diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2019-11-13 15:07:29 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2019-11-13 15:07:29 +0000 |
| commit | 3318518149062e5d17105f2170bd7bd9647af415 (patch) | |
| tree | a2e49b8fea4543717ca006e9d06bdc032d5d4281 | |
| parent | 4e516dbff9767a35677fdc4a6e39005b4b564376 (diff) | |
| download | gitlab-ce-3318518149062e5d17105f2170bd7bd9647af415.tar.gz | |
Add latest changes from gitlab-org/gitlab@master
38 files changed, 213 insertions, 92 deletions
diff --git a/app/helpers/application_settings_helper.rb b/app/helpers/application_settings_helper.rb index 8b3d4fbf96a..f0868a8d377 100644 --- a/app/helpers/application_settings_helper.rb +++ b/app/helpers/application_settings_helper.rb @@ -176,6 +176,7 @@ module ApplicationSettingsHelper :container_registry_token_expire_delay, :default_artifacts_expire_in, :default_branch_protection, + :default_ci_config_path, :default_group_visibility, :default_project_creation, :default_project_visibility, diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb index c037627570a..b47e1142cca 100644 --- a/app/models/application_setting.rb +++ b/app/models/application_setting.rb @@ -297,6 +297,12 @@ class ApplicationSetting < ApplicationRecord pass: :external_auth_client_key_pass, if: -> (setting) { setting.external_auth_client_cert.present? } + validates :default_ci_config_path, + format: { without: %r{(\.{2}|\A/)}, + message: N_('cannot include leading slash or directory traversal.') }, + length: { maximum: 255 }, + allow_blank: true + attr_encrypted :asset_proxy_secret_key, mode: :per_attribute_iv, key: Settings.attr_encrypted_db_key_base_truncated, diff --git a/app/models/application_setting_implementation.rb b/app/models/application_setting_implementation.rb index 77fbe09d4f9..80715fae68d 100644 --- a/app/models/application_setting_implementation.rb +++ b/app/models/application_setting_implementation.rb @@ -42,6 +42,7 @@ module ApplicationSettingImplementation container_registry_token_expire_delay: 5, default_artifacts_expire_in: '30 days', default_branch_protection: Settings.gitlab['default_branch_protection'], + default_ci_config_path: nil, default_group_visibility: Settings.gitlab.default_projects_features['visibility_level'], default_project_creation: Settings.gitlab['default_project_creation'], default_project_visibility: Settings.gitlab.default_projects_features['visibility_level'], diff --git a/app/models/clusters/applications/ingress.rb b/app/models/clusters/applications/ingress.rb index 41f5ad6550e..d140649af3c 100644 --- a/app/models/clusters/applications/ingress.rb +++ b/app/models/clusters/applications/ingress.rb @@ -21,6 +21,7 @@ module Clusters } FETCH_IP_ADDRESS_DELAY = 30.seconds + MODSEC_SIDECAR_INITIAL_DELAY_SECONDS = 10 state_machine :status do after_transition any => [:installed] do |application| @@ -81,11 +82,39 @@ module Clusters "enable-owasp-modsecurity-crs" => "true", "modsecurity.conf" => modsecurity_config_content }, + "extraContainers" => [ + { + "name" => "modsecurity-log", + "image" => "busybox", + "args" => [ + "/bin/sh", + "-c", + "tail -f /var/log/modsec/audit.log" + ], + "volumeMounts" => [ + { + "name" => "modsecurity-log-volume", + "mountPath" => "/var/log/modsec", + "readOnly" => true + } + ], + "startupProbe" => { + "exec" => { + "command" => ["ls", "/var/log/modsec"] + }, + "initialDelaySeconds" => MODSEC_SIDECAR_INITIAL_DELAY_SECONDS + } + } + ], "extraVolumeMounts" => [ { "name" => "modsecurity-template-volume", "mountPath" => "/etc/nginx/modsecurity/modsecurity.conf", "subPath" => "modsecurity.conf" + }, + { + "name" => "modsecurity-log-volume", + "mountPath" => "/var/log/modsec" } ], "extraVolumes" => [ @@ -100,6 +129,10 @@ module Clusters } ] } + }, + { + "name" => "modsecurity-log-volume", + "emptyDir" => {} } ] } diff --git a/app/models/concerns/noteable.rb b/app/models/concerns/noteable.rb index 3065e0ba6c5..19f2daa1b01 100644 --- a/app/models/concerns/noteable.rb +++ b/app/models/concerns/noteable.rb @@ -108,10 +108,6 @@ module Noteable discussions_resolvable? && resolvable_discussions.none?(&:to_be_resolved?) end - def discussions_to_be_resolved? - discussions_resolvable? && !discussions_resolved? - end - def discussions_to_be_resolved @discussions_to_be_resolved ||= resolvable_discussions.select(&:to_be_resolved?) end diff --git a/app/models/merge_request.rb b/app/models/merge_request.rb index b85285978ab..5cf2ded114d 100644 --- a/app/models/merge_request.rb +++ b/app/models/merge_request.rb @@ -68,6 +68,7 @@ class MergeRequest < ApplicationRecord has_many :cached_closes_issues, through: :merge_requests_closing_issues, source: :issue has_many :pipelines_for_merge_request, foreign_key: 'merge_request_id', class_name: 'Ci::Pipeline' has_many :suggestions, through: :notes + has_many :unresolved_notes, -> { unresolved }, as: :noteable, class_name: 'Note' has_many :merge_request_assignees has_many :assignees, class_name: "User", through: :merge_request_assignees @@ -211,7 +212,7 @@ class MergeRequest < ApplicationRecord scope :join_project, -> { joins(:target_project) } scope :references_project, -> { references(:target_project) } scope :with_api_entity_associations, -> { - preload(:assignees, :author, :notes, :labels, :milestone, :timelogs, + preload(:assignees, :author, :unresolved_notes, :labels, :milestone, :timelogs, latest_merge_request_diff: [:merge_request_diff_commits], metrics: [:latest_closed_by, :merged_by], target_project: [:route, { namespace: :route }], @@ -923,7 +924,7 @@ class MergeRequest < ApplicationRecord def mergeable_discussions_state? return true unless project.only_allow_merge_if_all_discussions_are_resolved? - !discussions_to_be_resolved? + unresolved_notes.none?(&:to_be_resolved?) end def for_fork? diff --git a/app/models/project.rb b/app/models/project.rb index 9ee162df241..8b31a7ea48b 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -92,6 +92,7 @@ class Project < ApplicationRecord default_value_for :snippets_enabled, gitlab_config_features.snippets default_value_for :only_allow_merge_if_all_discussions_are_resolved, false default_value_for :remove_source_branch_after_merge, true + default_value_for(:ci_config_path) { Gitlab::CurrentSettings.default_ci_config_path } add_authentication_token_field :runners_token, encrypted: -> { Feature.enabled?(:projects_tokens_optional_encryption, default_enabled: true) ? :optional : :required } diff --git a/app/views/admin/application_settings/_ci_cd.html.haml b/app/views/admin/application_settings/_ci_cd.html.haml index 1f5bce19bc6..9806090c1a6 100644 --- a/app/views/admin/application_settings/_ci_cd.html.haml +++ b/app/views/admin/application_settings/_ci_cd.html.haml @@ -53,5 +53,11 @@ = s_('AdminSettings|Environment variables are protected by default') .form-text.text-muted = s_('AdminSettings|When creating a new environment variable it will be protected by default.') + .form-group + = f.label :ci_config_path, _('Default CI configuration path'), class: 'label-bold' + = f.text_field :default_ci_config_path, class: 'form-control', placeholder: '.gitlab-ci.yml' + %p.form-text.text-muted + = _("The default CI configuration path for new projects.").html_safe + = link_to icon('question-circle'), help_page_path('user/project/pipelines/settings', anchor: 'custom-ci-config-path'), target: '_blank' = f.submit _('Save changes'), class: "btn btn-success" diff --git a/changelogs/unreleased/14707-add-modsec-logging-sidecar-to-ingress-controller.yml b/changelogs/unreleased/14707-add-modsec-logging-sidecar-to-ingress-controller.yml new file mode 100644 index 00000000000..2ed6c45b5e3 --- /dev/null +++ b/changelogs/unreleased/14707-add-modsec-logging-sidecar-to-ingress-controller.yml @@ -0,0 +1,5 @@ +--- +title: Add modsecurity logging sidecar to ingress controller +merge_request: 19600 +author: +type: added diff --git a/changelogs/unreleased/32935-preventing-accidental-project-deletion-index.yml b/changelogs/unreleased/32935-preventing-accidental-project-deletion-index.yml new file mode 100644 index 00000000000..7f85da35f83 --- /dev/null +++ b/changelogs/unreleased/32935-preventing-accidental-project-deletion-index.yml @@ -0,0 +1,5 @@ +--- +title: Add index on marked_for_deletion_at in projects table +merge_request: 19788 +author: +type: other diff --git a/changelogs/unreleased/ab-projects-api-indexes-authenticated.yml b/changelogs/unreleased/ab-projects-api-indexes-authenticated.yml new file mode 100644 index 00000000000..7bfb2b8d166 --- /dev/null +++ b/changelogs/unreleased/ab-projects-api-indexes-authenticated.yml @@ -0,0 +1,5 @@ +--- +title: Add index for authenticated requests to projects API default endpoint +merge_request: 19993 +author: +type: performance diff --git a/changelogs/unreleased/gitlab_ci_path.yml b/changelogs/unreleased/gitlab_ci_path.yml new file mode 100644 index 00000000000..900d1cccbab --- /dev/null +++ b/changelogs/unreleased/gitlab_ci_path.yml @@ -0,0 +1,5 @@ +--- +title: Allow to define a default CI configuration path for new projects +merge_request: 18073 +author: Mathieu Parent +type: added diff --git a/changelogs/unreleased/id-optimize-mergeable-discussions-state.yml b/changelogs/unreleased/id-optimize-mergeable-discussions-state.yml new file mode 100644 index 00000000000..db7f6712d5c --- /dev/null +++ b/changelogs/unreleased/id-optimize-mergeable-discussions-state.yml @@ -0,0 +1,5 @@ +--- +title: Optimize MergeRequest#mergeable_discussions_state? method +merge_request: 19988 +author: +type: performance diff --git a/db/migrate/20191107220314_add_index_to_projects_on_marked_for_deletion.rb b/db/migrate/20191107220314_add_index_to_projects_on_marked_for_deletion.rb new file mode 100644 index 00000000000..06849cf9bfd --- /dev/null +++ b/db/migrate/20191107220314_add_index_to_projects_on_marked_for_deletion.rb @@ -0,0 +1,17 @@ +# frozen_string_literal: true + +class AddIndexToProjectsOnMarkedForDeletion < ActiveRecord::Migration[5.2] + include Gitlab::Database::MigrationHelpers + + DOWNTIME = false + + disable_ddl_transaction! + + def up + add_concurrent_index :projects, :marked_for_deletion_at, where: 'marked_for_deletion_at IS NOT NULL' + end + + def down + remove_concurrent_index :projects, :marked_for_deletion_at + end +end diff --git a/db/migrate/20191111121500_default_ci_config_path.rb b/db/migrate/20191111121500_default_ci_config_path.rb new file mode 100644 index 00000000000..f391f5ffe99 --- /dev/null +++ b/db/migrate/20191111121500_default_ci_config_path.rb @@ -0,0 +1,13 @@ +# frozen_string_literal: true + +class DefaultCiConfigPath < ActiveRecord::Migration[5.2] + DOWNTIME = false + + def up + add_column :application_settings, :default_ci_config_path, :string, limit: 255 + end + + def down + remove_column :application_settings, :default_ci_config_path + end +end diff --git a/db/migrate/20191112221821_add_indexes_for_projects_api_default_params_authenticated.rb b/db/migrate/20191112221821_add_indexes_for_projects_api_default_params_authenticated.rb new file mode 100644 index 00000000000..6ebc6a72854 --- /dev/null +++ b/db/migrate/20191112221821_add_indexes_for_projects_api_default_params_authenticated.rb @@ -0,0 +1,19 @@ +# frozen_string_literal: true + +class AddIndexesForProjectsApiDefaultParamsAuthenticated < ActiveRecord::Migration[5.2] + include Gitlab::Database::MigrationHelpers + + DOWNTIME = false + + disable_ddl_transaction! + + def up + add_concurrent_index :projects, %i(created_at id) + remove_concurrent_index_by_name :projects, 'index_projects_on_created_at' + end + + def down + add_concurrent_index :projects, :created_at + remove_concurrent_index_by_name :projects, 'index_projects_on_created_at_and_id' + end +end diff --git a/db/schema.rb b/db/schema.rb index 9404ec6779f..fdc42b43422 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 2019_11_12_214305) do +ActiveRecord::Schema.define(version: 2019_11_12_221821) do # These are extensions that must be enabled in order to support this database enable_extension "pg_trgm" @@ -351,6 +351,7 @@ ActiveRecord::Schema.define(version: 2019_11_12_214305) do t.text "encrypted_eks_secret_access_key" t.string "snowplow_app_id" t.datetime_with_timezone "productivity_analytics_start_date" + t.string "default_ci_config_path", limit: 255 t.index ["custom_project_templates_group_id"], name: "index_application_settings_on_custom_project_templates_group_id" t.index ["file_template_project_id"], name: "index_application_settings_on_file_template_project_id" t.index ["instance_administration_project_id"], name: "index_applicationsettings_on_instance_administration_project_id" @@ -3121,7 +3122,7 @@ ActiveRecord::Schema.define(version: 2019_11_12_214305) do t.integer "marked_for_deletion_by_user_id" t.index "lower((name)::text)", name: "index_projects_on_lower_name" t.index ["archived", "pending_delete", "merge_requests_require_code_owner_approval"], name: "projects_requiring_code_owner_approval", where: "((pending_delete = false) AND (archived = false) AND (merge_requests_require_code_owner_approval = true))" - t.index ["created_at"], name: "index_projects_on_created_at" + t.index ["created_at", "id"], name: "index_projects_on_created_at_and_id" t.index ["creator_id"], name: "index_projects_on_creator_id" t.index ["description"], name: "index_projects_on_description_trigram", opclass: :gin_trgm_ops, using: :gin t.index ["id", "repository_storage", "last_repository_updated_at"], name: "idx_projects_on_repository_storage_last_repository_updated_at" @@ -3131,6 +3132,7 @@ ActiveRecord::Schema.define(version: 2019_11_12_214305) do t.index ["last_repository_check_at"], name: "index_projects_on_last_repository_check_at", where: "(last_repository_check_at IS NOT NULL)" t.index ["last_repository_check_failed"], name: "index_projects_on_last_repository_check_failed" t.index ["last_repository_updated_at"], name: "index_projects_on_last_repository_updated_at" + t.index ["marked_for_deletion_at"], name: "index_projects_on_marked_for_deletion_at", where: "(marked_for_deletion_at IS NOT NULL)" t.index ["marked_for_deletion_by_user_id"], name: "index_projects_on_marked_for_deletion_by_user_id", where: "(marked_for_deletion_by_user_id IS NOT NULL)" t.index ["mirror_last_successful_update_at"], name: "index_projects_on_mirror_last_successful_update_at" t.index ["mirror_user_id"], name: "index_projects_on_mirror_user_id" diff --git a/doc/administration/operations/sidekiq_memory_killer.md b/doc/administration/operations/sidekiq_memory_killer.md index 79e9fb778b6..6438dbb9dab 100644 --- a/doc/administration/operations/sidekiq_memory_killer.md +++ b/doc/administration/operations/sidekiq_memory_killer.md @@ -34,7 +34,7 @@ The MemoryKiller is controlled using environment variables. In _daemon_ mode, the MemoryKiller checks the Sidekiq process RSS every 3 seconds (defined by `SIDEKIQ_MEMORY_KILLER_CHECK_INTERVAL`). -- `SIDEKIQ_MEMORY_KILLER_MAX_RSS`: if this variable is set, and its value is greater +- `SIDEKIQ_MEMORY_KILLER_MAX_RSS` (KB): if this variable is set, and its value is greater than 0, the MemoryKiller is enabled. Otherwise the MemoryKiller is disabled. `SIDEKIQ_MEMORY_KILLER_MAX_RSS` defines the Sidekiq process allowed RSS. @@ -52,7 +52,7 @@ The MemoryKiller is controlled using environment variables. [in the Omnibus GitLab repository](https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/attributes/default.rb). -- `SIDEKIQ_MEMORY_KILLER_HARD_LIMIT_RSS`: is used by _daemon_ mode. If the Sidekiq +- `SIDEKIQ_MEMORY_KILLER_HARD_LIMIT_RSS` (KB): is used by _daemon_ mode. If the Sidekiq process RSS (expressed in kilobytes) exceeds `SIDEKIQ_MEMORY_KILLER_HARD_LIMIT_RSS`, an immediate graceful restart of Sidekiq is triggered. diff --git a/doc/api/settings.md b/doc/api/settings.md index 0fb742982f4..f63466298e3 100644 --- a/doc/api/settings.md +++ b/doc/api/settings.md @@ -40,6 +40,7 @@ Example response: "domain_blacklist_enabled" : false, "domain_blacklist" : [], "created_at" : "2016-01-04T15:44:55.176Z", + "default_ci_config_path" : null, "default_project_visibility" : "private", "default_group_visibility" : "private", "gravatar_enabled" : true, @@ -113,6 +114,7 @@ Example response: "restricted_visibility_levels": [], "max_attachment_size": 10, "session_expire_delay": 10080, + "default_ci_config_path" : null, "default_project_visibility": "internal", "default_snippet_visibility": "private", "default_group_visibility": "private", @@ -198,6 +200,7 @@ are listed in the descriptions of the relevant settings. | `container_registry_token_expire_delay` | integer | no | Container Registry token duration in minutes. | | `default_artifacts_expire_in` | string | no | Set the default expiration time for each job's artifacts. | | `default_branch_protection` | integer | no | Determine if developers can push to master. Can take: `0` _(not protected, both developers and maintainers can push new commits, force push, or delete the branch)_, `1` _(partially protected, developers and maintainers can push new commits, but cannot force push or delete the branch)_ or `2` _(fully protected, developers cannot push new commits, but maintainers can; no-one can force push or delete the branch)_ as a parameter. Default is `2`. | +| `default_ci_config_path` | string | no | Default CI configuration path for new projects (`.gitlab-ci.yml` if not set). | | `default_group_visibility` | string | no | What visibility level new groups receive. Can take `private`, `internal` and `public` as a parameter. Default is `private`. | | `default_project_creation` | integer | no | Default project creation protection. Can take: `0` _(No one)_, `1` _(Maintainers)_ or `2` _(Developers + Maintainers)_| | `default_projects_limit` | integer | no | Project limit per user. Default is `100000`. | diff --git a/doc/ci/yaml/README.md b/doc/ci/yaml/README.md index 37e86a2f5a3..ea67617ff5c 100644 --- a/doc/ci/yaml/README.md +++ b/doc/ci/yaml/README.md @@ -2023,8 +2023,6 @@ Defining an empty array will skip downloading any artifacts for that job. The status of the previous job is not considered when using `dependencies`, so if it failed or it is a manual job that was not run, no error occurs. ---- - In the following example, we define two jobs with artifacts, `build:osx` and `build:linux`. When the `test:osx` is executed, the artifacts from `build:osx` will be downloaded and extracted in the context of the build. The same happens diff --git a/doc/development/documentation/index.md b/doc/development/documentation/index.md index fb0aa5130f8..ce35a5e746b 100644 --- a/doc/development/documentation/index.md +++ b/doc/development/documentation/index.md @@ -67,8 +67,6 @@ This document was moved to [another location](path/to/new_doc.md). where `path/to/new_doc.md` is the relative path to the root directory `doc/`. ---- - For example, if you move `doc/workflow/lfs/lfs_administration.md` to `doc/administration/lfs.md`, then the steps would be: diff --git a/doc/development/documentation/styleguide.md b/doc/development/documentation/styleguide.md index b6ec7a858fa..8d68079963f 100644 --- a/doc/development/documentation/styleguide.md +++ b/doc/development/documentation/styleguide.md @@ -604,9 +604,6 @@ Inside the document: - Always use a proper description for what the image is about. That way, when a browser fails to show the image, this text will be used as an alternative description. -- If there are consecutive images with little text between them, always add - three dashes (`---`) between the image and the text to create a horizontal - line for better clarity. - If a heading is placed right after an image, always add three dashes (`---`) between the image and the heading. diff --git a/doc/install/openshift_and_gitlab/index.md b/doc/install/openshift_and_gitlab/index.md index 010e56fb097..181d4414a9b 100644 --- a/doc/install/openshift_and_gitlab/index.md +++ b/doc/install/openshift_and_gitlab/index.md @@ -23,8 +23,6 @@ tools that will help us achieve our goal. For a video demonstration on installing GitLab on OpenShift, check the article [In 13 minutes from Kubernetes to a complete application development tool](https://about.gitlab.com/blog/2016/11/14/idea-to-production/). ---- - ## Prerequisites CAUTION: **Caution:** This information is no longer up to date, as the current versions diff --git a/doc/user/admin_area/settings/continuous_integration.md b/doc/user/admin_area/settings/continuous_integration.md index c60b3323105..f775dd8bbb4 100644 --- a/doc/user/admin_area/settings/continuous_integration.md +++ b/doc/user/admin_area/settings/continuous_integration.md @@ -134,6 +134,19 @@ Once that time passes, the jobs will be archived and no longer able to be retried. Make it empty to never expire jobs. It has to be no less than 1 day, for example: <code>15 days</code>, <code>1 month</code>, <code>2 years</code>. +## Default CI configuration path + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/merge_requests/18073) in GitLab 12.5. + +The default CI configuration file path for new projects can be set in the Admin +area of your GitLab instance (`.gitlab-ci.yml` if not set): + +1. Go to **Admin area > Settings > Continuous Integration and Deployment**. +1. Input the new path in the **Default CI configuration path** field. +1. Hit **Save changes** for the changes to take effect. + +It is also possible to specify a [custom CI configuration path for a specific project](../../project/pipelines/settings.md#custom-ci-configuration-path). + <!-- ## Troubleshooting Include any troubleshooting steps that you can foresee. If you know beforehand what issues diff --git a/doc/user/clusters/applications.md b/doc/user/clusters/applications.md index 105843fd678..28016e2b3cd 100644 --- a/doc/user/clusters/applications.md +++ b/doc/user/clusters/applications.md @@ -263,7 +263,7 @@ This feature: For example: ```sh - kubectl -n gitlab-managed-apps exec -it $(kubectl get pods -n gitlab-managed-apps | grep 'ingress-controller' | awk '{print $1}') -- tail -f /var/log/modsec_audit.log + kubectl -n gitlab-managed-apps exec -it $(kubectl get pods -n gitlab-managed-apps | grep 'ingress-controller' | awk '{print $1}') -- tail -f /var/log/modsec/audit.log ``` There is a small performance overhead by enabling `modsecurity`. However, if this is diff --git a/doc/user/permissions.md b/doc/user/permissions.md index 9bed542fb8e..0382c33f7c6 100644 --- a/doc/user/permissions.md +++ b/doc/user/permissions.md @@ -73,7 +73,7 @@ The following table depicts the various user permission levels in a project. | See a commit status | | ✓ | ✓ | ✓ | ✓ | | See a container registry | | ✓ | ✓ | ✓ | ✓ | | See environments | | ✓ | ✓ | ✓ | ✓ | -| See a list of merge requests | ✓ (*1*) | ✓ | ✓ | ✓ | ✓ | +| See a list of merge requests | | ✓ | ✓ | ✓ | ✓ | | View project statistics | | ✓ | ✓ | ✓ | ✓ | | View Error Tracking list | | ✓ | ✓ | ✓ | ✓ | | Pull from [Conan repository](packages/conan_repository/index.md), [Maven repository](packages/maven_repository/index.md), or [NPM registry](packages/npm_registry/index.md) **(PREMIUM)** | | ✓ | ✓ | ✓ | ✓ | @@ -83,7 +83,7 @@ The following table depicts the various user permission levels in a project. | Push to non-protected branches | | | ✓ | ✓ | ✓ | | Force push to non-protected branches | | | ✓ | ✓ | ✓ | | Remove non-protected branches | | | ✓ | ✓ | ✓ | -| Create new merge request | ✓ (*1*) | ✓ | ✓ | ✓ | ✓ | +| Create new merge request | | ✓ | ✓ | ✓ | ✓ | | Assign merge requests | | | ✓ | ✓ | ✓ | | Label merge requests | | | ✓ | ✓ | ✓ | | Lock merge request threads | | | ✓ | ✓ | ✓ | diff --git a/doc/user/profile/notifications.md b/doc/user/profile/notifications.md index ced30615467..388576a48db 100644 --- a/doc/user/profile/notifications.md +++ b/doc/user/profile/notifications.md @@ -77,7 +77,7 @@ To select a notification level for a project, use either of these methods: 1. Locate the project in the **Projects** section. 1. Select the desired [notification level](#notification-levels). ---- +Or: 1. Navigate to the project's page. 1. Click the notification dropdown, marked with a bell icon. diff --git a/doc/user/project/import/gitea.md b/doc/user/project/import/gitea.md index f883e4474e2..94ab9d9195b 100644 --- a/doc/user/project/import/gitea.md +++ b/doc/user/project/import/gitea.md @@ -75,7 +75,5 @@ You also can:  ---- - You can also choose a different name for the project and a different namespace, if you have the privileges to do so. diff --git a/doc/user/project/merge_requests/merge_request_approvals.md b/doc/user/project/merge_requests/merge_request_approvals.md index 2aa92ba2316..15b846f5f88 100644 --- a/doc/user/project/merge_requests/merge_request_approvals.md +++ b/doc/user/project/merge_requests/merge_request_approvals.md @@ -219,8 +219,6 @@ and the project level approvers are changed after a merge request is created, the merge request retains the previous approvers. However, the approvers can be changed by [editing the merge request](#overriding-the-merge-request-approvals-default-settings). ---- - The default approval settings can now be overridden when creating a [merge request](index.md) or by editing it after it's been created: diff --git a/lib/api/settings.rb b/lib/api/settings.rb index 0669f764d4d..88076614f73 100644 --- a/lib/api/settings.rb +++ b/lib/api/settings.rb @@ -42,6 +42,7 @@ module API optional :asset_proxy_whitelist, type: Array[String], coerce_with: Validations::Types::CommaSeparatedToArray.coerce, desc: 'Assets that match these domain(s) will NOT be proxied. Wildcards allowed. Your GitLab installation URL is automatically whitelisted.' optional :container_registry_token_expire_delay, type: Integer, desc: 'Authorization token duration (minutes)' optional :default_artifacts_expire_in, type: String, desc: "Set the default expiration time for each job's artifacts" + optional :default_ci_config_path, type: String, desc: 'The instance default CI configuration path for new projects' optional :default_project_creation, type: Integer, values: ::Gitlab::Access.project_creation_values, desc: 'Determine if developers can create projects in the group' optional :default_branch_protection, type: Integer, values: ::Gitlab::Access.protection_values, desc: 'Determine if developers can push to master' optional :default_group_visibility, type: String, values: Gitlab::VisibilityLevel.string_values, desc: 'The default group visibility' diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 1f536157c85..b70e1d3e40e 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -5241,6 +5241,9 @@ msgstr "" msgid "Default Branch" msgstr "" +msgid "Default CI configuration path" +msgstr "" + msgid "Default artifacts expiration" msgstr "" @@ -16840,6 +16843,9 @@ msgstr "" msgid "The content of this page is not encoded in UTF-8. Edits can only be made via the Git repository." msgstr "" +msgid "The default CI configuration path for new projects." +msgstr "" + msgid "The dependency list details information about the components used within your project." msgstr "" diff --git a/spec/lib/gitlab/import_export/all_models.yml b/spec/lib/gitlab/import_export/all_models.yml index 8bad40c629b..7d5206835c3 100644 --- a/spec/lib/gitlab/import_export/all_models.yml +++ b/spec/lib/gitlab/import_export/all_models.yml @@ -120,6 +120,7 @@ merge_requests: - pipelines_for_merge_request - merge_request_assignees - suggestions +- unresolved_notes - assignees - reviews - approval_rules diff --git a/spec/models/clusters/applications/ingress_spec.rb b/spec/models/clusters/applications/ingress_spec.rb index 60b139a7610..d7ad7867e1a 100644 --- a/spec/models/clusters/applications/ingress_spec.rb +++ b/spec/models/clusters/applications/ingress_spec.rb @@ -165,6 +165,12 @@ describe Clusters::Applications::Ingress do expect(subject.values).to include('extraVolumes') expect(subject.values).to include('extraVolumeMounts') end + + it 'includes modsecurity sidecar container' do + expect(subject.values).to include('modsecurity-log-volume') + + expect(subject.values).to include('extraContainers') + end end context 'when ingress_modsecurity is disabled' do @@ -190,6 +196,12 @@ describe Clusters::Applications::Ingress do expect(subject.values).not_to include('extraVolumes') expect(subject.values).not_to include('extraVolumeMounts') end + + it 'excludes modsecurity sidecar container' do + expect(subject.values).not_to include('modsecurity-log-volume') + + expect(subject.values).not_to include('extraContainers') + end end end end diff --git a/spec/models/concerns/noteable_spec.rb b/spec/models/concerns/noteable_spec.rb index f823ac0165f..e8991a3a015 100644 --- a/spec/models/concerns/noteable_spec.rb +++ b/spec/models/concerns/noteable_spec.rb @@ -177,50 +177,6 @@ describe Noteable do end end - describe "#discussions_to_be_resolved?" do - context "when discussions are not resolvable" do - before do - allow(subject).to receive(:discussions_resolvable?).and_return(false) - end - - it "returns false" do - expect(subject.discussions_to_be_resolved?).to be false - end - end - - context "when discussions are resolvable" do - before do - allow(subject).to receive(:discussions_resolvable?).and_return(true) - - allow(first_discussion).to receive(:resolvable?).and_return(true) - allow(second_discussion).to receive(:resolvable?).and_return(false) - allow(third_discussion).to receive(:resolvable?).and_return(true) - end - - context "when all resolvable discussions are resolved" do - before do - allow(first_discussion).to receive(:resolved?).and_return(true) - allow(third_discussion).to receive(:resolved?).and_return(true) - end - - it "returns false" do - expect(subject.discussions_to_be_resolved?).to be false - end - end - - context "when some resolvable discussions are not resolved" do - before do - allow(first_discussion).to receive(:resolved?).and_return(true) - allow(third_discussion).to receive(:resolved?).and_return(false) - end - - it "returns true" do - expect(subject.discussions_to_be_resolved?).to be true - end - end - end - end - describe "#discussions_to_be_resolved" do before do allow(first_discussion).to receive(:to_be_resolved?).and_return(true) diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb index 052651bdf50..0a64c70dccb 100644 --- a/spec/models/project_spec.rb +++ b/spec/models/project_spec.rb @@ -2029,24 +2029,37 @@ describe Project do end describe '#ci_config_path=' do - let(:project) { create(:project) } + using RSpec::Parameterized::TableSyntax - it 'sets nil' do - project.update!(ci_config_path: nil) + let(:project) { create(:project) } - expect(project.ci_config_path).to be_nil + where(:default_ci_config_path, :project_ci_config_path, :expected_ci_config_path) do + nil | :notset | :default + nil | nil | :default + nil | '' | :default + nil | "cust\0om/\0/path" | 'custom//path' + '' | :notset | :default + '' | nil | :default + '' | '' | :default + '' | "cust\0om/\0/path" | 'custom//path' + 'global/path' | :notset | 'global/path' + 'global/path' | nil | :default + 'global/path' | '' | :default + 'global/path' | "cust\0om/\0/path" | 'custom//path' end - it 'sets a string' do - project.update!(ci_config_path: 'foo/.gitlab_ci.yml') - - expect(project.ci_config_path).to eq('foo/.gitlab_ci.yml') - end + with_them do + before do + stub_application_setting(default_ci_config_path: default_ci_config_path) - it 'sets a string but removes all null characters' do - project.update!(ci_config_path: "f\0oo/\0/.gitlab_ci.yml") + if project_ci_config_path != :notset + project.ci_config_path = project_ci_config_path + end + end - expect(project.ci_config_path).to eq('foo//.gitlab_ci.yml') + it 'returns the correct path' do + expect(project.ci_config_path.presence || :default).to eq(expected_ci_config_path) + end end end diff --git a/spec/requests/api/merge_requests_spec.rb b/spec/requests/api/merge_requests_spec.rb index 9ebddffe882..ddfe42129c0 100644 --- a/spec/requests/api/merge_requests_spec.rb +++ b/spec/requests/api/merge_requests_spec.rb @@ -701,16 +701,20 @@ describe API::MergeRequests do expect(json_response.first['id']).to eq merge_request_closed.id end - it 'avoids N+1 queries' do - control = ActiveRecord::QueryRecorder.new do - get api("/projects/#{project.id}/merge_requests", user) - end.count + context 'a project which enforces all discussions to be resolved' do + let!(:project) { create(:project, :repository, only_allow_merge_if_all_discussions_are_resolved: true) } - create(:merge_request, author: user, assignees: [user], source_project: project, target_project: project, created_at: base_time) + it 'avoids N+1 queries' do + control = ActiveRecord::QueryRecorder.new do + get api("/projects/#{project.id}/merge_requests", user) + end.count - expect do - get api("/projects/#{project.id}/merge_requests", user) - end.not_to exceed_query_limit(control) + create(:merge_request, author: user, assignees: [user], source_project: project, target_project: project, created_at: base_time) + + expect do + get api("/projects/#{project.id}/merge_requests", user) + end.not_to exceed_query_limit(control) + end end end diff --git a/spec/requests/api/settings_spec.rb b/spec/requests/api/settings_spec.rb index c50cb4a5927..3190de03d1a 100644 --- a/spec/requests/api/settings_spec.rb +++ b/spec/requests/api/settings_spec.rb @@ -18,6 +18,7 @@ describe API::Settings, 'Settings' do expect(json_response['password_authentication_enabled']).to be_truthy expect(json_response['plantuml_enabled']).to be_falsey expect(json_response['plantuml_url']).to be_nil + expect(json_response['default_ci_config_path']).to be_nil expect(json_response['default_project_visibility']).to be_a String expect(json_response['default_snippet_visibility']).to be_a String expect(json_response['default_group_visibility']).to be_a String @@ -49,6 +50,7 @@ describe API::Settings, 'Settings' do it "updates application settings" do put api("/application/settings", admin), params: { + default_ci_config_path: 'debian/salsa-ci.yml', default_projects_limit: 3, default_project_creation: 2, password_authentication_enabled_for_web: false, @@ -80,6 +82,7 @@ describe API::Settings, 'Settings' do } expect(response).to have_gitlab_http_status(200) + expect(json_response['default_ci_config_path']).to eq('debian/salsa-ci.yml') expect(json_response['default_projects_limit']).to eq(3) expect(json_response['default_project_creation']).to eq(::Gitlab::Access::DEVELOPER_MAINTAINER_PROJECT_ACCESS) expect(json_response['password_authentication_enabled_for_web']).to be_falsey diff --git a/vendor/ingress/modsecurity.conf b/vendor/ingress/modsecurity.conf index ee702a50ed5..3a6b5cee2e5 100644 --- a/vendor/ingress/modsecurity.conf +++ b/vendor/ingress/modsecurity.conf @@ -236,7 +236,8 @@ SecAuditLogParts ABIJDEFHZ # assumes that you will use the audit log only ocassionally. # # SecAuditLogType Serial -SecAuditLog /var/log/modsec_audit.log +SecAuditLogFormat JSON +SecAuditLog /var/log/modsec/audit.log # Specify the path for concurrent audit logging. #SecAuditLogStorageDir /opt/modsecurity/var/audit/ |