Add latest changes from gitlab-org/gitlab@master

2020-01-13 18:08:05 +00:00 · 2020-01-13 18:08:05 +00:00 · f32a580aa1
parent a5ab3467a7
commit f32a580aa1
14 changed files with 93 additions and 23 deletions
--- a/app/models/merge_request.rb
+++ b/app/models/merge_request.rb
@ -258,7 +258,7 @@ class MergeRequest < ApplicationRecord
  alias_method :issuing_parent, :target_project

  delegate :active?, to: :head_pipeline, prefix: true, allow_nil: true
-  delegate :success?, to: :actual_head_pipeline, prefix: true, allow_nil: true
+  delegate :success?, :active?, to: :actual_head_pipeline, prefix: true, allow_nil: true

  RebaseLockTimeout = Class.new(StandardError)

--- a/changelogs/unreleased/bvl-fix-mwps-api.yml
+++ b/changelogs/unreleased/bvl-fix-mwps-api.yml
@ -0,0 +1,6 @@
+---
+title: Merge a merge request immediately when passing merge when pipeline succeeds
+  to the merge API when the head pipeline already succeeded
+merge_request: 22777
+author:
+type: fixed
--- a/changelogs/unreleased/security-project-import-vn-master.yml
+++ b/changelogs/unreleased/security-project-import-vn-master.yml
@ -0,0 +1,5 @@
+---
+title: Fix private objects exposure when using Project Import functionality
+merge_request:
+author:
+type: security
--- a/changelogs/unreleased/tpresa-user-without-project-license-seat.yml
+++ b/changelogs/unreleased/tpresa-user-without-project-license-seat.yml
@ -0,0 +1,5 @@
+---
+title: Users without projects use a license seat in a non-premium license
+merge_request: 20664
+author:
+type: fixed
--- a/doc/administration/instance_limits.md
+++ b/doc/administration/instance_limits.md
@ -18,3 +18,19 @@ added so that the history of events is not lost, but user-submitted comments
 will fail.

 - **Max limit:** 5.000 comments
+
+## Number of pipelines per Git push
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/issues/51401) in GitLab 11.10.
+
+The number of pipelines that can be created in a single push is 4.
+This is to prevent the accidental creation of pipelines when `git push --all`
+or `git push --mirror` is used.
+
+Read more in the [CI documentation](../ci/yaml/README.md#processing-git-pushes).
+
+## Retention of activity history
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/issues/21164) in GitLab 8.12.
+
+Activity history for projects and individuals' profiles was limited to one year until [GitLab 11.4](https://gitlab.com/gitlab-org/gitlab-foss/issues/52246) when it was extended to two years, and in [GitLab 12.4](https://gitlab.com/gitlab-org/gitlab/issues/33840) to three years.
--- a/doc/integration/vault.md
+++ b/doc/integration/vault.md
@ -7,7 +7,7 @@ type: reference, howto
 > [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/issues/22323) in GitLab 9.0

 [Vault](https://www.vaultproject.io/) is a secrets management application offered by HashiCorp.
-It allows you to store and manage sensitive information such secret environment variables, encryption keys, and authentication tokens.
+It allows you to store and manage sensitive information such as secret environment variables, encryption keys, and authentication tokens.
 Vault offers Identity-based Access, which means Vault users can authenticate through several of their preferred cloud providers.

 In this document, we'll explain how Vault users can authenticate themselves through GitLab by utilizing our OpenID authentication feature.
--- a/doc/user/clusters/applications.md
+++ b/doc/user/clusters/applications.md
@ -264,7 +264,7 @@ This feature:
  For example:

  ```sh
-  kubectl -n gitlab-managed-apps exec -it $(kubectl get pods -n gitlab-managed-apps | grep 'ingress-controller' | awk '{print $1}') -- tail -f /var/log/modsec/audit.log
+  kubectl logs -n gitlab-managed-apps $(kubectl get pod -n gitlab-managed-apps -l app=nginx-ingress,component=controller --no-headers=true -o custom-columns=:metadata.name) modsecurity-log -f
  ```

 To enable ModSecurity, check the **Enable Web Application Firewall** checkbox
--- a/lib/api/merge_requests.rb
+++ b/lib/api/merge_requests.rb
@ -68,8 +68,17 @@ module API
        end
      end

-      def not_automatically_mergeable?(merge_when_pipeline_succeeds, merge_request)
-        merge_when_pipeline_succeeds && !merge_request.head_pipeline_active? && !merge_request.actual_head_pipeline_success?
+      def automatically_mergeable?(merge_when_pipeline_succeeds, merge_request)
+        pipeline_active = merge_request.head_pipeline_active? || merge_request.actual_head_pipeline_active?
+        merge_when_pipeline_succeeds && merge_request.mergeable_state?(skip_ci_check: true) && pipeline_active
+      end
+
+      def immediately_mergeable?(merge_when_pipeline_succeeds, merge_request)
+        if merge_when_pipeline_succeeds
+          merge_request.actual_head_pipeline_success?
+        else
+          merge_request.mergeable_state?
+        end
      end

      def serializer_options_for(merge_requests)
@ -393,16 +402,18 @@ module API
        Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-foss/issues/42317')

        merge_request = find_project_merge_request(params[:merge_request_iid])
-        merge_when_pipeline_succeeds = to_boolean(params[:merge_when_pipeline_succeeds])
-        not_automatically_mergeable = not_automatically_mergeable?(merge_when_pipeline_succeeds, merge_request)

        # Merge request can not be merged
        # because user dont have permissions to push into target branch
        unauthorized! unless merge_request.can_be_merged_by?(current_user)

-        not_allowed! if !merge_request.mergeable_state?(skip_ci_check: merge_when_pipeline_succeeds) || not_automatically_mergeable
+        merge_when_pipeline_succeeds = to_boolean(params[:merge_when_pipeline_succeeds])
+        automatically_mergeable = automatically_mergeable?(merge_when_pipeline_succeeds, merge_request)
+        immediately_mergeable = immediately_mergeable?(merge_when_pipeline_succeeds, merge_request)

-        render_api_error!('Branch cannot be merged', 406) unless merge_request.mergeable?(skip_ci_check: merge_when_pipeline_succeeds)
+        not_allowed! if !immediately_mergeable && !automatically_mergeable
+
+        render_api_error!('Branch cannot be merged', 406) unless merge_request.mergeable?(skip_ci_check: automatically_mergeable)

        check_sha_param!(params, merge_request)

@ -415,13 +426,13 @@ module API
          sha: params[:sha] || merge_request.diff_head_sha
        )

-        if merge_when_pipeline_succeeds
-          AutoMergeService.new(merge_request.target_project, current_user, merge_params)
-            .execute(merge_request, AutoMergeService::STRATEGY_MERGE_WHEN_PIPELINE_SUCCEEDS)
-        else
+        if immediately_mergeable
          ::MergeRequests::MergeService
            .new(merge_request.target_project, current_user, merge_params)
            .execute(merge_request)
+        elsif automatically_mergeable
+          AutoMergeService.new(merge_request.target_project, current_user, merge_params)
+            .execute(merge_request, AutoMergeService::STRATEGY_MERGE_WHEN_PIPELINE_SUCCEEDS)
        end

        present merge_request, with: Entities::MergeRequest, current_user: current_user, project: user_project
--- a/lib/gitlab/import_export/attribute_cleaner.rb
+++ b/lib/gitlab/import_export/attribute_cleaner.rb
@ -3,8 +3,8 @@
 module Gitlab
  module ImportExport
    class AttributeCleaner
-      ALLOWED_REFERENCES = RelationFactory::PROJECT_REFERENCES + RelationFactory::USER_REFERENCES + %w[group_id commit_id discussion_id]
-      PROHIBITED_REFERENCES = Regexp.union(/\Acached_markdown_version\Z/, /_id\Z/, /_ids\Z/, /_html\Z/).freeze
+      ALLOWED_REFERENCES = RelationFactory::PROJECT_REFERENCES + RelationFactory::USER_REFERENCES + %w[group_id commit_id discussion_id custom_attributes]
+      PROHIBITED_REFERENCES = Regexp.union(/\Acached_markdown_version\Z/, /_id\Z/, /_ids\Z/, /_html\Z/, /attributes/).freeze

      def self.clean(*args)
        new(*args).clean
--- a/qa/qa/page/project/issue/index.rb
+++ b/qa/qa/page/project/issue/index.rb
@ -10,6 +10,7 @@ module QA
          end

          view 'app/views/projects/issues/_issue.html.haml' do
+            element :issue
            element :issue_link, 'link_to issue.title' # rubocop:disable QA/ElementWithPattern
          end

@ -38,7 +39,7 @@ module QA
          end

          def has_issue?(issue)
-            has_element? :issue, issue_title: issue.to_s
+            has_element? :issue, issue_title: issue.title
          end
        end
      end
--- a/qa/qa/resource/issue.rb
+++ b/qa/qa/resource/issue.rb
@ -38,10 +38,6 @@ module QA
        end
      end

-      def to_s
-        @title
-      end
-
      def api_get_path
        "/projects/#{project.id}/issues/#{id}"
      end
--- a/spec/lib/gitlab/import_export/attribute_cleaner_spec.rb
+++ b/spec/lib/gitlab/import_export/attribute_cleaner_spec.rb
@ -25,11 +25,21 @@ describe Gitlab::ImportExport::AttributeCleaner do
      'legit_html' => '<p>legit html</p>',
      '_html' => '<p>perfectly ordinary html</p>',
      'cached_markdown_version' => 12345,
+      'custom_attributes' => 'whatever',
+      'some_attributes_metadata' => 'whatever',
      'group_id' => 99,
      'commit_id' => 99,
      'issue_ids' => [1, 2, 3],
      'merge_request_ids' => [1, 2, 3],
-      'note_ids' => [1, 2, 3]
+      'note_ids' => [1, 2, 3],
+      'attributes' => {
+        'issue_ids' => [1, 2, 3],
+        'merge_request_ids' => [1, 2, 3],
+        'note_ids' => [1, 2, 3]
+      },
+      'variables_attributes' => {
+        'id' => 1
+      }
    }
  end

@ -40,7 +50,8 @@ describe Gitlab::ImportExport::AttributeCleaner do
      'random_id_in_the_middle' => 99,
      'notid' => 99,
      'group_id' => 99,
-      'commit_id' => 99
+      'commit_id' => 99,
+      'custom_attributes' => 'whatever'
    }
  end

--- a/spec/models/merge_request_spec.rb
+++ b/spec/models/merge_request_spec.rb
@ -2214,6 +2214,16 @@ describe MergeRequest do
    end
  end

+  describe "#actual_head_pipeline_active? " do
+    it do
+      is_expected
+        .to delegate_method(:active?)
+        .to(:actual_head_pipeline)
+        .with_prefix
+        .with_arguments(allow_nil: true)
+    end
+  end
+
  describe '#mergeable_ci_state?' do
    let(:project) { create(:project, only_allow_merge_if_pipeline_succeeds: true) }
    let(:pipeline) { create(:ci_empty_pipeline) }
--- a/spec/requests/api/merge_requests_spec.rb
+++ b/spec/requests/api/merge_requests_spec.rb
@ -1549,7 +1549,7 @@ describe API::MergeRequests do
    end
  end

-  describe "PUT /projects/:id/merge_requests/:merge_request_iid/merge" do
+  describe "PUT /projects/:id/merge_requests/:merge_request_iid/merge", :clean_gitlab_redis_cache do
    let(:pipeline) { create(:ci_pipeline) }

    it "returns merge_request in case of success" do
@ -1637,6 +1637,15 @@ describe API::MergeRequests do
      expect(merge_request.reload.state).to eq('opened')
    end

+    it 'merges if the head pipeline already succeeded and `merge_when_pipeline_succeeds` is passed' do
+      create(:ci_pipeline, :success, sha: merge_request.diff_head_sha, merge_requests_as_head_pipeline: [merge_request])
+
+      put api("/projects/#{project.id}/merge_requests/#{merge_request.iid}/merge", user), params: { merge_when_pipeline_succeeds: true }
+
+      expect(response).to have_gitlab_http_status(200)
+      expect(json_response['state']).to eq('merged')
+    end
+
    it "enables merge when pipeline succeeds if the pipeline is active" do
      allow_any_instance_of(MergeRequest).to receive_messages(head_pipeline: pipeline, actual_head_pipeline: pipeline)
      allow(pipeline).to receive(:active?).and_return(true)