kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2022-07-20 09:10:09 +00:00
parent 026ef03e77
commit 6078f74ce9
20 changed files with 196 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/assets/javascripts/packages_and_registries/settings/group/components/packages_settings.vue
View File

@ -100,8 +100,8 @@ export default {
:duplicate-exception-regex-error="errors.mavenDuplicateExceptionRegex"
:model-names="modelNames"
:loading="isLoading"
toggle-qa-selector="allow_duplicates_toggle"
label-qa-selector="allow_duplicates_label"
toggle-qa-selector="reject_duplicates_toggle"
label-qa-selector="reject_duplicates_label"
@update="updateSettings"
/>
</template>

6
app/models/key.rb
View File

@ -121,6 +121,12 @@ class Key < ApplicationRecord
@public_key ||= Gitlab::SSHPublicKey.new(key)
end
def ensure_sha256_fingerprint!
return if self.fingerprint_sha256
save if generate_fingerprint
end
private
def generate_fingerprint

11
app/services/projects/move_deploy_keys_projects_service.rb
View File

@ -5,6 +5,10 @@ module Projects
def execute(source_project, remove_remaining_elements: true)
return unless super
# The SHA256 fingerprint should be there, but just in case it isn't
# we want to make sure it's generated. Otherwise we might delete keys.
ensure_sha256_fingerprints
Project.transaction do
move_deploy_keys_projects
remove_remaining_deploy_keys_projects if remove_remaining_elements
@ -15,6 +19,11 @@ module Projects
private
def ensure_sha256_fingerprints
@project.deploy_keys.each(&:ensure_sha256_fingerprint!)
source_project.deploy_keys.each(&:ensure_sha256_fingerprint!)
end
def move_deploy_keys_projects
non_existent_deploy_keys_projects.update_all(project_id: @project.id)
end
@ -23,7 +32,7 @@ module Projects
def non_existent_deploy_keys_projects
source_project.deploy_keys_projects
.joins(:deploy_key)
.where.not(keys: { fingerprint: @project.deploy_keys.select(:fingerprint) })
.where.not(keys: { fingerprint_sha256: @project.deploy_keys.select(:fingerprint_sha256) })
end
# rubocop: enable CodeReuse/ActiveRecord

3
app/views/users/_profile_basic_info.html.haml
View File

@ -2,5 +2,8 @@
= render 'middle_dot_divider' do
@#{@user.username}
- if can?(current_user, :read_user_profile, @user)
= render 'middle_dot_divider' do
= s_('UserProfile|User ID: %{id}') % { id: @user.id }
= clipboard_button(title: s_('UserProfile|Copy user ID'), text: @user.id)
= render 'middle_dot_divider' do
= s_('Member since %{date}') % { date: @user.created_at.to_date.to_s(:long) }

19
doc/administration/troubleshooting/gitlab_rails_cheat_sheet.md
View File

@ -927,13 +927,13 @@ conflicting_permanent_redirects.destroy_all
## Merge requests
### Close a merge request properly (if merged but still marked as open)
### Close a merge request
```ruby
u = User.find_by_username('<username>')
p = Project.find_by_full_path('<namespace/project>')
m = p.merge_requests.find_by(iid: <iid>)
MergeRequests::PostMergeService.new(project: p, current_user: u).execute(m)
MergeRequests::CloseService.new(project: p, current_user: u).execute(m)
```
### Delete a merge request
@ -954,6 +954,21 @@ m = p.merge_requests.find_by(iid: <iid>)
MergeRequests::RebaseService.new(project: m.target_project, current_user: u).execute(m)
```
### Set a merge request as merged
Use when a merge request was accepted and the changes merged into the Git repository,
but the merge request still shows as open.
If the changes are not merged yet, this action causes the merge request to
incorrectly show `merged into <branch-name>`.
```ruby
u = User.find_by_username('<username>')
p = Project.find_by_full_path('<namespace/project>')
m = p.merge_requests.find_by(iid: <iid>)
MergeRequests::PostMergeService.new(project: p, current_user: u).execute(m)
```
## CI
### Cancel stuck pending pipelines

22
doc/ci/jobs/job_control.md
View File

@ -304,7 +304,7 @@ to add jobs to a pipeline:
```yaml
docker build:
variables:
DOCKERFILES_DIR: 'path/to/files/'
DOCKERFILES_DIR: 'path/to/files'
script: docker build -t my-image:$CI_COMMIT_REF_SLUG .
rules:
- changes:
@ -1005,6 +1005,26 @@ Additionally, rules with `changes` always evaluate as true in [scheduled pipelin
All files are considered to have changed when a scheduled pipeline runs, so jobs
might always be added to scheduled pipelines that use `changes`.
### File paths in CI/CD variables
Be careful when using file paths in CI/CD variables. A trailing slash can appear correct
in the variable definition, but can become invalid when expanded in `script:`, `changes:`,
or other keywords. For example:
```yaml
docker_build:
variables:
DOCKERFILES_DIR: 'path/to/files/' # This variable should not have a trailing '/' character
script: echo "A docker job"
rules:
- changes:
- $DOCKERFILES_DIR/*
```
When the `DOCKERFILES_DIR` variable is expanded in the `changes:` section, the full
path becomes `path/to/files//*`. The double slashes might cause unexpected behavior
depending on the keyword used, shell and OS of the runner, and so on.
### `You are not allowed to download code from this project.` error message
You might see pipelines fail when a GitLab administrator runs a protected manual job

1
doc/development/i18n/proofreader.md
View File

@ -34,6 +34,7 @@ are very appreciative of the work done by translators and proofreaders!
- Weizhe Ding - [GitLab](https://gitlab.com/d.weizhe), [Crowdin](https://crowdin.com/profile/d.weizhe)
- Yi-Jyun Pan - [GitLab](https://gitlab.com/pan93412), [Crowdin](https://crowdin.com/profile/pan93412)
- Victor Wu - [GitLab](https://gitlab.com/_victorwu_), [Crowdin](https://crowdin.com/profile/victorwu)
- Hansel Wang - [GitLab](https://gitlab.com/airness), [Crowdin](https://crowdin.com/profile/airness)
- Chinese Traditional, Hong Kong 繁體中文 (香港)
- Victor Wu - [GitLab](https://gitlab.com/_victorwu_), [Crowdin](https://crowdin.com/profile/victorwu)
- Ivan Ip - [GitLab](https://gitlab.com/lifehome), [Crowdin](https://crowdin.com/profile/lifehome)

3
doc/user/admin_area/broadcast_messages.md
View File

@ -7,7 +7,8 @@ type: reference, howto
# Broadcast messages **(FREE SELF)**
> Target roles [introduced](https://gitlab.com/gitlab-org/growth/team-tasks/-/issues/461) in GitLab 14.8 [with a flag](../../administration/feature_flags.md) named `role_targeted_broadcast_messages`. Disabled by default.
> - Target roles [introduced](https://gitlab.com/gitlab-org/growth/team-tasks/-/issues/461) in GitLab 14.8 [with a flag](../../administration/feature_flags.md) named `role_targeted_broadcast_messages`. Disabled by default.
> - Theme [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/83251) and background color removed in GitLab 14.10.
GitLab can display broadcast messages to users of a GitLab instance. There are two types of broadcast messages:

21
doc/user/project/merge_requests/csv_export.md
View File

@ -4,17 +4,25 @@ group: Compliance
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
---
# Export merge requests to CSV **(FREE)**
# Export merge requests to CSV**(FREE)**
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/3619) in GitLab 13.6.
Exporting merge requests CSV enables you and your team to export all the data collected from merge requests into a comma-separated values (CSV) file, which stores tabular data in plain text.
Export all the data collected from a project's merge requests into a comma-separated values (CSV) file.
To export merge requests to CSV, navigate to your **Merge requests** from the sidebar of a project and select **Export as CSV**.
To export merge requests to a CSV file:
1. On the top bar, select **Menu > Projects** and find your project.
1. On the left sidebar, select **Merge requests** .
1. Add any searches or filters. This can help you keep the size of the CSV file under the 15MB limit. The limit ensures
the file can be emailed to a variety of email providers.
1. Select **Export as CSV** (**{export}**).
1. Confirm the correct number of merge requests are to be exported.
1. Select **Export merge requests**.
## CSV Output
The following table shows what attributes will be present in the CSV.
The following table shows the attributes in the CSV file.
| Column | Description |
|--------------------|--------------------------------------------------------------|
@ -42,8 +50,3 @@ The following table shows what attributes will be present in the CSV.
In GitLab 14.7 and earlier, the first two columns were `MR ID` and `URL`,
which [caused an issue](https://gitlab.com/gitlab-org/gitlab/-/issues/34769)
when importing back into GitLab.
## Limitations
- Export merge requests to CSV is not available at the Group's merge request list.
- As the merge request CSV file is sent as an email attachment, the size is limited to 15MB to ensure successful delivery across a range of email providers. If you need to minimize the size of the file, you can narrow the search before export. For example, you can set up exports of open and closed merge requests in separate files.

