From 7892ed2e23152070d626f583888eb24a3b801c0e Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Wed, 27 May 2020 09:08:30 +0000 Subject: [PATCH] Add latest changes from gitlab-org/gitlab@master --- .gitlab/ci/frontend.gitlab-ci.yml | 1 - .gitlab/ci/memory.gitlab-ci.yml | 1 - .markdownlint.json | 1 + .../components/alert_details.vue | 101 ++++------ .../components/alert_sidebar.vue | 57 ++++++ .../components/sidebar/sidebar_header.vue | 34 ++++ .../components/sidebar/sidebar_status.vue | 187 ++++++++++++++++++ .../components/sidebar/sidebar_todo.vue | 29 +++ app/assets/javascripts/lib/utils/dom_utils.js | 13 ++ .../projects/commits/store/actions.js | 5 +- .../pages/alert_management/details.scss | 10 + app/models/concerns/issuable.rb | 4 + app/models/note.rb | 6 +- app/services/notes/post_process_service.rb | 2 +- .../217616-fix-note-confidential.yml | 5 + .../unreleased/assign-alerts-sidebar-base.yml | 5 + .../assign-alerts-sidebar-container-fix.yml | 5 + ...an-up-install-from-source-gitlab-shell.yml | 5 + .../followup-leakyconst-master-check.yml | 5 + ...8132152_remove_namespaces_trial_ends_on.rb | 27 +++ db/structure.sql | 4 +- doc/.vale/gitlab/MergeConflictMarkers.yml | 13 ++ doc/README.md | 2 +- doc/administration/environment_variables.md | 5 +- doc/administration/git_protocol.md | 2 +- doc/administration/job_logs.md | 9 + .../packages/container_registry.md | 14 +- .../troubleshooting/elasticsearch.md | 6 +- .../troubleshooting/test_environments.md | 2 +- doc/ci/docker/using_docker_build.md | 24 +-- doc/ci/docker/using_docker_images.md | 4 +- doc/ci/docker/using_kaniko.md | 6 +- .../index.md | 2 +- .../deployment/composer-npm-deploy.md | 4 +- doc/ci/examples/php.md | 6 +- .../index.md | 2 +- doc/ci/quick_start/README.md | 2 +- doc/ci/services/mysql.md | 2 +- doc/ci/services/postgres.md | 2 +- doc/ci/services/redis.md | 2 +- doc/ci/variables/README.md | 3 +- doc/ci/yaml/README.md | 18 +- doc/development/build_test_package.md | 4 +- .../site_architecture/release_process.md | 26 +-- doc/development/ee_features.md | 2 - doc/development/elasticsearch.md | 2 +- doc/development/fe_guide/graphql.md | 12 -- doc/development/go_guide/index.md | 2 +- doc/development/integrations/secure.md | 2 +- doc/development/pipelines.md | 2 +- doc/development/telemetry/snowplow.md | 2 +- .../testing_guide/end_to_end/index.md | 2 +- .../end_to_end/rspec_metadata_tests.md | 4 +- ...unning_tests_that_require_special_setup.md | 12 +- doc/install/digitaloceandocker.md | 12 +- doc/install/installation.md | 18 +- doc/install/openshift_and_gitlab/index.md | 4 +- doc/raketasks/backup_restore.md | 4 +- doc/topics/airgap/index.md | 2 +- doc/topics/airgap/quick_start_guide.md | 4 +- .../container_scanning/index.md | 2 +- .../dependency_scanning/index.md | 2 +- doc/user/application_security/index.md | 2 +- doc/user/application_security/sast/index.md | 2 +- doc/user/packages/container_registry/index.md | 8 +- .../browser_performance_testing.md | 2 +- .../project/merge_requests/code_quality.md | 4 +- .../project/new_ci_build_permissions_model.md | 2 +- doc/user/project/settings/index.md | 2 +- lib/gitlab/data_builder/note.rb | 2 +- lib/gitlab/instrumentation_helper.rb | 57 ++++-- lib/tasks/gitlab/shell.rake | 15 +- locale/gitlab.pot | 15 ++ .../alert_management_detail_spec.js | 68 +------ .../components/alert_sidebar_spec.js | 37 ++++ .../components/alert_sidebar_status_spec.js | 113 +++++++++++ .../pagination/keyset/connection_spec.rb | 16 +- spec/models/note_spec.rb | 21 +- 78 files changed, 798 insertions(+), 325 deletions(-) create mode 100644 app/assets/javascripts/alert_management/components/alert_sidebar.vue create mode 100644 app/assets/javascripts/alert_management/components/sidebar/sidebar_header.vue create mode 100644 app/assets/javascripts/alert_management/components/sidebar/sidebar_status.vue create mode 100644 app/assets/javascripts/alert_management/components/sidebar/sidebar_todo.vue create mode 100644 changelogs/unreleased/217616-fix-note-confidential.yml create mode 100644 changelogs/unreleased/assign-alerts-sidebar-base.yml create mode 100644 changelogs/unreleased/assign-alerts-sidebar-container-fix.yml create mode 100644 changelogs/unreleased/clean-up-install-from-source-gitlab-shell.yml create mode 100644 changelogs/unreleased/followup-leakyconst-master-check.yml create mode 100644 db/post_migrate/20200408132152_remove_namespaces_trial_ends_on.rb create mode 100644 doc/.vale/gitlab/MergeConflictMarkers.yml create mode 100644 spec/frontend/alert_management/components/alert_sidebar_spec.js create mode 100644 spec/frontend/alert_management/components/alert_sidebar_status_spec.js diff --git a/.gitlab/ci/frontend.gitlab-ci.yml b/.gitlab/ci/frontend.gitlab-ci.yml index 303f6d10fac..80eb067b4c8 100644 --- a/.gitlab/ci/frontend.gitlab-ci.yml +++ b/.gitlab/ci/frontend.gitlab-ci.yml @@ -21,7 +21,6 @@ NODE_ENV: "production" RAILS_ENV: "production" SETUP_DB: "false" - SKIP_STORAGE_VALIDATION: "true" WEBPACK_REPORT: "true" # we override the max_old_space_size to prevent OOM errors NODE_OPTIONS: --max_old_space_size=3584 diff --git a/.gitlab/ci/memory.gitlab-ci.yml b/.gitlab/ci/memory.gitlab-ci.yml index 79dfc88d132..4d5c0d1c902 100644 --- a/.gitlab/ci/memory.gitlab-ci.yml +++ b/.gitlab/ci/memory.gitlab-ci.yml @@ -44,7 +44,6 @@ memory-on-boot: NODE_ENV: "production" RAILS_ENV: "production" SETUP_DB: "true" - SKIP_STORAGE_VALIDATION: "true" # we override the max_old_space_size to prevent OOM errors NODE_OPTIONS: --max_old_space_size=3584 script: diff --git a/.markdownlint.json b/.markdownlint.json index 88e3d5f7759..6686ab04958 100644 --- a/.markdownlint.json +++ b/.markdownlint.json @@ -43,6 +43,7 @@ "Consul", "Debian", "DevOps", + "Docker", "Elasticsearch", "Facebook", "GDK", diff --git a/app/assets/javascripts/alert_management/components/alert_details.vue b/app/assets/javascripts/alert_management/components/alert_details.vue index c08b4fb2f63..19d55c6a5fc 100644 --- a/app/assets/javascripts/alert_management/components/alert_details.vue +++ b/app/assets/javascripts/alert_management/components/alert_details.vue @@ -4,36 +4,27 @@ import { GlAlert, GlIcon, GlLoadingIcon, - GlDropdown, - GlDropdownItem, GlSprintf, GlTabs, GlTab, GlButton, GlTable, } from '@gitlab/ui'; -import createFlash from '~/flash'; import { s__ } from '~/locale'; import query from '../graphql/queries/details.query.graphql'; import { fetchPolicies } from '~/lib/graphql'; import TimeAgoTooltip from '~/vue_shared/components/time_ago_tooltip.vue'; import glFeatureFlagsMixin from '~/vue_shared/mixins/gl_feature_flags_mixin'; -import { - ALERTS_SEVERITY_LABELS, - trackAlertsDetailsViewsOptions, - trackAlertStatusUpdateOptions, -} from '../constants'; -import updateAlertStatus from '../graphql/mutations/update_alert_status.graphql'; +import { ALERTS_SEVERITY_LABELS, trackAlertsDetailsViewsOptions } from '../constants'; import createIssueQuery from '../graphql/mutations/create_issue_from_alert.graphql'; import { visitUrl, joinPaths } from '~/lib/utils/url_utility'; import Tracking from '~/tracking'; +import { toggleContainerClasses } from '~/lib/utils/dom_utils'; +import AlertSidebar from './alert_sidebar.vue'; + +const containerEl = document.querySelector('.page-with-contextual-sidebar'); export default { - statuses: { - TRIGGERED: s__('AlertManagement|Triggered'), - ACKNOWLEDGED: s__('AlertManagement|Acknowledged'), - RESOLVED: s__('AlertManagement|Resolved'), - }, i18n: { errorMsg: s__( 'AlertManagement|There was an error displaying the alert. Please refresh the page to try again.', @@ -49,13 +40,12 @@ export default { GlIcon, GlLoadingIcon, GlSprintf, - GlDropdown, - GlDropdownItem, GlTab, GlTabs, GlButton, GlTable, TimeAgoTooltip, + AlertSidebar, }, mixins: [glFeatureFlagsMixin()], props: { @@ -98,6 +88,8 @@ export default { isErrorDismissed: false, createIssueError: '', issueCreationInProgress: false, + sidebarCollapsed: false, + sidebarErrorMessage: '', }; }, computed: { @@ -115,31 +107,26 @@ export default { }, mounted() { this.trackPageViews(); + toggleContainerClasses(containerEl, { + 'issuable-bulk-update-sidebar': true, + 'right-sidebar-expanded': true, + }); }, methods: { dismissError() { this.isErrorDismissed = true; + this.sidebarErrorMessage = ''; }, - updateAlertStatus(status) { - this.$apollo - .mutate({ - mutation: updateAlertStatus, - variables: { - iid: this.alertId, - status: status.toUpperCase(), - projectPath: this.projectPath, - }, - }) - .then(() => { - this.trackStatusUpdate(status); - }) - .catch(() => { - createFlash( - s__( - 'AlertManagement|There was an error while updating the status of the alert. Please try again.', - ), - ); - }); + toggleSidebar() { + this.sidebarCollapsed = !this.sidebarCollapsed; + toggleContainerClasses(containerEl, { + 'right-sidebar-collapsed': this.sidebarCollapsed, + 'right-sidebar-expanded': !this.sidebarCollapsed, + }); + }, + handleAlertSidebarError(errorMessage) { + this.errored = true; + this.sidebarErrorMessage = errorMessage; }, createIssue() { this.issueCreationInProgress = true; @@ -172,17 +159,14 @@ export default { const { category, action } = trackAlertsDetailsViewsOptions; Tracking.event(category, action); }, - trackStatusUpdate(status) { - const { category, action, label } = trackAlertStatusUpdateOptions; - Tracking.event(category, action, { label, property: status }); - }, }, }; + diff --git a/app/assets/javascripts/alert_management/components/alert_sidebar.vue b/app/assets/javascripts/alert_management/components/alert_sidebar.vue new file mode 100644 index 00000000000..2d647ad296a --- /dev/null +++ b/app/assets/javascripts/alert_management/components/alert_sidebar.vue @@ -0,0 +1,57 @@ + + + diff --git a/app/assets/javascripts/alert_management/components/sidebar/sidebar_header.vue b/app/assets/javascripts/alert_management/components/sidebar/sidebar_header.vue new file mode 100644 index 00000000000..b1c369f54e6 --- /dev/null +++ b/app/assets/javascripts/alert_management/components/sidebar/sidebar_header.vue @@ -0,0 +1,34 @@ + + + diff --git a/app/assets/javascripts/alert_management/components/sidebar/sidebar_status.vue b/app/assets/javascripts/alert_management/components/sidebar/sidebar_status.vue new file mode 100644 index 00000000000..24a79a94a9a --- /dev/null +++ b/app/assets/javascripts/alert_management/components/sidebar/sidebar_status.vue @@ -0,0 +1,187 @@ + + + diff --git a/app/assets/javascripts/alert_management/components/sidebar/sidebar_todo.vue b/app/assets/javascripts/alert_management/components/sidebar/sidebar_todo.vue new file mode 100644 index 00000000000..87090165f82 --- /dev/null +++ b/app/assets/javascripts/alert_management/components/sidebar/sidebar_todo.vue @@ -0,0 +1,29 @@ + + + + diff --git a/app/assets/javascripts/lib/utils/dom_utils.js b/app/assets/javascripts/lib/utils/dom_utils.js index 7933c234384..8fa235f8afb 100644 --- a/app/assets/javascripts/lib/utils/dom_utils.js +++ b/app/assets/javascripts/lib/utils/dom_utils.js @@ -12,3 +12,16 @@ export const canScrollUp = ({ scrollTop }, margin = 0) => scrollTop > margin; export const canScrollDown = ({ scrollTop, offsetHeight, scrollHeight }, margin = 0) => scrollTop + offsetHeight < scrollHeight - margin; + +export const toggleContainerClasses = (containerEl, classList) => { + if (containerEl) { + // eslint-disable-next-line array-callback-return + Object.entries(classList).map(([key, value]) => { + if (value) { + containerEl.classList.add(key); + } else { + containerEl.classList.remove(key); + } + }); + } +}; diff --git a/app/assets/javascripts/projects/commits/store/actions.js b/app/assets/javascripts/projects/commits/store/actions.js index a3a53c2f975..0a52a92ae9d 100644 --- a/app/assets/javascripts/projects/commits/store/actions.js +++ b/app/assets/javascripts/projects/commits/store/actions.js @@ -3,6 +3,7 @@ import * as types from './mutation_types'; import axios from '~/lib/utils/axios_utils'; import createFlash from '~/flash'; import { __ } from '~/locale'; +import { joinPaths } from '~/lib/utils/url_utility'; export default { setInitialData({ commit }, data) { @@ -16,10 +17,8 @@ export default { }, fetchAuthors({ dispatch, state }, author = null) { const { projectId } = state; - const path = '/autocomplete/users.json'; - return axios - .get(path, { + .get(joinPaths(gon.relative_url_root || '', '/autocomplete/users.json'), { params: { project_id: projectId, active: true, diff --git a/app/assets/stylesheets/pages/alert_management/details.scss b/app/assets/stylesheets/pages/alert_management/details.scss index 6d807227b30..5a7bde1a3bc 100644 --- a/app/assets/stylesheets/pages/alert_management/details.scss +++ b/app/assets/stylesheets/pages/alert_management/details.scss @@ -39,4 +39,14 @@ width: 100%; } } + + .toggle-sidebar-mobile-button { + right: 0; + } + + .dropdown-menu-toggle { + &:hover { + background-color: $white; + } + } } diff --git a/app/models/concerns/issuable.rb b/app/models/concerns/issuable.rb index 1407a380978..f011426c9db 100644 --- a/app/models/concerns/issuable.rb +++ b/app/models/concerns/issuable.rb @@ -184,6 +184,10 @@ module Issuable assignees.count > 1 end + def supports_weight? + false + end + private def description_max_length_for_new_records_is_valid diff --git a/app/models/note.rb b/app/models/note.rb index d9209c15a7d..122f9695d63 100644 --- a/app/models/note.rb +++ b/app/models/note.rb @@ -351,8 +351,10 @@ class Note < ApplicationRecord self.special_role = Note::SpecialRole::FIRST_TIME_CONTRIBUTOR end - def confidential? - confidential || noteable.try(:confidential?) + def confidential?(include_noteable: false) + return true if confidential + + include_noteable && noteable.try(:confidential?) end def editable? diff --git a/app/services/notes/post_process_service.rb b/app/services/notes/post_process_service.rb index bc86118a150..0e455c641ce 100644 --- a/app/services/notes/post_process_service.rb +++ b/app/services/notes/post_process_service.rb @@ -36,7 +36,7 @@ module Notes return unless @note.project note_data = hook_data - hooks_scope = @note.confidential? ? :confidential_note_hooks : :note_hooks + hooks_scope = @note.confidential?(include_noteable: true) ? :confidential_note_hooks : :note_hooks @note.project.execute_hooks(note_data, hooks_scope) @note.project.execute_services(note_data, hooks_scope) diff --git a/changelogs/unreleased/217616-fix-note-confidential.yml b/changelogs/unreleased/217616-fix-note-confidential.yml new file mode 100644 index 00000000000..d9e1f8a9b26 --- /dev/null +++ b/changelogs/unreleased/217616-fix-note-confidential.yml @@ -0,0 +1,5 @@ +--- +title: Don't display confidential note icon on confidential issue public notes +merge_request: 32571 +author: +type: fixed diff --git a/changelogs/unreleased/assign-alerts-sidebar-base.yml b/changelogs/unreleased/assign-alerts-sidebar-base.yml new file mode 100644 index 00000000000..3785df5e8e0 --- /dev/null +++ b/changelogs/unreleased/assign-alerts-sidebar-base.yml @@ -0,0 +1,5 @@ +--- +title: Assign alerts sidebar base +merge_request 32642: +author: +type: changed diff --git a/changelogs/unreleased/assign-alerts-sidebar-container-fix.yml b/changelogs/unreleased/assign-alerts-sidebar-container-fix.yml new file mode 100644 index 00000000000..cdf9bb479ce --- /dev/null +++ b/changelogs/unreleased/assign-alerts-sidebar-container-fix.yml @@ -0,0 +1,5 @@ +--- +title: Assign alerts sidebar container fix +merge_request: 32743 +author: +type: other diff --git a/changelogs/unreleased/clean-up-install-from-source-gitlab-shell.yml b/changelogs/unreleased/clean-up-install-from-source-gitlab-shell.yml new file mode 100644 index 00000000000..d14cf0f9382 --- /dev/null +++ b/changelogs/unreleased/clean-up-install-from-source-gitlab-shell.yml @@ -0,0 +1,5 @@ +--- +title: Clean up gitlab-shell install-from-source path +merge_request: 33057 +author: +type: changed diff --git a/changelogs/unreleased/followup-leakyconst-master-check.yml b/changelogs/unreleased/followup-leakyconst-master-check.yml new file mode 100644 index 00000000000..3c0e00510f1 --- /dev/null +++ b/changelogs/unreleased/followup-leakyconst-master-check.yml @@ -0,0 +1,5 @@ +--- +title: Move NoPrimary table def to last context in spec +merge_request: 33015 +author: Rajendra Kadam +type: other diff --git a/db/post_migrate/20200408132152_remove_namespaces_trial_ends_on.rb b/db/post_migrate/20200408132152_remove_namespaces_trial_ends_on.rb new file mode 100644 index 00000000000..cfe0daaf50f --- /dev/null +++ b/db/post_migrate/20200408132152_remove_namespaces_trial_ends_on.rb @@ -0,0 +1,27 @@ +# frozen_string_literal: true + +class RemoveNamespacesTrialEndsOn < ActiveRecord::Migration[6.0] + include Gitlab::Database::MigrationHelpers + + DOWNTIME = false + + disable_ddl_transaction! + + def up + remove_concurrent_index_by_name :namespaces, 'index_namespaces_on_trial_ends_on' + + with_lock_retries do + remove_column :namespaces, :trial_ends_on + end + end + + def down + unless column_exists?(:namespaces, :trial_ends_on) + with_lock_retries do + add_column :namespaces, :trial_ends_on, :datetime_with_timezone + end + end + + add_concurrent_index :namespaces, :trial_ends_on, using: 'btree', where: 'trial_ends_on IS NOT NULL' + end +end diff --git a/db/structure.sql b/db/structure.sql index bd0aecca9e5..b382114514a 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -4201,7 +4201,6 @@ CREATE TABLE public.namespaces ( cached_markdown_version integer, project_creation_level integer, runners_token character varying, - trial_ends_on timestamp with time zone, file_template_project_id integer, saml_discovery_token character varying, runners_token_encrypted character varying, @@ -10153,8 +10152,6 @@ CREATE UNIQUE INDEX index_namespaces_on_runners_token_encrypted ON public.namesp CREATE INDEX index_namespaces_on_shared_and_extra_runners_minutes_limit ON public.namespaces USING btree (shared_runners_minutes_limit, extra_shared_runners_minutes_limit); -CREATE INDEX index_namespaces_on_trial_ends_on ON public.namespaces USING btree (trial_ends_on) WHERE (trial_ends_on IS NOT NULL); - CREATE INDEX index_namespaces_on_type_partial ON public.namespaces USING btree (type) WHERE (type IS NOT NULL); CREATE INDEX index_non_requested_project_members_on_source_id_and_type ON public.members USING btree (source_id, source_type) WHERE ((requested_at IS NULL) AND ((type)::text = 'ProjectMember'::text)); @@ -13838,6 +13835,7 @@ COPY "schema_migrations" (version) FROM STDIN; 20200407222647 20200408110856 20200408125046 +20200408132152 20200408133211 20200408153842 20200408154331 diff --git a/doc/.vale/gitlab/MergeConflictMarkers.yml b/doc/.vale/gitlab/MergeConflictMarkers.yml new file mode 100644 index 00000000000..4d733c856e5 --- /dev/null +++ b/doc/.vale/gitlab/MergeConflictMarkers.yml @@ -0,0 +1,13 @@ +--- +# Error: gitlab.MergeConflictMarkers +# +# Checks for the presence of merge conflict markers. +# +# For a list of all options, see https://errata-ai.github.io/vale/styles/ +extends: existence +message: 'Merge conflict marker "%s" found.' +link: https://docs.gitlab.com/ee/development/code_review.html#merging-a-merge-request +level: error +scope: raw +raw: + - '\n<<<<<<< .+\n|\n=======\n|\n>>>>>>> .+\n' diff --git a/doc/README.md b/doc/README.md index c9511b22f8f..ebf6e4381e8 100644 --- a/doc/README.md +++ b/doc/README.md @@ -363,7 +363,7 @@ The following documentation relates to the DevOps **Secure** stage: | Secure Topics | Description | |:------------------------------------------------------------------------------------------------------|:-----------------------------------------------------------------------| | [Compliance Dashboard](user/compliance/compliance_dashboard/index.md) **(ULTIMATE)** | View the most recent Merge Request activity in a group. | -| [Container Scanning](user/application_security/container_scanning/index.md) **(ULTIMATE)** | Use Clair to scan docker images for known vulnerabilities. | +| [Container Scanning](user/application_security/container_scanning/index.md) **(ULTIMATE)** | Use Clair to scan Docker images for known vulnerabilities. | | [Dependency List](user/application_security/dependency_list/index.md) **(ULTIMATE)** | View your project's dependencies and their known vulnerabilities. | | [Dependency Scanning](user/application_security/dependency_scanning/index.md) **(ULTIMATE)** | Analyze your dependencies for known vulnerabilities. | | [Dynamic Application Security Testing (DAST)](user/application_security/dast/index.md) **(ULTIMATE)** | Analyze running web applications for known vulnerabilities. | diff --git a/doc/administration/environment_variables.md b/doc/administration/environment_variables.md index 37d7194af53..b4f27bbde9d 100644 --- a/doc/administration/environment_variables.md +++ b/doc/administration/environment_variables.md @@ -63,6 +63,7 @@ to the naming scheme `GITLAB_#{name in 1_settings.rb in upper case}`. To set environment variables, follow [these instructions](https://docs.gitlab.com/omnibus/settings/environment-variables.html). -It's possible to preconfigure the GitLab docker image by adding the environment +It's possible to preconfigure the GitLab Docker image by adding the environment variable `GITLAB_OMNIBUS_CONFIG` to the `docker run` command. -For more information see the ['preconfigure-docker-container' section in the Omnibus documentation](https://docs.gitlab.com/omnibus/docker/#preconfigure-docker-container). +For more information see the [Pre-configure Docker container](https://docs.gitlab.com/omnibus/docker/#pre-configure-docker-container) +section in the Omnibus documentation. diff --git a/doc/administration/git_protocol.md b/doc/administration/git_protocol.md index 07462abd586..e1600d972bd 100644 --- a/doc/administration/git_protocol.md +++ b/doc/administration/git_protocol.md @@ -24,7 +24,7 @@ From the server side, if we want to configure SSH we need to set the `sshd` server to accept the `GIT_PROTOCOL` environment. In installations using [GitLab Helm Charts](https://docs.gitlab.com/charts/) -and [All-in-one docker image](https://docs.gitlab.com/omnibus/docker/), the SSH +and [All-in-one Docker image](https://docs.gitlab.com/omnibus/docker/), the SSH service is already configured to accept the `GIT_PROTOCOL` environment and users need not do anything more. diff --git a/doc/administration/job_logs.md b/doc/administration/job_logs.md index e8911542e0c..8dfcbfbb08a 100644 --- a/doc/administration/job_logs.md +++ b/doc/administration/job_logs.md @@ -64,6 +64,15 @@ There isn't a way to automatically expire old job logs, but it's safe to remove them if they're taking up too much space. If you remove the logs manually, the job output in the UI will be empty. +For example, to delete all job logs older than 60 days, run the following from a shell in your GitLab instance: + +DANGER: **Warning:** +This command will permanently delete the log files and is irreversible. + +```shell +find /var/opt/gitlab/gitlab-rails/shared/artifacts -name "job.log" -mtime +60 -delete +``` + ## New incremental logging architecture > - [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/18169) in GitLab 10.4. diff --git a/doc/administration/packages/container_registry.md b/doc/administration/packages/container_registry.md index 7c0c9b94e4b..5524d22b509 100644 --- a/doc/administration/packages/container_registry.md +++ b/doc/administration/packages/container_registry.md @@ -98,7 +98,7 @@ auth: ``` CAUTION: **Caution:** -If `auth` is not set up, users will be able to pull docker images without authentication. +If `auth` is not set up, users will be able to pull Docker images without authentication. ## Container Registry domain configuration @@ -414,7 +414,7 @@ NOTE: **Note:** **Installations from source** Configuring the storage driver is done in your registry config YML file created -when you [deployed your docker registry](https://docs.docker.com/registry/deploying/). +when you [deployed your Docker registry](https://docs.docker.com/registry/deploying/). `s3` storage driver example: @@ -642,7 +642,7 @@ To configure a notification endpoint in Omnibus: **Installations from source** Configuring the notification endpoint is done in your registry config YML file created -when you [deployed your docker registry](https://docs.docker.com/registry/deploying/). +when you [deployed your Docker registry](https://docs.docker.com/registry/deploying/). Example: @@ -879,9 +879,9 @@ thus the error above. While GitLab doesn't support using self-signed certificates with Container Registry out of the box, it is possible to make it work by -[instructing