Add latest changes from gitlab-org/gitlab@master
This commit is contained in:
parent
17b492274d
commit
2f8483621e
|
@ -37,6 +37,7 @@ build-qa-image:
|
||||||
--destination=${QA_IMAGE_BRANCH} \
|
--destination=${QA_IMAGE_BRANCH} \
|
||||||
--build-arg=CHROME_VERSION=${CHROME_VERSION} \
|
--build-arg=CHROME_VERSION=${CHROME_VERSION} \
|
||||||
--build-arg=DOCKER_VERSION=${DOCKER_VERSION} \
|
--build-arg=DOCKER_VERSION=${DOCKER_VERSION} \
|
||||||
|
--build-arg=QA_BUILD_TARGET=${QA_BUILD_TARGET:-qa} \
|
||||||
--cache=true
|
--cache=true
|
||||||
|
|
||||||
# This image is used by:
|
# This image is used by:
|
||||||
|
|
|
@ -90,19 +90,6 @@ export default {
|
||||||
:label="__('Code')"
|
:label="__('Code')"
|
||||||
@execute="trackToolbarControlExecution"
|
@execute="trackToolbarControlExecution"
|
||||||
/>
|
/>
|
||||||
<toolbar-button
|
|
||||||
data-testid="link"
|
|
||||||
content-type="link"
|
|
||||||
icon-name="link"
|
|
||||||
editor-command="toggleLink"
|
|
||||||
:editor-command-params="/* eslint-disable @gitlab/vue-no-new-non-primitive-in-template */ {
|
|
||||||
href: '',
|
|
||||||
} /* eslint-enable @gitlab/vue-no-new-non-primitive-in-template */"
|
|
||||||
category="tertiary"
|
|
||||||
size="medium"
|
|
||||||
:label="__('Insert link')"
|
|
||||||
@execute="trackToolbarControlExecution"
|
|
||||||
/>
|
|
||||||
<toolbar-button
|
<toolbar-button
|
||||||
data-testid="superscript"
|
data-testid="superscript"
|
||||||
content-type="superscript"
|
content-type="superscript"
|
||||||
|
@ -123,6 +110,19 @@ export default {
|
||||||
:label="__('Subscript')"
|
:label="__('Subscript')"
|
||||||
@execute="trackToolbarControlExecution"
|
@execute="trackToolbarControlExecution"
|
||||||
/>
|
/>
|
||||||
|
<toolbar-button
|
||||||
|
data-testid="link"
|
||||||
|
content-type="link"
|
||||||
|
icon-name="link"
|
||||||
|
editor-command="toggleLink"
|
||||||
|
:editor-command-params="/* eslint-disable @gitlab/vue-no-new-non-primitive-in-template */ {
|
||||||
|
href: '',
|
||||||
|
} /* eslint-enable @gitlab/vue-no-new-non-primitive-in-template */"
|
||||||
|
category="tertiary"
|
||||||
|
size="medium"
|
||||||
|
:label="__('Insert link')"
|
||||||
|
@execute="trackToolbarControlExecution"
|
||||||
|
/>
|
||||||
</gl-button-group>
|
</gl-button-group>
|
||||||
</bubble-menu>
|
</bubble-menu>
|
||||||
</template>
|
</template>
|
||||||
|
|
|
@ -0,0 +1,24 @@
|
||||||
|
# frozen_string_literal: true
|
||||||
|
|
||||||
|
module GoogleAnalyticsCSP
|
||||||
|
extend ActiveSupport::Concern
|
||||||
|
|
||||||
|
included do
|
||||||
|
content_security_policy do |policy|
|
||||||
|
next unless helpers.google_tag_manager_enabled? || policy.directives.present?
|
||||||
|
|
||||||
|
default_script_src = policy.directives['script-src'] || policy.directives['default-src']
|
||||||
|
script_src_values = Array.wrap(default_script_src) | ['*.googletagmanager.com']
|
||||||
|
policy.script_src(*script_src_values)
|
||||||
|
|
||||||
|
default_img_src = policy.directives['img-src'] || policy.directives['default-src']
|
||||||
|
img_src_values = Array.wrap(default_img_src) | ['*.google-analytics.com', '*.googletagmanager.com']
|
||||||
|
policy.img_src(*img_src_values)
|
||||||
|
|
||||||
|
default_connect_src = policy.directives['connect-src'] || policy.directives['default-src']
|
||||||
|
connect_src_values =
|
||||||
|
Array.wrap(default_connect_src) | ['*.google-analytics.com', '*.analytics.google.com', '*.googletagmanager.com']
|
||||||
|
policy.connect_src(*connect_src_values)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
|
@ -4,6 +4,7 @@ class ConfirmationsController < Devise::ConfirmationsController
|
||||||
include AcceptsPendingInvitations
|
include AcceptsPendingInvitations
|
||||||
include GitlabRecaptcha
|
include GitlabRecaptcha
|
||||||
include OneTrustCSP
|
include OneTrustCSP
|
||||||
|
include GoogleAnalyticsCSP
|
||||||
|
|
||||||
prepend_before_action :check_recaptcha, only: :create
|
prepend_before_action :check_recaptcha, only: :create
|
||||||
before_action :load_recaptcha, only: :new
|
before_action :load_recaptcha, only: :new
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
module Registrations
|
module Registrations
|
||||||
class WelcomeController < ApplicationController
|
class WelcomeController < ApplicationController
|
||||||
include OneTrustCSP
|
include OneTrustCSP
|
||||||
|
include GoogleAnalyticsCSP
|
||||||
|
|
||||||
layout 'minimal'
|
layout 'minimal'
|
||||||
skip_before_action :authenticate_user!, :required_signup_info, :check_two_factor_requirement, only: [:show, :update]
|
skip_before_action :authenticate_user!, :required_signup_info, :check_two_factor_requirement, only: [:show, :update]
|
||||||
|
|
|
@ -7,6 +7,7 @@ class RegistrationsController < Devise::RegistrationsController
|
||||||
include InvisibleCaptchaOnSignup
|
include InvisibleCaptchaOnSignup
|
||||||
include OneTrustCSP
|
include OneTrustCSP
|
||||||
include BizibleCSP
|
include BizibleCSP
|
||||||
|
include GoogleAnalyticsCSP
|
||||||
|
|
||||||
layout 'devise'
|
layout 'devise'
|
||||||
|
|
||||||
|
|
|
@ -12,6 +12,7 @@ class SessionsController < Devise::SessionsController
|
||||||
include OneTrustCSP
|
include OneTrustCSP
|
||||||
include BizibleCSP
|
include BizibleCSP
|
||||||
include VerifiesWithEmail
|
include VerifiesWithEmail
|
||||||
|
include GoogleAnalyticsCSP
|
||||||
|
|
||||||
skip_before_action :check_two_factor_requirement, only: [:destroy]
|
skip_before_action :check_two_factor_requirement, only: [:destroy]
|
||||||
skip_before_action :check_password_expiration, only: [:destroy]
|
skip_before_action :check_password_expiration, only: [:destroy]
|
||||||
|
|
|
@ -4,6 +4,7 @@ module Users
|
||||||
class TermsController < ApplicationController
|
class TermsController < ApplicationController
|
||||||
include InternalRedirect
|
include InternalRedirect
|
||||||
include OneTrustCSP
|
include OneTrustCSP
|
||||||
|
include GoogleAnalyticsCSP
|
||||||
|
|
||||||
skip_before_action :authenticate_user!, only: [:index]
|
skip_before_action :authenticate_user!, only: [:index]
|
||||||
skip_before_action :enforce_terms!
|
skip_before_action :enforce_terms!
|
||||||
|
|
|
@ -0,0 +1,11 @@
|
||||||
|
# rubocop:disable Naming/FileName
|
||||||
|
# frozen_string_literal: true
|
||||||
|
|
||||||
|
module Packages
|
||||||
|
module FIPS
|
||||||
|
extend ActiveSupport::Concern
|
||||||
|
|
||||||
|
DisabledError = Class.new(StandardError)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
# rubocop:enable Naming/FileName
|
|
@ -4,6 +4,7 @@ module Packages
|
||||||
module Debian
|
module Debian
|
||||||
class FileEntry
|
class FileEntry
|
||||||
include ActiveModel::Model
|
include ActiveModel::Model
|
||||||
|
include ::Packages::FIPS
|
||||||
|
|
||||||
DIGESTS = %i[md5 sha1 sha256].freeze
|
DIGESTS = %i[md5 sha1 sha256].freeze
|
||||||
FILENAME_REGEX = %r{\A[a-zA-Z0-9][a-zA-Z0-9_.~+-]*\z}.freeze
|
FILENAME_REGEX = %r{\A[a-zA-Z0-9][a-zA-Z0-9_.~+-]*\z}.freeze
|
||||||
|
@ -31,6 +32,8 @@ module Packages
|
||||||
private
|
private
|
||||||
|
|
||||||
def valid_package_file_digests
|
def valid_package_file_digests
|
||||||
|
raise DisabledError, 'Debian registry is not FIPS compliant' if Gitlab::FIPS.enabled?
|
||||||
|
|
||||||
DIGESTS.each do |digest|
|
DIGESTS.each do |digest|
|
||||||
package_file_digest = package_file["file_#{digest}"]
|
package_file_digest = package_file["file_#{digest}"]
|
||||||
sum = public_send("#{digest}sum") # rubocop:disable GitlabSecurity/PublicSend
|
sum = public_send("#{digest}sum") # rubocop:disable GitlabSecurity/PublicSend
|
||||||
|
|
|
@ -3,12 +3,15 @@
|
||||||
module Packages
|
module Packages
|
||||||
module Debian
|
module Debian
|
||||||
class CreatePackageFileService
|
class CreatePackageFileService
|
||||||
|
include ::Packages::FIPS
|
||||||
|
|
||||||
def initialize(package, params)
|
def initialize(package, params)
|
||||||
@package = package
|
@package = package
|
||||||
@params = params
|
@params = params
|
||||||
end
|
end
|
||||||
|
|
||||||
def execute
|
def execute
|
||||||
|
raise DisabledError, 'Debian registry is not FIPS compliant' if Gitlab::FIPS.enabled?
|
||||||
raise ArgumentError, "Invalid package" unless package.present?
|
raise ArgumentError, "Invalid package" unless package.present?
|
||||||
|
|
||||||
# Debian package file are first uploaded to incoming with empty metadata,
|
# Debian package file are first uploaded to incoming with empty metadata,
|
||||||
|
|
|
@ -4,6 +4,7 @@ module Packages
|
||||||
module Debian
|
module Debian
|
||||||
class ExtractChangesMetadataService
|
class ExtractChangesMetadataService
|
||||||
include Gitlab::Utils::StrongMemoize
|
include Gitlab::Utils::StrongMemoize
|
||||||
|
include ::Packages::FIPS
|
||||||
|
|
||||||
ExtractionError = Class.new(StandardError)
|
ExtractionError = Class.new(StandardError)
|
||||||
|
|
||||||
|
@ -13,6 +14,8 @@ module Packages
|
||||||
end
|
end
|
||||||
|
|
||||||
def execute
|
def execute
|
||||||
|
raise DisabledError, 'Debian registry is not FIPS compliant' if Gitlab::FIPS.enabled?
|
||||||
|
|
||||||
{
|
{
|
||||||
file_type: file_type,
|
file_type: file_type,
|
||||||
architecture: metadata[:architecture],
|
architecture: metadata[:architecture],
|
||||||
|
|
|
@ -4,6 +4,7 @@ module Packages
|
||||||
module Debian
|
module Debian
|
||||||
class GenerateDistributionService
|
class GenerateDistributionService
|
||||||
include Gitlab::Utils::StrongMemoize
|
include Gitlab::Utils::StrongMemoize
|
||||||
|
include ::Packages::FIPS
|
||||||
include ExclusiveLeaseGuard
|
include ExclusiveLeaseGuard
|
||||||
|
|
||||||
ONE_HOUR = 1.hour.freeze
|
ONE_HOUR = 1.hour.freeze
|
||||||
|
@ -70,6 +71,8 @@ module Packages
|
||||||
end
|
end
|
||||||
|
|
||||||
def execute
|
def execute
|
||||||
|
raise DisabledError, 'Debian registry is not FIPS compliant' if Gitlab::FIPS.enabled?
|
||||||
|
|
||||||
try_obtain_lease do
|
try_obtain_lease do
|
||||||
@distribution.transaction do
|
@distribution.transaction do
|
||||||
# We consider `apt-get update` can take at most one hour
|
# We consider `apt-get update` can take at most one hour
|
||||||
|
|
|
@ -4,6 +4,7 @@ module Packages
|
||||||
module Debian
|
module Debian
|
||||||
class GenerateDistributionWorker
|
class GenerateDistributionWorker
|
||||||
include ApplicationWorker
|
include ApplicationWorker
|
||||||
|
include ::Packages::FIPS
|
||||||
|
|
||||||
data_consistency :always
|
data_consistency :always
|
||||||
include Gitlab::Utils::StrongMemoize
|
include Gitlab::Utils::StrongMemoize
|
||||||
|
@ -20,6 +21,8 @@ module Packages
|
||||||
loggable_arguments 0
|
loggable_arguments 0
|
||||||
|
|
||||||
def perform(container_type, distribution_id)
|
def perform(container_type, distribution_id)
|
||||||
|
raise DisabledError, 'Debian registry is not FIPS compliant' if Gitlab::FIPS.enabled?
|
||||||
|
|
||||||
@container_type = container_type
|
@container_type = container_type
|
||||||
@distribution_id = distribution_id
|
@distribution_id = distribution_id
|
||||||
|
|
||||||
|
|
|
@ -4,6 +4,7 @@ module Packages
|
||||||
module Debian
|
module Debian
|
||||||
class ProcessChangesWorker
|
class ProcessChangesWorker
|
||||||
include ApplicationWorker
|
include ApplicationWorker
|
||||||
|
include ::Packages::FIPS
|
||||||
|
|
||||||
data_consistency :always
|
data_consistency :always
|
||||||
include Gitlab::Utils::StrongMemoize
|
include Gitlab::Utils::StrongMemoize
|
||||||
|
@ -15,6 +16,8 @@ module Packages
|
||||||
feature_category :package_registry
|
feature_category :package_registry
|
||||||
|
|
||||||
def perform(package_file_id, user_id)
|
def perform(package_file_id, user_id)
|
||||||
|
raise DisabledError, 'Debian registry is not FIPS compliant' if Gitlab::FIPS.enabled?
|
||||||
|
|
||||||
@package_file_id = package_file_id
|
@package_file_id = package_file_id
|
||||||
@user_id = user_id
|
@user_id = user_id
|
||||||
|
|
||||||
|
@ -22,6 +25,8 @@ module Packages
|
||||||
|
|
||||||
::Packages::Debian::ProcessChangesService.new(package_file, user).execute
|
::Packages::Debian::ProcessChangesService.new(package_file, user).execute
|
||||||
rescue StandardError => e
|
rescue StandardError => e
|
||||||
|
raise if e.instance_of?(DisabledError)
|
||||||
|
|
||||||
Gitlab::ErrorTracking.log_exception(e, package_file_id: @package_file_id, user_id: @user_id)
|
Gitlab::ErrorTracking.log_exception(e, package_file_id: @package_file_id, user_id: @user_id)
|
||||||
package_file.destroy!
|
package_file.destroy!
|
||||||
end
|
end
|
||||||
|
|
|
@ -138,8 +138,8 @@ The following metrics are available:
|
||||||
| `pipeline_graph_links_per_job_ratio` | Histogram | 13.9 | Ratio of links to job per graph | |
|
| `pipeline_graph_links_per_job_ratio` | Histogram | 13.9 | Ratio of links to job per graph | |
|
||||||
| `gitlab_ci_pipeline_security_orchestration_policy_processing_duration_seconds` | Histogram | 13.12 | Time in seconds it takes to process Security Policies in CI/CD pipeline | |
|
| `gitlab_ci_pipeline_security_orchestration_policy_processing_duration_seconds` | Histogram | 13.12 | Time in seconds it takes to process Security Policies in CI/CD pipeline | |
|
||||||
| `gitlab_spamcheck_request_duration_seconds` | Histogram | 13.12 | The duration for requests between Rails and the anti-spam engine | |
|
| `gitlab_spamcheck_request_duration_seconds` | Histogram | 13.12 | The duration for requests between Rails and the anti-spam engine | |
|
||||||
| `service_desk_thank_you_email` | Counter | 14.0 | Total number of email responses to new service desk emails | |
|
| `service_desk_thank_you_email` | Counter | 14.0 | Total number of email responses to new Service Desk emails | |
|
||||||
| `service_desk_new_note_email` | Counter | 14.0 | Total number of email notifications on new service desk comment | |
|
| `service_desk_new_note_email` | Counter | 14.0 | Total number of email notifications on new Service Desk comment | |
|
||||||
| `email_receiver_error` | Counter | 14.1 | Total number of errors when processing incoming emails | |
|
| `email_receiver_error` | Counter | 14.1 | Total number of errors when processing incoming emails | |
|
||||||
| `gitlab_snowplow_events_total` | Counter | 14.1 | Total number of GitLab Snowplow product intelligence events emitted | |
|
| `gitlab_snowplow_events_total` | Counter | 14.1 | Total number of GitLab Snowplow product intelligence events emitted | |
|
||||||
| `gitlab_snowplow_failed_events_total` | Counter | 14.1 | Total number of GitLab Snowplow product intelligence events emission failures | |
|
| `gitlab_snowplow_failed_events_total` | Counter | 14.1 | Total number of GitLab Snowplow product intelligence events emission failures | |
|
||||||
|
|
|
@ -927,9 +927,9 @@ these controls should migrate to the GitLab interface.
|
||||||
|
|
||||||
Users who have the [Maintainer role](../../user/permissions.md) for the project can
|
Users who have the [Maintainer role](../../user/permissions.md) for the project can
|
||||||
[delete Container Registry tags in bulk](../../api/container_registry.md#delete-registry-repository-tags-in-bulk)
|
[delete Container Registry tags in bulk](../../api/container_registry.md#delete-registry-repository-tags-in-bulk)
|
||||||
periodically based on their own criteria, however, this alone does not recycle data,
|
periodically based on their own criteria. However, deleting the tags alone does not recycle data,
|
||||||
it only unlinks tags from manifests and image blobs. To recycle the Container
|
it only unlinks tags from manifests and image blobs. To recycle the Container
|
||||||
Registry data in the whole GitLab instance, you can use the built-in command
|
Registry data in the whole GitLab instance, you can use the built-in garbage collection command
|
||||||
provided by `gitlab-ctl`.
|
provided by `gitlab-ctl`.
|
||||||
|
|
||||||
Prerequisites:
|
Prerequisites:
|
||||||
|
|
|
@ -21,6 +21,10 @@ for production use due to limited functionality.
|
||||||
For instructions on how to upload and install Debian packages from the GitLab
|
For instructions on how to upload and install Debian packages from the GitLab
|
||||||
package registry, see the [Debian registry documentation](../../user/packages/debian_repository/index.md).
|
package registry, see the [Debian registry documentation](../../user/packages/debian_repository/index.md).
|
||||||
|
|
||||||
|
NOTE:
|
||||||
|
The Debian registry is not FIPS compliant and is disabled when [FIPS mode](../../development/fips_compliance.md) is enabled.
|
||||||
|
These endpoints will all return `404 Not Found`.
|
||||||
|
|
||||||
NOTE:
|
NOTE:
|
||||||
These endpoints do not adhere to the standard API authentication methods.
|
These endpoints do not adhere to the standard API authentication methods.
|
||||||
See the [Debian registry documentation](../../user/packages/debian_repository/index.md)
|
See the [Debian registry documentation](../../user/packages/debian_repository/index.md)
|
||||||
|
|
|
@ -18,6 +18,10 @@ This API is under development and is not meant for production use.
|
||||||
For more information about working with Debian packages, see the
|
For more information about working with Debian packages, see the
|
||||||
[Debian package registry documentation](../../user/packages/debian_repository/index.md).
|
[Debian package registry documentation](../../user/packages/debian_repository/index.md).
|
||||||
|
|
||||||
|
NOTE:
|
||||||
|
The Debian registry is not FIPS compliant and is disabled when [FIPS mode](../../development/fips_compliance.md) is enabled.
|
||||||
|
These endpoints will all return `404 Not Found`.
|
||||||
|
|
||||||
## Enable the Debian group API
|
## Enable the Debian group API
|
||||||
|
|
||||||
Debian group repository support is still a work in progress. It's gated behind a feature flag that's
|
Debian group repository support is still a work in progress. It's gated behind a feature flag that's
|
||||||
|
|
|
@ -18,6 +18,10 @@ This API is under development and is not meant for production use.
|
||||||
For more information about working with Debian packages, see the
|
For more information about working with Debian packages, see the
|
||||||
[Debian package registry documentation](../../user/packages/debian_repository/index.md).
|
[Debian package registry documentation](../../user/packages/debian_repository/index.md).
|
||||||
|
|
||||||
|
NOTE:
|
||||||
|
The Debian registry is not FIPS compliant and is disabled when [FIPS mode](../../development/fips_compliance.md) is enabled.
|
||||||
|
These endpoints will all return `404 Not Found`.
|
||||||
|
|
||||||
## Enable the Debian API
|
## Enable the Debian API
|
||||||
|
|
||||||
The Debian API is behind a feature flag that is disabled by default.
|
The Debian API is behind a feature flag that is disabled by default.
|
||||||
|
|
|
@ -125,6 +125,12 @@ GitLab database. [Read more about this requirement, and troubleshooting](postgre
|
||||||
| `btree_gist` | 13.1 |
|
| `btree_gist` | 13.1 |
|
||||||
| `plpgsql` | 11.7 |
|
| `plpgsql` | 11.7 |
|
||||||
|
|
||||||
|
The following managed PostgreSQL services are known to be incompatible and should not be used:
|
||||||
|
|
||||||
|
| GitLab version | Managed service |
|
||||||
|
|----------------|-------------------------------------------------------|
|
||||||
|
| 14.4+ | Amazon Aurora (see [14.4.0](../update/index.md#1440)) |
|
||||||
|
|
||||||
NOTE:
|
NOTE:
|
||||||
Support for [PostgreSQL 9.6 and 10 was removed in GitLab 13.0](https://about.gitlab.com/releases/2020/05/22/gitlab-13-0-released/#postgresql-11-is-now-the-minimum-required-version-to-install-gitlab) so that GitLab can benefit from PostgreSQL 11 improvements, such as partitioning.
|
Support for [PostgreSQL 9.6 and 10 was removed in GitLab 13.0](https://about.gitlab.com/releases/2020/05/22/gitlab-13-0-released/#postgresql-11-is-now-the-minimum-required-version-to-install-gitlab) so that GitLab can benefit from PostgreSQL 11 improvements, such as partitioning.
|
||||||
|
|
||||||
|
|
|
@ -42,7 +42,7 @@ Features that are not available but we plan to support in the future:
|
||||||
- GitLab-managed runners
|
- GitLab-managed runners
|
||||||
- FortiAuthenticator/FortiToken 2FA
|
- FortiAuthenticator/FortiToken 2FA
|
||||||
- Reply-by email
|
- Reply-by email
|
||||||
- Service desk
|
- Service Desk
|
||||||
|
|
||||||
Features that we do not plan to offer at all:
|
Features that we do not plan to offer at all:
|
||||||
|
|
||||||
|
|
|
@ -703,6 +703,10 @@ or [init scripts](upgrading_from_source.md#configure-sysv-init-script) by [follo
|
||||||
as Sidekiq would continue using a bad connection. Geo and other features that rely on
|
as Sidekiq would continue using a bad connection. Geo and other features that rely on
|
||||||
cron jobs running regularly do not work until Sidekiq is restarted. We recommend
|
cron jobs running regularly do not work until Sidekiq is restarted. We recommend
|
||||||
upgrading to GitLab 14.4.3 and later if this issue affects you.
|
upgrading to GitLab 14.4.3 and later if this issue affects you.
|
||||||
|
- After enabling database load balancing by default in 14.4.0, we found an issue where
|
||||||
|
[Database load balancing does not work with an AWS Aurora cluster](https://gitlab.com/gitlab-org/gitlab/-/issues/220617).
|
||||||
|
We recommend moving your databases from Aurora to RDS for PostgreSQL before
|
||||||
|
upgrading. Refer to [Moving GitLab databases to a different PostgreSQL instance](../administration/postgresql/moving.md).
|
||||||
- GitLab 14.4.0 includes a
|
- GitLab 14.4.0 includes a
|
||||||
[background migration `PopulateTopicsTotalProjectsCountCache`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/71033)
|
[background migration `PopulateTopicsTotalProjectsCountCache`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/71033)
|
||||||
that may remain stuck permanently in a **pending** state when the instance lacks records that match the migration's target.
|
that may remain stuck permanently in a **pending** state when the instance lacks records that match the migration's target.
|
||||||
|
|
|
@ -15,6 +15,9 @@ The Debian package registry for GitLab is under development and isn't ready for
|
||||||
limited functionality. This [epic](https://gitlab.com/groups/gitlab-org/-/epics/6057) details the remaining
|
limited functionality. This [epic](https://gitlab.com/groups/gitlab-org/-/epics/6057) details the remaining
|
||||||
work and timelines to make it production ready.
|
work and timelines to make it production ready.
|
||||||
|
|
||||||
|
NOTE:
|
||||||
|
The Debian registry is not FIPS compliant and is disabled when [FIPS mode](../../../development/fips_compliance.md) is enabled.
|
||||||
|
|
||||||
Publish Debian packages in your project's Package Registry. Then install the
|
Publish Debian packages in your project's Package Registry. Then install the
|
||||||
packages whenever you need to use them as a dependency.
|
packages whenever you need to use them as a dependency.
|
||||||
|
|
||||||
|
|
|
@ -145,6 +145,9 @@ If you encounter an error with [Yarn](https://classic.yarnpkg.com/en/), view
|
||||||
|
|
||||||
#### Instance-level npm endpoint
|
#### Instance-level npm endpoint
|
||||||
|
|
||||||
|
NOTE:
|
||||||
|
Note: Using `CI_JOB_TOKEN` to install npm packages with dependencies in another project will give you 404 errors. You can use a [personal access token](../../profile/personal_access_tokens.md) as a workaround. [GitLab-#352962](https://gitlab.com/gitlab-org/gitlab/-/issues/352962) proposes a fix to this bug.
|
||||||
|
|
||||||
To use the [instance-level](#use-the-gitlab-endpoint-for-npm-packages) npm endpoint, set your npm configuration:
|
To use the [instance-level](#use-the-gitlab-endpoint-for-npm-packages) npm endpoint, set your npm configuration:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
|
|
|
@ -6,6 +6,10 @@ module API
|
||||||
project_id: %r{[0-9]+}.freeze
|
project_id: %r{[0-9]+}.freeze
|
||||||
).freeze
|
).freeze
|
||||||
|
|
||||||
|
before do
|
||||||
|
not_found! if Gitlab::FIPS.enabled?
|
||||||
|
end
|
||||||
|
|
||||||
resource :groups, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
|
resource :groups, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
|
||||||
helpers do
|
helpers do
|
||||||
def user_project
|
def user_project
|
||||||
|
|
|
@ -14,6 +14,10 @@ module API
|
||||||
file_name: API::NO_SLASH_URL_PART_REGEX
|
file_name: API::NO_SLASH_URL_PART_REGEX
|
||||||
}.freeze
|
}.freeze
|
||||||
|
|
||||||
|
before do
|
||||||
|
not_found! if Gitlab::FIPS.enabled?
|
||||||
|
end
|
||||||
|
|
||||||
resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
|
resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
|
||||||
helpers do
|
helpers do
|
||||||
def project_or_group
|
def project_or_group
|
||||||
|
|
|
@ -6,6 +6,10 @@ module API
|
||||||
requires :id, type: String, desc: 'The ID of a group'
|
requires :id, type: String, desc: 'The ID of a group'
|
||||||
end
|
end
|
||||||
|
|
||||||
|
before do
|
||||||
|
not_found! if Gitlab::FIPS.enabled?
|
||||||
|
end
|
||||||
|
|
||||||
resource :groups, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
|
resource :groups, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
|
||||||
after_validation do
|
after_validation do
|
||||||
require_packages_enabled!
|
require_packages_enabled!
|
||||||
|
|
|
@ -6,6 +6,10 @@ module API
|
||||||
requires :id, type: String, desc: 'The ID of a project'
|
requires :id, type: String, desc: 'The ID of a project'
|
||||||
end
|
end
|
||||||
|
|
||||||
|
before do
|
||||||
|
not_found! if Gitlab::FIPS.enabled?
|
||||||
|
end
|
||||||
|
|
||||||
resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
|
resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
|
||||||
after_validation do
|
after_validation do
|
||||||
require_packages_enabled!
|
require_packages_enabled!
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
ARG DOCKER_VERSION=20.10.14
|
ARG DOCKER_VERSION=20.10.14
|
||||||
ARG CHROME_VERSION=101
|
ARG CHROME_VERSION=101
|
||||||
|
ARG QA_BUILD_TARGET=qa
|
||||||
|
|
||||||
FROM registry.gitlab.com/gitlab-org/gitlab-build-images/debian-bullseye-ruby-2.7:bundler-2.3-git-2.33-lfs-2.9-chrome-${CHROME_VERSION}-docker-${DOCKER_VERSION}-gcloud-383-kubectl-1.23
|
FROM registry.gitlab.com/gitlab-org/gitlab-build-images/debian-bullseye-ruby-2.7:bundler-2.3-git-2.33-lfs-2.9-chrome-${CHROME_VERSION}-docker-${DOCKER_VERSION}-gcloud-383-kubectl-1.23 AS qa
|
||||||
LABEL maintainer="GitLab Quality Department <quality@gitlab.com>"
|
LABEL maintainer="GitLab Quality Department <quality@gitlab.com>"
|
||||||
|
|
||||||
ENV DEBIAN_FRONTEND="noninteractive"
|
ENV DEBIAN_FRONTEND="noninteractive"
|
||||||
|
@ -50,3 +51,11 @@ COPY ./INSTALLATION_TYPE ./VERSION /home/gitlab/
|
||||||
COPY ./qa /home/gitlab/qa
|
COPY ./qa /home/gitlab/qa
|
||||||
|
|
||||||
ENTRYPOINT ["bin/test"]
|
ENTRYPOINT ["bin/test"]
|
||||||
|
|
||||||
|
# Add JH files when pass the parameter: `--build-arg QA_BUILD_TARGET=jhqa`
|
||||||
|
FROM qa AS jhqa
|
||||||
|
ONBUILD COPY ./jh/qa /home/gitlab/jh/qa
|
||||||
|
ONBUILD COPY ./jh/lib /home/gitlab/jh/lib
|
||||||
|
ONBUILD COPY ./jh/config/feature_flags /home/gitlab/jh/config/feature_flags
|
||||||
|
|
||||||
|
FROM $QA_BUILD_TARGET
|
||||||
|
|
|
@ -0,0 +1,15 @@
|
||||||
|
# frozen_string_literal: true
|
||||||
|
|
||||||
|
require 'spec_helper'
|
||||||
|
|
||||||
|
RSpec.describe 'Google Analytics 4 content security policy' do
|
||||||
|
it 'includes the GA4 content security policy headers' do
|
||||||
|
visit root_path
|
||||||
|
|
||||||
|
expect(response_headers['Content-Security-Policy']).to include(
|
||||||
|
'*.googletagmanager.com',
|
||||||
|
'*.google-analytics.com',
|
||||||
|
'*.analytics.google.com'
|
||||||
|
)
|
||||||
|
end
|
||||||
|
end
|
|
@ -51,9 +51,9 @@ describe('content_editor/components/bubble_menus/formatting', () => {
|
||||||
${'italic'} | ${{ contentType: 'italic', iconName: 'italic', label: 'Italic text', editorCommand: 'toggleItalic' }}
|
${'italic'} | ${{ contentType: 'italic', iconName: 'italic', label: 'Italic text', editorCommand: 'toggleItalic' }}
|
||||||
${'strike'} | ${{ contentType: 'strike', iconName: 'strikethrough', label: 'Strikethrough', editorCommand: 'toggleStrike' }}
|
${'strike'} | ${{ contentType: 'strike', iconName: 'strikethrough', label: 'Strikethrough', editorCommand: 'toggleStrike' }}
|
||||||
${'code'} | ${{ contentType: 'code', iconName: 'code', label: 'Code', editorCommand: 'toggleCode' }}
|
${'code'} | ${{ contentType: 'code', iconName: 'code', label: 'Code', editorCommand: 'toggleCode' }}
|
||||||
${'link'} | ${{ contentType: 'link', iconName: 'link', label: 'Insert link', editorCommand: 'toggleLink', editorCommandParams: { href: '' } }}
|
|
||||||
${'superscript'} | ${{ contentType: 'superscript', iconName: 'superscript', label: 'Superscript', editorCommand: 'toggleSuperscript' }}
|
${'superscript'} | ${{ contentType: 'superscript', iconName: 'superscript', label: 'Superscript', editorCommand: 'toggleSuperscript' }}
|
||||||
${'subscript'} | ${{ contentType: 'subscript', iconName: 'subscript', label: 'Subscript', editorCommand: 'toggleSubscript' }}
|
${'subscript'} | ${{ contentType: 'subscript', iconName: 'subscript', label: 'Subscript', editorCommand: 'toggleSubscript' }}
|
||||||
|
${'link'} | ${{ contentType: 'link', iconName: 'link', label: 'Insert link', editorCommand: 'toggleLink', editorCommandParams: { href: '' } }}
|
||||||
`('given a $testId toolbar control', ({ testId, controlProps }) => {
|
`('given a $testId toolbar control', ({ testId, controlProps }) => {
|
||||||
beforeEach(() => {
|
beforeEach(() => {
|
||||||
buildWrapper();
|
buildWrapper();
|
||||||
|
|
|
@ -31,6 +31,13 @@ RSpec.describe Packages::Debian::FileEntry, type: :model do
|
||||||
describe 'validations' do
|
describe 'validations' do
|
||||||
it { is_expected.to be_valid }
|
it { is_expected.to be_valid }
|
||||||
|
|
||||||
|
context 'with FIPS mode', :fips_mode do
|
||||||
|
it 'raises an error' do
|
||||||
|
expect { subject.validate! }
|
||||||
|
.to raise_error(::Packages::FIPS::DisabledError, 'Debian registry is not FIPS compliant')
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
describe '#filename' do
|
describe '#filename' do
|
||||||
it { is_expected.to validate_presence_of(:filename) }
|
it { is_expected.to validate_presence_of(:filename) }
|
||||||
it { is_expected.not_to allow_value('Hé').for(:filename) }
|
it { is_expected.not_to allow_value('Hé').for(:filename) }
|
||||||
|
|
|
@ -102,5 +102,13 @@ RSpec.describe Packages::Debian::CreatePackageFileService do
|
||||||
expect { subject.execute }.to raise_error(ActiveRecord::RecordInvalid)
|
expect { subject.execute }.to raise_error(ActiveRecord::RecordInvalid)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'FIPS mode enabled', :fips_mode do
|
||||||
|
let(:file) { nil }
|
||||||
|
|
||||||
|
it 'raises an error' do
|
||||||
|
expect { subject.execute }.to raise_error(::Packages::FIPS::DisabledError)
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -13,6 +13,12 @@ RSpec.describe Packages::Debian::ExtractChangesMetadataService do
|
||||||
|
|
||||||
subject { service.execute }
|
subject { service.execute }
|
||||||
|
|
||||||
|
context 'with FIPS mode enabled', :fips_mode do
|
||||||
|
it 'raises an error' do
|
||||||
|
expect { subject }.to raise_error(::Packages::FIPS::DisabledError)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
context 'with valid package file' do
|
context 'with valid package file' do
|
||||||
it 'extract metadata', :aggregate_failures do
|
it 'extract metadata', :aggregate_failures do
|
||||||
expected_fields = { 'Architecture' => 'source amd64', 'Binary' => 'libsample0 sample-dev sample-udeb' }
|
expected_fields = { 'Architecture' => 'source amd64', 'Binary' => 'libsample0 sample-dev sample-udeb' }
|
||||||
|
|
|
@ -15,6 +15,12 @@ RSpec.describe Packages::Debian::GenerateDistributionService do
|
||||||
context "for #{container_type}" do
|
context "for #{container_type}" do
|
||||||
include_context 'with Debian distribution', container_type
|
include_context 'with Debian distribution', container_type
|
||||||
|
|
||||||
|
context 'with FIPS mode enabled', :fips_mode do
|
||||||
|
it 'raises an error' do
|
||||||
|
expect { subject }.to raise_error(::Packages::FIPS::DisabledError)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
it_behaves_like 'Generate Debian Distribution and component files'
|
it_behaves_like 'Generate Debian Distribution and component files'
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -15,3 +15,9 @@ RSpec.shared_examples 'rejects Debian access with unknown container id' do |anon
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
RSpec.shared_examples 'Debian API FIPS mode' do
|
||||||
|
context 'when FIPS mode is enabled', :fips_mode do
|
||||||
|
it_behaves_like 'returning response status', :not_found
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
|
@ -3,6 +3,8 @@
|
||||||
RSpec.shared_examples 'Debian distributions GET request' do |status, body = nil|
