From 6078f74ce914ab0ec4a4a6a21318a64b864ba625 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Wed, 20 Jul 2022 09:10:09 +0000 Subject: [PATCH] Add latest changes from gitlab-org/gitlab@master --- .../group/components/packages_settings.vue | 4 +- app/models/key.rb | 6 ++ .../move_deploy_keys_projects_service.rb | 11 +++- app/views/users/_profile_basic_info.html.haml | 3 + .../gitlab_rails_cheat_sheet.md | 19 ++++++- doc/ci/jobs/job_control.md | 22 +++++++- doc/development/i18n/proofreader.md | 1 + doc/user/admin_area/broadcast_messages.md | 3 +- doc/user/project/merge_requests/csv_export.md | 21 ++++--- lib/api/maven_packages.rb | 13 +++++ locale/gitlab.pot | 6 ++ .../page/group/settings/package_registries.rb | 24 ++++---- .../maven/maven_group_level_spec.rb | 10 ++-- scripts/process_custom_semgrep_results.sh | 55 ------------------- spec/features/users/show_spec.rb | 6 ++ .../my-app-1.0-20180724.124855-1.pom.sha1 | 1 + spec/models/key_spec.rb | 33 +++++++++++ spec/requests/api/maven_packages_spec.rb | 33 +++++++++-- .../move_deploy_keys_projects_service_spec.rb | 17 ++++++ tmp/run/.gitkeep | 0 20 files changed, 196 insertions(+), 92 deletions(-) delete mode 100755 scripts/process_custom_semgrep_results.sh create mode 100644 spec/fixtures/packages/maven/my-app-1.0-20180724.124855-1.pom.sha1 delete mode 100644 tmp/run/.gitkeep diff --git a/app/assets/javascripts/packages_and_registries/settings/group/components/packages_settings.vue b/app/assets/javascripts/packages_and_registries/settings/group/components/packages_settings.vue index f8c35338262..abb9f02d290 100644 --- a/app/assets/javascripts/packages_and_registries/settings/group/components/packages_settings.vue +++ b/app/assets/javascripts/packages_and_registries/settings/group/components/packages_settings.vue @@ -100,8 +100,8 @@ export default { :duplicate-exception-regex-error="errors.mavenDuplicateExceptionRegex" :model-names="modelNames" :loading="isLoading" - toggle-qa-selector="allow_duplicates_toggle" - label-qa-selector="allow_duplicates_label" + toggle-qa-selector="reject_duplicates_toggle" + label-qa-selector="reject_duplicates_label" @update="updateSettings" /> diff --git a/app/models/key.rb b/app/models/key.rb index 9f96a93cea1..9f6029cc5d4 100644 --- a/app/models/key.rb +++ b/app/models/key.rb @@ -121,6 +121,12 @@ class Key < ApplicationRecord @public_key ||= Gitlab::SSHPublicKey.new(key) end + def ensure_sha256_fingerprint! + return if self.fingerprint_sha256 + + save if generate_fingerprint + end + private def generate_fingerprint diff --git a/app/services/projects/move_deploy_keys_projects_service.rb b/app/services/projects/move_deploy_keys_projects_service.rb index 98ba5eb3f13..a45b78db383 100644 --- a/app/services/projects/move_deploy_keys_projects_service.rb +++ b/app/services/projects/move_deploy_keys_projects_service.rb @@ -5,6 +5,10 @@ module Projects def execute(source_project, remove_remaining_elements: true) return unless super + # The SHA256 fingerprint should be there, but just in case it isn't + # we want to make sure it's generated. Otherwise we might delete keys. + ensure_sha256_fingerprints + Project.transaction do move_deploy_keys_projects remove_remaining_deploy_keys_projects if remove_remaining_elements @@ -15,6 +19,11 @@ module Projects private + def ensure_sha256_fingerprints + @project.deploy_keys.each(&:ensure_sha256_fingerprint!) + source_project.deploy_keys.each(&:ensure_sha256_fingerprint!) + end + def move_deploy_keys_projects non_existent_deploy_keys_projects.update_all(project_id: @project.id) end @@ -23,7 +32,7 @@ module Projects def non_existent_deploy_keys_projects source_project.deploy_keys_projects .joins(:deploy_key) - .where.not(keys: { fingerprint: @project.deploy_keys.select(:fingerprint) }) + .where.not(keys: { fingerprint_sha256: @project.deploy_keys.select(:fingerprint_sha256) }) end # rubocop: enable CodeReuse/ActiveRecord diff --git a/app/views/users/_profile_basic_info.html.haml b/app/views/users/_profile_basic_info.html.haml index 3b0186e84e1..b62440fcbde 100644 --- a/app/views/users/_profile_basic_info.html.haml +++ b/app/views/users/_profile_basic_info.html.haml @@ -2,5 +2,8 @@ = render 'middle_dot_divider' do @#{@user.username} - if can?(current_user, :read_user_profile, @user) + = render 'middle_dot_divider' do + = s_('UserProfile|User ID: %{id}') % { id: @user.id } + = clipboard_button(title: s_('UserProfile|Copy user ID'), text: @user.id) = render 'middle_dot_divider' do = s_('Member since %{date}') % { date: @user.created_at.to_date.to_s(:long) } diff --git a/doc/administration/troubleshooting/gitlab_rails_cheat_sheet.md b/doc/administration/troubleshooting/gitlab_rails_cheat_sheet.md index 0ff1afa86ed..9227dceeb2d 100644 --- a/doc/administration/troubleshooting/gitlab_rails_cheat_sheet.md +++ b/doc/administration/troubleshooting/gitlab_rails_cheat_sheet.md @@ -927,13 +927,13 @@ conflicting_permanent_redirects.destroy_all ## Merge requests -### Close a merge request properly (if merged but still marked as open) +### Close a merge request ```ruby u = User.find_by_username('') p = Project.find_by_full_path('') m = p.merge_requests.find_by(iid: ) -MergeRequests::PostMergeService.new(project: p, current_user: u).execute(m) +MergeRequests::CloseService.new(project: p, current_user: u).execute(m) ``` ### Delete a merge request @@ -954,6 +954,21 @@ m = p.merge_requests.find_by(iid: ) MergeRequests::RebaseService.new(project: m.target_project, current_user: u).execute(m) ``` +### Set a merge request as merged + +Use when a merge request was accepted and the changes merged into the Git repository, +but the merge request still shows as open. + +If the changes are not merged yet, this action causes the merge request to +incorrectly show `merged into `. + +```ruby +u = User.find_by_username('') +p = Project.find_by_full_path('') +m = p.merge_requests.find_by(iid: ) +MergeRequests::PostMergeService.new(project: p, current_user: u).execute(m) +``` + ## CI ### Cancel stuck pending pipelines diff --git a/doc/ci/jobs/job_control.md b/doc/ci/jobs/job_control.md index 24133fe9a9b..e2a1751f279 100644 --- a/doc/ci/jobs/job_control.md +++ b/doc/ci/jobs/job_control.md @@ -304,7 +304,7 @@ to add jobs to a pipeline: ```yaml docker build: variables: - DOCKERFILES_DIR: 'path/to/files/' + DOCKERFILES_DIR: 'path/to/files' script: docker build -t my-image:$CI_COMMIT_REF_SLUG . rules: - changes: @@ -1005,6 +1005,26 @@ Additionally, rules with `changes` always evaluate as true in [scheduled pipelin All files are considered to have changed when a scheduled pipeline runs, so jobs might always be added to scheduled pipelines that use `changes`. +### File paths in CI/CD variables + +Be careful when using file paths in CI/CD variables. A trailing slash can appear correct +in the variable definition, but can become invalid when expanded in `script:`, `changes:`, +or other keywords. For example: + +```yaml +docker_build: + variables: + DOCKERFILES_DIR: 'path/to/files/' # This variable should not have a trailing '/' character + script: echo "A docker job" + rules: + - changes: + - $DOCKERFILES_DIR/* +``` + +When the `DOCKERFILES_DIR` variable is expanded in the `changes:` section, the full +path becomes `path/to/files//*`. The double slashes might cause unexpected behavior +depending on the keyword used, shell and OS of the runner, and so on. + ### `You are not allowed to download code from this project.` error message You might see pipelines fail when a GitLab administrator runs a protected manual job diff --git a/doc/development/i18n/proofreader.md b/doc/development/i18n/proofreader.md index cee078ca891..fc0f9643733 100644 --- a/doc/development/i18n/proofreader.md +++ b/doc/development/i18n/proofreader.md @@ -34,6 +34,7 @@ are very appreciative of the work done by translators and proofreaders! - Weizhe Ding - [GitLab](https://gitlab.com/d.weizhe), [Crowdin](https://crowdin.com/profile/d.weizhe) - Yi-Jyun Pan - [GitLab](https://gitlab.com/pan93412), [Crowdin](https://crowdin.com/profile/pan93412) - Victor Wu - [GitLab](https://gitlab.com/_victorwu_), [Crowdin](https://crowdin.com/profile/victorwu) + - Hansel Wang - [GitLab](https://gitlab.com/airness), [Crowdin](https://crowdin.com/profile/airness) - Chinese Traditional, Hong Kong 繁體中文 (香港) - Victor Wu - [GitLab](https://gitlab.com/_victorwu_), [Crowdin](https://crowdin.com/profile/victorwu) - Ivan Ip - [GitLab](https://gitlab.com/lifehome), [Crowdin](https://crowdin.com/profile/lifehome) diff --git a/doc/user/admin_area/broadcast_messages.md b/doc/user/admin_area/broadcast_messages.md index 959331c16de..a6e6a839912 100644 --- a/doc/user/admin_area/broadcast_messages.md +++ b/doc/user/admin_area/broadcast_messages.md @@ -7,7 +7,8 @@ type: reference, howto # Broadcast messages **(FREE SELF)** -> Target roles [introduced](https://gitlab.com/gitlab-org/growth/team-tasks/-/issues/461) in GitLab 14.8 [with a flag](../../administration/feature_flags.md) named `role_targeted_broadcast_messages`. Disabled by default. +> - Target roles [introduced](https://gitlab.com/gitlab-org/growth/team-tasks/-/issues/461) in GitLab 14.8 [with a flag](../../administration/feature_flags.md) named `role_targeted_broadcast_messages`. Disabled by default. +> - Theme [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/83251) and background color removed in GitLab 14.10. GitLab can display broadcast messages to users of a GitLab instance. There are two types of broadcast messages: diff --git a/doc/user/project/merge_requests/csv_export.md b/doc/user/project/merge_requests/csv_export.md index 2adcc4d4575..aebd5024884 100644 --- a/doc/user/project/merge_requests/csv_export.md +++ b/doc/user/project/merge_requests/csv_export.md @@ -4,17 +4,25 @@ group: Compliance info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Export merge requests to CSV **(FREE)** +# Export merge requests to CSV**(FREE)** > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/3619) in GitLab 13.6. -Exporting merge requests CSV enables you and your team to export all the data collected from merge requests into a comma-separated values (CSV) file, which stores tabular data in plain text. +Export all the data collected from a project's merge requests into a comma-separated values (CSV) file. -To export merge requests to CSV, navigate to your **Merge requests** from the sidebar of a project and select **Export as CSV**. +To export merge requests to a CSV file: + +1. On the top bar, select **Menu > Projects** and find your project. +1. On the left sidebar, select **Merge requests** . +1. Add any searches or filters. This can help you keep the size of the CSV file under the 15MB limit. The limit ensures + the file can be emailed to a variety of email providers. +1. Select **Export as CSV** (**{export}**). +1. Confirm the correct number of merge requests are to be exported. +1. Select **Export merge requests**. ## CSV Output -The following table shows what attributes will be present in the CSV. +The following table shows the attributes in the CSV file. | Column | Description | |--------------------|--------------------------------------------------------------| @@ -42,8 +50,3 @@ The following table shows what attributes will be present in the CSV. In GitLab 14.7 and earlier, the first two columns were `MR ID` and `URL`, which [caused an issue](https://gitlab.com/gitlab-org/gitlab/-/issues/34769) when importing back into GitLab. - -## Limitations - -- Export merge requests to CSV is not available at the Group's merge request list. -- As the merge request CSV file is sent as an email attachment, the size is limited to 15MB to ensure successful delivery across a range of email providers. If you need to minimize the size of the file, you can narrow the search before export. For example, you can set up exports of open and closed merge requests in separate files. diff --git a/lib/api/maven_packages.rb b/lib/api/maven_packages.rb index e2481dcb8c1..c2ed23102a5 100644 --- a/lib/api/maven_packages.rb +++ b/lib/api/maven_packages.rb @@ -43,6 +43,9 @@ module API end end + # The sha verification done by the maven api is between: + # - the sha256 set by workhorse helpers + # - the sha256 of the sha1 of the uploaded package file def verify_package_file(package_file, uploaded_file) stored_sha256 = Digest::SHA256.hexdigest(package_file.file_sha1) expected_sha256 = uploaded_file.sha256 @@ -50,6 +53,16 @@ module API if stored_sha256 == expected_sha256 no_content! else + # Track sha1 conflicts. + # See https://gitlab.com/gitlab-org/gitlab/-/issues/367356 + Gitlab::ErrorTracking.log_exception( + ArgumentError.new, + message: 'maven package file sha1 conflict', + stored_sha1: package_file.file_sha1, + received_sha256: uploaded_file.sha256, + sha256_hexdigest_of_stored_sha1: stored_sha256 + ) + conflict! end end diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 0269af7dac9..e51f434bb55 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -42260,6 +42260,9 @@ msgstr "" msgid "UserProfile|Contributed projects" msgstr "" +msgid "UserProfile|Copy user ID" +msgstr "" + msgid "UserProfile|Edit profile" msgstr "" @@ -42341,6 +42344,9 @@ msgstr "" msgid "UserProfile|Unconfirmed user" msgstr "" +msgid "UserProfile|User ID: %{id}" +msgstr "" + msgid "UserProfile|View all" msgstr "" diff --git a/qa/qa/page/group/settings/package_registries.rb b/qa/qa/page/group/settings/package_registries.rb index fa24f7c2ce8..35186159dc9 100644 --- a/qa/qa/page/group/settings/package_registries.rb +++ b/qa/qa/page/group/settings/package_registries.rb @@ -8,8 +8,8 @@ module QA view 'app/assets/javascripts/packages_and_registries/settings/group/components/packages_settings.vue' do element :package_registry_settings_content - element :allow_duplicates_toggle - element :allow_duplicates_label + element :reject_duplicates_toggle + element :reject_duplicates_label end view 'app/assets/javascripts/packages_and_registries/settings/group/components/dependency_proxy_settings.vue' do @@ -17,32 +17,32 @@ module QA element :dependency_proxy_setting_toggle end - def set_allow_duplicates_disabled + def set_reject_duplicates_disabled within_element :package_registry_settings_content do - click_on_allow_duplicates_button if duplicates_enabled? + click_on_reject_duplicates_button if duplicates_disabled? end end - def set_allow_duplicates_enabled + def set_reject_duplicates_enabled within_element :package_registry_settings_content do - click_on_allow_duplicates_button unless duplicates_enabled? + click_on_reject_duplicates_button unless duplicates_disabled? end end - def click_on_allow_duplicates_button - with_allow_duplicates_button do |button| + def click_on_reject_duplicates_button + with_reject_duplicates_button do |button| button.click end end - def duplicates_enabled? - with_allow_duplicates_button do |button| + def duplicates_disabled? + with_reject_duplicates_button do |button| button[:class].include?('is-checked') end end - def with_allow_duplicates_button - within_element :allow_duplicates_toggle do + def with_reject_duplicates_button + within_element :reject_duplicates_toggle do toggle = find('button.gl-toggle:not(.is-disabled)') yield(toggle) end diff --git a/qa/qa/specs/features/browser_ui/5_package/package_registry/maven/maven_group_level_spec.rb b/qa/qa/specs/features/browser_ui/5_package/package_registry/maven/maven_group_level_spec.rb index 74b7a793f8c..180910e85a0 100644 --- a/qa/qa/specs/features/browser_ui/5_package/package_registry/maven/maven_group_level_spec.rb +++ b/qa/qa/specs/features/browser_ui/5_package/package_registry/maven/maven_group_level_spec.rb @@ -135,14 +135,14 @@ module QA end end - context 'duplication setting', quarantine: { type: :stale, issue: 'https://gitlab.com/gitlab-org/gitlab/-/issues/365150' } do + context 'duplication setting' do before do package_project.group.visit! Page::Group::Menu.perform(&:go_to_package_settings) end - context 'when disabled' do + context 'when enabled' do where do { 'using a personal access token' => { @@ -176,7 +176,7 @@ module QA end before do - Page::Group::Settings::PackageRegistries.perform(&:set_allow_duplicates_disabled) + Page::Group::Settings::PackageRegistries.perform(&:set_reject_duplicates_enabled) end it 'prevents users from publishing group level Maven packages duplicates', testcase: params[:testcase] do @@ -195,7 +195,7 @@ module QA end end - context 'when enabled' do + context 'when disabled' do where do { 'using a personal access token' => { @@ -229,7 +229,7 @@ module QA end before do - Page::Group::Settings::PackageRegistries.perform(&:set_allow_duplicates_enabled) + Page::Group::Settings::PackageRegistries.perform(&:set_reject_duplicates_disabled) end it 'allows users to publish group level Maven packages duplicates', testcase: params[:testcase] do diff --git a/scripts/process_custom_semgrep_results.sh b/scripts/process_custom_semgrep_results.sh deleted file mode 100755 index 8370c95efca..00000000000 --- a/scripts/process_custom_semgrep_results.sh +++ /dev/null @@ -1,55 +0,0 @@ -# This script requires BOT_USER_ID, CUSTOM_SAST_RULES_BOT_PAT and CI_MERGE_REQUEST_IID variables to be set - -echo "Processing vuln report" - -# Preparing the message for the comment that will be posted by the bot -# Empty string if there are no findings -jq -crM '.vulnerabilities | - map( select( .identifiersprocess_custom_semgrep_results[0].name | test( "glappsec_" ) ) | - "- `" + .location.file + "` line " + ( .location.start_line | tostring ) + - ( - if .location.start_line = .location.end_line then "" - else ( " to " + ( .location.end_line | tostring ) ) end - ) + ": " + .message - ) | - sort | - if length > 0 then - { body: ("The findings below have been detected based on the AppSec custom SAST rules. For more information about this bot and what to do with this comment head over to the [README](https://gitlab.com/gitlab-com/gl-security/appsec/sast-custom-rules/-/tree/main/appsec-pings). The following lines of code possibly need attention:\n\n" + join("\n") + "\n\n/cc @gitlab-com/gl-security/appsec") } - else - empty - end' gl-sast-report.json >findings.txt - -echo "Resulting file:" -cat findings.txt - -EXISTING_COMMENT_ID=$(curl "https://gitlab.com/api/v4/projects/$CI_PROJECT_ID/merge_requests/$CI_MERGE_REQUEST_IID/notes" \ - --header "Private-Token: $CUSTOM_SAST_RULES_BOT_PAT" | - jq -crM 'map( select( .author.id == (env.BOT_USER_ID | tonumber) ) | .id ) | first') - -echo "EXISTING_COMMENT_ID: $EXISTING_COMMENT_ID" - -if [ "$EXISTING_COMMENT_ID" == "null" ]; then - if [ -s findings.txt ]; then - echo "No existing comment and there are findings: a new comment will be posted" - curl "https://gitlab.com/api/v4/projects/$CI_PROJECT_ID/merge_requests/$CI_MERGE_REQUEST_IID/notes" \ - --header "Private-Token: $CUSTOM_SAST_RULES_BOT_PAT" \ - --header 'Content-Type: application/json' \ - --data '@findings.txt' - else - echo "No existing comment and no findings: nothing to do" - fi -else - if [ -s findings.txt ]; then - echo "There is an existing comment and there are findings: the existing comment will be updated" - curl --request PUT "https://gitlab.com/api/v4/projects/$CI_PROJECT_ID/merge_requests/$CI_MERGE_REQUEST_IID/notes/$EXISTING_COMMENT_ID" \ - --header "Private-Token: $CUSTOM_SAST_RULES_BOT_PAT" \ - --header 'Content-Type: application/json' \ - --data '@findings.txt' - else - echo "There is an existing comment but no findings: the existing comment will be updated to mention everything is resolved" - curl --request PUT "https://gitlab.com/api/v4/projects/$CI_PROJECT_ID/merge_requests/$CI_MERGE_REQUEST_IID/notes/$EXISTING_COMMENT_ID" \ - --header "Private-Token: $CUSTOM_SAST_RULES_BOT_PAT" \ - --header 'Content-Type: application/json' \ - --data '{"body":"All findings based on the [AppSec custom Semgrep rules](https://gitlab.com/gitlab-com/gl-security/appsec/sast-custom-rules/) have been resolved! :tada:"}' - fi -fi diff --git a/spec/features/users/show_spec.rb b/spec/features/users/show_spec.rb index cb395846b96..2a444dad486 100644 --- a/spec/features/users/show_spec.rb +++ b/spec/features/users/show_spec.rb @@ -9,6 +9,12 @@ RSpec.describe 'User page' do subject(:visit_profile) { visit(user_path(user)) } + it 'shows user id' do + subject + + expect(page).to have_content("User ID: #{user.id}") + end + context 'with public profile' do it 'shows all the tabs' do subject diff --git a/spec/fixtures/packages/maven/my-app-1.0-20180724.124855-1.pom.sha1 b/spec/fixtures/packages/maven/my-app-1.0-20180724.124855-1.pom.sha1 new file mode 100644 index 00000000000..33b75ee37eb --- /dev/null +++ b/spec/fixtures/packages/maven/my-app-1.0-20180724.124855-1.pom.sha1 @@ -0,0 +1 @@ +78f664f030d2a684f59081e88b9461257e859c14 diff --git a/spec/models/key_spec.rb b/spec/models/key_spec.rb index f584057be5d..b98c0e8eae0 100644 --- a/spec/models/key_spec.rb +++ b/spec/models/key_spec.rb @@ -240,6 +240,39 @@ RSpec.describe Key, :mailer do end end + describe '#ensure_sha256_fingerprint!' do + let_it_be_with_reload(:user_key) { create(:personal_key) } + + context 'with a valid SHA256 fingerprint' do + it 'does nothing' do + expect(user_key).not_to receive(:generate_fingerprint) + + user_key.ensure_sha256_fingerprint! + end + end + + context 'with a missing SHA256 fingerprint' do + before do + user_key.update_column(:fingerprint_sha256, nil) + user_key.ensure_sha256_fingerprint! + end + + it 'fingerprints are present' do + expect(user_key.reload.fingerprint_sha256).to be_present + end + end + + context 'with an invalid public key' do + before do + user_key.update_column(:key, 'a') + end + + it 'does not throw an exception' do + expect { user_key.ensure_sha256_fingerprint! }.not_to raise_error + end + end + end + context 'fingerprint generation' do it 'generates both md5 and sha256 fingerprints' do key = build(:rsa_key_4096) diff --git a/spec/requests/api/maven_packages_spec.rb b/spec/requests/api/maven_packages_spec.rb index ba82d2facc6..321592fd844 100644 --- a/spec/requests/api/maven_packages_spec.rb +++ b/spec/requests/api/maven_packages_spec.rb @@ -1000,20 +1000,45 @@ RSpec.describe API::MavenPackages do context 'for sha1 file' do let(:dummy_package) { double(Packages::Package) } + let(:file_upload) { fixture_file_upload('spec/fixtures/packages/maven/my-app-1.0-20180724.124855-1.pom.sha1') } + let(:stored_sha1) { File.read(file_upload.path) } - it 'checks the sha1' do + subject(:upload) { upload_file_with_token(params: params, file_extension: 'pom.sha1') } + + before do # The sha verification done by the maven api is between: # - the sha256 set by workhorse helpers # - the sha256 of the sha1 of the uploaded package file # We're going to send `file_upload` for the sha1 and stub the sha1 of the package file so that # both sha256 being the same - expect(::Packages::PackageFileFinder).to receive(:new).and_return(double(execute!: dummy_package)) - expect(dummy_package).to receive(:file_sha1).and_return(File.read(file_upload.path)) + allow(::Packages::PackageFileFinder).to receive(:new).and_return(double(execute!: dummy_package)) + allow(dummy_package).to receive(:file_sha1).and_return(stored_sha1) + end - upload_file_with_token(params: params, file_extension: 'jar.sha1') + it 'returns no content' do + upload expect(response).to have_gitlab_http_status(:no_content) end + + context 'when the stored sha1 is not the same' do + let(:sent_sha1) { File.read(file_upload.path) } + let(:stored_sha1) { 'wrong sha1' } + + it 'logs an error and returns conflict' do + expect(Gitlab::ErrorTracking).to receive(:log_exception).with( + instance_of(ArgumentError), + message: 'maven package file sha1 conflict', + stored_sha1: stored_sha1, + received_sha256: Digest::SHA256.hexdigest(sent_sha1), + sha256_hexdigest_of_stored_sha1: Digest::SHA256.hexdigest(stored_sha1) + ) + + upload + + expect(response).to have_gitlab_http_status(:conflict) + end + end end context 'for md5 file' do diff --git a/spec/services/projects/move_deploy_keys_projects_service_spec.rb b/spec/services/projects/move_deploy_keys_projects_service_spec.rb index bd93b80f712..59674a3a4ef 100644 --- a/spec/services/projects/move_deploy_keys_projects_service_spec.rb +++ b/spec/services/projects/move_deploy_keys_projects_service_spec.rb @@ -56,5 +56,22 @@ RSpec.describe Projects::MoveDeployKeysProjectsService do expect(project_with_deploy_keys.deploy_keys_projects.count).not_to eq 0 end end + + context 'when SHA256 fingerprint is missing' do + before do + create(:deploy_keys_project, project: target_project) + DeployKey.all.update_all(fingerprint_sha256: nil) + end + + it 'moves the user\'s deploy keys from one project to another' do + combined_keys = project_with_deploy_keys.deploy_keys + target_project.deploy_keys + + subject.execute(project_with_deploy_keys) + + expect(project_with_deploy_keys.deploy_keys.reload).to be_empty + expect(target_project.deploy_keys.reload).to match_array(combined_keys) + expect(DeployKey.all.select(:fingerprint_sha256)).to all(be_present) + end + end end end diff --git a/tmp/run/.gitkeep b/tmp/run/.gitkeep deleted file mode 100644 index e69de29bb2d..00000000000