Add latest changes from gitlab-org/gitlab@master
This commit is contained in:
parent
d409d12963
commit
513726cb73
34 changed files with 811 additions and 140 deletions
16
app/graphql/types/ci/pipeline_message_type.rb
Normal file
16
app/graphql/types/ci/pipeline_message_type.rb
Normal file
|
@ -0,0 +1,16 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
module Types
|
||||
module Ci
|
||||
# rubocop: disable Graphql/AuthorizeTypes
|
||||
class PipelineMessageType < BaseObject
|
||||
graphql_name 'PipelineMessage'
|
||||
|
||||
field :id, GraphQL::Types::ID, null: false,
|
||||
description: 'ID of the pipeline message.'
|
||||
|
||||
field :content, GraphQL::Types::String, null: false,
|
||||
description: 'Content of the pipeline message.'
|
||||
end
|
||||
end
|
||||
end
|
|
@ -172,6 +172,9 @@ module Types
|
|||
description: 'Reference path to the branch from which the pipeline was triggered.',
|
||||
method: :source_ref_path
|
||||
|
||||
field :warning_messages, [Types::Ci::PipelineMessageType], null: true,
|
||||
description: 'Pipeline warning messages.'
|
||||
|
||||
def detailed_status
|
||||
object.detailed_status(current_user)
|
||||
end
|
||||
|
|
|
@ -10,9 +10,6 @@ module Clusters
|
|||
|
||||
self.table_name = 'cluster_agent_tokens'
|
||||
|
||||
# The `UPDATE_USED_COLUMN_EVERY` defines how often the token DB entry can be updated
|
||||
UPDATE_USED_COLUMN_EVERY = (40.minutes..55.minutes).freeze
|
||||
|
||||
belongs_to :agent, class_name: 'Clusters::Agent', optional: false
|
||||
belongs_to :created_by_user, class_name: 'User', optional: true
|
||||
|
||||
|
@ -28,41 +25,5 @@ module Clusters
|
|||
active: 0,
|
||||
revoked: 1
|
||||
}
|
||||
|
||||
def track_usage
|
||||
track_values = { last_used_at: Time.current.utc }
|
||||
|
||||
cache_attributes(track_values)
|
||||
|
||||
if can_update_track_values?
|
||||
log_activity_event!(track_values[:last_used_at]) unless agent.connected?
|
||||
|
||||
# Use update_column so updated_at is skipped
|
||||
update_columns(track_values)
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def can_update_track_values?
|
||||
# Use a random threshold to prevent beating DB updates.
|
||||
last_used_at_max_age = Random.rand(UPDATE_USED_COLUMN_EVERY)
|
||||
|
||||
real_last_used_at = read_attribute(:last_used_at)
|
||||
|
||||
# Handle too many updates from high token traffic
|
||||
real_last_used_at.nil? ||
|
||||
(Time.current - real_last_used_at) >= last_used_at_max_age
|
||||
end
|
||||
|
||||
def log_activity_event!(recorded_at)
|
||||
Clusters::Agents::CreateActivityEventService.new( # rubocop: disable CodeReuse/ServiceClass
|
||||
agent,
|
||||
kind: :agent_connected,
|
||||
level: :info,
|
||||
recorded_at: recorded_at,
|
||||
agent_token: self
|
||||
).execute
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
54
app/services/clusters/agent_tokens/track_usage_service.rb
Normal file
54
app/services/clusters/agent_tokens/track_usage_service.rb
Normal file
|
@ -0,0 +1,54 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
module Clusters
|
||||
module AgentTokens
|
||||
class TrackUsageService
|
||||
# The `UPDATE_USED_COLUMN_EVERY` defines how often the token DB entry can be updated
|
||||
UPDATE_USED_COLUMN_EVERY = (40.minutes..55.minutes).freeze
|
||||
|
||||
delegate :agent, to: :token
|
||||
|
||||
def initialize(token)
|
||||
@token = token
|
||||
end
|
||||
|
||||
def execute
|
||||
track_values = { last_used_at: Time.current.utc }
|
||||
|
||||
token.cache_attributes(track_values)
|
||||
|
||||
if can_update_track_values?
|
||||
log_activity_event!(track_values[:last_used_at]) unless agent.connected?
|
||||
|
||||
# Use update_column so updated_at is skipped
|
||||
token.update_columns(track_values)
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
attr_reader :token
|
||||
|
||||
def can_update_track_values?
|
||||
# Use a random threshold to prevent beating DB updates.
|
||||
last_used_at_max_age = Random.rand(UPDATE_USED_COLUMN_EVERY)
|
||||
|
||||
real_last_used_at = token.read_attribute(:last_used_at)
|
||||
|
||||
# Handle too many updates from high token traffic
|
||||
real_last_used_at.nil? ||
|
||||
(Time.current - real_last_used_at) >= last_used_at_max_age
|
||||
end
|
||||
|
||||
def log_activity_event!(recorded_at)
|
||||
Clusters::Agents::CreateActivityEventService.new(
|
||||
agent,
|
||||
kind: :agent_connected,
|
||||
level: :info,
|
||||
recorded_at: recorded_at,
|
||||
agent_token: token
|
||||
).execute
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,26 @@
|
|||
- name: "Enforced validation of security report schemas" # The name of the feature to be deprecated
|
||||
announcement_milestone: "14.7" # The milestone when this feature was first announced as deprecated.
|
||||
announcement_date: "2022-01-22" # The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
|
||||
removal_milestone: "15.0" # The milestone when this feature is planned to be removed
|
||||
body: | # Do not modify this line, instead modify the lines below.
|
||||
[Security report schemas](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/releases)
|
||||
versions earlier than 14.0.0 will no longer be supported in GitLab 15.0. Reports that do not pass validation
|
||||
against the schema version declared in the report will also no longer be supported in GitLab 15.0.
|
||||
|
||||
Security tools that [integrate with GitLab by outputting security reports](https://docs.gitlab.com/ee/development/integrations/secure.html#report)
|
||||
as pipeline job artifacts are affected. You must ensure that all output reports adhere to the correct
|
||||
schema with a minimum version of 14.0.0. Reports with a lower version or that fail to validate
|
||||
against the declared schema version will not be processed, and vulnerability
|
||||
findings will not display in MRs, pipelines, or Vulnerability Reports.
|
||||
|
||||
To help with the transition, from GitLab 14.10, non-compliant reports will display a
|
||||
[warning](https://gitlab.com/gitlab-org/gitlab/-/issues/335789#note_672853791)
|
||||
in the Vulnerability Report.
|
||||
# The following items are not published on the docs page, but may be used in the future.
|
||||
stage: Secure # (optional - may be required in the future) String value of the stage that the feature was created in. e.g., Growth
|
||||
tiers: [Core, Premium, Ultimate] # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
|
||||
issue_url: https://gitlab.com/groups/gitlab-org/-/epics/6968 # (optional) This is a link to the deprecation issue in GitLab
|
||||
documentation_url: # (optional) This is a link to the current documentation page
|
||||
image_url: # (optional) This is a link to a thumbnail image depicting the feature
|
||||
video_url: # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
|
||||
removal_date: # (optional - may be required in the future) YYYY-MM-DD format. This should almost always be the 22nd of a month (YYYY-MM-22), the date of the milestone release when this feature is planned to be removed
|
|
@ -0,0 +1,23 @@
|
|||
- name: "Container scanning schemas below 14.0.0" # The name of the feature to be deprecated
|
||||
announcement_milestone: "14.7" # The milestone when this feature was first announced as deprecated.
|
||||
announcement_date: "2022-01-22" # The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
|
||||
removal_milestone: "15.0" # The milestone when this feature is planned to be removed
|
||||
body: | # Do not modify this line, instead modify the lines below.
|
||||
[Container scanning report schemas](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/releases)
|
||||
versions earlier than 14.0.0 will no longer be supported in GitLab 15.0. Reports that do not pass validation
|
||||
against the schema version declared in the report will also no longer be supported in GitLab 15.0.
|
||||
|
||||
Third-party tools that [integrate with GitLab by outputting a container scanning security report](https://docs.gitlab.com/ee/development/integrations/secure.html#report)
|
||||
as a pipeline job artifact are affected. You must ensure that all output reports adhere to the correct schema with a minimum version of 14.0.0. Reports with a lower version or that fail to validate against the declared schema version will not be processed, and vulnerability findings will not display in MRs, pipelines, or Vulnerability Reports.
|
||||
|
||||
To help with the transition, from GitLab 14.10, non-compliant reports will display a
|
||||
[warning](https://gitlab.com/gitlab-org/gitlab/-/issues/335789#note_672853791)
|
||||
in the Vulnerability Report.
|
||||
# The following items are not published on the docs page, but may be used in the future.
|
||||
stage: # (optional - may be required in the future) String value of the stage that the feature was created in. e.g., Growth
|
||||
tiers: # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
|
||||
issue_url: # (optional) This is a link to the deprecation issue in GitLab
|
||||
documentation_url: # (optional) This is a link to the current documentation page
|
||||
image_url: # (optional) This is a link to a thumbnail image depicting the feature
|
||||
video_url: # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
|
||||
removal_date: # (optional - may be required in the future) YYYY-MM-DD format. This should almost always be the 22nd of a month (YYYY-MM-22), the date of the milestone release when this feature is planned to be removed
|
26
data/deprecations/14-6-coverage-fuzzing-schemas-below-14.yml
Normal file
26
data/deprecations/14-6-coverage-fuzzing-schemas-below-14.yml
Normal file
|
@ -0,0 +1,26 @@
|
|||
- name: "Coverage guided fuzzing schemas below 14.0.0" # The name of the feature to be deprecated
|
||||
announcement_milestone: "14.7" # The milestone when this feature was first announced as deprecated.
|
||||
announcement_date: "2022-01-22" # The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
|
||||
removal_milestone: "15.0" # The milestone when this feature is planned to be removed
|
||||
body: | # Do not modify this line, instead modify the lines below.
|
||||
[Coverage guided fuzzing report schemas](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/releases)
|
||||
below version 14.0.0 will no longer be supported in GitLab 15.0. Reports that do not pass validation
|
||||
against the schema version declared in the report will also no longer be supported in GitLab 15.0.
|
||||
|
||||
Third-party tools that [integrate with GitLab by outputting a coverage guided fuzzing security report](https://docs.gitlab.com/ee/development/integrations/secure.html#report)
|
||||
as a pipeline job artifact are affected. You must ensure that all output reports adhere to the correct
|
||||
schema with a minimum version of 14.0.0. Any reports with a lower version or that fail to validate
|
||||
against the declared schema version will not be processed, and vulnerability
|
||||
findings will not display in MRs, pipelines, or Vulnerability Reports.
|
||||
|
||||
To help with the transition, from GitLab 14.10, non-compliant reports will display a
|
||||
[warning](https://gitlab.com/gitlab-org/gitlab/-/issues/335789#note_672853791)
|
||||
in the Vulnerability Report.
|
||||
# The following items are not published on the docs page, but may be used in the future.
|
||||
stage: # (optional - may be required in the future) String value of the stage that the feature was created in. e.g., Growth
|
||||
tiers: # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
|
||||
issue_url: # (optional) This is a link to the deprecation issue in GitLab
|
||||
documentation_url: # (optional) This is a link to the current documentation page
|
||||
image_url: # (optional) This is a link to a thumbnail image depicting the feature
|
||||
video_url: # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
|
||||
removal_date: # (optional - may be required in the future) YYYY-MM-DD format. This should almost always be the 22nd of a month (YYYY-MM-22), the date of the milestone release when this feature is planned to be removed
|
26
data/deprecations/14-6-dast-schemas-below-14.yml
Normal file
26
data/deprecations/14-6-dast-schemas-below-14.yml
Normal file
|
@ -0,0 +1,26 @@
|
|||
- name: "DAST schemas below 14.0.0" # The name of the feature to be deprecated
|
||||
announcement_milestone: "14.7" # The milestone when this feature was first announced as deprecated.
|
||||
announcement_date: "2022-01-22" # The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
|
||||
removal_milestone: "15.0" # The milestone when this feature is planned to be removed
|
||||
body: | # Do not modify this line, instead modify the lines below.
|
||||
[DAST report schemas](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/releases)
|
||||
versions earlier than 14.0.0 will no longer be supported in GitLab 15.0. Reports that do not pass validation
|
||||
against the schema version declared in the report will also no longer be supported as of GitLab 15.0.
|
||||
|
||||
Third-party tools that [integrate with GitLab by outputting a DAST security report](https://docs.gitlab.com/ee/development/integrations/secure.html#report)
|
||||
as a pipeline job artifact are affected. You must ensure that all output reports adhere to the correct
|
||||
schema with a minimum version of 14.0.0. Reports with a lower version or that fail to validate
|
||||
against the declared schema version will not be processed, and vulnerability
|
||||
findings will not display in MRs, pipelines, or Vulnerability Reports.
|
||||
|
||||
To help with the transition, from GitLab 14.10, non-compliant reports will cause a
|
||||
[warning to be displayed](https://gitlab.com/gitlab-org/gitlab/-/issues/335789#note_672853791)
|
||||
in the Vulnerability Report.
|
||||
# The following items are not published on the docs page, but may be used in the future.
|
||||
stage: # (optional - may be required in the future) String value of the stage that the feature was created in. e.g., Growth
|
||||
tiers: # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
|
||||
issue_url: # (optional) This is a link to the deprecation issue in GitLab
|
||||
documentation_url: # (optional) This is a link to the current documentation page
|
||||
image_url: # (optional) This is a link to a thumbnail image depicting the feature
|
||||
video_url: # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
|
||||
removal_date: # (optional - may be required in the future) YYYY-MM-DD format. This should almost always be the 22nd of a month (YYYY-MM-22), the date of the milestone release when this feature is planned to be removed
|
|
@ -0,0 +1,26 @@
|
|||
- name: "Dependency scanning schemas below 14.0.0" # The name of the feature to be deprecated
|
||||
announcement_milestone: "14.7" # The milestone when this feature was first announced as deprecated.
|
||||
announcement_date: "2022-01-22" # The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
|
||||
removal_milestone: "15.0" # The milestone when this feature is planned to be removed
|
||||
body: | # Do not modify this line, instead modify the lines below.
|
||||
[Dependency scanning report schemas](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/releases)
|
||||
versions earlier than 14.0.0 will no longer be supported in GitLab 15.0. Reports that do not pass validation
|
||||
against the schema version declared in the report will also no longer be supported as of GitLab 15.0.
|
||||
|
||||
Third-party tools that [integrate with GitLab by outputting a Dependency scanning security report](https://docs.gitlab.com/ee/development/integrations/secure.html#report)
|
||||
as a pipeline job artifact are affected. You must ensure that all output reports adhere to the correct
|
||||
schema with a minimum version of 14.0.0. Reports with a lower version or that fail to validate
|
||||
against the declared schema version will not be processed, and vulnerability
|
||||
findings will not display in MRs, pipelines, or Vulnerability Reports.
|
||||
|
||||
To help with the transition, from GitLab 14.10, non-compliant reports will cause a
|
||||
[warning to be displayed](https://gitlab.com/gitlab-org/gitlab/-/issues/335789#note_672853791)
|
||||
in the Vulnerability Report.
|
||||
# The following items are not published on the docs page, but may be used in the future.
|
||||
stage: # (optional - may be required in the future) String value of the stage that the feature was created in. e.g., Growth
|
||||
tiers: # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
|
||||
issue_url: # (optional) This is a link to the deprecation issue in GitLab
|
||||
documentation_url: # (optional) This is a link to the current documentation page
|
||||
image_url: # (optional) This is a link to a thumbnail image depicting the feature
|
||||
video_url: # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
|
||||
removal_date: # (optional - may be required in the future) YYYY-MM-DD format. This should almost always be the 22nd of a month (YYYY-MM-22), the date of the milestone release when this feature is planned to be removed
|
26
data/deprecations/14-6-sast-schemas-below-14.yml
Normal file
26
data/deprecations/14-6-sast-schemas-below-14.yml
Normal file
|
@ -0,0 +1,26 @@
|
|||
- name: "SAST schemas below 14.0.0" # The name of the feature to be deprecated
|
||||
announcement_milestone: "14.7" # The milestone when this feature was first announced as deprecated.
|
||||
announcement_date: "2022-01-22" # The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
|
||||
removal_milestone: "15.0" # The milestone when this feature is planned to be removed
|
||||
body: | # Do not modify this line, instead modify the lines below.
|
||||
[SAST report schemas](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/releases)
|
||||
versions earlier than 14.0.0 will no longer be supported in GitLab 15.0. Reports that do not pass validation
|
||||
against the schema version declared in the report will also no longer be supported as of GitLab 15.0.
|
||||
|
||||
Third-party tools that [integrate with GitLab by outputting a SAST security report](https://docs.gitlab.com/ee/development/integrations/secure.html#report)
|
||||
as a pipeline job artifact are affected. You must ensure that all output reports adhere to the correct
|
||||
schema with a minimum version of 14.0.0. Reports with a lower version or that fail to validate
|
||||
against the declared schema version will not be processed, and vulnerability
|
||||
findings will not display in MRs, pipelines, or Vulnerability Reports.
|
||||
|
||||
To help with the transition, from GitLab 14.10, non-compliant reports will display a
|
||||
[warning](https://gitlab.com/gitlab-org/gitlab/-/issues/335789#note_672853791)
|
||||
in the Vulnerability Report.
|
||||
# The following items are not published on the docs page, but may be used in the future.
|
||||
stage: # (optional - may be required in the future) String value of the stage that the feature was created in. e.g., Growth
|
||||
tiers: # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
|
||||
issue_url: # (optional) This is a link to the deprecation issue in GitLab
|
||||
documentation_url: # (optional) This is a link to the current documentation page
|
||||
image_url: # (optional) This is a link to a thumbnail image depicting the feature
|
||||
video_url: # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
|
||||
removal_date: # (optional - may be required in the future) YYYY-MM-DD format. This should almost always be the 22nd of a month (YYYY-MM-22), the date of the milestone release when this feature is planned to be removed
|
26
data/deprecations/14-6-secret-detection-schemas-below-14.yml
Normal file
26
data/deprecations/14-6-secret-detection-schemas-below-14.yml
Normal file
|
@ -0,0 +1,26 @@
|
|||
- name: "Secret detection schemas below 14.0.0" # The name of the feature to be deprecated
|
||||
announcement_milestone: "14.7" # The milestone when this feature was first announced as deprecated.
|
||||
announcement_date: "2022-01-22" # The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
|
||||
removal_milestone: "15.0" # The milestone when this feature is planned to be removed
|
||||
body: | # Do not modify this line, instead modify the lines below.
|
||||
[Secret detection report schemas](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/releases)
|
||||
versions earlier than 14.0.0 will no longer be supported in GitLab 15.0. Reports that do not pass validation
|
||||
against the schema version declared in the report will also no longer be supported as of GitLab 15.0.
|
||||
|
||||
Third-party tools that [integrate with GitLab by outputting a Secret detection security report](https://docs.gitlab.com/ee/development/integrations/secure.html#report)
|
||||
as a pipeline job artifact are affected. You must ensure that all output reports adhere to the correct
|
||||
schema with a minimum version of 14.0.0. Reports with a lower version or that fail to validate
|
||||
against the declared schema version will not be processed, and vulnerability
|
||||
findings will not display in MRs, pipelines, or Vulnerability Reports.
|
||||
|
||||
To help with the transition, from GitLab 14.10, non-compliant reports will display a
|
||||
[warning](https://gitlab.com/gitlab-org/gitlab/-/issues/335789#note_672853791)
|
||||
in the Vulnerability Report.
|
||||
# The following items are not published on the docs page, but may be used in the future.
|
||||
stage: # (optional - may be required in the future) String value of the stage that the feature was created in. e.g., Growth
|
||||
tiers: # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
|
||||
issue_url: # (optional) This is a link to the deprecation issue in GitLab
|
||||
documentation_url: # (optional) This is a link to the current documentation page
|
||||
image_url: # (optional) This is a link to a thumbnail image depicting the feature
|
||||
video_url: # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
|
||||
removal_date: # (optional - may be required in the future) YYYY-MM-DD format. This should almost always be the 22nd of a month (YYYY-MM-22), the date of the milestone release when this feature is planned to be removed
|
|
@ -0,0 +1,16 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
class AddAuthorIndexToDesignManagementVersions < Gitlab::Database::Migration[1.0]
|
||||
TABLE = :design_management_versions
|
||||
INDEX_NAME = 'index_design_management_versions_on_author_id'
|
||||
|
||||
disable_ddl_transaction!
|
||||
|
||||
def up
|
||||
add_concurrent_index TABLE, :author_id, where: 'author_id IS NOT NULL', name: INDEX_NAME
|
||||
end
|
||||
|
||||
def down
|
||||
remove_concurrent_index TABLE, :author_id, name: INDEX_NAME
|
||||
end
|
||||
end
|
1
db/schema_migrations/20220116175851
Normal file
1
db/schema_migrations/20220116175851
Normal file
|
@ -0,0 +1 @@
|
|||
3fa0d827ab8051d270a13ae5facb1560a87f9f4fef81368b9fbb5d6291948721
|
|
@ -13024,6 +13024,7 @@ Represents a file or directory in the project repository that has been locked.
