Add latest changes from gitlab-org/gitlab@master
This commit is contained in:
parent
b75a1464a0
commit
710c5832b6
|
@ -1,10 +1,8 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
class CleanUpFixMergeRequestDiffCommitUsers < Gitlab::Database::Migration[2.0]
|
||||
class CleanUpFixMergeRequestDiffCommitUsers < Gitlab::Database::Migration[1.0]
|
||||
disable_ddl_transaction!
|
||||
|
||||
restrict_gitlab_migration gitlab_schema: :gitlab_main
|
||||
|
||||
MIGRATION_CLASS = 'FixMergeRequestDiffCommitUsers'
|
||||
|
||||
def up
|
||||
|
|
|
@ -560,11 +560,8 @@ GitLab automatically triggers the `stop_review_app` job to stop the environment.
|
|||
|
||||
#### Multiple stop actions for an environment
|
||||
|
||||
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/22456) in GitLab 14.10 [with a flag](../../administration/feature_flags.md) named `environment_multiple_stop_actions`. Disabled by default.
|
||||
|
||||
FLAG:
|
||||
On self-managed GitLab, by default this feature is not available. To make it available, ask an administrator to [enable the feature flag](../../administration/feature_flags.md) named `environment_multiple_stop_actions`.
|
||||
On GitLab.com, this feature is not available. We are enabling in phases and the status can be tracked in [issue 358911](https://gitlab.com/gitlab-org/gitlab/-/issues/358911).
|
||||
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/22456) in GitLab 14.10 [with a flag](../../administration/feature_flags.md) named `environment_multiple_stop_actions`. Disabled by default.
|
||||
> - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/358911) in GitLab 15.0. [Feature flag `environment_multiple_stop_actions`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/86685) removed.
|
||||
|
||||
This feature is useful when you need to perform multiple **parallel** stop actions on an environment.
|
||||
|
||||
|
|
|
@ -441,6 +441,9 @@ Please note, we support the following types of Java project structures:
|
|||
- [multi-project Gradle builds](https://docs.gradle.org/current/userguide/intro_multi_project_builds.html)
|
||||
- [multi-module maven projects](https://maven.apache.org/pom.html#Aggregation)
|
||||
|
||||
We do not support multiple lockfiles for Java and Scala. When multiple lockfiles exist, `gemnasium-maven`
|
||||
analyzes the first file in the list of package managers detected.
|
||||
|
||||
#### JavaScript
|
||||
|
||||
The following analyzers are executed, each of which have different behavior when processing multiple files:
|
||||
|
|
|
@ -9,6 +9,8 @@ info: To determine the technical writer assigned to the Stage/Group associated w
|
|||
This page contains information about the settings that are used on GitLab.com, available to
|
||||
[GitLab SaaS](https://about.gitlab.com/pricing/) customers.
|
||||
|
||||
See some of these settings on the [instance configuration page](https://gitlab.com/help/instance_configuration) of GitLab.com.
|
||||
|
||||
## Password requirements
|
||||
|
||||
GitLab.com has the following requirements for passwords on new accounts and password changes:
|
||||
|
|
|
@ -1,8 +1,7 @@
|
|||
---
|
||||
stage: Manage
|
||||
group: Authentication and Authorization
|
||||
info: "To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments"
|
||||
type: howto, reference
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Use SSH keys to communicate with GitLab **(FREE)**
|
||||
|
@ -41,7 +40,7 @@ Administrators can [restrict which keys are permitted and their minimum lengths]
|
|||
The book [Practical Cryptography With Go](https://leanpub.com/gocrypto/read#leanpub-auto-chapter-5-digital-signatures)
|
||||
suggests that [ED25519](https://ed25519.cr.yp.to/) keys are more secure and performant than RSA keys.
|
||||
|
||||
OpenSSH 6.5 introduced ED25519 SSH keys in 2014 and they should be available on most
|
||||
OpenSSH 6.5 introduced ED25519 SSH keys in 2014, and they should be available on most
|
||||
operating systems.
|
||||
|
||||
### ED25519_SK SSH keys
|
||||
|
@ -60,7 +59,7 @@ must have [OpenSSH 8.2](https://www.openssh.com/releasenotes.html#8.2) or later
|
|||
|
||||
### RSA SSH keys
|
||||
|
||||
Available documentation suggests that ED25519 is more secure than RSA.
|
||||
Available documentation suggests ED25519 is more secure than RSA.
|
||||
|
||||
If you use an RSA key, the US National Institute of Science and Technology in
|
||||
[Publication 800-57 Part 3 (PDF)](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57Pt3r1.pdf)
|
||||
|
@ -71,27 +70,27 @@ Review the `man` page for your installed `ssh-keygen` command for details.
|
|||
|
||||
Before you create a key pair, see if a key pair already exists.
|
||||
|
||||
1. On Windows, Linux, or macOS, go to your home directory.
|
||||
1. Go to your home directory.
|
||||
1. Go to the `.ssh/` subdirectory. If the `.ssh/` subdirectory doesn't exist,
|
||||
you are either not in the home directory, or you haven't used `ssh` before.
|
||||
In the latter case, you need to [generate an SSH key pair](#generate-an-ssh-key-pair).
|
||||
1. See if a file with one of the following formats exists:
|
||||
|
||||
| Algorithm | Public key | Private key |
|
||||
| --------- | ---------- | ----------- |
|
||||
| Algorithm | Public key | Private key |
|
||||
|-----------------------|------------|-------------|
|
||||
| ED25519 (preferred) | `id_ed25519.pub` | `id_ed25519` |
|
||||
| ED25519_SK | `id_ed25519_sk.pub` | `id_ed25519_sk` |
|
||||
| ECDSA_SK | `id_ecdsa_sk.pub` | `id_ecdsa_sk` |
|
||||
| RSA (at least 2048-bit key size) | `id_rsa.pub` | `id_rsa` |
|
||||
| DSA (deprecated) | `id_dsa.pub` | `id_dsa` |
|
||||
| ECDSA | `id_ecdsa.pub` | `id_ecdsa` |
|
||||
| ED25519_SK | `id_ed25519_sk.pub` | `id_ed25519_sk` |
|
||||
| ECDSA_SK | `id_ecdsa_sk.pub` | `id_ecdsa_sk` |
|
||||
| RSA (at least 2048-bit key size) | `id_rsa.pub` | `id_rsa` |
|
||||
| DSA (deprecated) | `id_dsa.pub` | `id_dsa` |
|
||||
| ECDSA | `id_ecdsa.pub` | `id_ecdsa` |
|
||||
|
||||
## Generate an SSH key pair
|
||||
|
||||
If you do not have an existing SSH key pair, generate a new one.
|
||||
If you do not have an existing SSH key pair, generate a new one:
|
||||
|
||||
1. Open a terminal.
|
||||
1. Type `ssh-keygen -t` followed by the key type and an optional comment.
|
||||
1. Run `ssh-keygen -t` followed by the key type and an optional comment.
|
||||
This comment is included in the `.pub` file that's created.
|
||||
You may want to use an email address for the comment.
|
||||
|
||||
|
@ -126,11 +125,10 @@ If you do not have an existing SSH key pair, generate a new one.
|
|||
Enter same passphrase again:
|
||||
```
|
||||
|
||||
1. A confirmation is displayed, including information about where your files are stored.
|
||||
A confirmation is displayed, including information about where your files are stored.
|
||||
|
||||
A public and private key are generated.
|
||||
[Add the public SSH key to your GitLab account](#add-an-ssh-key-to-your-gitlab-account) and keep
|
||||
the private key secure.
|
||||
A public and private key are generated. [Add the public SSH key to your GitLab account](#add-an-ssh-key-to-your-gitlab-account)
|
||||
and keep the private key secure.
|
||||
|
||||
### Configure SSH to point to a different directory
|
||||
|
||||
|
@ -158,7 +156,7 @@ configure your SSH client to point to the directory where the private key is sto
|
|||
IdentityFile ~/.ssh/example_com_rsa
|
||||
```
|
||||
|
||||
For more information on these settings, see the [`man ssh_config`](https://man.openbsd.org/ssh_config) page in the SSH configuration manual.
|
||||
For more information on these settings, see the [`man ssh_config`](https://man.openbsd.org/ssh_config) page in the SSH configuration manual.
|
||||
|
||||
Public SSH keys must be unique to GitLab because they bind to your account.
|
||||
Your SSH key is the only identifier you have when you push code with SSH.
|
||||
|
@ -166,7 +164,7 @@ It must uniquely map to a single user.
|
|||
|
||||
### Update your SSH key passphrase
|
||||
|
||||
You can update the passphrase for your SSH key.
|
||||
You can update the passphrase for your SSH key:
|
||||
|
||||
1. Open a terminal and run this command:
|
||||
|
||||
|
@ -174,34 +172,32 @@ You can update the passphrase for your SSH key.
|
|||
ssh-keygen -p -f /path/to/ssh_key
|
||||
```
|
||||
|
||||
1. At the prompts, type the passphrase and press Enter.
|
||||
1. At the prompts, enter the passphrase and then press Enter.
|
||||
|
||||
### Upgrade your RSA key pair to a more secure format
|
||||
|
||||
If your version of OpenSSH is between 6.5 and 7.8,
|
||||
you can save your private RSA SSH keys in a more secure
|
||||
OpenSSH format.
|
||||
If your version of OpenSSH is between 6.5 and 7.8, you can save your private
|
||||
RSA SSH keys in a more secure OpenSSH format by opening a terminal and running
|
||||
this command:
|
||||
|
||||
1. Open a terminal and run this command:
|
||||
```shell
|
||||
ssh-keygen -o -f ~/.ssh/id_rsa
|
||||
```
|
||||
|
||||
```shell
|
||||
ssh-keygen -o -f ~/.ssh/id_rsa
|
||||
```
|
||||
Alternatively, you can generate a new RSA key with the more secure encryption format with
|
||||
the following command:
|
||||
|
||||
Alternatively, you can generate a new RSA key with the more secure encryption format with
|
||||
the following command:
|
||||
|
||||
```shell
|
||||
ssh-keygen -o -t rsa -b 4096 -C "<comment>"
|
||||
```
|
||||
```shell
|
||||
ssh-keygen -o -t rsa -b 4096 -C "<comment>"
|
||||
```
|
||||
|
||||
## Generate an SSH key pair for a FIDO/U2F hardware security key
|
||||
|
||||
To generate ED25519_SK or ECDSA_SK SSH keys, you must use OpenSSH 8.2 or later.
|
||||
To generate ED25519_SK or ECDSA_SK SSH keys, you must use OpenSSH 8.2 or later:
|
||||
|
||||
1. Insert a hardware security key into your computer.
|
||||
1. Open a terminal.
|
||||
1. Type `ssh-keygen -t` followed by the key type and an optional comment.
|
||||
1. Run `ssh-keygen -t` followed by the key type and an optional comment.
|
||||
This comment is included in the `.pub` file that's created.
|
||||
You may want to use an email address for the comment.
|
||||
|
||||
|
@ -229,7 +225,7 @@ To generate ED25519_SK or ECDSA_SK SSH keys, you must use OpenSSH 8.2 or later.
|
|||
from the security key by [`ssh-add -K`](https://man.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/ssh-add.1#K)
|
||||
or [`ssh-keygen -K`](https://man.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/ssh-keygen#K).
|
||||
|
||||
1. Select Enter. Output similar to the following is displayed:
|
||||
1. Press Enter. Output similar to the following is displayed:
|
||||
|
||||
```plaintext
|
||||
Generating public/private ed25519-sk key pair.
|
||||
|
@ -251,31 +247,31 @@ To generate ED25519_SK or ECDSA_SK SSH keys, you must use OpenSSH 8.2 or later.
|
|||
Enter same passphrase again:
|
||||
```
|
||||
|
||||
1. A confirmation is displayed, including information about where your files are stored.
|
||||
A confirmation is displayed, including information about where your files are stored.
|
||||
|
||||
A public and private key are generated.
|
||||
[Add the public SSH key to your GitLab account](#add-an-ssh-key-to-your-gitlab-account).
|
||||
|
||||
## Add an SSH key to your GitLab account
|
||||
|
||||
To use SSH with GitLab, copy your public key to your GitLab account.
|
||||
To use SSH with GitLab, copy your public key to your GitLab account:
|
||||
|
||||
1. Copy the contents of your public key file. You can do this manually or use a script.
|
||||
For example, to copy an ED25519 key to the clipboard:
|
||||
|
||||
**macOS:**
|
||||
**macOS**
|
||||
|
||||
```shell
|
||||
tr -d '\n' < ~/.ssh/id_ed25519.pub | pbcopy
|
||||
```
|
||||
|
||||
**Linux** (requires the `xclip` package):
|
||||
**Linux** (requires the `xclip` package)
|
||||
|
||||
```shell
|
||||
xclip -sel clip < ~/.ssh/id_ed25519.pub
|
||||
```
|
||||
|
||||
**Git Bash on Windows:**
|
||||
**Git Bash on Windows**
|
||||
|
||||
```shell
|
||||
cat ~/.ssh/id_ed25519.pub | clip
|
||||
|
@ -312,7 +308,8 @@ The following commands use the example hostname `gitlab.example.com`. Replace th
|
|||
|
||||
1. For GitLab.com, to ensure you're connecting to the correct server, confirm the
|
||||
[SSH host keys fingerprints](gitlab_com/index.md#ssh-host-keys-fingerprints).
|
||||
1. Open a terminal and run this command, replacing `gitlab.example.com` with your GitLab instance URL:
|
||||
1. Open a terminal and run this command, replacing `gitlab.example.com` with your
|
||||
GitLab instance URL:
|
||||
|
||||
```shell
|
||||
ssh -T git@gitlab.example.com
|
||||
|
@ -354,10 +351,10 @@ on `ssh` command options, see the `man` pages for both `ssh` and `ssh_config`.
|
|||
|
||||
## Use different accounts on a single GitLab instance
|
||||
|
||||
You can use multiple accounts to connect to a single instance of GitLab.
|
||||
You can do this by using the command in the [previous topic](#use-different-keys-for-different-repositories).
|
||||
However, even if you set `IdentitiesOnly` to `yes`, you cannot sign in if an `IdentityFile` exists
|
||||
outside of a `Host` block.
|
||||
You can use multiple accounts to connect to a single instance of GitLab. You
|
||||
can do this by using the command in the [previous topic](#use-different-keys-for-different-repositories).
|
||||
However, even if you set `IdentitiesOnly` to `yes`, you cannot sign in if an
|
||||
`IdentityFile` exists outside of a `Host` block.
|
||||
|
||||
Instead, you can assign aliases to hosts in the `~.ssh/config` file.
|
||||
|
||||
|
|
|
@ -133,6 +133,11 @@ module Gitlab
|
|||
# This method does not garauntee that all jobs completed successfully.
|
||||
# It can only be used if the previous background migration used the queue_background_migration_jobs_by_range_at_intervals helper.
|
||||
def finalize_background_migration(class_name, delete_tracking_jobs: ['succeeded'])
|
||||
if self.is_a?(::Gitlab::Database::MigrationHelpers::RestrictGitlabSchema)
|
||||
raise 'The `#finalize_background_migration` is currently not supported with `Migration[2.0]`. Use `Migration[1.0]`. ' \
|
||||
'For more information visit: https://docs.gitlab.com/ee/development/database/migrations_for_multiple_databases.html'
|
||||
end
|
||||
|
||||
job_coordinator = coordinator_for_tracking_database
|
||||
|
||||
# Empty the sidekiq queue.
|
||||
|
|
|
@ -3,8 +3,10 @@
|
|||
require 'spec_helper'
|
||||
|
||||
RSpec.describe Gitlab::Database::Migrations::BackgroundMigrationHelpers do
|
||||
let(:base_class) { ActiveRecord::Migration }
|
||||
|
||||
let(:model) do
|
||||
ActiveRecord::Migration.new.extend(described_class)
|
||||
base_class.new.extend(described_class)
|
||||
end
|
||||
|
||||
shared_examples_for 'helpers that enqueue background migrations' do |worker_class, tracking_database|
|
||||
|
@ -290,7 +292,7 @@ RSpec.describe Gitlab::Database::Migrations::BackgroundMigrationHelpers do
|
|||
end
|
||||
end
|
||||
|
||||
describe '#finalized_background_migration' do
|
||||
describe '#finalize_background_migration' do
|
||||
let(:coordinator) { Gitlab::BackgroundMigration::JobCoordinator.new(worker_class) }
|
||||
|
||||
let!(:tracked_pending_job) { create(:background_migration_job, class_name: job_class_name, status: :pending, arguments: [1]) }
|
||||
|
@ -309,8 +311,8 @@ RSpec.describe Gitlab::Database::Migrations::BackgroundMigrationHelpers do
|
|||
allow(Gitlab::BackgroundMigration).to receive(:coordinator_for_database)
|
||||
.with(tracking_database).and_return(coordinator)
|
||||
|
||||
expect(coordinator).to receive(:migration_class_for)
|
||||
.with(job_class_name).at_least(:once) { job_class }
|
||||
allow(coordinator).to receive(:migration_class_for)
|
||||
.with(job_class_name) { job_class }
|
||||
|
||||
Sidekiq::Testing.disable! do
|
||||
worker_class.perform_async(job_class_name, [1, 2])
|
||||
|
@ -326,6 +328,22 @@ RSpec.describe Gitlab::Database::Migrations::BackgroundMigrationHelpers do
|
|||
end
|
||||
end
|
||||
|
||||
context 'when using Migration[2.0]' do
|
||||
let(:base_class) { ::Gitlab::Database::Migration[2.0] }
|
||||
|
||||
let!(:job_class) do
|
||||
Class.new do
|
||||
def perform(*arguments)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
it 'does raise an exception' do
|
||||
expect { model.finalize_background_migration(job_class_name, delete_tracking_jobs: %w[pending succeeded]) }
|
||||
.to raise_error /is currently not supported with/
|
||||
end
|
||||
end
|
||||
|
||||
context 'when removing all tracked job records' do
|
||||
let!(:job_class) do
|
||||
Class.new do
|
||||
|
|
Loading…
Reference in New Issue