diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-05-19 07:33:21 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-05-19 07:33:21 +0000 |
| commit | 36a59d088eca61b834191dacea009677a96c052f (patch) | |
| tree | e4f33972dab5d8ef79e3944a9f403035fceea43f /.gitlab | |
| parent | a1761f15ec2cae7c7f7bbda39a75494add0dfd6f (diff) | |
| download | gitlab-ce-36a59d088eca61b834191dacea009677a96c052f.tar.gz | |
Add latest changes from gitlab-org/gitlab@15-0-stable-eev15.0.0-rc42
Diffstat (limited to '.gitlab')
19 files changed, 659 insertions, 390 deletions
diff --git a/.gitlab/CODEOWNERS b/.gitlab/CODEOWNERS index 2aee22dbb9e..8b64c81f0f7 100644 --- a/.gitlab/CODEOWNERS +++ b/.gitlab/CODEOWNERS @@ -106,26 +106,10 @@ Dangerfile @gl-quality/eng-prod /ee/spec/requests/projects/security/policies_controller_spec.rb @gitlab-org/protect/container-security-backend /ee/app/models/security/orchestration_policy_configuration.rb @gitlab-org/protect/container-security-backend /ee/spec/models/security/orchestration_policy_configuration_spec.rb @gitlab-org/protect/container-security-backend -/lib/gitlab/kubernetes/cilium_network_policy.rb @gitlab-org/protect/container-security-backend -/spec/lib/gitlab/kubernetes/cilium_network_policy_spec.rb @gitlab-org/protect/container-security-backend -/lib/gitlab/kubernetes/network_policy_common.rb @gitlab-org/protect/container-security-backend -/spec/support/shared_examples/lib/gitlab/kubernetes/network_policy_common_shared_examples.rb @gitlab-org/protect/container-security-backend -/lib/gitlab/kubernetes/network_policy.rb @gitlab-org/protect/container-security-backend -/spec/lib/gitlab/kubernetes/network_policy_spec.rb @gitlab-org/protect/container-security-backend -/ee/app/services/network_policies/** @gitlab-org/protect/container-security-backend -/ee/spec/services/network_policies/** @gitlab-org/protect/container-security-backend /app/models/clusters/applications/cilium.rb @gitlab-org/protect/container-security-backend /spec/models/clusters/applications/cilium_spec.rb @gitlab-org/protect/container-security-backend -/ee/app/controllers/projects/security/network_policies_controller.rb @gitlab-org/protect/container-security-backend -/ee/spec/controllers/projects/security/network_policies_controller_spec.rb @gitlab-org/protect/container-security-backend -/ee/app/workers/network_policy_metrics_worker.rb @gitlab-org/protect/container-security-backend -/ee/spec/workers/network_policy_metrics_worker_spec.rb @gitlab-org/protect/container-security-backend -/ee/app/services/network_policies/** @gitlab-org/protect/container-security-backend -/ee/spec/services/network_policies/** @gitlab-org/protect/container-security-backend /ee/app/services/security/orchestration/** @gitlab-org/protect/container-security-backend /ee/spec/services/security/orchestration/** @gitlab-org/protect/container-security-backend -/ee/lib/gitlab/usage_data_counters/network_policy_counter.rb @gitlab-org/protect/container-security-backend -/ee/spec/lib/gitlab/usage_data_counters/network_policy_counter_spec.rb @gitlab-org/protect/container-security-backend ^[Code Owners] /ee/lib/gitlab/code_owners.rb @reprazent @kerrizor @garyh @@ -209,14 +193,14 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/.vale/ @marcel.amirault @eread @aqualls @dianalogan ^[Documentation Pages] -/doc/administration/application_settings_cache.md @marcia +/doc/administration/application_settings_cache.md @sselhorn /doc/administration/audit_event_streaming.md @eread /doc/administration/audit_events.md @eread /doc/administration/audit_reports.md @eread /doc/administration/auditor_users.md @eread /doc/administration/auth/ @eread /doc/administration/cicd.md @marcel.amirault -/doc/administration/clusters/kas.md @marcia +/doc/administration/clusters/kas.md @sselhorn /doc/administration/compliance.md @eread /doc/administration/configure.md @axil /doc/administration/consul.md @axil @@ -254,15 +238,17 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/administration/object_storage.md @axil /doc/administration/operations/ @axil /doc/administration/operations/moving_repositories.md @eread -/doc/administration/operations/sidekiq_memory_killer.md @marcia +/doc/administration/operations/fast_ssh_key_lookup.md @aqualls +/doc/administration/operations/sidekiq_memory_killer.md @sselhorn /doc/administration/package_information/ @axil /doc/administration/packages/ @claytoncornell /doc/administration/pages/index.md @aqualls /doc/administration/pages/source.md @aqualls /doc/administration/polling.md @axil -/doc/administration/postgresql/ @marcia +/doc/administration/postgresql/ @aqualls /doc/administration/pseudonymizer.md @axil /doc/administration/raketasks/ @axil +/doc/administration/raketasks/ldap.md @eread /doc/administration/raketasks/praefect.md @eread /doc/administration/read_only_gitlab.md @axil /doc/administration/redis/ @axil @@ -280,11 +266,12 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/administration/snippets/index.md @aqualls /doc/administration/static_objects_external_storage.md @aqualls /doc/administration/system_hooks.md @kpaizee -/doc/administration/terraform_state.md @marcia +/doc/administration/terraform_state.md @sselhorn /doc/administration/timezone.md @axil /doc/administration/troubleshooting/ @axil -/doc/administration/troubleshooting/elasticsearch.md @rdickenson -/doc/administration/troubleshooting/postgresql.md @marcia +/doc/administration/troubleshooting/elasticsearch.md @sselhorn +/doc/administration/troubleshooting/group_saml_scim.md @eread +/doc/administration/troubleshooting/postgresql.md @aqualls /doc/administration/uploads.md @axil /doc/administration/user_settings.md @eread /doc/administration/whats-new.md @kpaizee @@ -302,7 +289,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/api/branches.md @aqualls /doc/api/broadcast_messages.md @kpaizee /doc/api/bulk_imports.md @eread -/doc/api/cluster_agents.md @marcia +/doc/api/cluster_agents.md @sselhorn /doc/api/commits.md @aqualls /doc/api/container_registry.md @claytoncornell /doc/api/custom_attributes.md @kpaizee @@ -334,7 +321,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/api/group_activity_analytics.md @fneill /doc/api/group_badges.md @fneill /doc/api/group_boards.md @msedlakjakubowski -/doc/api/group_clusters.md @marcia +/doc/api/group_clusters.md @sselhorn /doc/api/group_import_export.md @eread /doc/api/group_iterations.md @msedlakjakubowski /doc/api/group_labels.md @msedlakjakubowski @@ -348,7 +335,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/api/groups.md @fneill /doc/api/import.md @eread /doc/api/index.md @kpaizee -/doc/api/instance_clusters.md @marcia +/doc/api/instance_clusters.md @sselhorn /doc/api/instance_level_ci_variables.md @marcel.amirault /doc/api/integrations.md @kpaizee /doc/api/invitations.md @kpaizee @@ -390,7 +377,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/api/project_access_tokens.md @eread /doc/api/project_aliases.md @aqualls /doc/api/project_badges.md @aqualls -/doc/api/project_clusters.md @marcia +/doc/api/project_clusters.md @sselhorn /doc/api/project_import_export.md @aqualls /doc/api/project_level_variables.md @marcel.amirault /doc/api/project_relations_export.md @eread @@ -443,10 +430,10 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/api/vulnerability_findings.md @claytoncornell /doc/api/wikis.md @aqualls /doc/architecture/blueprints/container_registry_metadata_database/index.md @claytoncornell -/doc/architecture/blueprints/database/scalability/patterns/ @marcia -/doc/architecture/blueprints/gitlab_to_kubernetes_communication/index.md @marcia +/doc/architecture/blueprints/database/scalability/patterns/ @aqualls +/doc/architecture/blueprints/gitlab_to_kubernetes_communication/index.md @sselhorn /doc/ci/caching/index.md @marcel.amirault -/doc/ci/chatops/index.md @marcia +/doc/ci/chatops/index.md @sselhorn /doc/ci/ci_cd_for_external_repos/ @marcel.amirault /doc/ci/cloud_deployment/ecs/quick_start_guide.md @rdickenson /doc/ci/cloud_deployment/index.md @rdickenson @@ -485,6 +472,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/ci/review_apps/index.md @marcel.amirault /doc/ci/runners/ @sselhorn /doc/ci/secrets/index.md @marcel.amirault +/doc/ci/secure_files/index.md @marcel.amirault /doc/ci/services/ @sselhorn /doc/ci/ssh_keys/index.md @marcel.amirault /doc/ci/test_cases/index.md @msedlakjakubowski @@ -493,120 +481,117 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/ci/unit_test_reports.md @marcel.amirault /doc/ci/variables/ @marcel.amirault /doc/ci/yaml/ @marcel.amirault -/doc/development/adding_database_indexes.md @marcia +/doc/development/adding_database_indexes.md @aqualls /doc/development/application_limits.md @axil /doc/development/approval_rules.md @aqualls /doc/development/audit_event_guide/index.md @eread -/doc/development/auto_devops.md @marcia -/doc/development/backend/create_source_code_be/index.md @aqualls -/doc/development/backend/ruby_style_guide.md @marcia -/doc/development/batched_background_migrations.md @marcia +/doc/development/auto_devops.md @sselhorn +/doc/development/backend/create_source_code_be/ @aqualls +/doc/development/backend/ruby_style_guide.md @sselhorn /doc/development/build_test_package.md @axil /doc/development/bulk_import.md @eread -/doc/development/cached_queries.md @marcia +/doc/development/cached_queries.md @sselhorn /doc/development/cascading_settings.md @eread -/doc/development/chatops_on_gitlabcom.md @marcia +/doc/development/chatops_on_gitlabcom.md @sselhorn /doc/development/cicd/cicd_reference_documentation_guide.md @marcel.amirault /doc/development/cicd/index.md @marcel.amirault /doc/development/cicd/schema.md @marcel.amirault /doc/development/cicd/templates.md @marcel.amirault /doc/development/code_intelligence/index.md @aqualls -/doc/development/contributing/ @marcia +/doc/development/contributing/ @sselhorn /doc/development/contributing/merge_request_workflow.md @aqualls -/doc/development/creating_enums.md @marcia -/doc/development/database_debugging.md @marcia -/doc/development/database_query_comments.md @marcia -/doc/development/database_review.md @marcia -/doc/development/database/ @marcia -/doc/development/database/multiple_databases.md @marcia -/doc/development/db_dump.md @marcia +/doc/development/creating_enums.md @aqualls +/doc/development/database_debugging.md @aqualls +/doc/development/database_query_comments.md @aqualls +/doc/development/database_review.md @aqualls +/doc/development/database/ @aqualls +/doc/development/db_dump.md @aqualls /doc/development/developing_with_solargraph.md @aqualls /doc/development/diffs.md @aqualls /doc/development/distributed_tracing.md @msedlakjakubowski -/doc/development/documentation/feature_flags.md @sselhorn -/doc/development/documentation/graphql_styleguide.md @sselhorn +/doc/development/documentation/ @sselhorn /doc/development/documentation/index.md @dianalogan /doc/development/documentation/redirects.md @dianalogan /doc/development/documentation/review_apps.md @dianalogan -/doc/development/documentation/structure.md @sselhorn -/doc/development/documentation/styleguide/ @sselhorn /doc/development/documentation/testing.md @dianalogan -/doc/development/elasticsearch.md @marcia +/doc/development/elasticsearch.md @sselhorn /doc/development/experiment_guide/gitlab_experiment.md @kpaizee /doc/development/experiment_guide/index.md @kpaizee /doc/development/export_csv.md @eread /doc/development/fe_guide/content_editor.md @aqualls -/doc/development/fe_guide/dark_mode.md @marcia -/doc/development/fe_guide/graphql.md @marcia +/doc/development/fe_guide/dark_mode.md @sselhorn +/doc/development/fe_guide/graphql.md @sselhorn /doc/development/fe_guide/source_editor.md @aqualls -/doc/development/feature_categorization/index.md @marcia -/doc/development/feature_flags/controls.md @marcia -/doc/development/feature_flags/index.md @marcia +/doc/development/feature_categorization/index.md @sselhorn +/doc/development/feature_flags/controls.md @sselhorn +/doc/development/feature_flags/index.md @sselhorn /doc/development/filtering_by_label.md @msedlakjakubowski -/doc/development/foreign_keys.md @marcia +/doc/development/foreign_keys.md @aqualls /doc/development/geo.md @axil /doc/development/geo/framework.md @axil /doc/development/git_object_deduplication.md @eread /doc/development/gitaly.md @eread +/doc/development/gitlab_flavored_markdown/index.md @aqualls +/doc/development/gitlab_flavored_markdown/specification_guide/index.md @aqualls /doc/development/graphql_guide/ @kpaizee -/doc/development/graphql_guide/batchloader.md @marcia -/doc/development/hash_indexes.md @marcia +/doc/development/graphql_guide/batchloader.md @aqualls +/doc/development/hash_indexes.md @aqualls /doc/development/i18n/ @eread -/doc/development/image_scaling.md @marcia +/doc/development/image_scaling.md @sselhorn /doc/development/import_export.md @eread -/doc/development/index.md @marcia -/doc/development/insert_into_tables_in_batches.md @marcia +/doc/development/index.md @sselhorn +/doc/development/insert_into_tables_in_batches.md @aqualls /doc/development/integrations/ @kpaizee -/doc/development/integrations/codesandbox.md @marcia +/doc/development/integrations/codesandbox.md @sselhorn /doc/development/integrations/secure_partner_integration.md @rdickenson /doc/development/integrations/secure.md @claytoncornell /doc/development/internal_api/ @aqualls -/doc/development/internal_users.md @marcia +/doc/development/internal_users.md @sselhorn /doc/development/issuable-like-models.md @msedlakjakubowski /doc/development/issue_types.md @msedlakjakubowski -/doc/development/iterating_tables_in_batches.md @marcia -/doc/development/kubernetes.md @marcia +/doc/development/iterating_tables_in_batches.md @aqualls +/doc/development/kubernetes.md @sselhorn /doc/development/lfs.md @aqualls /doc/development/licensed_feature_availability.md @sselhorn /doc/development/logging.md @msedlakjakubowski /doc/development/maintenance_mode.md @axil /doc/development/new_fe_guide/modules/widget_extensions.md @aqualls -/doc/development/new_fe_guide/tips.md @marcia +/doc/development/new_fe_guide/tips.md @sselhorn /doc/development/omnibus.md @axil -/doc/development/ordering_table_columns.md @marcia +/doc/development/ordering_table_columns.md @aqualls /doc/development/packages.md @claytoncornell /doc/development/permissions.md @eread /doc/development/policies.md @eread /doc/development/product_qualified_lead_guide/index.md @kpaizee /doc/development/project_templates.md @fneill /doc/development/prometheus_metrics.md @msedlakjakubowski -/doc/development/query_performance.md @marcia -/doc/development/query_recorder.md @marcia +/doc/development/query_performance.md @aqualls +/doc/development/query_recorder.md @aqualls /doc/development/real_time.md @msedlakjakubowski -/doc/development/secure_coding_guidelines.md @marcia -/doc/development/serializing_data.md @marcia +/doc/development/secure_coding_guidelines.md @sselhorn +/doc/development/serializing_data.md @aqualls /doc/development/service_ping/ @claytoncornell -/doc/development/single_table_inheritance.md @marcia +/doc/development/single_table_inheritance.md @aqualls /doc/development/snowplow/ @claytoncornell /doc/development/spam_protection_and_captcha/ @eread -/doc/development/sql.md @marcia -/doc/development/swapping_tables.md @marcia -/doc/development/testing_guide/best_practices.md @marcia -/doc/development/testing_guide/end_to_end/best_practices.md @marcia -/doc/development/understanding_explain_plans.md @marcia +/doc/development/sql.md @aqualls +/doc/development/swapping_tables.md @aqualls +/doc/development/testing_guide/best_practices.md @sselhorn +/doc/development/testing_guide/end_to_end/best_practices.md @sselhorn +/doc/development/understanding_explain_plans.md @aqualls /doc/development/value_stream_analytics.md @fneill /doc/development/value_stream_analytics/value_stream_analytics_aggregated_backend.md @fneill -/doc/development/verifying_database_capabilities.md @marcia +/doc/development/verifying_database_capabilities.md @aqualls /doc/development/wikis.md @aqualls /doc/development/work_items_widgets.md @msedlakjakubowski /doc/development/work_items.md @msedlakjakubowski /doc/development/workhorse/ @aqualls -/doc/development/workspace/index.md @marcia +/doc/development/workspace/index.md @sselhorn /doc/downgrade_ee_to_ce/index.md @axil /doc/gitlab-basics/ @aqualls /doc/install/ @axil /doc/integration/ @kpaizee -/doc/integration/elasticsearch.md @marcia +/doc/integration/elasticsearch.md @sselhorn /doc/integration/gitpod.md @aqualls /doc/integration/kerberos.md @eread /doc/integration/mattermost/index.md @axil @@ -614,11 +599,12 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/integration/saml.md @eread /doc/integration/security_partners/index.md @rdickenson /doc/integration/sourcegraph.md @aqualls -/doc/integration/vault.md @marcia +/doc/integration/vault.md @sselhorn /doc/operations/ @msedlakjakubowski /doc/operations/feature_flags.md @rdickenson /doc/operations/product_analytics.md @claytoncornell -/doc/policy/ @axil +/doc/policy/alpha-beta-support.md @axil +/doc/policy/maintenance.md @axil /doc/raketasks/ @axil /doc/raketasks/generate_sample_prometheus_data.md @msedlakjakubowski /doc/raketasks/migrate_snippets.md @aqualls @@ -627,14 +613,15 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/security/ @eread /doc/subscriptions/ @sselhorn /doc/topics/authentication/index.md @eread -/doc/topics/autodevops/ @marcia +/doc/topics/autodevops/ @sselhorn /doc/topics/git/ @aqualls /doc/topics/gitlab_flow.md @aqualls -/doc/topics/offline/ @axil +/doc/topics/offline/index.md @axil +/doc/topics/offline/quick_start_guide.md @axil /doc/topics/plan_and_track.md @msedlakjakubowski /doc/update/ @axil -/doc/update/mysql_to_postgresql.md @marcia -/doc/update/upgrading_postgresql_using_slony.md @marcia +/doc/update/mysql_to_postgresql.md @aqualls +/doc/update/upgrading_postgresql_using_slony.md @aqualls /doc/user/admin_area/analytics/ @fneill /doc/user/admin_area/broadcast_messages.md @kpaizee /doc/user/admin_area/credentials_inventory.md @eread @@ -643,10 +630,10 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/user/admin_area/geo_nodes.md @axil /doc/user/admin_area/labels.md @msedlakjakubowski /doc/user/admin_area/license_file.md @sselhorn -/doc/user/admin_area/license.md @kpaizee +/doc/user/admin_area/license.md @sselhorn /doc/user/admin_area/merge_requests_approvals.md @aqualls /doc/user/admin_area/moderate_users.md @eread -/doc/user/admin_area/monitoring/background_migrations.md @marcia +/doc/user/admin_area/monitoring/background_migrations.md @aqualls /doc/user/admin_area/monitoring/health_check.md @msedlakjakubowski /doc/user/admin_area/reporting/spamcheck.md @axil /doc/user/admin_area/review_abuse_reports.md @eread @@ -666,32 +653,30 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/user/admin_area/settings/push_event_activities_limit.md @aqualls /doc/user/admin_area/settings/rate_limit_on_issues_creation.md @msedlakjakubowski /doc/user/admin_area/settings/rate_limit_on_notes_creation.md @msedlakjakubowski -/doc/user/admin_area/settings/rate_limit_on_users_api.md @eread /doc/user/admin_area/settings/third_party_offers.md @fneill +/doc/user/admin_area/settings/usage_statistics.md @claytoncornell /doc/user/admin_area/settings/visibility_and_access_controls.md @aqualls /doc/user/analytics/ @fneill /doc/user/analytics/ci_cd_analytics.md @rdickenson /doc/user/application_security/ @rdickenson /doc/user/application_security/cluster_image_scanning/index.md @claytoncornell /doc/user/application_security/container_scanning/index.md @claytoncornell -/doc/user/application_security/coverage_fuzzing/index.md @rdickenson /doc/user/application_security/cve_id_request.md @claytoncornell /doc/user/application_security/policies/ @claytoncornell /doc/user/application_security/security_dashboard/index.md @claytoncornell -/doc/user/application_security/threat_monitoring/index.md @claytoncornell /doc/user/application_security/vulnerabilities/index.md @claytoncornell /doc/user/application_security/vulnerabilities/severities.md @claytoncornell /doc/user/application_security/vulnerability_report/index.md @claytoncornell /doc/user/asciidoc.md @aqualls /doc/user/award_emojis.md @msedlakjakubowski -/doc/user/clusters/ @marcia +/doc/user/clusters/ @sselhorn /doc/user/compliance/compliance_report/index.md @eread /doc/user/compliance/index.md @eread /doc/user/compliance/license_compliance/index.md @rdickenson /doc/user/crm/index.md @msedlakjakubowski /doc/user/discussions/index.md @aqualls -/doc/user/feature_flags.md @marcia -/doc/user/group/clusters/index.md @marcia +/doc/user/feature_flags.md @sselhorn +/doc/user/group/clusters/index.md @sselhorn /doc/user/group/contribution_analytics/index.md @fneill /doc/user/group/custom_project_templates.md @eread /doc/user/group/devops_adoption/index.md @fneill @@ -714,27 +699,28 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/user/group/settings/import_export.md @eread /doc/user/group/subgroups/index.md @fneill /doc/user/group/value_stream_analytics/index.md @fneill -/doc/user/infrastructure/clusters/ @marcia +/doc/user/infrastructure/clusters/ @sselhorn /doc/user/infrastructure/clusters/manage/management_project_applications/apparmor.md @claytoncornell /doc/user/infrastructure/clusters/manage/management_project_applications/cilium.md @claytoncornell /doc/user/infrastructure/clusters/manage/management_project_applications/elasticstack.md @msedlakjakubowski /doc/user/infrastructure/clusters/manage/management_project_applications/falco.md @claytoncornell /doc/user/infrastructure/clusters/manage/management_project_applications/fluentd.md @claytoncornell /doc/user/infrastructure/clusters/manage/management_project_applications/prometheus.md @msedlakjakubowski -/doc/user/infrastructure/clusters/manage/management_project_applications/runner.md @marcia +/doc/user/infrastructure/clusters/manage/management_project_applications/runner.md @sselhorn /doc/user/infrastructure/clusters/manage/management_project_applications/sentry.md @msedlakjakubowski -/doc/user/infrastructure/iac/ @marcia -/doc/user/infrastructure/index.md @marcia +/doc/user/infrastructure/clusters/manage/management_project_applications/vault.md @sselhorn +/doc/user/infrastructure/iac/ @sselhorn +/doc/user/infrastructure/index.md @sselhorn /doc/user/markdown.md @aqualls /doc/user/packages/ @claytoncornell -/doc/user/packages/infrastructure_registry/index.md @marcia -/doc/user/packages/terraform_module_registry/index.md @marcia +/doc/user/packages/infrastructure_registry/index.md @sselhorn +/doc/user/packages/terraform_module_registry/index.md @sselhorn /doc/user/permissions.md @eread /doc/user/profile/ @eread /doc/user/profile/notifications.md @msedlakjakubowski /doc/user/project/autocomplete_characters.md @aqualls /doc/user/project/badges.md @aqualls -/doc/user/project/clusters/ @marcia +/doc/user/project/clusters/ @sselhorn /doc/user/project/clusters/kubernetes_pod_logs.md @msedlakjakubowski /doc/user/project/clusters/protect/ @claytoncornell /doc/user/project/code_intelligence.md @aqualls @@ -765,12 +751,15 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/user/project/merge_requests/csv_export.md @eread /doc/user/project/merge_requests/fail_fast_testing.md @marcel.amirault /doc/user/project/merge_requests/load_performance_testing.md @marcel.amirault -/doc/user/project/merge_requests/reviews/index.md @aqualls /doc/user/project/merge_requests/status_checks.md @eread /doc/user/project/merge_requests/test_coverage_visualization.md @marcel.amirault /doc/user/project/merge_requests/testing_and_reports_in_merge_requests.md @marcel.amirault -/doc/user/project/milestones/ @msedlakjakubowski +/doc/user/project/milestones/burndown_and_burnup_charts.md @msedlakjakubowski +/doc/user/project/milestones/index.md @msedlakjakubowski /doc/user/project/pages/ @aqualls +/doc/user/project/protected_branches.md @aqualls +/doc/user/project/protected_tags.md @aqualls +/doc/user/project/push_options.md @aqualls /doc/user/project/quick_actions.md @msedlakjakubowski /doc/user/project/releases/index.md @rdickenson /doc/user/project/releases/release_cli.md @rdickenson @@ -789,7 +778,8 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/user/project/working_with_projects.md @fneill /doc/user/public_access.md @fneill /doc/user/reserved_names.md @fneill -/doc/user/search/advanced_search.md @marcia +/doc/user/search/advanced_search.md @sselhorn +/doc/user/search/global_search/advanced_search_syntax.md @sselhorn /doc/user/search/index.md @aqualls /doc/user/shortcuts.md @aqualls /doc/user/snippets.md @aqualls @@ -800,29 +790,245 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/user/workspace/index.md @fneill [Authentication and Authorization] -/app/**/*password* @gitlab-org/manage/authentication-and-authorization -/ee/app/**/*password* @gitlab-org/manage/authentication-and-authorization -/config/**/*password* @gitlab-org/manage/authentication-and-authorization -/ee/config/**/*password* @gitlab-org/manage/authentication-and-authorization -/lib/**/*password* @gitlab-org/manage/authentication-and-authorization -/ee/lib/**/*password* @gitlab-org/manage/authentication-and-authorization -/app/controllers/**/*password* @gitlab-org/manage/authentication-and-authorization -/ee/app/controllers/**/*password* @gitlab-org/manage/authentication-and-authorization - -/app/**/*auth* @gitlab-org/manage/authentication-and-authorization -/ee/app/**/*auth* @gitlab-org/manage/authentication-and-authorization -/config/**/*auth* @gitlab-org/manage/authentication-and-authorization -/ee/config/**/*auth* @gitlab-org/manage/authentication-and-authorization -/lib/**/*auth* @gitlab-org/manage/authentication-and-authorization -/ee/lib/**/*auth* @gitlab-org/manage/authentication-and-authorization -/app/controllers/**/*auth* @gitlab-org/manage/authentication-and-authorization -/ee/app/controllers/**/*auth* @gitlab-org/manage/authentication-and-authorization - -/app/**/*token* @gitlab-org/manage/authentication-and-authorization -/ee/app/**/*token* @gitlab-org/manage/authentication-and-authorization -/config/**/*token* @gitlab-org/manage/authentication-and-authorization -/ee/config/**/*token* @gitlab-org/manage/authentication-and-authorization -/lib/**/*token* @gitlab-org/manage/authentication-and-authorization -/ee/lib/**/*token* @gitlab-org/manage/authentication-and-authorization -/app/controllers/**/*token* @gitlab-org/manage/authentication-and-authorization -/ee/app/controllers/**/*token* @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/access_tokens @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/alerts_settings/graphql/mutations/reset_http_token.mutation.graphql @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/authentication @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/ide/components/shared/tokened_input.vue @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/invite_members/components/members_token_select.vue @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/logs/components/tokens @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/packages_and_registries/package_registry/components/list/tokens @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/pages/admin/impersonation_tokens @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/pages/groups/settings/access_tokens @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/pages/ldap @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/pages/oauth @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/pages/omniauth_callbacks @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/pages/profiles/password_prompt @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/pages/profiles/personal_access_tokens @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/pages/profiles/two_factor_auths @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/pages/projects/settings/access_tokens @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/pages/sessions/new/oauth_remember_me.js @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/pipelines/components/pipelines_list/tokens/constants.js @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/pipelines/components/pipelines_list/tokens/pipeline_branch_name_token.vue @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/pipelines/components/pipelines_list/tokens/pipeline_source_token.vue @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/pipelines/components/pipelines_list/tokens/pipeline_status_token.vue @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/pipelines/components/pipelines_list/tokens/pipeline_tag_name_token.vue @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/projects/settings/topics/components @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/related_issues/components/issue_token.vue @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/runner/components/registration/registration_token.vue @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/runner/components/registration/registration_token_reset_dropdown_item.vue @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/runner/components/search_tokens @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/static_site_editor/rich_content_editor/services/renderers/build_uneditable_token.js @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/token_access/components @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/token_access/index.js @gitlab-org/manage/authentication-and-authorization +/app/assets/stylesheets/page_bundles/profile_two_factor_auth.scss @gitlab-org/manage/authentication-and-authorization +/app/controllers/admin/impersonation_tokens_controller.rb @gitlab-org/manage/authentication-and-authorization +/app/controllers/concerns/access_tokens_actions.rb @gitlab-org/manage/authentication-and-authorization +/app/controllers/concerns/authenticates_with_two_factor.rb @gitlab-org/manage/authentication-and-authorization +/app/controllers/concerns/authenticates_with_two_factor_for_admin_mode.rb @gitlab-org/manage/authentication-and-authorization +/app/controllers/concerns/enforces_admin_authentication.rb @gitlab-org/manage/authentication-and-authorization +/app/controllers/concerns/enforces_two_factor_authentication.rb @gitlab-org/manage/authentication-and-authorization +/app/controllers/concerns/oauth_applications.rb @gitlab-org/manage/authentication-and-authorization +/app/controllers/concerns/project_unauthorized.rb @gitlab-org/manage/authentication-and-authorization +/app/controllers/concerns/sessionless_authentication.rb @gitlab-org/manage/authentication-and-authorization +/app/controllers/concerns/snippet_authorizations.rb @gitlab-org/manage/authentication-and-authorization +/app/controllers/concerns/workhorse_authorization.rb @gitlab-org/manage/authentication-and-authorization +/app/controllers/groups/settings/access_tokens_controller.rb @gitlab-org/manage/authentication-and-authorization +/app/controllers/ldap @gitlab-org/manage/authentication-and-authorization +/app/controllers/oauth @gitlab-org/manage/authentication-and-authorization +/app/controllers/omniauth_callbacks_controller.rb @gitlab-org/manage/authentication-and-authorization +/app/controllers/passwords_controller.rb @gitlab-org/manage/authentication-and-authorization +/app/controllers/profiles/passwords_controller.rb @gitlab-org/manage/authentication-and-authorization +/app/controllers/profiles/personal_access_tokens_controller.rb @gitlab-org/manage/authentication-and-authorization +/app/controllers/profiles/two_factor_auths_controller.rb @gitlab-org/manage/authentication-and-authorization +/app/controllers/profiles/webauthn_registrations_controller.rb @gitlab-org/manage/authentication-and-authorization +/app/controllers/projects/settings/access_tokens_controller.rb @gitlab-org/manage/authentication-and-authorization +/app/finders/groups/projects_requiring_authorizations_refresh @gitlab-org/manage/authentication-and-authorization +/app/finders/personal_access_tokens_finder.rb @gitlab-org/manage/authentication-and-authorization +/app/helpers/access_tokens_helper.rb @gitlab-org/manage/authentication-and-authorization +/app/helpers/auth_helper.rb @gitlab-org/manage/authentication-and-authorization +/app/models/authentication_event.rb @gitlab-org/manage/authentication-and-authorization +/app/models/concerns/admin_changed_password_notifier.rb @gitlab-org/manage/authentication-and-authorization +/app/models/concerns/mirror_authentication.rb @gitlab-org/manage/authentication-and-authorization +/app/models/concerns/select_for_project_authorization.rb @gitlab-org/manage/authentication-and-authorization +/app/models/concerns/token_authenticatable.rb @gitlab-org/manage/authentication-and-authorization +/app/models/concerns/token_authenticatable_strategies @gitlab-org/manage/authentication-and-authorization +/app/models/oauth_access_grant.rb @gitlab-org/manage/authentication-and-authorization +/app/models/oauth_access_token.rb @gitlab-org/manage/authentication-and-authorization +/app/models/personal_access_token.rb @gitlab-org/manage/authentication-and-authorization +/app/models/project_authorization.rb @gitlab-org/manage/authentication-and-authorization +/app/models/token_with_iv.rb @gitlab-org/manage/authentication-and-authorization +/app/models/webauthn_registration.rb @gitlab-org/manage/authentication-and-authorization +/app/policies/personal_access_token_policy.rb @gitlab-org/manage/authentication-and-authorization +/app/services/access_token_validation_service.rb @gitlab-org/manage/authentication-and-authorization +/app/services/auth @gitlab-org/manage/authentication-and-authorization +/app/services/authorized_project_update @gitlab-org/manage/authentication-and-authorization +/app/services/chat_names/authorize_user_service.rb @gitlab-org/manage/authentication-and-authorization +/app/services/personal_access_tokens @gitlab-org/manage/authentication-and-authorization +/app/services/projects/move_project_authorizations_service.rb @gitlab-org/manage/authentication-and-authorization +/app/services/resource_access_tokens @gitlab-org/manage/authentication-and-authorization +/app/services/todos/destroy/unauthorized_features_service.rb @gitlab-org/manage/authentication-and-authorization +/app/services/users/authorized_build_service.rb @gitlab-org/manage/authentication-and-authorization +/app/services/users/authorized_create_service.rb @gitlab-org/manage/authentication-and-authorization +/app/services/users/refresh_authorized_projects_service.rb @gitlab-org/manage/authentication-and-authorization +/app/services/webauthn @gitlab-org/manage/authentication-and-authorization +/app/validators/json_schemas/cluster_agent_authorization_configuration.json @gitlab-org/manage/authentication-and-authorization +/app/views/admin/application_settings/_external_authorization_service_form.html.haml @gitlab-org/manage/authentication-and-authorization +/app/views/admin/impersonation_tokens @gitlab-org/manage/authentication-and-authorization +/app/views/authentication @gitlab-org/manage/authentication-and-authorization +/app/views/ci/token_access @gitlab-org/manage/authentication-and-authorization +/app/views/dashboard/projects/_zero_authorized_projects.html.haml @gitlab-org/manage/authentication-and-authorization +/app/views/devise/mailer/password_change.html.haml @gitlab-org/manage/authentication-and-authorization +/app/views/devise/mailer/password_change.text.erb @gitlab-org/manage/authentication-and-authorization +/app/views/devise/mailer/password_change_by_admin.html.haml @gitlab-org/manage/authentication-and-authorization +/app/views/devise/mailer/password_change_by_admin.text.erb @gitlab-org/manage/authentication-and-authorization +/app/views/devise/mailer/reset_password_instructions.html.haml @gitlab-org/manage/authentication-and-authorization +/app/views/devise/mailer/reset_password_instructions.text.erb @gitlab-org/manage/authentication-and-authorization +/app/views/devise/passwords @gitlab-org/manage/authentication-and-authorization +/app/views/devise/shared/_omniauth_box.html.haml @gitlab-org/manage/authentication-and-authorization +/app/views/devise/shared/_signup_omniauth_provider_list.haml @gitlab-org/manage/authentication-and-authorization +/app/views/devise/shared/_signup_omniauth_providers.haml @gitlab-org/manage/authentication-and-authorization +/app/views/devise/shared/_signup_omniauth_providers_top.haml @gitlab-org/manage/authentication-and-authorization +/app/views/doorkeeper/authorizations @gitlab-org/manage/authentication-and-authorization +/app/views/doorkeeper/authorized_applications @gitlab-org/manage/authentication-and-authorization +/app/views/errors/omniauth_error.html.haml @gitlab-org/manage/authentication-and-authorization +/app/views/groups/settings/_resource_access_token_creation.html.haml @gitlab-org/manage/authentication-and-authorization +/app/views/groups/settings/_two_factor_auth.html.haml @gitlab-org/manage/authentication-and-authorization +/app/views/groups/settings/access_tokens @gitlab-org/manage/authentication-and-authorization +/app/views/layouts/oauth_error.html.haml @gitlab-org/manage/authentication-and-authorization +/app/views/notify/access_token_about_to_expire_email.html.haml @gitlab-org/manage/authentication-and-authorization +/app/views/notify/access_token_about_to_expire_email.text.erb @gitlab-org/manage/authentication-and-authorization +/app/views/notify/access_token_created_email.html.haml @gitlab-org/manage/authentication-and-authorization +/app/views/notify/access_token_created_email.text.erb @gitlab-org/manage/authentication-and-authorization +/app/views/notify/access_token_expired_email.html.haml @gitlab-org/manage/authentication-and-authorization +/app/views/notify/access_token_expired_email.text.erb @gitlab-org/manage/authentication-and-authorization +/app/views/profiles/passwords @gitlab-org/manage/authentication-and-authorization +/app/views/profiles/personal_access_tokens @gitlab-org/manage/authentication-and-authorization +/app/views/profiles/two_factor_auths @gitlab-org/manage/authentication-and-authorization +/app/views/projects/mirrors/_authentication_method.html.haml @gitlab-org/manage/authentication-and-authorization +/app/views/projects/settings/access_tokens @gitlab-org/manage/authentication-and-authorization +/app/views/shared/_no_password.html.haml @gitlab-org/manage/authentication-and-authorization +/app/views/shared/_two_factor_auth_recovery_settings_check.html.haml @gitlab-org/manage/authentication-and-authorization +/app/views/shared/access_tokens @gitlab-org/manage/authentication-and-authorization +/app/views/shared/members/_two_factor_auth_badge.html.haml @gitlab-org/manage/authentication-and-authorization +/app/views/shared/tokens @gitlab-org/manage/authentication-and-authorization +/app/workers/authorized_keys_worker.rb @gitlab-org/manage/authentication-and-authorization +/app/workers/authorized_project_update @gitlab-org/manage/authentication-and-authorization +/app/workers/authorized_projects_worker.rb @gitlab-org/manage/authentication-and-authorization +/app/workers/personal_access_tokens @gitlab-org/manage/authentication-and-authorization +/config/feature_flags/development/application_settings_tokens_optional_encryption.yml @gitlab-org/manage/authentication-and-authorization +/config/feature_flags/development/enforce_auth_checks_on_uploads.yml @gitlab-org/manage/authentication-and-authorization +/config/feature_flags/development/forti_authenticator.yml @gitlab-org/manage/authentication-and-authorization +/config/feature_flags/development/forti_token_cloud.yml @gitlab-org/manage/authentication-and-authorization +/config/feature_flags/development/groups_tokens_optional_encryption.yml @gitlab-org/manage/authentication-and-authorization +/config/feature_flags/development/omniauth_initializer_fullhost_proc.yml @gitlab-org/manage/authentication-and-authorization +/config/feature_flags/development/omniauth_login_minimal_scopes.yml @gitlab-org/manage/authentication-and-authorization +/config/feature_flags/development/personal_access_tokens_scoped_to_projects.yml @gitlab-org/manage/authentication-and-authorization +/config/feature_flags/development/projects_tokens_optional_encryption.yml @gitlab-org/manage/authentication-and-authorization +/config/feature_flags/development/specialized_worker_for_group_lock_update_auth_recalculation.yml @gitlab-org/manage/authentication-and-authorization +/config/feature_flags/development/webauthn.yml @gitlab-org/manage/authentication-and-authorization +/config/feature_flags/ops/block_password_auth_for_saml_users.yml @gitlab-org/manage/authentication-and-authorization +/config/initializers/01_secret_token.rb @gitlab-org/manage/authentication-and-authorization +/config/initializers/devise_dynamic_password_length_validation.rb @gitlab-org/manage/authentication-and-authorization +/config/initializers/devise_password_length.rb.example @gitlab-org/manage/authentication-and-authorization +/config/initializers/gitlab_shell_secret_token.rb @gitlab-org/manage/authentication-and-authorization +/config/initializers/omniauth.rb @gitlab-org/manage/authentication-and-authorization +/config/initializers/rails_host_authorization.rb @gitlab-org/manage/authentication-and-authorization +/config/initializers/rails_host_authorization_gitpod.rb @gitlab-org/manage/authentication-and-authorization +/config/initializers/webauthn.rb @gitlab-org/manage/authentication-and-authorization +/config/initializers_before_autoloader/100_patch_omniauth_oauth2.rb @gitlab-org/manage/authentication-and-authorization +/config/initializers_before_autoloader/100_patch_omniauth_saml.rb @gitlab-org/manage/authentication-and-authorization +/ee/app/assets/javascripts/access_tokens @gitlab-org/manage/authentication-and-authorization +/ee/app/assets/javascripts/audit_events/components/tokens @gitlab-org/manage/authentication-and-authorization +/ee/app/assets/javascripts/audit_events/token_utils.js @gitlab-org/manage/authentication-and-authorization +/ee/app/assets/javascripts/groups/settings/components @gitlab-org/manage/authentication-and-authorization +/ee/app/assets/javascripts/pages/groups/omniauth_callbacks @gitlab-org/manage/authentication-and-authorization +/ee/app/assets/javascripts/pipelines/components/pipelines_list @gitlab-org/manage/authentication-and-authorization +/ee/app/assets/javascripts/requirements/components/tokens @gitlab-org/manage/authentication-and-authorization +/ee/app/assets/javascripts/saml_providers/scim_token_service.js @gitlab-org/manage/authentication-and-authorization +/ee/app/assets/javascripts/saml_sso/components @gitlab-org/manage/authentication-and-authorization +/ee/app/assets/javascripts/vue_merge_request_widget/components/approvals/approvals_auth.vue @gitlab-org/manage/authentication-and-authorization +/ee/app/controllers/concerns/ee/authenticates_with_two_factor.rb @gitlab-org/manage/authentication-and-authorization +/ee/app/controllers/concerns/ee/enforces_two_factor_authentication.rb @gitlab-org/manage/authentication-and-authorization +/ee/app/controllers/concerns/saml_authorization.rb @gitlab-org/manage/authentication-and-authorization +/ee/app/controllers/ee/ldap @gitlab-org/manage/authentication-and-authorization +/ee/app/controllers/ee/omniauth_callbacks_controller.rb @gitlab-org/manage/authentication-and-authorization +/ee/app/controllers/ee/passwords_controller.rb @gitlab-org/manage/authentication-and-authorization +/ee/app/controllers/groups/omniauth_callbacks_controller.rb @gitlab-org/manage/authentication-and-authorization +/ee/app/controllers/groups/scim_oauth_controller.rb @gitlab-org/manage/authentication-and-authorization +/ee/app/controllers/oauth @gitlab-org/manage/authentication-and-authorization +/ee/app/controllers/omniauth_kerberos_spnego_controller.rb @gitlab-org/manage/authentication-and-authorization +/ee/app/finders/auth @gitlab-org/manage/authentication-and-authorization +/ee/app/helpers/ee/access_tokens_helper.rb @gitlab-org/manage/authentication-and-authorization +/ee/app/helpers/ee/auth_helper.rb @gitlab-org/manage/authentication-and-authorization +/ee/app/helpers/ee/personal_access_tokens_helper.rb @gitlab-org/manage/authentication-and-authorization +/ee/app/models/ee/personal_access_token.rb @gitlab-org/manage/authentication-and-authorization +/ee/app/models/ee/project_authorization.rb @gitlab-org/manage/authentication-and-authorization +/ee/app/models/scim_oauth_access_token.rb @gitlab-org/manage/authentication-and-authorization +/ee/app/serializers/scim_oauth_access_token_entity.rb @gitlab-org/manage/authentication-and-authorization +/ee/app/services/ee/auth @gitlab-org/manage/authentication-and-authorization +/ee/app/services/ee/personal_access_tokens @gitlab-org/manage/authentication-and-authorization +/ee/app/services/ee/resource_access_tokens @gitlab-org/manage/authentication-and-authorization +/ee/app/services/personal_access_tokens @gitlab-org/manage/authentication-and-authorization +/ee/app/services/security/token_revocation_service.rb @gitlab-org/manage/authentication-and-authorization +/ee/app/views/admin/application_settings/_personal_access_token_expiration_policy.html.haml @gitlab-org/manage/authentication-and-authorization +/ee/app/views/credentials_inventory_mailer/personal_access_token_revoked_email.html.haml @gitlab-org/manage/authentication-and-authorization +/ee/app/views/credentials_inventory_mailer/personal_access_token_revoked_email.text.haml @gitlab-org/manage/authentication-and-authorization +/ee/app/views/groups/_personal_access_token_expiration_policy.html.haml @gitlab-org/manage/authentication-and-authorization +/ee/app/views/groups/sso/_authorize_pane.html.haml @gitlab-org/manage/authentication-and-authorization +/ee/app/views/notify/policy_revoked_personal_access_tokens_email.html.haml @gitlab-org/manage/authentication-and-authorization +/ee/app/views/notify/policy_revoked_personal_access_tokens_email.text.erb @gitlab-org/manage/authentication-and-authorization +/ee/app/views/oauth @gitlab-org/manage/authentication-and-authorization +/ee/app/views/shared/credentials_inventory/_personal_access_tokens.html.haml @gitlab-org/manage/authentication-and-authorization +/ee/app/views/shared/credentials_inventory/_project_access_tokens.html.haml @gitlab-org/manage/authentication-and-authorization +/ee/app/views/shared/credentials_inventory/personal_access_tokens @gitlab-org/manage/authentication-and-authorization +/ee/app/views/shared/credentials_inventory/project_access_tokens @gitlab-org/manage/authentication-and-authorization +/ee/app/workers/personal_access_tokens @gitlab-org/manage/authentication-and-authorization +/ee/config/routes/oauth.rb @gitlab-org/manage/authentication-and-authorization +/ee/lib/ee/gitlab/auth @gitlab-org/manage/authentication-and-authorization +/ee/lib/ee/gitlab/auth.rb @gitlab-org/manage/authentication-and-authorization +/ee/lib/ee/gitlab/omniauth_initializer.rb @gitlab-org/manage/authentication-and-authorization +/ee/lib/gitlab/auth @gitlab-org/manage/authentication-and-authorization +/ee/lib/gitlab/auth_logger.rb @gitlab-org/manage/authentication-and-authorization +/ee/lib/gitlab/authority_analyzer.rb @gitlab-org/manage/authentication-and-authorization +/ee/lib/gitlab/geo/oauth @gitlab-org/manage/authentication-and-authorization +/ee/lib/gitlab/kerberos @gitlab-org/manage/authentication-and-authorization +/ee/lib/omni_auth @gitlab-org/manage/authentication-and-authorization +/ee/lib/system_check/geo/authorized_keys_check.rb @gitlab-org/manage/authentication-and-authorization +/ee/lib/system_check/geo/authorized_keys_flag_check.rb @gitlab-org/manage/authentication-and-authorization +/lib/api/entities/ci/reset_token_result.rb @gitlab-org/manage/authentication-and-authorization +/lib/api/entities/impersonation_token.rb @gitlab-org/manage/authentication-and-authorization +/lib/api/entities/impersonation_token_with_token.rb @gitlab-org/manage/authentication-and-authorization +/lib/api/entities/personal_access_token.rb @gitlab-org/manage/authentication-and-authorization +/lib/api/entities/personal_access_token_with_token.rb @gitlab-org/manage/authentication-and-authorization +/lib/api/entities/resource_access_token.rb @gitlab-org/manage/authentication-and-authorization +/lib/api/entities/resource_access_token_with_token.rb @gitlab-org/manage/authentication-and-authorization +/lib/api/helpers/authentication.rb @gitlab-org/manage/authentication-and-authorization +/lib/api/helpers/packages/basic_auth_helpers.rb @gitlab-org/manage/authentication-and-authorization +/lib/api/personal_access_tokens.rb @gitlab-org/manage/authentication-and-authorization +/lib/api/resource_access_tokens.rb @gitlab-org/manage/authentication-and-authorization +/lib/api/support/token_with_expiration.rb @gitlab-org/manage/authentication-and-authorization +/lib/gitlab/api_authentication @gitlab-org/manage/authentication-and-authorization +/lib/gitlab/auth @gitlab-org/manage/authentication-and-authorization +/lib/gitlab/auth.rb @gitlab-org/manage/authentication-and-authorization +/lib/gitlab/auth_logger.rb @gitlab-org/manage/authentication-and-authorization +/lib/gitlab/authorized_keys.rb @gitlab-org/manage/authentication-and-authorization +/lib/gitlab/background_migration/encrypt_static_object_token.rb @gitlab-org/manage/authentication-and-authorization +/lib/gitlab/background_migration/migrate_u2f_webauthn.rb @gitlab-org/manage/authentication-and-authorization +/lib/gitlab/background_migration/update_users_where_two_factor_auth_required_from_group.rb @gitlab-org/manage/authentication-and-authorization +/lib/gitlab/chat_name_token.rb @gitlab-org/manage/authentication-and-authorization +/lib/gitlab/ci/pipeline/expression/token.rb @gitlab-org/manage/authentication-and-authorization +/lib/gitlab/external_authorization @gitlab-org/manage/authentication-and-authorization +/lib/gitlab/external_authorization.rb @gitlab-org/manage/authentication-and-authorization +/lib/gitlab/graphql/authorize @gitlab-org/manage/authentication-and-authorization +/lib/gitlab/jwt_authenticatable.rb @gitlab-org/manage/authentication-and-authorization +/lib/gitlab/jwt_token.rb @gitlab-org/manage/authentication-and-authorization +/lib/gitlab/lfs_token.rb @gitlab-org/manage/authentication-and-authorization +/lib/gitlab/mail_room @gitlab-org/manage/authentication-and-authorization +/lib/gitlab/omniauth_initializer.rb @gitlab-org/manage/authentication-and-authorization +/lib/gitlab/project_authorizations.rb @gitlab-org/manage/authentication-and-authorization +/lib/json_web_token @gitlab-org/manage/authentication-and-authorization +/lib/omni_auth @gitlab-org/manage/authentication-and-authorization +/lib/system_check/app/authorized_keys_permission_check.rb @gitlab-org/manage/authentication-and-authorization +/lib/system_check/incoming_email/imap_authentication_check.rb @gitlab-org/manage/authentication-and-authorization +/lib/tasks/gitlab/password.rake @gitlab-org/manage/authentication-and-authorization +/lib/tasks/tokens.rake @gitlab-org/manage/authentication-and-authorization diff --git a/.gitlab/ci/global.gitlab-ci.yml b/.gitlab/ci/global.gitlab-ci.yml index 4069dfe9a2b..7e06a4a71bd 100644 --- a/.gitlab/ci/global.gitlab-ci.yml +++ b/.gitlab/ci/global.gitlab-ci.yml @@ -53,6 +53,7 @@ - ${TMP_TEST_FOLDER}/gitaly/run2/ - ${TMP_TEST_FOLDER}/gitaly/Makefile - ${TMP_TEST_FOLDER}/gitaly/praefect.config.toml + - ${TMP_TEST_FOLDER}/gitaly/praefect-db.config.toml - ${TMP_TEST_FOLDER}/gitaly/ruby/ policy: pull @@ -114,14 +115,16 @@ policy: push .qa-ruby-gems-cache: &qa-ruby-gems-cache - key: "qa-ruby-gems-${DEBIAN_VERSION}" + key: + files: + - qa/Gemfile.lock paths: - - qa/vendor/ruby/ + - qa/vendor/ruby policy: pull .qa-ruby-gems-cache-push: &qa-ruby-gems-cache-push <<: *qa-ruby-gems-cache - policy: push # We want to rebuild the cache from scratch to ensure stale dependencies are cleaned up. + policy: pull-push .setup-test-env-cache: cache: @@ -246,7 +249,7 @@ command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] - name: redis:5.0-alpine - name: elasticsearch:7.17.0 - command: ["elasticsearch", "-E", "discovery.type=single-node"] + command: ["elasticsearch", "-E", "discovery.type=single-node", "-E", "xpack.security.enabled=false"] variables: POSTGRES_HOST_AUTH_METHOD: trust PG_VERSION: "11" @@ -257,7 +260,7 @@ command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] - name: redis:6.0-alpine - name: elasticsearch:7.17.0 - command: ["elasticsearch", "-E", "discovery.type=single-node"] + command: ["elasticsearch", "-E", "discovery.type=single-node", "-E", "xpack.security.enabled=false"] variables: POSTGRES_HOST_AUTH_METHOD: trust PG_VERSION: "12" @@ -268,11 +271,35 @@ command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] - name: redis:5.0-alpine - name: elasticsearch:7.17.0 - command: ["elasticsearch", "-E", "discovery.type=single-node"] + command: ["elasticsearch", "-E", "discovery.type=single-node", "-E", "xpack.security.enabled=false"] variables: POSTGRES_HOST_AUTH_METHOD: trust PG_VERSION: "13" +.use-pg12-es8-ee: + services: + - name: postgres:12 + command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] + - name: redis:6.0-alpine + - name: elasticsearch:8.1.1 + variables: + POSTGRES_HOST_AUTH_METHOD: trust + PG_VERSION: "12" + ES_SETTING_DISCOVERY_TYPE: "single-node" + ES_SETTING_XPACK_SECURITY_ENABLED: "false" + +.use-pg12-opensearch1-ee: + services: + - name: postgres:12 + command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] + - name: redis:6.0-alpine + - name: opensearchproject/opensearch:1.2.4 + alias: elasticsearch + command: ["bin/opensearch", "-E", "discovery.type=single-node", "-E", "plugins.security.disabled=true"] + variables: + POSTGRES_HOST_AUTH_METHOD: trust + PG_VERSION: "12" + .use-kaniko: image: name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:kaniko diff --git a/.gitlab/ci/qa.gitlab-ci.yml b/.gitlab/ci/qa.gitlab-ci.yml index 8881a4c486d..1ebc408e0d4 100644 --- a/.gitlab/ci/qa.gitlab-ci.yml +++ b/.gitlab/ci/qa.gitlab-ci.yml @@ -1,4 +1,5 @@ .qa-job-base: + image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-2.7:bundler-2.3-git-2.33-chrome-99 extends: - .default-retry - .qa-cache @@ -114,13 +115,13 @@ update-qa-cache: .package-and-qa-ff-base: script: - | - feature_flags=$(scripts/changed-feature-flags --files $(cat $CHANGES_FILE | tr ' ' ',') --state $QA_FF_STATE) + feature_flags=$(scripts/changed-feature-flags --files $CHANGES_DIFFS_DIR --state $QA_FF_STATE) if [[ $feature_flags ]]; then export GITLAB_QA_OPTIONS="--set-feature-flags $feature_flags" echo $GITLAB_QA_OPTIONS ./scripts/trigger-build.rb omnibus else - echo "No changed feature flag found to test. The tests are skipped if the flag was removed." + echo "No changed feature flag found to test as $QA_FF_STATE." fi package-and-qa: @@ -134,7 +135,7 @@ package-and-qa-ff-enabled: - .package-and-qa-ff-base - .qa:rules:package-and-qa:feature-flags variables: - QA_FF_STATE: "enable" + QA_FF_STATE: "enabled" package-and-qa-ff-disabled: extends: @@ -142,4 +143,12 @@ package-and-qa-ff-disabled: - .package-and-qa-ff-base - .qa:rules:package-and-qa:feature-flags variables: - QA_FF_STATE: "disable" + QA_FF_STATE: "disabled" + +package-and-qa-ff-deleted: + extends: + - .package-and-qa-base + - .package-and-qa-ff-base + - .qa:rules:package-and-qa:feature-flags + variables: + QA_FF_STATE: "deleted" diff --git a/.gitlab/ci/rails.gitlab-ci.yml b/.gitlab/ci/rails.gitlab-ci.yml index 24b6c6d2773..77bdfda3eac 100644 --- a/.gitlab/ci/rails.gitlab-ci.yml +++ b/.gitlab/ci/rails.gitlab-ci.yml @@ -25,6 +25,10 @@ .single-db-rspec: extends: .single-db +.praefect-with-db: + variables: + GITALY_PRAEFECT_WITH_DB: '1' + .rspec-base: extends: - .rails-job-base @@ -38,7 +42,7 @@ needs: ["setup-test-env", "retrieve-tests-metadata", "compile-test-assets", "detect-tests"] script: - !reference [.base-script, script] - - rspec_paralellized_job "--tag ~quarantine --tag ~geo --tag ~level:migration" + - rspec_paralellized_job "--tag ~quarantine --tag ~level:migration" .base-artifacts: artifacts: @@ -61,7 +65,7 @@ - .rails:rules:ee-and-foss-migration script: - !reference [.base-script, script] - - rspec_paralellized_job "--tag ~quarantine --tag ~geo --tag level:migration" + - rspec_paralellized_job "--tag ~quarantine --tag level:migration" .rspec-base-pg11: extends: @@ -101,41 +105,26 @@ - .rspec-base - .use-pg12-ee -.rspec-jh-base-pg12: - extends: - - .rspec-base-pg12-as-if-jh - - .use-pg12-ee - -.rspec-ee-base-pg13: +.rspec-ee-base-pg12-es8: extends: - .rspec-base - - .use-pg13-ee + - .use-pg12-es8-ee + - .rails:rules:run-search-tests -.rspec-ee-base-geo: - extends: .rspec-base - script: - - !reference [.base-script, script] - - rspec_paralellized_job "--tag ~quarantine --tag geo" - -.rspec-ee-base-geo-pg11: +.rspec-ee-base-pg12-opensearch1: extends: - - .rspec-ee-base-geo - - .use-pg11-ee + - .rspec-base + - .use-pg12-opensearch1-ee + - .rails:rules:run-search-tests -.rspec-ee-base-geo-pg12: +.rspec-jh-base-pg12: extends: - - .rspec-ee-base-geo + - .rspec-base-pg12-as-if-jh - .use-pg12-ee -.rspec-jh-base-geo-pg12: - extends: - - .rspec-jh-base-pg12 - script: - - !reference [.rspec-ee-base-geo, script] - -.rspec-ee-base-geo-pg13: +.rspec-ee-base-pg13: extends: - - .rspec-ee-base-geo + - .rspec-base - .use-pg13-ee .db-job-base: @@ -160,10 +149,7 @@ parallel: 22 .rspec-ee-unit-parallel: - parallel: 14 - -.rspec-ee-unit-geo-parallel: - parallel: 2 + parallel: 16 .rspec-integration-parallel: parallel: 10 @@ -210,6 +196,7 @@ setup-test-env: - ${TMP_TEST_FOLDER}/gitaly/run2/ - ${TMP_TEST_FOLDER}/gitaly/Makefile - ${TMP_TEST_FOLDER}/gitaly/praefect.config.toml + - ${TMP_TEST_FOLDER}/gitaly/praefect-db.config.toml - ${TMP_TEST_FOLDER}/gitaly/ruby/ - ${TMP_TEST_FOLDER}/gitlab-elasticsearch-indexer/bin/gitlab-elasticsearch-indexer - ${TMP_TEST_FOLDER}/gitlab-shell/ @@ -280,6 +267,12 @@ rspec migration pg12 single-db: - .single-db-rspec - .rails:rules:single-db +rspec migration pg12 praefect: + extends: + - rspec migration pg12 + - .praefect-with-db + - .rails:rules:praefect-with-db + rspec unit pg12: extends: - .rspec-base-pg12 @@ -298,6 +291,12 @@ rspec unit pg12 single-db: - .single-db-rspec - .rails:rules:single-db +rspec unit pg12 praefect: + extends: + - rspec unit pg12 + - .praefect-with-db + - .rails:rules:praefect-with-db + rspec integration pg12: extends: - .rspec-base-pg12 @@ -316,6 +315,12 @@ rspec integration pg12 single-db: - .single-db-rspec - .rails:rules:single-db +rspec integration pg12 praefect: + extends: + - rspec integration pg12 + - .praefect-with-db + - .rails:rules:praefect-with-db + rspec system pg12: extends: - .rspec-base-pg12 @@ -336,6 +341,12 @@ rspec system pg12 single-db: - .single-db-rspec - .rails:rules:single-db +rspec system pg12 praefect: + extends: + - rspec system pg12 + - .praefect-with-db + - .rails:rules:praefect-with-db + # Dedicated job to test DB library code against PG11. # Note that these are already tested against PG12 in the `rspec unit pg12` / `rspec-ee unit pg12` jobs. rspec db-library-code pg11: @@ -510,9 +521,6 @@ rspec:deprecations: - rspec-ee unit pg12 - rspec-ee integration pg12 - rspec-ee system pg12 - - rspec-ee unit pg12 geo - - rspec-ee integration pg12 geo - - rspec-ee system pg12 geo variables: SETUP_DB: "false" script: @@ -564,14 +572,6 @@ rspec:coverage: - rspec-ee unit pg12 single-db - rspec-ee integration pg12 single-db - rspec-ee system pg12 single-db - # Geo jobs - - rspec-ee unit pg12 geo - - rspec-ee integration pg12 geo - - rspec-ee system pg12 geo - # Geo minimal jobs - - rspec-ee unit pg12 geo minimal - - rspec-ee integration pg12 geo minimal - - rspec-ee system pg12 geo minimal # Memory jobs - memory-on-boot # As-if-FOSS jobs @@ -788,6 +788,16 @@ rspec-ee unit pg12: - .rails:rules:ee-only-unit - .rspec-ee-unit-parallel +rspec-ee unit pg12 es8: + extends: + - .rspec-ee-base-pg12-es8 + - .rspec-ee-unit-parallel + +rspec-ee unit pg12 opensearch1: + extends: + - .rspec-ee-base-pg12-opensearch1 + - .rspec-ee-unit-parallel + rspec-ee unit pg12 minimal: extends: - rspec-ee unit pg12 @@ -806,6 +816,16 @@ rspec-ee integration pg12: - .rails:rules:ee-only-integration - .rspec-ee-integration-parallel +rspec-ee integration pg12 es8: + extends: + - .rspec-ee-base-pg12-es8 + - .rspec-ee-integration-parallel + +rspec-ee integration pg12 opensearch1: + extends: + - .rspec-ee-base-pg12-opensearch1 + - .rspec-ee-integration-parallel + rspec-ee integration pg12 minimal: extends: - rspec-ee integration pg12 @@ -824,6 +844,16 @@ rspec-ee system pg12: - .rails:rules:ee-only-system - .rspec-ee-system-parallel +rspec-ee system pg12 es8: + extends: + - .rspec-ee-base-pg12-es8 + - .rspec-ee-system-parallel + +rspec-ee system pg12 opensearch1: + extends: + - .rspec-ee-base-pg12-opensearch1 + - .rspec-ee-system-parallel + rspec-ee system pg12 minimal: extends: - rspec-ee system pg12 @@ -836,40 +866,6 @@ rspec-ee system pg12 single-db: - .single-db-rspec - .rails:rules:single-db -rspec-ee unit pg12 geo: - extends: - - .rspec-ee-base-geo-pg12 - - .rails:rules:ee-only-unit - - .rspec-ee-unit-geo-parallel - -rspec-ee unit pg12 geo minimal: - extends: - - rspec-ee unit pg12 geo - - .minimal-rspec-tests - - .rails:rules:ee-only-unit:minimal - -rspec-ee integration pg12 geo: - extends: - - .rspec-ee-base-geo-pg12 - - .rails:rules:ee-only-integration - -rspec-ee integration pg12 geo minimal: - extends: - - rspec-ee integration pg12 geo - - .minimal-rspec-tests - - .rails:rules:ee-only-integration:minimal - -rspec-ee system pg12 geo: - extends: - - .rspec-ee-base-geo-pg12 - - .rails:rules:ee-only-system - -rspec-ee system pg12 geo minimal: - extends: - - rspec-ee system pg12 geo - - .minimal-rspec-tests - - .rails:rules:ee-only-system:minimal - rspec-ee migration pg12-as-if-jh: extends: - .rspec-jh-base-pg12 @@ -895,22 +891,6 @@ rspec-ee system pg12-as-if-jh: - .rails:rules:as-if-jh-rspec - .rspec-ee-system-parallel -rspec-ee unit pg12-as-if-jh geo: - extends: - - .rspec-jh-base-geo-pg12 - - .rails:rules:as-if-jh-rspec - - .rspec-ee-unit-geo-parallel - -rspec-ee integration pg12-as-if-jh geo: - extends: - - .rspec-jh-base-geo-pg12 - - .rails:rules:as-if-jh-rspec - -rspec-ee system pg12-as-if-jh geo: - extends: - - .rspec-jh-base-geo-pg12 - - .rails:rules:as-if-jh-rspec - rspec-jh migration pg12-as-if-jh: extends: - .rspec-jh-base-pg12 @@ -932,21 +912,6 @@ rspec-jh system pg12-as-if-jh: - .rspec-jh-base-pg12 - .rails:rules:as-if-jh-rspec -rspec-jh unit pg12-as-if-jh geo: - extends: - - .rspec-jh-base-geo-pg12 - - .rails:rules:as-if-jh-rspec - -rspec-jh integration pg12-as-if-jh geo: - extends: - - .rspec-jh-base-geo-pg12 - - .rails:rules:as-if-jh-rspec - -rspec-jh system pg12-as-if-jh geo: - extends: - - .rspec-jh-base-geo-pg12 - - .rails:rules:as-if-jh-rspec - db:rollback geo: extends: - db:rollback @@ -1044,22 +1009,6 @@ rspec-ee system pg11: - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only - .rspec-ee-system-parallel -rspec-ee unit pg11 geo: - extends: - - .rspec-ee-base-geo-pg11 - - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only - - .rspec-ee-unit-geo-parallel - -rspec-ee integration pg11 geo: - extends: - - .rspec-ee-base-geo-pg11 - - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only - -rspec-ee system pg11 geo: - extends: - - .rspec-ee-base-geo-pg11 - - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only - # PG13 rspec-ee migration pg13: extends: @@ -1085,22 +1034,6 @@ rspec-ee system pg13: - .rspec-ee-base-pg13 - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only - .rspec-ee-system-parallel - -rspec-ee unit pg13 geo: - extends: - - .rspec-ee-base-geo-pg13 - - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only - - .rspec-ee-unit-geo-parallel - -rspec-ee integration pg13 geo: - extends: - - .rspec-ee-base-geo-pg13 - - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only - -rspec-ee system pg13 geo: - extends: - - .rspec-ee-base-geo-pg13 - - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only # EE: default branch nightly scheduled jobs # ##################################### diff --git a/.gitlab/ci/reports.gitlab-ci.yml b/.gitlab/ci/reports.gitlab-ci.yml index 3628013fc9b..107f37ed47d 100644 --- a/.gitlab/ci/reports.gitlab-ci.yml +++ b/.gitlab/ci/reports.gitlab-ci.yml @@ -2,8 +2,8 @@ include: - template: Jobs/Code-Quality.gitlab-ci.yml - template: Jobs/SAST.gitlab-ci.yml - template: Jobs/Secret-Detection.gitlab-ci.yml - - template: Security/Dependency-Scanning.gitlab-ci.yml - - template: Security/License-Scanning.gitlab-ci.yml + - template: Jobs/Dependency-Scanning.gitlab-ci.yml + - template: Jobs/License-Scanning.gitlab-ci.yml code_quality: extends: @@ -82,9 +82,8 @@ secret_detection: expire_in: 1 week # GitLab-specific gemnasium-dependency_scanning: - before_script: - # git-lfs is needed for auto-remediation - - apk add git-lfs + variables: + DS_REMEDIATE: "false" rules: !reference [".reports:rules:gemnasium-dependency_scanning", rules] gemnasium-python-dependency_scanning: @@ -103,7 +102,7 @@ yarn-audit-dependency_scanning: extends: .default-retry stage: test image: - name: registry.gitlab.com/gitlab-com/gl-security/security-research/package-hunter-cli:1.1.0 + name: registry.gitlab.com/gitlab-org/security-products/package-hunter-cli:v1.3.2@sha256:7529deaef9ea21aab56bfb74ae1abbc121311affdb6ece49ce7b1c360f997ca2 entrypoint: [""] variables: HTR_user: '$PACKAGE_HUNTER_USER' diff --git a/.gitlab/ci/review-apps/main.gitlab-ci.yml b/.gitlab/ci/review-apps/main.gitlab-ci.yml index b528a2c7427..dde08b15bc3 100644 --- a/.gitlab/ci/review-apps/main.gitlab-ci.yml +++ b/.gitlab/ci/review-apps/main.gitlab-ci.yml @@ -111,7 +111,6 @@ review-deploy: artifacts: paths: - environment_url.txt - - curl_output.txt expire_in: 7 days when: always diff --git a/.gitlab/ci/review-apps/qa.gitlab-ci.yml b/.gitlab/ci/review-apps/qa.gitlab-ci.yml index d2192a7511a..47e756eb230 100644 --- a/.gitlab/ci/review-apps/qa.gitlab-ci.yml +++ b/.gitlab/ci/review-apps/qa.gitlab-ci.yml @@ -1,21 +1,19 @@ include: - project: gitlab-org/quality/pipeline-common - ref: 0.3.6 + ref: 0.6.0 file: - /ci/allure-report.yml - /ci/knapsack-report.yml -.review-qa-base: - extends: - - .use-docker-in-docker - image: - name: ${QA_IMAGE} - entrypoint: [""] - stage: qa - needs: ["review-deploy"] +.bundler_variables: + variables: + BUNDLE_SUPPRESS_INSTALL_USING_MESSAGES: "true" + BUNDLE_SILENCE_ROOT_WARNING: "true" + BUNDLE_PATH: vendor + +.test_variables: variables: QA_DEBUG: "true" - QA_CAN_TEST_GIT_PROTOCOL_V2: "false" QA_GENERATE_ALLURE_REPORT: "true" GITLAB_USERNAME: "root" GITLAB_PASSWORD: "${REVIEW_APPS_ROOT_PASSWORD}" @@ -23,19 +21,40 @@ include: GITLAB_ADMIN_PASSWORD: "${REVIEW_APPS_ROOT_PASSWORD}" GITLAB_QA_ADMIN_ACCESS_TOKEN: "${REVIEW_APPS_ROOT_TOKEN}" GITHUB_ACCESS_TOKEN: "${REVIEW_APPS_QA_GITHUB_ACCESS_TOKEN}" - SIGNUP_DISABLED: "true" + +.review-qa-base: + extends: + - .use-docker-in-docker + - .qa-cache + - .test_variables + - .bundler_variables + image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-2.7:bundler-2.3-git-2.33-lfs-2.9-chrome-99-docker-20.10.14-gcloud-383-kubectl-1.23 + stage: qa + needs: + - review-deploy + - download-knapsack-report + variables: + DOCKER_HOST: tcp://docker:2376 + DOCKER_TLS_CERTDIR: /certs + DOCKER_CERT_PATH: /certs/client + DOCKER_TLS_VERIFY: 1 before_script: - # Use $CI_MERGE_REQUEST_SOURCE_BRANCH_SHA so that GitLab image built in omnibus-gitlab-mirror and QA image are in sync. - export EE_LICENSE="$(cat $REVIEW_APPS_EE_LICENSE_FILE)" - - if [ -n "$CI_MERGE_REQUEST_SOURCE_BRANCH_SHA" ]; then - git checkout -f ${CI_MERGE_REQUEST_SOURCE_BRANCH_SHA}; - fi - - export CI_ENVIRONMENT_URL="$(cat environment_url.txt)" - - echo "${CI_ENVIRONMENT_URL}" - - cd qa + - export QA_GITLAB_URL="$(cat environment_url.txt)" + - cd qa && bundle install script: - qa_run_status=0 - - bin/test "${QA_SCENARIO}" "${CI_ENVIRONMENT_URL}" -- --color --format documentation --format RspecJunitFormatter --out tmp/rspec.xml || qa_run_status=$? + - | + bundle exec rake "knapsack:rspec[\ + ${RSPEC_TAGS} \ + --tag ~orchestrated \ + --tag ~transient \ + --tag ~skip_signup_disabled \ + --force-color \ + --order random \ + --format documentation \ + --format RspecJunitFormatter --out tmp/rspec.xml \ + ]" || qa_run_status=$? - if [ ${qa_run_status} -ne 0 ]; then release_sha=$(echo "${CI_MERGE_REQUEST_SOURCE_BRANCH_SHA:-${CI_COMMIT_SHA}}" | cut -c1-11); echo "Errors can be found at https://sentry.gitlab.net/gitlab/gitlab-review-apps/releases/${release_sha}/all-events/."; @@ -58,25 +77,41 @@ include: ALLURE_MERGE_REQUEST_IID: $CI_MERGE_REQUEST_IID ALLURE_RESULTS_GLOB: qa/tmp/allure-results/* +# Store knapsack report as artifact so the same report is reused across all jobs +download-knapsack-report: + image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-2.7:bundler-2.3-git-2.33-chrome-99 + extends: + - .qa-cache + - .bundler_variables + - .review:rules:review-qa-reliable + stage: prepare + before_script: + - cd qa && bundle install + script: + - QA_KNAPSACK_REPORT_NAME=review-qa-reliable bundle exec rake "knapsack:download" + - QA_KNAPSACK_REPORT_NAME=review-qa-all bundle exec rake "knapsack:download" + allow_failure: true + artifacts: + paths: + - qa/knapsack/review-qa-*.json + expire_in: 1 day + review-qa-smoke: extends: - .review-qa-base - .review:rules:review-qa-smoke - retry: 1 # This is confusing but this means "2 runs at max". variables: QA_RUN_TYPE: review-qa-smoke - QA_SCENARIO: Test::Instance::Smoke - + RSPEC_TAGS: --tag smoke review-qa-reliable: extends: - .review-qa-base - .review:rules:review-qa-reliable - parallel: 8 - retry: 1 + parallel: 10 variables: QA_RUN_TYPE: review-qa-reliable - QA_SCENARIO: Test::Instance::Reliable + RSPEC_TAGS: --tag reliable review-qa-all: extends: @@ -85,8 +120,7 @@ review-qa-all: parallel: 5 variables: QA_RUN_TYPE: review-qa-all - QA_SCENARIO: Test::Instance::All - QA_SKIP_SMOKE_RELIABLE: "true" + RSPEC_TAGS: --tag ~reliable --tag ~smoke review-performance: extends: @@ -136,9 +170,11 @@ allure-report-qa-all: variables: ALLURE_JOB_NAME: review-qa-all -knapsack-report: +upload-knapsack-report: extends: - .generate-knapsack-report-base stage: post-qa variables: - QA_KNAPSACK_REPORT_FILE_PATTERN: $CI_PROJECT_DIR/tmp/knapsack/*/*.json + # knapsack report upload uses gitlab-qa image with code already there + GIT_STRATEGY: none + QA_KNAPSACK_REPORT_FILE_PATTERN: $CI_PROJECT_DIR/qa/tmp/knapsack/*/*.json diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml index 142341e5741..37593ffd2fc 100644 --- a/.gitlab/ci/rules.gitlab-ci.yml +++ b/.gitlab/ci/rules.gitlab-ci.yml @@ -76,6 +76,9 @@ .if-merge-request-labels-jh-contribution: &if-merge-request-labels-jh-contribution if: '$CI_MERGE_REQUEST_LABELS =~ /JiHu contribution/' +.if-merge-request-labels-group-global-search: &if-merge-request-labels-group-global-search + if: '$CI_MERGE_REQUEST_LABELS =~ /group::global search/' + .if-security-merge-request: &if-security-merge-request if: '$CI_PROJECT_NAMESPACE == "gitlab-org/security" && $CI_MERGE_REQUEST_IID' @@ -247,6 +250,9 @@ .models-patterns: &models-patterns - "{,ee/,jh/}{app/models}/**/*" +.lib-gitlab-patterns: &lib-gitlab-patterns + - "{,ee/,jh/}lib/{,ee/,jh/}gitlab/**/*" + .startup-css-patterns: &startup-css-patterns - "{,ee/,jh/}app/assets/stylesheets/startup/**/*" @@ -257,7 +263,7 @@ - "config.ru" # List explicitly all the app/ dirs that are backend (i.e. all except app/assets). - "{,ee/,jh/}{app/channels,app/controllers,app/finders,app/graphql,app/helpers,app/mailers,app/models,app/policies,app/presenters,app/serializers,app/services,app/uploaders,app/validators,app/views,app/workers}/**/*" - - "{,ee/,jh/}{bin,cable,config,db,generator_templates,lib}/**/*" + - "{,ee/,jh/}{bin,config,db,generator_templates,lib}/**/*" - "{,ee/,jh/}spec/**/*" # CI changes - ".gitlab-ci.yml" @@ -267,6 +273,14 @@ # Mapped patterns (see tests.yml) - "data/whats_new/*.yml" +.search-backend-patterns: &search-backend-patterns + - "{,jh/}Gemfile.lock" + - "GITLAB_ELASTICSEARCH_INDEXER_VERSION" + # List explicitly all the app/ dirs that are backend (i.e. all except app/assets). + - "{,ee/,jh/}{app/channels,app/controllers,app/finders,app/graphql,app/helpers,app/mailers,app/models,app/policies,app/presenters,app/serializers,app/services,app/uploaders,app/validators,app/views,app/workers}/**/*" + - "{,ee/,jh/}{bin,config,db,generator_templates,lib}/**/*" + - "{,ee/,jh/}spec/**/*" + # DB patterns + .ci-patterns .db-patterns: &db-patterns - "{,ee/,jh/}{,spec/}{db,migrations}/**/*" @@ -513,6 +527,10 @@ - <<: *if-security-merge-request when: never +.rails:rules:run-search-tests: + rules: + - <<: *if-merge-request-labels-group-global-search + changes: *search-backend-patterns .rails:rules:ee-and-foss-default-rules: rules: @@ -604,6 +622,7 @@ rules: - <<: *if-not-ee when: never + - <<: *if-merge-request-targeting-stable-branch - <<: *if-merge-request-labels-run-review-app - <<: *if-dot-com-gitlab-org-and-security-merge-request changes: *ci-build-images-patterns @@ -618,6 +637,7 @@ rules: - <<: *if-not-canonical-namespace when: never + - <<: *if-merge-request-targeting-stable-branch - <<: *if-merge-request-labels-run-review-app - <<: *if-auto-deploy-branches - changes: *ci-build-images-patterns @@ -692,6 +712,7 @@ rules: - <<: *if-not-canonical-namespace when: never + - <<: *if-merge-request-targeting-stable-branch - <<: *if-merge-request-labels-run-review-app - <<: *if-auto-deploy-branches - changes: *code-qa-patterns @@ -879,9 +900,8 @@ rules: - <<: *if-not-ee when: never - - <<: *if-dot-com-gitlab-org-and-security-merge-request - changes: *feature-flag-development-config-patterns - when: never + - <<: *if-merge-request-targeting-stable-branch + allow_failure: true - <<: *if-dot-com-gitlab-org-and-security-merge-request changes: *nodejs-patterns allow_failure: true @@ -938,6 +958,11 @@ changes: *db-patterns - <<: *if-default-branch-schedule-nightly +.rails:rules:praefect-with-db: + rules: + - if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-praefect-with-db/' + allow_failure: true + .rails:rules:ee-and-foss-migration: rules: - <<: *if-fork-merge-request @@ -1470,24 +1495,32 @@ rules: - if: '$SECRET_DETECTION_DISABLED' when: never + # Scan each commit on master to feed the Vulnerability Reports with detected secrets + - <<: *if-default-branch-refs - changes: *code-backstage-qa-patterns .reports:rules:gemnasium-dependency_scanning: rules: - - if: '$DEPENDENCY_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\bdependency_scanning\b/ || $DS_EXCLUDED_ANALYZERS =~ /gemnasium([^-]|$)/ || $DS_DEFAULT_ANALYZERS !~ /gemnasium([^-]|$)/' + - if: '$DEPENDENCY_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\bdependency_scanning\b/ || $DS_EXCLUDED_ANALYZERS =~ /gemnasium([^-]|$)/' when: never + # Run Dependency Scanning on master until https://gitlab.com/gitlab-org/gitlab/-/issues/361657 is resolved + - <<: *if-default-branch-refs - changes: *dependency-patterns .reports:rules:gemnasium-python-dependency_scanning: rules: - - if: '$DEPENDENCY_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\bdependency_scanning\b/ || $DS_EXCLUDED_ANALYZERS =~ /gemnasium-python/ || $DS_DEFAULT_ANALYZERS !~ /gemnasium-python/' + - if: '$DEPENDENCY_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\bdependency_scanning\b/ || $DS_EXCLUDED_ANALYZERS =~ /gemnasium-python/' when: never + # Run Dependency Scanning on master until https://gitlab.com/gitlab-org/gitlab/-/issues/361657 is resolved + - <<: *if-default-branch-refs - changes: *python-patterns .reports:rules:yarn-audit-dependency_scanning: rules: - if: '$DEPENDENCY_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\bdependency_scanning\b/' when: never + # Run Dependency Scanning on master until https://gitlab.com/gitlab-org/gitlab/-/issues/361657 is resolved + - <<: *if-default-branch-refs - changes: *nodejs-patterns .reports:rules:schedule-dast: @@ -1535,6 +1568,8 @@ - <<: *if-dot-com-gitlab-org-merge-request changes: *models-patterns - <<: *if-dot-com-gitlab-org-merge-request + changes: *lib-gitlab-patterns + - <<: *if-dot-com-gitlab-org-merge-request changes: *qa-patterns - <<: *if-dot-com-gitlab-org-merge-request changes: *code-patterns diff --git a/.gitlab/ci/static-analysis.gitlab-ci.yml b/.gitlab/ci/static-analysis.gitlab-ci.yml index f5f0dcfe7f8..e1257e778bd 100644 --- a/.gitlab/ci/static-analysis.gitlab-ci.yml +++ b/.gitlab/ci/static-analysis.gitlab-ci.yml @@ -7,6 +7,7 @@ variables: SETUP_DB: "false" ENABLE_SPRING: "1" + SKIP_LOG_INITIALIZER_CONNECTIONS: "1" # Disable warnings in browserslist which can break on backports # https://github.com/browserslist/browserslist/blob/a287ec6/node.js#L367-L384 BROWSERSLIST_IGNORE_OLD_DATA: "true" @@ -75,7 +76,7 @@ eslint: USE_BUNDLE_INSTALL: "false" script: - run_timed_command "retry yarn install --frozen-lockfile" - - run_timed_command "yarn run lint:eslint:all --parser-options=schema:${GRAPHQL_SCHEMA_APOLLO_FILE}" + - run_timed_command "yarn run lint:eslint:all" eslint as-if-foss: extends: @@ -111,7 +112,7 @@ rubocop: script: - run_timed_command "bundle exec rubocop --parallel" -qa:testcases: +qa:metadata-lint: extends: - .static-analysis-base - .static-analysis:rules:ee-and-foss-qa @@ -123,6 +124,7 @@ qa:testcases: - run_timed_command "bundle exec bin/qa Test::Instance::All http://localhost:3000 --test-metadata-only" - cd .. - run_timed_command "./scripts/qa/testcases-check qa/tmp/test-metadata.json" + - run_timed_command "./scripts/qa/quarantine-types-check qa/tmp/test-metadata.json" variables: USE_BUNDLE_INSTALL: "false" SETUP_DB: "false" diff --git a/.gitlab/ci/test-metadata.gitlab-ci.yml b/.gitlab/ci/test-metadata.gitlab-ci.yml index 20cbd759ac6..79fea15690c 100644 --- a/.gitlab/ci/test-metadata.gitlab-ci.yml +++ b/.gitlab/ci/test-metadata.gitlab-ci.yml @@ -38,9 +38,6 @@ update-tests-metadata: - rspec-ee unit pg12 - rspec-ee integration pg12 - rspec-ee system pg12 - - rspec-ee unit pg12 geo - - rspec-ee integration pg12 geo - - rspec-ee system pg12 geo script: - run_timed_command "retry gem install fog-aws mime-types activesupport rspec_profiling postgres-copy --no-document" - source ./scripts/rspec_helpers.sh diff --git a/.gitlab/issue_templates/Default.md b/.gitlab/issue_templates/Default.md index f87b82e341b..ab97a24cce7 100644 --- a/.gitlab/issue_templates/Default.md +++ b/.gitlab/issue_templates/Default.md @@ -9,3 +9,5 @@ If you are experiencing an issue when using GitLab.com, your first port of call If you feel that your issue can be categorized as a reproducible bug or a feature proposal, please use one of the issue templates provided and include as much information as possible. Thank you for helping to make GitLab a better product. + +<!-- template sourced from https://gitlab.com/gitlab-org/gitlab/-/blob/master/.gitlab/issue_templates/Default.md --> diff --git a/.gitlab/issue_templates/Feature Flag Cleanup.md b/.gitlab/issue_templates/Feature Flag Cleanup.md index eedb35a4b5f..d32b0c874d4 100644 --- a/.gitlab/issue_templates/Feature Flag Cleanup.md +++ b/.gitlab/issue_templates/Feature Flag Cleanup.md @@ -41,7 +41,7 @@ Are there any other stages or teams involved that need to be kept in the loop? the feature can be officially announced in a release blog post. - [ ] `/chatops run auto_deploy status <merge-commit-of-cleanup-mr>` - [ ] Close [the feature issue](ISSUE LINK) to indicate the feature will be released in the current milestone. -- [ ] Clean up the feature flag from all environments by running these chatops command in `#production` channel: +- [ ] If not already done, clean up the feature flag from all environments by running these chatops command in `#production` channel: - [ ] `/chatops run feature delete <feature-flag-name> --dev` - [ ] `/chatops run feature delete <feature-flag-name> --staging` - [ ] `/chatops run feature delete <feature-flag-name>` @@ -49,4 +49,3 @@ Are there any other stages or teams involved that need to be kept in the loop? /label ~"feature flag" ~"type::feature" ~"feature::addition" -/assign DRI diff --git a/.gitlab/issue_templates/Feature Flag Roll Out.md b/.gitlab/issue_templates/Feature Flag Roll Out.md index 0462742513c..52f189f09f0 100644 --- a/.gitlab/issue_templates/Feature Flag Roll Out.md +++ b/.gitlab/issue_templates/Feature Flag Roll Out.md @@ -123,6 +123,10 @@ To do so, follow these steps: If the merge request was deployed before [the monthly release was tagged](https://about.gitlab.com/handbook/engineering/releases/#self-managed-releases-1), the feature can be officially announced in a release blog post. - [ ] `/chatops run release check <merge-request-url> <milestone>` +- [ ] Consider cleaning up the feature flag from all environments by running these chatops command in `#production` channel. Otherwise these settings may override the default enabled. + - [ ] `/chatops run feature delete <feature-flag-name> --dev` + - [ ] `/chatops run feature delete <feature-flag-name> --staging` + - [ ] `/chatops run feature delete <feature-flag-name>` - [ ] Close [the feature issue](ISSUE LINK) to indicate the feature will be released in the current milestone. - [ ] Set the next milestone to this rollout issue for scheduling [the flag removal](#release-the-feature). - [ ] (Optional) You can [create a separate issue](https://gitlab.com/gitlab-org/gitlab/-/issues/new?issuable_template=Feature%20Flag%20Cleanup) for scheduling the steps below to [Release the feature](#release-the-feature). @@ -157,7 +161,7 @@ You can either [create a follow-up issue for Feature Flag Cleanup](https://gitla the feature can be officially announced in a release blog post. - [ ] `/chatops run release check <merge-request-url> <milestone>` - [ ] Close [the feature issue](ISSUE LINK) to indicate the feature will be released in the current milestone. -- [ ] Clean up the feature flag from all environments by running these chatops command in `#production` channel: +- [ ] If not already done, clean up the feature flag from all environments by running these chatops command in `#production` channel: - [ ] `/chatops run feature delete <feature-flag-name> --dev` - [ ] `/chatops run feature delete <feature-flag-name> --staging` - [ ] `/chatops run feature delete <feature-flag-name>` @@ -172,4 +176,3 @@ You can either [create a follow-up issue for Feature Flag Cleanup](https://gitla ``` /label ~"feature flag" ~"type::feature" ~"feature::addition" -/assign DRI diff --git a/.gitlab/issue_templates/Geo Replicate a new Git repository type.md b/.gitlab/issue_templates/Geo Replicate a new Git repository type.md index e858f80ffaa..bfcf7aca7b5 100644 --- a/.gitlab/issue_templates/Geo Replicate a new Git repository type.md +++ b/.gitlab/issue_templates/Geo Replicate a new Git repository type.md @@ -104,7 +104,7 @@ Geo secondary sites have a [Geo tracking database](https://gitlab.com/gitlab-org - [ ] Run Geo tracking database migrations: ```shell - bin/rake geo:db:migrate + bin/rake db:migrate:geo ``` - [ ] Be sure to commit the relevant changes in `ee/db/geo/structure.sql` @@ -303,12 +303,6 @@ That's all of the required database changes. git_access_class.error_message(:no_repo) end - # The feature flag follows the format `geo_#{replicable_name}_replication`, - # so here it would be `geo_cool_widget_replication` - def self.replication_enabled_by_default? - false - end - override :verification_feature_flag_enabled? def self.verification_feature_flag_enabled? # We are adding verification at the same time as replication, so we @@ -673,34 +667,48 @@ The GraphQL API is used by `Admin > Geo > Replication Details` views, and is dir Individual Cool Widget replication and verification data should now be available via the GraphQL API. -### Release Geo support of Cool Widgets +#### Step 4. Handle batch destroy -- [ ] In the rollout issue you created when creating the feature flag, modify the Roll Out Steps: - - [ ] Cross out any steps related to testing on production GitLab.com, because Geo is not running on production GitLab.com at the moment. - - [ ] Add a step to `Test replication and verification of Cool Widgets on a non-GDK-deployment. For example, using GitLab Environment Toolkit`. - - [ ] Add a step to `Ping the Geo PM and EM to coordinate testing`. For example, you might add steps to generate Cool Widgets, and then a Geo engineer may take it from there. -- [ ] In `ee/config/feature_flags/development/geo_cool_widget_replication.yml`, set `default_enabled: true` +If batch destroy logic is implemented for a replicable, then that logic must be "replicated" by Geo secondaries. The easiest way to do this is use `Geo::BatchEventCreateWorker` to bulk insert a delete event for each replicable. -- [ ] In `ee/app/replicators/geo/cool_widget_replicator.rb`, delete the `self.replication_enabled_by_default?` method: +For example, if `FastDestroyAll` is used, then you may be able to [use `begin_fast_destroy` and `finalize_fast_destroy` hooks, like we did for uploads](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/69763). - ```ruby - module Geo - class CoolWidgetReplicator < Gitlab::Geo::Replicator - ... - # REMOVE THIS LINE IF IT IS NO LONGER NEEDED - extend ::Gitlab::Utils::Override +Or if a special service is used to batch delete records and their associated data, then you probably need to [hook into that service, like we did for job artifacts](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/79530). - # REMOVE THIS METHOD - def self.replication_enabled_by_default? - false - end - # REMOVE THIS METHOD +As illustrated by the above two examples, batch destroy logic cannot be handled automatically by Geo secondaries without restricting the way other teams perform batch destroys. It is up to you to produce `Geo::BatchEventCreateWorker` attributes before the records are deleted, and then enqueue `Geo::BatchEventCreateWorker` after the records are deleted. - ... +- [ ] Ensure that any batch destroy of this replicable is replicated to secondary sites +- [ ] Regardless of implementation details, please verify in specs that when the parent object is removed, the new `Geo::Event` records are created: + +```ruby + describe '#destroy' do + subject { create(:cool_widget) } + + context 'when running in a Geo primary node' do + let_it_be(:primary) { create(:geo_node, :primary) } + let_it_be(:secondary) { create(:geo_node) } + + it 'logs an event to the Geo event log when bulk removal is used', :sidekiq_inline do + stub_current_geo_node(primary) + + expect { subject.project.destroy! }.to change(Geo::Event.where(replicable_name: :cool_widget, event_name: :deleted), :count).by(1) + + payload = Geo::Event.where(replicable_name: :cool_widget, event_name: :deleted).last.payload + + expect(payload['model_record_id']).to eq(subject.id) + expect(payload['blob_path']).to eq(subject.relative_path) + expect(payload['uploader_class']).to eq('CoolWidgetUploader') + end end end - ``` +``` +### Release Geo support of Cool Widgets +- [ ] In the rollout issue you created when creating the feature flag, modify the Roll Out Steps: + - [ ] Cross out any steps related to testing on production GitLab.com, because Geo is not running on production GitLab.com at the moment. + - [ ] Add a step to `Test replication and verification of Cool Widgets on a non-GDK-deployment. For example, using GitLab Environment Toolkit`. + - [ ] Add a step to `Ping the Geo PM and EM to coordinate testing`. For example, you might add steps to generate Cool Widgets, and then a Geo engineer may take it from there. +- [ ] In `ee/config/feature_flags/development/geo_cool_widget_replication.yml`, set `default_enabled: true` - [ ] In `ee/app/graphql/types/geo/geo_node_type.rb`, remove the `feature_flag` option for the released type: ```ruby diff --git a/.gitlab/issue_templates/Geo Replicate a new blob type.md b/.gitlab/issue_templates/Geo Replicate a new blob type.md index 0cbfd79c958..ff678666191 100644 --- a/.gitlab/issue_templates/Geo Replicate a new blob type.md +++ b/.gitlab/issue_templates/Geo Replicate a new blob type.md @@ -104,7 +104,7 @@ Geo secondary sites have a [Geo tracking database](https://gitlab.com/gitlab-org - [ ] Run Geo tracking database migrations: ```shell - bin/rake geo:db:migrate + bin/rake db:migrate:geo ``` - [ ] Be sure to commit the relevant changes in `ee/db/geo/structure.sql` @@ -291,12 +291,6 @@ That's all of the required database changes. model_record.file end - # The feature flag follows the format `geo_#{replicable_name}_replication`, - # so here it would be `geo_cool_widget_replication` - def self.replication_enabled_by_default? - false - end - override :verification_feature_flag_enabled? def self.verification_feature_flag_enabled? # We are adding verification at the same time as replication, so we @@ -637,35 +631,49 @@ The GraphQL API is used by `Admin > Geo > Replication Details` views, and is dir Individual Cool Widget replication and verification data should now be available via the GraphQL API. -### Release Geo support of Cool Widgets +#### Step 4. Handle batch destroy -- [ ] In the rollout issue you created when creating the feature flag, modify the Roll Out Steps: - - [ ] Cross out any steps related to testing on production GitLab.com, because Geo is not running on production GitLab.com at the moment. - - [ ] Add a step to `Test replication and verification of Cool Widgets on a non-GDK-deployment. For example, using GitLab Environment Toolkit`. - - [ ] Add a step to `Ping the Geo PM and EM to coordinate testing`. For example, you might add steps to generate Cool Widgets, and then a Geo engineer may take it from there. -- [ ] In `ee/config/feature_flags/development/geo_cool_widget_replication.yml`, set `default_enabled: true` +If batch destroy logic is implemented for a replicable, then that logic must be "replicated" by Geo secondaries. The easiest way to do this is use `Geo::BatchEventCreateWorker` to bulk insert a delete event for each replicable. -- [ ] In `ee/app/replicators/geo/cool_widget_replicator.rb`, delete the `self.replication_enabled_by_default?` method: +For example, if `FastDestroyAll` is used, then you may be able to [use `begin_fast_destroy` and `finalize_fast_destroy` hooks, like we did for uploads](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/69763). - ```ruby - module Geo - class CoolWidgetReplicator < Gitlab::Geo::Replicator - ... - # REMOVE THIS LINE IF IT IS NO LONGER NEEDED - extend ::Gitlab::Utils::Override +Or if a special service is used to batch delete records and their associated data, then you probably need to [hook into that service, like we did for job artifacts](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/79530). - ... - # REMOVE THIS METHOD - def self.replication_enabled_by_default? - false - end - # REMOVE THIS METHOD +As illustrated by the above two examples, batch destroy logic cannot be handled automatically by Geo secondaries without restricting the way other teams perform batch destroys. It is up to you to produce `Geo::BatchEventCreateWorker` attributes before the records are deleted, and then enqueue `Geo::BatchEventCreateWorker` after the records are deleted. - ... +- [ ] Ensure that any batch destroy of this replicable is replicated to secondary sites +- [ ] Regardless of implementation details, please verify in specs that when the parent object is removed, the new `Geo::Event` records are created: + +```ruby + describe '#destroy' do + subject { create(:cool_widget) } + + context 'when running in a Geo primary node' do + let_it_be(:primary) { create(:geo_node, :primary) } + let_it_be(:secondary) { create(:geo_node) } + + it 'logs an event to the Geo event log when bulk removal is used', :sidekiq_inline do + stub_current_geo_node(primary) + + expect { subject.project.destroy! }.to change(Geo::Event.where(replicable_name: :cool_widget, event_name: :deleted), :count).by(1) + + payload = Geo::Event.where(replicable_name: :cool_widget, event_name: :deleted).last.payload + + expect(payload['model_record_id']).to eq(subject.id) + expect(payload['blob_path']).to eq(subject.relative_path) + expect(payload['uploader_class']).to eq('CoolWidgetUploader') + end end end - ``` +``` +### Release Geo support of Cool Widgets + +- [ ] In the rollout issue you created when creating the feature flag, modify the Roll Out Steps: + - [ ] Cross out any steps related to testing on production GitLab.com, because Geo is not running on production GitLab.com at the moment. + - [ ] Add a step to `Test replication and verification of Cool Widgets on a non-GDK-deployment. For example, using GitLab Environment Toolkit`. + - [ ] Add a step to `Ping the Geo PM and EM to coordinate testing`. For example, you might add steps to generate Cool Widgets, and then a Geo engineer may take it from there. +- [ ] In `ee/config/feature_flags/development/geo_cool_widget_replication.yml`, set `default_enabled: true` - [ ] In `ee/app/graphql/types/geo/geo_node_type.rb`, remove the `feature_flag` option for the released type: ```ruby diff --git a/.gitlab/issue_templates/Security developer workflow.md b/.gitlab/issue_templates/Security developer workflow.md index 5c1b669a88f..4cced5a25fe 100644 --- a/.gitlab/issue_templates/Security developer workflow.md +++ b/.gitlab/issue_templates/Security developer workflow.md @@ -44,6 +44,7 @@ After your merge request has been approved according to our [approval guidelines - [ ] Fill in any upgrade notes that users may need to take into account in the [details section](#details) - [ ] Add Yes/No and further details if needed to the migration and settings columns in the [details section](#details) - [ ] Add the nickname of the external user who found the issue (and/or HackerOne profile) to the Thanks row in the [details section](#details) +- [ ] If this includes a breaking change, make sure it is mentioned for the relevant versions in [`doc/update/index.md`](https://gitlab.com/gitlab-org/security/gitlab/-/blob/master/doc/update/index.md#version-specific-upgrading-instructions) ## Summary diff --git a/.gitlab/merge_request_templates/Default.md b/.gitlab/merge_request_templates/Default.md index 9d5ab41afbe..90d3c37d6c0 100644 --- a/.gitlab/merge_request_templates/Default.md +++ b/.gitlab/merge_request_templates/Default.md @@ -42,3 +42,5 @@ Example below: This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability. * [ ] I have evaluated the [MR acceptance checklist](https://docs.gitlab.com/ee/development/code_review.html#acceptance-checklist) for this MR. + +<!-- template sourced from https://gitlab.com/gitlab-org/gitlab/-/blob/master/.gitlab/merge_request_templates/Default.md --> diff --git a/.gitlab/merge_request_templates/Documentation.md b/.gitlab/merge_request_templates/Documentation.md index 49d1d0f79bf..cdc33b8aacb 100644 --- a/.gitlab/merge_request_templates/Documentation.md +++ b/.gitlab/merge_request_templates/Documentation.md @@ -8,7 +8,7 @@ ## Author's checklist -- [ ] Optional. Consider taking [the GitLab Technical Writing Fundamentals course](https://gitlab.edcast.com/pathways/ECL-02528ee2-c334-4e16-abf3-e9d8b8260de4). +- [ ] Optional. Consider taking [the GitLab Technical Writing Fundamentals course](https://about.gitlab.com/handbook/engineering/ux/technical-writing/fundamentals/). - [ ] Follow the: - [Documentation process](https://docs.gitlab.com/ee/development/documentation/workflow.html). - [Documentation guidelines](https://docs.gitlab.com/ee/development/documentation/). diff --git a/.gitlab/merge_request_templates/Removals.md b/.gitlab/merge_request_templates/Removals.md index 9d3738f63b5..0b7f1efe006 100644 --- a/.gitlab/merge_request_templates/Removals.md +++ b/.gitlab/merge_request_templates/Removals.md @@ -5,11 +5,11 @@ /milestone % /assign `@EM/PM` (choose the DRI; remove backticks here, and below) -**Be sure to link this MR to the relevant issue(s).** +**Be sure to link this MR to the relevant issues.** - Deprecation issue: - Removal issue: -- MR that removes the feature (optional): +- MR that removed (or _will_ remove) the feature: If there is no relevant deprecation issue, hit pause and: @@ -45,6 +45,7 @@ Please review the [guidelines for removals](https://about.gitlab.com/handbook/ma - [ ] Follow the process to [create a removal YAML file](https://about.gitlab.com/handbook/marketing/blog/release-posts/#creating-a-removal-entry). - [ ] Add reviewers by the 10th. - [ ] When ready to be merged and not later than the 15th, add the ~ready label and @ message the TW for final review and merge. + - Removal notices should not be merged before the code is removed from the product. Do not mark ~ready until the removal is complete, or you are certain it will be completed within the current milestone and released. If PMs are not sure, they should confirm with their Engineering Manager. ## Reviewers @@ -66,13 +67,15 @@ with the same process as regular docs MRs. Add suggestions as needed, @ message the PM to inform them the first review is complete, and remove yourself as a reviewer if it's not yet ready for merge. +**Removal notices should not be merged before the code is removed from the product.** + <details> <summary>Expand for Details</summary> - [ ] Title: - Length limit: 7 words (not including articles or prepositions). - Capitalization: ensure the title is [sentence cased](https://design.gitlab.com/content/punctuation#case). - - No Markdown `` `code` `` formatting in the title, as it doesn't render correctly in the release post. + - Rewrite to exclude the words `removal` and `remove` if necessary. - [ ] Consistency: - Ensure that all resources (docs, removal, etc.) refer to the feature with the same term / feature name. - [ ] Content: |