Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2022-08-11 00:09:45 +00:00
parent 20a18d1f9b
commit 4f1e40017d
82 changed files with 457 additions and 263 deletions

View File

@ -392,7 +392,7 @@ That's all of the required database changes.
```
- [ ] Update `REGISTRY_CLASSES` in `ee/app/workers/geo/secondary/registry_consistency_worker.rb`.
- [ ] Add a custom factory name if needed in `def model_class_factory_name` in `ee/spec/services/geo/registry_consistency_service_spec.rb`.
- [ ] Add a custom factory name if needed in `def model_class_factory_name` in `ee/spec/support/helpers/ee/geo_helpers.rb`.
- [ ] Update `it 'creates missing registries for each registry class'` in `ee/spec/workers/geo/secondary/registry_consistency_worker_spec.rb`.
- [ ] Add `cool_widget_registry` to `ActiveSupport::Inflector.inflections` in `config/initializers_before_autoloader/000_inflections.rb`.
- [ ] Create `ee/spec/factories/geo/cool_widget_registry.rb`:
@ -539,11 +539,6 @@ Metrics are gathered by `Geo::MetricsUpdateWorker`, persisted in `GeoNodeStatus`
- `geo_cool_widgets_verification_total`
- `geo_cool_widgets_verified`
- `geo_cool_widgets_verification_failed`
- [ ] Add the following to the parameterized table in the `context 'Replicator stats' do` block in `ee/spec/models/geo_node_status_spec.rb`:
```ruby
Geo::CoolWidgetReplicator | :cool_widget | :geo_cool_widget_registry
```
Cool Widget replication and verification metrics should now be available in the API, the `Admin > Geo > Nodes` view, and Prometheus.

View File

@ -358,7 +358,7 @@ That's all of the required database changes.
```
- [ ] Update `REGISTRY_CLASSES` in `ee/app/workers/geo/secondary/registry_consistency_worker.rb`.
- [ ] Add a custom factory name if needed in `def model_class_factory_name` in `ee/spec/services/geo/registry_consistency_service_spec.rb`.
- [ ] Add a custom factory name if needed in `def model_class_factory_name` in `ee/spec/support/helpers/ee/geo_helpers.rb`.
- [ ] Update `it 'creates missing registries for each registry class'` in `ee/spec/workers/geo/secondary/registry_consistency_worker_spec.rb`.
- [ ] Add `cool_widget_registry` to `ActiveSupport::Inflector.inflections` in `config/initializers_before_autoloader/000_inflections.rb`.
- [ ] Create `ee/spec/factories/geo/cool_widget_registry.rb`:
@ -503,11 +503,6 @@ Metrics are gathered by `Geo::MetricsUpdateWorker`, persisted in `GeoNodeStatus`
- `geo_cool_widgets_verification_total`
- `geo_cool_widgets_verified`
- `geo_cool_widgets_verification_failed`
- [ ] Add the following to the parameterized table in the `context 'Replicator stats' do` block in `ee/spec/models/geo_node_status_spec.rb`:
```ruby
Geo::CoolWidgetReplicator | :cool_widget | :geo_cool_widget_registry
```
Cool Widget replication and verification metrics should now be available in the API, the `Admin > Geo > Nodes` view, and Prometheus.

View File

@ -208,27 +208,6 @@ Layout/HashAlignment:
- 'ee/spec/support/shared_examples/status_page/publish_shared_examples.rb'
- 'ee/spec/support/shared_examples/status_page/reference_links_examples.rb'
- 'ee/spec/workers/scan_security_report_secrets_worker_spec.rb'
- 'lib/api/applications.rb'
- 'lib/api/broadcast_messages.rb'
- 'lib/api/bulk_imports.rb'
- 'lib/api/ci/job_artifacts.rb'
- 'lib/api/ci/jobs.rb'
- 'lib/api/ci/pipelines.rb'
- 'lib/api/ci/runner.rb'
- 'lib/api/ci/runners.rb'
- 'lib/api/concerns/packages/debian_distribution_endpoints.rb'
- 'lib/api/debian_project_packages.rb'
- 'lib/api/deploy_tokens.rb'
- 'lib/api/entities/project.rb'
- 'lib/api/feature_flags.rb'
- 'lib/api/features.rb'
- 'lib/api/group_labels.rb'
- 'lib/api/group_packages.rb'
- 'lib/api/groups.rb'
- 'lib/api/helm_packages.rb'
- 'lib/api/helpers/groups_helpers.rb'
- 'lib/api/helpers/merge_requests_helpers.rb'
- 'lib/api/helpers/snippets_helpers.rb'
- 'lib/api/issue_links.rb'
- 'lib/api/issues.rb'
- 'lib/api/labels.rb'

View File

@ -2259,6 +2259,7 @@ class Project < ApplicationRecord
.concat(dependency_proxy_variables)
.concat(auto_devops_variables)
.concat(api_variables)
.concat(ci_template_variables)
end
end
@ -2312,6 +2313,12 @@ class Project < ApplicationRecord
end
end
def ci_template_variables
Gitlab::Ci::Variables::Collection.new.tap do |variables|
variables.append(key: 'CI_TEMPLATE_REGISTRY_HOST', value: 'registry.gitlab.com')
end
end
def dependency_proxy_variables
Gitlab::Ci::Variables::Collection.new.tap do |variables|
break variables unless Gitlab.config.dependency_proxy.enabled

View File

@ -49,13 +49,23 @@ module Groups
# We cannot include the file_saver with the other savers because
# it removes the tmp dir. This means that if we want to add new savers
# in EE the data won't be available.
if savers.all?(&:save) && file_saver.save
if save_exporters && file_saver.save
notify_success
else
notify_error!
end
end
def save_exporters
log_info('Group export started')
savers.all? do |exporter|
log_info("#{exporter.class.name} saver started")
exporter.save
end
end
def savers
[version_saver, tree_exporter]
end
@ -99,12 +109,16 @@ module Groups
raise Gitlab::ImportExport::Error, shared.errors.to_sentence
end
def notify_success
def log_info(message)
@logger.info(
message: 'Group Export succeeded',
message: message,
group_id: group.id,
group_name: group.name
)
end
def notify_success
log_info('Group Export succeeded')
notification_service.group_was_exported(group, current_user)
end

View File

@ -54,15 +54,21 @@ module Projects
end
def save_all!
log_info('Project export started')
if save_exporters && save_export_archive
notify_success
log_info('Project successfully exported')
else
notify_error!
end
end
def save_exporters
exporters.all?(&:save)
exporters.all? do |exporter|
log_info("#{exporter.class.name} saver started")
exporter.save
end
end
def save_export_archive
@ -127,11 +133,10 @@ module Projects
raise Gitlab::ImportExport::Error, shared.errors.to_sentence
end
def notify_success
def log_info(message)
logger.info(
message: 'Project successfully exported',
project_name: project.name,
project_id: project.id
message: message,
**log_base_data
)
end
@ -139,8 +144,7 @@ module Projects
logger.error(
message: 'Project export error',
export_errors: shared.errors.join(', '),
project_name: project.name,
project_id: project.id
**log_base_data
)
user = current_user
@ -150,6 +154,10 @@ module Projects
NotificationService.new.project_not_exported(project, user, errors)
end
end
def log_base_data
@log_base_data ||= Gitlab::ImportExport::LogUtil.exportable_to_log_payload(project)
end
end
end
end

View File

@ -355,8 +355,7 @@ After you use a recovery code, you cannot re-use it. You can still use the other
### Generate new recovery codes using SSH
Users often forget to save their recovery codes when enabling 2FA. If you added an SSH key to your
GitLab account, you can generate a new set of recovery codes with SSH:
If you forget to save your recovery codes when enabling 2FA, and you added an SSH key to your GitLab account, you can generate a new set of recovery codes with SSH:
1. In a terminal, run:

