summaryrefslogtreecommitdiff
path: root/.gitlab
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2021-06-16 18:25:58 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2021-06-16 18:25:58 +0000
commita5f4bba440d7f9ea47046a0a561d49adf0a1e6d4 (patch)
treefb69158581673816a8cd895f9d352dcb3c678b1e /.gitlab
parentd16b2e8639e99961de6ddc93909f3bb5c1445ba1 (diff)
downloadgitlab-ce-a5f4bba440d7f9ea47046a0a561d49adf0a1e6d4.tar.gz
Add latest changes from gitlab-org/gitlab@14-0-stable-eev14.0.0-rc42
Diffstat (limited to '.gitlab')
-rw-r--r--.gitlab/CODEOWNERS28
-rw-r--r--.gitlab/changelog_config.yml5
-rw-r--r--.gitlab/ci/docs.gitlab-ci.yml6
-rw-r--r--.gitlab/ci/frontend.gitlab-ci.yml27
-rw-r--r--.gitlab/ci/global.gitlab-ci.yml33
-rw-r--r--.gitlab/ci/rails.gitlab-ci.yml10
-rw-r--r--.gitlab/ci/reports.gitlab-ci.yml2
-rw-r--r--.gitlab/ci/review.gitlab-ci.yml54
-rw-r--r--.gitlab/ci/rules.gitlab-ci.yml101
-rw-r--r--.gitlab/ci/untamper-my-lockfile.yml26
-rw-r--r--.gitlab/ci/yaml.gitlab-ci.yml1
-rw-r--r--.gitlab/issue_templates/Documentation.md2
-rw-r--r--.gitlab/issue_templates/Feature Flag Removal.md28
-rw-r--r--.gitlab/issue_templates/Feature Flag Roll Out.md6
-rw-r--r--.gitlab/issue_templates/Geo Replicate a new Git repository type.md6
-rw-r--r--.gitlab/issue_templates/Geo Replicate a new blob type.md6
-rw-r--r--.gitlab/merge_request_templates/Documentation.md4
-rw-r--r--.gitlab/merge_request_templates/Security Release.md4
18 files changed, 237 insertions, 112 deletions
diff --git a/.gitlab/CODEOWNERS b/.gitlab/CODEOWNERS
index acb80bd194b..361d1124a78 100644
--- a/.gitlab/CODEOWNERS
+++ b/.gitlab/CODEOWNERS
@@ -7,6 +7,8 @@
*.rake @gitlab-org/maintainers/rails-backend
[Documentation Directories]
+.markdownlint.yml @marcel.amirault @eread @aqualls @cnorris
+/doc/.markdownlint @marcel.amirault @eread @aqualls @cnorris
/doc/ @gl-docsteam
/doc/.vale/ @marcel.amirault @eread @aqualls @cnorris
/doc/administration/geo/ @axil
@@ -21,7 +23,7 @@
/doc/administration/redis/ @axil
/doc/administration/reference_architectures/ @axil
/doc/administration/snippets/ @aqualls
-/doc/administration/troubleshooting @axil @marcia
+/doc/administration/troubleshooting @axil @marcia @eread
/doc/api/group_activity_analytics.md @msedlakjakubowski
/doc/ci/ @marcel.amirault @sselhorn
/doc/ci/environments/ @axil
@@ -29,10 +31,11 @@
/doc/ci/test_cases/ @msedlakjakubowski
/doc/development/ @marcia
/doc/development/documentation/ @cnorris
+/doc/development/i18n/ @ngaskill
/doc/development/value_stream_analytics.md @msedlakjakubowski
/doc/gitlab-basics/ @marcia
/doc/install/ @axil
-/doc/integration/ @aqualls
+/doc/integration/ @aqualls @eread
/doc/operations/ @ngaskill @axil
/doc/push_rules/ @aqualls
/doc/ssh/ @eread
@@ -43,7 +46,7 @@
/doc/user/analytics/ @msedlakjakubowski @ngaskill
/doc/user/application_security @rdickenson
/doc/user/clusters/ @marcia
-/doc/user/compliance/ @rdickenson
+/doc/user/compliance/ @rdickenson @eread
/doc/user/group/ @msedlakjakubowski
/doc/user/group/bulk_editing/ @msedlakjakubowski
/doc/user/group/devops_adoption/ @msedlakjakubowski
@@ -54,10 +57,10 @@
/doc/user/group/value_stream_analytics/ @msedlakjakubowski
/doc/user/infrastructure/ @marcia
/doc/user/packages/ @ngaskill
-/doc/user/profile/ @msedlakjakubowski
+/doc/user/profile/ @msedlakjakubowski @eread
/doc/user/project/ @aqualls @axil @eread @msedlakjakubowski @ngaskill
/doc/user/project/clusters/ @ngaskill
-/doc/user/project/import/ @msedlakjakubowski
+/doc/user/project/import/ @ngaskill @msedlakjakubowski
/doc/user/project/integrations/ @aqualls
/doc/user/project/integrations/prometheus_library/ @ngaskill
/doc/user/project/issues/ @msedlakjakubowski
@@ -65,7 +68,7 @@
/doc/user/project/milestones/ @msedlakjakubowski
/doc/user/project/pages/ @axil
/doc/user/project/repository/ @aqualls
-/doc/user/project/settings/ @aqualls
+/doc/user/project/settings/ @aqualls @eread
/doc/user/project/static_site_editor/index.md @aqualls
/doc/user/project/web_ide/index.md @aqualls
/doc/user/project/wiki/index.md @aqualls
@@ -200,7 +203,8 @@ Dangerfile @gl-quality/eng-prod
[Templates]
/lib/gitlab/ci/templates/ @nolith @shinya.maeda @matteeyah
/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml @DylanGriffith @mayra-cabrera @tkuah
-/lib/gitlab/ci/templates/Security/ @plafoucriere @gonzoyumo @twoodham @sethgitlab
+/lib/gitlab/ci/templates/Security/ @gonzoyumo @twoodham @sethgitlab @thiagocsf
+/lib/gitlab/ci/templates/Security/Container-Scanning.*.yml @gitlab-org/protect/container-security-backend
[Project Alias]
/ee/app/models/project_alias.rb @patrickbajao
@@ -216,6 +220,8 @@ Dangerfile @gl-quality/eng-prod
/ee/app/policies/vulnerabilities/ @gitlab-org/secure/threat-insights-backend-team
/ee/app/policies/vulnerability*.rb @gitlab-org/secure/threat-insights-backend-team
/ee/lib/api/vulnerabilit*.rb @gitlab-org/secure/threat-insights-backend-team
+/ee/lib/gitlab/ci/reports/security/vulnerability_reports_comparer.rb @gitlab-org/secure/threat-insights-backend-team
+/ee/spec/lib/gitlab/ci/reports/security/vulnerability_reports_comparer_spec.rb @gitlab-org/secure/threat-insights-backend-team
/ee/spec/policies/vulnerabilities/ @gitlab-org/secure/threat-insights-backend-team
/ee/spec/policies/vulnerability*.rb @gitlab-org/secure/threat-insights-backend-team
@@ -333,3 +339,11 @@ Dangerfile @gl-quality/eng-prod
[Application Security]
/lib/gitlab/content_security_policy/ @gitlab-com/gl-security/appsec
+
+[Gitaly]
+lib/gitlab/git_access.rb @proglottis @toon @zj-gitlab
+lib/gitlab/git_access_*.rb @proglottis @toon @zj-gitlab
+ee/lib/ee/gitlab/git_access.rb @proglottis @toon @zj-gitlab
+ee/lib/ee/gitlab/git_access_*.rb @proglottis @toon @zj-gitlab
+ee/lib/ee/gitlab/checks/** @proglottis @toon @zj-gitlab
+lib/gitlab/checks/** @proglottis @toon @zj-gitlab
diff --git a/.gitlab/changelog_config.yml b/.gitlab/changelog_config.yml
index 7aa18cc8f36..6069cd17a08 100644
--- a/.gitlab/changelog_config.yml
+++ b/.gitlab/changelog_config.yml
@@ -36,3 +36,8 @@ template: |
{% else %}
No changes.
{% end %}
+# The tag format for gitlab-org/gitlab is vX.Y.Z(-rcX)-ee. The -ee prefix would
+# be treated as a pre-release identifier, which can result in the wrong tag
+# being used as the starting point of a changelog commit range. The custom regex
+# here is used to ensure we find the correct tag.
+tag_regex: '^v(?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)-ee$'
diff --git a/.gitlab/ci/docs.gitlab-ci.yml b/.gitlab/ci/docs.gitlab-ci.yml
index 35d462584ee..a4317c72413 100644
--- a/.gitlab/ci/docs.gitlab-ci.yml
+++ b/.gitlab/ci/docs.gitlab-ci.yml
@@ -10,8 +10,8 @@
# because some repos are private and CI_JOB_TOKEN cannot access files.
# See https://gitlab.com/gitlab-org/gitlab/issues/191273
GIT_DEPTH: 1
- # By default, deploy the Review App using the `master` branch of the `gitlab-org/gitlab-docs` project
- DOCS_BRANCH: master
+ # By default, deploy the Review App using the `main` branch of the `gitlab-org/gitlab-docs` project
+ DOCS_BRANCH: main
environment:
name: review-docs/mr-${CI_MERGE_REQUEST_IID}
# DOCS_REVIEW_APPS_DOMAIN and DOCS_GITLAB_REPO_SUFFIX are CI variables
@@ -54,8 +54,6 @@ docs-lint links:
extends:
- .docs:rules:docs-lint
image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-html:alpine-3.13-ruby-2.7.2
- # TODO: revert to .default-retry when https://gitlab.com/gitlab-org/gitlab/-/issues/331002 is fixed.
- retry: 2
stage: test
needs: []
script:
diff --git a/.gitlab/ci/frontend.gitlab-ci.yml b/.gitlab/ci/frontend.gitlab-ci.yml
index 33aab8554e7..dfd595c2696 100644
--- a/.gitlab/ci/frontend.gitlab-ci.yml
+++ b/.gitlab/ci/frontend.gitlab-ci.yml
@@ -317,3 +317,30 @@ bundle-size-review:
expire_in: 31d
paths:
- bundle-size-review
+
+.startup-css-check-base:
+ extends:
+ - .frontend-test-base
+ script:
+ - *yarn-install
+ - run_timed_command "yarn generate:startup_css"
+ - yarn check:startup_css
+
+startup-css-check:
+ extends:
+ - .startup-css-check-base
+ - .frontend:rules:default-frontend-jobs
+ needs:
+ - job: "compile-test-assets"
+ - job: "rspec frontend_fixture"
+ - job: "rspec-ee frontend_fixture"
+ optional: true
+
+startup-css-check as-if-foss:
+ extends:
+ - .startup-css-check-base
+ - .as-if-foss
+ - .frontend:rules:default-frontend-jobs-as-if-foss
+ needs:
+ - job: "compile-test-assets as-if-foss"
+ - job: "rspec frontend_fixture as-if-foss"
diff --git a/.gitlab/ci/global.gitlab-ci.yml b/.gitlab/ci/global.gitlab-ci.yml
index 489b02fe2f6..ba49ddfce9d 100644
--- a/.gitlab/ci/global.gitlab-ci.yml
+++ b/.gitlab/ci/global.gitlab-ci.yml
@@ -36,6 +36,23 @@
<<: *gitaly-ruby-gems-cache
policy: push # We want to rebuild the cache from scratch to ensure stale dependencies are cleaned up.
+.gitaly-binaries-cache: &gitaly-binaries-cache
+ key:
+ files:
+ - GITALY_SERVER_VERSION
+ prefix: "gitaly-binaries"
+ paths:
+ - tmp/tests/gitaly/_build/bin/
+ - tmp/tests/gitaly/config.toml
+ - tmp/tests/gitaly/gitaly2.config.toml
+ - tmp/tests/gitaly/internal/
+ - tmp/tests/gitaly/internal_gitaly2/
+ - tmp/tests/gitaly/internal_sockets/
+ - tmp/tests/gitaly/Makefile
+ - tmp/tests/gitaly/praefect.config.toml
+ - tmp/tests/gitaly/ruby/
+ policy: pull
+
.go-pkg-cache: &go-pkg-cache
key: "go-pkg-v1"
paths:
@@ -81,7 +98,7 @@
<<: *rubocop-cache
# We want to rebuild the cache from scratch to ensure stale dependencies are cleaned up but RuboCop has a mechanism
# for keeping only the N latest cache files, so we take advantage of it with `pull-push`.
- policy: pull-push
+ policy: push
.qa-ruby-gems-cache: &qa-ruby-gems-cache
key: "qa-ruby-gems-v1"
@@ -97,6 +114,7 @@
cache:
- *ruby-gems-cache
- *gitaly-ruby-gems-cache
+ - *gitaly-binaries-cache
- *go-pkg-cache
.setup-test-env-cache-push:
@@ -105,6 +123,11 @@
- *gitaly-ruby-gems-cache-push
- *go-pkg-cache-push
+.gitaly-binaries-cache-push:
+ cache:
+ - <<: *gitaly-binaries-cache
+ policy: push # We want to rebuild the cache from scratch to ensure stale dependencies are cleaned up.
+
.rails-cache:
cache:
- *ruby-gems-cache
@@ -159,7 +182,7 @@
- *assets-cache-push
.use-pg11:
- image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.7.2.patched-golang-1.14-git-2.31-lfs-2.9-chrome-89-node-14.15-yarn-1.22-postgresql-11-graphicsmagick-1.3.36"
+ image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.7.2.patched-golang-1.16-git-2.31-lfs-2.9-chrome-89-node-14.15-yarn-1.22-postgresql-11-graphicsmagick-1.3.36"
services:
- name: postgres:11.6
command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
@@ -168,7 +191,7 @@
POSTGRES_HOST_AUTH_METHOD: trust
.use-pg12:
- image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.7.2.patched-golang-1.14-git-2.31-lfs-2.9-chrome-89-node-14.15-yarn-1.22-postgresql-12-graphicsmagick-1.3.36"
+ image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.7.2.patched-golang-1.16-git-2.31-lfs-2.9-chrome-89-node-14.15-yarn-1.22-postgresql-12-graphicsmagick-1.3.36"
services:
- name: postgres:12
command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
@@ -177,7 +200,7 @@
POSTGRES_HOST_AUTH_METHOD: trust
.use-pg11-ee:
- image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.7.2.patched-golang-1.14-git-2.31-lfs-2.9-chrome-89-node-14.15-yarn-1.22-postgresql-11-graphicsmagick-1.3.36"
+ image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.7.2.patched-golang-1.16-git-2.31-lfs-2.9-chrome-89-node-14.15-yarn-1.22-postgresql-11-graphicsmagick-1.3.36"
services:
- name: postgres:11.6
command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
@@ -188,7 +211,7 @@
POSTGRES_HOST_AUTH_METHOD: trust
.use-pg12-ee:
- image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.7.2.patched-golang-1.14-git-2.31-lfs-2.9-chrome-89-node-14.15-yarn-1.22-postgresql-12-graphicsmagick-1.3.36"
+ image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.7.2.patched-golang-1.16-git-2.31-lfs-2.9-chrome-89-node-14.15-yarn-1.22-postgresql-12-graphicsmagick-1.3.36"
services:
- name: postgres:12
command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
diff --git a/.gitlab/ci/rails.gitlab-ci.yml b/.gitlab/ci/rails.gitlab-ci.yml
index 68804b0f4c1..b74c8ebf575 100644
--- a/.gitlab/ci/rails.gitlab-ci.yml
+++ b/.gitlab/ci/rails.gitlab-ci.yml
@@ -8,7 +8,7 @@
.minimal-bundle-install:
script:
- - export BUNDLE_WITHOUT="${BUNDLE_WITHOUT}:default:test:puma:unicorn:kerberos:metrics:omnibus:ed25519"
+ - export BUNDLE_WITHOUT="${BUNDLE_WITHOUT}:default:test:puma:kerberos:metrics:omnibus:ed25519"
- bundle_install_script
.base-script:
@@ -192,6 +192,14 @@ update-setup-test-env-cache:
artifacts:
paths: [] # This job's purpose is only to update the cache.
+update-gitaly-binaries-cache:
+ extends:
+ - setup-test-env
+ - .gitaly-binaries-cache-push
+ - .shared:rules:update-gitaly-binaries-cache
+ artifacts:
+ paths: [] # This job's purpose is only to update the cache.
+
.coverage-base:
extends:
- .default-retry
diff --git a/.gitlab/ci/reports.gitlab-ci.yml b/.gitlab/ci/reports.gitlab-ci.yml
index 0162996e3a9..4cc03fdb1a4 100644
--- a/.gitlab/ci/reports.gitlab-ci.yml
+++ b/.gitlab/ci/reports.gitlab-ci.yml
@@ -27,7 +27,7 @@ code_quality:
variables:
SAST_BRAKEMAN_LEVEL: 2 # GitLab-specific
SAST_EXCLUDED_PATHS: "qa, spec, doc, ee/spec, config/gitlab.yml.example, tmp" # GitLab-specific
- SAST_DISABLE_BABEL: "true"
+ SAST_EXCLUDED_ANALYZERS: bandit, flawfinder, phpcs-security-audit, pmd-apex, security-code-scan, spotbugs
brakeman-sast:
rules: !reference [".reports:rules:sast", rules]
diff --git a/.gitlab/ci/review.gitlab-ci.yml b/.gitlab/ci/review.gitlab-ci.yml
index 5decc83da2b..cabeb0cc1ac 100644
--- a/.gitlab/ci/review.gitlab-ci.yml
+++ b/.gitlab/ci/review.gitlab-ci.yml
@@ -39,11 +39,11 @@ review-build-cng:
.review-workflow-base:
extends:
- .default-retry
- image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-helm3-kubectl1.14
+ image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-helm3.5-kubectl1.17
variables:
HOST_SUFFIX: "${CI_ENVIRONMENT_SLUG}"
DOMAIN: "-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}"
- GITLAB_HELM_CHART_REF: "v4.6.3"
+ GITLAB_HELM_CHART_REF: "v4.12.0"
environment:
name: review/${CI_COMMIT_REF_SLUG}${FREQUENCY}
url: https://gitlab-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}
@@ -54,6 +54,7 @@ review-deploy:
extends:
- .review-workflow-base
- .review:rules:review-deploy
+ retry: 2
stage: review
needs: ["review-build-cng"]
resource_group: "review/${CI_COMMIT_REF_NAME}"
@@ -65,18 +66,21 @@ review-deploy:
- *base-before_script
script:
- check_kube_domain
- - ensure_namespace
+ - "ensure_namespace ${KUBE_NAMESPACE}"
- install_external_dns
- download_chart
- date
- deploy || (display_deployment_debug && exit 1)
+ - verify_deploy || exit 1
- disable_sign_ups || (delete_release && exit 1)
after_script:
# Run seed-dast-test-data.sh only when DAST_RUN is set to true. This is to pupulate review app with data for DAST scan.
# Set DAST_RUN to true when jobs are manually scheduled.
- if [ "$DAST_RUN" == "true" ]; then source scripts/review_apps/seed-dast-test-data.sh; TRACE=1 trigger_proj_user_creation; fi
artifacts:
- paths: [environment_url.txt]
+ paths:
+ - environment_url.txt
+ - curl_output.txt
expire_in: 7 days
when: always
@@ -111,7 +115,6 @@ review-stop:
.review-qa-base:
extends:
- - .default-retry
- .use-docker-in-docker
image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-qa-alpine-ruby-2.7
stage: qa
@@ -120,6 +123,7 @@ review-stop:
QA_ARTIFACTS_DIR: "${CI_PROJECT_DIR}/qa"
QA_CAN_TEST_GIT_PROTOCOL_V2: "false"
QA_DEBUG: "true"
+ QA_GENERATE_ALLURE_REPORT: "true"
GITLAB_USERNAME: "root"
GITLAB_PASSWORD: "${REVIEW_APPS_ROOT_PASSWORD}"
GITLAB_ADMIN_USERNAME: "root"
@@ -140,10 +144,32 @@ review-stop:
expire_in: 7 days
when: always
+.allure-report-base:
+ image:
+ name: ${GITLAB_DEPENDENCY_PROXY}andrcuns/allure-report-publisher:0.3.2
+ entrypoint: [""]
+ stage: post-qa
+ variables:
+ GIT_STRATEGY: none
+ STORAGE_CREDENTIALS: $QA_ALLURE_REPORT_GCS_CREDENTIALS
+ GITLAB_AUTH_TOKEN: $GITLAB_QA_MR_ALLURE_REPORT_TOKEN
+ allow_failure: true
+ script:
+ - |
+ allure-report-publisher upload gcs \
+ --results-glob="qa/gitlab-qa-run-*/**/allure-results/*" \
+ --bucket="gitlab-qa-allure-reports" \
+ --prefix="$ALLURE_REPORT_PATH_PREFIX/$CI_COMMIT_REF_SLUG" \
+ --update-pr="comment" \
+ --copy-latest \
+ --ignore-missing-results \
+ --color
+
review-qa-smoke:
extends:
- .review-qa-base
- .review:rules:review-qa-smoke
+ retry: 1 # This is confusing but this means "2 runs at max".
script:
- gitlab-qa Test::Instance::Smoke "${QA_IMAGE}" "${CI_ENVIRONMENT_URL}"
@@ -209,6 +235,24 @@ parallel-spec-reports:
junit: qa/gitlab-qa-run-*/**/rspec-*.xml
expire_in: 31d
+allure-report-qa-smoke:
+ extends:
+ - .allure-report-base
+ - .review:rules:review-qa-smoke-report
+ needs: ["review-qa-smoke"]
+ variables:
+ ALLURE_REPORT_PATH_PREFIX: gitlab-review-smoke
+ ALLURE_JOB_NAME: review-qa-smoke
+
+allure-report-qa-all:
+ extends:
+ - .allure-report-base
+ - .review:rules:review-qa-all-report
+ needs: ["review-qa-all"]
+ variables:
+ ALLURE_REPORT_PATH_PREFIX: gitlab-review-all
+ ALLURE_JOB_NAME: review-qa-all
+
danger-review:
extends:
- .default-retry
diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml
index 5c9be5b1e9f..8dd97c1fe69 100644
--- a/.gitlab/ci/rules.gitlab-ci.yml
+++ b/.gitlab/ci/rules.gitlab-ci.yml
@@ -102,6 +102,7 @@
- ".gitlab/ci/build-images.gitlab-ci.yml"
- ".gitlab/ci/review.gitlab-ci.yml"
- "scripts/review_apps/base-config.yaml"
+ - "scripts/review_apps/review-apps.sh"
- "scripts/trigger-build"
.ci-qa-patterns: &ci-qa-patterns
@@ -110,6 +111,9 @@
- ".gitlab/ci/build-images.gitlab-ci.yml"
- ".gitlab/ci/qa.gitlab-ci.yml"
+.gitaly-patterns: &gitaly-patterns
+ - "GITALY_SERVER_VERSION"
+
.workhorse-patterns: &workhorse-patterns
- "GITLAB_WORKHORSE_VERSION"
- "workhorse/**/*"
@@ -119,7 +123,7 @@
- ".gitlab-ci.yml"
- ".gitlab/ci/**/*.yml"
- "lib/gitlab/ci/templates/**/*.yml"
- - "{,ee/}changelogs/**/*.yml"
+ - "{,ee/,jh/}changelogs/**/*.yml"
.docs-patterns: &docs-patterns
- ".gitlab/route-map.yml"
@@ -138,7 +142,7 @@
- "config/webpack.config.js"
- "config/**/*.js"
- "vendor/assets/**/*"
- - "{,ee/}app/assets/**/*"
+ - "{,ee/,jh/}app/assets/**/*"
.frontend-patterns: &frontend-patterns
- "{package.json,yarn.lock}"
@@ -148,45 +152,48 @@
- "Dockerfile.assets"
- "config/**/*.js"
- "vendor/assets/**/*"
- - "{,ee/}{app/assets,app/helpers,app/presenters,app/views,locale,public,symbol}/**/*"
+ - "{,ee/,jh/}{app/assets,app/helpers,app/presenters,app/views,locale,public,symbol}/**/*"
+
+.startup-css-patterns: &startup-css-patterns
+ - "{,ee/,jh/}app/assets/stylesheets/startup/**/*"
.backend-patterns: &backend-patterns
- "Gemfile{,.lock}"
- "Rakefile"
- "config.ru"
# List explicitly all the app/ dirs that are backend (i.e. all except app/assets).
- - "{,ee/}{app/channels,app/controllers,app/finders,app/graphql,app/helpers,app/mailers,app/models,app/policies,app/presenters,app/serializers,app/services,app/uploaders,app/validators,app/views,app/workers}/**/*"
- - "{,ee/}{bin,cable,config,db,lib}/**/*"
- - "{,ee/}spec/**/*.rb"
+ - "{,ee/,jh/}{app/channels,app/controllers,app/finders,app/graphql,app/helpers,app/mailers,app/models,app/policies,app/presenters,app/serializers,app/services,app/uploaders,app/validators,app/views,app/workers}/**/*"
+ - "{,ee/,jh/}{bin,cable,config,db,lib}/**/*"
+ - "{,ee/,jh/}spec/**/*.rb"
# CI changes
- ".gitlab-ci.yml"
- ".gitlab/ci/**/*"
- "*_VERSION"
.db-patterns: &db-patterns
- - "{,ee/}{,spec/}{db,migrations}/**/*"
- - "{,ee/}{,spec/}lib/{,ee/}gitlab/database/**/*"
- - "{,ee/}{,spec/}lib/{,ee/}gitlab/database{,_spec}.rb"
- - "{,ee/}{,spec/}lib/{,ee/}gitlab/background_migration/**/*"
- - "{,ee/}{,spec/}lib/{,ee/}gitlab/background_migration{,_spec}.rb"
- - "{,ee/}spec/support/helpers/database/**/*"
+ - "{,ee/,jh/}{,spec/}{db,migrations}/**/*"
+ - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/database/**/*"
+ - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/database{,_spec}.rb"
+ - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/background_migration/**/*"
+ - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/background_migration{,_spec}.rb"
+ - "{,ee/,jh/}spec/support/helpers/database/**/*"
- "config/prometheus/common_metrics.yml" # Used by Gitlab::DatabaseImporters::CommonMetrics::Importer
- - "{,ee/}app/models/project_statistics.rb" # Used to calculate sizes in migration specs
+ - "{,ee/,jh/}app/models/project_statistics.rb" # Used to calculate sizes in migration specs
# CI changes
- ".gitlab-ci.yml"
- ".gitlab/ci/**/*"
.db-library-patterns: &db-library-patterns
- - "{,ee/}{,spec/}lib/{,ee/}gitlab/database/**/*"
- - "{,ee/}{,spec/}lib/{,ee/}gitlab/database{,_spec}.rb"
- - "{,ee/}spec/support/helpers/database/**/*"
+ - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/database/**/*"
+ - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/database{,_spec}.rb"
+ - "{,ee/,jh/}spec/support/helpers/database/**/*"
.backstage-patterns: &backstage-patterns
- "Dangerfile"
- "danger/**/*"
- - "{,ee/}fixtures/**/*"
- - "{,ee/}rubocop/**/*"
- - "{,ee/}spec/**/*"
+ - "{,ee/,jh/}fixtures/**/*"
+ - "{,ee/,jh/}rubocop/**/*"
+ - "{,ee/,jh/}spec/**/*"
- "{,spec/}tooling/**/*"
.code-patterns: &code-patterns
@@ -206,7 +213,7 @@
- "Rakefile"
- "tests.yml"
- "config.ru"
- - "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*"
+ - "{,ee/,jh/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*"
- "doc/api/graphql/reference/*" # Files in this folder are auto-generated
- "data/whats_new/*.yml"
@@ -231,15 +238,15 @@
- "Rakefile"
- "tests.yml"
- "config.ru"
- - "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*"
+ - "{,ee/,jh/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*"
- "doc/api/graphql/reference/*" # Files in this folder are auto-generated
- "data/whats_new/*.yml"
# Backstage changes
- "Dangerfile"
- "danger/**/*"
- - "{,ee/}fixtures/**/*"
- - "{,ee/}rubocop/**/*"
- - "{,ee/}spec/**/*"
+ - "{,ee/,jh/}fixtures/**/*"
+ - "{,ee/,jh/}rubocop/**/*"
+ - "{,ee/,jh/}spec/**/*"
- "{,spec/}tooling/**/*"
.code-qa-patterns: &code-qa-patterns
@@ -259,7 +266,7 @@
- "Rakefile"
- "tests.yml"
- "config.ru"
- - "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*"
+ - "{,ee/,jh/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*"
- "doc/api/graphql/reference/*" # Files in this folder are auto-generated
- "data/whats_new/*.yml"
# QA changes
@@ -283,15 +290,15 @@
- "Rakefile"
- "tests.yml"
- "config.ru"
- - "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*"
+ - "{,ee/,jh/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*"
- "doc/api/graphql/reference/*" # Files in this folder are auto-generated
- "data/whats_new/*.yml"
# Backstage changes
- "Dangerfile"
- "danger/**/*"
- - "{,ee/}fixtures/**/*"
- - "{,ee/}rubocop/**/*"
- - "{,ee/}spec/**/*"
+ - "{,ee/,jh/}fixtures/**/*"
+ - "{,ee/,jh/}rubocop/**/*"
+ - "{,ee/,jh/}spec/**/*"
- "{,spec/}tooling/**/*"
# QA changes
- ".dockerignore"
@@ -306,6 +313,11 @@
- <<: *if-security-schedule
- <<: *if-merge-request-title-update-caches
+.shared:rules:update-gitaly-binaries-cache:
+ rules:
+ - <<: *if-merge-request-title-update-caches
+ - changes: *gitaly-patterns
+
######################
# Build images rules #
######################
@@ -317,6 +329,8 @@
changes: *ci-build-images-patterns
- <<: *if-dot-com-gitlab-org-and-security-merge-request
changes: *code-qa-patterns
+ - <<: *if-dot-com-gitlab-org-default-branch
+ changes: *code-qa-patterns
- <<: *if-dot-com-gitlab-org-schedule
.build-images:rules:build-assets-image:
@@ -440,6 +454,8 @@
- <<: *if-merge-request-title-as-if-foss
- <<: *if-merge-request-title-run-all-rspec
- <<: *if-merge-request
+ changes: *startup-css-patterns
+ - <<: *if-merge-request
changes: *ci-patterns
.frontend:rules:eslint-as-if-foss:
@@ -1130,6 +1146,20 @@
changes: *code-qa-patterns
allow_failure: true
+.review:rules:review-qa-smoke-report:
+ rules:
+ - <<: *if-not-ee
+ when: never
+ - <<: *if-dot-com-gitlab-org-merge-request
+ changes: *ci-review-patterns
+ when: always
+ - <<: *if-dot-com-gitlab-org-merge-request
+ changes: *frontend-patterns
+ when: always
+ - <<: *if-dot-com-gitlab-org-merge-request
+ changes: *code-qa-patterns
+ when: always
+
.review:rules:review-qa-all:
rules:
- <<: *if-not-ee
@@ -1142,6 +1172,19 @@
changes: *qa-patterns
allow_failure: true
+.review:rules:review-qa-all-report:
+ rules:
+ - <<: *if-not-ee
+ when: never
+ - <<: *if-dot-com-gitlab-org-merge-request
+ changes: *code-patterns
+ when: manual
+ allow_failure: true
+ - <<: *if-dot-com-gitlab-org-merge-request
+ changes: *qa-patterns
+ allow_failure: true
+ when: always
+
.review:rules:review-cleanup:
rules:
- <<: *if-not-ee
diff --git a/.gitlab/ci/untamper-my-lockfile.yml b/.gitlab/ci/untamper-my-lockfile.yml
deleted file mode 100644
index 54ba160f1bd..00000000000
--- a/.gitlab/ci/untamper-my-lockfile.yml
+++ /dev/null
@@ -1,26 +0,0 @@
-untamper-my-lockfile:
- image: registry.gitlab.com/gitlab-org/frontend/untamper-my-lockfile:main
- stage: test
- needs: []
- before_script: []
- after_script: []
- cache: {}
- retry: 1
- script:
- - untamper-my-lockfile --lockfile yarn.lock
- rules:
- # Create a pipeline if the branch is named 'add-untamper-my-lockfile' in
- # order to have an integration check added in the MR that introduces it
- - if: $CI_COMMIT_REF_NAME == "add-untamper-my-lockfile"
- # Create a pipeline if there are changes in yarn.lock _and_ we are in a
- # merge request _or_ branch pipeline.
- #
- # This ensures that the pipeline isn't run in scheduled jobs for example
- #
- # Also our best effort to support both branch and MR pipelines. In certain
- # projects this might trigger _two_ pipelines. These projects can be fixed
- # by adding proper workflow:rules
- # https://docs.gitlab.com/ee/ci/yaml/#workflowrules
- - if: $CI_PIPELINE_SOURCE == "merge_request_event" || $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH
- changes:
- - yarn.lock
diff --git a/.gitlab/ci/yaml.gitlab-ci.yml b/.gitlab/ci/yaml.gitlab-ci.yml
index c597d992760..a0961866465 100644
--- a/.gitlab/ci/yaml.gitlab-ci.yml
+++ b/.gitlab/ci/yaml.gitlab-ci.yml
@@ -10,5 +10,4 @@ lint-yaml:
variables:
LINT_PATHS: .gitlab-ci.yml .gitlab/ci lib/gitlab/ci/templates changelogs
script:
- - '[[ ! -d "ee/" ]] || export LINT_PATHS="$LINT_PATHS ee/changelogs"'
- yamllint -f colored $LINT_PATHS
diff --git a/.gitlab/issue_templates/Documentation.md b/.gitlab/issue_templates/Documentation.md
index f05d7049b7f..c58b6d0cf06 100644
--- a/.gitlab/issue_templates/Documentation.md
+++ b/.gitlab/issue_templates/Documentation.md
@@ -25,7 +25,7 @@
* Include use cases, benefits, and/or goals for this work.
* If adding content: What audience is it intended for? (What roles and scenarios?)
For ideas, see personas at https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/ or the persona labels at
- https://gitlab.com/groups/gitlab-org/-/labels?utf8=%E2%9C%93&subscribed=&search=persona%3A
+ https://gitlab.com/groups/gitlab-org/-/labels?subscribed=&search=persona%3A
-->
### Proposal
diff --git a/.gitlab/issue_templates/Feature Flag Removal.md b/.gitlab/issue_templates/Feature Flag Removal.md
deleted file mode 100644
index c061ab8516c..00000000000
--- a/.gitlab/issue_templates/Feature Flag Removal.md
+++ /dev/null
@@ -1,28 +0,0 @@
-<!-- Title suggestion: [Feature flag] Remove FEATURE_FLAG_NAME -->
-
-## Feature
-
-The `:feature_name` feature flag was previously [enabled by default](URL) and should be removed.
-
-## Owners
-
-- Group: ~"group::GROUP_NAME"
-- Slack channel: `#g_GROUP_NAME`
-- DRI: USERNAME
-- PM: USERNAME
-
-**Removal**
-
-This is an __important__ phase, that should be either done in the next Milestone or as soon as possible. For the cleanup phase, please follow our documentation on how to [clean up the feature flag](https://docs.gitlab.com/ee/development/feature_flags/controls.html#cleaning-up).
-
-- [ ] Remove `:feature_name` feature flag
- - [ ] Remove all references to the feature flag from the codebase
- - [ ] Remove the YAML definitions for the feature from the repository
- - [ ] Create a Changelog Entry
-
-- [ ] Clean up the feature flag from all environments by running this chatops command in `#production` channel `/chatops run feature delete some_feature`.
-
-- [ ] Close this issue after the feature flag is removed from the codebase.
-
-/label ~"feature flag" ~"technical debt"
-/assign DRI
diff --git a/.gitlab/issue_templates/Feature Flag Roll Out.md b/.gitlab/issue_templates/Feature Flag Roll Out.md
index f07604d2d3d..424b752d1b4 100644
--- a/.gitlab/issue_templates/Feature Flag Roll Out.md
+++ b/.gitlab/issue_templates/Feature Flag Roll Out.md
@@ -110,6 +110,12 @@ To do so, follow these steps:
the feature can be officially announced in a release blog post.
- [ ] `/chatops run auto_deploy status <merge-commit>`
- [ ] Close [the feature issue](ISSUE LINK) to indicate the feature will be released in the current milestone.
+- [ ] Set the next milestone to this rollout issue for scheduling [the flag removal](#release-the-feature).
+- [ ] (Optional) You can create a separate issue for scheduling the steps below to [Release the feature](#release-the-feature).
+ - [ ] Set the title to "[Feature flag] Cleanup `<feature-flag-name>`".
+ - [ ] Execute the `/copy_metadata <this-rollout-issue-link>` quick action to copy the labels from this rollout issue.
+ - [ ] Link this rollout issue as a related issue.
+ - [ ] Close this rollout issue.
**WARNING:** This approach has the downside that it makes it difficult for us to
[clean up](https://docs.gitlab.com/ee/development/feature_flags/controls.html#cleaning-up) the flag.
diff --git a/.gitlab/issue_templates/Geo Replicate a new Git repository type.md b/.gitlab/issue_templates/Geo Replicate a new Git repository type.md
index feabef36f20..be6fef40f3a 100644
--- a/.gitlab/issue_templates/Geo Replicate a new Git repository type.md
+++ b/.gitlab/issue_templates/Geo Replicate a new Git repository type.md
@@ -513,6 +513,12 @@ That's all of the required database changes.
last_synced_at { 1.day.ago }
retry_count { 0 }
end
+
+ trait :verification_succeeded do
+ verification_checksum { 'e079a831cab27bcda7d81cd9b48296d0c3dd92ef' }
+ verification_state { Geo::CoolWidgetRegistry.verification_state_value(:verification_succeeded) }
+ verified_at { 5.days.ago }
+ end
end
end
```
diff --git a/.gitlab/issue_templates/Geo Replicate a new blob type.md b/.gitlab/issue_templates/Geo Replicate a new blob type.md
index b9e69d36ecc..c7bbb6b937c 100644
--- a/.gitlab/issue_templates/Geo Replicate a new blob type.md
+++ b/.gitlab/issue_templates/Geo Replicate a new blob type.md
@@ -479,6 +479,12 @@ That's all of the required database changes.
last_synced_at { 1.day.ago }
retry_count { 0 }
end
+
+ trait :verification_succeeded do
+ verification_checksum { 'e079a831cab27bcda7d81cd9b48296d0c3dd92ef' }
+ verification_state { Geo::CoolWidgetRegistry.verification_state_value(:verification_succeeded) }
+ verified_at { 5.days.ago }
+ end
end
end
```
diff --git a/.gitlab/merge_request_templates/Documentation.md b/.gitlab/merge_request_templates/Documentation.md
index fac84d98141..9c6b5a73b4f 100644
--- a/.gitlab/merge_request_templates/Documentation.md
+++ b/.gitlab/merge_request_templates/Documentation.md
@@ -52,8 +52,8 @@ All reviewers can help ensure accuracy, clarity, completeness, and adherence to
- [ ] Technical writer review. If not requested for this MR, must be scheduled post-merge. To request for this MR, assign the writer listed for the applicable [DevOps stage](https://about.gitlab.com/handbook/product/categories/#devops-stages).
- [ ] Ensure docs metadata are present and up-to-date.
- [ ] Ensure ~"Technical Writing" and ~"documentation" are added.
- - [ ] Add the corresponding `docs::` [scoped label](https://gitlab.com/groups/gitlab-org/-/labels?utf8=%E2%9C%93&subscribed=&search=docs%3A%3A).
- - [ ] If working on UI text, add the corresponding `UI Text` [scoped label](https://gitlab.com/groups/gitlab-org/-/labels?utf8=%E2%9C%93&subscribed=&search=ui+text).
+ - [ ] Add the corresponding `docs::` [scoped label](https://gitlab.com/groups/gitlab-org/-/labels?subscribed=&search=docs%3A%3A).
+ - [ ] If working on UI text, add the corresponding `UI Text` [scoped label](https://gitlab.com/groups/gitlab-org/-/labels?subscribed=&search=ui+text).
- [ ] Add ~"tw::doing" when starting work on the MR.
- [ ] Add ~"tw::finished" if Technical Writing team work on the MR is complete but it remains open.
diff --git a/.gitlab/merge_request_templates/Security Release.md b/.gitlab/merge_request_templates/Security Release.md
index fccfad18ef0..77e8718c34f 100644
--- a/.gitlab/merge_request_templates/Security Release.md
+++ b/.gitlab/merge_request_templates/Security Release.md
@@ -16,7 +16,7 @@ See [the general developer security release guidelines](https://gitlab.com/gitla
- [ ] Merge request targets `master`, or a versioned stable branch (`X-Y-stable-ee`).
- [ ] Milestone is set for the version this merge request applies to. A closed milestone can be assigned via [quick actions].
- [ ] Title of this merge request is the same as for all backports.
-- [ ] A [CHANGELOG entry] is added without a `merge_request` value, with `type` set to `security`
+- [ ] A [CHANGELOG entry] has been included, with `Changelog` trailer set to `security`.
- [ ] For the MR targeting `master`:
- [ ] Assign to a reviewer and maintainer, per our [Code Review process].
- [ ] Ensure it's approved according to our [Approval Guidelines].
@@ -37,7 +37,7 @@ See [the general developer security release guidelines](https://gitlab.com/gitla
[GitLab Security]: https://gitlab.com/gitlab-org/security/gitlab
[quick actions]: https://docs.gitlab.com/ee/user/project/quick_actions.html#quick-actions-for-issues-merge-requests-and-epics
-[CHANGELOG entry]: https://docs.gitlab.com/ee/development/changelog.html
+[CHANGELOG entry]: https://docs.gitlab.com/ee/development/changelog.html#overview
[Code Review process]: https://docs.gitlab.com/ee/development/code_review.html
[Approval Guidelines]: https://docs.gitlab.com/ee/development/code_review.html#approval-guidelines
[Canonical repository]: https://gitlab.com/gitlab-org/gitlab