||
GitLab displays identified secrets visibly in a few places:
|
||||
|
||||
- [Security Dashboard](../security_dashboard/)
|
||||
- Merge request widget
|
||||
- Pipelines' **Security** tab
|
||||
- Report in the merge request widget
|
||||
- [Security Dashboard](../security_dashboard/)
|
||||
|
||||
![Secret Detection in merge request widget](img/secret_detection_v13_2.png)
|
||||
|
||||
## Use cases
|
||||
|
||||
- Detecting unintentional commit of secrets like keys, passwords, and API tokens.
|
||||
- Performing a single or recurring scan of the full history of your repository for secrets.
|
||||
|
||||
## Supported secrets
|
||||
|
||||
Secret Detection detects a variety of common secrets by default. You can also customize the secret detection patterns using [custom rulesets](#custom-rulesets).
|
||||
The [default ruleset](https://gitlab.com/gitlab-org/security-products/analyzers/secrets/-/blob/master/gitleaks.toml) includes **90+ secret detection patterns**.
|
||||
You can contribute "well-identifiable" secrets by follow the steps detailed in the [community contributions guidelines](https://gitlab.com/gitlab-org/gitlab/-/issues/345453).
|
||||
|
||||
WARNING:
|
||||
Gitleaks does not support scanning binary files.
|
||||
Secret Detection does not support scanning binary files.
|
||||
|
||||
## Detected secrets
|
||||
|
||||
Secret Detection uses a [default ruleset](https://gitlab.com/gitlab-org/security-products/analyzers/secrets/-/blob/master/gitleaks.toml)
|
||||
containing more than 90 secret detection patterns. You can also customize the secret detection
|
||||
patterns using [custom rulesets](#custom-rulesets). If you want to contribute rulesets for
|
||||
"well-identifiable" secrets, follow the steps detailed in the
|
||||
[community contributions guidelines](https://gitlab.com/gitlab-org/gitlab/-/issues/345453).
|
||||
|
||||
## Requirements
|
||||
|
||||
|
|
|
@ -51,7 +51,7 @@ Click on the service links to see further configuration instructions and details
|
|||
| [Mattermost slash commands](mattermost_slash_commands.md) | Perform common tasks with slash commands. | **{dotted-circle}** No |
|
||||
| [Microsoft Teams notifications](microsoft_teams.md) | Receive event notifications. | **{dotted-circle}** No |
|
||||
| Packagist | Keep your PHP dependencies updated on Packagist. | **{check-circle}** Yes |
|
||||
| Pipelines emails | Send the pipeline status to a list of recipients by email. | **{dotted-circle}** No |
|
||||
| [Pipelines emails](pipeline_status_emails.md) | Send the pipeline status to a list of recipients by email. | **{dotted-circle}** No |
|
||||
| [Pivotal Tracker](pivotal_tracker.md) | Add commit messages as comments to Pivotal Tracker stories. | **{dotted-circle}** No |
|
||||
| [Prometheus](prometheus.md) | Monitor application metrics. | **{dotted-circle}** No |
|
||||
| Pushover | Get real-time notifications on your device. | **{dotted-circle}** No |
|
||||
|
|
|
@ -0,0 +1,23 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Pipeline status emails **(FREE)**
|
||||
|
||||
You can send notifications about pipeline status changes in a group or
|
||||
project to a list of email addresses.
|
||||
|
||||
## Enable pipeline status email notifications
|
||||
|
||||
To enable pipeline status emails:
