Add latest changes from gitlab-org/gitlab@master
This commit is contained in:
parent
eaec088dc5
commit
f4e1a3641e
66 changed files with 832 additions and 370 deletions
|
@ -1144,9 +1144,8 @@ GEM
|
|||
sass-listen (4.0.0)
|
||||
rb-fsevent (~> 0.9, >= 0.9.4)
|
||||
rb-inotify (~> 0.9, >= 0.9.7)
|
||||
sassc (2.0.1)
|
||||
sassc (2.4.0)
|
||||
ffi (~> 1.9)
|
||||
rake
|
||||
sassc-rails (2.1.0)
|
||||
railties (>= 4.0.0)
|
||||
sassc (>= 2.0)
|
||||
|
|
|
@ -138,10 +138,10 @@ hr {
|
|||
margin-right: -15px;
|
||||
margin-left: -15px;
|
||||
}
|
||||
.col,
|
||||
.col-sm-5,
|
||||
.col-sm-12,
|
||||
.col-sm-7,
|
||||
.col-sm-12 {
|
||||
.col-sm-5,
|
||||
.col {
|
||||
position: relative;
|
||||
width: 100%;
|
||||
padding-right: 15px;
|
||||
|
@ -160,12 +160,12 @@ hr {
|
|||
}
|
||||
@media (min-width: 576px) {
|
||||
.col-sm-5 {
|
||||
flex: 0 0 41.66667%;
|
||||
max-width: 41.66667%;
|
||||
flex: 0 0 41.6666666667%;
|
||||
max-width: 41.6666666667%;
|
||||
}
|
||||
.col-sm-7 {
|
||||
flex: 0 0 58.33333%;
|
||||
max-width: 58.33333%;
|
||||
flex: 0 0 58.3333333333%;
|
||||
max-width: 58.3333333333%;
|
||||
}
|
||||
.col-sm-12 {
|
||||
flex: 0 0 100%;
|
||||
|
|
|
@ -65,6 +65,6 @@ class Admin::BroadcastMessagesController < Admin::ApplicationController
|
|||
target_path
|
||||
broadcast_type
|
||||
dismissable
|
||||
))
|
||||
), target_access_levels: []).reverse_merge!(target_access_levels: [])
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,14 +1,22 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
module BroadcastMessagesHelper
|
||||
include Gitlab::Utils::StrongMemoize
|
||||
|
||||
def current_broadcast_banner_messages
|
||||
BroadcastMessage.current_banner_messages(request.path).select do |message|
|
||||
BroadcastMessage.current_banner_messages(
|
||||
current_path: request.path,
|
||||
user_access_level: current_user_access_level_for_project_or_group
|
||||
).select do |message|
|
||||
cookies["hide_broadcast_message_#{message.id}"].blank?
|
||||
end
|
||||
end
|
||||
|
||||
def current_broadcast_notification_message
|
||||
not_hidden_messages = BroadcastMessage.current_notification_messages(request.path).select do |message|
|
||||
not_hidden_messages = BroadcastMessage.current_notification_messages(
|
||||
current_path: request.path,
|
||||
user_access_level: current_user_access_level_for_project_or_group
|
||||
).select do |message|
|
||||
cookies["hide_broadcast_message_#{message.id}"].blank?
|
||||
end
|
||||
not_hidden_messages.last
|
||||
|
@ -61,4 +69,31 @@ module BroadcastMessagesHelper
|
|||
def broadcast_type_options
|
||||
BroadcastMessage.broadcast_types.keys.map { |w| [w.humanize, w] }
|
||||
end
|
||||
|
||||
def target_access_level_options
|
||||
BroadcastMessage::ALLOWED_TARGET_ACCESS_LEVELS.map do |access_level|
|
||||
[Gitlab::Access.human_access(access_level), access_level]
|
||||
end
|
||||
end
|
||||
|
||||
def target_access_levels_display(access_levels)
|
||||
access_levels.map do |access_level|
|
||||
Gitlab::Access.human_access(access_level)
|
||||
end.join(', ')
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def current_user_access_level_for_project_or_group
|
||||
return if Feature.disabled?(:role_targeted_broadcast_messages, default_enabled: :yaml)
|
||||
return unless current_user.present?
|
||||
|
||||
strong_memoize(:current_user_access_level_for_project_or_group) do
|
||||
if controller.is_a? Projects::ApplicationController
|
||||
@project&.team&.max_member_access(current_user.id)
|
||||
elsif controller.is_a? Groups::ApplicationController
|
||||
@group&.max_member_access_for_user(current_user)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -4,12 +4,21 @@ class BroadcastMessage < ApplicationRecord
|
|||
include CacheMarkdownField
|
||||
include Sortable
|
||||
|
||||
ALLOWED_TARGET_ACCESS_LEVELS = [
|
||||
Gitlab::Access::GUEST,
|
||||
Gitlab::Access::REPORTER,
|
||||
Gitlab::Access::DEVELOPER,
|
||||
Gitlab::Access::MAINTAINER,
|
||||
Gitlab::Access::OWNER
|
||||
].freeze
|
||||
|
||||
cache_markdown_field :message, pipeline: :broadcast_message, whitelisted: true
|
||||
|
||||
validates :message, presence: true
|
||||
validates :starts_at, presence: true
|
||||
validates :ends_at, presence: true
|
||||
validates :broadcast_type, presence: true
|
||||
validates :target_access_levels, inclusion: { in: ALLOWED_TARGET_ACCESS_LEVELS }
|
||||
|
||||
validates :color, allow_blank: true, color: true
|
||||
validates :font, allow_blank: true, color: true
|
||||
|
@ -29,20 +38,20 @@ class BroadcastMessage < ApplicationRecord
|
|||
}
|
||||
|
||||
class << self
|
||||
def current_banner_messages(current_path = nil)
|
||||
fetch_messages BANNER_CACHE_KEY, current_path do
|
||||
def current_banner_messages(current_path: nil, user_access_level: nil)
|
||||
fetch_messages BANNER_CACHE_KEY, current_path, user_access_level do
|
||||
current_and_future_messages.banner
|
||||
end
|
||||
end
|
||||
|
||||
def current_notification_messages(current_path = nil)
|
||||
fetch_messages NOTIFICATION_CACHE_KEY, current_path do
|
||||
def current_notification_messages(current_path: nil, user_access_level: nil)
|
||||
fetch_messages NOTIFICATION_CACHE_KEY, current_path, user_access_level do
|
||||
current_and_future_messages.notification
|
||||
end
|
||||
end
|
||||
|
||||
def current(current_path = nil)
|
||||
fetch_messages CACHE_KEY, current_path do
|
||||
def current(current_path: nil, user_access_level: nil)
|
||||
fetch_messages CACHE_KEY, current_path, user_access_level do
|
||||
current_and_future_messages
|
||||
end
|
||||
end
|
||||
|
@ -63,7 +72,7 @@ class BroadcastMessage < ApplicationRecord
|
|||
|
||||
private
|
||||
|
||||
def fetch_messages(cache_key, current_path)
|
||||
def fetch_messages(cache_key, current_path, user_access_level)
|
||||
messages = cache.fetch(cache_key, as: BroadcastMessage, expires_in: cache_expires_in) do
|
||||
yield
|
||||
end
|
||||
|
@ -74,7 +83,13 @@ class BroadcastMessage < ApplicationRecord
|
|||
# displaying we'll refresh the cache so we don't need to keep filtering.
|
||||
cache.expire(cache_key) if now_or_future != messages
|
||||
|
||||
now_or_future.select(&:now?).select { |message| message.matches_current_path(current_path) }
|
||||
messages = now_or_future.select(&:now?)
|
||||
messages = messages.select do |message|
|
||||
message.matches_current_user_access_level?(user_access_level)
|
||||
end
|
||||
messages.select do |message|
|
||||
message.matches_current_path(current_path)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -102,6 +117,12 @@ class BroadcastMessage < ApplicationRecord
|
|||
now? || future?
|
||||
end
|
||||
|
||||
def matches_current_user_access_level?(user_access_level)
|
||||
return true if target_access_levels.empty?
|
||||
|
||||
target_access_levels.include? user_access_level
|
||||
end
|
||||
|
||||
def matches_current_path(current_path)
|
||||
return false if current_path.blank? && target_path.present?
|
||||
return true if current_path.blank? || target_path.blank?
|
||||
|
|
|
@ -86,7 +86,7 @@ class PostReceiveService
|
|||
banner = nil
|
||||
|
||||
if project
|
||||
scoped_messages = BroadcastMessage.current_banner_messages(project.full_path).select do |message|
|
||||
scoped_messages = BroadcastMessage.current_banner_messages(current_path: project.full_path).select do |message|
|
||||
message.target_path.present? && message.matches_current_path(project.full_path)
|
||||
end
|
||||
|
||||
|
|
|
@ -55,6 +55,14 @@
|
|||
= f.check_box :dismissable
|
||||
= f.label :dismissable do
|
||||
= _('Allow users to dismiss the broadcast message')
|
||||
- if Feature.enabled?(:role_targeted_broadcast_messages, default_enabled: :yaml)
|
||||
.form-group.row
|
||||
.col-sm-2.col-form-label
|
||||
= f.label :target_access_levels, _('Target roles')
|
||||
.col-sm-10
|
||||
= f.select :target_access_levels, target_access_level_options, { include_hidden: false }, multiple: true, class: 'form-control'
|
||||
.form-text.text-muted
|
||||
= _('The broadcast message displays only to users in projects and groups who have these roles.')
|
||||
.form-group.row.js-toggle-colors-container.toggle-colors.hide
|
||||
.col-sm-2.col-form-label
|
||||
= f.label :font, _("Font Color")
|
||||
|
|
|
@ -1,10 +1,11 @@
|
|||
- breadcrumb_title _("Messages")
|
||||
- page_title _("Broadcast Messages")
|
||||
- targeted_broadcast_messages_enabled = Feature.enabled?(:role_targeted_broadcast_messages, default_enabled: :yaml)
|
||||
|
||||
%h3.page-title
|
||||
= _('Broadcast Messages')
|
||||
%p.light
|
||||
= _('Broadcast messages are displayed for every user and can be used to notify users about scheduled maintenance, recent upgrades and more.')
|
||||
= _('Use banners and notifications to notify your users about scheduled maintenance, recent upgrades, and more.')
|
||||
|
||||
= render 'form'
|
||||
|
||||
|
@ -19,6 +20,8 @@
|
|||
%th= _('Preview')
|
||||
%th= _('Starts')
|
||||
%th= _('Ends')
|
||||
- if targeted_broadcast_messages_enabled
|
||||
%th= _('Target roles')
|
||||
%th= _('Target Path')
|
||||
%th= _('Type')
|
||||
%th
|
||||
|
@ -33,6 +36,9 @@
|
|||
= message.starts_at
|
||||
%td
|
||||
= message.ends_at
|
||||
- if targeted_broadcast_messages_enabled
|
||||
%td
|
||||
= target_access_levels_display(message.target_access_levels)
|
||||
%td
|
||||
= message.target_path
|
||||
%td
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
name: role_targeted_broadcast_messages
|
||||
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/77498
|
||||
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/351736
|
||||
milestone: '14.8'
|
||||
type: development
|
||||
group: group::activation
|
||||
default_enabled: false
|
16
data/deprecations/14-8-ci-build-variables.yml
Normal file
16
data/deprecations/14-8-ci-build-variables.yml
Normal file
|
@ -0,0 +1,16 @@
|
|||
- name: "`CI_BUILD_*` predefined variables"
|
||||
announcement_milestone: "14.8"
|
||||
announcement_date: "2021-02-22"
|
||||
removal_milestone: "15.0"
|
||||
removal_date: "2022-05-22"
|
||||
breaking_change: true
|
||||
reporter: dhershkovitch
|
||||
body: |
|
||||
The predefined CI/CD variables that start with `CI_BUILD_*` were deprecated in GitLab 9.0, and will be removed in GitLab 15.0. If you still use these variables, be sure to change to the current [`CI_JOB_*` predefined variables](https://docs.gitlab.com/ee/ci/variables/predefined_variables.html) which are identical (except for the updated name).
|
||||
# The following items are not published on the docs page, but may be used in the future.
|
||||
stage: Verify
|
||||
tiers: [Free, Premium, Ultimate]
|
||||
issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/352957
|
||||
documentation_url: https://docs.gitlab.com/ee/ci/variables/predefined_variables.html
|
||||
image_url: # (optional) This is a link to a thumbnail image depicting the feature
|
||||
video_url: # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
|
27
data/deprecations/14-8-sast-secret-analyzer-image.yml
Normal file
27
data/deprecations/14-8-sast-secret-analyzer-image.yml
Normal file
|
@ -0,0 +1,27 @@
|
|||
- name: "Secure and Protect analyzer images published in new location"
|
||||
announcement_milestone: "14.8"
|
||||
announcement_date: "2022-02-22"
|
||||
removal_milestone: "15.0"
|
||||
removal_date: "2022-05-22"
|
||||
breaking_change: true
|
||||
reporter: connorgilbert
|
||||
body: | # Do not modify this line, instead modify the lines below.
|
||||
GitLab uses various [analyzers](https://docs.gitlab.com/ee/user/application_security/terminology/#analyzer) to [scan for security vulnerabilities](https://docs.gitlab.com/ee/user/application_security/).
|
||||
Each analyzer is distributed as a container image.
|
||||
|
||||
Starting in GitLab 14.8, new versions of GitLab Secure and Protect analyzers are published to a new registry location under `registry.gitlab.com/security-products`.
|
||||
|
||||
We will update the default value of [GitLab-managed CI/CD templates](https://gitlab.com/gitlab-org/gitlab/-/tree/master/lib/gitlab/ci/templates/Security) to reflect this change:
|
||||
|
||||
- For all analyzers except Container Scanning, we will update the variable `SECURE_ANALYZERS_PREFIX` to the new image registry location.
|
||||
- For Container Scanning, the default image address is already updated. There is no `SECURE_ANALYZERS_PREFIX` variable for Container Scanning.
|
||||
|
||||
In a future release, we will stop publishing images to `registry.gitlab.com/gitlab-org/security-products/analyzers`.
|
||||
Once this happens, you must take action if you manually pull images and push them into a separate registry. This is commonly the case for [offline deployments](https://docs.gitlab.com/ee/user/application_security/offline_deployments/index.html).
|
||||
Otherwise, you won't receive further updates.
|
||||
|
||||
See the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/352564) for more details.
|
||||
# The following items are not published on the docs page, but may be used in the future.
|
||||
stage: Secure
|
||||
tiers: [Free, Silver, Gold, Core, Premium, Ultimate]
|
||||
issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/352564
|
28
data/deprecations/JTW_v2_update.yml
Normal file
28
data/deprecations/JTW_v2_update.yml
Normal file
|
@ -0,0 +1,28 @@
|
|||
# This is a template for a feature deprecation
|
||||
# A deprecation typically occurs when a feature or capability is planned to be removed in a future release.
|
||||
# Deprecations should be announced at least two releases prior to removal. Any breaking changes should only be done in major releases.
|
||||
#
|
||||
# Below is an example of what a single entry should look like, it's required attributes,
|
||||
# and what types we expect those attribute values to be.
|
||||
#
|
||||
# For more information please refer to the handbook documentation here:
|
||||
# https://about.gitlab.com/handbook/marketing/blog/release-posts/#deprecations
|
||||
#
|
||||
# Please delete this line and above before submitting your merge request.
|
||||
|
||||
- name: "Changes to the `CI_JOB_JWT`" # The name of the feature to be deprecated
|
||||
announcement_milestone: "14.8" # The milestone when this feature was first announced as deprecated.
|
||||
announcement_date: "2022-02-22" # The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
|
||||
removal_milestone: "15.0" # The milestone when this feature is planned to be removed
|
||||
removal_date: # The date of the milestone release when this feature is planned to be removed. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
|
||||
breaking_change: true # If this deprecation is a breaking change, set this value to true
|
||||
reporter: dhershkovitch # GitLab username of the person reporting the deprecation
|
||||
body: | # Do not modify this line, instead modify the lines below.
|
||||
The `CI_JOB_JWT` will be updated to support a wider variety of cloud providers. It will be changed to match [`CI_JOB_JWT_V2`](https://docs.gitlab.com/ee/ci/variables/predefined_variables.html), but this change may not be backwards compatible for all users, including Hashicorp Vault users. To maintain the current behavior, users can switch to using `CI_JOB_JWT_V1`, or update their configuration in GitLab 15.0 to use the improved `CI_JOB_JWT`.
|
||||
# The following items are not published on the docs page, but may be used in the future.
|
||||
stage: # (optional - may be required in the future) String value of the stage that the feature was created in. e.g., Growth
|
||||
tiers: # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
|
||||
issue_url: # (optional) This is a link to the deprecation issue in GitLab
|
||||
documentation_url: # (optional) This is a link to the current documentation page
|
||||
image_url: # (optional) This is a link to a thumbnail image depicting the feature
|
||||
video_url: # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
|
|
@ -1,4 +1,4 @@
|
|||
- name: "Deprecations for Dependency Scanning"
|
||||
- name: "Dependency Scanning"
|
||||
removal_date: "2021-06-22"
|
||||
removal_milestone: "14.0"
|
||||
reporter: nicoleschwartz
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
- name: "Removals for License Compliance"
|
||||
- name: "License Compliance"
|
||||
removal_date: "2021-06-22"
|
||||
removal_milestone: "14.0"
|
||||
reporter: nicoleschwartz
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
- name: "Remove `?w=1` URL parameter to ignore whitespace changes"
|
||||
- name: "`?w=1` URL parameter to ignore whitespace changes"
|
||||
removal_date: "2021-06-22"
|
||||
removal_milestone: "14.0"
|
||||
reporter: phikai
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
- name: "New Terraform template version"
|
||||
- name: "Terraform template version"
|
||||
removal_date: "2021-06-22"
|
||||
removal_milestone: "14.0" # example
|
||||
issue_url: ""
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
- name: "Update CI/CD templates to stop using hardcoded `master`"
|
||||
- name: "Hardcoded `master` in CI/CD templates"
|
||||
reporter: dhershkovitch
|
||||
removal_date: "2021-06-22"
|
||||
removal_milestone: "14.0"
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
- name: "Service Templates removed"
|
||||
- name: "Service Templates"
|
||||
removal_date: "2021-06-22"
|
||||
removal_milestone: "14.0"
|
||||
reporter: deuley
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
- name: "Removal of release description in the Tags API"
|
||||
- name: "Release description in the Tags API"
|
||||
reporter: kbychu
|
||||
removal_date: "2021-06-22"
|
||||
removal_milestone: "14.0"
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
- name: "Update Auto Deploy template version"
|
||||
- name: "Auto Deploy CI template v1"
|
||||
reporter: kbychu
|
||||
removal_date: "2021-06-22"
|
||||
removal_milestone: "14.0"
|
||||
issue_url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/300862'
|
||||
breaking_change: true
|
||||
body: |
|
||||
In GitLab 14.0, we will update the [Auto Deploy](https://docs.gitlab.com/ee/topics/autodevops/stages.html#auto-deploy) CI template to the latest version. This includes new features, bug fixes, and performance improvements with a dependency on the v2 [auto-deploy-image](https://gitlab.com/gitlab-org/cluster-integration/auto-deploy-image). Auto Deploy CI template v1 will is deprecated going forward.
|
||||
In GitLab 14.0, we will update the [Auto Deploy](https://docs.gitlab.com/ee/topics/autodevops/stages.html#auto-deploy) CI template to the latest version. This includes new features, bug fixes, and performance improvements with a dependency on the v2 [auto-deploy-image](https://gitlab.com/gitlab-org/cluster-integration/auto-deploy-image). Auto Deploy CI template v1 is deprecated going forward.
|
||||
|
||||
Since the v1 and v2 versions are not backward-compatible, your project might encounter an unexpected failure if you already have a deployed application. Follow the [upgrade guide](https://docs.gitlab.com/ee/topics/autodevops/upgrading_auto_deploy_dependencies.html#upgrade-guide) to upgrade your environments. You can also start using the latest template today by following the [early adoption guide](https://docs.gitlab.com/ee/topics/autodevops/upgrading_auto_deploy_dependencies.html#early-adopters).
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
- name: "Remove disk source configuration for GitLab Pages"
|
||||
- name: "Disk source configuration for GitLab Pages"
|
||||
reporter: kbychu
|
||||
removal_date: "2021-06-22"
|
||||
removal_milestone: "14.0"
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
- name: "Legacy feature flags removed"
|
||||
- name: "Legacy feature flags"
|
||||
reporter: kbychu
|
||||
removal_date: "2021-06-22"
|
||||
removal_milestone: "14.0"
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
- name: "Remove redundant timestamp field from DORA metrics API payload"
|
||||
- name: "Redundant timestamp field from DORA metrics API payload"
|
||||
reporter: kbychu
|
||||
removal_date: "2021-06-22"
|
||||
removal_milestone: "14.0"
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
- name: "Geo Foreign Data Wrapper settings removed"
|
||||
- name: "Geo Foreign Data Wrapper settings"
|
||||
removal_date: "2021-06-22"
|
||||
removal_milestone: "14.0"
|
||||
reporter: fzimmer
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
- name: "Deprecated GraphQL fields have been removed"
|
||||
- name: "Deprecated GraphQL fields"
|
||||
removal_date: "2021-06-22"
|
||||
removal_milestone: "14.0"
|
||||
reporter: gweaver
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
- name: "Legacy storage removed"
|
||||
- name: "Legacy storage"
|
||||
removal_date: "2021-06-22"
|
||||
removal_milestone: "14.0"
|
||||
reporter: fzimmer
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
- name: Sidekiq queue selector options no longer accept the 'experimental' prefix
|
||||
- name: Experimental prefix in Sidekiq queue selector options
|
||||
removal_date: "2021-06-22"
|
||||
removal_milestone: "14.0"
|
||||
reporter: smcgivern
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
- name: "Unicorn removed in favor of Puma for GitLab self-managed"
|
||||
- name: "Unicorn in GitLab self-managed"
|
||||
removal_date: "2021-06-22"
|
||||
removal_milestone: "14.0"
|
||||
reporter: fzimmer
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
- name: "`CI_PROJECT_CONFIG_PATH` variable has been removed"
|
||||
- name: "`CI_PROJECT_CONFIG_PATH` variable"
|
||||
removal_date: "2021-06-22"
|
||||
removal_milestone: "14.0"
|
||||
reporter: stkerr
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
Until GitLab 13.9, if you wanted to avoid running one particular GitLab SAST analyzer, you needed to remove it from the [long string of analyzers in the `SAST.gitlab-ci.yml` file](https://gitlab.com/gitlab-org/gitlab/-/blob/390afc431e7ce1ac253b35beb39f19e49c746bff/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml#L12) and use that to set the [`SAST_DEFAULT_ANALYZERS`](https://docs.gitlab.com/ee/user/application_security/sast/#docker-images) variable in your project's CI file. If you did this, it would exclude you from future new analyzers because this string hard codes the list of analyzers to execute. We avoid this problem by inverting this variable's logic to exclude, rather than choose default analyzers.
|
||||
Beginning with 13.9, [we migrated](https://gitlab.com/gitlab-org/gitlab/-/blob/14fed7a33bfdbd4663d8928e46002a5ef3e3282c/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml#L13) to `SAST_EXCLUDED_ANALYZERS` in our `SAST.gitlab-ci.yml` file. We encourage anyone who uses a [customized SAST configuration](https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings) in their project CI file to migrate to this new variable. If you have not overridden `SAST_DEFAULT_ANALYZERS`, no action is needed. The CI/CD variable `SAST_DEFAULT_ANALYZERS` has been removed in GitLab 14.0, which released on June 22, 2021.
|
||||
|
||||
- name: "Remove `secret_detection_default_branch` job"
|
||||
- name: "`secret_detection_default_branch` job"
|
||||
reporter: tmccaslin
|
||||
removal_date: "2021-06-22"
|
||||
removal_milestone: "14.0"
|
||||
|
@ -18,8 +18,7 @@
|
|||
To ensure Secret Detection was scanning both default branches and feature branches, we introduced two separate secret detection CI jobs (`secret_detection_default_branch` and `secret_detection`) in our managed [`Secret-Detection.gitlab-ci.yml`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml) template. These two CI jobs created confusion and complexity in the CI rules logic. This deprecation moves the `rule` logic into the `script` section, which then determines how the `secret_detection` job is run (historic, on a branch, commits, etc).
|
||||
If you override or maintain custom versions of `SAST.gitlab-ci.yml` or `Secret-Detection.gitlab-ci.yml`, you must update your CI templates. We strongly encourage [inheriting and overriding our managed CI templates](https://docs.gitlab.com/ee/user/application_security/secret_detection/#custom-settings-example) to future-proof your CI templates. GitLab 14.0 no longer supports the old `secret_detection_default_branch` job.
|
||||
|
||||
- name: "Remove SAST analyzer `SAST_GOSEC_CONFIG` variable in favor of
|
||||
custom rulesets"
|
||||
- name: "SAST analyzer `SAST_GOSEC_CONFIG` variable"
|
||||
reporter: tmccaslin
|
||||
removal_date: "2021-06-22"
|
||||
removal_milestone: "14.0"
|
||||
|
@ -29,7 +28,7 @@
|
|||
With the release of [SAST Custom Rulesets](https://docs.gitlab.com/ee/user/application_security/sast/#customize-rulesets) in GitLab 13.5 we allow greater flexibility in configuration options for our Go analyzer (GoSec). As a result we no longer plan to support our less flexible [`SAST_GOSEC_CONFIG`](https://docs.gitlab.com/ee/user/application_security/sast/#analyzer-settings) analyzer setting. This variable was deprecated in GitLab 13.10.
|
||||
GitLab 14.0 removes the old `SAST_GOSEC_CONFIG variable`. If you use or override `SAST_GOSEC_CONFIG` in your CI file, update your SAST CI configuration or pin to an older version of the GoSec analyzer. We strongly encourage [inheriting and overriding our managed CI templates](https://docs.gitlab.com/ee/user/application_security/sast/#overriding-sast-jobs) to future-proof your CI templates.
|
||||
|
||||
- name: "Removed Global `SAST_ANALYZER_IMAGE_TAG` in SAST CI template"
|
||||
- name: "Global `SAST_ANALYZER_IMAGE_TAG` in SAST CI template"
|
||||
reporter: tmccaslin
|
||||
removal_date: "2021-06-22"
|
||||
removal_milestone: "14.0"
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
- name: "Remove off peak time mode configuration for Docker Machine autoscaling"
|
||||
- name: "Off peak time mode configuration for Docker Machine autoscaling"
|
||||
removal_date: "2021-06-22"
|
||||
removal_milestone: "14.0"
|
||||
reporter: deastman
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
- name: "Remove Ubuntu 19.10 (Eoan Ermine) package"
|
||||
- name: "Ubuntu 19.10 (Eoan Ermine) package"
|
||||
removal_date: "2021-06-22"
|
||||
removal_milestone: "14.0"
|
||||
reporter: deastman
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
- name: "Remove `FF_SHELL_EXECUTOR_USE_LEGACY_PROCESS_KILL` feature flag"
|
||||
- name: "`FF_SHELL_EXECUTOR_USE_LEGACY_PROCESS_KILL` feature flag"
|
||||
removal_date: "2021-06-22"
|
||||
removal_milestone: "14.0"
|
||||
reporter: deastman
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
- name: "Remove `/usr/lib/gitlab-runner` symlink from package"
|
||||
- name: "`/usr/lib/gitlab-runner` symlink from package"
|
||||
removal_date: "2021-06-22"
|
||||
removal_milestone: "14.0"
|
||||
reporter: deastman
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
- name: "Remove `FF_RESET_HELPER_IMAGE_ENTRYPOINT` feature flag"
|
||||
- name: "`FF_RESET_HELPER_IMAGE_ENTRYPOINT` feature flag"
|
||||
removal_date: "2021-06-22"
|
||||
removal_milestone: "14.0"
|
||||
reporter: deastman
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
- name: "Remove success and failure for finished build metric conversion"
|
||||
- name: "Success and failure for finished build metric conversion"
|
||||
removal_date: "2021-06-22"
|
||||
removal_milestone: "14.0"
|
||||
reporter: deastman
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
- name: "Remove `FF_USE_GO_CLOUD_WITH_CACHE_ARCHIVER` feature flag"
|
||||
- name: "`FF_USE_GO_CLOUD_WITH_CACHE_ARCHIVER` feature flag"
|
||||
removal_date: "2021-06-22"
|
||||
removal_milestone: "14.0"
|
||||
reporter: deastman
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
- name: "Remove support for Windows Server 1903 image"
|
||||
- name: "Windows Server 1903 image support"
|
||||
removal_date: "2021-06-22"
|
||||
removal_milestone: "14.0"
|
||||
reporter: deastman
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
- name: "Remove support for Windows Server 1909 image"
|
||||
- name: "Windows Server 1909 image support"
|
||||
removal_date: "2021-06-22"
|
||||
removal_milestone: "14.0"
|
||||
reporter: deastman
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
- name: "Gitaly Cluster SQL primary elector has been removed"
|
||||
- name: "Gitaly Cluster SQL primary elector"
|
||||
removal_date: "2021-06-22"
|
||||
removal_milestone: "14.0"
|
||||
reporter: mjwood
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
- name: "Remove legacy DAST domain validation"
|
||||
- name: "Legacy DAST domain validation"
|
||||
removal_date: "2021-06-22"
|
||||
removal_milestone: "14.0"
|
||||
reporter: derekferguson
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
- name: "Removal of legacy fields from DAST report"
|
||||
- name: "Legacy fields from DAST report"
|
||||
removal_date: "2021-06-22"
|
||||
removal_milestone: "14.0"
|
||||
reporter: derekferguson
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
- name: "Remove DAST default template stages"
|
||||
- name: "DAST default template stages"
|
||||
removal_date: "2021-06-22"
|
||||
removal_milestone: "14.0"
|
||||
reporter: derekferguson
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
- name: "Segments removed from DevOps Adoption API"
|
||||
- name: "DevOps Adoption API Segments"
|
||||
removal_date: "2021-06-22"
|
||||
removal_milestone: "14.0"
|
||||
reporter: ljlane
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
- name: "Removal of deprecated `trace` parameter from `jobs` API endpoint"
|
||||
- name: "`trace` parameter in `jobs` API"
|
||||
removal_date: "2021-06-22"
|
||||
removal_milestone: "14.0"
|
||||
reporter: jreporter
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
#
|
||||
# Please delete this line and above before submitting your merge request.
|
||||
|
||||
- name: "Announcement headline" # The headline announcing the removal. i.e. "`CI_PROJECT_CONFIG_PATH` removed in Gitlab 14.0"
|
||||
- name: "Feature name" # the name of the feature being removed. Avoid the words `deprecation`, `deprecate`, `removal`, and `remove` in this field because these are implied.
|
||||
announcement_milestone: "XX.YY" # The milestone when this feature was deprecated.
|
||||
announcement_date: "YYYY-MM-DD" # The date of the milestone release when this feature was deprecated. This should almost always be the 22nd of a month (YYYY-MM-DD), unless you did an out of band blog post.
|
||||
removal_milestone: "XX.YY" # The milestone when this feature is being removed.
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
class AddTargetAccessLevelsToBroadcastMessages < Gitlab::Database::Migration[1.0]
|
||||
def change
|
||||
add_column :broadcast_messages, :target_access_levels, :integer, array: true, null: false, default: []
|
||||
end
|
||||
end
|
|
@ -0,0 +1,60 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
# Reproduce the indices on integrations.type on integrations.type_new
|
||||
class CreateIndexesOnIntegrationTypeNew < Gitlab::Database::Migration[1.0]
|
||||
disable_ddl_transaction!
|
||||
|
||||
TABLE_NAME = :integrations
|
||||
COLUMN = :type_new
|
||||
|
||||
def indices
|
||||
[
|
||||
{
|
||||
name: "index_integrations_on_project_and_#{COLUMN}_where_inherit_null",
|
||||
columns: [:project_id, COLUMN],
|
||||
where: 'inherit_from_id IS NULL'
|
||||
},
|
||||
{
|
||||
name: "index_integrations_on_project_id_and_#{COLUMN}_unique",
|
||||
columns: [:project_id, COLUMN],
|
||||
unique: true
|
||||
},
|
||||
{
|
||||
name: "index_integrations_on_#{COLUMN}",
|
||||
columns: [COLUMN]
|
||||
},
|
||||
{
|
||||
name: "index_integrations_on_#{COLUMN}_and_instance_partial",
|
||||
columns: [COLUMN, :instance],
|
||||
where: 'instance = true'
|
||||
},
|
||||
{
|
||||
name: "index_integrations_on_#{COLUMN}_and_template_partial",
|
||||
columns: [COLUMN, :template],
|
||||
where: 'template = true'
|
||||
},
|
||||
{
|
||||
# column names are limited to 63 characters, so this one is re-worded for clarity
|
||||
name: "index_integrations_on_#{COLUMN}_id_when_active_and_has_project",
|
||||
columns: [COLUMN, :id],
|
||||
where: '((active = true) AND (project_id IS NOT NULL))'
|
||||
},
|
||||
{
|
||||
name: "index_integrations_on_unique_group_id_and_#{COLUMN}",
|
||||
columns: [:group_id, COLUMN]
|
||||
}
|
||||
]
|
||||
end
|
||||
|
||||
def up
|
||||
indices.each do |index|
|
||||
add_concurrent_index TABLE_NAME, index[:columns], index.except(:columns)
|
||||
end
|
||||
end
|
||||
|
||||
def down
|
||||
indices.each do |index|
|
||||
remove_concurrent_index_by_name TABLE_NAME, index[:name]
|
||||
end
|
||||
end
|
||||
end
|
1
db/schema_migrations/20220128081329
Normal file
1
db/schema_migrations/20220128081329
Normal file
|
@ -0,0 +1 @@
|
|||
6e273d5b92595ae6054b0665b4ff446fb2bed24ff1aab122537833dc8f4d9ab8
|
1
db/schema_migrations/20220213104531
Normal file
1
db/schema_migrations/20220213104531
Normal file
|
@ -0,0 +1 @@
|
|||
9ce8aa469b9469d25fbba52147e24c95f6242c2ab1e114df8baaf5a45268d2fd
|
|
@ -11364,7 +11364,8 @@ CREATE TABLE broadcast_messages (
|
|||
cached_markdown_version integer,
|
||||
target_path character varying(255),
|
||||
broadcast_type smallint DEFAULT 1 NOT NULL,
|
||||
dismissable boolean
|
||||
dismissable boolean,
|
||||
target_access_levels integer[] DEFAULT '{}'::integer[] NOT NULL
|
||||
);
|
||||
|
||||
CREATE SEQUENCE broadcast_messages_id_seq
|
||||
|
@ -26665,8 +26666,12 @@ CREATE INDEX index_insights_on_project_id ON insights USING btree (project_id);
|
|||
|
||||
CREATE INDEX index_integrations_on_inherit_from_id ON integrations USING btree (inherit_from_id);
|
||||
|
||||
CREATE INDEX index_integrations_on_project_and_type_new_where_inherit_null ON integrations USING btree (project_id, type_new) WHERE (inherit_from_id IS NULL);
|
||||
|
||||
CREATE INDEX index_integrations_on_project_and_type_where_inherit_null ON integrations USING btree (project_id, type) WHERE (inherit_from_id IS NULL);
|
||||
|
||||
CREATE UNIQUE INDEX index_integrations_on_project_id_and_type_new_unique ON integrations USING btree (project_id, type_new);
|
||||
|
||||
CREATE UNIQUE INDEX index_integrations_on_project_id_and_type_unique ON integrations USING btree (project_id, type);
|
||||
|
||||
CREATE INDEX index_integrations_on_template ON integrations USING btree (template);
|
||||
|
@ -26679,8 +26684,18 @@ CREATE UNIQUE INDEX index_integrations_on_type_and_template_partial ON integrati
|
|||
|
||||
CREATE INDEX index_integrations_on_type_id_when_active_and_project_id_not_nu ON integrations USING btree (type, id) WHERE ((active = true) AND (project_id IS NOT NULL));
|
||||
|
||||
CREATE INDEX index_integrations_on_type_new ON integrations USING btree (type_new);
|
||||
|
||||
CREATE INDEX index_integrations_on_type_new_and_instance_partial ON integrations USING btree (type_new, instance) WHERE (instance = true);
|
||||
|
||||
CREATE INDEX index_integrations_on_type_new_and_template_partial ON integrations USING btree (type_new, template) WHERE (template = true);
|
||||
|
||||
CREATE INDEX index_integrations_on_type_new_id_when_active_and_has_project ON integrations USING btree (type_new, id) WHERE ((active = true) AND (project_id IS NOT NULL));
|
||||
|
||||
CREATE UNIQUE INDEX index_integrations_on_unique_group_id_and_type ON integrations USING btree (group_id, type);
|
||||
|
||||
CREATE INDEX index_integrations_on_unique_group_id_and_type_new ON integrations USING btree (group_id, type_new);
|
||||
|
||||
CREATE INDEX index_internal_ids_on_namespace_id ON internal_ids USING btree (namespace_id);
|
||||
|
||||
CREATE INDEX index_internal_ids_on_project_id ON internal_ids USING btree (project_id);
|
||||
|
|
|
@ -727,6 +727,18 @@ The `merged_by` field in the [merge request API](https://docs.gitlab.com/ee/api/
|
|||
|
||||
## 14.8
|
||||
|
||||
### Changes to the `CI_JOB_JWT`
|
||||
|
||||
WARNING:
|
||||
This feature will be changed or removed in 15.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
The `CI_JOB_JWT` will be updated to support a wider variety of cloud providers. It will be changed to match [`CI_JOB_JWT_V2`](https://docs.gitlab.com/ee/ci/variables/predefined_variables.html), but this change may not be backwards compatible for all users, including Hashicorp Vault users. To maintain the current behavior, users can switch to using `CI_JOB_JWT_V1`, or update their configuration in GitLab 15.0 to use the improved `CI_JOB_JWT`.
|
||||
|
||||
**Planned removal milestone: 15.0 ()**
|
||||
|
||||
### Configurable Gitaly `per_repository` election strategy
|
||||
|
||||
Configuring the `per_repository` Gitaly election strategy is [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/352612).
|
||||
|
@ -1247,6 +1259,32 @@ For further details, see [the deprecation issue for this change](https://gitlab.
|
|||
|
||||
**Planned removal milestone: 15.0 (2022-05-22)**
|
||||
|
||||
### Secure and Protect analyzer images published in new location
|
||||
|
||||
WARNING:
|
||||
This feature will be changed or removed in 15.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
GitLab uses various [analyzers](https://docs.gitlab.com/ee/user/application_security/terminology/#analyzer) to [scan for security vulnerabilities](https://docs.gitlab.com/ee/user/application_security/).
|
||||
Each analyzer is distributed as a container image.
|
||||
|
||||
Starting in GitLab 14.8, new versions of GitLab Secure and Protect analyzers are published to a new registry location under `registry.gitlab.com/security-products`.
|
||||
|
||||
We will update the default value of [GitLab-managed CI/CD templates](https://gitlab.com/gitlab-org/gitlab/-/tree/master/lib/gitlab/ci/templates/Security) to reflect this change:
|
||||
|
||||
- For all analyzers except Container Scanning, we will update the variable `SECURE_ANALYZERS_PREFIX` to the new image registry location.
|
||||
- For Container Scanning, the default image address is already updated. There is no `SECURE_ANALYZERS_PREFIX` variable for Container Scanning.
|
||||
|
||||
In a future release, we will stop publishing images to `registry.gitlab.com/gitlab-org/security-products/analyzers`.
|
||||
Once this happens, you must take action if you manually pull images and push them into a separate registry. This is commonly the case for [offline deployments](https://docs.gitlab.com/ee/user/application_security/offline_deployments/index.html).
|
||||
Otherwise, you won't receive further updates.
|
||||
|
||||
See the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/352564) for more details.
|
||||
|
||||
**Planned removal milestone: 15.0 (2022-05-22)**
|
||||
|
||||
### Support for gRPC-aware proxy deployed between Gitaly and rest of GitLab
|
||||
|
||||
WARNING:
|
||||
|
@ -1305,6 +1343,18 @@ The new security approvals feature is similar to vulnerability check. For exampl
|
|||
|
||||
**Planned removal milestone: 15.0 (2022-05-22)**
|
||||
|
||||
### `CI_BUILD_*` predefined variables
|
||||
|
||||
WARNING:
|
||||
This feature will be changed or removed in 15.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
The predefined CI/CD variables that start with `CI_BUILD_*` were deprecated in GitLab 9.0, and will be removed in GitLab 15.0. If you still use these variables, be sure to change to the current [`CI_JOB_*` predefined variables](https://docs.gitlab.com/ee/ci/variables/predefined_variables.html) which are identical (except for the updated name).
|
||||
|
||||
**Planned removal milestone: 15.0 (2022-05-22)**
|
||||
|
||||
### `fixup!` commit messages setting draft status of associated Merge Request
|
||||
|
||||
The use of `fixup!` as a commit message to trigger draft status
|
||||
|
|
|
@ -30,6 +30,18 @@ For removal reviewers (Technical Writers only):
|
|||
|
||||
## 14.0
|
||||
|
||||
### Auto Deploy CI template v1
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
In GitLab 14.0, we will update the [Auto Deploy](https://docs.gitlab.com/ee/topics/autodevops/stages.html#auto-deploy) CI template to the latest version. This includes new features, bug fixes, and performance improvements with a dependency on the v2 [auto-deploy-image](https://gitlab.com/gitlab-org/cluster-integration/auto-deploy-image). Auto Deploy CI template v1 is deprecated going forward.
|
||||
|
||||
Since the v1 and v2 versions are not backward-compatible, your project might encounter an unexpected failure if you already have a deployed application. Follow the [upgrade guide](https://docs.gitlab.com/ee/topics/autodevops/upgrading_auto_deploy_dependencies.html#upgrade-guide) to upgrade your environments. You can also start using the latest template today by following the [early adoption guide](https://docs.gitlab.com/ee/topics/autodevops/upgrading_auto_deploy_dependencies.html#early-adopters).
|
||||
|
||||
### Breaking changes to Terraform CI template
|
||||
|
||||
WARNING:
|
||||
|
@ -64,6 +76,16 @@ changes to your code, settings, or workflow.
|
|||
|
||||
Clair, the default container scanning engine, was deprecated in GitLab 13.9 and is removed from GitLab 14.0 and replaced by Trivy. We advise customers who are customizing variables for their container scanning job to [follow these instructions](https://docs.gitlab.com/ee/user/application_security/container_scanning/#change-scanners) to ensure that their container scanning jobs continue to work.
|
||||
|
||||
### DAST default template stages
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
In GitLab 14.0, we've removed the stages defined in the current `DAST.gitlab-ci.yml` template to avoid the situation where the template overrides manual changes made by DAST users. We're making this change in response to customer issues where the stages in the template cause problems when used with customized DAST configurations. Because of this removal, `gitlab-ci.yml` configurations that do not specify a `dast` stage must be updated to include this stage.
|
||||
|
||||
### DAST environment variable renaming and removal
|
||||
|
||||
WARNING:
|
||||
|
@ -119,7 +141,21 @@ GitLab has already introduced changes that allow you to change the default branc
|
|||
|
||||
For more information, check out our [blog post](https://about.gitlab.com/blog/2021/03/10/new-git-default-branch-name/).
|
||||
|
||||
### Deprecated GraphQL fields have been removed
|
||||
### Dependency Scanning
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
As mentioned in [13.9](https://about.gitlab.com/releases/2021/02/22/gitlab-13-9-released/#deprecations-for-dependency-scanning) and [this blog post](https://about.gitlab.com/blog/2021/02/08/composition-analysis-14-deprecations-and-removals/) several removals for Dependency Scanning take effect.
|
||||
|
||||
Previously, to exclude a DS analyzer, you needed to remove it from the default list of analyzers, and use that to set the `DS_DEFAULT_ANALYZERS` variable in your project’s CI template. We determined it should be easier to avoid running a particular analyzer without losing the benefit of newly added analyzers. As a result, we ask you to migrate from `DS_DEFAULT_ANALYZERS` to `DS_EXCLUDED_ANALYZERS` when it is available. Read about it in [issue #287691](https://gitlab.com/gitlab-org/gitlab/-/issues/287691).
|
||||
|
||||
Previously, to prevent the Gemnasium analyzers to fetch the advisory database at runtime, you needed to set the `GEMNASIUM_DB_UPDATE` variable. However, this is not documented properly, and its naming is inconsistent with the equivalent `BUNDLER_AUDIT_UPDATE_DISABLED` variable. As a result, we ask you to migrate from `GEMNASIUM_DB_UPDATE` to `GEMNASIUM_UPDATE_DISABLED` when it is available. Read about it in [issue #215483](https://gitlab.com/gitlab-org/gitlab/-/issues/215483).
|
||||
|
||||
### Deprecated GraphQL fields
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
|
@ -136,7 +172,7 @@ In accordance with our [GraphQL deprecation and removal process](https://docs.gi
|
|||
- `DeprecatedMutations (concern**)` - `AddAwardEmoji`, `RemoveAwardEmoji`, `ToggleAwardEmoji`
|
||||
- `EE::Types::DeprecatedMutations (concern***)` - `Mutations::Pipelines::RunDastScan`, `Mutations::Vulnerabilities::Dismiss`, `Mutations::Vulnerabilities::RevertToDetected`
|
||||
|
||||
### Deprecations for Dependency Scanning
|
||||
### DevOps Adoption API Segments
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
|
@ -144,11 +180,29 @@ as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#brea
|
|||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
As mentioned in [13.9](https://about.gitlab.com/releases/2021/02/22/gitlab-13-9-released/#deprecations-for-dependency-scanning) and [this blog post](https://about.gitlab.com/blog/2021/02/08/composition-analysis-14-deprecations-and-removals/) several removals for Dependency Scanning take effect.
|
||||
The first release of the DevOps Adoption report had a concept of **Segments**. Segments were [quickly removed from the report](https://gitlab.com/groups/gitlab-org/-/epics/5251) because they introduced an additional layer of complexity on top of **Groups** and **Projects**. Subsequent iterations of the DevOps Adoption report focus on comparing adoption across groups rather than segments. GitLab 14.0 removes all references to **Segments** [from the GraphQL API](https://gitlab.com/gitlab-org/gitlab/-/issues/324414) and replaces them with **Enabled groups**.
|
||||
|
||||
Previously, to exclude a DS analyzer, you needed to remove it from the default list of analyzers, and use that to set the `DS_DEFAULT_ANALYZERS` variable in your project’s CI template. We determined it should be easier to avoid running a particular analyzer without losing the benefit of newly added analyzers. As a result, we ask you to migrate from `DS_DEFAULT_ANALYZERS` to `DS_EXCLUDED_ANALYZERS` when it is available. Read about it in [issue #287691](https://gitlab.com/gitlab-org/gitlab/-/issues/287691).
|
||||
### Disk source configuration for GitLab Pages
|
||||
|
||||
Previously, to prevent the Gemnasium analyzers to fetch the advisory database at runtime, you needed to set the `GEMNASIUM_DB_UPDATE` variable. However, this is not documented properly, and its naming is inconsistent with the equivalent `BUNDLER_AUDIT_UPDATE_DISABLED` variable. As a result, we ask you to migrate from `GEMNASIUM_DB_UPDATE` to `GEMNASIUM_UPDATE_DISABLED` when it is available. Read about it in [issue #215483](https://gitlab.com/gitlab-org/gitlab/-/issues/215483).
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
GitLab Pages [API-based configuration](https://docs.gitlab.com/ee/administration/pages/#gitlab-api-based-configuration) has been available since GitLab 13.0. It replaces the unsupported `disk` source configuration removed in GitLab 14.0, which can no longer be chosen. You should stop using `disk` source configuration, and move to `gitlab` for an API-based configuration. To migrate away from the 'disk' source configuration, set `gitlab_pages['domain_config_source'] = "gitlab"` in your `/etc/gitlab/gitlab.rb` file. We recommend you migrate before updating to GitLab 14.0, to identify and troubleshoot any potential problems before upgrading.
|
||||
|
||||
### Experimental prefix in Sidekiq queue selector options
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
GitLab supports a [queue selector](https://docs.gitlab.com/ee/administration/operations/extra_sidekiq_processes.html#queue-selector) to run only a subset of background jobs for a given process. When it was introduced, this option had an 'experimental' prefix (`experimental_queue_selector` in Omnibus, `experimentalQueueSelector` in Helm charts).
|
||||
|
||||
As announced in the [13.6 release post](https://about.gitlab.com/releases/2020/11/22/gitlab-13-6-released/#sidekiq-cluster-queue-selector-configuration-option-has-been-renamed), the 'experimental' prefix is no longer supported. Instead, `queue_selector` for Omnibus and `queueSelector` in Helm charts should be used.
|
||||
|
||||
### External Pipeline Validation Service Code Changes
|
||||
|
||||
|
@ -160,7 +214,7 @@ changes to your code, settings, or workflow.
|
|||
|
||||
For self-managed instances using the experimental [external pipeline validation service](https://docs.gitlab.com/ee/administration/external_pipeline_validation.html), the range of error codes GitLab accepts will be reduced. Currently, pipelines are invalidated when the validation service returns a response code from `400` to `499`. In GitLab 14.0 and later, pipelines will be invalidated for the `406: Not Accepted` response code only.
|
||||
|
||||
### Geo Foreign Data Wrapper settings removed
|
||||
### Geo Foreign Data Wrapper settings
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
|
@ -207,7 +261,7 @@ changes to your code, settings, or workflow.
|
|||
|
||||
In GitLab Runner 14.0, the installation process will ignore the `skel` directory by default when creating the user home directory. Refer to [issue #4845](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/4845) for details.
|
||||
|
||||
### Gitaly Cluster SQL primary elector has been removed
|
||||
### Gitaly Cluster SQL primary elector
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
|
@ -220,6 +274,30 @@ The `per_repository` election strategy is the new default, which is automaticall
|
|||
|
||||
If you had configured the `sql` election strategy, you must follow the [migration instructions](https://docs.gitlab.com/ee/administration/gitaly/praefect.html#migrate-to-repository-specific-primary-gitaly-nodes) before upgrading to 14.0.
|
||||
|
||||
### Global `SAST_ANALYZER_IMAGE_TAG` in SAST CI template
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
With the maturity of GitLab Secure scanning tools, we've needed to add more granularity to our release process. Previously, GitLab shared a major version number for [all analyzers and tools](https://docs.gitlab.com/ee/user/application_security/sast/#supported-languages-and-frameworks). This requires all tools to share a major version, and prevents the use of [semantic version numbering](https://semver.org/). In GitLab 14.0, SAST removes the `SAST_ANALYZER_IMAGE_TAG` global variable in our [managed `SAST.gitlab-ci.yml`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml) CI template, in favor of the analyzer job variable setting the `major.minor` tag in the SAST vendored template.
|
||||
|
||||
Each analyzer job now has a scoped `SAST_ANALYZER_IMAGE_TAG` variable, which will be actively managed by GitLab and set to the `major` tag for the respective analyzer. To pin to a specific version, [change the variable value to the specific version tag](https://docs.gitlab.com/ee/user/application_security/sast/#pinning-to-minor-image-version).
|
||||
If you override or maintain custom versions of `SAST.gitlab-ci.yml`, update your CI templates to stop referencing the global `SAST_ANALYZER_IMAGE_TAG`, and move it to a scoped analyzer job tag. We strongly encourage [inheriting and overriding our managed CI templates](https://docs.gitlab.com/ee/user/application_security/sast/#overriding-sast-jobs) to future-proof your CI templates. This change allows you to more granularly control future analyzer updates with a pinned `major.minor` version.
|
||||
This deprecation and removal changes our [previously announced plan](https://about.gitlab.com/releases/2021/02/22/gitlab-13-9-released/#pin-static-analysis-analyzers-and-tools-to-minor-versions) to pin the Static Analysis tools.
|
||||
|
||||
### Hardcoded `master` in CI/CD templates
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
Our CI/CD templates have been updated to no longer use hard-coded references to a `master` branch. In 14.0, they all use a variable that points to your project's configured default branch instead. If your CI/CD pipeline relies on our built-in templates, verify that this change works with your current configuration. For example, if you have a `master` branch and a different default branch, the updates to the templates may cause changes to your pipeline behavior. For more information, [read the issue](https://gitlab.com/gitlab-org/gitlab/-/issues/324131).
|
||||
|
||||
### Helm v2 support
|
||||
|
||||
WARNING:
|
||||
|
@ -232,7 +310,19 @@ Helm v2 was [officially deprecated](https://helm.sh/blog/helm-v2-deprecation-tim
|
|||
|
||||
Users of the chart should [upgrade to Helm v3](https://helm.sh/docs/topics/v2_v3_migration/) to deploy GitLab 14.0 and later.
|
||||
|
||||
### Legacy feature flags removed
|
||||
### Legacy DAST domain validation
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
The legacy method of DAST Domain Validation for CI/CD scans was deprecated in GitLab 13.8, and is removed in GitLab 14.0. This method of domain validation only disallows scans if the `DAST_FULL_SCAN_DOMAIN_VALIDATION_REQUIRED` environment variable is set to `true` in the `gitlab-ci.yml` file, and a `Gitlab-DAST-Permission` header on the site is not set to `allow`. This two-step method required users to opt in to using the variable before they could opt out from using the header.
|
||||
|
||||
For more information, see the [removal issue](https://gitlab.com/gitlab-org/gitlab/-/issues/293595).
|
||||
|
||||
### Legacy feature flags
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
|
@ -242,7 +332,19 @@ changes to your code, settings, or workflow.
|
|||
|
||||
Legacy feature flags became read-only in GitLab 13.4. GitLab 14.0 removes support for legacy feature flags, so you must migrate them to the [new version](https://docs.gitlab.com/ee/operations/feature_flags.html). You can do this by first taking a note (screenshot) of the legacy flag, then deleting the flag through the API or UI (you don't need to alter the code), and finally create a new Feature Flag with the same name as the legacy flag you deleted. Also, make sure the strategies and environments match the deleted flag. We created a [video tutorial](https://www.youtube.com/watch?v=CAJY2IGep7Y) to help with this migration.
|
||||
|
||||
### Legacy storage removed
|
||||
### Legacy fields from DAST report
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
As a part of the migration to a common report format for all of the Secure scanners in GitLab, DAST is making changes to the DAST JSON report. Certain legacy fields were deprecated in 13.8 and have been completely removed in 14.0. These fields are `@generated`, `@version`, `site`, and `spider`. This should not affect any normal DAST operation, but does affect users who consume the JSON report in an automated way and use these fields. Anyone affected by these changes, and needs these fields for business reasons, is encouraged to open a new GitLab issue and explain the need.
|
||||
|
||||
For more information, see [the removal issue](https://gitlab.com/gitlab-org/gitlab/-/issues/33915).
|
||||
|
||||
### Legacy storage
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
|
@ -252,6 +354,16 @@ changes to your code, settings, or workflow.
|
|||
|
||||
As [announced in GitLab 13.0](https://about.gitlab.com/releases/2020/05/22/gitlab-13-0-released/#planned-removal-of-legacy-storage-in-14.0), [legacy storage](https://docs.gitlab.com/ee/administration/repository_storage_types.html#legacy-storage) has been removed in GitLab 14.0.
|
||||
|
||||
### License Compliance
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
In 13.0, we deprecated the License-Management CI template and renamed it License-Scanning. We have been providing backward compatibility by warning users of the old template to switch. Now in 14.0, we are completely removing the License-Management CI template. Read about it in [issue #216261](https://gitlab.com/gitlab-org/gitlab/-/issues/216261) or [this blog post](https://about.gitlab.com/blog/2021/02/08/composition-analysis-14-deprecations-and-removals/).
|
||||
|
||||
### Limit projects returned in `GET /groups/:id/`
|
||||
|
||||
WARNING:
|
||||
|
@ -283,7 +395,7 @@ changes to your code, settings, or workflow.
|
|||
Until GitLab 13.9, if you wanted to avoid running one particular GitLab SAST analyzer, you needed to remove it from the [long string of analyzers in the `SAST.gitlab-ci.yml` file](https://gitlab.com/gitlab-org/gitlab/-/blob/390afc431e7ce1ac253b35beb39f19e49c746bff/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml#L12) and use that to set the [`SAST_DEFAULT_ANALYZERS`](https://docs.gitlab.com/ee/user/application_security/sast/#docker-images) variable in your project's CI file. If you did this, it would exclude you from future new analyzers because this string hard codes the list of analyzers to execute. We avoid this problem by inverting this variable's logic to exclude, rather than choose default analyzers.
|
||||
Beginning with 13.9, [we migrated](https://gitlab.com/gitlab-org/gitlab/-/blob/14fed7a33bfdbd4663d8928e46002a5ef3e3282c/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml#L13) to `SAST_EXCLUDED_ANALYZERS` in our `SAST.gitlab-ci.yml` file. We encourage anyone who uses a [customized SAST configuration](https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings) in their project CI file to migrate to this new variable. If you have not overridden `SAST_DEFAULT_ANALYZERS`, no action is needed. The CI/CD variable `SAST_DEFAULT_ANALYZERS` has been removed in GitLab 14.0, which released on June 22, 2021.
|
||||
|
||||
### New Terraform template version
|
||||
### Off peak time mode configuration for Docker Machine autoscaling
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
|
@ -291,18 +403,7 @@ as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#brea
|
|||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
As we continuously [develop GitLab's Terraform integrations](https://gitlab.com/gitlab-org/gitlab/-/issues/325312), to minimize customer disruption, we maintain two GitLab CI/CD templates for Terraform:
|
||||
|
||||
- The ["latest version" template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Terraform.latest.gitlab-ci.yml), which is updated frequently between minor releases of GitLab (such as 13.10, 13.11, etc).
|
||||
- The ["major version" template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Terraform.gitlab-ci.yml), which is updated only at major releases (such as 13.0, 14.0, etc).
|
||||
|
||||
At every major release of GitLab, the "latest version" template becomes the "major version" template, inheriting the "latest template" setup.
|
||||
As we have added many new features to the Terraform integration, the new setup for the "major version" template can be considered a breaking change.
|
||||
|
||||
The latest template supports the [Terraform Merge Request widget](https://docs.gitlab.com/ee/user/infrastructure/mr_integration.html) and
|
||||
doesn't need additional setup to work with the [GitLab managed Terraform state](https://docs.gitlab.com/ee/user/infrastructure/terraform_state.html).
|
||||
|
||||
To check the new changes, see the [new "major version" template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Terraform.gitlab-ci.yml).
|
||||
In GitLab Runner 13.0, [issue #5069](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/5069), we introduced new timing options for the GitLab Docker Machine executor. In GitLab Runner 14.0, we have removed the old configuration option, [off peak time mode](https://docs.gitlab.com/runner/configuration/autoscale.html#off-peak-time-mode-configuration-deprecated).
|
||||
|
||||
### OpenSUSE Leap 15.1
|
||||
|
||||
|
@ -326,173 +427,7 @@ PostgreSQL 12 will be the minimum required version in GitLab 14.0. It offers [si
|
|||
|
||||
Starting in GitLab 13.7, all new installations default to version 12. From GitLab 13.8, single-node instances are automatically upgraded as well. If you aren't ready to upgrade, you can [opt out of automatic upgrades](https://docs.gitlab.com/omnibus/settings/database.html#opt-out-of-automatic-postgresql-upgrades).
|
||||
|
||||
### Removal of deprecated `trace` parameter from `jobs` API endpoint
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
GitLab Runner was updated in GitLab 13.4 to internally stop passing the `trace` parameter to the `/api/jobs/:id` endpoint. GitLab 14.0 deprecates the `trace` parameter entirely for all other requests of this endpoint. Make sure your [GitLab Runner version matches your GitLab version](https://docs.gitlab.com/runner/#gitlab-runner-versions) to ensure consistent behavior.
|
||||
|
||||
### Removal of legacy fields from DAST report
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
As a part of the migration to a common report format for all of the Secure scanners in GitLab, DAST is making changes to the DAST JSON report. Certain legacy fields were deprecated in 13.8 and have been completely removed in 14.0. These fields are `@generated`, `@version`, `site`, and `spider`. This should not affect any normal DAST operation, but does affect users who consume the JSON report in an automated way and use these fields. Anyone affected by these changes, and needs these fields for business reasons, is encouraged to open a new GitLab issue and explain the need.
|
||||
|
||||
For more information, see [the removal issue](https://gitlab.com/gitlab-org/gitlab/-/issues/33915).
|
||||
|
||||
### Removal of release description in the Tags API
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
GitLab 14.0 removes support for the release description in the Tags API. You can no longer add a release description when [creating a new tag](https://docs.gitlab.com/ee/api/tags.html#create-a-new-tag). You also can no longer [create](https://docs.gitlab.com/ee/api/tags.html#create-a-new-release) or [update](https://docs.gitlab.com/ee/api/tags.html#update-a-release) a release through the Tags API. Please migrate to use the [Releases API](https://docs.gitlab.com/ee/api/releases/#create-a-release) instead.
|
||||
|
||||
### Removals for License Compliance
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
In 13.0, we deprecated the License-Management CI template and renamed it License-Scanning. We have been providing backward compatibility by warning users of the old template to switch. Now in 14.0, we are completely removing the License-Management CI template. Read about it in [issue #216261](https://gitlab.com/gitlab-org/gitlab/-/issues/216261) or [this blog post](https://about.gitlab.com/blog/2021/02/08/composition-analysis-14-deprecations-and-removals/).
|
||||
|
||||
### Remove DAST default template stages
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
In GitLab 14.0, we've removed the stages defined in the current `DAST.gitlab-ci.yml` template to avoid the situation where the template overrides manual changes made by DAST users. We're making this change in response to customer issues where the stages in the template cause problems when used with customized DAST configurations. Because of this removal, `gitlab-ci.yml` configurations that do not specify a `dast` stage must be updated to include this stage.
|
||||
|
||||
### Remove SAST analyzer `SAST_GOSEC_CONFIG` variable in favor of custom rulesets
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
With the release of [SAST Custom Rulesets](https://docs.gitlab.com/ee/user/application_security/sast/#customize-rulesets) in GitLab 13.5 we allow greater flexibility in configuration options for our Go analyzer (GoSec). As a result we no longer plan to support our less flexible [`SAST_GOSEC_CONFIG`](https://docs.gitlab.com/ee/user/application_security/sast/#analyzer-settings) analyzer setting. This variable was deprecated in GitLab 13.10.
|
||||
GitLab 14.0 removes the old `SAST_GOSEC_CONFIG variable`. If you use or override `SAST_GOSEC_CONFIG` in your CI file, update your SAST CI configuration or pin to an older version of the GoSec analyzer. We strongly encourage [inheriting and overriding our managed CI templates](https://docs.gitlab.com/ee/user/application_security/sast/#overriding-sast-jobs) to future-proof your CI templates.
|
||||
|
||||
### Remove Ubuntu 19.10 (Eoan Ermine) package
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
Ubuntu 19.10 (Eoan Ermine) reached end of life on Friday, July 17, 2020. In GitLab Runner 14.0, Ubuntu 19.10 (Eoan Ermine) is no longer available from our package distribution. Refer to [issue #26036](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26036) for details.
|
||||
|
||||
### Remove `/usr/lib/gitlab-runner` symlink from package
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
In GitLab Runner 13.3, a symlink was added from `/user/lib/gitlab-runner/gitlab-runner` to `/usr/bin/gitlab-runner`. In 14.0, the symlink has been removed and the runner is now installed in `/usr/bin/gitlab-runner`. Refer to [issue #26651](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26651) for details.
|
||||
|
||||
### Remove `?w=1` URL parameter to ignore whitespace changes
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
To create a consistent experience for users based on their preferences, support for toggling whitespace changes via URL parameter has been removed in GitLab 14.0.
|
||||
|
||||
### Remove `FF_RESET_HELPER_IMAGE_ENTRYPOINT` feature flag
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
In 14.0, we have deactivated the `FF_RESET_HELPER_IMAGE_ENTRYPOINT` feature flag. Refer to issue [#26679](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26679) for details.
|
||||
|
||||
### Remove `FF_SHELL_EXECUTOR_USE_LEGACY_PROCESS_KILL` feature flag
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
In [GitLab Runner 13.1](https://docs.gitlab.com/runner/executors/shell.html#gitlab-131-and-later), [issue #3376](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/3376), we introduced `sigterm` and then `sigkill` to a process in the Shell executor. We also introduced a new feature flag, `FF_SHELL_EXECUTOR_USE_LEGACY_PROCESS_KILL`, so you can use the previous process termination sequence. In GitLab Runner 14.0, [issue #6413](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/6413), the feature flag has been removed.
|
||||
|
||||
### Remove `FF_USE_GO_CLOUD_WITH_CACHE_ARCHIVER` feature flag
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
GitLab Runner 14.0 removes the `FF_USE_GO_CLOUD_WITH_CACHE_ARCHIVER` feature flag. Refer to [issue #27175](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27175) for details.
|
||||
|
||||
### Remove `secret_detection_default_branch` job
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
To ensure Secret Detection was scanning both default branches and feature branches, we introduced two separate secret detection CI jobs (`secret_detection_default_branch` and `secret_detection`) in our managed [`Secret-Detection.gitlab-ci.yml`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml) template. These two CI jobs created confusion and complexity in the CI rules logic. This deprecation moves the `rule` logic into the `script` section, which then determines how the `secret_detection` job is run (historic, on a branch, commits, etc).
|
||||
If you override or maintain custom versions of `SAST.gitlab-ci.yml` or `Secret-Detection.gitlab-ci.yml`, you must update your CI templates. We strongly encourage [inheriting and overriding our managed CI templates](https://docs.gitlab.com/ee/user/application_security/secret_detection/#custom-settings-example) to future-proof your CI templates. GitLab 14.0 no longer supports the old `secret_detection_default_branch` job.
|
||||
|
||||
### Remove disk source configuration for GitLab Pages
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
GitLab Pages [API-based configuration](https://docs.gitlab.com/ee/administration/pages/#gitlab-api-based-configuration) has been available since GitLab 13.0. It replaces the unsupported `disk` source configuration removed in GitLab 14.0, which can no longer be chosen. You should stop using `disk` source configuration, and move to `gitlab` for an API-based configuration. To migrate away from the 'disk' source configuration, set `gitlab_pages['domain_config_source'] = "gitlab"` in your `/etc/gitlab/gitlab.rb` file. We recommend you migrate before updating to GitLab 14.0, to identify and troubleshoot any potential problems before upgrading.
|
||||
|
||||
### Remove legacy DAST domain validation
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
The legacy method of DAST Domain Validation for CI/CD scans was deprecated in GitLab 13.8, and is removed in GitLab 14.0. This method of domain validation only disallows scans if the `DAST_FULL_SCAN_DOMAIN_VALIDATION_REQUIRED` environment variable is set to `true` in the `gitlab-ci.yml` file, and a `Gitlab-DAST-Permission` header on the site is not set to `allow`. This two-step method required users to opt in to using the variable before they could opt out from using the header.
|
||||
|
||||
For more information, see the [removal issue](https://gitlab.com/gitlab-org/gitlab/-/issues/293595).
|
||||
|
||||
### Remove off peak time mode configuration for Docker Machine autoscaling
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
In GitLab Runner 13.0, [issue #5069](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/5069), we introduced new timing options for the GitLab Docker Machine executor. In GitLab Runner 14.0, we have removed the old configuration option, [off peak time mode](https://docs.gitlab.com/runner/configuration/autoscale.html#off-peak-time-mode-configuration-deprecated).
|
||||
|
||||
### Remove redundant timestamp field from DORA metrics API payload
|
||||
### Redundant timestamp field from DORA metrics API payload
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
|
@ -502,7 +437,7 @@ changes to your code, settings, or workflow.
|
|||
|
||||
The [deployment frequency project-level API](https://docs.gitlab.com/ee/api/dora4_project_analytics.html#list-project-deployment-frequencies) endpoint has been deprecated in favor of the [DORA 4 API](https://docs.gitlab.com/ee/api/dora/metrics.html), which consolidates all the metrics under one API with the specific metric as a required field. As a result, the timestamp field, which doesn't allow adding future extensions and causes performance issues, will be removed. With the old API, an example response would be `{ "2021-03-01": 3, "date": "2021-03-01", "value": 3 }`. The first key/value (`"2021-03-01": 3`) will be removed and replaced by the last two (`"date": "2021-03-01", "value": 3`).
|
||||
|
||||
### Remove success and failure for finished build metric conversion
|
||||
### Release description in the Tags API
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
|
@ -510,41 +445,7 @@ as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#brea
|
|||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
In GitLab Runner 13.5, we introduced `failed` and `success` states for a job. To support Prometheus rules, we chose to convert `success/failure` to `finished` for the metric. In 14.0, the conversion has now been removed. Refer to [issue #26900](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26900) for details.
|
||||
|
||||
### Remove support for Windows Server 1903 image
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
In 14.0, we have removed Windows Server 1903. Microsoft ended support for this version on 2020-08-12. Refer to [issue #27551](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27551) for details.
|
||||
|
||||
### Remove support for Windows Server 1909 image
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
In 14.0, we have removed Windows Server 1909. Microsoft ended support for this version on 2021-05-11. Refer to [issue #27899](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27899) for details.
|
||||
|
||||
### Removed Global `SAST_ANALYZER_IMAGE_TAG` in SAST CI template
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
With the maturity of GitLab Secure scanning tools, we've needed to add more granularity to our release process. Previously, GitLab shared a major version number for [all analyzers and tools](https://docs.gitlab.com/ee/user/application_security/sast/#supported-languages-and-frameworks). This requires all tools to share a major version, and prevents the use of [semantic version numbering](https://semver.org/). In GitLab 14.0, SAST removes the `SAST_ANALYZER_IMAGE_TAG` global variable in our [managed `SAST.gitlab-ci.yml`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml) CI template, in favor of the analyzer job variable setting the `major.minor` tag in the SAST vendored template.
|
||||
|
||||
Each analyzer job now has a scoped `SAST_ANALYZER_IMAGE_TAG` variable, which will be actively managed by GitLab and set to the `major` tag for the respective analyzer. To pin to a specific version, [change the variable value to the specific version tag](https://docs.gitlab.com/ee/user/application_security/sast/#pinning-to-minor-image-version).
|
||||
If you override or maintain custom versions of `SAST.gitlab-ci.yml`, update your CI templates to stop referencing the global `SAST_ANALYZER_IMAGE_TAG`, and move it to a scoped analyzer job tag. We strongly encourage [inheriting and overriding our managed CI templates](https://docs.gitlab.com/ee/user/application_security/sast/#overriding-sast-jobs) to future-proof your CI templates. This change allows you to more granularly control future analyzer updates with a pinned `major.minor` version.
|
||||
This deprecation and removal changes our [previously announced plan](https://about.gitlab.com/releases/2021/02/22/gitlab-13-9-released/#pin-static-analysis-analyzers-and-tools-to-minor-versions) to pin the Static Analysis tools.
|
||||
GitLab 14.0 removes support for the release description in the Tags API. You can no longer add a release description when [creating a new tag](https://docs.gitlab.com/ee/api/tags.html#create-a-new-tag). You also can no longer [create](https://docs.gitlab.com/ee/api/tags.html#create-a-new-release) or [update](https://docs.gitlab.com/ee/api/tags.html#update-a-release) a release through the Tags API. Please migrate to use the [Releases API](https://docs.gitlab.com/ee/api/releases/#create-a-release) instead.
|
||||
|
||||
### Ruby version changed in `Ruby.gitlab-ci.yml`
|
||||
|
||||
|
@ -560,7 +461,7 @@ To better support the latest versions of Ruby, the template is changed to use `r
|
|||
|
||||
Relevant Issue: [Updates Ruby version 2.5 to 3.0](https://gitlab.com/gitlab-org/gitlab/-/issues/329160)
|
||||
|
||||
### Segments removed from DevOps Adoption API
|
||||
### SAST analyzer `SAST_GOSEC_CONFIG` variable
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
|
@ -568,9 +469,10 @@ as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#brea
|
|||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
The first release of the DevOps Adoption report had a concept of **Segments**. Segments were [quickly removed from the report](https://gitlab.com/groups/gitlab-org/-/epics/5251) because they introduced an additional layer of complexity on top of **Groups** and **Projects**. Subsequent iterations of the DevOps Adoption report focus on comparing adoption across groups rather than segments. GitLab 14.0 removes all references to **Segments** [from the GraphQL API](https://gitlab.com/gitlab-org/gitlab/-/issues/324414) and replaces them with **Enabled groups**.
|
||||
With the release of [SAST Custom Rulesets](https://docs.gitlab.com/ee/user/application_security/sast/#customize-rulesets) in GitLab 13.5 we allow greater flexibility in configuration options for our Go analyzer (GoSec). As a result we no longer plan to support our less flexible [`SAST_GOSEC_CONFIG`](https://docs.gitlab.com/ee/user/application_security/sast/#analyzer-settings) analyzer setting. This variable was deprecated in GitLab 13.10.
|
||||
GitLab 14.0 removes the old `SAST_GOSEC_CONFIG variable`. If you use or override `SAST_GOSEC_CONFIG` in your CI file, update your SAST CI configuration or pin to an older version of the GoSec analyzer. We strongly encourage [inheriting and overriding our managed CI templates](https://docs.gitlab.com/ee/user/application_security/sast/#overriding-sast-jobs) to future-proof your CI templates.
|
||||
|
||||
### Service Templates removed
|
||||
### Service Templates
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
|
@ -582,7 +484,7 @@ Service Templates are [removed in GitLab 14.0](https://gitlab.com/groups/gitlab-
|
|||
|
||||
While they solved part of the problem, _updating_ those values later proved to be a major pain point. [Project Integration Management](https://docs.gitlab.com/ee/user/admin_area/settings/project_integration_management.html) solves this problem by enabling you to create settings at the Group or Instance level, and projects within that namespace inheriting those settings.
|
||||
|
||||
### Sidekiq queue selector options no longer accept the 'experimental' prefix
|
||||
### Success and failure for finished build metric conversion
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
|
@ -590,9 +492,28 @@ as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#brea
|
|||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
GitLab supports a [queue selector](https://docs.gitlab.com/ee/administration/operations/extra_sidekiq_processes.html#queue-selector) to run only a subset of background jobs for a given process. When it was introduced, this option had an 'experimental' prefix (`experimental_queue_selector` in Omnibus, `experimentalQueueSelector` in Helm charts).
|
||||
In GitLab Runner 13.5, we introduced `failed` and `success` states for a job. To support Prometheus rules, we chose to convert `success/failure` to `finished` for the metric. In 14.0, the conversion has now been removed. Refer to [issue #26900](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26900) for details.
|
||||
|
||||
As announced in the [13.6 release post](https://about.gitlab.com/releases/2020/11/22/gitlab-13-6-released/#sidekiq-cluster-queue-selector-configuration-option-has-been-renamed), the 'experimental' prefix is no longer supported. Instead, `queue_selector` for Omnibus and `queueSelector` in Helm charts should be used.
|
||||
### Terraform template version
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
As we continuously [develop GitLab's Terraform integrations](https://gitlab.com/gitlab-org/gitlab/-/issues/325312), to minimize customer disruption, we maintain two GitLab CI/CD templates for Terraform:
|
||||
|
||||
- The ["latest version" template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Terraform.latest.gitlab-ci.yml), which is updated frequently between minor releases of GitLab (such as 13.10, 13.11, etc).
|
||||
- The ["major version" template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Terraform.gitlab-ci.yml), which is updated only at major releases (such as 13.0, 14.0, etc).
|
||||
|
||||
At every major release of GitLab, the "latest version" template becomes the "major version" template, inheriting the "latest template" setup.
|
||||
As we have added many new features to the Terraform integration, the new setup for the "major version" template can be considered a breaking change.
|
||||
|
||||
The latest template supports the [Terraform Merge Request widget](https://docs.gitlab.com/ee/user/infrastructure/mr_integration.html) and
|
||||
doesn't need additional setup to work with the [GitLab managed Terraform state](https://docs.gitlab.com/ee/user/infrastructure/terraform_state.html).
|
||||
|
||||
To check the new changes, see the [new "major version" template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Terraform.gitlab-ci.yml).
|
||||
|
||||
### Ubuntu 16.04 support
|
||||
|
||||
|
@ -606,7 +527,17 @@ Ubuntu 16.04 [reached end-of-life in April 2021](https://ubuntu.com/about/releas
|
|||
|
||||
GitLab 13.12 will be the last release with Ubuntu 16.04 support.
|
||||
|
||||
### Unicorn removed in favor of Puma for GitLab self-managed
|
||||
### Ubuntu 19.10 (Eoan Ermine) package
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
Ubuntu 19.10 (Eoan Ermine) reached end of life on Friday, July 17, 2020. In GitLab Runner 14.0, Ubuntu 19.10 (Eoan Ermine) is no longer available from our package distribution. Refer to [issue #26036](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26036) for details.
|
||||
|
||||
### Unicorn in GitLab self-managed
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
|
@ -616,28 +547,6 @@ changes to your code, settings, or workflow.
|
|||
|
||||
[Support for Unicorn](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/6078) has been removed in GitLab 14.0 in favor of Puma. [Puma has a multi-threaded architecture](https://docs.gitlab.com/ee/administration/operations/puma.html) which uses less memory than a multi-process application server like Unicorn. On GitLab.com, we saw a 40% reduction in memory consumption by using Puma.
|
||||
|
||||
### Update Auto Deploy template version
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
In GitLab 14.0, we will update the [Auto Deploy](https://docs.gitlab.com/ee/topics/autodevops/stages.html#auto-deploy) CI template to the latest version. This includes new features, bug fixes, and performance improvements with a dependency on the v2 [auto-deploy-image](https://gitlab.com/gitlab-org/cluster-integration/auto-deploy-image). Auto Deploy CI template v1 will is deprecated going forward.
|
||||
|
||||
Since the v1 and v2 versions are not backward-compatible, your project might encounter an unexpected failure if you already have a deployed application. Follow the [upgrade guide](https://docs.gitlab.com/ee/topics/autodevops/upgrading_auto_deploy_dependencies.html#upgrade-guide) to upgrade your environments. You can also start using the latest template today by following the [early adoption guide](https://docs.gitlab.com/ee/topics/autodevops/upgrading_auto_deploy_dependencies.html#early-adopters).
|
||||
|
||||
### Update CI/CD templates to stop using hardcoded `master`
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
Our CI/CD templates have been updated to no longer use hard-coded references to a `master` branch. In 14.0, they all use a variable that points to your project's configured default branch instead. If your CI/CD pipeline relies on our built-in templates, verify that this change works with your current configuration. For example, if you have a `master` branch and a different default branch, the updates to the templates may cause changes to your pipeline behavior. For more information, [read the issue](https://gitlab.com/gitlab-org/gitlab/-/issues/324131).
|
||||
|
||||
### WIP merge requests renamed 'draft merge requests'
|
||||
|
||||
WARNING:
|
||||
|
@ -658,7 +567,47 @@ changes to your code, settings, or workflow.
|
|||
|
||||
The Web Application Firewall (WAF) was deprecated in GitLab 13.6 and is removed from GitLab 14.0. The WAF had limitations inherent in the architectural design that made it difficult to meet the requirements traditionally expected of a WAF. By removing the WAF, GitLab is able to focus on improving other areas in the product where more value can be provided to users. Users who currently rely on the WAF can continue to use the free and open source [ModSecurity](https://github.com/SpiderLabs/ModSecurity) project, which is independent from GitLab. Additional details are available in the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/271276).
|
||||
|
||||
### `CI_PROJECT_CONFIG_PATH` variable has been removed
|
||||
### Windows Server 1903 image support
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
In 14.0, we have removed Windows Server 1903. Microsoft ended support for this version on 2020-08-12. Refer to [issue #27551](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27551) for details.
|
||||
|
||||
### Windows Server 1909 image support
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
In 14.0, we have removed Windows Server 1909. Microsoft ended support for this version on 2021-05-11. Refer to [issue #27899](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27899) for details.
|
||||
|
||||
### `/usr/lib/gitlab-runner` symlink from package
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
In GitLab Runner 13.3, a symlink was added from `/user/lib/gitlab-runner/gitlab-runner` to `/usr/bin/gitlab-runner`. In 14.0, the symlink has been removed and the runner is now installed in `/usr/bin/gitlab-runner`. Refer to [issue #26651](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26651) for details.
|
||||
|
||||
### `?w=1` URL parameter to ignore whitespace changes
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
To create a consistent experience for users based on their preferences, support for toggling whitespace changes via URL parameter has been removed in GitLab 14.0.
|
||||
|
||||
### `CI_PROJECT_CONFIG_PATH` variable
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
|
@ -672,6 +621,57 @@ has been removed in favor of `CI_CONFIG_PATH`, which is functionally the same.
|
|||
If you are using `CI_PROJECT_CONFIG_PATH` in your pipeline configurations,
|
||||
please update them to use `CI_CONFIG_PATH` instead.
|
||||
|
||||
### `FF_RESET_HELPER_IMAGE_ENTRYPOINT` feature flag
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
In 14.0, we have deactivated the `FF_RESET_HELPER_IMAGE_ENTRYPOINT` feature flag. Refer to issue [#26679](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26679) for details.
|
||||
|
||||
### `FF_SHELL_EXECUTOR_USE_LEGACY_PROCESS_KILL` feature flag
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
In [GitLab Runner 13.1](https://docs.gitlab.com/runner/executors/shell.html#gitlab-131-and-later), [issue #3376](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/3376), we introduced `sigterm` and then `sigkill` to a process in the Shell executor. We also introduced a new feature flag, `FF_SHELL_EXECUTOR_USE_LEGACY_PROCESS_KILL`, so you can use the previous process termination sequence. In GitLab Runner 14.0, [issue #6413](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/6413), the feature flag has been removed.
|
||||
|
||||
### `FF_USE_GO_CLOUD_WITH_CACHE_ARCHIVER` feature flag
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
GitLab Runner 14.0 removes the `FF_USE_GO_CLOUD_WITH_CACHE_ARCHIVER` feature flag. Refer to [issue #27175](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27175) for details.
|
||||
|
||||
### `secret_detection_default_branch` job
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
To ensure Secret Detection was scanning both default branches and feature branches, we introduced two separate secret detection CI jobs (`secret_detection_default_branch` and `secret_detection`) in our managed [`Secret-Detection.gitlab-ci.yml`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml) template. These two CI jobs created confusion and complexity in the CI rules logic. This deprecation moves the `rule` logic into the `script` section, which then determines how the `secret_detection` job is run (historic, on a branch, commits, etc).
|
||||
If you override or maintain custom versions of `SAST.gitlab-ci.yml` or `Secret-Detection.gitlab-ci.yml`, you must update your CI templates. We strongly encourage [inheriting and overriding our managed CI templates](https://docs.gitlab.com/ee/user/application_security/secret_detection/#custom-settings-example) to future-proof your CI templates. GitLab 14.0 no longer supports the old `secret_detection_default_branch` job.
|
||||
|
||||
### `trace` parameter in `jobs` API
|
||||
|
||||
WARNING:
|
||||
This feature was changed or removed in 14.0
|
||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
||||
changes to your code, settings, or workflow.
|
||||
|
||||
GitLab Runner was updated in GitLab 13.4 to internally stop passing the `trace` parameter to the `/api/jobs/:id` endpoint. GitLab 14.0 deprecates the `trace` parameter entirely for all other requests of this endpoint. Make sure your [GitLab Runner version matches your GitLab version](https://docs.gitlab.com/runner/#gitlab-runner-versions) to ensure consistent behavior.
|
||||
|
||||
## 14.1
|
||||
|
||||
### Remove support for `prometheus.listen_address` and `prometheus.enable`
|
||||
|
|
|
@ -514,7 +514,7 @@ registry.gitlab.com/security-products/container-scanning/trivy:4
|
|||
The process for importing Docker images into a local offline Docker registry depends on
|
||||
**your network security policy**. Please consult your IT staff to find an accepted and approved
|
||||
process by which you can import or temporarily access external resources. These scanners
|
||||
are [periodically updated](../vulnerabilities/index.md#vulnerability-scanner-maintenance),
|
||||
are [periodically updated](../index.md#vulnerability-scanner-maintenance),
|
||||
and you may be able to make occasional updates on your own.
|
||||
|
||||
For more information, see [the specific steps on how to update an image with a pipeline](#automating-container-scanning-vulnerability-database-updates-with-a-pipeline).
|
||||
|
@ -738,7 +738,7 @@ scanner includes data from multiple sources:
|
|||
- [Trivy](https://aquasecurity.github.io/trivy/latest/vulnerability/detection/data-source/).
|
||||
|
||||
Database update information for other analyzers is available in the
|
||||
[maintenance table](../vulnerabilities/index.md#vulnerability-scanner-maintenance).
|
||||
[maintenance table](../index.md#vulnerability-scanner-maintenance).
|
||||
|
||||
## Interacting with the vulnerabilities
|
||||
|
||||
|
|
|
@ -36,7 +36,7 @@ For DAST, import the following default DAST analyzer image from `registry.gitlab
|
|||
The process for importing Docker images into a local offline Docker registry depends on
|
||||
**your network security policy**. Please consult your IT staff to find an accepted and approved
|
||||
process by which external resources can be imported or temporarily accessed.
|
||||
These scanners are [periodically updated](../vulnerabilities/index.md#vulnerability-scanner-maintenance)
|
||||
These scanners are [periodically updated](../index.md#vulnerability-scanner-maintenance)
|
||||
with new definitions, and you may be able to make occasional updates on your own.
|
||||
|
||||
For details on saving and transporting Docker images as a file, see Docker's documentation on
|
||||
|
|
|
@ -645,7 +645,7 @@ vulnerabilities in your groups, projects and pipelines. Read more about the
|
|||
## Vulnerabilities database update
|
||||
|
||||
For more information about the vulnerabilities database update, see the
|
||||
[maintenance table](../vulnerabilities/index.md#vulnerability-scanner-maintenance).
|
||||
[maintenance table](../index.md#vulnerability-scanner-maintenance).
|
||||
|
||||
## Dependency List
|
||||
|
||||
|
@ -821,7 +821,7 @@ registry.gitlab.com/gitlab-org/security-products/analyzers/bundler-audit:2
|
|||
The process for importing Docker images into a local offline Docker registry depends on
|
||||
**your network security policy**. Please consult your IT staff to find an accepted and approved
|
||||
process by which external resources can be imported or temporarily accessed.
|
||||
These scanners are [periodically updated](../vulnerabilities/index.md#vulnerability-scanner-maintenance)
|
||||
These scanners are [periodically updated](../index.md#vulnerability-scanner-maintenance)
|
||||
with new definitions, and you may be able to make occasional updates on your own.
|
||||
|
||||
For details on saving and transporting Docker images as a file, see Docker's documentation on
|
||||
|
|
|
@ -2,7 +2,6 @@
|
|||
stage: Secure
|
||||
group: Static Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
type: reference, howto
|
||||
---
|
||||
|
||||
# Secure your application **(ULTIMATE)**
|
||||
|
@ -46,6 +45,25 @@ GitLab uses the following tools to scan and report known vulnerabilities found i
|
|||
| [Coverage fuzzing](coverage_fuzzing/index.md) | Find unknown bugs and vulnerabilities with coverage-guided fuzzing. |
|
||||
| [Cluster Image Scanning](cluster_image_scanning/index.md) | Scan Kubernetes clusters for known vulnerabilities. |
|
||||
|
||||
## Vulnerability scanner maintenance
|
||||
|
||||
The following vulnerability scanners and their databases are regularly updated:
|
||||
|
||||
| Secure scanning tool | Vulnerabilities database updates |
|
||||
|:----------------------------------------------------------------|:---------------------------------|
|
||||
| [Container Scanning](container_scanning/index.md) | A job runs on a daily basis to build new images with the latest vulnerability database updates from the upstream scanner. For more details, see [Vulnerabilities database update](container_scanning/index.md#vulnerabilities-database-update). |
|
||||
| [Dependency Scanning](dependency_scanning/index.md) | Relies on `bundler-audit` (for Ruby gems), `retire.js` (for npm packages), and `gemnasium` (the GitLab tool for all libraries). Both `bundler-audit` and `retire.js` fetch their vulnerabilities data from GitHub repositories, so vulnerabilities added to `ruby-advisory-db` and `retire.js` are immediately available. The tools themselves are updated once per month if there's a new version. The [Gemnasium DB](https://gitlab.com/gitlab-org/security-products/gemnasium-db) is updated on a daily basis using [data from NVD, the `ruby-advisory-db` and the GitHub Security Advisory Database as data sources](https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/blob/master/SOURCES.md). See our [current measurement of time from CVE being issued to our product being updated](https://about.gitlab.com/handbook/engineering/development/performance-indicators/#cve-issue-to-update). |
|
||||
| [Dynamic Application Security Testing (DAST)](dast/index.md) | The scanning engine is updated on a periodic basis. See the [version of the underlying tool `zaproxy`](https://gitlab.com/gitlab-org/security-products/dast/blob/main/Dockerfile#L1). The scanning rules are downloaded at scan runtime. |
|
||||
| [Static Application Security Testing (SAST)](sast/index.md) | Relies exclusively on [the tools GitLab wraps](sast/index.md#supported-languages-and-frameworks). The underlying analyzers are updated at least once per month if a relevant update is available. The vulnerabilities database is updated by the upstream tools. |
|
||||
|
||||
In versions of GitLab that use the same major version of the analyzer, you do not have to update
|
||||
GitLab to benefit from the latest vulnerabilities definitions. The security tools are released as
|
||||
Docker images. The vendored job definitions that enable them use major release tags according to
|
||||
[semantic versioning](https://semver.org/). Each new release of the tools overrides these tags.
|
||||
Although in a major analyzer version you automatically get the latest versions of the scanning
|
||||
tools, there are some [known issues](https://gitlab.com/gitlab-org/gitlab/-/issues/9725) with this
|
||||
approach.
|
||||
|
||||
## Security scanning with Auto DevOps
|
||||
|
||||
To enable all GitLab Security scanning tools, with default settings, enable
|
||||
|
@ -149,8 +167,8 @@ The artifact generated by the secure analyzer contains all findings it discovers
|
|||
### All tiers
|
||||
|
||||
Merge requests which have run security scans let you know that the generated
|
||||
reports are available to download. To download a report, click on the
|
||||
**Download results** dropdown, and select the desired report.
|
||||
reports are available to download. To download a report, select
|
||||
**Download results**, and select the desired report.
|
||||
|
||||
![Security widget](img/security_widget_v13_7.png)
|
||||
|
||||
|
@ -210,7 +228,7 @@ Vulnerability-Check rule. While this rule is enabled, additional merge request a
|
|||
[eligible approvers](../project/merge_requests/approvals/rules.md#eligible-approvers)
|
||||
is required when the latest security report in a merge request:
|
||||
|
||||
- Contains vulnerabilities with states (for example, `previously detected`, `dismissed`) matching the rule's vulnerability states. Only `newly detected` will be considered if the target branch differs from the project default branch.
|
||||
- Contains vulnerabilities with states (for example, `previously detected`, `dismissed`) matching the rule's vulnerability states. Only `newly detected` are considered if the target branch differs from the project default branch.
|
||||
- Contains vulnerabilities with severity levels (for example, `high`, `critical`, or `unknown`)
|
||||
matching the rule's severity levels.
|
||||
- Contains a vulnerability count higher than the rule allows.
|
||||
|
|
|
@ -936,7 +936,7 @@ registry.gitlab.com/security-products/sast/spotbugs:2
|
|||
|
||||
The process for importing Docker images into a local offline Docker registry depends on
|
||||
**your network security policy**. Please consult your IT staff to find an accepted and approved
|
||||
process by which external resources can be imported or temporarily accessed. These scanners are [periodically updated](../vulnerabilities/index.md#vulnerability-scanner-maintenance)
|
||||
process by which external resources can be imported or temporarily accessed. These scanners are [periodically updated](../index.md#vulnerability-scanner-maintenance)
|
||||
with new definitions, and you may be able to make occasional updates on your own.
|
||||
|
||||
For details on saving and transporting Docker images as a file, see Docker's documentation on
|
||||
|
|
|
@ -368,7 +368,7 @@ registry.gitlab.com/security-products/secret-detection:3
|
|||
|
||||
The process for importing Docker images into a local offline Docker registry depends on
|
||||
**your network security policy**. Please consult your IT staff to find an accepted and approved
|
||||
process by which external resources can be imported or temporarily accessed. These scanners are [periodically updated](../vulnerabilities/index.md#vulnerability-scanner-maintenance)
|
||||
process by which external resources can be imported or temporarily accessed. These scanners are [periodically updated](../index.md#vulnerability-scanner-maintenance)
|
||||
with new definitions, and you may be able to make occasional updates on your own.
|
||||
|
||||
For details on saving and transporting Docker images as a file, see Docker's documentation on
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
---
|
||||
type: reference, howto
|
||||
stage: Secure
|
||||
group: Threat Insights
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
|
@ -160,23 +159,3 @@ To manually apply the patch that GitLab generated for a vulnerability:
|
|||
1. Ensure your local project has the same commit checked out that was used to generate the patch.
|
||||
1. Run `git apply remediation.patch`.
|
||||
1. Verify and commit the changes to your branch.
|
||||
|
||||
## Vulnerability scanner maintenance
|
||||
|
||||
The following vulnerability scanners and their databases are regularly updated:
|
||||
|
||||
| Secure scanning tool | Vulnerabilities database updates |
|
||||
|:----------------------------------------------------------------|----------------------------------|
|
||||
| [Container Scanning](../container_scanning/index.md) | A job runs on a daily basis to build new images with the latest vulnerability database updates from the upstream scanner. For more details, see [Vulnerabilities database update](../container_scanning/index.md#vulnerabilities-database-update). |
|
||||
| [Dependency Scanning](../dependency_scanning/index.md) | Relies on `bundler-audit` (for Ruby gems), `retire.js` (for npm packages), and `gemnasium` (the GitLab tool for all libraries). Both `bundler-audit` and `retire.js` fetch their vulnerabilities data from GitHub repositories, so vulnerabilities added to `ruby-advisory-db` and `retire.js` are immediately available. The tools themselves are updated once per month if there's a new version. The [Gemnasium DB](https://gitlab.com/gitlab-org/security-products/gemnasium-db) is updated on a daily basis using [data from NVD, the `ruby-advisory-db` and the GitHub Security Advisory Database as data sources](https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/blob/master/SOURCES.md). See our [current measurement of time from CVE being issued to our product being updated](https://about.gitlab.com/handbook/engineering/development/performance-indicators/#cve-issue-to-update). |
|
||||
| [Dynamic Application Security Testing (DAST)](../dast/index.md) | The scanning engine is updated on a periodic basis. See the [version of the underlying tool `zaproxy`](https://gitlab.com/gitlab-org/security-products/dast/blob/main/Dockerfile#L1). The scanning rules are downloaded at scan runtime. |
|
||||
| [Static Application Security Testing (SAST)](../sast/index.md) | Relies exclusively on [the tools GitLab wraps](../sast/index.md#supported-languages-and-frameworks). The underlying analyzers are updated at least once per month if a relevant update is available. The vulnerabilities database is updated by the upstream tools. |
|
||||
|
||||
You do not have to update GitLab to benefit from the latest vulnerabilities definitions.
|
||||
The security tools are released as Docker images. The vendored job definitions that enable them use
|
||||
major release tags according to [semantic versioning](https://semver.org/). Each new release of the
|
||||
tools overrides these tags.
|
||||
The Docker images are updated to match the previous GitLab releases. Although
|
||||
you automatically get the latest versions of the scanning tools,
|
||||
there are some [known issues](https://gitlab.com/gitlab-org/gitlab/-/issues/9725)
|
||||
with this approach.
|
||||
|
|
|
@ -22,6 +22,8 @@ You can take advantage of License Compliance by either:
|
|||
[Auto License Compliance](../../../topics/autodevops/stages.md#auto-license-compliance),
|
||||
provided by [Auto DevOps](../../../topics/autodevops/index.md).
|
||||
|
||||
The current major version of the License Scanning analyzer is 3.
|
||||
|
||||
To detect the licenses in use, License Compliance uses the [License Finder](https://github.com/pivotal/LicenseFinder) scan tool that runs as part of the CI/CD pipeline.
|
||||
For the job to activate, License Finder needs to find a compatible package definition in the project directory. For details, see the [Activation on License Finder documentation](https://github.com/pivotal/LicenseFinder#activation).
|
||||
GitLab checks the License Compliance report, compares the
|
||||
|
@ -674,7 +676,7 @@ registry.gitlab.com/gitlab-org/security-products/analyzers/license-finder:latest
|
|||
|
||||
The process for importing Docker images into a local offline Docker registry depends on
|
||||
**your network security policy**. Please consult your IT staff to find an accepted and approved
|
||||
process by which external resources can be imported or temporarily accessed. Note that these scanners are [updated periodically](../../application_security/vulnerabilities/index.md#vulnerability-scanner-maintenance)
|
||||
process by which external resources can be imported or temporarily accessed. Note that these scanners are [updated periodically](../../application_security/index.md#vulnerability-scanner-maintenance)
|
||||
with new definitions, so consider if you are able to make periodic updates yourself.
|
||||
|
||||
For details on saving and transporting Docker images as a file, see Docker's documentation on
|
||||
|
|
|
@ -28,15 +28,9 @@ msgstr ""
|
|||
msgid " Please sign in."
|
||||
msgstr ""
|
||||
|
||||
msgid " Target Path"
|
||||
msgstr ""
|
||||
|
||||
msgid " Try to %{action} this file again."
|
||||
msgstr ""
|
||||
|
||||
msgid " Type"
|
||||
msgstr ""
|
||||
|
||||
msgid " You need to do this before %{grace_period_deadline}."
|
||||
msgstr ""
|
||||
|
||||
|
@ -6136,9 +6130,6 @@ msgstr ""
|
|||
msgid "Broadcast Messages"
|
||||
msgstr ""
|
||||
|
||||
msgid "Broadcast messages are displayed for every user and can be used to notify users about scheduled maintenance, recent upgrades and more."
|
||||
msgstr ""
|
||||
|
||||
msgid "Browse Directory"
|
||||
msgstr ""
|
||||
|
||||
|
@ -31732,6 +31723,12 @@ msgstr ""
|
|||
msgid "Saving project."
|
||||
msgstr ""
|
||||
|
||||
msgid "ScanResultPolicy|%{thenLabelStart}Then%{thenLabelEnd} Require approval from %{approvalsRequired} of the following approvers: %{approvers}"
|
||||
msgstr ""
|
||||
|
||||
msgid "ScanResultPolicy|add an approver"
|
||||
msgstr ""
|
||||
|
||||
msgid "Scanner"
|
||||
msgstr ""
|
||||
|
||||
|
@ -35702,6 +35699,9 @@ msgstr ""
|
|||
msgid "Target branch"
|
||||
msgstr ""
|
||||
|
||||
msgid "Target roles"
|
||||
msgstr ""
|
||||
|
||||
msgid "Target-Branch"
|
||||
msgstr ""
|
||||
|
||||
|
@ -36190,6 +36190,9 @@ msgstr ""
|
|||
msgid "The branch or tag does not exist"
|
||||
msgstr ""
|
||||
|
||||
msgid "The broadcast message displays only to users in projects and groups who have these roles."
|
||||
msgstr ""
|
||||
|
||||
msgid "The character highlighter helps you keep the subject line to %{titleLength} characters and wrap the body at %{bodyLength} so they are readable in git."
|
||||
msgstr ""
|
||||
|
||||
|
@ -39435,6 +39438,9 @@ msgstr ""
|
|||
msgid "Use authorized_keys file to authenticate SSH keys"
|
||||
msgstr ""
|
||||
|
||||
msgid "Use banners and notifications to notify your users about scheduled maintenance, recent upgrades, and more."
|
||||
msgstr ""
|
||||
|
||||
msgid "Use cURL"
|
||||
msgstr ""
|
||||
|
||||
|
|
|
@ -7,7 +7,12 @@ RSpec.describe 'Admin Broadcast Messages' do
|
|||
admin = create(:admin)
|
||||
sign_in(admin)
|
||||
gitlab_enable_admin_mode_sign_in(admin)
|
||||
create(:broadcast_message, :expired, message: 'Migration to new server')
|
||||
create(
|
||||
:broadcast_message,
|
||||
:expired,
|
||||
message: 'Migration to new server',
|
||||
target_access_levels: [Gitlab::Access::DEVELOPER]
|
||||
)
|
||||
visit admin_broadcast_messages_path
|
||||
end
|
||||
|
||||
|
@ -21,10 +26,13 @@ RSpec.describe 'Admin Broadcast Messages' do
|
|||
fill_in 'broadcast_message_target_path', with: '*/user_onboarded'
|
||||
fill_in 'broadcast_message_font', with: '#b94a48'
|
||||
select Date.today.next_year.year, from: 'broadcast_message_ends_at_1i'
|
||||
select 'Guest', from: 'broadcast_message_target_access_levels'
|
||||
select 'Owner', from: 'broadcast_message_target_access_levels'
|
||||
click_button 'Add broadcast message'
|
||||
|
||||
expect(current_path).to eq admin_broadcast_messages_path
|
||||
expect(page).to have_content 'Application update from 4:00 CST to 5:00 CST'
|
||||
expect(page).to have_content 'Guest, Owner'
|
||||
expect(page).to have_content '*/user_onboarded'
|
||||
expect(page).to have_selector 'strong', text: '4:00 CST to 5:00 CST'
|
||||
expect(page).to have_selector %(div[style="background-color: #f2dede; color: #b94a48"])
|
||||
|
@ -35,10 +43,14 @@ RSpec.describe 'Admin Broadcast Messages' do
|
|||
fill_in 'broadcast_message_target_path', with: '*/user_onboarded'
|
||||
select 'Notification', from: 'broadcast_message_broadcast_type'
|
||||
select Date.today.next_year.year, from: 'broadcast_message_ends_at_1i'
|
||||
select 'Reporter', from: 'broadcast_message_target_access_levels'
|
||||
select 'Developer', from: 'broadcast_message_target_access_levels'
|
||||
select 'Maintainer', from: 'broadcast_message_target_access_levels'
|
||||
click_button 'Add broadcast message'
|
||||
|
||||
expect(current_path).to eq admin_broadcast_messages_path
|
||||
expect(page).to have_content 'Application update from 4:00 CST to 5:00 CST'
|
||||
expect(page).to have_content 'Reporter, Developer, Maintainer'
|
||||
expect(page).to have_content '*/user_onboarded'
|
||||
expect(page).to have_content 'Notification'
|
||||
expect(page).to have_selector 'strong', text: '4:00 CST to 5:00 CST'
|
||||
|
@ -47,10 +59,15 @@ RSpec.describe 'Admin Broadcast Messages' do
|
|||
it 'edit an existing broadcast message' do
|
||||
click_link 'Edit'
|
||||
fill_in 'broadcast_message_message', with: 'Application update RIGHT NOW'
|
||||
select 'Reporter', from: 'broadcast_message_target_access_levels'
|
||||
click_button 'Update broadcast message'
|
||||
|
||||
expect(current_path).to eq admin_broadcast_messages_path
|
||||
expect(page).to have_content 'Application update RIGHT NOW'
|
||||
|
||||
page.within('.table-responsive') do
|
||||
expect(page).to have_content 'Reporter, Developer'
|
||||
end
|
||||
end
|
||||
|
||||
it 'remove an existing broadcast message' do
|
||||
|
|
|
@ -3,6 +3,71 @@
|
|||
require 'spec_helper'
|
||||
|
||||
RSpec.describe BroadcastMessagesHelper do
|
||||
include Gitlab::Routing.url_helpers
|
||||
|
||||
let_it_be(:user) { create(:user) }
|
||||
|
||||
before do
|
||||
allow(helper).to receive(:current_user).and_return(user)
|
||||
end
|
||||
|
||||
shared_examples 'returns role-targeted broadcast message when in project, group, or sub-group URL' do
|
||||
let(:feature_flag_state) { true }
|
||||
|
||||
before do
|
||||
stub_feature_flags(role_targeted_broadcast_messages: feature_flag_state)
|
||||
allow(helper).to receive(:cookies) { {} }
|
||||
end
|
||||
|
||||
context 'when in a project page' do
|
||||
let_it_be(:project) { create(:project) }
|
||||
|
||||
before do
|
||||
project.add_developer(user)
|
||||
|
||||
assign(:project, project)
|
||||
allow(helper).to receive(:controller) { ProjectsController.new }
|
||||
end
|
||||
|
||||
it { is_expected.to eq message }
|
||||
|
||||
context 'when feature flag is disabled' do
|
||||
let(:feature_flag_state) { false }
|
||||
|
||||
it { is_expected.to be_nil }
|
||||
end
|
||||
end
|
||||
|
||||
context 'when in a group page' do
|
||||
let_it_be(:group) { create(:group) }
|
||||
|
||||
before do
|
||||
group.add_developer(user)
|
||||
|
||||
assign(:group, group)
|
||||
allow(helper).to receive(:controller) { GroupsController.new }
|
||||
end
|
||||
|
||||
it { is_expected.to eq message }
|
||||
|
||||
context 'when feature flag is disabled' do
|
||||
let(:feature_flag_state) { false }
|
||||
|
||||
it { is_expected.to be_nil }
|
||||
end
|
||||
end
|
||||
|
||||
context 'when not in a project, group, or sub-group page' do
|
||||
it { is_expected.to be_nil }
|
||||
|
||||
context 'when feature flag is disabled' do
|
||||
let(:feature_flag_state) { false }
|
||||
|
||||
it { is_expected.to be_nil }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'current_broadcast_notification_message' do
|
||||
subject { helper.current_broadcast_notification_message }
|
||||
|
||||
|
@ -24,17 +89,27 @@ RSpec.describe BroadcastMessagesHelper do
|
|||
context 'without broadcast notification messages' do
|
||||
it { is_expected.to be_nil }
|
||||
end
|
||||
|
||||
describe 'user access level targeted messages' do
|
||||
let_it_be(:message) { create(:broadcast_message, broadcast_type: 'notification', starts_at: Time.now, target_access_levels: [Gitlab::Access::DEVELOPER]) }
|
||||
|
||||
include_examples 'returns role-targeted broadcast message when in project, group, or sub-group URL'
|
||||
end
|
||||
end
|
||||
|
||||
describe 'current_broadcast_banner_messages' do
|
||||
describe 'user access level targeted messages' do
|
||||
let_it_be(:message) { create(:broadcast_message, broadcast_type: 'banner', starts_at: Time.now, target_access_levels: [Gitlab::Access::DEVELOPER]) }
|
||||
|
||||
subject { helper.current_broadcast_banner_messages.first }
|
||||
|
||||
include_examples 'returns role-targeted broadcast message when in project, group, or sub-group URL'
|
||||
end
|
||||
end
|
||||
|
||||
describe 'broadcast_message' do
|
||||
let_it_be(:user) { create(:user) }
|
||||
|
||||
let(:current_broadcast_message) { BroadcastMessage.new(message: 'Current Message') }
|
||||
|
||||
before do
|
||||
allow(helper).to receive(:current_user).and_return(user)
|
||||
end
|
||||
|
||||
it 'returns nil when no current message' do
|
||||
expect(helper.broadcast_message(nil)).to be_nil
|
||||
end
|
||||
|
|
|
@ -23,6 +23,8 @@ RSpec.describe BroadcastMessage do
|
|||
|
||||
it { is_expected.to allow_value(1).for(:broadcast_type) }
|
||||
it { is_expected.not_to allow_value(nil).for(:broadcast_type) }
|
||||
it { is_expected.not_to allow_value(nil).for(:target_access_levels) }
|
||||
it { is_expected.to validate_inclusion_of(:target_access_levels).in_array(described_class::ALLOWED_TARGET_ACCESS_LEVELS) }
|
||||
end
|
||||
|
||||
shared_examples 'time constrainted' do |broadcast_type|
|
||||
|
@ -175,12 +177,48 @@ RSpec.describe BroadcastMessage do
|
|||
end
|
||||
end
|
||||
|
||||
shared_examples "matches with user access level" do |broadcast_type|
|
||||
context 'when target_access_levels is empty' do
|
||||
let_it_be(:message) { create(:broadcast_message, target_access_levels: [], broadcast_type: broadcast_type) }
|
||||
|
||||
it 'returns the message if user access level is not nil' do
|
||||
expect(subject.call(nil, Gitlab::Access::MINIMAL_ACCESS)).to include(message)
|
||||
end
|
||||
|
||||
it 'returns the message if user access level is nil' do
|
||||
expect(subject.call(nil, nil)).to include(message)
|
||||
end
|
||||
end
|
||||
|
||||
context 'when target_access_levels is not empty' do
|
||||
let_it_be(:target_access_levels) { [Gitlab::Access::GUEST] }
|
||||
let_it_be(:message) { create(:broadcast_message, target_access_levels: target_access_levels, broadcast_type: broadcast_type) }
|
||||
|
||||
it "does not return the message if user access level is nil" do
|
||||
expect(subject.call(nil, nil)).to be_empty
|
||||
end
|
||||
|
||||
it "returns the message if user access level is in target_access_levels" do
|
||||
expect(subject.call(nil, Gitlab::Access::GUEST)).to include(message)
|
||||
end
|
||||
|
||||
it "does not return the message if user access level is not in target_access_levels" do
|
||||
expect(subject.call(nil, Gitlab::Access::MINIMAL_ACCESS)).to be_empty
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe '.current', :use_clean_rails_memory_store_caching do
|
||||
subject { -> (path = nil) { described_class.current(path) } }
|
||||
subject do
|
||||
-> (path = nil, user_access_level = nil) do
|
||||
described_class.current(current_path: path, user_access_level: user_access_level)
|
||||
end
|
||||
end
|
||||
|
||||
it_behaves_like 'time constrainted', :banner
|
||||
it_behaves_like 'message cache', :banner
|
||||
it_behaves_like 'matches with current path', :banner
|
||||
it_behaves_like 'matches with user access level', :banner
|
||||
|
||||
it 'returns both types' do
|
||||
banner_message = create(:broadcast_message, broadcast_type: :banner)
|
||||
|
@ -191,11 +229,16 @@ RSpec.describe BroadcastMessage do
|
|||
end
|
||||
|
||||
describe '.current_banner_messages', :use_clean_rails_memory_store_caching do
|
||||
subject { -> (path = nil) { described_class.current_banner_messages(path) } }
|
||||
subject do
|
||||
-> (path = nil, user_access_level = nil) do
|
||||
described_class.current_banner_messages(current_path: path, user_access_level: user_access_level)
|
||||
end
|
||||
end
|
||||
|
||||
it_behaves_like 'time constrainted', :banner
|
||||
it_behaves_like 'message cache', :banner
|
||||
it_behaves_like 'matches with current path', :banner
|
||||
it_behaves_like 'matches with user access level', :banner
|
||||
|
||||
it 'only returns banners' do
|
||||
banner_message = create(:broadcast_message, broadcast_type: :banner)
|
||||
|
@ -206,11 +249,16 @@ RSpec.describe BroadcastMessage do
|
|||
end
|
||||
|
||||
describe '.current_notification_messages', :use_clean_rails_memory_store_caching do
|
||||
subject { -> (path = nil) { described_class.current_notification_messages(path) } }
|
||||
subject do
|
||||
-> (path = nil, user_access_level = nil) do
|
||||
described_class.current_notification_messages(current_path: path, user_access_level: user_access_level)
|
||||
end
|
||||
end
|
||||
|
||||
it_behaves_like 'time constrainted', :notification
|
||||
it_behaves_like 'message cache', :notification
|
||||
it_behaves_like 'matches with current path', :notification
|
||||
it_behaves_like 'matches with user access level', :notification
|
||||
|
||||
it 'only returns notifications' do
|
||||
notification_message = create(:broadcast_message, broadcast_type: :notification)
|
||||
|
|
36
spec/views/admin/broadcast_messages/index.html.haml_spec.rb
Normal file
36
spec/views/admin/broadcast_messages/index.html.haml_spec.rb
Normal file
|
@ -0,0 +1,36 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'spec_helper'
|
||||
|
||||
RSpec.describe 'admin/broadcast_messages/index' do
|
||||
describe 'Target roles select and table column' do
|
||||
let(:feature_flag_state) { true }
|
||||
|
||||
let_it_be(:message) { create(:broadcast_message, broadcast_type: 'banner', target_access_levels: [Gitlab::Access::GUEST, Gitlab::Access::DEVELOPER]) }
|
||||
|
||||
before do
|
||||
assign(:broadcast_messages, BroadcastMessage.page(1))
|
||||
assign(:broadcast_message, BroadcastMessage.new)
|
||||
|
||||
stub_feature_flags(role_targeted_broadcast_messages: feature_flag_state)
|
||||
|
||||
render
|
||||
end
|
||||
|
||||
it 'rendered' do
|
||||
expect(rendered).to have_content('Target roles')
|
||||
expect(rendered).to have_content('Owner')
|
||||
expect(rendered).to have_content('Guest, Developer')
|
||||
end
|
||||
|
||||
context 'when feature flag is off' do
|
||||
let(:feature_flag_state) { false }
|
||||
|
||||
it 'is not rendered' do
|
||||
expect(rendered).not_to have_content('Target roles')
|
||||
expect(rendered).not_to have_content('Owner')
|
||||
expect(rendered).not_to have_content('Guest, Developer')
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
Loading…
Reference in a new issue