kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2022-05-20 18:07:48 +00:00
parent 6997e3f3d0
commit e32f083f49
54 changed files with 296 additions and 149 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
app/assets/javascripts/diffs/components/diff_line_note_form.vue
View File

@ -3,6 +3,7 @@ import { mapState, mapGetters, mapActions } from 'vuex';
import { s__, __ } from '~/locale';
import diffLineNoteFormMixin from '~/notes/mixins/diff_line_note_form';
import { confirmAction } from '~/lib/utils/confirm_via_gl_modal/confirm_via_gl_modal';
import { ignoreWhilePending } from '~/lib/utils/ignore_while_pending';
import glFeatureFlagsMixin from '~/vue_shared/mixins/gl_feature_flags_mixin';
import MultilineCommentForm from '~/notes/components/multiline_comment_form.vue';
import { commentLineOptions, formatLineRange } from '~/notes/components/multiline_comment_utils';
@ -175,7 +176,10 @@ export default {
'saveDiffDiscussion',
'setSuggestPopoverDismissed',
]),
async handleCancelCommentForm(shouldConfirm, isDirty) {
handleCancelCommentForm: ignoreWhilePending(async function handleCancelCommentForm(
shouldConfirm,
isDirty,
) {
if (shouldConfirm && isDirty) {
const msg = s__('Notes|Are you sure you want to cancel creating this comment?');
@ -195,7 +199,7 @@ export default {
this.$nextTick(() => {
this.resetAutoSave();
});
},
}),
handleSaveNote(note) {
return this.saveDiffDiscussion({ note, formData: this.formData }).then(() =>
this.handleCancelCommentForm(),

7
app/assets/javascripts/main.js
View File

@ -299,3 +299,10 @@ if (flashContainer && flashContainer.children.length) {
$('.gl-show-field-errors').each((i, form) => new GlFieldErrors(form));
requestIdleCallback(deferredInitialisation);
// initialize hiding of tooltip after clicking on dropdown's links and buttons
document
.querySelectorAll('a[data-toggle="dropdown"], button[data-toggle="dropdown"]')
.forEach((element) => {
element.addEventListener('click', () => tooltips.hide(element));
});

4
app/assets/stylesheets/notify_enhanced.scss
View File

@ -32,10 +32,6 @@ body {
font-size: inherit;
}
a {
text-decoration: none;
}
.gl-mb-5 {
@include gl-mb-5;
}

4
app/assets/stylesheets/pages/merge_requests.scss
View File

@ -218,10 +218,6 @@ $tabs-holder-z-index: 250;
.epic-tabs-holder {
top: $header-height;
z-index: $tabs-holder-z-index;
margin-left: -$gl-padding;
margin-right: -$gl-padding;
padding-left: $gl-padding;
padding-right: $gl-padding;
background-color: $body-bg;
border-bottom: 1px solid $border-color;

26
app/assets/stylesheets/utilities.scss
View File

@ -367,29 +367,3 @@ to @gitlab/ui by https://gitlab.com/gitlab-org/gitlab-ui/-/issues/1709
-webkit-backdrop-filter: blur(2px); // still required by Safari
}
/*
* The below style will be moved to @gitlab/ui by
* https://gitlab.com/gitlab-org/gitlab-ui/-/issues/1792
*/
.gl-text-purple-800 {
color: $purple-800;
}
.gl-bg-theme-indigo-800 {
background-color: $theme-indigo-800;
}
.gl-border-indigo-700 {
border-color: $theme-indigo-700;
}
.gl-border-gray-75 {
border-color: $gl-text-color-quaternary;
}
.gl-min-h-8 {
min-height: $gl-spacing-scale-8;
}
/* End gitlab-ui#1751 */

4
app/graphql/mutations/ci/runner/update.rb
View File

@ -18,6 +18,10 @@ module Mutations
required: false,
description: 'Description of the runner.'
argument :maintenance_note, GraphQL::Types::String,
required: false,
description: 'Runner\'s maintenance notes.'
argument :maximum_timeout, GraphQL::Types::Int,
required: false,
description: 'Maximum timeout (in seconds) for jobs processed by the runner.'

4
app/views/layouts/notify.html.haml
View File

@ -5,6 +5,10 @@
GitLab
- if Feature.enabled?(:enhanced_notify_css)
= stylesheet_link_tag 'notify_enhanced'
%style{ type: 'text/css', 'data-premailer': 'ignore' }
-# The MUA automatically turns some text into links.
-# Match the color of explicit links ($blue-600 from typography.scss).
a { color: #1068bf; }
- else
= stylesheet_link_tag 'notify'
= yield :head

4
app/views/layouts/service_desk.html.haml
View File

@ -7,6 +7,10 @@
-# haml-lint:enable NoPlainNodes
- if Feature.enabled?(:enhanced_notify_css)
= stylesheet_link_tag 'notify_enhanced'
%style{ type: 'text/css', 'data-premailer': 'ignore' }
-# The MUA automatically turns some text into links.
-# Match the color of explicit links ($blue-600 from typography.scss).
a { color: #1068bf; }
- else
= stylesheet_link_tag 'notify'
= yield :head

2
data/whats_new/templates/YYYYMMDD0001_XX_YY.yml
View File

@ -25,7 +25,7 @@
stage: # String value of the stage that the feature was created in. e.g., Growth
self-managed: # Boolean value (true or false)
gitlab-com: # Boolean value (true or false)
packages: # Array of strings. The Array brackets are required here. e.g., [Core, Starter, Premium, Ultimate]
packages: # Array of strings. The Array brackets are required here. e.g., [Free, Premium, Ultimate]
url: # This is the documentation URL, but can be a URL to a video if there is one
image_url: # This should be a full URL, generally taken from the release post content. If a video, use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
published_at: # YYYY-MM-DD

11
db/post_migrate/20220516100652_drop_compliance_management_frameworks_regulated.rb Normal file
View File

@ -0,0 +1,11 @@
# frozen_string_literal: true
class DropComplianceManagementFrameworksRegulated < Gitlab::Database::Migration[2.0]
def up
remove_column :compliance_management_frameworks, :regulated
end
def down
add_column :compliance_management_frameworks, :regulated, :boolean, default: true
end
end

1
db/schema_migrations/20220516100652 Normal file
View File

@ -0,0 +1 @@
ee255f9340fe64793636217a5115c368e0bd067cba057bb58aa78f370efae423

1
db/structure.sql
View File

@ -13777,7 +13777,6 @@ CREATE TABLE compliance_management_frameworks (
description text NOT NULL,
color text NOT NULL,
namespace_id integer NOT NULL,
regulated boolean DEFAULT true NOT NULL,
pipeline_configuration_full_path text,
CONSTRAINT check_08cd34b2c2 CHECK ((char_length(color) <= 10)),
CONSTRAINT check_1617e0b87e CHECK ((char_length(description) <= 255)),

15
doc/.vale/gitlab/Uppercase.yml
View File

@ -14,6 +14,7 @@ first: '\b([A-Z]{3,5})\b'
second: '(?:\b[A-Z][a-z]+ )+\(([A-Z]{3,5})\)'
# ... with the exception of these:
exceptions:
- AAAA
- AJAX
- ANSI
- API
@ -30,14 +31,19 @@ exceptions:
- CLI
- CNA
- CNAME
- CNCF
- CORE
- CORS
- CPU
- CRIME
- CRM
- CSRF
- CSS
- CSV
- CWE
- CVE
- CVS
- CVSS
- DAG
- DAST
- DHCP
@ -81,6 +87,7 @@ exceptions:
- HEAD
- HIPAA
- HLL
- HSTS
- HTML
- HTTP
- HTTPS
@ -90,6 +97,7 @@ exceptions:
- ICO
- IDE
- IID
- IIS
- IMAP
- IOPS
- IRC
@ -105,6 +113,7 @@ exceptions:
- LESS
- LFS
- LRU
- LSIF
- LTM
- LTS
- MIME
@ -117,6 +126,7 @@ exceptions:
- NOTE
- NPM
- NTP
- OKD
- ONLY
- OSS
- OTP
@ -165,20 +175,25 @@ exceptions:
- SHA
- SLA
- SLI
- SLO
- SMS
- SMTP
- SOAP
- SOC
- SOX
- SPDX
- SPDY
- SPF
- SQL
- SRE
- SRV
- SSD
- SSG
- SSH
- SSL
- SSO
- STI
- SUSE
- SVG
- SVN
- TCP

2
doc/administration/auditor_users.md
View File

@ -14,7 +14,7 @@ Users with auditor access have read-only access to all groups, projects, and oth
For more information, see [Auditor user permissions and restrictions](#auditor-user-permissions-and-restrictions)
section.
Situations where auditor access for users could be helpful include:
Situations where auditor access for users could be helpful include:
- Your compliance department wants to run tests against the entire GitLab base
to ensure users are complying with password, credit card, and other sensitive

6
doc/administration/inactive_project_deletion.md
View File

@ -9,13 +9,13 @@ info: To determine the technical writer assigned to the Stage/Group associated w
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/85689) in GitLab 15.0 [with a flag](../administration/feature_flags.md) named `inactive_projects_deletion`. Disabled by default.
FLAG:
On self-managed GitLab, by default this feature is not available. To make it available, ask an administrator to
On self-managed GitLab, by default this feature is not available. To make it available, ask an administrator to
[enable the feature flag](../administration/feature_flags.md) named `inactive_projects_deletion`.
On GitLab.com, this feature is not available. This feature is not ready for production use.
Administrators of large GitLab instances can find that over time, projects become inactive and are no longer used.
These projects take up unnecessary disk space. With inactive project deletion, you can identify these projects, warn
the maintainers ahead of time, and then delete the projects if they remain inactive. When an inactive project is
These projects take up unnecessary disk space. With inactive project deletion, you can identify these projects, warn
the maintainers ahead of time, and then delete the projects if they remain inactive. When an inactive project is
deleted, the action generates an audit event that it was performed by the first active administrator.
## Configure inactive project deletion

2
doc/administration/packages/container_registry.md
View File

@ -1180,7 +1180,7 @@ Reference: <https://docs.docker.com/registry/spec/auth/token/>
### Communication between GitLab and Registry
Registry doesnt have a way to authenticate users internally so it relies on
Registry doesn't have a way to authenticate users internally so it relies on
GitLab to validate credentials. The connection between Registry and GitLab is
TLS encrypted. The key is used by GitLab to sign the tokens while the certificate
is used by Registry to validate the signature. By default, a self-signed certificate key pair is generated

1
doc/api/graphql/reference/index.md
View File

@ -4283,6 +4283,7 @@ Input type: `RunnerUpdateInput`
| <a id="mutationrunnerupdatedescription"></a>`description` | [`String`](#string) | Description of the runner. |
| <a id="mutationrunnerupdateid"></a>`id` | [`CiRunnerID!`](#cirunnerid) | ID of the runner to update. |
| <a id="mutationrunnerupdatelocked"></a>`locked` | [`Boolean`](#boolean) | Indicates the runner is locked. |
| <a id="mutationrunnerupdatemaintenancenote"></a>`maintenanceNote` | [`String`](#string) | Runner's maintenance notes. |
| <a id="mutationrunnerupdatemaximumtimeout"></a>`maximumTimeout` | [`Int`](#int) | Maximum timeout (in seconds) for jobs processed by the runner. |
| <a id="mutationrunnerupdatepaused"></a>`paused` | [`Boolean`](#boolean) | Indicates the runner is not allowed to receive jobs. |
| <a id="mutationrunnerupdateprivateprojectsminutescostfactor"></a>`privateProjectsMinutesCostFactor` | [`Float`](#float) | Private projects' "minutes cost factor" associated with the runner (GitLab.com only). |

16
doc/architecture/blueprints/runner_scaling/index.md
View File

@ -36,7 +36,7 @@ rapid growth of CI/CD adoption on GitLab.com.
We can not, however, continue using Docker Machine. Work on that project [was
paused in July 2018](https://github.com/docker/machine/issues/4537) and there
was no development made since that time (except for some highly important
security fixes). In 2018, after Docker Machine entered the “maintenance mode”,
security fixes). In 2018, after Docker Machine entered the "maintenance mode",
we decided to create [our own fork](https://gitlab.com/gitlab-org/ci-cd/docker-machine)
to be able to keep using this and ship fixes and updates needed for our use case.
[On September 26th, 2021 the project got archived](https://github.com/docker/docker.github.io/commit/2dc8b49dcbe85686cc7230e17aff8e9944cb47a5)
@ -48,7 +48,7 @@ new mechanism for GitLab Runner auto-scaling. It not only needs to support
auto-scaling, but it also needs to do that in the way to enable us to build on
top of it to improve efficiency, reliability and availability.
We call this new mechanism the “next GitLab Runner Scaling architecture”.
We call this new mechanism the "next GitLab Runner Scaling architecture".
_Disclaimer The following contain information related to upcoming products,
features, and functionality._
@ -82,11 +82,11 @@ about how people are using Docker Machine right now, and it seems that GitLab
CI is one of the most frequent reasons for people to keep using Docker Machine.
There is also an opportunity in being able to optionally run multiple jobs in a
single, larger virtual machine. We cant do that today, but we know that this
single, larger virtual machine. We can't do that today, but we know that this
can potentially significantly improve efficiency. We might want to build a new
architecture that makes it easier and allows us to test how efficient it is
with PoCs. Running multiple jobs on a single machine can also make it possible
to reuse what we call a “sticky context” - a space for build artifacts / user
to reuse what we call a "sticky context" - a space for build artifacts / user
data that can be shared between job runs.
### 💡 Design a simple abstraction that users will be able to build on top of
@ -165,7 +165,7 @@ sequence diagram.
![GitLab Runner Autoscaling Overview](gitlab-autoscaling-overview.png)
On the diagrams above we see that currently a GitLab Runner Manager runs on a
machine that has access to a cloud providers API. It is using Docker Machine
machine that has access to a cloud provider's API. It is using Docker Machine
to provision new Virtual Machines with Docker Engine installed and it
configures the Docker daemon there to allow external authenticated requests. It
stores credentials to such ephemeral Docker environments on disk. Once a
@ -186,8 +186,8 @@ through os/exec system calls.
Thanks to the custom executor abstraction there is no more need to implement
new executors internally in Runner. Users who have specific needs can implement
their own drivers and dont need to wait for us to make their work part of the
“official” GitLab Runner. As each driver is a separate project, it also makes
their own drivers and don't need to wait for us to make their work part of the
"official" GitLab Runner. As each driver is a separate project, it also makes
it easier to create communities around them, where interested people can
collaborate together on improvements and bug fixes.
@ -197,7 +197,7 @@ provide a context and an environment in which a build will be executed by one
of the Custom Executors.
There are multiple solutions to implementing a custom provider abstraction. We
can use raw Go plugins, Hashcorps Go Plugin, HTTP interface or gRPC based
can use raw Go plugins, Hashcorp's Go Plugin, HTTP interface or gRPC based
facade service. There are many solutions, and we want to choose the most
optimal one. In order to do that, we will describe the solutions in a separate
document, define requirements and score the solution accordingly. This will

4
doc/ci/docker/using_docker_images.md
View File

@ -112,7 +112,7 @@ For example, the following two definitions are equal:
image: "registry.example.com/my/image:latest"
services:
- postgresql:9.4
- postgresql:14.3
- redis:latest
```
@ -124,7 +124,7 @@ For example, the following two definitions are equal:
name: "registry.example.com/my/image:latest"
services:
- name: postgresql:9.4
- name: postgresql:14.3
- name: redis:latest
```

2
doc/ci/pipelines/cicd_minutes.md
View File

@ -200,7 +200,7 @@ GitLab SaaS shared runners have different cost factors, depending on the runner
| GitLab SaaS runner type | Virtual machine configuration | CI/CD minutes cost factor |
| :--------- | :------------------- | :--------- |
| Linux OS + Docker executor| 1 vCPU, 3.75 GB RAM |1|
| macOS + shell executor | 4 vCPU, 10 GB RAM| 6 |
| macOS + shell executor | 4 vCPU, 10 GB RAM| 6 |
### Monthly reset of CI/CD minutes

2
doc/ci/runners/saas/macos/codesigning.md
View File

@ -61,7 +61,7 @@ To use fastlane to code sign your application:
get_provisioning_profile
# match(type: "appstore",read_only: true)
gym
upload_to_testflight
upload_to_testflight
end
end
```

2
doc/ci/services/index.md
View File

@ -201,7 +201,7 @@ end-to-end-tests:
alias: firefox
- name: registry.gitlab.com/organization/private-api:latest
alias: backend-api
- postgres:9.6.19
- postgres:14.3
variables:
FF_NETWORK_PER_BUILD: 1
POSTGRES_PASSWORD: supersecretpassword

2
doc/ci/services/postgres.md
View File

@ -46,7 +46,7 @@ If you're wondering why we used `postgres` for the `Host`, read more at
[How services are linked to the job](../services/index.md#how-services-are-linked-to-the-job).
You can also use any other Docker image available on [Docker Hub](https://hub.docker.com/_/postgres).
For example, to use PostgreSQL 9.3, the service becomes `postgres:9.3`.
For example, to use PostgreSQL 14.3, the service becomes `postgres:14.3`.
The `postgres` image can accept some environment variables. For more details,
see the documentation on [Docker Hub](https://hub.docker.com/_/postgres).

6
doc/development/contributing/verify/index.md
View File

@ -134,7 +134,7 @@ applied to many other technical implementations.
GitLab is a DevOps platform. We popularize DevOps because it helps companies
be more efficient and achieve better results. One important component of
DevOps culture is to take ownership over features and code that you are
building. It is very difficult to do that when you dont know how your features
building. It is very difficult to do that when you don't know how your features
perform and behave in the production environment.
This is why we want to make our features and code observable. It
@ -181,7 +181,7 @@ updating, because their feedback might be limited to code style and syntax.
Depending on the complexity and impact of a change, assigning the right people
to review your changes might be very important.
If you dont know who to assign, consult `git blame` or ask in the `#verify`
If you don't know who to assign, consult `git blame` or ask in the `#verify`
Slack channel (GitLab team members only).
### Incremental rollouts
@ -220,7 +220,7 @@ scenario relating to a software being built by one of our [early customers](http
That would be quite an undesirable outcome of a small bug in GitLab CI/CD status
processing. Please take extra care when you are working on CI/CD statuses,
we dont want to implode our Universe!
we don't want to implode our Universe!
This is an extreme and unlikely scenario, but presenting data that is not accurate
can potentially cause a myriad of problems through the

10
doc/development/documentation/versions.md
View File

@ -141,8 +141,8 @@ To remove a page:
# Title (removed) **(ULTIMATE SELF)**
This feature was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/351963) in GitLab 14.8
and [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/351963) in 15.0.
This feature was [deprecated](<link-to-issue>) in GitLab X.Y
and [removed](<link-to-issue>) in X.Y.
Use [feature X](<link-to-issue>) instead.
```
@ -162,12 +162,12 @@ To remove a topic:
For the `remove_date`, set a date three months after the release where it was removed.
```markdown
<!--- start_remove The following content will be removed on remove_date: '2023-08-22' -->
<!--- start_remove The following content will be removed on remove_date: 'YYYY-MM-DD' -->
## Title (removed) **(ULTIMATE SELF)**
This feature was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/351963) in GitLab 14.8
and [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/351963) in 15.0.
This feature was [deprecated](<link-to-issue>) in GitLab X.Y
and [removed](<link-to-issue>) in X.Y.
Use [feature X](<link-to-issue>) instead.
<!--- end_remove -->

2
doc/development/fe_guide/storybook.md
View File

@ -53,6 +53,6 @@ To add a story:
## Mock backend APIs
GitLabs Storybook uses [MirajeJS](https://miragejs.com/) to mock REST and GraphQL APIs. Storybook shares the MirajeJS server
The GitLab Storybook uses [MirajeJS](https://miragejs.com/) to mock REST and GraphQL APIs. Storybook shares the MirajeJS server
with the [frontend integration tests](../testing_guide/testing_levels.md#frontend-integration-tests). You can find the MirajeJS
configuration files in `spec/frontend_integration/mock_server`.

4
doc/development/new_fe_guide/modules/widget_extensions.md
View File

@ -236,7 +236,7 @@ export default {
If the extension needs to poll multiple endpoints at the same time, then `fetchMultiData`
can be used to return an array of functions. A new `poll` object will be created for each
endpoint and they will be polled separately. Once all endpoints are resolved, polling will
be stopped and `setCollapsedData` will be called with an array of `response.data`.
be stopped and `setCollapsedData` will be called with an array of `response.data`.
```javascript
export default {
@ -253,7 +253,7 @@ export default {
};
```
**Important** The function needs to return a `Promise` that resolves the `response` object.
**Important** The function needs to return a `Promise` that resolves the `response` object.
The implementation relies on the `POLL-INTERVAL` header to keep polling, therefore it is
important not to alter the status code and headers.

11
doc/development/secure_coding_guidelines.md
View File

@ -637,14 +637,11 @@ We recommend using the ciphers that Mozilla is providing in their [recommended S
- `ECDHE-RSA-AES128-GCM-SHA256`
- `ECDHE-ECDSA-AES256-GCM-SHA384`
- `ECDHE-RSA-AES256-GCM-SHA384`
- `ECDHE-ECDSA-CHACHA20-POLY1305`
- `ECDHE-RSA-CHACHA20-POLY1305`
And the following cipher suites (according to the [RFC 8446](https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.4)) for TLS 1.3:
- `TLS_AES_128_GCM_SHA256`
- `TLS_AES_256_GCM_SHA384`
- `TLS_CHACHA20_POLY1305_SHA256`
*Note*: **Golang** does [not support](https://github.com/golang/go/blob/go1.17/src/crypto/tls/cipher_suites.go#L676) all cipher suites with TLS 1.3.
@ -665,7 +662,7 @@ For **Ruby**, you can use [`HTTParty`](https://github.com/jnunemaker/httparty) a
Whenever possible this example should be **avoided** for security purposes:
```ruby
response = HTTParty.get('https://gitlab.com', ssl_version: :TLSv1_3, ciphers: ['TLS_AES_128_GCM_SHA256', 'TLS_AES_256_GCM_SHA384', 'TLS_CHACHA20_POLY1305_SHA256'])
response = HTTParty.get('https://gitlab.com', ssl_version: :TLSv1_3, ciphers: ['TLS_AES_128_GCM_SHA256', 'TLS_AES_256_GCM_SHA384'])
```
When using [`GitLab::HTTP`](#gitlab-http-library), the code looks like:
@ -673,7 +670,7 @@ When using [`GitLab::HTTP`](#gitlab-http-library), the code looks like:
This is the **recommended** implementation to avoid security issues such as SSRF:
```ruby
response = GitLab::HTTP.perform_request(Net::HTTP::Get, 'https://gitlab.com', ssl_version: :TLSv1_3, ciphers: ['TLS_AES_128_GCM_SHA256', 'TLS_AES_256_GCM_SHA384', 'TLS_CHACHA20_POLY1305_SHA256'])
response = GitLab::HTTP.perform_request(Net::HTTP::Get, 'https://gitlab.com', ssl_version: :TLSv1_3, ciphers: ['TLS_AES_128_GCM_SHA256', 'TLS_AES_256_GCM_SHA384'])
```
##### TLS 1.2
@ -687,8 +684,6 @@ func secureCipherSuites() []uint16 {
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
}
```
@ -708,7 +703,7 @@ This example was taken [here](https://gitlab.com/gitlab-org/cluster-integration/
For **Ruby**, you can use again [`HTTParty`](https://github.com/jnunemaker/httparty) and specify this time TLS 1.2 version alongside with the recommended ciphers:
```ruby
response = GitLab::HTTP.perform_request(Net::HTTP::Get, 'https://gitlab.com', ssl_version: :TLSv1_2, ciphers: ['ECDHE-ECDSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-ECDSA-AES256-GCM-SHA384', 'ECDHE-RSA-AES256-GCM-SHA384', 'ECDHE-ECDSA-CHACHA20-POLY1305', 'ECDHE-RSA-CHACHA20-POLY1305'])
response = GitLab::HTTP.perform_request(Net::HTTP::Get, 'https://gitlab.com', ssl_version: :TLSv1_2, ciphers: ['ECDHE-ECDSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-ECDSA-AES256-GCM-SHA384', 'ECDHE-RSA-AES256-GCM-SHA384'])
```
## GitLab Internal Authorization

13
doc/development/workhorse/configuration.md
View File

@ -147,6 +147,19 @@ addr = "localhost:3443"
The `certificate` file should contain the concatenation
of the server's certificate, any intermediates, and the CA's certificate.
Metrics endpoints can be configured similarly:
```toml
[metrics_listener]
network = "tcp"
addr = "localhost:9229"
[metrics_listener.tls]
certificate = "/path/to/certificate"
key = "/path/to/private/key"
min_version = "tls1.2"
max_version = "tls1.3"
```
## Interaction of authBackend and authSocket
The interaction between `authBackend` and `authSocket` can be confusing.

2
doc/integration/elasticsearch.md
View File

@ -14,7 +14,7 @@ Advanced Search provides faster search response times and [improved search featu
### Elasticsearch version requirements
> Support for Elasticsearch 6.8 was [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/350275) in GitLab 15.0.
> Support for Elasticsearch 6.8 was [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/350275) in GitLab 15.0.
Advanced Search works with the following versions of Elasticsearch.

2
doc/integration/jenkins.md
View File

@ -179,7 +179,7 @@ If you get this error message while configuring GitLab, the following are possib
- The Jenkins instance is at a local address and is not included in the
[GitLab installation's allowlist](../security/webhooks.md#allowlist-for-local-requests).
- The credentials for the Jenkins instance do not have sufficient access or are invalid.
- The **Enable authentication for /project end-point** checkbox is not selected in your [Jenkin's plugin configuration](#configure-the-jenkins-server).
- The **Enable authentication for `/project` end-point** checkbox is not selected in your [Jenkin's plugin configuration](#configure-the-jenkins-server).
### Error in merge requests - "Could not connect to the CI server"

2
doc/raketasks/backup_restore.md
View File

@ -1447,7 +1447,7 @@ To prepare the new server:
1. Copy the
[SSH host keys](https://superuser.com/questions/532040/copy-ssh-keys-from-one-server-to-another-server/532079#532079)
from the old server to avoid man-in-the-middle attack warnings.
See [Manually replicate the primary sites SSH host keys](../administration/geo/replication/configuration.md#step-2-manually-replicate-the-primary-sites-ssh-host-keys) for example steps.
See [Manually replicate the primary site's SSH host keys](../administration/geo/replication/configuration.md#step-2-manually-replicate-the-primary-sites-ssh-host-keys) for example steps.
1. [Install and configure GitLab](https://about.gitlab.com/install) except
[incoming email](../administration/incoming_email.md):
1. Install GitLab.

2
doc/security/rate_limits.md
View File

@ -87,7 +87,7 @@ Each command has a rate limit of 600 per minute. For example:
Because the same commands are shared by `git-upload-pack`, `git pull`, and `git clone`, they share a rate limit.
The requests/minute threshold for this rate limit is not configurable. Self-managed customers can disable this
rate limit by [disabling the feature flag](../administration/feature_flags.md#enable-or-disable-the-feature)
rate limit by [disabling the feature flag](../administration/feature_flags.md#enable-or-disable-the-feature)
with `Feature.disable(:rate_limit_gitlab_shell)`.
### Repository archives

69
doc/subscriptions/index.md
View File

@ -183,68 +183,63 @@ Find more information on how to apply and renew at
### GitLab for Open Source
For qualifying open source projects, the [GitLab for Open Source](https://about.gitlab.com/solutions/open-source/) program provides
the top GitLab tier, plus 50,000 CI/CD minutes per month.
You can find more information about the [program requirements](https://about.gitlab.com/solutions/open-source/join/#requirements),
[renewals](https://about.gitlab.com/solutions/open-source/join/#renewals),
and benefits on the [GitLab for Open Source application page](https://about.gitlab.com/solutions/open-source/join/).
For qualifying open source projects, the [GitLab for Open Source Program](https://about.gitlab.com/solutions/open-source/) provides
GitLab Ultimate, plus 50,000 CI/CD minutes per month. For more information, see [program requirements](https://about.gitlab.com/solutions/open-source/join/#requirements), [renewals](https://about.gitlab.com/solutions/open-source/join/#renewals), and [program benefits](https://about.gitlab.com/solutions/open-source/join/).
If you have any questions, send an email to `opensource@gitlab.com` for assistance.
#### Verification for Open Source program
#### License requirements for GitLab for Open Source Program members
As part of the [application verification process](https://about.gitlab.com/solutions/open-source/join/), you must upload <b>three screenshots</b>.
These are the three screenshots that are needed to qualify you for the GitLab for Open Source program.
GitLab for Open Source Program benefits apply to an entire GitLab namespace. To qualify for the GitLab for Open Source Program, **all projects in an applicant's namespace** must carry an [OSI-approved license](https://opensource.org/licenses/).
To add a license:
1. On the top bar, select **Menu > Projects** and find your project.
1. On the overview page, select **Add LICENSE**. If the license you want is not available as a license template, manually copy the entire, unaltered [text of your chosen license](https://opensource.org/licenses/alphabetical) into the `LICENSE` file. Note that GitLab defaults to **All rights reserved** if users do not perform this action.
Applicants must add the correct license to each project in their respective groups or namespaces When you're sure you're using OSI-approved licenses for your projects, you can take your screenshots.
#### Verification for Open Source Program
As part of the [application verification process](https://about.gitlab.com/solutions/open-source/join/), you must upload **three screenshots**:
- [OSI-approved license overview](#screenshot-1-license-overview)
- [OSI-approved license file](#screenshot-2-license-file)
- [OSI-approved license contents](#screenshot-2-license-contents)
- [Publicly visible settings](#screenshot-3-publicly-visible-settings)
##### OSI-approved license
You must apply an [OSI-approved license](https://opensource.org/licenses/) to each project in your group before you can be verified.
Add the license to the LICENSE file so that it shows up in the overview section of the project. This allows contributors to see it at a glance.
It's best to copy and paste the entire license into the file in its original form. GitLab defaults to **All rights reserved** if no license file is mentioned.
You must ensure that you add the correct license to each project within your group.
After you ensure that you are using OSI-approved licenses for your projects, you can take your screenshots.
Benefits of the GitLab Open Source Program apply to all projects in a GitLab namespace. All projects in an eligible namespace must meet program requirements. However, if you submit materials for **one project** in your namespace, the open source program team uses that project to verify the contents of the entire namespace you use when applying to the program.
##### Screenshot 1: License overview
On the left sidebar, select **Project information > Details**. Take a screenshot that includes a view of the license you've chosen for your project.
1. On the top bar, select **Menu > Projects** and find your project.
1. On the left sidebar, select your project avatar. If you haven't specified an avatar for your project, the avatar displays as a single letter.
1. Take a screenshot of the project overview that clearly displays the license you've chosen for your project.
![License overview](img/license-overview.png)
##### Screenshot 2: License file
##### Screenshot 2: License contents
Navigate to one of the license files that you uploaded. You can usually find the license file by selecting **Project information > Details** and scanning the page for the license.
Make sure the screenshot includes the title of the license.
1. On the top bar, select **Menu > Projects** and find your project.
1. On the left sidebar, select **Repository** and locate the project's `LICENSE` file.
1. Take a screenshot of the contents of the file. Make sure the screenshot includes the title of the license.
![License file](img/license-file.png)
##### Screenshot 3: Publicly visible settings
The goal of the GitLab for Open Source program is to enable collaboration on open source projects.
As a pre-condition to collaboration, people must be able to view the open source project.
As a result, we ask that all projects under this license are publicly visible.
To be eligible for the GitLab Open Source Program, projects must be publicly visible. To check your project's public visibility settings:
Follow these instructions to take a screenshot of the publicly visible settings:
1. Go to your project and select **Settings**.
1. Expand **Visibility, project features, permissions**.
1. Set **Project Visibility** to **Public**.
1. Ensure others can request access by selecting the **Users can request access** checkbox.
1. Take the screenshot. Include as much of the publicly visible settings as possible. Make sure to include your project's name in the
upper-left of the screenshot.
1. On the top bar, select **Menu > Projects** and find your project.
1. From the left sidebar, select **Settings > General**.
1. Expand **Visibility, project features, permissions**.
1. From the **Project visibility** dropdown list, select **Public**.
1. Select the **Users can request access** checkbox.
1. Take a screenshot of this view. Include as much of the publicly visible settings as possible. Make sure to include your project's name in the upper-left of the screenshot.
![Publicly visible setting](img/publicly-visible.png)
NOTE:
From time to time, GitLab allows exceptions. One or two projects within a group can be private if there is a legitimate need for it, for example,
if a project holds sensitive data. Email `opensource@gitlab.com` with details of your use case to request written permission for exceptions.
Exceptions to this public visibility requirement apply in select circumstances (for example, in cases where a project may hold sensitive data). Email `opensource@gitlab.com` with details of your use case to request written permission for exceptions.
### GitLab for Startups

2
doc/user/application_security/coverage_fuzzing/index.md
View File

@ -315,7 +315,7 @@ The `covfuzz-ci.yml` is the same as that in the [original synchronous example](h
## FIPS-enabled binary
[Starting in GitLab 15.0](https://gitlab.com/gitlab-org/gitlab/-/issues/352549) the coverage fuzzing binary is compiled with `golang-fips` on Linux x86 and uses OpenSSL as the cryptographic backend. For more details, see [FIPS compliance at GitLab with Go](../../../development/fips_compliance.md#go).
[Starting in GitLab 15.0](https://gitlab.com/gitlab-org/gitlab/-/issues/352549) the coverage fuzzing binary is compiled with `golang-fips` on Linux x86 and uses OpenSSL as the cryptographic backend. For more details, see [FIPS compliance at GitLab with Go](../../../development/fips_compliance.md#go).
## Offline environment

2
doc/user/application_security/dast/index.md
View File

@ -333,7 +333,7 @@ Vulnerability rules in an API scan are different than those in a normal website
A new DAST API scanning engine is available in GitLab 13.12 and later. For more details, see [DAST API scanning engine](../dast_api). The new scanning engine supports REST, SOAP, GraphQL, and generic APIs using forms, XML, and JSON. Testing can be performed using OpenAPI, Postman Collections, and HTTP Archive (HAR) documents.
The target API instances base URL is provided by using the `DAST_API_TARGET_URL` variable or an `environment_url.txt` file.
The target API instance's base URL is provided by using the `DAST_API_TARGET_URL` variable or an `environment_url.txt` file.
#### Specification format

4
doc/user/application_security/sast/analyzers.md
View File

@ -91,10 +91,10 @@ The Vulnerability Management system automatically moves vulnerabilities from the
However, you'll see old vulnerabilities re-created based on Semgrep results if:
- A vulnerability was created by Bandit or SpotBugs and you disable those analyzers. We only recommend disabling Bandit and SpotBugs now if the analyzers arent working. Work to automatically translate Bandit and SpotBugs vulnerabilities to Semgrep is tracked in [this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/328062).
- A vulnerability was created by Bandit or SpotBugs and you disable those analyzers. We only recommend disabling Bandit and SpotBugs now if the analyzers aren't working. Work to automatically translate Bandit and SpotBugs vulnerabilities to Semgrep is tracked in [this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/328062).
- A vulnerability was created by ESLint, Gosec, or Flawfinder in a default-branch pipeline where Semgrep scanning did not run successfully (before Semgrep coverage was introduced for the language, because you disabled Semgrep explicitly, or because the Semgrep scan failed in that pipeline). We do not currently plan to combine these vulnerabilities if they already exist.
When a vulnerability is re-created, the original vulnerability is marked as “no longer detected” in the Vulnerability Report.
When a vulnerability is re-created, the original vulnerability is marked as "no longer detected" in the Vulnerability Report.
A new vulnerability is then created based on the Semgrep finding.
### Activating Semgrep-based scanning early

2
doc/user/application_security/sast/index.md
View File

@ -13,7 +13,7 @@ The whitepaper ["A Seismic Shift in Application Security"](https://about.gitlab.
explains how 4 of the top 6 attacks were application based. Download it to learn how to protect your
organization.
If youre using [GitLab CI/CD](../../../ci/index.md), you can use Static Application Security
If you're using [GitLab CI/CD](../../../ci/index.md), you can use Static Application Security
Testing (SAST) to check your source code for known vulnerabilities. You can run SAST analyzers in
any GitLab tier. The analyzers output JSON-formatted reports as job artifacts.

2
doc/user/crm/index.md
View File

@ -35,7 +35,7 @@ To read more about what is planned for the future, see [issue 2256](https://gitl
Customer relations management features must be enabled at the group level. If your
group also contains subgroups, and you want to use CRM features in the subgroup,
you must enable CRM features for the subgroup.
you must enable CRM features for the subgroup.
To enable customer relations management in a group or subgroup:

2
doc/user/group/settings/group_access_tokens.md
View File

@ -36,7 +36,7 @@ You can use group access tokens:
- Consider [disabling group access tokens](#enable-or-disable-group-access-token-creation) to
lower potential abuse.
You cannot use group access tokens to create other access tokens.
You cannot use group access tokens to create other group, project, or personal access tokens.
Group access tokens inherit the [default prefix setting](../../admin_area/settings/account_and_limit_settings.md#personal-access-token-prefix)
configured for personal access tokens.

2
doc/user/infrastructure/clusters/migrate_to_gitlab_agent.md
View File

@ -57,7 +57,7 @@ In your Auto DevOps project, you can use the GitLab agent to connect with your K
- Add a key called `KUBE_INGRESS_BASE_DOMAIN` with the application deployment domain as the value.
- Add a key called `KUBE_CONTEXT` with a value like `path/to/agent/project:agent-name`.
Select the environment scope of your choice.
If you are not sure what your agents context is, edit your `.gitlab-ci.yml` file and add a job to see the available contexts:
If you are not sure what your agent's context is, edit your `.gitlab-ci.yml` file and add a job to see the available contexts:
```yaml
deploy:

4
doc/user/infrastructure/iac/troubleshooting.md
View File

@ -73,8 +73,8 @@ There are three different causes for the error:
- In GitLab 15.0, templates use [`rules`](../../../ci/yaml/index.md#rules) syntax
instead of [`only/except`](../../../ci/yaml/index.md#only--except).
Ensure the syntax in your `.gitlab-ci.yml` file does not include both.
Ensure the syntax in your `.gitlab-ci.yml` file does not include both.
#### Use an older version of the template
Breaking changes can occur during major releases. If you encounter a breaking change or want to use an older version of a template, you can update your `.gitlab-ci.yml` to refer to an older one. For example:

2
doc/user/project/pages/redirects.md
View File

@ -164,7 +164,7 @@ Splats also match empty strings, so the previous rule redirects
### Rewrite all requests to a root `index.html`
NOTE:
If you are using [GitLab Pages integration with Lets Encrypt](custom_domains_ssl_tls_certification/lets_encrypt_integration.md),
If you are using [GitLab Pages integration with Let's Encrypt](custom_domains_ssl_tls_certification/lets_encrypt_integration.md),
you must enable it before adding this rule. Otherwise, the redirection breaks the Let's Encrypt
integration. For more details, see
[GitLab Pages issue 649](https://gitlab.com/gitlab-org/gitlab-pages/-/issues/649).

2
doc/user/project/service_desk.md
View File

@ -146,7 +146,7 @@ You can set description templates at various levels:
- A specific [group or subgroup](description_templates.md#set-group-level-description-templates).
- A specific [project](description_templates.md#set-a-default-template-for-merge-requests-and-issues).
The templates are inherited. For example, in a project, you can also access templates set for the instance or the projects parent groups.
The templates are inherited. For example, in a project, you can also access templates set for the instance or the project's parent groups.
To use a custom description template with Service Desk:

2
doc/user/project/settings/project_access_tokens.md
View File

@ -36,7 +36,7 @@ You can use project access tokens:
- Consider [disabling project access tokens](#enable-or-disable-project-access-token-creation) to
lower potential abuse.
You cannot use project access tokens to create other access tokens.
You cannot use project access tokens to create other group, project, or personal access tokens.
Project access tokens inherit the [default prefix setting](../../admin_area/settings/account_and_limit_settings.md#personal-access-token-prefix)
configured for personal access tokens.

2
lib/api/users.rb
View File

@ -1096,7 +1096,7 @@ module API
requires :credit_card_mask_number, type: String, desc: 'The last 4 digits of credit card number'
requires :credit_card_type, type: String, desc: 'The credit card network name'
end
put ":user_id/credit_card_validation", feature_category: :purchase do
put ":user_id/credit_card_validation", urgency: :low, feature_category: :purchase do
authenticated_as_admin!
user = find_user(params[:user_id])

9
lib/gitlab/database.rb
View File

@ -203,8 +203,13 @@ module Gitlab
# This does not look at literal connection names, but rather compares
# models that are holders for a given db_config_name
def self.gitlab_schemas_for_connection(connection)
db_name = self.db_config_name(connection)
primary_model = self.database_base_models.fetch(db_name.to_sym)
db_config = self.db_config_for_connection(connection)
# connection might not be yet adopted (returning NullPool, and no connection_klass)
# in such cases it is fine to ignore such connections
return unless db_config
primary_model = self.database_base_models.fetch(db_config.name.to_sym)
self.schemas_to_base_models.select do |_, child_models|
child_models.any? do |child_model|

24
spec/features/nav/top_nav_tooltip_spec.rb Normal file
View File

@ -0,0 +1,24 @@
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe 'top nav tooltips', :js do
let_it_be(:user) { create(:user) }
before do
sign_in(user)
visit explore_projects_path
end
it 'clicking new dropdown hides tooltip', :aggregate_failures do
btn = '#js-onboarding-new-project-link'
page.find(btn).hover
expect(page).to have_content('New...')
page.find(btn).click
expect(page).not_to have_content('New...')
end
end

10
spec/frontend/diffs/components/diff_line_note_form_spec.js
View File

@ -64,6 +64,16 @@ describe('DiffLineNoteForm', () => {
expect(confirmAction).toHaveBeenCalled();
});
it('should only ask for confirmation once', () => {
// Never resolve so we can test what happens when triggered while "confirmAction" is loading
confirmAction.mockImplementation(() => new Promise(() => {}));
findNoteForm().vm.$emit('cancelForm', true, true);
findNoteForm().vm.$emit('cancelForm', true, true);
expect(confirmAction).toHaveBeenCalledTimes(1);
});
it('should not ask for confirmation when one of the params false', () => {
confirmAction.mockResolvedValueOnce(false);

11
spec/graphql/mutations/ci/runner/update_spec.rb
View File

@ -49,6 +49,7 @@ RSpec.describe Mutations::Ci::Runner::Update do
{
id: runner.to_global_id,
description: 'updated description',
maintenance_note: 'updated maintenance note',
maximum_timeout: 900,
access_level: 'ref_protected',
active: false,
@ -84,6 +85,16 @@ RSpec.describe Mutations::Ci::Runner::Update do
)
end
end
context 'with too long maintenance note' do
it 'returns a descriptive error' do
mutation_params[:maintenance_note] = '1' * 1025
expect(subject[:errors]).to contain_exactly(
'Maintenance note is too long (maximum is 1024 characters)'
)
end
end
end
end
end

13
spec/lib/gitlab/database_spec.rb
View File

@ -222,10 +222,6 @@ RSpec.describe Gitlab::Database do
end
describe '.gitlab_schemas_for_connection' do
it 'does raise exception for invalid connection' do
expect { described_class.gitlab_schemas_for_connection(:invalid) }.to raise_error /key not found: "unknown"/
end
it 'does return a valid schema depending on a base model used', :request_store do
# FF due to lib/gitlab/database/load_balancing/configuration.rb:92
stub_feature_flags(force_no_sharing_primary_model: true)
@ -282,6 +278,15 @@ RSpec.describe Gitlab::Database do
end
end
end
it 'does return empty for non-adopted connections' do
new_connection = ActiveRecord::Base.postgresql_connection(
ActiveRecord::Base.connection_db_config.configuration_hash)
expect(described_class.gitlab_schemas_for_connection(new_connection)).to be_nil
ensure
new_connection&.disconnect!
end
end
describe '#true_value' do

81
workhorse/config_test.go
View File

@ -47,6 +47,15 @@ certificate = "/path/to/certificate"
key = "/path/to/private/key"
min_version = "tls1.1"
max_version = "tls1.2"
[[listeners]]
network = "tcp"
addr = "localhost:3444"
[metrics_listener]
network = "tcp"
addr = "localhost:3445"
[metrics_listener.tls]
certificate = "/path/to/certificate"
key = "/path/to/private/key"
`
_, err = io.WriteString(f, data)
require.NoError(t, err)
@ -66,14 +75,69 @@ max_version = "tls1.2"
require.Equal(t, []string{"10.0.0.1/8"}, cfg.TrustedCIDRsForPropagation)
require.Equal(t, 60*time.Second, cfg.ShutdownTimeout.Duration)
require.Len(t, cfg.Listeners, 1)
listener := cfg.Listeners[0]
require.Equal(t, "/path/to/certificate", listener.Tls.Certificate)
require.Equal(t, "/path/to/private/key", listener.Tls.Key)
require.Equal(t, "tls1.1", listener.Tls.MinVersion)
require.Equal(t, "tls1.2", listener.Tls.MaxVersion)
require.Equal(t, "tcp", listener.Network)
require.Equal(t, "localhost:3443", listener.Addr)
listenerConfigs := []config.ListenerConfig{
{
Network: "tcp",
Addr: "localhost:3445",
Tls: &config.TlsConfig{
Certificate: "/path/to/certificate",
Key: "/path/to/private/key",
},
},
{
Network: "tcp",
Addr: "localhost:3443",
Tls: &config.TlsConfig{
Certificate: "/path/to/certificate",
Key: "/path/to/private/key",
MinVersion: "tls1.1",
MaxVersion: "tls1.2",
},
},
{
Network: "tcp",
Addr: "localhost:3444",
},
}
require.Len(t, cfg.Listeners, 2)
require.NotNil(t, cfg.MetricsListener)
for i, cfg := range []config.ListenerConfig{*cfg.MetricsListener, cfg.Listeners[0], cfg.Listeners[1]} {
require.Equal(t, listenerConfigs[i].Network, cfg.Network)
require.Equal(t, listenerConfigs[i].Addr, cfg.Addr)
}
for i, cfg := range []config.ListenerConfig{*cfg.MetricsListener, cfg.Listeners[0]} {
require.Equal(t, listenerConfigs[i].Tls.Certificate, cfg.Tls.Certificate)
require.Equal(t, listenerConfigs[i].Tls.Key, cfg.Tls.Key)
require.Equal(t, listenerConfigs[i].Tls.MinVersion, cfg.Tls.MinVersion)
require.Equal(t, listenerConfigs[i].Tls.MaxVersion, cfg.Tls.MaxVersion)
}
require.Nil(t, cfg.Listeners[1].Tls)
}
func TestTwoMetricsAddrsAreSpecifiedError(t *testing.T) {
f, err := ioutil.TempFile("", "workhorse-config-test")
require.NoError(t, err)
defer os.Remove(f.Name())
data := `
[metrics_listener]
network = "tcp"
addr = "localhost:3445"
`
_, err = io.WriteString(f, data)
require.NoError(t, err)
require.NoError(t, f.Close())
args := []string{
"-config", f.Name(),
"-prometheusListenAddr", "prometheus listen addr",
}
_, _, err = buildConfig("test", args)
require.EqualError(t, err, "configFile: both prometheusListenAddr and metrics_listener can't be specified")
}
func TestConfigErrorHelp(t *testing.T) {
@ -215,6 +279,7 @@ func TestConfigFlagParsing(t *testing.T) {
APICILongPollingDuration: 234 * time.Second,
PropagateCorrelationID: true,
ImageResizerConfig: config.DefaultImageResizerConfig,
MetricsListener: &config.ListenerConfig{Network: "tcp", Addr: "prometheus listen addr"},
}
require.Equal(t, expectedCfg, cfg)
}

1
workhorse/internal/config/config.go
View File

@ -120,6 +120,7 @@ type Config struct {
TrustedCIDRsForXForwardedFor []string `toml:"trusted_cidrs_for_x_forwarded_for"`
TrustedCIDRsForPropagation []string `toml:"trusted_cidrs_for_propagation"`
Listeners []ListenerConfig `toml:"listeners"`
MetricsListener *ListenerConfig `toml:"metrics_listener"`
}
var DefaultImageResizerConfig = ImageResizerConfig{

15
workhorse/main.go
View File

@ -149,6 +149,14 @@ func buildConfig(arg0 string, args []string) (*bootConfig, *config.Config, error
return nil, nil, fmt.Errorf("configFile: %v", err)
}
cfg.MetricsListener = cfgFromFile.MetricsListener
if boot.prometheusListenAddr != "" {
if cfg.MetricsListener != nil {
return nil, nil, fmt.Errorf("configFile: both prometheusListenAddr and metrics_listener can't be specified")
}
cfg.MetricsListener = &config.ListenerConfig{Network: "tcp", Addr: boot.prometheusListenAddr}
}
cfg.Redis = cfgFromFile.Redis
cfg.ObjectStorageCredentials = cfgFromFile.ObjectStorageCredentials
cfg.ImageResizerConfig = cfgFromFile.ImageResizerConfig
@ -196,11 +204,10 @@ func run(boot bootConfig, cfg config.Config) error {
}
monitoringOpts := []monitoring.Option{monitoring.WithBuildInformation(Version, BuildTime)}
if boot.prometheusListenAddr != "" {
l, err := net.Listen("tcp", boot.prometheusListenAddr)
if cfg.MetricsListener != nil {
l, err := newListener("metrics", *cfg.MetricsListener)
if err != nil {
return fmt.Errorf("prometheusListenAddr: %v", err)
return err
}
monitoringOpts = append(monitoringOpts, monitoring.WithListener(l))
}