diff options
-rw-r--r-- | CHANGELOG.md | 14 | ||||
-rw-r--r-- | Gemfile | 2 | ||||
-rw-r--r-- | Gemfile.lock | 5 | ||||
-rw-r--r-- | changelogs/unreleased/fix-code-search-500-with-non-ascii-filename.yml | 5 | ||||
-rw-r--r-- | changelogs/unreleased/mk-fix-move-upload-files-on-group-transfer.yml | 5 | ||||
-rw-r--r-- | changelogs/unreleased/sh-add-missing-acts-as-taggable-indices.yml | 5 | ||||
-rw-r--r-- | changelogs/unreleased/sh-add-section-name-index.yml | 5 | ||||
-rw-r--r-- | changelogs/unreleased/sh-remove-double-caching-repo-empty.yml | 5 | ||||
-rw-r--r-- | doc/ci/examples/README.md | 7 | ||||
-rw-r--r-- | doc/ci/examples/container_scanning.md | 55 | ||||
-rw-r--r-- | doc/ci/examples/sast_docker.md | 56 | ||||
-rw-r--r-- | doc/development/new_fe_guide/index.md | 2 | ||||
-rw-r--r-- | doc/development/new_fe_guide/style/index.md | 2 | ||||
-rw-r--r-- | doc/topics/autodevops/index.md | 6 | ||||
-rw-r--r-- | spec/helpers/import_helper_spec.rb | 6 |
15 files changed, 86 insertions, 94 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 630aef6751f..8c64e68967e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,20 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 10.5.5 (2018-03-15) + +### Fixed (3 changes) + +- Fix missing uploads after group transfer. !17658 +- Fix code and wiki search results when filename is non-ASCII. +- Remove double caching of Repository#empty?. + +### Performance (2 changes) + +- Adding missing indexes on taggings table. +- Add index on section_name_id on ci_build_trace_sections table. + + ## 10.5.4 (2018-03-08) ### Fixed (11 changes) @@ -164,7 +164,7 @@ gem 'sidekiq-limit_fetch', '~> 3.4', require: false gem 'rufus-scheduler', '~> 3.4' # HTTP requests -gem 'httparty', '~> 0.15.6' +gem 'httparty', '~> 0.13.3' # Colored output to console gem 'rainbow', '~> 2.2' diff --git a/Gemfile.lock b/Gemfile.lock index fcc6ef8468c..10b683a44ee 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -411,7 +411,8 @@ GEM domain_name (~> 0.5) http-form_data (1.0.1) http_parser.rb (0.6.0) - httparty (0.15.7) + httparty (0.13.7) + json (~> 1.8) multi_xml (>= 0.5.2) httpclient (2.8.2) i18n (0.9.5) @@ -1081,7 +1082,7 @@ DEPENDENCIES hipchat (~> 1.5.0) html-pipeline (~> 1.11.0) html2text - httparty (~> 0.15.6) + httparty (~> 0.13.3) influxdb (~> 0.2) jira-ruby (~> 1.4) jquery-atwho-rails (~> 1.3.2) diff --git a/changelogs/unreleased/fix-code-search-500-with-non-ascii-filename.yml b/changelogs/unreleased/fix-code-search-500-with-non-ascii-filename.yml deleted file mode 100644 index 29e3b7be985..00000000000 --- a/changelogs/unreleased/fix-code-search-500-with-non-ascii-filename.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix code and wiki search results when filename is non-ASCII -merge_request: -author: -type: fixed diff --git a/changelogs/unreleased/mk-fix-move-upload-files-on-group-transfer.yml b/changelogs/unreleased/mk-fix-move-upload-files-on-group-transfer.yml deleted file mode 100644 index ba366b81600..00000000000 --- a/changelogs/unreleased/mk-fix-move-upload-files-on-group-transfer.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix missing uploads after group transfer -merge_request: 17658 -author: -type: fixed diff --git a/changelogs/unreleased/sh-add-missing-acts-as-taggable-indices.yml b/changelogs/unreleased/sh-add-missing-acts-as-taggable-indices.yml deleted file mode 100644 index d9a1a0db9e8..00000000000 --- a/changelogs/unreleased/sh-add-missing-acts-as-taggable-indices.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Adding missing indexes on taggings table -merge_request: -author: -type: performance diff --git a/changelogs/unreleased/sh-add-section-name-index.yml b/changelogs/unreleased/sh-add-section-name-index.yml deleted file mode 100644 index c822b4e851b..00000000000 --- a/changelogs/unreleased/sh-add-section-name-index.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Add index on section_name_id on ci_build_trace_sections table -merge_request: -author: -type: performance diff --git a/changelogs/unreleased/sh-remove-double-caching-repo-empty.yml b/changelogs/unreleased/sh-remove-double-caching-repo-empty.yml deleted file mode 100644 index 1684be4e5e3..00000000000 --- a/changelogs/unreleased/sh-remove-double-caching-repo-empty.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Remove double caching of Repository#empty? -merge_request: -author: -type: fixed diff --git a/doc/ci/examples/README.md b/doc/ci/examples/README.md index f69729f602d..c1e258aedca 100644 --- a/doc/ci/examples/README.md +++ b/doc/ci/examples/README.md @@ -47,8 +47,11 @@ There's also a collection of repositories with [example projects](https://gitlab ## Static Application Security Testing (SAST) -- **(Ultimate)** [Scan your code for vulnerabilities](https://docs.gitlab.com/ee/ci/examples/sast.html) -- [Scan your Docker images for vulnerabilities](sast_docker.md) +**(Ultimate)** [Scan your code for vulnerabilities](https://docs.gitlab.com/ee/ci/examples/sast.html) + +## Container Scanning + +[Scan your Docker images for vulnerabilities](container_scanning.md) ## Dynamic Application Security Testing (DAST) diff --git a/doc/ci/examples/container_scanning.md b/doc/ci/examples/container_scanning.md new file mode 100644 index 00000000000..3437b63748a --- /dev/null +++ b/doc/ci/examples/container_scanning.md @@ -0,0 +1,55 @@ +# Container Scanning with GitLab CI/CD + +You can check your Docker images (or more precisely the containers) for known +vulnerabilities by using [Clair](https://github.com/coreos/clair) and +[clair-scanner](https://github.com/arminc/clair-scanner), two open source tools +for Vulnerability Static Analysis for containers. + +All you need is a GitLab Runner with the Docker executor (the shared Runners on +GitLab.com will work fine). You can then add a new job to `.gitlab-ci.yml`, +called `sast:container`: + +```yaml +sast:container: + image: docker:latest + variables: + DOCKER_DRIVER: overlay2 + ## Define two new variables based on GitLab's CI/CD predefined variables + ## https://docs.gitlab.com/ee/ci/variables/#predefined-variables-environment-variables + CI_APPLICATION_REPOSITORY: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG + CI_APPLICATION_TAG: $CI_COMMIT_SHA + allow_failure: true + services: + - docker:dind + script: + - docker run -d --name db arminc/clair-db:latest + - docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1 + - apk add -U wget ca-certificates + - docker pull ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG} + - wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64 + - mv clair-scanner_linux_amd64 clair-scanner + - chmod +x clair-scanner + - touch clair-whitelist.yml + - ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log -w clair-whitelist.yml ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG} || true + artifacts: + paths: [gl-sast-container-report.json] +``` + +The above example will create a `sast:container` job in your CI/CD pipeline, pull +the image from the [Container Registry](../../user/project/container_registry.md) +(whose name is defined from the two `CI_APPLICATION_` variables) and scan it +for possible vulnerabilities. The report will be saved as an artifact that you +can later download and analyze. + +If you want to whitelist some specific vulnerabilities, you can do so by defining +them in a [YAML file](https://github.com/arminc/clair-scanner/blob/master/README.md#example-whitelist-yaml-file), +in our case its named `clair-whitelist.yml`. + +TIP: **Tip:** +Starting with [GitLab Ultimate][ee] 10.4, this information will +be automatically extracted and shown right in the merge request widget. To do +so, the CI/CD job must be named `sast:container` and the artifact path must be +`gl-sast-container-report.json`. +[Learn more on container scanning results shown in merge requests](https://docs.gitlab.com/ee/user/project/merge_requests/container_scanning.html). + +[ee]: https://about.gitlab.com/products/ diff --git a/doc/ci/examples/sast_docker.md b/doc/ci/examples/sast_docker.md index 57a9c4bcfc1..9f4a63e296d 100644 --- a/doc/ci/examples/sast_docker.md +++ b/doc/ci/examples/sast_docker.md @@ -1,55 +1 @@ -# Static Application Security Testing for Docker containers with GitLab CI/CD - -You can check your Docker images (or more precisely the containers) for known -vulnerabilities by using [Clair](https://github.com/coreos/clair) and -[clair-scanner](https://github.com/arminc/clair-scanner), two open source tools -for Vulnerability Static Analysis for containers. - -All you need is a GitLab Runner with the Docker executor (the shared Runners on -GitLab.com will work fine). You can then add a new job to `.gitlab-ci.yml`, -called `sast:container`: - -```yaml -sast:container: - image: docker:latest - variables: - DOCKER_DRIVER: overlay2 - ## Define two new variables based on GitLab's CI/CD predefined variables - ## https://docs.gitlab.com/ee/ci/variables/#predefined-variables-environment-variables - CI_APPLICATION_REPOSITORY: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG - CI_APPLICATION_TAG: $CI_COMMIT_SHA - allow_failure: true - services: - - docker:dind - script: - - docker run -d --name db arminc/clair-db:latest - - docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1 - - apk add -U wget ca-certificates - - docker pull ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG} - - wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64 - - mv clair-scanner_linux_amd64 clair-scanner - - chmod +x clair-scanner - - touch clair-whitelist.yml - - ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log -w clair-whitelist.yml ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG} || true - artifacts: - paths: [gl-sast-container-report.json] -``` - -The above example will create a `sast:container` job in your CI/CD pipeline, pull -the image from the [Container Registry](../../user/project/container_registry.md) -(whose name is defined from the two `CI_APPLICATION_` variables) and scan it -for possible vulnerabilities. The report will be saved as an artifact that you -can later download and analyze. - -If you want to whitelist some specific vulnerabilities, you can do so by defining -them in a [YAML file](https://github.com/arminc/clair-scanner/blob/master/README.md#example-whitelist-yaml-file), -in our case its named `clair-whitelist.yml`. - -TIP: **Tip:** -Starting with [GitLab Ultimate][ee] 10.4, this information will -be automatically extracted and shown right in the merge request widget. To do -so, the CI/CD job must be named `sast:container` and the artifact path must be -`gl-sast-container-report.json`. -[Learn more on application security testing results shown in merge requests](https://docs.gitlab.com/ee/user/project/merge_requests/sast_docker.html). - -[ee]: https://about.gitlab.com/products/ +This document was moved to [another location](./container_scanning.md).
\ No newline at end of file diff --git a/doc/development/new_fe_guide/index.md b/doc/development/new_fe_guide/index.md index 08c6a266e7f..78931defa24 100644 --- a/doc/development/new_fe_guide/index.md +++ b/doc/development/new_fe_guide/index.md @@ -19,7 +19,7 @@ Guidance on topics related to development. Learn about all the dependencies that make up our frontend, including some of our own custom built libraries. -## [Style](style/index.md) +## [Style guides](style/index.md) Style guides to keep our code consistent. diff --git a/doc/development/new_fe_guide/style/index.md b/doc/development/new_fe_guide/style/index.md index ebee57bebbf..335d9e66240 100644 --- a/doc/development/new_fe_guide/style/index.md +++ b/doc/development/new_fe_guide/style/index.md @@ -1,4 +1,4 @@ -# Style +# Style guides ## [HTML style guide](html.md) diff --git a/doc/topics/autodevops/index.md b/doc/topics/autodevops/index.md index ec091549c05..4dc3adc1441 100644 --- a/doc/topics/autodevops/index.md +++ b/doc/topics/autodevops/index.md @@ -20,7 +20,7 @@ project in an easy and automatic way: 1. [Auto Test](#auto-test) 1. [Auto Code Quality](#auto-code-quality) 1. [Auto SAST (Static Application Security Testing)](#auto-sast) -1. [Auto SAST for Docker images](#auto-sast-for-docker-images) +1. [Auto Container Scanning](#auto-container-scanning) 1. [Auto Review Apps](#auto-review-apps) 1. [Auto DAST (Dynamic Application Security Testing)](#auto-dast) 1. [Auto Deploy](#auto-deploy) @@ -217,7 +217,7 @@ check out. In GitLab Ultimate, any security warnings are also [shown in the merge request widget](https://docs.gitlab.com/ee/user/project/merge_requests/sast.html). -### Auto SAST for Docker images +### Auto Container Scanning > Introduced in GitLab 10.4. @@ -228,7 +228,7 @@ created, it's uploaded as an artifact which you can later download and check out. In GitLab Ultimate, any security warnings are also -[shown in the merge request widget](https://docs.gitlab.com/ee/user/project/merge_requests/sast_docker.html). +[shown in the merge request widget](https://docs.gitlab.com/ee/user/project/merge_requests/container_scanning.html). ### Auto Review Apps diff --git a/spec/helpers/import_helper_spec.rb b/spec/helpers/import_helper_spec.rb index 57d843c1be2..033155617c6 100644 --- a/spec/helpers/import_helper_spec.rb +++ b/spec/helpers/import_helper_spec.rb @@ -28,12 +28,10 @@ describe ImportHelper do describe '#provider_project_link' do context 'when provider is "github"' do let(:github_server_url) { nil } + let(:provider) { OpenStruct.new(name: 'github', url: github_server_url) } before do - setting = Settingslogic.new('name' => 'github') - setting['url'] = github_server_url if github_server_url - - allow(Gitlab.config.omniauth).to receive(:providers).and_return([setting]) + stub_omniauth_setting(providers: [provider]) end context 'when provider does not specify a custom URL' do |