kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Add latest changes from gitlab-org/gitlab@master

Browse source
This commit is contained in:
GitLab Bot 2021-10-05 00:12:25 +00:00
parent 8c6c2136e8
commit 33a1d1835f
27 changed files with 333 additions and 191 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
app/assets/stylesheets/pages/issues.scss
View file

@ -1,3 +1,51 @@
.issue-token-link {
&[href] {
color: $blue-600;
}
&:hover,
&:focus {
outline: none;
text-decoration: none;
}
}
.issue-token-reference {
margin-right: 1px;
background-color: $gray-lighter;
transition: background $general-hover-transition-duration $general-hover-transition-curve, color $general-hover-transition-duration $general-hover-transition-curve;
.issue-token:hover &,
.issue-token-link:focus > & {
background-color: $gray-normal;
color: $blue-800;
text-decoration: none;
}
}
.issue-token-title {
background-color: $gray-normal;
transition: background $general-hover-transition-duration $general-hover-transition-curve;
.issue-token:hover &,
.issue-token-link:focus > & {
background-color: $border-gray-normal;
}
}
.issue-token-remove-button {
background-color: $gray-normal;
transition: background $general-hover-transition-duration $general-hover-transition-curve;
&:hover,
&:focus,
.issue-token:hover &,
.issue-token-link:focus + & {
background-color: $border-gray-normal;
outline: none;
}
}
.issue-realtime-pre-pulse {
opacity: 0;
}

2
app/controllers/profiles/two_factor_auths_controller.rb
View file

@ -231,8 +231,6 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
end
def ensure_verified_primary_email
return unless Feature.enabled?(:ensure_verified_primary_email_for_2fa, default_enabled: :yaml)
unless current_user.two_factor_enabled? || current_user.primary_email_verified?
redirect_to profile_emails_path, notice: s_('You need to verify your primary email first before enabling Two-Factor Authentication.')
end

26
app/services/ci/stuck_builds/drop_scheduled_service.rb Normal file
View file

@ -0,0 +1,26 @@
# frozen_string_literal: true
module Ci
module StuckBuilds
class DropScheduledService
include DropHelpers
BUILD_SCHEDULED_OUTDATED_TIMEOUT = 1.hour
def execute
Gitlab::AppLogger.info "#{self.class}: Cleaning scheduled, timed-out builds"
drop(scheduled_timed_out_builds, failure_reason: :stale_schedule)
end
private
def scheduled_timed_out_builds
Ci::Build.where(status: :scheduled).where( # rubocop: disable CodeReuse/ActiveRecord
'ci_builds.scheduled_at IS NOT NULL AND ci_builds.scheduled_at < ?',
BUILD_SCHEDULED_OUTDATED_TIMEOUT.ago
)
end
end
end
end

10
app/services/ci/stuck_builds/drop_service.rb
View file

@ -6,7 +6,6 @@ module Ci
include DropHelpers
BUILD_PENDING_OUTDATED_TIMEOUT = 1.day
BUILD_SCHEDULED_OUTDATED_TIMEOUT = 1.hour
BUILD_PENDING_STUCK_TIMEOUT = 1.hour
BUILD_LOOKBACK = 5.days
@ -18,8 +17,6 @@ module Ci
failure_reason: :stuck_or_timeout_failure
)
drop(scheduled_timed_out_builds, failure_reason: :stale_schedule)
drop_stuck(
pending_builds(BUILD_PENDING_STUCK_TIMEOUT.ago),
failure_reason: :stuck_or_timeout_failure
@ -40,13 +37,6 @@ module Ci
end
end
# rubocop: enable CodeReuse/ActiveRecord
def scheduled_timed_out_builds
Ci::Build.where(status: :scheduled).where( # rubocop: disable CodeReuse/ActiveRecord
'ci_builds.scheduled_at IS NOT NULL AND ci_builds.scheduled_at < ?',
BUILD_SCHEDULED_OUTDATED_TIMEOUT.ago
)
end
end
end
end

9
app/workers/all_queues.yml
View file

@ -237,6 +237,15 @@
:weight: 1
:idempotent: true
:tags: []
- :name: cronjob:ci_stuck_builds_drop_scheduled
:worker_name: Ci::StuckBuilds::DropScheduledWorker
:feature_category: :continuous_integration
:has_external_dependencies:
:urgency: :low
:resource_boundary: :unknown
:weight: 1
:idempotent: true
:tags: []
- :name: cronjob:container_expiration_policy
:worker_name: ContainerExpirationPolicyWorker
:feature_category: :container_registry

