Add latest changes from gitlab-org/gitlab@master
This commit is contained in:
parent
229c115027
commit
8ae8814fd7
|
@ -327,6 +327,7 @@ class Deployment < ApplicationRecord
|
||||||
|
|
||||||
def sync_status_with(build)
|
def sync_status_with(build)
|
||||||
return false unless ::Deployment.statuses.include?(build.status)
|
return false unless ::Deployment.statuses.include?(build.status)
|
||||||
|
return false if build.created? || build.status == self.status
|
||||||
|
|
||||||
update_status!(build.status)
|
update_status!(build.status)
|
||||||
rescue StandardError => e
|
rescue StandardError => e
|
||||||
|
|
|
@ -1,8 +0,0 @@
|
||||||
---
|
|
||||||
name: request_apdex_counters
|
|
||||||
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/69154
|
|
||||||
rollout_issue_url: https://gitlab.com/gitlab-com/gl-infra/scalability/-/issues/1099
|
|
||||||
milestone: '14.3'
|
|
||||||
type: development
|
|
||||||
group: team::Scalability
|
|
||||||
default_enabled: false
|
|
|
@ -0,0 +1,21 @@
|
||||||
|
---
|
||||||
|
data_category: optional
|
||||||
|
key_path: counts.kubernetes_agents
|
||||||
|
description: Count of Kubernetes registered agents
|
||||||
|
product_section: ops
|
||||||
|
product_stage: configure
|
||||||
|
product_group: group::configure
|
||||||
|
product_category: kubernetes_management
|
||||||
|
value_type: number
|
||||||
|
status: active
|
||||||
|
time_frame: all
|
||||||
|
data_source: database
|
||||||
|
distribution:
|
||||||
|
- ce
|
||||||
|
- ee
|
||||||
|
tier:
|
||||||
|
- free
|
||||||
|
- premium
|
||||||
|
- ultimate
|
||||||
|
performance_indicator_type: []
|
||||||
|
milestone: "<13.9"
|
|
@ -0,0 +1,21 @@
|
||||||
|
---
|
||||||
|
data_category: optional
|
||||||
|
key_path: counts.kubernetes_agents_with_token
|
||||||
|
description: Count of Kubernetes agents with at least one token
|
||||||
|
product_section: ops
|
||||||
|
product_stage: configure
|
||||||
|
product_group: group::configure
|
||||||
|
product_category: kubernetes_management
|
||||||
|
value_type: number
|
||||||
|
status: active
|
||||||
|
time_frame: all
|
||||||
|
data_source: database
|
||||||
|
distribution:
|
||||||
|
- ce
|
||||||
|
- ee
|
||||||
|
tier:
|
||||||
|
- free
|
||||||
|
- premium
|
||||||
|
- ultimate
|
||||||
|
performance_indicator_type: []
|
||||||
|
milestone: "<13.9"
|
|
@ -0,0 +1,22 @@
|
||||||
|
---
|
||||||
|
data_category: optional
|
||||||
|
key_path: counts.kubernetes_agent_k8s_api_proxy_request
|
||||||
|
description: Count of Kubernetes API proxy requests
|
||||||
|
product_section: ops
|
||||||
|
product_stage: configure
|
||||||
|
product_group: group::configure
|
||||||
|
product_category: kubernetes_management
|
||||||
|
value_type: number
|
||||||
|
status: active
|
||||||
|
milestone: '13.12'
|
||||||
|
introduced_by_url:
|
||||||
|
time_frame: all
|
||||||
|
data_source: redis
|
||||||
|
distribution:
|
||||||
|
- ce
|
||||||
|
- ee
|
||||||
|
tier:
|
||||||
|
- free
|
||||||
|
- premium
|
||||||
|
- ultimate
|
||||||
|
performance_indicator_type: []
|
|
@ -240,7 +240,7 @@ The search filters you can see depends on which audit level you are at.
|
||||||
| Scope (Instance level) | A specific group, project, or user that the action was scoped to. |
|
| Scope (Instance level) | A specific group, project, or user that the action was scoped to. |
|
||||||
| Date range | Either via the date range buttons or pickers (maximum range of 31 days). Default is from the first day of the month to today's date. |
|
| Date range | Either via the date range buttons or pickers (maximum range of 31 days). Default is from the first day of the month to today's date. |
|
||||||
|
|
||||||
![audit events](img/audit_log_v13_6.png)
|
![audit events](img/audit_events_v14_5.png)
|
||||||
|
|
||||||
## Export to CSV **(PREMIUM SELF)**
|
## Export to CSV **(PREMIUM SELF)**
|
||||||
|
|
||||||
|
|
Binary file not shown.
After Width: | Height: | Size: 32 KiB |
Binary file not shown.
Before Width: | Height: | Size: 43 KiB |
|
@ -276,6 +276,8 @@ configuration option in `gitlab.yml`. These metrics are served from the
|
||||||
| `geo_uploads_synced` | Gauge | 14.1 | Number of uploads synced on secondary | `url` |
|
| `geo_uploads_synced` | Gauge | 14.1 | Number of uploads synced on secondary | `url` |
|
||||||
| `geo_uploads_failed` | Gauge | 14.1 | Number of syncable uploads failed to sync on secondary | `url` |
|
| `geo_uploads_failed` | Gauge | 14.1 | Number of syncable uploads failed to sync on secondary | `url` |
|
||||||
| `geo_uploads_registry` | Gauge | 14.1 | Number of uploads in the registry | `url` |
|
| `geo_uploads_registry` | Gauge | 14.1 | Number of uploads in the registry | `url` |
|
||||||
|
| `gitlab_sli:rails_request_apdex:total` | Counter | 14.4 | The number of request-apdex measurements, [more information the development documentation](../../../development/application_slis/rails_request_apdex.md) | `endpoint_id`, `feature_category`, `request_urgency` |
|
||||||
|
| `gitlab_sli:rails_request_apdex:success_total` | Counter | 14.4 | The number of succesful requests that met the target duration for their urgency. Devide by `gitlab_sli:rails_requests_apdex:total` to get a success ratio | `endpoint_id`, `feature_category`, `request_urgency` |
|
||||||
|
|
||||||
## Database load balancing metrics **(PREMIUM SELF)**
|
## Database load balancing metrics **(PREMIUM SELF)**
|
||||||
|
|
||||||
|
|
|
@ -7,9 +7,9 @@ info: To determine the technical writer assigned to the Stage/Group associated w
|
||||||
|
|
||||||
# Security Configuration **(FREE)**
|
# Security Configuration **(FREE)**
|
||||||
|
|
||||||
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/20711) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.6. **(ULTIMATE)**
|
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/20711) in GitLab 12.6.
|
||||||
> - SAST configuration was [enabled](https://gitlab.com/groups/gitlab-org/-/epics/3659) in 13.3 and [improved](https://gitlab.com/gitlab-org/gitlab/-/issues/232862) in 13.4. **(ULTIMATE)**
|
> - SAST configuration was [enabled](https://gitlab.com/groups/gitlab-org/-/epics/3659) in 13.3 and [improved](https://gitlab.com/gitlab-org/gitlab/-/issues/232862) in 13.4.
|
||||||
> - DAST Profiles feature was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/40474) in 13.4. **(ULTIMATE)**
|
> - DAST Profiles feature was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/40474) in 13.4.
|
||||||
> - A simplified version was made [available in all tiers](https://gitlab.com/gitlab-org/gitlab/-/issues/294076) in GitLab 13.10.
|
> - A simplified version was made [available in all tiers](https://gitlab.com/gitlab-org/gitlab/-/issues/294076) in GitLab 13.10.
|
||||||
> - [Redesigned](https://gitlab.com/gitlab-org/gitlab/-/issues/326926) in 14.2.
|
> - [Redesigned](https://gitlab.com/gitlab-org/gitlab/-/issues/326926) in 14.2.
|
||||||
|
|
||||||
|
@ -38,31 +38,31 @@ Select **Configuration history** to see the `.gitlab-ci.yml` file's history.
|
||||||
|
|
||||||
You can configure the following security controls:
|
You can configure the following security controls:
|
||||||
|
|
||||||
- Static Application Security Testing (SAST) **(FREE)**
|
- [Static Application Security Testing](../sast/index.md) (SAST)
|
||||||
- Select **Enable SAST** to configure SAST for the current project.
|
- Select **Enable SAST** to configure SAST for the current project.
|
||||||
For more details, read [Configure SAST in the UI](../sast/index.md#configure-sast-in-the-ui).
|
For more details, read [Configure SAST in the UI](../sast/index.md#configure-sast-in-the-ui).
|
||||||
- Dynamic Application Security Testing (DAST) **(ULTIMATE)**
|
- [Dynamic Application Security Testing](../dast/index.md) (DAST)
|
||||||
- Select **Enable DAST** to configure DAST for the current project.
|
- Select **Enable DAST** to configure DAST for the current project.
|
||||||
- Select **Manage scans** to manage the saved DAST scans, site profiles, and scanner profiles.
|
- Select **Manage scans** to manage the saved DAST scans, site profiles, and scanner profiles.
|
||||||
For more details, read [DAST on-demand scans](../dast/index.md#on-demand-scans).
