kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Add latest changes from gitlab-org/gitlab@master

Browse source
This commit is contained in:
GitLab Bot 2022-01-19 03:14:09 +00:00
parent 6e70c2b428
commit 57007c0e64
15 changed files with 46 additions and 108 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.gitlab/ci/docs.gitlab-ci.yml
View file

@ -44,7 +44,7 @@ docs-lint markdown:
- .default-retry
- .docs:rules:docs-lint
# When updating the image version here, update it in /scripts/lint-doc.sh too.
image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-markdown:alpine-3.14-vale-2.12.0-markdownlint-0.29.0
image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-markdown:alpine-3.15-vale-2.14.0-markdownlint-0.30.0
stage: lint
needs: []
script:
@ -53,7 +53,7 @@ docs-lint markdown:
docs-lint links:
extends:
- .docs:rules:docs-lint
image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-html:alpine-3.14-ruby-2.7.5-08847baa
image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-html:alpine-3.15-ruby-2.7.5-cee62c13
stage: lint
needs: []
script:

2
app/models/concerns/has_wiki.rb
View file

@ -17,7 +17,7 @@ module HasWiki
def wiki
strong_memoize(:wiki) do
Wiki.for_container(self, self.default_owner)
Wiki.for_container(self, self.first_owner)
end
end

4
app/models/group.rb
View file

@ -725,8 +725,8 @@ class Group < Namespace
end
end
def default_owner
owners.first || parent&.default_owner || owner
def first_owner
owners.first || parent&.first_owner || owner
end
def default_branch_name

6
app/models/project.rb
View file

@ -1514,11 +1514,11 @@ class Project < ApplicationRecord
group || namespace.try(:owner)
end
def default_owner
def first_owner
obj = owner
if obj.respond_to?(:default_owner)
obj.default_owner
if obj.respond_to?(:first_owner)
obj.first_owner
else
obj
end

2
app/services/design_management/copy_design_collection/copy_service.rb
View file

@ -16,7 +16,7 @@ module DesignManagement
@temporary_branch = "CopyDesignCollectionService_#{SecureRandom.hex}"
# The user who triggered the copy may not have permissions to push
# to the design repository.
@git_user = @target_project.default_owner
@git_user = @target_project.first_owner
@designs = DesignManagement::Design.unscoped.where(issue: issue).order(:id).load
@versions = DesignManagement::Version.unscoped.where(issue: issue).order(:id).includes(:designs).load

6
doc/administration/gitaly/configure_gitaly.md
View file

@ -565,6 +565,12 @@ Note the following:
- You can configure Gitaly servers with both an unencrypted listening address `listen_addr` and an
encrypted listening address `tls_listen_addr` at the same time. This allows you to gradually
transition from unencrypted to encrypted traffic if necessary.
- When running Praefect sub-commands such as `dial-nodes` and `list-untracked-repositories` from the command line with Gitaly TLS enabled, you must set
the `SSL_CERT_DIR` or `SSL_CERT_FILE` environment variable so that the Gitaly certificate is trusted. For example:
```shell
sudo SSL_CERT_DIR=/etc/gitlab/trusted_certs /opt/gitlab/embedded/bin/praefect -config /var/opt/gitlab/praefect/config.toml dial-nodes
```
To configure Gitaly with TLS:

16
doc/administration/gitaly/praefect.md
View file

@ -408,7 +408,7 @@ On the **Praefect** node:
# Enable only the Praefect service
praefect['enable'] = true
# Prevent database connections during 'gitlab-ctl reconfigure'
# Disable database migrations to prevent database connections during 'gitlab-ctl reconfigure'
gitlab_rails['auto_migrate'] = false
praefect['auto_migrate'] = false
```
@ -531,7 +531,7 @@ On the **Praefect** node:
1. For:
- The "deploy node":
1. Enable Praefect auto-migration again by setting `praefect['auto_migrate'] = true` in
1. Enable Praefect database auto-migration again by setting `praefect['auto_migrate'] = true` in
`/etc/gitlab/gitlab.rb`.
1. To ensure database migrations are only run during reconfigure and not automatically on
upgrade, run:
@ -767,7 +767,7 @@ For more information on Gitaly server configuration, see our
# Enable Prometheus if needed
prometheus['enable'] = true
# Prevent database connections during 'gitlab-ctl reconfigure'
# Disable database migrations to prevent database connections during 'gitlab-ctl reconfigure'
gitlab_rails['auto_migrate'] = false
```
@ -1229,9 +1229,9 @@ To migrate existing clusters:
1. Praefect nodes didn't historically keep database records of every repository stored on the cluster. When
the `per_repository` election strategy is configured, Praefect expects to have database records of
each repository. A [background migration](https://gitlab.com/gitlab-org/gitaly/-/merge_requests/2749) is
included in GitLab 13.6 and later to create any missing database records for repositories. Before migrating
you should verify the migration has run by checking Praefect's logs:
each repository. A [background database migration](https://gitlab.com/gitlab-org/gitaly/-/merge_requests/2749) is
included in GitLab 13.6 and later to create any missing database records for repositories. Before migrating,
check Praefect's logs to verify that the database migration ran.
Check Praefect's logs for `repository importer finished` message. The `virtual_storages` field contains
the names of virtual storages and whether they've had any missing database records created.
@ -1248,8 +1248,8 @@ To migrate existing clusters:
{"level":"info","msg":"repository importer finished","pid":19752,"time":"2021-04-28T11:41:36.743Z","virtual_storages":{"default":false}}
```
The migration is ran when Praefect starts up. If the migration is unsuccessful, you can restart
a Praefect node to reattempt it. The migration only runs with `sql` election strategy configured.
The database migration runs when Praefect starts. If the database migration is unsuccessful, you can restart
a Praefect node to reattempt it.
1. Running two different election strategies side by side can cause a split brain, where different
Praefect nodes consider repositories to have different primaries. This can be avoided either:

11
doc/development/gitaly.md
View file

@ -112,10 +112,9 @@ bundle exec rake gitlab:features:disable_rugged
Most of this code exists in the `lib/gitlab/git/rugged_impl` directory.
NOTE:
You should *not* need to add or modify code related to
Rugged unless explicitly discussed with the
[Gitaly Team](https://gitlab.com/groups/gl-gitaly/group_members). This code does
NOT work on GitLab.com or other GitLab instances that do not use NFS.
You should *not* have to add or modify code related to Rugged unless explicitly discussed with the
[Gitaly Team](https://gitlab.com/groups/gl-gitaly/group_members). This code does not work on GitLab.com or other GitLab
instances that do not use NFS.
## `TooManyInvocationsError` errors
@ -197,7 +196,7 @@ If you make changes to your local Gitaly in between test runs you need
to manually run `make` again.
Note that CI tests do not use your locally modified version of
Gitaly. To use a custom Gitaly version in CI you need to update
Gitaly. To use a custom Gitaly version in CI, you must update
GITALY_SERVER_VERSION as described at the beginning of this section.
To use a different Gitaly repository, such as if your changes are present
@ -326,7 +325,7 @@ default value. The default value depends on the GitLab version.
To be sure that the flag is set correctly and it goes into Gitaly, you can check
the integration by using GDK:
1. The state of the flag must be observable. To check it, you need to enable it
1. The state of the flag must be observable. To check it, you must enable it
by fetching the Prometheus metrics:
1. Navigate to GDK's root directory.
1. Make sure you have the proper branch checked out for Gitaly.

7
doc/user/group/settings/group_access_tokens.md
View file

@ -7,10 +7,15 @@ type: reference, howto
# Group access tokens
With group access tokens, you can use a single token to:
- Perform actions for groups.
- Manage the projects within the group.
You can use a group access token to authenticate:
- With the [GitLab API](../../../api/index.md#personalprojectgroup-access-tokens).
- With Git, when using HTTP Basic Authentication.
- In [GitLab 14.2](https://gitlab.com/gitlab-org/gitlab/-/issues/330718) and later, authenticate with Git over HTTPS.
After you configure a group access token, you don't need a password when you authenticate.
Instead, you can enter any non-blank value.

72
doc/user/project/settings/project_access_tokens.md
View file

@ -84,78 +84,6 @@ To enable or disable project access token creation for all projects in a top-lev
Even when creation is disabled, you can still use and revoke existing project access tokens.
## Group access tokens **(FREE SELF)**
With group access tokens, you can use a single token to:
- Perform actions for groups.
- Manage the projects within the group.
- In [GitLab 14.2](https://gitlab.com/gitlab-org/gitlab/-/issues/330718) and later, authenticate with Git over HTTPS.
NOTE:
You cannot use the UI to create a group access token. [An issue exists](https://gitlab.com/gitlab-org/gitlab/-/issues/214045)
to add this functionality. This section describes a workaround.
If you are an administrator of a self-managed GitLab instance, you can create a group access token in the
[Rails console](../../../administration/operations/rails_console.md).
<div class="video-fallback">
For a demo of the group access token workaround, see <a href="https://www.youtube.com/watch?v=W2fg1P1xmU0">Demo: Group Level Access Tokens</a>.
</div>
<figure class="video-container">
<iframe src="https://www.youtube.com/embed/W2fg1P1xmU0" frameborder="0" allowfullscreen="true"> </iframe>
</figure>
### Create a group access token
To create a group access token:
1. Run the following commands in a [Rails console](../../../administration/operations/rails_console.md):
```ruby
# Set the GitLab administration user to use. If user ID 1 is not available or is not an administrator, use 'admin = User.admins.first' instead to select an administrator.
admin = User.find(1)
# Set the group group you want to create a token for. For example, group with ID 109.
group = Group.find(109)
# Create the group bot user. For further group access tokens, the username should be group_#{group.id}_bot#{bot_count}. For example, group_109_bot2 and email address group_109_bot2@example.com.
bot = Users::CreateService.new(admin, { name: 'group_token', username: "group_#{group.id}_bot", email: "group_#{group.id}_bot@example.com", user_type: :project_bot }).execute
# Confirm the group bot.
bot.confirm
# Add the bot to the group with the required role.
group.add_user(bot, :maintainer)
# Give the bot a personal access token.
token = bot.personal_access_tokens.create(scopes:[:api, :write_repository], name: 'group_token')
# Get the token value.
gtoken = token.token
```
1. Test if the generated group access token works:
1. Use the group access token in the `PRIVATE-TOKEN` header with GitLab REST APIs. For example:
- [Create an epic](../../../api/epics.md#new-epic) in the group.
- [Create a project pipeline](../../../api/pipelines.md#create-a-new-pipeline) in one of the group's projects.
- [Create an issue](../../../api/issues.md#new-issue) in one of the group's projects.
1. Use the group token to [clone a group's project](../../../gitlab-basics/start-using-git.md#clone-with-https)
using HTTPS.
### Revoke a group access token
To revoke a group access token, run the following command in a [Rails console](../../../administration/operations/rails_console.md):
```ruby
bot = User.find_by(username: 'group_109_bot') # the owner of the token you want to revoke
token = bot.personal_access_tokens.last # the token you want to revoke
token.revoke!
```
## Project bot users
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/210181) in GitLab 13.0.

2
scripts/lint-doc.sh
View file

@ -128,7 +128,7 @@ function run_locally_or_in_docker() {
$cmd $args
elif hash docker 2>/dev/null
then
docker run -t -v ${PWD}:/gitlab -w /gitlab --rm registry.gitlab.com/gitlab-org/gitlab-docs/lint-markdown:alpine-3.14-vale-2.12.0-markdownlint-0.29.0 ${cmd} ${args}
docker run -t -v ${PWD}:/gitlab -w /gitlab --rm registry.gitlab.com/gitlab-org/gitlab-docs/lint-markdown:alpine-3.15-vale-2.14.0-markdownlint-0.30.0 ${cmd} ${args}
else
echo
echo " ✖ ERROR: '${cmd}' not found. Install '${cmd}' or Docker to proceed." >&2

2
spec/factories/wikis.rb
View file

@ -4,7 +4,7 @@ FactoryBot.define do
factory :wiki do
transient do
container { association(:project) }
user { container.default_owner || association(:user) }
user { container.first_owner || association(:user) }
end
initialize_with { Wiki.for_container(container, user) }

10
spec/models/group_spec.rb
View file

@ -2539,7 +2539,7 @@ RSpec.describe Group do
end
end
describe '#default_owner' do
describe '#first_owner' do
let(:group) { build(:group) }
context 'the group has owners' do
@ -2549,7 +2549,7 @@ RSpec.describe Group do
end
it 'is the first owner' do
expect(group.default_owner)
expect(group.first_owner)
.to eq(group.owners.first)
.and be_a(User)
end
@ -2564,8 +2564,8 @@ RSpec.describe Group do
end
it 'is the first owner of the parent' do
expect(group.default_owner)
.to eq(parent.default_owner)
expect(group.first_owner)
.to eq(parent.first_owner)
.and be_a(User)
end
end
@ -2576,7 +2576,7 @@ RSpec.describe Group do
end
it 'is the group.owner' do
expect(group.default_owner)
expect(group.first_owner)
.to eq(group.owner)
.and be_a(User)
end

8
spec/models/project_spec.rb
View file

@ -1299,7 +1299,7 @@ RSpec.describe Project, factory_default: :keep do
end
end
describe '#default_owner' do
describe '#first_owner' do
let_it_be(:owner) { create(:user) }
let_it_be(:namespace) { create(:namespace, owner: owner) }
@ -1307,7 +1307,7 @@ RSpec.describe Project, factory_default: :keep do
let(:project) { build(:project, namespace: namespace) }
it 'is the namespace owner' do
expect(project.default_owner).to eq(owner)
expect(project.first_owner).to eq(owner)
end
end
@ -1316,9 +1316,9 @@ RSpec.describe Project, factory_default: :keep do
let(:project) { build(:project, group: group, namespace: namespace) }
it 'is the group owner' do
allow(group).to receive(:default_owner).and_return(Object.new)
allow(group).to receive(:first_owner).and_return(Object.new)
expect(project.default_owner).to eq(group.default_owner)
expect(project.first_owner).to eq(group.first_owner)
end
end
end

2
spec/views/shared/wikis/_sidebar.html.haml_spec.rb
View file

@ -3,7 +3,7 @@ require 'spec_helper'
RSpec.describe 'shared/wikis/_sidebar.html.haml' do
let_it_be(:project) { create(:project) }
let_it_be(:wiki) { Wiki.for_container(project, project.default_owner) }
let_it_be(:wiki) { Wiki.for_container(project, project.first_owner) }
before do
assign(:wiki, wiki)