Add latest changes from gitlab-org/gitlab@master
This commit is contained in:
parent
cac0926ddb
commit
f52b15b639
|
@ -49,7 +49,7 @@ export default {
|
||||||
<template>
|
<template>
|
||||||
<gl-dropdown
|
<gl-dropdown
|
||||||
:text="$options.i18n.QUICK_START"
|
:text="$options.i18n.QUICK_START"
|
||||||
variant="info"
|
variant="confirm"
|
||||||
right
|
right
|
||||||
@shown="track('click_dropdown')"
|
@shown="track('click_dropdown')"
|
||||||
>
|
>
|
||||||
|
|
|
@ -15,7 +15,7 @@ module Types
|
||||||
|
|
||||||
field :notification_email,
|
field :notification_email,
|
||||||
resolver: Resolvers::GroupMembers::NotificationEmailResolver,
|
resolver: Resolvers::GroupMembers::NotificationEmailResolver,
|
||||||
description: "Group notification email for User. Only availble for admins."
|
description: "Group notification email for User. Only available for admins."
|
||||||
|
|
||||||
def group
|
def group
|
||||||
Gitlab::Graphql::Loaders::BatchModelLoader.new(Group, object.source_id).find
|
Gitlab::Graphql::Loaders::BatchModelLoader.new(Group, object.source_id).find
|
||||||
|
|
|
@ -1,8 +0,0 @@
|
||||||
---
|
|
||||||
name: container_security_policy_selection
|
|
||||||
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/80272
|
|
||||||
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/353071
|
|
||||||
milestone: '14.10'
|
|
||||||
type: development
|
|
||||||
group: group::container security
|
|
||||||
default_enabled: true
|
|
|
@ -1,8 +0,0 @@
|
||||||
---
|
|
||||||
name: omniauth_initializer_fullhost_proc
|
|
||||||
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/82703
|
|
||||||
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/355579
|
|
||||||
milestone: '14.10'
|
|
||||||
type: development
|
|
||||||
group: group::geo
|
|
||||||
default_enabled: true
|
|
|
@ -11,14 +11,7 @@ if Gitlab::Auth::Ldap::Config.enabled?
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
OmniAuth.config.full_host =
|
OmniAuth.config.full_host = Gitlab::OmniauthInitializer.full_host
|
||||||
if Feature.feature_flags_available? && ::Feature.enabled?(:omniauth_initializer_fullhost_proc)
|
|
||||||
Gitlab::AppLogger.debug("Using OmniAuth proc initializer")
|
|
||||||
Gitlab::OmniauthInitializer.full_host
|
|
||||||
else
|
|
||||||
Gitlab::AppLogger.debug("Fallback to OmniAuth static full_host")
|
|
||||||
Settings.gitlab['base_url']
|
|
||||||
end
|
|
||||||
|
|
||||||
OmniAuth.config.allowed_request_methods = [:post]
|
OmniAuth.config.allowed_request_methods = [:post]
|
||||||
# In case of auto sign-in, the GET method is used (users don't get to click on a button)
|
# In case of auto sign-in, the GET method is used (users don't get to click on a button)
|
||||||
|
|
|
@ -1,14 +0,0 @@
|
||||||
- name: "Must explicitly assign `AuthenticationType` for `[runners.cache.s3]`"
|
|
||||||
announcement_milestone: "14.5" # The milestone when this feature was first announced as deprecated.
|
|
||||||
announcement_date: "2021-11-22"
|
|
||||||
removal_milestone: "15.0" # the milestone when this feature is planned to be removed
|
|
||||||
removal_date: "2022-05-22" # the date of the milestone release when this feature is planned to be removed
|
|
||||||
breaking_change: true
|
|
||||||
body: | # Do not modify this line, instead modify the lines below.
|
|
||||||
In GitLab 15.0 and later, to access the AWS S3 cache, you must specify the `AuthenticationType` for [`[runners.cache.s3]`](https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscaches3-section). The `AuthenticationType` must be `IAM` or `credentials`.
|
|
||||||
|
|
||||||
Prior to 14.5, if you did not define the `AuthenticationType`, GitLab Runner chose a type for you.
|
|
||||||
stage: Verify
|
|
||||||
tiers: [Core, Premium, Ultimate]
|
|
||||||
issue_url: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28171
|
|
||||||
documentation_url: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscaches3-section
|
|
|
@ -69,7 +69,7 @@ Authentiq generates a Client ID and the accompanying Client Secret for you to us
|
||||||
|
|
||||||
1. [Reconfigure](../restart_gitlab.md#omnibus-gitlab-reconfigure) or [restart GitLab](../restart_gitlab.md#installations-from-source) for the changes to take effect if you installed GitLab via Omnibus or from source respectively.
|
1. [Reconfigure](../restart_gitlab.md#omnibus-gitlab-reconfigure) or [restart GitLab](../restart_gitlab.md#installations-from-source) for the changes to take effect if you installed GitLab via Omnibus or from source respectively.
|
||||||
|
|
||||||
On the sign in page there should now be an Authentiq icon below the regular sign in form. Click the
|
On the sign in page there should now be an Authentiq icon below the regular sign in form. Select the
|
||||||
icon to begin the authentication process. If the user:
|
icon to begin the authentication process. If the user:
|
||||||
|
|
||||||
- Has the Authentiq ID app installed in their iOS or Android device, they can:
|
- Has the Authentiq ID app installed in their iOS or Android device, they can:
|
||||||
|
|
|
@ -46,5 +46,5 @@ The following table outlines failure modes and mitigation paths for the product
|
||||||
| Single Gitaly Node + Geo Secondary | Downtime - Must restore from backup, can perform a manual failover to secondary | Downtime - Must restore from Backup, errors could have propagated to secondary | Manual intervention - failover to Geo secondary | |
|
| Single Gitaly Node + Geo Secondary | Downtime - Must restore from backup, can perform a manual failover to secondary | Downtime - Must restore from Backup, errors could have propagated to secondary | Manual intervention - failover to Geo secondary | |
|
||||||
| Sharded Gitaly Install | Partial Downtime - Only repositories on impacted node affected, must restore from backup | Partial Downtime - Only repositories on impacted node affected, must restore from backup | Downtime - Must wait for outage to end | |
|
| Sharded Gitaly Install | Partial Downtime - Only repositories on impacted node affected, must restore from backup | Partial Downtime - Only repositories on impacted node affected, must restore from backup | Downtime - Must wait for outage to end | |
|
||||||
| Sharded Gitaly Install + Geo Secondary | Partial Downtime - Only repositories on impacted node affected, must restore from backup, could perform manual failover to secondary for impacted repositories | Partial Downtime - Only repositories on impacted node affected, must restore from backup, errors could have propagated to secondary | Manual intervention - failover to Geo secondary | |
|
| Sharded Gitaly Install + Geo Secondary | Partial Downtime - Only repositories on impacted node affected, must restore from backup, could perform manual failover to secondary for impacted repositories | Partial Downtime - Only repositories on impacted node affected, must restore from backup, errors could have propagated to secondary | Manual intervention - failover to Geo secondary | |
|
||||||
| Gitaly Cluster Install* | No Downtime - will swap repository primary to another node after 10 seconds | N/A - All writes are voted on by multiple Gitaly Cluster nodes | Downtime - Must wait for outage to end | Snapshot backups for Gitaly Cluster nodes not supported at this time |
|
| Gitaly Cluster Install* | No Downtime - will swap repository primary to another node after 10 seconds | Not applicable; All writes are voted on by multiple Gitaly Cluster nodes | Downtime - Must wait for outage to end | Snapshot backups for Gitaly Cluster nodes not supported at this time |
|
||||||
| Gitaly Cluster Install* + Geo Secondary | No Downtime - will swap repository primary to another node after 10 seconds | N/A - All writes are voted on by multiple Gitaly Cluster nodes | Manual intervention - failover to Geo secondary | Snapshot backups for Gitaly Cluster nodes not supported at this time |
|
| Gitaly Cluster Install* + Geo Secondary | No Downtime - will swap repository primary to another node after 10 seconds | Not applicable; All writes are voted on by multiple Gitaly Cluster nodes | Manual intervention - failover to Geo secondary | Snapshot backups for Gitaly Cluster nodes not supported at this time |
|
||||||
|
|
|
@ -26,7 +26,7 @@ verification methods:
|
||||||
| Type | Feature / component | Replication method | Verification method |
|
| Type | Feature / component | Replication method | Verification method |
|
||||||
|:---------|:------------------------------------------------|:--------------------------------------|:-----------------------|
|
|:---------|:------------------------------------------------|:--------------------------------------|:-----------------------|
|
||||||
| Database | Application data in PostgreSQL | Native | Native |
|
| Database | Application data in PostgreSQL | Native | Native |
|
||||||
| Database | Redis | _N/A_ (*1*) | _N/A_ |
|
| Database | Redis | Not applicable (*1*) | Not applicable |
|
||||||
| Database | Elasticsearch | Native | Native |
|
| Database | Elasticsearch | Native | Native |
|
||||||
| Database | SSH public keys | PostgreSQL Replication | PostgreSQL Replication |
|
| Database | SSH public keys | PostgreSQL Replication | PostgreSQL Replication |
|
||||||
| Git | Project repository | Geo with Gitaly | Gitaly Checksum |
|
| Git | Project repository | Geo with Gitaly | Gitaly Checksum |
|
||||||
|
|
|
@ -54,7 +54,7 @@ you create the project again, it's created in its default state.
|
||||||
1. On the top bar, select **Menu > Admin**.
|
1. On the top bar, select **Menu > Admin**.
|
||||||
1. On the left sidebar, go to **Settings > Metrics and profiling** and expand **Self monitoring**.
|
1. On the left sidebar, go to **Settings > Metrics and profiling** and expand **Self monitoring**.
|
||||||
1. Toggle **Self monitoring** off.
|
1. Toggle **Self monitoring** off.
|
||||||
1. In the confirmation dialog that opens, click **Delete self monitoring project**.
|
1. In the confirmation dialog that opens, select **Delete self monitoring project**.
|
||||||
It can take a few seconds for it to be deleted.
|
It can take a few seconds for it to be deleted.
|
||||||
1. After the project is deleted, GitLab displays a message confirming your action.
|
1. After the project is deleted, GitLab displays a message confirming your action.
|
||||||
|
|
||||||
|
|
|
@ -252,19 +252,19 @@ To switch from Unicorn to Puma:
|
||||||
| `unicorn['enable']` | `puma['enable']` |
|
| `unicorn['enable']` | `puma['enable']` |
|
||||||
| `unicorn['worker_timeout']` | `puma['worker_timeout']` |
|
| `unicorn['worker_timeout']` | `puma['worker_timeout']` |
|
||||||
| `unicorn['worker_processes']` | `puma['worker_processes']` |
|
| `unicorn['worker_processes']` | `puma['worker_processes']` |
|
||||||
| n/a | `puma['ha']` |
|
| Not applicable | `puma['ha']` |
|
||||||
| n/a | `puma['min_threads']` |
|
| Not applicable | `puma['min_threads']` |
|
||||||
| n/a | `puma['max_threads']` |
|
| Not applicable | `puma['max_threads']` |
|
||||||
| `unicorn['listen']` | `puma['listen']` |
|
| `unicorn['listen']` | `puma['listen']` |
|
||||||
| `unicorn['port']` | `puma['port']` |
|
| `unicorn['port']` | `puma['port']` |
|
||||||
| `unicorn['socket']` | `puma['socket']` |
|
| `unicorn['socket']` | `puma['socket']` |
|
||||||
| `unicorn['pidfile']` | `puma['pidfile']` |
|
| `unicorn['pidfile']` | `puma['pidfile']` |
|
||||||
| `unicorn['tcp_nopush']` | n/a |
|
| `unicorn['tcp_nopush']` | Not applicable |
|
||||||
| `unicorn['backlog_socket']` | n/a |
|
| `unicorn['backlog_socket']` | Not applicable |
|
||||||
| `unicorn['somaxconn']` | `puma['somaxconn']` |
|
| `unicorn['somaxconn']` | `puma['somaxconn']` |
|
||||||
| n/a | `puma['state_path']` |
|
| Not applicable | `puma['state_path']` |
|
||||||
| `unicorn['log_directory']` | `puma['log_directory']` |
|
| `unicorn['log_directory']` | `puma['log_directory']` |
|
||||||
| `unicorn['worker_memory_limit_min']` | n/a |
|
| `unicorn['worker_memory_limit_min']` | Not applicable |
|
||||||
| `unicorn['worker_memory_limit_max']` | `puma['per_worker_max_memory_mb']` |
|
| `unicorn['worker_memory_limit_max']` | `puma['per_worker_max_memory_mb']` |
|
||||||
| `unicorn['exporter_enabled']` | `puma['exporter_enabled']` |
|
| `unicorn['exporter_enabled']` | `puma['exporter_enabled']` |
|
||||||
| `unicorn['exporter_address']` | `puma['exporter_address']` |
|
| `unicorn['exporter_address']` | `puma['exporter_address']` |
|
||||||
|
|
|
@ -61,7 +61,7 @@ To create a system hook:
|
||||||
1. Provide the **URL** and **Secret Token**.
|
1. Provide the **URL** and **Secret Token**.
|
||||||
1. Select the checkbox next to each optional **Trigger** you want to enable.
|
1. Select the checkbox next to each optional **Trigger** you want to enable.
|
||||||
1. Select **Enable SSL verification**, if desired.
|
1. Select **Enable SSL verification**, if desired.
|
||||||
1. Click **Add system hook**.
|
1. Select **Add system hook**.
|
||||||
|
|
||||||
## Hooks request example
|
## Hooks request example
|
||||||
|
|
||||||
|
|
|
@ -12081,7 +12081,7 @@ Represents a Group Membership.
|
||||||
| <a id="groupmemberexpiresat"></a>`expiresAt` | [`Time`](#time) | Date and time the membership expires. |
|
| <a id="groupmemberexpiresat"></a>`expiresAt` | [`Time`](#time) | Date and time the membership expires. |
|
||||||
| <a id="groupmembergroup"></a>`group` | [`Group`](#group) | Group that a User is a member of. |
|
| <a id="groupmembergroup"></a>`group` | [`Group`](#group) | Group that a User is a member of. |
|
||||||
| <a id="groupmemberid"></a>`id` | [`ID!`](#id) | ID of the member. |
|
| <a id="groupmemberid"></a>`id` | [`ID!`](#id) | ID of the member. |
|
||||||
| <a id="groupmembernotificationemail"></a>`notificationEmail` | [`String`](#string) | Group notification email for User. Only availble for admins. |
|
| <a id="groupmembernotificationemail"></a>`notificationEmail` | [`String`](#string) | Group notification email for User. Only available for admins. |
|
||||||
| <a id="groupmemberupdatedat"></a>`updatedAt` | [`Time`](#time) | Date and time the membership was last updated. |
|
| <a id="groupmemberupdatedat"></a>`updatedAt` | [`Time`](#time) | Date and time the membership was last updated. |
|
||||||
| <a id="groupmemberuser"></a>`user` | [`UserCore`](#usercore) | User that is associated with the member object. |
|
| <a id="groupmemberuser"></a>`user` | [`UserCore`](#usercore) | User that is associated with the member object. |
|
||||||
| <a id="groupmemberuserpermissions"></a>`userPermissions` | [`GroupPermissions!`](#grouppermissions) | Permissions for the current user on the resource. |
|
| <a id="groupmemberuserpermissions"></a>`userPermissions` | [`GroupPermissions!`](#grouppermissions) | Permissions for the current user on the resource. |
|
||||||
|
|
|
@ -87,7 +87,7 @@ are certain use cases that you may need to work around. For more information, ch
|
||||||
|
|
||||||
The needs visualization makes it easier to visualize the relationships between dependent jobs in a DAG. This graph displays all the jobs in a pipeline that need or are needed by other jobs. Jobs with no relationships are not displayed in this view.
|
The needs visualization makes it easier to visualize the relationships between dependent jobs in a DAG. This graph displays all the jobs in a pipeline that need or are needed by other jobs. Jobs with no relationships are not displayed in this view.
|
||||||
|
|
||||||
To see the needs visualization, click on the **Needs** tab when viewing a pipeline that uses the `needs` keyword.
|
To see the needs visualization, select **Needs** when viewing a pipeline that uses the `needs` keyword.
|
||||||
|
|
||||||
![Needs visualization example](img/dag_graph_example_v13_1.png)
|
![Needs visualization example](img/dag_graph_example_v13_1.png)
|
||||||
|
|
||||||
|
|
|
@ -30,12 +30,12 @@ There are two places defined variables can be used. On the:
|
||||||
| `cache:key` | yes | Runner | The variable expansion is made by GitLab Runner's [internal variable expansion mechanism](#gitlab-runner-internal-variable-expansion-mechanism). |
|
| `cache:key` | yes | Runner | The variable expansion is made by GitLab Runner's [internal variable expansion mechanism](#gitlab-runner-internal-variable-expansion-mechanism). |
|
||||||
| `environment:name` | yes | GitLab | Similar to `environment:url`, but the variables expansion doesn't support the following:<br/><br/>- Variables that are based on the environment's name (`CI_ENVIRONMENT_NAME`, `CI_ENVIRONMENT_SLUG`).<br/>- Any other variables related to environment (currently only `CI_ENVIRONMENT_URL`).<br/>- [Persisted variables](#persisted-variables). |
|
| `environment:name` | yes | GitLab | Similar to `environment:url`, but the variables expansion doesn't support the following:<br/><br/>- Variables that are based on the environment's name (`CI_ENVIRONMENT_NAME`, `CI_ENVIRONMENT_SLUG`).<br/>- Any other variables related to environment (currently only `CI_ENVIRONMENT_URL`).<br/>- [Persisted variables](#persisted-variables). |
|
||||||
| `environment:url` | yes | GitLab | The variable expansion is made by the [internal variable expansion mechanism](#gitlab-internal-variable-expansion-mechanism) in GitLab.<br/><br/>Supported are all variables defined for a job (project/group variables, variables from `.gitlab-ci.yml`, variables from triggers, variables from pipeline schedules).<br/><br/>Not supported are variables defined in the GitLab Runner `config.toml` and variables created in the job's `script`. |
|
| `environment:url` | yes | GitLab | The variable expansion is made by the [internal variable expansion mechanism](#gitlab-internal-variable-expansion-mechanism) in GitLab.<br/><br/>Supported are all variables defined for a job (project/group variables, variables from `.gitlab-ci.yml`, variables from triggers, variables from pipeline schedules).<br/><br/>Not supported are variables defined in the GitLab Runner `config.toml` and variables created in the job's `script`. |
|
||||||
| `except:variables:[]` | no | n/a | The variable must be in the form of `$variable`. Not supported are the following:<br/><br/>- Variables that are based on the environment's name (`CI_ENVIRONMENT_NAME`, `CI_ENVIRONMENT_SLUG`).<br/>- Any other variables related to environment (currently only `CI_ENVIRONMENT_URL`).<br/>- [Persisted variables](#persisted-variables). |
|
| `except:variables:[]` | no | Not applicable | The variable must be in the form of `$variable`. Not supported are the following:<br/><br/>- Variables that are based on the environment's name (`CI_ENVIRONMENT_NAME`, `CI_ENVIRONMENT_SLUG`).<br/>- Any other variables related to environment (currently only `CI_ENVIRONMENT_URL`).<br/>- [Persisted variables](#persisted-variables). |
|
||||||
| `image` | yes | Runner | The variable expansion is made by GitLab Runner's [internal variable expansion mechanism](#gitlab-runner-internal-variable-expansion-mechanism). |
|
| `image` | yes | Runner | The variable expansion is made by GitLab Runner's [internal variable expansion mechanism](#gitlab-runner-internal-variable-expansion-mechanism). |
|
||||||
| `include` | yes | GitLab | The variable expansion is made by the [internal variable expansion mechanism](#gitlab-internal-variable-expansion-mechanism) in GitLab. <br/><br/>Predefined project variables are supported: `GITLAB_FEATURES`, `CI_DEFAULT_BRANCH`, and all variables that start with `CI_PROJECT_` (for example `CI_PROJECT_NAME`). |
|
| `include` | yes | GitLab | The variable expansion is made by the [internal variable expansion mechanism](#gitlab-internal-variable-expansion-mechanism) in GitLab. <br/><br/>Predefined project variables are supported: `GITLAB_FEATURES`, `CI_DEFAULT_BRANCH`, and all variables that start with `CI_PROJECT_` (for example `CI_PROJECT_NAME`). |
|
||||||
| `only:variables:[]` | no | n/a | The variable must be in the form of `$variable`. Not supported are the following:<br/><br/>- Variables that are based on the environment's name (`CI_ENVIRONMENT_NAME`, `CI_ENVIRONMENT_SLUG`).<br/>- Any other variables related to environment (currently only `CI_ENVIRONMENT_URL`).<br/>- [Persisted variables](#persisted-variables). |
|
| `only:variables:[]` | no | Not applicable | The variable must be in the form of `$variable`. Not supported are the following:<br/><br/>- Variables that are based on the environment's name (`CI_ENVIRONMENT_NAME`, `CI_ENVIRONMENT_SLUG`).<br/>- Any other variables related to environment (currently only `CI_ENVIRONMENT_URL`).<br/>- [Persisted variables](#persisted-variables). |
|
||||||
| `resource_group` | yes | GitLab | Similar to `environment:url`, but the variables expansion doesn't support the following:<br/>- `CI_ENVIRONMENT_URL`<br/>- [Persisted variables](#persisted-variables). |
|
| `resource_group` | yes | GitLab | Similar to `environment:url`, but the variables expansion doesn't support the following:<br/>- `CI_ENVIRONMENT_URL`<br/>- [Persisted variables](#persisted-variables). |
|
||||||
| `rules:if` | no | n/a | The variable must be in the form of `$variable`. Not supported are the following:<br/><br/>- Variables that are based on the environment's name (`CI_ENVIRONMENT_NAME`, `CI_ENVIRONMENT_SLUG`).<br/>- Any other variables related to environment (currently only `CI_ENVIRONMENT_URL`).<br/>- [Persisted variables](#persisted-variables). |
|
| `rules:if` | no | Not applicable | The variable must be in the form of `$variable`. Not supported are the following:<br/><br/>- Variables that are based on the environment's name (`CI_ENVIRONMENT_NAME`, `CI_ENVIRONMENT_SLUG`).<br/>- Any other variables related to environment (currently only `CI_ENVIRONMENT_URL`).<br/>- [Persisted variables](#persisted-variables). |
|
||||||
| `script` | yes | Script execution shell | The variable expansion is made by the [execution shell environment](#execution-shell-environment). |
|
| `script` | yes | Script execution shell | The variable expansion is made by the [execution shell environment](#execution-shell-environment). |
|
||||||
| `services:[]:name` | yes | Runner | The variable expansion is made by GitLab Runner's [internal variable expansion mechanism](#gitlab-runner-internal-variable-expansion-mechanism). |
|
| `services:[]:name` | yes | Runner | The variable expansion is made by GitLab Runner's [internal variable expansion mechanism](#gitlab-runner-internal-variable-expansion-mechanism). |
|
||||||
| `services:[]` | yes | Runner | The variable expansion is made by GitLab Runner's [internal variable expansion mechanism](#gitlab-runner-internal-variable-expansion-mechanism). |
|
| `services:[]` | yes | Runner | The variable expansion is made by GitLab Runner's [internal variable expansion mechanism](#gitlab-runner-internal-variable-expansion-mechanism). |
|
||||||
|
|
|
@ -272,7 +272,7 @@ This saves reviewers time and helps authors catch mistakes earlier.
|
||||||
[Review the merge request](#reviewing-a-merge-request) thoroughly. When you are confident
|
[Review the merge request](#reviewing-a-merge-request) thoroughly. When you are confident
|
||||||
that it meets all requirements, you should:
|
that it meets all requirements, you should:
|
||||||
|
|
||||||
- Click the Approve button.
|
- Select **Approve**.
|
||||||
- `@` mention the author to generate a to-do notification, and advise them that their merge request has been reviewed and approved.
|
- `@` mention the author to generate a to-do notification, and advise them that their merge request has been reviewed and approved.
|
||||||
- Request a review from a maintainer. Default to requests for a maintainer with [domain expertise](#domain-experts),
|
- Request a review from a maintainer. Default to requests for a maintainer with [domain expertise](#domain-experts),
|
||||||
however, if one isn't available or you think the merge request doesn't need a review by a [domain expert](#domain-experts), feel free to follow the [Reviewer roulette](#reviewer-roulette) suggestion.
|
however, if one isn't available or you think the merge request doesn't need a review by a [domain expert](#domain-experts), feel free to follow the [Reviewer roulette](#reviewer-roulette) suggestion.
|
||||||
|
|
|
@ -57,7 +57,7 @@ bundle exec rake db:reset RAILS_ENV=test
|
||||||
|
|
||||||
Access the database via one of these commands (they all get you to the same place)
|
Access the database via one of these commands (they all get you to the same place)
|
||||||
|
|
||||||
```ruby
|
```shell
|
||||||
gdk psql -d gitlabhq_development
|
gdk psql -d gitlabhq_development
|
||||||
bundle exec rails dbconsole -e development
|
bundle exec rails dbconsole -e development
|
||||||
bundle exec rails db -e development
|
bundle exec rails db -e development
|
||||||
|
@ -72,7 +72,7 @@ bundle exec rails db -e development
|
||||||
|
|
||||||
## Access the database with a GUI
|
## Access the database with a GUI
|
||||||
|
|
||||||
Most GUIs (DataGrid, RubyMine, DBeaver) require a TCP connection to the database, but by default
|
Most GUIs (DataGrip, RubyMine, DBeaver) require a TCP connection to the database, but by default
|
||||||
the database runs on a UNIX socket. To be able to access the database from these tools, some steps
|
the database runs on a UNIX socket. To be able to access the database from these tools, some steps
|
||||||
are needed:
|
are needed:
|
||||||
|
|
||||||
|
|
|
@ -321,12 +321,12 @@ To match the versions of `markdownlint-cli` and `vale` used in the GitLab projec
|
||||||
[versions used (see `variables:` section)](https://gitlab.com/gitlab-org/gitlab-docs/-/blob/main/.gitlab-ci.yml)
|
[versions used (see `variables:` section)](https://gitlab.com/gitlab-org/gitlab-docs/-/blob/main/.gitlab-ci.yml)
|
||||||
when building the `image:docs-lint-markdown` Docker image containing these tools for CI/CD.
|
when building the `image:docs-lint-markdown` Docker image containing these tools for CI/CD.
|
||||||
|
|
||||||
| Tool | Version | Command | Additional information |
|
| Tool | Version | Command | Additional information |
|
||||||
|--------------------|-----------|-------------------------------------------|------------------------|
|
|--------------------|-----------|--------------------------------------------------------|------------------------|
|
||||||
| `markdownlint-cli` | Latest | `yarn global add markdownlint-cli` | n/a |
|
| `markdownlint-cli` | Latest | `yarn global add markdownlint-cli` | None. |
|
||||||
| `markdownlint-cli` | Specific | `yarn global add markdownlint-cli@0.23.2` | The `@` indicates a specific version, and this example updates the tool to version `0.23.2`. |
|
| `markdownlint-cli` | Specific | `yarn global add markdownlint-cli@0.23.2` | The `@` indicates a specific version, and this example updates the tool to version `0.23.2`. |
|
||||||
| Vale | Latest | `brew update && brew upgrade vale` | This command is for macOS only. |
|
| Vale | Latest | `brew update && brew upgrade vale` | This command is for macOS only. |
|
||||||
| Vale | Specific | n/a | Not possible using `brew`, but can be [directly downloaded](https://github.com/errata-ai/vale/releases). |
|
| Vale | Specific | Not applicable. | Binaries can be [directly downloaded](https://github.com/errata-ai/vale/releases). |
|
||||||
|
|
||||||
### Configure editors
|
### Configure editors
|
||||||
|
|
||||||
|
|
|
@ -138,8 +138,8 @@ To avoid upgrading indirect dependencies, we can use [`bundle update
|
||||||
|
|
||||||
When submitting a merge request including a dependency update,
|
When submitting a merge request including a dependency update,
|
||||||
include a link to the Gem diff between the 2 versions in the merge request
|
include a link to the Gem diff between the 2 versions in the merge request
|
||||||
description. You can find this link on `rubygems.org` under
|
description. You can find this link on `rubygems.org`, select
|
||||||
**Review Changes**. When you click it, RubyGems generates a comparison
|
**Review Changes** to generate a comparison
|
||||||
between the versions on `diffend.io`. For example, this is the gem
|
between the versions on `diffend.io`. For example, this is the gem
|
||||||
diff for [`thor` 1.0.0 vs
|
diff for [`thor` 1.0.0 vs
|
||||||
1.0.1](https://my.diffend.io/gems/thor/1.0.0/1.0.1). Use the
|
1.0.1](https://my.diffend.io/gems/thor/1.0.0/1.0.1). Use the
|
||||||
|
|
|
@ -101,8 +101,8 @@ Therefore, document new uploads here by slotting them into the following tables:
|
||||||
| Pipeline artifacts | `carrierwave` | `sidekiq` | `/artifacts/<proj_id_hash>/pipelines/<pipeline_id>/artifacts/<artifact_id>` |
|
| Pipeline artifacts | `carrierwave` | `sidekiq` | `/artifacts/<proj_id_hash>/pipelines/<pipeline_id>/artifacts/<artifact_id>` |
|
||||||
| Live job traces | `fog` | `sidekiq` | `/artifacts/tmp/builds/<job_id>/chunks/<chunk_index>.log` |
|
| Live job traces | `fog` | `sidekiq` | `/artifacts/tmp/builds/<job_id>/chunks/<chunk_index>.log` |
|
||||||
| Job traces archive | `carrierwave` | `sidekiq` | `/artifacts/<proj_id_hash>/<date>/<job_id>/<artifact_id>/job.log` |
|
| Job traces archive | `carrierwave` | `sidekiq` | `/artifacts/<proj_id_hash>/<date>/<job_id>/<artifact_id>/job.log` |
|
||||||
| Autoscale runner caching | N/A | `gitlab-runner` | `/gitlab-com-[platform-]runners-cache/???` |
|
| Autoscale runner caching | Not applicable | `gitlab-runner` | `/gitlab-com-[platform-]runners-cache/???` |
|
||||||
| Backups | N/A | `s3cmd`, `awscli`, or `gcs` | `/gitlab-backups/???` |
|
| Backups | Not applicable | `s3cmd`, `awscli`, or `gcs` | `/gitlab-backups/???` |
|
||||||
| Git LFS | `direct upload` | `workhorse` | `/lfs-objects/<lfs_obj_oid[0:2]>/<lfs_obj_oid[2:2]>` |
|
| Git LFS | `direct upload` | `workhorse` | `/lfs-objects/<lfs_obj_oid[0:2]>/<lfs_obj_oid[2:2]>` |
|
||||||
| Design management files | `disk buffering` | `rails controller` | `/lsf-objects/<lfs_obj_oid[0:2]>/<lfs_obj_oid[2:2]>` |
|
| Design management files | `disk buffering` | `rails controller` | `/lsf-objects/<lfs_obj_oid[0:2]>/<lfs_obj_oid[2:2]>` |
|
||||||
| Design management thumbnails | `carrierwave` | `sidekiq` | `/uploads/design_management/action/image_v432x230/<model_id>/<original_lfs_obj_oid[2:2]` |
|
| Design management thumbnails | `carrierwave` | `sidekiq` | `/uploads/design_management/action/image_v432x230/<model_id>/<original_lfs_obj_oid[2:2]` |
|
||||||
|
|
|
@ -705,7 +705,7 @@ From the EC2 dashboard:
|
||||||
|
|
||||||
### Create an auto scaling group
|
### Create an auto scaling group
|
||||||
|
|
||||||
1. As soon as the launch configuration is created, you'll see an option to **Create an Auto Scaling group using this launch configuration**. Click that to start creating the auto scaling group.
|
1. After the launch configuration is created, select **Create an Auto Scaling group using this launch configuration** to start creating the auto scaling group.
|
||||||
1. Enter a **Group name** (we'll use `gitlab-auto-scaling-group`).
|
1. Enter a **Group name** (we'll use `gitlab-auto-scaling-group`).
|
||||||
1. For **Group size**, enter the number of instances you want to start with (we'll enter `2`).
|
1. For **Group size**, enter the number of instances you want to start with (we'll enter `2`).
|
||||||
1. Select the `gitlab-vpc` from the **Network** dropdown.
|
1. Select the `gitlab-vpc` from the **Network** dropdown.
|
||||||
|
|
|
@ -13,7 +13,7 @@ NOTE:
|
||||||
To deploy production-ready GitLab on
|
To deploy production-ready GitLab on
|
||||||
Google Kubernetes Engine,
|
Google Kubernetes Engine,
|
||||||
you can follow Google Cloud Platform's
|
you can follow Google Cloud Platform's
|
||||||
[Click to Deploy steps](https://github.com/GoogleCloudPlatform/click-to-deploy/blob/master/k8s/gitlab/README.md)
|
[`Click to Deploy` steps](https://github.com/GoogleCloudPlatform/click-to-deploy/blob/master/k8s/gitlab/README.md)
|
||||||
It's an alternative to using a GCP VM, and uses
|
It's an alternative to using a GCP VM, and uses
|
||||||
the [Cloud native GitLab Helm chart](https://docs.gitlab.com/charts/).
|
the [Cloud native GitLab Helm chart](https://docs.gitlab.com/charts/).
|
||||||
|
|
||||||
|
|
|
@ -36,7 +36,7 @@ Alerts can be used to trigger actions, like opening an issue automatically
|
||||||
1. Enable the option to create issues.
|
1. Enable the option to create issues.
|
||||||
1. Choose the [issue template](../../user/project/description_templates.md) to create the issue from.
|
1. Choose the [issue template](../../user/project/description_templates.md) to create the issue from.
|
||||||
1. Optionally, select whether to send an email notification to the developers of the project.
|
1. Optionally, select whether to send an email notification to the developers of the project.
|
||||||
1. Click **Save changes**.
|
1. Select **Save changes**.
|
||||||
|
|
||||||
After enabling, GitLab automatically opens an issue when an alert is triggered containing
|
After enabling, GitLab automatically opens an issue when an alert is triggered containing
|
||||||
values extracted from the [`alerts` field in webhook payload](https://prometheus.io/docs/alerting/latest/configuration/#webhook_config):
|
values extracted from the [`alerts` field in webhook payload](https://prometheus.io/docs/alerting/latest/configuration/#webhook_config):
|
||||||
|
|
|
@ -23,14 +23,14 @@ Navigate to the browser-based editor of your choice:
|
||||||
- In the **Repository view**:
|
- In the **Repository view**:
|
||||||
|
|
||||||
1. Navigate to **{doc-text}** **Repository > Files**.
|
1. Navigate to **{doc-text}** **Repository > Files**.
|
||||||
1. Click **{plus}** **Add to tree** and select **New file**,
|
1. Select **{plus}** **Add to tree** and select **New file**,
|
||||||
then click **Select a template type** to see a list of available templates:
|
then select **Select a template type** to see a list of available templates:
|
||||||
![Metrics dashboard template selection](img/metrics_dashboard_template_selection_v13_3.png)
|
![Metrics dashboard template selection](img/metrics_dashboard_template_selection_v13_3.png)
|
||||||
|
|
||||||
- In the **[Web IDE](../../../user/project/web_ide/index.md)**:
|
- In the **[Web IDE](../../../user/project/web_ide/index.md)**:
|
||||||
|
|
||||||
1. Click **Web IDE** when viewing your repository.
|
1. Select **Web IDE** when viewing your repository.
|
||||||
1. Click **{doc-new}** **New file**, then click **Choose a template** to see a list of available templates:
|
1. Select **{doc-new}** **New file**, then select **Choose a template** to see a list of available templates:
|
||||||
![Metrics dashboard template selection WebIDE](img/metrics_dashboard_template_selection_web_ide_v13_3.png)
|
![Metrics dashboard template selection WebIDE](img/metrics_dashboard_template_selection_web_ide_v13_3.png)
|
||||||
|
|
||||||
## Custom dashboard templates **(PREMIUM SELF)**
|
## Custom dashboard templates **(PREMIUM SELF)**
|
||||||
|
|
|
@ -28,12 +28,12 @@ time zone:
|
||||||
|
|
||||||
1. Sign in as a user with Manage Project Operations [permissions](../../../user/permissions.md).
|
1. Sign in as a user with Manage Project Operations [permissions](../../../user/permissions.md).
|
||||||
1. Navigate to **Settings > Monitor**.
|
1. Navigate to **Settings > Monitor**.
|
||||||
1. Scroll to **Metrics Dashboard** and click **Expand**.
|
1. Scroll to **Metrics Dashboard** and select **Expand**.
|
||||||
1. In the **Dashboard timezone** select box, select *User's local timezone*
|
1. In the **Dashboard timezone** select box, select *User's local timezone*
|
||||||
or *UTC*:
|
or *UTC*:
|
||||||
|
|
||||||
![Dashboard timezone setting](img/dashboard_local_timezone_v13_1.png)
|
![Dashboard timezone setting](img/dashboard_local_timezone_v13_1.png)
|
||||||
1. Click **Save changes**.
|
1. Select **Save changes**.
|
||||||
|
|
||||||
## Link to an external dashboard
|
## Link to an external dashboard
|
||||||
|
|
||||||
|
@ -44,12 +44,12 @@ existing external dashboards:
|
||||||
|
|
||||||
1. Sign in as a user with Manage Project Operations [permissions](../../../user/permissions.md).
|
1. Sign in as a user with Manage Project Operations [permissions](../../../user/permissions.md).
|
||||||
1. Navigate to **Settings > Monitor**.
|
1. Navigate to **Settings > Monitor**.
|
||||||
1. Scroll to **Metrics Dashboard** and click **Expand**.
|
1. Scroll to **Metrics Dashboard** and select **Expand**.
|
||||||
1. In **External dashboard URL**, provide the URL to your external dashboard:
|
1. In **External dashboard URL**, provide the URL to your external dashboard:
|
||||||
|
|
||||||
![External Dashboard Setting](img/dashboard_external_link_v13_1.png)
|
![External Dashboard Setting](img/dashboard_external_link_v13_1.png)
|
||||||
|
|
||||||
1. Click **Save changes**.
|
1. Select **Save changes**.
|
||||||
|
|
||||||
GitLab displays a **View full dashboard** button in the top right corner of your
|
GitLab displays a **View full dashboard** button in the top right corner of your
|
||||||
[monitoring dashboard](../../../ci/environments/index.md#monitor-environments)
|
[monitoring dashboard](../../../ci/environments/index.md#monitor-environments)
|
||||||
|
|
|
@ -48,8 +48,8 @@ GitLab unfurls the link as an embedded metrics panel:
|
||||||
|
|
||||||
![Embedded Metrics Rendered](img/embedded_metrics_rendered_v13_4.png)
|
![Embedded Metrics Rendered](img/embedded_metrics_rendered_v13_4.png)
|
||||||
|
|
||||||
You can also embed a single chart. To get a link to a chart, click the
|
You can also embed a single chart. To get a link to a chart, select
|
||||||
**{ellipsis_v}** **More actions** menu in the upper right corner of the chart,
|
**{ellipsis_v}** **More actions** in the upper right corner of the chart,
|
||||||
and select **Copy link to chart**, as shown in this example:
|
and select **Copy link to chart**, as shown in this example:
|
||||||
|
|
||||||
![Copy Link To Chart](img/copy_link_to_chart_v12_10.png)
|
![Copy Link To Chart](img/copy_link_to_chart_v12_10.png)
|
||||||
|
|
|
@ -87,7 +87,7 @@ navigation bar contains:
|
||||||
[custom dashboards](dashboards/index.md).
|
[custom dashboards](dashboards/index.md).
|
||||||
([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/34779) in GitLab 12.5.)
|
([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/34779) in GitLab 12.5.)
|
||||||
- **Duplicate current dashboard** - Save a [complete copy of a dashboard](dashboards/index.md#duplicate-a-gitlab-defined-dashboard). Only available on GitLab-defined dashboards.
|
- **Duplicate current dashboard** - Save a [complete copy of a dashboard](dashboards/index.md#duplicate-a-gitlab-defined-dashboard). Only available on GitLab-defined dashboards.
|
||||||
- **Star dashboard** **{star-o}** - Click to mark a dashboard as a favorite.
|
- **Star dashboard** **{star-o}** - Mark a dashboard as a favorite.
|
||||||
Starred dashboards display a solid star **{star}** button, and display first
|
Starred dashboards display a solid star **{star}** button, and display first
|
||||||
in the **Dashboard** dropdown list.
|
in the **Dashboard** dropdown list.
|
||||||
([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/214582) in GitLab 13.0.)
|
([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/214582) in GitLab 13.0.)
|
||||||
|
|
|
@ -53,8 +53,8 @@ at each tier for each product, see:
|
||||||
|
|
||||||
## Find your subscription
|
## Find your subscription
|
||||||
|
|
||||||
The following chart should help you determine your subscription model. Click
|
The following chart should help you determine your subscription model. Select
|
||||||
on the list item to go to the respective help page.
|
the list item to go to the respective help page.
|
||||||
|
|
||||||
```mermaid
|
```mermaid
|
||||||
graph TD
|
graph TD
|
||||||
|
@ -164,7 +164,7 @@ Only one namespace can be linked to a subscription.
|
||||||
To change the password for this customers portal account:
|
To change the password for this customers portal account:
|
||||||
|
|
||||||
1. Log in to the [Customers Portal](https://customers.gitlab.com/customers/sign_in).
|
1. Log in to the [Customers Portal](https://customers.gitlab.com/customers/sign_in).
|
||||||
1. Select the **My account** drop-down and select on **Account details**.
|
1. Select the **My account** drop-down and select **Account details**.
|
||||||
1. Make the required changes to the **Your password** section.
|
1. Make the required changes to the **Your password** section.
|
||||||
1. Select **Save changes**.
|
1. Select **Save changes**.
|
||||||
|
|
||||||
|
|
|
@ -1565,23 +1565,6 @@ In GitLab 15.0 and later, the default value for this configuration option will c
|
||||||
**Planned removal milestone: <span class="removal-milestone">15.0</span> (2022-05-22)**
|
**Planned removal milestone: <span class="removal-milestone">15.0</span> (2022-05-22)**
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="deprecation removal-150 breaking-change">
|
|
||||||
|
|
||||||
### Must explicitly assign `AuthenticationType` for `[runners.cache.s3]`
|
|
||||||
|
|
||||||
WARNING:
|
|
||||||
This feature will be changed or removed in 15.0
|
|
||||||
as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
|
|
||||||
Before updating GitLab, review the details carefully to determine if you need to make any
|
|
||||||
changes to your code, settings, or workflow.
|
|
||||||
|
|
||||||
In GitLab 15.0 and later, to access the AWS S3 cache, you must specify the `AuthenticationType` for [`[runners.cache.s3]`](https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscaches3-section). The `AuthenticationType` must be `IAM` or `credentials`.
|
|
||||||
|
|
||||||
Prior to 14.5, if you did not define the `AuthenticationType`, GitLab Runner chose a type for you.
|
|
||||||
|
|
||||||
**Planned removal milestone: <span class="removal-milestone">15.0</span> (2022-05-22)**
|
|
||||||
</div>
|
|
||||||
|
|
||||||
<div class="deprecation removal-160 breaking-change">
|
<div class="deprecation removal-160 breaking-change">
|
||||||
|
|
||||||
### Package pipelines in API payload is paginated
|
### Package pipelines in API payload is paginated
|
||||||
|
|
|
@ -260,7 +260,7 @@ Support depends on which scanner is used:
|
||||||
| Distribution | Grype | Trivy |
|
| Distribution | Grype | Trivy |
|
||||||
| -------------- | ----- | ----- |
|
| -------------- | ----- | ----- |
|
||||||
| Alma Linux | | ✅ |
|
| Alma Linux | | ✅ |
|
||||||
| Alpine Linux | ✅ | |
|
| Alpine Linux | ✅ | ✅ |
|
||||||
| Amazon Linux | ✅ | ✅ |
|
| Amazon Linux | ✅ | ✅ |
|
||||||
| BusyBox | ✅ | |
|
| BusyBox | ✅ | |
|
||||||
| CentOS | ✅ | ✅ |
|
| CentOS | ✅ | ✅ |
|
||||||
|
|
|
@ -86,9 +86,8 @@ This rule enforces the defined actions and schedules a scan on the provided date
|
||||||
| `type` | `string` | `schedule` | The rule's type. |
|
| `type` | `string` | `schedule` | The rule's type. |
|
||||||
| `branches` | `array` of `string` | `*` or the branch's name | The branch the given policy applies to (supports wildcard). |
|
| `branches` | `array` of `string` | `*` or the branch's name | The branch the given policy applies to (supports wildcard). |
|
||||||
| `cadence` | `string` | CRON expression (for example, `0 0 * * *`) | A whitespace-separated string containing five fields that represents the scheduled time. |
|
| `cadence` | `string` | CRON expression (for example, `0 0 * * *`) | A whitespace-separated string containing five fields that represents the scheduled time. |
|
||||||
| `agents` | `object` | | The name of the [GitLab agents](../../clusters/agent/index.md) where [cluster image scanning](../../clusters/agent/vulnerabilities.md) will run. The key of the object is the name of the Kubernetes cluster configured for your project in GitLab. In the optionally provided value of the object, you can precisely select Kubernetes resources that are scanned. | <!--- start_remove The following content will be removed on remove_date: '2022-08-22' -->
|
| `agents` | `object` | | The name of the [GitLab agents](../../clusters/agent/index.md) where [cluster image scanning](../../clusters/agent/vulnerabilities.md) will run. The key of the object is the name of the Kubernetes cluster configured for your project in GitLab. In the optionally provided value of the object, you can precisely select Kubernetes resources that are scanned. <!--- start_remove The following content will be removed on remove_date: '2022-08-22' --> |
|
||||||
| `clusters` (removed) | `object` | | This field was [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/356465) in 15.0. Use the `agents` field instead. The cluster where the given policy enforces running selected scans (only for `container_scanning`/`cluster_image_scanning` scans). The key of the object is the name of the Kubernetes cluster configured for your project in GitLab. In the optionally provided value of the object, you can precisely select Kubernetes resources that are scanned. |
|
| `clusters` (removed) | `object` | | This field was [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/356465) in 15.0. Use the `agents` field instead. The cluster where the given policy enforces running selected scans (only for `container_scanning`/`cluster_image_scanning` scans). The key of the object is the name of the Kubernetes cluster configured for your project in GitLab. In the optionally provided value of the object, you can precisely select Kubernetes resources that are scanned. <!--- end_remove --> |
|
||||||
<!--- end_remove -->
|
|
||||||
|
|
||||||
GitLab supports the following types of CRON syntax for the `cadence` field:
|
GitLab supports the following types of CRON syntax for the `cadence` field:
|
||||||
|
|
||||||
|
|
|
@ -4,13 +4,14 @@ group: Threat Insights
|
||||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||||
---
|
---
|
||||||
|
|
||||||
# Vulnerability Pages **(ULTIMATE)**
|
# Vulnerability Page **(ULTIMATE)**
|
||||||
|
|
||||||
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/13561) in GitLab 13.0.
|
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/13561) in GitLab 13.0.
|
||||||
|
|
||||||
Each vulnerability in a project has a Vulnerability Page. This page contains details of the
|
Each vulnerability in a project has a Vulnerability Page, containing details of the
|
||||||
vulnerability. The details included vary according to the type of vulnerability. Details of each
|
vulnerability. The details included vary according to the type of vulnerability.
|
||||||
vulnerability include:
|
|
||||||
|
Details of each vulnerability include:
|
||||||
|
|
||||||
- Description
|
- Description
|
||||||
- When it was detected
|
- When it was detected
|
||||||
|
@ -24,32 +25,41 @@ alert message is included at the top of the vulnerability's page.
|
||||||
|
|
||||||
On the vulnerability's page, you can:
|
On the vulnerability's page, you can:
|
||||||
|
|
||||||
- [Change the vulnerability's status](#change-vulnerability-status).
|
- [Change the vulnerability's status](#change-status-of-a-vulnerability).
|
||||||
- [Create an issue](#create-an-issue-for-a-vulnerability).
|
- [Create an issue](#creating-an-issue-for-a-vulnerability).
|
||||||
- [Link issues to the vulnerability](#linked-issues).
|
- [Link issues to the vulnerability](#linking-a-vulnerability-to-issues).
|
||||||
- [Resolve a vulnerability](#resolve-a-vulnerability) if a solution is
|
- [Resolve the vulnerability](#resolve-a-vulnerability) if a solution is
|
||||||
available.
|
available.
|
||||||
- [View security training specific to the detected vulnerability](#view-security-training-for-a-vulnerability).
|
- [View security training specific to the detected vulnerability](#view-security-training-for-a-vulnerability).
|
||||||
|
|
||||||
## Vulnerability status values
|
## Vulnerability status values
|
||||||
|
|
||||||
A vulnerability's status can be one of the following:
|
A vulnerability's status can be:
|
||||||
|
|
||||||
| Status | Description |
|
- **Detected**: The default state for a newly discovered vulnerability. Appears as "Needs triage" in the UI.
|
||||||
|:----------|:------------|
|
- **Confirmed**: A user has seen this vulnerability and confirmed it to be accurate.
|
||||||
| Detected | The default state for a newly discovered vulnerability. Appears as "Needs triage" in the UI. |
|
- **Dismissed**: A user has seen this vulnerability and dismissed it because it is not accurate or otherwise not to be resolved.
|
||||||
| Confirmed | A user has seen this vulnerability and confirmed it to be accurate. |
|
- **Resolved**: The vulnerability has been fixed or is no longer present.
|
||||||
| Dismissed | A user has seen this vulnerability and dismissed it because it is not accurate or otherwise not to be resolved. |
|
|
||||||
| Resolved | The vulnerability has been fixed or is no longer present. |
|
|
||||||
|
|
||||||
Dismissed vulnerabilities are ignored if detected in subsequent scans. Resolved vulnerabilities that are reintroduced and detected by subsequent scans have a _new_ vulnerability record created. When an existing vulnerability is no longer detected in a project's `default` branch, you should change its status to Resolved. This ensures that if it is accidentally reintroduced in a future merge, it will be visible again as a new record. You can use the [Activity filter](../vulnerability_report/#activity-filter) to select all vulnerabilities that are no longer detected, and [change their status](../vulnerability_report#change-status-of-vulnerabilities).
|
Dismissed vulnerabilities are ignored if detected in subsequent scans. Resolved vulnerabilities that
|
||||||
|
are reintroduced and detected by subsequent scans have a _new_ vulnerability record created. When an
|
||||||
|
existing vulnerability is no longer detected in a project's `default` branch, you should change its
|
||||||
|
status to **Resolved**. This ensures that if it is accidentally reintroduced in a future merge, it
|
||||||
|
is reported again as a new record. You can use the Vulnerability Report's
|
||||||
|
[Activity filter](../vulnerability_report/#activity-filter) to select all vulnerabilities that are
|
||||||
|
no longer detected, and change their status.
|
||||||
|
|
||||||
## Change vulnerability status
|
## Change status of a vulnerability
|
||||||
|
|
||||||
To change a vulnerability's status, select a new value from the **Status** dropdown then select
|
To change a vulnerability's status from its Vulnerability Page:
|
||||||
**Change status**. Optionally, add a comment to the log entry at the bottom of the page.
|
|
||||||
|
|
||||||
## Create an issue for a vulnerability
|
1. On the top bar, select **Menu > Projects** and find your project.
|
||||||
|
1. On the left sidebar, select **Security & Compliance > Vulnerability report**.
|
||||||
|
1. Select the vulnerability's description.
|
||||||
|
1. From the **Status** dropdown list select a status, then select **Change status**.
|
||||||
|
1. Optionally, at the bottom of the page, add a comment to the log entry.
|
||||||
|
|
||||||
|
## Creating an issue for a vulnerability
|
||||||
|
|
||||||
From a vulnerability's page you can create an issue to track all action taken to resolve or
|
From a vulnerability's page you can create an issue to track all action taken to resolve or
|
||||||
mitigate it.
|
mitigate it.
|
||||||
|
@ -67,7 +77,9 @@ that when Jira integration is enabled, the GitLab issue feature is not available
|
||||||
|
|
||||||
To create a GitLab issue for a vulnerability:
|
To create a GitLab issue for a vulnerability:
|
||||||
|
|
||||||
1. In GitLab, go to the vulnerability's page.
|
1. On the top bar, select **Menu > Projects** and find your project.
|
||||||
|
1. On the left sidebar, select **Security & Compliance > Vulnerability report**.
|
||||||
|
1. Select the vulnerability's description.
|
||||||
1. Select **Create issue**.
|
1. Select **Create issue**.
|
||||||
|
|
||||||
An issue is created in the project, pre-populated with information from the vulnerability report.
|
An issue is created in the project, pre-populated with information from the vulnerability report.
|
||||||
|
@ -80,73 +92,85 @@ The issue is then opened so you can take further action.
|
||||||
|
|
||||||
Prerequisites:
|
Prerequisites:
|
||||||
|
|
||||||
- [Enable Jira integration](../../../integration/jira/index.md).
|
- [Enable Jira integration](../../../integration/jira/index.md). The **Enable Jira issue creation
|
||||||
The **Enable Jira issue creation from vulnerabilities** option must be selected as part of the configuration.
|
from vulnerabilities** option must be selected as part of the configuration.
|
||||||
- Each user must have a personal Jira user account with permission to create issues in the target project.
|
- Each user must have a personal Jira user account with permission to create issues in the target
|
||||||
|
project.
|
||||||
|
|
||||||
To create a Jira issue for a vulnerability:
|
To create a Jira issue for a vulnerability:
|
||||||
|
|
||||||
1. Go to the vulnerability's page.
|
1. On the top bar, select **Menu > Projects** and find your project.
|
||||||
|
1. On the left sidebar, select **Security & Compliance > Vulnerability report**.
|
||||||
|
1. Select the vulnerability's description.
|
||||||
1. Select **Create Jira issue**.
|
1. Select **Create Jira issue**.
|
||||||
1. If you're not already logged in to Jira, log in.
|
1. If you're not already logged in to Jira, log in.
|
||||||
|
|
||||||
The Jira issue is created and opened in a new browser tab. The **Summary** and **Description**
|
The Jira issue is created and opened in a new browser tab. The **Summary** and **Description**
|
||||||
fields are pre-populated from the vulnerability's details.
|
fields are pre-populated from the vulnerability's details.
|
||||||
|
|
||||||
Unlike GitLab issues, the status of whether a Jira issue is open or closed does not display in the GitLab user interface.
|
Unlike GitLab issues, the status of whether a Jira issue is open or closed does not display in the
|
||||||
|
GitLab user interface.
|
||||||
|
|
||||||
## Linked issues
|
## Linking a vulnerability to issues
|
||||||
|
|
||||||
NOTE:
|
NOTE:
|
||||||
If Jira issue support is enabled, GitLab issues are disabled so this feature is not available.
|
If Jira issue support is enabled, GitLab issues are disabled so this feature is not available.
|
||||||
|
|
||||||
You can link one or more existing GitLab issues to a vulnerability. Adding a link helps track
|
You can link a vulnerability to one or more existing GitLab issues. Adding a link helps track
|
||||||
the issue that resolves or mitigates a vulnerability.
|
the issue that resolves or mitigates a vulnerability.
|
||||||
|
|
||||||
Issues linked to a vulnerability are shown in the Vulnerability Report and the vulnerability's page.
|
Issues linked to a vulnerability are shown in the Vulnerability Report and the vulnerability's page.
|
||||||
|
|
||||||
Be aware of the following conditions between a vulnerability and a linked issue:
|
Be aware of the following conditions between a vulnerability and a linked issue:
|
||||||
|
|
||||||
- The vulnerability page shows related issues, but the issue page doesn't show the vulnerability it's related to.
|
- The vulnerability page shows related issues, but the issue page doesn't show the vulnerability
|
||||||
|
it's related to.
|
||||||
- An issue can only be related to one vulnerability at a time.
|
- An issue can only be related to one vulnerability at a time.
|
||||||
- Issues can be linked across groups and projects.
|
- Issues can be linked across groups and projects.
|
||||||
|
|
||||||
## Link to existing issues
|
## Link a vulnerability to existing issues
|
||||||
|
|
||||||
To link a vulnerability to existing issues:
|
To link a vulnerability to existing issues:
|
||||||
|
|
||||||
1. Go to the vulnerability's page.
|
1. On the top bar, select **Menu > Projects** and find your project.
|
||||||
|
1. On the left sidebar, select **Security & Compliance > Vulnerability report**.
|
||||||
|
1. Select the vulnerability's description.
|
||||||
1. In the **Linked issues** section, select the plus icon (**{plus}**).
|
1. In the **Linked issues** section, select the plus icon (**{plus}**).
|
||||||
1. For each issue to be linked, either:
|
1. For each issue to be linked, either:
|
||||||
- Paste a link to the issue.
|
- Paste a link to the issue.
|
||||||
- Enter the issue's ID (prefixed with a hash `#`).
|
- Enter the issue's ID (prefixed with a hash `#`).
|
||||||
1. Select **Add**.
|
1. Select **Add**.
|
||||||
|
|
||||||
The selected issues are added to the **Linked issues** section, and the linked issues counter is updated.
|
The selected issues are added to the **Linked issues** section, and the linked issues counter is
|
||||||
|
updated.
|
||||||
|
|
||||||
## Resolve a vulnerability
|
## Resolve a vulnerability
|
||||||
|
|
||||||
For some vulnerabilities a solution is already known. In those instances, a vulnerability's page
|
For some vulnerabilities a solution is already known. In those instances, a vulnerability's page
|
||||||
includes a **Resolve with merge request** option.
|
includes a **Resolve with merge request** option.
|
||||||
|
|
||||||
To resolve a vulnerability, you can either:
|
The following scanners are supported by this feature:
|
||||||
|
|
||||||
- [Resolve a vulnerability with a merge request](#resolve-a-vulnerability-with-a-merge-request).
|
|
||||||
- [Resolve a vulnerability manually](#resolve-a-vulnerability-manually).
|
|
||||||
|
|
||||||
The following scanners are supported:
|
|
||||||
|
|
||||||
- [Dependency Scanning](../dependency_scanning/index.md).
|
- [Dependency Scanning](../dependency_scanning/index.md).
|
||||||
Automatic Patch creation is only available for Node.js projects managed with
|
Automatic Patch creation is only available for Node.js projects managed with
|
||||||
`yarn`.
|
`yarn`.
|
||||||
- [Container Scanning](../container_scanning/index.md).
|
- [Container Scanning](../container_scanning/index.md).
|
||||||
|
|
||||||
|
To resolve a vulnerability, you can either:
|
||||||
|
|
||||||
|
- [Resolve a vulnerability with a merge request](#resolve-a-vulnerability-with-a-merge-request).
|
||||||
|
- [Resolve a vulnerability manually](#resolve-a-vulnerability-manually).
|
||||||
|
|
||||||
![Create merge request from vulnerability](img/create_mr_from_vulnerability_v13_4.png)
|
![Create merge request from vulnerability](img/create_mr_from_vulnerability_v13_4.png)
|
||||||
|
|
||||||
### Resolve a vulnerability with a merge request
|
### Resolve a vulnerability with a merge request
|
||||||
|
|
||||||
To resolve the vulnerability with a merge request, go to the vulnerability's page and from the
|
To resolve the vulnerability with a merge request:
|
||||||
**Resolve with merge request** dropdown select **Resolve with merge request**.
|
|
||||||
|
1. On the top bar, select **Menu > Projects** and find your project.
|
||||||
|
1. On the left sidebar, select **Security & Compliance > Vulnerability report**.
|
||||||
|
1. Select the vulnerability's description.
|
||||||
|
1. From the **Resolve with merge request** dropdown list, select **Resolve with merge request**.
|
||||||
|
|
||||||
A merge request is created which applies the patch required to resolve the vulnerability.
|
A merge request is created which applies the patch required to resolve the vulnerability.
|
||||||
Process the merge request according to your standard workflow.
|
Process the merge request according to your standard workflow.
|
||||||
|
@ -155,11 +179,15 @@ Process the merge request according to your standard workflow.
|
||||||
|
|
||||||
To manually apply the patch that GitLab generated for a vulnerability:
|
To manually apply the patch that GitLab generated for a vulnerability:
|
||||||
|
|
||||||
1. Go to the vulnerability's page and from the **Resolve with merge request** dropdown select
|
1. On the top bar, select **Menu > Projects** and find your project.
|
||||||
**Download patch to resolve**.
|
1. On the left sidebar, select **Security & Compliance > Vulnerability report**.
|
||||||
|
1. Select the vulnerability's description.
|
||||||
|
1. From the **Resolve with merge request** dropdown list, select **Download patch to resolve**.
|
||||||
1. Ensure your local project has the same commit checked out that was used to generate the patch.
|
1. Ensure your local project has the same commit checked out that was used to generate the patch.
|
||||||
1. Run `git apply remediation.patch`.
|
1. Run `git apply remediation.patch`.
|
||||||
1. Verify and commit the changes to your branch.
|
1. Verify and commit the changes to your branch.
|
||||||
|
1. Create a merge request to apply the changes to your main branch.
|
||||||
|
1. Process the merge request according to your standard workflow.
|
||||||
|
|
||||||
## Enable security training for vulnerabilities
|
## Enable security training for vulnerabilities
|
||||||
|
|
||||||
|
|
|
@ -23,7 +23,7 @@ The **Activity** column contains icons to indicate the activity, if any, taken o
|
||||||
in that row:
|
in that row:
|
||||||
|
|
||||||
- Issues **{issues}**: Links to issues created for the vulnerability. For more details, read
|
- Issues **{issues}**: Links to issues created for the vulnerability. For more details, read
|
||||||
[Create an issue for a vulnerability](../vulnerabilities/index.md#create-an-issue-for-a-vulnerability).
|
[Create an issue for a vulnerability](../vulnerabilities/index.md#creating-an-issue-for-a-vulnerability).
|
||||||
- Wrench **{admin}**: The vulnerability has been remediated.
|
- Wrench **{admin}**: The vulnerability has been remediated.
|
||||||
- False positive **{false-positive}**: The scanner determined this vulnerability to be a false
|
- False positive **{false-positive}**: The scanner determined this vulnerability to be a false
|
||||||
positive.
|
positive.
|
||||||
|
|
|
@ -70,4 +70,5 @@ Read about how to [migrate to the agent for Kubernetes](../../infrastructure/clu
|
||||||
- [Install the agent](install/index.md)
|
- [Install the agent](install/index.md)
|
||||||
- [Work with the agent](repository.md)
|
- [Work with the agent](repository.md)
|
||||||
- [Troubleshooting](troubleshooting.md)
|
- [Troubleshooting](troubleshooting.md)
|
||||||
|
- [Guided explorations for a production ready GitOps setup](https://gitlab.com/groups/guided-explorations/gl-k8s-agent/gitops/-/wikis/home#gitlab-agent-for-kubernetes-gitops-working-examples)
|
||||||
- [Contribute to the agent's development](https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent/-/tree/master/doc)
|
- [Contribute to the agent's development](https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent/-/tree/master/doc)
|
||||||
|
|
Binary file not shown.
After Width: | Height: | Size: 73 KiB |
|
@ -0,0 +1,137 @@
|
||||||
|
---
|
||||||
|
stage: Configure
|
||||||
|
group: Configure
|
||||||
|
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||||
|
---
|
||||||
|
|
||||||
|
# Create a Civo Kubernetes cluster
|
||||||
|
|
||||||
|
Every new Civo account receives [$250 in credit](https://civo.com/signup) to get started with the GitLab integration with Civo Kubernetes. You can also use a marketplace app to install GitLab on your Civo Kubernetes cluster.
|
||||||
|
|
||||||
|
Learn how to create a new cluster on Civo Kubernetes through
|
||||||
|
[Infrastructure as Code (IaC)](../../index.md). This process uses the Civo
|
||||||
|
and Kubernetes Terraform providers to create Civo Kubernetes clusters. You connect the clusters to GitLab
|
||||||
|
by using the GitLab agent for Kubernetes.
|
||||||
|
|
||||||
|
**Prerequisites:**
|
||||||
|
|
||||||
|
- A [Civo account](https://civo.com/signup).
|
||||||
|
- [A runner](https://docs.gitlab.com/runner/install/) you can use to run the GitLab CI/CD pipeline.
|
||||||
|
|
||||||
|
**Steps:**
|
||||||
|
|
||||||
|
1. [Import the example project](#import-the-example-project).
|
||||||
|
1. [Register the agent for Kubernetes](#register-the-agent).
|
||||||
|
1. [Configure your project](#configure-your-project).
|
||||||
|
1. [Provision your cluster](#provision-your-cluster).
|
||||||
|
|
||||||
|
## Import the example project
|
||||||
|
|
||||||
|
To create a cluster from GitLab using Infrastructure as Code, you must
|
||||||
|
create a project to manage the cluster from. In this tutorial, you start with
|
||||||
|
a sample project and modify it according to your needs.
|
||||||
|
|
||||||
|
Start by [importing the example project by URL](../../../project/import/repo_by_url.md).
|
||||||
|
|
||||||
|
To import the project:
|
||||||
|
|
||||||
|
1. On the top bar, select **Menu > Create new project**.
|
||||||
|
1. Select **Import project**.
|
||||||
|
1. Select **Repo by URL**.
|
||||||
|
1. For the **Git repository URL**, enter `https://gitlab.com/civocloud/gitlab-terraform-civo.git`.
|
||||||
|
1. Complete the fields and select **Create project**.
|
||||||
|
|
||||||
|
This project provides you with:
|
||||||
|
|
||||||
|
- A [cluster on Civo](https://gitlab.com/civocloud/gitlab-terraform-civo/-/blob/master/civo.tf) with defaults for name, region, node count, and Kubernetes version.
|
||||||
|
- The [GitLab agent for Kubernetes](https://gitlab.com/civocloud/gitlab-terraform-civo/-/blob/master/agent.tf) installed in the cluster.
|
||||||
|
|
||||||
|
## Register the agent
|
||||||
|
|
||||||
|
To create a GitLab agent for Kubernetes:
|
||||||
|
|
||||||
|
1. On the left sidebar, select **Infrastructure > Kubernetes clusters**.
|
||||||
|
1. Select **Connect a cluster (agent)**.
|
||||||
|
1. From the **Select an agent** dropdown list, select `civo-agent` and select **Register an agent**.
|
||||||
|
1. GitLab generates a registration token for the agent. Securely store this secret token, as you will need it later.
|
||||||
|
1. GitLab provides an address for the agent server (KAS), which you will also need later.
|
||||||
|
|
||||||
|
## Configure your project
|
||||||
|
|
||||||
|
Use CI/CD environment variables to configure your project.
|
||||||
|
|
||||||
|
**Required configuration:**
|
||||||
|
|
||||||
|
1. On the left sidebar, select **Settings > CI/CD**.
|
||||||
|
1. Expand **Variables**.
|
||||||
|
1. Set the variable `BASE64_CIVO_CREDENTIALS` to the [token](https://www.civo.com/account/security) from your Civo account.
|
||||||
|
1. Set the variable `TF_VAR_agent_token` to the agent token you received in the previous task.
|
||||||
|
1. Set the variable `TF_VAR_kas_address` to the agent server address in the previous task.
|
||||||
|
|
||||||
|
![img/variables_civo.png](img/variables_civo.png)
|
||||||
|
|
||||||
|
**Optional configuration:**
|
||||||
|
|
||||||
|
The file [`variables.tf`](https://gitlab.com/civocloud/gitlab-terraform-civo/-/blob/master/variables.tf)
|
||||||
|
contains other variables that you can override according to your needs:
|
||||||
|
|
||||||
|
- `TF_VAR_civo_region`: Set your cluster's region.
|
||||||
|
- `TF_VAR_cluster_name`: Set your cluster's name.
|
||||||
|
- `TF_VAR_cluster_description`: Set a description for the cluster. To create a reference to your GitLab project on your Civo cluster detail page, set this value to `$CI_PROJECT_URL`. This value helps you determine which project was responsible for provisioning the cluster you see on the Civo dashboard.
|
||||||
|
- `TF_VAR_machine_type`: Set the machine type for the Kubernetes nodes.
|
||||||
|
- `TF_VAR_node_count`: Set the number of Kubernetes nodes.
|
||||||
|
- `TF_VAR_agent_version`: Set the version of the GitLab agent.
|
||||||
|
- `TF_VAR_agent_namespace`: Set the Kubernetes namespace for the GitLab agent.
|
||||||
|
|
||||||
|
Refer to the [Civo Terraform provider](https://registry.terraform.io/providers/civo/civo/latest/docs/resources/kubernetes_cluster) and the [Kubernetes Terraform provider](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs) documentation for further resource options.
|
||||||
|
|
||||||
|
## Provision your cluster
|
||||||
|
|
||||||
|
After configuring your project, manually trigger the provisioning of your cluster. In GitLab:
|
||||||
|
|
||||||
|
1. On the left sidebar, go to **CI/CD > Pipelines**.
|
||||||
|
1. Next to **Play** (**{play}**), select the dropdown icon (**{angle-down}**).
|
||||||
|
1. Select **Deploy** to manually trigger the deployment job.
|
||||||
|
|
||||||
|
When the pipeline finishes successfully, you can see your new cluster:
|
||||||
|
|
||||||
|
- In Civo dashboard: on your [Kubernetes tab](https://www.civo.com/account/kubernetes).
|
||||||
|
- In GitLab: from your project's sidebar, select **Infrastructure > Kubernetes clusters**.
|
||||||
|
|
||||||
|
## Use your cluster
|
||||||
|
|
||||||
|
After you provision the cluster, it is connected to GitLab and is ready for deployments. To check the connection:
|
||||||
|
|
||||||
|
1. On the left sidebar, select **Infrastructure > Kubernetes clusters**.
|
||||||
|
1. In the list, view the **Connection status** column.
|
||||||
|
|
||||||
|
For more information about the capabilities of the connection, see [the GitLab agent for Kubernetes documentation](../index.md).
|
||||||
|
|
||||||
|
## Remove the cluster
|
||||||
|
|
||||||
|
A cleanup job is not included in your pipeline by default. To remove all created resources, you
|
||||||
|
must modify your GitLab CI/CD template before running the cleanup job.
|
||||||
|
|
||||||
|
To remove all resources:
|
||||||
|
|
||||||
|
1. Add the following to your `.gitlab-ci.yml` file:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
stages:
|
||||||
|
- init
|
||||||
|
- validate
|
||||||
|
- build
|
||||||
|
- deploy
|
||||||
|
- cleanup
|
||||||
|
|
||||||
|
destroy:
|
||||||
|
extends: .destroy
|
||||||
|
needs: []
|
||||||
|
```
|
||||||
|
|
||||||
|
1. On the left sidebar, select **CI/CD > Pipelines** and select the most recent pipeline.
|
||||||
|
1. For the `destroy` job, select **Play** (**{play}**).
|
||||||
|
|
||||||
|
## Civo support
|
||||||
|
|
||||||
|
This Civo integration is supported by Civo. Send your support requests to [Civo support](https://www.civo.com/contact).
|
|
@ -250,6 +250,10 @@ For more information about this validation error, read
|
||||||
You can use [scan result policies](../../../application_security/policies/scan-result-policies.md#scan-result-policy-editor) to define security approvals based on the status of vulnerabilities in the merge request and the default branch.
|
You can use [scan result policies](../../../application_security/policies/scan-result-policies.md#scan-result-policy-editor) to define security approvals based on the status of vulnerabilities in the merge request and the default branch.
|
||||||
Details for each security policy is shown in the Security Approvals section of your Merge Request configuration.
|
Details for each security policy is shown in the Security Approvals section of your Merge Request configuration.
|
||||||
|
|
||||||
|
The security approval rules are applied to all merge requests until the pipeline is complete. The application of the
|
||||||
|
security approval rules prevents users from merging in code before the security scans run. Once the pipeline is
|
||||||
|
complete, the security approval rules are checked to determine if the security approvals are still required.
|
||||||
|
|
||||||
![Security Approvals](img/security_approvals_v15_0.png)
|
![Security Approvals](img/security_approvals_v15_0.png)
|
||||||
|
|
||||||
These policies are both created and edited in the [security policy editor](../../../application_security/policies/index.md#policy-editor).
|
These policies are both created and edited in the [security policy editor](../../../application_security/policies/index.md#policy-editor).
|
||||||
|
|
|
@ -68,6 +68,11 @@ A single Cobertura XML file can be no more than 10MiB. For large projects, split
|
||||||
smaller files. See [this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/328772) for more details.
|
smaller files. See [this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/328772) for more details.
|
||||||
When submitting many files, it can take a few minutes for coverage to show on a merge request.
|
When submitting many files, it can take a few minutes for coverage to show on a merge request.
|
||||||
|
|
||||||
|
The visualization only displays after the pipeline is complete. If the pipeline has
|
||||||
|
a [blocking manual job](../../../ci/jobs/job_control.md#types-of-manual-jobs), the
|
||||||
|
pipeline waits for the manual job before continuing and is not considered complete.
|
||||||
|
The visualization cannot be displayed if the blocking manual job did not run.
|
||||||
|
|
||||||
### Artifact expiration
|
### Artifact expiration
|
||||||
|
|
||||||
By default, the [pipeline artifact](../../../ci/pipelines/pipeline_artifacts.md#storage) used
|
By default, the [pipeline artifact](../../../ci/pipelines/pipeline_artifacts.md#storage) used
|
||||||
|
|
|
@ -33822,9 +33822,6 @@ msgstr ""
|
||||||
msgid "SecurityOrchestration|Policy definition"
|
msgid "SecurityOrchestration|Policy definition"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
msgid "SecurityOrchestration|Policy description"
|
|
||||||
msgstr ""
|
|
||||||
|
|
||||||
msgid "SecurityOrchestration|Policy editor"
|
msgid "SecurityOrchestration|Policy editor"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
require 'spec_helper'
|
require 'spec_helper'
|
||||||
|
|
||||||
RSpec.describe 'OmniAuth initializer for GitLab' do
|
RSpec.describe 'OmniAuth initializer for GitLab' do
|
||||||
let(:load_omniauth_initializer) do
|
def load_omniauth_initializer
|
||||||
load Rails.root.join('config/initializers/omniauth.rb')
|
load Rails.root.join('config/initializers/omniauth.rb')
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -15,32 +15,15 @@ RSpec.describe 'OmniAuth initializer for GitLab' do
|
||||||
before do
|
before do
|
||||||
allow(Settings).to receive(:gitlab).and_return({ 'base_url' => base_url })
|
allow(Settings).to receive(:gitlab).and_return({ 'base_url' => base_url })
|
||||||
allow(Gitlab::OmniauthInitializer).to receive(:full_host).and_return('proc')
|
allow(Gitlab::OmniauthInitializer).to receive(:full_host).and_return('proc')
|
||||||
|
|
||||||
|
load_omniauth_initializer
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'with feature flags not available' do
|
# to clear existing mocks and prevent order-dependent failures
|
||||||
before do
|
after(:all) do
|
||||||
expect(Feature).to receive(:feature_flags_available?).and_return(false)
|
load_omniauth_initializer
|
||||||
load_omniauth_initializer
|
|
||||||
end
|
|
||||||
|
|
||||||
it { is_expected.to eq(base_url) }
|
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'with the omniauth_initializer_fullhost_proc FF disabled' do
|
it { is_expected.to eq('proc') }
|
||||||
before do
|
|
||||||
stub_feature_flags(omniauth_initializer_fullhost_proc: false)
|
|
||||||
load_omniauth_initializer
|
|
||||||
end
|
|
||||||
|
|
||||||
it { is_expected.to eq(base_url) }
|
|
||||||
end
|
|
||||||
|
|
||||||
context 'with the omniauth_initializer_fullhost_proc FF disabled' do
|
|
||||||
before do
|
|
||||||
load_omniauth_initializer
|
|
||||||
end
|
|
||||||
|
|
||||||
it { is_expected.to eq('proc') }
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue