kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Add latest changes from gitlab-org/gitlab@master

Browse source
This commit is contained in:
GitLab Bot 2022-06-10 21:09:35 +00:00
parent 2f7719abdf
commit 6ae4485274
33 changed files with 224 additions and 88 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.rubocop.yml
View file

@ -13,6 +13,8 @@ inherit_from:
<% end %>
- '.rubocop_todo.yml'
<% end %>
<%# See https://gitlab.com/gitlab-org/gitlab/-/issues/321982#rubymine-note for context on why namespaced_class has special handling here %>
- ./.rubocop_todo/gitlab/namespaced_class.yml
- ./rubocop/rubocop-migrations.yml
- ./rubocop/rubocop-usage-data.yml
- ./rubocop/rubocop-code_reuse.yml

4
app/controllers/projects/usage_quotas_controller.rb
View file

@ -3,10 +3,6 @@
class Projects::UsageQuotasController < Projects::ApplicationController
before_action :authorize_read_usage_quotas!
before_action do
push_frontend_feature_flag(:container_registry_project_statistics, project)
end
layout "project_settings"
feature_category :utilization

1
app/models/container_registry/event.rb
View file

@ -76,7 +76,6 @@ module ContainerRegistry
return unless supported?
return unless target_tag?
return unless project
return unless Feature.enabled?(:container_registry_project_statistics, project)
Rails.cache.delete(project.root_ancestor.container_repositories_size_cache_key)
ProjectCacheWorker.perform_async(project.id, [], [:container_registry_size])

25
app/models/hooks/web_hook.rb
View file

@ -19,6 +19,15 @@ class WebHook < ApplicationRecord
algorithm: 'aes-256-gcm',
key: Settings.attr_encrypted_db_key_base_32
attr_encrypted :url_variables,
mode: :per_attribute_iv,
key: Settings.attr_encrypted_db_key_base_32,
algorithm: 'aes-256-gcm',
marshal: true,
marshaler: ::Gitlab::Json,
encode: false,
encode_iv: false
has_many :web_hook_logs
validates :url, presence: true
@ -26,6 +35,9 @@ class WebHook < ApplicationRecord
validates :token, format: { without: /\n/ }
validates :push_events_branch_filter, branch_filter: true
validates :url_variables, json_schema: { filename: 'web_hooks_url_variables' }
after_initialize :initialize_url_variables
scope :executable, -> do
next all unless Feature.enabled?(:web_hooks_disable_failed)
@ -150,9 +162,22 @@ class WebHook < ApplicationRecord
end
end
# Exclude binary columns by default - they have no sensible JSON encoding
def serializable_hash(options = nil)
options = options.try(:dup) || {}
options[:except] = Array(options[:except]).dup
options[:except].concat [:encrypted_url_variables, :encrypted_url_variables_iv]
super(options)
end
private
def web_hooks_disable_failed?
Feature.enabled?(:web_hooks_disable_failed)
end
def initialize_url_variables
self.url_variables = {} if encrypted_url_variables.nil?
end
end

2
app/models/project_statistics.rb
View file

@ -77,8 +77,6 @@ class ProjectStatistics < ApplicationRecord
end
def update_container_registry_size
return unless Feature.enabled?(:container_registry_project_statistics, project)
self.container_registry_size = project.container_repositories_size || 0
end

14
app/validators/json_schemas/web_hooks_url_variables.json Normal file
View file

@ -0,0 +1,14 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"description": "WebHook#url_variables",
"type": "object",
"additionalProperties": false,
"maxProperties": 20,
"patternProperties": {
"^[A-Za-z_][A-Za-z0-9_]*$": {
"type": "string",
"minLength": 1,
"maxLength": 100
}
}
}

2
app/views/admin/application_settings/_usage.html.haml
View file

@ -21,7 +21,7 @@
checkbox_options: { disabled: !can_be_configured, data: { qa_selector: 'enable_usage_data_checkbox' } }
.form-text.gl-pl-6
- if can_be_configured
%button.gl-button.btn.btn-default.js-payload-preview-trigger{ type: 'button', data: { payload_selector: ".#{payload_class}" } }
= render Pajamas::ButtonComponent.new(button_options: { class: 'js-payload-preview-trigger', data: { payload_selector: ".#{payload_class}" } }) do
= gl_loading_icon(css_class: 'js-spinner gl-display-none gl-mr-2')
.js-text.gl-display-inline= s_('AdminSettings|Preview payload')
%pre.service-data-payload-container.js-syntax-highlight.code.highlight.gl-mt-2.gl-display-none{ class: payload_class, data: { endpoint: usage_data_admin_application_settings_path(format: :html) } }

2
app/views/ci/variables/_header.html.haml
View file

@ -3,7 +3,7 @@
%h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only
= _('Variables')
%button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' }
= render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do
= expanded ? _('Collapse') : _('Expand')
%p

2
app/views/projects/cleanup/_show.html.haml
View file

@ -3,7 +3,7 @@
%section.settings.no-animate#cleanup{ class: ('expanded' if expanded) }
.settings-header
%h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only= _('Repository cleanup')
%button.btn.gl-button.btn-default.js-settings-toggle
= render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do
= expanded ? _('Collapse') : _('Expand')
%p
- link_url = 'https://github.com/newren/git-filter-repo'

2
app/views/projects/default_branch/_show.html.haml
View file

@ -3,7 +3,7 @@
%section.settings.no-animate#default-branch-settings{ class: ('expanded' if expanded) }
.settings-header
%h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only= _('Default branch')
%button.btn.gl-button.btn-default.js-settings-toggle
= render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do
= expanded ? _('Collapse') : _('Expand')
%p
= _('Set the default branch for this project. All merge requests and commits are made against this branch unless you specify a different one.')

14
app/views/projects/edit.html.haml
View file

@ -10,14 +10,16 @@
%section.settings.general-settings.no-animate.expanded#js-general-settings
.settings-header
%h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only= _('Naming, topics, avatar')
%button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' }= _('Collapse')
= render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do
= _('Collapse')
%p= _('Update your project name, topics, description, and avatar.')
.settings-content= render 'projects/settings/general'
%section.settings.sharing-permissions.no-animate#js-shared-permissions{ class: ('expanded' if expanded), data: { qa_selector: 'visibility_features_permissions_content' } }
.settings-header
%h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only= _('Visibility, project features, permissions')
%button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' }= expanded ? _('Collapse') : _('Expand')
= render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do
= expanded ? _('Collapse') : _('Expand')
%p= _('Choose visibility level, enable/disable project features and their permissions, disable email notifications, and show default award emoji.')
.settings-content
@ -29,7 +31,8 @@
%section.rspec-merge-request-settings.settings.merge-requests-feature.no-animate#js-merge-request-settings{ class: [('expanded' if expanded), ('hidden' if @project.project_feature.send(:merge_requests_access_level) == 0)], data: { qa_selector: 'merge_request_settings_content' } }
.settings-header
%h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only= _('Merge requests')
%button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' }= expanded ? _('Collapse') : _('Expand')
= render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do
= expanded ? _('Collapse') : _('Expand')
= render_if_exists 'projects/merge_request_settings_description_text'
.settings-content
@ -47,7 +50,7 @@
.settings-header
%h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only
= s_('ProjectSettings|Badges')
%button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' }
= render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do
= expanded ? _('Collapse') : _('Expand')
%p
= s_('ProjectSettings|Customize this project\'s badges.')
@ -64,7 +67,8 @@
%section.settings.advanced-settings.no-animate#js-project-advanced-settings{ class: ('expanded' if expanded), data: { qa_selector: 'advanced_settings_content' } }
.settings-header
%h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only= _('Advanced')
%button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' }= expanded ? _('Collapse') : _('Expand')
= render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do
= expanded ? _('Collapse') : _('Expand')
%p= s_('ProjectSettings|Housekeeping, export, archive, change path, transfer, and delete.')
.settings-content

2
app/views/projects/mirrors/_mirror_repos.html.haml
View file

@ -6,7 +6,7 @@
%section.settings.project-mirror-settings.no-animate#js-push-remote-settings{ class: mirror_settings_class, data: { qa_selector: 'mirroring_repositories_settings_content' } }
.settings-header
%h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only= _('Mirroring repositories')
%button.btn.gl-button.btn-default.js-settings-toggle
= render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do
= expanded ? _('Collapse') : _('Expand')
%p
= _('Set up your project to automatically push and/or pull changes to/from another repository. Branches, tags, and commits will be synced automatically.')

4
app/views/projects/protected_branches/shared/_index.html.haml
View file

@ -4,8 +4,8 @@
.settings-header
%h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only
= s_("ProtectedBranch|Protected branches")
%button.btn.gl-button.btn-default.js-settings-toggle.qa-expand-protected-branches{ type: 'button' }
= expanded ? 'Collapse' : 'Expand'
= render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle qa-expand-protected-branches' }) do
= expanded ? _('Collapse') : _('Expand')
%p
= s_("ProtectedBranch|Keep stable branches secure and force developers to use merge requests.")
= link_to s_("ProtectedBranch|What are protected branches?"), help_page_path("user/project/protected_branches")

4
app/views/projects/protected_tags/shared/_index.html.haml
View file

@ -4,8 +4,8 @@
.settings-header
%h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only
= s_("ProtectedTag|Protected tags")
%button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' }
= expanded ? 'Collapse' : 'Expand'
= render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do
= expanded ? _('Collapse') : _('Expand')
%p
= s_("ProtectedTag|Limit access to creating and updating tags.")
= link_to s_("ProtectedTag|What are protected tags?"), help_page_path("user/project/protected_tags")

14
app/views/projects/settings/ci_cd/show.html.haml
View file

@ -9,7 +9,7 @@
.settings-header
%h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only
= _("General pipelines")
%button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' }
= render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do
= expanded ? _('Collapse') : _('Expand')
%p
= _("Customize your pipeline configuration.")
@ -20,7 +20,7 @@
.settings-header
%h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only
= s_('CICD|Auto DevOps')
%button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' }
= render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do
= expanded ? _('Collapse') : _('Expand')
%p
- auto_devops_url = help_page_path('topics/autodevops/index')
@ -37,7 +37,7 @@
.settings-header
%h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only
= _("Runners")
%button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' }
= render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do
= expanded ? _('Collapse') : _('Expand')
%p
= _("Runners are processes that pick up and execute CI/CD jobs for GitLab.")
@ -50,7 +50,7 @@
.settings-header
%h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only
= _("Artifacts")
%button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' }
= render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do
= expanded ? _('Collapse') : _('Expand')
%p
= _("A job artifact is an archive of files and directories saved by a job when it finishes.")
@ -67,7 +67,7 @@
.settings-header
%h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only
= _("Pipeline triggers")
%button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' }
= render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do
= expanded ? _('Collapse') : _('Expand')
%p
= _("Trigger a pipeline for a branch or tag by generating a trigger token and using it with an API call. The token impersonates a user's project access and permissions.")
@ -82,7 +82,7 @@
.settings-header
%h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only
= _("Deploy freezes")
%button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' }
= render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do
= expanded ? _('Collapse') : _('Expand')
%p
- freeze_period_docs = help_page_path('user/project/releases/index', anchor: 'prevent-unintentional-releases-by-setting-a-deploy-freeze')
@ -100,7 +100,7 @@
.settings-header
%h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only
= _("Token Access")
%button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' }
= render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do
= expanded ? _('Collapse') : _('Expand')
%p
= _("Control which projects can be accessed by API requests authenticated with this project's CI_JOB_TOKEN CI/CD variable. It is a security risk to disable this feature, because unauthorized projects might attempt to retrieve an active token and access the API.")

2
app/views/projects/settings/operations/_alert_management.html.haml
View file

@ -7,7 +7,7 @@
.settings-header
%h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only
= _('Alerts')
%button.gl-button.btn.btn-default.js-settings-toggle{ type: 'button' }
= render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do
= _('Expand')
%p
= _('Display alerts from all configured monitoring tools.')

2
app/views/projects/settings/operations/_error_tracking.html.haml
View file

@ -6,7 +6,7 @@
.settings-header
%h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only
= _('Error tracking')
%button.gl-button.btn.btn-default.js-settings-toggle{ type: 'button' }
= render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do
= _('Expand')
%p
= _('Link Sentry to GitLab to discover and view the errors your application generates.')

2
app/views/projects/settings/operations/_tracing.html.haml
View file

@ -4,7 +4,7 @@
.settings-header{ :class => 'border-top' }
%h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only
= _('Tracing')
%button.btn.btn-default.gl-button.js-settings-toggle{ type: 'button' }
= render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do
= _('Expand')
%p
= _('Embed an image of your existing Jaeger server in GitLab.')

4
app/views/shared/deploy_keys/_index.html.haml
View file

@ -2,8 +2,8 @@
%section.rspec-deploy-keys-settings.settings.no-animate#js-deploy-keys-settings{ class: ('expanded' if expanded), data: { qa_selector: 'deploy_keys_settings_content' } }
.settings-header
%h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only= _('Deploy keys')
%button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' }
= expanded ? 'Collapse' : 'Expand'
= render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do
= expanded ? _('Collapse') : _('Expand')
%p
- link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: help_page_path('user/project/deploy_keys/index') }
= _("Add deploy keys to grant read/write access to this repository. %{link_start}What are deploy keys?%{link_end}").html_safe % { link_start: link_start, link_end: '</a>'.html_safe }

2
app/views/shared/notes/_edit_form.html.haml
View file

@ -10,5 +10,5 @@
.settings-message.note-edit-warning.js-finish-edit-warning
= _("Finish editing this message first!")
= submit_tag _('Save comment'), class: 'gl-button btn btn-confirm js-comment-save-button', data: { qa_selector: 'save_comment_button' }
%button.btn.gl-button.btn-cancel.note-edit-cancel{ type: 'button' }
= render Pajamas::ButtonComponent.new(button_options: { class: 'note-edit-cancel' }) do
= _("Cancel")

8
config/feature_flags/development/container_registry_project_statistics.yml
View file

@ -1,8 +0,0 @@
---
name: container_registry_project_statistics
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/84923
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/359852
milestone: '15.0'
type: development
group: group::utilization
default_enabled: false

16
data/deprecations/15-1-pipelinesecurityreportfinding-name.yml Normal file
View file

@ -0,0 +1,16 @@
- name: "PipelineSecurityReportFinding name GraphQL field" # (required) The name of the feature to be deprecated
announcement_milestone: "15.1" # (required) The milestone when this feature was first announced as deprecated.
announcement_date: "2022-06-22" # (required) The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
removal_milestone: "16.0" # (required) The milestone when this feature is planned to be removed
removal_date: "2023-05-22" # (required) The date of the milestone release when this feature is planned to be removed. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
breaking_change: true # (required) If this deprecation is a breaking change, set this value to true
reporter: matt_wilson # (required) GitLab username of the person reporting the deprecation
stage: Secure # (required) String value of the stage that the feature was created in. e.g., Growth
issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/346335 # (required) Link to the deprecation issue in GitLab
body: | # (required) Do not modify this line, instead modify the lines below.
Previously, the [PipelineSecurityReportFinding GraphQL type was updated](https://gitlab.com/gitlab-org/gitlab/-/issues/335372) to include a new `title` field. This field is an alias for the current `name` field, making the less specific `name` field redundant. The `name` field will be removed from the PipelineSecurityReportFinding type in GitLab 16.0.
# The following items are not published on the docs page, but may be used in the future.
tiers: Ultimate # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
documentation_url: # (optional) This is a link to the current documentation page
image_url: # (optional) This is a link to a thumbnail image depicting the feature
video_url: # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg

16
data/deprecations/15-1-pipelinesecurityreportfinding-projectfingerprint.yml Normal file
View file

@ -0,0 +1,16 @@
- name: "PipelineSecurityReportFinding projectFingerprint GraphQL field" # (required) The name of the feature to be deprecated
announcement_milestone: "15.1" # (required) The milestone when this feature was first announced as deprecated.
announcement_date: "2022-06-22" # (required) The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
removal_milestone: "16.0" # (required) The milestone when this feature is planned to be removed
removal_date: "2023-05-22" # (required) The date of the milestone release when this feature is planned to be removed. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
breaking_change: true # (required) If this deprecation is a breaking change, set this value to true
reporter: matt_wilson # (required) GitLab username of the person reporting the deprecation
stage: Secure # (required) String value of the stage that the feature was created in. e.g., Growth
issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/343475 # (required) Link to the deprecation issue in GitLab
body: | # (required) Do not modify this line, instead modify the lines below.
The [`project_fingerprint`](https://gitlab.com/groups/gitlab-org/-/epics/2791) attribute of vulnerability findings is being deprecated in favor of a `uuid` attribute. By using UUIDv5 values to identify findings, we can easily associate any related entity with a finding. The `project_fingerprint` attribute is no longer being used to track findings, and will be removed in GitLab 16.0.
# The following items are not published on the docs page, but may be used in the future.
tiers: Ultimate # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
documentation_url: # (optional) This is a link to the current documentation page
image_url: # (optional) This is a link to a thumbnail image depicting the feature
video_url: # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg

16
data/deprecations/15-1-project-pipeline-securityReportFindings.yml Normal file
View file

@ -0,0 +1,16 @@
- name: "project.pipeline.securityReportFindings GraphQL query" # (required) The name of the feature to be deprecated
announcement_milestone: "15.1" # (required) The milestone when this feature was first announced as deprecated.
announcement_date: "2022-06-22" # (required) The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
removal_milestone: "16.0" # (required) The milestone when this feature is planned to be removed
removal_date: "2023-05-22" # (required) The date of the milestone release when this feature is planned to be removed. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
breaking_change: true # (required) If this deprecation is a breaking change, set this value to true
reporter: matt_wilson # (required) GitLab username of the person reporting the deprecation
stage: Secure # (required) String value of the stage that the feature was created in. e.g., Growth
issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/343475 # (required) Link to the deprecation issue in GitLab
body: | # (required) Do not modify this line, instead modify the lines below.
Previous work helped [align the vulnerabilities calls for pipeline security tabs](https://gitlab.com/gitlab-org/gitlab/-/issues/343469) to match the vulnerabilities calls for project-level and group-level vulnerability reports. This helped the frontend have a more consistent interface. The old `project.pipeline.securityReportFindings` query was formatted differently than other vulnerability data calls. Now that it has been replaced with the new `project.pipeline.vulnerabilities` field, the old `project.pipeline.securityReportFindings` is being deprecated and will be removed in GitLab 16.0.
# The following items are not published on the docs page, but may be used in the future.
tiers: Ultimate # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
documentation_url: # (optional) This is a link to the current documentation page
image_url: # (optional) This is a link to a thumbnail image depicting the feature
video_url: # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg

8
db/migrate/20220605170009_add_url_vars_to_web_hook.rb Normal file
View file

@ -0,0 +1,8 @@
# frozen_string_literal: true
class AddUrlVarsToWebHook < Gitlab::Database::Migration[2.0]
def change
add_column :web_hooks, :encrypted_url_variables, :binary
add_column :web_hooks, :encrypted_url_variables_iv, :binary
end
end

1
db/schema_migrations/20220605170009 Normal file
View file

@ -0,0 +1 @@
b3661dbf8254ed37356a1164718c372cf5828fe7aa0218fd02feb1c00370e86f

4
db/structure.sql
View file

@ -22260,7 +22260,9 @@ CREATE TABLE web_hooks (
subgroup_events boolean DEFAULT false NOT NULL,
recent_failures smallint DEFAULT 0 NOT NULL,
backoff_count smallint DEFAULT 0 NOT NULL,
disabled_until timestamp with time zone
disabled_until timestamp with time zone,
encrypted_url_variables bytea,
encrypted_url_variables_iv bytea
);
CREATE SEQUENCE web_hooks_id_seq

42
doc/update/deprecations.md
View file

@ -64,6 +64,34 @@ Any Jira Server and Jira Data Center users will need to confirm they are not usi
<div class="deprecation removal-160 breaking-change">
### PipelineSecurityReportFinding name GraphQL field
Planned removal: GitLab <span class="removal-milestone">16.0</span> (2023-05-22)
WARNING:
This is a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
Review the details carefully before upgrading.
Previously, the [PipelineSecurityReportFinding GraphQL type was updated](https://gitlab.com/gitlab-org/gitlab/-/issues/335372) to include a new `title` field. This field is an alias for the current `name` field, making the less specific `name` field redundant. The `name` field will be removed from the PipelineSecurityReportFinding type in GitLab 16.0.
</div>
<div class="deprecation removal-160 breaking-change">
### PipelineSecurityReportFinding projectFingerprint GraphQL field
Planned removal: GitLab <span class="removal-milestone">16.0</span> (2023-05-22)
WARNING:
This is a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
Review the details carefully before upgrading.
The [`project_fingerprint`](https://gitlab.com/groups/gitlab-org/-/epics/2791) attribute of vulnerability findings is being deprecated in favor of a `uuid` attribute. By using UUIDv5 values to identify findings, we can easily associate any related entity with a finding. The `project_fingerprint` attribute is no longer being used to track findings, and will be removed in GitLab 16.0.
</div>
<div class="deprecation removal-160 breaking-change">
### REST API Runner maintainer_note
Planned removal: GitLab <span class="removal-milestone">16.0</span> (2023-05-22)
@ -88,6 +116,20 @@ of the underlying data model. The feature flag has remained off by default as fu
by this value remains performant. Due to very low usage of the `Tool` column for sorting, the feature flag will instead be removed in
GitLab 15.3 to simplify the codebase and prevent any unwanted performance degradation.
</div>
<div class="deprecation removal-160 breaking-change">
### project.pipeline.securityReportFindings GraphQL query
Planned removal: GitLab <span class="removal-milestone">16.0</span> (2023-05-22)
WARNING:
This is a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
Review the details carefully before upgrading.
Previous work helped [align the vulnerabilities calls for pipeline security tabs](https://gitlab.com/gitlab-org/gitlab/-/issues/343469) to match the vulnerabilities calls for project-level and group-level vulnerability reports. This helped the frontend have a more consistent interface. The old `project.pipeline.securityReportFindings` query was formatted differently than other vulnerability data calls. Now that it has been replaced with the new `project.pipeline.vulnerabilities` field, the old `project.pipeline.securityReportFindings` is being deprecated and will be removed in GitLab 16.0.
</div>
</div>

9
spec/models/concerns/sensitive_serializable_hash_spec.rb
View file

@ -56,6 +56,9 @@ RSpec.describe SensitiveSerializableHash do
attributes.each do |attribute|
expect(model.attributes).to include(attribute) # double-check the attribute does exist
# Do not expect binary columns to appear in JSON
next if klass.columns_hash[attribute]&.type == :binary
expect(model.serializable_hash(unsafe_serialization_hash: true)).to include(attribute)
expect(model.to_json(unsafe_serialization_hash: true)).to include(attribute)
expect(model.as_json(unsafe_serialization_hash: true)).to include(attribute)
@ -65,8 +68,12 @@ RSpec.describe SensitiveSerializableHash do
end
end
it_behaves_like 'attr_encrypted attribute', WebHook, 'token' do
context 'for a web hook' do
let_it_be(:model) { create(:system_hook) }
it_behaves_like 'attr_encrypted attribute', WebHook, 'token'
it_behaves_like 'attr_encrypted attribute', WebHook, 'url'
it_behaves_like 'attr_encrypted attribute', WebHook, 'url_variables'
end
it_behaves_like 'attr_encrypted attribute', Ci::InstanceVariable, 'value' do

8
spec/models/container_registry/event_spec.rb
View file

@ -60,14 +60,6 @@ RSpec.describe ContainerRegistry::Event do
end
end
context 'with :container_registry_project_statistics feature flag disabled' do
before do
stub_feature_flags(container_registry_project_statistics: false)
end
it_behaves_like 'event without project statistics update'
end
context 'with no target tag' do
let(:target) { super().without('tag') }

43
spec/models/hooks/web_hook_spec.rb
View file

@ -24,6 +24,29 @@ RSpec.describe WebHook do
describe 'validations' do
it { is_expected.to validate_presence_of(:url) }
describe 'url_variables' do
it { is_expected.to allow_value({}).for(:url_variables) }
it { is_expected.to allow_value({ 'foo' => 'bar' }).for(:url_variables) }
it { is_expected.to allow_value({ 'FOO' => 'bar' }).for(:url_variables) }
it { is_expected.to allow_value({ 'MY_TOKEN' => 'bar' }).for(:url_variables) }
it { is_expected.to allow_value({ 'foo2' => 'bar' }).for(:url_variables) }
it { is_expected.to allow_value({ 'x' => 'y' }).for(:url_variables) }
it { is_expected.to allow_value({ 'x' => ('a' * 100) }).for(:url_variables) }
it { is_expected.to allow_value({ 'foo' => 'bar', 'bar' => 'baz' }).for(:url_variables) }
it { is_expected.to allow_value((1..20).to_h { ["k#{_1}", 'value'] }).for(:url_variables) }
it { is_expected.not_to allow_value([]).for(:url_variables) }
it { is_expected.not_to allow_value({ 'foo' => 1 }).for(:url_variables) }
it { is_expected.not_to allow_value({ 'bar' => :baz }).for(:url_variables) }
it { is_expected.not_to allow_value({ 'bar' => nil }).for(:url_variables) }
it { is_expected.not_to allow_value({ 'foo' => '' }).for(:url_variables) }
it { is_expected.not_to allow_value({ 'foo' => ('a' * 101) }).for(:url_variables) }
it { is_expected.not_to allow_value({ 'has spaces' => 'foo' }).for(:url_variables) }
it { is_expected.not_to allow_value({ '' => 'foo' }).for(:url_variables) }
it { is_expected.not_to allow_value({ '1foo' => 'foo' }).for(:url_variables) }
it { is_expected.not_to allow_value((1..21).to_h { ["k#{_1}", 'value'] }).for(:url_variables) }
end
describe 'url' do
it { is_expected.to allow_value('http://example.com').for(:url) }
it { is_expected.to allow_value('https://example.com').for(:url) }
@ -87,7 +110,7 @@ RSpec.describe WebHook do
describe 'encrypted attributes' do
subject { described_class.encrypted_attributes.keys }
it { is_expected.to contain_exactly(:token, :url) }
it { is_expected.to contain_exactly(:token, :url, :url_variables) }
end
describe 'execute' do
@ -519,4 +542,22 @@ RSpec.describe WebHook do
it { is_expected.to eq :temporarily_disabled }
end
end
describe '#to_json' do
it 'does not error' do
expect { hook.to_json }.not_to raise_error
end
it 'does not error, when serializing unsafe attributes' do
expect { hook.to_json(unsafe_serialization_hash: true) }.not_to raise_error
end
it 'does not contain binary attributes' do
expect(hook.to_json).not_to include('encrypted_url_variables')
end
it 'does not contain binary attributes, even when serializing unsafe attributes' do
expect(hook.to_json(unsafe_serialization_hash: true)).not_to include('encrypted_url_variables')
end
end
end

14
spec/models/project_statistics_spec.rb
View file

@ -358,20 +358,6 @@ RSpec.describe ProjectStatistics do
expect(statistics.container_registry_size).to eq(0)
end
context 'with container_registry_project_statistics FF disabled' do
before do
stub_feature_flags(container_registry_project_statistics: false)
end
it 'does not update the container_registry_size' do
expect(project).not_to receive(:container_repositories_size)
update_container_registry_size
expect(statistics.container_registry_size).to eq(0)
end
end
end
describe '#update_storage_size' do

21
spec/requests/projects/usage_quotas_spec.rb
View file

@ -35,26 +35,5 @@ RSpec.describe 'Project Usage Quotas' do
it_behaves_like 'response with 404 status'
end
context 'container_registry_project_statistics feature flag' do
subject(:body) { response.body }
before do
stub_feature_flags(container_registry_project_statistics: container_registry_project_statistics_enabled)
get project_usage_quotas_path(project)
end
context 'when disabled' do
let(:container_registry_project_statistics_enabled) { false }
it { is_expected.to have_pushed_frontend_feature_flags(containerRegistryProjectStatistics: false)}
end
context 'when enabled' do
let(:container_registry_project_statistics_enabled) { true }
it { is_expected.to have_pushed_frontend_feature_flags(containerRegistryProjectStatistics: true)}
end
end
end
end