34
app/workers/ci/stuck_builds/drop_scheduled_worker.rb Normal file
View file

@ -0,0 +1,34 @@
# frozen_string_literal: true
module Ci
module StuckBuilds
class DropScheduledWorker
include ApplicationWorker
include ExclusiveLeaseGuard
idempotent!
# rubocop:disable Scalability/CronWorkerContext
# This is an instance-wide cleanup query, so there's no meaningful
# scope to consider this in the context of.
include CronjobQueue
# rubocop:enable Scalability/CronWorkerContext
data_consistency :always
feature_category :continuous_integration
def perform
try_obtain_lease do
Ci::StuckBuilds::DropScheduledService.new.execute
end
end
private
def lease_timeout
30.minutes
end
end
end
end

1
app/workers/stuck_ci_jobs_worker.rb
View file

@ -18,6 +18,7 @@ class StuckCiJobsWorker # rubocop:disable Scalability/IdempotentWorker
def perform
Ci::StuckBuilds::DropRunningWorker.perform_in(20.minutes)
Ci::StuckBuilds::DropScheduledWorker.perform_in(40.minutes)
return unless try_obtain_lease

8
config/feature_flags/development/ensure_verified_primary_email_for_2fa.yml
View file

@ -1,8 +0,0 @@
---
name: ensure_verified_primary_email_for_2fa
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/69593
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/340151
milestone: '14.3'
type: development
group: group::access
default_enabled: true

10
doc/administration/gitaly/index.md
View file

@ -21,11 +21,11 @@ storage and retrieval. Gitaly can be:
Gitaly implements a client-server architecture:
- A Gitaly server is any node that runs Gitaly itself.
- A Gitaly client is any node that runs a process that makes requests of the Gitaly server. These
include, but are not limited to:
- [GitLab Rails application](https://gitlab.com/gitlab-org/gitlab).
- [GitLab Shell](https://gitlab.com/gitlab-org/gitlab-shell).
- [GitLab Workhorse](https://gitlab.com/gitlab-org/gitlab-workhorse).
- A Gitaly client is any node that runs a process that makes requests of the Gitaly server. Gitaly clients are also known as _Gitaly consumers_ and include:
- [GitLab Rails application](https://gitlab.com/gitlab-org/gitlab)
- [GitLab Shell](https://gitlab.com/gitlab-org/gitlab-shell)
- [GitLab Workhorse](https://gitlab.com/gitlab-org/gitlab-workhorse)
- [GitLab Elasticsearch Indexer](https://gitlab.com/gitlab-org/gitlab-elasticsearch-indexer)
Gitaly manages only Git repository access for GitLab. Other types of GitLab data aren't accessed
using Gitaly.

