diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-05-04 13:41:07 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-05-04 13:41:07 +0000 |
commit | 4f791ec8bd51d2bacada5ba48334c16076cf91b8 (patch) | |
tree | 89c61fbbfdc63b8d920787f78ff226967b87d7b8 | |
parent | 056dd422ea9e03869c182a9200fcbe9166d01ad1 (diff) | |
download | gitlab-ce-4f791ec8bd51d2bacada5ba48334c16076cf91b8.tar.gz |
Add latest changes from gitlab-org/gitlab@14-10-stable-ee
-rw-r--r-- | app/helpers/workhorse_helper.rb | 2 | ||||
-rw-r--r-- | app/policies/project_policy.rb | 2 | ||||
-rw-r--r-- | app/views/notify/issue_due_email.html.haml | 2 | ||||
-rw-r--r-- | data/whats_new/202204210001_14_10.yml | 46 | ||||
-rw-r--r-- | doc/administration/audit_events.md | 11 | ||||
-rw-r--r-- | doc/administration/geo/replication/datatypes.md | 2 | ||||
-rw-r--r-- | doc/api/group_clusters.md | 2 | ||||
-rw-r--r-- | doc/api/instance_clusters.md | 2 | ||||
-rw-r--r-- | doc/api/project_clusters.md | 2 | ||||
-rw-r--r-- | doc/update/index.md | 35 | ||||
-rw-r--r-- | lib/api/helpers.rb | 1 | ||||
-rw-r--r-- | lib/gitlab/workhorse.rb | 7 | ||||
-rw-r--r-- | spec/controllers/projects/artifacts_controller_spec.rb | 1 | ||||
-rw-r--r-- | spec/lib/gitlab/workhorse_spec.rb | 8 | ||||
-rw-r--r-- | spec/policies/project_policy_spec.rb | 88 | ||||
-rw-r--r-- | spec/requests/api/ci/job_artifacts_spec.rb | 9 |
16 files changed, 169 insertions, 51 deletions
diff --git a/app/helpers/workhorse_helper.rb b/app/helpers/workhorse_helper.rb index f1ddc2e902e..70df696510a 100644 --- a/app/helpers/workhorse_helper.rb +++ b/app/helpers/workhorse_helper.rb @@ -38,8 +38,6 @@ module WorkhorseHelper # Send an entry from artifacts through Workhorse and set safe content type def send_artifacts_entry(file, entry) headers.store(*Gitlab::Workhorse.send_artifacts_entry(file, entry)) - headers.store(*Gitlab::Workhorse.detect_content_type) - head :ok end diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index a417ea35673..68b288bdc87 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -664,7 +664,7 @@ class ProjectPolicy < BasePolicy enable :read_security_configuration end - rule { can?(:guest_access) & can?(:read_commit_status) }.policy do + rule { can?(:guest_access) & can?(:download_code) }.policy do enable :create_merge_request_in end diff --git a/app/views/notify/issue_due_email.html.haml b/app/views/notify/issue_due_email.html.haml index 3208d061928..9dd501022dd 100644 --- a/app/views/notify/issue_due_email.html.haml +++ b/app/views/notify/issue_due_email.html.haml @@ -1,5 +1,5 @@ %p.details - = sprintf(s_("Notify|%{author_link}'s issue %{issue_reference_link} is due soon."), { author_link: link_to(@issue.author_name, user_url(@issue.author)), issue_reference_link: issue_reference_link(@issue) }) + = sprintf(s_("Notify|%{author_link}'s issue %{issue_reference_link} is due soon."), { author_link: link_to(@issue.author_name, user_url(@issue.author)), issue_reference_link: issue_reference_link(@issue) }).html_safe - if @issue.assignees.any? %p diff --git a/data/whats_new/202204210001_14_10.yml b/data/whats_new/202204210001_14_10.yml new file mode 100644 index 00000000000..162738661a2 --- /dev/null +++ b/data/whats_new/202204210001_14_10.yml @@ -0,0 +1,46 @@ +- title: "Compliance report individual violation reporting" + body: | + The compliance report now reports every individual merge request violation for the projects within a group. This is a huge improvement over the previous version, which only showed the latest MR that had one or more violations. The new version allows you to see history and patterns of violations over time. + stage: manage + self-managed: true + gitlab-com: true + packages: [Ultimate] + url: 'https://docs.gitlab.com/ee/user/compliance/compliance_report/' + image_url: 'https://about.gitlab.com/images/14_10/manage_compliance_report_individual_violation.png' + published_at: 2022-04-22 + release: 14.10 +- title: "Improved pipeline variables inheritance" + body: | + Previously, it was possible to pass some CI/CD variables to a downstream pipeline through a trigger job, but variables added in manual pipeline runs or by using the API could not be forwarded. + + In this release we've added a new `trigger:forward` keyword to control what things you forward to downstream parent-child pipelines or multi-project pipelines, which provides a flexible way to handle variable inheritance in downstream pipelines. + stage: verify + self-managed: true + gitlab-com: true + packages: [Free, Premium, Ultimate] + url: 'https://docs.gitlab.com/ee/ci/yaml/#triggerforward' + image_url: 'https://about.gitlab.com/images/growth/verify.png' + published_at: 2022-04-22 + release: 14.10 +- title: "Escalating manually created incidents" + body: | + In GitLab 13.10, we [released](https://gitlab.com/gitlab-org/gl-openshift/gitlab-runner-operator/-/issues/6) the GitLab Runner Operator for the Red Hat OpenShift container platform for Kubernetes. That release provided OpenShift users with the automation and management capabilities of the Operator Framework and simplified the ongoing management of runners in an OpenShift Kubernetes cluster. Available starting in 14.10 is a GitLab Runner Operator v1.7.0 that you can use in non-OpenShift Kubernetes clusters. This GitLab Runner Operator is available on [OperatorHub.io](https://operatorhub.io/operator/gitlab-runner-operator). + stage: monitor + self-managed: true + gitlab-com: true + packages: [Premium, Ultimate] + url: 'https://docs.gitlab.com/ee/operations/incident_management/paging.html#escalating-an-incident' + image_url: 'https://about.gitlab.com/images/14_10/manually_escalated_incident.png' + published_at: 2022-04-22 + release: 14.10 +- title: "Expanded view of group runners" + body: | + Group runners are now displayed in an expanded view, where you can more easily administer and manage the runners associated with the namespace. To view the new UI, on the left sidebar, select **CI/CD**. This view includes the number of online, offline, and stale runners associated with the group and subgroups. + stage: verify + self-managed: true + gitlab-com: true + packages: [Free, Premium, Ultimate] + url: 'https://docs.gitlab.com/ee/ci/runners/runners_scope.html#group-runners' + image_url: 'https://about.gitlab.com/images/14_10/group-runners-view-new-3.png' + published_at: 2022-04-22 + release: 14.10 diff --git a/doc/administration/audit_events.md b/doc/administration/audit_events.md index 955f7a6a830..36f3a71cd2e 100644 --- a/doc/administration/audit_events.md +++ b/doc/administration/audit_events.md @@ -167,6 +167,17 @@ From there, you can see the following actions: - Users and groups allowed to merge and push to protected branch added or removed ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/338873) in GitLab 14.3) - Project deploy token was successfully created, revoked or deleted ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/353451) in GitLab 14.9) - Failed attempt to create a project deploy token ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/353451) in GitLab 14.9) +- When merge method is updated ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/301124) in GitLab 14.9) +- Merged results pipelines enabled or disabled ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/301124) in GitLab 14.9) +- Merge trains enabled or disabled ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/301124) in GitLab 14.9) +- Automatically resolve merge request diff discussions enabled or disabled ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/301124) in GitLab 14.9) +- Show link to create or view a merge request when pushing from the command line enabled or disabled ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/301124) in GitLab 14.9) +- Delete source branch option by default enabled or disabled ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/301124) in GitLab 14.9) +- Squash commits when merging is updated ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/301124) in GitLab 14.9) +- Pipelines must succeed enabled or disabled ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/301124) in GitLab 14.9) +- Skipped pipelines are considered successful enabled or disabled ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/301124) in GitLab 14.9) +- All discussions must be resolved enabled or disabled ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/301124) in GitLab 14.9) +- Commit message suggestion is updated ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/301124) in GitLab 14.9) Project events can also be accessed via the [Project Audit Events API](../api/audit_events.md#project-audit-events). diff --git a/doc/administration/geo/replication/datatypes.md b/doc/administration/geo/replication/datatypes.md index 5beb2479c57..83e207e7a8f 100644 --- a/doc/administration/geo/replication/datatypes.md +++ b/doc/administration/geo/replication/datatypes.md @@ -192,7 +192,7 @@ successfully, you must replicate their data using some other means. |[LFS objects](../../lfs/index.md) | **Yes** (10.2) | **Yes** (14.6) | Via Object Storage provider if supported. Native Geo support (Beta). | GitLab versions 11.11.x and 12.0.x are affected by [a bug that prevents any new LFS objects from replicating](https://gitlab.com/gitlab-org/gitlab/-/issues/32696).<br /><br />Replication is behind the feature flag `geo_lfs_object_replication`, enabled by default. Verification was behind the feature flag `geo_lfs_object_verification`, removed in 14.7. | |[Personal snippets](../../../user/snippets.md) | **Yes** (10.2) | **Yes** (10.2) | No | | |[Project snippets](../../../user/snippets.md) | **Yes** (10.2) | **Yes** (10.2) | No | | -|[CI job artifacts](../../../ci/pipelines/job_artifacts.md) | **Yes** (10.4) | [No](https://gitlab.com/gitlab-org/gitlab/-/issues/8923) | Via Object Storage provider if supported. Native Geo support (Beta). | Verified only manually using [Integrity Check Rake Task](../../raketasks/check.md) on both sites and comparing the output between them. Job logs also verified on transfer. | +|[CI job artifacts](../../../ci/pipelines/job_artifacts.md) | **Yes** (10.4) | **Yes** (14.10) | Via Object Storage provider if supported. Native Geo support (Beta). | Verification is behind the feature flag `geo_job_artifact_replication`, enabled by default in 14.10. | |[CI Pipeline Artifacts](https://gitlab.com/gitlab-org/gitlab/-/blob/master/app/models/ci/pipeline_artifact.rb) | [**Yes** (13.11)](https://gitlab.com/gitlab-org/gitlab/-/issues/238464) | [**Yes** (13.11)](https://gitlab.com/gitlab-org/gitlab/-/issues/238464) | Via Object Storage provider if supported. Native Geo support (Beta). | Persists additional artifacts after a pipeline completes. | |[Container Registry](../../packages/container_registry.md) | **Yes** (12.3) | No | No | Disabled by default. See [instructions](docker_registry.md) to enable. | |[Content in object storage (beta)](object_storage.md) | **Yes** (12.4) | [No](https://gitlab.com/gitlab-org/gitlab/-/issues/13845) | No | | diff --git a/doc/api/group_clusters.md b/doc/api/group_clusters.md index 87829708d5e..dfb6e7e4778 100644 --- a/doc/api/group_clusters.md +++ b/doc/api/group_clusters.md @@ -315,7 +315,7 @@ Example response: ## Delete group cluster -Deletes an existing group cluster. +Deletes an existing group cluster. Does not remove existing resources within the connected Kubernetes cluster. ```plaintext DELETE /groups/:id/clusters/:cluster_id diff --git a/doc/api/instance_clusters.md b/doc/api/instance_clusters.md index ab631757eab..137e8e3f25c 100644 --- a/doc/api/instance_clusters.md +++ b/doc/api/instance_clusters.md @@ -290,7 +290,7 @@ Example response: ## Delete instance cluster -Deletes an existing instance cluster. +Deletes an existing instance cluster. Does not remove existing resources within the connected Kubernetes cluster. ```plaintext DELETE /admin/clusters/:cluster_id diff --git a/doc/api/project_clusters.md b/doc/api/project_clusters.md index c1f59520bd7..437522b0946 100644 --- a/doc/api/project_clusters.md +++ b/doc/api/project_clusters.md @@ -388,7 +388,7 @@ Example response: ## Delete project cluster -Deletes an existing project cluster. +Deletes an existing project cluster. Does not remove existing resources within the connected Kubernetes cluster. ```plaintext DELETE /projects/:id/clusters/:cluster_id diff --git a/doc/update/index.md b/doc/update/index.md index 1e8badf59b4..a21b55b0205 100644 --- a/doc/update/index.md +++ b/doc/update/index.md @@ -192,9 +192,13 @@ pending_job_classes.each { |job_class| Gitlab::BackgroundMigration.steal(job_cla #### Background migrations stuck in 'pending' state GitLab 13.6 introduced an issue where a background migration named `BackfillJiraTrackerDeploymentType2` can be permanently stuck in a **pending** state across upgrades. To clean up this stuck migration, see the [13.6.0 version-specific instructions](#1360). + GitLab 14.4 introduced an issue where a background migration named `PopulateTopicsTotalProjectsCountCache` can be permanently stuck in a **pending** state across upgrades when the instance lacks records that match the migration's target. To clean up this stuck migration, see the [14.4.0 version-specific instructions](#1440). + GitLab 14.8 introduced an issue where a background migration named `PopulateTopicsNonPrivateProjectsCount` can be permanently stuck in a **pending** state across upgrades. To clean up this stuck migration, see the [14.8.0 version-specific instructions](#1480). +GitLab 14.9 introduced an issue where a background migration named `ResetDuplicateCiRunnersTokenValuesOnProjects` can be permanently stuck in a **pending** state across upgrades when the instance lacks records that match the migration's target. To clean up this stuck migration, see the [14.9.0 version-specific instructions](#1490). + For other background migrations stuck in pending, run the following check. If it returns non-zero and the count does not decrease over time, follow the rest of the steps in this section. ```shell @@ -398,6 +402,35 @@ NOTE: Specific information that follow related to Ruby and Git versions do not apply to [Omnibus installations](https://docs.gitlab.com/omnibus/) and [Helm Chart deployments](https://docs.gitlab.com/charts/). They come with appropriate Ruby and Git versions and are not using system binaries for Ruby and Git. There is no need to install Ruby or Git when utilizing these two approaches. +### 14.9.0 + +- Database changes made by the upgrade to GitLab 14.9 can take hours or days to complete on larger GitLab instances. + These [batched background migrations](#batched-background-migrations) update whole database tables to ensure corresponding + records in `namespaces` table for each record in `projects` table. + + After you update to 14.9.0 or a later 14.9 patch version, + [batched background migrations need to finish](#batched-background-migrations) + before you update to a later version. + + If the migrations are not finished and you try to update to a later version, + you'll see an error like: + + ```plaintext + Expected batched background migration for the given configuration to be marked as 'finished', but it is 'active': + ``` + +- GitLab 14.9.0 includes a + [background migration `ResetDuplicateCiRunnersTokenValuesOnProjects`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/79140) + that may remain stuck permanently in a **pending** state. + + To clean up this stuck job, run the following in the [GitLab Rails Console](../administration/operations/rails_console.md): + + ```ruby + Gitlab::Database::BackgroundMigrationJob.pending.where(class_name: "ResetDuplicateCiRunnersTokenValuesOnProjects").find_each do |job| + puts Gitlab::Database::BackgroundMigrationJob.mark_all_as_succeeded("ResetDuplicateCiRunnersTokenValuesOnProjects", job.arguments) + end + ``` + ### 14.8.0 - If upgrading from a version earlier than 14.6.5, 14.7.4, or 14.8.2, please review the [Critical Security Release: 14.8.2, 14.7.4, and 14.6.5](https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/) blog post. @@ -455,7 +488,7 @@ that may remain stuck permanently in a **pending** state. can override the behavior of `tmpfiles.d` for the Gitaly files and avoid this issue: ```shell - sudo echo "x /tmp/gitaly-hooks-*" > /etc/tmpfiles.d/gitaly-workaround.conf + sudo printf "x /tmp/gitaly-%s-*\n" hooks git-exec-path >/etc/tmpfiles.d/gitaly-workaround.conf ``` ### 14.6.0 diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index e4a7f2213ae..ee0520df8ff 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -714,7 +714,6 @@ module API def send_artifacts_entry(file, entry) header(*Gitlab::Workhorse.send_artifacts_entry(file, entry)) - header(*Gitlab::Workhorse.detect_content_type) body '' end diff --git a/lib/gitlab/workhorse.rb b/lib/gitlab/workhorse.rb index d74efd458f6..19d30daa577 100644 --- a/lib/gitlab/workhorse.rb +++ b/lib/gitlab/workhorse.rb @@ -226,13 +226,6 @@ module Gitlab end end - def detect_content_type - [ - Gitlab::Workhorse::DETECT_HEADER, - 'true' - ] - end - protected # This is the outermost encoding of a senddata: header. It is safe for diff --git a/spec/controllers/projects/artifacts_controller_spec.rb b/spec/controllers/projects/artifacts_controller_spec.rb index 958fcd4360c..9410fe08d0b 100644 --- a/spec/controllers/projects/artifacts_controller_spec.rb +++ b/spec/controllers/projects/artifacts_controller_spec.rb @@ -361,7 +361,6 @@ RSpec.describe Projects::ArtifactsController do subject expect(response).to have_gitlab_http_status(:ok) - expect(response.headers['Gitlab-Workhorse-Detect-Content-Type']).to eq('true') expect(send_data).to start_with('artifacts-entry:') expect(params.keys).to eq(%w(Archive Entry)) diff --git a/spec/lib/gitlab/workhorse_spec.rb b/spec/lib/gitlab/workhorse_spec.rb index 91ab0a53c6c..3bab9aec454 100644 --- a/spec/lib/gitlab/workhorse_spec.rb +++ b/spec/lib/gitlab/workhorse_spec.rb @@ -448,14 +448,6 @@ RSpec.describe Gitlab::Workhorse do end end - describe '.detect_content_type' do - subject { described_class.detect_content_type } - - it 'returns array setting detect content type in workhorse' do - expect(subject).to eq(%w[Gitlab-Workhorse-Detect-Content-Type true]) - end - end - describe '.send_git_blob' do include FakeBlobHelpers diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb index bde83d647db..ca4ca2eb7a0 100644 --- a/spec/policies/project_policy_spec.rb +++ b/spec/policies/project_policy_spec.rb @@ -103,39 +103,89 @@ RSpec.describe ProjectPolicy do end context 'creating_merge_request_in' do - context 'when project is public' do - let(:project) { public_project } + context 'when the current_user can download_code' do + before do + expect(subject).to receive(:allowed?).with(:download_code).and_return(true) + allow(subject).to receive(:allowed?).with(any_args).and_call_original + end - context 'when the current_user is guest' do - let(:current_user) { guest } + context 'when project is public' do + let(:project) { public_project } + + context 'when the current_user is guest' do + let(:current_user) { guest } - it { is_expected.to be_allowed(:create_merge_request_in) } + it { is_expected.to be_allowed(:create_merge_request_in) } + end end - end - context 'when project is internal' do - let(:project) { internal_project } + context 'when project is internal' do + let(:project) { internal_project } - context 'when the current_user is guest' do - let(:current_user) { guest } + context 'when the current_user is guest' do + let(:current_user) { guest } - it { is_expected.to be_allowed(:create_merge_request_in) } + it { is_expected.to be_allowed(:create_merge_request_in) } + end + end + + context 'when project is private' do + let(:project) { private_project } + + context 'when the current_user is guest' do + let(:current_user) { guest } + + it { is_expected.not_to be_allowed(:create_merge_request_in) } + end + + context 'when the current_user is reporter or above' do + let(:current_user) { reporter } + + it { is_expected.to be_allowed(:create_merge_request_in) } + end end end - context 'when project is private' do - let(:project) { private_project } + context 'when the current_user can not download code' do + before do + expect(subject).to receive(:allowed?).with(:download_code).and_return(false) + allow(subject).to receive(:allowed?).with(any_args).and_call_original + end - context 'when the current_user is guest' do - let(:current_user) { guest } + context 'when project is public' do + let(:project) { public_project } + + context 'when the current_user is guest' do + let(:current_user) { guest } - it { is_expected.not_to be_allowed(:create_merge_request_in) } + it { is_expected.not_to be_allowed(:create_merge_request_in) } + end end - context 'when the current_user is reporter or above' do - let(:current_user) { reporter } + context 'when project is internal' do + let(:project) { internal_project } - it { is_expected.to be_allowed(:create_merge_request_in) } + context 'when the current_user is guest' do + let(:current_user) { guest } + + it { is_expected.not_to be_allowed(:create_merge_request_in) } + end + end + + context 'when project is private' do + let(:project) { private_project } + + context 'when the current_user is guest' do + let(:current_user) { guest } + + it { is_expected.not_to be_allowed(:create_merge_request_in) } + end + + context 'when the current_user is reporter or above' do + let(:current_user) { reporter } + + it { is_expected.not_to be_allowed(:create_merge_request_in) } + end end end end diff --git a/spec/requests/api/ci/job_artifacts_spec.rb b/spec/requests/api/ci/job_artifacts_spec.rb index 5abff85af9c..68b44bb89e0 100644 --- a/spec/requests/api/ci/job_artifacts_spec.rb +++ b/spec/requests/api/ci/job_artifacts_spec.rb @@ -558,8 +558,7 @@ RSpec.describe API::Ci::JobArtifacts do expect(response).to have_gitlab_http_status(:ok) expect(response.headers.to_h) .to include('Content-Type' => 'application/json', - 'Gitlab-Workhorse-Send-Data' => /artifacts-entry/, - 'Gitlab-Workhorse-Detect-Content-Type' => 'true') + 'Gitlab-Workhorse-Send-Data' => /artifacts-entry/) end end @@ -629,8 +628,7 @@ RSpec.describe API::Ci::JobArtifacts do expect(response).to have_gitlab_http_status(:ok) expect(response.headers.to_h) .to include('Content-Type' => 'application/json', - 'Gitlab-Workhorse-Send-Data' => /artifacts-entry/, - 'Gitlab-Workhorse-Detect-Content-Type' => 'true') + 'Gitlab-Workhorse-Send-Data' => /artifacts-entry/) expect(response.parsed_body).to be_empty end end @@ -648,8 +646,7 @@ RSpec.describe API::Ci::JobArtifacts do expect(response).to have_gitlab_http_status(:ok) expect(response.headers.to_h) .to include('Content-Type' => 'application/json', - 'Gitlab-Workhorse-Send-Data' => /artifacts-entry/, - 'Gitlab-Workhorse-Detect-Content-Type' => 'true') + 'Gitlab-Workhorse-Send-Data' => /artifacts-entry/) end end |