the docker-daemon to trust the self-signed certificates](https://docs.docker.com/registry/insecure/#use-self-signed-certificates), -mounting the docker-daemon and setting `privileged = false` in the Runner's -`config.toml`. Setting `privileged = true` takes precedence over the docker-daemon: +[instructing the Docker daemon to trust the self-signed certificates](https://docs.docker.com/registry/insecure/#use-self-signed-certificates), +mounting the Docker daemon and setting `privileged = false` in the Runner's +`config.toml`. Setting `privileged = true` takes precedence over the Docker daemon: ```toml [runners.docker] @@ -1008,7 +1008,7 @@ there is likely an issue with the headers forwarded to the registry by NGINX. Th NGINX configurations should handle this, but it might occur in custom setups where the SSL is offloaded to a third party reverse proxy. -This problem was discussed in a [docker project issue](https://github.com/docker/distribution/issues/970) +This problem was discussed in a [Docker project issue](https://github.com/docker/distribution/issues/970) and a simple solution would be to enable relative URLs in the Registry. **For Omnibus installations** diff --git a/doc/administration/troubleshooting/elasticsearch.md b/doc/administration/troubleshooting/elasticsearch.md index a39fe4ba8c3..631999e08b0 100644 --- a/doc/administration/troubleshooting/elasticsearch.md +++ b/doc/administration/troubleshooting/elasticsearch.md @@ -330,10 +330,10 @@ feel free to update that page with issues you encounter and solutions. Setting up Elasticsearch isn't too bad, but it can be a bit finicky and time consuming. -The easiest method is to spin up a docker container with the required version and +The easiest method is to spin up a Docker container with the required version and bind ports 9200/9300 so it can be used. -The following is an example of running a docker container of Elasticsearch v7.2.0: +The following is an example of running a Docker container of Elasticsearch v7.2.0: ```shell docker pull docker.elastic.co/elasticsearch/elasticsearch:7.2.0 @@ -342,7 +342,7 @@ docker run -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" docker.elas From here, you can: -- Grab the IP of the docker container (use `docker inspect `) +- Grab the IP of the Docker container (use `docker inspect `) - Use `` to communicate with it. This is a quick method to test out Elasticsearch, but by no means is this a diff --git a/doc/administration/troubleshooting/test_environments.md b/doc/administration/troubleshooting/test_environments.md index e9db5f64446..80ccd15aa22 100644 --- a/doc/administration/troubleshooting/test_environments.md +++ b/doc/administration/troubleshooting/test_environments.md @@ -16,7 +16,7 @@ are only available internally at GitLab. ## Docker -The following were tested on docker containers running in the cloud. Support Engineers, +The following were tested on Docker containers running in the cloud. Support Engineers, please see [these docs](https://gitlab.com/gitlab-com/dev-resources/tree/master/dev-resources#running-docker-containers) on how to run Docker containers on `dev-resources`. Other setups haven't been tested, but contributions are welcome. diff --git a/doc/ci/docker/using_docker_build.md b/doc/ci/docker/using_docker_build.md index 8f60424590d..a18c73be60e 100644 --- a/doc/ci/docker/using_docker_build.md +++ b/doc/ci/docker/using_docker_build.md @@ -4,7 +4,7 @@ type: concepts, howto # Building Docker images with GitLab CI/CD -GitLab CI/CD allows you to use Docker Engine to build and test docker-based projects. +GitLab CI/CD allows you to use Docker Engine to build and test Docker-based projects. One of the new trends in Continuous Integration/Deployment is to: @@ -91,15 +91,15 @@ NOTE: **Note:** By adding `gitlab-runner` to the `docker` group you are effectively granting `gitlab-runner` full root permissions. For more information please read [On Docker security: `docker` group considered harmful](https://www.andreas-jung.com/contents/on-docker-security-docker-group-considered-harmful). -### Use docker-in-docker workflow with Docker executor +### Use Docker-in-Docker workflow with Docker executor -The second approach is to use the special docker-in-docker (dind) +The second approach is to use the special Docker-in-Docker (dind) [Docker image](https://hub.docker.com/_/docker/) with all tools installed (`docker`) and run the job script in context of that image in privileged mode. NOTE: **Note:** -`docker-compose` is not part of docker-in-docker (dind). To use `docker-compose` in your +`docker-compose` is not part of Docker-in-Docker (dind). To use `docker-compose` in your CI builds, follow the `docker-compose` [installation instructions](https://docs.docker.com/compose/install/). @@ -113,7 +113,7 @@ out the official Docker documentation on Docker-in-Docker works well, and is the recommended configuration, but it is not without its own challenges: -- When using docker-in-docker, each job is in a clean environment without the past +- When using Docker-in-Docker, each job is in a clean environment without the past history. Concurrent jobs work fine because every build gets its own instance of Docker engine so they won't conflict with each other. But this also means that jobs can be slower because there's no caching of layers. @@ -156,7 +156,7 @@ details. The Docker daemon supports connection over TLS and it's done by default for Docker 19.03.8 or higher. This is the **suggested** way to use the -docker-in-docker service and +Docker-in-Docker service and [GitLab.com Shared Runners](../../user/gitlab_com/index.md#shared-runners) support this. @@ -179,11 +179,11 @@ support this. The above command will register a new Runner to use the special `docker:19.03.8` image, which is provided by Docker. **Notice that it's using the `privileged` mode to start the build and service - containers.** If you want to use [docker-in-docker](https://www.docker.com/blog/docker-can-now-run-within-docker/) mode, you always + containers.** If you want to use [Docker-in-Docker](https://www.docker.com/blog/docker-can-now-run-within-docker/) mode, you always have to use `privileged = true` in your Docker containers. This will also mount `/certs/client` for the service and build - container, which is needed for the docker client to use the + container, which is needed for the Docker client to use the certificates inside of that directory. For more information how Docker with TLS works check . @@ -377,7 +377,7 @@ In order to do that, follow the steps: While the above method avoids using Docker in privileged mode, you should be aware of the following implications: -- By sharing the docker daemon, you are effectively disabling all +- By sharing the Docker daemon, you are effectively disabling all the security mechanisms of containers and exposing your host to privilege escalation which can lead to container breakout. For example, if a project ran `docker rm -f $(docker ps -a -q)` it would remove the GitLab Runner @@ -392,9 +392,9 @@ aware of the following implications: docker run --rm -t -i -v $(pwd)/src:/home/app/src test-image:latest run_app_tests ``` -## Making docker-in-docker builds faster with Docker layer caching +## Making Docker-in-Docker builds faster with Docker layer caching -When using docker-in-docker, Docker will download all layers of your image every +When using Docker-in-Docker, Docker will download all layers of your image every time you create a build. Recent versions of Docker (Docker 1.13 and above) can use a pre-existing image as a cache during the `docker build` step, considerably speeding up the build process. @@ -514,7 +514,7 @@ Once you've built a Docker image, you can push it up to the built-in ## Troubleshooting -### docker: Cannot connect to the Docker daemon at tcp://docker:2375. Is the docker daemon running? +### `docker: Cannot connect to the Docker daemon at tcp://docker:2375. Is the docker daemon running?` This is a common error when you are using [Docker in Docker](#use-docker-in-docker-workflow-with-docker-executor) diff --git a/doc/ci/docker/using_docker_images.md b/doc/ci/docker/using_docker_images.md index a1466a5117e..299880da263 100644 --- a/doc/ci/docker/using_docker_images.md +++ b/doc/ci/docker/using_docker_images.md @@ -744,7 +744,7 @@ To configure access for `aws_account_id.dkr.ecr.region.amazonaws.com`, follow th } ``` - This configures docker to use the credential helper for a specific registry. + This configures Docker to use the credential helper for a specific registry. or @@ -754,7 +754,7 @@ To configure access for `aws_account_id.dkr.ecr.region.amazonaws.com`, follow th } ``` - This configures docker to use the credential helper for all Amazon ECR registries. + This configures Docker to use the credential helper for all Amazon ECR registries. - Or, if you are running self-managed Runners, add the above JSON to `${GITLAB_RUNNER_HOME}/.docker/config.json`. diff --git a/doc/ci/docker/using_kaniko.md b/doc/ci/docker/using_kaniko.md index 08615e7ee0c..5687a72555b 100644 --- a/doc/ci/docker/using_kaniko.md +++ b/doc/ci/docker/using_kaniko.md @@ -10,12 +10,12 @@ type: howto container images from a Dockerfile, inside a container or Kubernetes cluster. kaniko solves two problems with using the -[docker-in-docker +[Docker-in-Docker build](using_docker_build.md#use-docker-in-docker-workflow-with-docker-executor) method: -- Docker-in-docker requires [privileged mode](https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities) +- Docker-in-Docker requires [privileged mode](https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities) in order to function, which is a significant security concern. -- Docker-in-docker generally incurs a performance penalty and can be quite slow. +- Docker-in-Docker generally incurs a performance penalty and can be quite slow. ## Requirements diff --git a/doc/ci/examples/deploy_spring_boot_to_cloud_foundry/index.md b/doc/ci/examples/deploy_spring_boot_to_cloud_foundry/index.md index 49f4a14c5ac..475804415bb 100644 --- a/doc/ci/examples/deploy_spring_boot_to_cloud_foundry/index.md +++ b/doc/ci/examples/deploy_spring_boot_to_cloud_foundry/index.md @@ -100,7 +100,7 @@ production: - master ``` -We've used the `java:8` [docker +We've used the `java:8` [Docker image](../../docker/using_docker_images.md) to build our application as it provides the up-to-date Java 8 JDK on [Docker Hub](https://hub.docker.com/). We've also added the [`only` diff --git a/doc/ci/examples/deployment/composer-npm-deploy.md b/doc/ci/examples/deployment/composer-npm-deploy.md index c5f49fd6e59..afd93d93e50 100644 --- a/doc/ci/examples/deployment/composer-npm-deploy.md +++ b/doc/ci/examples/deployment/composer-npm-deploy.md @@ -74,7 +74,7 @@ And this is basically all you need in the `before_script` section. ## How to deploy -As we stated above, we need to deploy the `build` folder from the docker image to our server. To do so, we create a new job: +As we stated above, we need to deploy the `build` folder from the Docker image to our server. To do so, we create a new job: ```yaml stage_deploy: @@ -94,7 +94,7 @@ stage_deploy: Here's the breakdown: 1. `only:dev` means that this build will run only when something is pushed to the `dev` branch. You can remove this block completely and have everything be ran on every push (but probably this is something you don't want) -1. `ssh-add ...` we will add that private key you added on the web UI to the docker container +1. `ssh-add ...