Commit b56027c9 authored by GitLab Bot's avatar GitLab Bot

Add latest changes from gitlab-org/gitlab@master

parent 7915c41e
...@@ -3,6 +3,8 @@ ...@@ -3,6 +3,8 @@
class Import::GiteaController < Import::GithubController class Import::GiteaController < Import::GithubController
extend ::Gitlab::Utils::Override extend ::Gitlab::Utils::Override
before_action :verify_blocked_uri, only: :status
def new def new
if session[access_token_key].present? && provider_url.present? if session[access_token_key].present? && provider_url.present?
redirect_to status_import_url redirect_to status_import_url
...@@ -16,14 +18,8 @@ class Import::GiteaController < Import::GithubController ...@@ -16,14 +18,8 @@ class Import::GiteaController < Import::GithubController
# Must be defined or it will 404 # Must be defined or it will 404
def status def status
if blocked_url?
session[access_token_key] = nil
redirect_to new_import_url, alert: _('Specified URL cannot be used.')
else
super super
end end
end
private private
...@@ -61,8 +57,8 @@ class Import::GiteaController < Import::GithubController ...@@ -61,8 +57,8 @@ class Import::GiteaController < Import::GithubController
{ host: provider_url, api_version: 'v1' } { host: provider_url, api_version: 'v1' }
end end
def blocked_url? def verify_blocked_uri
Gitlab::UrlBlocker.blocked_url?( Gitlab::UrlBlocker.validate!(
provider_url, provider_url,
{ {
allow_localhost: allow_local_requests?, allow_localhost: allow_local_requests?,
...@@ -70,6 +66,10 @@ class Import::GiteaController < Import::GithubController ...@@ -70,6 +66,10 @@ class Import::GiteaController < Import::GithubController
schemes: %w(http https) schemes: %w(http https)
} }
) )
rescue Gitlab::UrlBlocker::BlockedUrlError => e
session[access_token_key] = nil
redirect_to new_import_url, alert: _('Specified URL cannot be used: "%{reason}"') % { reason: e.message }
end end
def allow_local_requests? def allow_local_requests?
......
...@@ -22,8 +22,14 @@ module Projects ...@@ -22,8 +22,14 @@ module Projects
end end
def import def import
response = ::JiraImport::StartImportService.new(current_user, @project, jira_import_params[:jira_project_key]).execute jira_project_key = jira_import_params[:jira_project_key]
if jira_project_key.present?
response = ::JiraImport::StartImportService.new(current_user, @project, jira_project_key).execute
flash[:notice] = response.message if response.message.present? flash[:notice] = response.message if response.message.present?
else
flash[:alert] = 'No jira project key has been provided.'
end
redirect_to project_import_jira_path(@project) redirect_to project_import_jira_path(@project)
end end
......
...@@ -262,6 +262,15 @@ class Snippet < ApplicationRecord ...@@ -262,6 +262,15 @@ class Snippet < ApplicationRecord
@repository ||= Repository.new(full_path, self, shard: repository_storage, disk_path: disk_path, repo_type: Gitlab::GlRepository::SNIPPET) @repository ||= Repository.new(full_path, self, shard: repository_storage, disk_path: disk_path, repo_type: Gitlab::GlRepository::SNIPPET)
end end
def repository_size_checker
strong_memoize(:repository_size_checker) do
::Gitlab::RepositorySizeChecker.new(
current_size_proc: -> { repository._uncached_size.megabytes },
limit: Gitlab::CurrentSettings.snippet_size_limit
)
end
end
def storage def storage
@storage ||= Storage::Hashed.new(self, prefix: Storage::Hashed::SNIPPET_REPOSITORY_PATH_PREFIX) @storage ||= Storage::Hashed.new(self, prefix: Storage::Hashed::SNIPPET_REPOSITORY_PATH_PREFIX)
end end
......
---
title: Normalize error message between Gitea and Fogbugz importers
merge_request: 28802
author:
type: other
...@@ -279,7 +279,7 @@ The following documentation relates to the DevOps **Release** stage: ...@@ -279,7 +279,7 @@ The following documentation relates to the DevOps **Release** stage:
| Release Topics | Description | | Release Topics | Description |
|:------------------------------------------------------------------------------------------------------------------------------------|:--------------------------------------------------------------------------------------------------------------------------------------| |:------------------------------------------------------------------------------------------------------------------------------------|:--------------------------------------------------------------------------------------------------------------------------------------|
| [Auto Deploy](topics/autodevops/index.md#auto-deploy) | Configure GitLab for the deployment of your application. | | [Auto Deploy](topics/autodevops/stages.md#auto-deploy) | Configure GitLab for the deployment of your application. |
| [Canary Deployments](user/project/canary_deployments.md) **(PREMIUM)** | Employ a popular CI strategy where a small portion of the fleet is updated to the new version first. | | [Canary Deployments](user/project/canary_deployments.md) **(PREMIUM)** | Employ a popular CI strategy where a small portion of the fleet is updated to the new version first. |
| [Deploy Boards](user/project/deploy_boards.md) **(PREMIUM)** | View the current health and status of each CI environment running on Kubernetes, displaying the status of the pods in the deployment. | | [Deploy Boards](user/project/deploy_boards.md) **(PREMIUM)** | View the current health and status of each CI environment running on Kubernetes, displaying the status of the pods in the deployment. |
| [Environments and deployments](ci/environments.md) | With environments, you can control the continuous deployment of your software within GitLab. | | [Environments and deployments](ci/environments.md) | With environments, you can control the continuous deployment of your software within GitLab. |
......
...@@ -120,7 +120,7 @@ Its feature set is listed on the table below according to DevOps stages. ...@@ -120,7 +120,7 @@ Its feature set is listed on the table below according to DevOps stages.
| [Using Docker images](docker/using_docker_images.md) | Use GitLab and GitLab Runner with Docker to build and test applications. | | [Using Docker images](docker/using_docker_images.md) | Use GitLab and GitLab Runner with Docker to build and test applications. |
|---+---| |---+---|
| **Release** || | **Release** ||
| [Auto Deploy](../topics/autodevops/index.md#auto-deploy) | Deploy your application to a production environment in a Kubernetes cluster. | | [Auto Deploy](../topics/autodevops/stages.md#auto-deploy) | Deploy your application to a production environment in a Kubernetes cluster. |
| [Building Docker images](docker/using_docker_build.md) | Maintain Docker-based projects using GitLab CI/CD. | | [Building Docker images](docker/using_docker_build.md) | Maintain Docker-based projects using GitLab CI/CD. |
| [Canary Deployments](../user/project/canary_deployments.md) **(PREMIUM)** | Ship features to only a portion of your pods and let a percentage of your user base to visit the temporarily deployed feature. | | [Canary Deployments](../user/project/canary_deployments.md) **(PREMIUM)** | Ship features to only a portion of your pods and let a percentage of your user base to visit the temporarily deployed feature. |
| [Deploy Boards](../user/project/deploy_boards.md) **(PREMIUM)** | Check the current health and status of each CI/CD environment running on Kubernetes. | | [Deploy Boards](../user/project/deploy_boards.md) **(PREMIUM)** | Check the current health and status of each CI/CD environment running on Kubernetes. |
......