|
|||
| <a id="pipelineuser"></a>`user` | [`UserCore`](#usercore) | Pipeline user. |
|
||||
| <a id="pipelineuserpermissions"></a>`userPermissions` | [`PipelinePermissions!`](#pipelinepermissions) | Permissions for the current user on the resource. |
|
||||
| <a id="pipelineusesneeds"></a>`usesNeeds` | [`Boolean`](#boolean) | Indicates if the pipeline has jobs with `needs` dependencies. |
|
||||
| <a id="pipelinewarningmessages"></a>`warningMessages` | [`[PipelineMessage!]`](#pipelinemessage) | Pipeline warning messages. |
|
||||
| <a id="pipelinewarnings"></a>`warnings` | [`Boolean!`](#boolean) | Indicates if a pipeline has warnings. |
|
||||
|
||||
#### Fields with arguments
|
||||
|
@ -13136,6 +13137,15 @@ Represents the Geo sync and verification state of a pipeline artifact.
|
|||
| <a id="pipelineartifactregistryretrycount"></a>`retryCount` | [`Int`](#int) | Number of consecutive failed sync attempts of the PipelineArtifactRegistry. |
|
||||
| <a id="pipelineartifactregistrystate"></a>`state` | [`RegistryState`](#registrystate) | Sync state of the PipelineArtifactRegistry. |
|
||||
|
||||
### `PipelineMessage`
|
||||
|
||||
#### Fields
|
||||
|
||||
| Name | Type | Description |
|
||||
| ---- | ---- | ----------- |
|
||||
| <a id="pipelinemessagecontent"></a>`content` | [`String!`](#string) | Content of the pipeline message. |
|
||||
| <a id="pipelinemessageid"></a>`id` | [`ID!`](#id) | ID of the pipeline message. |
|
||||
|
||||
### `PipelinePermissions`
|
||||
|
||||
#### Fields
|
||||
|
|
|
@ -306,6 +306,93 @@ Planned removal milestone: 15.0 (2022-05-22)
|
|||
|
||||
## 14.7
|
||||
|
||||
### Container scanning schemas below 14.0.0
|
||||
|
||||
[Container scanning report schemas](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/releases)
|
||||
versions earlier than 14.0.0 will no longer be supported in GitLab 15.0. Reports that do not pass validation
|
||||
against the schema version declared in the report will also no longer be supported in GitLab 15.0.
|
||||
|
||||
Third-party tools that [integrate with GitLab by outputting a container scanning security report](https://docs.gitlab.com/ee/development/integrations/secure.html#report)
|
||||
as a pipeline job artifact are affected. You must ensure that all output reports adhere to the correct schema with a minimum version of 14.0.0. Reports with a lower version or that fail to validate against the declared schema version will not be processed, and vulnerability findings will not display in MRs, pipelines, or Vulnerability Reports.
|
||||
|
||||
To help with the transition, from GitLab 14.10, non-compliant reports will display a
|
||||
[warning](https://gitlab.com/gitlab-org/gitlab/-/issues/335789#note_672853791)
|
||||
in the Vulnerability Report.
|
||||
|
||||
Planned removal milestone: 15.0 ()
|
||||
|
||||
### Coverage guided fuzzing schemas below 14.0.0
|
||||
|
||||
[Coverage guided fuzzing report schemas](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/releases)
|
||||
below version 14.0.0 will no longer be supported in GitLab 15.0. Reports that do not pass validation
|
||||
against the schema version declared in the report will also no longer be supported in GitLab 15.0.
|
||||
|
||||
Third-party tools that [integrate with GitLab by outputting a coverage guided fuzzing security report](https://docs.gitlab.com/ee/development/integrations/secure.html#report)
|
||||
as a pipeline job artifact are affected. You must ensure that all output reports adhere to the correct
|
||||
schema with a minimum version of 14.0.0. Any reports with a lower version or that fail to validate
|
||||
against the declared schema version will not be processed, and vulnerability
|
||||
findings will not display in MRs, pipelines, or Vulnerability Reports.
|
||||
|
||||
To help with the transition, from GitLab 14.10, non-compliant reports will display a
|
||||
[warning](https://gitlab.com/gitlab-org/gitlab/-/issues/335789#note_672853791)
|
||||
in the Vulnerability Report.
|
||||
|
||||
Planned removal milestone: 15.0 ()
|
||||
|
||||
### DAST schemas below 14.0.0
|
||||
|
||||
[DAST report schemas](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/releases)
|
||||
versions earlier than 14.0.0 will no longer be supported in GitLab 15.0. Reports that do not pass validation
|
||||
against the schema version declared in the report will also no longer be supported as of GitLab 15.0.
|
||||
|
||||
Third-party tools that [integrate with GitLab by outputting a DAST security report](https://docs.gitlab.com/ee/development/integrations/secure.html#report)
|
||||
as a pipeline job artifact are affected. You must ensure that all output reports adhere to the correct
|
||||
schema with a minimum version of 14.0.0. Reports with a lower version or that fail to validate
|
||||
against the declared schema version will not be processed, and vulnerability
|
||||
findings will not display in MRs, pipelines, or Vulnerability Reports.
|
||||
|
||||
To help with the transition, from GitLab 14.10, non-compliant reports will cause a
|
||||
[warning to be displayed](https://gitlab.com/gitlab-org/gitlab/-/issues/335789#note_672853791)
|
||||
in the Vulnerability Report.
|
||||
|
||||
Planned removal milestone: 15.0 ()
|
||||
|
||||
### Dependency scanning schemas below 14.0.0
|
||||
|
||||
[Dependency scanning report schemas](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/releases)
|
||||
versions earlier than 14.0.0 will no longer be supported in GitLab 15.0. Reports that do not pass validation
|
||||
against the schema version declared in the report will also no longer be supported as of GitLab 15.0.
|
||||
|
||||
Third-party tools that [integrate with GitLab by outputting a Dependency scanning security report](https://docs.gitlab.com/ee/development/integrations/secure.html#report)
|
||||
as a pipeline job artifact are affected. You must ensure that all output reports adhere to the correct
|
||||
schema with a minimum version of 14.0.0. Reports with a lower version or that fail to validate
|
||||
against the declared schema version will not be processed, and vulnerability
|
||||
findings will not display in MRs, pipelines, or Vulnerability Reports.
|
||||
|
||||
To help with the transition, from GitLab 14.10, non-compliant reports will cause a
|
||||
[warning to be displayed](https://gitlab.com/gitlab-org/gitlab/-/issues/335789#note_672853791)
|
||||
in the Vulnerability Report.
|
||||
|
||||
Planned removal milestone: 15.0 ()
|
||||
|
||||
### Enforced validation of security report schemas
|
||||
|
||||
[Security report schemas](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/releases)
|
||||
versions earlier than 14.0.0 will no longer be supported in GitLab 15.0. Reports that do not pass validation
|
||||
against the schema version declared in the report will also no longer be supported in GitLab 15.0.
|
||||
|
||||
Security tools that [integrate with GitLab by outputting security reports](https://docs.gitlab.com/ee/development/integrations/secure.html#report)
|
||||
as pipeline job artifacts are affected. You must ensure that all output reports adhere to the correct
|
||||
schema with a minimum version of 14.0.0. Reports with a lower version or that fail to validate
|
||||
against the declared schema version will not be processed, and vulnerability
|
||||
findings will not display in MRs, pipelines, or Vulnerability Reports.
|
||||
|
||||
To help with the transition, from GitLab 14.10, non-compliant reports will display a
|
||||
[warning](https://gitlab.com/gitlab-org/gitlab/-/issues/335789#note_672853791)
|
||||
in the Vulnerability Report.
|
||||
|
||||
Planned removal milestone: 15.0 ()
|
||||
|
||||
### Godep support in License Compliance
|
||||
|
||||
The Godep dependency manager for Golang was deprecated in 2020 by Go and
|
||||
|
@ -352,6 +439,42 @@ only supported report file in 15.0, but this is the first step towards GitLab su
|
|||
|
||||
Planned removal milestone: 15.0 (2022-05-22)
|
||||
|
||||
### SAST schemas below 14.0.0
|
||||
|
||||
[SAST report schemas](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/releases)
|
||||
versions earlier than 14.0.0 will no longer be supported in GitLab 15.0. Reports that do not pass validation
|
||||
against the schema version declared in the report will also no longer be supported as of GitLab 15.0.
|
||||
|
||||
Third-party tools that [integrate with GitLab by outputting a SAST security report](https://docs.gitlab.com/ee/development/integrations/secure.html#report)
|
||||
as a pipeline job artifact are affected. You must ensure that all output reports adhere to the correct
|
||||
schema with a minimum version of 14.0.0. Reports with a lower version or that fail to validate
|
||||
against the declared schema version will not be processed, and vulnerability
|
||||
findings will not display in MRs, pipelines, or Vulnerability Reports.
|
||||
|
||||
To help with the transition, from GitLab 14.10, non-compliant reports will display a
|
||||
[warning](https://gitlab.com/gitlab-org/gitlab/-/issues/335789#note_672853791)
|
||||
in the Vulnerability Report.
|
||||
|
||||
Planned removal milestone: 15.0 ()
|
||||
|
||||
### Secret detection schemas below 14.0.0
|
||||
|
||||
[Secret detection report schemas](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/releases)
|
||||
versions earlier than 14.0.0 will no longer be supported in GitLab 15.0. Reports that do not pass validation
|
||||
against the schema version declared in the report will also no longer be supported as of GitLab 15.0.
|
||||
|
||||
Third-party tools that [integrate with GitLab by outputting a Secret detection security report](https://docs.gitlab.com/ee/development/integrations/secure.html#report)
|
||||
as a pipeline job artifact are affected. You must ensure that all output reports adhere to the correct
|
||||
schema with a minimum version of 14.0.0. Reports with a lower version or that fail to validate
|
||||
against the declared schema version will not be processed, and vulnerability
|
||||
findings will not display in MRs, pipelines, or Vulnerability Reports.
|
||||
|
||||
To help with the transition, from GitLab 14.10, non-compliant reports will display a
|
||||
[warning](https://gitlab.com/gitlab-org/gitlab/-/issues/335789#note_672853791)
|
||||
in the Vulnerability Report.
|
||||
|
||||
Planned removal milestone: 15.0 ()
|
||||
|
||||
### Sidekiq metrics and health checks configuration
|
||||
|
||||
Exporting Sidekiq metrics and health checks using a single process and port is deprecated.
|
||||
|
|
|
@ -53,7 +53,7 @@ module API
|
|||
def check_agent_token
|
||||
unauthorized! unless agent_token
|
||||
|
||||
agent_token.track_usage
|
||||
Clusters::AgentTokens::TrackUsageService.new(agent_token).execute
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -143,8 +143,7 @@ module Gitlab
|
|||
deprecation = entry.deprecation
|
||||
add_warning(
|
||||
"`#{entry.key}` is deprecated in " \
|
||||
"#{deprecation[:deprecated]} and will be removed in #{deprecation[:removed]} " \
|
||||
"- read more: #{deprecation[:documentation]}"
|
||||
"#{deprecation[:deprecated]} and will be removed in #{deprecation[:removed]}."
|
||||
)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -59,4 +59,9 @@ desc "Deletes projects directly under the provided group"
|
|||
task :delete_projects do
|
||||
QA::Tools::DeleteProjects.new.run
|
||||
end
|
||||
|
||||
desc "Deletes resources created during E2E test runs"
|
||||
task :delete_test_resources, :file_pattern do |t, args|
|
||||
QA::Tools::DeleteTestResources.new(args[:file_pattern]).run
|
||||
end
|
||||
# rubocop:enable Rails/RakeEnvironment
|
||||
|
|
|
@ -71,16 +71,12 @@ module QA
|
|||
resource_web_url = yield
|
||||
resource.web_url = resource_web_url
|
||||
|
||||
QA::Tools::TestResourceDataProcessor.collect(resource, resource_identifier(resource))
|
||||
|
||||
resource
|
||||
end
|
||||
|
||||
def log_fabrication(method, resource, parents, args)
|
||||
start = Time.now
|
||||
|
||||
Support::FabricationTracker.start_fabrication
|
||||
result = yield.tap do
|
||||
fabrication_time = Time.now - start
|
||||
resource_identifier = begin
|
||||
def resource_identifier(resource)
|
||||
if resource.respond_to?(:username) && resource.username
|
||||
"with username '#{resource.username}'"
|
||||
elsif resource.respond_to?(:full_path) && resource.full_path
|
||||
|
@ -89,11 +85,20 @@ module QA
|
|||
"with name '#{resource.name}'"
|
||||
elsif resource.respond_to?(:id) && resource.id
|
||||
"with id '#{resource.id}'"
|
||||
elsif resource.respond_to?(:iid) && resource.iid
|
||||
"with iid '#{resource.iid}'"
|
||||
end
|
||||
rescue QA::Resource::Base::NoValueError
|
||||
nil
|
||||
end
|
||||
|
||||
def log_fabrication(method, resource, parents, args)
|
||||
start = Time.now
|
||||
|
||||
Support::FabricationTracker.start_fabrication
|
||||
result = yield.tap do
|
||||
fabrication_time = Time.now - start
|
||||
|
||||
fabrication_http_method = if resource.api_fabrication_http_method == :get
|
||||
if self.include?(Reusable)
|
||||
"Retrieved for reuse"
|
||||
|
@ -108,7 +113,7 @@ module QA
|
|||
Runtime::Logger.debug do
|
||||
msg = ["==#{'=' * parents.size}>"]
|
||||
msg << "#{fabrication_http_method} a #{name}"
|
||||
msg << resource_identifier if resource_identifier
|
||||
msg << resource_identifier(resource) if resource_identifier(resource)
|
||||
msg << "as a dependency of #{parents.last}" if parents.any?
|
||||
msg << "via #{method}"
|
||||
msg << "in #{fabrication_time} seconds"
|
||||
|
|
|
@ -429,6 +429,11 @@ module QA
|
|||
running_in_ci? && enabled?(ENV['QA_EXPORT_TEST_METRICS'], default: true)
|
||||
end
|
||||
|
||||
def test_resources_created_filepath
|
||||
file_name = running_in_ci? ? "test-resources-#{SecureRandom.hex(3)}.json" : 'test-resources.json'
|
||||
ENV.fetch('QA_TEST_RESOURCES_CREATED_FILEPATH', File.join(Path.qa_root, 'tmp', file_name))
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def remote_grid_credentials
|
||||
|
|
85
qa/qa/tools/delete_test_resources.rb
Normal file
85
qa/qa/tools/delete_test_resources.rb
Normal file
|
@ -0,0 +1,85 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
# This script reads from test_resources.txt file to collect data about resources to delete
|
||||
# Deletes all deletable resources that E2E tests created
|
||||
# Resource type: Sandbox, User, Fork and RSpec::Mocks::Double are not included
|
||||
#
|
||||
# Required environment variables: GITLAB_QA_ACCESS_TOKEN and GITLAB_ADDRESS
|
||||
# When in CI also requires: QA_TEST_RESOURCES_FILE_PATTERN
|
||||
# Run `rake delete_test_resources[<file_pattern>]`
|
||||
|
||||
module QA
|
||||
module Tools
|
||||
class DeleteTestResources
|
||||
include Support::API
|
||||
|
||||
def initialize(file_pattern = nil)
|
||||
raise ArgumentError, "Please provide GITLAB_ADDRESS" unless ENV['GITLAB_ADDRESS']
|
||||
raise ArgumentError, "Please provide GITLAB_QA_ACCESS_TOKEN" unless ENV['GITLAB_QA_ACCESS_TOKEN']
|
||||
|
||||
@api_client = Runtime::API::Client.new(ENV['GITLAB_ADDRESS'], personal_access_token: ENV['GITLAB_QA_ACCESS_TOKEN'])
|
||||
@file_pattern = file_pattern
|
||||
end
|
||||
|
||||
def run
|
||||
puts 'Deleting test created resources...'
|
||||
|
||||
if Runtime::Env.running_in_ci?
|
||||
raise ArgumentError, 'Please provide QA_TEST_RESOURCES_FILE_PATTERN' unless ENV['QA_TEST_RESOURCES_FILE_PATTERN']
|
||||
|
||||
Dir.glob(@file_pattern).each do |file|
|
||||
delete_resources(load_file(file))
|
||||
end
|
||||
else
|
||||
file = Runtime::Env.test_resources_created_filepath
|
||||
raise ArgumentError, "'#{file}' either does not exist or empty." if !File.exist?(file) || File.zero?(file)
|
||||
|
||||
delete_resources(load_file(file))
|
||||
end
|
||||
|
||||
puts "\nDone"
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def load_file(json)
|
||||
JSON.parse(File.read(json))
|
||||
end
|
||||
|
||||
def delete_resources(resources)
|
||||
failures = []
|
||||
|
||||
resources.each_key do |type|
|
||||
next if resources[type].empty?
|
||||
|
||||
resources[type].each do |resource|
|
||||
next if resource_not_found?(resource['api_path'])
|
||||
|
||||
msg = resource['info'] ? "#{type} - #{resource['info']}" : "#{type} at #{resource['api_path']}"
|
||||
|
||||
puts "\nDeleting #{msg}..."
|
||||
delete_response = delete(Runtime::API::Request.new(@api_client, resource['api_path']).url)
|
||||
|
||||
if delete_response.code == 202
|
||||
print "\e[32m.\e[0m"
|
||||
else
|
||||
print "\e[31mF\e[0m"
|
||||
failures << msg
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
unless failures.empty?
|
||||
puts "\nFailed to delete #{failures.length} resources:\n"
|
||||
puts failures
|
||||
end
|
||||
end
|
||||
|
||||
def resource_not_found?(api_path)
|
||||
get_response = get Runtime::API::Request.new(@api_client, api_path).url
|
||||
|
||||
get_response.code.eql? 404
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
66
qa/qa/tools/test_resource_data_processor.rb
Normal file
66
qa/qa/tools/test_resource_data_processor.rb
Normal file
|
@ -0,0 +1,66 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
# This script collects all resources created during each test execution
|
||||
# Save the data and write it to a JSON file at the end of suite
|
||||
|
||||
module QA
|
||||
module Tools
|
||||
class TestResourceDataProcessor
|
||||
@resources ||= Hash.new { |hsh, key| hsh[key] = [] }
|
||||
|
||||
class << self
|
||||
# Ignoring rspec-mocks, sandbox, user and fork resources
|
||||
# TODO: Will need to figure out which user resources can be collected, ignore for now
|
||||
#
|
||||
# Collecting resources created in E2E tests
|
||||
# Data is a Hash of resources with keys as resource type (group, project, issue, etc.)
|
||||
# Each type contains an array of resource object (hash) of the same type
|
||||
# E.g: { "QA::Resource::Project": [ { info: 'foo', api_path: '/foo'}, {...} ] }
|
||||
def collect(resource, info)
|
||||
return if resource.api_response.nil? ||
|
||||
resource.is_a?(RSpec::Mocks::Double) ||
|
||||
resource.is_a?(Resource::Sandbox) ||
|
||||
resource.is_a?(Resource::User) ||
|
||||
resource.is_a?(Resource::Fork)
|
||||
|
||||
api_path = if resource.respond_to?(:api_delete_path)
|
||||
resource.api_delete_path.gsub('%2F', '/')
|
||||
elsif resource.respond_to?(:api_get_path)
|
||||
resource.api_get_path.gsub('%2F', '/')
|
||||
else
|
||||
'Cannot find resource API path'
|
||||
end
|
||||
|
||||
type = resource.class.name
|
||||
|
||||
@resources[type] << { info: info, api_path: api_path }
|
||||
end
|
||||
|
||||
# If JSON file exists and not empty, read and load file content
|
||||
# Merge what is saved in @resources into the content from file
|
||||
# Overwrite file content with the new data hash
|
||||
# Otherwise create file and write data hash to file for the first time
|
||||
def write_to_file
|
||||
return if @resources.empty?
|
||||
|
||||
file = Runtime::Env.test_resources_created_filepath
|
||||
FileUtils.mkdir_p('tmp/')
|
||||
FileUtils.touch(file)
|
||||
data = nil
|
||||
|
||||
if File.zero?(file)
|
||||
data = @resources
|
||||
else
|
||||
data = JSON.parse(File.read(file))
|
||||
|
||||
@resources.each_pair do |key, val|
|
||||
data[key].nil? ? data[key] = val : val.each { |item| data[key] << item }
|
||||
end
|
||||
end
|
||||
|
||||
File.open(file, 'w') { |f| f.write(JSON.pretty_generate(data.each_value(&:uniq!))) }
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -360,4 +360,36 @@ RSpec.describe QA::Runtime::Env do
|
|||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe '.test_resources_created_filepath' do
|
||||
context 'when not in CI' do
|
||||
before do
|
||||
allow(described_class).to receive(:running_in_ci?).and_return(false)
|
||||
end
|
||||
|
||||
it 'returns default path if QA_TEST_RESOURCES_CREATED_FILEPATH is not defined' do
|
||||
stub_env('QA_TEST_RESOURCES_CREATED_FILEPATH', nil)
|
||||
|
||||
expect(described_class.test_resources_created_filepath).to include('tmp/test-resources.json')
|
||||
end
|
||||
|
||||
it 'returns path if QA_TEST_RESOURCES_CREATED_FILEPATH is defined' do
|
||||
stub_env('QA_TEST_RESOURCES_CREATED_FILEPATH', 'path/to_file')
|
||||
|
||||
expect(described_class.test_resources_created_filepath).to eq('path/to_file')
|
||||
end
|
||||
end
|
||||
|
||||
context 'when in CI' do
|
||||
before do
|
||||
allow(described_class).to receive(:running_in_ci?).and_return(true)
|
||||
allow(SecureRandom).to receive(:hex).with(3).and_return('abc123')
|
||||
stub_env('QA_TEST_RESOURCES_CREATED_FILEPATH', nil)
|
||||
end
|
||||
|
||||
it 'returns path with random hex in file name' do
|
||||
expect(described_class.test_resources_created_filepath).to include('tmp/test-resources-abc123.json')
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -67,6 +67,9 @@ RSpec.configure do |config|
|
|||
config.after(:suite) do |suite|
|
||||
# If any tests failed, leave the resources behind to help troubleshoot
|
||||
QA::Resource::ReusableProject.remove_all_via_api! unless suite.reporter.failed_examples.present?
|
||||
|
||||
# Write all test created resources to JSON file
|
||||
QA::Tools::TestResourceDataProcessor.write_to_file
|
||||
end
|
||||
|
||||
config.append_after(:suite) do
|
||||
|
|
33
qa/spec/tools/test_resources_data_processor_spec.rb
Normal file
33
qa/spec/tools/test_resources_data_processor_spec.rb
Normal file
|
@ -0,0 +1,33 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
RSpec.describe QA::Tools::TestResourceDataProcessor do
|
||||
let(:info) { 'information' }
|
||||
let(:api_path) { '/foo' }
|
||||
let(:result) { [{ info: info, api_path: api_path }] }
|
||||
|
||||
describe '.collect' do
|
||||
context 'when resource is not restricted' do
|
||||
let(:resource) { instance_double(QA::Resource::Project, api_delete_path: '/foo', api_response: 'foo') }
|
||||
|
||||
it 'collects resource' do
|
||||
expect(described_class.collect(resource, info)).to eq(result)
|
||||
end
|
||||
end
|
||||
|
||||
context 'when resource api response is nil' do
|
||||
let(:resource) { double(QA::Resource::Project, api_delete_path: '/foo', api_response: nil) }
|
||||
|
||||
it 'does not collect resource' do
|
||||
expect(described_class.collect(resource, info)).to eq(nil)
|
||||
end
|
||||
end
|
||||
|
||||
context 'when resource is restricted' do
|
||||
let(:resource) { double(QA::Resource::Sandbox, api_delete_path: '/foo', api_response: 'foo') }
|
||||
|
||||
it 'does not collect resource' do
|
||||
expect(described_class.collect(resource, info)).to eq(nil)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
9
spec/factories/ci/pipeline_message.rb
Normal file
9
spec/factories/ci/pipeline_message.rb
Normal file
|
@ -0,0 +1,9 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
FactoryBot.define do
|
||||
factory :ci_pipeline_message, class: 'Ci::PipelineMessage' do
|
||||
pipeline factory: :ci_pipeline
|
||||
content { 'warning' }
|
||||
severity { 1 }
|
||||
end
|
||||
end
|
15
spec/graphql/types/ci/pipeline_message_type_spec.rb
Normal file
15
spec/graphql/types/ci/pipeline_message_type_spec.rb
Normal file
|
@ -0,0 +1,15 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'spec_helper'
|
||||
|
||||
RSpec.describe Types::Ci::PipelineMessageType do
|
||||
specify { expect(described_class.graphql_name).to eq('PipelineMessage') }
|
||||
|
||||
it 'contains attributes related to a pipeline message' do
|
||||
expected_fields = %w[
|
||||
id content
|
||||
]
|
||||
|
||||
expect(described_class).to have_graphql_fields(*expected_fields)
|
||||
end
|
||||
end
|
|
@ -14,7 +14,7 @@ RSpec.describe Types::Ci::PipelineType do
|
|||
coverage created_at updated_at started_at finished_at committed_at
|
||||
stages user retryable cancelable jobs source_job job job_artifacts downstream
|
||||
upstream path project active user_permissions warnings commit commit_path uses_needs
|
||||
test_report_summary test_suite ref ref_path
|
||||
test_report_summary test_suite ref ref_path warning_messages
|
||||
]
|
||||
|
||||
if Gitlab.ee?
|
||||
|
|
|
@ -70,7 +70,7 @@ RSpec.describe Gitlab::Ci::Config::Entry::Root do
|
|||
|
||||
it 'returns array of types as stages with a warning' do
|
||||
expect(root.stages_value).to eq %w[test deploy]
|
||||
expect(root.warnings).to eq(["root `types` is deprecated in 9.0 and will be removed in 15.0 - read more: https://docs.gitlab.com/ee/ci/yaml/#deprecated-keywords"])
|
||||
expect(root.warnings).to match_array(["root `types` is deprecated in 9.0 and will be removed in 15.0."])
|
||||
end
|
||||
|
||||
it 'logs usage of types keyword' do
|
||||
|
|
|
@ -49,83 +49,4 @@ RSpec.describe Clusters::AgentToken do
|
|||
expect(agent_token.token.length).to be >= 50
|
||||
end
|
||||
end
|
||||
|
||||
describe '#track_usage', :clean_gitlab_redis_cache do
|
||||
let_it_be(:agent) { create(:cluster_agent) }
|
||||
|
||||
let(:agent_token) { create(:cluster_agent_token, agent: agent) }
|
||||
|
||||
subject { agent_token.track_usage }
|
||||
|
||||
context 'when last_used_at was updated recently' do
|
||||
before do
|
||||
agent_token.update!(last_used_at: 10.minutes.ago)
|
||||
end
|
||||
|
||||
it 'updates cache but not database' do
|
||||
expect { subject }.not_to change { agent_token.reload.read_attribute(:last_used_at) }
|
||||
|
||||
expect_redis_update
|
||||
end
|
||||
end
|
||||
|
||||
context 'when last_used_at was not updated recently' do
|
||||
it 'updates cache and database' do
|
||||
does_db_update
|
||||
expect_redis_update
|
||||
end
|
||||
|
||||
context 'with invalid token' do
|
||||
before do
|
||||
agent_token.description = SecureRandom.hex(2000)
|
||||
end
|
||||
|
||||
it 'still updates caches and database' do
|
||||
expect(agent_token).to be_invalid
|
||||
|
||||
does_db_update
|
||||
expect_redis_update
|
||||
end
|
||||
end
|
||||
|
||||
context 'agent is not connected' do
|
||||
before do
|
||||
allow(agent).to receive(:connected?).and_return(false)
|
||||
end
|
||||
|
||||
it 'creates an activity event' do
|
||||
expect { subject }.to change { agent.activity_events.count }
|
||||
|
||||
event = agent.activity_events.last
|
||||
expect(event).to have_attributes(
|
||||
kind: 'agent_connected',
|
||||
level: 'info',
|
||||
recorded_at: agent_token.reload.read_attribute(:last_used_at),
|
||||
agent_token: agent_token
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
context 'agent is connected' do
|
||||
before do
|
||||
allow(agent).to receive(:connected?).and_return(true)
|
||||
end
|
||||
|
||||
it 'does not create an activity event' do
|
||||
expect { subject }.not_to change { agent.activity_events.count }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def expect_redis_update
|
||||
Gitlab::Redis::Cache.with do |redis|
|
||||
redis_key = "cache:#{described_class.name}:#{agent_token.id}:attributes"
|
||||
expect(redis.get(redis_key)).to be_present
|
||||
end
|
||||
end
|
||||
|
||||
def does_db_update
|
||||
expect { subject }.to change { agent_token.reload.read_attribute(:last_used_at) }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -233,7 +233,7 @@ RSpec.describe 'Query.ciConfig' do
|
|||
it 'returns a warning' do
|
||||
post_graphql_query
|
||||
|
||||
expect(graphql_data['ciConfig']['warnings']).to include('root `types` is deprecated in 9.0 and will be removed in 15.0 - read more: https://docs.gitlab.com/ee/ci/yaml/#deprecated-keywords')
|
||||
expect(graphql_data['ciConfig']['warnings']).to include('root `types` is deprecated in 9.0 and will be removed in 15.0.')
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -283,6 +283,50 @@ RSpec.describe 'Query.project(fullPath).pipelines' do
|
|||
end
|
||||
end
|
||||
|
||||
describe 'warningMessages' do
|
||||
let_it_be(:pipeline) { create(:ci_pipeline, project: project) }
|
||||
let_it_be(:warning_message) { create(:ci_pipeline_message, pipeline: pipeline, content: 'warning') }
|
||||
|
||||
let(:pipelines_graphql_data) { graphql_data.dig(*%w[project pipelines nodes]).first }
|
||||
|
||||
let(:query) do
|
||||
%(
|
||||
query {
|
||||
project(fullPath: "#{project.full_path}") {
|
||||
pipelines {
|
||||
nodes {
|
||||
warningMessages {
|
||||
content
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
)
|
||||
end
|
||||
|
||||
it 'returns pipeline warnings' do
|
||||
post_graphql(query, current_user: user)
|
||||
|
||||
expect(pipelines_graphql_data['warningMessages']).to contain_exactly(
|
||||
a_hash_including('content' => 'warning')
|
||||
)
|
||||
end
|
||||
|
||||
it 'avoids N+1 queries' do
|
||||
control_count = ActiveRecord::QueryRecorder.new do
|
||||
post_graphql(query, current_user: user)
|
||||
end
|
||||
|
||||
pipeline_2 = create(:ci_pipeline, project: project)
|
||||
create(:ci_pipeline_message, pipeline: pipeline_2, content: 'warning')
|
||||
|
||||
expect do
|
||||
post_graphql(query, current_user: user)
|
||||
end.not_to exceed_query_limit(control_count)
|
||||
end
|
||||
end
|
||||
|
||||
describe '.jobs(securityReportTypes)' do
|
||||
let_it_be(:query) do
|
||||
%(
|
||||
|
|
|
@ -53,7 +53,9 @@ RSpec.describe API::Internal::Kubernetes do
|
|||
|
||||
shared_examples 'agent token tracking' do
|
||||
it 'tracks token usage' do
|
||||
expect { response }.to change { agent_token.reload.read_attribute(:last_used_at) }
|
||||
expect do
|
||||
send_request(headers: { 'Authorization' => "Bearer #{agent_token.token}" })
|
||||
end.to change { agent_token.reload.read_attribute(:last_used_at) }
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -149,7 +151,7 @@ RSpec.describe API::Internal::Kubernetes do
|
|||
let(:agent) { agent_token.agent }
|
||||
let(:project) { agent.project }
|
||||
|
||||
shared_examples 'agent token tracking'
|
||||
include_examples 'agent token tracking'
|
||||
|
||||
it 'returns expected data', :aggregate_failures do
|
||||
send_request(headers: { 'Authorization' => "Bearer #{agent_token.token}" })
|
||||
|
|
|
@ -0,0 +1,84 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'spec_helper'
|
||||
|
||||
RSpec.describe Clusters::AgentTokens::TrackUsageService do
|
||||
let_it_be(:agent) { create(:cluster_agent) }
|
||||
|
||||
describe '#execute', :clean_gitlab_redis_cache do
|
||||
let(:agent_token) { create(:cluster_agent_token, agent: agent) }
|
||||
|
||||
subject { described_class.new(agent_token).execute }
|
||||
|
||||
context 'when last_used_at was updated recently' do
|
||||
before do
|
||||
agent_token.update!(last_used_at: 10.minutes.ago)
|
||||
end
|
||||
|
||||
it 'updates cache but not database' do
|
||||
expect { subject }.not_to change { agent_token.reload.read_attribute(:last_used_at) }
|
||||
|
||||
expect_redis_update
|
||||
end
|
||||
end
|
||||
|
||||
context 'when last_used_at was not updated recently' do
|
||||
it 'updates cache and database' do
|
||||
does_db_update
|
||||
expect_redis_update
|
||||
end
|
||||
|
||||
context 'with invalid token' do
|
||||
before do
|
||||
agent_token.description = SecureRandom.hex(2000)
|
||||
end
|
||||
|
||||
it 'still updates caches and database' do
|
||||
expect(agent_token).to be_invalid
|
||||
|
||||
does_db_update
|
||||
expect_redis_update
|
||||
end
|
||||
end
|
||||
|
||||
context 'agent is not connected' do
|
||||
before do
|
||||
allow(agent).to receive(:connected?).and_return(false)
|
||||
end
|
||||
|
||||
it 'creates an activity event' do
|
||||
expect { subject }.to change { agent.activity_events.count }
|
||||
|
||||
event = agent.activity_events.last
|
||||
expect(event).to have_attributes(
|
||||
kind: 'agent_connected',
|
||||
level: 'info',
|
||||
recorded_at: agent_token.reload.read_attribute(:last_used_at),
|
||||
agent_token: agent_token
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
context 'agent is connected' do
|
||||
before do
|
||||
allow(agent).to receive(:connected?).and_return(true)
|
||||
end
|
||||
|
||||
it 'does not create an activity event' do
|
||||
expect { subject }.not_to change { agent.activity_events.count }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def expect_redis_update
|
||||
Gitlab::Redis::Cache.with do |redis|
|
||||
redis_key = "cache:#{agent_token.class}:#{agent_token.id}:attributes"
|
||||
expect(redis.get(redis_key)).to be_present
|
||||
end
|
||||
end
|
||||
|
||||
def does_db_update
|
||||
expect { subject }.to change { agent_token.reload.read_attribute(:last_used_at) }
|
||||
end
|
||||
end
|
||||
end
|
Loading…
Reference in a new issue