kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2021-07-29 21:10:10 +00:00
parent 13592f8455
commit e4df6a7c53
42 changed files with 412 additions and 255 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
app/mailers/emails/projects.rb
View File

@ -60,9 +60,32 @@ module Emails
@project = project
@alert = alert.present
add_project_headers
add_alert_headers
subject_text = "Alert: #{@alert.email_title}"
mail(to: user.notification_email_for(@project.group), subject: subject(subject_text))
end
private
def add_alert_headers
return unless @alert
headers['X-GitLab-Alert-ID'] = @alert.id
headers['X-GitLab-Alert-IID'] = @alert.iid
headers['X-GitLab-NotificationReason'] = "alert_#{@alert.state}"
add_incident_headers
end
def add_incident_headers
incident = @alert.issue
return unless incident
headers['X-GitLab-Incident-ID'] = incident.id
headers['X-GitLab-Incident-IID'] = incident.iid
end
end
end

40
app/models/integrations/irker.rb
View File

@ -4,6 +4,8 @@ require 'uri'
module Integrations
class Irker < Integration
include ActionView::Helpers::UrlHelper
prop_accessor :server_host, :server_port, :default_irc_uri
prop_accessor :recipients, :channels
boolean_accessor :colorize_messages
@ -12,11 +14,11 @@ module Integrations
before_validation :get_channels
def title
'Irker (IRC gateway)'
s_('IrkerService|irker (IRC gateway)')
end
def description
'Send IRC messages.'
s_('IrkerService|Send update messages to an irker server.')
end
def self.to_param
@ -42,33 +44,25 @@ module Integrations
end
def fields
recipients_docs_link = link_to s_('IrkerService|How to enter channels or users?'), Rails.application.routes.url_helpers.help_page_url('user/project/integrations/irker', anchor: 'enter-irker-recipients'), target: '_blank', rel: 'noopener noreferrer'
[
{ type: 'text', name: 'server_host', placeholder: 'localhost',
help: 'Irker daemon hostname (defaults to localhost)' },
{ type: 'text', name: 'server_port', placeholder: 6659,
help: 'Irker daemon port (defaults to 6659)' },
{ type: 'text', name: 'default_irc_uri', title: 'Default IRC URI',
help: 'A default IRC URI to prepend before each recipient (optional)',
{ type: 'text', name: 'server_host', placeholder: 'localhost', title: s_('IrkerService|Server host (optional)'),
help: s_('IrkerService|irker daemon hostname (defaults to localhost).') },
{ type: 'text', name: 'server_port', placeholder: 6659, title: s_('IrkerService|Server port (optional)'),
help: s_('IrkerService|irker daemon port (defaults to 6659).') },
{ type: 'text', name: 'default_irc_uri', title: s_('IrkerService|Default IRC URI (optional)'),
help: s_('IrkerService|URI to add before each recipient.'),
placeholder: 'irc://irc.network.net:6697/' },
{ type: 'textarea', name: 'recipients',
placeholder: 'Recipients/channels separated by whitespaces', required: true,
help: 'Recipients have to be specified with a full URI: '\
'irc[s]://irc.network.net[:port]/#channel. Special cases: if '\
'you want the channel to be a nickname instead, append ",isnick" to ' \
'the channel name; if the channel is protected by a secret password, ' \
' append "?key=secretpassword" to the URI (Note that due to a bug, if you ' \
' want to use a password, you have to omit the "#" on the channel). If you ' \
' specify a default IRC URI to prepend before each recipient, you can just ' \
' give a channel name.' },
{ type: 'checkbox', name: 'colorize_messages' }
{ type: 'textarea', name: 'recipients', title: s_('IrkerService|Recipients'),
placeholder: 'irc[s]://irc.network.net[:port]/#channel', required: true,
help: s_('IrkerService|Channels and users separated by whitespaces. %{recipients_docs_link}').html_safe % { recipients_docs_link: recipients_docs_link.html_safe } },
{ type: 'checkbox', name: 'colorize_messages', title: _('Colorize messages') }
]
end
def help
' NOTE: Irker does NOT have built-in authentication, which makes it' \
' vulnerable to spamming IRC channels if it is hosted outside of a ' \
' firewall. Please make sure you run the daemon within a secured network ' \
' to prevent abuse. For more details, read: http://www.catb.org/~esr/irker/security.html.'
docs_link = link_to _('Learn more.'), Rails.application.routes.url_helpers.help_page_url('user/project/integrations/irker', anchor: 'set-up-an-irker-daemon'), target: '_blank', rel: 'noopener noreferrer'
s_('IrkerService|Send update messages to an irker server. Before you can use this, you need to set up the irker daemon. %{docs_link}').html_safe % { docs_link: docs_link.html_safe }
end
private

2
app/models/members/group_member.rb
View File

@ -28,8 +28,6 @@ class GroupMember < Member
attr_accessor :last_owner, :last_blocked_owner
self.enumerate_columns_in_select_statements = true
def self.access_level_roles
Gitlab::Access.options_with_owner
end

9
app/models/user.rb
View File

@ -1576,10 +1576,11 @@ class User < ApplicationRecord
.order('routes.path')
end
def namespaces
namespace_ids = groups.pluck(:id)
namespace_ids.push(namespace.id)
Namespace.where(id: namespace_ids)
def namespaces(owned_only: false)
user_groups = owned_only ? owned_groups : groups
personal_namespace = Namespace.where(id: namespace.id)
Namespace.from_union([user_groups, personal_namespace])
end
def oauth_authorized_tokens

2
app/policies/project_policy.rb
View File

@ -533,7 +533,7 @@ class ProjectPolicy < BasePolicy
enable :read_project_for_iids
end
rule { ~project_allowed_for_job_token }.prevent_all
rule { ~public_project & ~internal_access & ~project_allowed_for_job_token }.prevent_all
rule { can?(:public_access) }.policy do
enable :read_package

2
app/views/projects/commits/show.html.haml
View File

@ -26,7 +26,7 @@
= form_tag(project_commits_path(@project, @id), method: :get, class: 'commits-search-form js-signature-container', data: { 'signatures-path' => namespace_project_signatures_path }) do
= search_field_tag :search, params[:search], { placeholder: _('Search by message'), id: 'commits-search', class: 'form-control gl-form-input input-short gl-mt-3 gl-sm-mt-0 gl-min-w-full', spellcheck: false }
.control.d-none.d-md-block
= link_to project_commits_path(@project, @ref, rss_url_options), title: _("Commits feed"), class: 'btn gl-button btn-default btn-icon' do
= link_to project_commits_path(@project, @id, rss_url_options), title: _("Commits feed"), class: 'btn gl-button btn-default btn-icon' do
= sprite_icon('rss', css_class: 'qa-rss-icon')
= render_if_exists 'projects/commits/mirror_status'

6
config/initializers/active_record_build_select.rb
View File

@ -9,10 +9,6 @@
# statement cache. If a different migration is then run and one of these columns is
# removed in the meantime, the query is invalid.
ActiveRecord::Base.class_eval do
class_attribute :enumerate_columns_in_select_statements
end
module ActiveRecord
module QueryMethods
private
@ -20,8 +16,6 @@ module ActiveRecord
def build_select(arel)
if select_values.any?
arel.project(*arel_columns(select_values.uniq))
elsif klass.enumerate_columns_in_select_statements
arel.project(*klass.column_names.map { |field| table[field] })
else
arel.project(@klass.arel_table[Arel.star])
end

27
db/post_migrate/20210727175201_remove_unused_columns_from_elastic_reindexing_tasks.rb Normal file
View File

@ -0,0 +1,27 @@
# frozen_string_literal: true
class RemoveUnusedColumnsFromElasticReindexingTasks < ActiveRecord::Migration[6.1]
include Gitlab::Database::MigrationHelpers
disable_ddl_transaction!
def up
remove_column :elastic_reindexing_tasks, :documents_count, :integer
remove_column :elastic_reindexing_tasks, :index_name_from, :text
remove_column :elastic_reindexing_tasks, :index_name_to, :text
remove_column :elastic_reindexing_tasks, :elastic_task, :text
remove_column :elastic_reindexing_tasks, :documents_count_target, :integer
end
def down
add_column :elastic_reindexing_tasks, :documents_count, :integer
add_column :elastic_reindexing_tasks, :index_name_from, :text
add_column :elastic_reindexing_tasks, :index_name_to, :text
add_column :elastic_reindexing_tasks, :elastic_task, :text
add_column :elastic_reindexing_tasks, :documents_count_target, :integer
add_text_limit :elastic_reindexing_tasks, :index_name_from, 255
add_text_limit :elastic_reindexing_tasks, :index_name_to, 255
add_text_limit :elastic_reindexing_tasks, :elastic_task, 255
end
end

1
db/schema_migrations/20210727175201 Normal file
View File

@ -0,0 +1 @@
c7ae79084b802723a24064cb700b6cdc9a23011d3fed45457799c1ae7aa19ce6

10
db/structure.sql
View File

@ -12661,21 +12661,13 @@ CREATE TABLE elastic_reindexing_tasks (
id bigint NOT NULL,
created_at timestamp with time zone NOT NULL,
updated_at timestamp with time zone NOT NULL,
documents_count integer,
state smallint DEFAULT 0 NOT NULL,
in_progress boolean DEFAULT true NOT NULL,
index_name_from text,
index_name_to text,
elastic_task text,
error_message text,
documents_count_target integer,
delete_original_index_at timestamp with time zone,
max_slices_running smallint DEFAULT 60 NOT NULL,
slice_multiplier smallint DEFAULT 2 NOT NULL,
CONSTRAINT check_04151aca42 CHECK ((char_length(index_name_from) <= 255)),
CONSTRAINT check_7f64acda8e CHECK ((char_length(error_message) <= 255)),
CONSTRAINT check_85ebff7124 CHECK ((char_length(index_name_to) <= 255)),
CONSTRAINT check_942e5aae53 CHECK ((char_length(elastic_task) <= 255))
CONSTRAINT check_7f64acda8e CHECK ((char_length(error_message) <= 255))
);
CREATE SEQUENCE elastic_reindexing_tasks_id_seq

2
doc/.vale/gitlab/spelling-exceptions.txt
View File

@ -270,7 +270,7 @@ innersourcing
interdependencies
interdependency
interruptible
Irker
irker
issuables
Istio
Jaeger

2
doc/administration/logs.md
View File

@ -342,7 +342,7 @@ Depending on your installation method, this file is located at:
- Installations from source: `/home/git/gitlab/log/integrations_json.log`
It contains information about [integration](../user/project/integrations/overview.md)
activities, such as Jira, Asana, and Irker services. It uses JSON format,
activities, such as Jira, Asana, and irker services. It uses JSON format,
like this example:
```json

6
doc/api/index.md
View File

@ -259,7 +259,7 @@ Refer to this feature's version history for more details.
You can limit the access scope of a project's CI/CD job token to increase the
job token's security. A job token might give extra permissions that aren't necessary
to access specific resources. Limiting the job token access scope reduces the risk of a leaked
to access specific private resources. Limiting the job token access scope reduces the risk of a leaked
token being used to access private data that the user associated to the job can access.
Control the job token access scope with an allowlist of other projects authorized
@ -273,7 +273,9 @@ setting at all times, and configure the allowlist for cross-project access if ne
For example, when the setting is enabled, jobs in a pipeline in project `A` have
a `CI_JOB_TOKEN` scope limited to project `A`. If the job needs to use the token
to make an API request to project `B`, then `B` must be added to the allowlist for `A`.
to make an API request to a private project `B`, then `B` must be added to the allowlist for `A`.
If project `B` is public or internal, it doesn't need to be added to the allowlist.
The job token scope is only for controlling access to private projects.
To enable and configure the job token scope limit:

49
doc/api/namespaces.md
View File

@ -21,8 +21,15 @@ administrator, a list of all namespaces in the GitLab instance is shown.
```plaintext
GET /namespaces
GET /namespaces?search=foobar
GET /namespaces?owned_only=true
```
| Attribute | Type | Required | Description |
| ------------ | ------- | -------- | ----------- |
| `search` | string | no | Returns a list of namespaces the user is authorized to view based on the search criteria |
| `owned_only` | boolean | no | In GitLab 14.2 and later, returns a list of owned namespaces only |
Example request:
```shell
@ -116,48 +123,6 @@ once a day.
NOTE:
Only group owners are presented with `members_count_with_descendants` and `plan`.
## Search for namespace
Get all namespaces that match a string in their name or path.
```plaintext
GET /namespaces?search=foobar
```
| Attribute | Type | Required | Description |
| --------- | ------ | -------- | ----------- |
| `search` | string | no | Returns a list of namespaces the user is authorized to see based on the search criteria |
Example request:
```shell
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/namespaces?search=twitter"
```
Example response:
```json
[
{
"id": 4,
"name": "twitter",
"path": "twitter",
"kind": "group",
"full_path": "twitter",
"parent_id": null,
"avatar_url": null,
"web_url": "https://gitlab.example.com/groups/twitter",
"members_count_with_descendants": 2,
"billable_members_count": 2,
"max_seats_used": 0,
"seats_in_use": 0,
"plan": "default",
"trial_ends_on": null,
"trial": false
}
]
```
## Get namespace by ID
Get a namespace by ID.

19
doc/api/services.md
View File

@ -695,16 +695,15 @@ Get Hangouts Chat service settings for a project.
GET /projects/:id/services/hangouts-chat
```
## Irker (IRC gateway)
## irker (IRC gateway)
Send IRC messages, on update, to a list of recipients through an Irker gateway.
Send IRC messages, on update, to a list of recipients through an irker gateway.
### Create/Edit Irker (IRC gateway) service
For more information, see the [irker integration documentation](../user/project/integrations/irker.md).
Set Irker (IRC gateway) service for a project.
### Create/Edit irker (IRC gateway) service
NOTE:
Irker does NOT have built-in authentication, which makes it vulnerable to spamming IRC channels if it is hosted outside of a firewall. Please make sure you run the daemon within a secured network to prevent abuse. For more details, read [Security analysis of `irker`](http://www.catb.org/~esr/irker/security.html).
Set irker (IRC gateway) service for a project.
```plaintext
PUT /projects/:id/services/irker
@ -721,17 +720,17 @@ Parameters:
| `colorize_messages` | boolean | false | Colorize messages |
| `push_events` | boolean | false | Enable notifications for push events |
### Delete Irker (IRC gateway) service
### Delete irker (IRC gateway) service
Delete Irker (IRC gateway) service for a project.
Delete irker (IRC gateway) service for a project.
```plaintext
DELETE /projects/:id/services/irker
```
### Get Irker (IRC gateway) service settings
### Get irker (IRC gateway) service settings
Get Irker (IRC gateway) service settings for a project.
Get irker (IRC gateway) service settings for a project.
```plaintext
GET /projects/:id/services/irker

88
doc/ci/yaml/index.md
View File

@ -3353,6 +3353,50 @@ Coverage output from [child pipelines](../pipelines/parent_child_pipelines.md) i
or displayed. Check [the related issue](https://gitlab.com/gitlab-org/gitlab/-/issues/280818)
for more details.
## `dast_configuration` **(ULTIMATE)**
> [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/5981) in GitLab 14.1.
Use the `dast_configuration` keyword to specify a site profile and scanner profile to be used in a
CI/CD configuration. Both profiles must first have been created in the project. The job's stage must
be `dast`.
**Keyword type**: Job keyword. You can use only as part of a job.
**Possible inputs**: One each of `site_profile` and `scanner_profile`.
- Use `site_profile` to specify the site profile to be used in the job.
- Use `scanner_profile` to specify the scanner profile to be used in the job.
**Example of `dast_configuration`**:
```yaml
stages:
- build
- dast
include:
- template: DAST.gitlab-ci.yml
dast:
dast_configuration:
site_profile: "Example Co"
scanner_profile: "Quick Passive Test"
```
In this example, the `dast` job extends the `dast` configuration added with the `include:` keyword
to select a specific site profile and scanner profile.
**Additional details**:
- Settings contained in either a site profile or scanner profile take precedence over those
contained in the DAST template.
**Related topics**:
- [Site profile](../../user/application_security/dast/index.md#site-profile).
- [Scanner profile](../../user/application_security/dast/index.md#scanner-profile).
### `retry`
> [Introduced](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/3515) in GitLab 11.5, you can control which failures to retry on.
@ -4551,50 +4595,6 @@ You can use [CI/CD variables](../variables/index.md) to configure how the runner
You can also use variables to configure how many times a runner
[attempts certain stages of job execution](../runners/configure_runners.md#job-stages-attempts).
## `dast_configuration` **(ULTIMATE)**
> [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/5981) in GitLab 14.1.
Use the `dast_configuration` keyword to specify a site profile and scanner profile to be used in a
CI/CD configuration. Both profiles must first have been created in the project. The job's stage must
be `dast`.
**Keyword type**: Job keyword. You can use only as part of a job.
**Possible inputs**: One each of `site_profile` and `scanner_profile`.
- Use `site_profile` to specify the site profile to be used in the job.
- Use `scanner_profile` to specify the scanner profile to be used in the job.
**Example of `dast_configuration`**:
```yaml
stages:
- build
- dast
include:
- template: DAST.gitlab-ci.yml
dast:
dast_configuration:
site_profile: "Example Co"
scanner_profile: "Quick Passive Test"
```
In this example, the `dast` job extends the `dast` configuration added with the `include:` keyword
to select a specific site profile and scanner profile.
**Additional details**:
- Settings contained in either a site profile or scanner profile take precedence over those
contained in the DAST template.
**Related topics**:
- [Site profile](../../user/application_security/dast/index.md#site-profile).
- [Scanner profile](../../user/application_security/dast/index.md#scanner-profile).
## YAML-specific features
In your `.gitlab-ci.yml` file, you can use YAML-specific features like anchors (`&`), aliases (`*`),

12
doc/user/packages/generic_packages/index.md
View File

@ -131,6 +131,18 @@ download:
- 'wget --header="JOB-TOKEN: $CI_JOB_TOKEN" ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/my_package/0.0.1/file.txt'
```
When using a Windows runner with PowerShell, you must use `Invoke-WebRequest` or `Invoke-RestMethod`
instead of `curl` in the `upload` and `download` stages.
For example:
```yaml
upload:
stage: upload
script:
- Invoke-RestMethod -Headers @{ "JOB-TOKEN"="$CI_JOB_TOKEN" } -InFile path/to/file.txt -uri "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/my_package/0.0.1/file.txt" -Method put
```
### Enable or disable generic packages in the Package Registry
Support for generic packages is under development but ready for production use.

9
doc/user/profile/notifications.md
View File

@ -328,5 +328,12 @@ reason `assigned` has this sentence in the footer:
- `You are receiving this email because you have been assigned an item on <configured GitLab hostname>.`
NOTE:
Notification of other events is being considered for inclusion in the `X-GitLab-NotificationReason` header. For details, see this [related issue](https://gitlab.com/gitlab-org/gitlab/-/issues/20689).
For example, an alert notification email can have one of
[the alert's](../../operations/incident_management/alerts.md) statuses:
- `alert_triggered`
- `alert_acknowledged`
- `alert_resolved`
- `alert_ignored`

88
doc/user/project/integrations/irker.md
View File

@ -4,57 +4,69 @@ group: Ecosystem
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
---
# Irker IRC Gateway **(FREE)**
# irker IRC Gateway **(FREE)**
GitLab provides a way to push update messages to an Irker server. When
GitLab provides a way to push update messages to an irker server. When
configured, pushes to a project trigger the service to send data directly
to the Irker server.
to the irker server.
See the [project homepage](https://gitlab.com/esr/irker) for further information.
See also the [irker integration API documentation](../../../api/services.md).
## Needed setup
For more information, see the [irker project homepage](https://gitlab.com/esr/irker).
You first need an Irker daemon. You can download the Irker code
[from its repository](https://gitlab.com/esr/irker):
## Set up an irker daemon
```shell
git clone https://gitlab.com/esr/irker.git
```
You need to set up an irker daemon. To do so:
Once you have downloaded the code, you can run the Python script named `irkerd`.
This script is the gateway script, it acts both as an IRC client, for sending
messages to an IRC server, and as a TCP server, for receiving messages
from the GitLab service.
1. Download the irker code [from its repository](https://gitlab.com/esr/irker):
If the Irker server runs on the same machine, you are done. If not, you
```shell
git clone https://gitlab.com/esr/irker.git
```
1. Run the Python script named `irkerd`. This is the gateway script.
It acts both as an IRC client, for sending messages to an IRC server,
and as a TCP server, for receiving messages from the GitLab service.
If the irker server runs on the same machine, you are done. If not, you
need to follow the first steps of the next section.
WARNING:
irker does **not** have built-in authentication, which makes it vulnerable to spamming IRC channels if
it is hosted outside of a firewall. To prevent abuse, make sure you run the daemon on a secured
network. For more details, read
[Security analysis of irker](http://www.catb.org/~esr/irker/security.html).
## Complete these steps in GitLab
1. Navigate to the project you want to configure for notifications.
1. Navigate to the [Integrations page](overview.md#accessing-integrations)
1. Click "Irker".
1. On the top bar, select **Menu > Projects** and find the project you want to
configure for notifications.
1. Navigate to the [Integrations page](overview.md#accessing-integrations).
1. Select **irker (IRC gateway)**.
1. Ensure that the **Active** toggle is enabled.
1. Enter the server host address where `irkerd` runs (defaults to `localhost`)
in the `Server host` field on the Web page
1. Enter the server port of `irkerd` (e.g. defaults to 6659) in the
`Server port` field on the Web page.
1. Optional: if `Default IRC URI` is set, it has to be in the format
`irc[s]://domain.name` and is prepended to each and every channel provided
by the user which is not a full URI.
1. Specify the recipients (e.g. #channel1, user1, etc.)
1. Save or optionally click "Test Settings".
1. Optional. Under **Server host**, enter the server host address where `irkerd` runs. If empty,
it defaults to `localhost`.
1. Optional. Under **Server port**, enter the server port of `irkerd`. If empty, it defaults to `6659`.
1. Optional. Under **Default IRC URI**, enter the default IRC URI, in the format `irc[s]://domain.name`.
It's prepended to every channel or user provided under **Recipients**, which is not a full URI.
1. Under **Recipients**, enter the users or channels to receive updates, separated by spaces
(for example, `#channel1 user1`). For more details, see [Enter irker recipients](#enter-irker-recipients).
1. Optional. Under **Colorize messages**, select the checkbox. irker will highlight your messages.
1. Select **Save changes** or optionally select **Test Settings**.
## Note on Irker recipients
## Enter irker recipients
Irker accepts channel names of the form `chan` and `#chan`, both for the
`#chan` channel. If you want to send messages in query, you need to add
`,isnick` after the channel name, in this form: `Aorimn,isnick`. In this latter
case, `Aorimn` is treated as a nick and no more as a channel name.
If you left the **Default IRC URI** field empty, enter recipients as a full URI:
`irc[s]://irc.network.net[:port]/#channel`. If you entered a default IRC URI there, you can use just
channel or user names.
Irker can also join password-protected channels. Users need to append
`?key=thesecretpassword` to the channel name. When using this feature remember to
**not** put the `#` sign in front of the channel name; failing to do so
results in Irker joining a channel literally named `#chan?key=password` henceforth
leaking the channel key through the `/whois` IRC command (depending on IRC server
configuration). This is due to a long standing Irker bug.
To send messages:
- To a channel (for example, `#chan`), irker accepts channel names of the form `chan` and
`#chan`.
- To a password-protected channel, append `?key=thesecretpassword` to the channel name,
with the channel password instead of `thesecretpassword`. For example, `chan?key=hunter2`.
Do **not** put the `#` sign in front of the channel name. If you do, irker tries to join a
channel named `#chan?key=password` and so it can leak the channel password through the
`/whois` IRC command. This is due to a long-standing irker bug.
- In a user query, add `,isnick` after the user name. For example, `UserSmith,isnick`.

2
doc/user/project/integrations/overview.md
View File

@ -41,7 +41,7 @@ Click on the service links to see further configuration instructions and details
| [Flowdock](../../../api/services.md#flowdock) | Send notifications from GitLab to Flowdock flows. | **{dotted-circle}** No |
| [GitHub](github.md) | Obtain statuses for commits and pull requests. | **{dotted-circle}** No |
| [Google Chat](hangouts_chat.md) | Send notifications from your GitLab project to a room in Google Chat.| **{dotted-circle}** No |
| [Irker (IRC gateway)](irker.md) | Send IRC messages. | **{dotted-circle}** No |
| [irker (IRC gateway)](irker.md) | Send IRC messages. | **{dotted-circle}** No |
| [Jenkins](../../../integration/jenkins.md) | Run CI/CD pipelines with Jenkins. | **{check-circle}** Yes |
| JetBrains TeamCity CI | Run CI/CD pipelines with TeamCity. | **{check-circle}** Yes |
| [Jira](jira.md) | Use Jira as the issue tracker. | **{dotted-circle}** No |

6
lib/api/environments.rb
View File

@ -77,7 +77,7 @@ module API
desc "Delete multiple stopped review apps" do
detail "Remove multiple stopped review environments older than a specific age"
success Entities::Environment
success Entities::EnvironmentBasic
end
params do
optional :before, type: Time, desc: "The timestamp before which environments can be deleted. Defaults to 30 days ago.", default: -> { 30.days.ago }
@ -90,8 +90,8 @@ module API
result = ::Environments::ScheduleToDeleteReviewAppsService.new(user_project, current_user, params).execute
response = {
scheduled_entries: Entities::Environment.represent(result.scheduled_entries),
unprocessable_entries: Entities::Environment.represent(result.unprocessable_entries)
scheduled_entries: Entities::EnvironmentBasic.represent(result.scheduled_entries),
unprocessable_entries: Entities::EnvironmentBasic.represent(result.unprocessable_entries)
}
if result.success?

5
lib/api/namespaces.rb
View File

@ -27,12 +27,15 @@ module API
end
params do
optional :search, type: String, desc: "Search query for namespaces"
optional :owned_only, type: Boolean, desc: "Owned namespaces only"
use :pagination
use :optional_list_params_ee
end
get do
namespaces = current_user.admin ? Namespace.all : current_user.namespaces
owned_only = params[:owned_only] == true
namespaces = current_user.admin ? Namespace.all : current_user.namespaces(owned_only: owned_only)
namespaces = namespaces.include_route

39
locale/gitlab.pot
View File

@ -7988,6 +7988,9 @@ msgstr ""
msgid "Collector hostname"
msgstr ""
msgid "Colorize messages"
msgstr ""
msgid "ComboSearch is not defined"
msgstr ""
@ -18122,6 +18125,42 @@ msgstr ""
msgid "Invocations"
msgstr ""
msgid "IrkerService|Channels and users separated by whitespaces. %{recipients_docs_link}"
msgstr ""
msgid "IrkerService|Default IRC URI (optional)"
msgstr ""
msgid "IrkerService|How to enter channels or users?"
msgstr ""
msgid "IrkerService|Recipients"
msgstr ""
msgid "IrkerService|Send update messages to an irker server."
msgstr ""
msgid "IrkerService|Send update messages to an irker server. Before you can use this, you need to set up the irker daemon. %{docs_link}"
msgstr ""
msgid "IrkerService|Server host (optional)"
msgstr ""
msgid "IrkerService|Server port (optional)"
msgstr ""
msgid "IrkerService|URI to add before each recipient."
msgstr ""
msgid "IrkerService|irker (IRC gateway)"
msgstr ""
msgid "IrkerService|irker daemon hostname (defaults to localhost)."
msgstr ""
msgid "IrkerService|irker daemon port (defaults to 6659)."
msgstr ""
msgid "Is blocked by"
msgstr ""

6
spec/features/projects/services/user_activates_irker_spec.rb
View File

@ -2,16 +2,16 @@
require 'spec_helper'
RSpec.describe 'User activates Irker (IRC gateway)' do
RSpec.describe 'User activates irker (IRC gateway)' do
include_context 'project service activation'
it 'activates service', :js do
visit_project_integration('Irker (IRC gateway)')
visit_project_integration('irker (IRC gateway)')
check('Colorize messages')
fill_in('Recipients', with: 'irc://chat.freenode.net/#commits')
click_test_then_save_integration(expect_test_to_fail: false)
expect(page).to have_content('Irker (IRC gateway) settings saved and active.')
expect(page).to have_content('irker (IRC gateway) settings saved and active.')
end
end

2
spec/features/projects/services/user_views_services_spec.rb
View File

@ -16,7 +16,7 @@ RSpec.describe 'User views services', :js do
expect(page).to have_content('Atlassian Bamboo')
expect(page).to have_content('JetBrains TeamCity')
expect(page).to have_content('Asana')
expect(page).to have_content('Irker (IRC gateway)')
expect(page).to have_content('irker (IRC gateway)')
expect(page).to have_content('Packagist')
end
end

9
spec/fixtures/api/schemas/public_api/v4/environments.json vendored Normal file
View File

@ -0,0 +1,9 @@
{
"type": "array",
"items": {
"type": "object",
"properties": {
"$ref": "./environment.json"
}
}
}

21
spec/mailers/emails/projects_spec.rb
View File

@ -36,6 +36,27 @@ RSpec.describe Emails::Projects do
Notify.prometheus_alert_fired_email(project, user, alert)
end
it_behaves_like 'an email with X-GitLab headers containing project details'
it 'has expected X-GitLab alert headers', :aggregate_failures do
is_expected.to have_header('X-GitLab-Alert-ID', /#{alert.id}/)
is_expected.to have_header('X-GitLab-Alert-IID', /#{alert.iid}/)
is_expected.to have_header('X-GitLab-NotificationReason', "alert_#{alert.state}")
is_expected.not_to have_header('X-GitLab-Incident-ID', /.+/)
is_expected.not_to have_header('X-GitLab-Incident-IID', /.+/)
end
context 'with incident' do
let(:alert) { create(:alert_management_alert, :with_issue, :from_payload, payload: payload, project: project) }
let(:incident) { alert.issue }
it 'has expected X-GitLab incident headers', :aggregate_failures do
is_expected.to have_header('X-GitLab-Incident-ID', /#{incident.id}/)
is_expected.to have_header('X-GitLab-Incident-IID', /#{incident.iid}/)
end
end
context 'with empty payload' do
let(:payload) { {} }

9
spec/models/user_spec.rb
View File

@ -1798,6 +1798,15 @@ RSpec.describe User do
it { expect(user.namespaces).to contain_exactly(user.namespace, group) }
it { expect(user.manageable_namespaces).to contain_exactly(user.namespace, group) }
context 'with owned groups only' do
before do
other_group = create(:group)
other_group.add_developer(user)
end
it { expect(user.namespaces(owned_only: true)).to contain_exactly(user.namespace, group) }
end
context 'with child groups' do
let!(:subgroup) { create(:group, parent: group) }

101
spec/policies/project_policy_spec.rb
View File

@ -1419,66 +1419,65 @@ RSpec.describe ProjectPolicy do
end
describe 'when user is authenticated via CI_JOB_TOKEN', :request_store do
let(:current_user) { developer }
let(:job) { build_stubbed(:ci_build, project: scope_project, user: current_user) }
using RSpec::Parameterized::TableSyntax
before do
current_user.set_ci_job_token_scope!(job)
scope_project.update!(ci_job_token_scope_enabled: true)
where(:project_visibility, :user_role, :external_user, :scope_project_type, :token_scope_enabled, :result) do
:private | :reporter | false | :same | true | true
:private | :reporter | false | :same | false | true
:private | :reporter | false | :different | true | false
:private | :reporter | false | :different | false | true
:private | :guest | false | :same | true | true
:private | :guest | false | :same | false | true
:private | :guest | false | :different | true | false
:private | :guest | false | :different | false | true
:internal | :reporter | false | :same | true | true
:internal | :reporter | true | :same | true | true
:internal | :reporter | false | :same | false | true
:internal | :reporter | false | :different | true | true
:internal | :reporter | true | :different | true | false
:internal | :reporter | false | :different | false | true
:internal | :guest | false | :same | true | true
:internal | :guest | true | :same | true | true
:internal | :guest | false | :same | false | true
:internal | :guest | false | :different | true | true
:internal | :guest | true | :different | true | false
:internal | :guest | false | :different | false | true
:public | :reporter | false | :same | true | true
:public | :reporter | false | :same | false | true
:public | :reporter | false | :different | true | true
:public | :reporter | false | :different | false | true
:public | :guest | false | :same | true | true
:public | :guest | false | :same | false | true
:public | :guest | false | :different | true | true
:public | :guest | false | :different | false | true
end
context 'when accessing a private project' do
let(:project) { private_project }
with_them do
let(:current_user) { public_send(user_role) }
let(:project) { public_send("#{project_visibility}_project") }
let(:job) { build_stubbed(:ci_build, project: scope_project, user: current_user) }
context 'when the job token comes from the same project' do
let(:scope_project) { project }
it { is_expected.to be_allowed(:developer_access) }
end
context 'when the job token comes from another project' do
let(:scope_project) { create(:project, :private) }
before do
scope_project.add_developer(current_user)
end
it { is_expected.to be_disallowed(:guest_access) }
context 'when job token scope is disabled' do
before do
scope_project.update!(ci_job_token_scope_enabled: false)
end
it { is_expected.to be_allowed(:guest_access) }
let(:scope_project) do
if scope_project_type == :same
project
else
create(:project, :private)
end
end
end
context 'when accessing a public project' do
let(:project) { public_project }
context 'when the job token comes from the same project' do
let(:scope_project) { project }
it { is_expected.to be_allowed(:developer_access) }
before do
current_user.set_ci_job_token_scope!(job)
current_user.external = external_user
scope_project.update!(ci_job_token_scope_enabled: token_scope_enabled)
end
context 'when the job token comes from another project' do
let(:scope_project) { create(:project, :private) }
before do
scope_project.add_developer(current_user)
end
it { is_expected.to be_disallowed(:public_access) }
context 'when job token scope is disabled' do
before do
scope_project.update!(ci_job_token_scope_enabled: false)
end
it { is_expected.to be_allowed(:public_access) }
it "enforces the expected permissions" do
if result
is_expected.to be_allowed("#{user_role}_access".to_sym)
else
is_expected.to be_disallowed("#{user_role}_access".to_sym)
end
end
end

2
spec/requests/api/environments_spec.rb
View File

@ -360,6 +360,8 @@ RSpec.describe API::Environments do
expect(json_response["scheduled_entries"].size).to eq(1)
expect(json_response["scheduled_entries"].first["id"]).to eq(old_stopped_review_env.id)
expect(json_response["unprocessable_entries"].size).to eq(0)
expect(json_response["scheduled_entries"]).to match_schema('public_api/v4/environments')
expect(json_response["unprocessable_entries"]).to match_schema('public_api/v4/environments')
expect(old_stopped_review_env.reload.auto_delete_at).to eq(1.week.from_now)
expect(new_stopped_review_env.reload.auto_delete_at).to be_nil

2
spec/requests/api/generic_packages_spec.rb
View File

@ -18,7 +18,7 @@ RSpec.describe API::GenericPackages do
let_it_be(:project_deploy_token_wo) { create(:project_deploy_token, deploy_token: deploy_token_wo, project: project) }
let(:user) { personal_access_token.user }
let(:ci_build) { create(:ci_build, :running, user: user, project: project) }
let(:ci_build) { create(:ci_build, :running, user: user) }
let(:snowplow_standard_context_params) { { user: user, project: project, namespace: project.namespace } }
def auth_header

2
spec/requests/api/go_proxy_spec.rb
View File

@ -11,7 +11,7 @@ RSpec.describe API::GoProxy do
let_it_be(:base) { "#{Settings.build_gitlab_go_url}/#{project.full_path}" }
let_it_be(:oauth) { create :oauth_access_token, scopes: 'api', resource_owner: user }
let_it_be(:job) { create :ci_build, user: user, status: :running, project: project }
let_it_be(:job) { create :ci_build, user: user, status: :running }
let_it_be(:pa_token) { create :personal_access_token, user: user }
let_it_be(:modules) do

2
spec/requests/api/maven_packages_spec.rb
View File

@ -15,7 +15,7 @@ RSpec.describe API::MavenPackages do
let_it_be(:package_file) { package.package_files.with_file_name_like('%.xml').first }
let_it_be(:jar_file) { package.package_files.with_file_name_like('%.jar').first }
let_it_be(:personal_access_token) { create(:personal_access_token, user: user) }
let_it_be(:job, reload: true) { create(:ci_build, user: user, status: :running, project: project) }
let_it_be(:job, reload: true) { create(:ci_build, user: user, status: :running) }
let_it_be(:deploy_token) { create(:deploy_token, read_package_registry: true, write_package_registry: true) }
let_it_be(:project_deploy_token) { create(:project_deploy_token, deploy_token: deploy_token, project: project) }
let_it_be(:deploy_token_for_group) { create(:deploy_token, :group, read_package_registry: true, write_package_registry: true) }

13
spec/requests/api/namespaces_spec.rb
View File

@ -91,6 +91,19 @@ RSpec.describe API::Namespaces do
expect(json_response).to be_an Array
expect(json_response.length).to eq(1)
end
context 'with owned_only param' do
it 'returns only owned groups' do
group1.add_developer(user)
group2.add_owner(user)
get api("/namespaces?owned_only=true", user)
expect(response).to have_gitlab_http_status(:ok)
expect(response).to include_pagination_headers
expect(json_response.map { |resource| resource['id'] }).to match_array([user.namespace_id, group2.id])
end
end
end
end

2
spec/requests/api/npm_project_packages_spec.rb
View File

@ -78,7 +78,7 @@ RSpec.describe API::NpmProjectPackages do
context 'with a job token for a different user' do
let_it_be(:other_user) { create(:user) }
let_it_be_with_reload(:other_job) { create(:ci_build, :running, user: other_user, project: project) }
let_it_be_with_reload(:other_job) { create(:ci_build, :running, user: other_user) }
let(:headers) { build_token_auth_header(other_job.token) }

2
spec/requests/api/pypi_packages_spec.rb
View File

@ -13,7 +13,7 @@ RSpec.describe API::PypiPackages do
let_it_be(:personal_access_token) { create(:personal_access_token, user: user) }
let_it_be(:deploy_token) { create(:deploy_token, read_package_registry: true, write_package_registry: true) }
let_it_be(:project_deploy_token) { create(:project_deploy_token, deploy_token: deploy_token, project: project) }
let_it_be(:job) { create(:ci_build, :running, user: user, project: project) }
let_it_be(:job) { create(:ci_build, :running, user: user) }
let(:headers) { {} }

2
spec/requests/api/releases_spec.rb
View File

@ -811,7 +811,7 @@ RSpec.describe API::Releases do
end
context 'when using JOB-TOKEN auth' do
let(:job) { create(:ci_build, user: maintainer, project: project) }
let(:job) { create(:ci_build, user: maintainer) }
let(:params) do
{
name: 'Another release',

2
spec/requests/api/rubygem_packages_spec.rb
View File

@ -10,7 +10,7 @@ RSpec.describe API::RubygemPackages do
let_it_be_with_reload(:project) { create(:project) }
let_it_be(:personal_access_token) { create(:personal_access_token) }
let_it_be(:user) { personal_access_token.user }
let_it_be(:job) { create(:ci_build, :running, user: user, project: project) }
let_it_be(:job) { create(:ci_build, :running, user: user) }
let_it_be(:deploy_token) { create(:deploy_token, read_package_registry: true, write_package_registry: true) }
let_it_be(:project_deploy_token) { create(:project_deploy_token, deploy_token: deploy_token, project: project) }
let_it_be(:headers) { {} }

2
spec/requests/api/terraform/modules/v1/packages_spec.rb
View File

@ -12,7 +12,7 @@ RSpec.describe API::Terraform::Modules::V1::Packages do
let_it_be(:package) { create(:terraform_module_package, project: project) }
let_it_be(:personal_access_token) { create(:personal_access_token) }
let_it_be(:user) { personal_access_token.user }
let_it_be(:job) { create(:ci_build, :running, user: user, project: project) }
let_it_be(:job) { create(:ci_build, :running, user: user) }
let_it_be(:deploy_token) { create(:deploy_token, read_package_registry: true, write_package_registry: true) }
let_it_be(:project_deploy_token) { create(:project_deploy_token, deploy_token: deploy_token, project: project) }

2
spec/support/shared_contexts/requests/api/conan_packages_shared_context.rb
View File

@ -11,7 +11,7 @@ RSpec.shared_context 'conan api setup' do
let_it_be(:deploy_token) { create(:deploy_token, read_package_registry: true, write_package_registry: true) }
let(:project) { package.project }
let(:job) { create(:ci_build, :running, user: user, project: project) }
let(:job) { create(:ci_build, :running, user: user) }
let(:job_token) { job.token }
let(:auth_token) { personal_access_token.token }
let(:project_deploy_token) { create(:project_deploy_token, deploy_token: deploy_token, project: project) }

2
spec/support/shared_contexts/requests/api/npm_packages_shared_context.rb
View File

@ -11,7 +11,7 @@ RSpec.shared_context 'npm api setup' do
let_it_be(:package, reload: true) { create(:npm_package, project: project, name: "@#{group.path}/scoped_package") }
let_it_be(:token) { create(:oauth_access_token, scopes: 'api', resource_owner: user) }
let_it_be(:personal_access_token) { create(:personal_access_token, user: user) }
let_it_be(:job, reload: true) { create(:ci_build, user: user, status: :running, project: project) }
let_it_be(:job, reload: true) { create(:ci_build, user: user, status: :running) }
let_it_be(:deploy_token) { create(:deploy_token, read_package_registry: true, write_package_registry: true) }
let_it_be(:project_deploy_token) { create(:project_deploy_token, deploy_token: deploy_token, project: project) }

35
spec/views/projects/commits/show.html.haml_spec.rb Normal file
View File

@ -0,0 +1,35 @@
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe 'projects/commits/show.html.haml' do
let(:project) { create(:project, :repository) }
let(:commits) { [project.commit] }
let(:path) { 'path/to/doc.md' }
before do
assign(:project, project)
assign(:id, path)
assign(:repository, project.repository)
assign(:commits, commits)
assign(:hidden_commit_count, 0)
controller.params[:controller] = 'projects/commits'
controller.params[:action] = 'show'
controller.params[:namespace_id] = project.namespace.to_param
controller.params[:project_id] = project.to_param
allow(view).to receive(:current_user).and_return(nil)
allow(view).to receive(:namespace_project_signatures_path).and_return("/")
end
context 'tree controls' do
before do
render
end
it 'renders atom feed button with matching path' do
expect(rendered).to have_link(href: "#{project_commits_path(project, path)}?format=atom")
end
end
end