diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-11-17 06:08:13 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-11-17 06:08:13 +0000 |
| commit | da92a12093920ecd79d9979a29d987157dd0ef78 (patch) | |
| tree | 32117b6be0900e1247932c1a304bb26b3f2f48c1 | |
| parent | 4d528bfd734a021b42f9c829831029e5515deb8f (diff) | |
| download | gitlab-ce-da92a12093920ecd79d9979a29d987157dd0ef78.tar.gz | |
Add latest changes from gitlab-org/gitlab@master
37 files changed, 615 insertions, 229 deletions
diff --git a/app/models/user.rb b/app/models/user.rb index 24f947183a2..cdb6c0dea80 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -58,16 +58,16 @@ class User < ApplicationRecord add_authentication_token_field :feed_token add_authentication_token_field :static_object_token, encrypted: :optional - default_value_for :admin, false - default_value_for(:external) { Gitlab::CurrentSettings.user_default_external } - default_value_for(:can_create_group) { Gitlab::CurrentSettings.can_create_group } - default_value_for :can_create_team, false - default_value_for :hide_no_ssh_key, false - default_value_for :hide_no_password, false - default_value_for :project_view, :files - default_value_for :notified_of_own_activity, false - default_value_for :preferred_language, I18n.default_locale - default_value_for :theme_id, gitlab_config.default_theme + attribute :admin, default: false + attribute :external, default: -> { Gitlab::CurrentSettings.user_default_external } + attribute :can_create_group, default: -> { Gitlab::CurrentSettings.can_create_group } + attribute :can_create_team, default: false + attribute :hide_no_ssh_key, default: false + attribute :hide_no_password, default: false + attribute :project_view, default: :files + attribute :notified_of_own_activity, default: false + attribute :preferred_language, default: -> { I18n.default_locale } + attribute :theme_id, default: -> { gitlab_config.default_theme } attr_encrypted :otp_secret, key: Gitlab::Application.secrets.otp_key_base, diff --git a/app/models/user_preference.rb b/app/models/user_preference.rb index c6ebd550daf..bc2c6b526b8 100644 --- a/app/models/user_preference.rb +++ b/app/models/user_preference.rb @@ -26,10 +26,10 @@ class UserPreference < ApplicationRecord ignore_columns :experience_level, remove_with: '14.10', remove_after: '2021-03-22' - default_value_for :tab_width, value: Gitlab::TabWidth::DEFAULT, allows_nil: false - default_value_for :time_display_relative, value: true, allows_nil: false - default_value_for :time_format_in_24h, value: false, allows_nil: false - default_value_for :render_whitespace_in_code, value: false, allows_nil: false + attribute :tab_width, default: -> { Gitlab::TabWidth::DEFAULT } + attribute :time_display_relative, default: true + attribute :time_format_in_24h, default: false + attribute :render_whitespace_in_code, default: false class << self def notes_filters @@ -59,6 +59,67 @@ class UserPreference < ApplicationRecord self[notes_filter_field_for(resource)] end + def tab_width + read_attribute(:tab_width) || self.class.column_defaults['tab_width'] + end + + def tab_width=(value) + if value.nil? + default = self.class.column_defaults['tab_width'] + super(default) + else + super(value) + end + end + + def time_display_relative + value = read_attribute(:time_display_relative) + return value unless value.nil? + + self.class.column_defaults['time_display_relative'] + end + + def time_display_relative=(value) + if value.nil? + default = self.class.column_defaults['time_display_relative'] + super(default) + else + super(value) + end + end + + def time_format_in_24h + value = read_attribute(:time_format_in_24h) + return value unless value.nil? + + self.class.column_defaults['time_format_in_24h'] + end + + def time_format_in_24h=(value) + if value.nil? + default = self.class.column_defaults['time_format_in_24h'] + super(default) + else + super(value) + end + end + + def render_whitespace_in_code + value = read_attribute(:render_whitespace_in_code) + return value unless value.nil? + + self.class.column_defaults['render_whitespace_in_code'] + end + + def render_whitespace_in_code=(value) + if value.nil? + default = self.class.column_defaults['render_whitespace_in_code'] + super(default) + else + super(value) + end + end + private def notes_filter_field_for(resource) diff --git a/app/workers/namespaces/root_statistics_worker.rb b/app/workers/namespaces/root_statistics_worker.rb index e3aa8a1f779..02b3468c052 100644 --- a/app/workers/namespaces/root_statistics_worker.rb +++ b/app/workers/namespaces/root_statistics_worker.rb @@ -4,7 +4,7 @@ module Namespaces class RootStatisticsWorker include ApplicationWorker - data_consistency :sticky, feature_flag: :root_statistics_worker_read_replica + data_consistency :sticky sidekiq_options retry: 3 diff --git a/config/feature_flags/development/root_statistics_worker_read_replica.yml b/config/feature_flags/development/root_statistics_worker_read_replica.yml deleted file mode 100644 index 516bead1ee7..00000000000 --- a/config/feature_flags/development/root_statistics_worker_read_replica.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -name: root_statistics_worker_read_replica -introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/102516 -rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/379678 -milestone: '15.6' -type: development -group: group::utilization -default_enabled: false diff --git a/config/feature_flags/ops/jira_raise_timeouts.yml b/config/feature_flags/ops/jira_raise_timeouts.yml deleted file mode 100644 index ac572b172fc..00000000000 --- a/config/feature_flags/ops/jira_raise_timeouts.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -name: jira_raise_timeouts -introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/86439 -rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/375587 -milestone: '15.0' -type: ops -group: group::integrations -default_enabled: false diff --git a/config/metrics/counts_28d/20210216184559_ci_templates_total_unique_counts_monthly.yml b/config/metrics/counts_28d/20210216184559_ci_templates_total_unique_counts_monthly.yml index 554b5c57bb6..4b972a3315d 100755 --- a/config/metrics/counts_28d/20210216184559_ci_templates_total_unique_counts_monthly.yml +++ b/config/metrics/counts_28d/20210216184559_ci_templates_total_unique_counts_monthly.yml @@ -94,6 +94,8 @@ options: - p_ci_templates_jobs_secret_detection_latest - p_ci_templates_jobs_code_intelligence - p_ci_templates_jobs_code_quality + - p_ci_templates_jobs_container_scanning + - p_ci_templates_jobs_container_scanning_latest - p_ci_templates_jobs_dependency_scanning - p_ci_templates_jobs_dependency_scanning_latest - p_ci_templates_jobs_license_scanning @@ -142,6 +144,7 @@ options: - p_ci_templates_implicit_jobs_secret_detection - p_ci_templates_implicit_jobs_code_intelligence - p_ci_templates_implicit_jobs_code_quality + - p_ci_templates_implicit_jobs_container_scanning - p_ci_templates_implicit_jobs_dependency_scanning - p_ci_templates_implicit_jobs_license_scanning - p_ci_templates_implicit_jobs_deploy_ecs diff --git a/config/metrics/counts_28d/20221108092725_p_ci_templates_implicit_jobs_container_scanning_monthly.yml b/config/metrics/counts_28d/20221108092725_p_ci_templates_implicit_jobs_container_scanning_monthly.yml new file mode 100644 index 00000000000..62ce68dd4e6 --- /dev/null +++ b/config/metrics/counts_28d/20221108092725_p_ci_templates_implicit_jobs_container_scanning_monthly.yml @@ -0,0 +1,25 @@ +--- +key_path: redis_hll_counters.ci_templates.p_ci_templates_implicit_jobs_container_scanning_monthly +description: Monthly counts for implicit use of Container Scanning CI template (Jobs folder) +product_section: sec +product_stage: secure +product_group: composition_analysis +product_category: container_scanning +value_type: number +status: active +milestone: '15.6' +introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/103262" +time_frame: 28d +data_source: redis_hll +data_category: optional +instrumentation_class: RedisHLLMetric +distribution: +- ce +- ee +tier: +- free +- premium +- ultimate +options: + events: + - p_ci_templates_implicit_jobs_container_scanning diff --git a/config/metrics/counts_28d/20221108092725_p_ci_templates_jobs_container_scanning_latest_monthly.yml b/config/metrics/counts_28d/20221108092725_p_ci_templates_jobs_container_scanning_latest_monthly.yml new file mode 100644 index 00000000000..df169b9eb48 --- /dev/null +++ b/config/metrics/counts_28d/20221108092725_p_ci_templates_jobs_container_scanning_latest_monthly.yml @@ -0,0 +1,25 @@ +--- +key_path: redis_hll_counters.ci_templates.p_ci_templates_jobs_container_scanning_latest_monthly +description: Monthly counts for Container Scanning CI Latest template (Jobs folder) +product_section: sec +product_stage: secure +product_group: composition_analysis +product_category: container_scanning +value_type: number +status: active +milestone: '15.6' +introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/103262" +time_frame: 28d +data_source: redis_hll +data_category: optional +instrumentation_class: RedisHLLMetric +distribution: +- ce +- ee +tier: +- free +- premium +- ultimate +options: + events: + - p_ci_templates_jobs_container_scanning_latest diff --git a/config/metrics/counts_28d/20221108092725_p_ci_templates_jobs_container_scanning_monthly.yml b/config/metrics/counts_28d/20221108092725_p_ci_templates_jobs_container_scanning_monthly.yml new file mode 100644 index 00000000000..2abbb3f9b16 --- /dev/null +++ b/config/metrics/counts_28d/20221108092725_p_ci_templates_jobs_container_scanning_monthly.yml @@ -0,0 +1,25 @@ +--- +key_path: redis_hll_counters.ci_templates.p_ci_templates_jobs_container_scanning_monthly +description: Monthly counts for Container Scanning CI template (Jobs folder) +product_section: sec +product_stage: secure +product_group: composition_analysis +product_category: container_scanning +value_type: number +status: active +milestone: '15.6' +introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/103262" +time_frame: 28d +data_source: redis_hll +data_category: optional +instrumentation_class: RedisHLLMetric +distribution: +- ce +- ee +tier: +- free +- premium +- ultimate +options: + events: + - p_ci_templates_jobs_container_scanning diff --git a/config/metrics/counts_7d/20210216184557_ci_templates_total_unique_counts_weekly.yml b/config/metrics/counts_7d/20210216184557_ci_templates_total_unique_counts_weekly.yml index f3758f5bd06..029742453d8 100755 --- a/config/metrics/counts_7d/20210216184557_ci_templates_total_unique_counts_weekly.yml +++ b/config/metrics/counts_7d/20210216184557_ci_templates_total_unique_counts_weekly.yml @@ -94,6 +94,8 @@ options: - p_ci_templates_jobs_secret_detection_latest - p_ci_templates_jobs_code_intelligence - p_ci_templates_jobs_code_quality + - p_ci_templates_jobs_container_scanning + - p_ci_templates_jobs_container_scanning_latest - p_ci_templates_jobs_dependency_scanning - p_ci_templates_jobs_dependency_scanning_latest - p_ci_templates_jobs_license_scanning @@ -142,6 +144,7 @@ options: - p_ci_templates_implicit_jobs_secret_detection - p_ci_templates_implicit_jobs_code_intelligence - p_ci_templates_implicit_jobs_code_quality + - p_ci_templates_implicit_jobs_container_scanning - p_ci_templates_implicit_jobs_dependency_scanning - p_ci_templates_implicit_jobs_license_scanning - p_ci_templates_implicit_jobs_deploy_ecs diff --git a/config/metrics/counts_7d/20221108092725_p_ci_templates_implicit_jobs_container_scanning_weekly.yml b/config/metrics/counts_7d/20221108092725_p_ci_templates_implicit_jobs_container_scanning_weekly.yml new file mode 100644 index 00000000000..8c081dd8a77 --- /dev/null +++ b/config/metrics/counts_7d/20221108092725_p_ci_templates_implicit_jobs_container_scanning_weekly.yml @@ -0,0 +1,25 @@ +--- +key_path: redis_hll_counters.ci_templates.p_ci_templates_implicit_jobs_container_scanning_weekly +description: Weekly counts for implicit use of Container Scanning CI template (Jobs folder) +product_section: sec +product_stage: secure +product_group: composition_analysis +product_category: container_scanning +value_type: number +status: active +milestone: '15.6' +introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/103262" +time_frame: 7d +data_source: redis_hll +data_category: optional +instrumentation_class: RedisHLLMetric +distribution: +- ce +- ee +tier: +- free +- premium +- ultimate +options: + events: + - p_ci_templates_implicit_jobs_container_scanning diff --git a/config/metrics/counts_7d/20221108092725_p_ci_templates_jobs_container_scanning_latest_weekly.yml b/config/metrics/counts_7d/20221108092725_p_ci_templates_jobs_container_scanning_latest_weekly.yml new file mode 100644 index 00000000000..7535ebc57a2 --- /dev/null +++ b/config/metrics/counts_7d/20221108092725_p_ci_templates_jobs_container_scanning_latest_weekly.yml @@ -0,0 +1,25 @@ +--- +key_path: redis_hll_counters.ci_templates.p_ci_templates_jobs_container_scanning_latest_weekly +description: Weekly counts for Container Scanning CI Latest template (Jobs folder) +product_section: sec +product_stage: secure +product_group: composition_analysis +product_category: container_scanning +value_type: number +status: active +milestone: '15.6' +introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/103262" +time_frame: 7d +data_source: redis_hll +data_category: optional +instrumentation_class: RedisHLLMetric +distribution: +- ce +- ee +tier: +- free +- premium +- ultimate +options: + events: + - p_ci_templates_jobs_container_scanning_latest diff --git a/config/metrics/counts_7d/20221108092725_p_ci_templates_jobs_container_scanning_weekly.yml b/config/metrics/counts_7d/20221108092725_p_ci_templates_jobs_container_scanning_weekly.yml new file mode 100644 index 00000000000..4f79b514af5 --- /dev/null +++ b/config/metrics/counts_7d/20221108092725_p_ci_templates_jobs_container_scanning_weekly.yml @@ -0,0 +1,25 @@ +--- +key_path: redis_hll_counters.ci_templates.p_ci_templates_jobs_container_scanning_weekly +description: Weekly counts for Container Scanning CI template (Jobs folder) +product_section: sec +product_stage: secure +product_group: composition_analysis +product_category: container_scanning +value_type: number +status: active +milestone: '15.6' +introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/103262" +time_frame: 7d +data_source: redis_hll +data_category: optional +instrumentation_class: RedisHLLMetric +distribution: +- ce +- ee +tier: +- free +- premium +- ultimate +options: + events: + - p_ci_templates_jobs_container_scanning diff --git a/doc/development/integrations/secure_partner_integration.md b/doc/development/integrations/secure_partner_integration.md index bcbc02d4827..853541144fb 100644 --- a/doc/development/integrations/secure_partner_integration.md +++ b/doc/development/integrations/secure_partner_integration.md @@ -90,7 +90,7 @@ and complete an integration with the Secure stage. - Documentation for [SAST reports](../../user/application_security/sast/index.md#reports-json-format). - Documentation for [Dependency Scanning reports](../../user/application_security/dependency_scanning/index.md#reports-json-format). - Documentation for [Container Scanning reports](../../user/application_security/container_scanning/index.md#reports-json-format). - - See this [example secure job definition that also defines the artifact created](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml). + - See this [example secure job definition that also defines the artifact created](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml). - If you need a new kind of scan or report, [create an issue](https://gitlab.com/gitlab-org/gitlab/-/issues/new#) and add the label `devops::secure`. - Once the job is completed, the data can be seen: diff --git a/doc/user/application_security/container_scanning/index.md b/doc/user/application_security/container_scanning/index.md index 6fc01a716b2..f7c8b01e694 100644 --- a/doc/user/application_security/container_scanning/index.md +++ b/doc/user/application_security/container_scanning/index.md @@ -90,12 +90,12 @@ To enable container scanning in your pipeline, you need the following: ## Configuration To enable container scanning, add the -[`Container-Scanning.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml) +[`Container-Scanning.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml) to your `.gitlab-ci.yml` file: ```yaml include: - - template: Security/Container-Scanning.gitlab-ci.yml + - template: Jobs/Container-Scanning.gitlab-ci.yml ``` The included template: @@ -117,7 +117,7 @@ registry, and scans the image: ```yaml include: - template: Jobs/Build.gitlab-ci.yml - - template: Security/Container-Scanning.gitlab-ci.yml + - template: Jobs/Container-Scanning.gitlab-ci.yml container_scanning: variables: @@ -142,7 +142,7 @@ enables verbose output for the analyzer: ```yaml include: - - template: Security/Container-Scanning.gitlab-ci.yml + - template: Jobs/Container-Scanning.gitlab-ci.yml variables: SECURE_LOG_LEVEL: 'debug' @@ -154,7 +154,7 @@ To scan images located in a registry other than the project's, use the following ```yaml include: - - template: Security/Container-Scanning.gitlab-ci.yml + - template: Jobs/Container-Scanning.gitlab-ci.yml container_scanning: variables: @@ -178,7 +178,7 @@ container_scanning: - export AWS_ECR_PASSWORD=$(aws ecr get-login-password --region region) include: - - template: Security/Container-Scanning.gitlab-ci.yml + - template: Jobs/Container-Scanning.gitlab-ci.yml CS_IMAGE: <aws_account_id>.dkr.ecr.<region>.amazonaws.com/<image>:<tag> CS_REGISTRY_USER: AWS CS_REGISTRY_PASSWORD: "$AWS_ECR_PASSWORD" @@ -199,7 +199,7 @@ For example: ```yaml include: - - template: Security/Container-Scanning.gitlab-ci.yml + - template: Jobs/Container-Scanning.gitlab-ci.yml container_scanning: variables: @@ -223,7 +223,7 @@ By default, the report only includes packages managed by the Operating System (O ```yaml include: - - template: Security/Container-Scanning.gitlab-ci.yml + - template: Jobs/Container-Scanning.gitlab-ci.yml container_scanning: variables: @@ -345,7 +345,7 @@ This example sets `GIT_STRATEGY` to `fetch`: ```yaml include: - - template: Security/Container-Scanning.gitlab-ci.yml + - template: Jobs/Container-Scanning.gitlab-ci.yml container_scanning: variables: @@ -391,7 +391,7 @@ duplicated: ```yaml include: - - template: Security/Container-Scanning.gitlab-ci.yml + - template: Jobs/Container-Scanning.gitlab-ci.yml container_scanning: variables: @@ -577,7 +577,7 @@ For details on saving and transporting Docker images as a file, see Docker's doc ```yaml include: - - template: Security/Container-Scanning.gitlab-ci.yml + - template: Jobs/Container-Scanning.gitlab-ci.yml container_scanning: image: $CI_REGISTRY/namespace/gitlab-container-scanning @@ -628,7 +628,7 @@ This example shows the configuration needed to scan images in a private [Google ```yaml include: - - template: Security/Container-Scanning.gitlab-ci.yml + - template: Jobs/Container-Scanning.gitlab-ci.yml container_scanning: variables: diff --git a/lib/api/ci/runner.rb b/lib/api/ci/runner.rb index c7d1887638a..e64db375421 100644 --- a/lib/api/ci/runner.rb +++ b/lib/api/ci/runner.rb @@ -256,7 +256,7 @@ module API header 'X-GitLab-Trace-Update-Interval', job.trace.update_interval.to_s end - desc 'Authorize artifacts uploading for job' do + desc 'Authorize uploading job artifact' do http_codes [[200, 'Upload allowed'], [403, 'Forbidden'], [405, 'Artifacts support not enabled'], @@ -270,7 +270,7 @@ module API # In current runner, filesize parameter would be empty here. This is because archive is streamed by runner, # so the archive size is not known ahead of time. Streaming is done to not use additional I/O on # Runner to first save, and then send via Network. - optional :filesize, type: Integer, desc: %q(Artifacts filesize) + optional :filesize, type: Integer, desc: %q(Size of artifact file) optional :artifact_type, type: String, desc: %q(The type of artifact), default: 'archive', values: ::Ci::JobArtifact.file_types.keys @@ -292,7 +292,7 @@ module API end end - desc 'Upload artifacts for job' do + desc 'Upload a job artifact' do success Entities::Ci::JobRequest::Response http_codes [[201, 'Artifact uploaded'], [400, 'Bad request'], @@ -304,7 +304,7 @@ module API requires :id, type: Integer, desc: %q(Job's ID) requires :file, type: ::API::Validations::Types::WorkhorseFile, desc: %(The artifact file to store (generated by Multipart middleware)), documentation: { type: 'file' } optional :token, type: String, desc: %q(Job's authentication token) - optional :expire_in, type: String, desc: %q(Specify when artifacts should expire) + optional :expire_in, type: String, desc: %q(Specify when artifact should expire) optional :artifact_type, type: String, desc: %q(The type of artifact), default: 'archive', values: ::Ci::JobArtifact.file_types.keys optional :artifact_format, type: String, desc: %q(The format of artifact), @@ -333,7 +333,7 @@ module API end desc 'Download the artifacts file for job' do - http_codes [[200, 'Upload allowed'], + http_codes [[200, 'Download allowed'], [401, 'Unauthorized'], [403, 'Forbidden'], [404, 'Artifact not found']] diff --git a/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml b/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml index fddcc1492a8..11420b05dfb 100644 --- a/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml @@ -177,11 +177,11 @@ include: - template: Jobs/Browser-Performance-Testing.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Browser-Performance-Testing.gitlab-ci.yml - template: Jobs/Helm-2to3.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Helm-2to3.gitlab-ci.yml - template: Security/DAST.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml - - template: Security/Container-Scanning.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml - - template: Security/Dependency-Scanning.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml - - template: Security/License-Scanning.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Security/License-Scanning.gitlab-ci.yml - - template: Security/SAST.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml - - template: Security/Secret-Detection.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml + - template: Jobs/Container-Scanning.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml + - template: Jobs/Dependency-Scanning.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.gitlab-ci.yml + - template: Jobs/License-Scanning.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml + - template: Jobs/SAST.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml + - template: Jobs/Secret-Detection.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml # The latest build job generates a dotenv report artifact with a CI_APPLICATION_TAG # that also includes the image digest. This configures Auto Deploy to receive diff --git a/lib/gitlab/ci/templates/Jobs/Browser-Performance-Testing.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Browser-Performance-Testing.gitlab-ci.yml index fcf2ac7de7a..026ddf4a17a 100644 --- a/lib/gitlab/ci/templates/Jobs/Browser-Performance-Testing.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Browser-Performance-Testing.gitlab-ci.yml @@ -7,7 +7,7 @@ browser_performance: variables: DOCKER_TLS_CERTDIR: "" SITESPEED_IMAGE: sitespeedio/sitespeed.io - SITESPEED_VERSION: 14.1.0 + SITESPEED_VERSION: 26.1.0 SITESPEED_OPTIONS: '' services: - name: 'docker:20.10.12-dind' diff --git a/lib/gitlab/ci/templates/Jobs/Browser-Performance-Testing.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Browser-Performance-Testing.latest.gitlab-ci.yml index 04b7dacf2dd..218c2f79e6a 100644 --- a/lib/gitlab/ci/templates/Jobs/Browser-Performance-Testing.latest.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Browser-Performance-Testing.latest.gitlab-ci.yml @@ -7,7 +7,7 @@ browser_performance: variables: DOCKER_TLS_CERTDIR: "" SITESPEED_IMAGE: sitespeedio/sitespeed.io - SITESPEED_VERSION: 14.1.0 + SITESPEED_VERSION: latest SITESPEED_OPTIONS: '' services: - name: 'docker:20.10.12-dind' diff --git a/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml new file mode 100644 index 00000000000..fa609afc5a8 --- /dev/null +++ b/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml @@ -0,0 +1,54 @@ +# To contribute improvements to CI/CD templates, please follow the Development guide at: +# https://docs.gitlab.com/ee/development/cicd/templates.html +# This specific template is located at: +# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml + +# Use this template to enable container scanning in your project. +# You should add this template to an existing `.gitlab-ci.yml` file by using the `include:` +# keyword. +# The template should work without modifications but you can customize the template settings if +# needed: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings +# +# Requirements: +# - A `test` stage to be present in the pipeline. +# - You must define the image to be scanned in the CS_IMAGE variable. If CS_IMAGE is the +# same as $CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG, you can skip this. +# - Container registry credentials defined by `CS_REGISTRY_USER` and `CS_REGISTRY_PASSWORD` variables if the +# image to be scanned is in a private registry. +# - For auto-remediation, a readable Dockerfile in the root of the project or as defined by the +# CS_DOCKERFILE_PATH variable. +# +# Configure container scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html). +# List of available variables: https://docs.gitlab.com/ee/user/application_security/container_scanning/#available-variables + +variables: + CS_ANALYZER_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/security-products/container-scanning:5" + +container_scanning: + image: "$CS_ANALYZER_IMAGE$CS_IMAGE_SUFFIX" + stage: test + variables: + # To provide a `vulnerability-allowlist.yml` file, override the GIT_STRATEGY variable in your + # `.gitlab-ci.yml` file and set it to `fetch`. + # For details, see the following links: + # https://docs.gitlab.com/ee/user/application_security/container_scanning/index.html#overriding-the-container-scanning-template + # https://docs.gitlab.com/ee/user/application_security/container_scanning/#vulnerability-allowlisting + GIT_STRATEGY: none + allow_failure: true + artifacts: + reports: + container_scanning: gl-container-scanning-report.json + dependency_scanning: gl-dependency-scanning-report.json + paths: [gl-container-scanning-report.json, gl-dependency-scanning-report.json] + dependencies: [] + script: + - gtcs scan + rules: + - if: $CONTAINER_SCANNING_DISABLED + when: never + - if: $CI_COMMIT_BRANCH && + $CI_GITLAB_FIPS_MODE == "true" && + $CS_ANALYZER_IMAGE !~ /-(fips|ubi)\z/ + variables: + CS_IMAGE_SUFFIX: -fips + - if: $CI_COMMIT_BRANCH diff --git a/lib/gitlab/ci/templates/Jobs/Container-Scanning.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Container-Scanning.latest.gitlab-ci.yml new file mode 100644 index 00000000000..f750bda2a3f --- /dev/null +++ b/lib/gitlab/ci/templates/Jobs/Container-Scanning.latest.gitlab-ci.yml @@ -0,0 +1,68 @@ +# To contribute improvements to CI/CD templates, please follow the Development guide at: +# https://docs.gitlab.com/ee/development/cicd/templates.html +# This specific template is located at: +# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/Container-Scanning.latest.gitlab-ci.yml + +# Use this template to enable container scanning in your project. +# You should add this template to an existing `.gitlab-ci.yml` file by using the `include:` +# keyword. +# The template should work without modifications but you can customize the template settings if +# needed: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings +# +# Requirements: +# - A `test` stage to be present in the pipeline. +# - You must define the image to be scanned in the CS_IMAGE variable. If CS_IMAGE is the +# same as $CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG, you can skip this. +# - Container registry credentials defined by `CS_REGISTRY_USER` and `CS_REGISTRY_PASSWORD` variables if the +# image to be scanned is in a private registry. +# - For auto-remediation, a readable Dockerfile in the root of the project or as defined by the +# CS_DOCKERFILE_PATH variable. +# +# Configure container scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html). +# List of available variables: https://docs.gitlab.com/ee/user/application_security/container_scanning/#available-variables + +variables: + CS_ANALYZER_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/security-products/container-scanning:5" + +container_scanning: + image: "$CS_ANALYZER_IMAGE$CS_IMAGE_SUFFIX" + stage: test + variables: + # To provide a `vulnerability-allowlist.yml` file, override the GIT_STRATEGY variable in your + # `.gitlab-ci.yml` file and set it to `fetch`. + # For details, see the following links: + # https://docs.gitlab.com/ee/user/application_security/container_scanning/index.html#overriding-the-container-scanning-template + # https://docs.gitlab.com/ee/user/application_security/container_scanning/#vulnerability-allowlisting + GIT_STRATEGY: none + allow_failure: true + artifacts: + reports: + container_scanning: gl-container-scanning-report.json + dependency_scanning: gl-dependency-scanning-report.json + paths: [gl-container-scanning-report.json, gl-dependency-scanning-report.json] + dependencies: [] + script: + - gtcs scan + rules: + - if: $CONTAINER_SCANNING_DISABLED + when: never + + # Add the job to merge request pipelines if there's an open merge request. + - if: $CI_PIPELINE_SOURCE == "merge_request_event" && + $CI_GITLAB_FIPS_MODE == "true" && + $CS_ANALYZER_IMAGE !~ /-(fips|ubi)\z/ + variables: + CS_IMAGE_SUFFIX: -fips + - if: $CI_PIPELINE_SOURCE == "merge_request_event" + + # Don't add it to a *branch* pipeline if it's already in a merge request pipeline. + - if: $CI_OPEN_MERGE_REQUESTS + when: never + + # Add the job to branch pipelines. + - if: $CI_COMMIT_BRANCH && + $CI_GITLAB_FIPS_MODE == "true" && + $CS_ANALYZER_IMAGE !~ /-(fips|ubi)\z/ + variables: + CS_IMAGE_SUFFIX: -fips + - if: $CI_COMMIT_BRANCH diff --git a/lib/gitlab/ci/templates/Jobs/Load-Performance-Testing.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Load-Performance-Testing.gitlab-ci.yml index 936d8751fe1..12105e0e95d 100644 --- a/lib/gitlab/ci/templates/Jobs/Load-Performance-Testing.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Load-Performance-Testing.gitlab-ci.yml @@ -4,8 +4,8 @@ load_performance: allow_failure: true variables: DOCKER_TLS_CERTDIR: "" - K6_IMAGE: loadimpact/k6 - K6_VERSION: 0.27.0 + K6_IMAGE: grafana/k6 + K6_VERSION: 0.41.0 K6_TEST_FILE: raw.githubusercontent.com/grafana/k6/master/samples/http_get.js K6_OPTIONS: '' K6_DOCKER_OPTIONS: '' diff --git a/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml index 79a08c33fdf..879d6a7a468 100644 --- a/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml @@ -1,54 +1,5 @@ -# To contribute improvements to CI/CD templates, please follow the Development guide at: -# https://docs.gitlab.com/ee/development/cicd/templates.html -# This specific template is located at: -# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml +# This template moved to Jobs/Container-Scanning.gitlab-ci.yml in GitLab 15.6 +# Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/381665 -# Use this template to enable container scanning in your project. -# You should add this template to an existing `.gitlab-ci.yml` file by using the `include:` -# keyword. -# The template should work without modifications but you can customize the template settings if -# needed: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings -# -# Requirements: -# - A `test` stage to be present in the pipeline. -# - You must define the image to be scanned in the CS_IMAGE variable. If CS_IMAGE is the -# same as $CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG, you can skip this. -# - Container registry credentials defined by `CS_REGISTRY_USER` and `CS_REGISTRY_PASSWORD` variables if the -# image to be scanned is in a private registry. -# - For auto-remediation, a readable Dockerfile in the root of the project or as defined by the -# CS_DOCKERFILE_PATH variable. -# -# Configure container scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html). -# List of available variables: https://docs.gitlab.com/ee/user/application_security/container_scanning/#available-variables - -variables: - CS_ANALYZER_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/security-products/container-scanning:5" - -container_scanning: - image: "$CS_ANALYZER_IMAGE$CS_IMAGE_SUFFIX" - stage: test - variables: - # To provide a `vulnerability-allowlist.yml` file, override the GIT_STRATEGY variable in your - # `.gitlab-ci.yml` file and set it to `fetch`. - # For details, see the following links: - # https://docs.gitlab.com/ee/user/application_security/container_scanning/index.html#overriding-the-container-scanning-template - # https://docs.gitlab.com/ee/user/application_security/container_scanning/#vulnerability-allowlisting - GIT_STRATEGY: none - allow_failure: true - artifacts: - reports: - container_scanning: gl-container-scanning-report.json - dependency_scanning: gl-dependency-scanning-report.json - paths: [gl-container-scanning-report.json, gl-dependency-scanning-report.json] - dependencies: [] - script: - - gtcs scan - rules: - - if: $CONTAINER_SCANNING_DISABLED - when: never - - if: $CI_COMMIT_BRANCH && - $CI_GITLAB_FIPS_MODE == "true" && - $CS_ANALYZER_IMAGE !~ /-(fips|ubi)\z/ - variables: - CS_IMAGE_SUFFIX: -fips - - if: $CI_COMMIT_BRANCH +include: + template: Jobs/Container-Scanning.gitlab-ci.yml diff --git a/lib/gitlab/ci/templates/Security/Container-Scanning.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/Container-Scanning.latest.gitlab-ci.yml index f7b1d12b3b3..7a4f451314e 100644 --- a/lib/gitlab/ci/templates/Security/Container-Scanning.latest.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/Container-Scanning.latest.gitlab-ci.yml @@ -1,68 +1,5 @@ -# To contribute improvements to CI/CD templates, please follow the Development guide at: -# https://docs.gitlab.com/ee/development/cicd/templates.html -# This specific template is located at: -# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml +# This template moved to Jobs/Container-Scanning.latest.gitlab-ci.yml in GitLab 15.6 +# Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/381665 -# Use this template to enable container scanning in your project. -# You should add this template to an existing `.gitlab-ci.yml` file by using the `include:` -# keyword. -# The template should work without modifications but you can customize the template settings if -# needed: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings -# -# Requirements: -# - A `test` stage to be present in the pipeline. -# - You must define the image to be scanned in the CS_IMAGE variable. If CS_IMAGE is the -# same as $CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG, you can skip this. -# - Container registry credentials defined by `CS_REGISTRY_USER` and `CS_REGISTRY_PASSWORD` variables if the -# image to be scanned is in a private registry. -# - For auto-remediation, a readable Dockerfile in the root of the project or as defined by the -# CS_DOCKERFILE_PATH variable. -# -# Configure container scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html). -# List of available variables: https://docs.gitlab.com/ee/user/application_security/container_scanning/#available-variables - -variables: - CS_ANALYZER_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/security-products/container-scanning:5" - -container_scanning: - image: "$CS_ANALYZER_IMAGE$CS_IMAGE_SUFFIX" - stage: test - variables: - # To provide a `vulnerability-allowlist.yml` file, override the GIT_STRATEGY variable in your - # `.gitlab-ci.yml` file and set it to `fetch`. - # For details, see the following links: - # https://docs.gitlab.com/ee/user/application_security/container_scanning/index.html#overriding-the-container-scanning-template - # https://docs.gitlab.com/ee/user/application_security/container_scanning/#vulnerability-allowlisting - GIT_STRATEGY: none - allow_failure: true - artifacts: - reports: - container_scanning: gl-container-scanning-report.json - dependency_scanning: gl-dependency-scanning-report.json - paths: [gl-container-scanning-report.json, gl-dependency-scanning-report.json] - dependencies: [] - script: - - gtcs scan - rules: - - if: $CONTAINER_SCANNING_DISABLED - when: never - - # Add the job to merge request pipelines if there's an open merge request. - - if: $CI_PIPELINE_SOURCE == "merge_request_event" && - $CI_GITLAB_FIPS_MODE == "true" && - $CS_ANALYZER_IMAGE !~ /-(fips|ubi)\z/ - variables: - CS_IMAGE_SUFFIX: -fips - - if: $CI_PIPELINE_SOURCE == "merge_request_event" - - # Don't add it to a *branch* pipeline if it's already in a merge request pipeline. - - if: $CI_OPEN_MERGE_REQUESTS - when: never - - # Add the job to branch pipelines. - - if: $CI_COMMIT_BRANCH && - $CI_GITLAB_FIPS_MODE == "true" && - $CS_ANALYZER_IMAGE !~ /-(fips|ubi)\z/ - variables: - CS_IMAGE_SUFFIX: -fips - - if: $CI_COMMIT_BRANCH +include: + template: Jobs/Container-Scanning.latest.gitlab-ci.yml diff --git a/lib/gitlab/ci/templates/Security/Secure-Binaries.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/Secure-Binaries.gitlab-ci.yml index fd04c86e6c7..9ca2e66d508 100644 --- a/lib/gitlab/ci/templates/Security/Secure-Binaries.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/Secure-Binaries.gitlab-ci.yml @@ -38,7 +38,7 @@ variables: DOCKER_DRIVER: overlay2 DOCKER_TLS_CERTDIR: "" services: - - docker:stable-dind + - docker:dind script: - docker info - env diff --git a/lib/gitlab/ci/templates/Verify/Browser-Performance.gitlab-ci.yml b/lib/gitlab/ci/templates/Verify/Browser-Performance.gitlab-ci.yml index c3113ffebf3..c1a90955f7f 100644 --- a/lib/gitlab/ci/templates/Verify/Browser-Performance.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Verify/Browser-Performance.gitlab-ci.yml @@ -17,10 +17,10 @@ browser_performance: variables: URL: '' SITESPEED_IMAGE: sitespeedio/sitespeed.io - SITESPEED_VERSION: 14.1.0 + SITESPEED_VERSION: 26.1.0 SITESPEED_OPTIONS: '' services: - - docker:stable-dind + - docker:dind script: - mkdir gitlab-exporter # Busybox wget does not support proxied HTTPS, get the real thing. diff --git a/lib/gitlab/ci/templates/Verify/Browser-Performance.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Verify/Browser-Performance.latest.gitlab-ci.yml index c9f0c173692..adc92fde5ae 100644 --- a/lib/gitlab/ci/templates/Verify/Browser-Performance.latest.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Verify/Browser-Performance.latest.gitlab-ci.yml @@ -17,10 +17,10 @@ browser_performance: variables: URL: '' SITESPEED_IMAGE: sitespeedio/sitespeed.io - SITESPEED_VERSION: 14.1.0 + SITESPEED_VERSION: latest SITESPEED_OPTIONS: '' services: - - docker:stable-dind + - docker:dind script: - mkdir gitlab-exporter # Busybox wget does not support proxied HTTPS, get the real thing. diff --git a/lib/gitlab/ci/templates/Verify/Load-Performance-Testing.gitlab-ci.yml b/lib/gitlab/ci/templates/Verify/Load-Performance-Testing.gitlab-ci.yml index bf5cfbb519d..a907915587a 100644 --- a/lib/gitlab/ci/templates/Verify/Load-Performance-Testing.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Verify/Load-Performance-Testing.gitlab-ci.yml @@ -15,13 +15,13 @@ load_performance: stage: performance image: docker:git variables: - K6_IMAGE: loadimpact/k6 - K6_VERSION: 0.27.0 + K6_IMAGE: grafana/k6 + K6_VERSION: 0.41.0 K6_TEST_FILE: raw.githubusercontent.com/grafana/k6/master/samples/http_get.js K6_OPTIONS: '' K6_DOCKER_OPTIONS: '' services: - - docker:stable-dind + - docker:dind script: - docker run --rm -v "$(pwd)":/k6 -w /k6 $K6_DOCKER_OPTIONS $K6_IMAGE:$K6_VERSION run $K6_TEST_FILE --summary-export=load-performance.json $K6_OPTIONS artifacts: diff --git a/lib/gitlab/jira/http_client.rb b/lib/gitlab/jira/http_client.rb index 02b0c902a70..7abfe8e38e8 100644 --- a/lib/gitlab/jira/http_client.rb +++ b/lib/gitlab/jira/http_client.rb @@ -35,12 +35,6 @@ module Gitlab request_params[:base_uri] = uri.to_s request_params.merge!(auth_params) - if Feature.enabled?(:jira_raise_timeouts, type: :ops) - request_params[:open_timeout] = 2.minutes - request_params[:read_timeout] = 2.minutes - request_params[:write_timeout] = 2.minutes - end - result = Gitlab::HTTP.public_send(http_method, path, **request_params) # rubocop:disable GitlabSecurity/PublicSend @authenticated = result.response.is_a?(Net::HTTPOK) store_cookies(result) if options[:use_cookies] diff --git a/lib/gitlab/usage_data_counters/known_events/ci_templates.yml b/lib/gitlab/usage_data_counters/known_events/ci_templates.yml index 5b80f6c6c0d..b9f143a3a56 100644 --- a/lib/gitlab/usage_data_counters/known_events/ci_templates.yml +++ b/lib/gitlab/usage_data_counters/known_events/ci_templates.yml @@ -347,6 +347,14 @@ category: ci_templates redis_slot: ci_templates aggregation: weekly +- name: p_ci_templates_jobs_container_scanning + category: ci_templates + redis_slot: ci_templates + aggregation: weekly +- name: p_ci_templates_jobs_container_scanning_latest + category: ci_templates + redis_slot: ci_templates + aggregation: weekly - name: p_ci_templates_jobs_dependency_scanning_latest category: ci_templates redis_slot: ci_templates @@ -519,6 +527,10 @@ category: ci_templates redis_slot: ci_templates aggregation: weekly +- name: p_ci_templates_implicit_jobs_container_scanning + category: ci_templates + redis_slot: ci_templates + aggregation: weekly - name: p_ci_templates_implicit_jobs_dast_default_branch_deploy category: ci_templates redis_slot: ci_templates diff --git a/lib/security/ci_configuration/container_scanning_build_action.rb b/lib/security/ci_configuration/container_scanning_build_action.rb index 82f9f7d0320..f04c221fc40 100644 --- a/lib/security/ci_configuration/container_scanning_build_action.rb +++ b/lib/security/ci_configuration/container_scanning_build_action.rb @@ -12,7 +12,7 @@ module Security def template return 'Auto-DevOps.gitlab-ci.yml' if @auto_devops_enabled - 'Security/Container-Scanning.gitlab-ci.yml' + 'Jobs/Container-Scanning.gitlab-ci.yml' end def comment diff --git a/qa/qa/support/data/license.rb b/qa/qa/support/data/license.rb new file mode 100644 index 00000000000..cd4745fefcd --- /dev/null +++ b/qa/qa/support/data/license.rb @@ -0,0 +1,27 @@ +# frozen_string_literal: true + +module QA + module Support + module Data + module License + def license_user + 'GitLab QA' + end + + def license_company + 'QA User' + end + + def license_user_count + 10_000 + end + + def license_plan + QA::ULTIMATE_SELF_MANAGED + end + end + end + end +end + +QA::Support::Data::License.prepend_mod_with('Support::Data::License', namespace: QA) diff --git a/spec/lib/security/ci_configuration/container_scanning_build_action_spec.rb b/spec/lib/security/ci_configuration/container_scanning_build_action_spec.rb index 38066e41c53..5b1db66beb0 100644 --- a/spec/lib/security/ci_configuration/container_scanning_build_action_spec.rb +++ b/spec/lib/security/ci_configuration/container_scanning_build_action_spec.rb @@ -33,7 +33,7 @@ RSpec.describe Security::CiConfiguration::ContainerScanningBuildAction do RANDOM: make sure this persists include: - template: existing.yml - - template: Security/Container-Scanning.gitlab-ci.yml + - template: Jobs/Container-Scanning.gitlab-ci.yml CI_YML end @@ -85,7 +85,7 @@ RSpec.describe Security::CiConfiguration::ContainerScanningBuildAction do variables: RANDOM: make sure this persists include: - - template: Security/Container-Scanning.gitlab-ci.yml + - template: Jobs/Container-Scanning.gitlab-ci.yml CI_YML end @@ -93,7 +93,7 @@ RSpec.describe Security::CiConfiguration::ContainerScanningBuildAction do let(:gitlab_ci_content) do { "stages" => %w(test), "variables" => { "RANDOM" => "make sure this persists" }, - "include" => [{ "template" => "Security/Container-Scanning.gitlab-ci.yml" }] } + "include" => [{ "template" => "Jobs/Container-Scanning.gitlab-ci.yml" }] } end it 'generates the correct YML' do @@ -106,7 +106,7 @@ RSpec.describe Security::CiConfiguration::ContainerScanningBuildAction do let(:gitlab_ci_content) do { "stages" => %w(test), "variables" => { "RANDOM" => "make sure this persists" }, - "include" => { "template" => "Security/Container-Scanning.gitlab-ci.yml" } } + "include" => { "template" => "Jobs/Container-Scanning.gitlab-ci.yml" } } end it 'generates the correct YML' do @@ -138,7 +138,7 @@ RSpec.describe Security::CiConfiguration::ContainerScanningBuildAction do # DOCKER_USER: ... # DOCKER_PASSWORD: ... include: - - template: Security/Container-Scanning.gitlab-ci.yml + - template: Jobs/Container-Scanning.gitlab-ci.yml CI_YML end diff --git a/spec/models/integrations/jira_spec.rb b/spec/models/integrations/jira_spec.rb index 819dad9d46d..6cc5222fa43 100644 --- a/spec/models/integrations/jira_spec.rb +++ b/spec/models/integrations/jira_spec.rb @@ -466,7 +466,8 @@ RSpec.describe Integrations::Jira do end describe '#client' do - subject do + it 'uses the default GitLab::HTTP timeouts' do + timeouts = Gitlab::HTTP::DEFAULT_TIMEOUT_OPTIONS stub_request(:get, 'http://jira.example.com/foo') expect(Gitlab::HTTP).to receive(:httparty_perform_request) @@ -474,32 +475,6 @@ RSpec.describe Integrations::Jira do jira_integration.client.get('/foo') end - - context 'when the FF :jira_raise_timeouts is enabled' do - let(:timeouts) do - { - open_timeout: 2.minutes, - read_timeout: 2.minutes, - write_timeout: 2.minutes - } - end - - it 'uses custom timeouts' do - subject - end - end - - context 'when the FF :jira_raise_timeouts is disabled' do - before do - stub_feature_flags(jira_raise_timeouts: false) - end - - let(:timeouts) { Gitlab::HTTP::DEFAULT_TIMEOUT_OPTIONS } - - it 'uses the default GitLab::HTTP timeouts' do - subject - end - end end describe '#find_issue' do diff --git a/spec/models/user_preference_spec.rb b/spec/models/user_preference_spec.rb index d76334d7c9e..a6f64c90657 100644 --- a/spec/models/user_preference_spec.rb +++ b/spec/models/user_preference_spec.rb @@ -3,7 +3,9 @@ require 'spec_helper' RSpec.describe UserPreference do - let(:user_preference) { create(:user_preference) } + let_it_be(:user) { create(:user) } + + let(:user_preference) { create(:user_preference, user: user) } describe 'validations' do describe 'diffs_deletion_color and diffs_addition_color' do @@ -132,10 +134,24 @@ RSpec.describe UserPreference do describe '#tab_width' do it 'is set to 8 by default' do # Intentionally not using factory here to test the constructor. - pref = UserPreference.new + pref = described_class.new + + expect(pref.tab_width).to eq(8) + end + + it 'returns default value when assigning nil' do + pref = described_class.new(tab_width: nil) + expect(pref.tab_width).to eq(8) end + it 'returns default value when the value is NULL' do + pref = create(:user_preference, user: user) + pref.update_column(:tab_width, nil) + + expect(pref.reload.tab_width).to eq(8) + end + it do is_expected.to validate_numericality_of(:tab_width) .only_integer @@ -143,4 +159,141 @@ RSpec.describe UserPreference do .is_less_than_or_equal_to(12) end end + + describe '#tab_width=' do + it 'sets to default value when nil' do + pref = described_class.new(tab_width: nil) + + expect(pref.read_attribute(:tab_width)).to eq(8) + end + + it 'sets user values' do + pref = described_class.new(tab_width: 12) + + expect(pref.read_attribute(:tab_width)).to eq(12) + end + end + + describe '#time_display_relative' do + it 'is set to true by default' do + pref = described_class.new + + expect(pref.time_display_relative).to eq(true) + end + + it 'returns default value when assigning nil' do + pref = described_class.new(time_display_relative: nil) + + expect(pref.time_display_relative).to eq(true) + end + + it 'returns default value when the value is NULL' do + pref = create(:user_preference, user: user) + pref.update_column(:time_display_relative, nil) + + expect(pref.reload.time_display_relative).to eq(true) + end + + it 'returns assigned value' do + pref = described_class.new(time_display_relative: false) + + expect(pref.time_display_relative).to eq(false) + end + end + + describe '#time_display_relative=' do + it 'sets to default value when nil' do + pref = described_class.new(time_display_relative: nil) + + expect(pref.read_attribute(:time_display_relative)).to eq(true) + end + + it 'sets user values' do + pref = described_class.new(time_display_relative: false) + + expect(pref.read_attribute(:time_display_relative)).to eq(false) + end + end + + describe '#time_format_in_24h' do + it 'is set to false by default' do + pref = described_class.new + + expect(pref.time_format_in_24h).to eq(false) + end + + it 'returns default value when assigning nil' do + pref = described_class.new(time_format_in_24h: nil) + + expect(pref.time_format_in_24h).to eq(false) + end + + it 'returns default value when the value is NULL' do + pref = create(:user_preference, user: user) + pref.update_column(:time_format_in_24h, nil) + + expect(pref.reload.time_format_in_24h).to eq(false) + end + + it 'returns assigned value' do + pref = described_class.new(time_format_in_24h: true) + + expect(pref.time_format_in_24h).to eq(true) + end + end + + describe '#time_format_in_24h=' do + it 'sets to default value when nil' do + pref = described_class.new(time_format_in_24h: nil) + + expect(pref.read_attribute(:time_format_in_24h)).to eq(false) + end + + it 'sets user values' do + pref = described_class.new(time_format_in_24h: true) + + expect(pref.read_attribute(:time_format_in_24h)).to eq(true) + end + end + + describe '#render_whitespace_in_code' do + it 'is set to false by default' do + pref = described_class.new + + expect(pref.render_whitespace_in_code).to eq(false) + end + + it 'returns default value when assigning nil' do + pref = described_class.new(render_whitespace_in_code: nil) + + expect(pref.render_whitespace_in_code).to eq(false) + end + + it 'returns default value when the value is NULL' do + pref = create(:user_preference, user: user) + pref.update_column(:render_whitespace_in_code, nil) + + expect(pref.reload.render_whitespace_in_code).to eq(false) + end + + it 'returns assigned value' do + pref = described_class.new(render_whitespace_in_code: true) + + expect(pref.render_whitespace_in_code).to eq(true) + end + end + + describe '#render_whitespace_in_code=' do + it 'sets to default value when nil' do + pref = described_class.new(render_whitespace_in_code: nil) + + expect(pref.read_attribute(:render_whitespace_in_code)).to eq(false) + end + + it 'sets user values' do + pref = described_class.new(render_whitespace_in_code: true) + + expect(pref.read_attribute(:render_whitespace_in_code)).to eq(true) + end + end end diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index 7207ee0b172..08fa4555fef 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -146,6 +146,21 @@ RSpec.describe User do it { is_expected.to have_many(:project_callouts).class_name('Users::ProjectCallout') } it { is_expected.to have_many(:created_projects).dependent(:nullify).class_name('Project') } + describe 'default values' do + let(:user) { described_class.new } + + it { expect(user.admin).to be_falsey } + it { expect(user.external).to eq(Gitlab::CurrentSettings.user_default_external) } + it { expect(user.can_create_group).to eq(Gitlab::CurrentSettings.can_create_group) } + it { expect(user.can_create_team).to be_falsey } + it { expect(user.hide_no_ssh_key).to be_falsey } + it { expect(user.hide_no_password).to be_falsey } + it { expect(user.project_view).to eq('files') } + it { expect(user.notified_of_own_activity).to be_falsey } + it { expect(user.preferred_language).to eq(I18n.default_locale.to_s) } + it { expect(user.theme_id).to eq(described_class.gitlab_config.default_theme) } + end + describe '#user_detail' do it 'does not persist `user_detail` by default' do expect(create(:user).user_detail).not_to be_persisted @@ -417,7 +432,7 @@ RSpec.describe User do end it 'falls back to english when I18n.default_locale is not an available language' do - I18n.default_locale = :kl + allow(I18n).to receive(:default_locale) { :kl } default_preferred_language = user.send(:default_preferred_language) expect(user.preferred_language).to eq default_preferred_language diff --git a/spec/workers/namespaces/root_statistics_worker_spec.rb b/spec/workers/namespaces/root_statistics_worker_spec.rb index 30854415405..e047c94816f 100644 --- a/spec/workers/namespaces/root_statistics_worker_spec.rb +++ b/spec/workers/namespaces/root_statistics_worker_spec.rb @@ -92,7 +92,6 @@ RSpec.describe Namespaces::RootStatisticsWorker, '#perform' do it_behaves_like 'worker with data consistency', described_class, - feature_flag: :root_statistics_worker_read_replica, data_consistency: :sticky it 'has the `until_executed` deduplicate strategy' do |