Add latest changes from gitlab-org/gitlab@master

2022-01-10 09:13:43 +00:00 · 2022-01-10 09:13:43 +00:00 · 75330c963b
parent ff16b71bc7
commit 75330c963b
7 changed files with 22 additions and 30 deletions
--- a/app/services/ci/job_artifacts/destroy_all_expired_service.rb
+++ b/app/services/ci/job_artifacts/destroy_all_expired_service.rb
@ -8,8 +8,8 @@ module Ci

      BATCH_SIZE = 100
      LOOP_TIMEOUT = 5.minutes
-      SMALL_LOOP_LIMIT = 10
-      LARGE_LOOP_LIMIT = 100
+      SMALL_LOOP_LIMIT = 100
+      LARGE_LOOP_LIMIT = 500
      EXCLUSIVE_LOCK_KEY = 'expired_job_artifacts:destroy:lock'
      LOCK_TIMEOUT = 6.minutes

--- a/config/feature_flags/development/optimize_merge_request_parser.yml
+++ b/config/feature_flags/development/optimize_merge_request_parser.yml
@ -1,8 +0,0 @@
---
-name: optimize_merge_request_parser
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/62490/
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/331893
-milestone: '14.0'
-type: development
-group: group::source code
-default_enabled: false
--- a/doc/ci/cloud_services/index.md
+++ b/doc/ci/cloud_services/index.md
@ -6,6 +6,9 @@ info: To determine the technical writer assigned to the Stage/Group associated w

 # Connect to cloud services

+> - `CI_JOB_JWT` variable for reading secrets from Vault [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/207125) in GitLab 12.10.
+> - `CI_JOB_JWT_V2` variable to support additional OIDC providers [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/346737) in GitLab 14.7. 
+
 GitLab CI/CD supports [OpenID Connect (OIDC)](https://openid.net/connect/faq/) that allows your build and deployment job access to cloud credentials and services. Historically, teams stored secrets in projects or applied permissions on the GitLab Runner instance to build and deploy. To support this, a predefined variable named `CI_JOB_JWT_V2` is included in the CI/CD job allowing you to follow a scalable and least-privilege security approach.

 ## Requirements
@ -120,11 +123,11 @@ To configure the trust between GitLab and OIDC, you must create a conditional ro
 | Filter to main branch                | `project_path:mygroup/myproject:ref_type:branch:ref:main`   |
 | Filter to any branch                 | Wildcard supported. `project_path:mygroup/myproject:ref_type:branch:ref:*` |
 | Filter to specific project           | `project_path:mygroup/myproject:ref_type:branch:ref:main` |
-| Filter to all projects under a group | Wildcard supported. `project_path:acme/*:ref_type:branch:ref:main` |
-| Filter to a Git tag                  | Wildcard supported. `project_path:acme/*:ref_type:tag:ref:1.0` |
+| Filter to all projects under a group | Wildcard supported. `project_path:mygroup/*:ref_type:branch:ref:main` |
+| Filter to a Git tag                  | Wildcard supported. `project_path:mygroup/*:ref_type:tag:ref:1.0` |

 ## OIDC authorization with your cloud provider

 To connect with your cloud provider, see the following tutorials:

- Configure OpenID Connect in AWS
+- [Configure OpenID Connect in AWS](aws/index.md)
--- a/lib/banzai/reference_parser/merge_request_parser.rb
+++ b/lib/banzai/reference_parser/merge_request_parser.rb
@ -8,8 +8,6 @@ module Banzai
      self.reference_type = :merge_request

      def nodes_visible_to_user(user, nodes)
-        return super if Feature.disabled?(:optimize_merge_request_parser, user, default_enabled: :yaml)
-
        merge_request_nodes = nodes.select { |node| node.has_attribute?(self.class.data_attribute) }
        records = projects_for_nodes(merge_request_nodes)

--- a/qa/qa/tools/knapsack_report.rb
+++ b/qa/qa/tools/knapsack_report.rb
@ -9,6 +9,7 @@ module QA

      PROJECT = "gitlab-qa-resources"
      BUCKET = "knapsack-reports"
+      FALLBACK_REPORT = "knapsack/master_report.json"

      def_delegators :new, :configure!, :move_regenerated_report, :download_report, :upload_report

@ -35,9 +36,9 @@ module QA
        file = client.get_object(BUCKET, report_file)
        File.write(report_path, file[:body])
      rescue StandardError => e
-        ENV["KNAPSACK_REPORT_PATH"] = "knapsack/master_report.json"
+        ENV["KNAPSACK_REPORT_PATH"] = FALLBACK_REPORT
        logger.warn("Failed to fetch latest knapsack report: #{e}")
-        logger.warn("Falling back to 'knapsack/master_report.json'")
+        logger.warn("Falling back to '#{FALLBACK_REPORT}'")
      end

      # Rename and move new regenerated report to a separate folder used to indicate report name
@ -46,11 +47,13 @@ module QA
      def move_regenerated_report
        return unless ENV["KNAPSACK_GENERATE_REPORT"] == "true"

-        path = "tmp/knapsack/#{report_name}"
-        FileUtils.mkdir_p(path)
+        tmp_path = "tmp/knapsack/#{report_name}"
+        FileUtils.mkdir_p(tmp_path)

        # Use path from knapsack config in case of fallback to master_report.json
-        FileUtils.cp(Knapsack.report.report_path, "#{path}/#{ENV['CI_NODE_INDEX']}.json")
+        knapsack_report_path = Knapsack.report.report_path
+        logger.debug("Moving regenerated #{knapsack_report_path} to save as artifact")
+        FileUtils.cp(knapsack_report_path, "#{tmp_path}/#{ENV['CI_NODE_INDEX']}.json")
      end

      # Merge and upload knapsack report to gcs bucket
@ -73,6 +76,8 @@ module QA
          report = jsons
            .map { |json| JSON.parse(File.read(json)) }
            .reduce({}, :merge)
+            .sort_by { |k, v| v } # sort report by execution time
+            .to_h
          next logger.warn("Knapsack generated empty report for '#{name}', skipping upload!") if report.empty?

          logger.info("Uploading latest knapsack report '#{file}'")
--- a/qa/spec/spec_helper.rb
+++ b/qa/spec/spec_helper.rb
@ -65,12 +65,14 @@ RSpec.configure do |config|
  end

  config.after(:suite) do |suite|
-    QA::Tools::KnapsackReport.move_regenerated_report if QA::Runtime::Env.knapsack?
-
    # If any tests failed, leave the resources behind to help troubleshoot
    QA::Resource::ReusableProject.remove_all_via_api! unless suite.reporter.failed_examples.present?
  end

+  config.append_after(:suite) do
+    QA::Tools::KnapsackReport.move_regenerated_report if QA::Runtime::Env.knapsack?
+  end
+
  config.expect_with :rspec do |expectations|
    expectations.include_chain_clauses_in_custom_matcher_descriptions = true
  end
--- a/spec/lib/banzai/reference_parser/merge_request_parser_spec.rb
+++ b/spec/lib/banzai/reference_parser/merge_request_parser_spec.rb
@ -23,14 +23,6 @@ RSpec.describe Banzai::ReferenceParser::MergeRequestParser do
      end

      it_behaves_like "referenced feature visibility", "merge_requests"
-
-      context 'when optimize_merge_request_parser feature flag is off' do
-        before do
-          stub_feature_flags(optimize_merge_request_parser: false)
-        end
-
-        it_behaves_like "referenced feature visibility", "merge_requests"
-      end
    end
  end