kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Add latest changes from gitlab-org/gitlab@master

Browse source
This commit is contained in:
GitLab Bot 2021-04-20 00:09:27 +00:00
parent c9bef85d79
commit 93f35ae25c
11 changed files with 160 additions and 104 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
changelogs/unreleased/philipcunningham-add-backend-for-specifying-target-type-for-on-demand-294.yml Normal file
View file

@ -0,0 +1,5 @@
---
title: Add target_type column to dast_site_profiles database table
merge_request: 58723
author:
type: added

8
config/feature_flags/development/security_dast_site_profiles_api_option.yml Normal file
View file

@ -0,0 +1,8 @@
---
name: security_dast_site_profiles_api_option
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/58723
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/325130
milestone: '13.12'
type: development
group: group::dynamic analysis
default_enabled: false

7
db/migrate/20210407002511_add_type_to_dast_site_profile.rb Normal file
View file

@ -0,0 +1,7 @@
# frozen_string_literal: true
class AddTypeToDastSiteProfile < ActiveRecord::Migration[6.0]
def change
add_column :dast_site_profiles, :target_type, :integer, limit: 2, default: 0, null: false
end
end

1
db/schema_migrations/20210407002511 Normal file
View file

@ -0,0 +1 @@
174d2c4dc57847060cb19405cc08fffd038c7bfbd4ad749e3e1eccf0e281230b

1
db/structure.sql
View file

@ -11861,6 +11861,7 @@ CREATE TABLE dast_site_profiles (
auth_username_field text,
auth_password_field text,
auth_username text,
target_type smallint DEFAULT 0 NOT NULL,
CONSTRAINT check_5203110fee CHECK ((char_length(auth_username_field) <= 255)),
CONSTRAINT check_6cfab17b48 CHECK ((char_length(name) <= 255)),
CONSTRAINT check_c329dffdba CHECK ((char_length(auth_password_field) <= 255)),

8
doc/api/graphql/reference/index.md
View file

@ -2117,6 +2117,7 @@ Represents a DAST Site Profile.
| `profileName` | [`String`](#string) | The name of the site profile. |
| `referencedInSecurityPolicies` | [`[String!]`](#string) | List of security policy names that are referencing given project. |
| `requestHeaders` | [`String`](#string) | Comma-separated list of request header names and values to be added to every request made by DAST. Will always return `null` if `security_dast_site_profiles_additional_fields` feature flag is disabled. |
| `targetType` | [`DastTargetTypeEnum`](#dasttargettypeenum) | The type of target to be scanned. Will always return `null` if `security_dast_site_profiles_api_option` feature flag is disabled. |
| `targetUrl` | [`String`](#string) | The URL of the target to be scanned. |
| `userPermissions` | [`DastSiteProfilePermissions!`](#dastsiteprofilepermissions) | Permissions for the current user on the resource. |
| `validationStatus` | [`DastSiteProfileValidationStatusEnum`](#dastsiteprofilevalidationstatusenum) | The current validation status of the site profile. |
@ -7871,6 +7872,13 @@ Status of a container repository.
| `HEADER` | Header validation. |
| `TEXT_FILE` | Text file validation. |
### `DastTargetTypeEnum`
| Value | Description |
| ----- | ----------- |
| `API` | API target. |
| `WEBSITE` | Website target. |
### `DataVisualizationColorEnum`
Color of the data visualization palette.

2
doc/api/projects.md
View file

@ -1125,7 +1125,7 @@ POST /projects
| `build_timeout` | integer | **{dotted-circle}** No | The maximum amount of time, in seconds, that a job can run. |
| `builds_access_level` | string | **{dotted-circle}** No | One of `disabled`, `private`, or `enabled`. |
| `ci_config_path` | string | **{dotted-circle}** No | The path to CI configuration file. |
| `container_expiration_policy_attributes` | hash | **{dotted-circle}** No | Update the image cleanup policy for this project. Accepts: `cadence` (string), `keep_n` (integer), `older_than` (string), `name_regex` (string), `name_regex_delete` (string), `name_regex_keep` (string), `enabled` (boolean). |
| `container_expiration_policy_attributes` | hash | **{dotted-circle}** No | Update the image cleanup policy for this project. Accepts: `cadence` (string), `keep_n` (integer), `older_than` (string), `name_regex` (string), `name_regex_delete` (string), `name_regex_keep` (string), `enabled` (boolean). Valid values for `cadence` are: `1d` (every day), `7d` (every week), `14d` (every two weeks), `1month` (every month), or `3month` (every quarter). |
| `container_registry_enabled` | boolean | **{dotted-circle}** No | Enable container registry for this project. |
| `default_branch` | string | **{dotted-circle}** No | The [default branch](../user/project/repository/branches/default.md) name. |
| `description` | string | **{dotted-circle}** No | Short project description. |

50
doc/ci/services/gitlab.md
View file

@ -5,40 +5,36 @@ info: To determine the technical writer assigned to the Stage/Group associated w
type: reference
---
# Using GitLab
# Use GitLab as a microservice
As many applications depend on accessing JSON apis you eventually need them in order for your tests to run.
In this example we are providing GitLab as a Microservice to be accessible for API clients.
Below you are guided how to do this with the Docker executors of GitLab Runner.
Many applications need to access JSON APIs, so application tests might need access
to APIs too. The following example shows how to use GitLab as a microservice to give
tests access to the GitLab API.
## Use GitLab with the Docker executor
1. Configure a [runner](../runners/README.md) with the Docker or Kubernetes executor.
1. In your `.gitlab-ci.yml` add:
If you're using [GitLab Runner](../runners/README.md) with the Docker/Kubernetes executor,
you basically have everything set up already.
```yaml
services:
- name: gitlab/gitlab-ce:latest
alias: gitlab
First, in your `.gitlab-ci.yml` add:
variables:
GITLAB_HTTPS: "false" # ensure that plain http works
GITLAB_ROOT_PASSWORD: "password" # to access the api with user root:password
```
```yaml
services:
- name: gitlab/gitlab-ce:latest
alias: gitlab
1. To set values for the `GITLAB_HTTPS` and `GITLAB_ROOT_PASSWORD`,
[assign them to a variable in the user interface](../variables/README.md#project-cicd-variables).
Then assign that variable to the corresponding variable in your
`.gitlab-ci.yml` file.
Then, commands in `script:` sections in your `.gitlab-ci.yml` file can access the API at `http://gitlab/api/v4`.
variables:
GITLAB_HTTPS: "false" # ensure that plain http will work
GITLAB_ROOT_PASSWORD: "password" # in order to access the api with user root:password
```
To set values for the `GITLAB_HTTPS`, `GITLAB_ROOT_PASSWORD`,
[assign them to a variable in the user interface](../variables/README.md#project-cicd-variables),
then assign that variable to the corresponding variable in your
`.gitlab-ci.yml` file.
From your ci `script:` the API will then be availible at `http://gitlab/api/v4`
If you're wondering why we used `gitlab` for the `Host`, read more at
For more information about why `gitlab` is used for the `Host`, see
[How services are linked to the job](../docker/using_docker_images.md#extended-docker-configuration-options).
You can also use any other Docker image available on [Docker Hub](https://hub.docker.com/u/gitlab).
The `gitlab` image can accept some environment variables. For more details,
see the [omnibus documentation](../../install/README.md).
The `gitlab` image can accept environment variables. For more details,
see the [Omnibus documentation](../../install/README.md).

22
doc/push_rules/push_rules.md
View file

@ -103,6 +103,28 @@ The following options are available:
NOTE:
GitLab uses [RE2 syntax](https://github.com/google/re2/wiki/Syntax) for regular expressions in push rules, and you can test them at the [regex101 regex tester](https://regex101.com/).
### Caveat to "Reject unsigned commits" push rule **(PREMIUM)**
This push rule ignores commits that are authenticated and created by GitLab
(either through the UI or API). When the **Reject unsigned commits** push rule is
enabled, unsigned commits may still show up in the commit history if a commit was
created **within** GitLab itself. As expected, commits created outside GitLab and
pushed to the repository are rejected. For more information about how GitLab
plans to fix this issue, read [issue #19185](https://gitlab.com/gitlab-org/gitlab/-/issues/19185).
#### "Reject unsigned commits" push rule disables Web IDE
In 13.10, if a project has the "Reject unsigned commits" push rule, the user will not be allowed to
commit through GitLab Web IDE.
To allow committing through the Web IDE on a project with this push rule, a GitLab administrator will
need to disable the feature flag `reject_unsigned_commits_by_gitlab`. This can be done through a
[rails console](../administration/operations/rails_console.md) and running:
```ruby
Feature.disable(:reject_unsigned_commits_by_gitlab)
```
## Prevent pushing secrets to the repository
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/385) in GitLab 8.12.

8
doc/user/packages/container_registry/index.md
View file

@ -636,6 +636,14 @@ Examples:
curl --request PUT --header 'Content-Type: application/json;charset=UTF-8' --header "PRIVATE-TOKEN: <your_access_token>" --data-binary '{"container_expiration_policy_attributes":{"cadence":"1month","enabled":true,"keep_n":1,"older_than":"14d","name_regex":"","name_regex_delete":".*","name_regex_keep":".*-master"}}' "https://gitlab.example.com/api/v4/projects/2"
```
Valid values for `cadence` when using the API are:
- `1d` (every day)
- `7d` (every week)
- `14d` (every two weeks)
- `1month` (every month)
- `3month` (every quarter)
See the API documentation for further details: [Edit project](../../../api/projects.md#edit-project).
### Use with external container registries

152
qa/qa/specs/features/browser_ui/3_create/merge_request/merge_when_pipeline_succeeds_spec.rb
View file

@ -3,97 +3,97 @@
module QA
RSpec.describe 'Create', :runner do
describe 'Merge requests' do
let(:project) do
Resource::Project.fabricate_via_api! do |project|
project.name = 'merge-when-pipeline-succeeds'
project.initialize_with_readme = true
end
end
let!(:runner) do
Resource::Runner.fabricate! do |runner|
runner.project = project
runner.name = "runner-for-#{project.name}"
runner.tags = ["runner-for-#{project.name}"]
end
end
before do
Resource::Repository::Commit.fabricate_via_api! do |commit|
commit.project = project
commit.commit_message = 'Add .gitlab-ci.yml'
commit.add_files(
[
{
file_path: '.gitlab-ci.yml',
content: <<~EOF
test:
tags: ["runner-for-#{project.name}"]
script: sleep 10
only:
- merge_requests
EOF
}
]
)
shared_examples 'merge when pipeline succeeds' do |repeat: 1|
let(:project) do
Resource::Project.fabricate_via_api! do |project|
project.name = 'merge-when-pipeline-succeeds'
project.initialize_with_readme = true
end
end
Flow::Login.sign_in
end
after do
runner&.remove_via_api!
project&.remove_via_api!
end
it 'merges when pipeline succeeds', testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/issues/1684' do
verify_merge_when_pipeline_succeeds
end
it 'reliably merges when pipeline succeeds', :transient, testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/issues/1684' do
verify_merge_when_pipeline_succeeds(repeat: Runtime::Env.transient_trials) do |i|
QA::Runtime::Logger.info("Transient bug test - Trial #{i}")
let!(:runner) do
Resource::Runner.fabricate! do |runner|
runner.project = project
runner.name = "runner-for-#{project.name}"
runner.tags = ["runner-for-#{project.name}"]
end
end
end
def verify_merge_when_pipeline_succeeds(repeat: 1)
repeat.times do |i|
yield i if block_given?
branch_name = "merge-request-test-#{SecureRandom.hex(8)}"
# Create a branch that will be merged into the default branch
Resource::Repository::ProjectPush.fabricate! do |project_push|
project_push.project = project
project_push.new_branch = true
project_push.branch_name = branch_name
project_push.file_name = "file-#{SecureRandom.hex(8)}.txt"
before do
Resource::Repository::Commit.fabricate_via_api! do |commit|
commit.project = project
commit.commit_message = 'Add .gitlab-ci.yml'
commit.add_files(
[
{
file_path: '.gitlab-ci.yml',
content: <<~EOF
test:
tags: ["runner-for-#{project.name}"]
script: sleep 10
only:
- merge_requests
EOF
}
]
)
end
# Create a merge request to merge the branch we just created
merge_request = Resource::MergeRequest.fabricate_via_api! do |merge_request|
merge_request.project = project
merge_request.source_branch = branch_name
merge_request.no_preparation = true
end
Flow::Login.sign_in
end
merge_request.visit!
after do
runner&.remove_via_api!
project&.remove_via_api!
end
Page::MergeRequest::Show.perform do |mr|
mr.merge_when_pipeline_succeeds!
it 'merges after pipeline succeeds' do
repeat.times do |i|
QA::Runtime::Logger.info("Transient bug test - Trial #{i}") if repeat > 1
Support::Waiter.wait_until(sleep_interval: 5) do
merge_request = merge_request.reload!
merge_request.state == 'merged'
branch_name = "mr-test-#{SecureRandom.hex(6)}-#{i}"
# Create a branch that will be merged into the default branch
Resource::Repository::ProjectPush.fabricate! do |project_push|
project_push.project = project
project_push.new_branch = true
project_push.branch_name = branch_name
project_push.file_name = "#{branch_name}.txt"
end
aggregate_failures do
expect(merge_request.merge_when_pipeline_succeeds).to be_truthy
expect(mr.merged?).to be_truthy, "Expected content 'The changes were merged' but it did not appear."
# Create a merge request to merge the branch we just created
merge_request = Resource::MergeRequest.fabricate_via_api! do |merge_request|
merge_request.project = project
merge_request.source_branch = branch_name
merge_request.no_preparation = true
end
merge_request.visit!
Page::MergeRequest::Show.perform do |mr|
mr.merge_when_pipeline_succeeds!
Support::Waiter.wait_until(sleep_interval: 5) do
merge_request = merge_request.reload!
merge_request.state == 'merged'
end
aggregate_failures do
expect(merge_request.merge_when_pipeline_succeeds).to be_truthy
expect(mr.merged?).to be_truthy, "Expected content 'The changes were merged' but it did not appear."
end
end
end
end
end
context 'when merging once', testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/issues/1684' do
it_behaves_like 'merge when pipeline succeeds'
end
context 'when merging several times', :transient, testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/issues/1684' do
it_behaves_like 'merge when pipeline succeeds', repeat: Runtime::Env.transient_trials
end
end
end
end