Add latest changes from gitlab-org/gitlab@master
This commit is contained in:
parent
731490c150
commit
5e11fc146a
|
@ -1 +1 @@
|
|||
5d557a52c40e2641d6ea1b44b60a897d0e9401e7
|
||||
4ac6a5906d27098bf0f6fb9e19c190ea9722c70a
|
||||
|
|
|
@ -0,0 +1,15 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
module BizibleCSP
|
||||
extend ActiveSupport::Concern
|
||||
|
||||
included do
|
||||
content_security_policy do |policy|
|
||||
next unless helpers.bizible_enabled? || policy.directives.present?
|
||||
|
||||
default_script_src = policy.directives['script-src'] || policy.directives['default-src']
|
||||
script_src_values = Array.wrap(default_script_src) | ["'unsafe-eval'", 'https://cdn.bizible.com/scripts/bizible.js']
|
||||
policy.script_src(*script_src_values)
|
||||
end
|
||||
end
|
||||
end
|
|
@ -8,6 +8,7 @@ class Projects::BadgesController < Projects::ApplicationController
|
|||
|
||||
feature_category :continuous_integration, [:index, :pipeline]
|
||||
feature_category :code_testing, [:coverage]
|
||||
feature_category :release_orchestration, [:release]
|
||||
|
||||
def pipeline
|
||||
pipeline_status = Gitlab::Ci::Badge::Pipeline::Status
|
||||
|
@ -34,6 +35,17 @@ class Projects::BadgesController < Projects::ApplicationController
|
|||
render_badge coverage_report
|
||||
end
|
||||
|
||||
def release
|
||||
latest_release = Gitlab::Ci::Badge::Release::LatestRelease
|
||||
.new(project, current_user, opts: {
|
||||
key_text: params[:key_text],
|
||||
key_width: params[:key_width],
|
||||
order_by: params[:order_by]
|
||||
})
|
||||
|
||||
render_badge latest_release
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def badge_layout
|
||||
|
|
|
@ -160,6 +160,8 @@ module Projects
|
|||
@badges.map! do |badge|
|
||||
badge.new(@project, @ref).metadata
|
||||
end
|
||||
|
||||
@badges.append(Gitlab::Ci::Badge::Release::LatestRelease.new(@project, current_user).metadata)
|
||||
end
|
||||
|
||||
def define_auto_devops_variables
|
||||
|
|
|
@ -6,6 +6,7 @@ class RegistrationsController < Devise::RegistrationsController
|
|||
include RecaptchaHelper
|
||||
include InvisibleCaptchaOnSignup
|
||||
include OneTrustCSP
|
||||
include BizibleCSP
|
||||
|
||||
layout 'devise'
|
||||
|
||||
|
|
|
@ -10,6 +10,7 @@ class SessionsController < Devise::SessionsController
|
|||
include KnownSignIn
|
||||
include Gitlab::Utils::StrongMemoize
|
||||
include OneTrustCSP
|
||||
include BizibleCSP
|
||||
|
||||
skip_before_action :check_two_factor_requirement, only: [:destroy]
|
||||
skip_before_action :check_password_expiration, only: [:destroy]
|
||||
|
|
|
@ -1,51 +0,0 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
module Mutations
|
||||
# This concern is deprecated and will be deleted in 14.6
|
||||
#
|
||||
# Use the SpamProtection concern instead.
|
||||
module CanMutateSpammable
|
||||
extend ActiveSupport::Concern
|
||||
|
||||
DEPRECATION_NOTICE = {
|
||||
reason: 'Use spam protection with HTTP headers instead',
|
||||
milestone: '13.11'
|
||||
}.freeze
|
||||
|
||||
included do
|
||||
argument :captcha_response, GraphQL::Types::String,
|
||||
required: false,
|
||||
deprecated: DEPRECATION_NOTICE,
|
||||
description: 'Valid CAPTCHA response value obtained by using the provided captchaSiteKey with a CAPTCHA API to present a challenge to be solved on the client. Required to resubmit if the previous operation returned "NeedsCaptchaResponse: true".'
|
||||
|
||||
argument :spam_log_id, GraphQL::Types::Int,
|
||||
required: false,
|
||||
deprecated: DEPRECATION_NOTICE,
|
||||
description: 'Spam log ID which must be passed along with a valid CAPTCHA response for the operation to be completed. Required to resubmit if the previous operation returned "NeedsCaptchaResponse: true".'
|
||||
|
||||
field :spam,
|
||||
GraphQL::Types::Boolean,
|
||||
null: true,
|
||||
deprecated: DEPRECATION_NOTICE,
|
||||
description: 'Indicates whether the operation was detected as definite spam. There is no option to resubmit the request with a CAPTCHA response.'
|
||||
|
||||
field :needs_captcha_response,
|
||||
GraphQL::Types::Boolean,
|
||||
null: true,
|
||||
deprecated: DEPRECATION_NOTICE,
|
||||
description: 'Indicates whether the operation was detected as possible spam and not completed. If CAPTCHA is enabled, the request must be resubmitted with a valid CAPTCHA response and spam_log_id included for the operation to be completed. Included only when an operation was not completed because "NeedsCaptchaResponse" is true.'
|
||||
|
||||
field :spam_log_id,
|
||||
GraphQL::Types::Int,
|
||||
null: true,
|
||||
deprecated: DEPRECATION_NOTICE,
|
||||
description: 'Spam log ID which must be passed along with a valid CAPTCHA response for an operation to be completed. Included only when an operation was not completed because "NeedsCaptchaResponse" is true.'
|
||||
|
||||
field :captcha_site_key,
|
||||
GraphQL::Types::String,
|
||||
null: true,
|
||||
deprecated: DEPRECATION_NOTICE,
|
||||
description: 'CAPTCHA site key which must be used to render a challenge for the user to solve to obtain a valid captchaResponse value. Included only when an operation was not completed because "NeedsCaptchaResponse" is true.'
|
||||
end
|
||||
end
|
||||
end
|
|
@ -6,7 +6,6 @@ module Mutations
|
|||
graphql_name 'CreateSnippet'
|
||||
|
||||
include ServiceCompatibility
|
||||
include CanMutateSpammable
|
||||
include Mutations::SpamProtection
|
||||
|
||||
authorize :create_snippet
|
||||
|
|
|
@ -6,7 +6,6 @@ module Mutations
|
|||
graphql_name 'UpdateSnippet'
|
||||
|
||||
include ServiceCompatibility
|
||||
include CanMutateSpammable
|
||||
include Mutations::SpamProtection
|
||||
|
||||
argument :id, ::Types::GlobalIDType[::Snippet],
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
module BizibleHelper
|
||||
def bizible_enabled?
|
||||
Feature.enabled?(:ecomm_instrumentation, type: :ops) &&
|
||||
Gitlab.config.extra.has_key?('bizible') &&
|
||||
Gitlab.config.extra.bizible.present? &&
|
||||
Gitlab.config.extra.bizible == true
|
||||
end
|
||||
end
|
|
@ -4,6 +4,7 @@
|
|||
- content_for :page_specific_javascripts do
|
||||
= render "layouts/google_tag_manager_head"
|
||||
= render "layouts/one_trust"
|
||||
= render "layouts/bizible"
|
||||
= render "layouts/google_tag_manager_body"
|
||||
|
||||
.well-confirmation.gl-text-center.gl-mb-6
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
- content_for :page_specific_javascripts do
|
||||
= render "layouts/google_tag_manager_head"
|
||||
= render "layouts/one_trust"
|
||||
= render "layouts/bizible"
|
||||
= render "layouts/google_tag_manager_body"
|
||||
|
||||
.signup-page
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
- page_title _("Sign in")
|
||||
- content_for :page_specific_javascripts do
|
||||
= render "layouts/one_trust"
|
||||
= render "layouts/bizible"
|
||||
|
||||
#signin-container
|
||||
- if any_form_based_providers_enabled?
|
||||
|
|
|
@ -0,0 +1,14 @@
|
|||
- if bizible_enabled?
|
||||
<!-- Bizible -->
|
||||
= javascript_include_tag "https://cdn.bizible.com/scripts/bizible.js"
|
||||
= javascript_tag nonce: content_security_policy_nonce do
|
||||
:plain
|
||||
const bizibleScript = document.createElement('script');
|
||||
bizibleScript.src = 'https://cdn.bizible.com/scripts/bizible.js';
|
||||
bizibleScript.nonce = '#{content_security_policy_nonce}'
|
||||
bizibleScript.charset = 'UTF-8';
|
||||
bizibleScript.defer = true;
|
||||
document.head.appendChild(bizibleScript);
|
||||
|
||||
function OptanonWrapper() { }
|
||||
|
|
@ -5,6 +5,7 @@
|
|||
- content_for :page_specific_javascripts do
|
||||
= render "layouts/google_tag_manager_head"
|
||||
= render "layouts/one_trust"
|
||||
= render "layouts/bizible"
|
||||
= render "layouts/google_tag_manager_body"
|
||||
|
||||
.row.gl-flex-grow-1
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
- content_for :page_specific_javascripts do
|
||||
= render "layouts/google_tag_manager_head"
|
||||
= render "layouts/one_trust"
|
||||
= render "layouts/bizible"
|
||||
= render "layouts/google_tag_manager_body"
|
||||
|
||||
#js-terms-of-service{ data: { terms_data: terms_data(@term, @redirect) } }
|
||||
|
|
|
@ -1332,6 +1332,9 @@ production: &base
|
|||
## OneTrust
|
||||
# one_trust_id: '_your_one_trust_id'
|
||||
|
||||
## Bizible.
|
||||
# bizible: true
|
||||
|
||||
## Matomo analytics.
|
||||
# matomo_url: '_your_matomo_url'
|
||||
# matomo_site_id: '_your_matomo_site_id'
|
||||
|
|
|
@ -467,6 +467,14 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
|
|||
end
|
||||
|
||||
get :planning_hierarchy
|
||||
|
||||
resources :badges, only: [] do
|
||||
collection do
|
||||
constraints format: /svg/ do
|
||||
get :release
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
# End of the /-/ scope.
|
||||
|
||||
|
|
|
@ -0,0 +1,19 @@
|
|||
- name: "`projectFingerprint` in `PipelineSecurityReportFinding` GraphQL" # The name of the feature to be deprecated
|
||||
announcement_milestone: "14.8" # The milestone when this feature was first announced as deprecated.
|
||||
announcement_date: "2022-02-22" # The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
|
||||
removal_milestone: "15.0" # The milestone when this feature is planned to be removed
|
||||
removal_date: "2022-05-22" # The date of the milestone release when this feature is planned to be removed. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
|
||||
breaking_change: true # If this deprecation is a breaking change, set this value to true
|
||||
reporter: matt_wilson # GitLab username of the person reporting the deprecation
|
||||
body: | # Do not modify this line, instead modify the lines below.
|
||||
The `projectFingerprint` field in the [PipelineSecurityReportFinding](https://docs.gitlab.com/ee/api/graphql/reference/index.html#pipelinesecurityreportfinding)
|
||||
GraphQL object is being deprecated. This field contains a "fingerprint" of security findings used to determine uniqueness.
|
||||
The method for calculating fingerprints has changed, resulting in different values. Going forward, the new values will be
|
||||
exposed in the UUID field. Data previously available in the projectFingerprint field will eventually be removed entirely.
|
||||
# The following items are not published on the docs page, but may be used in the future.
|
||||
stage: # (optional - may be required in the future) String value of the stage that the feature was created in. e.g., Growth
|
||||
tiers: # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
|
||||
issue_url: # (optional) This is a link to the deprecation issue in GitLab
|
||||
documentation_url: # (optional) This is a link to the current documentation page
|
||||
image_url: # (optional) This is a link to a thumbnail image depicting the feature
|
||||
video_url: # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
|
|
@ -0,0 +1,44 @@
|
|||
- name: "Secure and Protect analyzer major version update" # The name of the feature to be deprecated
|
||||
announcement_milestone: "14.8" # The milestone when this feature was first announced as deprecated.
|
||||
announcement_date: "2022-02-22" # The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
|
||||
removal_milestone: "15.00" # The milestone when this feature is planned to be removed
|
||||
removal_date: # The date of the milestone release when this feature is planned to be removed. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
|
||||
breaking_change: true # If this deprecation is a breaking change, set this value to true
|
||||
reporter: NicoleSchwartz # GitLab username of the person reporting the deprecation
|
||||
body: | # Do not modify this line, instead modify the lines below.
|
||||
The Secure and Protect stages will be bumping the major versions of their analyzers in tandem with the GitLab 15.0 release. This major bump will enable a clear delineation for analyzers, between:
|
||||
|
||||
- Those released prior to May 22, 2022, which generate reports that _are not_ subject to stringent schema validation.
|
||||
- Those released after May 22, 2022, which generate reports that _are_ subject to stringent schema validation.
|
||||
|
||||
If you are not using the default inclusion templates, or have pinned your analyzer version(s) you will need to update your CI/CD job definition to either remove the pinned version or to update the latest major version.
|
||||
Users of GitLab 12.0-14.10 will continue to experience analyzer updates as normal until the release of GitLab 15.0, following which all newly fixed bugs and newly released features in the new major versions of the analyzers will not be available in the deprecated versions because we do not backport bugs and new features as per our [maintenance policy](https://docs.gitlab.com/ee/policy/maintenance.html). As required security patches will be backported within the latest 3 minor releases.
|
||||
Specifically, the following are being deprecated and will no longer be updated after 15.0 GitLab release:
|
||||
|
||||
- API Security: version 1
|
||||
- Container Scanning: version 4
|
||||
- Coverage-guided fuzz testing: version 2
|
||||
- Dependency Scanning: version 2
|
||||
- Dynamic Application Security Testing (DAST): version 2
|
||||
- License Scanning: version 3
|
||||
- Secret Detection: version 3
|
||||
- Static Application Security Testing (SAST): version 2, except security-code-scan which is version 3
|
||||
- `bandit`: version 2
|
||||
- `brakeman`: version 2
|
||||
- `eslint`: version 2
|
||||
- `flawfinder`: version 2
|
||||
- `gosec`: version 3
|
||||
- `kubesec`: version 2
|
||||
- `mobsf`: version 2
|
||||
- `nodejs-scan`: version 2
|
||||
- `phpcs-security-audit`: version 2
|
||||
- `pmd-apex`: version 2
|
||||
- `security-code-scan`: version 3
|
||||
- `semgrep`: version 2
|
||||
- `sobelow`: version 2
|
||||
- `spotbugs`: version 2
|
||||
# The following items are not published on the docs page, but may be used in the future.
|
||||
stage: secure, protect # (optional - may be required in the future) String value of the stage that the feature was created in. e.g., Growth
|
||||
tiers: Free, Silver, Gold, Core, Premium, Ultimate # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
|
||||
issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/350936 # (optional) This is a link to the deprecation issue in GitLab
|
||||
documentation_url: # (optional) This is a link to the current documentation page
|
|
@ -1516,11 +1516,9 @@ Input type: `CreateSnippetInput`
|
|||
| Name | Type | Description |
|
||||
| ---- | ---- | ----------- |
|
||||
| <a id="mutationcreatesnippetblobactions"></a>`blobActions` | [`[SnippetBlobActionInputType!]`](#snippetblobactioninputtype) | Actions to perform over the snippet repository and blobs. |
|
||||
| <a id="mutationcreatesnippetcaptcharesponse"></a>`captchaResponse` **{warning-solid}** | [`String`](#string) | **Deprecated:** Use spam protection with HTTP headers instead. Deprecated in 13.11. |
|
||||
| <a id="mutationcreatesnippetclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
|
||||
| <a id="mutationcreatesnippetdescription"></a>`description` | [`String`](#string) | Description of the snippet. |
|
||||
| <a id="mutationcreatesnippetprojectpath"></a>`projectPath` | [`ID`](#id) | Full path of the project the snippet is associated with. |
|
||||
| <a id="mutationcreatesnippetspamlogid"></a>`spamLogId` **{warning-solid}** | [`Int`](#int) | **Deprecated:** Use spam protection with HTTP headers instead. Deprecated in 13.11. |
|
||||
| <a id="mutationcreatesnippettitle"></a>`title` | [`String!`](#string) | Title of the snippet. |
|
||||
| <a id="mutationcreatesnippetuploadedfiles"></a>`uploadedFiles` | [`[String!]`](#string) | Paths to files uploaded in the snippet description. |
|
||||
| <a id="mutationcreatesnippetvisibilitylevel"></a>`visibilityLevel` | [`VisibilityLevelsEnum!`](#visibilitylevelsenum) | Visibility level of the snippet. |
|
||||
|
@ -1529,13 +1527,9 @@ Input type: `CreateSnippetInput`
|
|||
|
||||
| Name | Type | Description |
|
||||
| ---- | ---- | ----------- |
|
||||
| <a id="mutationcreatesnippetcaptchasitekey"></a>`captchaSiteKey` **{warning-solid}** | [`String`](#string) | **Deprecated:** Use spam protection with HTTP headers instead. Deprecated in 13.11. |
|
||||
| <a id="mutationcreatesnippetclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
|
||||
| <a id="mutationcreatesnippeterrors"></a>`errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. |
|
||||
| <a id="mutationcreatesnippetneedscaptcharesponse"></a>`needsCaptchaResponse` **{warning-solid}** | [`Boolean`](#boolean) | **Deprecated:** Use spam protection with HTTP headers instead. Deprecated in 13.11. |
|
||||
| <a id="mutationcreatesnippetsnippet"></a>`snippet` | [`Snippet`](#snippet) | Snippet after mutation. |
|
||||
| <a id="mutationcreatesnippetspam"></a>`spam` **{warning-solid}** | [`Boolean`](#boolean) | **Deprecated:** Use spam protection with HTTP headers instead. Deprecated in 13.11. |
|
||||
| <a id="mutationcreatesnippetspamlogid"></a>`spamLogId` **{warning-solid}** | [`Int`](#int) | **Deprecated:** Use spam protection with HTTP headers instead. Deprecated in 13.11. |
|
||||
|
||||
### `Mutation.createTestCase`
|
||||
|
||||
|
@ -4938,11 +4932,9 @@ Input type: `UpdateSnippetInput`
|
|||
| Name | Type | Description |
|
||||
| ---- | ---- | ----------- |
|
||||
| <a id="mutationupdatesnippetblobactions"></a>`blobActions` | [`[SnippetBlobActionInputType!]`](#snippetblobactioninputtype) | Actions to perform over the snippet repository and blobs. |
|
||||
| <a id="mutationupdatesnippetcaptcharesponse"></a>`captchaResponse` **{warning-solid}** | [`String`](#string) | **Deprecated:** Use spam protection with HTTP headers instead. Deprecated in 13.11. |
|
||||
| <a id="mutationupdatesnippetclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
|
||||
| <a id="mutationupdatesnippetdescription"></a>`description` | [`String`](#string) | Description of the snippet. |
|
||||
| <a id="mutationupdatesnippetid"></a>`id` | [`SnippetID!`](#snippetid) | Global ID of the snippet to update. |
|
||||
| <a id="mutationupdatesnippetspamlogid"></a>`spamLogId` **{warning-solid}** | [`Int`](#int) | **Deprecated:** Use spam protection with HTTP headers instead. Deprecated in 13.11. |
|
||||
| <a id="mutationupdatesnippettitle"></a>`title` | [`String`](#string) | Title of the snippet. |
|
||||
| <a id="mutationupdatesnippetvisibilitylevel"></a>`visibilityLevel` | [`VisibilityLevelsEnum`](#visibilitylevelsenum) | Visibility level of the snippet. |
|
||||
|
||||
|
@ -4950,13 +4942,9 @@ Input type: `UpdateSnippetInput`
|
|||
|
||||
| Name | Type | Description |
|
||||
| ---- | ---- | ----------- |
|