|
RSpec.shared_examples 'Debian distributions GET request' do |status, body = nil|
|
||||||
and_body = body.nil? ? '' : ' and expected body'
|
and_body = body.nil? ? '' : ' and expected body'
|
||||||
|
|
||||||
|
it_behaves_like 'Debian API FIPS mode'
|
||||||
|
|
||||||
it "returns #{status}#{and_body}" do
|
it "returns #{status}#{and_body}" do
|
||||||
subject
|
subject
|
||||||
|
|
||||||
|
@ -17,6 +19,8 @@ end
|
||||||
RSpec.shared_examples 'Debian distributions PUT request' do |status, body|
|
RSpec.shared_examples 'Debian distributions PUT request' do |status, body|
|
||||||
and_body = body.nil? ? '' : ' and expected body'
|
and_body = body.nil? ? '' : ' and expected body'
|
||||||
|
|
||||||
|
it_behaves_like 'Debian API FIPS mode'
|
||||||
|
|
||||||
if status == :success
|
if status == :success
|
||||||
it 'updates distribution', :aggregate_failures do
|
it 'updates distribution', :aggregate_failures do
|
||||||
expect(::Packages::Debian::UpdateDistributionService).to receive(:new).with(distribution, api_params.except(:codename)).and_call_original
|
expect(::Packages::Debian::UpdateDistributionService).to receive(:new).with(distribution, api_params.except(:codename)).and_call_original
|
||||||
|
@ -49,6 +53,8 @@ end
|
||||||
RSpec.shared_examples 'Debian distributions DELETE request' do |status, body|
|
RSpec.shared_examples 'Debian distributions DELETE request' do |status, body|
|
||||||
and_body = body.nil? ? '' : ' and expected body'
|
and_body = body.nil? ? '' : ' and expected body'
|
||||||
|
|
||||||
|
it_behaves_like 'Debian API FIPS mode'
|
||||||
|
|
||||||
if status == :success
|
if status == :success
|
||||||
it 'updates distribution', :aggregate_failures do
|
it 'updates distribution', :aggregate_failures do
|
||||||
expect { subject }
|
expect { subject }
|
||||||
|
|
|
@ -3,6 +3,8 @@
|
||||||
RSpec.shared_examples 'Debian packages GET request' do |status, body = nil|
|
RSpec.shared_examples 'Debian packages GET request' do |status, body = nil|
|
||||||
and_body = body.nil? ? '' : ' and expected body'
|
and_body = body.nil? ? '' : ' and expected body'
|
||||||
|
|
||||||
|
it_behaves_like 'Debian API FIPS mode'
|
||||||
|
|
||||||
it "returns #{status}#{and_body}" do
|
it "returns #{status}#{and_body}" do
|
||||||
subject
|
subject
|
||||||
|
|
||||||
|
@ -17,6 +19,8 @@ end
|
||||||
RSpec.shared_examples 'Debian packages upload request' do |status, body = nil|
|
RSpec.shared_examples 'Debian packages upload request' do |status, body = nil|
|
||||||
and_body = body.nil? ? '' : ' and expected body'
|
and_body = body.nil? ? '' : ' and expected body'
|
||||||
|
|
||||||
|
it_behaves_like 'Debian API FIPS mode'
|
||||||
|
|
||||||
if status == :created
|
if status == :created
|
||||||
it 'creates package files', :aggregate_failures do
|
it 'creates package files', :aggregate_failures do
|
||||||
expect(::Packages::Debian::FindOrCreateIncomingService).to receive(:new).with(container, user).and_call_original
|
expect(::Packages::Debian::FindOrCreateIncomingService).to receive(:new).with(container, user).and_call_original
|
||||||
|
|
|
@ -18,6 +18,12 @@ RSpec.describe Packages::Debian::GenerateDistributionWorker, type: :worker do
|
||||||
context "for #{container_type}" do
|
context "for #{container_type}" do
|
||||||
include_context 'with Debian distribution', container_type
|
include_context 'with Debian distribution', container_type
|
||||||
|
|
||||||
|
context 'with FIPS mode enabled', :fips_mode do
|
||||||
|
it 'raises an error' do
|
||||||
|
expect { subject }.to raise_error(::Packages::FIPS::DisabledError)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
context 'with mocked service' do
|
context 'with mocked service' do
|
||||||
it 'calls GenerateDistributionService' do
|
it 'calls GenerateDistributionService' do
|
||||||
expect(Gitlab::ErrorTracking).not_to receive(:log_exception)
|
expect(Gitlab::ErrorTracking).not_to receive(:log_exception)
|
||||||
|
|
|
@ -16,6 +16,12 @@ RSpec.describe Packages::Debian::ProcessChangesWorker, type: :worker do
|
||||||
|
|
||||||
subject { worker.perform(package_file_id, user_id) }
|
subject { worker.perform(package_file_id, user_id) }
|
||||||
|
|
||||||
|
context 'with FIPS mode enabled', :fips_mode do
|
||||||
|
it 'raises an error' do
|
||||||
|
expect { subject }.to raise_error(::Packages::FIPS::DisabledError)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
context 'with mocked service' do
|
context 'with mocked service' do
|
||||||
it 'calls ProcessChangesService' do
|
it 'calls ProcessChangesService' do
|
||||||
expect(Gitlab::ErrorTracking).not_to receive(:log_exception)
|
expect(Gitlab::ErrorTracking).not_to receive(:log_exception)
|
||||||
|
|
Binary file not shown.
Loading…
Reference in New Issue