View File

@ -17,8 +17,10 @@ module API
requires :redirect_uri, type: String, desc: 'Application redirect URI'
requires :scopes, type: String, desc: 'Application scopes', allow_blank: false
optional :confidential, type: Boolean, default: true,
desc: 'Application will be used where the client secret is confidential'
optional :confidential,
type: Boolean,
default: true,
desc: 'Application will be used where the client secret is confidential'
end
post do
application = Doorkeeper::Application.new(declared_params)

View File

@ -37,8 +37,11 @@ module API
optional :ends_at, type: DateTime, desc: 'Ending time', default: -> { 1.hour.from_now }
optional :color, type: String, desc: 'Background color'
optional :font, type: String, desc: 'Foreground color'
optional :target_access_levels, type: Array[Integer], coerce_with: Validations::Types::CommaSeparatedToIntegerArray.coerce,
values: BroadcastMessage::ALLOWED_TARGET_ACCESS_LEVELS, desc: 'Target user roles'
optional :target_access_levels,
type: Array[Integer],
coerce_with: Validations::Types::CommaSeparatedToIntegerArray.coerce,
values: BroadcastMessage::ALLOWED_TARGET_ACCESS_LEVELS,
desc: 'Target user roles'
optional :target_path, type: String, desc: 'Target path'
optional :broadcast_type, type: String, values: BroadcastMessage.broadcast_types.keys, desc: 'Broadcast type. Defaults to banner', default: -> { 'banner' }
optional :dismissable, type: Boolean, desc: 'Is dismissable'
@ -79,8 +82,11 @@ module API
optional :ends_at, type: DateTime, desc: 'Ending time'
optional :color, type: String, desc: 'Background color'
optional :font, type: String, desc: 'Foreground color'
optional :target_access_levels, type: Array[Integer], coerce_with: Validations::Types::CommaSeparatedToIntegerArray.coerce,
values: BroadcastMessage::ALLOWED_TARGET_ACCESS_LEVELS, desc: 'Target user roles'
optional :target_access_levels,
type: Array[Integer],
coerce_with: Validations::Types::CommaSeparatedToIntegerArray.coerce,
values: BroadcastMessage::ALLOWED_TARGET_ACCESS_LEVELS,
desc: 'Target user roles'
optional :target_path, type: String, desc: 'Target path'
optional :broadcast_type, type: String, values: BroadcastMessage.broadcast_types.keys, desc: 'Broadcast Type'
optional :dismissable, type: Boolean, desc: 'Is dismissable'

View File

@ -44,12 +44,15 @@ module API
requires :access_token, type: String, desc: 'Access token to the source GitLab instance'
end
requires :entities, type: Array, desc: 'List of entities to import' do
requires :source_type, type: String, desc: 'Source entity type (only `group_entity` is supported)',
requires :source_type,
type: String,
desc: 'Source entity type (only `group_entity` is supported)',
values: %w[group_entity]
requires :source_full_path, type: String, desc: 'Source full path of the entity to import'
requires :destination_namespace, type: String, desc: 'Destination namespace for the entity'
optional :destination_slug, type: String, desc: 'Destination slug for the entity'
optional :destination_name, type: String,
optional :destination_name,
type: String,
desc: 'Deprecated: Use :destination_slug instead. Destination slug for the entity'
mutually_exclusive :destination_slug, :destination_name
@ -84,9 +87,9 @@ module API
params do
use :pagination
optional :sort, type: String, values: %w[asc desc], default: 'desc',
desc: 'Return GitLab Migrations sorted in created by `asc` or `desc` order.'
desc: 'Return GitLab Migrations sorted in created by `asc` or `desc` order.'
optional :status, type: String, values: BulkImport.all_human_statuses,
desc: 'Return GitLab Migrations with specified status'
desc: 'Return GitLab Migrations with specified status'
end
get do
present paginate(bulk_imports), with: Entities::BulkImport
@ -98,9 +101,9 @@ module API
params do
use :pagination
optional :sort, type: String, values: %w[asc desc], default: 'desc',
desc: 'Return GitLab Migrations sorted in created by `asc` or `desc` order.'
desc: 'Return GitLab Migrations sorted in created by `asc` or `desc` order.'
optional :status, type: String, values: ::BulkImports::Entity.all_human_statuses,
desc: "Return all GitLab Migrations' entities with specified status"
desc: "Return all GitLab Migrations' entities with specified status"
end
get :entities do
entities = ::BulkImports::EntitiesFinder.new(
@ -127,7 +130,7 @@ module API
params do
requires :import_id, type: Integer, desc: "The ID of user's GitLab Migration"
optional :status, type: String, values: ::BulkImports::Entity.all_human_statuses,
desc: 'Return import entities with specified status'
desc: 'Return import entities with specified status'
use :pagination
end
get ':import_id/entities' do

View File

@ -30,15 +30,16 @@ module API
requires :job, type: String, desc: 'The name for the job'
end
route_setting :authentication, job_token_allowed: true
get ':id/jobs/artifacts/:ref_name/download', urgency: :low,
requirements: { ref_name: /.+/ } do
authorize_download_artifacts!
get ':id/jobs/artifacts/:ref_name/download',
urgency: :low,
requirements: { ref_name: /.+/ } do
authorize_download_artifacts!
latest_build = user_project.latest_successful_build_for_ref!(params[:job], params[:ref_name])
authorize_read_job_artifacts!(latest_build)
latest_build = user_project.latest_successful_build_for_ref!(params[:job], params[:ref_name])
authorize_read_job_artifacts!(latest_build)
present_artifacts_file!(latest_build.artifacts_file)
end
present_artifacts_file!(latest_build.artifacts_file)
end
desc 'Download a specific file from artifacts archive from a ref' do
detail 'This feature was introduced in GitLab 11.5'
@ -49,21 +50,22 @@ module API
requires :artifact_path, type: String, desc: 'Artifact path'
end
route_setting :authentication, job_token_allowed: true
get ':id/jobs/artifacts/:ref_name/raw/*artifact_path', urgency: :low,
format: false,
requirements: { ref_name: /.+/ } do
authorize_download_artifacts!
get ':id/jobs/artifacts/:ref_name/raw/*artifact_path',
urgency: :low,
format: false,
requirements: { ref_name: /.+/ } do
authorize_download_artifacts!
build = user_project.latest_successful_build_for_ref!(params[:job], params[:ref_name])
authorize_read_job_artifacts!(build)
build = user_project.latest_successful_build_for_ref!(params[:job], params[:ref_name])
authorize_read_job_artifacts!(build)
path = Gitlab::Ci::Build::Artifacts::Path
.new(params[:artifact_path])
path = Gitlab::Ci::Build::Artifacts::Path
.new(params[:artifact_path])
bad_request! unless path.valid?
bad_request! unless path.valid?
send_artifacts_entry(build.artifacts_file, path)
end
send_artifacts_entry(build.artifacts_file, path)
end
desc 'Download the artifacts archive from a job' do
detail 'This feature was introduced in GitLab 8.5'

View File

@ -152,8 +152,8 @@ module API
end
params do
requires :job_id, type: Integer, desc: 'The ID of a Job'
optional :job_variables_attributes, type: Array,
desc: 'User defined variables that will be included when running the job' do
optional :job_variables_attributes,
type: Array, desc: 'User defined variables that will be included when running the job' do
requires :key, type: String, desc: 'The name of the variable'
requires :value, type: String, desc: 'The value of the variable'
end

View File

@ -21,17 +21,17 @@ module API
helpers do
params :optional_scope do
optional :scope, types: [String, Array[String]], desc: 'The scope of builds to show',
values: ::CommitStatus::AVAILABLE_STATUSES,
coerce_with: ->(scope) {
case scope
when String
[scope]
when ::Array
scope
else
['unknown']
end
}
values: ::CommitStatus::AVAILABLE_STATUSES,
coerce_with: ->(scope) {
case scope
when String
[scope]
when ::Array
scope
else
['unknown']
end
}
end
end

View File

@ -256,7 +256,7 @@ module API
optional :filesize, type: Integer, desc: %q(Artifacts filesize)
optional :artifact_type, type: String, desc: %q(The type of artifact),
default: 'archive', values: ::Ci::JobArtifact.file_types.keys
default: 'archive', values: ::Ci::JobArtifact.file_types.keys
end
post '/:id/artifacts/authorize', feature_category: :build_artifacts, urgency: :low do
not_allowed! unless Gitlab.config.artifacts.enabled
@ -289,9 +289,9 @@ module API
optional :token, type: String, desc: %q(Job's authentication token)
optional :expire_in, type: String, desc: %q(Specify when artifacts should expire)
optional :artifact_type, type: String, desc: %q(The type of artifact),
default: 'archive', values: ::Ci::JobArtifact.file_types.keys
default: 'archive', values: ::Ci::JobArtifact.file_types.keys
optional :artifact_format, type: String, desc: %q(The format of artifact),
default: 'zip', values: ::Ci::JobArtifact.file_formats.keys
default: 'zip', values: ::Ci::JobArtifact.file_formats.keys
optional :metadata, type: ::API::Validations::Types::WorkhorseFile, desc: %(The artifact metadata to store (generated by Multipart middleware))
end
post '/:id/artifacts', feature_category: :build_artifacts, urgency: :low do

View File

@ -16,7 +16,7 @@ module API
end
params do
optional :scope, type: String, values: ::Ci::Runner::AVAILABLE_STATUSES,
desc: 'The scope of specific runners to show'
desc: 'The scope of specific runners to show'
optional :type, type: String, values: ::Ci::Runner::AVAILABLE_TYPES,
desc: 'The type of the runners to show'
optional :paused, type: Boolean, desc: 'Whether to include only runners that are accepting or ignoring new jobs'
@ -38,7 +38,7 @@ module API
end
params do
optional :scope, type: String, values: ::Ci::Runner::AVAILABLE_SCOPES,
desc: 'The scope of specific runners to show'
desc: 'The scope of specific runners to show'
optional :type, type: String, values: ::Ci::Runner::AVAILABLE_TYPES,
desc: 'The type of the runners to show'
optional :paused, type: Boolean, desc: 'Whether to include only runners that are accepting or ignoring new jobs'
@ -159,7 +159,7 @@ module API
end
params do
optional :scope, type: String, values: ::Ci::Runner::AVAILABLE_SCOPES,
desc: 'The scope of specific runners to show'
desc: 'The scope of specific runners to show'
optional :type, type: String, values: ::Ci::Runner::AVAILABLE_TYPES,
desc: 'The type of the runners to show'
optional :paused, type: Boolean, desc: 'Whether to include only runners that are accepting or ignoring new jobs'
@ -225,10 +225,10 @@ module API
end
params do
optional :type, type: String, values: ::Ci::Runner::AVAILABLE_TYPES,
desc: 'The type of the runners to show'
desc: 'The type of the runners to show'
optional :paused, type: Boolean, desc: 'Whether to include only runners that are accepting or ignoring new jobs'
optional :status, type: String, values: ::Ci::Runner::AVAILABLE_STATUSES,
desc: 'The status of the runners to show'
desc: 'The status of the runners to show'
optional :tag_list, type: Array[String], coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce, desc: 'The tags of the runners to show'
use :pagination
end

View File

@ -33,13 +33,13 @@ module API
optional :valid_time_duration_seconds, type: Integer, desc: 'The duration before the Release file should be considered expired by the client'
optional :components, type: Array[String],
coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce,
regexp: Gitlab::Regex.debian_component_regex,
desc: 'The list of Components'
coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce,
regexp: Gitlab::Regex.debian_component_regex,
desc: 'The list of Components'
optional :architectures, type: Array[String],
coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce,
regexp: Gitlab::Regex.debian_architecture_regex,
desc: 'The list of Architectures'
coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce,
regexp: Gitlab::Regex.debian_architecture_regex,
desc: 'The list of Architectures'
end
end

View File

@ -73,10 +73,10 @@ module API
bad_request!('File is too large') if authorized_user_project.actual_limits.exceeded?(:debian_max_file_size, params[:file].size)
file_params = {
file: params['file'],
file_name: params['file_name'],
file_sha1: params['file.sha1'],
file_md5: params['file.md5']
file: params['file'],
file_name: params['file_name'],
file_sha1: params['file.sha1'],
file_md5: params['file.md5']
}
package = ::Packages::Debian::FindOrCreateIncomingService.new(authorized_user_project, current_user).execute

View File

@ -71,8 +71,11 @@ module API
params do
requires :name, type: String, desc: "New deploy token's name"
requires :scopes, type: Array[String], coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce, values: ::DeployToken::AVAILABLE_SCOPES.map(&:to_s),
desc: 'Indicates the deploy token scopes. Must be at least one of "read_repository", "read_registry", "write_registry", "read_package_registry", or "write_package_registry".'
requires :scopes,
type: Array[String],
coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce,
values: ::DeployToken::AVAILABLE_SCOPES.map(&:to_s),
desc: 'Indicates the deploy token scopes. Must be at least one of "read_repository", "read_registry", "write_registry", "read_package_registry", or "write_package_registry".'
optional :expires_at, type: DateTime, desc: 'Expiration date for the deploy token. Does not expire if no value is provided.'
optional :username, type: String, desc: 'Username for deploy token. Default is `gitlab+deploy-token-{n}`'
end
@ -152,8 +155,11 @@ module API
params do
requires :name, type: String, desc: 'The name of the deploy token'
requires :scopes, type: Array[String], coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce, values: ::DeployToken::AVAILABLE_SCOPES.map(&:to_s),
desc: 'Indicates the deploy token scopes. Must be at least one of "read_repository", "read_registry", "write_registry", "read_package_registry", or "write_package_registry".'
requires :scopes,
type: Array[String],
coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce,
values: ::DeployToken::AVAILABLE_SCOPES.map(&:to_s),
desc: 'Indicates the deploy token scopes. Must be at least one of "read_repository", "read_registry", "write_registry", "read_package_registry", or "write_package_registry".'
optional :expires_at, type: DateTime, desc: 'Expiration date for the deploy token. Does not expire if no value is provided.'
optional :username, type: String, desc: 'Username for deploy token. Default is `gitlab+deploy-token-{n}`'
end

View File

@ -156,7 +156,11 @@ module API
authorize!(:destroy_deployment, deployment)
destroy_conditionally!(deployment) do
::Ci::Deployments::DestroyService.new(user_project, current_user).execute(deployment)
result = ::Ci::Deployments::DestroyService.new(user_project, current_user).execute(deployment)
if result[:status] == :error
render_api_error!(result[:message], result[:http_status] || 400)
end
end
end

View File

@ -47,8 +47,9 @@ module API
expose :visibility
expose :owner, using: Entities::UserBasic, unless: ->(project, options) { project.group }
expose :resolve_outdated_diff_discussions
expose :container_expiration_policy, using: Entities::ContainerExpirationPolicy,
if: -> (project, _) { project.container_expiration_policy }
expose :container_expiration_policy,
using: Entities::ContainerExpirationPolicy,
if: -> (project, _) { project.container_expiration_policy }
# Expose old field names with the new permissions methods to keep API compatible
# TODO: remove in API v5, replaced by *_access_level

View File

@ -24,8 +24,10 @@ module API
success ::API::Entities::FeatureFlag
end
params do
optional :scope, type: String, desc: 'The scope of feature flags',
values: %w[enabled disabled]
optional :scope,
type: String,
desc: 'The scope of feature flags',
values: %w[enabled disabled]
use :pagination
end
get do

View File

@ -69,11 +69,14 @@ module API
optional :key, type: String, desc: '`percentage_of_actors` or the default `percentage_of_time`'
optional :feature_group, type: String, desc: 'A Feature group name'
optional :user, type: String, desc: 'A GitLab username or comma-separated multiple usernames'
optional :group, type: String,
optional :group,
type: String,
desc: "A GitLab group's path, such as 'gitlab-org', or comma-separated multiple group paths"
optional :namespace, type: String,
optional :namespace,
type: String,
desc: "A GitLab group or user namespace path, such as 'john-doe', or comma-separated multiple namespace paths"
optional :project, type: String,
optional :project,
type: String,
desc: "A projects path, such as `gitlab-org/gitlab-ce`, or comma-separated multiple project paths"
optional :force, type: Boolean, desc: 'Skip feature flag validation checks, ie. YAML definition'

View File

@ -19,15 +19,24 @@ module API
success Entities::GroupLabel
end
params do
optional :with_counts, type: Boolean, default: false,
optional :with_counts,
type: Boolean,
default: false,
desc: 'Include issue and merge request counts'
optional :include_ancestor_groups, type: Boolean, default: true,
optional :include_ancestor_groups,
type: Boolean,
default: true,
desc: 'Include ancestor groups'
optional :include_descendant_groups, type: Boolean, default: false,
optional :include_descendant_groups,
type: Boolean,
default: false,
desc: 'Include descendant groups. This feature was added in GitLab 13.6'
optional :only_group_labels, type: Boolean, default: true,
optional :only_group_labels,
type: Boolean,
default: true,
desc: 'Toggle to include only group labels or also project labels. This feature was added in GitLab 13.6'
optional :search, type: String,
optional :search,
type: String,
desc: 'Keyword to filter labels by. This feature was added in GitLab 13.6'
use :pagination
end
@ -40,11 +49,17 @@ module API
success Entities::GroupLabel
end
params do
optional :include_ancestor_groups, type: Boolean, default: true,
optional :include_ancestor_groups,
type: Boolean,
default: true,
desc: 'Include ancestor groups'
optional :include_descendant_groups, type: Boolean, default: false,
optional :include_descendant_groups,
type: Boolean,
default: false,
desc: 'Include descendant groups. This feature was added in GitLab 13.6'
optional :only_group_labels, type: Boolean, default: true,
optional :only_group_labels,
type: Boolean,
default: true,
desc: 'Toggle to include only group labels or also project labels. This feature was added in GitLab 13.6'
end
get ':id/labels/:name' do

View File

@ -24,17 +24,29 @@ module API
end
params do
use :pagination
optional :order_by, type: String, values: %w[created_at name version type project_path], default: 'created_at',
desc: 'Return packages ordered by `created_at`, `name`, `version` or `type` fields.'
optional :sort, type: String, values: %w[asc desc], default: 'asc',
desc: 'Return packages sorted in `asc` or `desc` order.'
optional :package_type, type: String, values: Packages::Package.package_types.keys,
desc: 'Return packages of a certain type'
optional :package_name, type: String,
desc: 'Return packages with this name'
optional :include_versionless, type: Boolean,
desc: 'Returns packages without a version'
optional :status, type: String, values: Packages::Package.statuses.keys,
optional :order_by,
type: String,
values: %w[created_at name version type project_path],
default: 'created_at',
desc: 'Return packages ordered by `created_at`, `name`, `version` or `type` fields.'
optional :sort,
type: String,
values: %w[asc desc],
default: 'asc',
desc: 'Return packages sorted in `asc` or `desc` order.'
optional :package_type,
type: String,
values: Packages::Package.package_types.keys,
desc: 'Return packages of a certain type'
optional :package_name,
type: String,
desc: 'Return packages with this name'
optional :include_versionless,
type: Boolean,
desc: 'Returns packages without a version'
optional :status,
type: String,
values: Packages::Package.statuses.keys,
desc: 'Return packages with specified status'
end
get ':id/packages' do

View File

@ -394,9 +394,10 @@ module API
desc 'Transfer a group to a new parent group or promote a subgroup to a root group'
params do
optional :group_id, type: Integer,
desc: 'The ID of the target group to which the group needs to be transferred to.'\
'If not provided, the source group will be promoted to a root group.'
optional :group_id,
type: Integer,
desc: 'The ID of the target group to which the group needs to be transferred to.'\
'If not provided, the source group will be promoted to a root group.'
end
post ':id/transfer', feature_category: :subgroups do
group = find_group!(params[:id])

View File

@ -100,7 +100,7 @@ module API
).execute(:helm, name: ::Packages::Helm::TEMPORARY_PACKAGE_NAME)
chart_params = {
file: params[:chart],
file: params[:chart],
file_name: PACKAGE_FILENAME
}

View File

@ -9,8 +9,8 @@ module API
params :optional_params_ce do
optional :description, type: String, desc: 'The description of the group'
optional :visibility, type: String,
values: Gitlab::VisibilityLevel.string_values,
desc: 'The visibility of the group'
values: Gitlab::VisibilityLevel.string_values,
desc: 'The visibility of the group'
# TODO: remove rubocop disable - https://gitlab.com/gitlab-org/gitlab/issues/14960
optional :avatar, type: File, desc: 'Avatar image for the group' # rubocop:disable Scalability/FileUploads
optional :share_with_group_lock, type: Boolean, desc: 'Prevent sharing a project with another group within this group'

View File

@ -17,7 +17,9 @@ module API
types: [Integer, String],
integer_none_any: true,
desc: 'Return merge requests which are assigned to the user with the given ID'
optional :assignee_username, type: Array[String], check_assignees_count: true,
optional :assignee_username,
type: Array[String],
check_assignees_count: true,
coerce_with: Validations::Validators::CheckAssigneesCount.coerce,
desc: 'Return merge requests which are assigned to the user with the given username'
mutually_exclusive :assignee_id, :assignee_username

View File

@ -29,9 +29,10 @@ module API
params :update_file_params do |options|
optional :files, type: Array, desc: 'An array of files to update' do
requires :action, type: String,
values: SnippetInputAction::ACTIONS.map(&:to_s),
desc: "The type of action to perform on the file, must be one of: #{SnippetInputAction::ACTIONS.join(", ")}"
requires :action,
type: String,
values: SnippetInputAction::ACTIONS.map(&:to_s),
desc: "The type of action to perform on the file, must be one of: #{SnippetInputAction::ACTIONS.join(", ")}"
optional :content, type: String, desc: 'The content of a snippet'
optional :file_path, file_path: true, type: String, desc: 'The file path of a snippet file'
optional :previous_path, file_path: true, type: String, desc: 'The previous path of a snippet file'

View File

@ -26,7 +26,6 @@ variables:
TF_VAR_SERVICE_DESK_EMAIL: incoming+${CI_PROJECT_PATH_SLUG}-${CI_PROJECT_ID}-issue-@incoming.gitlab.com
TF_VAR_SHORT_ENVIRONMENT_NAME: ${CI_PROJECT_ID}-${CI_COMMIT_REF_SLUG}
TF_VAR_SMTP_FROM: ${SMTP_FROM}
TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
cache:
paths:
@ -40,7 +39,7 @@ cache:
terraform_apply:
stage: provision
image: "$TEMPLATE_REGISTRY_HOST/gitlab-org/5-minute-production-app/deploy-template/stable"
image: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/5-minute-production-app/deploy-template/stable"
extends: .needs_aws_vars
resource_group: terraform
before_script:
@ -54,7 +53,7 @@ terraform_apply:
deploy:
stage: deploy
image: "$TEMPLATE_REGISTRY_HOST/gitlab-org/5-minute-production-app/deploy-template/stable"
image: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/5-minute-production-app/deploy-template/stable"
extends: .needs_aws_vars
resource_group: deploy
before_script:
@ -75,7 +74,7 @@ terraform_destroy:
variables:
GIT_STRATEGY: none
stage: destroy
image: "$TEMPLATE_REGISTRY_HOST/gitlab-org/5-minute-production-app/deploy-template/stable"
image: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/5-minute-production-app/deploy-template/stable"
before_script:
- cp /*.tf .
- cp /deploy.sh .

View File

@ -24,7 +24,6 @@
variables:
TEST_ROOT: ${CI_PROJECT_DIR}/my_folder_with_terraform_content
TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
default:
before_script:
@ -32,7 +31,7 @@ default:
init_and_plan:
stage: build
image: "$TEMPLATE_REGISTRY_HOST/gitlab-org/terraform-images/releases/0.13"
image: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/terraform-images/releases/0.13"
rules:
- if: $SAST_DISABLED
when: never

View File

@ -1,10 +1,9 @@
variables:
AUTO_BUILD_IMAGE_VERSION: 'v1.14.0'
TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
build:
stage: build
image: '${TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-build-image:${AUTO_BUILD_IMAGE_VERSION}'
image: '${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-build-image:${AUTO_BUILD_IMAGE_VERSION}'
variables:
DOCKER_TLS_CERTDIR: ''
services:

View File

@ -1,10 +1,9 @@
variables:
AUTO_BUILD_IMAGE_VERSION: 'v1.14.0'
TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
build:
stage: build
image: '${TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-build-image:${AUTO_BUILD_IMAGE_VERSION}'
image: '${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-build-image:${AUTO_BUILD_IMAGE_VERSION}'
variables:
DOCKER_TLS_CERTDIR: ''
services:

View File

@ -1,11 +1,8 @@
variables:
TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
stages:
- provision
cloud_formation:
image: '${TEMPLATE_REGISTRY_HOST}/gitlab-org/cloud-deploy/aws-cloudformation:latest'
image: '${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cloud-deploy/aws-cloudformation:latest'
stage: provision
script:
- gl-cloudformation create-stack

View File

@ -8,8 +8,7 @@ code_quality:
variables:
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: ""
TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
CODE_QUALITY_IMAGE: "$TEMPLATE_REGISTRY_HOST/gitlab-org/ci-cd/codequality:0.85.29"
CODE_QUALITY_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/ci-cd/codequality:0.85.29"
needs: []
script:
- export SOURCE_CODE=$PWD

View File

@ -1,9 +1,8 @@
variables:
DAST_AUTO_DEPLOY_IMAGE_VERSION: 'v2.33.0'
TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
.dast-auto-deploy:
image: "${TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${DAST_AUTO_DEPLOY_IMAGE_VERSION}"
image: "${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${DAST_AUTO_DEPLOY_IMAGE_VERSION}"
.common_rules: &common_rules
- if: $CI_DEFAULT_BRANCH != $CI_COMMIT_REF_NAME
@ -58,7 +57,7 @@ stop_dast_environment:
when: always
.ecs_image:
image: '${TEMPLATE_REGISTRY_HOST}/gitlab-org/cloud-deploy/aws-ecs:latest'
image: '${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cloud-deploy/aws-ecs:latest'
.ecs_rules: &ecs_rules
- if: $AUTO_DEVOPS_PLATFORM_TARGET != "ECS"

View File

@ -11,8 +11,7 @@
variables:
# Setting this variable will affect all Security templates
# (SAST, Dependency Scanning, ...)
TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products"
SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
DS_EXCLUDED_ANALYZERS: ""
DS_EXCLUDED_PATHS: "spec, test, tests, tmp"
DS_MAJOR_VERSION: 3

View File

@ -1,9 +1,8 @@
variables:
AUTO_DEPLOY_IMAGE_VERSION: 'v2.33.0'
TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
.auto-deploy:
image: "${TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${AUTO_DEPLOY_IMAGE_VERSION}"
image: "${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${AUTO_DEPLOY_IMAGE_VERSION}"
dependencies: []
review:

View File

@ -1,9 +1,8 @@
variables:
AUTO_DEPLOY_IMAGE_VERSION: 'v2.33.0'
TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
.auto-deploy:
image: "${TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${AUTO_DEPLOY_IMAGE_VERSION}"
image: "${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${AUTO_DEPLOY_IMAGE_VERSION}"
dependencies: []
review:

View File

@ -1,12 +1,9 @@
variables:
TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
stages:
- review
- production
.push-and-deploy:
image: '${TEMPLATE_REGISTRY_HOST}/gitlab-org/cloud-deploy/aws-ec2:latest'
image: '${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cloud-deploy/aws-ec2:latest'
script:
- gl-ec2 push-to-s3
- gl-ec2 deploy-to-ec2

View File

@ -7,11 +7,8 @@
# then result in potentially breaking your future pipelines.
#
# More about including CI templates: https://docs.gitlab.com/ee/ci/yaml/#includetemplate
variables:
TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
.ecs_image:
image: '${TEMPLATE_REGISTRY_HOST}/gitlab-org/cloud-deploy/aws-ecs:latest'
image: '${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cloud-deploy/aws-ecs:latest'
.deploy_to_ecs:
extends: .ecs_image

View File

@ -3,11 +3,8 @@
#
# To use, set the CI variable MIGRATE_HELM_2TO3 to "true".
# For more details, go to https://docs.gitlab.com/ee/topics/autodevops/upgrading_auto_deploy_dependencies.html#helm-v3
variables:
TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
.helm-2to3-migrate:
image: "${TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/helm-install-image/releases/helm-2to3-2.17.0-3.5.3-kube-1.16.15-alpine-3.12"
image: "${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/helm-install-image/releases/helm-2to3-2.17.0-3.5.3-kube-1.16.15-alpine-3.12"
# NOTE: We use the deploy stage because:
# - It exists in all versions of Auto DevOps.
# - It is _empty_.
@ -56,7 +53,7 @@ variables:
done
.helm-2to3-cleanup:
image: "${TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/helm-install-image/releases/helm-2to3-2.17.0-3.5.3-kube-1.16.15-alpine-3.12"
image: "${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/helm-install-image/releases/helm-2to3-2.17.0-3.5.3-kube-1.16.15-alpine-3.12"
stage: cleanup
environment:
action: prepare

View File

@ -11,8 +11,7 @@
variables:
# Setting this variable will affect all Security templates
# (SAST, Dependency Scanning, ...)
TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products"
SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
LICENSE_MANAGEMENT_SETUP_CMD: '' # If needed, specify a command to setup your environment with a custom package manager.
LICENSE_MANAGEMENT_VERSION: 4

View File

@ -6,8 +6,7 @@
variables:
# Setting this variable will affect all Security templates
# (SAST, Dependency Scanning, ...)
TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products"
SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
SAST_IMAGE_SUFFIX: ""
SAST_EXCLUDED_PATHS: "spec, test, tests, tmp"

View File

@ -6,8 +6,7 @@
variables:
# Setting this variable will affect all Security templates
# (SAST, Dependency Scanning, ...)
TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products"
SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
SAST_IMAGE_SUFFIX: ""
SAST_EXCLUDED_PATHS: "spec, test, tests, tmp"

View File

@ -6,8 +6,7 @@
variables:
# Setting this variable will affect all Security templates
# (SAST, Dependency Scanning, ...)
TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products"
SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
SAST_IMAGE_SUFFIX: ""
SAST_EXCLUDED_ANALYZERS: ""

View File

@ -6,8 +6,7 @@
variables:
# Setting this variable will affect all Security templates
# (SAST, Dependency Scanning, ...)
TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products"
SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
SAST_IMAGE_SUFFIX: ""
SAST_EXCLUDED_ANALYZERS: ""

View File

@ -5,8 +5,7 @@
# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables
variables:
TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products"
SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
SECRET_DETECTION_IMAGE_SUFFIX: ""
SECRETS_ANALYZER_VERSION: "4"

View File

@ -5,8 +5,7 @@
# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables
variables:
TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products"
SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
SECRET_DETECTION_IMAGE_SUFFIX: ""
SECRETS_ANALYZER_VERSION: "4"

View File

@ -6,11 +6,10 @@
---
# All available Hugo versions are listed here:
# https://gitlab.com/pages/hugo/container_registry
image: "${TEMPLATE_REGISTRY_HOST}/pages/hugo:latest"
image: "${CI_TEMPLATE_REGISTRY_HOST}/pages/hugo:latest"
variables:
GIT_SUBMODULE_STRATEGY: recursive
TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
test:
script:

View File

@ -24,8 +24,7 @@
variables:
# Setting this variable affects all Security templates
# (SAST, Dependency Scanning, ...)
TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products"
SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
#
FUZZAPI_VERSION: "2"
FUZZAPI_IMAGE_SUFFIX: ""

View File

@ -24,8 +24,7 @@
variables:
# Setting this variable affects all Security templates
# (SAST, Dependency Scanning, ...)
TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products"
SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
#
FUZZAPI_VERSION: "2"
FUZZAPI_IMAGE_SUFFIX: ""

View File

@ -22,8 +22,7 @@
# List of available variables: https://docs.gitlab.com/ee/user/application_security/container_scanning/#available-variables
variables:
TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
CS_ANALYZER_IMAGE: "$TEMPLATE_REGISTRY_HOST/security-products/container-scanning:5"
CS_ANALYZER_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/security-products/container-scanning:5"
container_scanning:
image: "$CS_ANALYZER_IMAGE$CS_IMAGE_SUFFIX"

View File

@ -24,8 +24,7 @@
variables:
# Setting this variable affects all Security templates
# (SAST, Dependency Scanning, ...)
TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products"
SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
#
DAST_API_VERSION: "2"
DAST_API_IMAGE_SUFFIX: ""

View File

@ -24,8 +24,7 @@
variables:
# Setting this variable affects all Security templates
# (SAST, Dependency Scanning, ...)
TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products"
SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
#
DAST_API_VERSION: "2"
DAST_API_IMAGE_SUFFIX: ""

View File

@ -10,8 +10,7 @@ stages:
- dast
variables:
TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products"
SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
DAST_API_VERSION: "2"
DAST_API_IMAGE_SUFFIX: ""
DAST_API_IMAGE: api-security

View File

@ -13,8 +13,7 @@ variables:
DAST_VERSION: 3
# Setting this variable will affect all Security templates
# (SAST, Dependency Scanning, ...)
TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products"
SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
dast:
stage: dast

View File

@ -11,12 +11,11 @@ stages:
variables:
DAST_RUNNER_VALIDATION_VERSION: 1
TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
validation:
stage: dast
image:
name: "$TEMPLATE_REGISTRY_HOST/security-products/dast-runner-validation:$DAST_RUNNER_VALIDATION_VERSION"
name: "$CI_TEMPLATE_REGISTRY_HOST/security-products/dast-runner-validation:$DAST_RUNNER_VALIDATION_VERSION"
variables:
GIT_STRATEGY: none
allow_failure: false

View File

@ -25,8 +25,7 @@ variables:
DAST_VERSION: 3
# Setting this variable will affect all Security templates
# (SAST, Dependency Scanning, ...)
TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products"
SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
dast:
stage: dast

View File

@ -25,8 +25,7 @@ variables:
DAST_VERSION: 3
# Setting this variable will affect all Security templates
# (SAST, Dependency Scanning, ...)
TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products"
SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
dast:
stage: dast

View File

@ -16,8 +16,7 @@
variables:
# Setting this variable will affect all Security templates
# (SAST, Dependency Scanning, ...)
TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products"
SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
SECURE_BINARIES_ANALYZERS: >-
bandit, brakeman, gosec, spotbugs, flawfinder, phpcs-security-audit, security-code-scan, nodejs-scan, eslint, secrets, sobelow, pmd-apex, kics, kubesec, semgrep, gemnasium, gemnasium-maven, gemnasium-python,
license-finder,
@ -247,7 +246,7 @@ dast-runner-validation:
extends: .download_images
variables:
SECURE_BINARIES_ANALYZER_VERSION: "1"
SECURE_BINARIES_IMAGE: "${TEMPLATE_REGISTRY_HOST}/security-products/${CI_JOB_NAME}:${SECURE_BINARIES_ANALYZER_VERSION}"
SECURE_BINARIES_IMAGE: "${CI_TEMPLATE_REGISTRY_HOST}/security-products/${CI_JOB_NAME}:${SECURE_BINARIES_ANALYZER_VERSION}"
only:
variables:
- $SECURE_BINARIES_DOWNLOAD_IMAGES == "true" &&

View File

@ -9,12 +9,11 @@
# There is a more opinionated template which we suggest the users to abide,
# which is the lib/gitlab/ci/templates/Terraform.gitlab-ci.yml
image:
name: "$TEMPLATE_REGISTRY_HOST/gitlab-org/terraform-images/releases/terraform:1.1.9"
name: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/terraform-images/releases/terraform:1.1.9"
variables:
TF_ROOT: ${CI_PROJECT_DIR} # The relative path to the root directory of the Terraform project
TF_STATE_NAME: ${TF_STATE_NAME:-default} # The name of the state file used by the GitLab Managed Terraform state backend
TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
cache:
key: "${TF_ROOT}"

View File

@ -10,12 +10,11 @@
# which is the lib/gitlab/ci/templates/Terraform.latest.gitlab-ci.yml
image:
name: "$TEMPLATE_REGISTRY_HOST/gitlab-org/terraform-images/stable:latest"
name: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/terraform-images/stable:latest"
variables:
TF_ROOT: ${CI_PROJECT_DIR} # The relative path to the root directory of the Terraform project
TF_STATE_NAME: ${TF_STATE_NAME:-default} # The name of the state file used by the GitLab Managed Terraform state backend
TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
cache:
key: "${TF_ROOT}"

View File

@ -4,10 +4,6 @@
# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Verify/Accessibility.gitlab-ci.yml
# Read more about the feature here: https://docs.gitlab.com/ee/user/project/merge_requests/accessibility_testing.html
variables:
TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
stages:
- build
- test
@ -16,7 +12,7 @@ stages:
a11y:
stage: accessibility
image: "$TEMPLATE_REGISTRY_HOST/gitlab-org/ci-cd/accessibility:6.2.3"
image: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/ci-cd/accessibility:6.2.3"
script:
- /gitlab-accessibility.sh "$a11y_urls"
allow_failure: true

View File

@ -18,11 +18,12 @@ module Gitlab
end
end
def initialize(exportable, relations_schema, json_writer, exportable_path:)
def initialize(exportable, relations_schema, json_writer, exportable_path:, logger: Gitlab::Export::Logger)
@exportable = exportable
@exportable_path = exportable_path
@relations_schema = relations_schema
@json_writer = json_writer
@logger = logger
end
def execute
@ -36,6 +37,8 @@ module Gitlab
end
def serialize_root(exportable_path = @exportable_path)
log_relation_export('root')
attributes = exportable.as_json(
relations_schema.merge(include: nil, preloads: nil, unsafe: true))
@ -60,9 +63,11 @@ module Gitlab
private
attr_reader :json_writer, :relations_schema, :exportable
attr_reader :json_writer, :relations_schema, :exportable, :logger
def serialize_many_relations(key, records, options)
log_relation_export(key, records.size)
enumerator = Enumerator.new do |items|
key_preloads = preloads&.dig(key)
@ -106,6 +111,8 @@ module Gitlab
end
def serialize_many_each(key, records, options)
log_relation_export(key, records.size)
enumerator = Enumerator.new do |items|
records.each do |record|
items << Raw.new(record.to_json(options))
@ -116,6 +123,8 @@ module Gitlab
end
def serialize_single_relation(key, record, options)
log_relation_export(key)
json = Raw.new(record.to_json(options))
json_writer.write_relation(@exportable_path, key, json)
@ -186,6 +195,18 @@ module Gitlab
record.merge_request_diff&.remove_cached_external_diff
end
def log_base_data
log = { importer: 'Import/Export' }
log.merge!(Gitlab::ImportExport::LogUtil.exportable_to_log_payload(exportable))
log
end
def log_relation_export(relation, size = nil)
message = "Exporting #{relation} relation"
message += ". Number of records to export: #{size}" if size
logger.info(message: message, **log_base_data)
end
end
end
end

View File

@ -0,0 +1,19 @@
# frozen_string_literal: true
module Gitlab
module ImportExport
class LogUtil
def self.exportable_to_log_payload(exportable)
attribute_base_name = exportable.class.name.underscore
return {} unless %w[project group].include?(attribute_base_name)
{}.tap do |log|
log[:"#{attribute_base_name}_id"] = exportable.id
log[:"#{attribute_base_name}_name"] = exportable.name
log[:"#{attribute_base_name}_path"] = exportable.full_path
end.compact
end
end
end
end

View File

@ -8,7 +8,7 @@ module Gitlab
attr_reader :full_path
def initialize(project:, current_user:, shared:, params: {}, logger: Gitlab::Import::Logger)
def initialize(project:, current_user:, shared:, params: {}, logger: Gitlab::Export::Logger)
@params = params
@project = project
@current_user = current_user
@ -49,7 +49,8 @@ module Gitlab
exportable,
reader.project_tree,
json_writer,
exportable_path: "project"
exportable_path: "project",
logger: @logger
)
Retriable.retriable(on: Net::OpenTimeout, on_retry: on_retry) do

View File

@ -95,14 +95,9 @@ module Gitlab
end
def log_base_data
log = {
importer: 'Import/Export',
exportable_id: @exportable&.id,
exportable_path: @exportable&.full_path
}
log = { importer: 'Import/Export' }
log.merge!(Gitlab::ImportExport::LogUtil.exportable_to_log_payload(@exportable))
log[:import_jid] = @exportable&.import_state&.jid if exportable_type == 'Project'
log
end

View File

@ -12,7 +12,7 @@ module Gitlab
redis: pool,
compress: Gitlab::Utils.to_boolean(ENV.fetch('ENABLE_REDIS_CACHE_COMPRESSION', '1')),
namespace: CACHE_NAMESPACE,
expires_in: 2.weeks # Cache should not grow forever
expires_in: ENV.fetch('GITLAB_RAILS_CACHE_DEFAULT_TTL_SECONDS', 2.weeks).to_i # Cache should not grow forever
}
end
end

View File

@ -139,7 +139,7 @@ describe('Pipeline Wizard - Step Page', () => {
await mockPrevClick();
await nextTick();
expect(wrapper.emitted().back).toBeTruthy();
expect(wrapper.emitted().back).toEqual(expect.arrayContaining([]));
});
it('lets "next" event bubble upwards', async () => {
@ -148,7 +148,7 @@ describe('Pipeline Wizard - Step Page', () => {
await mockNextClick();
await nextTick();
expect(wrapper.emitted().next).toBeTruthy();
expect(wrapper.emitted().next).toEqual(expect.arrayContaining([]));
});
});

View File

@ -308,7 +308,7 @@ describe('IssuableMoveDropdown', () => {
it('collapsed state element emits `toggle-collapse` event on component when clicked', () => {
wrapper.find('[data-testid="move-collapsed"]').trigger('click');
expect(wrapper.emitted('toggle-collapse')).toBeTruthy();
expect(wrapper.emitted('toggle-collapse')).toHaveLength(1);
});
it('gl-dropdown component calls `fetchProjects` on `shown` event', () => {
@ -337,7 +337,7 @@ describe('IssuableMoveDropdown', () => {
it('gl-dropdown component emits `dropdown-close` event on component from `hide` event', async () => {
findDropdownEl().vm.$emit('hide');
expect(wrapper.emitted('dropdown-close')).toBeTruthy();
expect(wrapper.emitted('dropdown-close')).toHaveLength(1);
});
it('close icon in dropdown header closes the dropdown when clicked', () => {
@ -372,7 +372,7 @@ describe('IssuableMoveDropdown', () => {
wrapper.find('[data-testid="footer"]').findComponent(GlButton).vm.$emit('click');
expect(wrapper.vm.$refs.dropdown.hide).toHaveBeenCalled();
expect(wrapper.emitted('move-issuable')).toBeTruthy();
expect(wrapper.emitted('move-issuable')).toHaveLength(1);
expect(wrapper.emitted('move-issuable')[0]).toEqual([mockProjects[0]]);
});
});

View File

@ -194,8 +194,8 @@ RSpec.describe GitlabSchema.types['Project'] do
expect(secure_analyzers['type']).to eq('string')
expect(secure_analyzers['field']).to eq('SECURE_ANALYZERS_PREFIX')
expect(secure_analyzers['label']).to eq('Image prefix')
expect(secure_analyzers['defaultValue']).to eq('$TEMPLATE_REGISTRY_HOST/security-products')
expect(secure_analyzers['value']).to eq('$TEMPLATE_REGISTRY_HOST/security-products')
expect(secure_analyzers['defaultValue']).to eq('$CI_TEMPLATE_REGISTRY_HOST/security-products')
expect(secure_analyzers['value']).to eq('$CI_TEMPLATE_REGISTRY_HOST/security-products')
expect(secure_analyzers['size']).to eq('LARGE')
expect(secure_analyzers['options']).to be_nil
end

View File

@ -3,6 +3,7 @@
require 'spec_helper'
RSpec.describe Gitlab::Ci::Variables::Builder do
include Ci::TemplateHelpers
let_it_be(:group) { create(:group) }
let_it_be(:project) { create(:project, :repository, namespace: group) }
let_it_be_with_reload(:pipeline) { create(:ci_pipeline, project: project) }
@ -92,6 +93,8 @@ RSpec.describe Gitlab::Ci::Variables::Builder do
value: project.pages_url },
{ key: 'CI_API_V4_URL',
value: API::Helpers::Version.new('v4').root_url },
{ key: 'CI_TEMPLATE_REGISTRY_HOST',
value: template_registry_host },
{ key: 'CI_PIPELINE_IID',
value: pipeline.iid.to_s },
{ key: 'CI_PIPELINE_SOURCE',

View File

@ -27,6 +27,7 @@ RSpec.describe Gitlab::ImportExport::Json::StreamingSerializer do
end
let(:exportable_path) { 'project' }
let(:logger) { Gitlab::Export::Logger.build }
let(:json_writer) { instance_double('Gitlab::ImportExport::Json::LegacyWriter') }
let(:hash) { { name: exportable.name, description: exportable.description }.stringify_keys }
let(:include) { [] }
@ -42,7 +43,7 @@ RSpec.describe Gitlab::ImportExport::Json::StreamingSerializer do
end
subject do
described_class.new(exportable, relations_schema, json_writer, exportable_path: exportable_path)
described_class.new(exportable, relations_schema, json_writer, exportable_path: exportable_path, logger: logger)
end
describe '#execute' do
@ -73,6 +74,21 @@ RSpec.describe Gitlab::ImportExport::Json::StreamingSerializer do
subject.execute
end
it 'logs the relation name and the number of records to export' do
allow(json_writer).to receive(:write_relation_array)
allow(logger).to receive(:info)
subject.execute
expect(logger).to have_received(:info).with(
importer: 'Import/Export',
message: "Exporting issues relation. Number of records to export: 16",
project_id: exportable.id,
project_name: exportable.name,
project_path: exportable.full_path
)
end
context 'default relation ordering' do
it 'orders exported issues by primary key(:id)' do
expected_issues = exportable.issues.reorder(:id).map(&:to_json)
@ -138,6 +154,21 @@ RSpec.describe Gitlab::ImportExport::Json::StreamingSerializer do
subject.execute
end
it 'logs the relation name' do
allow(json_writer).to receive(:write_relation)
allow(logger).to receive(:info)
subject.execute
expect(logger).to have_received(:info).with(
importer: 'Import/Export',
message: 'Exporting group relation',
project_id: exportable.id,
project_name: exportable.name,
project_path: exportable.full_path
)
end
end
context 'with array relation' do
@ -155,6 +186,21 @@ RSpec.describe Gitlab::ImportExport::Json::StreamingSerializer do
subject.execute
end
it 'logs the relation name and the number of records to export' do
allow(json_writer).to receive(:write_relation_array)
allow(logger).to receive(:info)
subject.execute
expect(logger).to have_received(:info).with(
importer: 'Import/Export',
message: 'Exporting project_members relation. Number of records to export: 1',
project_id: exportable.id,
project_name: exportable.name,
project_path: exportable.full_path
)
end
end
describe 'load balancing' do

View File

@ -0,0 +1,43 @@
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Gitlab::ImportExport::LogUtil do
describe '.exportable_to_log_payload' do
subject { described_class.exportable_to_log_payload(exportable) }
context 'when exportable is a group' do
let(:exportable) { build_stubbed(:group) }
it 'returns hash with group keys' do
expect(subject).to be_a(Hash)
expect(subject.keys).to eq(%i[group_id group_name group_path])
end
end
context 'when exportable is a project' do
let(:exportable) { build_stubbed(:project) }
it 'returns hash with project keys' do
expect(subject).to be_a(Hash)
expect(subject.keys).to eq(%i[project_id project_name project_path])
end
end
context 'when exportable is a new record' do
let(:exportable) { Project.new }
it 'returns empty hash' do
expect(subject).to eq({})
end
end
context 'when exportable is an unexpected type' do
let(:exportable) { build_stubbed(:issue) }
it 'returns empty hash' do
expect(subject).to eq({})
end
end
end
end

View File

@ -404,7 +404,7 @@ RSpec.describe Gitlab::ImportExport::Project::TreeSaver do
context 'when streaming has to retry', :aggregate_failures do
let(:shared) { double('shared', export_path: exportable_path) }
let(:logger) { Gitlab::Import::Logger.build }
let(:logger) { Gitlab::Export::Logger.build }
let(:serializer) { double('serializer') }
let(:error_class) { Net::OpenTimeout }
let(:info_params) do

View File

@ -68,12 +68,18 @@ RSpec.describe Gitlab::ImportExport::Shared do
expect(subject.errors).to eq(['Error importing into [FILTERED] Permission denied @ unlink_internal - [FILTERED]'])
end
it 'updates the import JID' do
it 'tracks exception' do
import_state = create(:import_state, project: project, jid: 'jid-test')
expect(Gitlab::ErrorTracking)
.to receive(:track_exception)
.with(error, hash_including(import_jid: import_state.jid))
.with(error, hash_including(
importer: 'Import/Export',
project_id: project.id,
project_name: project.name,
project_path: project.full_path,
import_jid: import_state.jid
))
subject.error(error)
end

View File

@ -15,4 +15,16 @@ RSpec.describe Gitlab::Redis::Cache do
expect(subject.send(:raw_config_hash)).to eq(url: 'redis://localhost:6380' )
end
end
describe '.active_support_config' do
it 'has a default ttl of 2 weeks' do
expect(described_class.active_support_config[:expires_in]).to eq(2.weeks)
end
it 'allows configuring the TTL through an env variable' do
stub_env('GITLAB_RAILS_CACHE_DEFAULT_TTL_SECONDS' => '86400')
expect(described_class.active_support_config[:expires_in]).to eq(1.day)
end
end
end

View File

@ -3,6 +3,7 @@
require 'spec_helper'
RSpec.describe Ci::Build do
include Ci::TemplateHelpers
let_it_be(:user) { create(:user) }
let_it_be(:group, reload: true) { create(:group) }
let_it_be(:project, reload: true) { create(:project, :repository, group: group) }
@ -2865,6 +2866,7 @@ RSpec.describe Ci::Build do
public: true,
masked: false },
{ key: 'CI_API_V4_URL', value: 'http://localhost/api/v4', public: true, masked: false },
{ key: 'CI_TEMPLATE_REGISTRY_HOST', value: template_registry_host, public: true, masked: false },
{ key: 'CI_PIPELINE_IID', value: pipeline.iid.to_s, public: true, masked: false },
{ key: 'CI_PIPELINE_SOURCE', value: pipeline.source, public: true, masked: false },
{ key: 'CI_PIPELINE_CREATED_AT', value: pipeline.created_at.iso8601, public: true, masked: false },

View File

@ -451,7 +451,7 @@ RSpec.describe API::Deployments do
describe 'DELETE /projects/:id/deployments/:deployment_id' do
let(:project) { create(:project, :repository) }
let(:environment) { create(:environment, project: project) }
let(:commits) { project.repository.commits(nil, { limit: 2 }) }
let(:commits) { project.repository.commits(nil, { limit: 3 }) }
let!(:deploy) do
create(
:deployment,
@ -475,12 +475,30 @@ RSpec.describe API::Deployments do
)
end
let!(:running_deploy) do
create(
:deployment,
:running,
project: project,
environment: environment,
deployable: nil,
sha: commits[2].sha
)
end
context 'as an maintainer' do
it 'deletes a deployment' do
delete api("/projects/#{project.id}/deployments/#{old_deploy.id}", user)
expect(response).to have_gitlab_http_status(:no_content)
end
it 'will not delete a running deployment' do
delete api("/projects/#{project.id}/deployments/#{running_deploy.id}", user)
expect(response).to have_gitlab_http_status(:bad_request)
expect(response.body).to include("Cannot destroy running deployment")
end
end
context 'as a developer' do

View File

@ -89,7 +89,21 @@ RSpec.describe Projects::ImportExport::ExportService do
context 'when all saver services succeed' do
before do
allow(service).to receive(:save_services).and_return(true)
allow(service).to receive(:save_exporters).and_return(true)
end
it 'logs a successful message' do
allow(Gitlab::ImportExport::Saver).to receive(:save).and_return(true)
expect(service.instance_variable_get(:@logger)).to receive(:info).ordered.with(
hash_including({ message: 'Project export started', project_id: project.id })
)
expect(service.instance_variable_get(:@logger)).to receive(:info).ordered.with(
hash_including({ message: 'Project successfully exported', project_id: project.id })
)
service.execute
end
it 'saves the project in the file system' do
@ -111,6 +125,7 @@ RSpec.describe Projects::ImportExport::ExportService do
end
it 'calls the after export strategy' do
allow(Gitlab::ImportExport::Saver).to receive(:save).and_return(true)
expect(after_export_strategy).to receive(:execute)
service.execute(after_export_strategy)
@ -119,7 +134,7 @@ RSpec.describe Projects::ImportExport::ExportService do
context 'when after export strategy fails' do
before do
allow(after_export_strategy).to receive(:execute).and_return(false)
expect(Gitlab::ImportExport::Saver).to receive(:save).with(exportable: project, shared: shared).and_return(true)
allow(Gitlab::ImportExport::Saver).to receive(:save).and_return(true)
end
after do
@ -140,7 +155,9 @@ RSpec.describe Projects::ImportExport::ExportService do
end
it 'notifies logger' do
expect(service.instance_variable_get(:@logger)).to receive(:error)
expect(service.instance_variable_get(:@logger)).to receive(:error).with(
hash_including({ message: 'Project export error', project_id: project.id })
)
end
end
end

View File

@ -16,7 +16,7 @@ RSpec.describe Security::CiConfiguration::SastParserService do
let(:bandit) { configuration['analyzers'][0] }
let(:brakeman) { configuration['analyzers'][1] }
let(:sast_brakeman_level) { brakeman['variables'][0] }
let(:secure_analyzers_prefix) { '$TEMPLATE_REGISTRY_HOST/security-products' }
let(:secure_analyzers_prefix) { '$CI_TEMPLATE_REGISTRY_HOST/security-products' }
it 'parses the configuration for SAST' do
expect(secure_analyzers['default_value']).to eql(secure_analyzers_prefix)