||||
| <a id="mutationupdatesnippetcaptchasitekey"></a>`captchaSiteKey` **{warning-solid}** | [`String`](#string) | **Deprecated:** Use spam protection with HTTP headers instead. Deprecated in 13.11. |
|
||||
| <a id="mutationupdatesnippetclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
|
||||
| <a id="mutationupdatesnippeterrors"></a>`errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. |
|
||||
| <a id="mutationupdatesnippetneedscaptcharesponse"></a>`needsCaptchaResponse` **{warning-solid}** | [`Boolean`](#boolean) | **Deprecated:** Use spam protection with HTTP headers instead. Deprecated in 13.11. |
|
||||
| <a id="mutationupdatesnippetsnippet"></a>`snippet` | [`Snippet`](#snippet) | Snippet after mutation. |
|
||||
| <a id="mutationupdatesnippetspam"></a>`spam` **{warning-solid}** | [`Boolean`](#boolean) | **Deprecated:** Use spam protection with HTTP headers instead. Deprecated in 13.11. |
|
||||
| <a id="mutationupdatesnippetspamlogid"></a>`spamLogId` **{warning-solid}** | [`Int`](#int) | **Deprecated:** Use spam protection with HTTP headers instead. Deprecated in 13.11. |
|
||||
|
||||
### `Mutation.userCalloutCreate`
|
||||
|
||||
|
|
|
@ -1285,6 +1285,48 @@ See the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/352564
|
|||
|
||||
**Planned removal milestone: 15.0 (2022-05-22)**
|
||||
|
||||
### Secure and Protect analyzer major version update
|
||||
|
||||
WARNING:
|
||||
This feature will be changed or removed in 15.00
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
The Secure and Protect stages will be bumping the major versions of their analyzers in tandem with the GitLab 15.0 release. This major bump will enable a clear delineation for analyzers, between:
|
||||
|
||||
- Those released prior to May 22, 2022, which generate reports that _are not_ subject to stringent schema validation.
|
||||
- Those released after May 22, 2022, which generate reports that _are_ subject to stringent schema validation.
|
||||
|
||||
If you are not using the default inclusion templates, or have pinned your analyzer version(s) you will need to update your CI/CD job definition to either remove the pinned version or to update the latest major version.
|
||||
Users of GitLab 12.0-14.10 will continue to experience analyzer updates as normal until the release of GitLab 15.0, following which all newly fixed bugs and newly released features in the new major versions of the analyzers will not be available in the deprecated versions because we do not backport bugs and new features as per our [maintenance policy](https://docs.gitlab.com/ee/policy/maintenance.html). As required security patches will be backported within the latest 3 minor releases.
|
||||
Specifically, the following are being deprecated and will no longer be updated after 15.0 GitLab release:
|
||||
|
||||
- API Security: version 1
|
||||
- Container Scanning: version 4
|
||||
- Coverage-guided fuzz testing: version 2
|
||||
- Dependency Scanning: version 2
|
||||
- Dynamic Application Security Testing (DAST): version 2
|
||||
- License Scanning: version 3
|
||||
- Secret Detection: version 3
|
||||
- Static Application Security Testing (SAST): version 2, except security-code-scan which is version 3
|
||||
- `bandit`: version 2
|
||||
- `brakeman`: version 2
|
||||
- `eslint`: version 2
|
||||
- `flawfinder`: version 2
|
||||
- `gosec`: version 3
|
||||
- `kubesec`: version 2
|
||||
- `mobsf`: version 2
|
||||
- `nodejs-scan`: version 2
|
||||
- `phpcs-security-audit`: version 2
|
||||
- `pmd-apex`: version 2
|
||||
- `security-code-scan`: version 3
|
||||
- `semgrep`: version 2
|
||||
- `sobelow`: version 2
|
||||
- `spotbugs`: version 2
|
||||
|
||||
**Planned removal milestone: 15.00 ()**
|
||||
|
||||
### Support for gRPC-aware proxy deployed between Gitaly and rest of GitLab
|
||||
|
||||
WARNING:
|
||||
|
@ -1367,6 +1409,21 @@ removed in GitLab 15.0.
|
|||
|
||||
**Planned removal milestone: 15.0 (2022-06-22)**
|
||||
|
||||
### `projectFingerprint` in `PipelineSecurityReportFinding` GraphQL
|
||||
|
||||
WARNING:
|
||||
This feature will be changed or removed in 15.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
The `projectFingerprint` field in the [PipelineSecurityReportFinding](https://docs.gitlab.com/ee/api/graphql/reference/index.html#pipelinesecurityreportfinding)
|
||||
GraphQL object is being deprecated. This field contains a "fingerprint" of security findings used to determine uniqueness.
|
||||
The method for calculating fingerprints has changed, resulting in different values. Going forward, the new values will be
|
||||
exposed in the UUID field. Data previously available in the projectFingerprint field will eventually be removed entirely.
|
||||
|
||||
**Planned removal milestone: 15.0 (2022-05-22)**
|
||||
|
||||
### `started` iterations API field
|
||||
|
||||
WARNING:
|
||||
|
|
|
@ -65,4 +65,4 @@ You can configure the following security controls:
|
|||
You can configure the following security controls:
|
||||
|
||||
- [License Compliance](../../../user/compliance/license_compliance/index.md)
|
||||
- Can be configured with `.gitlab-ci.yml`. For more details, read [License Compliance](../../../user/compliance/license_compliance/index.md#configuration).
|
||||
- Can be configured with `.gitlab-ci.yml`. For more details, read [License Compliance](../../../user/compliance/license_compliance/index.md#enable-license-compliance).
|
||||
|
|
|
@ -14,17 +14,9 @@ project's dependencies for their licenses. You can then decide whether to allow
|
|||
each license. For example, if your application uses an external (open source) library whose license
|
||||
is incompatible with yours, then you can deny the use of that license.
|
||||
|
||||
You can take advantage of License Compliance by either:
|
||||
To detect the licenses in use, License Compliance uses the [License Finder](https://github.com/pivotal/LicenseFinder) scan tool that runs as part of the CI/CD pipeline. The License Compliance job is not dependent on any other job in
|
||||
a pipeline.
|
||||
|
||||
- [Including the job](#configuration)
|
||||
in your existing `.gitlab-ci.yml` file.
|
||||
- Implicitly using
|
||||
[Auto License Compliance](../../../topics/autodevops/stages.md#auto-license-compliance),
|
||||
provided by [Auto DevOps](../../../topics/autodevops/index.md).
|
||||
|
||||
The current major version of the License Scanning analyzer is 3.
|
||||
|
||||
To detect the licenses in use, License Compliance uses the [License Finder](https://github.com/pivotal/LicenseFinder) scan tool that runs as part of the CI/CD pipeline.
|
||||
For the job to activate, License Finder needs to find a compatible package definition in the project directory. For details, see the [Activation on License Finder documentation](https://github.com/pivotal/LicenseFinder#activation).
|
||||
GitLab checks the License Compliance report, compares the
|
||||
licenses between the source and target branches, and shows the information right on the merge
|
||||
|
@ -41,6 +33,14 @@ is displayed in the merge request area. That is the case when you add the
|
|||
Consecutive merge requests have something to compare to and the license
|
||||
compliance report is shown properly.
|
||||
|
||||
The results are saved as a
|
||||
[License Compliance report artifact](../../../ci/yaml/artifacts_reports.md#artifactsreportslicense_scanning)
|
||||
that you can later download and analyze. Due to implementation limitations, we
|
||||
always take the latest License Compliance artifact available.
|
||||
|
||||
WARNING:
|
||||
License Compliance Scanning does not support run-time installation of compilers and interpreters.
|
||||
|
||||
![License Compliance Widget](img/license_compliance_v13_0.png)
|
||||
|
||||
You can select a license to see more information.
|
||||
|
@ -93,27 +93,26 @@ The reported licenses might be incomplete or inaccurate.
|
|||
| Rust | [Cargo](https://crates.io) |
|
||||
| PHP | [Composer](https://getcomposer.org/) |
|
||||
|
||||
## Requirements
|
||||
## Enable License Compliance
|
||||
|
||||
WARNING:
|
||||
License Compliance Scanning does not support run-time installation of compilers and interpreters.
|
||||
To enable License Compliance in your project's pipeline, either:
|
||||
|
||||
To run a License Compliance scanning job, you need GitLab Runner with the
|
||||
[`docker` executor](https://docs.gitlab.com/runner/executors/docker.html).
|
||||
- Enable [Auto License Compliance](../../../topics/autodevops/stages.md#auto-license-compliance)
|
||||
(provided by [Auto DevOps](../../../topics/autodevops/index.md)).
|
||||
- Include the [`License-Scanning.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/License-Scanning.gitlab-ci.yml) in your `.gitlab-ci.yml` file.
|
||||
|
||||
## Configuration
|
||||
### Include the License Scanning template
|
||||
|
||||
For GitLab 12.8 and later, to enable License Compliance, you must
|
||||
[include](../../../ci/yaml/index.md#includetemplate) the
|
||||
[`License-Scanning.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/License-Scanning.gitlab-ci.yml)
|
||||
that's provided as a part of your GitLab installation.
|
||||
For older versions of GitLab from 11.9 to 12.7, you must
|
||||
[include](../../../ci/yaml/index.md#includetemplate) the
|
||||
[`License-Management.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/d2cc841c55d65bc8134bfb3a467e66c36ac32b0a/lib/gitlab/ci/templates/Security/License-Management.gitlab-ci.yml).
|
||||
For GitLab versions earlier than 11.9, you can copy and use the job as defined
|
||||
that template.
|
||||
Prerequisites:
|
||||
|
||||
Add the following to your `.gitlab-ci.yml` file:
|
||||
- [GitLab Runner](../../../ci/runners/index.md) available, with the
|
||||
[`docker` executor](https://docs.gitlab.com/runner/executors/docker.html). If you're using the
|
||||
shared runners on GitLab.com, this is enabled by default.
|
||||
- License Scanning runs in the `test` stage, which is available by default. If you redefine the stages in the
|
||||
`.gitlab-ci.yml` file, the `test` stage is required.
|
||||
|
||||
To [include](../../../ci/yaml/index.md#includetemplate) the
|
||||
[`License-Scanning.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/License-Scanning.gitlab-ci.yml), add it to your `.gitlab-ci.yml` file:
|
||||
|
||||
```yaml
|
||||
include:
|
||||
|
@ -123,26 +122,6 @@ include:
|
|||
The included template creates a `license_scanning` job in your CI/CD pipeline and scans your
|
||||
dependencies to find their licenses.
|
||||
|
||||
NOTE:
|
||||
Before GitLab 12.8, the `license_scanning` job was named `license_management`. GitLab 13.0 removes
|
||||
the `license_management` job, so you must migrate to the `license_scanning` job and use the new
|
||||
`License-Scanning.gitlab-ci.yml` template.
|
||||
|
||||
The results are saved as a
|
||||
[License Compliance report artifact](../../../ci/yaml/artifacts_reports.md#artifactsreportslicense_scanning)
|
||||
that you can later download and analyze. Due to implementation limitations, we
|
||||
always take the latest License Compliance artifact available. Behind the scenes, the
|
||||
[GitLab License Compliance Docker image](https://gitlab.com/gitlab-org/security-products/analyzers/license-finder)
|
||||
is used to detect the languages/frameworks and in turn analyzes the licenses.
|
||||
|
||||
The License Compliance settings can be changed through [CI/CD variables](#available-cicd-variables) by using the
|
||||
[`variables`](../../../ci/yaml/index.md#variables) parameter in `.gitlab-ci.yml`.
|
||||
|
||||
### When License Compliance runs
|
||||
|
||||
When using the GitLab `License-Scanning.gitlab-ci.yml` template, the License Compliance job doesn't
|
||||
wait for other stages to complete.
|
||||
|
||||
### Available CI/CD variables
|
||||
|
||||
License Compliance can be configured using CI/CD variables.
|
||||
|
@ -653,7 +632,7 @@ successfully run. For more information, see [Offline environments](../../applica
|
|||
|
||||
To use License Compliance in an offline environment, you need:
|
||||
|
||||
- GitLab Runner with the [`docker` or `kubernetes` executor](#requirements).
|
||||
- To meet the standard [License Compliance prerequisites](#include-the-license-scanning-template).
|
||||
- Docker Container Registry with locally available copies of License Compliance [analyzer](https://gitlab.com/gitlab-org/security-products/analyzers) images.
|
||||
|
||||
NOTE:
|
||||
|
@ -731,7 +710,7 @@ details about them.
|
|||
For the licenses to appear under the license list, the following
|
||||
requirements must be met:
|
||||
|
||||
1. The License Compliance CI job must be [configured](#configuration) for your project.
|
||||
1. The License Compliance CI/CD job must be [enabled](#enable-license-compliance) for your project.
|
||||
1. Your project must use at least one of the
|
||||
[supported languages and package managers](#supported-languages-and-package-managers).
|
||||
|
||||
|
|
|
@ -0,0 +1,42 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
module Gitlab::Ci
|
||||
module Badge
|
||||
module Release
|
||||
class LatestRelease < Badge::Base
|
||||
attr_reader :project, :release, :customization
|
||||
|
||||
def initialize(project, current_user, opts: {})
|
||||
@project = project
|
||||
@customization = {
|
||||
key_width: opts[:key_width] ? opts[:key_width].to_i : nil,
|
||||
key_text: opts[:key_text]
|
||||
}
|
||||
|
||||
# In the future, we should support `order_by=semver` for showing the
|
||||
# latest release based on Semantic Versioning.
|
||||
@release = ::ReleasesFinder.new(
|
||||
project,
|
||||
current_user,
|
||||
order_by: opts[:order_by]).execute.first
|
||||
end
|
||||
|
||||
def entity
|
||||
'Latest Release'
|
||||
end
|
||||
|
||||
def tag
|
||||
@release&.tag
|
||||
end
|
||||
|
||||
def metadata
|
||||
@metadata ||= Release::Metadata.new(self)
|
||||
end
|
||||
|
||||
def template
|
||||
@template ||= Release::Template.new(self)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,25 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
module Gitlab::Ci
|
||||
module Badge
|
||||
module Release
|
||||
class Metadata < Badge::Metadata
|
||||
def initialize(badge)
|
||||
@project = badge.project
|
||||
end
|
||||
|
||||
def title
|
||||
'Latest Release'
|
||||
end
|
||||
|
||||
def image_url
|
||||
release_project_badges_url(@project, format: :svg)
|
||||
end
|
||||
|
||||
def link_url
|
||||
project_releases_url(@project)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,44 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
module Gitlab::Ci
|
||||
module Badge
|
||||
module Release
|
||||
# Template object will be passed to badge.svg.erb template.
|
||||
class Template < Badge::Template
|
||||
STATUS_COLOR = {
|
||||
latest: '#3076af',
|
||||
none: '#e05d44'
|
||||
}.freeze
|
||||
KEY_WIDTH_DEFAULT = 90
|
||||
VALUE_WIDTH_DEFAULT = 54
|
||||
|
||||
def initialize(badge)
|
||||
@entity = badge.entity
|
||||
@tag = badge.tag || "none"
|
||||
@key_width = badge.customization.dig(:key_width)
|
||||
@key_text = badge.customization.dig(:key_text)
|
||||
end
|
||||
|
||||
def key_text
|
||||
@key_text || @entity.to_s
|
||||
end
|
||||
|
||||
def key_width
|
||||
@key_width || KEY_WIDTH_DEFAULT
|
||||
end
|
||||
|
||||
def value_text
|
||||
@tag.to_s
|
||||
end
|
||||
|
||||
def value_width
|
||||
VALUE_WIDTH_DEFAULT
|
||||
end
|
||||
|
||||
def value_color
|
||||
STATUS_COLOR[@tag.to_sym] || STATUS_COLOR[:latest]
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -37,8 +37,15 @@ dependency_scanning:
|
|||
script:
|
||||
- /analyzer run
|
||||
|
||||
.cyclone-dx-reports:
|
||||
artifacts:
|
||||
paths:
|
||||
- "**/cyclonedx-*.json"
|
||||
|
||||
gemnasium-dependency_scanning:
|
||||
extends: .ds-analyzer
|
||||
extends:
|
||||
- .ds-analyzer
|
||||
- .cyclone-dx-reports
|
||||
image:
|
||||
name: "$DS_ANALYZER_IMAGE"
|
||||
variables:
|
||||
|
@ -67,7 +74,9 @@ gemnasium-dependency_scanning:
|
|||
- '{conan.lock,*/conan.lock,*/*/conan.lock}'
|
||||
|
||||
gemnasium-maven-dependency_scanning:
|
||||
extends: .ds-analyzer
|
||||
extends:
|
||||
- .ds-analyzer
|
||||
- .cyclone-dx-reports
|
||||
image:
|
||||
name: "$DS_ANALYZER_IMAGE"
|
||||
variables:
|
||||
|
@ -93,7 +102,9 @@ gemnasium-maven-dependency_scanning:
|
|||
- '{pom.xml,*/pom.xml,*/*/pom.xml}'
|
||||
|
||||
gemnasium-python-dependency_scanning:
|
||||
extends: .ds-analyzer
|
||||
extends:
|
||||
- .ds-analyzer
|
||||
- .cyclone-dx-reports
|
||||
image:
|
||||
name: "$DS_ANALYZER_IMAGE"
|
||||
variables:
|
||||
|
|
|
@ -7,39 +7,100 @@ RSpec.describe Projects::BadgesController do
|
|||
let_it_be(:pipeline, reload: true) { create(:ci_empty_pipeline, project: project) }
|
||||
let_it_be(:user) { create(:user) }
|
||||
|
||||
shared_examples 'a badge resource' do |badge_type|
|
||||
context 'when pipelines are public' do
|
||||
shared_context 'renders badge irrespective of project access levels' do |badge_type|
|
||||
context 'when project is public' do
|
||||
before do
|
||||
project.update!(public_builds: true)
|
||||
project.update!(visibility_level: Gitlab::VisibilityLevel::PUBLIC)
|
||||
end
|
||||
|
||||
context 'when project is public' do
|
||||
before do
|
||||
project.update!(visibility_level: Gitlab::VisibilityLevel::PUBLIC)
|
||||
end
|
||||
it "returns the #{badge_type} badge to unauthenticated users" do
|
||||
get_badge(badge_type)
|
||||
|
||||
it "returns the #{badge_type} badge to unauthenticated users" do
|
||||
get_badge(badge_type)
|
||||
|
||||
expect(response).to have_gitlab_http_status(:ok)
|
||||
end
|
||||
end
|
||||
|
||||
context 'when project is restricted' do
|
||||
before do
|
||||
project.update!(visibility_level: Gitlab::VisibilityLevel::INTERNAL)
|
||||
project.add_guest(user)
|
||||
sign_in(user)
|
||||
end
|
||||
|
||||
it "returns the #{badge_type} badge to guest users" do
|
||||
get_badge(badge_type)
|
||||
|
||||
expect(response).to have_gitlab_http_status(:ok)
|
||||
end
|
||||
expect(response).to have_gitlab_http_status(:ok)
|
||||
end
|
||||
end
|
||||
|
||||
context 'when project is restricted' do
|
||||
before do
|
||||
project.update!(visibility_level: Gitlab::VisibilityLevel::INTERNAL)
|
||||
project.add_guest(user)
|
||||
sign_in(user)
|
||||
end
|
||||
|
||||
it "returns the #{badge_type} badge to guest users" do
|
||||
get_badge(badge_type)
|
||||
|
||||
expect(response).to have_gitlab_http_status(:ok)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
shared_context 'when pipelines are public' do |badge_type|
|
||||
before do
|
||||
project.update!(public_builds: true)
|
||||
end
|
||||
|
||||
it_behaves_like 'renders badge irrespective of project access levels', badge_type
|
||||
end
|
||||
|
||||
shared_context 'when pipelines are not public' do |badge_type|
|
||||
before do
|
||||
project.update!(public_builds: false)
|
||||
end
|
||||
|
||||
context 'when project is public' do
|
||||
before do
|
||||
project.update!(visibility_level: Gitlab::VisibilityLevel::PUBLIC)
|
||||
end
|
||||
|
||||
it 'returns 404 to unauthenticated users' do
|
||||
get_badge(badge_type)
|
||||
|
||||
expect(response).to have_gitlab_http_status(:not_found)
|
||||
end
|
||||
end
|
||||
|
||||
context 'when project is restricted to the user' do
|
||||
before do
|
||||
project.update!(visibility_level: Gitlab::VisibilityLevel::INTERNAL)
|
||||
project.add_guest(user)
|
||||
sign_in(user)
|
||||
end
|
||||
|
||||
it 'defaults to project permissions' do
|
||||
get_badge(badge_type)
|
||||
|
||||
expect(response).to have_gitlab_http_status(:not_found)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
shared_context 'customization' do |badge_type|
|
||||
render_views
|
||||
|
||||
before do
|
||||
project.add_maintainer(user)
|
||||
sign_in(user)
|
||||
end
|
||||
|
||||
context 'when key_text param is used' do
|
||||
it 'sets custom key text' do
|
||||
get_badge(badge_type, key_text: 'custom key text')
|
||||
|
||||
expect(response.body).to include('custom key text')
|
||||
end
|
||||
end
|
||||
|
||||
context 'when key_width param is used' do
|
||||
it 'sets custom key width' do
|
||||
get_badge(badge_type, key_width: '123')
|
||||
|
||||
expect(response.body).to include('123')
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
shared_examples 'a badge resource' do |badge_type|
|
||||
context 'format' do
|
||||
before do
|
||||
project.add_maintainer(user)
|
||||
|
@ -77,61 +138,11 @@ RSpec.describe Projects::BadgesController do
|
|||
end
|
||||
end
|
||||
|
||||
context 'when pipelines are not public' do
|
||||
before do
|
||||
project.update!(public_builds: false)
|
||||
end
|
||||
it_behaves_like 'customization', badge_type
|
||||
|
||||
context 'when project is public' do
|
||||
before do
|
||||
project.update!(visibility_level: Gitlab::VisibilityLevel::PUBLIC)
|
||||
end
|
||||
|
||||
it 'returns 404 to unauthenticated users' do
|
||||
get_badge(badge_type)
|
||||
|
||||
expect(response).to have_gitlab_http_status(:not_found)
|
||||
end
|
||||
end
|
||||
|
||||
context 'when project is restricted to the user' do
|
||||
before do
|
||||
project.update!(visibility_level: Gitlab::VisibilityLevel::INTERNAL)
|
||||
project.add_guest(user)
|
||||
sign_in(user)
|
||||
end
|
||||
|
||||
it 'defaults to project permissions' do
|
||||
get_badge(badge_type)
|
||||
|
||||
expect(response).to have_gitlab_http_status(:not_found)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context 'customization' do
|
||||
render_views
|
||||
|
||||
before do
|
||||
project.add_maintainer(user)
|
||||
sign_in(user)
|
||||
end
|
||||
|
||||
context 'when key_text param is used' do
|
||||
it 'sets custom key text' do
|
||||
get_badge(badge_type, key_text: 'custom key text')
|
||||
|
||||
expect(response.body).to include('custom key text')
|
||||
end
|
||||
end
|
||||
|
||||
context 'when key_width param is used' do
|
||||
it 'sets custom key width' do
|
||||
get_badge(badge_type, key_width: '123')
|
||||
|
||||
expect(response.body).to include('123')
|
||||
end
|
||||
end
|
||||
if [:pipeline, :coverage].include?(badge_type)
|
||||
it_behaves_like 'when pipelines are public', badge_type
|
||||
it_behaves_like 'when pipelines are not public', badge_type
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -163,6 +174,13 @@ RSpec.describe Projects::BadgesController do
|
|||
it_behaves_like 'a badge resource', :coverage
|
||||
end
|
||||
|
||||
describe '#release' do
|
||||
action = :release
|
||||
|
||||
it_behaves_like 'a badge resource', action
|
||||
it_behaves_like 'renders badge irrespective of project access levels', action
|
||||
end
|
||||
|
||||
def get_badge(badge, args = {})
|
||||
params = {
|
||||
namespace_id: project.namespace.to_param,
|
||||
|
|
|
@ -0,0 +1,15 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'spec_helper'
|
||||
|
||||
RSpec.describe 'Bizible content security policy' do
|
||||
before do
|
||||
stub_config(extra: { one_trust_id: SecureRandom.uuid })
|
||||
end
|
||||
|
||||
it 'has proper Content Security Policy headers' do
|
||||
visit root_path
|
||||
|
||||
expect(response_headers['Content-Security-Policy']).to include('https://cdn.bizible.com/scripts/bizible.js')
|
||||
end
|
||||
end
|
|
@ -0,0 +1,47 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require "spec_helper"
|
||||
|
||||
RSpec.describe BizibleHelper do
|
||||
describe '#bizible_enabled?' do
|
||||
before do
|
||||
stub_config(extra: { bizible: SecureRandom.uuid })
|
||||
end
|
||||
|
||||
context 'when bizible is disabled' do
|
||||
before do
|
||||
allow(helper).to receive(:bizible_enabled?).and_return(false)
|
||||
end
|
||||
|
||||
it { is_expected.to be_falsey }
|
||||
end
|
||||
|
||||
context 'when bizible is enabled' do
|
||||
before do
|
||||
allow(helper).to receive(:bizible_enabled?).and_return(true)
|
||||
end
|
||||
|
||||
it { is_expected.to be_truthy }
|
||||
end
|
||||
|
||||
subject(:bizible_enabled?) { helper.bizible_enabled? }
|
||||
|
||||
context 'with ecomm_instrumentation feature flag disabled' do
|
||||
before do
|
||||
stub_feature_flags(ecomm_instrumentation: false)
|
||||
end
|
||||
|
||||
it { is_expected.to be_falsey }
|
||||
end
|
||||
|
||||
context 'with ecomm_instrumentation feature flag enabled' do
|
||||
context 'when no id is set' do
|
||||
before do
|
||||
stub_config(extra: {})
|
||||
end
|
||||
|
||||
it { is_expected.to be_falsey }
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,42 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'spec_helper'
|
||||
|
||||
RSpec.describe Gitlab::Ci::Badge::Release::LatestRelease do
|
||||
let(:project) { create(:project, :repository) }
|
||||
let(:user) { create(:user) }
|
||||
|
||||
before do
|
||||
project.add_guest(user)
|
||||
create(:release, project: project, released_at: 1.day.ago)
|
||||
end
|
||||
|
||||
subject { described_class.new(project, user) }
|
||||
|
||||
describe '#entity' do
|
||||
it 'describes latest release' do
|
||||
expect(subject.entity).to eq 'Latest Release'
|
||||
end
|
||||
end
|
||||
|
||||
describe '#tag' do
|
||||
it 'returns latest release tag for the project ordered using release_at' do
|
||||
create(:release, tag: "v1.0.0", project: project, released_at: 1.hour.ago)
|
||||
latest_release = create(:release, tag: "v2.0.0", project: project, released_at: Time.current)
|
||||
|
||||
expect(subject.tag).to eq latest_release.tag
|
||||
end
|
||||
end
|
||||
|
||||
describe '#metadata' do
|
||||
it 'returns correct metadata' do
|
||||
expect(subject.metadata.image_url).to include 'release.svg'
|
||||
end
|
||||
end
|
||||
|
||||
describe '#template' do
|
||||
it 'returns correct template' do
|
||||
expect(subject.template.key_text).to eq 'Latest Release'
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,40 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'spec_helper'
|
||||
require 'lib/gitlab/ci/badge/shared/metadata'
|
||||
|
||||
RSpec.describe Gitlab::Ci::Badge::Release::Metadata do
|
||||
let(:project) { create(:project) }
|
||||
let(:ref) { 'feature' }
|
||||
let!(:release) { create(:release, tag: ref, project: project) }
|
||||
let(:user) { create(:user) }
|
||||
let(:badge) do
|
||||
Gitlab::Ci::Badge::Release::LatestRelease.new(project, user)
|
||||
end
|
||||
|
||||
let(:metadata) { described_class.new(badge) }
|
||||
|
||||
before do
|
||||
project.add_guest(user)
|
||||
end
|
||||
|
||||
it_behaves_like 'badge metadata'
|
||||
|
||||
describe '#title' do
|
||||
it 'returns latest release title' do
|
||||
expect(metadata.title).to eq 'Latest Release'
|
||||
end
|
||||
end
|
||||
|
||||
describe '#image_url' do
|
||||
it 'returns valid url' do
|
||||
expect(metadata.image_url).to include "/-/badges/release.svg"
|
||||
end
|
||||
end
|
||||
|
||||
describe '#link_url' do
|
||||
it 'returns valid link' do
|
||||
expect(metadata.link_url).to include "/-/releases"
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,90 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'spec_helper'
|
||||
|
||||
RSpec.describe Gitlab::Ci::Badge::Release::Template do
|
||||
let(:project) { create(:project) }
|
||||
let(:ref) { 'v1.2.3' }
|
||||
let(:user) { create(:user) }
|
||||
let!(:release) { create(:release, tag: ref, project: project) }
|
||||
let(:badge) { Gitlab::Ci::Badge::Release::LatestRelease.new(project, user) }
|
||||
let(:template) { described_class.new(badge) }
|
||||
|
||||
before do
|
||||
project.add_guest(user)
|
||||
end
|
||||
|
||||
describe '#key_text' do
|
||||
it 'defaults to latest release' do
|
||||
expect(template.key_text).to eq 'Latest Release'
|
||||
end
|
||||
|
||||
it 'returns custom key text' do
|
||||
key_text = 'Test Release'
|
||||
badge = Gitlab::Ci::Badge::Release::LatestRelease.new(project, user, opts: { key_text: key_text })
|
||||
|
||||
expect(described_class.new(badge).key_text).to eq key_text
|
||||
end
|
||||
end
|
||||
|
||||
describe '#value_text' do
|
||||
context 'when a release exists' do
|
||||
it 'returns the tag of the release' do
|
||||
expect(template.value_text).to eq ref
|
||||
end
|
||||
end
|
||||
|
||||
context 'no releases exist' do
|
||||
before do
|
||||
allow(badge).to receive(:tag).and_return(nil)
|
||||
end
|
||||
|
||||
it 'returns string that latest release is none' do
|
||||
expect(template.value_text).to eq 'none'
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe '#key_width' do
|
||||
it 'returns the default key width' do
|
||||
expect(template.key_width).to eq 90
|
||||
end
|
||||
|
||||
it 'returns custom key width' do
|
||||
key_width = 100
|
||||
badge = Gitlab::Ci::Badge::Release::LatestRelease.new(project, user, opts: { key_width: key_width })
|
||||
|
||||
expect(described_class.new(badge).key_width).to eq key_width
|
||||
end
|
||||
end
|
||||
|
||||
describe '#value_width' do
|
||||
it 'has a fixed value width' do
|
||||
expect(template.value_width).to eq 54
|
||||
end
|
||||
end
|
||||
|
||||
describe '#key_color' do
|
||||
it 'always has the same color' do
|
||||
expect(template.key_color).to eq '#555'
|
||||
end
|
||||
end
|
||||
|
||||
describe '#value_color' do
|
||||
context 'when release exists' do
|
||||
it 'is blue' do
|
||||
expect(template.value_color).to eq '#3076af'
|
||||
end
|
||||
end
|
||||
|
||||
context 'when release does not exist' do
|
||||
before do
|
||||
allow(badge).to receive(:tag).and_return(nil)
|
||||
end
|
||||
|
||||
it 'is red' do
|
||||
expect(template.value_color).to eq '#e05d44'
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -16,17 +16,4 @@ RSpec.shared_examples 'a mutation which can mutate a spammable' do
|
|||
subject
|
||||
end
|
||||
end
|
||||
|
||||
describe "#spam_action_response_fields" do
|
||||
it 'resolves with spam action fields' do
|
||||
subject
|
||||
|
||||
# NOTE: We do not need to assert on the specific values of spam action fields here, we only need
|
||||
# to verify that #spam_action_response_fields was invoked and that the fields are present in the
|
||||
# response. The specific behavior of #spam_action_response_fields is covered in the
|
||||
# HasSpamActionResponseFields unit tests.
|
||||
expect(mutation_response.keys)
|
||||
.to include('spam', 'spamLogId', 'needsCaptchaResponse', 'captchaSiteKey')
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue