summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2020-03-28 00:07:51 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2020-03-28 00:07:51 +0000
commitbba3aae6262b45e5457d0fcaa23e99f815114b4b (patch)
tree9510a08bba9514faf620b4244f382c4fc9599637
parentf50b93c373428d624cc2cabe98e4022dce846e67 (diff)
downloadgitlab-ce-bba3aae6262b45e5457d0fcaa23e99f815114b4b.tar.gz
Add latest changes from gitlab-org/gitlab@master
-rw-r--r--app/assets/stylesheets/framework/sidebar.scss7
-rw-r--r--app/assets/stylesheets/pages/builds.scss1
-rw-r--r--app/assets/stylesheets/pages/issuable.scss1
-rw-r--r--app/assets/stylesheets/pages/wiki.scss1
-rw-r--r--changelogs/unreleased/196226-rightsidebar-collapsed-always-on-scrollbar.yml5
-rw-r--r--changelogs/unreleased/212526-oauth-orphan-check.yml5
-rw-r--r--changelogs/unreleased/dockerfile_swift_template.yml5
-rw-r--r--danger/changelog/Dangerfile2
-rw-r--r--doc/api/templates/dockerfiles.md4
-rw-r--r--lib/gitlab/auth.rb6
-rw-r--r--qa/qa/specs/features/browser_ui/6_release/pipeline/parent_child_pipelines_dependent_relationship_spec.rb122
-rw-r--r--qa/qa/specs/features/browser_ui/6_release/pipeline/parent_child_pipelines_independent_relationship_spec.rb121
-rw-r--r--spec/lib/gitlab/auth_spec.rb18
-rw-r--r--vendor/Dockerfile/Swift.Dockerfile13
14 files changed, 299 insertions, 12 deletions
diff --git a/app/assets/stylesheets/framework/sidebar.scss b/app/assets/stylesheets/framework/sidebar.scss
index bf1fd7fd29f..36f8bdbe611 100644
--- a/app/assets/stylesheets/framework/sidebar.scss
+++ b/app/assets/stylesheets/framework/sidebar.scss
@@ -84,6 +84,12 @@
.right-sidebar {
border-left: 1px solid $border-color;
+
+ .sidebar-container,
+ .issuable-sidebar {
+ // Add 100px so that potentially visible vertical scroll bar is hidden
+ width: calc(100% + 100px);
+ }
}
.with-performance-bar .right-sidebar.affix {
@@ -129,7 +135,6 @@
.issuable-sidebar {
padding: 0 3px;
- width: calc(100% + 35px);
}
}
diff --git a/app/assets/stylesheets/pages/builds.scss b/app/assets/stylesheets/pages/builds.scss
index 0ecb38a1ea7..2ddab6c3065 100644
--- a/app/assets/stylesheets/pages/builds.scss
+++ b/app/assets/stylesheets/pages/builds.scss
@@ -176,7 +176,6 @@
}
.sidebar-container {
- width: calc(100% + 100px);
padding-right: 100px;
height: 100%;
overflow-y: scroll;
diff --git a/app/assets/stylesheets/pages/issuable.scss b/app/assets/stylesheets/pages/issuable.scss
index fd56f655c0a..6de4dbfa8e5 100644
--- a/app/assets/stylesheets/pages/issuable.scss
+++ b/app/assets/stylesheets/pages/issuable.scss
@@ -309,7 +309,6 @@
}
.issuable-sidebar {
- width: 100%;
height: 100%;
overflow-y: scroll;
overflow-x: hidden;
diff --git a/app/assets/stylesheets/pages/wiki.scss b/app/assets/stylesheets/pages/wiki.scss
index 0b65b915abf..640968ff678 100644
--- a/app/assets/stylesheets/pages/wiki.scss
+++ b/app/assets/stylesheets/pages/wiki.scss
@@ -80,7 +80,6 @@
.sidebar-container {
padding: $gl-padding 0;
- width: calc(100% + 100px);
padding-right: 100px;
height: 100%;
overflow-y: scroll;
diff --git a/changelogs/unreleased/196226-rightsidebar-collapsed-always-on-scrollbar.yml b/changelogs/unreleased/196226-rightsidebar-collapsed-always-on-scrollbar.yml
new file mode 100644
index 00000000000..8c4623579cf
--- /dev/null
+++ b/changelogs/unreleased/196226-rightsidebar-collapsed-always-on-scrollbar.yml
@@ -0,0 +1,5 @@
+---
+title: Fix right sidebar when scrollbars are always visible
+merge_request: 27314
+author: Shawn @CasualBot
+type: fixed
diff --git a/changelogs/unreleased/212526-oauth-orphan-check.yml b/changelogs/unreleased/212526-oauth-orphan-check.yml
new file mode 100644
index 00000000000..1f473f734ae
--- /dev/null
+++ b/changelogs/unreleased/212526-oauth-orphan-check.yml
@@ -0,0 +1,5 @@
+---
+title: Fix Gitlab::Auth to handle orphaned oauth tokens
+merge_request: 28159
+author:
+type: fixed
diff --git a/changelogs/unreleased/dockerfile_swift_template.yml b/changelogs/unreleased/dockerfile_swift_template.yml
new file mode 100644
index 00000000000..7c5d5357637
--- /dev/null
+++ b/changelogs/unreleased/dockerfile_swift_template.yml
@@ -0,0 +1,5 @@
+---
+title: "Add Swift Dockerfile to GitLab templates"
+merge_request: 28035
+author:
+type: added
diff --git a/danger/changelog/Dangerfile b/danger/changelog/Dangerfile
index ae1a5bbac40..210fe24c1e3 100644
--- a/danger/changelog/Dangerfile
+++ b/danger/changelog/Dangerfile
@@ -28,7 +28,7 @@ def check_changelog_yaml(path)
if yaml["merge_request"].nil? && !helper.security_mr?
message "Consider setting `merge_request` to #{gitlab.mr_json["iid"]} in #{gitlab.html_link(path)}. #{SEE_DOC}"
- elsif yaml["merge_request"] != gitlab.mr_json["iid"]
+ elsif yaml["merge_request"] != gitlab.mr_json["iid"] && !helper.security_mr?
fail "Merge request ID was not set to #{gitlab.mr_json["iid"]}! #{SEE_DOC}"
end
rescue Psych::SyntaxError, Psych::DisallowedClass, Psych::BadAlias
diff --git a/doc/api/templates/dockerfiles.md b/doc/api/templates/dockerfiles.md
index 6e693a405b6..a2c21ada05b 100644
--- a/doc/api/templates/dockerfiles.md
+++ b/doc/api/templates/dockerfiles.md
@@ -91,6 +91,10 @@ Example response:
{
"key": "Ruby-alpine",
"name": "Ruby-alpine"
+ },
+ {
+ "key": "Swift",
+ "name": "Swift"
}
]
```
diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb
index 7f7bdda953f..8a68808d9fd 100644
--- a/lib/gitlab/auth.rb
+++ b/lib/gitlab/auth.rb
@@ -164,20 +164,18 @@ module Gitlab
Gitlab::Auth::Result.new(user, nil, :gitlab_or_ldap, full_authentication_abilities)
end
- # rubocop: disable CodeReuse/ActiveRecord
def oauth_access_token_check(login, password)
if login == "oauth2" && password.present?
token = Doorkeeper::AccessToken.by_token(password)
if valid_oauth_token?(token)
- user = User.find_by(id: token.resource_owner_id)
- return unless user.can?(:log_in)
+ user = User.id_in(token.resource_owner_id).first
+ return unless user&.can?(:log_in)
Gitlab::Auth::Result.new(user, nil, :oauth, full_authentication_abilities)
end
end
end
- # rubocop: enable CodeReuse/ActiveRecord
def personal_access_token_check(password)
return unless password.present?
diff --git a/qa/qa/specs/features/browser_ui/6_release/pipeline/parent_child_pipelines_dependent_relationship_spec.rb b/qa/qa/specs/features/browser_ui/6_release/pipeline/parent_child_pipelines_dependent_relationship_spec.rb
new file mode 100644
index 00000000000..9ff33698b0e
--- /dev/null
+++ b/qa/qa/specs/features/browser_ui/6_release/pipeline/parent_child_pipelines_dependent_relationship_spec.rb
@@ -0,0 +1,122 @@
+# frozen_string_literal: true
+
+module QA
+ context 'Release', :docker, quarantine: { type: :new } do
+ describe 'Parent-child pipelines dependent relationship' do
+ let!(:project) do
+ Resource::Project.fabricate_via_api! do |project|
+ project.name = 'pipelines-dependent-relationship'
+ end
+ end
+ let!(:runner) do
+ Resource::Runner.fabricate_via_api! do |runner|
+ runner.project = project
+ runner.name = project.name
+ runner.tags = ["#{project.name}"]
+ end
+ end
+
+ before do
+ Flow::Login.sign_in
+ end
+
+ after do
+ runner.remove_via_api!
+ end
+
+ it 'parent pipelines passes if child passes' do
+ add_ci_files(success_child_ci_file)
+ view_pipelines
+
+ Page::Project::Pipeline::Show.perform do |parent_pipeline|
+ parent_pipeline.click_linked_job(project.name)
+
+ expect(parent_pipeline).to have_job("child_job")
+ expect(parent_pipeline).to be_passed
+ end
+ end
+
+ it 'parent pipeline fails if child fails' do
+ add_ci_files(fail_child_ci_file)
+ view_pipelines
+
+ Page::Project::Pipeline::Show.perform do |parent_pipeline|
+ parent_pipeline.click_linked_job(project.name)
+
+ expect(parent_pipeline).to have_job("child_job")
+ expect(parent_pipeline).to be_failed
+ end
+ end
+
+ private
+
+ def view_pipelines
+ Page::Project::Menu.perform(&:click_ci_cd_pipelines)
+ Page::Project::Pipeline::Index.perform(&:wait_for_latest_pipeline_completion)
+ Page::Project::Pipeline::Index.perform(&:click_on_latest_pipeline)
+ end
+
+ def success_child_ci_file
+ {
+ file_path: '.child-ci.yml',
+ content: <<~YAML
+ child_job:
+ stage: test
+ tags: ["#{project.name}"]
+ script: echo "Child job done!"
+
+ YAML
+ }
+ end
+
+ def fail_child_ci_file
+ {
+ file_path: '.child-ci.yml',
+ content: <<~YAML
+ child_job:
+ stage: test
+ tags: ["#{project.name}"]
+ script: exit 1
+
+ YAML
+ }
+ end
+
+ def parent_ci_file
+ {
+ file_path: '.gitlab-ci.yml',
+ content: <<~YAML
+ stages:
+ - test
+ - deploy
+
+ job1:
+ stage: test
+ trigger:
+ include: ".child-ci.yml"
+ strategy: depend
+
+ job2:
+ stage: deploy
+ tags: ["#{project.name}"]
+ script: echo "parent deploy done"
+
+ YAML
+ }
+ end
+
+ def add_ci_files(child_ci_file)
+ Resource::Repository::Commit.fabricate_via_api! do |commit|
+ commit.project = project
+ commit.commit_message = 'Add parent and child pipelines CI files.'
+ commit.add_files(
+ [
+ child_ci_file,
+ parent_ci_file
+ ]
+ )
+ end.project.visit!
+ end
+ end
+ end
+end
diff --git a/qa/qa/specs/features/browser_ui/6_release/pipeline/parent_child_pipelines_independent_relationship_spec.rb b/qa/qa/specs/features/browser_ui/6_release/pipeline/parent_child_pipelines_independent_relationship_spec.rb
new file mode 100644
index 00000000000..ec7af809cf6
--- /dev/null
+++ b/qa/qa/specs/features/browser_ui/6_release/pipeline/parent_child_pipelines_independent_relationship_spec.rb
@@ -0,0 +1,121 @@
+# frozen_string_literal: true
+
+module QA
+ context 'Release', :docker, quarantine: { type: :new } do
+ describe 'Parent-child pipelines independent relationship' do
+ let!(:project) do
+ Resource::Project.fabricate_via_api! do |project|
+ project.name = 'pipeline-independent-relationship'
+ end
+ end
+ let!(:runner) do
+ Resource::Runner.fabricate_via_api! do |runner|
+ runner.project = project
+ runner.name = project.name
+ runner.tags = ["#{project.name}"]
+ end
+ end
+
+ before do
+ Flow::Login.sign_in
+ end
+
+ after do
+ runner.remove_via_api!
+ end
+
+ it 'parent pipelines passes if child passes' do
+ add_ci_files(success_child_ci_file)
+ view_pipelines
+
+ Page::Project::Pipeline::Show.perform do |parent_pipeline|
+ parent_pipeline.click_linked_job(project.name)
+
+ expect(parent_pipeline).to have_job("child_job")
+ expect(parent_pipeline).to be_passed
+ end
+ end
+
+ it 'parent pipeline passes even if child fails' do
+ add_ci_files(fail_child_ci_file)
+ view_pipelines
+
+ Page::Project::Pipeline::Show.perform do |parent_pipeline|
+ parent_pipeline.click_linked_job(project.name)
+
+ expect(parent_pipeline).to have_job("child_job")
+ expect(parent_pipeline).to be_passed
+ end
+ end
+
+ private
+
+ def view_pipelines
+ Page::Project::Menu.perform(&:click_ci_cd_pipelines)
+ Page::Project::Pipeline::Index.perform(&:wait_for_latest_pipeline_completion)
+ Page::Project::Pipeline::Index.perform(&:click_on_latest_pipeline)
+ end
+
+ def success_child_ci_file
+ {
+ file_path: '.child-ci.yml',
+ content: <<~YAML
+ child_job:
+ stage: test
+ tags: ["#{project.name}"]
+ script: echo "Child job done!"
+
+ YAML
+ }
+ end
+
+ def fail_child_ci_file
+ {
+ file_path: '.child-ci.yml',
+ content: <<~YAML
+ child_job:
+ stage: test
+ tags: ["#{project.name}"]
+ script: exit 1
+
+ YAML
+ }
+ end
+
+ def parent_ci_file
+ {
+ file_path: '.gitlab-ci.yml',
+ content: <<~YAML
+ stages:
+ - test
+ - deploy
+
+ job1:
+ stage: test
+ trigger:
+ include: ".child-ci.yml"
+
+ job2:
+ stage: deploy
+ tags: ["#{project.name}"]
+ script: echo "parent deploy done"
+
+ YAML
+ }
+ end
+
+ def add_ci_files(child_ci_file)
+ Resource::Repository::Commit.fabricate_via_api! do |commit|
+ commit.project = project
+ commit.commit_message = 'Add parent and child pipelines CI files.'
+ commit.add_files(
+ [
+ child_ci_file,
+ parent_ci_file
+ ]
+ )
+ end.project.visit!
+ end
+ end
+ end
+end
diff --git a/spec/lib/gitlab/auth_spec.rb b/spec/lib/gitlab/auth_spec.rb
index 528019bb9ff..dcc4d277f5c 100644
--- a/spec/lib/gitlab/auth_spec.rb
+++ b/spec/lib/gitlab/auth_spec.rb
@@ -250,6 +250,13 @@ describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
let(:token_w_api_scope) { Doorkeeper::AccessToken.create!(application_id: application.id, resource_owner_id: user.id, scopes: 'api') }
let(:application) { Doorkeeper::Application.create!(name: 'MyApp', redirect_uri: 'https://app.com', owner: user) }
+ shared_examples 'an oauth failure' do
+ it 'fails' do
+ expect(gl_auth.find_for_git_client("oauth2", token_w_api_scope.token, project: nil, ip: 'ip'))
+ .to eq(Gitlab::Auth::Result.new(nil, nil, nil, nil))
+ end
+ end
+
it 'succeeds for OAuth tokens with the `api` scope' do
expect(gl_auth.find_for_git_client("oauth2", token_w_api_scope.token, project: nil, ip: 'ip')).to eq(Gitlab::Auth::Result.new(user, nil, :oauth, described_class.full_authentication_abilities))
end
@@ -269,10 +276,15 @@ describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
context 'blocked user' do
let(:user) { create(:user, :blocked) }
- it 'fails' do
- expect(gl_auth.find_for_git_client("oauth2", token_w_api_scope.token, project: nil, ip: 'ip'))
- .to eq(Gitlab::Auth::Result.new(nil, nil, nil, nil))
+ it_behaves_like 'an oauth failure'
+ end
+
+ context 'orphaned token' do
+ before do
+ user.destroy
end
+
+ it_behaves_like 'an oauth failure'
end
end
diff --git a/vendor/Dockerfile/Swift.Dockerfile b/vendor/Dockerfile/Swift.Dockerfile
new file mode 100644
index 00000000000..a1a08c60b1e
--- /dev/null
+++ b/vendor/Dockerfile/Swift.Dockerfile
@@ -0,0 +1,13 @@
+FROM swift:5.0 as builder
+
+WORKDIR /src
+COPY . .
+RUN swift build -c release
+
+FROM swift:5.0-slim
+
+WORKDIR /src
+COPY --from=builder /src .
+EXPOSE 8080
+
+CMD [ ".build/release/app"]