` we will add that private key you added on the web UI to the Docker container 1. We will connect via `ssh` and create a new `_tmp` folder 1. We will connect via `scp` and upload the `build` folder (which was generated by a `npm` script) to our previously created `_tmp` folder 1. We will connect again via `ssh` and move the `live` folder to an `_old` folder, then move `_tmp` to `live`. diff --git a/doc/ci/examples/php.md b/doc/ci/examples/php.md index 6a6c0e8fde1..938d513b0ff 100644 --- a/doc/ci/examples/php.md +++ b/doc/ci/examples/php.md @@ -13,7 +13,7 @@ using the Shell executor. While it is possible to test PHP apps on any system, this would require manual configuration from the developer. To overcome this we will be using the -official [PHP docker image](https://hub.docker.com/_/php) that can be found in Docker Hub. +official [PHP Docker image](https://hub.docker.com/_/php) that can be found in Docker Hub. This will allow us to test PHP projects against different versions of PHP. However, not everything is plug 'n' play, you still need to configure some @@ -62,7 +62,7 @@ docker-php-ext-install pdo_mysql ``` You might wonder what `docker-php-ext-install` is. In short, it is a script -provided by the official php docker image that you can use to easily install +provided by the official php Docker image that you can use to easily install extensions. For more information read the documentation at . @@ -111,7 +111,7 @@ test:app: ### Test against different PHP versions in Docker builds Testing against multiple versions of PHP is super easy. Just add another job -with a different docker image version and the runner will do the rest: +with a different Docker image version and the runner will do the rest: ```yaml before_script: diff --git a/doc/ci/examples/test_phoenix_app_with_gitlab_ci_cd/index.md b/doc/ci/examples/test_phoenix_app_with_gitlab_ci_cd/index.md index cd1ad923249..5fd9d15ddfb 100644 --- a/doc/ci/examples/test_phoenix_app_with_gitlab_ci_cd/index.md +++ b/doc/ci/examples/test_phoenix_app_with_gitlab_ci_cd/index.md @@ -262,7 +262,7 @@ project. our application? This virtual machine must have all dependencies to run our application. This is where a Docker image is needed. The correct image will provide the entire system for us. - As we are focusing on testing (not deploying), you can use the [elixir:latest](https://hub.docker.com/_/elixir) docker image, which already has the + As we are focusing on testing (not deploying), you can use the [elixir:latest](https://hub.docker.com/_/elixir) Docker image, which already has the dependencies for running Phoenix tests installed, such as Elixir and Erlang: ```yaml diff --git a/doc/ci/quick_start/README.md b/doc/ci/quick_start/README.md index a14cfcfa9ed..a75fd775872 100644 --- a/doc/ci/quick_start/README.md +++ b/doc/ci/quick_start/README.md @@ -165,7 +165,7 @@ The next step is to configure a Runner so that it picks the pending jobs. ## Configuring a Runner In GitLab, Runners run the jobs that you define in `.gitlab-ci.yml`. A Runner -can be a virtual machine, a VPS, a bare-metal machine, a docker container or +can be a virtual machine, a VPS, a bare-metal machine, a Docker container or even a cluster of containers. GitLab and the Runners communicate through an API, so the only requirement is that the Runner's machine has network access to the GitLab server. diff --git a/doc/ci/services/mysql.md b/doc/ci/services/mysql.md index dcfd863709e..6f1c1d4fd49 100644 --- a/doc/ci/services/mysql.md +++ b/doc/ci/services/mysql.md @@ -43,7 +43,7 @@ Database: If you are wondering why we used `mysql` for the `Host`, read more at [How services are linked to the job](../docker/using_docker_images.md#how-services-are-linked-to-the-job). -You can also use any other docker image available on [Docker Hub](https://hub.docker.com/_/mysql/). +You can also use any other Docker image available on [Docker Hub](https://hub.docker.com/_/mysql/). For example, to use MySQL 5.5 the service becomes `mysql:5.5`. The `mysql` image can accept some environment variables. For more details diff --git a/doc/ci/services/postgres.md b/doc/ci/services/postgres.md index 2f92bd969ff..680bee1280f 100644 --- a/doc/ci/services/postgres.md +++ b/doc/ci/services/postgres.md @@ -45,7 +45,7 @@ Database: nice_marmot If you are wondering why we used `postgres` for the `Host`, read more at [How services are linked to the job](../docker/using_docker_images.md#how-services-are-linked-to-the-job). -You can also use any other docker image available on [Docker Hub](https://hub.docker.com/_/postgres). +You can also use any other Docker image available on [Docker Hub](https://hub.docker.com/_/postgres). For example, to use PostgreSQL 9.3 the service becomes `postgres:9.3`. The `postgres` image can accept some environment variables. For more details diff --git a/doc/ci/services/redis.md b/doc/ci/services/redis.md index f22ee87a9d3..414cc4b624a 100644 --- a/doc/ci/services/redis.md +++ b/doc/ci/services/redis.md @@ -30,7 +30,7 @@ Host: redis And that's it. Redis will now be available to be used within your testing framework. -You can also use any other docker image available on [Docker Hub](https://hub.docker.com/_/redis). +You can also use any other Docker image available on [Docker Hub](https://hub.docker.com/_/redis). For example, to use Redis 2.8 the service becomes `redis:2.8`. ## Use Redis with the Shell executor diff --git a/doc/ci/variables/README.md b/doc/ci/variables/README.md index 805b974c4b9..bced78b6b37 100644 --- a/doc/ci/variables/README.md +++ b/doc/ci/variables/README.md @@ -492,7 +492,8 @@ variables, depending on where they are defined. The order of precedence for variables is (from highest to lowest): -1. [Trigger variables](../triggers/README.md#making-use-of-trigger-variables) or [scheduled pipeline variables](../pipelines/schedules.md#using-variables). +1. [Trigger variables](../triggers/README.md#making-use-of-trigger-variables), [scheduled pipeline variables](../pipelines/schedules.md#using-variables), + and [manual pipeline run variables](#override-a-variable-by-manually-running-a-pipeline). 1. Project-level [variables](#custom-environment-variables) or [protected variables](#protect-a-custom-variable). 1. Group-level [variables](#group-level-environment-variables) or [protected variables](#protect-a-custom-variable). 1. [Inherited environment variables](#inherit-environment-variables). diff --git a/doc/ci/yaml/README.md b/doc/ci/yaml/README.md index d16414daacd..3bf4cac204c 100644 --- a/doc/ci/yaml/README.md +++ b/doc/ci/yaml/README.md @@ -93,8 +93,8 @@ The following table lists available parameters for jobs: | Keyword | Description | |:---------------------------------------------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | [`script`](#script) | Shell script which is executed by Runner. | -| [`image`](#image) | Use docker images. Also available: `image:name` and `image:entrypoint`. | -| [`services`](#services) | Use docker services images. Also available: `services:name`, `services:alias`, `services:entrypoint`, and `services:command`. | +| [`image`](#image) | Use Docker images. Also available: `image:name` and `image:entrypoint`. | +| [`services`](#services) | Use Docker services images. Also available: `services:name`, `services:alias`, `services:entrypoint`, and `services:command`. | | [`before_script`](#before_script-and-after_script) | Override a set of commands that are executed before job. | | [`after_script`](#before_script-and-after_script) | Override a set of commands that are executed after job. | | [`stage`](#stage) | Defines a job stage (default: `test`). | @@ -521,13 +521,13 @@ For: #### `image:name` -An [extended docker configuration option](../docker/using_docker_images.md#extended-docker-configuration-options). +An [extended Docker configuration option](../docker/using_docker_images.md#extended-docker-configuration-options). For more information, see [Available settings for `image`](../docker/using_docker_images.md#available-settings-for-image). #### `image:entrypoint` -An [extended docker configuration option](../docker/using_docker_images.md#extended-docker-configuration-options). +An [extended Docker configuration option](../docker/using_docker_images.md#extended-docker-configuration-options). For more information, see [Available settings for `image`](../docker/using_docker_images.md#available-settings-for-image). @@ -543,25 +543,25 @@ For: ##### `services:name` -An [extended docker configuration option](../docker/using_docker_images.md#extended-docker-configuration-options). +An [extended Docker configuration option](../docker/using_docker_images.md#extended-docker-configuration-options). For more information, see [Available settings for `services`](../docker/using_docker_images.md#available-settings-for-services). ##### `services:alias` -An [extended docker configuration option](../docker/using_docker_images.md#extended-docker-configuration-options). +An [extended Docker configuration option](../docker/using_docker_images.md#extended-docker-configuration-options). For more information, see [Available settings for `services`](../docker/using_docker_images.md#available-settings-for-services). ##### `services:entrypoint` -An [extended docker configuration option](../docker/using_docker_images.md#extended-docker-configuration-options). +An [extended Docker configuration option](../docker/using_docker_images.md#extended-docker-configuration-options). For more information, see [Available settings for `services`](../docker/using_docker_images.md#available-settings-for-services). ##### `services:command` -An [extended docker configuration option](../docker/using_docker_images.md#extended-docker-configuration-options). +An [extended Docker configuration option](../docker/using_docker_images.md#extended-docker-configuration-options). For more information, see [Available settings for `services`](../docker/using_docker_images.md#available-settings-for-services). @@ -3477,7 +3477,7 @@ If `GIT_FETCH_EXTRA_FLAGS` is: - Not specified, `git fetch` flags default to `--prune --quiet` along with the default flags. - Given the value `none`, `git fetch` is executed only with the default flags. - + For example, the default flags are `--prune --quiet`, so you can make `git fetch` more verbose by overriding this with just `--prune`: ```yaml diff --git a/doc/development/build_test_package.md b/doc/development/build_test_package.md index d478d6e1653..6784795e0bb 100644 --- a/doc/development/build_test_package.md +++ b/doc/development/build_test_package.md @@ -1,13 +1,13 @@ # Building a package for testing While developing a new feature or modifying an existing one, it is helpful if an -installable package (or a docker image) containing those changes is available +installable package (or a Docker image) containing those changes is available for testing. For this very purpose, a manual job is provided in the GitLab CI/CD pipeline that can be used to trigger a pipeline in the Omnibus GitLab repository that will create: - A deb package for Ubuntu 16.04, available as a build artifact, and -- A docker image, which is pushed to [Omnibus GitLab's container +- A Docker image, which is pushed to [Omnibus GitLab's container registry](https://gitlab.com/gitlab-org/omnibus-gitlab/container_registry) (images titled `gitlab-ce` and `gitlab-ee` respectively and image tag is the commit which triggered the pipeline). diff --git a/doc/development/documentation/site_architecture/release_process.md b/doc/development/documentation/site_architecture/release_process.md index 13d6540fa35..d100ab8afa8 100644 --- a/doc/development/documentation/site_architecture/release_process.md +++ b/doc/development/documentation/site_architecture/release_process.md @@ -62,30 +62,15 @@ The single docs version must be created before the release merge request, but this needs to happen when the stable branches for all products have been created. 1. Make sure you're in the root path of the `gitlab-docs` repository. -1. Make sure your `master` is updated: - - ```shell - git pull origin master - ``` - 1. Run the Rake task to create the single version: ```shell ./bin/rake "release:single[12.0]" ``` - A new `Dockerfile.12.0` should have been created and committed to a new branch. - -1. Edit `.gitlab-ci.yml` and replace the `BRANCH_` variables with their respective - upstream stable branch. For example, 12.6 would look like: - - ```yaml - variables: - BRANCH_EE: '12-6-stable-ee' - BRANCH_OMNIBUS: '12-6-stable' - BRANCH_RUNNER: '12-6-stable' - BRANCH_CHARTS: '2-6-stable' - ``` + A new `Dockerfile.12.0` should have been created and `.gitlab-ci.yml` should + have the branches variables updated into a new branch. They will be automatically + committed. 