diff --git a/.git-blame-ignore-revs b/.git-blame-ignore-revs new file mode 100644 index 00000000000..91542cdbc00 --- /dev/null +++ b/.git-blame-ignore-revs @@ -0,0 +1,130 @@ +# This file contains revisions to be ignored by git blame. +# These revisions are expected to be formatting-only changes. +# +# Calling `git blame --ignore-revs-file .git-blame-ignore-revs` will +# tell git blame to ignore changes made by these revisions when assigning +# assigning blame, as if the change never happened. +# +# You can enable this as a default for your local repository by running +# `git config blame.ignoreRevsFile .git-blame-ignore-revs` +# This will probably be automatically picked by your IDE +# (VSCode+GitLens and JetBrains products are confirmed to this) +# +# Important: if you are switching to the branch without this file, +# `git blame` will fail with an error +# +# Guidelines: +# - Only large automated refactorings are expected to be included in this file. +# Do not add new revision just because it feels unimportant +# - When adding sinle revision use inline comment to link relevant issue/MR +# Example: +## d4a8b7307acc2dc8a8833ccfa65426ad28b3ffc9 # https://gitlab.com/gitlab-org/frontend/rfcs/-/issues/60 +# - When adding multiple revisions precede each addition (this could be multiple revisions) with a link to +# line with word START and link to relevant issue/MR/epic and conclude with line END and link to the +# same issue/MR/epic +# Example: +# # START https://gitlab.com/gitlab-org/issues/12345 +# 6f0bd2d8a1e6cd2e794cd39976e9756e0c85ac66 +# d53974df11dbc22cbea9dc7dcbc9896c25979a27 +# ... +# # END https://gitlab.com/gitlab-org/issues/12345 +# - Please append new lines to the end of the file, no matter of real chronological +# order of revisions +# - Since this is using hashes for reformatting it might be a good idea to update +# this file in separate MR when relevant changes already landed in master. By +# utilizing this manner you will be safe from random rebase/squash issues +# - Only put full 40-character hashes on this list + +# START https://gitlab.com/gitlab-org/frontend/rfcs/-/issues/60 +f2d28d7ab8525944fda634241a780006594fbe1a +94cfbb0ce38e893edda33ebc069bfa616a08a961 +b69f448f0685ad96edc474f75a17e0278a6d6011 +52907ac20c3af337544bdf18023730b9ada4b157 +d4a8b7307acc2dc8a8833ccfa65426ad28b3ffc9 +468cb9f0a4b88bf686f3e78250834f7c9d31ff76 +a536349d1d219f0b79a7a711d37dd1c705e49128 +6f0bd2d8a1e6cd2e794cd39976e9756e0c85ac66 +d53974df11dbc22cbea9dc7dcbc9896c25979a27 +818537524d13469cbc7ac5cb89263378b4cddca4 +bcbbcb2e708868099301ad5039badfba2128d47b +a4c662da544b38b7e593eb79f24b24c5cb2f205e +9aa1f6207a91a76940b34c921ce89894fcd74a06 +66da09846a17435f332296f73af44919ff2cfb52 +216f795bab0e8fbf6023f22f6e54cc07514a04ec +e820c22892d207e138bdff717100e5240f8ffd94 +2f8dbd483242575f9ceca0a2947c9b21e5ab59a0 +e7d50054818ada29751539f548ef72f46deca8bb +00827a74cf3bfef985ed6046fb2d42f29cbb19ac +333bad893e98068053c888f6b020632f1c6f472e +85af3689eea96b4d9131d80d8c5c8936de520074 +325fb305ea395a7f44ae1eea0a3e77e46e10c2b6 +e37a6d7aa61039734025474ce901f2907283e239 +dff561fa8c50e9b96aec9800b6b88ad6c7a2777b +19b0ba7265cfb154505f74b6856e73662829af2e +7c1fa749efcd59e81b565d6803285f6bd4bcefaf +5c23cb94c5d1aed2a4b02b7c1f3e5a53a0aa4760 +c35cc92c80969e7c87bbcda7db6cbd04f6719589 +280a79c0ec4c1383e49480f3028f5b2025a2a76b +e94556e9f9a145374bf26feb5e1823dae8a4004d +b6a8d9baf700dbb3f780b27d9a9820c9cb7a346c +9180eaee4d58a9e91c5f960148290b5271ba870c +0fdc1fc0380056836dff7aba9be3b1e4b531daea +157e117fcb530436561e3fb8faba6f751dc19e91 +7cfe360c9e5460a595dfe729e81cf404c1106638 +e3aca8c8f8488c55a199fc28595709b393f5040b +3b1593f2d53b735299381ad0878959cbc2fc9923 +39bb37cc0d18f620006d85dfdff7b9a54077708e +cdc1a4a8eec43e6a3df05403af8d05ab6ea7a213 +87ad67fef574cd102887f3dde98917f3b2bbcab8 +99bff4450248457ba877dec0388241625fb0144b +d1b6d05c08e0730463084acd1a387cd9d6acea8b +557c22a8242d1d7ccf2228b9b3156e2aa0dd05aa +7f4e951ce8073b50a245ebe216a8961c88846cfa +7dae714f23f423ff362d73e0d16da7b3a6cd721f +cfb368284545a4bd1e759cfe9e3e3bde54a1ec6f +aa653d5a380d88493050b22d84df36ae6df2cddd +96ed4677c602e8f9c83b28fbc0d802aa26527ab8 +72c11eb5a15735dc52dcd893e9112a10444d46e4 +b48e14b89b94a1a87affabd09bc603a67fc6bb01 +d46581c1fbcef34cfdd85c6c542fb4ac1b974861 +ef02363c9cd41a9ce41443661efed1c0399c5551 +075a78b319466aff9e94149c41c286544af91782 +9f4b4de2df17268732ae198d5f48c9b99d071a35 +0a8f575e365804239d29b45562ca6594b9da59e9 +c04bd24738b1775b963bba3f78b48007fccce37e +1173c801ea53c9d814fdf27d878f73a1702eb4e9 +a2f5e7395004c255ecaadef30d7a6b5bf453d372 +80f1ea7e3f11063a4f15bdd4a2e4a1ca7f770d87 +0e6e345f3b4dcb7b51403bcd096e6d3d294743f4 +06ee932e0844fa4cc91c15d5ca581de262d7bedd +b3ece842f7c05230f77055ad11e3c4a07c34e1e9 +5ebea3a48831351169e0a312e9d6985b31c9975b +02fad0bc640f5f91c748d692c01d6221c9b03b6e +16d4df3c7130b5a0995fdc685b272bef65ff84d5 +281cc7306ab92d2e053d0bb2d79e4f3646b980f6 +1877bf550016eac9ecac53ec498ec83bdd24339c +7e9741c59d1e3612017925a7b7cf0946bbdd6eca +b282f7dda6d7e93fcb0f000db8aa6634ac8d1b88 +81e82875704ffb35842534433216e797c41f89c3 +4914a729d17efbe250ac2cab2153f72caef3a7b7 +792e349390327fa11721e2f744cafec3b05f51f4 +8869ce0866823b229a863e435aa108c5d4fcf448 +a223014afe14686a4e18a826fd0bac9bdaaf969b +482d756cf69e3f0dd5997ea0e58d35c0eb694e35 +4700ac1d1da533cfefd50bd640db77a12c458fda +21fa9ca4832cfb57f791ff057e7c5987349aa964 +8b24c8d64d9328e0884725a2075a4a21faa76842 +86ce5406c3b60757f40d4c434b5ce7dfc602a643 +da4eea76b3cc1d68d4bfd2705bb86e904d1b54bc +8ac8a1f21a21840b53175e9f4a423b9ffa083f71 +ed189d0e9925eb08f3eb444176fad2614a3a4f83 +6e183d5016afc50e60892c7f1cf79035619c2deb +9b1d8b4c2897792be067e33442ebf3ce0961a5d0 +57da632154bfc193224d5a290b9c2b6cbd7fa0ad +1e3190b0049ba1b502918dc018681808b9203803 +0e334037bf0f93ff6f7bc922c48fa97556f39808 +07f5bc94bd983e77361c9a5020f8f229da3a465a +888002a62696ba66d8eb49f1dfe83a5a49bdf421 +c152d51445d9d9dd7c2c328ca8c407fa5438d16b +26b68c70df73289210aa600fa3c1fe45f05afee4 +# END https://gitlab.com/gitlab-org/frontend/rfcs/-/issues/60 diff --git a/.gitlab/ci/cng.gitlab-ci.yml b/.gitlab/ci/cng.gitlab-ci.yml deleted file mode 100644 index d720ec5ae45..00000000000 --- a/.gitlab/ci/cng.gitlab-ci.yml +++ /dev/null @@ -1,51 +0,0 @@ -cloud-native-image-env: - extends: - - .default-retry - - .cng:rules - image: ${GITLAB_DEPENDENCY_PROXY}ruby:2.7-alpine3.13 - stage: post-test - before_script: - - source ./scripts/utils.sh - - install_gitlab_gem - script: - - 'ruby -r./scripts/trigger-build.rb -e "puts Trigger.variables_for_env_file(Trigger::CNG.new.variables)" > build.env' - - cat build.env - artifacts: - reports: - dotenv: build.env - paths: - - build.env - expire_in: 7 days - when: always - -cloud-native-image: - extends: .cng:rules - stage: post-test - needs: ["cloud-native-image-env"] - inherit: - variables: false - variables: - TOP_UPSTREAM_SOURCE_PROJECT: "${TOP_UPSTREAM_SOURCE_PROJECT}" - TOP_UPSTREAM_SOURCE_REF: "${TOP_UPSTREAM_SOURCE_REF}" - TOP_UPSTREAM_SOURCE_JOB: "${TOP_UPSTREAM_SOURCE_JOB}" - TOP_UPSTREAM_SOURCE_SHA: "${TOP_UPSTREAM_SOURCE_SHA}" - TOP_UPSTREAM_MERGE_REQUEST_PROJECT_ID: "${TOP_UPSTREAM_MERGE_REQUEST_PROJECT_ID}" - TOP_UPSTREAM_MERGE_REQUEST_IID: "${TOP_UPSTREAM_MERGE_REQUEST_IID}" - GITLAB_REF_SLUG: "${GITLAB_REF_SLUG}" - # CNG pipeline specific variables - GITLAB_VERSION: "${GITLAB_VERSION}" - GITLAB_TAG: "${GITLAB_TAG}" - GITLAB_ASSETS_TAG: "${GITLAB_ASSETS_TAG}" - FORCE_RAILS_IMAGE_BUILDS: "${FORCE_RAILS_IMAGE_BUILDS}" - CE_PIPELINE: "${CE_PIPELINE}" # Based on https://docs.gitlab.com/ee/ci/jobs/job_control.html#check-if-a-variable-exists, `if: '$CE_PIPELINE'` will evaluate to `false` when this variable is empty - EE_PIPELINE: "${EE_PIPELINE}" # Based on https://docs.gitlab.com/ee/ci/jobs/job_control.html#check-if-a-variable-exists, `if: '$EE_PIPELINE'` will evaluate to `false` when this variable is empty - GITLAB_SHELL_VERSION: "${GITLAB_SHELL_VERSION}" - GITLAB_ELASTICSEARCH_INDEXER_VERSION: "${GITLAB_ELASTICSEARCH_INDEXER_VERSION}" - GITLAB_KAS_VERSION: "${GITLAB_KAS_VERSION}" - GITLAB_WORKHORSE_VERSION: "${GITLAB_WORKHORSE_VERSION}" - GITLAB_PAGES_VERSION: "${GITLAB_PAGES_VERSION}" - GITALY_SERVER_VERSION: "${GITALY_SERVER_VERSION}" - trigger: - project: gitlab-org/build/CNG - branch: $TRIGGER_BRANCH - strategy: depend diff --git a/.gitlab/ci/review.gitlab-ci.yml b/.gitlab/ci/review.gitlab-ci.yml index 13f1541f002..03223e64b23 100644 --- a/.gitlab/ci/review.gitlab-ci.yml +++ b/.gitlab/ci/review.gitlab-ci.yml @@ -1,3 +1,6 @@ +include: + - remote: 'https://gitlab.com/gitlab-org/modelops/applied-ml/review-recommender/ci-templates/-/raw/v0.2.1/recommender/Reviewers.gitlab-ci.yml' + review-cleanup: extends: - .default-retry @@ -65,3 +68,9 @@ danger-review-local: - .review:rules:danger-local script: - run_timed_command danger_as_local + +reviewers-recommender: + extends: + - .default-retry + stage: test + needs: [] diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml index 2494fea94a6..12988f06744 100644 --- a/.gitlab/ci/rules.gitlab-ci.yml +++ b/.gitlab/ci/rules.gitlab-ci.yml @@ -623,15 +623,6 @@ - changes: *ci-build-images-patterns - changes: *code-qa-patterns -############# -# CNG rules # -############# -.cng:rules: - rules: - - <<: *if-dot-com-gitlab-org-and-security-tag - when: manual - allow_failure: true - ###################### # CI Templates Rules # ###################### diff --git a/Gemfile b/Gemfile index 562dffe38fe..c802d4a03e3 100644 --- a/Gemfile +++ b/Gemfile @@ -345,7 +345,7 @@ gem 'warning', '~> 1.2.0' group :development do gem 'lefthook', '~> 0.7.0', require: false - gem 'solargraph', '~> 0.43', require: false + gem 'solargraph', '~> 0.44.3', require: false gem 'letter_opener_web', '~> 2.0.0' diff --git a/Gemfile.lock b/Gemfile.lock index 2c9fcc39f57..a111c89c9bc 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -137,7 +137,7 @@ GEM base32 (0.3.2) batch-loader (2.0.1) bcrypt (3.1.16) - benchmark (0.1.1) + benchmark (0.2.0) benchmark-ips (2.3.0) benchmark-malloc (0.2.0) benchmark-memory (0.1.2) @@ -1223,7 +1223,7 @@ GEM slack-messenger (2.3.4) snowplow-tracker (0.6.1) contracts (~> 0.7, <= 0.11) - solargraph (0.43.0) + solargraph (0.44.3) backport (~> 1.2) benchmark bundler (>= 1.17.2) @@ -1662,7 +1662,7 @@ DEPENDENCIES simplecov-lcov (~> 0.8.0) slack-messenger (~> 2.3.4) snowplow-tracker (~> 0.6.1) - solargraph (~> 0.43) + solargraph (~> 0.44.3) spamcheck (~> 0.1.0) spring (~> 2.1.0) spring-commands-rspec (~> 1.0.4) diff --git a/app/helpers/users/callouts_helper.rb b/app/helpers/users/callouts_helper.rb index 87c8bf5cb28..b8231b02ac1 100644 --- a/app/helpers/users/callouts_helper.rb +++ b/app/helpers/users/callouts_helper.rb @@ -9,6 +9,7 @@ module Users FEATURE_FLAGS_NEW_VERSION = 'feature_flags_new_version' REGISTRATION_ENABLED_CALLOUT = 'registration_enabled_callout' UNFINISHED_TAG_CLEANUP_CALLOUT = 'unfinished_tag_cleanup_callout' + MINUTE_LIMIT_BANNER = 'minute_limit_banner' SECURITY_NEWSLETTER_CALLOUT = 'security_newsletter_callout' REGISTRATION_ENABLED_CALLOUT_ALLOWED_CONTROLLER_PATHS = [/^root/, /^dashboard\S*/, /^admin\S*/].freeze @@ -60,6 +61,10 @@ module Users !user_dismissed?