Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2022-05-26 00:08:24 +00:00
parent e0096a0ef1
commit eb90b0642d
31 changed files with 165 additions and 25 deletions

View file

@ -407,6 +407,7 @@ module ApplicationSettingsHelper
:container_registry_import_max_retries,
:container_registry_import_start_max_retries,
:container_registry_import_max_step_duration,
:container_registry_pre_import_tags_rate,
:container_registry_pre_import_timeout,
:container_registry_import_timeout,
:container_registry_import_target_plan,

View file

@ -382,6 +382,9 @@ class ApplicationSetting < ApplicationRecord
allow_nil: false,
numericality: { only_integer: true, greater_than_or_equal_to: 0 }
validates :container_registry_pre_import_tags_rate,
allow_nil: false,
numericality: { greater_than_or_equal_to: 0 }
validates :container_registry_import_target_plan, presence: true
validates :container_registry_import_created_before, presence: true

View file

@ -224,6 +224,7 @@ module ApplicationSettingImplementation
container_registry_import_max_retries: 3,
container_registry_import_start_max_retries: 50,
container_registry_import_max_step_duration: 5.minutes,
container_registry_pre_import_tags_rate: 0.5,
container_registry_pre_import_timeout: 30.minutes,
container_registry_import_timeout: 10.minutes,
container_registry_import_target_plan: 'free',

View file

@ -75,9 +75,19 @@ module ContainerRegistry
end
end
if repository.migration_state == 'pre_importing' &&
Feature.enabled?(:registry_migration_guard_dynamic_pre_import_timeout) &&
migration_start_timestamp(repository).before?(timeout.ago)
timeout = dynamic_pre_import_timeout_for(repository)
end
migration_start_timestamp(repository).before?(timeout.ago)
end
def dynamic_pre_import_timeout_for(repository)
(repository.tags_count * migration.pre_import_tags_rate).seconds
end
def external_state_matches_migration_state?(repository)
status = repository.external_import_status

View file

@ -0,0 +1,8 @@
---
name: registry_migration_guard_dynamic_pre_import_timeout
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/88292
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/350543
milestone: '15.1'
type: development
group: group::package
default_enabled: false

View file

@ -4,6 +4,6 @@ classes:
- Dast::ProfileSchedule
feature_categories:
- dynamic_application_security_testing
description: TODO
description: Scheduling for scans using DAST Profiles
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/65327
milestone: '14.2'

View file

@ -4,6 +4,6 @@ classes:
- Dast::Profile
feature_categories:
- dynamic_application_security_testing
description: TODO
description: Profile used to run a DAST on-demand scan
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/51296
milestone: '13.9'

View file

@ -4,6 +4,6 @@ classes:
- Dast::ProfilesPipeline
feature_categories:
- dynamic_application_security_testing
description: TODO
description: Join table between DAST Profiles and CI Pipelines
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/56821
milestone: '13.11'

View file

@ -4,6 +4,6 @@ classes:
- DastScannerProfile
feature_categories:
- dynamic_application_security_testing
description: TODO
description: A scanner profile defines the scanner settings used to run an on-demand scan
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/37404
milestone: '13.3'

View file

@ -4,6 +4,6 @@ classes:
- Dast::ScannerProfilesBuild
feature_categories:
- dynamic_application_security_testing
description: TODO
description: Join table between DAST Scanner Profiles and CI Builds
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/63362
milestone: '14.1'

View file

@ -4,6 +4,6 @@ classes:
- Dast::SiteProfileSecretVariable
feature_categories:
- dynamic_application_security_testing
description: TODO
description: Secret variables used in DAST on-demand scans
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/56067
milestone: '13.11'

View file

@ -4,6 +4,6 @@ classes:
- DastSiteProfile
feature_categories:
- dynamic_application_security_testing
description: TODO
description: A site profile describes the attributes of a web site to scan on demand with DAST
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/36659
milestone: '13.2'

View file

@ -4,6 +4,6 @@ classes:
- Dast::SiteProfilesBuild
feature_categories:
- dynamic_application_security_testing
description: TODO
description: Join table between DAST Site Profiles and CI Builds
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/63362
milestone: '14.1'

View file

@ -3,6 +3,6 @@ table_name: dast_site_profiles_pipelines
classes: []
feature_categories:
- dynamic_application_security_testing
description: TODO
description: Join table between DAST Site Profiles and CI Pipelines
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/60090
milestone: '13.12'

View file

@ -4,6 +4,6 @@ classes:
- DastSiteToken
feature_categories:
- dynamic_application_security_testing
description: TODO
description: Token for the site to be validated
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/41639
milestone: '13.4'

View file

@ -4,6 +4,6 @@ classes:
- DastSiteValidation
feature_categories:
- dynamic_application_security_testing
description: TODO
description: The site to be validated with a dast_site_token
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/41639
milestone: '13.4'

View file

@ -4,6 +4,6 @@ classes:
- DastSite
feature_categories:
- dynamic_application_security_testing
description: TODO
description: Site to run dast scan on
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/36659
milestone: '13.2'

View file

@ -0,0 +1,12 @@
# frozen_string_literal: true
class AddRegistryMigrationPreImportTagsRateToApplicationSettings < Gitlab::Database::Migration[2.0]
def change
add_column :application_settings, :container_registry_pre_import_tags_rate,
:decimal,
precision: 6,
scale: 2,
default: 0.5,
null: false
end
end

View file

@ -0,0 +1,15 @@
# frozen_string_literal: true
class AddApplicationSettingsContainerRegistryPreImportTagsRateConstraint < Gitlab::Database::Migration[2.0]
CONSTRAINT_NAME = 'app_settings_container_registry_pre_import_tags_rate_positive'
disable_ddl_transaction!
def up
add_check_constraint :application_settings, 'container_registry_pre_import_tags_rate >= 0', CONSTRAINT_NAME
end
def down
remove_check_constraint :application_settings, CONSTRAINT_NAME
end
end

View file

@ -0,0 +1 @@
422c8b5559d262be47da020fe43628db1b19cb638c9c9c4dbe5af1ee03c5cdc9

View file

@ -0,0 +1 @@
995c41ab830a9635bef37031d8fa741f5759ba9bb22bb02141502bf322165c77

View file

@ -11317,7 +11317,9 @@ CREATE TABLE application_settings (
encrypted_dingtalk_app_secret bytea,
encrypted_dingtalk_app_secret_iv bytea,
globally_allowed_ips text DEFAULT ''::text NOT NULL,
container_registry_pre_import_tags_rate numeric(6,2) DEFAULT 0.5 NOT NULL,
CONSTRAINT app_settings_container_reg_cleanup_tags_max_list_size_positive CHECK ((container_registry_cleanup_tags_service_max_list_size >= 0)),
CONSTRAINT app_settings_container_registry_pre_import_tags_rate_positive CHECK ((container_registry_pre_import_tags_rate >= (0)::numeric)),
CONSTRAINT app_settings_dep_proxy_ttl_policies_worker_capacity_positive CHECK ((dependency_proxy_ttl_group_policy_worker_capacity >= 0)),
CONSTRAINT app_settings_ext_pipeline_validation_service_url_text_limit CHECK ((char_length(external_pipeline_validation_service_url) <= 255)),
CONSTRAINT app_settings_p_cleanup_package_file_worker_capacity_positive CHECK ((packages_cleanup_package_file_worker_capacity >= 0)),

View file

@ -7,10 +7,7 @@ type: reference
# Runner SaaS **(FREE SAAS)**
If you are using self-managed GitLab or you use GitLab.com but want to use your own runners, you can
[install and configure your own runners](https://docs.gitlab.com/runner/install/).
If you are using GitLab SaaS (GitLab.com), your CI jobs automatically run on runners provided by GitLab.
If you use GitLab SaaS (GitLab.com), your CI jobs automatically run on runners provided by GitLab.
No configuration is required. Your jobs can run on:
- [Linux runners](saas/linux_saas_runner.md).
@ -20,3 +17,6 @@ No configuration is required. Your jobs can run on:
The number of minutes you can use on these runners depends on the
[maximum number of CI/CD minutes](../pipelines/cicd_minutes.md)
in your [subscription plan](https://about.gitlab.com/pricing/).
If you use self-managed GitLab or you use GitLab.com but want to use your own runners, you can
[install and configure your own runners](https://docs.gitlab.com/runner/install/).

View file

@ -38,4 +38,4 @@ Merge request approval settings that can be set at an instance level are:
See also the following, which are affected by instance-level rules:
- [Project merge request approval rules](../project/merge_requests/approvals/index.md).
- [Group merge request approval settings](../group/index.md#group-approval-settings) available in GitLab 13.9 and later.
- [Group merge request approval settings](../group/index.md#group-merge-request-approval-settings) available in GitLab 13.9 and later.

View file

@ -801,7 +801,7 @@ The group's new subgroups have push rules set for them based on either:
- The closest parent group with push rules defined.
- Push rules set at the instance level, if no parent groups have push rules defined.
## Group approval settings **(PREMIUM)**
## Group merge request approval settings **(PREMIUM)**
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/285458) in GitLab 13.9. [Deployed behind the `group_merge_request_approval_settings_feature_flag` flag](../../administration/feature_flags.md), disabled by default.
> - [Enabled by default](https://gitlab.com/gitlab-org/gitlab/-/issues/285410) in GitLab 14.5.

View file

@ -22,7 +22,8 @@ flexibility:
- Specify a list of users who act as [code owners](../../code_owners.md) for specific files,
and require their approval before work can merge.
You can configure merge request approvals on a per-project basis. Administrators of
You can configure merge request approvals on a per-project basis, and
[on the group level](../../../group/index.md#group-merge-request-approval-settings). Administrators of
[GitLab Premium](https://about.gitlab.com/pricing/) and
[GitLab Ultimate](https://about.gitlab.com/pricing/) self-managed GitLab instances
can also configure approvals

View file

@ -139,7 +139,7 @@ You can also enforce merge request approval settings:
- At the [instance level](../../../admin_area/merge_requests_approvals.md), which apply to all groups
on an instance and, therefore, all projects.
- On a [top-level group](../../../group/index.md#group-approval-settings), which apply to all subgroups
- On a [top-level group](../../../group/index.md#group-merge-request-approval-settings), which apply to all subgroups
and projects.
If the settings are inherited by a group or project, they cannot be changed in the group or project

View file

@ -22,6 +22,7 @@ module ContainerRegistry
delegate :container_registry_import_created_before, to: ::Gitlab::CurrentSettings
delegate :container_registry_pre_import_timeout, to: ::Gitlab::CurrentSettings
delegate :container_registry_import_timeout, to: ::Gitlab::CurrentSettings
delegate :container_registry_pre_import_tags_rate, to: ::Gitlab::CurrentSettings
alias_method :max_tags_count, :container_registry_import_max_tags_count
alias_method :max_retries, :container_registry_import_max_retries
@ -31,6 +32,7 @@ module ContainerRegistry
alias_method :created_before, :container_registry_import_created_before
alias_method :pre_import_timeout, :container_registry_pre_import_timeout
alias_method :import_timeout, :container_registry_import_timeout
alias_method :pre_import_tags_rate, :container_registry_pre_import_tags_rate
end
def self.enabled?

View file

@ -186,6 +186,18 @@ RSpec.describe ContainerRegistry::Migration do
end
end
describe '.pre_import_tags_rate' do
let(:value) { 2.5 }
before do
stub_application_setting(container_registry_pre_import_tags_rate: value)
end
it 'returns the matching application_setting' do
expect(described_class.pre_import_tags_rate).to eq(value)
end
end
describe '.target_plans' do
subject { described_class.target_plans }

View file

@ -85,12 +85,15 @@ RSpec.describe ApplicationSetting do
it { is_expected.to validate_numericality_of(:container_registry_import_max_step_duration).only_integer.is_greater_than_or_equal_to(0) }
it { is_expected.to validate_numericality_of(:container_registry_pre_import_timeout).only_integer.is_greater_than_or_equal_to(0) }
it { is_expected.to validate_numericality_of(:container_registry_import_timeout).only_integer.is_greater_than_or_equal_to(0) }
it { is_expected.to validate_numericality_of(:container_registry_pre_import_tags_rate).is_greater_than_or_equal_to(0) }
it { is_expected.not_to allow_value(nil).for(:container_registry_import_max_tags_count) }
it { is_expected.not_to allow_value(nil).for(:container_registry_import_max_retries) }
it { is_expected.not_to allow_value(nil).for(:container_registry_import_start_max_retries) }
it { is_expected.not_to allow_value(nil).for(:container_registry_import_max_step_duration) }
it { is_expected.not_to allow_value(nil).for(:container_registry_pre_import_timeout) }
it { is_expected.not_to allow_value(nil).for(:container_registry_import_timeout) }
it { is_expected.not_to allow_value(nil).for(:container_registry_pre_import_tags_rate) }
it { is_expected.to allow_value(1.5).for(:container_registry_pre_import_tags_rate) }
it { is_expected.to validate_presence_of(:container_registry_import_target_plan) }
it { is_expected.to validate_presence_of(:container_registry_import_created_before) }

View file

@ -134,16 +134,15 @@ RSpec.describe ContainerRegistry::Migration::GuardWorker, :aggregate_failures do
end
context 'with pre_importing stale migrations' do
let(:ongoing_migration) { create(:container_repository, :pre_importing) }
let(:stale_migration) { create(:container_repository, :pre_importing, migration_pre_import_started_at: 11.minutes.ago) }
let_it_be(:ongoing_migration) { create(:container_repository, :pre_importing) }
let_it_be(:stale_migration) { create(:container_repository, :pre_importing, migration_pre_import_started_at: 11.minutes.ago) }
let(:import_status) { 'test' }
before do
allow_next_instance_of(ContainerRegistry::GitlabApiClient) do |client|
allow(client).to receive(:import_status).and_return(import_status)
end
stub_application_setting(container_registry_pre_import_timeout: 10.minutes.to_i)
end
it 'will abort the migration' do
@ -163,7 +162,76 @@ RSpec.describe ContainerRegistry::Migration::GuardWorker, :aggregate_failures do
context 'the client returns pre_import_in_progress' do
let(:import_status) { 'pre_import_in_progress' }
it_behaves_like 'handling long running migrations', timeout: :pre_import_timeout
shared_examples 'not aborting the stale migration' do
it 'will not abort the migration' do
expect(worker).to receive(:log_extra_metadata_on_done).with(:stale_migrations_count, 1)
expect(worker).to receive(:log_extra_metadata_on_done).with(:aborted_stale_migrations_count, 0)
expect { subject }
.to not_change(pre_importing_migrations, :count)
.and not_change(pre_import_done_migrations, :count)
.and not_change(importing_migrations, :count)
.and not_change(import_done_migrations, :count)
.and not_change(import_aborted_migrations, :count)
.and not_change { stale_migration.reload.migration_state }
.and not_change { ongoing_migration.migration_state }
end
end
context 'not long running' do
before do
stub_application_setting(container_registry_pre_import_timeout: 12.minutes.to_i)
end
it_behaves_like 'not aborting the stale migration'
end
context 'long running' do
before do
stub_application_setting(container_registry_pre_import_timeout: 9.minutes.to_i)
end
context 'with registry_migration_guard_dynamic_pre_import_timeout enabled' do
before do
stub_application_setting(container_registry_pre_import_tags_rate: 1)
end
context 'below the dynamic threshold' do
before do
allow_next_found_instance_of(ContainerRepository) do |repository|
allow(repository).to receive(:tags_count).and_return(11.minutes.to_i + 100)
end
end
it_behaves_like 'not aborting the stale migration'
end
context 'above the dynamic threshold' do
let(:tags) do
Array.new(11.minutes.to_i - 100) { |i| "tag#{i}" }
end
before do
# We can't allow_next_found_instance_of because the shared example
# 'handling long running migrations' is already using that.
# Instead, here we're going to stub the ContainerRegistry::Client instance.
allow_next_instance_of(ContainerRegistry::Client) do |client|
allow(client).to receive(:repository_tags).and_return({ 'tags' => tags })
end
end
it_behaves_like 'handling long running migrations', timeout: :pre_import_timeout
end
end
context 'with registry_migration_guard_dynamic_pre_import_timeout disabled' do
before do
stub_feature_flags(registry_migration_guard_dynamic_pre_import_timeout: false)
end
it_behaves_like 'handling long running migrations', timeout: :pre_import_timeout
end
end
end
end