diff options
| -rw-r--r-- | .prettierrc | 10 | ||||
| -rw-r--r-- | GITALY_SERVER_VERSION | 2 | ||||
| -rw-r--r-- | config/karma.config.js | 10 | ||||
| -rw-r--r-- | config/webpack.config.js | 6 | ||||
| -rw-r--r-- | doc/ci/triggers/README.md | 9 | ||||
| -rw-r--r-- | doc/ci/yaml/README.md | 15 | ||||
| -rw-r--r-- | doc/development/testing_guide/frontend_testing.md | 11 | ||||
| -rw-r--r-- | lib/gitlab/gitaly_client.rb | 16 | ||||
| -rw-r--r-- | package.json | 2 | ||||
| -rw-r--r-- | scripts/frontend/postinstall.js | 2 | ||||
| -rw-r--r-- | scripts/frontend/prettier.js | 4 | ||||
| -rw-r--r-- | spec/lib/gitlab/gitaly_client_spec.rb | 38 | ||||
| -rw-r--r-- | yarn.lock | 10 |
13 files changed, 94 insertions, 41 deletions
diff --git a/.prettierrc b/.prettierrc index 3384551aea5..5e2863a11f6 100644 --- a/.prettierrc +++ b/.prettierrc @@ -1,13 +1,5 @@ { "printWidth": 100, "singleQuote": true, - "trailingComma": "es5", - "overrides": [ - { - "files": ["**/app/**/*", "**/spec/**/*"], - "options": { - "trailingComma": "all" - } - } - ] + "trailingComma": "all" } diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION index 5ff8c4f5d2a..5db08bf2dc5 100644 --- a/GITALY_SERVER_VERSION +++ b/GITALY_SERVER_VERSION @@ -1 +1 @@ -1.26.0 +1.27.0 diff --git a/config/karma.config.js b/config/karma.config.js index 1012a713eb6..23eae40dceb 100644 --- a/config/karma.config.js +++ b/config/karma.config.js @@ -26,7 +26,7 @@ webpackConfig.devtool = 'cheap-inline-source-map'; webpackConfig.plugins.push( new webpack.DefinePlugin({ 'process.env.BABEL_ENV': JSON.stringify(process.env.BABEL_ENV || process.env.NODE_ENV || null), - }) + }), ); const specFilters = argumentsParser @@ -37,7 +37,7 @@ const specFilters = argumentsParser memo.push(filter, filter.replace(/\/?$/, '/**/*.js')); return memo; }, - [] + [], ) .parse(process.argv).filterSpec; @@ -51,7 +51,7 @@ if (specFilters.length) { root: ROOT_PATH, matchBase: true, }) - .filter(path => path.endsWith('spec.js')) + .filter(path => path.endsWith('spec.js')), ); // flatten @@ -78,8 +78,8 @@ if (specFilters.length) { new webpack.ContextReplacementPlugin( /spec[\\\/]javascripts$/, path.join(ROOT_PATH, 'spec/javascripts'), - newContext - ) + newContext, + ), ); } diff --git a/config/webpack.config.js b/config/webpack.config.js index 64e6ec49219..11970b620bc 100644 --- a/config/webpack.config.js +++ b/config/webpack.config.js @@ -251,7 +251,7 @@ module.exports = { } else { resource.request = path.join( ROOT_PATH, - 'app/assets/javascripts/vue_shared/components/empty_component.js' + 'app/assets/javascripts/vue_shared/components/empty_component.js', ); } }), @@ -267,7 +267,7 @@ module.exports = { const missingDeps = Array.from(compilation.missingDependencies); const nodeModulesPath = path.join(ROOT_PATH, 'node_modules'); const hasMissingNodeModules = missingDeps.some( - file => file.indexOf(nodeModulesPath) !== -1 + file => file.indexOf(nodeModulesPath) !== -1, ); // watch for changes to missing node_modules @@ -278,7 +278,7 @@ module.exports = { // report our auto-generated bundle count console.log( - `${autoEntriesCount} entries from '/pages' automatically added to webpack output.` + `${autoEntriesCount} entries from '/pages' automatically added to webpack output.`, ); callback(); diff --git a/doc/ci/triggers/README.md b/doc/ci/triggers/README.md index bceccf4d40d..398b017277f 100644 --- a/doc/ci/triggers/README.md +++ b/doc/ci/triggers/README.md @@ -17,6 +17,12 @@ The following methods of authentication are supported. A unique trigger token can be obtained when [adding a new trigger](#adding-a-new-trigger). +DANGER: **Danger:** +Passing plain text tokens in public projects is a security issue. Potential +attackers can impersonate the user that exposed their trigger token publicly in +their `.gitlab-ci.yml` file. Use [variables](../variables/README.md#variables) +to protect trigger tokens. + ## Adding a new trigger You can add a new trigger by going to your project's @@ -53,9 +59,6 @@ The action is irreversible. > > - Valid refs are only the branches and tags. If you pass a commit SHA as a ref, > it will not trigger a job. -> - If your project is public, passing the token in plain text is probably not the -> wisest idea, so you might want to use a -> [variable](../variables/README.md#variables) for that purpose. To trigger a job you need to send a `POST` request to GitLab's API endpoint: diff --git a/doc/ci/yaml/README.md b/doc/ci/yaml/README.md index f170323059a..a44f4b62a0e 100644 --- a/doc/ci/yaml/README.md +++ b/doc/ci/yaml/README.md @@ -367,10 +367,11 @@ job: - branches@gitlab-org/gitlab-ce except: - master@gitlab-org/gitlab-ce + - release/.*@gitlab-org/gitlab-ce ``` The above example will run `job` for all branches on `gitlab-org/gitlab-ce`, -except master. +except `master` and those with names prefixed with `release/`. If a job does not have an `only` rule, `only: ['branches', 'tags']` is set by default. If it doesn't have an `except` rule, it is empty. @@ -1756,7 +1757,7 @@ include: ``` All [nested includes](#nested-includes) will be executed in the scope of the target project, -so it is possible to used local (relative to target project), project, remote +so it is possible to use local (relative to target project), project, remote or template includes. #### `include:template` @@ -1792,9 +1793,17 @@ include: All nested includes will be executed without context as public user, so only another remote, or public project, or template is allowed. +NOTE: **Note:** +Changes to remote includes will not have effect on already created pipelines, +because the include is being evaluated at the time of pipeline creation. +This is when full definition of CI yaml is being expanded in order to create +pipeline with stages with jobs. You always retry job that is already created, +thus created after pipeline creation. To re-include all (thus re-evaluate the +configuration), you have to re-create pipeline. + #### Nested includes -> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/53903) in GitLab 11.7. +> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/56836) in GitLab 11.9. Nested includes allow you to compose a set of includes. A total of 50 includes is allowed. diff --git a/doc/development/testing_guide/frontend_testing.md b/doc/development/testing_guide/frontend_testing.md index feeba36b073..9bfb1e69f9e 100644 --- a/doc/development/testing_guide/frontend_testing.md +++ b/doc/development/testing_guide/frontend_testing.md @@ -35,15 +35,16 @@ If your test exceeds that time, it will fail. If you cannot improve the performance of the tests, you can increase the timeout for a specific test using -[`jest.setTimeout`](https://jestjs.io/docs/en/jest-object#jestsettimeouttimeout). +[`setTestTimeout`](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/spec/frontend/helpers/timeout.js). ```javascript -beforeAll(() => { - jest.setTimeout(500); -}); +import { setTestTimeout } from 'helpers/timeout'; describe('Component', () => { - // ... + it('does something amazing', () => { + setTestTimeout(500); + // ... + }); }); ``` diff --git a/lib/gitlab/gitaly_client.rb b/lib/gitlab/gitaly_client.rb index 48c113a8b14..0a371889af2 100644 --- a/lib/gitlab/gitaly_client.rb +++ b/lib/gitlab/gitaly_client.rb @@ -257,8 +257,7 @@ module Gitlab # This is this actual number of times this call was made. Used for information purposes only actual_call_count = increment_call_count("gitaly_#{call_site}_actual") - # Do no enforce limits in production - return if Rails.env.production? || ENV["GITALY_DISABLE_REQUEST_LIMITS"] + return unless enforce_gitaly_request_limits? # Check if this call is nested within a allow_n_plus_1_calls # block and skip check if it is @@ -275,6 +274,19 @@ module Gitlab raise TooManyInvocationsError.new(call_site, actual_call_count, max_call_count, max_stacks) end + def self.enforce_gitaly_request_limits? + # We typically don't want to enforce request limits in production + # However, we have some production-like test environments, i.e., ones + # where `Rails.env.production?` returns `true`. We do want to be able to + # check if the limit is being exceeded while testing in those environments + # In that case we can use a feature flag to indicate that we do want to + # enforce request limits. + return true if feature_enabled?('enforce_requests_limits') + + !(Rails.env.production? || ENV["GITALY_DISABLE_REQUEST_LIMITS"]) + end + private_class_method :enforce_gitaly_request_limits? + def self.allow_n_plus_1_calls return yield unless Gitlab::SafeRequestStore.active? diff --git a/package.json b/package.json index 7cdb11dca14..632a1b90289 100644 --- a/package.json +++ b/package.json @@ -169,7 +169,7 @@ "nodemon": "^1.18.9", "pixelmatch": "^4.0.2", "postcss": "^7.0.14", - "prettier": "1.16.1", + "prettier": "1.16.4", "stylelint": "^9.10.1", "stylelint-config-recommended": "^2.1.0", "stylelint-scss": "^3.5.3", diff --git a/scripts/frontend/postinstall.js b/scripts/frontend/postinstall.js index 682039a41b3..94977e459e3 100644 --- a/scripts/frontend/postinstall.js +++ b/scripts/frontend/postinstall.js @@ -13,7 +13,7 @@ if (process.platform === 'darwin') { ensure that it is supported by the fsevents library. You can try installing again with \`${chalk.cyan('yarn install --force')}\` - `) + `), ); process.exit(1); } diff --git a/scripts/frontend/prettier.js b/scripts/frontend/prettier.js index ffb09ea9779..bf0e98da139 100644 --- a/scripts/frontend/prettier.js +++ b/scripts/frontend/prettier.js @@ -32,7 +32,7 @@ let globDir = process.argv[3] || ''; if (globDir && globDir.charAt(globDir.length - 1) !== '/') globDir += '/'; console.log( - `Loading all ${allFiles ? '' : 'staged '}files ${globDir ? `within ${globDir} ` : ''}...` + `Loading all ${allFiles ? '' : 'staged '}files ${globDir ? `within ${globDir} ` : ''}...`, ); const globPatterns = matchExtensions.map(ext => `${globDir}**/*.${ext}`); @@ -105,7 +105,7 @@ Promise.all(matchedFiles.map(checkFileWithPrettierConfig)) .then(() => { const failAction = shouldSave ? 'fixed' : 'failed'; console.log( - `\nSummary:\n ${matchedCount} files processed (${passedCount} passed, ${failedCount} ${failAction}, ${ignoredCount} ignored)\n` + `\nSummary:\n ${matchedCount} files processed (${passedCount} passed, ${failedCount} ${failAction}, ${ignoredCount} ignored)\n`, ); if (didWarn) process.exit(1); diff --git a/spec/lib/gitlab/gitaly_client_spec.rb b/spec/lib/gitlab/gitaly_client_spec.rb index cf12baf1a93..f1acb1d9bc4 100644 --- a/spec/lib/gitlab/gitaly_client_spec.rb +++ b/spec/lib/gitlab/gitaly_client_spec.rb @@ -149,11 +149,21 @@ describe Gitlab::GitalyClient do end end - context 'when RequestStore is enabled', :request_store do + context 'when RequestStore is enabled and the maximum number of calls is not enforced by a feature flag', :request_store do + before do + stub_feature_flags(gitaly_enforce_requests_limits: false) + end + it 'allows up the maximum number of allowed calls' do expect { call_gitaly(Gitlab::GitalyClient::MAXIMUM_GITALY_CALLS) }.not_to raise_error end + it 'allows the maximum number of calls to be exceeded if GITALY_DISABLE_REQUEST_LIMITS is set' do + stub_env('GITALY_DISABLE_REQUEST_LIMITS', 'true') + + expect { call_gitaly(Gitlab::GitalyClient::MAXIMUM_GITALY_CALLS + 1) }.not_to raise_error + end + context 'when the maximum number of calls has been reached' do before do call_gitaly(Gitlab::GitalyClient::MAXIMUM_GITALY_CALLS) @@ -189,6 +199,32 @@ describe Gitlab::GitalyClient do end end + context 'in production and when RequestStore is enabled', :request_store do + before do + allow(Rails.env).to receive(:production?).and_return(true) + end + + context 'when the maximum number of calls is enforced by a feature flag' do + before do + stub_feature_flags(gitaly_enforce_requests_limits: true) + end + + it 'does not allow the maximum number of calls to be exceeded' do + expect { call_gitaly(Gitlab::GitalyClient::MAXIMUM_GITALY_CALLS + 1) }.to raise_error(Gitlab::GitalyClient::TooManyInvocationsError) + end + end + + context 'when the maximum number of calls is not enforced by a feature flag' do + before do + stub_feature_flags(gitaly_enforce_requests_limits: false) + end + + it 'allows the maximum number of calls to be exceeded' do + expect { call_gitaly(Gitlab::GitalyClient::MAXIMUM_GITALY_CALLS + 1) }.not_to raise_error + end + end + end + context 'when RequestStore is not active' do it 'does not raise errors when the maximum number of allowed calls is exceeded' do expect { call_gitaly(Gitlab::GitalyClient::MAXIMUM_GITALY_CALLS + 2) }.not_to raise_error diff --git a/yarn.lock b/yarn.lock index 1ac6b322469..3cb0fea64fc 100644 --- a/yarn.lock +++ b/yarn.lock @@ -8086,16 +8086,16 @@ prepend-http@^2.0.0: resolved "https://registry.yarnpkg.com/prepend-http/-/prepend-http-2.0.0.tgz#e92434bfa5ea8c19f41cdfd401d741a3c819d897" integrity sha1-6SQ0v6XqjBn0HN/UAddBo8gZ2Jc= -prettier@1.16.1: - version "1.16.1" - resolved "https://registry.yarnpkg.com/prettier/-/prettier-1.16.1.tgz#534c2c9d7853f8845e5e078384e71973bd74089f" - integrity sha512-XXUITwIkGb3CPJ2hforHah/zTINRyie5006Jd2HKy2qz7snEJXl0KLfsJZW/wst9g6R2rFvqba3VpNYdu1hDcA== - prettier@1.16.3: version "1.16.3" resolved "https://registry.yarnpkg.com/prettier/-/prettier-1.16.3.tgz#8c62168453badef702f34b45b6ee899574a6a65d" integrity sha512-kn/GU6SMRYPxUakNXhpP0EedT/KmaPzr0H5lIsDogrykbaxOpOfAFfk5XA7DZrJyMAv1wlMV3CPcZruGXVVUZw== +prettier@1.16.4: + version "1.16.4" + resolved "https://registry.yarnpkg.com/prettier/-/prettier-1.16.4.tgz#73e37e73e018ad2db9c76742e2647e21790c9717" + integrity sha512-ZzWuos7TI5CKUeQAtFd6Zhm2s6EpAD/ZLApIhsF9pRvRtM1RFo61dM/4MSRUA0SuLugA/zgrZD8m0BaY46Og7g== + pretty-format@^24.0.0: version "24.0.0" resolved "https://registry.yarnpkg.com/pretty-format/-/pretty-format-24.0.0.tgz#cb6599fd73ac088e37ed682f61291e4678f48591" |