diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-11-10 15:08:00 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-11-10 15:08:00 +0000 |
| commit | 609943de5e2ee6c3bf0f09d3fb1d5fc38ed5a4ed (patch) | |
| tree | d6c366584972d84f9171881fa5977e59b123bff6 | |
| parent | be2696666feee6e1045e0991309b71ce7f38a413 (diff) | |
| download | gitlab-ce-609943de5e2ee6c3bf0f09d3fb1d5fc38ed5a4ed.tar.gz | |
Add latest changes from gitlab-org/gitlab@master
31 files changed, 272 insertions, 148 deletions
diff --git a/.gitlab/ci/build-images.gitlab-ci.yml b/.gitlab/ci/build-images.gitlab-ci.yml index 3c7056a92c1..bb18ba12c4b 100644 --- a/.gitlab/ci/build-images.gitlab-ci.yml +++ b/.gitlab/ci/build-images.gitlab-ci.yml @@ -18,7 +18,7 @@ build-qa-image: - ./scripts/build_qa_image # This image is used by: -# - The `CNG` pipelines (via the `review-build-cng` job): https://gitlab.com/gitlab-org/build/CNG/-/blob/cfc67136d711e1c8c409bf8e57427a644393da2f/.gitlab-ci.yml#L335 +# - The `CNG` downstream pipelines (we pass the image tag via the `review-build-cng` job): https://gitlab.com/gitlab-org/gitlab/-/blob/c34e0834b01cd45c1f69a01b5e38dd6bc505f903/.gitlab/ci/review-apps/main.gitlab-ci.yml#L69 # - The `omnibus-gitlab` pipelines (via the `e2e:package-and-test` job): https://gitlab.com/gitlab-org/omnibus-gitlab/-/blob/dfd1ad475868fc84e91ab7b5706aa03e46dc3a86/.gitlab-ci.yml#L130 build-assets-image: extends: @@ -27,7 +27,10 @@ build-assets-image: stage: build-images needs: ["compile-production-assets"] script: - # TODO: Change the image tag to be the MD5 of assets files and skip image building if the image exists - # We'll also need to pass GITLAB_ASSETS_TAG to the trigerred omnibus-gitlab pipeline similarly to how we do it for trigerred CNG pipelines - # https://gitlab.com/gitlab-org/gitlab/issues/208389 - run_timed_command "scripts/build_assets_image" + artifacts: + expire_in: 7 days + paths: + # The `cached-assets-hash.txt` file is used in `review-build-cng-env` (`.gitlab/ci/review-apps/main.gitlab-ci.yml`) + # to pass the assets image tag to the CNG downstream pipeline. + - cached-assets-hash.txt diff --git a/.gitlab/ci/frontend.gitlab-ci.yml b/.gitlab/ci/frontend.gitlab-ci.yml index 803eeebfc45..d3ae3df6050 100644 --- a/.gitlab/ci/frontend.gitlab-ci.yml +++ b/.gitlab/ci/frontend.gitlab-ci.yml @@ -23,6 +23,7 @@ gitlab_assets_archive_doesnt_exist || run_timed_command "download_and_extract_gitlab_assets" fi - assets_compile_script + - echo -n "${GITLAB_ASSETS_HASH}" > "cached-assets-hash.txt" compile-production-assets: extends: @@ -38,6 +39,7 @@ compile-production-assets: # These assets are used in multiple locations: # - in `build-assets-image` job to create assets image for packaging systems # - GitLab UI for integration tests: https://gitlab.com/gitlab-org/gitlab-ui/-/blob/e88493b3c855aea30bf60baee692a64606b0eb1e/.storybook/preview-head.pug#L1 + - cached-assets-hash.txt - public/assets/ - "${WEBPACK_COMPILE_LOG_PATH}" when: always @@ -68,9 +70,6 @@ update-assets-compile-production-cache: - .assets-compile-cache-push - .shared:rules:update-cache stage: prepare - script: - - !reference [compile-production-assets, script] - - echo -n "${GITLAB_ASSETS_HASH}" > "cached-assets-hash.txt" artifacts: {} # This job's purpose is only to update the cache. update-assets-compile-test-cache: diff --git a/.gitlab/ci/package-and-test/main.gitlab-ci.yml b/.gitlab/ci/package-and-test/main.gitlab-ci.yml index 83049e6fbc2..3e0064961d9 100644 --- a/.gitlab/ci/package-and-test/main.gitlab-ci.yml +++ b/.gitlab/ci/package-and-test/main.gitlab-ci.yml @@ -38,23 +38,6 @@ stages: extends: - .gitlab-qa-install -.omnibus-env: - variables: - BUILD_ENV: build.env - script: - - | - SECURITY_SOURCES=$([[ ! "$CI_PROJECT_NAMESPACE" =~ ^gitlab-org\/security ]] || echo "true") - echo "SECURITY_SOURCES=${SECURITY_SOURCES:-false}" > $BUILD_ENV - echo "OMNIBUS_GITLAB_CACHE_UPDATE=${OMNIBUS_GITLAB_CACHE_UPDATE:-false}" >> $BUILD_ENV - for version_file in *_VERSION; do echo "$version_file=$(cat $version_file)" >> $BUILD_ENV; done - echo "OMNIBUS_GITLAB_RUBY3_BUILD=${OMNIBUS_GITLAB_RUBY3_BUILD:-false}" >> $BUILD_ENV - echo "OMNIBUS_GITLAB_CACHE_EDITION=${OMNIBUS_GITLAB_CACHE_EDITION:-GITLAB}" >> $BUILD_ENV - echo "Built environment file for omnibus build:" - cat $BUILD_ENV - artifacts: - reports: - dotenv: $BUILD_ENV - .update-script: script: - export QA_COMMAND="bundle exec gitlab-qa Test::Omnibus::UpdateFromPrevious $RELEASE $GITLAB_VERSION $UPDATE_TYPE -- $QA_RSPEC_TAGS $RSPEC_REPORT_OPTS" @@ -108,9 +91,42 @@ dont-interrupt-me: trigger-omnibus-env: extends: - - .omnibus-env - .rules:omnibus-build stage: .pre + needs: + # We need this job because we need its `cached-assets-hash.txt` artifact, so that we can pass the assets image tag to the downstream omnibus-gitlab pipeline. + - pipeline: $PARENT_PIPELINE_ID + job: build-assets-image + variables: + BUILD_ENV: build.env + before_script: + - | + # This is duplicating the function from `scripts/utils.sh` since that file can be included in other projects. + function assets_image_tag() { + local cache_assets_hash_file="cached-assets-hash.txt" + + if [[ -n "${CI_COMMIT_TAG}" ]]; then + echo -n "${CI_COMMIT_REF_NAME}" + elif [[ -f "${cache_assets_hash_file}" ]]; then + echo -n "assets-hash-$(cat ${cache_assets_hash_file} | cut -c1-10)" + else + echo -n "${CI_COMMIT_SHA}" + fi + } + script: + - | + SECURITY_SOURCES=$([[ ! "$CI_PROJECT_NAMESPACE" =~ ^gitlab-org\/security ]] || echo "true") + echo "SECURITY_SOURCES=${SECURITY_SOURCES:-false}" > $BUILD_ENV + echo "OMNIBUS_GITLAB_CACHE_UPDATE=${OMNIBUS_GITLAB_CACHE_UPDATE:-false}" >> $BUILD_ENV + for version_file in *_VERSION; do echo "$version_file=$(cat $version_file)" >> $BUILD_ENV; done + echo "OMNIBUS_GITLAB_RUBY3_BUILD=${OMNIBUS_GITLAB_RUBY3_BUILD:-false}" >> $BUILD_ENV + echo "OMNIBUS_GITLAB_CACHE_EDITION=${OMNIBUS_GITLAB_CACHE_EDITION:-GITLAB}" >> $BUILD_ENV + echo "GITLAB_ASSETS_TAG=$(assets_image_tag)" >> $BUILD_ENV + echo "Built environment file for omnibus build:" + cat $BUILD_ENV + artifacts: + reports: + dotenv: $BUILD_ENV trigger-omnibus: extends: .rules:omnibus-build @@ -128,6 +144,7 @@ trigger-omnibus: GITLAB_SHELL_VERSION: $GITLAB_SHELL_VERSION GITLAB_WORKHORSE_VERSION: $GITLAB_WORKHORSE_VERSION GITLAB_VERSION: $CI_COMMIT_SHA + GITLAB_ASSETS_TAG: $GITLAB_ASSETS_TAG IMAGE_TAG: $CI_COMMIT_SHA TOP_UPSTREAM_SOURCE_PROJECT: $CI_PROJECT_PATH SECURITY_SOURCES: $SECURITY_SOURCES diff --git a/.gitlab/ci/qa.gitlab-ci.yml b/.gitlab/ci/qa.gitlab-ci.yml index 11331967e95..ab1d57ea71a 100644 --- a/.gitlab/ci/qa.gitlab-ci.yml +++ b/.gitlab/ci/qa.gitlab-ci.yml @@ -75,6 +75,8 @@ e2e:package-and-test: - build-qa-image - e2e-test-pipeline-generate variables: + # This is needed by `trigger-omnibus-env` (`.gitlab/ci/package-and-test/main.gitlab-ci.yml`). + PARENT_PIPELINE_ID: $CI_PIPELINE_ID SKIP_MESSAGE: Skipping package-and-test due to mr containing only quarantine changes! RELEASE: "${REGISTRY_HOST}/${REGISTRY_GROUP}/build/omnibus-gitlab-mirror/gitlab-ee:${CI_COMMIT_SHA}" GITLAB_QA_IMAGE: "${CI_REGISTRY_IMAGE}/gitlab-ee-qa:${CI_COMMIT_SHA}" diff --git a/.gitlab/ci/review-apps/main.gitlab-ci.yml b/.gitlab/ci/review-apps/main.gitlab-ci.yml index 3fab25f7236..68fc4e48ba9 100644 --- a/.gitlab/ci/review-apps/main.gitlab-ci.yml +++ b/.gitlab/ci/review-apps/main.gitlab-ci.yml @@ -34,18 +34,24 @@ review-build-cng-env: - .review:rules:review-build-cng image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:3.0-alpine3.13 stage: prepare - needs: [] + needs: + # We need this job because we need its `cached-assets-hash.txt` artifact, so that we can pass the assets image tag to the downstream CNG pipeline. + - pipeline: $PARENT_PIPELINE_ID + job: build-assets-image + variables: + BUILD_ENV: build.env before_script: - source ./scripts/utils.sh - install_gitlab_gem script: - - 'ruby -r./scripts/trigger-build.rb -e "puts Trigger.variables_for_env_file(Trigger::CNG.new.variables)" > build.env' - - cat build.env + - 'ruby -r./scripts/trigger-build.rb -e "puts Trigger.variables_for_env_file(Trigger::CNG.new.variables)" > $BUILD_ENV' + - echo "GITLAB_ASSETS_TAG=$(assets_image_tag)" >> $BUILD_ENV + - cat $BUILD_ENV artifacts: reports: - dotenv: build.env + dotenv: $BUILD_ENV paths: - - build.env + - $BUILD_ENV expire_in: 7 days when: always diff --git a/.gitlab/ci/review.gitlab-ci.yml b/.gitlab/ci/review.gitlab-ci.yml index 35df4de6513..b185e8deb70 100644 --- a/.gitlab/ci/review.gitlab-ci.yml +++ b/.gitlab/ci/review.gitlab-ci.yml @@ -29,6 +29,8 @@ start-review-app-pipeline: # They need to be explicitly passed on to the child pipeline. # https://docs.gitlab.com/ee/ci/pipelines/multi_project_pipelines.html#pass-cicd-variables-to-a-downstream-pipeline-by-using-the-variables-keyword variables: + # This is needed by `review-build-cng-env` (`.gitlab/ci/review-apps/main.gitlab-ci.yml`). + PARENT_PIPELINE_ID: $CI_PIPELINE_ID SCHEDULE_TYPE: $SCHEDULE_TYPE DAST_RUN: $DAST_RUN SKIP_MESSAGE: Skipping review-app due to mr containing only quarantine changes! diff --git a/Dockerfile.assets b/Dockerfile.assets index 403d16cc4ab..ba69a614e88 100644 --- a/Dockerfile.assets +++ b/Dockerfile.assets @@ -1,4 +1,4 @@ # Simple container to store assets for later use FROM scratch -ADD public/assets /assets/ +COPY public/assets /assets/ CMD /bin/true diff --git a/data/deprecations/15-6-deprecate-config-fields-runner-helm-chart.yml b/data/deprecations/15-6-deprecate-config-fields-runner-helm-chart.yml new file mode 100644 index 00000000000..3d8d946027f --- /dev/null +++ b/data/deprecations/15-6-deprecate-config-fields-runner-helm-chart.yml @@ -0,0 +1,13 @@ +- name: "Configuration fields in GitLab Runner Helm Chart" # (required) The name of the feature to be deprecated + announcement_milestone: "15.6" # (required) The milestone when this feature was first announced as deprecated. + announcement_date: "2022-11-22" # (required) The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post. + removal_milestone: "16.0" # (required) The milestone when this feature is planned to be removed + removal_date: "2023-05-22" # (required) The date of the milestone release when this feature is planned to be removed. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post. + breaking_change: true # (required) If this deprecation is a breaking change, set this value to true + reporter: ratchade # (required) GitLab username of the person reporting the deprecation + stage: Verify # (required) String value of the stage that the feature was created in. e.g., Growth + issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/379064 # (required) Link to the deprecation issue in GitLab + body: | # (required) Do not modify this line, instead modify the lines below. + From GitLab 13.6, users can [specify any runner configuration in the GitLab Runner Helm chart](https://docs.gitlab.com/runner/install/kubernetes.html). When we implemented this feature, we deprecated values in the GitLab Helm Chart configuration that were specific to GitLab Runner. These fields are deprecated and we plan to remove them in v1.0 of the GitLab Runner Helm chart. + end_of_support_milestone: "16.0" # (optional) Use "XX.YY" format. The milestone when support for this feature will end. + end_of_support_date: "2023-05-22" # (optional) The date of the milestone release when support for this feature will end. diff --git a/data/deprecations/15-6-deprecate-post-api-v4-runner.yml b/data/deprecations/15-6-deprecate-post-api-v4-runner.yml index ca7d19fe353..bb659688ce6 100644 --- a/data/deprecations/15-6-deprecate-post-api-v4-runner.yml +++ b/data/deprecations/15-6-deprecate-post-api-v4-runner.yml @@ -15,6 +15,7 @@ [GitLab Runner token architecture](https://docs.gitlab.com/ee/architecture/blueprints/runner_tokens/). This new architecture introduces a new method for registering runners and eliminates the legacy [runner registration token](https://docs.gitlab.com/ee/security/token_overview.html#runner-registration-tokens). + We plan to introduce a new method of binding a GitLab Runner to a GitLab instance in GitLab 15.8. This will be the only supported method starting in GitLab 16.0. end_of_support_milestone: "16.0" # (optional) Use "XX.YY" format. The milestone when support for this feature will end. end_of_support_date: "2023-05-22" # (optional) The date of the milestone release when support for this feature will end. tiers: # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate] diff --git a/data/deprecations/15-6-deprecate-runner-reg-token-helm.yml b/data/deprecations/15-6-deprecate-runner-reg-token-helm.yml new file mode 100644 index 00000000000..c3fd97aa296 --- /dev/null +++ b/data/deprecations/15-6-deprecate-runner-reg-token-helm.yml @@ -0,0 +1,14 @@ +- name: "`runnerRegistrationToken` parameter for GitLab Runner Helm Chart" # (required) The name of the feature to be deprecated + announcement_milestone: "15.6" # (required) The milestone when this feature was first announced as deprecated. + announcement_date: "2022-11-22" # (required) The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post. + removal_milestone: "16.0" # (required) The milestone when this feature is planned to be removed + removal_date: "2023-05-22" # (required) The date of the milestone release when this feature is planned to be removed. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post. + breaking_change: true # (required) If this deprecation is a breaking change, set this value to true + reporter: pedropombeiro # (required) GitLab username of the person reporting the deprecation + stage: Verify # (required) String value of the stage that the feature was created in. e.g., Growth + issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/381111 # (required) Link to the deprecation issue in GitLab + body: | # (required) Do not modify this line, instead modify the lines below. + The [`runnerRegistrationToken`](https://docs.gitlab.com/runner/install/kubernetes.html#required-configuration) parameter to use the GitLab Helm Chart to install a runner on Kubernetes is deprecated. GitLab plans to introduce a new [GitLab Runner token architecture](https://docs.gitlab.com/ee/architecture/blueprints/runner_tokens/). As part of the new architecture, we plan to introduce a single runner authentication token, `runnerToken`, and a unique system ID saved to the `config.toml` to allow traceability between jobs and runners. + We plan to introduce a new method of binding a GitLab Runner to a GitLab instance in GitLab 15.8. This will be the only supported method starting in GitLab 16.0. + end_of_support_milestone: "16.0" # (optional) Use "XX.YY" format. The milestone when support for this feature will end. + end_of_support_date: "2023-05-22" # (optional) The date of the milestone release when support for this feature will end. diff --git a/doc/ci/pipelines/downstream_pipelines.md b/doc/ci/pipelines/downstream_pipelines.md index 74947033a3a..c8fcd06da07 100644 --- a/doc/ci/pipelines/downstream_pipelines.md +++ b/doc/ci/pipelines/downstream_pipelines.md @@ -149,8 +149,8 @@ job3: > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/205157) in GitLab 13.5. -You can use [`include:file`](../yaml/index.md#includefile) to trigger child pipelines -with a configuration file in a different project: +You can use [`include:project`](../yaml/index.md#includeproject) in a trigger job +to trigger child pipelines with a configuration file in a different project: ```yaml microservice_a: diff --git a/doc/ci/yaml/index.md b/doc/ci/yaml/index.md index f511a74b244..9701451ae31 100644 --- a/doc/ci/yaml/index.md +++ b/doc/ci/yaml/index.md @@ -146,7 +146,7 @@ the time limit to resolve all files is 30 seconds. **Possible inputs**: The `include` subkeys: - [`include:local`](#includelocal) -- [`include:file`](#includefile) +- [`include:project`](#includeproject) - [`include:remote`](#includeremote) - [`include:template`](#includetemplate) @@ -203,58 +203,52 @@ include: '.gitlab-ci-production.yml' - All [nested includes](includes.md#use-nested-includes) are executed in the scope of the same project, so you can use local, project, remote, or template includes. -#### `include:file` +#### `include:project` > Including multiple files from the same project [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/26793) in GitLab 13.6. [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/271560) in GitLab 13.8. To include files from another private project on the same GitLab instance, -use `include:file`. You can use `include:file` in combination with `include:project` only. +use `include:project` and `include:file`. **Keyword type**: Global keyword. **Possible inputs**: -A full path, relative to the root directory (`/`): +- `include:project`: The full GitLab project path. +- `include:file` A full file path, or array of file paths, relative to the root directory (`/`). + The YAML files must have the `.yml` or `.yaml` extension. +- `include:ref`: Optional. The ref to retrieve the file from. Defaults to the `HEAD` of the project + when not specified. -- The YAML file must have the extension `.yml` or `.yaml`. -- You can use [certain CI/CD variables](includes.md#use-variables-with-include). +You can use [certain CI/CD variables](includes.md#use-variables-with-include). -**Example of `include:file`**: +**Example of `include:project`**: ```yaml include: - project: 'my-group/my-project' file: '/templates/.gitlab-ci-template.yml' + - project: 'my-group/my-subgroup/my-project-2' + file: + - '/templates/.builds.yml' + - '/templates/.tests.yml' ``` -You can also specify a `ref`. If you do not specify a value, the ref defaults to the `HEAD` of the project: +You can also specify a `ref`: ```yaml include: - project: 'my-group/my-project' - ref: main + ref: main # Git branch file: '/templates/.gitlab-ci-template.yml' - - project: 'my-group/my-project' - ref: v1.0.0 # Git Tag + ref: v1.0.0 # Git Tag file: '/templates/.gitlab-ci-template.yml' - - project: 'my-group/my-project' ref: 787123b47f14b552955ca2786bc9542ae66fee5b # Git SHA file: '/templates/.gitlab-ci-template.yml' ``` -You can include multiple files from the same project: - -```yaml -include: - - project: 'my-group/my-project' - ref: main - file: - - '/templates/.builds.yml' - - '/templates/.tests.yml' -``` - **Additional details**: - All [nested includes](includes.md#use-nested-includes) are executed in the scope of the target project. diff --git a/doc/update/deprecations.md b/doc/update/deprecations.md index 5ce46cbd364..d64c22b72f9 100644 --- a/doc/update/deprecations.md +++ b/doc/update/deprecations.md @@ -49,6 +49,21 @@ sole discretion of GitLab Inc. <div class="deprecation removal-160 breaking-change"> +### Configuration fields in GitLab Runner Helm Chart + +End of Support: GitLab <span class="removal-milestone">16.0</span> (2023-05-22)<br /> +Planned removal: GitLab <span class="removal-milestone">16.0</span> (2023-05-22) + +WARNING: +This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/). +Review the details carefully before upgrading. + +From GitLab 13.6, users can [specify any runner configuration in the GitLab Runner Helm chart](https://docs.gitlab.com/runner/install/kubernetes.html). When we implemented this feature, we deprecated values in the GitLab Helm Chart configuration that were specific to GitLab Runner. These fields are deprecated and we plan to remove them in v1.0 of the GitLab Runner Helm chart. + +</div> + +<div class="deprecation removal-160 breaking-change"> + ### `POST /api/v4/runners` method to register runners End of Support: GitLab <span class="removal-milestone">16.0</span> (2023-05-22)<br /> @@ -65,6 +80,7 @@ and method in GitLab 16.0, and introduce a new [GitLab Runner token architecture](https://docs.gitlab.com/ee/architecture/blueprints/runner_tokens/). This new architecture introduces a new method for registering runners and eliminates the legacy [runner registration token](https://docs.gitlab.com/ee/security/token_overview.html#runner-registration-tokens). +We plan to introduce a new method of binding a GitLab Runner to a GitLab instance in GitLab 15.8. This will be the only supported method starting in GitLab 16.0. </div> @@ -82,6 +98,22 @@ Review the details carefully before upgrading. The command to [register](https://docs.gitlab.com/runner/register/) a runner, `gitlab-runner register` is deprecated. GitLab plans to introduce a new [GitLab Runner token architecture](https://docs.gitlab.com/ee/architecture/blueprints/runner_tokens/), which introduces a new method for registering runners and eliminates the legacy [runner registration token](https://docs.gitlab.com/ee/security/token_overview.html#runner-registration-tokens). </div> + +<div class="deprecation removal-160 breaking-change"> + +### `runnerRegistrationToken` parameter for GitLab Runner Helm Chart + +End of Support: GitLab <span class="removal-milestone">16.0</span> (2023-05-22)<br /> +Planned removal: GitLab <span class="removal-milestone">16.0</span> (2023-05-22) + +WARNING: +This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/). +Review the details carefully before upgrading. + +The [`runnerRegistrationToken`](https://docs.gitlab.com/runner/install/kubernetes.html#required-configuration) parameter to use the GitLab Helm Chart to install a runner on Kubernetes is deprecated. GitLab plans to introduce a new [GitLab Runner token architecture](https://docs.gitlab.com/ee/architecture/blueprints/runner_tokens/). As part of the new architecture, we plan to introduce a single runner authentication token, `runnerToken`, and a unique system ID saved to the `config.toml` to allow traceability between jobs and runners. +We plan to introduce a new method of binding a GitLab Runner to a GitLab instance in GitLab 15.8. This will be the only supported method starting in GitLab 16.0. + +</div> </div> <div class="announcement-milestone"> diff --git a/lib/api/ci/helpers/runner.rb b/lib/api/ci/helpers/runner.rb index 269f2fa7ddc..be4d82bc500 100644 --- a/lib/api/ci/helpers/runner.rb +++ b/lib/api/ci/helpers/runner.rb @@ -53,7 +53,7 @@ module API # HTTP status codes to terminate the job on GitLab Runner: # - 403 - def authenticate_job!(require_running: true, heartbeat_runner: false) + def authenticate_job!(heartbeat_runner: false) job = current_job # 404 is not returned here because we want to terminate the job if it's @@ -66,10 +66,7 @@ module API forbidden!('Project has been deleted!') if job.project.nil? || job.project.pending_delete? forbidden!('Job has been erased!') if job.erased? - - if require_running - job_forbidden!(job, 'Job is not running') unless job.running? - end + job_forbidden!(job, 'Job is not running') unless job.running? # Only some requests (like updating the job or patching the trace) should trigger # runner heartbeat. Operations like artifacts uploading are executed in context of @@ -87,9 +84,9 @@ module API end def authenticate_job_via_dependent_job! - forbidden! unless current_authenticated_job + authenticate! forbidden! unless current_job - forbidden! unless can?(current_authenticated_job.user, :read_build, current_job) + forbidden! unless can?(current_user, :read_build, current_job) end def current_job @@ -106,21 +103,6 @@ module API end end - # TODO: Replace this with `#current_authenticated_job from API::Helpers` - # after the feature flag `ci_authenticate_running_job_token_for_artifacts` - # is removed. - # - # For the time being, this needs to be overridden because the API - # GET api/v4/jobs/:id/artifacts - # needs to allow requests using token whose job is not running. - # - # https://gitlab.com/gitlab-org/gitlab/-/merge_requests/83713#note_942368526 - def current_authenticated_job - strong_memoize(:current_authenticated_job) do - ::Ci::AuthJobFinder.new(token: job_token).execute - end - end - # The token used by runner to authenticate a request. # In most cases, the runner uses the token belonging to the requested job. # However, when requesting for job artifacts, the runner would use @@ -151,10 +133,6 @@ module API { config: attributes_for_keys(%w(gpus), params.dig('info', 'config')) } end - def request_using_running_job_token? - current_job.present? && current_authenticated_job.present? && current_job != current_authenticated_job - end - def metrics strong_memoize(:metrics) { ::Gitlab::Ci::Runner::Metrics.new } end diff --git a/lib/api/ci/runner.rb b/lib/api/ci/runner.rb index 6497b8cadaf..c7d1887638a 100644 --- a/lib/api/ci/runner.rb +++ b/lib/api/ci/runner.rb @@ -334,6 +334,7 @@ module API desc 'Download the artifacts file for job' do http_codes [[200, 'Upload allowed'], + [401, 'Unauthorized'], [403, 'Forbidden'], [404, 'Artifact not found']] end @@ -342,12 +343,9 @@ module API optional :token, type: String, desc: %q(Job's authentication token) optional :direct_download, default: false, type: Boolean, desc: %q(Perform direct download from remote storage instead of proxying artifacts) end + route_setting :authentication, job_token_allowed: true get '/:id/artifacts', feature_category: :build_artifacts do - if request_using_running_job_token? - authenticate_job_via_dependent_job! - else - authenticate_job!(require_running: false) - end + authenticate_job_via_dependent_job! present_artifacts_file!(current_job.artifacts_file, supports_direct_download: params[:direct_download]) end diff --git a/locale/gitlab.pot b/locale/gitlab.pot index a5ba7a9f9b4..f48b2e87994 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -36563,7 +36563,7 @@ msgstr "" msgid "SecurityOrchestration|Update scan policies" msgstr "" -msgid "SecurityOrchestration|Use a scan execution policy to create rules which enforce security scans for particular branches at a certain time. Supported types are SAST, DAST, Secret detection, and Container scanning." +msgid "SecurityOrchestration|Use a scan execution policy to create rules which enforce security scans for particular branches at a certain time. Supported types are SAST, DAST, Secret detection, Container scanning, and Dependency scanning." msgstr "" msgid "SecurityOrchestration|Use a scan result policy to create rules that ensure security issues are checked before merging a merge request." diff --git a/qa/qa/specs/features/api/1_manage/import/import_github_repo_spec.rb b/qa/qa/specs/features/api/1_manage/import/import_github_repo_spec.rb index 466803bcf78..ab50e02c790 100644 --- a/qa/qa/specs/features/api/1_manage/import/import_github_repo_spec.rb +++ b/qa/qa/specs/features/api/1_manage/import/import_github_repo_spec.rb @@ -49,18 +49,16 @@ module QA def verify_protected_branches_import imported_branches = imported_project.protected_branches.map do |branch| - branch.slice(:name, :allow_force_push, :code_owner_approval_required) + branch.slice(:name, :allow_force_push) end actual_branches = [ { name: 'main', - allow_force_push: false, - code_owner_approval_required: true + allow_force_push: false }, { name: 'release', - allow_force_push: true, - code_owner_approval_required: true + allow_force_push: true } ] diff --git a/scripts/build_assets_image b/scripts/build_assets_image index 8aa6526061a..7482a170fe7 100755 --- a/scripts/build_assets_image +++ b/scripts/build_assets_image @@ -1,36 +1,82 @@ +#!/bin/sh + +. scripts/utils.sh + # Exit early if we don't want to build the image -if [[ "${BUILD_ASSETS_IMAGE}" != "true" ]] +if [ "${BUILD_ASSETS_IMAGE}" != "true" ] then exit 0 fi +get_repository_id() { + repository_name="${1}" + repositories_url="${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/registry/repositories" + + curl --header "PRIVATE-TOKEN: ${PROJECT_TOKEN_FOR_CI_SCRIPTS_API_USAGE}" "${repositories_url}" | jq "map(select(.name == \"${repository_name}\")) | .[0].id" +} + # Generate the image name based on the project this is being run in ASSETS_IMAGE_NAME="gitlab-assets-ce" + # `dev.gitlab-org` still has gitlab-ee. -if [[ "${CI_PROJECT_NAME}" == "gitlab" ]] || [[ "${CI_PROJECT_NAME}" == "gitlab-ee" ]] +if [ "${CI_PROJECT_NAME}" = "gitlab" ] || [ "${CI_PROJECT_NAME}" = "gitlab-ee" ] then ASSETS_IMAGE_NAME="gitlab-assets-ee" fi -ASSETS_IMAGE_PATH=${CI_REGISTRY}/${CI_PROJECT_PATH}/${ASSETS_IMAGE_NAME} +ASSETS_IMAGE_PATH="${CI_REGISTRY}/${CI_PROJECT_PATH}/${ASSETS_IMAGE_NAME}" +COMMIT_ASSETS_HASH_TAG="$(assets_image_tag)" +COMMIT_ASSETS_HASH_DESTINATION="${ASSETS_IMAGE_PATH}:${COMMIT_ASSETS_HASH_TAG}" -mkdir -p assets_container.build/public -cp -r public/assets assets_container.build/public/ -cp Dockerfile.assets assets_container.build/ +DESTINATIONS="--destination=${COMMIT_ASSETS_HASH_DESTINATION}" + +SKIP_ASSETS_IMAGE_BUILDING_IF_ALREADY_EXIST="true" -COMMIT_REF_SLUG_DESTINATION=${ASSETS_IMAGE_PATH}:${CI_COMMIT_REF_SLUG} +# Also tag the image with GitLab version, if running on a tag pipeline +# (and thus skip the performance optimization in that case), for back-compatibility. +if [ -n "${CI_COMMIT_TAG}" ]; then + COMMIT_REF_NAME_DESTINATION="${ASSETS_IMAGE_PATH}:${CI_COMMIT_REF_NAME}" + DESTINATIONS="$DESTINATIONS --destination=$COMMIT_REF_NAME_DESTINATION" + SKIP_ASSETS_IMAGE_BUILDING_IF_ALREADY_EXIST="false" +fi -COMMIT_SHA_DESTINATION=${ASSETS_IMAGE_PATH}:${CI_COMMIT_SHA} -COMMIT_REF_NAME_DESTINATION=${ASSETS_IMAGE_PATH}:${CI_COMMIT_REF_NAME} +# The auto-deploy branch process still fetch assets image tagged with $CI_COMMIT_SHA, +# so we need to push the image with it (and thus skip the performance optimization in that case), +# for back-compatibility. +if echo "${CI_COMMIT_BRANCH}" | grep -Eq "^[0-9]+-[0-9]+-auto-deploy-[0-9]+$"; then + COMMIT_SHA_DESTINATION=${ASSETS_IMAGE_PATH}:${CI_COMMIT_SHA} + DESTINATIONS="$DESTINATIONS --destination=$COMMIT_SHA_DESTINATION" + SKIP_ASSETS_IMAGE_BUILDING_IF_ALREADY_EXIST="false" +fi -DESTINATIONS="--destination=$COMMIT_REF_SLUG_DESTINATION --destination=$COMMIT_SHA_DESTINATION" +if [ "${SKIP_ASSETS_IMAGE_BUILDING_IF_ALREADY_EXIST}" = "true" ] && [ -n "${PROJECT_TOKEN_FOR_CI_SCRIPTS_API_USAGE}" ]; then + echoinfo "Checking if the ${COMMIT_ASSETS_HASH_DESTINATION} image exists..." + repository_id=$(get_repository_id "${ASSETS_IMAGE_NAME}") -# Also tag the image with GitLab version, if running on a tag pipeline, so -# other projects can simply use that instead of computing the slug. -if [ -n "$CI_COMMIT_TAG" ]; then - DESTINATIONS="$DESTINATIONS --destination=$COMMIT_REF_NAME_DESTINATION" + if [ -n "${repository_id}" ]; then + api_image_url="${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/registry/repositories/${repository_id}/tags/${COMMIT_ASSETS_HASH_TAG}" + echoinfo "api_image_url: ${api_image_url}" + + if test_url "${api_image_url}" "--header \"PRIVATE-TOKEN: ${PROJECT_TOKEN_FOR_CI_SCRIPTS_API_USAGE}\""; then + echosuccess "Image ${COMMIT_ASSETS_HASH_DESTINATION} already exists, no need to rebuild it." + exit 0 + else + echoinfo "Image ${COMMIT_ASSETS_HASH_DESTINATION} doesn't exist, we'll need to build it." + fi + else + echoerr "Repository ID couldn't be found for the '${ASSETS_IMAGE_NAME}' image!" + fi +else + echoinfo "The 'PROJECT_TOKEN_FOR_CI_SCRIPTS_API_USAGE' variable is not present, so we cannot check if the image already exists." fi -echo "building assets image for destinations: $DESTINATIONS" +mkdir -p assets_container.build/public +cp -r public/assets assets_container.build/public/ +cp Dockerfile.assets assets_container.build/ + +echo "Building assets image for destinations: ${DESTINATIONS}" -/kaniko/executor --context=assets_container.build --dockerfile=assets_container.build/Dockerfile.assets $DESTINATIONS +/kaniko/executor \ + --context="assets_container.build" \ + --dockerfile="assets_container.build/Dockerfile.assets" \ + ${DESTINATIONS} diff --git a/scripts/trigger-build.rb b/scripts/trigger-build.rb index 897ca9f473e..8dfab8dd2eb 100755 --- a/scripts/trigger-build.rb +++ b/scripts/trigger-build.rb @@ -160,6 +160,8 @@ module Trigger end class CNG < Base + ASSETS_HASH = "cached-assets-hash.txt" + def variables # Delete variables that aren't useful when using native triggers. super.tap do |hash| @@ -187,7 +189,6 @@ module Trigger "TRIGGER_BRANCH" => ref, "GITLAB_VERSION" => ENV['CI_COMMIT_SHA'], "GITLAB_TAG" => ENV['CI_COMMIT_TAG'], # Always set a value, even an empty string, so that the downstream pipeline can correctly check it. - "GITLAB_ASSETS_TAG" => ENV['CI_COMMIT_TAG'] ? ENV['CI_COMMIT_REF_NAME'] : ENV['CI_COMMIT_SHA'], "FORCE_RAILS_IMAGE_BUILDS" => 'true', "CE_PIPELINE" => Trigger.ee? ? nil : "true", # Always set a value, even an empty string, so that the downstream pipeline can correctly check it. "EE_PIPELINE" => Trigger.ee? ? "true" : nil # Always set a value, even an empty string, so that the downstream pipeline can correctly check it. diff --git a/scripts/utils.sh b/scripts/utils.sh index ea2b390f249..dae65ac8156 100644 --- a/scripts/utils.sh +++ b/scripts/utils.sh @@ -15,9 +15,11 @@ function retry() { function test_url() { local url="${1}" + local curl_args="${2}" local status + local cmd="curl ${curl_args} --output /dev/null -L -s -w ''%{http_code}'' \"${url}\"" - status=$(curl --output /dev/null -L -s -w ''%{http_code}'' "${url}") + status=$(eval "${cmd}") if [[ $status == "200" ]]; then return 0 @@ -203,3 +205,16 @@ function danger_as_local() { # We need to base SHA to help danger determine the base commit for this shallow clone. bundle exec danger dry_run --fail-on-errors=true --verbose --base="${CI_MERGE_REQUEST_DIFF_BASE_SHA}" --head="${CI_MERGE_REQUEST_SOURCE_BRANCH_SHA:-$CI_COMMIT_SHA}" --dangerfile="${DANGER_DANGERFILE:-Dangerfile}" } + +# We're inlining this function in `.gitlab/ci/package-and-test/main.gitlab-ci.yml` since this file can be included in other projects. +function assets_image_tag() { + local cache_assets_hash_file="cached-assets-hash.txt" + + if [[ -n "${CI_COMMIT_TAG}" ]]; then + echo -n "${CI_COMMIT_REF_NAME}" + elif [[ -f "${cache_assets_hash_file}" ]]; then + echo -n "assets-hash-$(cat ${cache_assets_hash_file} | cut -c1-10)" + else + echo -n "${CI_COMMIT_SHA}" + fi +} diff --git a/spec/features/projects/integrations/user_activates_issue_tracker_spec.rb b/spec/features/projects/integrations/user_activates_issue_tracker_spec.rb index e7d4ed58549..d2c48cb2af0 100644 --- a/spec/features/projects/integrations/user_activates_issue_tracker_spec.rb +++ b/spec/features/projects/integrations/user_activates_issue_tracker_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe 'User activates issue tracker', :js do +RSpec.describe 'User activates issue tracker', :js, feature_category: :integrations do include_context 'project integration activation' let(:url) { 'http://tracker.example.com' } diff --git a/spec/features/projects/members/manage_members_spec.rb b/spec/features/projects/members/manage_members_spec.rb index 56eb02607a5..1f317c55256 100644 --- a/spec/features/projects/members/manage_members_spec.rb +++ b/spec/features/projects/members/manage_members_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe 'Projects > Members > Manage members', :js do +RSpec.describe 'Projects > Members > Manage members', :js, product_group: :onboarding do include Spec::Support::Helpers::Features::MembersHelpers include Spec::Support::Helpers::Features::InviteMembersModalHelper include Spec::Support::Helpers::ModalHelpers diff --git a/spec/requests/api/ci/runner/jobs_artifacts_spec.rb b/spec/requests/api/ci/runner/jobs_artifacts_spec.rb index aaaa128b7a2..9af0541bd2c 100644 --- a/spec/requests/api/ci/runner/jobs_artifacts_spec.rb +++ b/spec/requests/api/ci/runner/jobs_artifacts_spec.rb @@ -881,11 +881,11 @@ RSpec.describe API::Ci::Runner, :clean_gitlab_redis_shared_state do end end - shared_examples 'forbidden request' do - it 'responds with forbidden' do + shared_examples 'unauthorized request' do + it 'responds with unauthorized' do download_artifact - expect(response).to have_gitlab_http_status(:forbidden) + expect(response).to have_gitlab_http_status(:unauthorized) end end @@ -899,7 +899,7 @@ RSpec.describe API::Ci::Runner, :clean_gitlab_redis_shared_state do job.success! end - it_behaves_like 'successful artifact download' + it_behaves_like 'unauthorized request' end end @@ -916,7 +916,7 @@ RSpec.describe API::Ci::Runner, :clean_gitlab_redis_shared_state do dependent_job.success! end - it_behaves_like 'forbidden request' + it_behaves_like 'unauthorized request' end end @@ -942,7 +942,7 @@ RSpec.describe API::Ci::Runner, :clean_gitlab_redis_shared_state do let(:token) { ci_build.token } - it_behaves_like 'forbidden request' + it_behaves_like 'unauthorized request' end context 'when using a token from a cross pipeline build' do @@ -981,19 +981,23 @@ RSpec.describe API::Ci::Runner, :clean_gitlab_redis_shared_state do let!(:unrelated_ci_build) { create(:ci_build, :running, user: create(:user)) } let(:token) { unrelated_ci_build.token } - it_behaves_like 'forbidden request' + it 'responds with forbidden' do + download_artifact + + expect(response).to have_gitlab_http_status(:forbidden) + end end context 'when using runnners token' do let(:token) { job.project.runners_token } - it_behaves_like 'forbidden request' + it_behaves_like 'unauthorized request' end context 'when using an invalid token' do let(:token) { 'invalid-token' } - it_behaves_like 'forbidden request' + it_behaves_like 'unauthorized request' end end diff --git a/spec/scripts/trigger-build_spec.rb b/spec/scripts/trigger-build_spec.rb index 9032ba85b9f..ebf05167428 100644 --- a/spec/scripts/trigger-build_spec.rb +++ b/spec/scripts/trigger-build_spec.rb @@ -319,28 +319,6 @@ RSpec.describe Trigger do end end - describe "GITLAB_ASSETS_TAG" do - context 'when CI_COMMIT_TAG is set' do - before do - stub_env('CI_COMMIT_TAG', 'v1.0') - end - - it 'sets GITLAB_ASSETS_TAG to CI_COMMIT_REF_NAME' do - expect(subject.variables['GITLAB_ASSETS_TAG']).to eq(env['CI_COMMIT_REF_NAME']) - end - end - - context 'when CI_COMMIT_TAG is nil' do - before do - stub_env('CI_COMMIT_TAG', nil) - end - - it 'sets GITLAB_ASSETS_TAG to CI_COMMIT_SHA' do - expect(subject.variables['GITLAB_ASSETS_TAG']).to eq(env['CI_COMMIT_SHA']) - end - end - end - describe "CE_PIPELINE" do context 'when Trigger.ee? is true' do before do diff --git a/spec/tooling/rspec_flaky/example_spec.rb b/spec/tooling/rspec_flaky/example_spec.rb index 8ff280fd855..d001ed32444 100644 --- a/spec/tooling/rspec_flaky/example_spec.rb +++ b/spec/tooling/rspec_flaky/example_spec.rb @@ -9,7 +9,8 @@ RSpec.describe RspecFlaky::Example do metadata: { file_path: 'spec/foo/bar_spec.rb', line_number: 2, - full_description: 'hello world' + full_description: 'hello world', + feature_category: :feature_category }, execution_result: double(status: 'passed', exception: 'BOOM!'), attempts: 1 @@ -89,4 +90,10 @@ RSpec.describe RspecFlaky::Example do expect(subject.exception).to eq(rspec_example.execution_result.exception) end end + + describe '#feature_category' do + it 'returns the metadata[:feature_category] of the RSpec::Core::Example' do + expect(subject.feature_category).to eq(rspec_example.metadata[:feature_category]) + end + end end diff --git a/spec/tooling/rspec_flaky/flaky_example_spec.rb b/spec/tooling/rspec_flaky/flaky_example_spec.rb index c83af7e4909..511f3286f56 100644 --- a/spec/tooling/rspec_flaky/flaky_example_spec.rb +++ b/spec/tooling/rspec_flaky/flaky_example_spec.rb @@ -15,7 +15,8 @@ RSpec.describe RspecFlaky::FlakyExample, :aggregate_failures do file: 'spec/foo/bar_spec.rb', line: 2, description: 'hello world', - last_attempts_count: 2 + last_attempts_count: 2, + feature_category: :feature_category } end @@ -35,6 +36,7 @@ RSpec.describe RspecFlaky::FlakyExample, :aggregate_failures do expect(attrs[:file]).to eq(example_attrs[:file]) expect(attrs[:line]).to eq(example_attrs[:line]) expect(attrs[:description]).to eq(example_attrs[:description]) + expect(attrs[:feature_category]).to eq(example_attrs[:feature_category]) expect(attrs[:first_flaky_at]).to eq(expected_first_flaky_at) expect(attrs[:last_flaky_at]).to eq(expected_last_flaky_at) expect(attrs[:last_attempts_count]).to eq(example_attrs[:last_attempts_count]) diff --git a/spec/tooling/rspec_flaky/flaky_examples_collection_spec.rb b/spec/tooling/rspec_flaky/flaky_examples_collection_spec.rb index e5f985c9596..9d75c97febe 100644 --- a/spec/tooling/rspec_flaky/flaky_examples_collection_spec.rb +++ b/spec/tooling/rspec_flaky/flaky_examples_collection_spec.rb @@ -20,6 +20,7 @@ RSpec.describe RspecFlaky::FlakyExamplesCollection, :aggregate_failures, :freeze last_flaky_at: Time.now, last_flaky_job: nil, flaky_reports: 0, + feature_category: nil, last_attempts_count: nil }, b: { @@ -28,6 +29,7 @@ RSpec.describe RspecFlaky::FlakyExamplesCollection, :aggregate_failures, :freeze last_flaky_at: Time.now, last_flaky_job: nil, flaky_reports: 0, + feature_category: nil, last_attempts_count: nil } } @@ -69,6 +71,7 @@ RSpec.describe RspecFlaky::FlakyExamplesCollection, :aggregate_failures, :freeze last_flaky_at: Time.now, last_flaky_job: nil, flaky_reports: 0, + feature_category: nil, last_attempts_count: nil }) end diff --git a/spec/tooling/rspec_flaky/listener_spec.rb b/spec/tooling/rspec_flaky/listener_spec.rb index 62bbe53cac1..0bbd6454969 100644 --- a/spec/tooling/rspec_flaky/listener_spec.rb +++ b/spec/tooling/rspec_flaky/listener_spec.rb @@ -128,6 +128,7 @@ RSpec.describe RspecFlaky::Listener, :aggregate_failures do first_flaky_at: 1234, last_attempts_count: 2, flaky_reports: 2, + feature_category: nil, last_flaky_job: nil } end @@ -154,6 +155,7 @@ RSpec.describe RspecFlaky::Listener, :aggregate_failures do description: 'hello GitLab', last_attempts_count: 2, flaky_reports: 1, + feature_category: nil, last_flaky_job: nil } end diff --git a/spec/tooling/rspec_flaky/report_spec.rb b/spec/tooling/rspec_flaky/report_spec.rb index ffd0cd987aa..e7365c1e150 100644 --- a/spec/tooling/rspec_flaky/report_spec.rb +++ b/spec/tooling/rspec_flaky/report_spec.rb @@ -26,6 +26,7 @@ RSpec.describe RspecFlaky::Report, :aggregate_failures, :freeze_time do last_flaky_at: 4321, last_attempts_count: 3, flaky_reports: 1, + feature_category: 'feature_category', last_flaky_job: nil } } diff --git a/tooling/rspec_flaky/example.rb b/tooling/rspec_flaky/example.rb index e6c2f838194..8f369c99c5b 100644 --- a/tooling/rspec_flaky/example.rb +++ b/tooling/rspec_flaky/example.rb @@ -38,13 +38,18 @@ module RspecFlaky rspec_example.respond_to?(:attempts) ? rspec_example.attempts : 1 end + def feature_category + metadata[:feature_category] + end + def to_h { example_id: example_id, file: file, line: line, description: description, - last_attempts_count: attempts + last_attempts_count: attempts, + feature_category: feature_category } end diff --git a/tooling/rspec_flaky/flaky_example.rb b/tooling/rspec_flaky/flaky_example.rb index 5736cc74810..3ce48ce1cd3 100644 --- a/tooling/rspec_flaky/flaky_example.rb +++ b/tooling/rspec_flaky/flaky_example.rb @@ -13,6 +13,7 @@ module RspecFlaky last_flaky_job last_attempts_count flaky_reports + feature_category ].freeze # This represents a flaky RSpec example and is mainly meant to be saved in a JSON file @@ -23,7 +24,8 @@ module RspecFlaky last_flaky_at: Time.now, last_flaky_job: nil, last_attempts_count: example_hash[:attempts], - flaky_reports: 0 + flaky_reports: 0, + feature_category: example_hash[:feature_category] }.merge(example_hash.slice(*ALLOWED_ATTRIBUTES)) %i[first_flaky_at last_flaky_at].each do |attr| @@ -38,6 +40,7 @@ module RspecFlaky attributes[:first_flaky_at] ||= Time.now attributes[:last_flaky_at] = Time.now attributes[:flaky_reports] += 1 + attributes[:feature_category] = example_hash[:feature_category] attributes[:last_attempts_count] = example_hash[:last_attempts_count] if example_hash[:last_attempts_count] if ENV['CI_JOB_URL'] |