From 4a6e201d83ef80d9ad0ebabc5e5bfdec6726dfda Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Tue, 16 Feb 2021 03:08:54 +0000 Subject: [PATCH] Add latest changes from gitlab-org/gitlab@master --- .../remove-ci-custom-tags-ff-300155.yml | 5 +++ .../development/ci_custom_yaml_tags.yml | 8 ---- .../geo/disaster_recovery/planned_failover.md | 37 ++----------------- doc/ci/yaml/README.md | 26 ------------- lib/gitlab/ci/config.rb | 19 +--------- lib/gitlab/ci/config/external/file/base.rb | 6 +-- lib/gitlab/ci/config/yaml.rb | 2 +- 7 files changed, 11 insertions(+), 92 deletions(-) create mode 100644 changelogs/unreleased/remove-ci-custom-tags-ff-300155.yml delete mode 100644 config/feature_flags/development/ci_custom_yaml_tags.yml diff --git a/changelogs/unreleased/remove-ci-custom-tags-ff-300155.yml b/changelogs/unreleased/remove-ci-custom-tags-ff-300155.yml new file mode 100644 index 00000000000..ba5ac89a7ec --- /dev/null +++ b/changelogs/unreleased/remove-ci-custom-tags-ff-300155.yml @@ -0,0 +1,5 @@ +--- +title: Add '!reference' YAML tag to help merge CI configurations +merge_request: 54198 +author: +type: added diff --git a/config/feature_flags/development/ci_custom_yaml_tags.yml b/config/feature_flags/development/ci_custom_yaml_tags.yml deleted file mode 100644 index 37b7e17044d..00000000000 --- a/config/feature_flags/development/ci_custom_yaml_tags.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -name: ci_custom_yaml_tags -introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/52104 -rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/300155 -milestone: '13.9' -type: development -group: group::pipeline authoring -default_enabled: false diff --git a/doc/administration/geo/disaster_recovery/planned_failover.md b/doc/administration/geo/disaster_recovery/planned_failover.md index 1418ff77262..e64d0d4983e 100644 --- a/doc/administration/geo/disaster_recovery/planned_failover.md +++ b/doc/administration/geo/disaster_recovery/planned_failover.md @@ -144,41 +144,10 @@ will take to finish syncing. An example message would be: ## Prevent updates to the **primary** node -Until a [read-only mode](https://gitlab.com/gitlab-org/gitlab/-/issues/14609) is implemented, updates must be prevented -from happening manually. Note that your **secondary** node still needs read-only -access to the **primary** node during the maintenance window. +To ensure that all data is replicated to a secondary site, updates (write requests) need to +be disabled on the primary site: -1. At the scheduled time, using your cloud provider or your node's firewall, block - all HTTP, HTTPS and SSH traffic to/from the **primary** node, **except** for your IP and - the **secondary** node's IP. - - For instance, you might run the following commands on the server(s) making up your **primary** node: - - ```shell - sudo iptables -A INPUT -p tcp -s --destination-port 22 -j ACCEPT - sudo iptables -A INPUT -p tcp -s --destination-port 22 -j ACCEPT - sudo iptables -A INPUT --destination-port 22 -j REJECT - - sudo iptables -A INPUT -p tcp -s --destination-port 80 -j ACCEPT - sudo iptables -A INPUT -p tcp -s --destination-port 80 -j ACCEPT - sudo iptables -A INPUT --tcp-dport 80 -j REJECT - - sudo iptables -A INPUT -p tcp -s --destination-port 443 -j ACCEPT - sudo iptables -A INPUT -p tcp -s --destination-port 443 -j ACCEPT - sudo iptables -A INPUT --tcp-dport 443 -j REJECT - ``` - - From this point, users will be unable to view their data or make changes on the - **primary** node. They will also be unable to log in to the **secondary** node. - However, existing sessions will work for the remainder of the maintenance period, and - public data will be accessible throughout. - -1. Verify the **primary** node is blocked to HTTP traffic by visiting it in browser via - another IP. The server should refuse connection. - -1. Verify the **primary** node is blocked to Git over SSH traffic by attempting to pull an - existing Git repository with an SSH remote URL. The server should refuse - connection. +1. Enable [maintenance mode](../../maintenance_mode/index.md). 