From 75330c963b9e949443b1e4ab2e5770879d395158 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Mon, 10 Jan 2022 09:13:43 +0000 Subject: [PATCH] Add latest changes from gitlab-org/gitlab@master --- .../job_artifacts/destroy_all_expired_service.rb | 4 ++-- .../development/optimize_merge_request_parser.yml | 8 -------- doc/ci/cloud_services/index.md | 9 ++++++--- .../reference_parser/merge_request_parser.rb | 2 -- qa/qa/tools/knapsack_report.rb | 15 ++++++++++----- qa/spec/spec_helper.rb | 6 ++++-- .../reference_parser/merge_request_parser_spec.rb | 8 -------- 7 files changed, 22 insertions(+), 30 deletions(-) delete mode 100644 config/feature_flags/development/optimize_merge_request_parser.yml diff --git a/app/services/ci/job_artifacts/destroy_all_expired_service.rb b/app/services/ci/job_artifacts/destroy_all_expired_service.rb index 09fd79362e5..c089567ec14 100644 --- a/app/services/ci/job_artifacts/destroy_all_expired_service.rb +++ b/app/services/ci/job_artifacts/destroy_all_expired_service.rb @@ -8,8 +8,8 @@ module Ci BATCH_SIZE = 100 LOOP_TIMEOUT = 5.minutes - SMALL_LOOP_LIMIT = 10 - LARGE_LOOP_LIMIT = 100 + SMALL_LOOP_LIMIT = 100 + LARGE_LOOP_LIMIT = 500 EXCLUSIVE_LOCK_KEY = 'expired_job_artifacts:destroy:lock' LOCK_TIMEOUT = 6.minutes diff --git a/config/feature_flags/development/optimize_merge_request_parser.yml b/config/feature_flags/development/optimize_merge_request_parser.yml deleted file mode 100644 index 9e65f5412c4..00000000000 --- a/config/feature_flags/development/optimize_merge_request_parser.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -name: optimize_merge_request_parser -introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/62490/ -rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/331893 -milestone: '14.0' -type: development -group: group::source code -default_enabled: false diff --git a/doc/ci/cloud_services/index.md b/doc/ci/cloud_services/index.md index c987292eb71..126e5def983 100644 --- a/doc/ci/cloud_services/index.md +++ b/doc/ci/cloud_services/index.md @@ -6,6 +6,9 @@ info: To determine the technical writer assigned to the Stage/Group associated w # Connect to cloud services +> - `CI_JOB_JWT` variable for reading secrets from Vault [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/207125) in GitLab 12.10. +> - `CI_JOB_JWT_V2` variable to support additional OIDC providers [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/346737) in GitLab 14.7. + GitLab CI/CD supports [OpenID Connect (OIDC)](https://openid.net/connect/faq/) that allows your build and deployment job access to cloud credentials and services. Historically, teams stored secrets in projects or applied permissions on the GitLab Runner instance to build and deploy. To support this, a predefined variable named `CI_JOB_JWT_V2` is included in the CI/CD job allowing you to follow a scalable and least-privilege security approach. ## Requirements @@ -120,11 +123,11 @@ To configure the trust between GitLab and OIDC, you must create a conditional ro | Filter to main branch | `project_path:mygroup/myproject:ref_type:branch:ref:main` | | Filter to any branch | Wildcard supported. `project_path:mygroup/myproject:ref_type:branch:ref:*` | | Filter to specific project | `project_path:mygroup/myproject:ref_type:branch:ref:main` | -| Filter to all projects under a group | Wildcard supported. `project_path:acme/*:ref_type:branch:ref:main` | -| Filter to a Git tag | Wildcard supported. `project_path:acme/*:ref_type:tag:ref:1.0` | +| Filter to all projects under a group | Wildcard supported. `project_path:mygroup/*:ref_type:branch:ref:main` | +| Filter to a Git tag | Wildcard supported. `project_path:mygroup/*:ref_type:tag:ref:1.0` | ## OIDC authorization with your cloud provider To connect with your cloud provider, see the following tutorials: -- Configure OpenID Connect in AWS +- [Configure OpenID Connect in AWS](aws/index.md) diff --git a/lib/banzai/reference_parser/merge_request_parser.rb b/lib/banzai/reference_parser/merge_request_parser.rb index 1664fa1f9ff..3e28f06b783 100644 --- a/lib/banzai/reference_parser/merge_request_parser.rb +++ b/lib/banzai/reference_parser/merge_request_parser.rb @@ -8,8 +8,6 @@ module Banzai self.reference_type = :merge_request def nodes_visible_to_user(user, nodes) - return super if Feature.disabled?(:optimize_merge_request_parser, user, default_enabled: :yaml) - merge_request_nodes = nodes.select { |node| node.has_attribute?(self.class.data_attribute) } records = projects_for_nodes(merge_request_nodes) diff --git a/qa/qa/tools/knapsack_report.rb b/qa/qa/tools/knapsack_report.rb index 23907fe8097..e50c4fe63d2 100644 --- a/qa/qa/tools/knapsack_report.rb +++ b/qa/qa/tools/knapsack_report.rb @@ -9,6 +9,7 @@ module QA PROJECT = "gitlab-qa-resources" BUCKET = "knapsack-reports" + FALLBACK_REPORT = "knapsack/master_report.json" def_delegators :new, :configure!, :move_regenerated_report, :download_report, :upload_report @@ -35,9 +36,9 @@ module QA file = client.get_object(BUCKET, report_file) File.write(report_path, file[:body]) rescue StandardError => e - ENV["KNAPSACK_REPORT_PATH"] = "knapsack/master_report.json" + ENV["KNAPSACK_REPORT_PATH"] = FALLBACK_REPORT logger.warn("Failed to fetch latest knapsack report: #{e}") - logger.warn("Falling back to 'knapsack/master_report.json'") + logger.warn("Falling back to '#{FALLBACK_REPORT}'") end # Rename and move new regenerated report to a separate folder used to indicate report name @@ -46,11 +47,13 @@ module QA def move_regenerated_report return unless ENV["KNAPSACK_GENERATE_REPORT"] == "true" - path = "tmp/knapsack/#{report_name}" - FileUtils.mkdir_p(path) + tmp_path = "tmp/knapsack/#{report_name}" + FileUtils.mkdir_p(tmp_path) # Use path from knapsack config in case of fallback to master_report.json - FileUtils.cp(Knapsack.report.report_path, "#{path}/#{ENV['CI_NODE_INDEX']}.json") + knapsack_report_path = Knapsack.report.report_path + logger.debug("Moving regenerated #{knapsack_report_path} to save as artifact") + FileUtils.cp(knapsack_report_path, "#{tmp_path}/#{ENV['CI_NODE_INDEX']}.json") end # Merge and upload knapsack report to gcs bucket @@ -73,6 +76,8 @@ module QA report = jsons .map { |json| JSON.parse(File.read(json)) } .reduce({}, :merge) + .sort_by { |k, v| v } # sort report by execution time + .to_h next logger.warn("Knapsack generated empty report for '#{name}', skipping upload!") if report.empty? logger.info("Uploading latest knapsack report '#{file}'") diff --git a/qa/spec/spec_helper.rb b/qa/spec/spec_helper.rb index 0b3c6c12546..ce8dc025608 100644 --- a/qa/spec/spec_helper.rb +++ b/qa/spec/spec_helper.rb @@ -65,12 +65,14 @@ RSpec.configure do |config| end config.after(:suite) do |suite| - QA::Tools::KnapsackReport.move_regenerated_report if QA::Runtime::Env.knapsack? - # If any tests failed, leave the resources behind to help troubleshoot QA::Resource::ReusableProject.remove_all_via_api! unless suite.reporter.failed_examples.present? end + config.append_after(:suite) do + QA::Tools::KnapsackReport.move_regenerated_report if QA::Runtime::Env.knapsack? + end + config.expect_with :rspec do |expectations| expectations.include_chain_clauses_in_custom_matcher_descriptions = true end diff --git a/spec/lib/banzai/reference_parser/merge_request_parser_spec.rb b/spec/lib/banzai/reference_parser/merge_request_parser_spec.rb index 04c35c8b082..3fbda7f3239 100644 --- a/spec/lib/banzai/reference_parser/merge_request_parser_spec.rb +++ b/spec/lib/banzai/reference_parser/merge_request_parser_spec.rb @@ -23,14 +23,6 @@ RSpec.describe Banzai::ReferenceParser::MergeRequestParser do end it_behaves_like "referenced feature visibility", "merge_requests" - - context 'when optimize_merge_request_parser feature flag is off' do - before do - stub_feature_flags(optimize_merge_request_parser: false) - end - - it_behaves_like "referenced feature visibility", "merge_requests" - end end end