Commit f3b1e079 authored by GitLab Bot's avatar GitLab Bot

Add latest changes from gitlab-org/gitlab@master

parent ba174c98
image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.5-golang-1.14-git-2.26-lfs-2.9-chrome-73.0-node-12.x-yarn-1.21-postgresql-9.6-graphicsmagick-1.3.34"
image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.5-golang-1.14-git-2.26-lfs-2.9-chrome-73.0-node-12.x-yarn-1.21-postgresql-10-graphicsmagick-1.3.34"
stages:
- sync
......
......@@ -3,9 +3,9 @@
- .default-retry
- .default-cache
- .default-before_script
- .use-pg9
- .use-pg10
stage: test
needs: ["setup-test-env"]
needs: ["setup-test-env pg10"]
variables:
FIXTURE_PATH: "db/fixtures/development"
SEED_CYCLE_ANALYTICS: "true"
......@@ -26,7 +26,7 @@ run-dev-fixtures-ee:
extends:
- .run-dev-fixtures
- .dev-fixtures:rules:ee-only
- .use-pg9-ee
- .use-pg10-ee
script:
- scripts/gitaly-test-spawn
- cp ee/db/fixtures/development/* $FIXTURE_PATH
......
......@@ -66,9 +66,9 @@ graphql-reference-verify:
- .default-cache
- .default-before_script
- .docs:rules:graphql-reference-verify
- .use-pg9
- .use-pg10
stage: test
needs: ["setup-test-env"]
needs: ["setup-test-env pg10"]
script:
- bundle exec rake gitlab:graphql:check_docs
- bundle exec rake gitlab:graphql:check_schema
......@@ -135,13 +135,9 @@ compile-assets pull-cache as-if-foss:
- .default-retry
- .default-cache
- .default-before_script
- .use-pg9
- .use-pg10
stage: fixtures
needs:
- job: "setup-test-env"
artifacts: true
- job: "compile-assets pull-cache"
artifacts: true
needs: ["setup-test-env pg10", "compile-assets pull-cache"]
script:
- date
- scripts/gitaly-test-spawn
......@@ -270,7 +266,6 @@ coverage-frontend:
.qa-frontend-node:
extends:
- .default-retry
- .default-cache
- .frontend:rules:qa-frontend-node
stage: test
dependencies: []
......@@ -300,7 +295,7 @@ webpack-dev-server:
- .default-cache
- .frontend:rules:default-frontend-jobs
stage: test
needs: ["setup-test-env", "compile-assets pull-cache"]
needs: ["setup-test-env pg10", "compile-assets pull-cache"]
variables:
WEBPACK_MEMORY_TEST: "true"
WEBPACK_VENDOR_DLL: "true"
......
......@@ -21,7 +21,7 @@
# Jobs that only need to pull cache
.default-cache:
cache:
key: "debian-stretch-ruby-2.6.5-pg9.6-node-12.x"
key: "debian-stretch-ruby-2.6.5-pg10-node-12.x"
paths:
- .go/pkg/mod
- vendor/ruby
......@@ -30,12 +30,15 @@
policy: pull
.use-pg9:
image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.5-golang-1.12-git-2.24-lfs-2.9-chrome-73.0-node-12.x-yarn-1.21-postgresql-9.6-graphicsmagick-1.3.34"
services:
- name: postgres:9.6.17
command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
- name: redis:alpine
variables:
POSTGRES_HOST_AUTH_METHOD: trust
cache:
key: "debian-stretch-ruby-2.6.5-pg9-node-12.x"
.use-pg10:
image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.5-golang-1.14-git-2.26-lfs-2.9-chrome-73.0-node-12.x-yarn-1.21-postgresql-10-graphicsmagick-1.3.34"
......@@ -45,6 +48,8 @@
- name: redis:alpine
variables:
POSTGRES_HOST_AUTH_METHOD: trust
cache:
key: "debian-stretch-ruby-2.6.5-pg10-node-12.x"
.use-pg11:
image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.5-golang-1.14-git-2.26-lfs-2.9-chrome-73.0-node-12.x-yarn-1.21-postgresql-11-graphicsmagick-1.3.34"
......@@ -54,8 +59,11 @@
- name: redis:alpine
variables:
POSTGRES_HOST_AUTH_METHOD: trust
cache:
key: "debian-stretch-ruby-2.6.5-pg11-node-12.x"
.use-pg9-ee:
image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.5-golang-1.12-git-2.24-lfs-2.9-chrome-73.0-node-12.x-yarn-1.21-postgresql-9.6-graphicsmagick-1.3.34"
services:
- name: postgres:9.6.17
command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
......@@ -63,6 +71,8 @@
- name: elasticsearch:6.4.2
variables:
POSTGRES_HOST_AUTH_METHOD: trust
cache:
key: "debian-stretch-ruby-2.6.5-pg9-node-12.x"
.use-pg10-ee:
image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.5-golang-1.14-git-2.26-lfs-2.9-chrome-73.0-node-12.x-yarn-1.21-postgresql-10-graphicsmagick-1.3.34"
......@@ -73,6 +83,8 @@
- name: elasticsearch:6.4.2
variables:
POSTGRES_HOST_AUTH_METHOD: trust
cache:
key: "debian-stretch-ruby-2.6.5-pg10-node-12.x"
.use-pg11-ee:
image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.5-golang-1.14-git-2.26-lfs-2.9-chrome-73.0-node-12.x-yarn-1.21-postgresql-11-graphicsmagick-1.3.34"
......@@ -83,6 +95,8 @@
- name: elasticsearch:6.4.2
variables:
POSTGRES_HOST_AUTH_METHOD: trust
cache:
key: "debian-stretch-ruby-2.6.5-pg11-node-12.x"
.as-if-foss:
variables:
......
......@@ -8,9 +8,7 @@
memory-static:
extends: .only-code-memory-job-base
stage: test
needs:
- job: setup-test-env
artifacts: true
needs: ["setup-test-env pg10"]
variables:
SETUP_DB: "false"
script:
......@@ -40,11 +38,7 @@ memory-on-boot:
- .only-code-memory-job-base
- .use-pg10
stage: test
needs:
- job: setup-test-env
artifacts: true
- job: compile-assets pull-cache
artifacts: true
needs: ["setup-test-env pg10", "compile-assets pull-cache"]
variables:
NODE_ENV: "production"
RAILS_ENV: "production"
......
pages:
extends:
- .default-retry
- .default-cache
- .pages:rules
stage: pages
dependencies: ["rspec:coverage", "karma", "gitlab:assets:compile pull-cache"]
......
.rails:needs:setup-and-assets:
needs:
- job: setup-test-env
artifacts: true
- job: compile-assets pull-cache
artifacts: true
needs: ["setup-test-env pg10", "compile-assets pull-cache"]
.rails-job-base:
extends:
......@@ -12,12 +8,10 @@
- .default-before_script
####################
# ee and foss jobs #
setup-test-env:
# EE and FOSS jobs #
.base-setup-test-env:
extends:
- .rails-job-base
- .rails:rules:default-refs-code-backstage-qa
- .use-pg9
stage: prepare
script:
- bundle exec ruby -Ispec -e 'require "spec_helper" ; TestEnv.init'
......@@ -31,6 +25,24 @@ setup-test-env:
cache:
policy: pull-push
setup-test-env pg10:
extends:
- .base-setup-test-env
- .rails:rules:default-refs-code-backstage-qa
- .use-pg10
setup-test-env pg11:
extends:
- .base-setup-test-env
- .rails:rules:master-refs-code-backstage
- .use-pg11
setup-test-env pg9:
extends:
- .base-setup-test-env
- .rails:rules:nightly-master-refs-code-backstage
- .use-pg9
static-analysis:
extends:
- .rails-job-base
......@@ -43,7 +55,7 @@ static-analysis:
script:
- scripts/static-analysis
cache:
key: "debian-stretch-ruby-2.6-pg9.6-rubocop"
key: "ruby-2.6.5-pg10-rubocop"
paths:
- vendor/ruby
- tmp/rubocop_cache
......@@ -63,13 +75,7 @@ downtime_check:
.rspec-base:
extends: .rails-job-base
stage: test
needs:
- job: setup-test-env
artifacts: true
- job: retrieve-tests-metadata
artifacts: true
- job: compile-assets pull-cache
artifacts: true
needs: ["setup-test-env pg10", "retrieve-tests-metadata", "compile-assets pull-cache"]
script:
- source scripts/rspec_helpers.sh
- rspec_paralellized_job "--tag ~quarantine --tag ~geo --tag ~level:migration"
......@@ -87,10 +93,10 @@ downtime_check:
reports:
junit: junit_rspec.xml
.rspec-base-quarantine:
.rspec-base-quarantine-pg10:
extends:
- .rspec-base
- .use-pg9
- .use-pg10
variables:
RSPEC_OPTS: "--tag quarantine -- spec/"
script:
......@@ -98,37 +104,37 @@ downtime_check:
- rspec_simple_job "${RSPEC_OPTS}"
allow_failure: true
.rspec-base-pg9:
.rspec-base-pg10:
extends:
- .rspec-base
- .rails:rules:ee-and-foss
- .use-pg9
- .use-pg10
.rspec-base-migration:
script:
- source scripts/rspec_helpers.sh
- rspec_paralellized_job "--tag ~quarantine --tag ~geo --tag level:migration"
rspec migration pg9:
rspec migration pg10:
extends:
- .rspec-base-pg9
- .rspec-base-pg10
- .rspec-base-migration
parallel: 5
rspec unit pg9:
extends: .rspec-base-pg9
rspec unit pg10:
extends: .rspec-base-pg10
parallel: 20
rspec integration pg9:
extends: .rspec-base-pg9
rspec integration pg10:
extends: .rspec-base-pg10
parallel: 8
rspec system pg9:
extends: .rspec-base-pg9
rspec system pg10:
extends: .rspec-base-pg10
parallel: 24
rspec fast_spec_helper:
extends: .rspec-base-pg9
extends: .rspec-base-pg10
script:
- bin/rspec spec/fast_spec_helper.rb
......@@ -136,11 +142,9 @@ rspec fast_spec_helper:
extends:
- .rails-job-base
- .rails:rules:ee-and-foss
- .use-pg9
- .use-pg10
stage: test
needs:
- job: setup-test-env
artifacts: true
needs: ["setup-test-env pg10"]
db:migrate:reset:
extends: .db-job-base
......@@ -209,18 +213,18 @@ rspec:coverage:
# We cannot use needs since it would mean needing 84 jobs (since most are parallelized)
# so we use `dependencies` here.
dependencies:
- setup-test-env
- rspec migration pg9
- rspec unit pg9
- rspec integration pg9
- rspec system pg9
- rspec-ee migration pg9
- rspec-ee unit pg9
- rspec-ee integration pg9
- rspec-ee system pg9
- rspec-ee unit pg9 geo
- rspec-ee integration pg9 geo
- rspec-ee system pg9 geo
- setup-test-env pg10
- rspec migration pg10
- rspec unit pg10
- rspec integration pg10
- rspec system pg10
- rspec-ee migration pg10
- rspec-ee unit pg10
- rspec-ee integration pg10
- rspec-ee system pg10
- rspec-ee unit pg10 geo
- rspec-ee integration pg10 geo
- rspec-ee system pg10 geo
- memory-static
- memory-on-boot
variables:
......@@ -238,170 +242,167 @@ rspec:coverage:
- coverage/index.html
- coverage/assets/
- tmp/memory_test/
# ee and foss jobs #
# EE and FOSS jobs #
####################
####################
# master-only jobs #
rspec quarantine pg9:
rspec quarantine pg10:
extends:
- .rspec-base-quarantine
- .rspec-base-quarantine-pg10
- .rails:rules:master-refs-code-backstage
.rspec-base-pg10:
.rspec-base-pg11:
extends:
- .rspec-base
- .rails:rules:master-refs-code-backstage
- .use-pg10
- .use-pg11
needs: ["setup-test-env pg11", "retrieve-tests-metadata", "compile-assets pull-cache"]
rspec migration pg10:
rspec migration pg11:
extends:
- .rspec-base-pg10
- .rspec-base-pg11
- .rspec-base-migration
parallel: 2
parallel: 5
rspec unit pg10:
extends: .rspec-base-pg10
rspec unit pg11:
extends: .rspec-base-pg11
parallel: 20
rspec integration pg10:
extends: .rspec-base-pg10
rspec integration pg11:
extends: .rspec-base-pg11
parallel: 8
rspec system pg10:
extends: .rspec-base-pg10
rspec system pg11:
extends: .rspec-base-pg11
parallel: 24
# master-only jobs #
####################
############################
# nightly master-only jobs #
.rspec-base-pg11:
######################
# nightly-only jobs #
.rspec-base-pg9:
extends:
- .rspec-base
- .rails:rules:nightly-master-refs-code-backstage
- .use-pg11
- .use-pg9
needs: ["setup-test-env pg9", "retrieve-tests-metadata", "compile-assets pull-cache"]
rspec migration pg11:
rspec migration pg9:
extends:
- .rspec-base-pg11
- .rspec-base-pg9
- .rspec-base-migration
parallel: 2
parallel: 5
rspec unit pg11:
extends: .rspec-base-pg11
rspec unit pg9:
extends: .rspec-base-pg9
parallel: 20
rspec integration pg11:
extends: .rspec-base-pg11
rspec integration pg9:
extends: .rspec-base-pg9
parallel: 8
rspec system pg11:
extends: .rspec-base-pg11
rspec system pg9:
extends: .rspec-base-pg9
parallel: 24
# nightly master-only jobs #
############################
# nightly-only jobs #
#####################
#########################
# ee + master-only jobs #
rspec-ee quarantine pg9:
#######################
# EE master-only jobs #
rspec-ee quarantine pg10:
extends:
- .rspec-base-quarantine
- .rspec-base-quarantine-pg10
- .rails:rules:master-refs-code-backstage-ee-only
variables:
RSPEC_OPTS: "--tag quarantine -- ee/spec/"
rspec-ee migration pg10:
.rspec-ee-base-pg11:
extends:
- .rspec-ee-base-pg10
- .rspec-base-ee
- .use-pg11-ee
needs: ["setup-test-env pg11", "retrieve-tests-metadata", "compile-assets pull-cache"]
rspec-ee migration pg11:
extends:
- .rspec-ee-base-pg11
- .rspec-base-migration
- .rails:rules:master-refs-code-backstage
parallel: 2
rspec-ee unit pg10:
rspec-ee unit pg11:
extends:
- .rspec-ee-base-pg10
- .rspec-ee-base-pg11
- .rails:rules:master-refs-code-backstage
parallel: 10
rspec-ee integration pg10:
rspec-ee integration pg11:
extends:
- .rspec-ee-base-pg10
- .rspec-ee-base-pg11
- .rails:rules:master-refs-code-backstage
parallel: 4
rspec-ee system pg10:
rspec-ee system pg11:
extends:
- .rspec-ee-base-pg10
- .rspec-ee-base-pg11
- .rails:rules:master-refs-code-backstage
parallel: 6
# ee + master-only jobs #
#########################
# EE master-only jobs #
#######################
#################
# ee-only jobs #
################
# EE-only jobs #
.rspec-base-ee:
extends:
- .rspec-base
- .rails:rules:ee-only
.rspec-base-pg9-as-if-foss:
.rspec-base-pg10-as-if-foss:
extends:
- .rspec-base-ee
- .as-if-foss
- .use-pg9
needs:
- job: setup-test-env
artifacts: true
- job: retrieve-tests-metadata
artifacts: true
- job: compile-assets pull-cache as-if-foss
artifacts: true
.rspec-ee-base-pg9:
extends:
- .rspec-base-ee
- .use-pg9-ee
- .use-pg10
needs: ["setup-test-env pg10", "retrieve-tests-metadata", "compile-assets pull-cache as-if-foss"]
.rspec-ee-base-pg10:
extends:
- .rspec-base-ee
- .use-pg10-ee
rspec migration pg9-as-if-foss:
rspec migration pg10-as-if-foss:
extends:
- .rspec-base-pg9-as-if-foss
- .rspec-base-pg10-as-if-foss
- .rspec-base-migration
parallel: 5
rspec unit pg9-as-if-foss:
extends: .rspec-base-pg9-as-if-foss
rspec unit pg10-as-if-foss:
extends: .rspec-base-pg10-as-if-foss
parallel: 20
rspec integration pg9-as-if-foss:
extends: .rspec-base-pg9-as-if-foss
rspec integration pg10-as-if-foss:
extends: .rspec-base-pg10-as-if-foss
parallel: 8
rspec system pg9-as-if-foss:
extends: .rspec-base-pg9-as-if-foss
rspec system pg10-as-if-foss:
extends: .rspec-base-pg10-as-if-foss
parallel: 24
rspec-ee migration pg9:
rspec-ee migration pg10:
extends:
- .rspec-ee-base-pg9
- .rspec-ee-base-pg10
- .rspec-base-migration
parallel: 2
rspec-ee unit pg9:
extends: .rspec-ee-base-pg9
rspec-ee unit pg10:
extends: .rspec-ee-base-pg10
parallel: 10
rspec-ee integration pg9:
extends: .rspec-ee-base-pg9
rspec-ee integration pg10:
extends: .rspec-ee-base-pg10
parallel: 4
rspec-ee system pg9:
extends: .rspec-ee-base-pg9
rspec-ee system pg10:
extends: .rspec-ee-base-pg10
parallel: 6
.rspec-ee-base-geo:
......@@ -411,26 +412,11 @@ rspec-ee system pg9:
- scripts/prepare_postgres_fdw.sh
- rspec_paralellized_job "--tag ~quarantine --tag geo"
.rspec-ee-base-geo-pg9:
extends:
- .rspec-ee-base-geo
- .use-pg9-ee
.rspec-ee-base-geo-pg10:
extends:
- .rspec-ee-base-geo
- .use-pg10-ee
rspec-ee unit pg9 geo:
extends: .rspec-ee-base-geo-pg9
parallel: 2
rspec-ee integration pg9 geo:
extends: .rspec-ee-base-geo-pg9
rspec-ee system pg9 geo:
extends: .rspec-ee-base-geo-pg9
rspec-ee unit pg10 geo:
extends: .rspec-ee-base-geo-pg10
parallel: 2
......@@ -448,5 +434,26 @@ db:rollback geo:
script:
- bundle exec rake geo:db:migrate VERSION=20170627195211
- bundle exec rake geo:db:migrate
# ee-only jobs #
# EE-only jobs #
################
########################
# EE nightly-only jobs #
.rspec-ee-base-geo-pg9:
extends:
- .rspec-ee-base-geo
- .use-pg9-ee
- .rails:rules:nightly-master-refs-code-backstage-ee-only
needs: ["setup-test-env pg9", "retrieve-tests-metadata", "compile-assets pull-cache"]
rspec-ee unit pg9 geo:
extends: .rspec-ee-base-geo-pg9
parallel: 2
rspec-ee integration pg9 geo:
extends: .rspec-ee-base-geo-pg9
rspec-ee system pg9 geo:
extends: .rspec-ee-base-geo-pg9
# EE nightly-only jobs #
########################
......@@ -361,6 +361,7 @@
- <<: *if-master-refs
changes: *code-backstage-patterns
when: on_success
- changes: [".gitlab/ci/rails.gitlab-ci.yml"]
.rails:rules:master-refs-code-backstage-ee-only:
rules:
......@@ -369,12 +370,23 @@
- <<: *if-master-refs
changes: *code-backstage-patterns
when: on_success
- changes: [".gitlab/ci/rails.gitlab-ci.yml"]
.rails:rules:nightly-master-refs-code-backstage:
rules:
- <<: *if-nightly-master-schedule
changes: *code-backstage-patterns
when: on_success
- changes: [".gitlab/ci/rails.gitlab-ci.yml"]
.rails:rules:nightly-master-refs-code-backstage-ee-only:
rules:
- <<: *if-not-ee
when: never
- <<: *if-nightly-master-schedule
changes: *code-backstage-patterns
when: on_success
- changes: [".gitlab/ci/rails.gitlab-ci.yml"]
.rails:rules:ee-only:
rules:
......
......@@ -7,9 +7,7 @@ cache gems:
- .default-before_script
- .setup:rules:cache-gems
stage: test
needs:
- job: setup-test-env
artifacts: true
needs: ["setup-test-env pg10"]
variables:
SETUP_DB: "false"
script:
......
......@@ -216,10 +216,8 @@ Gitlab/DuplicateSpecLocation:
Exclude:
- ee/spec/helpers/auth_helper_spec.rb
- ee/spec/lib/gitlab/gl_repository_spec.rb
- ee/spec/models/namespace_spec.rb
- ee/spec/services/merge_requests/refresh_service_spec.rb
- ee/spec/helpers/ee/auth_helper_spec.rb
- ee/spec/models/ee/namespace_spec.rb
- ee/spec/services/ee/merge_requests/refresh_service_spec.rb
Cop/InjectEnterpriseEditionModule:
......@@ -387,5 +385,4 @@ Performance/ChainArrayAllocation:
RSpec/RepeatedExample:
Exclude:
- 'spec/features/merge_request/user_posts_diff_notes_spec.rb'
- 'spec/features/projects/files/template_type_dropdown_spec.rb'
- 'spec/services/notification_service_spec.rb'
......@@ -47,6 +47,7 @@ const Api = {
adminStatisticsPath: '/api/:version/application/statistics',
pipelineSinglePath: '/api/:version/projects/:id/pipelines/:pipeline_id',
environmentsPath: '/api/:version/projects/:id/environments',
rawFilePath: '/api/:version/projects/:id/repository/files/:path/raw',
group(groupId, callback) {
const url = Api.buildUrl(Api.groupPath).replace(':id', groupId);
......@@ -497,6 +498,14 @@ const Api = {
return axios.get(url);
},
getRawFile(id, path, params = { ref: 'master' }) {
const url = Api.buildUrl(this.rawFilePath)
.replace(':id', encodeURIComponent(id))
.replace(':path', encodeURIComponent(path));
return axios.get(url, { params });
},
buildUrl(url) {
return joinPaths(gon.relative_url_root || '', url.replace(':version', gon.api_version));
},
......
import Api from '~/api';
const extractTitle = content => {
const matches = content.match(/title: (.+)\n/i);
return matches ? Array.from(matches)[1] : '';
};
const loadSourceContent = ({ projectId, sourcePath }) =>
Api.getRawFile(projectId, sourcePath).then(({ data }) => ({
title: extractTitle(data),
content: data,
}));
export default loadSourceContent;
......@@ -16,6 +16,8 @@ module Resolvers
end
def authorized_resource?(project)
return false unless Feature.enabled?(:jira_issue_import, project)
Ability.allowed?(context[:current_user], :admin_project, project)
end
end
......
......@@ -9,6 +9,8 @@ module CiVariablesHelper
if entity.is_a?(Group)
create_deploy_token_group_settings_ci_cd_path(entity, opts)
else
# TODO: change this path to 'create_deploy_token_project_settings_ci_cd_path'
# See MR comment for more detail: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/27059#note_311585356
create_deploy_token_project_settings_repository_path(entity, opts)
end
end
......
......@@ -11,6 +11,7 @@ module HasRepository
extend ActiveSupport::Concern
include AfterCommitQueue
include Referable
include Gitlab::ShellAdapter
include Gitlab::Utils::StrongMemoize
delegate :base_dir, :disk_path, to: :storage
......
......@@ -4,7 +4,6 @@ require 'carrierwave/orm/activerecord'
class Project < ApplicationRecord
include Gitlab::ConfigHelper
include Gitlab::ShellAdapter
include Gitlab::VisibilityLevel
include AccessRequestable
include Avatarable
......
......@@ -109,7 +109,6 @@ class User < ApplicationRecord
# Groups
has_many :members
has_one :max_access_level_membership, -> { select(:id, :user_id, :access_level).order(access_level: :desc).readonly }, class_name: 'Member'
has_many :group_members, -> { where(requested_at: nil) }, source: 'GroupMember'
has_many :groups, through: :group_members
has_many :owned_groups, -> { where(members: { access_level: Gitlab::Access::OWNER }) }, through: :group_members, source: :group
......@@ -1080,7 +1079,7 @@ class User < ApplicationRecord
end
def highest_role
max_access_level_membership&.access_level || Gitlab::Access::NO_ACCESS
user_highest_role&.highest_access_level || Gitlab::Access::NO_ACCESS
end
def accessible_deploy_keys
......
......@@ -153,6 +153,9 @@
%strong.fly-out-top-item-name
= _('Authentication Log')
- if Feature.enabled?(:user_usage_quota)
= render_if_exists 'layouts/nav/sidebar/profile_usage_quotas_link'
- else
= render_if_exists 'layouts/nav/sidebar/profile_pipeline_quota_link'
= render 'shared/sidebar_toggle_button'
......@@ -1021,7 +1021,7 @@
- :name: emails_on_push
:feature_category: :source_code_management
:has_external_dependencies:
:urgency: :high
:urgency: :low
:resource_boundary: :cpu
:weight: 2
:idempotent:
......
......@@ -6,7 +6,7 @@ class EmailsOnPushWorker # rubocop:disable Scalability/IdempotentWorker
attr_reader :email, :skip_premailer
feature_category :source_code_management
urgency :high
urgency :low
worker_resource_boundary :cpu
weight 2
......
---
title: Reduce urgency of EmailsOnPushWorker
merge_request: 28783
author:
type: other
---
title: Filter health endpoint metrics
merge_request: 27847
author:
type: added
---
title: Remove User's association max_access_level_membership
merge_request: 28757
author:
type: other
---
title: Fix duplicate spec in template dropdown spec
merge_request: 28858
author: Rajendra Kadam
type: added
......@@ -73,6 +73,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
resource :ci_cd, only: [:show, :update], controller: 'ci_cd' do
post :reset_cache
put :reset_registration_token
post :create_deploy_token, path: 'deploy_token/create'
end
resource :operations, only: [:show, :update] do
......@@ -84,8 +85,8 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
resource :integrations, only: [:show]
resource :repository, only: [:show], controller: :repository do
# TODO: Move 'create_deploy_token' here to the ':ci_cd' resource above during 12.9.
# More details here: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/24102#note_287572556
# TODO: Removed this "create_deploy_token" route after change was made in app/helpers/ci_variables_helper.rb:14
# See MR comment for more detail: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/27059#note_311585356
post :create_deploy_token, path: 'deploy_token/create', to: 'ci_cd#create_deploy_token'
post :cleanup
end
......
......@@ -634,7 +634,7 @@ The rails console is a valuable tool to help debug LDAP problems. It allows you
directly interact with the application by running commands and seeing how GitLab
responds to them.
Please refer to [this guide](https://docs.gitlab.com/omnibus/maintenance/#starting-a-rails-console-session)
Please refer to [this guide](../troubleshooting/debug.md#starting-a-rails-console-session)
for instructions on how to use the rails console.
#### Enable debug output
......
......@@ -70,7 +70,7 @@ There is a limit when embedding metrics in GFM for performance reasons.
On GitLab.com, the [maximum number of webhooks](../user/gitlab_com/index.md#maximum-number-of-webhooks) per project, and per group, is limited.
To set this limit on a self-managed installation, run the following in the
[GitLab Rails console](https://docs.gitlab.com/omnibus/maintenance/#starting-a-rails-console-session):
[GitLab Rails console](troubleshooting/debug.md#starting-a-rails-console-session):
```ruby
# If limits don't exist for the default plan, you can create one with:
......@@ -120,7 +120,7 @@ will fail with a `job_activity_limit_exceeded` error.
This limit is disabled by default.
To set this limit on a self-managed installation, run the following in the
[GitLab Rails console](https://docs.gitlab.com/omnibus/maintenance/#starting-a-rails-console-session):
[GitLab Rails console](troubleshooting/debug.md#starting-a-rails-console-session):
```ruby
# If limits don't exist for the default plan, you can create one with:
......@@ -145,7 +145,7 @@ limit, the subscription will be considered invalid.
- On [GitLab Starter](https://about.gitlab.com/pricing/#self-managed) tier or higher self-managed installations, this limit is defined for the `default` plan that affects all projects.
To set this limit on a self-managed installation, run the following in the
[GitLab Rails console](https://docs.gitlab.com/omnibus/maintenance/#starting-a-rails-console-session):
[GitLab Rails console](troubleshooting/debug.md#starting-a-rails-console-session):
```ruby
Plan.default.limits.update!(ci_project_subscriptions: 500)
......@@ -170,7 +170,7 @@ or higher tiers), this limit is defined for the `default` plan that affects all
projects. By default, there is no limit.
To set this limit on a self-managed installation, run the following in the
[GitLab Rails console](https://docs.gitlab.com/omnibus/maintenance/#starting-a-rails-console-session):
[GitLab Rails console](troubleshooting/debug.md#starting-a-rails-console-session):
```ruby
Plan.default.limits.update!(ci_pipeline_schedules: 100)
......
......@@ -100,7 +100,7 @@ The "Gitaly relative path" is shown there, for example:
This is the path under `/var/opt/gitlab/git-data/repositories/` on a
default Omnibus installation.
In a [Rails console](troubleshooting/debug.md#starting-a-rails-console),
In a [Rails console](troubleshooting/debug.md#starting-a-rails-console-session),
get this information using either the numeric project ID or the full path:
```ruby
......@@ -112,7 +112,7 @@ Project.find_by_full_path('group/project').disk_path
To translate from a hashed storage path to a project name:
1. Start a [Rails console](troubleshooting/debug.md#starting-a-rails-console).
1. Start a [Rails console](troubleshooting/debug.md#starting-a-rails-console-session).
1. Run the following:
```ruby
......
......@@ -3,9 +3,10 @@
Sometimes things don't work the way they should. Here are some tips on debugging issues out
in production.
## Starting a Rails console
## Starting a Rails console session
Troubleshooting and debugging often requires a rails console.
Troubleshooting and debugging your GitLab instance often requires a
[Rails console](https://guides.rubyonrails.org/command_line.html#rails-console).
**For Omnibus installations**
......@@ -13,22 +14,81 @@ Troubleshooting and debugging often requires a rails console.
sudo gitlab-rails console
```
---
**For installations from source**
```shell
bundle exec rails console production
sudo -u git -H bundle exec rails console -e production
```
Kubernetes: the console is in the task-runner pod, refer to our [Kubernetes cheat sheet](kubernetes_cheat_sheet.md#gitlab-specific-kubernetes-information) for details.
### Enabling Active Record logging
You can enable output of Active Record debug logging in the Rails console
session by running:
```ruby
ActiveRecord::Base.logger = Logger.new(STDOUT)
```
This will show information about database queries triggered by any Ruby code
you may run in the console. To turn off logging again, run:
```ruby
ActiveRecord::Base.logger = nil
```
### Disabling database statement timeout
You can disable the PostgreSQL statement timeout for the current Rails console
session by running:
```ruby
ActiveRecord::Base.connection.execute('SET statement_timeout TO 0')
```
Note that this change only affects the current Rails console session and will
not be persisted in the GitLab production environment or in the next Rails
console session.
### Output Rails console session history
If you'd like to output your Rails console command history in a format that's
easy to copy and save for future reference, you can run:
```ruby
puts Readline::HISTORY.to_a
```
## Using the Rails Runner
If you need to run some Ruby code in thex context of your GitLab production
environment, you can do so using the [Rails Runner](https://guides.rubyonrails.org/command_line.html#rails-runner).
**For Omnibus installations**
```shell
sudo gitlab-rails runner "RAILS_COMMAND"
# Example with a two-line Ruby script
sudo gitlab-rails runner "user = User.first; puts user.username"
```
**For installations from source**
```shell
sudo -u git -H bundle exec rails runner -e production "RAILS_COMMAND"
# Example with a two-line Ruby script
sudo -u git -H bundle exec rails runner -e production "user = User.first; puts user.username"
```
## Mail not working
A common problem is that mails are not being sent for some reason. Suppose you configured
an SMTP server, but you're not seeing mail delivered. Here's how to check the settings:
1. Run a [Rails console.](#starting-a-rails-console)
1. Run a [Rails console](#starting-a-rails-console-session).
1. Look at the ActionMailer `delivery_method` to make sure it matches what you
intended. If you configured SMTP, it should say `:smtp`. If you're using
......@@ -168,7 +228,7 @@ separate Rails process to debug the issue:
1. Log in to your GitLab account.
1. Copy the URL that is causing problems (e.g. `https://gitlab.com/ABC`).
1. Create a Personal Access Token for your user (Profile Settings -> Access Tokens).
1. Bring up the [GitLab Rails console.](#starting-a-rails-console)
1. Bring up the [GitLab Rails console.](#starting-a-rails-console-session)
1. At the Rails console, run:
```ruby
......
......@@ -25,36 +25,6 @@ mentioned above, we recommend running these scripts under the supervision of a
Support Engineer, who can also verify that they will continue to work as they
should and, if needed, update the script for the latest version of GitLab.
## Use the Rails Runner
If the script you want to run is short, you can use the Rails Runner to avoid
entering the rails console in the first place. Here's an example of its use:
```shell
gitlab-rails runner "RAILS_COMMAND"
# Example with a 2-line script
gitlab-rails runner "user = User.first; puts user.username"
```
## Enable debug logging on rails console
```ruby
Rails.logger.level = 0
```
## Enable debug logging for ActiveRecord (db issues)
```ruby
ActiveRecord::Base.logger = Logger.new(STDOUT)
```
## Temporarily Disable Timeout
```ruby
ActiveRecord::Base.connection.execute('SET statement_timeout TO 0')
```
## Find specific methods for an object
```ruby
......@@ -85,12 +55,6 @@ o = Object.where('attribute like ?', 'ex')
Rails.cache.instance_variable_get(:@data).keys
```
## Rails console history
```ruby
puts Readline::HISTORY.to_a
```
## Profile a page
```ruby
......
......@@ -3,7 +3,7 @@
At the heart of GitLab is a web application [built using the Ruby on Rails
framework](https://about.gitlab.com/blog/2018/10/29/why-we-use-rails-to-build-gitlab/).
Thanks to this, we also get access to the amazing tools built right into Rails.
In this guide, we'll introduce the [Rails console](https://docs.gitlab.com/omnibus/maintenance/#starting-a-rails-console-session)
In this guide, we'll introduce the [Rails console](debug.md#starting-a-rails-console-session)
and the basics of interacting with your GitLab instance from the command line.
CAUTION: **CAUTION:**
......
......@@ -23,7 +23,7 @@ After configuring a GitLab instance with an internal CA certificate, you might n
More details here: https://curl.haxx.se/docs/sslcerts.html
```
- Testing via the [rails console](https://docs.gitlab.com/omnibus/maintenance/#starting-a-rails-console-session) also fails:
- Testing via the [rails console](debug.md#starting-a-rails-console-session) also fails:
```ruby
uri = URI.parse("https://gitlab.domain.tld")
......
......@@ -552,7 +552,6 @@ PUT /groups/:id
| `membership_lock` | boolean | no | **(STARTER)** Prevent adding new members to project membership within this group. |
| `share_with_group_lock` | boolean | no | Prevent sharing a project with another group within this group. |
| `visibility` | string | no | The visibility level of the group. Can be `private`, `internal`, or `public`. |
| `share_with_group_lock` | boolean | no | Prevent sharing a project with another group within this group. |
| `require_two_factor_authentication` | boolean | no | Require all users in this group to setup Two-factor authentication. |
| `two_factor_grace_period` | integer | no | Time before Two-factor authentication is enforced (in hours). |
| `project_creation_level` | string | no | Determine if developers can create projects in the group. Can be `noone` (No one), `maintainer` (Maintainers), or `developer` (Developers + Maintainers). |
......
......@@ -676,7 +676,8 @@ This includes additional information about the users who have already approved
}
],
"source_rule": null,
"approved": true
"approved": true,
"overridden": false
}
]
}
......@@ -753,7 +754,8 @@ GET /projects/:id/merge_requests/:merge_request_iid/approval_rules
"ldap_access": null
}
],
"contains_hidden_groups": false
"contains_hidden_groups": false,
"overridden": false
}
]
```
......@@ -837,7 +839,8 @@ will be used.
"ldap_access": null
}
],
"contains_hidden_groups": false
"contains_hidden_groups": false,
"overridden": false
}
```
......@@ -921,7 +924,8 @@ These are system generated rules.
"ldap_access": null
}
],
"contains_hidden_groups": false
"contains_hidden_groups": false,
"overridden": false
}
```
......
......@@ -970,6 +970,7 @@ GET /projects/:id/users
| Attribute | Type | Required | Description |
| ------------ | ------------- | -------- | ----------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) |
| `search` | string | no | Search for specific users |
| `skip_users` | integer array | no | Filter out users with the specified IDs |
......@@ -1515,6 +1516,7 @@ GET /projects/:id/starrers
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) |
| `search` | string | no | Search for specific users. |
```shell
......@@ -1558,6 +1560,10 @@ Get languages used in a project with percentage value.
GET /projects/:id/languages
```
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) |
```shell
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/5/languages"
```
......@@ -2183,6 +2189,7 @@ PUT /projects/:id/transfer
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) |
| `namespace` | integer/string | yes | The ID or path of the namespace to transfer to project to |
## Branches
......
doc/ci/img/ecs_dashboard_v12_9.png

107 KB | W: | H:

doc/ci/img/ecs_dashboard_v12_9.png

38.4 KB | W: | H:

doc/ci/img/ecs_dashboard_v12_9.png
doc/ci/img/ecs_dashboard_v12_9.png
doc/ci/img/ecs_dashboard_v12_9.png
doc/ci/img/ecs_dashboard_v12_9.png
  • 2-up
  • Swipe
  • Onion skin
......@@ -2549,7 +2549,7 @@ This example creates four paths of execution:
The maximum number of jobs that can be defined within `needs:` defaults to 10, but
can be changed to 50 via a feature flag. To change the limit to 50,
[start a Rails console session](https://docs.gitlab.com/omnibus/maintenance/#starting-a-rails-console-session)
[start a Rails console session](../../administration/troubleshooting/debug.md#starting-a-rails-console-session)
and run:
```ruby
......
......@@ -176,7 +176,7 @@ graph RL;
O[coverage-frontend];
N["pages (master only)"];
Q[package-and-qa];
S["RSpec<br/>(e.g. rspec unit pg9)"]
S["RSpec<br/>(e.g. rspec unit pg10)"]
T[retrieve-tests-metadata];
QA["qa:internal, qa:selectors"];
QA2["qa:internal-as-if-foss, qa:selectors-as-if-foss<br/>(EE default refs only)"];
......
......@@ -315,10 +315,8 @@ persistence and is used for certain types of the GitLab application.
1. Navigate back to the ElastiCache dashboard.
1. Select **Redis** on the left menu and click **Create** to create a new
Redis cluster. Depending on your load, you can choose whether to enable
cluster mode or not. Even without cluster mode on, you still get the
chance to deploy Redis in multi availability zones. In this guide, we chose
not to enable it.
Redis cluster. Do not enable **Cluster Mode** as it is [not supported](../../administration/high_availability/redis.md#provide-your-own-redis-instance-core-only). Even without cluster mode on, you still get the
chance to deploy Redis in multiple availability zones.
1. In the settings section:
1. Give the cluster a name (`gitlab-redis`) and a description.
1. For the version, select the latest of `5.0` series (e.g., `5.0.6`).
......@@ -383,6 +381,37 @@ EC2 instances running Linux use private key files for SSH authentication. You'll
Storing private key files on your bastion host is a bad idea. To get around this, use SSH agent forwarding on your client. See [Securely Connect to Linux Instances Running in a Private Amazon VPC](https://aws.amazon.com/blogs/security/securely-connect-to-linux-instances-running-in-a-private-amazon-vpc/) for a step-by-step guide on how to use SSH agent forwarding.
## Setting up Gitaly
CAUTION: **Caution:** In this architecture, having a single Gitaly server creates a single point of failure. This limitation will be removed once [Gitaly HA](https://gitlab.com/groups/gitlab-org/-/epics/842) is released.
Gitaly is a service that provides high-level RPC access to Git repositories.
It should be enabled and configured on a separate EC2 instance in one of the
[private subnets](#subnets) we configured previously.
Let's create an EC2 instance where we'll install Gitaly:
1. From the EC2 dashboard, click **Launch instance**.
1. Choose an AMI. In this example, we'll select the **Ubuntu Server 18.04 LTS (HVM), SSD Volume Type**.
1. Choose an instance type. We'll pick a **c5.xlarge**.
1. Click **Configure Instance Details**.
1. In the **Network** dropdown, select `gitlab-vpc`, the VPC we created earlier.
1. In the **Subnet** dropdown, select `gitlab-private-10.0.1.0` from the list of subnets we created earlier.
1. Double check that **Auto-assign Public IP** is set to `Use subnet setting (Disable)`.
1. Click **Add Storage**.
1. Increase the Root volume size to `20 GiB` and change the **Volume Type** to `Provisoned IOPS SSD (io1)`. (This is an arbitrary size. Create a volume big enough for your repository storage requirements.)
1. For **IOPS** set `1000` (20 GiB x 50 IOPS). You can provision up to 50 IOPS per GiB. If you select a larger volume, increase the IOPS accordingly. Workloads where many small files are written in a serialized manner, like `git`, requires performant storage, hence the choice of `Provisoned IOPS SSD (io1)`.
1. Click on **Add Tags** and add your tags. In our case, we'll only set `Key: Name` and `Value: Gitaly`.
1. Click on **Configure Security Group** and let's **Create a new security group**.
1. Give your security group a name and description. We'll use `gitlab-gitaly-sec-group` for both.
1. Create a **Custom TCP** rule and add port `8075` to the **Port Range**. For the **Source**, select the `gitlab-loadbalancer-sec-group`.
1. Click **Review and launch** followed by **Launch** if you're happy with your settings.
1. Finally, acknowledge that you have access to the selected private key file or create a new one. Click **Launch Instances**.
> **Optional:** Instead of storing configuration _and_ repository data on the root volume, you can also choose to add an additional EBS volume for repository storage. Follow the same guidance as above. See the [Amazon EBS pricing](https://aws.amazon.com/ebs/pricing/).
Now that we have our EC2 instance ready, follow the [documentation to install GitLab and set up Gitaly on its own server](../../administration/gitaly/index.md#running-gitaly-on-its-own-server).
## Deploying GitLab inside an auto scaling group
We'll use AWS's wizard to deploy GitLab and then SSH into the instance to
......@@ -551,37 +580,6 @@ sudo gitlab-ctl status
If everything looks good, you should be able to reach GitLab in your browser.
### Setting up Gitaly
CAUTION: **Caution:** In this architecture, having a single Gitaly server creates a single point of failure. This limitation will be removed once [Gitaly HA](https://gitlab.com/groups/gitlab-org/-/epics/842) is released.
Gitaly is a service that provides high-level RPC access to Git repositories.
It should be enabled and configured on a separate EC2 instance in one of the
[private subnets](#subnets) we configured previously.
Let's create an EC2 instance where we'll install Gitaly:
1. From the EC2 dashboard, click **Launch instance**.
1. Choose an AMI. In this example, we'll select the **Ubuntu Server 18.04 LTS (HVM), SSD Volume Type**.
1. Choose an instance type. We'll pick a **c5.xlarge**.
1. Click **Configure Instance Details**.
1. In the **Network** dropdown, select `gitlab-vpc`, the VPC we created earlier.
1. In the **Subnet** dropdown, select `gitlab-private-10.0.1.0` from the list of subnets we created earlier.
1. Double check that **Auto-assign Public IP** is set to `Use subnet setting (Disable)`.
1. Click **Add Storage**.
1. Increase the Root volume size to `20 GiB` and change the **Volume Type** to `Provisoned IOPS SSD (io1)`. (This is an arbitrary size. Create a volume big enough for your repository storage requirements.)
1. For **IOPS** set `1000` (20 GiB x 50 IOPS). You can provision up to 50 IOPS per GiB. If you select a larger volume, increase the IOPS accordingly. Workloads where many small files are written in a serialized manner, like `git`, requires performant storage, hence the choice of `Provisoned IOPS SSD (io1)`.
1. Click on **Add Tags** and add your tags. In our case, we'll only set `Key: Name` and `Value: Gitaly`.
1. Click on **Configure Security Group** and let's **Create a new security group**.
1. Give your security group a name and description. We'll use `gitlab-gitaly-sec-group` for both.
1. Create a **Custom TCP** rule and add port `8075` to the **Port Range**. For the **Source**, select the `gitlab-loadbalancer-sec-group`.
1. Click **Review and launch** followed by **Launch** if you're happy with your settings.
1. Finally, acknowledge that you have access to the selected private key file or create a new one. Click **Launch Instances**.
> **Optional:** Instead of storing configuration _and_ repository data on the root volume, you can also choose to add an additional EBS volume for repository storage. Follow the same guidance as above. See the [Amazon EBS pricing](https://aws.amazon.com/ebs/pricing/).
Now that we have our EC2 instance ready, follow the [documentation to install GitLab and set up Gitaly on its own server](../../administration/gitaly/index.md#running-gitaly-on-its-own-server).
### Using Amazon S3 object storage
GitLab stores many objects outside the Git repository, many of which can be
......
......@@ -151,7 +151,7 @@ via Omnibus, or [restart GitLab] if you installed from source.
Check the [`production.log`](../administration/logs.md#productionlog)
on your GitLab server to obtain further details. If you are getting the error like
`Faraday::ConnectionFailed (execution expired)` in the log, there may be a connectivity issue
between your GitLab instance and GitHub Enterprise. To verify it, [start the rails console](https://docs.gitlab.com/omnibus/maintenance/#starting-a-rails-console-session)
between your GitLab instance and GitHub Enterprise. To verify it, [start the rails console](../administration/troubleshooting/debug.md#starting-a-rails-console-session)
and run the commands below replacing `<github_url>` with the URL of your GitHub Enterprise instance:
```ruby
......
......@@ -125,7 +125,7 @@ There is an [open issue to add a migration to make all bare repositories
importable](https://gitlab.com/gitlab-org/gitlab-foss/issues/41776).
Until then, you may wish to manually migrate repositories yourself. You can use
[Rails console](https://docs.gitlab.com/omnibus/maintenance/#starting-a-rails-console-session)
[Rails console](../administration/troubleshooting/debug.md#starting-a-rails-console-session)
to do so. In a Rails console session, run the following to migrate a project:
```ruby
......
......@@ -122,7 +122,7 @@ If using GitLab 12.9 and newer, run:
sudo gitlab-rails runner -e production 'puts Gitlab::BackgroundMigration.remaining'
```
If using GitLab 12.8 and older, run the following using a [Rails console](../administration/troubleshooting/debug.md#starting-a-rails-console):
If using GitLab 12.8 and older, run the following using a [Rails console](../administration/troubleshooting/debug.md#starting-a-rails-console-session):
```ruby
puts Sidekiq::Queue.new("background_migration").size
......@@ -140,7 +140,7 @@ cd /home/git/gitlab
sudo -u git -H bundle exec rails runner -e production 'puts Gitlab::BackgroundMigration.remaining'
```
If using GitLab 12.8 and older, run the following using a [Rails console](../administration/troubleshooting/debug.md#starting-a-rails-console):
If using GitLab 12.8 and older, run the following using a [Rails console](../administration/troubleshooting/debug.md#starting-a-rails-console-session):
```ruby
puts Sidekiq::Queue.new("background_migration").size
......
......@@ -160,6 +160,7 @@ The following variables are used for configuring specific analyzers (used for a
| `GEMNASIUM_DB_LOCAL_PATH` | `gemnasium` | `/gemnasium-db` | Path to local gemnasium database. |
| `GEMNASIUM_DB_REMOTE_URL` | `gemnasium` | `https://gitlab.com/gitlab-org/security-products/gemnasium-db.git` | Repository URL for fetching the gemnasium database. |
| `GEMNASIUM_DB_REF_NAME` | `gemnasium` | `master` | Branch name for remote repository database. `GEMNASIUM_DB_REMOTE_URL` is required. |
| `DS_REMEDIATE` | `gemnasium` | `"true"` | Enable automatic remediation of vulnerable dependencies. |
| `PIP_INDEX_URL` | `gemnasium-python` | `https://pypi.org/simple` | Base URL of Python Package Index. |
| `PIP_EXTRA_INDEX_URL` | `gemnasium-python` | | Array of [extra URLs](https://pip.pypa.io/en/stable/reference/pip_install/#cmdoption-extra-index-url) of package indexes to use in addition to `PIP_INDEX_URL`. Comma separated. |
| `PIP_REQUIREMENTS_FILE` | `gemnasium-python` | | Pip requirements file to be scanned. |
......@@ -167,7 +168,7 @@ The following variables are used for configuring specific analyzers (used for a
| `DS_PIP_DEPENDENCY_PATH` | `gemnasium-python` | | Path to load Python pip dependencies from. ([Introduced](https://gitlab.com/gitlab-org/gitlab/issues/12412) in GitLab 12.2) |
| `DS_PYTHON_VERSION` | `retire.js` | | Version of Python. If set to 2, dependencies are installed using Python 2.7 instead of Python 3.6. ([Introduced](https://gitlab.com/gitlab-org/gitlab/issues/12296) in GitLab 12.1)|
| `MAVEN_CLI_OPTS` | `gemnasium-maven` | `"-DskipTests --batch-mode"` | List of command line arguments that will be passed to `maven` by the analyzer. See an example for [using private repos](#using-private-maven-repos). |
| `BUNDLER_AUDIT_UPDATE_DISABLED` | `bundler-audit` | `false` | Disable automatic updates for the `bundler-audit` analyzer. Useful if you're running Dependency Scanning in an offline environment. |
| `BUNDLER_AUDIT_UPDATE_DISABLED` | `bundler-audit` | `"false"` | Disable automatic updates for the `bundler-audit` analyzer. Useful if you're running Dependency Scanning in an offline, air-gapped environment.|
| `BUNDLER_AUDIT_ADVISORY_DB_URL` | `bundler-audit` | `https://github.com/rubysec/ruby-advisory-db` | URL of the advisory database used by bundler-audit. |
| `BUNDLER_AUDIT_ADVISORY_DB_REF_NAME` | `bundler-audit` | `master` | Git ref for the advisory database specified by `BUNDLER_AUDIT_ADVISORY_DB_URL`. |
| `RETIREJS_JS_ADVISORY_DB` | `retire.js` | `https://raw.githubusercontent.com/RetireJS/retire.js/master/repository/jsrepository.json` | Path or URL to Retire.js js vulnerability data file. |
......
......@@ -13,6 +13,7 @@ navigating to your project's **Security & Compliance > Threat Monitoring** page.
GitLab supports statistics for the following security features:
- [Web Application Firewall](../../clusters/applications.md#web-application-firewall-modsecurity)
- [Container Network Policies](../../../topics/autodevops/index.md#network-policy)
## Web Application Firewall
......@@ -38,3 +39,38 @@ about your Ingress traffic:
If a significant percentage of traffic is anomalous, you should
investigate it for potential threats by
[examining the application logs](../../clusters/applications.md#web-application-firewall-modsecurity).
## Container Network Policy
> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/32365) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.9.
The **Container Network Policy** section provides packet flow metrics for
your application's Kubernetes namespace. This section has the following
prerequisites:
- Your project contains at least one [environment](../../../ci/environments.md)
- You've [installed Cilium](../../clusters/applications.md#install-cilium-using-gitlab-cicd)
- You've configured the [Prometheus service](../../project/integrations/prometheus.md#enabling-prometheus-integration)
If you're using custom Helm values for Cilium, you must enable Hubble
with flow metrics for each namespace by adding the following lines to
your [Hubble values](../../clusters/applications.md#install-cilium-using-gitlab-cicd):
```yaml
metrics:
enabled:
- 'flow:sourceContext=namespace;destinationContext=namespace'
```
The **Container Network Policy** section displays the following information
about your packet flow:
- The total amount of the inbound and outbound packets
- The proportion of packets dropped according to the configured
policies
- The per-second average rate of the forwarded and dropped packets
accumulated over time window for the requested time interval
If a significant percentage of packets is dropped, you should
investigate it for potential threats by
[examining the Cilium logs](../../clusters/applications.md#install-cilium-using-gitlab-cicd).
......@@ -825,6 +825,28 @@ agent:
enabled: false
```
The [Hubble](https://github.com/cilium/hubble) monitoring daemon is
enabled by default and it's set to collect per namespace flow
metrics. This metrics are accessible on the [Threat Monitoring](../application_security/threat_monitoring/index.md)
dashboard. You can disable Hubble by adding the following to
`.gitlab/managed-apps/config.yaml`:
```yaml
cilium:
installed: true
hubble:
installed: false
```
You can also adjust Helm values for Hubble via
`.gitlab/managed-apps/cilium/hubble-values.yaml`:
```yaml
metrics:
enabled:
- 'flow:sourceContext=namespace;destinationContext=namespace'
```
### Install Vault using GitLab CI/CD
> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/9982) in GitLab 12.9.
......
......@@ -7,6 +7,7 @@
> to pass a [personal access token](../../profile/personal_access_tokens.md) instead of your password in order to
> login to GitLab's Container Registry.
> - Multiple level image names support was added in GitLab 9.1.
> - The group level Container Registry was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/23315) in GitLab 12.10.
NOTE: **Note:**
This document is the user guide. To learn how to enable GitLab Container
......@@ -47,11 +48,51 @@ project:
## Control Container Registry from within GitLab
GitLab offers a simple Container Registry management panel. Go to your project
and click **Packages > Container Registry** in the project menu.
GitLab offers a simple Container Registry management panel. This management panel is available
for both projects and groups.
This view will show you all Docker images in your project and will easily allow you to
delete them.
### Control Container Registry for your project
Navigate to your project's **{package}** **Packages > Container Registry**.
![Container Registry project repositories](img/container_registry_repositories_with_quickstart_v12_10.png)
This view will:
- Show all the image repositories that belong to the project.
- Allow you to [delete](#delete-images-from-within-gitlab) one or more image repository.
- Allow you to navigate to the image repository details page.
- Show a **Quick start** dropdown with the most common commands to log in, build and push
- Optionally, a banner will be visible if the [expiration policy](#expiration-policy) is enabled for this project.
### Control Container Registry for your group
Navigate to your groups's **{package}** **Packages > Container Registry**.
![Container Registry group repositories](img/container_registry_group_repositories_v12_10.png)
This view will:
- Show all the image repositories of the projects that belong to this group.
- Allow to [delete](#delete-images-from-within-gitlab) one or more image repositories.
- Allow to navigate to a specific image repository details page.
### Image Repository details page
Clicking on the name of any image repository will navigate to the details.
![Container Registry project repository details](img/container_registry_repository_details_v12.10.png)
NOTE: **Note:**
The following page has the same functionalities both in the **Group level container registry**
and in the **Project level container registry**.
This view:
- Shows all the image repository details.
- Shows all the tags of the image repository.
- Allows you to quickly copy the tag path (by clicking on the clipboard button near the tag name).
- Allows you to [delete one or more tags](#delete-images-from-within-gitlab).
## Use images from GitLab Container Registry
......
......@@ -18,7 +18,7 @@ NuGet CLI is probably already installed.
Alternatively, you can use [.NET SDK 3.0 or later](https://dotnet.microsoft.com/download/dotnet-core/3.0), which installs NuGet CLI.
You can confirm that [nuget CLI](https://www.nuget.org/) is properly installed with:
You can confirm that [NuGet CLI](https://www.nuget.org/) is properly installed with:
```shell
nuget help
......@@ -36,6 +36,18 @@ Available commands:
[output truncated]
```
### macOS support
For macOS, you can also use [Mono](https://www.mono-project.com/) to run
the NuGet CLI. For Homebrew users, run `brew install mono` to install
Mono. Then you should be able to download the Windows C# binary
`nuget.exe` from the [NuGet CLI page](https://www.nuget.org/downloads)
and run:
```shell
mono nuget.exe
```
## Enabling the NuGet Repository
NOTE: **Note:**
......
......@@ -15,6 +15,8 @@ module Gitlab
"report" => %w(404)
}.freeze
HEALTH_ENDPOINT = /^\/-\/(liveness|readiness|health|metrics)\/?$/.freeze
def initialize(app)
@app = app
end
......@@ -32,6 +34,10 @@ module Gitlab
{}, [0.05, 0.1, 0.25, 0.5, 0.7, 1, 2.5, 5, 10, 25])
end
def self.http_health_requests_total
@http_health_requests_total ||= ::Gitlab::Metrics.counter(:http_health_requests_total, 'Health endpoint request count')
end
def self.initialize_http_request_duration_seconds
HTTP_METHODS.each do |method, statuses|
statuses.each do |status|
......@@ -43,8 +49,13 @@ module Gitlab
def call(env)
method = env['REQUEST_METHOD'].downcase
started = Time.now.to_f
begin
if health_endpoint?(env['PATH_INFO'])
RequestsRackMiddleware.http_health_requests_total.increment(method: method)
else
RequestsRackMiddleware.http_request_total.increment(method: method)
end
status, headers, body = @app.call(env)
......@@ -57,6 +68,12 @@ module Gitlab
raise
end
end
def health_endpoint?(path)
return false if path.blank?
HEALTH_ENDPOINT.match?(CGI.unescape(path))
end
end
end
end
......@@ -21969,6 +21969,9 @@ msgstr ""
msgid "UsageQuota|Usage of group resources across the projects in the %{strong_start}%{group_name}%{strong_end} group"
msgstr ""
msgid "UsageQuota|Usage of resources across your projects"
msgstr ""
msgid "UsageQuota|Usage since"
msgstr ""
......
......@@ -40,10 +40,6 @@ describe 'Projects > Files > Template type dropdown selector', :js do
check_type_selector_display(true)
end
it 'is displayed when input matches' do
check_type_selector_display(true)
end
it 'selects every template type correctly' do
try_selecting_all_types
end
......
......@@ -631,4 +631,32 @@ describe('Api', () => {
});
});
});
describe('getRawFile', () => {
const dummyProjectPath = 'gitlab-org/gitlab';
const dummyFilePath = 'doc/CONTRIBUTING.md';
const expectedUrl = `${dummyUrlRoot}/api/${dummyApiVersion}/projects/${encodeURIComponent(
dummyProjectPath,
)}/repository/files/${encodeURIComponent(dummyFilePath)}/raw`;
describe('when the raw file is successfully fetched', () => {
it('resolves the Promise', () => {
mock.onGet(expectedUrl).replyOnce(200);
return Api.getRawFile(dummyProjectPath, dummyFilePath).then(() => {
expect(mock.history.get).toHaveLength(1);
});
});
});
describe('when an error occurs while getting a raw file', () => {
it('rejects the Promise', () => {
mock.onDelete(expectedUrl).replyOnce(500);
return Api.getRawFile(dummyProjectPath, dummyFilePath).catch(() => {
expect(mock.history.get).toHaveLength(1);
});
});
});
});
});
export const sourceContent = `
---
layout: handbook-page-toc
title: Handbook
twitter_image: '/images/tweets/handbook-gitlab.png'
---
## On this page
{:.no_toc .hidden-md .hidden-lg}
- TOC
{:toc .hidden-md .hidden-lg}
`;
export const sourceContentTitle = 'Handbook';
export const projectId = '123456';
export const sourcePath = 'foobar.md.html';
import Api from '~/api';
import loadSourceContent from '~/static_site_editor/services/load_source_content';
import { sourceContent, sourceContentTitle, projectId, sourcePath } from '../mock_data';
describe('loadSourceContent', () => {
describe('requesting source content succeeds', () => {
let result;
beforeEach(() => {
jest.spyOn(Api, 'getRawFile').mockResolvedValue({ data: sourceContent });
return loadSourceContent({ projectId, sourcePath }).then(_result => {
result = _result;
});
});
it('calls getRawFile API with project id and source path', () => {
expect(Api.getRawFile).toHaveBeenCalledWith(projectId, sourcePath);
});
it('extracts page title from source content', () => {
expect(result.title).toBe(sourceContentTitle);
});
it('returns raw content', () => {
expect(result.content).toBe(sourceContent);
});
});
});
......@@ -14,6 +14,16 @@ describe Resolvers::Projects::JiraImportsResolver do
data
end
context 'when feature flag disabled' do
let_it_be(:project) { create(:project, :private, import_data: jira_import_data) }
before do
stub_feature_flags(jira_issue_import: false)
end
it_behaves_like 'no jira import access'
end
context 'when project does not have Jira import data' do
let_it_be(:project) { create(:project, :private, import_data: nil) }
......
......@@ -36,6 +36,74 @@ describe Gitlab::Metrics::RequestsRackMiddleware do
Timecop.scale(3600) { subject.call(env) }
end
context 'request is a health check endpoint' do
it 'increments health endpoint counter' do
env['PATH_INFO'] = '/-/liveness'
expect(described_class).to receive_message_chain(:http_health_requests_total, :increment).with(method: 'get')
subject.call(env)
end
context 'with trailing slash' do
before do
env['PATH_INFO'] = '/-/liveness/'
end
it 'increments health endpoint counter' do
expect(described_class).to receive_message_chain(:http_health_requests_total, :increment).with(method: 'get')
subject.call(env)
end
end
context 'with percent encoded values' do
before do
env['PATH_INFO'] = '/-/%6D%65%74%72%69%63%73' # /-/metrics
end
it 'increments health endpoint counter' do
expect(described_class).to receive_message_chain(:http_health_requests_total, :increment).with(method: 'get')
subject.call(env)
end
end
end
context 'request is not a health check endpoint' do
it 'does not increment health endpoint counter' do
env['PATH_INFO'] = '/-/ordinary-requests'
expect(described_class).not_to receive(:http_health_requests_total)
subject.call(env)
end
context 'path info is a root path' do
before do
env['PATH_INFO'] = '/-/'
end
it 'does not increment health endpoint counter' do
expect(described_class).not_to receive(:http_health_requests_total)
subject.call(env)
end
end
context 'path info is a subpath' do
before do
env['PATH_INFO'] = '/-/health/subpath'
end
it 'does not increment health endpoint counter' do
expect(described_class).not_to receive(:http_health_requests_total)
subject.call(env)
end
end
end
end
context '@app.call throws exception' do
......
......@@ -28,7 +28,6 @@ describe User, :do_not_mock_admin_mode do
describe 'associations' do
it { is_expected.to have_one(:namespace) }
it { is_expected.to have_one(:status) }
it { is_expected.to have_one(:max_access_level_membership) }
it { is_expected.to have_one(:user_detail) }
it { is_expected.to have_one(:user_highest_role) }
it { is_expected.to have_many(:snippets).dependent(:destroy) }
......@@ -1000,91 +999,42 @@ describe User, :do_not_mock_admin_mode do
end
describe '#highest_role' do
let(:user) { create(:user) }
let(:group) { create(:group) }
context 'with association :max_access_level_membership' do
let(:another_user) { create(:user) }
before do
create(:project, group: group) do |project|
group.add_user(user, GroupMember::GUEST)
group.add_user(another_user, GroupMember::DEVELOPER)
end
create(:project, group: create(:group)) do |project|
project.add_guest(another_user)
end
create(:project, group: create(:group)) do |project|
project.add_maintainer(user)
end
end
it 'returns the correct highest role' do
users = User.includes(:max_access_level_membership).where(id: [user.id, another_user.id])
expect(users.collect { |u| [u.id, u.highest_role] }).to contain_exactly(
[user.id, Gitlab::Access::MAINTAINER],
[another_user.id, Gitlab::Access::DEVELOPER]
)
end
end
let_it_be(:user) { create(:user) }
it 'returns NO_ACCESS if none has been set' do
context 'when user_highest_role does not exist' do
it 'returns NO_ACCESS' do
expect(user.highest_role).to eq(Gitlab::Access::NO_ACCESS)
end
it 'returns MAINTAINER if user is maintainer of a project' do
create(:project, group: group) do |project|
project.add_maintainer(user)
end
expect(user.highest_role).to eq(Gitlab::Access::MAINTAINER)
end
it 'returns the highest role if user is member of multiple projects' do
create(:project, group: group) do |project|
project.add_maintainer(user)
end
create(:project, group: group) do |project|
project.add_developer(user)
end
context 'when user_highest_role exists' do
context 'stored highest access level is nil' do
it 'returns Gitlab::Access::NO_ACCESS' do
create(:user_highest_role, user: user)
expect(user.highest_role).to eq(Gitlab::Access::MAINTAINER)
expect(user.highest_role).to eq(Gitlab::Access::NO_ACCESS)
end
it 'returns MAINTAINER if user is maintainer of a group' do
create(:group) do |group|
group.add_user(user, GroupMember::MAINTAINER)
end
expect(user.highest_role).to eq(Gitlab::Access::MAINTAINER)
end
context 'stored highest access level present' do
context 'with association :user_highest_role' do
let(:another_user) { create(:user) }
it 'returns the highest role if user is member of multiple groups' do
create(:group) do |group|
group.add_user(user, GroupMember::MAINTAINER)
before do
create(:user_highest_role, :maintainer, user: user)
create(:user_highest_role, :developer, user: another_user)
end
create(:group) do |group|
group.add_user(user, GroupMember::DEVELOPER)
end
it 'returns the correct highest role' do
users = User.includes(:user_highest_role).where(id: [user.id, another_user.id])
expect(user.highest_role).to eq(Gitlab::Access::MAINTAINER)
expect(users.collect { |u| [u.id, u.highest_role] }).to contain_exactly(
[user.id, Gitlab::Access::MAINTAINER],
[another_user.id, Gitlab::Access::DEVELOPER]
)
end
it 'returns the highest role if user is member of multiple groups and projects' do
create(:group) do |group|
group.add_user(user, GroupMember::DEVELOPER)
end
create(:project, group: group) do |project|
project.add_maintainer(user)
end
expect(user.highest_role).to eq(Gitlab::Access::MAINTAINER)
end
end
......
......@@ -802,7 +802,7 @@ describe 'project routing' do
# TODO: remove this test as part of https://gitlab.com/gitlab-org/gitlab/issues/207079 (12.9)
it 'to ci_cd#create_deploy_token' do
expect(post('gitlab/gitlabhq/-/settings/repository/deploy_token/create')).to route_to('projects/settings/ci_cd#create_deploy_token', namespace_id: 'gitlab', project_id: 'gitlabhq')
expect(post('gitlab/gitlabhq/-/settings/ci_cd/deploy_token/create')).to route_to('projects/settings/ci_cd#create_deploy_token', namespace_id: 'gitlab', project_id: 'gitlabhq')
end
end
......
......@@ -167,6 +167,7 @@ RSpec.shared_examples 'model with repository' do
describe 'Respond to' do
it { is_expected.to respond_to(:base_dir) }
it { is_expected.to respond_to(:disk_path) }
it { is_expected.to respond_to(:gitlab_shell) }
end
describe '.pick_repository_storage' do
......
......@@ -786,10 +786,10 @@
resolved "https://registry.yarnpkg.com/@gitlab/svgs/-/svgs-1.117.0.tgz#05239ddcf529c62ca29e1ec1a25a7e24efb98207"
integrity sha512-dGy/VWuRAFCTZX3Yqu1+RnAHTSUWafteIk/RMfUCN9B/EMbYzjhYsNy0NLVoZ23Rj/KGv1bUGHvyQCoPP6VzpA==
"@gitlab/ui@11.0.1":
version "11.0.1"
resolved "https://registry.yarnpkg.com/@gitlab/ui/-/ui-11.0.1.tgz#7d9fdb823590c72c232b7dee06b86c3e8766ba28"
integrity sha512-JlZULrpmm2jELsVHfcMpE0uiam+hA+5tL4+xZxiHoG+i9UlTQCAteMHOgJVT7pQYvjPAoSnw9XzTATEEcHVcOw==
"@gitlab/ui@11.0.3":
version "11.0.3"
resolved "https://registry.yarnpkg.com/@gitlab/ui/-/ui-11.0.3.tgz#7ef5aa78e8b3226c189487cb1d131859180bf539"
integrity sha512-BCV0+3xJCiBOvdpDlDm6YMnsAP1l4L03e5y0Nqtw8T6hITCL86eGTs0IEPzmE/v2x+03sK4QSHa6rf0dqlvwDg==
dependencies:
"@babel/standalone" "^7.0.0"
"@gitlab/vue-toasted" "^1.3.0"
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment