summaryrefslogtreecommitdiff
path: root/config
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2019-10-22 11:31:16 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2019-10-22 11:31:16 +0000
commit905c1110b08f93a19661cf42a276c7ea90d0a0ff (patch)
tree756d138db422392c00471ab06acdff92c5a9b69c /config
parent50d93f8d1686950fc58dda4823c4835fd0d8c14b (diff)
downloadgitlab-ce-905c1110b08f93a19661cf42a276c7ea90d0a0ff.tar.gz
Add latest changes from gitlab-org/gitlab@12-4-stable-ee
Diffstat (limited to 'config')
-rw-r--r--config/application.rb49
-rw-r--r--config/brakeman.ignore24
-rw-r--r--config/environments/development.rb5
-rw-r--r--config/feature_categories.yml103
-rw-r--r--config/gitlab.yml.example33
-rw-r--r--config/helpers/is_ee_env.js11
-rw-r--r--config/initializers/0_inflections.rb1
-rw-r--r--config/initializers/1_settings.rb13
-rw-r--r--config/initializers/7_prometheus_metrics.rb39
-rw-r--r--config/initializers/cluster_events_before_phased_restart.rb14
-rw-r--r--config/initializers/fog_core_patch.rb2
-rw-r--r--config/initializers/google_api_client.rb23
-rw-r--r--config/initializers/lograge.rb4
-rw-r--r--config/initializers/pages.rb2
-rw-r--r--config/initializers/rack_attack_logging.rb10
-rw-r--r--config/initializers/rack_attack_new.rb (renamed from config/initializers/rack_attack_global.rb)57
-rw-r--r--config/initializers/sidekiq.rb18
-rw-r--r--config/initializers/zz_metrics.rb4
-rw-r--r--config/knative/api_resources.yml8
-rw-r--r--config/locales/en.yml3
-rw-r--r--config/locales/sherlock.en.yml2
-rw-r--r--config/prometheus/common_metrics.yml2
-rw-r--r--config/puma.example.development.rb2
-rw-r--r--config/puma.rb.example2
-rw-r--r--config/routes.rb5
-rw-r--r--config/routes/admin.rb8
-rw-r--r--config/routes/group.rb4
-rw-r--r--config/routes/project.rb15
-rw-r--r--config/routes/repository.rb2
-rw-r--r--config/settings.rb6
-rw-r--r--config/sidekiq_queues.yml5
-rw-r--r--config/unicorn.rb.example2
-rw-r--r--config/unicorn.rb.example.development2
-rw-r--r--config/webpack.config.js7
34 files changed, 403 insertions, 84 deletions
diff --git a/config/application.rb b/config/application.rb
index c1e3b6f7a20..5d7c52c5d81 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -13,6 +13,7 @@ Bundler.require(*Rails.groups)
module Gitlab
class Application < Rails::Application
require_dependency Rails.root.join('lib/gitlab')
+ require_dependency Rails.root.join('lib/gitlab/utils')
require_dependency Rails.root.join('lib/gitlab/redis/wrapper')
require_dependency Rails.root.join('lib/gitlab/redis/cache')
require_dependency Rails.root.join('lib/gitlab/redis/queues')
@@ -46,18 +47,20 @@ module Gitlab
config.generators.templates.push("#{config.root}/generator_templates")
- ee_paths = config.eager_load_paths.each_with_object([]) do |path, memo|
- ee_path = config.root.join('ee', Pathname.new(path).relative_path_from(config.root))
- memo << ee_path.to_s if ee_path.exist?
- end
+ if Gitlab.ee?
+ ee_paths = config.eager_load_paths.each_with_object([]) do |path, memo|
+ ee_path = config.root.join('ee', Pathname.new(path).relative_path_from(config.root))
+ memo << ee_path.to_s
+ end
- # Eager load should load CE first
- config.eager_load_paths.push(*ee_paths)
- config.helpers_paths.push "#{config.root}/ee/app/helpers"
+ # Eager load should load CE first
+ config.eager_load_paths.push(*ee_paths)
+ config.helpers_paths.push "#{config.root}/ee/app/helpers"
- # Other than Ruby modules we load EE first
- config.paths['lib/tasks'].unshift "#{config.root}/ee/lib/tasks"
- config.paths['app/views'].unshift "#{config.root}/ee/app/views"
+ # Other than Ruby modules we load EE first
+ config.paths['lib/tasks'].unshift "#{config.root}/ee/lib/tasks"
+ config.paths['app/views'].unshift "#{config.root}/ee/app/views"
+ end
# Rake tasks ignore the eager loading settings, so we need to set the
# autoload paths explicitly
@@ -178,16 +181,18 @@ module Gitlab
config.assets.paths << "#{config.root}/node_modules/xterm/src/"
config.assets.precompile << "xterm.css"
- %w[images javascripts stylesheets].each do |path|
- config.assets.paths << "#{config.root}/ee/app/assets/#{path}"
- config.assets.precompile << "jira_connect.js"
- config.assets.precompile << "pages/jira_connect.css"
+ if Gitlab.ee?
+ %w[images javascripts stylesheets].each do |path|
+ config.assets.paths << "#{config.root}/ee/app/assets/#{path}"
+ config.assets.precompile << "jira_connect.js"
+ config.assets.precompile << "pages/jira_connect.css"
+ end
end
# Import path for EE specific SCSS entry point
# In CE it will import a noop file, in EE a functioning file
# Order is important, so that the ee file takes precedence:
- config.assets.paths << "#{config.root}/ee/app/assets/stylesheets/_ee"
+ config.assets.paths << "#{config.root}/ee/app/assets/stylesheets/_ee" if Gitlab.ee?
config.assets.paths << "#{config.root}/app/assets/stylesheets/_ee"
config.assets.paths << "#{config.root}/vendor/assets/javascripts/"
@@ -197,13 +202,15 @@ module Gitlab
# See https://gitlab.com/gitlab-org/gitlab-foss/issues/64091#note_194512508
config.assets.paths << "#{config.root}/node_modules"
- # Compile non-JS/CSS assets in the ee/app/assets folder by default
- # Mimic sprockets-rails default: https://github.com/rails/sprockets-rails/blob/v3.2.1/lib/sprockets/railtie.rb#L84-L87
- LOOSE_EE_APP_ASSETS = lambda do |logical_path, filename|
- filename.start_with?(config.root.join("ee/app/assets").to_s) &&
- !['.js', '.css', ''].include?(File.extname(logical_path))
+ if Gitlab.ee?
+ # Compile non-JS/CSS assets in the ee/app/assets folder by default
+ # Mimic sprockets-rails default: https://github.com/rails/sprockets-rails/blob/v3.2.1/lib/sprockets/railtie.rb#L84-L87
+ LOOSE_EE_APP_ASSETS = lambda do |logical_path, filename|
+ filename.start_with?(config.root.join("ee/app/assets").to_s) &&
+ !['.js', '.css', ''].include?(File.extname(logical_path))
+ end
+ config.assets.precompile << LOOSE_EE_APP_ASSETS
end
- config.assets.precompile << LOOSE_EE_APP_ASSETS
# Version of your assets, change this if you want to expire all your assets
config.assets.version = '1.0'
diff --git a/config/brakeman.ignore b/config/brakeman.ignore
deleted file mode 100644
index 0e4fef65781..00000000000
--- a/config/brakeman.ignore
+++ /dev/null
@@ -1,24 +0,0 @@
-{
- "ignored_warnings": [
- {
- "warning_type": "Cross-Site Request Forgery",
- "warning_code": 7,
- "fingerprint": "dc562678129557cdb8b187217da304044547a3605f05fe678093dcb4b4d8bbe4",
- "message": "'protect_from_forgery' should be called in Oauth::GeoAuthController",
- "file": "app/controllers/oauth/geo_auth_controller.rb",
- "line": 1,
- "link": "http://brakemanscanner.org/docs/warning_types/cross-site_request_forgery/",
- "code": null,
- "render_path": null,
- "location": {
- "type": "controller",
- "controller": "Oauth::GeoAuthController"
- },
- "user_input": null,
- "confidence": "High",
- "note": ""
- }
- ],
- "updated": "2017-01-20 02:06:54 +0000",
- "brakeman_version": "3.4.1"
-}
diff --git a/config/environments/development.rb b/config/environments/development.rb
index 3881f1be152..2939e13ef94 100644
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -11,9 +11,6 @@ Rails.application.configure do
config.consider_all_requests_local = true
config.action_controller.perform_caching = false
- # Don't care if the mailer can't send
- config.action_mailer.raise_delivery_errors = false
-
# Print deprecation notices to the Rails logger
config.active_support.deprecation = :log
@@ -38,6 +35,8 @@ Rails.application.configure do
config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }
# Open sent mails in browser
config.action_mailer.delivery_method = :letter_opener_web
+ # Log mail delivery errors
+ config.action_mailer.raise_delivery_errors = true
# Don't make a mess when bootstrapping a development environment
config.action_mailer.perform_deliveries = (ENV['BOOTSTRAP'] != '1')
config.action_mailer.preview_path = 'app/mailers/previews'
diff --git a/config/feature_categories.yml b/config/feature_categories.yml
new file mode 100644
index 00000000000..59752a81f60
--- /dev/null
+++ b/config/feature_categories.yml
@@ -0,0 +1,103 @@
+#
+# This file contains a list of all feature categories in GitLab
+# It is generated from the stages file at https://gitlab.com/gitlab-com/www-gitlab-com/raw/master/data/stages.yml.
+# If you would like to update it, please run
+# `./scripts/update-feature-categories` to generate a new copy
+#
+# PLEASE DO NOT EDIT THIS FILE MANUALLY.
+#
+---
+- accessibility_testing
+- account-management
+- agile_portfolio_management
+- analysis
+- audit_management
+- authentication_and_authorization
+- auto_devops
+- backup_restore
+- behavior_analytics
+- chaos_engineering
+- chatops
+- cloud_native_installation
+- cluster_cost_optimization
+- cluster_monitoring
+- code_analytics
+- code_quality
+- code_review
+- collection
+- container_network_security
+- container_registry
+- container_scanning
+- continuous_delivery
+- continuous_integration
+- data_loss_prevention
+- dependency_proxy
+- dependency_scanning
+- design_management
+- devops_score
+- disaster_recovery
+- dynamic_application_security_testing
+- error_tracking
+- feature_flags
+- fuzzing
+- geo_replication
+- gitaly
+- gitter
+- groups
+- helm_chart_registry
+- importers
+- incident_management
+- incremental_rollout
+- infrastructure_as_code
+- integration_testing
+- integrations
+- interactive_application_security_testing
+- internationalization
+- issue_tracking
+- kanban_boards
+- kubernetes_configuration
+- language_specific
+- license_compliance
+- live_coding
+- load_testing
+- logging
+- metrics
+- omnibus_package
+- package_registry
+- pages
+- quality_management
+- release_governance
+- release_orchestration
+- requirements_management
+- review_apps
+- runbooks
+- runner
+- runtime_application_self_protection
+- sdk
+- search
+- secret_detection
+- secrets_management
+- serverless
+- service_desk
+- snippets
+- source_code_management
+- static_application_security_testing
+- status_page
+- storage_security
+- synthetic_monitoring
+- system_testing
+- templates
+- threat_detection
+- time_tracking
+- tracing
+- unit_testing
+- usability_testing
+- users
+- value_stream_management
+- vulnerability_database
+- vulnerability_management
+- web_firewall
+- web_ide
+- web_performance
+- wiki
+- workflow_policies
diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index 814ea551e19..f6814262b7a 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -319,8 +319,7 @@ production: &base
artifacts_server: true # Set to false if you want to disable online view of HTML artifacts
# external_http: ["1.1.1.1:80", "[2001::1]:80"] # If defined, enables custom domain support in GitLab Pages
# external_https: ["1.1.1.1:443", "[2001::1]:443"] # If defined, enables custom domain and certificate support in GitLab Pages
- admin:
- address: unix:/home/git/gitlab/tmp/sockets/private/pages-admin.socket # TCP connections are supported too (e.g. tcp://host:port)
+
# File that contains the shared secret key for verifying access for gitlab-pages.
# Default is '.gitlab_pages_shared_secret' relative to Rails.root (i.e. root of the GitLab app).
# secret_file: /home/git/gitlab/.gitlab_pages_shared_secret
@@ -1017,7 +1016,20 @@ production: &base
sidekiq_exporter:
# enabled: true
# address: localhost
- # port: 3807
+ # port: 8082
+
+ # Web exporter is webserver built in to Unicorn/Puma to expose Prometheus metrics
+ # It runs alongside the `/metrics` endpoints to ease the publish of metrics
+ web_exporter:
+ # enabled: true
+ # address: localhost
+ # port: 8083
+ # # blackout_seconds:
+ # # defines an interval to block healthcheck,
+ # # but continue accepting application requests
+ # # this allows Load Balancer to notice service
+ # # being shutdown and not interrupt any of the clients
+ # blackout_seconds: 10
## Prometheus settings
# Do not modify these settings here. They should be modified in /etc/gitlab/gitlab.rb
@@ -1061,6 +1073,21 @@ production: &base
development:
<<: *base
+ # We want to run web/sidekiq exporters for devs
+ # to catch errors from using them.
+ #
+ # We use random port to not block ability to run
+ # multiple instances of the service
+ monitoring:
+ sidekiq_exporter:
+ enabled: true
+ address: 127.0.0.1
+ port: 0
+ web_exporter:
+ enabled: true
+ address: 127.0.0.1
+ port: 0
+
test:
<<: *base
gravatar:
diff --git a/config/helpers/is_ee_env.js b/config/helpers/is_ee_env.js
index 3fe9bb891eb..78f0bd65528 100644
--- a/config/helpers/is_ee_env.js
+++ b/config/helpers/is_ee_env.js
@@ -3,7 +3,12 @@ const path = require('path');
const ROOT_PATH = path.resolve(__dirname, '../..');
+// The `FOSS_ONLY` is always `string` or `nil`
+// Thus the nil or empty string will result
+// in using default value: false
+//
+// The behavior needs to be synchronised with
+// lib/gitlab.rb: Gitlab.ee?
+const isFossOnly = JSON.parse(process.env.FOSS_ONLY || 'false');
module.exports =
- process.env.IS_GITLAB_EE !== undefined
- ? JSON.parse(process.env.IS_GITLAB_EE)
- : fs.existsSync(path.join(ROOT_PATH, 'ee'));
+ fs.existsSync(path.join(ROOT_PATH, 'ee', 'app', 'models', 'license.rb')) && !isFossOnly;
diff --git a/config/initializers/0_inflections.rb b/config/initializers/0_inflections.rb
index d317825c1b8..c0afa207ac3 100644
--- a/config/initializers/0_inflections.rb
+++ b/config/initializers/0_inflections.rb
@@ -20,6 +20,7 @@ ActiveSupport::Inflector.inflections do |inflect|
file_registry
job_artifact_registry
container_repository_registry
+ design_registry
vulnerability_feedback
vulnerabilities_feedback
group_view
diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb
index fbe6c21e53d..7ee4a4e3610 100644
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -290,9 +290,6 @@ Settings.pages['url'] ||= Settings.__send__(:build_pages_url)
Settings.pages['external_http'] ||= false unless Settings.pages['external_http'].present?
Settings.pages['external_https'] ||= false unless Settings.pages['external_https'].present?
Settings.pages['artifacts_server'] ||= Settings.pages['enabled'] if Settings.pages['artifacts_server'].nil?
-
-Settings.pages['admin'] ||= Settingslogic.new({})
-Settings.pages.admin['certificate'] ||= ''
Settings.pages['secret_file'] ||= Rails.root.join('.gitlab_pages_shared_secret')
#
@@ -491,6 +488,9 @@ Gitlab.ee do
Settings.cron_jobs['historical_data_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['historical_data_worker']['cron'] ||= '0 12 * * *'
Settings.cron_jobs['historical_data_worker']['job_class'] = 'HistoricalDataWorker'
+ Settings.cron_jobs['import_software_licenses_worker'] ||= Settingslogic.new({})
+ Settings.cron_jobs['import_software_licenses_worker']['cron'] ||= '0 3 * * 0'
+ Settings.cron_jobs['import_software_licenses_worker']['job_class'] = 'ImportSoftwareLicensesWorker'
Settings.cron_jobs['ldap_group_sync_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['ldap_group_sync_worker']['cron'] ||= '0 * * * *'
Settings.cron_jobs['ldap_group_sync_worker']['job_class'] = 'LdapAllGroupsSyncWorker'
@@ -663,7 +663,12 @@ Settings.monitoring['ruby_sampler_interval'] ||= 60
Settings.monitoring['sidekiq_exporter'] ||= Settingslogic.new({})
Settings.monitoring.sidekiq_exporter['enabled'] ||= false
Settings.monitoring.sidekiq_exporter['address'] ||= 'localhost'
-Settings.monitoring.sidekiq_exporter['port'] ||= 3807
+Settings.monitoring.sidekiq_exporter['port'] ||= 8082
+Settings.monitoring['web_exporter'] ||= Settingslogic.new({})
+Settings.monitoring.web_exporter['enabled'] ||= false
+Settings.monitoring.web_exporter['address'] ||= 'localhost'
+Settings.monitoring.web_exporter['port'] ||= 8083
+Settings.monitoring.web_exporter['blackout_seconds'] ||= 10
#
# Testing settings
diff --git a/config/initializers/7_prometheus_metrics.rb b/config/initializers/7_prometheus_metrics.rb
index 6bd2256ac0e..974eff1a528 100644
--- a/config/initializers/7_prometheus_metrics.rb
+++ b/config/initializers/7_prometheus_metrics.rb
@@ -34,8 +34,14 @@ Sidekiq.configure_server do |config|
config.on(:startup) do
# webserver metrics are cleaned up in config.ru: `warmup` block
Prometheus::CleanupMultiprocDirService.new.execute
+ # In production, sidekiq is run in a multi-process setup where processes might interfere
+ # with each other cleaning up and reinitializing prometheus database files, which is why
+ # we're re-doing the work every time here.
+ # A cleaner solution would be to run the cleanup pre-fork, and the initialization once
+ # after all workers have forked, but I don't know how at this point.
+ ::Prometheus::Client.reinitialize_on_pid_change(force: true)
- Gitlab::Metrics::SidekiqMetricsExporter.instance.start
+ Gitlab::Metrics::Exporter::SidekiqExporter.instance.start
end
end
@@ -54,5 +60,36 @@ if !Rails.env.test? && Gitlab::Metrics.prometheus_metrics_enabled?
elsif defined?(::Puma)
Gitlab::Metrics::Samplers::PumaSampler.instance(Settings.monitoring.puma_sampler_interval).start
end
+
+ Gitlab::Metrics::RequestsRackMiddleware.initialize_http_request_duration_seconds
+ end
+end
+
+if defined?(::Unicorn) || defined?(::Puma)
+ Gitlab::Cluster::LifecycleEvents.on_master_start do
+ Gitlab::Metrics::Exporter::WebExporter.instance.start
+ end
+
+ Gitlab::Cluster::LifecycleEvents.on_before_phased_restart do
+ # We need to ensure that before we re-exec server
+ # we do stop the exporter
+ Gitlab::Metrics::Exporter::WebExporter.instance.stop
+ end
+
+ Gitlab::Cluster::LifecycleEvents.on_before_master_restart do
+ # We need to ensure that before we re-exec server
+ # we do stop the exporter
+ #
+ # We do it again, for being extra safe,
+ # but it should not be needed
+ Gitlab::Metrics::Exporter::WebExporter.instance.stop
+ end
+
+ Gitlab::Cluster::LifecycleEvents.on_worker_start do
+ # The `#close_on_exec=` takes effect only on `execve`
+ # but this does not happen for Ruby fork
+ #
+ # This does stop server, as it is running on master.
+ Gitlab::Metrics::Exporter::WebExporter.instance.stop
end
end
diff --git a/config/initializers/cluster_events_before_phased_restart.rb b/config/initializers/cluster_events_before_phased_restart.rb
new file mode 100644
index 00000000000..cbb1dd1a53a
--- /dev/null
+++ b/config/initializers/cluster_events_before_phased_restart.rb
@@ -0,0 +1,14 @@
+# Technical debt, this should be ideally upstreamed.
+#
+# However, there's currently no way to hook before doing
+# graceful shutdown today.
+#
+# Follow-up the issue: https://gitlab.com/gitlab-org/gitlab/issues/34107
+
+if defined?(::Puma)
+ Puma::Cluster.prepend(::Gitlab::Cluster::Mixins::PumaCluster)
+end
+
+if defined?(::Unicorn::HttpServer)
+ Unicorn::HttpServer.prepend(::Gitlab::Cluster::Mixins::UnicornHttpServer)
+end
diff --git a/config/initializers/fog_core_patch.rb b/config/initializers/fog_core_patch.rb
index d3d02216d45..053e0460a19 100644
--- a/config/initializers/fog_core_patch.rb
+++ b/config/initializers/fog_core_patch.rb
@@ -34,6 +34,7 @@ module Fog
# Gems that have not yet updated with the new fog-core namespace
LEGACY_FOG_PROVIDERS = %w(google rackspace aliyun).freeze
+ # rubocop:disable Gitlab/ConstGetInheritFalse
def service_provider_constant(service_name, provider_name)
args = service_provider_search_args(service_name, provider_name)
Fog.const_get(args.first).const_get(*const_get_args(args.second))
@@ -48,5 +49,6 @@ module Fog
[provider_name, service_name]
end
end
+ # rubocop:enable Gitlab/ConstGetInheritFalse
end
end
diff --git a/config/initializers/google_api_client.rb b/config/initializers/google_api_client.rb
new file mode 100644
index 00000000000..443bb29fb52
--- /dev/null
+++ b/config/initializers/google_api_client.rb
@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+#
+# google-api-client >= 0.26.0 supports enabling CloudRun and Istio during
+# cluster creation, but fog-google currently hard deps on '~> 0.23.0', which
+# prevents us from upgrading. We are injecting these options as hashes below
+# as a workaround until this is resolved.
+#
+# This can be removed once fog-google and google-api-client can be upgraded.
+# See https://gitlab.com/gitlab-org/gitlab/issues/31280 for more details.
+#
+
+require 'google/apis/container_v1beta1'
+require 'google/apis/options'
+
+# As stated in https://github.com/googleapis/google-api-ruby-client#errors--retries,
+# enabling retries is strongly encouraged but disabled by default. Large uploads
+# that may hit timeouts will mainly benefit from this.
+Google::Apis::RequestOptions.default.retries = 3 if Gitlab::Utils.to_boolean(ENV.fetch('ENABLE_GOOGLE_API_RETRIES', true))
+
+Google::Apis::ContainerV1beta1::AddonsConfig::Representation.tap do |representation|
+ representation.hash :cloud_run_config, as: 'cloudRunConfig'
+ representation.hash :istio_config, as: 'istioConfig'
+end
diff --git a/config/initializers/lograge.rb b/config/initializers/lograge.rb
index 346725e4080..d5d4c589884 100644
--- a/config/initializers/lograge.rb
+++ b/config/initializers/lograge.rb
@@ -32,6 +32,10 @@ unless Sidekiq.server?
payload[:response] = event.payload[:response] if event.payload[:response]
payload[Labkit::Correlation::CorrelationId::LOG_KEY] = Labkit::Correlation::CorrelationId.current_id
+ if cpu_s = Gitlab::Metrics::System.thread_cpu_duration(::Gitlab::RequestContext.start_thread_cpu_time)
+ payload[:cpu_s] = cpu_s
+ end
+
payload
end
end
diff --git a/config/initializers/pages.rb b/config/initializers/pages.rb
deleted file mode 100644
index 835197557e8..00000000000
--- a/config/initializers/pages.rb
+++ /dev/null
@@ -1,2 +0,0 @@
-Gitlab::PagesClient.read_or_create_token
-Gitlab::PagesClient.load_certificate
diff --git a/config/initializers/rack_attack_logging.rb b/config/initializers/rack_attack_logging.rb
index b43fff24bb0..be7c2175cb2 100644
--- a/config/initializers/rack_attack_logging.rb
+++ b/config/initializers/rack_attack_logging.rb
@@ -12,10 +12,18 @@ ActiveSupport::Notifications.subscribe('rack.attack') do |name, start, finish, r
path: req.fullpath
}
- if %w(throttle_authenticated_api throttle_authenticated_web).include? req.env['rack.attack.matched']
+ throttles_with_user_information = [
+ :throttle_authenticated_api,
+ :throttle_authenticated_web,
+ :throttle_authenticated_protected_paths_api,
+ :throttle_authenticated_protected_paths_web
+ ]
+
+ if throttles_with_user_information.include? req.env['rack.attack.matched'].to_sym
user_id = req.env['rack.attack.match_discriminator']
user = User.find_by(id: user_id)
+ rack_attack_info[:throttle_type] = req.env['rack.attack.matched']
rack_attack_info[:user_id] = user_id
rack_attack_info[:username] = user.username unless user.nil?
end
diff --git a/config/initializers/rack_attack_global.rb b/config/initializers/rack_attack_new.rb
index 7f0439ef9bf..b0f7febe427 100644
--- a/config/initializers/rack_attack_global.rb
+++ b/config/initializers/rack_attack_new.rb
@@ -3,6 +3,15 @@ module Gitlab::Throttle
Gitlab::CurrentSettings.current_application_settings
end
+ def self.protected_paths_enabled?
+ !self.omnibus_protected_paths_present? &&
+ self.settings.throttle_protected_paths_enabled?
+ end
+
+ def self.omnibus_protected_paths_present?
+ Rack::Attack.throttles.key?('protected paths')
+ end
+
def self.unauthenticated_options
limit_proc = proc { |req| settings.throttle_unauthenticated_requests_per_period }
period_proc = proc { |req| settings.throttle_unauthenticated_period_in_seconds.seconds }
@@ -20,6 +29,13 @@ module Gitlab::Throttle
period_proc = proc { |req| settings.throttle_authenticated_web_period_in_seconds.seconds }
{ limit: limit_proc, period: period_proc }
end
+
+ def self.protected_paths_options
+ limit_proc = proc { |req| settings.throttle_protected_paths_requests_per_period }
+ period_proc = proc { |req| settings.throttle_protected_paths_period_in_seconds.seconds }
+
+ { limit: limit_proc, period: period_proc }
+ end
end
class Rack::Attack
@@ -42,6 +58,28 @@ class Rack::Attack
req.authenticated_user_id([:api, :rss, :ics])
end
+ throttle('throttle_unauthenticated_protected_paths', Gitlab::Throttle.protected_paths_options) do |req|
+ Gitlab::Throttle.protected_paths_enabled? &&
+ req.unauthenticated? &&
+ !req.should_be_skipped? &&
+ req.protected_path? &&
+ req.ip
+ end
+
+ throttle('throttle_authenticated_protected_paths_api', Gitlab::Throttle.protected_paths_options) do |req|
+ Gitlab::Throttle.protected_paths_enabled? &&
+ req.api_request? &&
+ req.protected_path? &&
+ req.authenticated_user_id([:api])
+ end
+
+ throttle('throttle_authenticated_protected_paths_web', Gitlab::Throttle.protected_paths_options) do |req|
+ Gitlab::Throttle.protected_paths_enabled? &&
+ req.web_request? &&
+ req.protected_path? &&
+ req.authenticated_user_id([:api, :rss, :ics])
+ end
+
class Request
def unauthenticated?
!authenticated_user_id([:api, :rss, :ics])
@@ -66,7 +104,26 @@ class Rack::Attack
def web_request?
!api_request?
end
+
+ def protected_path?
+ !protected_path_regex.nil?
+ end
+
+ def protected_path_regex
+ path =~ protected_paths_regex
+ end
+
+ private
+
+ def protected_paths
+ Gitlab::CurrentSettings.current_application_settings.protected_paths
+ end
+
+ def protected_paths_regex
+ Regexp.union(protected_paths.map { |path| /\A#{Regexp.escape(path)}/ })
+ end
end
end
+::Rack::Attack.extend_if_ee('::EE::Gitlab::Rack::Attack') # rubocop: disable Cop/InjectEnterpriseEditionModule
::Rack::Attack::Request.prepend_if_ee('::EE::Gitlab::Rack::Attack::Request')
diff --git a/config/initializers/sidekiq.rb b/config/initializers/sidekiq.rb
index 20f31ff6810..b5d98399015 100644
--- a/config/initializers/sidekiq.rb
+++ b/config/initializers/sidekiq.rb
@@ -28,16 +28,18 @@ if Rails.env.development?
end
enable_json_logs = Gitlab.config.sidekiq.log_format == 'json'
-enable_sidekiq_monitor = ENV.fetch("SIDEKIQ_MONITOR_WORKER", 0).to_i.nonzero?
+enable_sidekiq_memory_killer = ENV['SIDEKIQ_MEMORY_KILLER_MAX_RSS'].to_i.nonzero?
+use_sidekiq_daemon_memory_killer = ENV["SIDEKIQ_DAEMON_MEMORY_KILLER"].to_i.nonzero?
+use_sidekiq_legacy_memory_killer = !use_sidekiq_daemon_memory_killer
Sidekiq.configure_server do |config|
config.redis = queues_config_hash
config.server_middleware do |chain|
- chain.add Gitlab::SidekiqMiddleware::Monitor if enable_sidekiq_monitor
+ chain.add Gitlab::SidekiqMiddleware::Monitor
chain.add Gitlab::SidekiqMiddleware::Metrics if Settings.monitoring.sidekiq_exporter
chain.add Gitlab::SidekiqMiddleware::ArgumentsLogger if ENV['SIDEKIQ_LOG_ARGUMENTS'] && !enable_json_logs
- chain.add Gitlab::SidekiqMiddleware::MemoryKiller if ENV['SIDEKIQ_MEMORY_KILLER_MAX_RSS']
+ chain.add Gitlab::SidekiqMiddleware::MemoryKiller if enable_sidekiq_memory_killer && use_sidekiq_legacy_memory_killer
chain.add Gitlab::SidekiqMiddleware::RequestStoreMiddleware unless ENV['SIDEKIQ_REQUEST_STORE'] == '0'
chain.add Gitlab::SidekiqMiddleware::BatchLoader
chain.add Gitlab::SidekiqMiddleware::CorrelationLogger
@@ -48,6 +50,10 @@ Sidekiq.configure_server do |config|
if enable_json_logs
Sidekiq.logger.formatter = Gitlab::SidekiqLogging::JSONFormatter.new
config.options[:job_logger] = Gitlab::SidekiqLogging::StructuredLogger
+
+ # Remove the default-provided handler
+ config.error_handlers.reject! { |handler| handler.is_a?(Sidekiq::ExceptionHandler::Logger) }
+ config.error_handlers << Gitlab::SidekiqLogging::ExceptionHandler.new
end
config.client_middleware do |chain|
@@ -60,7 +66,11 @@ Sidekiq.configure_server do |config|
# Sidekiq (e.g. in an initializer).
ActiveRecord::Base.clear_all_connections!
- Gitlab::SidekiqDaemon::Monitor.instance.start if enable_sidekiq_monitor
+ # Start monitor to track running jobs. By default, cancel job is not enabled
+ # To cancel job, it requires `SIDEKIQ_MONITOR_WORKER=1` to enable notification channel
+ Gitlab::SidekiqDaemon::Monitor.instance.start
+
+ Gitlab::SidekiqDaemon::MemoryKiller.instance.start if enable_sidekiq_memory_killer && use_sidekiq_daemon_memory_killer
end
if enable_reliable_fetch?
diff --git a/config/initializers/zz_metrics.rb b/config/initializers/zz_metrics.rb
index 501ec8ccc06..bc28780cc77 100644
--- a/config/initializers/zz_metrics.rb
+++ b/config/initializers/zz_metrics.rb
@@ -13,7 +13,7 @@ def instrument_classes(instrumentation)
instrumentation.instrument_methods(Gitlab::Git)
Gitlab::Git.constants.each do |name|
- const = Gitlab::Git.const_get(name)
+ const = Gitlab::Git.const_get(name, false)
next unless const.is_a?(Module)
@@ -75,7 +75,7 @@ def instrument_classes(instrumentation)
instrumentation.instrument_instance_methods(Rouge::Formatters::HTMLGitlab)
[:XML, :HTML].each do |namespace|
- namespace_mod = Nokogiri.const_get(namespace)
+ namespace_mod = Nokogiri.const_get(namespace, false)
instrumentation.instrument_methods(namespace_mod)
instrumentation.instrument_methods(namespace_mod::Document)
diff --git a/config/knative/api_resources.yml b/config/knative/api_resources.yml
index 43427b730db..095f44ed799 100644
--- a/config/knative/api_resources.yml
+++ b/config/knative/api_resources.yml
@@ -61,4 +61,10 @@
- virtualservices.networking.istio.io
- rbacconfigs.rbac.istio.io
- servicerolebindings.rbac.istio.io
-- serviceroles.rbac.istio.io \ No newline at end of file
+- serviceroles.rbac.istio.io
+- cloudwatches.config.istio.io
+- clusterrbacconfigs.rbac.istio.io
+- dogstatsds.config.istio.io
+- ingresses.networking.internal.knative.dev
+- sidecars.networking.istio.io
+- zipkins.config.istio.io
diff --git a/config/locales/en.yml b/config/locales/en.yml
index a60f86e1d80..eff015459e3 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -16,6 +16,9 @@ en:
api_url: "Sentry API URL"
project/metrics_setting:
external_dashboard_url: "External dashboard URL"
+ project/grafana_integration:
+ token: "Grafana HTTP API Token"
+ grafana_url: "Grafana API URL"
views:
pagination:
previous: "Prev"
diff --git a/config/locales/sherlock.en.yml b/config/locales/sherlock.en.yml
index f24b825f585..963e1d6295a 100644
--- a/config/locales/sherlock.en.yml
+++ b/config/locales/sherlock.en.yml
@@ -30,7 +30,7 @@ en:
origin: Origin
line: line
line_capitalized: Line
- copy_to_clipboard: Copy to clipboard
+ copy_to_clipboard: Copy
query_plan: Query Plan
events: Events
percent: '%'
diff --git a/config/prometheus/common_metrics.yml b/config/prometheus/common_metrics.yml
index 08504d6f7d5..795243fab49 100644
--- a/config/prometheus/common_metrics.yml
+++ b/config/prometheus/common_metrics.yml
@@ -209,6 +209,6 @@ panel_groups:
weight: 1
metrics:
- id: system_metrics_knative_function_invocation_count
- query_range: 'floor(sum(rate(istio_revision_request_count{destination_configuration="%{function_name}", destination_namespace="%{kube_namespace}"}[1m])/3))'
+ query_range: 'sum(ceil(rate(istio_requests_total{destination_service_namespace="%{kube_namespace}", destination_app=~"%{function_name}.*"}[1m])*60))'
label: invocations / minute
unit: requests
diff --git a/config/puma.example.development.rb b/config/puma.example.development.rb
index 9df24bf74e3..f23ccc23c9a 100644
--- a/config/puma.example.development.rb
+++ b/config/puma.example.development.rb
@@ -45,7 +45,7 @@ require_relative "/home/git/gitlab/lib/gitlab/cluster/lifecycle_events"
on_restart do
# Signal application hooks that we're about to restart
- Gitlab::Cluster::LifecycleEvents.do_master_restart
+ Gitlab::Cluster::LifecycleEvents.do_before_master_restart
end
before_fork do
diff --git a/config/puma.rb.example b/config/puma.rb.example
index 6558dbc6cfe..10f255a87de 100644
--- a/config/puma.rb.example
+++ b/config/puma.rb.example
@@ -40,7 +40,7 @@ require_relative "/home/git/gitlab/lib/gitlab/cluster/puma_worker_killer_initial
on_restart do
# Signal application hooks that we're about to restart
- Gitlab::Cluster::LifecycleEvents.do_master_restart
+ Gitlab::Cluster::LifecycleEvents.do_before_master_restart
end
before_fork do
diff --git a/config/routes.rb b/config/routes.rb
index 4319431ed48..5bfae777f17 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -55,6 +55,10 @@ Rails.application.routes.draw do
get '/autocomplete/project_groups' => 'autocomplete#project_groups'
end
+ # Sign up
+ get 'users/sign_up/welcome' => 'registrations#welcome'
+ patch 'users/sign_up/update_role' => 'registrations#update_role'
+
# Search
get 'search' => 'search#show'
get 'search/autocomplete' => 'search#autocomplete', as: :search_autocomplete
@@ -145,6 +149,7 @@ Rails.application.routes.draw do
get :metrics, format: :json
get :metrics_dashboard
get :'/prometheus/api/v1/*proxy_path', to: 'clusters#prometheus_proxy', as: :prometheus_api
+ get :environments, format: :json
end
scope :applications do
diff --git a/config/routes/admin.rb b/config/routes/admin.rb
index a003ffca270..9238eae3a8e 100644
--- a/config/routes/admin.rb
+++ b/config/routes/admin.rb
@@ -13,6 +13,8 @@ namespace :admin do
get :keys
put :block
put :unblock
+ put :deactivate
+ put :activate
put :unlock
put :confirm
post :impersonate
@@ -21,6 +23,10 @@ namespace :admin do
end
end
+ resource :session, only: [:new, :create] do
+ get 'destroy', action: :destroy, as: :destroy
+ end
+
resource :impersonation, only: :destroy
resources :abuse_reports, only: [:index, :destroy]
@@ -110,7 +116,7 @@ namespace :admin do
put :reset_registration_token
put :reset_health_check_token
put :clear_repository_check_states
- match :general, :integrations, :repository, :templates, :ci_cd, :reporting, :metrics_and_profiling, :network, :geo, :preferences, via: [:get, :patch]
+ match :general, :integrations, :repository, :ci_cd, :reporting, :metrics_and_profiling, :network, :preferences, via: [:get, :patch]
get :lets_encrypt_terms_of_service
end
diff --git a/config/routes/group.rb b/config/routes/group.rb
index 37bc6085931..093cde64c85 100644
--- a/config/routes/group.rb
+++ b/config/routes/group.rb
@@ -30,7 +30,7 @@ constraints(::Constraints::GroupUrlConstrainer.new) do
as: :group,
constraints: { group_id: Gitlab::PathRegex.full_namespace_route_regex }) do
namespace :settings do
- resource :ci_cd, only: [:show], controller: 'ci_cd' do
+ resource :ci_cd, only: [:show, :update], controller: 'ci_cd' do
put :reset_registration_token
patch :update_auto_devops
end
@@ -77,6 +77,8 @@ constraints(::Constraints::GroupUrlConstrainer.new) do
post :pause
end
end
+
+ resources :container_registries, only: [:index], controller: 'registry/repositories'
end
scope(path: '*id',
diff --git a/config/routes/project.rb b/config/routes/project.rb
index c1273db8ee5..7d51cfd6dee 100644
--- a/config/routes/project.rb
+++ b/config/routes/project.rb
@@ -37,6 +37,8 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
scope '-' do
get 'archive/*id', constraints: { format: Gitlab::PathRegex.archive_formats_regex, id: /.+?/ }, to: 'repositories#archive', as: 'archive'
+ resources :artifacts, only: [:index, :destroy]
+
resources :jobs, only: [:index, :show], constraints: { id: /\d+/ } do
collection do
resources :artifacts, only: [] do
@@ -184,6 +186,10 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
resource :import, only: [:new, :create, :show]
resource :avatar, only: [:show, :destroy]
+
+ get 'grafana/proxy/:datasource_id/*proxy_path',
+ to: 'grafana_api#proxy',
+ as: :grafana_api
end
# End of the /-/ scope.
@@ -195,6 +201,12 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
defaults: { format: 'json' },
constraints: { key: %r{[^/]+}, template_type: %r{issue|merge_request}, format: 'json' }
+ get '/description_templates/names/:template_type',
+ to: 'templates#names',
+ as: :template_names,
+ defaults: { format: 'json' },
+ constraints: { template_type: %r{issue|merge_request}, format: 'json' }
+
resources :commit, only: [:show], constraints: { id: /\h{7,40}/ } do
member do
get :branches
@@ -273,6 +285,8 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
get :commits
get :pipelines
get :diffs, to: 'merge_requests/diffs#show'
+ get :diffs_batch, to: 'merge_requests/diffs#diffs_batch'
+ get :diffs_metadata, to: 'merge_requests/diffs#diffs_metadata'
get :widget, to: 'merge_requests/content#widget'
get :cached_widget, to: 'merge_requests/content#cached_widget'
end
@@ -379,6 +393,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
get :builds
get :failures
get :status
+ get :test_report
Gitlab.ee do
get :security
diff --git a/config/routes/repository.rb b/config/routes/repository.rb
index 093b86f3259..4815575ba9f 100644
--- a/config/routes/repository.rb
+++ b/config/routes/repository.rb
@@ -34,7 +34,7 @@ scope format: false do
# ref regex used in constraints. Regex verification now done in controller.
get 'logs_tree/*path', action: :logs_tree, as: :logs_file, format: false, constraints: {
id: /.*/,
- path: /.*/
+ path: /[^\0]*/
}
end
end
diff --git a/config/settings.rb b/config/settings.rb
index 8756c120645..767c6c56337 100644
--- a/config/settings.rb
+++ b/config/settings.rb
@@ -104,10 +104,10 @@ class Settings < Settingslogic
# check that `current` (string or integer) is a contant in `modul`.
def verify_constant(modul, current, default)
- constant = modul.constants.find { |name| modul.const_get(name) == current }
- value = constant.nil? ? default : modul.const_get(constant)
+ constant = modul.constants.find { |name| modul.const_get(name, false) == current }
+ value = constant.nil? ? default : modul.const_get(constant, false)
if current.is_a? String
- value = modul.const_get(current.upcase) rescue default
+ value = modul.const_get(current.upcase, false) rescue default
end
value
diff --git a/config/sidekiq_queues.yml b/config/sidekiq_queues.yml
index f37cd518d48..b97e8ad67c9 100644
--- a/config/sidekiq_queues.yml
+++ b/config/sidekiq_queues.yml
@@ -24,6 +24,7 @@
- [process_commit, 3]
- [new_note, 2]
- [new_issue, 2]
+ - [notifications, 2]
- [new_merge_request, 2]
- [pipeline_processing, 5]
- [pipeline_creation, 4]
@@ -49,7 +50,7 @@
- [delete_user, 1]
- [todos_destroyer, 1]
- [delete_merged_branches, 1]
- - [authorized_projects, 1]
+ - [authorized_projects, 2]
- [expire_build_instance_artifacts, 1]
- [group_destroy, 1]
- [irker, 1]
@@ -96,6 +97,7 @@
- [phabricator_import_import_tasks, 1]
- [update_namespace_statistics, 1]
- [chaos, 2]
+ - [create_evidence, 2]
# EE-specific queues
- [ldap_group_sync, 2]
@@ -117,3 +119,4 @@
- [jira_connect, 1]
- [update_external_pull_requests, 3]
- [refresh_license_compliance_checks, 2]
+ - [design_management_new_version, 1]
diff --git a/config/unicorn.rb.example b/config/unicorn.rb.example
index 581fde84c95..9f13fac5cca 100644
--- a/config/unicorn.rb.example
+++ b/config/unicorn.rb.example
@@ -85,7 +85,7 @@ require_relative "/home/git/gitlab/lib/gitlab/cluster/lifecycle_events"
before_exec do |server|
# Signal application hooks that we're about to restart
- Gitlab::Cluster::LifecycleEvents.do_master_restart
+ Gitlab::Cluster::LifecycleEvents.do_before_master_restart
end
run_once = true
diff --git a/config/unicorn.rb.example.development b/config/unicorn.rb.example.development
index 9a02d5f1007..92bb1c7344a 100644
--- a/config/unicorn.rb.example.development
+++ b/config/unicorn.rb.example.development
@@ -18,7 +18,7 @@ require_relative "/home/git/gitlab/lib/gitlab/cluster/lifecycle_events"
before_exec do |server|
# Signal application hooks that we're about to restart
- Gitlab::Cluster::LifecycleEvents.do_master_restart
+ Gitlab::Cluster::LifecycleEvents.do_before_master_restart
end
run_once = true
diff --git a/config/webpack.config.js b/config/webpack.config.js
index f3f0a5f8934..25fb6cc5f5a 100644
--- a/config/webpack.config.js
+++ b/config/webpack.config.js
@@ -11,7 +11,7 @@ const CopyWebpackPlugin = require('copy-webpack-plugin');
const ROOT_PATH = path.resolve(__dirname, '..');
const CACHE_PATH = process.env.WEBPACK_CACHE_PATH || path.join(ROOT_PATH, 'tmp/cache');
const IS_PRODUCTION = process.env.NODE_ENV === 'production';
-const IS_DEV_SERVER = process.argv.join(' ').indexOf('webpack-dev-server') !== -1;
+const IS_DEV_SERVER = process.env.WEBPACK_DEV_SERVER === 'true';
const IS_EE = require('./helpers/is_ee_env');
const DEV_SERVER_HOST = process.env.DEV_SERVER_HOST || 'localhost';
const DEV_SERVER_PORT = parseInt(process.env.DEV_SERVER_PORT, 10) || 3808;
@@ -373,11 +373,14 @@ module.exports = {
openAnalyzer: false,
reportFilename: path.join(ROOT_PATH, 'webpack-report/index.html'),
statsFilename: path.join(ROOT_PATH, 'webpack-report/stats.json'),
+ statsOptions: {
+ source: false,
+ },
}),
new webpack.DefinePlugin({
// This one is used to define window.gon.ee and other things properly in tests:
- 'process.env.IS_GITLAB_EE': JSON.stringify(IS_EE),
+ 'process.env.IS_EE': JSON.stringify(IS_EE),
// This one is used to check against "EE" properly in application code
IS_EE: IS_EE ? 'window.gon && window.gon.ee' : JSON.stringify(false),
}),