Add latest changes from gitlab-org/gitlab@master
This commit is contained in:
parent
e0096a0ef1
commit
eb90b0642d
31 changed files with 165 additions and 25 deletions
|
@ -407,6 +407,7 @@ module ApplicationSettingsHelper
|
|||
:container_registry_import_max_retries,
|
||||
:container_registry_import_start_max_retries,
|
||||
:container_registry_import_max_step_duration,
|
||||
:container_registry_pre_import_tags_rate,
|
||||
:container_registry_pre_import_timeout,
|
||||
:container_registry_import_timeout,
|
||||
:container_registry_import_target_plan,
|
||||
|
|
|
@ -382,6 +382,9 @@ class ApplicationSetting < ApplicationRecord
|
|||
allow_nil: false,
|
||||
numericality: { only_integer: true, greater_than_or_equal_to: 0 }
|
||||
|
||||
validates :container_registry_pre_import_tags_rate,
|
||||
allow_nil: false,
|
||||
numericality: { greater_than_or_equal_to: 0 }
|
||||
validates :container_registry_import_target_plan, presence: true
|
||||
validates :container_registry_import_created_before, presence: true
|
||||
|
||||
|
|
|
@ -224,6 +224,7 @@ module ApplicationSettingImplementation
|
|||
container_registry_import_max_retries: 3,
|
||||
container_registry_import_start_max_retries: 50,
|
||||
container_registry_import_max_step_duration: 5.minutes,
|
||||
container_registry_pre_import_tags_rate: 0.5,
|
||||
container_registry_pre_import_timeout: 30.minutes,
|
||||
container_registry_import_timeout: 10.minutes,
|
||||
container_registry_import_target_plan: 'free',
|
||||
|
|
|
@ -75,9 +75,19 @@ module ContainerRegistry
|
|||
end
|
||||
end
|
||||
|
||||
if repository.migration_state == 'pre_importing' &&
|
||||
Feature.enabled?(:registry_migration_guard_dynamic_pre_import_timeout) &&
|
||||
migration_start_timestamp(repository).before?(timeout.ago)
|
||||
timeout = dynamic_pre_import_timeout_for(repository)
|
||||
end
|
||||
|
||||
migration_start_timestamp(repository).before?(timeout.ago)
|
||||
end
|
||||
|
||||
def dynamic_pre_import_timeout_for(repository)
|
||||
(repository.tags_count * migration.pre_import_tags_rate).seconds
|
||||
end
|
||||
|
||||
def external_state_matches_migration_state?(repository)
|
||||
status = repository.external_import_status
|
||||
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
name: registry_migration_guard_dynamic_pre_import_timeout
|
||||
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/88292
|
||||
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/350543
|
||||
milestone: '15.1'
|
||||
type: development
|
||||
group: group::package
|
||||
default_enabled: false
|
|
@ -4,6 +4,6 @@ classes:
|
|||
- Dast::ProfileSchedule
|
||||
feature_categories:
|
||||
- dynamic_application_security_testing
|
||||
description: TODO
|
||||
description: Scheduling for scans using DAST Profiles
|
||||
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/65327
|
||||
milestone: '14.2'
|
||||
|
|
|
@ -4,6 +4,6 @@ classes:
|
|||
- Dast::Profile
|
||||
feature_categories:
|
||||
- dynamic_application_security_testing
|
||||
description: TODO
|
||||
description: Profile used to run a DAST on-demand scan
|
||||
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/51296
|
||||
milestone: '13.9'
|
||||
|
|
|
@ -4,6 +4,6 @@ classes:
|
|||
- Dast::ProfilesPipeline
|
||||
feature_categories:
|
||||
- dynamic_application_security_testing
|
||||
description: TODO
|
||||
description: Join table between DAST Profiles and CI Pipelines
|
||||
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/56821
|
||||
milestone: '13.11'
|
||||
|
|
|
@ -4,6 +4,6 @@ classes:
|
|||
- DastScannerProfile
|
||||
feature_categories:
|
||||
- dynamic_application_security_testing
|
||||
description: TODO
|
||||
description: A scanner profile defines the scanner settings used to run an on-demand scan
|
||||
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/37404
|
||||
milestone: '13.3'
|
||||
|
|
|
@ -4,6 +4,6 @@ classes:
|
|||
- Dast::ScannerProfilesBuild
|
||||
feature_categories:
|
||||
- dynamic_application_security_testing
|
||||
description: TODO
|
||||
description: Join table between DAST Scanner Profiles and CI Builds
|
||||
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/63362
|
||||
milestone: '14.1'
|
||||
|
|
|
@ -4,6 +4,6 @@ classes:
|
|||
- Dast::SiteProfileSecretVariable
|
||||
feature_categories:
|
||||
- dynamic_application_security_testing
|
||||
description: TODO
|
||||
description: Secret variables used in DAST on-demand scans
|
||||
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/56067
|
||||
milestone: '13.11'
|
||||
|
|
|
@ -4,6 +4,6 @@ classes:
|
|||
- DastSiteProfile
|
||||
feature_categories:
|
||||
- dynamic_application_security_testing
|
||||
description: TODO
|
||||
description: A site profile describes the attributes of a web site to scan on demand with DAST
|
||||
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/36659
|
||||
milestone: '13.2'
|
||||
|
|
|
@ -4,6 +4,6 @@ classes:
|
|||
- Dast::SiteProfilesBuild
|
||||
feature_categories:
|
||||
- dynamic_application_security_testing
|
||||
description: TODO
|
||||
description: Join table between DAST Site Profiles and CI Builds
|
||||
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/63362
|
||||
milestone: '14.1'
|
||||
|
|
|
@ -3,6 +3,6 @@ table_name: dast_site_profiles_pipelines
|
|||
classes: []
|
||||
feature_categories:
|
||||
- dynamic_application_security_testing
|
||||
description: TODO
|
||||
description: Join table between DAST Site Profiles and CI Pipelines
|
||||
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/60090
|
||||
milestone: '13.12'
|
||||
|
|
|
@ -4,6 +4,6 @@ classes:
|
|||
- DastSiteToken
|
||||
feature_categories:
|
||||
- dynamic_application_security_testing
|
||||
description: TODO
|
||||
description: Token for the site to be validated
|
||||
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/41639
|
||||
milestone: '13.4'
|
||||
|
|
|
@ -4,6 +4,6 @@ classes:
|
|||
- DastSiteValidation
|
||||
feature_categories:
|
||||
- dynamic_application_security_testing
|
||||
description: TODO
|
||||
description: The site to be validated with a dast_site_token
|
||||
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/41639
|
||||
milestone: '13.4'
|
||||
|
|
|
@ -4,6 +4,6 @@ classes:
|
|||
- DastSite
|
||||
feature_categories:
|
||||
- dynamic_application_security_testing
|
||||
description: TODO
|
||||
description: Site to run dast scan on
|
||||
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/36659
|
||||
milestone: '13.2'
|
||||
|
|
|
@ -0,0 +1,12 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
class AddRegistryMigrationPreImportTagsRateToApplicationSettings < Gitlab::Database::Migration[2.0]
|
||||
def change
|
||||
add_column :application_settings, :container_registry_pre_import_tags_rate,
|
||||
:decimal,
|
||||
precision: 6,
|
||||
scale: 2,
|
||||
default: 0.5,
|
||||
null: false
|
||||
end
|
||||
end
|
|
@ -0,0 +1,15 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
class AddApplicationSettingsContainerRegistryPreImportTagsRateConstraint < Gitlab::Database::Migration[2.0]
|
||||
CONSTRAINT_NAME = 'app_settings_container_registry_pre_import_tags_rate_positive'
|
||||
|
||||
disable_ddl_transaction!
|
||||
|
||||
def up
|
||||
add_check_constraint :application_settings, 'container_registry_pre_import_tags_rate >= 0', CONSTRAINT_NAME
|
||||
end
|
||||
|
||||
def down
|
||||
remove_check_constraint :application_settings, CONSTRAINT_NAME
|
||||
end
|
||||
end
|
1
db/schema_migrations/20220520144821
Normal file
1
db/schema_migrations/20220520144821
Normal file
|
@ -0,0 +1 @@
|
|||
422c8b5559d262be47da020fe43628db1b19cb638c9c9c4dbe5af1ee03c5cdc9
|
1
db/schema_migrations/20220524191259
Normal file
1
db/schema_migrations/20220524191259
Normal file
|
@ -0,0 +1 @@
|
|||
995c41ab830a9635bef37031d8fa741f5759ba9bb22bb02141502bf322165c77
|
|
@ -11317,7 +11317,9 @@ CREATE TABLE application_settings (
|
|||
encrypted_dingtalk_app_secret bytea,
|
||||
encrypted_dingtalk_app_secret_iv bytea,
|
||||
globally_allowed_ips text DEFAULT ''::text NOT NULL,
|
||||
container_registry_pre_import_tags_rate numeric(6,2) DEFAULT 0.5 NOT NULL,
|
||||
CONSTRAINT app_settings_container_reg_cleanup_tags_max_list_size_positive CHECK ((container_registry_cleanup_tags_service_max_list_size >= 0)),
|
||||
CONSTRAINT app_settings_container_registry_pre_import_tags_rate_positive CHECK ((container_registry_pre_import_tags_rate >= (0)::numeric)),
|
||||
CONSTRAINT app_settings_dep_proxy_ttl_policies_worker_capacity_positive CHECK ((dependency_proxy_ttl_group_policy_worker_capacity >= 0)),
|
||||
CONSTRAINT app_settings_ext_pipeline_validation_service_url_text_limit CHECK ((char_length(external_pipeline_validation_service_url) <= 255)),
|
||||
CONSTRAINT app_settings_p_cleanup_package_file_worker_capacity_positive CHECK ((packages_cleanup_package_file_worker_capacity >= 0)),
|
||||
|
|
|
@ -7,10 +7,7 @@ type: reference
|
|||
|
||||
# Runner SaaS **(FREE SAAS)**
|
||||
|
||||
If you are using self-managed GitLab or you use GitLab.com but want to use your own runners, you can
|
||||
[install and configure your own runners](https://docs.gitlab.com/runner/install/).
|
||||
|
||||
If you are using GitLab SaaS (GitLab.com), your CI jobs automatically run on runners provided by GitLab.
|
||||
If you use GitLab SaaS (GitLab.com), your CI jobs automatically run on runners provided by GitLab.
|
||||
No configuration is required. Your jobs can run on:
|
||||
|
||||
- [Linux runners](saas/linux_saas_runner.md).
|
||||
|
@ -20,3 +17,6 @@ No configuration is required. Your jobs can run on:
|
|||
The number of minutes you can use on these runners depends on the
|
||||
[maximum number of CI/CD minutes](../pipelines/cicd_minutes.md)
|
||||
in your [subscription plan](https://about.gitlab.com/pricing/).
|
||||
|
||||
If you use self-managed GitLab or you use GitLab.com but want to use your own runners, you can
|
||||
[install and configure your own runners](https://docs.gitlab.com/runner/install/).
|
||||
|
|
|
@ -38,4 +38,4 @@ Merge request approval settings that can be set at an instance level are:
|
|||
See also the following, which are affected by instance-level rules:
|
||||
|
||||
- [Project merge request approval rules](../project/merge_requests/approvals/index.md).
|
||||
- [Group merge request approval settings](../group/index.md#group-approval-settings) available in GitLab 13.9 and later.
|
||||
- [Group merge request approval settings](../group/index.md#group-merge-request-approval-settings) available in GitLab 13.9 and later.
|
||||
|
|
|
@ -801,7 +801,7 @@ The group's new subgroups have push rules set for them based on either:
|
|||
- The closest parent group with push rules defined.
|
||||
- Push rules set at the instance level, if no parent groups have push rules defined.
|
||||
|
||||
## Group approval settings **(PREMIUM)**
|
||||
## Group merge request approval settings **(PREMIUM)**
|
||||
|
||||
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/285458) in GitLab 13.9. [Deployed behind the `group_merge_request_approval_settings_feature_flag` flag](../../administration/feature_flags.md), disabled by default.
|
||||
> - [Enabled by default](https://gitlab.com/gitlab-org/gitlab/-/issues/285410) in GitLab 14.5.
|
||||
|
|
|
@ -22,7 +22,8 @@ flexibility:
|
|||
- Specify a list of users who act as [code owners](../../code_owners.md) for specific files,
|
||||
and require their approval before work can merge.
|
||||
|
||||
You can configure merge request approvals on a per-project basis. Administrators of
|
||||
You can configure merge request approvals on a per-project basis, and
|
||||
[on the group level](../../../group/index.md#group-merge-request-approval-settings). Administrators of
|
||||
[GitLab Premium](https://about.gitlab.com/pricing/) and
|
||||
[GitLab Ultimate](https://about.gitlab.com/pricing/) self-managed GitLab instances
|
||||
can also configure approvals
|
||||
|
|
|
@ -139,7 +139,7 @@ You can also enforce merge request approval settings:
|
|||
|
||||
- At the [instance level](../../../admin_area/merge_requests_approvals.md), which apply to all groups
|
||||
on an instance and, therefore, all projects.
|
||||
- On a [top-level group](../../../group/index.md#group-approval-settings), which apply to all subgroups
|
||||
- On a [top-level group](../../../group/index.md#group-merge-request-approval-settings), which apply to all subgroups
|
||||
and projects.
|
||||
|
||||
If the settings are inherited by a group or project, they cannot be changed in the group or project
|
||||
|
|
|
@ -22,6 +22,7 @@ module ContainerRegistry
|
|||
delegate :container_registry_import_created_before, to: ::Gitlab::CurrentSettings
|
||||
delegate :container_registry_pre_import_timeout, to: ::Gitlab::CurrentSettings
|
||||
delegate :container_registry_import_timeout, to: ::Gitlab::CurrentSettings
|
||||
delegate :container_registry_pre_import_tags_rate, to: ::Gitlab::CurrentSettings
|
||||
|
||||
alias_method :max_tags_count, :container_registry_import_max_tags_count
|
||||
alias_method :max_retries, :container_registry_import_max_retries
|
||||
|
@ -31,6 +32,7 @@ module ContainerRegistry
|
|||
alias_method :created_before, :container_registry_import_created_before
|
||||
alias_method :pre_import_timeout, :container_registry_pre_import_timeout
|
||||
alias_method :import_timeout, :container_registry_import_timeout
|
||||
alias_method :pre_import_tags_rate, :container_registry_pre_import_tags_rate
|
||||
end
|
||||
|
||||
def self.enabled?
|
||||
|
|
|
@ -186,6 +186,18 @@ RSpec.describe ContainerRegistry::Migration do
|
|||
end
|
||||
end
|
||||
|
||||
describe '.pre_import_tags_rate' do
|
||||
let(:value) { 2.5 }
|
||||
|
||||
before do
|
||||
stub_application_setting(container_registry_pre_import_tags_rate: value)
|
||||
end
|
||||
|
||||
it 'returns the matching application_setting' do
|
||||
expect(described_class.pre_import_tags_rate).to eq(value)
|
||||
end
|
||||
end
|
||||
|
||||
describe '.target_plans' do
|
||||
subject { described_class.target_plans }
|
||||
|
||||
|
|
|
@ -85,12 +85,15 @@ RSpec.describe ApplicationSetting do
|
|||
it { is_expected.to validate_numericality_of(:container_registry_import_max_step_duration).only_integer.is_greater_than_or_equal_to(0) }
|
||||
it { is_expected.to validate_numericality_of(:container_registry_pre_import_timeout).only_integer.is_greater_than_or_equal_to(0) }
|
||||
it { is_expected.to validate_numericality_of(:container_registry_import_timeout).only_integer.is_greater_than_or_equal_to(0) }
|
||||
it { is_expected.to validate_numericality_of(:container_registry_pre_import_tags_rate).is_greater_than_or_equal_to(0) }
|
||||
it { is_expected.not_to allow_value(nil).for(:container_registry_import_max_tags_count) }
|
||||
it { is_expected.not_to allow_value(nil).for(:container_registry_import_max_retries) }
|
||||
it { is_expected.not_to allow_value(nil).for(:container_registry_import_start_max_retries) }
|
||||
it { is_expected.not_to allow_value(nil).for(:container_registry_import_max_step_duration) }
|
||||
it { is_expected.not_to allow_value(nil).for(:container_registry_pre_import_timeout) }
|
||||
it { is_expected.not_to allow_value(nil).for(:container_registry_import_timeout) }
|
||||
it { is_expected.not_to allow_value(nil).for(:container_registry_pre_import_tags_rate) }
|
||||
it { is_expected.to allow_value(1.5).for(:container_registry_pre_import_tags_rate) }
|
||||
|
||||
it { is_expected.to validate_presence_of(:container_registry_import_target_plan) }
|
||||
it { is_expected.to validate_presence_of(:container_registry_import_created_before) }
|
||||
|
|
|
@ -134,16 +134,15 @@ RSpec.describe ContainerRegistry::Migration::GuardWorker, :aggregate_failures do
|
|||
end
|
||||
|
||||
context 'with pre_importing stale migrations' do
|
||||
let(:ongoing_migration) { create(:container_repository, :pre_importing) }
|
||||
let(:stale_migration) { create(:container_repository, :pre_importing, migration_pre_import_started_at: 11.minutes.ago) }
|
||||
let_it_be(:ongoing_migration) { create(:container_repository, :pre_importing) }
|
||||
let_it_be(:stale_migration) { create(:container_repository, :pre_importing, migration_pre_import_started_at: 11.minutes.ago) }
|
||||
|
||||
let(:import_status) { 'test' }
|
||||
|
||||
before do
|
||||
allow_next_instance_of(ContainerRegistry::GitlabApiClient) do |client|
|
||||
allow(client).to receive(:import_status).and_return(import_status)
|
||||
end
|
||||
|
||||
stub_application_setting(container_registry_pre_import_timeout: 10.minutes.to_i)
|
||||
end
|
||||
|
||||
it 'will abort the migration' do
|
||||
|
@ -163,7 +162,76 @@ RSpec.describe ContainerRegistry::Migration::GuardWorker, :aggregate_failures do
|
|||
context 'the client returns pre_import_in_progress' do
|
||||
let(:import_status) { 'pre_import_in_progress' }
|
||||
|
||||
it_behaves_like 'handling long running migrations', timeout: :pre_import_timeout
|
||||
shared_examples 'not aborting the stale migration' do
|
||||
it 'will not abort the migration' do
|
||||
expect(worker).to receive(:log_extra_metadata_on_done).with(:stale_migrations_count, 1)
|
||||
expect(worker).to receive(:log_extra_metadata_on_done).with(:aborted_stale_migrations_count, 0)
|
||||
|
||||
expect { subject }
|
||||
.to not_change(pre_importing_migrations, :count)
|
||||
.and not_change(pre_import_done_migrations, :count)
|
||||
.and not_change(importing_migrations, :count)
|
||||
.and not_change(import_done_migrations, :count)
|
||||
.and not_change(import_aborted_migrations, :count)
|
||||
.and not_change { stale_migration.reload.migration_state }
|
||||
.and not_change { ongoing_migration.migration_state }
|
||||
end
|
||||
end
|
||||
|
||||
context 'not long running' do
|
||||
before do
|
||||
stub_application_setting(container_registry_pre_import_timeout: 12.minutes.to_i)
|
||||
end
|
||||
|
||||
it_behaves_like 'not aborting the stale migration'
|
||||
end
|
||||
|
||||
context 'long running' do
|
||||
before do
|
||||
stub_application_setting(container_registry_pre_import_timeout: 9.minutes.to_i)
|
||||
end
|
||||
|
||||
context 'with registry_migration_guard_dynamic_pre_import_timeout enabled' do
|
||||
before do
|
||||
stub_application_setting(container_registry_pre_import_tags_rate: 1)
|
||||
end
|
||||
|
||||
context 'below the dynamic threshold' do
|
||||
before do
|
||||
allow_next_found_instance_of(ContainerRepository) do |repository|
|
||||
allow(repository).to receive(:tags_count).and_return(11.minutes.to_i + 100)
|
||||
end
|
||||
end
|
||||
|
||||
it_behaves_like 'not aborting the stale migration'
|
||||
end
|
||||
|
||||
context 'above the dynamic threshold' do
|
||||
let(:tags) do
|
||||
Array.new(11.minutes.to_i - 100) { |i| "tag#{i}" }
|
||||
end
|
||||
|
||||
before do
|
||||
# We can't allow_next_found_instance_of because the shared example
|
||||
# 'handling long running migrations' is already using that.
|
||||
# Instead, here we're going to stub the ContainerRegistry::Client instance.
|
||||
allow_next_instance_of(ContainerRegistry::Client) do |client|
|
||||
allow(client).to receive(:repository_tags).and_return({ 'tags' => tags })
|
||||
end
|
||||
end
|
||||
|
||||
it_behaves_like 'handling long running migrations', timeout: :pre_import_timeout
|
||||
end
|
||||
end
|
||||
|
||||
context 'with registry_migration_guard_dynamic_pre_import_timeout disabled' do
|
||||
before do
|
||||
stub_feature_flags(registry_migration_guard_dynamic_pre_import_timeout: false)
|
||||
end
|
||||
|
||||
it_behaves_like 'handling long running migrations', timeout: :pre_import_timeout
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in a new issue