- 12 Apr, 2021 40 commits
-
-
Natalia Tepluhina authored
-
Steve Abrams authored
Add a new index to improve query performance See merge request gitlab-org/gitlab!58895
-
Bob Van Landuyt authored
Skip Rack Attack rate limiting for container registry event API See merge request gitlab-org/gitlab!59085
-
Igor Drozdov authored
Fix RSpec/EmptyLineAfterFinalLetItBe for ee/spec/services/ci See merge request gitlab-org/gitlab!58354
-
Abdul Wadood authored
-
Dmytro Zaporozhets (DZ) authored
Fix RSpec/EmptyLineAfterFinalLetItBe for ee/spec/policies See merge request gitlab-org/gitlab!58371
-
Abdul Wadood authored
-
Savas Vedova authored
Subscription Details: add Subscription Breakdown View See merge request gitlab-org/gitlab!58760
-
Angelo Gulina authored
-
Brandon Labuschagne authored
Update initial branch name in commit specs See merge request gitlab-org/gitlab!58878
-
James Lopez authored
Fix EmptyLineAfterFinalLetItBe offenses in spec/graphql/types See merge request gitlab-org/gitlab!58241
-
Huzaifa Iftikhar authored
-
🤖 GitLab Bot 🤖 authored
Update Gitaly version See merge request gitlab-org/gitlab!59140
-
Stan Hu authored
As seen in https://gitlab.com/gitlab-org/gitlab/-/issues/327416, previously Rack Attack throttled `/api/v4/container_registry_event/events`, which then caused Rack Attack to rate limit on other unauthenticated requests, such as fetches to remote CI YAML files. Since this is a trusted request from the Docker API, we can exempt this from our rate limiting. We now skip the request if the path starts with `/api/v4/container_registry_event/`. We now skip the request if the path starts with `/api/v4/container_registry_event/`. Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/327416
-
Nicolò Maria Mezzopera authored
Remove str-truncated-60 class from common.scss See merge request gitlab-org/gitlab!58210
-
David O'Regan authored
Externalize strings in services/index.html.haml See merge request gitlab-org/gitlab!58167
-
Marvin Karegyeya authored
-
GitLab Release Tools Bot authored
-
Fabio Pitino authored
Fail batch-aborted pipelines with reason See merge request gitlab-org/gitlab!57838
-
Matthias Käppler authored
Immediately unlink potentially-large temporary files See merge request gitlab-org/gitlab!57239
-
jerasmus authored
Updated the initial branch name from master to main
-
Mike Jang authored
Fix typo in Frontend GraphQL development guide See merge request gitlab-org/gitlab!59099
-
Russell Dickenson authored
Update api jobs to fix sort order detail See merge request gitlab-org/gitlab!59090
-
Russell Dickenson authored
Clarify that build_timeout is in seconds See merge request gitlab-org/gitlab!59025
-
Etienne Baqué authored
Update feature category of some actions/endpoints See merge request gitlab-org/gitlab!56841
-
Russell Dickenson authored
Secure Go development docs: Test Fixture guidance See merge request gitlab-org/gitlab!57752
-
Zach Rice authored
-
Kushal Pandya authored
Fix changelog from !57952 See merge request gitlab-org/gitlab!59089
-
Kamil Trzciński authored
Include project and build ID in Pages tmp directory See merge request gitlab-org/gitlab!59106
-
Miguel Rincon authored
Add search functionality to Jira Connect App namespaces See merge request gitlab-org/gitlab!57669
-
Tom Quirk authored
-
Sean McGivern authored
Puma has a limit (`Puma::Const::MAX_BODY` - around 110 KiB) over which it will write request bodies to disk for handing off to the application. When it does this, the request body can be left on disk if the Puma process receives SIGKILL. Consider an extremely minimal `config.ru`: run(proc { [204, {}, []] }) If we then: 1. Start `puma`, noting the process ID. 2. Start a slow file transfer, using `curl --limit-rate 100k` (for example) and `-T $PATH_TO_LARGE_FILE`. 3. Watch `$TMPDIR/puma*`. We will see Puma start to write this temporary file. If we then send SIGKILL to Puma, the file won't be cleaned up. With this patch, it will. The patch itself is pretty unpleasant: as Puma has two quite long methods that set up the temporary files (`Puma::Client#setup_body` and `Puma::Client#setup_chunked_body`), we have to copy those methods and call `#unlink` in the correct spots in both. Also, as these are private methods, it's hard to write a test for them. We can test manually. Running `fswatch -t -x $TMPDIR | grep puma` while posting a large file shows this with this patch: Fri Mar 26 20:34:10 2021 ... Created Removed IsFile Fri Mar 26 20:34:21 2021 ... Updated IsFile Whereas without this patch we get: Fri Mar 26 20:32:57 2021 ... Created IsFile Fri Mar 26 20:33:05 2021 ... Created Removed Updated IsFile
-
Sean McGivern authored
Rack writes files from multipart/form-data requests to disk in a temporary file. Rack includes a middleware to clean these up - Rack::TempfileReaper - but that won't withstand a process being sent SIGKILL. To handle that case, we can immediately unlink the created temporary file, which means it will be removed once we're done with it or the current process goes away. For development mode and test mode, we have to ensure that this new middleware is before Gitlab::Middleware::Static, otherwise we might not get the chance to set our own middleware. With direct upload configured, GitLab mostly doesn't accept multipart/form-data requests in a way where they reach Rack directly - they typically go via Workhorse which accelerates them - but there are cases where it can happen, and direct upload is still only an option. To test this manually, we can set `$GITLAB_API_TOKEN_LOCAL` to a personal access token for the API in the local environment, `$PATH_TO_FILE` to be a path to a (preferably large) file to be uploaded, and break the actual saving of uploads (in the default case with GDK, stop Minio): curl -H "Private-Token: $GITLAB_API_TOKEN_LOCAL" \ -F "file=@$PATH_TO_FILE" \ http://localhost:3000/api/v4/projects/1/uploads Once the upload is finished and the request fails, we'll see the file we uploaded in `$TMPDIR`: $ ls -l $TMPDIR/RackMultipart* | awk '{ print $5, $8 }' 952107008 17:40 With this change, that won't happen: we'll see the file created and immediately unlinked, so no matter what happens, it won't stick around on disk. (This specific test case is handled by Rack::TempfileReaper in later versions of Rack, but it still depends on manual cleanup.)
-
Etienne Baqué authored
Merge branch '325263-wiki-kerberos-clone-button-fails-with-undefined-local-variable-or-method-project' into 'master' Fix 500 error when cloning a wiki using the Kerberos clone button See merge request gitlab-org/gitlab!58270
-
Athar Hameed authored
-
Patrick Bajao authored
These actions/endpoints are not under code review feature category. They're are under the following categories: - `code_testing` - `usability_testing` - `continuous_integration`
-
Markus Koller authored
Fix EmptyLineAfterFinalLetItBe offenses in spec/services/groups See merge request gitlab-org/gitlab!58423
-
Huzaifa Iftikhar authored
-
Phil Hughes authored
Migrate delete label modal to Vue See merge request gitlab-org/gitlab!58131
-
Olena Horal-Koretska authored
Update default branch in divergence graph See merge request gitlab-org/gitlab!58871
-