Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2022-01-27 00:14:15 +00:00
parent c9d1b77888
commit d1b3784799
17 changed files with 153 additions and 19 deletions

View file

@ -1 +1 @@
66a4a9452e0ee27a29dd36fffe98ea04dab8ae24
440ad2b355bdbcf1d2b21ea63be40fddfc788d86

View file

@ -473,7 +473,7 @@ gem 'ssh_data', '~> 1.2'
gem 'spamcheck', '~> 0.1.0'
# Gitaly GRPC protocol definitions
gem 'gitaly', '~> 14.6.0.pre.rc1'
gem 'gitaly', '~> 14.8.0.pre.rc1'
# KAS GRPC protocol definitions
gem 'kas-grpc', '~> 0.0.2'

View file

@ -449,7 +449,7 @@ GEM
rails (>= 3.2.0)
git (1.7.0)
rchardet (~> 1.8)
gitaly (14.6.0.pre.rc1)
gitaly (14.8.0.pre.rc1)
grpc (~> 1.0)
github-markup (1.7.0)
gitlab (4.16.1)
@ -1466,7 +1466,7 @@ DEPENDENCIES
gettext (~> 3.3)
gettext_i18n_rails (~> 1.8.0)
gettext_i18n_rails_js (~> 1.3)
gitaly (~> 14.6.0.pre.rc1)
gitaly (~> 14.8.0.pre.rc1)
github-markup (~> 1.7.0)
gitlab-chronic (~> 0.10.5)
gitlab-dangerfiles (~> 2.8.0)

View file

@ -26,7 +26,6 @@ import {
TREE_LIST_WIDTH_STORAGE_KEY,
INITIAL_TREE_WIDTH,
MIN_TREE_WIDTH,
MAX_TREE_WIDTH,
TREE_HIDE_STATS_WIDTH,
MR_TREE_SHOW_KEY,
ALERT_OVERFLOW_HIDDEN,
@ -622,7 +621,7 @@ export default {
},
},
minTreeWidth: MIN_TREE_WIDTH,
maxTreeWidth: MAX_TREE_WIDTH,
maxTreeWidth: window.innerWidth / 2,
howToMergeDocsPath: helpPagePath('user/project/merge_requests/reviews/index.md', {
anchor: 'checkout-merge-requests-locally-through-the-head-ref',
}),

View file

@ -42,7 +42,6 @@ export const TREE_LIST_WIDTH_STORAGE_KEY = 'mr_tree_list_width';
export const INITIAL_TREE_WIDTH = 320;
export const MIN_TREE_WIDTH = 240;
export const MAX_TREE_WIDTH = 400;
export const TREE_HIDE_STATS_WIDTH = 260;
export const OLD_LINE_KEY = 'old_line';

View file

@ -0,0 +1,18 @@
- name: "Vulnerability Check"
announcement_milestone: "14.8"
announcement_date: "2021-02-22"
removal_milestone: "15.0"
removal_date: "2022-05-22"
breaking_change: true
reporter: sam.white
body: | # Do not modify this line, instead modify the lines below.
The vulnerability check feature is deprecated in GitLab 14.8 and scheduled for removal in GitLab 15.0. We encourage you to migrate to the new security approvals feature instead. You can do so by navigating to **Security & Compliance > Policies** and creating a new Scan Result Policy.
The new security approvals feature is similar to vulnerability check. For example, both can require approvals for MRs that contain security vulnerabilities. However, security approvals improve the previous experience in several ways:
- Users can choose who is allowed to edit security approval rules. An independent security or compliance team can therefore manage rules in a way that prevents development project maintainers from modifying the rules.
- Multiple rules can be created and chained together to allow for filtering on different severity thresholds for each scanner type.
- A two-step approval process can be enforced for any desired changes to security approval rules.
- A single set of security policies can be applied to multiple development projects to allow for ease in maintaining a single, centralized ruleset.
# The following items are not published on the docs page, but may be used in the future.
stage: "Protect"

View file

@ -0,0 +1,17 @@
# frozen_string_literal: true
class RemoveIndexOnAutoStopIn < Gitlab::Database::Migration[1.0]
TABLE = :environments
INDEX_NAME = 'index_environments_on_auto_stop_at'
COLUMN = :auto_stop_at
disable_ddl_transaction!
def up
remove_concurrent_index TABLE, COLUMN, where: 'auto_stop_at IS NOT NULL', name: INDEX_NAME
end
def down
add_concurrent_index TABLE, COLUMN, where: 'auto_stop_at IS NOT NULL', name: INDEX_NAME
end
end

View file

@ -0,0 +1,17 @@
# frozen_string_literal: true
class RemoveIndexOnMergeRequestId < Gitlab::Database::Migration[1.0]
TABLE = :merge_request_context_commits
INDEX_NAME = 'index_merge_request_context_commits_on_merge_request_id'
COLUMN = :merge_request_id
disable_ddl_transaction!
def up
remove_concurrent_index TABLE, COLUMN, name: INDEX_NAME
end
def down
add_concurrent_index TABLE, COLUMN, name: INDEX_NAME
end
end

View file

@ -0,0 +1 @@
ff0127967c3ee6e4f4af528b84024a6a838f8dbeb19cf78d7d913d4fc8e155e7

View file

@ -0,0 +1 @@
abbba4ccacebb825c3f9cb5b0463d457fd4a7b4396a2184a995e496aebaf4521

View file

@ -26080,8 +26080,6 @@ CREATE INDEX index_emails_on_user_id ON emails USING btree (user_id);
CREATE INDEX index_enabled_clusters_on_id ON clusters USING btree (id) WHERE (enabled = true);
CREATE INDEX index_environments_on_auto_stop_at ON environments USING btree (auto_stop_at) WHERE (auto_stop_at IS NOT NULL);
CREATE INDEX index_environments_on_name_varchar_pattern_ops ON environments USING btree (name varchar_pattern_ops);
CREATE UNIQUE INDEX index_environments_on_project_id_and_name ON environments USING btree (project_id, name);

View file

@ -705,6 +705,25 @@ The `merged_by` field in the [merge request API](https://docs.gitlab.com/ee/api/
## 14.8
### Vulnerability Check
WARNING:
This feature will be changed or removed in 15.0
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
Before updating GitLab, review the details carefully to determine if you need to make any
changes to your code, settings, or workflow.
The vulnerability check feature is deprecated in GitLab 14.8 and scheduled for removal in GitLab 15.0. We encourage you to migrate to the new security approvals feature instead. You can do so by navigating to **Security & Compliance > Policies** and creating a new Scan Result Policy.
The new security approvals feature is similar to vulnerability check. For example, both can require approvals for MRs that contain security vulnerabilities. However, security approvals improve the previous experience in several ways:
- Users can choose who is allowed to edit security approval rules. An independent security or compliance team can therefore manage rules in a way that prevents development project maintainers from modifying the rules.
- Multiple rules can be created and chained together to allow for filtering on different severity thresholds for each scanner type.
- A two-step approval process can be enforced for any desired changes to security approval rules.
- A single set of security policies can be applied to multiple development projects to allow for ease in maintaining a single, centralized ruleset.
**Planned removal milestone: 15.0 (2022-05-22)**
### `fixup!` commit messages setting draft status of associated Merge Request
The use of `fixup!` as a commit message to trigger draft status

View file

@ -0,0 +1,16 @@
# frozen_string_literal: true
module Gitlab
module Git
# ReferenceUpdateError represents an error that happen when trying to
# update a Git reference.
class ReferenceUpdateError < StandardError
def initialize(message, reference, old_oid, new_oid)
@message = message
@reference = reference
@old_oid = old_oid
@new_oid = new_oid
end
end
end
end

View file

@ -168,8 +168,12 @@ module Gitlab
raise unless decoded_error.present?
raise decoded_error
# We simply ignore any reference update errors which are typically an
# indicator of multiple RPC calls trying to update the same reference
# at the same point in time.
return if decoded_error.is_a?(Gitlab::Git::ReferenceUpdateError)
raise decoded_error
ensure
request_enum.close
end
@ -495,6 +499,12 @@ module Gitlab
access_check_error = detailed_error.access_check
# These messages were returned from internal/allowed API calls
Gitlab::Git::PreReceiveError.new(fallback_message: access_check_error.error_message)
when :reference_update
reference_update_error = detailed_error.reference_update
Gitlab::Git::ReferenceUpdateError.new(err.details,
reference_update_error.reference_name,
reference_update_error.old_oid,
reference_update_error.new_oid)
else
# We're handling access_check only for now, but we'll add more detailed error types
nil

View file

@ -57,7 +57,7 @@
"@gitlab/favicon-overlay": "2.0.0",
"@gitlab/svgs": "2.2.0",
"@gitlab/tributejs": "1.0.0",
"@gitlab/ui": "33.0.0",
"@gitlab/ui": "33.1.0",
"@gitlab/visual-review-tools": "1.6.1",
"@rails/actioncable": "6.1.4-1",
"@rails/ujs": "6.1.4-1",

View file

@ -2,6 +2,9 @@
require 'spec_helper'
require 'google/rpc/status_pb'
require 'google/protobuf/well_known_types'
RSpec.describe Gitlab::GitalyClient::OperationService do
let_it_be(:user) { create(:user) }
let_it_be(:project) { create(:project, :repository) }
@ -185,11 +188,16 @@ RSpec.describe Gitlab::GitalyClient::OperationService do
context 'with an exception with the UserMergeBranchError' do
let(:permission_error) do
GRPC::PermissionDenied.new(
new_detailed_error(
GRPC::Core::StatusCodes::PERMISSION_DENIED,
"GitLab: You are not allowed to push code to this project.",
{ "grpc-status-details-bin" =>
"\b\a\x129GitLab: You are not allowed to push code to this project.\x1A\xDE\x01\n/type.googleapis.com/gitaly.UserMergeBranchError\x12\xAA\x01\n\xA7\x01\n1You are not allowed to push code to this project.\x12\x03web\x1A\auser-15\"df15b32277d2c55c6c595845a87109b09c913c556 5d6e0f935ad9240655f64e883cd98fad6f9a17ee refs/heads/master\n" }
)
Gitaly::UserMergeBranchError.new(
access_check: Gitaly::AccessCheckError.new(
error_message: "You are not allowed to push code to this project.",
protocol: "web",
user_id: "user-15",
changes: "df15b32277d2c55c6c595845a87109b09c913c556 5d6e0f935ad9240655f64e883cd98fad6f9a17ee refs/heads/master\n"
)))
end
it 'raises PreRecieveError with the error message' do
@ -217,6 +225,27 @@ RSpec.describe Gitlab::GitalyClient::OperationService do
expect { subject }.to raise_error(GRPC::PermissionDenied)
end
end
context 'with ReferenceUpdateError' do
let(:reference_update_error) do
new_detailed_error(GRPC::Core::StatusCodes::FAILED_PRECONDITION,
"some ignored error message",
Gitaly::UserMergeBranchError.new(
reference_update: Gitaly::ReferenceUpdateError.new(
reference_name: "refs/heads/something",
old_oid: "1234",
new_oid: "6789"
)))
end
it 'returns nil' do
expect_any_instance_of(Gitaly::OperationService::Stub)
.to receive(:user_merge_branch).with(kind_of(Enumerator), kind_of(Hash))
.and_raise(reference_update_error)
expect(subject).to be_nil
end
end
end
describe '#user_ff_branch' do
@ -478,4 +507,14 @@ RSpec.describe Gitlab::GitalyClient::OperationService do
end
end
end
def new_detailed_error(error_code, error_message, details)
status_error = Google::Rpc::Status.new(
code: error_code,
message: error_message,
details: [Google::Protobuf::Any.pack(details)]
)
GRPC::BadStatus.new(error_code, error_message, { "grpc-status-details-bin" => Google::Rpc::Status.encode(status_error) })
end
end

View file

@ -924,10 +924,10 @@
resolved "https://registry.yarnpkg.com/@gitlab/tributejs/-/tributejs-1.0.0.tgz#672befa222aeffc83e7d799b0500a7a4418e59b8"
integrity sha512-nmKw1+hB6MHvlmPz63yPwVs1qQkycHwsKgxpEbzmky16Y6mL4EJMk3w1b8QlOAF/AIAzjCERPhe/R4MJiohbZw==
"@gitlab/ui@33.0.0":
version "33.0.0"
resolved "https://registry.yarnpkg.com/@gitlab/ui/-/ui-33.0.0.tgz#d41f59e9acc19af84a80fa14c4ac4eff0b8f6ba5"
integrity sha512-os2PmiOIdzlYIv0GoFtvTmBXhl8B4rnzPgibHUOiMZf8n9Oye8LNs9+zA1fk5PRur/SVwmS5+0hIFH7Dyqt9hw==
"@gitlab/ui@33.1.0":
version "33.1.0"
resolved "https://registry.yarnpkg.com/@gitlab/ui/-/ui-33.1.0.tgz#45ac2e6362546530b5756b1973f97f74a9c920da"
integrity sha512-kSpnGx7UjWxl0s6RBl9njhthD2tSyLHoVd3Q/E3WEE9gdw8VSa4tEeI2srD9eGl2npd/VUvO7tNIXzk5NpjLZg==
dependencies:
"@babel/standalone" "^7.0.0"
bootstrap-vue "2.20.1"