1. Push the newly created branch, but **don't create a merge request**. Once you push, the `image:docker-singe` job will create a new Docker image @@ -106,6 +91,9 @@ Visit `http://localhost:4000/12.0/` to see if everything works correctly. ### 3. Create the release merge request +NOTE: **Note:** +To be [automated](https://gitlab.com/gitlab-org/gitlab-docs/-/issues/750). + Now it's time to create the monthly release merge request that adds the new version and rotates the old one: @@ -161,7 +149,7 @@ versions: 1. Run the Rake task that will create all the respective merge requests needed to update the dropdowns and will be set to automatically be merged when their pipelines succeed. The `release-X-Y` branch needs to be present locally, - otherwise the Rake task will fail: + and you need to have switched to it, otherwise the Rake task will fail: ```shell ./bin/rake release:dropdowns diff --git a/doc/development/ee_features.md b/doc/development/ee_features.md index 606ce363759..e22e96b6f06 100644 --- a/doc/development/ee_features.md +++ b/doc/development/ee_features.md @@ -165,8 +165,6 @@ There are a few gotchas with it: end ``` - This would require updating CE first, or make sure this is back ported to CE. - When prepending, place them in the `ee/` specific sub-directory, and wrap class or module in `module EE` to avoid naming conflicts. diff --git a/doc/development/elasticsearch.md b/doc/development/elasticsearch.md index 6432d3b6715..c2ad3b6026b 100644 --- a/doc/development/elasticsearch.md +++ b/doc/development/elasticsearch.md @@ -54,7 +54,7 @@ Please see the `sha_tokenizer` explanation later below for an example. #### `code_analyzer` -Used when indexing a blob's filename and content. Uses the `whitespace` tokenizer and the filters: [`code`](#code), [`edgeNGram_filter`](#edgengram_filter), `lowercase`, and `asciifolding` +Used when indexing a blob's filename and content. Uses the `whitespace` tokenizer and the filters: [`code`](#code), `lowercase`, and `asciifolding` The `whitespace` tokenizer was selected in order to have more control over how tokens are split. For example the string `Foo::bar(4)` needs to generate tokens like `Foo` and `bar(4)` in order to be properly searched. diff --git a/doc/development/fe_guide/graphql.md b/doc/development/fe_guide/graphql.md index caf84d04490..af36367fd2b 100644 --- a/doc/development/fe_guide/graphql.md +++ b/doc/development/fe_guide/graphql.md @@ -411,18 +411,6 @@ fetchNextPage() { Please note we don't have to save `pageInfo` one more time; `fetchMore` triggers a query `result` hook as well. -#### Limitations - -Currently, bidirectional pagination doesn't work: - -- `hasNextPage` returns a correct value only when we paginate forward using `endCursor` - and `first` parameters. -- `hasPreviousPage` returns a correct value only when we paginate backward using - `startCursor` and `last` parameters. - -This should be resolved in the scope of the issue -[Bi-directional Pagination in GraphQL doesn't work as expected](https://gitlab.com/gitlab-org/gitlab/-/issues/208301). - ### Testing #### Mocking response as component data diff --git a/doc/development/go_guide/index.md b/doc/development/go_guide/index.md index 39c08acaec1..ac462aa2fe0 100644 --- a/doc/development/go_guide/index.md +++ b/doc/development/go_guide/index.md @@ -390,7 +390,7 @@ builds](https://docs.docker.com/develop/develop-images/multistage-build/): dependencies. - They generate a small, self-contained image, derived from `Scratch`. -Generated docker images should have the program at their `Entrypoint` to create +Generated Docker images should have the program at their `Entrypoint` to create portable commands. That way, anyone can run the image, and without parameters it will display its help message (if `cli` has been used). diff --git a/doc/development/integrations/secure.md b/doc/development/integrations/secure.md index d7739f232ae..c96c11d25d4 100644 --- a/doc/development/integrations/secure.md +++ b/doc/development/integrations/secure.md @@ -139,7 +139,7 @@ might also help with keeping the image small. As documented in the [Docker Official Images](https://github.com/docker-library/official-images#tags-and-aliases) project, it is strongly encouraged that version number tags be given aliases which allows the user to easily refer to the "most recent" release of a particular series. -See also [Docker Tagging: Best practices for tagging and versioning docker images](https://docs.microsoft.com/en-us/archive/blogs/stevelasker/docker-tagging-best-practices-for-tagging-and-versioning-docker-images). +See also [Docker Tagging: Best practices for tagging and versioning Docker images](https://docs.microsoft.com/en-us/archive/blogs/stevelasker/docker-tagging-best-practices-for-tagging-and-versioning-docker-images). ## Command line diff --git a/doc/development/pipelines.md b/doc/development/pipelines.md index ab9370066cc..8322189ebe3 100644 --- a/doc/development/pipelines.md +++ b/doc/development/pipelines.md @@ -19,7 +19,7 @@ The current stages are: . - `prepare`: This stage includes jobs that prepare artifacts that are needed by jobs in subsequent stages. -- `build-images`: This stage includes jobs that prepare docker images +- `build-images`: This stage includes jobs that prepare Docker images that are needed by jobs in subsequent stages or downstream pipelines. - `fixtures`: This stage includes jobs that prepare fixtures needed by frontend tests. - `test`: This stage includes most of the tests, DB/migration jobs, and static analysis jobs. diff --git a/doc/development/telemetry/snowplow.md b/doc/development/telemetry/snowplow.md index 18ecf2bc506..862291680a6 100644 --- a/doc/development/telemetry/snowplow.md +++ b/doc/development/telemetry/snowplow.md @@ -336,7 +336,7 @@ Snowplow Inspector Chrome Extension is a browser extension for testing frontend Snowplow Micro is a very small version of a full Snowplow data collection pipeline: small enough that it can be launched by a test suite. Events can be recorded into Snowplow Micro just as they can a full Snowplow pipeline. Micro then exposes an API that can be queried. -Snowplow Micro is a docker-based solution for testing frontend and backend events in a local development environment. You need to modify GDK using the instructions below to set this up. +Snowplow Micro is a Docker-based solution for testing frontend and backend events in a local development environment. You need to modify GDK using the instructions below to set this up. - Read [Introducing Snowplow Micro](https://snowplowanalytics.com/blog/2019/07/17/introducing-snowplow-micro/) - Look at the [Snowplow Micro repo](https://github.com/snowplow-incubator/snowplow-micro) diff --git a/doc/development/testing_guide/end_to_end/index.md b/doc/development/testing_guide/end_to_end/index.md index 32086596a4a..525db93ec05 100644 --- a/doc/development/testing_guide/end_to_end/index.md +++ b/doc/development/testing_guide/end_to_end/index.md @@ -155,7 +155,7 @@ See [Review Apps](../review_apps.md) for more details about Review Apps. If you are not [testing code in a merge request](#testing-code-in-merge-requests), there are two main options for running the tests. If you simply want to run -the existing tests against a live GitLab instance or against a pre-built docker image +the existing tests against a live GitLab instance or against a pre-built Docker image you can use the [GitLab QA orchestrator](https://gitlab.com/gitlab-org/gitlab-qa/tree/master/README.md). See also [examples of the test scenarios you can run via the orchestrator](https://gitlab.com/gitlab-org/gitlab-qa/blob/master/docs/what_tests_can_be_run.md#examples). diff --git a/doc/development/testing_guide/end_to_end/rspec_metadata_tests.md b/doc/development/testing_guide/end_to_end/rspec_metadata_tests.md index 89adfceb7c9..b1a8a14163c 100644 --- a/doc/development/testing_guide/end_to_end/rspec_metadata_tests.md +++ b/doc/development/testing_guide/end_to_end/rspec_metadata_tests.md @@ -9,11 +9,11 @@ This is a partial list of the [RSpec metadata](https://relishapp.com/rspec/rspec |-----|-------------| | `:elasticsearch` | The test requires an Elasticsearch service. It is used by the [instance-level scenario](https://gitlab.com/gitlab-org/gitlab-qa#definitions) [`Test::Integration::Elasticsearch`](https://gitlab.com/gitlab-org/gitlab/-/blob/72b62b51bdf513e2936301cb6c7c91ec27c35b4d/qa/qa/ee/scenario/test/integration/elasticsearch.rb) to include only tests that require Elasticsearch. | | `:kubernetes` | The test includes a GitLab instance that is configured to be run behind an SSH tunnel, allowing a TLS-accessible GitLab. This test will also include provisioning of at least one Kubernetes cluster to test against. *This tag is often be paired with `:orchestrated`.* | -| `:orchestrated` | The GitLab instance under test may be [configured by `gitlab-qa`](https://gitlab.com/gitlab-org/gitlab-qa/-/blob/master/docs/what_tests_can_be_run.md#orchestrated-tests) to be different to the default GitLab configuration, or `gitlab-qa` may launch additional services in separate docker containers, or both. Tests tagged with `:orchestrated` are excluded when testing environments where we can't dynamically modify GitLab's configuration (for example, Staging). | +| `:orchestrated` | The GitLab instance under test may be [configured by `gitlab-qa`](https://gitlab.com/gitlab-org/gitlab-qa/-/blob/master/docs/what_tests_can_be_run.md#orchestrated-tests) to be different to the default GitLab configuration, or `gitlab-qa` may launch additional services in separate Docker containers, or both. Tests tagged with `:orchestrated` are excluded when testing environments where we can't dynamically modify GitLab's configuration (for example, Staging). | | `:quarantine` | The test has been [quarantined](https://about.gitlab.com/handbook/engineering/quality/guidelines/debugging-qa-test-failures/#quarantining-tests), will run in a separate job that only includes quarantined tests, and is allowed to fail. The test will be skipped in its regular job so that if it fails it will not hold up the pipeline. | | `:reliable` | The test has been [promoted to a reliable test](https://about.gitlab.com/handbook/engineering/quality/guidelines/reliable-tests/#promoting-an-existing-test-to-reliable) meaning it passes consistently in all pipelines, including merge requests. | | `:requires_admin` | The test requires an admin account. Tests with the tag are excluded when run against Canary and Production environments. | | `:runner` | The test depends on and will set up a GitLab Runner instance, typically to run a pipeline. | | `:gitaly_ha` | The test will run against a GitLab instance where repositories are stored on redundant Gitaly nodes behind a Praefect node. All nodes are [separate containers](../../../administration/gitaly/praefect.md#requirements-for-configuring-a-gitaly-cluster). Tests that use this tag have a longer setup time since there are three additional containers that need to be started. | | `:skip_live_env` | The test will be excluded when run against live deployed environments such as Staging, Canary, and Production. | -| `:jira` | The test requires a Jira Server. [GitLab-QA](https://gitlab.com/gitlab-org/gitlab-qa) will provision the Jira Server in a docker container when the `Test::Integration::Jira` test scenario is run. +| `:jira` | The test requires a Jira Server. [GitLab-QA](https://gitlab.com/gitlab-org/gitlab-qa) will provision the Jira Server in a Docker container when the `Test::Integration::Jira` test scenario is run. diff --git a/doc/development/testing_guide/end_to_end/running_tests_that_require_special_setup.md b/doc/development/testing_guide/end_to_end/running_tests_that_require_special_setup.md index f360226d922..648e37314c3 100644 --- a/doc/development/testing_guide/end_to_end/running_tests_that_require_special_setup.md +++ b/doc/development/testing_guide/end_to_end/running_tests_that_require_special_setup.md @@ -2,13 +2,13 @@ ## Jenkins spec -The [`jenkins_build_status_spec`](https://gitlab.com/gitlab-org/gitlab/blob/163c8a8c814db26d11e104d1cb2dcf02eb567dbe/qa/qa/specs/features/ee/browser_ui/3_create/jenkins/jenkins_build_status_spec.rb) spins up a Jenkins instance in a docker container based on an image stored in the [GitLab-QA container registry](https://gitlab.com/gitlab-org/gitlab-qa/container_registry). -The docker image it uses is preconfigured with some base data and plugins. +The [`jenkins_build_status_spec`](https://gitlab.com/gitlab-org/gitlab/blob/163c8a8c814db26d11e104d1cb2dcf02eb567dbe/qa/qa/specs/features/ee/browser_ui/3_create/jenkins/jenkins_build_status_spec.rb) spins up a Jenkins instance in a Docker container based on an image stored in the [GitLab-QA container registry](https://gitlab.com/gitlab-org/gitlab-qa/container_registry). +The Docker image it uses is preconfigured with some base data and plugins. The test then configures the GitLab plugin in Jenkins with a URL of the GitLab instance that will be used to run the tests. Unfortunately, the GitLab Jenkins plugin does not accept ports so `http://localhost:3000` would -not be accepted. Therefore, this requires us to run GitLab on port 80 or inside a docker container. +not be accepted. Therefore, this requires us to run GitLab on port 80 or inside a Docker container. -To start a docker container for GitLab based on the nightly image: +To start a Docker container for GitLab based on the nightly image: ```shell docker run \ @@ -24,7 +24,7 @@ To run the tests from the `/qa` directory: CHROME_HEADLESS=false bin/qa Test::Instance::All http://localhost -- qa/specs/features/ee/browser_ui/3_create/jenkins/jenkins_build_status_spec.rb ``` -The test will automatically spinup a docker container for Jenkins and tear down once the test completes. +The test will automatically spinup a Docker container for Jenkins and tear down once the test completes. However, if you need to run Jenkins manually outside of the tests, use this command: @@ -46,5 +46,5 @@ only to prevent it from running in the pipelines for live environments such as S ### Troubleshooting -If Jenkins docker container exits without providing any information in the logs, try increasing the memory used by +If Jenkins Docker container exits without providing any information in the logs, try increasing the memory used by the Docker Engine. diff --git a/doc/install/digitaloceandocker.md b/doc/install/digitaloceandocker.md index ccfb97afe28..fe32b37a9ed 100644 --- a/doc/install/digitaloceandocker.md +++ b/doc/install/digitaloceandocker.md @@ -31,12 +31,12 @@ locally on either macOS or Linux. NOTE: **Note:** The rest of the steps are identical for macOS and Linux. -## Create new docker host +## Create new Docker host 1. Login to Digital Ocean. 1. Generate a new API token at . - This command will create a new DO droplet called `gitlab-test-env-do` that will act as a docker host. + This command will create a new DO droplet called `gitlab-test-env-do` that will act as a Docker host. NOTE: **Note:** 4GB is the minimum requirement for a Docker host that will run more than one GitLab instance. @@ -69,20 +69,20 @@ Resource: . In this example we'll create a GitLab EE 8.10.8 instance. -First connect the docker client to the docker host you created previously. +First connect the Docker client to the Docker host you created previously. ```shell eval "$(docker-machine env gitlab-test-env-do)" ``` -You can add this to your `~/.bash_profile` file to ensure the `docker` client uses the `gitlab-test-env-do` docker host +You can add this to your `~/.bash_profile` file to ensure the `docker` client uses the `gitlab-test-env-do` Docker host ### Create new GitLab container - HTTP port: `8888` - SSH port: `2222` - Set `gitlab_shell_ssh_port` using `--env GITLAB_OMNIBUS_CONFIG` -- Hostname: IP of docker host +- Hostname: IP of Docker host - Container name: `gitlab-test-8.10` - GitLab version: **EE** `8.10.8-ee.0` @@ -108,7 +108,7 @@ gitlab/gitlab-ee:$VERSION ### Connect to the GitLab container -#### Retrieve the docker host IP +#### Retrieve the Docker host IP ```shell docker-machine ip gitlab-test-env-do diff --git a/doc/install/installation.md b/doc/install/installation.md index 5c323be7eb5..741c248129d 100644 --- a/doc/install/installation.md +++ b/doc/install/installation.md @@ -216,10 +216,9 @@ The Ruby interpreter is required to run GitLab. dropped support for Ruby 2.5.x. The use of Ruby version managers such as [RVM](https://rvm.io/), [rbenv](https://github.com/rbenv/rbenv) or [chruby](https://github.com/postmodern/chruby) with GitLab -in production, frequently leads to hard to diagnose problems. For example, -GitLab Shell is called from OpenSSH, and having a version manager can prevent -pushing and pulling over SSH. Version managers are not supported and we strongly -advise everyone to follow the instructions below to use a system Ruby. +in production, frequently leads to hard to diagnose problems. Version managers +are not supported and we strongly advise everyone to follow the instructions +below to use a system Ruby. Linux distributions generally have older versions of Ruby available, so these instructions are designed to install Ruby from the official source code. @@ -565,8 +564,8 @@ If you want to use Kerberos for user authentication, omit `kerberos` in the `--w GitLab Shell is an SSH access and repository management software developed specially for GitLab. ```shell -# Run the installation task for gitlab-shell (replace `REDIS_URL` if needed): -sudo -u git -H bundle exec rake gitlab:shell:install REDIS_URL=unix:/var/run/redis/redis.sock RAILS_ENV=production SKIP_STORAGE_VALIDATION=true +# Run the installation task for gitlab-shell: +sudo -u git -H bundle exec rake gitlab:shell:install RAILS_ENV=production # By default, the gitlab-shell config is generated from your main GitLab config. # You can review (and modify) the gitlab-shell config as follows: @@ -579,13 +578,6 @@ If you want to use HTTPS, see [Using HTTPS](#using-https) for the additional ste NOTE: **Note:** Make sure your hostname can be resolved on the machine itself by either a proper DNS record or an additional line in `/etc/hosts` ("127.0.0.1 hostname"). This might be necessary, for example, if you set up GitLab behind a reverse proxy. If the hostname cannot be resolved, the final installation check will fail with `Check GitLab API access: FAILED. code: 401` and pushing commits will be rejected with `[remote rejected] master -> master (hook declined)`. -NOTE: **Note:** -GitLab Shell application startup time can be greatly reduced by disabling RubyGems. This can be done in several ways: - -- Export `RUBYOPT=--disable-gems` environment variable for the processes. -- Compile Ruby with `configure --disable-rubygems` to disable RubyGems by default. Not recommended for system-wide Ruby. -- Omnibus GitLab [replaces the *shebang* line of the `gitlab-shell/bin/*` scripts](https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/1707). - ### Install GitLab Workhorse GitLab-Workhorse uses [GNU Make](https://www.gnu.org/software/make/). The diff --git a/doc/install/openshift_and_gitlab/index.md b/doc/install/openshift_and_gitlab/index.md index fd81b7f6caf..7ae23d6831e 100644 --- a/doc/install/openshift_and_gitlab/index.md +++ b/doc/install/openshift_and_gitlab/index.md @@ -253,7 +253,7 @@ related object definitions to be created together, as well as a set of parameters for those objects. The template for GitLab resides in the Omnibus GitLab repository under the -docker directory. Let's download it locally with `wget`: +Docker directory. Let's download it locally with `wget`: ```shell wget https://gitlab.com/gitlab-org/omnibus-gitlab/raw/master/docker/openshift-template.json @@ -324,7 +324,7 @@ Now that we configured this, let's see how to manage and scale GitLab. Setting up GitLab for the first time might take a while depending on your internet connection and the resources you have attached to the all-in-one VM. -GitLab's docker image is quite big (~500MB), so you'll have to wait until +GitLab's Docker image is quite big (~500MB), so you'll have to wait until it's downloaded and configured before you use it. ### Watch while GitLab gets deployed diff --git a/doc/raketasks/backup_restore.md b/doc/raketasks/backup_restore.md index a0d2d1d880f..87e9e630c82 100644 --- a/doc/raketasks/backup_restore.md +++ b/doc/raketasks/backup_restore.md @@ -832,7 +832,7 @@ version of GitLab, the restore command will abort with an error. Install the For GitLab installations using the Docker image or the GitLab Helm chart on a Kubernetes cluster, the restore task expects the restore directories to be empty. -However, with docker and Kubernetes volume mounts, some system level directories +However, with Docker and Kubernetes volume mounts, some system level directories may be created at the volume roots, like `lost+found` directory found in Linux operating systems. These directories are usually owned by `root`, which can cause access permission errors since the restore Rake task runs as `git` user. @@ -842,7 +842,7 @@ directories are empty. For both these installation types, the backup tarball has to be available in the backup location (default location is `/var/opt/gitlab/backups`). -For docker installations, the restore task can be run from host: +For Docker installations, the restore task can be run from host: ```shell docker exec -it gitlab-backup restore diff --git a/doc/topics/airgap/index.md b/doc/topics/airgap/index.md index 076d4674586..6d4c486d350 100644 --- a/doc/topics/airgap/index.md +++ b/doc/topics/airgap/index.md @@ -89,7 +89,7 @@ template: | `SECURE_BINARIES_DOWNLOAD_IMAGES` | Used to disable jobs | `"true"` | | `SECURE_BINARIES_PUSH_IMAGES` | Push files to the project registry | `"true"` | | `SECURE_BINARIES_SAVE_ARTIFACTS` | Also save image archives as artifacts | `"false"` | -| `SECURE_BINARIES_ANALYZER_VERSION` | Default analyzer version (docker tag) | `"2"` | +| `SECURE_BINARIES_ANALYZER_VERSION` | Default analyzer version (Docker tag) | `"2"` | ### Alternate way without the official template diff --git a/doc/topics/airgap/quick_start_guide.md b/doc/topics/airgap/quick_start_guide.md index 8d0ff3558ce..0abdd08ffcf 100644 --- a/doc/topics/airgap/quick_start_guide.md +++ b/doc/topics/airgap/quick_start_guide.md @@ -74,7 +74,7 @@ Follow these steps to enable the container registry. Note that these steps refle sudo gitlab-ctl reconfigure ``` -## Allow the docker daemon to trust the registry and GitLab Runner +## Allow the Docker daemon to trust the registry and GitLab Runner Provide your Docker daemon with your certs by [following the steps for using trusted certificates with your registry](../../administration/packages/container_registry.md#using-self-signed-certificates-with-container-registry): @@ -125,7 +125,7 @@ Now we must add some additional configuration to our runner: Make the following changes to `/etc/gitlab-runner/config.toml`: -- Add docker socket to volumes `volumes = ["/var/run/docker.sock:/var/run/docker.sock", "/cache"]` +- Add Docker socket to volumes `volumes = ["/var/run/docker.sock:/var/run/docker.sock", "/cache"]` - Add `pull_policy = "if-not-present"` to the executor configuration Now we can start our Runner: diff --git a/doc/user/application_security/container_scanning/index.md b/doc/user/application_security/container_scanning/index.md index f48a23e64dd..418e534a69d 100644 --- a/doc/user/application_security/container_scanning/index.md +++ b/doc/user/application_security/container_scanning/index.md @@ -462,7 +462,7 @@ Read more about the [solutions for vulnerabilities](../index.md#solutions-for-vu ## Troubleshooting -### docker: Error response from daemon: failed to copy xattrs +### `docker: Error response from daemon: failed to copy xattrs` When the GitLab Runner uses the Docker executor and NFS is used (for example, `/var/lib/docker` is on an NFS mount), Container Scanning might fail with diff --git a/doc/user/application_security/dependency_scanning/index.md b/doc/user/application_security/dependency_scanning/index.md index 8fdab4b533f..66d3f8a5a00 100644 --- a/doc/user/application_security/dependency_scanning/index.md +++ b/doc/user/application_security/dependency_scanning/index.md @@ -546,7 +546,7 @@ As a workaround, remove the [`retire.js`](analyzers.md#selecting-specific-analyz ## Troubleshooting -### Error response from daemon: error processing tar file: docker-tar: relocation error +### `Error response from daemon: error processing tar file: docker-tar: relocation error` This error occurs when the Docker version that runs the Dependency Scanning job is `19.03.00`. Consider updating to Docker `19.03.1` or greater. Older versions are not diff --git a/doc/user/application_security/index.md b/doc/user/application_security/index.md index 86f4ca5511b..2c864e5161d 100644 --- a/doc/user/application_security/index.md +++ b/doc/user/application_security/index.md @@ -70,7 +70,7 @@ The scanning tools and vulnerabilities database are updated regularly. | Secure scanning tool | Vulnerabilities database updates | |:-------------------------------------------------------------|-------------------------------------------| -| [Container Scanning](container_scanning/index.md) | Uses `clair`. The latest `clair-db` version is used for each job by running the [`latest` docker image tag](https://gitlab.com/gitlab-org/gitlab/blob/438a0a56dc0882f22bdd82e700554525f552d91b/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml#L37). The `clair-db` database [is updated daily according to the author](https://github.com/arminc/clair-local-scan#clair-server-or-local). | +| [Container Scanning](container_scanning/index.md) | Uses `clair`. The latest `clair-db` version is used for each job by running the [`latest` Docker image tag](https://gitlab.com/gitlab-org/gitlab/blob/438a0a56dc0882f22bdd82e700554525f552d91b/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml#L37). The `clair-db` database [is updated daily according to the author](https://github.com/arminc/clair-local-scan#clair-server-or-local). | | [Dependency Scanning](dependency_scanning/index.md) | Relies on `bundler-audit` (for Rubygems), `retire.js` (for NPM packages), and `gemnasium` (GitLab's own tool for all libraries). Both `bundler-audit` and `retire.js` fetch their vulnerabilities data from GitHub repositories, so vulnerabilities added to `ruby-advisory-db` and `retire.js` are immediately available. The tools themselves are updated once per month if there's a new version. The [Gemnasium DB](https://gitlab.com/gitlab-org/security-products/gemnasium-db) is updated at least once a week. See our [current measurement of time from CVE being issued to our product being updated](https://about.gitlab.com/handbook/engineering/development/performance-indicators/#cve-issue-to-update). | | [Dynamic Application Security Testing (DAST)](dast/index.md) | The scanning engine is updated on a periodic basis. See the [version of the underlying tool `zaproxy`](https://gitlab.com/gitlab-org/security-products/dast/blob/master/Dockerfile#L1). The scanning rules are downloaded at scan runtime. | | [Static Application Security Testing (SAST)](sast/index.md) | Relies exclusively on [the tools GitLab wraps](sast/index.md#supported-languages-and-frameworks). The underlying analyzers are updated at least once per month if a relevant update is available. The vulnerabilities database is updated by the upstream tools. | diff --git a/doc/user/application_security/sast/index.md b/doc/user/application_security/sast/index.md index 8d78dc53367..3ea7f6aba15 100644 --- a/doc/user/application_security/sast/index.md +++ b/doc/user/application_security/sast/index.md @@ -557,7 +557,7 @@ security reports without requiring internet access. ## Troubleshooting -### Error response from daemon: error processing tar file: docker-tar: relocation error +### `Error response from daemon: error processing tar file: docker-tar: relocation error` This error occurs when the Docker version that runs the SAST job is `19.03.0`. Consider updating to Docker `19.03.1` or greater. Older versions are not diff --git a/doc/user/packages/container_registry/index.md b/doc/user/packages/container_registry/index.md index c9ceafd0b30..17d15339494 100644 --- a/doc/user/packages/container_registry/index.md +++ b/doc/user/packages/container_registry/index.md @@ -243,7 +243,7 @@ For private and internal projects: ### Container Registry examples with GitLab CI/CD -If you're using docker-in-docker on your Runners, this is how your `.gitlab-ci.yml` +If you're using Docker-in-Docker on your Runners, this is how your `.gitlab-ci.yml` should look similar to this: ```yaml @@ -350,11 +350,11 @@ or [Kubernetes](https://docs.gitlab.com/runner/executors/kubernetes.html) execut make sure that [`pull_policy`](https://docs.gitlab.com/runner/executors/docker.html#how-pull-policies-work) is set to `always`. -### Using a docker-in-docker image from your Container Registry +### Using a Docker-in-Docker image from your Container Registry -If you want to use your own Docker images for docker-in-docker, there are a few +If you want to use your own Docker images for Docker-in-Docker, there are a few things you need to do in addition to the steps in the -[docker-in-docker](../../../ci/docker/using_docker_build.md#use-docker-in-docker-workflow-with-docker-executor) section: +[Docker-in-Docker](../../../ci/docker/using_docker_build.md#use-docker-in-docker-workflow-with-docker-executor) section: 1. Update the `image` and `service` to point to your registry. 1. Add a service [alias](../../../ci/yaml/README.md#servicesalias). diff --git a/doc/user/project/merge_requests/browser_performance_testing.md b/doc/user/project/merge_requests/browser_performance_testing.md index b0378ee68de..390d480724d 100644 --- a/doc/user/project/merge_requests/browser_performance_testing.md +++ b/doc/user/project/merge_requests/browser_performance_testing.md @@ -60,7 +60,7 @@ on your code by using GitLab CI/CD and [sitespeed.io](https://www.sitespeed.io) using Docker-in-Docker. 1. First, set up GitLab Runner with a - [docker-in-docker build](../../../ci/docker/using_docker_build.md#use-docker-in-docker-workflow-with-docker-executor). + [Docker-in-Docker build](../../../ci/docker/using_docker_build.md#use-docker-in-docker-workflow-with-docker-executor). 1. After configuring the Runner, add a new job to `.gitlab-ci.yml` that generates the expected report. 1. Define the `performance` job according to your version of GitLab: diff --git a/doc/user/project/merge_requests/code_quality.md b/doc/user/project/merge_requests/code_quality.md index beb90e30906..eeb173f786f 100644 --- a/doc/user/project/merge_requests/code_quality.md +++ b/doc/user/project/merge_requests/code_quality.md @@ -67,7 +67,7 @@ This example shows how to run Code Quality on your code by using GitLab CI/CD an First, you need GitLab Runner configured: -- For the [docker-in-docker workflow](../../../ci/docker/using_docker_build.md#use-docker-in-docker-workflow-with-docker-executor). +- For the [Docker-in-Docker workflow](../../../ci/docker/using_docker_build.md#use-docker-in-docker-workflow-with-docker-executor). - With enough disk space to handle generated Code Quality files. For example on the [GitLab project](https://gitlab.com/gitlab-org/gitlab) the files are approximately 7 GB. Once you set up the Runner, include the CodeQuality template in your CI config: @@ -120,7 +120,7 @@ This information will be automatically extracted and shown right in the merge re CAUTION: **Caution:** On self-managed instances, if a malicious actor compromises the Code Quality job -definition they will be able to execute privileged docker commands on the Runner +definition they will be able to execute privileged Docker commands on the Runner host. Having proper access control policies mitigates this attack vector by allowing access only to trusted actors. diff --git a/doc/user/project/new_ci_build_permissions_model.md b/doc/user/project/new_ci_build_permissions_model.md index eff0f539c30..8fa56dbda03 100644 --- a/doc/user/project/new_ci_build_permissions_model.md +++ b/doc/user/project/new_ci_build_permissions_model.md @@ -178,7 +178,7 @@ git clone https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com// ~/.netrc diff --git a/doc/user/project/settings/index.md b/doc/user/project/settings/index.md index 03adb178bd4..a5040dd1e03 100644 --- a/doc/user/project/settings/index.md +++ b/doc/user/project/settings/index.md @@ -55,7 +55,7 @@ Use the switches to enable or disable the following features: | **Merge Requests** | ✓ | Enables [merge request](../merge_requests/) functionality; also see [Merge request settings](#merge-request-settings) | | **Forks** | ✓ | Enables [forking](../index.md#fork-a-project) functionality | | **Pipelines** | ✓ | Enables [CI/CD](../../../ci/README.md) functionality | -| **Container Registry** | | Activates a [registry](../../packages/container_registry/) for your docker images | +| **Container Registry** | | Activates a [registry](../../packages/container_registry/) for your Docker images | | **Git Large File Storage** | | Enables the use of [large files](../../../topics/git/lfs/index.md#git-large-file-storage-lfs) | | **Packages** | | Supports configuration of a [package registry](../../../administration/packages/index.md#gitlab-package-registry-administration-premium-only) functionality | | **Wiki** | ✓ | Enables a separate system for [documentation](../wiki/) | diff --git a/lib/gitlab/data_builder/note.rb b/lib/gitlab/data_builder/note.rb index 2c4ef73a688..73518d36d43 100644 --- a/lib/gitlab/data_builder/note.rb +++ b/lib/gitlab/data_builder/note.rb @@ -55,7 +55,7 @@ module Gitlab end def build_base_data(project, user, note) - event_type = note.confidential? ? 'confidential_note' : 'note' + event_type = note.confidential?(include_noteable: true) ? 'confidential_note' : 'note' base_data = { object_kind: "note", diff --git a/lib/gitlab/instrumentation_helper.rb b/lib/gitlab/instrumentation_helper.rb index 0f5a3280158..5cd0eacbb93 100644 --- a/lib/gitlab/instrumentation_helper.rb +++ b/lib/gitlab/instrumentation_helper.rb @@ -20,42 +20,59 @@ module Gitlab DURATION_PRECISION = 6 # microseconds def add_instrumentation_data(payload) + instrument_gitaly(payload) + instrument_rugged(payload) + instrument_redis(payload) + instrument_redis_bytes(payload) + instrument_elasticsearch(payload) + end + + def instrument_gitaly(payload) gitaly_calls = Gitlab::GitalyClient.get_request_count - if gitaly_calls > 0 - payload[:gitaly_calls] = gitaly_calls - payload[:gitaly_duration_s] = Gitlab::GitalyClient.query_time - end + return if gitaly_calls == 0 + payload[:gitaly_calls] = gitaly_calls + payload[:gitaly_duration_s] = Gitlab::GitalyClient.query_time + end + + def instrument_rugged(payload) rugged_calls = Gitlab::RuggedInstrumentation.query_count - if rugged_calls > 0 - payload[:rugged_calls] = rugged_calls - payload[:rugged_duration_s] = Gitlab::RuggedInstrumentation.query_time - end + return if rugged_calls == 0 + payload[:rugged_calls] = rugged_calls + payload[:rugged_duration_s] = Gitlab::RuggedInstrumentation.query_time + end + + def instrument_redis(payload) redis_calls = Gitlab::Instrumentation::Redis.get_request_count - if redis_calls > 0 - payload[:redis_calls] = redis_calls - payload[:redis_duration_s] = Gitlab::Instrumentation::Redis.query_time - end + return if redis_calls == 0 + payload[:redis_calls] = redis_calls + payload[:redis_duration_s] = Gitlab::Instrumentation::Redis.query_time + end + + def instrument_redis_bytes(payload) redis_read_bytes = Gitlab::Instrumentation::Redis.read_bytes redis_write_bytes = Gitlab::Instrumentation::Redis.write_bytes - if redis_read_bytes > 0 || redis_write_bytes > 0 - payload[:redis_read_bytes] = redis_read_bytes - payload[:redis_write_bytes] = redis_write_bytes - end + return if redis_read_bytes == 0 && redis_write_bytes == 0 + + payload[:redis_read_bytes] = redis_read_bytes + payload[:redis_write_bytes] = redis_write_bytes + end + + def instrument_elasticsearch(payload) # Elasticsearch integration is only available in EE but instrumentation # only depends on the Gem which is also available in FOSS. elasticsearch_calls = Gitlab::Instrumentation::ElasticsearchTransport.get_request_count - if elasticsearch_calls > 0 - payload[:elasticsearch_calls] = elasticsearch_calls - payload[:elasticsearch_duration_s] = Gitlab::Instrumentation::ElasticsearchTransport.query_time - end + return if elasticsearch_calls == 0 + + payload[:elasticsearch_calls] = elasticsearch_calls + payload[:elasticsearch_duration_s] = Gitlab::Instrumentation::ElasticsearchTransport.query_time end # Returns the queuing duration for a Sidekiq job in seconds, as a float, if the diff --git a/lib/tasks/gitlab/shell.rake b/lib/tasks/gitlab/shell.rake index d6e62a5c550..edbaec85bd9 100644 --- a/lib/tasks/gitlab/shell.rake +++ b/lib/tasks/gitlab/shell.rake @@ -21,25 +21,12 @@ namespace :gitlab do gitlab_url: gitlab_url, http_settings: { self_signed_cert: false }.stringify_keys, auth_file: File.join(user_home, ".ssh", "authorized_keys"), - redis: { - bin: `which redis-cli`.chomp, - namespace: "resque:gitlab" - }.stringify_keys, log_level: "INFO", audit_usernames: false }.stringify_keys - redis_url = URI.parse(ENV['REDIS_URL'] || "redis://localhost:6379") - - if redis_url.scheme == 'unix' - config['redis']['socket'] = redis_url.path - else - config['redis']['host'] = redis_url.host - config['redis']['port'] = redis_url.port - end - # Generate config.yml based on existing gitlab settings - File.open("config.yml", "w+") {|f| f.puts config.to_yaml} + File.open("config.yml", "w+") {|f| f.puts config.to_yaml } [ %w(bin/install) + repository_storage_paths_args, diff --git a/locale/gitlab.pot b/locale/gitlab.pot index afe756cc1ce..3fd94e01730 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -1775,12 +1775,18 @@ msgstr "" msgid "AlertManagement|Alert details" msgstr "" +msgid "AlertManagement|Alert status: %{status}" +msgstr "" + msgid "AlertManagement|Alerts" msgstr "" msgid "AlertManagement|All alerts" msgstr "" +msgid "AlertManagement|Assign status" +msgstr "" + msgid "AlertManagement|Authorize external service" msgstr "" @@ -1793,6 +1799,9 @@ msgstr "" msgid "AlertManagement|Display alerts from all your monitoring tools directly within GitLab. Streamline the investigation of your alerts and the escalation of alerts to incidents." msgstr "" +msgid "AlertManagement|Edit" +msgstr "" + msgid "AlertManagement|End time" msgstr "" @@ -1823,6 +1832,9 @@ msgstr "" msgid "AlertManagement|No alerts to display." msgstr "" +msgid "AlertManagement|None" +msgstr "" + msgid "AlertManagement|Open" msgstr "" @@ -17638,6 +17650,9 @@ msgstr "" msgid "Queued" msgstr "" +msgid "Quick actions" +msgstr "" + msgid "Quick actions can be used in the issues description and comment boxes." msgstr "" diff --git a/spec/frontend/alert_management/components/alert_management_detail_spec.js b/spec/frontend/alert_management/components/alert_management_detail_spec.js index b1dff3d8ebb..0bb5dd4d256 100644 --- a/spec/frontend/alert_management/components/alert_management_detail_spec.js +++ b/spec/frontend/alert_management/components/alert_management_detail_spec.js @@ -1,27 +1,20 @@ import { mount, shallowMount } from '@vue/test-utils'; -import { GlAlert, GlLoadingIcon, GlDropdownItem, GlTable } from '@gitlab/ui'; +import { GlAlert, GlLoadingIcon, GlTable } from '@gitlab/ui'; import AlertDetails from '~/alert_management/components/alert_details.vue'; -import updateAlertStatus from '~/alert_management/graphql/mutations/update_alert_status.graphql'; import createIssueQuery from '~/alert_management/graphql/mutations/create_issue_from_alert.graphql'; -import createFlash from '~/flash'; import { joinPaths } from '~/lib/utils/url_utility'; -import { - trackAlertsDetailsViewsOptions, - trackAlertStatusUpdateOptions, -} from '~/alert_management/constants'; +import { trackAlertsDetailsViewsOptions } from '~/alert_management/constants'; import Tracking from '~/tracking'; import mockAlerts from '../mocks/alerts.json'; const mockAlert = mockAlerts[0]; -jest.mock('~/flash'); describe('AlertDetails', () => { let wrapper; const projectPath = 'root/alerts'; const projectIssuesPath = 'root/alerts/-/issues'; - const findStatusDropdownItem = () => wrapper.find(GlDropdownItem); const findDetailsTable = () => wrapper.find(GlTable); function mountComponent({ @@ -258,52 +251,6 @@ describe('AlertDetails', () => { }); }); - describe('Updating the alert status', () => { - const mockUpdatedMutationResult = { - data: { - updateAlertStatus: { - errors: [], - alert: { - status: 'acknowledged', - }, - }, - }, - }; - - beforeEach(() => { - mountComponent({ - props: { alertManagementEnabled: true, userCanEnableAlertManagement: true }, - data: { alert: mockAlert }, - loading: false, - }); - }); - - it('calls `$apollo.mutate` with `updateAlertStatus` mutation and variables containing `iid`, `status`, & `projectPath`', () => { - jest.spyOn(wrapper.vm.$apollo, 'mutate').mockResolvedValue(mockUpdatedMutationResult); - findStatusDropdownItem().vm.$emit('click'); - - expect(wrapper.vm.$apollo.mutate).toHaveBeenCalledWith({ - mutation: updateAlertStatus, - variables: { - iid: 'alertId', - status: 'TRIGGERED', - projectPath, - }, - }); - }); - - it('calls `createFlash` when request fails', () => { - jest.spyOn(wrapper.vm.$apollo, 'mutate').mockReturnValue(Promise.reject(new Error())); - findStatusDropdownItem().vm.$emit('click'); - - setImmediate(() => { - expect(createFlash).toHaveBeenCalledWith( - 'There was an error while updating the status of the alert. Please try again.', - ); - }); - }); - }); - describe('Snowplow tracking', () => { beforeEach(() => { jest.spyOn(Tracking, 'event'); @@ -318,16 +265,5 @@ describe('AlertDetails', () => { const { category, action } = trackAlertsDetailsViewsOptions; expect(Tracking.event).toHaveBeenCalledWith(category, action); }); - - it('should track alert status updates', () => { - Tracking.event.mockClear(); - jest.spyOn(wrapper.vm.$apollo, 'mutate').mockResolvedValue({}); - findStatusDropdownItem().vm.$emit('click'); - const status = findStatusDropdownItem().text(); - setImmediate(() => { - const { category, action, label } = trackAlertStatusUpdateOptions; - expect(Tracking.event).toHaveBeenCalledWith(category, action, { label, property: status }); - }); - }); }); }); diff --git a/spec/frontend/alert_management/components/alert_sidebar_spec.js b/spec/frontend/alert_management/components/alert_sidebar_spec.js new file mode 100644 index 00000000000..1d581e8e2f1 --- /dev/null +++ b/spec/frontend/alert_management/components/alert_sidebar_spec.js @@ -0,0 +1,37 @@ +import { shallowMount } from '@vue/test-utils'; +import AlertSidebar from '~/alert_management/components/alert_sidebar.vue'; + +describe('Alert Details Sidebar', () => { + let wrapper; + + function mountComponent({ + sidebarCollapsed = true, + mountMethod = shallowMount, + stubs = {}, + } = {}) { + wrapper = mountMethod(AlertSidebar, { + propsData: { + alert: {}, + sidebarCollapsed, + projectPath: 'projectPath', + }, + stubs, + }); + } + + afterEach(() => { + if (wrapper) { + wrapper.destroy(); + } + }); + + describe('the sidebar renders', () => { + beforeEach(() => { + mountComponent(); + }); + + it('open as default', () => { + expect(wrapper.props('sidebarCollapsed')).toBe(true); + }); + }); +}); diff --git a/spec/frontend/alert_management/components/alert_sidebar_status_spec.js b/spec/frontend/alert_management/components/alert_sidebar_status_spec.js new file mode 100644 index 00000000000..d8d6634a46e --- /dev/null +++ b/spec/frontend/alert_management/components/alert_sidebar_status_spec.js @@ -0,0 +1,113 @@ +import { shallowMount } from '@vue/test-utils'; +import { GlDropdownItem, GlLoadingIcon } from '@gitlab/ui'; +import { trackAlertStatusUpdateOptions } from '~/alert_management/constants'; +import AlertSidebarStatus from '~/alert_management/components/sidebar/sidebar_status.vue'; +import updateAlertStatus from '~/alert_management/graphql/mutations/update_alert_status.graphql'; +import Tracking from '~/tracking'; +import mockAlerts from '../mocks/alerts.json'; + +const mockAlert = mockAlerts[0]; + +describe('Alert Details Sidebar Status', () => { + let wrapper; + const findStatusDropdownItem = () => wrapper.find(GlDropdownItem); + const findStatusLoadingIcon = () => wrapper.find(GlLoadingIcon); + + function mountComponent({ + data, + sidebarCollapsed = true, + loading = false, + mountMethod = shallowMount, + stubs = {}, + } = {}) { + wrapper = mountMethod(AlertSidebarStatus, { + propsData: { + alert: { ...mockAlert }, + ...data, + sidebarCollapsed, + projectPath: 'projectPath', + }, + mocks: { + $apollo: { + mutate: jest.fn(), + queries: { + alert: { + loading, + }, + }, + }, + }, + stubs, + }); + } + + afterEach(() => { + if (wrapper) { + wrapper.destroy(); + } + }); + + describe('updating the alert status', () => { + const mockUpdatedMutationResult = { + data: { + updateAlertStatus: { + errors: [], + alert: { + status: 'acknowledged', + }, + }, + }, + }; + + beforeEach(() => { + mountComponent({ + data: { alert: mockAlert }, + sidebarCollapsed: false, + loading: false, + }); + }); + + it('calls `$apollo.mutate` with `updateAlertStatus` mutation and variables containing `iid`, `status`, & `projectPath`', () => { + jest.spyOn(wrapper.vm.$apollo, 'mutate').mockResolvedValue(mockUpdatedMutationResult); + findStatusDropdownItem().vm.$emit('click'); + + expect(wrapper.vm.$apollo.mutate).toHaveBeenCalledWith({ + mutation: updateAlertStatus, + variables: { + iid: '1527542', + status: 'TRIGGERED', + projectPath: 'projectPath', + }, + }); + }); + + it('stops updating when the request fails', () => { + jest.spyOn(wrapper.vm.$apollo, 'mutate').mockReturnValue(Promise.reject(new Error())); + findStatusDropdownItem().vm.$emit('click'); + expect(findStatusLoadingIcon().exists()).toBe(false); + expect(wrapper.find('.gl-text-gray-700').text()).toBe('Triggered'); + }); + }); + + describe('Snowplow tracking', () => { + beforeEach(() => { + jest.spyOn(Tracking, 'event'); + mountComponent({ + props: { alertManagementEnabled: true, userCanEnableAlertManagement: true }, + data: { alert: mockAlert }, + loading: false, + }); + }); + + it('should track alert status updates', () => { + Tracking.event.mockClear(); + jest.spyOn(wrapper.vm.$apollo, 'mutate').mockResolvedValue({}); + findStatusDropdownItem().vm.$emit('click'); + const status = findStatusDropdownItem().text(); + setImmediate(() => { + const { category, action, label } = trackAlertStatusUpdateOptions; + expect(Tracking.event).toHaveBeenCalledWith(category, action, { label, property: status }); + }); + }); + }); +}); diff --git a/spec/lib/gitlab/graphql/pagination/keyset/connection_spec.rb b/spec/lib/gitlab/graphql/pagination/keyset/connection_spec.rb index c24e02661d3..38a35261b97 100644 --- a/spec/lib/gitlab/graphql/pagination/keyset/connection_spec.rb +++ b/spec/lib/gitlab/graphql/pagination/keyset/connection_spec.rb @@ -9,14 +9,6 @@ describe Gitlab::Graphql::Pagination::Keyset::Connection do let(:schema) { GraphQL::Schema.define(query: query_type, mutation: nil)} let(:context) { GraphQL::Query::Context.new(query: OpenStruct.new(schema: schema), values: nil, object: nil) } - before do - stub_const('NoPrimaryKey', Class.new(ActiveRecord::Base)) - NoPrimaryKey.class_eval do - self.table_name = 'no_primary_key' - self.primary_key = nil - end - end - subject(:connection) do described_class.new(nodes, { context: context, max_page_size: 3 }.merge(arguments)) end @@ -303,6 +295,14 @@ describe Gitlab::Graphql::Pagination::Keyset::Connection do end context 'when there is no primary key' do + before do + stub_const('NoPrimaryKey', Class.new(ActiveRecord::Base)) + NoPrimaryKey.class_eval do + self.table_name = 'no_primary_key' + self.primary_key = nil + end + end + let(:nodes) { NoPrimaryKey.all } it 'raises an error' do diff --git a/spec/models/note_spec.rb b/spec/models/note_spec.rb index 182c9722636..3d204aa90c6 100644 --- a/spec/models/note_spec.rb +++ b/spec/models/note_spec.rb @@ -305,11 +305,22 @@ describe Note do describe '#confidential?' do context 'when note is not confidential' do - it 'is true when a noteable is confidential' do - issue = create(:issue, :confidential) - note = build(:note, noteable: issue, project: issue.project) + context 'when include_noteable is set to true' do + it 'is true when a noteable is confidential ' do + issue = create(:issue, :confidential) + note = build(:note, noteable: issue, project: issue.project) - expect(note.confidential?).to be_truthy + expect(note.confidential?(include_noteable: true)).to be_truthy + end + end + + context 'when include_noteable is not set to true' do + it 'is false when a noteable is confidential ' do + issue = create(:issue, :confidential) + note = build(:note, noteable: issue, project: issue.project) + + expect(note.confidential?).to be_falsey + end end it 'is false when a noteable is not confidential' do @@ -319,7 +330,7 @@ describe Note do expect(note.confidential?).to be_falsy end - it "is falsey when noteable can't be confidential" do + it "is false when noteable can't be confidential" do commit_note = build(:note_on_commit) expect(commit_note.confidential?).to be_falsy