Add latest changes from gitlab-org/gitlab@master
This commit is contained in:
parent
68613feb1d
commit
c742109766
|
@ -82,6 +82,9 @@
|
|||
.if-merge-request-labels-pipeline-revert: &if-merge-request-labels-pipeline-revert
|
||||
if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:revert/'
|
||||
|
||||
.if-merge-request-labels-frontend-and-feature-flag: &if-merge-request-labels-frontend-and-feature-flag
|
||||
if: '$CI_MERGE_REQUEST_LABELS =~ /frontend/ && $CI_MERGE_REQUEST_LABELS =~ /feature flag/'
|
||||
|
||||
.if-security-merge-request: &if-security-merge-request
|
||||
if: '$CI_PROJECT_NAMESPACE == "gitlab-org/security" && $CI_MERGE_REQUEST_IID'
|
||||
|
||||
|
@ -845,6 +848,7 @@
|
|||
- <<: *if-fork-merge-request
|
||||
when: never
|
||||
- <<: *if-merge-request-labels-run-all-jest
|
||||
- <<: *if-merge-request-labels-frontend-and-feature-flag
|
||||
- <<: *if-merge-request
|
||||
changes: [".gitlab/ci/rules.gitlab-ci.yml", ".gitlab/ci/frontend.gitlab-ci.yml"]
|
||||
- <<: *if-automated-merge-request
|
||||
|
@ -861,10 +865,10 @@
|
|||
- !reference [".frontend:rules:minimal-default-rules", rules]
|
||||
- <<: *if-merge-request-labels-run-all-jest
|
||||
when: never
|
||||
- changes: *core-frontend-patterns
|
||||
- <<: *if-merge-request-labels-frontend-and-feature-flag
|
||||
when: never
|
||||
- <<: *if-merge-request
|
||||
changes: *ci-patterns
|
||||
changes: [".gitlab/ci/rules.gitlab-ci.yml", ".gitlab/ci/frontend.gitlab-ci.yml"]
|
||||
when: never
|
||||
- <<: *if-merge-request
|
||||
changes: *code-backstage-patterns
|
||||
|
|
|
@ -1 +1 @@
|
|||
1751c8d22d795af285d2d850fe8fa71dc6dbc80d
|
||||
e1dd9bfe694190e9350dad37b5cd8b5ea44eafa3
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
@import './pages/branches';
|
||||
@import './pages/colors';
|
||||
@import './pages/commits';
|
||||
@import './pages/detail_page';
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
@import 'mixins_and_variables_and_functions';
|
||||
|
||||
.branch-info {
|
||||
flex: auto;
|
||||
min-width: 0;
|
|
@ -52,3 +52,5 @@ module Packages
|
|||
end
|
||||
end
|
||||
end
|
||||
|
||||
Packages::Policies::ProjectPolicy.prepend_mod_with('Packages::Policies::ProjectPolicy')
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
- add_page_specific_style 'page_bundles/branches'
|
||||
- page_title _('Branches')
|
||||
- add_to_breadcrumbs(_('Repository'), project_tree_path(@project))
|
||||
|
||||
|
|
|
@ -30,7 +30,7 @@
|
|||
= preserve(markdown_field(@commit, :description))
|
||||
|
||||
.info-well.js-commit-box-info{ 'data-commit-path' => branches_project_commit_path(@project, @commit.id) }
|
||||
.well-segment.branch-info
|
||||
.well-segment
|
||||
.icon-container.commit-icon
|
||||
= custom_icon("icon_commit")
|
||||
%span.cgray= n_('parent', 'parents', @commit.parents.count)
|
||||
|
|
|
@ -45,7 +45,7 @@
|
|||
- if @pipeline.stuck?
|
||||
= gl_badge_tag s_('Pipelines|stuck'), { variant: :warning, size: :sm }, { class: 'js-pipeline-url-stuck has-tooltip' }
|
||||
|
||||
.well-segment.branch-info
|
||||
.well-segment
|
||||
.icon-container.commit-icon
|
||||
= sprite_icon('commit', css_class: 'gl-top-0!')
|
||||
= link_to commit.short_id, project_commit_path(@project, @pipeline.sha), class: "commit-sha"
|
||||
|
|
|
@ -262,6 +262,7 @@ module Gitlab
|
|||
config.assets.precompile << "page_bundles/alert_management_settings.css"
|
||||
config.assets.precompile << "page_bundles/billings.css"
|
||||
config.assets.precompile << "page_bundles/boards.css"
|
||||
config.assets.precompile << "page_bundles/branches.css"
|
||||
config.assets.precompile << "page_bundles/build.css"
|
||||
config.assets.precompile << "page_bundles/ci_status.css"
|
||||
config.assets.precompile << "page_bundles/cluster_agents.css"
|
||||
|
|
|
@ -181,32 +181,30 @@ To prepare an update to the `CODEOWNERS` file:
|
|||
bundle exec rake tw:codeowners > ~/Desktop/updates.md
|
||||
```
|
||||
|
||||
1. Open the file you just created (`~/Desktop/updates.md` in this example), and prepare the output:
|
||||
- Find and replace `./` with `/`.
|
||||
- Sort the lines in alphabetical (ascending) order. If you use VS Code, you can
|
||||
select everything, press <kbd>F1</kbd>, type `sort`, and select **Sort lines (ascending, case insensitive**.
|
||||
1. Create a new branch for your `CODEOWNERS` updates.
|
||||
1. Replace the documentation-related lines in the `^[Documentation Pages]` section
|
||||
with the output you prepared.
|
||||
|
||||
WARNING:
|
||||
The documentation section is not the last section of the `CODEOWNERS` file. Don't
|
||||
delete data that isn't ours!
|
||||
|
||||
1. Create a commit with the raw changes.
|
||||
1. From the command line, run `git diff master`.
|
||||
1. In the diff, look for directory-level assignments to manually restore to the
|
||||
`CODEOWNERS` file. If all files in a single directory are assigned to the same
|
||||
technical writer, we simplify these entries. Remove all the lines for the individual
|
||||
files, and leave a single entry for the directory, for example: `/doc/directory/ @tech.writer`.
|
||||
1. In the diff, look for changes that don't match your expectations:
|
||||
1. Open the file you just created (`~/Desktop/updates.md` in this example). Check
|
||||
that the lines are in alphabetical (ascending) order. If you have to sort
|
||||
the lines and you use VS Code, you can select everything, press <kbd>F1</kbd>,
|
||||
type `sort`, and select **Sort lines (ascending, case insensitive)**.
|
||||
1. In the output, look for changes that don't match your expectations:
|
||||
- New pages, or newly moved pages, show up as added lines.
|
||||
- Deleted pages, and pages that are now redirects, show up as deleted lines.
|
||||
- If you see an unusual number of changes to pages that all seem related,
|
||||
check the metadata for the pages. A group might have been renamed and the Rake task
|
||||
must be updated to match.
|
||||
1. Create another commit with your manual changes, and create a second merge request
|
||||
with your changes to the `CODEOWNERS` file. Assign it to a technical writing manager for review.
|
||||
- If all files in a single directory are assigned to the same
|
||||
technical writer, simplify these entries. Remove all the lines for the individual
|
||||
files, and leave a single entry for the directory, for example: `/doc/directory/ @tech.writer`.
|
||||
1. When you are happy with the output, create a new branch to update the
|
||||
[`CODEOWNERS`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/.gitlab/CODEOWNERS)
|
||||
file. Replace the documentation-related lines in the `^[Documentation Pages]`
|
||||
section with the output you prepared.
|
||||
|
||||
WARNING:
|
||||
The documentation section is not the last section of the `CODEOWNERS` file. Don't
|
||||
delete data that isn't ours!
|
||||
|
||||
1. Create a merge request from this branch with your changes to the `CODEOWNERS` file.
|
||||
Assign it to a technical writing manager for review.
|
||||
|
||||
## Move, rename, or delete a page
|
||||
|
||||
|
|
|
@ -77,9 +77,9 @@ Instead of:
|
|||
- The documentation is written by contributors.
|
||||
|
||||
NOTE:
|
||||
If you can add the phrase "by zombies" to the end of the sentence,
|
||||
If you can add the phrase "by zombies" to the phrase,
|
||||
the construction is passive. For example, `The button is selected by zombies`
|
||||
is passive. `Select the button` is active.
|
||||
is passive. `Zombies select the button` is active.
|
||||
|
||||
## administrator
|
||||
|
||||
|
|
|
@ -65,6 +65,9 @@ To do that, you can use the `data` attributes in the HTML element and query them
|
|||
You should only do this while initializing the application, because the mounted element is replaced
|
||||
with a Vue-generated DOM.
|
||||
|
||||
The `data` attributes are [only able to accept String values](https://developer.mozilla.org/en-US/docs/Learn/HTML/Howto/Use_data_attributes#javascript_access),
|
||||
so you will need to cast or convert other variable types to String.
|
||||
|
||||
The advantage of providing data from the DOM to the Vue instance through `props` or
|
||||
`provide` in the `render` function, instead of querying the DOM inside the main Vue
|
||||
component, is that you avoid creating a fixture or an HTML element in the unit test.
|
||||
|
|
|
@ -101,13 +101,12 @@ or manually with Google Cloud Shell:
|
|||
1. After the Cloud Shell starts, run these commands to install NGINX Ingress Controller:
|
||||
|
||||
```shell
|
||||
kubectl create ns gitlab-managed-apps
|
||||
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
|
||||
helm repo update
|
||||
helm install ingress ngress-nginx/ingress-nginx -n gitlab-managed-apps
|
||||
helm upgrade --install ingress-nginx ingress-nginx \
|
||||
--repo https://kubernetes.github.io/ingress-nginx \
|
||||
--namespace gitlab-managed-apps --create-namespace
|
||||
|
||||
# Check that the ingress controller is installed successfully
|
||||
kubectl get service ingress-nginx-ingress-controller -n gitlab-managed-apps
|
||||
kubectl get service ingress-nginx-controller -n gitlab-managed-apps
|
||||
```
|
||||
|
||||
## Configure Auto DevOps
|
||||
|
@ -118,7 +117,7 @@ Follow these steps to configure the base domain and other settings required for
|
|||
get the external IP address with the following command:
|
||||
|
||||
```shell
|
||||
kubectl get service ingress-nginx-ingress-controller -n gitlab-managed-apps -ojson | jq -r '.status.loadBalancer.ingress[].ip'
|
||||
kubectl get service ingress-nginx-controller -n gitlab-managed-apps -ojson | jq -r '.status.loadBalancer.ingress[].ip'
|
||||
```
|
||||
|
||||
Replace `gitlab-managed-apps` if you have overwritten your namespace.
|
||||
|
|
|
@ -28,7 +28,7 @@ deployment using GitLab CI/CD.
|
|||
With the extensive integration between GitLab and Kubernetes, you can safely deploy your applications
|
||||
to Kubernetes clusters using the [GitLab agent](../user/clusters/agent/install/index.md).
|
||||
|
||||
#### GitOps deployments **(PREMIUM)**
|
||||
#### GitOps deployments
|
||||
|
||||
With the [GitLab agent for Kubernetes](../user/clusters/agent/install/index.md), you can perform
|
||||
[pull-based deployments of Kubernetes manifests](../user/clusters/agent/gitops.md). This provides a scalable, secure,
|
||||
|
|
|
@ -29,6 +29,34 @@ If you need more time to manage your members, or to try GitLab features
|
|||
with a team of more than five members, you can [start a trial](https://gitlab.com/-/trial_registrations/new?glm_source=docs.gitlab.com&glm_content=free-user-limit).
|
||||
A trial lasts for 30 days and includes an unlimited number of members.
|
||||
|
||||
## Determining namespace user counts
|
||||
|
||||
Every unique user of a top-level namespace with private visibility counts towards the five-user limit. This includes every user of a group, subgroup, and project within a namespace.
|
||||
|
||||
For example:
|
||||
|
||||
The group `example-1` has:
|
||||
|
||||
- One group owner, `A`.
|
||||
- One subgroup called `subgroup-1` with one member, `B`.
|
||||
- `subgroup-1` inherits `A` as a member from `example-1`.
|
||||
- One project in `subgroup-1` called `project-1` with two members, `C` and `D`.
|
||||
- `project-1` inherits `A` and `B` as members from `subgroup-1`.
|
||||
|
||||
The namespace `example-1` has four unique members: `A`, `B`, `C`, and `D`. Because `example-1` has only four unique members, it is not impacted by the five-user limit.
|
||||
|
||||
The group `example-2` has:
|
||||
|
||||
- One group owner, `A`.
|
||||
- One subgroup called `subgroup-2` with one member, `B`.
|
||||
- `subgroup-2` inherits `A` as a member from `example-2`.
|
||||
- One project in `subgroup-2` called `project-2a` with two members, `C` and `D`.
|
||||
- `project-2a` inherits `A` and `B` as members from `subgroup-2`.
|
||||
- One project in `subgroup-2` called `project-2b` with two members, `E` and `F`.
|
||||
- `project-2b` inherits `A` and `B` as members from `subgroup-2`.
|
||||
|
||||
The namespace `example-2` has six unique members: `A`, `B`, `C`, `D`, `E`, and `F`. Because `example-2` has six unique users, it is impacted by the five-user limit.
|
||||
|
||||
## Related topics
|
||||
|
||||
- [GitLab SaaS Free tier frequently asked questions](https://about.gitlab.com/pricing/faq-efficient-free-tier/)
|
||||
|
|
|
@ -104,7 +104,7 @@ module API
|
|||
end
|
||||
params do
|
||||
requires :access_level, type: Integer, desc: 'A valid access level (defaults: `30`, developer access level)'
|
||||
requires :user_id, types: Array[Integer], coerce_with: Validations::Types::CommaSeparatedToIntegerArray.coerce, desc: 'The user ID of the new member or multiple IDs separated by commas.'
|
||||
requires :user_id, types: [Integer, String], desc: 'The user ID of the new member or multiple IDs separated by commas.'
|
||||
optional :expires_at, type: DateTime, desc: 'Date string in the format YEAR-MONTH-DAY'
|
||||
optional :invite_source, type: String, desc: 'Source that triggered the member creation process', default: 'members-api'
|
||||
optional :tasks_to_be_done, type: Array[String], coerce_with: Validations::Types::CommaSeparatedToArray.coerce, desc: 'Tasks the inviter wants the member to do'
|
||||
|
|
|
@ -95,9 +95,9 @@ module API
|
|||
find_authorized_group!
|
||||
end
|
||||
|
||||
def ensure_project!
|
||||
def project!(action: :read_package)
|
||||
find_project(params[:id]) || not_found!
|
||||
authorized_user_project
|
||||
authorized_user_project(action: action)
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -161,10 +161,6 @@ module API
|
|||
end
|
||||
|
||||
resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
|
||||
before do
|
||||
ensure_project!
|
||||
end
|
||||
|
||||
namespace ':id/packages/pypi' do
|
||||
desc 'The PyPi package download endpoint' do
|
||||
detail 'This feature was introduced in GitLab 12.10'
|
||||
|
@ -176,8 +172,7 @@ module API
|
|||
|
||||
route_setting :authentication, deploy_token_allowed: true, basic_auth_personal_access_token: true, job_token_allowed: :basic_auth
|
||||
get 'files/:sha256/*file_identifier' do
|
||||
project = authorized_user_project
|
||||
authorize_read_package!(project)
|
||||
project = project!
|
||||
|
||||
filename = "#{params[:file_identifier]}.#{params[:format]}"
|
||||
package = Packages::Pypi::PackageFinder.new(current_user, project, { filename: filename, sha256: params[:sha256] }).execute
|
||||
|
@ -196,7 +191,7 @@ module API
|
|||
# PyPi simple API returns a list of packages as a simple HTML file.
|
||||
route_setting :authentication, deploy_token_allowed: true, basic_auth_personal_access_token: true, job_token_allowed: :basic_auth
|
||||
get 'simple', format: :txt do
|
||||
present_simple_index(authorized_user_project)
|
||||
present_simple_index(project!)
|
||||
end
|
||||
|
||||
desc 'The PyPi Simple Project Package Endpoint' do
|
||||
|
@ -211,7 +206,7 @@ module API
|
|||
# PyPi simple API returns the package descriptor as a simple HTML file.
|
||||
route_setting :authentication, deploy_token_allowed: true, basic_auth_personal_access_token: true, job_token_allowed: :basic_auth
|
||||
get 'simple/*package_name', format: :txt do
|
||||
present_simple_package(authorized_user_project)
|
||||
present_simple_package(project!)
|
||||
end
|
||||
|
||||
desc 'The PyPi Package upload endpoint' do
|
||||
|
@ -229,15 +224,16 @@ module API
|
|||
|
||||
route_setting :authentication, deploy_token_allowed: true, basic_auth_personal_access_token: true, job_token_allowed: :basic_auth
|
||||
post do
|
||||
authorize_upload!(authorized_user_project)
|
||||
bad_request!('File is too large') if authorized_user_project.actual_limits.exceeded?(:pypi_max_file_size, params[:content].size)
|
||||
project = project!(action: :read_project)
|
||||
authorize_upload!(project)
|
||||
bad_request!('File is too large') if project.actual_limits.exceeded?(:pypi_max_file_size, params[:content].size)
|
||||
|
||||
track_package_event('push_package', :pypi, project: authorized_user_project, user: current_user, namespace: authorized_user_project.namespace)
|
||||
track_package_event('push_package', :pypi, project: project, user: current_user, namespace: project.namespace)
|
||||
|
||||
unprocessable_entity! if Gitlab::FIPS.enabled? && declared_params[:md5_digest].present?
|
||||
|
||||
::Packages::Pypi::CreatePackageService
|
||||
.new(authorized_user_project, current_user, declared_params.merge(build: current_authenticated_job))
|
||||
.new(project, current_user, declared_params.merge(build: current_authenticated_job))
|
||||
.execute
|
||||
|
||||
created!
|
||||
|
@ -249,10 +245,11 @@ module API
|
|||
|
||||
route_setting :authentication, deploy_token_allowed: true, basic_auth_personal_access_token: true, job_token_allowed: :basic_auth
|
||||
post 'authorize' do
|
||||
project = project!(action: :read_project)
|
||||
authorize_workhorse!(
|
||||
subject: authorized_user_project,
|
||||
subject: project,
|
||||
has_length: false,
|
||||
maximum_size: authorized_user_project.actual_limits.pypi_max_file_size
|
||||
maximum_size: project.actual_limits.pypi_max_file_size
|
||||
)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -66,7 +66,7 @@ namespace :tw do
|
|||
CodeOwnerRule.new('Redirect', 'Redirect'),
|
||||
CodeOwnerRule.new('Release', '@rdickenson'),
|
||||
CodeOwnerRule.new('Respond', '@msedlakjakubowski'),
|
||||
CodeOwnerRule.new('Runner', '@sselhorn'),
|
||||
CodeOwnerRule.new('Runner', '@fneill'),
|
||||
CodeOwnerRule.new('Pods', '@jglassman1'),
|
||||
CodeOwnerRule.new('Security Policies', '@claytoncornell'),
|
||||
CodeOwnerRule.new('Source Code', '@aqualls'),
|
||||
|
|
|
@ -69,6 +69,7 @@ RSpec.describe API::PypiPackages do
|
|||
it_behaves_like 'rejects PyPI access with unknown project id'
|
||||
it_behaves_like 'deploy token for package GET requests'
|
||||
it_behaves_like 'job token for package GET requests'
|
||||
it_behaves_like 'allow access for everyone with public package_registry_access_level'
|
||||
|
||||
context 'with project path as id' do
|
||||
let(:url) { "/projects/#{CGI.escape(project.full_path)}/packages/pypi/simple" }
|
||||
|
@ -130,6 +131,7 @@ RSpec.describe API::PypiPackages do
|
|||
it_behaves_like 'rejects PyPI access with unknown project id'
|
||||
it_behaves_like 'deploy token for package GET requests'
|
||||
it_behaves_like 'job token for package GET requests'
|
||||
it_behaves_like 'allow access for everyone with public package_registry_access_level'
|
||||
|
||||
context 'with project path as id' do
|
||||
let(:url) { "/projects/#{CGI.escape(project.full_path)}/packages/pypi/simple/#{package.name}" }
|
||||
|
@ -377,6 +379,7 @@ RSpec.describe API::PypiPackages do
|
|||
|
||||
it_behaves_like 'pypi file download endpoint'
|
||||
it_behaves_like 'rejects PyPI access with unknown project id'
|
||||
it_behaves_like 'allow access for everyone with public package_registry_access_level'
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -221,6 +221,27 @@ RSpec.shared_examples 'rejects PyPI access with unknown group id' do
|
|||
end
|
||||
end
|
||||
|
||||
RSpec.shared_examples 'allow access for everyone with public package_registry_access_level' do
|
||||
context 'with private project but public access to package registry' do
|
||||
before do
|
||||
project.update_column(:visibility_level, Gitlab::VisibilityLevel::PRIVATE)
|
||||
project.project_feature.update!(package_registry_access_level: ProjectFeature::PUBLIC)
|
||||
end
|
||||
|
||||
context 'as non-member user' do
|
||||
let(:headers) { basic_auth_header(user.username, personal_access_token.token) }
|
||||
|
||||
it_behaves_like 'returning response status', :success
|
||||
end
|
||||
|
||||
context 'as anonymous' do
|
||||
let(:headers) { {} }
|
||||
|
||||
it_behaves_like 'returning response status', :success
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
RSpec.shared_examples 'pypi simple API endpoint' do
|
||||
using RSpec::Parameterized::TableSyntax
|
||||
|
||||
|
|
Loading…
Reference in New Issue