--- ---
redirect_to: '../../topics/autodevops/index.md#auto-deploy' redirect_to: '../../topics/autodevops/stages.md#auto-deploy'
--- ---
This document was moved to [another location](../../topics/autodevops/index.md#auto-deploy). This document was moved to [another location](../../topics/autodevops/stages.md#auto-deploy).
--- ---
redirect_to: '../../topics/autodevops/index.md#auto-deploy' redirect_to: '../../topics/autodevops/stages.md#auto-deploy'
--- ---
This document was moved to [another location](../../topics/autodevops/index.md#auto-deploy). This document was moved to [another location](../../topics/autodevops/stages.md#auto-deploy).
...@@ -199,7 +199,7 @@ according to each stage (Verify, Package, Release). ...@@ -199,7 +199,7 @@ according to each stage (Verify, Package, Release).
- Deploy your features behind [Feature Flags](../../user/project/operations/feature_flags.md). **(PREMIUM)** - Deploy your features behind [Feature Flags](../../user/project/operations/feature_flags.md). **(PREMIUM)**
- Add release notes to any Git tag with [GitLab Releases](../../user/project/releases/index.md). - Add release notes to any Git tag with [GitLab Releases](../../user/project/releases/index.md).
- View of the current health and status of each CI environment running on Kubernetes with [Deploy Boards](../../user/project/deploy_boards.md). **(PREMIUM)** - View of the current health and status of each CI environment running on Kubernetes with [Deploy Boards](../../user/project/deploy_boards.md). **(PREMIUM)**
- Deploy your application to a production environment in a Kubernetes cluster with [Auto Deploy](../../topics/autodevops/index.md#auto-deploy). - Deploy your application to a production environment in a Kubernetes cluster with [Auto Deploy](../../topics/autodevops/stages.md#auto-deploy).
With GitLab CI/CD you can also: With GitLab CI/CD you can also:
......
...@@ -18,12 +18,12 @@ which then defines jobs. ...@@ -18,12 +18,12 @@ which then defines jobs.
Some jobs use images that are built from external projects: Some jobs use images that are built from external projects:
- [Auto Build](../topics/autodevops/index.md#auto-build) uses - [Auto Build](../topics/autodevops/stages.md#auto-build) uses
[configuration](https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Build.gitlab-ci.yml) [configuration](https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Build.gitlab-ci.yml)
in which the `build` job uses an image that is built using the in which the `build` job uses an image that is built using the
[`auto-build-image`](https://gitlab.com/gitlab-org/cluster-integration/auto-build-image) [`auto-build-image`](https://gitlab.com/gitlab-org/cluster-integration/auto-build-image)
project. project.
- [Auto Deploy](../topics/autodevops/index.md#auto-deploy) uses - [Auto Deploy](../topics/autodevops/stages.md#auto-deploy) uses
[configuration](https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml) [configuration](https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml)
in which the jobs defined in this template use an image that is built using the in which the jobs defined in this template use an image that is built using the
[`auto-deploy-image`](https://gitlab.com/gitlab-org/cluster-integration/auto-deploy-image) [`auto-deploy-image`](https://gitlab.com/gitlab-org/cluster-integration/auto-deploy-image)
......
...@@ -77,7 +77,9 @@ the following preparations into account. ...@@ -77,7 +77,9 @@ the following preparations into account.
- Ensure `db/structure.sql` is updated. - Ensure `db/structure.sql` is updated.
- Make migrations reversible by using the `change` method or include a `down` method when using `up`. - Make migrations reversible by using the `change` method or include a `down` method when using `up`.
- Include either a rollback procedure or describe how to rollback changes. - Include either a rollback procedure or describe how to rollback changes.
- Add the output of the migration(s) to the MR description. - Add the output of both migrating and rolling back for all migrations into the MR description
- Ensure the down method reverts the changes in `db/structure.sql`
- Update the migration output whenever you modify the migrations during the review process
- Add tests for the migration in `spec/migrations` if necessary. See [Testing Rails migrations at GitLab](testing_guide/testing_migrations_guide.md) for more details. - Add tests for the migration in `spec/migrations` if necessary. See [Testing Rails migrations at GitLab](testing_guide/testing_migrations_guide.md) for more details.
- When [high-traffic](https://gitlab.com/gitlab-org/gitlab/-/blob/master/rubocop/migration_helpers.rb#L12) tables are involved in the migration, use the [`with_lock_retries`](migration_style_guide.md#retry-mechanism-when-acquiring-database-locks) helper method. Review the relevant [examples in our documentation](migration_style_guide.md#examples) for use cases and solutions. - When [high-traffic](https://gitlab.com/gitlab-org/gitlab/-/blob/master/rubocop/migration_helpers.rb#L12) tables are involved in the migration, use the [`with_lock_retries`](migration_style_guide.md#retry-mechanism-when-acquiring-database-locks) helper method. Review the relevant [examples in our documentation](migration_style_guide.md#examples) for use cases and solutions.
- Ensure RuboCop checks are not disabled unless there's a valid reason to. - Ensure RuboCop checks are not disabled unless there's a valid reason to.
......
...@@ -21,8 +21,10 @@ with exceptions and details noted below and in the template included on this pag ...@@ -21,8 +21,10 @@ with exceptions and details noted below and in the template included on this pag
- **Title**: Top-level heading with the feature name, or a use case name, which would start with - **Title**: Top-level heading with the feature name, or a use case name, which would start with
a verb, like Configuring, Enabling, etc. a verb, like Configuring, Enabling, etc.
- **Introduction**: A couple sentences about the subject matter and what's to be found on this page. - **Introduction**: A couple sentences about the subject matter and what's to be found
- **Overview** Describe what it is, what it does, and in what context it should be used. on this page. Describe what the feature or topic is, what it does, and in what context it should
be used. There is no need to add a title called "Introduction" or "Overview," because people rarely
search for these terms. Just put this information after the title.
- **Use cases**: describes real use case scenarios for that feature/configuration. - **Use cases**: describes real use case scenarios for that feature/configuration.
- **Requirements**: describes what software, configuration, account, or knowledge is required. - **Requirements**: describes what software, configuration, account, or knowledge is required.
- **Instructions**: One or more sets of detailed instructions to follow. - **Instructions**: One or more sets of detailed instructions to follow.
...@@ -54,12 +56,10 @@ description: "Short document description." # Up to ~200 chars long. They will be ...@@ -54,12 +56,10 @@ description: "Short document description." # Up to ~200 chars long. They will be
> [Introduced](link_to_issue_or_mr) in GitLab (Tier) X.Y (2). > [Introduced](link_to_issue_or_mr) in GitLab (Tier) X.Y (2).
An introduction -- without its own additional header -- goes here. An introduction -- without its own additional header -- goes here.
Offer a very short description of the feature or use case, and what to expect on this page. Offer a description of the feature or use case, and what to expect on this page.
(You can reuse this content, or part of it, for the front matter's `description` at the top of this file). (You can reuse this content, or part of it, for the front matter's `description` at the top of this file).
## Overview The introduction should answer the following questions:
The feature overview should answer the following questions:
- What is this feature or use case? - What is this feature or use case?