85
doc/ci/yaml/index.md
View file

@ -3342,17 +3342,21 @@ to select a specific site profile and scanner profile.
> [Introduced](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/3515) in GitLab 11.5, you can control which failures to retry on.
Use `retry` to configure how many times a job is retried in
case of a failure.
Use `retry` to configure how many times a job is retried if it fails.
If not defined, defaults to `0` and jobs do not retry.
When a job fails, the job is processed again,
until the limit specified by the `retry` keyword is reached.
When a job fails, the job is processed up to two more times, until it succeeds or
reaches the maximum number of retries.
If `retry` is set to `2`, and a job succeeds in a second run (first retry), it is not retried.
The `retry` value must be a positive integer, from `0` to `2`
(two retries maximum, three runs in total).
By default, all failure types cause the job to be retried. Use [`retry:when`](#retrywhen)
to select which failures to retry on.
The following example retries all failure cases:
**Keyword type**: Job keyword. You can use it only as part of a job or in the
[`default:` section](#custom-default-keyword-values).
**Possible inputs**: `0` (default), `1`, or `2`.
**Example of `retry`**:
```yaml
test:
@ -3360,38 +3364,16 @@ test:
retry: 2
```
By default, a job is retried on all failure cases. To have better control
over which failures to retry, `retry` can be a hash with the following keys:
#### `retry:when`
- `max`: The maximum number of retries.
- `when`: The failure cases to retry.
Use `retry:when` with `retry:max` to retry jobs for only specific failure cases.
`retry:max` is the maximum number of retries, like [`retry`](#retry), and can be
`0`, `1`, or `2`.
To retry only runner system failures at maximum two times:
**Keyword type**: Job keyword. You can use it only as part of a job or in the
[`default:` section](#custom-default-keyword-values).
```yaml
test:
script: rspec
retry:
max: 2
when: runner_system_failure
```
If there is another failure, other than a runner system failure, the job
is not retried.
To retry on multiple failure cases, `when` can also be an array of failures:
```yaml
test:
script: rspec
retry:
max: 2
when:
- runner_system_failure
- stuck_or_timeout_failure
```
Possible values for `when` are:
**Possible inputs**: A single failure type, or an array of one or more failure types:
<!--
If you change any of the values below, make sure to update the `RETRY_WHEN_IN_DOCUMENTATION`
@ -3415,7 +3397,34 @@ Possible values for `when` are:
- `scheduler_failure`: Retry if the scheduler failed to assign the job to a runner.
- `data_integrity_failure`: Retry if there is a structural integrity problem detected.
You can specify the number of [retry attempts for certain stages of job execution](../runners/configure_runners.md#job-stages-attempts) using variables.
**Example of `retry:when`** (single failure type):
```yaml
test:
script: rspec
retry:
max: 2
when: runner_system_failure
```
If there is a failure other than a runner system failure, the job is not retried.
**Example of `retry:when`** (array of failure types):
```yaml
test:
script: rspec
retry:
max: 2
when:
- runner_system_failure
- stuck_or_timeout_failure
```
**Related topics**:
You can specify the number of [retry attempts for certain stages of job execution](../runners/configure_runners.md#job-stages-attempts)
using variables.
### `timeout`

30
doc/development/documentation/feature_flags.md
View file

@ -37,14 +37,14 @@ FLAG:
| If the feature is... | Use this text |
|--------------------------|---------------|
| Available | `On self-managed GitLab, by default this feature is available. To hide the feature, ask an administrator to [disable the <flag name> flag](<path to>/administration/feature_flags.md).` |
| Unavailable | `On self-managed GitLab, by default this feature is not available. To make it available, ask an administrator to [enable the <flag name> flag](<path to>/administration/feature_flags.md).` |
| Available, per-group | `On self-managed GitLab, by default this feature is available. To hide the feature per group, ask an administrator to [disable the <flag name> flag](<path to>/administration/feature_flags.md).` |
| Unavailable, per-group | `On self-managed GitLab, by default this feature is not available. To make it available per group, ask an administrator to [enable the <flag name> flag](<path to>/administration/feature_flags.md).` |
| Available, per-project | `On self-managed GitLab, by default this feature is available. To hide the feature per project or for your entire instance, ask an administrator to [disable the <flag name> flag](<path to>/administration/feature_flags.md).` |
| Unavailable, per-project | `On self-managed GitLab, by default this feature is not available. To make it available per project or for your entire instance, ask an administrator to [enable the <flag name> flag](<path to>/administration/feature_flags.md).` |
| Available, per-user | `On self-managed GitLab, by default this feature is available. To hide the feature per user, ask an administrator to [disable the <flag name> flag](<path to>/administration/feature_flags.md).` |
| Unavailable, per-user | `On self-managed GitLab, by default this feature is not available. To make it available per user, ask an administrator to [enable the <flag name> flag](<path to>/administration/feature_flags.md).` |
| Available | `On self-managed GitLab, by default this feature is available. To hide the feature, ask an administrator to [disable the feature flag](<path to>/administration/feature_flags.md) named <flag name>.` |
| Unavailable | `On self-managed GitLab, by default this feature is not available. To make it available, ask an administrator to [enable the feature flag](<path to>/administration/feature_flags.md) named <flag name>.` |
| Available, per-group | `On self-managed GitLab, by default this feature is available. To hide the feature per group, ask an administrator to [disable the feature flag](<path to>/administration/feature_flags.md) named <flag name>.` |
| Unavailable, per-group | `On self-managed GitLab, by default this feature is not available. To make it available per group, ask an administrator to [enable the feature flag](<path to>/administration/feature_flags.md) named <flag name>.` |
| Available, per-project | `On self-managed GitLab, by default this feature is available. To hide the feature per project or for your entire instance, ask an administrator to [disable the feature flag](<path to>/administration/feature_flags.md) named <flag name>.` |
| Unavailable, per-project | `On self-managed GitLab, by default this feature is not available. To make it available per project or for your entire instance, ask an administrator to [enable the feature flag](<path to>/administration/feature_flags.md) named <flag name>.` |
| Available, per-user | `On self-managed GitLab, by default this feature is available. To hide the feature per user, ask an administrator to [disable the feature flag](<path to>/administration/feature_flags.md) named <flag name>.` |
| Unavailable, per-user | `On self-managed GitLab, by default this feature is not available. To make it available per user, ask an administrator to [enable the feature flag](<path to>/administration/feature_flags.md) named <flag name>.` |
### GitLab.com availability information
@ -67,7 +67,7 @@ When the state of a flag changes (for example, disabled by default to enabled by
Possible version history entries are:
```markdown
> - [Introduced](issue-link) in GitLab X.X. [Deployed behind the <flag name> flag](../../administration/feature_flags.md), disabled by default.
> - [Introduced](issue-link) in GitLab X.X [with a flag](../../administration/feature_flags.md) named <flag name>. Disabled by default.
> - [Enabled on GitLab.com](issue-link) in GitLab X.X.
> - [Enabled on GitLab.com](issue-link) in GitLab X.X. Available to GitLab.com administrators only.
> - [Enabled on self-managed](issue-link) in GitLab X.X.
@ -80,31 +80,31 @@ Possible version history entries are:
The following examples show the progression of a feature flag.
```markdown
> Introduced in GitLab 13.7. [Deployed behind the `forti_token_cloud` flag](../../administration/feature_flags.md), disabled by default.
> Introduced in GitLab 13.7 [with a flag](../../administration/feature_flags.md) named `forti_token_cloud`. Disabled by default.
FLAG:
On self-managed GitLab, by default this feature is not available. To make it available,
ask an administrator to [enable the `forti_token_cloud` flag](../administration/feature_flags.md).`
ask an administrator to [enable the featured flag](../administration/feature_flags.md) named `forti_token_cloud`.
The feature is not ready for production use.
```
When the feature is enabled in production, you can update the version history:
```markdown
> - Introduced in GitLab 13.7. [Deployed behind the `forti_token_cloud` flag](../../administration/feature_flags.md), disabled by default.
> - Introduced in GitLab 13.7 [with a flag](../../administration/feature_flags.md) named `forti_token_cloud`. Disabled by default.
> - [Enabled on self-managed](https://gitlab.com/issue/etc) GitLab 13.8.
FLAG:
On self-managed GitLab, by default this feature is available. To hide the feature per user,
ask an administrator to [disable the `forti_token_cloud` flag](../administration/feature_flags.md).
ask an administrator to [disable the feature flag](../administration/feature_flags.md) named `forti_token_cloud`.
```
And, when the feature is done and fully available to all users:
```markdown
> - Introduced in GitLab 13.7. [Deployed behind the `forti_token_cloud` flag](../../administration/feature_flags.md), disabled by default.
> - Introduced in GitLab 13.7 [with a flag](../../administration/feature_flags.md) named `forti_token_cloud`. Disabled by default.
> - [Enabled on self-managed](https://gitlab.com/issue/etc) GitLab 13.8.
> - [Enabled on GitLab.com](https://gitlab.com/issue/etc) in GitLab 13.9.
> - [Feature flag `forti_token_cloud`](https://gitlab.com/issue/etc) removed in GitLab 14.0.
> - [Feature flag removed](https://gitlab.com/issue/etc) in GitLab 14.0.
> - [Generally available](issue-link) in GitLab 14.0.
```

4
doc/development/service_ping/implement.md
View file

@ -1031,9 +1031,9 @@ Example metrics persistence:
class UsageData
def count_secure_pipelines(time_period)
...
relation = ::Security::Scan.latest_successful_by_build.by_scan_types(scan_type).where(security_scans: time_period)
relation = ::Security::Scan.by_scan_types(scan_type).where(time_period)
pipelines_with_secure_jobs['dependency_scanning_pipeline'] = estimate_batch_distinct_count(relation, :commit_id, batch_size: 1000, start: start_id, finish: finish_id) do |result|
pipelines_with_secure_jobs['dependency_scanning_pipeline'] = estimate_batch_distinct_count(relation, :pipeline_id, batch_size: 1000, start: start_id, finish: finish_id) do |result|
::Gitlab::Usage::Metrics::Aggregates::Sources::PostgresHll
.save_aggregated_metrics(metric_name: 'dependency_scanning_pipeline', recorded_at_timestamp: recorded_at, time_period: time_period, data: result)
end

2
doc/index.md
View file

@ -40,7 +40,7 @@ Have a look at some of our most popular topics:
|:-------------------------------------------------------------------------------------------|:------------|
| [Two-factor authentication](user/profile/account/two_factor_authentication.md) | Improve the security of your GitLab account. |
| [GitLab groups](user/group/index.md) | Manage projects together. |
| [GitLab CI/CD pipeline configuration reference](ci/yaml/index.md) | Available configuration options for `.gitlab-ci.yml` files. |
| [Keyword reference for the `.gitlab-ci.yml` file](ci/yaml/index.md) | Available configuration options for `.gitlab-ci.yml` files. |
| [Activate GitLab EE with a license](user/admin_area/license.md) | Activate GitLab Enterprise Edition functionality with a license. |
| [Back up and restore GitLab](raketasks/backup_restore.md) | Rake tasks for backing up and restoring GitLab self-managed instances. |
| [GitLab release and maintenance policy](policy/maintenance.md) | Policies for version naming and cadence, and also upgrade recommendations. |

79
doc/user/application_security/cve_id_request.md
View file

@ -5,65 +5,64 @@ group: Threat Insights
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
---
# CVE ID Requests **(FREE SAAS)**
# CVE ID request **(FREE SAAS)**
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/41203) in GitLab 13.4, only for public projects on GitLab.com.
As part of [our role as a CVE Numbering Authority](https://about.gitlab.com/security/cve/)
([CNA](https://cve.mitre.org/cve/cna.html)), you may request
[CVE](https://cve.mitre.org/index.html) identifiers from GitLab to track
vulnerabilities found within your project.
A [CVE](https://cve.mitre.org/index.html) identifier is assigned to a publicly-disclosed software
vulnerability. GitLab is a [CVE Numbering Authority](https://about.gitlab.com/security/cve/)
([CNA](https://cve.mitre.org/cve/cna.html)). For any public project you can request
a CVE identifier (ID).
## Overview
Assigning a CVE ID to a vulnerability in your project helps your users stay secure and informed. For
example, [dependency scanning tools](../application_security/dependency_scanning/index.md) can
detect when vulnerable versions of your project are used as a dependency.
CVE identifiers track specific vulnerabilities within projects. Having a CVE assigned to a
vulnerability in your project helps your users stay secure and informed. For example,
[dependency scanning tools](../application_security/dependency_scanning/index.md)
can detect when vulnerable versions of your project are used as a dependency.
A common vulnerability workflow is:
## Conditions
1. Request a CVE for a vulnerability.
1. Reference the assigned CVE identifier in release notes.
1. Publish the vulnerability's details after the fix is released.
If the following conditions are met, a **Request CVE ID** button appears in your issue sidebar:
## Prerequisites
- The project is hosted in GitLab.com.
To [submit a CVE ID Request](#submit-a-cve-id-request) the following prerequisites must be met:
- The project is hosted on GitLab.com.
- The project is public.
- You are a maintainer of the project.
- The issue is [confidential](../project/issues/confidential_issues.md).
- The vulnerability's issue is [confidential](../project/issues/confidential_issues.md).
## Submitting a CVE ID Request
## Submit a CVE ID request
Clicking the **Request CVE ID** button in the issue sidebar takes you to the new issue page for
the [GitLab CVE project](https://gitlab.com/gitlab-org/cves).
To submit a CVE ID request:
![CVE ID request button](img/cve_id_request_button.png)
1. Go to the vulnerability's issue and select **Create CVE ID Request**. The new issue page of
the [GitLab CVE project](https://gitlab.com/gitlab-org/cves) opens.
Creating the [confidential issue](../project/issues/confidential_issues.md) starts the CVE request process.
![CVE ID request button](img/cve_id_request_button.png)
![New CVE ID request issue](img/new_cve_request_issue.png)
1. In the **Title** box, enter a brief description of the vulnerability.
You are required to fill in the issue description, which includes:
1. In the **Description** box, enter the following details:
- A description of the vulnerability
- The project's vendor and name
- Impacted versions
- Fixed versions
- The vulnerability type (a [CWE](https://cwe.mitre.org/data/index.html) identifier)
- A [CVSS v3 vector](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator)
- A detailed description of the vulnerability
- The project's vendor and name
- Impacted versions
- Fixed versions
- The vulnerability class (a [CWE](https://cwe.mitre.org/data/index.html) identifier)
- A [CVSS v3 vector](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator)
## CVE Assignment
![New CVE ID request issue](img/new_cve_request_issue.png)
GitLab triages your submitted CVE ID request and communicates with you throughout the CVE validation
and assignment process.
GitLab updates your CVE ID request issue when:
![CVE ID request communication](img/cve_request_communication.png)
- Your submission is assigned a CVE.
- Your CVE is published.
- MITRE is notified that your CVE is published.
- MITRE has added your CVE in the NVD feed.
Once a CVE identifier is assigned, you may use and reference it as you see fit.
## CVE assignment
Details of the vulnerability submitted in the CVE ID request are published according to your
schedule. It's common to request a CVE for an unpatched vulnerability, reference the assigned CVE
identifier in release notes, and later publish the vulnerability's details after the fix is
released.
Separate communications notify you when different stages of the publication process are complete.
![CVE ID request publication communication](img/cve_request_communication_publication.png)
After a CVE identifier is assigned, you can reference it as required. Details of the vulnerability
submitted in the CVE ID request are published according to your schedule.

BIN
doc/user/application_security/img/cve_request_communication.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 17 KiB

BIN
doc/user/application_security/img/cve_request_communication_publication.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 24 KiB

BIN
doc/user/application_security/img/new_cve_request_issue.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 36 KiB

After

Width:  |  Height:  |  Size: 59 KiB

2
doc/user/group/saml_sso/index.md
View file

@ -110,7 +110,7 @@ However, users are not prompted to sign in through SSO on each visit. GitLab che
has authenticated through SSO. If it's been more than 1 day since the last sign-in, GitLab
prompts the user to sign in again through SSO.
We intend to add a similar SSO requirement for [API activity](https://gitlab.com/gitlab-org/gitlab/-/issues/9152).
We intend to add a similar SSO requirement for [API activity](https://gitlab.com/gitlab-org/gitlab/-/issues/297389).
SSO has the following effects when enabled:

8
doc/user/profile/account/two_factor_authentication.md
View file

@ -35,7 +35,8 @@ still access your account if you lose your U2F / WebAuthn device.