1. Disable non-Geo periodic background jobs on the **primary** node by navigating to **Admin Area > Monitoring > Background Jobs > Cron**, pressing `Disable All`, diff --git a/doc/ci/yaml/README.md b/doc/ci/yaml/README.md index 8e73d8a8d22..00f2847a815 100644 --- a/doc/ci/yaml/README.md +++ b/doc/ci/yaml/README.md @@ -4600,13 +4600,6 @@ into templates. ### `!reference` tags > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/266173) in GitLab 13.9. -> - It's [deployed behind a feature flag](../../user/feature_flags.md), disabled by default. -> - It's disabled on GitLab.com. -> - It's not recommended for production use. -> - To use it in GitLab self-managed instances, ask a GitLab administrator to [enable it](#enable-or-disable-reference-tags). **(FREE SELF)** - -WARNING: -This feature might not be available to you. Check the **version history** note above for details. Use the `!reference` custom YAML tag to select keyword configuration from other job sections and reuse it in the current section. Unlike [YAML anchors](#anchors), you can @@ -4666,25 +4659,6 @@ test-vars-2: You can't reuse a section that already includes a `!reference` tag. Only one level of nesting is supported. -#### Enable or disable `!reference` tags **(FREE SELF)** - -The `!reference` tag is under development and not ready for production use. It is -deployed behind a feature flag that is **disabled by default**. -[GitLab administrators with access to the GitLab Rails console](../../administration/feature_flags.md) -can enable it. - -To enable it: - -```ruby -Feature.enable(:ci_custom_yaml_tags) -``` - -To disable it: - -```ruby -Feature.disable(:ci_custom_yaml_tags) -``` - ## Skip Pipeline To push a commit without triggering a pipeline, add `[ci skip]` or `[skip ci]`, using any diff --git a/lib/gitlab/ci/config.rb b/lib/gitlab/ci/config.rb index 3ac1c70eac4..dbb48a81030 100644 --- a/lib/gitlab/ci/config.rb +++ b/lib/gitlab/ci/config.rb @@ -90,15 +90,7 @@ module Gitlab end def build_config(config) - if ::Feature.enabled?(:ci_custom_yaml_tags, @context.project, default_enabled: :yaml) - build_config_with_custom_tags(config) - else - build_config_without_custom_tags(config) - end - end - - def build_config_with_custom_tags(config) - initial_config = Config::Yaml.load!(config, project: @context.project) + initial_config = Config::Yaml.load!(config) initial_config = Config::External::Processor.new(initial_config, @context).perform initial_config = Config::Extendable.new(initial_config).to_hash initial_config = Config::Yaml::Tags::Resolver.new(initial_config).to_hash @@ -107,15 +99,6 @@ module Gitlab initial_config end - def build_config_without_custom_tags(config) - initial_config = Gitlab::Config::Loader::Yaml.new(config).load! - initial_config = Config::External::Processor.new(initial_config, @context).perform - initial_config = Config::Extendable.new(initial_config).to_hash - initial_config = Config::EdgeStagesInjector.new(initial_config).to_hash - - initial_config - end - def build_context(project:, sha:, user:, parent_pipeline:) Config::External::Context.new( project: project, diff --git a/lib/gitlab/ci/config/external/file/base.rb b/lib/gitlab/ci/config/external/file/base.rb index 0c6c4c84354..7d3fddd850d 100644 --- a/lib/gitlab/ci/config/external/file/base.rb +++ b/lib/gitlab/ci/config/external/file/base.rb @@ -60,11 +60,7 @@ module Gitlab def content_hash strong_memoize(:content_yaml) do - if ::Feature.enabled?(:ci_custom_yaml_tags, context.project, default_enabled: :yaml) - ::Gitlab::Ci::Config::Yaml.load!(content) - else - Gitlab::Config::Loader::Yaml.new(content).load! - end + ::Gitlab::Ci::Config::Yaml.load!(content) end rescue Gitlab::Config::Loader::FormatError nil diff --git a/lib/gitlab/ci/config/yaml.rb b/lib/gitlab/ci/config/yaml.rb index 03836d0a777..de833619c8d 100644 --- a/lib/gitlab/ci/config/yaml.rb +++ b/lib/gitlab/ci/config/yaml.rb @@ -7,7 +7,7 @@ module Gitlab AVAILABLE_TAGS = [Config::Yaml::Tags::Reference].freeze class << self - def load!(content, project: nil) + def load!(content) ensure_custom_tags Gitlab::Config::Loader::Yaml.new(content, additional_permitted_classes: AVAILABLE_TAGS).load!