diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-11-17 11:33:21 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-11-17 11:33:21 +0000 |
| commit | 7021455bd1ed7b125c55eb1b33c5a01f2bc55ee0 (patch) | |
| tree | 5bdc2229f5198d516781f8d24eace62fc7e589e9 /.gitlab | |
| parent | 185b095e93520f96e9cfc31d9c3e69b498cdab7c (diff) | |
| download | gitlab-ce-7021455bd1ed7b125c55eb1b33c5a01f2bc55ee0.tar.gz | |
Add latest changes from gitlab-org/gitlab@15-6-stable-eev15.6.0-rc42
Diffstat (limited to '.gitlab')
35 files changed, 1105 insertions, 581 deletions
diff --git a/.gitlab/CODEOWNERS b/.gitlab/CODEOWNERS index 1ea65fe4de5..2bb47c77ba5 100644 --- a/.gitlab/CODEOWNERS +++ b/.gitlab/CODEOWNERS @@ -2,7 +2,7 @@ # project here: https://gitlab.com/gitlab-org/gitlab/-/project_members # As described in https://docs.gitlab.com/ee/user/project/code_owners.html -* @gitlab-org/maintainers/rails-backend @gitlab-org/maintainers/frontend @gitlab-org/maintainers/database @gl-quality/qe-maintainers @gitlab-org/delivery @gitlab-org/maintainers/cicd-templates @kwiebers @nolith @jacobvosmaer-gitlab @gitlab-org/tw-leadership +* @gitlab-org/maintainers/rails-backend @gitlab-org/maintainers/frontend @gitlab-org/maintainers/database @gl-quality/qe-maintainers @gl-quality/tooling-maintainers @gitlab-org/delivery @gitlab-org/maintainers/cicd-templates @nolith @jacobvosmaer-gitlab @gitlab-org/tw-leadership CODEOWNERS @gitlab-org/development-leaders @gitlab-org/tw-leadership docs/CODEOWNERS @gitlab-org/development-leaders @gitlab-org/tw-leadership @@ -49,7 +49,6 @@ GITALY_SERVER_VERSION @project_278964_bot6 @gitlab-org/maintainers/rails-backend /ee/lib/ee/gitlab/background_migration/ @gitlab-org/maintainers/database /lib/gitlab/database/ @gitlab-org/maintainers/database /lib/gitlab/sql/ @gitlab-org/maintainers/database -/lib/gitlab/github_import/ @gitlab-org/maintainers/database /app/finders/ @gitlab-org/maintainers/database /ee/app/finders/ @gitlab-org/maintainers/database /rubocop/rubocop-migrations.yml @gitlab-org/maintainers/database @@ -82,90 +81,28 @@ Dangerfile @gl-quality/eng-prod /ee/lib/ee/gitlab/auth/ldap/ @dblessing @mkozono /lib/gitlab/auth/ldap/ @dblessing @mkozono -^[Verify] -/app/**/ci/ @gitlab-org/maintainers/cicd-verify -/app/controllers/admin/jobs_controller.rb @gitlab-org/maintainers/cicd-verify -/app/controllers/admin/runner_projects_controller.rb @gitlab-org/maintainers/cicd-verify -/app/controllers/admin/runners_controller.rb @gitlab-org/maintainers/cicd-verify -/app/controllers/projects/artifacts_controller.rb @gitlab-org/maintainers/cicd-verify -/app/controllers/projects/build_artifacts_controller.rb @gitlab-org/maintainers/cicd-verify -/app/controllers/projects/builds_controller.rb @gitlab-org/maintainers/cicd-verify -/app/controllers/projects/jobs_controller.rb @gitlab-org/maintainers/cicd-verify -/app/controllers/runner_setup_controller.rb @gitlab-org/maintainers/cicd-verify -/app/controllers/projects/pipeline_schedules_controller.rb @gitlab-org/maintainers/cicd-verify -/app/controllers/projects/pipelines_controller.rb @gitlab-org/maintainers/cicd-verify -/app/controllers/projects/pipelines_settings_controller.rb @gitlab-org/maintainers/cicd-verify -/app/controllers/projects/runner_projects_controller.rb @gitlab-org/maintainers/cicd-verify -/app/controllers/projects/runners_controller.rb @gitlab-org/maintainers/cicd-verify -/app/controllers/projects/triggers_controller.rb @gitlab-org/maintainers/cicd-verify -/app/controllers/projects/usage_quotas_controller.rb @gitlab-org/maintainers/cicd-verify -/app/controllers/projects/variables_controller.rb @gitlab-org/maintainers/cicd-verify -/app/models/commit_status.rb @gitlab-org/maintainers/cicd-verify -/app/models/external_pull_request.rb @gitlab-org/maintainers/cicd-verify -/app/models/generic_commit_status.rb @gitlab-org/maintainers/cicd-verify -/app/models/namespace_ci_cd_setting.rb @gitlab-org/maintainers/cicd-verify -/app/models/project_ci_cd_setting.rb @gitlab-org/maintainers/cicd-verify -/app/presenters/commit_status_presenter.rb @gitlab-org/maintainers/cicd-verify -/app/presenters/generic_commit_status_presenter.rb @gitlab-org/maintainers/cicd-verify -/app/views/projects/artifacts/ @gitlab-org/maintainers/cicd-verify -/app/views/projects/generic_commit_statuses/ @gitlab-org/maintainers/cicd-verify -/app/views/projects/jobs/ @gitlab-org/maintainers/cicd-verify -/app/views/projects/pipeline_schedules/ @gitlab-org/maintainers/cicd-verify -/app/views/projects/pipelines/ @gitlab-org/maintainers/cicd-verify -/app/views/projects/triggers/ @gitlab-org/maintainers/cicd-verify -/app/workers/build_hooks_worker.rb @gitlab-org/maintainers/cicd-verify -/app/workers/build_queue_worker.rb @gitlab-org/maintainers/cicd-verify -/app/workers/build_success_worker.rb @gitlab-org/maintainers/cicd-verify -/app/workers/ci_platform_metrics_update_cron_worker.rb @gitlab-org/maintainers/cicd-verify -/app/workers/create_pipeline_worker.rb @gitlab-org/maintainers/cicd-verify -/app/workers/expire_build_artifacts_worker.rb @gitlab-org/maintainers/cicd-verify -/app/workers/pipeline_hooks_worker.rb @gitlab-org/maintainers/cicd-verify -/app/workers/pipeline_metrics_worker.rb @gitlab-org/maintainers/cicd-verify -/app/workers/pipeline_notification_worker.rb @gitlab-org/maintainers/cicd-verify -/app/workers/pipeline_process_worker.rb @gitlab-org/maintainers/cicd-verify -/app/workers/pipeline_schedule_worker.rb @gitlab-org/maintainers/cicd-verify -/app/workers/run_pipeline_schedule_worker.rb @gitlab-org/maintainers/cicd-verify -/app/workers/stuck_ci_jobs_worker.rb @gitlab-org/maintainers/cicd-verify -/app/workers/update_external_pull_requests_worker.rb @gitlab-org/maintainers/cicd-verify -/lib/**/ci/ @gitlab-org/maintainers/cicd-verify -/lib/api/commit_statuses.rb @gitlab-org/maintainers/cicd-verify -/ee/app/**/ci/ @gitlab-org/maintainers/cicd-verify -/ee/app/**/merge_trains/ @gitlab-org/maintainers/cicd-verify -/ee/app/models/merge_train.rb @gitlab-org/maintainers/cicd-verify -/ee/app/finders/merge_trains_finder.rb @gitlab-org/maintainers/cicd-verify -/ee/app/services/auto_merge/add_to_merge_train_when_pipeline_succeeds_service.rb @gitlab-org/maintainers/cicd-verify -/ee/app/services/auto_merge/merge_train_service.rb @gitlab-org/maintainers/cicd-verify -/ee/app/services/system_notes/merge_train_service.rb @gitlab-org/maintainers/cicd-verify -/ee/app/controllers/ee/admin/runners_controller.rb @gitlab-org/maintainers/cicd-verify -/ee/app/controllers/ee/projects/pipelines_controller.rb @gitlab-org/maintainers/cicd-verify -/ee/app/controllers/projects/pipelines/ @gitlab-org/maintainers/cicd-verify -/ee/app/controllers/projects/subscriptions_controller.rb @gitlab-org/maintainers/cicd-verify -/ee/app/models/merge_train.rb @gitlab-org/maintainers/cicd-verify -/ee/app/helpers/ee/projects/pipeline_helper.rb @gitlab-org/maintainers/cicd-verify -/ee/app/views/ci_minutes_usage_mailer/ @gitlab-org/maintainers/cicd-verify -/ee/app/views/projects/pipelines/ @gitlab-org/maintainers/cicd-verify -/ee/app/views/projects/settings/ci_cd/ @gitlab-org/maintainers/cicd-verify -/ee/app/workers/clear_shared_runners_minutes_worker.rb @gitlab-org/maintainers/cicd-verify -/ee/lib/**/ci/ @gitlab-org/maintainers/cicd-verify -/ee/lib/ee/api/entities/merge_train.rb @gitlab-org/maintainers/cicd-verify -/**/javascripts/jobs/ @gitlab-org/ci-cd/verify/frontend -/**/javascripts/pipelines/ @gitlab-org/ci-cd/verify/frontend -/app/assets/javascripts/pipeline_new/ @gitlab-org/ci-cd/verify/frontend -/app/assets/javascripts/ci_lint/ @gitlab-org/ci-cd/verify/frontend -/app/assets/javascripts/ci_variable_list/ @gitlab-org/ci-cd/verify/frontend -/app/assets/javascripts/pipeline_schedules/ @gitlab-org/ci-cd/verify/frontend -/app/assets/javascripts/pipeline_editor/ @gitlab-org/ci-cd/verify/frontend -/app/assets/javascripts/runner/ @gitlab-org/ci-cd/verify/frontend -/ee/app/assets/javascripts/ci_minutes_usage/ @gitlab-org/ci-cd/verify/frontend -/ee/app/assets/javascripts/usage_quotas/ci_minutes_usage/ @gitlab-org/ci-cd/verify/frontend -/ee/app/assets/javascripts/usage_quotas/pipelines/ @gitlab-org/ci-cd/verify/frontend -/ee/app/assets/javascripts/reports/ @gitlab-org/ci-cd/verify/frontend - ^[Templates] /lib/gitlab/ci/templates/ @gitlab-org/maintainers/cicd-templates /lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml @DylanGriffith @mayra-cabrera @tkuah /lib/gitlab/ci/templates/Security/ @gonzoyumo @twoodham @sethgitlab @thiagocsf -/lib/gitlab/ci/templates/Security/Container-Scanning.*.yml @gitlab-org/govern/security-policies-backend +/lib/gitlab/ci/templates/Security/API-Fuzzing.*.yml @gitlab-org/secure/dynamic-analysis +/lib/gitlab/ci/templates/Security/Container-Scanning.*.yml @gitlab-org/secure/composition-analysis-be +/lib/gitlab/ci/templates/Security/Coverage-Fuzzing.*.yml @gitlab-org/secure/dynamic-analysis +/lib/gitlab/ci/templates/Security/DAST.*.yml @gitlab-org/secure/dynamic-analysis +/lib/gitlab/ci/templates/Security/Dependency-Scanning.*.yml @gitlab-org/secure/composition-analysis-be +/lib/gitlab/ci/templates/Security/License-Scanning.*.yml @gitlab-org/secure/composition-analysis-be +/lib/gitlab/ci/templates/Security/SAST.*.yml @gitlab-org/secure/static-analysis +/lib/gitlab/ci/templates/Security/Secret-Detection.*.yml @gitlab-org/secure/static-analysis +/lib/gitlab/ci/templates/Security/Secure-Binaries.*.yml @gitlab-org/secure/static-analysis @gitlab-org/secure/composition-analysis-be @gitlab-org/secure/dynamic-analysis +# Note: The `Fortify-FoD-sast.gitlab-ci.yml` template is provided and maintained by Fortify, an official Technology Partner with GitLab. +/lib/gitlab/ci/templates/Jobs/API-Fuzzing.*.yml @gitlab-org/secure/dynamic-analysis +/lib/gitlab/ci/templates/Jobs/Container-Scanning.*.yml @gitlab-org/secure/composition-analysis-be +/lib/gitlab/ci/templates/Jobs/Coverage-Fuzzing.*.yml @gitlab-org/secure/dynamic-analysis +/lib/gitlab/ci/templates/Jobs/DAST.*.yml @gitlab-org/secure/dynamic-analysis +/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.*.yml @gitlab-org/secure/composition-analysis-be +/lib/gitlab/ci/templates/Jobs/License-Scanning.*.yml @gitlab-org/secure/composition-analysis-be +/lib/gitlab/ci/templates/Jobs/SAST.*.yml @gitlab-org/secure/static-analysis +/lib/gitlab/ci/templates/Jobs/Secret-Detection.*.yml @gitlab-org/secure/static-analysis ^[Project Alias] /ee/app/models/project_alias.rb @patrickbajao @@ -186,6 +123,8 @@ Dangerfile @gl-quality/eng-prod /ee/spec/policies/vulnerabilities/ @gitlab-org/govern/threat-insights-backend-team /ee/spec/policies/vulnerability*.rb @gitlab-org/govern/threat-insights-backend-team /ee/spec/presenters/projects/security/ @gitlab-org/govern/threat-insights-backend-team +/ee/app/assets/javascripts/license_compliance/components/detected_licenses_table.vue @gitlab-org/govern/threat-insights-frontend-team +/ee/spec/frontend/license_compliance/components/detected_licenses_table_spec.js @gitlab-org/govern/threat-insights-frontend-team ^[Secure] /ee/lib/gitlab/ci/parsers/license_compliance/ @gitlab-org/secure/composition-analysis-be @@ -196,24 +135,120 @@ Dangerfile @gl-quality/eng-prod /ee/lib/gitlab/ci/reports/security/ @gitlab-org/secure/composition-analysis-be @gitlab-org/secure/dynamic-analysis-be @gitlab-org/secure/static-analysis-be @gitlab-org/secure/fuzzing-be /ee/app/services/app_sec/dast/ @gitlab-org/secure/dynamic-analysis-be -^[Container Security] -/ee/app/views/projects/threat_monitoring/** @gitlab-org/govern/security-policies-frontend +^[Security Policies] +/ee/app/assets/javascripts/approvals/components/license_compliance/** @gitlab-org/govern/security-policies-frontend +/ee/app/assets/javascripts/approvals/stores/modules/license_compliance/** @gitlab-org/govern/security-policies-frontend +/ee/app/assets/javascripts/license_compliance/** @gitlab-org/govern/security-policies-frontend +/ee/app/assets/javascripts/pages/projects/licenses/** @gitlab-org/govern/security-policies-frontend +/ee/app/assets/javascripts/pages/projects/pipelines/licenses/** @gitlab-org/govern/security-policies-frontend +/ee/app/assets/javascripts/pages/projects/pipelines/show/license_report.js +/ee/app/assets/javascripts/vue_merge_request_widget/extensions/license_compliance/** @gitlab-org/govern/security-policies-frontend +/ee/app/assets/javascripts/vue_shared/license_compliance/** @gitlab-org/govern/security-policies-frontend +/ee/app/views/projects/licenses/** @gitlab-org/govern/security-policies-frontend +/ee/spec/frontend/approvals/components/license_compliance/** @gitlab-org/govern/security-policies-frontend +/ee/spec/frontend/approvals/stores/modules/license_compliance/** @gitlab-org/govern/security-policies-frontend +/ee/spec/frontend/license_compliance/** @gitlab-org/govern/security-policies-frontend +/ee/spec/frontend/vue_merge_request_widget/extensions/license_compliance/** @gitlab-org/govern/security-policies-frontend +/ee/spec/frontend/vue_shared/license_compliance/** @gitlab-org/govern/security-policies-frontend + +/ee/app/assets/javascripts/approvals/components/security_orchestration/** @gitlab-org/govern/security-policies-frontend +/ee/app/assets/javascripts/approvals/stores/modules/security_orchestration/** @gitlab-org/govern/security-policies-frontend +/ee/app/assets/javascripts/pages/groups/security/policies/** @gitlab-org/govern/security-policies-frontend +/ee/app/assets/javascripts/pages/projects/security/policies/** @gitlab-org/govern/security-policies-frontend +/ee/app/assets/javascripts/security_orchestration/** @gitlab-org/govern/security-policies-frontend +/ee/app/views/groups/security/policies @gitlab-org/govern/security-policies-frontend /ee/app/views/projects/security/policies/** @gitlab-org/govern/security-policies-frontend +/ee/spec/frontend/approvals/components/security_orchestration/** @gitlab-org/govern/security-policies-frontend +/ee/spec/frontend/approvals/stores/modules/security_orchestration/** @gitlab-org/govern/security-policies-frontend +/ee/spec/frontend/security_orchestration/** @gitlab-org/govern/security-policies-frontend /ee/spec/views/projects/security/policies/** @gitlab-org/govern/security-policies-frontend -/ee/app/assets/javascripts/pages/projects/threat_monitoring/** @gitlab-org/govern/security-policies-frontend -/ee/app/assets/javascripts/threat_monitoring/** @gitlab-org/govern/security-policies-frontend -/ee/spec/frontend/threat_monitoring/** @gitlab-org/govern/security-policies-frontend -/ee/app/controllers/projects/threat_monitoring_controller.rb @gitlab-org/govern/security-policies-backend -/ee/spec/controllers/projects/threat_monitoring_controller_spec.rb @gitlab-org/govern/container-security-backend +/app/models/clusters/applications/cilium.rb @gitlab-org/govern/security-policies-backend +/ee/app/controllers/groups/security/policies_controller.rb @gitlab-org/govern/security-policies-backend /ee/app/controllers/projects/security/policies_controller.rb @gitlab-org/govern/security-policies-backend -/ee/spec/requests/projects/security/policies_controller_spec.rb @gitlab-org/govern/security-policies-backend +/ee/app/graphql/mutations/concerns/mutations/finds_project_or_group_for_security_policies.rb @gitlab-org/govern/security-policies-backend +/ee/app/graphql/mutations/security_policy/** @gitlab-org/govern/security-policies-backend +/ee/app/graphql/resolvers/concerns/resolves_orchestration_policy.rb @gitlab-org/govern/security-policies-backend +/ee/app/graphql/resolvers/security_orchestration/** @gitlab-org/govern/security-policies-backend +/ee/app/graphql/types/security_orchestration/** @gitlab-org/govern/security-policies-backend +/ee/app/helpers/ee/security_orchestration_helper.rb @gitlab-org/govern/security-policies-backend /ee/app/models/security/orchestration_policy_configuration.rb @gitlab-org/govern/security-policies-backend -/ee/spec/models/security/orchestration_policy_configuration_spec.rb @gitlab-org/govern/security-policies-backend -/app/models/clusters/applications/cilium.rb @gitlab-org/govern/security-policies-backend -/spec/models/clusters/applications/cilium_spec.rb @gitlab-org/govern/security-policies-backend +/ee/app/models/security/orchestration_policy_rule_schedule.rb @gitlab-org/govern/security-policies-backend /ee/app/services/security/orchestration/** @gitlab-org/govern/security-policies-backend +/ee/app/services/security/security_orchestration_policies/** @gitlab-org/govern/security-policies-backend +/ee/app/validators/json_schemas/security_orchestration_policy.json @gitlab-org/govern/security-policies-backend +/ee/app/workers/concerns/update_orchestration_policy_configuration.rb @gitlab-org/govern/security-policies-backend +/ee/app/workers/security/create_orchestration_policy_worker.rb @gitlab-org/govern/security-policies-backend +/ee/app/workers/security/orchestration_policy_rule_schedule_namespace_worker.rb @gitlab-org/govern/security-policies-backend +/ee/app/workers/security/orchestration_policy_rule_schedule_worker.rb @gitlab-org/govern/security-policies-backend +/ee/lib/ee/gitlab/ci/pipeline/chain/validate/security_orchestration_policy.rb @gitlab-org/govern/security-policies-backend +/ee/lib/gitlab/ci/config/security_orchestration_policies/** @gitlab-org/govern/security-policies-backend +/ee/lib/gitlab/graphql/aggregations/security_orchestration_policies/** @gitlab-org/govern/security-policies-backend +/ee/spec/controllers/groups/security/policies_controller_spec.rb @gitlab-org/govern/security-policies-backend +/ee/spec/factories/security_orchestration_policy_configurations.rb @gitlab-org/govern/security-policies-backend +/ee/spec/factories/security_orchestration_policy_rule_schedules.rb @gitlab-org/govern/security-policies-backend +/ee/spec/factories/security/policies.rb @gitlab-org/govern/security-policies-backend +/ee/spec/graphql/mutations/security_policy/** @gitlab-org/govern/security-policies-backend +/ee/spec/graphql/resolvers/security_orchestration/** @gitlab-org/govern/security-policies-backend +/ee/spec/graphql/types/security_orchestration/** @gitlab-org/govern/security-policies-backend +/ee/spec/helpers/ee/security_orchestration_helper_spec.rb @gitlab-org/govern/security-policies-backend +/ee/spec/lib/ee/gitlab/ci/pipeline/chain/validate/security_orchestration_policy_spec.rb @gitlab-org/govern/security-policies-backend +/ee/spec/lib/gitlab/ci/config/security_orchestration_policies/** @gitlab-org/govern/security-policies-backend +/ee/spec/lib/gitlab/graphql/aggregations/security_orchestration_policies/** @gitlab-org/govern/security-policies-backend +/ee/spec/models/security/orchestration_policy_configuration_spec.rb @gitlab-org/govern/security-policies-backend +/ee/spec/models/security/orchestration_policy_rule_schedule_spec.rb @gitlab-org/govern/security-policies-backend +/ee/spec/requests/api/graphql/mutations/security_policy/** @gitlab-org/govern/security-policies-backend +/ee/spec/requests/api/graphql/project/security_orchestration/** @gitlab-org/govern/security-policies-backend +/ee/spec/requests/projects/security/policies_controller_spec.rb @gitlab-org/govern/security-policies-backend /ee/spec/services/security/orchestration/** @gitlab-org/govern/security-policies-backend +/ee/spec/services/security/security_orchestration_policies/** @gitlab-org/govern/security-policies-backend +/ee/spec/support/shared_contexts/graphql/resolvers/security_orchestration/** @gitlab-org/govern/security-policies-backend +/ee/spec/views/projects/security/policies/index.html.haml_spec.rb @gitlab-org/govern/security-policies-backend +/ee/spec/workers/concerns/update_orchestration_policy_configuration_spec.rb @gitlab-org/govern/security-policies-backend +/ee/spec/workers/security/create_orchestration_policy_worker_spec.rb @gitlab-org/govern/security-policies-backend +/ee/spec/workers/security/orchestration_policy_rule_schedule_namespace_worker_spec.rb @gitlab-org/govern/security-policies-backend +/ee/spec/workers/security/orchestration_policy_rule_schedule_worker_spec.rb @gitlab-org/govern/security-policies-backend +/lib/gitlab/ci/pipeline/chain/validate/security_orchestration_policy.rb @gitlab-org/govern/security-policies-backend +/spec/models/clusters/applications/cilium_spec.rb @gitlab-org/govern/security-policies-backend + +/app/finders/security/license_compliance_jobs_finder.rb @gitlab-org/govern/security-policies-backend +/ee/app/controllers/projects/licenses_controller.rb @gitlab-org/govern/security-policies-backend +/ee/app/finders/software_license_policies_finder.rb @gitlab-org/govern/security-policies-backend +/ee/app/models/sca/license_compliance.rb @gitlab-org/govern/security-policies-backend @gitlab-org/secure/composition-analysis-be +/ee/app/models/sca/license_policy.rb @gitlab-org/govern/security-policies-backend +/ee/app/models/software_license_policy.rb @gitlab-org/govern/security-policies-backend +/ee/app/models/software_license.rb @gitlab-org/govern/security-policies-backend +/ee/app/serializers/license_compliance/** @gitlab-org/govern/security-policies-backend +/ee/app/serializers/license_entity.rb @gitlab-org/govern/security-policies-backend +/ee/app/serializers/license_serializer.rb @gitlab-org/govern/security-policies-backend +/ee/app/serializers/licenses_list_entity.rb @gitlab-org/govern/security-policies-backend +/ee/app/serializers/licenses_list_serializer.rb @gitlab-org/govern/security-policies-backend +/ee/app/serializers/security/license_policy_entity.rb @gitlab-org/govern/security-policies-backend +/ee/app/services/ci/compare_license_scanning_reports_collapsed_service.rb @gitlab-org/govern/security-policies-backend +/ee/app/services/ci/compare_license_scanning_reports_service.rb @gitlab-org/govern/security-policies-backend +/ee/app/services/projects/licenses/** @gitlab-org/govern/security-policies-backend +/ee/app/services/software_license_policies/** @gitlab-org/govern/security-policies-backend +/ee/app/services/software_license_policies/update_service.rb @gitlab-org/govern/security-policies-backend +/ee/app/workers/refresh_license_compliance_checks_worker.rb @gitlab-org/govern/security-policies-backend +/ee/lib/api/managed_licenses.rb @gitlab-org/govern/security-policies-backend +/ee/lib/ee/api/entities/managed_license.rb @gitlab-org/govern/security-policies-backend +/ee/lib/gitlab/spdx/license.rb @gitlab-org/govern/security-policies-backend +/ee/spec/factories/software_license_policy.rb @gitlab-org/govern/security-policies-backend +/ee/spec/factories/software_license.rb @gitlab-org/govern/security-policies-backend +/ee/spec/factories/spdx_license.rb @gitlab-org/govern/security-policies-backend +/ee/spec/finders/software_license_policies_finder_spec.rb @gitlab-org/govern/security-policies-backend +/ee/spec/lib/gitlab/ci/parsers/license_compliance/** @gitlab-org/govern/security-policies-backend +/ee/spec/models/sca/license_compliance_spec.rb @gitlab-org/govern/security-policies-backend @gitlab-org/secure/composition-analysis-be +/ee/spec/models/sca/license_policy_spec.rb @gitlab-org/govern/security-policies-backend +/ee/spec/models/software_license_policy_spec.rb @gitlab-org/govern/security-policies-backend +/ee/spec/models/software_license_spec.rb @gitlab-org/govern/security-policies-backend +/ee/spec/requests/api/managed_licenses_spec.rb @gitlab-org/govern/security-policies-backend +/ee/spec/serializers/license_compliance/** @gitlab-org/govern/security-policies-backend +/ee/spec/services/ci/compare_license_scanning_reports_collapsed_service_spec.rb @gitlab-org/govern/security-policies-backend +/ee/spec/services/ci/compare_license_scanning_reports_service_spec.rb @gitlab-org/govern/security-policies-backend +/ee/spec/services/projects/licenses/** @gitlab-org/govern/security-policies-backend +/ee/spec/services/software_license_policies/** @gitlab-org/govern/security-policies-backend +/spec/finders/security/license_compliance_jobs_finder_spec.rb @gitlab-org/govern/security-policies-backend ^[Code Owners] /ee/lib/gitlab/code_owners.rb @reprazent @kerrizor @garyh @@ -253,10 +288,25 @@ Dangerfile @gl-quality/eng-prod /spec/frontend/batch_comments/ @viktomas @jboyson @iamphill @thomasrandolph ^[Product Intelligence] -/ee/lib/gitlab/usage_data_counters/ @gitlab-org/growth/product-intelligence/engineers -/ee/lib/ee/gitlab/usage_data.rb @gitlab-org/growth/product-intelligence/engineers -/lib/gitlab/usage_data.rb @gitlab-org/growth/product_intelligence/engineers -/lib/gitlab/usage_data_counters/ @gitlab-org/growth/product-intelligence/engineers +/ee/lib/gitlab/usage_data_counters/ @gitlab-org/analytics-section/product-intelligence/engineers +/ee/lib/ee/gitlab/usage_data.rb @gitlab-org/analytics-section/product-intelligence/engineers +/lib/gitlab/usage_data.rb @gitlab-org/analytics-section/product-intelligence/engineers +/lib/gitlab/usage_data_counters/ @gitlab-org/analytics-section/product-intelligence/engineers +/lib/gitlab/usage/ @gitlab-org/analytics-section/product-intelligence/engineers +/ee/lib/ee/gitlab/usage_data_counters/ @gitlab-org/analytics-section/product-intelligence/engineers +/ee/lib/ee/gitlab/usage/ @gitlab-org/analytics-section/product-intelligence/engineers +/config/metrics/ @gitlab-org/analytics-section/product-intelligence/engineers +/ee/config/metrics/ @gitlab-org/analytics-section/product-intelligence/engineers +/app/workers/gitlab_service_ping_worker.rb @gitlab-org/analytics-section/product-intelligence/engineers +/spec/workers/gitlab_service_ping_worker_spec.rb @gitlab-org/analytics-section/product-intelligence/engineers +/ee/spec/lib/gitlab/usage_data_counters/ @gitlab-org/analytics-section/product-intelligence/engineers +/ee/spec/lib/ee/gitlab/usage_data_spec.rb @gitlab-org/analytics-section/product-intelligence/engineers +/spec/lib/gitlab/usage_data_spec.rb @gitlab-org/analytics-section/product-intelligence/engineers +/spec/lib/gitlab/usage_data_counters/ @gitlab-org/analytics-section/product-intelligence/engineers +/spec/lib/gitlab/usage/ @gitlab-org/analytics-section/product-intelligence/engineers +/ee/spec/lib/ee/gitlab/usage_data_counters/ @gitlab-org/analytics-section/product-intelligence/engineers +/ee/spec/lib/ee/gitlab/usage/ @gitlab-org/analytics-section/product-intelligence/engineers +/ee/spec/config/metrics/ @gitlab-org/analytics-section/product-intelligence/engineers ^[Growth Experiments] /app/experiments/ @gitlab-org/growth/experiment-devs @@ -315,7 +365,7 @@ Dangerfile @gl-quality/eng-prod /config/dependency_decisions.yml @gitlab-org/legal-reviewers ^[Workhorse] -/workhorse/ @jacobvosmaer-gitlab @nolith @patrickbajao +/workhorse/ @jacobvosmaer-gitlab @nolith @patrickbajao @igor.drozdov [Application Security] /app/assets/javascripts/lib/dompurify.js @gitlab-com/gl-security/appsec @@ -347,7 +397,9 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /data/removals/ @gl-docsteam ^[Documentation Pages] -/doc/administration/application_settings_cache.md @sselhorn +# This block is managed by the rake script at lib/tasks/gitlab/tw/codeowners.rake, manual updates will be overwritten! +# Begin rake-managed-docs-block +/doc/administration/application_settings_cache.md @jglassman1 /doc/administration/audit_event_streaming.md @eread /doc/administration/audit_events.md @eread /doc/administration/audit_reports.md @eread @@ -373,7 +425,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/administration/geo/setup/ @axil /doc/administration/git_protocol.md @aqualls /doc/administration/gitaly/ @eread -/doc/administration/housekeeping.md @axil +/doc/administration/housekeeping.md @eread /doc/administration/inactive_project_deletion.md @eread /doc/administration/incoming_email.md @msedlakjakubowski /doc/administration/index.md @axil @@ -386,7 +438,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/administration/invalidate_markdown_cache.md @msedlakjakubowski /doc/administration/issue_closing_pattern.md @aqualls /doc/administration/job_artifacts.md @marcel.amirault -/doc/administration/job_logs.md @sselhorn +/doc/administration/job_logs.md @fneill /doc/administration/lfs/ @aqualls /doc/administration/libravatar.md @axil /doc/administration/load_balancer.md @axil @@ -396,11 +448,11 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/administration/merge_request_diffs.md @ashrafkhamis /doc/administration/monitoring/ @msedlakjakubowski /doc/administration/monitoring/gitlab_self_monitoring_project/ @msedlakjakubowski -/doc/administration/monitoring/ip_allowlist.md @sselhorn +/doc/administration/monitoring/ip_allowlist.md @jglassman1 /doc/administration/monitoring/performance/ @msedlakjakubowski /doc/administration/monitoring/prometheus/ @msedlakjakubowski /doc/administration/monitoring/prometheus/index.md @axil -/doc/administration/monitoring/prometheus/web_exporter.md @sselhorn +/doc/administration/monitoring/prometheus/web_exporter.md @jglassman1 /doc/administration/nfs.md @axil /doc/administration/object_storage.md @axil /doc/administration/operations/ @axil @@ -426,7 +478,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/administration/restart_gitlab.md @axil /doc/administration/server_hooks.md @eread /doc/administration/sidekiq/ @axil -/doc/administration/sidekiq/sidekiq_memory_killer.md @sselhorn +/doc/administration/sidekiq/sidekiq_memory_killer.md @jglassman1 /doc/administration/smime_signing_email.md @axil /doc/administration/snippets/ @ashrafkhamis /doc/administration/static_objects_external_storage.md @ashrafkhamis @@ -461,7 +513,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/api/deploy_tokens.md @rdickenson /doc/api/deployments.md @rdickenson /doc/api/discussions.md @aqualls -/doc/api/dora/ @fneill +/doc/api/dora/ @lciutacu /doc/api/environments.md @rdickenson /doc/api/epic_issues.md @msedlakjakubowski /doc/api/epic_links.md @msedlakjakubowski @@ -484,8 +536,8 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/api/graphql/sample_issue_boards.md @msedlakjakubowski /doc/api/graphql/users_example.md @jglassman1 /doc/api/group_access_tokens.md @jglassman1 -/doc/api/group_activity_analytics.md @fneill -/doc/api/group_badges.md @fneill +/doc/api/group_activity_analytics.md @lciutacu +/doc/api/group_badges.md @lciutacu /doc/api/group_boards.md @msedlakjakubowski /doc/api/group_clusters.md @phillipwells /doc/api/group_import_export.md @eread @@ -498,7 +550,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/api/group_releases.md @rdickenson /doc/api/group_repository_storage_moves.md @ashrafkhamis /doc/api/group_wikis.md @ashrafkhamis -/doc/api/groups.md @fneill +/doc/api/groups.md @lciutacu /doc/api/import.md @eread /doc/api/index.md @ashrafkhamis /doc/api/instance_clusters.md @phillipwells @@ -569,7 +621,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/api/resource_milestone_events.md @msedlakjakubowski /doc/api/resource_state_events.md @msedlakjakubowski /doc/api/resource_weight_events.md @msedlakjakubowski -/doc/api/runners.md @sselhorn +/doc/api/runners.md @fneill /doc/api/saml.md @jglassman1 /doc/api/scim.md @jglassman1 /doc/api/search.md @ashrafkhamis @@ -588,7 +640,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/api/templates/gitlab_ci_ymls.md @marcel.amirault /doc/api/templates/licenses.md @rdickenson /doc/api/todos.md @msedlakjakubowski -/doc/api/topics.md @fneill +/doc/api/topics.md @lciutacu /doc/api/usage_data.md @claytoncornell /doc/api/users.md @jglassman1 /doc/api/version.md @phillipwells @@ -597,12 +649,9 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/api/vulnerability_exports.md @claytoncornell /doc/api/vulnerability_findings.md @claytoncornell /doc/api/wikis.md @ashrafkhamis -/doc/architecture/blueprints/ci_pipeline_components/ @marcel.amirault -/doc/architecture/blueprints/container_registry_metadata_database/ @claytoncornell /doc/architecture/blueprints/database/scalability/patterns/ @aqualls /doc/architecture/blueprints/database_scaling/ @aqualls -/doc/architecture/blueprints/gitlab_to_kubernetes_communication/ @phillipwells -/doc/architecture/blueprints/work_items/ @msedlakjakubowski +/doc/architecture/blueprints/runner_tokens/ @fneill /doc/ci/ @marcel.amirault /doc/ci/caching/ @marcel.amirault /doc/ci/chatops/ @phillipwells @@ -615,7 +664,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/ci/cloud_services/google_cloud/ @marcel.amirault /doc/ci/directed_acyclic_graph/ @marcel.amirault /doc/ci/docker/ @marcel.amirault -/doc/ci/docker/using_docker_images.md @sselhorn +/doc/ci/docker/using_docker_images.md @fneill /doc/ci/environments/ @rdickenson /doc/ci/examples/ @marcel.amirault /doc/ci/examples/authenticating-with-hashicorp-vault/ @marcel.amirault @@ -623,22 +672,22 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/ci/examples/end_to_end_testing_webdriverio/ @marcel.amirault /doc/ci/examples/laravel_with_gitlab_and_envoy/ @marcel.amirault /doc/ci/examples/semantic-release.md @claytoncornell -/doc/ci/interactive_web_terminal/ @sselhorn +/doc/ci/interactive_web_terminal/ @fneill /doc/ci/introduction/ @marcel.amirault /doc/ci/jobs/ @marcel.amirault -/doc/ci/large_repositories/ @sselhorn +/doc/ci/large_repositories/ @fneill /doc/ci/migration/ @marcel.amirault /doc/ci/pipeline_editor/ @marcel.amirault /doc/ci/pipelines/ @marcel.amirault /doc/ci/quick_start/ @marcel.amirault /doc/ci/resource_groups/ @rdickenson /doc/ci/review_apps/ @marcel.amirault -/doc/ci/runners/ @sselhorn -/doc/ci/runners/saas/ @sselhorn -/doc/ci/runners/saas/macos/ @sselhorn +/doc/ci/runners/ @fneill +/doc/ci/runners/saas/ @fneill +/doc/ci/runners/saas/macos/ @fneill /doc/ci/secrets/ @marcel.amirault /doc/ci/secure_files/ @marcel.amirault -/doc/ci/services/ @sselhorn +/doc/ci/services/ @fneill /doc/ci/ssh_keys/ @marcel.amirault /doc/ci/test_cases/ @msedlakjakubowski /doc/ci/testing/ @marcel.amirault @@ -654,7 +703,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/development/backend/create_source_code_be/ @aqualls /doc/development/build_test_package.md @axil /doc/development/bulk_import.md @eread -/doc/development/cached_queries.md @sselhorn +/doc/development/cached_queries.md @jglassman1 /doc/development/cascading_settings.md @jglassman1 /doc/development/chatops_on_gitlabcom.md @phillipwells /doc/development/cicd/ @marcel.amirault @@ -662,7 +711,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/development/contributing/ @sselhorn /doc/development/database/ @aqualls /doc/development/database/filtering_by_label.md @msedlakjakubowski -/doc/development/database/multiple_databases.md @sselhorn +/doc/development/database/multiple_databases.md @jglassman1 /doc/development/database_review.md @aqualls /doc/development/developing_with_solargraph.md @aqualls /doc/development/development_processes.md @sselhorn @@ -694,7 +743,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/development/graphql_guide/ @ashrafkhamis /doc/development/graphql_guide/batchloader.md @aqualls /doc/development/i18n/ @eread -/doc/development/image_scaling.md @sselhorn +/doc/development/image_scaling.md @jglassman1 /doc/development/import_export.md @eread /doc/development/index.md @sselhorn /doc/development/integrations/codesandbox.md @sselhorn @@ -718,10 +767,11 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/development/permissions.md @jglassman1 /doc/development/policies.md @jglassman1 /doc/development/product_qualified_lead_guide/ @phillipwells -/doc/development/project_templates.md @fneill +/doc/development/project_templates.md @lciutacu /doc/development/prometheus_metrics.md @msedlakjakubowski /doc/development/real_time.md @msedlakjakubowski /doc/development/sec/ @rdickenson +/doc/development/sec/security_report_ingestion_overview.md @claytoncornell /doc/development/secure_coding_guidelines.md @sselhorn /doc/development/service_ping/ @claytoncornell /doc/development/snowplow/ @claytoncornell @@ -730,8 +780,8 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/development/testing_guide/ @sselhorn /doc/development/testing_guide/contract/ @sselhorn /doc/development/testing_guide/end_to_end/ @sselhorn -/doc/development/value_stream_analytics.md @fneill -/doc/development/value_stream_analytics/ @fneill +/doc/development/value_stream_analytics.md @lciutacu +/doc/development/value_stream_analytics/ @lciutacu /doc/development/wikis.md @ashrafkhamis /doc/development/work_items.md @msedlakjakubowski /doc/development/work_items_widgets.md @msedlakjakubowski @@ -763,14 +813,11 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/integration/sourcegraph.md @aqualls /doc/integration/trello_power_up.md @ashrafkhamis /doc/integration/vault.md @phillipwells -/doc/operations/error_tracking.md msedlakjakubowski +/doc/operations/ @msedlakjakubowski /doc/operations/feature_flags.md @rdickenson /doc/operations/incident_management/ @msedlakjakubowski -/doc/operations/index.md @msedlakjakubowski /doc/operations/metrics/ @msedlakjakubowski /doc/operations/metrics/dashboards/ @msedlakjakubowski -/doc/operations/product_analytics.md @lciutacu -/doc/operations/tracing.md @msedlakjakubowski /doc/policy/ @axil /doc/raketasks/ @axil /doc/raketasks/generate_sample_prometheus_data.md @msedlakjakubowski @@ -798,7 +845,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/update/mysql_to_postgresql.md @aqualls /doc/update/package/ @axil /doc/update/upgrading_postgresql_using_slony.md @aqualls -/doc/user/admin_area/analytics/ @fneill +/doc/user/admin_area/analytics/ @lciutacu /doc/user/admin_area/broadcast_messages.md @phillipwells /doc/user/admin_area/credentials_inventory.md @jglassman1 /doc/user/admin_area/custom_project_templates.md @eread @@ -833,10 +880,10 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/user/admin_area/settings/rate_limit_on_notes_creation.md @msedlakjakubowski /doc/user/admin_area/settings/rate_limit_on_pipelines_creation.md @marcel.amirault /doc/user/admin_area/settings/rate_limit_on_users_api.md @jglassman1 -/doc/user/admin_area/settings/third_party_offers.md @fneill +/doc/user/admin_area/settings/third_party_offers.md @lciutacu /doc/user/admin_area/settings/usage_statistics.md @claytoncornell /doc/user/admin_area/settings/visibility_and_access_controls.md @aqualls -/doc/user/analytics/ @fneill +/doc/user/analytics/ @lciutacu /doc/user/analytics/ci_cd_analytics.md @rdickenson /doc/user/application_security/api_fuzzing/ @rdickenson /doc/user/application_security/configuration/ @rdickenson @@ -873,14 +920,14 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/user/discussions/ @aqualls /doc/user/feature_flags.md @sselhorn /doc/user/free_user_limit.md @phillipwells -/doc/user/group/ @fneill +/doc/user/group/ @lciutacu /doc/user/group/clusters/ @phillipwells -/doc/user/group/contribution_analytics/ @fneill +/doc/user/group/contribution_analytics/ @lciutacu /doc/user/group/custom_project_templates.md @eread -/doc/user/group/devops_adoption/ @fneill +/doc/user/group/devops_adoption/ @lciutacu /doc/user/group/epics/ @msedlakjakubowski /doc/user/group/import/ @eread -/doc/user/group/insights/ @fneill +/doc/user/group/insights/ @lciutacu /doc/user/group/issues_analytics/ @msedlakjakubowski /doc/user/group/iterations/ @msedlakjakubowski /doc/user/group/planning_hierarchy/ @msedlakjakubowski @@ -889,18 +936,18 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/user/group/saml_sso/ @jglassman1 /doc/user/group/settings/group_access_tokens.md @jglassman1 /doc/user/group/settings/import_export.md @eread -/doc/user/group/subgroups/ @fneill -/doc/user/group/value_stream_analytics/ @fneill +/doc/user/group/subgroups/ @lciutacu +/doc/user/group/value_stream_analytics/ @lciutacu /doc/user/infrastructure/ @phillipwells /doc/user/infrastructure/clusters/ @phillipwells /doc/user/infrastructure/clusters/connect/ @phillipwells /doc/user/infrastructure/clusters/deploy/ @phillipwells /doc/user/infrastructure/clusters/manage/ @phillipwells /doc/user/infrastructure/clusters/manage/management_project_applications/ @phillipwells -/doc/user/infrastructure/clusters/manage/management_project_applications/runner.md @sselhorn +/doc/user/infrastructure/clusters/manage/management_project_applications/runner.md @fneill /doc/user/infrastructure/iac/ @phillipwells /doc/user/markdown.md @aqualls -/doc/user/namespace/ @fneill +/doc/user/namespace/ @lciutacu /doc/user/packages/ @claytoncornell /doc/user/packages/composer_repository/ @claytoncornell /doc/user/packages/conan_repository/ @claytoncornell @@ -911,18 +958,19 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/user/packages/go_proxy/ @claytoncornell /doc/user/packages/harbor_container_registry/ @claytoncornell /doc/user/packages/helm_repository/ @claytoncornell -/doc/user/packages/infrastructure_registry/ @phillipwells +/doc/user/packages/infrastructure_registry/ @claytoncornell /doc/user/packages/maven_repository/ @claytoncornell /doc/user/packages/npm_registry/ @claytoncornell /doc/user/packages/nuget_repository/ @claytoncornell /doc/user/packages/package_registry/ @claytoncornell /doc/user/packages/pypi_repository/ @claytoncornell /doc/user/packages/rubygems_registry/ @claytoncornell -/doc/user/packages/terraform_module_registry/ @phillipwells +/doc/user/packages/terraform_module_registry/ @claytoncornell /doc/user/packages/workflows/ @claytoncornell /doc/user/permissions.md @jglassman1 /doc/user/profile/ @jglassman1 /doc/user/profile/account/ @jglassman1 +/doc/user/profile/contributions_calendar.md @lciutacu /doc/user/profile/notifications.md @msedlakjakubowski /doc/user/project/ @aqualls /doc/user/project/clusters/ @phillipwells @@ -933,8 +981,8 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/user/project/description_templates.md @msedlakjakubowski /doc/user/project/import/ @eread /doc/user/project/import/jira.md @msedlakjakubowski -/doc/user/project/index.md @fneill -/doc/user/project/insights/ @fneill +/doc/user/project/index.md @lciutacu +/doc/user/project/insights/ @lciutacu /doc/user/project/integrations/ @ashrafkhamis /doc/user/project/integrations/prometheus.md @msedlakjakubowski /doc/user/project/integrations/prometheus_library/ @msedlakjakubowski @@ -942,7 +990,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/user/project/issues/ @msedlakjakubowski /doc/user/project/issues/csv_import.md @eread /doc/user/project/labels.md @msedlakjakubowski -/doc/user/project/members/ @fneill +/doc/user/project/members/ @lciutacu /doc/user/project/merge_requests/ @aqualls /doc/user/project/merge_requests/approvals/ @aqualls /doc/user/project/merge_requests/csv_export.md @eread @@ -955,6 +1003,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/user/project/pages/getting_started/ @ashrafkhamis /doc/user/project/quick_actions.md @msedlakjakubowski /doc/user/project/releases/ @rdickenson +/doc/user/project/remote_development/ @ashrafkhamis /doc/user/project/repository/ @aqualls /doc/user/project/repository/branches/ @aqualls /doc/user/project/repository/file_finder.md @ashrafkhamis @@ -968,14 +1017,14 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/user/project/requirements/ @msedlakjakubowski /doc/user/project/service_desk.md @msedlakjakubowski /doc/user/project/settings/import_export.md @eread -/doc/user/project/settings/index.md @fneill +/doc/user/project/settings/index.md @lciutacu /doc/user/project/settings/project_access_tokens.md @jglassman1 /doc/user/project/time_tracking.md @msedlakjakubowski /doc/user/project/web_ide/ @ashrafkhamis /doc/user/project/wiki/ @ashrafkhamis -/doc/user/project/working_with_projects.md @fneill -/doc/user/public_access.md @fneill -/doc/user/reserved_names.md @fneill +/doc/user/project/working_with_projects.md @lciutacu +/doc/user/public_access.md @lciutacu +/doc/user/reserved_names.md @lciutacu /doc/user/search/ @ashrafkhamis /doc/user/search/global_search/ @ashrafkhamis /doc/user/shortcuts.md @ashrafkhamis @@ -984,7 +1033,8 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/user/tasks.md @msedlakjakubowski /doc/user/todos.md @msedlakjakubowski /doc/user/usage_quotas.md @fneill -/doc/user/workspace/ @fneill +/doc/user/workspace/ @lciutacu +# End rake-managed-docs-block [Authentication and Authorization] /app/assets/javascripts/access_tokens/ @gitlab-org/manage/authentication-and-authorization/approvers @@ -1003,18 +1053,8 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /app/assets/javascripts/pages/profiles/two_factor_auths/ @gitlab-org/manage/authentication-and-authorization/approvers /app/assets/javascripts/pages/projects/settings/access_tokens/ @gitlab-org/manage/authentication-and-authorization/approvers /app/assets/javascripts/pages/sessions/new/oauth_remember_me.js @gitlab-org/manage/authentication-and-authorization/approvers -/app/assets/javascripts/pipelines/components/pipelines_list/tokens/constants.js @gitlab-org/manage/authentication-and-authorization/approvers -/app/assets/javascripts/pipelines/components/pipelines_list/tokens/pipeline_branch_name_token.vue @gitlab-org/manage/authentication-and-authorization/approvers -/app/assets/javascripts/pipelines/components/pipelines_list/tokens/pipeline_source_token.vue @gitlab-org/manage/authentication-and-authorization/approvers -/app/assets/javascripts/pipelines/components/pipelines_list/tokens/pipeline_status_token.vue @gitlab-org/manage/authentication-and-authorization/approvers -/app/assets/javascripts/pipelines/components/pipelines_list/tokens/pipeline_tag_name_token.vue @gitlab-org/manage/authentication-and-authorization/approvers /app/assets/javascripts/projects/settings/topics/components/ @gitlab-org/manage/authentication-and-authorization/approvers /app/assets/javascripts/related_issues/components/issue_token.vue @gitlab-org/manage/authentication-and-authorization/approvers -/app/assets/javascripts/runner/components/registration/registration_token.vue @gitlab-org/manage/authentication-and-authorization/approvers -/app/assets/javascripts/runner/components/registration/registration_token_reset_dropdown_item.vue @gitlab-org/manage/authentication-and-authorization/approvers -/app/assets/javascripts/runner/components/search_tokens/ @gitlab-org/manage/authentication-and-authorization/approvers -/app/assets/javascripts/token_access/components/ @gitlab-org/manage/authentication-and-authorization/approvers -/app/assets/javascripts/token_access/index.js @gitlab-org/manage/authentication-and-authorization/approvers /app/assets/stylesheets/page_bundles/profile_two_factor_auth.scss @gitlab-org/manage/authentication-and-authorization/approvers /app/controllers/admin/impersonation_tokens_controller.rb @gitlab-org/manage/authentication-and-authorization/approvers /app/controllers/concerns/access_tokens_actions.rb @gitlab-org/manage/authentication-and-authorization/approvers @@ -1054,6 +1094,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /app/models/token_with_iv.rb @gitlab-org/manage/authentication-and-authorization/approvers /app/models/webauthn_registration.rb @gitlab-org/manage/authentication-and-authorization/approvers /app/policies/personal_access_token_policy.rb @gitlab-org/manage/authentication-and-authorization/approvers +/app/serializers/access_token_entity_base.rb @gitlab-org/manage/authentication-and-authorization/approvers /app/serializers/group_access_token_entity.rb @gitlab-org/manage/authentication-and-authorization/approvers /app/serializers/group_access_token_serializer.rb @gitlab-org/manage/authentication-and-authorization/approvers /app/serializers/impersonation_access_token_entity.rb @gitlab-org/manage/authentication-and-authorization/approvers @@ -1081,7 +1122,6 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /app/views/admin/application_settings/_external_authorization_service_form.html.haml @gitlab-org/manage/authentication-and-authorization/approvers /app/views/admin/impersonation_tokens/ @gitlab-org/manage/authentication-and-authorization/approvers /app/views/authentication/ @gitlab-org/manage/authentication-and-authorization/approvers -/app/views/ci/token_access/ @gitlab-org/manage/authentication-and-authorization/approvers /app/views/dashboard/projects/_zero_authorized_projects.html.haml @gitlab-org/manage/authentication-and-authorization/approvers /app/views/devise/mailer/password_change.html.haml @gitlab-org/manage/authentication-and-authorization/approvers /app/views/devise/mailer/password_change.text.erb @gitlab-org/manage/authentication-and-authorization/approvers @@ -1107,6 +1147,8 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /app/views/notify/access_token_created_email.text.erb @gitlab-org/manage/authentication-and-authorization/approvers /app/views/notify/access_token_expired_email.html.haml @gitlab-org/manage/authentication-and-authorization/approvers /app/views/notify/access_token_expired_email.text.erb @gitlab-org/manage/authentication-and-authorization/approvers +/app/views/notify/access_token_revoked_email.html.haml @gitlab-org/manage/authentication-and-authorization/approvers +/app/views/notify/access_token_revoked_email.text.erb @gitlab-org/manage/authentication-and-authorization/approvers /app/views/profiles/passwords/ @gitlab-org/manage/authentication-and-authorization/approvers /app/views/profiles/personal_access_tokens/ @gitlab-org/manage/authentication-and-authorization/approvers /app/views/profiles/two_factor_auths/ @gitlab-org/manage/authentication-and-authorization/approvers @@ -1131,6 +1173,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /config/initializers/webauthn.rb @gitlab-org/manage/authentication-and-authorization/approvers /config/initializers_before_autoloader/100_patch_omniauth_oauth2.rb @gitlab-org/manage/authentication-and-authorization/approvers /config/initializers_before_autoloader/100_patch_omniauth_saml.rb @gitlab-org/manage/authentication-and-authorization/approvers +/config/weak_password_digests.yml @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/assets/javascripts/access_tokens/ @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/assets/javascripts/audit_events/components/tokens/ @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/assets/javascripts/audit_events/token_utils.js @gitlab-org/manage/authentication-and-authorization/approvers @@ -1141,9 +1184,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /ee/app/assets/javascripts/pages/passwords/ @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/assets/javascripts/pages/profiles/passwords/ @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/assets/javascripts/password/ @gitlab-org/manage/authentication-and-authorization/approvers -/ee/app/assets/javascripts/pipelines/components/pipelines_list/ @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/assets/javascripts/requirements/components/tokens/ @gitlab-org/manage/authentication-and-authorization/approvers -/ee/app/assets/javascripts/runner/components/search_tokens/ @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/assets/javascripts/saml_providers/scim_token_service.js @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/assets/javascripts/saml_sso/components/ @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/assets/javascripts/vue_merge_request_widget/components/approvals/approvals_auth.vue @gitlab-org/manage/authentication-and-authorization/approvers @@ -1166,6 +1207,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /ee/app/models/ee/project_authorization.rb @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/models/scim_oauth_access_token.rb @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/serializers/scim_oauth_access_token_entity.rb @gitlab-org/manage/authentication-and-authorization/approvers +/ee/app/services/arkose/token_verification_service.rb @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/services/ee/auth/ @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/services/ee/personal_access_tokens/ @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/services/ee/resource_access_tokens/ @gitlab-org/manage/authentication-and-authorization/approvers @@ -1191,23 +1233,22 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /ee/lib/ee/gitlab/auth/ @gitlab-org/manage/authentication-and-authorization/approvers /ee/lib/ee/gitlab/omniauth_initializer.rb @gitlab-org/manage/authentication-and-authorization/approvers /ee/lib/gitlab/auth/ @gitlab-org/manage/authentication-and-authorization/approvers -/ee/lib/gitlab/auth_logger.rb @gitlab-org/manage/authentication-and-authorization/approvers /ee/lib/gitlab/authority_analyzer.rb @gitlab-org/manage/authentication-and-authorization/approvers /ee/lib/gitlab/geo/oauth/ @gitlab-org/manage/authentication-and-authorization/approvers /ee/lib/gitlab/kerberos/ @gitlab-org/manage/authentication-and-authorization/approvers /ee/lib/omni_auth/ @gitlab-org/manage/authentication-and-authorization/approvers /ee/lib/system_check/geo/authorized_keys_check.rb @gitlab-org/manage/authentication-and-authorization/approvers /ee/lib/system_check/geo/authorized_keys_flag_check.rb @gitlab-org/manage/authentication-and-authorization/approvers -/lib/api/entities/ci/reset_token_result.rb @gitlab-org/manage/authentication-and-authorization/approvers /lib/api/entities/impersonation_token.rb @gitlab-org/manage/authentication-and-authorization/approvers /lib/api/entities/impersonation_token_with_token.rb @gitlab-org/manage/authentication-and-authorization/approvers /lib/api/entities/personal_access_token.rb @gitlab-org/manage/authentication-and-authorization/approvers -/lib/api/entities/personal_access_token_with_details.rb @gitlab-org/manage/authentication-and-authorization/approvers /lib/api/entities/personal_access_token_with_token.rb @gitlab-org/manage/authentication-and-authorization/approvers /lib/api/entities/resource_access_token.rb @gitlab-org/manage/authentication-and-authorization/approvers /lib/api/entities/resource_access_token_with_token.rb @gitlab-org/manage/authentication-and-authorization/approvers /lib/api/helpers/authentication.rb @gitlab-org/manage/authentication-and-authorization/approvers /lib/api/helpers/packages/basic_auth_helpers.rb @gitlab-org/manage/authentication-and-authorization/approvers +/lib/api/helpers/personal_access_tokens_helpers.rb @gitlab-org/manage/authentication-and-authorization/approvers +/lib/api/personal_access_tokens/ @gitlab-org/manage/authentication-and-authorization/approvers /lib/api/personal_access_tokens.rb @gitlab-org/manage/authentication-and-authorization/approvers /lib/api/resource_access_tokens.rb @gitlab-org/manage/authentication-and-authorization/approvers /lib/api/support/token_with_expiration.rb @gitlab-org/manage/authentication-and-authorization/approvers @@ -1221,8 +1262,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /lib/gitlab/background_migration/migrate_u2f_webauthn.rb @gitlab-org/manage/authentication-and-authorization/approvers /lib/gitlab/background_migration/update_users_where_two_factor_auth_required_from_group.rb @gitlab-org/manage/authentication-and-authorization/approvers /lib/gitlab/chat_name_token.rb @gitlab-org/manage/authentication-and-authorization/approvers -/lib/gitlab/ci/pipeline/expression/token.rb @gitlab-org/manage/authentication-and-authorization/approvers -/lib/gitlab/cleanup/unused_personal_access_tokens.rb @gitlab-org/manage/authentication-and-authorization/approvers +/lib/gitlab/cleanup/personal_access_tokens.rb @gitlab-org/manage/authentication-and-authorization/approvers /lib/gitlab/external_authorization/ @gitlab-org/manage/authentication-and-authorization/approvers /lib/gitlab/external_authorization.rb @gitlab-org/manage/authentication-and-authorization/approvers /lib/gitlab/grape_logging/loggers/token_logger.rb @gitlab-org/manage/authentication-and-authorization/approvers @@ -1235,11 +1275,90 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /lib/gitlab/project_authorizations.rb @gitlab-org/manage/authentication-and-authorization/approvers /lib/json_web_token/ @gitlab-org/manage/authentication-and-authorization/approvers /lib/omni_auth/ @gitlab-org/manage/authentication-and-authorization/approvers +/lib/security/weak_passwords.rb @gitlab-org/manage/authentication-and-authorization/approvers /lib/system_check/app/authorized_keys_permission_check.rb @gitlab-org/manage/authentication-and-authorization/approvers /lib/system_check/incoming_email/imap_authentication_check.rb @gitlab-org/manage/authentication-and-authorization/approvers /lib/tasks/gitlab/password.rake @gitlab-org/manage/authentication-and-authorization/approvers /lib/tasks/tokens.rake @gitlab-org/manage/authentication-and-authorization/approvers +^[Verify] +/app/**/ci/ @gitlab-org/maintainers/cicd-verify +/app/controllers/admin/jobs_controller.rb @gitlab-org/maintainers/cicd-verify +/app/controllers/admin/runner_projects_controller.rb @gitlab-org/maintainers/cicd-verify +/app/controllers/admin/runners_controller.rb @gitlab-org/maintainers/cicd-verify +/app/controllers/projects/artifacts_controller.rb @gitlab-org/maintainers/cicd-verify +/app/controllers/projects/build_artifacts_controller.rb @gitlab-org/maintainers/cicd-verify +/app/controllers/projects/builds_controller.rb @gitlab-org/maintainers/cicd-verify +/app/controllers/projects/jobs_controller.rb @gitlab-org/maintainers/cicd-verify +/app/controllers/runner_setup_controller.rb @gitlab-org/maintainers/cicd-verify +/app/controllers/projects/pipeline_schedules_controller.rb @gitlab-org/maintainers/cicd-verify +/app/controllers/projects/pipelines_controller.rb @gitlab-org/maintainers/cicd-verify +/app/controllers/projects/pipelines_settings_controller.rb @gitlab-org/maintainers/cicd-verify +/app/controllers/projects/runner_projects_controller.rb @gitlab-org/maintainers/cicd-verify +/app/controllers/projects/runners_controller.rb @gitlab-org/maintainers/cicd-verify +/app/controllers/projects/triggers_controller.rb @gitlab-org/maintainers/cicd-verify +/app/controllers/projects/usage_quotas_controller.rb @gitlab-org/maintainers/cicd-verify +/app/controllers/projects/variables_controller.rb @gitlab-org/maintainers/cicd-verify +/app/models/commit_status.rb @gitlab-org/maintainers/cicd-verify +/app/models/external_pull_request.rb @gitlab-org/maintainers/cicd-verify +/app/models/generic_commit_status.rb @gitlab-org/maintainers/cicd-verify +/app/models/namespace_ci_cd_setting.rb @gitlab-org/maintainers/cicd-verify +/app/models/project_ci_cd_setting.rb @gitlab-org/maintainers/cicd-verify +/app/presenters/commit_status_presenter.rb @gitlab-org/maintainers/cicd-verify +/app/presenters/generic_commit_status_presenter.rb @gitlab-org/maintainers/cicd-verify +/app/views/projects/artifacts/ @gitlab-org/maintainers/cicd-verify +/app/views/projects/generic_commit_statuses/ @gitlab-org/maintainers/cicd-verify +/app/views/projects/jobs/ @gitlab-org/maintainers/cicd-verify +/app/views/projects/pipeline_schedules/ @gitlab-org/maintainers/cicd-verify +/app/views/projects/pipelines/ @gitlab-org/maintainers/cicd-verify +/app/views/projects/triggers/ @gitlab-org/maintainers/cicd-verify +/app/workers/build_hooks_worker.rb @gitlab-org/maintainers/cicd-verify +/app/workers/build_queue_worker.rb @gitlab-org/maintainers/cicd-verify +/app/workers/build_success_worker.rb @gitlab-org/maintainers/cicd-verify +/app/workers/ci_platform_metrics_update_cron_worker.rb @gitlab-org/maintainers/cicd-verify +/app/workers/create_pipeline_worker.rb @gitlab-org/maintainers/cicd-verify +/app/workers/expire_build_artifacts_worker.rb @gitlab-org/maintainers/cicd-verify +/app/workers/pipeline_hooks_worker.rb @gitlab-org/maintainers/cicd-verify +/app/workers/pipeline_metrics_worker.rb @gitlab-org/maintainers/cicd-verify +/app/workers/pipeline_notification_worker.rb @gitlab-org/maintainers/cicd-verify +/app/workers/pipeline_process_worker.rb @gitlab-org/maintainers/cicd-verify +/app/workers/pipeline_schedule_worker.rb @gitlab-org/maintainers/cicd-verify +/app/workers/run_pipeline_schedule_worker.rb @gitlab-org/maintainers/cicd-verify +/app/workers/stuck_ci_jobs_worker.rb @gitlab-org/maintainers/cicd-verify +/app/workers/update_external_pull_requests_worker.rb @gitlab-org/maintainers/cicd-verify +/lib/**/ci/ @gitlab-org/maintainers/cicd-verify +/lib/api/commit_statuses.rb @gitlab-org/maintainers/cicd-verify +/ee/app/**/ci/ @gitlab-org/maintainers/cicd-verify +/ee/app/**/merge_trains/ @gitlab-org/maintainers/cicd-verify +/ee/app/models/merge_train.rb @gitlab-org/maintainers/cicd-verify +/ee/app/finders/merge_trains_finder.rb @gitlab-org/maintainers/cicd-verify +/ee/app/services/auto_merge/add_to_merge_train_when_pipeline_succeeds_service.rb @gitlab-org/maintainers/cicd-verify +/ee/app/services/auto_merge/merge_train_service.rb @gitlab-org/maintainers/cicd-verify +/ee/app/services/system_notes/merge_train_service.rb @gitlab-org/maintainers/cicd-verify +/ee/app/controllers/ee/admin/runners_controller.rb @gitlab-org/maintainers/cicd-verify +/ee/app/controllers/ee/projects/pipelines_controller.rb @gitlab-org/maintainers/cicd-verify +/ee/app/controllers/projects/pipelines/ @gitlab-org/maintainers/cicd-verify +/ee/app/controllers/projects/subscriptions_controller.rb @gitlab-org/maintainers/cicd-verify +/ee/app/models/merge_train.rb @gitlab-org/maintainers/cicd-verify +/ee/app/helpers/ee/projects/pipeline_helper.rb @gitlab-org/maintainers/cicd-verify +/ee/app/views/ci_minutes_usage_mailer/ @gitlab-org/maintainers/cicd-verify +/ee/app/views/projects/pipelines/ @gitlab-org/maintainers/cicd-verify +/ee/app/views/projects/settings/ci_cd/ @gitlab-org/maintainers/cicd-verify +/ee/app/workers/clear_shared_runners_minutes_worker.rb @gitlab-org/maintainers/cicd-verify +/ee/lib/**/ci/ @gitlab-org/maintainers/cicd-verify +/ee/lib/ee/api/entities/merge_train.rb @gitlab-org/maintainers/cicd-verify +/**/javascripts/jobs/ @gitlab-org/ci-cd/verify/frontend +/**/javascripts/pipelines/ @gitlab-org/ci-cd/verify/frontend +/app/assets/javascripts/ci/ @gitlab-org/ci-cd/verify/frontend +/app/assets/javascripts/pipeline_new/ @gitlab-org/ci-cd/verify/frontend +/app/assets/javascripts/ci_lint/ @gitlab-org/ci-cd/verify/frontend +/app/assets/javascripts/ci_variable_list/ @gitlab-org/ci-cd/verify/frontend +/app/assets/javascripts/ci/pipeline_schedules/ @gitlab-org/ci-cd/verify/frontend +/app/assets/javascripts/pipeline_editor/ @gitlab-org/ci-cd/verify/frontend +/ee/app/assets/javascripts/ci/ @gitlab-org/ci-cd/verify/frontend +/ee/app/assets/javascripts/reports/ @gitlab-org/ci-cd/verify/frontend +/app/assets/javascripts/token_access/ @gitlab-org/ci-cd/verify/frontend + [Manage::Workspace] lib/api/entities/basic_project_details.rb @gitlab-org/manage/manage-workspace/backend-approvers lib/api/entities/project_with_access.rb @gitlab-org/manage/manage-workspace/backend-approvers @@ -1248,68 +1367,68 @@ lib/api/entities/project.rb @gitlab-org/manage/manage-workspace/backend-approver ee/lib/ee/api/entities/project.rb @gitlab-org/manage/manage-workspace/backend-approvers [Compliance] -/ee/app/services/audit_events/build_service.rb @gitlab-org/manage/compliance -/ee/spec/services/audit_events/custom_audit_event_service_spec.rb @gitlab-org/manage/compliance -/app/models/audit_event.rb @gitlab-org/manage/compliance -/app/services/audit_event_service.rb @gitlab-org/manage/compliance -/app/services/concerns/audit_event_save_type.rb @gitlab-org/manage/compliance -/app/views/profiles/audit_log.html.haml @gitlab-org/manage/compliance -/ee/app/assets/javascripts/audit_events/components/audit_events_app.vue @gitlab-org/manage/compliance -/ee/app/assets/javascripts/audit_events/components/audit_events_export_button.vue @gitlab-org/manage/compliance -/ee/app/assets/javascripts/audit_events/components/audit_events_filter.vue @gitlab-org/manage/compliance -/ee/app/assets/javascripts/audit_events/components/audit_events_log.vue @gitlab-org/manage/compliance -/ee/app/assets/javascripts/audit_events/components/audit_events_stream.vue @gitlab-org/manage/compliance -/ee/app/assets/javascripts/audit_events/components/audit_events_table.vue @gitlab-org/manage/compliance -/ee/app/assets/javascripts/audit_events/components/tokens/shared/ @gitlab-org/manage/compliance -/ee/app/assets/javascripts/audit_events/init_audit_events.js @gitlab-org/manage/compliance -/ee/app/controllers/admin/audit_log_reports_controller.rb @gitlab-org/manage/compliance -/ee/app/controllers/admin/audit_logs_controller.rb @gitlab-org/manage/compliance -/ee/app/controllers/concerns/audit_events/audit_events_params.rb @gitlab-org/manage/compliance -/ee/app/controllers/groups/audit_events_controller.rb @gitlab-org/manage/compliance -/ee/app/controllers/projects/audit_events_controller.rb @gitlab-org/manage/compliance -/ee/app/finders/audit_event_finder.rb @gitlab-org/manage/compliance -/ee/app/graphql/types/audit_events/external_audit_event_destination_type.rb @gitlab-org/manage/compliance -/ee/app/helpers/audit_events_helper.rb @gitlab-org/manage/compliance -/ee/app/helpers/auditor_user_helper.rb @gitlab-org/manage/compliance -/ee/app/models/audit_events/external_audit_event_destination.rb @gitlab-org/manage/compliance -/ee/app/models/concerns/auditable.rb @gitlab-org/manage/compliance -/ee/app/models/ee/audit_event.rb @gitlab-org/manage/compliance -/ee/app/policies/audit_events/external_audit_event_destination_policy.rb @gitlab-org/manage/compliance -/ee/app/presenters/audit_event_presenter.rb @gitlab-org/manage/compliance -/ee/app/serializers/audit_event_entity.rb @gitlab-org/manage/compliance -/ee/app/serializers/audit_event_serializer.rb @gitlab-org/manage/compliance -/ee/app/services/ci/audit_variable_change_service.rb @gitlab-org/manage/compliance -/ee/app/services/ee/audit_event_service.rb @gitlab-org/manage/compliance -/ee/app/views/admin/users/_auditor_access_level_radio.html.haml @gitlab-org/manage/compliance -/ee/app/views/admin/users/_auditor_user_badge.html.haml @gitlab-org/manage/compliance -/ee/app/views/shared/icons/_icon_audit_events_purple.svg @gitlab-org/manage/compliance -/ee/app/views/shared/promotions/_promote_audit_events.html.haml @gitlab-org/manage/compliance -/ee/app/workers/audit_events/audit_event_streaming_worker.rb @gitlab-org/manage/compliance -/ee/config/events/1652263097_groups__audit_events__index_click_streams_tab.yml @gitlab-org/manage/compliance -/ee/config/events/202108302307_admin_audit_logs_index_click_date_range_button.yml @gitlab-org/manage/compliance -/ee/config/events/202108302307_groups__audit_events_controller_search_audit_event.yml @gitlab-org/manage/compliance -/ee/config/events/202108302307_profiles_controller_search_audit_event.yml @gitlab-org/manage/compliance -/ee/config/events/202108302307_projects__audit_events_controller_search_audit_event.yml @gitlab-org/manage/compliance -/ee/config/events/202111041910_admin__audit_logs_controller_search_audit_event.yml @gitlab-org/manage/compliance -/ee/config/feature_flags/development/audit_event_streaming_git_operations.yml @gitlab-org/manage/compliance -/ee/config/feature_flags/development/audit_log_group_level.yml @gitlab-org/manage/compliance -/ee/config/metrics/counts_28d/20210216183930_g_compliance_audit_events_monthly.yml @gitlab-org/manage/compliance -/ee/config/metrics/counts_28d/20210216183934_i_compliance_audit_events_monthly.yml @gitlab-org/manage/compliance -/ee/config/metrics/counts_28d/20210216183942_a_compliance_audit_events_api_monthly.yml @gitlab-org/manage/compliance -/ee/config/metrics/counts_28d/20211130085433_g_manage_compliance_audit_event_destinations.yml @gitlab-org/manage/compliance -/ee/config/metrics/counts_7d/20210216183906_g_compliance_audit_events.yml @gitlab-org/manage/compliance -/ee/config/metrics/counts_7d/20210216183908_i_compliance_audit_events.yml @gitlab-org/manage/compliance -/ee/config/metrics/counts_7d/20210216183912_a_compliance_audit_events_api.yml @gitlab-org/manage/compliance -/ee/config/metrics/counts_7d/20210216183928_g_compliance_audit_events_weekly.yml @gitlab-org/manage/compliance -/ee/config/metrics/counts_7d/20210216183932_i_compliance_audit_events_weekly.yml @gitlab-org/manage/compliance -/ee/config/metrics/counts_7d/20210216183940_a_compliance_audit_events_api_weekly.yml @gitlab-org/manage/compliance -/ee/config/metrics/counts_all/20211130085433_g_manage_compliance_audit_event_destinations.yml @gitlab-org/manage/compliance -/ee/lib/api/audit_events.rb @gitlab-org/manage/compliance -/ee/lib/audit/external_status_check_changes_auditor.rb @gitlab-org/manage/compliance -/ee/lib/audit/group_merge_request_approval_setting_changes_auditor.rb @gitlab-org/manage/compliance -/ee/lib/audit/group_push_rules_changes_auditor.rb @gitlab-org/manage/compliance -/ee/lib/ee/api/entities/audit_event.rb @gitlab-org/manage/compliance -/ee/lib/ee/audit/ @gitlab-org/manage/compliance -/ee/lib/ee/gitlab/audit/ @gitlab-org/manage/compliance -/lib/gitlab/audit/auditor.rb @gitlab-org/manage/compliance -/lib/gitlab/audit_json_logger.rb @gitlab-org/manage/compliance +/ee/app/services/audit_events/build_service.rb @gitlab-org/govern/compliance +/ee/spec/services/audit_events/custom_audit_event_service_spec.rb @gitlab-org/govern/compliance +/app/models/audit_event.rb @gitlab-org/govern/compliance +/app/services/audit_event_service.rb @gitlab-org/govern/compliance +/app/services/concerns/audit_event_save_type.rb @gitlab-org/govern/compliance +/app/views/profiles/audit_log.html.haml @gitlab-org/govern/compliance +/ee/app/assets/javascripts/audit_events/components/audit_events_app.vue @gitlab-org/govern/compliance +/ee/app/assets/javascripts/audit_events/components/audit_events_export_button.vue @gitlab-org/govern/compliance +/ee/app/assets/javascripts/audit_events/components/audit_events_filter.vue @gitlab-org/govern/compliance +/ee/app/assets/javascripts/audit_events/components/audit_events_log.vue @gitlab-org/govern/compliance +/ee/app/assets/javascripts/audit_events/components/audit_events_stream.vue @gitlab-org/govern/compliance +/ee/app/assets/javascripts/audit_events/components/audit_events_table.vue @gitlab-org/govern/compliance +/ee/app/assets/javascripts/audit_events/components/tokens/shared/ @gitlab-org/govern/compliance +/ee/app/assets/javascripts/audit_events/init_audit_events.js @gitlab-org/govern/compliance +/ee/app/controllers/admin/audit_log_reports_controller.rb @gitlab-org/govern/compliance +/ee/app/controllers/admin/audit_logs_controller.rb @gitlab-org/govern/compliance +/ee/app/controllers/concerns/audit_events/audit_events_params.rb @gitlab-org/govern/compliance +/ee/app/controllers/groups/audit_events_controller.rb @gitlab-org/govern/compliance +/ee/app/controllers/projects/audit_events_controller.rb @gitlab-org/govern/compliance +/ee/app/finders/audit_event_finder.rb @gitlab-org/govern/compliance +/ee/app/graphql/types/audit_events/external_audit_event_destination_type.rb @gitlab-org/govern/compliance +/ee/app/helpers/audit_events_helper.rb @gitlab-org/govern/compliance +/ee/app/helpers/auditor_user_helper.rb @gitlab-org/govern/compliance +/ee/app/models/audit_events/external_audit_event_destination.rb @gitlab-org/govern/compliance +/ee/app/models/concerns/auditable.rb @gitlab-org/govern/compliance +/ee/app/models/ee/audit_event.rb @gitlab-org/govern/compliance +/ee/app/policies/audit_events/external_audit_event_destination_policy.rb @gitlab-org/govern/compliance +/ee/app/presenters/audit_event_presenter.rb @gitlab-org/govern/compliance +/ee/app/serializers/audit_event_entity.rb @gitlab-org/govern/compliance +/ee/app/serializers/audit_event_serializer.rb @gitlab-org/govern/compliance +/ee/app/services/ci/audit_variable_change_service.rb @gitlab-org/govern/compliance +/ee/app/services/ee/audit_event_service.rb @gitlab-org/govern/compliance +/ee/app/views/admin/users/_auditor_access_level_radio.html.haml @gitlab-org/govern/compliance +/ee/app/views/admin/users/_auditor_user_badge.html.haml @gitlab-org/govern/compliance +/ee/app/views/shared/icons/_icon_audit_events_purple.svg @gitlab-org/govern/compliance +/ee/app/views/shared/promotions/_promote_audit_events.html.haml @gitlab-org/govern/compliance +/ee/app/workers/audit_events/audit_event_streaming_worker.rb @gitlab-org/govern/compliance +/ee/config/events/1652263097_groups__audit_events__index_click_streams_tab.yml @gitlab-org/govern/compliance +/ee/config/events/202108302307_admin_audit_logs_index_click_date_range_button.yml @gitlab-org/govern/compliance +/ee/config/events/202108302307_groups__audit_events_controller_search_audit_event.yml @gitlab-org/govern/compliance +/ee/config/events/202108302307_profiles_controller_search_audit_event.yml @gitlab-org/govern/compliance +/ee/config/events/202108302307_projects__audit_events_controller_search_audit_event.yml @gitlab-org/govern/compliance +/ee/config/events/202111041910_admin__audit_logs_controller_search_audit_event.yml @gitlab-org/govern/compliance +/ee/config/feature_flags/development/audit_event_streaming_git_operations.yml @gitlab-org/govern/compliance +/ee/config/feature_flags/development/audit_log_group_level.yml @gitlab-org/govern/compliance +/ee/config/metrics/counts_28d/20210216183930_g_compliance_audit_events_monthly.yml @gitlab-org/govern/compliance +/ee/config/metrics/counts_28d/20210216183934_i_compliance_audit_events_monthly.yml @gitlab-org/govern/compliance +/ee/config/metrics/counts_28d/20210216183942_a_compliance_audit_events_api_monthly.yml @gitlab-org/govern/compliance +/ee/config/metrics/counts_28d/20211130085433_g_manage_compliance_audit_event_destinations.yml @gitlab-org/govern/compliance +/ee/config/metrics/counts_7d/20210216183906_g_compliance_audit_events.yml @gitlab-org/govern/compliance +/ee/config/metrics/counts_7d/20210216183908_i_compliance_audit_events.yml @gitlab-org/govern/compliance +/ee/config/metrics/counts_7d/20210216183912_a_compliance_audit_events_api.yml @gitlab-org/govern/compliance +/ee/config/metrics/counts_7d/20210216183928_g_compliance_audit_events_weekly.yml @gitlab-org/govern/compliance +/ee/config/metrics/counts_7d/20210216183932_i_compliance_audit_events_weekly.yml @gitlab-org/govern/compliance +/ee/config/metrics/counts_7d/20210216183940_a_compliance_audit_events_api_weekly.yml @gitlab-org/govern/compliance +/ee/config/metrics/counts_all/20211130085433_g_manage_compliance_audit_event_destinations.yml @gitlab-org/govern/compliance +/ee/lib/api/audit_events.rb @gitlab-org/govern/compliance +/ee/lib/audit/external_status_check_changes_auditor.rb @gitlab-org/govern/compliance +/ee/lib/audit/group_merge_request_approval_setting_changes_auditor.rb @gitlab-org/govern/compliance +/ee/lib/audit/group_push_rules_changes_auditor.rb @gitlab-org/govern/compliance +/ee/lib/ee/api/entities/audit_event.rb @gitlab-org/govern/compliance +/ee/lib/ee/audit/ @gitlab-org/govern/compliance +/ee/lib/ee/gitlab/audit/ @gitlab-org/govern/compliance +/lib/gitlab/audit/auditor.rb @gitlab-org/govern/compliance +/lib/gitlab/audit_json_logger.rb @gitlab-org/govern/compliance diff --git a/.gitlab/ci/as-if-jh.gitlab-ci.yml b/.gitlab/ci/as-if-jh.gitlab-ci.yml new file mode 100644 index 00000000000..6019c8a9649 --- /dev/null +++ b/.gitlab/ci/as-if-jh.gitlab-ci.yml @@ -0,0 +1,63 @@ +.shared-as-if-jh: + variables: + SANDBOX_PROJECT: "gitlab-org-sandbox/gitlab-jh-validation" + SANDBOX_REPOSITORY: "https://dummy:${AS_IF_JH_TOKEN}@gitlab.com/${SANDBOX_PROJECT}.git" + GITLAB_JH_MIRROR_PROJECT: "33019816" + AS_IF_JH_BRANCH: "as-if-jh/${CI_COMMIT_REF_NAME}" + JH_FILES_TO_COMMIT: "jh package.json yarn.lock" + +add-jh-files: + extends: + - .shared-as-if-jh + - .as-if-jh:rules:prepare-as-if-jh + image: ${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION} + stage: prepare + before_script: + - source ./scripts/utils.sh + - source ./scripts/setup/as-if-jh.sh + - install_gitlab_gem + script: + - prepare_jh_branch + - download_jh_path ${JH_FILES_TO_COMMIT} + - echoinfo "Changes after downloading JiHu files:" + - git diff + - git status + artifacts: + expire_in: 2d + paths: + # This should match JH_FILES_TO_COMMIT + - jh/ + - package.json + - yarn.lock + +prepare-as-if-jh-branch: + extends: + - .shared-as-if-jh + - .as-if-jh:rules:prepare-as-if-jh + stage: prepare + needs: + - add-jh-files + script: + - git checkout -b "${AS_IF_JH_BRANCH}" + - git add ${JH_FILES_TO_COMMIT} + - git commit -m 'Add JH files' # TODO: Mark which SHA we add + # Fetch for the history of the branch so it does not cause the following error: + # ! [remote rejected] ref -> ref (shallow update not allowed) + - git fetch --unshallow --filter=tree:0 origin "${CI_COMMIT_REF_NAME}" + - git push -f "${SANDBOX_REPOSITORY}" "${AS_IF_JH_BRANCH}" + +start-as-if-jh: + extends: + - .shared-as-if-jh + - .as-if-jh:rules:start-as-if-jh + stage: prepare + needs: ["prepare-as-if-jh-branch"] + inherit: + variables: false + variables: + AS_IF_EDITION: "jh" + FORCE_GITLAB_CI: "true" # TODO: Trigger a merge request pipeline + trigger: + project: gitlab-org-sandbox/gitlab-jh-validation # ${SANDBOX_PROJECT} does not work here + branch: as-if-jh/${CI_COMMIT_REF_NAME} # ${AS_IF_JH_BRANCH} does not work here + strategy: depend diff --git a/.gitlab/ci/build-images.gitlab-ci.yml b/.gitlab/ci/build-images.gitlab-ci.yml index 3c7056a92c1..a60a5f6040c 100644 --- a/.gitlab/ci/build-images.gitlab-ci.yml +++ b/.gitlab/ci/build-images.gitlab-ci.yml @@ -1,7 +1,13 @@ .base-image-build: extends: .use-kaniko variables: - GIT_LFS_SKIP_SMUDGE: 1 + GIT_LFS_SKIP_SMUDGE: 1 # disable pulling objects from lfs + retry: 2 + +.base-image-build-buildx: + extends: .use-buildx + variables: + GIT_LFS_SKIP_SMUDGE: 1 # disable pulling objects from lfs retry: 2 # This image is used by: @@ -10,12 +16,12 @@ # See https://docs.gitlab.com/ee/development/testing_guide/end_to_end/index.html#testing-code-in-merge-requests for more details. build-qa-image: extends: - - .base-image-build + - .base-image-build-buildx - .build-images:rules:build-qa-image stage: build-images needs: [] script: - - ./scripts/build_qa_image + - run_timed_command "scripts/build_qa_image" # This image is used by: # - The `CNG` pipelines (via the `review-build-cng` job): https://gitlab.com/gitlab-org/build/CNG/-/blob/cfc67136d711e1c8c409bf8e57427a644393da2f/.gitlab-ci.yml#L335 diff --git a/.gitlab/ci/dev-fixtures.gitlab-ci.yml b/.gitlab/ci/dev-fixtures.gitlab-ci.yml index 21eae3f23e9..ea868ada621 100644 --- a/.gitlab/ci/dev-fixtures.gitlab-ci.yml +++ b/.gitlab/ci/dev-fixtures.gitlab-ci.yml @@ -29,7 +29,7 @@ run-dev-fixtures-ee: extends: - .run-dev-fixtures - .dev-fixtures:rules:ee-only - - .use-pg12-ee + - .use-pg12-es7-ee script: - cp ee/db/fixtures/development/* $FIXTURE_PATH - *run-dev-fixtures-script diff --git a/.gitlab/ci/docs.gitlab-ci.yml b/.gitlab/ci/docs.gitlab-ci.yml index 022f1c17a93..c6d2b30046c 100644 --- a/.gitlab/ci/docs.gitlab-ci.yml +++ b/.gitlab/ci/docs.gitlab-ci.yml @@ -39,17 +39,6 @@ review-docs-cleanup: script: - ./scripts/trigger-build.rb docs cleanup -docs-lint markdown: - extends: - - .default-retry - - .docs:rules:docs-lint - # When updating the image version here, update it in /scripts/lint-doc.sh too. - image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-docs/lint-markdown:alpine-3.16-vale-2.20.1-markdownlint-0.32.2 - stage: lint - needs: [] - script: - - scripts/lint-doc.sh - docs-lint links: extends: - .docs:rules:docs-lint @@ -67,6 +56,35 @@ docs-lint links: # Check the internal links and anchors (in parallel) - "parallel time bundle exec nanoc check ::: internal_links internal_anchors" +.docs-markdown-lint-image: + # When updating the image version here, update it in /scripts/lint-doc.sh too. + image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-docs/lint-markdown:alpine-3.16-vale-2.20.1-markdownlint-0.32.2 + +docs-lint markdown: + extends: + - .default-retry + - .docs:rules:docs-lint + - .docs-markdown-lint-image + stage: lint + needs: [] + script: + - scripts/lint-doc.sh + +docs-code-quality: + extends: + - .docs:rules:docs-code-quality + - .docs-markdown-lint-image + stage: lint + needs: [] + script: + - vale --output=doc/.vale/vale-json.tmpl --minAlertLevel warning doc > gl-code-quality-report-docs.json || exit_code=$? + artifacts: + reports: + codequality: gl-code-quality-report-docs.json + paths: + - gl-code-quality-report-docs.json + expire_in: 1 week + ui-docs-links lint: extends: - .docs:rules:docs-lint diff --git a/.gitlab/ci/frontend.gitlab-ci.yml b/.gitlab/ci/frontend.gitlab-ci.yml index 085c0aa890d..6be77fe52c8 100644 --- a/.gitlab/ci/frontend.gitlab-ci.yml +++ b/.gitlab/ci/frontend.gitlab-ci.yml @@ -20,7 +20,12 @@ - | if [[ "${CACHE_ASSETS_AS_PACKAGE}" == "true" ]]; then source scripts/gitlab_component_helpers.sh - gitlab_assets_archive_doesnt_exist || run_timed_command "download_and_extract_gitlab_assets" + + if ! gitlab_assets_archive_doesnt_exist; then + # We remove all assets from the native cache as they could pollute the fresh assets from the package + rm -rf public/assets/ app/assets/javascripts/locale/**/app.js + run_timed_command "download_and_extract_gitlab_assets" + fi fi - assets_compile_script @@ -84,17 +89,6 @@ update-assets-compile-test-cache: - echo -n "${GITLAB_ASSETS_HASH}" > "cached-assets-hash.txt" artifacts: {} # This job's purpose is only to update the cache. -# TODO: Remove this as it's duplicating update-assets-compile-*-cache -update-yarn-cache: - extends: - - .default-retry - - .default-utils-before_script - - .yarn-cache-push - - .shared:rules:update-cache - stage: prepare - script: - - yarn_install_script - update-storybook-yarn-cache: extends: - .default-retry @@ -171,7 +165,7 @@ graphql-schema-dump: graphql-schema-dump as-if-foss: extends: - graphql-schema-dump - - .frontend:rules:eslint-as-if-foss + - .frontend:rules:default-frontend-jobs-as-if-foss - .as-if-foss .frontend-test-base: @@ -399,5 +393,5 @@ compile-storybook as-if-foss: - .as-if-foss - .frontend:rules:default-frontend-jobs-as-if-foss needs: - - !reference [.compile-storybook-base, needs] + - job: "graphql-schema-dump as-if-foss" - job: "rspec-all frontend_fixture as-if-foss" diff --git a/.gitlab/ci/glfm.gitlab-ci.yml b/.gitlab/ci/glfm.gitlab-ci.yml new file mode 100644 index 00000000000..6ff60f24730 --- /dev/null +++ b/.gitlab/ci/glfm.gitlab-ci.yml @@ -0,0 +1,16 @@ +glfm-verify: + extends: + - .rails-job-base + - .glfm:rules:glfm-verify + - .use-pg12 + stage: test + needs: ["setup-test-env"] + script: + - !reference [.base-script, script] + - bundle exec scripts/glfm/verify-all-generated-files-are-up-to-date.rb + artifacts: + name: changed-files + when: on_failure + expire_in: 31d + paths: + - glfm_specification/ diff --git a/.gitlab/ci/global.gitlab-ci.yml b/.gitlab/ci/global.gitlab-ci.yml index ed59a0dd8fe..add728a9983 100644 --- a/.gitlab/ci/global.gitlab-ci.yml +++ b/.gitlab/ci/global.gitlab-ci.yml @@ -219,23 +219,16 @@ - *node-modules-cache - *assets-tmp-cache -# TODO: Remove this as it's duplicating .assets-compile-cache-push -.yarn-cache-push: - cache: - - *node-modules-cache-push - .assets-compile-cache: cache: - *ruby-gems-cache - *node-modules-cache - - *assets-cache - *assets-tmp-cache .assets-compile-cache-push: cache: - *ruby-gems-cache # We don't push this cache as it's already rebuilt by `update-setup-test-env-cache` - *node-modules-cache-push - - *assets-cache-push - *assets-tmp-cache-push .storybook-yarn-cache: @@ -245,7 +238,7 @@ .storybook-yarn-cache-push: cache: - - *node-modules-cache # We don't push this cache as it's already rebuilt by `update-yarn-cache` + - *node-modules-cache # We don't push this cache as it's already rebuilt by `update-assets-compile-*-cache` - *storybook-node-modules-cache-push .use-pg11: @@ -275,34 +268,34 @@ POSTGRES_HOST_AUTH_METHOD: trust PG_VERSION: "13" -.use-pg11-ee: +.use-pg11-es7-ee: services: - name: postgres:11.6 command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] - name: redis:5.0-alpine - - name: elasticsearch:7.17.0 + - name: elasticsearch:7.17.6 command: ["elasticsearch", "-E", "discovery.type=single-node", "-E", "xpack.security.enabled=false"] variables: POSTGRES_HOST_AUTH_METHOD: trust PG_VERSION: "11" -.use-pg12-ee: +.use-pg12-es7-ee: services: - name: postgres:12 command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] - name: redis:6.0-alpine - - name: elasticsearch:7.17.0 + - name: elasticsearch:7.17.6 command: ["elasticsearch", "-E", "discovery.type=single-node", "-E", "xpack.security.enabled=false"] variables: POSTGRES_HOST_AUTH_METHOD: trust PG_VERSION: "12" -.use-pg13-ee: +.use-pg13-es7-ee: services: - name: postgres:13 command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] - name: redis:6.2-alpine - - name: elasticsearch:7.17.0 + - name: elasticsearch:7.17.6 command: ["elasticsearch", "-E", "discovery.type=single-node", "-E", "xpack.security.enabled=false"] variables: POSTGRES_HOST_AUTH_METHOD: trust @@ -313,7 +306,7 @@ - name: postgres:12 command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] - name: redis:6.0-alpine - - name: elasticsearch:8.3.3 + - name: elasticsearch:8.4.1 variables: POSTGRES_HOST_AUTH_METHOD: trust PG_VERSION: "12" @@ -325,7 +318,19 @@ - name: postgres:12 command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] - name: redis:6.0-alpine - - name: opensearchproject/opensearch:1.2.4 + - name: opensearchproject/opensearch:1.3.5 + alias: elasticsearch + command: ["bin/opensearch", "-E", "discovery.type=single-node", "-E", "plugins.security.disabled=true"] + variables: + POSTGRES_HOST_AUTH_METHOD: trust + PG_VERSION: "12" + +.use-pg12-opensearch2-ee: + services: + - name: postgres:12 + command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] + - name: redis:6.0-alpine + - name: opensearchproject/opensearch:2.2.1 alias: elasticsearch command: ["bin/opensearch", "-E", "discovery.type=single-node", "-E", "plugins.security.disabled=true"] variables: @@ -356,3 +361,20 @@ tags: # See https://gitlab.com/gitlab-com/www-gitlab-com/-/issues/7019 for tag descriptions - gitlab-org-docker + +.use-buildx: + extends: .use-docker-in-docker + image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-slim:docker-${DOCKER_VERSION}-buildx-0.8 + variables: + QEMU_IMAGE: tonistiigi/binfmt:qemu-v7.0.0 + before_script: + - source scripts/utils.sh + - echo "$CI_REGISTRY_PASSWORD" | docker login "$CI_REGISTRY" -u "$CI_REGISTRY_USER" --password-stdin + - | + if [[ "${ARCH}" =~ arm64 ]]; then + echo -e "\033[1;33mInstalling latest qemu emulators\033[0m" + docker pull -q ${QEMU_IMAGE}; + docker run --rm --privileged ${QEMU_IMAGE} --uninstall qemu-*; + docker run --rm --privileged ${QEMU_IMAGE} --install all; + fi + - docker buildx create --use # creates and set's to active buildkit builder diff --git a/.gitlab/ci/notify.gitlab-ci.yml b/.gitlab/ci/notify.gitlab-ci.yml index 51b0f4071eb..ae77caa140a 100644 --- a/.gitlab/ci/notify.gitlab-ci.yml +++ b/.gitlab/ci/notify.gitlab-ci.yml @@ -1,8 +1,12 @@ -.notify-slack: - image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}alpine/curl +.notify-defaults: stage: notify dependencies: [] cache: {} + +.notify-slack: + extends: + - .notify-defaults + image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}alpine/curl variables: MERGE_REQUEST_URL: ${CI_MERGE_REQUEST_PROJECT_URL}/-/merge_requests/${CI_MERGE_REQUEST_IID} before_script: @@ -34,28 +38,31 @@ notify-security-pipeline: - scripts/slack ${NOTIFY_CHANNEL} "<!subteam^S0127FU8PDE> ☠️ Pipeline for merged result failed! ☠️ See ${CI_PIPELINE_URL} (triggered from ${MERGE_REQUEST_URL})" ci_failing "GitLab Release Tools Bot" notify-pipeline-failure: - extends: .notify-slack + extends: + - .notify-defaults + - .notify:rules:notify-pipeline-failure image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION} - rules: - # Don't report child pipeline failures - - if: '$CI_PIPELINE_SOURCE == "parent_pipeline"' - when: never - - if: '$CI_SLACK_WEBHOOK_URL && $NOTIFY_PIPELINE_FAILURE_CHANNEL' - when: on_failure - allow_failure: true variables: + BROKEN_MASTER_INCIDENTS_PROJECT: "gitlab-org/quality/engineering-productivity/master-broken-incidents" + BROKEN_MASTER_INCIDENT_JSON: "${CI_PROJECT_DIR}/incident.json" SLACK_CHANNEL: "${NOTIFY_PIPELINE_FAILURE_CHANNEL}" - FAILED_PIPELINE_REPORT_FILE: "failed_pipeline_report.json" + FAILED_PIPELINE_SLACK_MESSAGE_FILE: "${CI_PROJECT_DIR}/failed_pipeline_slack_message.json" before_script: - source scripts/utils.sh - apt-get update && apt-get install -y jq - install_gitlab_gem script: - - scripts/generate-failed-pipeline-slack-message.rb - | - curl -X POST -H 'Content-Type: application/json' --data @${FAILED_PIPELINE_REPORT_FILE} "$CI_SLACK_WEBHOOK_URL" + if [[ "${CREATE_INCIDENT_FOR_PIPELINE_FAILURE}" == "true" ]]; then + scripts/create-pipeline-failure-incident.rb -p ${BROKEN_MASTER_INCIDENTS_PROJECT} -f ${BROKEN_MASTER_INCIDENT_JSON} -t ${BROKEN_MASTER_INCIDENTS_PROJECT_TOKEN}; + echosuccess "Created incident $(jq '.web_url' ${BROKEN_MASTER_INCIDENT_JSON})"; + fi + - | + scripts/generate-failed-pipeline-slack-message.rb -i ${BROKEN_MASTER_INCIDENT_JSON} -f ${FAILED_PIPELINE_SLACK_MESSAGE_FILE}; + curl -X POST -H 'Content-Type: application/json' --data @${FAILED_PIPELINE_SLACK_MESSAGE_FILE} "$CI_SLACK_WEBHOOK_URL"; artifacts: paths: - - ${FAILED_PIPELINE_REPORT_FILE} + - ${BROKEN_MASTER_INCIDENT_JSON} + - ${FAILED_PIPELINE_SLACK_MESSAGE_FILE} when: always expire_in: 2 days diff --git a/.gitlab/ci/package-and-test/main.gitlab-ci.yml b/.gitlab/ci/package-and-test/main.gitlab-ci.yml index 1a1c67bf572..f0bf79f009d 100644 --- a/.gitlab/ci/package-and-test/main.gitlab-ci.yml +++ b/.gitlab/ci/package-and-test/main.gitlab-ci.yml @@ -7,7 +7,7 @@ include: - local: .gitlab/ci/package-and-test/rules.gitlab-ci.yml - local: .gitlab/ci/package-and-test/variables.gitlab-ci.yml - project: gitlab-org/quality/pipeline-common - ref: 1.3.0 + ref: 1.7.0 file: - /ci/base.gitlab-ci.yml - /ci/allure-report.yml @@ -27,6 +27,8 @@ stages: QA_KNAPSACK_REPORT_PATH: $CI_PROJECT_DIR/qa/knapsack .ruby-image: + # Because this pipeline template can be included directly in other projects, + # image path and registry needs to be defined explicitly image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-${RUBY_VERSION}:bundler-2.3 .qa-install: @@ -161,7 +163,7 @@ cache-gems: extends: - .qa-install - .ruby-image - - .rules:prepare + - .rules:update-cache stage: .pre tags: - e2e @@ -206,7 +208,6 @@ ee:instance-parallel-ff-inverse: QA_KNAPSACK_REPORT_NAME: ee-instance-parallel GITLAB_QA_OPTS: --set-feature-flags $QA_FEATURE_FLAGS rules: - - !reference [.rules:test:feature-flags-deleted, rules] # skip job when only change is ff deletion - !reference [.rules:test:feature-flags-set, rules] # ------------------------------------------ @@ -224,7 +225,7 @@ ee:instance-parallel: - .parallel - ee:instance rules: - - !reference [.rules:test:feature-flags-set, rules] # always run instance-parallel to validate ff change + - !reference [.rules:test:feature-flags-set, rules] # always run instance-parallel to validate ff change - !reference [.rules:test:qa-parallel, rules] - if: $QA_SUITES =~ /Test::Instance::All/ @@ -378,6 +379,15 @@ ee:update-major: - if: $QA_SUITES =~ /Test::Instance::Smoke/ - !reference [.rules:test:manual, rules] +ee:gitab-pages: + extends: .qa + variables: + QA_SCENARIO: Test::Integration::GitlabPages + rules: + - !reference [.rules:test:qa, rules] + - if: $QA_SUITES =~ /Test::Integration::GitlabPages/ + - !reference [.rules:test:manual, rules] + ee:gitaly-cluster: extends: .qa variables: @@ -548,7 +558,7 @@ ee:elasticsearch: variables: QA_SCENARIO: "Test::Integration::Elasticsearch" before_script: - - unset ELASTIC_URL # unset url which is globally defined in .gitlab-ci.yml + - unset ELASTIC_URL # unset url which is globally defined in .gitlab-ci.yml - !reference [.qa, before_script] rules: - !reference [.rules:test:qa, rules] @@ -577,7 +587,7 @@ e2e-test-report: ALLURE_MERGE_REQUEST_IID: $CI_MERGE_REQUEST_IID ALLURE_JOB_NAME: e2e-package-and-test GIT_STRATEGY: none - artifacts: # save rspec results for displaying in parent pipeline + artifacts: # save rspec results for displaying in parent pipeline expire_in: 1 day when: always paths: @@ -592,6 +602,16 @@ upload-knapsack-report: stage: report when: always +export-test-metrics: + extends: + - .qa-install + - .ruby-image + - .rules:report:process-results + stage: report + when: always + script: + - bundle exec rake "ci:export_test_metrics[$CI_PROJECT_DIR/gitlab-qa-run-*/**/test-metrics-*.json]" + relate-test-failures: extends: - .qa-install @@ -647,5 +667,5 @@ notify-slack: TYPE: "(package-and-test) " when: on_failure script: - - bundle exec gitlab-qa-report --prepare-stage-reports "$CI_PROJECT_DIR/gitlab-qa-run-*/**/rspec-*.xml" # generate summary + - bundle exec gitlab-qa-report --prepare-stage-reports "$CI_PROJECT_DIR/gitlab-qa-run-*/**/rspec-*.xml" # generate summary - !reference [.notify-slack-qa, script] diff --git a/.gitlab/ci/package-and-test/rules.gitlab-ci.yml b/.gitlab/ci/package-and-test/rules.gitlab-ci.yml index 47625340a3a..64d56cec21a 100644 --- a/.gitlab/ci/package-and-test/rules.gitlab-ci.yml +++ b/.gitlab/ci/package-and-test/rules.gitlab-ci.yml @@ -8,11 +8,8 @@ # FF changes .feature-flags-set: &feature-flags-set - if: $QA_FEATURE_FLAGS != "" + if: $QA_FEATURE_FLAGS =~ /enabled|disabled/ -# Only deleted feature flags -.feature-flags-deleted: &feature-flags-deleted - if: $QA_FEATURE_FLAGS != "" && $QA_FEATURE_FLAGS !~ /enabled|disabled/ # Manually trigger job on ff changes but with default ff state instead of inverted .feature-flags-set-manual: &feature-flags-set-manual @@ -20,14 +17,17 @@ when: manual allow_failure: true -# QA framework changes present -.qa-framework-changes: &qa-framework-changes - if: $QA_FRAMEWORK_CHANGES == "true" +# Run all tests when framework changes present, full suite execution is explicitly enabled or a feature flag file is removed +.qa-run-all-tests: &qa-run-all-tests + if: $QA_FRAMEWORK_CHANGES == "true" || $QA_RUN_ALL_TESTS == "true" || $QA_FEATURE_FLAGS =~ /deleted/ # Process test results (notify failure to slack, create test session report, relate test failures) .process-test-results: &process-test-results if: $PROCESS_TEST_RESULTS == "true" +.not-canonical-project: ¬-canonical-project + if: '$CI_PROJECT_PATH != "gitlab-org/gitlab" && $CI_PROJECT_PATH != "gitlab-cn/gitlab"' + # Selective test execution against omnibus instance have following execution scenarios: # * only e2e spec files changed - runs only changed specs # * qa framework changes - runs full test suite @@ -55,6 +55,12 @@ when: never - when: always +.rules:update-cache: + rules: + - <<: *not-canonical-project + when: never + - when: always + # ------------------------------------------ # Test # ------------------------------------------ @@ -72,17 +78,12 @@ variables: QA_TESTS: "" -.rules:test:feature-flags-deleted: - rules: - - <<: *feature-flags-deleted - when: never - # parallel and non parallel rules are used for jobs that require parallel execution and thus need to switch # between parallel and non parallel when only certain specs are executed .rules:test:qa-non-parallel: rules: # always run parallel with full suite when framework changes present or ff state changed - - <<: *qa-framework-changes + - <<: *qa-run-all-tests when: never - <<: *all-specs when: never @@ -91,7 +92,7 @@ .rules:test:qa-parallel: rules: - - *qa-framework-changes + - *qa-run-all-tests - <<: *specific-specs when: manual allow_failure: true @@ -102,7 +103,7 @@ # general qa job rule for jobs without the need to run in parallel .rules:test:qa: rules: - - *qa-framework-changes + - *qa-run-all-tests - *feature-flags-set-manual .rules:test:update: @@ -124,4 +125,6 @@ .rules:report:process-results: rules: + - <<: *not-canonical-project + when: never - *process-test-results diff --git a/.gitlab/ci/package-and-test/variables.gitlab-ci.yml b/.gitlab/ci/package-and-test/variables.gitlab-ci.yml index cd22fa0e6e4..838de6bdd3a 100644 --- a/.gitlab/ci/package-and-test/variables.gitlab-ci.yml +++ b/.gitlab/ci/package-and-test/variables.gitlab-ci.yml @@ -1,6 +1,8 @@ # Default variables for package-and-test variables: + REGISTRY_HOST: "registry.gitlab.com" + REGISTRY_GROUP: "gitlab-org" SKIP_REPORT_IN_ISSUES: "true" OMNIBUS_GITLAB_CACHE_UPDATE: "false" OMNIBUS_GITLAB_RUBY3_BUILD: "false" diff --git a/.gitlab/ci/pages.gitlab-ci.yml b/.gitlab/ci/pages.gitlab-ci.yml index 1f9f57cfc22..ea4319809f9 100644 --- a/.gitlab/ci/pages.gitlab-ci.yml +++ b/.gitlab/ci/pages.gitlab-ci.yml @@ -10,20 +10,18 @@ pages: environment: pages resource_group: pages needs: - - job: "rspec:coverage" - - job: "coverage-frontend" - - job: "compile-production-assets" - - job: "compile-storybook" - # `update-tests-metadata` only runs on GitLab.com's EE schedules pipelines - # while `pages` runs for all the maintenance scheduled pipelines. - - job: "update-tests-metadata" - optional: true + - "rspec:coverage" + - "coverage-frontend" + - "compile-production-assets" + - "compile-storybook" + - "update-tests-metadata" + - "generate-frontend-fixtures-mapping" before_script: - apt-get update && apt-get -y install brotli gzip script: - mv public/ .public/ - mkdir public/ - - mkdir -p public/$(dirname "$KNAPSACK_RSPEC_SUITE_REPORT_PATH") public/$(dirname "$FLAKY_RSPEC_SUITE_REPORT_PATH") public/$(dirname "$RSPEC_PACKED_TESTS_MAPPING_PATH") + - mkdir -p public/$(dirname "$KNAPSACK_RSPEC_SUITE_REPORT_PATH") public/$(dirname "$FLAKY_RSPEC_SUITE_REPORT_PATH") public/$(dirname "$RSPEC_PACKED_TESTS_MAPPING_PATH") public/$(dirname "$FRONTEND_FIXTURES_MAPPING_PATH") - mv coverage/ public/coverage-ruby/ || true - mv coverage-frontend/ public/coverage-frontend/ || true - mv storybook/public public/storybook || true @@ -31,6 +29,7 @@ pages: - mv $KNAPSACK_RSPEC_SUITE_REPORT_PATH public/$KNAPSACK_RSPEC_SUITE_REPORT_PATH || true - mv $FLAKY_RSPEC_SUITE_REPORT_PATH public/$FLAKY_RSPEC_SUITE_REPORT_PATH || true - mv $RSPEC_PACKED_TESTS_MAPPING_PATH.gz public/$RSPEC_PACKED_TESTS_MAPPING_PATH.gz || true + - mv $FRONTEND_FIXTURES_MAPPING_PATH public/$FRONTEND_FIXTURES_MAPPING_PATH || true - *compress-public artifacts: paths: diff --git a/.gitlab/ci/qa.gitlab-ci.yml b/.gitlab/ci/qa.gitlab-ci.yml index bd587cb4418..8740a5fe17d 100644 --- a/.gitlab/ci/qa.gitlab-ci.yml +++ b/.gitlab/ci/qa.gitlab-ci.yml @@ -8,7 +8,6 @@ variables: USE_BUNDLE_INSTALL: "false" SETUP_DB: "false" - QA_EXPORT_TEST_METRICS: "false" before_script: - !reference [.default-before_script, before_script] - cd qa && bundle install @@ -78,8 +77,8 @@ e2e:package-and-test: SKIP_MESSAGE: Skipping package-and-test due to mr containing only quarantine changes! RELEASE: "${REGISTRY_HOST}/${REGISTRY_GROUP}/build/omnibus-gitlab-mirror/gitlab-ee:${CI_COMMIT_SHA}" GITLAB_QA_IMAGE: "${CI_REGISTRY_IMAGE}/gitlab-ee-qa:${CI_COMMIT_SHA}" - RUN_WITH_BUNDLE: "true" # instructs pipeline to install and run gitlab-qa gem via bundler - QA_PATH: qa # sets the optional path for bundler to run from + RUN_WITH_BUNDLE: "true" # instructs pipeline to install and run gitlab-qa gem via bundler + QA_PATH: qa # sets the optional path for bundler to run from trigger: strategy: depend forward: diff --git a/.gitlab/ci/rails.gitlab-ci.yml b/.gitlab/ci/rails.gitlab-ci.yml index c60f85634b6..f4f832b84d0 100644 --- a/.gitlab/ci/rails.gitlab-ci.yml +++ b/.gitlab/ci/rails.gitlab-ci.yml @@ -574,11 +574,6 @@ rspec-ee unit pg12 es8: - .rspec-ee-base-pg12-es8 - .rspec-ee-unit-parallel -rspec-ee unit pg12 opensearch1: - extends: - - .rspec-ee-base-pg12-opensearch1 - - .rspec-ee-unit-parallel - rspec-ee unit pg12 minimal: extends: - rspec-ee unit pg12 @@ -602,11 +597,6 @@ rspec-ee integration pg12 es8: - .rspec-ee-base-pg12-es8 - .rspec-ee-integration-parallel -rspec-ee integration pg12 opensearch1: - extends: - - .rspec-ee-base-pg12-opensearch1 - - .rspec-ee-integration-parallel - rspec-ee integration pg12 minimal: extends: - rspec-ee integration pg12 @@ -630,11 +620,6 @@ rspec-ee system pg12 es8: - .rspec-ee-base-pg12-es8 - .rspec-ee-system-parallel -rspec-ee system pg12 opensearch1: - extends: - - .rspec-ee-base-pg12-opensearch1 - - .rspec-ee-system-parallel - rspec-ee system pg12 minimal: extends: - rspec-ee system pg12 @@ -743,6 +728,61 @@ rspec-ee system pg11: - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only - .rspec-ee-system-parallel +# PG12 +rspec-ee unit pg12 es7: + extends: + - .rspec-ee-base-pg12-es7 + - .rspec-ee-unit-parallel + - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only + +rspec-ee unit pg12 opensearch1: + extends: + - .rspec-ee-base-pg12-opensearch1 + - .rspec-ee-unit-parallel + - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only + +rspec-ee unit pg12 opensearch2: + extends: + - .rspec-ee-base-pg12-opensearch2 + - .rspec-ee-unit-parallel + - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only + +rspec-ee integration pg12 es7: + extends: + - .rspec-ee-base-pg12-es7 + - .rspec-ee-integration-parallel + - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only + +rspec-ee integration pg12 opensearch1: + extends: + - .rspec-ee-base-pg12-opensearch1 + - .rspec-ee-integration-parallel + - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only + +rspec-ee integration pg12 opensearch2: + extends: + - .rspec-ee-base-pg12-opensearch2 + - .rspec-ee-integration-parallel + - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only + +rspec-ee system pg12 es7: + extends: + - .rspec-ee-base-pg12-es7 + - .rspec-ee-system-parallel + - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only + +rspec-ee system pg12 opensearch1: + extends: + - .rspec-ee-base-pg12-opensearch1 + - .rspec-ee-system-parallel + - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only + +rspec-ee system pg12 opensearch2: + extends: + - .rspec-ee-base-pg12-opensearch2 + - .rspec-ee-system-parallel + - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only + # PG13 rspec-ee migration pg13: extends: diff --git a/.gitlab/ci/rails/shared.gitlab-ci.yml b/.gitlab/ci/rails/shared.gitlab-ci.yml index 60c9826abfe..d47bac5e433 100644 --- a/.gitlab/ci/rails/shared.gitlab-ci.yml +++ b/.gitlab/ci/rails/shared.gitlab-ci.yml @@ -109,12 +109,18 @@ include: .rspec-ee-base-pg11: extends: - .rspec-base - - .use-pg11-ee + - .use-pg11-es7-ee .rspec-ee-base-pg12: extends: - .rspec-base - - .use-pg12-ee + - .use-pg12-es7-ee + +.rspec-ee-base-pg12-es7: + extends: + - .rspec-base + - .use-pg12-es7-ee + - .rails:rules:run-search-tests .rspec-ee-base-pg12-es8: extends: @@ -128,10 +134,16 @@ include: - .use-pg12-opensearch1-ee - .rails:rules:run-search-tests +.rspec-ee-base-pg12-opensearch2: + extends: + - .rspec-base + - .use-pg12-opensearch2-ee + - .rails:rules:run-search-tests + .rspec-ee-base-pg13: extends: - .rspec-base - - .use-pg13-ee + - .use-pg13-es7-ee .db-job-base: extends: diff --git a/.gitlab/ci/reports.gitlab-ci.yml b/.gitlab/ci/reports.gitlab-ci.yml index 52ed85190ec..5fdcdc12fc8 100644 --- a/.gitlab/ci/reports.gitlab-ci.yml +++ b/.gitlab/ci/reports.gitlab-ci.yml @@ -40,22 +40,6 @@ brakeman-sast: semgrep-sast: rules: !reference [".reports:rules:semgrep-sast", rules] -gosec-sast: - variables: - GOPATH: "$CI_PROJECT_DIR/vendor/go" - COMPILE: "false" - GOSEC_GO_PKG_PATH: "$CI_PROJECT_DIR" - SECURE_LOG_LEVEL: "debug" - before_script: - - mkdir -p $GOPATH - - cd workhorse - - go get -d ./... - - cd .. - cache: - paths: - - vendor/go - rules: !reference [".reports:rules:gosec-sast", rules] - .secret-analyzer: extends: .default-retry stage: lint diff --git a/.gitlab/ci/review-apps/dast-api.gitlab-ci.yml b/.gitlab/ci/review-apps/dast-api.gitlab-ci.yml index e2f32f120af..4d35a282037 100644 --- a/.gitlab/ci/review-apps/dast-api.gitlab-ci.yml +++ b/.gitlab/ci/review-apps/dast-api.gitlab-ci.yml @@ -2,13 +2,34 @@ include: - template: DAST-API.gitlab-ci.yml dast_api: + needs: ["review-deploy"] + # Uncomment resource_group if DAST_API_PROFILE is changed to an active scan + # resource_group: dast_api_scan + rules: + - when: never + +dast_api_graphql: + extends: dast_api variables: - DAST_API_PROFILE: Passive DAST_API_GRAPHQL: /api/graphql + DAST_API_PROFILE: Passive + DAST_API_TARGET_URL: ${CI_ENVIRONMENT_URL} + DAST_API_OVERRIDES_ENV: "{\"headers\":{\"Authorization\":\"Bearer $REVIEW_APPS_ROOT_TOKEN\"}}" + rules: + - !reference [".reports:rules:schedule-dast", rules] + # + # To run this job in an MR pipeline, use this rule: + # - !reference [".reports:rules:test-dast", rules] + +dast_api_rest: + extends: dast_api + variables: + DAST_API_OPENAPI: doc/api/openapi/openapi_v2.yaml + DAST_API_PROFILE: Passive DAST_API_TARGET_URL: ${CI_ENVIRONMENT_URL} DAST_API_OVERRIDES_ENV: "{\"headers\":{\"Authorization\":\"Bearer $REVIEW_APPS_ROOT_TOKEN\"}}" - needs: ["review-deploy"] - # Uncomment resource_group if DAST_API_PROFILE is changed to an active scan - # resource_group: dast_api_scan rules: - !reference [".reports:rules:schedule-dast", rules] + # + # To run this job in an MR pipeline, use this rule: + # - !reference [".reports:rules:test-dast", rules] diff --git a/.gitlab/ci/review-apps/main.gitlab-ci.yml b/.gitlab/ci/review-apps/main.gitlab-ci.yml index d3f5d014464..85c5c7d1b1d 100644 --- a/.gitlab/ci/review-apps/main.gitlab-ci.yml +++ b/.gitlab/ci/review-apps/main.gitlab-ci.yml @@ -32,14 +32,15 @@ review-build-cng-env: extends: - .default-retry - .review:rules:review-build-cng - image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:3.0-alpine3.13 + image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}:bundler-2.3 stage: prepare needs: [] before_script: - source ./scripts/utils.sh - install_gitlab_gem script: - - 'ruby -r./scripts/trigger-build.rb -e "puts Trigger.variables_for_env_file(Trigger::CNG.new.variables)" > build.env' + - ruby -r./scripts/trigger-build.rb -e "puts Trigger.variables_for_env_file(Trigger::CNG.new.variables)" > build.env + - ruby -e 'puts "FULL_RUBY_VERSION=#{RUBY_VERSION}"' >> build.env - cat build.env artifacts: reports: @@ -70,12 +71,14 @@ review-build-cng: FORCE_RAILS_IMAGE_BUILDS: "${FORCE_RAILS_IMAGE_BUILDS}" CE_PIPELINE: "${CE_PIPELINE}" # Based on https://docs.gitlab.com/ee/ci/jobs/job_control.html#check-if-a-variable-exists, `if: '$CE_PIPELINE'` will evaluate to `false` when this variable is empty EE_PIPELINE: "${EE_PIPELINE}" # Based on https://docs.gitlab.com/ee/ci/jobs/job_control.html#check-if-a-variable-exists, `if: '$EE_PIPELINE'` will evaluate to `false` when this variable is empty - GITLAB_SHELL_VERSION: "${GITLAB_SHELL_VERSION}" GITLAB_ELASTICSEARCH_INDEXER_VERSION: "${GITLAB_ELASTICSEARCH_INDEXER_VERSION}" GITLAB_KAS_VERSION: "${GITLAB_KAS_VERSION}" - GITLAB_WORKHORSE_VERSION: "${GITLAB_WORKHORSE_VERSION}" + GITLAB_METRICS_EXPORTER_VERSION: "${GITLAB_METRICS_EXPORTER_VERSION}" GITLAB_PAGES_VERSION: "${GITLAB_PAGES_VERSION}" + GITLAB_SHELL_VERSION: "${GITLAB_SHELL_VERSION}" + GITLAB_WORKHORSE_VERSION: "${GITLAB_WORKHORSE_VERSION}" GITALY_SERVER_VERSION: "${GITALY_SERVER_VERSION}" + RUBY_VERSION: "${FULL_RUBY_VERSION}" trigger: project: gitlab-org/build/CNG-mirror branch: $TRIGGER_BRANCH @@ -88,9 +91,9 @@ review-build-cng: variables: HOST_SUFFIX: "${CI_ENVIRONMENT_SLUG}" DOMAIN: "-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}" - GITLAB_HELM_CHART_REF: "138c146a5ba787942f66d4c7d795d224d6ba206a" + GITLAB_HELM_CHART_REF: "ed813953079c1d81aa69d4cb8171c69aa9741f01" # 6.5.4: https://gitlab.com/gitlab-org/charts/gitlab/-/commit/ed813953079c1d81aa69d4cb8171c69aa9741f01 environment: - name: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE} # No separator for SCHEDULE_TYPE so it's compatible as before and looks nice without it + name: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE} # No separator for SCHEDULE_TYPE so it's compatible as before and looks nice without it url: https://gitlab-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN} on_stop: review-stop auto_stop_in: 48 hours @@ -113,11 +116,11 @@ review-deploy: - echo "QA_GITLAB_URL=${CI_ENVIRONMENT_URL}" > environment.env - *base-before_script script: - - check_kube_domain - - download_chart - - deploy || (display_deployment_debug && exit 1) - - verify_deploy || exit 1 - - disable_sign_ups || (delete_release && exit 1) + - run_timed_command "check_kube_domain" + - run_timed_command "download_chart" + - run_timed_command "deploy" || (display_deployment_debug && exit 1) + - run_timed_command "verify_deploy"|| (display_deployment_debug && exit 1) + - run_timed_command "disable_sign_ups" after_script: # Run seed-dast-test-data.sh only when DAST_RUN is set to true. This is to pupulate review app with data for DAST scan. # Set DAST_RUN to true when jobs are manually scheduled. @@ -165,14 +168,14 @@ review-delete-deployment: - .review:rules:review-delete-deployment stage: prepare script: - - delete_release + - delete_helm_release review-stop: extends: - .review-stop-base - .review:rules:review-stop - resource_group: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE} # CI_ENVIRONMENT_SLUG is not available here and we want this to be the same as the environment + resource_group: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE} # CI_ENVIRONMENT_SLUG is not available here and we want this to be the same as the environment stage: deploy needs: [] script: - - delete_namespace + - delete_helm_release diff --git a/.gitlab/ci/review-apps/qa.gitlab-ci.yml b/.gitlab/ci/review-apps/qa.gitlab-ci.yml index 0214f5ef3f2..69ce028987a 100644 --- a/.gitlab/ci/review-apps/qa.gitlab-ci.yml +++ b/.gitlab/ci/review-apps/qa.gitlab-ci.yml @@ -1,6 +1,6 @@ include: - project: gitlab-org/quality/pipeline-common - ref: 1.3.0 + ref: 1.7.0 file: - /ci/base.gitlab-ci.yml - /ci/allure-report.yml @@ -25,7 +25,7 @@ include: - cd qa && bundle install .review-qa-base: - image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-${RUBY_VERSION}:bundler-2.3-git-2.33-lfs-2.9-chrome-${CHROME_VERSION}-docker-${DOCKER_VERSION}-gcloud-383-kubectl-1.23 + image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-${RUBY_VERSION}:bundler-2.3-git-2.36-lfs-2.9-chrome-${CHROME_VERSION}-docker-${DOCKER_VERSION}-gcloud-383-kubectl-1.23 extends: - .use-docker-in-docker - .bundle-base @@ -140,13 +140,13 @@ e2e-test-report: variables: ALLURE_JOB_NAME: e2e-review-qa ALLURE_PROJECT_PATH: $CI_PROJECT_PATH - ALLURE_RESULTS_GLOB: qa/tmp/allure-results/* + ALLURE_RESULTS_GLOB: qa/tmp/allure-results ALLURE_MERGE_REQUEST_IID: $CI_MERGE_REQUEST_IID GITLAB_AUTH_TOKEN: $GITLAB_QA_MR_ALLURE_REPORT_TOKEN GIT_STRATEGY: none allow_failure: true when: always - artifacts: # re-save rspec results for displaying in parent pipeline + artifacts: # re-save rspec results for displaying in parent pipeline expire_in: 1 day when: always paths: @@ -178,7 +178,7 @@ notify-slack: extends: - .notify-slack-qa - .qa-cache - - .rules:notify-slack + - .rules:main-run stage: post-qa variables: RUN_WITH_BUNDLE: "true" @@ -188,6 +188,16 @@ notify-slack: STATUS_SYM: ☠️ STATUS: failed TYPE: "(review-app) " + when: on_failure script: - - bundle exec gitlab-qa-report --prepare-stage-reports "$CI_PROJECT_DIR/qa/tmp/rspec-*.xml" # generate summary + - bundle exec gitlab-qa-report --prepare-stage-reports "$CI_PROJECT_DIR/qa/tmp/rspec-*.xml" # generate summary - !reference [.notify-slack-qa, script] + +export-test-metrics: + extends: + - .bundle-base + - .rules:main-run + stage: post-qa + when: always + script: + - bundle exec rake "ci:export_test_metrics[tmp/test-metrics-*.json]" diff --git a/.gitlab/ci/review-apps/rules.gitlab-ci.yml b/.gitlab/ci/review-apps/rules.gitlab-ci.yml index 4e07f381bc9..49343c98547 100644 --- a/.gitlab/ci/review-apps/rules.gitlab-ci.yml +++ b/.gitlab/ci/review-apps/rules.gitlab-ci.yml @@ -15,9 +15,9 @@ .app-changes: &app-changes if: $APP_CHANGE_TRIGGER == "true" -# QA framework changes present -.qa-framework-changes: &qa-framework-changes - if: $QA_FRAMEWORK_CHANGES == "true" +# Run all tests when framework changes present or explicitly enabled full suite execution +.qa-run-all-tests: &qa-run-all-tests + if: $QA_FRAMEWORK_CHANGES == "true" || $QA_RUN_ALL_TESTS == "true" .default-branch: &default-branch if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH @@ -28,19 +28,19 @@ variables: QA_TESTS: "" -.never-when-qa-framework-changes-or-no-specific-specs: - - <<: *qa-framework-changes +.never-when-qa-run-all-tests-or-no-specific-specs: + - <<: *qa-run-all-tests when: never - <<: *all-specs when: never -.never-when-specific-specs-always-when-qa-framework-changes: +.never-when-specific-specs-always-when-qa-run-all-tests: + - *qa-run-all-tests - <<: *specific-specs when: manual allow_failure: true variables: QA_TESTS: "" - - *qa-framework-changes # ------------------------------------------ # Prepare @@ -61,8 +61,8 @@ # always trigger smoke suite if review pipeline got triggered by specific changes in application code - <<: *app-changes variables: - QA_TESTS: "" # unset QA_TESTS even if specific tests were inferred from stage label - - *qa-framework-changes + QA_TESTS: "" # unset QA_TESTS even if specific tests were inferred from stage label + - *qa-run-all-tests - if: $QA_SUITES =~ /Test::Instance::Smoke/ - *qa-manual @@ -70,25 +70,25 @@ rules: - <<: *app-changes when: never - - !reference [.never-when-qa-framework-changes-or-no-specific-specs] + - !reference [.never-when-qa-run-all-tests-or-no-specific-specs] - if: $QA_SUITES =~ /Test::Instance::ReviewBlocking/ .rules:qa-blocking-parallel: rules: # always trigger blocking suite if review pipeline got triggered by specific changes in application code - <<: *app-changes variables: - QA_TESTS: "" # unset QA_TESTS even if specific tests were inferred from stage label - - !reference [.never-when-specific-specs-always-when-qa-framework-changes] + QA_TESTS: "" # unset QA_TESTS even if specific tests were inferred from stage label + - !reference [.never-when-specific-specs-always-when-qa-run-all-tests] - if: $QA_SUITES =~ /Test::Instance::ReviewBlocking/ .rules:qa-non-blocking: rules: - - !reference [.never-when-qa-framework-changes-or-no-specific-specs] + - !reference [.never-when-qa-run-all-tests-or-no-specific-specs] - if: $QA_SUITES =~ /Test::Instance::ReviewNonBlocking/ .rules:qa-non-blocking-parallel: rules: - - !reference [.never-when-specific-specs-always-when-qa-framework-changes] - - *all-specs-mr # set full suite to manual when no specific specs passed in mr + - !reference [.never-when-specific-specs-always-when-qa-run-all-tests] + - *all-specs-mr # set full suite to manual when no specific specs passed in mr - if: $QA_SUITES =~ /Test::Instance::ReviewNonBlocking/ # ------------------------------------------ @@ -98,7 +98,6 @@ rules: - when: always -.rules:notify-slack: +.rules:main-run: rules: - - <<: *default-branch - when: on_failure + - *default-branch diff --git a/.gitlab/ci/review.gitlab-ci.yml b/.gitlab/ci/review.gitlab-ci.yml index aefa96da159..35df4de6513 100644 --- a/.gitlab/ci/review.gitlab-ci.yml +++ b/.gitlab/ci/review.gitlab-ci.yml @@ -3,27 +3,23 @@ review-cleanup: - .default-retry - .review:rules:review-cleanup image: ${REVIEW_APPS_IMAGE} - resource_group: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE} # CI_ENVIRONMENT_SLUG is not available here and we want this to be the same as the environment stage: prepare environment: - name: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE} # No separator for SCHEDULE_TYPE so it's compatible as before and looks nice without it + name: review/regular-cleanup action: stop before_script: - source scripts/utils.sh - - source scripts/review_apps/review-apps.sh - source scripts/review_apps/gcp_cleanup.sh - install_gitlab_gem - setup_gcp_dependencies script: - - delete_release - - delete_namespace - scripts/review_apps/automated_cleanup.rb - gcp_cleanup start-review-app-pipeline: extends: - .review:rules:start-review-app-pipeline - resource_group: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE} # CI_ENVIRONMENT_SLUG is not available here and we want this to be the same as the environment + resource_group: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE} # CI_ENVIRONMENT_SLUG is not available here and we want this to be the same as the environment stage: review needs: - job: e2e-test-pipeline-generate diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml index afe900f39a6..c6cfb491e61 100644 --- a/.gitlab/ci/rules.gitlab-ci.yml +++ b/.gitlab/ci/rules.gitlab-ci.yml @@ -5,19 +5,23 @@ if: '$CI_PROJECT_NAMESPACE !~ /^gitlab(-org)?($|\/)/' .if-not-ee: &if-not-ee - if: '$CI_PROJECT_NAME !~ /^gitlab(-ee)?$/' + # Only consider FOSS not EE + if: '$CI_PROJECT_NAME !~ /^gitlab(-ee)?$/ && $CI_PROJECT_NAME !~ /^gitlab-jh/' .if-not-foss: &if-not-foss if: '$CI_PROJECT_NAME != "gitlab-foss" && $CI_PROJECT_NAME != "gitlab-ce" && $CI_PROJECT_NAME != "gitlabhq"' .if-jh: &if-jh - if: '$CI_PROJECT_PATH =~ /^gitlab-(jh|cn)\/.*/' + # Example of these projects: + # https://jihulab.com/gitlab-cn/gitlab + # https://gitlab.com/gitlab-org-sandbox/gitlab-jh-validation + if: '$CI_PROJECT_PATH =~ /^gitlab-(jh|cn)\/.*/ || $CI_PROJECT_NAME =~ /^gitlab-jh/' .if-force-ci: &if-force-ci if: '$FORCE_GITLAB_CI' .if-default-refs: &if-default-refs - if: '$CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH || $CI_COMMIT_REF_NAME =~ /^[\d-]+-stable(-ee)?$/ || $CI_COMMIT_REF_NAME =~ /^\d+-\d+-auto-deploy-\d+$/ || $CI_COMMIT_REF_NAME =~ /^security\// || $CI_MERGE_REQUEST_IID || $CI_COMMIT_TAG || $FORCE_GITLAB_CI' + if: '$CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH || $CI_COMMIT_REF_NAME =~ /^[\d-]+-stable(-ee)?$/ || $CI_COMMIT_REF_NAME =~ /^\d+-\d+-auto-deploy-\d+$/ || $CI_COMMIT_REF_NAME =~ /^security\// || $CI_COMMIT_REF_NAME == "ruby3" || $CI_MERGE_REQUEST_IID || $CI_COMMIT_TAG || $FORCE_GITLAB_CI' .if-default-branch-refs: &if-default-branch-refs if: '$CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH && $CI_MERGE_REQUEST_IID == null' @@ -79,8 +83,11 @@ .if-merge-request-labels-group-global-search: &if-merge-request-labels-group-global-search if: '$CI_MERGE_REQUEST_LABELS =~ /group::global search/' -.if-merge-request-labels-pipeline-revert: &if-merge-request-labels-pipeline-revert - if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:revert/' +.if-merge-request-labels-pipeline-expedite-master-fixing: &if-merge-request-labels-pipeline-expedite-master-fixing + if: '$CI_MERGE_REQUEST_LABELS =~ /master:(foss-)?broken/ && $CI_MERGE_REQUEST_LABELS =~ /pipeline:expedite-master-fixing/' + +.if-merge-request-labels-frontend-and-feature-flag: &if-merge-request-labels-frontend-and-feature-flag + if: '$CI_MERGE_REQUEST_LABELS =~ /frontend/ && $CI_MERGE_REQUEST_LABELS =~ /feature flag/' .if-security-merge-request: &if-security-merge-request if: '$CI_PROJECT_NAMESPACE == "gitlab-org/security" && $CI_MERGE_REQUEST_IID' @@ -206,6 +213,9 @@ - "scripts/lint-doc.sh" - ".gitlab/ci/docs.gitlab-ci.yml" +.docs-code-quality-patterns: &docs-code-quality-patterns + - "doc/**/*.md" + .docs-deprecations-and-removals-patterns: &docs-deprecations-and-removals-patterns - "doc/update/deprecations.md" - "doc/update/removals.md" @@ -275,7 +285,7 @@ - "Dockerfile.assets" - "config/**/*.js" - "vendor/assets/**/*" - - "{app/assets,app/components,app/helpers,app/presenters,app/views,locale,public,spec/frontend,symbol}/**/*" + - "{app/assets,app/components,app/helpers,app/presenters,app/views,locale,public,spec/frontend,storybook,symbol}/**/*" .controllers-patterns: &controllers-patterns - "{,ee/,jh/}{app/controllers}/**/*" @@ -390,7 +400,7 @@ - "Rakefile" - "tests.yml" - "config.ru" - - "{,ee/,jh/}{app,bin,config,db,generator_templates,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*" + - "{,ee/,jh/}{app,bin,config,db,generator_templates,haml_lint,lib,locale,public,scripts,storybook,symbol,vendor}/**/*" - "doc/api/graphql/reference/*" # Files in this folder are auto-generated # CI changes - ".gitlab-ci.yml" @@ -447,7 +457,7 @@ - "Rakefile" - "tests.yml" - "config.ru" - - "{,ee/,jh/}{app,bin,config,db,generator_templates,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*" + - "{,ee/,jh/}{app,bin,config,db,generator_templates,haml_lint,lib,locale,public,scripts,storybook,symbol,vendor}/**/*" - "doc/api/graphql/reference/*" # Files in this folder are auto-generated # CI changes - ".gitlab-ci.yml" @@ -466,6 +476,9 @@ - "data/whats_new/*.yml" # .code-backstage-qa-patterns + .workhorse-patterns +# NOTE: `setup-test-env-patterns` intentionally does not include docs files, because this would +# result in docs-only pipelines having failures of jobs which use `setup-test-env-patterns` +# in their rules and thus require `setup-test-env`, which isn't present in docs-only pipelines. .setup-test-env-patterns: &setup-test-env-patterns - "{package.json,yarn.lock}" - ".browserslistrc" @@ -481,7 +494,7 @@ - "Rakefile" - "tests.yml" - "config.ru" - - "{,ee/,jh/}{app,bin,config,db,generator_templates,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*" + - "{,ee/,jh/}{app,bin,config,db,generator_templates,haml_lint,lib,locale,public,scripts,storybook,symbol,vendor}/**/*" - "doc/api/graphql/reference/*" # Files in this folder are auto-generated - "data/whats_new/*.yml" # CI changes @@ -504,6 +517,8 @@ # CI Templates changes - "scripts/lint_templates_bash.rb" - "lib/gitlab/ci/templates/**/*.gitlab-ci.yml" + # GLFM specification changes + - "glfm_specification/**/*" .static-analysis-patterns: &static-analysis-patterns - ".{codeclimate,eslintrc,haml-lint,haml-lint_todo}.yml" @@ -535,9 +550,16 @@ .feature-flag-development-config-patterns: &feature-flag-development-config-patterns - "{,ee/,jh/}config/feature_flags/{development,ops}/*.yml" +.glfm-patterns: &glfm-patterns + - ".gitlab/ci/rules.gitlab-ci.yml" + - "glfm_specification/**/*" + - "scripts/glfm/**/*" + - "scripts/lib/glfm/**/*" + ################## # Conditions set # ################## + .strict-ee-only-rules: rules: - <<: *if-not-ee @@ -545,6 +567,13 @@ - <<: *if-jh when: never +.as-if-jh-default-exclusion-rules: + rules: + - <<: *if-security-merge-request + when: never + - <<: *if-merge-request-targeting-stable-branch + when: never + .rails:rules:minimal-default-rules: rules: - <<: *if-merge-request-approved @@ -558,6 +587,8 @@ rules: - <<: *if-merge-request-labels-group-global-search changes: *search-backend-patterns + - <<: *if-merge-request-labels-group-global-search + changes: *ci-patterns .rails:rules:ee-and-foss-default-rules: rules: @@ -636,7 +667,8 @@ .shared:rules:update-gitaly-binaries-cache: rules: - <<: *if-merge-request-labels-update-caches - - changes: *gitaly-patterns + - <<: *if-default-refs + changes: *gitaly-patterns ###################### # Build images rules # @@ -653,7 +685,11 @@ changes: *code-qa-patterns - <<: *if-auto-deploy-branches - <<: *if-default-branch-or-tag + variables: + ARCH: amd64,arm64 - <<: *if-dot-com-gitlab-org-schedule + variables: + ARCH: amd64,arm64 - <<: *if-force-ci - <<: *if-ruby3-branch @@ -665,8 +701,10 @@ - <<: *if-merge-request-labels-run-review-app - <<: *if-auto-deploy-branches - <<: *if-ruby3-branch - - changes: *ci-build-images-patterns - - changes: *code-qa-patterns + - <<: *if-default-refs + changes: *ci-build-images-patterns + - <<: *if-default-refs + changes: *code-qa-patterns ################# # Caching rules # @@ -760,6 +798,12 @@ when: manual allow_failure: true +.docs:rules:docs-code-quality: + rules: + - <<: *if-default-branch-refs + - <<: *if-default-refs + changes: *docs-code-quality-patterns + .docs:rules:docs-lint: rules: - <<: *if-default-refs @@ -771,6 +815,36 @@ changes: *docs-deprecations-and-removals-patterns ################## +# GLFM rules # +################## +.glfm:rules:glfm-verify: + # NOTES ON RULES: + # 1. We only run this job in EE because some of the markdown examples in the generated files depend + # on EE-only features. This means that it may fail when it is first run in a full EE pipeline. + # 2. We run this job for the `.setup-test-env-patterns` subset of file changes because: + # A. There are potentially many different source files within the codebase which could + # change the contents of the generated GLFM files, and it is therefore safer to always + # run this job to ensure that no changes are missed. + # B. The `.setup-test-env-patterns` restriction is needed because the job `needs` the + # `setup-test-env` job. + # See more context on each rule in the inline comments below: + rules: + # The `glfm-verify` job has dependencies on EE, so only run it for EE + - !reference [".strict-ee-only-rules", rules] + # If any of the files that are DIRECTLY related to generating or managing the GLFM specification change, + # run `glfm-verify` to get quick feedback on any needed updates, even if the MR is not yet approved + - changes: *glfm-patterns + # Otherwise do not run `glfm-verify` if the MR is not approved + - <<: *if-merge-request-not-approved + when: never + # If we passed all the previous rules, run `glfm-verify` if there are any changes that could impact `glfm-verify`. + # This could potentially be a wide range of files, so we reuse `setup-test-env-patterns`, which includes + # almost all app files except docs files. + - changes: *setup-test-env-patterns + # If we are forcing all rspec to run, run this job too. + - <<: *if-merge-request-labels-run-all-rspec + +################## # GraphQL rules # ################## .graphql:rules:graphql-verify: @@ -786,6 +860,8 @@ .frontend:rules:minimal-default-rules: rules: + - <<: *if-merge-request-approved + when: never - <<: *if-automated-merge-request when: never - <<: *if-security-merge-request @@ -798,15 +874,21 @@ - <<: *if-merge-request-targeting-stable-branch - <<: *if-merge-request-labels-run-review-app - <<: *if-auto-deploy-branches - - changes: *ci-build-images-patterns - - changes: *code-qa-patterns - - changes: *workhorse-patterns + - <<: *if-ruby3-branch + - <<: *if-default-refs + changes: *ci-build-images-patterns + - <<: *if-default-refs + changes: *code-qa-patterns + - <<: *if-default-refs + changes: *workhorse-patterns .frontend:rules:compile-test-assets: rules: - <<: *if-merge-request-labels-run-all-rspec - - changes: *code-backstage-qa-patterns - - changes: *workhorse-patterns + - <<: *if-default-refs + changes: *code-backstage-qa-patterns + - <<: *if-default-refs + changes: *workhorse-patterns .frontend:rules:compile-test-assets-as-if-foss: rules: @@ -814,14 +896,18 @@ when: never - <<: *if-merge-request-labels-as-if-foss - <<: *if-merge-request-labels-run-all-rspec - - changes: *code-backstage-qa-patterns - - changes: *startup-css-patterns - - changes: *workhorse-patterns + - <<: *if-default-refs + changes: *code-backstage-qa-patterns + - <<: *if-default-refs + changes: *startup-css-patterns + - <<: *if-default-refs + changes: *workhorse-patterns .frontend:rules:default-frontend-jobs: rules: - <<: *if-merge-request-labels-run-all-rspec - - changes: *code-backstage-patterns + - <<: *if-default-refs + changes: *code-backstage-patterns .frontend:rules:default-frontend-jobs-as-if-foss: rules: @@ -832,11 +918,14 @@ - <<: *if-merge-request-labels-run-all-rspec - <<: *if-merge-request changes: *startup-css-patterns + - <<: *if-merge-request + changes: *frontend-patterns-for-as-if-foss .frontend:rules:frontend_fixture-as-if-foss: rules: - !reference [".strict-ee-only-rules", rules] - !reference [".frontend:rules:default-frontend-jobs-as-if-foss", rules] + - <<: *if-merge-request-labels-run-all-jest - <<: *if-merge-request changes: *frontend-patterns-for-as-if-foss @@ -845,13 +934,18 @@ - <<: *if-fork-merge-request when: never - <<: *if-merge-request-labels-run-all-jest + - <<: *if-merge-request-labels-frontend-and-feature-flag + - <<: *if-merge-request + changes: *frontend-dependency-patterns - <<: *if-merge-request changes: [".gitlab/ci/rules.gitlab-ci.yml", ".gitlab/ci/frontend.gitlab-ci.yml"] - <<: *if-automated-merge-request changes: *code-backstage-patterns - <<: *if-security-merge-request changes: *code-backstage-patterns - - <<: *if-default-branch-refs + - <<: *if-merge-request-not-approved + when: never + - <<: *if-default-refs changes: *code-backstage-patterns .frontend:rules:jest:minimal: @@ -861,10 +955,13 @@ - !reference [".frontend:rules:minimal-default-rules", rules] - <<: *if-merge-request-labels-run-all-jest when: never - - changes: *core-frontend-patterns + - <<: *if-merge-request-labels-frontend-and-feature-flag when: never - <<: *if-merge-request - changes: *ci-patterns + changes: *frontend-dependency-patterns + when: never + - <<: *if-merge-request + changes: [".gitlab/ci/rules.gitlab-ci.yml", ".gitlab/ci/frontend.gitlab-ci.yml"] when: never - <<: *if-merge-request changes: *code-backstage-patterns @@ -874,15 +971,26 @@ - !reference [".strict-ee-only-rules", rules] - <<: *if-merge-request-labels-as-if-foss - <<: *if-merge-request-labels-run-all-jest + - <<: *if-merge-request + changes: *frontend-dependency-patterns - <<: *if-security-merge-request changes: *code-backstage-patterns + - <<: *if-merge-request-not-approved + when: never + - <<: *if-merge-request + changes: *frontend-patterns-for-as-if-foss .frontend:rules:jest:minimal:as-if-foss: rules: - !reference [".strict-ee-only-rules", rules] - !reference [".frontend:rules:minimal-default-rules", rules] + - <<: *if-merge-request-labels-as-if-foss + when: never - <<: *if-merge-request-labels-run-all-jest when: never + - <<: *if-merge-request + changes: *frontend-dependency-patterns + when: never - <<: *if-fork-merge-request when: never - <<: *if-merge-request @@ -899,7 +1007,7 @@ rules: - <<: *if-not-ee when: never - - <<: *if-merge-request-labels-pipeline-revert + - <<: *if-merge-request-labels-pipeline-expedite-master-fixing when: never - <<: *if-merge-request changes: *code-backstage-patterns @@ -941,6 +1049,18 @@ - <<: *if-default-refs changes: *code-patterns +########## +# Notify # +########## +.notify:rules:notify-pipeline-failure: + rules: + # Don't report child pipeline failures + - if: '$CI_PIPELINE_SOURCE == "parent_pipeline"' + when: never + - if: '$CI_SLACK_WEBHOOK_URL && $NOTIFY_PIPELINE_FAILURE_CHANNEL' + when: on_failure + allow_failure: true + ############### # Pages rules # ############### @@ -996,7 +1116,7 @@ when: never - <<: *if-not-ee when: never - - <<: *if-merge-request-labels-pipeline-revert + - <<: *if-merge-request-labels-pipeline-expedite-master-fixing when: never - <<: *if-merge-request-targeting-stable-branch allow_failure: true @@ -1031,6 +1151,8 @@ SKIP_REPORT_IN_ISSUES: "false" PROCESS_TEST_RESULTS: "true" KNAPSACK_GENERATE_REPORT: "true" + QA_SAVE_TEST_METRICS: "true" + QA_EXPORT_TEST_METRICS: "false" # on main runs, metrics are exported to separate bucket via rake task for better consistency - <<: *if-force-ci when: manual allow_failure: true @@ -1040,7 +1162,8 @@ ############### .rails:rules:setup-test-env: rules: - - changes: *setup-test-env-patterns + - <<: *if-default-refs + changes: *setup-test-env-patterns - <<: *if-merge-request-labels-run-all-rspec .rails:rules:single-db: @@ -1072,7 +1195,8 @@ changes: *db-patterns - <<: *if-merge-request-not-approved when: never - - changes: *db-patterns + - <<: *if-default-refs + changes: *db-patterns .rails:rules:ee-and-foss-migration:minimal: rules: @@ -1105,7 +1229,8 @@ - <<: *if-fork-merge-request when: never - !reference [".rails:rules:ee-and-foss-default-rules", rules] - - changes: *backend-patterns + - <<: *if-default-refs + changes: *backend-patterns .rails:rules:ee-and-foss-unit:minimal: rules: @@ -1121,7 +1246,8 @@ - <<: *if-fork-merge-request when: never - !reference [".rails:rules:ee-and-foss-default-rules", rules] - - changes: *backend-patterns + - <<: *if-default-refs + changes: *backend-patterns .rails:rules:ee-and-foss-integration:minimal: rules: @@ -1137,7 +1263,8 @@ - <<: *if-fork-merge-request when: never - !reference [".rails:rules:system-default-rules", rules] - - changes: *code-backstage-patterns + - <<: *if-default-refs + changes: *code-backstage-patterns .rails:rules:ee-and-foss-system:minimal: rules: @@ -1151,11 +1278,13 @@ - <<: *if-merge-request-labels-run-all-rspec - <<: *if-merge-request changes: *backend-patterns - - changes: *core-backend-patterns + - <<: *if-default-refs + changes: *core-backend-patterns .rails:rules:code-backstage-qa: rules: - - changes: *code-backstage-qa-patterns + - <<: *if-default-refs + changes: *code-backstage-qa-patterns - <<: *if-merge-request-labels-run-all-rspec .rails:rules:ee-only-migration: @@ -1175,7 +1304,8 @@ changes: *db-patterns - <<: *if-merge-request-not-approved when: never - - changes: *db-patterns + - <<: *if-default-refs + changes: *db-patterns .rails:rules:ee-only-migration:minimal: rules: @@ -1196,7 +1326,8 @@ - <<: *if-fork-merge-request when: never - !reference [".rails:rules:ee-and-foss-default-rules", rules] - - changes: *backend-patterns + - <<: *if-default-refs + changes: *backend-patterns .rails:rules:ee-only-unit:minimal: rules: @@ -1216,7 +1347,8 @@ - <<: *if-fork-merge-request when: never - !reference [".rails:rules:ee-and-foss-default-rules", rules] - - changes: *backend-patterns + - <<: *if-default-refs + changes: *backend-patterns .rails:rules:ee-only-integration:minimal: rules: @@ -1236,7 +1368,8 @@ - <<: *if-fork-merge-request when: never - !reference [".rails:rules:system-default-rules", rules] - - changes: *code-backstage-patterns + - <<: *if-default-refs + changes: *code-backstage-patterns .rails:rules:ee-only-system:minimal: rules: @@ -1350,7 +1483,8 @@ .rails:rules:ee-and-foss-db-library-code: rules: - - changes: *db-library-patterns + - <<: *if-default-refs + changes: *db-library-patterns - <<: *if-merge-request-labels-run-all-rspec .rails:rules:ee-mr-and-default-branch-only: @@ -1366,8 +1500,10 @@ .rails:rules:detect-tests: rules: - <<: *if-merge-request-labels-run-all-rspec - - changes: *code-backstage-qa-patterns - - changes: *workhorse-patterns + - <<: *if-default-refs + changes: *code-backstage-qa-patterns + - <<: *if-default-refs + changes: *workhorse-patterns .rails:rules:detect-previous-failed-tests: rules: @@ -1419,7 +1555,7 @@ rules: - <<: *if-not-ee when: never - - <<: *if-merge-request-labels-pipeline-revert + - <<: *if-merge-request-labels-pipeline-expedite-master-fixing when: never - <<: *if-merge-request changes: *code-backstage-patterns @@ -1430,7 +1566,7 @@ rules: - <<: *if-not-ee when: never - - <<: *if-merge-request-labels-pipeline-revert + - <<: *if-merge-request-labels-pipeline-expedite-master-fixing when: never - <<: *if-merge-request-labels-skip-undercoverage when: never @@ -1458,13 +1594,14 @@ rules: - <<: *if-not-ee when: never - - changes: *code-backstage-patterns + - <<: *if-default-refs + changes: *code-backstage-patterns .rails:rules:flaky-tests-report: rules: - <<: *if-not-ee when: never - - <<: *if-merge-request-labels-pipeline-revert + - <<: *if-merge-request-labels-pipeline-expedite-master-fixing when: never - if: '$SKIP_FLAKY_TESTS_AUTOMATICALLY == "true" || $RETRY_FAILED_TESTS_IN_NEW_PROCESS == "true"' changes: *code-backstage-patterns @@ -1476,38 +1613,51 @@ .static-analysis:rules:static-analysis: rules: - - changes: *code-backstage-qa-patterns - - changes: *static-analysis-patterns + - <<: *if-default-refs + changes: *code-backstage-qa-patterns + - <<: *if-default-refs + changes: *static-analysis-patterns .static-analysis:rules:static-verification-with-database: rules: - - changes: *code-backstage-qa-patterns + - <<: *if-default-refs + changes: *code-backstage-qa-patterns .static-analysis:rules:rubocop: rules: - - changes: *rubocop-patterns + - <<: *if-default-refs + changes: *rubocop-patterns variables: RUN_ALL_RUBOCOP: "true" - - changes: *code-backstage-qa-patterns + - <<: *if-default-refs + changes: *code-backstage-qa-patterns .static-analysis:rules:qa:metadata-lint: rules: - - changes: *qa-patterns - - changes: [".gitlab/ci/static-analysis.gitlab-ci.yml"] + - <<: *if-default-refs + changes: *qa-patterns + - <<: *if-default-refs + changes: [".gitlab/ci/static-analysis.gitlab-ci.yml"] .static-analysis:rules:haml-lint: rules: - - changes: *rubocop-patterns - - changes: *static-analysis-patterns - - changes: *code-backstage-qa-patterns + - <<: *if-default-refs + changes: *rubocop-patterns + - <<: *if-default-refs + changes: *static-analysis-patterns + - <<: *if-default-refs + changes: *code-backstage-qa-patterns .static-analysis:rules:haml-lint-ee: rules: - <<: *if-not-ee when: never - - changes: *rubocop-patterns - - changes: *static-analysis-patterns - - changes: *code-backstage-qa-patterns + - <<: *if-default-refs + changes: *rubocop-patterns + - <<: *if-default-refs + changes: *static-analysis-patterns + - <<: *if-default-refs + changes: *code-backstage-qa-patterns .static-analysis:rules:static-analysis-as-if-foss: rules: @@ -1614,8 +1764,10 @@ rules: - if: '$CODE_QUALITY_DISABLED' when: never + # Run code_quality on master until https://gitlab.com/gitlab-org/gitlab/-/issues/363747 is resolved + - <<: *if-default-branch-refs - <<: *if-default-refs - changes: *code-backstage-patterns + changes: *code-backstage-qa-patterns .reports:rules:brakeman-sast: rules: @@ -1623,26 +1775,19 @@ when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /brakeman/ when: never - - changes: + - <<: *if-default-refs + changes: - '**/*.rb' - '**/Gemfile' -.reports:rules:gosec-sast: - rules: - - if: $SAST_DISABLED - when: never - - if: $SAST_EXCLUDED_ANALYZERS =~ /gosec/ - when: never - - changes: - - '**/*.go' - .reports:rules:semgrep-sast: rules: - if: $SAST_DISABLED when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /semgrep/ when: never - - changes: + - <<: *if-default-refs + changes: - '**/*.py' - '**/*.js' - '**/*.jsx' @@ -1658,7 +1803,8 @@ when: never # Scan each commit on master to feed the Vulnerability Reports with detected secrets - <<: *if-default-branch-refs - - changes: *code-backstage-qa-patterns + - <<: *if-default-refs + changes: *code-backstage-qa-patterns .reports:rules:gemnasium-dependency_scanning: rules: @@ -1666,7 +1812,8 @@ when: never # Run Dependency Scanning on master until https://gitlab.com/gitlab-org/gitlab/-/issues/361657 is resolved - <<: *if-default-branch-refs - - changes: *dependency-patterns + - <<: *if-default-refs + changes: *dependency-patterns .reports:rules:gemnasium-python-dependency_scanning: rules: @@ -1674,7 +1821,8 @@ when: never # Run Dependency Scanning on master until https://gitlab.com/gitlab-org/gitlab/-/issues/361657 is resolved - <<: *if-default-branch-refs - - changes: *python-patterns + - <<: *if-default-refs + changes: *python-patterns .reports:rules:yarn-audit-dependency_scanning: rules: @@ -1682,7 +1830,8 @@ when: never # Run Dependency Scanning on master until https://gitlab.com/gitlab-org/gitlab/-/issues/361657 is resolved - <<: *if-default-branch-refs - - changes: *nodejs-patterns + - <<: *if-default-refs + changes: *nodejs-patterns .reports:rules:schedule-dast: rules: @@ -1690,6 +1839,12 @@ when: never - <<: *if-dot-com-ee-schedule-nightly-child-pipeline +.reports:rules:test-dast: + rules: + - if: '$DAST_DISABLED || $GITLAB_FEATURES !~ /\bdast\b/' + when: never + - <<: *if-merge-request + .reports:rules:package_hunter-yarn: rules: - if: "$PACKAGE_HUNTER_USER == null || $PACKAGE_HUNTER_USER == ''" @@ -1710,7 +1865,8 @@ rules: - if: '$LICENSE_MANAGEMENT_DISABLED || $GITLAB_FEATURES !~ /\blicense_scanning\b/' when: never - - changes: *dependency-patterns + - <<: *if-default-refs + changes: *dependency-patterns ################ # Review rules # @@ -1726,33 +1882,42 @@ rules: - <<: *if-not-ee when: never - - <<: *if-merge-request-labels-pipeline-revert + - <<: *if-merge-request-labels-pipeline-expedite-master-fixing when: never - <<: *if-merge-request-labels-run-review-app - <<: *if-dot-com-gitlab-org-merge-request changes: *ci-review-patterns + when: never - <<: *if-dot-com-gitlab-org-merge-request changes: *frontend-build-patterns variables: *review-change-pattern + when: never - <<: *if-dot-com-gitlab-org-merge-request changes: *controllers-patterns variables: *review-change-pattern + when: never - <<: *if-dot-com-gitlab-org-merge-request changes: *models-patterns variables: *review-change-pattern + when: never - <<: *if-dot-com-gitlab-org-merge-request changes: *lib-gitlab-patterns variables: *review-change-pattern + when: never - <<: *if-dot-com-gitlab-org-merge-request changes: *qa-patterns + when: never - <<: *if-dot-com-gitlab-org-merge-request changes: *code-patterns when: manual allow_failure: true - <<: *if-dot-com-gitlab-org-schedule + when: never allow_failure: true variables: KNAPSACK_GENERATE_REPORT: "true" + QA_SAVE_TEST_METRICS: "true" + QA_EXPORT_TEST_METRICS: "false" # on main runs, metrics are exported to separate bucket via rake task for better consistency .review:rules:review-build-cng: rules: @@ -1783,7 +1948,7 @@ rules: - <<: *if-not-ee when: never - - <<: *if-merge-request-labels-pipeline-revert + - <<: *if-merge-request-labels-pipeline-expedite-master-fixing when: never - <<: *if-merge-request-labels-run-review-app when: manual @@ -1897,7 +2062,8 @@ - <<: *if-not-ee when: never - <<: *if-dot-com-ee-schedule-maintenance - - changes: + - <<: *if-default-refs + changes: - ".gitlab/ci/setup.gitlab-ci.yml" - ".gitlab/ci/test-metadata.gitlab-ci.yml" - "scripts/rspec_helpers.sh" @@ -1907,8 +2073,10 @@ ####################### .test-metadata:rules:retrieve-tests-metadata: rules: - - changes: *code-backstage-patterns - - changes: *workhorse-patterns + - <<: *if-default-refs + changes: *code-backstage-patterns + - <<: *if-default-refs + changes: *workhorse-patterns - <<: *if-merge-request-labels-run-all-rspec .test-metadata:rules:update-tests-metadata: @@ -1916,7 +2084,8 @@ - <<: *if-not-ee when: never - <<: *if-dot-com-ee-schedule-maintenance - - changes: + - <<: *if-default-refs + changes: - ".gitlab/ci/test-metadata.gitlab-ci.yml" - "scripts/rspec_helpers.sh" @@ -1925,7 +2094,8 @@ ################### .workhorse:rules:workhorse: rules: - - changes: *workhorse-patterns + - <<: *if-default-refs + changes: *workhorse-patterns ################### # yaml-lint rules # @@ -1944,3 +2114,21 @@ rules: - <<: *if-default-refs changes: *lint-metrics-yaml-patterns + +################## +# as-if-jh rules # +################## +.as-if-jh:rules:prepare-as-if-jh: + rules: + - !reference [".strict-ee-only-rules", rules] + - !reference [".as-if-jh-default-exclusion-rules", rules] + - <<: *if-merge-request-labels-as-if-jh + +# This rule should share the same logic with .as-if-jh:rules:prepare-as-if-jh +# Because the jobs using this need jobs using the preparation rules +.as-if-jh:rules:start-as-if-jh: + rules: + - !reference [".strict-ee-only-rules", rules] + - !reference [".as-if-jh-default-exclusion-rules", rules] + - <<: *if-merge-request-labels-as-if-jh + allow_failure: true # See https://gitlab.com/gitlab-org/gitlab/-/issues/351136 diff --git a/.gitlab/ci/static-analysis.gitlab-ci.yml b/.gitlab/ci/static-analysis.gitlab-ci.yml index 59ea665ae07..0a310691cd7 100644 --- a/.gitlab/ci/static-analysis.gitlab-ci.yml +++ b/.gitlab/ci/static-analysis.gitlab-ci.yml @@ -122,6 +122,8 @@ rubocop: needs: - job: detect-tests optional: true + variables: + RUBOCOP_TARGET_FILES: "tmp/rubocop_target_files.txt" script: - | # For non-merge request, or when RUN_ALL_RUBOCOP is 'true', run all RuboCop rules @@ -132,8 +134,13 @@ rubocop: unset CI_SLACK_WEBHOOK_URL run_timed_command "bundle exec rake rubocop:check:graceful" else - cat ${RSPEC_CHANGED_FILES_PATH} | ruby -e 'puts $stdin.read.split(" ").select { |f| File.exist?(f) }.join(" ")' > tmp/rubocop_target_files.txt - run_timed_command "bundle exec rubocop --parallel --force-exclusion $(cat tmp/rubocop_target_files.txt)" + cat "${RSPEC_CHANGED_FILES_PATH}" | ruby -e 'print $stdin.read.split(" ").select { |f| File.exist?(f) }.join(" ")' > "$RUBOCOP_TARGET_FILES" + # Skip running RuboCop if there's no target files + if [ -s "${RUBOCOP_TARGET_FILES}" ]; then + run_timed_command "bundle exec rubocop --parallel --force-exclusion $(cat ${RUBOCOP_TARGET_FILES})" + else + echoinfo "Nothing interesting changed for RuboCop. Skipping." + fi fi qa:metadata-lint: diff --git a/.gitlab/ci/workhorse.gitlab-ci.yml b/.gitlab/ci/workhorse.gitlab-ci.yml index a11d5f000cf..3aa9eaee6f8 100644 --- a/.gitlab/ci/workhorse.gitlab-ci.yml +++ b/.gitlab/ci/workhorse.gitlab-ci.yml @@ -27,7 +27,7 @@ workhorse:test go: extends: .workhorse:test parallel: matrix: - - GO_VERSION: ["1.17", "1.18", "1.19"] + - GO_VERSION: ["1.18", "1.19"] script: - make -C workhorse test-coverage coverage: '/\d+.\d+%/' diff --git a/.gitlab/issue_templates/Deprecations.md b/.gitlab/issue_templates/Deprecations.md index ef6764c3621..49f1129fe89 100644 --- a/.gitlab/issue_templates/Deprecations.md +++ b/.gitlab/issue_templates/Deprecations.md @@ -1,4 +1,4 @@ -For guidance on the overall deprecations, removals and breaking changes workflow, please visit [Breaking changes, deprecations, and removing features](https://about.gitlab.com/handbook/product/gitlab-the-product/#breaking-changes-deprecations-and-removing-features) +For guidance on the overall deprecations, removals and breaking changes workflow, please visit [Breaking changes, deprecations, and removing features](https://about.gitlab.com/handbook/product/gitlab-the-product/#deprecations-removals-and-breaking-changes) <!-- Use this template as a starting point for deprecations. --> @@ -11,7 +11,7 @@ It is recommended that you link to the documentation. The description of the deprecation should state what actions the user should take to rectify the behavior. If the deprecation is scheduled for an upcoming release, the content should remain in the deprecations documentation page until it has been completed. For example, if a deprecation is announced in 14.9 and scheduled to be completed in 15.0, the same content would be included in the documentation for 14.9, 14.10, and 15.0. -**If this issue proposes a breaking change outside a major release XX.0, you need to get approval from your manager and request collaboration from Product Operations on communication. Be sure to follow the guidance [here](https://about.gitlab.com/handbook/product/gitlab-the-product/#breaking-changes-deprecations-and-removing-features.)** +**If this issue proposes a breaking change outside a major release XX.0, you need to get approval from your manager and request collaboration from Product Operations on communication. Be sure to follow the guidance [here](https://about.gitlab.com/handbook/product/gitlab-the-product/#deprecations-removals-and-breaking-changes.)** --> diff --git a/.gitlab/issue_templates/Experiment Implementation.md b/.gitlab/issue_templates/Experiment Implementation.md index fc6cfbb27fa..56202240ef5 100644 --- a/.gitlab/issue_templates/Experiment Implementation.md +++ b/.gitlab/issue_templates/Experiment Implementation.md @@ -18,7 +18,7 @@ # Tracking Details - [json schema](https://gitlab.com/gitlab-org/iglu/-/blob/master/public/schemas/com.gitlab/gitlab_experiment/jsonschema/0-3-0) used in `gitlab-experiment` tracking. -- see [taxonomy](https://docs.gitlab.com/ee/development/snowplow/index.html#structured-event-taxonomy) for a guide. +- see [event schema](https://docs.gitlab.com/ee/development/snowplow/index.html#event-schema) for a guide. | sequence | activity | category | action | label | property | value | | -------- | -------- | ------ | ----- | ------- | -------- | ----- | diff --git a/.gitlab/issue_templates/Feature Flag Roll Out.md b/.gitlab/issue_templates/Feature Flag Roll Out.md index a9f96a61d29..40ee1c125da 100644 --- a/.gitlab/issue_templates/Feature Flag Roll Out.md +++ b/.gitlab/issue_templates/Feature Flag Roll Out.md @@ -1,8 +1,17 @@ <!-- Title suggestion: [Feature flag] Enable description of feature --> +<!-- +Set the main issue link: The main issue is the one that describes the problem to solve, +the one this feature flag is being added for. For example: + +[main-issue]: https://gitlab.com/gitlab-org/gitlab/-/issues/123456 +--> + +[main-issue]: MAIN-ISSUE-LINK + ## Summary -This issue is to rollout [the feature](ISSUE LINK) on production, +This issue is to rollout [the feature][main-issue] on production, that is currently behind the `<feature-flag-name>` feature flag. <!-- Short description of what the feature is about and link to relevant other issues. --> @@ -89,7 +98,7 @@ _Consider adding links to check for Sentry errors, Production logs for 5xx, 302s - [ ] Ensure that you or a representative in development can be available for at least 2 hours after feature flag updates in production. If a different developer will be covering, or an exception is needed, please inform the oncall SRE by using the `@sre-oncall` Slack alias. - [ ] Ensure that documentation has been updated ([More info](https://docs.gitlab.com/ee/development/documentation/feature_flags.html#features-that-became-enabled-by-default)). -- [ ] Announce on [the feature issue](ISSUE LINK) an estimated time this will be enabled on GitLab.com. +- [ ] Leave a comment on [the feature issue][main-issue] announcing estimated time when this feature flag will be enabled on GitLab.com. - [ ] Ensure that any breaking changes have been announced following the [release post process](https://about.gitlab.com/handbook/marketing/blog/release-posts/#deprecations-removals-and-breaking-changes) to ensure GitLab customers are aware. - [ ] Notify `#support_gitlab-com` and your team channel ([more guidance when this is necessary in the dev docs](https://docs.gitlab.com/ee/development/feature_flags/controls.html#communicate-the-change)). @@ -104,7 +113,7 @@ For visibility, all `/chatops` commands that target production should be execute - [ ] `/chatops run feature set <feature-flag-name> <rollout-percentage> --random` - Enable the feature globally on production environment. - [ ] `/chatops run feature set <feature-flag-name> true` -- [ ] Announce on [the feature issue](ISSUE LINK) that the feature has been globally enabled. +- [ ] Leave a comment on [the feature issue][main-issue] announcing that the feature has been globally enabled. - [ ] Wait for [at least one day for the verification term](https://about.gitlab.com/handbook/product-development-flow/feature-flag-lifecycle/#including-a-feature-behind-feature-flag-in-the-final-release). ### (Optional) Release the feature with the feature flag @@ -122,7 +131,7 @@ To do so, follow these steps: - [ ] `/chatops run release check <merge-request-url> <milestone>` - [ ] Consider cleaning up the feature flag from all environments by running these chatops command in `#production` channel. Otherwise these settings may override the default enabled. - [ ] `/chatops run feature delete <feature-flag-name> --dev --staging --staging-ref --production` -- [ ] Close [the feature issue](ISSUE LINK) to indicate the feature will be released in the current milestone. +- [ ] Close [the feature issue][main-issue] to indicate the feature will be released in the current milestone. - [ ] Set the next milestone to this rollout issue for scheduling [the flag removal](#release-the-feature). - [ ] (Optional) You can [create a separate issue](https://gitlab.com/gitlab-org/gitlab/-/issues/new?issuable_template=Feature%20Flag%20Cleanup) for scheduling the steps below to [Release the feature](#release-the-feature). - [ ] Set the title to "[Feature flag] Cleanup `<feature-flag-name>`". @@ -155,7 +164,7 @@ You can either [create a follow-up issue for Feature Flag Cleanup](https://gitla If the merge request was deployed before [the monthly release was tagged](https://about.gitlab.com/handbook/engineering/releases/#self-managed-releases-1), the feature can be officially announced in a release blog post. - [ ] `/chatops run release check <merge-request-url> <milestone>` -- [ ] Close [the feature issue](ISSUE LINK) to indicate the feature will be released in the current milestone. +- [ ] Close [the feature issue][main-issue] to indicate the feature will be released in the current milestone. - [ ] If not already done, clean up the feature flag from all environments by running these chatops command in `#production` channel: - [ ] `/chatops run feature delete <feature-flag-name> --dev --staging --staging-ref --production` - [ ] Close this rollout issue. diff --git a/.gitlab/issue_templates/Geo Replicate a new Git repository type.md b/.gitlab/issue_templates/Geo Replicate a new Git repository type.md index 6c9b8bb6d78..2348fa5b86f 100644 --- a/.gitlab/issue_templates/Geo Replicate a new Git repository type.md +++ b/.gitlab/issue_templates/Geo Replicate a new Git repository type.md @@ -57,46 +57,38 @@ Geo secondary sites have a [Geo tracking database](https://gitlab.com/gitlab-org # frozen_string_literal: true class CreateCoolWidgetRegistry < Gitlab::Database::Migration[2.0] - disable_ddl_transaction! - - def up - Geo::TrackingBase.transaction do - create_table :cool_widget_registry, id: :bigserial, force: :cascade do |t| - t.bigint :cool_widget_id, null: false - t.datetime_with_timezone :created_at, null: false - t.datetime_with_timezone :last_synced_at - t.datetime_with_timezone :retry_at - t.datetime_with_timezone :verified_at - t.datetime_with_timezone :verification_started_at - t.datetime_with_timezone :verification_retry_at - t.integer :state, default: 0, null: false, limit: 2 - t.integer :verification_state, default: 0, null: false, limit: 2 - t.integer :retry_count, default: 0, limit: 2, null: false - t.integer :verification_retry_count, default: 0, limit: 2, null: false - t.boolean :checksum_mismatch, default: false, null: false - t.boolean :force_to_redownload, default: false, null: false - t.boolean :missing_on_primary, default: false, null: false - t.binary :verification_checksum - t.binary :verification_checksum_mismatched - t.text :verification_failure, limit: 255 - t.text :last_sync_failure, limit: 255 - - t.index :cool_widget_id, name: :index_cool_widget_registry_on_cool_widget_id, unique: true - t.index :retry_at - t.index :state - # To optimize performance of CoolWidgetRegistry.verification_failed_batch - t.index :verification_retry_at, name: :cool_widget_registry_failed_verification, order: "NULLS FIRST", where: "((state = 2) AND (verification_state = 3))" - # To optimize performance of CoolWidgetRegistry.needs_verification_count - t.index :verification_state, name: :cool_widget_registry_needs_verification, where: "((state = 2) AND (verification_state = ANY (ARRAY[0, 3])))" - # To optimize performance of CoolWidgetRegistry.verification_pending_batch - t.index :verified_at, name: :cool_widget_registry_pending_verification, order: "NULLS FIRST", where: "((state = 2) AND (verification_state = 0))" - end + def change + create_table :cool_widget_registry, id: :bigserial, force: :cascade do |t| + t.bigint :cool_widget_id, null: false + t.datetime_with_timezone :created_at, null: false + t.datetime_with_timezone :last_synced_at + t.datetime_with_timezone :retry_at + t.datetime_with_timezone :verified_at + t.datetime_with_timezone :verification_started_at + t.datetime_with_timezone :verification_retry_at + t.integer :state, default: 0, null: false, limit: 2 + t.integer :verification_state, default: 0, null: false, limit: 2 + t.integer :retry_count, default: 0, limit: 2, null: false + t.integer :verification_retry_count, default: 0, limit: 2, null: false + t.boolean :checksum_mismatch, default: false, null: false + t.boolean :force_to_redownload, default: false, null: false + t.boolean :missing_on_primary, default: false, null: false + t.binary :verification_checksum + t.binary :verification_checksum_mismatched + t.text :verification_failure, limit: 255 + t.text :last_sync_failure, limit: 255 + + t.index :cool_widget_id, name: :index_cool_widget_registry_on_cool_widget_id, unique: true + t.index :retry_at + t.index :state + # To optimize performance of CoolWidgetRegistry.verification_failed_batch + t.index :verification_retry_at, name: :cool_widget_registry_failed_verification, order: "NULLS FIRST", where: "((state = 2) AND (verification_state = 3))" + # To optimize performance of CoolWidgetRegistry.needs_verification_count + t.index :verification_state, name: :cool_widget_registry_needs_verification, where: "((state = 2) AND (verification_state = ANY (ARRAY[0, 3])))" + # To optimize performance of CoolWidgetRegistry.verification_pending_batch + t.index :verified_at, name: :cool_widget_registry_pending_verification, order: "NULLS FIRST", where: "((state = 2) AND (verification_state = 0))" end end - - def down - drop_table :cool_widget_registry - end end ``` diff --git a/.gitlab/issue_templates/Geo Replicate a new blob type.md b/.gitlab/issue_templates/Geo Replicate a new blob type.md index 76fe1772921..2bb8918df60 100644 --- a/.gitlab/issue_templates/Geo Replicate a new blob type.md +++ b/.gitlab/issue_templates/Geo Replicate a new blob type.md @@ -59,44 +59,36 @@ Geo secondary sites have a [Geo tracking database](https://gitlab.com/gitlab-org # frozen_string_literal: true class CreateCoolWidgetRegistry < Gitlab::Database::Migration[2.0] - disable_ddl_transaction! - - def up - Geo::TrackingBase.transaction do - create_table :cool_widget_registry, id: :bigserial, force: :cascade do |t| - t.bigint :cool_widget_id, null: false - t.datetime_with_timezone :created_at, null: false - t.datetime_with_timezone :last_synced_at - t.datetime_with_timezone :retry_at - t.datetime_with_timezone :verified_at - t.datetime_with_timezone :verification_started_at - t.datetime_with_timezone :verification_retry_at - t.integer :state, default: 0, null: false, limit: 2 - t.integer :verification_state, default: 0, null: false, limit: 2 - t.integer :retry_count, default: 0, limit: 2, null: false - t.integer :verification_retry_count, default: 0, limit: 2, null: false - t.boolean :checksum_mismatch, default: false, null: false - t.binary :verification_checksum - t.binary :verification_checksum_mismatched - t.text :verification_failure, limit: 255 - t.text :last_sync_failure, limit: 255 - - t.index :cool_widget_id, name: :index_cool_widget_registry_on_cool_widget_id, unique: true - t.index :retry_at - t.index :state - # To optimize performance of CoolWidgetRegistry.verification_failed_batch - t.index :verification_retry_at, name: :cool_widget_registry_failed_verification, order: "NULLS FIRST", where: "((state = 2) AND (verification_state = 3))" - # To optimize performance of CoolWidgetRegistry.needs_verification_count - t.index :verification_state, name: :cool_widget_registry_needs_verification, where: "((state = 2) AND (verification_state = ANY (ARRAY[0, 3])))" - # To optimize performance of CoolWidgetRegistry.verification_pending_batch - t.index :verified_at, name: :cool_widget_registry_pending_verification, order: "NULLS FIRST", where: "((state = 2) AND (verification_state = 0))" - end + def change + create_table :cool_widget_registry, id: :bigserial, force: :cascade do |t| + t.bigint :cool_widget_id, null: false + t.datetime_with_timezone :created_at, null: false + t.datetime_with_timezone :last_synced_at + t.datetime_with_timezone :retry_at + t.datetime_with_timezone :verified_at + t.datetime_with_timezone :verification_started_at + t.datetime_with_timezone :verification_retry_at + t.integer :state, default: 0, null: false, limit: 2 + t.integer :verification_state, default: 0, null: false, limit: 2 + t.integer :retry_count, default: 0, limit: 2, null: false + t.integer :verification_retry_count, default: 0, limit: 2, null: false + t.boolean :checksum_mismatch, default: false, null: false + t.binary :verification_checksum + t.binary :verification_checksum_mismatched + t.text :verification_failure, limit: 255 + t.text :last_sync_failure, limit: 255 + + t.index :cool_widget_id, name: :index_cool_widget_registry_on_cool_widget_id, unique: true + t.index :retry_at + t.index :state + # To optimize performance of CoolWidgetRegistry.verification_failed_batch + t.index :verification_retry_at, name: :cool_widget_registry_failed_verification, order: "NULLS FIRST", where: "((state = 2) AND (verification_state = 3))" + # To optimize performance of CoolWidgetRegistry.needs_verification_count + t.index :verification_state, name: :cool_widget_registry_needs_verification, where: "((state = 2) AND (verification_state = ANY (ARRAY[0, 3])))" + # To optimize performance of CoolWidgetRegistry.verification_pending_batch + t.index :verified_at, name: :cool_widget_registry_pending_verification, order: "NULLS FIRST", where: "((state = 2) AND (verification_state = 0))" end end - - def down - drop_table :cool_widget_registry - end end ``` diff --git a/.gitlab/issue_templates/Security developer workflow.md b/.gitlab/issue_templates/Security developer workflow.md index 4cced5a25fe..daad4c19803 100644 --- a/.gitlab/issue_templates/Security developer workflow.md +++ b/.gitlab/issue_templates/Security developer workflow.md @@ -64,6 +64,7 @@ After your merge request has been approved according to our [approval guidelines | Upgrade notes | | | | GitLab Settings updated | Yes/No| | | Migration required | Yes/No | | +| Breaking change to UI or public API | Yes/No | <!-- How should the breaking change be communicated? --> | | Thanks | | | [security process for developers]: https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md diff --git a/.gitlab/merge_request_templates/Documentation.md b/.gitlab/merge_request_templates/Documentation.md index 2096b06d73b..bc736200046 100644 --- a/.gitlab/merge_request_templates/Documentation.md +++ b/.gitlab/merge_request_templates/Documentation.md @@ -14,7 +14,7 @@ - [Documentation guidelines](https://docs.gitlab.com/ee/development/documentation/). - [Style Guide](https://docs.gitlab.com/ee/development/documentation/styleguide/). - [ ] If you're adding or changing the main heading of the page (H1), ensure that the [product tier badge](https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#product-tier-badges) is added. -- [ ] If you are a GitLab team member, [request a review](https://docs.gitlab.com/ee/development/code_review.html#dogfooding-the-attention-request-feature) based on: +- [ ] If you are a GitLab team member, [request a review](https://docs.gitlab.com/ee/development/code_review.html#dogfooding-the-reviewers-feature) based on: - The documentation page's [metadata](https://docs.gitlab.com/ee/development/documentation/#metadata). - The [associated Technical Writer](https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments). @@ -31,6 +31,8 @@ These labels cause the MR to be added to code verification QA issues. Documentation-related MRs should be reviewed by a Technical Writer for a non-blocking review, based on [Documentation Guidelines](https://docs.gitlab.com/ee/development/documentation/) and the [Style Guide](https://docs.gitlab.com/ee/development/documentation/styleguide/). +If you aren't sure which tech writer to ask, use [roulette](https://gitlab-org.gitlab.io/gitlab-roulette/?sortKey=stats.avg30&order=-1&hourFormat24=true&visible=maintainer%7Cdocs) or ask in the [#docs](https://gitlab.slack.com/archives/C16HYA2P5) Slack channel. + - [ ] If the content requires it, ensure the information is reviewed by a subject matter expert. - Technical writer review items: - [ ] Ensure docs metadata is present and up-to-date. diff --git a/.gitlab/merge_request_templates/Pipeline Configuration.md b/.gitlab/merge_request_templates/Pipeline Configuration.md index 336988d8bdf..255cb787d64 100644 --- a/.gitlab/merge_request_templates/Pipeline Configuration.md +++ b/.gitlab/merge_request_templates/Pipeline Configuration.md @@ -1,4 +1,4 @@ -<!-- See Pipelines for the GitLab project: https://docs.gitlab.com/ee/development/pipelines.html --> +<!-- See Pipelines for the GitLab project: https://docs.gitlab.com/ee/development/pipelines --> <!-- When in doubt about a Pipeline configuration change, feel free to ping @gl-quality/eng-prod. --> ## What does this MR do? @@ -15,7 +15,7 @@ Consider the effect of the changes in this merge request on the following: -- [ ] Different [pipeline types](https://docs.gitlab.com/ee/development/pipelines.html#pipelines-for-merge-requests) +- [ ] Different [pipeline types](https://docs.gitlab.com/ee/development/pipelines/index.html#pipelines-types-for-merge-requests) - Non-canonical projects: - [ ] `gitlab-foss` - [ ] `security` diff --git a/.gitlab/merge_request_templates/Quarantine End to End Test.md b/.gitlab/merge_request_templates/Quarantine End to End Test.md index c088fde857a..5f26f3ac74d 100644 --- a/.gitlab/merge_request_templates/Quarantine End to End Test.md +++ b/.gitlab/merge_request_templates/Quarantine End to End Test.md @@ -26,7 +26,7 @@ the noise (due to constantly failing tests, flaky tests, and so on) so that new - [ ] Dequarantine test check-list - [ ] Follow the [Dequarantining Tests guide](https://about.gitlab.com/handbook/engineering/quality/quality-engineering/debugging-qa-test-failures/#dequarantining-tests). - [ ] Confirm the test consistently passes on the target GitLab environment(s). -- [ ] To ensure a faster turnaround, ask in the `#quality` Slack channel for someone to review and merge the merge request, rather than assigning it directly. +- [ ] To ensure a faster turnaround, ask in the `#quality_maintainers` Slack channel for someone to review and merge the merge request, rather than assigning it directly. <!-- Base labels. --> /label ~"Quality" ~"QA" ~"type::maintenance" diff --git a/.gitlab/merge_request_templates/Removals.md b/.gitlab/merge_request_templates/Removals.md index afe95f853bc..6f31f3cefd2 100644 --- a/.gitlab/merge_request_templates/Removals.md +++ b/.gitlab/merge_request_templates/Removals.md @@ -18,7 +18,7 @@ If there is no relevant deprecation issue, hit pause and: Removals must be [announced as deprecations](https://about.gitlab.com/handbook/marketing/blog/release-posts/#deprecations) at least 2 milestones in advance of the planned removal date. -If the removal creates a [breaking change](https://about.gitlab.com/handbook/product/gitlab-the-product/#breaking-changes-deprecations-and-removing-features), it can only be removed in a major "XX.0" release. +If the removal creates a [breaking change](https://about.gitlab.com/handbook/product/gitlab-the-product/#deprecations-removals-and-breaking-changes), it can only be removed in a major "XX.0" release. **By the 10th**: Assign this MR to these team members as reviewers, and for approval: |