diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-09-16 06:14:23 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-09-16 06:14:23 +0000 |
| commit | 2800e6ea59112f31833f8241a9a2f04ae8f7faa1 (patch) | |
| tree | 23e6c21eb4e8b2eb62049e05375c51710eccfce4 | |
| parent | 0e6ff93eba3ed1ba4c7be0ec78a76dde71a47285 (diff) | |
| download | gitlab-ce-2800e6ea59112f31833f8241a9a2f04ae8f7faa1.tar.gz | |
Add latest changes from gitlab-org/gitlab@master
33 files changed, 442 insertions, 80 deletions
diff --git a/.gitlab/CODEOWNERS b/.gitlab/CODEOWNERS index 4dab0bd5bf5..03fcfc4dd53 100644 --- a/.gitlab/CODEOWNERS +++ b/.gitlab/CODEOWNERS @@ -12,13 +12,13 @@ docs/CODEOWNERS @clefelhocz1 @timzallmann @cdu1 @wayne @dsatcher @sgoldstein @je GITALY_SERVER_VERSION @project_278964_bot6 @gitlab-org/maintainers/rails-backend @gitlab-org/delivery ## Files that are excluded from required approval -/.gitlab/issue_templates/ -/.gitlab/merge_request_templates/ +/.gitlab/issue_templates/*.md +/.gitlab/merge_request_templates/*.md /doc/*.md /doc/**/*.md /doc/**/*.png -/data/deprecations/ -/data/removals/ +/data/deprecations/*.yml +/data/removals/*.yml ^[Backend] *.rb @gitlab-org/maintainers/rails-backend @@ -1160,7 +1160,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab /ee/app/controllers/groups/omniauth_callbacks_controller.rb @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/controllers/groups/scim_oauth_controller.rb @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/controllers/oauth/ @gitlab-org/manage/authentication-and-authorization/approvers -/ee/app/controllers/omniauth_kerberos_spnego_controller.rb @gitlab-org/manage/authentication-and-authorization/approvers +/ee/app/controllers/omniauth_kerberos_controller.rb @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/finders/auth/ @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/helpers/ee/access_tokens_helper.rb @gitlab-org/manage/authentication-and-authorization/approvers /ee/app/helpers/ee/auth_helper.rb @gitlab-org/manage/authentication-and-authorization/approvers diff --git a/.rubocop_todo/gitlab/namespaced_class.yml b/.rubocop_todo/gitlab/namespaced_class.yml index bfb406f37a4..230ef959153 100644 --- a/.rubocop_todo/gitlab/namespaced_class.yml +++ b/.rubocop_todo/gitlab/namespaced_class.yml @@ -851,7 +851,7 @@ Gitlab/NamespacedClass: - 'app/workers/x509_issuer_crl_check_worker.rb' - 'ee/app/controllers/countries_controller.rb' - 'ee/app/controllers/country_states_controller.rb' - - 'ee/app/controllers/omniauth_kerberos_spnego_controller.rb' + - 'ee/app/controllers/omniauth_kerberos_controller.rb' - 'ee/app/controllers/operations_controller.rb' - 'ee/app/controllers/sitemap_controller.rb' - 'ee/app/controllers/smartcard_controller.rb' diff --git a/.rubocop_todo/rails/helper_instance_variable.yml b/.rubocop_todo/rails/helper_instance_variable.yml index 006e66ed0b2..f43ca39f47c 100644 --- a/.rubocop_todo/rails/helper_instance_variable.yml +++ b/.rubocop_todo/rails/helper_instance_variable.yml @@ -66,7 +66,7 @@ Rails/HelperInstanceVariable: - 'ee/app/helpers/ee/groups/group_members_helper.rb' - 'ee/app/helpers/ee/groups_helper.rb' - 'ee/app/helpers/ee/integrations_helper.rb' - - 'ee/app/helpers/ee/kerberos_spnego_helper.rb' + - 'ee/app/helpers/ee/kerberos_helper.rb' - 'ee/app/helpers/ee/labels_helper.rb' - 'ee/app/helpers/ee/lock_helper.rb' - 'ee/app/helpers/ee/merge_requests_helper.rb' diff --git a/.rubocop_todo/rspec/any_instance_of.yml b/.rubocop_todo/rspec/any_instance_of.yml index 2cc2478e530..e7855e84b28 100644 --- a/.rubocop_todo/rspec/any_instance_of.yml +++ b/.rubocop_todo/rspec/any_instance_of.yml @@ -73,7 +73,7 @@ RSpec/AnyInstanceOf: - ee/spec/requests/api/projects_spec.rb - ee/spec/requests/git_http_spec.rb - ee/spec/requests/groups_controller_spec.rb - - ee/spec/requests/omniauth_kerberos_spnego_spec.rb + - ee/spec/requests/omniauth_kerberos_spec.rb - ee/spec/requests/repositories/git_http_controller_spec.rb - ee/spec/services/ee/git/branch_push_service_spec.rb - ee/spec/services/ee/merge_requests/create_from_vulnerability_data_service_spec.rb diff --git a/.rubocop_todo/rspec/expect_in_hook.yml b/.rubocop_todo/rspec/expect_in_hook.yml index 2353c11ce3a..1551f2dc637 100644 --- a/.rubocop_todo/rspec/expect_in_hook.yml +++ b/.rubocop_todo/rspec/expect_in_hook.yml @@ -32,7 +32,7 @@ RSpec/ExpectInHook: - 'ee/spec/helpers/ee/issues_helper_spec.rb' - 'ee/spec/helpers/ee/projects/security/dast_configuration_helper_spec.rb' - 'ee/spec/helpers/ee/welcome_helper_spec.rb' - - 'ee/spec/helpers/kerberos_spnego_helper_spec.rb' + - 'ee/spec/helpers/kerberos_helper_spec.rb' - 'ee/spec/helpers/vulnerabilities_helper_spec.rb' - 'ee/spec/lib/ee/api/helpers/members_helpers_spec.rb' - 'ee/spec/lib/ee/gitlab/auth/ldap/sync/group_spec.rb' @@ -69,7 +69,7 @@ RSpec/ExpectInHook: - 'ee/spec/requests/api/geo_spec.rb' - 'ee/spec/requests/api/internal/base_spec.rb' - 'ee/spec/requests/groups/analytics/devops_adoption_controller_spec.rb' - - 'ee/spec/requests/omniauth_kerberos_spnego_spec.rb' + - 'ee/spec/requests/omniauth_kerberos_spec.rb' - 'ee/spec/services/analytics/cycle_analytics/stages/update_service_spec.rb' - 'ee/spec/services/app_sec/dast/profiles/update_service_spec.rb' - 'ee/spec/services/auto_merge/add_to_merge_train_when_pipeline_succeeds_service_spec.rb' diff --git a/.rubocop_todo/rspec/verified_doubles.yml b/.rubocop_todo/rspec/verified_doubles.yml index ee24ed73a27..0fa36d1941c 100644 --- a/.rubocop_todo/rspec/verified_doubles.yml +++ b/.rubocop_todo/rspec/verified_doubles.yml @@ -41,7 +41,7 @@ RSpec/VerifiedDoubles: - ee/spec/helpers/ee/subscribable_banner_helper_spec.rb - ee/spec/helpers/ee/trial_helper_spec.rb - ee/spec/helpers/ee/trial_registration_helper_spec.rb - - ee/spec/helpers/kerberos_spnego_helper_spec.rb + - ee/spec/helpers/kerberos_helper_spec.rb - ee/spec/helpers/license_helper_spec.rb - ee/spec/helpers/roadmaps_helper_spec.rb - ee/spec/helpers/routing/pseudonymization_helper_spec.rb diff --git a/.rubocop_todo/style/empty_else.yml b/.rubocop_todo/style/empty_else.yml index f211d022dcd..07e42692f60 100644 --- a/.rubocop_todo/style/empty_else.yml +++ b/.rubocop_todo/style/empty_else.yml @@ -29,7 +29,7 @@ Style/EmptyElse: - 'config/initializers/doorkeeper_openid_connect.rb' - 'ee/app/controllers/admin/audit_logs_controller.rb' - 'ee/app/controllers/ee/groups_controller.rb' - - 'ee/app/helpers/ee/kerberos_spnego_helper.rb' + - 'ee/app/helpers/ee/kerberos_helper.rb' - 'ee/app/helpers/ee/trial_helper.rb' - 'ee/app/models/ee/audit_event.rb' - 'ee/app/services/ee/users/update_service.rb' diff --git a/.rubocop_todo/style/string_concatenation.yml b/.rubocop_todo/style/string_concatenation.yml index 2330683cc18..3dd708d2c49 100644 --- a/.rubocop_todo/style/string_concatenation.yml +++ b/.rubocop_todo/style/string_concatenation.yml @@ -74,7 +74,7 @@ Style/StringConcatenation: - 'ee/lib/elastic/latest/git_class_proxy.rb' - 'ee/lib/gitlab/elastic/search_results.rb' - 'ee/lib/gitlab/geo/git_ssh_proxy.rb' - - 'ee/lib/omni_auth/strategies/kerberos_spnego.rb' + - 'ee/lib/omni_auth/strategies/kerberos.rb' - 'ee/lib/tasks/gitlab/elastic.rake' - 'ee/lib/tasks/gitlab/license.rake' - 'ee/spec/controllers/trial_registrations_controller_spec.rb' diff --git a/app/controllers/repositories/git_http_client_controller.rb b/app/controllers/repositories/git_http_client_controller.rb index fbf5d82a45b..a5ca17db113 100644 --- a/app/controllers/repositories/git_http_client_controller.rb +++ b/app/controllers/repositories/git_http_client_controller.rb @@ -3,7 +3,7 @@ module Repositories class GitHttpClientController < Repositories::ApplicationController include ActionController::HttpAuthentication::Basic - include KerberosSpnegoHelper + include KerberosHelper include Gitlab::Utils::StrongMemoize attr_reader :authentication_result, :redirected_path @@ -49,7 +49,7 @@ module Repositories if handle_basic_authentication(login, password) return # Allow access end - elsif allow_kerberos_spnego_auth? && spnego_provided? + elsif allow_kerberos_auth? && spnego_provided? kerberos_user = find_kerberos_user if kerberos_user @@ -91,7 +91,7 @@ module Repositories def send_challenges challenges = [] challenges << 'Basic realm="GitLab"' if allow_basic_auth? - challenges << spnego_challenge if allow_kerberos_spnego_auth? + challenges << spnego_challenge if allow_kerberos_auth? headers['Www-Authenticate'] = challenges.join("\n") if challenges.any? end diff --git a/app/helpers/kerberos_spnego_helper.rb b/app/helpers/kerberos_helper.rb index 0f6812bc31b..31166772367 100644 --- a/app/helpers/kerberos_spnego_helper.rb +++ b/app/helpers/kerberos_helper.rb @@ -1,13 +1,13 @@ # frozen_string_literal: true -module KerberosSpnegoHelper +module KerberosHelper def allow_basic_auth? true # different behavior in GitLab Enterprise Edition end - def allow_kerberos_spnego_auth? + def allow_kerberos_auth? false # different behavior in GitLab Enterprise Edition end end -KerberosSpnegoHelper.prepend_mod_with('KerberosSpnegoHelper') +KerberosHelper.prepend_mod_with('KerberosHelper') diff --git a/app/services/merge_requests/ff_merge_service.rb b/app/services/merge_requests/ff_merge_service.rb index c5640047899..6e1d1b6ad23 100644 --- a/app/services/merge_requests/ff_merge_service.rb +++ b/app/services/merge_requests/ff_merge_service.rb @@ -8,26 +8,22 @@ module MergeRequests # Executed when you do fast-forward merge via GitLab UI # class FfMergeService < MergeRequests::MergeService - private + extend ::Gitlab::Utils::Override - def commit - ff_merge = repository.ff_merge(current_user, - source, - merge_request.target_branch, - merge_request: merge_request) + private - if merge_request.squash_on_merge? - merge_request.update_column(:squash_commit_sha, merge_request.in_progress_merge_commit_sha) - end + override :execute_git_merge + def execute_git_merge + repository.ff_merge(current_user, + source, + merge_request.target_branch, + merge_request: merge_request) + end - ff_merge - rescue Gitlab::Git::PreReceiveError => e - Gitlab::ErrorTracking.track_exception(e, pre_receive_message: e.raw_message, merge_request_id: merge_request&.id) - raise MergeError, e.message - rescue StandardError => e - raise MergeError, "Something went wrong during merge: #{e.message}" - ensure - merge_request.update_and_mark_in_progress_merge_commit_sha(nil) + override :merge_success_data + def merge_success_data(commit_id) + # There is no merge commit to update, so this is just blank. + {} end end end diff --git a/app/services/merge_requests/merge_service.rb b/app/services/merge_requests/merge_service.rb index 5244f2acd66..6d31a29f5a7 100644 --- a/app/services/merge_requests/merge_service.rb +++ b/app/services/merge_requests/merge_service.rb @@ -92,16 +92,26 @@ module MergeRequests raise_error(GENERIC_ERROR_MESSAGE) end - data_to_update = { merge_commit_sha: commit_id } - data_to_update[:squash_commit_sha] = source if merge_request.squash_on_merge? + update_merge_sha_metadata(commit_id) - merge_request.update!(**data_to_update) + commit_id ensure merge_request.update_and_mark_in_progress_merge_commit_sha(nil) end + def update_merge_sha_metadata(commit_id) + data_to_update = merge_success_data(commit_id) + data_to_update[:squash_commit_sha] = source if merge_request.squash_on_merge? + + merge_request.update!(**data_to_update) if data_to_update.present? + end + + def merge_success_data(commit_id) + { merge_commit_sha: commit_id } + end + def try_merge - repository.merge(current_user, source, merge_request, commit_message) + execute_git_merge rescue Gitlab::Git::PreReceiveError => e raise MergeError, "Something went wrong during merge pre-receive hook. #{e.message}".strip @@ -110,6 +120,10 @@ module MergeRequests raise_error(GENERIC_ERROR_MESSAGE) end + def execute_git_merge + repository.merge(current_user, source, merge_request, commit_message) + end + def after_merge log_info("Post merge started on JID #{merge_jid} with state #{state}") MergeRequests::PostMergeService.new(project: project, current_user: current_user).execute(merge_request) diff --git a/app/views/admin/sessions/_signin_box.html.haml b/app/views/admin/sessions/_signin_box.html.haml index 9372bae14c3..c7382266480 100644 --- a/app/views/admin/sessions/_signin_box.html.haml +++ b/app/views/admin/sessions/_signin_box.html.haml @@ -4,8 +4,6 @@ .login-body = render 'devise/sessions/new_crowd' - = render_if_exists 'devise/sessions/new_kerberos_tab' - - ldap_servers.each_with_index do |server, i| .login-box.tab-pane{ id: "#{server['provider_name']}", role: 'tabpanel', class: active_when(i == 0 && form_based_auth_provider_has_active_class?(:ldapmain)) } .login-body diff --git a/app/views/devise/shared/_signin_box.html.haml b/app/views/devise/shared/_signin_box.html.haml index ff93449194a..60f1ff02e76 100644 --- a/app/views/devise/shared/_signin_box.html.haml +++ b/app/views/devise/shared/_signin_box.html.haml @@ -4,8 +4,6 @@ .login-body = render 'devise/sessions/new_crowd' - = render_if_exists 'devise/sessions/new_kerberos_tab' - - ldap_servers.each_with_index do |server, i| .login-box.tab-pane{ id: "#{server['provider_name']}", role: 'tabpanel', class: active_when(i == 0 && form_based_auth_provider_has_active_class?(:ldapmain)) } .login-body diff --git a/app/views/notify/new_user_email.html.haml b/app/views/notify/new_user_email.html.haml index ec135ae994f..11660126dc2 100644 --- a/app/views/notify/new_user_email.html.haml +++ b/app/views/notify/new_user_email.html.haml @@ -1,17 +1,19 @@ %p - Hi #{sanitize_name(@user['name'])}! + = s_('Notify|Hi %{username}!') % {username: sanitize_name(@user['name'])} %p - if Gitlab::CurrentSettings.allow_signup? - Your account has been created successfully. + = s_('Notify|Your account has been created successfully.') - else - The Administrator created an account for you. Now you are a member of the company GitLab application. + = s_('Notify|The Administrator created an account for you. Now you are a member of the company GitLab application.') %p - login.......................................... + = s_('Notify|login..........................................') %code= @user['email'] - if @user.created_by_id %p - = link_to "Click here to set your password", edit_password_url(@user, reset_password_token: @token) + = link_to s_('Notify|Click here to set your password'), edit_password_url(@user, reset_password_token: @token) %p - This link is valid for #{password_reset_token_valid_time}. - After it expires, you can #{link_to("request a new one", new_user_password_url(user_email: @user.email))}. + = s_('Notify|This link is valid for %{password_reset_token_valid_time}.') % {password_reset_token_valid_time: password_reset_token_valid_time} + - a_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % {url: new_user_password_url(user_email: @user.email)} + - a_end = '</a>'.html_safe + = html_escape(s_('Notify|After it expires, you can %{a_start} request a new one %{a_end}.')) % {a_start: a_start, a_end: a_end} diff --git a/app/views/projects/blame/show.html.haml b/app/views/projects/blame/show.html.haml index d4efca668eb..f2c4fe017f2 100644 --- a/app/views/projects/blame/show.html.haml +++ b/app/views/projects/blame/show.html.haml @@ -59,7 +59,7 @@ - current_line += line_count - - if @blame_pagination + - if @blame_pagination && @blame_pagination.total_pages > 1 .gl-display-flex.gl-justify-content-center.gl-flex-direction-column.gl-align-items-center.gl-p-3.gl-bg-gray-50.gl-border-t-solid.gl-border-t-1.gl-border-gray-100 = _('For faster browsing, not all history is shown.') = render Pajamas::ButtonComponent.new(href: namespace_project_blame_path(namespace_id: @project.namespace, project_id: @project, id: @id, no_pagination: true), size: :small, button_options: { class: 'gl-mt-3' }) do |c| diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb index 9b9132e2497..3fc4b56f458 100644 --- a/config/initializers/1_settings.rb +++ b/config/initializers/1_settings.rb @@ -117,6 +117,27 @@ Settings.omniauth.cas3['session_duration'] ||= 8.hours Settings.omniauth['session_tickets'] ||= Settingslogic.new({}) Settings.omniauth.session_tickets['cas3'] = 'ticket' +# Handle backward compatibility with the renamed kerberos_spnego provider +# https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96335#note_1094265436 +Gitlab.ee do + kerberos_spnego = Settings.omniauth.providers.find { |p| p.name == 'kerberos_spnego' } + if kerberos_spnego + Settings.omniauth.providers.delete_if { |p| p.name == 'kerberos' } + kerberos_spnego['name'] = 'kerberos' + + omniauth_keys = %w(allow_single_sign_on auto_link_user external_providers sync_profile_from_provider allow_bypass_two_factor) + omniauth_keys.each do |key| + next unless Settings.omniauth[key].is_a?(Array) + + Settings.omniauth[key].map! { |p| p == 'kerberos_spnego' ? 'kerberos' : p } + end + + if Settings.omniauth['auto_sign_in_with_provider'] == 'kerberos_spnego' + Settings.omniauth['auto_sign_in_with_provider'] = 'kerberos' + end + end +end + # Fill out omniauth-gitlab settings. It is needed for easy set up GHE or GH by just specifying url. github_default_url = "https://github.com" @@ -909,8 +930,8 @@ Gitlab.ee do Settings.kerberos['https'] = Settings.gitlab.https if Settings.kerberos['https'].nil? Settings.kerberos['port'] ||= Settings.kerberos.https ? 8443 : 8088 - if Settings.kerberos['enabled'] && !Settings.omniauth.providers.map(&:name).include?('kerberos_spnego') - Settings.omniauth.providers << Settingslogic.new({ 'name' => 'kerberos_spnego' }) + if Settings.kerberos['enabled'] && !Settings.omniauth.providers.map(&:name).include?('kerberos') + Settings.omniauth.providers << Settingslogic.new({ 'name' => 'kerberos' }) end end diff --git a/db/post_migrate/20220913030552_add_tmp_index_system_note_metadata_on_attention_request_actions.rb b/db/post_migrate/20220913030552_add_tmp_index_system_note_metadata_on_attention_request_actions.rb new file mode 100644 index 00000000000..3418dabc0e9 --- /dev/null +++ b/db/post_migrate/20220913030552_add_tmp_index_system_note_metadata_on_attention_request_actions.rb @@ -0,0 +1,17 @@ +# frozen_string_literal: true + +class AddTmpIndexSystemNoteMetadataOnAttentionRequestActions < Gitlab::Database::Migration[2.0] + INDEX_NAME = "tmp_index_system_note_metadata_on_attention_request_actions" + + disable_ddl_transaction! + + def up + add_concurrent_index :system_note_metadata, [:id], + where: "action IN ('attention_requested', 'attention_request_removed')", + name: INDEX_NAME + end + + def down + remove_concurrent_index_by_name :system_note_metadata, INDEX_NAME + end +end diff --git a/db/post_migrate/20220913030624_cleanup_attention_request_related_system_notes.rb b/db/post_migrate/20220913030624_cleanup_attention_request_related_system_notes.rb new file mode 100644 index 00000000000..b7d6908696b --- /dev/null +++ b/db/post_migrate/20220913030624_cleanup_attention_request_related_system_notes.rb @@ -0,0 +1,30 @@ +# frozen_string_literal: true + +class CleanupAttentionRequestRelatedSystemNotes < Gitlab::Database::Migration[2.0] + disable_ddl_transaction! + restrict_gitlab_migration gitlab_schema: :gitlab_main + + BATCH_SIZE = 100 + + class SystemNoteMetadata < MigrationRecord + include EachBatch + + self.table_name = 'system_note_metadata' + end + + class Note < MigrationRecord + self.table_name = 'notes' + end + + def up + SystemNoteMetadata + .where(action: %w[attention_requested attention_request_removed]) + .each_batch(of: BATCH_SIZE) do |batch| + Note.where(id: batch.pluck(:note_id)).delete_all + end + end + + def down + # no op + end +end diff --git a/db/schema_migrations/20220913030552 b/db/schema_migrations/20220913030552 new file mode 100644 index 00000000000..6d6a68788dc --- /dev/null +++ b/db/schema_migrations/20220913030552 @@ -0,0 +1 @@ +39538feebc6f7f4e1822148567ed369eee1a7ed7ee718f7e913e2b585cc0e808
\ No newline at end of file diff --git a/db/schema_migrations/20220913030624 b/db/schema_migrations/20220913030624 new file mode 100644 index 00000000000..8a0641b4f8c --- /dev/null +++ b/db/schema_migrations/20220913030624 @@ -0,0 +1 @@ +baac0b236b7e91f9aacd03f3cf1ce84974f6c389529143e9b2813d9b70224e53
\ No newline at end of file diff --git a/db/structure.sql b/db/structure.sql index 5389ee0ff84..f536bd170eb 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -30864,6 +30864,8 @@ CREATE INDEX tmp_index_on_vulnerabilities_non_dismissed ON vulnerabilities USING CREATE INDEX tmp_index_project_statistics_cont_registry_size ON project_statistics USING btree (project_id) WHERE (container_registry_size = 0); +CREATE INDEX tmp_index_system_note_metadata_on_attention_request_actions ON system_note_metadata USING btree (id) WHERE ((action)::text = ANY ((ARRAY['attention_requested'::character varying, 'attention_request_removed'::character varying])::text[])); + CREATE INDEX tmp_index_system_note_metadata_on_id_where_task ON system_note_metadata USING btree (id, action) WHERE ((action)::text = 'task'::text); CREATE INDEX tmp_index_user_callouts_on_attention_request_feature_names ON user_callouts USING btree (id) WHERE (feature_name = ANY (ARRAY[47, 48])); diff --git a/doc/ci/environments/protected_environments.md b/doc/ci/environments/protected_environments.md index 98c4c49781d..e63777dc0e0 100644 --- a/doc/ci/environments/protected_environments.md +++ b/doc/ci/environments/protected_environments.md @@ -24,6 +24,10 @@ Maintainer role. ## Protecting environments +Prerequisites: + +- When granting the **Allowed to deploy** permission to a group or sub-group, the user configuring the protected environment must be a **direct member** of the group or sub-group to be added. Otherwise, the group or sub-group will not show up in the dropdown. For more information see [issue #345140](https://gitlab.com/gitlab-org/gitlab/-/issues/345140). + To protect an environment: 1. On the top bar, select **Main menu > Projects** and find your project. diff --git a/doc/development/feature_flags/index.md b/doc/development/feature_flags/index.md index e0441310523..444b53f9c8d 100644 --- a/doc/development/feature_flags/index.md +++ b/doc/development/feature_flags/index.md @@ -535,16 +535,18 @@ Feature.remove(:feature_flag_name) ```mermaid graph LR - A[flag: default off] -->|'added' / 'changed'| B(flag: default on) + A[flag: default off] -->|'added' / 'changed' / 'fixed' / '...'| B(flag: default on) B -->|'other'| C(remove flag, keep new code) B -->|'removed' / 'changed'| D(remove flag, keep old code) - A -->|'added' / 'changed'| C + A -->|'added' / 'changed' / 'fixed' / '...'| C A -->|no changelog| D ``` - Any change behind a feature flag that is **enabled** by default **should** have a changelog entry. - The changelog for a feature flag should describe the feature and not the flag, unless a default on feature flag is removed keeping the new code (`other` in the flowchart above). +- A feature flag can also be used for rolling out a bug fix or a maintenance work. In this scenario, the changelog + must be related to it, for example; `fixed` or `other`. ## Feature flags in tests diff --git a/doc/integration/kerberos.md b/doc/integration/kerberos.md index 49c5828ae32..5c9af96ebe8 100644 --- a/doc/integration/kerberos.md +++ b/doc/integration/kerberos.md @@ -110,13 +110,15 @@ set up GitLab to create a new account when a Kerberos user tries to sign in. ### Link a Kerberos account to an existing GitLab account +> Kerberos SPNEGO [renamed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96335) to Kerberos in GitLab 15.4. + If you're an administrator, you can link a Kerberos account to an existing GitLab account. To do so: 1. On the top bar, select **Main menu > Admin**. 1. On the left sidebar, select **Overview > Users**. 1. Select a user, then select the **Identities** tab. -1. Select 'Kerberos SPNEGO' in the 'Provider' dropdown box. +1. From the **Provider** dropdown list, select **Kerberos**. 1. Make sure the **Identifier** corresponds to the Kerberos username. 1. Select **Save changes**. @@ -125,7 +127,7 @@ If you're not an administrator: 1. In the top-right corner, select your avatar. 1. Select **Edit profile**. 1. On the left sidebar, select **Account**. -1. In the **Service sign-in** section, select **Connect Kerberos SPNEGO**. +1. In the **Service sign-in** section, select **Connect Kerberos**. If you don't see a **Service sign-in** Kerberos option, follow the requirements in [Enable single sign-on](#enable-single-sign-on). @@ -305,15 +307,12 @@ We [deprecated](../update/deprecations.md#omniauth-kerberos-gem) password-based Kerberos sign-ins in GitLab 14.3 and [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/2908) it in GitLab 15.0. You must switch to ticket-based sign in. -Depending on your existing GitLab configuration, the 'Sign in with: -Kerberos SPNEGO' button may already be visible on your GitLab sign-in -page. If not, then add the settings [described above](#configuration). +Depending on your existing GitLab configuration, **Sign in with: +Kerberos** may already be visible on your GitLab sign-in page. +If not, then add the settings [described above](#configuration). -Once you have verified that the 'Kerberos SPNEGO' button works -without entering any passwords, you can proceed to disable -password-based Kerberos sign-ins. To do this you need only need to -remove the OmniAuth provider named `kerberos` from your `gitlab.yml` / -`gitlab.rb` file. +To disable password-based Kerberos sign-ins, remove the OmniAuth provider +`kerberos` from your `gitlab.yml`/`gitlab.rb` file. **For installations from source** @@ -365,7 +364,7 @@ mechanisms it supports to GitLab. If it doesn't support any of the mechanisms GitLab supports, authentication fails with a message like this in the log: ```plaintext -OmniauthKerberosSpnegoController: failed to process Negotiate/Kerberos authentication: gss_accept_sec_context did not return GSS_S_COMPLETE: An unsupported mechanism was requested Unknown error +OmniauthKerberosController: failed to process Negotiate/Kerberos authentication: gss_accept_sec_context did not return GSS_S_COMPLETE: An unsupported mechanism was requested Unknown error ``` There are a number of potential causes and solutions for this error message. diff --git a/doc/raketasks/backup_gitlab.md b/doc/raketasks/backup_gitlab.md index 8d72195e43a..a418fc4fe8c 100644 --- a/doc/raketasks/backup_gitlab.md +++ b/doc/raketasks/backup_gitlab.md @@ -346,12 +346,14 @@ To create an incremental backup, run: sudo gitlab-backup create INCREMENTAL=yes PREVIOUS_BACKUP=<timestamp_of_backup> ``` -Incremental backups can also be created from [an untarred backup](#skipping-tar-creation) by using `SKIP=tar`: +To create an [untarred](#skipping-tar-creation) incremental backup from a tarred backup, use `SKIP=tar`: ```shell sudo gitlab-backup create INCREMENTAL=yes SKIP=tar ``` +You can't create an incremental backup from an [untarred](#skipping-tar-creation) backup. + ### Back up specific repository storages > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/86896) in GitLab 15.0. diff --git a/doc/user/application_security/api_fuzzing/index.md b/doc/user/application_security/api_fuzzing/index.md index 76b06b2d329..8e371ed4dc6 100644 --- a/doc/user/application_security/api_fuzzing/index.md +++ b/doc/user/application_security/api_fuzzing/index.md @@ -39,6 +39,7 @@ or other scanners) during a scan could cause inaccurate results. You can run a Web API fuzzing scan using the following methods: - [OpenAPI Specification](#openapi-specification) - version 2, and 3. +- [GraphQL Schema](#graphql-schema) - [HTTP Archive](#http-archive-har) (HAR) - [Postman Collection](#postman-collection) - version 2.0 or 2.1 @@ -76,6 +77,7 @@ To enable Web API fuzzing: - For manual configuration instructions, see the respective section, depending on the API type: - [OpenAPI Specification](#openapi-specification) + - [GraphQL Schema](#graphql-schema) - [HTTP Archive (HAR)](#http-archive-har) - [Postman Collection](#postman-collection) - Otherwise, see [Web API fuzzing configuration form](#web-api-fuzzing-configuration-form). @@ -262,7 +264,7 @@ Example `.gitlab-ci.yml` file using a HAR file: FUZZAPI_TARGET_URL: http://test-deployment/ ``` -This is a minimal configuration for API fuzzing. From here you can: +This example is a minimal configuration for API fuzzing. From here you can: - [Run your first scan](#running-your-first-scan). - [Add authentication](#authentication). @@ -270,6 +272,118 @@ This is a minimal configuration for API fuzzing. From here you can: For details of API fuzzing configuration options, see [Available CI/CD variables](#available-cicd-variables). +### GraphQL Schema + +> Support for GraphQL Schema was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/352780) in GitLab 15.4. + +GraphQL is a query language for your API and an alternative to REST APIs. +API Fuzzing supports testing GraphQL endpoints multiple ways: + +- Test using the GraphQL Schema. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/352780) in GitLab 15.4. +- Test using a recording (HAR) of GraphQL queries. +- Test using a Postman Collection containing GraphQL queries. + +This section documents how to test using a GraphQL schema. The GraphQL schema support in +API Fuzzing is able to query the schema from endpoints that support introspection. +Introspection is enabled by default to allow tools like GraphiQL to work. + +#### API Fuzzing scanning with a GraphQL endpoint URL + +The GraphQL support in API Fuzzing is able to query a GraphQL endpoint for the schema. + +NOTE: +The GraphQL endpoint must support introspection queries for this method to work correctly. + +To configure API Fuzzing to use an GraphQL endpoint URL that provides information about the target API to test: + +1. [Include](../../../ci/yaml/index.md#includetemplate) + the [`API-Fuzzing.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/API-Fuzzing.gitlab-ci.yml) in your `.gitlab-ci.yml` file. + +1. Provide the GraphQL endpoint path, for example `/api/graphql`. Specify the path by adding the `FUZZAPI_GRAPHQL` variable. + +1. The target API instance's base URL is also required. Provide it by using the `FUZZAPI_TARGET_URL` + variable or an `environment_url.txt` file. + + Adding the URL in an `environment_url.txt` file at your project's root is great for testing in + dynamic environments. See the [dynamic environment solutions](#dynamic-environment-solutions) section of our documentation for more information. + +Complete example configuration of using a GraphQL endpoint URL: + +```yaml +stages: + - fuzz + +include: + - template: API-Fuzzing.gitlab-ci.yml + +apifuzzer_fuzz: + variables: + FUZZAPI_GRAPHQL: /api/graphql + FUZZAPI_TARGET_URL: http://test-deployment/ +``` + +This example is a minimal configuration for API Fuzzing. From here you can: + +- [Run your first scan](#running-your-first-scan). +- [Add authentication](#authentication). +- Learn how to [handle false positives](#handling-false-positives). + +#### API Fuzzing with a GraphQL Schema file + +To configure API Fuzzing to use a GraphQl schema file that provides information about the target API to test: + +1. [Include](../../../ci/yaml/index.md#includetemplate) + the [`API-Fuzzing.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/API-Fuzzing.gitlab-ci.yml) in your `.gitlab-ci.yml` file. + +1. Provide the GraphQL endpoint path, for example `/api/graphql`. Specify the path by adding the `FUZZAPI_GRAPHQL` variable. + +1. Provide the location of the GraphQL schema file. You can provide the location as a file path + or URL. Specify the location by adding the `FUZZAPI_GRAPHQL_SCHEMA` variable. + +1. The target API instance's base URL is also required. Provide it by using the `FUZZAPI_TARGET_URL` + variable or an `environment_url.txt` file. + + Adding the URL in an `environment_url.txt` file at your project's root is great for testing in + dynamic environments. See the [dynamic environment solutions](#dynamic-environment-solutions) section of our documentation for more information. + +Complete example configuration of using an GraphQL schema file: + +```yaml +stages: + - fuzz + +include: + - template: API-Fuzzing.gitlab-ci.yml + +apifuzzer_fuzz: + variables: + FUZZAPI_GRAPHQL: /api/graphql + FUZZAPI_GRAPHQL_SCHEMA: test-api-graphql.schema + FUZZAPI_TARGET_URL: http://test-deployment/ +``` + +Complete example configuration of using an GraphQL schema file URL: + +```yaml +stages: + - fuzz + +include: + - template: API-Fuzzing.gitlab-ci.yml + +apifuzzer_fuzz: + variables: + FUZZAPI_GRAPHQL: /api/graphql + FUZZAPI_GRAPHQL_SCHEMA: http://file-store/files/test-api-graphql.schema + FUZZAPI_TARGET_URL: http://test-deployment/ +``` + +This example is a minimal configuration for API Fuzzing. From here you can: + +- [Run your first scan](#running-your-first-scan). +- [Add authentication](#authentication). +- Learn how to [handle false positives](#handling-false-positives). + ### Postman Collection The [Postman API Client](https://www.postman.com/product/api-client/) is a popular tool that @@ -991,6 +1105,8 @@ profile increases as the number of tests increases. |[`FUZZAPI_OPENAPI_ALL_MEDIA_TYPES`](#openapi-specification) | Use all supported media types instead of one when generating requests. Causes test duration to be longer. Default is disabled. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/333304) in GitLab 14.10. | |[`FUZZAPI_OPENAPI_MEDIA_TYPES`](#openapi-specification) | Colon (`:`) separated media types accepted for testing. Default is disabled. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/333304) in GitLab 14.10. | |[`FUZZAPI_HAR`](#http-archive-har) | HTTP Archive (HAR) file. | +|[`FUZZAPI_GRAPHQL`](#graphql-schema) | Path to GraphQL endpoint, for example `/api/graphql`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/352780) in GitLab 15.4. | +|[`FUZZAPI_GRAPHQL_SCHEMA`](#graphql-schema) | A URL or filename for a GraphQL schema in JSON format. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/352780) in GitLab 15.4. | |[`FUZZAPI_POSTMAN_COLLECTION`](#postman-collection) | Postman Collection file. | |[`FUZZAPI_POSTMAN_COLLECTION_VARIABLES`](#postman-variables) | Path to a JSON file to extract Postman variable values. The support for comma-separated (`,`) files was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/356312) in GitLab 15.1. | |[`FUZZAPI_POSTMAN_COLLECTION_VARIABLES`](#postman-variables) | Path to a JSON file to extract Postman variable values. | @@ -2103,7 +2219,7 @@ A bug exists in versions of the API Fuzzing analyzer prior to v1.6.196 that can The version information can be found in the job details for the `apifuzzer_fuzz` job. -If the issue is occurring with versions v1.6.196 or greater, please contact Support and provide the following information: +If the issue is occurring with versions v1.6.196 or greater, contact Support and provide the following information: 1. Reference this troubleshooting section and ask for the issue to be escalated to the Dynamic Analysis Team. 1. The full console output of the job. diff --git a/doc/user/application_security/dast_api/index.md b/doc/user/application_security/dast_api/index.md index 022a4a0fd8a..f15dce37123 100644 --- a/doc/user/application_security/dast_api/index.md +++ b/doc/user/application_security/dast_api/index.md @@ -55,6 +55,7 @@ The following projects demonstrate DAST API scanning: You can specify the API you want to scan by using: - [OpenAPI v2 or v3 Specification](#openapi-specification) +- [GraphQL Schema](#graphql-schema) - [HTTP Archive (HAR)](#http-archive-har) - [Postman Collection v2.0 or v2.1](#postman-collection) @@ -199,7 +200,119 @@ variables: DAST_API_TARGET_URL: http://test-deployment/ ``` -This is a minimal configuration for DAST API. From here you can: +This example is a minimal configuration for DAST API. From here you can: + +- [Run your first scan](#running-your-first-scan). +- [Add authentication](#authentication). +- Learn how to [handle false positives](#handling-false-positives). + +### GraphQL Schema + +> Support for GraphQL Schema was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/352780) in GitLab 15.4. + +GraphQL is a query language for your API and an alternative to REST APIs. +DAST API supports testing GraphQL endpoints multiple ways: + +- Test using the GraphQL Schema. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/352780) in GitLab 15.4. +- Test using a recording (HAR) of GraphQL queries. +- Test using a Postman Collection containing GraphQL queries. + +This section documents how to test using a GraphQL schema. The GraphQL schema support in +DAST API is able to query the schema from endpoints that support introspection. +Introspection is enabled by default to allow tools like GraphiQL to work. + +#### DAST API scanning with a GraphQL endpoint URL + +The GraphQL support in DAST API is able to query a GraphQL endpoint for the schema. + +NOTE: +The GraphQL endpoint must support introspection queries for this method to work correctly. + +To configure DAST API to use a GraphQL endpoint URL that provides information about the target API to test: + +1. [Include](../../../ci/yaml/index.md#includetemplate) + the [`DAST-API.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/DAST-API.gitlab-ci.yml) in your `.gitlab-ci.yml` file. + +1. Provide the path to the GraphQL endpoint, for example `/api/graphql`. Specify the location by adding the `DAST_API_GRAPHQL` variable. + +1. The target API instance's base URL is also required. Provide it by using the `DAST_API_TARGET_URL` + variable or an `environment_url.txt` file. + + Adding the URL in an `environment_url.txt` file at your project's root is great for testing in + dynamic environments. See the [dynamic environment solutions](#dynamic-environment-solutions) section of our documentation for more information. + +Complete example configuration of using a GraphQL endpoint path: + +```yaml +stages: + - dast + +include: + - template: DAST-API.gitlab-ci.yml + +dast_api: + variables: + DAST_API_GRAPHQL: /api/graphql + DAST_API_TARGET_URL: http://test-deployment/ +``` + +This example is a minimal configuration for DAST API. From here you can: + +- [Run your first scan](#running-your-first-scan). +- [Add authentication](#authentication). +- Learn how to [handle false positives](#handling-false-positives). + +#### DAST API scanning with a GraphQL Schema file + +To configure DAST API to use a GraphQL schema file that provides information about the target API to test: + +1. [Include](../../../ci/yaml/index.md#includetemplate) + the [`DAST-API.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/DAST-API.gitlab-ci.yml) in your `.gitlab-ci.yml` file. + +1. Provide the GraphQL endpoint path, for example `/api/graphql`. Specify the path by adding the `DAST_API_GRAPHQL` variable. + +1. Provide the location of the GraphQL schema file. You can provide the location as a file path + or URL. Specify the location by adding the `DAST_API_GRAPHQL_SCHEMA` variable. + +1. The target API instance's base URL is also required. Provide it by using the `DAST_API_TARGET_URL` + variable or an `environment_url.txt` file. + + Adding the URL in an `environment_url.txt` file at your project's root is great for testing in + dynamic environments. See the [dynamic environment solutions](#dynamic-environment-solutions) section of our documentation for more information. + +Complete example configuration of using an GraphQL schema file: + +```yaml +stages: + - dast + +include: + - template: DAST-API.gitlab-ci.yml + +dast_api: + variables: + DAST_API_GRAPHQL: /api/graphql + DAST_API_GRAPHQL_SCHEMA: test-api-graphql.schema + DAST_API_TARGET_URL: http://test-deployment/ +``` + +Complete example configuration of using an GraphQL schema file URL: + +```yaml +stages: + - dast + +include: + - template: DAST-API.gitlab-ci.yml + +dast_api: + variables: + DAST_API_GRAPHQL: /api/graphql + DAST_API_GRAPHQL_SCHEMA: http://file-store/files/test-api-graphql.schema + DAST_API_TARGET_URL: http://test-deployment/ +``` + +This example is a minimal configuration for DAST API. From here you can: - [Run your first scan](#running-your-first-scan). - [Add authentication](#authentication). @@ -938,6 +1051,8 @@ can be added, removed, and modified by creating a custom configuration. |[`DAST_API_OPENAPI_ALL_MEDIA_TYPES`](#openapi-specification) | Use all supported media types instead of one when generating requests. Causes test duration to be longer. Default is disabled. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/333304) in GitLab 14.10. | |[`DAST_API_OPENAPI_MEDIA_TYPES`](#openapi-specification) | Colon (`:`) separated media types accepted for testing. Default is disabled. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/333304) in GitLab 14.10. | |[`DAST_API_HAR`](#http-archive-har) | HTTP Archive (HAR) file. | +|[`DAST_API_GRAPHQL`](#graphql-schema) | Path to GraphQL endpoint, for example `/api/graphql`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/352780) in GitLab 15.4. | +|[`DAST_API_GRAPHQL_SCHEMA`](#graphql-schema) | A URL or filename for a GraphQL schema in JSON format. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/352780) in GitLab 15.4. | |[`DAST_API_POSTMAN_COLLECTION`](#postman-collection) | Postman Collection file. | |[`DAST_API_POSTMAN_COLLECTION_VARIABLES`](#postman-variables) | Path to a JSON file to extract Postman variable values. The support for comma-separated (`,`) files was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/356312) in GitLab 15.1. | |[`DAST_API_OVERRIDES_FILE`](#overrides) | Path to a JSON file containing overrides. | diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 408e7f3f75e..87ff69fa9eb 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -27087,6 +27087,9 @@ msgstr "" msgid "Notify|A remote mirror update has failed." msgstr "" +msgid "Notify|After it expires, you can %{a_start} request a new one %{a_end}." +msgstr "" + msgid "Notify|All discussions on merge request %{mr_link} were resolved by %{name}" msgstr "" @@ -27108,6 +27111,9 @@ msgstr "" msgid "Notify|CI/CD project settings" msgstr "" +msgid "Notify|Click here to set your password" +msgstr "" + msgid "Notify|Commit Author" msgstr "" @@ -27126,6 +27132,9 @@ msgstr "" msgid "Notify|Fingerprint: %{fingerprint}" msgstr "" +msgid "Notify|Hi %{username}!" +msgstr "" + msgid "Notify|Hi %{user}!" msgstr "" @@ -27198,6 +27207,9 @@ msgstr "" msgid "Notify|Remote mirror" msgstr "" +msgid "Notify|The Administrator created an account for you. Now you are a member of the company GitLab application." +msgstr "" + msgid "Notify|The Auto DevOps pipeline failed for pipeline %{pipeline_link} and has been disabled for %{project_link}. In order to use the Auto DevOps pipeline with your project, please review the %{supported_langs_link}, adjust your project accordingly, and turn on the Auto DevOps pipeline within your %{settings_link}." msgstr "" @@ -27213,6 +27225,9 @@ msgstr "" msgid "Notify|This issue is due on: %{issue_due_date}" msgstr "" +msgid "Notify|This link is valid for %{password_reset_token_valid_time}." +msgstr "" + msgid "Notify|Unless you verify your domain by %{time_start}%{time}%{time_end} it will be removed from your GitLab project." msgstr "" @@ -27228,6 +27243,9 @@ msgstr "" msgid "Notify|Your CSV import for project %{project_link} has been completed." msgstr "" +msgid "Notify|Your account has been created successfully." +msgstr "" + msgid "Notify|Your request to join the %{target_to_join} %{target_type} has been %{denied_tag}." msgstr "" @@ -27237,6 +27255,9 @@ msgstr "" msgid "Notify|deleted" msgstr "" +msgid "Notify|login.........................................." +msgstr "" + msgid "Notify|pushed new" msgstr "" diff --git a/spec/features/projects/blobs/blame_spec.rb b/spec/features/projects/blobs/blame_spec.rb index f50f6911120..5287d5e4f7d 100644 --- a/spec/features/projects/blobs/blame_spec.rb +++ b/spec/features/projects/blobs/blame_spec.rb @@ -38,6 +38,7 @@ RSpec.describe 'File blame', :js do within '[data-testid="blob-content-holder"]' do expect(page).to have_css('.blame-commit') expect(page).not_to have_css('.gl-pagination') + expect(page).not_to have_link _('View entire blame') end end diff --git a/spec/migrations/20220913030624_cleanup_attention_request_related_system_notes_spec.rb b/spec/migrations/20220913030624_cleanup_attention_request_related_system_notes_spec.rb new file mode 100644 index 00000000000..7338a6ab9ae --- /dev/null +++ b/spec/migrations/20220913030624_cleanup_attention_request_related_system_notes_spec.rb @@ -0,0 +1,26 @@ +# frozen_string_literal: true + +require 'spec_helper' +require_migration! + +RSpec.describe CleanupAttentionRequestRelatedSystemNotes, :migration do + let(:notes) { table(:notes) } + let(:system_note_metadata) { table(:system_note_metadata) } + + it 'removes all notes with attention request related system_note_metadata' do + notes.create!(id: 1, note: 'Attention request note', noteable_type: 'MergeRequest') + notes.create!(id: 2, note: 'Attention request remove note', noteable_type: 'MergeRequest') + notes.create!(id: 3, note: 'MergeRequest note', noteable_type: 'MergeRequest') + notes.create!(id: 4, note: 'Commit note', noteable_type: 'Commit') + system_note_metadata.create!(id: 11, action: 'attention_requested', note_id: 1) + system_note_metadata.create!(id: 22, action: 'attention_request_removed', note_id: 2) + system_note_metadata.create!(id: 33, action: 'merged', note_id: 3) + + expect { migrate! }.to change(notes, :count).by(-2) + + expect(system_note_metadata.where(action: %w[attention_requested attention_request_removed]).size).to eq(0) + expect(notes.where(noteable_type: 'MergeRequest').size).to eq(1) + expect(notes.where(noteable_type: 'Commit').size).to eq(1) + expect(system_note_metadata.where(action: 'merged').size).to eq(1) + end +end diff --git a/spec/services/merge_requests/ff_merge_service_spec.rb b/spec/services/merge_requests/ff_merge_service_spec.rb index 24a1a8b3113..aa5d6dcd1fb 100644 --- a/spec/services/merge_requests/ff_merge_service_spec.rb +++ b/spec/services/merge_requests/ff_merge_service_spec.rb @@ -75,6 +75,7 @@ RSpec.describe MergeRequests::FfMergeService do expect(merge_request).to receive(:update_and_mark_in_progress_merge_commit_sha).twice.and_call_original expect { execute_ff_merge }.not_to change { merge_request.squash_commit_sha } + expect(merge_request.merge_commit_sha).to be_nil expect(merge_request.in_progress_merge_commit_sha).to be_nil end @@ -87,6 +88,7 @@ RSpec.describe MergeRequests::FfMergeService do .to change { merge_request.squash_commit_sha } .from(nil) + expect(merge_request.merge_commit_sha).to be_nil expect(merge_request.in_progress_merge_commit_sha).to be_nil end end @@ -106,7 +108,6 @@ RSpec.describe MergeRequests::FfMergeService do service.execute(merge_request) - expect(merge_request.merge_error).to include(error_message) expect(Gitlab::AppLogger).to have_received(:error).with(a_string_matching(error_message)) end @@ -117,11 +118,6 @@ RSpec.describe MergeRequests::FfMergeService do pre_receive_error = Gitlab::Git::PreReceiveError.new(raw_message, fallback_message: error_message) allow(service).to receive(:repository).and_raise(pre_receive_error) allow(service).to receive(:execute_hooks) - expect(Gitlab::ErrorTracking).to receive(:track_exception).with( - pre_receive_error, - pre_receive_message: raw_message, - merge_request_id: merge_request.id - ) service.execute(merge_request) diff --git a/spec/support/rspec_order_todo.yml b/spec/support/rspec_order_todo.yml index ffd0095e57a..4e8a172177a 100644 --- a/spec/support/rspec_order_todo.yml +++ b/spec/support/rspec_order_todo.yml @@ -1080,7 +1080,7 @@ - './ee/spec/helpers/groups/sso_helper_spec.rb' - './ee/spec/helpers/incident_management/escalation_policy_helper_spec.rb' - './ee/spec/helpers/incident_management/oncall_schedule_helper_spec.rb' -- './ee/spec/helpers/kerberos_spnego_helper_spec.rb' +- './ee/spec/helpers/kerberos_helper_spec.rb' - './ee/spec/helpers/license_helper_spec.rb' - './ee/spec/helpers/license_monitoring_helper_spec.rb' - './ee/spec/helpers/manual_quarterly_co_term_banner_helper_spec.rb' @@ -1692,7 +1692,7 @@ - './ee/spec/lib/gitlab/web_ide/config/entry/schema/uri_spec.rb' - './ee/spec/lib/incident_management/oncall_shift_generator_spec.rb' - './ee/spec/lib/omni_auth/strategies/group_saml_spec.rb' -- './ee/spec/lib/omni_auth/strategies/kerberos_spnego_spec.rb' +- './ee/spec/lib/omni_auth/strategies/kerberos_spec.rb' - './ee/spec/lib/peek/views/elasticsearch_spec.rb' - './ee/spec/lib/sidebars/groups/menus/administration_menu_spec.rb' - './ee/spec/lib/sidebars/groups/menus/analytics_menu_spec.rb' @@ -2511,7 +2511,7 @@ - './ee/spec/requests/jwt_controller_spec.rb' - './ee/spec/requests/lfs_http_spec.rb' - './ee/spec/requests/lfs_locks_api_spec.rb' -- './ee/spec/requests/omniauth_kerberos_spnego_spec.rb' +- './ee/spec/requests/omniauth_kerberos_spec.rb' - './ee/spec/requests/projects/analytics/code_reviews_controller_spec.rb' - './ee/spec/requests/projects/audit_events_spec.rb' - './ee/spec/requests/projects/incidents_controller_spec.rb' |