From 855ff6423b78bafa06ce62a2bb724e58f1a0042b Mon Sep 17 00:00:00 2001 From: Phil Hughes Date: Wed, 1 Jun 2016 12:33:32 +0100 Subject: [PATCH 01/20] Shows the edit comment button on mobile Closes #17214 --- app/assets/stylesheets/framework/mobile.scss | 4 --- app/assets/stylesheets/pages/notes.scss | 26 ++++++++++++++++++-- app/views/projects/notes/_note.html.haml | 5 ++-- 3 files changed, 26 insertions(+), 9 deletions(-) diff --git a/app/assets/stylesheets/framework/mobile.scss b/app/assets/stylesheets/framework/mobile.scss index bd531f8376b..d4e5cc819a4 100644 --- a/app/assets/stylesheets/framework/mobile.scss +++ b/app/assets/stylesheets/framework/mobile.scss @@ -66,10 +66,6 @@ display: none; } - %ul.notes .note-role, .note-actions { - display: none; - } - .nav-links, .nav-links { li a { font-size: 14px; diff --git a/app/assets/stylesheets/pages/notes.scss b/app/assets/stylesheets/pages/notes.scss index a3e1ac13a43..0e82c457232 100644 --- a/app/assets/stylesheets/pages/notes.scss +++ b/app/assets/stylesheets/pages/notes.scss @@ -118,6 +118,11 @@ ul.notes { .note-header { padding-bottom: 3px; + padding-right: 20px; + + @media (min-width: $screen-sm-min) { + padding-right: 0; + } } } @@ -179,6 +184,8 @@ ul.notes { .discussion-header, .note-header { + position: relative; + a { color: inherit; @@ -215,6 +222,16 @@ ul.notes { color: $notes-action-color; } +.note-actions { + position: absolute; + right: 0; + top: 0; + + @media (min-width: $screen-sm-min) { + position: relative; + } +} + .discussion-actions { @media (max-width: $screen-md-max) { float: none; @@ -228,8 +245,13 @@ ul.notes { .note-action-button { display: inline-block; - margin-left: 10px; - line-height: 24px; + margin-left: 0; + line-height: 20px; + + @media (min-width: $screen-sm-min) { + margin-left: 10px; + line-height: 24px; + } .fa { color: $notes-action-color; diff --git a/app/views/projects/notes/_note.html.haml b/app/views/projects/notes/_note.html.haml index f1045bbd8c3..f6b7463ff07 100644 --- a/app/views/projects/notes/_note.html.haml +++ b/app/views/projects/notes/_note.html.haml @@ -19,12 +19,11 @@ .note-actions - access = note.project.team.human_max_access(note.author.id) - if access - %span.note-role - = access + %span.note-role.hidden-xs= access - if note_editable = link_to '#', title: 'Edit comment', class: 'note-action-button js-note-edit' do = icon('pencil') - = link_to namespace_project_note_path(note.project.namespace, note.project, note), title: 'Remove comment', method: :delete, data: { confirm: 'Are you sure you want to remove this comment?' }, remote: true, class: 'note-action-button js-note-delete danger' do + = link_to namespace_project_note_path(note.project.namespace, note.project, note), title: 'Remove comment', method: :delete, data: { confirm: 'Are you sure you want to remove this comment?' }, remote: true, class: 'note-action-button hidden-xs js-note-delete danger' do = icon('trash-o') .note-body{class: note_editable ? 'js-task-list-container' : ''} .note-text From 6aa9ea7d02aeec500107ea06c774bae5a8efbd50 Mon Sep 17 00:00:00 2001 From: Phil Hughes Date: Wed, 1 Jun 2016 12:11:16 +0100 Subject: [PATCH 02/20] Fixed issue with activity links not being consistent Closes #17621 --- app/views/events/event/_common.html.haml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/app/views/events/event/_common.html.haml b/app/views/events/event/_common.html.haml index c7f29f2fc0e..2e2403347c1 100644 --- a/app/views/events/event/_common.html.haml +++ b/app/views/events/event/_common.html.haml @@ -1,10 +1,14 @@ .event-title %span.author_name= link_to_author event %span.event_label{class: event.action_name} - = event_action_name(event) - - if event.target - %strong= link_to event.target.reference_link_text, [event.project.namespace.becomes(Namespace), event.project, event.target], class: 'has-tooltip', title: event.target_title + = event.action_name + %strong + = link_to [event.project.namespace.becomes(Namespace), event.project, event.target], class: 'has-tooltip', title: event.target_title do + = event.target_type.titleize.downcase + = event.target.reference_link_text + - else + = event_action_name(event) = event_preposition(event) From 8450fe3074140b86e7d2e5a85d2cdb65051906ee Mon Sep 17 00:00:00 2001 From: Felipe Artur Date: Fri, 3 Jun 2016 15:49:34 -0300 Subject: [PATCH 03/20] Add index to notification settings --- CHANGELOG | 1 + ...0603180330_remove_duplicated_notification_settings.rb | 7 +++++++ .../20160603182247_add_index_to_notification_settings.rb | 9 +++++++++ lib/gitlab/database/migration_helpers.rb | 6 +++++- 4 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 db/migrate/20160603180330_remove_duplicated_notification_settings.rb create mode 100644 db/migrate/20160603182247_add_index_to_notification_settings.rb diff --git a/CHANGELOG b/CHANGELOG index 7215a919d79..bcb7e290ede 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -34,6 +34,7 @@ v 8.9.0 (unreleased) - Cache project build count in sidebar nav - Reduce number of queries needed to render issue labels in the sidebar - Improve error handling importing projects + - Remove duplicated notification settings - Put project Files and Commits tabs under Code tab v 8.8.4 diff --git a/db/migrate/20160603180330_remove_duplicated_notification_settings.rb b/db/migrate/20160603180330_remove_duplicated_notification_settings.rb new file mode 100644 index 00000000000..c2fcac4c53d --- /dev/null +++ b/db/migrate/20160603180330_remove_duplicated_notification_settings.rb @@ -0,0 +1,7 @@ +class RemoveDuplicatedNotificationSettings < ActiveRecord::Migration + def up + execute <<-SQL + DELETE FROM notification_settings WHERE id NOT IN ( SELECT min_id from (SELECT MIN(id) as min_id FROM notification_settings GROUP BY user_id, source_type, source_id) as dups ) + SQL + end +end diff --git a/db/migrate/20160603182247_add_index_to_notification_settings.rb b/db/migrate/20160603182247_add_index_to_notification_settings.rb new file mode 100644 index 00000000000..06462042b09 --- /dev/null +++ b/db/migrate/20160603182247_add_index_to_notification_settings.rb @@ -0,0 +1,9 @@ +class AddIndexToNotificationSettings < ActiveRecord::Migration + include Gitlab::Database::MigrationHelpers + + disable_ddl_transaction! + + def change + add_concurrent_index :notification_settings, [:user_id, :source_id, :source_type], { unique: true, name: "index_notifications_on_user_id_and_source_id_and_source_type" } + end +end diff --git a/lib/gitlab/database/migration_helpers.rb b/lib/gitlab/database/migration_helpers.rb index fd14234c558..b88e50748f6 100644 --- a/lib/gitlab/database/migration_helpers.rb +++ b/lib/gitlab/database/migration_helpers.rb @@ -19,7 +19,11 @@ module Gitlab end if Database.postgresql? - args << { algorithm: :concurrently } + if args[2].present? + args[2].merge!({ algorithm: :concurrently }) + else + args << { algorithm: :concurrently } + end end add_index(*args) From ccc8d419e65f19cfa8ea60622b527299de55d533 Mon Sep 17 00:00:00 2001 From: Connor Shea Date: Fri, 3 Jun 2016 15:00:04 -0600 Subject: [PATCH 04/20] Add confidential issue notice in comment box. --- app/assets/stylesheets/pages/note_form.scss | 33 +++++++++++++++++++++ app/views/projects/_md_preview.html.haml | 6 ++++ 2 files changed, 39 insertions(+) diff --git a/app/assets/stylesheets/pages/note_form.scss b/app/assets/stylesheets/pages/note_form.scss index 7fa13e66b43..a6765fbc7c7 100644 --- a/app/assets/stylesheets/pages/note_form.scss +++ b/app/assets/stylesheets/pages/note_form.scss @@ -87,6 +87,39 @@ } } +.md-header .nav-links { + display: flex; + display: -webkit-flex; + flex-flow: row wrap; + -webkit-flex-flow: row wrap; + width: 100%; + + .pull-right { + // Flexbox quirk to make sure right-aligned items stay right-aligned. + margin-left: auto; + } +} + +.confidential-issue-warning { + background-color: $gray-normal; + border-radius: 3px; + padding: 3px 12px; + margin: auto; + margin-top: 0; + text-align: center; + font-size: 13px; + + @media (max-width: $screen-md-min) { + // On smaller devices the warning becomes the fourth item in the list, + // rather than centering, and grows to span the full width of the + // comment area. + order: 4; + -webkit-order: 4; + margin: 6px auto; + width: 100%; + } +} + .discussion-form { padding: $gl-padding-top $gl-padding; background-color: $white-light; diff --git a/app/views/projects/_md_preview.html.haml b/app/views/projects/_md_preview.html.haml index 81afea2c60a..59a952dd662 100644 --- a/app/views/projects/_md_preview.html.haml +++ b/app/views/projects/_md_preview.html.haml @@ -7,6 +7,12 @@ %li %a.js-md-preview-button{ href: "#md-preview-holder", tabindex: -1 } Preview + + - if @issue.confidential? + %li.confidential-issue-warning + = icon('warning') + %span This is a confidential issue. Your comment will not be visible to the public. + %li.pull-right %button.zen-control.zen-control-full.js-zen-enter{ type: 'button', tabindex: -1 } Go full screen From 5b0316eab51546addea9cde74b710e9742fc95b8 Mon Sep 17 00:00:00 2001 From: Connor Shea Date: Fri, 3 Jun 2016 15:10:52 -0600 Subject: [PATCH 05/20] Add Changelog entry. --- CHANGELOG | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG b/CHANGELOG index d54cac7f93b..8c0a1d42d34 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -36,6 +36,7 @@ v 8.9.0 (unreleased) - Improve error handling importing projects - Put project Files and Commits tabs under Code tab - Replace Colorize with Rainbow for coloring console output in Rake tasks. + - An indicator is now displayed at the top of the comment field for confidential issues. v 8.8.4 - Fix todos page throwing errors when you have a project pending deletion From f0f8efeb3465d5a6915a680bc96a4cdc9384bd4b Mon Sep 17 00:00:00 2001 From: Connor Shea Date: Sun, 5 Jun 2016 12:24:36 -0600 Subject: [PATCH 06/20] Fix error on non-issue pages with comment areas. --- app/views/projects/_md_preview.html.haml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/projects/_md_preview.html.haml b/app/views/projects/_md_preview.html.haml index 59a952dd662..28a28282fd3 100644 --- a/app/views/projects/_md_preview.html.haml +++ b/app/views/projects/_md_preview.html.haml @@ -8,7 +8,7 @@ %a.js-md-preview-button{ href: "#md-preview-holder", tabindex: -1 } Preview - - if @issue.confidential? + - if defined?(@issue) && @issue.confidential? %li.confidential-issue-warning = icon('warning') %span This is a confidential issue. Your comment will not be visible to the public. From 535d11302e73fe88702f7c65effc3cd443bf56fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20Rodr=C3=ADguez?= Date: Mon, 6 Jun 2016 12:01:50 -0400 Subject: [PATCH 07/20] Remove prev/next buttons on issues and merge requests The buttons were rarely used and added at least 1 query each on every page load. --- CHANGELOG | 1 + .../javascripts/shortcuts_issuable.coffee | 18 ------------------ app/helpers/issuables_helper.rb | 12 ------------ app/views/shared/issuable/_sidebar.html.haml | 15 --------------- features/project/issues/issues.feature | 7 ------- features/project/merge_requests.feature | 2 -- features/steps/shared/issuable.rb | 16 ---------------- 7 files changed, 1 insertion(+), 70 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index fe9b9bec868..47e37152c18 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -45,6 +45,7 @@ v 8.8.4 (unreleased) - Fix todos page throwing errors when you have a project pending deletion - Reduce number of SQL queries when rendering user references - Upgrade to jQuery 2 + - Remove prev/next buttons on issues and merge requests v 8.8.3 - Fix 404 page when viewing TODOs that contain milestones or labels in different projects. !4312 diff --git a/app/assets/javascripts/shortcuts_issuable.coffee b/app/assets/javascripts/shortcuts_issuable.coffee index ccb42ab2168..c93bcf3ceec 100644 --- a/app/assets/javascripts/shortcuts_issuable.coffee +++ b/app/assets/javascripts/shortcuts_issuable.coffee @@ -10,14 +10,6 @@ class @ShortcutsIssuable extends ShortcutsNavigation @replyWithSelectedText() return false ) - Mousetrap.bind('j', => - @prevIssue() - return false - ) - Mousetrap.bind('k', => - @nextIssue() - return false - ) Mousetrap.bind('e', => @editIssue() return false @@ -29,16 +21,6 @@ class @ShortcutsIssuable extends ShortcutsNavigation else @enabledHelp.push('.hidden-shortcut.issues') - prevIssue: -> - $prevBtn = $('.prev-btn') - if not $prevBtn.hasClass('disabled') - Turbolinks.visit($prevBtn.attr('href')) - - nextIssue: -> - $nextBtn = $('.next-btn') - if not $nextBtn.hasClass('disabled') - Turbolinks.visit($nextBtn.attr('href')) - replyWithSelectedText: -> if window.getSelection selected = window.getSelection().toString() diff --git a/app/helpers/issuables_helper.rb b/app/helpers/issuables_helper.rb index 37b93f63145..40d8ce8a1d3 100644 --- a/app/helpers/issuables_helper.rb +++ b/app/helpers/issuables_helper.rb @@ -8,14 +8,6 @@ module IssuablesHelper "right-sidebar-#{sidebar_gutter_collapsed? ? 'collapsed' : 'expanded'}" end - def issuables_count(issuable) - base_issuable_scope(issuable).maximum(:iid) - end - - def next_issuable_for(issuable) - base_issuable_scope(issuable).where('iid > ?', issuable.iid).last - end - def multi_label_name(current_labels, default_label) # current_labels may be a string from before if current_labels.is_a?(Array) @@ -45,10 +37,6 @@ module IssuablesHelper end end - def prev_issuable_for(issuable) - base_issuable_scope(issuable).where('iid < ?', issuable.iid).first - end - def user_dropdown_label(user_id, default_label) return default_label if user_id.nil? return "Unassigned" if user_id == "0" diff --git a/app/views/shared/issuable/_sidebar.html.haml b/app/views/shared/issuable/_sidebar.html.haml index d6552ae7f18..1ec2436c835 100644 --- a/app/views/shared/issuable/_sidebar.html.haml +++ b/app/views/shared/issuable/_sidebar.html.haml @@ -2,23 +2,8 @@ .issuable-sidebar - can_edit_issuable = can?(current_user, :"admin_#{issuable.to_ability_name}", @project) .block.issuable-sidebar-header - %span.issuable-count.hide-collapsed.pull-left - = issuable.iid - of - = issuables_count(issuable) %a.gutter-toggle.pull-right.js-sidebar-toggle{href: '#'} = sidebar_gutter_toggle_icon - .issuable-nav.hide-collapsed.pull-right.btn-group{role: 'group', "aria-label" => '...'} - - if prev_issuable = prev_issuable_for(issuable) - = link_to 'Prev', [@project.namespace.becomes(Namespace), @project, prev_issuable], class: 'btn btn-default prev-btn issuable-pager' - - else - %a.btn.btn-default.issuable-pager.disabled{href: '#'} - Prev - - if next_issuable = next_issuable_for(issuable) - = link_to 'Next', [@project.namespace.becomes(Namespace), @project, next_issuable], class: 'btn btn-default next-btn issuable-pager' - - else - %a.btn.btn-default.issuable-pager.disabled{href: '#'} - Next = form_for [@project.namespace.becomes(Namespace), @project, issuable], remote: true, format: :json, html: {class: 'issuable-context-form inline-update js-issuable-update'} do |f| .block.assignee diff --git a/features/project/issues/issues.feature b/features/project/issues/issues.feature index de7e2b37725..2259b7125c4 100644 --- a/features/project/issues/issues.feature +++ b/features/project/issues/issues.feature @@ -25,13 +25,6 @@ Feature: Project Issues Scenario: I visit issue page Given I click link "Release 0.4" Then I should see issue "Release 0.4" - And I should see "1 of 2" in the sidebar - - Scenario: I navigate between issues - Given I click link "Release 0.4" - Then I click link "Next" in the sidebar - Then I should see issue "Tweet control" - And I should see "2 of 2" in the sidebar @javascript Scenario: I filter by author diff --git a/features/project/merge_requests.feature b/features/project/merge_requests.feature index ecda4ea8240..396eb7cc11b 100644 --- a/features/project/merge_requests.feature +++ b/features/project/merge_requests.feature @@ -49,14 +49,12 @@ Feature: Project Merge Requests Scenario: I visit an open merge request page Given I click link "Bug NS-04" Then I should see merge request "Bug NS-04" - And I should see "1 of 1" in the sidebar Scenario: I visit a merged merge request page Given project "Shop" have "Feature NS-05" merged merge request And I click link "Merged" And I click link "Feature NS-05" Then I should see merge request "Feature NS-05" - And I should see "3 of 3" in the sidebar Scenario: I close merge request page Given I click link "Bug NS-04" diff --git a/features/steps/shared/issuable.rb b/features/steps/shared/issuable.rb index 733e80b7279..c6572cf386e 100644 --- a/features/steps/shared/issuable.rb +++ b/features/steps/shared/issuable.rb @@ -138,22 +138,6 @@ module SharedIssuable end end - step 'I should see "1 of 1" in the sidebar' do - expect_sidebar_content('1 of 1') - end - - step 'I should see "1 of 2" in the sidebar' do - expect_sidebar_content('1 of 2') - end - - step 'I should see "2 of 2" in the sidebar' do - expect_sidebar_content('2 of 2') - end - - step 'I should see "3 of 3" in the sidebar' do - expect_sidebar_content('3 of 3') - end - step 'I click link "Next" in the sidebar' do page.within '.issuable-sidebar' do click_link 'Next' From 9264203103bbd2b4f46ce777304f210b07765c43 Mon Sep 17 00:00:00 2001 From: Felipe Artur Date: Mon, 6 Jun 2016 11:30:17 -0300 Subject: [PATCH 08/20] change add_concurrent_index function arguments --- lib/gitlab/database/migration_helpers.rb | 10 +++------- spec/lib/gitlab/database/migration_helpers_spec.rb | 13 ++++++++++--- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/lib/gitlab/database/migration_helpers.rb b/lib/gitlab/database/migration_helpers.rb index b88e50748f6..978c3f7896d 100644 --- a/lib/gitlab/database/migration_helpers.rb +++ b/lib/gitlab/database/migration_helpers.rb @@ -11,7 +11,7 @@ module Gitlab # add_concurrent_index :users, :some_column # # See Rails' `add_index` for more info on the available arguments. - def add_concurrent_index(*args) + def add_concurrent_index(table_name, column_name, options = {}) if transaction_open? raise 'add_concurrent_index can not be run inside a transaction, ' \ 'you can disable transactions by calling disable_ddl_transaction! ' \ @@ -19,14 +19,10 @@ module Gitlab end if Database.postgresql? - if args[2].present? - args[2].merge!({ algorithm: :concurrently }) - else - args << { algorithm: :concurrently } - end + options = options.merge({ algorithm: :concurrently }) end - add_index(*args) + add_index(table_name, column_name, options) end # Updates the value of a column in batches. diff --git a/spec/lib/gitlab/database/migration_helpers_spec.rb b/spec/lib/gitlab/database/migration_helpers_spec.rb index 35ade7a2be0..83ddabe6b0b 100644 --- a/spec/lib/gitlab/database/migration_helpers_spec.rb +++ b/spec/lib/gitlab/database/migration_helpers_spec.rb @@ -16,14 +16,21 @@ describe Gitlab::Database::MigrationHelpers, lib: true do end context 'using PostgreSQL' do - it 'creates the index concurrently' do - expect(Gitlab::Database).to receive(:postgresql?).and_return(true) + before { expect(Gitlab::Database).to receive(:postgresql?).and_return(true) } + it 'creates the index concurrently' do expect(model).to receive(:add_index). with(:users, :foo, algorithm: :concurrently) model.add_concurrent_index(:users, :foo) end + + it 'creates unique index concurrently' do + expect(model).to receive(:add_index). + with(:users, :foo, { algorithm: :concurrently, unique: true }) + + model.add_concurrent_index(:users, :foo, unique: true) + end end context 'using MySQL' do @@ -31,7 +38,7 @@ describe Gitlab::Database::MigrationHelpers, lib: true do expect(Gitlab::Database).to receive(:postgresql?).and_return(false) expect(model).to receive(:add_index). - with(:users, :foo) + with(:users, :foo, {}) model.add_concurrent_index(:users, :foo) end From d2b7c39a55913a1ba416dae2711059e656a7d10a Mon Sep 17 00:00:00 2001 From: Connor Shea Date: Mon, 6 Jun 2016 12:22:59 -0600 Subject: [PATCH 09/20] Add padding to bottom of wiki page, fix #12921. --- app/views/projects/wikis/show.html.haml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/projects/wikis/show.html.haml b/app/views/projects/wikis/show.html.haml index 1cb48a1e85d..9166c0edb3b 100644 --- a/app/views/projects/wikis/show.html.haml +++ b/app/views/projects/wikis/show.html.haml @@ -18,7 +18,7 @@ You can view the #{link_to "most recent version", namespace_project_wiki_path(@project.namespace, @project, @page)} or browse the #{link_to "history", namespace_project_wiki_history_path(@project.namespace, @project, @page)}. -.wiki-holder.prepend-top-default +.wiki-holder.prepend-top-default.append-bottom-default .wiki = preserve do = render_wiki_content(@page) From b51b14507c06ed898ae4a63ffda0e84ca40342d3 Mon Sep 17 00:00:00 2001 From: Connor Shea Date: Sun, 17 Apr 2016 15:35:18 -0600 Subject: [PATCH 10/20] Add License Finder gem. In order to rehost all our gems in our own gem host, we need to have the legal rights to do so for every gem should they be taken down from RubyGems. License Finder automates checking of gems to ensure that we're in the clear legally. Approved the MIT License because it essentially allows us to do "whatever" with those gems. I am not a lawyer. https://github.com/pivotal/LicenseFinder --- Gemfile | 2 ++ Gemfile.lock | 8 ++++++++ 2 files changed, 10 insertions(+) diff --git a/Gemfile b/Gemfile index 38ff536fd71..51ef0bd1b4d 100644 --- a/Gemfile +++ b/Gemfile @@ -306,6 +306,8 @@ group :development, :test do gem 'bundler-audit', require: false gem 'benchmark-ips', require: false + + gem "license_finder", require: false end group :test do diff --git a/Gemfile.lock b/Gemfile.lock index 5f1dbd431e4..86e102d6fb6 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -366,6 +366,12 @@ GEM actionmailer (>= 3.2) letter_opener (~> 1.0) railties (>= 3.2) + license_finder (2.1.0) + bundler + httparty + rubyzip + thor + xml-simple licensee (8.0.0) rugged (>= 0.24b) listen (3.0.5) @@ -618,6 +624,7 @@ GEM sexp_processor (~> 4.1) rubyntlm (0.5.2) rubypants (0.2.0) + rubyzip (1.2.0) rufus-scheduler (3.1.10) rugged (0.24.0) safe_yaml (1.0.4) @@ -875,6 +882,7 @@ DEPENDENCIES jwt kaminari (~> 0.17.0) letter_opener_web (~> 1.3.0) + license_finder licensee (~> 8.0.0) loofah (~> 2.0.3) mail_room (~> 0.7) From 9442482d091cd4fabd760797aa9455f96e5abbb6 Mon Sep 17 00:00:00 2001 From: Connor Shea Date: Sun, 17 Apr 2016 15:56:10 -0600 Subject: [PATCH 11/20] Add some gems' licenses not caught by License Finder. Also add License Finder to CI (only runs on master). --- .gitlab-ci.yml | 5 +++ config/.decisions.yml | 89 +++++++++++++++++++++++++++++++++++++++ config/license_finder.yml | 2 + 3 files changed, 96 insertions(+) create mode 100644 config/.decisions.yml create mode 100644 config/license_finder.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 85730e1b687..e4d81ccf350 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -93,6 +93,11 @@ scss-lint: script: - bundle exec rake scss_lint +license-finder: + stage: test + script: + - bundle exec license_finder + brakeman: stage: test script: diff --git a/config/.decisions.yml b/config/.decisions.yml new file mode 100644 index 00000000000..7e4a8be6c48 --- /dev/null +++ b/config/.decisions.yml @@ -0,0 +1,89 @@ +--- +- - :whitelist + - MIT + - :who: + :why: + :versions: [] + :when: 2016-04-17 21:12:24.558441000 Z +- - :ignore_group + - development + - :who: + :why: + :versions: [] + :when: 2016-04-17 21:27:01.054140000 Z +- - :ignore_group + - test + - :who: + :why: + :versions: [] + :when: 2016-04-17 21:27:06.250326000 Z +- - :license + - raphael-rails + - MIT + - :who: + :why: https://github.com/mockdeep/raphael-rails/blob/master/license.txt + :versions: [] + :when: 2016-04-17 21:30:07.575392000 Z +- - :license + - rouge + - MIT + - :who: + :why: https://github.com/jneen/rouge/blob/master/LICENSE + :versions: [] + :when: 2016-04-17 21:31:29.490394000 Z +- - :license + - pyu-ruby-sasl + - MIT + - :who: + :why: https://github.com/pyu10055/ruby-sasl/blob/master/MIT-LICENSE + :versions: [] + :when: 2016-04-17 21:41:55.266420000 Z +- - :license + - six + - MIT + - :who: + :why: https://github.com/randx/six/blob/master/LICENSE + :versions: [] + :when: 2016-04-17 21:42:31.420186000 Z +- - :license + - rdoc + - GPLv2 + - :who: + :why: https://github.com/rdoc/rdoc/blob/master/LICENSE.rdoc + :versions: [] + :when: 2016-04-17 21:43:30.480413000 Z +- - :license + - rubypants + - unknown + - :who: + :why: https://github.com/jmcnevin/rubypants/blob/master/LICENSE.rdoc + :versions: [] + :when: 2016-04-17 21:44:49.443453000 Z +- - :license + - expression_parser + - MIT + - :who: + :why: https://github.com/nricciar/expression_parser/blob/master/MIT-LICENSE + :versions: [] + :when: 2016-04-17 21:45:41.829912000 Z +- - :license + - ace-rails-ap + - MIT + - :who: + :why: https://github.com/codykrieger/ace-rails-ap/blob/master/LICENSE + :versions: [] + :when: 2016-04-17 21:46:19.767922000 Z +- - :license + - jquery-scrollto-rails + - MIT, GPLv2 + - :who: + :why: https://github.com/JohnColvin/jquery-scrollto-rails/blob/master/MIT%20License + :versions: [] + :when: 2016-04-17 21:47:56.967946000 Z +- - :license + - creole + - ruby + - :who: + :why: https://github.com/minad/creole#license + :versions: [] + :when: 2016-04-17 21:49:10.329759000 Z diff --git a/config/license_finder.yml b/config/license_finder.yml new file mode 100644 index 00000000000..d641563719f --- /dev/null +++ b/config/license_finder.yml @@ -0,0 +1,2 @@ +--- +decisions_file: './config/.decisions.yml' From ddca2806c754b9be86138dfeddb4b581d9b6a40f Mon Sep 17 00:00:00 2001 From: Connor Shea Date: Sun, 1 May 2016 23:59:43 -0600 Subject: [PATCH 12/20] Add gems and licenses that were previously missing. Approve a number of licenses after a bunch of research today. --- Gemfile.lock | 1 + config/.decisions.yml | 123 +++++++++++++++++++++++++++++++++++++++--- 2 files changed, 116 insertions(+), 8 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 86e102d6fb6..53685058faf 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -796,6 +796,7 @@ GEM builder expression_parser rinku + xml-simple (1.1.5) xpath (2.0.0) nokogiri (~> 1.3) diff --git a/config/.decisions.yml b/config/.decisions.yml index 7e4a8be6c48..9cfc9a186bb 100644 --- a/config/.decisions.yml +++ b/config/.decisions.yml @@ -47,18 +47,11 @@ :when: 2016-04-17 21:42:31.420186000 Z - - :license - rdoc - - GPLv2 + - ruby - :who: :why: https://github.com/rdoc/rdoc/blob/master/LICENSE.rdoc :versions: [] :when: 2016-04-17 21:43:30.480413000 Z -- - :license - - rubypants - - unknown - - :who: - :why: https://github.com/jmcnevin/rubypants/blob/master/LICENSE.rdoc - :versions: [] - :when: 2016-04-17 21:44:49.443453000 Z - - :license - expression_parser - MIT @@ -87,3 +80,117 @@ :why: https://github.com/minad/creole#license :versions: [] :when: 2016-04-17 21:49:10.329759000 Z +- - :license + - eventmachine + - ruby + - :who: + :why: https://github.com/eventmachine/eventmachine/blob/master/LICENSE + :versions: [] + :when: 2016-04-17 21:49:10.329759001 Z +- - :whitelist + - Apache 2.0 + - :who: Connor Shea + :why: http://choosealicense.com/licenses/apache-2.0/ + :versions: [] + :when: 2016-05-02 05:27:43.762702000 Z +- - :blacklist + - GPLv2 + - :who: Connor Shea + :why: GPL-licensed libraries cannot be linked to from non-GPL projects. + :versions: [] + :when: 2016-05-02 05:29:27.637336000 Z +- - :blacklist + - GPLv3 + - :who: Connor Shea + :why: GPL-licensed libraries cannot be linked to from non-GPL projects. + :versions: [] + :when: 2016-05-02 05:29:43.904715000 Z +- - :whitelist + - ruby + - :who: Connor Shea + :why: https://github.com/ruby/ruby/blob/ruby_1_8_6/COPYING + :versions: [] + :when: 2016-05-02 05:31:54.498490000 Z +- - :whitelist + - LGPL + - :who: Connor Shea + :why: http://www.gnu.org/licenses/license-list.html#LGPLv2.1 + :versions: [] + :when: 2016-05-02 05:32:48.645841000 Z +- - :whitelist + - ISC + - :who: Connor Shea + :why: http://www.gnu.org/licenses/license-list.html#ISC + :versions: [] + :when: 2016-05-02 05:42:01.894452000 Z +- - :whitelist + - New BSD + - :who: Connor Shea + :why: https://opensource.org/licenses/BSD-3-Clause + :versions: [] + :when: 2016-05-02 05:44:38.246021000 Z +- - :license + - unicorn + - ruby + - :who: + :why: + :versions: [] + :when: 2016-05-02 05:45:28.817510000 Z +- - :license + - unicorn-worker-killer + - ruby + - :who: + :why: + :versions: [] + :when: 2016-05-02 05:45:38.323867000 Z +- - :license + - json + - ruby + - :who: + :why: + :versions: [] + :when: 2016-05-02 05:50:07.826564000 Z +- - :license + - unf + - BSD + - :who: + :why: + :versions: [] + :when: 2016-05-02 05:51:46.886872000 Z +- - :whitelist + - LGPL-2.1+ + - :who: + :why: Equivalent to LGPL. + :versions: [] + :when: 2016-05-02 05:52:56.303239000 Z +- - :whitelist + - BSD + - :who: + :why: https://opensource.org/licenses/BSD-2-Clause + :versions: [] + :when: 2016-05-02 05:55:09.796363000 Z +- - :license + - rubypants + - MIT + - :who: + :why: + :versions: [] + :when: 2016-05-02 05:56:50.696858000 Z +- - :ignore + - bundler + - :who: + :why: + :versions: [] + :when: 2016-05-02 06:41:31.504230000 Z +- - :heed + - bundler + - :who: + :why: + :versions: [] + :when: 2016-05-02 06:41:38.703526000 Z +- - :ignore + - bundler + - :who: + :why: Bundler is MIT licensed but will sometimes fail in CI. + :versions: [] + :when: 2016-05-02 06:42:08.045090000 Z From 4cff270f20cbf09641b3c65086a769f684cf8755 Mon Sep 17 00:00:00 2001 From: Connor Shea Date: Thu, 2 Jun 2016 11:08:59 -0600 Subject: [PATCH 13/20] Fix up all the decisions in the YML file. --- config/.decisions.yml | 263 ++++++++++++++++++++---------------------- 1 file changed, 122 insertions(+), 141 deletions(-) diff --git a/config/.decisions.yml b/config/.decisions.yml index 9cfc9a186bb..2327b2d17a1 100644 --- a/config/.decisions.yml +++ b/config/.decisions.yml @@ -1,110 +1,37 @@ --- -- - :whitelist - - MIT - - :who: - :why: - :versions: [] - :when: 2016-04-17 21:12:24.558441000 Z +# IGNORED GROUPS AND GEMS - - :ignore_group - development - - :who: - :why: + - :who: Connor Shea + :why: Development gems are not distributed with the final product and are therefore exempt. :versions: [] :when: 2016-04-17 21:27:01.054140000 Z - - :ignore_group - test - - :who: - :why: + - :who: Connor Shea + :why: Test gems are not distributed with the final product and are therefore exempt. :versions: [] :when: 2016-04-17 21:27:06.250326000 Z -- - :license - - raphael-rails +- - :ignore + - bundler + - :who: Connor Shea + :why: Bundler is MIT licensed but will sometimes fail in CI. + :versions: [] + :when: 2016-05-02 06:42:08.045090000 Z + +# LICENSE WHITELIST +- - :whitelist - MIT - - :who: - :why: https://github.com/mockdeep/raphael-rails/blob/master/license.txt + - :who: Connor Shea + :why: Compatible with itself. :versions: [] - :when: 2016-04-17 21:30:07.575392000 Z -- - :license - - rouge - - MIT - - :who: - :why: https://github.com/jneen/rouge/blob/master/LICENSE - :versions: [] - :when: 2016-04-17 21:31:29.490394000 Z -- - :license - - pyu-ruby-sasl - - MIT - - :who: - :why: https://github.com/pyu10055/ruby-sasl/blob/master/MIT-LICENSE - :versions: [] - :when: 2016-04-17 21:41:55.266420000 Z -- - :license - - six - - MIT - - :who: - :why: https://github.com/randx/six/blob/master/LICENSE - :versions: [] - :when: 2016-04-17 21:42:31.420186000 Z -- - :license - - rdoc - - ruby - - :who: - :why: https://github.com/rdoc/rdoc/blob/master/LICENSE.rdoc - :versions: [] - :when: 2016-04-17 21:43:30.480413000 Z -- - :license - - expression_parser - - MIT - - :who: - :why: https://github.com/nricciar/expression_parser/blob/master/MIT-LICENSE - :versions: [] - :when: 2016-04-17 21:45:41.829912000 Z -- - :license - - ace-rails-ap - - MIT - - :who: - :why: https://github.com/codykrieger/ace-rails-ap/blob/master/LICENSE - :versions: [] - :when: 2016-04-17 21:46:19.767922000 Z -- - :license - - jquery-scrollto-rails - - MIT, GPLv2 - - :who: - :why: https://github.com/JohnColvin/jquery-scrollto-rails/blob/master/MIT%20License - :versions: [] - :when: 2016-04-17 21:47:56.967946000 Z -- - :license - - creole - - ruby - - :who: - :why: https://github.com/minad/creole#license - :versions: [] - :when: 2016-04-17 21:49:10.329759000 Z -- - :license - - eventmachine - - ruby - - :who: - :why: https://github.com/eventmachine/eventmachine/blob/master/LICENSE - :versions: [] - :when: 2016-04-17 21:49:10.329759001 Z + :when: 2016-04-17 21:12:24.558441000 Z - - :whitelist - Apache 2.0 - :who: Connor Shea :why: http://choosealicense.com/licenses/apache-2.0/ :versions: [] :when: 2016-05-02 05:27:43.762702000 Z -- - :blacklist - - GPLv2 - - :who: Connor Shea - :why: GPL-licensed libraries cannot be linked to from non-GPL projects. - :versions: [] - :when: 2016-05-02 05:29:27.637336000 Z -- - :blacklist - - GPLv3 - - :who: Connor Shea - :why: GPL-licensed libraries cannot be linked to from non-GPL projects. - :versions: [] - :when: 2016-05-02 05:29:43.904715000 Z - - :whitelist - ruby - :who: Connor Shea @@ -129,68 +56,122 @@ :why: https://opensource.org/licenses/BSD-3-Clause :versions: [] :when: 2016-05-02 05:44:38.246021000 Z -- - :license - - unicorn - - ruby - - :who: - :why: - :versions: [] - :when: 2016-05-02 05:45:28.817510000 Z -- - :license - - unicorn-worker-killer - - ruby - - :who: - :why: - :versions: [] - :when: 2016-05-02 05:45:38.323867000 Z -- - :license - - json - - ruby - - :who: - :why: - :versions: [] - :when: 2016-05-02 05:50:07.826564000 Z -- - :license - - unf - - BSD - - :who: - :why: - :versions: [] - :when: 2016-05-02 05:51:46.886872000 Z - - :whitelist - LGPL-2.1+ - - :who: + - :who: Connor Shea :why: Equivalent to LGPL. :versions: [] :when: 2016-05-02 05:52:56.303239000 Z - - :whitelist - BSD - - :who: + - :who: Connor Shea :why: https://opensource.org/licenses/BSD-2-Clause :versions: [] :when: 2016-05-02 05:55:09.796363000 Z + +# LICENSE BLACKLIST +- - :blacklist + - GPLv2 + - :who: Connor Shea + :why: GPL-licensed libraries cannot be linked to from non-GPL projects. + :versions: [] + :when: 2016-05-02 05:29:27.637336000 Z +- - :blacklist + - GPLv3 + - :who: Connor Shea + :why: GPL-licensed libraries cannot be linked to from non-GPL projects. + :versions: [] + :when: 2016-05-02 05:29:43.904715000 Z + +# GEM LICENSES +- - :license + - raphael-rails + - MIT + - :who: Connor Shea + :why: https://github.com/mockdeep/raphael-rails/blob/master/license.txt + :versions: [] + :when: 2016-04-17 21:30:07.575392000 Z +- - :license + - rouge + - MIT + - :who: Connor Shea + :why: https://github.com/jneen/rouge/blob/master/LICENSE + :versions: [] + :when: 2016-04-17 21:31:29.490394000 Z +- - :license + - pyu-ruby-sasl + - MIT + - :who: Connor Shea + :why: https://github.com/pyu10055/ruby-sasl/blob/master/MIT-LICENSE + :versions: [] + :when: 2016-04-17 21:41:55.266420000 Z +- - :license + - six + - MIT + - :who: Connor Shea + :why: https://github.com/randx/six/blob/master/LICENSE + :versions: [] + :when: 2016-04-17 21:42:31.420186000 Z +- - :license + - rdoc + - ruby + - :who: Connor Shea + :why: https://github.com/rdoc/rdoc/blob/master/LICENSE.rdoc + :versions: [] + :when: 2016-04-17 21:43:30.480413000 Z +- - :license + - expression_parser + - MIT + - :who: Connor Shea + :why: https://github.com/nricciar/expression_parser/blob/master/MIT-LICENSE + :versions: [] + :when: 2016-04-17 21:45:41.829912000 Z +- - :license + - creole + - ruby + - :who: Connor Shea + :why: https://github.com/minad/creole#license + :versions: [] + :when: 2016-04-17 21:49:10.329759000 Z +- - :license + - eventmachine + - ruby + - :who: Connor Shea + :why: https://github.com/eventmachine/eventmachine/blob/master/LICENSE + :versions: [] + :when: 2016-04-17 21:49:10.329759001 Z +- - :license + - unicorn + - ruby + - :who: Connor Shea + :why: http://unicorn.bogomips.org/LICENSE.html + :versions: [] + :when: 2016-05-02 05:45:28.817510000 Z +- - :license + - unicorn-worker-killer + - ruby + - :who: Connor Shea + :why: https://github.com/kzk/unicorn-worker-killer/blob/master/LICENSE + :versions: [] + :when: 2016-05-02 05:45:38.323867000 Z +- - :license + - json + - ruby + - :who: Connor Shea + :why: https://github.com/flori/json/tree/master#license + :versions: [] + :when: 2016-05-02 05:50:07.826564000 Z +- - :license + - unf + - BSD + - :who: Connor Shea + :why: https://github.com/knu/ruby-unf/blob/master/LICENSE + :versions: [] + :when: 2016-05-02 05:51:46.886872000 Z - - :license - rubypants - - MIT - - :who: - :why: + - BSD + - :who: Connor Shea + :why: https://github.com/jmcnevin/rubypants/blob/master/LICENSE.rdoc :versions: [] :when: 2016-05-02 05:56:50.696858000 Z -- - :ignore - - bundler - - :who: - :why: - :versions: [] - :when: 2016-05-02 06:41:31.504230000 Z -- - :heed - - bundler - - :who: - :why: - :versions: [] - :when: 2016-05-02 06:41:38.703526000 Z -- - :ignore - - bundler - - :who: - :why: Bundler is MIT licensed but will sometimes fail in CI. - :versions: [] - :when: 2016-05-02 06:42:08.045090000 Z From 3c3234121575ce271f8b50f3dcf1880db328fed1 Mon Sep 17 00:00:00 2001 From: Connor Shea Date: Thu, 2 Jun 2016 12:04:19 -0600 Subject: [PATCH 14/20] Add Licensing information and guidelines to the Documentation. --- config/.decisions.yml | 2 +- doc/development/README.md | 2 ++ doc/development/licensing.md | 57 ++++++++++++++++++++++++++++++++++++ 3 files changed, 60 insertions(+), 1 deletion(-) create mode 100644 doc/development/licensing.md diff --git a/config/.decisions.yml b/config/.decisions.yml index 2327b2d17a1..273796f3912 100644 --- a/config/.decisions.yml +++ b/config/.decisions.yml @@ -23,7 +23,7 @@ - - :whitelist - MIT - :who: Connor Shea - :why: Compatible with itself. + :why: http://choosealicense.com/licenses/mit/ :versions: [] :when: 2016-04-17 21:12:24.558441000 Z - - :whitelist diff --git a/doc/development/README.md b/doc/development/README.md index aa7d54c01d0..cf1bd493a9f 100644 --- a/doc/development/README.md +++ b/doc/development/README.md @@ -7,9 +7,11 @@ - [Gotchas](gotchas.md) to avoid - [How to dump production data to staging](db_dump.md) - [Instrumentation](instrumentation.md) +- [Licensing](licensing.md) for ensuring license compliance - [Migration Style Guide](migration_style_guide.md) for creating safe migrations - [Performance guidelines](performance.md) - [Rake tasks](rake_tasks.md) for development +- [SCSS Style Guide](scss_styleguide.md) - [Shell commands](shell_commands.md) in the GitLab codebase - [Sidekiq debugging](sidekiq_debugging.md) - [SQL guidelines](sql.md) for SQL guidelines diff --git a/doc/development/licensing.md b/doc/development/licensing.md new file mode 100644 index 00000000000..87841f8c39b --- /dev/null +++ b/doc/development/licensing.md @@ -0,0 +1,57 @@ +# GitLab Licensing and Compatibility + +GitLab CE is licensed under the terms of the MIT License. GitLab EE is licensed under "The GitLab Enterprise Edition (EE) license" wherein there are more restrictions. See their respective LICENSE files ([CE][CE], [EE][EE]) for more information. + +## Automated Testing + +In order to comply with the terms the libraries we use are licensed under, we have to make sure to check new gems for compatible licenses whenever they're added. To automate this process, we use the [license_finder][license_finder] gem by Pivotal. It runs every time a new commit is pushed and verifies that all gems in the bundle use a license that doesn't conflict with the licensing of either GitLab Community Edition or GitLab Enterprise Edition. + +There are some limitations with the automated testing, however. CSS and JavaScript libraries, as well as any Ruby libraries not included by way of Bundler, must be verified manually and independently. Take care whenever one such library is used, as automated tests won't catch problematic licenses from them. + +Some gems may not include their license information in their `gemspec` file. These won't be detected by License Finder, and will have to be verified manually. [License Finder's README][license_finder] includes information and guidance on manually adding a gem's license. Make sure to include a link to the library's license in the "why" section. + +## Acceptable Licenses + +The following are licenses which are acceptable to use: + +- [The MIT License][MIT] (the MIT Expat License specifically): The MIT License requires that the license itself is included with all copies of the source. It is a permissive (non-copyleft) license as defined by the Open Source Initiative. +- [LGPL][LGPL] (version 2, version 3): GPL constraints regarding modification and redistribution under the same license are not required of projects using an LGPL library, only upon modification of the LGPL-licensed library itself. +- [Apache 2.0 License][apache-2]: A permissive license that also provides an express grant of patent rights from contributors to users. +- [Ruby 1.8 License][ruby-1.8]: Dual-licensed under either itself or the GPLv2, defer to the Ruby License itself. Acceptable because of point 3b: "You may distribute the software in object code or binary form, provided that you do at least ONE of the following: b) accompany the distribution with the machine-readable source of the software." +- [Ruby 1.9 License][ruby-1.9]: Dual-licensed under either itself or the BSD 2-Clause License, defer to BSD 2-Clause. +- [BSD 2-Clause License][BSD-2-Clause]: A permissive (non-copyleft) license as defined by the Open Source Initiative. +- [BSD 3-Clause License][BSD-3-Clause] (also known as New BSD or Modified BSD): A permissive (non-copyleft) license as defined by the Open Source Initiative +- [ISC License][ISC] (also known as the OpenBSD License): A permissive (non-copyleft) license as defined by the Open Source Initiative. + +## Unacceptable Licenses + +The following are licenses which are *not* acceptable to use: + +- [GNU GPL][GPL] (version 1, [version 2][GPLv2], [version 3][GPLv3], or any future versions): GPL-licensed libraries cannot be linked to from non-GPL projects. +- [GNU AGPLv3][AGPLv3]: AGPL-licensed libraries cannot be linked to from non-GPL projects. + +## Notes + +If a gem uses a license which is not listed above, open an issue and ask. If a license is not included in the "acceptable" list, operate under the assumption that it is not acceptable. + +Keep in mind that each license has its own restrictions (typically defined in their body text). Please make sure to comply with those restrictions at all times whenever an external library is used. + +Gems which are included only in the "development" or "test" groups by Bundler are exempt from license requirements, as they're not distributed for use in production. + +**NOTE:** This document is **not** legal advice, nor is it comprehensive. It should not be taken as such. + +[CE]: https://gitlab.com/gitlab-org/gitlab-ce/blob/master/LICENSE +[EE]: https://gitlab.com/gitlab-org/gitlab-ee/blob/master/LICENSE +[license_finder]: https://github.com/pivotal/LicenseFinder +[MIT]: http://choosealicense.com/licenses/mit/ +[LGPL]: http://choosealicense.com/licenses/lgpl-3.0/ +[apache-2]: http://choosealicense.com/licenses/apache-2.0/ +[ruby-1.8]: https://github.com/ruby/ruby/blob/ruby_1_8_6/COPYING +[ruby-1.9]: https://www.ruby-lang.org/en/about/license.txt +[BSD-2-Clause]: https://opensource.org/licenses/BSD-2-Clause +[BSD-3-Clause]: https://opensource.org/licenses/BSD-3-Clause +[ISC]: https://opensource.org/licenses/ISC +[GPL]: http://choosealicense.com/licenses/gpl-3.0/ +[GPLv2]: http://www.gnu.org/licenses/gpl-2.0.txt +[GPLv3]: http://www.gnu.org/licenses/gpl-3.0.txt +[AGPLv3]: http://choosealicense.com/licenses/agpl-3.0/ From 7045b9e908a6ea4f76b5e6ae09c5ab1385685c5a Mon Sep 17 00:00:00 2001 From: Connor Shea Date: Thu, 2 Jun 2016 12:27:42 -0600 Subject: [PATCH 15/20] Make sure to mention the GNU Project and OSI-provided information regarding the GPL so no one tries to disagree with that decision. --- doc/development/licensing.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/doc/development/licensing.md b/doc/development/licensing.md index 87841f8c39b..abfd9926522 100644 --- a/doc/development/licensing.md +++ b/doc/development/licensing.md @@ -12,7 +12,7 @@ Some gems may not include their license information in their `gemspec` file. The ## Acceptable Licenses -The following are licenses which are acceptable to use: +Libraries with the following licenses are acceptable for use: - [The MIT License][MIT] (the MIT Expat License specifically): The MIT License requires that the license itself is included with all copies of the source. It is a permissive (non-copyleft) license as defined by the Open Source Initiative. - [LGPL][LGPL] (version 2, version 3): GPL constraints regarding modification and redistribution under the same license are not required of projects using an LGPL library, only upon modification of the LGPL-licensed library itself. @@ -25,13 +25,15 @@ The following are licenses which are acceptable to use: ## Unacceptable Licenses -The following are licenses which are *not* acceptable to use: +Libraries with the following licenses are acceptable for use: - [GNU GPL][GPL] (version 1, [version 2][GPLv2], [version 3][GPLv3], or any future versions): GPL-licensed libraries cannot be linked to from non-GPL projects. - [GNU AGPLv3][AGPLv3]: AGPL-licensed libraries cannot be linked to from non-GPL projects. ## Notes +Decisions regarding the GNU GPL licenses are based on information provided by [The GNU Project][GNU-GPL-FAQ], as well as [the Open Source Initiative][OSI-GPL], which both state that linking GPL libraries makes the program itself GPL. + If a gem uses a license which is not listed above, open an issue and ask. If a license is not included in the "acceptable" list, operate under the assumption that it is not acceptable. Keep in mind that each license has its own restrictions (typically defined in their body text). Please make sure to comply with those restrictions at all times whenever an external library is used. @@ -55,3 +57,5 @@ Gems which are included only in the "development" or "test" groups by Bundler ar [GPLv2]: http://www.gnu.org/licenses/gpl-2.0.txt [GPLv3]: http://www.gnu.org/licenses/gpl-3.0.txt [AGPLv3]: http://choosealicense.com/licenses/agpl-3.0/ +[GNU-GPL-FAQ]: http://www.gnu.org/licenses/gpl-faq.html#IfLibraryIsGPL +[OSI-GPL]: https://opensource.org/faq#linking-proprietary-code From b2e85b796835b024d9436aae43b3a7c65fab66de Mon Sep 17 00:00:00 2001 From: Connor Shea Date: Sat, 4 Jun 2016 21:32:59 -0600 Subject: [PATCH 16/20] Add relevant commands to the licensing document, resolve some feedback. --- doc/development/README.md | 1 - doc/development/licensing.md | 36 ++++++++++++++++++++++++++++++++++-- 2 files changed, 34 insertions(+), 3 deletions(-) diff --git a/doc/development/README.md b/doc/development/README.md index cf1bd493a9f..c5d5af43864 100644 --- a/doc/development/README.md +++ b/doc/development/README.md @@ -11,7 +11,6 @@ - [Migration Style Guide](migration_style_guide.md) for creating safe migrations - [Performance guidelines](performance.md) - [Rake tasks](rake_tasks.md) for development -- [SCSS Style Guide](scss_styleguide.md) - [Shell commands](shell_commands.md) in the GitLab codebase - [Sidekiq debugging](sidekiq_debugging.md) - [SQL guidelines](sql.md) for SQL guidelines diff --git a/doc/development/licensing.md b/doc/development/licensing.md index abfd9926522..8c8c7486fff 100644 --- a/doc/development/licensing.md +++ b/doc/development/licensing.md @@ -8,7 +8,39 @@ In order to comply with the terms the libraries we use are licensed under, we ha There are some limitations with the automated testing, however. CSS and JavaScript libraries, as well as any Ruby libraries not included by way of Bundler, must be verified manually and independently. Take care whenever one such library is used, as automated tests won't catch problematic licenses from them. -Some gems may not include their license information in their `gemspec` file. These won't be detected by License Finder, and will have to be verified manually. [License Finder's README][license_finder] includes information and guidance on manually adding a gem's license. Make sure to include a link to the library's license in the "why" section. +Some gems may not include their license information in their `gemspec` file. These won't be detected by License Finder, and will have to be verified manually. + +### License Finder commands + +There are a few basic commands License Finder provides that you'll need in order to manage license detection. + +To verify that the checks are passing, and/or to see what dependencies are causing the checks to fail: + +``` +bundle exec license_finder +``` + +To whitelist a new license: + +``` +license_finder whitelist add MIT +``` + +To blacklist a new license: + +``` +license_finder blacklist add GPLv2 +``` + +To tell License Finder about a dependency's license if it isn't auto-detected: + +``` +license_finder licenses add my_unknown_dependency MIT +``` + +For all of the above, please include `--why "Reason"` and `--who "My Name"` so the `decisions.yml` file can keep track of when, why, and who approved of a dependency. + +More detailed information on how the gem and its commands work is available in the [License Finder README][license_finder]. ## Acceptable Licenses @@ -25,7 +57,7 @@ Libraries with the following licenses are acceptable for use: ## Unacceptable Licenses -Libraries with the following licenses are acceptable for use: +Libraries with the following licenses are unacceptable for use: - [GNU GPL][GPL] (version 1, [version 2][GPLv2], [version 3][GPLv3], or any future versions): GPL-licensed libraries cannot be linked to from non-GPL projects. - [GNU AGPLv3][AGPLv3]: AGPL-licensed libraries cannot be linked to from non-GPL projects. From 7900c035bf3f0cf96740227aebadbb3cad276ba0 Mon Sep 17 00:00:00 2001 From: Connor Shea Date: Mon, 6 Jun 2016 10:34:44 -0600 Subject: [PATCH 17/20] Resolve feedback. --- config/{.decisions.yml => dependency_decisions.yml} | 2 +- config/license_finder.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) rename config/{.decisions.yml => dependency_decisions.yml} (98%) diff --git a/config/.decisions.yml b/config/dependency_decisions.yml similarity index 98% rename from config/.decisions.yml rename to config/dependency_decisions.yml index 273796f3912..a49d805e4f9 100644 --- a/config/.decisions.yml +++ b/config/dependency_decisions.yml @@ -35,7 +35,7 @@ - - :whitelist - ruby - :who: Connor Shea - :why: https://github.com/ruby/ruby/blob/ruby_1_8_6/COPYING + :why: https://github.com/ruby/ruby/blob/ruby_2_1/COPYING :versions: [] :when: 2016-05-02 05:31:54.498490000 Z - - :whitelist diff --git a/config/license_finder.yml b/config/license_finder.yml index d641563719f..e01ebec3298 100644 --- a/config/license_finder.yml +++ b/config/license_finder.yml @@ -1,2 +1,2 @@ --- -decisions_file: './config/.decisions.yml' +decisions_file: './config/dependency_decisions.yml' From efb7da68e686e501abcfb8b0aea241c7b625fac5 Mon Sep 17 00:00:00 2001 From: Connor Shea Date: Mon, 6 Jun 2016 15:17:42 -0600 Subject: [PATCH 18/20] Fix missed colorize methods. --- db/fixtures/production/001_admin.rb | 12 ++++++------ lib/tasks/gitlab/setup.rake | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/db/fixtures/production/001_admin.rb b/db/fixtures/production/001_admin.rb index 78746c83225..b37dc794015 100644 --- a/db/fixtures/production/001_admin.rb +++ b/db/fixtures/production/001_admin.rb @@ -16,21 +16,21 @@ user = User.new(user_args) user.skip_confirmation! if user.save - puts "Administrator account created:".green + puts "Administrator account created:".color(:green) puts - puts "login: root".green + puts "login: root".color(:green) if user_args.key?(:password) - puts "password: #{user_args[:password]}".green + puts "password: #{user_args[:password]}".color(:green) else - puts "password: You'll be prompted to create one on your first visit.".green + puts "password: You'll be prompted to create one on your first visit.".color(:green) end puts else - puts "Could not create the default administrator account:".red + puts "Could not create the default administrator account:".color(:red) puts user.errors.full_messages.map do |message| - puts "--> #{message}".red + puts "--> #{message}".color(:red) end puts diff --git a/lib/tasks/gitlab/setup.rake b/lib/tasks/gitlab/setup.rake index 48baecfd2a2..05fcb8e3da5 100644 --- a/lib/tasks/gitlab/setup.rake +++ b/lib/tasks/gitlab/setup.rake @@ -19,7 +19,7 @@ namespace :gitlab do Rake::Task["setup_postgresql"].invoke Rake::Task["db:seed_fu"].invoke rescue Gitlab::TaskAbortedByUserError - puts "Quitting...".red + puts "Quitting...".color(:red) exit 1 end end From fbd2169f9948ee039efe96f48229f4c9ced8c412 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20Rodr=C3=ADguez?= Date: Mon, 6 Jun 2016 18:27:26 -0400 Subject: [PATCH 19/20] Use better_errors editor links in sherlock Remember to configure your `better_errors` editor to point to your program of preference --- app/views/sherlock/queries/_backtrace.html.haml | 6 +++++- app/views/sherlock/queries/_general.html.haml | 8 ++++++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/app/views/sherlock/queries/_backtrace.html.haml b/app/views/sherlock/queries/_backtrace.html.haml index 5c9294c0ab5..30e956e5f40 100644 --- a/app/views/sherlock/queries/_backtrace.html.haml +++ b/app/views/sherlock/queries/_backtrace.html.haml @@ -6,7 +6,11 @@ %ul.well-list - @query.application_backtrace.each do |location| %li - = location.path + %strong + - if defined?(BetterErrors) + = link_to(location.path, BetterErrors.editor[location.path, location.line]) + - else + = location.path %small.light = t('sherlock.line') = location.line diff --git a/app/views/sherlock/queries/_general.html.haml b/app/views/sherlock/queries/_general.html.haml index 549b47430e6..7073c0f4d90 100644 --- a/app/views/sherlock/queries/_general.html.haml +++ b/app/views/sherlock/queries/_general.html.haml @@ -11,13 +11,17 @@ = @query.duration.round(4) = t('sherlock.milliseconds') %li + - frame = @query.last_application_frame %span.light #{t('sherlock.origin')}: %strong - = @query.last_application_frame.path + - if defined?(BetterErrors) + = link_to(frame.path, BetterErrors.editor[frame.path, frame.line]) + - else + = frame.path %small.light = t('sherlock.line') - = @query.last_application_frame.line + = frame.line .panel.panel-default .panel-heading From 8f28dc950ac21feba4c187bf96fed5615943ad76 Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Mon, 6 Jun 2016 11:55:23 -0700 Subject: [PATCH 20/20] Bump rouge to 1.11.0 --- CHANGELOG | 1 + Gemfile | 2 +- Gemfile.lock | 4 ++-- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index bee1a824974..7809fef1706 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -3,6 +3,7 @@ Please view this file on the master branch, on stable branches it's out of date. v 8.9.0 (unreleased) - Bulk assign/unassign labels to issues. - Allow enabling wiki page events from Webhook management UI + - Bump rouge to 1.11.0 - Make EmailsOnPushWorker use Sidekiq mailers queue - Fix wiki page events' webhook to point to the wiki repository - Fix issue todo not remove when leave project !4150 (Long Nguyen) diff --git a/Gemfile b/Gemfile index 38ff536fd71..fe02b2a65d6 100644 --- a/Gemfile +++ b/Gemfile @@ -111,7 +111,7 @@ gem 'org-ruby', '~> 0.9.12' gem 'creole', '~> 0.5.0' gem 'wikicloth', '0.8.1' gem 'asciidoctor', '~> 1.5.2' -gem 'rouge', '~> 1.10.1' +gem 'rouge', '~> 1.11' # See https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s # and https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM diff --git a/Gemfile.lock b/Gemfile.lock index 5f1dbd431e4..21d8f345cd7 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -569,7 +569,7 @@ GEM railties (>= 4.2.0, < 5.1) rinku (1.7.3) rotp (2.1.2) - rouge (1.10.1) + rouge (1.11.0) rqrcode (0.7.0) chunky_png rqrcode-rails3 (0.1.7) @@ -926,7 +926,7 @@ DEPENDENCIES request_store (~> 1.3.0) rerun (~> 0.11.0) responders (~> 2.0) - rouge (~> 1.10.1) + rouge (~> 1.11) rqrcode-rails3 (~> 0.1.7) rspec-rails (~> 3.4.0) rspec-retry