diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-06-16 18:25:58 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-06-16 18:25:58 +0000 |
| commit | a5f4bba440d7f9ea47046a0a561d49adf0a1e6d4 (patch) | |
| tree | fb69158581673816a8cd895f9d352dcb3c678b1e /.gitlab | |
| parent | d16b2e8639e99961de6ddc93909f3bb5c1445ba1 (diff) | |
| download | gitlab-ce-a5f4bba440d7f9ea47046a0a561d49adf0a1e6d4.tar.gz | |
Add latest changes from gitlab-org/gitlab@14-0-stable-eev14.0.0-rc42
Diffstat (limited to '.gitlab')
| -rw-r--r-- | .gitlab/CODEOWNERS | 28 | ||||
| -rw-r--r-- | .gitlab/changelog_config.yml | 5 | ||||
| -rw-r--r-- | .gitlab/ci/docs.gitlab-ci.yml | 6 | ||||
| -rw-r--r-- | .gitlab/ci/frontend.gitlab-ci.yml | 27 | ||||
| -rw-r--r-- | .gitlab/ci/global.gitlab-ci.yml | 33 | ||||
| -rw-r--r-- | .gitlab/ci/rails.gitlab-ci.yml | 10 | ||||
| -rw-r--r-- | .gitlab/ci/reports.gitlab-ci.yml | 2 | ||||
| -rw-r--r-- | .gitlab/ci/review.gitlab-ci.yml | 54 | ||||
| -rw-r--r-- | .gitlab/ci/rules.gitlab-ci.yml | 101 | ||||
| -rw-r--r-- | .gitlab/ci/untamper-my-lockfile.yml | 26 | ||||
| -rw-r--r-- | .gitlab/ci/yaml.gitlab-ci.yml | 1 | ||||
| -rw-r--r-- | .gitlab/issue_templates/Documentation.md | 2 | ||||
| -rw-r--r-- | .gitlab/issue_templates/Feature Flag Removal.md | 28 | ||||
| -rw-r--r-- | .gitlab/issue_templates/Feature Flag Roll Out.md | 6 | ||||
| -rw-r--r-- | .gitlab/issue_templates/Geo Replicate a new Git repository type.md | 6 | ||||
| -rw-r--r-- | .gitlab/issue_templates/Geo Replicate a new blob type.md | 6 | ||||
| -rw-r--r-- | .gitlab/merge_request_templates/Documentation.md | 4 | ||||
| -rw-r--r-- | .gitlab/merge_request_templates/Security Release.md | 4 |
18 files changed, 237 insertions, 112 deletions
diff --git a/.gitlab/CODEOWNERS b/.gitlab/CODEOWNERS index acb80bd194b..361d1124a78 100644 --- a/.gitlab/CODEOWNERS +++ b/.gitlab/CODEOWNERS @@ -7,6 +7,8 @@ *.rake @gitlab-org/maintainers/rails-backend [Documentation Directories] +.markdownlint.yml @marcel.amirault @eread @aqualls @cnorris +/doc/.markdownlint @marcel.amirault @eread @aqualls @cnorris /doc/ @gl-docsteam /doc/.vale/ @marcel.amirault @eread @aqualls @cnorris /doc/administration/geo/ @axil @@ -21,7 +23,7 @@ /doc/administration/redis/ @axil /doc/administration/reference_architectures/ @axil /doc/administration/snippets/ @aqualls -/doc/administration/troubleshooting @axil @marcia +/doc/administration/troubleshooting @axil @marcia @eread /doc/api/group_activity_analytics.md @msedlakjakubowski /doc/ci/ @marcel.amirault @sselhorn /doc/ci/environments/ @axil @@ -29,10 +31,11 @@ /doc/ci/test_cases/ @msedlakjakubowski /doc/development/ @marcia /doc/development/documentation/ @cnorris +/doc/development/i18n/ @ngaskill /doc/development/value_stream_analytics.md @msedlakjakubowski /doc/gitlab-basics/ @marcia /doc/install/ @axil -/doc/integration/ @aqualls +/doc/integration/ @aqualls @eread /doc/operations/ @ngaskill @axil /doc/push_rules/ @aqualls /doc/ssh/ @eread @@ -43,7 +46,7 @@ /doc/user/analytics/ @msedlakjakubowski @ngaskill /doc/user/application_security @rdickenson /doc/user/clusters/ @marcia -/doc/user/compliance/ @rdickenson +/doc/user/compliance/ @rdickenson @eread /doc/user/group/ @msedlakjakubowski /doc/user/group/bulk_editing/ @msedlakjakubowski /doc/user/group/devops_adoption/ @msedlakjakubowski @@ -54,10 +57,10 @@ /doc/user/group/value_stream_analytics/ @msedlakjakubowski /doc/user/infrastructure/ @marcia /doc/user/packages/ @ngaskill -/doc/user/profile/ @msedlakjakubowski +/doc/user/profile/ @msedlakjakubowski @eread /doc/user/project/ @aqualls @axil @eread @msedlakjakubowski @ngaskill /doc/user/project/clusters/ @ngaskill -/doc/user/project/import/ @msedlakjakubowski +/doc/user/project/import/ @ngaskill @msedlakjakubowski /doc/user/project/integrations/ @aqualls /doc/user/project/integrations/prometheus_library/ @ngaskill /doc/user/project/issues/ @msedlakjakubowski @@ -65,7 +68,7 @@ /doc/user/project/milestones/ @msedlakjakubowski /doc/user/project/pages/ @axil /doc/user/project/repository/ @aqualls -/doc/user/project/settings/ @aqualls +/doc/user/project/settings/ @aqualls @eread /doc/user/project/static_site_editor/index.md @aqualls /doc/user/project/web_ide/index.md @aqualls /doc/user/project/wiki/index.md @aqualls @@ -200,7 +203,8 @@ Dangerfile @gl-quality/eng-prod [Templates] /lib/gitlab/ci/templates/ @nolith @shinya.maeda @matteeyah /lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml @DylanGriffith @mayra-cabrera @tkuah -/lib/gitlab/ci/templates/Security/ @plafoucriere @gonzoyumo @twoodham @sethgitlab +/lib/gitlab/ci/templates/Security/ @gonzoyumo @twoodham @sethgitlab @thiagocsf +/lib/gitlab/ci/templates/Security/Container-Scanning.*.yml @gitlab-org/protect/container-security-backend [Project Alias] /ee/app/models/project_alias.rb @patrickbajao @@ -216,6 +220,8 @@ Dangerfile @gl-quality/eng-prod /ee/app/policies/vulnerabilities/ @gitlab-org/secure/threat-insights-backend-team /ee/app/policies/vulnerability*.rb @gitlab-org/secure/threat-insights-backend-team /ee/lib/api/vulnerabilit*.rb @gitlab-org/secure/threat-insights-backend-team +/ee/lib/gitlab/ci/reports/security/vulnerability_reports_comparer.rb @gitlab-org/secure/threat-insights-backend-team +/ee/spec/lib/gitlab/ci/reports/security/vulnerability_reports_comparer_spec.rb @gitlab-org/secure/threat-insights-backend-team /ee/spec/policies/vulnerabilities/ @gitlab-org/secure/threat-insights-backend-team /ee/spec/policies/vulnerability*.rb @gitlab-org/secure/threat-insights-backend-team @@ -333,3 +339,11 @@ Dangerfile @gl-quality/eng-prod [Application Security] /lib/gitlab/content_security_policy/ @gitlab-com/gl-security/appsec + +[Gitaly] +lib/gitlab/git_access.rb @proglottis @toon @zj-gitlab +lib/gitlab/git_access_*.rb @proglottis @toon @zj-gitlab +ee/lib/ee/gitlab/git_access.rb @proglottis @toon @zj-gitlab +ee/lib/ee/gitlab/git_access_*.rb @proglottis @toon @zj-gitlab +ee/lib/ee/gitlab/checks/** @proglottis @toon @zj-gitlab +lib/gitlab/checks/** @proglottis @toon @zj-gitlab diff --git a/.gitlab/changelog_config.yml b/.gitlab/changelog_config.yml index 7aa18cc8f36..6069cd17a08 100644 --- a/.gitlab/changelog_config.yml +++ b/.gitlab/changelog_config.yml @@ -36,3 +36,8 @@ template: | {% else %} No changes. {% end %} +# The tag format for gitlab-org/gitlab is vX.Y.Z(-rcX)-ee. The -ee prefix would +# be treated as a pre-release identifier, which can result in the wrong tag +# being used as the starting point of a changelog commit range. The custom regex +# here is used to ensure we find the correct tag. +tag_regex: '^v(?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)-ee$' diff --git a/.gitlab/ci/docs.gitlab-ci.yml b/.gitlab/ci/docs.gitlab-ci.yml index 35d462584ee..a4317c72413 100644 --- a/.gitlab/ci/docs.gitlab-ci.yml +++ b/.gitlab/ci/docs.gitlab-ci.yml @@ -10,8 +10,8 @@ # because some repos are private and CI_JOB_TOKEN cannot access files. # See https://gitlab.com/gitlab-org/gitlab/issues/191273 GIT_DEPTH: 1 - # By default, deploy the Review App using the `master` branch of the `gitlab-org/gitlab-docs` project - DOCS_BRANCH: master + # By default, deploy the Review App using the `main` branch of the `gitlab-org/gitlab-docs` project + DOCS_BRANCH: main environment: name: review-docs/mr-${CI_MERGE_REQUEST_IID} # DOCS_REVIEW_APPS_DOMAIN and DOCS_GITLAB_REPO_SUFFIX are CI variables @@ -54,8 +54,6 @@ docs-lint links: extends: - .docs:rules:docs-lint image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-html:alpine-3.13-ruby-2.7.2 - # TODO: revert to .default-retry when https://gitlab.com/gitlab-org/gitlab/-/issues/331002 is fixed. - retry: 2 stage: test needs: [] script: diff --git a/.gitlab/ci/frontend.gitlab-ci.yml b/.gitlab/ci/frontend.gitlab-ci.yml index 33aab8554e7..dfd595c2696 100644 --- a/.gitlab/ci/frontend.gitlab-ci.yml +++ b/.gitlab/ci/frontend.gitlab-ci.yml @@ -317,3 +317,30 @@ bundle-size-review: expire_in: 31d paths: - bundle-size-review + +.startup-css-check-base: + extends: + - .frontend-test-base + script: + - *yarn-install + - run_timed_command "yarn generate:startup_css" + - yarn check:startup_css + +startup-css-check: + extends: + - .startup-css-check-base + - .frontend:rules:default-frontend-jobs + needs: + - job: "compile-test-assets" + - job: "rspec frontend_fixture" + - job: "rspec-ee frontend_fixture" + optional: true + +startup-css-check as-if-foss: + extends: + - .startup-css-check-base + - .as-if-foss + - .frontend:rules:default-frontend-jobs-as-if-foss + needs: + - job: "compile-test-assets as-if-foss" + - job: "rspec frontend_fixture as-if-foss" diff --git a/.gitlab/ci/global.gitlab-ci.yml b/.gitlab/ci/global.gitlab-ci.yml index 489b02fe2f6..ba49ddfce9d 100644 --- a/.gitlab/ci/global.gitlab-ci.yml +++ b/.gitlab/ci/global.gitlab-ci.yml @@ -36,6 +36,23 @@ <<: *gitaly-ruby-gems-cache policy: push # We want to rebuild the cache from scratch to ensure stale dependencies are cleaned up. +.gitaly-binaries-cache: &gitaly-binaries-cache + key: + files: + - GITALY_SERVER_VERSION + prefix: "gitaly-binaries" + paths: + - tmp/tests/gitaly/_build/bin/ + - tmp/tests/gitaly/config.toml + - tmp/tests/gitaly/gitaly2.config.toml + - tmp/tests/gitaly/internal/ + - tmp/tests/gitaly/internal_gitaly2/ + - tmp/tests/gitaly/internal_sockets/ + - tmp/tests/gitaly/Makefile + - tmp/tests/gitaly/praefect.config.toml + - tmp/tests/gitaly/ruby/ + policy: pull + .go-pkg-cache: &go-pkg-cache key: "go-pkg-v1" paths: @@ -81,7 +98,7 @@ <<: *rubocop-cache # We want to rebuild the cache from scratch to ensure stale dependencies are cleaned up but RuboCop has a mechanism # for keeping only the N latest cache files, so we take advantage of it with `pull-push`. - policy: pull-push + policy: push .qa-ruby-gems-cache: &qa-ruby-gems-cache key: "qa-ruby-gems-v1" @@ -97,6 +114,7 @@ cache: - *ruby-gems-cache - *gitaly-ruby-gems-cache + - *gitaly-binaries-cache - *go-pkg-cache .setup-test-env-cache-push: @@ -105,6 +123,11 @@ - *gitaly-ruby-gems-cache-push - *go-pkg-cache-push +.gitaly-binaries-cache-push: + cache: + - <<: *gitaly-binaries-cache + policy: push # We want to rebuild the cache from scratch to ensure stale dependencies are cleaned up. + .rails-cache: cache: - *ruby-gems-cache @@ -159,7 +182,7 @@ - *assets-cache-push .use-pg11: - image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.7.2.patched-golang-1.14-git-2.31-lfs-2.9-chrome-89-node-14.15-yarn-1.22-postgresql-11-graphicsmagick-1.3.36" + image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.7.2.patched-golang-1.16-git-2.31-lfs-2.9-chrome-89-node-14.15-yarn-1.22-postgresql-11-graphicsmagick-1.3.36" services: - name: postgres:11.6 command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] @@ -168,7 +191,7 @@ POSTGRES_HOST_AUTH_METHOD: trust .use-pg12: - image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.7.2.patched-golang-1.14-git-2.31-lfs-2.9-chrome-89-node-14.15-yarn-1.22-postgresql-12-graphicsmagick-1.3.36" + image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.7.2.patched-golang-1.16-git-2.31-lfs-2.9-chrome-89-node-14.15-yarn-1.22-postgresql-12-graphicsmagick-1.3.36" services: - name: postgres:12 command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] @@ -177,7 +200,7 @@ POSTGRES_HOST_AUTH_METHOD: trust .use-pg11-ee: - image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.7.2.patched-golang-1.14-git-2.31-lfs-2.9-chrome-89-node-14.15-yarn-1.22-postgresql-11-graphicsmagick-1.3.36" + image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.7.2.patched-golang-1.16-git-2.31-lfs-2.9-chrome-89-node-14.15-yarn-1.22-postgresql-11-graphicsmagick-1.3.36" services: - name: postgres:11.6 command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] @@ -188,7 +211,7 @@ POSTGRES_HOST_AUTH_METHOD: trust .use-pg12-ee: - image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.7.2.patched-golang-1.14-git-2.31-lfs-2.9-chrome-89-node-14.15-yarn-1.22-postgresql-12-graphicsmagick-1.3.36" + image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.7.2.patched-golang-1.16-git-2.31-lfs-2.9-chrome-89-node-14.15-yarn-1.22-postgresql-12-graphicsmagick-1.3.36" services: - name: postgres:12 command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] diff --git a/.gitlab/ci/rails.gitlab-ci.yml b/.gitlab/ci/rails.gitlab-ci.yml index 68804b0f4c1..b74c8ebf575 100644 --- a/.gitlab/ci/rails.gitlab-ci.yml +++ b/.gitlab/ci/rails.gitlab-ci.yml @@ -8,7 +8,7 @@ .minimal-bundle-install: script: - - export BUNDLE_WITHOUT="${BUNDLE_WITHOUT}:default:test:puma:unicorn:kerberos:metrics:omnibus:ed25519" + - export BUNDLE_WITHOUT="${BUNDLE_WITHOUT}:default:test:puma:kerberos:metrics:omnibus:ed25519" - bundle_install_script .base-script: @@ -192,6 +192,14 @@ update-setup-test-env-cache: artifacts: paths: [] # This job's purpose is only to update the cache. +update-gitaly-binaries-cache: + extends: + - setup-test-env + - .gitaly-binaries-cache-push + - .shared:rules:update-gitaly-binaries-cache + artifacts: + paths: [] # This job's purpose is only to update the cache. + .coverage-base: extends: - .default-retry diff --git a/.gitlab/ci/reports.gitlab-ci.yml b/.gitlab/ci/reports.gitlab-ci.yml index 0162996e3a9..4cc03fdb1a4 100644 --- a/.gitlab/ci/reports.gitlab-ci.yml +++ b/.gitlab/ci/reports.gitlab-ci.yml @@ -27,7 +27,7 @@ code_quality: variables: SAST_BRAKEMAN_LEVEL: 2 # GitLab-specific SAST_EXCLUDED_PATHS: "qa, spec, doc, ee/spec, config/gitlab.yml.example, tmp" # GitLab-specific - SAST_DISABLE_BABEL: "true" + SAST_EXCLUDED_ANALYZERS: bandit, flawfinder, phpcs-security-audit, pmd-apex, security-code-scan, spotbugs brakeman-sast: rules: !reference [".reports:rules:sast", rules] diff --git a/.gitlab/ci/review.gitlab-ci.yml b/.gitlab/ci/review.gitlab-ci.yml index 5decc83da2b..cabeb0cc1ac 100644 --- a/.gitlab/ci/review.gitlab-ci.yml +++ b/.gitlab/ci/review.gitlab-ci.yml @@ -39,11 +39,11 @@ review-build-cng: .review-workflow-base: extends: - .default-retry - image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-helm3-kubectl1.14 + image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-helm3.5-kubectl1.17 variables: HOST_SUFFIX: "${CI_ENVIRONMENT_SLUG}" DOMAIN: "-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}" - GITLAB_HELM_CHART_REF: "v4.6.3" + GITLAB_HELM_CHART_REF: "v4.12.0" environment: name: review/${CI_COMMIT_REF_SLUG}${FREQUENCY} url: https://gitlab-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN} @@ -54,6 +54,7 @@ review-deploy: extends: - .review-workflow-base - .review:rules:review-deploy + retry: 2 stage: review needs: ["review-build-cng"] resource_group: "review/${CI_COMMIT_REF_NAME}" @@ -65,18 +66,21 @@ review-deploy: - *base-before_script script: - check_kube_domain - - ensure_namespace + - "ensure_namespace ${KUBE_NAMESPACE}" - install_external_dns - download_chart - date - deploy || (display_deployment_debug && exit 1) + - verify_deploy || exit 1 - disable_sign_ups || (delete_release && exit 1) after_script: # Run seed-dast-test-data.sh only when DAST_RUN is set to true. This is to pupulate review app with data for DAST scan. # Set DAST_RUN to true when jobs are manually scheduled. - if [ "$DAST_RUN" == "true" ]; then source scripts/review_apps/seed-dast-test-data.sh; TRACE=1 trigger_proj_user_creation; fi artifacts: - paths: [environment_url.txt] + paths: + - environment_url.txt + - curl_output.txt expire_in: 7 days when: always @@ -111,7 +115,6 @@ review-stop: .review-qa-base: extends: - - .default-retry - .use-docker-in-docker image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-qa-alpine-ruby-2.7 stage: qa @@ -120,6 +123,7 @@ review-stop: QA_ARTIFACTS_DIR: "${CI_PROJECT_DIR}/qa" QA_CAN_TEST_GIT_PROTOCOL_V2: "false" QA_DEBUG: "true" + QA_GENERATE_ALLURE_REPORT: "true" GITLAB_USERNAME: "root" GITLAB_PASSWORD: "${REVIEW_APPS_ROOT_PASSWORD}" GITLAB_ADMIN_USERNAME: "root" @@ -140,10 +144,32 @@ review-stop: expire_in: 7 days when: always +.allure-report-base: + image: + name: ${GITLAB_DEPENDENCY_PROXY}andrcuns/allure-report-publisher:0.3.2 + entrypoint: [""] + stage: post-qa + variables: + GIT_STRATEGY: none + STORAGE_CREDENTIALS: $QA_ALLURE_REPORT_GCS_CREDENTIALS + GITLAB_AUTH_TOKEN: $GITLAB_QA_MR_ALLURE_REPORT_TOKEN + allow_failure: true + script: + - | + allure-report-publisher upload gcs \ + --results-glob="qa/gitlab-qa-run-*/**/allure-results/*" \ + --bucket="gitlab-qa-allure-reports" \ + --prefix="$ALLURE_REPORT_PATH_PREFIX/$CI_COMMIT_REF_SLUG" \ + --update-pr="comment" \ + --copy-latest \ + --ignore-missing-results \ + --color + review-qa-smoke: extends: - .review-qa-base - .review:rules:review-qa-smoke + retry: 1 # This is confusing but this means "2 runs at max". script: - gitlab-qa Test::Instance::Smoke "${QA_IMAGE}" "${CI_ENVIRONMENT_URL}" @@ -209,6 +235,24 @@ parallel-spec-reports: junit: qa/gitlab-qa-run-*/**/rspec-*.xml expire_in: 31d +allure-report-qa-smoke: + extends: + - .allure-report-base + - .review:rules:review-qa-smoke-report + needs: ["review-qa-smoke"] + variables: + ALLURE_REPORT_PATH_PREFIX: gitlab-review-smoke + ALLURE_JOB_NAME: review-qa-smoke + +allure-report-qa-all: + extends: + - .allure-report-base + - .review:rules:review-qa-all-report + needs: ["review-qa-all"] + variables: + ALLURE_REPORT_PATH_PREFIX: gitlab-review-all + ALLURE_JOB_NAME: review-qa-all + danger-review: extends: - .default-retry diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml index 5c9be5b1e9f..8dd97c1fe69 100644 --- a/.gitlab/ci/rules.gitlab-ci.yml +++ b/.gitlab/ci/rules.gitlab-ci.yml @@ -102,6 +102,7 @@ - ".gitlab/ci/build-images.gitlab-ci.yml" - ".gitlab/ci/review.gitlab-ci.yml" - "scripts/review_apps/base-config.yaml" + - "scripts/review_apps/review-apps.sh" - "scripts/trigger-build" .ci-qa-patterns: &ci-qa-patterns @@ -110,6 +111,9 @@ - ".gitlab/ci/build-images.gitlab-ci.yml" - ".gitlab/ci/qa.gitlab-ci.yml" +.gitaly-patterns: &gitaly-patterns + - "GITALY_SERVER_VERSION" + .workhorse-patterns: &workhorse-patterns - "GITLAB_WORKHORSE_VERSION" - "workhorse/**/*" @@ -119,7 +123,7 @@ - ".gitlab-ci.yml" - ".gitlab/ci/**/*.yml" - "lib/gitlab/ci/templates/**/*.yml" - - "{,ee/}changelogs/**/*.yml" + - "{,ee/,jh/}changelogs/**/*.yml" .docs-patterns: &docs-patterns - ".gitlab/route-map.yml" @@ -138,7 +142,7 @@ - "config/webpack.config.js" - "config/**/*.js" - "vendor/assets/**/*" - - "{,ee/}app/assets/**/*" + - "{,ee/,jh/}app/assets/**/*" .frontend-patterns: &frontend-patterns - "{package.json,yarn.lock}" @@ -148,45 +152,48 @@ - "Dockerfile.assets" - "config/**/*.js" - "vendor/assets/**/*" - - "{,ee/}{app/assets,app/helpers,app/presenters,app/views,locale,public,symbol}/**/*" + - "{,ee/,jh/}{app/assets,app/helpers,app/presenters,app/views,locale,public,symbol}/**/*" + +.startup-css-patterns: &startup-css-patterns + - "{,ee/,jh/}app/assets/stylesheets/startup/**/*" .backend-patterns: &backend-patterns - "Gemfile{,.lock}" - "Rakefile" - "config.ru" # List explicitly all the app/ dirs that are backend (i.e. all except app/assets). - - "{,ee/}{app/channels,app/controllers,app/finders,app/graphql,app/helpers,app/mailers,app/models,app/policies,app/presenters,app/serializers,app/services,app/uploaders,app/validators,app/views,app/workers}/**/*" - - "{,ee/}{bin,cable,config,db,lib}/**/*" - - "{,ee/}spec/**/*.rb" + - "{,ee/,jh/}{app/channels,app/controllers,app/finders,app/graphql,app/helpers,app/mailers,app/models,app/policies,app/presenters,app/serializers,app/services,app/uploaders,app/validators,app/views,app/workers}/**/*" + - "{,ee/,jh/}{bin,cable,config,db,lib}/**/*" + - "{,ee/,jh/}spec/**/*.rb" # CI changes - ".gitlab-ci.yml" - ".gitlab/ci/**/*" - "*_VERSION" .db-patterns: &db-patterns - - "{,ee/}{,spec/}{db,migrations}/**/*" - - "{,ee/}{,spec/}lib/{,ee/}gitlab/database/**/*" - - "{,ee/}{,spec/}lib/{,ee/}gitlab/database{,_spec}.rb" - - "{,ee/}{,spec/}lib/{,ee/}gitlab/background_migration/**/*" - - "{,ee/}{,spec/}lib/{,ee/}gitlab/background_migration{,_spec}.rb" - - "{,ee/}spec/support/helpers/database/**/*" + - "{,ee/,jh/}{,spec/}{db,migrations}/**/*" + - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/database/**/*" + - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/database{,_spec}.rb" + - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/background_migration/**/*" + - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/background_migration{,_spec}.rb" + - "{,ee/,jh/}spec/support/helpers/database/**/*" - "config/prometheus/common_metrics.yml" # Used by Gitlab::DatabaseImporters::CommonMetrics::Importer - - "{,ee/}app/models/project_statistics.rb" # Used to calculate sizes in migration specs + - "{,ee/,jh/}app/models/project_statistics.rb" # Used to calculate sizes in migration specs # CI changes - ".gitlab-ci.yml" - ".gitlab/ci/**/*" .db-library-patterns: &db-library-patterns - - "{,ee/}{,spec/}lib/{,ee/}gitlab/database/**/*" - - "{,ee/}{,spec/}lib/{,ee/}gitlab/database{,_spec}.rb" - - "{,ee/}spec/support/helpers/database/**/*" + - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/database/**/*" + - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/database{,_spec}.rb" + - "{,ee/,jh/}spec/support/helpers/database/**/*" .backstage-patterns: &backstage-patterns - "Dangerfile" - "danger/**/*" - - "{,ee/}fixtures/**/*" - - "{,ee/}rubocop/**/*" - - "{,ee/}spec/**/*" + - "{,ee/,jh/}fixtures/**/*" + - "{,ee/,jh/}rubocop/**/*" + - "{,ee/,jh/}spec/**/*" - "{,spec/}tooling/**/*" .code-patterns: &code-patterns @@ -206,7 +213,7 @@ - "Rakefile" - "tests.yml" - "config.ru" - - "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*" + - "{,ee/,jh/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*" - "doc/api/graphql/reference/*" # Files in this folder are auto-generated - "data/whats_new/*.yml" @@ -231,15 +238,15 @@ - "Rakefile" - "tests.yml" - "config.ru" - - "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*" + - "{,ee/,jh/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*" - "doc/api/graphql/reference/*" # Files in this folder are auto-generated - "data/whats_new/*.yml" # Backstage changes - "Dangerfile" - "danger/**/*" - - "{,ee/}fixtures/**/*" - - "{,ee/}rubocop/**/*" - - "{,ee/}spec/**/*" + - "{,ee/,jh/}fixtures/**/*" + - "{,ee/,jh/}rubocop/**/*" + - "{,ee/,jh/}spec/**/*" - "{,spec/}tooling/**/*" .code-qa-patterns: &code-qa-patterns @@ -259,7 +266,7 @@ - "Rakefile" - "tests.yml" - "config.ru" - - "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*" + - "{,ee/,jh/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*" - "doc/api/graphql/reference/*" # Files in this folder are auto-generated - "data/whats_new/*.yml" # QA changes @@ -283,15 +290,15 @@ - "Rakefile" - "tests.yml" - "config.ru" - - "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*" + - "{,ee/,jh/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*" - "doc/api/graphql/reference/*" # Files in this folder are auto-generated - "data/whats_new/*.yml" # Backstage changes - "Dangerfile" - "danger/**/*" - - "{,ee/}fixtures/**/*" - - "{,ee/}rubocop/**/*" - - "{,ee/}spec/**/*" + - "{,ee/,jh/}fixtures/**/*" + - "{,ee/,jh/}rubocop/**/*" + - "{,ee/,jh/}spec/**/*" - "{,spec/}tooling/**/*" # QA changes - ".dockerignore" @@ -306,6 +313,11 @@ - <<: *if-security-schedule - <<: *if-merge-request-title-update-caches +.shared:rules:update-gitaly-binaries-cache: + rules: + - <<: *if-merge-request-title-update-caches + - changes: *gitaly-patterns + ###################### # Build images rules # ###################### @@ -317,6 +329,8 @@ changes: *ci-build-images-patterns - <<: *if-dot-com-gitlab-org-and-security-merge-request changes: *code-qa-patterns + - <<: *if-dot-com-gitlab-org-default-branch + changes: *code-qa-patterns - <<: *if-dot-com-gitlab-org-schedule .build-images:rules:build-assets-image: @@ -440,6 +454,8 @@ - <<: *if-merge-request-title-as-if-foss - <<: *if-merge-request-title-run-all-rspec - <<: *if-merge-request + changes: *startup-css-patterns + - <<: *if-merge-request changes: *ci-patterns .frontend:rules:eslint-as-if-foss: @@ -1130,6 +1146,20 @@ changes: *code-qa-patterns allow_failure: true +.review:rules:review-qa-smoke-report: + rules: + - <<: *if-not-ee + when: never + - <<: *if-dot-com-gitlab-org-merge-request + changes: *ci-review-patterns + when: always + - <<: *if-dot-com-gitlab-org-merge-request + changes: *frontend-patterns + when: always + - <<: *if-dot-com-gitlab-org-merge-request + changes: *code-qa-patterns + when: always + .review:rules:review-qa-all: rules: - <<: *if-not-ee @@ -1142,6 +1172,19 @@ changes: *qa-patterns allow_failure: true +.review:rules:review-qa-all-report: + rules: + - <<: *if-not-ee + when: never + - <<: *if-dot-com-gitlab-org-merge-request + changes: *code-patterns + when: manual + allow_failure: true + - <<: *if-dot-com-gitlab-org-merge-request + changes: *qa-patterns + allow_failure: true + when: always + .review:rules:review-cleanup: rules: - <<: *if-not-ee diff --git a/.gitlab/ci/untamper-my-lockfile.yml b/.gitlab/ci/untamper-my-lockfile.yml deleted file mode 100644 index 54ba160f1bd..00000000000 --- a/.gitlab/ci/untamper-my-lockfile.yml +++ /dev/null @@ -1,26 +0,0 @@ -untamper-my-lockfile: - image: registry.gitlab.com/gitlab-org/frontend/untamper-my-lockfile:main - stage: test - needs: [] - before_script: [] - after_script: [] - cache: {} - retry: 1 - script: - - untamper-my-lockfile --lockfile yarn.lock - rules: - # Create a pipeline if the branch is named 'add-untamper-my-lockfile' in - # order to have an integration check added in the MR that introduces it - - if: $CI_COMMIT_REF_NAME == "add-untamper-my-lockfile" - # Create a pipeline if there are changes in yarn.lock _and_ we are in a - # merge request _or_ branch pipeline. - # - # This ensures that the pipeline isn't run in scheduled jobs for example - # - # Also our best effort to support both branch and MR pipelines. In certain - # projects this might trigger _two_ pipelines. These projects can be fixed - # by adding proper workflow:rules - # https://docs.gitlab.com/ee/ci/yaml/#workflowrules - - if: $CI_PIPELINE_SOURCE == "merge_request_event" || $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH - changes: - - yarn.lock diff --git a/.gitlab/ci/yaml.gitlab-ci.yml b/.gitlab/ci/yaml.gitlab-ci.yml index c597d992760..a0961866465 100644 --- a/.gitlab/ci/yaml.gitlab-ci.yml +++ b/.gitlab/ci/yaml.gitlab-ci.yml @@ -10,5 +10,4 @@ lint-yaml: variables: LINT_PATHS: .gitlab-ci.yml .gitlab/ci lib/gitlab/ci/templates changelogs script: - - '[[ ! -d "ee/" ]] || export LINT_PATHS="$LINT_PATHS ee/changelogs"' - yamllint -f colored $LINT_PATHS diff --git a/.gitlab/issue_templates/Documentation.md b/.gitlab/issue_templates/Documentation.md index f05d7049b7f..c58b6d0cf06 100644 --- a/.gitlab/issue_templates/Documentation.md +++ b/.gitlab/issue_templates/Documentation.md @@ -25,7 +25,7 @@ * Include use cases, benefits, and/or goals for this work. * If adding content: What audience is it intended for? (What roles and scenarios?) For ideas, see personas at https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/ or the persona labels at - https://gitlab.com/groups/gitlab-org/-/labels?utf8=%E2%9C%93&subscribed=&search=persona%3A + https://gitlab.com/groups/gitlab-org/-/labels?subscribed=&search=persona%3A --> ### Proposal diff --git a/.gitlab/issue_templates/Feature Flag Removal.md b/.gitlab/issue_templates/Feature Flag Removal.md deleted file mode 100644 index c061ab8516c..00000000000 --- a/.gitlab/issue_templates/Feature Flag Removal.md +++ /dev/null @@ -1,28 +0,0 @@ -<!-- Title suggestion: [Feature flag] Remove FEATURE_FLAG_NAME --> - -## Feature - -The `:feature_name` feature flag was previously [enabled by default](URL) and should be removed. - -## Owners - -- Group: ~"group::GROUP_NAME" -- Slack channel: `#g_GROUP_NAME` -- DRI: USERNAME -- PM: USERNAME - -**Removal** - -This is an __important__ phase, that should be either done in the next Milestone or as soon as possible. For the cleanup phase, please follow our documentation on how to [clean up the feature flag](https://docs.gitlab.com/ee/development/feature_flags/controls.html#cleaning-up). - -- [ ] Remove `:feature_name` feature flag - - [ ] Remove all references to the feature flag from the codebase - - [ ] Remove the YAML definitions for the feature from the repository - - [ ] Create a Changelog Entry - -- [ ] Clean up the feature flag from all environments by running this chatops command in `#production` channel `/chatops run feature delete some_feature`. - -- [ ] Close this issue after the feature flag is removed from the codebase. - -/label ~"feature flag" ~"technical debt" -/assign DRI diff --git a/.gitlab/issue_templates/Feature Flag Roll Out.md b/.gitlab/issue_templates/Feature Flag Roll Out.md index f07604d2d3d..424b752d1b4 100644 --- a/.gitlab/issue_templates/Feature Flag Roll Out.md +++ b/.gitlab/issue_templates/Feature Flag Roll Out.md @@ -110,6 +110,12 @@ To do so, follow these steps: the feature can be officially announced in a release blog post. - [ ] `/chatops run auto_deploy status <merge-commit>` - [ ] Close [the feature issue](ISSUE LINK) to indicate the feature will be released in the current milestone. +- [ ] Set the next milestone to this rollout issue for scheduling [the flag removal](#release-the-feature). +- [ ] (Optional) You can create a separate issue for scheduling the steps below to [Release the feature](#release-the-feature). + - [ ] Set the title to "[Feature flag] Cleanup `<feature-flag-name>`". + - [ ] Execute the `/copy_metadata <this-rollout-issue-link>` quick action to copy the labels from this rollout issue. + - [ ] Link this rollout issue as a related issue. + - [ ] Close this rollout issue. **WARNING:** This approach has the downside that it makes it difficult for us to [clean up](https://docs.gitlab.com/ee/development/feature_flags/controls.html#cleaning-up) the flag. diff --git a/.gitlab/issue_templates/Geo Replicate a new Git repository type.md b/.gitlab/issue_templates/Geo Replicate a new Git repository type.md index feabef36f20..be6fef40f3a 100644 --- a/.gitlab/issue_templates/Geo Replicate a new Git repository type.md +++ b/.gitlab/issue_templates/Geo Replicate a new Git repository type.md @@ -513,6 +513,12 @@ That's all of the required database changes. last_synced_at { 1.day.ago } retry_count { 0 } end + + trait :verification_succeeded do + verification_checksum { 'e079a831cab27bcda7d81cd9b48296d0c3dd92ef' } + verification_state { Geo::CoolWidgetRegistry.verification_state_value(:verification_succeeded) } + verified_at { 5.days.ago } + end end end ``` diff --git a/.gitlab/issue_templates/Geo Replicate a new blob type.md b/.gitlab/issue_templates/Geo Replicate a new blob type.md index b9e69d36ecc..c7bbb6b937c 100644 --- a/.gitlab/issue_templates/Geo Replicate a new blob type.md +++ b/.gitlab/issue_templates/Geo Replicate a new blob type.md @@ -479,6 +479,12 @@ That's all of the required database changes. last_synced_at { 1.day.ago } retry_count { 0 } end + + trait :verification_succeeded do + verification_checksum { 'e079a831cab27bcda7d81cd9b48296d0c3dd92ef' } + verification_state { Geo::CoolWidgetRegistry.verification_state_value(:verification_succeeded) } + verified_at { 5.days.ago } + end end end ``` diff --git a/.gitlab/merge_request_templates/Documentation.md b/.gitlab/merge_request_templates/Documentation.md index fac84d98141..9c6b5a73b4f 100644 --- a/.gitlab/merge_request_templates/Documentation.md +++ b/.gitlab/merge_request_templates/Documentation.md @@ -52,8 +52,8 @@ All reviewers can help ensure accuracy, clarity, completeness, and adherence to - [ ] Technical writer review. If not requested for this MR, must be scheduled post-merge. To request for this MR, assign the writer listed for the applicable [DevOps stage](https://about.gitlab.com/handbook/product/categories/#devops-stages). - [ ] Ensure docs metadata are present and up-to-date. - [ ] Ensure ~"Technical Writing" and ~"documentation" are added. - - [ ] Add the corresponding `docs::` [scoped label](https://gitlab.com/groups/gitlab-org/-/labels?utf8=%E2%9C%93&subscribed=&search=docs%3A%3A). - - [ ] If working on UI text, add the corresponding `UI Text` [scoped label](https://gitlab.com/groups/gitlab-org/-/labels?utf8=%E2%9C%93&subscribed=&search=ui+text). + - [ ] Add the corresponding `docs::` [scoped label](https://gitlab.com/groups/gitlab-org/-/labels?subscribed=&search=docs%3A%3A). + - [ ] If working on UI text, add the corresponding `UI Text` [scoped label](https://gitlab.com/groups/gitlab-org/-/labels?subscribed=&search=ui+text). - [ ] Add ~"tw::doing" when starting work on the MR. - [ ] Add ~"tw::finished" if Technical Writing team work on the MR is complete but it remains open. diff --git a/.gitlab/merge_request_templates/Security Release.md b/.gitlab/merge_request_templates/Security Release.md index fccfad18ef0..77e8718c34f 100644 --- a/.gitlab/merge_request_templates/Security Release.md +++ b/.gitlab/merge_request_templates/Security Release.md @@ -16,7 +16,7 @@ See [the general developer security release guidelines](https://gitlab.com/gitla - [ ] Merge request targets `master`, or a versioned stable branch (`X-Y-stable-ee`). - [ ] Milestone is set for the version this merge request applies to. A closed milestone can be assigned via [quick actions]. - [ ] Title of this merge request is the same as for all backports. -- [ ] A [CHANGELOG entry] is added without a `merge_request` value, with `type` set to `security` +- [ ] A [CHANGELOG entry] has been included, with `Changelog` trailer set to `security`. - [ ] For the MR targeting `master`: - [ ] Assign to a reviewer and maintainer, per our [Code Review process]. - [ ] Ensure it's approved according to our [Approval Guidelines]. @@ -37,7 +37,7 @@ See [the general developer security release guidelines](https://gitlab.com/gitla [GitLab Security]: https://gitlab.com/gitlab-org/security/gitlab [quick actions]: https://docs.gitlab.com/ee/user/project/quick_actions.html#quick-actions-for-issues-merge-requests-and-epics -[CHANGELOG entry]: https://docs.gitlab.com/ee/development/changelog.html +[CHANGELOG entry]: https://docs.gitlab.com/ee/development/changelog.html#overview [Code Review process]: https://docs.gitlab.com/ee/development/code_review.html [Approval Guidelines]: https://docs.gitlab.com/ee/development/code_review.html#approval-guidelines [Canonical repository]: https://gitlab.com/gitlab-org/gitlab |