From 57b795ee00fbe7a17fa0ad2eb21987eab5fc4aa4 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Wed, 22 Jun 2022 06:08:52 +0000 Subject: [PATCH] Add latest changes from gitlab-org/gitlab@master --- .../emoji/awards_app/store/actions.js | 2 - .../import/bitbucket_controller.rb | 11 +- app/controllers/import/gitea_controller.rb | 2 +- app/controllers/import/github_controller.rb | 16 +- app/controllers/import/gitlab_controller.rb | 6 +- app/views/import/bitbucket/status.html.haml | 2 +- app/views/import/gitlab/status.html.haml | 2 +- .../projects/_import_project_pane.html.haml | 4 +- doc/api/award_emoji.md | 20 +- .../cloud_deployment/ecs/deploy_to_aws_ecs.md | 20 +- doc/ci/cloud_deployment/index.md | 2 +- doc/ci/examples/index.md | 2 +- doc/ci/index.md | 4 +- doc/ci/metrics_reports.md | 2 +- doc/ci/pipelines/pipeline_efficiency.md | 2 +- doc/ci/testing/accessibility_testing.md | 76 +++ doc/ci/testing/browser_performance_testing.md | 242 +++++++ doc/ci/testing/code_quality.md | 633 +++++++++++++++++ .../img/accessibility_mr_widget_v13_0.png | Bin .../img/browser_performance_testing.png | Bin .../code_quality_host_bound_sequential.png | Bin .../img/code_quality_mr_diff_report_v14_2.png | Bin .../img/code_quality_report_13_11.png | Bin .../img/code_quality_widget_13_11.png | Bin doc/ci/testing/index.md | 6 +- doc/ci/yaml/artifacts_reports.md | 14 +- doc/development/performance.md | 2 +- doc/development/testing_guide/review_apps.md | 2 +- doc/subscriptions/bronze_starter.md | 2 +- doc/topics/autodevops/stages.md | 6 +- .../merge_requests/accessibility_testing.md | 79 +-- .../browser_performance_testing.md | 245 +------ .../project/merge_requests/code_quality.md | 637 +----------------- doc/user/project/merge_requests/index.md | 2 +- .../load_performance_testing.md | 2 +- lib/api/award_emoji.rb | 4 +- .../templates/Jobs/Deploy/ECS.gitlab-ci.yml | 5 + qa/qa/runtime/feature.rb | 6 +- .../features/sanity/feature_flags_spec.rb | 49 +- .../import/bitbucket_controller_spec.rb | 29 +- .../import/github_controller_spec.rb | 5 +- .../import/gitlab_controller_spec.rb | 40 +- .../multipart_invalid_uploads_spec.rb | 2 +- .../emoji/awards_app/store/actions_spec.js | 12 - spec/requests/api/award_emoji_spec.rb | 129 +++- workhorse/internal/testhelper/testhelper.go | 7 + .../internal/upload/artifacts_store_test.go | 5 +- .../internal/upload/artifacts_upload_test.go | 15 +- .../internal/upload/body_uploader_test.go | 25 +- .../upload/destination/destination.go | 27 +- .../upload/destination/destination_test.go | 35 +- workhorse/internal/upload/uploads_test.go | 40 +- workhorse/upload_test.go | 26 +- 53 files changed, 1337 insertions(+), 1169 deletions(-) create mode 100644 doc/ci/testing/accessibility_testing.md create mode 100644 doc/ci/testing/browser_performance_testing.md create mode 100644 doc/ci/testing/code_quality.md rename doc/{user/project/merge_requests => ci/testing}/img/accessibility_mr_widget_v13_0.png (100%) rename doc/{user/project/merge_requests => ci/testing}/img/browser_performance_testing.png (100%) rename doc/{user/project/merge_requests => ci/testing}/img/code_quality_host_bound_sequential.png (100%) rename doc/{user/project/merge_requests => ci/testing}/img/code_quality_mr_diff_report_v14_2.png (100%) rename doc/{user/project/merge_requests => ci/testing}/img/code_quality_report_13_11.png (100%) rename doc/{user/project/merge_requests => ci/testing}/img/code_quality_widget_13_11.png (100%) diff --git a/app/assets/javascripts/emoji/awards_app/store/actions.js b/app/assets/javascripts/emoji/awards_app/store/actions.js index f83bfe614dd..427a504e038 100644 --- a/app/assets/javascripts/emoji/awards_app/store/actions.js +++ b/app/assets/javascripts/emoji/awards_app/store/actions.js @@ -14,8 +14,6 @@ import { export const setInitialData = ({ commit }, data) => commit(SET_INITIAL_DATA, data); export const fetchAwards = async ({ commit, dispatch, state }, page = '1') => { - if (!window.gon?.current_user_id) return; - try { const { data, headers } = await axios.get(joinPaths(gon.relative_url_root || '', state.path), { params: { per_page: 100, page }, diff --git a/app/controllers/import/bitbucket_controller.rb b/app/controllers/import/bitbucket_controller.rb index 55707000cf8..8181401c92b 100644 --- a/app/controllers/import/bitbucket_controller.rb +++ b/app/controllers/import/bitbucket_controller.rb @@ -18,14 +18,14 @@ class Import::BitbucketController < Import::BaseController if auth_state.blank? || !ActiveSupport::SecurityUtils.secure_compare(auth_state, params[:state]) go_to_bitbucket_for_permissions else - response = oauth_client.auth_code.get_token(params[:code], redirect_uri: users_import_bitbucket_callback_url) + response = oauth_client.auth_code.get_token(params[:code], redirect_uri: users_import_bitbucket_callback_url(namespace_id: params[:namespace_id])) session[:bitbucket_token] = response.token session[:bitbucket_expires_at] = response.expires_at session[:bitbucket_expires_in] = response.expires_in session[:bitbucket_refresh_token] = response.refresh_token - redirect_to status_import_bitbucket_url + redirect_to status_import_bitbucket_url(namespace_id: params[:namespace_id]) end end @@ -83,11 +83,6 @@ class Import::BitbucketController < Import::BaseController :bitbucket end - override :provider_url - def provider_url - provider.url - end - private def oauth_client @@ -121,7 +116,7 @@ class Import::BitbucketController < Import::BaseController def go_to_bitbucket_for_permissions state = SecureRandom.base64(64) session[:bitbucket_auth_state] = state - redirect_to oauth_client.auth_code.authorize_url(redirect_uri: users_import_bitbucket_callback_url, state: state) + redirect_to oauth_client.auth_code.authorize_url(redirect_uri: users_import_bitbucket_callback_url(namespace_id: params[:namespace_id]), state: state) end def bitbucket_unauthorized(exception) diff --git a/app/controllers/import/gitea_controller.rb b/app/controllers/import/gitea_controller.rb index 399a92c59e0..4b4ac07b389 100644 --- a/app/controllers/import/gitea_controller.rb +++ b/app/controllers/import/gitea_controller.rb @@ -7,7 +7,7 @@ class Import::GiteaController < Import::GithubController def new if session[access_token_key].present? && provider_url.present? - redirect_to status_import_url(namespace_id: params[:namespace_id]) + redirect_to status_import_url end end diff --git a/app/controllers/import/github_controller.rb b/app/controllers/import/github_controller.rb index 8dd40b6254e..9cc58ce542c 100644 --- a/app/controllers/import/github_controller.rb +++ b/app/controllers/import/github_controller.rb @@ -23,25 +23,24 @@ class Import::GithubController < Import::BaseController if !ci_cd_only? && github_import_configured? && logged_in_with_provider? go_to_provider_for_permissions elsif session[access_token_key] - redirect_to status_import_url(namespace_id: params[:namespace_id]) + redirect_to status_import_url end end def callback auth_state = session.delete(auth_state_key) - namespace_id = session.delete(:namespace_id) if auth_state.blank? || !ActiveSupport::SecurityUtils.secure_compare(auth_state, params[:state]) provider_unauthorized else session[access_token_key] = get_token(params[:code]) - redirect_to status_import_url(namespace_id: namespace_id) + redirect_to status_import_url end end def personal_access_token session[access_token_key] = params[:personal_access_token]&.strip - redirect_to status_import_url(namespace_id: params[:namespace_id].presence) + redirect_to status_import_url end def status @@ -205,15 +204,15 @@ class Import::GithubController < Import::BaseController end def new_import_url - public_send("new_import_#{provider_name}_url", extra_import_params) # rubocop:disable GitlabSecurity/PublicSend + public_send("new_import_#{provider_name}_url", extra_import_params.merge({ namespace_id: params[:namespace_id] })) # rubocop:disable GitlabSecurity/PublicSend end - def status_import_url(namespace_id: nil) - public_send("status_import_#{provider_name}_url", extra_import_params.merge({ namespace_id: namespace_id })) # rubocop:disable GitlabSecurity/PublicSend + def status_import_url + public_send("status_import_#{provider_name}_url", extra_import_params.merge({ namespace_id: params[:namespace_id].presence })) # rubocop:disable GitlabSecurity/PublicSend end def callback_import_url - public_send("users_import_#{provider_name}_callback_url", extra_import_params) # rubocop:disable GitlabSecurity/PublicSend + public_send("users_import_#{provider_name}_callback_url", extra_import_params.merge({ namespace_id: params[:namespace_id] })) # rubocop:disable GitlabSecurity/PublicSend end def provider_unauthorized @@ -255,7 +254,6 @@ class Import::GithubController < Import::BaseController def provider_auth if !ci_cd_only? && session[access_token_key].blank? - session[:namespace_id] = params[:namespace_id] go_to_provider_for_permissions end end diff --git a/app/controllers/import/gitlab_controller.rb b/app/controllers/import/gitlab_controller.rb index c846d9d225a..dd25698d0a9 100644 --- a/app/controllers/import/gitlab_controller.rb +++ b/app/controllers/import/gitlab_controller.rb @@ -12,8 +12,8 @@ class Import::GitlabController < Import::BaseController rescue_from OAuth2::Error, with: :gitlab_unauthorized def callback - session[:gitlab_access_token] = client.get_token(params[:code], callback_import_gitlab_url) - redirect_to status_import_gitlab_url + session[:gitlab_access_token] = client.get_token(params[:code], callback_import_gitlab_url(namespace_id: params[:namespace_id])) + redirect_to status_import_gitlab_url(namespace_id: params[:namespace_id]) end # We need to re-expose controller's internal method 'status' as action. @@ -79,7 +79,7 @@ class Import::GitlabController < Import::BaseController end def go_to_gitlab_for_permissions - redirect_to client.authorize_url(callback_import_gitlab_url) + redirect_to client.authorize_url(callback_import_gitlab_url(namespace_id: params[:namespace_id])) end def gitlab_unauthorized diff --git a/app/views/import/bitbucket/status.html.haml b/app/views/import/bitbucket/status.html.haml index e69ca4663b4..b4b73e9e790 100644 --- a/app/views/import/bitbucket/status.html.haml +++ b/app/views/import/bitbucket/status.html.haml @@ -6,4 +6,4 @@ = sprite_icon('bitbucket', css_class: 'gl-mr-2') = _('Import projects from Bitbucket') -= render 'import/githubish_status', provider: 'bitbucket' += render 'import/githubish_status', provider: 'bitbucket', default_namespace: @namespace diff --git a/app/views/import/gitlab/status.html.haml b/app/views/import/gitlab/status.html.haml index 13aaa41de9b..d2d49266350 100644 --- a/app/views/import/gitlab/status.html.haml +++ b/app/views/import/gitlab/status.html.haml @@ -3,4 +3,4 @@ = sprite_icon('heart', css_class: 'gl-vertical-align-middle') = _('Import projects from GitLab.com') -= render 'import/githubish_status', provider: 'gitlab', filterable: false += render 'import/githubish_status', provider: 'gitlab', filterable: false, default_namespace: @namespace diff --git a/app/views/projects/_import_project_pane.html.haml b/app/views/projects/_import_project_pane.html.haml index cb15858a935..034c4a7501d 100644 --- a/app/views/projects/_import_project_pane.html.haml +++ b/app/views/projects/_import_project_pane.html.haml @@ -24,7 +24,7 @@ - if bitbucket_import_enabled? %div - = link_to status_import_bitbucket_path, class: "gl-button btn-default btn import_bitbucket js-import-project-btn #{'js-how-to-import-link' unless bitbucket_import_configured?}", + = link_to status_import_bitbucket_path(namespace_id: namespace_id), class: "gl-button btn-default btn import_bitbucket js-import-project-btn #{'js-how-to-import-link' unless bitbucket_import_configured?}", data: { modal_title: _("Import projects from Bitbucket"), modal_message: import_from_bitbucket_message, platform: 'bitbucket_cloud', **tracking_attrs_data(track_label, 'click_button', 'bitbucket_cloud') } do .gl-button-icon = sprite_icon('bitbucket') @@ -38,7 +38,7 @@ %div - if gitlab_import_enabled? %div - = link_to status_import_gitlab_path, class: "gl-button btn-default btn import_gitlab js-import-project-btn #{'js-how-to-import-link' unless gitlab_import_configured?}", + = link_to status_import_gitlab_path(namespace_id: namespace_id), class: "gl-button btn-default btn import_gitlab js-import-project-btn #{'js-how-to-import-link' unless gitlab_import_configured?}", data: { modal_title: _("Import projects from GitLab.com"), modal_message: import_from_gitlab_message, platform: 'gitlab_com', **tracking_attrs_data(track_label, 'click_button', 'gitlab_com') } do .gl-button-icon = sprite_icon('tanuki') diff --git a/doc/api/award_emoji.md b/doc/api/award_emoji.md index 61f84dfb812..5b350dd88c6 100644 --- a/doc/api/award_emoji.md +++ b/doc/api/award_emoji.md @@ -23,7 +23,10 @@ See [Award Emoji on Comments](#award-emoji-on-comments) for information on using ### List an awardable's award emojis -Get a list of all award emojis for a specified awardable. +> [Changed](https://gitlab.com/gitlab-org/gitlab/-/issues/335068) in GitLab 15.1 to allow unauthenticated access to public awardables. + +Get a list of all award emojis for a specified awardable. This endpoint can +be accessed without authentication if the awardable is publicly accessible. ```plaintext GET /projects/:id/issues/:issue_iid/award_emoji @@ -85,7 +88,10 @@ Example response: ### Get single award emoji -Get a single award emoji from an issue, snippet, or merge request. +> [Changed](https://gitlab.com/gitlab-org/gitlab/-/issues/335068) in GitLab 15.1 to allow unauthenticated access to public awardables. + +Get a single award emoji from an issue, snippet, or merge request. This endpoint can +be accessed without authentication if the awardable is publicly accessible. ```plaintext GET /projects/:id/issues/:issue_iid/award_emoji/:award_id @@ -206,7 +212,10 @@ adapted to comments on merge requests and snippets. Therefore, you have to repla ### List a comment's award emojis -Get all award emojis for a comment (note). +> [Changed](https://gitlab.com/gitlab-org/gitlab/-/issues/335068) in GitLab 15.1 to allow unauthenticated access to public comments. + +Get all award emojis for a comment (note). This endpoint can +be accessed without authentication if the comment is publicly accessible. ```plaintext GET /projects/:id/issues/:issue_iid/notes/:note_id/award_emoji @@ -251,7 +260,10 @@ Example response: ### Get an award emoji for a comment -Get a single award emoji for a comment (note). +> [Changed](https://gitlab.com/gitlab-org/gitlab/-/issues/335068) in GitLab 15.1 to allow unauthenticated access to public comments. + +Get a single award emoji for a comment (note). This endpoint can +be accessed without authentication if the comment is publicly accessible. ```plaintext GET /projects/:id/issues/:issue_iid/notes/:note_id/award_emoji/:award_id diff --git a/doc/ci/cloud_deployment/ecs/deploy_to_aws_ecs.md b/doc/ci/cloud_deployment/ecs/deploy_to_aws_ecs.md index 9af5218e058..b07c2b3ec97 100644 --- a/doc/ci/cloud_deployment/ecs/deploy_to_aws_ecs.md +++ b/doc/ci/cloud_deployment/ecs/deploy_to_aws_ecs.md @@ -223,7 +223,7 @@ These variables are injected into the pipeline jobs and can access the ECS API. |`AWS_SECRET_ACCESS_KEY`|``| For authenticating `aws` CLI. | |`AWS_DEFAULT_REGION`|`us-east-2`| For authenticating `aws` CLI. | |`CI_AWS_ECS_CLUSTER`|`ecs-demo`| The ECS cluster is accessed by `production_ecs` job. | - |`CI_AWS_ECS_SERVICE`|`ecs_demo`| The ECS service of the cluster is updated by `production_ecs` job. | + |`CI_AWS_ECS_SERVICE`|`ecs_demo`| The ECS service of the cluster is updated by `production_ecs` job. Ensure that this variable is scoped to the appropriate environment (`production`, `staging`, `review/*`). | |`CI_AWS_ECS_TASK_DEFINITION`|`ecs_demo`| The ECS task definition is updated by `production_ecs` job. | ### Make a change to the demo application @@ -246,6 +246,24 @@ NOTE: ECS deploy jobs wait for the rollout to complete before exiting. To disable this behavior, set `CI_AWS_ECS_WAIT_FOR_ROLLOUT_COMPLETE_DISABLED` to a non-empty value. +## Set up Review Apps + +In order to use [Review Apps](../../../development/testing_guide/review_apps.md) with ECS, you should create another +[service](#create-an-ecs-service) and specify its name using the `CI_AWS_ECS_SERVICE` variable scoped to `review/*`. +Since this service is shared by all review apps, there is a limitation that only one Review App can be deployed at a time. + +## Set up Security Testing + +### Configure SAST + +Using [SAST](../../../user/application_security/sast/index.md) with ECS requires no extra configuration. For more +details about how to configure SAST, see the SAST [documentation](../../../user/application_security/sast/index.md). + +### Configure DAST + +To use [DAST](../../../user/application_security/dast/index.md) on non-default branches, [set up review apps](#set-up-review-apps) +and then follow the steps outlined in the DAST [documentation](../../../user/application_security/dast/index.md). + ## Further reading - If you're interested in more of the continuous deployments to clouds, see [cloud deployments](../index.md). diff --git a/doc/ci/cloud_deployment/index.md b/doc/ci/cloud_deployment/index.md index c5be2328264..5df396e796e 100644 --- a/doc/ci/cloud_deployment/index.md +++ b/doc/ci/cloud_deployment/index.md @@ -93,7 +93,7 @@ To deploy to your ECS cluster: | Environment variable name | Value | |:-------------------------------|:------------------------| | `CI_AWS_ECS_CLUSTER` | The name of the AWS ECS cluster that you're targeting for your deployments. | - | `CI_AWS_ECS_SERVICE` | The name of the targeted service tied to your AWS ECS cluster. | + | `CI_AWS_ECS_SERVICE` | The name of the targeted service tied to your AWS ECS cluster. Ensure that this variable is scoped to the appropriate environment (`production`, `staging`, `review/*`). | | `CI_AWS_ECS_TASK_DEFINITION` | If the task definition is in ECS, the name of the task definition tied to the service. | | `CI_AWS_ECS_TASK_DEFINITION_FILE` | If the task definition is a JSON file in GitLab, the filename, including the path. For example, `ci/aws/my_task_definition.json`. If the name of the task definition in your JSON file is the same name as an existing task definition in ECS, then a new revision is created when CI/CD runs. Otherwise, a brand new task definition is created, starting at revision 1. | diff --git a/doc/ci/examples/index.md b/doc/ci/examples/index.md index 251256ceb4d..816514c4230 100644 --- a/doc/ci/examples/index.md +++ b/doc/ci/examples/index.md @@ -24,7 +24,7 @@ The following table lists examples with step-by-step tutorials that are containe | Use case | Resource | |-------------------------------|----------| -| Browser performance testing | [Browser Performance Testing with the Sitespeed.io container](../../user/project/merge_requests/browser_performance_testing.md). | +| Browser performance testing | [Browser Performance Testing with the Sitespeed.io container](../testing/browser_performance_testing.md). | | Deployment with Dpl | [Using `dpl` as deployment tool](deployment/index.md). | | GitLab Pages | See the [GitLab Pages](../../user/project/pages/index.md) documentation for a complete example of deploying a static site. | | End-to-end testing | [End-to-end testing with GitLab CI/CD and WebdriverIO](end_to_end_testing_webdriverio/index.md). | diff --git a/doc/ci/index.md b/doc/ci/index.md index 4fe2dee32bf..6dee0943bdd 100644 --- a/doc/ci/index.md +++ b/doc/ci/index.md @@ -83,7 +83,7 @@ GitLab CI/CD features, grouped by DevOps stage, include: | [ChatOps](chatops/index.md) | Trigger CI jobs from chat, with results sent back to the channel. | | [Connect to cloud services](cloud_services/index.md) | Connect to cloud providers using OpenID Connect (OIDC) to retrieve temporary credentials to access services or secrets. | | **Verify** | | -| [Browser Performance Testing](../user/project/merge_requests/browser_performance_testing.md) | Quickly determine the browser performance impact of pending code changes. | +| [Browser Performance Testing](testing/browser_performance_testing.md) | Quickly determine the browser performance impact of pending code changes. | | [Load Performance Testing](../user/project/merge_requests/load_performance_testing.md) | Quickly determine the server performance impact of pending code changes. | | [CI services](services/index.md) | Link Docker containers with your base image. | | [GitLab CI/CD for external repositories](ci_cd_for_external_repos/index.md) | Get the benefits of GitLab CI/CD combined with repositories in GitHub and Bitbucket Cloud. | @@ -101,7 +101,7 @@ GitLab CI/CD features, grouped by DevOps stage, include: | [GitLab Releases](../user/project/releases/index.md) | Add release notes to Git tags. | | [Cloud deployment](cloud_deployment/index.md) | Deploy your application to a main cloud provider. | | **Secure** | | -| [Code Quality](../user/project/merge_requests/code_quality.md) | Analyze your source code quality. | +| [Code Quality](testing/code_quality.md) | Analyze your source code quality. | | [Container Scanning](../user/application_security/container_scanning/index.md) | Check your Docker containers for known vulnerabilities. | | [Dependency Scanning](../user/application_security/dependency_scanning/index.md) | Analyze your dependencies for known vulnerabilities. | | [License Compliance](../user/compliance/license_compliance/index.md) | Search your project dependencies for their licenses. | diff --git a/doc/ci/metrics_reports.md b/doc/ci/metrics_reports.md index 03869a639f1..6141c8628e1 100644 --- a/doc/ci/metrics_reports.md +++ b/doc/ci/metrics_reports.md @@ -8,7 +8,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/9788) in GitLab 11.10. Requires GitLab Runner 11.10 and above. -GitLab provides a lot of great reporting tools for things like [merge requests](../user/project/merge_requests/index.md) - [Unit test reports](testing/unit_test_reports.md), [code quality](../user/project/merge_requests/code_quality.md), and performance tests. While JUnit is a great open framework for tests that "pass" or "fail", it is also important to see other types of metrics from a given change. +GitLab provides a lot of great reporting tools for things like [merge requests](../user/project/merge_requests/index.md) - [Unit test reports](testing/unit_test_reports.md), [code quality](testing/code_quality.md), and performance tests. While JUnit is a great open framework for tests that "pass" or "fail", it is also important to see other types of metrics from a given change. You can configure your job to use custom Metrics Reports, and GitLab displays a report on the merge request so that it's easier and faster to identify changes without having to check the entire log. diff --git a/doc/ci/pipelines/pipeline_efficiency.md b/doc/ci/pipelines/pipeline_efficiency.md index 991b3aef76c..91cf2ebd5c1 100644 --- a/doc/ci/pipelines/pipeline_efficiency.md +++ b/doc/ci/pipelines/pipeline_efficiency.md @@ -75,7 +75,7 @@ The [Pipeline success and duration charts](index.md#pipeline-success-and-duratio give information about pipeline runtime and failed job counts. Tests like [unit tests](../testing/unit_test_reports.md), integration tests, end-to-end tests, -[code quality](../../user/project/merge_requests/code_quality.md) tests, and others +[code quality](../testing/code_quality.md) tests, and others ensure that problems are automatically found by the CI/CD pipeline. There could be many pipeline stages involved causing long runtimes. diff --git a/doc/ci/testing/accessibility_testing.md b/doc/ci/testing/accessibility_testing.md new file mode 100644 index 00000000000..7940b27acf7 --- /dev/null +++ b/doc/ci/testing/accessibility_testing.md @@ -0,0 +1,76 @@ +--- +stage: Verify +group: Pipeline Insights +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments +--- + +# Accessibility testing **(FREE)** + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/25144) in GitLab 12.8. + +If your application offers a web interface, you can use +[GitLab CI/CD](../index.md) to determine the accessibility +impact of pending code changes. + +[Pa11y](https://pa11y.org/) is a free and open source tool for +measuring the accessibility of web sites. GitLab integrates Pa11y into a +[CI job template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Verify/Accessibility.gitlab-ci.yml). +The `a11y` job analyzes a defined set of web pages and reports +accessibility violations, warnings, and notices in a file named +`accessibility`. + +As of [GitLab 14.5](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/73309), Pa11y uses +[WCAG 2.1 rules](https://www.w3.org/TR/WCAG21/#new-features-in-wcag-2-1). + +## Accessibility merge request widget + +> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/39425) in GitLab 13.0 behind the disabled [feature flag](../../administration/feature_flags.md) `:accessibility_report_view`. +> - [Feature Flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/217372) in GitLab 13.1. + +GitLab displays an **Accessibility Report** in the merge request widget area: + +![Accessibility merge request widget](img/accessibility_mr_widget_v13_0.png) + +## Configure accessibility testing + +You can run Pa11y with GitLab CI/CD using the +[GitLab Accessibility Docker image](https://gitlab.com/gitlab-org/ci-cd/accessibility). + +To define the `a11y` job for GitLab 12.9 and later: + +1. [Include](../yaml/index.md#includetemplate) the + [`Accessibility.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Verify/Accessibility.gitlab-ci.yml) + from your GitLab installation. +1. Add the following configuration to your `.gitlab-ci.yml` file. + + ```yaml + stages: + - accessibility + + variables: + a11y_urls: "https://about.gitlab.com https://gitlab.com/users/sign_in" + + include: + - template: "Verify/Accessibility.gitlab-ci.yml" + ``` + +1. Customize the `a11y_urls` variable to list the URLs of the web pages to test with Pa11y. + +The `a11y` job in your CI/CD pipeline generates these files: + +- One HTML report per URL listed in the `a11y_urls` variable. +- One file containing the collected report data. In GitLab versions 12.11 and later, this + file is named `gl-accessibility.json`. In GitLab versions 12.10 and earlier, this file + is named [`accessibility.json`](https://gitlab.com/gitlab-org/ci-cd/accessibility/-/merge_requests/9). + +You can [view job artifacts in your browser](../pipelines/job_artifacts.md#download-job-artifacts). + +NOTE: +For GitLab versions earlier than 12.9, use `include:remote` and +link to the [current template in the default branch](https://gitlab.com/gitlab-org/gitlab/-/raw/master/lib/gitlab/ci/templates/Verify/Accessibility.gitlab-ci.yml) + +NOTE: +The job definition provided by the template does not support Kubernetes. + +You cannot pass configurations into Pa11y via CI configuration. +To change the configuration, edit a copy of the template in your CI file. diff --git a/doc/ci/testing/browser_performance_testing.md b/doc/ci/testing/browser_performance_testing.md new file mode 100644 index 00000000000..260ecf6108d --- /dev/null +++ b/doc/ci/testing/browser_performance_testing.md @@ -0,0 +1,242 @@ +--- +stage: Verify +group: Pipeline Insights +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments +--- + +# Browser Performance Testing **(PREMIUM)** + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/3507) in GitLab 10.3. + +If your application offers a web interface and you're using +[GitLab CI/CD](../index.md), you can quickly determine the rendering performance +impact of pending code changes in the browser. + +NOTE: +You can automate this feature in your applications by using [Auto DevOps](../../topics/autodevops/index.md). + +## Overview + +GitLab uses [Sitespeed.io](https://www.sitespeed.io), a free and open source +tool, for measuring the rendering performance of web sites. The +[Sitespeed plugin](https://gitlab.com/gitlab-org/gl-performance) that GitLab built outputs +the performance score for each page analyzed in a file called `browser-performance.json` +this data can be shown on Merge Requests. + +## Use cases + +Consider the following workflow: + +1. A member of the marketing team is attempting to track engagement by adding a new tool. +1. With browser performance metrics, they see how their changes are impacting the usability + of the page for end users. +1. The metrics show that after their changes, the performance score of the page has gone down. +1. When looking at the detailed report, they see the new JavaScript library was + included in ``, which affects loading page speed. +1. They ask for help from a front end developer, who sets the library to load asynchronously. +1. The frontend developer approves the merge request, and authorizes its deployment to production. + +## How browser performance testing works + +First, define a job in your `.gitlab-ci.yml` file that generates the +[Browser Performance report artifact](../yaml/artifacts_reports.md#artifactsreportsbrowser_performance). +GitLab then checks this report, compares key performance metrics for each page +between the source and target branches, and shows the information in the merge request. + +For an example Browser Performance job, see +[Configuring Browser Performance Testing](#configuring-browser-performance-testing). + +NOTE: +If the Browser Performance report has no data to compare, such as when you add the +Browser Performance job in your `.gitlab-ci.yml` for the very first time, +the Browser Performance report widget doesn't display. It must have run at least +once on the target branch (`main`, for example), before it displays in a +merge request targeting that branch. + +![Browser Performance Widget](img/browser_performance_testing.png) + +## Configuring Browser Performance Testing + +This example shows how to run the [sitespeed.io container](https://hub.docker.com/r/sitespeedio/sitespeed.io/) +on your code by using GitLab CI/CD and [sitespeed.io](https://www.sitespeed.io) +using Docker-in-Docker. + +1. First, set up GitLab Runner with a + [Docker-in-Docker build](../docker/using_docker_build.md#use-docker-in-docker). +1. Configure the default Browser Performance Testing CI/CD job as follows in your `.gitlab-ci.yml` file: + + ```yaml + include: + template: Verify/Browser-Performance.gitlab-ci.yml + + browser_performance: + variables: + URL: https://example.com + ``` + +WARNING: +In GitLab 13.12 and earlier, the job [was named](https://gitlab.com/gitlab-org/gitlab/-/issues/225914) `performance`. + +The above example: + +- Creates a `browser_performance` job in your CI/CD pipeline and runs sitespeed.io against the webpage you + defined in `URL` to gather key metrics. +- Uses a template that doesn't work with Kubernetes clusters. If you are using a Kubernetes cluster, + use [`template: Jobs/Browser-Performance-Testing.gitlab-ci.yml`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/Browser-Performance-Testing.gitlab-ci.yml) + instead. +- Uses a CI/CD template that is included in all GitLab installations since 12.4. If you are using + GitLab 12.3 or earlier, you must [add the configuration manually](#gitlab-versions-132-and-earlier). + +The template uses the [GitLab plugin for sitespeed.io](https://gitlab.com/gitlab-org/gl-performance), +and it saves the full HTML sitespeed.io report as a [Browser Performance report artifact](../yaml/artifacts_reports.md#artifactsreportsbrowser_performance) +that you can later download and analyze. This implementation always takes the latest +Browser Performance artifact available. If [GitLab Pages](../../user/project/pages/index.md) is enabled, +you can view the report directly in your browser. + +You can also customize the jobs with CI/CD variables: + +- `SITESPEED_IMAGE`: Configure the Docker image to use for the job (default `sitespeedio/sitespeed.io`), but not the image version. +- `SITESPEED_VERSION`: Configure the version of the Docker image to use for the job (default `14.1.0`). +- `SITESPEED_OPTIONS`: Configure any additional sitespeed.io options as required (default `nil`). Refer to the [sitespeed.io documentation](https://www.sitespeed.io/documentation/sitespeed.io/configuration/) for more details. + +For example, you can override the number of runs sitespeed.io +makes on the given URL, and change the version: + +```yaml +include: + template: Verify/Browser-Performance.gitlab-ci.yml + +browser_performance: + variables: + URL: https://www.sitespeed.io/ + SITESPEED_VERSION: 13.2.0 + SITESPEED_OPTIONS: -n 5 +``` + +### Configuring degradation threshold + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/27599) in GitLab 13.0. + +You can configure the sensitivity of degradation alerts to avoid getting alerts for minor drops in metrics. +This is done by setting the `DEGRADATION_THRESHOLD` CI/CD variable. In the example below, the alert only shows up +if the `Total Score` metric degrades by 5 points or more: + +```yaml +include: + template: Verify/Browser-Performance.gitlab-ci.yml + +browser_performance: + variables: + URL: https://example.com + DEGRADATION_THRESHOLD: 5 +``` + +The `Total Score` metric is based on sitespeed.io's [coach performance score](https://www.sitespeed.io/documentation/sitespeed.io/metrics/#performance-score). There is more information in [the coach documentation](https://www.sitespeed.io/documentation/coach/how-to/#what-do-the-coach-do). + +### Performance testing on Review Apps + +The above CI YAML configuration is great for testing against static environments, and it can +be extended for dynamic environments, but a few extra steps are required: + +1. The `browser_performance` job should run after the dynamic environment has started. +1. In the `review` job: + 1. Generate a URL list file with the dynamic URL. + 1. Save the file as an artifact, for example with `echo $CI_ENVIRONMENT_URL > environment_url.txt` + in your job's `script`. + 1. Pass the list as the URL environment variable (which can be a URL or a file containing URLs) + to the `browser_performance` job. +1. You can now run the sitespeed.io container against the desired hostname and + paths. + +Your `.gitlab-ci.yml` file would look like: + +```yaml +stages: + - deploy + - performance + +include: + template: Verify/Browser-Performance.gitlab-ci.yml + +review: + stage: deploy + environment: + name: review/$CI_COMMIT_REF_SLUG + url: http://$CI_COMMIT_REF_SLUG.$APPS_DOMAIN + script: + - run_deploy_script + - echo $CI_ENVIRONMENT_URL > environment_url.txt + artifacts: + paths: + - environment_url.txt + only: + - branches + except: + - master + +browser_performance: + dependencies: + - review + variables: + URL: environment_url.txt +``` + +### GitLab versions 13.2 and earlier + +Browser Performance Testing has gone through several changes since its introduction. +In this section we detail these changes and how you can run the test based on your +GitLab version: + +- In 13.2 the feature was renamed from `Performance` to `Browser Performance` with additional + template CI/CD variables. +- In GitLab 12.4 [a job template was made available](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Verify/Browser-Performance.gitlab-ci.yml). +- For 11.5 to 12.3 no template is available and the job has to be defined manually as follows: + + ```yaml + performance: + stage: performance + image: docker:git + variables: + URL: https://example.com + SITESPEED_VERSION: 14.1.0 + SITESPEED_OPTIONS: '' + services: + - docker:stable-dind + script: + - mkdir gitlab-exporter + - wget -O ./gitlab-exporter/index.js https://gitlab.com/gitlab-org/gl-performance/raw/1.1.0/index.js + - mkdir sitespeed-results + - docker run --shm-size=1g --rm -v "$(pwd)":/sitespeed.io sitespeedio/sitespeed.io:$SITESPEED_VERSION --plugins.add ./gitlab-exporter --outputFolder sitespeed-results $URL $SITESPEED_OPTIONS + - mv sitespeed-results/data/performance.json performance.json + artifacts: + paths: + - performance.json + - sitespeed-results/ + reports: + performance: performance.json + ``` + +- For 11.4 and earlier the job should be defined as follows: + + ```yaml + performance: + stage: performance + image: docker:git + variables: + URL: https://example.com + services: + - docker:stable-dind + script: + - mkdir gitlab-exporter + - wget -O ./gitlab-exporter/index.js https://gitlab.com/gitlab-org/gl-performance/raw/1.1.0/index.js + - mkdir sitespeed-results + - docker run --shm-size=1g --rm -v "$(pwd)":/sitespeed.io sitespeedio/sitespeed.io:6.3.1 --plugins.add ./gitlab-exporter --outputFolder sitespeed-results $URL + - mv sitespeed-results/data/performance.json performance.json + artifacts: + paths: + - performance.json + - sitespeed-results/ + ``` + +Upgrading to the latest version and using the templates is recommended, to ensure +you receive the latest updates, including updates to the sitespeed.io versions. diff --git a/doc/ci/testing/code_quality.md b/doc/ci/testing/code_quality.md new file mode 100644 index 00000000000..9bd0286fd9e --- /dev/null +++ b/doc/ci/testing/code_quality.md @@ -0,0 +1,633 @@ +--- +stage: Secure +group: Static Analysis +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments +--- + +# Code Quality **(FREE)** + +> [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/212499) to GitLab Free in 13.2. + +To ensure your project's code stays simple, readable, and easy to contribute to, +you can use [GitLab CI/CD](../index.md) to analyze your source code quality. + +For example, while you're implementing a feature, you can run Code Quality reports +to analyze how your improvements are impacting your code's quality. You can +use this information to ensure that your changes are improving performance rather +than degrading it. + +Code Quality: + +- Uses [plugins](https://docs.codeclimate.com/docs/list-of-engines) supported by Code Climate, which are + free and open source. Code Quality does not require a Code Climate + subscription. +- Runs in [pipelines](../pipelines/index.md) by using a Docker image built in the + [GitLab Code Quality](https://gitlab.com/gitlab-org/ci-cd/codequality) project. +- Uses [default Code Climate configurations](https://gitlab.com/gitlab-org/ci-cd/codequality/-/tree/master/codeclimate_defaults). +- Can make use of a [template](#example-configuration). +- Is available by using [Auto Code Quality](../../topics/autodevops/stages.md#auto-code-quality), provided by [Auto DevOps](../../topics/autodevops/index.md). +- Can be extended through [Analysis Plugins](https://docs.codeclimate.com/docs/list-of-engines) or a [custom tool](#implementing-a-custom-tool). + +## Summary of features per tier + +Different features are available in different [GitLab tiers](https://about.gitlab.com/pricing/), +as shown in the following table: + +| Capability | In Free | In Premium | In Ultimate | +|:----------------------------------------------------------------------|:--------------------|:--------------------|:-------------------| +| [Configure scanners](#configuring-jobs-using-variables) | **{check-circle}** | **{check-circle}** | **{check-circle}** | +| [Integrate custom scanners](#implementing-a-custom-tool) | **{check-circle}** | **{check-circle}** | **{check-circle}** | +| [Generate JSON or HTML report artifacts](#generate-an-html-report) | **{check-circle}** | **{check-circle}** | **{check-circle}** | +| [See findings in merge request widget](#code-quality-widget) | **{check-circle}** | **{check-circle}** | **{check-circle}** | +| [See reports in CI pipelines](#code-quality-reports) | **{dotted-circle}** | **{check-circle}** | **{check-circle}** | +| [See findings in merge request diff view](#code-quality-in-diff-view) | **{dotted-circle}** | **{dotted-circle}** | **{check-circle}** | + +## Code Quality Widget + +> [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/212499) to GitLab Free in 13.2. + +Going a step further, GitLab can show the Code Quality report right +in the merge request widget area if a report from the target branch is available to compare to: + +![Code Quality Widget](img/code_quality_widget_13_11.png) + +Watch a quick walkthrough of Code Quality in action: + +
+ See the video: Code Quality: Speed Run. +
+
+ +
+ +NOTE: +For one customer, the auditor found that having Code Quality, SAST, and Container Scanning all automated in GitLab CI/CD was almost better than a manual review! [Read more](https://about.gitlab.com/customers/bi_worldwide/). + +See also the Code Climate list of [Supported Languages for Maintainability](https://docs.codeclimate.com/docs/supported-languages-for-maintainability). + +## Code Quality in diff view **(ULTIMATE)** + +> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/267612) in GitLab 13.11, disabled by default behind the `codequality_mr_diff` [feature flag](../../administration/feature_flags.md). +> - [Enabled by default](https://gitlab.com/gitlab-org/gitlab/-/issues/284140) in GitLab 13.12. +> - [Disabled by default](https://gitlab.com/gitlab-org/gitlab/-/issues/2526) in GitLab 14.0 due to [this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/334116). +> - [Inline annotation added](https://gitlab.com/gitlab-org/gitlab/-/issues/2526) and [feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/284140) in GitLab 14.1. + +Changes to files in merge requests can cause Code Quality to fall if merged. In these cases, +the merge request's diff view displays an indicator next to lines with new Code Quality violations. For example: + +![Code Quality MR diff report](img/code_quality_mr_diff_report_v14_2.png) + +## Example configuration + +This example shows how to run Code Quality on your code by using GitLab CI/CD and Docker. + +- Using shared runners, the job should be configured For the [Docker-in-Docker workflow](../docker/using_docker_build.md#use-docker-in-docker). +- Using private runners, there is an [alternative configuration](#set-up-a-private-runner-for-code-quality-without-docker-in-docker) recommended for running Code Quality analysis more efficiently. + +In either configuration, the runner must have enough disk space to handle generated Code Quality files. For example on the [GitLab project](https://gitlab.com/gitlab-org/gitlab) the files are approximately 7 GB. + +Once you set up GitLab Runner, include the [Code Quality template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml) in your CI configuration: + +```yaml +include: + - template: Code-Quality.gitlab-ci.yml +``` + +The above example creates a `code_quality` job in your CI/CD pipeline which +scans your source code for code quality issues. The report is saved as a +[Code Quality report artifact](../yaml/artifacts_reports.md#artifactsreportscodequality) +that you can later download and analyze. + +It's also possible to override the URL to the Code Quality image by +setting the `CODE_QUALITY_IMAGE` CI/CD variable. This is particularly useful if you want +to lock in a specific version of Code Quality, or use a fork of it: + +```yaml +include: + - template: Code-Quality.gitlab-ci.yml + +code_quality: + variables: + CODE_QUALITY_IMAGE: "registry.example.com/codequality-fork:latest" +``` + +In [GitLab 13.4 and later](https://gitlab.com/gitlab-org/gitlab/-/issues/11100), you can override the [Code Quality environment variables](https://gitlab.com/gitlab-org/ci-cd/codequality#environment-variables): + +```yaml +variables: + TIMEOUT_SECONDS: 1 + +include: + - template: Code-Quality.gitlab-ci.yml +``` + +By default, report artifacts are not downloadable. If you need them downloadable on the +job details page, you can add `gl-code-quality-report.json` to the artifact paths like so: + +```yaml +include: + - template: Code-Quality.gitlab-ci.yml + +code_quality: + artifacts: + paths: [gl-code-quality-report.json] +``` + +The included `code_quality` job is running in the `test` stage, so it needs to be included in your CI configuration, like so: + +```yaml +stages: + - test +``` + +NOTE: +This information is automatically extracted and shown right in the merge request widget. + +WARNING: +On self-managed instances, if a malicious actor compromises the Code Quality job +definition they could execute privileged Docker commands on the runner +host. Having proper access control policies mitigates this attack vector by +allowing access only to trusted actors. + +### Set up a private runner for code quality without Docker-in-Docker + +It's possible to configure your own runners and avoid Docker-in-Docker. You can use a +configuration that may greatly speed up job execution without requiring your runners +to operate in privileged mode. + +This alternative configuration uses socket binding to share the Runner's Docker daemon +with the job environment. Be aware that this configuration [has significant considerations](../docker/using_docker_build.md#use-docker-socket-binding) +to be consider, but may be preferable depending on your use case. + +1. Register a new runner: + + ```shell + $ gitlab-runner register --executor "docker" \ + --docker-image="docker:stable" \ + --url "https://gitlab.com/" \ + --description "cq-sans-dind" \ + --tag-list "cq-sans-dind" \ + --locked="false" \ + --access-level="not_protected" \ + --docker-volumes "/cache"\ + --docker-volumes "/builds:/builds"\ + --docker-volumes "/var/run/docker.sock:/var/run/docker.sock" \ + --registration-token="" \ + --non-interactive + ``` + +1. **Optional, but recommended:** Set the builds directory to `/tmp/builds`, + so job artifacts are periodically purged from the runner host. If you skip + this step, you must clean up the default builds directory (`/builds`) yourself. + You can do this by adding the following two flags to `gitlab-runner register` + in the previous step. + + ```shell + --builds-dir "/tmp/builds" + --docker-volumes "/tmp/builds:/tmp/builds" # Use this instead of --docker-volumes "/builds:/builds" + ``` + + The resulting configuration: + + ```toml + [[runners]] + name = "cq-sans-dind" + url = "https://gitlab.com/" + token = "" + executor = "docker" + builds_dir = "/tmp/builds" + [runners.docker] + tls_verify = false + image = "docker:stable" + privileged = false + disable_entrypoint_overwrite = false + oom_kill_disable = false + disable_cache = false + volumes = ["/cache", "/var/run/docker.sock:/var/run/docker.sock", "/tmp/builds:/tmp/builds"] + shm_size = 0 + [runners.cache] + [runners.cache.s3] + [runners.cache.gcs] + ``` + +1. Apply two overrides to the `code_quality` job created by the template: + + ```yaml + include: + - template: Code-Quality.gitlab-ci.yml + + code_quality: + services: # Shut off Docker-in-Docker + tags: + - cq-sans-dind # Set this job to only run on our new specialized runner + ``` + +The end result is that: + +- Privileged mode is not used. +- Docker-in-Docker is not used. +- Docker images, including all CodeClimate images, are cached, and not re-fetched for subsequent jobs. + +With this configuration, the run time for a second pipeline is much shorter. For example +this [small change](https://gitlab.com/drew/test-code-quality-template/-/merge_requests/4/diffs?commit_id=1e705607aef7236c1b20bb6f637965f3f3e53a46) +to an [open merge request](https://gitlab.com/drew/test-code-quality-template/-/merge_requests/4/pipelines) +running Code Quality analysis ran significantly faster the second time: + +![Code Quality sequential runs without DinD](img/code_quality_host_bound_sequential.png) + +This configuration is not possible on `gitlab.com` shared runners. Shared runners +are configured with `privileged=true`, and they do not expose `docker.sock` into +the job container. As a result, socket binding cannot be used to make `docker` available +in the context of the job script. + +[Docker-in-Docker](../docker/using_docker_build.md#use-docker-in-docker) +was chosen as an operational decision by the runner team, instead of exposing `docker.sock`. + +### Disabling the code quality job + +The `code_quality` job doesn't run if the `$CODE_QUALITY_DISABLED` CI/CD variable +is present. Please refer to the CI/CD variables [documentation](../variables/index.md) +to learn more about how to define one. + +To disable the `code_quality` job, add `CODE_QUALITY_DISABLED` as a custom CI/CD variable. +This can be done: + +- For [the whole project](../variables/index.md#custom-cicd-variables). +- For a single pipeline run: + + 1. Go to **CI/CD > Pipelines** + 1. Select **Run pipeline** + 1. Add `CODE_QUALITY_DISABLED` as the variable key, with any value. + +### Using with merge request pipelines + +The configuration provided by the Code Quality template does not let the `code_quality` job +run on [merge request pipelines](../pipelines/merge_request_pipelines.md). + +If merge request pipelines is enabled, the `code_quality:rules` must be redefined. + +The template has these [`rules`](../yaml/index.md#rules) for the `code quality` job: + +```yaml +code_quality: + rules: + - if: $CODE_QUALITY_DISABLED + when: never + - if: $CI_COMMIT_TAG || $CI_COMMIT_BRANCH +``` + +If you are using merge request pipelines, your `rules` (or [`workflow: rules`](../yaml/index.md#workflow)) +might look like this example: + +```yaml +job1: + rules: + - if: $CI_PIPELINE_SOURCE == "merge_request_event" # Run job1 in merge request pipelines + - if: $CI_COMMIT_BRANCH == "main" # Run job1 in pipelines on the main branch (but not in other branch pipelines) + - if: $CI_COMMIT_TAG # Run job1 in pipelines for tags +``` + +To make these work together, you need to overwrite the code quality `rules` +so that they match your current `rules`. From the example above, it could look like: + +```yaml +include: + - template: Code-Quality.gitlab-ci.yml + +code_quality: + rules: + - if: $CODE_QUALITY_DISABLED + when: never + - if: $CI_PIPELINE_SOURCE == "merge_request_event" # Run code quality job in merge request pipelines + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH # Run code quality job in pipelines on the default branch (but not in other branch pipelines) + - if: $CI_COMMIT_TAG # Run code quality job in pipelines for tags +``` + +### Configure Code Quality to use a private container image registry + +> [Introduced](https://gitlab.com/gitlab-org/ci-cd/codequality/-/merge_requests/30) in 13.7. + +To reduce network time and external dependency, you can use your own +container image registry to host the Code Quality Docker images. Because of +the nested architecture of container execution, the registry prefix must +be specifically configured to be passed down into CodeClimate's subsequent +`docker pull` commands for individual engines. + +The following two variables can address all of the required image pulls: + +- `CODE_QUALITY_IMAGE`: A fully prefixed image name that can be located anywhere + accessible from your job environment. GitLab Container Registry can be used here + to host your own copy. +- `CODECLIMATE_PREFIX`: The domain of your intended container image registry. This + is a configuration option supported by [CodeClimate CLI](https://github.com/codeclimate/codeclimate/pull/948). You must: + - Include a trailing slash (`/`). + - Not include a protocol prefix, such as `https://`. + +```yaml +include: + - template: Jobs/Code-Quality.gitlab-ci.yml + +code_quality: + variables: + CODE_QUALITY_IMAGE: "my-private-registry.local:12345/codequality:0.85.24" + CODECLIMATE_PREFIX: "my-private-registry.local:12345/" +``` + +This example is specific to GitLab Code Quality. For more general +instructions on how to configure DinD with a registry mirror, see the +relevant [documentation](../docker/using_docker_build.md#enable-registry-mirror-for-dockerdind-service). + +## Configuring jobs using variables + +The Code Quality job supports environment variables that users can set to +configure job execution at runtime. + +For a list of available environment variables, see +[Environment variables](https://gitlab.com/gitlab-org/ci-cd/codequality#environment-variables). + +## Implementing a custom tool + +It's possible to have a custom tool provide Code Quality reports in GitLab. To +do this: + +1. Define a job in your `.gitlab-ci.yml` file that generates the + [Code Quality report artifact](../yaml/artifacts_reports.md#artifactsreportscodequality). +1. Configure your tool to generate the Code Quality report artifact as a JSON + file that implements a subset of the [Code Climate spec](https://github.com/codeclimate/platform/blob/master/spec/analyzers/SPEC.md#data-types). + +The Code Quality report artifact JSON file must contain an array of objects +with the following properties: + +| Name | Description | +| ---------------------- | ----------------------------------------------------------------------------------------- | +| `description` | A description of the code quality violation. | +| `fingerprint` | A unique fingerprint to identify the code quality violation. For example, an MD5 hash. | +| `severity` | A severity string (can be `info`, `minor`, `major`, `critical`, or `blocker`). | +| `location.path` | The relative path to the file containing the code quality violation. | +| `location.lines.begin` or `location.positions.begin.line` | The line on which the code quality violation occurred. | + +Example: + +```json +[ + { + "description": "'unused' is assigned a value but never used.", + "fingerprint": "7815696ecbf1c96e6894b779456d330e", + "severity": "minor", + "location": { + "path": "lib/index.js", + "lines": { + "begin": 42 + } + } + } +] +``` + +NOTE: +Although the Code Climate spec supports more properties, those are ignored by +GitLab. +The GitLab parser does not allow a [byte order mark](https://en.wikipedia.org/wiki/Byte_order_mark) +at the beginning of the file. + +## Code Quality reports **(PREMIUM)** + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/21527) in GitLab 12.9. + +![Code Quality Report](img/code_quality_report_13_11.png) + +After the Code Quality job completes: + +- Potential changes to code quality are shown directly in the merge request. + The Code Quality widget in the merge request compares the reports from the base and head of the branch, + then lists any violations that are resolved or created when the branch is merged. +- The full JSON report is available as a + [downloadable artifact](../pipelines/job_artifacts.md#download-job-artifacts) + for the `code_quality` job. +- The full list of code quality violations generated by a pipeline is shown in the + Code Quality tab of the Pipeline Details page. + +## Generate an HTML report + +In [GitLab 13.6 and later](https://gitlab.com/gitlab-org/ci-cd/codequality/-/issues/10), +it is possible to generate an HTML report file by setting the `REPORT_FORMAT` +CI/CD variable to `html`. This is useful if you just want to view the report in a more +human-readable format or to publish this artifact on GitLab Pages for even +easier reviewing. + +To generate both JSON and HTML report files, add another job to your template by using `extends: code_quality`: + +```yaml +include: + - template: Code-Quality.gitlab-ci.yml + +code_quality_html: + extends: code_quality + variables: + REPORT_FORMAT: html + artifacts: + paths: [gl-code-quality-report.html] +``` + +NOTE: +Adding a job means your code is scanned twice: once to generate a JSON report and once to generate an HTML report. + +You can also generate _only_ an HTML report instead of the standard JSON report. To do so, set `REPORT_FORMAT` to `html` in the existing job: + +```yaml +include: + - template: Code-Quality.gitlab-ci.yml + +code_quality: + variables: + REPORT_FORMAT: html + artifacts: + paths: [gl-code-quality-report.html] +``` + +WARNING: +If you only generate an HTML report, you can't see your results in the [merge request widget](#code-quality-widget), [pipeline report](#code-quality-reports), or [diff view](#code-quality-in-diff-view). +These features require a JSON report. + +## Extending functionality + +### Using Analysis Plugins + +Should there be a need to extend the default functionality provided by Code Quality, as stated in [Code Quality](#code-quality), [Analysis Plugins](https://docs.codeclimate.com/docs/list-of-engines) are available. + +For example, to use the [SonarJava analyzer](https://docs.codeclimate.com/docs/sonar-java), +add a file named `.codeclimate.yml` containing the [enablement code](https://docs.codeclimate.com/docs/sonar-java#enable-the-plugin) +for the plugin to the root of your repository: + +```yaml +version: "2" +plugins: + sonar-java: + enabled: true +``` + +This adds SonarJava to the `plugins:` section of the [default `.codeclimate.yml`](https://gitlab.com/gitlab-org/ci-cd/codequality/-/blob/master/codeclimate_defaults/.codeclimate.yml.template) +included in your project. + +Changes to the `plugins:` section do not affect the `exclude_patterns` section of the +default `.codeclimate.yml`. See the Code Climate documentation for +[excluding files and folders](https://docs.codeclimate.com/docs/excluding-files-and-folders) +for more details. + +Here's [an example project](https://gitlab.com/jheimbuck_gl/jh_java_example_project) that uses Code Quality with a `.codeclimate.yml` file. + +## Use a Code Quality image hosted in a registry with untrusted certificates + +If you set the `CODE_QUALITY_IMAGE` to an image that is hosted in a +Docker registry which uses a TLS certificate that is not trusted, such as +a self-signed certificate, you can see errors like the one below: + +```shell +$ docker pull --quiet "$CODE_QUALITY_IMAGE" +Error response from daemon: Get https://gitlab.example.com/v2/: x509: certificate signed by unknown authority +``` + +To fix this, configure the Docker daemon to [trust certificates](https://docs.docker.com/registry/insecure/#use-self-signed-certificates) +by putting the certificate inside of the `/etc/docker/certs.d` +directory. + +This Docker daemon is exposed to the subsequent Code Quality Docker container in the +[GitLab Code Quality template](https://gitlab.com/gitlab-org/gitlab/-/blob/v13.8.3-ee/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml#L41) +and should be to exposed any other containers in which you want to have +your certificate configuration apply. + +### Docker + +If you have access to GitLab Runner configuration, add the directory as a +[volume mount](https://docs.gitlab.com/runner/configuration/advanced-configuration.html#volumes-in-the-runnersdocker-section). For example: + +```toml +[[runners]] + ... + executor = "docker" + [runners.docker] + ... + privileged = true + volumes = ["/cache", "/etc/gitlab-runner/certs/gitlab.example.com.crt:/etc/docker/certs.d/gitlab.example.com/ca.crt:ro"] +``` + +Replace `gitlab.example.com` with the actual domain of the registry. + +### Kubernetes + +If you have access to GitLab Runner configuration and the Kubernetes cluster, +you can [mount a ConfigMap](https://docs.gitlab.com/runner/executors/kubernetes.html#configmap-volumes): + +1. Create a ConfigMap with the certificate: + + ```shell + kubectl create configmap registry-crt --namespace gitlab-runner --from-file /etc/gitlab-runner/certs/gitlab.example.com.crt + ``` + +1. Update GitLab Runner `config.toml` to specify the ConfigMap: + + ```toml + [[runners]] + ... + executor = "kubernetes" + [runners.kubernetes] + image = "alpine:3.12" + privileged = true + [[runners.kubernetes.volumes.config_map]] + name = "registry-crt" + mount_path = "/etc/docker/certs.d/gitlab.example.com/ca.crt" + sub_path = "gitlab.example.com.crt" + ``` + +Replace `gitlab.example.com` with the actual domain of the registry. + +## Troubleshooting + +### Changing the default configuration has no effect + +A common issue is that the terms `Code Quality` (GitLab specific) and `Code Climate` +(Engine used by GitLab) are very similar. You must add a **`.codeclimate.yml`** file +to change the default configuration, **not** a `.codequality.yml` file. If you use +the wrong filename, the [default `.codeclimate.yml`](https://gitlab.com/gitlab-org/ci-cd/codequality/-/blob/master/codeclimate_defaults/.codeclimate.yml.template) +is still used. + +### No Code Quality report is displayed in a merge request + +This can be due to multiple reasons: + +- You just added the Code Quality job in your `.gitlab-ci.yml`. The report does not + have anything to compare to yet, so no information can be displayed. It only displays + after future merge requests have something to compare to. +- Your pipeline is not set to run the code quality job on your target branch. If there is no report generated from the target branch, your MR branch reports have nothing to compare to. In this situation you will see an error stating `Base pipeline codequality artifact not found`. +- If no [degradation or error is detected](https://docs.codeclimate.com/docs/maintainability#section-checks), + nothing is displayed. +- The [`artifacts:expire_in`](../yaml/index.md#artifactsexpire_in) CI/CD + setting can cause the Code Quality artifacts to expire faster than desired. +- The widgets use the pipeline of the latest commit to the target branch. If commits are made to the default branch that do not run the code quality job, this may cause the merge request widget to have no base report for comparison. +- If you use the [`REPORT_STDOUT` environment variable](https://gitlab.com/gitlab-org/ci-cd/codequality#environment-variables), no report file is generated and nothing displays in the merge request. +- Large `gl-code-quality-report.json` files (esp. >10 MB) are [known to prevent the report from being displayed](https://gitlab.com/gitlab-org/gitlab/-/issues/2737). + As a work-around, try removing [properties](https://github.com/codeclimate/platform/blob/master/spec/analyzers/SPEC.md#data-types) + that are [ignored by GitLab](#implementing-a-custom-tool). You can: + - Configure the Code Quality tool to not output those types. + - Use `sed`, `awk` or similar commands in the `.gitlab-ci.yml` script to + edit the `gl-code-quality-report.json` before the job completes. + +### Only a single Code Quality report is displayed, but more are defined + +GitLab only uses the Code Quality artifact from the latest created job (with the largest job ID). +If multiple jobs in a pipeline generate a code quality artifact, those of earlier jobs are ignored. +To avoid confusion, configure only one job to generate a `gl-code-quality-report.json`. + +### RuboCop errors + +When using Code Quality jobs on a Ruby project, you can encounter problems running RuboCop. +For example, the following error can appear when using either a very recent or very old version +of Ruby: + +```plaintext +/usr/local/bundle/gems/rubocop-0.52.1/lib/rubocop/config.rb:510:in `check_target_ruby': +Unknown Ruby version 2.7 found in `.ruby-version`. (RuboCop::ValidationError) +Supported versions: 2.1, 2.2, 2.3, 2.4, 2.5 +``` + +This is caused by the default version of RuboCop used by the check engine not covering +support for the Ruby version in use. + +To use a custom version of RuboCop that +[supports the version of Ruby used by the project](https://docs.rubocop.org/rubocop/compatibility.html#support-matrix), +you can [override the configuration through a `.codeclimate.yml` file](https://docs.codeclimate.com/docs/rubocop#using-rubocops-newer-versions) +created in the project repository. + +For example, to specify using RuboCop release **0.67**: + +```yaml +version: "2" +plugins: + rubocop: + enabled: true + channel: rubocop-0-67 +``` + +### No Code Quality appears on merge requests when using custom tool + +If your merge requests do not show any code quality changes when using a custom tool, +ensure that the line property is an `integer`. + +### Code Quality CI job with Code Climate plugins enabled fails with error + +If you enabled any of the Code Climate plugins, and the Code Quality CI job fails with the error +below, it's likely the job takes longer than the default timeout of 900 seconds: + +```shell +error: (CC::CLI::Analyze::EngineFailure) engine pmd ran for 900 seconds and was killed +Could not analyze code quality for the repository at /code +``` + +To work around this problem, set `TIMEOUT_SECONDS` to a higher value in your `.gitlab.-ci.yml` file. + +For example: + +```yaml +variables: + TIMEOUT_SECONDS: 3600 +``` diff --git a/doc/user/project/merge_requests/img/accessibility_mr_widget_v13_0.png b/doc/ci/testing/img/accessibility_mr_widget_v13_0.png similarity index 100% rename from doc/user/project/merge_requests/img/accessibility_mr_widget_v13_0.png rename to doc/ci/testing/img/accessibility_mr_widget_v13_0.png diff --git a/doc/user/project/merge_requests/img/browser_performance_testing.png b/doc/ci/testing/img/browser_performance_testing.png similarity index 100% rename from doc/user/project/merge_requests/img/browser_performance_testing.png rename to doc/ci/testing/img/browser_performance_testing.png diff --git a/doc/user/project/merge_requests/img/code_quality_host_bound_sequential.png b/doc/ci/testing/img/code_quality_host_bound_sequential.png similarity index 100% rename from doc/user/project/merge_requests/img/code_quality_host_bound_sequential.png rename to doc/ci/testing/img/code_quality_host_bound_sequential.png diff --git a/doc/user/project/merge_requests/img/code_quality_mr_diff_report_v14_2.png b/doc/ci/testing/img/code_quality_mr_diff_report_v14_2.png similarity index 100% rename from doc/user/project/merge_requests/img/code_quality_mr_diff_report_v14_2.png rename to doc/ci/testing/img/code_quality_mr_diff_report_v14_2.png diff --git a/doc/user/project/merge_requests/img/code_quality_report_13_11.png b/doc/ci/testing/img/code_quality_report_13_11.png similarity index 100% rename from doc/user/project/merge_requests/img/code_quality_report_13_11.png rename to doc/ci/testing/img/code_quality_report_13_11.png diff --git a/doc/user/project/merge_requests/img/code_quality_widget_13_11.png b/doc/ci/testing/img/code_quality_widget_13_11.png similarity index 100% rename from doc/user/project/merge_requests/img/code_quality_widget_13_11.png rename to doc/ci/testing/img/code_quality_widget_13_11.png diff --git a/doc/ci/testing/index.md b/doc/ci/testing/index.md index 52af329873f..807de0b51e6 100644 --- a/doc/ci/testing/index.md +++ b/doc/ci/testing/index.md @@ -11,10 +11,10 @@ display reports or link to important information directly from [merge requests]( | Feature | Description | |-------------------------------------------------------------------------------------------------|-------------| -| [Accessibility Testing](../../user/project/merge_requests/accessibility_testing.md) | Automatically report A11y violations for changed pages in merge requests. | -| [Browser Performance Testing](../../user/project/merge_requests/browser_performance_testing.md) | Quickly determine the browser performance impact of pending code changes. | +| [Accessibility Testing](accessibility_testing.md) | Automatically report A11y violations for changed pages in merge requests. | +| [Browser Performance Testing](browser_performance_testing.md) | Quickly determine the browser performance impact of pending code changes. | | [Load Performance Testing](../../user/project/merge_requests/load_performance_testing.md) | Quickly determine the server performance impact of pending code changes. | -| [Code Quality](../../user/project/merge_requests/code_quality.md) | Analyze your source code quality using the [Code Climate](https://codeclimate.com/) analyzer and show the Code Climate report right in the merge request widget area. | +| [Code Quality](code_quality.md) | Analyze your source code quality using the [Code Climate](https://codeclimate.com/) analyzer and show the Code Climate report right in the merge request widget area. | | [Display arbitrary job artifacts](../yaml/index.md#artifactsexpose_as) | Configure CI pipelines with the `artifacts:expose_as` parameter to directly link to selected [artifacts](../pipelines/job_artifacts.md) in merge requests. | | [Unit test reports](unit_test_reports.md) | Configure your CI jobs to use Unit test reports, and let GitLab display a report on the merge request so that it's easier and faster to identify the failure without having to check the entire job log. | | [License Compliance](../../user/compliance/license_compliance/index.md) | Manage the licenses of your dependencies. | diff --git a/doc/ci/yaml/artifacts_reports.md b/doc/ci/yaml/artifacts_reports.md index e4324ab06e1..98820c374e0 100644 --- a/doc/ci/yaml/artifacts_reports.md +++ b/doc/ci/yaml/artifacts_reports.md @@ -36,9 +36,9 @@ The `accessibility` report uses [pa11y](https://pa11y.org/) to report on the acc of changes introduced in merge requests. GitLab can display the results of one or more reports in the merge request -[accessibility widget](../../user/project/merge_requests/accessibility_testing.md#accessibility-merge-request-widget). +[accessibility widget](../testing/accessibility_testing.md#accessibility-merge-request-widget). -For more information, see [Accessibility testing](../../user/project/merge_requests/accessibility_testing.md). +For more information, see [Accessibility testing](../testing/accessibility_testing.md). ## `artifacts:reports:api_fuzzing` **(ULTIMATE)** @@ -59,11 +59,11 @@ GitLab can display the results of one or more reports in: > [Name changed](https://gitlab.com/gitlab-org/gitlab/-/issues/225914) from `artifacts:reports:performance` in GitLab 14.0. -The `browser_performance` report collects [Browser Performance Testing metrics](../../user/project/merge_requests/browser_performance_testing.md) +The `browser_performance` report collects [Browser Performance Testing metrics](../testing/browser_performance_testing.md) as artifacts. GitLab can display the results of one report in the merge request -[browser performance testing widget](../../user/project/merge_requests/browser_performance_testing.md#how-browser-performance-testing-works). +[browser performance testing widget](../testing/browser_performance_testing.md#how-browser-performance-testing-works). GitLab cannot display the combined results of multiple `browser_performance` reports. @@ -122,14 +122,14 @@ GitLab can display the results of coverage report in the merge request > [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/212499) to GitLab Free in 13.2. -The `codequality` report collects [code quality issues](../../user/project/merge_requests/code_quality.md). The +The `codequality` report collects [code quality issues](../testing/code_quality.md). The collected code quality report uploads to GitLab as an artifact. GitLab can display the results of: -- One or more reports in the merge request [code quality widget](../../user/project/merge_requests/code_quality.md#code-quality-widget). +- One or more reports in the merge request [code quality widget](../testing/code_quality.md#code-quality-widget). - Only one report in: - - The merge request [diff annotations](../../user/project/merge_requests/code_quality.md#code-quality-in-diff-view). + - The merge request [diff annotations](../testing/code_quality.md#code-quality-in-diff-view). Track progress on adding support for multiple reports in [this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/328257). - The [full report](../metrics_reports.md). Track progress on adding support for multiple reports in [this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/9014). diff --git a/doc/development/performance.md b/doc/development/performance.md index 6d0b833a2da..01ce0a12b4a 100644 --- a/doc/development/performance.md +++ b/doc/development/performance.md @@ -26,7 +26,7 @@ consistent performance of GitLab. Refer to the [Index](#performance-documentatio - Frontend: - [Performance guidelines](../development/fe_guide/performance.md) - [Performance dashboards and monitoring guidelines](../development/new_fe_guide/development/performance.md) - - [Browser performance testing guidelines](../user/project/merge_requests/browser_performance_testing.md) + - [Browser performance testing guidelines](../ci/testing/browser_performance_testing.md) - [`gdk measure` and `gdk measure-workflow`](https://gitlab.com/gitlab-org/gitlab-development-kit/-/blob/main/doc/gdk_commands.md#measure-performance) - QA: - [Load performance testing](../user/project/merge_requests/load_performance_testing.md) diff --git a/doc/development/testing_guide/review_apps.md b/doc/development/testing_guide/review_apps.md index f1083c23406..532bb9fcdef 100644 --- a/doc/development/testing_guide/review_apps.md +++ b/doc/development/testing_guide/review_apps.md @@ -45,7 +45,7 @@ Maintainers can elect to use the [process for merging during broken `master`](ht On every [pipeline](https://gitlab.com/gitlab-org/gitlab/pipelines/125315730) in the `qa` stage, the `review-performance` job is automatically started: this job does basic browser performance testing using a -[Sitespeed.io Container](../../user/project/merge_requests/browser_performance_testing.md). +[Sitespeed.io Container](../../ci/testing/browser_performance_testing.md). ## Sample Data for Review Apps diff --git a/doc/subscriptions/bronze_starter.md b/doc/subscriptions/bronze_starter.md index 6d88b61dd05..f936e230a3d 100644 --- a/doc/subscriptions/bronze_starter.md +++ b/doc/subscriptions/bronze_starter.md @@ -63,7 +63,7 @@ the tiers are no longer mentioned in GitLab documentation: - [`audit_json.log`](../administration/logs.md#audit_jsonlog) (specific entries) - [`elasticsearch.log`](../administration/logs.md#elasticsearchlog) - Merge requests: - - [Full code quality reports in the code quality tab](../user/project/merge_requests/code_quality.md#code-quality-reports) + - [Full code quality reports in the code quality tab](../ci/testing/code_quality.md#code-quality-reports) - [Merge request approvals](../user/project/merge_requests/approvals/index.md) - [Multiple assignees](../user/project/merge_requests/index.md#assign-multiple-users) - [Approval Rule information for Reviewers](../user/project/merge_requests/reviews/index.md#approval-rule-information-for-reviewers) diff --git a/doc/topics/autodevops/stages.md b/doc/topics/autodevops/stages.md index a677787b980..64b3a021f3f 100644 --- a/doc/topics/autodevops/stages.md +++ b/doc/topics/autodevops/stages.md @@ -178,7 +178,7 @@ Auto Code Quality uses the static analysis and other code checks on the current code. After creating the report, it's uploaded as an artifact which you can later download and check out. The merge request widget also displays any -[differences between the source and target branches](../../user/project/merge_requests/code_quality.md). +[differences between the source and target branches](../../ci/testing/code_quality.md). ## Auto SAST @@ -336,7 +336,7 @@ You can disable DAST: > Introduced in GitLab 10.4. -Auto [Browser Performance Testing](../../user/project/merge_requests/browser_performance_testing.md) +Auto [Browser Performance Testing](../../ci/testing/browser_performance_testing.md) measures the browser performance of a web page with the [Sitespeed.io container](https://hub.docker.com/r/sitespeedio/sitespeed.io/), creates a JSON report including the overall performance score for each page, and @@ -351,7 +351,7 @@ file named `.gitlab-urls.txt` in the root directory, one file per line. For exam ``` Any browser performance differences between the source and target branches are also -[shown in the merge request widget](../../user/project/merge_requests/browser_performance_testing.md). +[shown in the merge request widget](../../ci/testing/browser_performance_testing.md). ## Auto Load Performance Testing **(PREMIUM)** diff --git a/doc/user/project/merge_requests/accessibility_testing.md b/doc/user/project/merge_requests/accessibility_testing.md index b8907532066..c1a87f7a5d4 100644 --- a/doc/user/project/merge_requests/accessibility_testing.md +++ b/doc/user/project/merge_requests/accessibility_testing.md @@ -1,76 +1,11 @@ --- -stage: Verify -group: Pipeline Insights -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments +redirect_to: '../../../ci/testing/accessibility_testing.md' +remove_date: '2022-08-31' --- -# Accessibility testing **(FREE)** +This document was moved to [another location](../../../ci/testing/accessibility_testing.md). -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/25144) in GitLab 12.8. - -If your application offers a web interface, you can use -[GitLab CI/CD](../../../ci/index.md) to determine the accessibility -impact of pending code changes. - -[Pa11y](https://pa11y.org/) is a free and open source tool for -measuring the accessibility of web sites. GitLab integrates Pa11y into a -[CI job template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Verify/Accessibility.gitlab-ci.yml). -The `a11y` job analyzes a defined set of web pages and reports -accessibility violations, warnings, and notices in a file named -`accessibility`. - -As of [GitLab 14.5](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/73309), Pa11y uses -[WCAG 2.1 rules](https://www.w3.org/TR/WCAG21/#new-features-in-wcag-2-1). - -## Accessibility merge request widget - -> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/39425) in GitLab 13.0 behind the disabled [feature flag](../../../administration/feature_flags.md) `:accessibility_report_view`. -> - [Feature Flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/217372) in GitLab 13.1. - -GitLab displays an **Accessibility Report** in the merge request widget area: - -![Accessibility merge request widget](img/accessibility_mr_widget_v13_0.png) - -## Configure accessibility testing - -You can run Pa11y with GitLab CI/CD using the -[GitLab Accessibility Docker image](https://gitlab.com/gitlab-org/ci-cd/accessibility). - -To define the `a11y` job for GitLab 12.9 and later: - -1. [Include](../../../ci/yaml/index.md#includetemplate) the - [`Accessibility.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Verify/Accessibility.gitlab-ci.yml) - from your GitLab installation. -1. Add the following configuration to your `.gitlab-ci.yml` file. - - ```yaml - stages: - - accessibility - - variables: - a11y_urls: "https://about.gitlab.com https://gitlab.com/users/sign_in" - - include: - - template: "Verify/Accessibility.gitlab-ci.yml" - ``` - -1. Customize the `a11y_urls` variable to list the URLs of the web pages to test with Pa11y. - -The `a11y` job in your CI/CD pipeline generates these files: - -- One HTML report per URL listed in the `a11y_urls` variable. -- One file containing the collected report data. In GitLab versions 12.11 and later, this - file is named `gl-accessibility.json`. In GitLab versions 12.10 and earlier, this file - is named [`accessibility.json`](https://gitlab.com/gitlab-org/ci-cd/accessibility/-/merge_requests/9). - -You can [view job artifacts in your browser](../../../ci/pipelines/job_artifacts.md#download-job-artifacts). - -NOTE: -For GitLab versions earlier than 12.9, use `include:remote` and -link to the [current template in the default branch](https://gitlab.com/gitlab-org/gitlab/-/raw/master/lib/gitlab/ci/templates/Verify/Accessibility.gitlab-ci.yml) - -NOTE: -The job definition provided by the template does not support Kubernetes. - -You cannot pass configurations into Pa11y via CI configuration. -To change the configuration, edit a copy of the template in your CI file. + + + + diff --git a/doc/user/project/merge_requests/browser_performance_testing.md b/doc/user/project/merge_requests/browser_performance_testing.md index 9c7d9e2bf19..95f749210c4 100644 --- a/doc/user/project/merge_requests/browser_performance_testing.md +++ b/doc/user/project/merge_requests/browser_performance_testing.md @@ -1,242 +1,11 @@ --- -stage: Verify -group: Pipeline Insights -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments +redirect_to: '../../../ci/testing/browser_performance_testing.md' +remove_date: '2022-08-31' --- -# Browser Performance Testing **(PREMIUM)** +This document was moved to [another location](../../../ci/testing/browser_performance_testing.md). -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/3507) in GitLab 10.3. - -If your application offers a web interface and you're using -[GitLab CI/CD](../../../ci/index.md), you can quickly determine the rendering performance -impact of pending code changes in the browser. - -NOTE: -You can automate this feature in your applications by using [Auto DevOps](../../../topics/autodevops/index.md). - -## Overview - -GitLab uses [Sitespeed.io](https://www.sitespeed.io), a free and open source -tool, for measuring the rendering performance of web sites. The -[Sitespeed plugin](https://gitlab.com/gitlab-org/gl-performance) that GitLab built outputs -the performance score for each page analyzed in a file called `browser-performance.json` -this data can be shown on Merge Requests. - -## Use cases - -Consider the following workflow: - -1. A member of the marketing team is attempting to track engagement by adding a new tool. -1. With browser performance metrics, they see how their changes are impacting the usability - of the page for end users. -1. The metrics show that after their changes, the performance score of the page has gone down. -1. When looking at the detailed report, they see the new JavaScript library was - included in ``, which affects loading page speed. -1. They ask for help from a front end developer, who sets the library to load asynchronously. -1. The frontend developer approves the merge request, and authorizes its deployment to production. - -## How browser performance testing works - -First, define a job in your `.gitlab-ci.yml` file that generates the -[Browser Performance report artifact](../../../ci/yaml/artifacts_reports.md#artifactsreportsbrowser_performance). -GitLab then checks this report, compares key performance metrics for each page -between the source and target branches, and shows the information in the merge request. - -For an example Browser Performance job, see -[Configuring Browser Performance Testing](#configuring-browser-performance-testing). - -NOTE: -If the Browser Performance report has no data to compare, such as when you add the -Browser Performance job in your `.gitlab-ci.yml` for the very first time, -the Browser Performance report widget doesn't display. It must have run at least -once on the target branch (`main`, for example), before it displays in a -merge request targeting that branch. - -![Browser Performance Widget](img/browser_performance_testing.png) - -## Configuring Browser Performance Testing - -This example shows how to run the [sitespeed.io container](https://hub.docker.com/r/sitespeedio/sitespeed.io/) -on your code by using GitLab CI/CD and [sitespeed.io](https://www.sitespeed.io) -using Docker-in-Docker. - -1. First, set up GitLab Runner with a - [Docker-in-Docker build](../../../ci/docker/using_docker_build.md#use-docker-in-docker). -1. Configure the default Browser Performance Testing CI/CD job as follows in your `.gitlab-ci.yml` file: - - ```yaml - include: - template: Verify/Browser-Performance.gitlab-ci.yml - - browser_performance: - variables: - URL: https://example.com - ``` - -WARNING: -In GitLab 13.12 and earlier, the job [was named](https://gitlab.com/gitlab-org/gitlab/-/issues/225914) `performance`. - -The above example: - -- Creates a `browser_performance` job in your CI/CD pipeline and runs sitespeed.io against the webpage you - defined in `URL` to gather key metrics. -- Uses a template that doesn't work with Kubernetes clusters. If you are using a Kubernetes cluster, - use [`template: Jobs/Browser-Performance-Testing.gitlab-ci.yml`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/Browser-Performance-Testing.gitlab-ci.yml) - instead. -- Uses a CI/CD template that is included in all GitLab installations since 12.4. If you are using - GitLab 12.3 or earlier, you must [add the configuration manually](#gitlab-versions-132-and-earlier). - -The template uses the [GitLab plugin for sitespeed.io](https://gitlab.com/gitlab-org/gl-performance), -and it saves the full HTML sitespeed.io report as a [Browser Performance report artifact](../../../ci/yaml/artifacts_reports.md#artifactsreportsbrowser_performance) -that you can later download and analyze. This implementation always takes the latest -Browser Performance artifact available. If [GitLab Pages](../pages/index.md) is enabled, -you can view the report directly in your browser. - -You can also customize the jobs with CI/CD variables: - -- `SITESPEED_IMAGE`: Configure the Docker image to use for the job (default `sitespeedio/sitespeed.io`), but not the image version. -- `SITESPEED_VERSION`: Configure the version of the Docker image to use for the job (default `14.1.0`). -- `SITESPEED_OPTIONS`: Configure any additional sitespeed.io options as required (default `nil`). Refer to the [sitespeed.io documentation](https://www.sitespeed.io/documentation/sitespeed.io/configuration/) for more details. - -For example, you can override the number of runs sitespeed.io -makes on the given URL, and change the version: - -```yaml -include: - template: Verify/Browser-Performance.gitlab-ci.yml - -browser_performance: - variables: - URL: https://www.sitespeed.io/ - SITESPEED_VERSION: 13.2.0 - SITESPEED_OPTIONS: -n 5 -``` - -### Configuring degradation threshold - -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/27599) in GitLab 13.0. - -You can configure the sensitivity of degradation alerts to avoid getting alerts for minor drops in metrics. -This is done by setting the `DEGRADATION_THRESHOLD` CI/CD variable. In the example below, the alert only shows up -if the `Total Score` metric degrades by 5 points or more: - -```yaml -include: - template: Verify/Browser-Performance.gitlab-ci.yml - -browser_performance: - variables: - URL: https://example.com - DEGRADATION_THRESHOLD: 5 -``` - -The `Total Score` metric is based on sitespeed.io's [coach performance score](https://www.sitespeed.io/documentation/sitespeed.io/metrics/#performance-score). There is more information in [the coach documentation](https://www.sitespeed.io/documentation/coach/how-to/#what-do-the-coach-do). - -### Performance testing on Review Apps - -The above CI YAML configuration is great for testing against static environments, and it can -be extended for dynamic environments, but a few extra steps are required: - -1. The `browser_performance` job should run after the dynamic environment has started. -1. In the `review` job: - 1. Generate a URL list file with the dynamic URL. - 1. Save the file as an artifact, for example with `echo $CI_ENVIRONMENT_URL > environment_url.txt` - in your job's `script`. - 1. Pass the list as the URL environment variable (which can be a URL or a file containing URLs) - to the `browser_performance` job. -1. You can now run the sitespeed.io container against the desired hostname and - paths. - -Your `.gitlab-ci.yml` file would look like: - -```yaml -stages: - - deploy - - performance - -include: - template: Verify/Browser-Performance.gitlab-ci.yml - -review: - stage: deploy - environment: - name: review/$CI_COMMIT_REF_SLUG - url: http://$CI_COMMIT_REF_SLUG.$APPS_DOMAIN - script: - - run_deploy_script - - echo $CI_ENVIRONMENT_URL > environment_url.txt - artifacts: - paths: - - environment_url.txt - only: - - branches - except: - - master - -browser_performance: - dependencies: - - review - variables: - URL: environment_url.txt -``` - -### GitLab versions 13.2 and earlier - -Browser Performance Testing has gone through several changes since its introduction. -In this section we detail these changes and how you can run the test based on your -GitLab version: - -- In 13.2 the feature was renamed from `Performance` to `Browser Performance` with additional - template CI/CD variables. -- In GitLab 12.4 [a job template was made available](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Verify/Browser-Performance.gitlab-ci.yml). -- For 11.5 to 12.3 no template is available and the job has to be defined manually as follows: - - ```yaml - performance: - stage: performance - image: docker:git - variables: - URL: https://example.com - SITESPEED_VERSION: 14.1.0 - SITESPEED_OPTIONS: '' - services: - - docker:stable-dind - script: - - mkdir gitlab-exporter - - wget -O ./gitlab-exporter/index.js https://gitlab.com/gitlab-org/gl-performance/raw/1.1.0/index.js - - mkdir sitespeed-results - - docker run --shm-size=1g --rm -v "$(pwd)":/sitespeed.io sitespeedio/sitespeed.io:$SITESPEED_VERSION --plugins.add ./gitlab-exporter --outputFolder sitespeed-results $URL $SITESPEED_OPTIONS - - mv sitespeed-results/data/performance.json performance.json - artifacts: - paths: - - performance.json - - sitespeed-results/ - reports: - performance: performance.json - ``` - -- For 11.4 and earlier the job should be defined as follows: - - ```yaml - performance: - stage: performance - image: docker:git - variables: - URL: https://example.com - services: - - docker:stable-dind - script: - - mkdir gitlab-exporter - - wget -O ./gitlab-exporter/index.js https://gitlab.com/gitlab-org/gl-performance/raw/1.1.0/index.js - - mkdir sitespeed-results - - docker run --shm-size=1g --rm -v "$(pwd)":/sitespeed.io sitespeedio/sitespeed.io:6.3.1 --plugins.add ./gitlab-exporter --outputFolder sitespeed-results $URL - - mv sitespeed-results/data/performance.json performance.json - artifacts: - paths: - - performance.json - - sitespeed-results/ - ``` - -Upgrading to the latest version and using the templates is recommended, to ensure -you receive the latest updates, including updates to the sitespeed.io versions. + + + + diff --git a/doc/user/project/merge_requests/code_quality.md b/doc/user/project/merge_requests/code_quality.md index 623af914692..79e590cb905 100644 --- a/doc/user/project/merge_requests/code_quality.md +++ b/doc/user/project/merge_requests/code_quality.md @@ -1,634 +1,11 @@ --- -stage: Secure -group: Static Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments +redirect_to: '../../../ci/testing/code_quality.md' +remove_date: '2022-08-31' --- -# Code Quality **(FREE)** +This document was moved to [another location](../../../ci/testing/code_quality.md). -> [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/212499) to GitLab Free in 13.2. - -To ensure your project's code stays simple, readable, and easy to contribute to, -you can use [GitLab CI/CD](../../../ci/index.md) to analyze your source code quality. - -For example, while you're implementing a feature, you can run Code Quality reports -to analyze how your improvements are impacting your code's quality. You can -use this information to ensure that your changes are improving performance rather -than degrading it. - -Code Quality: - -- Uses [plugins](https://docs.codeclimate.com/docs/list-of-engines) supported by Code Climate, which are - free and open source. Code Quality does not require a Code Climate - subscription. -- Runs in [pipelines](../../../ci/pipelines/index.md) by using a Docker image built in the - [GitLab Code Quality](https://gitlab.com/gitlab-org/ci-cd/codequality) project. -- Uses [default Code Climate configurations](https://gitlab.com/gitlab-org/ci-cd/codequality/-/tree/master/codeclimate_defaults). -- Can make use of a [template](#example-configuration). -- Is available by using [Auto Code Quality](../../../topics/autodevops/stages.md#auto-code-quality), provided by [Auto DevOps](../../../topics/autodevops/index.md). -- Can be extended through [Analysis Plugins](https://docs.codeclimate.com/docs/list-of-engines) or a [custom tool](#implementing-a-custom-tool). - -## Summary of features per tier - -Different features are available in different [GitLab tiers](https://about.gitlab.com/pricing/), -as shown in the following table: - -| Capability | In Free | In Premium | In Ultimate | -|:----------------------------------------------------------------------|:--------------------|:--------------------|:-------------------| -| [Configure scanners](#configuring-jobs-using-variables) | **{check-circle}** | **{check-circle}** | **{check-circle}** | -| [Integrate custom scanners](#implementing-a-custom-tool) | **{check-circle}** | **{check-circle}** | **{check-circle}** | -| [Generate JSON or HTML report artifacts](#generate-an-html-report) | **{check-circle}** | **{check-circle}** | **{check-circle}** | -| [See findings in merge request widget](#code-quality-widget) | **{check-circle}** | **{check-circle}** | **{check-circle}** | -| [See reports in CI pipelines](#code-quality-reports) | **{dotted-circle}** | **{check-circle}** | **{check-circle}** | -| [See findings in merge request diff view](#code-quality-in-diff-view) | **{dotted-circle}** | **{dotted-circle}** | **{check-circle}** | - -## Code Quality Widget - -> [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/212499) to GitLab Free in 13.2. - -Going a step further, GitLab can show the Code Quality report right -in the merge request widget area if a report from the target branch is available to compare to: - -![Code Quality Widget](img/code_quality_widget_13_11.png) - -Watch a quick walkthrough of Code Quality in action: - -
- See the video: Code Quality: Speed Run. -
-
- -
- -NOTE: -For one customer, the auditor found that having Code Quality, SAST, and Container Scanning all automated in GitLab CI/CD was almost better than a manual review! [Read more](https://about.gitlab.com/customers/bi_worldwide/). - -See also the Code Climate list of [Supported Languages for Maintainability](https://docs.codeclimate.com/docs/supported-languages-for-maintainability). - -## Code Quality in diff view **(ULTIMATE)** - -> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/267612) in GitLab 13.11, disabled by default behind the `codequality_mr_diff` [feature flag](../../../administration/feature_flags.md). -> - [Enabled by default](https://gitlab.com/gitlab-org/gitlab/-/issues/284140) in GitLab 13.12. -> - [Disabled by default](https://gitlab.com/gitlab-org/gitlab/-/issues/2526) in GitLab 14.0 due to [this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/334116). -> - [Inline annotation added](https://gitlab.com/gitlab-org/gitlab/-/issues/2526) and [feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/284140) in GitLab 14.1. - -Changes to files in merge requests can cause Code Quality to fall if merged. In these cases, -the merge request's diff view displays an indicator next to lines with new Code Quality violations. For example: - -![Code Quality MR diff report](img/code_quality_mr_diff_report_v14_2.png) - -## Example configuration - -This example shows how to run Code Quality on your code by using GitLab CI/CD and Docker. - -- Using shared runners, the job should be configured For the [Docker-in-Docker workflow](../../../ci/docker/using_docker_build.md#use-docker-in-docker). -- Using private runners, there is an [alternative configuration](#set-up-a-private-runner-for-code-quality-without-docker-in-docker) recommended for running Code Quality analysis more efficiently. - -In either configuration, the runner must have enough disk space to handle generated Code Quality files. For example on the [GitLab project](https://gitlab.com/gitlab-org/gitlab) the files are approximately 7 GB. - -Once you set up GitLab Runner, include the [Code Quality template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml) in your CI configuration: - -```yaml -include: - - template: Code-Quality.gitlab-ci.yml -``` - -The above example creates a `code_quality` job in your CI/CD pipeline which -scans your source code for code quality issues. The report is saved as a -[Code Quality report artifact](../../../ci/yaml/artifacts_reports.md#artifactsreportscodequality) -that you can later download and analyze. - -It's also possible to override the URL to the Code Quality image by -setting the `CODE_QUALITY_IMAGE` CI/CD variable. This is particularly useful if you want -to lock in a specific version of Code Quality, or use a fork of it: - -```yaml -include: - - template: Code-Quality.gitlab-ci.yml - -code_quality: - variables: - CODE_QUALITY_IMAGE: "registry.example.com/codequality-fork:latest" -``` - -In [GitLab 13.4 and later](https://gitlab.com/gitlab-org/gitlab/-/issues/11100), you can override the [Code Quality environment variables](https://gitlab.com/gitlab-org/ci-cd/codequality#environment-variables): - -```yaml -variables: - TIMEOUT_SECONDS: 1 - -include: - - template: Code-Quality.gitlab-ci.yml -``` - -By default, report artifacts are not downloadable. If you need them downloadable on the -job details page, you can add `gl-code-quality-report.json` to the artifact paths like so: - -```yaml -include: - - template: Code-Quality.gitlab-ci.yml - -code_quality: - artifacts: - paths: [gl-code-quality-report.json] -``` - -The included `code_quality` job is running in the `test` stage, so it needs to be included in your CI configuration, like so: - -```yaml -stages: - - test -``` - -NOTE: -This information is automatically extracted and shown right in the merge request widget. - -WARNING: -On self-managed instances, if a malicious actor compromises the Code Quality job -definition they could execute privileged Docker commands on the runner -host. Having proper access control policies mitigates this attack vector by -allowing access only to trusted actors. - -### Set up a private runner for code quality without Docker-in-Docker - -It's possible to configure your own runners and avoid Docker-in-Docker. You can use a -configuration that may greatly speed up job execution without requiring your runners -to operate in privileged mode. - -This alternative configuration uses socket binding to share the Runner's Docker daemon -with the job environment. Be aware that this configuration [has significant considerations](../../../ci/docker/using_docker_build.md#use-docker-socket-binding) -to be consider, but may be preferable depending on your use case. - -1. Register a new runner: - - ```shell - $ gitlab-runner register --executor "docker" \ - --docker-image="docker:stable" \ - --url "https://gitlab.com/" \ - --description "cq-sans-dind" \ - --tag-list "cq-sans-dind" \ - --locked="false" \ - --access-level="not_protected" \ - --docker-volumes "/cache"\ - --docker-volumes "/builds:/builds"\ - --docker-volumes "/var/run/docker.sock:/var/run/docker.sock" \ - --registration-token="" \ - --non-interactive - ``` - -1. **Optional, but recommended:** Set the builds directory to `/tmp/builds`, - so job artifacts are periodically purged from the runner host. If you skip - this step, you must clean up the default builds directory (`/builds`) yourself. - You can do this by adding the following two flags to `gitlab-runner register` - in the previous step. - - ```shell - --builds-dir "/tmp/builds" - --docker-volumes "/tmp/builds:/tmp/builds" # Use this instead of --docker-volumes "/builds:/builds" - ``` - - The resulting configuration: - - ```toml - [[runners]] - name = "cq-sans-dind" - url = "https://gitlab.com/" - token = "" - executor = "docker" - builds_dir = "/tmp/builds" - [runners.docker] - tls_verify = false - image = "docker:stable" - privileged = false - disable_entrypoint_overwrite = false - oom_kill_disable = false - disable_cache = false - volumes = ["/cache", "/var/run/docker.sock:/var/run/docker.sock", "/tmp/builds:/tmp/builds"] - shm_size = 0 - [runners.cache] - [runners.cache.s3] - [runners.cache.gcs] - ``` - -1. Apply two overrides to the `code_quality` job created by the template: - - ```yaml - include: - - template: Code-Quality.gitlab-ci.yml - - code_quality: - services: # Shut off Docker-in-Docker - tags: - - cq-sans-dind # Set this job to only run on our new specialized runner - ``` - -The end result is that: - -- Privileged mode is not used. -- Docker-in-Docker is not used. -- Docker images, including all CodeClimate images, are cached, and not re-fetched for subsequent jobs. - -With this configuration, the run time for a second pipeline is much shorter. For example -this [small change](https://gitlab.com/drew/test-code-quality-template/-/merge_requests/4/diffs?commit_id=1e705607aef7236c1b20bb6f637965f3f3e53a46) -to an [open merge request](https://gitlab.com/drew/test-code-quality-template/-/merge_requests/4/pipelines) -running Code Quality analysis ran significantly faster the second time: - -![Code Quality sequential runs without DinD](img/code_quality_host_bound_sequential.png) - -This configuration is not possible on `gitlab.com` shared runners. Shared runners -are configured with `privileged=true`, and they do not expose `docker.sock` into -the job container. As a result, socket binding cannot be used to make `docker` available -in the context of the job script. - -[Docker-in-Docker](../../../ci/docker/using_docker_build.md#use-docker-in-docker) -was chosen as an operational decision by the runner team, instead of exposing `docker.sock`. - -### Disabling the code quality job - -The `code_quality` job doesn't run if the `$CODE_QUALITY_DISABLED` CI/CD variable -is present. Please refer to the CI/CD variables [documentation](../../../ci/variables/index.md) -to learn more about how to define one. - -To disable the `code_quality` job, add `CODE_QUALITY_DISABLED` as a custom CI/CD variable. -This can be done: - -- For [the whole project](../../../ci/variables/index.md#custom-cicd-variables). -- For a single pipeline run: - - 1. Go to **CI/CD > Pipelines** - 1. Select **Run pipeline** - 1. Add `CODE_QUALITY_DISABLED` as the variable key, with any value. - -### Using with merge request pipelines - -The configuration provided by the Code Quality template does not let the `code_quality` job -run on [merge request pipelines](../../../ci/pipelines/merge_request_pipelines.md). - -If merge request pipelines is enabled, the `code_quality:rules` must be redefined. - -The template has these [`rules`](../../../ci/yaml/index.md#rules) for the `code quality` job: - -```yaml -code_quality: - rules: - - if: $CODE_QUALITY_DISABLED - when: never - - if: $CI_COMMIT_TAG || $CI_COMMIT_BRANCH -``` - -If you are using merge request pipelines, your `rules` (or [`workflow: rules`](../../../ci/yaml/index.md#workflow)) -might look like this example: - -```yaml -job1: - rules: - - if: $CI_PIPELINE_SOURCE == "merge_request_event" # Run job1 in merge request pipelines - - if: $CI_COMMIT_BRANCH == "main" # Run job1 in pipelines on the main branch (but not in other branch pipelines) - - if: $CI_COMMIT_TAG # Run job1 in pipelines for tags -``` - -To make these work together, you need to overwrite the code quality `rules` -so that they match your current `rules`. From the example above, it could look like: - -```yaml -include: - - template: Code-Quality.gitlab-ci.yml - -code_quality: - rules: - - if: $CODE_QUALITY_DISABLED - when: never - - if: $CI_PIPELINE_SOURCE == "merge_request_event" # Run code quality job in merge request pipelines - - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH # Run code quality job in pipelines on the default branch (but not in other branch pipelines) - - if: $CI_COMMIT_TAG # Run code quality job in pipelines for tags -``` - -### Configure Code Quality to use a private container image registry - -> [Introduced](https://gitlab.com/gitlab-org/ci-cd/codequality/-/merge_requests/30) in 13.7. - -To reduce network time and external dependency, you can use your own -container image registry to host the Code Quality Docker images. Because of -the nested architecture of container execution, the registry prefix must -be specifically configured to be passed down into CodeClimate's subsequent -`docker pull` commands for individual engines. - -The following two variables can address all of the required image pulls: - -- `CODE_QUALITY_IMAGE`: A fully prefixed image name that can be located anywhere - accessible from your job environment. GitLab Container Registry can be used here - to host your own copy. -- `CODECLIMATE_PREFIX`: The domain of your intended container image registry. This - is a configuration option supported by [CodeClimate CLI](https://github.com/codeclimate/codeclimate/pull/948). You must: - - Include a trailing slash (`/`). - - Not include a protocol prefix, such as `https://`. - -```yaml -include: - - template: Jobs/Code-Quality.gitlab-ci.yml - -code_quality: - variables: - CODE_QUALITY_IMAGE: "my-private-registry.local:12345/codequality:0.85.24" - CODECLIMATE_PREFIX: "my-private-registry.local:12345/" -``` - -This example is specific to GitLab Code Quality. For more general -instructions on how to configure DinD with a registry mirror, see the -relevant [documentation](../../../ci/docker/using_docker_build.md#enable-registry-mirror-for-dockerdind-service). - -## Configuring jobs using variables - -The Code Quality job supports environment variables that users can set to -configure job execution at runtime. - -For a list of available environment variables, see -[Environment variables](https://gitlab.com/gitlab-org/ci-cd/codequality#environment-variables). - -## Implementing a custom tool - -It's possible to have a custom tool provide Code Quality reports in GitLab. To -do this: - -1. Define a job in your `.gitlab-ci.yml` file that generates the - [Code Quality report artifact](../../../ci/yaml/artifacts_reports.md#artifactsreportscodequality). -1. Configure your tool to generate the Code Quality report artifact as a JSON - file that implements a subset of the [Code Climate - spec](https://github.com/codeclimate/platform/blob/master/spec/analyzers/SPEC.md#data-types). - -The Code Quality report artifact JSON file must contain an array of objects -with the following properties: - -| Name | Description | -| ---------------------- | ----------------------------------------------------------------------------------------- | -| `description` | A description of the code quality violation. | -| `fingerprint` | A unique fingerprint to identify the code quality violation. For example, an MD5 hash. | -| `severity` | A severity string (can be `info`, `minor`, `major`, `critical`, or `blocker`). | -| `location.path` | The relative path to the file containing the code quality violation. | -| `location.lines.begin` or `location.positions.begin.line` | The line on which the code quality violation occurred. | - -Example: - -```json -[ - { - "description": "'unused' is assigned a value but never used.", - "fingerprint": "7815696ecbf1c96e6894b779456d330e", - "severity": "minor", - "location": { - "path": "lib/index.js", - "lines": { - "begin": 42 - } - } - } -] -``` - -NOTE: -Although the Code Climate spec supports more properties, those are ignored by -GitLab. -The GitLab parser does not allow a [byte order mark](https://en.wikipedia.org/wiki/Byte_order_mark) -at the beginning of the file. - -## Code Quality reports **(PREMIUM)** - -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/21527) in GitLab 12.9. - -![Code Quality Report](img/code_quality_report_13_11.png) - -After the Code Quality job completes: - -- Potential changes to code quality are shown directly in the merge request. - The Code Quality widget in the merge request compares the reports from the base and head of the branch, - then lists any violations that are resolved or created when the branch is merged. -- The full JSON report is available as a - [downloadable artifact](../../../ci/pipelines/job_artifacts.md#download-job-artifacts) - for the `code_quality` job. -- The full list of code quality violations generated by a pipeline is shown in the - Code Quality tab of the Pipeline Details page. - -## Generate an HTML report - -In [GitLab 13.6 and later](https://gitlab.com/gitlab-org/ci-cd/codequality/-/issues/10), -it is possible to generate an HTML report file by setting the `REPORT_FORMAT` -CI/CD variable to `html`. This is useful if you just want to view the report in a more -human-readable format or to publish this artifact on GitLab Pages for even -easier reviewing. - -To generate both JSON and HTML report files, add another job to your template by using `extends: code_quality`: - -```yaml -include: - - template: Code-Quality.gitlab-ci.yml - -code_quality_html: - extends: code_quality - variables: - REPORT_FORMAT: html - artifacts: - paths: [gl-code-quality-report.html] -``` - -NOTE: -Adding a job means your code is scanned twice: once to generate a JSON report and once to generate an HTML report. - -You can also generate _only_ an HTML report instead of the standard JSON report. To do so, set `REPORT_FORMAT` to `html` in the existing job: - -```yaml -include: - - template: Code-Quality.gitlab-ci.yml - -code_quality: - variables: - REPORT_FORMAT: html - artifacts: - paths: [gl-code-quality-report.html] -``` - -WARNING: -If you only generate an HTML report, you can't see your results in the [merge request widget](#code-quality-widget), [pipeline report](#code-quality-reports), or [diff view](#code-quality-in-diff-view). -These features require a JSON report. - -## Extending functionality - -### Using Analysis Plugins - -Should there be a need to extend the default functionality provided by Code Quality, as stated in [Code Quality](#code-quality), [Analysis Plugins](https://docs.codeclimate.com/docs/list-of-engines) are available. - -For example, to use the [SonarJava analyzer](https://docs.codeclimate.com/docs/sonar-java), -add a file named `.codeclimate.yml` containing the [enablement code](https://docs.codeclimate.com/docs/sonar-java#enable-the-plugin) -for the plugin to the root of your repository: - -```yaml -version: "2" -plugins: - sonar-java: - enabled: true -``` - -This adds SonarJava to the `plugins:` section of the [default `.codeclimate.yml`](https://gitlab.com/gitlab-org/ci-cd/codequality/-/blob/master/codeclimate_defaults/.codeclimate.yml.template) -included in your project. - -Changes to the `plugins:` section do not affect the `exclude_patterns` section of the -default `.codeclimate.yml`. See the Code Climate documentation for -[excluding files and folders](https://docs.codeclimate.com/docs/excluding-files-and-folders) -for more details. - -Here's [an example project](https://gitlab.com/jheimbuck_gl/jh_java_example_project) that uses Code Quality with a `.codeclimate.yml` file. - -## Use a Code Quality image hosted in a registry with untrusted certificates - -If you set the `CODE_QUALITY_IMAGE` to an image that is hosted in a -Docker registry which uses a TLS certificate that is not trusted, such as -a self-signed certificate, you can see errors like the one below: - -```shell -$ docker pull --quiet "$CODE_QUALITY_IMAGE" -Error response from daemon: Get https://gitlab.example.com/v2/: x509: certificate signed by unknown authority -``` - -To fix this, configure the Docker daemon to [trust certificates](https://docs.docker.com/registry/insecure/#use-self-signed-certificates) -by putting the certificate inside of the `/etc/docker/certs.d` -directory. - -This Docker daemon is exposed to the subsequent Code Quality Docker container in the -[GitLab Code Quality template](https://gitlab.com/gitlab-org/gitlab/-/blob/v13.8.3-ee/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml#L41) -and should be to exposed any other containers in which you want to have -your certificate configuration apply. - -### Docker - -If you have access to GitLab Runner configuration, add the directory as a -[volume mount](https://docs.gitlab.com/runner/configuration/advanced-configuration.html#volumes-in-the-runnersdocker-section). For example: - -```toml -[[runners]] - ... - executor = "docker" - [runners.docker] - ... - privileged = true - volumes = ["/cache", "/etc/gitlab-runner/certs/gitlab.example.com.crt:/etc/docker/certs.d/gitlab.example.com/ca.crt:ro"] -``` - -Replace `gitlab.example.com` with the actual domain of the registry. - -### Kubernetes - -If you have access to GitLab Runner configuration and the Kubernetes cluster, -you can [mount a ConfigMap](https://docs.gitlab.com/runner/executors/kubernetes.html#configmap-volumes): - -1. Create a ConfigMap with the certificate: - - ```shell - kubectl create configmap registry-crt --namespace gitlab-runner --from-file /etc/gitlab-runner/certs/gitlab.example.com.crt - ``` - -1. Update GitLab Runner `config.toml` to specify the ConfigMap: - - ```toml - [[runners]] - ... - executor = "kubernetes" - [runners.kubernetes] - image = "alpine:3.12" - privileged = true - [[runners.kubernetes.volumes.config_map]] - name = "registry-crt" - mount_path = "/etc/docker/certs.d/gitlab.example.com/ca.crt" - sub_path = "gitlab.example.com.crt" - ``` - -Replace `gitlab.example.com` with the actual domain of the registry. - -## Troubleshooting - -### Changing the default configuration has no effect - -A common issue is that the terms `Code Quality` (GitLab specific) and `Code Climate` -(Engine used by GitLab) are very similar. You must add a **`.codeclimate.yml`** file -to change the default configuration, **not** a `.codequality.yml` file. If you use -the wrong filename, the [default `.codeclimate.yml`](https://gitlab.com/gitlab-org/ci-cd/codequality/-/blob/master/codeclimate_defaults/.codeclimate.yml.template) -is still used. - -### No Code Quality report is displayed in a merge request - -This can be due to multiple reasons: - -- You just added the Code Quality job in your `.gitlab-ci.yml`. The report does not - have anything to compare to yet, so no information can be displayed. It only displays - after future merge requests have something to compare to. -- Your pipeline is not set to run the code quality job on your target branch. If there is no report generated from the target branch, your MR branch reports have nothing to compare to. In this situation you will see an error stating `Base pipeline codequality artifact not found`. -- If no [degradation or error is detected](https://docs.codeclimate.com/docs/maintainability#section-checks), - nothing is displayed. -- The [`artifacts:expire_in`](../../../ci/yaml/index.md#artifactsexpire_in) CI/CD - setting can cause the Code Quality artifacts to expire faster than desired. -- The widgets use the pipeline of the latest commit to the target branch. If commits are made to the default branch that do not run the code quality job, this may cause the merge request widget to have no base report for comparison. -- If you use the [`REPORT_STDOUT` environment variable](https://gitlab.com/gitlab-org/ci-cd/codequality#environment-variables), no report file is generated and nothing displays in the merge request. -- Large `gl-code-quality-report.json` files (esp. >10 MB) are [known to prevent the report from being displayed](https://gitlab.com/gitlab-org/gitlab/-/issues/2737). - As a work-around, try removing [properties](https://github.com/codeclimate/platform/blob/master/spec/analyzers/SPEC.md#data-types) - that are [ignored by GitLab](#implementing-a-custom-tool). You can: - - Configure the Code Quality tool to not output those types. - - Use `sed`, `awk` or similar commands in the `.gitlab-ci.yml` script to - edit the `gl-code-quality-report.json` before the job completes. - -### Only a single Code Quality report is displayed, but more are defined - -GitLab only uses the Code Quality artifact from the latest created job (with the largest job ID). -If multiple jobs in a pipeline generate a code quality artifact, those of earlier jobs are ignored. -To avoid confusion, configure only one job to generate a `gl-code-quality-report.json`. - -### RuboCop errors - -When using Code Quality jobs on a Ruby project, you can encounter problems running RuboCop. -For example, the following error can appear when using either a very recent or very old version -of Ruby: - -```plaintext -/usr/local/bundle/gems/rubocop-0.52.1/lib/rubocop/config.rb:510:in `check_target_ruby': -Unknown Ruby version 2.7 found in `.ruby-version`. (RuboCop::ValidationError) -Supported versions: 2.1, 2.2, 2.3, 2.4, 2.5 -``` - -This is caused by the default version of RuboCop used by the check engine not covering -support for the Ruby version in use. - -To use a custom version of RuboCop that -[supports the version of Ruby used by the project](https://docs.rubocop.org/rubocop/compatibility.html#support-matrix), -you can [override the configuration through a `.codeclimate.yml` file](https://docs.codeclimate.com/docs/rubocop#using-rubocops-newer-versions) -created in the project repository. - -For example, to specify using RuboCop release **0.67**: - -```yaml -version: "2" -plugins: - rubocop: - enabled: true - channel: rubocop-0-67 -``` - -### No Code Quality appears on merge requests when using custom tool - -If your merge requests do not show any code quality changes when using a custom tool, -ensure that the line property is an `integer`. - -### Code Quality CI job with Code Climate plugins enabled fails with error - -If you enabled any of the Code Climate plugins, and the Code Quality CI job fails with the error -below, it's likely the job takes longer than the default timeout of 900 seconds: - -```shell -error: (CC::CLI::Analyze::EngineFailure) engine pmd ran for 900 seconds and was killed -Could not analyze code quality for the repository at /code -``` - -To work around this problem, set `TIMEOUT_SECONDS` to a higher value in your `.gitlab.-ci.yml` file. - -For example: - -```yaml -variables: - TIMEOUT_SECONDS: 3600 -``` + + + + diff --git a/doc/user/project/merge_requests/index.md b/doc/user/project/merge_requests/index.md index 30b69c2fff5..b7cb6030e48 100644 --- a/doc/user/project/merge_requests/index.md +++ b/doc/user/project/merge_requests/index.md @@ -304,7 +304,7 @@ For a software developer working in a team: 1. You checkout a new branch, and submit your changes through a merge request. 1. You gather feedback from your team. -1. You work on the implementation optimizing code with [Code Quality reports](code_quality.md). +1. You work on the implementation optimizing code with [Code Quality reports](../../../ci/testing/code_quality.md). 1. You verify your changes with [Unit test reports](../../../ci/testing/unit_test_reports.md) in GitLab CI/CD. 1. You avoid using dependencies whose license is not compatible with your project with [License Compliance reports](../../compliance/license_compliance/index.md). 1. You request the [approval](approvals/index.md) from your manager. diff --git a/doc/user/project/merge_requests/load_performance_testing.md b/doc/user/project/merge_requests/load_performance_testing.md index a5fff4a38be..8d58cf36cdb 100644 --- a/doc/user/project/merge_requests/load_performance_testing.md +++ b/doc/user/project/merge_requests/load_performance_testing.md @@ -15,7 +15,7 @@ GitLab uses [k6](https://k6.io/), a free and open source tool, for measuring the system performance of applications under load. -Unlike [Browser Performance Testing](browser_performance_testing.md), which is +Unlike [Browser Performance Testing](../../../ci/testing/browser_performance_testing.md), which is used to measure how web sites perform in client browsers, Load Performance Testing can be used to perform various types of [load tests](https://k6.io/docs/#use-cases) against application endpoints such as APIs, Web Controllers, and so on. diff --git a/lib/api/award_emoji.rb b/lib/api/award_emoji.rb index c8485054377..fd36b364d56 100644 --- a/lib/api/award_emoji.rb +++ b/lib/api/award_emoji.rb @@ -6,8 +6,6 @@ module API helpers ::API::Helpers::AwardEmoji - before { authenticate! } - Helpers::AwardEmoji.awardables.each do |awardable_params| resource awardable_params[:resource], requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do awardable_string = awardable_params[:type].pluralize @@ -82,7 +80,7 @@ module API delete "#{endpoint}/:award_id", feature_category: awardable_params[:feature_category] do award = awardable.award_emoji.find(params[:award_id]) - unauthorized! unless award.user == current_user || current_user.admin? + unauthorized! unless award.user == current_user || current_user&.admin? destroy_conditionally!(award) end diff --git a/lib/gitlab/ci/templates/Jobs/Deploy/ECS.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Deploy/ECS.gitlab-ci.yml index 9bb2ba69d84..c2d31fd9669 100644 --- a/lib/gitlab/ci/templates/Jobs/Deploy/ECS.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Deploy/ECS.gitlab-ci.yml @@ -20,6 +20,11 @@ .review_ecs_base: stage: review extends: .deploy_to_ecs + after_script: + - echo "http://$(ecs get-task-hostname)" > environment_url.txt + artifacts: + paths: + - environment_url.txt .production_ecs_base: stage: production diff --git a/qa/qa/runtime/feature.rb b/qa/qa/runtime/feature.rb index db3a59b0549..88d08e46cbd 100644 --- a/qa/qa/runtime/feature.rb +++ b/qa/qa/runtime/feature.rb @@ -59,10 +59,8 @@ module QA feature['state'] == 'conditional' && scopes.present? && enabled_scope?(feature['gates'], **scopes) else # The feature wasn't found via the API so we check for a default value. - file = Pathname.new('../config/feature_flags') - .expand_path(Runtime::Path.qa_root) - .glob("**/#{key}.yml") - .first + pattern = "#{File.expand_path('../{ee/,}config/feature_flags', QA::Runtime::Path.qa_root)}/**/#{key}.yml" + file = Dir.glob(pattern).first raise UnknownFeatureFlagError, "No feature flag found named '#{key}'" unless file diff --git a/qa/qa/specs/features/sanity/feature_flags_spec.rb b/qa/qa/specs/features/sanity/feature_flags_spec.rb index 7e68c70ee09..a8c70604787 100644 --- a/qa/qa/specs/features/sanity/feature_flags_spec.rb +++ b/qa/qa/specs/features/sanity/feature_flags_spec.rb @@ -20,11 +20,12 @@ module QA describe 'feature flag definition files' do let(:file) do - path = Pathname.new('../config/feature_flags/development').expand_path(Runtime::Path.qa_root) + path = Pathname.new("#{root}/config/feature_flags/development").expand_path(Runtime::Path.qa_root) Tempfile.new(%w[ff-test .yml], path) end let(:flag) { Pathname.new(file.path).basename('.yml').to_s } + let(:root) { '..'} before do definition = <<~YAML @@ -39,32 +40,44 @@ module QA file.close! end - context 'with a default disabled feature flag' do - let(:flag_enabled) { 'false' } + shared_examples 'gets flag value' do + context 'with a default disabled feature flag' do + let(:flag_enabled) { 'false' } - it 'reads the flag as disabled' do - expect(QA::Runtime::Feature.enabled?(flag)).to be false + it 'reads the flag as disabled' do + expect(QA::Runtime::Feature.enabled?(flag)).to be false + end + + it 'reads as enabled after the flag is enabled' do + QA::Runtime::Feature.enable(flag) + + expect { QA::Runtime::Feature.enabled?(flag) }.to eventually_be_truthy + end end - it 'reads as enabled after the flag is enabled' do - QA::Runtime::Feature.enable(flag) + context 'with a default enabled feature flag' do + let(:flag_enabled) { 'true' } - expect { QA::Runtime::Feature.enabled?(flag) }.to eventually_be_truthy + it 'reads the flag as enabled' do + expect(QA::Runtime::Feature.enabled?(flag)).to be true + end + + it 'reads as disabled after the flag is disabled' do + QA::Runtime::Feature.disable(flag) + + expect { QA::Runtime::Feature.enabled?(flag) }.to eventually_be_falsey + end end end - context 'with a default enabled feature flag' do - let(:flag_enabled) { 'true' } + context 'with a CE feature flag' do + include_examples 'gets flag value' + end - it 'reads the flag as enabled' do - expect(QA::Runtime::Feature.enabled?(flag)).to be true - end + context 'with an EE feature flag' do + let(:root) { '../ee'} - it 'reads as disabled after the flag is disabled' do - QA::Runtime::Feature.disable(flag) - - expect { QA::Runtime::Feature.enabled?(flag) }.to eventually_be_falsey - end + include_examples 'gets flag value' end end end diff --git a/spec/controllers/import/bitbucket_controller_spec.rb b/spec/controllers/import/bitbucket_controller_spec.rb index 6d24830af27..7367970d3e4 100644 --- a/spec/controllers/import/bitbucket_controller_spec.rb +++ b/spec/controllers/import/bitbucket_controller_spec.rb @@ -45,18 +45,21 @@ RSpec.describe Import::BitbucketController do end context "when auth state param is valid" do + let(:expires_at) { Time.current + 1.day } + let(:expires_in) { 1.day } + let(:access_token) do + double(token: token, + secret: secret, + expires_at: expires_at, + expires_in: expires_in, + refresh_token: refresh_token) + end + before do session[:bitbucket_auth_state] = 'state' end it "updates access token" do - expires_at = Time.current + 1.day - expires_in = 1.day - access_token = double(token: token, - secret: secret, - expires_at: expires_at, - expires_in: expires_in, - refresh_token: refresh_token) allow_any_instance_of(OAuth2::Client) .to receive(:get_token) .with(hash_including( @@ -75,6 +78,18 @@ RSpec.describe Import::BitbucketController do expect(session[:bitbucket_expires_in]).to eq(expires_in) expect(controller).to redirect_to(status_import_bitbucket_url) end + + it "passes namespace_id query param to status if provided" do + namespace_id = 30 + + allow_any_instance_of(OAuth2::Client) + .to receive(:get_token) + .and_return(access_token) + + get :callback, params: { code: code, state: 'state', namespace_id: namespace_id } + + expect(controller).to redirect_to(status_import_bitbucket_url(namespace_id: namespace_id)) + end end end diff --git a/spec/controllers/import/github_controller_spec.rb b/spec/controllers/import/github_controller_spec.rb index 56e55c45e66..46160aac0c1 100644 --- a/spec/controllers/import/github_controller_spec.rb +++ b/spec/controllers/import/github_controller_spec.rb @@ -83,11 +83,10 @@ RSpec.describe Import::GithubController do expect(flash[:alert]).to eq('Access denied to your GitHub account.') end - it "includes namespace_id from session if it is present" do + it "includes namespace_id from query params if it is present" do namespace_id = 1 - session[:namespace_id] = 1 - get :callback, params: { state: valid_auth_state } + get :callback, params: { state: valid_auth_state, namespace_id: namespace_id } expect(controller).to redirect_to(status_import_github_url(namespace_id: namespace_id)) end diff --git a/spec/controllers/import/gitlab_controller_spec.rb b/spec/controllers/import/gitlab_controller_spec.rb index 117c934ad5d..7b3978297fb 100644 --- a/spec/controllers/import/gitlab_controller_spec.rb +++ b/spec/controllers/import/gitlab_controller_spec.rb @@ -38,21 +38,47 @@ RSpec.describe Import::GitlabController do expect(controller.send(:importable_repos)).to be_an_instance_of(Array) end + + it "passes namespace_id query param to status if provided" do + namespace_id = 30 + + allow_next_instance_of(Gitlab::GitlabImport::Client) do |instance| + allow(instance).to receive(:get_token).and_return(token) + end + + get :callback, params: { namespace_id: namespace_id } + + expect(controller).to redirect_to(status_import_gitlab_url(namespace_id: namespace_id)) + end end describe "GET status" do let(:repo_fake) { Struct.new(:id, :path, :path_with_namespace, :web_url, keyword_init: true) } let(:repo) { repo_fake.new(id: 1, path: 'vim', path_with_namespace: 'asd/vim', web_url: 'https://gitlab.com/asd/vim') } - before do - assign_session_token + context 'when session contains access token' do + before do + assign_session_token + end + + it_behaves_like 'import controller status' do + let(:repo_id) { repo.id } + let(:import_source) { repo.path_with_namespace } + let(:provider_name) { 'gitlab' } + let(:client_repos_field) { :projects } + end end - it_behaves_like 'import controller status' do - let(:repo_id) { repo.id } - let(:import_source) { repo.path_with_namespace } - let(:provider_name) { 'gitlab' } - let(:client_repos_field) { :projects } + it 'redirects to auth if session does not contain access token' do + remote_gitlab_url = 'https://test.host/auth/gitlab' + + allow(Gitlab::GitlabImport::Client) + .to receive(:new) + .and_return(double(authorize_url: remote_gitlab_url)) + + get :status + + expect(response).to redirect_to(remote_gitlab_url) end end diff --git a/spec/features/file_uploads/multipart_invalid_uploads_spec.rb b/spec/features/file_uploads/multipart_invalid_uploads_spec.rb index 91c8e100e6a..919dea1370f 100644 --- a/spec/features/file_uploads/multipart_invalid_uploads_spec.rb +++ b/spec/features/file_uploads/multipart_invalid_uploads_spec.rb @@ -44,7 +44,7 @@ RSpec.describe 'Invalid uploads that must be rejected', :api, :js do # These keys are rejected directly by rack itself. # The request will not be received by multipart.rb (can't use the 'handling file uploads' shared example) - it_behaves_like 'rejecting invalid keys', key_name: 'x' * 11000, message: 'Puma caught this error: exceeded available parameter key space (RangeError)' + it_behaves_like 'rejecting invalid keys', key_name: 'x' * 11000 it_behaves_like 'rejecting invalid keys', key_name: 'package[]test', status: 400, message: 'Bad Request' it_behaves_like 'handling file uploads', 'by rejecting uploads with an invalid key' diff --git a/spec/frontend/emoji/awards_app/store/actions_spec.js b/spec/frontend/emoji/awards_app/store/actions_spec.js index 0761256ed23..cd3dfab30d4 100644 --- a/spec/frontend/emoji/awards_app/store/actions_spec.js +++ b/spec/frontend/emoji/awards_app/store/actions_spec.js @@ -8,10 +8,6 @@ jest.mock('@sentry/browser'); jest.mock('~/vue_shared/plugins/global_toast'); describe('Awards app actions', () => { - afterEach(() => { - window.gon = {}; - }); - describe('setInitialData', () => { it('commits SET_INITIAL_DATA', async () => { await testAction( @@ -52,8 +48,6 @@ describe('Awards app actions', () => { }); it('commits FETCH_AWARDS_SUCCESS', async () => { - window.gon.current_user_id = 1; - await testAction( actions.fetchAwards, '1', @@ -62,10 +56,6 @@ describe('Awards app actions', () => { [{ type: 'fetchAwards', payload: '2' }], ); }); - - it('does not commit FETCH_AWARDS_SUCCESS when user signed out', async () => { - await testAction(actions.fetchAwards, '1', { path: '/awards' }, [], []); - }); }); }); @@ -75,8 +65,6 @@ describe('Awards app actions', () => { }); it('calls Sentry.captureException', async () => { - window.gon = { current_user_id: 1 }; - await testAction(actions.fetchAwards, null, { path: '/awards' }, [], [], () => { expect(Sentry.captureException).toHaveBeenCalled(); }); diff --git a/spec/requests/api/award_emoji_spec.rb b/spec/requests/api/award_emoji_spec.rb index 782e14593f7..1c27684e870 100644 --- a/spec/requests/api/award_emoji_spec.rb +++ b/spec/requests/api/award_emoji_spec.rb @@ -3,8 +3,8 @@ require 'spec_helper' RSpec.describe API::AwardEmoji do + let_it_be_with_reload(:project) { create(:project, :private) } let_it_be(:user) { create(:user) } - let_it_be(:project) { create(:project) } let_it_be(:issue) { create(:issue, project: project) } let_it_be(:award_emoji) { create(:award_emoji, awardable: issue, user: user) } let_it_be(:note) { create(:note, project: project, noteable: issue) } @@ -16,6 +16,28 @@ RSpec.describe API::AwardEmoji do project.add_maintainer(user) end + shared_examples 'request with insufficient permissions' do |request_method| + let(:request_params) { {} } + + context 'when user is not signed in' do + it 'returns 404' do + process request_method, api(request_path), params: request_params + + expect(response).to have_gitlab_http_status(:not_found) + end + end + + context 'when user does not have access' do + it 'returns 404' do + other_user = create(:user) + + process request_method, api(request_path, other_user), params: request_params + + expect(response).to have_gitlab_http_status(:not_found) + end + end + end + describe "GET /projects/:id/awardable/:awardable_id/award_emoji" do context 'on an issue' do it "returns an array of award_emoji" do @@ -74,14 +96,22 @@ RSpec.describe API::AwardEmoji do end end - context 'when the user has no access' do - it 'returns a status code 404' do - user1 = create(:user) - - get api("/projects/#{project.id}/merge_requests/#{merge_request.iid}/award_emoji", user1) - - expect(response).to have_gitlab_http_status(:not_found) + context 'when unauthenticated and project is public' do + before do + project.update!(visibility_level: Gitlab::VisibilityLevel::PUBLIC) end + + it 'returns the awarded emoji' do + get api("/projects/#{project.id}/issues/#{issue.iid}/award_emoji") + + expect(response).to have_gitlab_http_status(:ok) + expect(json_response).to be_an Array + expect(json_response.first['name']).to eq(award_emoji.name) + end + end + + it_behaves_like 'request with insufficient permissions', :get do + let(:request_path) { "/projects/#{project.id}/issues/#{issue.iid}/award_emoji" } end end @@ -95,6 +125,24 @@ RSpec.describe API::AwardEmoji do expect(json_response).to be_an Array expect(json_response.first['name']).to eq(rocket.name) end + + context 'when unauthenticated and project is public' do + before do + project.update!(visibility_level: Gitlab::VisibilityLevel::PUBLIC) + end + + it 'returns the awarded emoji' do + get api("/projects/#{project.id}/issues/#{issue.iid}/notes/#{note.id}/award_emoji") + + expect(response).to have_gitlab_http_status(:ok) + expect(json_response).to be_an Array + expect(json_response.first['name']).to eq(rocket.name) + end + end + + it_behaves_like 'request with insufficient permissions', :get do + let(:request_path) { "/projects/#{project.id}/issues/#{issue.iid}/notes/#{note.id}/award_emoji" } + end end describe "GET /projects/:id/awardable/:awardable_id/award_emoji/:award_id" do @@ -140,14 +188,23 @@ RSpec.describe API::AwardEmoji do end end - context 'when the user has no access' do - it 'returns a status code 404' do - user1 = create(:user) - - get api("/projects/#{project.id}/merge_requests/#{merge_request.iid}/award_emoji/#{downvote.id}", user1) - - expect(response).to have_gitlab_http_status(:not_found) + context 'when unauthenticated and project is public' do + before do + project.update!(visibility_level: Gitlab::VisibilityLevel::PUBLIC) end + + it 'returns the awarded emoji' do + get api("/projects/#{project.id}/issues/#{issue.iid}/award_emoji/#{award_emoji.id}", user) + + expect(response).to have_gitlab_http_status(:ok) + expect(json_response['name']).to eq(award_emoji.name) + expect(json_response['awardable_id']).to eq(issue.id) + expect(json_response['awardable_type']).to eq("Issue") + end + end + + it_behaves_like 'request with insufficient permissions', :get do + let(:request_path) { "/projects/#{project.id}/merge_requests/#{merge_request.iid}/award_emoji/#{downvote.id}" } end end @@ -161,6 +218,24 @@ RSpec.describe API::AwardEmoji do expect(json_response).not_to be_an Array expect(json_response['name']).to eq(rocket.name) end + + context 'when unauthenticated and project is public' do + before do + project.update!(visibility_level: Gitlab::VisibilityLevel::PUBLIC) + end + + it 'returns the awarded emoji' do + get api("/projects/#{project.id}/issues/#{issue.iid}/notes/#{note.id}/award_emoji/#{rocket.id}") + + expect(response).to have_gitlab_http_status(:ok) + expect(json_response).not_to be_an Array + expect(json_response['name']).to eq(rocket.name) + end + end + + it_behaves_like 'request with insufficient permissions', :get do + let(:request_path) { "/projects/#{project.id}/issues/#{issue.iid}/notes/#{note.id}/award_emoji/#{rocket.id}" } + end end describe "POST /projects/:id/awardable/:awardable_id/award_emoji" do @@ -189,10 +264,10 @@ RSpec.describe API::AwardEmoji do expect(response).to have_gitlab_http_status(:bad_request) end - it "returns a 401 unauthorized error if the user is not authenticated" do + it "returns a 404 if the user is not authenticated" do post api("/projects/#{project.id}/issues/#{issue.iid}/award_emoji"), params: { name: 'thumbsup' } - expect(response).to have_gitlab_http_status(:unauthorized) + expect(response).to have_gitlab_http_status(:not_found) end it "normalizes +1 as thumbsup award" do @@ -223,6 +298,11 @@ RSpec.describe API::AwardEmoji do expect(json_response['user']['username']).to eq(user.username) end end + + it_behaves_like 'request with insufficient permissions', :post do + let(:request_path) { "/projects/#{project.id}/issues/#{issue.iid}/award_emoji" } + let(:request_params) { { name: 'blowfish' } } + end end describe "POST /projects/:id/awardable/:awardable_id/notes/:note_id/award_emoji" do @@ -260,6 +340,11 @@ RSpec.describe API::AwardEmoji do expect(json_response["message"]).to match("has already been taken") end end + + it_behaves_like 'request with insufficient permissions', :post do + let(:request_path) { "/projects/#{project.id}/issues/#{issue.iid}/notes/#{note.id}/award_emoji" } + let(:request_params) { { name: 'rocket' } } + end end describe 'DELETE /projects/:id/awardable/:awardable_id/award_emoji/:award_id' do @@ -319,9 +404,13 @@ RSpec.describe API::AwardEmoji do let(:request) { api("/projects/#{project.id}/snippets/#{snippet.id}/award_emoji/#{award.id}", user) } end end + + it_behaves_like 'request with insufficient permissions', :delete do + let(:request_path) { "/projects/#{project.id}/issues/#{issue.iid}/award_emoji/#{award_emoji.id}" } + end end - describe 'DELETE /projects/:id/awardable/:awardable_id/award_emoji/:award_emoji_id' do + describe 'DELETE /projects/:id/awardable/:awardable_id/notes/:note_id/award_emoji/:award_id' do let!(:rocket) { create(:award_emoji, awardable: note, name: 'rocket', user: user) } it 'deletes the award' do @@ -335,5 +424,9 @@ RSpec.describe API::AwardEmoji do it_behaves_like '412 response' do let(:request) { api("/projects/#{project.id}/issues/#{issue.iid}/notes/#{note.id}/award_emoji/#{rocket.id}", user) } end + + it_behaves_like 'request with insufficient permissions', :delete do + let(:request_path) { "/projects/#{project.id}/issues/#{issue.iid}/notes/#{note.id}/award_emoji/#{rocket.id}" } + end end end diff --git a/workhorse/internal/testhelper/testhelper.go b/workhorse/internal/testhelper/testhelper.go index 6ea5c1c73e1..3fe824cbe20 100644 --- a/workhorse/internal/testhelper/testhelper.go +++ b/workhorse/internal/testhelper/testhelper.go @@ -154,6 +154,13 @@ type UploadClaims struct { jwt.RegisteredClaims } +func GetUploadParams(t testing.TB, r *http.Request, name string) map[string]string { + t.Helper() + token, err := jwt.ParseWithClaims(r.PostFormValue(name+".gitlab-workhorse-upload"), &UploadClaims{}, ParseJWT) + require.NoError(t, err) + return token.Claims.(*UploadClaims).Upload +} + func Retry(t testing.TB, timeout time.Duration, fn func() error) { t.Helper() start := time.Now() diff --git a/workhorse/internal/upload/artifacts_store_test.go b/workhorse/internal/upload/artifacts_store_test.go index 7032313fbde..ea757e20d88 100644 --- a/workhorse/internal/upload/artifacts_store_test.go +++ b/workhorse/internal/upload/artifacts_store_test.go @@ -84,8 +84,9 @@ func TestUploadHandlerSendingToExternalStorage(t *testing.T) { responseProcessorCalled := 0 responseProcessor := func(w http.ResponseWriter, r *http.Request) { - require.Equal(t, "store-id", r.FormValue("file.remote_id")) - require.NotEmpty(t, r.FormValue("file.remote_url")) + fileParams := testhelper.GetUploadParams(t, r, "file") + require.Equal(t, "store-id", fileParams["remote_id"]) + require.NotEmpty(t, fileParams["remote_url"]) w.WriteHeader(200) responseProcessorCalled++ } diff --git a/workhorse/internal/upload/artifacts_upload_test.go b/workhorse/internal/upload/artifacts_upload_test.go index c94129092c6..f92f2535d0b 100644 --- a/workhorse/internal/upload/artifacts_upload_test.go +++ b/workhorse/internal/upload/artifacts_upload_test.go @@ -65,26 +65,31 @@ func testArtifactsUploadServer(t *testing.T, authResponse *api.Response, bodyPro if r.Method != "POST" { t.Fatal("Expected POST request") } + + fileParams := testhelper.GetUploadParams(t, r, "file") if opts.IsLocalTempFile() { - if r.FormValue("file.path") == "" { + fPath := fileParams["path"] + if fPath == "" { t.Fatal("Expected file to be present") return } - _, err := os.ReadFile(r.FormValue("file.path")) + _, err := os.ReadFile(fPath) if err != nil { t.Fatal("Expected file to be readable") return } } else { - if r.FormValue("file.remote_url") == "" { + if fileParams["remote_url"] == "" { t.Fatal("Expected file to be remote accessible") return } } - if r.FormValue("metadata.path") != "" { - metadata, err := os.ReadFile(r.FormValue("metadata.path")) + if r.FormValue("metadata.gitlab-workhorse-upload") != "" { + metadataParams := testhelper.GetUploadParams(t, r, "metadata") + + metadata, err := os.ReadFile(metadataParams["path"]) if err != nil { t.Fatal("Expected metadata to be readable") return diff --git a/workhorse/internal/upload/body_uploader_test.go b/workhorse/internal/upload/body_uploader_test.go index 837d119e72e..010b1de7427 100644 --- a/workhorse/internal/upload/body_uploader_test.go +++ b/workhorse/internal/upload/body_uploader_test.go @@ -92,15 +92,16 @@ func echoProxy(t *testing.T, expectedBodyLength int) http.Handler { require.Equal(t, "application/x-www-form-urlencoded", r.Header.Get("Content-Type"), "Wrong Content-Type header") - require.Contains(t, r.PostForm, "file.md5") - require.Contains(t, r.PostForm, "file.sha1") - require.Contains(t, r.PostForm, "file.sha256") - require.Contains(t, r.PostForm, "file.sha512") + fileParams := testhelper.GetUploadParams(t, r, "file") + require.Contains(t, fileParams, "md5") + require.Contains(t, fileParams, "sha1") + require.Contains(t, fileParams, "sha256") + require.Contains(t, fileParams, "sha512") - require.Contains(t, r.PostForm, "file.path") - require.Contains(t, r.PostForm, "file.size") - require.Contains(t, r.PostForm, "file.gitlab-workhorse-upload") - require.Equal(t, strconv.Itoa(expectedBodyLength), r.PostFormValue("file.size")) + require.Contains(t, fileParams, "path") + require.Contains(t, fileParams, "size") + + require.Equal(t, strconv.Itoa(expectedBodyLength), fileParams["size"]) token, err := jwt.ParseWithClaims(r.Header.Get(RewrittenFieldsHeader), &MultipartClaims{}, testhelper.ParseJWT) require.NoError(t, err, "Wrong JWT header") @@ -110,10 +111,7 @@ func echoProxy(t *testing.T, expectedBodyLength int) http.Handler { t.Fatalf("Unexpected rewritten_fields value: %v", rewrittenFields) } - token, jwtErr := jwt.ParseWithClaims(r.PostFormValue("file.gitlab-workhorse-upload"), &testhelper.UploadClaims{}, testhelper.ParseJWT) - require.NoError(t, jwtErr, "Wrong signed upload fields") - - uploadFields := token.Claims.(*testhelper.UploadClaims).Upload + uploadFields := testhelper.GetUploadParams(t, r, "file") require.Contains(t, uploadFields, "name") require.Contains(t, uploadFields, "path") require.Contains(t, uploadFields, "remote_url") @@ -124,9 +122,10 @@ func echoProxy(t *testing.T, expectedBodyLength int) http.Handler { require.Contains(t, uploadFields, "sha256") require.Contains(t, uploadFields, "sha512") - path := r.PostFormValue("file.path") + path := uploadFields["path"] uploaded, err := os.Open(path) require.NoError(t, err, "File not uploaded") + defer uploaded.Close() //sending back the file for testing purpose io.Copy(w, uploaded) diff --git a/workhorse/internal/upload/destination/destination.go b/workhorse/internal/upload/destination/destination.go index 5e145e2cb2a..039c534b552 100644 --- a/workhorse/internal/upload/destination/destination.go +++ b/workhorse/internal/upload/destination/destination.go @@ -68,42 +68,31 @@ func (fh *FileHandler) MD5() string { // GitLabFinalizeFields returns a map with all the fields GitLab Rails needs in order to finalize the upload. func (fh *FileHandler) GitLabFinalizeFields(prefix string) (map[string]string, error) { - // TODO: remove `data` these once rails fully and exclusively support `signedData` (https://gitlab.com/gitlab-org/gitlab/-/issues/324873) - data := make(map[string]string) - signedData := make(map[string]string) - key := func(field string) string { - if prefix == "" { - return field - } - - return fmt.Sprintf("%s.%s", prefix, field) - } - - for k, v := range map[string]string{ + signedData := map[string]string{ "name": fh.Name, "path": fh.LocalPath, "remote_url": fh.RemoteURL, "remote_id": fh.RemoteID, "size": strconv.FormatInt(fh.Size, 10), "upload_duration": strconv.FormatFloat(fh.uploadDuration, 'f', -1, 64), - } { - data[key(k)] = v - signedData[k] = v } for hashName, hash := range fh.hashes { - data[key(hashName)] = hash signedData[hashName] = hash } - claims := uploadClaims{Upload: signedData, RegisteredClaims: secret.DefaultClaims} + claims := uploadClaims{ + Upload: signedData, + RegisteredClaims: secret.DefaultClaims, + } jwtData, err := secret.JWTTokenString(claims) if err != nil { return nil, err } - data[key("gitlab-workhorse-upload")] = jwtData - return data, nil + return map[string]string{ + prefix + ".gitlab-workhorse-upload": jwtData, + }, nil } type consumer interface { diff --git a/workhorse/internal/upload/destination/destination_test.go b/workhorse/internal/upload/destination/destination_test.go index 6ebe163468b..f9a78ec8b72 100644 --- a/workhorse/internal/upload/destination/destination_test.go +++ b/workhorse/internal/upload/destination/destination_test.go @@ -3,7 +3,6 @@ package destination_test import ( "context" "errors" - "fmt" "os" "path" "strconv" @@ -220,14 +219,21 @@ func TestUpload(t *testing.T) { fields, err := fh.GitLabFinalizeFields("file") require.NoError(t, err) - checkFileHandlerWithFields(t, fh, fields, "file") - token, jwtErr := jwt.ParseWithClaims(fields["file.gitlab-workhorse-upload"], &testhelper.UploadClaims{}, testhelper.ParseJWT) require.NoError(t, jwtErr) uploadFields := token.Claims.(*testhelper.UploadClaims).Upload - checkFileHandlerWithFields(t, fh, uploadFields, "") + require.Equal(t, fh.Name, uploadFields["name"]) + require.Equal(t, fh.LocalPath, uploadFields["path"]) + require.Equal(t, fh.RemoteURL, uploadFields["remote_url"]) + require.Equal(t, fh.RemoteID, uploadFields["remote_id"]) + require.Equal(t, strconv.FormatInt(test.ObjectSize, 10), uploadFields["size"]) + require.Equal(t, test.ObjectMD5, uploadFields["md5"]) + require.Equal(t, test.ObjectSHA1, uploadFields["sha1"]) + require.Equal(t, test.ObjectSHA256, uploadFields["sha256"]) + require.Equal(t, test.ObjectSHA512, uploadFields["sha512"]) + require.NotEmpty(t, uploadFields["upload_duration"]) }) } } @@ -463,24 +469,3 @@ func TestUploadRemoteFileWithLimit(t *testing.T) { }) } } - -func checkFileHandlerWithFields(t *testing.T, fh *destination.FileHandler, fields map[string]string, prefix string) { - key := func(field string) string { - if prefix == "" { - return field - } - - return fmt.Sprintf("%s.%s", prefix, field) - } - - require.Equal(t, fh.Name, fields[key("name")]) - require.Equal(t, fh.LocalPath, fields[key("path")]) - require.Equal(t, fh.RemoteURL, fields[key("remote_url")]) - require.Equal(t, fh.RemoteID, fields[key("remote_id")]) - require.Equal(t, strconv.FormatInt(test.ObjectSize, 10), fields[key("size")]) - require.Equal(t, test.ObjectMD5, fields[key("md5")]) - require.Equal(t, test.ObjectSHA1, fields[key("sha1")]) - require.Equal(t, test.ObjectSHA256, fields[key("sha256")]) - require.Equal(t, test.ObjectSHA512, fields[key("sha512")]) - require.NotEmpty(t, fields[key("upload_duration")]) -} diff --git a/workhorse/internal/upload/uploads_test.go b/workhorse/internal/upload/uploads_test.go index ffe9fec302e..6ad31c7fe7a 100644 --- a/workhorse/internal/upload/uploads_test.go +++ b/workhorse/internal/upload/uploads_test.go @@ -89,14 +89,16 @@ func TestUploadHandlerRewritingMultiPartData(t *testing.T) { require.Empty(t, r.MultipartForm.File, "Expected to not receive any files") require.Equal(t, "test", r.FormValue("token"), "Expected to receive token") - require.Equal(t, "my.file", r.FormValue("file.name"), "Expected to receive a filename") - filePath = r.FormValue("file.path") + fileParams := testhelper.GetUploadParams(t, r, "file") + require.Equal(t, "my.file", fileParams["name"], "Expected to receive a filename") + + filePath = fileParams["path"] require.True(t, strings.HasPrefix(filePath, tempPath), "Expected to the file to be in tempPath") - require.Empty(t, r.FormValue("file.remote_url"), "Expected to receive empty remote_url") - require.Empty(t, r.FormValue("file.remote_id"), "Expected to receive empty remote_id") - require.Equal(t, "4", r.FormValue("file.size"), "Expected to receive the file size") + require.Empty(t, fileParams["remote_url"], "Expected to receive empty remote_url") + require.Empty(t, fileParams["remote_id"], "Expected to receive empty remote_id") + require.Equal(t, "4", fileParams["size"], "Expected to receive the file size") hashes := map[string]string{ "md5": "098f6bcd4621d373cade4e832627b4f6", @@ -106,10 +108,10 @@ func TestUploadHandlerRewritingMultiPartData(t *testing.T) { } for algo, hash := range hashes { - require.Equal(t, hash, r.FormValue("file."+algo), "file hash %s", algo) + require.Equal(t, hash, fileParams[algo], "file hash %s", algo) } - require.Len(t, r.MultipartForm.Value, 12, "multipart form values") + require.Len(t, fileParams, 10, "multipart form values") w.WriteHeader(202) fmt.Fprint(w, "RESPONSE") @@ -147,7 +149,7 @@ func TestUploadHandlerRewritingMultiPartData(t *testing.T) { } func TestUploadHandlerDetectingInjectedMultiPartData(t *testing.T) { - var filePath string + testhelper.ConfigureSecret() tests := []struct { name string @@ -155,13 +157,8 @@ func TestUploadHandlerDetectingInjectedMultiPartData(t *testing.T) { response int }{ { - name: "injected file.path", - field: "file.path", - response: 400, - }, - { - name: "injected file.remote_id", - field: "file.remote_id", + name: "injected file.gitlab-workhorse-upload", + field: "file.gitlab-workhorse-upload", response: 400, }, { @@ -194,6 +191,7 @@ func TestUploadHandlerDetectingInjectedMultiPartData(t *testing.T) { require.NoError(t, err) ctx, cancel := context.WithCancel(context.Background()) + defer cancel() httpRequest = httpRequest.WithContext(ctx) httpRequest.Header.Set("Content-Type", writer.FormDataContentType()) response := httptest.NewRecorder() @@ -202,9 +200,6 @@ func TestUploadHandlerDetectingInjectedMultiPartData(t *testing.T) { testInterceptMultipartFiles(t, response, httpRequest, handler, &testFormProcessor{}) require.Equal(t, test.response, response.Code) - - cancel() // this will trigger an async cleanup - waitUntilDeleted(t, filePath) }) } } @@ -425,7 +420,8 @@ func TestUploadHandlerRemovingExif(t *testing.T) { err := r.ParseMultipartForm(100000) require.NoError(t, err) - size, err := strconv.Atoi(r.FormValue("file.size")) + fileParams := testhelper.GetUploadParams(t, r, "file") + size, err := strconv.Atoi(fileParams["size"]) require.NoError(t, err) require.True(t, size < len(content), "Expected the file to be smaller after removal of exif") require.True(t, size > 0, "Expected to receive not empty file") @@ -443,7 +439,8 @@ func TestUploadHandlerRemovingExifTiff(t *testing.T) { err := r.ParseMultipartForm(100000) require.NoError(t, err) - size, err := strconv.Atoi(r.FormValue("file.size")) + fileParams := testhelper.GetUploadParams(t, r, "file") + size, err := strconv.Atoi(fileParams["size"]) require.NoError(t, err) require.True(t, size < len(content), "Expected the file to be smaller after removal of exif") require.True(t, size > 0, "Expected to receive not empty file") @@ -461,7 +458,8 @@ func TestUploadHandlerRemovingExifInvalidContentType(t *testing.T) { err := r.ParseMultipartForm(100000) require.NoError(t, err) - output, err := os.ReadFile(r.FormValue("file.path")) + fileParams := testhelper.GetUploadParams(t, r, "file") + output, err := os.ReadFile(fileParams["path"]) require.NoError(t, err) require.Equal(t, content, output, "Expected the file to be same as before") diff --git a/workhorse/upload_test.go b/workhorse/upload_test.go index dedda4ea655..c4669ade4a1 100644 --- a/workhorse/upload_test.go +++ b/workhorse/upload_test.go @@ -81,9 +81,10 @@ func uploadTestServer(t *testing.T, authorizeTests func(r *http.Request), extraT } require.NoError(t, r.ParseMultipartForm(100000)) + require.Len(t, r.MultipartForm.Value, 1) // Expect 1 key: "file.gitlab-workhorse-upload" - const nValues = 11 // file name, path, remote_url, remote_id, size, md5, sha1, sha256, sha512, upload_duration, gitlab-workhorse-upload for just the upload (no metadata because we are not POSTing a valid zip file) - require.Len(t, r.MultipartForm.Value, nValues) + const nValues = 10 // file name, path, remote_url, remote_id, size, md5, sha1, sha256, sha512, upload_duration (no metadata because we are not POSTing a valid zip file) + require.Len(t, testhelper.GetUploadParams(t, r, "file"), nValues) require.Empty(t, r.MultipartForm.File, "multipart form files") @@ -174,10 +175,7 @@ func TestAcceleratedUpload(t *testing.T) { t.Fatalf("Unexpected rewritten_fields value: %v", rewrittenFields) } - token, jwtErr := jwt.ParseWithClaims(r.PostFormValue("file.gitlab-workhorse-upload"), &testhelper.UploadClaims{}, testhelper.ParseJWT) - require.NoError(t, jwtErr) - - uploadFields := token.Claims.(*testhelper.UploadClaims).Upload + uploadFields := testhelper.GetUploadParams(t, r, "file") require.Contains(t, uploadFields, "name") require.Contains(t, uploadFields, "path") require.Contains(t, uploadFields, "remote_url") @@ -339,12 +337,11 @@ func TestLfsUpload(t *testing.T) { case resource: expectSignedRequest(t, r) - // Expect the request to point to a file on disk containing the data - require.NoError(t, r.ParseForm()) - require.Equal(t, oid, r.Form.Get("file.sha256"), "Invalid SHA256 populated") - require.Equal(t, strconv.Itoa(len(reqBody)), r.Form.Get("file.size"), "Invalid size populated") + fileParams := testhelper.GetUploadParams(t, r, "file") + require.Equal(t, oid, fileParams["sha256"], "Invalid SHA256 populated") + require.Equal(t, strconv.Itoa(len(reqBody)), fileParams["size"], "Invalid size populated") - tempfile, err := os.ReadFile(r.Form.Get("file.path")) + tempfile, err := os.ReadFile(fileParams["path"]) require.NoError(t, err) require.Equal(t, reqBody, string(tempfile), "Temporary file has the wrong body") @@ -462,13 +459,12 @@ func packageUploadTestServer(t *testing.T, method string, resource string, reqBo case resource: expectSignedRequest(t, r) - // Expect the request to point to a file on disk containing the data - require.NoError(t, r.ParseForm()) + fileParams := testhelper.GetUploadParams(t, r, "file") len := strconv.Itoa(len(reqBody)) - require.Equal(t, len, r.Form.Get("file.size"), "Invalid size populated") + require.Equal(t, len, fileParams["size"], "Invalid size populated") - tmpFilePath := r.Form.Get("file.path") + tmpFilePath := fileParams["path"] fileData, err := os.ReadFile(tmpFilePath) defer os.Remove(tmpFilePath)