kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2022-06-22 18:09:56 +00:00
parent 640007842a
commit 2bb1dbf21f
47 changed files with 500 additions and 462 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
app/models/clusters/integrations/prometheus.rb
View File

@ -55,23 +55,13 @@ module Clusters
private
def activate_project_integrations
if Feature.enabled?(:rename_integrations_workers)
::Clusters::Applications::ActivateIntegrationWorker
.perform_async(cluster_id, ::Integrations::Prometheus.to_param)
else
::Clusters::Applications::ActivateServiceWorker
.perform_async(cluster_id, ::Integrations::Prometheus.to_param)
end
::Clusters::Applications::ActivateIntegrationWorker
.perform_async(cluster_id, ::Integrations::Prometheus.to_param)
end
def deactivate_project_integrations
if Feature.enabled?(:rename_integrations_workers)
::Clusters::Applications::DeactivateIntegrationWorker
.perform_async(cluster_id, ::Integrations::Prometheus.to_param)
else
::Clusters::Applications::DeactivateServiceWorker
.perform_async(cluster_id, ::Integrations::Prometheus.to_param)
end
::Clusters::Applications::DeactivateIntegrationWorker
.perform_async(cluster_id, ::Integrations::Prometheus.to_param)
end
end
end

6
app/models/integration.rb
View File

@ -570,11 +570,7 @@ class Integration < ApplicationRecord
def async_execute(data)
return unless supported_events.include?(data[:object_kind])
if Feature.enabled?(:rename_integrations_workers)
Integrations::ExecuteWorker.perform_async(id, data)
else
ProjectServiceWorker.perform_async(id, data)
end
Integrations::ExecuteWorker.perform_async(id, data)
end
# override if needed

15
app/models/integrations/irker.rb
View File

@ -30,17 +30,10 @@ module Integrations
def execute(data)
return unless supported_events.include?(data[:object_kind])
if Feature.enabled?(:rename_integrations_workers)
Integrations::IrkerWorker.perform_async(
project_id, channels,
colorize_messages, data, settings
)
else
::IrkerWorker.perform_async(
project_id, channels,
colorize_messages, data, settings
)
end
Integrations::IrkerWorker.perform_async(
project_id, channels,
colorize_messages, data, settings
)
end
def settings

2
app/services/projects/destroy_service.rb
View File

@ -212,7 +212,7 @@ module Projects
# produces smaller and faster queries to the database.
def destroy_web_hooks!
project.hooks.find_each do |web_hook|
result = ::WebHooks::DestroyService.new(current_user).sync_destroy(web_hook)
result = ::WebHooks::DestroyService.new(current_user).execute(web_hook)
unless result[:status] == :success
raise_error(s_('DeleteProject|Failed to remove webhooks. Please try again or contact administrator.'))

3
app/services/web_hooks/destroy_service.rb
View File

@ -21,8 +21,5 @@ module WebHooks
ServiceResponse.error(message: "Unable to destroy #{web_hook.model_name.human}")
end
end
# Backwards compatibility with WebHooks::DestroyWorker
alias_method :sync_destroy, :execute
end
end

4
app/views/groups/_group_admin_settings.html.haml
View File

@ -4,7 +4,7 @@
.col-sm-10
= f.gitlab_ui_checkbox_component :lfs_enabled, checkbox_options: { checked: @group.lfs_enabled? } do |c|
= c.label do
= _('Allow projects within this group to use Git LFS')
= _('Projects in this group can use Git LFS')
= link_to sprite_icon('question-o'), help_page_path('topics/git/lfs/index'), class: 'gl-ml-2'
= c.help_text do
= _('This setting can be overridden in each project.')
@ -24,7 +24,7 @@
.col-sm-2.col-form-label.pt-0
= f.label :require_two_factor_authentication, _('Two-factor authentication')
.col-sm-10
- label = _("Require all users in this group to set up two-factor authentication")
- label = _("All users in this group must set up two-factor authentication")
- help_link = link_to sprite_icon('question-o'), help_page_path('security/two_factor_authentication', anchor: 'enforce-2fa-for-all-users-in-a-group'), class: 'gl-ml-2'
= f.gitlab_ui_checkbox_component :require_two_factor_authentication, '%{label}%{help_link}'.html_safe % { label: label, help_link: help_link }
.form-group.row

14
app/views/groups/settings/_permissions.html.haml
View File

@ -7,27 +7,27 @@
- if @group.root?
.form-group.gl-mb-3
= f.gitlab_ui_checkbox_component :prevent_sharing_groups_outside_hierarchy,
s_('GroupSettings|Prevent members from sending invitations to groups outside of %{group} and its subgroups').html_safe % { group: link_to_group(@group) },
s_('GroupSettings|Members cannot invite groups outside of %{group} and its subgroups').html_safe % { group: link_to_group(@group) },
help_text: prevent_sharing_groups_outside_hierarchy_help_text(@group),
checkbox_options: { disabled: !can_change_prevent_sharing_groups_outside_hierarchy?(@group) }
.form-group.gl-mb-3
= f.gitlab_ui_checkbox_component :share_with_group_lock,
s_('GroupSettings|Prevent sharing a project within %{group} with other groups').html_safe % { group: link_to_group(@group) },
s_('GroupSettings|Projects in %{group} cannot be shared with other groups').html_safe % { group: link_to_group(@group) },
checkbox_options: { disabled: !can_change_share_with_group_lock?(@group) },
help_text: share_with_group_lock_help_text(@group)
.form-group.gl-mb-3
= f.gitlab_ui_checkbox_component :emails_disabled,
s_('GroupSettings|Disable email notifications'),
s_('GroupSettings|Email notifications are disabled'),
checkbox_options: { checked: @group.emails_disabled?, disabled: !can_disable_group_emails?(@group) },
help_text: s_('GroupSettings|Overrides user notification preferences for all members of the group, subgroups, and projects.')
.form-group.gl-mb-3
= f.gitlab_ui_checkbox_component :mentions_disabled,
s_('GroupSettings|Disable group mentions'),
s_('GroupSettings|Group mentions are disabled'),
checkbox_options: { checked: @group.mentions_disabled? },
help_text: s_('GroupSettings|Prevents group members from being notified if the group is mentioned.')
help_text: s_('GroupSettings|Group members are not notified if the group is mentioned.')
= render 'groups/settings/resource_access_token_creation', f: f, group: @group
= render_if_exists 'groups/settings/delayed_project_removal', f: f, group: @group
@ -48,8 +48,8 @@
%h5= _('Customer relations')
.form-group.gl-mb-3
= f.gitlab_ui_checkbox_component :crm_enabled,
s_('GroupSettings|Enable customer relations'),
s_('GroupSettings|Customer relations is enabled'),
checkbox_options: { checked: @group.crm_enabled? },
help_text: s_('GroupSettings|Allows creating organizations and contacts and associating them with issues.')
help_text: s_('GroupSettings|Organizations and contacts can be created and associated with issues.')
= f.submit _('Save changes'), class: 'btn gl-button btn-confirm gl-mt-3 js-dirty-submit', data: { qa_selector: 'save_permissions_changes_button' }

2
app/views/groups/settings/_project_creation_level.html.haml
View File

@ -1,3 +1,3 @@
.form-group
= f.label s_('ProjectCreationLevel|Allowed to create projects'), class: 'label-bold'
= f.label s_('ProjectCreationLevel|Roles allowed to create projects'), class: 'label-bold'
= f.select :project_creation_level, options_for_select(::Gitlab::Access.project_creation_options, group.project_creation_level), {}, class: 'form-control', data: { qa_selector: 'project_creation_level_dropdown' }

5
app/views/groups/settings/_resource_access_token_creation.html.haml
View File

@ -6,6 +6,5 @@
- link_start_project = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: project_access_tokens_link }
- link_start_group = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: group_access_tokens_link }
= f.gitlab_ui_checkbox_component :resource_access_token_creation_allowed,
s_('GroupSettings|Allow project and group access token creation'),
checkbox_options: { checked: group.namespace_settings.resource_access_token_creation_allowed?, data: { qa_selector: 'resource_access_token_creation_allowed_checkbox' } },
help_text: s_('GroupSettings|Users can create %{link_start_project}project access tokens%{link_end} and %{link_start_group}group access tokens%{link_end} in this group.').html_safe % { link_start_project: link_start_project, link_start_group: link_start_group, link_end: '</a>'.html_safe }
s_('GroupSettings|Users can create %{link_start_project}project access tokens%{link_end} and %{link_start_group}group access tokens%{link_end} in this group').html_safe % { link_start_project: link_start_project, link_start_group: link_start_group, link_end: '</a>'.html_safe },
checkbox_options: { checked: group.namespace_settings.resource_access_token_creation_allowed?, data: { qa_selector: 'resource_access_token_creation_allowed_checkbox' } }

2
app/views/groups/settings/_subgroup_creation_level.html.haml
View File

@ -1,3 +1,3 @@
.form-group
= f.label s_('SubgroupCreationLevel|Allowed to create subgroups'), class: 'label-bold'
= f.label s_('SubgroupCreationLevel|Roles allowed to create subgroups'), class: 'label-bold'
= f.select :subgroup_creation_level, options_for_select(::Gitlab::Access.subgroup_creation_options, group.subgroup_creation_level), {}, class: 'form-control'

8
app/views/groups/settings/_two_factor_auth.html.haml
View File

@ -8,14 +8,14 @@
.form-group
= f.gitlab_ui_checkbox_component :require_two_factor_authentication,
_('Require all users in this group to set up two-factor authentication'),
_('All users in this group must set up two-factor authentication'),
checkbox_options: { data: { qa_selector: 'require_2fa_checkbox' } }
.form-group
= f.label :two_factor_grace_period, _('Time before enforced')
= f.label :two_factor_grace_period, _('Delay 2FA enforcement (hours)')
= f.text_field :two_factor_grace_period, class: 'form-control form-control-sm w-auto gl-form-input gl-mb-3'
.form-text.text-muted= _('Time (in hours) that users are allowed to skip forced configuration of two-factor authentication.')
.form-text.text-muted= _("The maximum amount of time users have to set up two-factor authentication before it's enforced.")
- unless group.has_parent?
.form-group
= f.gitlab_ui_checkbox_component :allow_mfa_for_subgroups,
_('Allow subgroups to set up their own two-factor authentication rules'),
_('Subgroups can set up their own two-factor authentication rules'),
checkbox_options: { checked: group.namespace_settings&.allow_mfa_for_subgroups }

2
app/views/shared/_allow_request_access.html.haml
View File

@ -1,3 +1,3 @@
= form.gitlab_ui_checkbox_component :request_access_enabled,
_('Allow users to request access (if visibility is public or internal)'),
_('Users can request access (if visibility is public or internal)'),
checkbox_options: { data: { qa_selector: 'request_access_checkbox' } }

45
app/workers/all_queues.yml
View File

@ -948,15 +948,6 @@
:weight: 1
:idempotent: false
:tags: []
- :name: gcp_cluster:clusters_applications_activate_service
:worker_name: Clusters::Applications::ActivateServiceWorker
:feature_category: :kubernetes_management
:has_external_dependencies: false
:urgency: :low
:resource_boundary: :unknown
:weight: 1
:idempotent: false
:tags: []
- :name: gcp_cluster:clusters_applications_deactivate_integration
:worker_name: Clusters::Applications::DeactivateIntegrationWorker
:feature_category: :kubernetes_management
@ -966,15 +957,6 @@
:weight: 1
:idempotent: false
:tags: []
- :name: gcp_cluster:clusters_applications_deactivate_service
:worker_name: Clusters::Applications::DeactivateServiceWorker
:feature_category: :kubernetes_management
:has_external_dependencies: false
:urgency: :low
:resource_boundary: :unknown
:weight: 1
:idempotent: false
:tags: []
- :name: gcp_cluster:clusters_applications_uninstall
:worker_name: Clusters::Applications::UninstallWorker
:feature_category: :kubernetes_management
@ -2434,15 +2416,6 @@
:weight: 2
:idempotent: false
:tags: []
- :name: irker
:worker_name: IrkerWorker
:feature_category: :integrations
:has_external_dependencies: false
:urgency: :low
:resource_boundary: :unknown
:weight: 1
:idempotent: false
:tags: []
- :name: issuable_export_csv
:worker_name: IssuableExportCsvWorker
:feature_category: :team_planning
@ -2776,15 +2749,6 @@
:weight: 1
:idempotent: false
:tags: []
- :name: project_service
:worker_name: ProjectServiceWorker
:feature_category: :integrations
:has_external_dependencies: true
:urgency: :low
:resource_boundary: :unknown
:weight: 1
:idempotent: false
:tags: []
- :name: projects_after_import
:worker_name: Projects::AfterImportWorker
:feature_category: :importers
@ -3101,15 +3065,6 @@
:weight: 1
:idempotent: false
:tags: []
- :name: web_hooks_destroy
:worker_name: WebHooks::DestroyWorker
:feature_category: :integrations
:has_external_dependencies: false
:urgency: :high
:resource_boundary: :unknown
:weight: 1
:idempotent: true
:tags: []
- :name: web_hooks_log_destroy
:worker_name: WebHooks::LogDestroyWorker
:feature_category: :integrations

12
app/workers/clusters/applications/activate_service_worker.rb
View File

@ -1,12 +0,0 @@
# frozen_string_literal: true
# This worker was renamed in 15.1, we can delete it in 15.2.
# See: https://gitlab.com/gitlab-org/gitlab/-/issues/364112
#
# rubocop:disable Scalability/IdempotentWorker
module Clusters
module Applications
class ActivateServiceWorker < ActivateIntegrationWorker
end
end
end

12
app/workers/clusters/applications/deactivate_service_worker.rb
View File

@ -1,12 +0,0 @@
# frozen_string_literal: true
# This worker was renamed in 15.1, we can delete it in 15.2.
# See: https://gitlab.com/gitlab-org/gitlab/-/issues/364112
#
# rubocop:disable Scalability/IdempotentWorker
module Clusters
module Applications
class DeactivateServiceWorker < DeactivateIntegrationWorker
end
end
end

9
app/workers/irker_worker.rb
View File

@ -1,9 +0,0 @@
# frozen_string_literal: true
# This worker was renamed in 15.1, we can delete it in 15.2.
# See: https://gitlab.com/gitlab-org/gitlab/-/issues/364112
#
# rubocop: disable Gitlab/NamespacedClass
# rubocop:disable Scalability/IdempotentWorker
class IrkerWorker < Integrations::IrkerWorker
end

16
app/workers/project_service_worker.rb
View File

@ -1,16 +0,0 @@
# frozen_string_literal: true
# This worker was renamed in 15.1, we can delete it in 15.2.
# See: https://gitlab.com/gitlab-org/gitlab/-/issues/364112
#
# rubocop: disable Gitlab/NamespacedClass
# rubocop: disable Scalability/IdempotentWorker
class ProjectServiceWorker < Integrations::ExecuteWorker
data_consistency :always
sidekiq_options retry: 3
sidekiq_options dead: false
feature_category :integrations
urgency :low
worker_has_external_dependencies!
end

27
app/workers/web_hooks/destroy_worker.rb
View File

@ -1,27 +0,0 @@
# frozen_string_literal: true
module WebHooks
class DestroyWorker
include ApplicationWorker
DestroyError = Class.new(StandardError)
data_consistency :always
sidekiq_options retry: 3
feature_category :integrations
urgency :high
idempotent!
def perform(user_id, web_hook_id)
user = User.find_by_id(user_id)
hook = WebHook.find_by_id(web_hook_id)
return unless user && hook
result = ::WebHooks::DestroyService.new(user).sync_destroy(hook)
result.track_and_raise_exception(as: DestroyError, web_hook_id: hook.id)
end
end
end

8
config/feature_flags/development/rename_integrations_workers.yml
View File

@ -1,8 +0,0 @@
---
name: rename_integrations_workers
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/88558
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/364112
milestone: '15.1'
type: development
group: group::integrations
default_enabled: true

6
config/sidekiq_queues.yml
View File

@ -241,8 +241,6 @@
- 1
- - invalid_gpg_signature_update
- 2
- - irker
- 1
- - issuable_export_csv
- 1
- - issuable_label_links_destroy
@ -357,8 +355,6 @@
- 1
- - project_import_schedule
- 1
- - project_service
- 1
- - project_template_export
- 1
- - projects_after_import
@ -471,8 +467,6 @@
- 1
- - web_hook
- 1
- - web_hooks_destroy
- 1
- - web_hooks_log_destroy
- 1
- - web_hooks_log_execution

59
data/whats_new/202206220001_15_1.yml Normal file
View File

@ -0,0 +1,59 @@
# This is a template for a "Whats New" release.
# A release typically contains multiple entries of features that we'd like to highlight.
#
# Below is an example of what a single entry should look like, it's required attributes,
# and what types we expect those attribute values to be. All attributes are required.
#
# For more information please refer to the handbook documentation here:
# https://about.gitlab.com/handbook/marketing/blog/release-posts/index.html#create-mr-for-whats-new-entries
#
# Please delete this line and above before submitting your merge request.
- title: SAML Group Sync for self-managed GitLab
body: | # Do not modify this line, instead modify the lines below.
You can now map a group in your identity provider to a self-managed GitLab group using SAML group links. Previously, this feature was only available for GitLab.com. Group memberships are updated when a user logs into GitLab through their SAML provider. This new functionality decreases the workload for GitLab administrators and reduces onboarding time for group members.
stage: manage # String value of the stage that the feature was created in. e.g., Growth
self-managed: true
gitlab-com: true
packages: [Premium, Ultimate]
url: https://docs.gitlab.com/ee/user/group/saml_sso/group_sync.html
image_url: https://about.gitlab.com/images/15_1/SAML_Group_Sync.png # This should be a full URL, generally taken from the release post content. If a video, use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
published_at: 2022-06-22
release: 15.1
- title: Enhancing visibility into Value Stream with DORA metrics
body: | # Do not modify this line, instead modify the lines below.
With the addition of the four [DORA metrics](https://docs.gitlab.com/ee/user/analytics/#devops-research-and-assessment-dora-key-metrics) tiles to the [Value Stream Analytics](https://docs.gitlab.com/ee/user/group/value_stream_analytics/) dashboard, you can now track team performance and value flow from ideation to customer delivery. Additionally, we added a new trend chart for the DORA [Time to restore service](https://docs.gitlab.com/ee/user/analytics/ci_cd_analytics.html) metric to provide insights into software stability and reliability trends. This new chart shows information about how long it takes an organization to recover from a failure in production. This is the third DORA chart that's available out of the box in GitLab. We plan to keep improving the visibility into DORA metrics and also add charts for the fourth metric- Change failure rate.
stage: manage # String value of the stage that the feature was created in. e.g., Growth
self-managed: true
gitlab-com: true
packages: [Free, Premium, Ultimate]
url: https://docs.gitlab.com/ee/user/analytics/ci_cd_analytics.html
image_url: https://about.gitlab.com/images/15_1/vsa_dora_n_ttrs.png # This should be a full URL, generally taken from the release post content. If a video, use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
published_at: 2022-06-22
release: 15.1
- title: "SLSA-2 attestation included for build artifacts"
body: | # Do not modify this line, instead modify the lines below.
[Supply-chain Levels for Software Artifacts (SLSA)](https://github.com/slsa-framework/slsa) is a security framework that helps ensure the security and integrity of your software supply chain. By default, GitLab Runner is now capable of generating and producing SLSA-2 compliant attestation metadata for build artifacts.
If the artifact is stored in a registry, then the attestation metadata is stored alongside the artifact in that registry. Otherwise, the metadata is in rendered in a plain text `.json` file that's stored with the artifact.
This new attestation information can help you more easily verify that your build artifacts have not been tampered with. To enable this feature, simply set `RUNNER_GENERATE_ARTIFACTS_METADATA = "true"` in your `.gitlab-ci.yml` file.
As part of the Limited Availability release, CI jobs that run on the macOS runners will count toward your CI/CD minutes quota at a [cost factor](https://docs.gitlab.com/ee/ci/pipelines/cicd_minutes.html#cost-factor) of 6.
stage: verify
self-managed: true
gitlab-com: true
packages: [Free, Premium, Ultimate]
url: https://docs.gitlab.com/ee/ci/runners/configure_runners.html#artifact-attestation
image_url: https://www.youtube.com/embed/MlIdqrDgI8U
published_at: 2022-06-22
release: 15.1
- title: "Link to included CI/CD configuration from the pipeline editor"
body: | # Do not modify this line, instead modify the lines below.
A typical CI/CD configuration uses the `include` keyword to import configuration stored in other files or CI/CD templates. When editing or troubleshooting your configuration though, it can be difficult to understand how all the configuration works together because the included configuration is not visible in your `.gitlab-ci-yml`, you only see the `include` entry.
In this release, we added links to all included configuration files and templates to the pipeline editor. Now you can easily access and view all the CI/CD configuration your pipeline uses, making it much easier to manage large and complex pipelines.
stage: verify
self-managed: true
gitlab-com: true
packages: [Free, Premium, Ultimate]
url: https://docs.gitlab.com/ee/ci/pipeline_editor/
image_url: https://www.youtube.com/embed/7BNDUYfY_ok
published_at: 2022-06-22
release: 15.1

29
db/post_migrate/20220601151900_schedule_backfill_ci_runner_semver.rb Normal file
View File

@ -0,0 +1,29 @@
# frozen_string_literal: true
class ScheduleBackfillCiRunnerSemver < Gitlab::Database::Migration[2.0]
restrict_gitlab_migration gitlab_schema: :gitlab_ci
MIGRATION = 'BackfillCiRunnerSemver'
INTERVAL = 2.minutes.freeze
BATCH_SIZE = 500
MAX_BATCH_SIZE = 10_000
SUB_BATCH_SIZE = 100
disable_ddl_transaction!
def up
queue_batched_background_migration(
MIGRATION,
:ci_runners,
:id,
job_interval: INTERVAL,
batch_size: BATCH_SIZE,
max_batch_size: MAX_BATCH_SIZE,
sub_batch_size: SUB_BATCH_SIZE
)
end
def down
delete_batched_background_migration(MIGRATION, :ci_runners, :id, [])
end
end

1
db/schema_migrations/20220601151900 Normal file
View File

@ -0,0 +1 @@
c215c9ef738ab0d466d9244c0596164d6860728ac92fac90bef5a987c2cef6b7

4
doc/api/groups.md
View File

@ -823,7 +823,7 @@ Parameters:
| `subgroup_creation_level` | string | no | Allowed to [create subgroups](../user/group/subgroups/index.md#create-a-subgroup). Can be `owner` (Owners), or `maintainer` (users with the Maintainer role). |
| `two_factor_grace_period` | integer | no | Time before Two-factor authentication is enforced (in hours). |
| `visibility` | string | no | The group's visibility. Can be `private`, `internal`, or `public`. |
| `membership_lock` **(PREMIUM)** | boolean | no | Prevent adding new members to projects within this group. |
| `membership_lock` **(PREMIUM)** | boolean | no | Users cannot be added to projects in this group. |
| `extra_shared_runners_minutes_limit` **(PREMIUM)** | integer | no | Can be set by administrators only. Additional CI/CD minutes for this group. |
| `shared_runners_minutes_limit` **(PREMIUM)** | integer | no | Can be set by administrators only. Maximum number of monthly CI/CD minutes for this group. Can be `nil` (default; inherit system default), `0` (unlimited), or `> 0`. |
@ -930,7 +930,7 @@ PUT /groups/:id
| `visibility` | string | no | The visibility level of the group. Can be `private`, `internal`, or `public`. |
| `extra_shared_runners_minutes_limit` **(PREMIUM)** | integer | no | Can be set by administrators only. Additional CI/CD minutes for this group. |
| `file_template_project_id` **(PREMIUM)** | integer | no | The ID of a project to load custom file templates from. |
| `membership_lock` **(PREMIUM)** | boolean | no | Prevent adding new members to projects within this group. |
| `membership_lock` **(PREMIUM)** | boolean | no | Users cannot be added to projects in this group. |
| `prevent_forking_outside_group` **(PREMIUM)** | boolean | no | When enabled, users can **not** fork projects from this group to external namespaces. |
| `shared_runners_minutes_limit` **(PREMIUM)** | integer | no | Can be set by administrators only. Maximum number of monthly CI/CD minutes for this group. Can be `nil` (default; inherit system default), `0` (unlimited), or `> 0`. |

216
doc/development/geo.md
View File

@ -19,11 +19,11 @@ Geo handles replication for different components:
- [Database](#database-replication): includes the entire application, except cache and jobs.
- [Git repositories](#repository-replication): includes both projects and wikis.
- [Uploaded blobs](#uploads-replication): includes anything from images attached on issues
- [Blobs](#blob-replication): includes anything from images attached on issues
to raw logs and assets from CI.
With the exception of the Database replication, on a *secondary* site, everything is coordinated
by the [Geo Log Cursor](#geo-log-cursor).
by the [Geo Log Cursor](#geo-log-cursor-daemon).
### Geo Log Cursor daemon
@ -66,7 +66,7 @@ the state of every repository in the [tracking database](#tracking-database).
There are a few ways a repository gets replicated by the:
- [Repository Sync worker](#repository-sync-worker).
- [Geo Log Cursor](#geo-log-cursor).
- [Geo Log Cursor](#geo-log-cursor-daemon).
#### Project Registry
@ -104,19 +104,204 @@ times, Geo does a so-called _re-download_. It will do a clean clone
into the `@geo-temporary` directory in the root of the storage. When
it's successful, we replace the main repository with the newly cloned one.
### Uploads replication
### Blob replication
File uploads are also being replicated to the **secondary** site. To
track the state of syncing, the `Geo::UploadRegistry` model is used.
Blobs such as [uploads](uploads/index.md), LFS objects, and CI job artifacts, are replicated to the **secondary** site with the [Self-Service Framework](geo/framework.md). To track the state of syncing, each model has a corresponding registry table, for example `Upload` has `Geo::UploadRegistry` in the [PostgreSQL Geo Tracking Database](#tracking-database).
#### Upload Registry
#### Blob replication happy path workflows between services
Similar to the [Project Registry](#project-registry), there is a
`Geo::UploadRegistry` model that tracks the synced uploads.
Job artifacts are used in the diagrams below, as one example of a blob.
CI Job Artifacts and LFS objects are synced in a similar way as uploads,
but they are tracked by `Geo::JobArtifactRegistry`, and `Geo::LfsObjectRegistry`
models respectively.
##### Replicating a new job artifact
Primary site:
```mermaid
sequenceDiagram
participant R as Runner
participant P as Puma
participant DB as PostgreSQL
participant SsP as Secondary site PostgreSQL
R->>P: Upload artifact
P->>DB: Insert `ci_job_artifacts` row
P->>DB: Insert `geo_events` row
P->>DB: Insert `geo_event_log` row
DB->>SsP: Replicate rows
```
- A [Runner](https://docs.gitlab.com/runner/) uploads an artifact
- [Puma](architecture.md#puma) inserts `ci_job_artifacts` row
- Puma inserts `geo_events` row with data like "Job Artifact with ID 123 was updated"
- Puma inserts `geo_event_log` row pointing to the `geo_events` row (because we built SSF on top of some legacy logic)
- [PostgreSQL](architecture.md#postgresql) streaming replication inserts the rows in the read replica
Secondary site, after the PostgreSQL DB rows have been replicated:
```mermaid
sequenceDiagram
participant DB as PostgreSQL
participant GLC as Geo Log Cursor
participant R as Redis
participant S as Sidekiq
participant TDB as PostgreSQL Tracking DB
participant PP as Primary site Puma
GLC->>DB: Query `geo_event_log`
GLC->>DB: Query `geo_events`
GLC->>R: Enqueue `Geo::EventWorker`
S->>R: Pick up `Geo::EventWorker`
S->>TDB: Insert to `job_artifact_registry`, "starting sync"
S->>PP: GET <primary site internal URL>/geo/retrieve/job_artifact/123
S->>TDB: Update `job_artifact_registry`, "synced"
```
- [Geo Log Cursor](#geo-log-cursor-daemon) loop finds the new `geo_event_log` row
- Geo Log Cursor processes the `geo_events` row
- Geo Log Cursor enqueues `Geo::EventWorker` job passing through the `geo_events` row data
- [Sidekiq](architecture.md#sidekiq) picks up `Geo::EventWorker` job
- Sidekiq inserts `job_artifact_registry` row in the [PostgreSQL Geo Tracking Database](#tracking-database) because it doesn't exist, and marks it "started sync"
- Sidekiq does a GET request on an API endpoint at the primary Geo site and downloads the file
- Sidekiq marks the `job_artifact_registry` row as "synced" and "pending verification"
##### Backfilling existing job artifacts
- Sysadmin has an existing GitLab site without Geo
- There are existing CI jobs and job artifacts
- Sysadmin sets up a new GitLab site and configures it to be a secondary Geo site
Secondary site:
There are two cronjobs running every minute: `Geo::Secondary::RegistryConsistencyWorker` and `Geo::RegistrySyncWorker`. The workflow below is split into two, along those lines.
```mermaid
sequenceDiagram
participant SC as Sidekiq-cron
participant R as Redis
participant S as Sidekiq
participant DB as PostgreSQL
participant TDB as PostgreSQL Tracking DB
SC->>R: Enqueue `Geo::Secondary::RegistryConsistencyWorker`
S->>R: Pick up `Geo::Secondary::RegistryConsistencyWorker`
S->>DB: Query `ci_job_artifacts`
S->>TDB: Query `job_artifact_registry`
S->>TDB: Insert to `job_artifact_registry`
```
- [Sidekiq-cron](https://github.com/ondrejbartas/sidekiq-cron) enqueues a `Geo::Secondary::RegistryConsistencyWorker` job every minute. As long as it is actively doing work (creating and deleting rows), this job immediately reenqueues itself. This job uses an exclusive lease to prevent multiple instances of itself from running simultaneously.
- [Sidekiq](architecture.md#sidekiq) picks up `Geo::Secondary::RegistryConsistencyWorker` job
- Sidekiq queries `ci_job_artifacts` table for up to 10000 rows
- Sidekiq queries `job_artifact_registry` table for up to 10000 rows
- Sidekiq inserts a `job_artifact_registry` row in the [PostgreSQL Geo Tracking Database](#tracking-database) corresponding to the existing Job Artifact
```mermaid
sequenceDiagram
participant SC as Sidekiq-cron
participant R as Redis
participant S as Sidekiq
participant DB as PostgreSQL
participant TDB as PostgreSQL Tracking DB
participant PP as Primary site Puma
SC->>R: Enqueue `Geo::RegistrySyncWorker`
S->>R: Pick up `Geo::RegistrySyncWorker`
S->>TDB: Query `*_registry` tables
S->>R: Enqueue `Geo::EventWorker`s
S->>R: Pick up `Geo::EventWorker`
S->>TDB: Insert to `job_artifact_registry`, "starting sync"
S->>PP: GET <primary site internal URL>/geo/retrieve/job_artifact/123
S->>TDB: Update `job_artifact_registry`, "synced"
```
- [Sidekiq-cron](https://github.com/ondrejbartas/sidekiq-cron) enqueues a `Geo::RegistrySyncWorker` job every minute. As long as it is actively doing work, this job loops for up to an hour scheduling sync jobs. This job uses an exclusive lease to prevent multiple instances of itself from running simultaneously.
- [Sidekiq](architecture.md#sidekiq) picks up `Geo::RegistrySyncWorker` job
- Sidekiq queries all `registry` tables in the [PostgreSQL Geo Tracking Database](#tracking-database) for "never attempted sync" rows. It interleaves rows from each table and adds them to an in-memory queue.
- If the previous step yielded less than 1000 rows, then Sidekiq queries all `registry` tables for "failed sync and ready to retry" rows and interleaves those and adds them to the in-memory queue.
- Sidekiq enqueues `Geo::EventWorker` jobs with arguments like "Job Artifact with ID 123 was updated" for each item in the queue, and tracks the enqueued Sidekiq job IDs.
- Sidekiq stops enqueuing `Geo::EventWorker` jobs when "maximum concurrency limit" settings are reached
- Sidekiq loops doing this kind of work until it has no more to do
- Sidekiq picks up `Geo::EventWorker` job
- Sidekiq marks the `job_artifact_registry` row as "started sync"
- Sidekiq does a GET request on an API endpoint at the primary Geo site and downloads the file
- Sidekiq marks the `job_artifact_registry` row as "synced" and "pending verification"
##### Verifying a new job artifact
Primary site:
```mermaid
sequenceDiagram
participant Ru as Runner
participant P as Puma
participant DB as PostgreSQL
participant SC as Sidekiq-cron
participant Rd as Redis
participant S as Sidekiq
participant F as Filesystem
Ru->>P: Upload artifact
P->>DB: Insert `ci_job_artifacts`
P->>DB: Insert `ci_job_artifact_states`
SC->>Rd: Enqueue `Geo::VerificationCronWorker`
S->>Rd: Pick up `Geo::VerificationCronWorker`
S->>DB: Query `ci_job_artifact_states`
S->>Rd: Enqueue `Geo::VerificationBatchWorker`
S->>Rd: Pick up `Geo::VerificationBatchWorker`
S->>DB: Query `ci_job_artifact_states`
S->>DB: Update `ci_job_artifact_states` row, "started"
S->>F: Checksum file
S->>DB: Update `ci_job_artifact_states` row, "succeeded"
```
- A [Runner](https://docs.gitlab.com/runner/) uploads an artifact
- [Puma](architecture.md#puma) creates a `ci_job_artifacts` row
- Puma creates a `ci_job_artifact_states` row to store verification state.
- The row is marked "pending verification"
- [Sidekiq-cron](https://github.com/ondrejbartas/sidekiq-cron) enqueues a `Geo::VerificationCronWorker` job every minute
- [Sidekiq](architecture.md#sidekiq) picks up the `Geo::VerificationCronWorker` job
- Sidekiq queries `ci_job_artifact_states` for the number of rows marked "pending verification" or "failed verification and ready to retry"
- Sidekiq enqueues one or more `Geo::VerificationBatchWorker` jobs, limited by the "maximum verification concurrency" setting
- Sidekiq picks up `Geo::VerificationBatchWorker` job
- Sidekiq queries `ci_job_artifact_states` for rows marked "pending verification"
- If the previous step yielded less than 10 rows, then Sidekiq queries `ci_job_artifact_states` for rows marked "failed verification and ready to retry"
- For each row
- Sidekiq marks it "started verification"
- Sidekiq gets the SHA256 checksum of the file
- Sidekiq saves the checksum in the row and marks it "succeeded verification"
- Now secondary Geo sites can compare against this checksum
Secondary site:
```mermaid
sequenceDiagram
participant SC as Sidekiq-cron
participant R as Redis
participant S as Sidekiq
participant TDB as PostgreSQL Tracking DB
participant F as Filesystem
participant DB as PostgreSQL
SC->>R: Enqueue `Geo::VerificationCronWorker`
S->>R: Pick up `Geo::VerificationCronWorker`
S->>TDB: Query `job_artifact_registry`
S->>R: Enqueue `Geo::VerificationBatchWorker`
S->>R: Pick up `Geo::VerificationBatchWorker`
S->>TDB: Query `job_artifact_registry`
S->>TDB: Update `job_artifact_registry` row, "started"
S->>F: Checksum file
S->>DB: Query `ci_job_artifact_states`
S->>TDB: Update `job_artifact_registry` row, "succeeded"
```
- After the artifact is successfully synced, it becomes "pending verification"
- [Sidekiq-cron](https://github.com/ondrejbartas/sidekiq-cron) enqueues a `Geo::VerificationCronWorker` job every minute
- [Sidekiq](architecture.md#sidekiq) picks up the `Geo::VerificationCronWorker` job
- Sidekiq queries `job_artifact_registry` in the [PostgreSQL Geo Tracking Database](#tracking-database) for the number of rows marked "pending verification" or "failed verification and ready to retry"
- Sidekiq enqueues one or more `Geo::VerificationBatchWorker` jobs, limited by the "maximum verification concurrency" setting
- Sidekiq picks up `Geo::VerificationBatchWorker` job
- Sidekiq queries `job_artifact_registry` in the PostgreSQL Geo Tracking Databasef for rows marked "pending verification"
- If the previous step yielded less than 10 rows, then Sidekiq queries `job_artifact_registry` for rows marked "failed verification and ready to retry"
- For each row
- Sidekiq marks it "started verification"
- Sidekiq gets the SHA256 checksum of the file
- Sidekiq saves the checksum in the row
- Sidekiq compares the checksum against the checksum in the `ci_job_artifact_states` row which was replicated by PostgreSQL
- If the checksum matches, then Sidekiq marks the `job_artifact_registry` row "succeeded verification"
## Authentication
@ -303,10 +488,7 @@ events include:
- Job Artifact Deleted event
- Upload Deleted event
### Geo Log Cursor
The process running on the **secondary** site that looks for new
`Geo::EventLog` rows.
See [Geo Log Cursor daemon](#geo-log-cursor-daemon).
## Code features
@ -415,7 +597,7 @@ We switch and filter from each event by the `event_name` field.
### Geo Log Cursor (GitLab 10.0 and up)
In GitLab 10.0 and later, [System Webhooks](#system-hooks-gitlab-87-to-95) are no longer
used and Geo Log Cursor is used instead. The Log Cursor traverses the
used and [Geo Log Cursor](#geo-log-cursor-daemon) is used instead. The Log Cursor traverses the
`Geo::EventLog` rows to see if there are changes since the last time
the log was checked and will handle repository updates, deletes,
changes, and renames.

19
doc/security/two_factor_authentication.md
View File

@ -46,19 +46,22 @@ Gitlab::CurrentSettings.update!('require_two_factor_authentication': false)
> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/24965) in GitLab 12.0, 2FA settings for a group are also applied to subgroups.
Prerequisites:
- You must have the Maintainer or Owner role for the group.
To enforce 2FA only for certain groups:
1. Go to the group's **Settings > General** page.
1. Expand the **Permissions and group features** section.
1. Select the **Require all users in this group to set up two-factor authentication** option.
1. On the top bar, select **Menu > Groups** and find your group.
1. On the left sidebar, select **Settings > General**.
1. Expand **Permissions and group features**.
1. Select **All users in this group must set up two-factor authentication**.
1. Select **Save changes**.
You can also specify a grace period in the **Time before enforced** option.
To change this setting, you must be an administrator or owner of the group.
You can also specify a grace period in the **Delay 2FA enforcement** option.
If you want to enforce 2FA only for certain groups, you can enable it in the
group settings and specify a grace period as above. To change this setting you
must be administrator or owner of the group.
group settings and specify a grace period as above.
The following are important notes about 2FA:

9
doc/update/index.md
View File

@ -460,10 +460,11 @@ and [Helm Chart deployments](https://docs.gitlab.com/charts/). They come with ap
### 15.2.0 (unreleased)
GitLab installations that have multiple web nodes should be
[upgraded to 15.1](#1510) before upgrading to 15.2 (and later) due to a
configuration change in Rails that can result in inconsistent ETag key
generation.
- GitLab installations that have multiple web nodes should be
[upgraded to 15.1](#1510) before upgrading to 15.2 (and later) due to a
configuration change in Rails that can result in inconsistent ETag key
generation.
- Some Sidekiq workers were renamed in this release. To avoid any disruption, [run the Rake tasks to migrate any pending jobs](../raketasks/sidekiq_job_migration.md#future-jobs) before starting the upgrade to GitLab 15.2.0.
### 15.1.0

2
doc/user/crm/index.md
View File

@ -39,7 +39,7 @@ To enable customer relations management in a group or subgroup:
1. On the top bar, select **Menu > Groups** and find your group or subgroup.
1. On the left sidebar, select **Settings > General**.
1. Expand the **Permissions and group features** section.
1. Select **Enable customer relations**.
1. Select **Customer relations is enabled**.
1. Select **Save changes**.
## Contacts

16
doc/user/group/index.md
View File

@ -240,7 +240,7 @@ To change this setting for a specific group:
1. Find the group and select it.
1. From the left menu, select **Settings > General**.
1. Expand the **Permissions and group features** section.
1. Select the desired option in the **Allowed to create projects** dropdown list.
1. Select the desired option in the **Roles allowed to create projects** dropdown list.
1. Select **Save changes**.
To change this setting globally, see [Default project creation protection](../admin_area/settings/visibility_and_access_controls.md#define-which-roles-can-create-projects).
@ -478,7 +478,7 @@ To prevent sharing outside of the group's hierarchy:
1. On the top bar, select **Menu > Groups** and find your group.
1. On the left sidebar, select **Settings > General**.
1. Expand **Permissions and group features**.
1. Select **Prevent members from sending invitations to groups outside of `<group_name>` and its subgroups**.
1. Select **Members cannot invite groups outside of `<group_name>` and its subgroups**.
1. Select **Save changes**.
## Prevent a project from being shared with groups
@ -490,7 +490,7 @@ To prevent a project from being shared with other groups:
1. Go to the group's **Settings > General** page.
1. Expand the **Permissions and group features** section.
1. Select **Prevent sharing a project in `<group_name>` with other groups**.
1. Select **Projects in `<group_name>` cannot be shared with other groups**.
1. Select **Save changes**.
This setting applies to all subgroups unless overridden by a group owner. Groups already
@ -582,7 +582,7 @@ To prevent members from being added to projects in a group:
1. Go to the group's **Settings > General** page.
1. Expand the **Permissions and group features** section.
1. Under **Membership**, select **Prevent adding new members to projects within this group**.
1. Under **Membership**, select **Users cannot be added to projects in this group**.
1. Select **Save changes**.
All users who previously had permissions can no longer add members to a group.
@ -636,7 +636,7 @@ To restrict group access by IP address:
1. Go to the group's **Settings > General** page.
1. Expand the **Permissions and group features** section.
1. In the **Allow access to the following IP addresses** field, enter IPv4 or IPv6 address ranges in CIDR notation.
1. In the **Restrict access by IP address** field, enter IPv4 or IPv6 address ranges in CIDR notation.
1. Select **Save changes**.
In self-managed installations of GitLab 15.1 and later, you can also configure
@ -729,7 +729,7 @@ To disable email notifications:
1. Go to the group's **Settings > General** page.
1. Expand the **Permissions and group features** section.
1. Select **Disable email notifications**.
1. Select **Email notifications are disabled**.
1. Select **Save changes**.
## Disable group mentions
@ -748,7 +748,7 @@ To disable group mentions:
1. Go to the group's **Settings > General** page.
1. Expand the **Permissions and group features** section.
1. Select **Disable group mentions**.
1. Select **Group mentions are disabled**.
1. Select **Save changes**.
## Enable delayed project deletion **(PREMIUM)**
@ -760,7 +760,7 @@ To disable group mentions:
> - [User interface changed](https://gitlab.com/gitlab-org/gitlab/-/issues/352961) in GitLab 15.1.
[Delayed project deletion](../project/settings/index.md#delayed-project-deletion) is locked and disabled unless the instance-level settings for
[deletion protection](../admin_area/settings/visibility_and_access_controls.md#deletion-protection) is enabled for either groups only or groups and projects.
[deletion protection](../admin_area/settings/visibility_and_access_controls.md#deletion-protection) are enabled for either groups only or groups and projects.
When enabled on groups, projects in the group are deleted after a period of delay. During this period, projects are in a read-only state and can be restored.
The default period is seven days but [is configurable at the instance level](../admin_area/settings/visibility_and_access_controls.md#retention-period).

2
doc/user/group/settings/group_access_tokens.md
View File

@ -141,7 +141,7 @@ To enable or disable group access token creation for all sub-groups in a top-lev
1. On the top bar, select **Menu > Groups** and find your group.
1. On the left sidebar, select **Settings > General**.
1. Expand **Permissions and group features**.
1. Under **Permissions**, turn on or off **Allow project and group access token creation**.
1. Under **Permissions**, turn on or off **Users can create project access tokens and group access tokens in this group**.
Even when creation is disabled, you can still use and revoke existing group access tokens.

13
doc/user/group/subgroups/index.md
View File

@ -73,21 +73,20 @@ To create a subgroup:
To create a subgroup, you must have at least the Maintainer role on the group, depending on the group's setting. By
default:
- In GitLab 12.2 or later, users with at least the Maintainer role can create subgroups.
- In GitLab 12.1 or earlier, only users with the Owner role can create subgroups.
To change who can create subgroups on a group:
- As a user with the Owner role on the group:
1. On the top bar, select **Menu > Groups** and find the group.
1. On the top bar, select **Menu > Groups** and find your group.
1. On the left sidebar, select **Settings > General**.
1. Expand **Permissions and group features**.
1. Select a role from the **Allowed to create subgroups** dropdown.
1. Select a role from **Roles allowed to create subgroups**.
1. Select **Save changes**.
- As an administrator:
1. On the top bar, select **Menu > Admin**.
1. On the left sidebar, select **Overview > Groups**.
1. Select the group, and select **Edit**.
1. Select a role from the **Allowed to create subgroups** dropdown.
1. In the group's row select **Edit**.
1. Select a role from **Allowed to create subgroups**.
1. Select **Save changes**.
For more information, view the [permissions table](../../permissions.md#group-members-permissions).

31
lib/gitlab/background_migration/backfill_ci_runner_semver.rb Normal file
View File

@ -0,0 +1,31 @@
# frozen_string_literal: true
module Gitlab
module BackgroundMigration
# A job to update semver column in ci_runners in batches based on existing version values
class BackfillCiRunnerSemver < Gitlab::BackgroundMigration::BatchedMigrationJob
def perform
each_sub_batch(
operation_name: :backfill_ci_runner_semver,
batching_scope: ->(relation) { relation.where('semver::cidr IS NULL') }
) do |sub_batch|
ranged_query = sub_batch.select(
%q(id AS r_id,
substring(ci_runners.version FROM 'v?(\d+\.\d+\.\d+)') AS extracted_semver)
)
update_sql = <<~SQL
UPDATE
ci_runners
SET semver = extracted_semver
FROM (#{ranged_query.to_sql}) v
WHERE id = v.r_id
AND v.extracted_semver IS NOT NULL
SQL
connection.execute(update_sql)
end
end
end
end
end

3
lib/tasks/gitlab/web_hook.rake
View File

@ -39,7 +39,8 @@ namespace :gitlab do
web_hooks.find_each do |hook|
next unless hook.url == web_hook_url
result = WebHooks::DestroyService.new(nil).sync_destroy(hook)
user = hook.parent.owners.first
result = WebHooks::DestroyService.new(user).execute(hook)
raise "Unable to destroy Web hook" unless result[:status] == :success

108
locale/gitlab.pot
View File

@ -3768,6 +3768,9 @@ msgstr ""
msgid "All threads resolved!"
msgstr ""
msgid "All users in this group must set up two-factor authentication"
msgstr ""
msgid "All users must accept the Terms of Service and Privacy Policy to access GitLab"
msgstr ""
@ -3780,12 +3783,6 @@ msgstr ""
msgid "Allow \"%{group_name}\" to sign you in"
msgstr ""
msgid "Allow access only to members of this group"
msgstr ""
msgid "Allow access to everyone"
msgstr ""
msgid "Allow access to members of the following group"
msgstr ""
@ -3828,9 +3825,6 @@ msgstr ""
msgid "Allow public access to pipelines and job details, including output logs and artifacts."
msgstr ""
msgid "Allow subgroups to set up their own two-factor authentication rules"
msgstr ""
msgid "Allow this key to push to this repository"
msgstr ""
@ -3843,9 +3837,6 @@ msgstr ""
msgid "Allow users to register any application to use GitLab as an OAuth provider"
msgstr ""
msgid "Allow users to request access (if visibility is public or internal)"
msgstr ""
msgid "Allowed"
msgstr ""
@ -12023,6 +12014,9 @@ msgstr ""
msgid "Definition"
msgstr ""
msgid "Delay 2FA enforcement (hours)"
msgstr ""
msgid "DelayedJobs|Are you sure you want to run %{jobName} immediately? Otherwise this job will run automatically after its timer finishes."
msgstr ""
@ -13314,9 +13308,6 @@ msgstr ""
msgid "Disable group runners"
msgstr ""
msgid "Disable the group-level wiki"
msgstr ""
msgid "Disable two-factor authentication"
msgstr ""
@ -15196,6 +15187,9 @@ msgstr ""
msgid "Everyone With Access"
msgstr ""
msgid "Everyone can access the wiki."
msgstr ""
msgid "Everyone can contribute"
msgstr ""
@ -18000,6 +17994,9 @@ msgstr ""
msgid "Group wikis"
msgstr ""
msgid "Group-level wiki is disabled."
msgstr ""
msgid "Group: %{group_name}"
msgstr ""
@ -18276,12 +18273,6 @@ msgstr ""
msgid "GroupSelect|Select a group"
msgstr ""
msgid "GroupSettings|Allow project and group access token creation"
msgstr ""
msgid "GroupSettings|Allows creating organizations and contacts and associating them with issues."
msgstr ""
msgid "GroupSettings|Applied to all subgroups unless overridden by a group owner. Groups already added to the project lose access."
msgstr ""
@ -18318,30 +18309,39 @@ msgstr ""
msgid "GroupSettings|Custom project templates"
msgstr ""
msgid "GroupSettings|Customer relations is enabled"
msgstr ""
msgid "GroupSettings|Customize this group's badges."
msgstr ""
msgid "GroupSettings|Default to Auto DevOps pipeline for all projects within this group"
msgstr ""
msgid "GroupSettings|Disable email notifications"
msgstr ""
msgid "GroupSettings|Disable group mentions"
msgstr ""
msgid "GroupSettings|Enable customer relations"
msgid "GroupSettings|Email notifications are disabled"
msgstr ""
msgid "GroupSettings|Export group"
msgstr ""
msgid "GroupSettings|Group members are not notified if the group is mentioned."
msgstr ""
msgid "GroupSettings|Group mentions are disabled"
msgstr ""
msgid "GroupSettings|If not specified at the group or instance level, the default is %{default_initial_branch_name}. Does not affect existing repositories."
msgstr ""
msgid "GroupSettings|If the parent group's visibility is lower than the group's current visibility, visibility levels for subgroups and projects will be changed to match the new parent group's visibility."
msgstr ""
msgid "GroupSettings|Members cannot invite groups outside of %{group} and its subgroups"
msgstr ""
msgid "GroupSettings|Organizations and contacts can be created and associated with issues."
msgstr ""
msgid "GroupSettings|Overrides user notification preferences for all members of the group, subgroups, and projects."
msgstr ""
@ -18357,13 +18357,7 @@ msgstr ""
msgid "GroupSettings|Prevent forking setting was not saved"
msgstr ""
msgid "GroupSettings|Prevent members from sending invitations to groups outside of %{group} and its subgroups"
msgstr ""
msgid "GroupSettings|Prevent sharing a project within %{group} with other groups"
msgstr ""
msgid "GroupSettings|Prevents group members from being notified if the group is mentioned."
msgid "GroupSettings|Projects in %{group} cannot be shared with other groups"
msgstr ""
msgid "GroupSettings|Select a subgroup to use as the source for custom project templates for this group."
@ -18408,7 +18402,7 @@ msgstr ""
msgid "GroupSettings|Transfer group"
msgstr ""
msgid "GroupSettings|Users can create %{link_start_project}project access tokens%{link_end} and %{link_start_group}group access tokens%{link_end} in this group."
msgid "GroupSettings|Users can create %{link_start_project}project access tokens%{link_end} and %{link_start_group}group access tokens%{link_end} in this group"
msgstr ""
msgid "GroupSettings|What are badges?"
@ -25156,9 +25150,6 @@ msgstr ""
msgid "Multiple Prometheus integrations are not supported"
msgstr ""
msgid "Multiple domains are supported."
msgstr ""
msgid "Multiple model types found: %{model_types}"
msgstr ""
@ -26777,6 +26768,9 @@ msgstr ""
msgid "Only include features new to your current subscription tier."
msgstr ""
msgid "Only members of this group can access the wiki."
msgstr ""
msgid "Only policy:"
msgstr ""
@ -26798,10 +26792,10 @@ msgstr ""
msgid "Only use lowercase letters, numbers, and underscores."
msgstr ""
msgid "Only users from the specified IP address ranges are able to reach this group, including all subgroups, projects, and Git repositories."
msgid "Only users from the specified IP address ranges can reach this group, including all subgroups, projects, and Git repositories."
msgstr ""
msgid "Only verified users with an email address in any of these domains can be added to the group."
msgid "Only verified users with an email address in any of these domains can be added to the group. Multiple domains are supported."
msgstr ""
msgid "Only Reporter roles and above on tiers Premium and above can see Productivity Analytics."
@ -28999,9 +28993,6 @@ msgstr ""
msgid "Prev"
msgstr ""
msgid "Prevent adding new members to projects within this group"
msgstr ""
msgid "Prevent auto-stopping"
msgstr ""
@ -29746,6 +29737,9 @@ msgstr ""
msgid "ProjectCreationLevel|No one"
msgstr ""
msgid "ProjectCreationLevel|Roles allowed to create projects"
msgstr ""
msgid "ProjectFileTree|Name"
msgstr ""
@ -30478,6 +30472,9 @@ msgstr ""
msgid "Projects help you organize your work. They contain your file repository, issues, merge requests, and so much more."
msgstr ""
msgid "Projects in this group can use Git LFS"
msgstr ""
msgid "Projects shared with %{group_name}"
msgstr ""
@ -32524,9 +32521,6 @@ msgstr ""
msgid "Require additional authentication for administrative tasks."
msgstr ""
msgid "Require all users in this group to set up two-factor authentication"
msgstr ""
msgid "Required approvals (%{approvals_given} given)"
msgstr ""
@ -32708,6 +32702,9 @@ msgstr ""
msgid "Restoring the project will prevent the project from being removed on this date and restore people's ability to make changes to it."
msgstr ""
msgid "Restrict access by IP address"
msgstr ""
msgid "Restrict membership by email domain"
msgstr ""
@ -36834,7 +36831,7 @@ msgstr ""
msgid "Subgroup navigation"
msgstr ""
msgid "SubgroupCreationLevel|Allowed to create subgroups"
msgid "SubgroupCreationLevel|Roles allowed to create subgroups"
msgstr ""
msgid "SubgroupCreationlevel|Allowed to create subgroups"
@ -36852,6 +36849,9 @@ msgstr ""
msgid "Subgroups and projects"
msgstr ""
msgid "Subgroups can set up their own two-factor authentication rules"
msgstr ""
msgid "Subject Key Identifier:"
msgstr ""
@ -38411,6 +38411,9 @@ msgstr ""
msgid "The list creation wizard is already open"
msgstr ""
msgid "The maximum amount of time users have to set up two-factor authentication before it's enforced."
msgstr ""
msgid "The maximum file size allowed is %{size}."
msgstr ""
@ -39620,9 +39623,6 @@ msgstr ""
msgid "Time before an issue starts implementation"
msgstr ""
msgid "Time before enforced"
msgstr ""
msgid "Time between merge request creation and merge/close"
msgstr ""
@ -41868,6 +41868,12 @@ msgstr ""
msgid "Users can render diagrams in AsciiDoc, Markdown, reStructuredText, and Textile documents using Kroki."
msgstr ""
msgid "Users can request access (if visibility is public or internal)"
msgstr ""
msgid "Users cannot be added to projects in this group"
msgstr ""
msgid "Users in License"
msgstr ""

4
spec/features/groups/group_settings_spec.rb
View File

@ -89,7 +89,7 @@ RSpec.describe 'Edit group settings' do
it 'shows the selection menu' do
visit edit_group_path(group)
expect(page).to have_content('Allowed to create projects')
expect(page).to have_content('Roles allowed to create projects')
end
end
@ -97,7 +97,7 @@ RSpec.describe 'Edit group settings' do
it 'shows the selection menu' do
visit edit_group_path(group)
expect(page).to have_content('Allowed to create subgroups')
expect(page).to have_content('Roles allowed to create subgroups')
end
end

54
spec/lib/gitlab/background_migration/backfill_ci_runner_semver_spec.rb Normal file
View File

@ -0,0 +1,54 @@
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Gitlab::BackgroundMigration::BackfillCiRunnerSemver, :migration, schema: 20220601151900 do
let(:ci_runners) { table(:ci_runners, database: :ci) }
subject do
described_class.new(
start_id: 10,
end_id: 15,
batch_table: :ci_runners,
batch_column: :id,
sub_batch_size: 10,
pause_ms: 0,
connection: Ci::ApplicationRecord.connection)
end
describe '#perform' do
it 'populates semver column on all runners in range' do
ci_runners.create!(id: 10, runner_type: 1, version: %q(HEAD-fd84d97))
ci_runners.create!(id: 11, runner_type: 1, version: %q(v1.2.3))
ci_runners.create!(id: 12, runner_type: 1, version: %q(2.1.0))
ci_runners.create!(id: 13, runner_type: 1, version: %q(11.8.0~beta.935.g7f6d2abc))
ci_runners.create!(id: 14, runner_type: 1, version: %q(13.2.2/1.1.0))
ci_runners.create!(id: 15, runner_type: 1, version: %q('14.3.4'))
subject.perform
expect(ci_runners.all).to contain_exactly(
an_object_having_attributes(id: 10, semver: nil),
an_object_having_attributes(id: 11, semver: '1.2.3'),
an_object_having_attributes(id: 12, semver: '2.1.0'),
an_object_having_attributes(id: 13, semver: '11.8.0'),
an_object_having_attributes(id: 14, semver: '13.2.2'),
an_object_having_attributes(id: 15, semver: '14.3.4')
)
end
it 'skips runners that already have semver value' do
ci_runners.create!(id: 10, runner_type: 1, version: %q(1.2.4), semver: '1.2.3')
ci_runners.create!(id: 11, runner_type: 1, version: %q(1.2.5))
ci_runners.create!(id: 12, runner_type: 1, version: %q(HEAD), semver: '1.2.4')
subject.perform
expect(ci_runners.all).to contain_exactly(
an_object_having_attributes(id: 10, semver: '1.2.3'),
an_object_having_attributes(id: 11, semver: '1.2.5'),
an_object_having_attributes(id: 12, semver: '1.2.4')
)
end
end
end

26
spec/models/clusters/integrations/prometheus_spec.rb
View File

@ -26,19 +26,6 @@ RSpec.describe Clusters::Integrations::Prometheus do
integration.destroy!
end
context 'when the FF :rename_integrations_workers is disabled' do
before do
stub_feature_flags(rename_integrations_workers: false)
end
it 'uses the old worker' do
expect(Clusters::Applications::DeactivateServiceWorker)
.to receive(:perform_async).with(cluster.id, 'prometheus')
integration.destroy!
end
end
end
describe 'after_save' do
@ -70,19 +57,6 @@ RSpec.describe Clusters::Integrations::Prometheus do
integration.update!(enabled: true)
end
context 'when the FF :rename_integrations_workers is disabled' do
before do
stub_feature_flags(rename_integrations_workers: false)
end
it 'uses the old worker' do
expect(Clusters::Applications::ActivateServiceWorker)
.to receive(:perform_async).with(cluster.id, 'prometheus')
integration.update!(enabled: true)
end
end
end
context 'when disabling' do

14
spec/models/integration_spec.rb
View File

@ -1218,7 +1218,6 @@ RSpec.describe Integration do
it 'queues a Integrations::ExecuteWorker' do
expect(Integrations::ExecuteWorker).to receive(:perform_async).with(integration.id, data)
expect(ProjectServiceWorker).not_to receive(:perform_async)
async_execute
end
@ -1232,18 +1231,5 @@ RSpec.describe Integration do
async_execute
end
end
context 'when the FF :rename_integration_workers is disabled' do
before do
stub_feature_flags(rename_integrations_workers: false)
end
it 'queues a ProjectServiceWorker' do
expect(ProjectServiceWorker).to receive(:perform_async).with(integration.id, data)
expect(Integrations::ExecuteWorker).not_to receive(:perform_async)
async_execute
end
end
end
end

14
spec/models/integrations/irker_spec.rb
View File

@ -76,19 +76,5 @@ RSpec.describe Integrations::Irker do
ensure
conn.close if conn
end
context 'when the FF :rename_integrations_workers is disabled' do
before do
stub_feature_flags(rename_integrations_workers: false)
end
it 'queues a IrkerWorker' do
expect(::IrkerWorker).to receive(:perform_async)
.with(project.id, irker.channels, colorize_messages, sample_data, irker.settings)
expect(Integrations::IrkerWorker).not_to receive(:perform_async)
irker.execute(sample_data)
end
end
end
end

6
spec/services/projects/destroy_service_spec.rb
View File

@ -454,10 +454,10 @@ RSpec.describe Projects::DestroyService, :aggregate_failures, :event_store_publi
it 'deletes webhooks and logs related to project' do
expect_next_instance_of(WebHooks::DestroyService, user) do |instance|
expect(instance).to receive(:sync_destroy).with(web_hook1).and_call_original
expect(instance).to receive(:execute).with(web_hook1).and_call_original
end
expect_next_instance_of(WebHooks::DestroyService, user) do |instance|
expect(instance).to receive(:sync_destroy).with(web_hook2).and_call_original
expect(instance).to receive(:execute).with(web_hook2).and_call_original
end
expect do
@ -468,7 +468,7 @@ RSpec.describe Projects::DestroyService, :aggregate_failures, :event_store_publi
context 'when an error is raised deleting webhooks' do
before do
allow_next_instance_of(WebHooks::DestroyService) do |instance|
allow(instance).to receive(:sync_destroy).and_return(message: 'foo', status: :error)
allow(instance).to receive(:execute).and_return(message: 'foo', status: :error)
end
end

2
spec/views/groups/edit.html.haml_spec.rb
View File

@ -24,7 +24,7 @@ RSpec.describe 'groups/edit.html.haml' do
render
expect(rendered).to have_content("Prevent sharing a project within #{test_group.name} with other groups")
expect(rendered).to have_content("Projects in #{test_group.name} cannot be shared with other groups")
expect(rendered).to have_content('help text here')
expect(rendered).to have_field('group_share_with_group_lock', **checkbox_options)
end

9
spec/workers/clusters/applications/activate_integration_worker_spec.rb
View File

@ -40,15 +40,6 @@ RSpec.describe Clusters::Applications::ActivateIntegrationWorker, '#perform' do
expect { described_class.new.perform(cluster.id, integration_name) }
.to change { project.reload.prometheus_integration&.active }.from(nil).to(true)
end
context 'when using the old worker class' do
let(:described_class) { Clusters::Applications::ActivateServiceWorker }
it 'ensures Prometheus integration is activated' do
expect { described_class.new.perform(cluster.id, integration_name) }
.to change { project.reload.prometheus_integration&.active }.from(nil).to(true)
end
end
end
end
end

9
spec/workers/clusters/applications/deactivate_integration_worker_spec.rb
View File

@ -46,15 +46,6 @@ RSpec.describe Clusters::Applications::DeactivateIntegrationWorker, '#perform' d
expect { described_class.new.perform(cluster.id, integration_name) }
.to change { prometheus_integration.reload.active }.from(true).to(false)
end
context 'when using the old worker class' do
let(:described_class) { Clusters::Applications::ActivateServiceWorker }
it 'ensures Prometheus integration is deactivated' do
expect { described_class.new.perform(cluster.id, integration_name) }
.to change { prometheus_integration.reload.active }.from(true).to(false)
end
end
end
end

4
spec/workers/every_sidekiq_worker_spec.rb
View File

@ -181,9 +181,7 @@ RSpec.describe 'Every Sidekiq worker' do
'ClusterWaitForAppUpdateWorker' => 3,
'ClusterWaitForIngressIpAddressWorker' => 3,
'Clusters::Applications::ActivateIntegrationWorker' => 3,
'Clusters::Applications::ActivateServiceWorker' => 3,
'Clusters::Applications::DeactivateIntegrationWorker' => 3,
'Clusters::Applications::DeactivateServiceWorker' => 3,
'Clusters::Applications::UninstallWorker' => 3,
'Clusters::Applications::WaitForUninstallAppWorker' => 3,
'Clusters::Cleanup::AppWorker' => 3,
@ -310,7 +308,6 @@ RSpec.describe 'Every Sidekiq worker' do
'Integrations::ExecuteWorker' => 3,
'Integrations::IrkerWorker' => 3,
'InvalidGpgSignatureUpdateWorker' => 3,
'IrkerWorker' => 3,
'IssuableExportCsvWorker' => 3,
'Issues::PlacementWorker' => 3,
'Issues::RebalancingWorker' => 3,
@ -381,7 +378,6 @@ RSpec.describe 'Every Sidekiq worker' do
'ProjectExportWorker' => false,
'ProjectImportScheduleWorker' => 1,
'ProjectScheduleBulkRepositoryShardMovesWorker' => 3,
'ProjectServiceWorker' => 3,
'ProjectTemplateExportWorker' => false,
'ProjectUpdateRepositoryStorageWorker' => 3,
'Projects::GitGarbageCollectWorker' => false,

22
spec/workers/integrations/execute_worker_spec.rb
View File

@ -36,26 +36,4 @@ RSpec.describe Integrations::ExecuteWorker, '#perform' do
end.not_to raise_error
end
end
context 'when using the old worker class' do
let(:described_class) { ProjectServiceWorker }
it 'uses the correct worker attributes', :aggregate_failures do
expect(described_class.sidekiq_options).to include('retry' => 3, 'dead' => false)
expect(described_class.get_data_consistency).to eq(:always)
expect(described_class.get_feature_category).to eq(:integrations)
expect(described_class.get_urgency).to eq(:low)
expect(described_class.worker_has_external_dependencies?).to be(true)
end
it 'executes integration with given data' do
data = { test: 'test' }
expect_next_found_instance_of(integration.class) do |integration|
expect(integration).to receive(:execute).with(data)
end
worker.perform(integration.id, data)
end
end
end

6
spec/workers/integrations/irker_worker_spec.rb
View File

@ -101,12 +101,6 @@ RSpec.describe Integrations::IrkerWorker, '#perform' do
subject.perform(*arguments)
end
end
context 'when using the old worker class' do
let(:described_class) { ::IrkerWorker }
it { expect(subject.perform(*arguments)).to be_truthy }
end
end
def wrap_message(text)

64
spec/workers/web_hooks/destroy_worker_spec.rb
View File

@ -1,64 +0,0 @@
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe WebHooks::DestroyWorker do
include AfterNextHelpers
let_it_be(:project) { create(:project) }
let_it_be(:user) { create(:user) }
before_all do
project.add_maintainer(user)
end
subject { described_class.new }
describe "#perform" do
context 'with a Web hook' do
let!(:hook) { create(:project_hook, project: project) }
let!(:other_hook) { create(:project_hook, project: project) }
let!(:log) { create(:web_hook_log, web_hook: hook) }
let!(:other_log) { create(:web_hook_log, web_hook: other_hook) }
it "deletes the Web hook and logs", :aggregate_failures do
expect(WebHooks::LogDestroyWorker).to receive(:perform_async)
expect { subject.perform(user.id, hook.id) }
.to change { WebHook.count }.from(2).to(1)
expect(WebHook.find(other_hook.id)).to be_present
expect(WebHookLog.find(other_log.id)).to be_present
end
it "raises and tracks an error if destroy failed" do
expect_next(::WebHooks::DestroyService)
.to receive(:sync_destroy).with(anything)
.and_return(ServiceResponse.error(message: "failed"))
expect(Gitlab::ErrorTracking)
.to receive(:track_and_raise_exception)
.with(an_instance_of(described_class::DestroyError), { web_hook_id: hook.id })
.and_call_original
expect { subject.perform(user.id, hook.id) }.to raise_error(described_class::DestroyError)
end
context 'with unknown hook' do
it 'does not raise an error' do
expect { subject.perform(user.id, non_existing_record_id) }.not_to raise_error
expect(WebHook.count).to eq(2)
end
end
context 'with unknown user' do
it 'does not raise an error' do
expect { subject.perform(non_existing_record_id, hook.id) }.not_to raise_error
expect(WebHook.count).to eq(2)
end
end
end
end
end