Skip to content

G
gitlab-ce
Commit 3fe9588b authored by GitLab Bot's avatar GitLab Bot
Browse files
Options

Add latest changes from gitlab-org/gitlab@master

parent ad8eea38
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 2337 additions and 151 deletions
.gitlab/CODEOWNERS
View file @ 3fe9588b
......@@ -6,8 +6,8 @@
/doc/ @axil @marcia @eread @mikelewis
# Frontend maintainers should see everything in `app/assets/`
app/assets/ @ClemMakesApps @fatihacet @filipa @mikegreiling @timzallmann @kushalpandya @pslaughter @wortschi @ntepluhina
*.scss @annabeldunstone @ClemMakesApps @fatihacet @filipa @mikegreiling @timzallmann @kushalpandya @pslaughter @wortschi @ntepluhina
app/assets/ @ClemMakesApps @fatihacet @filipa @mikegreiling @timzallmann @kushalpandya @pslaughter @wortschi @ntepluhina @iamphill
*.scss @annabeldunstone @ClemMakesApps @fatihacet @filipa @mikegreiling @timzallmann @kushalpandya @pslaughter @wortschi @ntepluhina @iamphill
# Database maintainers should review changes in `db/`
db/ @gitlab-org/maintainers/database
......
.gitlab/ci/review.gitlab-ci.yml
View file @ 3fe9588b
......@@ -122,6 +122,7 @@ schedule:review-build-cng:
- source scripts/utils.sh
- install_api_client_dependencies_with_apk
- source scripts/review_apps/review-apps.sh
- export REVIEW_APP_CONFIG_CHANGED=$(base_config_changed)
script:
- date
- check_kube_domain
......
CHANGELOG-EE.md
View file @ 3fe9588b
Please view this file on the master branch, on stable branches it's out of date.
## 12.4.1
### Security (6 changes)
- Do not display project labels that are not visible for user accessing group labels.
- Do not index system notes for issue update.
- Redact search results based on Ability.allowed?.
- Do not show private cross references in epic notes.
- Filter out packages the user does'nt have permission to see at group level.
- Fixes a Open Redirect issue in `InternalRedirect`.
## 12.4.0
### Security (2 changes)
......
CHANGELOG.md
View file @ 3fe9588b
......@@ -4,11 +4,12 @@ entry.
## 12.4.1
### Security (12 changes)
### Security (14 changes)
- Standardize error response when route is missing.
- Do not display project labels that are not visible for user accessing group labels.
- Show cross-referenced label and milestones in issues' activities only to authorized users.
- Show cross-referenced label and milestones in issues' activities only to authorized users.
- Analyze incoming GraphQL queries and check for recursion.
- Disallow unprivileged users from commenting on private repository commits.
- Don't allow maintainers of a target project to delete the source branch of a merge request from a fork.
......@@ -17,6 +18,7 @@ entry.
- Return 404 on LFS request if project doesn't exist.
- Mask sentry auth token in Error Tracking dashboard.
- Fixes a Open Redirect issue in `InternalRedirect`.
- Remove deploy access level when project/group link is deleted.
- Sanitize all wiki markup formats with GitLab sanitization pipelines.
......
app/assets/javascripts/monitoring/components/charts/anomaly.vue 0 → 100644
View file @ 3fe9588b
<script>
import { flatten, isNumber } from 'underscore';
import { GlLineChart, GlChartSeriesLabel } from '@gitlab/ui/dist/charts';
import { roundOffFloat } from '~/lib/utils/common_utils';
import { hexToRgb } from '~/lib/utils/color_utils';
import { areaOpacityValues, symbolSizes, colorValues } from '../../constants';
import { graphDataValidatorForAnomalyValues } from '../../utils';
import MonitorTimeSeriesChart from './time_series.vue';
/**
* Series indexes
*/
const METRIC = 0;
const UPPER = 1;
const LOWER = 2;
/**
* Boundary area appearance
*/
const AREA_COLOR = colorValues.anomalyAreaColor;
const AREA_OPACITY = areaOpacityValues.default;
const AREA_COLOR_RGBA = `rgba(${hexToRgb(AREA_COLOR).join(',')},${AREA_OPACITY})`;
/**
* The anomaly component highlights when a metric shows
* some anomalous behavior.
*
* It shows both a metric line and a boundary band in a
* time series chart, the boundary band shows the normal
* range of values the metric should take.
*
* This component accepts 3 queries, which contain the
* "metric", "upper" limit and "lower" limit.
*
* The upper and lower series are "stacked areas" visually
* to create the boundary band, and if any "metric" value
* is outside this band, it is highlighted to warn users.
*
* The boundary band stack must be painted above the 0 line
* so the area is shown correctly. If any of the values of
* the data are negative, the chart data is shifted to be
* above 0 line.
*
* The data passed to the time series is will always be
* positive, but reformatted to show the original values of
* data.
*
*/
export default {
components: {
GlLineChart,
GlChartSeriesLabel,
MonitorTimeSeriesChart,
},
inheritAttrs: false,
props: {
graphData: {
type: Object,
required: true,
validator: graphDataValidatorForAnomalyValues,
},
},
computed: {
series() {
return this.graphData.queries.map(query => {
const values = query.result[0] ? query.result[0].values : [];
return {
label: query.label,
data: values.filter(([, value]) => !Number.isNaN(value)),
};
});
},
/**
* If any of the values of the data is negative, the
* chart data is shifted to the lowest value
*
* This offset is the lowest value.
*/
yOffset() {
const values = flatten(this.series.map(ser => ser.data.map(([, y]) => y)));
const min = values.length ? Math.floor(Math.min(...values)) : 0;
return min < 0 ? -min : 0;
},
metricData() {
const originalMetricQuery = this.graphData.queries[0];
const metricQuery = { ...originalMetricQuery };
metricQuery.result[0].values = metricQuery.result[0].values.map(([x, y]) => [
x,
y + this.yOffset,
]);
return {
...this.graphData,
type: 'line-chart',
queries: [metricQuery],
};
},
metricSeriesConfig() {
return {
type: 'line',
symbol: 'circle',
symbolSize: (val, params) => {
if (this.isDatapointAnomaly(params.dataIndex)) {
return symbolSizes.anomaly;
}
// 0 causes echarts to throw an error, use small number instead
// see https://gitlab.com/gitlab-org/gitlab-ui/issues/423
return 0.001;
},
showSymbol: true,
itemStyle: {
color: params => {
if (this.isDatapointAnomaly(params.dataIndex)) {
return colorValues.anomalySymbol;
}
return colorValues.primaryColor;
},
},
};
},
chartOptions() {
const [, upperSeries, lowerSeries] = this.series;
const calcOffsetY = (data, offsetCallback) =>
data.map((value, dataIndex) => {
const [x, y] = value;
return [x, y + offsetCallback(dataIndex)];
});
const yAxisWithOffset = {
name: this.yAxisLabel,
axisLabel: {
formatter: num => roundOffFloat(num - this.yOffset, 3).toString(),
},
};
/**
* Boundary is rendered by 2 series: An invisible
* series (opacity: 0) stacked on a visible one.
*
* Order is important, lower boundary is stacked
* *below* the upper boundary.
*/
const boundarySeries = [];
if (upperSeries.data.length && lowerSeries.data.length) {
// Lower boundary, plus the offset if negative values
boundarySeries.push(
this.makeBoundarySeries({
name: this.formatLegendLabel(lowerSeries),
data: calcOffsetY(lowerSeries.data, () => this.yOffset),
}),
);
// Upper boundary, minus the lower boundary
boundarySeries.push(
this.makeBoundarySeries({
name: this.formatLegendLabel(upperSeries),
data: calcOffsetY(upperSeries.data, i => -this.yValue(LOWER, i)),
areaStyle: {
color: AREA_COLOR,
opacity: AREA_OPACITY,
},
}),
);
}
return { yAxis: yAxisWithOffset, series: boundarySeries };
},
},
methods: {
formatLegendLabel(query) {
return query.label;
},
yValue(seriesIndex, dataIndex) {
const d = this.series[seriesIndex].data[dataIndex];
return d && d[1];
},
yValueFormatted(seriesIndex, dataIndex) {
const y = this.yValue(seriesIndex, dataIndex);
return isNumber(y) ? y.toFixed(3) : '';
},
isDatapointAnomaly(dataIndex) {
const yVal = this.yValue(METRIC, dataIndex);
const yUpper = this.yValue(UPPER, dataIndex);
const yLower = this.yValue(LOWER, dataIndex);
return (isNumber(yUpper) && yVal > yUpper) || (isNumber(yLower) && yVal < yLower);
},
makeBoundarySeries(series) {
const stackKey = 'anomaly-boundary-series-stack';
return {
type: 'line',
stack: stackKey,
lineStyle: {
width: 0,
color: AREA_COLOR_RGBA, // legend color
},
color: AREA_COLOR_RGBA, // tooltip color
symbol: 'none',
...series,
};
},
},
};
</script>
<template>
<monitor-time-series-chart
v-bind="$attrs"
:graph-data="metricData"
:option="chartOptions"
:series-config="metricSeriesConfig"
>
<slot></slot>
<template v-slot:tooltipContent="slotProps">
<div
v-for="(content, seriesIndex) in slotProps.tooltip.content"
:key="seriesIndex"
class="d-flex justify-content-between"
>
<gl-chart-series-label :color="content.color">
{{ content.name }}
</gl-chart-series-label>
<div class="prepend-left-32">
{{ yValueFormatted(seriesIndex, content.dataIndex) }}
</div>
</div>
</template>
</monitor-time-series-chart>
</template>
app/assets/javascripts/monitoring/components/charts/time_series.vue
View file @ 3fe9588b
<script>
import { s__, __ } from '~/locale';
import _ from 'underscore';
import { GlLink, GlButton, GlTooltip, GlResizeObserverDirective } from '@gitlab/ui';
import { GlAreaChart, GlLineChart, GlChartSeriesLabel } from '@gitlab/ui/dist/charts';
import dateFormat from 'dateformat';
import { roundOffFloat } from '~/lib/utils/common_utils';
import { getSvgIconPathContent } from '~/lib/utils/icon_utils';
import Icon from '~/vue_shared/components/icon.vue';
import { chartHeight, graphTypes, lineTypes, symbolSizes, dateFormats } from '../../constants';
import {
chartHeight,
graphTypes,
lineTypes,
lineWidths,
symbolSizes,
dateFormats,
} from '../../constants';
import { makeDataSeries } from '~/helpers/monitor_helper';
import { graphDataValidatorForValues } from '../../utils';
......@@ -30,6 +38,16 @@ export default {
required: true,
validator: graphDataValidatorForValues.bind(null, false),
},
option: {
type: Object,
required: false,
default: () => ({}),
},
seriesConfig: {
type: Object,
required: false,
default: () => ({}),
},
deploymentData: {
type: Array,
required: false,
......@@ -96,29 +114,35 @@ export default {
const lineWidth =
appearance && appearance.line && appearance.line.width
? appearance.line.width
: undefined;
: lineWidths.default;
const areaStyle = {
opacity:
appearance && appearance.area && typeof appearance.area.opacity === 'number'
? appearance.area.opacity
: undefined,
};
const series = makeDataSeries(query.result, {
name: this.formatLegendLabel(query),
lineStyle: {
type: lineType,
width: lineWidth,
color: this.primaryColor,
},
showSymbol: false,
areaStyle: this.graphData.type === 'area-chart' ? areaStyle : undefined,
...this.seriesConfig,
});
return acc.concat(series);
}, []);
},
chartOptionSeries() {
return (this.option.series || []).concat(this.scatterSeries ? [this.scatterSeries] : []);
},
chartOptions() {
const option = _.omit(this.option, 'series');
return {
series: this.chartOptionSeries,
xAxis: {
name: __('Time'),
type: 'time',
......@@ -135,8 +159,8 @@ export default {
formatter: num => roundOffFloat(num, 3).toString(),
},
},
series: this.scatterSeries,
dataZoom: [this.dataZoomConfig],
...option,
};
},
dataZoomConfig() {
......@@ -144,6 +168,14 @@ export default {
return handleIcon ? { handleIcon } : {};
},
/**
* This method returns the earliest time value in all series of a chart.
* Takes a chart data with data to populate a timeseries.
* data should be an array of data points [t, y] where t is a ISO formatted date,
* and is sorted by t (time).
* @returns {(String|null)} earliest x value from all series, or null when the
* chart series data is empty.
*/
earliestDatapoint() {
return this.chartData.reduce((acc, series) => {
const { data } = series;
......@@ -230,10 +262,11 @@ export default {
this.tooltip.sha = deploy.sha.substring(0, 8);
this.tooltip.commitUrl = deploy.commitUrl;
} else {
const { seriesName, color } = dataPoint;
const { seriesName, color, dataIndex } = dataPoint;
const value = yVal.toFixed(3);
this.tooltip.content.push({
name: seriesName,
dataIndex,
value,
color,
});
......@@ -306,23 +339,27 @@ export default {
</template>
<template v-else>
<template slot="tooltipTitle">
<div class="text-nowrap">
{{ tooltip.title }}
</div>
<slot name="tooltipTitle">
<div class="text-nowrap">
{{ tooltip.title }}
</div>
</slot>
</template>
<template slot="tooltipContent">
<div
v-for="(content, key) in tooltip.content"
:key="key"
class="d-flex justify-content-between"
>
<gl-chart-series-label :color="isMultiSeries ? content.color : ''">
{{ content.name }}
</gl-chart-series-label>
<div class="prepend-left-32">
{{ content.value }}
<slot name="tooltipContent" :tooltip="tooltip">
<div
v-for="(content, key) in tooltip.content"
:key="key"
class="d-flex justify-content-between"
>
<gl-chart-series-label :color="isMultiSeries ? content.color : ''">
{{ content.name }}
</gl-chart-series-label>
<div class="prepend-left-32">
{{ content.value }}
</div>
</div>
</div>
</slot>
</template>
</template>
</component>
......
app/assets/javascripts/monitoring/components/panel_type.vue
View file @ 3fe9588b
......@@ -11,6 +11,7 @@ import {
} from '@gitlab/ui';
import Icon from '~/vue_shared/components/icon.vue';
import MonitorTimeSeriesChart from './charts/time_series.vue';
import MonitorAnomalyChart from './charts/anomaly.vue';
import MonitorSingleStatChart from './charts/single_stat.vue';
import MonitorEmptyChart from './charts/empty_chart.vue';
import TrackEventDirective from '~/vue_shared/directives/track_event';
......@@ -19,7 +20,6 @@ import { downloadCSVOptions, generateLinkToChartOptions } from '../utils';
export default {
components: {
MonitorSingleStatChart,
MonitorTimeSeriesChart,
MonitorEmptyChart,
Icon,
GlDropdown,
......@@ -67,6 +67,12 @@ export default {
const data = new Blob([this.csvText], { type: 'text/plain' });
return window.URL.createObjectURL(data);
},
monitorChartComponent() {
if (this.isPanelType('anomaly-chart')) {
return MonitorAnomalyChart;
}
return MonitorTimeSeriesChart;
},
},
methods: {
getGraphAlerts(queries) {
......@@ -93,13 +99,14 @@ export default {
v-if="isPanelType('single-stat') && graphDataHasMetrics"
:graph-data="graphData"
/>
<monitor-time-series-chart
<component
:is="monitorChartComponent"
v-else-if="graphDataHasMetrics"
:graph-data="graphData"
:deployment-data="deploymentData"
:project-path="projectPath"
:thresholds="getGraphAlertValues(graphData.queries)"
group-id="monitor-area-chart"
group-id="panel-type-chart"
>
<div class="d-flex align-items-center">
<alert-widget
......@@ -141,6 +148,6 @@ export default {
</gl-dropdown-item>
</gl-dropdown>
</div>
</monitor-time-series-chart>
</component>
<monitor-empty-chart v-else :graph-title="graphData.title" />
</template>
app/assets/javascripts/monitoring/constants.js
View file @ 3fe9588b
......@@ -14,13 +14,28 @@ export const graphTypes = {
};
export const symbolSizes = {
anomaly: 8,
default: 14,
};
export const areaOpacityValues = {
default: 0.2,
};
export const colorValues = {
primaryColor: '#1f78d1', // $blue-500 (see variables.scss)
anomalySymbol: '#db3b21',
anomalyAreaColor: '#1f78d1',
};
export const lineTypes = {
default: 'solid',
};
export const lineWidths = {
default: 2,
};
export const timeWindows = {
thirtyMinutes: __('30 minutes'),
threeHours: __('3 hours'),
......
app/assets/javascripts/monitoring/utils.js
View file @ 3fe9588b
......@@ -131,4 +131,20 @@ export const downloadCSVOptions = title => {
return { category, action, label: 'Chart title', property: title };
};
/**
* This function validates the graph data contains exactly 3 queries plus
* value validations from graphDataValidatorForValues.
* @param {Object} isValues
* @param {Object} graphData the graph data response from a prometheus request
* @returns {boolean} true if the data is valid
*/
export const graphDataValidatorForAnomalyValues = graphData => {
const anomalySeriesCount = 3; // metric, upper, lower
return (
graphData.queries &&
graphData.queries.length === anomalySeriesCount &&
graphDataValidatorForValues(false, graphData)
);
};
export default {};
app/assets/javascripts/pages/projects/shared/permissions/components/settings_panel.vue
View file @ 3fe9588b
<script>
/* eslint-disable @gitlab/vue-i18n/no-bare-strings */
import settingsMixin from 'ee_else_ce/pages/projects/shared/permissions/mixins/settings_pannel_mixin';
import { __ } from '~/locale';
import { s__ } from '~/locale';
import projectFeatureSetting from './project_feature_setting.vue';
import projectFeatureToggle from '~/vue_shared/components/toggle_button.vue';
import projectSettingRow from './project_setting_row.vue';
......@@ -13,7 +12,7 @@ import {
} from '../constants';
import { toggleHiddenClassBySelector } from '../external';
const PAGE_FEATURE_ACCESS_LEVEL = __('Everyone');
const PAGE_FEATURE_ACCESS_LEVEL = s__('ProjectSettings|Everyone');
export default {
components: {
......@@ -207,7 +206,10 @@ export default {
<template>
<div>
<div class="project-visibility-setting">
<project-setting-row :help-path="visibilityHelpPath" label="Project visibility">
<project-setting-row
:help-path="visibilityHelpPath"
:label="s__('ProjectSettings|Project visibility')"
>
<div class="project-feature-controls">
<div class="select-wrapper">
<select
......@@ -220,17 +222,17 @@ export default {
<option
:value="visibilityOptions.PRIVATE"
:disabled="!visibilityAllowed(visibilityOptions.PRIVATE)"
>{{ __('Private') }}</option
>{{ s__('ProjectSettings|Private') }}</option
>
<option
:value="visibilityOptions.INTERNAL"
:disabled="!visibilityAllowed(visibilityOptions.INTERNAL)"
>{{ __('Internal') }}</option
>{{ s__('ProjectSettings|Internal') }}</option
>
<option
:value="visibilityOptions.PUBLIC"
:disabled="!visibilityAllowed(visibilityOptions.PUBLIC)"
>{{ __('Public') }}</option
>{{ s__('ProjectSettings|Public') }}</option
>
</select>
<i aria-hidden="true" data-hidden="true" class="fa fa-chevron-down"></i>
......@@ -243,14 +245,15 @@ export default {
type="hidden"
name="project[request_access_enabled]"
/>
<input v-model="requestAccessEnabled" type="checkbox" /> Allow users to request access
<input v-model="requestAccessEnabled" type="checkbox" />
{{ s__('ProjectSettings|Allow users to request access') }}
</label>
</project-setting-row>
</div>
<div :class="{ 'highlight-changes': highlightChangesClass }" class="project-feature-settings">
<project-setting-row
label="Issues"
help-text="Lightweight issue tracking system for this project"
:label="s__('ProjectSettings|Issues')"
:help-text="s__('ProjectSettings|Lightweight issue tracking system for this project')"
>
<project-feature-setting
v-model="issuesAccessLevel"
......@@ -258,7 +261,10 @@ export default {
name="project[project_feature_attributes][issues_access_level]"
/>
</project-setting-row>
<project-setting-row label="Repository" help-text="View and edit files in this project">
<project-setting-row
:label="s__('ProjectSettings|Repository')"
:help-text="s__('ProjectSettings|View and edit files in this project')"
>
<project-feature-setting
v-model="repositoryAccessLevel"
:options="featureAccessLevelOptions"
......@@ -267,8 +273,8 @@ export default {
</project-setting-row>
<div class="project-feature-setting-group">
<project-setting-row
label="Merge requests"
help-text="Submit changes to be merged upstream"
:label="s__('ProjectSettings|Merge requests')"
:help-text="s__('ProjectSettings|Submit changes to be merged upstream')"
>
<project-feature-setting
v-model="mergeRequestsAccessLevel"
......@@ -277,7 +283,10 @@ export default {
name="project[project_feature_attributes][merge_requests_access_level]"
/>
</project-setting-row>
<project-setting-row label="Pipelines" help-text="Build, test, and deploy your changes">
<project-setting-row
:label="s__('ProjectSettings|Pipelines')"
:help-text="s__('ProjectSettings|Build, test, and deploy your changes')"
>
<project-feature-setting
v-model="buildsAccessLevel"
:options="repoFeatureAccessLevelOptions"
......@@ -288,11 +297,17 @@ export default {
<project-setting-row
v-if="registryAvailable"
:help-path="registryHelpPath"
label="Container registry"
help-text="Every project can have its own space to store its Docker images"
:label="s__('ProjectSettings|Container registry')"
:help-text="
s__('ProjectSettings|Every project can have its own space to store its Docker images')
"
>
<div v-if="showContainerRegistryPublicNote" class="text-muted">
{{ __('Note: the container registry is always visible when a project is public') }}
{{
s__(
'ProjectSettings|Note: the container registry is always visible when a project is public',
)
}}
</div>
<project-feature-toggle
v-model="containerRegistryEnabled"
......@@ -303,8 +318,10 @@ export default {
<project-setting-row
v-if="lfsAvailable"
:help-path="lfsHelpPath"
label="Git Large File Storage"
help-text="Manages large files such as audio, video, and graphics files"
:label="s__('ProjectSettings|Git Large File Storage')"
:help-text="
s__('ProjectSettings|Manages large files such as audio, video, and graphics files')
"
>
<project-feature-toggle
v-model="lfsEnabled"
......@@ -315,8 +332,10 @@ export default {
<project-setting-row
v-if="packagesAvailable"
:help-path="packagesHelpPath"
label="Packages"
help-text="Every project can have its own space to store its packages"
:label="s__('ProjectSettings|Packages')"
:help-text="
s__('ProjectSettings|Every project can have its own space to store its packages')
"
>
<project-feature-toggle
v-model="packagesEnabled"
......@@ -325,7 +344,10 @@ export default {
/>
</project-setting-row>
</div>
<project-setting-row label="Wiki" help-text="Pages for project documentation">
<project-setting-row
:label="s__('ProjectSettings|Wiki')"
:help-text="s__('ProjectSettings|Pages for project documentation')"
>
<project-feature-setting
v-model="wikiAccessLevel"
:options="featureAccessLevelOptions"
......@@ -333,8 +355,8 @@ export default {
/>
</project-setting-row>
<project-setting-row
label="Snippets"
help-text="Share code pastes with others out of Git repository"
:label="s__('ProjectSettings|Snippets')"
:help-text="s__('ProjectSettings|Share code pastes with others out of Git repository')"
>
<project-feature-setting
v-model="snippetsAccessLevel"
......@@ -346,7 +368,9 @@ export default {
v-if="pagesAvailable && pagesAccessControlEnabled"
:help-path="pagesHelpPath"
:label="s__('ProjectSettings|Pages')"
:help-text="__('With GitLab Pages you can host your static websites on GitLab')"
:help-text="
s__('ProjectSettings|With GitLab Pages you can host your static websites on GitLab')
"
>
<project-feature-setting
v-model="pagesAccessLevel"
......@@ -358,10 +382,13 @@ export default {
<project-setting-row v-if="canDisableEmails" class="mb-3">
<label class="js-emails-disabled">
<input :value="emailsDisabled" type="hidden" name="project[emails_disabled]" />
<input v-model="emailsDisabled" type="checkbox" /> {{ __('Disable email notifications') }}
<input v-model="emailsDisabled" type="checkbox" />
{{ s__('ProjectSettings|Disable email notifications') }}
</label>
<span class="form-text text-muted">{{
__('This setting will override user notification preferences for all project members.')
s__(
'ProjectSettings|This setting will override user notification preferences for all project members.',
)
}}</span>
</project-setting-row>
</div>
......
app/assets/javascripts/repository/components/table/row.vue
View file @ 3fe9588b
......@@ -97,11 +97,13 @@ export default {
},
},
methods: {
openRow() {
if (this.isFolder) {
openRow(e) {
if (e.target.tagName === 'A') return;
if (this.isFolder && !e.metaKey) {
this.$router.push(this.routerLinkTo);
} else {
visitUrl(this.url);
visitUrl(this.url, e.metaKey);
}
},
},
......
app/controllers/groups/group_links_controller.rb 0 → 100644
View file @ 3fe9588b
# frozen_string_literal: true
class Groups::GroupLinksController < Groups::ApplicationController
before_action :check_feature_flag!
before_action :authorize_admin_group!
def create
shared_with_group = Group.find(params[:shared_with_group_id]) if params[:shared_with_group_id].present?
if shared_with_group
result = Groups::GroupLinks::CreateService
.new(shared_with_group, current_user, group_link_create_params)
.execute(group)
return render_404 if result[:http_status] == 404
flash[:alert] = result[:message] if result[:status] == :error
else
flash[:alert] = _('Please select a group.')
end
redirect_to group_group_members_path(group)
end
private
def group_link_create_params
params.permit(:shared_group_access, :expires_at)
end
def check_feature_flag!
render_404 unless Feature.enabled?(:share_group_with_group)
end
end
app/models/concerns/worker_attributes.rb
View file @ 3fe9588b
......@@ -3,6 +3,10 @@
module WorkerAttributes
extend ActiveSupport::Concern
# Resource boundaries that workers can declare through the
# `worker_resource_boundary` attribute
VALID_RESOURCE_BOUNDARIES = [:memory, :cpu, :unknown].freeze
class_methods do
def feature_category(value)
raise "Invalid category. Use `feature_category_not_owned!` to mark a worker as not owned" if value == :not_owned
......@@ -24,6 +28,48 @@ module WorkerAttributes
get_worker_attribute(:feature_category) == :not_owned
end
# This should be set for jobs that need to be run immediately, or, if
# they are delayed, risk creating inconsistencies in the application
# that could being perceived by the user as incorrect behavior
# (ie, a bug)
# See doc/development/sidekiq_style_guide.md#Latency-Sensitive-Jobs
# for details
def latency_sensitive_worker!
worker_attributes[:latency_sensitive] = true
end
# Returns a truthy value if the worker is latency sensitive.
# See doc/development/sidekiq_style_guide.md#Latency-Sensitive-Jobs
# for details
def latency_sensitive_worker?
worker_attributes[:latency_sensitive]
end
# Set this attribute on a job when it will call to services outside of the
# application, such as 3rd party applications, other k8s clusters etc See
# doc/development/sidekiq_style_guide.md#Jobs-with-External-Dependencies for
# details
def worker_has_external_dependencies!
worker_attributes[:external_dependencies] = true
end
# Returns a truthy value if the worker has external dependencies.
# See doc/development/sidekiq_style_guide.md#Jobs-with-External-Dependencies
# for details
def worker_has_external_dependencies?
worker_attributes[:external_dependencies]
end
def worker_resource_boundary(boundary)
raise "Invalid boundary" unless VALID_RESOURCE_BOUNDARIES.include? boundary
worker_attributes[:resource_boundary] = boundary
end
def get_worker_resource_boundary
worker_attributes[:resource_boundary] || :unknown
end
protected
# Returns a worker attribute declared on this class or its parent class.
......
app/models/group.rb
View file @ 3fe9588b
......@@ -30,6 +30,10 @@ class Group < Namespace
has_many :members_and_requesters, as: :source, class_name: 'GroupMember'
has_many :milestones
has_many :shared_group_links, foreign_key: :shared_with_group_id, class_name: 'GroupGroupLink'
has_many :shared_with_group_links, foreign_key: :shared_group_id, class_name: 'GroupGroupLink'
has_many :shared_groups, through: :shared_group_links, source: :shared_group
has_many :shared_with_groups, through: :shared_with_group_links, source: :shared_with_group
has_many :project_group_links, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
has_many :shared_projects, through: :project_group_links, source: :project
......@@ -376,11 +380,12 @@ class Group < Namespace
return GroupMember::OWNER if user.admin?
members_with_parents
.where(user_id: user)
.reorder(access_level: :desc)
.first&.
access_level || GroupMember::NO_ACCESS
max_member_access = members_with_parents.where(user_id: user)
.reorder(access_level: :desc)
.first
&.access_level
max_member_access || max_member_access_for_user_from_shared_groups(user) || GroupMember::NO_ACCESS
end
def mattermost_team_params
......@@ -474,6 +479,26 @@ class Group < Namespace
errors.add(:visibility_level, "#{visibility} is not allowed since there are sub-groups with higher visibility.")
end
def max_member_access_for_user_from_shared_groups(user)
return unless Feature.enabled?(:share_group_with_group)
group_group_link_table = GroupGroupLink.arel_table
group_member_table = GroupMember.arel_table
group_group_links_query = GroupGroupLink.where(shared_group_id: self_and_ancestors_ids)
cte = Gitlab::SQL::CTE.new(:group_group_links_cte, group_group_links_query)
link = GroupGroupLink
.with(cte.to_arel)
.from([group_member_table, cte.alias_to(group_group_link_table)])
.where(group_member_table[:user_id].eq(user.id))
.where(group_member_table[:source_id].eq(group_group_link_table[:shared_with_group_id]))
.reorder(Arel::Nodes::Descending.new(group_group_link_table[:group_access]))
.first
link&.group_access
end
def self.groups_including_descendants_by(group_ids)
Gitlab::ObjectHierarchy
.new(Group.where(id: group_ids))
......
app/models/group_group_link.rb 0 → 100644
View file @ 3fe9588b
# frozen_string_literal: true
class GroupGroupLink < ApplicationRecord
include Expirable
belongs_to :shared_group, class_name: 'Group', foreign_key: :shared_group_id
belongs_to :shared_with_group, class_name: 'Group', foreign_key: :shared_with_group_id
validates :shared_group, presence: true
validates :shared_group_id, uniqueness: { scope: [:shared_with_group_id],
message: _('The group has already been shared with this group') }
validates :shared_with_group, presence: true
validates :group_access, inclusion: { in: Gitlab::Access.values },
presence: true
def self.access_options
Gitlab::Access.options
end
def self.default_access
Gitlab::Access::DEVELOPER
end
end
app/services/groups/group_links/create_service.rb 0 → 100644
View file @ 3fe9588b
# frozen_string_literal: true
module Groups
module GroupLinks
class CreateService < BaseService
def execute(shared_group)
unless group && shared_group &&
can?(current_user, :admin_group, shared_group) &&
can?(current_user, :read_group, group)
return error('Not Found', 404)
end
link = GroupGroupLink.new(
shared_group: shared_group,
shared_with_group: group,
group_access: params[:shared_group_access],
expires_at: params[:expires_at]
)
if link.save
group.refresh_members_authorized_projects
success(link: link)
else
error(link.errors.full_messages.to_sentence, 409)
end
end
end
end
end
app/views/ci/variables/_header.html.haml
View file @ 3fe9588b
......@@ -7,5 +7,5 @@
%button.btn.btn-default.js-settings-toggle{ type: 'button' }
= expanded ? _('Collapse') : _('Expand')
%p.append-bottom-0
%p
= render "ci/variables/content"
app/workers/authorized_projects_worker.rb
View file @ 3fe9588b
......@@ -5,6 +5,7 @@ class AuthorizedProjectsWorker
prepend WaitableWorker
feature_category :authentication_and_authorization
latency_sensitive_worker!
# This is a workaround for a Ruby 2.3.7 bug. rspec-mocks cannot restore the
# visibility of prepended modules. See https://github.com/rspec/rspec-mocks/issues/1231
......
app/workers/build_finished_worker.rb
View file @ 3fe9588b
......@@ -5,6 +5,8 @@ class BuildFinishedWorker
include PipelineQueue
queue_namespace :pipeline_processing
latency_sensitive_worker!
worker_resource_boundary :cpu
# rubocop: disable CodeReuse/ActiveRecord
def perform(build_id)
......
app/workers/build_hooks_worker.rb
View file @ 3fe9588b
......@@ -6,6 +6,7 @@ class BuildHooksWorker
queue_namespace :pipeline_hooks
feature_category :continuous_integration
latency_sensitive_worker!
# rubocop: disable CodeReuse/ActiveRecord
def perform(build_id)
......
app/workers/build_queue_worker.rb
View file @ 3fe9588b
......@@ -6,6 +6,8 @@ class BuildQueueWorker
queue_namespace :pipeline_processing
feature_category :continuous_integration
latency_sensitive_worker!
worker_resource_boundary :cpu
# rubocop: disable CodeReuse/ActiveRecord
def perform(build_id)
......
app/workers/build_success_worker.rb
View file @ 3fe9588b
......@@ -5,6 +5,7 @@ class BuildSuccessWorker
include PipelineQueue
queue_namespace :pipeline_processing
latency_sensitive_worker!
# rubocop: disable CodeReuse/ActiveRecord
def perform(build_id)
......
app/workers/chat_notification_worker.rb
View file @ 3fe9588b
......@@ -4,6 +4,11 @@ class ChatNotificationWorker
include ApplicationWorker
feature_category :chatops
latency_sensitive_worker!
# TODO: break this into multiple jobs
# as the `responder` uses external dependencies
# See https://gitlab.com/gitlab-com/gl-infra/scalability/issues/34
# worker_has_external_dependencies!
RESCHEDULE_INTERVAL = 2.seconds
......
app/workers/ci/build_schedule_worker.rb
View file @ 3fe9588b
......@@ -7,6 +7,7 @@ module Ci
queue_namespace :pipeline_processing
feature_category :continuous_integration
worker_resource_boundary :cpu
def perform(build_id)
::Ci::Build.find_by_id(build_id).try do |build|
......
app/workers/cluster_install_app_worker.rb
View file @ 3fe9588b
......@@ -5,6 +5,8 @@ class ClusterInstallAppWorker
include ClusterQueue
include ClusterApplications
worker_has_external_dependencies!
def perform(app_name, app_id)
find_application(app_name, app_id) do |app|
Clusters::Applications::InstallService.new(app).execute
......
app/workers/cluster_patch_app_worker.rb
View file @ 3fe9588b
......@@ -5,6 +5,8 @@ class ClusterPatchAppWorker
include ClusterQueue
include ClusterApplications
worker_has_external_dependencies!
def perform(app_name, app_id)
find_application(app_name, app_id) do |app|
Clusters::Applications::PatchService.new(app).execute
......
app/workers/cluster_project_configure_worker.rb
View file @ 3fe9588b
......@@ -4,6 +4,8 @@ class ClusterProjectConfigureWorker
include ApplicationWorker
include ClusterQueue
worker_has_external_dependencies!
def perform(project_id)
# Scheduled for removal in https://gitlab.com/gitlab-org/gitlab-foss/issues/59319
end
......
app/workers/cluster_provision_worker.rb
View file @ 3fe9588b
......@@ -4,6 +4,8 @@ class ClusterProvisionWorker
include ApplicationWorker
include ClusterQueue
worker_has_external_dependencies!
def perform(cluster_id)
Clusters::Cluster.find_by_id(cluster_id).try do |cluster|
cluster.provider.try do |provider|
......
app/workers/cluster_upgrade_app_worker.rb
View file @ 3fe9588b
......@@ -5,6 +5,8 @@ class ClusterUpgradeAppWorker
include ClusterQueue
include ClusterApplications
worker_has_external_dependencies!
def perform(app_name, app_id)
find_application(app_name, app_id) do |app|
Clusters::Applications::UpgradeService.new(app).execute
......
app/workers/cluster_wait_for_app_installation_worker.rb
View file @ 3fe9588b
......@@ -8,6 +8,9 @@ class ClusterWaitForAppInstallationWorker
INTERVAL = 10.seconds
TIMEOUT = 20.minutes
worker_has_external_dependencies!
worker_resource_boundary :cpu
def perform(app_name, app_id)
find_application(app_name, app_id) do |app|
Clusters::Applications::CheckInstallationProgressService.new(app).execute
......
app/workers/cluster_wait_for_ingress_ip_address_worker.rb
View file @ 3fe9588b
......@@ -5,6 +5,8 @@ class ClusterWaitForIngressIpAddressWorker
include ClusterQueue
include ClusterApplications
worker_has_external_dependencies!
def perform(app_name, app_id)
find_application(app_name, app_id) do |app|
Clusters::Applications::CheckIngressIpAddressService.new(app).execute
......
app/workers/clusters/applications/uninstall_worker.rb
View file @ 3fe9588b
......@@ -7,6 +7,8 @@ module Clusters
include ClusterQueue
include ClusterApplications
worker_has_external_dependencies!
def perform(app_name, app_id)
find_application(app_name, app_id) do |app|
Clusters::Applications::UninstallService.new(app).execute
......
app/workers/clusters/applications/wait_for_uninstall_app_worker.rb
View file @ 3fe9588b
......@@ -10,6 +10,9 @@ module Clusters
INTERVAL = 10.seconds
TIMEOUT = 20.minutes
worker_has_external_dependencies!
worker_resource_boundary :cpu
def perform(app_name, app_id)
find_application(app_name, app_id) do |app|
Clusters::Applications::CheckUninstallProgressService.new(app).execute
......
app/workers/concerns/gitlab/github_import/object_importer.rb
View file @ 3fe9588b
......@@ -14,6 +14,7 @@ module Gitlab
include NotifyUponDeath
feature_category :importers
worker_has_external_dependencies!
end
# project - An instance of `Project` to import the data into.
......
app/workers/create_pipeline_worker.rb
View file @ 3fe9588b
......@@ -6,6 +6,8 @@ class CreatePipelineWorker
queue_namespace :pipeline_creation
feature_category :continuous_integration
latency_sensitive_worker!
worker_resource_boundary :cpu
def perform(project_id, user_id, ref, source, params = {})
project = Project.find(project_id)
......
app/workers/deployments/finished_worker.rb
View file @ 3fe9588b
......@@ -6,6 +6,7 @@ module Deployments
queue_namespace :deployment
feature_category :continuous_delivery
worker_resource_boundary :cpu
def perform(deployment_id)
Deployment.find_by_id(deployment_id).try(:execute_hooks)
......
app/workers/deployments/success_worker.rb
View file @ 3fe9588b
......@@ -6,6 +6,7 @@ module Deployments
queue_namespace :deployment
feature_category :continuous_delivery
worker_resource_boundary :cpu
def perform(deployment_id)
Deployment.find_by_id(deployment_id).try do |deployment|
......
app/workers/email_receiver_worker.rb
View file @ 3fe9588b
......@@ -4,6 +4,7 @@ class EmailReceiverWorker
include ApplicationWorker
feature_category :issue_tracking
latency_sensitive_worker!
def perform(raw)
return unless Gitlab::IncomingEmail.enabled?
......
app/workers/emails_on_push_worker.rb
View file @ 3fe9588b
......@@ -6,6 +6,8 @@ class EmailsOnPushWorker
attr_reader :email, :skip_premailer
feature_category :source_code_management
latency_sensitive_worker!
worker_resource_boundary :cpu
def perform(project_id, recipients, push_data, options = {})
options.symbolize_keys!
......
app/workers/expire_job_cache_worker.rb
View file @ 3fe9588b
......@@ -5,6 +5,7 @@ class ExpireJobCacheWorker
include PipelineQueue
queue_namespace :pipeline_cache
latency_sensitive_worker!
# rubocop: disable CodeReuse/ActiveRecord
def perform(job_id)
......
app/workers/expire_pipeline_cache_worker.rb
View file @ 3fe9588b
......@@ -5,6 +5,8 @@ class ExpirePipelineCacheWorker
include PipelineQueue
queue_namespace :pipeline_cache
latency_sensitive_worker!
worker_resource_boundary :cpu
# rubocop: disable CodeReuse/ActiveRecord
def perform(pipeline_id)
......
app/workers/gitlab_shell_worker.rb
View file @ 3fe9588b
......@@ -5,6 +5,7 @@ class GitlabShellWorker
include Gitlab::ShellAdapter
feature_category :source_code_management
latency_sensitive_worker!
def perform(action, *arg)
gitlab_shell.__send__(action, *arg) # rubocop:disable GitlabSecurity/PublicSend
......
app/workers/import_issues_csv_worker.rb
View file @ 3fe9588b
......@@ -4,6 +4,7 @@ class ImportIssuesCsvWorker
include ApplicationWorker
feature_category :issue_tracking
worker_resource_boundary :cpu
sidekiq_retries_exhausted do |job|
Upload.find(job['args'][2]).destroy
......
app/workers/mail_scheduler/notification_service_worker.rb
View file @ 3fe9588b
......@@ -8,6 +8,7 @@ module MailScheduler
include MailSchedulerQueue
feature_category :issue_tracking
worker_resource_boundary :cpu
def perform(meth, *args)
check_arguments!(args)
......
app/workers/merge_worker.rb
View file @ 3fe9588b
......@@ -4,6 +4,7 @@ class MergeWorker
include ApplicationWorker
feature_category :source_code_management
latency_sensitive_worker!
def perform(merge_request_id, current_user_id, params)
params = params.with_indifferent_access
......
app/workers/namespaces/prune_aggregation_schedules_worker.rb
View file @ 3fe9588b
......@@ -6,6 +6,7 @@ module Namespaces
include CronjobQueue
feature_category :source_code_management
worker_resource_boundary :cpu
# Worker to prune pending rows on Namespace::AggregationSchedule
# It's scheduled to run once a day at 1:05am.
......
app/workers/new_issue_worker.rb
View file @ 3fe9588b
......@@ -5,6 +5,8 @@ class NewIssueWorker
include NewIssuable
feature_category :issue_tracking
latency_sensitive_worker!
worker_resource_boundary :cpu
def perform(issue_id, user_id)
return unless objects_found?(issue_id, user_id)
......
app/workers/new_merge_request_worker.rb
View file @ 3fe9588b
......@@ -5,6 +5,8 @@ class NewMergeRequestWorker
include NewIssuable
feature_category :source_code_management
latency_sensitive_worker!
worker_resource_boundary :cpu
def perform(merge_request_id, user_id)
return unless objects_found?(merge_request_id, user_id)
......
app/workers/new_note_worker.rb
View file @ 3fe9588b
......@@ -4,6 +4,8 @@ class NewNoteWorker
include ApplicationWorker
feature_category :issue_tracking
latency_sensitive_worker!
worker_resource_boundary :cpu
# Keep extra parameter to preserve backwards compatibility with
# old `NewNoteWorker` jobs (can remove later)
......
app/workers/object_pool/join_worker.rb
View file @ 3fe9588b
......@@ -5,6 +5,8 @@ module ObjectPool
include ApplicationWorker
include ObjectPoolQueue
worker_resource_boundary :cpu
# The use of pool id is deprecated. Keeping the argument allows old jobs to
# still be performed.
def perform(_pool_id, project_id)
......
app/workers/pages_domain_removal_cron_worker.rb
View file @ 3fe9588b
......@@ -5,6 +5,7 @@ class PagesDomainRemovalCronWorker
include CronjobQueue
feature_category :pages
worker_resource_boundary :cpu
def perform
PagesDomain.for_removal.find_each do |domain|
......
app/workers/pipeline_hooks_worker.rb
View file @ 3fe9588b
......@@ -5,6 +5,8 @@ class PipelineHooksWorker
include PipelineQueue
queue_namespace :pipeline_hooks
latency_sensitive_worker!
worker_resource_boundary :cpu
# rubocop: disable CodeReuse/ActiveRecord
def perform(pipeline_id)
......
app/workers/pipeline_metrics_worker.rb
View file @ 3fe9588b
......@@ -4,6 +4,8 @@ class PipelineMetricsWorker
include ApplicationWorker
include PipelineQueue
latency_sensitive_worker!
# rubocop: disable CodeReuse/ActiveRecord
def perform(pipeline_id)
Ci::Pipeline.find_by(id: pipeline_id).try do |pipeline|
......
app/workers/pipeline_notification_worker.rb
View file @ 3fe9588b
......@@ -4,6 +4,9 @@ class PipelineNotificationWorker
include ApplicationWorker
include PipelineQueue
latency_sensitive_worker!
worker_resource_boundary :cpu
# rubocop: disable CodeReuse/ActiveRecord
def perform(pipeline_id, recipients = nil)
pipeline = Ci::Pipeline.find_by(id: pipeline_id)
......
app/workers/pipeline_process_worker.rb
View file @ 3fe9588b
......@@ -6,6 +6,7 @@ class PipelineProcessWorker
queue_namespace :pipeline_processing
feature_category :continuous_integration
latency_sensitive_worker!
# rubocop: disable CodeReuse/ActiveRecord
def perform(pipeline_id, build_ids = nil)
......
app/workers/pipeline_schedule_worker.rb
View file @ 3fe9588b
......@@ -5,6 +5,7 @@ class PipelineScheduleWorker
include CronjobQueue
feature_category :continuous_integration
worker_resource_boundary :cpu
def perform
Ci::PipelineSchedule.runnable_schedules.preloaded.find_in_batches do |schedules|
......
app/workers/pipeline_success_worker.rb
View file @ 3fe9588b
......@@ -5,6 +5,7 @@ class PipelineSuccessWorker
include PipelineQueue
queue_namespace :pipeline_processing
latency_sensitive_worker!
def perform(pipeline_id)
# no-op
......
app/workers/pipeline_update_worker.rb
View file @ 3fe9588b
......@@ -5,6 +5,7 @@ class PipelineUpdateWorker
include PipelineQueue
queue_namespace :pipeline_processing
latency_sensitive_worker!
# rubocop: disable CodeReuse/ActiveRecord
def perform(pipeline_id)
......
app/workers/post_receive.rb
View file @ 3fe9588b
......@@ -4,6 +4,8 @@ class PostReceive
include ApplicationWorker
feature_category :source_code_management
latency_sensitive_worker!
worker_resource_boundary :cpu
def perform(gl_repository, identifier, changes, push_options = {})
project, repo_type = Gitlab::GlRepository.parse(gl_repository)
......
app/workers/process_commit_worker.rb
View file @ 3fe9588b
......@@ -11,6 +11,7 @@ class ProcessCommitWorker
include ApplicationWorker
feature_category :source_code_management
latency_sensitive_worker!
# project_id - The ID of the project this commit belongs to.
# user_id - The ID of the user that pushed the commit.
......
app/workers/project_cache_worker.rb
View file @ 3fe9588b
......@@ -3,6 +3,9 @@
# Worker for updating any project specific caches.
class ProjectCacheWorker
include ApplicationWorker
latency_sensitive_worker!
LEASE_TIMEOUT = 15.minutes.to_i
feature_category :source_code_management
......
app/workers/project_export_worker.rb
View file @ 3fe9588b
......@@ -6,6 +6,7 @@ class ProjectExportWorker
sidekiq_options retry: 3
feature_category :source_code_management
worker_resource_boundary :memory
def perform(current_user_id, project_id, after_export_strategy = {}, params = {})
current_user = User.find(current_user_id)
......
app/workers/project_service_worker.rb
View file @ 3fe9588b
......@@ -5,6 +5,7 @@ class ProjectServiceWorker
sidekiq_options dead: false
feature_category :integrations
worker_has_external_dependencies!
def perform(hook_id, data)
data = data.with_indifferent_access
......
app/workers/reactive_caching_worker.rb
View file @ 3fe9588b
......@@ -5,6 +5,14 @@ class ReactiveCachingWorker
feature_category_not_owned!
# TODO: The reactive caching worker should be split into
# two different workers, one for latency_sensitive jobs without external dependencies
# and another worker without latency_sensitivity, but with external dependencies
# https://gitlab.com/gitlab-com/gl-infra/scalability/issues/34
# This worker should also have `worker_has_external_dependencies!` enabled
latency_sensitive_worker!
worker_resource_boundary :cpu
def perform(class_name, id, *args)
klass = begin
class_name.constantize
......
app/workers/remove_expired_members_worker.rb
View file @ 3fe9588b
......@@ -5,6 +5,7 @@ class RemoveExpiredMembersWorker
include CronjobQueue
feature_category :authentication_and_authorization
worker_resource_boundary :cpu
def perform
Member.expired.find_each do |member|
......
app/workers/repository_import_worker.rb
View file @ 3fe9588b
......@@ -7,6 +7,7 @@ class RepositoryImportWorker
include ProjectImportOptions
feature_category :importers
worker_has_external_dependencies!
# technical debt: https://gitlab.com/gitlab-org/gitlab/issues/33991
sidekiq_options memory_killer_memory_growth_kb: ENV.fetch('MEMORY_KILLER_REPOSITORY_IMPORT_WORKER_MEMORY_GROWTH_KB', 50).to_i
......
app/workers/repository_update_remote_mirror_worker.rb
View file @ 3fe9588b
......@@ -6,6 +6,8 @@ class RepositoryUpdateRemoteMirrorWorker
include ApplicationWorker
include Gitlab::ExclusiveLeaseHelpers
worker_has_external_dependencies!
sidekiq_options retry: 3, dead: false
feature_category :source_code_management
......
app/workers/stage_update_worker.rb
View file @ 3fe9588b
......@@ -5,6 +5,7 @@ class StageUpdateWorker
include PipelineQueue
queue_namespace :pipeline_processing
latency_sensitive_worker!
# rubocop: disable CodeReuse/ActiveRecord
def perform(stage_id)
......
app/workers/stuck_ci_jobs_worker.rb
View file @ 3fe9588b
......@@ -5,6 +5,7 @@ class StuckCiJobsWorker
include CronjobQueue
feature_category :continuous_integration
worker_resource_boundary :cpu
EXCLUSIVE_LEASE_KEY = 'stuck_ci_builds_worker_lease'
......
app/workers/stuck_import_jobs_worker.rb
View file @ 3fe9588b
......@@ -5,6 +5,7 @@ class StuckImportJobsWorker
include CronjobQueue
feature_category :importers
worker_resource_boundary :cpu
IMPORT_JOBS_EXPIRATION = 15.hours.to_i
......
app/workers/update_head_pipeline_for_merge_request_worker.rb
View file @ 3fe9588b
......@@ -6,6 +6,8 @@ class UpdateHeadPipelineForMergeRequestWorker
queue_namespace :pipeline_processing
feature_category :continuous_integration
latency_sensitive_worker!
worker_resource_boundary :cpu
def perform(merge_request_id)
MergeRequest.find_by_id(merge_request_id).try do |merge_request|
......
app/workers/update_merge_requests_worker.rb
View file @ 3fe9588b
......@@ -4,6 +4,8 @@ class UpdateMergeRequestsWorker
include ApplicationWorker
feature_category :source_code_management
latency_sensitive_worker!
worker_resource_boundary :cpu
LOG_TIME_THRESHOLD = 90 # seconds
......
app/workers/wait_for_cluster_creation_worker.rb
View file @ 3fe9588b
......@@ -4,6 +4,8 @@ class WaitForClusterCreationWorker
include ApplicationWorker
include ClusterQueue
worker_has_external_dependencies!
def perform(cluster_id)
Clusters::Cluster.find_by_id(cluster_id).try do |cluster|
cluster.provider.try do |provider|
......
app/workers/web_hook_worker.rb
View file @ 3fe9588b
......@@ -4,6 +4,8 @@ class WebHookWorker
include ApplicationWorker
feature_category :integrations
worker_has_external_dependencies!
sidekiq_options retry: 4, dead: false
def perform(hook_id, data, hook_name)
......
changelogs/unreleased/32935-preventing-accidental-project-deletion-db-changes.yml 0 → 100644
View file @ 3fe9588b
---
title: Add migrations and changes for soft-delete for projects
merge_request: 18791
author:
type: added
changelogs/unreleased/33054-share_groups_with_groups.yml 0 → 100644
View file @ 3fe9588b
---
title: Share groups with groups
merge_request: 17117
author:
type: added
changelogs/unreleased/5366-display-anomaly-deviation-boundaries-on-dashboard-ce.yml 0 → 100644
View file @ 3fe9588b
---
title: Added new chart component to display an anomaly boundary
merge_request: 16530
author:
type: added
changelogs/unreleased/add-missing-bottom-padding-in-settings.yml 0 → 100644
View file @ 3fe9588b
---
title: Add missing bottom padding in CI/CD settings
merge_request: 19284
author: George Tsiolis
type: fixed
changelogs/unreleased/an-mark-jobs-as-latency-sensitive.yml 0 → 100644
View file @ 3fe9588b
---
title: Attribute Sidekiq workers according to their workloads
merge_request: 18066
author:
type: other
changelogs/unreleased/security-open-redirect-internalredirect.yml changelogs/unreleased/security-remove-deploy-access-levels-on-project-group-link-deletion.yml
View file @ 3fe9588b
---
title: Fixes a Open Redirect issue in `InternalRedirect`.
title: Remove deploy access level when project/group link is deleted
merge_request:
author:
type: security
config/routes/group.rb
View file @ 3fe9588b
......@@ -62,6 +62,8 @@ constraints(::Constraints::GroupUrlConstrainer.new) do
delete :leave, on: :collection
end
resources :group_links, only: [:index, :create, :update, :destroy], constraints: { id: /\d+/ }
resources :uploads, only: [:create] do
collection do
get ":secret/:filename", action: :show, as: :show, constraints: { filename: %r{[^/]+} }
......
db/migrate/20180902070406_create_group_group_links.rb 0 → 100644
View file @ 3fe9588b
# frozen_string_literal: true
class CreateGroupGroupLinks < ActiveRecord::Migration[5.2]
include Gitlab::Database::MigrationHelpers
DOWNTIME = false
def up
create_table :group_group_links do |t|
t.timestamps_with_timezone null: false
t.references :shared_group, null: false,
index: false,
foreign_key: { on_delete: :cascade,
to_table: :namespaces }
t.references :shared_with_group, null: false,
foreign_key: { on_delete: :cascade,
to_table: :namespaces }
t.date :expires_at
t.index [:shared_group_id, :shared_with_group_id],
{ unique: true,
name: 'index_group_group_links_on_shared_group_and_shared_with_group' }
t.integer :group_access, { limit: 2,
default: 30, # Gitlab::Access::DEVELOPER
null: false }
end
end
def down
drop_table :group_group_links
end
end
db/migrate/20191003161031_add_mark_for_deletion_to_projects.rb 0 → 100644
View file @ 3fe9588b
# frozen_string_literal: true
class AddMarkForDeletionToProjects < ActiveRecord::Migration[5.2]
# Set this constant to true if this migration requires downtime.
DOWNTIME = false
def change
add_column :projects, :marked_for_deletion_at, :date
add_column :projects, :marked_for_deletion_by_user_id, :integer
end
end
db/migrate/20191003161032_add_mark_for_deletion_indexes_to_projects.rb 0 → 100644
View file @ 3fe9588b
# frozen_string_literal: true
class AddMarkForDeletionIndexesToProjects < ActiveRecord::Migration[5.2]
include Gitlab::Database::MigrationHelpers
DOWNTIME = false
disable_ddl_transaction!
def up
add_concurrent_foreign_key :projects, :users, column: :marked_for_deletion_by_user_id, on_delete: :nullify
add_concurrent_index :projects, :marked_for_deletion_by_user_id, where: 'marked_for_deletion_by_user_id IS NOT NULL'
end
def down
remove_foreign_key_if_exists :projects, column: :marked_for_deletion_by_user_id
remove_concurrent_index :projects, :marked_for_deletion_by_user_id
end
end
db/migrate/20191011084019_add_project_deletion_adjourned_period_to_application_settings.rb 0 → 100644
View file @ 3fe9588b
# frozen_string_literal: true
class AddProjectDeletionAdjournedPeriodToApplicationSettings < ActiveRecord::Migration[5.2]
DOWNTIME = false
DEFAULT_NUMBER_OF_DAYS_BEFORE_REMOVAL = 7
def change
add_column :application_settings, :deletion_adjourned_period, :integer, default: DEFAULT_NUMBER_OF_DAYS_BEFORE_REMOVAL, null: false
end
end
db/post_migrate/20190926180443_schedule_epic_issues_after_epics_move.rb 0 → 100644
View file @ 3fe9588b
# frozen_string_literal: true
# See http://doc.gitlab.com/ce/development/migration_style_guide.html
# for more information on how to write migrations for GitLab.
class ScheduleEpicIssuesAfterEpicsMove < ActiveRecord::Migration[5.2]
include Gitlab::Database::MigrationHelpers
DOWNTIME = false
INTERVAL = 5.minutes.to_i
BATCH_SIZE = 100
MIGRATION = 'MoveEpicIssuesAfterEpics'
disable_ddl_transaction!
class Epic < ActiveRecord::Base
self.table_name = 'epics'
include ::EachBatch
end
def up
return unless ::Gitlab.ee?
Epic.each_batch(of: BATCH_SIZE) do |batch, index|
range = batch.pluck('MIN(id)', 'MAX(id)').first
delay = index * interval
BackgroundMigrationWorker.perform_in(delay, MIGRATION, *range)
end
end
def down
# no need
end
end
db/schema.rb
View file @ 3fe9588b
......@@ -343,6 +343,7 @@ ActiveRecord::Schema.define(version: 2019_10_26_124116) do
t.string "custom_http_clone_url_root", limit: 511
t.boolean "pendo_enabled", default: false, null: false
t.string "pendo_url", limit: 255
t.integer "deletion_adjourned_period", default: 7, null: false
t.index ["custom_project_templates_group_id"], name: "index_application_settings_on_custom_project_templates_group_id"
t.index ["file_template_project_id"], name: "index_application_settings_on_file_template_project_id"
t.index ["instance_administration_project_id"], name: "index_applicationsettings_on_instance_administration_project_id"
......@@ -1820,6 +1821,17 @@ ActiveRecord::Schema.define(version: 2019_10_26_124116) do
t.index ["key", "value"], name: "index_group_custom_attributes_on_key_and_value"
end
create_table "group_group_links", force: :cascade do |t|
t.datetime_with_timezone "created_at", null: false
t.datetime_with_timezone "updated_at", null: false
t.bigint "shared_group_id", null: false
t.bigint "shared_with_group_id", null: false
t.date "expires_at"
t.integer "group_access", limit: 2, default: 30, null: false
t.index ["shared_group_id", "shared_with_group_id"], name: "index_group_group_links_on_shared_group_and_shared_with_group", unique: true
t.index ["shared_with_group_id"], name: "index_group_group_links_on_shared_with_group_id"
end
create_table "historical_data", id: :serial, force: :cascade do |t|
t.date "date", null: false
t.integer "active_user_count"
......@@ -3062,6 +3074,8 @@ ActiveRecord::Schema.define(version: 2019_10_26_124116) do
t.integer "max_artifacts_size"
t.string "pull_mirror_branch_prefix", limit: 50
t.boolean "remove_source_branch_after_merge"
t.date "marked_for_deletion_at"
t.integer "marked_for_deletion_by_user_id"
t.index "lower((name)::text)", name: "index_projects_on_lower_name"
t.index ["archived", "pending_delete", "merge_requests_require_code_owner_approval"], name: "projects_requiring_code_owner_approval", where: "((pending_delete = false) AND (archived = false) AND (merge_requests_require_code_owner_approval = true))"
t.index ["created_at"], name: "index_projects_on_created_at"
......@@ -3074,6 +3088,7 @@ ActiveRecord::Schema.define(version: 2019_10_26_124116) do
t.index ["last_repository_check_at"], name: "index_projects_on_last_repository_check_at", where: "(last_repository_check_at IS NOT NULL)"
t.index ["last_repository_check_failed"], name: "index_projects_on_last_repository_check_failed"
t.index ["last_repository_updated_at"], name: "index_projects_on_last_repository_updated_at"
t.index ["marked_for_deletion_by_user_id"], name: "index_projects_on_marked_for_deletion_by_user_id", where: "(marked_for_deletion_by_user_id IS NOT NULL)"
t.index ["mirror_last_successful_update_at"], name: "index_projects_on_mirror_last_successful_update_at"
t.index ["mirror_user_id"], name: "index_projects_on_mirror_user_id"
t.index ["name"], name: "index_projects_on_name_trigram", opclass: :gin_trgm_ops, using: :gin
......@@ -4220,6 +4235,8 @@ ActiveRecord::Schema.define(version: 2019_10_26_124116) do
add_foreign_key "gpg_signatures", "projects", on_delete: :cascade
add_foreign_key "grafana_integrations", "projects", on_delete: :cascade
add_foreign_key "group_custom_attributes", "namespaces", column: "group_id", on_delete: :cascade
add_foreign_key "group_group_links", "namespaces", column: "shared_group_id", on_delete: :cascade
add_foreign_key "group_group_links", "namespaces", column: "shared_with_group_id", on_delete: :cascade
add_foreign_key "identities", "saml_providers", name: "fk_aade90f0fc", on_delete: :cascade
add_foreign_key "import_export_uploads", "projects", on_delete: :cascade
add_foreign_key "index_statuses", "projects", name: "fk_74b2492545", on_delete: :cascade
......@@ -4343,6 +4360,7 @@ ActiveRecord::Schema.define(version: 2019_10_26_124116) do
add_foreign_key "project_statistics", "projects", on_delete: :cascade
add_foreign_key "project_tracing_settings", "projects", on_delete: :cascade
add_foreign_key "projects", "pool_repositories", name: "fk_6e5c14658a", on_delete: :nullify
add_foreign_key "projects", "users", column: "marked_for_deletion_by_user_id", name: "fk_25d8780d11", on_delete: :nullify
add_foreign_key "prometheus_alert_events", "projects", on_delete: :cascade
add_foreign_key "prometheus_alert_events", "prometheus_alerts", on_delete: :cascade
add_foreign_key "prometheus_alerts", "environments", on_delete: :cascade
......
doc/development/code_review.md
View file @ 3fe9588b
......@@ -368,7 +368,7 @@ Enterprise Edition instance. This has some implications:
- [Background migrations](background_migrations.md) run in Sidekiq, and
should only be done for migrations that would take an extreme amount of
time at GitLab.com scale.
1. **Sidekiq workers** [cannot change in a backwards-incompatible way](sidekiq_style_guide.md#removing-or-renaming-queues):
1. **Sidekiq workers** [cannot change in a backwards-incompatible way](sidekiq_style_guide.md#sidekiq-compatibility-across-updates):
1. Sidekiq queues are not drained before a deploy happens, so there will be
workers in the queue from the previous version of GitLab.
1. If you need to change a method signature, try to do so across two releases,
......
doc/development/sidekiq_style_guide.md
View file @ 3fe9588b
This diff is collapsed.
doc/topics/autodevops/index.md
View file @ 3fe9588b
......@@ -969,7 +969,6 @@ The following table lists variables related to security tools.
| **Variable** | **Description** |
| `SAST_CONFIDENCE_LEVEL` | Minimum confidence level of security issues you want to be reported; `1` for Low, `2` for Medium, `3` for High. Defaults to `3`. |
| `DS_DISABLE_REMOTE_CHECKS` | Whether remote Dependency Scanning checks are disabled. Defaults to `"false"`. Set to `"true"` to disable checks that send data to GitLab central servers. [Read more about remote checks](../../user/application_security/dependency_scanning/index.md#remote-checks). |
#### Disable jobs
......
doc/user/application_security/dependency_scanning/index.md
View file @ 3fe9588b
......@@ -63,23 +63,6 @@ The following languages and dependency managers are supported.
| Python ([poetry](https://poetry.eustace.io/)) | not currently ([issue](https://gitlab.com/gitlab-org/gitlab/issues/7006 "Support Poetry in Dependency Scanning")) | not available |
| Ruby ([gem](https://rubygems.org/)) | yes | [gemnasium](https://gitlab.com/gitlab-org/security-products/gemnasium), [bundler-audit](https://github.com/rubysec/bundler-audit) |
## Remote checks
While some tools pull a local database to check vulnerabilities, some others
like Gemnasium require sending data to GitLab central servers to analyze them:
1. Gemnasium scans the dependencies of your project locally and sends a list of
packages to GitLab central servers.
1. The servers return the list of known vulnerabilities for all versions of
these packages.
1. The client picks up the relevant vulnerabilities by comparing with the versions
of the packages that are used by the project.
The Gemnasium client does **NOT** send the exact package versions your project relies on.
You can disable the remote checks by [using](#customizing-the-dependency-scanning-settings)
the `DS_DISABLE_REMOTE_CHECKS` environment variable and setting it to `"true"`.
## Configuration
For GitLab 11.9 and later, to enable Dependency Scanning, you must
......@@ -116,7 +99,7 @@ include:
template: Dependency-Scanning.gitlab-ci.yml
variables:
DS_DISABLE_REMOTE_CHECKS: "true"
DS_PYTHON_VERSION: 2
```
Because template is [evaluated before](../../../ci/yaml/README.md#include) the pipeline
......@@ -150,7 +133,6 @@ using environment variables.
| `DS_PYTHON_VERSION` | Version of Python. If set to 2, dependencies are installed using Python 2.7 instead of Python 3.6. ([Introduced](https://gitlab.com/gitlab-org/gitlab/issues/12296) in GitLab 12.1)| |
| `DS_PIP_DEPENDENCY_PATH` | Path to load Python pip dependencies from. ([Introduced](https://gitlab.com/gitlab-org/gitlab/issues/12412) in GitLab 12.2) | |
| `DS_DEFAULT_ANALYZERS` | Override the names of the official default images. Read more about [customizing analyzers](analyzers.md). | |
| `DS_DISABLE_REMOTE_CHECKS` | Do not send any data to GitLab. Used in the [Gemnasium analyzer](#remote-checks). | |
| `DS_PULL_ANALYZER_IMAGES` | Pull the images from the Docker registry (set to `0` to disable). | |
| `DS_EXCLUDED_PATHS` | Exclude vulnerabilities from output based on the paths. A comma-separated list of patterns. Patterns can be globs, file or folder paths. Parent directories will also match patterns. | `DS_EXCLUDED_PATHS=doc,spec` |
| `DS_DOCKER_CLIENT_NEGOTIATION_TIMEOUT` | Time limit for Docker client negotiation. Timeouts are parsed using Go's [`ParseDuration`](https://golang.org/pkg/time/#ParseDuration). Valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`. For example, `300ms`, `1.5h`, or `2h45m`. | |
......
lib/gitlab/import_export/import_export.yml
View file @ 3fe9588b
......@@ -148,6 +148,8 @@ excluded_attributes:
- :emails_disabled
- :max_pages_size
- :max_artifacts_size
- :marked_for_deletion_at
- :marked_for_deletion_by_user_id
namespaces:
- :runners_token
- :runners_token_encrypted
......
lib/gitlab/project_authorizations.rb
View file @ 3fe9588b
......@@ -57,7 +57,7 @@ module Gitlab
private
# Builds a recursive CTE that gets all the groups the current user has
# access to, including any nested groups.
# access to, including any nested groups and any shared groups.
def recursive_cte
cte = Gitlab::SQL::RecursiveCTE.new(:namespaces_cte)
members = Member.arel_table
......@@ -68,20 +68,27 @@ module Gitlab
.select([namespaces[:id], members[:access_level]])
.except(:order)
if Feature.enabled?(:share_group_with_group)
# Namespaces shared with any of the group
cte << Group.select([namespaces[:id], 'group_group_links.group_access AS access_level'])
.joins(join_group_group_links)
.joins(join_members_on_group_group_links)
end
# Sub groups of any groups the user is a member of.
cte << Group.select([
namespaces[:id],
greatest(members[:access_level], cte.table[:access_level], 'access_level')
])
.joins(join_cte(cte))
.joins(join_members)
.joins(join_members_on_namespaces)
.except(:order)
cte
end
# Builds a LEFT JOIN to join optional memberships onto the CTE.
def join_members
def join_members_on_namespaces
members = Member.arel_table
namespaces = Namespace.arel_table
......@@ -94,6 +101,23 @@ module Gitlab
Arel::Nodes::OuterJoin.new(members, Arel::Nodes::On.new(cond))
end
def join_group_group_links
group_group_links = GroupGroupLink.arel_table
namespaces = Namespace.arel_table
cond = group_group_links[:shared_group_id].eq(namespaces[:id])
Arel::Nodes::InnerJoin.new(group_group_links, Arel::Nodes::On.new(cond))
end
def join_members_on_group_group_links
group_group_links = GroupGroupLink.arel_table
members = Member.arel_table
cond = group_group_links[:shared_with_group_id].eq(members[:source_id])
.and(members[:user_id].eq(user.id))
Arel::Nodes::InnerJoin.new(members, Arel::Nodes::On.new(cond))
end
# Builds an INNER JOIN to join namespaces onto the CTE.
def join_cte(cte)
namespaces = Namespace.arel_table
......
locale/gitlab.pot
View file @ 3fe9588b
......@@ -5628,9 +5628,6 @@ msgstr ""
msgid "Disable"
msgstr ""
msgid "Disable email notifications"
msgstr ""
msgid "Disable for this project"
msgstr ""
......@@ -11202,9 +11199,6 @@ msgstr ""
msgid "Note: Consider asking your GitLab administrator to configure %{github_integration_link}, which will allow login via GitHub and allow importing repositories without generating a Personal Access Token."
msgstr ""
msgid "Note: the container registry is always visible when a project is public"
msgstr ""
msgid "NoteForm|Note"
msgstr ""
......@@ -12869,12 +12863,18 @@ msgstr ""
msgid "ProjectSettings|All discussions must be resolved"
msgstr ""
msgid "ProjectSettings|Allow users to request access"
msgstr ""
msgid "ProjectSettings|Automatically resolve merge request diff discussions when they become outdated"
msgstr ""
msgid "ProjectSettings|Badges"
msgstr ""
msgid "ProjectSettings|Build, test, and deploy your changes"
msgstr ""
msgid "ProjectSettings|Choose your merge method, merge options, and merge checks."
msgstr ""
......@@ -12884,15 +12884,30 @@ msgstr ""
msgid "ProjectSettings|Contact an admin to change this setting."
msgstr ""
msgid "ProjectSettings|Container registry"
msgstr ""
msgid "ProjectSettings|Customize your project badges."
msgstr ""
msgid "ProjectSettings|Disable email notifications"
msgstr ""
msgid "ProjectSettings|Enable 'Delete source branch' option by default"
msgstr ""
msgid "ProjectSettings|Every merge creates a merge commit"
msgstr ""
msgid "ProjectSettings|Every project can have its own space to store its Docker images"
msgstr ""
msgid "ProjectSettings|Every project can have its own space to store its packages"
msgstr ""
msgid "ProjectSettings|Everyone"
msgstr ""
msgid "ProjectSettings|Existing merge requests and protected branches are not affected"
msgstr ""
......@@ -12908,9 +12923,24 @@ msgstr ""
msgid "ProjectSettings|Fast-forward merges only"
msgstr ""
msgid "ProjectSettings|Git Large File Storage"
msgstr ""
msgid "ProjectSettings|Internal"
msgstr ""
msgid "ProjectSettings|Issues"
msgstr ""
msgid "ProjectSettings|Learn more about badges."
msgstr ""
msgid "ProjectSettings|Lightweight issue tracking system for this project"
msgstr ""
msgid "ProjectSettings|Manages large files such as audio, video, and graphics files"
msgstr ""
msgid "ProjectSettings|Merge checks"
msgstr ""
......@@ -12929,24 +12959,60 @@ msgstr ""
msgid "ProjectSettings|Merge pipelines will try to validate the post-merge result prior to merging"
msgstr ""
msgid "ProjectSettings|Merge requests"
msgstr ""
msgid "ProjectSettings|No merge commits are created"
msgstr ""
msgid "ProjectSettings|Note: the container registry is always visible when a project is public"
msgstr ""
msgid "ProjectSettings|Only signed commits can be pushed to this repository."
msgstr ""
msgid "ProjectSettings|Packages"
msgstr ""
msgid "ProjectSettings|Pages"
msgstr ""
msgid "ProjectSettings|Pages for project documentation"
msgstr ""
msgid "ProjectSettings|Pipelines"
msgstr ""
msgid "ProjectSettings|Pipelines must succeed"
msgstr ""
msgid "ProjectSettings|Pipelines need to be configured to enable this feature."
msgstr ""
msgid "ProjectSettings|Private"
msgstr ""
msgid "ProjectSettings|Project visibility"
msgstr ""
msgid "ProjectSettings|Public"
msgstr ""
msgid "ProjectSettings|Repository"
msgstr ""
msgid "ProjectSettings|Share code pastes with others out of Git repository"
msgstr ""
msgid "ProjectSettings|Show link to create/view merge request when pushing from the command line"
msgstr ""
msgid "ProjectSettings|Snippets"
msgstr ""
msgid "ProjectSettings|Submit changes to be merged upstream"
msgstr ""
msgid "ProjectSettings|These checks must pass before merge requests can be merged"
msgstr ""
......@@ -12959,15 +13025,27 @@ msgstr ""
msgid "ProjectSettings|This setting will be applied to all projects unless overridden by an admin."
msgstr ""
msgid "ProjectSettings|This setting will override user notification preferences for all project members."
msgstr ""
msgid "ProjectSettings|This will dictate the commit history when you merge a merge request"
msgstr ""
msgid "ProjectSettings|Users can only push commits to this repository that were committed with one of their own verified emails."
msgstr ""
msgid "ProjectSettings|View and edit files in this project"
msgstr ""
msgid "ProjectSettings|When conflicts arise the user is given the option to rebase"
msgstr ""
msgid "ProjectSettings|Wiki"
msgstr ""
msgid "ProjectSettings|With GitLab Pages you can host your static websites on GitLab"
msgstr ""
msgid "ProjectTemplates|.NET Core"
msgstr ""
......@@ -16437,6 +16515,9 @@ msgstr ""
msgid "The group and its projects can only be viewed by members."
msgstr ""
msgid "The group has already been shared with this group"
msgstr ""
msgid "The group settings for %{group_links} require you to enable Two-Factor Authentication for your account. You can %{leave_group_links}."
msgstr ""
......@@ -17031,9 +17112,6 @@ msgstr ""
msgid "This setting can be overridden in each project."
msgstr ""
msgid "This setting will override user notification preferences for all project members."
msgstr ""
msgid "This setting will update the hostname that is used to generate private commit emails. %{learn_more}"
msgstr ""
......@@ -18929,9 +19007,6 @@ msgstr ""
msgid "Will deploy to"
msgstr ""
msgid "With GitLab Pages you can host your static websites on GitLab"
msgstr ""
msgid "With contribution analytics you can have an overview for the activity of issues, merge requests and push events of your organization and its members."
msgstr ""
......
scripts/review_apps/review-apps.sh
View file @ 3fe9588b
......@@ -195,9 +195,22 @@ function download_chart() {
helm dependency build .
}
function base_config_changed() {
git fetch origin master --depth=50
[ -n "$(git diff origin/master... --name-only -- scripts/review_apps/base-config.yaml)" ]
}
function deploy() {
local name="$CI_ENVIRONMENT_SLUG"
local edition="${GITLAB_EDITION-ce}"
local base_config_file_ref="master"
echo "REVIEW_APP_CONFIG_CHANGED: ${REVIEW_APP_CONFIG_CHANGED}"
if [ -n "${REVIEW_APP_CONFIG_CHANGED}" ]; then
base_config_file_ref="$CI_COMMIT_SHA"
fi
local base_config_file="https://gitlab.com/gitlab-org/gitlab/raw/${base_config_file_ref}/scripts/review_apps/base-config.yaml"
echoinfo "Deploying ${name}..." true
IMAGE_REPOSITORY="registry.gitlab.com/gitlab-org/build/cng-mirror"
......@@ -240,11 +253,11 @@ EOF
)
HELM_CMD=$(cat << EOF
$HELM_CMD \
${HELM_CMD} \
--namespace="$KUBE_NAMESPACE" \
--version="$CI_PIPELINE_ID-$CI_JOB_ID" \
-f "../scripts/review_apps/base-config.yaml" \
"$name" .
--version="${CI_PIPELINE_ID}-${CI_JOB_ID}" \
-f "${base_config_file}" \
"${name}" .
EOF
)
......
spec/controllers/groups/group_links_controller_spec.rb 0 → 100644
View file @ 3fe9588b
# frozen_string_literal: true
require 'spec_helper'
describe Groups::GroupLinksController do
let(:shared_with_group) { create(:group, :private) }
let(:shared_group) { create(:group, :private) }
let(:user) { create(:user) }
before do
sign_in(user)
end
describe '#create' do
let(:shared_with_group_id) { shared_with_group.id }
subject do
post(:create,
params: { group_id: shared_group,
shared_with_group_id: shared_with_group_id,
shared_group_access: GroupGroupLink.default_access })
end
context 'when user has correct access to both groups' do
let(:group_member) { create(:user) }
before do
shared_with_group.add_developer(user)
shared_group.add_owner(user)
shared_with_group.add_developer(group_member)
end
it 'links group with selected group' do
expect { subject }.to change { shared_with_group.shared_groups.include?(shared_group) }.from(false).to(true)
end
it 'redirects to group links page' do
subject
expect(response).to(redirect_to(group_group_members_path(shared_group)))
end
it 'allows access for group member' do
expect { subject }.to change { group_member.can?(:read_group, shared_group) }.from(false).to(true)
end
context 'when shared with group id is not present' do
let(:shared_with_group_id) { nil }
it 'redirects to group links page' do
subject
expect(response).to(redirect_to(group_group_members_path(shared_group)))
expect(flash[:alert]).to eq('Please select a group.')
end
end
context 'when link is not persisted in the database' do
before do
allow(::Groups::GroupLinks::CreateService).to(
receive_message_chain(:new, :execute)
.and_return({ status: :error,
http_status: 409,
message: 'error' }))
end
it 'redirects to group links page' do
subject
expect(response).to(redirect_to(group_group_members_path(shared_group)))
expect(flash[:alert]).to eq('error')
end
end
context 'when feature flag is disabled' do
before do
stub_feature_flags(share_group_with_group: false)
end
it 'renders 404' do
subject
expect(response).to have_gitlab_http_status(404)
end
end
end
context 'when user does not have access to the group' do
before do
shared_group.add_owner(user)
end
it 'renders 404' do
subject
expect(response).to have_gitlab_http_status(404)
end
end
context 'when user does not have admin access to the shared group' do
before do
shared_with_group.add_developer(user)
shared_group.add_developer(user)
end
it 'renders 404' do
subject
expect(response).to have_gitlab_http_status(404)
end
end
end
end
spec/factories/group_group_links.rb 0 → 100644
View file @ 3fe9588b
# frozen_string_literal: true
FactoryBot.define do
factory :group_group_link do
shared_group { create(:group) }
shared_with_group { create(:group) }
group_access { GroupMember::DEVELOPER }
end
end
spec/frontend/monitoring/components/charts/anomaly_spec.js 0 → 100644
View file @ 3fe9588b
import Anomaly from '~/monitoring/components/charts/anomaly.vue';
import { shallowMount } from '@vue/test-utils';
import { colorValues } from '~/monitoring/constants';
import {
anomalyDeploymentData,
mockProjectDir,
anomalyMockGraphData,
anomalyMockResultValues,
} from '../../mock_data';
import { TEST_HOST } from 'helpers/test_constants';
import MonitorTimeSeriesChart from '~/monitoring/components/charts/time_series.vue';
const mockWidgets = 'mockWidgets';
const mockProjectPath = `${TEST_HOST}${mockProjectDir}`;
jest.mock('~/lib/utils/icon_utils'); // mock getSvgIconPathContent
const makeAnomalyGraphData = (datasetName, template = anomalyMockGraphData) => {
const queries = anomalyMockResultValues[datasetName].map((values, index) => ({
...template.queries[index],
result: [
{
metrics: {},
values,
},
],
}));
return { ...template, queries };
};
describe('Anomaly chart component', () => {
let wrapper;
const setupAnomalyChart = props => {
wrapper = shallowMount(Anomaly, {
propsData: { ...props },
slots: {
default: mockWidgets,
},
sync: false,
});
};
const findTimeSeries = () => wrapper.find(MonitorTimeSeriesChart);
const getTimeSeriesProps = () => findTimeSeries().props();
describe('wrapped monitor-time-series-chart component', () => {
const dataSetName = 'noAnomaly';
const dataSet = anomalyMockResultValues[dataSetName];
const inputThresholds = ['some threshold'];
beforeEach(() => {
setupAnomalyChart({
graphData: makeAnomalyGraphData(dataSetName),
deploymentData: anomalyDeploymentData,
thresholds: inputThresholds,
projectPath: mockProjectPath,
});
});
it('is a Vue instance', () => {
expect(findTimeSeries().exists()).toBe(true);
expect(findTimeSeries().isVueInstance()).toBe(true);
});
describe('receives props correctly', () => {
describe('graph-data', () => {
