diff --git a/app/assets/javascripts/diffs/components/diff_line_note_form.vue b/app/assets/javascripts/diffs/components/diff_line_note_form.vue index a2f0e2c2653..ebc68bafb9a 100644 --- a/app/assets/javascripts/diffs/components/diff_line_note_form.vue +++ b/app/assets/javascripts/diffs/components/diff_line_note_form.vue @@ -3,6 +3,7 @@ import { mapState, mapGetters, mapActions } from 'vuex'; import { s__, __ } from '~/locale'; import diffLineNoteFormMixin from '~/notes/mixins/diff_line_note_form'; import { confirmAction } from '~/lib/utils/confirm_via_gl_modal/confirm_via_gl_modal'; +import { ignoreWhilePending } from '~/lib/utils/ignore_while_pending'; import glFeatureFlagsMixin from '~/vue_shared/mixins/gl_feature_flags_mixin'; import MultilineCommentForm from '~/notes/components/multiline_comment_form.vue'; import { commentLineOptions, formatLineRange } from '~/notes/components/multiline_comment_utils'; @@ -175,7 +176,10 @@ export default { 'saveDiffDiscussion', 'setSuggestPopoverDismissed', ]), - async handleCancelCommentForm(shouldConfirm, isDirty) { + handleCancelCommentForm: ignoreWhilePending(async function handleCancelCommentForm( + shouldConfirm, + isDirty, + ) { if (shouldConfirm && isDirty) { const msg = s__('Notes|Are you sure you want to cancel creating this comment?'); @@ -195,7 +199,7 @@ export default { this.$nextTick(() => { this.resetAutoSave(); }); - }, + }), handleSaveNote(note) { return this.saveDiffDiscussion({ note, formData: this.formData }).then(() => this.handleCancelCommentForm(), diff --git a/app/assets/javascripts/main.js b/app/assets/javascripts/main.js index 2f3cdc525a7..e3e8efdd771 100644 --- a/app/assets/javascripts/main.js +++ b/app/assets/javascripts/main.js @@ -299,3 +299,10 @@ if (flashContainer && flashContainer.children.length) { $('.gl-show-field-errors').each((i, form) => new GlFieldErrors(form)); requestIdleCallback(deferredInitialisation); + +// initialize hiding of tooltip after clicking on dropdown's links and buttons +document + .querySelectorAll('a[data-toggle="dropdown"], button[data-toggle="dropdown"]') + .forEach((element) => { + element.addEventListener('click', () => tooltips.hide(element)); + }); diff --git a/app/assets/stylesheets/notify_enhanced.scss b/app/assets/stylesheets/notify_enhanced.scss index a366498ea03..b331d997a97 100644 --- a/app/assets/stylesheets/notify_enhanced.scss +++ b/app/assets/stylesheets/notify_enhanced.scss @@ -32,10 +32,6 @@ body { font-size: inherit; } -a { - text-decoration: none; -} - .gl-mb-5 { @include gl-mb-5; } diff --git a/app/assets/stylesheets/pages/merge_requests.scss b/app/assets/stylesheets/pages/merge_requests.scss index 0d3ed0e7c71..543ae1df1af 100644 --- a/app/assets/stylesheets/pages/merge_requests.scss +++ b/app/assets/stylesheets/pages/merge_requests.scss @@ -218,10 +218,6 @@ $tabs-holder-z-index: 250; .epic-tabs-holder { top: $header-height; z-index: $tabs-holder-z-index; - margin-left: -$gl-padding; - margin-right: -$gl-padding; - padding-left: $gl-padding; - padding-right: $gl-padding; background-color: $body-bg; border-bottom: 1px solid $border-color; diff --git a/app/assets/stylesheets/utilities.scss b/app/assets/stylesheets/utilities.scss index fd85ff894a7..815a41d1e99 100644 --- a/app/assets/stylesheets/utilities.scss +++ b/app/assets/stylesheets/utilities.scss @@ -367,29 +367,3 @@ to @gitlab/ui by https://gitlab.com/gitlab-org/gitlab-ui/-/issues/1709 -webkit-backdrop-filter: blur(2px); // still required by Safari } -/* - * The below style will be moved to @gitlab/ui by - * https://gitlab.com/gitlab-org/gitlab-ui/-/issues/1792 - */ -.gl-text-purple-800 { - color: $purple-800; -} - -.gl-bg-theme-indigo-800 { - background-color: $theme-indigo-800; -} - -.gl-border-indigo-700 { - border-color: $theme-indigo-700; -} - -.gl-border-gray-75 { - border-color: $gl-text-color-quaternary; -} - -.gl-min-h-8 { - min-height: $gl-spacing-scale-8; -} - -/* End gitlab-ui#1751 */ - diff --git a/app/graphql/mutations/ci/runner/update.rb b/app/graphql/mutations/ci/runner/update.rb index faccd1273e5..b6d8c20c40b 100644 --- a/app/graphql/mutations/ci/runner/update.rb +++ b/app/graphql/mutations/ci/runner/update.rb @@ -18,6 +18,10 @@ module Mutations required: false, description: 'Description of the runner.' + argument :maintenance_note, GraphQL::Types::String, + required: false, + description: 'Runner\'s maintenance notes.' + argument :maximum_timeout, GraphQL::Types::Int, required: false, description: 'Maximum timeout (in seconds) for jobs processed by the runner.' diff --git a/app/views/layouts/notify.html.haml b/app/views/layouts/notify.html.haml index 3b979f69cac..d9f16a89fbc 100644 --- a/app/views/layouts/notify.html.haml +++ b/app/views/layouts/notify.html.haml @@ -5,6 +5,10 @@ GitLab - if Feature.enabled?(:enhanced_notify_css) = stylesheet_link_tag 'notify_enhanced' + %style{ type: 'text/css', 'data-premailer': 'ignore' } + -# The MUA automatically turns some text into links. + -# Match the color of explicit links ($blue-600 from typography.scss). + a { color: #1068bf; } - else = stylesheet_link_tag 'notify' = yield :head diff --git a/app/views/layouts/service_desk.html.haml b/app/views/layouts/service_desk.html.haml index a838ba91d26..bab7bc6b9da 100644 --- a/app/views/layouts/service_desk.html.haml +++ b/app/views/layouts/service_desk.html.haml @@ -7,6 +7,10 @@ -# haml-lint:enable NoPlainNodes - if Feature.enabled?(:enhanced_notify_css) = stylesheet_link_tag 'notify_enhanced' + %style{ type: 'text/css', 'data-premailer': 'ignore' } + -# The MUA automatically turns some text into links. + -# Match the color of explicit links ($blue-600 from typography.scss). + a { color: #1068bf; } - else = stylesheet_link_tag 'notify' = yield :head diff --git a/data/whats_new/templates/YYYYMMDD0001_XX_YY.yml b/data/whats_new/templates/YYYYMMDD0001_XX_YY.yml index 0e34b37a32b..31d2312809d 100644 --- a/data/whats_new/templates/YYYYMMDD0001_XX_YY.yml +++ b/data/whats_new/templates/YYYYMMDD0001_XX_YY.yml @@ -25,7 +25,7 @@ stage: # String value of the stage that the feature was created in. e.g., Growth self-managed: # Boolean value (true or false) gitlab-com: # Boolean value (true or false) - packages: # Array of strings. The Array brackets are required here. e.g., [Core, Starter, Premium, Ultimate] + packages: # Array of strings. The Array brackets are required here. e.g., [Free, Premium, Ultimate] url: # This is the documentation URL, but can be a URL to a video if there is one image_url: # This should be a full URL, generally taken from the release post content. If a video, use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg published_at: # YYYY-MM-DD diff --git a/db/post_migrate/20220516100652_drop_compliance_management_frameworks_regulated.rb b/db/post_migrate/20220516100652_drop_compliance_management_frameworks_regulated.rb new file mode 100644 index 00000000000..f9d3405d486 --- /dev/null +++ b/db/post_migrate/20220516100652_drop_compliance_management_frameworks_regulated.rb @@ -0,0 +1,11 @@ +# frozen_string_literal: true + +class DropComplianceManagementFrameworksRegulated < Gitlab::Database::Migration[2.0] + def up + remove_column :compliance_management_frameworks, :regulated + end + + def down + add_column :compliance_management_frameworks, :regulated, :boolean, default: true + end +end diff --git a/db/schema_migrations/20220516100652 b/db/schema_migrations/20220516100652 new file mode 100644 index 00000000000..a50dc3ff36c --- /dev/null +++ b/db/schema_migrations/20220516100652 @@ -0,0 +1 @@ +ee255f9340fe64793636217a5115c368e0bd067cba057bb58aa78f370efae423 \ No newline at end of file diff --git a/db/structure.sql b/db/structure.sql index bad813c7bff..166b4520c32 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -13777,7 +13777,6 @@ CREATE TABLE compliance_management_frameworks ( description text NOT NULL, color text NOT NULL, namespace_id integer NOT NULL, - regulated boolean DEFAULT true NOT NULL, pipeline_configuration_full_path text, CONSTRAINT check_08cd34b2c2 CHECK ((char_length(color) <= 10)), CONSTRAINT check_1617e0b87e CHECK ((char_length(description) <= 255)), diff --git a/doc/.vale/gitlab/Uppercase.yml b/doc/.vale/gitlab/Uppercase.yml index 6093565fd7c..bd63d066941 100644 --- a/doc/.vale/gitlab/Uppercase.yml +++ b/doc/.vale/gitlab/Uppercase.yml @@ -14,6 +14,7 @@ first: '\b([A-Z]{3,5})\b' second: '(?:\b[A-Z][a-z]+ )+\(([A-Z]{3,5})\)' # ... with the exception of these: exceptions: + - AAAA - AJAX - ANSI - API @@ -30,14 +31,19 @@ exceptions: - CLI - CNA - CNAME + - CNCF - CORE + - CORS - CPU - CRIME + - CRM - CSRF - CSS - CSV + - CWE - CVE - CVS + - CVSS - DAG - DAST - DHCP @@ -81,6 +87,7 @@ exceptions: - HEAD - HIPAA - HLL + - HSTS - HTML - HTTP - HTTPS @@ -90,6 +97,7 @@ exceptions: - ICO - IDE - IID + - IIS - IMAP - IOPS - IRC @@ -105,6 +113,7 @@ exceptions: - LESS - LFS - LRU + - LSIF - LTM - LTS - MIME @@ -117,6 +126,7 @@ exceptions: - NOTE - NPM - NTP + - OKD - ONLY - OSS - OTP @@ -165,20 +175,25 @@ exceptions: - SHA - SLA - SLI + - SLO - SMS - SMTP + - SOAP - SOC - SOX - SPDX + - SPDY - SPF - SQL - SRE + - SRV - SSD - SSG - SSH - SSL - SSO - STI + - SUSE - SVG - SVN - TCP diff --git a/doc/administration/auditor_users.md b/doc/administration/auditor_users.md index 1d0aff51a04..d82683e1778 100644 --- a/doc/administration/auditor_users.md +++ b/doc/administration/auditor_users.md @@ -14,7 +14,7 @@ Users with auditor access have read-only access to all groups, projects, and oth For more information, see [Auditor user permissions and restrictions](#auditor-user-permissions-and-restrictions) section. -Situations where auditor access for users could be helpful include: +Situations where auditor access for users could be helpful include: - Your compliance department wants to run tests against the entire GitLab base to ensure users are complying with password, credit card, and other sensitive diff --git a/doc/administration/inactive_project_deletion.md b/doc/administration/inactive_project_deletion.md index a2d2093c57b..40ca5e8bce3 100644 --- a/doc/administration/inactive_project_deletion.md +++ b/doc/administration/inactive_project_deletion.md @@ -9,13 +9,13 @@ info: To determine the technical writer assigned to the Stage/Group associated w > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/85689) in GitLab 15.0 [with a flag](../administration/feature_flags.md) named `inactive_projects_deletion`. Disabled by default. FLAG: -On self-managed GitLab, by default this feature is not available. To make it available, ask an administrator to +On self-managed GitLab, by default this feature is not available. To make it available, ask an administrator to [enable the feature flag](../administration/feature_flags.md) named `inactive_projects_deletion`. On GitLab.com, this feature is not available. This feature is not ready for production use. Administrators of large GitLab instances can find that over time, projects become inactive and are no longer used. -These projects take up unnecessary disk space. With inactive project deletion, you can identify these projects, warn -the maintainers ahead of time, and then delete the projects if they remain inactive. When an inactive project is +These projects take up unnecessary disk space. With inactive project deletion, you can identify these projects, warn +the maintainers ahead of time, and then delete the projects if they remain inactive. When an inactive project is deleted, the action generates an audit event that it was performed by the first active administrator. ## Configure inactive project deletion diff --git a/doc/administration/packages/container_registry.md b/doc/administration/packages/container_registry.md index 51945555af8..feed5a9bf3b 100644 --- a/doc/administration/packages/container_registry.md +++ b/doc/administration/packages/container_registry.md @@ -1180,7 +1180,7 @@ Reference: ### Communication between GitLab and Registry -Registry doesn’t have a way to authenticate users internally so it relies on +Registry doesn't have a way to authenticate users internally so it relies on GitLab to validate credentials. The connection between Registry and GitLab is TLS encrypted. The key is used by GitLab to sign the tokens while the certificate is used by Registry to validate the signature. By default, a self-signed certificate key pair is generated diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md index 3c3e7bd9f57..82b3ae84f62 100644 --- a/doc/api/graphql/reference/index.md +++ b/doc/api/graphql/reference/index.md @@ -4283,6 +4283,7 @@ Input type: `RunnerUpdateInput` | `description` | [`String`](#string) | Description of the runner. | | `id` | [`CiRunnerID!`](#cirunnerid) | ID of the runner to update. | | `locked` | [`Boolean`](#boolean) | Indicates the runner is locked. | +| `maintenanceNote` | [`String`](#string) | Runner's maintenance notes. | | `maximumTimeout` | [`Int`](#int) | Maximum timeout (in seconds) for jobs processed by the runner. | | `paused` | [`Boolean`](#boolean) | Indicates the runner is not allowed to receive jobs. | | `privateProjectsMinutesCostFactor` | [`Float`](#float) | Private projects' "minutes cost factor" associated with the runner (GitLab.com only). | diff --git a/doc/architecture/blueprints/runner_scaling/index.md b/doc/architecture/blueprints/runner_scaling/index.md index 174fe191cc7..c4bd8433ab3 100644 --- a/doc/architecture/blueprints/runner_scaling/index.md +++ b/doc/architecture/blueprints/runner_scaling/index.md @@ -36,7 +36,7 @@ rapid growth of CI/CD adoption on GitLab.com. We can not, however, continue using Docker Machine. Work on that project [was paused in July 2018](https://github.com/docker/machine/issues/4537) and there was no development made since that time (except for some highly important -security fixes). In 2018, after Docker Machine entered the “maintenance mode”, +security fixes). In 2018, after Docker Machine entered the "maintenance mode", we decided to create [our own fork](https://gitlab.com/gitlab-org/ci-cd/docker-machine) to be able to keep using this and ship fixes and updates needed for our use case. [On September 26th, 2021 the project got archived](https://github.com/docker/docker.github.io/commit/2dc8b49dcbe85686cc7230e17aff8e9944cb47a5) @@ -48,7 +48,7 @@ new mechanism for GitLab Runner auto-scaling. It not only needs to support auto-scaling, but it also needs to do that in the way to enable us to build on top of it to improve efficiency, reliability and availability. -We call this new mechanism the “next GitLab Runner Scaling architecture”. +We call this new mechanism the "next GitLab Runner Scaling architecture". _Disclaimer The following contain information related to upcoming products, features, and functionality._ @@ -82,11 +82,11 @@ about how people are using Docker Machine right now, and it seems that GitLab CI is one of the most frequent reasons for people to keep using Docker Machine. There is also an opportunity in being able to optionally run multiple jobs in a -single, larger virtual machine. We can’t do that today, but we know that this +single, larger virtual machine. We can't do that today, but we know that this can potentially significantly improve efficiency. We might want to build a new architecture that makes it easier and allows us to test how efficient it is with PoCs. Running multiple jobs on a single machine can also make it possible -to reuse what we call a “sticky context” - a space for build artifacts / user +to reuse what we call a "sticky context" - a space for build artifacts / user data that can be shared between job runs. ### 💡 Design a simple abstraction that users will be able to build on top of @@ -165,7 +165,7 @@ sequence diagram. ![GitLab Runner Autoscaling Overview](gitlab-autoscaling-overview.png) On the diagrams above we see that currently a GitLab Runner Manager runs on a -machine that has access to a cloud provider’s API. It is using Docker Machine +machine that has access to a cloud provider's API. It is using Docker Machine to provision new Virtual Machines with Docker Engine installed and it configures the Docker daemon there to allow external authenticated requests. It stores credentials to such ephemeral Docker environments on disk. Once a @@ -186,8 +186,8 @@ through os/exec system calls. Thanks to the custom executor abstraction there is no more need to implement new executors internally in Runner. Users who have specific needs can implement -their own drivers and don’t need to wait for us to make their work part of the -“official” GitLab Runner. As each driver is a separate project, it also makes +their own drivers and don't need to wait for us to make their work part of the +"official" GitLab Runner. As each driver is a separate project, it also makes it easier to create communities around them, where interested people can collaborate together on improvements and bug fixes. @@ -197,7 +197,7 @@ provide a context and an environment in which a build will be executed by one of the Custom Executors. There are multiple solutions to implementing a custom provider abstraction. We -can use raw Go plugins, Hashcorp’s Go Plugin, HTTP interface or gRPC based +can use raw Go plugins, Hashcorp's Go Plugin, HTTP interface or gRPC based facade service. There are many solutions, and we want to choose the most optimal one. In order to do that, we will describe the solutions in a separate document, define requirements and score the solution accordingly. This will diff --git a/doc/ci/docker/using_docker_images.md b/doc/ci/docker/using_docker_images.md index 7edff334134..fdd8b6d38b8 100644 --- a/doc/ci/docker/using_docker_images.md +++ b/doc/ci/docker/using_docker_images.md @@ -112,7 +112,7 @@ For example, the following two definitions are equal: image: "registry.example.com/my/image:latest" services: - - postgresql:9.4 + - postgresql:14.3 - redis:latest ``` @@ -124,7 +124,7 @@ For example, the following two definitions are equal: name: "registry.example.com/my/image:latest" services: - - name: postgresql:9.4 + - name: postgresql:14.3 - name: redis:latest ``` diff --git a/doc/ci/pipelines/cicd_minutes.md b/doc/ci/pipelines/cicd_minutes.md index e211f76e02b..8242deca996 100644 --- a/doc/ci/pipelines/cicd_minutes.md +++ b/doc/ci/pipelines/cicd_minutes.md @@ -200,7 +200,7 @@ GitLab SaaS shared runners have different cost factors, depending on the runner | GitLab SaaS runner type | Virtual machine configuration | CI/CD minutes cost factor | | :--------- | :------------------- | :--------- | | Linux OS + Docker executor| 1 vCPU, 3.75 GB RAM |1| -| macOS + shell executor | 4 vCPU, 10 GB RAM| 6 | +| macOS + shell executor | 4 vCPU, 10 GB RAM| 6 | ### Monthly reset of CI/CD minutes diff --git a/doc/ci/runners/saas/macos/codesigning.md b/doc/ci/runners/saas/macos/codesigning.md index 4f8316faf17..ef60fd5a4d0 100644 --- a/doc/ci/runners/saas/macos/codesigning.md +++ b/doc/ci/runners/saas/macos/codesigning.md @@ -61,7 +61,7 @@ To use fastlane to code sign your application: get_provisioning_profile # match(type: "appstore",read_only: true) gym - upload_to_testflight + upload_to_testflight end end ``` diff --git a/doc/ci/services/index.md b/doc/ci/services/index.md index e876c6d7326..3ab814200fb 100644 --- a/doc/ci/services/index.md +++ b/doc/ci/services/index.md @@ -201,7 +201,7 @@ end-to-end-tests: alias: firefox - name: registry.gitlab.com/organization/private-api:latest alias: backend-api - - postgres:9.6.19 + - postgres:14.3 variables: FF_NETWORK_PER_BUILD: 1 POSTGRES_PASSWORD: supersecretpassword diff --git a/doc/ci/services/postgres.md b/doc/ci/services/postgres.md index 0bd43917cd1..c2ff4c60771 100644 --- a/doc/ci/services/postgres.md +++ b/doc/ci/services/postgres.md @@ -46,7 +46,7 @@ If you're wondering why we used `postgres` for the `Host`, read more at [How services are linked to the job](../services/index.md#how-services-are-linked-to-the-job). You can also use any other Docker image available on [Docker Hub](https://hub.docker.com/_/postgres). -For example, to use PostgreSQL 9.3, the service becomes `postgres:9.3`. +For example, to use PostgreSQL 14.3, the service becomes `postgres:14.3`. The `postgres` image can accept some environment variables. For more details, see the documentation on [Docker Hub](https://hub.docker.com/_/postgres). diff --git a/doc/development/contributing/verify/index.md b/doc/development/contributing/verify/index.md index 01aacffd00f..88f9944dea1 100644 --- a/doc/development/contributing/verify/index.md +++ b/doc/development/contributing/verify/index.md @@ -134,7 +134,7 @@ applied to many other technical implementations. GitLab is a DevOps platform. We popularize DevOps because it helps companies be more efficient and achieve better results. One important component of DevOps culture is to take ownership over features and code that you are -building. It is very difficult to do that when you don’t know how your features +building. It is very difficult to do that when you don't know how your features perform and behave in the production environment. This is why we want to make our features and code observable. It @@ -181,7 +181,7 @@ updating, because their feedback might be limited to code style and syntax. Depending on the complexity and impact of a change, assigning the right people to review your changes might be very important. -If you don’t know who to assign, consult `git blame` or ask in the `#verify` +If you don't know who to assign, consult `git blame` or ask in the `#verify` Slack channel (GitLab team members only). ### Incremental rollouts @@ -220,7 +220,7 @@ scenario relating to a software being built by one of our [early customers](http That would be quite an undesirable outcome of a small bug in GitLab CI/CD status processing. Please take extra care when you are working on CI/CD statuses, -we don’t want to implode our Universe! +we don't want to implode our Universe! This is an extreme and unlikely scenario, but presenting data that is not accurate can potentially cause a myriad of problems through the diff --git a/doc/development/documentation/versions.md b/doc/development/documentation/versions.md index 0f2bdca4c73..fffd5c056c3 100644 --- a/doc/development/documentation/versions.md +++ b/doc/development/documentation/versions.md @@ -141,8 +141,8 @@ To remove a page: # Title (removed) **(ULTIMATE SELF)** - This feature was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/351963) in GitLab 14.8 - and [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/351963) in 15.0. + This feature was [deprecated]() in GitLab X.Y + and [removed]() in X.Y. Use [feature X]() instead. ``` @@ -162,12 +162,12 @@ To remove a topic: For the `remove_date`, set a date three months after the release where it was removed. ```markdown - + ## Title (removed) **(ULTIMATE SELF)** - This feature was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/351963) in GitLab 14.8 - and [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/351963) in 15.0. + This feature was [deprecated]() in GitLab X.Y + and [removed]() in X.Y. Use [feature X]() instead. diff --git a/doc/development/fe_guide/storybook.md b/doc/development/fe_guide/storybook.md index 9c4bcf02389..4c0e7b2612b 100644 --- a/doc/development/fe_guide/storybook.md +++ b/doc/development/fe_guide/storybook.md @@ -53,6 +53,6 @@ To add a story: ## Mock backend APIs -GitLab’s Storybook uses [MirajeJS](https://miragejs.com/) to mock REST and GraphQL APIs. Storybook shares the MirajeJS server +The GitLab Storybook uses [MirajeJS](https://miragejs.com/) to mock REST and GraphQL APIs. Storybook shares the MirajeJS server with the [frontend integration tests](../testing_guide/testing_levels.md#frontend-integration-tests). You can find the MirajeJS configuration files in `spec/frontend_integration/mock_server`. diff --git a/doc/development/new_fe_guide/modules/widget_extensions.md b/doc/development/new_fe_guide/modules/widget_extensions.md index 1620cbe5cf1..57ce6df020d 100644 --- a/doc/development/new_fe_guide/modules/widget_extensions.md +++ b/doc/development/new_fe_guide/modules/widget_extensions.md @@ -236,7 +236,7 @@ export default { If the extension needs to poll multiple endpoints at the same time, then `fetchMultiData` can be used to return an array of functions. A new `poll` object will be created for each endpoint and they will be polled separately. Once all endpoints are resolved, polling will -be stopped and `setCollapsedData` will be called with an array of `response.data`. +be stopped and `setCollapsedData` will be called with an array of `response.data`. ```javascript export default { @@ -253,7 +253,7 @@ export default { }; ``` -**Important** The function needs to return a `Promise` that resolves the `response` object. +**Important** The function needs to return a `Promise` that resolves the `response` object. The implementation relies on the `POLL-INTERVAL` header to keep polling, therefore it is important not to alter the status code and headers. diff --git a/doc/development/secure_coding_guidelines.md b/doc/development/secure_coding_guidelines.md index 065e6eaf9c6..b41c440c111 100644 --- a/doc/development/secure_coding_guidelines.md +++ b/doc/development/secure_coding_guidelines.md @@ -637,14 +637,11 @@ We recommend using the ciphers that Mozilla is providing in their [recommended S - `ECDHE-RSA-AES128-GCM-SHA256` - `ECDHE-ECDSA-AES256-GCM-SHA384` - `ECDHE-RSA-AES256-GCM-SHA384` -- `ECDHE-ECDSA-CHACHA20-POLY1305` -- `ECDHE-RSA-CHACHA20-POLY1305` And the following cipher suites (according to the [RFC 8446](https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.4)) for TLS 1.3: - `TLS_AES_128_GCM_SHA256` - `TLS_AES_256_GCM_SHA384` -- `TLS_CHACHA20_POLY1305_SHA256` *Note*: **Golang** does [not support](https://github.com/golang/go/blob/go1.17/src/crypto/tls/cipher_suites.go#L676) all cipher suites with TLS 1.3. @@ -665,7 +662,7 @@ For **Ruby**, you can use [`HTTParty`](https://github.com/jnunemaker/httparty) a Whenever possible this example should be **avoided** for security purposes: ```ruby -response = HTTParty.get('https://gitlab.com', ssl_version: :TLSv1_3, ciphers: ['TLS_AES_128_GCM_SHA256', 'TLS_AES_256_GCM_SHA384', 'TLS_CHACHA20_POLY1305_SHA256']) +response = HTTParty.get('https://gitlab.com', ssl_version: :TLSv1_3, ciphers: ['TLS_AES_128_GCM_SHA256', 'TLS_AES_256_GCM_SHA384']) ``` When using [`GitLab::HTTP`](#gitlab-http-library), the code looks like: @@ -673,7 +670,7 @@ When using [`GitLab::HTTP`](#gitlab-http-library), the code looks like: This is the **recommended** implementation to avoid security issues such as SSRF: ```ruby -response = GitLab::HTTP.perform_request(Net::HTTP::Get, 'https://gitlab.com', ssl_version: :TLSv1_3, ciphers: ['TLS_AES_128_GCM_SHA256', 'TLS_AES_256_GCM_SHA384', 'TLS_CHACHA20_POLY1305_SHA256']) +response = GitLab::HTTP.perform_request(Net::HTTP::Get, 'https://gitlab.com', ssl_version: :TLSv1_3, ciphers: ['TLS_AES_128_GCM_SHA256', 'TLS_AES_256_GCM_SHA384']) ``` ##### TLS 1.2 @@ -687,8 +684,6 @@ func secureCipherSuites() []uint16 { tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, - tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, } ``` @@ -708,7 +703,7 @@ This example was taken [here](https://gitlab.com/gitlab-org/cluster-integration/ For **Ruby**, you can use again [`HTTParty`](https://github.com/jnunemaker/httparty) and specify this time TLS 1.2 version alongside with the recommended ciphers: ```ruby -response = GitLab::HTTP.perform_request(Net::HTTP::Get, 'https://gitlab.com', ssl_version: :TLSv1_2, ciphers: ['ECDHE-ECDSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-ECDSA-AES256-GCM-SHA384', 'ECDHE-RSA-AES256-GCM-SHA384', 'ECDHE-ECDSA-CHACHA20-POLY1305', 'ECDHE-RSA-CHACHA20-POLY1305']) +response = GitLab::HTTP.perform_request(Net::HTTP::Get, 'https://gitlab.com', ssl_version: :TLSv1_2, ciphers: ['ECDHE-ECDSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-ECDSA-AES256-GCM-SHA384', 'ECDHE-RSA-AES256-GCM-SHA384']) ``` ## GitLab Internal Authorization diff --git a/doc/development/workhorse/configuration.md b/doc/development/workhorse/configuration.md index ce80a155489..d34e567adda 100644 --- a/doc/development/workhorse/configuration.md +++ b/doc/development/workhorse/configuration.md @@ -147,6 +147,19 @@ addr = "localhost:3443" The `certificate` file should contain the concatenation of the server's certificate, any intermediates, and the CA's certificate. +Metrics endpoints can be configured similarly: + +```toml +[metrics_listener] +network = "tcp" +addr = "localhost:9229" +[metrics_listener.tls] + certificate = "/path/to/certificate" + key = "/path/to/private/key" + min_version = "tls1.2" + max_version = "tls1.3" +``` + ## Interaction of authBackend and authSocket The interaction between `authBackend` and `authSocket` can be confusing. diff --git a/doc/integration/elasticsearch.md b/doc/integration/elasticsearch.md index 433ec3a7948..e8780e152c6 100644 --- a/doc/integration/elasticsearch.md +++ b/doc/integration/elasticsearch.md @@ -14,7 +14,7 @@ Advanced Search provides faster search response times and [improved search featu ### Elasticsearch version requirements -> Support for Elasticsearch 6.8 was [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/350275) in GitLab 15.0. +> Support for Elasticsearch 6.8 was [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/350275) in GitLab 15.0. Advanced Search works with the following versions of Elasticsearch. diff --git a/doc/integration/jenkins.md b/doc/integration/jenkins.md index 7b02580dac1..5b779f22bd3 100644 --- a/doc/integration/jenkins.md +++ b/doc/integration/jenkins.md @@ -179,7 +179,7 @@ If you get this error message while configuring GitLab, the following are possib - The Jenkins instance is at a local address and is not included in the [GitLab installation's allowlist](../security/webhooks.md#allowlist-for-local-requests). - The credentials for the Jenkins instance do not have sufficient access or are invalid. -- The **Enable authentication for ‘/project’ end-point** checkbox is not selected in your [Jenkin's plugin configuration](#configure-the-jenkins-server). +- The **Enable authentication for `/project` end-point** checkbox is not selected in your [Jenkin's plugin configuration](#configure-the-jenkins-server). ### Error in merge requests - "Could not connect to the CI server" diff --git a/doc/raketasks/backup_restore.md b/doc/raketasks/backup_restore.md index 5ba6bd9fb14..ffad274c854 100644 --- a/doc/raketasks/backup_restore.md +++ b/doc/raketasks/backup_restore.md @@ -1447,7 +1447,7 @@ To prepare the new server: 1. Copy the [SSH host keys](https://superuser.com/questions/532040/copy-ssh-keys-from-one-server-to-another-server/532079#532079) from the old server to avoid man-in-the-middle attack warnings. - See [Manually replicate the primary site’s SSH host keys](../administration/geo/replication/configuration.md#step-2-manually-replicate-the-primary-sites-ssh-host-keys) for example steps. + See [Manually replicate the primary site's SSH host keys](../administration/geo/replication/configuration.md#step-2-manually-replicate-the-primary-sites-ssh-host-keys) for example steps. 1. [Install and configure GitLab](https://about.gitlab.com/install) except [incoming email](../administration/incoming_email.md): 1. Install GitLab. diff --git a/doc/security/rate_limits.md b/doc/security/rate_limits.md index ac532ee491a..0bbca5b9a57 100644 --- a/doc/security/rate_limits.md +++ b/doc/security/rate_limits.md @@ -87,7 +87,7 @@ Each command has a rate limit of 600 per minute. For example: Because the same commands are shared by `git-upload-pack`, `git pull`, and `git clone`, they share a rate limit. The requests/minute threshold for this rate limit is not configurable. Self-managed customers can disable this -rate limit by [disabling the feature flag](../administration/feature_flags.md#enable-or-disable-the-feature) +rate limit by [disabling the feature flag](../administration/feature_flags.md#enable-or-disable-the-feature) with `Feature.disable(:rate_limit_gitlab_shell)`. ### Repository archives diff --git a/doc/subscriptions/index.md b/doc/subscriptions/index.md index 58af5787f2b..05fd302d6ee 100644 --- a/doc/subscriptions/index.md +++ b/doc/subscriptions/index.md @@ -183,68 +183,63 @@ Find more information on how to apply and renew at ### GitLab for Open Source -For qualifying open source projects, the [GitLab for Open Source](https://about.gitlab.com/solutions/open-source/) program provides -the top GitLab tier, plus 50,000 CI/CD minutes per month. - -You can find more information about the [program requirements](https://about.gitlab.com/solutions/open-source/join/#requirements), -[renewals](https://about.gitlab.com/solutions/open-source/join/#renewals), -and benefits on the [GitLab for Open Source application page](https://about.gitlab.com/solutions/open-source/join/). +For qualifying open source projects, the [GitLab for Open Source Program](https://about.gitlab.com/solutions/open-source/) provides +GitLab Ultimate, plus 50,000 CI/CD minutes per month. For more information, see [program requirements](https://about.gitlab.com/solutions/open-source/join/#requirements), [renewals](https://about.gitlab.com/solutions/open-source/join/#renewals), and [program benefits](https://about.gitlab.com/solutions/open-source/join/). If you have any questions, send an email to `opensource@gitlab.com` for assistance. -#### Verification for Open Source program +#### License requirements for GitLab for Open Source Program members -As part of the [application verification process](https://about.gitlab.com/solutions/open-source/join/), you must upload three screenshots. -These are the three screenshots that are needed to qualify you for the GitLab for Open Source program. +GitLab for Open Source Program benefits apply to an entire GitLab namespace. To qualify for the GitLab for Open Source Program, **all projects in an applicant's namespace** must carry an [OSI-approved license](https://opensource.org/licenses/). + +To add a license: + +1. On the top bar, select **Menu > Projects** and find your project. +1. On the overview page, select **Add LICENSE**. If the license you want is not available as a license template, manually copy the entire, unaltered [text of your chosen license](https://opensource.org/licenses/alphabetical) into the `LICENSE` file. Note that GitLab defaults to **All rights reserved** if users do not perform this action. + +Applicants must add the correct license to each project in their respective groups or namespaces When you're sure you're using OSI-approved licenses for your projects, you can take your screenshots. + +#### Verification for Open Source Program + +As part of the [application verification process](https://about.gitlab.com/solutions/open-source/join/), you must upload **three screenshots**: - [OSI-approved license overview](#screenshot-1-license-overview) -- [OSI-approved license file](#screenshot-2-license-file) +- [OSI-approved license contents](#screenshot-2-license-contents) - [Publicly visible settings](#screenshot-3-publicly-visible-settings) -##### OSI-approved license - -You must apply an [OSI-approved license](https://opensource.org/licenses/) to each project in your group before you can be verified. - -Add the license to the LICENSE file so that it shows up in the overview section of the project. This allows contributors to see it at a glance. - -It's best to copy and paste the entire license into the file in its original form. GitLab defaults to **All rights reserved** if no license file is mentioned. -You must ensure that you add the correct license to each project within your group. - -After you ensure that you are using OSI-approved licenses for your projects, you can take your screenshots. +Benefits of the GitLab Open Source Program apply to all projects in a GitLab namespace. All projects in an eligible namespace must meet program requirements. However, if you submit materials for **one project** in your namespace, the open source program team uses that project to verify the contents of the entire namespace you use when applying to the program. ##### Screenshot 1: License overview -On the left sidebar, select **Project information > Details**. Take a screenshot that includes a view of the license you've chosen for your project. +1. On the top bar, select **Menu > Projects** and find your project. +1. On the left sidebar, select your project avatar. If you haven't specified an avatar for your project, the avatar displays as a single letter. +1. Take a screenshot of the project overview that clearly displays the license you've chosen for your project. ![License overview](img/license-overview.png) -##### Screenshot 2: License file +##### Screenshot 2: License contents -Navigate to one of the license files that you uploaded. You can usually find the license file by selecting **Project information > Details** and scanning the page for the license. -Make sure the screenshot includes the title of the license. +1. On the top bar, select **Menu > Projects** and find your project. +1. On the left sidebar, select **Repository** and locate the project's `LICENSE` file. +1. Take a screenshot of the contents of the file. Make sure the screenshot includes the title of the license. ![License file](img/license-file.png) ##### Screenshot 3: Publicly visible settings -The goal of the GitLab for Open Source program is to enable collaboration on open source projects. -As a pre-condition to collaboration, people must be able to view the open source project. -As a result, we ask that all projects under this license are publicly visible. +To be eligible for the GitLab Open Source Program, projects must be publicly visible. To check your project's public visibility settings: -Follow these instructions to take a screenshot of the publicly visible settings: - - 1. Go to your project and select **Settings**. - 1. Expand **Visibility, project features, permissions**. - 1. Set **Project Visibility** to **Public**. - 1. Ensure others can request access by selecting the **Users can request access** checkbox. - 1. Take the screenshot. Include as much of the publicly visible settings as possible. Make sure to include your project's name in the - upper-left of the screenshot. +1. On the top bar, select **Menu > Projects** and find your project. +1. From the left sidebar, select **Settings > General**. +1. Expand **Visibility, project features, permissions**. +1. From the **Project visibility** dropdown list, select **Public**. +1. Select the **Users can request access** checkbox. +1. Take a screenshot of this view. Include as much of the publicly visible settings as possible. Make sure to include your project's name in the upper-left of the screenshot. ![Publicly visible setting](img/publicly-visible.png) NOTE: -From time to time, GitLab allows exceptions. One or two projects within a group can be private if there is a legitimate need for it, for example, -if a project holds sensitive data. Email `opensource@gitlab.com` with details of your use case to request written permission for exceptions. +Exceptions to this public visibility requirement apply in select circumstances (for example, in cases where a project may hold sensitive data). Email `opensource@gitlab.com` with details of your use case to request written permission for exceptions. ### GitLab for Startups diff --git a/doc/user/application_security/coverage_fuzzing/index.md b/doc/user/application_security/coverage_fuzzing/index.md index f4404ed688f..b2b7dd85468 100644 --- a/doc/user/application_security/coverage_fuzzing/index.md +++ b/doc/user/application_security/coverage_fuzzing/index.md @@ -315,7 +315,7 @@ The `covfuzz-ci.yml` is the same as that in the [original synchronous example](h ## FIPS-enabled binary -[Starting in GitLab 15.0](https://gitlab.com/gitlab-org/gitlab/-/issues/352549) the coverage fuzzing binary is compiled with `golang-fips` on Linux x86 and uses OpenSSL as the cryptographic backend. For more details, see [FIPS compliance at GitLab with Go](../../../development/fips_compliance.md#go). +[Starting in GitLab 15.0](https://gitlab.com/gitlab-org/gitlab/-/issues/352549) the coverage fuzzing binary is compiled with `golang-fips` on Linux x86 and uses OpenSSL as the cryptographic backend. For more details, see [FIPS compliance at GitLab with Go](../../../development/fips_compliance.md#go). ## Offline environment diff --git a/doc/user/application_security/dast/index.md b/doc/user/application_security/dast/index.md index f3dfbbb4d5f..afddcb45188 100644 --- a/doc/user/application_security/dast/index.md +++ b/doc/user/application_security/dast/index.md @@ -333,7 +333,7 @@ Vulnerability rules in an API scan are different than those in a normal website A new DAST API scanning engine is available in GitLab 13.12 and later. For more details, see [DAST API scanning engine](../dast_api). The new scanning engine supports REST, SOAP, GraphQL, and generic APIs using forms, XML, and JSON. Testing can be performed using OpenAPI, Postman Collections, and HTTP Archive (HAR) documents. -The target API instance’s base URL is provided by using the `DAST_API_TARGET_URL` variable or an `environment_url.txt` file. +The target API instance's base URL is provided by using the `DAST_API_TARGET_URL` variable or an `environment_url.txt` file. #### Specification format diff --git a/doc/user/application_security/sast/analyzers.md b/doc/user/application_security/sast/analyzers.md index b323c5f663b..5690be9dfc8 100644 --- a/doc/user/application_security/sast/analyzers.md +++ b/doc/user/application_security/sast/analyzers.md @@ -91,10 +91,10 @@ The Vulnerability Management system automatically moves vulnerabilities from the However, you'll see old vulnerabilities re-created based on Semgrep results if: -- A vulnerability was created by Bandit or SpotBugs and you disable those analyzers. We only recommend disabling Bandit and SpotBugs now if the analyzers aren’t working. Work to automatically translate Bandit and SpotBugs vulnerabilities to Semgrep is tracked in [this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/328062). +- A vulnerability was created by Bandit or SpotBugs and you disable those analyzers. We only recommend disabling Bandit and SpotBugs now if the analyzers aren't working. Work to automatically translate Bandit and SpotBugs vulnerabilities to Semgrep is tracked in [this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/328062). - A vulnerability was created by ESLint, Gosec, or Flawfinder in a default-branch pipeline where Semgrep scanning did not run successfully (before Semgrep coverage was introduced for the language, because you disabled Semgrep explicitly, or because the Semgrep scan failed in that pipeline). We do not currently plan to combine these vulnerabilities if they already exist. -When a vulnerability is re-created, the original vulnerability is marked as “no longer detected” in the Vulnerability Report. +When a vulnerability is re-created, the original vulnerability is marked as "no longer detected" in the Vulnerability Report. A new vulnerability is then created based on the Semgrep finding. ### Activating Semgrep-based scanning early diff --git a/doc/user/application_security/sast/index.md b/doc/user/application_security/sast/index.md index 7a4123c252f..d0f8bd64d04 100644 --- a/doc/user/application_security/sast/index.md +++ b/doc/user/application_security/sast/index.md @@ -13,7 +13,7 @@ The whitepaper ["A Seismic Shift in Application Security"](https://about.gitlab. explains how 4 of the top 6 attacks were application based. Download it to learn how to protect your organization. -If you’re using [GitLab CI/CD](../../../ci/index.md), you can use Static Application Security +If you're using [GitLab CI/CD](../../../ci/index.md), you can use Static Application Security Testing (SAST) to check your source code for known vulnerabilities. You can run SAST analyzers in any GitLab tier. The analyzers output JSON-formatted reports as job artifacts. diff --git a/doc/user/crm/index.md b/doc/user/crm/index.md index bec67acae3e..a46ba317cd4 100644 --- a/doc/user/crm/index.md +++ b/doc/user/crm/index.md @@ -35,7 +35,7 @@ To read more about what is planned for the future, see [issue 2256](https://gitl Customer relations management features must be enabled at the group level. If your group also contains subgroups, and you want to use CRM features in the subgroup, -you must enable CRM features for the subgroup. +you must enable CRM features for the subgroup. To enable customer relations management in a group or subgroup: diff --git a/doc/user/group/settings/group_access_tokens.md b/doc/user/group/settings/group_access_tokens.md index 4b791d5a221..ce4a163a92f 100644 --- a/doc/user/group/settings/group_access_tokens.md +++ b/doc/user/group/settings/group_access_tokens.md @@ -36,7 +36,7 @@ You can use group access tokens: - Consider [disabling group access tokens](#enable-or-disable-group-access-token-creation) to lower potential abuse. -You cannot use group access tokens to create other access tokens. +You cannot use group access tokens to create other group, project, or personal access tokens. Group access tokens inherit the [default prefix setting](../../admin_area/settings/account_and_limit_settings.md#personal-access-token-prefix) configured for personal access tokens. diff --git a/doc/user/infrastructure/clusters/migrate_to_gitlab_agent.md b/doc/user/infrastructure/clusters/migrate_to_gitlab_agent.md index 7b2b5b4afd4..aa07a23db18 100644 --- a/doc/user/infrastructure/clusters/migrate_to_gitlab_agent.md +++ b/doc/user/infrastructure/clusters/migrate_to_gitlab_agent.md @@ -57,7 +57,7 @@ In your Auto DevOps project, you can use the GitLab agent to connect with your K - Add a key called `KUBE_INGRESS_BASE_DOMAIN` with the application deployment domain as the value. - Add a key called `KUBE_CONTEXT` with a value like `path/to/agent/project:agent-name`. Select the environment scope of your choice. - If you are not sure what your agent’s context is, edit your `.gitlab-ci.yml` file and add a job to see the available contexts: + If you are not sure what your agent's context is, edit your `.gitlab-ci.yml` file and add a job to see the available contexts: ```yaml deploy: diff --git a/doc/user/infrastructure/iac/troubleshooting.md b/doc/user/infrastructure/iac/troubleshooting.md index 0a36c2acc09..881bcb32aed 100644 --- a/doc/user/infrastructure/iac/troubleshooting.md +++ b/doc/user/infrastructure/iac/troubleshooting.md @@ -73,8 +73,8 @@ There are three different causes for the error: - In GitLab 15.0, templates use [`rules`](../../../ci/yaml/index.md#rules) syntax instead of [`only/except`](../../../ci/yaml/index.md#only--except). - Ensure the syntax in your `.gitlab-ci.yml` file does not include both. - + Ensure the syntax in your `.gitlab-ci.yml` file does not include both. + #### Use an older version of the template Breaking changes can occur during major releases. If you encounter a breaking change or want to use an older version of a template, you can update your `.gitlab-ci.yml` to refer to an older one. For example: diff --git a/doc/user/project/pages/redirects.md b/doc/user/project/pages/redirects.md index 1db404f4888..791b6a1550a 100644 --- a/doc/user/project/pages/redirects.md +++ b/doc/user/project/pages/redirects.md @@ -164,7 +164,7 @@ Splats also match empty strings, so the previous rule redirects ### Rewrite all requests to a root `index.html` NOTE: -If you are using [GitLab Pages integration with Let’s Encrypt](custom_domains_ssl_tls_certification/lets_encrypt_integration.md), +If you are using [GitLab Pages integration with Let's Encrypt](custom_domains_ssl_tls_certification/lets_encrypt_integration.md), you must enable it before adding this rule. Otherwise, the redirection breaks the Let's Encrypt integration. For more details, see [GitLab Pages issue 649](https://gitlab.com/gitlab-org/gitlab-pages/-/issues/649). diff --git a/doc/user/project/service_desk.md b/doc/user/project/service_desk.md index 19c3218137f..17e55b7aac2 100644 --- a/doc/user/project/service_desk.md +++ b/doc/user/project/service_desk.md @@ -146,7 +146,7 @@ You can set description templates at various levels: - A specific [group or subgroup](description_templates.md#set-group-level-description-templates). - A specific [project](description_templates.md#set-a-default-template-for-merge-requests-and-issues). -The templates are inherited. For example, in a project, you can also access templates set for the instance or the project’s parent groups. +The templates are inherited. For example, in a project, you can also access templates set for the instance or the project's parent groups. To use a custom description template with Service Desk: diff --git a/doc/user/project/settings/project_access_tokens.md b/doc/user/project/settings/project_access_tokens.md index e332b74f908..b2af5f0d294 100644 --- a/doc/user/project/settings/project_access_tokens.md +++ b/doc/user/project/settings/project_access_tokens.md @@ -36,7 +36,7 @@ You can use project access tokens: - Consider [disabling project access tokens](#enable-or-disable-project-access-token-creation) to lower potential abuse. -You cannot use project access tokens to create other access tokens. +You cannot use project access tokens to create other group, project, or personal access tokens. Project access tokens inherit the [default prefix setting](../../admin_area/settings/account_and_limit_settings.md#personal-access-token-prefix) configured for personal access tokens. diff --git a/lib/api/users.rb b/lib/api/users.rb index b10458c4358..c7aa4b43d4d 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -1096,7 +1096,7 @@ module API requires :credit_card_mask_number, type: String, desc: 'The last 4 digits of credit card number' requires :credit_card_type, type: String, desc: 'The credit card network name' end - put ":user_id/credit_card_validation", feature_category: :purchase do + put ":user_id/credit_card_validation", urgency: :low, feature_category: :purchase do authenticated_as_admin! user = find_user(params[:user_id]) diff --git a/lib/gitlab/database.rb b/lib/gitlab/database.rb index 677b4485288..909dfc4f92d 100644 --- a/lib/gitlab/database.rb +++ b/lib/gitlab/database.rb @@ -203,8 +203,13 @@ module Gitlab # This does not look at literal connection names, but rather compares # models that are holders for a given db_config_name def self.gitlab_schemas_for_connection(connection) - db_name = self.db_config_name(connection) - primary_model = self.database_base_models.fetch(db_name.to_sym) + db_config = self.db_config_for_connection(connection) + + # connection might not be yet adopted (returning NullPool, and no connection_klass) + # in such cases it is fine to ignore such connections + return unless db_config + + primary_model = self.database_base_models.fetch(db_config.name.to_sym) self.schemas_to_base_models.select do |_, child_models| child_models.any? do |child_model| diff --git a/spec/features/nav/top_nav_tooltip_spec.rb b/spec/features/nav/top_nav_tooltip_spec.rb new file mode 100644 index 00000000000..7c34fb01ca9 --- /dev/null +++ b/spec/features/nav/top_nav_tooltip_spec.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe 'top nav tooltips', :js do + let_it_be(:user) { create(:user) } + + before do + sign_in(user) + visit explore_projects_path + end + + it 'clicking new dropdown hides tooltip', :aggregate_failures do + btn = '#js-onboarding-new-project-link' + + page.find(btn).hover + + expect(page).to have_content('New...') + + page.find(btn).click + + expect(page).not_to have_content('New...') + end +end diff --git a/spec/frontend/diffs/components/diff_line_note_form_spec.js b/spec/frontend/diffs/components/diff_line_note_form_spec.js index fb9dc22ce25..b59043168b8 100644 --- a/spec/frontend/diffs/components/diff_line_note_form_spec.js +++ b/spec/frontend/diffs/components/diff_line_note_form_spec.js @@ -64,6 +64,16 @@ describe('DiffLineNoteForm', () => { expect(confirmAction).toHaveBeenCalled(); }); + it('should only ask for confirmation once', () => { + // Never resolve so we can test what happens when triggered while "confirmAction" is loading + confirmAction.mockImplementation(() => new Promise(() => {})); + + findNoteForm().vm.$emit('cancelForm', true, true); + findNoteForm().vm.$emit('cancelForm', true, true); + + expect(confirmAction).toHaveBeenCalledTimes(1); + }); + it('should not ask for confirmation when one of the params false', () => { confirmAction.mockResolvedValueOnce(false); diff --git a/spec/graphql/mutations/ci/runner/update_spec.rb b/spec/graphql/mutations/ci/runner/update_spec.rb index 75e9b57e60a..b8efd4213fa 100644 --- a/spec/graphql/mutations/ci/runner/update_spec.rb +++ b/spec/graphql/mutations/ci/runner/update_spec.rb @@ -49,6 +49,7 @@ RSpec.describe Mutations::Ci::Runner::Update do { id: runner.to_global_id, description: 'updated description', + maintenance_note: 'updated maintenance note', maximum_timeout: 900, access_level: 'ref_protected', active: false, @@ -84,6 +85,16 @@ RSpec.describe Mutations::Ci::Runner::Update do ) end end + + context 'with too long maintenance note' do + it 'returns a descriptive error' do + mutation_params[:maintenance_note] = '1' * 1025 + + expect(subject[:errors]).to contain_exactly( + 'Maintenance note is too long (maximum is 1024 characters)' + ) + end + end end end end diff --git a/spec/lib/gitlab/database_spec.rb b/spec/lib/gitlab/database_spec.rb index 23f4f0e7089..025cf05424e 100644 --- a/spec/lib/gitlab/database_spec.rb +++ b/spec/lib/gitlab/database_spec.rb @@ -222,10 +222,6 @@ RSpec.describe Gitlab::Database do end describe '.gitlab_schemas_for_connection' do - it 'does raise exception for invalid connection' do - expect { described_class.gitlab_schemas_for_connection(:invalid) }.to raise_error /key not found: "unknown"/ - end - it 'does return a valid schema depending on a base model used', :request_store do # FF due to lib/gitlab/database/load_balancing/configuration.rb:92 stub_feature_flags(force_no_sharing_primary_model: true) @@ -282,6 +278,15 @@ RSpec.describe Gitlab::Database do end end end + + it 'does return empty for non-adopted connections' do + new_connection = ActiveRecord::Base.postgresql_connection( + ActiveRecord::Base.connection_db_config.configuration_hash) + + expect(described_class.gitlab_schemas_for_connection(new_connection)).to be_nil + ensure + new_connection&.disconnect! + end end describe '#true_value' do diff --git a/workhorse/config_test.go b/workhorse/config_test.go index 0c0072322ac..0f892f10301 100644 --- a/workhorse/config_test.go +++ b/workhorse/config_test.go @@ -47,6 +47,15 @@ certificate = "/path/to/certificate" key = "/path/to/private/key" min_version = "tls1.1" max_version = "tls1.2" +[[listeners]] +network = "tcp" +addr = "localhost:3444" +[metrics_listener] +network = "tcp" +addr = "localhost:3445" +[metrics_listener.tls] +certificate = "/path/to/certificate" +key = "/path/to/private/key" ` _, err = io.WriteString(f, data) require.NoError(t, err) @@ -66,14 +75,69 @@ max_version = "tls1.2" require.Equal(t, []string{"10.0.0.1/8"}, cfg.TrustedCIDRsForPropagation) require.Equal(t, 60*time.Second, cfg.ShutdownTimeout.Duration) - require.Len(t, cfg.Listeners, 1) - listener := cfg.Listeners[0] - require.Equal(t, "/path/to/certificate", listener.Tls.Certificate) - require.Equal(t, "/path/to/private/key", listener.Tls.Key) - require.Equal(t, "tls1.1", listener.Tls.MinVersion) - require.Equal(t, "tls1.2", listener.Tls.MaxVersion) - require.Equal(t, "tcp", listener.Network) - require.Equal(t, "localhost:3443", listener.Addr) + listenerConfigs := []config.ListenerConfig{ + { + Network: "tcp", + Addr: "localhost:3445", + Tls: &config.TlsConfig{ + Certificate: "/path/to/certificate", + Key: "/path/to/private/key", + }, + }, + { + Network: "tcp", + Addr: "localhost:3443", + Tls: &config.TlsConfig{ + Certificate: "/path/to/certificate", + Key: "/path/to/private/key", + MinVersion: "tls1.1", + MaxVersion: "tls1.2", + }, + }, + { + Network: "tcp", + Addr: "localhost:3444", + }, + } + + require.Len(t, cfg.Listeners, 2) + require.NotNil(t, cfg.MetricsListener) + + for i, cfg := range []config.ListenerConfig{*cfg.MetricsListener, cfg.Listeners[0], cfg.Listeners[1]} { + require.Equal(t, listenerConfigs[i].Network, cfg.Network) + require.Equal(t, listenerConfigs[i].Addr, cfg.Addr) + } + + for i, cfg := range []config.ListenerConfig{*cfg.MetricsListener, cfg.Listeners[0]} { + require.Equal(t, listenerConfigs[i].Tls.Certificate, cfg.Tls.Certificate) + require.Equal(t, listenerConfigs[i].Tls.Key, cfg.Tls.Key) + require.Equal(t, listenerConfigs[i].Tls.MinVersion, cfg.Tls.MinVersion) + require.Equal(t, listenerConfigs[i].Tls.MaxVersion, cfg.Tls.MaxVersion) + } + + require.Nil(t, cfg.Listeners[1].Tls) +} + +func TestTwoMetricsAddrsAreSpecifiedError(t *testing.T) { + f, err := ioutil.TempFile("", "workhorse-config-test") + require.NoError(t, err) + defer os.Remove(f.Name()) + + data := ` +[metrics_listener] +network = "tcp" +addr = "localhost:3445" +` + _, err = io.WriteString(f, data) + require.NoError(t, err) + require.NoError(t, f.Close()) + + args := []string{ + "-config", f.Name(), + "-prometheusListenAddr", "prometheus listen addr", + } + _, _, err = buildConfig("test", args) + require.EqualError(t, err, "configFile: both prometheusListenAddr and metrics_listener can't be specified") } func TestConfigErrorHelp(t *testing.T) { @@ -215,6 +279,7 @@ func TestConfigFlagParsing(t *testing.T) { APICILongPollingDuration: 234 * time.Second, PropagateCorrelationID: true, ImageResizerConfig: config.DefaultImageResizerConfig, + MetricsListener: &config.ListenerConfig{Network: "tcp", Addr: "prometheus listen addr"}, } require.Equal(t, expectedCfg, cfg) } diff --git a/workhorse/internal/config/config.go b/workhorse/internal/config/config.go index e83f55f43bf..3ce88f449a9 100644 --- a/workhorse/internal/config/config.go +++ b/workhorse/internal/config/config.go @@ -120,6 +120,7 @@ type Config struct { TrustedCIDRsForXForwardedFor []string `toml:"trusted_cidrs_for_x_forwarded_for"` TrustedCIDRsForPropagation []string `toml:"trusted_cidrs_for_propagation"` Listeners []ListenerConfig `toml:"listeners"` + MetricsListener *ListenerConfig `toml:"metrics_listener"` } var DefaultImageResizerConfig = ImageResizerConfig{ diff --git a/workhorse/main.go b/workhorse/main.go index 55c29b8abf5..054714fce6a 100644 --- a/workhorse/main.go +++ b/workhorse/main.go @@ -149,6 +149,14 @@ func buildConfig(arg0 string, args []string) (*bootConfig, *config.Config, error return nil, nil, fmt.Errorf("configFile: %v", err) } + cfg.MetricsListener = cfgFromFile.MetricsListener + if boot.prometheusListenAddr != "" { + if cfg.MetricsListener != nil { + return nil, nil, fmt.Errorf("configFile: both prometheusListenAddr and metrics_listener can't be specified") + } + cfg.MetricsListener = &config.ListenerConfig{Network: "tcp", Addr: boot.prometheusListenAddr} + } + cfg.Redis = cfgFromFile.Redis cfg.ObjectStorageCredentials = cfgFromFile.ObjectStorageCredentials cfg.ImageResizerConfig = cfgFromFile.ImageResizerConfig @@ -196,11 +204,10 @@ func run(boot bootConfig, cfg config.Config) error { } monitoringOpts := []monitoring.Option{monitoring.WithBuildInformation(Version, BuildTime)} - - if boot.prometheusListenAddr != "" { - l, err := net.Listen("tcp", boot.prometheusListenAddr) + if cfg.MetricsListener != nil { + l, err := newListener("metrics", *cfg.MetricsListener) if err != nil { - return fmt.Errorf("prometheusListenAddr: %v", err) + return err } monitoringOpts = append(monitoringOpts, monitoring.WithListener(l)) }