|
||||
|
||||
1. In your project or group, on the left sidebar, select **Settings > Integrations**.
|
||||
1. Select **Pipeline status emails**.
|
||||
1. Ensure the **Active** checkbox is selected.
|
||||
1. In **Recipients**, enter a comma-separated list of email addresses.
|
||||
1. Optional. To receive notifications for broken pipelines only, select
|
||||
**Notify only broken pipelines**.
|
||||
1. Select the branches to send notifications for.
|
||||
1. Select **Save changes**.
|
|
@ -258,18 +258,6 @@ ZDXgrA==
|
|||
certificate_source { :gitlab_provided }
|
||||
end
|
||||
|
||||
# This contains:
|
||||
# webdioxide.com
|
||||
# Let's Encrypt R3
|
||||
# ISRG Root X1 (issued by DST Root CA X3)
|
||||
#
|
||||
# DST Root CA X3 expired on 2021-09-30, but ISRG Root X1 should be trusted on most systems.
|
||||
trait :letsencrypt_expired_x3_root do
|
||||
certificate do
|
||||
File.read(Rails.root.join('spec/fixtures/ssl', 'letsencrypt_expired_x3.pem'))
|
||||
end
|
||||
end
|
||||
|
||||
trait :explicit_ecdsa do
|
||||
certificate do
|
||||
'-----BEGIN CERTIFICATE-----
|
||||
|
|
|
@ -31,7 +31,6 @@ RSpec.describe 'factories' do
|
|||
[:pages_domain, :with_trusted_chain],
|
||||
[:pages_domain, :with_trusted_expired_chain],
|
||||
[:pages_domain, :explicit_ecdsa],
|
||||
[:pages_domain, :letsencrypt_expired_x3_root],
|
||||
[:project_member, :blocked],
|
||||
[:remote_mirror, :ssh],
|
||||
[:user_preference, :only_comments],
|
||||
|
|
|
@ -1,98 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIGJDCCBQygAwIBAgISBOSAE/WwQGsTbDJI1vDL9+eKMA0GCSqGSIb3DQEBCwUA
|
||||
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
|
||||
EwJSMzAeFw0yMTEwMDEyMjIxMTlaFw0yMTEyMzAyMjIxMThaMBkxFzAVBgNVBAMT
|
||||
DndlYmRpb3hpZGUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
|
||||
wf/TpE5AjzoLXMFQ+WHle7Dn5rlEe0bPee2JU386cZmMYnGFS5DR251FerSX28U4
|
||||
pqk2yS8oefHGi2PS6h8/MWxr+Zy/6hk3WkgwdIK3uPiUcfCdPV/btXDd4YqikEDm
|
||||
BoOE4fQlqKQwtLOnhEZu9y8FQoxxoQ+7DndHrDixDoMbpUloxpqUZwziQnH4QHXE
|
||||
32rQhq25+NUK/lVFGKOFnmZ2s/yUildKafqulHrLHOhumKMOEivzlFDZbtqP+RKt
|
||||
nsrJ3i9O+nSQz6j5dv3Du6eaResrtK7tT1MFDNhcg2cgjNW64VLXQdFXYXE1OYsw
|
||||
yAuXUnHNzWFhinyf80qeh2046YR21dlG8voIDQH4fGG5GmWLyu7glsWYVwQQ36VA
|
||||
TTxPmAoaqUTl8A7cnlJpAo+BJ00mS/9DwJ7pkgGC7dYOhJzWlI7lPqzEfmJ+o8pj
|
||||
CJlLIuqsn0vcCZQlmqCFMxK4asn+puLLnMjRLHIYEJKDNyPGHQEr2e5t4GUYZKaN
|
||||
MEpXMwJd97tUamUKWeBPNIND/kOuqexe+okbOTRp34VAsK5oCpawEJckoNkK+sv0
|
||||
OrSWFOdfLBHv66p9qsrz8LQXxmN5JUBUe51SBSUo1Ul4/vGYdhuKd/8KcLw9/Al+
|
||||
HJN2hAeo3v+2fVey4hgGna7XNe8e3+E+OEQb4zpQDLkCAwEAAaOCAkswggJHMA4G
|
||||
A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD
|
||||
VR0TAQH/BAIwADAdBgNVHQ4EFgQU4PbvqCKatjx6GZMXy7v9GwykZq4wHwYDVR0j
|
||||
BBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsG
|
||||
AQUFBzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6
|
||||
Ly9yMy5pLmxlbmNyLm9yZy8wGQYDVR0RBBIwEIIOd2ViZGlveGlkZS5jb20wTAYD
|
||||
VR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYa
|
||||
aHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEGBgorBgEEAdZ5AgQCBIH3BIH0
|
||||
APIAdwBc3EOS/uarRUSxXprUVuYQN/vV+kfcoXOUsl7m9scOygAAAXw+KYGHAAAE
|
||||
AwBIMEYCIQCqD6jMtHrGlE02Qh1FzFd4+qYzJTrChHmHBFIncPGQKAIhALeYk0Vf
|
||||
/Lw2tX2beVlKN4/h1o8srNJv+06xkr1N6XmiAHcAfT7y+I//iFVoJMLAyp5SiXkr
|
||||
xQ54CX8uapdomX4i8NcAAAF8PimBogAABAMASDBGAiEA0h883FFj1dSYKGym9+Wa
|
||||
XgJRj526X7YlkhkZ5J1TjioCIQDyjMPrbo5liVi/e5b8gfDw5Fd9WNiTu1W1LKKu
|
||||
UpE/qTANBgkqhkiG9w0BAQsFAAOCAQEAcx10nqp1kh2awwoqwf7Jo8Gycqx2bA2O
|
||||
E2rveQ/BK9UhwvrNeEpE9SG6liMsYJKxGar0vbbBHvxzuMU00bhGjXFtUT5XuQ8q
|
||||
FcU0OdycyZj8fjZmUNsJr82l8HvfJ50jfxFORTgj8Ln5MWVUFlbl0nD+06l28sDc
|
||||
V+r/B4394fkoMsKXtiTA4/ZeOD1tHNsdxQ7sNQtEfqCG0wFCYHK3rs7XTZ1K0F3c
|
||||
M051JShko1UKP/k5blrendOwVRwLtq+9pavGnJBeqNIVgugTER/IHlp4427WyhdY
|
||||
KYjKoytW+XQyWqxU/Mh/O4rxkD8cZaE+FdZpP67VZ185AuZMbn+LcQ==
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
|
||||
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
|
||||
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
|
||||
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
|
||||
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
|
||||
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
|
||||
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
|
||||
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
|
||||
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
|
||||
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
|
||||
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
|
||||
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
|
||||
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
|
||||
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
|
||||
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
|
||||
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
|
||||
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
|
||||
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
|
||||
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
|
||||
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
|
||||
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
|
||||
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
|
||||
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
|
||||
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
|
||||
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
|
||||
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
|
||||
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
|
||||
nLRbwHOoq7hHwg==
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
|
||||
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
|
||||
DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
|
||||
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
|
||||
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
|
||||
AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
|
||||
ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
|
||||
wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
|
||||
LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
|
||||
4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
|
||||
bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
|
||||
sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
|
||||
Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
|
||||
FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
|
||||
SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
|
||||
PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
|
||||
TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
|
||||
SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
|
||||
c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
|
||||
+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
|
||||
ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
|
||||
b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
|
||||
U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
|
||||
MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
|
||||
5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
|
||||
9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
|
||||
WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
|
||||
he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
|
||||
Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
|
||||
-----END CERTIFICATE-----
|
|
@ -287,19 +287,6 @@ RSpec.describe PagesDomain do
|
|||
|
||||
it { is_expected.to be_truthy }
|
||||
end
|
||||
|
||||
# The LetsEncrypt DST Root CA X3 expired on 2021-09-30, but the
|
||||
# cross-sign in ISRG Root X1 enables it to function provided a chain
|
||||
# of trust can be established with the system store. See:
|
||||
#
|
||||
# 1. https://community.letsencrypt.org/t/production-chain-changes/150739
|
||||
# 2. https://letsencrypt.org/2020/12/21/extending-android-compatibility.html
|
||||
# 3. https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/
|
||||
context 'with a LetsEncrypt bundle with an expired DST Root CA X3' do
|
||||
let(:domain) { build(:pages_domain, :letsencrypt_expired_x3_root) }
|
||||
|
||||
it { is_expected.to be_truthy }
|
||||
end
|
||||
end
|
||||
|
||||
describe '#expired?' do
|
||||
|
|
|
@ -76,6 +76,22 @@ RSpec.describe MergeRequests::SquashService do
|
|||
service.execute
|
||||
end
|
||||
end
|
||||
|
||||
context 'when squash message matches commit message but without trailing new line' do
|
||||
let(:service) { described_class.new(project: project, current_user: user, params: { merge_request: merge_request, squash_commit_message: merge_request.first_commit.safe_message.strip }) }
|
||||
|
||||
it 'returns that commit SHA' do
|
||||
result = service.execute
|
||||
|
||||
expect(result).to match(status: :success, squash_sha: merge_request.diff_head_sha)
|
||||
end
|
||||
|
||||
it 'does not perform any git actions' do
|
||||
expect(repository).not_to receive(:squash)
|
||||
|
||||
service.execute
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context 'the squashed commit' do
|
||||
|
|
Loading…
Reference in New Issue