Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2021-04-20 00:09:27 +00:00
parent c9bef85d79
commit 93f35ae25c
11 changed files with 160 additions and 104 deletions

View file

@ -0,0 +1,5 @@
---
title: Add target_type column to dast_site_profiles database table
merge_request: 58723
author:
type: added

View file

@ -0,0 +1,8 @@
---
name: security_dast_site_profiles_api_option
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/58723
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/325130
milestone: '13.12'
type: development
group: group::dynamic analysis
default_enabled: false

View file

@ -0,0 +1,7 @@
# frozen_string_literal: true
class AddTypeToDastSiteProfile < ActiveRecord::Migration[6.0]
def change
add_column :dast_site_profiles, :target_type, :integer, limit: 2, default: 0, null: false
end
end

View file

@ -0,0 +1 @@
174d2c4dc57847060cb19405cc08fffd038c7bfbd4ad749e3e1eccf0e281230b

View file

@ -11861,6 +11861,7 @@ CREATE TABLE dast_site_profiles (
auth_username_field text,
auth_password_field text,
auth_username text,
target_type smallint DEFAULT 0 NOT NULL,
CONSTRAINT check_5203110fee CHECK ((char_length(auth_username_field) <= 255)),
CONSTRAINT check_6cfab17b48 CHECK ((char_length(name) <= 255)),
CONSTRAINT check_c329dffdba CHECK ((char_length(auth_password_field) <= 255)),

View file

@ -2117,6 +2117,7 @@ Represents a DAST Site Profile.
| `profileName` | [`String`](#string) | The name of the site profile. |
| `referencedInSecurityPolicies` | [`[String!]`](#string) | List of security policy names that are referencing given project. |
| `requestHeaders` | [`String`](#string) | Comma-separated list of request header names and values to be added to every request made by DAST. Will always return `null` if `security_dast_site_profiles_additional_fields` feature flag is disabled. |
| `targetType` | [`DastTargetTypeEnum`](#dasttargettypeenum) | The type of target to be scanned. Will always return `null` if `security_dast_site_profiles_api_option` feature flag is disabled. |
| `targetUrl` | [`String`](#string) | The URL of the target to be scanned. |
| `userPermissions` | [`DastSiteProfilePermissions!`](#dastsiteprofilepermissions) | Permissions for the current user on the resource. |
| `validationStatus` | [`DastSiteProfileValidationStatusEnum`](#dastsiteprofilevalidationstatusenum) | The current validation status of the site profile. |
@ -7871,6 +7872,13 @@ Status of a container repository.
| `HEADER` | Header validation. |
| `TEXT_FILE` | Text file validation. |
### `DastTargetTypeEnum`
| Value | Description |
| ----- | ----------- |
| `API` | API target. |
| `WEBSITE` | Website target. |
### `DataVisualizationColorEnum`
Color of the data visualization palette.

View file

@ -1125,7 +1125,7 @@ POST /projects
| `build_timeout` | integer | **{dotted-circle}** No | The maximum amount of time, in seconds, that a job can run. |
| `builds_access_level` | string | **{dotted-circle}** No | One of `disabled`, `private`, or `enabled`. |
| `ci_config_path` | string | **{dotted-circle}** No | The path to CI configuration file. |
| `container_expiration_policy_attributes` | hash | **{dotted-circle}** No | Update the image cleanup policy for this project. Accepts: `cadence` (string), `keep_n` (integer), `older_than` (string), `name_regex` (string), `name_regex_delete` (string), `name_regex_keep` (string), `enabled` (boolean). |
| `container_expiration_policy_attributes` | hash | **{dotted-circle}** No | Update the image cleanup policy for this project. Accepts: `cadence` (string), `keep_n` (integer), `older_than` (string), `name_regex` (string), `name_regex_delete` (string), `name_regex_keep` (string), `enabled` (boolean). Valid values for `cadence` are: `1d` (every day), `7d` (every week), `14d` (every two weeks), `1month` (every month), or `3month` (every quarter). |
| `container_registry_enabled` | boolean | **{dotted-circle}** No | Enable container registry for this project. |
| `default_branch` | string | **{dotted-circle}** No | The [default branch](../user/project/repository/branches/default.md) name. |
| `description` | string | **{dotted-circle}** No | Short project description. |

View file

@ -5,18 +5,14 @@ info: To determine the technical writer assigned to the Stage/Group associated w
type: reference
---
# Using GitLab
# Use GitLab as a microservice
As many applications depend on accessing JSON apis you eventually need them in order for your tests to run.
In this example we are providing GitLab as a Microservice to be accessible for API clients.
Below you are guided how to do this with the Docker executors of GitLab Runner.
Many applications need to access JSON APIs, so application tests might need access
to APIs too. The following example shows how to use GitLab as a microservice to give
tests access to the GitLab API.
## Use GitLab with the Docker executor
If you're using [GitLab Runner](../runners/README.md) with the Docker/Kubernetes executor,
you basically have everything set up already.
First, in your `.gitlab-ci.yml` add:
1. Configure a [runner](../runners/README.md) with the Docker or Kubernetes executor.
1. In your `.gitlab-ci.yml` add:
```yaml
services:
@ -24,21 +20,21 @@ services:
alias: gitlab
variables:
GITLAB_HTTPS: "false" # ensure that plain http will work
GITLAB_ROOT_PASSWORD: "password" # in order to access the api with user root:password
GITLAB_HTTPS: "false" # ensure that plain http works
GITLAB_ROOT_PASSWORD: "password" # to access the api with user root:password
```
To set values for the `GITLAB_HTTPS`, `GITLAB_ROOT_PASSWORD`,
[assign them to a variable in the user interface](../variables/README.md#project-cicd-variables),
then assign that variable to the corresponding variable in your
1. To set values for the `GITLAB_HTTPS` and `GITLAB_ROOT_PASSWORD`,
[assign them to a variable in the user interface](../variables/README.md#project-cicd-variables).
Then assign that variable to the corresponding variable in your
`.gitlab-ci.yml` file.
From your ci `script:` the API will then be availible at `http://gitlab/api/v4`
Then, commands in `script:` sections in your `.gitlab-ci.yml` file can access the API at `http://gitlab/api/v4`.
If you're wondering why we used `gitlab` for the `Host`, read more at
For more information about why `gitlab` is used for the `Host`, see
[How services are linked to the job](../docker/using_docker_images.md#extended-docker-configuration-options).
You can also use any other Docker image available on [Docker Hub](https://hub.docker.com/u/gitlab).
The `gitlab` image can accept some environment variables. For more details,
see the [omnibus documentation](../../install/README.md).
The `gitlab` image can accept environment variables. For more details,
see the [Omnibus documentation](../../install/README.md).

View file

@ -103,6 +103,28 @@ The following options are available:
NOTE:
GitLab uses [RE2 syntax](https://github.com/google/re2/wiki/Syntax) for regular expressions in push rules, and you can test them at the [regex101 regex tester](https://regex101.com/).
### Caveat to "Reject unsigned commits" push rule **(PREMIUM)**
This push rule ignores commits that are authenticated and created by GitLab
(either through the UI or API). When the **Reject unsigned commits** push rule is
enabled, unsigned commits may still show up in the commit history if a commit was
created **within** GitLab itself. As expected, commits created outside GitLab and
pushed to the repository are rejected. For more information about how GitLab
plans to fix this issue, read [issue #19185](https://gitlab.com/gitlab-org/gitlab/-/issues/19185).
#### "Reject unsigned commits" push rule disables Web IDE
In 13.10, if a project has the "Reject unsigned commits" push rule, the user will not be allowed to
commit through GitLab Web IDE.
To allow committing through the Web IDE on a project with this push rule, a GitLab administrator will
need to disable the feature flag `reject_unsigned_commits_by_gitlab`. This can be done through a
[rails console](../administration/operations/rails_console.md) and running:
```ruby
Feature.disable(:reject_unsigned_commits_by_gitlab)
```
## Prevent pushing secrets to the repository
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/385) in GitLab 8.12.

View file

@ -636,6 +636,14 @@ Examples:
curl --request PUT --header 'Content-Type: application/json;charset=UTF-8' --header "PRIVATE-TOKEN: <your_access_token>" --data-binary '{"container_expiration_policy_attributes":{"cadence":"1month","enabled":true,"keep_n":1,"older_than":"14d","name_regex":"","name_regex_delete":".*","name_regex_keep":".*-master"}}' "https://gitlab.example.com/api/v4/projects/2"
```
Valid values for `cadence` when using the API are:
- `1d` (every day)
- `7d` (every week)
- `14d` (every two weeks)
- `1month` (every month)
- `3month` (every quarter)
See the API documentation for further details: [Edit project](../../../api/projects.md#edit-project).
### Use with external container registries

View file

@ -3,6 +3,7 @@
module QA
RSpec.describe 'Create', :runner do
describe 'Merge requests' do
shared_examples 'merge when pipeline succeeds' do |repeat: 1|
let(:project) do
Resource::Project.fabricate_via_api! do |project|
project.name = 'merge-when-pipeline-succeeds'
@ -46,28 +47,18 @@ module QA
project&.remove_via_api!
end
it 'merges when pipeline succeeds', testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/issues/1684' do
verify_merge_when_pipeline_succeeds
end
it 'reliably merges when pipeline succeeds', :transient, testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/issues/1684' do
verify_merge_when_pipeline_succeeds(repeat: Runtime::Env.transient_trials) do |i|
QA::Runtime::Logger.info("Transient bug test - Trial #{i}")
end
end
def verify_merge_when_pipeline_succeeds(repeat: 1)
it 'merges after pipeline succeeds' do
repeat.times do |i|
yield i if block_given?
QA::Runtime::Logger.info("Transient bug test - Trial #{i}") if repeat > 1
branch_name = "merge-request-test-#{SecureRandom.hex(8)}"
branch_name = "mr-test-#{SecureRandom.hex(6)}-#{i}"
# Create a branch that will be merged into the default branch
Resource::Repository::ProjectPush.fabricate! do |project_push|
project_push.project = project
project_push.new_branch = true
project_push.branch_name = branch_name
project_push.file_name = "file-#{SecureRandom.hex(8)}.txt"
project_push.file_name = "#{branch_name}.txt"
end
# Create a merge request to merge the branch we just created
@ -95,5 +86,14 @@ module QA
end
end
end
context 'when merging once', testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/issues/1684' do
it_behaves_like 'merge when pipeline succeeds'
end
context 'when merging several times', :transient, testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/issues/1684' do
it_behaves_like 'merge when pipeline succeeds', repeat: Runtime::Env.transient_trials
end
end
end
end