(SECURITY_NEWSLETTER_CALLOUT) end + def minute_limit_banner_dismissed? + user_dismissed?(MINUTE_LIMIT_BANNER) + end + private def user_dismissed?(feature_name, ignore_dismissal_earlier_than = nil) diff --git a/app/models/bulk_imports/entity.rb b/app/models/bulk_imports/entity.rb index edead35bafe..dee533944e9 100644 --- a/app/models/bulk_imports/entity.rb +++ b/app/models/bulk_imports/entity.rb @@ -92,9 +92,9 @@ class BulkImports::Entity < ApplicationRecord def pipelines @pipelines ||= case source_type when 'group_entity' - BulkImports::Groups::Stage.new(bulk_import).pipelines + BulkImports::Groups::Stage.new(self).pipelines when 'project_entity' - BulkImports::Projects::Stage.new(bulk_import).pipelines + BulkImports::Projects::Stage.new(self).pipelines end end diff --git a/app/models/users/callout.rb b/app/models/users/callout.rb index 0922323e12b..a91a3406b22 100644 --- a/app/models/users/callout.rb +++ b/app/models/users/callout.rb @@ -48,7 +48,8 @@ module Users storage_enforcement_banner_third_enforcement_threshold: 45, storage_enforcement_banner_fourth_enforcement_threshold: 46, attention_requests_top_nav: 47, - attention_requests_side_nav: 48 + attention_requests_side_nav: 48, + minute_limit_banner: 49 } validates :feature_name, diff --git a/app/views/groups/edit.html.haml b/app/views/groups/edit.html.haml index f3494149087..3dcc75ce8f4 100644 --- a/app/views/groups/edit.html.haml +++ b/app/views/groups/edit.html.haml @@ -4,6 +4,7 @@ - expanded = expanded_by_default? = render 'shared/namespaces/cascading_settings/lock_popovers' += render_if_exists 'shared/minute_limit_banner', namespace: @group %section.settings.gs-general.no-animate.expanded#js-general-settings .settings-header diff --git a/app/views/groups/settings/ci_cd/show.html.haml b/app/views/groups/settings/ci_cd/show.html.haml index 331cb31c626..f6dda9358f3 100644 --- a/app/views/groups/settings/ci_cd/show.html.haml +++ b/app/views/groups/settings/ci_cd/show.html.haml @@ -3,6 +3,7 @@ - expanded = expanded_by_default? - general_expanded = @group.errors.empty? ? expanded : true += render_if_exists 'shared/minute_limit_banner', namespace: @group -# Given we only have one field in this form which is also admin-only, -# we don't want to show an empty section to non-admin users, diff --git a/app/views/groups/show.html.haml b/app/views/groups/show.html.haml index 65613efbf63..7bbc2f839f7 100644 --- a/app/views/groups/show.html.haml +++ b/app/views/groups/show.html.haml @@ -8,6 +8,7 @@ = render_if_exists 'shared/qrtly_reconciliation_alert', group: @group = render_if_exists 'shared/user_over_limit_free_plan_alert', source: @group += render_if_exists 'shared/minute_limit_banner', namespace: @group - if show_invite_banner?(@group) = content_for :group_invite_members_banner do diff --git a/app/views/projects/edit.html.haml b/app/views/projects/edit.html.haml index 265bd1a5a00..92dbde07709 100644 --- a/app/views/projects/edit.html.haml +++ b/app/views/projects/edit.html.haml @@ -5,6 +5,8 @@ - expanded = expanded_by_default? - reduce_visibility_form_id = 'reduce-visibility-form' += render_if_exists 'shared/minute_limit_banner', namespace: @project + %section.settings.general-settings.no-animate.expanded#js-general-settings .settings-header %h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only= _('Naming, topics, avatar') diff --git a/app/views/projects/jobs/index.html.haml b/app/views/projects/jobs/index.html.haml index a07beae5747..9a2a1e57165 100644 --- a/app/views/projects/jobs/index.html.haml +++ b/app/views/projects/jobs/index.html.haml @@ -1,3 +1,5 @@ += render_if_exists 'shared/minute_limit_banner', namespace: @project + - page_title _("Jobs") - add_page_specific_style 'page_bundles/ci_status' - admin = local_assigns.fetch(:admin, false) diff --git a/app/views/projects/pipeline_schedules/index.html.haml b/app/views/projects/pipeline_schedules/index.html.haml index a56e8f7f5c7..10a49fbd779 100644 --- a/app/views/projects/pipeline_schedules/index.html.haml +++ b/app/views/projects/pipeline_schedules/index.html.haml @@ -1,3 +1,5 @@ += render_if_exists 'shared/minute_limit_banner', namespace: @project + - breadcrumb_title _("Schedules") - page_title _("Pipeline Schedules") - add_page_specific_style 'page_bundles/pipeline_schedules' diff --git a/app/views/projects/pipelines/index.html.haml b/app/views/projects/pipelines/index.html.haml index f4b242ffc40..817cc6d6e6c 100644 --- a/app/views/projects/pipelines/index.html.haml +++ b/app/views/projects/pipelines/index.html.haml @@ -1,3 +1,5 @@ += render_if_exists 'shared/minute_limit_banner', namespace: @project + - page_title _('Pipelines') - add_page_specific_style 'page_bundles/pipelines' - add_page_specific_style 'page_bundles/ci_status' diff --git a/app/views/projects/settings/ci_cd/show.html.haml b/app/views/projects/settings/ci_cd/show.html.haml index f342728feee..28cde994d00 100644 --- a/app/views/projects/settings/ci_cd/show.html.haml +++ b/app/views/projects/settings/ci_cd/show.html.haml @@ -1,3 +1,5 @@ += render_if_exists 'shared/minute_limit_banner', namespace: @project + - @content_class = "limit-container-width" unless fluid_layout - page_title _("CI/CD Settings") - page_title _("CI/CD") diff --git a/app/views/projects/show.html.haml b/app/views/projects/show.html.haml index dad2822feb4..1934f293b0f 100644 --- a/app/views/projects/show.html.haml +++ b/app/views/projects/show.html.haml @@ -7,6 +7,7 @@ = auto_discovery_link_tag(:atom, project_path(@project, rss_url_options), title: "#{@project.name} activity") = render_if_exists 'shared/user_over_limit_free_plan_alert', source: @project += render_if_exists 'shared/minute_limit_banner', namespace: @project = render partial: 'flash_messages', locals: { project: @project } = render "projects/last_push" diff --git a/config/feature_flags/development/ci_trigger_forward_variables.yml b/config/feature_flags/development/ci_trigger_forward_variables.yml index 34e418599b4..4767ca0cb75 100644 --- a/config/feature_flags/development/ci_trigger_forward_variables.yml +++ b/config/feature_flags/development/ci_trigger_forward_variables.yml @@ -5,4 +5,4 @@ rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/355572 milestone: '14.9' type: development group: group::pipeline authoring -default_enabled: false +default_enabled: true diff --git a/config/feature_flags/development/container_security_policy_selection.yml b/config/feature_flags/development/container_security_policy_selection.yml index 8e05e3a271a..e2407195ffc 100644 --- a/config/feature_flags/development/container_security_policy_selection.yml +++ b/config/feature_flags/development/container_security_policy_selection.yml @@ -5,4 +5,4 @@ rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/353071 milestone: '14.10' type: development group: group::container security -default_enabled: false +default_enabled: true diff --git a/config/feature_flags/development/show_minute_limit_banner.yml b/config/feature_flags/development/show_minute_limit_banner.yml new file mode 100644 index 00000000000..ecf9d98bea2 --- /dev/null +++ b/config/feature_flags/development/show_minute_limit_banner.yml @@ -0,0 +1,8 @@ +--- +name: show_minute_limit_banner +introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/84644 +rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/358191 +milestone: '14.10' +type: development +group: group::workspace +default_enabled: false diff --git a/db/fixtures/development/33_triage_ops.rb b/db/fixtures/development/33_triage_ops.rb index f4d74af15ca..1bb1f6c05d9 100644 --- a/db/fixtures/development/33_triage_ops.rb +++ b/db/fixtures/development/33_triage_ops.rb @@ -14,15 +14,19 @@ class Gitlab::Seeder::TriageOps Sidekiq::Testing.inline! do puts "Ensuring required groups" ensure_group('gitlab-com') + ensure_group('gitlab-com/gl-security/appsec') ensure_group('gitlab-jh/jh-team') ensure_group('gitlab-org') ensure_group('gitlab-org/gitlab-core-team/community-members') ensure_group('gitlab-org/security') + puts "Ensuring required projects" ensure_project('gitlab-org/gitlab') ensure_project('gitlab-org/security/gitlab') + puts "Ensuring required bot user" ensure_bot_user + puts "Setting up webhooks" ensure_webhook_for('gitlab-com') ensure_webhook_for('gitlab-org') diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md index 552c183b8de..ffd22046174 100644 --- a/doc/api/graphql/reference/index.md +++ b/doc/api/graphql/reference/index.md @@ -19115,6 +19115,7 @@ Name of the feature that the callout is for. | `GEO_MIGRATE_HASHED_STORAGE` | Callout feature name for geo_migrate_hashed_storage. | | `GKE_CLUSTER_INTEGRATION` | Callout feature name for gke_cluster_integration. | | `GOLD_TRIAL_BILLINGS` | Callout feature name for gold_trial_billings. | +| `MINUTE_LIMIT_BANNER` | Callout feature name for minute_limit_banner. | | `NEW_USER_SIGNUPS_CAP_REACHED` | Callout feature name for new_user_signups_cap_reached. | | `PERSONAL_ACCESS_TOKEN_EXPIRY` | Callout feature name for personal_access_token_expiry. | | `PIPELINE_NEEDS_BANNER` | Callout feature name for pipeline_needs_banner. | diff --git a/doc/development/testing_guide/review_apps.md b/doc/development/testing_guide/review_apps.md index 0c713af0be7..f5483a4b79c 100644 --- a/doc/development/testing_guide/review_apps.md +++ b/doc/development/testing_guide/review_apps.md @@ -172,8 +172,6 @@ subgraph "CNG-mirror pipeline" them in its [registry](https://gitlab.com/gitlab-org/build/CNG-mirror/container_registry). - We use the [`CNG-mirror`](https://gitlab.com/gitlab-org/build/CNG-mirror) project so that the `CNG`, (Cloud Native GitLab), project's registry is not overloaded with a lot of transient Docker images. - - Note that the official CNG images are built by the `cloud-native-image` - job, which runs only for tags, and triggers itself a [`CNG`](https://gitlab.com/gitlab-org/build/CNG) pipeline. 1. Once `review-build-cng` is done, the [`review-deploy`](https://gitlab.com/gitlab-org/gitlab/-/jobs/467724810) job deploys the Review App using [the official GitLab Helm chart](https://gitlab.com/gitlab-org/charts/gitlab/) to the [`review-apps`](https://console.cloud.google.com/kubernetes/clusters/details/us-central1-b/review-apps?project=gitlab-review-apps) diff --git a/doc/user/application_security/dependency_scanning/index.md b/doc/user/application_security/dependency_scanning/index.md index 8dae6ec8c74..924e3838d91 100644 --- a/doc/user/application_security/dependency_scanning/index.md +++ b/doc/user/application_security/dependency_scanning/index.md @@ -579,6 +579,7 @@ The following variables allow configuration of global dependency scanning settin | `DS_EXCLUDED_ANALYZERS` | Specify the analyzers (by name) to exclude from Dependency Scanning. For more information, see [Dependency Scanning Analyzers](analyzers.md). | | `DS_DEFAULT_ANALYZERS` | ([**DEPRECATED - use `DS_EXCLUDED_ANALYZERS` instead**](https://gitlab.com/gitlab-org/gitlab/-/issues/287691)) Override the names of the official default images. For more information, see [Dependency Scanning Analyzers](analyzers.md). | | `DS_EXCLUDED_PATHS` | Exclude files and directories from the scan based on the paths. A comma-separated list of patterns. Patterns can be globs, or file or folder paths (for example, `doc,spec`). Parent directories also match patterns. Default: `"spec, test, tests, tmp"`. | +| `DS_IMAGE_SUFFIX` | Suffix added to the image name. If set to `-fips`, `FIPS-enabled` images are used for scan. See [FIPS-enabled images](#fips-enabled-images) for more details. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/354796) in GitLab 14.10. | | `SECURE_ANALYZERS_PREFIX` | Override the name of the Docker registry providing the official default images (proxy). Read more about [customizing analyzers](analyzers.md). | | `SECURE_LOG_LEVEL` | Set the minimum logging level. Messages of this logging level or higher are output. From highest to lowest severity, the logging levels are: `fatal`, `error`, `warn`, `info`, `debug`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/10880) in GitLab 13.1. Default: `info`. | @@ -659,6 +660,40 @@ you can use the `MAVEN_CLI_OPTS` CI/CD variable. Read more on [how to use private Maven repositories](../index.md#using-private-maven-repositories). +#### FIPS-enabled images + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/354796) in GitLab 14.10. + +GitLab also offers [FIPS-enabled Red Hat UBI](https://www.redhat.com/en/blog/introducing-red-hat-universal-base-image) +versions of the Gemnasium images. You can therefore replace standard images with FIPS-enabled images. + +To use FIPS-enabled images, set the `DS_IMAGE_SUFFIX` to `-fips`, +and set `DS_EXCLUDED_ANALYZERS` to `bundler-audit, retire.js` +to exclude the analyzers that don't support FIPS. + +```yaml +variables: + DS_IMAGE_SUFFIX: "-fips" + DS_EXCLUDED_ANALYZERS: "bundler-audit, retire.js" +``` + +If you want to execute `bundler-audit` or `retire.js` in your project pipeline, you can override the +Gemnasium scanning jobs, and set `DS_IMAGE_SUFFIX` to `-fips` only for those jobs. + +```yaml +gemnasium-dependency_scanning: + variables: + DS_IMAGE_SUFFIX: "-fips" + +gemnasium-maven-dependency_scanning: + variables: + DS_IMAGE_SUFFIX: "-fips" + +gemnasium-python-dependency_scanning: + variables: + DS_IMAGE_SUFFIX: "-fips" +``` + ## Interacting with the vulnerabilities Once a vulnerability is found, you can interact with it. Read more on how to diff --git a/doc/user/application_security/iac_scanning/index.md b/doc/user/application_security/iac_scanning/index.md index a4d2f8b2e44..35968a6361f 100644 --- a/doc/user/application_security/iac_scanning/index.md +++ b/doc/user/application_security/iac_scanning/index.md @@ -46,6 +46,27 @@ GitLab IaC scanning supports a variety of IaC configuration files. Our IaC secur 1. IaC scanning can analyze Azure Resource Manager templates in JSON format. If you write templates in the [Bicep](https://docs.microsoft.com/en-us/azure/azure-resource-manager/bicep/overview) language, you must use [the bicep CLI](https://docs.microsoft.com/en-us/azure/azure-resource-manager/bicep/bicep-cli) to convert your Bicep files into JSON before GitLab IaC scanning can analyze them. 1. Terraform modules in a custom registry are not scanned for vulnerabilities. You can follow [this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/357004) for the proposed feature. +### Supported distributions + +GitLab scanners are provided with a base alpine image for size and maintainability. + +#### FIPS-enabled images + +> [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/6479) in GitLab 14.10. + +GitLab also offers [FIPS-enabled Red Hat UBI](https://www.redhat.com/en/blog/introducing-red-hat-universal-base-image) +versions of the images. You can therefore replace standard images with FIPS-enabled +images. To configure the images, set the `SAST_IMAGE_SUFFIX` to `-fips` or modify the +standard tag plus the `-fips` extension. + +```yaml +variables: + SAST_IMAGE_SUFFIX: '-fips' + +include: + - template: Security/SAST-IaC.latest.gitlab-ci.yml +``` + ### Making IaC analyzers available to all GitLab tiers All open source (OSS) analyzers are available with the GitLab Free tier. Future proprietary analyzers may be restricted to higher tiers. diff --git a/doc/user/application_security/sast/index.md b/doc/user/application_security/sast/index.md index 0b470e8404e..c511bf010c5 100644 --- a/doc/user/application_security/sast/index.md +++ b/doc/user/application_security/sast/index.md @@ -132,6 +132,30 @@ The following analyzers have multi-project support: Multi-project support in the Security Code Scan requires a Solution (`.sln`) file in the root of the repository. For details on the Solution format, see the Microsoft reference [Solution (`.sln`) file](https://docs.microsoft.com/en-us/visualstudio/extensibility/internals/solution-dot-sln-file?view=vs-2019). +### Supported distributions + +The default scanner images are build off a base Alpine image for size and maintainability. + +#### FIPS-enabled images + +> [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/6479) in GitLab 14.10. + +GitLab offers [Red Hat UBI](https://www.redhat.com/en/blog/introducing-red-hat-universal-base-image) +versions of the images that are FIPS-enabled. To use the FIPS-enabled images, you can either: + +- Set the `SAST_IMAGE_SUFFIX` to `-fips`. +- Add the `-fips` extension to the default image name. + +For example: + +```yaml +variables: + SAST_IMAGE_SUFFIX: '-fips' + +include: + - template: Security/SAST.gitlab-ci.yml +``` + ### Making SAST analyzers available to all GitLab tiers All open source (OSS) analyzers have been moved to the GitLab Free tier as of GitLab 13.3. diff --git a/doc/user/application_security/secret_detection/index.md b/doc/user/application_security/secret_detection/index.md index cf8bcb0e3e3..b22b41b0333 100644 --- a/doc/user/application_security/secret_detection/index.md +++ b/doc/user/application_security/secret_detection/index.md @@ -108,6 +108,30 @@ The results are saved as a that you can later download and analyze. Due to implementation limitations, we always take the latest Secret Detection artifact available. +### Supported distributions + +The default scanner images are build off a base Alpine image for size and maintainability. + +#### FIPS-enabled images + +> [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/6479) in GitLab 14.10. + +GitLab offers [Red Hat UBI](https://www.redhat.com/en/blog/introducing-red-hat-universal-base-image) +versions of the images that are FIPS-enabled. To use the FIPS-enabled images, you can either: + +- Set the `SAST_IMAGE_SUFFIX` to `-fips`. +- Add the `-fips` extension to the default image name. + +For example: + +```yaml +variables: + SECRET_DETECTION_IMAGE_SUFFIX: '-fips' + +include: + - template: Security/Secret-Detection.gitlab-ci.yml +``` + ### Enable Secret Detection via an automatic merge request > - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/4496) in GitLab 13.11, deployed behind a feature flag, enabled by default. diff --git a/lib/bulk_imports/groups/stage.rb b/lib/bulk_imports/groups/stage.rb index bc27220391d..97a423b6ea9 100644 --- a/lib/bulk_imports/groups/stage.rb +++ b/lib/bulk_imports/groups/stage.rb @@ -47,7 +47,7 @@ module BulkImports end def project_entities_pipeline - if project_pipeline_available? && ::Feature.enabled?(:bulk_import_projects, default_enabled: :yaml) + if project_pipeline_available? && feature_flag_enabled? { project_entities: { pipeline: BulkImports::Groups::Pipelines::ProjectEntitiesPipeline, @@ -62,6 +62,18 @@ module BulkImports def project_pipeline_available? @bulk_import.source_version_info >= BulkImport.min_gl_version_for_project_migration end + + def feature_flag_enabled? + destination_namespace = @bulk_import_entity.destination_namespace + + if destination_namespace.present? + root_ancestor = Namespace.find_by_full_path(destination_namespace)&.root_ancestor + + ::Feature.enabled?(:bulk_import_projects, root_ancestor, default_enabled: :yaml) + else + ::Feature.enabled?(:bulk_import_projects, default_enabled: :yaml) + end + end end end end diff --git a/lib/bulk_imports/stage.rb b/lib/bulk_imports/stage.rb index 9c19e9ea60b..6cf394c5df0 100644 --- a/lib/bulk_imports/stage.rb +++ b/lib/bulk_imports/stage.rb @@ -2,10 +2,13 @@ module BulkImports class Stage - def initialize(bulk_import) - raise(ArgumentError, 'Expected an argument of type ::BulkImport') unless bulk_import.is_a?(::BulkImport) + def initialize(bulk_import_entity) + unless bulk_import_entity.is_a?(::BulkImports::Entity) + raise(ArgumentError, 'Expected an argument of type ::BulkImports::Entity') + end - @bulk_import = bulk_import + @bulk_import_entity = bulk_import_entity + @bulk_import = bulk_import_entity.bulk_import end def pipelines diff --git a/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.gitlab-ci.yml index 1a99db67441..d41182ec9be 100644 --- a/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.gitlab-ci.yml @@ -32,6 +32,16 @@ dependency_scanning: .ds-analyzer: extends: dependency_scanning allow_failure: true + variables: + # DS_ANALYZER_IMAGE is an undocumented variable used internally to allow QA to + # override the analyzer image with a custom value. This may be subject to change or + # breakage across GitLab releases. + DS_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/$DS_ANALYZER_NAME:$DS_MAJOR_VERSION" + # DS_ANALYZER_NAME is an undocumented variable used in job definitions + # to inject the analyzer name in the image name. + DS_ANALYZER_NAME: "" + image: + name: "$DS_ANALYZER_IMAGE$DS_IMAGE_SUFFIX" # `rules` must be overridden explicitly by each child job # see https://gitlab.com/gitlab-org/gitlab/-/issues/218444 script: @@ -46,13 +56,8 @@ gemnasium-dependency_scanning: extends: - .ds-analyzer - .cyclone-dx-reports - image: - name: "$DS_ANALYZER_IMAGE" variables: - # DS_ANALYZER_IMAGE is an undocumented variable used internally to allow QA to - # override the analyzer image with a custom value. This may be subject to change or - # breakage across GitLab releases. - DS_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/gemnasium:$DS_MAJOR_VERSION" + DS_ANALYZER_NAME: "gemnasium" GEMNASIUM_LIBRARY_SCAN_ENABLED: "true" rules: - if: $DEPENDENCY_SCANNING_DISABLED @@ -77,13 +82,8 @@ gemnasium-maven-dependency_scanning: extends: - .ds-analyzer - .cyclone-dx-reports - image: - name: "$DS_ANALYZER_IMAGE" variables: - # DS_ANALYZER_IMAGE is an undocumented variable used internally to allow QA to - # override the analyzer image with a custom value. This may be subject to change or - # breakage across GitLab releases. - DS_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/gemnasium-maven:$DS_MAJOR_VERSION" + DS_ANALYZER_NAME: "gemnasium-maven" # Stop reporting Gradle as "maven". # See https://gitlab.com/gitlab-org/gitlab/-/issues/338252 DS_REPORT_PACKAGE_MANAGER_MAVEN_WHEN_JAVA: "false" @@ -105,13 +105,8 @@ gemnasium-python-dependency_scanning: extends: - .ds-analyzer - .cyclone-dx-reports - image: - name: "$DS_ANALYZER_IMAGE" variables: - # DS_ANALYZER_IMAGE is an undocumented variable used internally to allow QA to - # override the analyzer image with a custom value. This may be subject to change or - # breakage across GitLab releases. - DS_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/gemnasium-python:$DS_MAJOR_VERSION" + DS_ANALYZER_NAME: "gemnasium-python" # Stop reporting Pipenv and Setuptools as "pip". # See https://gitlab.com/gitlab-org/gitlab/-/issues/338252 DS_REPORT_PACKAGE_MANAGER_PIP_WHEN_PYTHON: "false" @@ -138,13 +133,8 @@ gemnasium-python-dependency_scanning: bundler-audit-dependency_scanning: extends: .ds-analyzer - image: - name: "$DS_ANALYZER_IMAGE" variables: - # DS_ANALYZER_IMAGE is an undocumented variable used internally to allow QA to - # override the analyzer image with a custom value. This may be subject to change or - # breakage across GitLab releases. - DS_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/bundler-audit:$DS_MAJOR_VERSION" + DS_ANALYZER_NAME: "bundler-audit" rules: - if: $DEPENDENCY_SCANNING_DISABLED when: never @@ -158,13 +148,8 @@ bundler-audit-dependency_scanning: retire-js-dependency_scanning: extends: .ds-analyzer - image: - name: "$DS_ANALYZER_IMAGE" variables: - # DS_ANALYZER_IMAGE is an undocumented variable used internally to allow QA to - # override the analyzer image with a custom value. This may be subject to change or - # breakage across GitLab releases. - DS_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/retire.js:$DS_MAJOR_VERSION" + DS_ANALYZER_NAME: "retire.js" rules: - if: $DEPENDENCY_SCANNING_DISABLED when: never diff --git a/lib/gitlab/ci/templates/Jobs/SAST-IaC.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/SAST-IaC.latest.gitlab-ci.yml index 5ddfb2a54be..488e7ec72fd 100644 --- a/lib/gitlab/ci/templates/Jobs/SAST-IaC.latest.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/SAST-IaC.latest.gitlab-ci.yml @@ -1,7 +1,14 @@ +# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/iac_scanning/ +# +# Configure SAST with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html). +# List of available variables: https://docs.gitlab.com/ee/user/application_security/iac_scanning/index.html + variables: # Setting this variable will affect all Security templates # (SAST, Dependency Scanning, ...) SECURE_ANALYZERS_PREFIX: "registry.gitlab.com/security-products" + SAST_IMAGE_SUFFIX: "" + SAST_EXCLUDED_PATHS: "spec, test, tests, tmp" iac-sast: @@ -25,7 +32,7 @@ kics-iac-sast: name: "$SAST_ANALYZER_IMAGE" variables: SAST_ANALYZER_IMAGE_TAG: 1 - SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/kics:$SAST_ANALYZER_IMAGE_TAG" + SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/kics:$SAST_ANALYZER_IMAGE_TAG$SAST_IMAGE_SUFFIX" rules: - if: $SAST_DISABLED when: never diff --git a/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml index 241eae89dd3..91b403d7006 100644 --- a/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml @@ -7,6 +7,7 @@ variables: # Setting this variable will affect all Security templates # (SAST, Dependency Scanning, ...) SECURE_ANALYZERS_PREFIX: "registry.gitlab.com/security-products" + SAST_IMAGE_SUFFIX: "" SAST_EXCLUDED_ANALYZERS: "" SAST_EXCLUDED_PATHS: "spec, test, tests, tmp" @@ -251,7 +252,7 @@ semgrep-sast: name: "$SAST_ANALYZER_IMAGE" variables: SAST_ANALYZER_IMAGE_TAG: 2 - SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/semgrep:$SAST_ANALYZER_IMAGE_TAG" + SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/semgrep:$SAST_ANALYZER_IMAGE_TAG$SAST_IMAGE_SUFFIX" rules: - if: $SAST_DISABLED when: never diff --git a/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml index a3620cc9733..6aacd082fd7 100644 --- a/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml @@ -6,12 +6,14 @@ variables: SECURE_ANALYZERS_PREFIX: "registry.gitlab.com/security-products" + SECRET_DETECTION_IMAGE_SUFFIX: "" + SECRETS_ANALYZER_VERSION: "3" SECRET_DETECTION_EXCLUDED_PATHS: "" .secret-analyzer: stage: test - image: "$SECURE_ANALYZERS_PREFIX/secrets:$SECRETS_ANALYZER_VERSION" + image: "$SECURE_ANALYZERS_PREFIX/secrets:$SECRETS_ANALYZER_VERSION$SECRET_DETECTION_IMAGE_SUFFIX" services: [] allow_failure: true variables: diff --git a/locale/gitlab.pot b/locale/gitlab.pot index ba74d3cb9f7..4905d89abc6 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -1461,6 +1461,9 @@ msgstr[1] "" msgid "1-9 contributions" msgstr "" +msgid "1. Effective June 1, 2022, all free tier public projects will be %{minutes_quota_link}." +msgstr "" + msgid "10-19 contributions" msgstr "" @@ -1473,6 +1476,9 @@ msgstr "" msgid "1st contribution!" msgstr "" +msgid "2. Before July 1, 2022, all free tier public open source projects will need to %{enrollment_link} to continue to receive GitLab Ultimate benefits." +msgstr "" + msgid "20-29 contributions" msgstr "" @@ -7077,6 +7083,9 @@ msgstr "" msgid "Changes the title to \"%{title_param}\"." msgstr "" +msgid "Changes to free tier public projects" +msgstr "" + msgid "Changes to the title have not been saved" msgstr "" @@ -28282,6 +28291,9 @@ msgstr "" msgid "Please use this form to report to the admin users who create spam issues, comments or behave inappropriately." msgstr "" +msgid "Please visit the %{faq_link} for more information." +msgstr "" + msgid "Please wait a moment, this page will automatically refresh when ready." msgstr "" diff --git a/spec/lib/bulk_imports/groups/stage_spec.rb b/spec/lib/bulk_imports/groups/stage_spec.rb index b6bb8a7d195..645dee4a6f1 100644 --- a/spec/lib/bulk_imports/groups/stage_spec.rb +++ b/spec/lib/bulk_imports/groups/stage_spec.rb @@ -3,7 +3,10 @@ require 'spec_helper' RSpec.describe BulkImports::Groups::Stage do + let(:ancestor) { create(:group) } + let(:group) { create(:group, parent: ancestor) } let(:bulk_import) { build(:bulk_import) } + let(:entity) { build(:bulk_import_entity, bulk_import: bulk_import, group: group, destination_namespace: ancestor.full_path) } let(:pipelines) do [ @@ -19,26 +22,46 @@ RSpec.describe BulkImports::Groups::Stage do end it 'raises error when initialized without a BulkImport' do - expect { described_class.new({}) }.to raise_error(ArgumentError, 'Expected an argument of type ::BulkImport') + expect { described_class.new({}) }.to raise_error(ArgumentError, 'Expected an argument of type ::BulkImports::Entity') end describe '.pipelines' do it 'list all the pipelines with their stage number, ordered by stage' do - expect(described_class.new(bulk_import).pipelines & pipelines).to contain_exactly(*pipelines) - expect(described_class.new(bulk_import).pipelines.last.last).to eq(BulkImports::Common::Pipelines::EntityFinisher) + expect(described_class.new(entity).pipelines & pipelines).to contain_exactly(*pipelines) + expect(described_class.new(entity).pipelines.last.last).to eq(BulkImports::Common::Pipelines::EntityFinisher) end - it 'includes project entities pipeline' do - stub_feature_flags(bulk_import_projects: true) + context 'when bulk_import_projects feature flag is enabled' do + it 'includes project entities pipeline' do + stub_feature_flags(bulk_import_projects: true) - expect(described_class.new(bulk_import).pipelines).to include([1, BulkImports::Groups::Pipelines::ProjectEntitiesPipeline]) + expect(described_class.new(entity).pipelines).to include([1, BulkImports::Groups::Pipelines::ProjectEntitiesPipeline]) + end + + context 'when feature flag is enabled on root ancestor level' do + it 'includes project entities pipeline' do + stub_feature_flags(bulk_import_projects: ancestor) + + expect(described_class.new(entity).pipelines).to include([1, BulkImports::Groups::Pipelines::ProjectEntitiesPipeline]) + end + end + + context 'when destination namespace is not present' do + it 'includes project entities pipeline' do + stub_feature_flags(bulk_import_projects: true) + + entity = create(:bulk_import_entity, destination_namespace: '') + + expect(described_class.new(entity).pipelines).to include([1, BulkImports::Groups::Pipelines::ProjectEntitiesPipeline]) + end + end end context 'when bulk_import_projects feature flag is disabled' do it 'does not include project entities pipeline' do stub_feature_flags(bulk_import_projects: false) - expect(described_class.new(bulk_import).pipelines.flatten).not_to include(BulkImports::Groups::Pipelines::ProjectEntitiesPipeline) + expect(described_class.new(entity).pipelines.flatten).not_to include(BulkImports::Groups::Pipelines::ProjectEntitiesPipeline) end end end diff --git a/spec/lib/bulk_imports/projects/stage_spec.rb b/spec/lib/bulk_imports/projects/stage_spec.rb index ef98613dc25..9fce30f3a81 100644 --- a/spec/lib/bulk_imports/projects/stage_spec.rb +++ b/spec/lib/bulk_imports/projects/stage_spec.rb @@ -34,9 +34,9 @@ RSpec.describe BulkImports::Projects::Stage do end subject do - bulk_import = build(:bulk_import) + entity = build(:bulk_import_entity, :project_entity) - described_class.new(bulk_import) + described_class.new(entity) end describe '#pipelines' do diff --git a/spec/models/bulk_imports/entity_spec.rb b/spec/models/bulk_imports/entity_spec.rb index 0ba8d653857..6f6a7c9bcd8 100644 --- a/spec/models/bulk_imports/entity_spec.rb +++ b/spec/models/bulk_imports/entity_spec.rb @@ -179,7 +179,7 @@ RSpec.describe BulkImports::Entity, type: :model do entity = create(:bulk_import_entity, :group_entity) entity.create_pipeline_trackers! - expect(entity.trackers.count).to eq(BulkImports::Groups::Stage.new(entity.bulk_import).pipelines.count) + expect(entity.trackers.count).to eq(BulkImports::Groups::Stage.new(entity).pipelines.count) expect(entity.trackers.map(&:pipeline_name)).to include(BulkImports::Groups::Pipelines::GroupPipeline.to_s) end end @@ -189,7 +189,7 @@ RSpec.describe BulkImports::Entity, type: :model do entity = create(:bulk_import_entity, :project_entity) entity.create_pipeline_trackers! - expect(entity.trackers.count).to eq(BulkImports::Projects::Stage.new(entity.bulk_import).pipelines.count) + expect(entity.trackers.count).to eq(BulkImports::Projects::Stage.new(entity).pipelines.count) expect(entity.trackers.map(&:pipeline_name)).to include(BulkImports::Projects::Pipelines::ProjectPipeline.to_s) end end diff --git a/spec/models/bulk_imports/tracker_spec.rb b/spec/models/bulk_imports/tracker_spec.rb index a72b628e329..0b6f692a477 100644 --- a/spec/models/bulk_imports/tracker_spec.rb +++ b/spec/models/bulk_imports/tracker_spec.rb @@ -66,8 +66,8 @@ RSpec.describe BulkImports::Tracker, type: :model do describe '#pipeline_class' do it 'returns the pipeline class' do - bulk_import = create(:bulk_import) - pipeline_class = BulkImports::Groups::Stage.new(bulk_import).pipelines.first[1] + entity = create(:bulk_import_entity) + pipeline_class = BulkImports::Groups::Stage.new(entity).pipelines.first[1] tracker = create(:bulk_import_tracker, pipeline_name: pipeline_class) expect(tracker.pipeline_class).to eq(pipeline_class) diff --git a/spec/workers/bulk_import_worker_spec.rb b/spec/workers/bulk_import_worker_spec.rb index 8d9ad03953e..7e301efe708 100644 --- a/spec/workers/bulk_import_worker_spec.rb +++ b/spec/workers/bulk_import_worker_spec.rb @@ -73,7 +73,7 @@ RSpec.describe BulkImportWorker do expect { subject.perform(bulk_import.id) } .to change(BulkImports::Tracker, :count) - .by(BulkImports::Groups::Stage.new(bulk_import).pipelines.size * 2) + .by(BulkImports::Groups::Stage.new(entity_1).pipelines.size * 2) expect(entity_1.trackers).not_to be_empty expect(entity_2.trackers).not_to be_empty