it('receives a single "metric" series', () => {
const { graphData } = getTimeSeriesProps();
expect(graphData.queries.length).toBe(1);
});
it('receives "metric" with all data', () => {
const { graphData } = getTimeSeriesProps();
const query = graphData.queries[0];
const expectedQuery = makeAnomalyGraphData(dataSetName).queries[0];
expect(query).toEqual(expectedQuery);
});
it('receives the "metric" results', () => {
const { graphData } = getTimeSeriesProps();
const { result } = graphData.queries[0];
const { values } = result[0];
const [metricDataset] = dataSet;
expect(values).toEqual(expect.any(Array));
values.forEach(([, y], index) => {
expect(y).toBeCloseTo(metricDataset[index][1]);
});
});
});
describe('option', () => {
let option;
let series;
beforeEach(() => {
({ option } = getTimeSeriesProps());
({ series } = option);
});
it('contains a boundary band', () => {
expect(series).toEqual(expect.any(Array));
expect(series.length).toEqual(2); // 1 upper + 1 lower boundaries
expect(series[0].stack).toEqual(series[1].stack);
series.forEach(s => {
expect(s.type).toBe('line');
expect(s.lineStyle.width).toBe(0);
expect(s.lineStyle.color).toMatch(/rgba\(.+\)/);
expect(s.lineStyle.color).toMatch(s.color);
expect(s.symbol).toEqual('none');
});
});
it('upper boundary values are stacked on top of lower boundary', () => {
const [lowerSeries, upperSeries] = series;
const [, upperDataset, lowerDataset] = dataSet;
lowerSeries.data.forEach(([, y], i) => {
expect(y).toBeCloseTo(lowerDataset[i][1]);
});
upperSeries.data.forEach(([, y], i) => {
expect(y).toBeCloseTo(upperDataset[i][1] - lowerDataset[i][1]);
});
});
});
describe('series-config', () => {
let seriesConfig;
beforeEach(() => {
({ seriesConfig } = getTimeSeriesProps());
});
it('display symbols is enabled', () => {
expect(seriesConfig).toEqual(
expect.objectContaining({
type: 'line',
symbol: 'circle',
showSymbol: true,
symbolSize: expect.any(Function),
itemStyle: {
color: expect.any(Function),
},
}),
);
});
it('does not display anomalies', () => {
const { symbolSize, itemStyle } = seriesConfig;
const [metricDataset] = dataSet;
metricDataset.forEach((v, dataIndex) => {
const size = symbolSize(null, { dataIndex });
const color = itemStyle.color({ dataIndex });
// normal color and small size
expect(size).toBeCloseTo(0);
expect(color).toBe(colorValues.primaryColor);
});
});
it('can format y values (to use in tooltips)', () => {
expect(parseFloat(wrapper.vm.yValueFormatted(0, 0))).toEqual(dataSet[0][0][1]);
expect(parseFloat(wrapper.vm.yValueFormatted(1, 0))).toEqual(dataSet[1][0][1]);
expect(parseFloat(wrapper.vm.yValueFormatted(2, 0))).toEqual(dataSet[2][0][1]);
});
});
describe('inherited properties', () => {
it('"deployment-data" keeps the same value', () => {
const { deploymentData } = getTimeSeriesProps();
expect(deploymentData).toEqual(anomalyDeploymentData);
});
it('"thresholds" keeps the same value', () => {
const { thresholds } = getTimeSeriesProps();
expect(thresholds).toEqual(inputThresholds);
});
it('"projectPath" keeps the same value', () => {
const { projectPath } = getTimeSeriesProps();
expect(projectPath).toEqual(mockProjectPath);
});
});
});
});
describe('with no boundary data', () => {
const dataSetName = 'noBoundary';
const dataSet = anomalyMockResultValues[dataSetName];
beforeEach(() => {
setupAnomalyChart({
graphData: makeAnomalyGraphData(dataSetName),
deploymentData: anomalyDeploymentData,
});
});
describe('option', () => {
let option;
let series;
beforeEach(() => {
({ option } = getTimeSeriesProps());
({ series } = option);
});
it('does not display a boundary band', () => {
expect(series).toEqual(expect.any(Array));
expect(series.length).toEqual(0); // no boundaries
});
it('can format y values (to use in tooltips)', () => {
expect(parseFloat(wrapper.vm.yValueFormatted(0, 0))).toEqual(dataSet[0][0][1]);
expect(wrapper.vm.yValueFormatted(1, 0)).toBe(''); // missing boundary
expect(wrapper.vm.yValueFormatted(2, 0)).toBe(''); // missing boundary
});
});
});
describe('with one anomaly', () => {
const dataSetName = 'oneAnomaly';
const dataSet = anomalyMockResultValues[dataSetName];
beforeEach(() => {
setupAnomalyChart({
graphData: makeAnomalyGraphData(dataSetName),
deploymentData: anomalyDeploymentData,
});
});
describe('series-config', () => {
it('displays one anomaly', () => {
const { seriesConfig } = getTimeSeriesProps();
const { symbolSize, itemStyle } = seriesConfig;
const [metricDataset] = dataSet;
const bigDots = metricDataset.filter((v, dataIndex) => {
const size = symbolSize(null, { dataIndex });
return size > 0.1;
});
const redDots = metricDataset.filter((v, dataIndex) => {
const color = itemStyle.color({ dataIndex });
return color === colorValues.anomalySymbol;
});
expect(bigDots.length).toBe(1);
expect(redDots.length).toBe(1);
});
});
});
describe('with offset', () => {
const dataSetName = 'negativeBoundary';
const dataSet = anomalyMockResultValues[dataSetName];
const expectedOffset = 4; // Lowst point in mock data is -3.70, it gets rounded
beforeEach(() => {
setupAnomalyChart({
graphData: makeAnomalyGraphData(dataSetName),
deploymentData: anomalyDeploymentData,
});
});
describe('receives props correctly', () => {
describe('graph-data', () => {
it('receives a single "metric" series', () => {
const { graphData } = getTimeSeriesProps();
expect(graphData.queries.length).toBe(1);
});
it('receives "metric" results and applies the offset to them', () => {
const { graphData } = getTimeSeriesProps();
const { result } = graphData.queries[0];
const { values } = result[0];
const [metricDataset] = dataSet;
expect(values).toEqual(expect.any(Array));
values.forEach(([, y], index) => {
expect(y).toBeCloseTo(metricDataset[index][1] + expectedOffset);
});
});
});
});
describe('option', () => {
it('upper boundary values are stacked on top of lower boundary, plus the offset', () => {
const { option } = getTimeSeriesProps();
const { series } = option;
const [lowerSeries, upperSeries] = series;
const [, upperDataset, lowerDataset] = dataSet;
lowerSeries.data.forEach(([, y], i) => {
expect(y).toBeCloseTo(lowerDataset[i][1] + expectedOffset);
});
upperSeries.data.forEach(([, y], i) => {
expect(y).toBeCloseTo(upperDataset[i][1] - lowerDataset[i][1]);
});
});
});
});
});
spec/frontend/monitoring/mock_data.js 0 → 100644
View file @ 3fe9588b
export const mockProjectDir = '/frontend-fixtures/environments-project';
export const anomalyDeploymentData = [
{
id: 111,
iid: 3,
sha: 'f5bcd1d9dac6fa4137e2510b9ccd134ef2e84187',
ref: {
name: 'master',
},
created_at: '2019-08-19T22:00:00.000Z',
deployed_at: '2019-08-19T22:01:00.000Z',
tag: false,
'last?': true,
},
{
id: 110,
iid: 2,
sha: 'f5bcd1d9dac6fa4137e2510b9ccd134ef2e84187',
ref: {
name: 'master',
},
created_at: '2019-08-19T23:00:00.000Z',
deployed_at: '2019-08-19T23:00:00.000Z',
tag: false,
'last?': false,
},
];
export const anomalyMockResultValues = {
noAnomaly: [
[
['2019-08-19T19:00:00.000Z', 1.25],
['2019-08-19T20:00:00.000Z', 1.45],
['2019-08-19T21:00:00.000Z', 1.55],
['2019-08-19T22:00:00.000Z', 1.48],
],
[
// upper boundary
['2019-08-19T19:00:00.000Z', 2],
['2019-08-19T20:00:00.000Z', 2.55],
['2019-08-19T21:00:00.000Z', 2.65],
['2019-08-19T22:00:00.000Z', 3.0],
],
[
// lower boundary
['2019-08-19T19:00:00.000Z', 0.45],
['2019-08-19T20:00:00.000Z', 0.65],
['2019-08-19T21:00:00.000Z', 0.7],
['2019-08-19T22:00:00.000Z', 0.8],
],
],
noBoundary: [
[
['2019-08-19T19:00:00.000Z', 1.25],
['2019-08-19T20:00:00.000Z', 1.45],
['2019-08-19T21:00:00.000Z', 1.55],
['2019-08-19T22:00:00.000Z', 1.48],
],
[
// empty upper boundary
],
[
// empty lower boundary
],
],
oneAnomaly: [
[
['2019-08-19T19:00:00.000Z', 1.25],
['2019-08-19T20:00:00.000Z', 3.45], // anomaly
['2019-08-19T21:00:00.000Z', 1.55],
],
[
// upper boundary
['2019-08-19T19:00:00.000Z', 2],
['2019-08-19T20:00:00.000Z', 2.55],
['2019-08-19T21:00:00.000Z', 2.65],
],
[
// lower boundary
['2019-08-19T19:00:00.000Z', 0.45],
['2019-08-19T20:00:00.000Z', 0.65],
['2019-08-19T21:00:00.000Z', 0.7],
],
],
negativeBoundary: [
[
['2019-08-19T19:00:00.000Z', 1.25],
['2019-08-19T20:00:00.000Z', 3.45], // anomaly
['2019-08-19T21:00:00.000Z', 1.55],
],
[
// upper boundary
['2019-08-19T19:00:00.000Z', 2],
['2019-08-19T20:00:00.000Z', 2.55],
['2019-08-19T21:00:00.000Z', 2.65],
],
[
// lower boundary
['2019-08-19T19:00:00.000Z', -1.25],
['2019-08-19T20:00:00.000Z', -2.65],
['2019-08-19T21:00:00.000Z', -3.7], // lowest point
],
],
};
export const anomalyMockGraphData = {
title: 'Requests Per Second Mock Data',
type: 'anomaly-chart',
weight: 3,
metrics: [
// Not used
],
queries: [
{
metricId: '90',
id: 'metric',
query_range: 'MOCK_PROMETHEUS_METRIC_QUERY_RANGE',
unit: 'RPS',
label: 'Metrics RPS',
metric_id: 90,
prometheus_endpoint_path: 'MOCK_METRIC_PEP',
result: [
{
metric: {},
values: [['2019-08-19T19:00:00.000Z', 0]],
},
],
},
{
metricId: '91',
id: 'upper',
query_range: '...',
unit: 'RPS',
label: 'Upper Limit Metrics RPS',
metric_id: 91,
prometheus_endpoint_path: 'MOCK_UPPER_PEP',
result: [
{
metric: {},
values: [['2019-08-19T19:00:00.000Z', 0]],
},
],
},
{
metricId: '92',
id: 'lower',
query_range: '...',
unit: 'RPS',
label: 'Lower Limit Metrics RPS',
metric_id: 92,
prometheus_endpoint_path: 'MOCK_LOWER_PEP',
result: [
{
metric: {},
values: [['2019-08-19T19:00:00.000Z', 0]],
},
],
},
],
};
spec/frontend/repository/components/table/row_spec.js
View file @ 3fe9588b
......@@ -104,7 +104,7 @@ describe('Repository table row component', () => {
if (pushes) {
expect(visitUrl).not.toHaveBeenCalled();
} else {
expect(visitUrl).toHaveBeenCalledWith('https://test.com');
expect(visitUrl).toHaveBeenCalledWith('https://test.com', undefined);
}
});
......
spec/javascripts/monitoring/mock_data.js
View file @ 3fe9588b
This diff is collapsed.
spec/javascripts/monitoring/utils_spec.js
View file @ 3fe9588b
This diff is collapsed.
spec/models/group_group_link_spec.rb 0 → 100644
View file @ 3fe9588b
This diff is collapsed.
spec/models/group_spec.rb
View file @ 3fe9588b
This diff is collapsed.
spec/requests/api/members_spec.rb
View file @ 3fe9588b
This diff is collapsed.
spec/services/groups/group_links/create_service_spec.rb 0 → 100644
View file @ 3fe9588b
This diff is collapsed.
spec/workers/every_sidekiq_worker_spec.rb
View file @ 3fe9588b
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7