## Enabling 2FA
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/35102) in GitLab 14.3, account email confirmation required.
> - Account email confirmation requirement [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/35102) in GitLab 14.3. [Deployed behind the `ensure_verified_primary_email_for_2fa` flag](../../../administration/feature_flags.md), enabled by default.
> - Account email confirmation requirement generally available and [feature flag `ensure_verified_primary_email_for_2fa` removed](https://gitlab.com/gitlab-org/gitlab/-/issues/340151) in GitLab 14.4.
There are multiple ways to enable two-factor authentication (2FA):
@ -44,11 +45,6 @@ There are multiple ways to enable two-factor authentication (2FA):
In GitLab 14.3 and later, your account email must be confirmed to enable two-factor authentication.
FLAG:
On self-managed GitLab, account email confirmation requirement is enabled. To disable this
restriction, ask an administrator to
[disable the `ensure_verified_primary_email_for_2fa` flag](../../../administration/feature_flags.md).
### One-time password
To enable 2FA:

11
doc/user/project/merge_requests/reviews/suggestions.md
View file

@ -33,9 +33,8 @@ which generates a commit in the merge request authored by the user that suggeste
![Apply suggestions](img/apply_suggestion_v13_9.png)
1. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/25381) in GitLab 13.9,
you can opt to add a custom commit message to describe your change. If you don't
specify it, the default commit message is used. It is not supported for [batch suggestions](#batch-suggestions).
1. Optionally specify a custom commit message for individual suggestions (GitLab 13.9 and later) to
describe your change. If you don't specify it, the default commit message is used.
![Custom commit](img/custom_commit_v13_9.png)
@ -118,6 +117,7 @@ introduced by [#25381](https://gitlab.com/gitlab-org/gitlab/-/issues/25381).
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/25486) in GitLab 13.1 as an [alpha feature](https://about.gitlab.com/handbook/product/gitlab-the-product/#alpha) behind a feature flag, disabled by default.
> - [Enabled by default](https://gitlab.com/gitlab-org/gitlab/-/issues/227799) in GitLab 13.2.
> - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/320755) in GitLab 13.11.
> - Custom commit messages for batch suggestions [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/326168) in GitLab 14.4.
You can apply multiple suggestions at once to reduce the number of commits added
to your branch to address your reviewers' requests.
@ -134,7 +134,10 @@ to your branch to address your reviewers' requests.
![A code change suggestion displayed, with the button to remove that suggestion from its batch highlighted.](img/remove_suggestion_from_batch_v13_1.jpg "Remove a suggestion from a batch")
1. Having added all the suggestions to your liking, when ready, select **Apply suggestions**:
1. Having added all the suggestions to your liking, when ready, select **Apply suggestions**. You
can optionally specify a custom commit message for [batch suggestions](#batch-suggestions)
(GitLab 14.4 and later) to describe your change. If you don't specify it, the default commit
message is used.
![A code change suggestion displayed, with the button to apply the batch of suggestions highlighted.](img/apply_batch_of_suggestions_v13_1.jpg "Apply a batch of suggestions")

6
spec/controllers/profiles/two_factor_auths_controller_spec.rb
View file

@ -27,12 +27,6 @@ RSpec.describe Profiles::TwoFactorAuthsController do
expect(flash[:notice])
.to eq _('You need to verify your primary email first before enabling Two-Factor Authentication.')
end
it 'does not redirect when the `ensure_verified_primary_email_for_2fa` feature flag is disabled' do
stub_feature_flags(ensure_verified_primary_email_for_2fa: false)
expect(response).not_to redirect_to(profile_emails_path)
end
end
shared_examples 'user must enter a valid current password' do

2
spec/services/ci/stuck_builds/drop_running_service_spec.rb
View file

@ -22,7 +22,7 @@ RSpec.describe Ci::StuckBuilds::DropRunningService do
let(:created_at) { outdated_time }
let(:updated_at) { outdated_time }
it_behaves_like 'job is dropped'
it_behaves_like 'job is dropped with failure reason', 'stuck_or_timeout_failure'
end
context 'when job is fresh' do

53
spec/services/ci/stuck_builds/drop_scheduled_service_spec.rb Normal file
View file

@ -0,0 +1,53 @@
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Ci::StuckBuilds::DropScheduledService do
let_it_be(:runner) { create :ci_runner }
let!(:job) { create :ci_build, :scheduled, scheduled_at: scheduled_at, runner: runner }
subject(:service) { described_class.new }
context 'when job is scheduled' do
context 'for more than an hour ago' do
let(:scheduled_at) { 2.hours.ago }
it_behaves_like 'job is dropped with failure reason', 'stale_schedule'
end
context 'for less than 1 hour ago' do
let(:scheduled_at) { 30.minutes.ago }
it_behaves_like 'job is unchanged'
end
end
%w(success skipped failed canceled running pending).each do |status|
context "when job is #{status}" do
before do
job.update!(status: status)
end
context 'and scheduled for more than an hour ago' do
let(:scheduled_at) { 2.hours.ago }
it_behaves_like 'job is unchanged'
end
context 'and scheduled for less than 1 hour ago' do
let(:scheduled_at) { 30.minutes.ago }
it_behaves_like 'job is unchanged'
end
end
end
context 'when there are no stale scheduled builds' do
let(:job) { }
it 'does not drop the stale scheduled build yet' do
expect { service.execute }.not_to raise_error
end
end
end

49
spec/services/ci/stuck_builds/drop_service_spec.rb
View file

@ -33,13 +33,13 @@ RSpec.describe Ci::StuckBuilds::DropService do
context 'when created_at is the same as updated_at' do
let(:created_at) { 1.5.days.ago }
it_behaves_like 'job is dropped'
it_behaves_like 'job is dropped with failure reason', 'stuck_or_timeout_failure'
end
context 'when created_at is before updated_at' do
let(:created_at) { 3.days.ago }
it_behaves_like 'job is dropped'
it_behaves_like 'job is dropped with failure reason', 'stuck_or_timeout_failure'
end
context 'when created_at is outside lookback window' do
@ -107,13 +107,13 @@ RSpec.describe Ci::StuckBuilds::DropService do
context 'when created_at is the same as updated_at' do
let(:created_at) { 1.5.hours.ago }
it_behaves_like 'job is dropped'
it_behaves_like 'job is dropped with failure reason', 'stuck_or_timeout_failure'
end
context 'when created_at is before updated_at' do
let(:created_at) { 3.days.ago }
it_behaves_like 'job is dropped'
it_behaves_like 'job is dropped with failure reason', 'stuck_or_timeout_failure'
end
context 'when created_at is outside lookback window' do
@ -198,45 +198,4 @@ RSpec.describe Ci::StuckBuilds::DropService do
it_behaves_like 'job is unchanged'
end
describe 'drop stale scheduled builds' do
let(:status) { 'scheduled' }
let(:updated_at) { }
context 'when scheduled at 2 hours ago but it is not executed yet' do
let!(:job) { create(:ci_build, :scheduled, scheduled_at: 2.hours.ago) }
it 'drops the stale scheduled build' do
expect(Ci::Build.scheduled.count).to eq(1)
expect(job).to be_scheduled
service.execute
job.reload
expect(Ci::Build.scheduled.count).to eq(0)
expect(job).to be_failed
expect(job).to be_stale_schedule
end
end
context 'when scheduled at 30 minutes ago but it is not executed yet' do
let!(:job) { create(:ci_build, :scheduled, scheduled_at: 30.minutes.ago) }
it 'does not drop the stale scheduled build yet' do
expect(Ci::Build.scheduled.count).to eq(1)
expect(job).to be_scheduled
service.execute
expect(Ci::Build.scheduled.count).to eq(1)
expect(job).to be_scheduled
end
end
context 'when there are no stale scheduled builds' do
it 'does not drop the stale scheduled build yet' do
expect { service.execute }.not_to raise_error
end
end
end
end

11
spec/support/shared_examples/ci/stuck_builds_shared_examples.rb
View file

@ -1,12 +1,12 @@
# frozen_string_literal: true
RSpec.shared_examples 'job is dropped' do
RSpec.shared_examples 'job is dropped with failure reason' do |failure_reason|
it 'changes status' do
service.execute
job.reload
expect(job).to be_failed
expect(job).to be_stuck_or_timeout_failure
expect(job.failure_reason).to eq(failure_reason)
end
context 'when job has data integrity problem' do
@ -23,16 +23,13 @@ RSpec.shared_examples 'job is dropped' do
job.reload
expect(job).to be_failed
expect(job).to be_data_integrity_failure
expect(job.failure_reason).to eq('data_integrity_failure')
end
end
end
RSpec.shared_examples 'job is unchanged' do
it 'does not change status' do
service.execute
job.reload
expect(job.status).to eq(status)
expect { service.execute }.not_to change(job, :status)
end
end

28
spec/workers/ci/stuck_builds/drop_scheduled_worker_spec.rb Normal file
View file

@ -0,0 +1,28 @@
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Ci::StuckBuilds::DropScheduledWorker do
include ExclusiveLeaseHelpers
let(:worker) { described_class.new }
let(:lease_uuid) { SecureRandom.uuid }
describe '#perform' do
subject { worker.perform }
it_behaves_like 'an idempotent worker'
it 'executes an instance of Ci::StuckBuilds::DropScheduledService with an exclusive lease' do
expect_to_obtain_exclusive_lease(worker.lease_key, lease_uuid)
expect_next_instance_of(Ci::StuckBuilds::DropScheduledService) do |service|
expect(service).to receive(:execute).exactly(:once)
end
expect_to_cancel_exclusive_lease(worker.lease_key, lease_uuid)
subject
end
end
end

6
spec/workers/stuck_ci_jobs_worker_spec.rb
View file

@ -22,6 +22,12 @@ RSpec.describe StuckCiJobsWorker do
worker.perform
end
it 'enqueues a Ci::StuckBuilds::DropScheduledWorker job' do
expect(Ci::StuckBuilds::DropScheduledWorker).to receive(:perform_in).with(40.minutes).exactly(:once)
worker.perform
end
it 'executes an instance of Ci::StuckBuilds::DropService' do
expect_next_instance_of(Ci::StuckBuilds::DropService) do |service|
expect(service).to receive(:execute).exactly(:once)