Add latest changes from gitlab-org/gitlab@master

f32a580a · GitLab Bot · a5ab3467 · f32a580a · f32a580a · f32a580a
Commit f32a580a authored Jan 13, 2020 by GitLab Bot
14 changed files
--- a/app/models/merge_request.rb
+++ b/app/models/merge_request.rb
@@ -258,7 +258,7 @@ class MergeRequest < ApplicationRecord
  alias_method :issuing_parent, :target_project
  delegate :active?, to: :head_pipeline, prefix: true, allow_nil: true
-  delegate :success?, to: :actual_head_pipeline, prefix: true, allow_nil: true
+  delegate :success?, :active?, to: :actual_head_pipeline, prefix: true, allow_nil: true
  RebaseLockTimeout = Class.new(StandardError)

--- a/changelogs/unreleased/bvl-fix-mwps-api.yml
+++ b/changelogs/unreleased/bvl-fix-mwps-api.yml
+---
+title: Merge a merge request immediately when passing merge when pipeline succeeds
+  to the merge API when the head pipeline already succeeded
+merge_request: 22777
+author:
+type: fixed
--- a/changelogs/unreleased/security-project-import-vn-master.yml
+++ b/changelogs/unreleased/security-project-import-vn-master.yml
+---
+title: Fix private objects exposure when using Project Import functionality
+merge_request:
+author:
+type: security
--- a/changelogs/unreleased/tpresa-user-without-project-license-seat.yml
+++ b/changelogs/unreleased/tpresa-user-without-project-license-seat.yml
+---
+title: Users without projects use a license seat in a non-premium license
+merge_request: 20664
+author:
+type: fixed
--- a/doc/administration/instance_limits.md
+++ b/doc/administration/instance_limits.md
@@ -18,3 +18,19 @@ added so that the history of events is not lost, but user-submitted comments
 will fail.
 - **Max limit:** 5.000 comments
+## Number of pipelines per Git push
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/issues/51401) in GitLab 11.10.
+The number of pipelines that can be created in a single push is 4.
+This is to prevent the accidental creation of pipelines when `git push --all`
+or `git push --mirror` is used.
+Read more in the [CI documentation](../ci/yaml/README.md#processing-git-pushes).
+## Retention of activity history
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/issues/21164) in GitLab 8.12.
+Activity history for projects and individuals' profiles was limited to one year until [GitLab 11.4](https://gitlab.com/gitlab-org/gitlab-foss/issues/52246) when it was extended to two years, and in [GitLab 12.4](https://gitlab.com/gitlab-org/gitlab/issues/33840) to three years.
--- a/doc/integration/vault.md
+++ b/doc/integration/vault.md
@@ -7,7 +7,7 @@ type: reference, howto
 > [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/issues/22323) in GitLab 9.0
 [Vault](https://www.vaultproject.io/) is a secrets management application offered by HashiCorp.
-It allows you to store and manage sensitive information such secret environment variables, encryption keys, and authentication tokens.
+It allows you to store and manage sensitive information such as secret environment variables, encryption keys, and authentication tokens.
 Vault offers Identity-based Access, which means Vault users can authenticate through several of their preferred cloud providers.
 In this document, we'll explain how Vault users can authenticate themselves through GitLab by utilizing our OpenID authentication feature.

--- a/doc/user/clusters/applications.md
+++ b/doc/user/clusters/applications.md
@@ -264,7 +264,7 @@ This feature:
  For example:
  ```sh
-  kubectl -n gitlab-managed-apps exec -it $(kubectl get pods -n gitlab-managed-apps | grep 'ingress-controller' | awk '{print $1}') -- tail -f /var/log/modsec/audit.log
+  kubectl logs -n gitlab-managed-apps $(kubectl get pod -n gitlab-managed-apps -l app=nginx-ingress,component=controller --no-headers=true -o custom-columns=:metadata.name) modsecurity-log -f
  ```
 To enable ModSecurity, check the **Enable Web Application Firewall** checkbox

--- a/lib/api/merge_requests.rb
+++ b/lib/api/merge_requests.rb
@@ -68,8 +68,17 @@ module API
        end
      end
-      def not_automatically_mergeable?(merge_when_pipeline_succeeds, merge_request)
+      def automatically_mergeable?(merge_when_pipeline_succeeds, merge_request)
-        merge_when_pipeline_succeeds && !merge_request.head_pipeline_active? && !merge_request.actual_head_pipeline_success?
+        pipeline_active = merge_request.head_pipeline_active? || merge_request.actual_head_pipeline_active?
+        merge_when_pipeline_succeeds && merge_request.mergeable_state?(skip_ci_check: true) && pipeline_active
+      end
+      def immediately_mergeable?(merge_when_pipeline_succeeds, merge_request)
+        if merge_when_pipeline_succeeds
+          merge_request.actual_head_pipeline_success?
+        else
+          merge_request.mergeable_state?
+        end
      end
      def serializer_options_for(merge_requests)
@@ -393,16 +402,18 @@ module API
        Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-foss/issues/42317')
        merge_request = find_project_merge_request(params[:merge_request_iid])
-        merge_when_pipeline_succeeds = to_boolean(params[:merge_when_pipeline_succeeds])
-        not_automatically_mergeable = not_automatically_mergeable?(merge_when_pipeline_succeeds, merge_request)
        # Merge request can not be merged
        # because user dont have permissions to push into target branch
        unauthorized! unless merge_request.can_be_merged_by?(current_user)
-        not_allowed! if !merge_request.mergeable_state?(skip_ci_check: merge_when_pipeline_succeeds) || not_automatically_mergeable
+        merge_when_pipeline_succeeds = to_boolean(params[:merge_when_pipeline_succeeds])
+        automatically_mergeable = automatically_mergeable?(merge_when_pipeline_succeeds, merge_request)
+        immediately_mergeable = immediately_mergeable?(merge_when_pipeline_succeeds, merge_request)
+        not_allowed! if !immediately_mergeable && !automatically_mergeable
-        render_api_error!('Branch cannot be merged', 406) unless merge_request.mergeable?(skip_ci_check: merge_when_pipeline_succeeds)
+        render_api_error!('Branch cannot be merged', 406) unless merge_request.mergeable?(skip_ci_check: automatically_mergeable)
        check_sha_param!(params, merge_request)
@@ -415,13 +426,13 @@ module API
          sha: params[:sha] || merge_request.diff_head_sha
        )
-        if merge_when_pipeline_succeeds
+        if immediately_mergeable
-          AutoMergeService.new(merge_request.target_project, current_user, merge_params)
-            .execute(merge_request, AutoMergeService::STRATEGY_MERGE_WHEN_PIPELINE_SUCCEEDS)
-        else
          ::MergeRequests::MergeService
            .new(merge_request.target_project, current_user, merge_params)
            .execute(merge_request)
+        elsif automatically_mergeable
+          AutoMergeService.new(merge_request.target_project, current_user, merge_params)
+            .execute(merge_request, AutoMergeService::STRATEGY_MERGE_WHEN_PIPELINE_SUCCEEDS)
        end
        present merge_request, with: Entities::MergeRequest, current_user: current_user, project: user_project

--- a/lib/gitlab/import_export/attribute_cleaner.rb
+++ b/lib/gitlab/import_export/attribute_cleaner.rb
@@ -3,8 +3,8 @@
 module Gitlab
  module ImportExport
    class AttributeCleaner
-      ALLOWED_REFERENCES = RelationFactory::PROJECT_REFERENCES + RelationFactory::USER_REFERENCES + %w[group_id commit_id discussion_id]
+      ALLOWED_REFERENCES = RelationFactory::PROJECT_REFERENCES + RelationFactory::USER_REFERENCES + %w[group_id commit_id discussion_id custom_attributes]
-      PROHIBITED_REFERENCES = Regexp.union(/\Acached_markdown_version\Z/, /_id\Z/, /_ids\Z/, /_html\Z/).freeze
+      PROHIBITED_REFERENCES = Regexp.union(/\Acached_markdown_version\Z/, /_id\Z/, /_ids\Z/, /_html\Z/, /attributes/).freeze
      def self.clean(*args)
        new(*args).clean

--- a/qa/qa/page/project/issue/index.rb
+++ b/qa/qa/page/project/issue/index.rb
@@ -10,6 +10,7 @@ module QA
          end
          view 'app/views/projects/issues/_issue.html.haml' do
+            element :issue
            element :issue_link, 'link_to issue.title' # rubocop:disable QA/ElementWithPattern
          end
@@ -38,7 +39,7 @@ module QA
          end
          def has_issue?(issue)
-            has_element? :issue, issue_title: issue.to_s
+            has_element? :issue, issue_title: issue.title
          end
        end
      end

--- a/qa/qa/resource/issue.rb
+++ b/qa/qa/resource/issue.rb
@@ -38,10 +38,6 @@ module QA
        end
      end
-      def to_s
-        @title
-      end
      def api_get_path
        "/projects/#{project.id}/issues/#{id}"
      end

--- a/spec/lib/gitlab/import_export/attribute_cleaner_spec.rb
+++ b/spec/lib/gitlab/import_export/attribute_cleaner_spec.rb
@@ -25,11 +25,21 @@ describe Gitlab::ImportExport::AttributeCleaner do
      'legit_html' => '<p>legit html</p>',
      '_html' => '<p>perfectly ordinary html</p>',
      'cached_markdown_version' => 12345,
+      'custom_attributes' => 'whatever',
+      'some_attributes_metadata' => 'whatever',
      'group_id' => 99,
      'commit_id' => 99,
      'issue_ids' => [1, 2, 3],
      'merge_request_ids' => [1, 2, 3],
-      'note_ids' => [1, 2, 3]
+      'note_ids' => [1, 2, 3],
+      'attributes' => {
+        'issue_ids' => [1, 2, 3],
+        'merge_request_ids' => [1, 2, 3],
+        'note_ids' => [1, 2, 3]
+      },
+      'variables_attributes' => {
+        'id' => 1
+      }
    }
  end
@@ -40,7 +50,8 @@ describe Gitlab::ImportExport::AttributeCleaner do
      'random_id_in_the_middle' => 99,
      'notid' => 99,
      'group_id' => 99,
-      'commit_id' => 99
+      'commit_id' => 99,
+      'custom_attributes' => 'whatever'
    }
  end

--- a/spec/models/merge_request_spec.rb
+++ b/spec/models/merge_request_spec.rb
@@ -2214,6 +2214,16 @@ describe MergeRequest do
    end
  end
+  describe "#actual_head_pipeline_active? " do
+    it do
+      is_expected
+        .to delegate_method(:active?)
+        .to(:actual_head_pipeline)
+        .with_prefix
+        .with_arguments(allow_nil: true)
+    end
+  end
  describe '#mergeable_ci_state?' do
    let(:project) { create(:project, only_allow_merge_if_pipeline_succeeds: true) }
    let(:pipeline) { create(:ci_empty_pipeline) }

--- a/spec/requests/api/merge_requests_spec.rb
+++ b/spec/requests/api/merge_requests_spec.rb
@@ -1549,7 +1549,7 @@ describe API::MergeRequests do
    end
  end
-  describe "PUT /projects/:id/merge_requests/:merge_request_iid/merge" do
+  describe "PUT /projects/:id/merge_requests/:merge_request_iid/merge", :clean_gitlab_redis_cache do
    let(:pipeline) { create(:ci_pipeline) }
    it "returns merge_request in case of success" do
@@ -1637,6 +1637,15 @@ describe API::MergeRequests do
      expect(merge_request.reload.state).to eq('opened')
    end
+    it 'merges if the head pipeline already succeeded and `merge_when_pipeline_succeeds` is passed' do
+      create(:ci_pipeline, :success, sha: merge_request.diff_head_sha, merge_requests_as_head_pipeline: [merge_request])
+      put api("/projects/#{project.id}/merge_requests/#{merge_request.iid}/merge", user), params: { merge_when_pipeline_succeeds: true }
+      expect(response).to have_gitlab_http_status(200)
+      expect(json_response['state']).to eq('merged')
+    end
    it "enables merge when pipeline succeeds if the pipeline is active" do
      allow_any_instance_of(MergeRequest).to receive_messages(head_pipeline: pipeline, actual_head_pipeline: pipeline)
      allow(pipeline).to receive(:active?).and_return(true)