Commit 841df318 authored by GitLab Bot's avatar GitLab Bot

Automatic merge of gitlab-org/gitlab master

parents 629dc697 3aa3bb35
...@@ -387,7 +387,7 @@ export default { ...@@ -387,7 +387,7 @@ export default {
</div> </div>
<template v-else> <template v-else>
<div <div
v-show="showWarning" v-if="showWarning"
class="collapsed-file-warning gl-p-7 gl-bg-orange-50 gl-text-center gl-rounded-bottom-left-base gl-rounded-bottom-right-base" class="collapsed-file-warning gl-p-7 gl-bg-orange-50 gl-text-center gl-rounded-bottom-left-base gl-rounded-bottom-right-base"
> >
<p class="gl-mb-5"> <p class="gl-mb-5">
...@@ -403,7 +403,7 @@ export default { ...@@ -403,7 +403,7 @@ export default {
</gl-button> </gl-button>
</div> </div>
<diff-content <diff-content
v-show="showContent" v-if="showContent"
:class="hasBodyClasses.content" :class="hasBodyClasses.content"
:diff-file="file" :diff-file="file"
:help-page-path="helpPagePath" :help-page-path="helpPagePath"
......
...@@ -25,6 +25,7 @@ module Enums ...@@ -25,6 +25,7 @@ module Enums
ci_quota_exceeded: 16, ci_quota_exceeded: 16,
pipeline_loop_detected: 17, pipeline_loop_detected: 17,
no_matching_runner: 18, # not used anymore, but cannot be deleted because of old data no_matching_runner: 18, # not used anymore, but cannot be deleted because of old data
trace_size_exceeded: 19,
insufficient_bridge_permissions: 1_001, insufficient_bridge_permissions: 1_001,
downstream_bridge_project_not_found: 1_002, downstream_bridge_project_not_found: 1_002,
invalid_bridge_trigger: 1_003, invalid_bridge_trigger: 1_003,
......
...@@ -26,7 +26,8 @@ class CommitStatusPresenter < Gitlab::View::Presenter::Delegated ...@@ -26,7 +26,8 @@ class CommitStatusPresenter < Gitlab::View::Presenter::Delegated
project_deleted: 'The job belongs to a deleted project', project_deleted: 'The job belongs to a deleted project',
user_blocked: 'The user who created this job is blocked', user_blocked: 'The user who created this job is blocked',
ci_quota_exceeded: 'No more CI minutes available', ci_quota_exceeded: 'No more CI minutes available',
no_matching_runner: 'No matching runner available' no_matching_runner: 'No matching runner available',
trace_size_exceeded: 'The job log size limit was reached'
}.freeze }.freeze
private_constant :CALLOUT_FAILURE_MESSAGES private_constant :CALLOUT_FAILURE_MESSAGES
......
...@@ -24,6 +24,12 @@ module Ci ...@@ -24,6 +24,12 @@ module Ci
body_start = content_range[0].to_i body_start = content_range[0].to_i
body_end = body_start + body_data.bytesize body_end = body_start + body_data.bytesize
if trace_size_exceeded?(body_end)
build.drop(:trace_size_exceeded)
return Result.new(status: 403)
end
stream_size = build.trace.append(body_data, body_start) stream_size = build.trace.append(body_data, body_start)
unless stream_size == body_end unless stream_size == body_end
...@@ -37,6 +43,8 @@ module Ci ...@@ -37,6 +43,8 @@ module Ci
private private
delegate :project, to: :build
def stream_range def stream_range
params.fetch(:content_range) params.fetch(:content_range)
end end
...@@ -61,5 +69,10 @@ module Ci ...@@ -61,5 +69,10 @@ module Ci
::Gitlab::ErrorTracking ::Gitlab::ErrorTracking
.log_exception(TraceRangeError.new, extra) .log_exception(TraceRangeError.new, extra)
end end
def trace_size_exceeded?(size)
Feature.enabled?(:ci_jobs_trace_size_limit, project, default_enabled: :yaml) &&
project.actual_limits.exceeded?(:ci_jobs_trace_size_limit, size / 1.megabyte)
end
end end
end end
---
name: ci_jobs_trace_size_limit
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/65349
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/335259
milestone: '14.1'
type: development
group: group::pipeline execution
default_enabled: false
# frozen_string_literal: true
class AddCiJobTraceSizeToPlanLimits < ActiveRecord::Migration[6.1]
def change
add_column(:plan_limits, :ci_jobs_trace_size_limit, :integer, default: 100, null: false)