13
lib/api/maven_packages.rb
View File

@ -43,6 +43,9 @@ module API
end
end
# The sha verification done by the maven api is between:
# - the sha256 set by workhorse helpers
# - the sha256 of the sha1 of the uploaded package file
def verify_package_file(package_file, uploaded_file)
stored_sha256 = Digest::SHA256.hexdigest(package_file.file_sha1)
expected_sha256 = uploaded_file.sha256
@ -50,6 +53,16 @@ module API
if stored_sha256 == expected_sha256
no_content!
else
# Track sha1 conflicts.
# See https://gitlab.com/gitlab-org/gitlab/-/issues/367356
Gitlab::ErrorTracking.log_exception(
ArgumentError.new,
message: 'maven package file sha1 conflict',
stored_sha1: package_file.file_sha1,
received_sha256: uploaded_file.sha256,
sha256_hexdigest_of_stored_sha1: stored_sha256
)
conflict!
end
end

6
locale/gitlab.pot
View File

@ -42260,6 +42260,9 @@ msgstr ""
msgid "UserProfile|Contributed projects"
msgstr ""
msgid "UserProfile|Copy user ID"
msgstr ""
msgid "UserProfile|Edit profile"
msgstr ""
@ -42341,6 +42344,9 @@ msgstr ""
msgid "UserProfile|Unconfirmed user"
msgstr ""
msgid "UserProfile|User ID: %{id}"
msgstr ""
msgid "UserProfile|View all"
msgstr ""

24
qa/qa/page/group/settings/package_registries.rb
View File

@ -8,8 +8,8 @@ module QA
view 'app/assets/javascripts/packages_and_registries/settings/group/components/packages_settings.vue' do
element :package_registry_settings_content
element :allow_duplicates_toggle
element :allow_duplicates_label
element :reject_duplicates_toggle
element :reject_duplicates_label
end
view 'app/assets/javascripts/packages_and_registries/settings/group/components/dependency_proxy_settings.vue' do
@ -17,32 +17,32 @@ module QA
element :dependency_proxy_setting_toggle
end
def set_allow_duplicates_disabled
def set_reject_duplicates_disabled
within_element :package_registry_settings_content do
click_on_allow_duplicates_button if duplicates_enabled?
click_on_reject_duplicates_button if duplicates_disabled?
end
end
def set_allow_duplicates_enabled
def set_reject_duplicates_enabled
within_element :package_registry_settings_content do
click_on_allow_duplicates_button unless duplicates_enabled?
click_on_reject_duplicates_button unless duplicates_disabled?
end
end
def click_on_allow_duplicates_button
with_allow_duplicates_button do |button|
def click_on_reject_duplicates_button
with_reject_duplicates_button do |button|
button.click
end
end
def duplicates_enabled?
with_allow_duplicates_button do |button|
def duplicates_disabled?
with_reject_duplicates_button do |button|
button[:class].include?('is-checked')
end
end
def with_allow_duplicates_button
within_element :allow_duplicates_toggle do
def with_reject_duplicates_button
within_element :reject_duplicates_toggle do
toggle = find('button.gl-toggle:not(.is-disabled)')
yield(toggle)
end

10
qa/qa/specs/features/browser_ui/5_package/package_registry/maven/maven_group_level_spec.rb
View File

@ -135,14 +135,14 @@ module QA
end
end
context 'duplication setting', quarantine: { type: :stale, issue: 'https://gitlab.com/gitlab-org/gitlab/-/issues/365150' } do
context 'duplication setting' do
before do
package_project.group.visit!
Page::Group::Menu.perform(&:go_to_package_settings)
end
context 'when disabled' do
context 'when enabled' do
where do
{
'using a personal access token' => {
@ -176,7 +176,7 @@ module QA
end
before do
Page::Group::Settings::PackageRegistries.perform(&:set_allow_duplicates_disabled)
Page::Group::Settings::PackageRegistries.perform(&:set_reject_duplicates_enabled)
end
it 'prevents users from publishing group level Maven packages duplicates', testcase: params[:testcase] do
@ -195,7 +195,7 @@ module QA
end
end
context 'when enabled' do
context 'when disabled' do
where do
{
'using a personal access token' => {
@ -229,7 +229,7 @@ module QA
end
before do
Page::Group::Settings::PackageRegistries.perform(&:set_allow_duplicates_enabled)
Page::Group::Settings::PackageRegistries.perform(&:set_reject_duplicates_disabled)
end
it 'allows users to publish group level Maven packages duplicates', testcase: params[:testcase] do

55
scripts/process_custom_semgrep_results.sh
View File

@ -1,55 +0,0 @@
# This script requires BOT_USER_ID, CUSTOM_SAST_RULES_BOT_PAT and CI_MERGE_REQUEST_IID variables to be set
echo "Processing vuln report"
# Preparing the message for the comment that will be posted by the bot
# Empty string if there are no findings
jq -crM '.vulnerabilities |
map( select( .identifiersprocess_custom_semgrep_results[0].name | test( "glappsec_" ) ) |
"- `" + .location.file + "` line " + ( .location.start_line | tostring ) +
(
if .location.start_line = .location.end_line then ""
else ( " to " + ( .location.end_line | tostring ) ) end
) + ": " + .message
) |
sort |
if length > 0 then
{ body: ("The findings below have been detected based on the AppSec custom SAST rules. For more information about this bot and what to do with this comment head over to the [README](https://gitlab.com/gitlab-com/gl-security/appsec/sast-custom-rules/-/tree/main/appsec-pings). The following lines of code possibly need attention:\n\n" + join("\n") + "\n\n/cc @gitlab-com/gl-security/appsec") }
else
empty
end' gl-sast-report.json >findings.txt
echo "Resulting file:"
cat findings.txt
EXISTING_COMMENT_ID=$(curl "https://gitlab.com/api/v4/projects/$CI_PROJECT_ID/merge_requests/$CI_MERGE_REQUEST_IID/notes" \
--header "Private-Token: $CUSTOM_SAST_RULES_BOT_PAT" |
jq -crM 'map( select( .author.id == (env.BOT_USER_ID | tonumber) ) | .id ) | first')
echo "EXISTING_COMMENT_ID: $EXISTING_COMMENT_ID"
if [ "$EXISTING_COMMENT_ID" == "null" ]; then
if [ -s findings.txt ]; then
echo "No existing comment and there are findings: a new comment will be posted"
curl "https://gitlab.com/api/v4/projects/$CI_PROJECT_ID/merge_requests/$CI_MERGE_REQUEST_IID/notes" \
--header "Private-Token: $CUSTOM_SAST_RULES_BOT_PAT" \
--header 'Content-Type: application/json' \
--data '@findings.txt'
else
echo "No existing comment and no findings: nothing to do"
fi
else
if [ -s findings.txt ]; then
echo "There is an existing comment and there are findings: the existing comment will be updated"
curl --request PUT "https://gitlab.com/api/v4/projects/$CI_PROJECT_ID/merge_requests/$CI_MERGE_REQUEST_IID/notes/$EXISTING_COMMENT_ID" \
--header "Private-Token: $CUSTOM_SAST_RULES_BOT_PAT" \
--header 'Content-Type: application/json' \
--data '@findings.txt'
else
echo "There is an existing comment but no findings: the existing comment will be updated to mention everything is resolved"
curl --request PUT "https://gitlab.com/api/v4/projects/$CI_PROJECT_ID/merge_requests/$CI_MERGE_REQUEST_IID/notes/$EXISTING_COMMENT_ID" \
--header "Private-Token: $CUSTOM_SAST_RULES_BOT_PAT" \
--header 'Content-Type: application/json' \
--data '{"body":"All findings based on the [AppSec custom Semgrep rules](https://gitlab.com/gitlab-com/gl-security/appsec/sast-custom-rules/) have been resolved! :tada:"}'
fi
fi

6
spec/features/users/show_spec.rb
View File

@ -9,6 +9,12 @@ RSpec.describe 'User page' do
subject(:visit_profile) { visit(user_path(user)) }
it 'shows user id' do
subject
expect(page).to have_content("User ID: #{user.id}")
end
context 'with public profile' do
it 'shows all the tabs' do
subject

1
spec/fixtures/packages/maven/my-app-1.0-20180724.124855-1.pom.sha1 vendored Normal file
View File

@ -0,0 +1 @@
78f664f030d2a684f59081e88b9461257e859c14

33
spec/models/key_spec.rb
View File

@ -240,6 +240,39 @@ RSpec.describe Key, :mailer do
end
end
describe '#ensure_sha256_fingerprint!' do
let_it_be_with_reload(:user_key) { create(:personal_key) }
context 'with a valid SHA256 fingerprint' do
it 'does nothing' do
expect(user_key).not_to receive(:generate_fingerprint)
user_key.ensure_sha256_fingerprint!
end
end
context 'with a missing SHA256 fingerprint' do
before do
user_key.update_column(:fingerprint_sha256, nil)
user_key.ensure_sha256_fingerprint!
end
it 'fingerprints are present' do
expect(user_key.reload.fingerprint_sha256).to be_present
end
end
context 'with an invalid public key' do
before do
user_key.update_column(:key, 'a')
end
it 'does not throw an exception' do
expect { user_key.ensure_sha256_fingerprint! }.not_to raise_error
end
end
end
context 'fingerprint generation' do
it 'generates both md5 and sha256 fingerprints' do
key = build(:rsa_key_4096)

33
spec/requests/api/maven_packages_spec.rb
View File

@ -1000,20 +1000,45 @@ RSpec.describe API::MavenPackages do
context 'for sha1 file' do
let(:dummy_package) { double(Packages::Package) }
let(:file_upload) { fixture_file_upload('spec/fixtures/packages/maven/my-app-1.0-20180724.124855-1.pom.sha1') }
let(:stored_sha1) { File.read(file_upload.path) }
it 'checks the sha1' do
subject(:upload) { upload_file_with_token(params: params, file_extension: 'pom.sha1') }
before do
# The sha verification done by the maven api is between:
# - the sha256 set by workhorse helpers
# - the sha256 of the sha1 of the uploaded package file
# We're going to send `file_upload` for the sha1 and stub the sha1 of the package file so that
# both sha256 being the same
expect(::Packages::PackageFileFinder).to receive(:new).and_return(double(execute!: dummy_package))
expect(dummy_package).to receive(:file_sha1).and_return(File.read(file_upload.path))
allow(::Packages::PackageFileFinder).to receive(:new).and_return(double(execute!: dummy_package))
allow(dummy_package).to receive(:file_sha1).and_return(stored_sha1)
end
upload_file_with_token(params: params, file_extension: 'jar.sha1')
it 'returns no content' do
upload
expect(response).to have_gitlab_http_status(:no_content)
end
context 'when the stored sha1 is not the same' do
let(:sent_sha1) { File.read(file_upload.path) }
let(:stored_sha1) { 'wrong sha1' }
it 'logs an error and returns conflict' do
expect(Gitlab::ErrorTracking).to receive(:log_exception).with(
instance_of(ArgumentError),
message: 'maven package file sha1 conflict',
stored_sha1: stored_sha1,
received_sha256: Digest::SHA256.hexdigest(sent_sha1),
sha256_hexdigest_of_stored_sha1: Digest::SHA256.hexdigest(stored_sha1)
)
upload
expect(response).to have_gitlab_http_status(:conflict)
end
end
end
context 'for md5 file' do

17
spec/services/projects/move_deploy_keys_projects_service_spec.rb
View File

@ -56,5 +56,22 @@ RSpec.describe Projects::MoveDeployKeysProjectsService do
expect(project_with_deploy_keys.deploy_keys_projects.count).not_to eq 0
end
end
context 'when SHA256 fingerprint is missing' do
before do
create(:deploy_keys_project, project: target_project)
DeployKey.all.update_all(fingerprint_sha256: nil)
end
it 'moves the user\'s deploy keys from one project to another' do
combined_keys = project_with_deploy_keys.deploy_keys + target_project.deploy_keys
subject.execute(project_with_deploy_keys)
expect(project_with_deploy_keys.deploy_keys.reload).to be_empty
expect(target_project.deploy_keys.reload).to match_array(combined_keys)
expect(DeployKey.all.select(:fingerprint_sha256)).to all(be_present)
end
end
end
end

0
tmp/run/.gitkeep
View File