diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-02-13 21:08:20 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-02-13 21:08:20 +0000 |
| commit | 4f4b85e1c7f7a5518f12a6981709cf3ef3f0f653 (patch) | |
| tree | 8adfdbfb57def6abe06a2cb3a0f058a861612c67 | |
| parent | 04befb368f4b170ce19bb2c7c8739baa08b04a0a (diff) | |
| download | gitlab-ce-4f4b85e1c7f7a5518f12a6981709cf3ef3f0f653.tar.gz | |
Add latest changes from gitlab-org/gitlab@master
75 files changed, 764 insertions, 500 deletions
diff --git a/.markdownlint.yml b/.markdownlint.yml index 6be0b9fad29..b77e7c488cd 100644 --- a/.markdownlint.yml +++ b/.markdownlint.yml @@ -33,7 +33,6 @@ proper-names: "API", "Asana", "Auth0", - "Authentiq", "Azure", "Bamboo", "Bitbucket", diff --git a/.rubocop.yml b/.rubocop.yml index 65a896f6f16..3489c2e2534 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -526,12 +526,14 @@ RSpec/FactoryBot/AvoidCreate: - 'spec/views/**/*.rb' - 'spec/components/**/*.rb' - 'spec/mailers/**/*.rb' + - 'spec/routes/directs/*.rb' - 'ee/spec/presenters/**/*.rb' - 'ee/spec/serializers/**/*.rb' - 'ee/spec/helpers/**/*.rb' - 'ee/spec/views/**/*.rb' - 'ee/spec/components/**/*.rb' - 'ee/spec/mailers/**/*.rb' + - 'ee/spec/routes/directs/*.rb' RSpec/FactoryBot/StrategyInCallback: Enabled: true diff --git a/.rubocop_todo/rspec/invalid_feature_category.yml b/.rubocop_todo/rspec/invalid_feature_category.yml index fc5cb5eba93..53ed05b881c 100644 --- a/.rubocop_todo/rspec/invalid_feature_category.yml +++ b/.rubocop_todo/rspec/invalid_feature_category.yml @@ -34,16 +34,7 @@ RSpec/InvalidFeatureCategory: - 'spec/features/monitor_sidebar_link_spec.rb' - 'spec/features/unsubscribe_links_spec.rb' - 'spec/features/whats_new_spec.rb' - - 'spec/lib/api/base_spec.rb' - 'spec/lib/api/helpers_spec.rb' - - 'spec/lib/gitlab/application_context_spec.rb' - - 'spec/lib/gitlab/error_tracking/context_payload_generator_spec.rb' - - 'spec/lib/gitlab/error_tracking_spec.rb' - - 'spec/lib/gitlab/graphql/tracers/logger_tracer_spec.rb' - - 'spec/lib/gitlab/graphql/tracers/metrics_tracer_spec.rb' - - 'spec/lib/gitlab/metrics/background_transaction_spec.rb' - - 'spec/lib/gitlab/sidekiq_middleware/worker_context/client_spec.rb' - - 'spec/lib/gitlab/sidekiq_middleware/worker_context/server_spec.rb' - 'spec/lib/gitlab/slug/path_spec.rb' - 'spec/lib/gitlab/utils/strong_memoize_spec.rb' - 'spec/models/application_setting_spec.rb' @@ -71,7 +71,6 @@ gem 'omniauth-oauth2-generic', '~> 0.2.2' gem 'omniauth-saml', '~> 2.0.0' gem 'omniauth-twitter', '~> 1.4' gem 'omniauth_crowd', '~> 2.4.0', path: 'vendor/gems/omniauth_crowd' # See vendor/gems/omniauth_crowd/README.md -gem 'omniauth-authentiq', '~> 0.3.3' gem 'omniauth_openid_connect', '~> 0.6.0' # Locked until Ruby 3.0 upgrade since upgrading will pull in an updated net-smtp gem. # See https://docs.gitlab.com/ee/development/emails.html#rationale. diff --git a/Gemfile.checksum b/Gemfile.checksum index 2ba745a2e60..b1ad21e7fc0 100644 --- a/Gemfile.checksum +++ b/Gemfile.checksum @@ -391,7 +391,6 @@ {"name":"omniauth-alicloud","version":"2.0.1","platform":"ruby","checksum":"b14c425bca02b4d0f73e710ceb62c0f1f8533e0c427c1c495d2b40f87b3f48d3"}, {"name":"omniauth-atlassian-oauth2","version":"0.2.0","platform":"ruby","checksum":"eb07574a188ab8a03376ce288bce86bc2dd4a1382ffa5781cb5e2b7bc15d76c9"}, {"name":"omniauth-auth0","version":"2.0.0","platform":"ruby","checksum":"823769be7883b45b2fa94367c2f6a17f7b3b1333986016089c016d45827da545"}, -{"name":"omniauth-authentiq","version":"0.3.3","platform":"ruby","checksum":"11b3791085a130782bf14b0088653beeb085638a9548d7110a57d3cbbb54fb4c"}, {"name":"omniauth-azure-activedirectory-v2","version":"2.0.0","platform":"ruby","checksum":"c484cedd52cd233e3c216c4b3ed667ec07d20e51c550a613b65a0f90fe8ad072"}, {"name":"omniauth-dingtalk-oauth2","version":"1.0.1","platform":"ruby","checksum":"6545670f1c38344eaf960df9750c550a9534f790f888af088761a9e04269139b"}, {"name":"omniauth-facebook","version":"4.0.0","platform":"ruby","checksum":"05ae3565c8fdb38df8dab04eb8ca854ea6c18e81591d3e6598ce101293a2f20f"}, diff --git a/Gemfile.lock b/Gemfile.lock index 0de6fab1d2c..e1332aa7b74 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -997,9 +997,6 @@ GEM omniauth-oauth2 (>= 1.5) omniauth-auth0 (2.0.0) omniauth-oauth2 (~> 1.4) - omniauth-authentiq (0.3.3) - jwt (>= 1.5) - omniauth-oauth2 (>= 1.5) omniauth-azure-activedirectory-v2 (2.0.0) omniauth-oauth2 (~> 1.8) omniauth-dingtalk-oauth2 (1.0.1) @@ -1771,7 +1768,6 @@ DEPENDENCIES omniauth-alicloud (~> 2.0.1) omniauth-atlassian-oauth2 (~> 0.2.0) omniauth-auth0 (~> 2.0.0) - omniauth-authentiq (~> 0.3.3) omniauth-azure-activedirectory-v2 (~> 2.0) omniauth-azure-oauth2 (~> 0.0.9)! omniauth-cas3 (~> 1.1.4)! diff --git a/app/assets/images/auth_buttons/authentiq_64.png b/app/assets/images/auth_buttons/authentiq_64.png Binary files differdeleted file mode 100644 index 81767bbcc54..00000000000 --- a/app/assets/images/auth_buttons/authentiq_64.png +++ /dev/null diff --git a/app/assets/javascripts/token_access/components/inbound_token_access.vue b/app/assets/javascripts/token_access/components/inbound_token_access.vue index 1a225550c95..feaf9072ee2 100644 --- a/app/assets/javascripts/token_access/components/inbound_token_access.vue +++ b/app/assets/javascripts/token_access/components/inbound_token_access.vue @@ -116,7 +116,7 @@ export default { return this.targetProjectPath === ''; }, ciJobTokenHelpPage() { - return helpPagePath('ci/jobs/ci_job_token'); + return helpPagePath('ci/jobs/ci_job_token#allow-access-to-your-project-with-a-job-token'); }, }, methods: { diff --git a/app/assets/javascripts/token_access/components/outbound_token_access.vue b/app/assets/javascripts/token_access/components/outbound_token_access.vue index 47ec0910a7b..0deae1a1d82 100644 --- a/app/assets/javascripts/token_access/components/outbound_token_access.vue +++ b/app/assets/javascripts/token_access/components/outbound_token_access.vue @@ -114,7 +114,7 @@ export default { return this.targetProjectPath === ''; }, ciJobTokenHelpPage() { - return helpPagePath('ci/jobs/ci_job_token'); + return helpPagePath('ci/jobs/ci_job_token#limit-your-projects-job-token-access'); }, }, methods: { diff --git a/app/assets/javascripts/token_access/components/token_access_app.vue b/app/assets/javascripts/token_access/components/token_access_app.vue index 410a6267dc8..59d59757735 100644 --- a/app/assets/javascripts/token_access/components/token_access_app.vue +++ b/app/assets/javascripts/token_access/components/token_access_app.vue @@ -20,8 +20,8 @@ export default { </script> <template> <div> - <outbound-token-access /> - <inbound-token-access v-if="inboundTokenAccessEnabled" class="gl-pt-5" /> + <inbound-token-access v-if="inboundTokenAccessEnabled" class="gl-pb-5" /> + <outbound-token-access class="gl-py-5" /> <opt-in-jwt /> </div> </template> diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb index 5bd3b74af1f..4046433f8ea 100644 --- a/app/controllers/omniauth_callbacks_controller.rb +++ b/app/controllers/omniauth_callbacks_controller.rb @@ -61,14 +61,6 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController handle_omniauth end - def authentiq - if params['sid'] - handle_service_ticket oauth['provider'], params['sid'] - end - - handle_omniauth - end - def auth0 if oauth['uid'].blank? fail_auth0_login diff --git a/app/helpers/auth_helper.rb b/app/helpers/auth_helper.rb index f818088a4c6..e2e89c9abca 100644 --- a/app/helpers/auth_helper.rb +++ b/app/helpers/auth_helper.rb @@ -5,7 +5,6 @@ module AuthHelper alicloud atlassian_oauth2 auth0 - authentiq azure_activedirectory_v2 azure_oauth2 bitbucket diff --git a/app/helpers/timeboxes_routing_helper.rb b/app/helpers/timeboxes_routing_helper.rb deleted file mode 100644 index 6a5bef74dc9..00000000000 --- a/app/helpers/timeboxes_routing_helper.rb +++ /dev/null @@ -1,21 +0,0 @@ -# frozen_string_literal: true - -module TimeboxesRoutingHelper - def milestone_path(milestone, *args) - if milestone.group_milestone? - group_milestone_path(milestone.group, milestone, *args) - elsif milestone.project_milestone? - project_milestone_path(milestone.project, milestone, *args) - end - end - - def milestone_url(milestone, *args) - if milestone.group_milestone? - group_milestone_url(milestone.group, milestone, *args) - elsif milestone.project_milestone? - project_milestone_url(milestone.project, milestone, *args) - end - end -end - -TimeboxesRoutingHelper.prepend_mod_with('TimeboxesRoutingHelper') diff --git a/app/models/concerns/taskable.rb b/app/models/concerns/taskable.rb index 8297221d5be..f9eba4cc2fe 100644 --- a/app/models/concerns/taskable.rb +++ b/app/models/concerns/taskable.rb @@ -27,7 +27,7 @@ module Taskable # ignore tasks in code or html comment blocks. HTML blocks # are ok as we allow tasks inside <detail> blocks REGEX = %r{ - #{::Gitlab::Regex.markdown_code_or_html_comment_blocks} + #{::Gitlab::Regex.markdown_code_or_html_comments} | (?<task_item> #{ITEM_PATTERN} diff --git a/app/models/namespace.rb b/app/models/namespace.rb index a0d44bcc26e..9d9b09e3562 100644 --- a/app/models/namespace.rb +++ b/app/models/namespace.rb @@ -141,12 +141,14 @@ class Namespace < ApplicationRecord :npm_package_requests_forwarding, to: :package_settings + before_save :update_new_emails_created_column, if: -> { emails_disabled_changed? } before_create :sync_share_with_group_lock_with_parent before_update :sync_share_with_group_lock_with_parent, if: :parent_changed? after_update :force_share_with_group_lock_on_descendants, if: -> { saved_change_to_share_with_group_lock? && share_with_group_lock? } after_update :expire_first_auto_devops_config_cache, if: -> { saved_change_to_auto_devops_enabled? } after_update :move_dir, if: :saved_change_to_path_or_parent?, unless: -> { is_a?(Namespaces::ProjectNamespace) } after_destroy :rm_dir + after_save :reload_namespace_details after_commit :refresh_access_of_projects_invited_groups, on: :update, if: -> { previous_changes.key?('share_with_group_lock') } @@ -599,6 +601,17 @@ class Namespace < ApplicationRecord private + def update_new_emails_created_column + return if namespace_settings.nil? + return if namespace_settings.emails_enabled == !emails_disabled + + if namespace_settings.persisted? + namespace_settings.update!(emails_enabled: !emails_disabled) + elsif namespace_settings + namespace_settings.emails_enabled = !emails_disabled + end + end + def cluster_enabled_granted? (Gitlab.com? || Gitlab.dev_or_test_env?) && root_ancestor.cluster_enabled_grant.present? end diff --git a/app/models/project.rb b/app/models/project.rb index 2bc39982970..27be84d787e 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -119,6 +119,7 @@ class Project < ApplicationRecord before_validation :remove_leading_spaces_on_name after_validation :check_pending_delete before_save :ensure_runners_token + before_save :update_new_emails_created_column, if: -> { emails_disabled_changed? } after_create -> { create_or_load_association(:project_feature) } after_create -> { create_or_load_association(:ci_cd_settings) } @@ -3388,6 +3389,17 @@ class Project < ApplicationRecord ProjectFeature::PRIVATE end end + + def update_new_emails_created_column + return if project_setting.nil? + return if project_setting.emails_enabled == !emails_disabled + + if project_setting.persisted? + project_setting.update!(emails_enabled: !emails_disabled) + elsif project_setting + project_setting.emails_enabled = !emails_disabled + end + end end Project.prepend_mod_with('Project') diff --git a/config/feature_flags/development/ci_batch_request_for_local_and_project_includes.yml b/config/feature_flags/development/ci_batch_request_for_local_and_project_includes.yml deleted file mode 100644 index 64c7f4e2e3b..00000000000 --- a/config/feature_flags/development/ci_batch_request_for_local_and_project_includes.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -name: ci_batch_request_for_local_and_project_includes -introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/108826 -rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/387974 -milestone: '15.9' -type: development -group: group::pipeline authoring -default_enabled: false diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example index 1b18f977e4f..5a9811c0e91 100644 --- a/config/gitlab.yml.example +++ b/config/gitlab.yml.example @@ -1072,16 +1072,6 @@ production: &base # login_url: '/cas/login', # service_validate_url: '/cas/p3/serviceValidate', # logout_url: '/cas/logout' } } - # - { name: 'authentiq', - # # for client credentials (client ID and secret), go to https://www.authentiq.com/developers - # app_id: 'YOUR_CLIENT_ID', - # app_secret: 'YOUR_CLIENT_SECRET', - # args: { - # scope: 'aq:name email~rs address aq:push' - # # callback_url parameter is optional except when 'gitlab.host' in this file is set to 'localhost' - # # callback_url: 'YOUR_CALLBACK_URL' - # } - # } # - { name: 'github', # app_id: 'YOUR_APP_ID', # app_secret: 'YOUR_APP_SECRET', @@ -1628,10 +1618,6 @@ test: client_id: 'YOUR_AUTH0_CLIENT_ID', client_secret: 'YOUR_AUTH0_CLIENT_SECRET', namespace: 'YOUR_AUTH0_DOMAIN' } } - - { name: 'authentiq', - app_id: 'YOUR_CLIENT_ID', - app_secret: 'YOUR_CLIENT_SECRET', - args: { scope: 'aq:name email~rs address aq:push' } } - { name: 'salesforce', app_id: 'YOUR_CLIENT_ID', app_secret: 'YOUR_CLIENT_SECRET' diff --git a/config/routes.rb b/config/routes.rb index af1ecc687e0..27ea8679de0 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -299,7 +299,7 @@ InitializerConnections.with_disabled_database_connections do # TODO: We don't need the `Gitlab::Routing` module at all as we can use # the `direct` DSL method of Rails to define url helpers. Move all the # custom url helpers to use the `direct` DSL method and remove the `Gitlab::Routing`. - # For more information: https://gitlab.com/gitlab-org/gitlab/-/issues/299583 + # For more information: https://gitlab.com/groups/gitlab-org/-/epics/9866 Gitlab::Application.routes.set.filter_map { |route| route.name if route.name&.include?('namespace_project') }.each do |name| new_name = name.sub('namespace_project', 'project') @@ -315,7 +315,9 @@ InitializerConnections.with_disabled_database_connections do root to: "root#index" get '*unmatched_route', to: 'application#route_not_found', format: false - end - Gitlab::Routing.add_helpers(TimeboxesRoutingHelper) + # Load all custom URLs definitions via `direct' after the last route + # definition. + draw :directs + end end diff --git a/config/routes/directs.rb b/config/routes/directs.rb new file mode 100644 index 00000000000..f28750b5c2e --- /dev/null +++ b/config/routes/directs.rb @@ -0,0 +1,5 @@ +# frozen_string_literal: true + +# Custom URL definitions for the Community Edition. + +draw 'directs/milestone' diff --git a/config/routes/directs/milestone.rb b/config/routes/directs/milestone.rb new file mode 100644 index 00000000000..5a8086cca25 --- /dev/null +++ b/config/routes/directs/milestone.rb @@ -0,0 +1,11 @@ +# frozen_string_literal: true + +# @!method milestone_path(milestone, options = {}) +# @!method milestone_url(milestone, options = {}) +direct(:milestone) do |milestone, *args| + if milestone.group_milestone? + [milestone.group, milestone, *args] + elsif milestone.project_milestone? + [milestone.project, milestone, *args] + end +end diff --git a/db/migrate/20221116134507_add_projects_emails_enabled_column.rb b/db/migrate/20221116134507_add_projects_emails_enabled_column.rb new file mode 100644 index 00000000000..1499ea2752b --- /dev/null +++ b/db/migrate/20221116134507_add_projects_emails_enabled_column.rb @@ -0,0 +1,7 @@ +# frozen_string_literal: true +class AddProjectsEmailsEnabledColumn < Gitlab::Database::Migration[2.0] + enable_lock_retries! + def change + add_column :project_settings, :emails_enabled, :boolean, default: true, null: false + end +end diff --git a/db/migrate/20221116134539_add_namespaces_emails_enabled_column.rb b/db/migrate/20221116134539_add_namespaces_emails_enabled_column.rb new file mode 100644 index 00000000000..e979cbb8aa5 --- /dev/null +++ b/db/migrate/20221116134539_add_namespaces_emails_enabled_column.rb @@ -0,0 +1,8 @@ +# frozen_string_literal: true +class AddNamespacesEmailsEnabledColumn < Gitlab::Database::Migration[2.0] + enable_lock_retries! + + def change + add_column :namespace_settings, :emails_enabled, :boolean, default: true, null: false + end +end diff --git a/db/post_migrate/20221116134611_add_namespaces_emails_enabled_column_data.rb b/db/post_migrate/20221116134611_add_namespaces_emails_enabled_column_data.rb new file mode 100644 index 00000000000..e3efc18f3fd --- /dev/null +++ b/db/post_migrate/20221116134611_add_namespaces_emails_enabled_column_data.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true +class AddNamespacesEmailsEnabledColumnData < Gitlab::Database::Migration[2.0] + disable_ddl_transaction! + restrict_gitlab_migration gitlab_schema: :gitlab_main + + MIGRATION = 'AddNamespacesEmailsEnabledColumnData' + DELAY_INTERVAL = 2.minutes.to_i + BATCH_SIZE = 200 + MAX_BATCH_SIZE = 1000 + SUB_BATCH_SIZE = 20 + + def up + queue_batched_background_migration( + MIGRATION, + :namespaces, + :id, + job_interval: DELAY_INTERVAL, + batch_size: BATCH_SIZE, + max_batch_size: MAX_BATCH_SIZE, + sub_batch_size: SUB_BATCH_SIZE, + gitlab_schema: :gitlab_main + ) + end + + def down + delete_batched_background_migration(MIGRATION, :namespaces, :id, []) + end +end diff --git a/db/post_migrate/20221116134633_add_projects_emails_enabled_column_data.rb b/db/post_migrate/20221116134633_add_projects_emails_enabled_column_data.rb new file mode 100644 index 00000000000..9f0edbd0707 --- /dev/null +++ b/db/post_migrate/20221116134633_add_projects_emails_enabled_column_data.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true +class AddProjectsEmailsEnabledColumnData < Gitlab::Database::Migration[2.0] + disable_ddl_transaction! + restrict_gitlab_migration gitlab_schema: :gitlab_main + + MIGRATION = 'AddProjectsEmailsEnabledColumnData' + DELAY_INTERVAL = 2.minutes.to_i + BATCH_SIZE = 200 + MAX_BATCH_SIZE = 1000 + SUB_BATCH_SIZE = 20 + + def up + queue_batched_background_migration( + MIGRATION, + :projects, + :id, + job_interval: DELAY_INTERVAL, + batch_size: BATCH_SIZE, + max_batch_size: MAX_BATCH_SIZE, + sub_batch_size: SUB_BATCH_SIZE, + gitlab_schema: :gitlab_main + ) + end + + def down + delete_batched_background_migration(MIGRATION, :projects, :id, []) + end +end diff --git a/db/schema_migrations/20221116134507 b/db/schema_migrations/20221116134507 new file mode 100644 index 00000000000..cb761de5adb --- /dev/null +++ b/db/schema_migrations/20221116134507 @@ -0,0 +1 @@ +80504a4700681db9e46d729f4175dc077fae7e1b0235c9178558293b83f7a006
\ No newline at end of file diff --git a/db/schema_migrations/20221116134539 b/db/schema_migrations/20221116134539 new file mode 100644 index 00000000000..4f25094c3a8 --- /dev/null +++ b/db/schema_migrations/20221116134539 @@ -0,0 +1 @@ +dd36d2586454c8799effa598c0a058a6adf332622877eae16dd95d468f9b3958
\ No newline at end of file diff --git a/db/schema_migrations/20221116134611 b/db/schema_migrations/20221116134611 new file mode 100644 index 00000000000..9e47c46b7e3 --- /dev/null +++ b/db/schema_migrations/20221116134611 @@ -0,0 +1 @@ +0668760d6df566ac3081bd9fa2a053497da7a7af652225e91831110435166dcb
\ No newline at end of file diff --git a/db/schema_migrations/20221116134633 b/db/schema_migrations/20221116134633 new file mode 100644 index 00000000000..3f89ce1ff9d --- /dev/null +++ b/db/schema_migrations/20221116134633 @@ -0,0 +1 @@ +ceaf6a2b15da0dde23ba37f1166aa5135a9dce1abbe9fca81a12a41cc0319fd9
\ No newline at end of file diff --git a/db/structure.sql b/db/structure.sql index 467cca32e58..f0098dbcb95 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -18427,6 +18427,7 @@ CREATE TABLE namespace_settings ( runner_registration_enabled boolean DEFAULT true, allow_runner_registration_token boolean DEFAULT true NOT NULL, unique_project_download_limit_alertlist integer[] DEFAULT '{}'::integer[] NOT NULL, + emails_enabled boolean DEFAULT true NOT NULL, CONSTRAINT check_0ba93c78c7 CHECK ((char_length(default_branch_name) <= 255)), CONSTRAINT namespace_settings_unique_project_download_limit_alertlist_size CHECK ((cardinality(unique_project_download_limit_alertlist) <= 100)), CONSTRAINT namespace_settings_unique_project_download_limit_allowlist_size CHECK ((cardinality(unique_project_download_limit_allowlist) <= 100)) @@ -20752,6 +20753,7 @@ CREATE TABLE project_settings ( only_allow_merge_if_all_status_checks_passed boolean DEFAULT false NOT NULL, mirror_branch_regex text, allow_pipeline_trigger_approve_deployment boolean DEFAULT false NOT NULL, + emails_enabled boolean DEFAULT true NOT NULL, CONSTRAINT check_2981f15877 CHECK ((char_length(jitsu_key) <= 100)), CONSTRAINT check_3a03e7557a CHECK ((char_length(previous_default_branch) <= 4096)), CONSTRAINT check_3ca5cbffe6 CHECK ((char_length(issue_branch_template) <= 255)), diff --git a/doc/.vale/gitlab/spelling-exceptions.txt b/doc/.vale/gitlab/spelling-exceptions.txt index 7d36887de39..a2a23c03aa3 100644 --- a/doc/.vale/gitlab/spelling-exceptions.txt +++ b/doc/.vale/gitlab/spelling-exceptions.txt @@ -48,7 +48,6 @@ auditability auditable Auth0 authenticator -Authentiq Authy autocomplete autocompleted diff --git a/doc/administration/auth/authentiq.md b/doc/administration/auth/authentiq.md index 4eabdddfc63..a32d2a2cf94 100644 --- a/doc/administration/auth/authentiq.md +++ b/doc/administration/auth/authentiq.md @@ -1,102 +1,12 @@ --- -type: reference stage: Manage group: Authentication and Authorization info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments +remove_date: '2023-02-22' +redirect_to: '../../integration/omniauth.md' --- -# Authentiq OmniAuth Provider **(FREE SELF)** +# Authentiq OmniAuth Provider (removed) **(FREE SELF)** -To enable the Authentiq OmniAuth provider for passwordless authentication, you must register an application with Authentiq. - -Authentiq generates a Client ID and the accompanying Client Secret for you to use. - -1. Get your Client credentials (Client ID and Client Secret) at [Authentiq](https://www.authentiq.com/developers). - -1. On your GitLab server, open the configuration file: - - For omnibus installation - - ```shell - sudo editor /etc/gitlab/gitlab.rb - ``` - - For installations from source: - - ```shell - sudo -u git -H editor /home/git/gitlab/config/gitlab.yml - ``` - -1. Edit the [common configuration file settings](../../integration/omniauth.md#configure-common-settings) - to add `authentiq` as a single sign-on provider. This enables Just-In-Time - account provisioning for users who do not have an existing GitLab account. - -1. Add the provider configuration for Authentiq: - - For Omnibus packages: - - ```ruby - gitlab_rails['omniauth_providers'] = [ - { - name: "authentiq", - # label: "Provider name", # optional label for login button, defaults to "Authentiq" - app_id: "<your_client_id>", - app_secret: "<your_client_secret>", - args: { - "scope": 'aq:name email~rs address aq:push' - } - } - ] - ``` - - For installations from source: - - ```yaml - - { name: 'authentiq', - # label: 'Provider name', # optional label for login button, defaults to "Authentiq" - app_id: '<your_client_id>', - app_secret: '<your_client_secret>', - args: { - scope: 'aq:name email~rs address aq:push' - } - } - ``` - -1. The `scope` is set to request the: - - User's name. - - Required and signed email. - - Permission to send push notifications to sign in on subsequent visits. - - See [OmniAuth Authentiq strategy](https://github.com/AuthentiqID/omniauth-authentiq/wiki/Scopes,-callback-url-configuration-and-responses) for more information on scopes and modifiers. - -1. Change `<your_client_id>` and `<your_client_secret>` to the Client credentials you received from Authentiq. - -1. Save the configuration file. - -1. For the changes to take effect: - - [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) if you installed GitLab using Omnibus. - - [Restart GitLab](../restart_gitlab.md#installations-from-source) if you installed GitLab from source. - -On the sign in page there should now be an Authentiq icon below the regular sign in form. Select the -icon to begin the authentication process. If the user: - -- Has the Authentiq ID app installed in their iOS or Android device, they can: - 1. Scan the QR code. - 1. Decide what personal details to share. - 1. Sign in to your GitLab installation. -- Does not have the app installed, they are prompted to download the app and then follow the - previous procedure. - -If everything works, the user is returned to GitLab and is signed in. - -<!-- ## Troubleshooting - -Include any troubleshooting steps that you can foresee. If you know beforehand what issues -one might have when setting this up, or when something is changed, or on upgrading, it's -important to describe those, too. Think of things that may go wrong and include them here. -This is important to minimize requests for support, and to avoid doc comments with -questions that you know someone might ask. - -Each scenario can be a third-level heading, for example `### Getting error message X`. -If you have none to add when creating a doc, leave this section in place -but commented out to help encourage others to add to it in the future. --> +This feature was [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/389452) in 15.9. +Use another [OmniAuth provider](../../integration/omniauth.md) instead. diff --git a/doc/administration/reference_architectures/1k_users.md b/doc/administration/reference_architectures/1k_users.md index e63d3c0cc23..d3aa6fef51e 100644 --- a/doc/administration/reference_architectures/1k_users.md +++ b/doc/administration/reference_architectures/1k_users.md @@ -10,9 +10,9 @@ This page describes GitLab reference architecture for up to 1,000 users. For a full list of reference architectures, see [Available reference architectures](index.md#available-reference-architectures). -If you are serving up to 1,000 users and you don't have strict availability -requirements, a single-node solution with -[frequent backups](index.md#backups) is appropriate for +If you are serving up to 1,000 users, and you don't have strict availability +requirements, a [standalone](index.md#standalone-non-ha) single-node solution with +frequent backups is appropriate for many organizations. > - **Supported users (approximate):** 1,000 diff --git a/doc/administration/reference_architectures/2k_users.md b/doc/administration/reference_architectures/2k_users.md index b102842068a..ee26504902c 100644 --- a/doc/administration/reference_architectures/2k_users.md +++ b/doc/administration/reference_architectures/2k_users.md @@ -48,7 +48,7 @@ For a full list of reference architectures, see <!-- markdownlint-enable MD029 --> NOTE: -For all PaaS solutions that involve configuring instances, it is strongly recommended to implement a minimum of three nodes in three different availability zones to align with resilient cloud architecture practices. +For all PaaS solutions that involve configuring instances, it's recommended to deploy them over multiple availability zones for resilience if desired. ```plantuml @startuml 2k diff --git a/doc/administration/reference_architectures/index.md b/doc/administration/reference_architectures/index.md index b53355f8297..cfb076449c8 100644 --- a/doc/administration/reference_architectures/index.md +++ b/doc/administration/reference_architectures/index.md @@ -43,6 +43,14 @@ The following Cloud Native Hybrid reference architectures, where select recommen - [Up to 25,000 users](25k_users.md#cloud-native-hybrid-reference-architecture-with-helm-charts-alternative) - [Up to 50,000 users](50k_users.md#cloud-native-hybrid-reference-architecture-with-helm-charts-alternative) +## Before you start + +The first choice to consider is whether a Self Managed approach is correct for you and your requirements. + +Running any application in production is complex, and the same applies for GitLab. While we aim to make this as smooth as possible, there are still the general complexities. This depends on the design chosen, but typically you'll need to manage all aspects such as hardware, operating systems, networking, storage, security, GitLab itself, and more. + +As such, it's recommended that you have a working knowledge of running applications in production when deciding on going down this route. For users who want a more managed solution it's recommended to instead explore our other offerings such as [GitLab SaaS](../../subscriptions/gitlab_com/index.md) or [GitLab Dedicated](../../subscriptions/gitlab_dedicated/index.md). + ## Deciding which architecture to use The Reference Architectures are designed to strike a balance between two important factors--performance and resilience. @@ -53,13 +61,14 @@ As a general guide, **the more performant and/or resilient you want your environ This section explains the designs you can choose from. It begins with the least complexity, goes to the most, and ends with a decision tree. -### Backups +### Standalone (non-HA) -For environments serving 2,000 or fewer users we generally recommend that an [automated backup](../../raketasks/backup_gitlab.md#configuring-cron-to-make-daily-backups) strategy is used instead of HA. +For environments serving 2,000 or fewer users, we generally recommend a standalone approach by deploying a non-highly available single or multi-node environment. With this approach, you can employ strategies such as [automated backups](../../raketasks/backup_gitlab.md#configuring-cron-to-make-daily-backups) for recovery to provide a good level of RPO / RTO while avoiding the complexities that come with HA. -Depending on your setup and requirements, this can include configuring backups on any external services you may be using, such as Object Storage (AWS S3 / Google Cloud Storage) or Postgres (AWS RDS / Google Cloud SQL) backups for further resilience. +*[RTO]: Recovery time objective +*[RPO]: Recovery point objective -Backups can provide a good level of RPO / RTO while avoiding the complexities that come with HA. +With standalone setups, especially single node environments, there are [various options available for installation](../../install/index.md) and management including [the ability to deploy directly via select cloud provider marketplaces](https://page.gitlab.com/cloud-partner-marketplaces.html) that reduce the complexity a little further. ### High Availability (HA) @@ -100,6 +109,12 @@ With [GitLab Geo](../geo/index.md) you can have both distributed environments in This is an **advanced and complex** setup and should only be undertaken if you have DR as a key requirement. Decisions then on how each environment are configured would also need to be taken, such as if each environment itself would be the full size and / or have HA. +### Cloud provider services + +For all the previously described strategies, you can run select GitLab components on equivalent cloud provider services such as the PostgreSQL database or Redis. + +[For more information, see the recommended cloud providers and services](#recommended-cloud-providers-and-services). + ### Decision Tree Below you can find the above guidance in the form of a decision tree. It's recommended you read through the above guidance in full first before though. @@ -107,14 +122,30 @@ Below you can find the above guidance in the form of a decision tree. It's recom ```mermaid %%{init: { 'theme': 'base' } }%% graph TD - L1A(<b>What Reference Architecture should I use?</b>) --> L2A(More than 3000 users?) - L2A -->|No| L3A("<a href=#do-you-need-high-availability-ha>Do you need HA?</a><br>(or Zero-Downtime Upgrades)") --> |Yes| L4A><b>Recommendation</b><br><br>3K architecture with HA<br>including supported modifications] - L3A -->|No| L4B><b>Recommendation</b><br><br>Architecture closest to user<br>count with Backups] - L2A -->|Yes| L3B[Do you have experience with<br/>and want additional resilience<br/>with select components in Kubernetes?] - L3B -->|No| L4C><b>Recommendation</b><br><br>Architecture closest to user<br>count with HA] - L3B -->|Yes| L4D><b>Recommendation</b><br><br>Cloud Native Hybrid architecture<br>closest to user count] - - L5A("<a href=#gitlab-geo-cross-regional-distribution-disaster-recovery>Do you need cross regional distribution or disaster recovery?"</a>) --> |Yes| L6A><b>Additional Recommendation</b><br><br> GitLab Geo] + L1A(<b>What Reference Architecture should I use?</b>) + + L2A(3,000 users or more?) + L2B(2,000 users or less?) + + L3A("<a href=#do-you-need-high-availability-ha>Do you need HA?</a><br>(or Zero-Downtime Upgrades)") + L3B[Do you have experience with<br/>and want additional resilience<br/>with select components in Kubernetes?] + + L4A><b>Recommendation</b><br><br>3K architecture with HA<br>and supported reductions] + L4B><b>Recommendation</b><br><br>Architecture closest to user<br>count with HA] + L4C><b>Recommendation</b><br><br>Cloud Native Hybrid architecture<br>closest to user count] + L4D>"<b>Recommendation</b><br><br>Standalone 1K or 2K<br/>architecture with Backups"] + + L1A --> L2A + L1A --> L2B + L2A -->|Yes| L3B + L3B -->|Yes| L4C + L3B -->|No| L4B + + L2B --> L3A + L3A -->|Yes| L4A + L3A -->|No| L4D + + L5A("<a href=#gitlab-geo-cross-regional-distribution-disaster--recovery>Do you need cross regional distribution or disaster recovery?"</a>) --> |Yes| L6A><b>Additional Recommendation</b><br><br> GitLab Geo] L4A -.- L5A L4B -.- L5A L4C -.- L5A diff --git a/doc/install/install_methods.md b/doc/install/install_methods.md index a872941dfaf..af15dc3f085 100644 --- a/doc/install/install_methods.md +++ b/doc/install/install_methods.md @@ -26,7 +26,7 @@ You can install GitLab on several cloud providers. | Cloud provider | Description | |---------------------------------------------------------------|-------------| -| [AWS (HA)](aws/index.md) | Install GitLab on AWS using the community AMIs provided by GitLab. | +| [AWS](aws/index.md) | Install GitLab on AWS using the community AMIs provided by GitLab. | | [Google Cloud Platform (GCP)](google_cloud_platform/index.md) | Install GitLab on a VM in GCP. | | [Azure](azure/index.md) | Install GitLab from Azure Marketplace. | diff --git a/doc/integration/index.md b/doc/integration/index.md index d778d7c0856..195890ea4d8 100644 --- a/doc/integration/index.md +++ b/doc/integration/index.md @@ -29,7 +29,6 @@ You can integrate GitLab with the following authentication sources: - Enable sign-in with [LDAP](../administration/auth/ldap/index.md). - Enable creating [OAuth 2.0](oauth_provider.md) applications. - Use [OmniAuth](omniauth.md) to enable sign-in through: - - Authentiq ID - Azure - Bitbucket - Crowd diff --git a/doc/integration/omniauth.md b/doc/integration/omniauth.md index b25ba6a00e2..61019915c52 100644 --- a/doc/integration/omniauth.md +++ b/doc/integration/omniauth.md @@ -20,7 +20,6 @@ GitLab supports the following OmniAuth providers. | [AliCloud](alicloud.md) | `alicloud` | | [Atlassian](../administration/auth/atlassian.md) | `atlassian_oauth2` | | [Auth0](auth0.md) | `auth0` | -| [Authentiq](../administration/auth/authentiq.md) | `authentiq` | | [AWS Cognito](../administration/auth/cognito.md) | `cognito` | | [Azure v2](azure.md) | `azure_activedirectory_v2` | | [Azure v1](azure.md) | `azure_oauth2` | diff --git a/doc/topics/authentication/index.md b/doc/topics/authentication/index.md index c5027592354..c1d0a69e1f4 100644 --- a/doc/topics/authentication/index.md +++ b/doc/topics/authentication/index.md @@ -29,7 +29,6 @@ This page gathers all the resources for the topic **Authentication** within GitL - [Debugging LDAP](https://about.gitlab.com/handbook/support/workflows/debugging_ldap.html) - **Integrations:** - [OmniAuth](../../integration/omniauth.md) - - [Authentiq OmniAuth Provider](../../administration/auth/authentiq.md#authentiq-omniauth-provider) - [Atlassian Crowd OmniAuth Provider](../../administration/auth/crowd.md) - [CAS OmniAuth Provider](../../integration/cas.md) - [SAML OmniAuth Provider](../../integration/saml.md) diff --git a/doc/update/index.md b/doc/update/index.md index 303f8af21a8..1be8427a47e 100644 --- a/doc/update/index.md +++ b/doc/update/index.md @@ -269,17 +269,40 @@ and [Helm Chart deployments](https://docs.gitlab.com/charts/). They come with ap - This version removes `SanitizeConfidentialTodos` background migration [added](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/87908/diffs) in 15.6, which removed any user inaccessible to-do items. Make sure that this migration is finished before upgrading to 15.9. - As part of the [CI Partitioning effort](../architecture/blueprints/ci_data_decay/pipeline_partitioning.md), a [new Foreign Key](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/107547) was added to `ci_builds_needs`. On GitLab instances with large CI tables, adding this constraint can take longer than usual. Make sure that this migration is finished before upgrading to 15.9. +### 15.8.1 + +- Due to [a bug introduced in GitLab 15.4](https://gitlab.com/gitlab-org/gitlab/-/issues/390155), if one or more Git repositories in Gitaly Cluster is [unavailable](../administration/gitaly/recovery.md#unavailable-repositories), then [Repository checks](../administration/repository_checks.md#repository-checks) and [Geo replication and verification](../administration/geo/index.md) stop running for all project or project wiki repositories in the affected Gitaly Cluster. The bug was fixed by [reverting the change in GitLab 15.9.0](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110823). Before upgrading to this version, check if you have any "unavailable" repositories. See [the bug issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390155) for more information. + ### 15.8.0 - Git 2.38.0 and later is required by Gitaly. For installations from source, you should use the [Git version provided by Gitaly](../install/installation.md#git). +- Due to [a bug introduced in GitLab 15.4](https://gitlab.com/gitlab-org/gitlab/-/issues/390155), if one or more Git repositories in Gitaly Cluster is [unavailable](../administration/gitaly/recovery.md#unavailable-repositories), then [Repository checks](../administration/repository_checks.md#repository-checks) and [Geo replication and verification](../administration/geo/index.md) stop running for all project or project wiki repositories in the affected Gitaly Cluster. The bug was fixed by [reverting the change in GitLab 15.9.0](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110823). Before upgrading to this version, check if you have any "unavailable" repositories. See [the bug issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390155) for more information. + +### 15.7.6 + +- Due to [a bug introduced in GitLab 15.4](https://gitlab.com/gitlab-org/gitlab/-/issues/390155), if one or more Git repositories in Gitaly Cluster is [unavailable](../administration/gitaly/recovery.md#unavailable-repositories), then [Repository checks](../administration/repository_checks.md#repository-checks) and [Geo replication and verification](../administration/geo/index.md) stop running for all project or project wiki repositories in the affected Gitaly Cluster. The bug was fixed by [reverting the change in GitLab 15.9.0](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110823). Before upgrading to this version, check if you have any "unavailable" repositories. See [the bug issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390155) for more information. + +### 15.7.5 + +- Due to [a bug introduced in GitLab 15.4](https://gitlab.com/gitlab-org/gitlab/-/issues/390155), if one or more Git repositories in Gitaly Cluster is [unavailable](../administration/gitaly/recovery.md#unavailable-repositories), then [Repository checks](../administration/repository_checks.md#repository-checks) and [Geo replication and verification](../administration/geo/index.md) stop running for all project or project wiki repositories in the affected Gitaly Cluster. The bug was fixed by [reverting the change in GitLab 15.9.0](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110823). Before upgrading to this version, check if you have any "unavailable" repositories. See [the bug issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390155) for more information. + +### 15.7.4 + +- Due to [a bug introduced in GitLab 15.4](https://gitlab.com/gitlab-org/gitlab/-/issues/390155), if one or more Git repositories in Gitaly Cluster is [unavailable](../administration/gitaly/recovery.md#unavailable-repositories), then [Repository checks](../administration/repository_checks.md#repository-checks) and [Geo replication and verification](../administration/geo/index.md) stop running for all project or project wiki repositories in the affected Gitaly Cluster. The bug was fixed by [reverting the change in GitLab 15.9.0](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110823). Before upgrading to this version, check if you have any "unavailable" repositories. See [the bug issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390155) for more information. + +### 15.7.3 + +- Due to [a bug introduced in GitLab 15.4](https://gitlab.com/gitlab-org/gitlab/-/issues/390155), if one or more Git repositories in Gitaly Cluster is [unavailable](../administration/gitaly/recovery.md#unavailable-repositories), then [Repository checks](../administration/repository_checks.md#repository-checks) and [Geo replication and verification](../administration/geo/index.md) stop running for all project or project wiki repositories in the affected Gitaly Cluster. The bug was fixed by [reverting the change in GitLab 15.9.0](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110823). Before upgrading to this version, check if you have any "unavailable" repositories. See [the bug issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390155) for more information. ### 15.7.2 - Geo: [Container registry push events are rejected](https://gitlab.com/gitlab-org/gitlab/-/issues/386389) by the `/api/v4/container_registry_event/events` endpoint resulting in Geo secondary sites not being aware of updates to container registry images and subsequently not replicating the updates. Secondary sites may contain out of date container images after a failover as a consequence. This impacts versions 15.6.0 - 15.6.6 and 15.7.0 - 15.7.2. If you're using Geo with container repositories, you are advised to upgrade to GitLab 15.6.7, 15.7.3, or 15.8.0 which contain a fix for this issue and avoid potential data loss after a failover. +- Due to [a bug introduced in GitLab 15.4](https://gitlab.com/gitlab-org/gitlab/-/issues/390155), if one or more Git repositories in Gitaly Cluster is [unavailable](../administration/gitaly/recovery.md#unavailable-repositories), then [Repository checks](../administration/repository_checks.md#repository-checks) and [Geo replication and verification](../administration/geo/index.md) stop running for all project or project wiki repositories in the affected Gitaly Cluster. The bug was fixed by [reverting the change in GitLab 15.9.0](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110823). Before upgrading to this version, check if you have any "unavailable" repositories. See [the bug issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390155) for more information. ### 15.7.1 - Geo: [Container registry push events are rejected](https://gitlab.com/gitlab-org/gitlab/-/issues/386389) by the `/api/v4/container_registry_event/events` endpoint resulting in Geo secondary sites not being aware of updates to container registry images and subsequently not replicating the updates. Secondary sites may contain out of date container images after a failover as a consequence. This impacts versions 15.6.0 - 15.6.6 and 15.7.0 - 15.7.2. If you're using Geo with container repositories, you are advised to upgrade to GitLab 15.6.7, 15.7.3, or 15.8.0 which contain a fix for this issue and avoid potential data loss after a failover. +- Due to [a bug introduced in GitLab 15.4](https://gitlab.com/gitlab-org/gitlab/-/issues/390155), if one or more Git repositories in Gitaly Cluster is [unavailable](../administration/gitaly/recovery.md#unavailable-repositories), then [Repository checks](../administration/repository_checks.md#repository-checks) and [Geo replication and verification](../administration/geo/index.md) stop running for all project or project wiki repositories in the affected Gitaly Cluster. The bug was fixed by [reverting the change in GitLab 15.9.0](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110823). Before upgrading to this version, check if you have any "unavailable" repositories. See [the bug issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390155) for more information. ### 15.7.0 @@ -321,30 +344,41 @@ and [Helm Chart deployments](https://docs.gitlab.com/charts/). They come with ap Sites that have configured `max_concurrency` will not be affected by this change. [Read more about the Sidekiq concurrency setting](../administration/sidekiq/extra_sidekiq_processes.md#concurrency). - Geo: [Container registry push events are rejected](https://gitlab.com/gitlab-org/gitlab/-/issues/386389) by the `/api/v4/container_registry_event/events` endpoint resulting in Geo secondary sites not being aware of updates to container registry images and subsequently not replicating the updates. Secondary sites may contain out of date container images after a failover as a consequence. This impacts versions 15.6.0 - 15.6.6 and 15.7.0 - 15.7.2. If you're using Geo with container repositories, you are advised to upgrade to GitLab 15.6.7, 15.7.3, or 15.8.0 which contain a fix for this issue and avoid potential data loss after a failover. +- Due to [a bug introduced in GitLab 15.4](https://gitlab.com/gitlab-org/gitlab/-/issues/390155), if one or more Git repositories in Gitaly Cluster is [unavailable](../administration/gitaly/recovery.md#unavailable-repositories), then [Repository checks](../administration/repository_checks.md#repository-checks) and [Geo replication and verification](../administration/geo/index.md) stop running for all project or project wiki repositories in the affected Gitaly Cluster. The bug was fixed by [reverting the change in GitLab 15.9.0](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110823). Before upgrading to this version, check if you have any "unavailable" repositories. See [the bug issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390155) for more information. + +### 15.6.7 + +- Due to [a bug introduced in GitLab 15.4](https://gitlab.com/gitlab-org/gitlab/-/issues/390155), if one or more Git repositories in Gitaly Cluster is [unavailable](../administration/gitaly/recovery.md#unavailable-repositories), then [Repository checks](../administration/repository_checks.md#repository-checks) and [Geo replication and verification](../administration/geo/index.md) stop running for all project or project wiki repositories in the affected Gitaly Cluster. The bug was fixed by [reverting the change in GitLab 15.9.0](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110823). Before upgrading to this version, check if you have any "unavailable" repositories. See [the bug issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390155) for more information. ### 15.6.6 - Geo: [Container registry push events are rejected](https://gitlab.com/gitlab-org/gitlab/-/issues/386389) by the `/api/v4/container_registry_event/events` endpoint resulting in Geo secondary sites not being aware of updates to container registry images and subsequently not replicating the updates. Secondary sites may contain out of date container images after a failover as a consequence. This impacts versions 15.6.0 - 15.6.6 and 15.7.0 - 15.7.2. If you're using Geo with container repositories, you are advised to upgrade to GitLab 15.6.7, 15.7.3, or 15.8.0 which contain a fix for this issue and avoid potential data loss after a failover. +- Due to [a bug introduced in GitLab 15.4](https://gitlab.com/gitlab-org/gitlab/-/issues/390155), if one or more Git repositories in Gitaly Cluster is [unavailable](../administration/gitaly/recovery.md#unavailable-repositories), then [Repository checks](../administration/repository_checks.md#repository-checks) and [Geo replication and verification](../administration/geo/index.md) stop running for all project or project wiki repositories in the affected Gitaly Cluster. The bug was fixed by [reverting the change in GitLab 15.9.0](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110823). Before upgrading to this version, check if you have any "unavailable" repositories. See [the bug issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390155) for more information. ### 15.6.5 - Geo: [Container registry push events are rejected](https://gitlab.com/gitlab-org/gitlab/-/issues/386389) by the `/api/v4/container_registry_event/events` endpoint resulting in Geo secondary sites not being aware of updates to container registry images and subsequently not replicating the updates. Secondary sites may contain out of date container images after a failover as a consequence. This impacts versions 15.6.0 - 15.6.6 and 15.7.0 - 15.7.2. If you're using Geo with container repositories, you are advised to upgrade to GitLab 15.6.7, 15.7.3, or 15.8.0 which contain a fix for this issue and avoid potential data loss after a failover. +- Due to [a bug introduced in GitLab 15.4](https://gitlab.com/gitlab-org/gitlab/-/issues/390155), if one or more Git repositories in Gitaly Cluster is [unavailable](../administration/gitaly/recovery.md#unavailable-repositories), then [Repository checks](../administration/repository_checks.md#repository-checks) and [Geo replication and verification](../administration/geo/index.md) stop running for all project or project wiki repositories in the affected Gitaly Cluster. The bug was fixed by [reverting the change in GitLab 15.9.0](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110823). Before upgrading to this version, check if you have any "unavailable" repositories. See [the bug issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390155) for more information. ### 15.6.4 - Geo: [Container registry push events are rejected](https://gitlab.com/gitlab-org/gitlab/-/issues/386389) by the `/api/v4/container_registry_event/events` endpoint resulting in Geo secondary sites not being aware of updates to container registry images and subsequently not replicating the updates. Secondary sites may contain out of date container images after a failover as a consequence. This impacts versions 15.6.0 - 15.6.6, and 15.7.0 - 15.7.2. If you're using Geo with container repositories, you are advised to upgrade to GitLab 15.6.7, 15.7.3, or 15.8.0 which contain a fix for this issue and avoid potential data loss after a failover. +- Due to [a bug introduced in GitLab 15.4](https://gitlab.com/gitlab-org/gitlab/-/issues/390155), if one or more Git repositories in Gitaly Cluster is [unavailable](../administration/gitaly/recovery.md#unavailable-repositories), then [Repository checks](../administration/repository_checks.md#repository-checks) and [Geo replication and verification](../administration/geo/index.md) stop running for all project or project wiki repositories in the affected Gitaly Cluster. The bug was fixed by [reverting the change in GitLab 15.9.0](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110823). Before upgrading to this version, check if you have any "unavailable" repositories. See [the bug issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390155) for more information. ### 15.6.3 - Geo: [Container registry push events are rejected](https://gitlab.com/gitlab-org/gitlab/-/issues/386389) by the `/api/v4/container_registry_event/events` endpoint resulting in Geo secondary sites not being aware of updates to container registry images and subsequently not replicating the updates. Secondary sites may contain out of date container images after a failover as a consequence. This impacts versions 15.6.0 - 15.6.6 and 15.7.0 - 15.7.2. If you're using Geo with container repositories, you are advised to upgrade to GitLab 15.6.7, 15.7.3, or 15.8.0 which contain a fix for this issue and avoid potential data loss after a failover. +- Due to [a bug introduced in GitLab 15.4](https://gitlab.com/gitlab-org/gitlab/-/issues/390155), if one or more Git repositories in Gitaly Cluster is [unavailable](../administration/gitaly/recovery.md#unavailable-repositories), then [Repository checks](../administration/repository_checks.md#repository-checks) and [Geo replication and verification](../administration/geo/index.md) stop running for all project or project wiki repositories in the affected Gitaly Cluster. The bug was fixed by [reverting the change in GitLab 15.9.0](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110823). Before upgrading to this version, check if you have any "unavailable" repositories. See [the bug issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390155) for more information. ### 15.6.2 - Geo: [Container registry push events are rejected](https://gitlab.com/gitlab-org/gitlab/-/issues/386389) by the `/api/v4/container_registry_event/events` endpoint resulting in Geo secondary sites not being aware of updates to container registry images and subsequently not replicating the updates. Secondary sites may contain out of date container images after a failover as a consequence. This impacts versions 15.6.0 - 15.6.6 and 15.7.0 - 15.7.2. If you're using Geo with container repositories, you are advised to upgrade to GitLab 15.6.7, 15.7.3, or 15.8.0 which contain a fix for this issue and avoid potential data loss after a failover. +- Due to [a bug introduced in GitLab 15.4](https://gitlab.com/gitlab-org/gitlab/-/issues/390155), if one or more Git repositories in Gitaly Cluster is [unavailable](../administration/gitaly/recovery.md#unavailable-repositories), then [Repository checks](../administration/repository_checks.md#repository-checks) and [Geo replication and verification](../administration/geo/index.md) stop running for all project or project wiki repositories in the affected Gitaly Cluster. The bug was fixed by [reverting the change in GitLab 15.9.0](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110823). Before upgrading to this version, check if you have any "unavailable" repositories. See [the bug issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390155) for more information. ### 15.6.1 - Geo: [Container registry push events are rejected](https://gitlab.com/gitlab-org/gitlab/-/issues/386389) by the `/api/v4/container_registry_event/events` endpoint resulting in Geo secondary sites not being aware of updates to container registry images and subsequently not replicating the updates. Secondary sites may contain out of date container images after a failover as a consequence. This impacts versions 15.6.0 - 15.6.6 and 15.7.0 - 15.7.2. If you're using Geo with container repositories, you are advised to upgrade to GitLab 15.6.7, 15.7.3, or 15.8.0 which contain a fix for this issue and avoid potential data loss after a failover. +- Due to [a bug introduced in GitLab 15.4](https://gitlab.com/gitlab-org/gitlab/-/issues/390155), if one or more Git repositories in Gitaly Cluster is [unavailable](../administration/gitaly/recovery.md#unavailable-repositories), then [Repository checks](../administration/repository_checks.md#repository-checks) and [Geo replication and verification](../administration/geo/index.md) stop running for all project or project wiki repositories in the affected Gitaly Cluster. The bug was fixed by [reverting the change in GitLab 15.9.0](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110823). Before upgrading to this version, check if you have any "unavailable" repositories. See [the bug issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390155) for more information. ### 15.6.0 @@ -365,6 +399,51 @@ and [Helm Chart deployments](https://docs.gitlab.com/charts/). They come with ap to GitLab 15.6.2. The issue can also be worked around: [read about how to create these indexes](https://gitlab.com/gitlab-org/gitlab/-/issues/378343#note_1199863087). - Geo: [Container registry push events are rejected](https://gitlab.com/gitlab-org/gitlab/-/issues/386389) by the `/api/v4/container_registry_event/events` endpoint resulting in Geo secondary sites not being aware of updates to container registry images and subsequently not replicating the updates. Secondary sites may contain out of date container images after a failover as a consequence. This impacts versions 15.6.0 - 15.6.6 and 15.7.0 - 15.7.2. If you're using Geo with container repositories, you are advised to upgrade to GitLab 15.6.7, 15.7.3, or 15.8.0 which contain a fix for this issue and avoid potential data loss after a failover. +- Due to [a bug introduced in GitLab 15.4](https://gitlab.com/gitlab-org/gitlab/-/issues/390155), if one or more Git repositories in Gitaly Cluster is [unavailable](../administration/gitaly/recovery.md#unavailable-repositories), then [Repository checks](../administration/repository_checks.md#repository-checks) and [Geo replication and verification](../administration/geo/index.md) stop running for all project or project wiki repositories in the affected Gitaly Cluster. The bug was fixed by [reverting the change in GitLab 15.9.0](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110823). Before upgrading to this version, check if you have any "unavailable" repositories. See [the bug issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390155) for more information. + +### 15.5.5 + +- Due to [a bug introduced in GitLab 15.4](https://gitlab.com/gitlab-org/gitlab/-/issues/390155), if one or more Git repositories in Gitaly Cluster is [unavailable](../administration/gitaly/recovery.md#unavailable-repositories), then [Repository checks](../administration/repository_checks.md#repository-checks) and [Geo replication and verification](../administration/geo/index.md) stop running for all project or project wiki repositories in the affected Gitaly Cluster. The bug was fixed by [reverting the change in GitLab 15.9.0](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110823). Before upgrading to this version, check if you have any "unavailable" repositories. See [the bug issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390155) for more information. + +### 15.5.4 + +- Due to [a bug introduced in GitLab 15.4](https://gitlab.com/gitlab-org/gitlab/-/issues/390155), if one or more Git repositories in Gitaly Cluster is [unavailable](../administration/gitaly/recovery.md#unavailable-repositories), then [Repository checks](../administration/repository_checks.md#repository-checks) and [Geo replication and verification](../administration/geo/index.md) stop running for all project or project wiki repositories in the affected Gitaly Cluster. The bug was fixed by [reverting the change in GitLab 15.9.0](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110823). Before upgrading to this version, check if you have any "unavailable" repositories. See [the bug issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390155) for more information. + +### 15.5.3 + +- GitLab 15.4.0 introduced a default [Sidekiq routing rule](../administration/sidekiq/extra_sidekiq_routing.md) that routes all jobs to the `default` queue. For instances using [queue selectors](../administration/sidekiq/processing_specific_job_classes.md#queue-selectors), this will cause [performance problems](https://gitlab.com/gitlab-com/gl-infra/scalability/-/issues/1991) as some Sidekiq processes will be idle. + - The default routing rule has been reverted in 15.5.4, so upgrading to that version or later will return to the previous behavior. + - If a GitLab instance now listens only to the `default` queue (which is not currently recommended), it will be required to add this routing rule back in `/etc/gitlab/gitlab.rb`: + + ```ruby + sidekiq['routing_rules'] = [['*', 'default']] + ``` + +- Due to [a bug introduced in GitLab 15.4](https://gitlab.com/gitlab-org/gitlab/-/issues/390155), if one or more Git repositories in Gitaly Cluster is [unavailable](../administration/gitaly/recovery.md#unavailable-repositories), then [Repository checks](../administration/repository_checks.md#repository-checks) and [Geo replication and verification](../administration/geo/index.md) stop running for all project or project wiki repositories in the affected Gitaly Cluster. The bug was fixed by [reverting the change in GitLab 15.9.0](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110823). Before upgrading to this version, check if you have any "unavailable" repositories. See [the bug issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390155) for more information. + +### 15.5.2 + +- GitLab 15.4.0 introduced a default [Sidekiq routing rule](../administration/sidekiq/extra_sidekiq_routing.md) that routes all jobs to the `default` queue. For instances using [queue selectors](../administration/sidekiq/processing_specific_job_classes.md#queue-selectors), this will cause [performance problems](https://gitlab.com/gitlab-com/gl-infra/scalability/-/issues/1991) as some Sidekiq processes will be idle. + - The default routing rule has been reverted in 15.5.4, so upgrading to that version or later will return to the previous behavior. + - If a GitLab instance now listens only to the `default` queue (which is not currently recommended), it will be required to add this routing rule back in `/etc/gitlab/gitlab.rb`: + + ```ruby + sidekiq['routing_rules'] = [['*', 'default']] + ``` + +- Due to [a bug introduced in GitLab 15.4](https://gitlab.com/gitlab-org/gitlab/-/issues/390155), if one or more Git repositories in Gitaly Cluster is [unavailable](../administration/gitaly/recovery.md#unavailable-repositories), then [Repository checks](../administration/repository_checks.md#repository-checks) and [Geo replication and verification](../administration/geo/index.md) stop running for all project or project wiki repositories in the affected Gitaly Cluster. The bug was fixed by [reverting the change in GitLab 15.9.0](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110823). Before upgrading to this version, check if you have any "unavailable" repositories. See [the bug issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390155) for more information. + +### 15.5.1 + +- GitLab 15.4.0 introduced a default [Sidekiq routing rule](../administration/sidekiq/extra_sidekiq_routing.md) that routes all jobs to the `default` queue. For instances using [queue selectors](../administration/sidekiq/processing_specific_job_classes.md#queue-selectors), this will cause [performance problems](https://gitlab.com/gitlab-com/gl-infra/scalability/-/issues/1991) as some Sidekiq processes will be idle. + - The default routing rule has been reverted in 15.5.4, so upgrading to that version or later will return to the previous behavior. + - If a GitLab instance now listens only to the `default` queue (which is not currently recommended), it will be required to add this routing rule back in `/etc/gitlab/gitlab.rb`: + + ```ruby + sidekiq['routing_rules'] = [['*', 'default']] + ``` + +- Due to [a bug introduced in GitLab 15.4](https://gitlab.com/gitlab-org/gitlab/-/issues/390155), if one or more Git repositories in Gitaly Cluster is [unavailable](../administration/gitaly/recovery.md#unavailable-repositories), then [Repository checks](../administration/repository_checks.md#repository-checks) and [Geo replication and verification](../administration/geo/index.md) stop running for all project or project wiki repositories in the affected Gitaly Cluster. The bug was fixed by [reverting the change in GitLab 15.9.0](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110823). Before upgrading to this version, check if you have any "unavailable" repositories. See [the bug issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390155) for more information. ### 15.5.0 @@ -376,15 +455,43 @@ and [Helm Chart deployments](https://docs.gitlab.com/charts/). They come with ap sidekiq['routing_rules'] = [['*', 'default']] ``` -### 15.4.1 +- Due to [a bug introduced in GitLab 15.4](https://gitlab.com/gitlab-org/gitlab/-/issues/390155), if one or more Git repositories in Gitaly Cluster is [unavailable](../administration/gitaly/recovery.md#unavailable-repositories), then [Repository checks](../administration/repository_checks.md#repository-checks) and [Geo replication and verification](../administration/geo/index.md) stop running for all project or project wiki repositories in the affected Gitaly Cluster. The bug was fixed by [reverting the change in GitLab 15.9.0](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110823). Before upgrading to this version, check if you have any "unavailable" repositories. See [the bug issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390155) for more information. -A [license caching issue](https://gitlab.com/gitlab-org/gitlab/-/issues/376706) prevents some premium features of GitLab from working correctly if you add a new license. Workarounds for this issue: +### 15.4.6 -- Restart all Rails, Sidekiq and Gitaly nodes after applying a new license. This clears the relevant license caches and allows all premium features to operate correctly. -- Upgrade to a version that is not impacted by this issue. The following upgrade paths are available for impacted versions: - - 15.2.5 --> 15.3.5 - - 15.3.0 - 15.3.4 --> 15.3.5 - - 15.4.1 --> 15.4.3 +- Due to [a bug introduced in GitLab 15.4](https://gitlab.com/gitlab-org/gitlab/-/issues/390155), if one or more Git repositories in Gitaly Cluster is [unavailable](../administration/gitaly/recovery.md#unavailable-repositories), then [Repository checks](../administration/repository_checks.md#repository-checks) and [Geo replication and verification](../administration/geo/index.md) stop running for all project or project wiki repositories in the affected Gitaly Cluster. The bug was fixed by [reverting the change in GitLab 15.9.0](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110823). Before upgrading to this version, check if you have any "unavailable" repositories. See [the bug issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390155) for more information. + +### 15.4.5 + +- Due to [a bug introduced in GitLab 15.4](https://gitlab.com/gitlab-org/gitlab/-/issues/390155), if one or more Git repositories in Gitaly Cluster is [unavailable](../administration/gitaly/recovery.md#unavailable-repositories), then [Repository checks](../administration/repository_checks.md#repository-checks) and [Geo replication and verification](../administration/geo/index.md) stop running for all project or project wiki repositories in the affected Gitaly Cluster. The bug was fixed by [reverting the change in GitLab 15.9.0](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110823). Before upgrading to this version, check if you have any "unavailable" repositories. See [the bug issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390155) for more information. + +### 15.4.4 + +- Due to [a bug introduced in GitLab 15.4](https://gitlab.com/gitlab-org/gitlab/-/issues/390155), if one or more Git repositories in Gitaly Cluster is [unavailable](../administration/gitaly/recovery.md#unavailable-repositories), then [Repository checks](../administration/repository_checks.md#repository-checks) and [Geo replication and verification](../administration/geo/index.md) stop running for all project or project wiki repositories in the affected Gitaly Cluster. The bug was fixed by [reverting the change in GitLab 15.9.0](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110823). Before upgrading to this version, check if you have any "unavailable" repositories. See [the bug issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390155) for more information. + +### 15.4.3 + +- Due to [a bug introduced in GitLab 15.4](https://gitlab.com/gitlab-org/gitlab/-/issues/390155), if one or more Git repositories in Gitaly Cluster is [unavailable](../administration/gitaly/recovery.md#unavailable-repositories), then [Repository checks](../administration/repository_checks.md#repository-checks) and [Geo replication and verification](../administration/geo/index.md) stop running for all project or project wiki repositories in the affected Gitaly Cluster. The bug was fixed by [reverting the change in GitLab 15.9.0](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110823). Before upgrading to this version, check if you have any "unavailable" repositories. See [the bug issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390155) for more information. + +### 15.4.2 + +- A [license caching issue](https://gitlab.com/gitlab-org/gitlab/-/issues/376706) prevents some premium features of GitLab from working correctly if you add a new license. Workarounds for this issue: + - Restart all Rails, Sidekiq and Gitaly nodes after applying a new license. This clears the relevant license caches and allows all premium features to operate correctly. + - Upgrade to a version that is not impacted by this issue. The following upgrade paths are available for impacted versions: + - 15.2.5 --> 15.3.5 + - 15.3.0 - 15.3.4 --> 15.3.5 + - 15.4.1 --> 15.4.3 +- Due to [a bug introduced in GitLab 15.4](https://gitlab.com/gitlab-org/gitlab/-/issues/390155), if one or more Git repositories in Gitaly Cluster is [unavailable](../administration/gitaly/recovery.md#unavailable-repositories), then [Repository checks](../administration/repository_checks.md#repository-checks) and [Geo replication and verification](../administration/geo/index.md) stop running for all project or project wiki repositories in the affected Gitaly Cluster. The bug was fixed by [reverting the change in GitLab 15.9.0](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110823). Before upgrading to this version, check if you have any "unavailable" repositories. See [the bug issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390155) for more information. + +### 15.4.1 + +- A [license caching issue](https://gitlab.com/gitlab-org/gitlab/-/issues/376706) prevents some premium features of GitLab from working correctly if you add a new license. Workarounds for this issue: + - Restart all Rails, Sidekiq and Gitaly nodes after applying a new license. This clears the relevant license caches and allows all premium features to operate correctly. + - Upgrade to a version that is not impacted by this issue. The following upgrade paths are available for impacted versions: + - 15.2.5 --> 15.3.5 + - 15.3.0 - 15.3.4 --> 15.3.5 + - 15.4.1 --> 15.4.3 +- Due to [a bug introduced in GitLab 15.4](https://gitlab.com/gitlab-org/gitlab/-/issues/390155), if one or more Git repositories in Gitaly Cluster is [unavailable](../administration/gitaly/recovery.md#unavailable-repositories), then [Repository checks](../administration/repository_checks.md#repository-checks) and [Geo replication and verification](../administration/geo/index.md) stop running for all project or project wiki repositories in the affected Gitaly Cluster. The bug was fixed by [reverting the change in GitLab 15.9.0](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110823). Before upgrading to this version, check if you have any "unavailable" repositories. See [the bug issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390155) for more information. ### 15.4.0 @@ -410,6 +517,7 @@ A [license caching issue](https://gitlab.com/gitlab-org/gitlab/-/issues/376706) [backfill `namespace_id` values on issues table](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/91921). This migration might take multiple hours or days to complete on larger GitLab instances. Make sure the migration has completed successfully before upgrading to 15.7.0 or later. +- Due to [a bug introduced in GitLab 15.4](https://gitlab.com/gitlab-org/gitlab/-/issues/390155), if one or more Git repositories in Gitaly Cluster is [unavailable](../administration/gitaly/recovery.md#unavailable-repositories), then [Repository checks](../administration/repository_checks.md#repository-checks) and [Geo replication and verification](../administration/geo/index.md) stop running for all project or project wiki repositories in the affected Gitaly Cluster. The bug was fixed by [reverting the change in GitLab 15.9.0](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110823). Before upgrading to this version, check if you have any "unavailable" repositories. See [the bug issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390155) for more information. ### 15.3.4 diff --git a/doc/user/group/saml_sso/index.md b/doc/user/group/saml_sso/index.md index 25723687ebd..e650b2dd130 100644 --- a/doc/user/group/saml_sso/index.md +++ b/doc/user/group/saml_sso/index.md @@ -262,59 +262,60 @@ See our [example configuration page](example_saml_config.md#azure-active-directo ``` 1. Set these values: - - For **Primary email**: `email`. - - For **First name**: `first_name`. - - For **Last name**: `last_name`. - - For **Name ID format**: `EMAIL`. - - For **NameID**: `Basic Information > Primary email`. + - For **Primary email**: `email` + - For **First name**: `first_name` + - For **Last name**: `last_name` + - For **Name ID format**: `EMAIL` + - For **NameID**: `Basic Information > Primary email` On the GitLab SAML SSO page, when you select **Verify SAML Configuration**, disregard the warning that recommends setting the **NameID** format to `persistent`. For details, see the [example configuration page](example_saml_config.md#google-workspace). -### Okta setup notes - -Follow the Okta documentation on [setting up a SAML application in Okta](https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/) with the notes below for consideration. +### Set up Okta <i class="fa fa-youtube-play youtube" aria-hidden="true"></i> For a demo of the Okta SAML setup including SCIM, see [Demo: Okta Group SAML & SCIM setup](https://youtu.be/0ES9HsZq0AQ). -| GitLab Setting | Okta Field | -| ------------------------------------ | ---------------------------------------------------------- | -| Identifier | Audience URI | -| Assertion consumer service URL | Single sign-on URL | -| GitLab single sign-on URL | Login page URL (under **Application Login Page** settings) | -| Identity provider single sign-on URL | Identity Provider Single Sign-On URL | +1. [Set up a SAML application in Okta](https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/). + The following GitLab settings correspond to the Okta fields. -Under the Okta **Single sign-on URL** field, check the option **Use this for Recipient URL and Destination URL**. + | GitLab setting | Okta field | + | ------------------------------------ | ---------------------------------------------------------- | + | Identifier | **Audience URI** | + | Assertion consumer service URL | **Single sign-on URL** | + | GitLab single sign-on URL | **Login page URL** (under **Application Login Page** settings) | + | Identity provider single sign-on URL | **Identity Provider Single Sign-On URL** | -For NameID, the following settings are recommended; for SCIM, the following settings are required: +1. Under the Okta **Single sign-on URL** field, select the **Use this for Recipient URL and Destination URL** checkbox. -- **Application username** (NameID) set to **Custom** `user.getInternalProperty("id")`. -- **Name ID Format** set to **Persistent**. +1. Set these values: + - For **Application username (NameID)**: **Custom** `user.getInternalProperty("id")` + - For **Name ID Format**: `Persistent` The Okta GitLab application available in the App Catalog only supports [SCIM](scim_setup.md). Support -for SAML is proposed in issue [216173](https://gitlab.com/gitlab-org/gitlab/-/issues/216173). +for SAML is proposed in [issue 216173](https://gitlab.com/gitlab-org/gitlab/-/issues/216173). -### OneLogin setup notes +### Set up OneLogin -OneLogin supports their own [GitLab (SaaS)](https://onelogin.service-now.com/support?id=kb_article&sys_id=92e4160adbf16cd0ca1c400e0b961923&kb_category=50984e84db738300d5505eea4b961913) -application. +OneLogin supports its own [GitLab (SaaS) application](https://onelogin.service-now.com/support?id=kb_article&sys_id=92e4160adbf16cd0ca1c400e0b961923&kb_category=50984e84db738300d5505eea4b961913). -If you decide to use the OneLogin generic [SAML Test Connector (Advanced)](https://onelogin.service-now.com/support?id=kb_article&sys_id=b2c19353dbde7b8024c780c74b9619fb&kb_category=93e869b0db185340d5505eea4b961934), -we recommend the ["Use the OneLogin SAML Test Connector" documentation](https://onelogin.service-now.com/support?id=kb_article&sys_id=93f95543db109700d5505eea4b96198f) with the following settings: +1. If you use the OneLogin generic + [SAML Test Connector (Advanced)](https://onelogin.service-now.com/support?id=kb_article&sys_id=b2c19353dbde7b8024c780c74b9619fb&kb_category=93e869b0db185340d5505eea4b961934), + you should [use the OneLogin SAML Test Connector](https://onelogin.service-now.com/support?id=kb_article&sys_id=93f95543db109700d5505eea4b96198f). The following GitLab settings correspond + to the OneLogin fields: -| GitLab Setting | OneLogin Field | -| ------------------------------------------------ | ---------------------------- | -| Identifier | Audience | -| Assertion consumer service URL | Recipient | -| Assertion consumer service URL | ACS (Consumer) URL | -| Assertion consumer service URL (escaped version) | ACS (Consumer) URL Validator | -| GitLab single sign-on URL | Login URL | -| Identity provider single sign-on URL | SAML 2.0 Endpoint | + | GitLab setting | OneLogin field | + | ------------------------------------------------ | -------------------------------- | + | Identifier | **Audience** | + | Assertion consumer service URL | **Recipient** | + | Assertion consumer service URL | **ACS (Consumer) URL** | + | Assertion consumer service URL (escaped version) | **ACS (Consumer) URL Validator** | + | GitLab single sign-on URL | **Login URL** | + | Identity provider single sign-on URL | **SAML 2.0 Endpoint** | -Recommended `NameID` value: `OneLogin ID`. +1. For **NameID**, use `OneLogin ID`. ### Change the SAML app diff --git a/doc/user/group/saml_sso/scim_setup.md b/doc/user/group/saml_sso/scim_setup.md index 74dc7e067dc..c6ff5dc63c3 100644 --- a/doc/user/group/saml_sso/scim_setup.md +++ b/doc/user/group/saml_sso/scim_setup.md @@ -133,7 +133,7 @@ Prerequisites: product tier is required to use SCIM on Okta. - [GitLab is configured](#configure-gitlab). - SAML application for [Okta](https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/) set up as - described in the [Okta setup notes](index.md#okta-setup-notes). + described in the [Okta setup notes](index.md#set-up-okta). - Your Okta SAML setup matches the [configuration steps exactly](index.md), especially the NameID configuration. To configure Okta for SCIM: diff --git a/lib/gitlab/background_migration/add_namespaces_emails_enabled_column_data.rb b/lib/gitlab/background_migration/add_namespaces_emails_enabled_column_data.rb new file mode 100644 index 00000000000..46e2d5cb930 --- /dev/null +++ b/lib/gitlab/background_migration/add_namespaces_emails_enabled_column_data.rb @@ -0,0 +1,32 @@ +# frozen_string_literal: true + +module Gitlab + module BackgroundMigration + # Iterates through the namespaces table and attempts to set the + # opposite of the value of the column "emails_disabled" to a new + # column in namespace_settings called emails_enabled + class AddNamespacesEmailsEnabledColumnData < BatchedMigrationJob + feature_category :database + operation_name :add_namespaces_emails_enabled_column_data + + # Targeted table + class NamespaceSetting < ApplicationRecord + self.table_name = 'namespace_settings' + end + + def perform + each_sub_batch do |sub_batch| + plucked_list = sub_batch.where('NOT emails_disabled IS NULL').pluck(:id, :emails_disabled) + next if plucked_list.empty? + + ApplicationRecord.connection.execute <<~SQL + UPDATE namespace_settings + SET emails_enabled= NOT subquery.emails_enabled + FROM (SELECT * FROM (#{Arel::Nodes::ValuesList.new(plucked_list).to_sql}) AS updates(namespace_id, emails_enabled)) AS subquery + WHERE namespace_settings.namespace_id=subquery.namespace_id + SQL + end + end + end + end +end diff --git a/lib/gitlab/background_migration/add_projects_emails_enabled_column_data.rb b/lib/gitlab/background_migration/add_projects_emails_enabled_column_data.rb new file mode 100644 index 00000000000..a0ce5d22597 --- /dev/null +++ b/lib/gitlab/background_migration/add_projects_emails_enabled_column_data.rb @@ -0,0 +1,32 @@ +# frozen_string_literal: true + +module Gitlab + module BackgroundMigration + # Iterates through the Projects table and attempts to set the + # opposite of the value of the column "emails_disabled" to a new + # column in project_settings called emails_enabled + class AddProjectsEmailsEnabledColumnData < BatchedMigrationJob + feature_category :database + operation_name :add_projects_emails_enabled_column_data + + # Targeted table + class ProjectSetting < ApplicationRecord + self.table_name = 'project_settings' + end + + def perform + each_sub_batch do |sub_batch| + plucked_list = sub_batch.where('NOT emails_disabled IS NULL').pluck(:id, :emails_disabled) + next if plucked_list.empty? + + ApplicationRecord.connection.execute <<~SQL + UPDATE project_settings + SET emails_enabled=NOT subquery.emails_enabled + FROM (SELECT * FROM (#{Arel::Nodes::ValuesList.new(plucked_list).to_sql}) AS updates(project_id, emails_enabled)) AS subquery + WHERE project_settings.project_id=subquery.project_id + SQL + end + end + end + end +end diff --git a/lib/gitlab/ci/config/external/file/base.rb b/lib/gitlab/ci/config/external/file/base.rb index c80344bef8a..84f34f2584b 100644 --- a/lib/gitlab/ci/config/external/file/base.rb +++ b/lib/gitlab/ci/config/external/file/base.rb @@ -46,14 +46,6 @@ module Gitlab expanded_content_hash end - # Will be removed with the FF ci_batch_request_for_local_and_project_includes - def validate! - validate_location! - validate_context! if valid? - fetch_and_validate_content! if valid? - load_and_validate_expanded_hash! if valid? - end - def metadata { context_project: context.project&.full_path, @@ -117,19 +109,6 @@ module Gitlab nil end - # Will be removed with the FF ci_batch_request_for_local_and_project_includes - def fetch_and_validate_content! - context.logger.instrument(:config_file_fetch_content) do - content # calling the method fetches then memoizes the result - end - - return if errors.any? - - context.logger.instrument(:config_file_validate_content) do - validate_content! - end - end - def validate_hash! if to_hash.blank? errors.push("Included file `#{masked_location}` does not have valid YAML syntax!") diff --git a/lib/gitlab/ci/config/external/file/local.rb b/lib/gitlab/ci/config/external/file/local.rb index 96f9cba419c..95206233b2e 100644 --- a/lib/gitlab/ci/config/external/file/local.rb +++ b/lib/gitlab/ci/config/external/file/local.rb @@ -10,12 +10,8 @@ module Gitlab include Gitlab::Utils::StrongMemoize def initialize(params, context) - @location = if ::Feature.enabled?(:ci_batch_request_for_local_and_project_includes, context.project) - # `Repository#blobs_at` does not support files with the `/` prefix. - Gitlab::Utils.remove_leading_slashes(params[:local]) - else - params[:local] - end + # `Repository#blobs_at` does not support files with the `/` prefix. + @location = Gitlab::Utils.remove_leading_slashes(params[:local]) super end @@ -51,10 +47,6 @@ module Gitlab private def fetch_local_content - if ::Feature.disabled?(:ci_batch_request_for_local_and_project_includes, context.project) - return legacy_fetch_local_content - end - BatchLoader.for([context.sha, location]) .batch(key: context.project) do |locations, loader, args| context.logger.instrument(:config_file_fetch_local_content) do @@ -67,17 +59,6 @@ module Gitlab end end - # Will be removed with the FF ci_batch_request_for_local_and_project_includes - def legacy_fetch_local_content - context.logger.instrument(:config_file_fetch_local_content) do - context.project.repository.blob_data_at(context.sha, location) - end - rescue GRPC::InvalidArgument - errors.push("Sha #{context.sha} is not valid!") - - nil - end - override :expand_context_attrs def expand_context_attrs { diff --git a/lib/gitlab/ci/config/external/file/project.rb b/lib/gitlab/ci/config/external/file/project.rb index a3d464232bd..248959a0df7 100644 --- a/lib/gitlab/ci/config/external/file/project.rb +++ b/lib/gitlab/ci/config/external/file/project.rb @@ -12,12 +12,8 @@ module Gitlab attr_reader :project_name, :ref_name def initialize(params, context) - @location = if ::Feature.enabled?(:ci_batch_request_for_local_and_project_includes, context.project) - # `Repository#blobs_at` does not support files with the `/` prefix. - Gitlab::Utils.remove_leading_slashes(params[:file]) - else - params[:file] - end + # `Repository#blobs_at` does not support files with the `/` prefix. + @location = Gitlab::Utils.remove_leading_slashes(params[:file]) @project_name = get_project_name(params[:project]) @ref_name = params[:ref] || 'HEAD' @@ -76,10 +72,6 @@ module Gitlab end def fetch_local_content - if ::Feature.disabled?(:ci_batch_request_for_local_and_project_includes, context.project) - return legacy_fetch_local_content - end - return unless can_access_local_content? return unless sha @@ -95,17 +87,6 @@ module Gitlab end end - def legacy_fetch_local_content - return unless can_access_local_content? - return unless sha - - context.logger.instrument(:config_file_fetch_project_content) do - project.repository.blob_data_at(sha, location) - end - rescue GRPC::NotFound, GRPC::Internal - nil - end - def sha return unless project diff --git a/lib/gitlab/ci/config/external/mapper/verifier.rb b/lib/gitlab/ci/config/external/mapper/verifier.rb index beb4dd1add7..6c161e95154 100644 --- a/lib/gitlab/ci/config/external/mapper/verifier.rb +++ b/lib/gitlab/ci/config/external/mapper/verifier.rb @@ -10,10 +10,6 @@ module Gitlab private def process_without_instrumentation(files) - if ::Feature.disabled?(:ci_batch_request_for_local_and_project_includes, context.project) - return legacy_process_without_instrumentation(files) - end - files.each do |file| verify_execution_time! @@ -36,18 +32,6 @@ module Gitlab end end - # Will be removed with the FF ci_batch_request_for_local_and_project_includes - def legacy_process_without_instrumentation(files) - files.select do |file| - verify_max_includes! - verify_execution_time! - - file.validate! - - context.expandset.add(file) - end - end - def verify_max_includes! return if context.expandset.count < context.max_includes diff --git a/lib/gitlab/omniauth_initializer.rb b/lib/gitlab/omniauth_initializer.rb index fb7ffa03d0e..a03533dcd9a 100644 --- a/lib/gitlab/omniauth_initializer.rb +++ b/lib/gitlab/omniauth_initializer.rb @@ -23,8 +23,6 @@ module Gitlab case provider_name when 'cas3' { on_single_sign_out: cas3_signout_handler } - when 'authentiq' - { remote_sign_out_handler: authentiq_signout_handler } when 'shibboleth' { fail_with_empty_uid: true } when 'google_oauth2' @@ -53,18 +51,6 @@ module Gitlab true end end - - def authentiq_signout_handler - lambda do |request| - authentiq_session = request.params['sid'] - if Gitlab::Auth::OAuth::Session.valid?(:authentiq, authentiq_session) - Gitlab::Auth::OAuth::Session.destroy(:authentiq, authentiq_session) - true - else - false - end - end - end end private diff --git a/lib/gitlab/regex.rb b/lib/gitlab/regex.rb index 93f663d7030..e76056709e9 100644 --- a/lib/gitlab/regex.rb +++ b/lib/gitlab/regex.rb @@ -461,16 +461,25 @@ module Gitlab ) }mx.freeze + MARKDOWN_HTML_COMMENT_LINE_REGEX = %r{ + (?<html_comment_line> + # HTML comment line: + # <!-- some commented text --> + + ^<!--\ .*\ -->\ *$ + ) + }mx.freeze + MARKDOWN_HTML_COMMENT_BLOCK_REGEX = %r{ - (?<html_block_comment> - # HTML block comment: - # <!-- some comment text - # more comment - # and more comment --> + (?<html_comment_block> + # HTML comment block: + # <!-- some commented text + # additional text + # --> - ^<!--.*?\ *\n + ^<!--.*\n .+? - \n.*?-->\ *$ + \n-->\ *$ ) }mx.freeze @@ -482,10 +491,12 @@ module Gitlab }mx.freeze end - def markdown_code_or_html_comment_blocks - @markdown_code_or_html_comment_blocks ||= %r{ + def markdown_code_or_html_comments + @markdown_code_or_html_comments ||= %r{ #{MARKDOWN_CODE_BLOCK_REGEX} | + #{MARKDOWN_HTML_COMMENT_LINE_REGEX} + | #{MARKDOWN_HTML_COMMENT_BLOCK_REGEX} }mx.freeze end diff --git a/lib/gitlab/routing.rb b/lib/gitlab/routing.rb index fd9fb8ab7e2..1684ecf6ff6 100644 --- a/lib/gitlab/routing.rb +++ b/lib/gitlab/routing.rb @@ -47,22 +47,6 @@ module Gitlab self._includers << klass end - def self.add_helpers(mod) - url_helpers.include mod - url_helpers.extend mod - - GitlabRoutingHelper.include mod - GitlabRoutingHelper.extend mod - - app_url_helpers = Gitlab::Application.routes.named_routes.url_helpers_module - app_url_helpers.include mod - app_url_helpers.extend mod - - _includers.each do |klass| - klass.include mod - end - end - # Returns the URL helpers Module. # # This method caches the output as Rails' "url_helpers" method creates an diff --git a/lib/tasks/gitlab/tw/codeowners.rake b/lib/tasks/gitlab/tw/codeowners.rake index ef47e73df5f..77f5eb87725 100644 --- a/lib/tasks/gitlab/tw/codeowners.rake +++ b/lib/tasks/gitlab/tw/codeowners.rake @@ -29,7 +29,7 @@ namespace :tw do CodeOwnerRule.new('Commerce Integrations', '@drcatherinepope'), CodeOwnerRule.new('Composition Analysis', '@rdickenson'), CodeOwnerRule.new('Configure', '@phillipwells'), - CodeOwnerRule.new('Container Registry', '@claytoncornell'), + CodeOwnerRule.new('Container Registry', '@dianalogan'), CodeOwnerRule.new('Contributor Experience', '@eread'), CodeOwnerRule.new('Conversion', '@kpaizee'), CodeOwnerRule.new('Database', '@aqualls'), @@ -53,13 +53,13 @@ namespace :tw do CodeOwnerRule.new('Monitor', '@msedlakjakubowski'), CodeOwnerRule.new('Observability', '@drcatherinepope'), CodeOwnerRule.new('Optimize', '@lciutacu'), - CodeOwnerRule.new('Package Registry', '@claytoncornell'), + CodeOwnerRule.new('Package Registry', '@dianalogan'), CodeOwnerRule.new('Pipeline Authoring', '@marcel.amirault'), CodeOwnerRule.new('Pipeline Execution', '@drcatherinepope'), CodeOwnerRule.new('Pipeline Insights', '@marcel.amirault'), CodeOwnerRule.new('Portfolio Management', '@msedlakjakubowski'), CodeOwnerRule.new('Product Analytics', '@lciutacu'), - CodeOwnerRule.new('Product Intelligence', '@claytoncornell'), + CodeOwnerRule.new('Product Intelligence', '@dianalogan'), CodeOwnerRule.new('Product Planning', '@msedlakjakubowski'), CodeOwnerRule.new('Project Management', '@msedlakjakubowski'), CodeOwnerRule.new('Provision', '@fneill'), @@ -70,15 +70,15 @@ namespace :tw do CodeOwnerRule.new('Runner', '@fneill'), CodeOwnerRule.new('Runner SaaS', '@fneill'), CodeOwnerRule.new('Pods', '@jglassman1'), - CodeOwnerRule.new('Security Policies', '@claytoncornell'), + CodeOwnerRule.new('Security Policies', '@dianalogan'), CodeOwnerRule.new('Source Code', '@aqualls'), CodeOwnerRule.new('Static Analysis', '@rdickenson'), CodeOwnerRule.new('Style Guide', '@sselhorn'), CodeOwnerRule.new('Testing', '@eread'), - CodeOwnerRule.new('Threat Insights', '@claytoncornell'), + CodeOwnerRule.new('Threat Insights', '@dianalogan'), CodeOwnerRule.new('Tutorials', '@kpaizee'), CodeOwnerRule.new('Utilization', '@fneill'), - CodeOwnerRule.new('Vulnerability Research', '@claytoncornell'), + CodeOwnerRule.new('Vulnerability Research', '@dianalogan'), CodeOwnerRule.new('Organization', '@lciutacu') ].freeze diff --git a/rubocop/cop/rspec/invalid_feature_category.rb b/rubocop/cop/rspec/invalid_feature_category.rb index de11c6c443a..9ef880d6aac 100644 --- a/rubocop/cop/rspec/invalid_feature_category.rb +++ b/rubocop/cop/rspec/invalid_feature_category.rb @@ -47,7 +47,7 @@ module RuboCop # @!method feature_category?(node) def_node_matcher :feature_category_value, <<~PATTERN (block - (send ... + (send #rspec? {#ExampleGroups.all #Examples.all} ... (hash <(pair (sym :feature_category) $_) ...>) ) ... diff --git a/spec/controllers/profiles/accounts_controller_spec.rb b/spec/controllers/profiles/accounts_controller_spec.rb index 1b4b67eeaff..ba349768b0f 100644 --- a/spec/controllers/profiles/accounts_controller_spec.rb +++ b/spec/controllers/profiles/accounts_controller_spec.rb @@ -31,7 +31,7 @@ RSpec.describe Profiles::AccountsController do end end - [:twitter, :facebook, :google_oauth2, :gitlab, :github, :bitbucket, :crowd, :auth0, :authentiq, :dingtalk, :alicloud].each do |provider| + [:twitter, :facebook, :google_oauth2, :gitlab, :github, :bitbucket, :crowd, :auth0, :dingtalk, :alicloud].each do |provider| describe "#{provider} provider" do let(:user) { create(:omniauth_user, provider: provider.to_s) } diff --git a/spec/features/oauth_login_spec.rb b/spec/features/oauth_login_spec.rb index 07d0fca0139..bd96d65f984 100644 --- a/spec/features/oauth_login_spec.rb +++ b/spec/features/oauth_login_spec.rb @@ -16,7 +16,7 @@ RSpec.describe 'OAuth Login', :allow_forgery_protection, feature_category: :syst end providers = [:github, :twitter, :bitbucket, :gitlab, :google_oauth2, - :facebook, :cas3, :auth0, :authentiq, :salesforce, :dingtalk, :alicloud] + :facebook, :cas3, :auth0, :salesforce, :dingtalk, :alicloud] around do |example| with_omniauth_full_host { example.run } diff --git a/spec/features/oauth_registration_spec.rb b/spec/features/oauth_registration_spec.rb index 6e1445a9ed6..3c1004e452f 100644 --- a/spec/features/oauth_registration_spec.rb +++ b/spec/features/oauth_registration_spec.rb @@ -23,7 +23,6 @@ RSpec.describe 'OAuth Registration', :js, :allow_forgery_protection, feature_cat :facebook | {} :cas3 | {} :auth0 | {} - :authentiq | {} :salesforce | { extra: { email_verified: true } } :dingtalk | {} :alicloud | {} diff --git a/spec/features/task_lists_spec.rb b/spec/features/task_lists_spec.rb index 95741d6cdf0..8a9d2ff42d9 100644 --- a/spec/features/task_lists_spec.rb +++ b/spec/features/task_lists_spec.rb @@ -306,6 +306,12 @@ RSpec.describe 'Task Lists', :js, feature_category: :team_planning do describe 'commented tasks' do let(:commented_tasks_markdown) do <<-EOT.strip_heredoc + <!-- comment text --> + + text + + <!-- - [ ] commented out task --> + <!-- - [ ] a --> diff --git a/spec/helpers/timeboxes_routing_helper_spec.rb b/spec/helpers/timeboxes_routing_helper_spec.rb deleted file mode 100644 index 952194b6704..00000000000 --- a/spec/helpers/timeboxes_routing_helper_spec.rb +++ /dev/null @@ -1,48 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' - -RSpec.describe TimeboxesRoutingHelper do - let(:project) { build_stubbed(:project) } - let(:group) { build_stubbed(:group) } - - describe '#milestone_path' do - context 'for a group milestone' do - let(:milestone) { build_stubbed(:milestone, group: group, iid: 1) } - - it 'links to the group milestone page' do - expect(milestone_path(milestone)) - .to eq(group_milestone_path(group, milestone)) - end - end - - context 'for a project milestone' do - let(:milestone) { build_stubbed(:milestone, project: project, iid: 1) } - - it 'links to the project milestone page' do - expect(milestone_path(milestone)) - .to eq(project_milestone_path(project, milestone)) - end - end - end - - describe '#milestone_url' do - context 'for a group milestone' do - let(:milestone) { build_stubbed(:milestone, group: group, iid: 1) } - - it 'links to the group milestone page' do - expect(milestone_url(milestone)) - .to eq(group_milestone_url(group, milestone)) - end - end - - context 'for a project milestone' do - let(:milestone) { build_stubbed(:milestone, project: project, iid: 1) } - - it 'links to the project milestone page' do - expect(milestone_url(milestone)) - .to eq(project_milestone_url(project, milestone)) - end - end - end -end diff --git a/spec/lib/gitlab/ci/config/external/context_spec.rb b/spec/lib/gitlab/ci/config/external/context_spec.rb index 40702e75404..45efb16434b 100644 --- a/spec/lib/gitlab/ci/config/external/context_spec.rb +++ b/spec/lib/gitlab/ci/config/external/context_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Gitlab::Ci::Config::External::Context do +RSpec.describe Gitlab::Ci::Config::External::Context, feature_category: :pipeline_authoring do let(:project) { build(:project) } let(:user) { double('User') } let(:sha) { '12345' } diff --git a/spec/lib/gitlab/ci/config/external/file/component_spec.rb b/spec/lib/gitlab/ci/config/external/file/component_spec.rb index 9863941c370..a162a1a8abf 100644 --- a/spec/lib/gitlab/ci/config/external/file/component_spec.rb +++ b/spec/lib/gitlab/ci/config/external/file/component_spec.rb @@ -60,7 +60,7 @@ RSpec.describe Gitlab::Ci::Config::External::File::Component, feature_category: describe '#valid?' do subject(:valid?) do - external_resource.validate! + Gitlab::Ci::Config::External::Mapper::Verifier.new(context).process([external_resource]) external_resource.valid? end diff --git a/spec/lib/gitlab/ci/config/external/file/local_spec.rb b/spec/lib/gitlab/ci/config/external/file/local_spec.rb index e1619bca405..b5895b4bc81 100644 --- a/spec/lib/gitlab/ci/config/external/file/local_spec.rb +++ b/spec/lib/gitlab/ci/config/external/file/local_spec.rb @@ -44,16 +44,6 @@ RSpec.describe Gitlab::Ci::Config::External::File::Local, feature_category: :pip it 'removes the slash' do expect(local_file.location).to eq('file') end - - context 'when the FF ci_batch_request_for_local_and_project_includes is disabled' do - before do - stub_feature_flags(ci_batch_request_for_local_and_project_includes: false) - end - - it 'does not remove the slash' do - expect(local_file.location).to eq('/file') - end - end end context 'when the local is prefixed with multiple slashes' do @@ -62,16 +52,6 @@ RSpec.describe Gitlab::Ci::Config::External::File::Local, feature_category: :pip it 'removes slashes' do expect(local_file.location).to eq('file') end - - context 'when the FF ci_batch_request_for_local_and_project_includes is disabled' do - before do - stub_feature_flags(ci_batch_request_for_local_and_project_includes: false) - end - - it 'does not remove slashes' do - expect(local_file.location).to eq('//file') - end - end end end @@ -160,17 +140,6 @@ RSpec.describe Gitlab::Ci::Config::External::File::Local, feature_category: :pip expect(valid?).to be_falsy expect(local_file.errors).to include("Local file `lib/gitlab/ci/templates/existent-file.yml` does not exist!") end - - context 'when the FF ci_batch_request_for_local_and_project_includes is disabled' do - before do - stub_feature_flags(ci_batch_request_for_local_and_project_includes: false) - end - - it 'returns false and adds an error message stating that sha does not exist' do - expect(valid?).to be_falsy - expect(local_file.errors).to include("Sha #{sha} is not valid!") - end - end end end diff --git a/spec/lib/gitlab/ci/config/external/mapper/verifier_spec.rb b/spec/lib/gitlab/ci/config/external/mapper/verifier_spec.rb index 4303f279cac..7bdd519cb74 100644 --- a/spec/lib/gitlab/ci/config/external/mapper/verifier_spec.rb +++ b/spec/lib/gitlab/ci/config/external/mapper/verifier_spec.rb @@ -81,17 +81,6 @@ RSpec.describe Gitlab::Ci::Config::External::Mapper::Verifier, feature_category: # 1 for project.commit.id, 1 for the files expect { process }.to change { Gitlab::GitalyClient.get_request_count }.by(2) end - - context 'when the FF ci_batch_request_for_local_and_project_includes is disabled' do - before do - stub_feature_flags(ci_batch_request_for_local_and_project_includes: false) - end - - it 'calls Gitaly for each file', :request_store do - # 1 for project.commit.id, 3 for the files - expect { process }.to change { Gitlab::GitalyClient.get_request_count }.by(4) - end - end end context 'when files are project files' do @@ -131,17 +120,6 @@ RSpec.describe Gitlab::Ci::Config::External::Mapper::Verifier, feature_category: # 1 for project.commit.id, 3 for the sha check, 1 for the files expect { process }.to change { Gitlab::GitalyClient.get_request_count }.by(5) end - - context 'when the FF ci_batch_request_for_local_and_project_includes is disabled' do - before do - stub_feature_flags(ci_batch_request_for_local_and_project_includes: false) - end - - it 'calls Gitaly for each file', :request_store do - # 1 for project.commit.id, 3 for the sha check, 3 for the files - expect { process }.to change { Gitlab::GitalyClient.get_request_count }.by(7) - end - end end context 'when a file includes other files' do diff --git a/spec/lib/gitlab/ci/config/external/mapper_spec.rb b/spec/lib/gitlab/ci/config/external/mapper_spec.rb index a053c3047de..dc14bf18b98 100644 --- a/spec/lib/gitlab/ci/config/external/mapper_spec.rb +++ b/spec/lib/gitlab/ci/config/external/mapper_spec.rb @@ -2,9 +2,7 @@ require 'spec_helper' -# This will be moved from a `shared_context` to a `describe` once every feature flag is removed. -# - ci_batch_request_for_local_and_project_includes_enabled is also removed with the FF. -RSpec.shared_context 'gitlab_ci_config_external_mapper' do |ci_batch_request_for_local_and_project_includes_enabled| +RSpec.describe Gitlab::Ci::Config::External::Mapper, feature_category: :pipeline_authoring do include StubRequests include RepoHelpers @@ -168,11 +166,7 @@ RSpec.shared_context 'gitlab_ci_config_external_mapper' do |ci_batch_request_for an_instance_of(Gitlab::Ci::Config::External::File::Project)) end - if ci_batch_request_for_local_and_project_includes_enabled - it_behaves_like 'logging config file fetch', 'config_file_fetch_project_content_duration_s', 1 - else - it_behaves_like 'logging config file fetch', 'config_file_fetch_project_content_duration_s', 2 - end + it_behaves_like 'logging config file fetch', 'config_file_fetch_project_content_duration_s', 1 end end @@ -468,15 +462,3 @@ RSpec.shared_context 'gitlab_ci_config_external_mapper' do |ci_batch_request_for end end end - -RSpec.describe Gitlab::Ci::Config::External::Mapper, feature_category: :pipeline_authoring do - it_behaves_like 'gitlab_ci_config_external_mapper', true - - context 'when the FF ci_batch_request_for_local_and_project_includes is disabled' do - before do - stub_feature_flags(ci_batch_request_for_local_and_project_includes: false) - end - - it_behaves_like 'gitlab_ci_config_external_mapper', false - end -end diff --git a/spec/lib/gitlab/ci/config/external/rules_spec.rb b/spec/lib/gitlab/ci/config/external/rules_spec.rb index e2bb55f3854..227b62d8ce8 100644 --- a/spec/lib/gitlab/ci/config/external/rules_spec.rb +++ b/spec/lib/gitlab/ci/config/external/rules_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Gitlab::Ci::Config::External::Rules do +RSpec.describe Gitlab::Ci::Config::External::Rules, feature_category: :pipeline_authoring do let(:rule_hashes) {} subject(:rules) { described_class.new(rule_hashes) } diff --git a/spec/lib/gitlab/omniauth_initializer_spec.rb b/spec/lib/gitlab/omniauth_initializer_spec.rb index a94191f310c..daef280dbaa 100644 --- a/spec/lib/gitlab/omniauth_initializer_spec.rb +++ b/spec/lib/gitlab/omniauth_initializer_spec.rb @@ -216,14 +216,6 @@ RSpec.describe Gitlab::OmniauthInitializer do expect { subject.execute([hash_config]) }.to raise_error(NameError) end - it 'configures remote_sign_out_handler proc for authentiq' do - authentiq_config = { 'name' => 'authentiq', 'args' => {} } - - expect(devise_config).to receive(:omniauth).with(:authentiq, { remote_sign_out_handler: an_instance_of(Proc) }) - - subject.execute([authentiq_config]) - end - it 'configures on_single_sign_out proc for cas3' do cas3_config = { 'name' => 'cas3', 'args' => {} } diff --git a/spec/lib/gitlab/regex_spec.rb b/spec/lib/gitlab/regex_spec.rb index 406de3403f3..caca33704dd 100644 --- a/spec/lib/gitlab/regex_spec.rb +++ b/spec/lib/gitlab/regex_spec.rb @@ -1139,6 +1139,26 @@ RSpec.describe Gitlab::Regex, feature_category: :tooling do it { expect(subject.match(markdown)[:html]).to eq expected } end + context 'HTML comment lines' do + subject { described_class::MARKDOWN_HTML_COMMENT_LINE_REGEX } + + let(:expected) { %(<!-- an HTML comment -->) } + let(:markdown) do + <<~MARKDOWN + Regular text + + <!-- an HTML comment --> + + more text + MARKDOWN + end + + it { is_expected.to match(%(<!-- single line comment -->)) } + it { is_expected.not_to match(%(<!--\nblock comment\n-->)) } + it { is_expected.not_to match(%(must start in first column <!-- comment -->)) } + it { expect(subject.match(markdown)[:html_comment_line]).to eq expected } + end + context 'HTML comment blocks' do subject { described_class::MARKDOWN_HTML_COMMENT_BLOCK_REGEX } @@ -1155,7 +1175,7 @@ RSpec.describe Gitlab::Regex, feature_category: :tooling do it { is_expected.to match(%(<!--\ncomment\n-->)) } it { is_expected.not_to match(%(must start in first column <!--\ncomment\n-->)) } - it { expect(subject.match(markdown)[:html_block_comment]).to eq expected } + it { expect(subject.match(markdown)[:html_comment_block]).to eq expected } end end end diff --git a/spec/migrations/add_namespaces_emails_enabled_column_data_spec.rb b/spec/migrations/add_namespaces_emails_enabled_column_data_spec.rb new file mode 100644 index 00000000000..6cab3ca3d8f --- /dev/null +++ b/spec/migrations/add_namespaces_emails_enabled_column_data_spec.rb @@ -0,0 +1,69 @@ +# frozen_string_literal: true + +require 'spec_helper' +require 'rake_helper' +require_migration! + +RSpec.describe AddNamespacesEmailsEnabledColumnData, :migration, feature_category: :database do + before :all do + Rake.application.rake_require 'active_record/railties/databases' + Rake.application.rake_require 'tasks/gitlab/db' + + # empty task as env is already loaded + Rake::Task.define_task :environment + end + + let(:migration) { described_class::MIGRATION } + let(:projects) { table(:projects) } + let(:namespace_settings_table) { table(:namespace_settings) } + let(:namespaces) { table(:namespaces) } + + before do + stub_const("#{described_class.name}::SUB_BATCH_SIZE", 2) + end + + it 'schedules background migrations', :aggregate_failures do + migrate! + + expect(migration).to have_scheduled_batched_migration( + table_name: :namespaces, + column_name: :id, + interval: described_class::DELAY_INTERVAL + ) + end + + describe '#down' do + it 'deletes all batched migration records' do + migrate! + schema_migrate_down! + + expect(migration).not_to have_scheduled_batched_migration + end + end + + it 'sets emails_enabled to be the opposite of emails_disabled' do + disabled_records_to_migrate = 6 + enabled_records_to_migrate = 4 + + disabled_records_to_migrate.times do |i| + namespace = namespaces.create!(name: 'namespace', + path: "namespace#{i}", + emails_disabled: true) + namespace_settings_table.create!(namespace_id: namespace.id) + end + + enabled_records_to_migrate.times do |i| + namespace = namespaces.create!(name: 'namespace', + path: "namespace#{i}", + emails_disabled: false) + namespace_settings_table.create!(namespace_id: namespace.id) + end + + migrate! + run_rake_task('gitlab:db:execute_batched_migrations') + # rubocop: disable CodeReuse/ActiveRecord + expect(namespace_settings_table.where(emails_enabled: true).count).to eq(enabled_records_to_migrate) + expect(namespace_settings_table.where(emails_enabled: false).count).to eq(disabled_records_to_migrate) + # rubocop: enable CodeReuse/ActiveRecord + end +end diff --git a/spec/migrations/add_projects_emails_enabled_column_data_spec.rb b/spec/migrations/add_projects_emails_enabled_column_data_spec.rb new file mode 100644 index 00000000000..1d021ecd439 --- /dev/null +++ b/spec/migrations/add_projects_emails_enabled_column_data_spec.rb @@ -0,0 +1,75 @@ +# frozen_string_literal: true + +require 'spec_helper' +require 'rake_helper' +require_migration! + +RSpec.describe AddProjectsEmailsEnabledColumnData, :migration, feature_category: :database do + before :all do + Rake.application.rake_require 'active_record/railties/databases' + Rake.application.rake_require 'tasks/gitlab/db' + + # empty task as env is already loaded + Rake::Task.define_task :environment + end + + let(:migration) { described_class::MIGRATION } + let(:project_settings) { table(:project_settings) } + let(:projects) { table(:projects) } + let(:namespaces) { table(:namespaces) } + + before do + stub_const("#{described_class.name}::SUB_BATCH_SIZE", 2) + end + + it 'schedules background migrations', :aggregate_failures do + migrate! + + expect(migration).to have_scheduled_batched_migration( + table_name: :projects, + column_name: :id, + interval: described_class::DELAY_INTERVAL + ) + end + + describe '#down' do + it 'deletes all batched migration records' do + migrate! + schema_migrate_down! + + expect(migration).not_to have_scheduled_batched_migration + end + end + + it 'sets emails_enabled to be the opposite of emails_disabled' do + disabled_records_to_migrate = 4 + enabled_records_to_migrate = 2 + + disabled_records_to_migrate.times do |i| + namespace = namespaces.create!(name: 'namespace', path: "namespace#{i}") + project = projects.create!(name: "Project Disabled #{i}", + path: "projectDisabled#{i}", + namespace_id: namespace.id, + project_namespace_id: namespace.id, + emails_disabled: true) + project_settings.create!(project_id: project.id) + end + + enabled_records_to_migrate.times do |i| + namespace = namespaces.create!(name: 'namespace', path: "namespace#{i}") + project = projects.create!(name: "Project Enabled #{i}", + path: "projectEnabled#{i}", + namespace_id: namespace.id, + project_namespace_id: namespace.id, + emails_disabled: false) + project_settings.create!(project_id: project.id) + end + + migrate! + run_rake_task('gitlab:db:execute_batched_migrations') + # rubocop: disable CodeReuse/ActiveRecord + expect(project_settings.where(emails_enabled: true).count).to eq(enabled_records_to_migrate) + expect(project_settings.where(emails_enabled: false).count).to eq(disabled_records_to_migrate) + # rubocop: enable CodeReuse/ActiveRecord + end +end diff --git a/spec/models/namespace_setting_spec.rb b/spec/models/namespace_setting_spec.rb index 15b80749aa2..b7cc59b5af3 100644 --- a/spec/models/namespace_setting_spec.rb +++ b/spec/models/namespace_setting_spec.rb @@ -159,6 +159,36 @@ RSpec.describe NamespaceSetting, feature_category: :subgroups, type: :model do end end + describe '#emails_enabled?' do + context 'when a group has no parent' + let(:settings) { create(:namespace_settings, emails_enabled: true) } + let(:grandparent) { create(:group) } + let(:parent) { create(:group, parent: grandparent) } + let(:group) { create(:group, parent: parent, namespace_settings: settings) } + + context 'when the groups setting is changed' do + it 'returns false when the attribute is false' do + group.update_attribute(:emails_disabled, true) + + expect(group.emails_enabled?).to be_falsey + end + end + + context 'when a group has a parent' do + it 'returns true when no parent has disabled emails' do + expect(group.emails_enabled?).to be_truthy + end + + context 'when ancestor emails are disabled' do + it 'returns false' do + grandparent.update_attribute(:emails_disabled, true) + + expect(group.emails_enabled?).to be_falsey + end + end + end + end + context 'when a group has parent groups' do let(:grandparent) { create(:group, namespace_settings: settings) } let(:parent) { create(:group, parent: grandparent) } diff --git a/spec/models/namespace_spec.rb b/spec/models/namespace_spec.rb index b8cb9003265..a0698ac30f5 100644 --- a/spec/models/namespace_spec.rb +++ b/spec/models/namespace_spec.rb @@ -2087,10 +2087,21 @@ RSpec.describe Namespace, feature_category: :subgroups do end describe '#emails_enabled?' do - it "is the opposite of emails_disabled" do - group = create(:group, emails_disabled: false) + context 'without a persisted namespace_setting object' do + let(:group) { build(:group, emails_disabled: false) } - expect(group.emails_enabled?).to be_truthy + it "is the opposite of emails_disabled" do + expect(group.emails_enabled?).to be_truthy + end + end + + context 'with a persisted namespace_setting object' do + let(:namespace_settings) { create(:namespace_settings, emails_enabled: true) } + let(:group) { build(:group, emails_disabled: false, namespace_settings: namespace_settings) } + + it "is the opposite of emails_disabled" do + expect(group.emails_enabled?).to be_truthy + end end end diff --git a/spec/models/project_setting_spec.rb b/spec/models/project_setting_spec.rb index 94a2e2fe3f9..feb5985818b 100644 --- a/spec/models/project_setting_spec.rb +++ b/spec/models/project_setting_spec.rb @@ -96,6 +96,56 @@ RSpec.describe ProjectSetting, type: :model do end end + describe '#emails_enabled?' do + context "when a project does not have a parent group" do + let(:project_settings) { create(:project_setting, emails_enabled: true) } + let(:project) { create(:project, project_setting: project_settings) } + + it "returns true" do + expect(project.emails_enabled?).to be_truthy + end + + it "returns false when updating project settings" do + project.update_attribute(:emails_disabled, false) + expect(project.emails_enabled?).to be_truthy + end + end + + context "when a project has a parent group" do + let(:namespace_settings) { create(:namespace_settings, emails_enabled: true) } + let(:project_settings) { create(:project_setting, emails_enabled: true) } + let(:group) { create(:group, namespace_settings: namespace_settings) } + let(:project) do + create(:project, namespace_id: group.id, + project_setting: project_settings) + end + + context 'when emails have been disabled in parent group' do + it 'returns false' do + group.update_attribute(:emails_disabled, true) + + expect(project.emails_enabled?).to be_falsey + end + end + + context 'when emails are enabled in parent group' do + before do + allow(project.namespace).to receive(:emails_enabled?).and_return(true) + end + + it 'returns true' do + expect(project.emails_enabled?).to be_truthy + end + + it 'returns false when disabled at the project' do + project.update_attribute(:emails_disabled, true) + + expect(project.emails_enabled?).to be_falsey + end + end + end + end + context 'when a parent group has a parent group' do let(:namespace_settings) { create(:namespace_settings, show_diff_preview_in_email: false) } let(:project_settings) { create(:project_setting, show_diff_preview_in_email: true) } diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb index a41ede277d6..c0af71a7e27 100644 --- a/spec/models/project_spec.rb +++ b/spec/models/project_spec.rb @@ -3946,10 +3946,21 @@ RSpec.describe Project, factory_default: :keep, feature_category: :projects do end describe '#emails_enabled?' do - let(:project) { build(:project, emails_disabled: false) } + context 'without a persisted project_setting object' do + let(:project) { build(:project, emails_disabled: false) } - it "is the opposite of emails_disabled" do - expect(project.emails_enabled?).to be_truthy + it "is the opposite of emails_disabled" do + expect(project.emails_enabled?).to be_truthy + end + end + + context 'with a persisted project_setting object' do + let(:project_settings) { create(:project_setting, emails_enabled: true) } + let(:project) { build(:project, emails_disabled: false, project_setting: project_settings) } + + it "is the opposite of emails_disabled" do + expect(project.emails_enabled?).to be_truthy + end end end diff --git a/spec/requests/api/project_attributes.yml b/spec/requests/api/project_attributes.yml index 66cca8fbe56..7f38b4eec83 100644 --- a/spec/requests/api/project_attributes.yml +++ b/spec/requests/api/project_attributes.yml @@ -161,6 +161,7 @@ project_setting: - jitsu_key - mirror_branch_regex - allow_pipeline_trigger_approve_deployment + - emails_enabled build_service_desk_setting: # service_desk_setting unexposed_attributes: diff --git a/spec/routing/directs/milestone_spec.rb b/spec/routing/directs/milestone_spec.rb new file mode 100644 index 00000000000..26a5bd4902b --- /dev/null +++ b/spec/routing/directs/milestone_spec.rb @@ -0,0 +1,27 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe 'Custom URLs', 'milestone', feature_category: :team_planning do + describe 'milestone' do + context 'with project' do + let(:project) { milestone.project } + let(:milestone) { build_stubbed(:milestone, :on_project) } + + it 'creates directs' do + expect(milestone_path(milestone)).to eq(project_milestone_path(project, milestone)) + expect(milestone_url(milestone)).to eq(project_milestone_url(project, milestone)) + end + end + + context 'with group' do + let(:group) { milestone.group } + let(:milestone) { build_stubbed(:milestone, :on_group) } + + it 'creates directs' do + expect(milestone_path(milestone)).to eq(group_milestone_path(group, milestone)) + expect(milestone_url(milestone)).to eq(group_milestone_url(group, milestone)) + end + end + end +end diff --git a/spec/rubocop/cop/rspec/invalid_feature_category_spec.rb b/spec/rubocop/cop/rspec/invalid_feature_category_spec.rb index d7b52ebbc39..0d2fd029a13 100644 --- a/spec/rubocop/cop/rspec/invalid_feature_category_spec.rb +++ b/spec/rubocop/cop/rspec/invalid_feature_category_spec.rb @@ -90,6 +90,28 @@ RSpec.describe RuboCop::Cop::RSpec::InvalidFeatureCategory, feature_category: :t RUBY end + it 'does not flag use of invalid categories in non-example code' do + # See https://gitlab.com/gitlab-org/gitlab/-/issues/381882#note_1265865125 + expect_no_offenses(<<~RUBY) + RSpec.describe 'A spec' do + let(:api_handler) do + Class.new(described_class) do + namespace '/test' do + get 'hello', feature_category: :foo, urgency: :#{invalid_category} do + end + end + end + end + + it 'tests something' do + Gitlab::ApplicationContext.with_context(feature_category: :#{invalid_category}) do + payload = generator.generate(exception, extra) + end + end + end + RUBY + end + describe '#external_dependency_checksum' do it 'returns a SHA256 digest used by RuboCop to invalid cache' do expect(cop.external_dependency_checksum).to match(/^\h{64}$/) |
