Add latest changes from gitlab-org/gitlab@master
This commit is contained in:
parent
c9bef85d79
commit
93f35ae25c
11 changed files with 160 additions and 104 deletions
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
title: Add target_type column to dast_site_profiles database table
|
||||
merge_request: 58723
|
||||
author:
|
||||
type: added
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
name: security_dast_site_profiles_api_option
|
||||
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/58723
|
||||
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/325130
|
||||
milestone: '13.12'
|
||||
type: development
|
||||
group: group::dynamic analysis
|
||||
default_enabled: false
|
|
@ -0,0 +1,7 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
class AddTypeToDastSiteProfile < ActiveRecord::Migration[6.0]
|
||||
def change
|
||||
add_column :dast_site_profiles, :target_type, :integer, limit: 2, default: 0, null: false
|
||||
end
|
||||
end
|
1
db/schema_migrations/20210407002511
Normal file
1
db/schema_migrations/20210407002511
Normal file
|
@ -0,0 +1 @@
|
|||
174d2c4dc57847060cb19405cc08fffd038c7bfbd4ad749e3e1eccf0e281230b
|
|
@ -11861,6 +11861,7 @@ CREATE TABLE dast_site_profiles (
|
|||
auth_username_field text,
|
||||
auth_password_field text,
|
||||
auth_username text,
|
||||
target_type smallint DEFAULT 0 NOT NULL,
|
||||
CONSTRAINT check_5203110fee CHECK ((char_length(auth_username_field) <= 255)),
|
||||
CONSTRAINT check_6cfab17b48 CHECK ((char_length(name) <= 255)),
|
||||
CONSTRAINT check_c329dffdba CHECK ((char_length(auth_password_field) <= 255)),
|
||||
|
|
|
@ -2117,6 +2117,7 @@ Represents a DAST Site Profile.
|
|||
| `profileName` | [`String`](#string) | The name of the site profile. |
|
||||
| `referencedInSecurityPolicies` | [`[String!]`](#string) | List of security policy names that are referencing given project. |
|
||||
| `requestHeaders` | [`String`](#string) | Comma-separated list of request header names and values to be added to every request made by DAST. Will always return `null` if `security_dast_site_profiles_additional_fields` feature flag is disabled. |
|
||||
| `targetType` | [`DastTargetTypeEnum`](#dasttargettypeenum) | The type of target to be scanned. Will always return `null` if `security_dast_site_profiles_api_option` feature flag is disabled. |
|
||||
| `targetUrl` | [`String`](#string) | The URL of the target to be scanned. |
|
||||
| `userPermissions` | [`DastSiteProfilePermissions!`](#dastsiteprofilepermissions) | Permissions for the current user on the resource. |
|
||||
| `validationStatus` | [`DastSiteProfileValidationStatusEnum`](#dastsiteprofilevalidationstatusenum) | The current validation status of the site profile. |
|
||||
|
@ -7871,6 +7872,13 @@ Status of a container repository.
|
|||
| `HEADER` | Header validation. |
|
||||
| `TEXT_FILE` | Text file validation. |
|
||||
|
||||
### `DastTargetTypeEnum`
|
||||
|
||||
| Value | Description |
|
||||
| ----- | ----------- |
|
||||
| `API` | API target. |
|
||||
| `WEBSITE` | Website target. |
|
||||
|
||||
### `DataVisualizationColorEnum`
|
||||
|
||||
Color of the data visualization palette.
|
||||
|
|
|
@ -1125,7 +1125,7 @@ POST /projects
|
|||
| `build_timeout` | integer | **{dotted-circle}** No | The maximum amount of time, in seconds, that a job can run. |
|
||||
| `builds_access_level` | string | **{dotted-circle}** No | One of `disabled`, `private`, or `enabled`. |
|
||||
| `ci_config_path` | string | **{dotted-circle}** No | The path to CI configuration file. |
|
||||
| `container_expiration_policy_attributes` | hash | **{dotted-circle}** No | Update the image cleanup policy for this project. Accepts: `cadence` (string), `keep_n` (integer), `older_than` (string), `name_regex` (string), `name_regex_delete` (string), `name_regex_keep` (string), `enabled` (boolean). |
|
||||
| `container_expiration_policy_attributes` | hash | **{dotted-circle}** No | Update the image cleanup policy for this project. Accepts: `cadence` (string), `keep_n` (integer), `older_than` (string), `name_regex` (string), `name_regex_delete` (string), `name_regex_keep` (string), `enabled` (boolean). Valid values for `cadence` are: `1d` (every day), `7d` (every week), `14d` (every two weeks), `1month` (every month), or `3month` (every quarter). |
|
||||
| `container_registry_enabled` | boolean | **{dotted-circle}** No | Enable container registry for this project. |
|
||||
| `default_branch` | string | **{dotted-circle}** No | The [default branch](../user/project/repository/branches/default.md) name. |
|
||||
| `description` | string | **{dotted-circle}** No | Short project description. |
|
||||
|
|
|
@ -5,18 +5,14 @@ info: To determine the technical writer assigned to the Stage/Group associated w
|
|||
type: reference
|
||||
---
|
||||
|
||||
# Using GitLab
|
||||
# Use GitLab as a microservice
|
||||
|
||||
As many applications depend on accessing JSON apis you eventually need them in order for your tests to run.
|
||||
In this example we are providing GitLab as a Microservice to be accessible for API clients.
|
||||
Below you are guided how to do this with the Docker executors of GitLab Runner.
|
||||
Many applications need to access JSON APIs, so application tests might need access
|
||||
to APIs too. The following example shows how to use GitLab as a microservice to give
|
||||
tests access to the GitLab API.
|
||||
|
||||
## Use GitLab with the Docker executor
|
||||
|
||||
If you're using [GitLab Runner](../runners/README.md) with the Docker/Kubernetes executor,
|
||||
you basically have everything set up already.
|
||||
|
||||
First, in your `.gitlab-ci.yml` add:
|
||||
1. Configure a [runner](../runners/README.md) with the Docker or Kubernetes executor.
|
||||
1. In your `.gitlab-ci.yml` add:
|
||||
|
||||
```yaml
|
||||
services:
|
||||
|
@ -24,21 +20,21 @@ services:
|
|||
alias: gitlab
|
||||
|
||||
variables:
|
||||
GITLAB_HTTPS: "false" # ensure that plain http will work
|
||||
GITLAB_ROOT_PASSWORD: "password" # in order to access the api with user root:password
|
||||
GITLAB_HTTPS: "false" # ensure that plain http works
|
||||
GITLAB_ROOT_PASSWORD: "password" # to access the api with user root:password
|
||||
```
|
||||
|
||||
To set values for the `GITLAB_HTTPS`, `GITLAB_ROOT_PASSWORD`,
|
||||
[assign them to a variable in the user interface](../variables/README.md#project-cicd-variables),
|
||||
then assign that variable to the corresponding variable in your
|
||||
1. To set values for the `GITLAB_HTTPS` and `GITLAB_ROOT_PASSWORD`,
|
||||
[assign them to a variable in the user interface](../variables/README.md#project-cicd-variables).
|
||||
Then assign that variable to the corresponding variable in your
|
||||
`.gitlab-ci.yml` file.
|
||||
|
||||
From your ci `script:` the API will then be availible at `http://gitlab/api/v4`
|
||||
Then, commands in `script:` sections in your `.gitlab-ci.yml` file can access the API at `http://gitlab/api/v4`.
|
||||
|
||||
If you're wondering why we used `gitlab` for the `Host`, read more at
|
||||
For more information about why `gitlab` is used for the `Host`, see
|
||||
[How services are linked to the job](../docker/using_docker_images.md#extended-docker-configuration-options).
|
||||
|
||||
You can also use any other Docker image available on [Docker Hub](https://hub.docker.com/u/gitlab).
|
||||
|
||||
The `gitlab` image can accept some environment variables. For more details,
|
||||
see the [omnibus documentation](../../install/README.md).
|
||||
The `gitlab` image can accept environment variables. For more details,
|
||||
see the [Omnibus documentation](../../install/README.md).
|
||||
|
|
|
@ -103,6 +103,28 @@ The following options are available:
|
|||
NOTE:
|
||||
GitLab uses [RE2 syntax](https://github.com/google/re2/wiki/Syntax) for regular expressions in push rules, and you can test them at the [regex101 regex tester](https://regex101.com/).
|
||||
|
||||
### Caveat to "Reject unsigned commits" push rule **(PREMIUM)**
|
||||
|
||||
This push rule ignores commits that are authenticated and created by GitLab
|
||||
(either through the UI or API). When the **Reject unsigned commits** push rule is
|
||||
enabled, unsigned commits may still show up in the commit history if a commit was
|
||||
created **within** GitLab itself. As expected, commits created outside GitLab and
|
||||
pushed to the repository are rejected. For more information about how GitLab
|
||||
plans to fix this issue, read [issue #19185](https://gitlab.com/gitlab-org/gitlab/-/issues/19185).
|
||||
|
||||
#### "Reject unsigned commits" push rule disables Web IDE
|
||||
|
||||
In 13.10, if a project has the "Reject unsigned commits" push rule, the user will not be allowed to
|
||||
commit through GitLab Web IDE.
|
||||
|
||||
To allow committing through the Web IDE on a project with this push rule, a GitLab administrator will
|
||||
need to disable the feature flag `reject_unsigned_commits_by_gitlab`. This can be done through a
|
||||
[rails console](../administration/operations/rails_console.md) and running:
|
||||
|
||||
```ruby
|
||||
Feature.disable(:reject_unsigned_commits_by_gitlab)
|
||||
```
|
||||
|
||||
## Prevent pushing secrets to the repository
|
||||
|
||||
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/385) in GitLab 8.12.
|
||||
|
|
|
@ -636,6 +636,14 @@ Examples:
|
|||
curl --request PUT --header 'Content-Type: application/json;charset=UTF-8' --header "PRIVATE-TOKEN: <your_access_token>" --data-binary '{"container_expiration_policy_attributes":{"cadence":"1month","enabled":true,"keep_n":1,"older_than":"14d","name_regex":"","name_regex_delete":".*","name_regex_keep":".*-master"}}' "https://gitlab.example.com/api/v4/projects/2"
|
||||
```
|
||||
|
||||
Valid values for `cadence` when using the API are:
|
||||
|
||||
- `1d` (every day)
|
||||
- `7d` (every week)
|
||||
- `14d` (every two weeks)
|
||||
- `1month` (every month)
|
||||
- `3month` (every quarter)
|
||||
|
||||
See the API documentation for further details: [Edit project](../../../api/projects.md#edit-project).
|
||||
|
||||
### Use with external container registries
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
module QA
|
||||
RSpec.describe 'Create', :runner do
|
||||
describe 'Merge requests' do
|
||||
shared_examples 'merge when pipeline succeeds' do |repeat: 1|
|
||||
let(:project) do
|
||||
Resource::Project.fabricate_via_api! do |project|
|
||||
project.name = 'merge-when-pipeline-succeeds'
|
||||
|
@ -46,28 +47,18 @@ module QA
|
|||
project&.remove_via_api!
|
||||
end
|
||||
|
||||
it 'merges when pipeline succeeds', testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/issues/1684' do
|
||||
verify_merge_when_pipeline_succeeds
|
||||
end
|
||||
|
||||
it 'reliably merges when pipeline succeeds', :transient, testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/issues/1684' do
|
||||
verify_merge_when_pipeline_succeeds(repeat: Runtime::Env.transient_trials) do |i|
|
||||
QA::Runtime::Logger.info("Transient bug test - Trial #{i}")
|
||||
end
|
||||
end
|
||||
|
||||
def verify_merge_when_pipeline_succeeds(repeat: 1)
|
||||
it 'merges after pipeline succeeds' do
|
||||
repeat.times do |i|
|
||||
yield i if block_given?
|
||||
QA::Runtime::Logger.info("Transient bug test - Trial #{i}") if repeat > 1
|
||||
|
||||
branch_name = "merge-request-test-#{SecureRandom.hex(8)}"
|
||||
branch_name = "mr-test-#{SecureRandom.hex(6)}-#{i}"
|
||||
|
||||
# Create a branch that will be merged into the default branch
|
||||
Resource::Repository::ProjectPush.fabricate! do |project_push|
|
||||
project_push.project = project
|
||||
project_push.new_branch = true
|
||||
project_push.branch_name = branch_name
|
||||
project_push.file_name = "file-#{SecureRandom.hex(8)}.txt"
|
||||
project_push.file_name = "#{branch_name}.txt"
|
||||
end
|
||||
|
||||
# Create a merge request to merge the branch we just created
|
||||
|
@ -95,5 +86,14 @@ module QA
|
|||
end
|
||||
end
|
||||
end
|
||||
|
||||
context 'when merging once', testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/issues/1684' do
|
||||
it_behaves_like 'merge when pipeline succeeds'
|
||||
end
|
||||
|
||||
context 'when merging several times', :transient, testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/issues/1684' do
|
||||
it_behaves_like 'merge when pipeline succeeds', repeat: Runtime::Env.transient_trials
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue