diff options
author | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2017-03-21 14:22:56 +0100 |
---|---|---|
committer | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2017-03-21 14:22:56 +0100 |
commit | c5912ecd73560b730eda625c77d900ca23ab16d5 (patch) | |
tree | 8f7288b6209fb7e542e5d3bf867138ea6bde7faf /config | |
parent | 53d332d3c73f8a883fa54d8eaaf91f92da73c33f (diff) | |
parent | 1e5888d115df1973cd5af0aa95013dbbf29ddefd (diff) | |
download | gitlab-ce-c5912ecd73560b730eda625c77d900ca23ab16d5.tar.gz |
Merge branch 'master' into feature/multi-level-container-registry-images
* master: (1327 commits)
Merge branch 'render-json-leak' into 'security'
Merge branch 'ssrf' into 'security'
Merge branch 'ssrf' into 'security'
Merge branch 'fix-links-target-blank' into 'security'
Merge branch '28058-hide-emails-in-atom-feeds' into 'security'
Fix karma test
Reset filters after click
Handle Route#name being nil after an update
Only add frontend code coverage instrumentation when generating coverage report
fix recompile assets step in 9.0 upgrade guide to use yarn
Undo explicit conversion to Integer
Make level_value accept string integers
Make feature spec more robust
Removed d3.js from the main application.js bundle
Extend compound status for manual actions specs
Update css to be nice and tidy.
Fix pipeline status for transition between stages
add an index to the ghost column
Return 404 in project issues API endpoint when project cannot be found
Improve rename projects migration
...
Conflicts:
doc/ci/docker/using_docker_build.md
spec/lib/gitlab/import_export/all_models.yml
Diffstat (limited to 'config')
36 files changed, 376 insertions, 162 deletions
diff --git a/config/application.rb b/config/application.rb index 9088d3c432b..f9f01b66473 100644 --- a/config/application.rb +++ b/config/application.rb @@ -7,6 +7,7 @@ Bundler.require(:default, Rails.env) module Gitlab class Application < Rails::Application require_dependency Rails.root.join('lib/gitlab/redis') + require_dependency Rails.root.join('lib/gitlab/request_context') # Settings in config/environments/* take precedence over those specified here. # Application configuration should go into files in config/initializers @@ -25,7 +26,8 @@ module Gitlab #{config.root}/app/models/hooks #{config.root}/app/models/members #{config.root}/app/models/project_services - #{config.root}/app/workers/concerns)) + #{config.root}/app/workers/concerns + #{config.root}/app/services/concerns)) config.generators.templates.push("#{config.root}/generator_templates") @@ -90,6 +92,7 @@ module Gitlab # Enable the asset pipeline config.assets.enabled = true + # Support legacy unicode file named img emojis, `1F939.png` config.assets.paths << Gemojione.images_path config.assets.paths << "vendor/assets/fonts" config.assets.precompile << "*.png" @@ -100,9 +103,6 @@ module Gitlab config.assets.precompile << "katex.js" config.assets.precompile << "xterm/xterm.css" config.assets.precompile << "lib/ace.js" - config.assets.precompile << "lib/cropper.js" - config.assets.precompile << "lib/raphael.js" - config.assets.precompile << "u2f.js" config.assets.precompile << "vendor/assets/fonts/*" # Version of your assets, change this if you want to expire all your assets @@ -120,7 +120,7 @@ module Gitlab credentials: true, headers: :any, methods: :any, - expose: ['Link'] + expose: ['Link', 'X-Total', 'X-Total-Pages', 'X-Per-Page', 'X-Page', 'X-Next-Page', 'X-Prev-Page'] end # Cross-origin requests must not have the session cookie available @@ -130,7 +130,7 @@ module Gitlab credentials: false, headers: :any, methods: :any, - expose: ['Link'] + expose: ['Link', 'X-Total', 'X-Total-Pages', 'X-Per-Page', 'X-Page', 'X-Next-Page', 'X-Prev-Page'] end end diff --git a/config/dependency_decisions.yml b/config/dependency_decisions.yml index 7336d7c842a..072ed8a3864 100644 --- a/config/dependency_decisions.yml +++ b/config/dependency_decisions.yml @@ -320,3 +320,9 @@ :why: https://github.com/shinnn/spdx-license-ids/blob/v1.2.2/LICENSE :versions: [] :when: 2017-02-08 22:35:00.225232000 Z +- - :approve + - opener + - :who: Mike Greiling + :why: https://github.com/domenic/opener/blob/1.4.3/LICENSE.txt + :versions: [] + :when: 2017-02-21 22:33:41.729629000 Z diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example index a82ff605a70..ba7f6773985 100644 --- a/config/gitlab.yml.example +++ b/config/gitlab.yml.example @@ -89,7 +89,7 @@ production: &base issues: true merge_requests: true wiki: true - snippets: false + snippets: true builds: true container_registry: true @@ -157,8 +157,8 @@ production: &base host: example.com port: 80 # Set to 443 if you serve the pages with HTTPS https: false # Set to true if you serve the pages with HTTPS - # external_http: "1.1.1.1:80" # If defined, enables custom domain support in GitLab Pages - # external_https: "1.1.1.1:443" # If defined, enables custom domain and certificate support in GitLab Pages + # external_http: ["1.1.1.1:80", "[2001::1]:80"] # If defined, enables custom domain support in GitLab Pages + # external_https: ["1.1.1.1:443", "[2001::1]:443"] # If defined, enables custom domain and certificate support in GitLab Pages ## Mattermost ## For enabling Add to Mattermost button @@ -177,9 +177,9 @@ production: &base # Periodically executed jobs, to self-heal Gitlab, do external synchronizations, etc. # Please read here for more information: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job cron_jobs: - # Flag stuck CI builds as failed - stuck_ci_builds_worker: - cron: "0 0 * * *" + # Flag stuck CI jobs as failed + stuck_ci_jobs_worker: + cron: "0 * * * *" # Remove expired build artifacts expire_build_artifacts_worker: cron: "50 * * * *" @@ -441,19 +441,21 @@ production: &base shared: # path: /mnt/gitlab # Default: shared + # Gitaly settings + gitaly: + # The socket_path setting is optional and obsolete. When this is set + # GitLab assumes it can reach a Gitaly services via a Unix socket at + # this path. When this is commented out GitLab will not use Gitaly. + # + # This setting is obsolete because we expect it to be moved under + # repositories/storages in GitLab 9.1. + # + # socket_path: tmp/sockets/gitaly.socket # # 4. Advanced settings # ========================== - # GitLab Satellites - # - # Note for maintainers: keep the satellites.path setting until GitLab 9.0 at - # least. This setting is fed to 'rm -rf' in - # db/migrate/20151023144219_remove_satellites.rb - satellites: - path: /home/git/gitlab-satellites/ - ## Repositories settings repositories: # Paths where repositories can be stored. Give the canonicalized absolute pathname. @@ -461,7 +463,8 @@ production: &base # gitlab-shell invokes Dir.pwd inside the repository path and that results # real path not the symlink. storages: # You must have at least a `default` storage path. - default: /home/git/repositories/ + default: + path: /home/git/repositories/ ## Backup settings backup: @@ -483,6 +486,8 @@ production: &base # multipart_chunk_size: 104857600 # # Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for backups, this is optional # # encryption: 'AES256' + # # Specifies Amazon S3 storage class to use for backups, this is optional + # # storage_class: 'STANDARD' ## GitLab Shell settings gitlab_shell: @@ -568,11 +573,10 @@ test: # In order to setup it correctly you need to specify # your system username you use to run GitLab # user: YOUR_USERNAME - satellites: - path: tmp/tests/gitlab-satellites/ repositories: storages: - default: tmp/tests/repositories/ + default: + path: tmp/tests/repositories/ backup: path: tmp/tests/backups gitlab_shell: @@ -586,7 +590,7 @@ test: new_issue_url: "http://redmine/projects/:issues_tracker_id/issues/new" jira: title: "JIRA" - url: https://sample_company.atlasian.net + url: https://sample_company.atlassian.net project_key: PROJECT ldap: enabled: false diff --git a/config/initializers/inflections.rb b/config/initializers/0_inflections.rb index d4197da3fa9..d4197da3fa9 100644 --- a/config/initializers/inflections.rb +++ b/config/initializers/0_inflections.rb diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb index 3f716dd8833..62020fa9a75 100644 --- a/config/initializers/1_settings.rb +++ b/config/initializers/1_settings.rb @@ -14,12 +14,15 @@ class Settings < Settingslogic end def build_gitlab_ci_url - if on_standard_port?(gitlab) - custom_port = nil - else - custom_port = ":#{gitlab.port}" - end - [ gitlab.protocol, + custom_port = + if on_standard_port?(gitlab) + nil + else + ":#{gitlab.port}" + end + + [ + gitlab.protocol, "://", gitlab.host, custom_port, @@ -80,7 +83,9 @@ class Settings < Settingslogic def base_url(config) custom_port = on_standard_port?(config) ? nil : ":#{config.port}" - [ config.protocol, + + [ + config.protocol, "://", config.host, custom_port @@ -160,15 +165,16 @@ if github_settings github_settings["args"] ||= Settingslogic.new({}) - if github_settings["url"].include?(github_default_url) - github_settings["args"]["client_options"] = OmniAuth::Strategies::GitHub.default_options[:client_options] - else - github_settings["args"]["client_options"] = { - "site" => File.join(github_settings["url"], "api/v3"), - "authorize_url" => File.join(github_settings["url"], "login/oauth/authorize"), - "token_url" => File.join(github_settings["url"], "login/oauth/access_token") - } - end + github_settings["args"]["client_options"] = + if github_settings["url"].include?(github_default_url) + OmniAuth::Strategies::GitHub.default_options[:client_options] + else + { + "site" => File.join(github_settings["url"], "api/v3"), + "authorize_url" => File.join(github_settings["url"], "login/oauth/authorize"), + "token_url" => File.join(github_settings["url"], "login/oauth/access_token") + } + end end Settings['shared'] ||= Settingslogic.new({}) @@ -180,7 +186,7 @@ Settings['issues_tracker'] ||= {} # GitLab # Settings['gitlab'] ||= Settingslogic.new({}) -Settings.gitlab['default_projects_limit'] ||= 10 +Settings.gitlab['default_projects_limit'] ||= 100000 Settings.gitlab['default_branch_protection'] ||= 2 Settings.gitlab['default_can_create_group'] = true if Settings.gitlab['default_can_create_group'].nil? Settings.gitlab['host'] ||= ENV['GITLAB_HOST'] || 'localhost' @@ -215,7 +221,7 @@ Settings.gitlab['session_expire_delay'] ||= 10080 Settings.gitlab.default_projects_features['issues'] = true if Settings.gitlab.default_projects_features['issues'].nil? Settings.gitlab.default_projects_features['merge_requests'] = true if Settings.gitlab.default_projects_features['merge_requests'].nil? Settings.gitlab.default_projects_features['wiki'] = true if Settings.gitlab.default_projects_features['wiki'].nil? -Settings.gitlab.default_projects_features['snippets'] = false if Settings.gitlab.default_projects_features['snippets'].nil? +Settings.gitlab.default_projects_features['snippets'] = true if Settings.gitlab.default_projects_features['snippets'].nil? Settings.gitlab.default_projects_features['builds'] = true if Settings.gitlab.default_projects_features['builds'].nil? Settings.gitlab.default_projects_features['container_registry'] = true if Settings.gitlab.default_projects_features['container_registry'].nil? Settings.gitlab.default_projects_features['visibility_level'] = Settings.send(:verify_constant, Gitlab::VisibilityLevel, Settings.gitlab.default_projects_features['visibility_level'], Gitlab::VisibilityLevel::PRIVATE) @@ -272,8 +278,8 @@ Settings.pages['host'] ||= "example.com" Settings.pages['port'] ||= Settings.pages.https ? 443 : 80 Settings.pages['protocol'] ||= Settings.pages.https ? "https" : "http" Settings.pages['url'] ||= Settings.send(:build_pages_url) -Settings.pages['external_http'] ||= false if Settings.pages['external_http'].nil? -Settings.pages['external_https'] ||= false if Settings.pages['external_https'].nil? +Settings.pages['external_http'] ||= false unless Settings.pages['external_http'].present? +Settings.pages['external_https'] ||= false unless Settings.pages['external_https'].present? # # Git LFS @@ -302,9 +308,9 @@ Settings.gravatar['host'] = Settings.host_without_www(Settings.gravatar[ # Cron Jobs # Settings['cron_jobs'] ||= Settingslogic.new({}) -Settings.cron_jobs['stuck_ci_builds_worker'] ||= Settingslogic.new({}) -Settings.cron_jobs['stuck_ci_builds_worker']['cron'] ||= '0 0 * * *' -Settings.cron_jobs['stuck_ci_builds_worker']['job_class'] = 'StuckCiBuildsWorker' +Settings.cron_jobs['stuck_ci_jobs_worker'] ||= Settingslogic.new({}) +Settings.cron_jobs['stuck_ci_jobs_worker']['cron'] ||= '0 * * * *' +Settings.cron_jobs['stuck_ci_jobs_worker']['job_class'] = 'StuckCiJobsWorker' Settings.cron_jobs['expire_build_artifacts_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['expire_build_artifacts_worker']['cron'] ||= '50 * * * *' Settings.cron_jobs['expire_build_artifacts_worker']['job_class'] = 'ExpireBuildArtifactsWorker' @@ -360,8 +366,13 @@ Settings.gitlab_shell['ssh_path_prefix'] ||= Settings.send(:build_gitlab_shell_s # Settings['repositories'] ||= Settingslogic.new({}) Settings.repositories['storages'] ||= {} -# Setting gitlab_shell.repos_path is DEPRECATED and WILL BE REMOVED in version 9.0 -Settings.repositories.storages['default'] ||= Settings.gitlab_shell['repos_path'] || Settings.gitlab['user_home'] + '/repositories/' +unless Settings.repositories.storages['default'] + Settings.repositories.storages['default'] ||= {} + # We set the path only if the default storage doesn't exist, in case it exists + # but follows the pre-9.0 configuration structure. `6_validations.rb` initializer + # will validate all storages and throw a relevant error to the user if necessary. + Settings.repositories.storages['default']['path'] ||= Settings.gitlab['user_home'] + '/repositories/' +end # # The repository_downloads_path is used to remove outdated repository @@ -370,11 +381,11 @@ Settings.repositories.storages['default'] ||= Settings.gitlab_shell['repos_path' # data-integrity issue. In this case, we sets it to the default # repository_downloads_path value. # -repositories_storages_path = Settings.repositories.storages.values +repositories_storages = Settings.repositories.storages.values repository_downloads_path = Settings.gitlab['repository_downloads_path'].to_s.gsub(/\/$/, '') repository_downloads_full_path = File.expand_path(repository_downloads_path, Settings.gitlab['user_home']) -if repository_downloads_path.blank? || repositories_storages_path.any? { |path| [repository_downloads_path, repository_downloads_full_path].include?(path.gsub(/\/$/, '')) } +if repository_downloads_path.blank? || repositories_storages.any? { |rs| [repository_downloads_path, repository_downloads_full_path].include?(rs['path'].gsub(/\/$/, '')) } Settings.gitlab['repository_downloads_path'] = File.join(Settings.shared['path'], 'cache/archive') end @@ -393,6 +404,7 @@ if Settings.backup['upload']['connection'] end Settings.backup['upload']['multipart_chunk_size'] ||= 104857600 Settings.backup['upload']['encryption'] ||= nil +Settings.backup['upload']['storage_class'] ||= nil # # Git diff --git a/config/initializers/6_validations.rb b/config/initializers/6_validations.rb index d92f64e1647..9e24f42d284 100644 --- a/config/initializers/6_validations.rb +++ b/config/initializers/6_validations.rb @@ -4,8 +4,8 @@ end def find_parent_path(name, path) parent = Pathname.new(path).realpath.parent - Gitlab.config.repositories.storages.detect do |n, p| - name != n && Pathname.new(p).realpath == parent + Gitlab.config.repositories.storages.detect do |n, rs| + name != n && Pathname.new(rs['path']).realpath == parent end end @@ -13,17 +13,33 @@ def storage_validation_error(message) raise "#{message}. Please fix this in your gitlab.yml before starting GitLab." end -def validate_storages +def validate_storages_config storage_validation_error('No repository storage path defined') if Gitlab.config.repositories.storages.empty? - Gitlab.config.repositories.storages.each do |name, path| + Gitlab.config.repositories.storages.each do |name, repository_storage| storage_validation_error("\"#{name}\" is not a valid storage name") unless storage_name_valid?(name) - parent_name, _parent_path = find_parent_path(name, path) + if repository_storage.is_a?(String) + raise "#{name} is not a valid storage, because it has no `path` key. " \ + "It may be configured as:\n\n#{name}:\n path: #{repository_storage}\n\n" \ + "For source installations, update your config/gitlab.yml Refer to gitlab.yml.example for an updated example.\n\n" \ + "If you're using the Gitlab Development Kit, you can update your configuration running `gdk reconfigure`.\n" + end + + if !repository_storage.is_a?(Hash) || repository_storage['path'].nil? + storage_validation_error("#{name} is not a valid storage, because it has no `path` key. Refer to gitlab.yml.example for an updated example") + end + end +end + +def validate_storages_paths + Gitlab.config.repositories.storages.each do |name, repository_storage| + parent_name, _parent_path = find_parent_path(name, repository_storage['path']) if parent_name storage_validation_error("#{name} is a nested path of #{parent_name}. Nested paths are not supported for repository storages") end end end -validate_storages unless Rails.env.test? || ENV['SKIP_STORAGE_VALIDATION'] == 'true' +validate_storages_config +validate_storages_paths unless Rails.env.test? || ENV['SKIP_STORAGE_VALIDATION'] == 'true' diff --git a/config/initializers/8_gitaly.rb b/config/initializers/8_gitaly.rb new file mode 100644 index 00000000000..07dd30f0a24 --- /dev/null +++ b/config/initializers/8_gitaly.rb @@ -0,0 +1,2 @@ +# Make sure we initialize a Gitaly channel before Sidekiq starts multi-threaded execution. +Gitlab::GitalyClient.channel unless Rails.env.test? diff --git a/config/initializers/metrics.rb b/config/initializers/8_metrics.rb index e0702e06cc9..5e0eefdb154 100644 --- a/config/initializers/metrics.rb +++ b/config/initializers/8_metrics.rb @@ -20,13 +20,17 @@ def instrument_classes(instrumentation) # Path to search => prefix to strip from constant paths_to_instrument = { - ['app', 'finders'] => ['app', 'finders'], - ['app', 'mailers', 'emails'] => ['app', 'mailers'], - ['app', 'services', '**'] => ['app', 'services'], - ['lib', 'gitlab', 'conflicts'] => ['lib'], - ['lib', 'gitlab', 'diff'] => ['lib'], - ['lib', 'gitlab', 'email', 'message'] => ['lib'], - ['lib', 'gitlab', 'checks'] => ['lib'] + %w(app finders) => %w(app finders), + %w(app mailers emails) => %w(app mailers), + # Don't instrument `app/services/concerns` + # It contains modules that are included in the services. + # The services themselves are instrumented so the methods from the modules + # are included. + %w(app services [^concerns]**) => %w(app services), + %w(lib gitlab conflicts) => ['lib'], + %w(lib gitlab diff) => ['lib'], + %w(lib gitlab email message) => ['lib'], + %w(lib gitlab checks) => ['lib'] } paths_to_instrument.each do |(path, prefix)| @@ -120,9 +124,9 @@ if Gitlab::Metrics.enabled? # These are manually require'd so the classes are registered properly with # ActiveSupport. - require 'gitlab/metrics/subscribers/action_view' - require 'gitlab/metrics/subscribers/active_record' - require 'gitlab/metrics/subscribers/rails_cache' + require_dependency 'gitlab/metrics/subscribers/action_view' + require_dependency 'gitlab/metrics/subscribers/active_record' + require_dependency 'gitlab/metrics/subscribers/rails_cache' Gitlab::Application.configure do |config| config.middleware.use(Gitlab::Metrics::RackMiddleware) diff --git a/config/initializers/acts_as_taggable.rb b/config/initializers/acts_as_taggable.rb new file mode 100644 index 00000000000..c564c0cab11 --- /dev/null +++ b/config/initializers/acts_as_taggable.rb @@ -0,0 +1,5 @@ +ActsAsTaggableOn.strict_case_match = true + +# tags_counter enables caching count of tags which results in an update whenever a tag is added or removed +# since the count is not used anywhere its better performance wise to disable this cache +ActsAsTaggableOn.tags_counter = false diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 738dbeefc11..3b1317030bc 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -24,7 +24,7 @@ Devise.setup do |config| # session. If you need permissions, you should implement that in a before filter. # You can also supply a hash where the value is a boolean determining whether # or not authentication should be aborted when the value is not present. - config.authentication_keys = [ :login ] + config.authentication_keys = [:login] # Configure parameters from the request object used for authentication. Each entry # given should be a request method and it will automatically be passed to the @@ -36,12 +36,12 @@ Devise.setup do |config| # Configure which authentication keys should be case-insensitive. # These keys will be downcased upon creating or modifying a user and when used # to authenticate or find a user. Default is :email. - config.case_insensitive_keys = [ :email ] + config.case_insensitive_keys = [:email] # Configure which authentication keys should have whitespace stripped. # These keys will have whitespace before and after removed upon creating or # modifying a user and when used to authenticate or find a user. Default is :email. - config.strip_whitespace_keys = [ :email ] + config.strip_whitespace_keys = [:email] # Tell if authentication through request.params is enabled. True by default. # config.params_authenticatable = true @@ -124,7 +124,7 @@ Devise.setup do |config| config.lock_strategy = :failed_attempts # Defines which key will be used when locking and unlocking an account - config.unlock_keys = [ :email ] + config.unlock_keys = [:email] # Defines which strategy will be used to unlock an account. # :email = Sends an unlock link to the user email diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb index 88cd0f5f652..a5636765774 100644 --- a/config/initializers/doorkeeper.rb +++ b/config/initializers/doorkeeper.rb @@ -6,9 +6,14 @@ Doorkeeper.configure do # This block will be called to check whether the resource owner is authenticated or not. resource_owner_authenticator do # Put your resource owner authentication logic here. - # Ensure user is redirected to redirect_uri after login - session[:user_return_to] = request.fullpath - current_user || redirect_to(new_user_session_url) + if current_user + current_user + else + # Ensure user is redirected to redirect_uri after login + session[:user_return_to] = request.fullpath + redirect_to(new_user_session_url) + nil + end end resource_owner_from_credentials do |routes| diff --git a/config/initializers/doorkeeper_openid_connect.rb b/config/initializers/doorkeeper_openid_connect.rb new file mode 100644 index 00000000000..700ca25b884 --- /dev/null +++ b/config/initializers/doorkeeper_openid_connect.rb @@ -0,0 +1,36 @@ +Doorkeeper::OpenidConnect.configure do + issuer Gitlab.config.gitlab.url + + jws_private_key Rails.application.secrets.jws_private_key + + resource_owner_from_access_token do |access_token| + User.active.find_by(id: access_token.resource_owner_id) + end + + auth_time_from_resource_owner do |user| + user.current_sign_in_at + end + + reauthenticate_resource_owner do |user, return_to| + store_location_for user, return_to + sign_out user + redirect_to new_user_session_url + end + + subject do |user| + # hash the user's ID with the Rails secret_key_base to avoid revealing it + Digest::SHA256.hexdigest "#{user.id}-#{Rails.application.secrets.secret_key_base}" + end + + claims do + with_options scope: :openid do |o| + o.claim(:name) { |user| user.name } + o.claim(:nickname) { |user| user.username } + o.claim(:email) { |user| user.public_email } + o.claim(:email_verified) { |user| true if user.public_email? } + o.claim(:website) { |user| user.full_website_url if user.website_url? } + o.claim(:profile) { |user| Rails.application.routes.url_helpers.user_url user } + o.claim(:picture) { |user| user.avatar_url } + end + end +end diff --git a/config/initializers/etag_caching.rb b/config/initializers/etag_caching.rb new file mode 100644 index 00000000000..eba88801141 --- /dev/null +++ b/config/initializers/etag_caching.rb @@ -0,0 +1,4 @@ +# This middleware has to come after Gitlab::Metrics::RackMiddleware +# in the middleware stack, because it tracks events with +# GitLab Performance Monitoring +Rails.application.config.middleware.use(Gitlab::EtagCaching::Middleware) diff --git a/config/initializers/fix_local_cache_middleware.rb b/config/initializers/fix_local_cache_middleware.rb new file mode 100644 index 00000000000..cb37f9ed22c --- /dev/null +++ b/config/initializers/fix_local_cache_middleware.rb @@ -0,0 +1,24 @@ +module LocalCacheRegistryCleanupWithEnsure + LocalCacheRegistry = + ActiveSupport::Cache::Strategy::LocalCache::LocalCacheRegistry + LocalStore = + ActiveSupport::Cache::Strategy::LocalCache::LocalStore + + def call(env) + LocalCacheRegistry.set_cache_for(local_cache_key, LocalStore.new) + response = @app.call(env) + response[2] = ::Rack::BodyProxy.new(response[2]) do + LocalCacheRegistry.set_cache_for(local_cache_key, nil) + end + cleanup_after_response = true # ADDED THIS LINE + response + rescue Rack::Utils::InvalidParameterError + [400, {}, []] + ensure # ADDED ensure CLAUSE to cleanup when something is thrown + LocalCacheRegistry.set_cache_for(local_cache_key, nil) unless + cleanup_after_response + end +end + +ActiveSupport::Cache::Strategy::LocalCache::Middleware + .prepend(LocalCacheRegistryCleanupWithEnsure) diff --git a/config/initializers/gollum.rb b/config/initializers/gollum.rb index 703f24f93b2..1ebe3c7a742 100644 --- a/config/initializers/gollum.rb +++ b/config/initializers/gollum.rb @@ -1,5 +1,5 @@ module Gollum - GIT_ADAPTER = "rugged" + GIT_ADAPTER = "rugged".freeze end require "gollum-lib" diff --git a/config/initializers/health_check.rb b/config/initializers/health_check.rb index 4c91a61fb4a..959daa93f78 100644 --- a/config/initializers/health_check.rb +++ b/config/initializers/health_check.rb @@ -1,4 +1,4 @@ HealthCheck.setup do |config| - config.standard_checks = ['database', 'migrations', 'cache'] - config.full_checks = ['database', 'migrations', 'cache'] + config.standard_checks = %w(database migrations cache) + config.full_checks = %w(database migrations cache) end diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb index ab5a0561b8c..f7fa6d1c2de 100644 --- a/config/initializers/omniauth.rb +++ b/config/initializers/omniauth.rb @@ -20,15 +20,12 @@ OmniAuth.config.before_request_phase do |env| end if Gitlab.config.omniauth.enabled - Gitlab.config.omniauth.providers.each do |provider| - if provider['name'] == 'kerberos' - require 'omniauth-kerberos' - end - end + provider_names = Gitlab.config.omniauth.providers.map(&:name) + require 'omniauth-kerberos' if provider_names.include?('kerberos') end module OmniAuth module Strategies - autoload :Bitbucket, Rails.root.join('lib', 'omniauth', 'strategies', 'bitbucket') + autoload :Bitbucket, Rails.root.join('lib', 'omni_auth', 'strategies', 'bitbucket') end end diff --git a/config/initializers/request_context.rb b/config/initializers/request_context.rb new file mode 100644 index 00000000000..0b485fc1adc --- /dev/null +++ b/config/initializers/request_context.rb @@ -0,0 +1,3 @@ +Rails.application.configure do |config| + config.middleware.insert_after RequestStore::Middleware, Gitlab::RequestContext +end diff --git a/config/initializers/rspec_profiling.rb b/config/initializers/rspec_profiling.rb index 0ef9f51e5cf..70177995356 100644 --- a/config/initializers/rspec_profiling.rb +++ b/config/initializers/rspec_profiling.rb @@ -1,22 +1,41 @@ -module RspecProfilingConnection - def establish_connection - ::RspecProfiling::Collectors::PSQL::Result.establish_connection(ENV['RSPEC_PROFILING_POSTGRES_URL']) +module RspecProfilingExt + module PSQL + def establish_connection + ::RspecProfiling::Collectors::PSQL::Result.establish_connection(ENV['RSPEC_PROFILING_POSTGRES_URL']) + end end -end -module RspecProfilingGitBranchCi - def branch - ENV['CI_BUILD_REF_NAME'] || super + module Git + def branch + ENV['CI_COMMIT_REF_NAME'] || super + end + end + + module Run + def example_finished(*args) + super + rescue => err + return if @already_logged_example_finished_error + + $stderr.puts "rspec_profiling couldn't collect an example: #{err}. Further warnings suppressed." + @already_logged_example_finished_error = true + end + + alias_method :example_passed, :example_finished + alias_method :example_failed, :example_finished end end if Rails.env.test? RspecProfiling.configure do |config| if ENV['RSPEC_PROFILING_POSTGRES_URL'] - RspecProfiling::Collectors::PSQL.prepend(RspecProfilingConnection) + RspecProfiling::Collectors::PSQL.prepend(RspecProfilingExt::PSQL) config.collector = RspecProfiling::Collectors::PSQL end end - RspecProfiling::VCS::Git.prepend(RspecProfilingGitBranchCi) if ENV.has_key?('CI') + if ENV.has_key?('CI') + RspecProfiling::VCS::Git.prepend(RspecProfilingExt::Git) + RspecProfiling::Run.prepend(RspecProfilingExt::Run) + end end diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb index 291fa6c0abc..f9c1d2165d3 100644 --- a/config/initializers/secret_token.rb +++ b/config/initializers/secret_token.rb @@ -24,7 +24,8 @@ def create_tokens defaults = { secret_key_base: file_secret_key || generate_new_secure_token, otp_key_base: env_secret_key || file_secret_key || generate_new_secure_token, - db_key_base: generate_new_secure_token + db_key_base: generate_new_secure_token, + jws_private_key: generate_new_rsa_private_key } missing_secrets = set_missing_keys(defaults) @@ -41,6 +42,10 @@ def generate_new_secure_token SecureRandom.hex(64) end +def generate_new_rsa_private_key + OpenSSL::PKey::RSA.new(2048).to_pem +end + def warn_missing_secret(secret) warn "Missing Rails.application.secrets.#{secret} for #{Rails.env} environment. The secret will be generated and stored in config/secrets.yml." end diff --git a/config/initializers/sidekiq.rb b/config/initializers/sidekiq.rb index 0c4516b70f0..ecd73956488 100644 --- a/config/initializers/sidekiq.rb +++ b/config/initializers/sidekiq.rb @@ -19,6 +19,12 @@ Sidekiq.configure_server do |config| chain.add Gitlab::SidekiqStatus::ClientMiddleware end + config.on :startup do + # Clear any connections that might have been obtained before starting + # Sidekiq (e.g. in an initializer). + ActiveRecord::Base.clear_all_connections! + end + # Sidekiq-cron: load recurring jobs from gitlab.yml # UGLY Hack to get nested hash from settingslogic cron_jobs = JSON.parse(Gitlab.config.cron_jobs.to_json) @@ -36,7 +42,7 @@ Sidekiq.configure_server do |config| Gitlab::SidekiqThrottler.execute! - config = ActiveRecord::Base.configurations[Rails.env] || + config = Gitlab::Database.config || Rails.application.config.database_configuration[Rails.env] config['pool'] = Sidekiq.options[:concurrency] ActiveRecord::Base.establish_connection(config) diff --git a/config/initializers/trusted_proxies.rb b/config/initializers/trusted_proxies.rb index cd869657c53..fc4f02453d7 100644 --- a/config/initializers/trusted_proxies.rb +++ b/config/initializers/trusted_proxies.rb @@ -21,4 +21,4 @@ gitlab_trusted_proxies = Array(Gitlab.config.gitlab.trusted_proxies).map do |pro end.compact Rails.application.config.action_dispatch.trusted_proxies = ( - [ '127.0.0.1', '::1' ] + gitlab_trusted_proxies) + ['127.0.0.1', '::1'] + gitlab_trusted_proxies) diff --git a/config/initializers/warden.rb b/config/initializers/warden.rb new file mode 100644 index 00000000000..3d83fb92d56 --- /dev/null +++ b/config/initializers/warden.rb @@ -0,0 +1,5 @@ +Rails.application.configure do |config| + Warden::Manager.after_set_user do |user, auth, opts| + Gitlab::Auth::UniqueIpsLimiter.limit_user!(user) + end +end diff --git a/config/initializers/workhorse_multipart.rb b/config/initializers/workhorse_multipart.rb index 84d809741c4..064e5964f09 100644 --- a/config/initializers/workhorse_multipart.rb +++ b/config/initializers/workhorse_multipart.rb @@ -10,7 +10,7 @@ end # module Gitlab module StrongParameterScalars - GITLAB_PERMITTED_SCALAR_TYPES = [::UploadedFile] + GITLAB_PERMITTED_SCALAR_TYPES = [::UploadedFile].freeze def permitted_scalar?(value) super || GITLAB_PERMITTED_SCALAR_TYPES.any? { |type| value.is_a?(type) } diff --git a/config/karma.config.js b/config/karma.config.js index 2f3cc932413..eb082dd28bf 100644 --- a/config/karma.config.js +++ b/config/karma.config.js @@ -1,22 +1,23 @@ var path = require('path'); +var webpack = require('webpack'); var webpackConfig = require('./webpack.config.js'); var ROOT_PATH = path.resolve(__dirname, '..'); -// add coverage instrumentation to babel config -if (webpackConfig && webpackConfig.module && webpackConfig.module.rules) { - var babelConfig = webpackConfig.module.rules.find(function (rule) { - return rule.loader === 'babel-loader'; +// remove problematic plugins +if (webpackConfig.plugins) { + webpackConfig.plugins = webpackConfig.plugins.filter(function (plugin) { + return !( + plugin instanceof webpack.optimize.CommonsChunkPlugin || + plugin instanceof webpack.DefinePlugin + ); }); - - babelConfig.options = babelConfig.options || {}; - babelConfig.options.plugins = babelConfig.options.plugins || []; - babelConfig.options.plugins.push('istanbul'); } // Karma configuration module.exports = function(config) { var progressReporter = process.env.CI ? 'mocha' : 'progress'; - config.set({ + + var karmaConfig = { basePath: ROOT_PATH, browsers: ['PhantomJS'], frameworks: ['jasmine'], @@ -25,16 +26,22 @@ module.exports = function(config) { { pattern: 'spec/javascripts/fixtures/**/*@(.json|.html|.html.raw)', included: false }, ], preprocessors: { - 'spec/javascripts/**/*.js?(.es6)': ['webpack', 'sourcemap'], + 'spec/javascripts/**/*.js': ['webpack', 'sourcemap'], }, - reporters: [progressReporter, 'coverage-istanbul'], - coverageIstanbulReporter: { + reporters: [progressReporter], + webpack: webpackConfig, + webpackMiddleware: { stats: 'errors-only' }, + }; + + if (process.env.BABEL_ENV === 'coverage' || process.env.NODE_ENV === 'coverage') { + karmaConfig.reporters.push('coverage-istanbul'); + karmaConfig.coverageIstanbulReporter = { reports: ['html', 'text-summary'], dir: 'coverage-javascript/', subdir: '.', fixWebpackSourcePaths: true - }, - webpack: webpackConfig, - webpackMiddleware: { stats: 'errors-only' }, - }); + }; + } + + config.set(karmaConfig); }; diff --git a/config/locales/doorkeeper.en.yml b/config/locales/doorkeeper.en.yml index 1d728282d90..14d49885fb3 100644 --- a/config/locales/doorkeeper.en.yml +++ b/config/locales/doorkeeper.en.yml @@ -60,6 +60,7 @@ en: scopes: api: Access your API read_user: Read user information + openid: Authenticate using OpenID Connect flash: applications: diff --git a/config/newrelic.yml b/config/newrelic.yml deleted file mode 100644 index 9ef922a38d9..00000000000 --- a/config/newrelic.yml +++ /dev/null @@ -1,16 +0,0 @@ -# New Relic configuration file -# -# This file is here to make sure the New Relic gem stays -# quiet by default. -# -# To enable and configure New Relic, please use -# environment variables, e.g. NEW_RELIC_ENABLED=true - -production: - enabled: false - -development: - enabled: false - -test: - enabled: false diff --git a/config/routes.rb b/config/routes.rb index 06d565df469..1a851da6203 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -22,14 +22,13 @@ Rails.application.routes.draw do authorizations: 'oauth/authorizations' end + use_doorkeeper_openid_connect + # Autocomplete get '/autocomplete/users' => 'autocomplete#users' get '/autocomplete/users/:id' => 'autocomplete#user' get '/autocomplete/projects' => 'autocomplete#projects' - # Emojis - resources :emojis, only: :index - # Search get 'search' => 'search#show' get 'search/autocomplete' => 'search#autocomplete', as: :search_autocomplete diff --git a/config/routes/admin.rb b/config/routes/admin.rb index b09c05826a7..fcbe2e2c435 100644 --- a/config/routes/admin.rb +++ b/config/routes/admin.rb @@ -2,6 +2,11 @@ namespace :admin do resources :users, constraints: { id: /[a-zA-Z.\/0-9_\-]+/ } do resources :keys, only: [:show, :destroy] resources :identities, except: [:show] + resources :impersonation_tokens, only: [:index, :create] do + member do + put :revoke + end + end member do get :projects diff --git a/config/routes/ci.rb b/config/routes/ci.rb index 47a049d5b20..8d23aa8fbf6 100644 --- a/config/routes/ci.rb +++ b/config/routes/ci.rb @@ -5,11 +5,5 @@ namespace :ci do resource :lint, only: [:show, :create] - resources :projects, only: [:index, :show] do - member do - get :status, to: 'projects#badge' - end - end - - root to: 'projects#index' + root to: redirect('/') end diff --git a/config/routes/dashboard.rb b/config/routes/dashboard.rb index adc3ad207cc..8e380a0b0ac 100644 --- a/config/routes/dashboard.rb +++ b/config/routes/dashboard.rb @@ -13,6 +13,7 @@ resource :dashboard, controller: 'dashboard', only: [] do resources :todos, only: [:index, :destroy] do collection do delete :destroy_all + patch :bulk_restore end member do patch :restore diff --git a/config/routes/profile.rb b/config/routes/profile.rb index 6b91485da9e..07c341999ea 100644 --- a/config/routes/profile.rb +++ b/config/routes/profile.rb @@ -21,7 +21,7 @@ resource :profile, only: [:show, :update] do end end resource :preferences, only: [:show, :update] - resources :keys, only: [:index, :show, :new, :create, :destroy] + resources :keys, only: [:index, :show, :create, :destroy] resources :emails, only: [:index, :create, :destroy] resources :chat_names, only: [:index, :new, :create, :destroy] do collection do diff --git a/config/routes/project.rb b/config/routes/project.rb index 84f123ff717..44b8ae7aedd 100644 --- a/config/routes/project.rb +++ b/config/routes/project.rb @@ -13,7 +13,6 @@ constraints(ProjectUrlConstrainer.new) do resources :autocomplete_sources, only: [] do collection do - get 'emojis' get 'members' get 'issues' get 'merge_requests' @@ -58,6 +57,7 @@ constraints(ProjectUrlConstrainer.new) do resources :graphs, only: [:show], constraints: { id: Gitlab::Regex.git_reference_regex } do member do + get :charts get :commits get :ci get :languages @@ -100,7 +100,7 @@ constraints(ProjectUrlConstrainer.new) do get :merge_check post :merge get :merge_widget_refresh - post :cancel_merge_when_build_succeeds + post :cancel_merge_when_pipeline_succeeds get :ci_status get :ci_environments_status post :toggle_subscription @@ -135,11 +135,16 @@ constraints(ProjectUrlConstrainer.new) do resources :protected_branches, only: [:index, :show, :create, :update, :destroy], constraints: { id: Gitlab::Regex.git_reference_regex } resources :variables, only: [:index, :show, :update, :create, :destroy] - resources :triggers, only: [:index, :create, :destroy] + resources :triggers, only: [:index, :create, :edit, :update, :destroy] do + member do + post :take_ownership + end + end resources :pipelines, only: [:index, :new, :create, :show] do collection do resource :pipelines_settings, path: 'settings', only: [:show, :update] + get :charts end member do @@ -154,6 +159,7 @@ constraints(ProjectUrlConstrainer.new) do member do post :stop get :terminal + get :metrics get '/terminal.ws/authorize', to: 'environments#terminal_websocket_authorize', constraints: { format: nil } end @@ -265,7 +271,7 @@ constraints(ProjectUrlConstrainer.new) do resources :group_links, only: [:index, :create, :update, :destroy], constraints: { id: /\d+/ } - resources :notes, only: [:index, :create, :destroy, :update], concerns: :awardable, constraints: { id: /\d+/ } do + resources :notes, only: [:create, :destroy, :update], concerns: :awardable, constraints: { id: /\d+/ } do member do delete :delete_attachment post :resolve @@ -273,6 +279,8 @@ constraints(ProjectUrlConstrainer.new) do end end + get 'noteable/:target_type/:target_id/notes' => 'notes#index', as: 'noteable_notes' + resources :boards, only: [:index, :show] do scope module: :boards do resources :issues, only: [:index, :update] @@ -321,6 +329,7 @@ constraints(ProjectUrlConstrainer.new) do resource :members, only: [:show] resource :ci_cd, only: [:show], controller: 'ci_cd' resource :integrations, only: [:show] + resource :repository, only: [:show], controller: :repository end # Since both wiki and repository routing contains wildcard characters diff --git a/config/routes/wiki.rb b/config/routes/wiki.rb index dad746d59a1..a6b3f5d4693 100644 --- a/config/routes/wiki.rb +++ b/config/routes/wiki.rb @@ -1,4 +1,4 @@ -WIKI_SLUG_ID = { id: /\S+/ } unless defined? WIKI_SLUG_ID +WIKI_SLUG_ID = { id: /\S+/ }.freeze unless defined? WIKI_SLUG_ID scope(controller: :wikis) do scope(path: 'wikis', as: :wikis) do diff --git a/config/sidekiq_queues.yml b/config/sidekiq_queues.yml index 97620cc9c7f..9d2066a6490 100644 --- a/config/sidekiq_queues.yml +++ b/config/sidekiq_queues.yml @@ -29,6 +29,7 @@ - [email_receiver, 2] - [emails_on_push, 2] - [mailers, 2] + - [upload_checksum, 1] - [use_key, 1] - [repository_fork, 1] - [repository_import, 1] @@ -51,3 +52,4 @@ - [cronjob, 1] - [default, 1] - [pages, 1] + - [system_hook_push, 1] diff --git a/config/webpack.config.js b/config/webpack.config.js index 15899993874..c6794d6b944 100644 --- a/config/webpack.config.js +++ b/config/webpack.config.js @@ -5,17 +5,22 @@ var path = require('path'); var webpack = require('webpack'); var StatsPlugin = require('stats-webpack-plugin'); var CompressionPlugin = require('compression-webpack-plugin'); +var BundleAnalyzerPlugin = require('webpack-bundle-analyzer').BundleAnalyzerPlugin; var ROOT_PATH = path.resolve(__dirname, '..'); var IS_PRODUCTION = process.env.NODE_ENV === 'production'; var IS_DEV_SERVER = process.argv[1].indexOf('webpack-dev-server') !== -1; var DEV_SERVER_PORT = parseInt(process.env.DEV_SERVER_PORT, 10) || 3808; var DEV_SERVER_LIVERELOAD = process.env.DEV_SERVER_LIVERELOAD !== 'false'; +var WEBPACK_REPORT = process.env.WEBPACK_REPORT; var config = { context: path.join(ROOT_PATH, 'app/assets/javascripts'), entry: { - application: './application.js', + common: './commons/index.js', + common_vue: ['vue', 'vue-resource'], + common_d3: ['d3'], + main: './main.js', blob_edit: './blob_edit/blob_edit_bundle.js', boards: './boards/boards_bundle.js', simulate_drag: './test_utils/simulate_drag.js', @@ -26,25 +31,25 @@ var config = { environments_folder: './environments/folder/environments_folder_bundle.js', filtered_search: './filtered_search/filtered_search_bundle.js', graphs: './graphs/graphs_bundle.js', + groups_list: './groups_list.js', issuable: './issuable/issuable_bundle.js', merge_conflicts: './merge_conflicts/merge_conflicts_bundle.js', merge_request_widget: './merge_request_widget/ci_bundle.js', + monitoring: './monitoring/monitoring_bundle.js', network: './network/network_bundle.js', profile: './profile/profile_bundle.js', protected_branches: './protected_branches/protected_branches_bundle.js', snippet: './snippet/snippet_bundle.js', terminal: './terminal/terminal_bundle.js', + u2f: ['vendor/u2f'], users: './users/users_bundle.js', - lib_chart: './lib/chart.js', - lib_d3: './lib/d3.js', - lib_vue: './lib/vue_resource.js', vue_pipelines: './vue_pipelines_index/index.js', }, output: { path: path.join(ROOT_PATH, 'public/assets/webpack'), publicPath: '/assets/webpack/', - filename: IS_PRODUCTION ? '[name]-[chunkhash].js' : '[name].js' + filename: IS_PRODUCTION ? '[name].[chunkhash].bundle.js' : '[name].bundle.js' }, devtool: 'inline-source-map', @@ -52,15 +57,13 @@ var config = { module: { rules: [ { - test: /\.(js|es6)$/, + test: /\.js$/, exclude: /(node_modules|vendor\/assets)/, - loader: 'babel-loader', - options: { - presets: [ - ["es2015", {"modules": false}], - 'stage-2' - ] - } + loader: 'babel-loader' + }, + { + test: /\.svg$/, + use: 'raw-loader' } ] }, @@ -75,17 +78,61 @@ var config = { modules: false, assets: true }), + + // prevent pikaday from including moment.js new webpack.IgnorePlugin(/moment/, /pikaday/), + + // fix legacy jQuery plugins which depend on globals + new webpack.ProvidePlugin({ + $: 'jquery', + jQuery: 'jquery', + }), + + // use deterministic module ids in all environments + IS_PRODUCTION ? + new webpack.HashedModuleIdsPlugin() : + new webpack.NamedModulesPlugin(), + + // create cacheable common library bundle for all vue chunks + new webpack.optimize.CommonsChunkPlugin({ + name: 'common_vue', + chunks: [ + 'boards', + 'commit_pipelines', + 'cycle_analytics', + 'diff_notes', + 'environments', + 'environments_folder', + 'issuable', + 'merge_conflicts', + 'vue_pipelines', + ], + minChunks: function(module, count) { + return module.resource && (/vue_shared/).test(module.resource); + }, + }), + + // create cacheable common library bundle for all d3 chunks + new webpack.optimize.CommonsChunkPlugin({ + name: 'common_d3', + chunks: ['graphs', 'users', 'monitoring'], + }), + + // create cacheable common library bundles + new webpack.optimize.CommonsChunkPlugin({ + names: ['main', 'common', 'runtime'], + }), ], resolve: { - extensions: ['.js', '.es6', '.js.es6'], + extensions: ['.js'], alias: { '~': path.join(ROOT_PATH, 'app/assets/javascripts'), - 'bootstrap/js': 'bootstrap-sass/assets/javascripts/bootstrap', - 'emoji-aliases$': path.join(ROOT_PATH, 'fixtures/emojis/aliases.json'), + 'emojis': path.join(ROOT_PATH, 'fixtures/emojis'), + 'empty_states': path.join(ROOT_PATH, 'app/views/shared/empty_states'), + 'icons': path.join(ROOT_PATH, 'app/views/shared/icons'), 'vendor': path.join(ROOT_PATH, 'vendor/assets/javascripts'), - 'vue$': IS_PRODUCTION ? 'vue/dist/vue.min.js' : 'vue/dist/vue.js', + 'vue$': 'vue/dist/vue.common.js', } } } @@ -120,4 +167,16 @@ if (IS_DEV_SERVER) { config.output.publicPath = '//localhost:' + DEV_SERVER_PORT + config.output.publicPath; } +if (WEBPACK_REPORT) { + config.plugins.push( + new BundleAnalyzerPlugin({ + analyzerMode: 'static', + generateStatsFile: true, + openAnalyzer: false, + reportFilename: path.join(ROOT_PATH, 'webpack-report/index.html'), + statsFilename: path.join(ROOT_PATH, 'webpack-report/stats.json'), + }) + ); +} + module.exports = config; |