Add latest changes from gitlab-org/gitlab@master

2021-02-16 03:08:54 +00:00 · 2021-02-16 03:08:54 +00:00 · 4a6e201d83
parent bc872593ce
commit 4a6e201d83
7 changed files with 11 additions and 92 deletions
--- a/changelogs/unreleased/remove-ci-custom-tags-ff-300155.yml
+++ b/changelogs/unreleased/remove-ci-custom-tags-ff-300155.yml
@ -0,0 +1,5 @@
+---
+title: Add '!reference' YAML tag to help merge CI configurations
+merge_request: 54198
+author:
+type: added
--- a/config/feature_flags/development/ci_custom_yaml_tags.yml
+++ b/config/feature_flags/development/ci_custom_yaml_tags.yml
@ -1,8 +0,0 @@
---
-name: ci_custom_yaml_tags
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/52104
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/300155
-milestone: '13.9'
-type: development
-group: group::pipeline authoring
-default_enabled: false
--- a/doc/administration/geo/disaster_recovery/planned_failover.md
+++ b/doc/administration/geo/disaster_recovery/planned_failover.md
@ -144,41 +144,10 @@ will take to finish syncing. An example message would be:

 ## Prevent updates to the **primary** node

-Until a [read-only mode](https://gitlab.com/gitlab-org/gitlab/-/issues/14609) is implemented, updates must be prevented
-from happening manually. Note that your **secondary** node still needs read-only
-access to the **primary** node during the maintenance window.
+To ensure that all data is replicated to a secondary site, updates (write requests) need to
+be disabled on the primary site:

-1. At the scheduled time, using your cloud provider or your node's firewall, block
-   all HTTP, HTTPS and SSH traffic to/from the **primary** node, **except** for your IP and
-   the **secondary** node's IP.
-
-   For instance, you might run the following commands on the server(s) making up your **primary** node:
-
-   ```shell
-   sudo iptables -A INPUT -p tcp -s <secondary_node_ip> --destination-port 22 -j ACCEPT
-   sudo iptables -A INPUT -p tcp -s <your_ip> --destination-port 22 -j ACCEPT
-   sudo iptables -A INPUT --destination-port 22 -j REJECT
-
-   sudo iptables -A INPUT -p tcp -s <secondary_node_ip> --destination-port 80 -j ACCEPT
-   sudo iptables -A INPUT -p tcp -s <your_ip> --destination-port 80 -j ACCEPT
-   sudo iptables -A INPUT --tcp-dport 80 -j REJECT
-
-   sudo iptables -A INPUT -p tcp -s <secondary_node_ip> --destination-port 443 -j ACCEPT
-   sudo iptables -A INPUT -p tcp -s <your_ip> --destination-port 443 -j ACCEPT
-   sudo iptables -A INPUT --tcp-dport 443 -j REJECT
-   ```
-
-   From this point, users will be unable to view their data or make changes on the
-   **primary** node. They will also be unable to log in to the **secondary** node.
-   However, existing sessions will work for the remainder of the maintenance period, and
-   public data will be accessible throughout.
-
-1. Verify the **primary** node is blocked to HTTP traffic by visiting it in browser via
-   another IP. The server should refuse connection.
-
-1. Verify the **primary** node is blocked to Git over SSH traffic by attempting to pull an
-   existing Git repository with an SSH remote URL. The server should refuse
-   connection.
+1. Enable [maintenance mode](../../maintenance_mode/index.md).

 1. Disable non-Geo periodic background jobs on the **primary** node by navigating
   to **Admin Area > Monitoring > Background Jobs > Cron**, pressing `Disable All`,
--- a/doc/ci/yaml/README.md
+++ b/doc/ci/yaml/README.md
@ -4600,13 +4600,6 @@ into templates.
 ### `!reference` tags

 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/266173) in GitLab 13.9.
-> - It's [deployed behind a feature flag](../../user/feature_flags.md), disabled by default.
-> - It's disabled on GitLab.com.
-> - It's not recommended for production use.
-> - To use it in GitLab self-managed instances, ask a GitLab administrator to [enable it](#enable-or-disable-reference-tags). **(FREE SELF)**
-
-WARNING:
-This feature might not be available to you. Check the **version history** note above for details.

 Use the `!reference` custom YAML tag to select keyword configuration from other job
 sections and reuse it in the current section. Unlike [YAML anchors](#anchors), you can
@ -4666,25 +4659,6 @@ test-vars-2:
 You can't reuse a section that already includes a `!reference` tag. Only one level
 of nesting is supported.

-#### Enable or disable `!reference` tags **(FREE SELF)**
-
-The `!reference` tag is under development and not ready for production use. It is
-deployed behind a feature flag that is **disabled by default**.
-[GitLab administrators with access to the GitLab Rails console](../../administration/feature_flags.md)
-can enable it.
-
-To enable it:
-
-```ruby
-Feature.enable(:ci_custom_yaml_tags)
-```
-
-To disable it:
-
-```ruby
-Feature.disable(:ci_custom_yaml_tags)
-```
-
 ## Skip Pipeline

 To push a commit without triggering a pipeline, add `[ci skip]` or `[skip ci]`, using any
--- a/lib/gitlab/ci/config.rb
+++ b/lib/gitlab/ci/config.rb
@ -90,15 +90,7 @@ module Gitlab
      end

      def build_config(config)
-        if ::Feature.enabled?(:ci_custom_yaml_tags, @context.project, default_enabled: :yaml)
-          build_config_with_custom_tags(config)
-        else
-          build_config_without_custom_tags(config)
-        end
-      end
-
-      def build_config_with_custom_tags(config)
-        initial_config = Config::Yaml.load!(config, project: @context.project)
+        initial_config = Config::Yaml.load!(config)
        initial_config = Config::External::Processor.new(initial_config, @context).perform
        initial_config = Config::Extendable.new(initial_config).to_hash
        initial_config = Config::Yaml::Tags::Resolver.new(initial_config).to_hash
@ -107,15 +99,6 @@ module Gitlab
        initial_config
      end

-      def build_config_without_custom_tags(config)
-        initial_config = Gitlab::Config::Loader::Yaml.new(config).load!
-        initial_config = Config::External::Processor.new(initial_config, @context).perform
-        initial_config = Config::Extendable.new(initial_config).to_hash
-        initial_config = Config::EdgeStagesInjector.new(initial_config).to_hash
-
-        initial_config
-      end
-
      def build_context(project:, sha:, user:, parent_pipeline:)
        Config::External::Context.new(
          project: project,
--- a/lib/gitlab/ci/config/external/file/base.rb
+++ b/lib/gitlab/ci/config/external/file/base.rb
@ -60,11 +60,7 @@ module Gitlab

            def content_hash
              strong_memoize(:content_yaml) do
-                if ::Feature.enabled?(:ci_custom_yaml_tags, context.project, default_enabled: :yaml)
-                  ::Gitlab::Ci::Config::Yaml.load!(content)
-                else
-                  Gitlab::Config::Loader::Yaml.new(content).load!
-                end
+                ::Gitlab::Ci::Config::Yaml.load!(content)
              end
            rescue Gitlab::Config::Loader::FormatError
              nil
--- a/lib/gitlab/ci/config/yaml.rb
+++ b/lib/gitlab/ci/config/yaml.rb
@ -7,7 +7,7 @@ module Gitlab
        AVAILABLE_TAGS = [Config::Yaml::Tags::Reference].freeze

        class << self
-          def load!(content, project: nil)
+          def load!(content)
            ensure_custom_tags

            Gitlab::Config::Loader::Yaml.new(content, additional_permitted_classes: AVAILABLE_TAGS).load!