diff --git a/.gitlab/ci/rails.gitlab-ci.yml b/.gitlab/ci/rails.gitlab-ci.yml index 00f65ab7ca8..e82068092e0 100644 --- a/.gitlab/ci/rails.gitlab-ci.yml +++ b/.gitlab/ci/rails.gitlab-ci.yml @@ -181,6 +181,7 @@ setup-test-env: paths: - config/secrets.yml - tmp/tests/gitaly/_build/bin/ + - tmp/tests/gitaly/_build/deps/git/install - tmp/tests/gitaly/config.toml - tmp/tests/gitaly/gitaly2.config.toml - tmp/tests/gitaly/internal/ diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION index c98aa0f5258..05f9d7573ba 100644 --- a/GITALY_SERVER_VERSION +++ b/GITALY_SERVER_VERSION @@ -1 +1 @@ -4f0a07ba39f14adacf7d482128a5de2bb84f0eac +ee4b20cc318876c4b237e277fefd9d75186a085c diff --git a/app/assets/javascripts/pipeline_editor/constants.js b/app/assets/javascripts/pipeline_editor/constants.js index 89bf9acaf3d..fee9053f208 100644 --- a/app/assets/javascripts/pipeline_editor/constants.js +++ b/app/assets/javascripts/pipeline_editor/constants.js @@ -28,7 +28,6 @@ export const TABS_INDEX = { [LINT_TAB]: '2', [MERGED_TAB]: '3', }; -export const TABS_WITH_COMMIT_FORM = [CREATE_TAB, LINT_TAB, VISUALIZE_TAB]; export const TAB_QUERY_PARAM = 'tab'; export const COMMIT_ACTION_CREATE = 'CREATE'; diff --git a/app/assets/javascripts/pipeline_editor/pipeline_editor_home.vue b/app/assets/javascripts/pipeline_editor/pipeline_editor_home.vue index ae98b72a3ca..5f9686834ea 100644 --- a/app/assets/javascripts/pipeline_editor/pipeline_editor_home.vue +++ b/app/assets/javascripts/pipeline_editor/pipeline_editor_home.vue @@ -4,7 +4,7 @@ import PipelineEditorDrawer from './components/drawer/pipeline_editor_drawer.vue import PipelineEditorFileNav from './components/file_nav/pipeline_editor_file_nav.vue'; import PipelineEditorHeader from './components/header/pipeline_editor_header.vue'; import PipelineEditorTabs from './components/pipeline_editor_tabs.vue'; -import { CREATE_TAB, TABS_WITH_COMMIT_FORM } from './constants'; +import { CREATE_TAB } from './constants'; export default { components: { @@ -40,7 +40,7 @@ export default { }, computed: { showCommitForm() { - return TABS_WITH_COMMIT_FORM.includes(this.currentTab); + return this.currentTab === CREATE_TAB; }, }, methods: { diff --git a/doc/subscriptions/bronze_starter.md b/doc/subscriptions/bronze_starter.md index bb2a2303d29..00d568ecb59 100644 --- a/doc/subscriptions/bronze_starter.md +++ b/doc/subscriptions/bronze_starter.md @@ -92,7 +92,7 @@ the tiers are no longer mentioned in GitLab documentation: - [Pull mirroring](../user/project/repository/mirror/pull.md) outside repositories in a GitLab repository - [Overwrite diverged branches](../user/project/repository/mirror/pull.md#overwrite-diverged-branches) - [Trigger pipelines for mirror updates](../user/project/repository/mirror/pull.md#trigger-pipelines-for-mirror-updates) - - [Hard failures](../user/project/repository/mirror/pull.md#hard-failure) when mirroring fails + - [Fix hard failures when mirroring](../user/project/repository/mirror/pull.md#fix-hard-failures-when-mirroring) - [Trigger pull mirroring from the API](../user/project/repository/mirror/pull.md#trigger-an-update-by-using-the-api) - [Mirror only protected branches](../user/project/repository/mirror/index.md#mirror-only-protected-branches) - [Bidirectional mirroring](../user/project/repository/mirror/bidirectional.md) diff --git a/doc/user/packages/package_registry/index.md b/doc/user/packages/package_registry/index.md index cb4e677687e..ce2f9a61d9f 100644 --- a/doc/user/packages/package_registry/index.md +++ b/doc/user/packages/package_registry/index.md @@ -48,8 +48,8 @@ Learn more about using the GitLab Package Registry with CI/CD: - [Maven](../maven_repository/index.md#create-maven-packages-with-gitlab-cicd) - [npm](../npm_registry/index.md#publish-an-npm-package-by-using-cicd) - [NuGet](../nuget_repository/index.md#publish-a-nuget-package-by-using-cicd) -- [PyPI](../pypi_repository/#authenticate-with-a-ci-job-token) -- [RubyGems](../rubygems_registry/#authenticate-with-a-ci-job-token) +- [PyPI](../pypi_repository/index.md#authenticate-with-a-ci-job-token) +- [RubyGems](../rubygems_registry/index.md#authenticate-with-a-ci-job-token) If you use CI/CD to build a package, extended activity information is displayed when you view the package details: diff --git a/doc/user/project/repository/mirror/pull.md b/doc/user/project/repository/mirror/pull.md index d1943cbfd71..4c437d0f8c8 100644 --- a/doc/user/project/repository/mirror/pull.md +++ b/doc/user/project/repository/mirror/pull.md @@ -41,7 +41,7 @@ After you configure a GitLab repository as a pull mirror: 1. Sidekiq becomes available to process updates, mirrors are updated. If the update process: - **Succeeds**: An update is enqueued again with at least a 30 minute wait. - **Fails**: The update is attempted again later. After 14 failures, a mirror is marked as a - [hard failure](#hard-failure) and is no longer enqueued for updates. A branch diverging + [hard failure](#fix-hard-failures-when-mirroring) and is no longer enqueued for updates. A branch diverging from its upstream counterpart can cause failures. To prevent branches from diverging, configure [Overwrite diverged branches](#overwrite-diverged-branches) when you create your mirror. @@ -102,7 +102,7 @@ updates are pulled immediately. For more information, read [Start the pull mirroring process for a project](../../../../api/projects.md#start-the-pull-mirroring-process-for-a-project). -## Hard failure +## Fix hard failures when mirroring > Moved to GitLab Premium in 13.9. @@ -112,7 +112,7 @@ and mirroring attempts stop. This failure is visible in either the: - Project's main dashboard. - Pull mirror settings page. -You can resume the project mirroring again by [forcing an update](index.md#force-an-update). +To resume project mirroring, [force an update](index.md#force-an-update). ## Related topics diff --git a/lib/gitlab/content_security_policy/config_loader.rb b/lib/gitlab/content_security_policy/config_loader.rb index 870b270afef..1338b77630e 100644 --- a/lib/gitlab/content_security_policy/config_loader.rb +++ b/lib/gitlab/content_security_policy/config_loader.rb @@ -25,7 +25,7 @@ module Gitlab 'media_src' => "'self'", 'script_src' => "'strict-dynamic' 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.recaptcha.net https://apis.google.com", 'style_src' => "'self' 'unsafe-inline'", - 'worker_src' => "'self' blob: data:", + 'worker_src' => "#{Gitlab::Utils.append_path(Gitlab.config.gitlab.url, 'assets/')} blob: data:", 'object_src' => "'none'", 'report_uri' => nil } @@ -39,11 +39,18 @@ module Gitlab allow_customersdot(directives) if Rails.env.development? && ENV['CUSTOMER_PORTAL_URL'].present? allow_sentry(directives) if Gitlab.config.sentry&.enabled && Gitlab.config.sentry&.clientside_dsn + # The follow section contains workarounds to patch Safari's lack of support for CSP Level 3 + # See https://gitlab.com/gitlab-org/gitlab/-/issues/343579 # frame-src was deprecated in CSP level 2 in favor of child-src # CSP level 3 "undeprecated" frame-src and browsers fall back on child-src if it's missing # However Safari seems to read child-src first so we'll just keep both equal directives['child_src'] = directives['frame_src'] + # Safari also doesn't support worker-src and only checks child-src + # So for compatibility until it catches up to other browsers we need to + # append worker-src's content to child-src + directives['child_src'] += " #{directives['worker_src']}" + directives end diff --git a/lib/gitlab/setup_helper.rb b/lib/gitlab/setup_helper.rb index 751405f1045..3a31f651714 100644 --- a/lib/gitlab/setup_helper.rb +++ b/lib/gitlab/setup_helper.rb @@ -104,9 +104,6 @@ module Gitlab socket_filename = options[:gitaly_socket] || "gitaly.socket" prometheus_listen_addr = options[:prometheus_listen_addr] - git_bin_path = File.expand_path('../gitaly/_build/deps/git/install/bin/git') - git_bin_path = nil unless File.exist?(git_bin_path) - config = { # Override the set gitaly_address since Praefect is in the loop socket_path: File.join(gitaly_dir, socket_filename), @@ -116,8 +113,8 @@ module Gitlab # sidekiq jobs, and concurrency will be low anyway in test. git: { catfile_cache_size: 5, - bin_path: git_bin_path - }.compact, + bin_path: File.expand_path(File.join(gitaly_dir, '_build', 'deps', 'git', 'install', 'bin', 'git')) + }, prometheus_listen_addr: prometheus_listen_addr }.compact diff --git a/lib/tasks/gitlab/gitaly.rake b/lib/tasks/gitlab/gitaly.rake index ef58c9339f1..ea17d25ee62 100644 --- a/lib/tasks/gitlab/gitaly.rake +++ b/lib/tasks/gitlab/gitaly.rake @@ -67,7 +67,7 @@ Usage: rake "gitlab:gitaly:install[/installation/dir,/storage/path]") env["BUNDLE_DEPLOYMENT"] = 'false' end - Gitlab::Popen.popen([make_cmd], nil, env) + Gitlab::Popen.popen([make_cmd, 'all', 'git'], nil, env) end end end diff --git a/spec/finders/branches_finder_spec.rb b/spec/finders/branches_finder_spec.rb index f9d525c33a4..11b7ab08fb2 100644 --- a/spec/finders/branches_finder_spec.rb +++ b/spec/finders/branches_finder_spec.rb @@ -208,10 +208,10 @@ RSpec.describe BranchesFinder do context 'by page_token only' do let(:params) { { page_token: 'feature' } } - it 'returns nothing' do - result = subject - - expect(result.count).to eq(0) + it 'raises an error' do + expect do + subject + end.to raise_error(Gitlab::Git::CommandError, '13:could not find page token.') end end diff --git a/spec/frontend/pipeline_editor/pipeline_editor_home_spec.js b/spec/frontend/pipeline_editor/pipeline_editor_home_spec.js index 8d5ff90bf1d..4234e4d6a9b 100644 --- a/spec/frontend/pipeline_editor/pipeline_editor_home_spec.js +++ b/spec/frontend/pipeline_editor/pipeline_editor_home_spec.js @@ -6,7 +6,7 @@ import PipelineEditorDrawer from '~/pipeline_editor/components/drawer/pipeline_e import PipelineEditorFileNav from '~/pipeline_editor/components/file_nav/pipeline_editor_file_nav.vue'; import PipelineEditorHeader from '~/pipeline_editor/components/header/pipeline_editor_header.vue'; import PipelineEditorTabs from '~/pipeline_editor/components/pipeline_editor_tabs.vue'; -import { MERGED_TAB, VISUALIZE_TAB } from '~/pipeline_editor/constants'; +import { MERGED_TAB, VISUALIZE_TAB, CREATE_TAB, LINT_TAB } from '~/pipeline_editor/constants'; import PipelineEditorHome from '~/pipeline_editor/pipeline_editor_home.vue'; import { mockLintResponse, mockCiYml } from './mock_data'; @@ -72,22 +72,33 @@ describe('Pipeline editor home wrapper', () => { createComponent(); }); - it('hides the commit form when in the merged tab', async () => { - expect(findCommitSection().exists()).toBe(true); + it.each` + tab | shouldShow + ${MERGED_TAB} | ${false} + ${VISUALIZE_TAB} | ${false} + ${LINT_TAB} | ${false} + ${CREATE_TAB} | ${true} + `( + 'when the active tab is $tab the commit form is shown: $shouldShow', + async ({ tab, shouldShow }) => { + expect(findCommitSection().exists()).toBe(true); - findPipelineEditorTabs().vm.$emit('set-current-tab', MERGED_TAB); - await nextTick(); - expect(findCommitSection().exists()).toBe(false); - }); + findPipelineEditorTabs().vm.$emit('set-current-tab', tab); - it('shows the form again when leaving the merged tab', async () => { + await nextTick(); + + expect(findCommitSection().exists()).toBe(shouldShow); + }, + ); + + it('shows the commit form again when coming back to the create tab', async () => { expect(findCommitSection().exists()).toBe(true); findPipelineEditorTabs().vm.$emit('set-current-tab', MERGED_TAB); await nextTick(); expect(findCommitSection().exists()).toBe(false); - findPipelineEditorTabs().vm.$emit('set-current-tab', VISUALIZE_TAB); + findPipelineEditorTabs().vm.$emit('set-current-tab', CREATE_TAB); await nextTick(); expect(findCommitSection().exists()).toBe(true); }); diff --git a/spec/lib/gitlab/content_security_policy/config_loader_spec.rb b/spec/lib/gitlab/content_security_policy/config_loader_spec.rb index edb3840e567..41095ba5f09 100644 --- a/spec/lib/gitlab/content_security_policy/config_loader_spec.rb +++ b/spec/lib/gitlab/content_security_policy/config_loader_spec.rb @@ -50,7 +50,7 @@ RSpec.describe Gitlab::ContentSecurityPolicy::ConfigLoader do expect(directives.has_key?('report_uri')).to be_truthy expect(directives['report_uri']).to be_nil - expect(directives['child_src']).to eq(directives['frame_src']) + expect(directives['child_src']).to eq("#{directives['frame_src']} #{directives['worker_src']}") end context 'adds all websocket origins to support Safari' do diff --git a/spec/support/helpers/gitaly_setup.rb b/spec/support/helpers/gitaly_setup.rb index 5cfd03ecea8..8a329c2f9dd 100644 --- a/spec/support/helpers/gitaly_setup.rb +++ b/spec/support/helpers/gitaly_setup.rb @@ -98,7 +98,7 @@ module GitalySetup end def build_gitaly - system(env, 'make', chdir: tmp_tests_gitaly_dir) # rubocop:disable GitlabSecurity/SystemCommandInjection + system(env.merge({ 'GIT_VERSION' => nil }), 'make all git', chdir: tmp_tests_gitaly_dir) # rubocop:disable GitlabSecurity/SystemCommandInjection end def start_gitaly diff --git a/spec/tasks/gitlab/gitaly_rake_spec.rb b/spec/tasks/gitlab/gitaly_rake_spec.rb index 5adea832995..22bd9414925 100644 --- a/spec/tasks/gitlab/gitaly_rake_spec.rb +++ b/spec/tasks/gitlab/gitaly_rake_spec.rb @@ -68,7 +68,7 @@ RSpec.describe 'gitlab:gitaly namespace rake task', :silence_stdout do it 'calls gmake in the gitaly directory' do expect(Gitlab::Popen).to receive(:popen).with(%w[which gmake]).and_return(['/usr/bin/gmake', 0]) - expect(Gitlab::Popen).to receive(:popen).with(%w[gmake], nil, { "BUNDLE_GEMFILE" => nil, "RUBYOPT" => nil }).and_return(true) + expect(Gitlab::Popen).to receive(:popen).with(%w[gmake all git], nil, { "BUNDLE_GEMFILE" => nil, "RUBYOPT" => nil }).and_return(true) subject end @@ -81,13 +81,13 @@ RSpec.describe 'gitlab:gitaly namespace rake task', :silence_stdout do end it 'calls make in the gitaly directory' do - expect(Gitlab::Popen).to receive(:popen).with(%w[make], nil, { "BUNDLE_GEMFILE" => nil, "RUBYOPT" => nil }).and_return(true) + expect(Gitlab::Popen).to receive(:popen).with(%w[make all git], nil, { "BUNDLE_GEMFILE" => nil, "RUBYOPT" => nil }).and_return(true) subject end context 'when Rails.env is test' do - let(:command) { %w[make] } + let(:command) { %w[make all git] } before do stub_rails_env('test')