diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-06-20 11:10:13 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-06-20 11:10:13 +0000 |
commit | 0ea3fcec397b69815975647f5e2aa5fe944a8486 (patch) | |
tree | 7979381b89d26011bcf9bdc989a40fcc2f1ed4ff /.gitlab | |
parent | 72123183a20411a36d607d70b12d57c484394c8e (diff) | |
download | gitlab-ce-0ea3fcec397b69815975647f5e2aa5fe944a8486.tar.gz |
Add latest changes from gitlab-org/gitlab@15-1-stable-eev15.1.0-rc42
Diffstat (limited to '.gitlab')
23 files changed, 437 insertions, 257 deletions
diff --git a/.gitlab/CODEOWNERS b/.gitlab/CODEOWNERS index 8b64c81f0f7..64955d67e34 100644 --- a/.gitlab/CODEOWNERS +++ b/.gitlab/CODEOWNERS @@ -137,7 +137,7 @@ Dangerfile @gl-quality/eng-prod /app/assets/javascripts/notes @viktomas @jboyson @iamphill @thomasrandolph /app/assets/javascripts/merge_conflicts @viktomas @jboyson @iamphill @thomasrandolph /app/assets/javascripts/mr_notes @viktomas @jboyson @iamphill @thomasrandolph -/app/assets/javascripts/mr_popover @viktomas @jboyson @iamphill @thomasrandolph +/app/assets/javascripts/issuable/popover @viktomas @jboyson @iamphill @thomasrandolph /app/assets/javascripts/vue_merge_request_widget @viktomas @jboyson @iamphill @thomasrandolph /app/assets/javascripts/merge_request.js @viktomas @jboyson @iamphill @thomasrandolph /app/assets/javascripts/merge_request_tabs.js @viktomas @jboyson @iamphill @thomasrandolph @@ -175,8 +175,21 @@ Dangerfile @gl-quality/eng-prod ^[Workhorse] /workhorse/ @jacobvosmaer-gitlab @nick.thomas @nolith @patrickbajao -^[Application Security] +[Application Security] +/app/assets/javascripts/lib/dompurify.js @gitlab-com/gl-security/appsec +/app/assets/javascripts/gfm_auto_complete.js @gitlab-com/gl-security/appsec +/ee/app/assets/javascripts/gfm_auto_complete.js @gitlab-com/gl-security/appsec +/app/validators/addressable_url_validator.rb @gitlab-com/gl-security/appsec +/app/validators/public_url_validator.rb @gitlab-com/gl-security/appsec +/config/initializers/content_security_policy.rb @gitlab-com/gl-security/appsec /lib/gitlab/content_security_policy/ @gitlab-com/gl-security/appsec +/lib/gitlab/http.rb @gitlab-com/gl-security/appsec +/lib/gitlab/http_connection_adapter.rb @gitlab-com/gl-security/appsec +/lib/gitlab/sanitizers @gitlab-com/gl-security/appsec +/lib/gitlab/untrusted_regexp.rb @gitlab-com/gl-security/appsec +/lib/gitlab/url_blocker.rb @gitlab-com/gl-security/appsec +/lib/gitlab/url_blockers/ @gitlab-com/gl-security/appsec +/lib/gitlab/utils.rb @gitlab-com/gl-security/appsec ^[Gitaly] lib/gitlab/git_access.rb @proglottis @toon @zj-gitlab @@ -218,7 +231,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/administration/index.md @axil /doc/administration/instance_limits.md @axil /doc/administration/instance_review.md @kpaizee -/doc/administration/integration/kroki.md @kpaizee +/doc/administration/integration/kroki.md @msedlakjakubowski /doc/administration/integration/mailgun.md @kpaizee /doc/administration/integration/plantuml.md @aqualls /doc/administration/integration/terminal.md @kpaizee @@ -559,7 +572,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/development/new_fe_guide/tips.md @sselhorn /doc/development/omnibus.md @axil /doc/development/ordering_table_columns.md @aqualls -/doc/development/packages.md @claytoncornell +/doc/development/packages/ @claytoncornell /doc/development/permissions.md @eread /doc/development/policies.md @eread /doc/development/product_qualified_lead_guide/index.md @kpaizee @@ -591,6 +604,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/gitlab-basics/ @aqualls /doc/install/ @axil /doc/integration/ @kpaizee +/doc/integration/advanced_search/ @sselhorn /doc/integration/elasticsearch.md @sselhorn /doc/integration/gitpod.md @aqualls /doc/integration/kerberos.md @eread @@ -619,6 +633,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/topics/offline/index.md @axil /doc/topics/offline/quick_start_guide.md @axil /doc/topics/plan_and_track.md @msedlakjakubowski +/doc/tutorials/ @kpaizee /doc/update/ @axil /doc/update/mysql_to_postgresql.md @aqualls /doc/update/upgrading_postgresql_using_slony.md @aqualls @@ -770,7 +785,6 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/user/project/settings/import_export.md @eread /doc/user/project/settings/index.md @fneill /doc/user/project/settings/project_access_tokens.md @eread -/doc/user/project/static_site_editor/index.md @aqualls /doc/user/project/time_tracking.md @msedlakjakubowski /doc/user/project/web_ide/index.md @aqualls /doc/user/project/wiki/group.md @aqualls @@ -780,7 +794,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/user/reserved_names.md @fneill /doc/user/search/advanced_search.md @sselhorn /doc/user/search/global_search/advanced_search_syntax.md @sselhorn -/doc/user/search/index.md @aqualls +/doc/user/search/index.md @sselhorn /doc/user/shortcuts.md @aqualls /doc/user/snippets.md @aqualls /doc/user/ssh.md @eread @@ -790,35 +804,34 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/user/workspace/index.md @fneill [Authentication and Authorization] -/app/assets/javascripts/access_tokens @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/access_tokens/ @gitlab-org/manage/authentication-and-authorization /app/assets/javascripts/alerts_settings/graphql/mutations/reset_http_token.mutation.graphql @gitlab-org/manage/authentication-and-authorization -/app/assets/javascripts/authentication @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/authentication/ @gitlab-org/manage/authentication-and-authorization /app/assets/javascripts/ide/components/shared/tokened_input.vue @gitlab-org/manage/authentication-and-authorization /app/assets/javascripts/invite_members/components/members_token_select.vue @gitlab-org/manage/authentication-and-authorization -/app/assets/javascripts/logs/components/tokens @gitlab-org/manage/authentication-and-authorization -/app/assets/javascripts/packages_and_registries/package_registry/components/list/tokens @gitlab-org/manage/authentication-and-authorization -/app/assets/javascripts/pages/admin/impersonation_tokens @gitlab-org/manage/authentication-and-authorization -/app/assets/javascripts/pages/groups/settings/access_tokens @gitlab-org/manage/authentication-and-authorization -/app/assets/javascripts/pages/ldap @gitlab-org/manage/authentication-and-authorization -/app/assets/javascripts/pages/oauth @gitlab-org/manage/authentication-and-authorization -/app/assets/javascripts/pages/omniauth_callbacks @gitlab-org/manage/authentication-and-authorization -/app/assets/javascripts/pages/profiles/password_prompt @gitlab-org/manage/authentication-and-authorization -/app/assets/javascripts/pages/profiles/personal_access_tokens @gitlab-org/manage/authentication-and-authorization -/app/assets/javascripts/pages/profiles/two_factor_auths @gitlab-org/manage/authentication-and-authorization -/app/assets/javascripts/pages/projects/settings/access_tokens @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/logs/components/tokens/ @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/packages_and_registries/package_registry/components/list/tokens/ @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/pages/admin/impersonation_tokens/ @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/pages/groups/settings/access_tokens/ @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/pages/ldap/ @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/pages/oauth/ @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/pages/omniauth_callbacks/ @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/pages/profiles/password_prompt/ @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/pages/profiles/personal_access_tokens/ @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/pages/profiles/two_factor_auths/ @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/pages/projects/settings/access_tokens/ @gitlab-org/manage/authentication-and-authorization /app/assets/javascripts/pages/sessions/new/oauth_remember_me.js @gitlab-org/manage/authentication-and-authorization /app/assets/javascripts/pipelines/components/pipelines_list/tokens/constants.js @gitlab-org/manage/authentication-and-authorization /app/assets/javascripts/pipelines/components/pipelines_list/tokens/pipeline_branch_name_token.vue @gitlab-org/manage/authentication-and-authorization /app/assets/javascripts/pipelines/components/pipelines_list/tokens/pipeline_source_token.vue @gitlab-org/manage/authentication-and-authorization /app/assets/javascripts/pipelines/components/pipelines_list/tokens/pipeline_status_token.vue @gitlab-org/manage/authentication-and-authorization /app/assets/javascripts/pipelines/components/pipelines_list/tokens/pipeline_tag_name_token.vue @gitlab-org/manage/authentication-and-authorization -/app/assets/javascripts/projects/settings/topics/components @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/projects/settings/topics/components/ @gitlab-org/manage/authentication-and-authorization /app/assets/javascripts/related_issues/components/issue_token.vue @gitlab-org/manage/authentication-and-authorization /app/assets/javascripts/runner/components/registration/registration_token.vue @gitlab-org/manage/authentication-and-authorization /app/assets/javascripts/runner/components/registration/registration_token_reset_dropdown_item.vue @gitlab-org/manage/authentication-and-authorization -/app/assets/javascripts/runner/components/search_tokens @gitlab-org/manage/authentication-and-authorization -/app/assets/javascripts/static_site_editor/rich_content_editor/services/renderers/build_uneditable_token.js @gitlab-org/manage/authentication-and-authorization -/app/assets/javascripts/token_access/components @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/runner/components/search_tokens/ @gitlab-org/manage/authentication-and-authorization +/app/assets/javascripts/token_access/components/ @gitlab-org/manage/authentication-and-authorization /app/assets/javascripts/token_access/index.js @gitlab-org/manage/authentication-and-authorization /app/assets/stylesheets/page_bundles/profile_two_factor_auth.scss @gitlab-org/manage/authentication-and-authorization /app/controllers/admin/impersonation_tokens_controller.rb @gitlab-org/manage/authentication-and-authorization @@ -833,8 +846,8 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /app/controllers/concerns/snippet_authorizations.rb @gitlab-org/manage/authentication-and-authorization /app/controllers/concerns/workhorse_authorization.rb @gitlab-org/manage/authentication-and-authorization /app/controllers/groups/settings/access_tokens_controller.rb @gitlab-org/manage/authentication-and-authorization -/app/controllers/ldap @gitlab-org/manage/authentication-and-authorization -/app/controllers/oauth @gitlab-org/manage/authentication-and-authorization +/app/controllers/ldap/ @gitlab-org/manage/authentication-and-authorization +/app/controllers/oauth/ @gitlab-org/manage/authentication-and-authorization /app/controllers/omniauth_callbacks_controller.rb @gitlab-org/manage/authentication-and-authorization /app/controllers/passwords_controller.rb @gitlab-org/manage/authentication-and-authorization /app/controllers/profiles/passwords_controller.rb @gitlab-org/manage/authentication-and-authorization @@ -842,7 +855,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /app/controllers/profiles/two_factor_auths_controller.rb @gitlab-org/manage/authentication-and-authorization /app/controllers/profiles/webauthn_registrations_controller.rb @gitlab-org/manage/authentication-and-authorization /app/controllers/projects/settings/access_tokens_controller.rb @gitlab-org/manage/authentication-and-authorization -/app/finders/groups/projects_requiring_authorizations_refresh @gitlab-org/manage/authentication-and-authorization +/app/finders/groups/projects_requiring_authorizations_refresh/ @gitlab-org/manage/authentication-and-authorization /app/finders/personal_access_tokens_finder.rb @gitlab-org/manage/authentication-and-authorization /app/helpers/access_tokens_helper.rb @gitlab-org/manage/authentication-and-authorization /app/helpers/auth_helper.rb @gitlab-org/manage/authentication-and-authorization @@ -851,7 +864,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /app/models/concerns/mirror_authentication.rb @gitlab-org/manage/authentication-and-authorization /app/models/concerns/select_for_project_authorization.rb @gitlab-org/manage/authentication-and-authorization /app/models/concerns/token_authenticatable.rb @gitlab-org/manage/authentication-and-authorization -/app/models/concerns/token_authenticatable_strategies @gitlab-org/manage/authentication-and-authorization +/app/models/concerns/token_authenticatable_strategies/ @gitlab-org/manage/authentication-and-authorization /app/models/oauth_access_grant.rb @gitlab-org/manage/authentication-and-authorization /app/models/oauth_access_token.rb @gitlab-org/manage/authentication-and-authorization /app/models/personal_access_token.rb @gitlab-org/manage/authentication-and-authorization @@ -860,22 +873,22 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /app/models/webauthn_registration.rb @gitlab-org/manage/authentication-and-authorization /app/policies/personal_access_token_policy.rb @gitlab-org/manage/authentication-and-authorization /app/services/access_token_validation_service.rb @gitlab-org/manage/authentication-and-authorization -/app/services/auth @gitlab-org/manage/authentication-and-authorization -/app/services/authorized_project_update @gitlab-org/manage/authentication-and-authorization +/app/services/auth/ @gitlab-org/manage/authentication-and-authorization +/app/services/authorized_project_update/ @gitlab-org/manage/authentication-and-authorization /app/services/chat_names/authorize_user_service.rb @gitlab-org/manage/authentication-and-authorization -/app/services/personal_access_tokens @gitlab-org/manage/authentication-and-authorization +/app/services/personal_access_tokens/ @gitlab-org/manage/authentication-and-authorization /app/services/projects/move_project_authorizations_service.rb @gitlab-org/manage/authentication-and-authorization -/app/services/resource_access_tokens @gitlab-org/manage/authentication-and-authorization +/app/services/resource_access_tokens/ @gitlab-org/manage/authentication-and-authorization /app/services/todos/destroy/unauthorized_features_service.rb @gitlab-org/manage/authentication-and-authorization /app/services/users/authorized_build_service.rb @gitlab-org/manage/authentication-and-authorization /app/services/users/authorized_create_service.rb @gitlab-org/manage/authentication-and-authorization /app/services/users/refresh_authorized_projects_service.rb @gitlab-org/manage/authentication-and-authorization -/app/services/webauthn @gitlab-org/manage/authentication-and-authorization +/app/services/webauthn/ @gitlab-org/manage/authentication-and-authorization /app/validators/json_schemas/cluster_agent_authorization_configuration.json @gitlab-org/manage/authentication-and-authorization /app/views/admin/application_settings/_external_authorization_service_form.html.haml @gitlab-org/manage/authentication-and-authorization -/app/views/admin/impersonation_tokens @gitlab-org/manage/authentication-and-authorization -/app/views/authentication @gitlab-org/manage/authentication-and-authorization -/app/views/ci/token_access @gitlab-org/manage/authentication-and-authorization +/app/views/admin/impersonation_tokens/ @gitlab-org/manage/authentication-and-authorization +/app/views/authentication/ @gitlab-org/manage/authentication-and-authorization +/app/views/ci/token_access/ @gitlab-org/manage/authentication-and-authorization /app/views/dashboard/projects/_zero_authorized_projects.html.haml @gitlab-org/manage/authentication-and-authorization /app/views/devise/mailer/password_change.html.haml @gitlab-org/manage/authentication-and-authorization /app/views/devise/mailer/password_change.text.erb @gitlab-org/manage/authentication-and-authorization @@ -883,17 +896,17 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /app/views/devise/mailer/password_change_by_admin.text.erb @gitlab-org/manage/authentication-and-authorization /app/views/devise/mailer/reset_password_instructions.html.haml @gitlab-org/manage/authentication-and-authorization /app/views/devise/mailer/reset_password_instructions.text.erb @gitlab-org/manage/authentication-and-authorization -/app/views/devise/passwords @gitlab-org/manage/authentication-and-authorization +/app/views/devise/passwords/ @gitlab-org/manage/authentication-and-authorization /app/views/devise/shared/_omniauth_box.html.haml @gitlab-org/manage/authentication-and-authorization /app/views/devise/shared/_signup_omniauth_provider_list.haml @gitlab-org/manage/authentication-and-authorization /app/views/devise/shared/_signup_omniauth_providers.haml @gitlab-org/manage/authentication-and-authorization /app/views/devise/shared/_signup_omniauth_providers_top.haml @gitlab-org/manage/authentication-and-authorization -/app/views/doorkeeper/authorizations @gitlab-org/manage/authentication-and-authorization -/app/views/doorkeeper/authorized_applications @gitlab-org/manage/authentication-and-authorization +/app/views/doorkeeper/authorizations/ @gitlab-org/manage/authentication-and-authorization +/app/views/doorkeeper/authorized_applications/ @gitlab-org/manage/authentication-and-authorization /app/views/errors/omniauth_error.html.haml @gitlab-org/manage/authentication-and-authorization /app/views/groups/settings/_resource_access_token_creation.html.haml @gitlab-org/manage/authentication-and-authorization /app/views/groups/settings/_two_factor_auth.html.haml @gitlab-org/manage/authentication-and-authorization -/app/views/groups/settings/access_tokens @gitlab-org/manage/authentication-and-authorization +/app/views/groups/settings/access_tokens/ @gitlab-org/manage/authentication-and-authorization /app/views/layouts/oauth_error.html.haml @gitlab-org/manage/authentication-and-authorization /app/views/notify/access_token_about_to_expire_email.html.haml @gitlab-org/manage/authentication-and-authorization /app/views/notify/access_token_about_to_expire_email.text.erb @gitlab-org/manage/authentication-and-authorization @@ -901,20 +914,20 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /app/views/notify/access_token_created_email.text.erb @gitlab-org/manage/authentication-and-authorization /app/views/notify/access_token_expired_email.html.haml @gitlab-org/manage/authentication-and-authorization /app/views/notify/access_token_expired_email.text.erb @gitlab-org/manage/authentication-and-authorization -/app/views/profiles/passwords @gitlab-org/manage/authentication-and-authorization -/app/views/profiles/personal_access_tokens @gitlab-org/manage/authentication-and-authorization -/app/views/profiles/two_factor_auths @gitlab-org/manage/authentication-and-authorization +/app/views/profiles/passwords/ @gitlab-org/manage/authentication-and-authorization +/app/views/profiles/personal_access_tokens/ @gitlab-org/manage/authentication-and-authorization +/app/views/profiles/two_factor_auths/ @gitlab-org/manage/authentication-and-authorization /app/views/projects/mirrors/_authentication_method.html.haml @gitlab-org/manage/authentication-and-authorization -/app/views/projects/settings/access_tokens @gitlab-org/manage/authentication-and-authorization +/app/views/projects/settings/access_tokens/ @gitlab-org/manage/authentication-and-authorization /app/views/shared/_no_password.html.haml @gitlab-org/manage/authentication-and-authorization /app/views/shared/_two_factor_auth_recovery_settings_check.html.haml @gitlab-org/manage/authentication-and-authorization -/app/views/shared/access_tokens @gitlab-org/manage/authentication-and-authorization +/app/views/shared/access_tokens/ @gitlab-org/manage/authentication-and-authorization /app/views/shared/members/_two_factor_auth_badge.html.haml @gitlab-org/manage/authentication-and-authorization -/app/views/shared/tokens @gitlab-org/manage/authentication-and-authorization +/app/views/shared/tokens/ @gitlab-org/manage/authentication-and-authorization /app/workers/authorized_keys_worker.rb @gitlab-org/manage/authentication-and-authorization -/app/workers/authorized_project_update @gitlab-org/manage/authentication-and-authorization +/app/workers/authorized_project_update/ @gitlab-org/manage/authentication-and-authorization /app/workers/authorized_projects_worker.rb @gitlab-org/manage/authentication-and-authorization -/app/workers/personal_access_tokens @gitlab-org/manage/authentication-and-authorization +/app/workers/personal_access_tokens/ @gitlab-org/manage/authentication-and-authorization /config/feature_flags/development/application_settings_tokens_optional_encryption.yml @gitlab-org/manage/authentication-and-authorization /config/feature_flags/development/enforce_auth_checks_on_uploads.yml @gitlab-org/manage/authentication-and-authorization /config/feature_flags/development/forti_authenticator.yml @gitlab-org/manage/authentication-and-authorization @@ -924,6 +937,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /config/feature_flags/development/omniauth_login_minimal_scopes.yml @gitlab-org/manage/authentication-and-authorization /config/feature_flags/development/personal_access_tokens_scoped_to_projects.yml @gitlab-org/manage/authentication-and-authorization /config/feature_flags/development/projects_tokens_optional_encryption.yml @gitlab-org/manage/authentication-and-authorization +/config/feature_flags/development/refresh_authorizations_via_affected_projects_on_group_membership.yml @gitlab-org/manage/authentication-and-authorization /config/feature_flags/development/specialized_worker_for_group_lock_update_auth_recalculation.yml @gitlab-org/manage/authentication-and-authorization /config/feature_flags/development/webauthn.yml @gitlab-org/manage/authentication-and-authorization /config/feature_flags/ops/block_password_auth_for_saml_users.yml @gitlab-org/manage/authentication-and-authorization @@ -937,27 +951,27 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /config/initializers/webauthn.rb @gitlab-org/manage/authentication-and-authorization /config/initializers_before_autoloader/100_patch_omniauth_oauth2.rb @gitlab-org/manage/authentication-and-authorization /config/initializers_before_autoloader/100_patch_omniauth_saml.rb @gitlab-org/manage/authentication-and-authorization -/ee/app/assets/javascripts/access_tokens @gitlab-org/manage/authentication-and-authorization -/ee/app/assets/javascripts/audit_events/components/tokens @gitlab-org/manage/authentication-and-authorization +/ee/app/assets/javascripts/access_tokens/ @gitlab-org/manage/authentication-and-authorization +/ee/app/assets/javascripts/audit_events/components/tokens/ @gitlab-org/manage/authentication-and-authorization /ee/app/assets/javascripts/audit_events/token_utils.js @gitlab-org/manage/authentication-and-authorization -/ee/app/assets/javascripts/groups/settings/components @gitlab-org/manage/authentication-and-authorization -/ee/app/assets/javascripts/pages/groups/omniauth_callbacks @gitlab-org/manage/authentication-and-authorization -/ee/app/assets/javascripts/pipelines/components/pipelines_list @gitlab-org/manage/authentication-and-authorization -/ee/app/assets/javascripts/requirements/components/tokens @gitlab-org/manage/authentication-and-authorization +/ee/app/assets/javascripts/groups/settings/components/ @gitlab-org/manage/authentication-and-authorization +/ee/app/assets/javascripts/pages/groups/omniauth_callbacks/ @gitlab-org/manage/authentication-and-authorization +/ee/app/assets/javascripts/pipelines/components/pipelines_list/ @gitlab-org/manage/authentication-and-authorization +/ee/app/assets/javascripts/requirements/components/tokens/ @gitlab-org/manage/authentication-and-authorization /ee/app/assets/javascripts/saml_providers/scim_token_service.js @gitlab-org/manage/authentication-and-authorization -/ee/app/assets/javascripts/saml_sso/components @gitlab-org/manage/authentication-and-authorization +/ee/app/assets/javascripts/saml_sso/components/ @gitlab-org/manage/authentication-and-authorization /ee/app/assets/javascripts/vue_merge_request_widget/components/approvals/approvals_auth.vue @gitlab-org/manage/authentication-and-authorization /ee/app/controllers/concerns/ee/authenticates_with_two_factor.rb @gitlab-org/manage/authentication-and-authorization /ee/app/controllers/concerns/ee/enforces_two_factor_authentication.rb @gitlab-org/manage/authentication-and-authorization /ee/app/controllers/concerns/saml_authorization.rb @gitlab-org/manage/authentication-and-authorization -/ee/app/controllers/ee/ldap @gitlab-org/manage/authentication-and-authorization +/ee/app/controllers/ee/ldap/ @gitlab-org/manage/authentication-and-authorization /ee/app/controllers/ee/omniauth_callbacks_controller.rb @gitlab-org/manage/authentication-and-authorization /ee/app/controllers/ee/passwords_controller.rb @gitlab-org/manage/authentication-and-authorization /ee/app/controllers/groups/omniauth_callbacks_controller.rb @gitlab-org/manage/authentication-and-authorization /ee/app/controllers/groups/scim_oauth_controller.rb @gitlab-org/manage/authentication-and-authorization -/ee/app/controllers/oauth @gitlab-org/manage/authentication-and-authorization +/ee/app/controllers/oauth/ @gitlab-org/manage/authentication-and-authorization /ee/app/controllers/omniauth_kerberos_spnego_controller.rb @gitlab-org/manage/authentication-and-authorization -/ee/app/finders/auth @gitlab-org/manage/authentication-and-authorization +/ee/app/finders/auth/ @gitlab-org/manage/authentication-and-authorization /ee/app/helpers/ee/access_tokens_helper.rb @gitlab-org/manage/authentication-and-authorization /ee/app/helpers/ee/auth_helper.rb @gitlab-org/manage/authentication-and-authorization /ee/app/helpers/ee/personal_access_tokens_helper.rb @gitlab-org/manage/authentication-and-authorization @@ -965,10 +979,10 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /ee/app/models/ee/project_authorization.rb @gitlab-org/manage/authentication-and-authorization /ee/app/models/scim_oauth_access_token.rb @gitlab-org/manage/authentication-and-authorization /ee/app/serializers/scim_oauth_access_token_entity.rb @gitlab-org/manage/authentication-and-authorization -/ee/app/services/ee/auth @gitlab-org/manage/authentication-and-authorization -/ee/app/services/ee/personal_access_tokens @gitlab-org/manage/authentication-and-authorization -/ee/app/services/ee/resource_access_tokens @gitlab-org/manage/authentication-and-authorization -/ee/app/services/personal_access_tokens @gitlab-org/manage/authentication-and-authorization +/ee/app/services/ee/auth/ @gitlab-org/manage/authentication-and-authorization +/ee/app/services/ee/personal_access_tokens/ @gitlab-org/manage/authentication-and-authorization +/ee/app/services/ee/resource_access_tokens/ @gitlab-org/manage/authentication-and-authorization +/ee/app/services/personal_access_tokens/ @gitlab-org/manage/authentication-and-authorization /ee/app/services/security/token_revocation_service.rb @gitlab-org/manage/authentication-and-authorization /ee/app/views/admin/application_settings/_personal_access_token_expiration_policy.html.haml @gitlab-org/manage/authentication-and-authorization /ee/app/views/credentials_inventory_mailer/personal_access_token_revoked_email.html.haml @gitlab-org/manage/authentication-and-authorization @@ -977,22 +991,21 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /ee/app/views/groups/sso/_authorize_pane.html.haml @gitlab-org/manage/authentication-and-authorization /ee/app/views/notify/policy_revoked_personal_access_tokens_email.html.haml @gitlab-org/manage/authentication-and-authorization /ee/app/views/notify/policy_revoked_personal_access_tokens_email.text.erb @gitlab-org/manage/authentication-and-authorization -/ee/app/views/oauth @gitlab-org/manage/authentication-and-authorization +/ee/app/views/oauth/ @gitlab-org/manage/authentication-and-authorization /ee/app/views/shared/credentials_inventory/_personal_access_tokens.html.haml @gitlab-org/manage/authentication-and-authorization /ee/app/views/shared/credentials_inventory/_project_access_tokens.html.haml @gitlab-org/manage/authentication-and-authorization -/ee/app/views/shared/credentials_inventory/personal_access_tokens @gitlab-org/manage/authentication-and-authorization -/ee/app/views/shared/credentials_inventory/project_access_tokens @gitlab-org/manage/authentication-and-authorization -/ee/app/workers/personal_access_tokens @gitlab-org/manage/authentication-and-authorization +/ee/app/views/shared/credentials_inventory/personal_access_tokens/ @gitlab-org/manage/authentication-and-authorization +/ee/app/views/shared/credentials_inventory/project_access_tokens/ @gitlab-org/manage/authentication-and-authorization +/ee/app/workers/personal_access_tokens/ @gitlab-org/manage/authentication-and-authorization /ee/config/routes/oauth.rb @gitlab-org/manage/authentication-and-authorization -/ee/lib/ee/gitlab/auth @gitlab-org/manage/authentication-and-authorization -/ee/lib/ee/gitlab/auth.rb @gitlab-org/manage/authentication-and-authorization +/ee/lib/ee/gitlab/auth/ @gitlab-org/manage/authentication-and-authorization /ee/lib/ee/gitlab/omniauth_initializer.rb @gitlab-org/manage/authentication-and-authorization -/ee/lib/gitlab/auth @gitlab-org/manage/authentication-and-authorization +/ee/lib/gitlab/auth/ @gitlab-org/manage/authentication-and-authorization /ee/lib/gitlab/auth_logger.rb @gitlab-org/manage/authentication-and-authorization /ee/lib/gitlab/authority_analyzer.rb @gitlab-org/manage/authentication-and-authorization -/ee/lib/gitlab/geo/oauth @gitlab-org/manage/authentication-and-authorization -/ee/lib/gitlab/kerberos @gitlab-org/manage/authentication-and-authorization -/ee/lib/omni_auth @gitlab-org/manage/authentication-and-authorization +/ee/lib/gitlab/geo/oauth/ @gitlab-org/manage/authentication-and-authorization +/ee/lib/gitlab/kerberos/ @gitlab-org/manage/authentication-and-authorization +/ee/lib/omni_auth/ @gitlab-org/manage/authentication-and-authorization /ee/lib/system_check/geo/authorized_keys_check.rb @gitlab-org/manage/authentication-and-authorization /ee/lib/system_check/geo/authorized_keys_flag_check.rb @gitlab-org/manage/authentication-and-authorization /lib/api/entities/ci/reset_token_result.rb @gitlab-org/manage/authentication-and-authorization @@ -1007,27 +1020,28 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /lib/api/personal_access_tokens.rb @gitlab-org/manage/authentication-and-authorization /lib/api/resource_access_tokens.rb @gitlab-org/manage/authentication-and-authorization /lib/api/support/token_with_expiration.rb @gitlab-org/manage/authentication-and-authorization -/lib/gitlab/api_authentication @gitlab-org/manage/authentication-and-authorization -/lib/gitlab/auth @gitlab-org/manage/authentication-and-authorization +/lib/gitlab/api_authentication/ @gitlab-org/manage/authentication-and-authorization +/lib/gitlab/auth/ @gitlab-org/manage/authentication-and-authorization /lib/gitlab/auth.rb @gitlab-org/manage/authentication-and-authorization /lib/gitlab/auth_logger.rb @gitlab-org/manage/authentication-and-authorization /lib/gitlab/authorized_keys.rb @gitlab-org/manage/authentication-and-authorization /lib/gitlab/background_migration/encrypt_static_object_token.rb @gitlab-org/manage/authentication-and-authorization +/lib/gitlab/background_migration/expire_o_auth_tokens.rb @gitlab-org/manage/authentication-and-authorization /lib/gitlab/background_migration/migrate_u2f_webauthn.rb @gitlab-org/manage/authentication-and-authorization /lib/gitlab/background_migration/update_users_where_two_factor_auth_required_from_group.rb @gitlab-org/manage/authentication-and-authorization /lib/gitlab/chat_name_token.rb @gitlab-org/manage/authentication-and-authorization /lib/gitlab/ci/pipeline/expression/token.rb @gitlab-org/manage/authentication-and-authorization -/lib/gitlab/external_authorization @gitlab-org/manage/authentication-and-authorization +/lib/gitlab/external_authorization/ @gitlab-org/manage/authentication-and-authorization /lib/gitlab/external_authorization.rb @gitlab-org/manage/authentication-and-authorization -/lib/gitlab/graphql/authorize @gitlab-org/manage/authentication-and-authorization +/lib/gitlab/graphql/authorize/ @gitlab-org/manage/authentication-and-authorization /lib/gitlab/jwt_authenticatable.rb @gitlab-org/manage/authentication-and-authorization /lib/gitlab/jwt_token.rb @gitlab-org/manage/authentication-and-authorization /lib/gitlab/lfs_token.rb @gitlab-org/manage/authentication-and-authorization -/lib/gitlab/mail_room @gitlab-org/manage/authentication-and-authorization +/lib/gitlab/mail_room/ @gitlab-org/manage/authentication-and-authorization /lib/gitlab/omniauth_initializer.rb @gitlab-org/manage/authentication-and-authorization /lib/gitlab/project_authorizations.rb @gitlab-org/manage/authentication-and-authorization -/lib/json_web_token @gitlab-org/manage/authentication-and-authorization -/lib/omni_auth @gitlab-org/manage/authentication-and-authorization +/lib/json_web_token/ @gitlab-org/manage/authentication-and-authorization +/lib/omni_auth/ @gitlab-org/manage/authentication-and-authorization /lib/system_check/app/authorized_keys_permission_check.rb @gitlab-org/manage/authentication-and-authorization /lib/system_check/incoming_email/imap_authentication_check.rb @gitlab-org/manage/authentication-and-authorization /lib/tasks/gitlab/password.rake @gitlab-org/manage/authentication-and-authorization diff --git a/.gitlab/ci/build-images.gitlab-ci.yml b/.gitlab/ci/build-images.gitlab-ci.yml index 6a222d8937f..46d0bb2fb8f 100644 --- a/.gitlab/ci/build-images.gitlab-ci.yml +++ b/.gitlab/ci/build-images.gitlab-ci.yml @@ -29,7 +29,15 @@ build-qa-image: - !reference [.base-image-build, script] - echo $QA_IMAGE - echo $QA_IMAGE_BRANCH - - /kaniko/executor --context=${CI_PROJECT_DIR} --dockerfile=${CI_PROJECT_DIR}/qa/Dockerfile --destination=${QA_IMAGE} --destination=${QA_IMAGE_BRANCH} --cache=true + - | + /kaniko/executor \ + --context=${CI_PROJECT_DIR} \ + --dockerfile=${CI_PROJECT_DIR}/qa/Dockerfile \ + --destination=${QA_IMAGE} \ + --destination=${QA_IMAGE_BRANCH} \ + --build-arg=CHROME_VERSION=${CHROME_VERSION} \ + --build-arg=DOCKER_VERSION=${DOCKER_VERSION} \ + --cache=true # This image is used by: # - The `CNG` pipelines (via the `review-build-cng` job): https://gitlab.com/gitlab-org/build/CNG/-/blob/cfc67136d711e1c8c409bf8e57427a644393da2f/.gitlab-ci.yml#L335 diff --git a/.gitlab/ci/docs.gitlab-ci.yml b/.gitlab/ci/docs.gitlab-ci.yml index 217da6506bf..3af156e9bd0 100644 --- a/.gitlab/ci/docs.gitlab-ci.yml +++ b/.gitlab/ci/docs.gitlab-ci.yml @@ -2,7 +2,7 @@ extends: - .default-retry - .docs:rules:review-docs - image: ${GITLAB_DEPENDENCY_PROXY}ruby:2.7-alpine + image: ${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION}-alpine stage: review needs: [] variables: @@ -44,7 +44,7 @@ docs-lint markdown: - .default-retry - .docs:rules:docs-lint # When updating the image version here, update it in /scripts/lint-doc.sh too. - image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-markdown:alpine-3.15-vale-2.15.5-markdownlint-0.31.1 + image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-docs/lint-markdown:alpine-3.16-vale-2.17.0-markdownlint-0.31.1 stage: lint needs: [] script: @@ -53,7 +53,7 @@ docs-lint markdown: docs-lint links: extends: - .docs:rules:docs-lint - image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-html:alpine-3.15-ruby-2.7.5-cee62c13 + image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-docs/lint-html:alpine-3.16-ruby-2.7.6-0bc327a4 stage: lint needs: [] script: diff --git a/.gitlab/ci/frontend.gitlab-ci.yml b/.gitlab/ci/frontend.gitlab-ci.yml index 4b1194d0fbd..8bfda0e6684 100644 --- a/.gitlab/ci/frontend.gitlab-ci.yml +++ b/.gitlab/ci/frontend.gitlab-ci.yml @@ -11,7 +11,7 @@ - .default-retry - .default-before_script - .assets-compile-cache - image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:debian-${DEBIAN_VERSION}-ruby-2.7-git-2.33-lfs-2.9-node-16.14-yarn-1.22-graphicsmagick-1.3.36 + image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}-git-2.33-lfs-2.9-node-16.14-yarn-1.22-graphicsmagick-1.3.36 variables: SETUP_DB: "false" WEBPACK_VENDOR_DLL: "true" diff --git a/.gitlab/ci/global.gitlab-ci.yml b/.gitlab/ci/global.gitlab-ci.yml index 7e06a4a71bd..344a31b28d8 100644 --- a/.gitlab/ci/global.gitlab-ci.yml +++ b/.gitlab/ci/global.gitlab-ci.yml @@ -18,7 +18,7 @@ - source scripts/prepare_build.sh .ruby-gems-cache: &ruby-gems-cache - key: "ruby-gems-${DEBIAN_VERSION}" + key: "ruby-gems-debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}" paths: - vendor/ruby/ policy: pull @@ -28,7 +28,7 @@ policy: push # We want to rebuild the cache from scratch to ensure stale dependencies are cleaned up. .gitaly-ruby-gems-cache: &gitaly-ruby-gems-cache - key: "gitaly-ruby-gems-${DEBIAN_VERSION}" + key: "gitaly-ruby-gems-debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}" paths: - vendor/gitaly-ruby/ policy: pull @@ -42,7 +42,7 @@ files: - GITALY_SERVER_VERSION - lib/gitlab/setup_helper.rb - prefix: "gitaly-binaries-${DEBIAN-VERSION}" + prefix: "gitaly-binaries-debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}" paths: - ${TMP_TEST_FOLDER}/gitaly/_build/bin/ - ${TMP_TEST_FOLDER}/gitaly/_build/deps/git/install/ @@ -79,7 +79,7 @@ policy: push # We want to rebuild the cache from scratch to ensure stale dependencies are cleaned up. .assets-cache: &assets-cache - key: "assets-${DEBIAN_VERSION}-${NODE_ENV}" + key: "assets-debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}-node-${NODE_ENV}" paths: - assets-hash.txt - public/assets/webpack/ @@ -103,7 +103,7 @@ policy: push # We want to rebuild the cache from scratch to ensure stale dependencies are cleaned up. .rubocop-cache: &rubocop-cache - key: "rubocop-${DEBIAN_VERSION}" + key: "rubocop-debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}" paths: - tmp/rubocop_cache/ policy: pull @@ -116,6 +116,7 @@ .qa-ruby-gems-cache: &qa-ruby-gems-cache key: + prefix: "qa-ruby-gems-debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}" files: - qa/Gemfile.lock paths: @@ -238,7 +239,7 @@ services: - name: postgres:13 command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] - - name: redis:5.0-alpine + - name: redis:6.2-alpine variables: POSTGRES_HOST_AUTH_METHOD: trust PG_VERSION: "13" @@ -269,7 +270,7 @@ services: - name: postgres:13 command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] - - name: redis:5.0-alpine + - name: redis:6.2-alpine - name: elasticsearch:7.17.0 command: ["elasticsearch", "-E", "discovery.type=single-node", "-E", "xpack.security.enabled=false"] variables: @@ -281,7 +282,7 @@ - name: postgres:12 command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] - name: redis:6.0-alpine - - name: elasticsearch:8.1.1 + - name: elasticsearch:8.2.0 variables: POSTGRES_HOST_AUTH_METHOD: trust PG_VERSION: "12" diff --git a/.gitlab/ci/qa.gitlab-ci.yml b/.gitlab/ci/qa.gitlab-ci.yml index 1ebc408e0d4..5ca70da352a 100644 --- a/.gitlab/ci/qa.gitlab-ci.yml +++ b/.gitlab/ci/qa.gitlab-ci.yml @@ -1,5 +1,5 @@ .qa-job-base: - image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-2.7:bundler-2.3-git-2.33-chrome-99 + image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-2.7:bundler-2.3-git-2.33-chrome-${CHROME_VERSION} extends: - .default-retry - .qa-cache @@ -12,7 +12,7 @@ before_script: - !reference [.default-before_script, before_script] - cd qa/ - - bundle_install_script + - bundle install qa:internal: extends: @@ -52,7 +52,6 @@ qa:nightly-auto-quarantine-dequarantine: - bundle exec confiner -r .confiner/nightly.yml allow_failure: true - qa:selectors-as-if-foss: extends: - qa:selectors @@ -68,8 +67,32 @@ update-qa-cache: script: - echo "Cache has been updated and ready to be uploaded." -.package-and-qa-base: +populate-qa-tests-var: + extends: + - .qa:rules:determine-qa-tests image: ${GITLAB_DEPENDENCY_PROXY}ruby:2.7-alpine + stage: prepare + script: + - tooling/bin/qa/check_if_qa_only_spec_changes ${CHANGES_FILE} ${ONLY_QA_CHANGES_FILE} + - '[ -f $ONLY_QA_CHANGES_FILE ] && export QA_TESTS="`cat $ONLY_QA_CHANGES_FILE`"' + - 'echo "QA_TESTS=$QA_TESTS" >> qa_tests_var.env' + - 'echo "QA_TESTS: $QA_TESTS"' + artifacts: + expire_in: 2d + reports: + dotenv: qa_tests_var.env + paths: + - ${CHANGES_FILE} + - ${ONLY_QA_CHANGES_FILE} + - qa_tests_var.env + variables: + CHANGES_FILE: tmp/changed_files.txt + ONLY_QA_CHANGES_FILE: tmp/qa_only_changed_files.txt + needs: + - detect-tests + +.package-and-qa-base: + image: ${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION}-alpine stage: qa retry: 0 before_script: @@ -77,8 +100,6 @@ update-qa-cache: - install_gitlab_gem - tooling/bin/find_change_diffs ${CHANGES_DIFFS_DIR} script: - - tooling/bin/qa/check_if_qa_only_spec_changes ${CHANGES_FILE} ${ONLY_QA_CHANGES_FILE} - - '[ -f $ONLY_QA_CHANGES_FILE ] && export QA_TESTS="`cat $ONLY_QA_CHANGES_FILE`"' - 'echo "QA_TESTS: $QA_TESTS"' - exit_code=0 && tooling/bin/qa/package_and_qa_check ${CHANGES_DIFFS_DIR} || exit_code=$? - echo $exit_code @@ -99,16 +120,13 @@ update-qa-cache: artifacts: false - job: build-assets-image artifacts: false + - job: populate-qa-tests-var - detect-tests artifacts: expire_in: 7d paths: - - ${CHANGES_FILE} - - ${ONLY_QA_CHANGES_FILE} - ${CHANGES_DIFFS_DIR}/* variables: - CHANGES_FILE: tmp/changed_files.txt - ONLY_QA_CHANGES_FILE: tmp/qa_only_changed_files.txt CHANGES_DIFFS_DIR: tmp/diffs ALLURE_JOB_NAME: $CI_JOB_NAME diff --git a/.gitlab/ci/rails.gitlab-ci.yml b/.gitlab/ci/rails.gitlab-ci.yml index 77bdfda3eac..0358fe8ec49 100644 --- a/.gitlab/ci/rails.gitlab-ci.yml +++ b/.gitlab/ci/rails.gitlab-ci.yml @@ -395,15 +395,15 @@ db:migrate-from-previous-major-version: USE_BUNDLE_INSTALL: "false" SETUP_DB: "false" PROJECT_TO_CHECKOUT: "gitlab-foss" - TAG_TO_CHECKOUT: "v13.12.9" + TAG_TO_CHECKOUT: "v14.10.2" before_script: - !reference [.default-before_script, before_script] - '[[ -d "ee/" ]] || export PROJECT_TO_CHECKOUT="gitlab"' - '[[ -d "ee/" ]] || export TAG_TO_CHECKOUT="${TAG_TO_CHECKOUT}-ee"' - retry 'git fetch https://gitlab.com/gitlab-org/$PROJECT_TO_CHECKOUT.git $TAG_TO_CHECKOUT' - git checkout -f FETCH_HEAD - - SETUP_DB=false USE_BUNDLE_INSTALL=true bash scripts/prepare_build.sh - - run_timed_command "bundle exec rake db:drop db:create db:structure:load db:migrate db:seed_fu" + - SETUP_DB=false USE_BUNDLE_INSTALL=true ENABLE_BOOTSNAP=false bash scripts/prepare_build.sh + - run_timed_command "ENABLE_BOOTSNAP=false bundle exec rake db:drop db:create db:structure:load db:migrate db:seed_fu" - git checkout -f $CI_COMMIT_SHA - SETUP_DB=false USE_BUNDLE_INSTALL=true bash scripts/prepare_build.sh script: @@ -419,7 +419,7 @@ db:migrate-from-previous-major-version-single-db: extends: - .rails:rules:ee-mr-and-default-branch-only variables: - TAG_TO_CHECKOUT: "v14.4.0" + TAG_TO_CHECKOUT: "v14.7.0" # this version updated grpc to 1.42.0, which supports Ruby 2 & 3 script: - run_timed_command "scripts/db_tasks db:migrate" - scripts/schema_changed.sh @@ -460,7 +460,7 @@ db:migrate-non-superuser: db:gitlabcom-database-testing: extends: .rails:rules:db:gitlabcom-database-testing stage: test - image: ruby:2.7-alpine + image: ruby:${RUBY_VERSION}-alpine needs: [] allow_failure: true script: @@ -976,7 +976,6 @@ rspec system pg13: - .rspec-base-pg13 - .rails:rules:default-branch-schedule-nightly--code-backstage - .rspec-system-parallel - # EE/FOSS: default branch nightly scheduled jobs # ########################################## diff --git a/.gitlab/ci/reports.gitlab-ci.yml b/.gitlab/ci/reports.gitlab-ci.yml index 107f37ed47d..68c71b359c2 100644 --- a/.gitlab/ci/reports.gitlab-ci.yml +++ b/.gitlab/ci/reports.gitlab-ci.yml @@ -91,7 +91,7 @@ gemnasium-python-dependency_scanning: yarn-audit-dependency_scanning: extends: .ds-analyzer - image: "registry.gitlab.com/gitlab-org/security-products/analyzers/npm-audit:1.4.1" + image: "${REGISTRY_HOST}/${REGISTRY_GROUP}/security-products/analyzers/npm-audit:1" variables: TOOL: yarn rules: !reference [".reports:rules:yarn-audit-dependency_scanning", rules] @@ -102,7 +102,7 @@ yarn-audit-dependency_scanning: extends: .default-retry stage: test image: - name: registry.gitlab.com/gitlab-org/security-products/package-hunter-cli:v1.3.2@sha256:7529deaef9ea21aab56bfb74ae1abbc121311affdb6ece49ce7b1c360f997ca2 + name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/security-products/package-hunter-cli:v1.3.2@sha256:7529deaef9ea21aab56bfb74ae1abbc121311affdb6ece49ce7b1c360f997ca2 entrypoint: [""] variables: HTR_user: '$PACKAGE_HUNTER_USER' diff --git a/.gitlab/ci/review-apps/dast.gitlab-ci.yml b/.gitlab/ci/review-apps/dast.gitlab-ci.yml index df8ad4c517a..8f0c6b60190 100644 --- a/.gitlab/ci/review-apps/dast.gitlab-ci.yml +++ b/.gitlab/ci/review-apps/dast.gitlab-ci.yml @@ -5,12 +5,12 @@ extends: - .reports:rules:schedule-dast image: - name: "registry.gitlab.com/security-products/dast:$DAST_VERSION" + name: "${REGISTRY_HOST}/security-products/dast:$DAST_VERSION" resource_group: dast_scan variables: DAST_USERNAME_FIELD: "user[login]" DAST_PASSWORD_FIELD: "user[password]" - DAST_SUBMIT_FIELD: "commit" + DAST_SUBMIT_FIELD: "name:button" DAST_FULL_SCAN_ENABLED: "true" DAST_VERSION: 2 GIT_STRATEGY: none @@ -28,7 +28,7 @@ needs: ["review-deploy"] stage: dast # Default job timeout set to 90m and dast rules needs 2h to so that it won't timeout. - timeout: 2h + timeout: 3h # Add retry because of intermittent connection problems. See https://gitlab.com/gitlab-org/gitlab/-/issues/244313 retry: 1 artifacts: @@ -42,149 +42,65 @@ # DAST scan with a subset of Release scan rules. # ZAP rule details can be found at https://www.zaproxy.org/docs/alerts/ -# 10019, 10021 Missing security headers -# 10023, 10024, 10025, 10037 Information Disclosure -# 10040 Secure Pages Include Mixed Content -# 10056 X-Debug-Token Information Leak -# Duration: 14 minutes 20 seconds - -dast:secureHeaders-csp-infoLeak: +dast:anti-clickjacking-header: extends: - .dast_conf variables: DAST_USERNAME: "user1" - DAST_ONLY_INCLUDE_RULES: "10019,10021,10023,10024,10025,10037,10040,10056" + DAST_ONLY_INCLUDE_RULES: "10020" script: - /analyze -# 90023 XML External Entity Attack -# Duration: 41 minutes 20 seconds -# 90019 Server Side Code Injection -# Duration: 34 minutes 31 seconds -dast:XXE-SrvSideInj: +dast:xss-persistant: extends: - .dast_conf variables: DAST_USERNAME: "user2" - DAST_ONLY_INCLUDE_RULES: "90023,90019" + DAST_ONLY_INCLUDE_RULES: "40014" script: - /analyze -# 0 Directory Browsing -# 2 Private IP Disclosure -# 3 Session ID in URL Rewrite -# 7 Remote File Inclusion -# Duration: 63 minutes 43 seconds -# 90034 Cloud Metadata Potentially Exposed -# Duration: 13 minutes 48 seconds -# 90022 Application Error Disclosure -# Duration: 12 minutes 7 seconds -dast:infoLeak-fileInc-DirBrowsing: +dast:insecure-http-method: extends: - .dast_conf variables: DAST_USERNAME: "user3" - DAST_ONLY_INCLUDE_RULES: "0,2,3,7,90034,90022" + DAST_ONLY_INCLUDE_RULES: "90028" script: - /analyze -# 10010 Cookie No HttpOnly Flag -# 10011 Cookie Without Secure Flag -# 10017 Cross-Domain JavaScript Source File Inclusion -# 10029 Cookie Poisoning -# 90033 Loosely Scoped Cookie -# 10054 Cookie Without SameSite Attribute -# Duration: 13 minutes 23 seconds -dast:insecureCookie: +dast:server-side-template-inj: extends: - .dast_conf variables: DAST_USERNAME: "user4" - DAST_ONLY_INCLUDE_RULES: "10010,10011,10017,10029,90033,10054" + DAST_ONLY_INCLUDE_RULES: "90035" script: - /analyze - -# 20012 Anti-CSRF Tokens Check -# 10202 Absence of Anti-CSRF Tokens -# https://gitlab.com/gitlab-com/gl-security/appsec/appsec-team/-/issues/192 - -# Commented because of lot of FP's -# dast:csrfTokenCheck: -# extends: -# - .dast_conf -# variables: -# DAST_USERNAME: "user6" -# DAST_ONLY_INCLUDE_RULES: "20012,10202" -# script: -# - /analyze - -# 10098 Cross-Domain Misconfiguration -# 10105 Weak Authentication Method -# 40003 CRLF Injection -# 40008 Parameter Tampering -# Duration: 71 minutes 15 seconds -dast:corsMisconfig-weakauth-crlfInj: +dast:server-side-template-inj-blind: extends: - .dast_conf variables: DAST_USERNAME: "user5" - DAST_ONLY_INCLUDE_RULES: "10098,10105,40003,40008" + DAST_ONLY_INCLUDE_RULES: "90035" script: - /analyze -# 20019 External Redirect -# 20014 HTTP Parameter Pollution -# Duration: 46 minutes 12 seconds -dast:extRedirect-paramPollution: +dast:session-fixation: extends: - .dast_conf variables: DAST_USERNAME: "user6" - DAST_ONLY_INCLUDE_RULES: "20019,20014" - script: - - /analyze - -# 40022 SQL Injection - PostgreSQL -# Duration: 53 minutes 59 seconds -dast:sqlInjection: - extends: - - .dast_conf - variables: - DAST_USERNAME: "user7" - DAST_ONLY_INCLUDE_RULES: "40022" - script: - - /analyze - -# 40014 Cross Site Scripting (Persistent) -# Duration: 21 minutes 50 seconds -dast:xss-persistent: - extends: - - .dast_conf - variables: - DAST_USERNAME: "user8" - DAST_ONLY_INCLUDE_RULES: "40014" - script: - - /analyze - -# 40012 Cross Site Scripting (Reflected) -# Duration: 73 minutes 15 seconds -dast:xss-reflected: - extends: - - .dast_conf - variables: - DAST_USERNAME: "user9" - DAST_ONLY_INCLUDE_RULES: "40012" + DAST_ONLY_INCLUDE_RULES: "40013" script: - /analyze -# 40013 Session Fixation -# Duration: 44 minutes 25 seconds -dast:sessionFixation: +dast:xss-dombased: extends: - .dast_conf variables: DAST_USERNAME: "user10" - DAST_ONLY_INCLUDE_RULES: "40013" + DAST_ONLY_INCLUDE_RULES: "40026" script: - /analyze diff --git a/.gitlab/ci/review-apps/main.gitlab-ci.yml b/.gitlab/ci/review-apps/main.gitlab-ci.yml index 22fdce71243..f3cde5d7318 100644 --- a/.gitlab/ci/review-apps/main.gitlab-ci.yml +++ b/.gitlab/ci/review-apps/main.gitlab-ci.yml @@ -20,7 +20,7 @@ review-build-cng-env: extends: - .default-retry - .review:rules:review-build-cng - image: ${GITLAB_DEPENDENCY_PROXY}ruby:2.7-alpine3.13 + image: ${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION}-alpine3.13 stage: prepare needs: [] before_script: diff --git a/.gitlab/ci/review-apps/qa.gitlab-ci.yml b/.gitlab/ci/review-apps/qa.gitlab-ci.yml index 47e756eb230..07ad5a31135 100644 --- a/.gitlab/ci/review-apps/qa.gitlab-ci.yml +++ b/.gitlab/ci/review-apps/qa.gitlab-ci.yml @@ -1,6 +1,6 @@ include: - project: gitlab-org/quality/pipeline-common - ref: 0.6.0 + ref: 0.13.0 file: - /ci/allure-report.yml - /ci/knapsack-report.yml @@ -13,8 +13,8 @@ include: .test_variables: variables: - QA_DEBUG: "true" QA_GENERATE_ALLURE_REPORT: "true" + COLORIZED_LOGS: "true" GITLAB_USERNAME: "root" GITLAB_PASSWORD: "${REVIEW_APPS_ROOT_PASSWORD}" GITLAB_ADMIN_USERNAME: "root" @@ -28,7 +28,7 @@ include: - .qa-cache - .test_variables - .bundler_variables - image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-2.7:bundler-2.3-git-2.33-lfs-2.9-chrome-99-docker-20.10.14-gcloud-383-kubectl-1.23 + image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-2.7:bundler-2.3-git-2.33-lfs-2.9-chrome-${CHROME_VERSION}-docker-${DOCKER_VERSION}-gcloud-383-kubectl-1.23 stage: qa needs: - review-deploy @@ -50,6 +50,9 @@ include: --tag ~orchestrated \ --tag ~transient \ --tag ~skip_signup_disabled \ + --tag ~requires_git_protocol_v2 \ + --tag ~requires_praefect \ + --tag ~sanity_feature_flags \ --force-color \ --order random \ --format documentation \ @@ -79,27 +82,52 @@ include: # Store knapsack report as artifact so the same report is reused across all jobs download-knapsack-report: - image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-2.7:bundler-2.3-git-2.33-chrome-99 + image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-2.7:bundler-2.3-git-2.33-chrome-${CHROME_VERSION} extends: - .qa-cache - .bundler_variables - .review:rules:review-qa-reliable stage: prepare + variables: + QA_KNAPSACK_REPORTS: review-qa-reliable,review-qa-all before_script: - cd qa && bundle install script: - - QA_KNAPSACK_REPORT_NAME=review-qa-reliable bundle exec rake "knapsack:download" - - QA_KNAPSACK_REPORT_NAME=review-qa-all bundle exec rake "knapsack:download" + - bundle exec rake "knapsack:download" allow_failure: true artifacts: paths: - qa/knapsack/review-qa-*.json expire_in: 1 day +review-qa-sanity: + extends: + - .review-qa-base + - .review:rules:review-qa-sanity + retry: 1 + variables: + QA_RUN_TYPE: review-qa-sanity + script: + - qa_run_status=0 + - | + bundle exec rake "knapsack:rspec[\ + --tag sanity_feature_flags \ + --force-color \ + --order random \ + --format documentation \ + --format RspecJunitFormatter --out tmp/rspec.xml \ + ]" || qa_run_status=$? + - if [ ${qa_run_status} -ne 0 ]; then + release_sha=$(echo "${CI_MERGE_REQUEST_SOURCE_BRANCH_SHA:-${CI_COMMIT_SHA}}" | cut -c1-11); + echo "Errors can be found at https://sentry.gitlab.net/gitlab/gitlab-review-apps/releases/${release_sha}/all-events/."; + fi + - exit ${qa_run_status} + review-qa-smoke: extends: - .review-qa-base - .review:rules:review-qa-smoke + retry: 1 variables: QA_RUN_TYPE: review-qa-smoke RSPEC_TAGS: --tag smoke @@ -108,6 +136,7 @@ review-qa-reliable: extends: - .review-qa-base - .review:rules:review-qa-reliable + retry: 1 parallel: 10 variables: QA_RUN_TYPE: review-qa-reliable diff --git a/.gitlab/ci/review.gitlab-ci.yml b/.gitlab/ci/review.gitlab-ci.yml index 03223e64b23..26c7306c880 100644 --- a/.gitlab/ci/review.gitlab-ci.yml +++ b/.gitlab/ci/review.gitlab-ci.yml @@ -5,7 +5,7 @@ review-cleanup: extends: - .default-retry - .review:rules:review-cleanup - image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:gitlab-helm3-kubectl1.14 + image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:gitlab-helm3.5-kubectl1.17 stage: prepare environment: name: review/${CI_COMMIT_REF_SLUG}${FREQUENCY} @@ -29,8 +29,6 @@ start-review-app-pipeline: needs: - job: build-assets-image artifacts: false - - job: build-qa-image - artifacts: false # These variables are set in the pipeline schedules. # They need to be explicitly passed on to the child pipeline. # https://docs.gitlab.com/ee/ci/pipelines/multi_project_pipelines.html#pass-cicd-variables-to-a-downstream-pipeline-by-using-the-variables-keyword @@ -72,5 +70,6 @@ danger-review-local: reviewers-recommender: extends: - .default-retry + - .review:rules:reviewers-recommender stage: test needs: [] diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml index 37593ffd2fc..ccdc2c1b90a 100644 --- a/.gitlab/ci/rules.gitlab-ci.yml +++ b/.gitlab/ci/rules.gitlab-ci.yml @@ -73,12 +73,18 @@ .if-merge-request-labels-skip-undercoverage: &if-merge-request-labels-skip-undercoverage if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:skip-undercoverage/' +.if-merge-request-labels-community-contribution: &if-merge-request-labels-community-contribution + if: '$CI_MERGE_REQUEST_LABELS =~ /Community contribution/' + .if-merge-request-labels-jh-contribution: &if-merge-request-labels-jh-contribution if: '$CI_MERGE_REQUEST_LABELS =~ /JiHu contribution/' .if-merge-request-labels-group-global-search: &if-merge-request-labels-group-global-search if: '$CI_MERGE_REQUEST_LABELS =~ /group::global search/' +.if-merge-request-labels-pipeline-revert: &if-merge-request-labels-pipeline-revert + if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:revert/' + .if-security-merge-request: &if-security-merge-request if: '$CI_PROJECT_NAMESPACE == "gitlab-org/security" && $CI_MERGE_REQUEST_IID' @@ -175,16 +181,26 @@ - ".gitlab/ci/workhorse.gitlab-ci.yml" .yaml-lint-patterns: &yaml-lint-patterns + - "*.yml" + - "**/*.yml" + +.lint-pipeline-yaml-patterns: &lint-pipeline-yaml-patterns - ".gitlab-ci.yml" - ".gitlab/ci/**/*.yml" - - "data/**/*.yml" - "lib/gitlab/ci/templates/**/*.yml" + - "data/deprecations/**/*.yml" + - "data/removals/**/*.yml" + - "data/whats_new/**/*.yml" + +.lint-metrics-yaml-patterns: &lint-metrics-yaml-patterns + - "config/metrics/**/*.yml" .docs-patterns: &docs-patterns - ".gitlab/route-map.yml" - "doc/**/*" - ".markdownlint.yml" - "scripts/lint-doc.sh" + - ".gitlab/ci/docs.gitlab-ci.yml" .docs-deprecations-and-removals-patterns: &docs-deprecations-and-removals-patterns - "doc/update/deprecations.md" @@ -896,10 +912,26 @@ - <<: *if-default-refs changes: *qa-patterns +.qa:rules:determine-qa-tests: + rules: + - <<: *if-not-ee + when: never + - <<: *if-merge-request-targeting-stable-branch + allow_failure: true + - <<: *if-dot-com-gitlab-org-and-security-merge-request + changes: *code-backstage-qa-patterns + allow_failure: true + - <<: *if-dot-com-gitlab-org-schedule + allow_failure: true + - <<: *if-force-ci + allow_failure: true + .qa:rules:package-and-qa: rules: - <<: *if-not-ee when: never + - <<: *if-merge-request-labels-pipeline-revert + when: never - <<: *if-merge-request-targeting-stable-branch allow_failure: true - <<: *if-dot-com-gitlab-org-and-security-merge-request @@ -925,6 +957,8 @@ rules: - <<: *if-not-ee when: never + - <<: *if-merge-request-labels-pipeline-revert + when: never - <<: *if-dot-com-gitlab-org-and-security-merge-request-manual-ff-package-and-qa changes: *feature-flag-development-config-patterns when: manual @@ -1060,10 +1094,8 @@ rules: - <<: *if-merge-request-labels-run-all-rspec - <<: *if-merge-request - changes: *core-backend-patterns - - <<: *if-merge-request - changes: *ci-patterns - - changes: ["config/**/*"] + changes: *backend-patterns + - changes: *core-backend-patterns .rails:rules:code-backstage-qa: rules: @@ -1354,6 +1386,8 @@ rules: - <<: *if-not-ee when: never + - <<: *if-merge-request-labels-pipeline-revert + when: never - <<: *if-merge-request-labels-skip-undercoverage when: never - <<: *if-merge-request-labels-run-all-rspec @@ -1558,6 +1592,8 @@ rules: - <<: *if-not-ee when: never + - <<: *if-merge-request-labels-pipeline-revert + when: never - <<: *if-merge-request-labels-run-review-app - <<: *if-dot-com-gitlab-org-merge-request changes: *ci-review-patterns @@ -1601,6 +1637,10 @@ rules: - when: on_success +.review:rules:review-qa-sanity: + rules: + - when: on_success + .review:rules:review-qa-smoke: rules: - when: on_success @@ -1627,7 +1667,6 @@ .review:rules:review-qa-all: rules: - - <<: *if-merge-request-labels-run-review-app # we explicitly don't allow the job to fail in that case - <<: *if-dot-com-gitlab-org-merge-request changes: *code-patterns when: manual @@ -1662,6 +1701,14 @@ - <<: *if-merge-request changes: *danger-patterns +.review:rules:reviewers-recommender: + rules: + - <<: *if-not-canonical-namespace + when: never + - <<: *if-merge-request-labels-community-contribution + when: never + - <<: *if-merge-request + ############### # Setup rules # ############### @@ -1769,3 +1816,13 @@ rules: - <<: *if-default-refs changes: *yaml-lint-patterns + +.lint-pipeline-yaml:rules: + rules: + - <<: *if-default-refs + changes: *lint-pipeline-yaml-patterns + +.lint-metrics-yaml:rules: + rules: + - <<: *if-default-refs + changes: *lint-metrics-yaml-patterns diff --git a/.gitlab/ci/setup.gitlab-ci.yml b/.gitlab/ci/setup.gitlab-ci.yml index 4339251897c..505caeec837 100644 --- a/.gitlab/ci/setup.gitlab-ci.yml +++ b/.gitlab/ci/setup.gitlab-ci.yml @@ -60,7 +60,7 @@ no-jh-check: verify-tests-yml: extends: - .setup:rules:verify-tests-yml - image: ${GITLAB_DEPENDENCY_PROXY}ruby:2.7-alpine3.13 + image: ${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION}-alpine3.13 stage: test needs: [] script: @@ -96,7 +96,7 @@ generate-frontend-fixtures-mapping: - ${FRONTEND_FIXTURES_MAPPING_PATH} .detect-test-base: - image: ${GITLAB_DEPENDENCY_PROXY}ruby:2.7 + image: ${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION} needs: [] stage: prepare script: @@ -160,7 +160,7 @@ detect-previous-failed-tests: add-jh-folder: extends: .setup:rules:add-jh-folder - image: ${GITLAB_DEPENDENCY_PROXY}ruby:2.7 + image: ${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION} stage: prepare before_script: - source ./scripts/utils.sh @@ -171,7 +171,6 @@ add-jh-folder: - curl --location -o "jh-folder.tar.gz" "https://gitlab.com/gitlab-org/gitlab-jh-mirrors/gitlab/-/archive/${JH_BRANCH}/gitlab-${JH_BRANCH}.tar.gz?path=jh" - tar -xf "jh-folder.tar.gz" - mv "gitlab-${JH_BRANCH}-jh/jh/" ./ - - cp Gemfile.lock jh/ - ls -l jh/ artifacts: expire_in: 2d diff --git a/.gitlab/ci/test-metadata.gitlab-ci.yml b/.gitlab/ci/test-metadata.gitlab-ci.yml index 79fea15690c..f4fa39300b6 100644 --- a/.gitlab/ci/test-metadata.gitlab-ci.yml +++ b/.gitlab/ci/test-metadata.gitlab-ci.yml @@ -1,5 +1,5 @@ .tests-metadata-state: - image: ${GITLAB_DEPENDENCY_PROXY}ruby:2.7 + image: ${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION} before_script: - source scripts/utils.sh artifacts: diff --git a/.gitlab/ci/workhorse.gitlab-ci.yml b/.gitlab/ci/workhorse.gitlab-ci.yml index 01e059b8a60..6db3582bdab 100644 --- a/.gitlab/ci/workhorse.gitlab-ci.yml +++ b/.gitlab/ci/workhorse.gitlab-ci.yml @@ -1,6 +1,6 @@ workhorse:verify: extends: .workhorse:rules:workhorse - image: ${GITLAB_DEPENDENCY_PROXY}golang:1.16 + image: ${GITLAB_DEPENDENCY_PROXY}golang:1.17 stage: test needs: [] script: @@ -20,10 +20,6 @@ workhorse:verify: - scripts/gitaly-test-build - make -C workhorse test -workhorse:test using go 1.16: - extends: .workhorse:test - image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:debian-${DEBIAN_VERSION}-ruby-2.7-golang-1.16-git-2.31 - workhorse:test using go 1.17: extends: .workhorse:test - image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:debian-${DEBIAN_VERSION}-ruby-2.7-golang-1.17-git-2.31 + image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}-golang-1.17-git-2.31 diff --git a/.gitlab/ci/yaml.gitlab-ci.yml b/.gitlab/ci/yaml.gitlab-ci.yml index ac32e4226e2..0420f158bbb 100644 --- a/.gitlab/ci/yaml.gitlab-ci.yml +++ b/.gitlab/ci/yaml.gitlab-ci.yml @@ -1,4 +1,5 @@ -# Yamllint of CI-related yaml. +# Yamllint of yaml files. + # This uses rules from project root `.yamllint`. lint-yaml: extends: @@ -7,15 +8,29 @@ lint-yaml: image: pipelinecomponents/yamllint:latest stage: lint needs: [] + script: + - yamllint --strict -f colored . + +# The jobs below will not use the configuration present in `.yamllint` (it's because of the -d option) +# +# Docs: https://yamllint.readthedocs.io/en/stable/configuration.html#custom-configuration-without-a-config-file + +lint-pipeline-yaml: + extends: + - .default-retry + - .lint-pipeline-yaml:rules + image: pipelinecomponents/yamllint:latest + stage: lint + needs: [] variables: LINT_PATHS: .gitlab-ci.yml .gitlab/ci lib/gitlab/ci/templates data/deprecations data/removals data/whats_new script: - - yamllint --strict -f colored $LINT_PATHS + - 'yamllint -d "{extends: default, rules: {line-length: disable, document-start: disable}}" $LINT_PATHS' lint-metrics-yaml: extends: - .default-retry - - .yaml-lint:rules + - .lint-metrics-yaml:rules image: pipelinecomponents/yamllint:latest stage: lint needs: [] diff --git a/.gitlab/issue_templates/Deprecations.md b/.gitlab/issue_templates/Deprecations.md index 2e48c272316..3dfed1a1fc1 100644 --- a/.gitlab/issue_templates/Deprecations.md +++ b/.gitlab/issue_templates/Deprecations.md @@ -47,7 +47,7 @@ Please add links to the relevant merge requests. - As soon as possible, but no later than the third milestone preceding the major release (for example, given the following release schedule: `14.8, 14.9, 14.10, 15.0` – `14.8` is the third milestone preceding the major release): - [ ] A [deprecation entry](https://about.gitlab.com/handbook/marketing/blog/release-posts/#creating-a-deprecation-entry) has been created so the deprecation will appear in release posts and on the [general deprecation page](https://docs.gitlab.com/ee/update/deprecations). - - [ ] Documentation has been updated to add a note about the [end-of-life](https://docs.gitlab.com/ee/development/documentation/styleguide/#end-of-life-for-features-or-products) and to mark the feature as [deprecated](https://docs.gitlab.com/ee/development/documentation/styleguide/#deprecated-features). + - [ ] Documentation has been updated to mark the feature as [deprecated](https://docs.gitlab.com/ee/development/documentation/versions.html#deprecations-and-removals). - [ ] On or before the major milestone: A [removal entry](https://about.gitlab.com/handbook/marketing/blog/release-posts/#removals) has been created so the removal will appear on the [removals by milestones](https://docs.gitlab.com/ee/update/removals) page and be announced in the release post. - On the major milestone: - [ ] The deprecated item has been removed. diff --git a/.gitlab/issue_templates/Feature Flag Roll Out.md b/.gitlab/issue_templates/Feature Flag Roll Out.md index 52f189f09f0..1b3d82cf522 100644 --- a/.gitlab/issue_templates/Feature Flag Roll Out.md +++ b/.gitlab/issue_templates/Feature Flag Roll Out.md @@ -62,8 +62,7 @@ _Consider adding links to check for Sentry errors, Production logs for 5xx, 302s - Ensure that the feature MRs have been deployed to non-production environments. - [ ] `/chatops run auto_deploy status <merge-commit-of-your-feature>` - [ ] Enable the feature globally on non-production environments. - - [ ] `/chatops run feature set <feature-flag-name> true --dev` - - [ ] `/chatops run feature set <feature-flag-name> true --staging` + - [ ] `/chatops run feature set <feature-flag-name> true --dev --staging` - [ ] Verify that the feature works as expected. Posting the QA result in this issue is preferable. The best environment to validate the feature in is [staging-canary](https://about.gitlab.com/handbook/engineering/infrastructure/environments/#staging-canary) as this is the first environment deployed to. Note you will need to make sure you are configured to use canary as outlined [here](https://about.gitlab.com/handbook/engineering/infrastructure/environments/canary-stage/) @@ -74,12 +73,9 @@ _Consider adding links to check for Sentry errors, Production logs for 5xx, 302s - Ensure that the feature MRs have been deployed to both production and canary. - [ ] `/chatops run auto_deploy status <merge-commit-of-your-feature>` - If you're using [project-actor](https://docs.gitlab.com/ee/development/feature_flags/#feature-actors), you must enable the feature on these entries: - - [ ] `/chatops run feature set --project=gitlab-org/gitlab <feature-flag-name> true` - - [ ] `/chatops run feature set --project=gitlab-org/gitlab-foss <feature-flag-name> true` - - [ ] `/chatops run feature set --project=gitlab-com/www-gitlab-com <feature-flag-name> true` + - [ ] `/chatops run feature set --project=gitlab-org/gitlab,gitlab-org/gitlab-foss,gitlab-com/www-gitlab-com <feature-flag-name> true` - If you're using [group-actor](https://docs.gitlab.com/ee/development/feature_flags/#feature-actors), you must enable the feature on these entries: - - [ ] `/chatops run feature set --group=gitlab-org <feature-flag-name> true` - - [ ] `/chatops run feature set --group=gitlab-com <feature-flag-name> true` + - [ ] `/chatops run feature set --group=gitlab-org,gitlab-com <feature-flag-name> true` - If you're using [user-actor](https://docs.gitlab.com/ee/development/feature_flags/#feature-actors), you must enable the feature on these entries: - [ ] `/chatops run feature set --user=<your-username> <feature-flag-name> true` - [ ] Verify that the feature works on the specific entries. Posting the QA result in this issue is preferable. @@ -124,9 +120,7 @@ To do so, follow these steps: the feature can be officially announced in a release blog post. - [ ] `/chatops run release check <merge-request-url> <milestone>` - [ ] Consider cleaning up the feature flag from all environments by running these chatops command in `#production` channel. Otherwise these settings may override the default enabled. - - [ ] `/chatops run feature delete <feature-flag-name> --dev` - - [ ] `/chatops run feature delete <feature-flag-name> --staging` - - [ ] `/chatops run feature delete <feature-flag-name>` + - [ ] `/chatops run feature delete <feature-flag-name> --dev --staging --production` - [ ] Close [the feature issue](ISSUE LINK) to indicate the feature will be released in the current milestone. - [ ] Set the next milestone to this rollout issue for scheduling [the flag removal](#release-the-feature). - [ ] (Optional) You can [create a separate issue](https://gitlab.com/gitlab-org/gitlab/-/issues/new?issuable_template=Feature%20Flag%20Cleanup) for scheduling the steps below to [Release the feature](#release-the-feature). @@ -162,9 +156,7 @@ You can either [create a follow-up issue for Feature Flag Cleanup](https://gitla - [ ] `/chatops run release check <merge-request-url> <milestone>` - [ ] Close [the feature issue](ISSUE LINK) to indicate the feature will be released in the current milestone. - [ ] If not already done, clean up the feature flag from all environments by running these chatops command in `#production` channel: - - [ ] `/chatops run feature delete <feature-flag-name> --dev` - - [ ] `/chatops run feature delete <feature-flag-name> --staging` - - [ ] `/chatops run feature delete <feature-flag-name>` + - [ ] `/chatops run feature delete <feature-flag-name> --dev --staging --production` - [ ] Close this rollout issue. ## Rollback Steps diff --git a/.gitlab/issue_templates/Geo Replicate a new Git repository type.md b/.gitlab/issue_templates/Geo Replicate a new Git repository type.md index bfcf7aca7b5..34e6e70015b 100644 --- a/.gitlab/issue_templates/Geo Replicate a new Git repository type.md +++ b/.gitlab/issue_templates/Geo Replicate a new Git repository type.md @@ -48,9 +48,13 @@ Geo secondary sites have a [Geo tracking database](https://gitlab.com/gitlab-org - [ ] Create the migration file in `ee/db/geo/migrate`: ```shell - bin/rails generate geo_migration CreateCoolWidgetRegistry + bin/rails generate migration CreateCoolWidgetRegistry --database geo ``` +Geo should continue using `Gitlab::Database::Migration[1.0]` until the `gitlab_geo` schema is supported, and is for the time being exempt from being validated by `Gitlab::Database::Migration[2.0]`. This requires a developer to manually amend the migration file to change from `[2.0]` to `[1.0]` due to the migration defaults being 2.0. + +For more information, see the [Enable Geo migrations to use Migration[2.0]](https://gitlab.com/gitlab-org/gitlab/-/issues/363491) issue. + - [ ] Replace the contents of the migration file with the following. Note that we cannot add a foreign key constraint on `cool_widget_id` because the `cool_widgets` table is in a different database. The application code must handle logic such as propagating deletions. ```ruby diff --git a/.gitlab/issue_templates/Geo Replicate a new blob type.md b/.gitlab/issue_templates/Geo Replicate a new blob type.md index ff678666191..e6f96c575d2 100644 --- a/.gitlab/issue_templates/Geo Replicate a new blob type.md +++ b/.gitlab/issue_templates/Geo Replicate a new blob type.md @@ -50,9 +50,13 @@ Geo secondary sites have a [Geo tracking database](https://gitlab.com/gitlab-org - [ ] Create the migration file in `ee/db/geo/migrate`: ```shell - bin/rails generate geo_migration CreateCoolWidgetRegistry + bin/rails generate migration CreateCoolWidgetRegistry --database geo ``` +Geo should continue using `Gitlab::Database::Migration[1.0]` until the `gitlab_geo` schema is supported, and is for the time being exempt from being validated by `Gitlab::Database::Migration[2.0]`. This requires a developer to manually amend the migration file to change from `[2.0]` to `[1.0]` due to the migration defaults being 2.0. + +For more information, see the [Enable Geo migrations to use Migration[2.0]](https://gitlab.com/gitlab-org/gitlab/-/issues/363491) issue. + - [ ] Replace the contents of the migration file with the following. Note that we cannot add a foreign key constraint on `cool_widget_id` because the `cool_widgets` table is in a different database. The application code must handle logic such as propagating deletions. ```ruby diff --git a/.gitlab/issue_templates/Performance Indicator Metric.md b/.gitlab/issue_templates/Performance Indicator Metric.md index f4d8885b119..8019be8cad5 100644 --- a/.gitlab/issue_templates/Performance Indicator Metric.md +++ b/.gitlab/issue_templates/Performance Indicator Metric.md @@ -3,7 +3,7 @@ Performance Indicator Metric issues are used for adding, updating, or removing p Please title your issue with the following format: "{action}(Add|Update|Remove) Metric name as performance indicator" -Example of title: "Add static_site_editor_views as gmau" +Example of title: "Add some_feature_views as gmau" --> diff --git a/.gitlab/issue_templates/Service Ping reporting and monitoring.md b/.gitlab/issue_templates/Service Ping reporting and monitoring.md new file mode 100644 index 00000000000..1c0d221318b --- /dev/null +++ b/.gitlab/issue_templates/Service Ping reporting and monitoring.md @@ -0,0 +1,129 @@ +<!-- This issue template is used by https://about.gitlab.com/handbook/engineering/development/growth/product-intelligence/ for tracking effort around Service Ping reporting for GitLab.com --> + +The [Product Intelligence group](https://about.gitlab.com/handbook/engineering/development/growth/product-intelligence/) runs manual reporting of ServicePing for GitLab.com on a weekly basis. This issue captures: + +- Captures the work required to complete the reporting process,. +- Captures the follow-up tasks that are focused on metrics performance verification. +- Identifies any potential issues. + +# New metrics to be verified + +<!-- Add new metrics that must be verified --> + +# Failed metrics + +Broken metrics issues are marked with the ~"broken metric" label. + +# Use a detached screen session to generate Service Ping for GitLab.com + +## Prerequisites + +1. Add your SSH key to the local SSH agent: `ssh-add`. Your SSH key is required to connect to a Rails console from the bastion host. + +## Triggering + +1. Add the SSH key to the local SSH agent: `ssh-add`. +1. Connect to the bastion with SSH agent forwarding: `ssh -A lb-bastion.gprd.gitlab.com`. +1. Note which bastion host machine was assigned. For example: `<username>@bastion-01-inf-gprd.c.gitlab-production.internal:~$` shows that you are connected to `bastion-01-inf-gprd.c.gitlab-production.internal`. +1. Create a named screen: `screen -S $USER-service-ping-$(date +%F)`. +1. Connect to the console host: `ssh $USER-rails@console-01-sv-gprd.c.gitlab-production.internal`. +1. Run: `ServicePing::SubmitService.new.execute`. +1. Press <kbd>Control</kbd>+<kbd>a</kbd> followed by <kbd>Control</kbd>+<kbd>d</kbd> to detach from the screen session. +1. Exit from the bastion: `exit`. + +## Verification (After approximately 30 hours) + +1. Reconnect to the bastion: `ssh -A lb-bastion.gprd.gitlab.com`. Make sure that you are connected to the same host machine that ServicePing was started on. For example, to connect directly to the host machine, use `ssh bastion-01-inf-gprd.c.gitlab-production.internal`. +1. Find your screen session: `screen -ls`. +1. Attach to your screen session: `screen -x 14226.mwawrzyniak_service_ping_2021_01_22`. +1. Check the last payload in the `raw_usage_data` table: `RawUsageData.last.payload`. +1. Check the when the payload was sent: `RawUsageData.last.sent_at`. + +## Stop the Service Ping process + +Use either of these processes: + +1. Reconnect to the bastion host machine. For example, use: `ssh bastion-01-inf-gprd.c.gitlab-production.internal`. +1. Find your screen session: `$ screen -ls`. +1. Attach to your screen session: `$ sudo -u <username> screen -r`. +1. Press <kbd>Control</kbd>+<kbd>c</kbd> to stop the Service Ping process. + +OR + +1. Reconnect to the bastion host machine. For example, type: `ssh bastion-01-inf-gprd.c.gitlab-production.internal`. +1. List all process started by your username: `ps faux | grep <username>`. +1. Locate the username that owns ServicePing reporting. +1. Send the kill signal for the ServicePing PID: `kill -9 <service_ping_pid>`. + +## Service Ping process triggering (through a long-running SSH session) + +1. Connect to the `gprd` Rails console. +1. Run `SubmitUsagePingService.new.execute`. This process requires more than 30 hours to complete. +1. Find the last payload in the `raw_usage_data` table: `RawUsageData.last.payload`. +1. Check the when the payload was sent: `RawUsageData.last.sent_at`. + +```plaintext +ServicePing::SubmitService.new.execute + +# Get the payload +RawUsageData.last.payload + +# Time when payload was sent to VersionsAppp +RawUsageData.last.sent_at +``` + +# Verify Service Ping in VersionsApp + +To verify that the ServicePing was received in the VersionsApp do the following steps: + +1. Go to the VersionsApp console and locate: `RawUsageData.find(uuid: '')`. +1. Check the object. Either: + - Go to the Rails console and check the related `RawUsageData` object. + - Go to the VersionsApp UI <https://version.gitlab.com/usage_data/usage_data_id>. + +```ruby +/bin/herokuish procfile exec rails console + +puts UsageData.select(:recorded_at, :app_server_type).where(hostname: 'gitlab.com', uuid: 'ea8bf810-1d6f-4a6a-b4fd-93e8cbd8b57f').order('id desc').limit(5).to_json + +puts UsageData.find(21635202).raw_usage_data.payload.to_json +``` + +# Monitoring events tracked using Redis HLL + +Trigger some events from the User Interface. + +```ruby +Gitlab::UsageDataCounters::HLLRedisCounter.unique_events(event_names: 'event_name', start_date: 28.days.ago, end_date: Date.current) +``` + +# Troubleshooting + +## Connecting to a Rails console host fails with `Permission denied (publickey).`. + +Make sure you add the SSH key to the local SSH agent with: `ssh-add`. If you don't add your SSH key, your key won't be forwarded +when you run `ssh -A`, and you will not be able to connect to a Rails console host. + +# What to do if you get mentioned + +In this issue, we keep the track of new metrics added to the Service Ping, and the metrics that are timing out. + +If you get mentioned, check the failing metric and open an optimization issue. + +# Service Ping manual generation for GitLab.com schedule + +| Generation start date | GitLab developer handle | Link to comment with payload | +| --------------------- | ----------------------- | ---------------------------- | +| 2022-04-18 | | | +| 2022-04-25 | | | +| 2022-05-02 | | | +| 2022-05-09 | | | +| 2022-05-16 | | | + +<!-- Do not edit below this line --> + +/confidential +/label ~"group::product intelligence" ~"devops::growth" ~backend ~"section::growth" ~"Category:Service Ping" +/epic https://gitlab.com/groups/gitlab-org/-/epics/6000 +/weight 5 +/title Monitor and Generate GitLab.com Service Ping |