From 5fe82ba3d39345ce6c6df14a10b13998b13c68b2 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Tue, 15 Sep 2020 03:09:24 +0000 Subject: [PATCH] Add latest changes from gitlab-org/gitlab@master --- app/models/alert_management/alert.rb | 28 ++- app/models/authentication_event.rb | 12 + .../nuget/create_dependency_service.rb | 2 +- app/services/packages/update_tags_service.rb | 2 +- ...7947-search-api-issues-filter-by-state.yml | 5 + .../unreleased/dblessing-auth-events.yml | 5 + .../sy-gfm-reference-for-alerts.yml | 5 + ...0908100053_create_authentication_events.rb | 33 +++ db/schema_migrations/20200908100053 | 1 + db/structure.sql | 33 +++ doc/administration/gitaly/praefect.md | 67 +++--- doc/api/search.md | 2 + doc/ci/caching/index.md | 70 +++--- doc/ci/unit_test_reports.md | 2 + doc/development/telemetry/usage_ping.md | 50 ++++ .../container_scanning/index.md | 16 +- doc/user/application_security/dast/index.md | 4 +- .../dependency_scanning/index.md | 8 +- .../offline_deployments/index.md | 4 +- doc/user/application_security/sast/index.md | 12 +- .../secret_detection/index.md | 4 +- .../security_dashboard/index.md | 2 +- .../compliance/license_compliance/index.md | 4 +- doc/user/markdown.md | 5 + doc/user/project/deploy_boards.md | 4 +- doc/user/project/web_ide/index.md | 12 +- lib/api/helpers/search_helpers.rb | 4 + lib/api/search.rb | 4 + lib/banzai/filter/alert_reference_filter.rb | 29 +++ lib/banzai/pipeline/gfm_pipeline.rb | 3 +- lib/banzai/pipeline/single_line_pipeline.rb | 3 +- lib/banzai/reference_parser/alert_parser.rb | 19 ++ locale/gitlab.pot | 2 - rubocop/cop/gitlab/bulk_insert.rb | 2 +- spec/features/markdown/markdown_spec.rb | 1 + spec/fixtures/markdown.md.erb | 9 + .../filter/alert_reference_filter_spec.rb | 223 ++++++++++++++++++ .../reference_parser/alert_parser_spec.rb | 49 ++++ spec/models/alert_management/alert_spec.rb | 33 ++- spec/models/authentication_event_spec.rb | 15 ++ spec/requests/api/search_spec.rb | 105 +++++++-- spec/rubocop/cop/gitlab/bulk_insert_spec.rb | 9 +- spec/support/helpers/markdown_feature.rb | 8 + spec/support/matchers/markdown_matchers.rb | 9 + .../reference_parser_shared_examples.rb | 6 +- 45 files changed, 787 insertions(+), 138 deletions(-) create mode 100644 app/models/authentication_event.rb create mode 100644 changelogs/unreleased/237947-search-api-issues-filter-by-state.yml create mode 100644 changelogs/unreleased/dblessing-auth-events.yml create mode 100644 changelogs/unreleased/sy-gfm-reference-for-alerts.yml create mode 100644 db/migrate/20200908100053_create_authentication_events.rb create mode 100644 db/schema_migrations/20200908100053 create mode 100644 lib/banzai/filter/alert_reference_filter.rb create mode 100644 lib/banzai/reference_parser/alert_parser.rb create mode 100644 spec/lib/banzai/filter/alert_reference_filter_spec.rb create mode 100644 spec/lib/banzai/reference_parser/alert_parser_spec.rb create mode 100644 spec/models/authentication_event_spec.rb diff --git a/app/models/alert_management/alert.rb b/app/models/alert_management/alert.rb index 36186157c5d..d1b5eaecc6a 100644 --- a/app/models/alert_management/alert.rb +++ b/app/models/alert_management/alert.rb @@ -12,6 +12,7 @@ module AlertManagement include Gitlab::SQL::Pattern include Presentable include Gitlab::Utils::StrongMemoize + include Referable STATUSES = { triggered: 0, @@ -170,6 +171,25 @@ module AlertManagement with_prometheus_alert.where(id: ids) end + def self.reference_prefix + '^alert#' + end + + def self.reference_pattern + @reference_pattern ||= %r{ + (#{Project.reference_pattern})? + #{Regexp.escape(reference_prefix)}(?\d+) + }x + end + + def self.link_reference_pattern + @link_reference_pattern ||= super("alert_management", /(?\d+)\/details(\#)?/) + end + + def self.reference_valid?(reference) + reference.to_i > 0 && reference.to_i <= Gitlab::Database::MAX_INT_VALUE + end + def prometheus? monitoring_tool == Gitlab::AlertManagement::AlertParams::MONITORING_TOOLS[:prometheus] end @@ -178,10 +198,10 @@ module AlertManagement increment!(:events) end - # required for todos (typically contains an identifier like issue iid) - # no-op; we could use iid, but we don't have a reference prefix - def to_reference(_from = nil, full: false) - '' + def to_reference(from = nil, full: false) + reference = "#{self.class.reference_prefix}#{iid}" + + "#{project.to_reference_base(from, full: full)}#{reference}" end def execute_services diff --git a/app/models/authentication_event.rb b/app/models/authentication_event.rb new file mode 100644 index 00000000000..1ac3c5fbd9c --- /dev/null +++ b/app/models/authentication_event.rb @@ -0,0 +1,12 @@ +# frozen_string_literal: true + +class AuthenticationEvent < ApplicationRecord + belongs_to :user, optional: true + + validates :provider, :user_name, :result, presence: true + + enum result: { + failed: 0, + success: 1 + } +end diff --git a/app/services/packages/nuget/create_dependency_service.rb b/app/services/packages/nuget/create_dependency_service.rb index 2be5db732f6..19143fe3778 100644 --- a/app/services/packages/nuget/create_dependency_service.rb +++ b/app/services/packages/nuget/create_dependency_service.rb @@ -41,7 +41,7 @@ module Packages } end - ::Gitlab::Database.bulk_insert(::Packages::Nuget::DependencyLinkMetadatum.table_name, rows.compact) + ::Gitlab::Database.bulk_insert(::Packages::Nuget::DependencyLinkMetadatum.table_name, rows.compact) # rubocop:disable Gitlab/BulkInsert end def raw_dependency_for(dependency) diff --git a/app/services/packages/update_tags_service.rb b/app/services/packages/update_tags_service.rb index da50cd3479e..adfad52910e 100644 --- a/app/services/packages/update_tags_service.rb +++ b/app/services/packages/update_tags_service.rb @@ -15,7 +15,7 @@ module Packages tags_to_create = @tags - existing_tags @package.tags.with_name(tags_to_destroy).delete_all if tags_to_destroy.any? - ::Gitlab::Database.bulk_insert(Packages::Tag.table_name, rows(tags_to_create)) if tags_to_create.any? + ::Gitlab::Database.bulk_insert(Packages::Tag.table_name, rows(tags_to_create)) if tags_to_create.any? # rubocop:disable Gitlab/BulkInsert end private diff --git a/changelogs/unreleased/237947-search-api-issues-filter-by-state.yml b/changelogs/unreleased/237947-search-api-issues-filter-by-state.yml new file mode 100644 index 00000000000..c22642d45f2 --- /dev/null +++ b/changelogs/unreleased/237947-search-api-issues-filter-by-state.yml @@ -0,0 +1,5 @@ +--- +title: Add issues and merge_requests filtering by state for search API +merge_request: 41989 +author: +type: added diff --git a/changelogs/unreleased/dblessing-auth-events.yml b/changelogs/unreleased/dblessing-auth-events.yml new file mode 100644 index 00000000000..174408fc945 --- /dev/null +++ b/changelogs/unreleased/dblessing-auth-events.yml @@ -0,0 +1,5 @@ +--- +title: Add AuthenticationEvent to store sign-in events +merge_request: 39652 +author: +type: added diff --git a/changelogs/unreleased/sy-gfm-reference-for-alerts.yml b/changelogs/unreleased/sy-gfm-reference-for-alerts.yml new file mode 100644 index 00000000000..621bf676e69 --- /dev/null +++ b/changelogs/unreleased/sy-gfm-reference-for-alerts.yml @@ -0,0 +1,5 @@ +--- +title: Add GFM reference format for alerts +merge_request: 40922 +author: +type: added diff --git a/db/migrate/20200908100053_create_authentication_events.rb b/db/migrate/20200908100053_create_authentication_events.rb new file mode 100644 index 00000000000..2ea9f4e24af --- /dev/null +++ b/db/migrate/20200908100053_create_authentication_events.rb @@ -0,0 +1,33 @@ +# frozen_string_literal: true + +class CreateAuthenticationEvents < ActiveRecord::Migration[6.0] + include Gitlab::Database::MigrationHelpers + + DOWNTIME = false + + disable_ddl_transaction! + + def up + unless table_exists?(:authentication_events) + with_lock_retries do + create_table :authentication_events do |t| + t.datetime_with_timezone :created_at, null: false + t.references :user, foreign_key: { on_delete: :nullify }, index: true + t.integer :result, limit: 2, null: false + t.inet :ip_address + t.text :provider, null: false, index: true + t.text :user_name, null: false + end + end + end + + add_text_limit :authentication_events, :provider, 64 + add_text_limit :authentication_events, :user_name, 255 + end + + def down + with_lock_retries do + drop_table :authentication_events + end + end +end diff --git a/db/schema_migrations/20200908100053 b/db/schema_migrations/20200908100053 new file mode 100644 index 00000000000..f57b8f3a317 --- /dev/null +++ b/db/schema_migrations/20200908100053 @@ -0,0 +1 @@ +5642f7d91bbbd20d1e3a964b6a06a4da14474db58f47e3ee0ce3273f7cd7a9e8 \ No newline at end of file diff --git a/db/structure.sql b/db/structure.sql index 6a2e20f85f7..35f0df7f72e 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -9539,6 +9539,27 @@ CREATE SEQUENCE public.audit_events_id_seq ALTER SEQUENCE public.audit_events_id_seq OWNED BY public.audit_events.id; +CREATE TABLE public.authentication_events ( + id bigint NOT NULL, + created_at timestamp with time zone NOT NULL, + user_id bigint, + result smallint NOT NULL, + ip_address inet, + provider text NOT NULL, + user_name text NOT NULL, + CONSTRAINT check_45a6cc4e80 CHECK ((char_length(user_name) <= 255)), + CONSTRAINT check_c64f424630 CHECK ((char_length(provider) <= 64)) +); + +CREATE SEQUENCE public.authentication_events_id_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + +ALTER SEQUENCE public.authentication_events_id_seq OWNED BY public.authentication_events.id; + CREATE TABLE public.award_emoji ( id integer NOT NULL, name character varying, @@ -16965,6 +16986,8 @@ ALTER TABLE ONLY public.atlassian_identities ALTER COLUMN user_id SET DEFAULT ne ALTER TABLE ONLY public.audit_events ALTER COLUMN id SET DEFAULT nextval('public.audit_events_id_seq'::regclass); +ALTER TABLE ONLY public.authentication_events ALTER COLUMN id SET DEFAULT nextval('public.authentication_events_id_seq'::regclass); + ALTER TABLE ONLY public.award_emoji ALTER COLUMN id SET DEFAULT nextval('public.award_emoji_id_seq'::regclass); ALTER TABLE ONLY public.background_migration_jobs ALTER COLUMN id SET DEFAULT nextval('public.background_migration_jobs_id_seq'::regclass); @@ -17896,6 +17919,9 @@ ALTER TABLE ONLY public.audit_events_part_5fc467ac26 ALTER TABLE ONLY public.audit_events ADD CONSTRAINT audit_events_pkey PRIMARY KEY (id); +ALTER TABLE ONLY public.authentication_events + ADD CONSTRAINT authentication_events_pkey PRIMARY KEY (id); + ALTER TABLE ONLY public.award_emoji ADD CONSTRAINT award_emoji_pkey PRIMARY KEY (id); @@ -19333,6 +19359,10 @@ CREATE INDEX index_approvers_on_user_id ON public.approvers USING btree (user_id CREATE UNIQUE INDEX index_atlassian_identities_on_extern_uid ON public.atlassian_identities USING btree (extern_uid); +CREATE INDEX index_authentication_events_on_provider ON public.authentication_events USING btree (provider); + +CREATE INDEX index_authentication_events_on_user_id ON public.authentication_events USING btree (user_id); + CREATE INDEX index_award_emoji_on_awardable_type_and_awardable_id ON public.award_emoji USING btree (awardable_type, awardable_id); CREATE INDEX index_award_emoji_on_user_id_and_name ON public.award_emoji USING btree (user_id, name); @@ -23162,6 +23192,9 @@ ALTER TABLE ONLY public.webauthn_registrations ALTER TABLE ONLY public.packages_build_infos ADD CONSTRAINT fk_rails_b18868292d FOREIGN KEY (package_id) REFERENCES public.packages_packages(id) ON DELETE CASCADE; +ALTER TABLE ONLY public.authentication_events + ADD CONSTRAINT fk_rails_b204656a54 FOREIGN KEY (user_id) REFERENCES public.users(id) ON DELETE SET NULL; + ALTER TABLE ONLY public.merge_trains ADD CONSTRAINT fk_rails_b29261ce31 FOREIGN KEY (user_id) REFERENCES public.users(id) ON DELETE CASCADE; diff --git a/doc/administration/gitaly/praefect.md b/doc/administration/gitaly/praefect.md index 42269f780a8..d69eed81c17 100644 --- a/doc/administration/gitaly/praefect.md +++ b/doc/administration/gitaly/praefect.md @@ -1075,7 +1075,7 @@ recovery efforts by preventing writes that may conflict with the unreplicated wr To enable writes again, an administrator can: 1. [Check](#check-for-data-loss) for data loss. -1. Attempt to [recover](#recover-missing-data) missing data. +1. Attempt to [recover](#data-recovery) missing data. 1. Either [enable writes](#enable-writes-or-accept-data-loss) in the virtual storage or [accept data loss](#enable-writes-or-accept-data-loss) if necessary, depending on the version of GitLab. @@ -1169,17 +1169,6 @@ Virtual storage: default To check a project's repository checksums across on all Gitaly nodes, run the [replicas Rake task](../raketasks/praefect.md#replica-checksums) on the main GitLab node. -### Recover missing data - -The Praefect `reconcile` sub-command can be used to recover unreplicated changes from another replica. -The source must be on a later version than the target storage. - -```shell -sudo /opt/gitlab/embedded/bin/praefect -config /var/opt/gitlab/praefect/config.toml reconcile -virtual -reference -target -f -``` - -Refer to [Gitaly node recovery](#gitaly-node-recovery) section for more details on the `reconcile` sub-command. - ### Enable writes or accept data loss Praefect provides the following subcommands to re-enable writes: @@ -1203,31 +1192,53 @@ Praefect provides the following subcommands to re-enable writes: CAUTION: **Caution:** `accept-dataloss` causes permanent data loss by overwriting other versions of the repository. Data -[recovery efforts](#recover-missing-data) must be performed before using it. +[recovery efforts](#data-recovery) must be performed before using it. -## Gitaly node recovery +## Data recovery -When a secondary Gitaly node fails and is no longer able to replicate changes, it starts -to drift from the primary Gitaly node. If the failed Gitaly node eventually recovers, -it needs to be reconciled with the primary Gitaly node. The primary Gitaly node is considered -the single source of truth for the state of a shard. +If a Gitaly node fails replication jobs for any reason, it ends up hosting outdated versions of +the affected repositories. Praefect provides tools for automatically or manually reconciling +the outdated repositories in order to bring them fully up to date again. -The Praefect `reconcile` sub-command allows for the manual reconciliation between a secondary -Gitaly node and the current primary Gitaly node. +### Automatic reconciliation -Run the following command on the Praefect server after all placeholders -(`` and ``) have been replaced: +> [Introduced](https://gitlab.com/gitlab-org/gitaly/-/issues/2717) in GitLab 13.4. + +Praefect automatically reconciles repositories that are not up to date. By default, this is done every +five minutes. For each outdated repository on a healthy Gitaly node, the Praefect picks a +random, fully up to date replica of the repository on another healthy Gitaly node to replicate from. A +replication job is scheduled only if there are no other replication jobs pending for the target +repository. + +The reconciliation frequency can be changed via the configuration. The value can be any valid +[Go duration value](https://golang.org/pkg/time/#ParseDuration). Values below 0 disable the feature. + +Examples: + +```ruby +praefect['reconciliation_scheduling_interval'] = '5m' # the default value +``` + +```ruby +praefect['reconciliation_scheduling_interval'] = '30s' # reconcile every 30 seconds +``` + +```ruby +praefect['reconciliation_scheduling_interval'] = '0' # disable the feature +``` + +### Manual reconciliation + +The Praefect `reconcile` sub-command allows for the manual reconciliation between two Gitaly nodes. The +command replicates every repository on a later version on the reference storage to the target storage. ```shell -sudo /opt/gitlab/embedded/bin/praefect -config /var/opt/gitlab/praefect/config.toml reconcile -virtual -target +sudo /opt/gitlab/embedded/bin/praefect -config /var/opt/gitlab/praefect/config.toml reconcile -virtual -reference -target -f ``` - Replace the placeholder `` with the virtual storage containing the Gitaly node storage to be checked. -- Replace the placeholder `` with the Gitaly storage name. - -The command will return a list of repositories that were found to be -inconsistent against the current primary. Each of these inconsistencies will -also be logged with an accompanying replication job ID. +- Replace the placeholder `` with the Gitaly storage name containing up to date repositories. +- Replace the placeholder `` with the Gitaly storage name containing outdated repositories. ## Migrate existing repositories to Gitaly Cluster diff --git a/doc/api/search.md b/doc/api/search.md index 4c87a826ca8..532ea0aa3ac 100644 --- a/doc/api/search.md +++ b/doc/api/search.md @@ -397,6 +397,7 @@ GET /groups/:id/search | `id` | integer/string | yes | The ID or [URL-encoded path of the group](README.md#namespaced-path-encoding) owned by the authenticated user | | `scope` | string | yes | The scope to search in | | `search` | string | yes | The search query | +| `state` | string | no | Filtering by state, currently only supported for issues and merge requests. It is ignored for other scopes | Search the expression within the specified scope. Currently these scopes are supported: projects, issues, merge_requests, milestones, users. @@ -741,6 +742,7 @@ GET /projects/:id/search | `scope` | string | yes | The scope to search in | | `search` | string | yes | The search query | | `ref` | string | no | The name of a repository branch or tag to search on. The project's default branch is used by default. This is only applicable for scopes: commits, blobs, and wiki_blobs. | +| `state` | string | no | Filtering by state, currently only supported for issues and merge requests. It is ignored for other scopes | Search the expression within the specified scope. Currently these scopes are supported: issues, merge_requests, milestones, notes, wiki_blobs, commits, blobs, users. diff --git a/doc/ci/caching/index.md b/doc/ci/caching/index.md index 07f784b6534..50f7d5252d8 100644 --- a/doc/ci/caching/index.md +++ b/doc/ci/caching/index.md @@ -60,7 +60,7 @@ Caches: - Are disabled if not defined globally or per job (using `cache:`). - Are available for all jobs in your `.gitlab-ci.yml` if enabled globally. - Can be used in subsequent pipelines by the same job in which the cache was created (if not defined globally). -- Are stored where the Runner is installed **and** uploaded to S3 if [distributed cache is enabled](https://docs.gitlab.com/runner/configuration/autoscale.html#distributed-runners-caching). +- Are stored where GitLab Runner is installed **and** uploaded to S3 if [distributed cache is enabled](https://docs.gitlab.com/runner/configuration/autoscale.html#distributed-runners-caching). - If defined per job, are used: - By the same job in a subsequent pipeline. - By subsequent jobs in the same pipeline, if they have identical dependencies. @@ -80,33 +80,33 @@ can't link to files outside it. ## Good caching practices We have the cache from the perspective of the developers (who consume a cache -within the job) and the cache from the perspective of the Runner. Depending on -which type of Runner you are using, cache can act differently. +within the job) and the cache from the perspective of the runner. Depending on +which type of runner you are using, cache can act differently. From the perspective of the developer, to ensure maximum availability of the cache, when declaring `cache` in your jobs, use one or a mix of the following: -- [Tag your Runners](../runners/README.md#use-tags-to-limit-the-number-of-jobs-using-the-runner) and use the tag on jobs +- [Tag your runners](../runners/README.md#use-tags-to-limit-the-number-of-jobs-using-the-runner) and use the tag on jobs that share their cache. -- [Use sticky Runners](../runners/README.md#prevent-a-specific-runner-from-being-enabled-for-other-projects) +- [Use sticky runners](../runners/README.md#prevent-a-specific-runner-from-being-enabled-for-other-projects) that will be only available to a particular project. - [Use a `key`](../yaml/README.md#cachekey) that fits your workflow (for example, different caches on each branch). For that, you can take advantage of the [CI/CD predefined variables](../variables/README.md#predefined-environment-variables). TIP: **Tip:** -Using the same Runner for your pipeline, is the most simple and efficient way to +Using the same runner for your pipeline, is the most simple and efficient way to cache files in one stage or pipeline, and pass this cache to subsequent stages or pipelines in a guaranteed manner. -From the perspective of the Runner, in order for cache to work effectively, one +From the perspective of the runner, in order for cache to work effectively, one of the following must be true: -- Use a single Runner for all your jobs. -- Use multiple Runners (in autoscale mode or not) that use +- Use a single runner for all your jobs. +- Use multiple runners (in autoscale mode or not) that use [distributed caching](https://docs.gitlab.com/runner/configuration/autoscale.html#distributed-runners-caching), - where the cache is stored in S3 buckets (like shared Runners on GitLab.com). -- Use multiple Runners (not in autoscale mode) of the same architecture that + where the cache is stored in S3 buckets (like shared runners on GitLab.com). +- Use multiple runners (not in autoscale mode) of the same architecture that share a common network-mounted directory (using NFS or something similar) where the cache will be stored. @@ -364,27 +364,27 @@ be prepared to regenerate any cached files in each job that needs them. Assuming you have properly [defined `cache` in `.gitlab-ci.yml`](../yaml/README.md#cache) according to your workflow, the availability of the cache ultimately depends on -how the Runner has been configured (the executor type and whether different -Runners are used for passing the cache between jobs). +how the runner has been configured (the executor type and whether different +runners are used for passing the cache between jobs). ### Where the caches are stored -Since the Runner is the one responsible for storing the cache, it's essential +Since the runner is the one responsible for storing the cache, it's essential to know **where** it's stored. All the cache paths defined under a job in `.gitlab-ci.yml` are archived in a single `cache.zip` file and stored in the -Runner's configured cache location. By default, they are stored locally in the -machine where the Runner is installed and depends on the type of the executor. +runner's configured cache location. By default, they are stored locally in the +machine where the runner is installed and depends on the type of the executor. | GitLab Runner executor | Default path of the cache | | ---------------------- | ------------------------- | | [Shell](https://docs.gitlab.com/runner/executors/shell.html) | Locally, stored under the `gitlab-runner` user's home directory: `/home/gitlab-runner/cache////cache.zip`. | | [Docker](https://docs.gitlab.com/runner/executors/docker.html) | Locally, stored under [Docker volumes](https://docs.gitlab.com/runner/executors/docker.html#the-builds-and-cache-storage): `/var/lib/docker/volumes//_data////cache.zip`. | -| [Docker machine](https://docs.gitlab.com/runner/executors/docker_machine.html) (autoscale Runners) | Behaves the same as the Docker executor. | +| [Docker machine](https://docs.gitlab.com/runner/executors/docker_machine.html) (autoscale runners) | Behaves the same as the Docker executor. | ### How archiving and extracting works In the most simple scenario, consider that you use only one machine where the -Runner is installed, and all jobs of your project run on the same host. +runner is installed, and all jobs of your project run on the same host. Let's see the following example of two jobs that belong to two consecutive stages: @@ -426,17 +426,17 @@ Here's what happens behind the scenes: 1. `after_script` is executed. 1. `cache` runs and the `vendor/` directory is zipped into `cache.zip`. This file is then saved in the directory based on the - [Runner's setting](#where-the-caches-are-stored) and the `cache: key`. + [runner's setting](#where-the-caches-are-stored) and the `cache: key`. 1. `job B` runs. 1. The cache is extracted (if found). 1. `before_script` is executed. 1. `script` is executed. 1. Pipeline finishes. -By using a single Runner on a single machine, you'll not have the issue where -`job B` might execute on a Runner different from `job A`, thus guaranteeing the +By using a single runner on a single machine, you'll not have the issue where +`job B` might execute on a runner different from `job A`, thus guaranteeing the cache between stages. That will only work if the build goes from stage `build` -to `test` in the same Runner/machine, otherwise, you [might not have the cache +to `test` in the same runner/machine, otherwise, you [might not have the cache available](#cache-mismatch). During the caching process, there's also a couple of things to consider: @@ -448,13 +448,13 @@ During the caching process, there's also a couple of things to consider: their cache. - When extracting the cache from `cache.zip`, everything in the zip file is extracted in the job's working directory (usually the repository which is - pulled down), and the Runner doesn't mind if the archive of `job A` overwrites + pulled down), and the runner doesn't mind if the archive of `job A` overwrites things in the archive of `job B`. -The reason why it works this way is because the cache created for one Runner +The reason why it works this way is because the cache created for one runner often will not be valid when used by a different one which can run on a **different architecture** (e.g., when the cache includes binary files). And -since the different steps might be executed by Runners running on different +since the different steps might be executed by runners running on different machines, it is a safe default. ### Cache mismatch @@ -464,17 +464,17 @@ mismatch and a few ideas how to fix it. | Reason of a cache mismatch | How to fix it | | -------------------------- | ------------- | -| You use multiple standalone Runners (not in autoscale mode) attached to one project without a shared cache | Use only one Runner for your project or use multiple Runners with distributed cache enabled | -| You use Runners in autoscale mode without a distributed cache enabled | Configure the autoscale Runner to use a distributed cache | -| The machine the Runner is installed on is low on disk space or, if you've set up distributed cache, the S3 bucket where the cache is stored doesn't have enough space | Make sure you clear some space to allow new caches to be stored. Currently, there's no automatic way to do this. | +| You use multiple standalone runners (not in autoscale mode) attached to one project without a shared cache | Use only one runner for your project or use multiple runners with distributed cache enabled | +| You use runners in autoscale mode without a distributed cache enabled | Configure the autoscale runner to use a distributed cache | +| The machine the runner is installed on is low on disk space or, if you've set up distributed cache, the S3 bucket where the cache is stored doesn't have enough space | Make sure you clear some space to allow new caches to be stored. Currently, there's no automatic way to do this. | | You use the same `key` for jobs where they cache different paths. | Use different cache keys to that the cache archive is stored to a different location and doesn't overwrite wrong caches. | Let's explore some examples. #### Examples -Let's assume you have only one Runner assigned to your project, so the cache -will be stored in the Runner's machine by default. If two jobs, A and B, +Let's assume you have only one runner assigned to your project, so the cache +will be stored in the runner's machine by default. If two jobs, A and B, have the same cache key, but they cache different paths, cache B would overwrite cache A, even if their `paths` don't match: @@ -513,7 +513,7 @@ job B: To fix that, use different `keys` for each job. -In another case, let's assume you have more than one Runners assigned to your +In another case, let's assume you have more than one runner assigned to your project, but the distributed cache is not enabled. The second time the pipeline is run, we want `job A` and `job B` to re-use their cache (which in this case will be different): @@ -542,11 +542,11 @@ job B: In that case, even if the `key` is different (no fear of overwriting), you might experience that the cached files "get cleaned" before each stage if the -jobs run on different Runners in the subsequent pipelines. +jobs run on different runners in the subsequent pipelines. ## Clearing the cache -GitLab Runners use [cache](../yaml/README.md#cache) to speed up the execution +Runners use [cache](../yaml/README.md#cache) to speed up the execution of your jobs by reusing existing data. This however, can sometimes lead to an inconsistent behavior. @@ -565,9 +565,9 @@ If you want to avoid editing `.gitlab-ci.yml`, you can easily clear the cache via GitLab's UI: 1. Navigate to your project's **CI/CD > Pipelines** page. -1. Click on the **Clear Runner caches** button to clean up the cache. +1. Click on the **Clear runner caches** button to clean up the cache. - ![Clear Runners cache](img/clear_runners_cache.png) + ![Clear runner caches](img/clear_runners_cache.png) 1. On the next push, your CI/CD job will use a new cache. diff --git a/doc/ci/unit_test_reports.md b/doc/ci/unit_test_reports.md index d1bb8f11c0f..5a59a175a89 100644 --- a/doc/ci/unit_test_reports.md +++ b/doc/ci/unit_test_reports.md @@ -81,6 +81,8 @@ merge request widget. To make the Unit test report output files browsable, include them with the [`artifacts:paths`](yaml/README.md#artifactspaths) keyword as well, as shown in the [Ruby example](#ruby-example). +To upload the report even if the job fails (for example if the tests do not pass), use the [`artifacts:when:always`](yaml/README.md#artifactswhen) +keyword. NOTE: **Note:** You cannot have multiple tests with the same name and class in your JUnit report format XML file. diff --git a/doc/development/telemetry/usage_ping.md b/doc/development/telemetry/usage_ping.md index 08e862fba5f..2314661e511 100644 --- a/doc/development/telemetry/usage_ping.md +++ b/doc/development/telemetry/usage_ping.md @@ -377,6 +377,56 @@ Recommendations: - Use a [feature flag](../../operations/feature_flags.md) to have a control over the impact when adding new metrics. +##### Known events in usage data payload + +All events added in [`known_events.yml`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/usage_data_counters/known_events.yml) are automatically added to usage data generation under the `redis_hll_counters` key. This column is stored in [version-app as a JSON](https://gitlab.com/gitlab-services/version-gitlab-com/-/blob/master/db/schema.rb#L209). +For each event we add metrics for the weekly and monthly time frames, and totals for each where applicable: + +- `#{event_name}_weekly` data for 7 days for daily [aggregation](#adding-new-events) events and data for last complete week for weekly [aggregation](#adding-new-events) events. +- `#{event_name}_monthly` data for 28 days for daily [aggregation](#adding-new-events) events and data for last 4 complete weeks for weekly [aggregation](#adding-new-events) events. +- `#{category}_total_unique_counts_weekly` total unique counts for events in same category for last 7 days or last complete week, if events are in the same Redis slot and if we have more than one metric. +- `#{event_name}_weekly` - Data for 7 days for daily [aggregation](#adding-new-events) events and data for the last complete week for weekly [aggregation](#adding-new-events) events. +- `#{event_name}_monthly` - Data for 28 days for daily [aggregation](#adding-new-events) events and data for the last 4 complete weeks for weekly [aggregation](#adding-new-events) events. +- `#{category}_total_unique_counts_weekly` - Total unique counts for events in the same category for the last 7 days or the last complete week, if events are in the same Redis slot and we have more than one metric. +- `#{event_name}_weekly`: Data for 7 days for daily [aggregation](#adding-new-events) events and data for last complete week for weekly [aggregation](#adding-new-events) events. +- `#{event_name}_monthly`: Data for 28 days for daily [aggregation](#adding-new-events) events and data for last 4 complete weeks for weekly [aggregation](#adding-new-events) events. +- `#{category}_total_unique_counts_weekly` total unique counts for events in same category for last 7 days or last complete week, if events are in the same Redis slot and if we have more than one metric. +- `#{event_name}_weekly`: Data for 7 days for daily [aggregation](#adding-new-events) events and data for the last complete week for weekly [aggregation](#adding-new-events) events. +- `#{event_name}_monthly`: Data for 28 days for daily [aggregation](#adding-new-events) events and data for the last 4 complete weeks for weekly [aggregation](#adding-new-events) events. +- `#{category}_total_unique_counts_weekly`: Total unique counts for events in the same category for the last 7 days or the last complete week, if events are in the same Redis slot and we have more than one metric. +- `#{category}_total_unique_counts_monthly`: Total unique counts for events in same category for the last 28 days or the last 4 complete weeks, if events are in the same Redis slot and we have more than one metric. + +Example of `redis_hll_counters` data: + +```ruby +{:redis_hll_counters=> + {"compliance"=> + {"g_compliance_dashboard_weekly"=>0, + "g_compliance_dashboard_monthly"=>0, + "g_compliance_audit_events_weekly"=>0, + "g_compliance_audit_events_monthly"=>0, + "compliance_total_unique_counts_weekly"=>0, + "compliance_total_unique_counts_monthly"=>0}, + "analytics"=> + {"g_analytics_contribution_weekly"=>0, + "g_analytics_contribution_monthly"=>0, + "g_analytics_insights_weekly"=>0, + "g_analytics_insights_monthly"=>0, + "analytics_total_unique_counts_weekly"=>0, + "analytics_total_unique_counts_monthly"=>0}, + "ide_edit"=> + {"g_edit_by_web_ide_weekly"=>0, + "g_edit_by_web_ide_monthly"=>0, + "g_edit_by_sfe_weekly"=>0, + "g_edit_by_sfe_monthly"=>0, + "ide_edit_total_unique_counts_weekly"=>0, + "ide_edit_total_unique_counts_monthly"=>0}, + "search"=> + {"i_search_total_weekly"=>0, "i_search_total_monthly"=>0, "i_search_advanced_weekly"=>0, "i_search_advanced_monthly"=>0, "i_search_paid_weekly"=>0, "i_search_paid_monthly"=>0, "search_total_unique_counts_weekly"=>0, "search_total_unique_counts_monthly"=>0}, + "source_code"=>{"wiki_action_weekly"=>0, "wiki_action_monthly"=>0} + } +``` + Example usage: ```ruby diff --git a/doc/user/application_security/container_scanning/index.md b/doc/user/application_security/container_scanning/index.md index 84311b86afa..85d7e56ea5d 100644 --- a/doc/user/application_security/container_scanning/index.md +++ b/doc/user/application_security/container_scanning/index.md @@ -42,10 +42,10 @@ information directly in the merge request. To enable Container Scanning in your pipeline, you need the following: -- [GitLab Runner](https://docs.gitlab.com/runner/) with the [Docker](https://docs.gitlab.com/runner/executors/docker.html) - or [Kubernetes](https://docs.gitlab.com/runner/install/kubernetes.html) executor. -- Docker `18.09.03` or higher installed on the same computer as the Runner. If you're using the - shared Runners on GitLab.com, then this is already the case. +- [GitLab Runner](https://docs.gitlab.com/runner/) with the [`docker`](https://docs.gitlab.com/runner/executors/docker.html) + or [`kubernetes`](https://docs.gitlab.com/runner/install/kubernetes.html) executor. +- Docker `18.09.03` or higher installed on the same computer as the runner. If you're using the + shared runners on GitLab.com, then this is already the case. - [Build and push](../../packages/container_registry/index.md#container-registry-examples-with-gitlab-cicd) your Docker image to your project's container registry. The name of the Docker image should use the following [predefined environment variables](../../../ci/variables/predefined_variables.md): @@ -221,8 +221,8 @@ To use Container Scanning in an offline environment, you need: NOTE: **Note:** GitLab Runner has a [default `pull policy` of `always`](https://docs.gitlab.com/runner/executors/docker.html#using-the-always-pull-policy), -meaning the Runner tries to pull Docker images from the GitLab container registry even if a local -copy is available. GitLab Runner's [`pull_policy` can be set to `if-not-present`](https://docs.gitlab.com/runner/executors/docker.html#using-the-if-not-present-pull-policy) +meaning the runner tries to pull Docker images from the GitLab container registry even if a local +copy is available. The GitLab Runner [`pull_policy` can be set to `if-not-present`](https://docs.gitlab.com/runner/executors/docker.html#using-the-if-not-present-pull-policy) in an offline environment if you prefer using only locally available Docker images. However, we recommend keeping the pull policy setting to `always` if not in an offline environment, as this enables the use of updated scanners in your CI/CD pipelines. @@ -421,7 +421,7 @@ Read more about the [solutions for vulnerabilities](../index.md#solutions-for-vu ### `docker: Error response from daemon: failed to copy xattrs` -When the GitLab Runner uses the Docker executor and NFS is used +When the runner uses the `docker` executor and NFS is used (for example, `/var/lib/docker` is on an NFS mount), Container Scanning might fail with an error like the following: @@ -430,6 +430,6 @@ docker: Error response from daemon: failed to copy xattrs: failed to set xattr " ``` This is a result of a bug in Docker which is now [fixed](https://github.com/containerd/continuity/pull/138 "fs: add WithAllowXAttrErrors CopyOpt"). -To prevent the error, ensure the Docker version that the Runner is using is +To prevent the error, ensure the Docker version that the runner is using is `18.09.03` or higher. For more information, see [issue #10241](https://gitlab.com/gitlab-org/gitlab/-/issues/10241 "Investigate why Container Scanning is not working with NFS mounts"). diff --git a/doc/user/application_security/dast/index.md b/doc/user/application_security/dast/index.md index 13dc001220c..960f7053106 100644 --- a/doc/user/application_security/dast/index.md +++ b/doc/user/application_security/dast/index.md @@ -566,8 +566,8 @@ To use DAST in an offline environment, you need: NOTE: **Note:** GitLab Runner has a [default `pull policy` of `always`](https://docs.gitlab.com/runner/executors/docker.html#using-the-always-pull-policy), -meaning the Runner tries to pull Docker images from the GitLab container registry even if a local -copy is available. GitLab Runner's [`pull_policy` can be set to `if-not-present`](https://docs.gitlab.com/runner/executors/docker.html#using-the-if-not-present-pull-policy) +meaning the runner tries to pull Docker images from the GitLab container registry even if a local +copy is available. The GitLab Runner [`pull_policy` can be set to `if-not-present`](https://docs.gitlab.com/runner/executors/docker.html#using-the-if-not-present-pull-policy) in an offline environment if you prefer using only locally available Docker images. However, we recommend keeping the pull policy setting to `always` if not in an offline environment, as this enables the use of updated scanners in your CI/CD pipelines. diff --git a/doc/user/application_security/dependency_scanning/index.md b/doc/user/application_security/dependency_scanning/index.md index a39fbd43167..5cce336d04c 100644 --- a/doc/user/application_security/dependency_scanning/index.md +++ b/doc/user/application_security/dependency_scanning/index.md @@ -43,10 +43,10 @@ The results are sorted by the severity of the vulnerability: To run Dependency Scanning jobs, by default, you need GitLab Runner with the [`docker`](https://docs.gitlab.com/runner/executors/docker.html) or [`kubernetes`](https://docs.gitlab.com/runner/install/kubernetes.html) executor. -If you're using the shared Runners on GitLab.com, this is enabled by default. +If you're using the shared runners on GitLab.com, this is enabled by default. CAUTION: **Caution:** -If you use your own Runners, make sure your installed version of Docker +If you use your own runners, make sure your installed version of Docker is **not** `19.03.0`. See [troubleshooting information](#error-response-from-daemon-error-processing-tar-file-docker-tar-relocation-error) for details. ## Supported languages and package managers @@ -362,8 +362,8 @@ Here are the requirements for using Dependency Scanning in an offline environmen NOTE: **Note:** GitLab Runner has a [default `pull policy` of `always`](https://docs.gitlab.com/runner/executors/docker.html#using-the-always-pull-policy), -meaning the Runner tries to pull Docker images from the GitLab container registry even if a local -copy is available. GitLab Runner's [`pull_policy` can be set to `if-not-present`](https://docs.gitlab.com/runner/executors/docker.html#using-the-if-not-present-pull-policy) +meaning the runner tries to pull Docker images from the GitLab container registry even if a local +copy is available. The GitLab Runner [`pull_policy` can be set to `if-not-present`](https://docs.gitlab.com/runner/executors/docker.html#using-the-if-not-present-pull-policy) in an offline environment if you prefer using only locally available Docker images. However, we recommend keeping the pull policy setting to `always` if not in an offline environment, as this enables the use of updated scanners in your CI/CD pipelines. diff --git a/doc/user/application_security/offline_deployments/index.md b/doc/user/application_security/offline_deployments/index.md index a5cf93f9448..ea7c5e23d2a 100644 --- a/doc/user/application_security/offline_deployments/index.md +++ b/doc/user/application_security/offline_deployments/index.md @@ -96,7 +96,7 @@ above. You can find more information at each of the pages below: To use many GitLab features, including [security scans](../index.md#working-in-an-offline-environment) -and [Auto DevOps](../../../topics/autodevops/index.md), the GitLab Runner must be able to fetch the +and [Auto DevOps](../../../topics/autodevops/index.md), the runner must be able to fetch the relevant Docker images. The process for making these images available without direct access to the public internet @@ -124,7 +124,7 @@ The pipeline downloads the Docker images needed for the Security Scanners and sa [job artifacts](../../../ci/pipelines/job_artifacts.md) or pushes them to the [Container Registry](../../packages/container_registry/index.md) of the project where the pipeline is executed. These archives can be transferred to another location and [loaded](https://docs.docker.com/engine/reference/commandline/load/) in a Docker daemon. -This method requires a GitLab Runner with access to both `gitlab.com` (including +This method requires a runner with access to both `gitlab.com` (including `registry.gitlab.com`) and the local offline instance. This runner must run in [privileged mode](https://docs.gitlab.com/runner/executors/docker.html#use-docker-in-docker-with-privileged-mode) to be able to use the `docker` command inside the jobs. This runner can be installed in a DMZ or on diff --git a/doc/user/application_security/sast/index.md b/doc/user/application_security/sast/index.md index 2b717157259..a4fc3c9e638 100644 --- a/doc/user/application_security/sast/index.md +++ b/doc/user/application_security/sast/index.md @@ -43,16 +43,16 @@ A pipeline consists of multiple jobs, including SAST and DAST scanning. If any j ## Requirements -To run SAST jobs, by default, you need a GitLab Runner with the +To run SAST jobs, by default, you need GitLab Runner with the [`docker`](https://docs.gitlab.com/runner/executors/docker.html) or [`kubernetes`](https://docs.gitlab.com/runner/install/kubernetes.html) executor. -If you're using the shared Runners on GitLab.com, this is enabled by default. +If you're using the shared runners on GitLab.com, this is enabled by default. CAUTION: **Caution:** Our SAST jobs require a Linux container type. Windows containers are not yet supported. CAUTION: **Caution:** -If you use your own Runners, make sure the Docker version installed +If you use your own runners, make sure the Docker version installed is **not** `19.03.0`. See [troubleshooting information](#error-response-from-daemon-error-processing-tar-file-docker-tar-relocation-error) for details. ## Supported languages and frameworks @@ -476,14 +476,14 @@ run successfully. For more information, see [Offline environments](../offline_de To use SAST in an offline environment, you need: -- A GitLab Runner with the [`docker` or `kubernetes` executor](#requirements). +- GitLab Runner with the [`docker` or `kubernetes` executor](#requirements). - A Docker Container Registry with locally available copies of SAST [analyzer](https://gitlab.com/gitlab-org/security-products/analyzers) images. - Configure certificate checking of packages (optional). NOTE: **Note:** GitLab Runner has a [default `pull policy` of `always`](https://docs.gitlab.com/runner/executors/docker.html#using-the-always-pull-policy), -meaning the Runner tries to pull Docker images from the GitLab container registry even if a local -copy is available. GitLab Runner's [`pull_policy` can be set to `if-not-present`](https://docs.gitlab.com/runner/executors/docker.html#using-the-if-not-present-pull-policy) +meaning the runner tries to pull Docker images from the GitLab container registry even if a local +copy is available. The GitLab Runner [`pull_policy` can be set to `if-not-present`](https://docs.gitlab.com/runner/executors/docker.html#using-the-if-not-present-pull-policy) in an offline environment if you prefer using only locally available Docker images. However, we recommend keeping the pull policy setting to `always` if not in an offline environment, as this enables the use of updated scanners in your CI/CD pipelines. diff --git a/doc/user/application_security/secret_detection/index.md b/doc/user/application_security/secret_detection/index.md index 1089bbfc8c8..f3e411cdc16 100644 --- a/doc/user/application_security/secret_detection/index.md +++ b/doc/user/application_security/secret_detection/index.md @@ -37,13 +37,13 @@ GitLab displays identified secrets visibly in a few places: To run Secret Detection jobs, by default, you need GitLab Runner with the [`docker`](https://docs.gitlab.com/runner/executors/docker.html) or [`kubernetes`](https://docs.gitlab.com/runner/install/kubernetes.html) executor. -If you're using the shared Runners on GitLab.com, this is enabled by default. +If you're using the shared runners on GitLab.com, this is enabled by default. CAUTION: **Caution:** Our Secret Detection jobs currently expect a Linux container type. Windows containers are not yet supported. CAUTION: **Caution:** -If you use your own Runners, make sure the Docker version installed +If you use your own runners, make sure the Docker version installed is **not** `19.03.0`. See [troubleshooting information](../sast#error-response-from-daemon-error-processing-tar-file-docker-tar-relocation-error) for details. ### Making Secret Detection available to all GitLab tiers diff --git a/doc/user/application_security/security_dashboard/index.md b/doc/user/application_security/security_dashboard/index.md index 07b4eef906f..51d9b4f45cd 100644 --- a/doc/user/application_security/security_dashboard/index.md +++ b/doc/user/application_security/security_dashboard/index.md @@ -35,7 +35,7 @@ To use the instance, group, project, or pipeline security dashboard: the [supported reports](#supported-reports). 1. The configured jobs must use the [new `reports` syntax](../../../ci/pipelines/job_artifacts.md#artifactsreports). 1. [GitLab Runner](https://docs.gitlab.com/runner/) 11.5 or newer must be used. - If you're using the shared Runners on GitLab.com, this is already the case. + If you're using the shared runners on GitLab.com, this is already the case. ## Pipeline Security diff --git a/doc/user/compliance/license_compliance/index.md b/doc/user/compliance/license_compliance/index.md index d51b6484fd9..79c2d97b972 100644 --- a/doc/user/compliance/license_compliance/index.md +++ b/doc/user/compliance/license_compliance/index.md @@ -616,8 +616,8 @@ To use License Compliance in an offline environment, you need: NOTE: **Note:** GitLab Runner has a [default `pull policy` of `always`](https://docs.gitlab.com/runner/executors/docker.html#using-the-always-pull-policy), -meaning the Runner tries to pull Docker images from the GitLab container registry even if a local -copy is available. GitLab Runner's [`pull_policy` can be set to `if-not-present`](https://docs.gitlab.com/runner/executors/docker.html#using-the-if-not-present-pull-policy) +meaning the runner tries to pull Docker images from the GitLab container registry even if a local +copy is available. The GitLab Runner [`pull_policy` can be set to `if-not-present`](https://docs.gitlab.com/runner/executors/docker.html#using-the-if-not-present-pull-policy) in an offline environment if you prefer using only locally available Docker images. However, we recommend keeping the pull policy setting to `always` if not in an offline environment, as this enables the use of updated scanners in your CI/CD pipelines. diff --git a/doc/user/markdown.md b/doc/user/markdown.md index 12d65f75b37..5822c728e08 100644 --- a/doc/user/markdown.md +++ b/doc/user/markdown.md @@ -438,6 +438,11 @@ GFM recognizes the following: | commit range comparison | `9ba12248...b19a04f5` | `namespace/project@9ba12248...b19a04f5` | `project@9ba12248...b19a04f5` | | repository file references | `[README](doc/README)` | | | | repository file line references | `[README](doc/README#L13)` | | | +| [alert](../operations/incident_management/alerts.md) | `^alert#123` | `namespace/project^alert#123` | `project^alert#123` | + +For example, referencing an issue by using `#123` will format the output as a link +to issue number 123 with text `#123`. Likewise, a link to issue number 123 will be +recognized and formatted with text `#123`. In addition to this, links to some objects are also recognized and formatted. Some examples of these are: diff --git a/doc/user/project/deploy_boards.md b/doc/user/project/deploy_boards.md index d692343196e..8146f39ef87 100644 --- a/doc/user/project/deploy_boards.md +++ b/doc/user/project/deploy_boards.md @@ -81,8 +81,8 @@ To display the Deploy Boards for a specific [environment](../../ci/environments/ [OpenShift docs](https://docs.openshift.com/container-platform/3.7/dev_guide/deployments/kubernetes_deployments.html#kubernetes-deployments-vs-deployment-configurations) and [GitLab issue #4584](https://gitlab.com/gitlab-org/gitlab/-/issues/4584). -1. [Configure GitLab Runner](../../ci/runners/README.md) with the [Docker](https://docs.gitlab.com/runner/executors/docker.html) or - [Kubernetes](https://docs.gitlab.com/runner/executors/kubernetes.html) executor. +1. [Configure GitLab Runner](../../ci/runners/README.md) with the [`docker`](https://docs.gitlab.com/runner/executors/docker.html) or + [`kubernetes`](https://docs.gitlab.com/runner/executors/kubernetes.html) executor. 1. Configure the [Kubernetes integration](clusters/index.md) in your project for the cluster. The Kubernetes namespace is of particular note as you will need it for your deployment scripts (exposed by the `KUBE_NAMESPACE` env variable). diff --git a/doc/user/project/web_ide/index.md b/doc/user/project/web_ide/index.md index d79e5a184ff..d31e42e270e 100644 --- a/doc/user/project/web_ide/index.md +++ b/doc/user/project/web_ide/index.md @@ -236,12 +236,12 @@ below. CAUTION: **Warning:** Interactive Web Terminals for the Web IDE is currently in **Beta**. -Shared Runners [do not yet support Interactive Web Terminals](https://gitlab.com/gitlab-org/gitlab/-/issues/24674), -so you would need to use your own private Runner(s) to make use of this feature. +Shared runners [do not yet support Interactive Web Terminals](https://gitlab.com/gitlab-org/gitlab/-/issues/24674), +so you would need to use your own private runner to make use of this feature. [Interactive Web Terminals](../../../ci/interactive_web_terminal/index.md) give the project [Maintainers](../../permissions.md#project-members-permissions) -user access to a terminal to interact with the Runner directly from +user access to a terminal to interact with the runner directly from GitLab, including through the Web IDE. ### Runner configuration @@ -249,7 +249,7 @@ GitLab, including through the Web IDE. Some things need to be configured in the runner for the interactive web terminal to work: -- The Runner needs to have +- The runner needs to have [`[session_server]` configured properly](https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-session_server-section). This section requires at least a `session_timeout` value (which defaults to 1800 seconds) and a `listen_address` value. If `advertise_address` is not defined, `listen_address` is used. @@ -346,7 +346,7 @@ environment. NOTE: **Note:** Only file changes in the Web IDE are synced to the terminal. Changes made in the terminal are **not** synced to the Web IDE. -This feature is only available for Kubernetes Runners. +This feature is only available for Kubernetes runners. To enable file syncing to the web terminal, the `.gitlab/.gitlab-webide.yml` file needs to have a `webide-file-sync` service configured. Here is an example @@ -373,7 +373,7 @@ terminal: more information. - `$CI_PROJECT_DIR` is a [predefined environment variable](../../../ci/variables/predefined_variables.md) - for GitLab Runners. This is where your project's repository will be. + for GitLab Runner. This is where your project's repository will be. Once you have configured the web terminal for file syncing, then when the web terminal is started, a **Terminal** status will be visible in the status bar. diff --git a/lib/api/helpers/search_helpers.rb b/lib/api/helpers/search_helpers.rb index 936684ea1f8..cb5f92fa62a 100644 --- a/lib/api/helpers/search_helpers.rb +++ b/lib/api/helpers/search_helpers.rb @@ -17,6 +17,10 @@ module API # This is a separate method so that EE can redefine it. %w(issues merge_requests milestones notes wiki_blobs commits blobs users) end + + def self.search_states + %w(all opened closed merged) + end end end end diff --git a/lib/api/search.rb b/lib/api/search.rb index 53095e0b81a..b9c6a823f4f 100644 --- a/lib/api/search.rb +++ b/lib/api/search.rb @@ -32,6 +32,7 @@ module API search_params = { scope: params[:scope], search: params[:search], + state: params[:state], snippets: snippets?, page: params[:page], per_page: params[:per_page] @@ -79,6 +80,7 @@ module API type: String, desc: 'The scope of the search', values: Helpers::SearchHelpers.global_search_scopes + optional :state, type: String, desc: 'Filter results by state', values: Helpers::SearchHelpers.search_states use :pagination end get do @@ -100,6 +102,7 @@ module API type: String, desc: 'The scope of the search', values: Helpers::SearchHelpers.group_search_scopes + optional :state, type: String, desc: 'Filter results by state', values: Helpers::SearchHelpers.search_states use :pagination end get ':id/(-/)search' do @@ -122,6 +125,7 @@ module API desc: 'The scope of the search', values: Helpers::SearchHelpers.project_search_scopes optional :ref, type: String, desc: 'The name of a repository branch or tag. If not given, the default branch is used' + optional :state, type: String, desc: 'Filter results by state', values: Helpers::SearchHelpers.search_states use :pagination end get ':id/(-/)search' do diff --git a/lib/banzai/filter/alert_reference_filter.rb b/lib/banzai/filter/alert_reference_filter.rb new file mode 100644 index 00000000000..228a4159c99 --- /dev/null +++ b/lib/banzai/filter/alert_reference_filter.rb @@ -0,0 +1,29 @@ +# frozen_string_literal: true + +module Banzai + module Filter + class AlertReferenceFilter < IssuableReferenceFilter + self.reference_type = :alert + + def self.object_class + AlertManagement::Alert + end + + def self.object_sym + :alert + end + + def parent_records(parent, ids) + parent.alert_management_alerts.where(iid: ids.to_a) + end + + def url_for_object(alert, project) + ::Gitlab::Routing.url_helpers.details_project_alert_management_url( + project, + alert.iid, + only_path: context[:only_path] + ) + end + end + end +end diff --git a/lib/banzai/pipeline/gfm_pipeline.rb b/lib/banzai/pipeline/gfm_pipeline.rb index 0d6f36cd6e9..7057ac9d707 100644 --- a/lib/banzai/pipeline/gfm_pipeline.rb +++ b/lib/banzai/pipeline/gfm_pipeline.rb @@ -59,7 +59,8 @@ module Banzai Filter::CommitRangeReferenceFilter, Filter::CommitReferenceFilter, Filter::LabelReferenceFilter, - Filter::MilestoneReferenceFilter + Filter::MilestoneReferenceFilter, + Filter::AlertReferenceFilter ] end diff --git a/lib/banzai/pipeline/single_line_pipeline.rb b/lib/banzai/pipeline/single_line_pipeline.rb index b06cb907025..a2fe6d52a90 100644 --- a/lib/banzai/pipeline/single_line_pipeline.rb +++ b/lib/banzai/pipeline/single_line_pipeline.rb @@ -23,7 +23,8 @@ module Banzai Filter::MergeRequestReferenceFilter, Filter::SnippetReferenceFilter, Filter::CommitRangeReferenceFilter, - Filter::CommitReferenceFilter + Filter::CommitReferenceFilter, + Filter::AlertReferenceFilter ] end diff --git a/lib/banzai/reference_parser/alert_parser.rb b/lib/banzai/reference_parser/alert_parser.rb new file mode 100644 index 00000000000..7b864d26f67 --- /dev/null +++ b/lib/banzai/reference_parser/alert_parser.rb @@ -0,0 +1,19 @@ +# frozen_string_literal: true + +module Banzai + module ReferenceParser + class AlertParser < BaseParser + self.reference_type = :alert + + def references_relation + AlertManagement::Alert + end + + private + + def can_read_reference?(user, alert, node) + can?(user, :read_alert_management_alert, alert) + end + end + end +end diff --git a/locale/gitlab.pot b/locale/gitlab.pot index f43e2466afc..668e833072b 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -8,8 +8,6 @@ msgid "" msgstr "" "Project-Id-Version: gitlab 1.0.0\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2020-09-11 14:23+1000\n" -"PO-Revision-Date: 2020-09-11 14:23+1000\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" diff --git a/rubocop/cop/gitlab/bulk_insert.rb b/rubocop/cop/gitlab/bulk_insert.rb index c03ffbe0b2a..83d879ddf44 100644 --- a/rubocop/cop/gitlab/bulk_insert.rb +++ b/rubocop/cop/gitlab/bulk_insert.rb @@ -9,7 +9,7 @@ module RuboCop MSG = 'Use the `BulkInsertSafe` concern, instead of using `Gitlab::Database.bulk_insert`. See https://docs.gitlab.com/ee/development/insert_into_tables_in_batches.html' def_node_matcher :raw_union?, <<~PATTERN - (send (const (const nil? :Gitlab) :Database) :bulk_insert ...) + (send (const (const _ :Gitlab) :Database) :bulk_insert ...) PATTERN def on_send(node) diff --git a/spec/features/markdown/markdown_spec.rb b/spec/features/markdown/markdown_spec.rb index d9d3f566bce..151ef76e884 100644 --- a/spec/features/markdown/markdown_spec.rb +++ b/spec/features/markdown/markdown_spec.rb @@ -247,6 +247,7 @@ RSpec.describe 'GitLab Markdown', :aggregate_failures do expect(doc).to reference_commits expect(doc).to reference_labels expect(doc).to reference_milestones + expect(doc).to reference_alerts end aggregate_failures 'TaskListFilter' do diff --git a/spec/fixtures/markdown.md.erb b/spec/fixtures/markdown.md.erb index 59795c835a2..aff4b1aae23 100644 --- a/spec/fixtures/markdown.md.erb +++ b/spec/fixtures/markdown.md.erb @@ -245,6 +245,15 @@ References should be parseable even inside _<%= merge_request.to_reference %>_ e - Group milestone by name in quotes: <%= group_milestone.to_reference(format: :name) %> - Group milestone by URL is ignore: <%= urls.milestone_url(group_milestone) %> +##### AlertReferenceFilter +- Alert: <%= alert.to_reference %> +- Alert in another project: <%= xalert.to_reference(project) %> +- Ignored in code: `<%= alert.to_reference %>` +- Ignored in links: [Link to <%= alert.to_reference %>](#alert-link) +- Alert by URL: <%= alert.details_url %> +- Link to alert by reference: [Alert](<%= alert.to_reference %>) +- Link to alert by URL: [Alert](<%= alert.details_url %>) + ### Task Lists - [ ] Incomplete task 1 diff --git a/spec/lib/banzai/filter/alert_reference_filter_spec.rb b/spec/lib/banzai/filter/alert_reference_filter_spec.rb new file mode 100644 index 00000000000..c57a8a7321c --- /dev/null +++ b/spec/lib/banzai/filter/alert_reference_filter_spec.rb @@ -0,0 +1,223 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Banzai::Filter::AlertReferenceFilter do + include FilterSpecHelper + + let_it_be(:project) { create(:project, :public) } + let_it_be(:alert) { create(:alert_management_alert, project: project) } + let_it_be(:reference) { alert.to_reference } + + it 'requires project context' do + expect { described_class.call('') }.to raise_error(ArgumentError, /:project/) + end + + %w(pre code a style).each do |elem| + it "ignores valid references contained inside '#{elem}' element" do + exp = act = "<#{elem}>Alert #{reference}" + + expect(reference_filter(act).to_html).to eq exp + end + end + + context 'internal reference' do + it 'links to a valid reference' do + doc = reference_filter("See #{reference}") + + expect(doc.css('a').first.attr('href')).to eq alert.details_url + end + + it 'links with adjacent text' do + doc = reference_filter("Alert (#{reference}.)") + + expect(doc.to_html).to match(%r{\(#{Regexp.escape(reference)}\.\)}) + end + + it 'ignores invalid alert IDs' do + exp = act = "Alert #{invalidate_reference(reference)}" + + expect(reference_filter(act).to_html).to eq exp + end + + it 'includes a title attribute' do + doc = reference_filter("Alert #{reference}") + + expect(doc.css('a').first.attr('title')).to eq alert.title + end + + it 'escapes the title attribute' do + allow(alert).to receive(:title).and_return(%{">whatever#{Regexp.escape(alert.to_reference(project))}\.\)}) + end + + it 'ignores invalid alert IDs on the referenced project' do + act = "See #{invalidate_reference(reference)}" + + expect(reference_filter(act).to_html).to match(%r{#{Regexp.escape(invalidate_reference(reference))}}) + end + end + + context 'group context' do + let_it_be(:group) { create(:group) } + + it 'links to a valid reference' do + reference = "#{project.full_path}^alert##{alert.iid}" + result = reference_filter("See #{reference}", { project: nil, group: group } ) + + expect(result.css('a').first.attr('href')).to eq(alert.details_url) + end + + it 'ignores internal references' do + exp = act = "See ^alert##{alert.iid}" + + expect(reference_filter(act, project: nil, group: group).to_html).to eq exp + end + end +end diff --git a/spec/lib/banzai/reference_parser/alert_parser_spec.rb b/spec/lib/banzai/reference_parser/alert_parser_spec.rb new file mode 100644 index 00000000000..0a9499fe6e4 --- /dev/null +++ b/spec/lib/banzai/reference_parser/alert_parser_spec.rb @@ -0,0 +1,49 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Banzai::ReferenceParser::AlertParser do + include ReferenceParserHelpers + + let(:project) { create(:project, :public) } + let(:user) { create(:user) } + let(:alert) { create(:alert_management_alert, project: project) } + + subject { described_class.new(Banzai::RenderContext.new(project, user)) } + + let(:link) { empty_html_link } + + describe '#nodes_visible_to_user' do + context 'when the link has a data-issue attribute' do + before do + link['data-alert'] = alert.id.to_s + end + + it_behaves_like "referenced feature visibility", "issues", "merge_requests" do + before do + project.add_developer(user) if enable_user? + end + end + end + end + + describe '#referenced_by' do + describe 'when the link has a data-alert attribute' do + context 'using an existing alert ID' do + it 'returns an Array of alerts' do + link['data-alert'] = alert.id.to_s + + expect(subject.referenced_by([link])).to eq([alert]) + end + end + + context 'using a non-existing alert ID' do + it 'returns an empty Array' do + link['data-alert'] = '' + + expect(subject.referenced_by([link])).to eq([]) + end + end + end + end +end diff --git a/spec/models/alert_management/alert_spec.rb b/spec/models/alert_management/alert_spec.rb index 87aeb3d78c0..71211b38418 100644 --- a/spec/models/alert_management/alert_spec.rb +++ b/spec/models/alert_management/alert_spec.rb @@ -332,8 +332,39 @@ RSpec.describe AlertManagement::Alert do end end + describe '.reference_pattern' do + subject { described_class.reference_pattern } + + it { is_expected.to match('gitlab-org/gitlab^alert#123') } + end + + describe '.link_reference_pattern' do + subject { described_class.link_reference_pattern } + + it { is_expected.to match(triggered_alert.details_url) } + it { is_expected.not_to match("#{Gitlab.config.gitlab.url}/gitlab-org/gitlab/alert_management/123") } + it { is_expected.not_to match("#{Gitlab.config.gitlab.url}/gitlab-org/gitlab/issues/123") } + it { is_expected.not_to match("gitlab-org/gitlab/-/alert_management/123") } + end + + describe '.reference_valid?' do + using RSpec::Parameterized::TableSyntax + + where(:ref, :result) do + '123456' | true + '1' | true + '-1' | false + nil | false + '123456891012345678901234567890' | false + end + + with_them do + it { expect(described_class.reference_valid?(ref)).to eq(result) } + end + end + describe '#to_reference' do - it { expect(triggered_alert.to_reference).to eq('') } + it { expect(triggered_alert.to_reference).to eq("^alert##{triggered_alert.iid}") } end describe '#trigger' do diff --git a/spec/models/authentication_event_spec.rb b/spec/models/authentication_event_spec.rb new file mode 100644 index 00000000000..56b0111f2c7 --- /dev/null +++ b/spec/models/authentication_event_spec.rb @@ -0,0 +1,15 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe AuthenticationEvent do + describe 'associations' do + it { is_expected.to belong_to(:user).optional } + end + + describe 'validations' do + it { is_expected.to validate_presence_of(:provider) } + it { is_expected.to validate_presence_of(:user_name) } + it { is_expected.to validate_presence_of(:result) } + end +end diff --git a/spec/requests/api/search_spec.rb b/spec/requests/api/search_spec.rb index 1a93be98a67..af6731f3015 100644 --- a/spec/requests/api/search_spec.rb +++ b/spec/requests/api/search_spec.rb @@ -47,6 +47,17 @@ RSpec.describe API::Search do end end + shared_examples 'filter by state' do |scope:, search:| + it 'respects scope filtering' do + get api(endpoint, user), params: { scope: scope, search: search, state: state } + + documents = Gitlab::Json.parse(response.body) + + expect(documents.count).to eq(1) + expect(documents.first['state']).to eq(state) + end + end + describe 'GET /search' do let(:endpoint) { '/search' } @@ -88,42 +99,84 @@ RSpec.describe API::Search do end context 'for issues scope' do - before do - create(:issue, project: project, title: 'awesome issue') - - get api(endpoint, user), params: { scope: 'issues', search: 'awesome' } - end - - it_behaves_like 'response is correct', schema: 'public_api/v4/issues' - - it_behaves_like 'ping counters', scope: :issues - - describe 'pagination' do + context 'without filtering by state' do before do - create(:issue, project: project, title: 'another issue') + create(:issue, project: project, title: 'awesome issue') + + get api(endpoint, user), params: { scope: 'issues', search: 'awesome' } end - include_examples 'pagination', scope: :issues + it_behaves_like 'response is correct', schema: 'public_api/v4/issues' + + it_behaves_like 'ping counters', scope: :issues + + describe 'pagination' do + before do + create(:issue, project: project, title: 'another issue') + end + + include_examples 'pagination', scope: :issues + end + end + + context 'filter by state' do + before do + create(:issue, project: project, title: 'awesome opened issue') + create(:issue, :closed, project: project, title: 'awesome closed issue') + end + + context 'state: opened' do + let(:state) { 'opened' } + + include_examples 'filter by state', scope: :issues, search: 'awesome' + end + + context 'state: closed' do + let(:state) { 'closed' } + + include_examples 'filter by state', scope: :issues, search: 'awesome' + end end end context 'for merge_requests scope' do - before do - create(:merge_request, source_project: repo_project, title: 'awesome mr') - - get api(endpoint, user), params: { scope: 'merge_requests', search: 'awesome' } - end - - it_behaves_like 'response is correct', schema: 'public_api/v4/merge_requests' - - it_behaves_like 'ping counters', scope: :merge_requests - - describe 'pagination' do + context 'without filtering by state' do before do - create(:merge_request, source_project: repo_project, title: 'another mr', target_branch: 'another_branch') + create(:merge_request, source_project: repo_project, title: 'awesome mr') + + get api(endpoint, user), params: { scope: 'merge_requests', search: 'awesome' } end - include_examples 'pagination', scope: :merge_requests + it_behaves_like 'response is correct', schema: 'public_api/v4/merge_requests' + + it_behaves_like 'ping counters', scope: :merge_requests + + describe 'pagination' do + before do + create(:merge_request, source_project: repo_project, title: 'another mr', target_branch: 'another_branch') + end + + include_examples 'pagination', scope: :merge_requests + end + end + + context 'filter by state' do + before do + create(:merge_request, source_project: project, title: 'awesome opened mr') + create(:merge_request, :closed, project: project, title: 'awesome closed mr') + end + + context 'state: opened' do + let(:state) { 'opened' } + + include_examples 'filter by state', scope: :merge_requests, search: 'awesome' + end + + context 'state: closed' do + let(:state) { 'closed' } + + include_examples 'filter by state', scope: :merge_requests, search: 'awesome' + end end end diff --git a/spec/rubocop/cop/gitlab/bulk_insert_spec.rb b/spec/rubocop/cop/gitlab/bulk_insert_spec.rb index 2766e4f1982..d1236865897 100644 --- a/spec/rubocop/cop/gitlab/bulk_insert_spec.rb +++ b/spec/rubocop/cop/gitlab/bulk_insert_spec.rb @@ -13,7 +13,14 @@ RSpec.describe RuboCop::Cop::Gitlab::BulkInsert, type: :rubocop do it 'flags the use of Gitlab::Database.bulk_insert' do expect_offense(<<~SOURCE) Gitlab::Database.bulk_insert('merge_request_diff_files', rows) - ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Use the `BulkInsertSafe` concern, instead of using `Gitlab::Database.bulk_insert`. See https://docs.gitlab.com/ee/development/insert_into_tables_in_batches.html + ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ #{RuboCop::Cop::Gitlab::BulkInsert::MSG} + SOURCE + end + + it 'flags the use of ::Gitlab::Database.bulk_insert' do + expect_offense(<<~SOURCE) + ::Gitlab::Database.bulk_insert('merge_request_diff_files', rows) + ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ #{RuboCop::Cop::Gitlab::BulkInsert::MSG} SOURCE end end diff --git a/spec/support/helpers/markdown_feature.rb b/spec/support/helpers/markdown_feature.rb index 40e0d4413e2..0cb2863dc2c 100644 --- a/spec/support/helpers/markdown_feature.rb +++ b/spec/support/helpers/markdown_feature.rb @@ -87,6 +87,10 @@ class MarkdownFeature @group_milestone ||= create(:milestone, name: 'group-milestone', group: group) end + def alert + @alert ||= create(:alert_management_alert, project: project) + end + # Cross-references ----------------------------------------------------------- def xproject @@ -125,6 +129,10 @@ class MarkdownFeature @xmilestone ||= create(:milestone, project: xproject) end + def xalert + @xalert ||= create(:alert_management_alert, project: xproject) + end + def urls Gitlab::Routing.url_helpers end diff --git a/spec/support/matchers/markdown_matchers.rb b/spec/support/matchers/markdown_matchers.rb index 103019d8dd8..6e75fa58700 100644 --- a/spec/support/matchers/markdown_matchers.rb +++ b/spec/support/matchers/markdown_matchers.rb @@ -174,6 +174,15 @@ module MarkdownMatchers end end + # AlertReferenceFilter + matcher :reference_alerts do + set_default_markdown_messages + + match do |actual| + expect(actual).to have_selector('a.gfm.gfm-alert', count: 5) + end + end + # TaskListFilter matcher :parse_task_lists do set_default_markdown_messages diff --git a/spec/support/shared_examples/lib/banzai/reference_parser_shared_examples.rb b/spec/support/shared_examples/lib/banzai/reference_parser_shared_examples.rb index d903c0f10e0..479b26977e2 100644 --- a/spec/support/shared_examples/lib/banzai/reference_parser_shared_examples.rb +++ b/spec/support/shared_examples/lib/banzai/reference_parser_shared_examples.rb @@ -1,6 +1,7 @@ # frozen_string_literal: true RSpec.shared_examples "referenced feature visibility" do |*related_features| + let(:enable_user?) { false } let(:feature_fields) do related_features.map { |feature| (feature + "_access_level").to_sym } end @@ -35,8 +36,11 @@ RSpec.shared_examples "referenced feature visibility" do |*related_features| end context "when feature is enabled" do - # The project is public + # Allows implementing specs to enable finer-tuned permissions + let(:enable_user?) { true } + it "creates reference" do + # The project is public set_features_fields_to(ProjectFeature::ENABLED) expect(subject.nodes_visible_to_user(user, [link])).to eq([link])