diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-02-20 13:49:51 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-02-20 13:49:51 +0000 |
| commit | 71786ddc8e28fbd3cb3fcc4b3ff15e5962a1c82e (patch) | |
| tree | 6a2d93ef3fb2d353bb7739e4b57e6541f51cdd71 /.gitlab | |
| parent | a7253423e3403b8c08f8a161e5937e1488f5f407 (diff) | |
| download | gitlab-ce-71786ddc8e28fbd3cb3fcc4b3ff15e5962a1c82e.tar.gz | |
Add latest changes from gitlab-org/gitlab@15-9-stable-eev15.9.0-rc42
Diffstat (limited to '.gitlab')
47 files changed, 989 insertions, 564 deletions
diff --git a/.gitlab/CODEOWNERS b/.gitlab/CODEOWNERS index c6d0ac6b69a..02258c366c5 100644 --- a/.gitlab/CODEOWNERS +++ b/.gitlab/CODEOWNERS @@ -98,10 +98,7 @@ Dangerfile @gl-quality/eng-prod /lib/gitlab/ci/templates/Security/Secret-Detection.*.yml @gitlab-org/secure/static-analysis /lib/gitlab/ci/templates/Security/Secure-Binaries.*.yml @gitlab-org/secure/static-analysis @gitlab-org/secure/composition-analysis-be @gitlab-org/secure/dynamic-analysis # Note: The `Fortify-FoD-sast.gitlab-ci.yml` template is provided and maintained by Fortify, an official Technology Partner with GitLab. -/lib/gitlab/ci/templates/Jobs/API-Fuzzing.*.yml @gitlab-org/secure/dynamic-analysis /lib/gitlab/ci/templates/Jobs/Container-Scanning.*.yml @gitlab-org/secure/composition-analysis-be -/lib/gitlab/ci/templates/Jobs/Coverage-Fuzzing.*.yml @gitlab-org/secure/dynamic-analysis -/lib/gitlab/ci/templates/Jobs/DAST.*.yml @gitlab-org/secure/dynamic-analysis /lib/gitlab/ci/templates/Jobs/Dependency-Scanning.*.yml @gitlab-org/secure/composition-analysis-be /lib/gitlab/ci/templates/Jobs/License-Scanning.*.yml @gitlab-org/secure/composition-analysis-be /lib/gitlab/ci/templates/Jobs/SAST.*.yml @gitlab-org/secure/static-analysis @@ -119,16 +116,16 @@ Dangerfile @gl-quality/eng-prod ^[Threat Insights] /app/finders/security/ @gitlab-org/govern/threat-insights-backend-team /app/models/vulnerability.rb @gitlab-org/govern/threat-insights-backend-team +/app/presenters/projects/security/ @gitlab-org/govern/threat-insights-backend-team +/spec/presenters/projects/security/ @gitlab-org/govern/threat-insights-backend-team /ee/app/finders/security/ @gitlab-org/govern/threat-insights-backend-team /ee/app/models/security/ @gitlab-org/govern/threat-insights-backend-team /ee/app/models/vulnerabilities/ @gitlab-org/govern/threat-insights-backend-team /ee/app/policies/vulnerabilities/ @gitlab-org/govern/threat-insights-backend-team /ee/app/policies/vulnerability*.rb @gitlab-org/govern/threat-insights-backend-team -/ee/app/presenters/projects/security/ @gitlab-org/govern/threat-insights-backend-team /ee/lib/api/vulnerabilit*.rb @gitlab-org/govern/threat-insights-backend-team /ee/spec/policies/vulnerabilities/ @gitlab-org/govern/threat-insights-backend-team /ee/spec/policies/vulnerability*.rb @gitlab-org/govern/threat-insights-backend-team -/ee/spec/presenters/projects/security/ @gitlab-org/govern/threat-insights-backend-team /ee/app/assets/javascripts/license_compliance/components/detected_licenses_table.vue @gitlab-org/govern/threat-insights-frontend-team /ee/spec/frontend/license_compliance/components/detected_licenses_table_spec.js @gitlab-org/govern/threat-insights-frontend-team @@ -226,13 +223,11 @@ Dangerfile @gl-quality/eng-prod /ee/app/models/software_license.rb @gitlab-org/govern/security-policies-backend /ee/app/serializers/license_compliance/** @gitlab-org/govern/security-policies-backend /ee/app/serializers/license_entity.rb @gitlab-org/govern/security-policies-backend -/ee/app/serializers/license_serializer.rb @gitlab-org/govern/security-policies-backend /ee/app/serializers/licenses_list_entity.rb @gitlab-org/govern/security-policies-backend /ee/app/serializers/licenses_list_serializer.rb @gitlab-org/govern/security-policies-backend /ee/app/serializers/security/license_policy_entity.rb @gitlab-org/govern/security-policies-backend /ee/app/services/ci/compare_license_scanning_reports_collapsed_service.rb @gitlab-org/govern/security-policies-backend /ee/app/services/ci/compare_license_scanning_reports_service.rb @gitlab-org/govern/security-policies-backend -/ee/app/services/projects/licenses/** @gitlab-org/govern/security-policies-backend /ee/app/services/software_license_policies/** @gitlab-org/govern/security-policies-backend /ee/app/services/software_license_policies/update_service.rb @gitlab-org/govern/security-policies-backend /ee/app/workers/refresh_license_compliance_checks_worker.rb @gitlab-org/govern/security-policies-backend @@ -252,7 +247,6 @@ Dangerfile @gl-quality/eng-prod /ee/spec/serializers/license_compliance/** @gitlab-org/govern/security-policies-backend /ee/spec/services/ci/compare_license_scanning_reports_collapsed_service_spec.rb @gitlab-org/govern/security-policies-backend /ee/spec/services/ci/compare_license_scanning_reports_service_spec.rb @gitlab-org/govern/security-policies-backend -/ee/spec/services/projects/licenses/** @gitlab-org/govern/security-policies-backend /ee/spec/services/software_license_policies/** @gitlab-org/govern/security-policies-backend /spec/finders/security/license_compliance_jobs_finder_spec.rb @gitlab-org/govern/security-policies-backend @@ -287,7 +281,6 @@ Dangerfile @gl-quality/eng-prod /app/assets/javascripts/merge_request.js @viktomas @jboyson @iamphill @thomasrandolph /app/assets/javascripts/merge_request_tabs.js @viktomas @jboyson @iamphill @thomasrandolph /app/assets/stylesheets/framework/diffs.scss @viktomas @jboyson @iamphill @thomasrandolph -/app/assets/stylesheets/components/batch_comments/ @viktomas @jboyson @iamphill @thomasrandolph /ee/app/assets/javascripts/diffs/ @viktomas @jboyson @iamphill @thomasrandolph /ee/app/assets/javascripts/vue_merge_request_widget @viktomas @jboyson @iamphill @thomasrandolph /spec/frontend/diffs/ @viktomas @jboyson @iamphill @thomasrandolph @@ -317,14 +310,6 @@ Dangerfile @gl-quality/eng-prod ^[Growth Experiments] /app/experiments/ @gitlab-org/growth/experiment-devs /spec/experiments/ @gitlab-org/growth/experiment-devs -/app/models/experiment.rb @gitlab-org/growth/experiment-devs -/spec/models/experiment.rb @gitlab-org/growth/experiment-devs -/app/models/experiment_subject.rb @gitlab-org/growth/experiment-devs -/spec/models/experiment_subject.rb @gitlab-org/growth/experiment-devs -/app/models/experiment_user.rb @gitlab-org/growth/experiment-devs -/spec/models/experiment_user.rb @gitlab-org/growth/experiment-devs -/app/workers/experiments/ @gitlab-org/growth/experiment-devs -/spec/workers/experiments/ @gitlab-org/growth/experiment-devs /config/initializers/gitlab_experiment.rb @gitlab-org/growth/experiment-devs /config/feature_flags/experiment/ @gitlab-org/growth/experiment-devs /ee/config/feature_flags/experiment/ @gitlab-org/growth/experiment-devs @@ -332,11 +317,6 @@ Dangerfile @gl-quality/eng-prod /ee/spec/requests/api/experiments_spec.rb @gitlab-org/growth/experiment-devs /ee/lib/ee/api/entities/experiment.rb @gitlab-org/growth/experiment-devs /ee/spec/lib/ee/api/entities/experiment_spec.rb @gitlab-org/growth/experiment-devs -/lib/gitlab/experimentation/ @gitlab-org/growth/experiment-devs -/spec/lib/gitlab/experimentation/ @gitlab-org/growth/experiment-devs -/lib/gitlab/experimentation.rb @gitlab-org/growth/experiment-devs -/spec/lib/gitlab/experimentation_spec.rb @gitlab-org/growth/experiment-devs -/lib/gitlab/experimentation_logger.rb @gitlab-org/growth/experiment-devs ^[Growth] /ee/app/workers/onboarding/ @gitlab-org/growth/engineers @@ -430,8 +410,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/administration/audit_reports.md @eread /doc/administration/auditor_users.md @jglassman1 /doc/administration/auth/ @jglassman1 -/doc/administration/auth/ldap/ @jglassman1 -/doc/administration/cicd.md @marcel.amirault +/doc/administration/cicd.md @drcatherinepope /doc/administration/clusters/ @phillipwells /doc/administration/compliance.md @eread /doc/administration/configure.md @axil @@ -439,15 +418,10 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/administration/docs_self_host.md @axil /doc/administration/encrypted_configuration.md @axil /doc/administration/environment_variables.md @axil -/doc/administration/external_pipeline_validation.md @marcel.amirault +/doc/administration/external_pipeline_validation.md @drcatherinepope /doc/administration/feature_flags.md @axil /doc/administration/file_hooks.md @ashrafkhamis /doc/administration/geo/ @axil -/doc/administration/geo/disaster_recovery/ @axil -/doc/administration/geo/disaster_recovery/runbooks/ @axil -/doc/administration/geo/replication/ @axil -/doc/administration/geo/secondary_proxy/ @axil -/doc/administration/geo/setup/ @axil /doc/administration/git_protocol.md @aqualls /doc/administration/gitaly/ @eread /doc/administration/housekeeping.md @eread @@ -470,13 +444,10 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/administration/logs/ @axil /doc/administration/logs/index.md @msedlakjakubowski /doc/administration/maintenance_mode/ @axil -/doc/administration/merge_request_diffs.md @ashrafkhamis +/doc/administration/merge_request_diffs.md @aqualls /doc/administration/monitoring/ @msedlakjakubowski -/doc/administration/monitoring/gitlab_self_monitoring_project/ @msedlakjakubowski /doc/administration/monitoring/ip_allowlist.md @jglassman1 -/doc/administration/monitoring/performance/ @msedlakjakubowski /doc/administration/monitoring/performance/performance_bar.md @jglassman1 -/doc/administration/monitoring/prometheus/ @msedlakjakubowski /doc/administration/monitoring/prometheus/gitlab_exporter.md @jglassman1 /doc/administration/monitoring/prometheus/index.md @axil /doc/administration/monitoring/prometheus/web_exporter.md @jglassman1 @@ -484,9 +455,10 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/administration/object_storage.md @axil /doc/administration/operations/ @axil /doc/administration/operations/fast_ssh_key_lookup.md @aqualls +/doc/administration/operations/gitlab_sshd.md @aqualls /doc/administration/operations/moving_repositories.md @eread /doc/administration/package_information/ @axil -/doc/administration/packages/ @claytoncornell +/doc/administration/packages/ @dianalogan /doc/administration/pages/ @ashrafkhamis /doc/administration/polling.md @axil /doc/administration/postgresql/ @aqualls @@ -494,7 +466,6 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/administration/raketasks/ @axil /doc/administration/raketasks/ldap.md @jglassman1 /doc/administration/raketasks/praefect.md @eread -/doc/administration/raketasks/uploads/ @axil /doc/administration/read_only_gitlab.md @axil /doc/administration/redis/ @axil /doc/administration/reference_architectures/ @axil @@ -533,20 +504,21 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/api/bulk_imports.md @eread /doc/api/cluster_agents.md @phillipwells /doc/api/commits.md @aqualls -/doc/api/container_registry.md @claytoncornell +/doc/api/container_registry.md @dianalogan /doc/api/custom_attributes.md @msedlakjakubowski /doc/api/dependencies.md @rdickenson -/doc/api/dependency_proxy.md @claytoncornell +/doc/api/dependency_proxy.md @dianalogan /doc/api/deploy_keys.md @rdickenson /doc/api/deploy_tokens.md @rdickenson /doc/api/deployments.md @rdickenson /doc/api/discussions.md @aqualls /doc/api/dora/ @lciutacu +/doc/api/draft_notes.md @aqualls /doc/api/environments.md @rdickenson /doc/api/epic_issues.md @msedlakjakubowski /doc/api/epic_links.md @msedlakjakubowski /doc/api/epics.md @msedlakjakubowski -/doc/api/error_tracking.md @msedlakjakubowski +/doc/api/error_tracking.md @drcatherinepope /doc/api/events.md @eread /doc/api/experiments.md @phillipwells /doc/api/feature_flag_user_lists.md @rdickenson @@ -555,6 +527,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/api/freeze_periods.md @rdickenson /doc/api/geo_nodes.md @axil /doc/api/graphql/audit_report.md @eread +/doc/api/graphql/branch_rules.md @aqualls /doc/api/graphql/custom_emoji.md @msedlakjakubowski /doc/api/graphql/getting_started.md @ashrafkhamis /doc/api/graphql/index.md @ashrafkhamis @@ -567,6 +540,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/api/group_badges.md @lciutacu /doc/api/group_boards.md @msedlakjakubowski /doc/api/group_clusters.md @phillipwells +/doc/api/group_epic_boards.md @msedlakjakubowski /doc/api/group_import_export.md @eread /doc/api/group_iterations.md @msedlakjakubowski /doc/api/group_labels.md @msedlakjakubowski @@ -589,7 +563,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/api/issues_statistics.md @msedlakjakubowski /doc/api/iterations.md @msedlakjakubowski /doc/api/job_artifacts.md @marcel.amirault -/doc/api/jobs.md @marcel.amirault +/doc/api/jobs.md @drcatherinepope /doc/api/keys.md @aqualls /doc/api/labels.md @msedlakjakubowski /doc/api/license.md @fneill @@ -597,11 +571,12 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/api/lint.md @marcel.amirault /doc/api/managed_licenses.md @fneill /doc/api/markdown.md @msedlakjakubowski +/doc/api/member_roles.md @jglassman1 /doc/api/members.md @jglassman1 /doc/api/merge_request_approvals.md @aqualls /doc/api/merge_request_context_commits.md @aqualls /doc/api/merge_requests.md @aqualls -/doc/api/merge_trains.md @marcel.amirault +/doc/api/merge_trains.md @drcatherinepope /doc/api/metadata.md @phillipwells /doc/api/metrics_dashboard_annotations.md @msedlakjakubowski /doc/api/metrics_user_starred_dashboards.md @msedlakjakubowski @@ -611,14 +586,14 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/api/notification_settings.md @msedlakjakubowski /doc/api/oauth2.md @jglassman1 /doc/api/openapi/ @ashrafkhamis -/doc/api/packages.md @claytoncornell -/doc/api/packages/ @claytoncornell +/doc/api/packages.md @dianalogan +/doc/api/packages/ @dianalogan /doc/api/pages.md @ashrafkhamis /doc/api/pages_domains.md @ashrafkhamis /doc/api/personal_access_tokens.md @eread -/doc/api/pipeline_schedules.md @marcel.amirault -/doc/api/pipeline_triggers.md @marcel.amirault -/doc/api/pipelines.md @marcel.amirault +/doc/api/pipeline_schedules.md @drcatherinepope +/doc/api/pipeline_triggers.md @drcatherinepope +/doc/api/pipelines.md @drcatherinepope /doc/api/plan_limits.md @jglassman1 /doc/api/product_analytics.md @lciutacu /doc/api/project_access_tokens.md @jglassman1 @@ -648,6 +623,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/api/resource_milestone_events.md @msedlakjakubowski /doc/api/resource_state_events.md @msedlakjakubowski /doc/api/resource_weight_events.md @msedlakjakubowski +/doc/api/rest/ @ashrafkhamis /doc/api/runners.md @fneill /doc/api/saml.md @jglassman1 /doc/api/scim.md @jglassman1 @@ -668,61 +644,51 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/api/templates/licenses.md @rdickenson /doc/api/todos.md @msedlakjakubowski /doc/api/topics.md @lciutacu -/doc/api/usage_data.md @claytoncornell +/doc/api/usage_data.md @dianalogan /doc/api/users.md @jglassman1 /doc/api/version.md @phillipwells /doc/api/visual_review_discussions.md @marcel.amirault -/doc/api/vulnerabilities.md @claytoncornell -/doc/api/vulnerability_exports.md @claytoncornell -/doc/api/vulnerability_findings.md @claytoncornell +/doc/api/vulnerabilities.md @dianalogan +/doc/api/vulnerability_exports.md @dianalogan +/doc/api/vulnerability_findings.md @dianalogan /doc/api/wikis.md @ashrafkhamis /doc/architecture/blueprints/database/scalability/patterns/ @aqualls /doc/architecture/blueprints/database_scaling/ @aqualls -/doc/ci/ @marcel.amirault +/doc/ci/ @drcatherinepope /doc/ci/caching/ @marcel.amirault /doc/ci/chatops/ @phillipwells -/doc/ci/ci_cd_for_external_repos/ @marcel.amirault /doc/ci/cloud_deployment/ @rdickenson -/doc/ci/cloud_deployment/ecs/ @rdickenson /doc/ci/cloud_services/ @marcel.amirault -/doc/ci/cloud_services/aws/ @marcel.amirault -/doc/ci/cloud_services/azure/ @marcel.amirault -/doc/ci/cloud_services/google_cloud/ @marcel.amirault /doc/ci/directed_acyclic_graph/ @marcel.amirault -/doc/ci/docker/ @marcel.amirault /doc/ci/docker/using_docker_images.md @fneill /doc/ci/environments/ @rdickenson -/doc/ci/examples/ @marcel.amirault /doc/ci/examples/authenticating-with-hashicorp-vault/ @marcel.amirault /doc/ci/examples/deployment/ @rdickenson /doc/ci/examples/end_to_end_testing_webdriverio/ @marcel.amirault -/doc/ci/examples/laravel_with_gitlab_and_envoy/ @marcel.amirault -/doc/ci/examples/semantic-release.md @claytoncornell +/doc/ci/examples/semantic-release.md @dianalogan /doc/ci/interactive_web_terminal/ @fneill -/doc/ci/introduction/ @marcel.amirault -/doc/ci/jobs/ @marcel.amirault +/doc/ci/jobs/job_control.md @marcel.amirault /doc/ci/large_repositories/ @fneill +/doc/ci/lint.md @marcel.amirault /doc/ci/migration/ @marcel.amirault /doc/ci/pipeline_editor/ @marcel.amirault -/doc/ci/pipelines/ @marcel.amirault +/doc/ci/pipelines/downstream_pipelines.md @marcel.amirault +/doc/ci/pipelines/index.md @marcel.amirault +/doc/ci/pipelines/job_artifacts.md @marcel.amirault +/doc/ci/pipelines/pipeline_artifacts.md @marcel.amirault /doc/ci/quick_start/ @marcel.amirault /doc/ci/resource_groups/ @rdickenson /doc/ci/review_apps/ @marcel.amirault /doc/ci/runners/ @fneill -/doc/ci/runners/saas/ @fneill -/doc/ci/runners/saas/macos/ @fneill /doc/ci/secrets/ @marcel.amirault /doc/ci/secure_files/ @marcel.amirault /doc/ci/services/ @fneill -/doc/ci/ssh_keys/ @marcel.amirault /doc/ci/test_cases/ @msedlakjakubowski /doc/ci/testing/ @marcel.amirault /doc/ci/testing/code_quality.md @rdickenson -/doc/ci/triggers/ @marcel.amirault /doc/ci/variables/ @marcel.amirault /doc/ci/yaml/ @marcel.amirault /doc/development/application_limits.md @axil -/doc/development/approval_rules.md @aqualls /doc/development/audit_event_guide/ @eread /doc/development/auto_devops.md @phillipwells /doc/development/backend/ @sselhorn @@ -733,6 +699,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/development/cascading_settings.md @jglassman1 /doc/development/chatops_on_gitlabcom.md @phillipwells /doc/development/cicd/ @marcel.amirault +/doc/development/cicd/index.md @drcatherinepope /doc/development/code_intelligence/ @aqualls /doc/development/contributing/ @sselhorn /doc/development/database/ @aqualls @@ -741,11 +708,8 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/development/database_review.md @aqualls /doc/development/developing_with_solargraph.md @aqualls /doc/development/development_processes.md @sselhorn -/doc/development/diffs.md @aqualls /doc/development/distributed_tracing.md @msedlakjakubowski /doc/development/documentation/ @sselhorn -/doc/development/documentation/styleguide/ @sselhorn -/doc/development/documentation/topic_types/ @sselhorn /doc/development/elasticsearch.md @ashrafkhamis /doc/development/experiment_guide/ @phillipwells /doc/development/export_csv.md @eread @@ -765,7 +729,6 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/development/git_object_deduplication.md @eread /doc/development/gitaly.md @eread /doc/development/gitlab_flavored_markdown/ @ashrafkhamis -/doc/development/gitlab_flavored_markdown/specification_guide/ @ashrafkhamis /doc/development/gitlab_shell/ @aqualls /doc/development/graphql_guide/ @ashrafkhamis /doc/development/graphql_guide/batchloader.md @aqualls @@ -788,27 +751,24 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/development/logging.md @msedlakjakubowski /doc/development/maintenance_mode.md @axil /doc/development/merge_request_concepts/ @aqualls -/doc/development/merge_request_diffs.md @aqualls /doc/development/omnibus.md @axil -/doc/development/packages/ @claytoncornell +/doc/development/packages/ @dianalogan /doc/development/pages/ @ashrafkhamis /doc/development/permissions.md @jglassman1 /doc/development/policies.md @jglassman1 /doc/development/product_qualified_lead_guide/ @phillipwells -/doc/development/project_templates.md @lciutacu +/doc/development/project_templates.md @aqualls /doc/development/prometheus_metrics.md @msedlakjakubowski /doc/development/real_time.md @msedlakjakubowski /doc/development/rubocop_development_guide.md @sselhorn /doc/development/sec/ @rdickenson -/doc/development/sec/security_report_ingestion_overview.md @claytoncornell +/doc/development/sec/security_report_ingestion_overview.md @dianalogan /doc/development/secure_coding_guidelines.md @sselhorn -/doc/development/service_ping/ @claytoncornell -/doc/development/snowplow/ @claytoncornell -/doc/development/spam_protection_and_captcha/ @jglassman1 +/doc/development/service_ping/ @dianalogan +/doc/development/snowplow/ @dianalogan +/doc/development/spam_protection_and_captcha/ @phillipwells /doc/development/sql.md @aqualls /doc/development/testing_guide/ @sselhorn -/doc/development/testing_guide/contract/ @sselhorn -/doc/development/testing_guide/end_to_end/ @sselhorn /doc/development/value_stream_analytics.md @lciutacu /doc/development/value_stream_analytics/ @lciutacu /doc/development/wikis.md @ashrafkhamis @@ -820,11 +780,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/drawers/ @ashrafkhamis /doc/gitlab-basics/ @aqualls /doc/install/ @axil -/doc/install/aws/ @axil -/doc/install/azure/ @axil -/doc/install/google_cloud_platform/ @axil -/doc/install/migrate/ @axil -/doc/install/openshift_and_gitlab/ @axil +/doc/install/postgresql_extensions.md @aqualls /doc/integration/ @jglassman1 /doc/integration/advanced_search/ @ashrafkhamis /doc/integration/akismet.md @phillipwells @@ -838,16 +794,17 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/integration/jenkins.md @ashrafkhamis /doc/integration/jira/ @ashrafkhamis /doc/integration/mattermost/ @axil +/doc/integration/recaptcha.md @phillipwells /doc/integration/security_partners/ @rdickenson /doc/integration/slash_commands.md @ashrafkhamis /doc/integration/sourcegraph.md @aqualls /doc/integration/trello_power_up.md @ashrafkhamis /doc/integration/vault.md @phillipwells -/doc/operations/ @msedlakjakubowski +/doc/operations/error_tracking.md @drcatherinepope /doc/operations/feature_flags.md @rdickenson /doc/operations/incident_management/ @msedlakjakubowski +/doc/operations/index.md @msedlakjakubowski /doc/operations/metrics/ @msedlakjakubowski -/doc/operations/metrics/dashboards/ @msedlakjakubowski /doc/policy/ @axil /doc/raketasks/ @axil /doc/raketasks/generate_sample_prometheus_data.md @msedlakjakubowski @@ -856,24 +813,18 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/raketasks/x509_signatures.md @aqualls /doc/security/ @jglassman1 /doc/subscriptions/ @fneill -/doc/subscriptions/gitlab_com/ @fneill /doc/subscriptions/gitlab_dedicated/ @axil -/doc/subscriptions/self_managed/ @fneill /doc/topics/authentication/ @jglassman1 /doc/topics/autodevops/ @phillipwells -/doc/topics/autodevops/cloud_deployments/ @phillipwells /doc/topics/awesome_co.md @rdickenson /doc/topics/git/ @aqualls -/doc/topics/git/how_to_install_git/ @aqualls -/doc/topics/git/lfs/ @aqualls -/doc/topics/git/numerous_undo_possibilities_in_git/ @aqualls /doc/topics/gitlab_flow.md @aqualls /doc/topics/offline/ @axil /doc/topics/plan_and_track.md @msedlakjakubowski +/doc/topics/your_work.md @rdickenson /doc/tutorials/ @kpaizee /doc/update/ @axil /doc/update/background_migrations.md @aqualls -/doc/update/package/ @axil /doc/user/admin_area/analytics/ @lciutacu /doc/user/admin_area/broadcast_messages.md @phillipwells /doc/user/admin_area/credentials_inventory.md @jglassman1 @@ -891,7 +842,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/user/admin_area/reporting/spamcheck.md @axil /doc/user/admin_area/review_abuse_reports.md @jglassman1 /doc/user/admin_area/settings/account_and_limit_settings.md @aqualls -/doc/user/admin_area/settings/continuous_integration.md @marcel.amirault +/doc/user/admin_area/settings/continuous_integration.md @drcatherinepope /doc/user/admin_area/settings/deprecated_api_rate_limits.md @aqualls /doc/user/admin_area/settings/email.md @msedlakjakubowski /doc/user/admin_area/settings/external_authorization.md @jglassman1 @@ -902,63 +853,43 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/user/admin_area/settings/incident_management_rate_limits.md @msedlakjakubowski /doc/user/admin_area/settings/index.md @aqualls /doc/user/admin_area/settings/instance_template_repository.md @aqualls -/doc/user/admin_area/settings/package_registry_rate_limits.md @claytoncornell +/doc/user/admin_area/settings/package_registry_rate_limits.md @dianalogan /doc/user/admin_area/settings/project_integration_management.md @ashrafkhamis /doc/user/admin_area/settings/push_event_activities_limit.md @aqualls /doc/user/admin_area/settings/rate_limit_on_issues_creation.md @msedlakjakubowski /doc/user/admin_area/settings/rate_limit_on_notes_creation.md @msedlakjakubowski -/doc/user/admin_area/settings/rate_limit_on_pipelines_creation.md @marcel.amirault +/doc/user/admin_area/settings/rate_limit_on_pipelines_creation.md @drcatherinepope /doc/user/admin_area/settings/rate_limit_on_users_api.md @jglassman1 +/doc/user/admin_area/settings/scim_setup.md @jglassman1 /doc/user/admin_area/settings/terraform_limits.md @phillipwells /doc/user/admin_area/settings/third_party_offers.md @lciutacu -/doc/user/admin_area/settings/usage_statistics.md @claytoncornell +/doc/user/admin_area/settings/usage_statistics.md @dianalogan /doc/user/admin_area/settings/visibility_and_access_controls.md @aqualls /doc/user/analytics/ @lciutacu /doc/user/analytics/ci_cd_analytics.md @rdickenson -/doc/user/application_security/api_fuzzing/ @rdickenson -/doc/user/application_security/configuration/ @rdickenson -/doc/user/application_security/container_scanning/ @rdickenson -/doc/user/application_security/coverage_fuzzing/ @rdickenson -/doc/user/application_security/cve_id_request.md @claytoncornell -/doc/user/application_security/dast/ @rdickenson -/doc/user/application_security/dast/checks/ @rdickenson -/doc/user/application_security/dast_api/ @rdickenson -/doc/user/application_security/dependency_list/ @rdickenson -/doc/user/application_security/dependency_scanning/ @rdickenson -/doc/user/application_security/generate_test_vulnerabilities/ @claytoncornell -/doc/user/application_security/iac_scanning/ @rdickenson -/doc/user/application_security/index.md @rdickenson -/doc/user/application_security/offline_deployments/ @rdickenson -/doc/user/application_security/policies/ @claytoncornell -/doc/user/application_security/sast/ @rdickenson -/doc/user/application_security/secret_detection/ @rdickenson -/doc/user/application_security/security_dashboard/ @claytoncornell -/doc/user/application_security/terminology/ @rdickenson -/doc/user/application_security/vulnerabilities/ @claytoncornell -/doc/user/application_security/vulnerability_report/ @claytoncornell +/doc/user/application_security/ @rdickenson +/doc/user/application_security/cve_id_request.md @dianalogan +/doc/user/application_security/generate_test_vulnerabilities/ @dianalogan +/doc/user/application_security/policies/ @dianalogan +/doc/user/application_security/security_dashboard/ @dianalogan +/doc/user/application_security/vulnerabilities/ @dianalogan +/doc/user/application_security/vulnerability_report/ @dianalogan /doc/user/asciidoc.md @aqualls /doc/user/award_emojis.md @msedlakjakubowski /doc/user/clusters/ @phillipwells -/doc/user/clusters/agent/ @phillipwells -/doc/user/clusters/agent/gitops/ @phillipwells -/doc/user/clusters/agent/install/ @phillipwells -/doc/user/clusters/create/ @phillipwells /doc/user/compliance/ @eread -/doc/user/compliance/compliance_report/ @eread /doc/user/compliance/license_compliance/ @rdickenson /doc/user/crm/ @msedlakjakubowski /doc/user/discussions/ @aqualls +/doc/user/enterprise_user/ @jglassman1 /doc/user/feature_flags.md @sselhorn /doc/user/free_user_limit.md @phillipwells /doc/user/group/ @lciutacu /doc/user/group/clusters/ @phillipwells /doc/user/group/compliance_frameworks.md @eread -/doc/user/group/contribution_analytics/ @lciutacu /doc/user/group/custom_project_templates.md @eread -/doc/user/group/devops_adoption/ @lciutacu /doc/user/group/epics/ @msedlakjakubowski /doc/user/group/import/ @eread -/doc/user/group/insights/ @lciutacu /doc/user/group/issues_analytics/ @msedlakjakubowski /doc/user/group/iterations/ @msedlakjakubowski /doc/user/group/planning_hierarchy/ @msedlakjakubowski @@ -967,54 +898,31 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/user/group/roadmap/ @msedlakjakubowski /doc/user/group/saml_sso/ @jglassman1 /doc/user/group/settings/ @jglassman1 -/doc/user/group/subgroups/ @lciutacu -/doc/user/group/value_stream_analytics/ @lciutacu /doc/user/infrastructure/ @phillipwells -/doc/user/infrastructure/clusters/ @phillipwells -/doc/user/infrastructure/clusters/connect/ @phillipwells -/doc/user/infrastructure/clusters/deploy/ @phillipwells -/doc/user/infrastructure/clusters/manage/ @phillipwells -/doc/user/infrastructure/clusters/manage/management_project_applications/ @phillipwells /doc/user/infrastructure/clusters/manage/management_project_applications/runner.md @fneill -/doc/user/infrastructure/iac/ @phillipwells /doc/user/markdown.md @msedlakjakubowski /doc/user/namespace/ @lciutacu /doc/user/okrs.md @msedlakjakubowski /doc/user/operations_dashboard/ @rdickenson -/doc/user/packages/ @claytoncornell -/doc/user/packages/composer_repository/ @claytoncornell -/doc/user/packages/conan_repository/ @claytoncornell -/doc/user/packages/container_registry/ @claytoncornell -/doc/user/packages/debian_repository/ @claytoncornell -/doc/user/packages/dependency_proxy/ @claytoncornell -/doc/user/packages/generic_packages/ @claytoncornell -/doc/user/packages/go_proxy/ @claytoncornell -/doc/user/packages/gradle_repository/ @claytoncornell -/doc/user/packages/harbor_container_registry/ @claytoncornell -/doc/user/packages/helm_repository/ @claytoncornell -/doc/user/packages/infrastructure_registry/ @claytoncornell -/doc/user/packages/maven_repository/ @claytoncornell -/doc/user/packages/npm_registry/ @claytoncornell -/doc/user/packages/nuget_repository/ @claytoncornell -/doc/user/packages/package_registry/ @claytoncornell -/doc/user/packages/pypi_repository/ @claytoncornell -/doc/user/packages/rubygems_registry/ @claytoncornell -/doc/user/packages/terraform_module_registry/ @claytoncornell -/doc/user/packages/workflows/ @claytoncornell -/doc/user/packages/yarn_repository/ @claytoncornell +/doc/user/packages/ @dianalogan /doc/user/permissions.md @jglassman1 /doc/user/product_analytics/ @lciutacu /doc/user/profile/ @jglassman1 -/doc/user/profile/account/ @jglassman1 /doc/user/profile/contributions_calendar.md @lciutacu /doc/user/profile/notifications.md @msedlakjakubowski -/doc/user/project/ @aqualls +/doc/user/project/autocomplete_characters.md @aqualls +/doc/user/project/badges.md @lciutacu +/doc/user/project/changelogs.md @aqualls /doc/user/project/clusters/ @phillipwells -/doc/user/project/clusters/runbooks/ @phillipwells +/doc/user/project/code_intelligence.md @aqualls +/doc/user/project/code_owners.md @aqualls /doc/user/project/deploy_boards.md @rdickenson /doc/user/project/deploy_keys/ @rdickenson /doc/user/project/deploy_tokens/ @rdickenson /doc/user/project/description_templates.md @msedlakjakubowski +/doc/user/project/file_lock.md @aqualls +/doc/user/project/git_attributes.md @aqualls +/doc/user/project/highlighting.md @aqualls /doc/user/project/import/ @eread /doc/user/project/import/jira.md @msedlakjakubowski /doc/user/project/index.md @lciutacu @@ -1028,29 +936,23 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /doc/user/project/labels.md @msedlakjakubowski /doc/user/project/members/ @lciutacu /doc/user/project/merge_requests/ @aqualls -/doc/user/project/merge_requests/approvals/ @aqualls /doc/user/project/merge_requests/csv_export.md @eread -/doc/user/project/merge_requests/methods/ @aqualls -/doc/user/project/merge_requests/reviews/ @aqualls /doc/user/project/merge_requests/status_checks.md @eread /doc/user/project/milestones/ @msedlakjakubowski +/doc/user/project/organize_work_with_projects.md @lciutacu /doc/user/project/pages/ @ashrafkhamis -/doc/user/project/pages/custom_domains_ssl_tls_certification/ @ashrafkhamis -/doc/user/project/pages/getting_started/ @ashrafkhamis +/doc/user/project/protected_branches.md @aqualls +/doc/user/project/protected_tags.md @aqualls +/doc/user/project/push_options.md @aqualls /doc/user/project/quick_actions.md @msedlakjakubowski /doc/user/project/releases/ @rdickenson /doc/user/project/remote_development/ @ashrafkhamis /doc/user/project/repository/ @aqualls -/doc/user/project/repository/branches/ @aqualls /doc/user/project/repository/file_finder.md @ashrafkhamis -/doc/user/project/repository/gpg_signed_commits/ @aqualls -/doc/user/project/repository/jupyter_notebooks/ @aqualls /doc/user/project/repository/managing_large_repositories.md @axil -/doc/user/project/repository/mirror/ @aqualls /doc/user/project/repository/reducing_the_repo_size_using_git.md @eread -/doc/user/project/repository/ssh_signed_commits/ @aqualls +/doc/user/project/repository/vscode.md @ashrafkhamis /doc/user/project/repository/web_editor.md @ashrafkhamis -/doc/user/project/repository/x509_signed_commits/ @aqualls /doc/user/project/requirements/ @msedlakjakubowski /doc/user/project/service_desk.md @msedlakjakubowski /doc/user/project/settings/import_export.md @eread @@ -1103,8 +1005,10 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /app/controllers/concerns/enforces_two_factor_authentication.rb @gitlab-org/manage/authentication-and-authorization/approvers /app/controllers/concerns/oauth_applications.rb @gitlab-org/manage/authentication-and-authorization/approvers /app/controllers/concerns/project_unauthorized.rb @gitlab-org/manage/authentication-and-authorization/approvers +/app/models/concerns/require_email_verification.rb @gitlab-org/manage/authentication-and-authorization/approvers /app/controllers/concerns/sessionless_authentication.rb @gitlab-org/manage/authentication-and-authorization/approvers /app/controllers/concerns/snippet_authorizations.rb @gitlab-org/manage/authentication-and-authorization/approvers +/app/controllers/concerns/verifies_with_email.rb @gitlab-org/manage/authentication-and-authorization/approvers /app/controllers/concerns/workhorse_authorization.rb @gitlab-org/manage/authentication-and-authorization/approvers /app/controllers/groups/settings/access_tokens_controller.rb @gitlab-org/manage/authentication-and-authorization/approvers /app/controllers/ldap/ @gitlab-org/manage/authentication-and-authorization/approvers @@ -1116,6 +1020,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /app/controllers/profiles/two_factor_auths_controller.rb @gitlab-org/manage/authentication-and-authorization/approvers /app/controllers/profiles/webauthn_registrations_controller.rb @gitlab-org/manage/authentication-and-authorization/approvers /app/controllers/projects/settings/access_tokens_controller.rb @gitlab-org/manage/authentication-and-authorization/approvers +/app/controllers/sessions_controller.rb @gitlab-org/manage/authentication-and-authorization/approvers /app/finders/groups/projects_requiring_authorizations_refresh/ @gitlab-org/manage/authentication-and-authorization/approvers /app/finders/personal_access_tokens_finder.rb @gitlab-org/manage/authentication-and-authorization/approvers /app/helpers/access_tokens_helper.rb @gitlab-org/manage/authentication-and-authorization/approvers @@ -1152,8 +1057,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /app/services/todos/destroy/unauthorized_features_service.rb @gitlab-org/manage/authentication-and-authorization/approvers /app/services/users/authorized_build_service.rb @gitlab-org/manage/authentication-and-authorization/approvers /app/services/users/authorized_create_service.rb @gitlab-org/manage/authentication-and-authorization/approvers -/app/services/users/email_verification/generate_token_service.rb @gitlab-org/manage/authentication-and-authorization/approvers -/app/services/users/email_verification/validate_token_service.rb @gitlab-org/manage/authentication-and-authorization/approvers +/app/services/users/email_verification/ @gitlab-org/manage/authentication-and-authorization/approvers /app/services/users/refresh_authorized_projects_service.rb @gitlab-org/manage/authentication-and-authorization/approvers /app/services/webauthn/ @gitlab-org/manage/authentication-and-authorization/approvers /app/validators/json_schemas/cluster_agent_authorization_configuration.json @gitlab-org/manage/authentication-and-authorization/approvers @@ -1167,11 +1071,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /app/views/devise/mailer/password_change_by_admin.text.erb @gitlab-org/manage/authentication-and-authorization/approvers /app/views/devise/mailer/reset_password_instructions.html.haml @gitlab-org/manage/authentication-and-authorization/approvers /app/views/devise/mailer/reset_password_instructions.text.erb @gitlab-org/manage/authentication-and-authorization/approvers -/app/views/devise/passwords/ @gitlab-org/manage/authentication-and-authorization/approvers -/app/views/devise/shared/_omniauth_box.html.haml @gitlab-org/manage/authentication-and-authorization/approvers -/app/views/devise/shared/_signup_omniauth_provider_list.haml @gitlab-org/manage/authentication-and-authorization/approvers -/app/views/devise/shared/_signup_omniauth_providers.haml @gitlab-org/manage/authentication-and-authorization/approvers -/app/views/devise/shared/_signup_omniauth_providers_top.haml @gitlab-org/manage/authentication-and-authorization/approvers +/app/views/devise/**/ @gitlab-org/manage/authentication-and-authorization/approvers /app/views/doorkeeper/authorizations/ @gitlab-org/manage/authentication-and-authorization/approvers /app/views/doorkeeper/authorized_applications/ @gitlab-org/manage/authentication-and-authorization/approvers /app/views/errors/omniauth_error.html.haml @gitlab-org/manage/authentication-and-authorization/approvers @@ -1232,14 +1132,17 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /ee/app/controllers/ee/ldap/ @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/controllers/ee/omniauth_callbacks_controller.rb @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/controllers/ee/passwords_controller.rb @gitlab-org/manage/authentication-and-authorization/approvers +/ee/app/controllers/ee/sessions_controller.rb @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/controllers/groups/omniauth_callbacks_controller.rb @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/controllers/groups/scim_oauth_controller.rb @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/controllers/oauth/ @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/controllers/omniauth_kerberos_controller.rb @gitlab-org/manage/authentication-and-authorization/approvers +/ee/app/controllers/users/identity_verification_controller.rb @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/finders/auth/ @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/helpers/ee/access_tokens_helper.rb @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/helpers/ee/auth_helper.rb @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/helpers/ee/personal_access_tokens_helper.rb @gitlab-org/manage/authentication-and-authorization/approvers +/ee/app/models/concerns/identity_verifiable.rb @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/models/concerns/password_complexity.rb @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/models/ee/personal_access_token.rb @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/models/ee/project_authorization.rb @gitlab-org/manage/authentication-and-authorization/approvers @@ -1252,10 +1155,12 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /ee/app/services/ee/users/authorized_build_service.rb @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/services/personal_access_tokens/ @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/services/security/token_revocation_service.rb @gitlab-org/manage/authentication-and-authorization/approvers +/ee/app/services/users/email_verification/ @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/validators/password/ @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/views/admin/application_settings/_personal_access_token_expiration_policy.html.haml @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/views/credentials_inventory_mailer/personal_access_token_revoked_email.html.haml @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/views/credentials_inventory_mailer/personal_access_token_revoked_email.text.haml @gitlab-org/manage/authentication-and-authorization/approvers +/app/views/devise/**/ @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/views/groups/_personal_access_token_expiration_policy.html.haml @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/views/groups/sso/_authorize_pane.html.haml @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/views/notify/policy_revoked_personal_access_tokens_email.html.haml @gitlab-org/manage/authentication-and-authorization/approvers @@ -1263,9 +1168,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /ee/app/views/oauth/ @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/views/shared/_password_requirements_list.html.haml @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/views/shared/credentials_inventory/_personal_access_tokens.html.haml @gitlab-org/manage/authentication-and-authorization/approvers -/ee/app/views/shared/credentials_inventory/_project_access_tokens.html.haml @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/views/shared/credentials_inventory/personal_access_tokens/ @gitlab-org/manage/authentication-and-authorization/approvers -/ee/app/views/shared/credentials_inventory/project_access_tokens/ @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/workers/auth/ @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/workers/personal_access_tokens/ @gitlab-org/manage/authentication-and-authorization/approvers /ee/config/routes/oauth.rb @gitlab-org/manage/authentication-and-authorization/approvers @@ -1407,6 +1310,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /spec/views/projects/jobs/ @gitlab-org/maintainers/cicd-verify /spec/views/projects/pipeline_schedules/ @gitlab-org/maintainers/cicd-verify /spec/views/projects/pipelines/ @gitlab-org/maintainers/cicd-verify +/spec/views/projects/settings/ci_cd/ @gitlab-org/maintainers/cicd-verify /spec/workers/build_hooks_worker_spec.rb @gitlab-org/maintainers/cicd-verify /spec/workers/build_queue_worker_spec.rb @gitlab-org/maintainers/cicd-verify /spec/workers/build_success_worker_spec.rb @gitlab-org/maintainers/cicd-verify @@ -1430,11 +1334,8 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /ee/spec/services/system_notes/merge_train_service_spec.rb @gitlab-org/maintainers/cicd-verify /ee/spec/controllers/projects/subscriptions_controller_spec.rb @gitlab-org/maintainers/cicd-verify /ee/spec/helpers/ee/projects/pipeline_helper_spec.rb @gitlab-org/maintainers/cicd-verify -/ee/spec/views/projects/pipelines/ @gitlab-org/maintainers/cicd-verify -/ee/spec/views/projects/settings/ci_cd/ @gitlab-org/maintainers/cicd-verify /ee/spec/workers/clear_shared_runners_minutes_worker_spec.rb @gitlab-org/maintainers/cicd-verify /ee/spec/lib/**/ci/ @gitlab-org/maintainers/cicd-verify -/ee/spec/lib/ee/api/entities/merge_train_spec.rb @gitlab-org/maintainers/cicd-verify /**/javascripts/jobs/ @gitlab-org/ci-cd/verify/frontend /**/javascripts/pipelines/ @gitlab-org/ci-cd/verify/frontend /app/assets/javascripts/ci/ @gitlab-org/ci-cd/verify/frontend @@ -1452,7 +1353,7 @@ lib/api/entities/project.rb @gitlab-org/manage/manage-workspace/backend-approver ee/lib/ee/api/entities/project.rb @gitlab-org/manage/manage-workspace/backend-approvers [Compliance] -/ee/app/services/audit_events/build_service.rb @gitlab-org/govern/compliance +/app/services/audit_events/build_service.rb @gitlab-org/govern/compliance /ee/spec/services/audit_events/custom_audit_event_service_spec.rb @gitlab-org/govern/compliance /app/models/audit_event.rb @gitlab-org/govern/compliance /app/services/audit_event_service.rb @gitlab-org/govern/compliance @@ -1495,7 +1396,6 @@ ee/lib/ee/api/entities/project.rb @gitlab-org/manage/manage-workspace/backend-ap /ee/config/events/202108302307_profiles_controller_search_audit_event.yml @gitlab-org/govern/compliance /ee/config/events/202108302307_projects__audit_events_controller_search_audit_event.yml @gitlab-org/govern/compliance /ee/config/events/202111041910_admin__audit_logs_controller_search_audit_event.yml @gitlab-org/govern/compliance -/ee/config/feature_flags/development/audit_event_streaming_git_operations.yml @gitlab-org/govern/compliance /ee/config/feature_flags/development/audit_log_group_level.yml @gitlab-org/govern/compliance /ee/config/metrics/counts_28d/20210216183930_g_compliance_audit_events_monthly.yml @gitlab-org/govern/compliance /ee/config/metrics/counts_28d/20210216183934_i_compliance_audit_events_monthly.yml @gitlab-org/govern/compliance @@ -1509,11 +1409,8 @@ ee/lib/ee/api/entities/project.rb @gitlab-org/manage/manage-workspace/backend-ap /ee/config/metrics/counts_7d/20210216183940_a_compliance_audit_events_api_weekly.yml @gitlab-org/govern/compliance /ee/config/metrics/counts_all/20211130085433_g_manage_compliance_audit_event_destinations.yml @gitlab-org/govern/compliance /ee/lib/api/audit_events.rb @gitlab-org/govern/compliance -/ee/lib/audit/external_status_check_changes_auditor.rb @gitlab-org/govern/compliance -/ee/lib/audit/group_merge_request_approval_setting_changes_auditor.rb @gitlab-org/govern/compliance -/ee/lib/audit/group_push_rules_changes_auditor.rb @gitlab-org/govern/compliance +/ee/lib/audit/ @gitlab-org/govern/compliance /ee/lib/ee/api/entities/audit_event.rb @gitlab-org/govern/compliance -/ee/lib/ee/audit/ @gitlab-org/govern/compliance /ee/lib/ee/gitlab/audit/ @gitlab-org/govern/compliance /lib/gitlab/audit/auditor.rb @gitlab-org/govern/compliance /lib/gitlab/audit_json_logger.rb @gitlab-org/govern/compliance @@ -1522,3 +1419,7 @@ ee/lib/ee/api/entities/project.rb @gitlab-org/manage/manage-workspace/backend-ap /ee/app/assets/javascripts/usage_quotas/components/ @fulfillment-group/utilization-group/fe /ee/app/assets/javascripts/usage_quotas/seats/ @fulfillment-group/utilization-group/fe /ee/app/assets/javascripts/usage_quotas/storage/ @fulfillment-group/utilization-group/fe + +[Manage::Foundations] +/lib/sidebars/ @gitlab/ @gitlab-org/manage/foundations/engineering +/ee/lib/sidebars/ @gitlab-org/manage/foundations/engineering
\ No newline at end of file diff --git a/.gitlab/ci/as-if-jh.gitlab-ci.yml b/.gitlab/ci/as-if-jh.gitlab-ci.yml index 6019c8a9649..6bd46bee770 100644 --- a/.gitlab/ci/as-if-jh.gitlab-ci.yml +++ b/.gitlab/ci/as-if-jh.gitlab-ci.yml @@ -10,7 +10,7 @@ add-jh-files: extends: - .shared-as-if-jh - .as-if-jh:rules:prepare-as-if-jh - image: ${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION} + image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION} stage: prepare before_script: - source ./scripts/utils.sh @@ -38,12 +38,12 @@ prepare-as-if-jh-branch: needs: - add-jh-files script: + # Fetch for the history of the branch so it does not cause the following error: + # ! [remote rejected] ref -> ref (shallow update not allowed) + - git fetch --unshallow --filter=tree:0 origin "${CI_COMMIT_SHA}" - git checkout -b "${AS_IF_JH_BRANCH}" - git add ${JH_FILES_TO_COMMIT} - git commit -m 'Add JH files' # TODO: Mark which SHA we add - # Fetch for the history of the branch so it does not cause the following error: - # ! [remote rejected] ref -> ref (shallow update not allowed) - - git fetch --unshallow --filter=tree:0 origin "${CI_COMMIT_REF_NAME}" - git push -f "${SANDBOX_REPOSITORY}" "${AS_IF_JH_BRANCH}" start-as-if-jh: diff --git a/.gitlab/ci/build-images.gitlab-ci.yml b/.gitlab/ci/build-images.gitlab-ci.yml index 05748cff266..4ee15ccb311 100644 --- a/.gitlab/ci/build-images.gitlab-ci.yml +++ b/.gitlab/ci/build-images.gitlab-ci.yml @@ -27,6 +27,34 @@ build-qa-image as-if-foss: extends: - build-qa-image - .as-if-foss + - .build-images:rules:build-qa-image-as-if-foss + +# Prepares an image with GDK configured based on code in master. This saves some time in MRs because some installation +# and complilation will have already been performed. +build-qa-on-gdk-master-image: + extends: + - .base-image-build-buildx + - .build-images:rules:build-qa-on-gdk-master-image + tags: + - e2e + stage: build-images + needs: [] + variables: + QA_GDK_IMAGE: "${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab-qa-gdk" + before_script: + - !reference [.use-buildx, before_script] + - sysctl -n -w fs.inotify.max_user_watches=524288 + script: + - | + docker buildx build \ + --cache-to=type=inline \ + --cache-from ${QA_GDK_IMAGE}:master \ + --platform=${ARCH:-amd64} \ + --add-host gdk.test:127.0.0.1 \ + --tag ${QA_GDK_IMAGE}:master \ + --file="qa/gdk/Dockerfile" \ + --push \ + ${CI_PROJECT_DIR} build-assets-image: extends: diff --git a/.gitlab/ci/caching.gitlab-ci.yml b/.gitlab/ci/caching.gitlab-ci.yml index 6a13fc3c56f..31975e481bc 100644 --- a/.gitlab/ci/caching.gitlab-ci.yml +++ b/.gitlab/ci/caching.gitlab-ci.yml @@ -47,16 +47,15 @@ cache-assets:test as-if-foss: - .as-if-foss cache-assets:production: - extends: .cache-assets-base - variables: - NODE_ENV: "production" - RAILS_ENV: "production" + extends: + - .cache-assets-base + - .production packages-cleanup: extends: - .default-retry - .caching:rules:packages-cleanup - image: ${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION} + image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION} stage: prepare before_script: - source scripts/utils.sh diff --git a/.gitlab/ci/database.gitlab-ci.yml b/.gitlab/ci/database.gitlab-ci.yml new file mode 100644 index 00000000000..ace968ec249 --- /dev/null +++ b/.gitlab/ci/database.gitlab-ci.yml @@ -0,0 +1,118 @@ +include: + - local: .gitlab/ci/rails/shared.gitlab-ci.yml + +db:rollback: + extends: + - .db-job-base + - .rails:rules:db-rollback + script: + - scripts/db_tasks db:migrate VERSION=20220502173045 # 14.10 (last 14.x version) + - scripts/db_tasks db:migrate + +db:rollback single-db: + extends: + - db:rollback + - .single-db + - .rails:rules:single-db + +db:migrate:reset: + extends: .db-job-base + script: + - bundle exec rake db:migrate:reset + +db:migrate:reset single-db: + extends: + - db:migrate:reset + - .single-db + - .rails:rules:single-db + +db:check-schema: + extends: + - .db-job-base + - .rails:rules:ee-mr-and-default-branch-only + script: + - run_timed_command "bundle exec rake db:drop db:create" + - run_timed_command "scripts/db_tasks db:migrate" + +db:check-schema-single-db: + extends: + - db:check-schema + - .single-db + - .rails:rules:single-db + +db:check-migrations: + extends: + - .db-job-base + - .rails:rules:ee-and-foss-mr-with-migration + script: + - git fetch origin $CI_MERGE_REQUEST_TARGET_BRANCH_NAME:$CI_MERGE_REQUEST_TARGET_BRANCH_NAME --depth 20 + - scripts/validate_migration_schema + allow_failure: true + +db:check-migrations-single-db: + extends: + - db:check-migrations + - .single-db + - .rails:rules:db:check-migrations-single-db + +db:post_deployment_migrations_validator: + extends: + - .db-job-base + - .rails:rules:ee-and-foss-mr-with-migration + script: + - git fetch origin $CI_MERGE_REQUEST_TARGET_BRANCH_NAME:$CI_MERGE_REQUEST_TARGET_BRANCH_NAME --depth 20 + - scripts/post_deployment_migrations_validator + allow_failure: true + +db:post_deployment_migrations_validator-single-db: + extends: + - db:post_deployment_migrations_validator + - .single-db + - .rails:rules:db:check-migrations-single-db + +db:migrate-non-superuser: + extends: + - .db-job-base + - .rails:rules:ee-and-foss-mr-with-migration + script: + - bundle exec rake gitlab:db:reset_as_non_superuser + +db:gitlabcom-database-testing: + extends: .rails:rules:db:gitlabcom-database-testing + stage: test + image: ruby:${RUBY_VERSION}-alpine + needs: [] + allow_failure: true + script: + - source scripts/utils.sh + - install_gitlab_gem + - ./scripts/trigger-build.rb gitlab-com-database-testing + +db:backup_and_restore: + extends: + - .db-job-base + - .rails:rules:db-backup + variables: + SETUP_DB: "false" + GITLAB_ASSUME_YES: "1" + script: + - . scripts/prepare_build.sh + - bundle exec rake db:drop db:create db:structure:load db:seed_fu + - mkdir -p tmp/tests/public/uploads tmp/tests/{artifacts,pages,lfs-objects,terraform_state,registry,packages} + - bundle exec rake gitlab:backup:create + - date + - bundle exec rake gitlab:backup:restore + +db:backup_and_restore single-db: + extends: + - db:backup_and_restore + - .single-db + - .rails:rules:db-backup + +db:rollback geo: + extends: + - db:rollback + - .rails:rules:ee-only-migration + script: + - bundle exec rake db:migrate:geo VERSION=20170627195211 + - bundle exec rake db:migrate:geo diff --git a/.gitlab/ci/dev-fixtures.gitlab-ci.yml b/.gitlab/ci/dev-fixtures.gitlab-ci.yml index ea868ada621..0ff469d7114 100644 --- a/.gitlab/ci/dev-fixtures.gitlab-ci.yml +++ b/.gitlab/ci/dev-fixtures.gitlab-ci.yml @@ -16,7 +16,7 @@ .run-dev-fixtures-script: &run-dev-fixtures-script - run_timed_command "scripts/gitaly-test-spawn" - - run_timed_command "RAILS_ENV=test bundle exec rake db:seed_fu" + - run_timed_command "bundle exec rake db:seed_fu" run-dev-fixtures: extends: diff --git a/.gitlab/ci/docs.gitlab-ci.yml b/.gitlab/ci/docs.gitlab-ci.yml index 02fc58f8580..b404444f815 100644 --- a/.gitlab/ci/docs.gitlab-ci.yml +++ b/.gitlab/ci/docs.gitlab-ci.yml @@ -42,7 +42,7 @@ review-docs-cleanup: docs-lint links: extends: - .docs:rules:docs-lint - image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-docs/lint-html:alpine-3.16-ruby-2.7.6-0bc327a4 + image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-docs/lint-html:alpine-3.16-ruby-3.0.5-869cfc5d stage: lint needs: [] script: @@ -58,18 +58,31 @@ docs-lint links: .docs-markdown-lint-image: # When updating the image version here, update it in /scripts/lint-doc.sh too. - image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-docs/lint-markdown:alpine-3.16-vale-2.20.1-markdownlint-0.32.2 + image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-docs/lint-markdown:alpine-3.16-vale-2.22.0-markdownlint-0.32.2-markdownlint2-0.6.0 docs-lint markdown: extends: - .default-retry - .docs:rules:docs-lint - .docs-markdown-lint-image + - .yarn-cache stage: lint needs: [] script: + - source ./scripts/utils.sh + - yarn_install_script - scripts/lint-doc.sh +docs-lint blueprint: + extends: + - .default-retry + - .docs:rules:docs-blueprints-lint + image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION}-slim + stage: lint + needs: [] + script: + - scripts/lint-docs-blueprints.rb + docs code_quality: extends: - .reports:rules:code_quality diff --git a/.gitlab/ci/frontend.gitlab-ci.yml b/.gitlab/ci/frontend.gitlab-ci.yml index 0c9cdc28136..2e0d83187cf 100644 --- a/.gitlab/ci/frontend.gitlab-ci.yml +++ b/.gitlab/ci/frontend.gitlab-ci.yml @@ -33,10 +33,8 @@ compile-production-assets: extends: - .compile-assets-base + - .production - .frontend:rules:compile-production-assets - variables: - NODE_ENV: "production" - RAILS_ENV: "production" artifacts: name: webpack-report expire_in: 31d @@ -131,7 +129,7 @@ rspec-all frontend_fixture: needs: - !reference [.frontend-fixtures-base, needs] - "compile-test-assets" - parallel: 5 + parallel: 7 # Builds FOSS fixtures in the EE project, with the `ee/` folder removed (due to `as-if-foss`). rspec-all frontend_fixture as-if-foss: @@ -202,7 +200,7 @@ jest: - tmp/tests/frontend/ reports: junit: junit_jest.xml - parallel: 5 + parallel: 7 jest predictive: extends: @@ -220,7 +218,7 @@ jest as-if-foss: - .frontend:rules:jest:as-if-foss - .as-if-foss needs: ["rspec-all frontend_fixture as-if-foss"] - parallel: 2 + parallel: 4 jest predictive as-if-foss: extends: diff --git a/.gitlab/ci/global.gitlab-ci.yml b/.gitlab/ci/global.gitlab-ci.yml index 90f00c887f7..ba623ef4cbe 100644 --- a/.gitlab/ci/global.gitlab-ci.yml +++ b/.gitlab/ci/global.gitlab-ci.yml @@ -21,6 +21,12 @@ - !reference [.default-utils-before_script, before_script] - source scripts/prepare_build.sh +.production: + variables: + RAILS_ENV: "production" + NODE_ENV: "production" + GITLAB_ALLOW_SEPARATE_CI_DATABASE: "true" + .ruby-gems-cache: &ruby-gems-cache key: "ruby-gems-debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}" paths: @@ -257,9 +263,13 @@ - name: redis:5.0-alpine - name: elasticsearch:7.17.6 command: ["elasticsearch", "-E", "discovery.type=single-node", "-E", "xpack.security.enabled=false"] + - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:zoekt-ci-image-1.0 + alias: zoekt-ci-image variables: POSTGRES_HOST_AUTH_METHOD: trust PG_VERSION: "11" + ZOEKT_INDEX_BASE_URL: http://zoekt-ci-image:6060 + ZOEKT_SEARCH_BASE_URL: http://zoekt-ci-image:6070 .use-pg12-es7-ee: services: @@ -268,9 +278,13 @@ - name: redis:6.0-alpine - name: elasticsearch:7.17.6 command: ["elasticsearch", "-E", "discovery.type=single-node", "-E", "xpack.security.enabled=false"] + - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:zoekt-ci-image-1.0 + alias: zoekt-ci-image variables: POSTGRES_HOST_AUTH_METHOD: trust PG_VERSION: "12" + ZOEKT_INDEX_BASE_URL: http://zoekt-ci-image:6060 + ZOEKT_SEARCH_BASE_URL: http://zoekt-ci-image:6070 .use-pg13-es7-ee: services: @@ -279,9 +293,13 @@ - name: redis:6.2-alpine - name: elasticsearch:7.17.6 command: ["elasticsearch", "-E", "discovery.type=single-node", "-E", "xpack.security.enabled=false"] + - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:zoekt-ci-image-1.0 + alias: zoekt-ci-image variables: POSTGRES_HOST_AUTH_METHOD: trust PG_VERSION: "13" + ZOEKT_INDEX_BASE_URL: http://zoekt-ci-image:6060 + ZOEKT_SEARCH_BASE_URL: http://zoekt-ci-image:6070 .use-pg12-es8-ee: services: @@ -289,11 +307,15 @@ command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] - name: redis:6.0-alpine - name: elasticsearch:8.5.3 + - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:zoekt-ci-image-1.0 + alias: zoekt-ci-image variables: POSTGRES_HOST_AUTH_METHOD: trust PG_VERSION: "12" ES_SETTING_DISCOVERY_TYPE: "single-node" ES_SETTING_XPACK_SECURITY_ENABLED: "false" + ZOEKT_INDEX_BASE_URL: http://zoekt-ci-image:6060 + ZOEKT_SEARCH_BASE_URL: http://zoekt-ci-image:6070 .use-pg12-opensearch1-ee: services: @@ -303,9 +325,13 @@ - name: opensearchproject/opensearch:1.3.5 alias: elasticsearch command: ["bin/opensearch", "-E", "discovery.type=single-node", "-E", "plugins.security.disabled=true"] + - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:zoekt-ci-image-1.0 + alias: zoekt-ci-image variables: POSTGRES_HOST_AUTH_METHOD: trust PG_VERSION: "12" + ZOEKT_INDEX_BASE_URL: http://zoekt-ci-image:6060 + ZOEKT_SEARCH_BASE_URL: http://zoekt-ci-image:6070 .use-pg12-opensearch2-ee: services: @@ -315,9 +341,13 @@ - name: opensearchproject/opensearch:2.2.1 alias: elasticsearch command: ["bin/opensearch", "-E", "discovery.type=single-node", "-E", "plugins.security.disabled=true"] + - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:zoekt-ci-image-1.0 + alias: zoekt-ci-image variables: POSTGRES_HOST_AUTH_METHOD: trust PG_VERSION: "12" + ZOEKT_INDEX_BASE_URL: http://zoekt-ci-image:6060 + ZOEKT_SEARCH_BASE_URL: http://zoekt-ci-image:6070 .use-kaniko: image: diff --git a/.gitlab/ci/memory.gitlab-ci.yml b/.gitlab/ci/memory.gitlab-ci.yml index efdae0715aa..5d6b90d107d 100644 --- a/.gitlab/ci/memory.gitlab-ci.yml +++ b/.gitlab/ci/memory.gitlab-ci.yml @@ -19,12 +19,11 @@ memory-on-boot: extends: - .only-code-memory-job-base + - .production - .use-pg12 stage: test needs: ["setup-test-env", "compile-test-assets"] variables: - NODE_ENV: "production" - RAILS_ENV: "production" SETUP_DB: "true" MEMORY_ON_BOOT_FILE_PREFIX: "tmp/memory_on_boot_" TEST_COUNT: 5 diff --git a/.gitlab/ci/notify.gitlab-ci.yml b/.gitlab/ci/notify.gitlab-ci.yml index 638e1cd8bd8..20f19978022 100644 --- a/.gitlab/ci/notify.gitlab-ci.yml +++ b/.gitlab/ci/notify.gitlab-ci.yml @@ -55,13 +55,14 @@ notify-pipeline-failure: script: - | if [[ "${CREATE_INCIDENT_FOR_PIPELINE_FAILURE}" == "true" ]]; then - scripts/create-pipeline-failure-incident.rb -p ${INCIDENT_PROJECT} -f ${INCIDENT_JSON} -t ${BROKEN_BRANCH_PROJECT_TOKEN}; + scripts/create-pipeline-failure-incident.rb -p ${INCIDENT_PROJECT} -f ${INCIDENT_JSON} -t ${BROKEN_BRANCH_PROJECT_TOKEN} || + scripts/slack ${SLACK_CHANNEL} "☠️ Broken pipeline incident creation failed! ☠️ See ${CI_JOB_URL}" ci_failing "Failed pipeline reporter"; echosuccess "Created incident $(jq '.web_url' ${INCIDENT_JSON})"; fi - | scripts/generate-failed-pipeline-slack-message.rb -i ${INCIDENT_JSON} -f ${FAILED_PIPELINE_SLACK_MESSAGE_FILE}; curl -X POST -H 'Content-Type: application/json' --data @${FAILED_PIPELINE_SLACK_MESSAGE_FILE} "$CI_SLACK_WEBHOOK_URL" || - scripts/slack ${SLACK_CHANNEL} "☠️ Broken pipeline notification failed! ☠️ See ${CI_JOB_URL}" ci_failing "Failed pipeline reporter" + scripts/slack ${SLACK_CHANNEL} "☠️ Broken pipeline notification failed! ☠️ See ${CI_JOB_URL}" ci_failing "Failed pipeline reporter"; artifacts: paths: diff --git a/.gitlab/ci/package-and-test/main.gitlab-ci.yml b/.gitlab/ci/package-and-test/main.gitlab-ci.yml index 48059d9518f..0d30cb78be7 100644 --- a/.gitlab/ci/package-and-test/main.gitlab-ci.yml +++ b/.gitlab/ci/package-and-test/main.gitlab-ci.yml @@ -1,4 +1,5 @@ # E2E tests pipeline loaded dynamically by script: scripts/generate-e2e-pipeline +# For adding new tests, refer to: doc/development/testing_guide/end_to_end/package_and_test_pipeline.md default: interruptible: true @@ -7,7 +8,7 @@ include: - local: .gitlab/ci/package-and-test/rules.gitlab-ci.yml - local: .gitlab/ci/package-and-test/variables.gitlab-ci.yml - project: gitlab-org/quality/pipeline-common - ref: 1.14.1 + ref: 2.0.0 file: - /ci/base.gitlab-ci.yml - /ci/allure-report.yml @@ -57,15 +58,16 @@ stages: optional: true - job: download-knapsack-report artifacts: true + optional: true variables: QA_GENERATE_ALLURE_REPORT: "true" QA_CAN_TEST_PRAEFECT: "false" QA_INTERCEPT_REQUESTS: "true" QA_RUN_TYPE: e2e-package-and-test - TEST_LICENSE_MODE: $QA_TEST_LICENSE_MODE EE_LICENSE: $QA_EE_LICENSE GITHUB_ACCESS_TOKEN: $QA_GITHUB_ACCESS_TOKEN GITLAB_QA_ADMIN_ACCESS_TOKEN: $QA_ADMIN_ACCESS_TOKEN + GITLAB_LICENSE_MODE: test # ========================================== # Prepare stage @@ -161,7 +163,7 @@ trigger-omnibus: download-knapsack-report: extends: - .gitlab-qa-image - - .rules:prepare + - .rules:download-knapsack stage: .pre variables: KNAPSACK_DIR: ${CI_PROJECT_DIR}/qa/knapsack @@ -216,13 +218,13 @@ _ee:quarantine: # ------------------------------------------ # Run specs with feature flags set to the opposite of the default state -ee:instance-parallel-ff-inverse: +ee:instance-ff-inverse: extends: - .qa - .parallel variables: QA_SCENARIO: Test::Instance::Image - QA_KNAPSACK_REPORT_NAME: ee-instance-parallel + QA_KNAPSACK_REPORT_NAME: ee-instance GITLAB_QA_OPTS: --set-feature-flags $QA_FEATURE_FLAGS rules: - !reference [.rules:test:feature-flags-set, rules] @@ -230,140 +232,141 @@ ee:instance-parallel-ff-inverse: # ------------------------------------------ # Jobs with parallel variant # ------------------------------------------ -ee:instance: +ee:instance-selective: extends: .qa variables: QA_SCENARIO: Test::Instance::Image rules: - - !reference [.rules:test:qa-non-parallel, rules] + - !reference [.rules:test:qa-selective, rules] - if: $QA_SUITES =~ /Test::Instance::All/ -ee:instance-parallel: +ee:instance: extends: - .parallel - - ee:instance + - ee:instance-selective rules: - - !reference [.rules:test:feature-flags-set, rules] # always run instance-parallel to validate ff change + - !reference [.rules:test:feature-flags-set, rules] # always run ee:instance to validate ff change - !reference [.rules:test:qa-parallel, rules] - if: $QA_SUITES =~ /Test::Instance::All/ -ee:praefect: +ee:praefect-selective: extends: .qa variables: QA_SCENARIO: Test::Integration::Praefect QA_CAN_TEST_PRAEFECT: "true" rules: - - !reference [.rules:test:qa-non-parallel, rules] + - !reference [.rules:test:qa-selective, rules] - if: $QA_SUITES =~ /Test::Instance::All/ -ee:praefect-parallel: +ee:praefect: extends: - .parallel - - ee:praefect + - ee:praefect-selective rules: - !reference [.rules:test:qa-parallel, rules] - if: $QA_SUITES =~ /Test::Instance::All/ -ee:relative-url: +ee:relative-url-selective: extends: .qa variables: QA_SCENARIO: Test::Instance::RelativeUrl rules: - - !reference [.rules:test:qa-non-parallel, rules] + - !reference [.rules:test:qa-selective, rules] - if: $QA_SUITES =~ /Test::Instance::All/ -ee:relative-url-parallel: +ee:relative-url: extends: - .parallel - - ee:relative-url + - ee:relative-url-selective rules: - !reference [.rules:test:qa-parallel, rules] - if: $QA_SUITES =~ /Test::Instance::All/ -ee:decomposition-single-db: +ee:decomposition-single-db-selective: extends: .qa variables: QA_SCENARIO: Test::Instance::Image GITLAB_QA_OPTS: --omnibus-config decomposition_single_db rules: - - !reference [.rules:test:qa-non-parallel, rules] + - !reference [.rules:test:qa-selective, rules] - if: $QA_SUITES =~ /Test::Instance::All/ -ee:decomposition-single-db-parallel: +ee:decomposition-single-db: extends: - .parallel - - ee:decomposition-single-db + - ee:decomposition-single-db-selective rules: - !reference [.rules:test:qa-parallel, rules] - if: $QA_SUITES =~ /Test::Instance::All/ -ee:decomposition-multiple-db: +ee:decomposition-multiple-db-selective: extends: .qa variables: QA_SCENARIO: Test::Instance::Image + GITLAB_ALLOW_SEPARATE_CI_DATABASE: "true" GITLAB_QA_OPTS: --omnibus-config decomposition_multiple_db rules: - - !reference [.rules:test:qa-non-parallel, rules] + - !reference [.rules:test:qa-selective, rules] - if: $QA_SUITES =~ /Test::Instance::All/ -ee:decomposition-multiple-db-parallel: +ee:decomposition-multiple-db: extends: - .parallel - - ee:decomposition-multiple-db + - ee:decomposition-multiple-db-selective rules: - !reference [.rules:test:qa-parallel, rules] - if: $QA_SUITES =~ /Test::Instance::All/ -ee:object-storage: +ee:object-storage-selective: extends: .qa variables: QA_SCENARIO: Test::Instance::Image QA_RSPEC_TAGS: --tag object_storage GITLAB_QA_OPTS: --omnibus-config object_storage rules: - - !reference [.rules:test:qa-non-parallel, rules] + - !reference [.rules:test:qa-selective, rules] - if: $QA_SUITES =~ /Test::Instance::ObjectStorage/ -ee:object-storage-parallel: - extends: ee:object-storage +ee:object-storage: + extends: ee:object-storage-selective parallel: 2 rules: - !reference [.rules:test:qa-parallel, rules] - if: $QA_SUITES =~ /Test::Instance::ObjectStorage/ -ee:object-storage-aws: - extends: ee:object-storage +ee:object-storage-aws-selective: + extends: ee:object-storage-selective variables: AWS_S3_ACCESS_KEY: $QA_AWS_S3_ACCESS_KEY AWS_S3_BUCKET_NAME: $QA_AWS_S3_BUCKET_NAME AWS_S3_KEY_ID: $QA_AWS_S3_KEY_ID AWS_S3_REGION: $QA_AWS_S3_REGION GITLAB_QA_OPTS: --omnibus-config object_storage_aws -ee:object-storage-aws-parallel: - extends: ee:object-storage-aws +ee:object-storage-aws: + extends: ee:object-storage-aws-selective parallel: 2 rules: - - !reference [ee:object-storage-parallel, rules] + - !reference [ee:object-storage, rules] -ee:object-storage-gcs: - extends: ee:object-storage +ee:object-storage-gcs-selective: + extends: ee:object-storage-selective variables: GCS_BUCKET_NAME: $QA_GCS_BUCKET_NAME GOOGLE_PROJECT: $QA_GOOGLE_PROJECT GOOGLE_JSON_KEY: $QA_GOOGLE_JSON_KEY GOOGLE_CLIENT_EMAIL: $QA_GOOGLE_CLIENT_EMAIL GITLAB_QA_OPTS: --omnibus-config object_storage_gcs -ee:object-storage-gcs-parallel: - extends: ee:object-storage-gcs +ee:object-storage-gcs: + extends: ee:object-storage-gcs-selective parallel: 2 rules: - - !reference [ee:object-storage-parallel, rules] + - !reference [ee:object-storage, rules] -ee:packages: +ee:packages-selective: extends: .qa variables: QA_SCENARIO: Test::Instance::Image QA_RSPEC_TAGS: --tag packages GITLAB_QA_OPTS: --omnibus-config packages rules: - - !reference [.rules:test:qa-non-parallel, rules] + - !reference [.rules:test:qa-selective, rules] - if: $QA_SUITES =~ /Test::Instance::Packages/ -ee:packages-parallel: - extends: ee:packages +ee:packages: + extends: ee:packages-selective parallel: 2 rules: - !reference [.rules:test:qa-parallel, rules] @@ -440,7 +443,7 @@ ee:jira: JIRA_ADMIN_PASSWORD: $QA_JIRA_ADMIN_PASSWORD rules: - !reference [.rules:test:qa, rules] - - if: $QA_SUITES =~ /Test::Instance::Jira/ + - if: $QA_SUITES =~ /Test::Integration::Jira/ - !reference [.rules:test:manual, rules] ee:integrations: @@ -485,7 +488,7 @@ ee:mtls: QA_SCENARIO: Test::Integration::MTLS rules: - !reference [.rules:test:qa, rules] - - if: $QA_SUITES =~ /Test::Integration::MTLS/ + - if: $QA_SUITES =~ /Test::Integration::Mtls/ - !reference [.rules:test:manual, rules] ee:mattermost: @@ -584,7 +587,6 @@ ee:elasticsearch: variables: QA_SCENARIO: "Test::Integration::Elasticsearch" before_script: - - unset ELASTIC_URL # unset url which is globally defined in .gitlab-ci.yml - !reference [.qa, before_script] rules: - !reference [.rules:test:qa, rules] @@ -592,7 +594,7 @@ ee:elasticsearch: - !reference [.rules:test:manual, rules] ee:registry-object-storage-tls: - extends: ee:object-storage-aws + extends: ee:object-storage-aws-selective variables: QA_SCENARIO: Test::Integration::RegistryTLS QA_RSPEC_TAGS: "" @@ -619,16 +621,11 @@ e2e-test-report: - .rules:report:allure-report stage: report variables: - GITLAB_AUTH_TOKEN: $GITLAB_QA_MR_ALLURE_REPORT_TOKEN + GITLAB_AUTH_TOKEN: $PROJECT_TOKEN_FOR_CI_SCRIPTS_API_USAGE ALLURE_PROJECT_PATH: $CI_PROJECT_PATH ALLURE_MERGE_REQUEST_IID: $CI_MERGE_REQUEST_IID ALLURE_JOB_NAME: e2e-package-and-test GIT_STRATEGY: none - artifacts: # save rspec results for displaying in parent pipeline - expire_in: 1 day - when: always - paths: - - gitlab-qa-run-*/**/rspec-*.xml upload-knapsack-report: extends: @@ -658,7 +655,7 @@ relate-test-failures: variables: QA_FAILURES_REPORTING_PROJECT: gitlab-org/gitlab QA_FAILURES_MAX_DIFF_RATIO: "0.15" - GITLAB_QA_ACCESS_TOKEN: $GITLAB_QA_PRODUCTION_ACCESS_TOKEN + GITLAB_QA_ACCESS_TOKEN: $QA_GITLAB_CI_TOKEN when: on_failure script: - | diff --git a/.gitlab/ci/package-and-test/rules.gitlab-ci.yml b/.gitlab/ci/package-and-test/rules.gitlab-ci.yml index 64d56cec21a..50b07589040 100644 --- a/.gitlab/ci/package-and-test/rules.gitlab-ci.yml +++ b/.gitlab/ci/package-and-test/rules.gitlab-ci.yml @@ -43,9 +43,9 @@ .rules:dont-interrupt: rules: - - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH + - if: '$CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH && $CI_MERGE_REQUEST_IID == null' allow_failure: true - - if: $CI_MERGE_REQUEST_IID + - if: '$CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached"' when: manual allow_failure: true @@ -61,6 +61,15 @@ when: never - when: always +# This job requires project access token with api permissions to detect parallel jobs, +# it is problematic to set for every project that would include this template +# Because parallel jobs themselves can download knapsack report, skip for non canonical runs +.rules:download-knapsack: + rules: + - <<: *not-canonical-project + when: never + - when: always + # ------------------------------------------ # Test # ------------------------------------------ @@ -80,7 +89,7 @@ # parallel and non parallel rules are used for jobs that require parallel execution and thus need to switch # between parallel and non parallel when only certain specs are executed -.rules:test:qa-non-parallel: +.rules:test:qa-selective: rules: # always run parallel with full suite when framework changes present or ff state changed - <<: *qa-run-all-tests diff --git a/.gitlab/ci/package-and-test/variables.gitlab-ci.yml b/.gitlab/ci/package-and-test/variables.gitlab-ci.yml index 838de6bdd3a..c45807e5a23 100644 --- a/.gitlab/ci/package-and-test/variables.gitlab-ci.yml +++ b/.gitlab/ci/package-and-test/variables.gitlab-ci.yml @@ -10,3 +10,6 @@ variables: QA_LOG_LEVEL: "info" QA_TESTS: "" QA_FEATURE_FLAGS: "" + # run all tests by default when package-and-test is included natively in other projects + # this will be overridden when selective test execution is used in gitlab canonical project + QA_RUN_ALL_TESTS: "true" diff --git a/.gitlab/ci/preflight.gitlab-ci.yml b/.gitlab/ci/preflight.gitlab-ci.yml new file mode 100644 index 00000000000..05b05fde53b --- /dev/null +++ b/.gitlab/ci/preflight.gitlab-ci.yml @@ -0,0 +1,14 @@ +rails-production-environment: + extends: + - .default-before_script + - .production + - .ruby-cache + - .setup:rules:rails-production-environment + - .use-pg12 + stage: preflight + variables: + BUNDLE_WITHOUT: "development:test" + BUNDLE_WITH: "production" + needs: [] + script: + - bundle exec rails runner --environment=production 'puts Rails.env' diff --git a/.gitlab/ci/qa.gitlab-ci.yml b/.gitlab/ci/qa.gitlab-ci.yml index f6668d7864e..a72e6fc0137 100644 --- a/.gitlab/ci/qa.gitlab-ci.yml +++ b/.gitlab/ci/qa.gitlab-ci.yml @@ -67,6 +67,7 @@ qa:update-qa-cache: e2e:package-and-test: extends: + - .production # this makes sure GITLAB_ALLOW_SEPARATE_CI_DATABASE is passed to the child pipeline - .qa:rules:package-and-test stage: qa needs: @@ -81,6 +82,13 @@ e2e:package-and-test: GITLAB_QA_IMAGE: "${CI_REGISTRY_IMAGE}/gitlab-ee-qa:${CI_COMMIT_SHA}" RUN_WITH_BUNDLE: "true" # instructs pipeline to install and run gitlab-qa gem via bundler QA_PATH: qa # sets the optional path for bundler to run from + inherit: + variables: + - CHROME_VERSION + - RUBY_VERSION + - DOCKER_VERSION + - REGISTRY_GROUP + - REGISTRY_HOST trigger: strategy: depend forward: @@ -90,24 +98,19 @@ e2e:package-and-test: - artifact: package-and-test-pipeline.yml job: e2e-test-pipeline-generate -# Fetch child pipeline test results and store in parent pipeline -# workaround until natively implemented: https://gitlab.com/groups/gitlab-org/-/epics/8205 -e2e:package-and-test-results: - image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-${RUBY_VERSION}:bundler-2.3 +e2e:test-on-gdk: extends: - - .qa-job-base - - .qa:rules:package-and-test + - .qa:rules:e2e:test-on-gdk stage: qa needs: - - e2e:package-and-test - variables: - COLORIZED_LOGS: "true" - QA_LOG_LEVEL: "debug" - when: always + # In scheduled master pipelines we wait for the image to be built. + # In MRs we assume the last scheduled master pipeline built the image already. + - job: build-qa-on-gdk-master-image + optional: true allow_failure: true - script: - - bundle exec rake "ci:download_test_results[e2e:package-and-test,e2e-test-report,${CI_PROJECT_DIR}]" - artifacts: - when: always - reports: - junit: gitlab-qa-run-*/**/rspec-*.xml + trigger: + strategy: depend + forward: + yaml_variables: true + pipeline_variables: true + include: .gitlab/ci/test-on-gdk/main.gitlab-ci.yml diff --git a/.gitlab/ci/rails.gitlab-ci.yml b/.gitlab/ci/rails.gitlab-ci.yml index df3b3704a52..23f38fddb80 100644 --- a/.gitlab/ci/rails.gitlab-ci.yml +++ b/.gitlab/ci/rails.gitlab-ci.yml @@ -210,91 +210,6 @@ rspec fast_spec_helper: # Load fast_spec_helper as well just in case there are no specs available. - bin/rspec --dry-run spec/fast_spec_helper.rb $fast_spec_helper_specs -db:rollback: - extends: .db-job-base - script: - - scripts/db_tasks db:migrate VERSION=20210602155110 - - scripts/db_tasks db:migrate SKIP_SCHEMA_VERSION_CHECK=true - -db:rollback single-db: - extends: - - db:rollback - - .single-db - - .rails:rules:single-db - -db:migrate:reset: - extends: .db-job-base - script: - - bundle exec rake db:migrate:reset - -db:migrate:reset single-db: - extends: - - db:migrate:reset - - .single-db - - .rails:rules:single-db - -db:check-schema: - extends: - - .db-job-base - - .rails:rules:ee-mr-and-default-branch-only - script: - - run_timed_command "bundle exec rake db:drop db:create" - - run_timed_command "scripts/db_tasks db:migrate" - -db:check-schema-single-db: - extends: - - db:check-schema - - .single-db - - .rails:rules:single-db - -db:check-migrations: - extends: - - .db-job-base - - .rails:rules:ee-and-foss-mr-with-migration - script: - - git fetch origin $CI_MERGE_REQUEST_TARGET_BRANCH_NAME:$CI_MERGE_REQUEST_TARGET_BRANCH_NAME --depth 20 - - scripts/validate_migration_schema - allow_failure: true - -db:check-migrations-single-db: - extends: - - db:check-migrations - - .single-db - - .rails:rules:single-db - -db:post_deployment_migrations_validator: - extends: - - .db-job-base - - .rails:rules:ee-and-foss-mr-with-migration - script: - - git fetch origin $CI_MERGE_REQUEST_TARGET_BRANCH_NAME:$CI_MERGE_REQUEST_TARGET_BRANCH_NAME --depth 20 - - scripts/post_deployment_migrations_validator - allow_failure: true - -db:post_deployment_migrations_validator-single-db: - extends: - - db:post_deployment_migrations_validator - - .single-db - - .rails:rules:single-db - -db:migrate-non-superuser: - extends: - - .db-job-base - - .rails:rules:ee-and-foss-mr-with-migration - script: - - bundle exec rake gitlab:db:reset_as_non_superuser - -db:gitlabcom-database-testing: - extends: .rails:rules:db:gitlabcom-database-testing - stage: test - image: ruby:${RUBY_VERSION}-alpine - needs: [] - allow_failure: true - script: - - source scripts/utils.sh - - install_gitlab_gem - - ./scripts/trigger-build.rb gitlab-com-database-testing - gitlab:setup: extends: .db-job-base variables: @@ -312,27 +227,6 @@ gitlab:setup: paths: - log/*.log -db:backup_and_restore: - extends: - - .db-job-base - - .rails:rules:db-backup - variables: - SETUP_DB: "false" - GITLAB_ASSUME_YES: "1" - script: - - . scripts/prepare_build.sh - - bundle exec rake db:drop db:create db:structure:load db:seed_fu - - mkdir -p tmp/tests/public/uploads tmp/tests/{artifacts,pages,lfs-objects,terraform_state,registry,packages} - - bundle exec rake gitlab:backup:create - - date - - bundle exec rake gitlab:backup:restore - -db:backup_and_restore single-db: - extends: - - db:backup_and_restore - - .single-db - - .rails:rules:db-backup - rspec:deprecations: extends: - .default-retry @@ -716,14 +610,6 @@ rspec-ee system pg12 single-db: - rspec-ee system pg12 - .single-db-rspec - .rails:rules:single-db - -db:rollback geo: - extends: - - db:rollback - - .rails:rules:ee-only-migration - script: - - bundle exec rake db:migrate:geo VERSION=20170627195211 - - bundle exec rake db:migrate:geo # EE: default refs (MRs, default branch, schedules) jobs # ################################################## @@ -908,19 +794,28 @@ rspec-ee system pg13: ################################################## # EE: Canonical MR pipelines -rspec fail-fast: +.rspec-fail-fast: extends: - - .rspec-ee-base-pg12 # This job also runs EE spec which needs elasticsearch - .rails:rules:rspec fail-fast stage: test needs: ["setup-test-env", "retrieve-tests-metadata", "compile-test-assets", "detect-tests"] script: - !reference [.base-script, script] - - rspec_fail_fast "${RSPEC_MATCHING_TESTS_PATH}" "--tag ~quarantine" - artifacts: - expire_in: 7d - paths: - - tmp/capybara/ + - rspec_fail_fast "${MATCHING_TESTS_PATH}" "--tag ~quarantine --tag ~zoekt" + +rspec fail-fast: + extends: + - .rspec-base-pg12 + - .rspec-fail-fast # extends from .rspec-fail-fast last to override script from .rspec-base-pg12 + variables: + MATCHING_TESTS_PATH: "${RSPEC_MATCHING_TESTS_FOSS_PATH}" + +rspec-ee fail-fast: + extends: + - .rspec-ee-base-pg12 + - .rspec-fail-fast # extends from .rspec-fail-fast last to override script from .rspec-ee-base-pg12 + variables: + MATCHING_TESTS_PATH: "${RSPEC_MATCHING_TESTS_EE_PATH}" rspec-foss-impact:pipeline-generate: extends: @@ -977,7 +872,7 @@ fail-pipeline-early: extends: - .rails:rules:rerun-previous-failed-tests stage: test - needs: ["setup-test-env", "compile-test-assets", "detect-previous-failed-tests"] + needs: ["setup-test-env", "retrieve-tests-metadata", "compile-test-assets", "detect-previous-failed-tests"] script: - !reference [.base-script, script] - rspec_rerun_previous_failed_tests "${PREVIOUS_FAILED_TESTS_FILE}" @@ -987,7 +882,7 @@ rspec rspec-pg12-rerun-previous-failed-tests: - .rspec-base-pg12 - .base-rspec-pg12-rerun-previous-failed-tests variables: - PREVIOUS_FAILED_TESTS_FILE: tmp/previous_failed_tests/rspec_failed_files.txt + PREVIOUS_FAILED_TESTS_FILE: tmp/previous_failed_tests/rspec_failed_tests.txt rspec rspec-ee-pg12-rerun-previous-failed-tests: extends: @@ -995,6 +890,5 @@ rspec rspec-ee-pg12-rerun-previous-failed-tests: - .base-rspec-pg12-rerun-previous-failed-tests variables: PREVIOUS_FAILED_TESTS_FILE: tmp/previous_failed_tests/rspec_ee_failed_files.txt - # EE: Canonical MR pipelines ################################################## diff --git a/.gitlab/ci/rails/rspec-foss-impact.gitlab-ci.yml.erb b/.gitlab/ci/rails/rspec-foss-impact.gitlab-ci.yml.erb index 4ae4cb75a25..eb54fa25875 100644 --- a/.gitlab/ci/rails/rspec-foss-impact.gitlab-ci.yml.erb +++ b/.gitlab/ci/rails/rspec-foss-impact.gitlab-ci.yml.erb @@ -42,7 +42,7 @@ rspec foss-impact: <% end %> script: - !reference [.base-script, script] - - rspec_paralellized_job "--tag ~quarantine --tag ~level:migration" + - rspec_paralellized_job "--tag ~quarantine --tag ~level:migration --tag ~zoekt" artifacts: expire_in: 7d paths: diff --git a/.gitlab/ci/rails/shared.gitlab-ci.yml b/.gitlab/ci/rails/shared.gitlab-ci.yml index 4ca82f55b63..4943f7c2e28 100644 --- a/.gitlab/ci/rails/shared.gitlab-ci.yml +++ b/.gitlab/ci/rails/shared.gitlab-ci.yml @@ -55,7 +55,12 @@ include: GEO_SECONDARY_PROXY: 0 RSPEC_TESTS_FILTER_FILE: "${RSPEC_MATCHING_TESTS_PATH}" SUCCESSFULLY_RETRIED_TEST_EXIT_CODE: 137 - needs: ["setup-test-env", "retrieve-tests-metadata", "compile-test-assets", "detect-tests"] + needs: + - job: "setup-test-env" + - job: "retrieve-tests-metadata" + - job: "compile-test-assets" + - job: "detect-tests" + optional: true script: - !reference [.base-script, script] # We need to exclude background migration because unit tests run with @@ -85,7 +90,7 @@ include: .rspec-base-migration: script: - !reference [.base-script, script] - - rspec_paralellized_job "--tag ~quarantine" + - rspec_paralellized_job "--tag ~quarantine --tag ~zoekt" .rspec-base-pg11: extends: @@ -102,7 +107,12 @@ include: - .rspec-base - .as-if-foss - .use-pg12 - needs: ["setup-test-env", "retrieve-tests-metadata", "compile-test-assets as-if-foss", "detect-tests"] + needs: + - job: "setup-test-env" + - job: "retrieve-tests-metadata" + - job: "compile-test-assets as-if-foss" + - job: "detect-tests" + optional: true .rspec-base-pg13: extends: diff --git a/.gitlab/ci/reports.gitlab-ci.yml b/.gitlab/ci/reports.gitlab-ci.yml index b87e5ad9bba..3242ca29d75 100644 --- a/.gitlab/ci/reports.gitlab-ci.yml +++ b/.gitlab/ci/reports.gitlab-ci.yml @@ -104,7 +104,8 @@ yarn-audit-dependency_scanning: - mkdir ~/.aws - '[[ -z "${AWS_SIEM_REPORT_INGESTION_CREDENTIALS_FILE}" ]] || mv "${AWS_SIEM_REPORT_INGESTION_CREDENTIALS_FILE}" ~/.aws/credentials' - npm install --no-save --ignore-scripts @aws-sdk/client-s3@3.49.0 - - scripts/ingest-reports-to-siem + - scripts/ingest-reports-to-siem || true # Allow legacy report to fail as we'll remove it in the future anyway + - scripts/ingest-reports-to-siem-devo artifacts: paths: - gl-dependency-scanning-report.json diff --git a/.gitlab/ci/review-apps/main.gitlab-ci.yml b/.gitlab/ci/review-apps/main.gitlab-ci.yml index 13e8ea330da..369330f8189 100644 --- a/.gitlab/ci/review-apps/main.gitlab-ci.yml +++ b/.gitlab/ci/review-apps/main.gitlab-ci.yml @@ -10,7 +10,6 @@ stages: include: - local: .gitlab/ci/global.gitlab-ci.yml - - local: .gitlab/ci/rules.gitlab-ci.yml - local: .gitlab/ci/review-apps/rules.gitlab-ci.yml - local: .gitlab/ci/review-apps/qa.gitlab-ci.yml - local: .gitlab/ci/review-apps/dast.gitlab-ci.yml @@ -19,7 +18,6 @@ include: .base-before_script: &base-before_script - source ./scripts/utils.sh - source ./scripts/review_apps/review-apps.sh - - apt-get update && apt-get install -y jq dont-interrupt-me: extends: .rules:dont-interrupt @@ -32,7 +30,7 @@ review-build-cng-env: extends: - .default-retry - .review:rules:review-build-cng - image: ${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION}-alpine3.16 + image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION}-alpine3.16 stage: prepare needs: # We need this job because we need its `cached-assets-hash.txt` artifact, so that we can pass the assets image tag to the downstream CNG pipeline. @@ -97,20 +95,21 @@ review-build-cng: variables: HOST_SUFFIX: "${CI_ENVIRONMENT_SLUG}" DOMAIN: "-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}" - GITLAB_HELM_CHART_REF: "ed813953079c1d81aa69d4cb8171c69aa9741f01" # 6.5.4: https://gitlab.com/gitlab-org/charts/gitlab/-/commit/ed813953079c1d81aa69d4cb8171c69aa9741f01 + GITLAB_HELM_CHART_REF: "afcef7854ac72c5ff958035ef210ba6c68ec800b" # 6.8.0: https://gitlab.com/gitlab-org/charts/gitlab/-/commit/afcef7854ac72c5ff958035ef210ba6c68ec800b environment: name: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE} # No separator for SCHEDULE_TYPE so it's compatible as before and looks nice without it url: https://gitlab-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN} - on_stop: review-stop - auto_stop_in: 6 hours + on_stop: trigger-review-stop review-deploy: extends: - .review-workflow-base - .review:rules:review-deploy stage: deploy - image: ${GITLAB_DEPENDENCY_PROXY}dtzar/helm-kubectl:3.10.3 - needs: ["review-build-cng"] + image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}dtzar/helm-kubectl:3.9.3 + needs: + - review-build-cng + - review-delete-deployment # We always want to start from a clean slate (i.e. no helm release, no k8s namespace) cache: key: "review-deploy-dependencies-charts-${GITLAB_HELM_CHART_REF}-v1" paths: @@ -168,31 +167,35 @@ review-deploy-sample-projects: extends: .review-workflow-base environment: action: stop - dependencies: [] variables: # We're cloning the repo instead of downloading the script for now # because some repos are private and CI_JOB_TOKEN cannot access files. # See https://gitlab.com/gitlab-org/gitlab/issues/191273 GIT_DEPTH: 1 - before_script: - - source ./scripts/utils.sh - - source ./scripts/review_apps/review-apps.sh - - !reference [".use-kube-context", before_script] review-delete-deployment: extends: - .review-stop-base - .review:rules:review-delete-deployment + dependencies: [] stage: prepare + before_script: + - source ./scripts/utils.sh + - source ./scripts/review_apps/review-apps.sh + - !reference [".use-kube-context", before_script] script: - - delete_helm_release + - retry delete_helm_release -review-stop: +trigger-review-stop: extends: - .review-stop-base - - .review:rules:review-stop - resource_group: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE} # CI_ENVIRONMENT_SLUG is not available here and we want this to be the same as the environment + - .review:rules:trigger-review-stop stage: deploy needs: [] + before_script: + - source ./scripts/utils.sh + - install_gitlab_gem script: - - delete_helm_release + - review_stop_job_id="$(scripts/api/get_job_id.rb --pipeline-id "${PARENT_PIPELINE_ID}" --job-name "review-stop")" + - | + curl --request POST --header "Private-Token: ${PROJECT_TOKEN_FOR_CI_SCRIPTS_API_USAGE}" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/jobs/${review_stop_job_id}/play" diff --git a/.gitlab/ci/review-apps/qa.gitlab-ci.yml b/.gitlab/ci/review-apps/qa.gitlab-ci.yml index 01a738127f7..edca2cae1c6 100644 --- a/.gitlab/ci/review-apps/qa.gitlab-ci.yml +++ b/.gitlab/ci/review-apps/qa.gitlab-ci.yml @@ -1,6 +1,6 @@ include: - project: gitlab-org/quality/pipeline-common - ref: 1.14.1 + ref: 2.0.0 file: - /ci/base.gitlab-ci.yml - /ci/allure-report.yml @@ -143,15 +143,10 @@ e2e-test-report: ALLURE_PROJECT_PATH: $CI_PROJECT_PATH ALLURE_RESULTS_GLOB: qa/tmp/allure-results ALLURE_MERGE_REQUEST_IID: $CI_MERGE_REQUEST_IID - GITLAB_AUTH_TOKEN: $GITLAB_QA_MR_ALLURE_REPORT_TOKEN + GITLAB_AUTH_TOKEN: $PROJECT_TOKEN_FOR_CI_SCRIPTS_API_USAGE GIT_STRATEGY: none allow_failure: true when: always - artifacts: # re-save rspec results for displaying in parent pipeline - expire_in: 1 day - when: always - paths: - - qa/tmp/rspec-*.xml upload-knapsack-report: extends: diff --git a/.gitlab/ci/review-apps/rules.gitlab-ci.yml b/.gitlab/ci/review-apps/rules.gitlab-ci.yml index 49343c98547..a3ae31cb14c 100644 --- a/.gitlab/ci/review-apps/rules.gitlab-ci.yml +++ b/.gitlab/ci/review-apps/rules.gitlab-ci.yml @@ -1,3 +1,6 @@ +# ------------------------------------------ +# Conditions +# ------------------------------------------ # Specific specs passed .specific-specs: &specific-specs if: $QA_TESTS != "" @@ -8,7 +11,7 @@ # No specific specs in mr pipeline .all-specs-mr: &all-specs-mr - if: $CI_MERGE_REQUEST_IID && $QA_TESTS == "" + if: '($CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached") && $QA_TESTS == ""' when: manual # Triggered by change pattern @@ -22,6 +25,31 @@ .default-branch: &default-branch if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH +.if-merge-request: &if-merge-request + if: '$CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached"' + +.if-merge-request-labels-run-review-app: &if-merge-request-labels-run-review-app + if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-review-app/' + +.if-dot-com-ee-schedule-nightly-child-pipeline: &if-dot-com-ee-schedule-nightly-child-pipeline + if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/gitlab" && $CI_PIPELINE_SOURCE == "parent_pipeline" && $SCHEDULE_TYPE == "nightly"' + +# ------------------------------------------ +# Changes patterns +# ------------------------------------------ +.ci-review-patterns: &ci-review-patterns + - ".gitlab-ci.yml" + - ".gitlab/ci/frontend.gitlab-ci.yml" + - ".gitlab/ci/build-images.gitlab-ci.yml" + - ".gitlab/ci/review.gitlab-ci.yml" + - ".gitlab/ci/review-apps/**/*" + - "scripts/review_apps/**/*" + - "scripts/trigger-build.rb" + - "{,ee/,jh/}{bin,config}/**/*.rb" + +# ------------------------------------------ +# Conditions set +# ------------------------------------------ .qa-manual: &qa-manual when: manual allow_failure: true @@ -53,6 +81,26 @@ when: manual allow_failure: true +.review:rules:review-build-cng: + rules: + - when: always + +.review:rules:review-delete-deployment: + rules: + - when: on_success + +# ------------------------------------------ +# Deploy +# ------------------------------------------ +.review:rules:review-deploy: + rules: + - when: on_success + +.review:rules:trigger-review-stop: + rules: + - when: manual + allow_failure: true + # ------------------------------------------ # Test # ------------------------------------------ @@ -91,6 +139,25 @@ - *all-specs-mr # set full suite to manual when no specific specs passed in mr - if: $QA_SUITES =~ /Test::Instance::ReviewNonBlocking/ +.review:rules:review-performance: + rules: + - if: '$DAST_RUN == "true"' # Skip this job when DAST is run + when: never + - <<: *if-merge-request-labels-run-review-app # we explicitly don't allow the job to fail in that case + - <<: *if-merge-request # we explicitly don't allow the job to fail in that case + changes: *ci-review-patterns + - when: on_success + allow_failure: true + +# ------------------------------------------ +# DAST +# ------------------------------------------ +.reports:rules:schedule-dast: + rules: + - if: '$DAST_DISABLED || $GITLAB_FEATURES !~ /\bdast\b/' + when: never + - <<: *if-dot-com-ee-schedule-nightly-child-pipeline + # ------------------------------------------ # Prepare/Report # ------------------------------------------ diff --git a/.gitlab/ci/review.gitlab-ci.yml b/.gitlab/ci/review.gitlab-ci.yml index b6c273aeb99..f0e87e0161a 100644 --- a/.gitlab/ci/review.gitlab-ci.yml +++ b/.gitlab/ci/review.gitlab-ci.yml @@ -4,9 +4,12 @@ review-cleanup: - .review:rules:review-cleanup image: ${REVIEW_APPS_IMAGE} stage: prepare + needs: [] environment: name: review/regular-cleanup action: access + variables: + GIT_DEPTH: 1 before_script: - source scripts/utils.sh - !reference [".use-kube-context", before_script] @@ -15,6 +18,21 @@ review-cleanup: script: - scripts/review_apps/automated_cleanup.rb || (scripts/slack review-apps-monitoring "☠️ \`${CI_JOB_NAME}\` failed! ☠️ See ${CI_JOB_URL} - <https://gitlab.com/gitlab-org/quality/engineering-productivity/team/-/blob/main/runbooks/review-apps.md#review-cleanup-job-failed|📗 RUNBOOK 📕>" warning "GitLab Bot" && exit 1); +review-stop: + extends: + - review-cleanup + - .review:rules:review-stop + environment: + name: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE} # No separator for SCHEDULE_TYPE so it's compatible as before and looks nice without it + action: stop + resource_group: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE} # CI_ENVIRONMENT_SLUG is not available here and we want this to be the same as the environment + before_script: + - source ./scripts/utils.sh + - source ./scripts/review_apps/review-apps.sh + - !reference [".use-kube-context", before_script] + script: + - retry delete_helm_release + .base-review-checks: extends: - .default-retry @@ -58,6 +76,21 @@ start-review-app-pipeline: - job: e2e-test-pipeline-generate - job: build-assets-image artifacts: false + # We do not want to have ALL global variables passed as trigger variables, + # as they cannot be overridden. See this issue for more context: + # + # https://gitlab.com/gitlab-org/gitlab/-/issues/387183 + inherit: + variables: + - CHROME_VERSION + - REGISTRY_GROUP + - REGISTRY_HOST + - REVIEW_APPS_DOMAIN + - REVIEW_APPS_GCP_PROJECT + - REVIEW_APPS_GCP_REGION + - REVIEW_APPS_IMAGE + - RUBY_VERSION + # These variables are set in the pipeline schedules. # They need to be explicitly passed on to the child pipeline. # https://docs.gitlab.com/ee/ci/pipelines/multi_project_pipelines.html#pass-cicd-variables-to-a-downstream-pipeline-by-using-the-variables-keyword @@ -73,30 +106,6 @@ start-review-app-pipeline: - artifact: review-app-pipeline.yml job: e2e-test-pipeline-generate -# Fetch child pipeline test results and store in parent pipeline -# workaround until natively implemented: https://gitlab.com/groups/gitlab-org/-/epics/8205 -review-app-test-results: - image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-${RUBY_VERSION}:bundler-2.3 - stage: review - extends: - - .qa-cache - - .review:rules:start-review-app-pipeline - needs: - - start-review-app-pipeline - variables: - COLORIZED_LOGS: "true" - QA_LOG_LEVEL: "debug" - before_script: - - cd qa && bundle install - script: - - bundle exec rake "ci:download_test_results[start-review-app-pipeline,e2e-test-report,${CI_PROJECT_DIR}]" - when: always - allow_failure: true - artifacts: - when: always - reports: - junit: qa/tmp/rspec-*.xml - danger-review: extends: - .default-retry diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml index 9596594ad26..d1e29084a5a 100644 --- a/.gitlab/ci/rules.gitlab-ci.yml +++ b/.gitlab/ci/rules.gitlab-ci.yml @@ -21,7 +21,7 @@ if: '$FORCE_GITLAB_CI' .if-default-refs: &if-default-refs - if: '$CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH || $CI_COMMIT_REF_NAME =~ /^[\d-]+-stable(-ee)?$/ || $CI_COMMIT_REF_NAME =~ /^\d+-\d+-auto-deploy-\d+$/ || $CI_COMMIT_REF_NAME =~ /^security\// || $CI_COMMIT_REF_NAME == "ruby2" || $CI_MERGE_REQUEST_IID || $CI_COMMIT_TAG || $FORCE_GITLAB_CI' + if: '$CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH || $CI_COMMIT_REF_NAME =~ /^[\d-]+-stable(-ee)?$/ || $CI_COMMIT_REF_NAME =~ /^\d+-\d+-auto-deploy-\d+$/ || $CI_COMMIT_REF_NAME =~ /^security\// || $CI_COMMIT_REF_NAME == "ruby2" || ($CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached") || $CI_COMMIT_TAG || $FORCE_GITLAB_CI' .if-default-branch-refs: &if-default-branch-refs if: '$CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH && $CI_MERGE_REQUEST_IID == null' @@ -30,30 +30,33 @@ if: '$CI_COMMIT_BRANCH =~ /^\d+-\d+-auto-deploy-\d+$/' .if-default-branch-or-tag: &if-default-branch-or-tag - if: '$CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH || $CI_COMMIT_TAG' + if: '($CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH && $CI_MERGE_REQUEST_IID == null) || $CI_COMMIT_TAG' + +.if-tag: &if-tag + if: '$CI_COMMIT_TAG' .if-merge-request: &if-merge-request - if: '$CI_MERGE_REQUEST_IID' + if: '$CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached"' # Once https://gitlab.com/gitlab-org/gitlab/-/issues/373904 is implemented, we should be able to change this back to -# if: '$CI_MERGE_REQUEST_IID && $CI_MERGE_REQUEST_APPROVALS_COUNT > 0' +# if: '($CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached") && $CI_MERGE_REQUEST_APPROVALS_COUNT > 0' # or any similar condition to check that the MR has *any* approval (not just required approval). # # Temprorarily adding || $CI_MERGE_REQUEST_LABELS =~ /pipeline:run-full-rspec/ for backward compatibility, # remove once https://gitlab.com/gitlab-org/quality/quality-engineering/team-tasks/-/issues/1557 is fully rolled out .if-merge-request-approved: &if-merge-request-approved - if: '$CI_MERGE_REQUEST_IID && $CI_MERGE_REQUEST_LABELS =~ /pipeline:mr-approved/ || $CI_MERGE_REQUEST_LABELS =~ /pipeline:run-full-rspec/' + if: '($CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached") && $CI_MERGE_REQUEST_LABELS =~ /pipeline:mr-approved/ || $CI_MERGE_REQUEST_LABELS =~ /pipeline:run-full-rspec/' # Temprorarily adding && $CI_MERGE_REQUEST_LABELS !~ /pipeline:run-full-rspec/ for backward compatibility, # remove once https://gitlab.com/gitlab-org/quality/quality-engineering/team-tasks/-/issues/1557 is fully rolled out .if-merge-request-not-approved: &if-merge-request-not-approved - if: '$CI_MERGE_REQUEST_IID && $CI_MERGE_REQUEST_LABELS !~ /pipeline:mr-approved/ && $CI_MERGE_REQUEST_LABELS !~ /pipeline:run-full-rspec/' + if: '($CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached") && $CI_MERGE_REQUEST_LABELS !~ /pipeline:mr-approved/ && $CI_MERGE_REQUEST_LABELS !~ /pipeline:run-full-rspec/' .if-automated-merge-request: &if-automated-merge-request if: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME == "release-tools/update-gitaly" || $CI_MERGE_REQUEST_TARGET_BRANCH_NAME =~ /stable-ee$/' .if-merge-request-targeting-stable-branch: &if-merge-request-targeting-stable-branch - if: '$CI_MERGE_REQUEST_IID && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME =~ /^[\d-]+-stable(-ee)?$/' + if: '($CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached") && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME =~ /^[\d-]+-stable(-ee)?$/' .if-merge-request-labels-run-in-ruby2: &if-merge-request-labels-run-in-ruby2 if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-in-ruby2/' @@ -73,6 +76,9 @@ .if-merge-request-labels-run-all-jest: &if-merge-request-labels-run-all-jest if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-all-jest/' +.if-merge-request-labels-run-all-e2e: &if-merge-request-labels-run-all-e2e + if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-all-e2e/' + .if-merge-request-labels-run-single-db: &if-merge-request-labels-run-single-db if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-single-db/' @@ -98,10 +104,10 @@ if: '$CI_MERGE_REQUEST_LABELS =~ /frontend/ && $CI_MERGE_REQUEST_LABELS =~ /feature flag/' .if-security-merge-request: &if-security-merge-request - if: '$CI_PROJECT_NAMESPACE == "gitlab-org/security" && $CI_MERGE_REQUEST_IID' + if: '$CI_PROJECT_NAMESPACE == "gitlab-org/security" && ($CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached")' .if-fork-merge-request: &if-fork-merge-request - if: '$CI_PROJECT_NAMESPACE !~ /^gitlab(-org)?($|\/)/ && $CI_MERGE_REQUEST_IID && $CI_MERGE_REQUEST_LABELS !~ /pipeline:run-all-rspec/' + if: '$CI_PROJECT_NAMESPACE !~ /^gitlab(-org)?($|\/)/ && ($CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached") && $CI_MERGE_REQUEST_LABELS !~ /pipeline:run-all-rspec/' .if-schedule-pipeline: &if-schedule-pipeline if: '$CI_PIPELINE_SOURCE == "schedule"' @@ -118,29 +124,29 @@ .if-security-schedule: &if-security-schedule if: '$CI_PROJECT_NAMESPACE == "gitlab-org/security" && $CI_PIPELINE_SOURCE == "schedule"' +.if-foss-schedule: &if-foss-schedule + if: '$CI_PROJECT_PATH == "gitlab-org/gitlab-foss" && $CI_PIPELINE_SOURCE == "schedule"' + .if-dot-com-gitlab-org-schedule: &if-dot-com-gitlab-org-schedule if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE == "gitlab-org" && $CI_PIPELINE_SOURCE == "schedule"' .if-dot-com-ee-schedule-default-branch-maintenance: &if-dot-com-ee-schedule-default-branch-maintenance if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/gitlab" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "maintenance"' -.if-dot-com-ee-schedule-nightly-child-pipeline: &if-dot-com-ee-schedule-nightly-child-pipeline - if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/gitlab" && $CI_PIPELINE_SOURCE == "parent_pipeline" && $SCHEDULE_TYPE == "nightly"' - .if-dot-com-gitlab-org-default-branch: &if-dot-com-gitlab-org-default-branch if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE == "gitlab-org" && $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH' .if-dot-com-gitlab-org-merge-request: &if-dot-com-gitlab-org-merge-request - if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE == "gitlab-org" && $CI_MERGE_REQUEST_IID' + if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE == "gitlab-org" && ($CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached")' .if-dot-com-gitlab-org-and-security-merge-request: &if-dot-com-gitlab-org-and-security-merge-request - if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE =~ /^gitlab-org($|\/security$)/ && $CI_MERGE_REQUEST_IID' + if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE =~ /^gitlab-org($|\/security$)/ && ($CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached")' .if-dot-com-gitlab-org-and-security-merge-request-and-qa-tests-specified: &if-dot-com-gitlab-org-and-security-merge-request-and-qa-tests-specified - if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE =~ /^gitlab-org($|\/security$)/ && $CI_MERGE_REQUEST_IID && $QA_TESTS' + if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE =~ /^gitlab-org($|\/security$)/ && ($CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached") && $QA_TESTS' .if-dot-com-gitlab-org-and-security-merge-request-manual-ff-package-and-e2e: &if-dot-com-gitlab-org-and-security-merge-request-manual-ff-package-and-e2e - if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE =~ /^gitlab-org($|\/security$)/ && $CI_MERGE_REQUEST_IID && $QA_MANUAL_FF_PACKAGE_AND_QA' + if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE =~ /^gitlab-org($|\/security$)/ && ($CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached") && $QA_MANUAL_FF_PACKAGE_AND_QA' .if-dot-com-gitlab-org-and-security-tag: &if-dot-com-gitlab-org-and-security-tag if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE =~ /^gitlab-org($|\/security$)/ && $CI_COMMIT_TAG' @@ -172,8 +178,7 @@ - ".gitlab/ci/build-images.gitlab-ci.yml" - ".gitlab/ci/review.gitlab-ci.yml" - ".gitlab/ci/review-apps/**/*" - - "scripts/review_apps/base-config.yaml" - - "scripts/review_apps/review-apps.sh" + - "scripts/review_apps/**/*" - "scripts/trigger-build.rb" - "{,ee/,jh/}{bin,config}/**/*.rb" @@ -220,6 +225,11 @@ - "scripts/lint-doc.sh" - ".gitlab/ci/docs.gitlab-ci.yml" +.docs-blueprints-patterns: &docs-blueprints-patterns + - "doc/architecture/blueprints/**/*" + - "scripts/lint-docs-blueprints.rb" + - ".gitlab/ci/docs.gitlab-ci.yml" + .docs-deprecations-and-removals-patterns: &docs-deprecations-and-removals-patterns - "doc/update/deprecations.md" - "doc/update/removals.md" @@ -285,12 +295,15 @@ - ".browserslistrc" - "babel.config.js" - "jest.config.{base,integration,unit}.js" - - ".csscomb.json" + - ".stylelintrc" - "Dockerfile.assets" - "config/**/*.js" - "vendor/assets/**/*" - "{app/assets,app/components,app/helpers,app/presenters,app/views,locale,public,spec/frontend,storybook,symbol}/**/*" +.initializers-patterns: &initializers-patterns + - "{,ee/,jh/}config/initializers/**/*" + .controllers-patterns: &controllers-patterns - "{,ee/,jh/}{app/controllers}/**/*" @@ -332,14 +345,14 @@ # DB patterns + .ci-patterns .db-patterns: &db-patterns - "{,ee/,jh/}{,spec/}{db,migrations}/**/*" - - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/database/**/*" - - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/database{,_spec}.rb" - - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/background_migration/**/*" - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/background_migration{,_spec}.rb" + - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/background_migration/**/*" + - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/database{,_spec}.rb" + - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/database/**/*" - "{,ee/,jh/}spec/support/helpers/database/**/*" - "{,ee/,jh/}spec/support/helpers/migrations_helpers/**/*" - - "lib/gitlab/markdown_cache/active_record/**/*" - "lib/api/admin/batched_background_migrations.rb" + - "lib/gitlab/markdown_cache/active_record/**/*" - "spec/requests/api/admin/batched_background_migrations_spec.rb" - "config/prometheus/common_metrics.yml" # Used by Gitlab::DatabaseImporters::CommonMetrics::Importer - "{,ee/,jh/}app/models/project_statistics.rb" # Used to calculate sizes in migration specs @@ -378,7 +391,7 @@ - ".browserslistrc" - "babel.config.js" - "jest.config.{base,integration,unit}.js" - - ".csscomb.json" + - ".stylelintrc" - "Dockerfile.assets" - "vendor/assets/**/*" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" @@ -403,7 +416,7 @@ - ".browserslistrc" - "babel.config.js" - "jest.config.{base,integration,unit}.js" - - ".csscomb.json" + - ".stylelintrc" - "Dockerfile.assets" - "vendor/assets/**/*" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" @@ -434,7 +447,7 @@ - ".browserslistrc" - "babel.config.js" - "jest.config.{base,integration,unit}.js" - - ".csscomb.json" + - ".stylelintrc" - "Dockerfile.assets" - "vendor/assets/**/*" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" @@ -461,7 +474,7 @@ - ".browserslistrc" - "babel.config.js" - "jest.config.{base,integration,unit}.js" - - ".csscomb.json" + - ".stylelintrc" - "Dockerfile.assets" - "vendor/assets/**/*" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" @@ -499,7 +512,7 @@ - ".browserslistrc" - "babel.config.js" - "jest.config.{base,integration,unit}.js" - - ".csscomb.json" + - ".stylelintrc" - "Dockerfile.assets" - "vendor/assets/**/*" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" @@ -547,6 +560,7 @@ - "{,ee/,jh/}Gemfile.lock" # This should include gitlab-styles, rubocop itself, and any plugins we might be using - "lib/gitlab_edition.rb" # This is required in RuboCop::CodeReuseHelpers - ".gitlab/ci/static-analysis.gitlab-ci.yml" + - "config/feature_categories.yml" # Used by RSpec/InvalidFeatureCategory .danger-patterns: &danger-patterns - "Dangerfile" @@ -590,6 +604,8 @@ when: never - <<: *if-merge-request-targeting-stable-branch when: never + - <<: *if-merge-request-labels-pipeline-expedite + when: never .rails:rules:predictive-default-rules: rules: @@ -679,6 +695,7 @@ rules: - <<: *if-schedule-maintenance - <<: *if-security-schedule + - <<: *if-foss-schedule - <<: *if-merge-request-labels-update-caches .shared:rules:update-gitaly-binaries-cache: @@ -690,7 +707,7 @@ ###################### # Build images rules # ###################### -.build-images:rules:build-qa-image: +.build-images:rules:build-qa-image-merge-requests: rules: - <<: *if-not-canonical-namespace when: never @@ -700,18 +717,44 @@ changes: *ci-build-images-patterns - <<: *if-dot-com-gitlab-org-and-security-merge-request changes: *code-qa-patterns + +.build-images:rules:build-qa-image: + rules: + - !reference [".build-images:rules:build-qa-image-merge-requests", "rules"] - <<: *if-auto-deploy-branches variables: ARCH: amd64,arm64 - - <<: *if-default-branch-or-tag + - <<: *if-default-branch-refs + variables: + ARCH: amd64,arm64 + - <<: *if-tag variables: ARCH: amd64,arm64 + # TODO: Remove once confirmed on a tag pipeline + allow_failure: true - <<: *if-dot-com-gitlab-org-schedule variables: ARCH: amd64,arm64 - <<: *if-force-ci - <<: *if-ruby2-branch +.build-images:rules:build-qa-image-as-if-foss: + rules: + - !reference [".build-images:rules:build-qa-image-merge-requests", "rules"] + +# We want to rebuild the master image when the full e2e test pipeline runs. Currently this happens on a 2 hour schedule. +.build-images:rules:build-qa-on-gdk-master-image: + rules: + - if: '$QA_RUN_TESTS_ON_GDK !~ /true|yes|1/i' + when: never + - <<: *if-not-canonical-namespace + when: never + - <<: *if-not-ee + when: never + - <<: *if-dot-com-gitlab-org-schedule + variables: + ARCH: amd64,arm64 + .build-images:rules:build-assets-image: rules: - <<: *if-not-canonical-namespace @@ -822,6 +865,11 @@ - <<: *if-default-refs changes: *docs-patterns +.docs:rules:docs-blueprints-lint: + rules: + - <<: *if-default-refs + changes: *docs-blueprints-patterns + .docs:rules:deprecations-and-removals: rules: - <<: *if-default-refs @@ -1036,7 +1084,7 @@ - <<: *if-default-branch-refs changes: *frontend-build-patterns allow_failure: true - - if: '$DANGER_GITLAB_API_TOKEN && $CI_MERGE_REQUEST_IID && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == $CI_DEFAULT_BRANCH' + - if: '$DANGER_GITLAB_API_TOKEN && ($CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached") && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == $CI_DEFAULT_BRANCH' changes: *frontend-build-patterns allow_failure: true @@ -1109,7 +1157,7 @@ allow_failure: true - <<: *if-ruby2-branch -.qa:rules:package-and-test: +.qa:rules:package-and-test-mrs: rules: - <<: *if-not-canonical-namespace when: never @@ -1121,6 +1169,8 @@ allow_failure: true - <<: *if-ruby2-branch allow_failure: true + - <<: *if-merge-request-labels-run-all-e2e + allow_failure: true - <<: *if-dot-com-gitlab-org-and-security-merge-request-manual-ff-package-and-e2e changes: *feature-flag-development-config-patterns when: manual @@ -1129,6 +1179,9 @@ changes: *feature-flag-development-config-patterns allow_failure: true - <<: *if-dot-com-gitlab-org-and-security-merge-request + changes: *initializers-patterns + allow_failure: true + - <<: *if-dot-com-gitlab-org-and-security-merge-request changes: *nodejs-patterns allow_failure: true - <<: *if-dot-com-gitlab-org-and-security-merge-request @@ -1144,6 +1197,13 @@ changes: *code-patterns when: manual allow_failure: true + - <<: *if-force-ci + when: manual + allow_failure: true + +.qa:rules:package-and-test: + rules: + - !reference [".qa:rules:package-and-test-mrs", rules] - <<: *if-dot-com-gitlab-org-schedule allow_failure: true variables: @@ -1152,9 +1212,12 @@ KNAPSACK_GENERATE_REPORT: "true" QA_SAVE_TEST_METRICS: "true" QA_EXPORT_TEST_METRICS: "false" # on main runs, metrics are exported to separate bucket via rake task for better consistency - - <<: *if-force-ci - when: manual - allow_failure: true + +.qa:rules:e2e:test-on-gdk: + rules: + - if: '$QA_RUN_TESTS_ON_GDK !~ /true|yes|1/i' + when: never + - !reference [".qa:rules:package-and-test", rules] ############### # Rails rules # @@ -1172,6 +1235,12 @@ changes: *db-patterns - <<: *if-default-branch-schedule-nightly +.rails:rules:db:check-migrations-single-db: + rules: + - <<: *if-merge-request-labels-run-single-db + - <<: *if-merge-request + changes: *db-patterns + .rails:rules:db-backup: rules: - <<: *if-merge-request-labels-run-all-rspec @@ -1182,6 +1251,15 @@ - <<: *if-default-refs changes: *db-patterns +.rails:rules:db-rollback: + rules: + - !reference [".rails:rules:ee-and-foss-migration", rules] + - <<: *if-default-refs + changes: *initializers-patterns + - <<: *if-default-refs + changes: + - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/content_security_policy/config_loader{,_spec}.rb" + .rails:rules:praefect-with-db: rules: - if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-praefect-with-db/' @@ -1542,9 +1620,9 @@ .rails:rules:detect-tests: rules: - <<: *if-merge-request-labels-run-all-rspec - - <<: *if-default-refs + - <<: *if-merge-request changes: *code-backstage-qa-patterns - - <<: *if-default-refs + - <<: *if-merge-request changes: *workhorse-patterns .rails:rules:detect-previous-failed-tests: @@ -1720,6 +1798,24 @@ - <<: *if-merge-request changes: *static-analysis-patterns +.semgrep-appsec-custom-rules:rules: + rules: + - <<: *if-not-ee + when: never + - <<: *if-merge-request + changes: *code-backstage-qa-patterns + +.ping-appsec-for-sast-findings:rules: + rules: + # Requiring $CUSTOM_SAST_RULES_BOT_PAT prevents the bot from running on forks or CE + # Without it the script would fail too. + - if: "$CUSTOM_SAST_RULES_BOT_PAT == null" + when: never + - <<: *if-not-ee + when: never + - <<: *if-merge-request + changes: *code-backstage-qa-patterns + ####################### # Vendored gems rules # ####################### @@ -1784,6 +1880,12 @@ changes: ["vendor/gems/devise-pbkdf2-encryptable/**/*"] - <<: *if-merge-request-labels-run-all-rspec +.vendor:rules:gitlab_active_record: + rules: + - <<: *if-merge-request + changes: ["vendor/gems/gitlab_active_record/**/*"] + - <<: *if-merge-request-labels-run-all-rspec + .vendor:rules:bundler-checksum: rules: - <<: *if-merge-request @@ -1883,12 +1985,6 @@ - <<: *if-default-refs changes: *nodejs-patterns -.reports:rules:schedule-dast: - rules: - - if: '$DAST_DISABLED || $GITLAB_FEATURES !~ /\bdast\b/' - when: never - - <<: *if-dot-com-ee-schedule-nightly-child-pipeline - .reports:rules:test-dast: rules: - if: '$DAST_DISABLED || $GITLAB_FEATURES !~ /\bdast\b/' @@ -1971,32 +2067,10 @@ QA_SAVE_TEST_METRICS: "true" QA_EXPORT_TEST_METRICS: "false" # on main runs, metrics are exported to separate bucket via rake task for better consistency -.review:rules:review-build-cng: - rules: - - when: always - -.review:rules:review-deploy: - rules: - - when: on_success - -.review:rules:review-performance: - rules: - - if: '$DAST_RUN == "true"' # Skip this job when DAST is run - when: never - - <<: *if-merge-request-labels-run-review-app # we explicitely don't allow the job to fail in that case - - <<: *if-dot-com-gitlab-org-merge-request # we explicitely don't allow the job to fail in that case - changes: *ci-review-patterns - - when: on_success - allow_failure: true - -.review:rules:review-delete-deployment: - rules: - - when: on_success - # The following rules needs to be the same as the one for .review:rules:start-review-app-pipeline # except that: # - all rules have `when: manual` and `allow_failure: true` here -.review:rules:review-cleanup: +.review:rules:review-stop-merge-requests: rules: - <<: *if-not-ee when: never @@ -2033,12 +2107,23 @@ changes: *code-patterns when: manual allow_failure: true + +.review:rules:review-cleanup: + rules: + - !reference [".review:rules:review-stop-merge-requests", rules] + - <<: *if-dot-com-ee-schedule-default-branch-maintenance + allow_failure: true + +.review:rules:review-stop: + rules: + - !reference [".review:rules:review-stop-merge-requests", rules] - <<: *if-dot-com-gitlab-org-schedule + when: manual allow_failure: true .review:rules:review-k8s-resources-count-checks: rules: - - <<: *if-dot-com-gitlab-org-schedule + - <<: *if-dot-com-ee-schedule-default-branch-maintenance allow_failure: true - <<: *if-dot-com-gitlab-org-merge-request changes: @@ -2047,18 +2132,13 @@ .review:rules:review-gcp-quotas-checks: rules: - - <<: *if-dot-com-gitlab-org-schedule + - <<: *if-dot-com-ee-schedule-default-branch-maintenance allow_failure: true - <<: *if-dot-com-gitlab-org-merge-request changes: - "scripts/review_apps/gcp-quotas-checks.rb" allow_failure: true -.review:rules:review-stop: - rules: - - when: manual - allow_failure: true - .review:rules:danger: rules: - <<: *if-merge-request @@ -2098,6 +2178,11 @@ - <<: *if-default-refs changes: *code-backstage-patterns +.setup:rules:rails-production-environment: + rules: + - <<: *if-default-refs + changes: *code-patterns + .setup:rules:no-ee-check: rules: - <<: *if-not-foss @@ -2134,7 +2219,7 @@ - <<: *if-not-ee when: never - <<: *if-dot-com-ee-schedule-default-branch-maintenance - - <<: *if-default-refs + - <<: *if-default-branch-refs changes: - ".gitlab/ci/setup.gitlab-ci.yml" - ".gitlab/ci/test-metadata.gitlab-ci.yml" @@ -2156,7 +2241,8 @@ - <<: *if-not-ee when: never - <<: *if-dot-com-ee-schedule-default-branch-maintenance - - <<: *if-default-refs + when: always + - <<: *if-default-branch-refs changes: - ".gitlab/ci/test-metadata.gitlab-ci.yml" - "scripts/rspec_helpers.sh" diff --git a/.gitlab/ci/setup.gitlab-ci.yml b/.gitlab/ci/setup.gitlab-ci.yml index 852c4739d9d..298d5c4ae08 100644 --- a/.gitlab/ci/setup.gitlab-ci.yml +++ b/.gitlab/ci/setup.gitlab-ci.yml @@ -128,6 +128,7 @@ detect-tests: - source ./scripts/rspec_helpers.sh - install_gitlab_gem - install_tff_gem + - install_activesupport_gem - retrieve_tests_mapping - retrieve_frontend_fixtures_mapping - | @@ -135,12 +136,14 @@ detect-tests: mkdir -p $(dirname "$RSPEC_CHANGED_FILES_PATH") tooling/bin/find_changes ${RSPEC_CHANGED_FILES_PATH}; tooling/bin/find_tests ${RSPEC_CHANGED_FILES_PATH} ${RSPEC_MATCHING_TESTS_PATH}; + tooling/bin/js_to_system_specs_mappings ${RSPEC_CHANGED_FILES_PATH} ${RSPEC_MATCHING_TESTS_PATH}; tooling/bin/find_changes ${RSPEC_CHANGED_FILES_PATH} ${RSPEC_MATCHING_TESTS_PATH} ${FRONTEND_FIXTURES_MAPPING_PATH}; filter_rspec_matched_foss_tests ${RSPEC_MATCHING_TESTS_PATH} ${RSPEC_MATCHING_TESTS_FOSS_PATH}; + filter_rspec_matched_ee_tests ${RSPEC_MATCHING_TESTS_PATH} ${RSPEC_MATCHING_TESTS_EE_PATH}; tooling/bin/view_to_js_mappings ${RSPEC_CHANGED_FILES_PATH} ${RSPEC_MATCHING_JS_FILES_PATH}; echoinfo "Changed files: $(cat $RSPEC_CHANGED_FILES_PATH)"; - echoinfo "Related RSpec tests: $(cat $RSPEC_MATCHING_TESTS_PATH)"; echoinfo "Related FOSS RSpec tests: $(cat $RSPEC_MATCHING_TESTS_FOSS_PATH)"; + echoinfo "Related EE RSpec tests: $(cat $RSPEC_MATCHING_TESTS_EE_PATH)"; echoinfo "Related JS files: $(cat $RSPEC_MATCHING_JS_FILES_PATH)"; fi artifacts: @@ -149,8 +152,9 @@ detect-tests: - ${FRONTEND_FIXTURES_MAPPING_PATH} - ${RSPEC_CHANGED_FILES_PATH} - ${RSPEC_MATCHING_JS_FILES_PATH} - - ${RSPEC_MATCHING_TESTS_FOSS_PATH} - ${RSPEC_MATCHING_TESTS_PATH} + - ${RSPEC_MATCHING_TESTS_FOSS_PATH} + - ${RSPEC_MATCHING_TESTS_EE_PATH} detect-previous-failed-tests: extends: @@ -158,12 +162,10 @@ detect-previous-failed-tests: - .rails:rules:detect-previous-failed-tests variables: PREVIOUS_FAILED_TESTS_DIR: tmp/previous_failed_tests/ - RSPEC_PG_REGEX: /rspec .+ pg12( .+)?/ - RSPEC_EE_PG_REGEX: /rspec-ee .+ pg12( .+)?/ script: - source ./scripts/utils.sh - source ./scripts/rspec_helpers.sh - - retrieve_previous_failed_tests ${PREVIOUS_FAILED_TESTS_DIR} "${RSPEC_PG_REGEX}" "${RSPEC_EE_PG_REGEX}" + - retrieve_failed_tests "${PREVIOUS_FAILED_TESTS_DIR}" "oneline" "previous" artifacts: expire_in: 7d paths: diff --git a/.gitlab/ci/static-analysis.gitlab-ci.yml b/.gitlab/ci/static-analysis.gitlab-ci.yml index 13013d9a9db..d546c79aab9 100644 --- a/.gitlab/ci/static-analysis.gitlab-ci.yml +++ b/.gitlab/ci/static-analysis.gitlab-ci.yml @@ -183,3 +183,37 @@ feature-flags-usage: when: always paths: - tmp/feature_flags/ + +semgrep-appsec-custom-rules: + stage: lint + extends: + - .semgrep-appsec-custom-rules:rules + image: returntocorp/semgrep + needs: [] + script: + # Required to avoid a timeout https://github.com/returntocorp/semgrep/issues/5395 + - git fetch origin master + # Include/exclude list isn't ideal https://github.com/returntocorp/semgrep/issues/5399 + - | + semgrep ci --gitlab-sast --metrics off --config $CUSTOM_RULES_URL \ + --include app --include lib --include workhorse \ + --exclude '*_test.go' --exclude spec --exclude qa > gl-sast-report.json || true + variables: + CUSTOM_RULES_URL: https://gitlab.com/gitlab-com/gl-security/appsec/sast-custom-rules/-/raw/main/appsec-pings/rules.yml + artifacts: + paths: + - gl-sast-report.json + +ping-appsec-for-sast-findings: + stage: lint + image: alpine:latest + extends: + - .ping-appsec-for-sast-findings:rules + variables: + # Project Access Token bot ID for /gitlab-com/gl-security/appsec/sast-custom-rules + BOT_USER_ID: 13559989 + needs: + - semgrep-appsec-custom-rules + script: + - apk add jq curl + - scripts/process_custom_semgrep_results.sh diff --git a/.gitlab/ci/test-metadata.gitlab-ci.yml b/.gitlab/ci/test-metadata.gitlab-ci.yml index 3f6760394c4..176a0b67d66 100644 --- a/.gitlab/ci/test-metadata.gitlab-ci.yml +++ b/.gitlab/ci/test-metadata.gitlab-ci.yml @@ -37,10 +37,12 @@ update-tests-metadata: - rspec unit pg12 - rspec integration pg12 - rspec system pg12 + - rspec background_migration pg12 - rspec-ee migration pg12 - rspec-ee unit pg12 - rspec-ee integration pg12 - rspec-ee system pg12 + - rspec-ee background_migration pg12 script: - run_timed_command "retry gem install fog-aws mime-types activesupport rspec_profiling postgres-copy --no-document" - source ./scripts/rspec_helpers.sh diff --git a/.gitlab/ci/test-on-gdk/main.gitlab-ci.yml b/.gitlab/ci/test-on-gdk/main.gitlab-ci.yml new file mode 100644 index 00000000000..a04d81fb342 --- /dev/null +++ b/.gitlab/ci/test-on-gdk/main.gitlab-ci.yml @@ -0,0 +1,81 @@ +default: + interruptible: true + +include: + - local: .gitlab/ci/package-and-test/rules.gitlab-ci.yml + +dont-interrupt-me: + extends: .rules:dont-interrupt + stage: test + interruptible: false + script: + - echo "This jobs makes sure this pipeline won't be interrupted! See https://docs.gitlab.com/ee/ci/yaml/#interruptible." + +.run-tests: + stage: test + image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-${RUBY_VERSION}:bundler-2.3-chrome-${CHROME_VERSION}-docker-${DOCKER_VERSION} + services: + - docker:${DOCKER_VERSION}-dind + tags: + - e2e + before_script: + - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY + - sysctl -n -w fs.inotify.max_user_watches=524288 + variables: + DOCKER_DRIVER: overlay2 + DOCKER_HOST: tcp://docker:2375 + QA_GDK_IMAGE: "${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab-qa-gdk:master" + QA_GENERATE_ALLURE_REPORT: "false" + QA_CAN_TEST_PRAEFECT: "false" + QA_INTERCEPT_REQUESTS: "false" + QA_RUN_TYPE: e2e-test-on-gdk + TEST_LICENSE_MODE: $QA_TEST_LICENSE_MODE + EE_LICENSE: $QA_EE_LICENSE + GITHUB_ACCESS_TOKEN: $QA_GITHUB_ACCESS_TOKEN + GITLAB_QA_ADMIN_ACCESS_TOKEN: $QA_ADMIN_ACCESS_TOKEN + QA_KNAPSACK_REPORTS: qa-smoke,ee-instance-parallel + timeout: 2 hours + artifacts: + when: always + paths: + - test_output + - logs + expire_in: 7 days + script: + - echo -e "\e[0Ksection_start:`date +%s`:pull_image\r\e[0KPull GDK QA image" + - docker pull ${QA_GDK_IMAGE} + - echo -e "\e[0Ksection_end:`date +%s`:pull_image\r\e[0K" + - echo -e "\e[0Ksection_start:`date +%s`:launch_gdk_and_tests\r\e[0KLaunch GDK and run QA tests" + - cd qa && bundle install --jobs=$(nproc) --retry=3 --quiet + - mkdir -p $CI_PROJECT_DIR/test_output $CI_PROJECT_DIR/logs/gdk $CI_PROJECT_DIR/logs/gitlab + # This command matches the permissions of the user that runs GDK inside the container. + - chown -R 1000:1000 $CI_PROJECT_DIR/test_output $CI_PROJECT_DIR/logs + - | + docker run --rm --name gdk --add-host gdk.test:127.0.0.1 --shm-size=2gb \ + --env-file <(bundle exec rake ci:env_var_name_list) \ + --volume /var/run/docker.sock:/var/run/docker.sock:z \ + --volume $CI_PROJECT_DIR/test_output:/home/gdk/gdk/gitlab/qa/tmp:z \ + --volume $CI_PROJECT_DIR/logs/gdk:/home/gdk/gdk/log \ + --volume $CI_PROJECT_DIR/logs/gitlab:/home/gdk/gdk/gitlab/log \ + ${QA_GDK_IMAGE} "${CI_COMMIT_REF_SLUG}" "$TEST_GDK_TAGS --tag ~requires_praefect" || true + - echo -e "\e[0Ksection_end:`date +%s`:launch_gdk_and_tests\r\e[0K" + allow_failure: true + +test-on-gdk-smoke: + extends: + - .run-tests + parallel: 2 + variables: + TEST_GDK_TAGS: "--tag smoke" + QA_KNAPSACK_REPORT_NAME: qa-smoke + rules: + - when: always + +test-on-gdk-full: + extends: + - .run-tests + parallel: 5 + variables: + QA_KNAPSACK_REPORT_NAME: ee-instance-parallel + rules: + - when: manual diff --git a/.gitlab/ci/vendored-gems.gitlab-ci.yml b/.gitlab/ci/vendored-gems.gitlab-ci.yml index a22ac5337f6..1086d9074d2 100644 --- a/.gitlab/ci/vendored-gems.gitlab-ci.yml +++ b/.gitlab/ci/vendored-gems.gitlab-ci.yml @@ -85,3 +85,11 @@ vendor bundler-checksum: trigger: include: vendor/gems/bundler-checksum/.gitlab-ci.yml strategy: depend + +vendor gitlab_active_record: + extends: + - .vendor:rules:gitlab_active_record + needs: [] + trigger: + include: vendor/gems/gitlab_active_record/.gitlab-ci.yml + strategy: depend diff --git a/.gitlab/issue_templates/Experiment Successful Cleanup.md b/.gitlab/issue_templates/Experiment Successful Cleanup.md index 14a29452e49..3831090aad6 100644 --- a/.gitlab/issue_templates/Experiment Successful Cleanup.md +++ b/.gitlab/issue_templates/Experiment Successful Cleanup.md @@ -10,6 +10,8 @@ The changes need to become an official part of the product. - [ ] Determine whether the feature should apply to SaaS and/or self-managed - [ ] Determine whether the feature should apply to EE - and which tiers - and/or Core - [ ] Determine if tracking should be kept as is, removed, or modified. +- [ ] Determine if any UX experiences need to be "polished" i.e. updated to further improve the end user experience. This task should be completed by the designated UX counterpart. + - [ ] (placeholder for UX polish work that needs to be completed for this cleanup issue to be considered completed) - [ ] Ensure any relevant documentation has been updated. - [ ] Determine whether there are other concerns that need to be considered before removing the feature flag. - These are typically captured in the `Experiment Successful Cleanup Concerns` section of the rollout issue. diff --git a/.gitlab/issue_templates/Feature Flag Roll Out.md b/.gitlab/issue_templates/Feature Flag Roll Out.md index 8aa631dce76..5791eca11ff 100644 --- a/.gitlab/issue_templates/Feature Flag Roll Out.md +++ b/.gitlab/issue_templates/Feature Flag Roll Out.md @@ -107,6 +107,7 @@ For visibility, all `/chatops` commands that target production should be execute - [ ] Leave a comment on [the feature issue][main-issue] announcing estimated time when this feature flag will be enabled on GitLab.com. - [ ] Ensure that any breaking changes have been announced following the [release post process](https://about.gitlab.com/handbook/marketing/blog/release-posts/#deprecations-removals-and-breaking-changes) to ensure GitLab customers are aware. - [ ] Notify `#support_gitlab-com` and your team channel ([more guidance when this is necessary in the dev docs](https://docs.gitlab.com/ee/development/feature_flags/controls.html#communicate-the-change)). +- [ ] Ensure that the feature flag rollout plan is reviewed by another developer familiar with the domain. ### Global rollout on production diff --git a/.gitlab/issue_templates/Feature Proposal - basic.md b/.gitlab/issue_templates/Feature Proposal - basic.md index b447bcfe0ae..e9815d85f9b 100644 --- a/.gitlab/issue_templates/Feature Proposal - basic.md +++ b/.gitlab/issue_templates/Feature Proposal - basic.md @@ -9,6 +9,7 @@ <!-- Label reminders Use the following resources to find the appropriate labels: +- Use only one tier label choosing the lowest tier this is intended for - https://gitlab.com/gitlab-org/gitlab/-/labels - https://about.gitlab.com/handbook/product/categories/features/ --> diff --git a/.gitlab/issue_templates/Feature Proposal - lean.md b/.gitlab/issue_templates/Feature Proposal - lean.md index c902c254618..3997ffa5c85 100644 --- a/.gitlab/issue_templates/Feature Proposal - lean.md +++ b/.gitlab/issue_templates/Feature Proposal - lean.md @@ -48,6 +48,7 @@ Create tracking issue using the Snowplow event tracking template. See https://gi <!-- Label reminders Use the following resources to find the appropriate labels: +- Use only one tier label choosing the lowest tier this is intended for - https://gitlab.com/gitlab-org/gitlab/-/labels - https://about.gitlab.com/handbook/product/categories/features/ --> diff --git a/.gitlab/issue_templates/Feature proposal - detailed.md b/.gitlab/issue_templates/Feature proposal - detailed.md index 9eac2ca27c5..dcf6d417155 100644 --- a/.gitlab/issue_templates/Feature proposal - detailed.md +++ b/.gitlab/issue_templates/Feature proposal - detailed.md @@ -125,6 +125,7 @@ In which enterprise tier should this feature go? See https://about.gitlab.com/ha <!-- Label reminders - you should have one of each of the following labels. Use the following resources to find the appropriate labels: +- Use only one tier label choosing the lowest tier this is intended for - https://gitlab.com/gitlab-org/gitlab/-/labels - https://about.gitlab.com/handbook/product/categories/features/ --> diff --git a/.gitlab/issue_templates/Geo Replicate a new Git repository type.md b/.gitlab/issue_templates/Geo Replicate a new Git repository type.md index 97f756f0d02..eee989ed21e 100644 --- a/.gitlab/issue_templates/Geo Replicate a new Git repository type.md +++ b/.gitlab/issue_templates/Geo Replicate a new Git repository type.md @@ -517,7 +517,6 @@ That's all of the required database changes. module Geo class CoolWidgetState < ApplicationRecord - include EachBatch include ::Geo::VerificationStateDefinition self.primary_key = :cool_widget_id diff --git a/.gitlab/issue_templates/Geo Replicate a new blob type.md b/.gitlab/issue_templates/Geo Replicate a new blob type.md index 9dfc83309cc..88a7fad4975 100644 --- a/.gitlab/issue_templates/Geo Replicate a new blob type.md +++ b/.gitlab/issue_templates/Geo Replicate a new blob type.md @@ -482,7 +482,6 @@ That's all of the required database changes. module Geo class CoolWidgetState < ApplicationRecord - include EachBatch include ::Geo::VerificationStateDefinition self.primary_key = :cool_widget_id diff --git a/.gitlab/issue_templates/Pipeline Authoring Issue Implementation.md b/.gitlab/issue_templates/Pipeline Authoring Issue Implementation.md index 523a50dfdf8..7bb602feed2 100644 --- a/.gitlab/issue_templates/Pipeline Authoring Issue Implementation.md +++ b/.gitlab/issue_templates/Pipeline Authoring Issue Implementation.md @@ -50,4 +50,4 @@ _NOTE: This section is optional, but can be used for easy access to any relevant -/label ~"group::pipeline authoring" ~"Category:Pipeline Authoring" ~"section::ops" ~"devops::verify" ~"workflow::planning breakdown" +/label ~"group::pipeline authoring" ~"Category:Pipeline Composition" ~"section::ops" ~"devops::verify" ~"workflow::planning breakdown" diff --git a/.gitlab/issue_templates/Release group - bug.md b/.gitlab/issue_templates/Release group - bug.md new file mode 100644 index 00000000000..f542041593f --- /dev/null +++ b/.gitlab/issue_templates/Release group - bug.md @@ -0,0 +1,43 @@ +## Summary + +<!-- Summarize the bug encountered concisely. --> + +## Steps to reproduce + +<!-- Describe how one can reproduce the issue - this is very important. Please use an ordered list. --> + +## What is the current *bug* behavior? + +<!-- Describe what actually happens. --> + +## What is the expected *correct* behavior? + +<!-- Describe what you should see instead. --> + +## Relevant logs and/or screenshots + +<!-- Paste any relevant logs - please use code blocks (```) to format console output, logs, and code + as it's tough to read otherwise. --> + +## Possible fixes + +<!-- If you can, link to the line of code that might be responsible for the problem. --> + +<!-- Default labels --> +/label ~"group::release" +/label ~"type::bug" +/label ~"workflow::planning breakdown" + +<!-- Optional labels --> +/label ~backend ~frontend ~UX + +<!-- https://about.gitlab.com/handbook/engineering/quality/issue-triage/#severity --> +/label ~"severity::3" ~"priority::3" + +<!-- If you already have an implementation plan, please fill in detail below https://about.gitlab.com/handbook/engineering/development/ops/release/planning/#weights --> +/weight X +/label ~"backend-weight::" ~"frontend-weight::" ~"workflow::ready for development" +## Implementation guide + +<!-- If the issue clear enough, consider inviting community contributors --> +/label ~"Seeking community contributions" ~"good for new contributors" diff --git a/.gitlab/issue_templates/Release group - feature.md b/.gitlab/issue_templates/Release group - feature.md new file mode 100644 index 00000000000..0a695dac2ad --- /dev/null +++ b/.gitlab/issue_templates/Release group - feature.md @@ -0,0 +1,26 @@ +## Problem to solve + +<!-- What problem do we solve? Try to define the who/what/why of the opportunity as a user story. For example, "As a (who), I want (what), so I can (why/value)." --> + +## Proposal + +<!-- Use this section to explain the feature and how it will work. It can be helpful to add technical details, design proposals, and links to related epics or issues. --> + +<!-- Default labels --> +/label ~"group::release" +/label ~"type::feature" +/label ~"workflow::problem validation" +/label ~UX + +<!-- Optional labels --> +/label ~backend ~frontend + +<!-- If you already have an implementation plan, please fill in detail below https://about.gitlab.com/handbook/engineering/development/ops/release/planning/#weights --> +/weight X +/label ~"backend-weight::" ~"frontend-weight::" ~"workflow::ready for development" +## Implementation guide + +<!-- If the issue clear enough, consider inviting community contributors --> +/label ~"Seeking community contributions" ~"good for new contributors" + + diff --git a/.gitlab/issue_templates/Release group - maintenance.md b/.gitlab/issue_templates/Release group - maintenance.md new file mode 100644 index 00000000000..aa87015a44a --- /dev/null +++ b/.gitlab/issue_templates/Release group - maintenance.md @@ -0,0 +1,18 @@ +## Background + +## Proposal + +<!-- Use this section to explain the feature and how it will work. It can be helpful to add technical details, design proposals, and links to related epics or issues. --> + +<!-- Set labels and other metadata --> +/label ~"group::release" +/label ~"type::maintenance" +/label ~"workflow::planning breakdown" + +<!-- If you already have an implementation plan, please fill in detail below https://about.gitlab.com/handbook/engineering/development/ops/release/planning/#weights --> +/weight X +/label ~"backend-weight::" ~"frontend-weight::" ~"workflow::ready for development" +## Implementation guide + +<!-- If the issue clear enough, consider inviting community contributors --> +/label ~"Seeking community contributions" ~"good for new contributors" diff --git a/.gitlab/issue_templates/Security developer workflow.md b/.gitlab/issue_templates/Security developer workflow.md index 7c6c86f5e78..3857303f2c4 100644 --- a/.gitlab/issue_templates/Security developer workflow.md +++ b/.gitlab/issue_templates/Security developer workflow.md @@ -22,6 +22,7 @@ MUST be linked for the release bot to know that the associated merge requests sh - [ ] Run `scripts/security-harness` in your local repository to prevent accidentally pushing to any remote besides `gitlab.com/gitlab-org/security`. - [ ] Create a new branch prefixing it with `security-`. - [ ] Create a merge request targeting `master` on `gitlab.com/gitlab-org/security` and use the [Security Release merge request template]. +- [ ] If this includes a breaking change, make sure to include a mention of it for the relevant versions in [`doc/update/index.md`](https://gitlab.com/gitlab-org/security/gitlab/-/blob/master/doc/update/index.md#version-specific-upgrading-instructions) After your merge request has been approved according to our [approval guidelines] and by a team member of the AppSec team, you're ready to prepare the backports @@ -46,7 +47,6 @@ After your merge request has been approved according to our [approval guidelines - [ ] Fill in any upgrade notes that users may need to take into account in the [details section](#details) - [ ] Add Yes/No and further details if needed to the migration and settings columns in the [details section](#details) - [ ] Add the nickname of the external user who found the issue (and/or HackerOne profile) to the Thanks row in the [details section](#details) -- [ ] If this includes a breaking change, make sure it is mentioned for the relevant versions in [`doc/update/index.md`](https://gitlab.com/gitlab-org/security/gitlab/-/blob/master/doc/update/index.md#version-specific-upgrading-instructions) ## Summary diff --git a/.gitlab/issue_templates/Synchronous Database Index.md b/.gitlab/issue_templates/Synchronous Database Index.md new file mode 100644 index 00000000000..c61cf7abf0c --- /dev/null +++ b/.gitlab/issue_templates/Synchronous Database Index.md @@ -0,0 +1,11 @@ +<!-- Title suggestion: <async-index-name> synchronous database index(es) addition/removal --> + +## Summary + +This issue is to add a migration(s) to create/destroy the `<async-index-name>` database index(es) synchronously after it has been created/destroyed on GitLab.com. + +The asynchronous index(es) was introduced in <!-- Link to MR that introduced the asynchronous index -->. + +/assign me +/due in 2 weeks +/label ~database ~"type::maintenance" ~"maintenance::scalability" diff --git a/.gitlab/merge_request_templates/Deprecations.md b/.gitlab/merge_request_templates/Deprecations.md index 9b84dde72df..841ef70d92a 100644 --- a/.gitlab/merge_request_templates/Deprecations.md +++ b/.gitlab/merge_request_templates/Deprecations.md @@ -1,10 +1,5 @@ <!-- Set the correct label and milestone using autocomplete for guidance. Please @mention only the DRI(s) for each stage or group rather than an entire department. --> -/label ~"release post" ~"release post item" ~"Technical Writing" ~devops:: ~group:: ~"release post item::deprecation" -/label ~"type::maintenance" -/milestone % -/assign `@EM/PM` (choose the DRI; remove backticks here, and below) - **Be sure to link this MR to the relevant deprecation issue(s).** - Deprecation Issue: @@ -42,16 +37,18 @@ They are frequently updated, and everyone should make sure they are aware of the - [ ] Set yourself as the Assignee, meaning you are the DRI. - [ ] If the deprecation is a [breaking change](https://about.gitlab.com/handbook/product/gitlab-the-product/#breaking-change), add label `breaking change`. +- [ ] Confirm this MR is labeled ~"release post item::deprecation" - [ ] Follow the process to [create a deprecation YAML file](https://about.gitlab.com/handbook/marketing/blog/release-posts/#creating-a-deprecation-entry). -- [ ] Make sure that the milestone dates are based on the dates in [Product milestone creation](https://about.gitlab.com/handbook/product/milestones/#product-milestone-creation). - [ ] Add reviewers by the 10th. -- [ ] When ready to be merged and not later than the 15th, add the `~ready` label and @ message the TW for final review and merge. +- [ ] Add scoped `devops::` and `group::` labels as necessary. +- [ ] Add the appropriate milestone to this MR. +- [ ] When ready to be merged (and no later than the 15th) `@mention` the TW for final review and merge. ## Reviewers When the content is ready for review, it must be reviewed by a Technical Writer and Engineering Manager, but can also be reviewed by Product Marketing, Product Design, and the Product Leaders for this area. Please use the -[Reviewers for Merge Requests](https://docs.gitlab.com/ee/user/project/merge_requests/getting_started#reviewer) +[reviewers](https://docs.gitlab.com/ee/user/project/merge_requests/reviews/) feature for all reviews. Reviewers will then `approve` the MR and remove themselves from Reviewers when their review is complete. - [ ] (Recommended) PMM @@ -106,3 +103,7 @@ must be updated before this MR is merged: 1. Set the MR to merge when the pipeline succeeds (or merge if the pipeline is already complete). If you have trouble running the Rake task, check the [troubleshooting steps](https://about.gitlab.com/handbook/marketing/blog/release-posts/#deprecation-rake-task-troubleshooting). + +/label ~"release post" ~"release post item" ~"Technical Writing" ~"release post item::deprecation" +/label ~"type::maintenance" +/label ~"maintenance::refactor" diff --git a/.gitlab/merge_request_templates/Quarantine End to End Test.md b/.gitlab/merge_request_templates/Quarantine End to End Test.md index 5f26f3ac74d..731b51b169b 100644 --- a/.gitlab/merge_request_templates/Quarantine End to End Test.md +++ b/.gitlab/merge_request_templates/Quarantine End to End Test.md @@ -29,7 +29,7 @@ the noise (due to constantly failing tests, flaky tests, and so on) so that new - [ ] To ensure a faster turnaround, ask in the `#quality_maintainers` Slack channel for someone to review and merge the merge request, rather than assigning it directly. <!-- Base labels. --> -/label ~"Quality" ~"QA" ~"type::maintenance" +/label ~"Quality" ~"QA" ~"type::maintenance" ~"maintenance::pipelines" <!-- Choose the stage that appears in the test path, e.g. ~"devops::create" for diff --git a/.gitlab/merge_request_templates/Removals.md b/.gitlab/merge_request_templates/Removals.md index f616df56480..e212893d10d 100644 --- a/.gitlab/merge_request_templates/Removals.md +++ b/.gitlab/merge_request_templates/Removals.md @@ -56,7 +56,7 @@ Please review: When the content is ready for review, the Technical Writer and Engineering Manager _must_ review it. Optional reviewers can include Product Marketing, Product Design, and the Product Leaders for this area. Use the -[Reviewers for Merge Requests](https://docs.gitlab.com/ee/user/project/merge_requests/getting_started#reviewer) +[reviewers](https://docs.gitlab.com/ee/user/project/merge_requests/reviews/) feature for all reviews. Reviewers will `approve` the MR and remove themselves from the reviewers list when their review is complete. - [ ] (Recommended) PMM diff --git a/.gitlab/merge_request_templates/Revert To Resolve Incident.md b/.gitlab/merge_request_templates/Revert To Resolve Incident.md index 17ff239bbd4..4e77846575a 100644 --- a/.gitlab/merge_request_templates/Revert To Resolve Incident.md +++ b/.gitlab/merge_request_templates/Revert To Resolve Incident.md @@ -1,14 +1,31 @@ -## Purpose of Revert +<!-- + IMPORTANT: Add appropriate labels BEFORE you save the merge request. CI/CD jobs + can be skipped only if the labels are applied BEFORE the CI/CD pipeline is created. + See https://docs.gitlab.com/ee/development/pipelines#revert-mrs for more info. +--> + +## Purpose of revert <!-- Please link to the relevant incident --> -### Check-list +### Checklist - [ ] Create an issue to reinstate the merge request and assign it to the author of the reverted merge request. -- [ ] If the revert is to resolve a ['broken master' incident](https://about.gitlab.com/handbook/engineering/workflow/#broken-master), please read through the [Responsibilities of the Broken 'Master' resolution DRI](https://about.gitlab.com/handbook/engineering/workflow/#responsibilities-of-the-resolution-dri) -- [ ] Add the appropriate labels **before** the MR is created (we can only skip CI/CD jobs if the labels are added **before** the CI/CD pipeline gets created) +- [ ] If the revert is to resolve a [broken 'master' incident](https://about.gitlab.com/handbook/engineering/workflow/#broken-master), please read through the [Responsibilities of the Broken `master` resolution DRI](https://about.gitlab.com/handbook/engineering/workflow/#responsibilities-of-the-resolution-dri). +- [ ] Add the appropriate labels **before** the MR is created. We can skip CI/CD jobs only if the labels are added **before** the CI/CD pipeline is created. + +### Milestone info + +- [ ] I am reverting something in the **current** milestone. No changelog is needed, and I've added a `~"regression:*"` label. +- [ ] I am reverting something in a **different** milestone. A changelog is needed, and I've removed the `~"regression:*"` label. + +### Related issues and merge requests + /label ~"pipeline:expedite" ~"master:broken" -<!-- If applicable, specifying the regression label in the current milestone will skip additional CI/CD jobs (e.g. Danger changelog checks) --> +<!-- + Regression label: if applicable, specify the milestone-specific regression label + (such as ~regression:15.8) to skip additional CI/CD jobs, like Danger changelog checks. --> + <!-- /label ~regression: --> |