end
end
8c4c92c4606cf406def47829ce16e903b3b2da00cbbdccfe6f0af5fa249be862
\ No newline at end of file
...@@ -16363,7 +16363,8 @@ CREATE TABLE plan_limits ( ...@@ -16363,7 +16363,8 @@ CREATE TABLE plan_limits (
web_hook_calls integer DEFAULT 0 NOT NULL, web_hook_calls integer DEFAULT 0 NOT NULL,
ci_daily_pipeline_schedule_triggers integer DEFAULT 0 NOT NULL, ci_daily_pipeline_schedule_triggers integer DEFAULT 0 NOT NULL,
ci_max_artifact_size_running_container_scanning integer DEFAULT 0 NOT NULL, ci_max_artifact_size_running_container_scanning integer DEFAULT 0 NOT NULL,
ci_max_artifact_size_cluster_image_scanning integer DEFAULT 0 NOT NULL ci_max_artifact_size_cluster_image_scanning integer DEFAULT 0 NOT NULL,
ci_jobs_trace_size_limit integer DEFAULT 100 NOT NULL
); );
CREATE SEQUENCE plan_limits_id_seq CREATE SEQUENCE plan_limits_id_seq
...@@ -482,6 +482,46 @@ A runner's registration fails if it exceeds the limit for the scope determined b ...@@ -482,6 +482,46 @@ A runner's registration fails if it exceeds the limit for the scope determined b
Plan.default.actual_limits.update!(ci_registered_project_runners: 100) Plan.default.actual_limits.update!(ci_registered_project_runners: 100)
``` ```
### Maximum file size for job logs
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/276192) in GitLab 14.1.
> - [Deployed behind a feature flag](../user/feature_flags.md), disabled by default.
> - Disabled on GitLab.com.
> - Not recommended for production use.
> - To use in GitLab self-managed instances, ask a GitLab administrator to [enable it](#enable-or-disable-job-log-limits). **(FREE SELF)**
This in-development feature might not be available for your use. There can be
[risks when enabling features still in development](../user/feature_flags.md#risks-when-enabling-features-still-in-development).
Refer to this feature's version history for more details.
The job log file size limit is 100 megabytes by default. Any job that exceeds this value is dropped.
You can change the limit in the [GitLab Rails console](operations/rails_console.md#starting-a-rails-console-session).
Update `ci_jobs_trace_size_limit` with the new value in megabytes:
```ruby
Plan.default.actual_limits.update!(ci_jobs_trace_size_limit: 125)
```
#### Enable or disable job log limits **(FREE SELF)**
This feature is under development and not ready for production use. It is
deployed behind a feature flag that is **disabled by default**.
[GitLab administrators with access to the GitLab Rails console](feature_flags.md)
can enable it.
To enable it:
```ruby
Feature.enable(:ci_jobs_trace_size_limit)
```
To disable it:
```ruby
Feature.disable(:ci_jobs_trace_size_limit)
```
## Instance monitoring and metrics ## Instance monitoring and metrics
### Incident Management inbound alert limits ### Incident Management inbound alert limits
......
...@@ -18,7 +18,7 @@ To view an epic board: ...@@ -18,7 +18,7 @@ To view an epic board:
1. On the top bar, select **Menu > Groups** and find your group. 1. On the top bar, select **Menu > Groups** and find your group.
1. On the left sidebar, select **Epics > Boards**. 1. On the left sidebar, select **Epics > Boards**.
![GitLab epic board - Premium](img/epic_board_v14_0.png) ![GitLab epic board - Premium](img/epic_board_v14_1.png)
## Create an epic board ## Create an epic board
...@@ -100,6 +100,23 @@ To remove a list from an epic board: ...@@ -100,6 +100,23 @@ To remove a list from an epic board:
1. Select **Remove list**. A confirmation dialog appears. 1. Select **Remove list**. A confirmation dialog appears.
1. Select **OK**. 1. Select **OK**.
## Create an epic from an epic board
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/233568) in GitLab 14.0.
Prerequisites:
- You must have at least the [Reporter role](../../permissions.md#group-members-permissions) for a group.
- You must have [created a list](#create-a-new-list) first.
To create an epic from a list in epic board:
1. On the top of a list, select the **New epic** (**{plus}**) icon.
1. Enter the new epic's title.
1. Select **Create epic**.
![Create a GitLab epic from an epic board](img/epic_board_epic_create_v14_1.png)
### Filter epics ### Filter epics
> [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/5079) in GitLab 14.0. > [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/5079) in GitLab 14.0.
......
...@@ -64,6 +64,7 @@ You can also consult the [group permissions table](../../permissions.md#group-me ...@@ -64,6 +64,7 @@ You can also consult the [group permissions table](../../permissions.md#group-me
## Related topics ## Related topics
- [Manage epics](manage_epics.md) and multi-level child epics. - [Manage epics](manage_epics.md) and multi-level child epics.
- Create workflows with [Epic Boards](epic_boards.md).
- [Turn on notifications](../../profile/notifications.md) for about epic events. - [Turn on notifications](../../profile/notifications.md) for about epic events.
- [Award an emoji](../../award_emojis.md) to an epic or its comments. - [Award an emoji](../../award_emojis.md) to an epic or its comments.
- Collaborate on an epic by posting comments in a [thread](../../discussions/index.md). - Collaborate on an epic by posting comments in a [thread](../../discussions/index.md).
......
...@@ -214,6 +214,10 @@ module API ...@@ -214,6 +214,10 @@ module API
.new(job, content_range: content_range) .new(job, content_range: content_range)
.execute(request.body.read) .execute(request.body.read)
if result.status == 403
break error!('403 Forbidden', 403)
end
if result.status == 416 if result.status == 416
break error!('416 Range Not Satisfiable', 416, { 'Range' => "0-#{result.stream_size}" }) break error!('416 Range Not Satisfiable', 416, { 'Range' => "0-#{result.stream_size}" })
end end
......
...@@ -31,7 +31,8 @@ module Gitlab ...@@ -31,7 +31,8 @@ module Gitlab
project_deleted: 'pipeline project was deleted', project_deleted: 'pipeline project was deleted',
user_blocked: 'pipeline user was blocked', user_blocked: 'pipeline user was blocked',
ci_quota_exceeded: 'no more CI minutes available', ci_quota_exceeded: 'no more CI minutes available',
no_matching_runner: 'no matching runner available' no_matching_runner: 'no matching runner available',
trace_size_exceeded: 'log size limit exceeded'
}.freeze }.freeze
private_constant :REASONS private_constant :REASONS
......
...@@ -3,8 +3,12 @@ LABEL maintainer="GitLab Quality Department <quality@gitlab.com>" ...@@ -3,8 +3,12 @@ LABEL maintainer="GitLab Quality Department <quality@gitlab.com>"
ENV DEBIAN_FRONTEND="noninteractive" ENV DEBIAN_FRONTEND="noninteractive"
ENV DOCKER_VERSION="17.09.0-ce" ENV DOCKER_VERSION="17.09.0-ce"
ENV CHROME_VERSION="87.0.4280.141-1"
ENV CHROME_DRIVER_VERSION="87.0.4280.88" # https://s3.amazonaws.com/gitlab-google-chrome-stable
ENV CHROME_VERSION="91.0.4472.77-1"
# https://chromedriver.chromium.org/downloads
ENV CHROME_DRIVER_VERSION="91.0.4472.101"
ENV CHROME_DEB="google-chrome-stable_${CHROME_VERSION}_amd64.deb" ENV CHROME_DEB="google-chrome-stable_${CHROME_VERSION}_amd64.deb"
ENV CHROME_URL="https://s3.amazonaws.com/gitlab-google-chrome-stable/${CHROME_DEB}" ENV CHROME_URL="https://s3.amazonaws.com/gitlab-google-chrome-stable/${CHROME_DEB}"
......
...@@ -110,7 +110,6 @@ const findLoader = (wrapper) => wrapper.find('[data-testid="loader-icon"]'); ...@@ -110,7 +110,6 @@ const findLoader = (wrapper) => wrapper.find('[data-testid="loader-icon"]');
const findToggleButton = (wrapper) => wrapper.find('[data-testid="expand-button"]'); const findToggleButton = (wrapper) => wrapper.find('[data-testid="expand-button"]');
const toggleFile = (wrapper) => findDiffHeader(wrapper).vm.$emit('toggleFile'); const toggleFile = (wrapper) => findDiffHeader(wrapper).vm.$emit('toggleFile');
const isDisplayNone = (element) => element.style.display === 'none';
const getReadableFile = () => JSON.parse(JSON.stringify(diffFileMockDataReadable)); const getReadableFile = () => JSON.parse(JSON.stringify(diffFileMockDataReadable));
const getUnreadableFile = () => JSON.parse(JSON.stringify(diffFileMockDataUnreadable)); const getUnreadableFile = () => JSON.parse(JSON.stringify(diffFileMockDataUnreadable));
...@@ -305,9 +304,7 @@ describe('DiffFile', () => { ...@@ -305,9 +304,7 @@ describe('DiffFile', () => {
it('should not have any content at all', async () => { it('should not have any content at all', async () => {
await wrapper.vm.$nextTick(); await wrapper.vm.$nextTick();
Array.from(findDiffContentArea(wrapper).element.children).forEach((child) => { expect(findDiffContentArea(wrapper).element.children.length).toBe(0);
expect(isDisplayNone(child)).toBe(true);
});
}); });
it('should not have the class `has-body` to present the header differently', () => { it('should not have the class `has-body` to present the header differently', () => {
......
...@@ -272,6 +272,18 @@ RSpec.describe API::Ci::Runner, :clean_gitlab_redis_shared_state do ...@@ -272,6 +272,18 @@ RSpec.describe API::Ci::Runner, :clean_gitlab_redis_shared_state do
it { expect(response).to have_gitlab_http_status(:forbidden) } it { expect(response).to have_gitlab_http_status(:forbidden) }
end end
context 'when the job trace is too big' do
before do
project.actual_limits.update!(ci_jobs_trace_size_limit: 1)
end
it 'returns 403 Forbidden' do
patch_the_trace(' appended', headers.merge({ 'Content-Range' => "#{1.megabyte}-#{1.megabyte + 9}" }))
expect(response).to have_gitlab_http_status(:forbidden)
end
end
def patch_the_trace(content = ' appended', request_headers = nil, job_id: job.id) def patch_the_trace(content = ' appended', request_headers = nil, job_id: job.id)
unless request_headers unless request_headers
job.trace.read do |stream| job.trace.read do |stream|
......
...@@ -5,7 +5,7 @@ require 'spec_helper' ...@@ -5,7 +5,7 @@ require 'spec_helper'
RSpec.describe Ci::AppendBuildTraceService do RSpec.describe Ci::AppendBuildTraceService do
let_it_be(:project) { create(:project) } let_it_be(:project) { create(:project) }
let_it_be(:pipeline) { create(:ci_pipeline, project: project) } let_it_be(:pipeline) { create(:ci_pipeline, project: project) }
let_it_be(:build) { create(:ci_build, :running, pipeline: pipeline) } let_it_be_with_reload(:build) { create(:ci_build, :running, pipeline: pipeline) }
before do before do
stub_feature_flags(ci_enable_live_trace: true) stub_feature_flags(ci_enable_live_trace: true)
...@@ -54,4 +54,46 @@ RSpec.describe Ci::AppendBuildTraceService do ...@@ -54,4 +54,46 @@ RSpec.describe Ci::AppendBuildTraceService do
expect(result.stream_size).to eq 4 expect(result.stream_size).to eq 4
end end
end end
context 'when the trace size is exceeded' do
before do
project.actual_limits.update!(ci_jobs_trace_size_limit: 1)
end
it 'returns 403 status code' do
stream_size = 1.25.megabytes
body_data = 'x' * stream_size
content_range = "0-#{stream_size}"
result = described_class
.new(build, content_range: content_range)
.execute(body_data)
expect(result.status).to eq 403
expect(result.stream_size).to be_nil
expect(build.trace_chunks.count).to eq 0
expect(build.reload).to be_failed
expect(build.failure_reason).to eq 'trace_size_exceeded'
end
context 'when the feature flag is disabled' do
before do
stub_feature_flags(ci_jobs_trace_size_limit: false)
end
it 'appends trace chunks' do
stream_size = 1.25.megabytes
body_data = 'x' * stream_size
content_range = "0-#{stream_size}"
result = described_class
.new(build, content_range: content_range)
.execute(body_data)
expect(result.status).to eq 202
expect(result.stream_size).to eq stream_size
expect(build.trace_chunks.count).to eq 10
end
end
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment