summaryrefslogtreecommitdiff
path: root/config
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2020-06-18 11:18:50 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2020-06-18 11:18:50 +0000
commit8c7f4e9d5f36cff46365a7f8c4b9c21578c1e781 (patch)
treea77e7fe7a93de11213032ed4ab1f33a3db51b738 /config
parent00b35af3db1abfe813a778f643dad221aad51fca (diff)
downloadgitlab-ce-8c7f4e9d5f36cff46365a7f8c4b9c21578c1e781.tar.gz
Add latest changes from gitlab-org/gitlab@13-1-stable-ee
Diffstat (limited to 'config')
-rw-r--r--config/application.rb12
-rw-r--r--config/dependency_decisions.yml6
-rw-r--r--config/feature_categories.yml4
-rw-r--r--config/gitlab.yml.example12
-rw-r--r--config/initializers/01_secret_token.rb2
-rw-r--r--config/initializers/1_settings.rb24
-rw-r--r--config/initializers/7_prometheus_metrics.rb11
-rw-r--r--config/initializers/8_devise.rb7
-rw-r--r--config/initializers/action_cable.rb10
-rw-r--r--config/initializers/actionpack_generate_old_csrf_token.rb33
-rw-r--r--config/initializers/bullet.rb11
-rw-r--r--config/initializers/database_config.rb2
-rw-r--r--config/initializers/doorkeeper.rb5
-rw-r--r--config/initializers/fill_shards.rb5
-rw-r--r--config/initializers/google_api_client.rb19
-rw-r--r--config/initializers/grape_validators.rb1
-rw-r--r--config/initializers/kaminari_active_record_relation_methods_with_limit.rb8
-rw-r--r--config/initializers/lograge.rb6
-rw-r--r--config/initializers/peek.rb2
-rw-r--r--config/initializers/rack_attack.rb (renamed from config/initializers/rack_attack_new.rb)0
-rw-r--r--config/initializers/zz_metrics.rb2
-rw-r--r--config/locales/doorkeeper.en.yml2
-rw-r--r--config/locales/en.yml1
-rw-r--r--config/prometheus/self_monitoring_default.yml30
-rw-r--r--config/pseudonymizer.yml1
-rw-r--r--config/routes.rb13
-rw-r--r--config/routes/dashboard.rb8
-rw-r--r--config/routes/group.rb3
-rw-r--r--config/routes/import.rb8
-rw-r--r--config/routes/merge_requests.rb9
-rw-r--r--config/routes/project.rb38
-rw-r--r--config/settings.rb6
-rw-r--r--config/sidekiq_queues.yml10
-rw-r--r--config/webpack.config.js23
-rw-r--r--config/webpack.vendor.config.js20
35 files changed, 261 insertions, 93 deletions
diff --git a/config/application.rb b/config/application.rb
index d8f02277527..524827226e7 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -25,6 +25,7 @@ module Gitlab
require_dependency Rails.root.join('lib/gitlab/middleware/read_only')
require_dependency Rails.root.join('lib/gitlab/middleware/basic_health_check')
require_dependency Rails.root.join('lib/gitlab/middleware/same_site_cookies')
+ require_dependency Rails.root.join('lib/gitlab/middleware/handle_ip_spoof_attack_error')
require_dependency Rails.root.join('lib/gitlab/runtime')
# Settings in config/environments/* take precedence over those specified here.
@@ -163,6 +164,8 @@ module Gitlab
config.assets.paths << Gemojione.images_path
config.assets.paths << "#{config.root}/vendor/assets/fonts"
+ config.assets.precompile << "application_dark.css"
+
config.assets.precompile << "print.css"
config.assets.precompile << "mailer.css"
config.assets.precompile << "mailer_client_specific.css"
@@ -235,6 +238,8 @@ module Gitlab
config.middleware.insert_before ActionDispatch::Cookies, ::Gitlab::Middleware::SameSiteCookies
+ config.middleware.insert_before ActionDispatch::RemoteIp, ::Gitlab::Middleware::HandleIpSpoofAttackError
+
# Allow access to GitLab API from other domains
config.middleware.insert_before Warden::Manager, Rack::Cors do
headers_to_expose = %w[Link X-Total X-Total-Pages X-Per-Page X-Page X-Next-Page X-Prev-Page X-Gitlab-Blob-Id X-Gitlab-Commit-Id X-Gitlab-Content-Sha256 X-Gitlab-Encoding X-Gitlab-File-Name X-Gitlab-File-Path X-Gitlab-Last-Commit-Id X-Gitlab-Ref X-Gitlab-Size]
@@ -298,7 +303,10 @@ module Gitlab
end
config.after_initialize do
- Rails.application.reload_routes!
+ # Devise (see initializers/8_devise.rb) already reloads routes if
+ # eager loading is enabled, so don't do this twice since it's
+ # expensive.
+ Rails.application.reload_routes! unless config.eager_load
project_url_helpers = Module.new do
extend ActiveSupport::Concern
@@ -316,7 +324,7 @@ module Gitlab
# conflict with the methods defined in `project_url_helpers`, and we want
# these methods available in the same places.
Gitlab::Routing.add_helpers(project_url_helpers)
- Gitlab::Routing.add_helpers(MilestonesRoutingHelper)
+ Gitlab::Routing.add_helpers(TimeboxesRoutingHelper)
end
end
end
diff --git a/config/dependency_decisions.yml b/config/dependency_decisions.yml
index 84db15d6535..ff5ccbb3c1b 100644
--- a/config/dependency_decisions.yml
+++ b/config/dependency_decisions.yml
@@ -626,3 +626,9 @@
:why:
:versions: []
:when: 2019-11-08 10:03:31.787226000 Z
+- - :whitelist
+ - CC0-1.0
+ - :who: Thomas Randolph
+ :why: This license is public domain
+ :versions: []
+ :when: 2020-06-03 05:04:44.632875345 Z
diff --git a/config/feature_categories.yml b/config/feature_categories.yml
index 010d3d14fcb..7cbc90497a4 100644
--- a/config/feature_categories.yml
+++ b/config/feature_categories.yml
@@ -43,6 +43,7 @@
- digital_experience_management
- disaster_recovery
- dynamic_application_security_testing
+- editor_extension
- epics
- error_tracking
- feature_flags
@@ -52,6 +53,7 @@
- geo_replication
- git_lfs
- gitaly
+- gitlab_docs
- gitlab_handbook
- gitter
- global_search
@@ -82,6 +84,7 @@
- pages
- pki_management
- planning_analytics
+- product_analytics
- quality_management
- release_evidence
- release_orchestration
@@ -100,7 +103,6 @@
- source_code_management
- static_application_security_testing
- static_site_editor
-- status_page
- subgroups
- templates
- time_tracking
diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index 9a2e470f852..bd328d9919a 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -469,6 +469,11 @@ production: &base
geo_file_download_dispatch_worker:
cron: "*/1 * * * *"
+ # GitLab Geo registry sync worker (for backfilling)
+ # NOTE: This will only take effect if Geo is enabled (secondary nodes only)
+ geo_registry_sync_worker:
+ cron: "*/1 * * * *"
+
# GitLab Geo migrated local files clean up worker
# NOTE: This will only take effect if Geo is enabled (secondary nodes only)
geo_migrated_local_files_clean_up_worker:
@@ -482,6 +487,11 @@ production: &base
# NOTE: This will only take effect if elasticsearch is enabled.
elastic_index_bulk_cron_worker:
cron: "*/1 * * * *"
+
+ # Elasticsearch bulk updater for initial updates.
+ # NOTE: This will only take effect if elasticsearch is enabled.
+ elastic_index_initial_bulk_cron_worker:
+ cron: "*/1 * * * *"
registry:
# enabled: true
@@ -1078,8 +1088,6 @@ production: &base
monitoring:
# Time between sampling of unicorn socket metrics, in seconds
# unicorn_sampler_interval: 10
- # Time between sampling of Puma metrics, in seconds
- # puma_sampler_interval: 5
# IP whitelist to access monitoring endpoints
ip_whitelist:
- 127.0.0.0/8
diff --git a/config/initializers/01_secret_token.rb b/config/initializers/01_secret_token.rb
index e3fefeab81c..8b96727a2a1 100644
--- a/config/initializers/01_secret_token.rb
+++ b/config/initializers/01_secret_token.rb
@@ -61,6 +61,8 @@ def generate_new_rsa_private_key
end
def warn_missing_secret(secret)
+ return if Rails.env.test?
+
warn "Missing Rails.application.secrets.#{secret} for #{Rails.env} environment. The secret will be generated and stored in config/secrets.yml."
end
diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb
index c0cd491547a..9d9f24183d5 100644
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -451,9 +451,12 @@ Settings.cron_jobs['trending_projects_worker']['job_class'] = 'TrendingProjectsW
Settings.cron_jobs['remove_unreferenced_lfs_objects_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['remove_unreferenced_lfs_objects_worker']['cron'] ||= '20 0 * * *'
Settings.cron_jobs['remove_unreferenced_lfs_objects_worker']['job_class'] = 'RemoveUnreferencedLfsObjectsWorker'
-Settings.cron_jobs['stuck_import_jobs_worker'] ||= Settingslogic.new({})
-Settings.cron_jobs['stuck_import_jobs_worker']['cron'] ||= '15 * * * *'
-Settings.cron_jobs['stuck_import_jobs_worker']['job_class'] = 'StuckImportJobsWorker'
+Settings.cron_jobs['import_stuck_project_import_jobs'] ||= Settingslogic.new({})
+Settings.cron_jobs['import_stuck_project_import_jobs']['cron'] ||= '15 * * * *'
+Settings.cron_jobs['import_stuck_project_import_jobs']['job_class'] = 'Gitlab::Import::StuckProjectImportJobsWorker'
+Settings.cron_jobs['jira_import_stuck_jira_import_jobs'] ||= Settingslogic.new({})
+Settings.cron_jobs['jira_import_stuck_jira_import_jobs']['cron'] ||= '* 0/15 * * *'
+Settings.cron_jobs['jira_import_stuck_jira_import_jobs']['job_class'] = 'Gitlab::JiraImport::StuckJiraImportJobsWorker'
Settings.cron_jobs['stuck_export_jobs_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['stuck_export_jobs_worker']['cron'] ||= '30 * * * *'
Settings.cron_jobs['stuck_export_jobs_worker']['job_class'] = 'StuckExportJobsWorker'
@@ -478,6 +481,9 @@ Settings.cron_jobs['issue_due_scheduler_worker']['job_class'] = 'IssueDueSchedul
Settings.cron_jobs['prune_web_hook_logs_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['prune_web_hook_logs_worker']['cron'] ||= '0 */1 * * *'
Settings.cron_jobs['prune_web_hook_logs_worker']['job_class'] = 'PruneWebHookLogsWorker'
+Settings.cron_jobs['metrics_dashboard_schedule_annotations_prune_worker'] ||= Settingslogic.new({})
+Settings.cron_jobs['metrics_dashboard_schedule_annotations_prune_worker']['cron'] ||= '0 1 * * *'
+Settings.cron_jobs['metrics_dashboard_schedule_annotations_prune_worker']['job_class'] = 'Metrics::Dashboard::ScheduleAnnotationsPruneWorker'
Settings.cron_jobs['schedule_migrate_external_diffs_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['schedule_migrate_external_diffs_worker']['cron'] ||= '15 * * * *'
Settings.cron_jobs['schedule_migrate_external_diffs_worker']['job_class'] = 'ScheduleMigrateExternalDiffsWorker'
@@ -507,6 +513,9 @@ Gitlab.ee do
Settings.cron_jobs['geo_file_download_dispatch_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['geo_file_download_dispatch_worker']['cron'] ||= '*/1 * * * *'
Settings.cron_jobs['geo_file_download_dispatch_worker']['job_class'] ||= 'Geo::FileDownloadDispatchWorker'
+ Settings.cron_jobs['geo_registry_sync_worker'] ||= Settingslogic.new({})
+ Settings.cron_jobs['geo_registry_sync_worker']['cron'] ||= '*/1 * * * *'
+ Settings.cron_jobs['geo_registry_sync_worker']['job_class'] ||= 'Geo::RegistrySyncWorker'
Settings.cron_jobs['geo_metrics_update_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['geo_metrics_update_worker']['cron'] ||= '*/1 * * * *'
Settings.cron_jobs['geo_metrics_update_worker']['job_class'] ||= 'Geo::MetricsUpdateWorker'
@@ -552,9 +561,15 @@ Gitlab.ee do
Settings.cron_jobs['elastic_index_bulk_cron_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['elastic_index_bulk_cron_worker']['cron'] ||= '*/1 * * * *'
Settings.cron_jobs['elastic_index_bulk_cron_worker']['job_class'] ||= 'ElasticIndexBulkCronWorker'
+ Settings.cron_jobs['elastic_index_initial_bulk_cron_worker'] ||= Settingslogic.new({})
+ Settings.cron_jobs['elastic_index_initial_bulk_cron_worker']['cron'] ||= '*/1 * * * *'
+ Settings.cron_jobs['elastic_index_initial_bulk_cron_worker']['job_class'] ||= 'ElasticIndexInitialBulkCronWorker'
Settings.cron_jobs['sync_seat_link_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['sync_seat_link_worker']['cron'] ||= "#{rand(60)} 0 * * *"
Settings.cron_jobs['sync_seat_link_worker']['job_class'] = 'SyncSeatLinkWorker'
+ Settings.cron_jobs['web_application_firewall_metrics_worker'] ||= Settingslogic.new({})
+ Settings.cron_jobs['web_application_firewall_metrics_worker']['cron'] ||= '0 1 * * 0'
+ Settings.cron_jobs['web_application_firewall_metrics_worker']['job_class'] = 'IngressModsecurityCounterMetricsWorker'
end
#
@@ -728,9 +743,6 @@ Settings.action_cable['worker_pool_size'] ||= 4
Settings['monitoring'] ||= Settingslogic.new({})
Settings.monitoring['ip_whitelist'] ||= ['127.0.0.1/8']
Settings.monitoring['unicorn_sampler_interval'] ||= 10
-Settings.monitoring['puma_sampler_interval'] ||= 5
-Settings.monitoring['ruby_sampler_interval'] ||= 60
-Settings.monitoring['global_search_sampler_interval'] ||= 60
Settings.monitoring['sidekiq_exporter'] ||= Settingslogic.new({})
Settings.monitoring.sidekiq_exporter['enabled'] ||= false
Settings.monitoring.sidekiq_exporter['address'] ||= 'localhost'
diff --git a/config/initializers/7_prometheus_metrics.rb b/config/initializers/7_prometheus_metrics.rb
index 267a1f0b1a5..bb89850892e 100644
--- a/config/initializers/7_prometheus_metrics.rb
+++ b/config/initializers/7_prometheus_metrics.rb
@@ -42,14 +42,11 @@ if !Rails.env.test? && Gitlab::Metrics.prometheus_metrics_enabled?
Gitlab::Cluster::LifecycleEvents.on_worker_start do
defined?(::Prometheus::Client.reinitialize_on_pid_change) && Prometheus::Client.reinitialize_on_pid_change
- Gitlab::Metrics::Samplers::RubySampler.initialize_instance(Settings.monitoring.ruby_sampler_interval).start
-
- if Gitlab::Utils.to_boolean(ENV['ENABLE_DATABASE_CONNECTION_POOL_METRICS'])
- Gitlab::Metrics::Samplers::DatabaseSampler.initialize_instance(Gitlab::Metrics::Samplers::DatabaseSampler::SAMPLING_INTERVAL_SECONDS).start
- end
+ Gitlab::Metrics::Samplers::RubySampler.initialize_instance.start
+ Gitlab::Metrics::Samplers::DatabaseSampler.initialize_instance.start
if Gitlab.ee? && Gitlab::Runtime.sidekiq?
- Gitlab::Metrics::Samplers::GlobalSearchSampler.instance(Settings.monitoring.global_search_sampler_interval).start
+ Gitlab::Metrics::Samplers::GlobalSearchSampler.instance.start
end
rescue IOError => e
Gitlab::ErrorTracking.track_exception(e)
@@ -62,7 +59,7 @@ if !Rails.env.test? && Gitlab::Metrics.prometheus_metrics_enabled?
if Gitlab::Runtime.unicorn?
Gitlab::Metrics::Samplers::UnicornSampler.instance(Settings.monitoring.unicorn_sampler_interval).start
elsif Gitlab::Runtime.puma?
- Gitlab::Metrics::Samplers::PumaSampler.instance(Settings.monitoring.puma_sampler_interval).start
+ Gitlab::Metrics::Samplers::PumaSampler.instance.start
end
Gitlab::Metrics.gauge(:deployments, 'GitLab Version', {}, :max).set({ version: Gitlab::VERSION }, 1)
diff --git a/config/initializers/8_devise.rb b/config/initializers/8_devise.rb
index 3daddb10b29..2be6e535fee 100644
--- a/config/initializers/8_devise.rb
+++ b/config/initializers/8_devise.rb
@@ -6,6 +6,11 @@ Devise.setup do |config|
manager.default_strategies(scope: :user).unshift :two_factor_backupable
end
+ # This is the default. This makes it explicit that Devise loads routes
+ # before eager loading. Disabling this seems to cause an error loading
+ # grape-entity `expose` for some reason.
+ config.reload_routes = true
+
# ==> Mailer Configuration
# Configure the class responsible to send e-mails.
config.mailer = "DeviseMailer"
@@ -102,7 +107,7 @@ Devise.setup do |config|
# config.remember_across_browsers = true
# If true, extends the user's remember period when remembered via cookie.
- # config.extend_remember_period = false
+ config.extend_remember_period = true
# Options to be passed to the created cookie. For instance, you can set
# secure: true in order to force SSL only cookies.
diff --git a/config/initializers/action_cable.rb b/config/initializers/action_cable.rb
index eb44ff00d09..c549dd45ad9 100644
--- a/config/initializers/action_cable.rb
+++ b/config/initializers/action_cable.rb
@@ -1,5 +1,7 @@
# frozen_string_literal: true
+require 'action_cable/subscription_adapter/redis'
+
Rails.application.configure do
# We only mount the ActionCable engine in tests where we run it in-app
# For other environments, we run it on a standalone Puma server
@@ -7,3 +9,11 @@ Rails.application.configure do
config.action_cable.url = Gitlab::Utils.append_path(Gitlab.config.gitlab.relative_url_root, '/-/cable')
config.action_cable.worker_pool_size = Gitlab.config.action_cable.worker_pool_size
end
+
+# https://github.com/rails/rails/blob/bb5ac1623e8de08c1b7b62b1368758f0d3bb6379/actioncable/lib/action_cable/subscription_adapter/redis.rb#L18
+ActionCable::SubscriptionAdapter::Redis.redis_connector = lambda do |config|
+ args = config.except(:adapter, :channel_prefix)
+ .merge(instrumentation_class: ::Gitlab::Instrumentation::Redis::ActionCable)
+
+ ::Redis.new(args)
+end
diff --git a/config/initializers/actionpack_generate_old_csrf_token.rb b/config/initializers/actionpack_generate_old_csrf_token.rb
new file mode 100644
index 00000000000..6367a1d4d59
--- /dev/null
+++ b/config/initializers/actionpack_generate_old_csrf_token.rb
@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module Gitlab
+ module RequestForgeryProtectionPatch
+ private
+
+ # Patch to generate 6.0.3 tokens so that we do not have CSRF errors while
+ # rolling out 6.0.3.1. This enables GitLab to have a mix of 6.0.3 and
+ # 6.0.3.1 Rails servers
+ #
+ # 1. Deploy this patch with :global_csrf_token FF disabled.
+ # 2. Once all Rails servers are on 6.0.3.1, enable :global_csrf_token FF.
+ # 3. On GitLab 13.2, remove this patch
+ def masked_authenticity_token(session, form_options: {})
+ action, method = form_options.values_at(:action, :method)
+
+ raw_token = if per_form_csrf_tokens && action && method
+ action_path = normalize_action_path(action)
+ per_form_csrf_token(session, action_path, method)
+ else
+ if Feature.enabled?(:global_csrf_token)
+ global_csrf_token(session)
+ else
+ real_csrf_token(session)
+ end
+ end
+
+ mask_token(raw_token)
+ end
+ end
+end
+
+ActionController::Base.include Gitlab::RequestForgeryProtectionPatch
diff --git a/config/initializers/bullet.rb b/config/initializers/bullet.rb
index 0ade7109420..d1f72ca3ce7 100644
--- a/config/initializers/bullet.rb
+++ b/config/initializers/bullet.rb
@@ -1,10 +1,15 @@
-if defined?(Bullet) && ENV['ENABLE_BULLET']
+def bullet_enabled?
+ Gitlab::Utils.to_boolean(ENV['ENABLE_BULLET'].to_s)
+end
+
+if defined?(Bullet) && (bullet_enabled? || Rails.env.development?)
Rails.application.configure do
config.after_initialize do
Bullet.enable = true
- Bullet.bullet_logger = true
- Bullet.console = true
+ Bullet.bullet_logger = bullet_enabled?
+ Bullet.console = bullet_enabled?
+
Bullet.raise = Rails.env.test?
end
end
diff --git a/config/initializers/database_config.rb b/config/initializers/database_config.rb
index 52897ad549d..ce732677c74 100644
--- a/config/initializers/database_config.rb
+++ b/config/initializers/database_config.rb
@@ -30,7 +30,7 @@ if Gitlab::Runtime.multi_threaded?
Rails.application.config.database_configuration[Rails.env]
previous_db_pool_size = db_config['pool']
- db_config['pool'] = [db_config['pool'].to_i, max_threads].max
+ db_config['pool'] = [db_config['pool'].to_i, max_threads].max + ENV["DB_POOL_HEADROOM"].to_i
ActiveRecord::Base.establish_connection(db_config)
diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb
index 4158bfec216..76e29fb6c02 100644
--- a/config/initializers/doorkeeper.rb
+++ b/config/initializers/doorkeeper.rb
@@ -106,10 +106,5 @@ Doorkeeper.configure do
# WWW-Authenticate Realm (default "Doorkeeper").
# realm "Doorkeeper"
- # Allow dynamic query parameters (disabled by default)
- # Some applications require dynamic query parameters on their request_uri
- # set to true if you want this to be allowed
- # wildcard_redirect_uri false
-
base_controller '::Gitlab::BaseDoorkeeperController'
end
diff --git a/config/initializers/fill_shards.rb b/config/initializers/fill_shards.rb
index 40a9a271953..90c0d63e4fe 100644
--- a/config/initializers/fill_shards.rb
+++ b/config/initializers/fill_shards.rb
@@ -1,8 +1,7 @@
-# The `table_exists?` check is needed because during our migration rollback testing,
+# The explicit schema version check is needed because during our migration rollback testing,
# `Shard.connected?` could be cached and return true even though the table doesn't exist
return unless Shard.connected?
-return unless Shard.table_exists?
-return unless Shard.connection.index_exists?(:shards, :name, unique: true)
+return unless ActiveRecord::Migrator.current_version >= 20190402150158
return if Gitlab::Database.read_only?
Shard.populate!
diff --git a/config/initializers/google_api_client.rb b/config/initializers/google_api_client.rb
index 443bb29fb52..49a35e5bd7c 100644
--- a/config/initializers/google_api_client.rb
+++ b/config/initializers/google_api_client.rb
@@ -1,23 +1,12 @@
# frozen_string_literal: true
-#
-# google-api-client >= 0.26.0 supports enabling CloudRun and Istio during
-# cluster creation, but fog-google currently hard deps on '~> 0.23.0', which
-# prevents us from upgrading. We are injecting these options as hashes below
-# as a workaround until this is resolved.
-#
-# This can be removed once fog-google and google-api-client can be upgraded.
-# See https://gitlab.com/gitlab-org/gitlab/issues/31280 for more details.
-#
-require 'google/apis/container_v1beta1'
require 'google/apis/options'
+# these require solve load order issues (undefined constant Google::Apis::ServerError and Signet::RemoteServerError, rescued in multiple places)
+require 'google/apis/errors'
+require 'signet/errors'
+
# As stated in https://github.com/googleapis/google-api-ruby-client#errors--retries,
# enabling retries is strongly encouraged but disabled by default. Large uploads
# that may hit timeouts will mainly benefit from this.
Google::Apis::RequestOptions.default.retries = 3 if Gitlab::Utils.to_boolean(ENV.fetch('ENABLE_GOOGLE_API_RETRIES', true))
-
-Google::Apis::ContainerV1beta1::AddonsConfig::Representation.tap do |representation|
- representation.hash :cloud_run_config, as: 'cloudRunConfig'
- representation.hash :istio_config, as: 'istioConfig'
-end
diff --git a/config/initializers/grape_validators.rb b/config/initializers/grape_validators.rb
index 9d2b6dc9bd1..22f2c9ecf92 100644
--- a/config/initializers/grape_validators.rb
+++ b/config/initializers/grape_validators.rb
@@ -7,3 +7,4 @@ Grape::Validations.register_validator(:git_sha, ::API::Validations::Validators::
Grape::Validations.register_validator(:integer_none_any, ::API::Validations::Validators::IntegerNoneAny)
Grape::Validations.register_validator(:array_none_any, ::API::Validations::Validators::ArrayNoneAny)
Grape::Validations.register_validator(:check_assignees_count, ::API::Validations::Validators::CheckAssigneesCount)
+Grape::Validations.register_validator(:untrusted_regexp, ::API::Validations::Validators::UntrustedRegexp)
diff --git a/config/initializers/kaminari_active_record_relation_methods_with_limit.rb b/config/initializers/kaminari_active_record_relation_methods_with_limit.rb
index cc20b83b234..55b98cda520 100644
--- a/config/initializers/kaminari_active_record_relation_methods_with_limit.rb
+++ b/config/initializers/kaminari_active_record_relation_methods_with_limit.rb
@@ -5,9 +5,10 @@ module Kaminari
# This is a modified version of
# https://github.com/kaminari/kaminari/blob/c5186f5d9b7f23299d115408e62047447fd3189d/kaminari-activerecord/lib/kaminari/activerecord/active_record_relation_methods.rb#L17-L41
- # that limit the COUNT query to 10,000 to avoid query timeouts.
+ # that limit the COUNT query to a configurable value to avoid query timeouts.
+ # The default limit value is 10,000 records
# rubocop: disable Gitlab/ModuleWithInstanceVariables
- def total_count_with_limit(column_name = :all, _options = nil) #:nodoc:
+ def total_count_with_limit(column_name = :all, options = {}) #:nodoc:
return @total_count if defined?(@total_count) && @total_count
# There are some cases that total count can be deduced from loaded records
@@ -18,13 +19,14 @@ module Kaminari
return @total_count = (current_page - 1) * limit_value + @records.length if @records.any? && (@records.length < limit_value)
end
+ limit = options.fetch(:limit, MAX_COUNT_LIMIT).to_i
# #count overrides the #select which could include generated columns referenced in #order, so skip #order here, where it's irrelevant to the result anyway
c = except(:offset, :limit, :order)
# Remove includes only if they are irrelevant
c = c.except(:includes) unless references_eager_loaded_tables?
# .group returns an OrderedHash that responds to #count
# The following line was modified from `c = c.count(:all)`
- c = c.limit(MAX_COUNT_LIMIT + 1).count(column_name)
+ c = c.limit(limit + 1).count(column_name)
@total_count =
if c.is_a?(Hash) || c.is_a?(ActiveSupport::OrderedHash)
c.count
diff --git a/config/initializers/lograge.rb b/config/initializers/lograge.rb
index e1e15d1870c..01353ad4ec1 100644
--- a/config/initializers/lograge.rb
+++ b/config/initializers/lograge.rb
@@ -12,9 +12,9 @@ unless Gitlab::Runtime.sidekiq?
config.lograge.logger = ActiveSupport::Logger.new(filename)
config.lograge.before_format = lambda do |data, payload|
data.delete(:error)
- data[:db_duration_s] = Gitlab::Utils.ms_to_round_sec(data.delete(:db))
- data[:view_duration_s] = Gitlab::Utils.ms_to_round_sec(data.delete(:view))
- data[:duration_s] = Gitlab::Utils.ms_to_round_sec(data.delete(:duration))
+ data[:db_duration_s] = Gitlab::Utils.ms_to_round_sec(data.delete(:db)) if data[:db]
+ data[:view_duration_s] = Gitlab::Utils.ms_to_round_sec(data.delete(:view)) if data[:view]
+ data[:duration_s] = Gitlab::Utils.ms_to_round_sec(data.delete(:duration)) if data[:duration]
data
end
diff --git a/config/initializers/peek.rb b/config/initializers/peek.rb
index a3810be70b2..deac938c80b 100644
--- a/config/initializers/peek.rb
+++ b/config/initializers/peek.rb
@@ -9,6 +9,8 @@ Peek.into Peek::Views::Host
Peek.into Peek::Views::ActiveRecord
Peek.into Peek::Views::Gitaly
Peek.into Peek::Views::RedisDetailed
+Peek.into Peek::Views::Elasticsearch
Peek.into Peek::Views::Rugged
+Peek.into Peek::Views::BulletDetailed if defined?(Bullet)
Peek.into Peek::Views::Tracing if Labkit::Tracing.tracing_url_enabled?
diff --git a/config/initializers/rack_attack_new.rb b/config/initializers/rack_attack.rb
index 51b49bec864..51b49bec864 100644
--- a/config/initializers/rack_attack_new.rb
+++ b/config/initializers/rack_attack.rb
diff --git a/config/initializers/zz_metrics.rb b/config/initializers/zz_metrics.rb
index 26f6743f480..7e675e478cf 100644
--- a/config/initializers/zz_metrics.rb
+++ b/config/initializers/zz_metrics.rb
@@ -147,6 +147,8 @@ if Gitlab::Metrics.enabled? && !Rails.env.test? && !(Rails.env.development? && d
Gitlab::Application.configure do |config|
config.middleware.use(Gitlab::Metrics::RackMiddleware)
config.middleware.use(Gitlab::Middleware::RailsQueueDuration)
+ config.middleware.use(Gitlab::Metrics::RedisRackMiddleware)
+ config.middleware.use(Gitlab::Metrics::ElasticsearchRackMiddleware)
end
Sidekiq.configure_server do |config|
diff --git a/config/locales/doorkeeper.en.yml b/config/locales/doorkeeper.en.yml
index 7c8dc2d0a32..8469b72c312 100644
--- a/config/locales/doorkeeper.en.yml
+++ b/config/locales/doorkeeper.en.yml
@@ -81,6 +81,8 @@ en:
Grants read-write access to repositories on private projects using Git-over-HTTP (not using the API).
read_registry:
Grants read-only access to container registry images on private projects.
+ write_registry:
+ Grants write access to container registry images on private projects.
openid:
Grants permission to authenticate with GitLab using OpenID Connect. Also gives read-only access to the user's profile and group memberships.
sudo:
diff --git a/config/locales/en.yml b/config/locales/en.yml
index c95232ae540..ed0552ab452 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -272,4 +272,5 @@ en:
long: "%B %d, %Y %H:%M"
short: "%d %b %H:%M"
timeago_tooltip: "%b %-d, %Y %-l:%M%P"
+ with_timezone: "%Y-%m-%d %H:%M:%S %z"
pm: pm
diff --git a/config/prometheus/self_monitoring_default.yml b/config/prometheus/self_monitoring_default.yml
index dc2361fb3bc..50e6f4585e4 100644
--- a/config/prometheus/self_monitoring_default.yml
+++ b/config/prometheus/self_monitoring_default.yml
@@ -1,6 +1,36 @@
dashboard: 'Default dashboard'
priority: 1
+
+templating:
+ variables:
+ instance:
+ type: 'text'
+ label: 'Instance label regex'
+ options:
+ default_value: '.+'
+
panel_groups:
+
+- group: 'Resource usage'
+ panels:
+ - title: "Memory usage"
+ type: "line-chart"
+ y_label: "% memory used"
+ metrics:
+ - id: node_memory_usage_percentage
+ query_range: '(1 - (node_memory_MemAvailable_bytes{instance=~"{{instance}}"} or (node_memory_MemFree_bytes{instance=~"{{instance}}"} + node_memory_Buffers_bytes{instance=~"{{instance}}"} + node_memory_Cached_bytes{instance=~"{{instance}}"} + node_memory_Slab_bytes{instance=~"{{instance}}"})) / node_memory_MemTotal_bytes{instance=~"{{instance}}"}) * 100'
+ unit: "%"
+ label: instance
+
+ - title: "CPU usage"
+ type: "line-chart"
+ y_label: "% CPU used"
+ metrics:
+ - id: node_cpu_usage_percentage
+ query_range: '(avg without (mode,cpu) (1 - irate(node_cpu_seconds_total{mode="idle",instance=~"{{instance}}"}[5m]))) * 100'
+ unit: "%"
+ label: instance
+
- group: Web Service
panels:
- title: Web Service - Error Ratio
diff --git a/config/pseudonymizer.yml b/config/pseudonymizer.yml
index e9d5fd5623f..532fbe3b70f 100644
--- a/config/pseudonymizer.yml
+++ b/config/pseudonymizer.yml
@@ -465,7 +465,6 @@ tables:
- auditor
- require_two_factor_authentication_from_group
- two_factor_grace_period
- - ghost
- last_activity_on
- notified_of_own_activity
- user_type
diff --git a/config/routes.rb b/config/routes.rb
index 86f42822299..598a52cddb3 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -45,12 +45,19 @@ Rails.application.routes.draw do
use_doorkeeper_openid_connect
# Sign up
- get 'users/sign_up/welcome' => 'registrations#welcome'
- patch 'users/sign_up/update_registration' => 'registrations#update_registration'
+ scope path: '/users/sign_up', module: :registrations, as: :users_sign_up do
+ get :welcome
+ patch :update_registration
+ resource :experience_level, only: [:show, :update]
+
+ Gitlab.ee do
+ resources :groups, only: [:new, :create]
+ resources :projects, only: [:new, :create]
+ end
+ end
# Search
get 'search' => 'search#show'
- get 'search/autocomplete' => 'search#autocomplete', as: :search_autocomplete
get 'search/count' => 'search#count', as: :search_count
# JSON Web Token
diff --git a/config/routes/dashboard.rb b/config/routes/dashboard.rb
index f1e8c2b9d82..7e29a36f020 100644
--- a/config/routes/dashboard.rb
+++ b/config/routes/dashboard.rb
@@ -5,13 +5,7 @@ resource :dashboard, controller: 'dashboard', only: [] do
get :activity
scope module: :dashboard do
- resources :milestones, only: [:index, :show] do
- member do
- get :merge_requests
- get :participants
- get :labels
- end
- end
+ resources :milestones, only: [:index]
resources :labels, only: [:index]
resources :groups, only: [:index]
diff --git a/config/routes/group.rb b/config/routes/group.rb
index 9571d70d103..408c57eaa94 100644
--- a/config/routes/group.rb
+++ b/config/routes/group.rb
@@ -70,6 +70,7 @@ constraints(::Constraints::GroupUrlConstrainer.new) do
end
resource :avatar, only: [:destroy]
+ resource :import, only: [:show]
concerns :clusterable
@@ -78,7 +79,7 @@ constraints(::Constraints::GroupUrlConstrainer.new) do
delete :leave, on: :collection
end
- resources :group_links, only: [:index, :create, :update, :destroy], constraints: { id: /\d+/ }
+ resources :group_links, only: [:create, :update, :destroy], constraints: { id: /\d+/ }
resources :uploads, only: [:create] do
collection do
diff --git a/config/routes/import.rb b/config/routes/import.rb
index 57a1fab48e9..cd8278f6fd0 100644
--- a/config/routes/import.rb
+++ b/config/routes/import.rb
@@ -25,12 +25,14 @@ namespace :import do
get :status
get :callback
get :jobs
+ get :realtime_changes
end
resource :bitbucket, only: [:create], controller: :bitbucket do
get :status
get :callback
get :jobs
+ get :realtime_changes
end
resource :bitbucket_server, only: [:create, :new], controller: :bitbucket_server do
@@ -38,6 +40,7 @@ namespace :import do
get :status
get :callback
get :jobs
+ get :realtime_changes
end
resource :google_code, only: [:create, :new], controller: :google_code do
@@ -53,6 +56,7 @@ namespace :import do
get :status
post :callback
get :jobs
+ get :realtime_changes
get :new_user_map, path: :user_map
post :create_user_map, path: :user_map
@@ -63,6 +67,10 @@ namespace :import do
post :authorize
end
+ resource :gitlab_group, only: [:create] do
+ post :authorize
+ end
+
resource :manifest, only: [:create, :new], controller: :manifest do
get :status
get :jobs
diff --git a/config/routes/merge_requests.rb b/config/routes/merge_requests.rb
index f6c45081ce0..b2635a7fa74 100644
--- a/config/routes/merge_requests.rb
+++ b/config/routes/merge_requests.rb
@@ -55,6 +55,15 @@ resources :merge_requests, concerns: :awardable, except: [:new, :create, :show],
delete :resolve, action: :unresolve
end
end
+
+ scope module: :merge_requests do
+ resources :drafts, only: [:index, :update, :create, :destroy] do
+ collection do
+ post :publish
+ delete :discard
+ end
+ end
+ end
end
scope path: 'merge_requests', controller: 'merge_requests/creations' do
diff --git a/config/routes/project.rb b/config/routes/project.rb
index 020bfa7687d..78dcc189d5b 100644
--- a/config/routes/project.rb
+++ b/config/routes/project.rb
@@ -49,9 +49,11 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
get :trace, defaults: { format: 'json' }
get :raw
get :terminal
+ get :proxy
- # This route is also defined in gitlab-workhorse. Make sure to update accordingly.
+ # These routes are also defined in gitlab-workhorse. Make sure to update accordingly.
get '/terminal.ws/authorize', to: 'jobs#terminal_websocket_authorize', format: false
+ get '/proxy.ws/authorize', to: 'jobs#proxy_websocket_authorize', format: false
end
resource :artifacts, only: [] do
@@ -65,12 +67,10 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
namespace :ci do
resource :lint, only: [:show, :create]
- resources :daily_build_group_report_results, only: [:index], constraints: { format: 'csv' }
+ resources :daily_build_group_report_results, only: [:index], constraints: { format: /(csv|json)/ }
end
namespace :settings do
- get :members, to: redirect("%{namespace_id}/%{project_id}/-/project_members")
-
resource :ci_cd, only: [:show, :update], controller: 'ci_cd' do
post :reset_cache
put :reset_registration_token
@@ -199,7 +199,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
resources :starrers, only: [:index]
resources :forks, only: [:index, :new, :create]
- resources :group_links, only: [:index, :create, :update, :destroy], constraints: { id: /\d+/ }
+ resources :group_links, only: [:create, :update, :destroy], constraints: { id: /\d+/ }
resource :import, only: [:new, :create, :show]
resource :avatar, only: [:show, :destroy]
@@ -315,6 +315,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
draw :issues
draw :merge_requests
+ draw :pipelines
# The wiki and repository routing contains wildcard characters so
# its preferable to keep it below all other project routes
@@ -323,9 +324,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
draw :wiki
namespace :import do
- resource :jira, only: [:show], controller: :jira do
- post :import
- end
+ resource :jira, only: [:show], controller: :jira
end
end
# End of the /-/ scope.
@@ -380,17 +379,6 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
post 'alerts/notify', to: 'alerting/notifications#create'
- # Unscoped route. It will be replaced with redirect to /-/pipelines/
- # Issue https://gitlab.com/gitlab-org/gitlab/issues/118849
- draw :pipelines
-
- # To ensure an old unscoped routing is used for the UI we need to
- # add prefix 'as' to the scope routing and place it below original routing.
- # Issue https://gitlab.com/gitlab-org/gitlab/issues/118849
- scope '-', as: 'scoped' do
- draw :pipelines
- end
-
draw :legacy_builds
resources :hooks, only: [:index, :create, :edit, :update, :destroy], constraints: { id: /\d+/ } do # rubocop: disable Cop/PutProjectRoutesUnderScope
@@ -472,9 +460,21 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
post :web_ide_pipelines_count
end
+ resources :web_ide_terminals, path: :ide_terminals, only: [:create, :show], constraints: { id: /\d+/, format: :json } do # rubocop: disable Cop/PutProjectRoutesUnderScope
+ member do
+ post :cancel
+ post :retry
+ end
+
+ collection do
+ post :check_config
+ end
+ end
+
# Deprecated unscoped routing.
# Issue https://gitlab.com/gitlab-org/gitlab/issues/118849
scope as: 'deprecated' do
+ draw :pipelines
draw :repository
end
diff --git a/config/settings.rb b/config/settings.rb
index 144a068ef2a..99f1b85202e 100644
--- a/config/settings.rb
+++ b/config/settings.rb
@@ -66,6 +66,12 @@ class Settings < Settingslogic
(base_url(gitlab) + [gitlab.relative_url_root]).join('')
end
+ def build_gitlab_go_url
+ # "Go package paths are not URLs, and do not include port numbers"
+ # https://github.com/golang/go/issues/38213#issuecomment-607851460
+ "#{gitlab.host}#{gitlab.relative_url_root}"
+ end
+
def kerberos_protocol
kerberos.https ? "https" : "http"
end
diff --git a/config/sidekiq_queues.yml b/config/sidekiq_queues.yml
index e6e0b4b4409..0052910b56e 100644
--- a/config/sidekiq_queues.yml
+++ b/config/sidekiq_queues.yml
@@ -82,10 +82,14 @@
- 1
- - elastic_commit_indexer
- 1
+- - elastic_delete_project
+ - 1
- - elastic_full_index
- 1
- - elastic_indexer
- 1
+- - elastic_indexing_control
+ - 1
- - elastic_namespace_indexer
- 1
- - elastic_namespace_rollout
@@ -148,6 +152,8 @@
- 5
- - merge_request_mergeability_check
- 1
+- - metrics_dashboard_prune_old_annotations
+ - 1
- - migrate_external_diffs
- 1
- - namespaceless_project_destroy
@@ -210,6 +216,8 @@
- 1
- - prometheus_create_default_alerts
- 1
+- - propagate_integration
+ - 1
- - propagate_service_template
- 1
- - reactive_caching
@@ -236,6 +244,8 @@
- 1
- - repository_update_remote_mirror
- 1
+- - requirements_management_process_requirements_reports
+ - 1
- - security_scans
- 2
- - self_monitoring_project_create
diff --git a/config/webpack.config.js b/config/webpack.config.js
index 7c130b010b6..557db58b1b9 100644
--- a/config/webpack.config.js
+++ b/config/webpack.config.js
@@ -19,10 +19,11 @@ const IS_EE = require('./helpers/is_ee_env');
const DEV_SERVER_HOST = process.env.DEV_SERVER_HOST || 'localhost';
const DEV_SERVER_PORT = parseInt(process.env.DEV_SERVER_PORT, 10) || 3808;
const DEV_SERVER_LIVERELOAD = IS_DEV_SERVER && process.env.DEV_SERVER_LIVERELOAD !== 'false';
-const WEBPACK_REPORT = process.env.WEBPACK_REPORT;
-const WEBPACK_MEMORY_TEST = process.env.WEBPACK_MEMORY_TEST;
-const NO_COMPRESSION = process.env.NO_COMPRESSION;
-const NO_SOURCEMAPS = process.env.NO_SOURCEMAPS;
+const WEBPACK_REPORT = process.env.WEBPACK_REPORT && process.env.WEBPACK_REPORT !== 'false';
+const WEBPACK_MEMORY_TEST =
+ process.env.WEBPACK_MEMORY_TEST && process.env.WEBPACK_MEMORY_TEST !== 'false';
+const NO_COMPRESSION = process.env.NO_COMPRESSION && process.env.NO_COMPRESSION !== 'false';
+const NO_SOURCEMAPS = process.env.NO_SOURCEMAPS && process.env.NO_SOURCEMAPS !== 'false';
const VUE_VERSION = require('vue/package.json').version;
const VUE_LOADER_VERSION = require('vue-loader/package.json').version;
@@ -244,6 +245,7 @@ module.exports = {
loader: 'file-loader',
options: {
name: '[name].[contenthash:8].[ext]',
+ esModule: false,
},
},
],
@@ -254,7 +256,7 @@ module.exports = {
moduleIds: 'hashed',
runtimeChunk: 'single',
splitChunks: {
- maxInitialRequests: 4,
+ maxInitialRequests: 20,
cacheGroups: {
default: false,
common: () => ({
@@ -329,9 +331,6 @@ module.exports = {
// automatically configure monaco editor web workers
new MonacoWebpackPlugin(),
- // prevent pikaday from including moment.js
- new webpack.IgnorePlugin(/moment/, /pikaday/),
-
// fix legacy jQuery plugins which depend on globals
new webpack.ProvidePlugin({
$: 'jquery',
@@ -516,6 +515,14 @@ module.exports = {
// This one is used to check against "EE" properly in application code
IS_EE: IS_EE ? 'window.gon && window.gon.ee' : JSON.stringify(false),
}),
+
+ /* Pikaday has a optional dependency to moment.
+ We are currently not utilizing moment.
+ Ignoring this import removes warning from our development build.
+ Upstream reference:
+ https://github.com/Pikaday/Pikaday/blob/5c1a7559be/pikaday.js#L14
+ */
+ new webpack.IgnorePlugin(/moment/, /pikaday/),
].filter(Boolean),
devServer: {
diff --git a/config/webpack.vendor.config.js b/config/webpack.vendor.config.js
index bebd1d656b5..548eca4200f 100644
--- a/config/webpack.vendor.config.js
+++ b/config/webpack.vendor.config.js
@@ -38,7 +38,7 @@ module.exports = {
'katex',
'three',
'select2',
- 'moment',
+ 'moment-mini',
'aws-sdk',
'sanitize-html',
'bootstrap/dist/js/bootstrap.js',
@@ -65,7 +65,23 @@ module.exports = {
}),
new YarnCheck({
rootDirectory: ROOT_PATH,
- exclude: /ts-jest/,
+ exclude: new RegExp(
+ [
+ /*
+ chokidar has a newer version which do not depend on fsevents,
+ is faster and only compatible with newer node versions (>=8)
+
+ Their actual interface remains the same and we can safely _force_
+ newer versions to get performance and security benefits.
+
+ This can be removed once all dependencies are up to date:
+ https://gitlab.com/gitlab-org/gitlab/-/issues/219353
+ */
+ 'chokidar',
+ // We are ignoring ts-jest, because we force a newer version, compatible with our current jest version
+ 'ts-jest',
+ ].join('|'),
+ ),
forceKill: true,
}),
],