summaryrefslogtreecommitdiff
path: root/.gitlab
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2022-06-20 11:10:13 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2022-06-20 11:10:13 +0000
commit0ea3fcec397b69815975647f5e2aa5fe944a8486 (patch)
tree7979381b89d26011bcf9bdc989a40fcc2f1ed4ff /.gitlab
parent72123183a20411a36d607d70b12d57c484394c8e (diff)
downloadgitlab-ce-0ea3fcec397b69815975647f5e2aa5fe944a8486.tar.gz
Add latest changes from gitlab-org/gitlab@15-1-stable-eev15.1.0-rc42
Diffstat (limited to '.gitlab')
-rw-r--r--.gitlab/CODEOWNERS170
-rw-r--r--.gitlab/ci/build-images.gitlab-ci.yml10
-rw-r--r--.gitlab/ci/docs.gitlab-ci.yml6
-rw-r--r--.gitlab/ci/frontend.gitlab-ci.yml2
-rw-r--r--.gitlab/ci/global.gitlab-ci.yml17
-rw-r--r--.gitlab/ci/qa.gitlab-ci.yml38
-rw-r--r--.gitlab/ci/rails.gitlab-ci.yml11
-rw-r--r--.gitlab/ci/reports.gitlab-ci.yml4
-rw-r--r--.gitlab/ci/review-apps/dast.gitlab-ci.yml118
-rw-r--r--.gitlab/ci/review-apps/main.gitlab-ci.yml2
-rw-r--r--.gitlab/ci/review-apps/qa.gitlab-ci.yml41
-rw-r--r--.gitlab/ci/review.gitlab-ci.yml5
-rw-r--r--.gitlab/ci/rules.gitlab-ci.yml69
-rw-r--r--.gitlab/ci/setup.gitlab-ci.yml7
-rw-r--r--.gitlab/ci/test-metadata.gitlab-ci.yml2
-rw-r--r--.gitlab/ci/workhorse.gitlab-ci.yml8
-rw-r--r--.gitlab/ci/yaml.gitlab-ci.yml21
-rw-r--r--.gitlab/issue_templates/Deprecations.md2
-rw-r--r--.gitlab/issue_templates/Feature Flag Roll Out.md18
-rw-r--r--.gitlab/issue_templates/Geo Replicate a new Git repository type.md6
-rw-r--r--.gitlab/issue_templates/Geo Replicate a new blob type.md6
-rw-r--r--.gitlab/issue_templates/Performance Indicator Metric.md2
-rw-r--r--.gitlab/issue_templates/Service Ping reporting and monitoring.md129
23 files changed, 437 insertions, 257 deletions
diff --git a/.gitlab/CODEOWNERS b/.gitlab/CODEOWNERS
index 8b64c81f0f7..64955d67e34 100644
--- a/.gitlab/CODEOWNERS
+++ b/.gitlab/CODEOWNERS
@@ -137,7 +137,7 @@ Dangerfile @gl-quality/eng-prod
/app/assets/javascripts/notes @viktomas @jboyson @iamphill @thomasrandolph
/app/assets/javascripts/merge_conflicts @viktomas @jboyson @iamphill @thomasrandolph
/app/assets/javascripts/mr_notes @viktomas @jboyson @iamphill @thomasrandolph
-/app/assets/javascripts/mr_popover @viktomas @jboyson @iamphill @thomasrandolph
+/app/assets/javascripts/issuable/popover @viktomas @jboyson @iamphill @thomasrandolph
/app/assets/javascripts/vue_merge_request_widget @viktomas @jboyson @iamphill @thomasrandolph
/app/assets/javascripts/merge_request.js @viktomas @jboyson @iamphill @thomasrandolph
/app/assets/javascripts/merge_request_tabs.js @viktomas @jboyson @iamphill @thomasrandolph
@@ -175,8 +175,21 @@ Dangerfile @gl-quality/eng-prod
^[Workhorse]
/workhorse/ @jacobvosmaer-gitlab @nick.thomas @nolith @patrickbajao
-^[Application Security]
+[Application Security]
+/app/assets/javascripts/lib/dompurify.js @gitlab-com/gl-security/appsec
+/app/assets/javascripts/gfm_auto_complete.js @gitlab-com/gl-security/appsec
+/ee/app/assets/javascripts/gfm_auto_complete.js @gitlab-com/gl-security/appsec
+/app/validators/addressable_url_validator.rb @gitlab-com/gl-security/appsec
+/app/validators/public_url_validator.rb @gitlab-com/gl-security/appsec
+/config/initializers/content_security_policy.rb @gitlab-com/gl-security/appsec
/lib/gitlab/content_security_policy/ @gitlab-com/gl-security/appsec
+/lib/gitlab/http.rb @gitlab-com/gl-security/appsec
+/lib/gitlab/http_connection_adapter.rb @gitlab-com/gl-security/appsec
+/lib/gitlab/sanitizers @gitlab-com/gl-security/appsec
+/lib/gitlab/untrusted_regexp.rb @gitlab-com/gl-security/appsec
+/lib/gitlab/url_blocker.rb @gitlab-com/gl-security/appsec
+/lib/gitlab/url_blockers/ @gitlab-com/gl-security/appsec
+/lib/gitlab/utils.rb @gitlab-com/gl-security/appsec
^[Gitaly]
lib/gitlab/git_access.rb @proglottis @toon @zj-gitlab
@@ -218,7 +231,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
/doc/administration/index.md @axil
/doc/administration/instance_limits.md @axil
/doc/administration/instance_review.md @kpaizee
-/doc/administration/integration/kroki.md @kpaizee
+/doc/administration/integration/kroki.md @msedlakjakubowski
/doc/administration/integration/mailgun.md @kpaizee
/doc/administration/integration/plantuml.md @aqualls
/doc/administration/integration/terminal.md @kpaizee
@@ -559,7 +572,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
/doc/development/new_fe_guide/tips.md @sselhorn
/doc/development/omnibus.md @axil
/doc/development/ordering_table_columns.md @aqualls
-/doc/development/packages.md @claytoncornell
+/doc/development/packages/ @claytoncornell
/doc/development/permissions.md @eread
/doc/development/policies.md @eread
/doc/development/product_qualified_lead_guide/index.md @kpaizee
@@ -591,6 +604,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
/doc/gitlab-basics/ @aqualls
/doc/install/ @axil
/doc/integration/ @kpaizee
+/doc/integration/advanced_search/ @sselhorn
/doc/integration/elasticsearch.md @sselhorn
/doc/integration/gitpod.md @aqualls
/doc/integration/kerberos.md @eread
@@ -619,6 +633,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
/doc/topics/offline/index.md @axil
/doc/topics/offline/quick_start_guide.md @axil
/doc/topics/plan_and_track.md @msedlakjakubowski
+/doc/tutorials/ @kpaizee
/doc/update/ @axil
/doc/update/mysql_to_postgresql.md @aqualls
/doc/update/upgrading_postgresql_using_slony.md @aqualls
@@ -770,7 +785,6 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
/doc/user/project/settings/import_export.md @eread
/doc/user/project/settings/index.md @fneill
/doc/user/project/settings/project_access_tokens.md @eread
-/doc/user/project/static_site_editor/index.md @aqualls
/doc/user/project/time_tracking.md @msedlakjakubowski
/doc/user/project/web_ide/index.md @aqualls
/doc/user/project/wiki/group.md @aqualls
@@ -780,7 +794,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
/doc/user/reserved_names.md @fneill
/doc/user/search/advanced_search.md @sselhorn
/doc/user/search/global_search/advanced_search_syntax.md @sselhorn
-/doc/user/search/index.md @aqualls
+/doc/user/search/index.md @sselhorn
/doc/user/shortcuts.md @aqualls
/doc/user/snippets.md @aqualls
/doc/user/ssh.md @eread
@@ -790,35 +804,34 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
/doc/user/workspace/index.md @fneill
[Authentication and Authorization]
-/app/assets/javascripts/access_tokens @gitlab-org/manage/authentication-and-authorization
+/app/assets/javascripts/access_tokens/ @gitlab-org/manage/authentication-and-authorization
/app/assets/javascripts/alerts_settings/graphql/mutations/reset_http_token.mutation.graphql @gitlab-org/manage/authentication-and-authorization
-/app/assets/javascripts/authentication @gitlab-org/manage/authentication-and-authorization
+/app/assets/javascripts/authentication/ @gitlab-org/manage/authentication-and-authorization
/app/assets/javascripts/ide/components/shared/tokened_input.vue @gitlab-org/manage/authentication-and-authorization
/app/assets/javascripts/invite_members/components/members_token_select.vue @gitlab-org/manage/authentication-and-authorization
-/app/assets/javascripts/logs/components/tokens @gitlab-org/manage/authentication-and-authorization
-/app/assets/javascripts/packages_and_registries/package_registry/components/list/tokens @gitlab-org/manage/authentication-and-authorization
-/app/assets/javascripts/pages/admin/impersonation_tokens @gitlab-org/manage/authentication-and-authorization
-/app/assets/javascripts/pages/groups/settings/access_tokens @gitlab-org/manage/authentication-and-authorization
-/app/assets/javascripts/pages/ldap @gitlab-org/manage/authentication-and-authorization
-/app/assets/javascripts/pages/oauth @gitlab-org/manage/authentication-and-authorization
-/app/assets/javascripts/pages/omniauth_callbacks @gitlab-org/manage/authentication-and-authorization
-/app/assets/javascripts/pages/profiles/password_prompt @gitlab-org/manage/authentication-and-authorization
-/app/assets/javascripts/pages/profiles/personal_access_tokens @gitlab-org/manage/authentication-and-authorization
-/app/assets/javascripts/pages/profiles/two_factor_auths @gitlab-org/manage/authentication-and-authorization
-/app/assets/javascripts/pages/projects/settings/access_tokens @gitlab-org/manage/authentication-and-authorization
+/app/assets/javascripts/logs/components/tokens/ @gitlab-org/manage/authentication-and-authorization
+/app/assets/javascripts/packages_and_registries/package_registry/components/list/tokens/ @gitlab-org/manage/authentication-and-authorization
+/app/assets/javascripts/pages/admin/impersonation_tokens/ @gitlab-org/manage/authentication-and-authorization
+/app/assets/javascripts/pages/groups/settings/access_tokens/ @gitlab-org/manage/authentication-and-authorization
+/app/assets/javascripts/pages/ldap/ @gitlab-org/manage/authentication-and-authorization
+/app/assets/javascripts/pages/oauth/ @gitlab-org/manage/authentication-and-authorization
+/app/assets/javascripts/pages/omniauth_callbacks/ @gitlab-org/manage/authentication-and-authorization
+/app/assets/javascripts/pages/profiles/password_prompt/ @gitlab-org/manage/authentication-and-authorization
+/app/assets/javascripts/pages/profiles/personal_access_tokens/ @gitlab-org/manage/authentication-and-authorization
+/app/assets/javascripts/pages/profiles/two_factor_auths/ @gitlab-org/manage/authentication-and-authorization
+/app/assets/javascripts/pages/projects/settings/access_tokens/ @gitlab-org/manage/authentication-and-authorization
/app/assets/javascripts/pages/sessions/new/oauth_remember_me.js @gitlab-org/manage/authentication-and-authorization
/app/assets/javascripts/pipelines/components/pipelines_list/tokens/constants.js @gitlab-org/manage/authentication-and-authorization
/app/assets/javascripts/pipelines/components/pipelines_list/tokens/pipeline_branch_name_token.vue @gitlab-org/manage/authentication-and-authorization
/app/assets/javascripts/pipelines/components/pipelines_list/tokens/pipeline_source_token.vue @gitlab-org/manage/authentication-and-authorization
/app/assets/javascripts/pipelines/components/pipelines_list/tokens/pipeline_status_token.vue @gitlab-org/manage/authentication-and-authorization
/app/assets/javascripts/pipelines/components/pipelines_list/tokens/pipeline_tag_name_token.vue @gitlab-org/manage/authentication-and-authorization
-/app/assets/javascripts/projects/settings/topics/components @gitlab-org/manage/authentication-and-authorization
+/app/assets/javascripts/projects/settings/topics/components/ @gitlab-org/manage/authentication-and-authorization
/app/assets/javascripts/related_issues/components/issue_token.vue @gitlab-org/manage/authentication-and-authorization
/app/assets/javascripts/runner/components/registration/registration_token.vue @gitlab-org/manage/authentication-and-authorization
/app/assets/javascripts/runner/components/registration/registration_token_reset_dropdown_item.vue @gitlab-org/manage/authentication-and-authorization
-/app/assets/javascripts/runner/components/search_tokens @gitlab-org/manage/authentication-and-authorization
-/app/assets/javascripts/static_site_editor/rich_content_editor/services/renderers/build_uneditable_token.js @gitlab-org/manage/authentication-and-authorization
-/app/assets/javascripts/token_access/components @gitlab-org/manage/authentication-and-authorization
+/app/assets/javascripts/runner/components/search_tokens/ @gitlab-org/manage/authentication-and-authorization
+/app/assets/javascripts/token_access/components/ @gitlab-org/manage/authentication-and-authorization
/app/assets/javascripts/token_access/index.js @gitlab-org/manage/authentication-and-authorization
/app/assets/stylesheets/page_bundles/profile_two_factor_auth.scss @gitlab-org/manage/authentication-and-authorization
/app/controllers/admin/impersonation_tokens_controller.rb @gitlab-org/manage/authentication-and-authorization
@@ -833,8 +846,8 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
/app/controllers/concerns/snippet_authorizations.rb @gitlab-org/manage/authentication-and-authorization
/app/controllers/concerns/workhorse_authorization.rb @gitlab-org/manage/authentication-and-authorization
/app/controllers/groups/settings/access_tokens_controller.rb @gitlab-org/manage/authentication-and-authorization
-/app/controllers/ldap @gitlab-org/manage/authentication-and-authorization
-/app/controllers/oauth @gitlab-org/manage/authentication-and-authorization
+/app/controllers/ldap/ @gitlab-org/manage/authentication-and-authorization
+/app/controllers/oauth/ @gitlab-org/manage/authentication-and-authorization
/app/controllers/omniauth_callbacks_controller.rb @gitlab-org/manage/authentication-and-authorization
/app/controllers/passwords_controller.rb @gitlab-org/manage/authentication-and-authorization
/app/controllers/profiles/passwords_controller.rb @gitlab-org/manage/authentication-and-authorization
@@ -842,7 +855,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
/app/controllers/profiles/two_factor_auths_controller.rb @gitlab-org/manage/authentication-and-authorization
/app/controllers/profiles/webauthn_registrations_controller.rb @gitlab-org/manage/authentication-and-authorization
/app/controllers/projects/settings/access_tokens_controller.rb @gitlab-org/manage/authentication-and-authorization
-/app/finders/groups/projects_requiring_authorizations_refresh @gitlab-org/manage/authentication-and-authorization
+/app/finders/groups/projects_requiring_authorizations_refresh/ @gitlab-org/manage/authentication-and-authorization
/app/finders/personal_access_tokens_finder.rb @gitlab-org/manage/authentication-and-authorization
/app/helpers/access_tokens_helper.rb @gitlab-org/manage/authentication-and-authorization
/app/helpers/auth_helper.rb @gitlab-org/manage/authentication-and-authorization
@@ -851,7 +864,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
/app/models/concerns/mirror_authentication.rb @gitlab-org/manage/authentication-and-authorization
/app/models/concerns/select_for_project_authorization.rb @gitlab-org/manage/authentication-and-authorization
/app/models/concerns/token_authenticatable.rb @gitlab-org/manage/authentication-and-authorization
-/app/models/concerns/token_authenticatable_strategies @gitlab-org/manage/authentication-and-authorization
+/app/models/concerns/token_authenticatable_strategies/ @gitlab-org/manage/authentication-and-authorization
/app/models/oauth_access_grant.rb @gitlab-org/manage/authentication-and-authorization
/app/models/oauth_access_token.rb @gitlab-org/manage/authentication-and-authorization
/app/models/personal_access_token.rb @gitlab-org/manage/authentication-and-authorization
@@ -860,22 +873,22 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
/app/models/webauthn_registration.rb @gitlab-org/manage/authentication-and-authorization
/app/policies/personal_access_token_policy.rb @gitlab-org/manage/authentication-and-authorization
/app/services/access_token_validation_service.rb @gitlab-org/manage/authentication-and-authorization
-/app/services/auth @gitlab-org/manage/authentication-and-authorization
-/app/services/authorized_project_update @gitlab-org/manage/authentication-and-authorization
+/app/services/auth/ @gitlab-org/manage/authentication-and-authorization
+/app/services/authorized_project_update/ @gitlab-org/manage/authentication-and-authorization
/app/services/chat_names/authorize_user_service.rb @gitlab-org/manage/authentication-and-authorization
-/app/services/personal_access_tokens @gitlab-org/manage/authentication-and-authorization
+/app/services/personal_access_tokens/ @gitlab-org/manage/authentication-and-authorization
/app/services/projects/move_project_authorizations_service.rb @gitlab-org/manage/authentication-and-authorization
-/app/services/resource_access_tokens @gitlab-org/manage/authentication-and-authorization
+/app/services/resource_access_tokens/ @gitlab-org/manage/authentication-and-authorization
/app/services/todos/destroy/unauthorized_features_service.rb @gitlab-org/manage/authentication-and-authorization
/app/services/users/authorized_build_service.rb @gitlab-org/manage/authentication-and-authorization
/app/services/users/authorized_create_service.rb @gitlab-org/manage/authentication-and-authorization
/app/services/users/refresh_authorized_projects_service.rb @gitlab-org/manage/authentication-and-authorization
-/app/services/webauthn @gitlab-org/manage/authentication-and-authorization
+/app/services/webauthn/ @gitlab-org/manage/authentication-and-authorization
/app/validators/json_schemas/cluster_agent_authorization_configuration.json @gitlab-org/manage/authentication-and-authorization
/app/views/admin/application_settings/_external_authorization_service_form.html.haml @gitlab-org/manage/authentication-and-authorization
-/app/views/admin/impersonation_tokens @gitlab-org/manage/authentication-and-authorization
-/app/views/authentication @gitlab-org/manage/authentication-and-authorization
-/app/views/ci/token_access @gitlab-org/manage/authentication-and-authorization
+/app/views/admin/impersonation_tokens/ @gitlab-org/manage/authentication-and-authorization
+/app/views/authentication/ @gitlab-org/manage/authentication-and-authorization
+/app/views/ci/token_access/ @gitlab-org/manage/authentication-and-authorization
/app/views/dashboard/projects/_zero_authorized_projects.html.haml @gitlab-org/manage/authentication-and-authorization
/app/views/devise/mailer/password_change.html.haml @gitlab-org/manage/authentication-and-authorization
/app/views/devise/mailer/password_change.text.erb @gitlab-org/manage/authentication-and-authorization
@@ -883,17 +896,17 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
/app/views/devise/mailer/password_change_by_admin.text.erb @gitlab-org/manage/authentication-and-authorization
/app/views/devise/mailer/reset_password_instructions.html.haml @gitlab-org/manage/authentication-and-authorization
/app/views/devise/mailer/reset_password_instructions.text.erb @gitlab-org/manage/authentication-and-authorization
-/app/views/devise/passwords @gitlab-org/manage/authentication-and-authorization
+/app/views/devise/passwords/ @gitlab-org/manage/authentication-and-authorization
/app/views/devise/shared/_omniauth_box.html.haml @gitlab-org/manage/authentication-and-authorization
/app/views/devise/shared/_signup_omniauth_provider_list.haml @gitlab-org/manage/authentication-and-authorization
/app/views/devise/shared/_signup_omniauth_providers.haml @gitlab-org/manage/authentication-and-authorization
/app/views/devise/shared/_signup_omniauth_providers_top.haml @gitlab-org/manage/authentication-and-authorization
-/app/views/doorkeeper/authorizations @gitlab-org/manage/authentication-and-authorization
-/app/views/doorkeeper/authorized_applications @gitlab-org/manage/authentication-and-authorization
+/app/views/doorkeeper/authorizations/ @gitlab-org/manage/authentication-and-authorization
+/app/views/doorkeeper/authorized_applications/ @gitlab-org/manage/authentication-and-authorization
/app/views/errors/omniauth_error.html.haml @gitlab-org/manage/authentication-and-authorization
/app/views/groups/settings/_resource_access_token_creation.html.haml @gitlab-org/manage/authentication-and-authorization
/app/views/groups/settings/_two_factor_auth.html.haml @gitlab-org/manage/authentication-and-authorization
-/app/views/groups/settings/access_tokens @gitlab-org/manage/authentication-and-authorization
+/app/views/groups/settings/access_tokens/ @gitlab-org/manage/authentication-and-authorization
/app/views/layouts/oauth_error.html.haml @gitlab-org/manage/authentication-and-authorization
/app/views/notify/access_token_about_to_expire_email.html.haml @gitlab-org/manage/authentication-and-authorization
/app/views/notify/access_token_about_to_expire_email.text.erb @gitlab-org/manage/authentication-and-authorization
@@ -901,20 +914,20 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
/app/views/notify/access_token_created_email.text.erb @gitlab-org/manage/authentication-and-authorization
/app/views/notify/access_token_expired_email.html.haml @gitlab-org/manage/authentication-and-authorization
/app/views/notify/access_token_expired_email.text.erb @gitlab-org/manage/authentication-and-authorization
-/app/views/profiles/passwords @gitlab-org/manage/authentication-and-authorization
-/app/views/profiles/personal_access_tokens @gitlab-org/manage/authentication-and-authorization
-/app/views/profiles/two_factor_auths @gitlab-org/manage/authentication-and-authorization
+/app/views/profiles/passwords/ @gitlab-org/manage/authentication-and-authorization
+/app/views/profiles/personal_access_tokens/ @gitlab-org/manage/authentication-and-authorization
+/app/views/profiles/two_factor_auths/ @gitlab-org/manage/authentication-and-authorization
/app/views/projects/mirrors/_authentication_method.html.haml @gitlab-org/manage/authentication-and-authorization
-/app/views/projects/settings/access_tokens @gitlab-org/manage/authentication-and-authorization
+/app/views/projects/settings/access_tokens/ @gitlab-org/manage/authentication-and-authorization
/app/views/shared/_no_password.html.haml @gitlab-org/manage/authentication-and-authorization
/app/views/shared/_two_factor_auth_recovery_settings_check.html.haml @gitlab-org/manage/authentication-and-authorization
-/app/views/shared/access_tokens @gitlab-org/manage/authentication-and-authorization
+/app/views/shared/access_tokens/ @gitlab-org/manage/authentication-and-authorization
/app/views/shared/members/_two_factor_auth_badge.html.haml @gitlab-org/manage/authentication-and-authorization
-/app/views/shared/tokens @gitlab-org/manage/authentication-and-authorization
+/app/views/shared/tokens/ @gitlab-org/manage/authentication-and-authorization
/app/workers/authorized_keys_worker.rb @gitlab-org/manage/authentication-and-authorization
-/app/workers/authorized_project_update @gitlab-org/manage/authentication-and-authorization
+/app/workers/authorized_project_update/ @gitlab-org/manage/authentication-and-authorization
/app/workers/authorized_projects_worker.rb @gitlab-org/manage/authentication-and-authorization
-/app/workers/personal_access_tokens @gitlab-org/manage/authentication-and-authorization
+/app/workers/personal_access_tokens/ @gitlab-org/manage/authentication-and-authorization
/config/feature_flags/development/application_settings_tokens_optional_encryption.yml @gitlab-org/manage/authentication-and-authorization
/config/feature_flags/development/enforce_auth_checks_on_uploads.yml @gitlab-org/manage/authentication-and-authorization
/config/feature_flags/development/forti_authenticator.yml @gitlab-org/manage/authentication-and-authorization
@@ -924,6 +937,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
/config/feature_flags/development/omniauth_login_minimal_scopes.yml @gitlab-org/manage/authentication-and-authorization
/config/feature_flags/development/personal_access_tokens_scoped_to_projects.yml @gitlab-org/manage/authentication-and-authorization
/config/feature_flags/development/projects_tokens_optional_encryption.yml @gitlab-org/manage/authentication-and-authorization
+/config/feature_flags/development/refresh_authorizations_via_affected_projects_on_group_membership.yml @gitlab-org/manage/authentication-and-authorization
/config/feature_flags/development/specialized_worker_for_group_lock_update_auth_recalculation.yml @gitlab-org/manage/authentication-and-authorization
/config/feature_flags/development/webauthn.yml @gitlab-org/manage/authentication-and-authorization
/config/feature_flags/ops/block_password_auth_for_saml_users.yml @gitlab-org/manage/authentication-and-authorization
@@ -937,27 +951,27 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
/config/initializers/webauthn.rb @gitlab-org/manage/authentication-and-authorization
/config/initializers_before_autoloader/100_patch_omniauth_oauth2.rb @gitlab-org/manage/authentication-and-authorization
/config/initializers_before_autoloader/100_patch_omniauth_saml.rb @gitlab-org/manage/authentication-and-authorization
-/ee/app/assets/javascripts/access_tokens @gitlab-org/manage/authentication-and-authorization
-/ee/app/assets/javascripts/audit_events/components/tokens @gitlab-org/manage/authentication-and-authorization
+/ee/app/assets/javascripts/access_tokens/ @gitlab-org/manage/authentication-and-authorization
+/ee/app/assets/javascripts/audit_events/components/tokens/ @gitlab-org/manage/authentication-and-authorization
/ee/app/assets/javascripts/audit_events/token_utils.js @gitlab-org/manage/authentication-and-authorization
-/ee/app/assets/javascripts/groups/settings/components @gitlab-org/manage/authentication-and-authorization
-/ee/app/assets/javascripts/pages/groups/omniauth_callbacks @gitlab-org/manage/authentication-and-authorization
-/ee/app/assets/javascripts/pipelines/components/pipelines_list @gitlab-org/manage/authentication-and-authorization
-/ee/app/assets/javascripts/requirements/components/tokens @gitlab-org/manage/authentication-and-authorization
+/ee/app/assets/javascripts/groups/settings/components/ @gitlab-org/manage/authentication-and-authorization
+/ee/app/assets/javascripts/pages/groups/omniauth_callbacks/ @gitlab-org/manage/authentication-and-authorization
+/ee/app/assets/javascripts/pipelines/components/pipelines_list/ @gitlab-org/manage/authentication-and-authorization
+/ee/app/assets/javascripts/requirements/components/tokens/ @gitlab-org/manage/authentication-and-authorization
/ee/app/assets/javascripts/saml_providers/scim_token_service.js @gitlab-org/manage/authentication-and-authorization
-/ee/app/assets/javascripts/saml_sso/components @gitlab-org/manage/authentication-and-authorization
+/ee/app/assets/javascripts/saml_sso/components/ @gitlab-org/manage/authentication-and-authorization
/ee/app/assets/javascripts/vue_merge_request_widget/components/approvals/approvals_auth.vue @gitlab-org/manage/authentication-and-authorization
/ee/app/controllers/concerns/ee/authenticates_with_two_factor.rb @gitlab-org/manage/authentication-and-authorization
/ee/app/controllers/concerns/ee/enforces_two_factor_authentication.rb @gitlab-org/manage/authentication-and-authorization
/ee/app/controllers/concerns/saml_authorization.rb @gitlab-org/manage/authentication-and-authorization
-/ee/app/controllers/ee/ldap @gitlab-org/manage/authentication-and-authorization
+/ee/app/controllers/ee/ldap/ @gitlab-org/manage/authentication-and-authorization
/ee/app/controllers/ee/omniauth_callbacks_controller.rb @gitlab-org/manage/authentication-and-authorization
/ee/app/controllers/ee/passwords_controller.rb @gitlab-org/manage/authentication-and-authorization
/ee/app/controllers/groups/omniauth_callbacks_controller.rb @gitlab-org/manage/authentication-and-authorization
/ee/app/controllers/groups/scim_oauth_controller.rb @gitlab-org/manage/authentication-and-authorization
-/ee/app/controllers/oauth @gitlab-org/manage/authentication-and-authorization
+/ee/app/controllers/oauth/ @gitlab-org/manage/authentication-and-authorization
/ee/app/controllers/omniauth_kerberos_spnego_controller.rb @gitlab-org/manage/authentication-and-authorization
-/ee/app/finders/auth @gitlab-org/manage/authentication-and-authorization
+/ee/app/finders/auth/ @gitlab-org/manage/authentication-and-authorization
/ee/app/helpers/ee/access_tokens_helper.rb @gitlab-org/manage/authentication-and-authorization
/ee/app/helpers/ee/auth_helper.rb @gitlab-org/manage/authentication-and-authorization
/ee/app/helpers/ee/personal_access_tokens_helper.rb @gitlab-org/manage/authentication-and-authorization
@@ -965,10 +979,10 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
/ee/app/models/ee/project_authorization.rb @gitlab-org/manage/authentication-and-authorization
/ee/app/models/scim_oauth_access_token.rb @gitlab-org/manage/authentication-and-authorization
/ee/app/serializers/scim_oauth_access_token_entity.rb @gitlab-org/manage/authentication-and-authorization
-/ee/app/services/ee/auth @gitlab-org/manage/authentication-and-authorization
-/ee/app/services/ee/personal_access_tokens @gitlab-org/manage/authentication-and-authorization
-/ee/app/services/ee/resource_access_tokens @gitlab-org/manage/authentication-and-authorization
-/ee/app/services/personal_access_tokens @gitlab-org/manage/authentication-and-authorization
+/ee/app/services/ee/auth/ @gitlab-org/manage/authentication-and-authorization
+/ee/app/services/ee/personal_access_tokens/ @gitlab-org/manage/authentication-and-authorization
+/ee/app/services/ee/resource_access_tokens/ @gitlab-org/manage/authentication-and-authorization
+/ee/app/services/personal_access_tokens/ @gitlab-org/manage/authentication-and-authorization
/ee/app/services/security/token_revocation_service.rb @gitlab-org/manage/authentication-and-authorization
/ee/app/views/admin/application_settings/_personal_access_token_expiration_policy.html.haml @gitlab-org/manage/authentication-and-authorization
/ee/app/views/credentials_inventory_mailer/personal_access_token_revoked_email.html.haml @gitlab-org/manage/authentication-and-authorization
@@ -977,22 +991,21 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
/ee/app/views/groups/sso/_authorize_pane.html.haml @gitlab-org/manage/authentication-and-authorization
/ee/app/views/notify/policy_revoked_personal_access_tokens_email.html.haml @gitlab-org/manage/authentication-and-authorization
/ee/app/views/notify/policy_revoked_personal_access_tokens_email.text.erb @gitlab-org/manage/authentication-and-authorization
-/ee/app/views/oauth @gitlab-org/manage/authentication-and-authorization
+/ee/app/views/oauth/ @gitlab-org/manage/authentication-and-authorization
/ee/app/views/shared/credentials_inventory/_personal_access_tokens.html.haml @gitlab-org/manage/authentication-and-authorization
/ee/app/views/shared/credentials_inventory/_project_access_tokens.html.haml @gitlab-org/manage/authentication-and-authorization
-/ee/app/views/shared/credentials_inventory/personal_access_tokens @gitlab-org/manage/authentication-and-authorization
-/ee/app/views/shared/credentials_inventory/project_access_tokens @gitlab-org/manage/authentication-and-authorization
-/ee/app/workers/personal_access_tokens @gitlab-org/manage/authentication-and-authorization
+/ee/app/views/shared/credentials_inventory/personal_access_tokens/ @gitlab-org/manage/authentication-and-authorization
+/ee/app/views/shared/credentials_inventory/project_access_tokens/ @gitlab-org/manage/authentication-and-authorization
+/ee/app/workers/personal_access_tokens/ @gitlab-org/manage/authentication-and-authorization
/ee/config/routes/oauth.rb @gitlab-org/manage/authentication-and-authorization
-/ee/lib/ee/gitlab/auth @gitlab-org/manage/authentication-and-authorization
-/ee/lib/ee/gitlab/auth.rb @gitlab-org/manage/authentication-and-authorization
+/ee/lib/ee/gitlab/auth/ @gitlab-org/manage/authentication-and-authorization
/ee/lib/ee/gitlab/omniauth_initializer.rb @gitlab-org/manage/authentication-and-authorization
-/ee/lib/gitlab/auth @gitlab-org/manage/authentication-and-authorization
+/ee/lib/gitlab/auth/ @gitlab-org/manage/authentication-and-authorization
/ee/lib/gitlab/auth_logger.rb @gitlab-org/manage/authentication-and-authorization
/ee/lib/gitlab/authority_analyzer.rb @gitlab-org/manage/authentication-and-authorization
-/ee/lib/gitlab/geo/oauth @gitlab-org/manage/authentication-and-authorization
-/ee/lib/gitlab/kerberos @gitlab-org/manage/authentication-and-authorization
-/ee/lib/omni_auth @gitlab-org/manage/authentication-and-authorization
+/ee/lib/gitlab/geo/oauth/ @gitlab-org/manage/authentication-and-authorization
+/ee/lib/gitlab/kerberos/ @gitlab-org/manage/authentication-and-authorization
+/ee/lib/omni_auth/ @gitlab-org/manage/authentication-and-authorization
/ee/lib/system_check/geo/authorized_keys_check.rb @gitlab-org/manage/authentication-and-authorization
/ee/lib/system_check/geo/authorized_keys_flag_check.rb @gitlab-org/manage/authentication-and-authorization
/lib/api/entities/ci/reset_token_result.rb @gitlab-org/manage/authentication-and-authorization
@@ -1007,27 +1020,28 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
/lib/api/personal_access_tokens.rb @gitlab-org/manage/authentication-and-authorization
/lib/api/resource_access_tokens.rb @gitlab-org/manage/authentication-and-authorization
/lib/api/support/token_with_expiration.rb @gitlab-org/manage/authentication-and-authorization
-/lib/gitlab/api_authentication @gitlab-org/manage/authentication-and-authorization
-/lib/gitlab/auth @gitlab-org/manage/authentication-and-authorization
+/lib/gitlab/api_authentication/ @gitlab-org/manage/authentication-and-authorization
+/lib/gitlab/auth/ @gitlab-org/manage/authentication-and-authorization
/lib/gitlab/auth.rb @gitlab-org/manage/authentication-and-authorization
/lib/gitlab/auth_logger.rb @gitlab-org/manage/authentication-and-authorization
/lib/gitlab/authorized_keys.rb @gitlab-org/manage/authentication-and-authorization
/lib/gitlab/background_migration/encrypt_static_object_token.rb @gitlab-org/manage/authentication-and-authorization
+/lib/gitlab/background_migration/expire_o_auth_tokens.rb @gitlab-org/manage/authentication-and-authorization
/lib/gitlab/background_migration/migrate_u2f_webauthn.rb @gitlab-org/manage/authentication-and-authorization
/lib/gitlab/background_migration/update_users_where_two_factor_auth_required_from_group.rb @gitlab-org/manage/authentication-and-authorization
/lib/gitlab/chat_name_token.rb @gitlab-org/manage/authentication-and-authorization
/lib/gitlab/ci/pipeline/expression/token.rb @gitlab-org/manage/authentication-and-authorization
-/lib/gitlab/external_authorization @gitlab-org/manage/authentication-and-authorization
+/lib/gitlab/external_authorization/ @gitlab-org/manage/authentication-and-authorization
/lib/gitlab/external_authorization.rb @gitlab-org/manage/authentication-and-authorization
-/lib/gitlab/graphql/authorize @gitlab-org/manage/authentication-and-authorization
+/lib/gitlab/graphql/authorize/ @gitlab-org/manage/authentication-and-authorization
/lib/gitlab/jwt_authenticatable.rb @gitlab-org/manage/authentication-and-authorization
/lib/gitlab/jwt_token.rb @gitlab-org/manage/authentication-and-authorization
/lib/gitlab/lfs_token.rb @gitlab-org/manage/authentication-and-authorization
-/lib/gitlab/mail_room @gitlab-org/manage/authentication-and-authorization
+/lib/gitlab/mail_room/ @gitlab-org/manage/authentication-and-authorization
/lib/gitlab/omniauth_initializer.rb @gitlab-org/manage/authentication-and-authorization
/lib/gitlab/project_authorizations.rb @gitlab-org/manage/authentication-and-authorization
-/lib/json_web_token @gitlab-org/manage/authentication-and-authorization
-/lib/omni_auth @gitlab-org/manage/authentication-and-authorization
+/lib/json_web_token/ @gitlab-org/manage/authentication-and-authorization
+/lib/omni_auth/ @gitlab-org/manage/authentication-and-authorization
/lib/system_check/app/authorized_keys_permission_check.rb @gitlab-org/manage/authentication-and-authorization
/lib/system_check/incoming_email/imap_authentication_check.rb @gitlab-org/manage/authentication-and-authorization
/lib/tasks/gitlab/password.rake @gitlab-org/manage/authentication-and-authorization
diff --git a/.gitlab/ci/build-images.gitlab-ci.yml b/.gitlab/ci/build-images.gitlab-ci.yml
index 6a222d8937f..46d0bb2fb8f 100644
--- a/.gitlab/ci/build-images.gitlab-ci.yml
+++ b/.gitlab/ci/build-images.gitlab-ci.yml
@@ -29,7 +29,15 @@ build-qa-image:
- !reference [.base-image-build, script]
- echo $QA_IMAGE
- echo $QA_IMAGE_BRANCH
- - /kaniko/executor --context=${CI_PROJECT_DIR} --dockerfile=${CI_PROJECT_DIR}/qa/Dockerfile --destination=${QA_IMAGE} --destination=${QA_IMAGE_BRANCH} --cache=true
+ - |
+ /kaniko/executor \
+ --context=${CI_PROJECT_DIR} \
+ --dockerfile=${CI_PROJECT_DIR}/qa/Dockerfile \
+ --destination=${QA_IMAGE} \
+ --destination=${QA_IMAGE_BRANCH} \
+ --build-arg=CHROME_VERSION=${CHROME_VERSION} \
+ --build-arg=DOCKER_VERSION=${DOCKER_VERSION} \
+ --cache=true
# This image is used by:
# - The `CNG` pipelines (via the `review-build-cng` job): https://gitlab.com/gitlab-org/build/CNG/-/blob/cfc67136d711e1c8c409bf8e57427a644393da2f/.gitlab-ci.yml#L335
diff --git a/.gitlab/ci/docs.gitlab-ci.yml b/.gitlab/ci/docs.gitlab-ci.yml
index 217da6506bf..3af156e9bd0 100644
--- a/.gitlab/ci/docs.gitlab-ci.yml
+++ b/.gitlab/ci/docs.gitlab-ci.yml
@@ -2,7 +2,7 @@
extends:
- .default-retry
- .docs:rules:review-docs
- image: ${GITLAB_DEPENDENCY_PROXY}ruby:2.7-alpine
+ image: ${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION}-alpine
stage: review
needs: []
variables:
@@ -44,7 +44,7 @@ docs-lint markdown:
- .default-retry
- .docs:rules:docs-lint
# When updating the image version here, update it in /scripts/lint-doc.sh too.
- image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-markdown:alpine-3.15-vale-2.15.5-markdownlint-0.31.1
+ image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-docs/lint-markdown:alpine-3.16-vale-2.17.0-markdownlint-0.31.1
stage: lint
needs: []
script:
@@ -53,7 +53,7 @@ docs-lint markdown:
docs-lint links:
extends:
- .docs:rules:docs-lint
- image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-html:alpine-3.15-ruby-2.7.5-cee62c13
+ image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-docs/lint-html:alpine-3.16-ruby-2.7.6-0bc327a4
stage: lint
needs: []
script:
diff --git a/.gitlab/ci/frontend.gitlab-ci.yml b/.gitlab/ci/frontend.gitlab-ci.yml
index 4b1194d0fbd..8bfda0e6684 100644
--- a/.gitlab/ci/frontend.gitlab-ci.yml
+++ b/.gitlab/ci/frontend.gitlab-ci.yml
@@ -11,7 +11,7 @@
- .default-retry
- .default-before_script
- .assets-compile-cache
- image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:debian-${DEBIAN_VERSION}-ruby-2.7-git-2.33-lfs-2.9-node-16.14-yarn-1.22-graphicsmagick-1.3.36
+ image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}-git-2.33-lfs-2.9-node-16.14-yarn-1.22-graphicsmagick-1.3.36
variables:
SETUP_DB: "false"
WEBPACK_VENDOR_DLL: "true"
diff --git a/.gitlab/ci/global.gitlab-ci.yml b/.gitlab/ci/global.gitlab-ci.yml
index 7e06a4a71bd..344a31b28d8 100644
--- a/.gitlab/ci/global.gitlab-ci.yml
+++ b/.gitlab/ci/global.gitlab-ci.yml
@@ -18,7 +18,7 @@
- source scripts/prepare_build.sh
.ruby-gems-cache: &ruby-gems-cache
- key: "ruby-gems-${DEBIAN_VERSION}"
+ key: "ruby-gems-debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}"
paths:
- vendor/ruby/
policy: pull
@@ -28,7 +28,7 @@
policy: push # We want to rebuild the cache from scratch to ensure stale dependencies are cleaned up.
.gitaly-ruby-gems-cache: &gitaly-ruby-gems-cache
- key: "gitaly-ruby-gems-${DEBIAN_VERSION}"
+ key: "gitaly-ruby-gems-debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}"
paths:
- vendor/gitaly-ruby/
policy: pull
@@ -42,7 +42,7 @@
files:
- GITALY_SERVER_VERSION
- lib/gitlab/setup_helper.rb
- prefix: "gitaly-binaries-${DEBIAN-VERSION}"
+ prefix: "gitaly-binaries-debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}"
paths:
- ${TMP_TEST_FOLDER}/gitaly/_build/bin/
- ${TMP_TEST_FOLDER}/gitaly/_build/deps/git/install/
@@ -79,7 +79,7 @@
policy: push # We want to rebuild the cache from scratch to ensure stale dependencies are cleaned up.
.assets-cache: &assets-cache
- key: "assets-${DEBIAN_VERSION}-${NODE_ENV}"
+ key: "assets-debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}-node-${NODE_ENV}"
paths:
- assets-hash.txt
- public/assets/webpack/
@@ -103,7 +103,7 @@
policy: push # We want to rebuild the cache from scratch to ensure stale dependencies are cleaned up.
.rubocop-cache: &rubocop-cache
- key: "rubocop-${DEBIAN_VERSION}"
+ key: "rubocop-debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}"
paths:
- tmp/rubocop_cache/
policy: pull
@@ -116,6 +116,7 @@
.qa-ruby-gems-cache: &qa-ruby-gems-cache
key:
+ prefix: "qa-ruby-gems-debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}"
files:
- qa/Gemfile.lock
paths:
@@ -238,7 +239,7 @@
services:
- name: postgres:13
command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
- - name: redis:5.0-alpine
+ - name: redis:6.2-alpine
variables:
POSTGRES_HOST_AUTH_METHOD: trust
PG_VERSION: "13"
@@ -269,7 +270,7 @@
services:
- name: postgres:13
command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
- - name: redis:5.0-alpine
+ - name: redis:6.2-alpine
- name: elasticsearch:7.17.0
command: ["elasticsearch", "-E", "discovery.type=single-node", "-E", "xpack.security.enabled=false"]
variables:
@@ -281,7 +282,7 @@
- name: postgres:12
command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
- name: redis:6.0-alpine
- - name: elasticsearch:8.1.1
+ - name: elasticsearch:8.2.0
variables:
POSTGRES_HOST_AUTH_METHOD: trust
PG_VERSION: "12"
diff --git a/.gitlab/ci/qa.gitlab-ci.yml b/.gitlab/ci/qa.gitlab-ci.yml
index 1ebc408e0d4..5ca70da352a 100644
--- a/.gitlab/ci/qa.gitlab-ci.yml
+++ b/.gitlab/ci/qa.gitlab-ci.yml
@@ -1,5 +1,5 @@
.qa-job-base:
- image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-2.7:bundler-2.3-git-2.33-chrome-99
+ image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-2.7:bundler-2.3-git-2.33-chrome-${CHROME_VERSION}
extends:
- .default-retry
- .qa-cache
@@ -12,7 +12,7 @@
before_script:
- !reference [.default-before_script, before_script]
- cd qa/
- - bundle_install_script
+ - bundle install
qa:internal:
extends:
@@ -52,7 +52,6 @@ qa:nightly-auto-quarantine-dequarantine:
- bundle exec confiner -r .confiner/nightly.yml
allow_failure: true
-
qa:selectors-as-if-foss:
extends:
- qa:selectors
@@ -68,8 +67,32 @@ update-qa-cache:
script:
- echo "Cache has been updated and ready to be uploaded."
-.package-and-qa-base:
+populate-qa-tests-var:
+ extends:
+ - .qa:rules:determine-qa-tests
image: ${GITLAB_DEPENDENCY_PROXY}ruby:2.7-alpine
+ stage: prepare
+ script:
+ - tooling/bin/qa/check_if_qa_only_spec_changes ${CHANGES_FILE} ${ONLY_QA_CHANGES_FILE}
+ - '[ -f $ONLY_QA_CHANGES_FILE ] && export QA_TESTS="`cat $ONLY_QA_CHANGES_FILE`"'
+ - 'echo "QA_TESTS=$QA_TESTS" >> qa_tests_var.env'
+ - 'echo "QA_TESTS: $QA_TESTS"'
+ artifacts:
+ expire_in: 2d
+ reports:
+ dotenv: qa_tests_var.env
+ paths:
+ - ${CHANGES_FILE}
+ - ${ONLY_QA_CHANGES_FILE}
+ - qa_tests_var.env
+ variables:
+ CHANGES_FILE: tmp/changed_files.txt
+ ONLY_QA_CHANGES_FILE: tmp/qa_only_changed_files.txt
+ needs:
+ - detect-tests
+
+.package-and-qa-base:
+ image: ${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION}-alpine
stage: qa
retry: 0
before_script:
@@ -77,8 +100,6 @@ update-qa-cache:
- install_gitlab_gem
- tooling/bin/find_change_diffs ${CHANGES_DIFFS_DIR}
script:
- - tooling/bin/qa/check_if_qa_only_spec_changes ${CHANGES_FILE} ${ONLY_QA_CHANGES_FILE}
- - '[ -f $ONLY_QA_CHANGES_FILE ] && export QA_TESTS="`cat $ONLY_QA_CHANGES_FILE`"'
- 'echo "QA_TESTS: $QA_TESTS"'
- exit_code=0 && tooling/bin/qa/package_and_qa_check ${CHANGES_DIFFS_DIR} || exit_code=$?
- echo $exit_code
@@ -99,16 +120,13 @@ update-qa-cache:
artifacts: false
- job: build-assets-image
artifacts: false
+ - job: populate-qa-tests-var
- detect-tests
artifacts:
expire_in: 7d
paths:
- - ${CHANGES_FILE}
- - ${ONLY_QA_CHANGES_FILE}
- ${CHANGES_DIFFS_DIR}/*
variables:
- CHANGES_FILE: tmp/changed_files.txt
- ONLY_QA_CHANGES_FILE: tmp/qa_only_changed_files.txt
CHANGES_DIFFS_DIR: tmp/diffs
ALLURE_JOB_NAME: $CI_JOB_NAME
diff --git a/.gitlab/ci/rails.gitlab-ci.yml b/.gitlab/ci/rails.gitlab-ci.yml
index 77bdfda3eac..0358fe8ec49 100644
--- a/.gitlab/ci/rails.gitlab-ci.yml
+++ b/.gitlab/ci/rails.gitlab-ci.yml
@@ -395,15 +395,15 @@ db:migrate-from-previous-major-version:
USE_BUNDLE_INSTALL: "false"
SETUP_DB: "false"
PROJECT_TO_CHECKOUT: "gitlab-foss"
- TAG_TO_CHECKOUT: "v13.12.9"
+ TAG_TO_CHECKOUT: "v14.10.2"
before_script:
- !reference [.default-before_script, before_script]
- '[[ -d "ee/" ]] || export PROJECT_TO_CHECKOUT="gitlab"'
- '[[ -d "ee/" ]] || export TAG_TO_CHECKOUT="${TAG_TO_CHECKOUT}-ee"'
- retry 'git fetch https://gitlab.com/gitlab-org/$PROJECT_TO_CHECKOUT.git $TAG_TO_CHECKOUT'
- git checkout -f FETCH_HEAD
- - SETUP_DB=false USE_BUNDLE_INSTALL=true bash scripts/prepare_build.sh
- - run_timed_command "bundle exec rake db:drop db:create db:structure:load db:migrate db:seed_fu"
+ - SETUP_DB=false USE_BUNDLE_INSTALL=true ENABLE_BOOTSNAP=false bash scripts/prepare_build.sh
+ - run_timed_command "ENABLE_BOOTSNAP=false bundle exec rake db:drop db:create db:structure:load db:migrate db:seed_fu"
- git checkout -f $CI_COMMIT_SHA
- SETUP_DB=false USE_BUNDLE_INSTALL=true bash scripts/prepare_build.sh
script:
@@ -419,7 +419,7 @@ db:migrate-from-previous-major-version-single-db:
extends:
- .rails:rules:ee-mr-and-default-branch-only
variables:
- TAG_TO_CHECKOUT: "v14.4.0"
+ TAG_TO_CHECKOUT: "v14.7.0" # this version updated grpc to 1.42.0, which supports Ruby 2 & 3
script:
- run_timed_command "scripts/db_tasks db:migrate"
- scripts/schema_changed.sh
@@ -460,7 +460,7 @@ db:migrate-non-superuser:
db:gitlabcom-database-testing:
extends: .rails:rules:db:gitlabcom-database-testing
stage: test
- image: ruby:2.7-alpine
+ image: ruby:${RUBY_VERSION}-alpine
needs: []
allow_failure: true
script:
@@ -976,7 +976,6 @@ rspec system pg13:
- .rspec-base-pg13
- .rails:rules:default-branch-schedule-nightly--code-backstage
- .rspec-system-parallel
-
# EE/FOSS: default branch nightly scheduled jobs #
##########################################
diff --git a/.gitlab/ci/reports.gitlab-ci.yml b/.gitlab/ci/reports.gitlab-ci.yml
index 107f37ed47d..68c71b359c2 100644
--- a/.gitlab/ci/reports.gitlab-ci.yml
+++ b/.gitlab/ci/reports.gitlab-ci.yml
@@ -91,7 +91,7 @@ gemnasium-python-dependency_scanning:
yarn-audit-dependency_scanning:
extends: .ds-analyzer
- image: "registry.gitlab.com/gitlab-org/security-products/analyzers/npm-audit:1.4.1"
+ image: "${REGISTRY_HOST}/${REGISTRY_GROUP}/security-products/analyzers/npm-audit:1"
variables:
TOOL: yarn
rules: !reference [".reports:rules:yarn-audit-dependency_scanning", rules]
@@ -102,7 +102,7 @@ yarn-audit-dependency_scanning:
extends: .default-retry
stage: test
image:
- name: registry.gitlab.com/gitlab-org/security-products/package-hunter-cli:v1.3.2@sha256:7529deaef9ea21aab56bfb74ae1abbc121311affdb6ece49ce7b1c360f997ca2
+ name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/security-products/package-hunter-cli:v1.3.2@sha256:7529deaef9ea21aab56bfb74ae1abbc121311affdb6ece49ce7b1c360f997ca2
entrypoint: [""]
variables:
HTR_user: '$PACKAGE_HUNTER_USER'
diff --git a/.gitlab/ci/review-apps/dast.gitlab-ci.yml b/.gitlab/ci/review-apps/dast.gitlab-ci.yml
index df8ad4c517a..8f0c6b60190 100644
--- a/.gitlab/ci/review-apps/dast.gitlab-ci.yml
+++ b/.gitlab/ci/review-apps/dast.gitlab-ci.yml
@@ -5,12 +5,12 @@
extends:
- .reports:rules:schedule-dast
image:
- name: "registry.gitlab.com/security-products/dast:$DAST_VERSION"
+ name: "${REGISTRY_HOST}/security-products/dast:$DAST_VERSION"
resource_group: dast_scan
variables:
DAST_USERNAME_FIELD: "user[login]"
DAST_PASSWORD_FIELD: "user[password]"
- DAST_SUBMIT_FIELD: "commit"
+ DAST_SUBMIT_FIELD: "name:button"
DAST_FULL_SCAN_ENABLED: "true"
DAST_VERSION: 2
GIT_STRATEGY: none
@@ -28,7 +28,7 @@
needs: ["review-deploy"]
stage: dast
# Default job timeout set to 90m and dast rules needs 2h to so that it won't timeout.
- timeout: 2h
+ timeout: 3h
# Add retry because of intermittent connection problems. See https://gitlab.com/gitlab-org/gitlab/-/issues/244313
retry: 1
artifacts:
@@ -42,149 +42,65 @@
# DAST scan with a subset of Release scan rules.
# ZAP rule details can be found at https://www.zaproxy.org/docs/alerts/
-# 10019, 10021 Missing security headers
-# 10023, 10024, 10025, 10037 Information Disclosure
-# 10040 Secure Pages Include Mixed Content
-# 10056 X-Debug-Token Information Leak
-# Duration: 14 minutes 20 seconds
-
-dast:secureHeaders-csp-infoLeak:
+dast:anti-clickjacking-header:
extends:
- .dast_conf
variables:
DAST_USERNAME: "user1"
- DAST_ONLY_INCLUDE_RULES: "10019,10021,10023,10024,10025,10037,10040,10056"
+ DAST_ONLY_INCLUDE_RULES: "10020"
script:
- /analyze
-# 90023 XML External Entity Attack
-# Duration: 41 minutes 20 seconds
-# 90019 Server Side Code Injection
-# Duration: 34 minutes 31 seconds
-dast:XXE-SrvSideInj:
+dast:xss-persistant:
extends:
- .dast_conf
variables:
DAST_USERNAME: "user2"
- DAST_ONLY_INCLUDE_RULES: "90023,90019"
+ DAST_ONLY_INCLUDE_RULES: "40014"
script:
- /analyze
-# 0 Directory Browsing
-# 2 Private IP Disclosure
-# 3 Session ID in URL Rewrite
-# 7 Remote File Inclusion
-# Duration: 63 minutes 43 seconds
-# 90034 Cloud Metadata Potentially Exposed
-# Duration: 13 minutes 48 seconds
-# 90022 Application Error Disclosure
-# Duration: 12 minutes 7 seconds
-dast:infoLeak-fileInc-DirBrowsing:
+dast:insecure-http-method:
extends:
- .dast_conf
variables:
DAST_USERNAME: "user3"
- DAST_ONLY_INCLUDE_RULES: "0,2,3,7,90034,90022"
+ DAST_ONLY_INCLUDE_RULES: "90028"
script:
- /analyze
-# 10010 Cookie No HttpOnly Flag
-# 10011 Cookie Without Secure Flag
-# 10017 Cross-Domain JavaScript Source File Inclusion
-# 10029 Cookie Poisoning
-# 90033 Loosely Scoped Cookie
-# 10054 Cookie Without SameSite Attribute
-# Duration: 13 minutes 23 seconds
-dast:insecureCookie:
+dast:server-side-template-inj:
extends:
- .dast_conf
variables:
DAST_USERNAME: "user4"
- DAST_ONLY_INCLUDE_RULES: "10010,10011,10017,10029,90033,10054"
+ DAST_ONLY_INCLUDE_RULES: "90035"
script:
- /analyze
-
-# 20012 Anti-CSRF Tokens Check
-# 10202 Absence of Anti-CSRF Tokens
-# https://gitlab.com/gitlab-com/gl-security/appsec/appsec-team/-/issues/192
-
-# Commented because of lot of FP's
-# dast:csrfTokenCheck:
-# extends:
-# - .dast_conf
-# variables:
-# DAST_USERNAME: "user6"
-# DAST_ONLY_INCLUDE_RULES: "20012,10202"
-# script:
-# - /analyze
-
-# 10098 Cross-Domain Misconfiguration
-# 10105 Weak Authentication Method
-# 40003 CRLF Injection
-# 40008 Parameter Tampering
-# Duration: 71 minutes 15 seconds
-dast:corsMisconfig-weakauth-crlfInj:
+dast:server-side-template-inj-blind:
extends:
- .dast_conf
variables:
DAST_USERNAME: "user5"
- DAST_ONLY_INCLUDE_RULES: "10098,10105,40003,40008"
+ DAST_ONLY_INCLUDE_RULES: "90035"
script:
- /analyze
-# 20019 External Redirect
-# 20014 HTTP Parameter Pollution
-# Duration: 46 minutes 12 seconds
-dast:extRedirect-paramPollution:
+dast:session-fixation:
extends:
- .dast_conf
variables:
DAST_USERNAME: "user6"
- DAST_ONLY_INCLUDE_RULES: "20019,20014"
- script:
- - /analyze
-
-# 40022 SQL Injection - PostgreSQL
-# Duration: 53 minutes 59 seconds
-dast:sqlInjection:
- extends:
- - .dast_conf
- variables:
- DAST_USERNAME: "user7"
- DAST_ONLY_INCLUDE_RULES: "40022"
- script:
- - /analyze
-
-# 40014 Cross Site Scripting (Persistent)
-# Duration: 21 minutes 50 seconds
-dast:xss-persistent:
- extends:
- - .dast_conf
- variables:
- DAST_USERNAME: "user8"
- DAST_ONLY_INCLUDE_RULES: "40014"
- script:
- - /analyze
-
-# 40012 Cross Site Scripting (Reflected)
-# Duration: 73 minutes 15 seconds
-dast:xss-reflected:
- extends:
- - .dast_conf
- variables:
- DAST_USERNAME: "user9"
- DAST_ONLY_INCLUDE_RULES: "40012"
+ DAST_ONLY_INCLUDE_RULES: "40013"
script:
- /analyze
-# 40013 Session Fixation
-# Duration: 44 minutes 25 seconds
-dast:sessionFixation:
+dast:xss-dombased:
extends:
- .dast_conf
variables:
DAST_USERNAME: "user10"
- DAST_ONLY_INCLUDE_RULES: "40013"
+ DAST_ONLY_INCLUDE_RULES: "40026"
script:
- /analyze
diff --git a/.gitlab/ci/review-apps/main.gitlab-ci.yml b/.gitlab/ci/review-apps/main.gitlab-ci.yml
index 22fdce71243..f3cde5d7318 100644
--- a/.gitlab/ci/review-apps/main.gitlab-ci.yml
+++ b/.gitlab/ci/review-apps/main.gitlab-ci.yml
@@ -20,7 +20,7 @@ review-build-cng-env:
extends:
- .default-retry
- .review:rules:review-build-cng
- image: ${GITLAB_DEPENDENCY_PROXY}ruby:2.7-alpine3.13
+ image: ${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION}-alpine3.13
stage: prepare
needs: []
before_script:
diff --git a/.gitlab/ci/review-apps/qa.gitlab-ci.yml b/.gitlab/ci/review-apps/qa.gitlab-ci.yml
index 47e756eb230..07ad5a31135 100644
--- a/.gitlab/ci/review-apps/qa.gitlab-ci.yml
+++ b/.gitlab/ci/review-apps/qa.gitlab-ci.yml
@@ -1,6 +1,6 @@
include:
- project: gitlab-org/quality/pipeline-common
- ref: 0.6.0
+ ref: 0.13.0
file:
- /ci/allure-report.yml
- /ci/knapsack-report.yml
@@ -13,8 +13,8 @@ include:
.test_variables:
variables:
- QA_DEBUG: "true"
QA_GENERATE_ALLURE_REPORT: "true"
+ COLORIZED_LOGS: "true"
GITLAB_USERNAME: "root"
GITLAB_PASSWORD: "${REVIEW_APPS_ROOT_PASSWORD}"
GITLAB_ADMIN_USERNAME: "root"
@@ -28,7 +28,7 @@ include:
- .qa-cache
- .test_variables
- .bundler_variables
- image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-2.7:bundler-2.3-git-2.33-lfs-2.9-chrome-99-docker-20.10.14-gcloud-383-kubectl-1.23
+ image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-2.7:bundler-2.3-git-2.33-lfs-2.9-chrome-${CHROME_VERSION}-docker-${DOCKER_VERSION}-gcloud-383-kubectl-1.23
stage: qa
needs:
- review-deploy
@@ -50,6 +50,9 @@ include:
--tag ~orchestrated \
--tag ~transient \
--tag ~skip_signup_disabled \
+ --tag ~requires_git_protocol_v2 \
+ --tag ~requires_praefect \
+ --tag ~sanity_feature_flags \
--force-color \
--order random \
--format documentation \
@@ -79,27 +82,52 @@ include:
# Store knapsack report as artifact so the same report is reused across all jobs
download-knapsack-report:
- image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-2.7:bundler-2.3-git-2.33-chrome-99
+ image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-2.7:bundler-2.3-git-2.33-chrome-${CHROME_VERSION}
extends:
- .qa-cache
- .bundler_variables
- .review:rules:review-qa-reliable
stage: prepare
+ variables:
+ QA_KNAPSACK_REPORTS: review-qa-reliable,review-qa-all
before_script:
- cd qa && bundle install
script:
- - QA_KNAPSACK_REPORT_NAME=review-qa-reliable bundle exec rake "knapsack:download"
- - QA_KNAPSACK_REPORT_NAME=review-qa-all bundle exec rake "knapsack:download"
+ - bundle exec rake "knapsack:download"
allow_failure: true
artifacts:
paths:
- qa/knapsack/review-qa-*.json
expire_in: 1 day
+review-qa-sanity:
+ extends:
+ - .review-qa-base
+ - .review:rules:review-qa-sanity
+ retry: 1
+ variables:
+ QA_RUN_TYPE: review-qa-sanity
+ script:
+ - qa_run_status=0
+ - |
+ bundle exec rake "knapsack:rspec[\
+ --tag sanity_feature_flags \
+ --force-color \
+ --order random \
+ --format documentation \
+ --format RspecJunitFormatter --out tmp/rspec.xml \
+ ]" || qa_run_status=$?
+ - if [ ${qa_run_status} -ne 0 ]; then
+ release_sha=$(echo "${CI_MERGE_REQUEST_SOURCE_BRANCH_SHA:-${CI_COMMIT_SHA}}" | cut -c1-11);
+ echo "Errors can be found at https://sentry.gitlab.net/gitlab/gitlab-review-apps/releases/${release_sha}/all-events/.";
+ fi
+ - exit ${qa_run_status}
+
review-qa-smoke:
extends:
- .review-qa-base
- .review:rules:review-qa-smoke
+ retry: 1
variables:
QA_RUN_TYPE: review-qa-smoke
RSPEC_TAGS: --tag smoke
@@ -108,6 +136,7 @@ review-qa-reliable:
extends:
- .review-qa-base
- .review:rules:review-qa-reliable
+ retry: 1
parallel: 10
variables:
QA_RUN_TYPE: review-qa-reliable
diff --git a/.gitlab/ci/review.gitlab-ci.yml b/.gitlab/ci/review.gitlab-ci.yml
index 03223e64b23..26c7306c880 100644
--- a/.gitlab/ci/review.gitlab-ci.yml
+++ b/.gitlab/ci/review.gitlab-ci.yml
@@ -5,7 +5,7 @@ review-cleanup:
extends:
- .default-retry
- .review:rules:review-cleanup
- image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:gitlab-helm3-kubectl1.14
+ image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:gitlab-helm3.5-kubectl1.17
stage: prepare
environment:
name: review/${CI_COMMIT_REF_SLUG}${FREQUENCY}
@@ -29,8 +29,6 @@ start-review-app-pipeline:
needs:
- job: build-assets-image
artifacts: false
- - job: build-qa-image
- artifacts: false
# These variables are set in the pipeline schedules.
# They need to be explicitly passed on to the child pipeline.
# https://docs.gitlab.com/ee/ci/pipelines/multi_project_pipelines.html#pass-cicd-variables-to-a-downstream-pipeline-by-using-the-variables-keyword
@@ -72,5 +70,6 @@ danger-review-local:
reviewers-recommender:
extends:
- .default-retry
+ - .review:rules:reviewers-recommender
stage: test
needs: []
diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml
index 37593ffd2fc..ccdc2c1b90a 100644
--- a/.gitlab/ci/rules.gitlab-ci.yml
+++ b/.gitlab/ci/rules.gitlab-ci.yml
@@ -73,12 +73,18 @@
.if-merge-request-labels-skip-undercoverage: &if-merge-request-labels-skip-undercoverage
if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:skip-undercoverage/'
+.if-merge-request-labels-community-contribution: &if-merge-request-labels-community-contribution
+ if: '$CI_MERGE_REQUEST_LABELS =~ /Community contribution/'
+
.if-merge-request-labels-jh-contribution: &if-merge-request-labels-jh-contribution
if: '$CI_MERGE_REQUEST_LABELS =~ /JiHu contribution/'
.if-merge-request-labels-group-global-search: &if-merge-request-labels-group-global-search
if: '$CI_MERGE_REQUEST_LABELS =~ /group::global search/'
+.if-merge-request-labels-pipeline-revert: &if-merge-request-labels-pipeline-revert
+ if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:revert/'
+
.if-security-merge-request: &if-security-merge-request
if: '$CI_PROJECT_NAMESPACE == "gitlab-org/security" && $CI_MERGE_REQUEST_IID'
@@ -175,16 +181,26 @@
- ".gitlab/ci/workhorse.gitlab-ci.yml"
.yaml-lint-patterns: &yaml-lint-patterns
+ - "*.yml"
+ - "**/*.yml"
+
+.lint-pipeline-yaml-patterns: &lint-pipeline-yaml-patterns
- ".gitlab-ci.yml"
- ".gitlab/ci/**/*.yml"
- - "data/**/*.yml"
- "lib/gitlab/ci/templates/**/*.yml"
+ - "data/deprecations/**/*.yml"
+ - "data/removals/**/*.yml"
+ - "data/whats_new/**/*.yml"
+
+.lint-metrics-yaml-patterns: &lint-metrics-yaml-patterns
+ - "config/metrics/**/*.yml"
.docs-patterns: &docs-patterns
- ".gitlab/route-map.yml"
- "doc/**/*"
- ".markdownlint.yml"
- "scripts/lint-doc.sh"
+ - ".gitlab/ci/docs.gitlab-ci.yml"
.docs-deprecations-and-removals-patterns: &docs-deprecations-and-removals-patterns
- "doc/update/deprecations.md"
@@ -896,10 +912,26 @@
- <<: *if-default-refs
changes: *qa-patterns
+.qa:rules:determine-qa-tests:
+ rules:
+ - <<: *if-not-ee
+ when: never
+ - <<: *if-merge-request-targeting-stable-branch
+ allow_failure: true
+ - <<: *if-dot-com-gitlab-org-and-security-merge-request
+ changes: *code-backstage-qa-patterns
+ allow_failure: true
+ - <<: *if-dot-com-gitlab-org-schedule
+ allow_failure: true
+ - <<: *if-force-ci
+ allow_failure: true
+
.qa:rules:package-and-qa:
rules:
- <<: *if-not-ee
when: never
+ - <<: *if-merge-request-labels-pipeline-revert
+ when: never
- <<: *if-merge-request-targeting-stable-branch
allow_failure: true
- <<: *if-dot-com-gitlab-org-and-security-merge-request
@@ -925,6 +957,8 @@
rules:
- <<: *if-not-ee
when: never
+ - <<: *if-merge-request-labels-pipeline-revert
+ when: never
- <<: *if-dot-com-gitlab-org-and-security-merge-request-manual-ff-package-and-qa
changes: *feature-flag-development-config-patterns
when: manual
@@ -1060,10 +1094,8 @@
rules:
- <<: *if-merge-request-labels-run-all-rspec
- <<: *if-merge-request
- changes: *core-backend-patterns
- - <<: *if-merge-request
- changes: *ci-patterns
- - changes: ["config/**/*"]
+ changes: *backend-patterns
+ - changes: *core-backend-patterns
.rails:rules:code-backstage-qa:
rules:
@@ -1354,6 +1386,8 @@
rules:
- <<: *if-not-ee
when: never
+ - <<: *if-merge-request-labels-pipeline-revert
+ when: never
- <<: *if-merge-request-labels-skip-undercoverage
when: never
- <<: *if-merge-request-labels-run-all-rspec
@@ -1558,6 +1592,8 @@
rules:
- <<: *if-not-ee
when: never
+ - <<: *if-merge-request-labels-pipeline-revert
+ when: never
- <<: *if-merge-request-labels-run-review-app
- <<: *if-dot-com-gitlab-org-merge-request
changes: *ci-review-patterns
@@ -1601,6 +1637,10 @@
rules:
- when: on_success
+.review:rules:review-qa-sanity:
+ rules:
+ - when: on_success
+
.review:rules:review-qa-smoke:
rules:
- when: on_success
@@ -1627,7 +1667,6 @@
.review:rules:review-qa-all:
rules:
- - <<: *if-merge-request-labels-run-review-app # we explicitly don't allow the job to fail in that case
- <<: *if-dot-com-gitlab-org-merge-request
changes: *code-patterns
when: manual
@@ -1662,6 +1701,14 @@
- <<: *if-merge-request
changes: *danger-patterns
+.review:rules:reviewers-recommender:
+ rules:
+ - <<: *if-not-canonical-namespace
+ when: never
+ - <<: *if-merge-request-labels-community-contribution
+ when: never
+ - <<: *if-merge-request
+
###############
# Setup rules #
###############
@@ -1769,3 +1816,13 @@
rules:
- <<: *if-default-refs
changes: *yaml-lint-patterns
+
+.lint-pipeline-yaml:rules:
+ rules:
+ - <<: *if-default-refs
+ changes: *lint-pipeline-yaml-patterns
+
+.lint-metrics-yaml:rules:
+ rules:
+ - <<: *if-default-refs
+ changes: *lint-metrics-yaml-patterns
diff --git a/.gitlab/ci/setup.gitlab-ci.yml b/.gitlab/ci/setup.gitlab-ci.yml
index 4339251897c..505caeec837 100644
--- a/.gitlab/ci/setup.gitlab-ci.yml
+++ b/.gitlab/ci/setup.gitlab-ci.yml
@@ -60,7 +60,7 @@ no-jh-check:
verify-tests-yml:
extends:
- .setup:rules:verify-tests-yml
- image: ${GITLAB_DEPENDENCY_PROXY}ruby:2.7-alpine3.13
+ image: ${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION}-alpine3.13
stage: test
needs: []
script:
@@ -96,7 +96,7 @@ generate-frontend-fixtures-mapping:
- ${FRONTEND_FIXTURES_MAPPING_PATH}
.detect-test-base:
- image: ${GITLAB_DEPENDENCY_PROXY}ruby:2.7
+ image: ${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION}
needs: []
stage: prepare
script:
@@ -160,7 +160,7 @@ detect-previous-failed-tests:
add-jh-folder:
extends: .setup:rules:add-jh-folder
- image: ${GITLAB_DEPENDENCY_PROXY}ruby:2.7
+ image: ${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION}
stage: prepare
before_script:
- source ./scripts/utils.sh
@@ -171,7 +171,6 @@ add-jh-folder:
- curl --location -o "jh-folder.tar.gz" "https://gitlab.com/gitlab-org/gitlab-jh-mirrors/gitlab/-/archive/${JH_BRANCH}/gitlab-${JH_BRANCH}.tar.gz?path=jh"
- tar -xf "jh-folder.tar.gz"
- mv "gitlab-${JH_BRANCH}-jh/jh/" ./
- - cp Gemfile.lock jh/
- ls -l jh/
artifacts:
expire_in: 2d
diff --git a/.gitlab/ci/test-metadata.gitlab-ci.yml b/.gitlab/ci/test-metadata.gitlab-ci.yml
index 79fea15690c..f4fa39300b6 100644
--- a/.gitlab/ci/test-metadata.gitlab-ci.yml
+++ b/.gitlab/ci/test-metadata.gitlab-ci.yml
@@ -1,5 +1,5 @@
.tests-metadata-state:
- image: ${GITLAB_DEPENDENCY_PROXY}ruby:2.7
+ image: ${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION}
before_script:
- source scripts/utils.sh
artifacts:
diff --git a/.gitlab/ci/workhorse.gitlab-ci.yml b/.gitlab/ci/workhorse.gitlab-ci.yml
index 01e059b8a60..6db3582bdab 100644
--- a/.gitlab/ci/workhorse.gitlab-ci.yml
+++ b/.gitlab/ci/workhorse.gitlab-ci.yml
@@ -1,6 +1,6 @@
workhorse:verify:
extends: .workhorse:rules:workhorse
- image: ${GITLAB_DEPENDENCY_PROXY}golang:1.16
+ image: ${GITLAB_DEPENDENCY_PROXY}golang:1.17
stage: test
needs: []
script:
@@ -20,10 +20,6 @@ workhorse:verify:
- scripts/gitaly-test-build
- make -C workhorse test
-workhorse:test using go 1.16:
- extends: .workhorse:test
- image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:debian-${DEBIAN_VERSION}-ruby-2.7-golang-1.16-git-2.31
-
workhorse:test using go 1.17:
extends: .workhorse:test
- image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:debian-${DEBIAN_VERSION}-ruby-2.7-golang-1.17-git-2.31
+ image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}-golang-1.17-git-2.31
diff --git a/.gitlab/ci/yaml.gitlab-ci.yml b/.gitlab/ci/yaml.gitlab-ci.yml
index ac32e4226e2..0420f158bbb 100644
--- a/.gitlab/ci/yaml.gitlab-ci.yml
+++ b/.gitlab/ci/yaml.gitlab-ci.yml
@@ -1,4 +1,5 @@
-# Yamllint of CI-related yaml.
+# Yamllint of yaml files.
+
# This uses rules from project root `.yamllint`.
lint-yaml:
extends:
@@ -7,15 +8,29 @@ lint-yaml:
image: pipelinecomponents/yamllint:latest
stage: lint
needs: []
+ script:
+ - yamllint --strict -f colored .
+
+# The jobs below will not use the configuration present in `.yamllint` (it's because of the -d option)
+#
+# Docs: https://yamllint.readthedocs.io/en/stable/configuration.html#custom-configuration-without-a-config-file
+
+lint-pipeline-yaml:
+ extends:
+ - .default-retry
+ - .lint-pipeline-yaml:rules
+ image: pipelinecomponents/yamllint:latest
+ stage: lint
+ needs: []
variables:
LINT_PATHS: .gitlab-ci.yml .gitlab/ci lib/gitlab/ci/templates data/deprecations data/removals data/whats_new
script:
- - yamllint --strict -f colored $LINT_PATHS
+ - 'yamllint -d "{extends: default, rules: {line-length: disable, document-start: disable}}" $LINT_PATHS'
lint-metrics-yaml:
extends:
- .default-retry
- - .yaml-lint:rules
+ - .lint-metrics-yaml:rules
image: pipelinecomponents/yamllint:latest
stage: lint
needs: []
diff --git a/.gitlab/issue_templates/Deprecations.md b/.gitlab/issue_templates/Deprecations.md
index 2e48c272316..3dfed1a1fc1 100644
--- a/.gitlab/issue_templates/Deprecations.md
+++ b/.gitlab/issue_templates/Deprecations.md
@@ -47,7 +47,7 @@ Please add links to the relevant merge requests.
- As soon as possible, but no later than the third milestone preceding the major release (for example, given the following release schedule: `14.8, 14.9, 14.10, 15.0` – `14.8` is the third milestone preceding the major release):
- [ ] A [deprecation entry](https://about.gitlab.com/handbook/marketing/blog/release-posts/#creating-a-deprecation-entry) has been created so the deprecation will appear in release posts and on the [general deprecation page](https://docs.gitlab.com/ee/update/deprecations).
- - [ ] Documentation has been updated to add a note about the [end-of-life](https://docs.gitlab.com/ee/development/documentation/styleguide/#end-of-life-for-features-or-products) and to mark the feature as [deprecated](https://docs.gitlab.com/ee/development/documentation/styleguide/#deprecated-features).
+ - [ ] Documentation has been updated to mark the feature as [deprecated](https://docs.gitlab.com/ee/development/documentation/versions.html#deprecations-and-removals).
- [ ] On or before the major milestone: A [removal entry](https://about.gitlab.com/handbook/marketing/blog/release-posts/#removals) has been created so the removal will appear on the [removals by milestones](https://docs.gitlab.com/ee/update/removals) page and be announced in the release post.
- On the major milestone:
- [ ] The deprecated item has been removed.
diff --git a/.gitlab/issue_templates/Feature Flag Roll Out.md b/.gitlab/issue_templates/Feature Flag Roll Out.md
index 52f189f09f0..1b3d82cf522 100644
--- a/.gitlab/issue_templates/Feature Flag Roll Out.md
+++ b/.gitlab/issue_templates/Feature Flag Roll Out.md
@@ -62,8 +62,7 @@ _Consider adding links to check for Sentry errors, Production logs for 5xx, 302s
- Ensure that the feature MRs have been deployed to non-production environments.
- [ ] `/chatops run auto_deploy status <merge-commit-of-your-feature>`
- [ ] Enable the feature globally on non-production environments.
- - [ ] `/chatops run feature set <feature-flag-name> true --dev`
- - [ ] `/chatops run feature set <feature-flag-name> true --staging`
+ - [ ] `/chatops run feature set <feature-flag-name> true --dev --staging`
- [ ] Verify that the feature works as expected. Posting the QA result in this issue is preferable.
The best environment to validate the feature in is [staging-canary](https://about.gitlab.com/handbook/engineering/infrastructure/environments/#staging-canary)
as this is the first environment deployed to. Note you will need to make sure you are configured to use canary as outlined [here](https://about.gitlab.com/handbook/engineering/infrastructure/environments/canary-stage/)
@@ -74,12 +73,9 @@ _Consider adding links to check for Sentry errors, Production logs for 5xx, 302s
- Ensure that the feature MRs have been deployed to both production and canary.
- [ ] `/chatops run auto_deploy status <merge-commit-of-your-feature>`
- If you're using [project-actor](https://docs.gitlab.com/ee/development/feature_flags/#feature-actors), you must enable the feature on these entries:
- - [ ] `/chatops run feature set --project=gitlab-org/gitlab <feature-flag-name> true`
- - [ ] `/chatops run feature set --project=gitlab-org/gitlab-foss <feature-flag-name> true`
- - [ ] `/chatops run feature set --project=gitlab-com/www-gitlab-com <feature-flag-name> true`
+ - [ ] `/chatops run feature set --project=gitlab-org/gitlab,gitlab-org/gitlab-foss,gitlab-com/www-gitlab-com <feature-flag-name> true`
- If you're using [group-actor](https://docs.gitlab.com/ee/development/feature_flags/#feature-actors), you must enable the feature on these entries:
- - [ ] `/chatops run feature set --group=gitlab-org <feature-flag-name> true`
- - [ ] `/chatops run feature set --group=gitlab-com <feature-flag-name> true`
+ - [ ] `/chatops run feature set --group=gitlab-org,gitlab-com <feature-flag-name> true`
- If you're using [user-actor](https://docs.gitlab.com/ee/development/feature_flags/#feature-actors), you must enable the feature on these entries:
- [ ] `/chatops run feature set --user=<your-username> <feature-flag-name> true`
- [ ] Verify that the feature works on the specific entries. Posting the QA result in this issue is preferable.
@@ -124,9 +120,7 @@ To do so, follow these steps:
the feature can be officially announced in a release blog post.
- [ ] `/chatops run release check <merge-request-url> <milestone>`
- [ ] Consider cleaning up the feature flag from all environments by running these chatops command in `#production` channel. Otherwise these settings may override the default enabled.
- - [ ] `/chatops run feature delete <feature-flag-name> --dev`
- - [ ] `/chatops run feature delete <feature-flag-name> --staging`
- - [ ] `/chatops run feature delete <feature-flag-name>`
+ - [ ] `/chatops run feature delete <feature-flag-name> --dev --staging --production`
- [ ] Close [the feature issue](ISSUE LINK) to indicate the feature will be released in the current milestone.
- [ ] Set the next milestone to this rollout issue for scheduling [the flag removal](#release-the-feature).
- [ ] (Optional) You can [create a separate issue](https://gitlab.com/gitlab-org/gitlab/-/issues/new?issuable_template=Feature%20Flag%20Cleanup) for scheduling the steps below to [Release the feature](#release-the-feature).
@@ -162,9 +156,7 @@ You can either [create a follow-up issue for Feature Flag Cleanup](https://gitla
- [ ] `/chatops run release check <merge-request-url> <milestone>`
- [ ] Close [the feature issue](ISSUE LINK) to indicate the feature will be released in the current milestone.
- [ ] If not already done, clean up the feature flag from all environments by running these chatops command in `#production` channel:
- - [ ] `/chatops run feature delete <feature-flag-name> --dev`
- - [ ] `/chatops run feature delete <feature-flag-name> --staging`
- - [ ] `/chatops run feature delete <feature-flag-name>`
+ - [ ] `/chatops run feature delete <feature-flag-name> --dev --staging --production`
- [ ] Close this rollout issue.
## Rollback Steps
diff --git a/.gitlab/issue_templates/Geo Replicate a new Git repository type.md b/.gitlab/issue_templates/Geo Replicate a new Git repository type.md
index bfcf7aca7b5..34e6e70015b 100644
--- a/.gitlab/issue_templates/Geo Replicate a new Git repository type.md
+++ b/.gitlab/issue_templates/Geo Replicate a new Git repository type.md
@@ -48,9 +48,13 @@ Geo secondary sites have a [Geo tracking database](https://gitlab.com/gitlab-org
- [ ] Create the migration file in `ee/db/geo/migrate`:
```shell
- bin/rails generate geo_migration CreateCoolWidgetRegistry
+ bin/rails generate migration CreateCoolWidgetRegistry --database geo
```
+Geo should continue using `Gitlab::Database::Migration[1.0]` until the `gitlab_geo` schema is supported, and is for the time being exempt from being validated by `Gitlab::Database::Migration[2.0]`. This requires a developer to manually amend the migration file to change from `[2.0]` to `[1.0]` due to the migration defaults being 2.0.
+
+For more information, see the [Enable Geo migrations to use Migration[2.0]](https://gitlab.com/gitlab-org/gitlab/-/issues/363491) issue.
+
- [ ] Replace the contents of the migration file with the following. Note that we cannot add a foreign key constraint on `cool_widget_id` because the `cool_widgets` table is in a different database. The application code must handle logic such as propagating deletions.
```ruby
diff --git a/.gitlab/issue_templates/Geo Replicate a new blob type.md b/.gitlab/issue_templates/Geo Replicate a new blob type.md
index ff678666191..e6f96c575d2 100644
--- a/.gitlab/issue_templates/Geo Replicate a new blob type.md
+++ b/.gitlab/issue_templates/Geo Replicate a new blob type.md
@@ -50,9 +50,13 @@ Geo secondary sites have a [Geo tracking database](https://gitlab.com/gitlab-org
- [ ] Create the migration file in `ee/db/geo/migrate`:
```shell
- bin/rails generate geo_migration CreateCoolWidgetRegistry
+ bin/rails generate migration CreateCoolWidgetRegistry --database geo
```
+Geo should continue using `Gitlab::Database::Migration[1.0]` until the `gitlab_geo` schema is supported, and is for the time being exempt from being validated by `Gitlab::Database::Migration[2.0]`. This requires a developer to manually amend the migration file to change from `[2.0]` to `[1.0]` due to the migration defaults being 2.0.
+
+For more information, see the [Enable Geo migrations to use Migration[2.0]](https://gitlab.com/gitlab-org/gitlab/-/issues/363491) issue.
+
- [ ] Replace the contents of the migration file with the following. Note that we cannot add a foreign key constraint on `cool_widget_id` because the `cool_widgets` table is in a different database. The application code must handle logic such as propagating deletions.
```ruby
diff --git a/.gitlab/issue_templates/Performance Indicator Metric.md b/.gitlab/issue_templates/Performance Indicator Metric.md
index f4d8885b119..8019be8cad5 100644
--- a/.gitlab/issue_templates/Performance Indicator Metric.md
+++ b/.gitlab/issue_templates/Performance Indicator Metric.md
@@ -3,7 +3,7 @@ Performance Indicator Metric issues are used for adding, updating, or removing p
Please title your issue with the following format: "{action}(Add|Update|Remove) Metric name as performance indicator"
-Example of title: "Add static_site_editor_views as gmau"
+Example of title: "Add some_feature_views as gmau"
-->
diff --git a/.gitlab/issue_templates/Service Ping reporting and monitoring.md b/.gitlab/issue_templates/Service Ping reporting and monitoring.md
new file mode 100644
index 00000000000..1c0d221318b
--- /dev/null
+++ b/.gitlab/issue_templates/Service Ping reporting and monitoring.md
@@ -0,0 +1,129 @@
+<!-- This issue template is used by https://about.gitlab.com/handbook/engineering/development/growth/product-intelligence/ for tracking effort around Service Ping reporting for GitLab.com -->
+
+The [Product Intelligence group](https://about.gitlab.com/handbook/engineering/development/growth/product-intelligence/) runs manual reporting of ServicePing for GitLab.com on a weekly basis. This issue captures:
+
+- Captures the work required to complete the reporting process,.
+- Captures the follow-up tasks that are focused on metrics performance verification.
+- Identifies any potential issues.
+
+# New metrics to be verified
+
+<!-- Add new metrics that must be verified -->
+
+# Failed metrics
+
+Broken metrics issues are marked with the ~"broken metric" label.
+
+# Use a detached screen session to generate Service Ping for GitLab.com
+
+## Prerequisites
+
+1. Add your SSH key to the local SSH agent: `ssh-add`. Your SSH key is required to connect to a Rails console from the bastion host.
+
+## Triggering
+
+1. Add the SSH key to the local SSH agent: `ssh-add`.
+1. Connect to the bastion with SSH agent forwarding: `ssh -A lb-bastion.gprd.gitlab.com`.
+1. Note which bastion host machine was assigned. For example: `<username>@bastion-01-inf-gprd.c.gitlab-production.internal:~$` shows that you are connected to `bastion-01-inf-gprd.c.gitlab-production.internal`.
+1. Create a named screen: `screen -S $USER-service-ping-$(date +%F)`.
+1. Connect to the console host: `ssh $USER-rails@console-01-sv-gprd.c.gitlab-production.internal`.
+1. Run: `ServicePing::SubmitService.new.execute`.
+1. Press <kbd>Control</kbd>+<kbd>a</kbd> followed by <kbd>Control</kbd>+<kbd>d</kbd> to detach from the screen session.
+1. Exit from the bastion: `exit`.
+
+## Verification (After approximately 30 hours)
+
+1. Reconnect to the bastion: `ssh -A lb-bastion.gprd.gitlab.com`. Make sure that you are connected to the same host machine that ServicePing was started on. For example, to connect directly to the host machine, use `ssh bastion-01-inf-gprd.c.gitlab-production.internal`.
+1. Find your screen session: `screen -ls`.
+1. Attach to your screen session: `screen -x 14226.mwawrzyniak_service_ping_2021_01_22`.
+1. Check the last payload in the `raw_usage_data` table: `RawUsageData.last.payload`.
+1. Check the when the payload was sent: `RawUsageData.last.sent_at`.
+
+## Stop the Service Ping process
+
+Use either of these processes:
+
+1. Reconnect to the bastion host machine. For example, use: `ssh bastion-01-inf-gprd.c.gitlab-production.internal`.
+1. Find your screen session: `$ screen -ls`.
+1. Attach to your screen session: `$ sudo -u <username> screen -r`.
+1. Press <kbd>Control</kbd>+<kbd>c</kbd> to stop the Service Ping process.
+
+OR
+
+1. Reconnect to the bastion host machine. For example, type: `ssh bastion-01-inf-gprd.c.gitlab-production.internal`.
+1. List all process started by your username: `ps faux | grep <username>`.
+1. Locate the username that owns ServicePing reporting.
+1. Send the kill signal for the ServicePing PID: `kill -9 <service_ping_pid>`.
+
+## Service Ping process triggering (through a long-running SSH session)
+
+1. Connect to the `gprd` Rails console.
+1. Run `SubmitUsagePingService.new.execute`. This process requires more than 30 hours to complete.
+1. Find the last payload in the `raw_usage_data` table: `RawUsageData.last.payload`.
+1. Check the when the payload was sent: `RawUsageData.last.sent_at`.
+
+```plaintext
+ServicePing::SubmitService.new.execute
+
+# Get the payload
+RawUsageData.last.payload
+
+# Time when payload was sent to VersionsAppp
+RawUsageData.last.sent_at
+```
+
+# Verify Service Ping in VersionsApp
+
+To verify that the ServicePing was received in the VersionsApp do the following steps:
+
+1. Go to the VersionsApp console and locate: `RawUsageData.find(uuid: '')`.
+1. Check the object. Either:
+ - Go to the Rails console and check the related `RawUsageData` object.
+ - Go to the VersionsApp UI <https://version.gitlab.com/usage_data/usage_data_id>.
+
+```ruby
+/bin/herokuish procfile exec rails console
+
+puts UsageData.select(:recorded_at, :app_server_type).where(hostname: 'gitlab.com', uuid: 'ea8bf810-1d6f-4a6a-b4fd-93e8cbd8b57f').order('id desc').limit(5).to_json
+
+puts UsageData.find(21635202).raw_usage_data.payload.to_json
+```
+
+# Monitoring events tracked using Redis HLL
+
+Trigger some events from the User Interface.
+
+```ruby
+Gitlab::UsageDataCounters::HLLRedisCounter.unique_events(event_names: 'event_name', start_date: 28.days.ago, end_date: Date.current)
+```
+
+# Troubleshooting
+
+## Connecting to a Rails console host fails with `Permission denied (publickey).`.
+
+Make sure you add the SSH key to the local SSH agent with: `ssh-add`. If you don't add your SSH key, your key won't be forwarded
+when you run `ssh -A`, and you will not be able to connect to a Rails console host.
+
+# What to do if you get mentioned
+
+In this issue, we keep the track of new metrics added to the Service Ping, and the metrics that are timing out.
+
+If you get mentioned, check the failing metric and open an optimization issue.
+
+# Service Ping manual generation for GitLab.com schedule
+
+| Generation start date | GitLab developer handle | Link to comment with payload |
+| --------------------- | ----------------------- | ---------------------------- |
+| 2022-04-18 | | |
+| 2022-04-25 | | |
+| 2022-05-02 | | |
+| 2022-05-09 | | |
+| 2022-05-16 | | |
+
+<!-- Do not edit below this line -->
+
+/confidential
+/label ~"group::product intelligence" ~"devops::growth" ~backend ~"section::growth" ~"Category:Service Ping"
+/epic https://gitlab.com/groups/gitlab-org/-/epics/6000
+/weight 5
+/title Monitor and Generate GitLab.com Service Ping