Add latest changes from gitlab-org/gitlab@master
This commit is contained in:
parent
6997e3f3d0
commit
e32f083f49
|
@ -3,6 +3,7 @@ import { mapState, mapGetters, mapActions } from 'vuex';
|
|||
import { s__, __ } from '~/locale';
|
||||
import diffLineNoteFormMixin from '~/notes/mixins/diff_line_note_form';
|
||||
import { confirmAction } from '~/lib/utils/confirm_via_gl_modal/confirm_via_gl_modal';
|
||||
import { ignoreWhilePending } from '~/lib/utils/ignore_while_pending';
|
||||
import glFeatureFlagsMixin from '~/vue_shared/mixins/gl_feature_flags_mixin';
|
||||
import MultilineCommentForm from '~/notes/components/multiline_comment_form.vue';
|
||||
import { commentLineOptions, formatLineRange } from '~/notes/components/multiline_comment_utils';
|
||||
|
@ -175,7 +176,10 @@ export default {
|
|||
'saveDiffDiscussion',
|
||||
'setSuggestPopoverDismissed',
|
||||
]),
|
||||
async handleCancelCommentForm(shouldConfirm, isDirty) {
|
||||
handleCancelCommentForm: ignoreWhilePending(async function handleCancelCommentForm(
|
||||
shouldConfirm,
|
||||
isDirty,
|
||||
) {
|
||||
if (shouldConfirm && isDirty) {
|
||||
const msg = s__('Notes|Are you sure you want to cancel creating this comment?');
|
||||
|
||||
|
@ -195,7 +199,7 @@ export default {
|
|||
this.$nextTick(() => {
|
||||
this.resetAutoSave();
|
||||
});
|
||||
},
|
||||
}),
|
||||
handleSaveNote(note) {
|
||||
return this.saveDiffDiscussion({ note, formData: this.formData }).then(() =>
|
||||
this.handleCancelCommentForm(),
|
||||
|
|
|
@ -299,3 +299,10 @@ if (flashContainer && flashContainer.children.length) {
|
|||
$('.gl-show-field-errors').each((i, form) => new GlFieldErrors(form));
|
||||
|
||||
requestIdleCallback(deferredInitialisation);
|
||||
|
||||
// initialize hiding of tooltip after clicking on dropdown's links and buttons
|
||||
document
|
||||
.querySelectorAll('a[data-toggle="dropdown"], button[data-toggle="dropdown"]')
|
||||
.forEach((element) => {
|
||||
element.addEventListener('click', () => tooltips.hide(element));
|
||||
});
|
||||
|
|
|
@ -32,10 +32,6 @@ body {
|
|||
font-size: inherit;
|
||||
}
|
||||
|
||||
a {
|
||||
text-decoration: none;
|
||||
}
|
||||
|
||||
.gl-mb-5 {
|
||||
@include gl-mb-5;
|
||||
}
|
||||
|
|
|
@ -218,10 +218,6 @@ $tabs-holder-z-index: 250;
|
|||
.epic-tabs-holder {
|
||||
top: $header-height;
|
||||
z-index: $tabs-holder-z-index;
|
||||
margin-left: -$gl-padding;
|
||||
margin-right: -$gl-padding;
|
||||
padding-left: $gl-padding;
|
||||
padding-right: $gl-padding;
|
||||
background-color: $body-bg;
|
||||
border-bottom: 1px solid $border-color;
|
||||
|
||||
|
|
|
@ -367,29 +367,3 @@ to @gitlab/ui by https://gitlab.com/gitlab-org/gitlab-ui/-/issues/1709
|
|||
-webkit-backdrop-filter: blur(2px); // still required by Safari
|
||||
}
|
||||
|
||||
/*
|
||||
* The below style will be moved to @gitlab/ui by
|
||||
* https://gitlab.com/gitlab-org/gitlab-ui/-/issues/1792
|
||||
*/
|
||||
.gl-text-purple-800 {
|
||||
color: $purple-800;
|
||||
}
|
||||
|
||||
.gl-bg-theme-indigo-800 {
|
||||
background-color: $theme-indigo-800;
|
||||
}
|
||||
|
||||
.gl-border-indigo-700 {
|
||||
border-color: $theme-indigo-700;
|
||||
}
|
||||
|
||||
.gl-border-gray-75 {
|
||||
border-color: $gl-text-color-quaternary;
|
||||
}
|
||||
|
||||
.gl-min-h-8 {
|
||||
min-height: $gl-spacing-scale-8;
|
||||
}
|
||||
|
||||
/* End gitlab-ui#1751 */
|
||||
|
||||
|
|
|
@ -18,6 +18,10 @@ module Mutations
|
|||
required: false,
|
||||
description: 'Description of the runner.'
|
||||
|
||||
argument :maintenance_note, GraphQL::Types::String,
|
||||
required: false,
|
||||
description: 'Runner\'s maintenance notes.'
|
||||
|
||||
argument :maximum_timeout, GraphQL::Types::Int,
|
||||
required: false,
|
||||
description: 'Maximum timeout (in seconds) for jobs processed by the runner.'
|
||||
|
|
|
@ -5,6 +5,10 @@
|
|||
GitLab
|
||||
- if Feature.enabled?(:enhanced_notify_css)
|
||||
= stylesheet_link_tag 'notify_enhanced'
|
||||
%style{ type: 'text/css', 'data-premailer': 'ignore' }
|
||||
-# The MUA automatically turns some text into links.
|
||||
-# Match the color of explicit links ($blue-600 from typography.scss).
|
||||
a { color: #1068bf; }
|
||||
- else
|
||||
= stylesheet_link_tag 'notify'
|
||||
= yield :head
|
||||
|
|
|
@ -7,6 +7,10 @@
|
|||
-# haml-lint:enable NoPlainNodes
|
||||
- if Feature.enabled?(:enhanced_notify_css)
|
||||
= stylesheet_link_tag 'notify_enhanced'
|
||||
%style{ type: 'text/css', 'data-premailer': 'ignore' }
|
||||
-# The MUA automatically turns some text into links.
|
||||
-# Match the color of explicit links ($blue-600 from typography.scss).
|
||||
a { color: #1068bf; }
|
||||
- else
|
||||
= stylesheet_link_tag 'notify'
|
||||
= yield :head
|
||||
|
|
|
@ -25,7 +25,7 @@
|
|||
stage: # String value of the stage that the feature was created in. e.g., Growth
|
||||
self-managed: # Boolean value (true or false)
|
||||
gitlab-com: # Boolean value (true or false)
|
||||
packages: # Array of strings. The Array brackets are required here. e.g., [Core, Starter, Premium, Ultimate]
|
||||
packages: # Array of strings. The Array brackets are required here. e.g., [Free, Premium, Ultimate]
|
||||
url: # This is the documentation URL, but can be a URL to a video if there is one
|
||||
image_url: # This should be a full URL, generally taken from the release post content. If a video, use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
|
||||
published_at: # YYYY-MM-DD
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
class DropComplianceManagementFrameworksRegulated < Gitlab::Database::Migration[2.0]
|
||||
def up
|
||||
remove_column :compliance_management_frameworks, :regulated
|
||||
end
|
||||
|
||||
def down
|
||||
add_column :compliance_management_frameworks, :regulated, :boolean, default: true
|
||||
end
|
||||
end
|
|
@ -0,0 +1 @@
|
|||
ee255f9340fe64793636217a5115c368e0bd067cba057bb58aa78f370efae423
|
|
@ -13777,7 +13777,6 @@ CREATE TABLE compliance_management_frameworks (
|
|||
description text NOT NULL,
|
||||
color text NOT NULL,
|
||||
namespace_id integer NOT NULL,
|
||||
regulated boolean DEFAULT true NOT NULL,
|
||||
pipeline_configuration_full_path text,
|
||||
CONSTRAINT check_08cd34b2c2 CHECK ((char_length(color) <= 10)),
|
||||
CONSTRAINT check_1617e0b87e CHECK ((char_length(description) <= 255)),
|
||||
|
|
|
@ -14,6 +14,7 @@ first: '\b([A-Z]{3,5})\b'
|
|||
second: '(?:\b[A-Z][a-z]+ )+\(([A-Z]{3,5})\)'
|
||||
# ... with the exception of these:
|
||||
exceptions:
|
||||
- AAAA
|
||||
- AJAX
|
||||
- ANSI
|
||||
- API
|
||||
|
@ -30,14 +31,19 @@ exceptions:
|
|||
- CLI
|
||||
- CNA
|
||||
- CNAME
|
||||
- CNCF
|
||||
- CORE
|
||||
- CORS
|
||||
- CPU
|
||||
- CRIME
|
||||
- CRM
|
||||
- CSRF
|
||||
- CSS
|
||||
- CSV
|
||||
- CWE
|
||||
- CVE
|
||||
- CVS
|
||||
- CVSS
|
||||
- DAG
|
||||
- DAST
|
||||
- DHCP
|
||||
|
@ -81,6 +87,7 @@ exceptions:
|
|||
- HEAD
|
||||
- HIPAA
|
||||
- HLL
|
||||
- HSTS
|
||||
- HTML
|
||||
- HTTP
|
||||
- HTTPS
|
||||
|
@ -90,6 +97,7 @@ exceptions:
|
|||
- ICO
|
||||
- IDE
|
||||
- IID
|
||||
- IIS
|
||||
- IMAP
|
||||
- IOPS
|
||||
- IRC
|
||||
|
@ -105,6 +113,7 @@ exceptions:
|
|||
- LESS
|
||||
- LFS
|
||||
- LRU
|
||||
- LSIF
|
||||
- LTM
|
||||
- LTS
|
||||
- MIME
|
||||
|
@ -117,6 +126,7 @@ exceptions:
|
|||
- NOTE
|
||||
- NPM
|
||||
- NTP
|
||||
- OKD
|
||||
- ONLY
|
||||
- OSS
|
||||
- OTP
|
||||
|
@ -165,20 +175,25 @@ exceptions:
|
|||
- SHA
|
||||
- SLA
|
||||
- SLI
|
||||
- SLO
|
||||
- SMS
|
||||
- SMTP
|
||||
- SOAP
|
||||
- SOC
|
||||
- SOX
|
||||
- SPDX
|
||||
- SPDY
|
||||
- SPF
|
||||
- SQL
|
||||
- SRE
|
||||
- SRV
|
||||
- SSD
|
||||
- SSG
|
||||
- SSH
|
||||
- SSL
|
||||
- SSO
|
||||
- STI
|
||||
- SUSE
|
||||
- SVG
|
||||
- SVN
|
||||
- TCP
|
||||
|
|
|
@ -14,7 +14,7 @@ Users with auditor access have read-only access to all groups, projects, and oth
|
|||
For more information, see [Auditor user permissions and restrictions](#auditor-user-permissions-and-restrictions)
|
||||
section.
|
||||
|
||||
Situations where auditor access for users could be helpful include:
|
||||
Situations where auditor access for users could be helpful include:
|
||||
|
||||
- Your compliance department wants to run tests against the entire GitLab base
|
||||
to ensure users are complying with password, credit card, and other sensitive
|
||||
|
|
|
@ -9,13 +9,13 @@ info: To determine the technical writer assigned to the Stage/Group associated w
|
|||
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/85689) in GitLab 15.0 [with a flag](../administration/feature_flags.md) named `inactive_projects_deletion`. Disabled by default.
|
||||
|
||||
FLAG:
|
||||
On self-managed GitLab, by default this feature is not available. To make it available, ask an administrator to
|
||||
On self-managed GitLab, by default this feature is not available. To make it available, ask an administrator to
|
||||
[enable the feature flag](../administration/feature_flags.md) named `inactive_projects_deletion`.
|
||||
On GitLab.com, this feature is not available. This feature is not ready for production use.
|
||||
|
||||
Administrators of large GitLab instances can find that over time, projects become inactive and are no longer used.
|
||||
These projects take up unnecessary disk space. With inactive project deletion, you can identify these projects, warn
|
||||
the maintainers ahead of time, and then delete the projects if they remain inactive. When an inactive project is
|
||||
These projects take up unnecessary disk space. With inactive project deletion, you can identify these projects, warn
|
||||
the maintainers ahead of time, and then delete the projects if they remain inactive. When an inactive project is
|
||||
deleted, the action generates an audit event that it was performed by the first active administrator.
|
||||
|
||||
## Configure inactive project deletion
|
||||
|
|
|
@ -1180,7 +1180,7 @@ Reference: <https://docs.docker.com/registry/spec/auth/token/>
|
|||
|
||||
### Communication between GitLab and Registry
|
||||
|
||||
Registry doesn’t have a way to authenticate users internally so it relies on
|
||||
Registry doesn't have a way to authenticate users internally so it relies on
|
||||
GitLab to validate credentials. The connection between Registry and GitLab is
|
||||
TLS encrypted. The key is used by GitLab to sign the tokens while the certificate
|
||||
is used by Registry to validate the signature. By default, a self-signed certificate key pair is generated
|
||||
|
|
|
@ -4283,6 +4283,7 @@ Input type: `RunnerUpdateInput`
|
|||
| <a id="mutationrunnerupdatedescription"></a>`description` | [`String`](#string) | Description of the runner. |
|
||||
| <a id="mutationrunnerupdateid"></a>`id` | [`CiRunnerID!`](#cirunnerid) | ID of the runner to update. |
|
||||
| <a id="mutationrunnerupdatelocked"></a>`locked` | [`Boolean`](#boolean) | Indicates the runner is locked. |
|
||||
| <a id="mutationrunnerupdatemaintenancenote"></a>`maintenanceNote` | [`String`](#string) | Runner's maintenance notes. |
|
||||
| <a id="mutationrunnerupdatemaximumtimeout"></a>`maximumTimeout` | [`Int`](#int) | Maximum timeout (in seconds) for jobs processed by the runner. |
|
||||
| <a id="mutationrunnerupdatepaused"></a>`paused` | [`Boolean`](#boolean) | Indicates the runner is not allowed to receive jobs. |
|
||||
| <a id="mutationrunnerupdateprivateprojectsminutescostfactor"></a>`privateProjectsMinutesCostFactor` | [`Float`](#float) | Private projects' "minutes cost factor" associated with the runner (GitLab.com only). |
|
||||
|
|
|
@ -36,7 +36,7 @@ rapid growth of CI/CD adoption on GitLab.com.
|
|||
We can not, however, continue using Docker Machine. Work on that project [was
|
||||
paused in July 2018](https://github.com/docker/machine/issues/4537) and there
|
||||
was no development made since that time (except for some highly important
|
||||
security fixes). In 2018, after Docker Machine entered the “maintenance mode”,
|
||||
security fixes). In 2018, after Docker Machine entered the "maintenance mode",
|
||||
we decided to create [our own fork](https://gitlab.com/gitlab-org/ci-cd/docker-machine)
|
||||
to be able to keep using this and ship fixes and updates needed for our use case.
|
||||
[On September 26th, 2021 the project got archived](https://github.com/docker/docker.github.io/commit/2dc8b49dcbe85686cc7230e17aff8e9944cb47a5)
|
||||
|
@ -48,7 +48,7 @@ new mechanism for GitLab Runner auto-scaling. It not only needs to support
|
|||
auto-scaling, but it also needs to do that in the way to enable us to build on
|
||||
top of it to improve efficiency, reliability and availability.
|
||||
|
||||
We call this new mechanism the “next GitLab Runner Scaling architecture”.
|
||||
We call this new mechanism the "next GitLab Runner Scaling architecture".
|
||||
|
||||
_Disclaimer The following contain information related to upcoming products,
|
||||
features, and functionality._
|
||||
|
@ -82,11 +82,11 @@ about how people are using Docker Machine right now, and it seems that GitLab
|
|||
CI is one of the most frequent reasons for people to keep using Docker Machine.
|
||||
|
||||
There is also an opportunity in being able to optionally run multiple jobs in a
|
||||
single, larger virtual machine. We can’t do that today, but we know that this
|
||||
single, larger virtual machine. We can't do that today, but we know that this
|
||||
can potentially significantly improve efficiency. We might want to build a new
|
||||
architecture that makes it easier and allows us to test how efficient it is
|
||||
with PoCs. Running multiple jobs on a single machine can also make it possible
|
||||
to reuse what we call a “sticky context” - a space for build artifacts / user
|
||||
to reuse what we call a "sticky context" - a space for build artifacts / user
|
||||
data that can be shared between job runs.
|
||||
|
||||
### 💡 Design a simple abstraction that users will be able to build on top of
|
||||
|
@ -165,7 +165,7 @@ sequence diagram.
|
|||
![GitLab Runner Autoscaling Overview](gitlab-autoscaling-overview.png)
|
||||
|
||||
On the diagrams above we see that currently a GitLab Runner Manager runs on a
|
||||
machine that has access to a cloud provider’s API. It is using Docker Machine
|
||||
machine that has access to a cloud provider's API. It is using Docker Machine
|
||||
to provision new Virtual Machines with Docker Engine installed and it
|
||||
configures the Docker daemon there to allow external authenticated requests. It
|
||||
stores credentials to such ephemeral Docker environments on disk. Once a
|
||||
|
@ -186,8 +186,8 @@ through os/exec system calls.
|
|||
|
||||
Thanks to the custom executor abstraction there is no more need to implement
|
||||
new executors internally in Runner. Users who have specific needs can implement
|
||||
their own drivers and don’t need to wait for us to make their work part of the
|
||||
“official” GitLab Runner. As each driver is a separate project, it also makes
|
||||
their own drivers and don't need to wait for us to make their work part of the
|
||||
"official" GitLab Runner. As each driver is a separate project, it also makes
|
||||
it easier to create communities around them, where interested people can
|
||||
collaborate together on improvements and bug fixes.
|
||||
|
||||
|
@ -197,7 +197,7 @@ provide a context and an environment in which a build will be executed by one
|
|||
of the Custom Executors.
|
||||
|
||||
There are multiple solutions to implementing a custom provider abstraction. We
|
||||
can use raw Go plugins, Hashcorp’s Go Plugin, HTTP interface or gRPC based
|
||||
can use raw Go plugins, Hashcorp's Go Plugin, HTTP interface or gRPC based
|
||||
facade service. There are many solutions, and we want to choose the most
|
||||
optimal one. In order to do that, we will describe the solutions in a separate
|
||||
document, define requirements and score the solution accordingly. This will
|
||||
|
|
|
@ -112,7 +112,7 @@ For example, the following two definitions are equal:
|
|||
image: "registry.example.com/my/image:latest"
|
||||
|
||||
services:
|
||||
- postgresql:9.4
|
||||
- postgresql:14.3
|
||||
- redis:latest
|
||||
```
|
||||
|
||||
|
@ -124,7 +124,7 @@ For example, the following two definitions are equal:
|
|||
name: "registry.example.com/my/image:latest"
|
||||
|
||||
services:
|
||||
- name: postgresql:9.4
|
||||
- name: postgresql:14.3
|
||||
- name: redis:latest
|
||||
```
|
||||
|
||||
|
|
|
@ -200,7 +200,7 @@ GitLab SaaS shared runners have different cost factors, depending on the runner
|
|||
| GitLab SaaS runner type | Virtual machine configuration | CI/CD minutes cost factor |
|
||||
| :--------- | :------------------- | :--------- |
|
||||
| Linux OS + Docker executor| 1 vCPU, 3.75 GB RAM |1|
|
||||
| macOS + shell executor | 4 vCPU, 10 GB RAM| 6 |
|
||||
| macOS + shell executor | 4 vCPU, 10 GB RAM| 6 |
|
||||
|
||||
### Monthly reset of CI/CD minutes
|
||||
|
||||
|
|
|
@ -61,7 +61,7 @@ To use fastlane to code sign your application:
|
|||
get_provisioning_profile
|
||||
# match(type: "appstore",read_only: true)
|
||||
gym
|
||||
upload_to_testflight
|
||||
upload_to_testflight
|
||||
end
|
||||
end
|
||||
```
|
||||
|
|
|
@ -201,7 +201,7 @@ end-to-end-tests:
|
|||
alias: firefox
|
||||
- name: registry.gitlab.com/organization/private-api:latest
|
||||
alias: backend-api
|
||||
- postgres:9.6.19
|
||||
- postgres:14.3
|
||||
variables:
|
||||
FF_NETWORK_PER_BUILD: 1
|
||||
POSTGRES_PASSWORD: supersecretpassword
|
||||
|
|
|
@ -46,7 +46,7 @@ If you're wondering why we used `postgres` for the `Host`, read more at
|
|||
[How services are linked to the job](../services/index.md#how-services-are-linked-to-the-job).
|
||||
|
||||
You can also use any other Docker image available on [Docker Hub](https://hub.docker.com/_/postgres).
|
||||
For example, to use PostgreSQL 9.3, the service becomes `postgres:9.3`.
|
||||
For example, to use PostgreSQL 14.3, the service becomes `postgres:14.3`.
|
||||
|
||||
The `postgres` image can accept some environment variables. For more details,
|
||||
see the documentation on [Docker Hub](https://hub.docker.com/_/postgres).
|
||||
|
|
|
@ -134,7 +134,7 @@ applied to many other technical implementations.
|
|||
GitLab is a DevOps platform. We popularize DevOps because it helps companies
|
||||
be more efficient and achieve better results. One important component of
|
||||
DevOps culture is to take ownership over features and code that you are
|
||||
building. It is very difficult to do that when you don’t know how your features
|
||||
building. It is very difficult to do that when you don't know how your features
|
||||
perform and behave in the production environment.
|
||||
|
||||
This is why we want to make our features and code observable. It
|
||||
|
@ -181,7 +181,7 @@ updating, because their feedback might be limited to code style and syntax.
|
|||
Depending on the complexity and impact of a change, assigning the right people
|
||||
to review your changes might be very important.
|
||||
|
||||
If you don’t know who to assign, consult `git blame` or ask in the `#verify`
|
||||
If you don't know who to assign, consult `git blame` or ask in the `#verify`
|
||||
Slack channel (GitLab team members only).
|
||||
|
||||
### Incremental rollouts
|
||||
|
@ -220,7 +220,7 @@ scenario relating to a software being built by one of our [early customers](http
|
|||
|
||||
That would be quite an undesirable outcome of a small bug in GitLab CI/CD status
|
||||
processing. Please take extra care when you are working on CI/CD statuses,
|
||||
we don’t want to implode our Universe!
|
||||
we don't want to implode our Universe!
|
||||
|
||||
This is an extreme and unlikely scenario, but presenting data that is not accurate
|
||||
can potentially cause a myriad of problems through the
|
||||
|
|
|
@ -141,8 +141,8 @@ To remove a page:
|
|||
|
||||
# Title (removed) **(ULTIMATE SELF)**
|
||||
|
||||
This feature was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/351963) in GitLab 14.8
|
||||
and [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/351963) in 15.0.
|
||||
This feature was [deprecated](<link-to-issue>) in GitLab X.Y
|
||||
and [removed](<link-to-issue>) in X.Y.
|
||||
Use [feature X](<link-to-issue>) instead.
|
||||
```
|
||||
|
||||
|
@ -162,12 +162,12 @@ To remove a topic:
|
|||
For the `remove_date`, set a date three months after the release where it was removed.
|
||||
|
||||
```markdown
|
||||
<!--- start_remove The following content will be removed on remove_date: '2023-08-22' -->
|
||||
<!--- start_remove The following content will be removed on remove_date: 'YYYY-MM-DD' -->
|
||||
|
||||
## Title (removed) **(ULTIMATE SELF)**
|
||||
|
||||
This feature was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/351963) in GitLab 14.8
|
||||
and [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/351963) in 15.0.
|
||||
This feature was [deprecated](<link-to-issue>) in GitLab X.Y
|
||||
and [removed](<link-to-issue>) in X.Y.
|
||||
Use [feature X](<link-to-issue>) instead.
|
||||
|
||||
<!--- end_remove -->
|
||||
|
|
|
@ -53,6 +53,6 @@ To add a story:
|
|||
|
||||
## Mock backend APIs
|
||||
|
||||
GitLab’s Storybook uses [MirajeJS](https://miragejs.com/) to mock REST and GraphQL APIs. Storybook shares the MirajeJS server
|
||||
The GitLab Storybook uses [MirajeJS](https://miragejs.com/) to mock REST and GraphQL APIs. Storybook shares the MirajeJS server
|
||||
with the [frontend integration tests](../testing_guide/testing_levels.md#frontend-integration-tests). You can find the MirajeJS
|
||||
configuration files in `spec/frontend_integration/mock_server`.
|
||||
|
|
|
@ -236,7 +236,7 @@ export default {
|
|||
If the extension needs to poll multiple endpoints at the same time, then `fetchMultiData`
|
||||
can be used to return an array of functions. A new `poll` object will be created for each
|
||||
endpoint and they will be polled separately. Once all endpoints are resolved, polling will
|
||||
be stopped and `setCollapsedData` will be called with an array of `response.data`.
|
||||
be stopped and `setCollapsedData` will be called with an array of `response.data`.
|
||||
|
||||
```javascript
|
||||
export default {
|
||||
|
@ -253,7 +253,7 @@ export default {
|
|||
};
|
||||
```
|
||||
|
||||
**Important** The function needs to return a `Promise` that resolves the `response` object.
|
||||
**Important** The function needs to return a `Promise` that resolves the `response` object.
|
||||
The implementation relies on the `POLL-INTERVAL` header to keep polling, therefore it is
|
||||
important not to alter the status code and headers.
|
||||
|
||||
|
|
|
@ -637,14 +637,11 @@ We recommend using the ciphers that Mozilla is providing in their [recommended S
|
|||
- `ECDHE-RSA-AES128-GCM-SHA256`
|
||||
- `ECDHE-ECDSA-AES256-GCM-SHA384`
|
||||
- `ECDHE-RSA-AES256-GCM-SHA384`
|
||||
- `ECDHE-ECDSA-CHACHA20-POLY1305`
|
||||
- `ECDHE-RSA-CHACHA20-POLY1305`
|
||||
|
||||
And the following cipher suites (according to the [RFC 8446](https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.4)) for TLS 1.3:
|
||||
|
||||
- `TLS_AES_128_GCM_SHA256`
|
||||
- `TLS_AES_256_GCM_SHA384`
|
||||
- `TLS_CHACHA20_POLY1305_SHA256`
|
||||
|
||||
*Note*: **Golang** does [not support](https://github.com/golang/go/blob/go1.17/src/crypto/tls/cipher_suites.go#L676) all cipher suites with TLS 1.3.
|
||||
|
||||
|
@ -665,7 +662,7 @@ For **Ruby**, you can use [`HTTParty`](https://github.com/jnunemaker/httparty) a
|
|||
Whenever possible this example should be **avoided** for security purposes:
|
||||
|
||||
```ruby
|
||||
response = HTTParty.get('https://gitlab.com', ssl_version: :TLSv1_3, ciphers: ['TLS_AES_128_GCM_SHA256', 'TLS_AES_256_GCM_SHA384', 'TLS_CHACHA20_POLY1305_SHA256'])
|
||||
response = HTTParty.get('https://gitlab.com', ssl_version: :TLSv1_3, ciphers: ['TLS_AES_128_GCM_SHA256', 'TLS_AES_256_GCM_SHA384'])
|
||||
```
|
||||
|
||||
When using [`GitLab::HTTP`](#gitlab-http-library), the code looks like:
|
||||
|
@ -673,7 +670,7 @@ When using [`GitLab::HTTP`](#gitlab-http-library), the code looks like:
|
|||
This is the **recommended** implementation to avoid security issues such as SSRF:
|
||||
|
||||
```ruby
|
||||
response = GitLab::HTTP.perform_request(Net::HTTP::Get, 'https://gitlab.com', ssl_version: :TLSv1_3, ciphers: ['TLS_AES_128_GCM_SHA256', 'TLS_AES_256_GCM_SHA384', 'TLS_CHACHA20_POLY1305_SHA256'])
|
||||
response = GitLab::HTTP.perform_request(Net::HTTP::Get, 'https://gitlab.com', ssl_version: :TLSv1_3, ciphers: ['TLS_AES_128_GCM_SHA256', 'TLS_AES_256_GCM_SHA384'])
|
||||
```
|
||||
|
||||
##### TLS 1.2
|
||||
|
@ -687,8 +684,6 @@ func secureCipherSuites() []uint16 {
|
|||
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
|
||||
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
|
||||
}
|
||||
```
|
||||
|
||||
|
@ -708,7 +703,7 @@ This example was taken [here](https://gitlab.com/gitlab-org/cluster-integration/
|
|||
For **Ruby**, you can use again [`HTTParty`](https://github.com/jnunemaker/httparty) and specify this time TLS 1.2 version alongside with the recommended ciphers:
|
||||
|
||||
```ruby
|
||||
response = GitLab::HTTP.perform_request(Net::HTTP::Get, 'https://gitlab.com', ssl_version: :TLSv1_2, ciphers: ['ECDHE-ECDSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-ECDSA-AES256-GCM-SHA384', 'ECDHE-RSA-AES256-GCM-SHA384', 'ECDHE-ECDSA-CHACHA20-POLY1305', 'ECDHE-RSA-CHACHA20-POLY1305'])
|
||||
response = GitLab::HTTP.perform_request(Net::HTTP::Get, 'https://gitlab.com', ssl_version: :TLSv1_2, ciphers: ['ECDHE-ECDSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-ECDSA-AES256-GCM-SHA384', 'ECDHE-RSA-AES256-GCM-SHA384'])
|
||||
```
|
||||
|
||||
## GitLab Internal Authorization
|
||||
|
|
|
@ -147,6 +147,19 @@ addr = "localhost:3443"
|
|||
The `certificate` file should contain the concatenation
|
||||
of the server's certificate, any intermediates, and the CA's certificate.
|
||||
|
||||
Metrics endpoints can be configured similarly:
|
||||
|
||||
```toml
|
||||
[metrics_listener]
|
||||
network = "tcp"
|
||||
addr = "localhost:9229"
|
||||
[metrics_listener.tls]
|
||||
certificate = "/path/to/certificate"
|
||||
key = "/path/to/private/key"
|
||||
min_version = "tls1.2"
|
||||
max_version = "tls1.3"
|
||||
```
|
||||
|
||||
## Interaction of authBackend and authSocket
|
||||
|
||||
The interaction between `authBackend` and `authSocket` can be confusing.
|
||||
|
|
|
@ -14,7 +14,7 @@ Advanced Search provides faster search response times and [improved search featu
|
|||
|
||||
### Elasticsearch version requirements
|
||||
|
||||
> Support for Elasticsearch 6.8 was [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/350275) in GitLab 15.0.
|
||||
> Support for Elasticsearch 6.8 was [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/350275) in GitLab 15.0.
|
||||
|
||||
Advanced Search works with the following versions of Elasticsearch.
|
||||
|
||||
|
|
|
@ -179,7 +179,7 @@ If you get this error message while configuring GitLab, the following are possib
|
|||
- The Jenkins instance is at a local address and is not included in the
|
||||
[GitLab installation's allowlist](../security/webhooks.md#allowlist-for-local-requests).
|
||||
- The credentials for the Jenkins instance do not have sufficient access or are invalid.
|
||||
- The **Enable authentication for ‘/project’ end-point** checkbox is not selected in your [Jenkin's plugin configuration](#configure-the-jenkins-server).
|
||||
- The **Enable authentication for `/project` end-point** checkbox is not selected in your [Jenkin's plugin configuration](#configure-the-jenkins-server).
|
||||
|
||||
### Error in merge requests - "Could not connect to the CI server"
|
||||
|
||||
|
|
|
@ -1447,7 +1447,7 @@ To prepare the new server:
|
|||
1. Copy the
|
||||
[SSH host keys](https://superuser.com/questions/532040/copy-ssh-keys-from-one-server-to-another-server/532079#532079)
|
||||
from the old server to avoid man-in-the-middle attack warnings.
|
||||
See [Manually replicate the primary site’s SSH host keys](../administration/geo/replication/configuration.md#step-2-manually-replicate-the-primary-sites-ssh-host-keys) for example steps.
|
||||
See [Manually replicate the primary site's SSH host keys](../administration/geo/replication/configuration.md#step-2-manually-replicate-the-primary-sites-ssh-host-keys) for example steps.
|
||||
1. [Install and configure GitLab](https://about.gitlab.com/install) except
|
||||
[incoming email](../administration/incoming_email.md):
|
||||
1. Install GitLab.
|
||||
|
|
|
@ -87,7 +87,7 @@ Each command has a rate limit of 600 per minute. For example:
|
|||
Because the same commands are shared by `git-upload-pack`, `git pull`, and `git clone`, they share a rate limit.
|
||||
|
||||
The requests/minute threshold for this rate limit is not configurable. Self-managed customers can disable this
|
||||
rate limit by [disabling the feature flag](../administration/feature_flags.md#enable-or-disable-the-feature)
|
||||
rate limit by [disabling the feature flag](../administration/feature_flags.md#enable-or-disable-the-feature)
|
||||
with `Feature.disable(:rate_limit_gitlab_shell)`.
|
||||
|
||||
### Repository archives
|
||||
|
|
|
@ -183,68 +183,63 @@ Find more information on how to apply and renew at
|
|||
|
||||
### GitLab for Open Source
|
||||
|
||||
For qualifying open source projects, the [GitLab for Open Source](https://about.gitlab.com/solutions/open-source/) program provides
|
||||
the top GitLab tier, plus 50,000 CI/CD minutes per month.
|
||||
|
||||
You can find more information about the [program requirements](https://about.gitlab.com/solutions/open-source/join/#requirements),
|
||||
[renewals](https://about.gitlab.com/solutions/open-source/join/#renewals),
|
||||
and benefits on the [GitLab for Open Source application page](https://about.gitlab.com/solutions/open-source/join/).
|
||||
For qualifying open source projects, the [GitLab for Open Source Program](https://about.gitlab.com/solutions/open-source/) provides
|
||||
GitLab Ultimate, plus 50,000 CI/CD minutes per month. For more information, see [program requirements](https://about.gitlab.com/solutions/open-source/join/#requirements), [renewals](https://about.gitlab.com/solutions/open-source/join/#renewals), and [program benefits](https://about.gitlab.com/solutions/open-source/join/).
|
||||
|
||||
If you have any questions, send an email to `opensource@gitlab.com` for assistance.
|
||||
|
||||
#### Verification for Open Source program
|
||||
#### License requirements for GitLab for Open Source Program members
|
||||
|
||||
As part of the [application verification process](https://about.gitlab.com/solutions/open-source/join/), you must upload <b>three screenshots</b>.
|
||||
These are the three screenshots that are needed to qualify you for the GitLab for Open Source program.
|
||||
GitLab for Open Source Program benefits apply to an entire GitLab namespace. To qualify for the GitLab for Open Source Program, **all projects in an applicant's namespace** must carry an [OSI-approved license](https://opensource.org/licenses/).
|
||||
|
||||
To add a license:
|
||||
|
||||
1. On the top bar, select **Menu > Projects** and find your project.
|
||||
1. On the overview page, select **Add LICENSE**. If the license you want is not available as a license template, manually copy the entire, unaltered [text of your chosen license](https://opensource.org/licenses/alphabetical) into the `LICENSE` file. Note that GitLab defaults to **All rights reserved** if users do not perform this action.
|
||||
|
||||
Applicants must add the correct license to each project in their respective groups or namespaces When you're sure you're using OSI-approved licenses for your projects, you can take your screenshots.
|
||||
|
||||
#### Verification for Open Source Program
|
||||
|
||||
As part of the [application verification process](https://about.gitlab.com/solutions/open-source/join/), you must upload **three screenshots**:
|
||||
|
||||
- [OSI-approved license overview](#screenshot-1-license-overview)
|
||||
- [OSI-approved license file](#screenshot-2-license-file)
|
||||
- [OSI-approved license contents](#screenshot-2-license-contents)
|
||||
- [Publicly visible settings](#screenshot-3-publicly-visible-settings)
|
||||
|
||||
##### OSI-approved license
|
||||
|
||||
You must apply an [OSI-approved license](https://opensource.org/licenses/) to each project in your group before you can be verified.
|
||||
|
||||
Add the license to the LICENSE file so that it shows up in the overview section of the project. This allows contributors to see it at a glance.
|
||||
|
||||
It's best to copy and paste the entire license into the file in its original form. GitLab defaults to **All rights reserved** if no license file is mentioned.
|
||||
You must ensure that you add the correct license to each project within your group.
|
||||
|
||||
After you ensure that you are using OSI-approved licenses for your projects, you can take your screenshots.
|
||||
Benefits of the GitLab Open Source Program apply to all projects in a GitLab namespace. All projects in an eligible namespace must meet program requirements. However, if you submit materials for **one project** in your namespace, the open source program team uses that project to verify the contents of the entire namespace you use when applying to the program.
|
||||
|
||||
##### Screenshot 1: License overview
|
||||
|
||||
On the left sidebar, select **Project information > Details**. Take a screenshot that includes a view of the license you've chosen for your project.
|
||||
1. On the top bar, select **Menu > Projects** and find your project.
|
||||
1. On the left sidebar, select your project avatar. If you haven't specified an avatar for your project, the avatar displays as a single letter.
|
||||
1. Take a screenshot of the project overview that clearly displays the license you've chosen for your project.
|
||||
|
||||
![License overview](img/license-overview.png)
|
||||
|
||||
##### Screenshot 2: License file
|
||||
##### Screenshot 2: License contents
|
||||
|
||||
Navigate to one of the license files that you uploaded. You can usually find the license file by selecting **Project information > Details** and scanning the page for the license.
|
||||
Make sure the screenshot includes the title of the license.
|
||||
1. On the top bar, select **Menu > Projects** and find your project.
|
||||
1. On the left sidebar, select **Repository** and locate the project's `LICENSE` file.
|
||||
1. Take a screenshot of the contents of the file. Make sure the screenshot includes the title of the license.
|
||||
|
||||
![License file](img/license-file.png)
|
||||
|
||||
##### Screenshot 3: Publicly visible settings
|
||||
|
||||
The goal of the GitLab for Open Source program is to enable collaboration on open source projects.
|
||||
As a pre-condition to collaboration, people must be able to view the open source project.
|
||||
As a result, we ask that all projects under this license are publicly visible.
|
||||
To be eligible for the GitLab Open Source Program, projects must be publicly visible. To check your project's public visibility settings:
|
||||
|
||||
Follow these instructions to take a screenshot of the publicly visible settings:
|
||||
|
||||
1. Go to your project and select **Settings**.
|
||||
1. Expand **Visibility, project features, permissions**.
|
||||
1. Set **Project Visibility** to **Public**.
|
||||
1. Ensure others can request access by selecting the **Users can request access** checkbox.
|
||||
1. Take the screenshot. Include as much of the publicly visible settings as possible. Make sure to include your project's name in the
|
||||
upper-left of the screenshot.
|
||||
1. On the top bar, select **Menu > Projects** and find your project.
|
||||
1. From the left sidebar, select **Settings > General**.
|
||||
1. Expand **Visibility, project features, permissions**.
|
||||
1. From the **Project visibility** dropdown list, select **Public**.
|
||||
1. Select the **Users can request access** checkbox.
|
||||
1. Take a screenshot of this view. Include as much of the publicly visible settings as possible. Make sure to include your project's name in the upper-left of the screenshot.
|
||||
|
||||
![Publicly visible setting](img/publicly-visible.png)
|
||||
|
||||
NOTE:
|
||||
From time to time, GitLab allows exceptions. One or two projects within a group can be private if there is a legitimate need for it, for example,
|
||||
if a project holds sensitive data. Email `opensource@gitlab.com` with details of your use case to request written permission for exceptions.
|
||||
Exceptions to this public visibility requirement apply in select circumstances (for example, in cases where a project may hold sensitive data). Email `opensource@gitlab.com` with details of your use case to request written permission for exceptions.
|
||||
|
||||
### GitLab for Startups
|
||||
|
||||
|
|
|
@ -315,7 +315,7 @@ The `covfuzz-ci.yml` is the same as that in the [original synchronous example](h
|
|||
|
||||
## FIPS-enabled binary
|
||||
|
||||
[Starting in GitLab 15.0](https://gitlab.com/gitlab-org/gitlab/-/issues/352549) the coverage fuzzing binary is compiled with `golang-fips` on Linux x86 and uses OpenSSL as the cryptographic backend. For more details, see [FIPS compliance at GitLab with Go](../../../development/fips_compliance.md#go).
|
||||
[Starting in GitLab 15.0](https://gitlab.com/gitlab-org/gitlab/-/issues/352549) the coverage fuzzing binary is compiled with `golang-fips` on Linux x86 and uses OpenSSL as the cryptographic backend. For more details, see [FIPS compliance at GitLab with Go](../../../development/fips_compliance.md#go).
|
||||
|
||||
## Offline environment
|
||||
|
||||
|
|
|
@ -333,7 +333,7 @@ Vulnerability rules in an API scan are different than those in a normal website
|
|||
|
||||
A new DAST API scanning engine is available in GitLab 13.12 and later. For more details, see [DAST API scanning engine](../dast_api). The new scanning engine supports REST, SOAP, GraphQL, and generic APIs using forms, XML, and JSON. Testing can be performed using OpenAPI, Postman Collections, and HTTP Archive (HAR) documents.
|
||||
|
||||
The target API instance’s base URL is provided by using the `DAST_API_TARGET_URL` variable or an `environment_url.txt` file.
|
||||
The target API instance's base URL is provided by using the `DAST_API_TARGET_URL` variable or an `environment_url.txt` file.
|
||||
|
||||
#### Specification format
|
||||
|
||||
|
|
|
@ -91,10 +91,10 @@ The Vulnerability Management system automatically moves vulnerabilities from the
|
|||
|
||||
However, you'll see old vulnerabilities re-created based on Semgrep results if:
|
||||
|
||||
- A vulnerability was created by Bandit or SpotBugs and you disable those analyzers. We only recommend disabling Bandit and SpotBugs now if the analyzers aren’t working. Work to automatically translate Bandit and SpotBugs vulnerabilities to Semgrep is tracked in [this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/328062).
|
||||
- A vulnerability was created by Bandit or SpotBugs and you disable those analyzers. We only recommend disabling Bandit and SpotBugs now if the analyzers aren't working. Work to automatically translate Bandit and SpotBugs vulnerabilities to Semgrep is tracked in [this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/328062).
|
||||
- A vulnerability was created by ESLint, Gosec, or Flawfinder in a default-branch pipeline where Semgrep scanning did not run successfully (before Semgrep coverage was introduced for the language, because you disabled Semgrep explicitly, or because the Semgrep scan failed in that pipeline). We do not currently plan to combine these vulnerabilities if they already exist.
|
||||
|
||||
When a vulnerability is re-created, the original vulnerability is marked as “no longer detected” in the Vulnerability Report.
|
||||
When a vulnerability is re-created, the original vulnerability is marked as "no longer detected" in the Vulnerability Report.
|
||||
A new vulnerability is then created based on the Semgrep finding.
|
||||
|
||||
### Activating Semgrep-based scanning early
|
||||
|
|
|
@ -13,7 +13,7 @@ The whitepaper ["A Seismic Shift in Application Security"](https://about.gitlab.
|
|||
explains how 4 of the top 6 attacks were application based. Download it to learn how to protect your
|
||||
organization.
|
||||
|
||||
If you’re using [GitLab CI/CD](../../../ci/index.md), you can use Static Application Security
|
||||
If you're using [GitLab CI/CD](../../../ci/index.md), you can use Static Application Security
|
||||
Testing (SAST) to check your source code for known vulnerabilities. You can run SAST analyzers in
|
||||
any GitLab tier. The analyzers output JSON-formatted reports as job artifacts.
|
||||
|
||||
|
|
|
@ -35,7 +35,7 @@ To read more about what is planned for the future, see [issue 2256](https://gitl
|
|||
|
||||
Customer relations management features must be enabled at the group level. If your
|
||||
group also contains subgroups, and you want to use CRM features in the subgroup,
|
||||
you must enable CRM features for the subgroup.
|
||||
you must enable CRM features for the subgroup.
|
||||
|
||||
To enable customer relations management in a group or subgroup:
|
||||
|
||||
|
|
|
@ -36,7 +36,7 @@ You can use group access tokens:
|
|||
- Consider [disabling group access tokens](#enable-or-disable-group-access-token-creation) to
|
||||
lower potential abuse.
|
||||
|
||||
You cannot use group access tokens to create other access tokens.
|
||||
You cannot use group access tokens to create other group, project, or personal access tokens.
|
||||
|
||||
Group access tokens inherit the [default prefix setting](../../admin_area/settings/account_and_limit_settings.md#personal-access-token-prefix)
|
||||
configured for personal access tokens.
|
||||
|
|
|
@ -57,7 +57,7 @@ In your Auto DevOps project, you can use the GitLab agent to connect with your K
|
|||
- Add a key called `KUBE_INGRESS_BASE_DOMAIN` with the application deployment domain as the value.
|
||||
- Add a key called `KUBE_CONTEXT` with a value like `path/to/agent/project:agent-name`.
|
||||
Select the environment scope of your choice.
|
||||
If you are not sure what your agent’s context is, edit your `.gitlab-ci.yml` file and add a job to see the available contexts:
|
||||
If you are not sure what your agent's context is, edit your `.gitlab-ci.yml` file and add a job to see the available contexts:
|
||||
|
||||
```yaml
|
||||
deploy:
|
||||
|
|
|
@ -73,8 +73,8 @@ There are three different causes for the error:
|
|||
|
||||
- In GitLab 15.0, templates use [`rules`](../../../ci/yaml/index.md#rules) syntax
|
||||
instead of [`only/except`](../../../ci/yaml/index.md#only--except).
|
||||
Ensure the syntax in your `.gitlab-ci.yml` file does not include both.
|
||||
|
||||
Ensure the syntax in your `.gitlab-ci.yml` file does not include both.
|
||||
|
||||
#### Use an older version of the template
|
||||
|
||||
Breaking changes can occur during major releases. If you encounter a breaking change or want to use an older version of a template, you can update your `.gitlab-ci.yml` to refer to an older one. For example:
|
||||
|
|
|
@ -164,7 +164,7 @@ Splats also match empty strings, so the previous rule redirects
|
|||
### Rewrite all requests to a root `index.html`
|
||||
|
||||
NOTE:
|
||||
If you are using [GitLab Pages integration with Let’s Encrypt](custom_domains_ssl_tls_certification/lets_encrypt_integration.md),
|
||||
If you are using [GitLab Pages integration with Let's Encrypt](custom_domains_ssl_tls_certification/lets_encrypt_integration.md),
|
||||
you must enable it before adding this rule. Otherwise, the redirection breaks the Let's Encrypt
|
||||
integration. For more details, see
|
||||
[GitLab Pages issue 649](https://gitlab.com/gitlab-org/gitlab-pages/-/issues/649).
|
||||
|
|
|
@ -146,7 +146,7 @@ You can set description templates at various levels:
|
|||
- A specific [group or subgroup](description_templates.md#set-group-level-description-templates).
|
||||
- A specific [project](description_templates.md#set-a-default-template-for-merge-requests-and-issues).
|
||||
|
||||
The templates are inherited. For example, in a project, you can also access templates set for the instance or the project’s parent groups.
|
||||
The templates are inherited. For example, in a project, you can also access templates set for the instance or the project's parent groups.
|
||||
|
||||
To use a custom description template with Service Desk:
|
||||
|
||||
|
|
|
@ -36,7 +36,7 @@ You can use project access tokens:
|
|||
- Consider [disabling project access tokens](#enable-or-disable-project-access-token-creation) to
|
||||
lower potential abuse.
|
||||
|
||||
You cannot use project access tokens to create other access tokens.
|
||||
You cannot use project access tokens to create other group, project, or personal access tokens.
|
||||
|
||||
Project access tokens inherit the [default prefix setting](../../admin_area/settings/account_and_limit_settings.md#personal-access-token-prefix)
|
||||
configured for personal access tokens.
|
||||
|
|
|
@ -1096,7 +1096,7 @@ module API
|
|||
requires :credit_card_mask_number, type: String, desc: 'The last 4 digits of credit card number'
|
||||
requires :credit_card_type, type: String, desc: 'The credit card network name'
|
||||
end
|
||||
put ":user_id/credit_card_validation", feature_category: :purchase do
|
||||
put ":user_id/credit_card_validation", urgency: :low, feature_category: :purchase do
|
||||
authenticated_as_admin!
|
||||
|
||||
user = find_user(params[:user_id])
|
||||
|
|
|
@ -203,8 +203,13 @@ module Gitlab
|
|||
# This does not look at literal connection names, but rather compares
|
||||
# models that are holders for a given db_config_name
|
||||
def self.gitlab_schemas_for_connection(connection)
|
||||
db_name = self.db_config_name(connection)
|
||||
primary_model = self.database_base_models.fetch(db_name.to_sym)
|
||||
db_config = self.db_config_for_connection(connection)
|
||||
|
||||
# connection might not be yet adopted (returning NullPool, and no connection_klass)
|
||||
# in such cases it is fine to ignore such connections
|
||||
return unless db_config
|
||||
|
||||
primary_model = self.database_base_models.fetch(db_config.name.to_sym)
|
||||
|
||||
self.schemas_to_base_models.select do |_, child_models|
|
||||
child_models.any? do |child_model|
|
||||
|
|
|
@ -0,0 +1,24 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'spec_helper'
|
||||
|
||||
RSpec.describe 'top nav tooltips', :js do
|
||||
let_it_be(:user) { create(:user) }
|
||||
|
||||
before do
|
||||
sign_in(user)
|
||||
visit explore_projects_path
|
||||
end
|
||||
|
||||
it 'clicking new dropdown hides tooltip', :aggregate_failures do
|
||||
btn = '#js-onboarding-new-project-link'
|
||||
|
||||
page.find(btn).hover
|
||||
|
||||
expect(page).to have_content('New...')
|
||||
|
||||
page.find(btn).click
|
||||
|
||||
expect(page).not_to have_content('New...')
|
||||
end
|
||||
end
|
|
@ -64,6 +64,16 @@ describe('DiffLineNoteForm', () => {
|
|||
expect(confirmAction).toHaveBeenCalled();
|
||||
});
|
||||
|
||||
it('should only ask for confirmation once', () => {
|
||||
// Never resolve so we can test what happens when triggered while "confirmAction" is loading
|
||||
confirmAction.mockImplementation(() => new Promise(() => {}));
|
||||
|
||||
findNoteForm().vm.$emit('cancelForm', true, true);
|
||||
findNoteForm().vm.$emit('cancelForm', true, true);
|
||||
|
||||
expect(confirmAction).toHaveBeenCalledTimes(1);
|
||||
});
|
||||
|
||||
it('should not ask for confirmation when one of the params false', () => {
|
||||
confirmAction.mockResolvedValueOnce(false);
|
||||
|
||||
|
|
|
@ -49,6 +49,7 @@ RSpec.describe Mutations::Ci::Runner::Update do
|
|||
{
|
||||
id: runner.to_global_id,
|
||||
description: 'updated description',
|
||||
maintenance_note: 'updated maintenance note',
|
||||
maximum_timeout: 900,
|
||||
access_level: 'ref_protected',
|
||||
active: false,
|
||||
|
@ -84,6 +85,16 @@ RSpec.describe Mutations::Ci::Runner::Update do
|
|||
)
|
||||
end
|
||||
end
|
||||
|
||||
context 'with too long maintenance note' do
|
||||
it 'returns a descriptive error' do
|
||||
mutation_params[:maintenance_note] = '1' * 1025
|
||||
|
||||
expect(subject[:errors]).to contain_exactly(
|
||||
'Maintenance note is too long (maximum is 1024 characters)'
|
||||
)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -222,10 +222,6 @@ RSpec.describe Gitlab::Database do
|
|||
end
|
||||
|
||||
describe '.gitlab_schemas_for_connection' do
|
||||
it 'does raise exception for invalid connection' do
|
||||
expect { described_class.gitlab_schemas_for_connection(:invalid) }.to raise_error /key not found: "unknown"/
|
||||
end
|
||||
|
||||
it 'does return a valid schema depending on a base model used', :request_store do
|
||||
# FF due to lib/gitlab/database/load_balancing/configuration.rb:92
|
||||
stub_feature_flags(force_no_sharing_primary_model: true)
|
||||
|
@ -282,6 +278,15 @@ RSpec.describe Gitlab::Database do
|
|||
end
|
||||
end
|
||||
end
|
||||
|
||||
it 'does return empty for non-adopted connections' do
|
||||
new_connection = ActiveRecord::Base.postgresql_connection(
|
||||
ActiveRecord::Base.connection_db_config.configuration_hash)
|
||||
|
||||
expect(described_class.gitlab_schemas_for_connection(new_connection)).to be_nil
|
||||
ensure
|
||||
new_connection&.disconnect!
|
||||
end
|
||||
end
|
||||
|
||||
describe '#true_value' do
|
||||
|
|
|
@ -47,6 +47,15 @@ certificate = "/path/to/certificate"
|
|||
key = "/path/to/private/key"
|
||||
min_version = "tls1.1"
|
||||
max_version = "tls1.2"
|
||||
[[listeners]]
|
||||
network = "tcp"
|
||||
addr = "localhost:3444"
|
||||
[metrics_listener]
|
||||
network = "tcp"
|
||||
addr = "localhost:3445"
|
||||
[metrics_listener.tls]
|
||||
certificate = "/path/to/certificate"
|
||||
key = "/path/to/private/key"
|
||||
`
|
||||
_, err = io.WriteString(f, data)
|
||||
require.NoError(t, err)
|
||||
|
@ -66,14 +75,69 @@ max_version = "tls1.2"
|
|||
require.Equal(t, []string{"10.0.0.1/8"}, cfg.TrustedCIDRsForPropagation)
|
||||
require.Equal(t, 60*time.Second, cfg.ShutdownTimeout.Duration)
|
||||
|
||||
require.Len(t, cfg.Listeners, 1)
|
||||
listener := cfg.Listeners[0]
|
||||
require.Equal(t, "/path/to/certificate", listener.Tls.Certificate)
|
||||
require.Equal(t, "/path/to/private/key", listener.Tls.Key)
|
||||
require.Equal(t, "tls1.1", listener.Tls.MinVersion)
|
||||
require.Equal(t, "tls1.2", listener.Tls.MaxVersion)
|
||||
require.Equal(t, "tcp", listener.Network)
|
||||
require.Equal(t, "localhost:3443", listener.Addr)
|
||||
listenerConfigs := []config.ListenerConfig{
|
||||
{
|
||||
Network: "tcp",
|
||||
Addr: "localhost:3445",
|
||||
Tls: &config.TlsConfig{
|
||||
Certificate: "/path/to/certificate",
|
||||
Key: "/path/to/private/key",
|
||||
},
|
||||
},
|
||||
{
|
||||
Network: "tcp",
|
||||
Addr: "localhost:3443",
|
||||
Tls: &config.TlsConfig{
|
||||
Certificate: "/path/to/certificate",
|
||||
Key: "/path/to/private/key",
|
||||
MinVersion: "tls1.1",
|
||||
MaxVersion: "tls1.2",
|
||||
},
|
||||
},
|
||||
{
|
||||
Network: "tcp",
|
||||
Addr: "localhost:3444",
|
||||
},
|
||||
}
|
||||
|
||||
require.Len(t, cfg.Listeners, 2)
|
||||
require.NotNil(t, cfg.MetricsListener)
|
||||
|
||||
for i, cfg := range []config.ListenerConfig{*cfg.MetricsListener, cfg.Listeners[0], cfg.Listeners[1]} {
|
||||
require.Equal(t, listenerConfigs[i].Network, cfg.Network)
|
||||
require.Equal(t, listenerConfigs[i].Addr, cfg.Addr)
|
||||
}
|
||||
|
||||
for i, cfg := range []config.ListenerConfig{*cfg.MetricsListener, cfg.Listeners[0]} {
|
||||
require.Equal(t, listenerConfigs[i].Tls.Certificate, cfg.Tls.Certificate)
|
||||
require.Equal(t, listenerConfigs[i].Tls.Key, cfg.Tls.Key)
|
||||
require.Equal(t, listenerConfigs[i].Tls.MinVersion, cfg.Tls.MinVersion)
|
||||
require.Equal(t, listenerConfigs[i].Tls.MaxVersion, cfg.Tls.MaxVersion)
|
||||
}
|
||||
|
||||
require.Nil(t, cfg.Listeners[1].Tls)
|
||||
}
|
||||
|
||||
func TestTwoMetricsAddrsAreSpecifiedError(t *testing.T) {
|
||||
f, err := ioutil.TempFile("", "workhorse-config-test")
|
||||
require.NoError(t, err)
|
||||
defer os.Remove(f.Name())
|
||||
|
||||
data := `
|
||||
[metrics_listener]
|
||||
network = "tcp"
|
||||
addr = "localhost:3445"
|
||||
`
|
||||
_, err = io.WriteString(f, data)
|
||||
require.NoError(t, err)
|
||||
require.NoError(t, f.Close())
|
||||
|
||||
args := []string{
|
||||
"-config", f.Name(),
|
||||
"-prometheusListenAddr", "prometheus listen addr",
|
||||
}
|
||||
_, _, err = buildConfig("test", args)
|
||||
require.EqualError(t, err, "configFile: both prometheusListenAddr and metrics_listener can't be specified")
|
||||
}
|
||||
|
||||
func TestConfigErrorHelp(t *testing.T) {
|
||||
|
@ -215,6 +279,7 @@ func TestConfigFlagParsing(t *testing.T) {
|
|||
APICILongPollingDuration: 234 * time.Second,
|
||||
PropagateCorrelationID: true,
|
||||
ImageResizerConfig: config.DefaultImageResizerConfig,
|
||||
MetricsListener: &config.ListenerConfig{Network: "tcp", Addr: "prometheus listen addr"},
|
||||
}
|
||||
require.Equal(t, expectedCfg, cfg)
|
||||
}
|
||||
|
|
|
@ -120,6 +120,7 @@ type Config struct {
|
|||
TrustedCIDRsForXForwardedFor []string `toml:"trusted_cidrs_for_x_forwarded_for"`
|
||||
TrustedCIDRsForPropagation []string `toml:"trusted_cidrs_for_propagation"`
|
||||
Listeners []ListenerConfig `toml:"listeners"`
|
||||
MetricsListener *ListenerConfig `toml:"metrics_listener"`
|
||||
}
|
||||
|
||||
var DefaultImageResizerConfig = ImageResizerConfig{
|
||||
|
|
|
@ -149,6 +149,14 @@ func buildConfig(arg0 string, args []string) (*bootConfig, *config.Config, error
|
|||
return nil, nil, fmt.Errorf("configFile: %v", err)
|
||||
}
|
||||
|
||||
cfg.MetricsListener = cfgFromFile.MetricsListener
|
||||
if boot.prometheusListenAddr != "" {
|
||||
if cfg.MetricsListener != nil {
|
||||
return nil, nil, fmt.Errorf("configFile: both prometheusListenAddr and metrics_listener can't be specified")
|
||||
}
|
||||
cfg.MetricsListener = &config.ListenerConfig{Network: "tcp", Addr: boot.prometheusListenAddr}
|
||||
}
|
||||
|
||||
cfg.Redis = cfgFromFile.Redis
|
||||
cfg.ObjectStorageCredentials = cfgFromFile.ObjectStorageCredentials
|
||||
cfg.ImageResizerConfig = cfgFromFile.ImageResizerConfig
|
||||
|
@ -196,11 +204,10 @@ func run(boot bootConfig, cfg config.Config) error {
|
|||
}
|
||||
|
||||
monitoringOpts := []monitoring.Option{monitoring.WithBuildInformation(Version, BuildTime)}
|
||||
|
||||
if boot.prometheusListenAddr != "" {
|
||||
l, err := net.Listen("tcp", boot.prometheusListenAddr)
|
||||
if cfg.MetricsListener != nil {
|
||||
l, err := newListener("metrics", *cfg.MetricsListener)
|
||||
if err != nil {
|
||||
return fmt.Errorf("prometheusListenAddr: %v", err)
|
||||
return err
|
||||
}
|
||||
monitoringOpts = append(monitoringOpts, monitoring.WithListener(l))
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue