diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-25 15:07:47 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-25 15:07:47 +0000 |
commit | 6f2065c468b05658125b746169c56764a8ccddb1 (patch) | |
tree | 544a488ae2e65e2fcfe4acce4e56623b85bbce5e | |
parent | e6baeabaa9651d90b03bb64ffce75a2c3cb89aab (diff) | |
download | gitlab-ce-6f2065c468b05658125b746169c56764a8ccddb1.tar.gz |
Add latest changes from gitlab-org/gitlab@master
48 files changed, 447 insertions, 86 deletions
diff --git a/app/graphql/resolvers/merge_requests_resolver.rb b/app/graphql/resolvers/merge_requests_resolver.rb index 1740d614b69..406a1fac05c 100644 --- a/app/graphql/resolvers/merge_requests_resolver.rb +++ b/app/graphql/resolvers/merge_requests_resolver.rb @@ -15,7 +15,8 @@ module Resolvers alias_method :project, :object def resolve(**args) - return unless project.present? + project = object.respond_to?(:sync) ? object.sync : object + return MergeRequest.none if project.nil? args[:iids] ||= [args[:iid]].compact diff --git a/app/helpers/notifications_helper.rb b/app/helpers/notifications_helper.rb index 9a64fe98f86..8fd277564df 100644 --- a/app/helpers/notifications_helper.rb +++ b/app/helpers/notifications_helper.rb @@ -120,4 +120,8 @@ module NotificationsHelper def can_read_project?(project) can?(current_user, :read_project, project) end + + def notification_event_disabled?(event) + event == :fixed_pipeline && Feature.disabled?(:ci_pipeline_fixed_notifications) + end end diff --git a/app/presenters/project_presenter.rb b/app/presenters/project_presenter.rb index 3af6be26843..a663bc555f6 100644 --- a/app/presenters/project_presenter.rb +++ b/app/presenters/project_presenter.rb @@ -25,6 +25,7 @@ class ProjectPresenter < Gitlab::View::Presenter::Delegated branches_anchor_data, tags_anchor_data, files_anchor_data, + storage_anchor_data, releases_anchor_data ].compact.select(&:is_link) end @@ -154,6 +155,17 @@ class ProjectPresenter < Gitlab::View::Presenter::Delegated empty_repo? ? nil : project_tree_path(project)) end + def storage_anchor_data + AnchorData.new(true, + statistic_icon('disk') + + _('%{strong_start}%{human_size}%{strong_end} Storage').html_safe % { + human_size: storage_counter(statistics.storage_size), + strong_start: '<strong class="project-stat-value">'.html_safe, + strong_end: '</strong>'.html_safe + }, + empty_repo? ? nil : project_tree_path(project)) + end + def releases_anchor_data return unless can?(current_user, :read_release, project) diff --git a/app/services/metrics/dashboard/gitlab_alert_embed_service.rb b/app/services/metrics/dashboard/gitlab_alert_embed_service.rb new file mode 100644 index 00000000000..5515b84f112 --- /dev/null +++ b/app/services/metrics/dashboard/gitlab_alert_embed_service.rb @@ -0,0 +1,72 @@ +# frozen_string_literal: true + +# Responsible for returning an embed containing the specified +# metrics chart for an alert. Creates panels based on the +# matching metric stored in the database. +# +# Use Gitlab::Metrics::Dashboard::Finder to retrieve dashboards. +module Metrics + module Dashboard + class GitlabAlertEmbedService < ::Metrics::Dashboard::BaseEmbedService + include Gitlab::Utils::StrongMemoize + + SEQUENCE = [STAGES::EndpointInserter].freeze + + class << self + # Determines whether the provided params are sufficient + # to uniquely identify a panel composed of user-defined + # custom metrics from the DB. + def valid_params?(params) + [ + embedded?(params[:embedded]), + params[:prometheus_alert_id].is_a?(Integer) + ].all? + end + end + + def raw_dashboard + panels_not_found!(alert_id: alert_id) unless alert && prometheus_metric + + { 'panel_groups' => [{ 'panels' => [panel] }] } + end + + private + + def allowed? + Ability.allowed?(current_user, :read_prometheus_alerts, project) + end + + def alert_id + params[:prometheus_alert_id] + end + + def alert + strong_memoize(:alert) do + Projects::Prometheus::AlertsFinder.new(id: alert_id).execute.first + end + end + + def process_params + params.merge(environment: alert.environment) + end + + def prometheus_metric + strong_memoize(:prometheus_metric) do + PrometheusMetricsFinder.new(id: alert.prometheus_metric_id).execute.first + end + end + + def panel + { + title: prometheus_metric.title, + y_label: prometheus_metric.y_label, + metrics: [prometheus_metric.to_metric_hash] + } + end + + def sequence + SEQUENCE + end + end + end +end diff --git a/app/views/shared/notifications/_custom_notifications.html.haml b/app/views/shared/notifications/_custom_notifications.html.haml index 58d02602423..0142deb47f8 100644 --- a/app/views/shared/notifications/_custom_notifications.html.haml +++ b/app/views/shared/notifications/_custom_notifications.html.haml @@ -23,7 +23,7 @@ #{ paragraph.html_safe } .col-lg-8 - notification_setting.email_events.each_with_index do |event, index| - - next if event == :fixed_pipeline && Feature.disabled?(:ci_pipeline_fixed_notifications) + - next if notification_event_disabled?(event) - field_id = "#{notifications_menu_identifier("modal", notification_setting)}_notification_setting[#{event}]" .form-group .form-check{ class: ("prepend-top-0" if index == 0) } diff --git a/app/workers/all_queues.yml b/app/workers/all_queues.yml index c101759ff9b..72a5a2b653e 100644 --- a/app/workers/all_queues.yml +++ b/app/workers/all_queues.yml @@ -1224,7 +1224,7 @@ - :name: project_export :feature_category: :importers :has_external_dependencies: - :urgency: :low + :urgency: :throttled :resource_boundary: :memory :weight: 1 :idempotent: diff --git a/app/workers/project_export_worker.rb b/app/workers/project_export_worker.rb index aaaf70f09b5..a287c511a65 100644 --- a/app/workers/project_export_worker.rb +++ b/app/workers/project_export_worker.rb @@ -7,6 +7,7 @@ class ProjectExportWorker # rubocop:disable Scalability/IdempotentWorker feature_category :importers worker_resource_boundary :memory + urgency :throttled def perform(current_user_id, project_id, after_export_strategy = {}, params = {}) current_user = User.find(current_user_id) diff --git a/changelogs/unreleased/208431-follow-up-from-add-mutation-concern-to-resolve-a-single-issuable.yml b/changelogs/unreleased/208431-follow-up-from-add-mutation-concern-to-resolve-a-single-issuable.yml new file mode 100644 index 00000000000..2e27b990f78 --- /dev/null +++ b/changelogs/unreleased/208431-follow-up-from-add-mutation-concern-to-resolve-a-single-issuable.yml @@ -0,0 +1,5 @@ +--- +title: Amend GraphQL merge requests resolver to check for project presence +merge_request: 27783 +author: +type: fixed diff --git a/changelogs/unreleased/211445-follow-up-from-introduce-a-feature-flag-for-fixed-pipeline-notific.yml b/changelogs/unreleased/211445-follow-up-from-introduce-a-feature-flag-for-fixed-pipeline-notific.yml new file mode 100644 index 00000000000..680bf56c797 --- /dev/null +++ b/changelogs/unreleased/211445-follow-up-from-introduce-a-feature-flag-for-fixed-pipeline-notific.yml @@ -0,0 +1,5 @@ +--- +title: Add an helper to check if a notification_event is enabled +merge_request: 27880 +author: Jacopo Beschi @jacopo-beschi +type: changed diff --git a/changelogs/unreleased/feat-show-storage.yml b/changelogs/unreleased/feat-show-storage.yml new file mode 100644 index 00000000000..977d77a7d8d --- /dev/null +++ b/changelogs/unreleased/feat-show-storage.yml @@ -0,0 +1,5 @@ +--- +title: Show storage size on project page +merge_request: 27724 +author: Roger Meier +type: added diff --git a/changelogs/unreleased/project_export_urgency_throttled.yml b/changelogs/unreleased/project_export_urgency_throttled.yml new file mode 100644 index 00000000000..3c764991c60 --- /dev/null +++ b/changelogs/unreleased/project_export_urgency_throttled.yml @@ -0,0 +1,5 @@ +--- +title: Change project_export_worker urgency to throttled +merge_request: 27941 +author: +type: other diff --git a/changelogs/unreleased/rp-add-missing-docstring.yml b/changelogs/unreleased/rp-add-missing-docstring.yml new file mode 100644 index 00000000000..f28c5991410 --- /dev/null +++ b/changelogs/unreleased/rp-add-missing-docstring.yml @@ -0,0 +1,5 @@ +--- +title: Add missing docstring to Prometheus metric +merge_request: 27868 +author: +type: fixed diff --git a/doc/administration/auth/how_to_configure_ldap_gitlab_ce/index.md b/doc/administration/auth/how_to_configure_ldap_gitlab_ce/index.md index acb39ae0f78..49bf786061e 100644 --- a/doc/administration/auth/how_to_configure_ldap_gitlab_ce/index.md +++ b/doc/administration/auth/how_to_configure_ldap_gitlab_ce/index.md @@ -21,7 +21,7 @@ There are many commercial and open source [directory servers](https://en.wikiped For example, [Active Directory](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831484(v=ws.11)) is generally favored in a primarily Windows environment, as this allows quick integration with existing services. Other popular directory services include: - [Oracle Internet Directory](https://www.oracle.com/middleware/technologies/internet-directory.html) -- [OpenLDAP](http://www.openldap.org/) +- [OpenLDAP](https://www.openldap.org/) - [389 Directory](http://directory.fedoraproject.org/) - [OpenDJ (Renamed to Forgerock Directory Services)](https://www.forgerock.com/platform/directory-services) - [ApacheDS](https://directory.apache.org/) diff --git a/doc/administration/auth/oidc.md b/doc/administration/auth/oidc.md index 728be699772..76e83c8e0ad 100644 --- a/doc/administration/auth/oidc.md +++ b/doc/administration/auth/oidc.md @@ -128,7 +128,7 @@ different providers with Omnibus GitLab. ### Google See the [Google -documentation](https://developers.google.com/identity/protocols/OpenIDConnect) +documentation](https://developers.google.com/identity/protocols/oauth2/openid-connect) for more details: ```ruby diff --git a/doc/administration/geo/replication/security_review.md b/doc/administration/geo/replication/security_review.md index 3da71cab48d..18fe1ad22cd 100644 --- a/doc/administration/geo/replication/security_review.md +++ b/doc/administration/geo/replication/security_review.md @@ -3,7 +3,7 @@ The following security review of the Geo feature set focuses on security aspects of the feature as they apply to customers running their own GitLab instances. The review questions are based in part on the [OWASP Application Security Verification Standard Project](https://owasp.org/www-project-application-security-verification-standard/) -from [owasp.org](https://www.owasp.org/). +from [owasp.org](https://owasp.org/). ## Business Model diff --git a/doc/administration/gitaly/index.md b/doc/administration/gitaly/index.md index 24ad2b502c2..20b9f2104de 100644 --- a/doc/administration/gitaly/index.md +++ b/doc/administration/gitaly/index.md @@ -731,7 +731,7 @@ use a Ruby gem (library) called the form of a C library. Over time it has become clear to use that Rugged, and particularly -Rugged in combination with the [Unicorn](https://bogomips.org/unicorn/) +Rugged in combination with the [Unicorn](https://yhbt.net/unicorn/) web server, is extremely efficient. Because libgit2 is a *library* and not an external process, there was very little overhead between GitLab application code that tried to look up data in Git repositories, and the diff --git a/doc/administration/high_availability/pgbouncer.md b/doc/administration/high_availability/pgbouncer.md index c820a01da8a..1195c736079 100644 --- a/doc/administration/high_availability/pgbouncer.md +++ b/doc/administration/high_availability/pgbouncer.md @@ -4,7 +4,7 @@ type: reference # Working with the bundled PgBouncer service **(PREMIUM ONLY)** -As part of its High Availability stack, GitLab Premium includes a bundled version of [PgBouncer](https://pgbouncer.github.io/) that can be managed through `/etc/gitlab/gitlab.rb`. PgBouncer is used to seamlessly migrate database connections between servers in a failover scenario. Additionally, it can be used in a non-HA setup to pool connections, speeding up response time while reducing resource usage. +As part of its High Availability stack, GitLab Premium includes a bundled version of [PgBouncer](http://www.pgbouncer.org/) that can be managed through `/etc/gitlab/gitlab.rb`. PgBouncer is used to seamlessly migrate database connections between servers in a failover scenario. Additionally, it can be used in a non-HA setup to pool connections, speeding up response time while reducing resource usage. In a HA setup, it's recommended to run a PgBouncer node separately for each database node with an internal load balancer (TCP) serving each accordingly. diff --git a/doc/administration/instance_limits.md b/doc/administration/instance_limits.md index 56a407490be..a47a14bff3c 100644 --- a/doc/administration/instance_limits.md +++ b/doc/administration/instance_limits.md @@ -168,3 +168,26 @@ NOTE: **Note:** Set the limit to `0` to disable it. ## Wiki limits - [Length restrictions for file and directory names](../user/project/wiki/index.md#length-restrictions-for-file-and-directory-names). + +## Push Event Limits + +### Webhooks and Project Services + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/31009) in GitLab 12.4. + +Total number of changes (branches or tags) in a single push. If changes are more +than the specified limit, hooks won't be executed. + +More information can be found in these docs: + +- [Webhooks push events](../user/project/integrations/webhooks.md#push-events) +- [Project services push hooks limit](../user/project/integrations/project_services.md#push-hooks-limit) + +### Activities + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/31007) in GitLab 12.4. + +Total number of changes (branches or tags) in a single push to determine whether +individual push events or bulk push event will be created. + +More information can be found in the [Push event activities limit and bulk push events documentation](../user/admin_area/settings/push_event_activities_limit.md). diff --git a/doc/administration/integration/plantuml.md b/doc/administration/integration/plantuml.md index 009a1a247c0..4af787fd19f 100644 --- a/doc/administration/integration/plantuml.md +++ b/doc/administration/integration/plantuml.md @@ -2,7 +2,7 @@ > [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/8537) in GitLab 8.16. -When [PlantUML](http://plantuml.com) integration is enabled and configured in +When [PlantUML](https://plantuml.com) integration is enabled and configured in GitLab we are able to create simple diagrams in AsciiDoc and Markdown documents created in snippets, wikis, and repos. @@ -161,10 +161,10 @@ Alice -> Bob : hi ``` Inside the block you can add any of the supported diagrams by PlantUML such as -[Sequence](http://plantuml.com/sequence-diagram), [Use Case](http://plantuml.com/use-case-diagram), -[Class](http://plantuml.com/class-diagram), [Activity](http://plantuml.com/activity-diagram-legacy), -[Component](http://plantuml.com/component-diagram), [State](http://plantuml.com/state-diagram), -and [Object](http://plantuml.com/object-diagram) diagrams. You do not need to use the PlantUML +[Sequence](https://plantuml.com/sequence-diagram), [Use Case](https://plantuml.com/use-case-diagram), +[Class](https://plantuml.com/class-diagram), [Activity](https://plantuml.com/activity-diagram-legacy), +[Component](https://plantuml.com/component-diagram), [State](https://plantuml.com/state-diagram), +and [Object](https://plantuml.com/object-diagram) diagrams. You do not need to use the PlantUML diagram delimiters `@startuml`/`@enduml` as these are replaced by the AsciiDoc `plantuml` block. Some parameters can be added to the AsciiDoc block definition: diff --git a/doc/administration/operations/puma.md b/doc/administration/operations/puma.md index 30fea36fac6..6f252a7d76e 100644 --- a/doc/administration/operations/puma.md +++ b/doc/administration/operations/puma.md @@ -2,7 +2,7 @@ ## Puma -As of GitLab 12.9, [Puma](https://github.com/puma/puma) has replaced [Unicorn](https://bogomips.org/unicorn/). +As of GitLab 12.9, [Puma](https://github.com/puma/puma) has replaced [Unicorn](https://yhbt.net/unicorn/). as the default web server. ## Why switch to Puma? diff --git a/doc/administration/operations/unicorn.md b/doc/administration/operations/unicorn.md index bab20a76546..bb817e71f5a 100644 --- a/doc/administration/operations/unicorn.md +++ b/doc/administration/operations/unicorn.md @@ -2,7 +2,7 @@ ## Unicorn -GitLab uses [Unicorn](https://bogomips.org/unicorn/), a pre-forking Ruby web +GitLab uses [Unicorn](https://yhbt.net/unicorn/), a pre-forking Ruby web server, to handle web requests (web browsers and Git HTTP clients). Unicorn is a daemon written in Ruby and C that can load and run a Ruby on Rails application; in our case the Rails application is GitLab Community Edition or diff --git a/doc/administration/packages/index.md b/doc/administration/packages/index.md index f33c215fdb8..536b6a5f246 100644 --- a/doc/administration/packages/index.md +++ b/doc/administration/packages/index.md @@ -119,9 +119,6 @@ upload packages: } ``` - NOTE: **Note:** - Some build tools, like Gradle, must make `HEAD` requests to Amazon S3 to pull a dependency’s metadata. The `gitlab_rails['packages_object_store_proxy_download']` property must be set to `true`. Without this setting, GitLab won't act as a proxy to the Amazon S3 service, and will instead return the signed URL. This will cause a `HTTP 403 Forbidden` response, since Amazon S3 expects a signed URL. - 1. Save the file and [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. diff --git a/doc/administration/repository_storage_paths.md b/doc/administration/repository_storage_paths.md index 5ca1dd18da3..5e11c8ef48f 100644 --- a/doc/administration/repository_storage_paths.md +++ b/doc/administration/repository_storage_paths.md @@ -120,5 +120,5 @@ randomly placed on one of the selected paths. [reconfigure-gitlab]: restart_gitlab.md#omnibus-gitlab-reconfigure [backups]: ../raketasks/backup_restore.md [raketask]: https://gitlab.com/gitlab-org/gitlab/blob/033e5423a2594e08a7ebcd2379bd2331f4c39032/lib/backup/repository.rb#L54-56 -[repospath]: https://gitlab.com/gitlab-org/gitlab/blob/8-9-stable/config/gitlab.yml.example#L457 +[repospath]: https://gitlab.com/gitlab-org/gitlab-foss/-/blob/8-9-stable/config/gitlab.yml.example#L457 [ce-11449]: https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/11449 diff --git a/doc/api/graphql/getting_started.md b/doc/api/graphql/getting_started.md index ee0642b185b..07147340ab4 100644 --- a/doc/api/graphql/getting_started.md +++ b/doc/api/graphql/getting_started.md @@ -36,7 +36,7 @@ The examples below: - Can be run directly against GitLab 11.0 or later, though some of the types and fields may not be supported in older versions. - Will work against GitLab.com without any further setup. Make sure you are signed in and -navigate to the [GraphiQL Explorer](https://www.gitlab.com/-/graphql-explorer). +navigate to the [GraphiQL Explorer](https://gitlab.com/-/graphql-explorer). If you want to run the queries locally, or on a self-managed instance, you will need to either: diff --git a/doc/development/architecture.md b/doc/development/architecture.md index 8d5368bdd28..d12d4b2029c 100644 --- a/doc/development/architecture.md +++ b/doc/development/architecture.md @@ -125,18 +125,18 @@ Component statuses are linked to configuration documentation for each component. | Component | Description | [Omnibus GitLab](https://docs.gitlab.com/omnibus/) | [GitLab chart](https://docs.gitlab.com/charts/) | [Minikube Minimal](https://docs.gitlab.com/charts/development/minikube/#deploying-gitlab-with-minimal-settings) | [GitLab.com](https://gitlab.com) | [Source](../install/installation.md) | [GDK](https://gitlab.com/gitlab-org/gitlab-development-kit) | CE/EE | | --------- | ----------- |:--------------------:|:------------------:|:-----:|:--------:|:--------:|:-------:|:-------:| -| [NGINX](#nginx) | Routes requests to appropriate components, terminates SSL | [✅][nginx-omnibus] | [✅][nginx-charts] | [⚙][nginx-charts] | [✅](https://about.gitlab.com/handbook/engineering/infrastructure/production-architecture/#service-architecture) | [⤓][nginx-source] | ❌ | CE & EE | +| [NGINX](#nginx) | Routes requests to appropriate components, terminates SSL | [✅][nginx-omnibus] | [✅][nginx-charts] | [⚙][nginx-charts] | [✅](https://about.gitlab.com/handbook/engineering/infrastructure/production/architecture/#service-architecture) | [⤓][nginx-source] | ❌ | CE & EE | | [Unicorn (GitLab Rails)](#unicorn) | Handles requests for the web interface and API | [✅][unicorn-omnibus] | [✅][unicorn-charts] | [✅][unicorn-charts] | [✅](../user/gitlab_com/index.md#unicorn) | [⚙][unicorn-source] | [✅][gitlab-yml] | CE & EE | | [Sidekiq](#sidekiq) | Background jobs processor | [✅][sidekiq-omnibus] | [✅][sidekiq-charts] | [✅](https://docs.gitlab.com/charts/charts/gitlab/sidekiq/index.html) | [✅](../user/gitlab_com/index.md#sidekiq) | [✅][gitlab-yml] | [✅][gitlab-yml] | CE & EE | -| [Gitaly](#gitaly) | Git RPC service for handling all Git calls made by GitLab | [✅][gitaly-omnibus] | [✅][gitaly-charts] | [✅][gitaly-charts] | [✅](https://about.gitlab.com/handbook/engineering/infrastructure/production-architecture/#service-architecture) | [⚙][gitaly-source] | ✅ | CE & EE | -| [Praefect](#praefect) | A transparent proxy between any Git client and Gitaly storage nodes. | [✅][gitaly-omnibus] | [❌][gitaly-charts] | [❌][gitaly-charts] | [✅](https://about.gitlab.com/handbook/engineering/infrastructure/production-architecture/#service-architecture) | [⚙][praefect-source] | ✅ | CE & EE | -| [GitLab Workhorse](#gitlab-workhorse) | Smart reverse proxy, handles large HTTP requests | [✅][workhorse-omnibus] | [✅][workhorse-charts] | [✅][workhorse-charts] | [✅](https://about.gitlab.com/handbook/engineering/infrastructure/production-architecture/#service-architecture) | [⚙][workhorse-source] | ✅ | CE & EE | -| [GitLab Shell](#gitlab-shell) | Handles `git` over SSH sessions | [✅][shell-omnibus] | [✅][shell-charts] | [✅][shell-charts] | [✅](https://about.gitlab.com/handbook/engineering/infrastructure/production-architecture/#service-architecture) | [⚙][shell-source] | [✅][gitlab-yml] | CE & EE | +| [Gitaly](#gitaly) | Git RPC service for handling all Git calls made by GitLab | [✅][gitaly-omnibus] | [✅][gitaly-charts] | [✅][gitaly-charts] | [✅](https://about.gitlab.com/handbook/engineering/infrastructure/production/architecture/#service-architecture) | [⚙][gitaly-source] | ✅ | CE & EE | +| [Praefect](#praefect) | A transparent proxy between any Git client and Gitaly storage nodes. | [✅][gitaly-omnibus] | [❌][gitaly-charts] | [❌][gitaly-charts] | [✅](https://about.gitlab.com/handbook/engineering/infrastructure/production/architecture/#service-architecture) | [⚙][praefect-source] | ✅ | CE & EE | +| [GitLab Workhorse](#gitlab-workhorse) | Smart reverse proxy, handles large HTTP requests | [✅][workhorse-omnibus] | [✅][workhorse-charts] | [✅][workhorse-charts] | [✅](https://about.gitlab.com/handbook/engineering/infrastructure/production/architecture/#service-architecture) | [⚙][workhorse-source] | ✅ | CE & EE | +| [GitLab Shell](#gitlab-shell) | Handles `git` over SSH sessions | [✅][shell-omnibus] | [✅][shell-charts] | [✅][shell-charts] | [✅](https://about.gitlab.com/handbook/engineering/infrastructure/production/architecture/#service-architecture) | [⚙][shell-source] | [✅][gitlab-yml] | CE & EE | | [GitLab Pages](#gitlab-pages) | Hosts static websites | [⚙][pages-omnibus] | [❌][pages-charts] | [❌][pages-charts] | [✅](../user/gitlab_com/index.md#gitlab-pages) | [⚙][pages-source] | [⚙][pages-gdk] | CE & EE | | [Registry](#registry) | Container registry, allows pushing and pulling of images | [⚙][registry-omnibus] | [✅][registry-charts] | [✅][registry-charts] | [✅](../user/packages/container_registry/index.md#build-and-push-images-using-gitlab-cicd) | [⤓][registry-source] | [⚙][registry-gdk] | CE & EE | -| [Redis](#redis) | Caching service | [✅][redis-omnibus] | [✅][redis-omnibus] | [✅][redis-charts] | [✅](https://about.gitlab.com/handbook/engineering/infrastructure/production-architecture/#service-architecture) | [⤓][redis-source] | ✅ | CE & EE | +| [Redis](#redis) | Caching service | [✅][redis-omnibus] | [✅][redis-omnibus] | [✅][redis-charts] | [✅](https://about.gitlab.com/handbook/engineering/infrastructure/production/architecture/#service-architecture) | [⤓][redis-source] | ✅ | CE & EE | | [PostgreSQL](#postgresql) | Database | [✅][postgres-omnibus] | [✅][postgres-charts] | [✅][postgres-charts] | [✅](../user/gitlab_com/index.md#postgresql) | [⤓][postgres-source] | ✅ | CE & EE | -| [PgBouncer](#pgbouncer) | Database connection pooling, failover | [⚙][pgbouncer-omnibus] | [❌][pgbouncer-charts] | [❌][pgbouncer-charts] | [✅](https://about.gitlab.com/handbook/engineering/infrastructure/production-architecture/#database-architecture) | ❌ | ❌ | EE Only | +| [PgBouncer](#pgbouncer) | Database connection pooling, failover | [⚙][pgbouncer-omnibus] | [❌][pgbouncer-charts] | [❌][pgbouncer-charts] | [✅](https://about.gitlab.com/handbook/engineering/infrastructure/production/architecture/#database-architecture) | ❌ | ❌ | EE Only | | [Consul](#consul) | Database node discovery, failover | [⚙][consul-omnibus] | [❌][consul-charts] | [❌][consul-charts] | [✅](../user/gitlab_com/index.md#consul) | ❌ | ❌ | EE Only | | [GitLab self-monitoring: Prometheus](#prometheus) | Time-series database, metrics collection, and query service | [✅][prometheus-omnibus] | [✅][prometheus-charts] | [⚙][prometheus-charts] | [✅](../user/gitlab_com/index.md#prometheus) | ❌ | ❌ | CE & EE | | [GitLab self-monitoring: Alertmanager](#alertmanager) | Deduplicates, groups, and routes alerts from Prometheus | [⚙][alertmanager-omnibus] | [✅][alertmanager-charts] | [⚙][alertmanager-charts] | [✅](https://about.gitlab.com/handbook/engineering/monitoring/) | ❌ | ❌ | CE & EE | @@ -149,10 +149,10 @@ Component statuses are linked to configuration documentation for each component. | [GitLab Exporter](#gitlab-exporter) | Generates a variety of GitLab metrics | [✅][gitlab-exporter-omnibus] | [✅][gitlab-exporter-charts] | [✅][gitlab-exporter-charts] | [✅](https://about.gitlab.com/handbook/engineering/monitoring/) | ❌ | ❌ | CE & EE | | [Node Exporter](#node-exporter) | Prometheus endpoint with system metrics | [✅][node-exporter-omnibus] | [N/A][node-exporter-charts] | [N/A][node-exporter-charts] | [✅](https://about.gitlab.com/handbook/engineering/monitoring/) | ❌ | ❌ | CE & EE | | [Mattermost](#mattermost) | Open-source Slack alternative | [⚙][mattermost-omnibus] | [⤓][mattermost-charts] | [⤓][mattermost-charts] | [⤓](../user/project/integrations/mattermost.md) | ❌ | ❌ | CE & EE | -| [MinIO](#minio) | Object storage service | [⤓][minio-omnibus] | [✅][minio-charts] | [✅][minio-charts] | [✅](https://about.gitlab.com/handbook/engineering/infrastructure/production-architecture/#storage-architecture) | ❌ | [⚙][minio-gdk] | CE & EE | +| [MinIO](#minio) | Object storage service | [⤓][minio-omnibus] | [✅][minio-charts] | [✅][minio-charts] | [✅](https://about.gitlab.com/handbook/engineering/infrastructure/production/architecture/#storage-architecture) | ❌ | [⚙][minio-gdk] | CE & EE | | [Runner](#gitlab-runner) | Executes GitLab CI jobs | [⤓][runner-omnibus] | [✅][runner-charts] | [⚙][runner-charts] | [✅](../user/gitlab_com/index.md#shared-runners) | [⚙][runner-source] | [⚙][runner-gdk] | CE & EE | | [Database Migrations](#database-migrations) | Database migrations | [✅][database-migrations-omnibus] | [✅][database-migrations-charts] | [✅][database-migrations-charts] | ✅ | [⚙][database-migrations-source] | ✅ | CE & EE | -| [Certificate Management](#certificate-management) | TLS Settings, Let's Encrypt | [✅][certificate-management-omnibus] | [✅][certificate-management-charts] | [⚙][certificate-management-charts] | [✅](https://about.gitlab.com/handbook/engineering/infrastructure/production-architecture/#secrets-management) | [⚙][certificate-management-source] | [⚙][certificate-management-gdk] | CE & EE | +| [Certificate Management](#certificate-management) | TLS Settings, Let's Encrypt | [✅][certificate-management-omnibus] | [✅][certificate-management-charts] | [⚙][certificate-management-charts] | [✅](https://about.gitlab.com/handbook/engineering/infrastructure/production/architecture/#secrets-management) | [⚙][certificate-management-source] | [⚙][certificate-management-gdk] | CE & EE | | [GitLab Geo Node](#gitlab-geo) | Geographically distributed GitLab nodes | [⚙][geo-omnibus] | [❌][geo-charts] | [❌][geo-charts] | ✅ | ❌ | [⚙][geo-gdk] | EE Only | | [LDAP Authentication](#ldap-authentication) | Authenticate users against centralized LDAP directory | [⤓][ldap-omnibus] | [⤓][ldap-charts] | [⤓][ldap-charts] | [❌](https://about.gitlab.com/pricing/#gitlab-com) | [⤓][gitlab-yml] | [⤓][ldap-gdk] | CE & EE | | [Outbound email (SMTP)](#outbound-email) | Send email messages to users | [⤓][outbound-email-omnibus] | [⤓][outbound-email-charts] | [⤓][outbound-email-charts] | [✅](../user/gitlab_com/index.md#mail-configuration) | [⤓][gitlab-yml] | [⤓][gitlab-yml] | CE & EE | @@ -446,7 +446,7 @@ Sidekiq is a Ruby background job processor that pulls jobs from the Redis queue - Layer: Core Service (Processor) - Process: `unicorn` -[Unicorn](https://bogomips.org/unicorn/) is a Ruby application server that is used to run the core Rails Application that provides the user facing features in GitLab. Often process output you will see this as `bundle` or `config.ru` depending on the GitLab version. +[Unicorn](https://yhbt.net/unicorn/) is a Ruby application server that is used to run the core Rails Application that provides the user facing features in GitLab. Often process output you will see this as `bundle` or `config.ru` depending on the GitLab version. #### LDAP Authentication @@ -494,13 +494,108 @@ Below we describe the different pathing that HTTP vs. SSH Git requests will take ### Web Request (80/443) -When you make a Git request over HTTP, the request first takes the same steps as a web HTTP request -through NGINX and GitLab Workhorse. However, the GitLab Workhorse then diverts the request towards -Gitaly, which processes it directly. +Git operations over HTTP use the stateless "smart" protocol described in the +[Git documentation](https://git-scm.com/docs/http-protocol), but responsibility +for handling these operations is split across several GitLab components. + +Here is a sequence diagram for `git fetch`. Note that all requests pass through +NGINX as well as any other HTTP load balancers, but are not transformed in any +way by them. All paths are presented relative to a `/namespace/project.git` URL. + +```mermaid +sequenceDiagram + participant Git on client + participant NGINX + participant Workhorse + participant Rails + participant Gitaly + participant Git on server + + Note left of Git on client: git fetch<br/>info-refs + Git on client->>+Workhorse: GET /info/refs?service=git-upload-pack + Workhorse->>+Rails: GET /info/refs?service=git-upload-pack + Note right of Rails: Auth check + Rails-->>-Workhorse: Gitlab::Workhorse.git_http_ok + Workhorse->>+Gitaly: SmartHTTPService.InfoRefsUploadPack request + Gitaly->>+Git on server: git upload-pack --stateless-rpc --advertise-refs + Git on server-->>-Gitaly: git upload-pack response + Gitaly-->>-Workhorse: SmartHTTPService.InfoRefsUploadPack response + Workhorse-->>-Git on client: 200 OK + + Note left of Git on client: git fetch<br/>fetch-pack + Git on client->>+Workhorse: POST /git-upload-pack + Workhorse->>+Rails: POST /git-upload-pack + Note right of Rails: Auth check + Rails-->>-Workhorse: Gitlab::Workhorse.git_http_ok + Workhorse->>+Gitaly: SmartHTTPService.PostUploadPack request + Gitaly->>+Git on server: git upload-pack --stateless-rpc + Git on server-->>-Gitaly: git upload-pack response + Gitaly-->>-Workhorse: SmartHTTPService.PostUploadPack response + Workhorse-->>-Git on client: 200 OK +``` + +The sequence is similar for `git push`, except `git-receive-pack` is used +instead of `git-upload-pack`. ### SSH Request (22) -TODO +Git operations over SSH can use the stateful protocol described in the +[Git documentation](https://git-scm.com/docs/pack-protocol#_ssh_transport), but +responsibility for handling them is split across several GitLab components. + +No GitLab components speak SSH directly - all SSH connections are made between +Git on the client machine and the SSH server, which terminates the connection. +To the SSH server, all connections are authenticated as the `git` user; GitLab +users are differentiated by the SSH key presented by the client. + +Here is a sequence diagram for `git fetch`, assuming [Fast SSH key lookup](../administration/operations/fast_ssh_key_lookup.md) +is enabled. Note that `AuthorizedKeysCommand` is an executable provided by +[GitLab Shell](#gitlab-shell): + +```mermaid +sequenceDiagram + participant Git on client + participant SSH server + participant AuthorizedKeysCommand + participant GitLab Shell + participant Rails + participant Gitaly + participant Git on server + + Note left of Git on client: git fetch + Git on client->>SSH server: git fetch-pack + SSH server-->>AuthorizedKeysCommand: gitlab-shell-authorized-keys-check git AAAA... + AuthorizedKeysCommand-->>Rails: GET /internal/api/authorized_keys?key=AAAA... + Note right of Rails: Lookup key ID + Rails-->>SSH server: 200 OK, command="gitlab-shell upload-pack key_id=1" + SSH server-->>GitLab Shell: gitlab-shell upload-pack key_id=1 + GitLab Shell-->>Rails: GET /internal/api/allowed?action=upload_pack&key_id=1 + Note right of Rails: Auth check + Rails-->>GitLab Shell: 200 OK, { gitaly: ... } + GitLab Shell-->>Gitaly: SSHService.SSHUploadPack bidirectional request + Gitaly-->>Git on server: git upload-pack + Git on server->>Git on client: SSHService.SSHUploadPack bidirectional response +``` + +The `git push` operation is very similar, except `git receive-pack` is used +instead of `git upload-pack`. + +If fast SSH key lookups are not enabled, the SSH server reads from the +`~git/.ssh/authorized_keys` file to determine what command to run for a given +SSH session. This is kept up to date by an [`AuthorizedKeysWorker`](https://gitlab.com/gitlab-org/gitlab/blob/master/app/workers/authorized_keys_worker.rb) +in Rails, scheduled to run whenever an SSH key is modified by a user. + +[SSH certificates](../administration/operations/ssh_certificates.md) may be used +instead of keys. In this case, `AuthorizedKeysCommand` is replaced with an +`AuthorizedPrincipalsCommand`. This extracts a username from the certificate +without using the Rails internal API, which is used instead of `key_id` in the +`/api/internal/allowed` call later. + +GitLab Shell also has a few operations that do not involve Gitaly, such as +resetting two-factor authentication codes. These are handled in the same way, +except there is no round-trip into Gitaly - Rails performs the action as part +of the [internal API](internal_api.md) call, and GitLab Shell streams the +response back to the user directly. ## System Layout diff --git a/doc/development/chatops_on_gitlabcom.md b/doc/development/chatops_on_gitlabcom.md index a8151471b87..f3687b8d697 100644 --- a/doc/development/chatops_on_gitlabcom.md +++ b/doc/development/chatops_on_gitlabcom.md @@ -16,7 +16,7 @@ To request access to Chatops on GitLab.com: 1. Log into <https://ops.gitlab.net/users/sign_in> **using the same username** as for GitLab.com (you may have to rename it). 1. Ask in the [#production](https://gitlab.slack.com/messages/production) channel to add you by running `/chatops run member add <username> gitlab-com/chatops --ops`. -NOTE: **Note:** If you had to change your username for GitLab.com on the first step, make sure [to reflect this information](https://gitlab.com/gitlab-com/www-gitlab-com#adding-yourself-to-the-team-page) on [the team page](https://about.gitlab.com/team). +NOTE: **Note:** If you had to change your username for GitLab.com on the first step, make sure [to reflect this information](https://gitlab.com/gitlab-com/www-gitlab-com#adding-yourself-to-the-team-page) on [the team page](https://about.gitlab.com/company/team/). ## See also diff --git a/doc/development/code_review.md b/doc/development/code_review.md index 830c3d3b3d2..efc9cad9810 100644 --- a/doc/development/code_review.md +++ b/doc/development/code_review.md @@ -79,7 +79,7 @@ from teams other than your own. #### Security requirements -View the updated documentation regarding [internal application security reviews](https://about.gitlab.com/handbook/engineering/security/index.html#internal-application-security-reviews) for **when** and **how** to request a security review. +View the updated documentation regarding [internal application security reviews](https://about.gitlab.com/handbook/engineering/security/#internal-application-security-reviews) for **when** and **how** to request a security review. ### The responsibility of the merge request author diff --git a/doc/development/documentation/site_architecture/release_process.md b/doc/development/documentation/site_architecture/release_process.md index 59a8d3cff01..b81fdb66baf 100644 --- a/doc/development/documentation/site_architecture/release_process.md +++ b/doc/development/documentation/site_architecture/release_process.md @@ -92,7 +92,7 @@ this needs to happen when the stable branches for all products have been created tagged with the branch name you created in the first step. In the end, the image will be uploaded in the [Container Registry](https://gitlab.com/gitlab-org/gitlab-docs/container_registry) and it will be listed under the - [`registry` environment folder](https://gitlab.com/gitlab-org/gitlab-docs/environments/folders/registry). + [`registry` environment folder](https://gitlab.com/gitlab-org/gitlab-docs/-/environments/folders/registry). Optionally, you can test locally by building the image and running it: @@ -179,11 +179,11 @@ The dropdown merge requests should have now been merged into their respective version (stable branch), which will trigger another pipeline. At this point, you need to only babysit the pipelines and make sure they don't fail: -1. Check the [pipelines page](https://gitlab.com/gitlab-org/gitlab-docs/pipelines) +1. Check the pipelines page: `https://gitlab.com/gitlab-org/gitlab-docs/pipelines` and make sure all stable branches have green pipelines. 1. After all the pipelines of the online versions succeed, merge the release merge request. -1. Finally, run the [Build docker images weekly](https://gitlab.com/gitlab-org/gitlab-docs/pipeline_schedules) - pipeline that will build the `:latest` and `:archives` Docker images. +1. Finally, from `https://gitlab.com/gitlab-org/gitlab-docs/pipeline_schedules` run + the `Build docker images weekly` pipeline that will build the `:latest` and `:archives` Docker images. Once the scheduled pipeline succeeds, the docs site will be deployed with all new versions online. @@ -191,8 +191,7 @@ new versions online. ## Update an old Docker image with new upstream docs content If there are any changes to any of the stable branches of the products that are -not included in the single Docker image, just -[rerun the pipeline](https://gitlab.com/gitlab-org/gitlab-docs/pipelines/new) +not included in the single Docker image, just rerun the pipeline (`https://gitlab.com/gitlab-org/gitlab-docs/pipelines/new`) for the version in question. ## Porting new website changes to old versions @@ -239,7 +238,7 @@ branches for 12.2 were used, this wouldn't have failed, but as we can see from the [`compile_dev` job](https://gitlab.com/gitlab-org/gitlab-docs/-/jobs/328042427), the `master` branches were pulled. -To fix this, [re-run the pipeline](https://gitlab.com/gitlab-org/gitlab-docs/pipelines/new) +To fix this, re-run the pipeline (`https://gitlab.com/gitlab-org/gitlab-docs/pipelines/new`) for the `update-12-2-for-release-12-4` branch, by including the following environment variables: - `BRANCH_CE` set to `12-2-stable` diff --git a/doc/development/documentation/workflow.md b/doc/development/documentation/workflow.md index 20559f9c0b5..aaf0f218387 100644 --- a/doc/development/documentation/workflow.md +++ b/doc/development/documentation/workflow.md @@ -62,7 +62,7 @@ responsible for: - Liaising with their Product Manager to understand what documentation must be delivered, and when. - Requesting technical reviews from other developers within their group. - Requesting documentation reviews from the Technical Writer - [assigned to the DevOps stage group](https://about.gitlab.com/handbook/product/technical-writing/index.html#assignments) + [assigned to the DevOps stage group](https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments) that is delivering the new feature or feature enhancements. TIP: **Tip:** @@ -92,7 +92,7 @@ the Product Manager and Technical Writer for a given issue: - Documentation [Structure and template](structure.md) page. - [Style Guide](styleguide.md). - [Markdown Guide](https://about.gitlab.com/handbook/engineering/ux/technical-writing/markdown-guide/). -- Contact the Technical Writer for the relevant [DevOps stage](https://about.gitlab.com/handbook/product/technical-writing/index.html#assignments) +- Contact the Technical Writer for the relevant [DevOps stage](https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments) in your issue or merge request, or within `#docs` on GitLab Slack, if you: - Need any help to choose the correct place for documentation. - Want to discuss a documentation idea or outline. @@ -423,7 +423,7 @@ Request help from the Technical Writing team if you: To request help: 1. Locate the the Technical Writer for the relevant - [DevOps stage group](https://about.gitlab.com/handbook/product/technical-writing/index.html#assignments). + [DevOps stage group](https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments). 1. Either: - If urgent help is required, directly assign the Technical Writer in the issue or in the merge request. - If non-urgent help is required, ping the Technical Writer in the issue or merge request. @@ -439,7 +439,7 @@ Maintainers must make a good-faith effort to ensure that the content: - Meets the [Documentation Guidelines](index.md) and [Style Guide](styleguide.md). If the author or reviewer has any questions, they can mention the writer who is assigned to the relevant -[DevOps stage group](https://about.gitlab.com/handbook/product/technical-writing/index.html#assignments). +[DevOps stage group](https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments). The process involves the following: @@ -449,7 +449,7 @@ The process involves the following: - Technical Writer (Optional). If not completed for a merge request prior to merging, must be scheduled post-merge. Schedule post-merge reviews only if an urgent merge is required. To request a: - Pre-merge review, assign the Technical Writer listed for the applicable - [DevOps stage group](https://about.gitlab.com/handbook/product/technical-writing/index.html#assignments). + [DevOps stage group](https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments). - Post-merge review, see [Post-merge reviews](#post-merge-reviews). - Maintainer. For merge requests, Maintainers: - Can always request any of the above reviews. diff --git a/doc/development/fe_guide/frontend_faq.md b/doc/development/fe_guide/frontend_faq.md index ad52919a9af..3b0b1d8f0da 100644 --- a/doc/development/fe_guide/frontend_faq.md +++ b/doc/development/fe_guide/frontend_faq.md @@ -63,7 +63,7 @@ banner on top of the component examples indicates that: > component. For example, at the time of writing, this type of warning can be observed for -[all form components](https://design.gitlab.com/components/forms). It, however, +[all form components](https://design.gitlab.com/components/forms/). It, however, doesn't imply that the component should not be used. GitLab always asks to use `<gl-*>` components whenever a suitable component exists. diff --git a/doc/development/understanding_explain_plans.md b/doc/development/understanding_explain_plans.md index 97225e48976..48791e201eb 100644 --- a/doc/development/understanding_explain_plans.md +++ b/doc/development/understanding_explain_plans.md @@ -765,5 +765,5 @@ exec ROLLBACK ## Further reading A more extensive guide on understanding query plans can be found in -the [presentation](https://www.dalibo.org/_media/understanding_explain.pdf) -from [Dalibo.org](https://www.dalibo.org/en/). +the [presentation](https://public.dalibo.com/exports/conferences/_archives/_2012/201211_explain/understanding_explain.pdf) +from [Dalibo.org](https://www.dalibo.com/en/). diff --git a/doc/install/openshift_and_gitlab/index.md b/doc/install/openshift_and_gitlab/index.md index 2689fcb1645..a71d839e742 100644 --- a/doc/install/openshift_and_gitlab/index.md +++ b/doc/install/openshift_and_gitlab/index.md @@ -36,7 +36,7 @@ test OpenShift easily: - [VirtualBox] - [Vagrant] -- [OpenShift Client](https://docs.okd.io/latest/cli_reference/get_started_cli.html) (`oc` for short) +- [OpenShift Client](https://docs.okd.io/3.11/cli_reference/get_started_cli.html) (`oc` for short) It is also important to mention that for the purposes of this tutorial, the latest Origin release is used: @@ -99,7 +99,7 @@ landing page looks like: ![openshift web console](img/web-console.png) -You can see that a number of [projects](https://docs.okd.io/latest/dev_guide/projects.html) are already created for testing purposes. +You can see that a number of [projects](https://docs.okd.io/3.11/dev_guide/projects.html) are already created for testing purposes. If you head over the `openshift-infra` project, a number of services with their respective pods are there to explore. @@ -107,7 +107,7 @@ respective pods are there to explore. ![openshift web console](img/openshift-infra-project.png) We are not going to explore the whole interface, but if you want to learn about -the key concepts of OpenShift, read the [core concepts reference](https://docs.okd.io/latest/architecture/core_concepts/index.html) +the key concepts of OpenShift, read the [core concepts reference](https://docs.okd.io/3.11/architecture/core_concepts/index.html) in the official documentation. ### Explore the OpenShift CLI @@ -115,7 +115,7 @@ in the official documentation. OpenShift Client (`oc`), is a powerful CLI tool that talks to the OpenShift API and performs pretty much everything you can do from the web UI and much more. -Assuming you have [installed](https://docs.okd.io/latest/cli_reference/get_started_cli.html) it, let's explore some of its main +Assuming you have [installed](https://docs.okd.io/3.11/cli_reference/get_started_cli.html) it, let's explore some of its main functionalities. Let's first see the version of `oc`: @@ -172,7 +172,7 @@ The last command should spit a bunch of information about the statuses of the pods and the services, which if you look closely is what we encountered in the second image when we explored the web console. -You can always read more about `oc` in the [OpenShift CLI documentation](https://docs.okd.io/latest/cli_reference/get_started_cli.html). +You can always read more about `oc` in the [OpenShift CLI documentation](https://docs.okd.io/3.11/cli_reference/get_started_cli.html). ### Troubleshooting the all-in-one VM @@ -248,7 +248,7 @@ The next step is to import the OpenShift template for GitLab. ### Import the template -The [template](https://docs.okd.io/latest/architecture/core_concepts/templates.html) is basically a JSON file which describes a set of +The [template](https://docs.okd.io/3.11/architecture/core_concepts/templates.html) is basically a JSON file which describes a set of related object definitions to be created together, as well as a set of parameters for those objects. @@ -364,7 +364,7 @@ of resources, you'd be happy to know that you can scale up with the push of a button. In the **Overview** page just click the up arrow button in the pod where -GitLab is. The change is instant and you can see the number of [replicas](https://docs.okd.io/latest/architecture/core_concepts/deployments.html#replication-controllers) now +GitLab is. The change is instant and you can see the number of [replicas](https://docs.okd.io/3.11/architecture/core_concepts/deployments.html#replication-controllers) now running scaled to 2. ![GitLab scale](img/gitlab-scale.png) @@ -382,7 +382,7 @@ scale up. If a pod is in pending state for too long, you can navigate to ### Scale GitLab using the `oc` CLI Using `oc` is super easy to scale up the replicas of a pod. You may want to -skim through the [basic CLI operations](https://docs.okd.io/latest/cli_reference/basic_cli_operations.html) to get a taste how the CLI +skim through the [basic CLI operations](https://docs.okd.io/3.11/cli_reference/basic_cli_operations.html) to get a taste how the CLI commands are used. Pay extra attention to the object types as we will use some of them and their abbreviated versions below. @@ -455,7 +455,7 @@ In case you were wondering whether there is an option to autoscale a pod based on the resources of your server, the answer is yes, of course there is. We will not expand on this matter, but feel free to read the documentation on -OpenShift's website about [autoscaling](https://docs.okd.io/latest/dev_guide/pod_autoscaling.html). +OpenShift's website about [autoscaling](https://docs.okd.io/3.11/dev_guide/pod_autoscaling.html). ## Current limitations @@ -470,7 +470,7 @@ bother us. In any case, it is something to keep in mind when deploying GitLab on a production cluster. In order to deploy GitLab on a production cluster, you will need to assign the -GitLab service account to the `anyuid` [Security Context Constraints](https://docs.okd.io/latest/admin_guide/manage_scc.html). +GitLab service account to the `anyuid` [Security Context Constraints](https://docs.okd.io/3.11/admin_guide/manage_scc.html). For OpenShift v3.0, you will need to do this manually: diff --git a/doc/topics/authentication/index.md b/doc/topics/authentication/index.md index 9e4a666d442..429658984ab 100644 --- a/doc/topics/authentication/index.md +++ b/doc/topics/authentication/index.md @@ -47,4 +47,4 @@ This page gathers all the resources for the topic **Authentication** within GitL - [Kanboard Plugin GitLab Authentication](https://github.com/kanboard/plugin-gitlab-auth) - [Jenkins GitLab OAuth Plugin](https://wiki.jenkins.io/display/JENKINS/GitLab+OAuth+Plugin) - [How to customize GitLab to support OpenID authentication](http://eric.van-der-vlist.com/blog/2013/11/23/how-to-customize-gitlab-to-support-openid-authentication/) -- [OKD - Configuring Authentication and User Agent](https://docs.okd.io/latest/install_config/configuring_authentication.html#GitLab) +- [OKD - Configuring Authentication and User Agent](https://docs.okd.io/3.11/install_config/configuring_authentication.html#GitLab) diff --git a/doc/user/markdown.md b/doc/user/markdown.md index ea17ce7b81d..430e050a110 100644 --- a/doc/user/markdown.md +++ b/doc/user/markdown.md @@ -154,7 +154,7 @@ Color written inside backticks will be followed by a color "chip": ### Diagrams and flowcharts -It's possible to generate diagrams and flowcharts from text in GitLab using [Mermaid](https://mermaidjs.github.io/) or [PlantUML](http://plantuml.com). +It's possible to generate diagrams and flowcharts from text in GitLab using [Mermaid](https://mermaidjs.github.io/) or [PlantUML](https://plantuml.com). #### Mermaid diff --git a/doc/user/project/pages/getting_started/fork_sample_project.md b/doc/user/project/pages/getting_started/fork_sample_project.md index 9c58189e984..ef30606a9ab 100644 --- a/doc/user/project/pages/getting_started/fork_sample_project.md +++ b/doc/user/project/pages/getting_started/fork_sample_project.md @@ -48,13 +48,21 @@ You can also take some **optional** further steps: - _Remove the fork relationship._ The fork relationship is necessary to contribute back to the project you originally forked from. If you don't have any intentions to do so, you can remove it. To do so, navigate to your project's **Settings**, expand **Advanced settings**, and scroll down to **Remove fork relationship**: - ![remove fork relationship](../img/remove_fork_relationship.png) + ![Remove fork relationship](../img/remove_fork_relationship.png) - _Make it a user or group website._ To turn a **project website** forked from the Pages group into a **user/group** website, you'll need to: - Rename it to `namespace.gitlab.io`: go to your project's **Settings > General** and expand **Advanced**. Scroll down to - **Rename repository** and change the path to `namespace.gitlab.io`. + **Change path** and change the path to `namespace.gitlab.io`. + + For example, consider the group `https://gitlab.com/gitlab-tests`: + `gitlab-tests` is the group's namespace, the repository path should be set + to `gitlab-tests.gitlab.io` (yes, weird like that), and the + resulting URL for your Pages website will be `https://gitlab-tests.gitlab.io`. + + ![Change repo's path](../img/change_path_v12_10.png) + - Adjust your SSG's [base URL](../getting_started_part_one.md#urls-and-baseurls) from `"project-name"` to `""`. This setting will be at a different place for each SSG, as each of them have their own structure and file tree. Most likely, it will be in the SSG's diff --git a/doc/user/project/pages/img/change_path_v12_10.png b/doc/user/project/pages/img/change_path_v12_10.png Binary files differnew file mode 100644 index 00000000000..79c6432707a --- /dev/null +++ b/doc/user/project/pages/img/change_path_v12_10.png diff --git a/lib/gitlab/git_access_snippet.rb b/lib/gitlab/git_access_snippet.rb index 3ba2fcecd6f..e11c1ea527c 100644 --- a/lib/gitlab/git_access_snippet.rb +++ b/lib/gitlab/git_access_snippet.rb @@ -98,10 +98,7 @@ module Gitlab def check_single_change_access(change) Checks::SnippetCheck.new(change, logger: logger).validate! - - if Feature.enabled?(:snippet_count_check) - Checks::PushFileCountCheck.new(change, repository: repository, limit: Snippet::MAX_FILE_COUNT, logger: logger).validate! - end + Checks::PushFileCountCheck.new(change, repository: repository, limit: Snippet::MAX_FILE_COUNT, logger: logger).validate! rescue Checks::TimedLogger::TimeoutError raise TimeoutError, logger.full_message end diff --git a/lib/gitlab/metrics/dashboard/service_selector.rb b/lib/gitlab/metrics/dashboard/service_selector.rb index 281538de502..b455f955377 100644 --- a/lib/gitlab/metrics/dashboard/service_selector.rb +++ b/lib/gitlab/metrics/dashboard/service_selector.rb @@ -13,6 +13,7 @@ module Gitlab include Gitlab::Utils::StrongMemoize SERVICES = [ + ::Metrics::Dashboard::GitlabAlertEmbedService, ::Metrics::Dashboard::CustomMetricEmbedService, ::Metrics::Dashboard::GrafanaMetricEmbedService, ::Metrics::Dashboard::DynamicEmbedService, diff --git a/lib/gitlab/middleware/rails_queue_duration.rb b/lib/gitlab/middleware/rails_queue_duration.rb index a147e165262..c6b898ab5aa 100644 --- a/lib/gitlab/middleware/rails_queue_duration.rb +++ b/lib/gitlab/middleware/rails_queue_duration.rb @@ -32,6 +32,7 @@ module Gitlab def metric_rails_queue_duration_seconds @metric_rails_queue_duration_seconds ||= Gitlab::Metrics.histogram( :gitlab_rails_queue_duration_seconds, + 'Measures latency between GitLab Workhorse forwarding a request to Rails', Gitlab::Metrics::Transaction::BASE_LABELS ) end diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 9a0a68488bf..81179a55e80 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -459,6 +459,9 @@ msgstr[1] "" msgid "%{strong_start}%{human_size}%{strong_end} Files" msgstr "" +msgid "%{strong_start}%{human_size}%{strong_end} Storage" +msgstr "" + msgid "%{strong_start}%{release_count}%{strong_end} Release" msgid_plural "%{strong_start}%{release_count}%{strong_end} Releases" msgstr[0] "" @@ -11766,7 +11769,7 @@ msgstr "" msgid "LicenseCompliance|Add a license" msgstr "" -msgid "LicenseCompliance|Add licenses manually to approve or blacklist" +msgid "LicenseCompliance|Add license and related policy" msgstr "" msgid "LicenseCompliance|Allow" @@ -11784,7 +11787,7 @@ msgstr "" msgid "LicenseCompliance|Deny" msgstr "" -msgid "LicenseCompliance|Here you can approve or blacklist licenses for this project. Using %{ci} or %{license} will allow you to see if there are any unmanaged licenses and approve or blacklist them in merge request." +msgid "LicenseCompliance|Here you can allow or deny licenses for this project. Using %{ci} or %{license} will allow you to see if there are any unmanaged licenses and allow or deny them in merge request." msgstr "" msgid "LicenseCompliance|License" diff --git a/scripts/review_apps/base-config.yaml b/scripts/review_apps/base-config.yaml index a54dadb8d85..83dc4de879a 100644 --- a/scripts/review_apps/base-config.yaml +++ b/scripts/review_apps/base-config.yaml @@ -111,7 +111,6 @@ nginx-ingress: controller: config: ssl-ciphers: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4 - replicaCount: 2 resources: requests: cpu: 100m @@ -119,7 +118,6 @@ nginx-ingress: limits: cpu: 200m memory: 675M - minAvailable: 1 service: enableHttp: false livenessProbe: @@ -134,7 +132,6 @@ nginx-ingress: limits: cpu: 10m memory: 24M - replicaCount: 1 postgresql: metrics: enabled: false diff --git a/scripts/review_apps/review-apps.sh b/scripts/review_apps/review-apps.sh index 62360dfe298..ca69fa6c02b 100755 --- a/scripts/review_apps/review-apps.sh +++ b/scripts/review_apps/review-apps.sh @@ -279,7 +279,7 @@ function deploy() { IMAGE_REPOSITORY="registry.gitlab.com/gitlab-org/build/cng-mirror" gitlab_migrations_image_repository="${IMAGE_REPOSITORY}/gitlab-rails-${edition}" gitlab_sidekiq_image_repository="${IMAGE_REPOSITORY}/gitlab-sidekiq-${edition}" - gitlab_unicorn_image_repository="${IMAGE_REPOSITORY}/gitlab-unicorn-${edition}" + gitlab_unicorn_image_repository="${IMAGE_REPOSITORY}/gitlab-webservice-${edition}" gitlab_task_runner_image_repository="${IMAGE_REPOSITORY}/gitlab-task-runner-${edition}" gitlab_gitaly_image_repository="${IMAGE_REPOSITORY}/gitaly" gitlab_shell_image_repository="${IMAGE_REPOSITORY}/gitlab-shell" diff --git a/spec/graphql/mutations/concerns/mutations/resolves_issuable_spec.rb b/spec/graphql/mutations/concerns/mutations/resolves_issuable_spec.rb index 69db8d016d7..75b5d31d134 100644 --- a/spec/graphql/mutations/concerns/mutations/resolves_issuable_spec.rb +++ b/spec/graphql/mutations/concerns/mutations/resolves_issuable_spec.rb @@ -59,6 +59,12 @@ describe Mutations::ResolvesIssuable do expect(result).to be_nil end + + it 'returns nil if parent path is empty' do + result = mutation.resolve_issuable(type: type, parent_path: "", iid: issuable.iid) + + expect(result).to be_nil + end end end diff --git a/spec/graphql/resolvers/merge_requests_resolver_spec.rb b/spec/graphql/resolvers/merge_requests_resolver_spec.rb index 0bd5043d855..4217d257ab3 100644 --- a/spec/graphql/resolvers/merge_requests_resolver_spec.rb +++ b/spec/graphql/resolvers/merge_requests_resolver_spec.rb @@ -52,6 +52,12 @@ describe Resolvers::MergeRequestsResolver do expect(result).to be_empty end + + it 'resolves an unknown project to be empty' do + result = batch_sync { resolve_mr(nil, iid: iid_1) } + + expect(result.compact).to be_empty + end end def resolve_mr(project, args) diff --git a/spec/lib/gitlab/git_access_snippet_spec.rb b/spec/lib/gitlab/git_access_snippet_spec.rb index 877a760152d..f52fe8ef612 100644 --- a/spec/lib/gitlab/git_access_snippet_spec.rb +++ b/spec/lib/gitlab/git_access_snippet_spec.rb @@ -209,16 +209,6 @@ describe Gitlab::GitAccessSnippet do expect { push_access_check }.to raise_forbidden('foo') end - - context 'when feature flag :snippet_count_check is disabled' do - it 'does not check push file count' do - stub_feature_flags(snippet_count_check: false) - - expect(Gitlab::Checks::PushFileCountCheck).not_to receive(:new) - - expect { push_access_check }.not_to raise_error - end - end end private diff --git a/spec/lib/gitlab/middleware/rails_queue_duration_spec.rb b/spec/lib/gitlab/middleware/rails_queue_duration_spec.rb index 31359abdce3..4f21bd14122 100644 --- a/spec/lib/gitlab/middleware/rails_queue_duration_spec.rb +++ b/spec/lib/gitlab/middleware/rails_queue_duration_spec.rb @@ -9,7 +9,7 @@ describe Gitlab::Middleware::RailsQueueDuration do let(:transaction) { Gitlab::Metrics::WebTransaction.new(env) } before do - expect(app).to receive(:call).with(env).and_return('yay') + allow(app).to receive(:call).with(env).and_return('yay') end describe '#call' do @@ -42,6 +42,13 @@ describe Gitlab::Middleware::RailsQueueDuration do expect(middleware.call(env)).to eq('yay') end end + + it 'creates a metric with a docstring' do + metric = middleware.send(:metric_rails_queue_duration_seconds) + + expect(metric).to be_instance_of(Prometheus::Client::Histogram) + expect(metric.docstring).to eq('Measures latency between GitLab Workhorse forwarding a request to Rails') + end end end end diff --git a/spec/presenters/project_presenter_spec.rb b/spec/presenters/project_presenter_spec.rb index af191172d33..65ae85ea78f 100644 --- a/spec/presenters/project_presenter_spec.rb +++ b/spec/presenters/project_presenter_spec.rb @@ -179,6 +179,16 @@ describe ProjectPresenter do end end + describe '#storage_anchor_data' do + it 'returns storage data' do + expect(presenter.storage_anchor_data).to have_attributes( + is_link: true, + label: a_string_including('0 Bytes'), + link: nil + ) + end + end + describe '#releases_anchor_data' do it 'does not return release count' do expect(presenter.releases_anchor_data).to be_nil @@ -232,6 +242,16 @@ describe ProjectPresenter do end end + describe '#storage_anchor_data' do + it 'returns storage data' do + expect(presenter.storage_anchor_data).to have_attributes( + is_link: true, + label: a_string_including('0 Bytes'), + link: presenter.project_tree_path(project) + ) + end + end + describe '#releases_anchor_data' do it 'returns release count if user can read release' do project.add_maintainer(user) diff --git a/spec/services/metrics/dashboard/gitlab_alert_embed_service_spec.rb b/spec/services/metrics/dashboard/gitlab_alert_embed_service_spec.rb new file mode 100644 index 00000000000..a66150be42c --- /dev/null +++ b/spec/services/metrics/dashboard/gitlab_alert_embed_service_spec.rb @@ -0,0 +1,96 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe Metrics::Dashboard::GitlabAlertEmbedService do + include MetricsDashboardHelpers + + let_it_be(:alert) { create(:prometheus_alert) } + let_it_be(:project) { alert.project } + let_it_be(:user) { create(:user) } + let(:alert_id) { alert.id } + + before do + project.add_maintainer(user) + project.clear_memoization(:licensed_feature_available) + end + + describe '.valid_params?' do + let(:valid_params) do + { + embedded: true, + prometheus_alert_id: alert_id + } + end + + subject { described_class.valid_params?(params) } + + let(:params) { valid_params } + + it { is_expected.to be_truthy } + + context 'missing embedded' do + let(:params) { valid_params.except(:embedded) } + + it { is_expected.to be_falsey } + end + + context 'not embedded' do + let(:params) { valid_params.merge(embedded: 'false') } + + it { is_expected.to be_falsey } + end + + context 'missing alert id' do + let(:params) { valid_params.except(:prometheus_alert_id) } + + it { is_expected.to be_falsey } + end + + context 'missing alert id' do + let(:params) { valid_params.merge(prometheus_alert_id: 'none') } + + it { is_expected.to be_falsey } + end + end + + describe '#get_dashboard' do + let(:service_params) do + [ + project, + user, + { + embedded: true, + prometheus_alert_id: alert_id + } + ] + end + + let(:service_call) { described_class.new(*service_params).get_dashboard } + + context 'when alerting is available' do + it_behaves_like 'valid embedded dashboard service response' + it_behaves_like 'raises error for users with insufficient permissions' + + it 'uses the metric info corresponding to the alert' do + result = service_call + metrics = result[:dashboard][:panel_groups][0][:panels][0][:metrics] + + expect(metrics.length).to eq 1 + expect(metrics.first[:metric_id]).to eq alert.prometheus_metric_id + end + + context 'when the metric does not exist' do + let(:alert_id) { -4 } + + it_behaves_like 'misconfigured dashboard service response', :not_found + end + + it 'does not cache the unprocessed dashboard' do + expect(Gitlab::Metrics::Dashboard::Cache).not_to receive(:fetch) + + described_class.new(*service_params).get_dashboard + end + end + end +end |