- Who is it for? - Who is it for?
......
...@@ -47,10 +47,10 @@ that may lead to security problems and unintended use. This can be achieved by m ...@@ -47,10 +47,10 @@ that may lead to security problems and unintended use. This can be achieved by m
which inform security teams and developers if there is something to consider changing in their apps which inform security teams and developers if there is something to consider changing in their apps
before it is too late to create a preventative fix. The following features are included: before it is too late to create a preventative fix. The following features are included:
- [Auto SAST (Static Application Security Testing)](../autodevops/index.md#auto-sast-ultimate) - [Auto SAST (Static Application Security Testing)](../autodevops/stages.md#auto-sast-ultimate)
- [Auto Dependency Scanning](../autodevops/index.md#auto-dependency-scanning-ultimate) - [Auto Dependency Scanning](../autodevops/stages.md#auto-dependency-scanning-ultimate)
- [Auto Container Scanning](../autodevops/index.md#auto-container-scanning-ultimate) - [Auto Container Scanning](../autodevops/stages.md#auto-container-scanning-ultimate)
- [Auto DAST (Dynamic Application Security Testing)](../autodevops/index.md#auto-dast-ultimate) - [Auto DAST (Dynamic Application Security Testing)](../autodevops/stages.md#auto-dast-ultimate)
### Observability ### Observability
...@@ -58,5 +58,5 @@ Performance is a critical aspect of the user experience, and ensuring your appli ...@@ -58,5 +58,5 @@ Performance is a critical aspect of the user experience, and ensuring your appli
responsibility. The Application Development Platform integrates key performance analytics and feedback responsibility. The Application Development Platform integrates key performance analytics and feedback
into GitLab, automatically. The following features are included: into GitLab, automatically. The following features are included:
- [Auto Monitoring](../autodevops/index.md#auto-monitoring) - [Auto Monitoring](../autodevops/stages.md#auto-monitoring)
- [In-app Kubernetes Logs](../../user/project/clusters/kubernetes_pod_logs.md) - [In-app Kubernetes Logs](../../user/project/clusters/kubernetes_pod_logs.md)
This diff is collapsed.
...@@ -144,33 +144,33 @@ The pipeline is split into 4 stages, each running a couple of jobs. ...@@ -144,33 +144,33 @@ The pipeline is split into 4 stages, each running a couple of jobs.
![Pipeline stages](img/guide_pipeline_stages_v12_3.png) ![Pipeline stages](img/guide_pipeline_stages_v12_3.png)
In the **build** stage, the application is built into a Docker image and then In the **build** stage, the application is built into a Docker image and then
uploaded to your project's [Container Registry](../../user/packages/container_registry/index.md) ([Auto Build](index.md#auto-build)). uploaded to your project's [Container Registry](../../user/packages/container_registry/index.md) ([Auto Build](stages.md#auto-build)).
In the **test** stage, GitLab runs various checks on the application: In the **test** stage, GitLab runs various checks on the application:
- The `test` job runs unit and integration tests by detecting the language and - The `test` job runs unit and integration tests by detecting the language and
framework ([Auto Test](index.md#auto-test)) framework ([Auto Test](stages.md#auto-test))
- The `code_quality` job checks the code quality and is allowed to fail - The `code_quality` job checks the code quality and is allowed to fail
([Auto Code Quality](index.md#auto-code-quality-starter)) **(STARTER)** ([Auto Code Quality](stages.md#auto-code-quality-starter)) **(STARTER)**
- The `container_scanning` job checks the Docker container if it has any - The `container_scanning` job checks the Docker container if it has any
vulnerabilities and is allowed to fail ([Auto Container Scanning](index.md#auto-container-scanning-ultimate)) vulnerabilities and is allowed to fail ([Auto Container Scanning](stages.md#auto-container-scanning-ultimate))
- The `dependency_scanning` job checks if the application has any dependencies - The `dependency_scanning` job checks if the application has any dependencies
susceptible to vulnerabilities and is allowed to fail ([Auto Dependency Scanning](index.md#auto-dependency-scanning-ultimate)) **(ULTIMATE)** susceptible to vulnerabilities and is allowed to fail ([Auto Dependency Scanning](stages.md#auto-dependency-scanning-ultimate)) **(ULTIMATE)**
- The `sast` job runs static analysis on the current code to check for potential - The `sast` job runs static analysis on the current code to check for potential
security issues and is allowed to fail([Auto SAST](index.md#auto-sast-ultimate)) **(ULTIMATE)** security issues and is allowed to fail([Auto SAST](stages.md#auto-sast-ultimate)) **(ULTIMATE)**
- The `license_management` job searches the application's dependencies to determine each of their - The `license_management` job searches the application's dependencies to determine each of their
licenses and is allowed to fail ([Auto License Compliance](index.md#auto-license-compliance-ultimate)) **(ULTIMATE)** licenses and is allowed to fail ([Auto License Compliance](stages.md#auto-license-compliance-ultimate)) **(ULTIMATE)**
NOTE: **Note:** NOTE: **Note:**
As you might have noticed, all jobs except `test` are allowed to fail in the As you might have noticed, all jobs except `test` are allowed to fail in the
test stage. test stage.
The **production** stage is run after the tests and checks finish, and it automatically The **production** stage is run after the tests and checks finish, and it automatically
deploys the application in Kubernetes ([Auto Deploy](index.md#auto-deploy)). deploys the application in Kubernetes ([Auto Deploy](stages.md#auto-deploy)).
Lastly, in the **performance** stage, some performance tests will run Lastly, in the **performance** stage, some performance tests will run
on the deployed application on the deployed application
([Auto Browser Performance Testing](index.md#auto-browser-performance-testing-premium)). **(PREMIUM)** ([Auto Browser Performance Testing](stages.md#auto-browser-performance-testing-premium)). **(PREMIUM)**
--- ---
...@@ -260,7 +260,7 @@ Let's fix that: ...@@ -260,7 +260,7 @@ Let's fix that:
1. Write a commit message and click **Commit**. 1. Write a commit message and click **Commit**.
Now, if you go back to the merge request you should not only see the test passing, but Now, if you go back to the merge request you should not only see the test passing, but
also the application deployed as a [review app](index.md#auto-review-apps). You also the application deployed as a [review app](stages.md#auto-review-apps). You
can visit it by following clicking the **View app** button. You will see can visit it by following clicking the **View app** button. You will see
the changes that we previously made. the changes that we previously made.
......
This diff is collapsed.
...@@ -150,12 +150,12 @@ The pipeline is split into a few stages, each running a couple of jobs. ...@@ -150,12 +150,12 @@ The pipeline is split into a few stages, each running a couple of jobs.
![Pipeline stages](../autodevops/img/guide_pipeline_stages_v12_3.png) ![Pipeline stages](../autodevops/img/guide_pipeline_stages_v12_3.png)
In the **build** stage, the application is built into a Docker image and then In the **build** stage, the application is built into a Docker image and then
uploaded to your project's [Container Registry](../../user/packages/container_registry/index.md) ([Auto Build](../autodevops/index.md#auto-build)). uploaded to your project's [Container Registry](../../user/packages/container_registry/index.md) ([Auto Build](../autodevops/stages.md#auto-build)).
In the **test** stage, GitLab runs various checks on the application. In the **test** stage, GitLab runs various checks on the application.
The **production** stage is run after the tests and checks finish, and it automatically The **production** stage is run after the tests and checks finish, and it automatically
deploys the application in Kubernetes ([Auto Deploy](../autodevops/index.md#auto-deploy)). deploys the application in Kubernetes ([Auto Deploy](../autodevops/stages.md#auto-deploy)).
The **production** stage creates Kubernetes objects The **production** stage creates Kubernetes objects
like a Deployment, Service, and Ingress resource. The like a Deployment, Service, and Ingress resource. The
......
...@@ -15,7 +15,7 @@ two open source tools for Vulnerability Static Analysis for containers. ...@@ -15,7 +15,7 @@ two open source tools for Vulnerability Static Analysis for containers.
You can take advantage of Container Scanning by either [including the CI job](#configuration) in You can take advantage of Container Scanning by either [including the CI job](#configuration) in
your existing `.gitlab-ci.yml` file or by implicitly using your existing `.gitlab-ci.yml` file or by implicitly using
[Auto Container Scanning](../../../topics/autodevops/index.md#auto-container-scanning-ultimate) [Auto Container Scanning](../../../topics/autodevops/stages.md#auto-container-scanning-ultimate)
that is provided by [Auto DevOps](../../../topics/autodevops/index.md). that is provided by [Auto DevOps](../../../topics/autodevops/index.md).
GitLab checks the Container Scanning report, compares the found vulnerabilities GitLab checks the Container Scanning report, compares the found vulnerabilities
......
...@@ -24,7 +24,7 @@ for known vulnerabilities using Dynamic Application Security Testing (DAST). ...@@ -24,7 +24,7 @@ for known vulnerabilities using Dynamic Application Security Testing (DAST).
You can take advantage of DAST by either [including the CI job](#configuration) in You can take advantage of DAST by either [including the CI job](#configuration) in
your existing `.gitlab-ci.yml` file or by implicitly using your existing `.gitlab-ci.yml` file or by implicitly using
[Auto DAST](../../../topics/autodevops/index.md#auto-dast-ultimate) [Auto DAST](../../../topics/autodevops/stages.md#auto-dast-ultimate)
that is provided by [Auto DevOps](../../../topics/autodevops/index.md). that is provided by [Auto DevOps](../../../topics/autodevops/index.md).
GitLab checks the DAST report, compares the found vulnerabilities between the source and target GitLab checks the DAST report, compares the found vulnerabilities between the source and target
......
...@@ -18,7 +18,7 @@ All dependencies are scanned, including the transitive dependencies (also known ...@@ -18,7 +18,7 @@ All dependencies are scanned, including the transitive dependencies (also known
You can take advantage of Dependency Scanning by either [including the CI job](#configuration) You can take advantage of Dependency Scanning by either [including the CI job](#configuration)
in your existing `.gitlab-ci.yml` file or by implicitly using in your existing `.gitlab-ci.yml` file or by implicitly using
[Auto Dependency Scanning](../../../topics/autodevops/index.md#auto-dependency-scanning-ultimate) [Auto Dependency Scanning](../../../topics/autodevops/stages.md#auto-dependency-scanning-ultimate)
that is provided by [Auto DevOps](../../../topics/autodevops/index.md). that is provided by [Auto DevOps](../../../topics/autodevops/index.md).
GitLab checks the Dependency Scanning report, compares the found vulnerabilities GitLab checks the Dependency Scanning report, compares the found vulnerabilities
......
...@@ -19,7 +19,7 @@ vulnerabilities using Static Application Security Testing (SAST). ...@@ -19,7 +19,7 @@ vulnerabilities using Static Application Security Testing (SAST).
You can take advantage of SAST by doing one of the following: You can take advantage of SAST by doing one of the following:
- [Including the CI job](#configuration) in your existing `.gitlab-ci.yml` file. - [Including the CI job](#configuration) in your existing `.gitlab-ci.yml` file.
- Implicitly using [Auto SAST](../../../topics/autodevops/index.md#auto-sast-ultimate) provided by - Implicitly using [Auto SAST](../../../topics/autodevops/stages.md#auto-sast-ultimate) provided by
[Auto DevOps](../../../topics/autodevops/index.md). [Auto DevOps](../../../topics/autodevops/index.md).
GitLab checks the SAST report, compares the found vulnerabilities between the GitLab checks the SAST report, compares the found vulnerabilities between the
...@@ -96,7 +96,7 @@ The [Security Scanner Integration](../../../development/integrations/secure.md) ...@@ -96,7 +96,7 @@ The [Security Scanner Integration](../../../development/integrations/secure.md)
## Configuration ## Configuration
NOTE: **Note:** NOTE: **Note:**
You don't have to configure SAST manually as shown in this section if you're using [Auto SAST](../../../topics/autodevops/index.md#auto-sast-ultimate) You don't have to configure SAST manually as shown in this section if you're using [Auto SAST](../../../topics/autodevops/stages.md#auto-sast-ultimate)
provided by [Auto DevOps](../../../topics/autodevops/index.md). provided by [Auto DevOps](../../../topics/autodevops/index.md).
For GitLab 11.9 and later, to enable SAST you must [include](../../../ci/yaml/README.md#includetemplate) For GitLab 11.9 and later, to enable SAST you must [include](../../../ci/yaml/README.md#includetemplate)
......
...@@ -13,7 +13,7 @@ navigating to your project's **Security & Compliance > Threat Monitoring** page. ...@@ -13,7 +13,7 @@ navigating to your project's **Security & Compliance > Threat Monitoring** page.
GitLab supports statistics for the following security features: GitLab supports statistics for the following security features:
- [Web Application Firewall](../../clusters/applications.md#web-application-firewall-modsecurity) - [Web Application Firewall](../../clusters/applications.md#web-application-firewall-modsecurity)
- [Container Network Policies](../../../topics/autodevops/index.md#network-policy) - [Container Network Policies](../../../topics/autodevops/stages.md#network-policy)
## Web Application Firewall ## Web Application Firewall
......
...@@ -754,7 +754,7 @@ available configuration options. ...@@ -754,7 +754,7 @@ available configuration options.
[Cilium](https://cilium.io/) is a networking plugin for Kubernetes [Cilium](https://cilium.io/) is a networking plugin for Kubernetes
that you can use to implement support for that you can use to implement support for
[NetworkPolicy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) [NetworkPolicy](https://kubernetes.io/docs/concepts/services-networking/network-policies/)
resources. For more information on [Network Policies](../../topics/autodevops/index.md#network-policy), see the documentation. resources. For more information on [Network Policies](../../topics/autodevops/stages.md#network-policy), see the documentation.
Enable Cilium in the `.gitlab/managed-apps/config.yaml` file to install it: Enable Cilium in the `.gitlab/managed-apps/config.yaml` file to install it:
......
...@@ -13,7 +13,7 @@ using License Compliance. ...@@ -13,7 +13,7 @@ using License Compliance.
You can take advantage of License Compliance by either [including the job](#configuration) You can take advantage of License Compliance by either [including the job](#configuration)
in your existing `.gitlab-ci.yml` file or by implicitly using in your existing `.gitlab-ci.yml` file or by implicitly using
[Auto License Compliance](../../../topics/autodevops/index.md#auto-license-compliance-ultimate) [Auto License Compliance](../../../topics/autodevops/stages.md#auto-license-compliance-ultimate)
that is provided by [Auto DevOps](../../../topics/autodevops/index.md). that is provided by [Auto DevOps](../../../topics/autodevops/index.md).
GitLab checks the License Compliance report, compares the licenses between the GitLab checks the License Compliance report, compares the licenses between the
......
...@@ -415,7 +415,9 @@ Alternatively, an admin of your Identity Provider can use the [SCIM API](../../. ...@@ -415,7 +415,9 @@ Alternatively, an admin of your Identity Provider can use the [SCIM API](../../.
### Message: "SAML authentication failed: Email has already been taken" ### Message: "SAML authentication failed: Email has already been taken"
Same as ["SAML authentication failed: User has already been taken"](#message-saml-authentication-failed-user-has-already-been-taken). | Cause | Solution |
|------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------|
| When a user account with the email address already exists in GitLab, but the user does not have the SAML identity tied to their account. | The user will need to [link their account](#user-access-and-management). |
### Message: "SAML authentication failed: Extern uid has already been taken, User has already been taken" ### Message: "SAML authentication failed: Extern uid has already been taken, User has already been taken"
......
...@@ -62,7 +62,7 @@ You can then test the connection by clicking on **Test Connection**. If the conn ...@@ -62,7 +62,7 @@ You can then test the connection by clicking on **Test Connection**. If the conn
#### Configure attribute mapping #### Configure attribute mapping
1. Click on `Synchronize Azure Active Directory Users to AppName`, to configure the attribute mapping. 1. Click on `Synchronize Azure Active Directory Users to AppName` to configure the attribute mapping.
1. Click **Delete** next to the `mail` mapping. 1. Click **Delete** next to the `mail` mapping.
1. Map `userPrincipalName` to `emails[type eq "work"].value` and change its **Matching precedence** to `2`. 1. Map `userPrincipalName` to `emails[type eq "work"].value` and change its **Matching precedence** to `2`.
1. Map `mailNickname` to `userName`. 1. Map `mailNickname` to `userName`.
...@@ -74,33 +74,25 @@ You can then test the connection by clicking on **Test Connection**. If the conn ...@@ -74,33 +74,25 @@ You can then test the connection by clicking on **Test Connection**. If the conn
1. Create a new mapping: 1. Create a new mapping:
1. Click **Add New Mapping**. 1. Click **Add New Mapping**.
1. Set: 1. Set:
- **Source attribute** to the unique identifier determined above. - **Source attribute** to the unique identifier determined above, typically `objectId`.
- **Target attribute** to `id`. - **Target attribute** to `externalId`.
- **Match objects using this attribute** to `Yes`. - **Match objects using this attribute** to `Yes`.
- **Matching precedence** to `1`. - **Matching precedence** to `1`.
1. Create another new mapping:
1. Click **Add New Mapping**.
1. Set:
- **Source attribute** to the unique identifier determined above.
- **Target attribute** to `externalId`.
1. Click the `userPrincipalName` mapping and change **Match objects using this attribute** to `No`.
Save your changes and you should have the following configuration: 1. Click the `userPrincipalName` mapping and change **Match objects using this attribute** to `No`.
![Azure's attribute mapping configuration](img/scim_attribute_mapping.png) 1. Save your changes. For reference, you can view [an example configuration in the troubleshooting reference](../../../administration/troubleshooting/group_saml_scim.md#azure-active-directory).
NOTE: **Note:** If you used a unique identifier **other than** `objectId`, be sure to map it instead to both `id` and `externalId`. NOTE: **Note:** If you used a unique identifier **other than** `objectId`, be sure to map it to `externalId`.
1. Below the mapping list click on **Show advanced options > Edit attribute list for AppName**. 1. Below the mapping list click on **Show advanced options > Edit attribute list for AppName**.
1. Leave the `id` as the primary and only required field. 1. Ensure the `id` is the primary and required field, and `externalId` is also required.
NOTE: **Note:** NOTE: **Note:**
`username` should neither be primary nor required as we don't support `username` should neither be primary nor required as we don't support
that field on GitLab SCIM yet. that field on GitLab SCIM yet.
![Azure's attribute advanced configuration](img/scim_advanced.png)
1. Save all the screens and, in the **Provisioning** step, set 1. Save all the screens and, in the **Provisioning** step, set
the `Provisioning Status` to `On`. the `Provisioning Status` to `On`.
......
...@@ -88,7 +88,7 @@ it all at once, from one single project. ...@@ -88,7 +88,7 @@ it all at once, from one single project.
Use built-in [GitLab CI/CD](../ci/README.md) to test, build, and deploy your applications Use built-in [GitLab CI/CD](../ci/README.md) to test, build, and deploy your applications
directly from GitLab. No third-party integrations needed. directly from GitLab. No third-party integrations needed.
- [GitLab Auto Deploy](../topics/autodevops/index.md#auto-deploy): Deploy your application out-of-the-box with GitLab Auto Deploy. - [GitLab Auto Deploy](../topics/autodevops/stages.md#auto-deploy): Deploy your application out-of-the-box with GitLab Auto Deploy.
- [Review Apps](../ci/review_apps/index.md): Live-preview the changes introduced by a merge request with Review Apps. - [Review Apps](../ci/review_apps/index.md): Live-preview the changes introduced by a merge request with Review Apps.
- [GitLab Pages](project/pages/index.md): Publish your static site directly from - [GitLab Pages](project/pages/index.md): Publish your static site directly from
GitLab with GitLab Pages. You can build, test, and deploy any Static Site Generator with Pages. GitLab with GitLab Pages. You can build, test, and deploy any Static Site Generator with Pages.
......
...@@ -44,7 +44,7 @@ Canary deployments require that you properly configure Deploy Boards: ...@@ -44,7 +44,7 @@ Canary deployments require that you properly configure Deploy Boards:
1. Follow the steps to [enable Deploy Boards](deploy_boards.md#enabling-deploy-boards). 1. Follow the steps to [enable Deploy Boards](deploy_boards.md#enabling-deploy-boards).
1. To track canary deployments you need to label your Kubernetes deployments and 1. To track canary deployments you need to label your Kubernetes deployments and
pods with `track: canary`. To get started quickly, you can use the [Auto Deploy](../../topics/autodevops/index.md#auto-deploy) pods with `track: canary`. To get started quickly, you can use the [Auto Deploy](../../topics/autodevops/stages.md#auto-deploy)
template for canary deployments that GitLab provides. template for canary deployments that GitLab provides.
Depending on the deploy, the label should be either `stable` or `canary`. Depending on the deploy, the label should be either `stable` or `canary`.
......
...@@ -81,7 +81,7 @@ To display the Deploy Boards for a specific [environment](../../ci/environments. ...@@ -81,7 +81,7 @@ To display the Deploy Boards for a specific [environment](../../ci/environments.
`$CI_PROJECT_PATH_SLUG` are the values of the CI variables. This is so we can `$CI_PROJECT_PATH_SLUG` are the values of the CI variables. This is so we can
lookup the proper environment in a cluster/namespace which may have more lookup the proper environment in a cluster/namespace which may have more
than one. These resources should be contained in the namespace defined in than one. These resources should be contained in the namespace defined in
the Kubernetes service setting. You can use an [Autodeploy](../../topics/autodevops/index.md#auto-deploy) `.gitlab-ci.yml` the Kubernetes service setting. You can use an [Autodeploy](../../topics/autodevops/stages.md#auto-deploy) `.gitlab-ci.yml`
template which has predefined stages and commands to use, and automatically template which has predefined stages and commands to use, and automatically
applies the annotations. Each project will need to have a unique namespace in applies the annotations. Each project will need to have a unique namespace in
Kubernetes as well. The image below demonstrates how this is shown inside Kubernetes as well. The image below demonstrates how this is shown inside
...@@ -139,7 +139,7 @@ version of your application. ...@@ -139,7 +139,7 @@ version of your application.
## Further reading ## Further reading
- [GitLab Autodeploy](../../topics/autodevops/index.md#auto-deploy) - [GitLab Autodeploy](../../topics/autodevops/stages.md#auto-deploy)
- [GitLab CI/CD environment variables](../../ci/variables/README.md) - [GitLab CI/CD environment variables](../../ci/variables/README.md)
- [Environments and deployments](../../ci/environments.md) - [Environments and deployments](../../ci/environments.md)
- [Kubernetes deploy example](https://gitlab.com/gitlab-examples/kubernetes-deploy) - [Kubernetes deploy example](https://gitlab.com/gitlab-examples/kubernetes-deploy)
...@@ -63,7 +63,7 @@ When you create a project in GitLab, you'll have access to a large number of ...@@ -63,7 +63,7 @@ When you create a project in GitLab, you'll have access to a large number of
- [GitLab CI/CD](../../ci/README.md): GitLab's built-in [Continuous Integration, Delivery, and Deployment](https://about.gitlab.com/blog/2016/08/05/continuous-integration-delivery-and-deployment-with-gitlab/) tool - [GitLab CI/CD](../../ci/README.md): GitLab's built-in [Continuous Integration, Delivery, and Deployment](https://about.gitlab.com/blog/2016/08/05/continuous-integration-delivery-and-deployment-with-gitlab/) tool
- [Container Registry](../packages/container_registry/index.md): Build and push Docker - [Container Registry](../packages/container_registry/index.md): Build and push Docker
images out-of-the-box images out-of-the-box
- [Auto Deploy](../../topics/autodevops/index.md#auto-deploy): Configure GitLab CI/CD - [Auto Deploy](../../topics/autodevops/stages.md#auto-deploy): Configure GitLab CI/CD
to automatically set up your app's deployment to automatically set up your app's deployment
- [Enable and disable GitLab CI/CD](../../ci/enable_or_disable_ci.md) - [Enable and disable GitLab CI/CD](../../ci/enable_or_disable_ci.md)
- [Pipelines](../../ci/pipelines/index.md): Configure and visualize - [Pipelines](../../ci/pipelines/index.md): Configure and visualize
......
...@@ -76,7 +76,7 @@ The Prometheus server will [automatically detect and monitor](https://prometheus ...@@ -76,7 +76,7 @@ The Prometheus server will [automatically detect and monitor](https://prometheus
- `prometheus.io/port` to define the port of the metrics endpoint. - `prometheus.io/port` to define the port of the metrics endpoint.
- `prometheus.io/path` to define the path of the metrics endpoint. Defaults to `/metrics`. - `prometheus.io/path` to define the path of the metrics endpoint. Defaults to `/metrics`.
CPU and Memory consumption is monitored, but requires [naming conventions](prometheus_library/kubernetes.md#specifying-the-environment) in order to determine the environment. If you are using [Auto DevOps](../../../topics/autodevops/), this is handled automatically. CPU and Memory consumption is monitored, but requires [naming conventions](prometheus_library/kubernetes.md#specifying-the-environment) in order to determine the environment. If you are using [Auto DevOps](../../../topics/autodevops/index.md), this is handled automatically.
The [NGINX Ingress](../clusters/index.md#installing-applications) that is deployed by GitLab to clusters, is automatically annotated for monitoring providing key response metrics: latency, throughput, and error rates. The [NGINX Ingress](../clusters/index.md#installing-applications) that is deployed by GitLab to clusters, is automatically annotated for monitoring providing key response metrics: latency, throughput, and error rates.
......
...@@ -55,4 +55,4 @@ Managing these settings depends on how NGINX Ingress has been deployed. If you h ...@@ -55,4 +55,4 @@ Managing these settings depends on how NGINX Ingress has been deployed. If you h
In order to isolate and only display relevant metrics for a given environment, GitLab needs a method to detect which labels are associated. To do this, GitLab will search for metrics with appropriate labels. In this case, the `ingress` label must `<CI_ENVIRONMENT_SLUG>`. In order to isolate and only display relevant metrics for a given environment, GitLab needs a method to detect which labels are associated. To do this, GitLab will search for metrics with appropriate labels. In this case, the `ingress` label must `<CI_ENVIRONMENT_SLUG>`.
If you have used [Auto Deploy](../../../../topics/autodevops/index.md#auto-deploy) to deploy your app, this format will be used automatically and metrics will be detected with no action on your part. If you have used [Auto Deploy](../../../../topics/autodevops/stages.md#auto-deploy) to deploy your app, this format will be used automatically and metrics will be detected with no action on your part.
...@@ -55,4 +55,4 @@ Managing these settings depends on how NGINX Ingress has been deployed. If you h ...@@ -55,4 +55,4 @@ Managing these settings depends on how NGINX Ingress has been deployed. If you h
In order to isolate and only display relevant metrics for a given environment, GitLab needs a method to detect which labels are associated. To do this, GitLab will search for metrics with appropriate labels. In this case, the `upstream` label must be of the form `<KUBE_NAMESPACE>-<CI_ENVIRONMENT_SLUG>-*`. In order to isolate and only display relevant metrics for a given environment, GitLab needs a method to detect which labels are associated. To do this, GitLab will search for metrics with appropriate labels. In this case, the `upstream` label must be of the form `<KUBE_NAMESPACE>-<CI_ENVIRONMENT_SLUG>-*`.
If you have used [Auto Deploy](../../../../topics/autodevops/index.md#auto-deploy) to deploy your app, this format will be used automatically and metrics will be detected with no action on your part. If you have used [Auto Deploy](../../../../topics/autodevops/stages.md#auto-deploy) to deploy your app, this format will be used automatically and metrics will be detected with no action on your part.
...@@ -19,7 +19,7 @@ Code Quality: ...@@ -19,7 +19,7 @@ Code Quality:
Quality](https://gitlab.com/gitlab-org/ci-cd/codequality) project using [default Code Climate configurations](https://gitlab.com/gitlab-org/ci-cd/codequality/-/tree/master/codeclimate_defaults). Quality](https://gitlab.com/gitlab-org/ci-cd/codequality) project using [default Code Climate configurations](https://gitlab.com/gitlab-org/ci-cd/codequality/-/tree/master/codeclimate_defaults).
- Can make use of a [template](#example-configuration). - Can make use of a [template](#example-configuration).
- Is available with [Auto - Is available with [Auto
DevOps](../../../topics/autodevops/index.md#auto-code-quality-starter). DevOps](../../../topics/autodevops/stages.md#auto-code-quality-starter).
- Can be extended through [Analysis Plugins](https://docs.codeclimate.com/docs/list-of-engines) or a [custom tool](#implementing-a-custom-tool). - Can be extended through [Analysis Plugins](https://docs.codeclimate.com/docs/list-of-engines) or a [custom tool](#implementing-a-custom-tool).
Going a step further, GitLab can show the Code Quality report right Going a step further, GitLab can show the Code Quality report right
......
...@@ -126,7 +126,7 @@ a blank `README.md` file to it, and creates and redirects you to a new branch ...@@ -126,7 +126,7 @@ a blank `README.md` file to it, and creates and redirects you to a new branch
based on the issue title. based on the issue title.
If your [project is already configured with a deployment service](../integrations/overview.md), If your [project is already configured with a deployment service](../integrations/overview.md),
such as Kubernetes, GitLab takes one step further and prompts you to set up such as Kubernetes, GitLab takes one step further and prompts you to set up
[auto deploy](../../../topics/autodevops/index.md#auto-deploy) [auto deploy](../../../topics/autodevops/stages.md#auto-deploy)
by helping you create a `.gitlab-ci.yml` file. by helping you create a `.gitlab-ci.yml` file.
After the branch is created, you can edit files in the repository to fix After the branch is created, you can edit files in the repository to fix
......
...@@ -45,6 +45,8 @@ module Gitlab ...@@ -45,6 +45,8 @@ module Gitlab
attr_reader :actor, :project, :protocol, :authentication_abilities, :namespace_path, :repository_path, :redirected_path, :auth_result_type, :changes, :logger attr_reader :actor, :project, :protocol, :authentication_abilities, :namespace_path, :repository_path, :redirected_path, :auth_result_type, :changes, :logger
alias_method :container, :project
def initialize(actor, project, protocol, authentication_abilities:, namespace_path: nil, repository_path: nil, redirected_path: nil, auth_result_type: nil) def initialize(actor, project, protocol, authentication_abilities:, namespace_path: nil, repository_path: nil, redirected_path: nil, auth_result_type: nil)
@actor = actor @actor = actor
@project = project @project = project
...@@ -429,7 +431,72 @@ module Gitlab ...@@ -429,7 +431,72 @@ module Gitlab
end end
def repository def repository
project.repository container&.repository
end
def check_size_before_push!
if check_size_limit? && size_checker.above_size_limit?
raise ForbiddenError, size_checker.error_message.push_error
end
end
def check_push_size!
return unless check_size_limit?
# If there are worktrees with a HEAD pointing to a non-existent object,
# calls to `git rev-list --all` will fail in git 2.15+. This should also
# clear stale lock files.
repository.clean_stale_repository_files
# Use #check_repository_disk_size to get correct push size whenever a lot of changes
# gets pushed at the same time containing the same blobs. This is only
# doable if GIT_OBJECT_DIRECTORY_RELATIVE env var is set and happens
# when git push comes from CLI (not via UI and API).
#
# Fallback to determining push size using the changes_list so we can still
# determine the push size if env var isn't set (e.g. changes are made
# via UI and API).
if check_quarantine_size?
check_repository_disk_size
else
check_changes_size
end
end
def check_quarantine_size?
git_env = ::Gitlab::Git::HookEnv.all(repository.gl_repository)
git_env['GIT_OBJECT_DIRECTORY_RELATIVE'].present?
end
def check_repository_disk_size
check_size_against_limit(repository.object_directory_size)
end
def check_changes_size
changes_size = 0
changes_list.each do |change|
changes_size += repository.new_blobs(change[:newrev]).sum(&:size) # rubocop: disable CodeReuse/ActiveRecord
check_size_against_limit(changes_size)
end
end
def check_size_against_limit(size)
if size_checker.changes_will_exceed_size_limit?(size)
raise ForbiddenError, size_checker.error_message.new_changes_error
end
end
def check_size_limit?
strong_memoize(:check_size_limit) do
changes_list.any? { |change| !Gitlab::Git.blank_ref?(change[:newrev]) }
end
end
def size_checker
container.repository_size_checker
end end
end end
end end
......
...@@ -14,6 +14,8 @@ module Gitlab ...@@ -14,6 +14,8 @@ module Gitlab
attr_reader :snippet attr_reader :snippet
alias_method :container, :snippet
def initialize(actor, snippet, protocol, **kwargs) def initialize(actor, snippet, protocol, **kwargs)
@snippet = snippet @snippet = snippet
...@@ -53,11 +55,6 @@ module Gitlab ...@@ -53,11 +55,6 @@ module Gitlab
check_change_access! check_change_access!
end end
override :repository
def repository
snippet&.repository
end
def check_snippet_accessibility! def check_snippet_accessibility!
if snippet.blank? if snippet.blank?
raise NotFoundError, ERROR_MESSAGES[:snippet_not_found] raise NotFoundError, ERROR_MESSAGES[:snippet_not_found]
...@@ -89,11 +86,15 @@ module Gitlab ...@@ -89,11 +86,15 @@ module Gitlab
raise ForbiddenError, ERROR_MESSAGES[:update_snippet] raise ForbiddenError, ERROR_MESSAGES[:update_snippet]
end end
check_size_before_push!
changes_list.each do |change| changes_list.each do |change|
# If user does not have access to make at least one change, cancel all # If user does not have access to make at least one change, cancel all
# push by allowing the exception to bubble up # push by allowing the exception to bubble up
check_single_change_access(change) check_single_change_access(change)
end end
check_push_size!
end end
def check_single_change_access(change) def check_single_change_access(change)
......
...@@ -5,12 +5,14 @@ module Gitlab ...@@ -5,12 +5,14 @@ module Gitlab
class RepositorySizeChecker class RepositorySizeChecker
attr_reader :limit attr_reader :limit
# @param current_size_proc [Proc] returns repository size in bytes
def initialize(current_size_proc:, limit:, enabled: true) def initialize(current_size_proc:, limit:, enabled: true)
@current_size_proc = current_size_proc @current_size_proc = current_size_proc
@limit = limit @limit = limit
@enabled = enabled && limit != 0 @enabled = enabled && limit != 0
end end
# @return [Integer] bytes
def current_size def current_size
@current_size ||= @current_size_proc.call @current_size ||= @current_size_proc.call
end end
......
...@@ -19025,9 +19025,6 @@ msgstr "" ...@@ -19025,9 +19025,6 @@ msgstr ""
msgid "Specific Runners" msgid "Specific Runners"
msgstr "" msgstr ""
msgid "Specified URL cannot be used."
msgstr ""
msgid "Specified URL cannot be used: \"%{reason}\"" msgid "Specified URL cannot be used: \"%{reason}\""
msgstr "" msgstr ""
......
...@@ -42,7 +42,7 @@ describe Import::GiteaController do ...@@ -42,7 +42,7 @@ describe Import::GiteaController do
get :status, format: :json get :status, format: :json
expect(controller).to redirect_to(new_import_url) expect(controller).to redirect_to(new_import_url)
expect(flash[:alert]).to eq('Specified URL cannot be used.') expect(flash[:alert]).to eq('Specified URL cannot be used: "Only allowed schemes are http, https"')
end end
end end
end end
......
...@@ -93,6 +93,16 @@ describe Projects::Import::JiraController do ...@@ -93,6 +93,16 @@ describe Projects::Import::JiraController do
end end
context 'post import' do context 'post import' do
context 'when jira project key is empty' do
it 'redirects back to show with an error' do
post :import, params: { namespace_id: project.namespace, project_id: project, jira_project_key: '' }
expect(response).to redirect_to(project_import_jira_path(project))
expect(flash[:alert]).to eq('No jira project key has been provided.')
end
end
context 'when everything is ok' do
it 'creates import state' do it 'creates import state' do
expect(project.import_state).to be_nil expect(project.import_state).to be_nil
...@@ -108,6 +118,7 @@ describe Projects::Import::JiraController do ...@@ -108,6 +118,7 @@ describe Projects::Import::JiraController do
end end
end end
end end
end
context 'when import state is scheduled' do context 'when import state is scheduled' do
let_it_be(:import_state) { create(:import_state, project: project, status: :scheduled) } let_it_be(:import_state) { create(:import_state, project: project, status: :scheduled) }
......
...@@ -11,6 +11,7 @@ describe Gitlab::GitAccessSnippet do ...@@ -11,6 +11,7 @@ describe Gitlab::GitAccessSnippet do
let_it_be(:user) { create(:user) } let_it_be(:user) { create(:user) }
let_it_be(:project) { create(:project, :public) } let_it_be(:project) { create(:project, :public) }
let_it_be(:snippet) { create(:project_snippet, :public, :repository, project: project) } let_it_be(:snippet) { create(:project_snippet, :public, :repository, project: project) }
let(:repository) { snippet.repository }
let(:actor) { user } let(:actor) { user }
let(:protocol) { 'ssh' } let(:protocol) { 'ssh' }
...@@ -211,6 +212,84 @@ describe Gitlab::GitAccessSnippet do ...@@ -211,6 +212,84 @@ describe Gitlab::GitAccessSnippet do
end end
end end
describe 'repository size restrictions' do
let(:snippet) { create(:personal_snippet, :public, :repository) }
let(:actor) { snippet.author }
let(:oldrev) { TestEnv::BRANCH_SHA["snippet/single-file"] }
let(:newrev) { TestEnv::BRANCH_SHA["snippet/edit-file"] }
let(:ref) { "refs/heads/snippet/edit-file" }
let(:changes) { "#{oldrev} #{newrev} #{ref}" }
shared_examples_for 'a push to repository already over the limit' do
it 'errs' do
expect(snippet.repository_size_checker).to receive(:above_size_limit?).and_return(true)
expect do
push_access_check
end.to raise_error(described_class::ForbiddenError, /Your push has been rejected/)
end
end
shared_examples_for 'a push to repository below the limit' do
it 'does not err' do
expect(snippet.repository_size_checker).to receive(:above_size_limit?).and_return(false)
expect(snippet.repository_size_checker)
.to receive(:changes_will_exceed_size_limit?)
.with(change_size)
.and_return(false)
expect { push_access_check }.not_to raise_error
end
end
shared_examples_for 'a push to repository to make it over the limit' do
it 'errs' do
expect(snippet.repository_size_checker).to receive(:above_size_limit?).and_return(false)
expect(snippet.repository_size_checker)
.to receive(:changes_will_exceed_size_limit?)
.with(change_size)
.and_return(true)
expect do
push_access_check
end.to raise_error(described_class::ForbiddenError, /Your push to this repository would cause it to exceed the size limit/)
end
end
context 'when GIT_OBJECT_DIRECTORY_RELATIVE env var is set' do
let(:change_size) { 100 }
before do
allow(Gitlab::Git::HookEnv)
.to receive(:all)
.with(repository.gl_repository)
.and_return({ 'GIT_OBJECT_DIRECTORY_RELATIVE' => 'objects' })
# Stub the object directory size to "simulate" quarantine size
allow(repository).to receive(:object_directory_size).and_return(change_size)
end
it_behaves_like 'a push to repository already over the limit'
it_behaves_like 'a push to repository below the limit'
it_behaves_like 'a push to repository to make it over the limit'
end
context 'when GIT_OBJECT_DIRECTORY_RELATIVE env var is not set' do
let(:change_size) { 200 }
before do
allow(snippet.repository).to receive(:new_blobs).and_return(
[double(:blob, size: change_size)]
)
end
it_behaves_like 'a push to repository already over the limit'
it_behaves_like 'a push to repository below the limit'
it_behaves_like 'a push to repository to make it over the limit'
end
end
private private
def raise_snippet_not_found def raise_snippet_not_found
......
...@@ -696,6 +696,23 @@ describe Snippet do ...@@ -696,6 +696,23 @@ describe Snippet do
end end
end end
describe '#repository_size_checker' do
subject { build(:personal_snippet) }
let(:checker) { subject.repository_size_checker }
let(:current_size) { 60 }
before do
allow(subject.repository).to receive(:_uncached_size).and_return(current_size)
end
it 'sets up size checker', :aggregate_failures do
expect(checker.current_size).to eq(current_size.megabytes)
expect(checker.limit).to eq(Gitlab::CurrentSettings.snippet_size_limit)
expect(checker.enabled?).to be_truthy
end
end
describe '#can_cache_field?' do describe '#can_cache_field?' do
using RSpec::Parameterized::TableSyntax using RSpec::Parameterized::TableSyntax
......
...@@ -60,11 +60,11 @@ module TestEnv ...@@ -60,11 +60,11 @@ module TestEnv
'merge-commit-analyze-before' => '1adbdef', 'merge-commit-analyze-before' => '1adbdef',
'merge-commit-analyze-side-branch' => '8a99451', 'merge-commit-analyze-side-branch' => '8a99451',
'merge-commit-analyze-after' => '646ece5', 'merge-commit-analyze-after' => '646ece5',
'snippet/single-file' => '43e4080', 'snippet/single-file' => '43e4080aaa14fc7d4b77ee1f5c9d067d5a7df10e',
'snippet/multiple-files' => 'b80faa8', 'snippet/multiple-files' => 'b80faa8c5b2b62f6489a0d84755580e927e1189b',
'snippet/rename-and-edit-file' => '220a1e4', 'snippet/rename-and-edit-file' => '220a1e4b4dff37feea0625a7947a4c60fbe78365',
'snippet/edit-file' => 'c2f074f', 'snippet/edit-file' => 'c2f074f4f26929c92795a75775af79a6ed6d8430',
'snippet/no-files' => '671aaa8', 'snippet/no-files' => '671aaa842a4875e5f30082d1ab6feda345fdb94d',
'2-mb-file' => 'bf12d25', '2-mb-file' => 'bf12d25',
'before-create-delete-modify-move' => '845009f', 'before-create-delete-modify-move' => '845009f',
'between-create-delete-modify-move' => '3f5f443', 'between-create-delete-modify-move' => '3f5f443',
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment