Add latest changes from gitlab-org/gitlab@master
This commit is contained in:
parent
f7f930eadb
commit
69b1c09769
|
@ -20,8 +20,6 @@ PATTERNS = %w[
|
|||
<tabs
|
||||
bs-callout
|
||||
deprecated-modal
|
||||
has-tooltip
|
||||
has_tooltip
|
||||
initDeprecatedJQueryDropdown
|
||||
loading-button
|
||||
v-popover
|
||||
|
|
|
@ -18,14 +18,14 @@ in the following table.
|
|||
|
||||
| Scope | Description |
|
||||
| ----- | ----------- |
|
||||
| `read_repository` | Allows read-access to the repository files. |
|
||||
| `api` | Allows read-write access to the repository files. |
|
||||
| `read_repository` | Allows read-access to the repository files. |
|
||||
|
||||
## Get file from repository
|
||||
|
||||
> The `execute_filemode` field in the response was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/83499) in GitLab 14.10.
|
||||
|
||||
Allows you to receive information about file in repository like name, size,
|
||||
Allows you to receive information about file in repository like name, size, and
|
||||
content. File content is Base64 encoded. This endpoint can be accessed
|
||||
without authentication if the repository is publicly accessible.
|
||||
|
||||
|
@ -38,10 +38,10 @@ curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/a
|
|||
```
|
||||
|
||||
| Attribute | Type | Required | Description |
|
||||
|-------------|----------------|----------|-----------------------------------------------------------------------------------------------------------------|
|
||||
| `id` | integer or string | yes | The ID or [URL-encoded path of the project](index.md#namespaced-path-encoding) owned by the authenticated user |
|
||||
| `file_path` | string | yes | URL encoded full path to new file. Ex. `lib%2Fclass%2Erb`. |
|
||||
| `ref` | string | yes | The name of branch, tag or commit |
|
||||
|-------------|----------------|----------|-------------|
|
||||
| `id` | integer or string | yes | The ID or [URL-encoded path of the project](index.md#namespaced-path-encoding) owned by the authenticated user. |
|
||||
| `file_path` | string | yes | URL encoded full path to new file, such as `lib%2Fclass%2Erb`. |
|
||||
| `ref` | string | yes | The name of branch, tag or commit. |
|
||||
|
||||
Example response:
|
||||
|
||||
|
@ -62,7 +62,8 @@ Example response:
|
|||
```
|
||||
|
||||
NOTE:
|
||||
`blob_id` is the blob SHA, see [repositories - Get a blob from repository](repositories.md#get-a-blob-from-repository)
|
||||
`blob_id` is the blob SHA. Refer to [Get a blob from repository](repositories.md#get-a-blob-from-repository)
|
||||
in the Repositories API.
|
||||
|
||||
In addition to the `GET` method, you can also use `HEAD` to get just file metadata.
|
||||
|
||||
|
@ -101,13 +102,13 @@ GET /projects/:id/repository/files/:file_path/blame
|
|||
```
|
||||
|
||||
| Attribute | Type | Required | Description |
|
||||
|-----------------|-------------------|----------|--------------------------------------------------------------------------------------------------------------|
|
||||
| `id` | integer or string | yes | The ID or [URL-encoded path of the project](index.md#namespaced-path-encoding) owned by the authenticated user |
|
||||
| `file_path` | string | yes | URL encoded full path to new file. Ex. `lib%2Fclass%2Erb`. |
|
||||
| `ref` | string | yes | The name of branch, tag or commit |
|
||||
| `range` | hash | no | Blame range |
|
||||
| `range[start]` | integer | yes | The first line of the range to blame |
|
||||
| `range[end]` | integer | yes | The last line of the range to blame |
|
||||
|-----------------|-------------------|----------|-------------|
|
||||
| `id` | integer or string | yes | The ID or [URL-encoded path of the project](index.md#namespaced-path-encoding) owned by the authenticated user. |
|
||||
| `file_path` | string | yes | URL-encoded full path to new file, such as`lib%2Fclass%2Erb`. |
|
||||
| `ref` | string | yes | The name of branch, tag or commit. |
|
||||
| `range[end]` | integer | yes | The last line of the range to blame. |
|
||||
| `range[start]` | integer | yes | The first line of the range to blame. |
|
||||
| `range` | hash | no | Blame range. |
|
||||
|
||||
```shell
|
||||
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/13083/repository/files/path%2Fto%2Ffile.rb/blame?ref=master"
|
||||
|
@ -142,7 +143,7 @@ Example response:
|
|||
```
|
||||
|
||||
NOTE:
|
||||
`HEAD` method return just file metadata as in [Get file from repository](repository_files.md#get-file-from-repository).
|
||||
`HEAD` method returns just file metadata, as in [Get file from repository](repository_files.md#get-file-from-repository).
|
||||
|
||||
```shell
|
||||
curl --head --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/13083/repository/files/path%2Fto%2Ffile.rb/blame?ref=master"
|
||||
|
@ -168,7 +169,8 @@ X-Gitlab-Execute-Filemode: false
|
|||
|
||||
### Examples
|
||||
|
||||
To request a blame range, specify `range[start]` and `range[end]` parameters with the start and end line numbers of the file.
|
||||
To request a blame range, specify `range[start]` and `range[end]` parameters with
|
||||
the starting and ending line numbers of the file.
|
||||
|
||||
```shell
|
||||
curl --head --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/13083/repository/files/path%2Fto%2Ffile.rb/blame?ref=master&range[start]=1&range[end]=2"
|
||||
|
@ -208,9 +210,9 @@ GET /projects/:id/repository/files/:file_path/raw
|
|||
```
|
||||
|
||||
| Attribute | Type | Required | Description |
|
||||
|-------------|----------------|----------|-----------------------------------------------------------------------------------------------------------------|
|
||||
| `id` | integer or string | yes | The ID or [URL-encoded path of the project](index.md#namespaced-path-encoding) owned by the authenticated user |
|
||||
| `file_path` | string | yes | URL encoded full path to new file. Ex. `lib%2Fclass%2Erb`. |
|
||||
|-------------|----------------|----------|------------|
|
||||
| `id` | integer or string | yes | The ID or [URL-encoded path of the project](index.md#namespaced-path-encoding) owned by the authenticated user. |
|
||||
| `file_path` | string | yes | URL-encoded full path to new file, such as `lib%2Fclass%2Erb`. |
|
||||
| `ref` | string | yes | The name of branch, tag or commit. Default is the `HEAD` of the project. |
|
||||
|
||||
```shell
|
||||
|
@ -218,13 +220,14 @@ curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/a
|
|||
```
|
||||
|
||||
NOTE:
|
||||
Like [Get file from repository](repository_files.md#get-file-from-repository) you can use `HEAD` to get just file metadata.
|
||||
Like [Get file from repository](repository_files.md#get-file-from-repository), you can use `HEAD` to get just file metadata.
|
||||
|
||||
## Create new file in repository
|
||||
|
||||
> The `execute_filemode` parameter was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/83499) in GitLab 14.10.
|
||||
|
||||
This allows you to create a single file. For creating multiple files with a single request see the [commits API](commits.md#create-a-commit-with-multiple-files-and-actions).
|
||||
Allows you to create a single file. For creating multiple files with a single request,
|
||||
refer to the [commits API](commits.md#create-a-commit-with-multiple-files-and-actions).
|
||||
|
||||
```plaintext
|
||||
POST /projects/:id/repository/files/:file_path
|
||||
|
@ -232,16 +235,16 @@ POST /projects/:id/repository/files/:file_path
|
|||
|
||||
| Attribute | Type | Required | Description |
|
||||
| ---------------- | -------------- | -------- | ----------- |
|
||||
| `id` | integer or string | yes | The ID or [URL-encoded path of the project](index.md#namespaced-path-encoding) owned by the authenticated user. |
|
||||
| `file_path` | string | yes | URL-encoded full path to new file. For example: `lib%2Fclass%2Erb`. |
|
||||
| `branch` | string | yes | Name of the new branch to create. The commit is added to this branch. |
|
||||
| `start_branch` | string | no | Name of the base branch to create the new branch from. |
|
||||
| `encoding` | string | no | Change encoding to `base64`. Default is `text`. |
|
||||
| `commit_message` | string | yes | The commit message. |
|
||||
| `content` | string | yes | The file's content. |
|
||||
| `file_path` | string | yes | URL-encoded full path to new file. For example: `lib%2Fclass%2Erb`. |
|
||||
| `id` | integer or string | yes | The ID or [URL-encoded path of the project](index.md#namespaced-path-encoding) owned by the authenticated user. |
|
||||
| `author_email` | string | no | The commit author's email address. |
|
||||
| `author_name` | string | no | The commit author's name. |
|
||||
| `content` | string | yes | The file's content. |
|
||||
| `commit_message` | string | yes | The commit message. |
|
||||
| `encoding` | string | no | Change encoding to `base64`. Default is `text`. |
|
||||
| `execute_filemode` | boolean | no | Enables or disables the `execute` flag on the file. Can be `true` or `false`. |
|
||||
| `start_branch` | string | no | Name of the base branch to create the new branch from. |
|
||||
|
||||
```shell
|
||||
curl --request POST --header 'PRIVATE-TOKEN: <your_access_token>' \
|
||||
|
@ -264,7 +267,8 @@ Example response:
|
|||
|
||||
> The `execute_filemode` parameter was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/83499) in GitLab 14.10.
|
||||
|
||||
This allows you to update a single file. For updating multiple files with a single request see the [commits API](commits.md#create-a-commit-with-multiple-files-and-actions).
|
||||
Allows you to update a single file. For updating multiple files with a single request,
|
||||
refer to the [commits API](commits.md#create-a-commit-with-multiple-files-and-actions).
|
||||
|
||||
```plaintext
|
||||
PUT /projects/:id/repository/files/:file_path
|
||||
|
@ -272,17 +276,17 @@ PUT /projects/:id/repository/files/:file_path
|
|||
|
||||
| Attribute | Type | Required | Description |
|
||||
| ---------------- | -------------- | -------- | ----------- |
|
||||
| `id` | integer or string | yes | The ID or [URL-encoded path of the project](index.md#namespaced-path-encoding) owned by the authenticated user |
|
||||
| `file_path` | string | yes | URL-encoded full path to new file. For example: `lib%2Fclass%2Erb`. |
|
||||
| `branch` | string | yes | Name of the new branch to create. The commit is added to this branch. |
|
||||
| `start_branch` | string | no | Name of the base branch to create the new branch from. |
|
||||
| `encoding` | string | no | Change encoding to `base64`. Default is `text`. |
|
||||
| `commit_message` | string | yes | The commit message. |
|
||||
| `content` | string | yes | The file's content. |
|
||||
| `file_path` | string | yes | URL-encoded full path to new file. For example: `lib%2Fclass%2Erb`. |
|
||||
| `id` | integer or string | yes | The ID or [URL-encoded path of the project](index.md#namespaced-path-encoding) owned by the authenticated user |
|
||||
| `author_email` | string | no | The commit author's email address. |
|
||||
| `author_name` | string | no | The commit author's name. |
|
||||
| `content` | string | yes | The file's content. |
|
||||
| `commit_message` | string | yes | The commit message. |
|
||||
| `last_commit_id` | string | no | Last known file commit ID. |
|
||||
| `encoding` | string | no | Change encoding to `base64`. Default is `text`. |
|
||||
| `execute_filemode` | boolean | no | Enables or disables the `execute` flag on the file. Can be `true` or `false`. |
|
||||
| `last_commit_id` | string | no | Last known file commit ID. |
|
||||
| `start_branch` | string | no | Name of the base branch to create the new branch from. |
|
||||
|
||||
```shell
|
||||
curl --request PUT --header 'PRIVATE-TOKEN: <your_access_token>' \
|
||||
|
@ -301,19 +305,19 @@ Example response:
|
|||
}
|
||||
```
|
||||
|
||||
If the commit fails for any reason we return a 400 error with a non-specific
|
||||
If the commit fails for any reason we return a `400 Bad Request` error with a non-specific
|
||||
error message. Possible causes for a failed commit include:
|
||||
|
||||
- the `file_path` contained `/../` (attempted directory traversal);
|
||||
- the new file contents were identical to the current file contents. That is, the
|
||||
user tried to make an empty commit;
|
||||
- the branch was updated by a Git push while the file edit was in progress.
|
||||
- The `file_path` contained `/../` (attempted directory traversal).
|
||||
- The commit was empty: new file contents were identical to the current file contents.
|
||||
- The branch was updated by `git push` while the file edit was in progress.
|
||||
|
||||
GitLab Shell has a boolean return code, preventing GitLab from specifying the error.
|
||||
[GitLab Shell](https://gitlab.com/gitlab-org/gitlab-shell/) has a boolean return code, preventing GitLab from specifying the error.
|
||||
|
||||
## Delete existing file in repository
|
||||
|
||||
This allows you to delete a single file. For deleting multiple files with a single request, see the [commits API](commits.md#create-a-commit-with-multiple-files-and-actions).
|
||||
This allows you to delete a single file. For deleting multiple files with a single request,
|
||||
refer to the [commits API](commits.md#create-a-commit-with-multiple-files-and-actions).
|
||||
|
||||
```plaintext
|
||||
DELETE /projects/:id/repository/files/:file_path
|
||||
|
@ -321,14 +325,14 @@ DELETE /projects/:id/repository/files/:file_path
|
|||
|
||||
| Attribute | Type | Required | Description |
|
||||
| ---------------- | -------------- | -------- | ----------- |
|
||||
| `id` | integer or string | yes | The ID or [URL-encoded path of the project](index.md#namespaced-path-encoding) owned by the authenticated user. |
|
||||
| `file_path` | string | yes | URL-encoded full path to new file. For example: `lib%2Fclass%2Erb`. |
|
||||
| `branch` | string | yes | Name of the new branch to create. The commit is added to this branch. |
|
||||
| `start_branch` | string | no | Name of the base branch to create the new branch from. |
|
||||
| `commit_message` | string | yes | The commit message. |
|
||||
| `file_path` | string | yes | URL-encoded full path to new file. For example: `lib%2Fclass%2Erb`. |
|
||||
| `id` | integer or string | yes | The ID or [URL-encoded path of the project](index.md#namespaced-path-encoding) owned by the authenticated user. |
|
||||
| `author_email` | string | no | The commit author's email address. |
|
||||
| `author_name` | string | no | The commit author's name. |
|
||||
| `commit_message` | string | yes | The commit message. |
|
||||
| `last_commit_id` | string | no | Last known file commit ID. |
|
||||
| `start_branch` | string | no | Name of the base branch to create the new branch from. |
|
||||
|
||||
```shell
|
||||
curl --request DELETE --header 'PRIVATE-TOKEN: <your_access_token>' \
|
||||
|
|
|
@ -25,7 +25,7 @@ Supported attributes:
|
|||
|
||||
| Attribute | Type | Required | Description |
|
||||
|:------------------|:--------|:---------|:----------------------|
|
||||
| `id` | integer | Yes | Return SAML identities for the given group ID. |
|
||||
| `id` | integer | Yes | Return SCIM identities for the given group ID. |
|
||||
|
||||
If successful, returns [`200`](index.md#status-codes) and the following
|
||||
response attributes:
|
||||
|
|
|
@ -510,6 +510,8 @@ Parameters:
|
|||
|
||||
Modifies an existing user. Only administrators can change attributes of a user.
|
||||
|
||||
The `email` field is the user's primary email address. You can only change this field to an already-added secondary email address for that user. To add more email addresses to the same user, use the [add email function](#add-email).
|
||||
|
||||
```plaintext
|
||||
PUT /users/:id
|
||||
```
|
||||
|
@ -1486,6 +1488,7 @@ Parameters:
|
|||
|
||||
Deletes email owned by currently authenticated user.
|
||||
This returns a `204 No Content` status code if the operation was successfully or `404` if the resource was not found.
|
||||
This cannot delete a primary email address.
|
||||
|
||||
```plaintext
|
||||
DELETE /user/emails/:email_id
|
||||
|
@ -1499,7 +1502,11 @@ Parameters:
|
|||
|
||||
## Delete email for given user **(FREE SELF)**
|
||||
|
||||
Deletes email owned by a specified user. Available only for administrator.
|
||||
Prerequisite:
|
||||
|
||||
- You must be an administrator of a self-managed GitLab instance.
|
||||
|
||||
Deletes an email address owned by a specified user. This cannot delete a primary email address.
|
||||
|
||||
```plaintext
|
||||
DELETE /users/:id/emails/:email_id
|
||||
|
|
|
@ -31,7 +31,7 @@ To request access to ChatOps on GitLab.com:
|
|||
|
||||
1. Comment in your onboarding issue, and tag your onboarding buddy and your manager.
|
||||
Request they add you to the `ops` ChatOps project by running this command
|
||||
in the `#chat-ops-test` Slack channel, replacing `<username>` with your username:
|
||||
in the `#chat-ops-test` Slack channel, replacing `<username>` with your GitLab.com username:
|
||||
`/chatops run member add <username> gitlab-com/chatops --ops`
|
||||
|
||||
```plaintext
|
||||
|
|
|
@ -83,7 +83,7 @@ For configuration removals, see the [Omnibus deprecation policy](../../administr
|
|||
|
||||
For versioning and upgrade details, see our [Release and Maintenance policy](../../policy/maintenance.md).
|
||||
|
||||
## Update the deprecations and removals documentation
|
||||
## Update the deprecations and removals documentation pages
|
||||
|
||||
The [deprecations](../../update/deprecations.md) and [removals](../../update/removals.md)
|
||||
documentation is generated from the YAML files located in
|
||||
|
@ -131,3 +131,7 @@ Related Handbook pages:
|
|||
|
||||
- <https://about.gitlab.com/handbook/marketing/blog/release-posts/#deprecations-removals-and-breaking-changes>
|
||||
- <https://about.gitlab.com/handbook/marketing/blog/release-posts/#update-the-deprecations-and-removals-docs>
|
||||
|
||||
## Update the related documentation
|
||||
|
||||
When features are deprecated and removed, [update the related documentation](../documentation/versions.md#deprecations-and-removals).
|
||||
|
|
|
@ -129,7 +129,7 @@ To deprecate an attribute:
|
|||
```
|
||||
|
||||
To widely announce a deprecation, or if it's a breaking change,
|
||||
[update the deprecations and removals documentation](../deprecation_guidelines/index.md#update-the-deprecations-and-removals-documentation).
|
||||
[update the deprecations and removals documentation pages](../deprecation_guidelines/index.md#update-the-deprecations-and-removals-documentation-pages).
|
||||
|
||||
## Method description
|
||||
|
||||
|
|
|
@ -16,6 +16,8 @@ Currently, IaC scanning supports configuration files for Terraform, Ansible, AWS
|
|||
|
||||
IaC Scanning runs in the `test` stage, which is available by default. If you redefine the stages in the `.gitlab-ci.yml` file, the `test` stage is required.
|
||||
|
||||
We recommend a minimum of 4GB RAM to ensure consistent performance.
|
||||
|
||||
To run IaC scanning jobs, by default, you need GitLab Runner with the
|
||||
[`docker`](https://docs.gitlab.com/runner/executors/docker.html) or
|
||||
[`kubernetes`](https://docs.gitlab.com/runner/install/kubernetes.html) executor.
|
||||
|
@ -33,7 +35,7 @@ is **not** `19.03.0`. See [troubleshooting information](../sast/index.md#error-r
|
|||
GitLab IaC scanning supports a variety of IaC configuration files. Our IaC security scanners also feature automatic language detection which works even for mixed-language projects. If any supported configuration files are detected in project source code we automatically run the appropriate IaC analyzers.
|
||||
|
||||
| Configuration File Type | Scan tool | Introduced in GitLab Version |
|
||||
|------------------------------------------|----------------------------------|-------------------------------|
|
||||
| ----------------------------------- | ------------------------ | ---------------------------- |
|
||||
| Ansible | [KICS](https://kics.io/) | 14.5 |
|
||||
| AWS CloudFormation | [KICS](https://kics.io/) | 14.5 |
|
||||
| Azure Resource Manager <sup>1</sup> | [KICS](https://kics.io/) | 14.5 |
|
||||
|
@ -77,7 +79,7 @@ Different features are available in different [GitLab tiers](https://about.gitla
|
|||
as shown in the following table:
|
||||
|
||||
| Capability | In Free & Premium | In Ultimate |
|
||||
|:----------------------------------------------------------------|:--------------------|:-------------------|
|
||||
| :-------------------------------------------------------------- | :------------------ | :----------------- |
|
||||
| [Configure IaC scanner](#configuration) | **{check-circle}** | **{check-circle}** |
|
||||
| Download [JSON Report](#reports-json-format) | **{check-circle}** | **{check-circle}** |
|
||||
| See new findings in merge request widget | **{dotted-circle}** | **{check-circle}** |
|
||||
|
|
|
@ -12,7 +12,7 @@ Static Application Security Testing (SAST) uses analyzers
|
|||
to detect vulnerabilities in source code. Each analyzer is a wrapper around a [scanner](../terminology/index.md#scanner), a third-party code analysis tool.
|
||||
|
||||
The analyzers are published as Docker images that SAST uses to launch dedicated containers for each
|
||||
analysis.
|
||||
analysis. We recommend a minimum of 4GB RAM to ensure consistent performance of the analyzers.
|
||||
|
||||
SAST default images are maintained by GitLab, but you can also integrate your own custom image.
|
||||
|
||||
|
@ -26,11 +26,8 @@ For each scanner, an analyzer:
|
|||
|
||||
SAST supports the following official analyzers:
|
||||
|
||||
- [`bandit`](https://gitlab.com/gitlab-org/security-products/analyzers/bandit) (Bandit)
|
||||
- [`brakeman`](https://gitlab.com/gitlab-org/security-products/analyzers/brakeman) (Brakeman)
|
||||
- [`eslint`](https://gitlab.com/gitlab-org/security-products/analyzers/eslint) (ESLint (JavaScript and React))
|
||||
- [`flawfinder`](https://gitlab.com/gitlab-org/security-products/analyzers/flawfinder) (Flawfinder)
|
||||
- [`gosec`](https://gitlab.com/gitlab-org/security-products/analyzers/gosec) (Gosec)
|
||||
- [`kubesec`](https://gitlab.com/gitlab-org/security-products/analyzers/kubesec) (Kubesec)
|
||||
- [`mobsf`](https://gitlab.com/gitlab-org/security-products/analyzers/mobsf) (MobSF (beta))
|
||||
- [`nodejs-scan`](https://gitlab.com/gitlab-org/security-products/analyzers/nodejs-scan) (NodeJsScan)
|
||||
|
@ -41,6 +38,12 @@ SAST supports the following official analyzers:
|
|||
- [`sobelow`](https://gitlab.com/gitlab-org/security-products/analyzers/sobelow) (Sobelow (Elixir Phoenix))
|
||||
- [`spotbugs`](https://gitlab.com/gitlab-org/security-products/analyzers/spotbugs) (SpotBugs with the Find Sec Bugs plugin (Ant, Gradle and wrapper, Grails, Maven and wrapper, SBT))
|
||||
|
||||
SAST has used other analyzers in previous versions. These analyzers reached End of Support status and do not receive updates:
|
||||
|
||||
- [`bandit`](https://gitlab.com/gitlab-org/security-products/analyzers/bandit) (Bandit); [End of Support](https://gitlab.com/gitlab-org/gitlab/-/issues/352554) in GitLab 15.4. Replaced by the `semgrep` analyzer with GitLab-managed rules.
|
||||
- [`eslint`](https://gitlab.com/gitlab-org/security-products/analyzers/eslint) (ESLint (JavaScript and React)); [End of Support](https://gitlab.com/gitlab-org/gitlab/-/issues/352554) in GitLab 15.4. Replaced by the `semgrep` analyzer with GitLab-managed rules.
|
||||
- [`gosec`](https://gitlab.com/gitlab-org/security-products/analyzers/gosec) (Gosec); [End of Support](https://gitlab.com/gitlab-org/gitlab/-/issues/352554) in GitLab 15.4. Replaced by the `semgrep` analyzer with GitLab-managed rules.
|
||||
|
||||
## SAST analyzer features
|
||||
|
||||
For an analyzer to be considered Generally Available, it is expected to minimally
|
||||
|
@ -126,16 +129,16 @@ You can see how Semgrep-based scanning will work in your projects before the Git
|
|||
We recommend that you test this change in a merge request but continue using the Stable template in your default branch pipeline configuration.
|
||||
|
||||
In GitLab 15.3, we [activated a feature flag](https://gitlab.com/gitlab-org/gitlab/-/issues/362179) to migrate security findings on the default branch from other analyzers to Semgrep.
|
||||
We plan to [plan to remove the deprecated analyzers](https://gitlab.com/gitlab-org/gitlab/-/issues/352554) from the Stable CI/CD template in GitLab 15.4.
|
||||
In GitLab 15.4, we [removed the deprecated analyzers](https://gitlab.com/gitlab-org/gitlab/-/issues/352554) from the Stable CI/CD template.
|
||||
|
||||
To preview the upcoming changes to the CI/CD configuration:
|
||||
To preview the upcoming changes to the CI/CD configuration in GitLab 15.3 or earlier:
|
||||
|
||||
1. Open an MR to switch from the Stable CI/CD template, `SAST.gitlab-ci.yaml`, to [the Latest template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/SAST.latest.gitlab-ci.yml), `SAST.latest.gitlab-ci.yaml`.
|
||||
- On GitLab.com, use the latest template directly:
|
||||
|
||||
```yaml
|
||||
include:
|
||||
template: 'SAST.latest.gitlab-ci.yaml'
|
||||
template: 'Jobs/SAST.latest.gitlab-ci.yaml'
|
||||
```
|
||||
|
||||
- On a Self-Managed instance, download the template from GitLab.com:
|
||||
|
@ -169,8 +172,8 @@ This variable affects all Secure analyzers, not just the analyzers for SAST.
|
|||
To have GitLab download the analyzers' images from a custom Docker registry, define the prefix with
|
||||
the `SECURE_ANALYZERS_PREFIX` CI/CD variable.
|
||||
|
||||
For example, the following instructs SAST to pull `my-docker-registry/gitlab-images/bandit` instead
|
||||
of `registry.gitlab.com/security-products/bandit`:
|
||||
For example, the following instructs SAST to pull `my-docker-registry/gitlab-images/semgrep` instead
|
||||
of `registry.gitlab.com/security-products/semgrep`:
|
||||
|
||||
```yaml
|
||||
include:
|
||||
|
@ -206,14 +209,14 @@ source code languages detected. However, you can disable select analyzers.
|
|||
To disable select analyzers, set the CI/CD variable `SAST_EXCLUDED_ANALYZERS` to a comma-delimited
|
||||
string listing the analyzers that you want to prevent running.
|
||||
|
||||
For example, to disable the `eslint` analyzer:
|
||||
For example, to disable the `spotbugs` analyzer:
|
||||
|
||||
```yaml
|
||||
include:
|
||||
- template: Security/SAST.gitlab-ci.yml
|
||||
|
||||
variables:
|
||||
SAST_EXCLUDED_ANALYZERS: "eslint"
|
||||
SAST_EXCLUDED_ANALYZERS: "spotbugs"
|
||||
```
|
||||
|
||||
### Custom analyzers
|
||||
|
@ -249,7 +252,7 @@ Each analyzer provides data about the vulnerabilities it detects. The following
|
|||
data available from each analyzer. The values provided by these tools are heterogeneous so they are sometimes
|
||||
normalized into common values, for example, `severity` and `confidence`.
|
||||
|
||||
| Property / tool | Apex | Bandit | Brakeman | ESLint security | SpotBugs | Flawfinder | Gosec | Kubesec Scanner | MobSF | NodeJsScan | PHP CS Security Audit | Security code Scan (.NET) | Semgrep | Sobelow |
|
||||
| Property / tool | Apex | Bandit<sup>1</sup> | Brakeman | ESLint security<sup>1</sup> | SpotBugs | Flawfinder | Gosec<sup>1</sup> | Kubesec Scanner | MobSF | NodeJsScan | PHP CS Security Audit | Security code Scan (.NET) | Semgrep | Sobelow |
|
||||
|--------------------------------|------|--------|----------|-----------------|----------|------------|-------|-----------------|-------|------------|-----------------------|---------------------------|---------|---------|
|
||||
| Affected item (for example, class or package) | ✓ | ✗ | ✓ | ✗ | ✓ | ✓ | ✗ | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ |
|
||||
| Confidence | ✗ | ✓ | ✓ | ✗ | ✓ | x | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ | ⚠ | ✓ |
|
||||
|
@ -271,3 +274,5 @@ normalized into common values, for example, `severity` and `confidence`.
|
|||
- ✓ => Data is available.
|
||||
- ⚠ => Data is available, but it's partially reliable, or it has to be extracted from unstructured content.
|
||||
- ✗ => Data is not available or it would require specific, inefficient or unreliable, logic to obtain it.
|
||||
|
||||
1. This analyzer has reached [End of Support](https://about.gitlab.com/handbook/product/gitlab-the-product/#end-of-support). For more information, see the [SAST analyzers](#sast-analyzers) section.
|
||||
|
|
|
@ -83,14 +83,14 @@ You can also [view our language roadmap](https://about.gitlab.com/direction/secu
|
|||
| C | [Semgrep](https://semgrep.dev) | 14.2 |
|
||||
| C/C++ | [Flawfinder](https://github.com/david-a-wheeler/flawfinder) | 10.7 |
|
||||
| Elixir (Phoenix) | [Sobelow](https://github.com/nccgroup/sobelow) | 11.1 |
|
||||
| Go | [Gosec](https://github.com/securego/gosec) | 10.7 |
|
||||
| Go<sup>3</sup> | [Gosec](https://github.com/securego/gosec) | 10.7 |
|
||||
| Go | [Semgrep](https://semgrep.dev) | 14.4 |
|
||||
| Groovy<sup>2</sup> | [SpotBugs](https://spotbugs.github.io/) with the [find-sec-bugs](https://find-sec-bugs.github.io/) plugin | 11.3 (Gradle) & 11.9 (Maven, SBT) |
|
||||
| Helm Charts | [Kubesec](https://github.com/controlplaneio/kubesec) | 13.1 |
|
||||
| Java (any build system) | [Semgrep](https://semgrep.dev) | 14.10 |
|
||||
| Java<sup>2</sup> | [SpotBugs](https://spotbugs.github.io/) with the [find-sec-bugs](https://find-sec-bugs.github.io/) plugin | 10.6 (Maven), 10.8 (Gradle) & 11.9 (SBT) |
|
||||
| Java<sup>2, 3</sup> | [SpotBugs](https://spotbugs.github.io/) with the [find-sec-bugs](https://find-sec-bugs.github.io/) plugin | 10.6 (Maven), 10.8 (Gradle) & 11.9 (SBT) |
|
||||
| Java (Android) | [MobSF (beta)](https://github.com/MobSF/Mobile-Security-Framework-MobSF) | 13.5 |
|
||||
| JavaScript | [ESLint security plugin](https://github.com/nodesecurity/eslint-plugin-security) | 11.8 |
|
||||
| JavaScript<sup>3</sup> | [ESLint security plugin](https://github.com/nodesecurity/eslint-plugin-security) | 11.8 |
|
||||
| JavaScript | [Semgrep](https://semgrep.dev) | 13.10 |
|
||||
| Kotlin (Android) | [MobSF (beta)](https://github.com/MobSF/Mobile-Security-Framework-MobSF) | 13.5 |
|
||||
| Kotlin (General)<sup>2</sup> | [SpotBugs](https://spotbugs.github.io/) with the [find-sec-bugs](https://find-sec-bugs.github.io/) plugin | 13.11 |
|
||||
|
@ -98,15 +98,15 @@ You can also [view our language roadmap](https://about.gitlab.com/direction/secu
|
|||
| Node.js | [NodeJsScan](https://github.com/ajinabraham/NodeJsScan) | 11.1 |
|
||||
| Objective-C (iOS) | [MobSF (beta)](https://github.com/MobSF/Mobile-Security-Framework-MobSF) | 13.5 |
|
||||
| PHP | [phpcs-security-audit](https://github.com/FloeDesignTechnologies/phpcs-security-audit) | 10.8 |
|
||||
| Python ([pip](https://pip.pypa.io/en/stable/)) | [bandit](https://github.com/PyCQA/bandit) | 10.3 |
|
||||
| Python<sup>3</sup> | [bandit](https://github.com/PyCQA/bandit) | 10.3 |
|
||||
| Python | [Semgrep](https://semgrep.dev) | 13.9 |
|
||||
| React | [ESLint react plugin](https://github.com/yannickcr/eslint-plugin-react) | 12.5 |
|
||||
| React<sup>3</sup> | [ESLint react plugin](https://github.com/yannickcr/eslint-plugin-react) | 12.5 |
|
||||
| React | [Semgrep](https://semgrep.dev) | 13.10 |
|
||||
| Ruby | [brakeman](https://brakemanscanner.org) | 13.9 |
|
||||
| Ruby on Rails | [brakeman](https://brakemanscanner.org) | 10.3 |
|
||||
| Scala<sup>2</sup> | [SpotBugs](https://spotbugs.github.io/) with the [find-sec-bugs](https://find-sec-bugs.github.io/) plugin | 11.0 (SBT) & 11.9 (Gradle, Maven) |
|
||||
| Swift (iOS) | [MobSF (beta)](https://github.com/MobSF/Mobile-Security-Framework-MobSF) | 13.5 |
|
||||
| TypeScript | [ESLint security plugin](https://github.com/nodesecurity/eslint-plugin-security) | 11.9, [merged](https://gitlab.com/gitlab-org/gitlab/-/issues/36059) with ESLint in 13.2 |
|
||||
| TypeScript<sup>3</sup> | [ESLint security plugin](https://github.com/nodesecurity/eslint-plugin-security) | 11.9, [merged](https://gitlab.com/gitlab-org/gitlab/-/issues/36059) with ESLint in 13.2 |
|
||||
| TypeScript | [Semgrep](https://semgrep.dev) | 13.10 |
|
||||
|
||||
1. .NET 4 support is limited. The analyzer runs in a Linux container and does not have access to Windows-specific libraries or features. Use the Semgrep-based scanner if you need .NET 4 support.
|
||||
|
@ -114,6 +114,7 @@ You can also [view our language roadmap](https://about.gitlab.com/direction/secu
|
|||
[Gradle wrapper](https://docs.gradle.org/current/userguide/gradle_wrapper.html),
|
||||
[Grails](https://grails.org/),
|
||||
and the [Maven wrapper](https://github.com/takari/maven-wrapper). However, SpotBugs has [limitations](https://gitlab.com/gitlab-org/gitlab/-/issues/350801) when used against [Ant](https://ant.apache.org/)-based projects. We recommend using the Semgrep-based analyzer for Ant-based Java projects.
|
||||
1. These analyzers reached [End of Support](https://about.gitlab.com/handbook/product/gitlab-the-product/#end-of-support) status [in GitLab 15.4](https://gitlab.com/gitlab-org/gitlab/-/issues/352554).
|
||||
|
||||
### Multi-project support
|
||||
|
||||
|
@ -473,8 +474,8 @@ All customization of GitLab security scanning tools should be tested in a merge
|
|||
merging these changes to the default branch. Failure to do so can give unexpected results,
|
||||
including a large number of false positives.
|
||||
|
||||
The following example includes the SAST template to override the `SAST_GOSEC_LEVEL`
|
||||
variable to `2`. The template is [evaluated before](../../../ci/yaml/index.md#include) the pipeline
|
||||
The following example includes the SAST template to override the `SEARCH_MAX_DEPTH`
|
||||
variable to `10`. The template is [evaluated before](../../../ci/yaml/index.md#include) the pipeline
|
||||
configuration, so the last mention of the variable takes precedence.
|
||||
|
||||
```yaml
|
||||
|
@ -482,7 +483,7 @@ include:
|
|||
- template: Security/SAST.gitlab-ci.yml
|
||||
|
||||
variables:
|
||||
SAST_GOSEC_LEVEL: 2
|
||||
SEARCH_MAX_DEPTH: 10
|
||||
```
|
||||
|
||||
#### Logging level
|
||||
|
@ -536,10 +537,10 @@ Some analyzers make it possible to filter out vulnerabilities under a given thre
|
|||
|------------------------------|--------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| `SAST_EXCLUDED_PATHS` | `spec, test, tests, tmp` | Exclude vulnerabilities from output based on the paths. This is a comma-separated list of patterns. Patterns can be globs (see [`doublestar.Match`](https://pkg.go.dev/github.com/bmatcuk/doublestar/v4@v4.0.2#Match) for supported patterns), or file or folder paths (for example, `doc,spec`). Parent directories also match patterns. You might need to exclude temporary directories used by your build tool as these can generate false positives. To exclude paths, copy and paste the default excluded paths, then **add** your own paths to be excluded. If you don't specify the default excluded paths, you will override the defaults and _only_ paths you specify will be excluded from the SAST scans. |
|
||||
| `SEARCH_MAX_DEPTH` | 4 | SAST searches the repository to detect the programming languages used, and selects the matching analyzers. Set the value of `SEARCH_MAX_DEPTH` to specify how many directory levels the search phase should span. After the analyzers have been selected, the _entire_ repository is analyzed. |
|
||||
| `SAST_BANDIT_EXCLUDED_PATHS` | | Comma-separated list of paths to exclude from scan. Uses Python's [`fnmatch` syntax](https://docs.python.org/2/library/fnmatch.html); For example: `'*/tests/*, */venv/*'` |
|
||||
| `SAST_BANDIT_EXCLUDED_PATHS` | | Comma-separated list of paths to exclude from scan. Uses Python's [`fnmatch` syntax](https://docs.python.org/2/library/fnmatch.html); For example: `'*/tests/*, */venv/*'`. [Removed](https://gitlab.com/gitlab-org/gitlab/-/issues/352554) in GitLab 15.4. |
|
||||
| `SAST_BRAKEMAN_LEVEL` | 1 | Ignore Brakeman vulnerabilities under given confidence level. Integer, 1=Low 3=High. |
|
||||
| `SAST_FLAWFINDER_LEVEL` | 1 | Ignore Flawfinder vulnerabilities under given risk level. Integer, 0=No risk, 5=High risk. |
|
||||
| `SAST_GOSEC_LEVEL` | 0 | Ignore Gosec vulnerabilities under given confidence level. Integer, 0=Undefined, 1=Low, 2=Medium, 3=High. |
|
||||
| `SAST_GOSEC_LEVEL` | 0 | Ignore Gosec vulnerabilities under given confidence level. Integer, 0=Undefined, 1=Low, 2=Medium, 3=High. [Removed](https://gitlab.com/gitlab-org/gitlab/-/issues/352554) in GitLab 15.4. |
|
||||
|
||||
#### Analyzer settings
|
||||
|
||||
|
@ -664,11 +665,8 @@ import the following default SAST analyzer images from `registry.gitlab.com` int
|
|||
[local Docker container registry](../../packages/container_registry/index.md):
|
||||
|
||||
```plaintext
|
||||
registry.gitlab.com/security-products/bandit:2
|
||||
registry.gitlab.com/security-products/brakeman:2
|
||||
registry.gitlab.com/security-products/eslint:2
|
||||
registry.gitlab.com/security-products/flawfinder:2
|
||||
registry.gitlab.com/security-products/gosec:3
|
||||
registry.gitlab.com/security-products/kubesec:2
|
||||
registry.gitlab.com/security-products/nodejs-scan:2
|
||||
registry.gitlab.com/security-products/phpcs-security-audit:2
|
||||
|
@ -694,11 +692,11 @@ Support for custom certificate authorities was introduced in the following versi
|
|||
|
||||
| Analyzer | Version |
|
||||
| -------- | ------- |
|
||||
| `bandit` | [v2.3.0](https://gitlab.com/gitlab-org/security-products/analyzers/bandit/-/releases/v2.3.0) |
|
||||
| `bandit`<sup>1</sup> | [v2.3.0](https://gitlab.com/gitlab-org/security-products/analyzers/bandit/-/releases/v2.3.0) |
|
||||
| `brakeman` | [v2.1.0](https://gitlab.com/gitlab-org/security-products/analyzers/brakeman/-/releases/v2.1.0) |
|
||||
| `eslint` | [v2.9.2](https://gitlab.com/gitlab-org/security-products/analyzers/eslint/-/releases/v2.9.2) |
|
||||
| `eslint`<sup>1</sup> | [v2.9.2](https://gitlab.com/gitlab-org/security-products/analyzers/eslint/-/releases/v2.9.2) |
|
||||
| `flawfinder` | [v2.3.0](https://gitlab.com/gitlab-org/security-products/analyzers/flawfinder/-/releases/v2.3.0) |
|
||||
| `gosec` | [v2.5.0](https://gitlab.com/gitlab-org/security-products/analyzers/gosec/-/releases/v2.5.0) |
|
||||
| `gosec`<sup>1</sup> | [v2.5.0](https://gitlab.com/gitlab-org/security-products/analyzers/gosec/-/releases/v2.5.0) |
|
||||
| `kubesec` | [v2.1.0](https://gitlab.com/gitlab-org/security-products/analyzers/kubesec/-/releases/v2.1.0) |
|
||||
| `nodejs-scan` | [v2.9.5](https://gitlab.com/gitlab-org/security-products/analyzers/nodejs-scan/-/releases/v2.9.5) |
|
||||
| `phpcs-security-audit` | [v2.8.2](https://gitlab.com/gitlab-org/security-products/analyzers/phpcs-security-audit/-/releases/v2.8.2) |
|
||||
|
@ -708,6 +706,8 @@ Support for custom certificate authorities was introduced in the following versi
|
|||
| `sobelow` | [v2.2.0](https://gitlab.com/gitlab-org/security-products/analyzers/sobelow/-/releases/v2.2.0) |
|
||||
| `spotbugs` | [v2.7.1](https://gitlab.com/gitlab-org/security-products/analyzers/spotbugs/-/releases/v2.7.1) |
|
||||
|
||||
1. These analyzers were deprecated in GitLab 14.8 and [reached End of Support](https://gitlab.com/gitlab-org/gitlab/-/issues/352554) in GitLab 15.4.
|
||||
|
||||
### Set SAST CI/CD variables to use local SAST analyzers
|
||||
|
||||
Add the following configuration to your `.gitlab-ci.yml` file. You must replace
|
||||
|
|
|
@ -12,7 +12,7 @@ gem 'rspec', '~> 3.11'
|
|||
gem 'selenium-webdriver', '~> 4.5'
|
||||
gem 'airborne', '~> 0.3.7', require: false # airborne is messing with rspec sandboxed mode so not requiring by default
|
||||
gem 'rest-client', '~> 2.1.0'
|
||||
gem 'rspec-retry', '~> 0.6.1', require: 'rspec/retry'
|
||||
gem 'rspec-retry', '~> 0.6.2', require: 'rspec/retry'
|
||||
gem 'rspec_junit_formatter', '~> 0.6.0'
|
||||
gem 'faker', '~> 2.23'
|
||||
gem 'knapsack', '~> 4.0'
|
||||
|
@ -36,7 +36,7 @@ gem "warning", "~> 1.3"
|
|||
gem 'confiner', '~> 0.3'
|
||||
|
||||
gem 'chemlab', '~> 0.10'
|
||||
gem 'chemlab-library-www-gitlab-com', '~> 0.1'
|
||||
gem 'chemlab-library-www-gitlab-com', '~> 0.1', '>= 0.1.1'
|
||||
|
||||
# dependencies for jenkins client
|
||||
gem 'nokogiri', '~> 1.13', '>= 1.13.9'
|
||||
|
|
|
@ -307,7 +307,7 @@ DEPENDENCIES
|
|||
capybara (~> 3.37.1)
|
||||
capybara-screenshot (~> 1.0.26)
|
||||
chemlab (~> 0.10)
|
||||
chemlab-library-www-gitlab-com (~> 0.1)
|
||||
chemlab-library-www-gitlab-com (~> 0.1, >= 0.1.1)
|
||||
confiner (~> 0.3)
|
||||
deprecation_toolkit (~> 2.0.0)
|
||||
faker (~> 2.23)
|
||||
|
@ -328,7 +328,7 @@ DEPENDENCIES
|
|||
rotp (~> 6.2.0)
|
||||
rspec (~> 3.11)
|
||||
rspec-parameterized (~> 0.5.2)
|
||||
rspec-retry (~> 0.6.1)
|
||||
rspec-retry (~> 0.6.2)
|
||||
rspec_junit_formatter (~> 0.6.0)
|
||||
ruby-debug-ide (~> 0.7.3)
|
||||
selenium-webdriver (~> 4.5)
|
||||
|
|
|
@ -3,6 +3,8 @@
|
|||
module QA
|
||||
# Spec uses real github.com, which means outage of github.com can actually block deployment
|
||||
# Keep spec in reliable bucket but don't run in blocking pipelines
|
||||
#
|
||||
# https://github.com/gitlab-qa-github/import-test <- project under test
|
||||
RSpec.describe 'Manage', :github, :reliable, :skip_live_env, :requires_admin, product_group: :import do
|
||||
describe 'Project import', issue: 'https://gitlab.com/gitlab-org/gitlab/-/issues/353583' do
|
||||
let!(:api_client) { Runtime::API::Client.as_admin }
|
||||
|
@ -14,13 +16,15 @@ module QA
|
|||
end
|
||||
end
|
||||
|
||||
let!(:user_api_client) { Runtime::API::Client.new(user: user) }
|
||||
|
||||
let(:imported_project) do
|
||||
Resource::ProjectImportedFromGithub.fabricate_via_api! do |project|
|
||||
project.name = 'imported-project'
|
||||
project.group = group
|
||||
project.github_personal_access_token = Runtime::Env.github_access_token
|
||||
project.github_repository_path = 'gitlab-qa-github/import-test'
|
||||
project.api_client = Runtime::API::Client.new(user: user)
|
||||
project.api_client = user_api_client
|
||||
project.issue_events_import = true
|
||||
project.full_notes_import = true
|
||||
end
|
||||
|
@ -50,6 +54,7 @@ module QA
|
|||
verify_milestones_import
|
||||
verify_wikis_import
|
||||
verify_merge_requests_import
|
||||
verify_release_import
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -107,18 +112,6 @@ module QA
|
|||
)
|
||||
end
|
||||
|
||||
def verify_issues_import
|
||||
issues = imported_project.issues
|
||||
|
||||
expect(issues.length).to eq(1)
|
||||
expect(issues.first).to include(
|
||||
title: 'Test issue',
|
||||
description: "*Created by: gitlab-qa-github*\n\nTest issue description",
|
||||
labels: ['good first issue', 'help wanted', 'question'],
|
||||
user_notes_count: 2
|
||||
)
|
||||
end
|
||||
|
||||
def verify_milestones_import
|
||||
milestones = imported_project.milestones
|
||||
|
||||
|
@ -133,14 +126,47 @@ module QA
|
|||
expect(wikis.first).to include(title: 'Home', format: 'markdown')
|
||||
end
|
||||
|
||||
def verify_issues_import
|
||||
issues = imported_project.issues
|
||||
issue = Resource::Issue.init do |resource|
|
||||
resource.project = imported_project
|
||||
resource.iid = issues.first[:iid]
|
||||
resource.api_client = user_api_client
|
||||
end.reload!
|
||||
comments, events = fetch_events_and_comments(issue)
|
||||
|
||||
expect(issues.length).to eq(1)
|
||||
expect(issue.api_resource).to include(
|
||||
title: 'Test issue',
|
||||
description: "*Created by: gitlab-qa-github*\n\nTest issue description",
|
||||
labels: ['good first issue', 'help wanted', 'question']
|
||||
)
|
||||
expect(comments).to match_array(
|
||||
[
|
||||
"*Created by: gitlab-qa-github*\n\nSome test comment",
|
||||
"*Created by: gitlab-qa-github*\n\nAnother test comment"
|
||||
]
|
||||
)
|
||||
expect(events).to match_array(
|
||||
[
|
||||
{ name: "add_label", label: "question" },
|
||||
{ name: "add_label", label: "good first issue" },
|
||||
{ name: "add_label", label: "help wanted" },
|
||||
{ name: "add_milestone", label: "0.0.1" },
|
||||
{ name: "closed" },
|
||||
{ name: "reopened" }
|
||||
]
|
||||
)
|
||||
end
|
||||
|
||||
def verify_merge_requests_import
|
||||
merge_requests = imported_project.merge_requests
|
||||
merge_request = Resource::MergeRequest.init do |mr|
|
||||
mr.project = imported_project
|
||||
mr.iid = merge_requests.first[:iid]
|
||||
mr.api_client = api_client
|
||||
mr.api_client = user_api_client
|
||||
end.reload!
|
||||
mr_comments = merge_request.comments.map { |comment| comment[:body] }
|
||||
comments, events = fetch_events_and_comments(merge_request)
|
||||
|
||||
expect(merge_requests.length).to eq(1)
|
||||
expect(merge_request.api_resource).to include(
|
||||
|
@ -149,17 +175,49 @@ module QA
|
|||
target_branch: 'main',
|
||||
source_branch: 'gitlab-qa-github-patch-1',
|
||||
labels: %w[documentation],
|
||||
description: <<~DSC.strip
|
||||
*Created by: gitlab-qa-github*\n\nTest pull request body
|
||||
DSC
|
||||
description: "*Created by: gitlab-qa-github*\n\nTest pull request body"
|
||||
)
|
||||
expect(mr_comments).to match_array(
|
||||
expect(comments).to match_array(
|
||||
[
|
||||
"*Created by: gitlab-qa-github*\n\n**Review:** Commented\n\nGood but needs some improvement",
|
||||
"*Created by: gitlab-qa-github*\n\n```suggestion:-0+0\nProject for GitHub import test to GitLab\r\n```",
|
||||
"*Created by: gitlab-qa-github*\n\nSome test PR comment"
|
||||
]
|
||||
)
|
||||
expect(events).to match_array(
|
||||
[
|
||||
{ name: "add_label", label: "documentation" },
|
||||
{ name: "add_milestone", label: "0.0.1" }
|
||||
]
|
||||
)
|
||||
end
|
||||
|
||||
def verify_release_import
|
||||
releases = imported_project.releases
|
||||
|
||||
expect(releases.length).to eq(1)
|
||||
expect(releases.first).to include(
|
||||
tag_name: "0.0.1",
|
||||
name: "0.0.1",
|
||||
description: "Initial release",
|
||||
created_at: "2022-03-07T07:59:22.000Z",
|
||||
released_at: "2022-03-07T08:02:09.000Z"
|
||||
)
|
||||
end
|
||||
|
||||
# Fetch events and comments from issue or mr
|
||||
#
|
||||
# @param [QA::Resource::Issuable] issuable
|
||||
# @return [Array]
|
||||
def fetch_events_and_comments(issuable)
|
||||
comments = issuable.comments.map { |comment| comment[:body] }
|
||||
events = [
|
||||
*issuable.label_events.map { |e| { name: "#{e[:action]}_label", label: e.dig(:label, :name) } },
|
||||
*issuable.state_events.map { |e| { name: e[:state] } },
|
||||
*issuable.milestone_events.map { |e| { name: "#{e[:action]}_milestone", label: e.dig(:milestone, :title) } }
|
||||
]
|
||||
|
||||
[comments, events]
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue