diff options
44 files changed, 469 insertions, 390 deletions
diff --git a/.gitignore b/.gitignore index 627c806787b..cb718a6939f 100644 --- a/.gitignore +++ b/.gitignore @@ -79,3 +79,4 @@ package-lock.json /junit_*.xml /coverage-frontend/ jsdoc/ +**/tmp/rubocop_cache/**
\ No newline at end of file diff --git a/app/assets/javascripts/batch_comments/mixins/resolved_status.js b/app/assets/javascripts/batch_comments/mixins/resolved_status.js index 96ee9f62ba4..3bbbaa86b51 100644 --- a/app/assets/javascripts/batch_comments/mixins/resolved_status.js +++ b/app/assets/javascripts/batch_comments/mixins/resolved_status.js @@ -1,10 +1,12 @@ +import { sprintf, __ } from '~/locale'; + export default { computed: { resolveButtonTitle() { - let title = 'Mark comment as resolved'; + let title = __('Mark comment as resolved'); if (this.resolvedBy) { - title = `Resolved by ${this.resolvedBy.name}`; + title = sprintf(__('Resolved by %{name}'), { name: this.resolvedBy.name }); } return title; diff --git a/app/assets/javascripts/lib/utils/datetime_utility.js b/app/assets/javascripts/lib/utils/datetime_utility.js index 4d6327840db..624878cb5d7 100644 --- a/app/assets/javascripts/lib/utils/datetime_utility.js +++ b/app/assets/javascripts/lib/utils/datetime_utility.js @@ -3,7 +3,7 @@ import _ from 'underscore'; import timeago from 'timeago.js'; import dateFormat from 'dateformat'; import { pluralize } from './text_utility'; -import { languageCode, s__ } from '../../locale'; +import { languageCode, s__, __ } from '../../locale'; window.timeago = timeago; @@ -63,7 +63,15 @@ export const pad = (val, len = 2) => `0${val}`.slice(-len); * @returns {String} */ export const getDayName = date => - ['Sunday', 'Monday', 'Tuesday', 'Wednesday', 'Thursday', 'Friday', 'Saturday'][date.getDay()]; + [ + __('Sunday'), + __('Monday'), + __('Tuesday'), + __('Wednesday'), + __('Thursday'), + __('Friday'), + __('Saturday'), + ][date.getDay()]; /** * @example @@ -320,13 +328,13 @@ export const getSundays = date => { } const daysToSunday = [ - 'Saturday', - 'Friday', - 'Thursday', - 'Wednesday', - 'Tuesday', - 'Monday', - 'Sunday', + __('Saturday'), + __('Friday'), + __('Thursday'), + __('Wednesday'), + __('Tuesday'), + __('Monday'), + __('Sunday'), ]; const month = date.getMonth(); @@ -336,7 +344,7 @@ export const getSundays = date => { while (dateOfMonth.getMonth() === month) { const dayName = getDayName(dateOfMonth); - if (dayName === 'Sunday') { + if (dayName === __('Sunday')) { sundays.push(new Date(dateOfMonth.getTime())); } diff --git a/app/assets/javascripts/lib/utils/number_utils.js b/app/assets/javascripts/lib/utils/number_utils.js index 19c4de6083d..9ddfb4bca11 100644 --- a/app/assets/javascripts/lib/utils/number_utils.js +++ b/app/assets/javascripts/lib/utils/number_utils.js @@ -1,4 +1,5 @@ import { BYTES_IN_KIB } from './constants'; +import { sprintf, __ } from '~/locale'; /** * Function that allows a number with an X amount of decimals @@ -72,13 +73,13 @@ export function bytesToGiB(number) { */ export function numberToHumanSize(size) { if (size < BYTES_IN_KIB) { - return `${size} bytes`; + return sprintf(__('%{size} bytes'), { size }); } else if (size < BYTES_IN_KIB * BYTES_IN_KIB) { - return `${bytesToKiB(size).toFixed(2)} KiB`; + return sprintf(__('%{size} KiB'), { size: bytesToKiB(size).toFixed(2) }); } else if (size < BYTES_IN_KIB * BYTES_IN_KIB * BYTES_IN_KIB) { - return `${bytesToMiB(size).toFixed(2)} MiB`; + return sprintf(__('%{size} MiB'), { size: bytesToMiB(size).toFixed(2) }); } - return `${bytesToGiB(size).toFixed(2)} GiB`; + return sprintf(__('%{size} GiB'), { size: bytesToGiB(size).toFixed(2) }); } /** diff --git a/app/assets/stylesheets/framework/avatar.scss b/app/assets/stylesheets/components/avatar.scss index 37a729c7a63..4ab197b935b 100644 --- a/app/assets/stylesheets/framework/avatar.scss +++ b/app/assets/stylesheets/components/avatar.scss @@ -1,33 +1,28 @@ -@mixin avatar-size($size, $margin-right) { - width: $size; - height: $size; - margin-right: $margin-right; -} - .avatar-circle { float: left; margin-right: 15px; border-radius: $avatar-radius; border: 1px solid $gray-normal; - &.s16 { @include avatar-size(16px, 6px); } - &.s18 { @include avatar-size(18px, 6px); } - &.s19 { @include avatar-size(19px, 6px); } - &.s20 { @include avatar-size(20px, 7px); } + &.s16 { @include avatar-size(16px, 8px); } + &.s18 { @include avatar-size(18px, 8px); } + &.s19 { @include avatar-size(19px, 8px); } + &.s20 { @include avatar-size(20px, 8px); } &.s24 { @include avatar-size(24px, 8px); } &.s26 { @include avatar-size(26px, 8px); } - &.s32 { @include avatar-size(32px, 10px); } - &.s36 { @include avatar-size(36px, 10px); } - &.s40 { @include avatar-size(40px, 10px); } - &.s46 { @include avatar-size(46px, 15px); } - &.s48 { @include avatar-size(48px, 10px); } - &.s60 { @include avatar-size(60px, 12px); } - &.s64 { @include avatar-size(64px, 14px); } - &.s70 { @include avatar-size(70px, 14px); } - &.s90 { @include avatar-size(90px, 15px); } - &.s100 { @include avatar-size(100px, 15px); } - &.s110 { @include avatar-size(110px, 15px); } - &.s140 { @include avatar-size(140px, 15px); } - &.s160 { @include avatar-size(160px, 20px); } + &.s32 { @include avatar-size(32px, 8px); } + &.s36 { @include avatar-size(36px, 16px); } + &.s40 { @include avatar-size(40px, 16px); } + &.s46 { @include avatar-size(46px, 16px); } + &.s48 { @include avatar-size(48px, 16px); } + &.s60 { @include avatar-size(60px, 16px); } + &.s64 { @include avatar-size(64px, 16px); } + &.s70 { @include avatar-size(70px, 16px); } + &.s90 { @include avatar-size(90px, 16px); } + &.s96 { @include avatar-size(96px, 16px); } + &.s100 { @include avatar-size(100px, 16px); } + &.s110 { @include avatar-size(110px, 16px); } + &.s140 { @include avatar-size(140px, 16px); } + &.s160 { @include avatar-size(160px, 16px); } } .avatar { @@ -39,6 +34,7 @@ padding: 0; background: $gray-lightest; overflow: hidden; + border-color: rgba($black, $gl-avatar-border-opacity); &.avatar-inline { float: none; @@ -64,41 +60,37 @@ &.avatar-placeholder { border: 0; } - - &:not([href]):hover { - border-color: darken($gray-normal, 10%); - } } .identicon { text-align: center; vertical-align: top; - color: $gl-gray-700; + color: $gray-800; background-color: $gray-darker; // Sizes - &.s16 { font-size: 12px; - line-height: 1.33; } + &.s16 { font-size: 10px; + line-height: 16px; } - &.s24 { font-size: 13px; - line-height: 1.8; } + &.s24 { font-size: 12px; + line-height: 24px; } &.s26 { font-size: 20px; line-height: 1.33; } - &.s32 { font-size: 20px; - line-height: 30px; } + &.s32 { font-size: 14px; + line-height: 32px; } &.s40 { font-size: 16px; line-height: 38px; } &.s48 { font-size: 20px; - line-height: 46px; } + line-height: 48px; } &.s60 { font-size: 32px; line-height: 58px; } - &.s64 { font-size: 32px; + &.s64 { font-size: 28px; line-height: 64px; } &.s70 { font-size: 34px; @@ -107,6 +99,9 @@ &.s90 { font-size: 36px; line-height: 88px; } + &.s96 { font-size: 48px; + line-height: 96px; } + &.s100 { font-size: 36px; line-height: 98px; } @@ -144,7 +139,6 @@ .avatar { border-radius: 0; - border: 0; height: auto; width: 100%; margin: 0; diff --git a/app/assets/stylesheets/framework.scss b/app/assets/stylesheets/framework.scss index ab9047c54e4..9b0d19b0ef0 100644 --- a/app/assets/stylesheets/framework.scss +++ b/app/assets/stylesheets/framework.scss @@ -8,7 +8,6 @@ @import 'framework/animations'; @import 'framework/vue_transitions'; -@import 'framework/avatar'; @import 'framework/asciidoctor'; @import 'framework/banner'; @import 'framework/blocks'; diff --git a/app/assets/stylesheets/framework/mixins.scss b/app/assets/stylesheets/framework/mixins.scss index 97de0c98325..18671f7c4d8 100644 --- a/app/assets/stylesheets/framework/mixins.scss +++ b/app/assets/stylesheets/framework/mixins.scss @@ -376,3 +376,12 @@ } } } + +/* +* Mixin that handles the size and right margin of avatars. +*/ +@mixin avatar-size($size, $margin-right) { + width: $size; + height: $size; + margin-right: $margin-right; +} diff --git a/app/assets/stylesheets/framework/variables.scss b/app/assets/stylesheets/framework/variables.scss index 1cf122102cc..28768bdf88f 100644 --- a/app/assets/stylesheets/framework/variables.scss +++ b/app/assets/stylesheets/framework/variables.scss @@ -589,6 +589,7 @@ $issue-board-list-difference-md: $issue-board-list-difference-sm + $issue-boards */ $avatar-radius: 50%; $gl-avatar-size: 40px; +$gl-avatar-border-opacity: 0.1; /* * Blame diff --git a/app/assets/stylesheets/pages/detail_page.scss b/app/assets/stylesheets/pages/detail_page.scss index cb5f1a84005..c386493231c 100644 --- a/app/assets/stylesheets/pages/detail_page.scss +++ b/app/assets/stylesheets/pages/detail_page.scss @@ -21,7 +21,6 @@ .detail-page-header-body { position: relative; - line-height: 35px; display: flex; flex: 1 1; min-width: 0; diff --git a/app/assets/stylesheets/pages/login.scss b/app/assets/stylesheets/pages/login.scss index 22a515cbdaa..fd082cbe0cd 100644 --- a/app/assets/stylesheets/pages/login.scss +++ b/app/assets/stylesheets/pages/login.scss @@ -21,13 +21,6 @@ color: $login-brand-holder-color; } - h1:first-child { - font-weight: $gl-font-weight-normal; - margin-bottom: 0.68em; - margin-top: 0; - font-size: 34px; - } - h3 { font-size: 22px; } diff --git a/app/models/clusters/cluster.rb b/app/models/clusters/cluster.rb index f7ea7accab2..3c6e185f9e2 100644 --- a/app/models/clusters/cluster.rb +++ b/app/models/clusters/cluster.rb @@ -204,7 +204,7 @@ module Clusters end def kube_ingress_domain - @kube_ingress_domain ||= domain.presence || instance_domain || legacy_auto_devops_domain + @kube_ingress_domain ||= domain.presence || instance_domain end def predefined_variables @@ -221,24 +221,6 @@ module Clusters @instance_domain ||= Gitlab::CurrentSettings.auto_devops_domain end - # To keep backward compatibility with AUTO_DEVOPS_DOMAIN - # environment variable, we need to ensure KUBE_INGRESS_BASE_DOMAIN - # is set if AUTO_DEVOPS_DOMAIN is set on any of the following options: - # ProjectAutoDevops#Domain, project variables or group variables, - # as the AUTO_DEVOPS_DOMAIN is needed for CI_ENVIRONMENT_URL - # - # This method should is scheduled to be removed on - # https://gitlab.com/gitlab-org/gitlab-ce/issues/56959 - def legacy_auto_devops_domain - if project_type? - project&.auto_devops&.domain.presence || - project.variables.find_by(key: 'AUTO_DEVOPS_DOMAIN')&.value.presence || - project.group&.variables&.find_by(key: 'AUTO_DEVOPS_DOMAIN')&.value.presence - elsif group_type? - group.variables.find_by(key: 'AUTO_DEVOPS_DOMAIN')&.value.presence - end - end - def restrict_modification if provider&.on_creation? errors.add(:base, "cannot modify during creation") diff --git a/app/models/project_auto_devops.rb b/app/models/project_auto_devops.rb index f972c40f317..90bcb3067f6 100644 --- a/app/models/project_auto_devops.rb +++ b/app/models/project_auto_devops.rb @@ -16,27 +16,8 @@ class ProjectAutoDevops < ApplicationRecord after_save :create_gitlab_deploy_token, if: :needs_to_create_deploy_token? - def instance_domain - Gitlab::CurrentSettings.auto_devops_domain - end - - def has_domain? - domain.present? || instance_domain.present? - end - - # From 11.8, AUTO_DEVOPS_DOMAIN has been replaced by KUBE_INGRESS_BASE_DOMAIN. - # See Clusters::Cluster#predefined_variables and https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/24580 - # for more info. - # - # Suppport AUTO_DEVOPS_DOMAIN is scheduled to be removed on - # https://gitlab.com/gitlab-org/gitlab-ce/issues/52363 def predefined_variables Gitlab::Ci::Variables::Collection.new.tap do |variables| - if has_domain? - variables.append(key: 'AUTO_DEVOPS_DOMAIN', - value: domain.presence || instance_domain) - end - variables.concat(deployment_strategy_default_variables) end end diff --git a/app/views/layouts/devise.html.haml b/app/views/layouts/devise.html.haml index f7a561afbb3..ff3410f6268 100644 --- a/app/views/layouts/devise.html.haml +++ b/app/views/layouts/devise.html.haml @@ -10,15 +10,17 @@ .container.navless-container .content = render "layouts/flash" - .row.append-bottom-15 - .col-sm-7.brand-holder - %h1 + .row.mt-3 + .col-sm-12 + %h1.mb-3.font-weight-normal = brand_title + .row.mb-3 + .col-sm-7.order-12.order-sm-1.brand-holder = brand_image - if current_appearance&.description? = brand_text - else - %h3 + %h3.mt-sm-0 = _('Open source software to collaborate on code') %p @@ -29,7 +31,7 @@ = render_if_exists 'layouts/devise_help_text' - .col-sm-5.new-session-forms-container + .col-sm-5.order-1.order-sm-12.new-session-forms-container = yield %hr.footer-fixed diff --git a/changelogs/unreleased/56959-remove-auto-devops-domain-ci-variable.yml b/changelogs/unreleased/56959-remove-auto-devops-domain-ci-variable.yml new file mode 100644 index 00000000000..c1c1708f935 --- /dev/null +++ b/changelogs/unreleased/56959-remove-auto-devops-domain-ci-variable.yml @@ -0,0 +1,5 @@ +--- +title: Removes support for AUTO_DEVOPS_DOMAIN +merge_request: 28460 +author: +type: removed diff --git a/changelogs/unreleased/59987-move-sign-in-2fa-on-users-sign_in-above-intro-content-on-mobile.yml b/changelogs/unreleased/59987-move-sign-in-2fa-on-users-sign_in-above-intro-content-on-mobile.yml new file mode 100644 index 00000000000..7863f1f7bbe --- /dev/null +++ b/changelogs/unreleased/59987-move-sign-in-2fa-on-users-sign_in-above-intro-content-on-mobile.yml @@ -0,0 +1,5 @@ +--- +title: Prioritize login form on mobile breakpoint +merge_request: 28360 +author: +type: changed diff --git a/changelogs/unreleased/62107-fix-detail-page-header-height.yml b/changelogs/unreleased/62107-fix-detail-page-header-height.yml new file mode 100644 index 00000000000..3723f323bcc --- /dev/null +++ b/changelogs/unreleased/62107-fix-detail-page-header-height.yml @@ -0,0 +1,5 @@ +--- +title: Fix the height of the page headers on issues/merge request/snippets pages +merge_request: 28650 +author: Erik van der Gaag +type: fixed diff --git a/changelogs/unreleased/patch-64.yml b/changelogs/unreleased/patch-64.yml new file mode 100644 index 00000000000..1bf022e7e41 --- /dev/null +++ b/changelogs/unreleased/patch-64.yml @@ -0,0 +1,5 @@ +--- +title: Update SAST.gitlab-ci.yml - Add SAST_GITLEAKS_ENTROPY_LEVEL +merge_request: 28607 +author: +type: fixed diff --git a/changelogs/unreleased/sh-fix-omniauth-generic-strategy.yml b/changelogs/unreleased/sh-fix-omniauth-generic-strategy.yml new file mode 100644 index 00000000000..561c19c9685 --- /dev/null +++ b/changelogs/unreleased/sh-fix-omniauth-generic-strategy.yml @@ -0,0 +1,5 @@ +--- +title: Fix OmniAuth OAuth2Generic strategy not loading +merge_request: 28680 +author: +type: fixed diff --git a/config/database.yml.example b/config/database.yml.example new file mode 100644 index 00000000000..e69de29bb2d --- /dev/null +++ b/config/database.yml.example diff --git a/config/initializers/rack_attack_logging.rb b/config/initializers/rack_attack_logging.rb index 8bb9ea29c33..2a3fdc8de5f 100644 --- a/config/initializers/rack_attack_logging.rb +++ b/config/initializers/rack_attack_logging.rb @@ -1,7 +1,15 @@ +# frozen_string_literal: true +# # Adds logging for all Rack Attack blocks and throttling events. ActiveSupport::Notifications.subscribe('rack.attack') do |name, start, finish, request_id, req| if [:throttle, :blacklist].include? req.env['rack.attack.match_type'] - Rails.logger.info("Rack_Attack: #{req.env['rack.attack.match_type']} #{req.ip} #{req.request_method} #{req.fullpath}") + Gitlab::AuthLogger.error( + message: 'Rack_Attack', + env: req.env['rack.attack.match_type'], + ip: req.ip, + request_method: req.request_method, + fullpath: req.fullpath + ) end end diff --git a/config/karma.config.js b/config/karma.config.js index b2fc3a32816..2a5bf3581e0 100644 --- a/config/karma.config.js +++ b/config/karma.config.js @@ -9,11 +9,22 @@ const IS_EE = require('./helpers/is_ee_env'); const ROOT_PATH = path.resolve(__dirname, '..'); const SPECS_PATH = /^(?:\.[\\\/])?(ee[\\\/])?spec[\\\/]javascripts[\\\/]/; -function fatalError(message) { +function exitError(message) { console.error(chalk.red(`\nError: ${message}\n`)); process.exit(1); } +function exitWarn(message) { + console.error(chalk.yellow(`\nWarn: ${message}\n`)); + process.exit(0); +} + +function exit(message, isError = true) { + const fn = isError ? exitError : exitWarn; + + fn(message); +} + // disable problematic options webpackConfig.entry = undefined; webpackConfig.mode = 'development'; @@ -31,7 +42,8 @@ webpackConfig.plugins.push( }), ); -const specFilters = argumentsParser +const options = argumentsParser + .option('--no-fail-on-empty-test-suite') .option( '-f, --filter-spec [filter]', 'Filter run spec files by path. Multiple filters are like a logical OR.', @@ -41,7 +53,9 @@ const specFilters = argumentsParser }, [], ) - .parse(process.argv).filterSpec; + .parse(process.argv); + +const specFilters = options.filterSpec; const createContext = (specFiles, regex, suffix) => { const newContext = specFiles.reduce((context, file) => { @@ -73,11 +87,13 @@ if (specFilters.length) { filteredSpecFiles = [...new Set(filteredSpecFiles)]; if (filteredSpecFiles.length < 1) { - fatalError('Your filter did not match any test files.'); + const isError = options.failOnEmptyTestSuite; + + exit('Your filter did not match any test files.', isError); } if (!filteredSpecFiles.every(file => SPECS_PATH.test(file))) { - fatalError('Test files must be located within /spec/javascripts.'); + exitError('Test files must be located within /spec/javascripts.'); } const CE_FILES = filteredSpecFiles.filter(file => !file.startsWith('ee')); diff --git a/doc/administration/logs.md b/doc/administration/logs.md index 3d40cda491a..a7e57e44e86 100644 --- a/doc/administration/logs.md +++ b/doc/administration/logs.md @@ -280,6 +280,14 @@ installations from source. Currently it logs the progress of project imports from the Bitbucket Server importer. Future importers may use this file. +##Â `auth.log` + +Introduced in GitLab 12.0. This file lives in `/var/log/gitlab/gitlab-rails/auth.log` for +Omnibus GitLab packages or in `/home/git/gitlab/log/auth.log` for +installations from source. + +It logs information whenever [Rack Attack] registers an abusive request. + ## Reconfigure Logs Reconfigure log files live in `/var/log/gitlab/reconfigure` for Omnibus GitLab @@ -298,3 +306,4 @@ Omnibus GitLab packages or in `/home/git/gitlab/log/sidekiq_exporter.log` for installations from source. [repocheck]: repository_checks.md +[Rack Attack]: ../security/rack_attack.md diff --git a/doc/api/epic_links.md b/doc/api/epic_links.md index 619ae6ea2dc..d6e43ae7074 100644 --- a/doc/api/epic_links.md +++ b/doc/api/epic_links.md @@ -125,7 +125,7 @@ POST /groups/:id/epics/:epic_iid/epics | --------------- | -------------- | -------- | ------------------------------------------------------------------------------------------------------------------ | | `id` | integer/string | yes | The ID or [URL-encoded path of the group](README.md#namespaced-path-encoding) owned by the authenticated user | | `epic_iid` | integer | yes | The internal ID of the (future parent) epic. | -| `title` | integer | yes | The global ID of the child epic. Internal ID can't be used because they can conflict with epics from other groups. | +| `title` | string | yes | The title of a newly created epic. | ```bash curl --header POST "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/1/epics/5/epics?title=Newpic @@ -141,6 +141,7 @@ Example response: "group_id": 49, "parent_id": 23, "has_children": false, + "has_issues": false, "reference": "&2", "url": "http://localhost/groups/group16/-/epics/2", "relation_url": "http://localhost/groups/group16/-/epics/1/links/24" diff --git a/doc/ci/yaml/README.md b/doc/ci/yaml/README.md index 31ff56e06f8..8667eacd3d5 100644 --- a/doc/ci/yaml/README.md +++ b/doc/ci/yaml/README.md @@ -1986,7 +1986,7 @@ production: - deploy environment: name: production - url: https://$CI_PROJECT_PATH_SLUG.$AUTO_DEVOPS_DOMAIN + url: https://$CI_PROJECT_PATH_SLUG.$KUBE_INGRESS_BASE_DOMAIN only: - master ``` diff --git a/doc/development/fe_guide/style_guide_scss.md b/doc/development/fe_guide/style_guide_scss.md index 36880dd746d..b25dce65ffe 100644 --- a/doc/development/fe_guide/style_guide_scss.md +++ b/doc/development/fe_guide/style_guide_scss.md @@ -9,20 +9,44 @@ easy to maintain, and performant for the end-user. As part of the effort for [cleaning up our CSS and moving our components into GitLab-UI](https://gitlab.com/groups/gitlab-org/-/epics/950) led by the [GitLab UI WG](https://gitlab.com/gitlab-com/www-gitlab-com/merge_requests/20623) we prefer the use of utility classes over adding new CSS. However, complex CSS can be addressed by adding component classes. -We have a few internal utility classes in [`common.scss`](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/app/assets/stylesheets/framework/common.scss) -and we use [Bootstrap's Utility Classes](https://getbootstrap.com/docs/4.3/utilities/) +#### Where are utility classes defined? + +- [Bootstrap's Utility Classes](https://getbootstrap.com/docs/4.3/utilities/) +- [`common.scss`](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/app/assets/stylesheets/framework/common.scss) (old) +- [`utilities.scss`](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/app/assets/stylesheets/utilities.scss) (new) + +#### Where should I put new utility classes? New utility classes should be added to [`utilities.scss`](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/app/assets/stylesheets/utilities.scss). Existing classes include: -**Background color**: `.bg-variant-shade` e.g. `.bg-warning-400` -**Text color**: `.text-variant-shade` e.g. `.text-success-500` +| Name | Pattern | Example | +|------|---------|---------| +| Background color | `.bg-{variant}-{shade}` | `.bg-warning-400` | +| Text color | `.text-{variant}-{shade}` | `.text-success-500` | +| Font size | `.text-{size}` | `.text-2` | + +- `{variant}` is one of 'primary', 'secondary', 'success', 'warning', 'error' +- `{shade}` is on of the shades listed on [colors](https://design.gitlab.com/foundations/colors/) +- `{size}` is a number from 1-6 from our [Type scale](https://design.gitlab.com/foundations/typography) + +#### When should I create component classes? + +We recommend a "utility-first" approach. + +1. Start with utility classes. +2. If composing utility classes into a component class removes code duplication and encapsulates a clear responsibility, do it. + +This encourages an organic growth of component classes and prevents the creation of one-off unreusable classes. Also, the kind of classes that emerge from "utility-first" tend to be design-centered (e.g. `.button`, `.alert`, `.card`) rather than domain-centered (e.g. `.security-report-widget`, `.commit-header-icon`). + +Examples of component classes that were created using "utility-first" include: -- variant is one of 'primary', 'secondary', 'success', 'warning', 'error' -- shade is on of the shades listed on [colors](https://design.gitlab.com/foundations/colors/) +- [`.circle-icon-container`](https://gitlab.com/gitlab-org/gitlab-ce/blob/579fa8b8ec7eb38d40c96521f517c9dab8c3b97a/app/assets/stylesheets/framework/icons.scss#L85) +- [`.d-flex-center`](https://gitlab.com/gitlab-org/gitlab-ce/blob/900083d89cd6af391d26ab7922b3f64fa2839bef/app/assets/stylesheets/framework/common.scss#L425) -**Font size**: `.text-size` e.g. `.text-2` +Inspiration: -- **size** is number from 1-6 from our [Type scale](https://design.gitlab.com/foundations/typography) +- https://tailwindcss.com/docs/utility-first +- https://tailwindcss.com/docs/extracting-components ### Naming diff --git a/doc/security/rack_attack.md b/doc/security/rack_attack.md index ad83dc05a93..66081d7e376 100644 --- a/doc/security/rack_attack.md +++ b/doc/security/rack_attack.md @@ -94,7 +94,7 @@ In case you want to remove a blocked IP, follow these steps: 1. Find the IPs that have been blocked in the production log: ```sh - grep "Rack_Attack" /var/log/gitlab/gitlab-rails/production.log + grep "Rack_Attack" /var/log/gitlab/gitlab-rails/auth.log ``` 1. Since the blacklist is stored in Redis, you need to open up `redis-cli`: diff --git a/doc/topics/autodevops/index.md b/doc/topics/autodevops/index.md index 5a8744d71f9..4ceccaabf86 100644 --- a/doc/topics/autodevops/index.md +++ b/doc/topics/autodevops/index.md @@ -126,10 +126,6 @@ Auto Deploy, and Auto Monitoring will be silently skipped. ## Auto DevOps base domain -NOTE: **Note** -`AUTO_DEVOPS_DOMAIN` environment variable is deprecated and -[is scheduled to be removed](https://gitlab.com/gitlab-org/gitlab-ce/issues/56959). - The Auto DevOps base domain is required if you want to make use of [Auto Review Apps](#auto-review-apps) and [Auto Deploy](#auto-deploy). It can be defined in any of the following places: @@ -162,6 +158,12 @@ Auto DevOps base domain to `1.2.3.4.nip.io`. Once set up, all requests will hit the load balancer, which in turn will route them to the Kubernetes pods that run your application(s). +NOTE: **Note:** +From GitLab 11.8, `KUBE_INGRESS_BASE_DOMAIN` replaces `AUTO_DEVOPS_DOMAIN`. +Support for `AUTO_DEVOPS_DOMAIN` was [removed in GitLab +12.0](https://gitlab.com/gitlab-org/gitlab-ce/issues/56959). + + ## Using multiple Kubernetes clusters **[PREMIUM]** When using Auto DevOps, you may want to deploy different environments to @@ -209,10 +211,6 @@ and verifying that your app is deployed as a review app in the Kubernetes cluster with the `review/*` environment scope. Similarly, you can check the other environments. -NOTE: **Note:** -From GitLab 11.8, `KUBE_INGRESS_BASE_DOMAIN` replaces `AUTO_DEVOPS_DOMAIN`. -`AUTO_DEVOPS_DOMAIN` [is scheduled to be removed](https://gitlab.com/gitlab-org/gitlab-ce/issues/56959). - ## Enabling/Disabling Auto DevOps When first using Auto Devops, review the [requirements](#requirements) to ensure all necessary components to make @@ -734,7 +732,6 @@ also be customized, and you can easily use a [custom buildpack](#custom-buildpac | **Variable** | **Description** | | ------------ | --------------- | -| `AUTO_DEVOPS_DOMAIN` | The [Auto DevOps domain](#auto-devops-base-domain). By default, set automatically by the [Auto DevOps setting](#enablingdisabling-auto-devops). This variable is deprecated and [is scheduled to be removed](https://gitlab.com/gitlab-org/gitlab-ce/issues/56959). Use `KUBE_INGRESS_BASE_DOMAIN` instead. | | `AUTO_DEVOPS_CHART` | The Helm Chart used to deploy your apps; defaults to the one [provided by GitLab](https://gitlab.com/gitlab-org/charts/auto-deploy-app). | | `AUTO_DEVOPS_CHART_REPOSITORY` | The Helm Chart repository used to search for charts; defaults to `https://charts.gitlab.io`. | | `AUTO_DEVOPS_CHART_REPOSITORY_NAME` | From Gitlab 11.11, this variable can be used to set the name of the helm repository; defaults to "gitlab" | diff --git a/doc/user/admin_area/geo_nodes.md b/doc/user/admin_area/geo_nodes.md index 776ab139c64..fb0f9a3285d 100644 --- a/doc/user/admin_area/geo_nodes.md +++ b/doc/user/admin_area/geo_nodes.md @@ -1,9 +1,13 @@ +--- +type: howto +--- + # Geo nodes admin area **[PREMIUM ONLY]** -For more information about setting up GitLab Geo, read the -[Geo documentation](https://docs.gitlab.com/ee/administration/geo/replication/index.html). +You can configure various settings for GitLab Geo nodes. For more information, see +[Geo documentation](https://docs.gitlab.com/ee/administration/geo/replication/index.md). -When you're done, you can navigate to **Admin area > Geo** (`/admin/geo/nodes`). +On the primary node, go to **Admin area > Geo**. On secondary nodes, go to **Admin area > Geo > Nodes**. ## Common settings @@ -68,3 +72,15 @@ a unique `name` is set for each Geo node. The `gitlab.rb` setting The load balancer must use sticky sessions in order to avoid authentication failures and cross site request errors. + +<!-- ## Troubleshooting + +Include any troubleshooting steps that you can foresee. If you know beforehand what issues +one might have when setting this up, or when something is changed, or on upgrading, it's +important to describe those, too. Think of things that may go wrong and include them here. +This is important to minimize requests for support, and to avoid doc comments with +questions that you know someone might ask. + +Each scenario can be a third-level heading, e.g. `### Getting error message X`. +If you have none to add when creating a doc, leave this section in place +but commented out to help encourage others to add to it in the future. -->
\ No newline at end of file diff --git a/doc/user/project/clusters/index.md b/doc/user/project/clusters/index.md index 3bc3beb2055..bc4d732a405 100644 --- a/doc/user/project/clusters/index.md +++ b/doc/user/project/clusters/index.md @@ -71,7 +71,7 @@ new Kubernetes cluster to your project: - **Number of nodes** - Enter the number of nodes you wish the cluster to have. - **Machine type** - The [machine type](https://cloud.google.com/compute/docs/machine-types) of the Virtual Machine instance that the cluster will be based on. - - **RBAC-enabled cluster** - Leave this checked if using default GKE creation options, see the [RBAC section](#role-based-access-control-rbac) for more information. + - **RBAC-enabled cluster** - Leave this checked if using default GKE creation options, see the [RBAC section](#rbac-cluster-resources) for more information. - **GitLab-managed cluster** - Leave this checked if you want GitLab to manage namespaces and service accounts for this cluster. See the [Managed clusters section](#gitlab-managed-clusters) for more information. 1. Finally, click the **Create Kubernetes cluster** button. @@ -263,65 +263,66 @@ you can either: ## Access controls -When creating a cluster in GitLab, you will be asked if you would like to create an -[Attribute-based access control (ABAC)](https://kubernetes.io/docs/admin/authorization/abac/) cluster, or -a [Role-based access control (RBAC)](https://kubernetes.io/docs/admin/authorization/rbac/) one. +When creating a cluster in GitLab, you will be asked if you would like to create either: -NOTE: **Note:** -[RBAC](#role-based-access-control-rbac) is recommended and the GitLab default. +- An [Attribute-based access control (ABAC)](https://kubernetes.io/docs/admin/authorization/abac/) cluster. +- A [Role-based access control (RBAC)](https://kubernetes.io/docs/admin/authorization/rbac/) cluster. -Whether [ABAC](#attribute-based-access-control-abac) or [RBAC](#role-based-access-control-rbac) is enabled, -GitLab will create the necessary service accounts and privileges in order to install and run -[GitLab managed applications](#installing-applications): +NOTE: **Note:** +[RBAC](#rbac-cluster-resources) is recommended and the GitLab default. -- If GitLab is creating the cluster, a `gitlab` service account with - `cluster-admin` privileges will be created in the `default` namespace, - which will be used by GitLab to manage the newly created cluster. +GitLab creates the necessary service accounts and privileges to install and run +[GitLab managed applications](#installing-applications). When GitLab creates the cluster: +- A `gitlab` service account with `cluster-admin` privileges is created in the `default` namespace + to manage the newly created cluster. - A project service account with [`edit` privileges](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles) - will be created in the project namespace (also created by GitLab), which will - be used in [deployment jobs](#deployment-variables). + is created in the GitLab-created project namespace for [deployment jobs](#deployment-variables). NOTE: **Note:** Restricted service account for deployment was [introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/51716) in GitLab 11.5. -- When you install Helm into your cluster, the `tiller` service account - will be created with `cluster-admin` privileges in the `gitlab-managed-apps` - namespace. This service account will be added to the installed Helm Tiller and will - be used by Helm to install and run [GitLab managed applications](#installing-applications). - Helm will also create additional service accounts and other resources for each - installed application. Consult the documentation of the Helm charts for each application - for details. +When you install Helm into your cluster, the `tiller` service account +is created with `cluster-admin` privileges in the `gitlab-managed-apps` +namespace. This service account will be added to the installed Helm Tiller and will +be used by Helm to install and run [GitLab managed applications](#installing-applications). +Helm will also create additional service accounts and other resources for each +installed application. Consult the documentation of the Helm charts for each application +for details. If you are [adding an existing Kubernetes cluster](#adding-an-existing-kubernetes-cluster), ensure the token of the account has administrator privileges for the cluster. -The following sections summarize which resources will be created on ABAC/RBAC clusters. +The resources created by GitLab differ depending on the type of cluster. + +### ABAC cluster resources + +GitLab creates the following resources for ABAC clusters. -### Attribute-based access control (ABAC) +| Name | Type | Details | Created when | +|:------------------|:---------------------|:----------------------------------|:---------------------------| +| `gitlab` | `ServiceAccount` | `default` namespace | Creating a new GKE Cluster | +| `gitlab-token` | `Secret` | Token for `gitlab` ServiceAccount | Creating a new GKE Cluster | +| `tiller` | `ServiceAccount` | `gitlab-managed-apps` namespace | Installing Helm Tiller | +| `tiller-admin` | `ClusterRoleBinding` | `cluster-admin` roleRef | Installing Helm Tiller | +| Project namespace | `ServiceAccount` | Uses namespace of Project | Deploying to a cluster | +| Project namespace | `Secret` | Token for project ServiceAccount | Deploying to a cluster | -| Name | Kind | Details | Created when | -| --- | --- | --- | --- | -| `gitlab` | `ServiceAccount` | `default` namespace | Creating a new GKE Cluster | -| `gitlab-token` | `Secret` | Token for `gitlab` ServiceAccount | Creating a new GKE Cluster | -| `tiller` | `ServiceAccount` | `gitlab-managed-apps` namespace | Installing Helm Tiller | -| `tiller-admin` | `ClusterRoleBinding` | `cluster-admin` roleRef | Installing Helm Tiller | -| Project namespace | `ServiceAccount` | Uses namespace of Project | Deploying to a cluster | -| Project namespace | `Secret` | Token for project ServiceAccount | Deploying to a cluster | +### RBAC cluster resources -### Role-based access control (RBAC) +GitLab creates the following resources for RBAC clusters. -| Name | Kind | Details | Created when | -| --- | --- | --- | --- | -| `gitlab` | `ServiceAccount` | `default` namespace | Creating a new GKE Cluster | -| `gitlab-admin` | `ClusterRoleBinding` | [`cluster-admin`](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles) roleRef | Creating a new GKE Cluster | -| `gitlab-token` | `Secret` | Token for `gitlab` ServiceAccount | Creating a new GKE Cluster | -| `tiller` | `ServiceAccount` | `gitlab-managed-apps` namespace | Installing Helm Tiller | -| `tiller-admin` | `ClusterRoleBinding` | `cluster-admin` roleRef | Installing Helm Tiller | -| Project namespace | `ServiceAccount` | Uses namespace of Project | Deploying to a cluster | -| Project namespace | `Secret` | Token for project ServiceAccount | Deploying to a cluster | -| Project namespace | `RoleBinding` | [`edit`](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles) roleRef | Deploying to a cluster | +| Name | Type | Details | Created when | +|:------------------|:---------------------|:-----------------------------------------------------------------------------------------------------------|:---------------------------| +| `gitlab` | `ServiceAccount` | `default` namespace | Creating a new GKE Cluster | +| `gitlab-admin` | `ClusterRoleBinding` | [`cluster-admin`](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles) roleRef | Creating a new GKE Cluster | +| `gitlab-token` | `Secret` | Token for `gitlab` ServiceAccount | Creating a new GKE Cluster | +| `tiller` | `ServiceAccount` | `gitlab-managed-apps` namespace | Installing Helm Tiller | +| `tiller-admin` | `ClusterRoleBinding` | `cluster-admin` roleRef | Installing Helm Tiller | +| Project namespace | `ServiceAccount` | Uses namespace of Project | Deploying to a cluster | +| Project namespace | `Secret` | Token for project ServiceAccount | Deploying to a cluster | +| Project namespace | `RoleBinding` | [`edit`](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles) roleRef | Deploying to a cluster | NOTE: **Note:** Project-specific resources are only created if your cluster is [managed by GitLab](#gitlab-managed-clusters). @@ -375,7 +376,7 @@ by GitLab before installing any of the applications. | [Prometheus](https://prometheus.io/docs/introduction/overview/) | 10.4+ | Prometheus is an open-source monitoring and alerting system useful to supervise your deployed applications. | [stable/prometheus](https://github.com/helm/charts/tree/master/stable/prometheus) | | [GitLab Runner](https://docs.gitlab.com/runner/) | 10.6+ | GitLab Runner is the open source project that is used to run your jobs and send the results back to GitLab. It is used in conjunction with [GitLab CI/CD](../../../ci/README.md), the open-source continuous integration service included with GitLab that coordinates the jobs. When installing the GitLab Runner via the applications, it will run in **privileged mode** by default. Make sure you read the [security implications](#security-implications) before doing so. | [runner/gitlab-runner](https://gitlab.com/charts/gitlab-runner) | | [JupyterHub](http://jupyter.org/) | 11.0+ | [JupyterHub](https://jupyterhub.readthedocs.io/en/stable/) is a multi-user service for managing notebooks across a team. [Jupyter Notebooks](https://jupyter-notebook.readthedocs.io/en/latest/) provide a web-based interactive programming environment used for data analysis, visualization, and machine learning. We use a [custom Jupyter image](https://gitlab.com/gitlab-org/jupyterhub-user-image/blob/master/Dockerfile) that installs additional useful packages on top of the base Jupyter. Authentication will be enabled only for [project members](../members/index.md) with [Developer or higher](../../permissions.md) access to the project. You will also see ready-to-use DevOps Runbooks built with Nurtch's [Rubix library](https://github.com/amit1rrr/rubix). More information on creating executable runbooks can be found in [our Nurtch documentation](runbooks/index.md#nurtch-executable-runbooks). Note that Ingress must be installed and have an IP address assigned before JupyterHub can be installed. | [jupyter/jupyterhub](https://jupyterhub.github.io/helm-chart/) | -| [Knative](https://cloud.google.com/knative) | 11.5+ | Knative provides a platform to create, deploy, and manage serverless workloads from a Kubernetes cluster. It is used in conjunction with, and includes [Istio](https://istio.io) to provide an external IP address for all programs hosted by Knative. You will be prompted to enter a wildcard domain where your applications will be exposed. Configure your DNS server to use the external IP address for that domain. For any application created and installed, they will be accessible as `<program_name>.<kubernetes_namespace>.<domain_name>`. This will require your kubernetes cluster to have [RBAC enabled](#role-based-access-control-rbac). | [knative/knative](https://storage.googleapis.com/triggermesh-charts) +| [Knative](https://cloud.google.com/knative) | 11.5+ | Knative provides a platform to create, deploy, and manage serverless workloads from a Kubernetes cluster. It is used in conjunction with, and includes [Istio](https://istio.io) to provide an external IP address for all programs hosted by Knative. You will be prompted to enter a wildcard domain where your applications will be exposed. Configure your DNS server to use the external IP address for that domain. For any application created and installed, they will be accessible as `<program_name>.<kubernetes_namespace>.<domain_name>`. This will require your kubernetes cluster to have [RBAC enabled](#rbac-cluster-resources). | [knative/knative](https://storage.googleapis.com/triggermesh-charts) With the exception of Knative, the applications will be installed in a dedicated namespace called `gitlab-managed-apps`. diff --git a/lib/gitlab/auth_logger.rb b/lib/gitlab/auth_logger.rb new file mode 100644 index 00000000000..6d3edba02b0 --- /dev/null +++ b/lib/gitlab/auth_logger.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +module Gitlab + class AuthLogger < Gitlab::JsonLogger + def self.file_name_noext + 'auth' + end + end +end diff --git a/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml index 779f4b5f006..11569437cb6 100644 --- a/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml @@ -507,23 +507,13 @@ rollout 100%: kubectl describe namespace "$KUBE_NAMESPACE" || kubectl create namespace "$KUBE_NAMESPACE" } - # Function to ensure backwards compatibility with AUTO_DEVOPS_DOMAIN - function ensure_kube_ingress_base_domain() { - if [ -z ${KUBE_INGRESS_BASE_DOMAIN+x} ] && [ -n "$AUTO_DEVOPS_DOMAIN" ] ; then - export KUBE_INGRESS_BASE_DOMAIN=$AUTO_DEVOPS_DOMAIN - fi - } - function check_kube_domain() { - ensure_kube_ingress_base_domain - if [[ -z "$KUBE_INGRESS_BASE_DOMAIN" ]]; then echo "In order to deploy or use Review Apps," - echo "AUTO_DEVOPS_DOMAIN or KUBE_INGRESS_BASE_DOMAIN variables must be set" + echo "KUBE_INGRESS_BASE_DOMAIN variables must be set" echo "From 11.8, you can set KUBE_INGRESS_BASE_DOMAIN in cluster settings" echo "or by defining a variable at group or project level." echo "You can also manually add it in .gitlab-ci.yml" - echo "AUTO_DEVOPS_DOMAIN support will be dropped on 12.0" false else true diff --git a/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml index 706692e063b..abf16e5b2e7 100644 --- a/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml @@ -40,6 +40,7 @@ sast: SAST_BRAKEMAN_LEVEL \ SAST_GOSEC_LEVEL \ SAST_FLAWFINDER_LEVEL \ + SAST_GITLEAKS_ENTROPY_LEVEL \ SAST_DOCKER_CLIENT_NEGOTIATION_TIMEOUT \ SAST_PULL_ANALYZER_IMAGE_TIMEOUT \ SAST_RUN_ANALYZER_TIMEOUT \ diff --git a/lib/gitlab/omniauth_initializer.rb b/lib/gitlab/omniauth_initializer.rb index e0ac9eec1f2..2a2083ebae0 100644 --- a/lib/gitlab/omniauth_initializer.rb +++ b/lib/gitlab/omniauth_initializer.rb @@ -36,12 +36,25 @@ module Gitlab hash_arguments = provider['args'].merge(provider_defaults(provider)) # A Hash from the configuration will be passed as is. - provider_arguments << hash_arguments.symbolize_keys + provider_arguments << normalize_hash_arguments(hash_arguments) end provider_arguments end + def normalize_hash_arguments(args) + args.symbolize_keys! + + # Rails 5.1 deprecated the use of string names in the middleware + # (https://github.com/rails/rails/commit/83b767ce), so we need to + # pass in the actual class to Devise. + if args[:strategy_class].is_a?(String) + args[:strategy_class] = args[:strategy_class].constantize + end + + args + end + def provider_defaults(provider) case provider['name'] when 'cas3' diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 6209530deab..604b87b8438 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -193,6 +193,18 @@ msgstr "" msgid "%{service_title} settings saved, but not activated." msgstr "" +msgid "%{size} GiB" +msgstr "" + +msgid "%{size} KiB" +msgstr "" + +msgid "%{size} MiB" +msgstr "" + +msgid "%{size} bytes" +msgstr "" + msgid "%{spammable_titlecase} was submitted to Akismet successfully." msgstr "" @@ -4482,6 +4494,9 @@ msgstr "" msgid "Found errors in your .gitlab-ci.yml:" msgstr "" +msgid "Friday" +msgstr "" + msgid "From %{providerTitle}" msgstr "" @@ -5796,6 +5811,9 @@ msgstr "" msgid "Mark as resolved" msgstr "" +msgid "Mark comment as resolved" +msgstr "" + msgid "Mark this issue as a duplicate of another issue" msgstr "" @@ -8202,6 +8220,9 @@ msgstr "" msgid "Resolved all discussions." msgstr "" +msgid "Resolved by %{name}" +msgstr "" + msgid "Resolved by %{resolvedByName}" msgstr "" @@ -9984,6 +10005,9 @@ msgstr "" msgid "This will remove the fork relationship to source project" msgstr "" +msgid "Thursday" +msgstr "" + msgid "Time before an issue gets scheduled" msgstr "" @@ -10387,6 +10411,9 @@ msgstr "" msgid "Trying to communicate with your device. Plug it in (if you haven't already) and press the button on the device now." msgstr "" +msgid "Tuesday" +msgstr "" + msgid "Twitter" msgstr "" @@ -10879,6 +10906,9 @@ msgstr "" msgid "Webhooks Help" msgstr "" +msgid "Wednesday" +msgstr "" + msgid "Welcome to your Issue Board!" msgstr "" diff --git a/package.json b/package.json index 099d0b3d8fa..381accff23b 100644 --- a/package.json +++ b/package.json @@ -23,7 +23,7 @@ "stylelint": "node node_modules/stylelint/bin/stylelint.js app/assets/stylesheets/**/*.* ee/app/assets/stylesheets/**/*.* !**/vendors/** --custom-formatter node_modules/stylelint-error-string-formatter", "stylelint-file": "node node_modules/stylelint/bin/stylelint.js", "stylelint-create-utility-map": "node scripts/frontend/stylelint/stylelint-utility-map.js", - "test": "yarn jest && yarn karma", + "test": "node scripts/frontend/test", "webpack": "NODE_OPTIONS=\"--max-old-space-size=3584\" webpack --config config/webpack.config.js", "webpack-prod": "NODE_OPTIONS=\"--max-old-space-size=3584\" NODE_ENV=production webpack --config config/webpack.config.js" }, diff --git a/qa/docs/WRITING_TESTS_FROM_SCRATCH.md b/qa/docs/WRITING_TESTS_FROM_SCRATCH.md index f91286c232e..309fcc4064c 100644 --- a/qa/docs/WRITING_TESTS_FROM_SCRATCH.md +++ b/qa/docs/WRITING_TESTS_FROM_SCRATCH.md @@ -271,7 +271,7 @@ end In the `before :all` block we create all the application state needed for the tests to run. We do that by fabricating resources via APIs (`project`, `@issue`, and `@labels`), by using the `Runtime::Browser.visit` method to go to the login page, and by performing a `sign_in_using_credentials` from the `Login` Page Object. -> When creating the resources, notice that when calling the `fabricate_via_api` method, we pass some attribute:values, like `name` for the `project` resoruce, `project`, `title`, and `labels` for the the issue resource, and `project`, and `title` for `label` resources. +> When creating the resources, notice that when calling the `fabricate_via_api` method, we pass some attribute:values, like `name` for the `project` resource; `project`, `title`, and `labels` for the `issue` resource; and `project`, and `title` for `label` resources. > What's important to understand here is that by creating the application state mostly using the public APIs we save a lot of time in the test suite setup stage. @@ -279,7 +279,7 @@ In the `before :all` block we create all the application state needed for the te ### 6. Optimization -As already mentioned in the [best practices](./BEST_PRACTICES.md) document, end-to-end tests are very costly in terms of execution time, and it's our responsibility as software engineers to ensure that we optimize them as max as possible. +As already mentioned in the [best practices](./BEST_PRACTICES.md) document, end-to-end tests are very costly in terms of execution time, and it's our responsibility as software engineers to ensure that we optimize them as much as possible. > Differently than unit tests, that exercise every little piece of the application in isolation, usually having only one assertion per test, and being very fast to run, end-to-end tests can have more actions and assertions in a single test to help on speeding up the test's feedback since they are much slower when comparing to unit tests. @@ -367,7 +367,7 @@ With that in mind, resources can be a project, an epic, an issue, a label, a com As you saw in the tests' pre-conditions and the optimization sections, we're already creating some of these resources, and we are doing that by calling the `fabricate_via_api!` method. -> We could be using the `fabricate!` method instead, which would use the `fabricate_via_api!` method if it exists, and fallback to GUI fabrication otherwise, but we recommend being explicit to make it clear what the test does. Also, we always recommend fabricating resources via API since this makes tests faster and more reliable. +> We could be using the `fabricate!` method instead, which would use the `fabricate_via_api!` method if it exists, and fallback to GUI fabrication otherwise, but we recommend being explicit to make it clear what the test does. Also, we recommend fabricating resources via API since this makes tests faster and more reliable, unless the test is focusing on the GUI itself, or there's no GUI coverage for that specific part in any other test. For our test suite example, the [project resource](https://gitlab.com/gitlab-org/gitlab-ee/blob/d3584e80b4236acdf393d815d604801573af72cc/qa/qa/resource/project.rb#L55) already had a `fabricate_via_api!` method available, while other resources don't have it, so we will have to create them, like for the issue and label resources. Also, we will have to make a small change in the project resource to expose its `id` attribute so that we can refer to it when fabricating the issue. diff --git a/scripts/frontend/test.js b/scripts/frontend/test.js new file mode 100755 index 00000000000..dab7176f8c1 --- /dev/null +++ b/scripts/frontend/test.js @@ -0,0 +1,114 @@ +#!/usr/bin/env node + +const { spawn } = require('child_process'); +const { EOL } = require('os'); +const program = require('commander'); +const chalk = require('chalk'); + +const JEST_ROUTE = 'spec/frontend'; +const KARMA_ROUTE = 'spec/javascripts'; +const COMMON_ARGS = ['--colors']; +const JEST_ARGS = ['--passWithNoTests']; +const KARMA_ARGS = ['--no-fail-on-empty-test-suite']; +const SUCCESS_CODE = 0; + +program + .version('0.1.0') + .usage('[options] <file ...>') + .option('-p, --parallel', 'Run tests suites in parallel') + .parse(process.argv); + +const isSuccess = code => code === SUCCESS_CODE; + +const combineExitCodes = codes => { + const firstFail = codes.find(x => !isSuccess(x)); + + return firstFail === undefined ? SUCCESS_CODE : firstFail; +}; + +const skipIfFail = fn => code => (isSuccess(code) ? fn() : code); + +const endWithEOL = str => (str[str.length - 1] === '\n' ? str : `${str}${EOL}`); + +const runTests = paths => { + if (program.parallel) { + return Promise.all([runJest(paths), runKarma(paths)]).then(combineExitCodes); + } else { + return runJest(paths).then(skipIfFail(() => runKarma(paths))); + } +}; + +const spawnYarnScript = (cmd, args) => { + return new Promise((resolve, reject) => { + const proc = spawn('yarn', ['run', cmd, ...args]); + const output = data => { + const text = data + .toString() + .split(/\r?\n/g) + .map((line, idx, { length }) => + idx === length - 1 && !line ? line : `${chalk.gray(cmd)}: ${line}`, + ) + .join(EOL); + + return endWithEOL(text); + }; + + proc.stdout.on('data', data => { + process.stdout.write(output(data)); + }); + + proc.stderr.on('data', data => { + process.stderr.write(output(data)); + }); + + proc.on('close', code => { + process.stdout.write(output(`exited with code ${code}`)); + + // We resolve even on a failure code because a `reject` would cause + // Promise.all to reject immediately (without waiting for other promises) + // to finish. + resolve(code); + }); + }); +}; + +const runJest = args => { + return spawnYarnScript('jest', [...JEST_ARGS, ...COMMON_ARGS, ...toJestArgs(args)]); +}; + +const runKarma = args => { + return spawnYarnScript('karma', [...KARMA_ARGS, ...COMMON_ARGS, ...toKarmaArgs(args)]); +}; + +const replacePath = to => path => + path + .replace(JEST_ROUTE, to) + .replace(KARMA_ROUTE, to) + .replace('app/assets/javascripts', to); + +const replacePathForJest = replacePath(JEST_ROUTE); + +const replacePathForKarma = replacePath(KARMA_ROUTE); + +const toJestArgs = paths => paths.map(replacePathForJest); + +const toKarmaArgs = paths => + paths.reduce((acc, path) => acc.concat('-f', replacePathForKarma(path)), []); + +const main = paths => { + runTests(paths).then(code => { + console.log('~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'); + if (isSuccess(code)) { + console.log(chalk.bgGreen(chalk.black('All tests passed :)'))); + } else { + console.log(chalk.bgRed(chalk.white(`Some tests failed :(`))); + } + console.log('~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'); + + if (!isSuccess(code)) { + process.exit(code); + } + }); +}; + +main(program.args); diff --git a/spec/lib/gitlab/ci/config_spec.rb b/spec/lib/gitlab/ci/config_spec.rb index fd2a29e4ddb..092e9f242b7 100644 --- a/spec/lib/gitlab/ci/config_spec.rb +++ b/spec/lib/gitlab/ci/config_spec.rb @@ -190,7 +190,6 @@ describe Gitlab::Ci::Config do let(:remote_file_content) do <<~HEREDOC variables: - AUTO_DEVOPS_DOMAIN: domain.example.com POSTGRES_USER: user POSTGRES_PASSWORD: testing-password POSTGRES_ENABLED: "true" @@ -232,7 +231,6 @@ describe Gitlab::Ci::Config do "bundle install --jobs $(nproc) \"${FLAGS[@]}\"" ] variables = { - AUTO_DEVOPS_DOMAIN: "domain.example.com", POSTGRES_USER: "user", POSTGRES_PASSWORD: "testing-password", POSTGRES_ENABLED: "true", diff --git a/spec/lib/gitlab/omniauth_initializer_spec.rb b/spec/lib/gitlab/omniauth_initializer_spec.rb index d808b4d49e0..f9c0daf1ef1 100644 --- a/spec/lib/gitlab/omniauth_initializer_spec.rb +++ b/spec/lib/gitlab/omniauth_initializer_spec.rb @@ -38,6 +38,28 @@ describe Gitlab::OmniauthInitializer do subject.execute([hash_config]) end + it 'normalizes a String strategy_class' do + hash_config = { 'name' => 'hash', 'args' => { strategy_class: 'OmniAuth::Strategies::OAuth2Generic' } } + + expect(devise_config).to receive(:omniauth).with(:hash, strategy_class: OmniAuth::Strategies::OAuth2Generic) + + subject.execute([hash_config]) + end + + it 'allows a class to be specified in strategy_class' do + hash_config = { 'name' => 'hash', 'args' => { strategy_class: OmniAuth::Strategies::OAuth2Generic } } + + expect(devise_config).to receive(:omniauth).with(:hash, strategy_class: OmniAuth::Strategies::OAuth2Generic) + + subject.execute([hash_config]) + end + + it 'throws an error for an invalid strategy_class' do + hash_config = { 'name' => 'hash', 'args' => { strategy_class: 'OmniAuth::Strategies::Bogus' } } + + expect { subject.execute([hash_config]) }.to raise_error(NameError) + end + it 'configures fail_with_empty_uid for shibboleth' do shibboleth_config = { 'name' => 'shibboleth', 'args' => {} } diff --git a/spec/models/ci/build_spec.rb b/spec/models/ci/build_spec.rb index 5f2e8aa0baa..bc81c34f7ab 100644 --- a/spec/models/ci/build_spec.rb +++ b/spec/models/ci/build_spec.rb @@ -2604,30 +2604,6 @@ describe Ci::Build do it { is_expected.to include(ci_config_path) } end - context 'when using auto devops' do - context 'and is enabled' do - before do - project.create_auto_devops!(enabled: true, domain: 'example.com') - end - - it "includes AUTO_DEVOPS_DOMAIN" do - is_expected.to include( - { key: 'AUTO_DEVOPS_DOMAIN', value: 'example.com', public: true, masked: false }) - end - end - - context 'and is disabled' do - before do - project.create_auto_devops!(enabled: false, domain: 'example.com') - end - - it "includes AUTO_DEVOPS_DOMAIN" do - is_expected.not_to include( - { key: 'AUTO_DEVOPS_DOMAIN', value: 'example.com', public: true, masked: false }) - end - end - end - context 'when pipeline variable overrides build variable' do before do build.yaml_variables = [{ key: 'MYVAR', value: 'myvar', public: true }] diff --git a/spec/models/clusters/cluster_spec.rb b/spec/models/clusters/cluster_spec.rb index 3ee8c340bfe..f066ed6b620 100644 --- a/spec/models/clusters/cluster_spec.rb +++ b/spec/models/clusters/cluster_spec.rb @@ -557,62 +557,15 @@ describe Clusters::Cluster do end context 'with no domain on cluster' do - context 'with a project cluster' do - let(:cluster) { create(:cluster, :project, :provided_by_gcp) } - let(:project) { cluster.project } + let(:cluster) { create(:cluster, :project, :provided_by_gcp) } + let(:project) { cluster.project } - context 'with domain set at instance level' do - before do - stub_application_setting(auto_devops_domain: 'global_domain.com') - - it { is_expected.to eq('global_domain.com') } - end - end - - context 'with domain set on ProjectAutoDevops' do - before do - auto_devops = project.build_auto_devops(domain: 'legacy-ado-domain.com') - auto_devops.save - end - - it { is_expected.to eq('legacy-ado-domain.com') } - end - - context 'with domain set as environment variable on project' do - before do - variable = project.variables.build(key: 'AUTO_DEVOPS_DOMAIN', value: 'project-ado-domain.com') - variable.save - end - - it { is_expected.to eq('project-ado-domain.com') } + context 'with domain set at instance level' do + before do + stub_application_setting(auto_devops_domain: 'global_domain.com') end - context 'with domain set as environment variable on the group project' do - let(:group) { create(:group) } - - before do - project.update(parent_id: group.id) - variable = group.variables.build(key: 'AUTO_DEVOPS_DOMAIN', value: 'group-ado-domain.com') - variable.save - end - - it { is_expected.to eq('group-ado-domain.com') } - end - end - - context 'with a group cluster' do - let(:cluster) { create(:cluster, :group, :provided_by_gcp) } - - context 'with domain set as environment variable for the group' do - let(:group) { cluster.group } - - before do - variable = group.variables.build(key: 'AUTO_DEVOPS_DOMAIN', value: 'group-ado-domain.com') - variable.save - end - - it { is_expected.to eq('group-ado-domain.com') } - end + it { is_expected.to eq('global_domain.com') } end end end diff --git a/spec/models/project_auto_devops_spec.rb b/spec/models/project_auto_devops_spec.rb index b81e5610e2c..7bdd2367a68 100644 --- a/spec/models/project_auto_devops_spec.rb +++ b/spec/models/project_auto_devops_spec.rb @@ -14,65 +14,9 @@ describe ProjectAutoDevops do it { is_expected.to respond_to(:created_at) } it { is_expected.to respond_to(:updated_at) } - describe '#has_domain?' do - context 'when domain is defined' do - let(:auto_devops) { build_stubbed(:project_auto_devops, project: project, domain: 'domain.com') } - - it { expect(auto_devops).to have_domain } - end - - context 'when domain is empty' do - let(:auto_devops) { build_stubbed(:project_auto_devops, project: project, domain: '') } - - context 'when there is an instance domain specified' do - before do - allow(Gitlab::CurrentSettings).to receive(:auto_devops_domain).and_return('example.com') - end - - it { expect(auto_devops).to have_domain } - end - - context 'when there is no instance domain specified' do - before do - allow(Gitlab::CurrentSettings).to receive(:auto_devops_domain).and_return(nil) - end - - it { expect(auto_devops).not_to have_domain } - end - end - end - describe '#predefined_variables' do let(:auto_devops) { build_stubbed(:project_auto_devops, project: project, domain: domain) } - context 'when domain is defined' do - let(:domain) { 'example.com' } - - it 'returns AUTO_DEVOPS_DOMAIN' do - expect(auto_devops.predefined_variables).to include(domain_variable) - end - end - - context 'when domain is not defined' do - let(:domain) { nil } - - context 'when there is an instance domain specified' do - before do - allow(Gitlab::CurrentSettings).to receive(:auto_devops_domain).and_return('example.com') - end - - it { expect(auto_devops.predefined_variables).to include(domain_variable) } - end - - context 'when there is no instance domain specified' do - before do - allow(Gitlab::CurrentSettings).to receive(:auto_devops_domain).and_return(nil) - end - - it { expect(auto_devops.predefined_variables).not_to include(domain_variable) } - end - end - context 'when deploy_strategy is manual' do let(:auto_devops) { build_stubbed(:project_auto_devops, :manual_deployment, project: project) } let(:expected_variables) do @@ -105,10 +49,6 @@ describe ProjectAutoDevops do .not_to include("STAGING_ENABLED", "INCREMENTAL_ROLLOUT_ENABLED") end end - - def domain_variable - { key: 'AUTO_DEVOPS_DOMAIN', value: 'example.com', public: true } - end end describe '#create_gitlab_deploy_token' do diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb index 425096d7e80..08662231fdf 100644 --- a/spec/models/project_spec.rb +++ b/spec/models/project_spec.rb @@ -3975,64 +3975,6 @@ describe Project do end end - describe '#auto_devops_variables' do - set(:project) { create(:project) } - - subject { project.auto_devops_variables } - - context 'when enabled in instance settings' do - before do - stub_application_setting(auto_devops_enabled: true) - end - - context 'when domain is empty' do - before do - stub_application_setting(auto_devops_domain: nil) - end - - it 'variables does not include AUTO_DEVOPS_DOMAIN' do - is_expected.not_to include(domain_variable) - end - end - - context 'when domain is configured' do - before do - stub_application_setting(auto_devops_domain: 'example.com') - end - - it 'variables includes AUTO_DEVOPS_DOMAIN' do - is_expected.to include(domain_variable) - end - end - end - - context 'when explicitly enabled' do - context 'when domain is empty' do - before do - create(:project_auto_devops, project: project, domain: nil) - end - - it 'variables does not include AUTO_DEVOPS_DOMAIN' do - is_expected.not_to include(domain_variable) - end - end - - context 'when domain is configured' do - before do - create(:project_auto_devops, project: project, domain: 'example.com') - end - - it 'variables includes AUTO_DEVOPS_DOMAIN' do - is_expected.to include(domain_variable) - end - end - end - - def domain_variable - { key: 'AUTO_DEVOPS_DOMAIN', value: 'example.com', public: true } - end - end - describe '#latest_successful_builds_for' do let(:project) { build(:project) } diff --git a/spec/requests/rack_attack_global_spec.rb b/spec/requests/rack_attack_global_spec.rb index a12646ea222..89adbc77a7f 100644 --- a/spec/requests/rack_attack_global_spec.rb +++ b/spec/requests/rack_attack_global_spec.rb @@ -182,6 +182,17 @@ describe 'Rack Attack global throttles' do end end end + + it 'logs RackAttack info into structured logs' do + requests_per_period.times do + get url_that_does_not_require_authentication + expect(response).to have_http_status 200 + end + + expect(Gitlab::AuthLogger).to receive(:error).once + + get url_that_does_not_require_authentication + end end context 'when the throttle is disabled' do @@ -327,6 +338,17 @@ describe 'Rack Attack global throttles' do expect_rejection { get url_that_requires_authentication } end + + it 'logs RackAttack info into structured logs' do + requests_per_period.times do + get url_that_requires_authentication + expect(response).to have_http_status 200 + end + + expect(Gitlab::AuthLogger).to receive(:error).once + + get url_that_requires_authentication + end end context 'when the throttle is disabled' do |