|
For more details, read [DAST on-demand scans](../dast/index.md#on-demand-scans).
|
||||||
- Dependency Scanning **(ULTIMATE)**
|
- [Dependency Scanning](../dependency_scanning/index.md)
|
||||||
- Select **Configure via Merge Request** to create a merge request with the changes required to
|
- Select **Configure via Merge Request** to create a merge request with the changes required to
|
||||||
enable Dependency Scanning. For more details, see [Enable Dependency Scanning via an automatic merge request](../dependency_scanning/index.md#enable-dependency-scanning-via-an-automatic-merge-request).
|
enable Dependency Scanning. For more details, see [Enable Dependency Scanning via an automatic merge request](../dependency_scanning/index.md#enable-dependency-scanning-via-an-automatic-merge-request).
|
||||||
- Container Scanning **(ULTIMATE)**
|
- [Container Scanning](../container_scanning/index.md)
|
||||||
- Can be configured with `.gitlab-ci.yml`. For more details, read [Container Scanning](../../../user/application_security/container_scanning/index.md#configuration).
|
- Can be configured with `.gitlab-ci.yml`. For more details, read [Container Scanning](../../../user/application_security/container_scanning/index.md#configuration).
|
||||||
- Cluster Image Scanning **(ULTIMATE)**
|
- [Cluster Image Scanning](../cluster_image_scanning/index.md)
|
||||||
- Can be configured with `.gitlab-ci.yml`. For more details, read [Cluster Image Scanning](../../../user/application_security/cluster_image_scanning/#configuration).
|
- Can be configured with `.gitlab-ci.yml`. For more details, read [Cluster Image Scanning](../../../user/application_security/cluster_image_scanning/#configuration).
|
||||||
- Secret Detection
|
- [Secret Detection](../secret_detection/index.md)
|
||||||
- Select **Configure via Merge Request** to create a merge request with the changes required to
|
- Select **Configure via Merge Request** to create a merge request with the changes required to
|
||||||
enable Secret Detection. For more details, read [Enable Secret Detection via an automatic merge request](../secret_detection/index.md#enable-secret-detection-via-an-automatic-merge-request).
|
enable Secret Detection. For more details, read [Enable Secret Detection via an automatic merge request](../secret_detection/index.md#enable-secret-detection-via-an-automatic-merge-request).
|
||||||
- API Fuzzing **(ULTIMATE)**
|
- [API Fuzzing](../api_fuzzing/index.md)
|
||||||
- Select **Enable API Fuzzing** to use API Fuzzing for the current project. For more details, read [API Fuzzing](../../../user/application_security/api_fuzzing/index.md#enable-web-api-fuzzing).
|
- Select **Enable API Fuzzing** to use API Fuzzing for the current project. For more details, read [API Fuzzing](../../../user/application_security/api_fuzzing/index.md#enable-web-api-fuzzing).
|
||||||
- Coverage Fuzzing **(ULTIMATE)**
|
- [Coverage Fuzzing](../coverage_fuzzing/index.md)
|
||||||
- Can be configured with `.gitlab-ci.yml`. For more details, read [Coverage Fuzzing](../../../user/application_security/coverage_fuzzing/index.md#configuration).
|
- Can be configured with `.gitlab-ci.yml`. For more details, read [Coverage Fuzzing](../../../user/application_security/coverage_fuzzing/index.md#configuration).
|
||||||
|
|
||||||
## Compliance **(ULTIMATE)**
|
## Compliance **(ULTIMATE)**
|
||||||
|
|
||||||
You can configure the following security controls:
|
You can configure the following security controls:
|
||||||
|
|
||||||
- License Compliance **(ULTIMATE)**
|
- [License Compliance](../../../user/compliance/license_compliance/index.md)
|
||||||
- Can be configured with `.gitlab-ci.yml`. For more details, read [License Compliance](../../../user/compliance/license_compliance/index.md#configuration).
|
- Can be configured with `.gitlab-ci.yml`. For more details, read [License Compliance](../../../user/compliance/license_compliance/index.md#configuration).
|
||||||
|
|
|
@ -7,7 +7,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
|
||||||
|
|
||||||
# Dependency list **(ULTIMATE)**
|
# Dependency list **(ULTIMATE)**
|
||||||
|
|
||||||
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/10075) in GitLab Ultimate 12.0.
|
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/10075) in GitLab 12.0.
|
||||||
|
|
||||||
Use the dependency list to review your project's dependencies and key
|
Use the dependency list to review your project's dependencies and key
|
||||||
details about those dependencies, including their known vulnerabilities. It is a collection of dependencies in your project, including existing and new findings.
|
details about those dependencies, including their known vulnerabilities. It is a collection of dependencies in your project, including existing and new findings.
|
||||||
|
@ -66,7 +66,7 @@ Dependency paths are supported for the following package managers:
|
||||||
|
|
||||||
## Licenses
|
## Licenses
|
||||||
|
|
||||||
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/10536) in GitLab Ultimate 12.3.
|
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/10536) in GitLab 12.3.
|
||||||
|
|
||||||
If the [License Compliance](../../compliance/license_compliance/index.md) CI job is configured,
|
If the [License Compliance](../../compliance/license_compliance/index.md) CI job is configured,
|
||||||
[discovered licenses](../../compliance/license_compliance/index.md#supported-languages-and-package-managers) are displayed on this page.
|
[discovered licenses](../../compliance/license_compliance/index.md#supported-languages-and-package-managers) are displayed on this page.
|
||||||
|
|
|
@ -33,17 +33,17 @@ GitLab uses the following tools to scan and report known vulnerabilities found i
|
||||||
|
|
||||||
| Secure scanning tool | Description |
|
| Secure scanning tool | Description |
|
||||||
|:-----------------------------------------------------------------------------|:-----------------------------------------------------------------------|
|
|:-----------------------------------------------------------------------------|:-----------------------------------------------------------------------|
|
||||||
| [Container Scanning](container_scanning/index.md) **(ULTIMATE)** | Scan Docker containers for known vulnerabilities. |
|
| [Container Scanning](container_scanning/index.md) | Scan Docker containers for known vulnerabilities. |
|
||||||
| [Dependency List](dependency_list/index.md) **(ULTIMATE)** | View your project's dependencies and their known vulnerabilities. |
|
| [Dependency List](dependency_list/index.md) | View your project's dependencies and their known vulnerabilities. |
|
||||||
| [Dependency Scanning](dependency_scanning/index.md) **(ULTIMATE)** | Analyze your dependencies for known vulnerabilities. |
|
| [Dependency Scanning](dependency_scanning/index.md) | Analyze your dependencies for known vulnerabilities. |
|
||||||
| [Dynamic Application Security Testing (DAST)](dast/index.md) **(ULTIMATE)** | Analyze running web applications for known vulnerabilities. |
|
| [Dynamic Application Security Testing (DAST)](dast/index.md) | Analyze running web applications for known vulnerabilities. |
|
||||||
| [DAST API](dast_api/index.md) **(ULTIMATE)** | Analyze running web APIs for known vulnerabilities. |
|
| [DAST API](dast_api/index.md) | Analyze running web APIs for known vulnerabilities. |
|
||||||
| [API fuzzing](api_fuzzing/index.md) **(ULTIMATE)** | Find unknown bugs and vulnerabilities in web APIs with fuzzing. |
|
| [API fuzzing](api_fuzzing/index.md) | Find unknown bugs and vulnerabilities in web APIs with fuzzing. |
|
||||||
| [Secret Detection](secret_detection/index.md) | Analyze Git history for leaked secrets. |
|
| [Secret Detection](secret_detection/index.md) | Analyze Git history for leaked secrets. |
|
||||||
| [Security Dashboard](security_dashboard/index.md) **(ULTIMATE)** | View vulnerabilities in all your projects and groups. |
|
| [Security Dashboard](security_dashboard/index.md) | View vulnerabilities in all your projects and groups. |
|
||||||
| [Static Application Security Testing (SAST)](sast/index.md) | Analyze source code for known vulnerabilities. |
|
| [Static Application Security Testing (SAST)](sast/index.md) | Analyze source code for known vulnerabilities. |
|
||||||
| [Coverage fuzzing](coverage_fuzzing/index.md) **(ULTIMATE)** | Find unknown bugs and vulnerabilities with coverage-guided fuzzing. |
|
| [Coverage fuzzing](coverage_fuzzing/index.md) | Find unknown bugs and vulnerabilities with coverage-guided fuzzing. |
|
||||||
| [Cluster Image Scanning](cluster_image_scanning/index.md) **(ULTIMATE)** | Scan Kubernetes clusters for known vulnerabilities. |
|
| [Cluster Image Scanning](cluster_image_scanning/index.md) | Scan Kubernetes clusters for known vulnerabilities. |
|
||||||
|
|
||||||
## Security scanning with Auto DevOps
|
## Security scanning with Auto DevOps
|
||||||
|
|
||||||
|
@ -185,7 +185,7 @@ By default, the vulnerability report does not show vulnerabilities of `dismissed
|
||||||
|
|
||||||
## Security approvals in merge requests
|
## Security approvals in merge requests
|
||||||
|
|
||||||
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/9928) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.2.
|
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/9928) in GitLab 12.2.
|
||||||
|
|
||||||
You can implement merge request approvals to require approval by selected users or a group when a
|
You can implement merge request approvals to require approval by selected users or a group when a
|
||||||
merge request would introduce one of the following security issues:
|
merge request would introduce one of the following security issues:
|
||||||
|
|
|
@ -118,9 +118,9 @@ examining the Cilium logs:
|
||||||
kubectl -n gitlab-managed-apps logs -l k8s-app=cilium -c cilium-monitor
|
kubectl -n gitlab-managed-apps logs -l k8s-app=cilium -c cilium-monitor
|
||||||
```
|
```
|
||||||
|
|
||||||
### Change the enforcement status
|
### Change the status
|
||||||
|
|
||||||
To change a network policy's enforcement status:
|
To change a network policy's status:
|
||||||
|
|
||||||
- Select the network policy you want to update.
|
- Select the network policy you want to update.
|
||||||
- Select **Edit policy**.
|
- Select **Edit policy**.
|
||||||
|
|
|
@ -6,8 +6,8 @@ info: To determine the technical writer assigned to the Stage/Group associated w
|
||||||
|
|
||||||
# SAST Analyzers **(FREE)**
|
# SAST Analyzers **(FREE)**
|
||||||
|
|
||||||
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/3775) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 10.3.
|
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/3775) in GitLab 10.3.
|
||||||
> - [Moved](https://gitlab.com/groups/gitlab-org/-/epics/2098) to GitLab Free in 13.3.
|
> - [Moved](https://gitlab.com/groups/gitlab-org/-/epics/2098) from GitLab Ultimate to GitLab Free in 13.3.
|
||||||
|
|
||||||
SAST relies on underlying third party tools that are wrapped into what we call
|
SAST relies on underlying third party tools that are wrapped into what we call
|
||||||
"Analyzers". An analyzer is a
|
"Analyzers". An analyzer is a
|
||||||
|
|
|
@ -7,8 +7,8 @@ type: reference, howto
|
||||||
|
|
||||||
# Static Application Security Testing (SAST) **(FREE)**
|
# Static Application Security Testing (SAST) **(FREE)**
|
||||||
|
|
||||||
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/3775) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 10.3.
|
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/3775) in GitLab 10.3.
|
||||||
> - All open source (OSS) analyzers were moved to GitLab Free in GitLab 13.3.
|
> - All open source (OSS) analyzers were moved from GitLab Ultimate to GitLab Free in GitLab 13.3.
|
||||||
|
|
||||||
NOTE:
|
NOTE:
|
||||||
The whitepaper ["A Seismic Shift in Application Security"](https://about.gitlab.com/resources/whitepaper-seismic-shift-application-security/)
|
The whitepaper ["A Seismic Shift in Application Security"](https://about.gitlab.com/resources/whitepaper-seismic-shift-application-security/)
|
||||||
|
@ -20,7 +20,7 @@ Testing (SAST) to check your source code for known vulnerabilities. When a pipel
|
||||||
the results of the SAST analysis are processed and shown in the pipeline's Security tab. If the
|
the results of the SAST analysis are processed and shown in the pipeline's Security tab. If the
|
||||||
pipeline is associated with a merge request, the SAST analysis is compared with the results of
|
pipeline is associated with a merge request, the SAST analysis is compared with the results of
|
||||||
the target branch's analysis (if available). The results of that comparison are shown in the merge
|
the target branch's analysis (if available). The results of that comparison are shown in the merge
|
||||||
request. **(ULTIMATE)** If the pipeline is running from the default branch, the results of the SAST
|
request. If the pipeline is running from the default branch, the results of the SAST
|
||||||
analysis are available in the [security dashboards](../security_dashboard/index.md).
|
analysis are available in the [security dashboards](../security_dashboard/index.md).
|
||||||
|
|
||||||
![SAST results shown in the MR widget](img/sast_results_in_mr_v14_0.png)
|
![SAST results shown in the MR widget](img/sast_results_in_mr_v14_0.png)
|
||||||
|
@ -197,7 +197,7 @@ Use the method that best meets your needs.
|
||||||
- [Configure SAST in the UI with default settings](#configure-sast-in-the-ui-with-default-settings)
|
- [Configure SAST in the UI with default settings](#configure-sast-in-the-ui-with-default-settings)
|
||||||
- [Configure SAST in the UI with customizations](#configure-sast-in-the-ui-with-customizations)
|
- [Configure SAST in the UI with customizations](#configure-sast-in-the-ui-with-customizations)
|
||||||
|
|
||||||
### Configure SAST in the UI with default settings **(FREE)**
|
### Configure SAST in the UI with default settings
|
||||||
|
|
||||||
> [Introduced](https://about.gitlab.com/releases/2021/02/22/gitlab-13-9-released/#security-configuration-page-for-all-users) in GitLab 13.9
|
> [Introduced](https://about.gitlab.com/releases/2021/02/22/gitlab-13-9-released/#security-configuration-page-for-all-users) in GitLab 13.9
|
||||||
|
|
||||||
|
@ -217,9 +217,9 @@ successfully, and an error may occur.
|
||||||
|
|
||||||
### Configure SAST in the UI with customizations **(ULTIMATE)**
|
### Configure SAST in the UI with customizations **(ULTIMATE)**
|
||||||
|
|
||||||
> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/3659) in GitLab Ultimate 13.3.
|
> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/3659) in GitLab 13.3.
|
||||||
> - [Improved](https://gitlab.com/gitlab-org/gitlab/-/issues/232862) in GitLab Ultimate 13.4.
|
> - [Improved](https://gitlab.com/gitlab-org/gitlab/-/issues/232862) in GitLab 13.4.
|
||||||
> - [Improved](https://gitlab.com/groups/gitlab-org/-/epics/3635) in GitLab Ultimate 13.5.
|
> - [Improved](https://gitlab.com/groups/gitlab-org/-/epics/3635) in GitLab 13.5.
|
||||||
|
|
||||||
To enable and configure SAST with customizations:
|
To enable and configure SAST with customizations:
|
||||||
|
|
||||||
|
@ -402,7 +402,7 @@ To create a custom ruleset:
|
||||||
|
|
||||||
### False Positive Detection **(ULTIMATE)**
|
### False Positive Detection **(ULTIMATE)**
|
||||||
|
|
||||||
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/292686) in GitLab 14.2.
|
> Introduced in GitLab 14.2.
|
||||||
|
|
||||||
Vulnerabilities that have been detected and are false positives will be flagged as false positives in the security dashboard.
|
Vulnerabilities that have been detected and are false positives will be flagged as false positives in the security dashboard.
|
||||||
|
|
||||||
|
@ -423,7 +423,7 @@ Read more on [how to use private Maven repositories](../index.md#using-private-m
|
||||||
|
|
||||||
### Enabling Kubesec analyzer
|
### Enabling Kubesec analyzer
|
||||||
|
|
||||||
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/12752) in GitLab Ultimate 12.6.
|
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/12752) in GitLab 12.6.
|
||||||
|
|
||||||
You need to set `SCAN_KUBERNETES_MANIFESTS` to `"true"` to enable the
|
You need to set `SCAN_KUBERNETES_MANIFESTS` to `"true"` to enable the
|
||||||
Kubesec analyzer. In `.gitlab-ci.yml`, define:
|
Kubesec analyzer. In `.gitlab-ci.yml`, define:
|
||||||
|
@ -569,7 +569,7 @@ Some analyzers can be customized with CI/CD variables.
|
||||||
|
|
||||||
#### Custom CI/CD variables
|
#### Custom CI/CD variables
|
||||||
|
|
||||||
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/18193) in GitLab Ultimate 12.5.
|
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/18193) in GitLab 12.5.
|
||||||
|
|
||||||
In addition to the aforementioned SAST configuration CI/CD variables,
|
In addition to the aforementioned SAST configuration CI/CD variables,
|
||||||
all [custom variables](../../../ci/variables/index.md#custom-cicd-variables) are propagated
|
all [custom variables](../../../ci/variables/index.md#custom-cicd-variables) are propagated
|
||||||
|
|
|
@ -7,8 +7,8 @@ info: To determine the technical writer assigned to the Stage/Group associated w
|
||||||
|
|
||||||
# Secret Detection **(FREE)**
|
# Secret Detection **(FREE)**
|
||||||
|
|
||||||
> - [Introduced](https://about.gitlab.com/releases/2019/03/22/gitlab-11-9-released/#detect-secrets-and-credentials-in-the-repository) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 11.9.
|
> - [Introduced](https://about.gitlab.com/releases/2019/03/22/gitlab-11-9-released/#detect-secrets-and-credentials-in-the-repository) in GitLab 11.9.
|
||||||
> - Made [available in all tiers](https://gitlab.com/gitlab-org/gitlab/-/issues/222788) in 13.3.
|
> - [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/222788) from GitLab Ultimate to GitLab Free in 13.3.
|
||||||
|
|
||||||
A recurring problem when developing applications is that developers may unintentionally commit
|
A recurring problem when developing applications is that developers may unintentionally commit
|
||||||
secrets and credentials to their remote repositories. If other people have access to the source,
|
secrets and credentials to their remote repositories. If other people have access to the source,
|
||||||
|
@ -138,9 +138,9 @@ The results are saved as a
|
||||||
that you can later download and analyze. Due to implementation limitations, we
|
that you can later download and analyze. Due to implementation limitations, we
|
||||||
always take the latest Secret Detection artifact available.
|
always take the latest Secret Detection artifact available.
|
||||||
|
|
||||||
### Enable Secret Detection via an automatic merge request **(FREE)**
|
### Enable Secret Detection via an automatic merge request
|
||||||
|
|
||||||
> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/4496) in GitLab 13.11, behind a feature flag, enabled by default.
|
> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/4496) in GitLab 13.11, deployed behind a feature flag, enabled by default.
|
||||||
> - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/329886) in GitLab 14.1.
|
> - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/329886) in GitLab 14.1.
|
||||||
|
|
||||||
To enable Secret Detection in a project, you can create a merge request
|
To enable Secret Detection in a project, you can create a merge request
|
||||||
|
|
|
@ -7,7 +7,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
|
||||||
|
|
||||||
# Vulnerability Pages **(ULTIMATE)**
|
# Vulnerability Pages **(ULTIMATE)**
|
||||||
|
|
||||||
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/13561) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.0.
|
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/13561) in GitLab 13.0.
|
||||||
|
|
||||||
Each vulnerability in a project has a Vulnerability Page. This page contains details of the
|
Each vulnerability in a project has a Vulnerability Page. This page contains details of the
|
||||||
vulnerability. The details included vary according to the type of vulnerability. Details of each
|
vulnerability. The details included vary according to the type of vulnerability. Details of each
|
||||||
|
|
|
@ -151,7 +151,7 @@ To change the status of vulnerabilities in the table:
|
||||||
|
|
||||||
### Change status of multiple vulnerabilities
|
### Change status of multiple vulnerabilities
|
||||||
|
|
||||||
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/35816) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.9.
|
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/35816) in GitLab 12.9.
|
||||||
|
|
||||||
You can change the status of multiple vulnerabilities at once:
|
You can change the status of multiple vulnerabilities at once:
|
||||||
|
|
||||||
|
@ -162,8 +162,8 @@ You can change the status of multiple vulnerabilities at once:
|
||||||
|
|
||||||
## Export vulnerability details
|
## Export vulnerability details
|
||||||
|
|
||||||
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/213014) in the Security Center (previously known as the Instance Security Dashboard) and project-level Vulnerability Report (previously known as the Project Security Dashboard) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.0.
|
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/213014) in the Security Center (previously known as the Instance Security Dashboard) and project-level Vulnerability Report (previously known as the Project Security Dashboard) in GitLab 13.0.
|
||||||
> - [Added](https://gitlab.com/gitlab-org/gitlab/-/issues/213013) to the group-level Vulnerability Report in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.1.
|
> - [Added](https://gitlab.com/gitlab-org/gitlab/-/issues/213013) to the group-level Vulnerability Report in GitLab 13.1.
|
||||||
|
|
||||||
You can export details of the vulnerabilities listed in the Vulnerability Report. The export format
|
You can export details of the vulnerabilities listed in the Vulnerability Report. The export format
|
||||||
is CSV (comma separated values). Note that all vulnerabilities are included because filters don't
|
is CSV (comma separated values). Note that all vulnerabilities are included because filters don't
|
||||||
|
@ -197,7 +197,7 @@ thousands of vulnerabilities. Don't close the page until the download finishes.
|
||||||
|
|
||||||
## Dismiss a vulnerability
|
## Dismiss a vulnerability
|
||||||
|
|
||||||
> The option of adding a dismissal reason was introduced in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.0.
|
> The option of adding a dismissal reason was introduced in GitLab 12.0.
|
||||||
|
|
||||||
You can dismiss a vulnerability for the entire project:
|
You can dismiss a vulnerability for the entire project:
|
||||||
|
|
||||||
|
|
Binary file not shown.
Before Width: | Height: | Size: 11 KiB |
|
@ -7,144 +7,148 @@ disqus_identifier: 'https://docs.gitlab.com/ee/workflow/repository_mirroring.htm
|
||||||
|
|
||||||
# Repository mirroring **(FREE)**
|
# Repository mirroring **(FREE)**
|
||||||
|
|
||||||
Repository mirroring allows for the mirroring of repositories to and from external sources. You
|
You can _mirror_ a repository to and from external sources. You can select which
|
||||||
can use it to mirror branches, tags, and commits between repositories. It helps you use
|
repository serves as the source, and modify which parts of the repository are copied.
|
||||||
a repository outside of GitLab.
|
Branches, tags, and commits can be mirrored.
|
||||||
|
|
||||||
A repository mirror at GitLab updates automatically. You can also manually trigger an update:
|
Several mirroring methods exist:
|
||||||
|
|
||||||
- At most once every five minutes on GitLab.com.
|
|
||||||
- According to a [limit set by the administrator](../../../../administration/instance_limits.md#pull-mirroring-interval)
|
|
||||||
on self-managed instances.
|
|
||||||
|
|
||||||
There are two kinds of repository mirroring supported by GitLab:
|
|
||||||
|
|
||||||
- [Push](push.md): for mirroring a GitLab repository to another location.
|
- [Push](push.md): for mirroring a GitLab repository to another location.
|
||||||
- [Pull](pull.md): for mirroring a repository from another location to GitLab.
|
- [Pull](pull.md): for mirroring a repository from another location to GitLab.
|
||||||
|
- [Bidirectional](bidirectional.md) mirroring is also available, but can cause conflicts.
|
||||||
|
|
||||||
|
Mirror a repository when:
|
||||||
|
|
||||||
|
- The canonical version of your project has migrated to GitLab. To keep providing a
|
||||||
|
copy of your project at its previous home, configure your GitLab repository as a
|
||||||
|
[push mirror](push.md). Changes you make to your GitLab repository are copied to
|
||||||
|
the old location.
|
||||||
|
- Your GitLab project is private, but some components can be shared publicly.
|
||||||
|
Configure your primary repository as a [push mirror](push.md) and push the portions
|
||||||
|
you want to make public. With this configuration, you can open-source specific
|
||||||
|
projects, contribute back to the open-source community, and protect the sensitive
|
||||||
|
parts of your project.
|
||||||
|
- You migrated to GitLab, but the canonical version of your project is somewhere else.
|
||||||
|
Configure your GitLab repository as a [pull mirror](pull.md) of the other project.
|
||||||
|
Your GitLab repository pulls copies of the commits, tags, and branches of project.
|
||||||
|
They become available to use on GitLab.
|
||||||
|
|
||||||
|
## Create a repository mirror
|
||||||
|
|
||||||
|
Prerequisite:
|
||||||
|
|
||||||
|
- You must have at least the [Maintainer role](../../../permissions.md) for the project.
|
||||||
|
- If your mirror connects with `ssh://`, the host key must be detectable on the server,
|
||||||
|
or you must have a local copy of the key.
|
||||||
|
|
||||||
|
1. On the top bar, select **Menu > Projects** and find your project.
|
||||||
|
1. On the left sidebar, select **Settings > Repository**.
|
||||||
|
1. Expand **Mirroring repositories**.
|
||||||
|
1. Enter a **Git repository URL**. For security reasons, the URL to the original
|
||||||
|
repository is only displayed to users with the [Maintainer role](../../../permissions.md)
|
||||||
|
or the [Owner role](../../../permissions.md) for the mirrored project.
|
||||||
|
1. Select a **Mirror direction**.
|
||||||
|
1. If you entered a `ssh://` URL, select either:
|
||||||
|
- **Detect host keys**: GitLab fetches the host keys from the server and displays the fingerprints.
|
||||||
|
- **Input host keys manually**, and enter the host key into **SSH host key**.
|
||||||
|
|
||||||
|
When mirroring the repository, GitLab confirms at least one of the stored host keys
|
||||||
|
matches before connecting. This check can protect your mirror from malicious code injections,
|
||||||
|
or your password from being stolen.
|
||||||
|
1. Select an **Authentication method**. To learn more, read
|
||||||
|
[Authentication methods for mirrors](#authentication-methods-for-mirrors).
|
||||||
|
1. If you authenticate with SSH host keys, [verify the host key](#verify-a-host-key)
|
||||||
|
to ensure it is correct.
|
||||||
|
1. To prevent force-pushing over diverged refs, select [**Keep divergent refs**](push.md#keep-divergent-refs).
|
||||||
|
1. Optional. Select [**Mirror only protected branches**](#mirror-only-protected-branches).
|
||||||
|
1. Select **Mirror repository**.
|
||||||
|
|
||||||
|
If you select `SSH public key` as your authentication method, GitLab generates a
|
||||||
|
public key for your GitLab repository. You must provide this key to the non-GitLab server.
|
||||||
|
To learn more, read [Get your SSH public key](#get-your-ssh-public-key).
|
||||||
|
|
||||||
|
## Update a mirror
|
||||||
|
|
||||||
When the mirror repository is updated, all new branches, tags, and commits are visible in the
|
When the mirror repository is updated, all new branches, tags, and commits are visible in the
|
||||||
project's activity feed.
|
project's activity feed. A repository mirror at GitLab updates automatically.
|
||||||
|
You can also manually trigger an update:
|
||||||
|
|
||||||
Users with the [Maintainer role](../../../permissions.md) for the project can also force an
|
- At most once every five minutes on GitLab.com.
|
||||||
immediate update, unless:
|
- According to [the pull mirroring interval limit](../../../../administration/instance_limits.md#pull-mirroring-interval)
|
||||||
|
set by the administrator on self-managed instances.
|
||||||
|
|
||||||
|
### Force an update
|
||||||
|
|
||||||
|
While mirrors are scheduled to update automatically, you can force an immediate update unless:
|
||||||
|
|
||||||
- The mirror is already being updated.
|
- The mirror is already being updated.
|
||||||
- The [limit for pull mirroring interval seconds](../../../../administration/instance_limits.md#pull-mirroring-interval) has not elapsed after its last update.
|
- The [interval, in seconds](../../../../administration/instance_limits.md#pull-mirroring-interval)
|
||||||
|
for pull mirroring limits has not elapsed after its last update.
|
||||||
|
|
||||||
For security reasons, the URL to the original repository is only displayed to users with the
|
Prerequisite:
|
||||||
[Maintainer role](../../../permissions.md) or the [Owner role](../../../permissions.md) for the mirrored
|
|
||||||
project.
|
|
||||||
|
|
||||||
## Use cases
|
- You must have at least the [Maintainer role](../../../permissions.md) for the project.
|
||||||
|
|
||||||
The following are some possible use cases for repository mirroring:
|
1. On the top bar, select **Menu > Projects** and find your project.
|
||||||
|
1. On the left sidebar, select **Settings > Repository**.
|
||||||
- You migrated to GitLab but still must keep your project in another source. In that case, you
|
1. Expand **Mirroring repositories**.
|
||||||
can set it up to mirror to GitLab (pull) and all the essential history of commits, tags,
|
1. Scroll to **Mirrored repositories** and identify the mirror to update.
|
||||||
and branches are available in your GitLab instance. **(PREMIUM)**
|
1. Select **Update now** (**{retry}**):
|
||||||
- You have old projects in another source that you don't use actively anymore, but don't want to
|
![Repository mirroring force update user interface](img/repository_mirroring_force_update.png)
|
||||||
remove for archiving purposes. In that case, you can create a push mirror so that your active
|
|
||||||
GitLab repository can push its changes to the old location.
|
|
||||||
- You are a GitLab self-managed user for privacy reasons and your instance is closed to the public,
|
|
||||||
but you still have certain software components that you want open sourced. In this case, utilizing
|
|
||||||
GitLab to be your primary repository which is closed from the public, and using push mirroring to a
|
|
||||||
GitLab.com repository that's public, allows you to open source specific projects and contribute back
|
|
||||||
to the open source community.
|
|
||||||
|
|
||||||
## Mirror only protected branches **(PREMIUM)**
|
## Mirror only protected branches **(PREMIUM)**
|
||||||
|
|
||||||
> Moved to GitLab Premium in 13.9.
|
> Moved to GitLab Premium in 13.9.
|
||||||
|
|
||||||
Based on the mirror direction that you choose, you can opt to mirror only the
|
You can choose to mirror only the
|
||||||
[protected branches](../../protected_branches.md) in the mirroring project,
|
[protected branches](../../protected_branches.md) in the mirroring project,
|
||||||
either from or to your remote repository. For pull mirroring, non-protected branches in
|
either from or to your remote repository. For [pull mirroring](pull.md),
|
||||||
the mirroring project are not mirrored and can diverge.
|
non-protected branches in the mirroring project are not mirrored and can diverge.
|
||||||
|
|
||||||
To use this option, check the **Only mirror protected branches** box when
|
To use this option, select **Only mirror protected branches** when you create a repository mirror.
|
||||||
creating a repository mirror. **(PREMIUM)**
|
|
||||||
|
|
||||||
## SSH authentication
|
## Authentication methods for mirrors
|
||||||
|
|
||||||
> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/22982) in GitLab 11.6 for Push mirroring.
|
When you create a mirror, you must configure the authentication method for it.
|
||||||
|
GitLab supports these authentication methods:
|
||||||
|
|
||||||
|
- [SSH authentication](#ssh-authentication).
|
||||||
|
- Password.
|
||||||
|
|
||||||
|
### SSH authentication
|
||||||
|
|
||||||
SSH authentication is mutual:
|
SSH authentication is mutual:
|
||||||
|
|
||||||
- You have to prove to the server that you're allowed to access the repository.
|
- You must prove to the server that you're allowed to access the repository.
|
||||||
- The server also has to prove to *you* that it's who it claims to be.
|
- The server must also *prove to you* that it's who it claims to be.
|
||||||
|
|
||||||
You provide your credentials as a password or public key. The server that the
|
For SSH authentication, you provide your credentials as a password or _public key_.
|
||||||
other repository resides on provides its credentials as a "host key", the
|
The server that the other repository resides on provides its credentials as a _host key_.
|
||||||
fingerprint of which needs to be verified manually.
|
You must [verify the fingerprint](#verify-a-host-key) of this host key manually.
|
||||||
|
|
||||||
If you're mirroring over SSH (using an `ssh://` URL), you can authenticate using:
|
If you're mirroring over SSH (using an `ssh://` URL), you can authenticate using:
|
||||||
|
|
||||||
- Password-based authentication, just as over HTTPS.
|
- Password-based authentication, just as over HTTPS.
|
||||||
- Public key authentication. This is often more secure than password authentication,
|
- Public key authentication. This method is often more secure than password authentication,
|
||||||
especially when the other repository supports [deploy keys](../../deploy_keys/index.md).
|
especially when the other repository supports [deploy keys](../../deploy_keys/index.md).
|
||||||
|
|
||||||
To get started:
|
### Get your SSH public key
|
||||||
|
|
||||||
1. In your project, go to **Settings > Repository**, and then expand the **Mirroring repositories** section.
|
When you mirror a repository and select the **SSH public key** as your
|
||||||
1. Enter an `ssh://` URL for mirroring.
|
authentication method, GitLab generates a public key for you. The non-GitLab server
|
||||||
|
needs this key to establish trust with your GitLab repository. To copy your SSH public key:
|
||||||
|
|
||||||
NOTE:
|
1. On the top bar, select **Menu > Projects** and find your project.
|
||||||
SCP-style URLs (that is, `git@example.com:group/project.git`) are not supported at this time.
|
1. On the left sidebar, select **Settings > Repository**.
|
||||||
|
1. Expand **Mirroring repositories**.
|
||||||
Entering the URL adds two buttons to the page:
|
1. Scroll to **Mirrored repositories**.
|
||||||
|
1. Identify the correct repository, and select **Copy SSH public key**.
|
||||||
- **Detect host keys**.
|
1. Add the public SSH key to the other repository's configuration:
|
||||||
- **Input host keys manually**.
|
- If the other repository is hosted on GitLab, add the public SSH key
|
||||||
|
as a [deploy key](../../../project/deploy_keys/index.md).
|
||||||
If you select the:
|
- If the other repository is hosted elsewhere, add the key to
|
||||||
|
your user's `authorized_keys` file. Paste the entire public SSH key into the
|
||||||
- **Detect host keys** button, GitLab fetches the host keys from the server and display the fingerprints.
|
file on its own line and save it.
|
||||||
- **Input host keys manually** button, a field is displayed where you can paste in host keys.
|
|
||||||
|
|
||||||
Assuming you used the former, you now must verify that the fingerprints are
|
|
||||||
those you expect. GitLab.com and other code hosting sites publish their
|
|
||||||
fingerprints in the open for you to check:
|
|
||||||
|
|
||||||
- [AWS CodeCommit](https://docs.aws.amazon.com/codecommit/latest/userguide/regions.html#regions-fingerprints)
|
|
||||||
- [Bitbucket](https://support.atlassian.com/bitbucket-cloud/docs/configure-ssh-and-two-step-verification/)
|
|
||||||
- [GitHub](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints)
|
|
||||||
- [GitLab.com](../../../gitlab_com/index.md#ssh-host-keys-fingerprints)
|
|
||||||
- [Launchpad](https://help.launchpad.net/SSHFingerprints)
|
|
||||||
- [Savannah](http://savannah.gnu.org/maintenance/SshAccess/)
|
|
||||||
- [SourceForge](https://sourceforge.net/p/forge/documentation/SSH%20Key%20Fingerprints/)
|
|
||||||
|
|
||||||
Other providers vary. If you're running self-managed GitLab, or otherwise
|
|
||||||
have access to the server for the other repository, you can securely gather the
|
|
||||||
key fingerprints:
|
|
||||||
|
|
||||||
```shell
|
|
||||||
$ cat /etc/ssh/ssh_host*pub | ssh-keygen -E md5 -l -f -
|
|
||||||
256 MD5:f4:28:9f:23:99:15:21:1b:bf:ed:1f:8e:a0:76:b2:9d root@example.com (ECDSA)
|
|
||||||
256 MD5:e6:eb:45:8a:3c:59:35:5f:e9:5b:80:12:be:7e:22:73 root@example.com (ED25519)
|
|
||||||
2048 MD5:3f:72:be:3d:62:03:5c:62:83:e8:6e:14:34:3a:85:1d root@example.com (RSA)
|
|
||||||
```
|
|
||||||
|
|
||||||
NOTE:
|
|
||||||
You must exclude `-E md5` for some older versions of SSH.
|
|
||||||
|
|
||||||
When mirroring the repository, GitLab checks that at least one of the
|
|
||||||
stored host keys matches before connecting. This can prevent malicious code from
|
|
||||||
being injected into your mirror, or your password being stolen.
|
|
||||||
|
|
||||||
### SSH public key authentication
|
|
||||||
|
|
||||||
To use SSH public key authentication, you must also choose that option
|
|
||||||
from the **Authentication method** dropdown. When the mirror is created,
|
|
||||||
GitLab generates a 4096-bit RSA key that can be copied by selecting the **Copy SSH public key** button.
|
|
||||||
|
|
||||||
![Repository mirroring copy SSH public key to clipboard button](img/repository_mirroring_copy_ssh_public_key_button.png)
|
|
||||||
|
|
||||||
You then must add the public SSH key to the other repository's configuration:
|
|
||||||
|
|
||||||
- If the other repository is hosted on GitLab, you should add the public SSH key
|
|
||||||
as a [deploy key](../../../project/deploy_keys/index.md).
|
|
||||||
- If the other repository is hosted elsewhere, you must add the key to
|
|
||||||
your user's `authorized_keys` file. Paste the entire public SSH key into the
|
|
||||||
file on its own line and save it.
|
|
||||||
|
|
||||||
If you must change the key at any time, you can remove and re-add the mirror
|
If you must change the key at any time, you can remove and re-add the mirror
|
||||||
to generate a new key. Update the other repository with the new
|
to generate a new key. Update the other repository with the new
|
||||||
|
@ -154,14 +158,36 @@ NOTE:
|
||||||
The generated keys are stored in the GitLab database, not in the file system. Therefore,
|
The generated keys are stored in the GitLab database, not in the file system. Therefore,
|
||||||
SSH public key authentication for mirrors cannot be used in a pre-receive hook.
|
SSH public key authentication for mirrors cannot be used in a pre-receive hook.
|
||||||
|
|
||||||
## Force an update **(FREE)**
|
### Verify a host key
|
||||||
|
|
||||||
While mirrors are scheduled to update automatically, you can always force an update by using the
|
When using a host key, always verify the fingerprints match what you expect.
|
||||||
update button which is available on the **Mirroring repositories** section of the **Repository Settings** page.
|
GitLab.com and other code hosting sites publish their fingerprints
|
||||||
|
for you to check:
|
||||||
|
|
||||||
![Repository mirroring force update user interface](img/repository_mirroring_force_update.png)
|
- [AWS CodeCommit](https://docs.aws.amazon.com/codecommit/latest/userguide/regions.html#regions-fingerprints)
|
||||||
|
- [Bitbucket](https://support.atlassian.com/bitbucket-cloud/docs/configure-ssh-and-two-step-verification/)
|
||||||
|
- [GitHub](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints)
|
||||||
|
- [GitLab.com](../../../gitlab_com/index.md#ssh-host-keys-fingerprints)
|
||||||
|
- [Launchpad](https://help.launchpad.net/SSHFingerprints)
|
||||||
|
- [Savannah](http://savannah.gnu.org/maintenance/SshAccess/)
|
||||||
|
- [SourceForge](https://sourceforge.net/p/forge/documentation/SSH%20Key%20Fingerprints/)
|
||||||
|
|
||||||
## Resources
|
Other providers vary. You can securely gather key fingerprints with the following
|
||||||
|
command if you:
|
||||||
|
|
||||||
|
- Run self-managed GitLab.
|
||||||
|
- Have access to the server for the other repository.
|
||||||
|
|
||||||
|
```shell
|
||||||
|
$ cat /etc/ssh/ssh_host*pub | ssh-keygen -E md5 -l -f -
|
||||||
|
256 MD5:f4:28:9f:23:99:15:21:1b:bf:ed:1f:8e:a0:76:b2:9d root@example.com (ECDSA)
|
||||||
|
256 MD5:e6:eb:45:8a:3c:59:35:5f:e9:5b:80:12:be:7e:22:73 root@example.com (ED25519)
|
||||||
|
2048 MD5:3f:72:be:3d:62:03:5c:62:83:e8:6e:14:34:3a:85:1d root@example.com (RSA)
|
||||||
|
```
|
||||||
|
|
||||||
|
Older versions of SSH may require you to remove `-E md5` from the command.
|
||||||
|
|
||||||
|
## Related topics
|
||||||
|
|
||||||
- Configure a [Pull Mirroring Interval](../../../../administration/instance_limits.md#pull-mirroring-interval)
|
- Configure a [Pull Mirroring Interval](../../../../administration/instance_limits.md#pull-mirroring-interval)
|
||||||
- [Disable mirrors for a project](../../../admin_area/settings/visibility_and_access_controls.md#enable-project-mirroring)
|
- [Disable mirrors for a project](../../../admin_area/settings/visibility_and_access_controls.md#enable-project-mirroring)
|
||||||
|
@ -171,24 +197,33 @@ update button which is available on the **Mirroring repositories** section of th
|
||||||
|
|
||||||
Should an error occur during a push, GitLab displays an **Error** highlight for that repository. Details on the error can then be seen by hovering over the highlight text.
|
Should an error occur during a push, GitLab displays an **Error** highlight for that repository. Details on the error can then be seen by hovering over the highlight text.
|
||||||
|
|
||||||
### 13:Received RST_STREAM with error code 2 with GitHub
|
### Received RST_STREAM with error code 2 with GitHub
|
||||||
|
|
||||||
If you receive a "13:Received RST_STREAM with error code 2" message while mirroring to a GitHub repository,
|
If you receive this message while mirroring to a GitHub repository:
|
||||||
your GitHub settings might be set to block pushes that expose your email address used in commits. Either
|
|
||||||
set your email address on GitHub to be public, or disable the [Block command line pushes that expose my email](https://github.com/settings/emails) setting.
|
|
||||||
|
|
||||||
### 4:Deadline Exceeded
|
```plaintext
|
||||||
|
13:Received RST_STREAM with error code 2
|
||||||
|
```
|
||||||
|
|
||||||
When upgrading to GitLab 11.11.8 or newer, a change in how usernames are represented means that you
|
Your GitHub settings might be set to block pushes that expose your email address
|
||||||
|
used in commits. To fix this problem, either:
|
||||||
|
|
||||||
|
- Set your GitHub email address to public.
|
||||||
|
- Disable the [Block command line pushes that expose my email](https://github.com/settings/emails) setting.
|
||||||
|
|
||||||
|
### Deadline Exceeded
|
||||||
|
|
||||||
|
When upgrading to GitLab 11.11.8 or later, a change in how usernames are represented means that you
|
||||||
must update your mirroring username and password to ensure that `%40` characters are replaced with `@`.
|
must update your mirroring username and password to ensure that `%40` characters are replaced with `@`.
|
||||||
|
|
||||||
### Connection blocked because server only allows public key authentication
|
### Connection blocked because server only allows public key authentication
|
||||||
|
|
||||||
As the error indicates, the connection is getting blocked between GitLab and the remote repository. Even if a
|
The connection between GitLab and the remote repository is blocked. Even if a
|
||||||
[TCP Check](../../../../administration/raketasks/maintenance.md#check-tcp-connectivity-to-a-remote-site) is successful,
|
[TCP Check](../../../../administration/raketasks/maintenance.md#check-tcp-connectivity-to-a-remote-site)
|
||||||
you must check any networking components in the route from GitLab to the remote Server to ensure there's no blockage.
|
is successful, you must check any networking components in the route from GitLab
|
||||||
|
to the remote server for blockage.
|
||||||
|
|
||||||
For example, we've seen this error when a Firewall was performing a `Deep SSH Inspection` on outgoing packets.
|
This error can occur when a firewall performs a `Deep SSH Inspection` on outgoing packets.
|
||||||
|
|
||||||
### Could not read username: terminal prompts disabled
|
### Could not read username: terminal prompts disabled
|
||||||
|
|
||||||
|
@ -196,29 +231,31 @@ If you receive this error after creating a new project using
|
||||||
[GitLab CI/CD for external repositories](../../../../ci/ci_cd_for_external_repos/):
|
[GitLab CI/CD for external repositories](../../../../ci/ci_cd_for_external_repos/):
|
||||||
|
|
||||||
```plaintext
|
```plaintext
|
||||||
"2:fetch remote: "fatal: could not read Username for 'https://bitbucket.org': terminal prompts disabled\n": exit status 128."
|
"2:fetch remote: "fatal: could not read Username for 'https://bitbucket.org':
|
||||||
|
terminal prompts disabled\n": exit status 128."
|
||||||
```
|
```
|
||||||
|
|
||||||
Check if the repository owner is specified in the URL of your mirrored repository:
|
Check if the repository owner is specified in the URL of your mirrored repository:
|
||||||
|
|
||||||
1. Go to your project.
|
1. On the top bar, select **Menu > Projects** and find your project.
|
||||||
1. On the left sidebar, select **Settings > Repository**.
|
1. On the left sidebar, select **Settings > Repository**.
|
||||||
1. Select **Mirroring repositories**.
|
1. Expand **Mirroring repositories**.
|
||||||
1. If no repository owner is specified, delete and add the URL again in this format:
|
1. If no repository owner is specified, delete and add the URL again in this format,
|
||||||
|
replacing `OWNER`, `ACCOUNTNAME`, and `REPONAME` with your values:
|
||||||
|
|
||||||
```plaintext
|
```plaintext
|
||||||
https://**<repo_owner>**@bitbucket.org/<accountname>/<reponame>.git
|
https://OWNER@bitbucket.org/ACCOUNTNAME/REPONAME.git
|
||||||
```
|
```
|
||||||
|
|
||||||
The repository owner is needed for Bitbucket to connect to the repository for mirroring.
|
When connecting to the repository for mirroring, Bitbucket requires the repository owner in the string.
|
||||||
|
|
||||||
### Pull mirror is missing LFS files
|
### Pull mirror is missing LFS files
|
||||||
|
|
||||||
In some cases, pull mirroring does not transfer LFS files. This issue occurs when:
|
In some cases, pull mirroring does not transfer LFS files. This issue occurs when:
|
||||||
|
|
||||||
- You use an SSH repository URL. The workaround is to use an HTTPS repository URL instead.
|
- You use an SSH repository URL. The workaround is to use an HTTPS repository URL instead.
|
||||||
There is [an issue to fix this for SSH URLs](https://gitlab.com/gitlab-org/gitlab/-/issues/11997).
|
An issue exists [to fix this problem for SSH URLs](https://gitlab.com/gitlab-org/gitlab/-/issues/11997).
|
||||||
- You're using GitLab 14.0 or older, and the source repository is a public Bitbucket URL.
|
- You're using GitLab 14.0 or older, and the source repository is a public Bitbucket URL.
|
||||||
This was [fixed in GitLab 14.0.6](https://gitlab.com/gitlab-org/gitlab/-/issues/335123).
|
[Fixed](https://gitlab.com/gitlab-org/gitlab/-/issues/335123) in GitLab 14.0.6.
|
||||||
- You mirror an external repository using object storage.
|
- You mirror an external repository using object storage.
|
||||||
There is [an issue to fix this](https://gitlab.com/gitlab-org/gitlab/-/issues/335495).
|
An issue exists [to fix this problem](https://gitlab.com/gitlab-org/gitlab/-/issues/335495).
|
||||||
|
|
|
@ -4,12 +4,7 @@ module Gitlab
|
||||||
module Metrics
|
module Metrics
|
||||||
module RailsSlis
|
module RailsSlis
|
||||||
class << self
|
class << self
|
||||||
def request_apdex_counters_enabled?
|
|
||||||
Feature.enabled?(:request_apdex_counters)
|
|
||||||
end
|
|
||||||
|
|
||||||
def initialize_request_slis_if_needed!
|
def initialize_request_slis_if_needed!
|
||||||
return unless request_apdex_counters_enabled?
|
|
||||||
return if Gitlab::Metrics::Sli.initialized?(:rails_request_apdex)
|
return if Gitlab::Metrics::Sli.initialized?(:rails_request_apdex)
|
||||||
|
|
||||||
Gitlab::Metrics::Sli.initialize_sli(:rails_request_apdex, possible_request_labels)
|
Gitlab::Metrics::Sli.initialize_sli(:rails_request_apdex, possible_request_labels)
|
||||||
|
|
|
@ -79,7 +79,7 @@ module Gitlab
|
||||||
if !health_endpoint && ::Gitlab::Metrics.record_duration_for_status?(status)
|
if !health_endpoint && ::Gitlab::Metrics.record_duration_for_status?(status)
|
||||||
self.class.http_request_duration_seconds.observe({ method: method }, elapsed)
|
self.class.http_request_duration_seconds.observe({ method: method }, elapsed)
|
||||||
|
|
||||||
record_apdex_if_needed(env, elapsed)
|
record_apdex(env, elapsed)
|
||||||
end
|
end
|
||||||
|
|
||||||
[status, headers, body]
|
[status, headers, body]
|
||||||
|
@ -113,9 +113,7 @@ module Gitlab
|
||||||
::Gitlab::ApplicationContext.current_context_attribute(:caller_id)
|
::Gitlab::ApplicationContext.current_context_attribute(:caller_id)
|
||||||
end
|
end
|
||||||
|
|
||||||
def record_apdex_if_needed(env, elapsed)
|
def record_apdex(env, elapsed)
|
||||||
return unless Gitlab::Metrics::RailsSlis.request_apdex_counters_enabled?
|
|
||||||
|
|
||||||
urgency = urgency_for_env(env)
|
urgency = urgency_for_env(env)
|
||||||
|
|
||||||
Gitlab::Metrics::RailsSlis.request_apdex.increment(
|
Gitlab::Metrics::RailsSlis.request_apdex.increment(
|
||||||
|
|
|
@ -12890,7 +12890,9 @@ msgid "Enterprise"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
msgid "Environment"
|
msgid "Environment"
|
||||||
msgstr ""
|
msgid_plural "Environments"
|
||||||
|
msgstr[0] ""
|
||||||
|
msgstr[1] ""
|
||||||
|
|
||||||
msgid "Environment does not have deployments"
|
msgid "Environment does not have deployments"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
@ -22591,9 +22593,6 @@ msgstr ""
|
||||||
msgid "NetworkPolicies|Edit policy"
|
msgid "NetworkPolicies|Edit policy"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
msgid "NetworkPolicies|Enforcement status"
|
|
||||||
msgstr ""
|
|
||||||
|
|
||||||
msgid "NetworkPolicies|Environment does not have deployment platform"
|
msgid "NetworkPolicies|Environment does not have deployment platform"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
|
@ -30242,16 +30241,19 @@ msgstr ""
|
||||||
msgid "SecurityOrchestration|Description"
|
msgid "SecurityOrchestration|Description"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
|
msgid "SecurityOrchestration|Disabled"
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
msgid "SecurityOrchestration|Edit policy"
|
msgid "SecurityOrchestration|Edit policy"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
msgid "SecurityOrchestration|Edit policy project"
|
msgid "SecurityOrchestration|Edit policy project"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
msgid "SecurityOrchestration|Enforce security for this project. %{linkStart}More information.%{linkEnd}"
|
msgid "SecurityOrchestration|Enabled"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
msgid "SecurityOrchestration|Enforcement Status"
|
msgid "SecurityOrchestration|Enforce security for this project. %{linkStart}More information.%{linkEnd}"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
msgid "SecurityOrchestration|Executes a %{scanType} scan"
|
msgid "SecurityOrchestration|Executes a %{scanType} scan"
|
||||||
|
@ -30320,6 +30322,9 @@ msgstr ""
|
||||||
msgid "SecurityOrchestration|Sorry, your filter produced no results."
|
msgid "SecurityOrchestration|Sorry, your filter produced no results."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
|
msgid "SecurityOrchestration|Status"
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
msgid "SecurityOrchestration|There was a problem creating the new security policy"
|
msgid "SecurityOrchestration|There was a problem creating the new security policy"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
|
|
|
@ -9,7 +9,7 @@ gem 'capybara', '~> 3.35.0'
|
||||||
gem 'capybara-screenshot', '~> 1.0.23'
|
gem 'capybara-screenshot', '~> 1.0.23'
|
||||||
gem 'rake', '~> 12.3.3'
|
gem 'rake', '~> 12.3.3'
|
||||||
gem 'rspec', '~> 3.10'
|
gem 'rspec', '~> 3.10'
|
||||||
gem 'selenium-webdriver', '~> 4.0.0.rc1'
|
gem 'selenium-webdriver', '~> 4.0'
|
||||||
gem 'airborne', '~> 0.3.4', require: false # airborne is messing with rspec sandboxed mode so not requiring by default
|
gem 'airborne', '~> 0.3.4', require: false # airborne is messing with rspec sandboxed mode so not requiring by default
|
||||||
gem 'rest-client', '~> 2.1.0'
|
gem 'rest-client', '~> 2.1.0'
|
||||||
gem 'rspec-retry', '~> 0.6.1', require: 'rspec/retry'
|
gem 'rspec-retry', '~> 0.6.1', require: 'rspec/retry'
|
||||||
|
@ -22,7 +22,7 @@ gem 'timecop', '~> 0.9.1'
|
||||||
gem 'parallel', '~> 1.19'
|
gem 'parallel', '~> 1.19'
|
||||||
gem 'rspec-parameterized', '~> 0.4.2'
|
gem 'rspec-parameterized', '~> 0.4.2'
|
||||||
gem 'octokit', '~> 4.21'
|
gem 'octokit', '~> 4.21'
|
||||||
gem 'webdrivers', '~> 4.6'
|
gem 'webdrivers', '~> 5.0'
|
||||||
gem 'zeitwerk', '~> 2.4'
|
gem 'zeitwerk', '~> 2.4'
|
||||||
gem 'influxdb-client', '~> 1.17'
|
gem 'influxdb-client', '~> 1.17'
|
||||||
|
|
||||||
|
|
|
@ -125,13 +125,13 @@ GEM
|
||||||
mime-types-data (~> 3.2015)
|
mime-types-data (~> 3.2015)
|
||||||
mime-types-data (3.2021.0704)
|
mime-types-data (3.2021.0704)
|
||||||
mini_mime (1.1.0)
|
mini_mime (1.1.0)
|
||||||
mini_portile2 (2.5.3)
|
mini_portile2 (2.6.1)
|
||||||
minitest (5.14.4)
|
minitest (5.14.4)
|
||||||
multi_xml (0.6.0)
|
multi_xml (0.6.0)
|
||||||
multipart-post (2.1.1)
|
multipart-post (2.1.1)
|
||||||
netrc (0.11.0)
|
netrc (0.11.0)
|
||||||
nokogiri (1.11.7)
|
nokogiri (1.12.5)
|
||||||
mini_portile2 (~> 2.5.0)
|
mini_portile2 (~> 2.6.1)
|
||||||
racc (~> 1.4)
|
racc (~> 1.4)
|
||||||
octokit (4.21.0)
|
octokit (4.21.0)
|
||||||
faraday (>= 0.9)
|
faraday (>= 0.9)
|
||||||
|
@ -154,7 +154,7 @@ GEM
|
||||||
byebug (~> 9.1)
|
byebug (~> 9.1)
|
||||||
pry (~> 0.10)
|
pry (~> 0.10)
|
||||||
public_suffix (4.0.1)
|
public_suffix (4.0.1)
|
||||||
racc (1.5.2)
|
racc (1.6.0)
|
||||||
rack (2.2.3)
|
rack (2.2.3)
|
||||||
rack-test (1.1.0)
|
rack-test (1.1.0)
|
||||||
rack (>= 1.0, < 3)
|
rack (>= 1.0, < 3)
|
||||||
|
@ -198,9 +198,9 @@ GEM
|
||||||
sawyer (0.8.2)
|
sawyer (0.8.2)
|
||||||
addressable (>= 2.3.5)
|
addressable (>= 2.3.5)
|
||||||
faraday (> 0.8, < 2.0)
|
faraday (> 0.8, < 2.0)
|
||||||
selenium-webdriver (4.0.0.rc1)
|
selenium-webdriver (4.0.3)
|
||||||
childprocess (>= 0.5, < 5.0)
|
childprocess (>= 0.5, < 5.0)
|
||||||
rexml (~> 3.2)
|
rexml (~> 3.2, >= 3.2.5)
|
||||||
rubyzip (>= 1.2.2)
|
rubyzip (>= 1.2.2)
|
||||||
systemu (2.6.5)
|
systemu (2.6.5)
|
||||||
table_print (1.5.7)
|
table_print (1.5.7)
|
||||||
|
@ -227,10 +227,10 @@ GEM
|
||||||
watir (6.19.1)
|
watir (6.19.1)
|
||||||
regexp_parser (>= 1.2, < 3)
|
regexp_parser (>= 1.2, < 3)
|
||||||
selenium-webdriver (>= 3.142.7)
|
selenium-webdriver (>= 3.142.7)
|
||||||
webdrivers (4.6.0)
|
webdrivers (4.7.0)
|
||||||
nokogiri (~> 1.6)
|
nokogiri (~> 1.6)
|
||||||
rubyzip (>= 1.3.0)
|
rubyzip (>= 1.3.0)
|
||||||
selenium-webdriver (>= 3.0, < 4.0)
|
selenium-webdriver (> 3.141, < 5.0)
|
||||||
xpath (3.2.0)
|
xpath (3.2.0)
|
||||||
nokogiri (~> 1.8)
|
nokogiri (~> 1.8)
|
||||||
zeitwerk (2.4.2)
|
zeitwerk (2.4.2)
|
||||||
|
@ -269,4 +269,4 @@ DEPENDENCIES
|
||||||
zeitwerk (~> 2.4)
|
zeitwerk (~> 2.4)
|
||||||
|
|
||||||
BUNDLED WITH
|
BUNDLED WITH
|
||||||
2.2.22
|
2.2.29
|
||||||
|
|
|
@ -97,7 +97,7 @@ RSpec.describe 'Value Stream Analytics', :js do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'shows data on each stage', :sidekiq_might_not_need_inline do
|
it 'shows data on each stage', :sidekiq_might_not_need_inline, quarantine: 'https://gitlab.com/gitlab-org/gitlab/-/issues/338332' do
|
||||||
expect_issue_to_be_present
|
expect_issue_to_be_present
|
||||||
|
|
||||||
click_stage('Plan')
|
click_stage('Plan')
|
||||||
|
@ -133,7 +133,7 @@ RSpec.describe 'Value Stream Analytics', :js do
|
||||||
expect(metrics_values).to eq(['-'] * 4)
|
expect(metrics_values).to eq(['-'] * 4)
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'can sort records' do
|
it 'can sort records', quarantine: 'https://gitlab.com/gitlab-org/gitlab/-/issues/338332' do
|
||||||
# NOTE: checking that the string changes should suffice
|
# NOTE: checking that the string changes should suffice
|
||||||
# depending on the order the tests are run we might run into problems with hard coded strings
|
# depending on the order the tests are run we might run into problems with hard coded strings
|
||||||
original_first_title = first_stage_title
|
original_first_title = first_stage_title
|
||||||
|
|
|
@ -39,15 +39,6 @@ RSpec.describe Gitlab::Metrics::RailsSlis do
|
||||||
|
|
||||||
described_class.initialize_request_slis_if_needed!
|
described_class.initialize_request_slis_if_needed!
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'does not initialize anything if the feature flag is disabled' do
|
|
||||||
stub_feature_flags(request_apdex_counters: false)
|
|
||||||
|
|
||||||
expect(Gitlab::Metrics::Sli).not_to receive(:initialize_sli)
|
|
||||||
expect(Gitlab::Metrics::Sli).not_to receive(:initialized?)
|
|
||||||
|
|
||||||
described_class.initialize_request_slis_if_needed!
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
describe '.request_apdex' do
|
describe '.request_apdex' do
|
||||||
|
|
|
@ -851,6 +851,12 @@ RSpec.describe Deployment do
|
||||||
context 'with created deployment' do
|
context 'with created deployment' do
|
||||||
let(:deployment_status) { :created }
|
let(:deployment_status) { :created }
|
||||||
|
|
||||||
|
context 'with created build' do
|
||||||
|
let(:build_status) { :created }
|
||||||
|
|
||||||
|
it_behaves_like 'ignoring build'
|
||||||
|
end
|
||||||
|
|
||||||
context 'with running build' do
|
context 'with running build' do
|
||||||
let(:build_status) { :running }
|
let(:build_status) { :running }
|
||||||
|
|
||||||
|
@ -873,12 +879,16 @@ RSpec.describe Deployment do
|
||||||
context 'with running deployment' do
|
context 'with running deployment' do
|
||||||
let(:deployment_status) { :running }
|
let(:deployment_status) { :running }
|
||||||
|
|
||||||
|
context 'with created build' do
|
||||||
|
let(:build_status) { :created }
|
||||||
|
|
||||||
|
it_behaves_like 'ignoring build'
|
||||||
|
end
|
||||||
|
|
||||||
context 'with running build' do
|
context 'with running build' do
|
||||||
let(:build_status) { :running }
|
let(:build_status) { :running }
|
||||||
|
|
||||||
it_behaves_like 'gracefully handling error' do
|
it_behaves_like 'ignoring build'
|
||||||
let(:error_message) { %Q{Status cannot transition via \"run\"} }
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'with finished build' do
|
context 'with finished build' do
|
||||||
|
@ -897,6 +907,12 @@ RSpec.describe Deployment do
|
||||||
context 'with finished deployment' do
|
context 'with finished deployment' do
|
||||||
let(:deployment_status) { :success }
|
let(:deployment_status) { :success }
|
||||||
|
|
||||||
|
context 'with created build' do
|
||||||
|
let(:build_status) { :created }
|
||||||
|
|
||||||
|
it_behaves_like 'ignoring build'
|
||||||
|
end
|
||||||
|
|
||||||
context 'with running build' do
|
context 'with running build' do
|
||||||
let(:build_status) { :running }
|
let(:build_status) { :running }
|
||||||
|
|
||||||
|
@ -908,9 +924,13 @@ RSpec.describe Deployment do
|
||||||
context 'with finished build' do
|
context 'with finished build' do
|
||||||
let(:build_status) { :success }
|
let(:build_status) { :success }
|
||||||
|
|
||||||
it_behaves_like 'gracefully handling error' do
|
it_behaves_like 'ignoring build'
|
||||||
let(:error_message) { %Q{Status cannot transition via \"succeed\"} }
|
end
|
||||||
end
|
|
||||||
|
context 'with failed build' do
|
||||||
|
let(:build_status) { :failed }
|
||||||
|
|
||||||
|
it_behaves_like 'synchronizing deployment'
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'with unrelated build' do
|
context 'with unrelated build' do
|
||||||
|
|
Loading…
Reference in New Issue