diff options
157 files changed, 1567 insertions, 647 deletions
diff --git a/.gitignore b/.gitignore index e9ff0048c1c..e1561c9db9a 100644 --- a/.gitignore +++ b/.gitignore @@ -72,3 +72,4 @@ eslint-report.html /locale/**/*.time_stamp /.rspec /plugins/* +/.gitlab_pages_secret diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5bc2f1f3a0f..05487134cb1 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -110,7 +110,7 @@ stages: # Jobs that only need to pull cache .dedicated-no-docs-pull-cache-job: &dedicated-no-docs-pull-cache-job <<: *dedicated-runner - <<: *except-docs-and-qa + <<: *except-docs <<: *pull-cache dependencies: - setup-test-env @@ -122,6 +122,10 @@ stages: variables: SETUP_DB: "false" +.dedicated-no-docs-and-no-qa-pull-cache-job: &dedicated-no-docs-and-no-qa-pull-cache-job + <<: *dedicated-no-docs-pull-cache-job + <<: *except-docs-and-qa + .rake-exec: &rake-exec <<: *dedicated-no-docs-no-db-pull-cache-job script: @@ -222,7 +226,7 @@ stages: - master@gitlab/gitlab-ee .gitlab-setup: &gitlab-setup - <<: *dedicated-no-docs-pull-cache-job + <<: *dedicated-no-docs-and-no-qa-pull-cache-job <<: *use-pg variables: CREATE_DB_USER: "true" @@ -262,12 +266,12 @@ stages: # DB migration, rollback, and seed jobs .db-migrate-reset: &db-migrate-reset - <<: *dedicated-no-docs-pull-cache-job + <<: *dedicated-no-docs-and-no-qa-pull-cache-job script: - bundle exec rake db:migrate:reset .migration-paths: &migration-paths - <<: *dedicated-no-docs-pull-cache-job + <<: *dedicated-no-docs-and-no-qa-pull-cache-job variables: CREATE_DB_USER: "true" script: @@ -647,7 +651,7 @@ migration:path-mysql: <<: *use-mysql .db-rollback: &db-rollback - <<: *dedicated-no-docs-pull-cache-job + <<: *dedicated-no-docs-and-no-qa-pull-cache-job script: - bundle exec rake db:migrate VERSION=20170523121229 - bundle exec rake db:migrate @@ -670,7 +674,7 @@ gitlab:setup-mysql: # Frontend-related jobs gitlab:assets:compile: - <<: *dedicated-no-docs-no-db-pull-cache-job + <<: *dedicated-no-docs-and-no-qa-pull-cache-job dependencies: [] variables: NODE_ENV: "production" @@ -691,7 +695,7 @@ gitlab:assets:compile: - webpack-report/ karma: - <<: *dedicated-no-docs-pull-cache-job + <<: *dedicated-no-docs-and-no-qa-pull-cache-job <<: *use-pg dependencies: - compile-assets @@ -815,7 +819,7 @@ coverage: - coverage/assets/ lint:javascript:report: - <<: *dedicated-no-docs-no-db-pull-cache-job + <<: *dedicated-no-docs-and-no-qa-pull-cache-job stage: post-test dependencies: - compile-assets diff --git a/GITLAB_PAGES_VERSION b/GITLAB_PAGES_VERSION index a3df0a6959e..f374f6662e9 100644 --- a/GITLAB_PAGES_VERSION +++ b/GITLAB_PAGES_VERSION @@ -1 +1 @@ -0.8.0 +0.9.1 @@ -51,7 +51,6 @@ gem 'omniauth-shibboleth', '~> 1.2.0' gem 'omniauth-twitter', '~> 1.4' gem 'omniauth_crowd', '~> 2.2.0' gem 'omniauth-authentiq', '~> 0.3.1' -gem 'omniauth-jwt', '~> 0.0.2' gem 'rack-oauth2', '~> 1.2.1' gem 'jwt', '~> 1.5.6' @@ -415,7 +414,7 @@ end # Gitaly GRPC client gem 'gitaly-proto', '~> 0.97.0', require: 'gitaly' -gem 'grpc', '~> 1.10.0' +gem 'grpc', '~> 1.11.0' # Locked until https://github.com/google/protobuf/issues/4210 is closed gem 'google-protobuf', '= 3.5.1' diff --git a/Gemfile.lock b/Gemfile.lock index 2e9cb1a956f..9b2c47587ee 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -374,7 +374,7 @@ GEM rake grape_logging (1.7.0) grape - grpc (1.10.0) + grpc (1.11.0) google-protobuf (~> 3.1) googleapis-common-protos-types (~> 1.0.0) googleauth (>= 0.5.1, < 0.7) @@ -555,9 +555,6 @@ GEM jwt (>= 1.5) omniauth (>= 1.1.1) omniauth-oauth2 (>= 1.5) - omniauth-jwt (0.0.2) - jwt - omniauth (~> 1.1) omniauth-kerberos (0.3.0) omniauth-multipassword timfel-krb5-auth (~> 0.8) @@ -1076,7 +1073,7 @@ DEPENDENCIES grape-entity (~> 0.6.0) grape-route-helpers (~> 2.1.0) grape_logging (~> 1.7) - grpc (~> 1.10.0) + grpc (~> 1.11.0) haml_lint (~> 0.26.0) hamlit (~> 2.6.1) hashie-forbidden_attributes @@ -1117,7 +1114,6 @@ DEPENDENCIES omniauth-github (~> 1.1.1) omniauth-gitlab (~> 1.0.2) omniauth-google-oauth2 (~> 0.5.3) - omniauth-jwt (~> 0.0.2) omniauth-kerberos (~> 0.3.0) omniauth-oauth2-generic (~> 0.2.2) omniauth-saml (~> 1.10) diff --git a/app/assets/javascripts/vue_merge_request_widget/components/states/mr_widget_failed_to_merge.vue b/app/assets/javascripts/vue_merge_request_widget/components/states/mr_widget_failed_to_merge.vue index f23d4049156..8f4022846f1 100644 --- a/app/assets/javascripts/vue_merge_request_widget/components/states/mr_widget_failed_to_merge.vue +++ b/app/assets/javascripts/vue_merge_request_widget/components/states/mr_widget_failed_to_merge.vue @@ -1,66 +1,70 @@ <script> - import { n__ } from '~/locale'; - import statusIcon from '../mr_widget_status_icon.vue'; - import eventHub from '../../event_hub'; +import { n__ } from '~/locale'; +import statusIcon from '../mr_widget_status_icon.vue'; +import eventHub from '../../event_hub'; - export default { - name: 'MRWidgetFailedToMerge', +export default { + name: 'MRWidgetFailedToMerge', - components: { - statusIcon, - }, + components: { + statusIcon, + }, - props: { - mr: { - type: Object, - required: true, - default: () => ({}), - }, + props: { + mr: { + type: Object, + required: true, + default: () => ({}), }, + }, - data() { - return { - timer: 10, - isRefreshing: false, - }; - }, + data() { + return { + timer: 10, + isRefreshing: false, + intervalId: null, + }; + }, - computed: { - timerText() { - return n__( - 'Refreshing in a second to show the updated status...', - 'Refreshing in %d seconds to show the updated status...', - this.timer, - ); - }, + computed: { + timerText() { + return n__( + 'Refreshing in a second to show the updated status...', + 'Refreshing in %d seconds to show the updated status...', + this.timer, + ); }, + }, - mounted() { - setInterval(() => { - this.updateTimer(); - }, 1000); - }, + mounted() { + this.intervalId = setInterval(this.updateTimer, 1000); + }, - created() { - eventHub.$emit('DisablePolling'); - }, + created() { + eventHub.$emit('DisablePolling'); + }, - methods: { - refresh() { - this.isRefreshing = true; - eventHub.$emit('MRWidgetUpdateRequested'); - eventHub.$emit('EnablePolling'); - }, - updateTimer() { - this.timer = this.timer - 1; + beforeDestroy() { + if (this.intervalId) { + clearInterval(this.intervalId); + } + }, - if (this.timer === 0) { - this.refresh(); - } - }, + methods: { + refresh() { + this.isRefreshing = true; + eventHub.$emit('MRWidgetUpdateRequested'); + eventHub.$emit('EnablePolling'); }, + updateTimer() { + this.timer = this.timer - 1; - }; + if (this.timer === 0) { + this.refresh(); + } + }, + }, +}; </script> <template> <div class="mr-widget-body media"> diff --git a/app/assets/javascripts/vue_shared/models/label.js b/app/assets/javascripts/vue_shared/models/label.js index 70b9efe0c68..d29c7fe973a 100644 --- a/app/assets/javascripts/vue_shared/models/label.js +++ b/app/assets/javascripts/vue_shared/models/label.js @@ -1,4 +1,4 @@ -class ListLabel { +export default class ListLabel { constructor(obj) { this.id = obj.id; this.title = obj.title; diff --git a/app/finders/pipelines_finder.rb b/app/finders/pipelines_finder.rb index f187a3b61fe..0a487839aff 100644 --- a/app/finders/pipelines_finder.rb +++ b/app/finders/pipelines_finder.rb @@ -14,6 +14,7 @@ class PipelinesFinder items = by_scope(items) items = by_status(items) items = by_ref(items) + items = by_sha(items) items = by_name(items) items = by_username(items) items = by_yaml_errors(items) @@ -69,6 +70,14 @@ class PipelinesFinder end end + def by_sha(items) + if params[:sha].present? + items.where(sha: params[:sha]) + else + items + end + end + def by_name(items) if params[:name].present? items.joins(:user).where(users: { name: params[:name] }) diff --git a/app/helpers/dropdowns_helper.rb b/app/helpers/dropdowns_helper.rb index 5089da519df..5a2360b4661 100644 --- a/app/helpers/dropdowns_helper.rb +++ b/app/helpers/dropdowns_helper.rb @@ -41,7 +41,7 @@ module DropdownsHelper def dropdown_toggle(toggle_text, data_attr, options = {}) default_label = data_attr[:default_label] - content_tag(:button, class: "dropdown-menu-toggle #{options[:toggle_class] if options.key?(:toggle_class)}", id: (options[:id] if options.key?(:id)), type: "button", data: data_attr) do + content_tag(:button, disabled: options[:disabled], class: "dropdown-menu-toggle #{options[:toggle_class] if options.key?(:toggle_class)}", id: (options[:id] if options.key?(:id)), type: "button", data: data_attr) do output = content_tag(:span, toggle_text, class: "dropdown-toggle-text #{'is-default' if toggle_text == default_label}") output << icon('chevron-down') output.html_safe diff --git a/app/models/members/group_member.rb b/app/models/members/group_member.rb index 661e668dbf9..5da739f9618 100644 --- a/app/models/members/group_member.rb +++ b/app/models/members/group_member.rb @@ -37,20 +37,20 @@ class GroupMember < Member private def send_invite - notification_service.invite_group_member(self, @raw_invite_token) + run_after_commit_or_now { notification_service.invite_group_member(self, @raw_invite_token) } super end def post_create_hook - notification_service.new_group_member(self) + run_after_commit_or_now { notification_service.new_group_member(self) } super end def post_update_hook if access_level_changed? - notification_service.update_group_member(self) + run_after_commit { notification_service.update_group_member(self) } end super diff --git a/app/models/members/project_member.rb b/app/models/members/project_member.rb index 1c7ed4a96df..024106056b4 100644 --- a/app/models/members/project_member.rb +++ b/app/models/members/project_member.rb @@ -92,7 +92,7 @@ class ProjectMember < Member private def send_invite - notification_service.invite_project_member(self, @raw_invite_token) + run_after_commit_or_now { notification_service.invite_project_member(self, @raw_invite_token) } super end @@ -100,7 +100,7 @@ class ProjectMember < Member def post_create_hook unless owner? event_service.join_project(self.project, self.user) - notification_service.new_project_member(self) + run_after_commit_or_now { notification_service.new_project_member(self) } end super @@ -108,7 +108,7 @@ class ProjectMember < Member def post_update_hook if access_level_changed? - notification_service.update_project_member(self) + run_after_commit { notification_service.update_project_member(self) } end super diff --git a/app/services/issues/close_service.rb b/app/services/issues/close_service.rb index fee5bc38f7b..4a99367c575 100644 --- a/app/services/issues/close_service.rb +++ b/app/services/issues/close_service.rb @@ -26,7 +26,7 @@ module Issues issue.update(closed_by: current_user) event_service.close_issue(issue, current_user) create_note(issue, commit) if system_note - notification_service.close_issue(issue, current_user) if notifications + notification_service.async.close_issue(issue, current_user) if notifications todo_service.close_issue(issue, current_user) execute_hooks(issue, 'close') invalidate_cache_counts(issue, users: issue.assignees) diff --git a/app/services/issues/move_service.rb b/app/services/issues/move_service.rb index 7140890d201..78e79344c99 100644 --- a/app/services/issues/move_service.rb +++ b/app/services/issues/move_service.rb @@ -139,7 +139,7 @@ module Issues end def notify_participants - notification_service.issue_moved(@old_issue, @new_issue, @current_user) + notification_service.async.issue_moved(@old_issue, @new_issue, @current_user) end end end diff --git a/app/services/issues/reopen_service.rb b/app/services/issues/reopen_service.rb index 62b4b4b6a1e..02224f3357a 100644 --- a/app/services/issues/reopen_service.rb +++ b/app/services/issues/reopen_service.rb @@ -6,7 +6,7 @@ module Issues if issue.reopen event_service.reopen_issue(issue, current_user) create_note(issue, 'reopened') - notification_service.reopen_issue(issue, current_user) + notification_service.async.reopen_issue(issue, current_user) execute_hooks(issue, 'reopen') invalidate_cache_counts(issue, users: issue.assignees) issue.update_project_counter_caches diff --git a/app/services/issues/update_service.rb b/app/services/issues/update_service.rb index 1374f10c586..1000e1842b6 100644 --- a/app/services/issues/update_service.rb +++ b/app/services/issues/update_service.rb @@ -30,7 +30,7 @@ module Issues if issue.assignees != old_assignees create_assignee_note(issue, old_assignees) - notification_service.reassigned_issue(issue, current_user, old_assignees) + notification_service.async.reassigned_issue(issue, current_user, old_assignees) todo_service.reassigned_issue(issue, current_user, old_assignees) end @@ -41,13 +41,13 @@ module Issues added_labels = issue.labels - old_labels if added_labels.present? - notification_service.relabeled_issue(issue, added_labels, current_user) + notification_service.async.relabeled_issue(issue, added_labels, current_user) end added_mentions = issue.mentioned_users - old_mentioned_users if added_mentions.present? - notification_service.new_mentions_in_issue(issue, added_mentions, current_user) + notification_service.async.new_mentions_in_issue(issue, added_mentions, current_user) end end diff --git a/app/services/merge_requests/close_service.rb b/app/services/merge_requests/close_service.rb index f727ec002e7..db701c1145d 100644 --- a/app/services/merge_requests/close_service.rb +++ b/app/services/merge_requests/close_service.rb @@ -10,7 +10,7 @@ module MergeRequests if merge_request.close create_event(merge_request) create_note(merge_request) - notification_service.close_mr(merge_request, current_user) + notification_service.async.close_mr(merge_request, current_user) todo_service.close_merge_request(merge_request, current_user) execute_hooks(merge_request, 'close') invalidate_cache_counts(merge_request, users: merge_request.assignees) diff --git a/app/services/merge_requests/reopen_service.rb b/app/services/merge_requests/reopen_service.rb index 120677a7149..8f1c95ac1b7 100644 --- a/app/services/merge_requests/reopen_service.rb +++ b/app/services/merge_requests/reopen_service.rb @@ -6,7 +6,7 @@ module MergeRequests if merge_request.reopen create_event(merge_request) create_note(merge_request, 'reopened') - notification_service.reopen_mr(merge_request, current_user) + notification_service.async.reopen_mr(merge_request, current_user) execute_hooks(merge_request, 'reopen') merge_request.reload_diff(current_user) merge_request.mark_as_unchecked diff --git a/app/services/merge_requests/resolved_discussion_notification_service.rb b/app/services/merge_requests/resolved_discussion_notification_service.rb index 3a09350c847..66a0cbc81d4 100644 --- a/app/services/merge_requests/resolved_discussion_notification_service.rb +++ b/app/services/merge_requests/resolved_discussion_notification_service.rb @@ -4,7 +4,7 @@ module MergeRequests return unless merge_request.discussions_resolved? SystemNoteService.resolve_all_discussions(merge_request, project, current_user) - notification_service.resolve_all_discussions(merge_request, current_user) + notification_service.async.resolve_all_discussions(merge_request, current_user) end end end diff --git a/app/services/merge_requests/update_service.rb b/app/services/merge_requests/update_service.rb index 8a40ad88182..7350725e223 100644 --- a/app/services/merge_requests/update_service.rb +++ b/app/services/merge_requests/update_service.rb @@ -21,6 +21,7 @@ module MergeRequests update(merge_request) end + # rubocop:disable Metrics/AbcSize def handle_changes(merge_request, options) old_associations = options.fetch(:old_associations, {}) old_labels = old_associations.fetch(:labels, []) @@ -42,8 +43,11 @@ module MergeRequests end if merge_request.previous_changes.include?('assignee_id') + old_assignee_id = merge_request.previous_changes['assignee_id'].first + old_assignee = User.find(old_assignee_id) if old_assignee_id + create_assignee_note(merge_request) - notification_service.reassigned_merge_request(merge_request, current_user) + notification_service.async.reassigned_merge_request(merge_request, current_user, old_assignee) todo_service.reassigned_merge_request(merge_request, current_user) end @@ -54,7 +58,7 @@ module MergeRequests added_labels = merge_request.labels - old_labels if added_labels.present? - notification_service.relabeled_merge_request( + notification_service.async.relabeled_merge_request( merge_request, added_labels, current_user @@ -63,13 +67,14 @@ module MergeRequests added_mentions = merge_request.mentioned_users - old_mentioned_users if added_mentions.present? - notification_service.new_mentions_in_merge_request( + notification_service.async.new_mentions_in_merge_request( merge_request, added_mentions, current_user ) end end + # rubocop:enable Metrics/AbcSize def merge_from_quick_action(merge_request) last_diff_sha = params.delete(:merge) diff --git a/app/services/notification_service.rb b/app/services/notification_service.rb index 274161df946..55a1735e54b 100644 --- a/app/services/notification_service.rb +++ b/app/services/notification_service.rb @@ -7,7 +7,32 @@ # Ex. # NotificationService.new.new_issue(issue, current_user) # +# When calculating the recipients of a notification is expensive (for instance, +# in the new issue case), `#async` will make that calculation happen in Sidekiq +# instead: +# +# NotificationService.new.async.new_issue(issue, current_user) +# class NotificationService + class Async + attr_reader :parent + delegate :respond_to_missing, to: :parent + + def initialize(parent) + @parent = parent + end + + def method_missing(meth, *args) + return super unless parent.respond_to?(meth) + + MailScheduler::NotificationServiceWorker.perform_async(meth.to_s, *args) + end + end + + def async + @async ||= Async.new(self) + end + # Always notify user about ssh key added # only if ssh key is not deploy key # @@ -142,8 +167,23 @@ class NotificationService # * merge_request assignee if their notification level is not Disabled # * users with custom level checked with "reassign merge request" # - def reassigned_merge_request(merge_request, current_user) - reassign_resource_email(merge_request, current_user, :reassigned_merge_request_email) + def reassigned_merge_request(merge_request, current_user, previous_assignee) + recipients = NotificationRecipientService.build_recipients( + merge_request, + current_user, + action: "reassign", + previous_assignee: previous_assignee + ) + + recipients.each do |recipient| + mailer.reassigned_merge_request_email( + recipient.user.id, + merge_request.id, + previous_assignee&.id, + current_user.id, + recipient.reason + ).deliver_later + end end # When we add labels to a merge request we should send an email to: @@ -421,29 +461,6 @@ class NotificationService end end - def reassign_resource_email(target, current_user, method) - previous_assignee_id = previous_record(target, 'assignee_id') - previous_assignee = User.find_by(id: previous_assignee_id) if previous_assignee_id - - recipients = NotificationRecipientService.build_recipients( - target, - current_user, - action: "reassign", - previous_assignee: previous_assignee - ) - - recipients.each do |recipient| - mailer.send( - method, - recipient.user.id, - target.id, - previous_assignee_id, - current_user.id, - recipient.reason - ).deliver_later - end - end - def relabeled_resource_email(target, labels, current_user, method) recipients = labels.flat_map { |l| l.subscribers(target.project) }.uniq recipients = notifiable_users( @@ -471,14 +488,6 @@ class NotificationService Notify end - def previous_record(object, attribute) - return unless object && attribute - - if object.previous_changes.include?(attribute) - object.previous_changes[attribute].first - end - end - private def recipients_for_pages_domain(domain) diff --git a/app/services/projects/update_pages_service.rb b/app/services/projects/update_pages_service.rb index de77f6bf585..1d8caec9c6f 100644 --- a/app/services/projects/update_pages_service.rb +++ b/app/services/projects/update_pages_service.rb @@ -1,6 +1,6 @@ module Projects class UpdatePagesService < BaseService - InvaildStateError = Class.new(StandardError) + InvalidStateError = Class.new(StandardError) FailedToExtractError = Class.new(StandardError) BLOCK_SIZE = 32.kilobytes @@ -21,8 +21,8 @@ module Projects @status.enqueue! @status.run! - raise InvaildStateError, 'missing pages artifacts' unless build.artifacts? - raise InvaildStateError, 'pages are outdated' unless latest? + raise InvalidStateError, 'missing pages artifacts' unless build.artifacts? + raise InvalidStateError, 'pages are outdated' unless latest? # Create temporary directory in which we will extract the artifacts FileUtils.mkdir_p(tmp_path) @@ -31,16 +31,16 @@ module Projects # Check if we did extract public directory archive_public_path = File.join(archive_path, 'public') - raise InvaildStateError, 'pages miss the public folder' unless Dir.exist?(archive_public_path) - raise InvaildStateError, 'pages are outdated' unless latest? + raise InvalidStateError, 'pages miss the public folder' unless Dir.exist?(archive_public_path) + raise InvalidStateError, 'pages are outdated' unless latest? deploy_page!(archive_public_path) success end - rescue InvaildStateError => e + rescue InvalidStateError => e error(e.message) rescue => e - error(e.message, false) + error(e.message) raise e end @@ -48,17 +48,15 @@ module Projects def success @status.success - delete_artifact! super end - def error(message, allow_delete_artifact = true) + def error(message) register_failure log_error("Projects::UpdatePagesService: #{message}") @status.allow_failure = !latest? @status.description = message @status.drop(:script_failure) - delete_artifact! if allow_delete_artifact super end @@ -77,18 +75,18 @@ module Projects if artifacts.ends_with?('.zip') extract_zip_archive!(temp_path) else - raise InvaildStateError, 'unsupported artifacts format' + raise InvalidStateError, 'unsupported artifacts format' end end def extract_zip_archive!(temp_path) - raise InvaildStateError, 'missing artifacts metadata' unless build.artifacts_metadata? + raise InvalidStateError, 'missing artifacts metadata' unless build.artifacts_metadata? # Calculate page size after extract public_entry = build.artifacts_metadata_entry(SITE_PATH, recursive: true) if public_entry.total_size > max_size - raise InvaildStateError, "artifacts for pages are too large: #{public_entry.total_size}" + raise InvalidStateError, "artifacts for pages are too large: #{public_entry.total_size}" end # Requires UnZip at least 6.00 Info-ZIP. @@ -162,11 +160,6 @@ module Projects build.artifacts_file.path end - def delete_artifact! - build.reload # Reload stable object to prevent erase artifacts with old state - build.erase_artifacts! unless build.has_expiring_artifacts? - end - def latest_sha project.commit(build.ref).try(:sha).to_s ensure diff --git a/app/services/system_note_service.rb b/app/services/system_note_service.rb index 958ef065012..00bf5434b7f 100644 --- a/app/services/system_note_service.rb +++ b/app/services/system_note_service.rb @@ -159,7 +159,7 @@ module SystemNoteService body = if noteable.time_estimate == 0 "removed time estimate" else - "changed time estimate to #{parsed_time}," + "changed time estimate to #{parsed_time}" end create_note(NoteSummary.new(noteable, project, author, body, action: 'time_tracking')) diff --git a/app/views/ci/variables/_variable_row.html.haml b/app/views/ci/variables/_variable_row.html.haml index 316b433c5cd..571eb28f195 100644 --- a/app/views/ci/variables/_variable_row.html.haml +++ b/app/views/ci/variables/_variable_row.html.haml @@ -17,14 +17,14 @@ .ci-variable-row-body %input.js-ci-variable-input-id{ type: "hidden", name: id_input_name, value: id } %input.js-ci-variable-input-destroy{ type: "hidden", name: destroy_input_name } - %input.js-ci-variable-input-key.ci-variable-body-item.form-control{ type: "text", + %input.js-ci-variable-input-key.ci-variable-body-item.qa-ci-variable-input-key.form-control{ type: "text", name: key_input_name, value: key, placeholder: s_('CiVariables|Input variable key') } .ci-variable-body-item - .form-control.js-secret-value-placeholder{ class: ('hidden' unless id) } + .form-control.js-secret-value-placeholder.qa-ci-variable-input-value{ class: ('hide' unless id) } = '*' * 20 - %textarea.js-ci-variable-input-value.js-secret-value.form-control{ class: ('hidden' if id), + %textarea.js-ci-variable-input-value.js-secret-value.qa-ci-variable-input-value.form-control{ class: ('hide' if id), rows: 1, name: value_input_name, placeholder: s_('CiVariables|Input variable value') } diff --git a/app/views/projects/protected_branches/_branches_list.html.haml b/app/views/projects/protected_branches/_branches_list.html.haml index 5377d745371..24d2b971472 100644 --- a/app/views/projects/protected_branches/_branches_list.html.haml +++ b/app/views/projects/protected_branches/_branches_list.html.haml @@ -1,4 +1,4 @@ - can_admin_project = can?(current_user, :admin_project, @project) = render layout: 'projects/protected_branches/shared/branches_list', locals: { can_admin_project: can_admin_project } do - = render partial: 'projects/protected_branches/protected_branch', collection: @protected_branches, locals: { can_admin_project: can_admin_project} + = render partial: 'projects/protected_branches/protected_branch', collection: @protected_branches diff --git a/app/views/projects/protected_branches/_create_protected_branch.html.haml b/app/views/projects/protected_branches/_create_protected_branch.html.haml index 12ccae10260..24b53555cdc 100644 --- a/app/views/projects/protected_branches/_create_protected_branch.html.haml +++ b/app/views/projects/protected_branches/_create_protected_branch.html.haml @@ -1,8 +1,8 @@ - content_for :merge_access_levels do .merge_access_levels-container = dropdown_tag('Select', - options: { toggle_class: 'js-allowed-to-merge wide', - dropdown_class: 'dropdown-menu-selectable capitalize-header', + options: { toggle_class: 'js-allowed-to-merge qa-allowed-to-merge-select wide', + dropdown_class: 'dropdown-menu-selectable qa-allowed-to-merge-dropdown capitalize-header', data: { field_name: 'protected_branch[merge_access_levels_attributes][0][access_level]', input_id: 'merge_access_levels_attributes' }}) - content_for :push_access_levels do .push_access_levels-container diff --git a/app/views/projects/protected_branches/_update_protected_branch.html.haml b/app/views/projects/protected_branches/_update_protected_branch.html.haml index 98363f2018a..f242459f69b 100644 --- a/app/views/projects/protected_branches/_update_protected_branch.html.haml +++ b/app/views/projects/protected_branches/_update_protected_branch.html.haml @@ -1,7 +1,7 @@ %td = hidden_field_tag "allowed_to_merge_#{protected_branch.id}", protected_branch.merge_access_levels.first.access_level = dropdown_tag( (protected_branch.merge_access_levels.first.humanize || 'Select') , - options: { toggle_class: 'js-allowed-to-merge', dropdown_class: 'dropdown-menu-selectable js-allowed-to-merge-container capitalize-header', + options: { toggle_class: 'js-allowed-to-merge qa-allowed-to-merge', dropdown_class: 'dropdown-menu-selectable js-allowed-to-merge-container capitalize-header', data: { field_name: "allowed_to_merge_#{protected_branch.id}", access_level_id: protected_branch.merge_access_levels.first.id }}) %td = hidden_field_tag "allowed_to_push_#{protected_branch.id}", protected_branch.push_access_levels.first.access_level diff --git a/app/views/projects/protected_branches/shared/_protected_branch.html.haml b/app/views/projects/protected_branches/shared/_protected_branch.html.haml index d1fa1bb120b..82ef08272d3 100644 --- a/app/views/projects/protected_branches/shared/_protected_branch.html.haml +++ b/app/views/projects/protected_branches/shared/_protected_branch.html.haml @@ -21,4 +21,4 @@ - if can_admin_project %td - = link_to 'Unprotect', [@project.namespace.becomes(Namespace), @project, protected_branch], data: { confirm: 'Branch will be writable for developers. Are you sure?' }, method: :delete, class: 'btn btn-warning' + = link_to 'Unprotect', [@project.namespace.becomes(Namespace), @project, protected_branch], disabled: local_assigns[:disabled], data: { confirm: 'Branch will be writable for developers. Are you sure?' }, method: :delete, class: "btn btn-warning" diff --git a/app/views/projects/settings/ci_cd/_autodevops_form.html.haml b/app/views/projects/settings/ci_cd/_autodevops_form.html.haml index 7b410101c05..71e77dae69e 100644 --- a/app/views/projects/settings/ci_cd/_autodevops_form.html.haml +++ b/app/views/projects/settings/ci_cd/_autodevops_form.html.haml @@ -36,5 +36,6 @@ = form.text_field :domain, class: 'form-control', placeholder: 'domain.com' .help-block = s_('CICD|You need to specify a domain if you want to use Auto Review Apps and Auto Deploy stages.') + = link_to icon('question-circle'), help_page_path('topics/autodevops/index.md', anchor: 'auto-devops-base-domain'), target: '_blank' = f.submit 'Save changes', class: "btn btn-success prepend-top-15" diff --git a/app/workers/all_queues.yml b/app/workers/all_queues.yml index 9aea3bad27b..c469aea7052 100644 --- a/app/workers/all_queues.yml +++ b/app/workers/all_queues.yml @@ -41,6 +41,7 @@ - github_importer:github_import_stage_import_repository - mail_scheduler:mail_scheduler_issue_due +- mail_scheduler:mail_scheduler_notification_service - object_storage_upload - object_storage:object_storage_background_move diff --git a/app/workers/concerns/mail_scheduler_queue.rb b/app/workers/concerns/mail_scheduler_queue.rb index 9df55ad9522..f3e9680d756 100644 --- a/app/workers/concerns/mail_scheduler_queue.rb +++ b/app/workers/concerns/mail_scheduler_queue.rb @@ -4,4 +4,8 @@ module MailSchedulerQueue included do queue_namespace :mail_scheduler end + + def notification_service + @notification_service ||= NotificationService.new + end end diff --git a/app/workers/mail_scheduler/issue_due_worker.rb b/app/workers/mail_scheduler/issue_due_worker.rb index b06079d68ca..54285884a52 100644 --- a/app/workers/mail_scheduler/issue_due_worker.rb +++ b/app/workers/mail_scheduler/issue_due_worker.rb @@ -4,8 +4,6 @@ module MailScheduler include MailSchedulerQueue def perform(project_id) - notification_service = NotificationService.new - Issue.opened.due_tomorrow.in_projects(project_id).preload(:project).find_each do |issue| notification_service.issue_due(issue) end diff --git a/app/workers/mail_scheduler/notification_service_worker.rb b/app/workers/mail_scheduler/notification_service_worker.rb new file mode 100644 index 00000000000..7cfe0aa0df1 --- /dev/null +++ b/app/workers/mail_scheduler/notification_service_worker.rb @@ -0,0 +1,19 @@ +require 'active_job/arguments' + +module MailScheduler + class NotificationServiceWorker + include ApplicationWorker + include MailSchedulerQueue + + def perform(meth, *args) + deserialized_args = ActiveJob::Arguments.deserialize(args) + + notification_service.public_send(meth, *deserialized_args) # rubocop:disable GitlabSecurity/PublicSend + rescue ActiveJob::DeserializationError + end + + def self.perform_async(*args) + super(*ActiveJob::Arguments.serialize(args)) + end + end +end diff --git a/changelogs/unreleased/45481-sane-pages-artifacts.yml b/changelogs/unreleased/45481-sane-pages-artifacts.yml new file mode 100644 index 00000000000..b9c68b70012 --- /dev/null +++ b/changelogs/unreleased/45481-sane-pages-artifacts.yml @@ -0,0 +1,6 @@ +--- +title: Don't automatically remove artifacts for pages jobs after pages:deploy has + run +merge_request: 18628 +author: +type: fixed diff --git a/changelogs/unreleased/45572-members-invitations-scheduled-before-commit.yml b/changelogs/unreleased/45572-members-invitations-scheduled-before-commit.yml new file mode 100644 index 00000000000..7cdea436d47 --- /dev/null +++ b/changelogs/unreleased/45572-members-invitations-scheduled-before-commit.yml @@ -0,0 +1,5 @@ +--- +title: Ensure member notifications are sent after the member actual creation/update in the DB +merge_request: 18538 +author: +type: fixed diff --git a/changelogs/unreleased/add-jwt-strategy-to-gitlab-suite.yml b/changelogs/unreleased/add-jwt-strategy-to-gitlab-suite.yml new file mode 100644 index 00000000000..22a839cef56 --- /dev/null +++ b/changelogs/unreleased/add-jwt-strategy-to-gitlab-suite.yml @@ -0,0 +1,5 @@ +--- +title: Ports omniauth-jwt gem onto GitLab OmniAuth Strategies suite +merge_request: 18580 +author: +type: fixed diff --git a/changelogs/unreleased/bvl-fix-openid-redirect.yml b/changelogs/unreleased/bvl-fix-openid-redirect.yml new file mode 100644 index 00000000000..83ee6d953e4 --- /dev/null +++ b/changelogs/unreleased/bvl-fix-openid-redirect.yml @@ -0,0 +1,5 @@ +--- +title: Fix redirection error for applications using OpenID +merge_request: 18599 +author: +type: fixed diff --git a/changelogs/unreleased/jramsay-44880-filter-pipelines-by-sha.yml b/changelogs/unreleased/jramsay-44880-filter-pipelines-by-sha.yml new file mode 100644 index 00000000000..3654aa28ff4 --- /dev/null +++ b/changelogs/unreleased/jramsay-44880-filter-pipelines-by-sha.yml @@ -0,0 +1,5 @@ +--- +title: Add sha filter to pipelines list API +merge_request: 18125 +author: +type: changed diff --git a/changelogs/unreleased/move-notification-service-calls-to-sidekiq.yml b/changelogs/unreleased/move-notification-service-calls-to-sidekiq.yml new file mode 100644 index 00000000000..b2517884d3c --- /dev/null +++ b/changelogs/unreleased/move-notification-service-calls-to-sidekiq.yml @@ -0,0 +1,5 @@ +--- +title: Compute notification recipients in background jobs +merge_request: +author: +type: performance diff --git a/changelogs/unreleased/zj-repository-exist-mandatory.yml b/changelogs/unreleased/zj-repository-exist-mandatory.yml new file mode 100644 index 00000000000..7d83446e90f --- /dev/null +++ b/changelogs/unreleased/zj-repository-exist-mandatory.yml @@ -0,0 +1,5 @@ +--- +title: Repository#exists? is always executed through Gitaly +merge_request: +author: +type: performance diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example index 8c39a1f2aa9..7eb44b8059e 100644 --- a/config/gitlab.yml.example +++ b/config/gitlab.yml.example @@ -184,18 +184,18 @@ production: &base # base_dir: uploads/-/system object_store: enabled: false - # remote_directory: uploads # Bucket name + remote_directory: uploads # Bucket name # direct_upload: false # Use Object Storage directly for uploads instead of background uploads if enabled (Default: false) # background_upload: false # Temporary option to limit automatic upload (Default: true) # proxy_download: false # Passthrough all downloads via GitLab instead of using Redirects to Object Storage - connection: - provider: AWS - aws_access_key_id: AWS_ACCESS_KEY_ID - aws_secret_access_key: AWS_SECRET_ACCESS_KEY - region: us-east-1 - # host: 'localhost' # default: s3.amazonaws.com - # endpoint: 'http://127.0.0.1:9000' # default: nil - # path_style: true # Use 'host/bucket_name/object' instead of 'bucket_name.host/object' + connection: + provider: AWS + aws_access_key_id: AWS_ACCESS_KEY_ID + aws_secret_access_key: AWS_SECRET_ACCESS_KEY + region: us-east-1 + # host: 'localhost' # default: s3.amazonaws.com + # endpoint: 'http://127.0.0.1:9000' # default: nil + # path_style: true # Use 'host/bucket_name/object' instead of 'bucket_name.host/object' ## GitLab Pages pages: @@ -212,6 +212,8 @@ production: &base artifacts_server: true # external_http: ["1.1.1.1:80", "[2001::1]:80"] # If defined, enables custom domain support in GitLab Pages # external_https: ["1.1.1.1:443", "[2001::1]:443"] # If defined, enables custom domain and certificate support in GitLab Pages + admin: + address: unix:/home/git/gitlab/tmp/sockets/private/pages-admin.socket # TCP connections are supported too (e.g. tcp://host:port) ## Mattermost ## For enabling Add to Mattermost button @@ -532,7 +534,7 @@ production: &base # required_claims: ["name", "email"], # info_map: { name: "name", email: "email" }, # auth_url: 'https://example.com/', - # valid_within: nil, + # valid_within: null, # } # } # - { name: 'saml', @@ -823,7 +825,7 @@ test: required_claims: ["name", "email"], info_map: { name: "name", email: "email" }, auth_url: 'https://example.com/', - valid_within: nil, + valid_within: null, } } - { name: 'auth0', diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb index 575f27d1ea9..5248bd858a0 100644 --- a/config/initializers/1_settings.rb +++ b/config/initializers/1_settings.rb @@ -215,6 +215,9 @@ Settings.pages['external_http'] ||= false unless Settings.pages['external_ht Settings.pages['external_https'] ||= false unless Settings.pages['external_https'].present? Settings.pages['artifacts_server'] ||= Settings.pages['enabled'] if Settings.pages['artifacts_server'].nil? +Settings.pages['admin'] ||= Settingslogic.new({}) +Settings.pages.admin['certificate'] ||= '' + # # Git LFS # diff --git a/config/initializers/fast_gettext.rb b/config/initializers/9_fast_gettext.rb index fd0167aa476..fd0167aa476 100644 --- a/config/initializers/fast_gettext.rb +++ b/config/initializers/9_fast_gettext.rb diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb index 2079d3acb72..e3a342590d4 100644 --- a/config/initializers/doorkeeper.rb +++ b/config/initializers/doorkeeper.rb @@ -104,5 +104,5 @@ Doorkeeper.configure do # set to true if you want this to be allowed # wildcard_redirect_uri false - base_controller 'ApplicationController' + base_controller '::Gitlab::BaseDoorkeeperController' end diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb index 00baea08613..e33ebb25c4c 100644 --- a/config/initializers/omniauth.rb +++ b/config/initializers/omniauth.rb @@ -25,5 +25,6 @@ end module OmniAuth module Strategies autoload :Bitbucket, Rails.root.join('lib', 'omni_auth', 'strategies', 'bitbucket') + autoload :Jwt, Rails.root.join('lib', 'omni_auth', 'strategies', 'jwt') end end diff --git a/config/initializers/pages.rb b/config/initializers/pages.rb new file mode 100644 index 00000000000..835197557e8 --- /dev/null +++ b/config/initializers/pages.rb @@ -0,0 +1,2 @@ +Gitlab::PagesClient.read_or_create_token +Gitlab::PagesClient.load_certificate diff --git a/doc/README.md b/doc/README.md index a841a4cfbf1..a2e152ce383 100644 --- a/doc/README.md +++ b/doc/README.md @@ -15,8 +15,8 @@ To understand what features you have access to, check the [GitLab subscriptions] | General documentation | GitLab CI/CD docs | | :----- | :----- | -| [User documentation](user/index.md) | [GitLab CI/CD](ci/README.md) | -| [Administrator documentation](administration/index.md) | [GitLab CI/CD quick start guide](ci/quick_start/README.md) | +| [User documentation](user/index.md) | [GitLab CI/CD quick start guide](ci/quick_start/README.md) | +| [Administrator documentation](administration/index.md) | [GitLab CI/CD examples](ci/examples/README.md) | | [Contributor documentation](#contributor-documentation) | [Configuring `.gitlab-ci.yml`](ci/yaml/README.md) | | [Getting started with GitLab](#getting-started-with-gitlab) | [Using Docker images](ci/docker/using_docker_images.md) | | [API](api/README.md) | [Auto DevOps](topics/autodevops/index.md) | @@ -90,6 +90,7 @@ Manage your [repositories](user/project/repository/index.md) from the UI (user i - [Create a file](user/project/repository/web_editor.md#create-a-file) - [Upload a file](user/project/repository/web_editor.md#upload-a-file) - [File templates](user/project/repository/web_editor.md#template-dropdowns) + - [Jupyter Notebook files](user/project/repository/index.md#jupyter-notebook-files) - [Create a directory](user/project/repository/web_editor.md#create-a-directory) - [Start a merge request](user/project/repository/web_editor.md#tips) (when committing via UI) - [Branches](user/project/repository/branches/index.md) @@ -100,6 +101,14 @@ Manage your [repositories](user/project/repository/index.md) from the UI (user i - [Commits](user/project/repository/index.md#commits) - [Signing commits](user/project/repository/gpg_signed_commits/index.md): use GPG to sign your commits. +#### Merge Requests + +- [Merge Requests](user/project/merge_requests/index.md) + - [Work In Progress "WIP" Merge Requests](user/project/merge_requests/work_in_progress_merge_requests.md) + - [Merge Request discussion resolution](user/discussions/index.md#moving-a-single-discussion-to-a-new-issue): Resolve discussions, move discussions in a merge request to an issue, only allow merge requests to be merged if all discussions are resolved. + - [Checkout merge requests locally](user/project/merge_requests/index.md#checkout-merge-requests-locally) + - [Cherry-pick](user/project/merge_requests/cherry_pick_changes.md) + #### Integrations - [Project Services](user/project/integrations/project_services.md): Integrate a project with external services, such as CI and chat. @@ -113,18 +122,16 @@ Manage your [repositories](user/project/repository/index.md) from the UI (user i ### Verify -Spot errors sooner and shorten feedback cycles with built-in code review, code testing, -Code Quality, and Review Apps. Customize your approval workflow controls, automatically -test the quality of your code, and spin up a staging environment for every code change. -GitLab Continuous Integration is the most popular next generation testing system that -auto scales to run your tests faster. +Spot errors sooner, improve security and shorten feedback cycles with built-in +static code analysis, code testing, code quality, dependency checking and review +apps. Customize your approval workflow controls, automatically test the quality +of your code, and spin up a staging environment for every code change. GitLab +Continuous Integration is the most popular next generation testing system that +scales to run your tests faster. -- [Merge Requests](user/project/merge_requests/index.md) - - [Work In Progress Merge Requests](user/project/merge_requests/work_in_progress_merge_requests.md) - - [Merge Request discussion resolution](user/discussions/index.md#moving-a-single-discussion-to-a-new-issue): Resolve discussions, move discussions in a merge request to an issue, only allow merge requests to be merged if all discussions are resolved. - - [Checkout merge requests locally](user/project/merge_requests/index.md#checkout-merge-requests-locally) - - [Cherry-pick](user/project/merge_requests/cherry_pick_changes.md) +- [GitLab CI/CD](ci/README.md): Explore the features and capabilities of Continuous Integration, Continuous Delivery, and Continuous Deployment with GitLab. - [Review Apps](ci/review_apps/index.md): Preview changes to your app right from a merge request. +- [Pipeline Graphs](ci/pipelines.md#pipeline-graphs) ### Package @@ -132,7 +139,6 @@ GitLab Container Registry gives you the enhanced security and access controls of custom Docker images without 3rd party add-ons. Easily upload and download images from GitLab CI/CD with full Git repository management integration. -- [GitLab CI/CD](ci/README.md): Explore the features and capabilities of Continuous Integration, Continuous Delivery, and Continuous Deployment with GitLab. - [GitLab Container Registry](user/project/container_registry.md): Learn how to use GitLab's built-in Container Registry. ### Release @@ -141,9 +147,11 @@ Spend less time configuring your tools, and more time creating. Whether you’re deploying to one server or thousands, build, test, and release your code confidently and securely with GitLab’s built-in Continuous Delivery and Deployment. -- [GitLab Pages](user/project/pages/index.md): Build, test, and deploy a static site directly from GitLab. - [Auto Deploy](topics/autodevops/index.md#auto-deploy): Configure GitLab CI for the deployment of your application. - [Environments and deployments](ci/environments.md): With environments, you can control the continuous deployment of your software within GitLab. +- [GitLab Pages](user/project/pages/index.md): Build, test, and deploy a static site directly from GitLab. +- [Scheduled Pipelines](user/project/pipelines/schedules.md) +- [Protected Runners](ci/runners/README.md#protected-runners) ### Configure @@ -152,6 +160,9 @@ Auto Devops. Best practice templates get you started with minimal to zero configuration. Then customize everything from buildpacks to CI/CD. - [Auto DevOps](topics/autodevops/index.md) +- [Deployment of Helm, Ingress, and Prometheus on Kubernetes](user/project/clusters/index.md#installing-applications) +- [Protected secret variables](ci/variables/README.md#protected-secret-variables) +- [Easy creation of Kubernetes clusters on GKE](user/project/clusters/index.md#adding-and-creating-a-new-gke-cluster-via-gitlab) ### Monitor diff --git a/doc/administration/auth/jwt.md b/doc/administration/auth/jwt.md index b51e705ab52..8b00f52ffc1 100644 --- a/doc/administration/auth/jwt.md +++ b/doc/administration/auth/jwt.md @@ -50,7 +50,7 @@ JWT will provide you with a secret key for you to use. required_claims: ["name", "email"], info_map: { name: "name", email: "email" }, auth_url: 'https://example.com/', - valid_within: nil, + valid_within: null, } } ``` diff --git a/doc/administration/high_availability/redis.md b/doc/administration/high_availability/redis.md index 430f865f1e7..031fb31ca4f 100644 --- a/doc/administration/high_availability/redis.md +++ b/doc/administration/high_availability/redis.md @@ -323,7 +323,7 @@ The prerequisites for a HA Redis setup are the following: # machines to connect to it. redis['port'] = 6379 - # The same password for Redeis authentication you set up for the master node. + # The same password for Redis authentication you set up for the master node. redis['password'] = 'redis-password-goes-here' # The IP of the master Redis node. diff --git a/doc/administration/job_artifacts.md b/doc/administration/job_artifacts.md index 896cb93e5ed..77fe4d561a1 100644 --- a/doc/administration/job_artifacts.md +++ b/doc/administration/job_artifacts.md @@ -107,7 +107,7 @@ For source installations the following settings are nested under `artifacts:` an | Setting | Description | Default | |---------|-------------|---------| | `enabled` | Enable/disable object storage | `false` | -| `remote_directory` | The bucket name where Artfacts will be stored| | +| `remote_directory` | The bucket name where Artifacts will be stored| | | `direct_upload` | Set to true to enable direct upload of Artifacts without the need of local shared storage. Option may be removed once we decide to support only single storage for all files. Currently only `Google` provider is supported | `false` | | `background_upload` | Set to false to disable automatic upload. Option may be removed once upload is direct to S3 | `true` | | `proxy_download` | Set to true to enable proxying all files served. Option allows to reduce egress traffic as this allows clients to download directly from remote storage instead of proxying all data | `false` | @@ -148,7 +148,7 @@ _The artifacts are stored by default in ``` NOTE: For GitLab 9.4+, if you are using AWS IAM profiles, be sure to omit the - AWS access key and secret acces key/value pairs. For example: + AWS access key and secret access key/value pairs. For example: ```ruby gitlab_rails['artifacts_object_store_connection'] = { diff --git a/doc/administration/monitoring/prometheus/gitlab_metrics.md b/doc/administration/monitoring/prometheus/gitlab_metrics.md index f495990d9a4..69600cad25c 100644 --- a/doc/administration/monitoring/prometheus/gitlab_metrics.md +++ b/doc/administration/monitoring/prometheus/gitlab_metrics.md @@ -46,7 +46,7 @@ In this experimental phase, only a few metrics are available: | redis_ping_latency_seconds | Gauge | 9.4 | Round trip time of the redis ping | | user_session_logins_total | Counter | 9.4 | Counter of how many users have logged in | | filesystem_circuitbreaker_latency_seconds | Gauge | 9.5 | Time spent validating if a storage is accessible | -| filesystem_circuitbreaker | Gauge | 9.5 | Wether or not the circuit for a certain shard is broken or not | +| filesystem_circuitbreaker | Gauge | 9.5 | Whether or not the circuit for a certain shard is broken or not | | circuitbreaker_storage_check_duration_seconds | Histogram | 10.3 | Time a single storage probe took | ## Metrics shared directory diff --git a/doc/administration/operations/fast_ssh_key_lookup.md b/doc/administration/operations/fast_ssh_key_lookup.md index bd6c7bb07b5..89331238ce4 100644 --- a/doc/administration/operations/fast_ssh_key_lookup.md +++ b/doc/administration/operations/fast_ssh_key_lookup.md @@ -31,7 +31,7 @@ GitLab Shell provides a way to authorize SSH users via a fast, indexed lookup to the GitLab database. GitLab Shell uses the fingerprint of the SSH key to check whether the user is authorized to access GitLab. -Add the following to your `sshd_config` file. This is usuaully located at +Add the following to your `sshd_config` file. This is usually located at `/etc/ssh/sshd_config`, but it will be `/assets/sshd_config` if you're using Omnibus Docker: diff --git a/doc/administration/uploads.md b/doc/administration/uploads.md index 2fa3284b6be..7f0bd8f04e3 100644 --- a/doc/administration/uploads.md +++ b/doc/administration/uploads.md @@ -104,7 +104,7 @@ _The uploads are stored by default in ``` >**Note:** -If you are using AWS IAM profiles, be sure to omit the AWS access key and secret acces key/value pairs. +If you are using AWS IAM profiles, be sure to omit the AWS access key and secret access key/value pairs. ```ruby gitlab_rails['uploads_object_store_connection'] = { diff --git a/doc/api/README.md b/doc/api/README.md index 40071f1ed8b..e777fc63d2b 100644 --- a/doc/api/README.md +++ b/doc/api/README.md @@ -293,7 +293,7 @@ The following table gives an overview of how the API functions generally behave. | `GET` | Access one or more resources and return the result as JSON. | | `POST` | Return `201 Created` if the resource is successfully created and return the newly created resource as JSON. | | `GET` / `PUT` | Return `200 OK` if the resource is accessed or modified successfully. The (modified) result is returned as JSON. | -| `DELETE` | Returns `204 No Content` if the resuource was deleted successfully. | +| `DELETE` | Returns `204 No Content` if the resource was deleted successfully. | The following table shows the possible return codes for API requests. diff --git a/doc/api/group_badges.md b/doc/api/group_badges.md index 0d7d0fd9c42..f2353542a5c 100644 --- a/doc/api/group_badges.md +++ b/doc/api/group_badges.md @@ -12,7 +12,7 @@ Badges support placeholders that will be replaced in real time in both the link - **%{default_branch}**: will be replaced by the project default branch. - **%{commit_sha}**: will be replaced by the last project's commit sha. -Because these enpoints aren't inside a project's context, the information used to replace the placeholders will be +Because these endpoints aren't inside a project's context, the information used to replace the placeholders will be from the first group's project by creation date. If the group hasn't got any project the original URL with the placeholders will be returned. ## List all badges of a group diff --git a/doc/api/pipeline_schedules.md b/doc/api/pipeline_schedules.md index c28f48e5fc6..137f1fdddec 100644 --- a/doc/api/pipeline_schedules.md +++ b/doc/api/pipeline_schedules.md @@ -108,7 +108,7 @@ POST /projects/:id/pipeline_schedules | `description` | string | yes | The description of pipeline schedule | | `ref` | string | yes | The branch/tag name will be triggered | | `cron ` | string | yes | The cron (e.g. `0 1 * * *`) ([Cron syntax](https://en.wikipedia.org/wiki/Cron)) | -| `cron_timezone ` | string | no | The timezone supproted by `ActiveSupport::TimeZone` (e.g. `Pacific Time (US & Canada)`) (default: `'UTC'`) | +| `cron_timezone ` | string | no | The timezone supported by `ActiveSupport::TimeZone` (e.g. `Pacific Time (US & Canada)`) (default: `'UTC'`) | | `active ` | boolean | no | The activation of pipeline schedule. If false is set, the pipeline schedule will deactivated initially (default: `true`) | ```sh @@ -153,7 +153,7 @@ PUT /projects/:id/pipeline_schedules/:pipeline_schedule_id | `description` | string | no | The description of pipeline schedule | | `ref` | string | no | The branch/tag name will be triggered | | `cron ` | string | no | The cron (e.g. `0 1 * * *`) ([Cron syntax](https://en.wikipedia.org/wiki/Cron)) | -| `cron_timezone ` | string | no | The timezone supproted by `ActiveSupport::TimeZone` (e.g. `Pacific Time (US & Canada)`) or `TZInfo::Timezone` (e.g. `America/Los_Angeles`) | +| `cron_timezone ` | string | no | The timezone supported by `ActiveSupport::TimeZone` (e.g. `Pacific Time (US & Canada)`) or `TZInfo::Timezone` (e.g. `America/Los_Angeles`) | | `active ` | boolean | no | The activation of pipeline schedule. If false is set, the pipeline schedule will deactivated initially. | ```sh diff --git a/doc/api/pipelines.md b/doc/api/pipelines.md index a6631cab8c3..899f5da6647 100644 --- a/doc/api/pipelines.md +++ b/doc/api/pipelines.md @@ -14,6 +14,7 @@ GET /projects/:id/pipelines | `scope` | string | no | The scope of pipelines, one of: `running`, `pending`, `finished`, `branches`, `tags` | | `status` | string | no | The status of pipelines, one of: `running`, `pending`, `success`, `failed`, `canceled`, `skipped` | | `ref` | string | no | The ref of pipelines | +| `sha` | string | no | The sha or pipelines | | `yaml_errors`| boolean | no | Returns pipelines with invalid configurations | | `name`| string | no | The name of the user who triggered pipelines | | `username`| string | no | The username of the user who triggered pipelines | diff --git a/doc/ci/examples/devops_and_game_dev_with_gitlab_ci_cd/index.md b/doc/ci/examples/devops_and_game_dev_with_gitlab_ci_cd/index.md index bfc8558a580..3d21c0cc306 100644 --- a/doc/ci/examples/devops_and_game_dev_with_gitlab_ci_cd/index.md +++ b/doc/ci/examples/devops_and_game_dev_with_gitlab_ci_cd/index.md @@ -509,7 +509,7 @@ and unit tests, all running and deployed at every push to master - with shocking Errors can be easily debugged through GitLab's build logs, and within minutes of a successful commit, you can see the changes live on your game. -Setting up Continous Integration and Continuous Deployment from the start with Dark Nova enables +Setting up Continuous Integration and Continuous Deployment from the start with Dark Nova enables rapid but stable development. We can easily test changes in a separate [environment](../../../ci/environments.md#introduction-to-environments-and-deployments), or multiple environments if needed. Balancing and updating a multiplayer game can be ongoing and tedious, but having faith in a stable deployment with GitLab CI/CD allows diff --git a/doc/ci/examples/test_phoenix_app_with_gitlab_ci_cd/index.md b/doc/ci/examples/test_phoenix_app_with_gitlab_ci_cd/index.md index 7f6519fd38e..a2de0408797 100644 --- a/doc/ci/examples/test_phoenix_app_with_gitlab_ci_cd/index.md +++ b/doc/ci/examples/test_phoenix_app_with_gitlab_ci_cd/index.md @@ -30,7 +30,7 @@ and GitLab UI._ Many components and concepts are similar to Ruby on Rails or Python's Django. High developer productivity and high application performance are only a few advantages on learning how to use it. -Working on the MVC pattern, it's was designed to be modular and flexible. Easy to mantain a growing +Working on the MVC pattern, it's was designed to be modular and flexible. Easy to maintain a growing app is a plus. Phoenix can run in any OS where Erlang is supported: @@ -48,7 +48,7 @@ Check the [Phoenix learning guide][phoenix-learning-guide] for more information. ### What is Elixir? [Elixir][elixir-site] is a dynamic, functional language created to use all the maturity of Erlang -(30 years old!) in these days, in an easy way. It has similarities with Ruby, specially on sintax, +(30 years old!) in these days, in an easy way. It has similarities with Ruby, specially on syntax, so Ruby developers are quite excited with the rapid growing of Elixir. A full-stack Ruby developer can learn how to use Elixir and Phoenix in just a few weeks! @@ -162,7 +162,7 @@ productive, because every time we, or our co-workers push any code, GitLab CI/CD test the changes, telling us in realtime if anything goes wrong. Certainly, when our application starts to grow, we'll need more developers working on the same -project and this process of building and testing can easely become a mess without proper management. +project and this process of building and testing can easily become a mess without proper management. That's also why GitLab CI/CD is so important to our application. Every time someone pushes its code to GitLab, we'll quickly know if their changes broke something or not. We don't need to stop everything we're doing to test manually and locally every change our team does. @@ -237,7 +237,7 @@ Finished in 0.7 seconds Randomized with seed 610000 ``` -Our test was successfull. It's time to push our files to GitLab. +Our test was successful. It's time to push our files to GitLab. ## Configuring CI/CD Pipeline @@ -302,7 +302,7 @@ template** and select **Elixir**: ``` It's important to install `postgresql-client` to let GitLab CI/CD access PostgreSQL and create our - database with the login information provided earlier. More important is to respect the identation, + database with the login information provided earlier. More important is to respect the indentation, to avoid syntax errors when running the build. - And finally, we'll let `mix` session intact. @@ -333,7 +333,7 @@ mix: - mix test ``` -For safety, we can check if we get any syntax errors before submiting this file to GitLab. Copy the +For safety, we can check if we get any syntax errors before submitting this file to GitLab. Copy the contents of `.gitlab-ci.yml` and paste it on [GitLab CI/CD Lint tool][ci-lint]. Please note that this link will only work for logged in users. @@ -384,7 +384,7 @@ working properly. When we have a growing application with many developers working on it, or when we have an open source project being watched and contributed by the community, it is really important to have our -code permanently working. GitLab CI/CD is a time saving powerfull tool to help us mantain our code +code permanently working. GitLab CI/CD is a time saving powerful tool to help us maintain our code organized and working. As we could see in this post, GitLab CI/CD is really really easy to configure and use. We have [many diff --git a/doc/ci/variables/README.md b/doc/ci/variables/README.md index 146df15899f..38a988f4507 100644 --- a/doc/ci/variables/README.md +++ b/doc/ci/variables/README.md @@ -551,7 +551,7 @@ You can find a full list of unsupported variables below: - `CI_DEPLOY_USER` - `CI_DEPLOY_PASSWORD` -These variables are also not supported in a contex of a +These variables are also not supported in a context of a [dynamic environment name][dynamic-environments]. [ce-13784]: https://gitlab.com/gitlab-org/gitlab-ce/issues/13784 "Simple protection of CI secret variables" diff --git a/doc/development/README.md b/doc/development/README.md index 99c6641e637..3c77e99b8cf 100644 --- a/doc/development/README.md +++ b/doc/development/README.md @@ -41,6 +41,7 @@ comments: false - [Avoid modules with instance variables](module_with_instance_variables.md) if possible - [How to dump production data to staging](db_dump.md) - [Working with the GitHub importer](github_importer.md) +- [Working with Merge Request diffs](diffs.md) ## Performance guides diff --git a/doc/development/background_migrations.md b/doc/development/background_migrations.md index ce69694ab6a..46c5baddb9c 100644 --- a/doc/development/background_migrations.md +++ b/doc/development/background_migrations.md @@ -24,7 +24,7 @@ Some examples where background migrations can be useful: * Migrating events from one table to multiple separate tables. * Populating one column based on JSON stored in another column. -* Migrating data that depends on the output of exernal services (e.g. an API). +* Migrating data that depends on the output of external services (e.g. an API). ## Isolation @@ -46,7 +46,7 @@ See [Sidekiq best practices guidelines](https://github.com/mperham/sidekiq/wiki/ for more details. Make sure that in case that your migration job is going to be retried data -integrity is guarateed. +integrity is guaranteed. ## How It Works diff --git a/doc/development/diffs.md b/doc/development/diffs.md new file mode 100644 index 00000000000..55fc16e0b33 --- /dev/null +++ b/doc/development/diffs.md @@ -0,0 +1,115 @@ +# Working with Merge Request diffs + +Currently we rely on different sources to present merge request diffs, these include: + +- Rugged gem +- Gitaly service +- Database (through `merge_request_diff_files`) +- Redis (cached highlighted diffs) + +We're constantly moving Rugged calls to Gitaly and the progress can be followed through [Gitaly repo](https://gitlab.com/gitlab-org/gitaly). + +## Architecture overview + +When refreshing a Merge Request (pushing to a source branch, force-pushing to target branch, or if the target branch now contains any commits from the MR) +we fetch the comparison information using `Gitlab::Git::Compare`, which fetches `base` and `head` data using Gitaly and diff between them through +`Gitlab::Git::Diff.between` (which uses _Gitaly_ if it's enabled, otherwise _Rugged_). +The diffs fetching process _limits_ single file diff sizes and the overall size of the whole diff through a series of constant values. Raw diff files are +then persisted on `merge_request_diff_files` table. + +Even though diffs higher than 10kb are collapsed (`Gitlab::Git::Diff::COLLAPSE_LIMIT`), we still keep them on Postgres. However, diff files over _safety limits_ +(see the [Diff limits section](#diff-limits)) are _not_ persisted. + +In order to present diffs information on the Merge Request diffs page, we: + +1. Fetch all diff files from database `merge_request_diff_files` +2. Fetch the _old_ and _new_ file blobs in batch to: + 1. Highlight old and new file content + 2. Know which viewer it should use for each file (text, image, deleted, etc) + 3. Know if the file content changed + 4. Know if it was stored externally + 5. Know if it had storage errors +3. If the diff file is cacheable (text-based), it's cached on Redis +using `Gitlab::Diff::FileCollection::MergeRequestDiff` + +## Diff limits + +As explained above, we limit single diff files and the size of the whole diff. There are scenarios where we collapse the diff file, +and cases where the diff file is not presented at all, and the user is guided to the Blob view. Here we'll go into details about +these limits. + +### Diff collection limits + +Limits that act onto all diff files collection. Files number, lines number and files size are considered. + +```ruby +Gitlab::Git::DiffCollection.collection_limits[:safe_max_files] = Gitlab::Git::DiffCollection::DEFAULT_LIMITS[:max_files] = 100 +``` + +File diffs will be collapsed (but be expandable) if 100 files have already been rendered. + + +```ruby +Gitlab::Git::DiffCollection.collection_limits[:safe_max_lines] = Gitlab::Git::DiffCollection::DEFAULT_LIMITS[:max_lines] = 5000 +``` + +File diffs will be collapsed (but be expandable) if 5000 lines have already been rendered. + + +```ruby +Gitlab::Git::DiffCollection.collection_limits[:safe_max_bytes] = Gitlab::Git::DiffCollection.collection_limits[:safe_max_files] * 5.kilobytes = 500.kilobytes +``` + +File diffs will be collapsed (but be expandable) if 500 kilobytes have already been rendered. + + +```ruby +Gitlab::Git::DiffCollection.collection_limits[:max_files] = Commit::DIFF_HARD_LIMIT_FILES = 1000 +``` + +No more files will be rendered at all if 1000 files have already been rendered. + + +```ruby +Gitlab::Git::DiffCollection.collection_limits[:max_lines] = Commit::DIFF_HARD_LIMIT_LINES = 50000 +``` + +No more files will be rendered at all if 50,000 lines have already been rendered. + +```ruby +Gitlab::Git::DiffCollection.collection_limits[:max_bytes] = Gitlab::Git::DiffCollection.collection_limits[:max_files] * 5.kilobytes = 5000.kilobytes +``` + +No more files will be rendered at all if 5 megabytes have already been rendered. + + +### Individual diff file limits + +Limits that act onto each diff file of a collection. Files number, lines number and files size are considered. + +```ruby +Gitlab::Git::Diff::COLLAPSE_LIMIT = 10.kilobytes +``` + +File diff will be collapsed (but be expandable) if it is larger than 10 kilobytes. + +```ruby +Gitlab::Git::Diff::SIZE_LIMIT = 100.kilobytes +``` + +File diff will not be rendered if it's larger than 100 kilobytes. + + +```ruby +Commit::DIFF_SAFE_LINES = Gitlab::Git::DiffCollection::DEFAULT_LIMITS[:max_lines] = 5000 +``` + +File diff will be suppressed (technically different from collapsed, but behaves the same, and is expandable) if it has more than 5000 lines. + +## Viewers + +Diff Viewers, which can be found on `models/diff_viewer/*` are classes used to map metadata about each type of Diff File. It has information +whether it's a binary, which partial should be used to render it or which File extensions this class accounts for. + +`DiffViewer::Base` validates _blobs_ (old and new versions) content, extension and file type in order to check if it can be rendered. + diff --git a/doc/development/doc_styleguide.md b/doc/development/doc_styleguide.md index 0550ea527cb..5da015ca557 100644 --- a/doc/development/doc_styleguide.md +++ b/doc/development/doc_styleguide.md @@ -4,7 +4,7 @@ The documentation style guide defines the markup structure used in GitLab documentation. Check the [documentation guidelines](writing_documentation.md) for general development instructions. -Check the GitLab hanbook for the [writing styles guidelines](https://about.gitlab.com/handbook/communication/#writing-style-guidelines). +Check the GitLab handbook for the [writing styles guidelines](https://about.gitlab.com/handbook/communication/#writing-style-guidelines). ## Text @@ -19,7 +19,7 @@ Check the GitLab hanbook for the [writing styles guidelines](https://about.gitla - Unless there's a logical reason not to, add documents in alphabetical order - Write in US English - Use [single spaces][] instead of double spaces -- Jump a line between different markups (e.g., after every paragraph, hearder, list, etc) +- Jump a line between different markups (e.g., after every paragraph, header, list, etc) - Capitalize "G" and "L" in GitLab - Capitalize feature, products, and methods names. E.g.: GitLab Runner, Geo, Issue Boards, Git, Prometheus, Continuous Integration. diff --git a/doc/development/ee_features.md b/doc/development/ee_features.md index 287143d6255..4873090a2d4 100644 --- a/doc/development/ee_features.md +++ b/doc/development/ee_features.md @@ -279,7 +279,7 @@ end ``` In `lib/gitlab/visibility_level.rb` this method is used to return the -allowed visibilty levels: +allowed visibility levels: ```ruby def levels_for_user(user = nil) diff --git a/doc/development/fe_guide/style_guide_js.md b/doc/development/fe_guide/style_guide_js.md index f258c56ac87..ce35ca98750 100644 --- a/doc/development/fe_guide/style_guide_js.md +++ b/doc/development/fe_guide/style_guide_js.md @@ -236,7 +236,7 @@ export class Foo { } ``` -On the other hand, if a class only needs to extend a third party/add event listeners in some specific cases, they should be initialized oustside of the constructor. +On the other hand, if a class only needs to extend a third party/add event listeners in some specific cases, they should be initialized outside of the constructor. 1. Prefer `.map`, `.reduce` or `.filter` over `.forEach` A forEach will most likely cause side effects, it will be mutating the array being iterated. Prefer using `.map`, diff --git a/doc/development/file_storage.md b/doc/development/file_storage.md index 34a02bd2c3c..fdbd7f1fa37 100644 --- a/doc/development/file_storage.md +++ b/doc/development/file_storage.md @@ -84,7 +84,7 @@ The `RecordsUploads::Concern` concern will create an `Upload` entry for every fi By including the `ObjectStorage::Concern` in the `GitlabUploader` derived class, you may enable the object storage for this uploader. To enable the object storage in your uploader, you need to either 1) include `RecordsUpload::Concern` and prepend `ObjectStorage::Extension::RecordsUploads` or 2) mount the uploader and create a new field named `<mount>_store`. -The `CarrierWave::Uploader#store_dir` is overriden to +The `CarrierWave::Uploader#store_dir` is overridden to - `GitlabUploader.base_dir` + `GitlabUploader.dynamic_segment` when the store is LOCAL - `GitlabUploader.dynamic_segment` when the store is REMOTE (the bucket name is used to namespace) diff --git a/doc/development/i18n/externalization.md b/doc/development/i18n/externalization.md index b1bec84a2f3..0edcb23c7c5 100644 --- a/doc/development/i18n/externalization.md +++ b/doc/development/i18n/externalization.md @@ -270,7 +270,7 @@ If there are merge conflicts in the `gitlab.pot` file, you can delete the file and regenerate it using the same command. Confirm that you are not deleting any strings accidentally by looking over the diff. The command also updates the translation files for each language: `locale/*/gitlab.po` -These changes can be discarded, the languange files will be updated by Crowdin +These changes can be discarded, the language files will be updated by Crowdin automatically. Discard all of them at once like this: diff --git a/doc/development/merge_request_performance_guidelines.md b/doc/development/merge_request_performance_guidelines.md index 2b4126b43ef..12badbe39b2 100644 --- a/doc/development/merge_request_performance_guidelines.md +++ b/doc/development/merge_request_performance_guidelines.md @@ -162,7 +162,7 @@ need for running complex operations to fetch the data. You should use Redis if data should be cached for a certain time period instead of the duration of the transaction. -For example, say you process multiple snippets of text containiner username +For example, say you process multiple snippets of text containing username mentions (e.g. `Hello @alice` and `How are you doing @alice?`). By caching the user objects for every username we can remove the need for running the same query for every mention of `@alice`. diff --git a/doc/development/ordering_table_columns.md b/doc/development/ordering_table_columns.md index 249e70c7b0e..5d00e1f7a0c 100644 --- a/doc/development/ordering_table_columns.md +++ b/doc/development/ordering_table_columns.md @@ -30,7 +30,7 @@ example) at the end. ## Type Sizes -While the PostgreSQL docuemntation +While the PostgreSQL documentation (https://www.postgresql.org/docs/current/static/datatype.html) contains plenty of information we will list the sizes of common types here so it's easier to look them up. Here "word" refers to the word size, which is 4 bytes for a 32 diff --git a/doc/development/testing_guide/testing_levels.md b/doc/development/testing_guide/testing_levels.md index e86c1f5232a..51794f7f4df 100644 --- a/doc/development/testing_guide/testing_levels.md +++ b/doc/development/testing_guide/testing_levels.md @@ -28,7 +28,7 @@ records should use stubs/doubles as much as possible. | `app/uploaders/` | `spec/uploaders/` | RSpec | | | `app/views/` | `spec/views/` | RSpec | | | `app/workers/` | `spec/workers/` | RSpec | | -| `app/assets/javascripts/` | `spec/javascripts/` | Karma | More details in the [Frontent Testing guide](frontend_testing.md) section. | +| `app/assets/javascripts/` | `spec/javascripts/` | Karma | More details in the [Frontend Testing guide](frontend_testing.md) section. | ## Integration tests diff --git a/doc/development/ux_guide/components.md b/doc/development/ux_guide/components.md index 012c64be79f..b57520a00e0 100644 --- a/doc/development/ux_guide/components.md +++ b/doc/development/ux_guide/components.md @@ -219,7 +219,7 @@ Blocks are a way to group related information. #### Content blocks -Content blocks (`.content-block`) are the basic grouping of content. They are commonly used in [lists](#lists), and are separated by a botton border. +Content blocks (`.content-block`) are the basic grouping of content. They are commonly used in [lists](#lists), and are separated by a button border.  @@ -281,7 +281,7 @@ Modals are only used for having a conversation and confirmation with the user. T | Modal with 2 actions | Modal with 3 actions | Special confirmation | | --------------------- | --------------------- | -------------------- | -|  |  |  | +|  |  |  | > TODO: Special case for modal. diff --git a/doc/development/what_requires_downtime.md b/doc/development/what_requires_downtime.md index 9d0c62ecc35..b8be8daa157 100644 --- a/doc/development/what_requires_downtime.md +++ b/doc/development/what_requires_downtime.md @@ -255,7 +255,7 @@ otherwise it will raise a `TypeError`. ## Adding Indexes Adding indexes is an expensive process that blocks INSERT and UPDATE queries for -the duration. When using PostgreSQL one can work arounds this by using the +the duration. When using PostgreSQL one can work around this by using the `CONCURRENTLY` option: ```sql diff --git a/doc/development/writing_documentation.md b/doc/development/writing_documentation.md index d6a13e7483a..9bca4637830 100644 --- a/doc/development/writing_documentation.md +++ b/doc/development/writing_documentation.md @@ -49,7 +49,7 @@ do before. **Use cases**: provide at least two, ideally three, use cases for every major feature. You should answer this question: what can you do with this feature/change? Use cases -are examples of how this feauture or change can be used in real life. +are examples of how this feature or change can be used in real life. Examples: - CE and EE: [Issues](../user/project/issues/index.md#use-cases) diff --git a/doc/install/database_mysql.md b/doc/install/database_mysql.md index 5c7557ed2b3..e1af086f418 100644 --- a/doc/install/database_mysql.md +++ b/doc/install/database_mysql.md @@ -91,7 +91,7 @@ Follow the below instructions to ensure you use the most up to date requirements #### Check for InnoDB File-Per-Table Tablespaces -We need to check, enable and maybe convert your existing GitLab DB tables to the [InnoDB File-Per-Table Tablespaces](http://dev.mysql.com/doc/refman/5.7/en/innodb-multiple-tablespaces.html) as a prerequise for supporting **utfb8mb4 with long indexes** required by recent GitLab databases. +We need to check, enable and maybe convert your existing GitLab DB tables to the [InnoDB File-Per-Table Tablespaces](http://dev.mysql.com/doc/refman/5.7/en/innodb-multiple-tablespaces.html) as a prerequisite for supporting **utfb8mb4 with long indexes** required by recent GitLab databases. # Login to MySQL mysql -u root -p diff --git a/doc/install/google_cloud_platform/index.md b/doc/install/google_cloud_platform/index.md index 3389f0260f9..2691495e0d4 100644 --- a/doc/install/google_cloud_platform/index.md +++ b/doc/install/google_cloud_platform/index.md @@ -2,7 +2,7 @@  -Gettung started with GitLab on a [Google Cloud Platform (GCP)][gcp] instance is quick and easy. +Getting started with GitLab on a [Google Cloud Platform (GCP)][gcp] instance is quick and easy. ## Prerequisites diff --git a/doc/install/kubernetes/gitlab_runner_chart.md b/doc/install/kubernetes/gitlab_runner_chart.md index a03c49cbd89..0a093c9ec32 100644 --- a/doc/install/kubernetes/gitlab_runner_chart.md +++ b/doc/install/kubernetes/gitlab_runner_chart.md @@ -50,12 +50,12 @@ Here is a snippet of the important settings: gitlabUrl: http://gitlab.your-domain.com/ ## The Registration Token for adding new Runners to the GitLab Server. This must -## be retreived from your GitLab Instance. +## be retrieved from your GitLab Instance. ## ref: https://docs.gitlab.com/ce/ci/runners/README.html#creating-and-registering-a-runner ## runnerRegistrationToken: "" -## Set the certsSecretName in order to pass custom certficates for GitLab Runner to use +## Set the certsSecretName in order to pass custom certificates for GitLab Runner to use ## Provide resource name for a Kubernetes Secret Object in the same namespace, ## this is used to populate the /etc/gitlab-runner/certs directory ## ref: https://docs.gitlab.com/runner/configuration/tls-self-signed.html#supported-options-for-self-signed-certificates @@ -130,7 +130,7 @@ runners: ### Enabling RBAC support -If your cluster has RBAC enabled, you can choose to either have the chart create its own sevice account or provide one. +If your cluster has RBAC enabled, you can choose to either have the chart create its own service account or provide one. To have the chart create the service account for you, set `rbac.create` to true. @@ -208,7 +208,7 @@ You then need to provide the secret's name to the GitLab Runner chart. Add the following to your `values.yaml` ```yaml -## Set the certsSecretName in order to pass custom certficates for GitLab Runner to use +## Set the certsSecretName in order to pass custom certificates for GitLab Runner to use ## Provide resource name for a Kubernetes Secret Object in the same namespace, ## this is used to populate the /etc/gitlab-runner/certs directory ## ref: https://docs.gitlab.com/runner/configuration/tls-self-signed.html#supported-options-for-self-signed-certificates diff --git a/doc/integration/shibboleth.md b/doc/integration/shibboleth.md index e0fc1bb801f..8611d4f7315 100644 --- a/doc/integration/shibboleth.md +++ b/doc/integration/shibboleth.md @@ -43,7 +43,7 @@ exclude shibboleth URLs from rewriting, add "RewriteCond %{REQUEST_URI} !/Shibbo RequestHeader set X_FORWARDED_PROTO 'https' ``` -1. Edit /etc/gitlab/gitlab.rb configuration file, your shibboleth attributes should be in form of "HTTP_ATTRIBUTE" and you should addjust them to your need and environment. Add any other configuration you need. +1. Edit /etc/gitlab/gitlab.rb configuration file, your shibboleth attributes should be in form of "HTTP_ATTRIBUTE" and you should adjust them to your need and environment. Add any other configuration you need. File should look like this: ``` diff --git a/doc/ssh/README.md b/doc/ssh/README.md index aa14a39e4c9..b71e9bf3000 100644 --- a/doc/ssh/README.md +++ b/doc/ssh/README.md @@ -196,7 +196,7 @@ This is really useful for integrating repositories to secured, shared Continuous Integration (CI) services or other shared services. GitLab administrators can set up the Global Shared Deploy key in GitLab and add the private key to any shared systems. Individual repositories opt into -exposing their repsitory using these keys when a project masters (or higher) +exposing their repository using these keys when a project masters (or higher) authorizes a Global Shared Deploy key to be used with their project. Global Shared Keys can provide greater security compared to Per-Project Deploy @@ -224,7 +224,7 @@ if there is at least one Global Deploy Key configured. CAUTION: **Warning:** Defining Global Deploy Keys does not expose any given repository via -the key until that respository adds the Global Deploy Key to their project. +the key until that repository adds the Global Deploy Key to their project. In this way the Global Deploy Keys enable access by other systems, but do not implicitly give any access just by setting them up. diff --git a/doc/topics/autodevops/index.md b/doc/topics/autodevops/index.md index 8c4a2925356..7c0cd2c40d2 100644 --- a/doc/topics/autodevops/index.md +++ b/doc/topics/autodevops/index.md @@ -135,6 +135,11 @@ and `1.2.3.4` is the IP address of your load balancer; generally NGINX ([see prerequisites](#prerequisites)). How to set up the DNS record is beyond the scope of this document; you should check with your DNS provider. +Alternatively you can use free public services like [xip.io](http://xip.io) or +[nip.io](http://nip.io) which provide automatic wildcard DNS without any +configuration. Just set the Auto DevOps base domain to `1.2.3.4.xip.io` or +`1.2.3.4.nip.io`. + Once set up, all requests will hit the load balancer, which in turn will route them to the Kubernetes pods that run your application(s). diff --git a/doc/university/glossary/README.md b/doc/university/glossary/README.md index a9ccbf5a085..945d6a578b0 100644 --- a/doc/university/glossary/README.md +++ b/doc/university/glossary/README.md @@ -89,7 +89,7 @@ A [copy](https://git-scm.com/docs/git-clone) of a repository stored on your mach ### Code Review -Examination of a progam's code. The main aim is to maintain high quality standards of code that is being shipped. Merge requests [serve as a code review tool](https://about.gitlab.com/2014/09/29/gitlab-flow/) in GitLab. +Examination of a program's code. The main aim is to maintain high quality standards of code that is being shipped. Merge requests [serve as a code review tool](https://about.gitlab.com/2014/09/29/gitlab-flow/) in GitLab. ### Code Snippet diff --git a/doc/university/high-availability/aws/README.md b/doc/university/high-availability/aws/README.md index 47ccd0e6dbc..f340164b882 100644 --- a/doc/university/high-availability/aws/README.md +++ b/doc/university/high-availability/aws/README.md @@ -354,11 +354,11 @@ add the following script to the User Data section: - mount -a -t nfs - sudo gitlab-ctl reconfigure -On the security group section we can chosse our existing +On the security group section we can choose our existing `gitlab-ec2-security-group` group which has already been tested. After this is launched we are able to start creating our Auto Scaling -Group. Start by giving it a name and assinging it our VPC and private +Group. Start by giving it a name and assigning it our VPC and private subnets. We also want to always start with two instances and if you scroll down to Advanced Details we can choose to receive traffic from ELBs. Lets enable that option and select our ELB. We also want to use the ELB's diff --git a/doc/university/support/README.md b/doc/university/support/README.md index 25d5fe351ca..d1d5db6bbcd 100644 --- a/doc/university/support/README.md +++ b/doc/university/support/README.md @@ -163,7 +163,7 @@ Some tickets need specific knowledge or a deep understanding of a particular com - Aim to have a good understanding of the problems that customers are facing - Aim to have gained experience in scheduling and participating in calls with customers -- Aim to have a good understanding of ticket flow through Zendesk and how to interat with our various channels +- Aim to have a good understanding of ticket flow through Zendesk and how to interact with our various channels ### Stage 4 diff --git a/doc/university/training/end-user/README.md b/doc/university/training/end-user/README.md index a882bf0eb48..9b8a8db58e2 100644 --- a/doc/university/training/end-user/README.md +++ b/doc/university/training/end-user/README.md @@ -27,7 +27,7 @@ project. ### Short Story of Git -- 1991-2002: The Linux kernel was being maintaned by sharing archived files +- 1991-2002: The Linux kernel was being maintained by sharing archived files and patches. - 2002: The Linux kernel project began using a DVCS called BitKeeper - 2005: BitKeeper revoked the free-of-charge status and Git was created diff --git a/doc/university/training/topics/tags.md b/doc/university/training/topics/tags.md index ab48d52d3c3..6333ceedbd7 100644 --- a/doc/university/training/topics/tags.md +++ b/doc/university/training/topics/tags.md @@ -9,7 +9,7 @@ comments: false - Useful for marking deployments and releases - Annotated tags are an unchangeable part of Git history - Soft/lightweight tags can be set and removed at will -- Many projects combine an anotated release tag with a stable branch +- Many projects combine an annotated release tag with a stable branch - Consider setting deployment/release tags automatically ---------- diff --git a/doc/university/training/user_training.md b/doc/university/training/user_training.md index 90e1d2ba5e8..dccb6cbf071 100644 --- a/doc/university/training/user_training.md +++ b/doc/university/training/user_training.md @@ -279,7 +279,7 @@ See GitLab merge requests for examples: - Useful for marking deployments and releases - Annotated tags are an unchangeable part of Git history - Soft/lightweight tags can be set and removed at will -- Many projects combine an anotated release tag with a stable branch +- Many projects combine an annotated release tag with a stable branch - Consider setting deployment/release tags automatically --- diff --git a/doc/user/admin_area/settings/sign_up_restrictions.md b/doc/user/admin_area/settings/sign_up_restrictions.md index 603b826e7f2..26329f20339 100644 --- a/doc/user/admin_area/settings/sign_up_restrictions.md +++ b/doc/user/admin_area/settings/sign_up_restrictions.md @@ -1,7 +1,7 @@ # Sign-up restrictions You can block email addresses of specific domains, or whitelist only some -specifc domains via the **Application Settings** in the Admin area. +specific domains via the **Application Settings** in the Admin area. >**Note**: These restrictions are only applied during sign-up. An admin is able to add add a user through the admin panel with a disallowed domain. Also diff --git a/doc/user/group/subgroups/index.md b/doc/user/group/subgroups/index.md index 2a982344e5f..02f8ef08117 100644 --- a/doc/user/group/subgroups/index.md +++ b/doc/user/group/subgroups/index.md @@ -55,7 +55,7 @@ first group being the name of the distro and subsequent groups split like: Another example of GitLab as a company would be the following: - Organization Group - GitLab - - Category Subroup - Marketing + - Category Subgroup - Marketing - (project) Design - (project) General - Category Subgroup - Software diff --git a/doc/user/index.md b/doc/user/index.md index 43b6fd53b91..2494df46f1c 100644 --- a/doc/user/index.md +++ b/doc/user/index.md @@ -56,7 +56,7 @@ With GitLab Enterprise Edition, you can also: [Merge Request Approvals](https://docs.gitlab.com/ee/user/project/merge_requests/index.html#merge-request-approvals), [Multiple Assignees for Issues](https://docs.gitlab.com/ee/user/project/issues/multiple_assignees_for_issues.html), and [Multiple Issue Boards](https://docs.gitlab.com/ee/user/project/issue_board.html#multiple-issue-boards) -- Create formal relashionships between issues with [Related Issues](https://docs.gitlab.com/ee/user/project/issues/related_issues.html) +- Create formal relationships between issues with [Related Issues](https://docs.gitlab.com/ee/user/project/issues/related_issues.html) - Use [Burndown Charts](https://docs.gitlab.com/ee/user/project/milestones/burndown_charts.html) to track progress during a sprint or while working on a new version of their software. - Leverage [Elasticsearch](https://docs.gitlab.com/ee/integration/elasticsearch.html) with [Advanced Global Search](https://docs.gitlab.com/ee/user/search/advanced_global_search.html) and [Advanced Syntax Search](https://docs.gitlab.com/ee/user/search/advanced_search_syntax.html) for faster, more advanced code search across your entire GitLab instance - [Authenticate users with Kerberos](https://docs.gitlab.com/ee/integration/kerberos.html) diff --git a/doc/user/project/clusters/index.md b/doc/user/project/clusters/index.md index 716787532fc..edb875bc7e6 100644 --- a/doc/user/project/clusters/index.md +++ b/doc/user/project/clusters/index.md @@ -238,6 +238,7 @@ work. The default environment scope is `*`, which means all jobs, regardless of their environment, will use that cluster. Each scope can only be used by a single cluster in a project, and a validation error will occur if otherwise. +Also, jobs that don't have an environment keyword set will not be able to access any cluster. --- diff --git a/doc/user/project/issues/closing_issues.md b/doc/user/project/issues/closing_issues.md index dcfa5ff59b2..1d88745af9f 100644 --- a/doc/user/project/issues/closing_issues.md +++ b/doc/user/project/issues/closing_issues.md @@ -48,12 +48,12 @@ link to each other, but the MR will NOT close the issue(s) when merged. ## From the Issue Board -You can close an issue from [Issue Boards](../issue_board.md) by draging an issue card +You can close an issue from [Issue Boards](../issue_board.md) by dragging an issue card from its list and dropping into **Closed**.  -## Customizing the issue closing patern +## Customizing the issue closing pattern Alternatively, a GitLab **administrator** can -[customize the issue closing patern](../../../administration/issue_closing_pattern.md). +[customize the issue closing pattern](../../../administration/issue_closing_pattern.md). diff --git a/doc/user/project/issues/crosslinking_issues.md b/doc/user/project/issues/crosslinking_issues.md index cc8988be36b..786d1c81b1b 100644 --- a/doc/user/project/issues/crosslinking_issues.md +++ b/doc/user/project/issues/crosslinking_issues.md @@ -60,4 +60,4 @@ or simply link both issue and merge request as described in the ### Close an issue by merging a merge request -To [close an issue when a merge request is merged](closing_issues.md#via-merge-request), use the [automatic issue closing patern](automatic_issue_closing.md). +To [close an issue when a merge request is merged](closing_issues.md#via-merge-request), use the [automatic issue closing pattern](automatic_issue_closing.md). diff --git a/doc/user/project/issues/issues_functionalities.md b/doc/user/project/issues/issues_functionalities.md index cf5cf1794ee..e9903b01c82 100644 --- a/doc/user/project/issues/issues_functionalities.md +++ b/doc/user/project/issues/issues_functionalities.md @@ -152,7 +152,7 @@ know you like it without spamming them. These text fields also fully support [GitLab Flavored Markdown](../../markdown.md#gitlab-flavored-markdown-gfm). -#### 17. Comment, start a discusion, or comment and close +#### 17. Comment, start a discussion, or comment and close Once you wrote your comment, you can either: diff --git a/doc/user/project/milestones/index.md b/doc/user/project/milestones/index.md index 10e6321eb82..64bb33be547 100644 --- a/doc/user/project/milestones/index.md +++ b/doc/user/project/milestones/index.md @@ -10,7 +10,7 @@ Milestones allow you to organize issues and merge requests into a cohesive group - **Project milestones** can be assigned to issues or merge requests in that project only. - **Group milestones** can be assigned to any issue or merge request of any project in that group. -- In the [future](https://gitlab.com/gitlab-org/gitlab-ce/issues/36862), you will be able to assign group milestones to issues and merge reqeusts of projects in [subgroups](../../group/subgroups/index.md). +- In the [future](https://gitlab.com/gitlab-org/gitlab-ce/issues/36862), you will be able to assign group milestones to issues and merge requests of projects in [subgroups](../../group/subgroups/index.md). ## Creating milestones diff --git a/doc/user/project/pages/getting_started_part_two.md b/doc/user/project/pages/getting_started_part_two.md index 2274cac8ace..556bf1db116 100644 --- a/doc/user/project/pages/getting_started_part_two.md +++ b/doc/user/project/pages/getting_started_part_two.md @@ -50,14 +50,14 @@ created for the steps below. 1. [Fork a sample project](../../../gitlab-basics/fork-project.md) from the [Pages group](https://gitlab.com/pages) 1. Trigger a build (push a change to any file) 1. As soon as the build passes, your website will have been deployed with GitLab Pages. Your website URL will be available under your project's **Settings** > **Pages** -1. Optionally, remove the fork relationship by navigating to your project's **Settings** > expanding **Advanced settings** and scrolling down to **Remove fork relashionship**: +1. Optionally, remove the fork relationship by navigating to your project's **Settings** > expanding **Advanced settings** and scrolling down to **Remove fork relationship**: -  +  To turn a **project website** forked from the Pages group into a **user/group** website, you'll need to: - Rename it to `namespace.gitlab.io`: navigate to project's **Settings** > expand **Advanced settings** > and scroll down to **Rename repository** -- Adjust your SSG's [base URL](#urls-and-baseurls) to from `"project-name"` to `""`. This setting will be at a different place for each SSG, as each of them have their own structure and file tree. Most likelly, it will be in the SSG's config file. +- Adjust your SSG's [base URL](#urls-and-baseurls) to from `"project-name"` to `""`. This setting will be at a different place for each SSG, as each of them have their own structure and file tree. Most likely, it will be in the SSG's config file. > **Notes:** > diff --git a/doc/user/project/pages/img/remove_fork_relashionship.png b/doc/user/project/pages/img/remove_fork_relationship.png Binary files differindex 67c45491f08..67c45491f08 100644 --- a/doc/user/project/pages/img/remove_fork_relashionship.png +++ b/doc/user/project/pages/img/remove_fork_relationship.png diff --git a/doc/user/project/pages/index.md b/doc/user/project/pages/index.md index a65aa758198..a97ce84b861 100644 --- a/doc/user/project/pages/index.md +++ b/doc/user/project/pages/index.md @@ -1,23 +1,22 @@ # GitLab Pages -With GitLab Pages you can host your website at no cost. - -Your files live in a GitLab project's [repository](../repository/index.md), -from which you can deploy [static websites](#explore-gitlab-pages). -GitLab Pages supports all static site generators (SSGs). +With GitLab Pages it's easy to publish your project website. GitLab Pages is a hosting service for static websites, at no additional cost. ## Getting Started -Follow the steps below to get your website live. They shouldn't take more than -5 minutes to complete: +[Create a project from scratch](getting_started_part_two.md#create-a-project-from-scratch) +to get you started quickly, or, +alternatively, start from an existing project as follows: -- 1. [Fork](../../../gitlab-basics/fork-project.md#how-to-fork-a-project) an [example project](https://gitlab.com/pages) -- 2. Change a file to trigger a GitLab CI/CD pipeline -- 3. Visit your project's **Settings > Pages** to see your **website link**, and click on it. Bam! Your website is live. +- 1. [Fork](../../../gitlab-basics/fork-project.md#how-to-fork-a-project) an [example project](https://gitlab.com/pages): +by forking a project, you create a copy of the codebase you're forking from to start from a template instead of starting from scratch. +- 2. Change a file to trigger a GitLab CI/CD pipeline: GitLab CI/CD will build and deploy your site to GitLab Pages. +- 3. Visit your project's **Settings > Pages** to see your **website link**, and click on it. Bam! Your website is live! :) _Further steps (optional):_ -- 4. Remove the [fork relationship](getting_started_part_two.md#fork-a-project-to-get-started-from) (_You don't need the relationship unless you intent to contribute back to the example project you forked from_). +- 4. Remove the [fork relationship](getting_started_part_two.md#fork-a-project-to-get-started-from) +(_You don't need the relationship unless you intent to contribute back to the example project you forked from_). - 5. Make it a [user/group website](getting_started_part_one.md#user-and-group-websites) **Watch a video with the steps above: https://www.youtube.com/watch?v=TWqh9MtT4Bg** @@ -27,14 +26,23 @@ _Advanced options:_ - [Use a custom domain](getting_started_part_three.md#adding-your-custom-domain-to-gitlab-pages) - Apply [SSL/TLS certification](getting_started_part_three.md#ssl-tls-certificates) to your custom domain -## Explore GitLab Pages +## How Does It Work? With GitLab Pages you can create [static websites](getting_started_part_one.md#what-you-need-to-know-before-getting-started) -for your GitLab projects, groups, or user accounts. You can use any static -website generator: Jekyll, Middleman, Hexo, Hugo, Pelican, you name it! +for your GitLab projects, groups, or user accounts. + +It supports plain static content, such as HTML, and **all** [static site generators (SSGs)](https://about.gitlab.com/2016/06/03/ssg-overview-gitlab-pages-part-1-dynamic-x-static/), such as Jekyll, Middleman, Hexo, Hugo, and Pelican. + Connect as many custom domains as you like and bring your own TLS certificate to secure them. +Your files live in a project [repository](../repository/index.md) on GitLab. +[GitLab CI](../../../ci/README.md) picks up those files and makes them available at, typically, +`http://<username>.gilab.io/<projectname>`. Please read through the docs on +[GitLab Pages domains](getting_started_part_one.md#gitlab-pages-domain) for more info. + +## Explore GitLab Pages + Read the following tutorials to know more about: - [Static websites and GitLab Pages domains](getting_started_part_one.md): Understand what is a static website, and how GitLab Pages default domains work diff --git a/doc/user/project/repository/reducing_the_repo_size_using_git.md b/doc/user/project/repository/reducing_the_repo_size_using_git.md index 08805a4dc99..a06ecc3220f 100644 --- a/doc/user/project/repository/reducing_the_repo_size_using_git.md +++ b/doc/user/project/repository/reducing_the_repo_size_using_git.md @@ -1,6 +1,6 @@ # Reducing the repository size using Git -A GitLab Entrerprise Edition administrator can set a [repository size limit][admin-repo-size] +A GitLab Enterprise Edition administrator can set a [repository size limit][admin-repo-size] which will prevent you to exceed it. When a project has reached its size limit, you will not be able to push to it, diff --git a/doc/user/search/index.md b/doc/user/search/index.md index 2b23c494dc4..4f1b96b775c 100644 --- a/doc/user/search/index.md +++ b/doc/user/search/index.md @@ -96,7 +96,7 @@ On the field **Filter by name**, type the project or group name you want to find will filter them for you as you type. You can also look for the projects you starred (**Starred projects**), and **Explore** all -public and internal projects available in GitLab.com, from which you can filter by visibitily, +public and internal projects available in GitLab.com, from which you can filter by visibility, through **Trending**, best rated with **Most starts**, or **All** of them. You can also sort them by **Name**, **Last created**, **Oldest created**, **Last updated**, diff --git a/doc/workflow/lfs/manage_large_binaries_with_git_lfs.md b/doc/workflow/lfs/manage_large_binaries_with_git_lfs.md index 104ac0cf31b..0e29740b15f 100644 --- a/doc/workflow/lfs/manage_large_binaries_with_git_lfs.md +++ b/doc/workflow/lfs/manage_large_binaries_with_git_lfs.md @@ -243,7 +243,7 @@ GitLab checks files to detect LFS pointers on push. If LFS pointers are detected Verify that LFS in installed locally and consider a manual push with `git lfs push --all`. -If you are storing LFS files outside of GitLab you can disable LFS on the project by settting `lfs_enabled: false` with the [projects api](../../api/projects.md#edit-project). +If you are storing LFS files outside of GitLab you can disable LFS on the project by setting `lfs_enabled: false` with the [projects api](../../api/projects.md#edit-project). ### Hosting LFS objects externally diff --git a/lib/api/pipelines.rb b/lib/api/pipelines.rb index d2b8b832e4e..735591fedd5 100644 --- a/lib/api/pipelines.rb +++ b/lib/api/pipelines.rb @@ -19,6 +19,7 @@ module API optional :status, type: String, values: HasStatus::AVAILABLE_STATUSES, desc: 'The status of pipelines' optional :ref, type: String, desc: 'The ref of pipelines' + optional :sha, type: String, desc: 'The sha of pipelines' optional :yaml_errors, type: Boolean, desc: 'Returns pipelines with invalid configurations' optional :name, type: String, desc: 'The name of the user who triggered pipelines' optional :username, type: String, desc: 'The username of the user who triggered pipelines' diff --git a/lib/gitlab/base_doorkeeper_controller.rb b/lib/gitlab/base_doorkeeper_controller.rb new file mode 100644 index 00000000000..e4227af25d2 --- /dev/null +++ b/lib/gitlab/base_doorkeeper_controller.rb @@ -0,0 +1,8 @@ +# This is a base controller for doorkeeper. +# It adds the `can?` helper used in the views. +module Gitlab + class BaseDoorkeeperController < ActionController::Base + include Gitlab::Allowable + helper_method :can? + end +end diff --git a/lib/gitlab/git/remote_repository.rb b/lib/gitlab/git/remote_repository.rb index 6bd6e58feeb..f40e59a8dd0 100644 --- a/lib/gitlab/git/remote_repository.rb +++ b/lib/gitlab/git/remote_repository.rb @@ -12,7 +12,7 @@ module Gitlab # class. # class RemoteRepository - attr_reader :path, :relative_path, :gitaly_repository + attr_reader :relative_path, :gitaly_repository def initialize(repository) @relative_path = repository.relative_path @@ -21,7 +21,6 @@ module Gitlab # These instance variables will not be available in gitaly-ruby, where # we have no disk access to this repository. @repository = repository - @path = repository.path end def empty? @@ -69,6 +68,10 @@ module Gitlab env end + def path + @repository.path + end + private # Must return an object that responds to 'address' and 'storage'. diff --git a/lib/gitlab/git/repository.rb b/lib/gitlab/git/repository.rb index 5a6e2e0b937..0ad2d385051 100644 --- a/lib/gitlab/git/repository.rb +++ b/lib/gitlab/git/repository.rb @@ -142,15 +142,7 @@ module Gitlab end def exists? - Gitlab::GitalyClient.migrate(:repository_exists, status: Gitlab::GitalyClient::MigrationStatus::OPT_OUT) do |enabled| - if enabled - gitaly_repository_client.exists? - else - circuit_breaker.perform do - File.exist?(File.join(path, 'refs')) - end - end - end + gitaly_repository_client.exists? end # Returns an Array of branch names @@ -1187,6 +1179,8 @@ module Gitlab if is_enabled gitaly_fetch_ref(source_repository, source_ref: source_ref, target_ref: target_ref) else + # When removing this code, also remove source_repository#path + # to remove deprecated method calls local_fetch_ref(source_repository.path, source_ref: source_ref, target_ref: target_ref) end end diff --git a/lib/gitlab/gitaly_client/repository_service.rb b/lib/gitlab/gitaly_client/repository_service.rb index bf5a491e28d..498187997e1 100644 --- a/lib/gitlab/gitaly_client/repository_service.rb +++ b/lib/gitlab/gitaly_client/repository_service.rb @@ -142,7 +142,7 @@ module Gitlab :repository_service, :is_rebase_in_progress, request, - timeout: GitalyClient.default_timeout + timeout: GitalyClient.fast_timeout ) response.in_progress @@ -159,7 +159,7 @@ module Gitlab :repository_service, :is_squash_in_progress, request, - timeout: GitalyClient.default_timeout + timeout: GitalyClient.fast_timeout ) response.in_progress diff --git a/lib/gitlab/pages_client.rb b/lib/gitlab/pages_client.rb new file mode 100644 index 00000000000..7b358a3bd1b --- /dev/null +++ b/lib/gitlab/pages_client.rb @@ -0,0 +1,117 @@ +module Gitlab + class PagesClient + class << self + attr_reader :certificate, :token + + def call(service, rpc, request, timeout: nil) + kwargs = request_kwargs(timeout) + stub(service).__send__(rpc, request, kwargs) # rubocop:disable GitlabSecurity/PublicSend + end + + # This function is not thread-safe. Call it from an initializer only. + def read_or_create_token + @token = read_token + rescue Errno::ENOENT + # TODO: uncomment this when omnibus knows how to write the token file for us + # https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests/2466 + # + # write_token(SecureRandom.random_bytes(64)) + # + # # Read from disk in case someone else won the race and wrote the file + # # before us. If this fails again let the exception bubble up. + # @token = read_token + end + + # This function is not thread-safe. Call it from an initializer only. + def load_certificate + cert_path = config.certificate + return unless cert_path.present? + + @certificate = File.read(cert_path) + end + + def ping + request = Grpc::Health::V1::HealthCheckRequest.new + call(:health_check, :check, request, timeout: 5.seconds) + end + + private + + def request_kwargs(timeout) + encoded_token = Base64.strict_encode64(token.to_s) + metadata = { + 'authorization' => "Bearer #{encoded_token}" + } + + result = { metadata: metadata } + + return result unless timeout + + # Do not use `Time.now` for deadline calculation, since it + # will be affected by Timecop in some tests, but grpc's c-core + # uses system time instead of timecop's time, so tests will fail + # `Time.at(Process.clock_gettime(Process::CLOCK_REALTIME))` will + # circumvent timecop + deadline = Time.at(Process.clock_gettime(Process::CLOCK_REALTIME)) + timeout + result[:deadline] = deadline + + result + end + + def stub(name) + stub_class(name).new(address, grpc_creds) + end + + def stub_class(name) + if name == :health_check + Grpc::Health::V1::Health::Stub + else + # TODO use pages namespace + Gitaly.const_get(name.to_s.camelcase.to_sym).const_get(:Stub) + end + end + + def address + addr = config.address + addr = addr.sub(%r{^tcp://}, '') if URI(addr).scheme == 'tcp' + addr + end + + def grpc_creds + if address.start_with?('unix:') + :this_channel_is_insecure + elsif @certificate + GRPC::Core::ChannelCredentials.new(@certificate) + else + # Use system certificate pool + GRPC::Core::ChannelCredentials.new + end + end + + def config + Gitlab.config.pages.admin + end + + def read_token + File.read(token_path) + end + + def token_path + Rails.root.join('.gitlab_pages_secret').to_s + end + + def write_token(new_token) + Tempfile.open(File.basename(token_path), File.dirname(token_path), encoding: 'ascii-8bit') do |f| + f.write(new_token) + f.close + File.link(f.path, token_path) + end + rescue Errno::EACCES => ex + # TODO stop rescuing this exception in GitLab 11.0 https://gitlab.com/gitlab-org/gitlab-ce/issues/45672 + Rails.logger.error("Could not write pages admin token file: #{ex}") + rescue Errno::EEXIST + # Another process wrote the token file concurrently with us. Use their token, not ours. + end + end + end +end diff --git a/lib/omni_auth/strategies/jwt.rb b/lib/omni_auth/strategies/jwt.rb new file mode 100644 index 00000000000..2349b2a28aa --- /dev/null +++ b/lib/omni_auth/strategies/jwt.rb @@ -0,0 +1,62 @@ +require 'omniauth' +require 'jwt' + +module OmniAuth + module Strategies + class JWT + ClaimInvalid = Class.new(StandardError) + + include OmniAuth::Strategy + + args [:secret] + + option :secret, nil + option :algorithm, 'HS256' + option :uid_claim, 'email' + option :required_claims, %w(name email) + option :info_map, { name: "name", email: "email" } + option :auth_url, nil + option :valid_within, nil + + uid { decoded[options.uid_claim] } + + extra do + { raw_info: decoded } + end + + info do + options.info_map.each_with_object({}) do |(k, v), h| + h[k.to_s] = decoded[v.to_s] + end + end + + def request_phase + redirect options.auth_url + end + + def decoded + @decoded ||= ::JWT.decode(request.params['jwt'], options.secret, options.algorithm).first + + (options.required_claims || []).each do |field| + raise ClaimInvalid, "Missing required '#{field}' claim" unless @decoded.key?(field.to_s) + end + + raise ClaimInvalid, "Missing required 'iat' claim" if options.valid_within && !@decoded["iat"] + + if options.valid_within && (Time.now.to_i - @decoded["iat"]).abs > options.valid_within + raise ClaimInvalid, "'iat' timestamp claim is too skewed from present" + end + + @decoded + end + + def callback_phase + super + rescue ClaimInvalid => e + fail! :claim_invalid, e + end + end + + class Jwt < JWT; end + end +end diff --git a/lib/tasks/gitlab/pages.rake b/lib/tasks/gitlab/pages.rake new file mode 100644 index 00000000000..100e480bd66 --- /dev/null +++ b/lib/tasks/gitlab/pages.rake @@ -0,0 +1,9 @@ +namespace :gitlab do + namespace :pages do + desc 'Ping the pages admin API' + task admin_ping: :gitlab_environment do + Gitlab::PagesClient.ping + puts "OK: gitlab-pages admin API is reachable" + end + end +end diff --git a/qa/Dockerfile b/qa/Dockerfile index ed2ee73bea0..77cee9c5461 100644 --- a/qa/Dockerfile +++ b/qa/Dockerfile @@ -1,4 +1,4 @@ -FROM ruby:2.4 +FROM ruby:2.4-stretch LABEL maintainer "Grzegorz Bizon <grzegorz@gitlab.com>" ENV DEBIAN_FRONTEND noninteractive diff --git a/qa/Gemfile b/qa/Gemfile index c3e61568f3d..d69c71003ae 100644 --- a/qa/Gemfile +++ b/qa/Gemfile @@ -6,5 +6,4 @@ gem 'capybara-screenshot', '~> 1.0.18' gem 'rake', '~> 12.3.0' gem 'rspec', '~> 3.7' gem 'selenium-webdriver', '~> 3.8.0' -gem 'net-ssh', require: false gem 'airborne', '~> 0.2.13' diff --git a/qa/Gemfile.lock b/qa/Gemfile.lock index 51d2e4d7a10..565adac7499 100644 --- a/qa/Gemfile.lock +++ b/qa/Gemfile.lock @@ -46,7 +46,6 @@ GEM mini_mime (1.0.0) mini_portile2 (2.3.0) minitest (5.11.1) - net-ssh (4.1.0) netrc (0.11.0) nokogiri (1.8.1) mini_portile2 (~> 2.3.0) @@ -98,7 +97,6 @@ DEPENDENCIES airborne (~> 0.2.13) capybara (~> 2.16.1) capybara-screenshot (~> 1.0.18) - net-ssh pry-byebug (~> 3.5.1) rake (~> 12.3.0) rspec (~> 3.7) @@ -11,9 +11,15 @@ module QA autoload :Scenario, 'qa/runtime/scenario' autoload :Browser, 'qa/runtime/browser' autoload :Env, 'qa/runtime/env' - autoload :RSAKey, 'qa/runtime/rsa_key' autoload :Address, 'qa/runtime/address' autoload :API, 'qa/runtime/api' + + module Key + autoload :Base, 'qa/runtime/key/base' + autoload :RSA, 'qa/runtime/key/rsa' + autoload :ECDSA, 'qa/runtime/key/ecdsa' + autoload :ED25519, 'qa/runtime/key/ed25519' + end end ## diff --git a/qa/qa/factory/repository/push.rb b/qa/qa/factory/repository/push.rb index 6e8905cde78..795f1f9cb1a 100644 --- a/qa/qa/factory/repository/push.rb +++ b/qa/qa/factory/repository/push.rb @@ -2,7 +2,10 @@ module QA module Factory module Repository class Push < Factory::Base - attr_writer :file_name, :file_content, :commit_message, :branch_name, :new_branch + attr_accessor :file_name, :file_content, :commit_message, + :branch_name, :new_branch + + attr_writer :remote_branch dependency Factory::Resource::Project, as: :project do |project| project.name = 'project-with-code' @@ -17,23 +20,32 @@ module QA @new_branch = true end + def remote_branch + @remote_branch ||= branch_name + end + def fabricate! project.visit! Git::Repository.perform do |repository| - repository.location = Page::Project::Show.act do + repository.uri = Page::Project::Show.act do choose_repository_clone_http - repository_location + repository_location.uri end repository.use_default_credentials repository.clone repository.configure_identity('GitLab QA', 'root@gitlab.com') - repository.checkout(@branch_name) unless @new_branch - repository.add_file(@file_name, @file_content) - repository.commit(@commit_message) - repository.push_changes(@branch_name) + if new_branch + repository.checkout_new_branch(branch_name) + else + repository.checkout(branch_name) + end + + repository.add_file(file_name, file_content) + repository.commit(commit_message) + repository.push_changes("#{branch_name}:#{remote_branch}") end end end diff --git a/qa/qa/factory/resource/branch.rb b/qa/qa/factory/resource/branch.rb index d0ef142e90d..1785441f5a8 100644 --- a/qa/qa/factory/resource/branch.rb +++ b/qa/qa/factory/resource/branch.rb @@ -2,7 +2,8 @@ module QA module Factory module Resource class Branch < Factory::Base - attr_accessor :project, :branch_name, :allow_to_push, :protected + attr_accessor :project, :branch_name, + :allow_to_push, :allow_to_merge, :protected dependency Factory::Resource::Project, as: :project do |project| project.name = 'protected-branch-project' @@ -23,6 +24,7 @@ module QA def initialize @branch_name = 'test/branch' @allow_to_push = true + @allow_to_merge = true @protected = false end @@ -39,7 +41,9 @@ module QA resource.project = project resource.file_name = 'README.md' resource.commit_message = 'Add readme' - resource.branch_name = "master:#{@branch_name}" + resource.branch_name = 'master' + resource.new_branch = false + resource.remote_branch = @branch_name end Page::Project::Show.act { wait_for_push } @@ -63,7 +67,22 @@ module QA page.allow_no_one_to_push end + if allow_to_merge + page.allow_devs_and_masters_to_merge + else + page.allow_no_one_to_merge + end + + page.wait(reload: false) do + !page.first('.btn-create').disabled? + end + page.protect_branch + + # Wait for page load, which resets the expanded sections + page.wait(reload: false) do + !page.has_content?('Collapse') + end end end end diff --git a/qa/qa/factory/resource/deploy_key.rb b/qa/qa/factory/resource/deploy_key.rb index ff0b4a46b77..ea8a3ad687d 100644 --- a/qa/qa/factory/resource/deploy_key.rb +++ b/qa/qa/factory/resource/deploy_key.rb @@ -4,15 +4,15 @@ module QA class DeployKey < Factory::Base attr_accessor :title, :key - product :title do + product :fingerprint do |resource| Page::Project::Settings::Repository.act do - expand_deploy_keys(&:key_title) - end - end + expand_deploy_keys do |key| + key_offset = key.key_titles.index do |title| + title.text == resource.title + end - product :fingerprint do - Page::Project::Settings::Repository.act do - expand_deploy_keys(&:key_fingerprint) + key.key_fingerprints[key_offset].text + end end end diff --git a/qa/qa/factory/resource/merge_request.rb b/qa/qa/factory/resource/merge_request.rb index 539fe6b8a70..7588ac5735d 100644 --- a/qa/qa/factory/resource/merge_request.rb +++ b/qa/qa/factory/resource/merge_request.rb @@ -24,12 +24,14 @@ module QA dependency Factory::Repository::Push, as: :target do |push, factory| factory.project.visit! push.project = factory.project - push.branch_name = "master:#{factory.target_branch}" + push.branch_name = 'master' + push.remote_branch = factory.target_branch end dependency Factory::Repository::Push, as: :source do |push, factory| push.project = factory.project - push.branch_name = "#{factory.target_branch}:#{factory.source_branch}" + push.branch_name = factory.target_branch + push.remote_branch = factory.source_branch push.file_name = "added_file.txt" push.file_content = "File Added" end diff --git a/qa/qa/factory/resource/project.rb b/qa/qa/factory/resource/project.rb index 7df2dc6618c..cda1b35ba6a 100644 --- a/qa/qa/factory/resource/project.rb +++ b/qa/qa/factory/resource/project.rb @@ -17,6 +17,13 @@ module QA Page::Project::Show.act { project_name } end + product :repository_ssh_location do + Page::Project::Show.act do + choose_repository_clone_ssh + repository_location + end + end + def fabricate! group.visit! diff --git a/qa/qa/factory/resource/secret_variable.rb b/qa/qa/factory/resource/secret_variable.rb index c734d739b4a..12a830da116 100644 --- a/qa/qa/factory/resource/secret_variable.rb +++ b/qa/qa/factory/resource/secret_variable.rb @@ -16,8 +16,7 @@ module QA Page::Project::Settings::CICD.perform do |setting| setting.expand_secret_variables do |page| - page.fill_variable_key(key) - page.fill_variable_value(value) + page.fill_variable(key, value) page.save_variables end diff --git a/qa/qa/git/location.rb b/qa/qa/git/location.rb index 30538388530..b74f38f3ae3 100644 --- a/qa/qa/git/location.rb +++ b/qa/qa/git/location.rb @@ -14,7 +14,7 @@ module QA def initialize(git_uri) @git_uri = git_uri @uri = - if git_uri.start_with?('ssh://') + if git_uri =~ %r{\A(?:ssh|http|https)://} URI.parse(git_uri) else *rest, path = git_uri.split(':') diff --git a/qa/qa/git/repository.rb b/qa/qa/git/repository.rb index 2f9f06ba277..1367671e3ca 100644 --- a/qa/qa/git/repository.rb +++ b/qa/qa/git/repository.rb @@ -15,8 +15,7 @@ module QA end end - def location=(address) - @location = address + def uri=(address) @uri = URI(address) end @@ -43,6 +42,10 @@ module QA `git checkout "#{branch_name}"` end + def checkout_new_branch(branch_name) + `git checkout -b "#{branch_name}"` + end + def shallow_clone clone('--depth 1') end diff --git a/qa/qa/page/base.rb b/qa/qa/page/base.rb index a313d46205d..0a69af88570 100644 --- a/qa/qa/page/base.rb +++ b/qa/qa/page/base.rb @@ -64,6 +64,10 @@ module QA find(element_selector_css(name)) end + def all_elements(name) + all(element_selector_css(name)) + end + def click_element(name) find_element(name).click end diff --git a/qa/qa/page/project/settings/deploy_keys.rb b/qa/qa/page/project/settings/deploy_keys.rb index 332e84724c7..4428e263bbb 100644 --- a/qa/qa/page/project/settings/deploy_keys.rb +++ b/qa/qa/page/project/settings/deploy_keys.rb @@ -42,6 +42,18 @@ module QA end end + def key_titles + within_project_deploy_keys do + all_elements(:key_title) + end + end + + def key_fingerprints + within_project_deploy_keys do + all_elements(:key_fingerprint) + end + end + private def within_project_deploy_keys diff --git a/qa/qa/page/project/settings/protected_branches.rb b/qa/qa/page/project/settings/protected_branches.rb index f3563401124..63bc3aaa2bc 100644 --- a/qa/qa/page/project/settings/protected_branches.rb +++ b/qa/qa/page/project/settings/protected_branches.rb @@ -11,6 +11,13 @@ module QA view 'app/views/projects/protected_branches/_create_protected_branch.html.haml' do element :allowed_to_push_select element :allowed_to_push_dropdown + element :allowed_to_merge_select + element :allowed_to_merge_dropdown + end + + view 'app/views/projects/protected_branches/_update_protected_branch.html.haml' do + element :allowed_to_push + element :allowed_to_merge end view 'app/views/projects/protected_branches/shared/_branches_list.html.haml' do @@ -30,11 +37,19 @@ module QA end def allow_no_one_to_push - allow_to_push('No one') + click_allow(:push, 'No one') end def allow_devs_and_masters_to_push - allow_to_push('Developers + Masters') + click_allow(:push, 'Developers + Masters') + end + + def allow_no_one_to_merge + click_allow(:merge, 'No one') + end + + def allow_devs_and_masters_to_merge + click_allow(:merge, 'Developers + Masters') end def protect_branch @@ -55,11 +70,15 @@ module QA private - def allow_to_push(text) - click_element :allowed_to_push_select + def click_allow(action, text) + click_element :"allowed_to_#{action}_select" - within_element(:allowed_to_push_dropdown) do + within_element(:"allowed_to_#{action}_dropdown") do click_on text + + wait(reload: false) do + has_css?('.is-active') + end end end end diff --git a/qa/qa/page/project/settings/secret_variables.rb b/qa/qa/page/project/settings/secret_variables.rb index c95c79f137d..d2f5d5a9060 100644 --- a/qa/qa/page/project/settings/secret_variables.rb +++ b/qa/qa/page/project/settings/secret_variables.rb @@ -7,10 +7,8 @@ module QA view 'app/views/ci/variables/_variable_row.html.haml' do element :variable_row, '.ci-variable-row-body' - element :variable_key, '.js-ci-variable-input-key' - element :variable_value, '.js-ci-variable-input-value' - element :key_placeholder, 'Input variable key' - element :value_placeholder, 'Input variable value' + element :variable_key, '.qa-ci-variable-input-key' + element :variable_value, '.qa-ci-variable-input-value' end view 'app/views/ci/variables/_index.html.haml' do @@ -18,12 +16,14 @@ module QA element :reveal_values, '.js-secret-value-reveal-button' end - def fill_variable_key(key) - fill_in('Input variable key', with: key, match: :first) - end + def fill_variable(key, value) + keys = all_elements(:ci_variable_input_key) + index = keys.size - 1 - def fill_variable_value(value) - fill_in('Input variable value', with: value, match: :first) + # After we fill the key, JS would generate another field so + # we need to use the same index to find the corresponding one. + keys[index].set(key) + all_elements(:ci_variable_input_value)[index].set(value) end def save_variables @@ -36,7 +36,7 @@ module QA def variable_value(key) within('.ci-variable-row-body', text: key) do - find('.js-ci-variable-input-value').value + find('.qa-ci-variable-input-value').value end end end diff --git a/qa/qa/page/project/show.rb b/qa/qa/page/project/show.rb index c7e7ece792d..5bbef040330 100644 --- a/qa/qa/page/project/show.rb +++ b/qa/qa/page/project/show.rb @@ -38,11 +38,7 @@ module QA end def repository_location - find('#project_clone').value - end - - def repository_location_uri - Git::Location.new(repository_location) + Git::Location.new(find('#project_clone').value) end def project_name @@ -91,7 +87,7 @@ module QA end # Ensure git clone textbox was updated - repository_location.include?(detect_text) + repository_location.git_uri.include?(detect_text) end end end diff --git a/qa/qa/runtime/key/base.rb b/qa/qa/runtime/key/base.rb new file mode 100644 index 00000000000..c7e5ebada7b --- /dev/null +++ b/qa/qa/runtime/key/base.rb @@ -0,0 +1,36 @@ +module QA + module Runtime + module Key + class Base + attr_reader :name, :bits, :private_key, :public_key, :fingerprint + + def initialize(name, bits) + @name = name + @bits = bits + + Dir.mktmpdir do |dir| + path = "#{dir}/id_#{name}" + + ssh_keygen(name, bits, path) + populate_key_data(path) + end + end + + private + + def ssh_keygen(name, bits, path) + cmd = %W[ssh-keygen -t #{name} -b #{bits} -f #{path} -N] << '' + + Service::Shellout.shell(cmd) + end + + def populate_key_data(path) + @private_key = File.binread(path) + @public_key = File.binread("#{path}.pub") + @fingerprint = + `ssh-keygen -l -E md5 -f #{path} | cut -d' ' -f2 | cut -d: -f2-`.chomp + end + end + end + end +end diff --git a/qa/qa/runtime/key/ecdsa.rb b/qa/qa/runtime/key/ecdsa.rb new file mode 100644 index 00000000000..20adad45913 --- /dev/null +++ b/qa/qa/runtime/key/ecdsa.rb @@ -0,0 +1,12 @@ +# rubocop:disable Naming/FileName +module QA + module Runtime + module Key + class ECDSA < Base + def initialize(bits = 521) + super('ecdsa', bits) + end + end + end + end +end diff --git a/qa/qa/runtime/key/ed25519.rb b/qa/qa/runtime/key/ed25519.rb new file mode 100644 index 00000000000..63865c1cee5 --- /dev/null +++ b/qa/qa/runtime/key/ed25519.rb @@ -0,0 +1,12 @@ +# rubocop:disable Naming/FileName +module QA + module Runtime + module Key + class ED25519 < Base + def initialize + super('ed25519', 256) + end + end + end + end +end diff --git a/qa/qa/runtime/key/rsa.rb b/qa/qa/runtime/key/rsa.rb new file mode 100644 index 00000000000..d94bde52325 --- /dev/null +++ b/qa/qa/runtime/key/rsa.rb @@ -0,0 +1,11 @@ +module QA + module Runtime + module Key + class RSA < Base + def initialize(bits = 4096) + super('rsa', bits) + end + end + end + end +end diff --git a/qa/qa/runtime/rsa_key.rb b/qa/qa/runtime/rsa_key.rb deleted file mode 100644 index fcd7dcc4f02..00000000000 --- a/qa/qa/runtime/rsa_key.rb +++ /dev/null @@ -1,21 +0,0 @@ -require 'net/ssh' -require 'forwardable' - -module QA - module Runtime - class RSAKey - extend Forwardable - - attr_reader :key - def_delegators :@key, :fingerprint, :to_pem - - def initialize(bits = 4096) - @key = OpenSSL::PKey::RSA.new(bits) - end - - def public_key - @public_key ||= "#{key.ssh_type} #{[key.to_blob].pack('m0')}" - end - end - end -end diff --git a/qa/qa/service/shellout.rb b/qa/qa/service/shellout.rb index 76fb2af6319..1ca9504bb33 100644 --- a/qa/qa/service/shellout.rb +++ b/qa/qa/service/shellout.rb @@ -5,6 +5,8 @@ module QA module Shellout CommandError = Class.new(StandardError) + module_function + ## # TODO, make it possible to use generic QA framework classes # as a library - gitlab-org/gitlab-qa#94 @@ -12,7 +14,7 @@ module QA def shell(command) puts "Executing `#{command}`" - Open3.popen2e(command) do |_in, out, wait| + Open3.popen2e(*command) do |_in, out, wait| out.each { |line| puts line } if wait.value.exited? && wait.value.exitstatus.nonzero? diff --git a/qa/qa/specs/features/project/add_deploy_key_spec.rb b/qa/qa/specs/features/project/add_deploy_key_spec.rb index b9998dda895..de53613dee1 100644 --- a/qa/qa/specs/features/project/add_deploy_key_spec.rb +++ b/qa/qa/specs/features/project/add_deploy_key_spec.rb @@ -4,7 +4,7 @@ module QA Runtime::Browser.visit(:gitlab, Page::Main::Login) Page::Main::Login.act { sign_in_using_credentials } - key = Runtime::RSAKey.new + key = Runtime::Key::RSA.new deploy_key_title = 'deploy key title' deploy_key_value = key.public_key @@ -13,7 +13,6 @@ module QA resource.key = deploy_key_value end - expect(deploy_key.title).to eq(deploy_key_title) expect(deploy_key.fingerprint).to eq(key.fingerprint) end end diff --git a/qa/qa/specs/features/project/deploy_key_clone_spec.rb b/qa/qa/specs/features/project/deploy_key_clone_spec.rb index 19d3c83758a..98ea86bf75e 100644 --- a/qa/qa/specs/features/project/deploy_key_clone_spec.rb +++ b/qa/qa/specs/features/project/deploy_key_clone_spec.rb @@ -2,79 +2,103 @@ require 'digest/sha1' module QA feature 'cloning code using a deploy key', :core, :docker do - let(:runner_name) { "qa-runner-#{Time.now.to_i}" } - let(:key) { Runtime::RSAKey.new } + def login + Runtime::Browser.visit(:gitlab, Page::Main::Login) + Page::Main::Login.act { sign_in_using_credentials } + end - given(:project) do - Factory::Resource::Project.fabricate! do |resource| + before(:all) do + login + + @runner_name = "qa-runner-#{Time.now.to_i}" + + @project = Factory::Resource::Project.fabricate! do |resource| resource.name = 'deploy-key-clone-project' end - end - after do - Service::Runner.new(runner_name).remove! - end - - scenario 'user sets up a deploy key to clone code using pipelines' do - Runtime::Browser.visit(:gitlab, Page::Main::Login) - Page::Main::Login.act { sign_in_using_credentials } + @repository_location = @project.repository_ssh_location Factory::Resource::Runner.fabricate! do |resource| - resource.project = project - resource.name = runner_name + resource.project = @project + resource.name = @runner_name resource.tags = %w[qa docker] resource.image = 'gitlab/gitlab-runner:ubuntu' end - Factory::Resource::DeployKey.fabricate! do |resource| - resource.project = project - resource.title = 'deploy key title' - resource.key = key.public_key - end + Page::Menu::Main.act { sign_out } + end - Factory::Resource::SecretVariable.fabricate! do |resource| - resource.project = project - resource.key = 'DEPLOY_KEY' - resource.value = key.to_pem - end + after(:all) do + Service::Runner.new(@runner_name).remove! + end - project.visit! + keys = [ + Runtime::Key::RSA.new(8192), + Runtime::Key::ECDSA.new(521), + Runtime::Key::ED25519.new + ] - repository_uri = Page::Project::Show.act do - choose_repository_clone_ssh - repository_location_uri - end + keys.each do |key| + scenario "user sets up a deploy key with #{key.name}(#{key.bits}) to clone code using pipelines" do + login - gitlab_ci = <<~YAML - cat-config: - script: - - mkdir -p ~/.ssh - - ssh-keyscan -p #{repository_uri.port} #{repository_uri.host} >> ~/.ssh/known_hosts - - eval $(ssh-agent -s) - - echo "$DEPLOY_KEY" | ssh-add - - - git clone #{repository_uri.git_uri} - - sha1sum #{project.name}/.gitlab-ci.yml - tags: - - qa - - docker - YAML - - Factory::Repository::Push.fabricate! do |resource| - resource.project = project - resource.file_name = '.gitlab-ci.yml' - resource.commit_message = 'Add .gitlab-ci.yml' - resource.file_content = gitlab_ci - end + Factory::Resource::DeployKey.fabricate! do |resource| + resource.project = @project + resource.title = "deploy key #{key.name}(#{key.bits})" + resource.key = key.public_key + end + + deploy_key_name = "DEPLOY_KEY_#{key.name}_#{key.bits}" + + Factory::Resource::SecretVariable.fabricate! do |resource| + resource.project = @project + resource.key = deploy_key_name + resource.value = key.private_key + end + + gitlab_ci = <<~YAML + cat-config: + script: + - mkdir -p ~/.ssh + - ssh-keyscan -p #{@repository_location.port} #{@repository_location.host} >> ~/.ssh/known_hosts + - eval $(ssh-agent -s) + - ssh-add -D + - echo "$#{deploy_key_name}" | ssh-add - + - git clone #{@repository_location.git_uri} + - cd #{@project.name} + - git checkout #{deploy_key_name} + - sha1sum .gitlab-ci.yml + tags: + - qa + - docker + YAML + + Factory::Repository::Push.fabricate! do |resource| + resource.project = @project + resource.file_name = '.gitlab-ci.yml' + resource.commit_message = 'Add .gitlab-ci.yml' + resource.file_content = gitlab_ci + resource.branch_name = deploy_key_name + resource.new_branch = true + end + + sha1sum = Digest::SHA1.hexdigest(gitlab_ci) + + Page::Project::Show.act { wait_for_push } + Page::Menu::Side.act { click_ci_cd_pipelines } + Page::Project::Pipeline::Index.act { go_to_latest_pipeline } - sha1sum = Digest::SHA1.hexdigest(gitlab_ci) + Page::Project::Pipeline::Show.act do + go_to_first_job - Page::Project::Show.act { wait_for_push } - Page::Menu::Side.act { click_ci_cd_pipelines } - Page::Project::Pipeline::Index.act { go_to_latest_pipeline } - Page::Project::Pipeline::Show.act { go_to_first_job } + wait do + !has_content?('running') + end + end - Page::Project::Job::Show.perform do |job| - expect(job.output).to include(sha1sum) + Page::Project::Job::Show.perform do |job| + expect(job.output).to include(sha1sum) + end end end end diff --git a/qa/qa/specs/features/repository/clone_spec.rb b/qa/qa/specs/features/repository/clone_spec.rb index 2adb7524a46..bc9eb57bdb4 100644 --- a/qa/qa/specs/features/repository/clone_spec.rb +++ b/qa/qa/specs/features/repository/clone_spec.rb @@ -18,7 +18,7 @@ module QA end Git::Repository.perform do |repository| - repository.location = location + repository.uri = location.uri repository.use_default_credentials repository.act do @@ -33,7 +33,7 @@ module QA scenario 'user performs a deep clone' do Git::Repository.perform do |repository| - repository.location = location + repository.uri = location.uri repository.use_default_credentials repository.act { clone } @@ -44,7 +44,7 @@ module QA scenario 'user performs a shallow clone' do Git::Repository.perform do |repository| - repository.location = location + repository.uri = location.uri repository.use_default_credentials repository.act { shallow_clone } diff --git a/qa/qa/specs/features/repository/protected_branches_spec.rb b/qa/qa/specs/features/repository/protected_branches_spec.rb index 88fa4994e32..406b2772b64 100644 --- a/qa/qa/specs/features/repository/protected_branches_spec.rb +++ b/qa/qa/specs/features/repository/protected_branches_spec.rb @@ -19,6 +19,13 @@ module QA Page::Main::Login.act { sign_in_using_credentials } end + after do + # We need to clear localStorage because we're using it for the dropdown, + # and capybara doesn't do this for us. + # https://github.com/teamcapybara/capybara/issues/1702 + Capybara.execute_script 'localStorage.clear()' + end + scenario 'user is able to protect a branch' do protected_branch = Factory::Resource::Branch.fabricate! do |resource| resource.branch_name = branch_name @@ -42,7 +49,7 @@ module QA project.visit! Git::Repository.perform do |repository| - repository.location = location + repository.uri = location.uri repository.use_default_credentials repository.act do diff --git a/qa/spec/runtime/key/ecdsa_spec.rb b/qa/spec/runtime/key/ecdsa_spec.rb new file mode 100644 index 00000000000..8951e82b9bb --- /dev/null +++ b/qa/spec/runtime/key/ecdsa_spec.rb @@ -0,0 +1,18 @@ +describe QA::Runtime::Key::ECDSA do + describe '#public_key' do + [256, 384, 521].each do |bits| + it "generates a public #{bits}-bits ECDSA key" do + subject = described_class.new(bits).public_key + + expect(subject).to match(%r{\Aecdsa\-sha2\-\w+ AAAA[0-9A-Za-z+/]+={0,3}}) + end + end + end + + describe '#new' do + it 'does not support arbitrary bits' do + expect { described_class.new(123) } + .to raise_error(QA::Service::Shellout::CommandError) + end + end +end diff --git a/qa/spec/runtime/key/ed25519_spec.rb b/qa/spec/runtime/key/ed25519_spec.rb new file mode 100644 index 00000000000..4844e7affdf --- /dev/null +++ b/qa/spec/runtime/key/ed25519_spec.rb @@ -0,0 +1,9 @@ +describe QA::Runtime::Key::ED25519 do + describe '#public_key' do + subject { described_class.new.public_key } + + it 'generates a public ED25519 key' do + expect(subject).to match(%r{\Assh\-ed25519 AAAA[0-9A-Za-z+/]}) + end + end +end diff --git a/qa/spec/runtime/rsa_key.rb b/qa/spec/runtime/key/rsa_spec.rb index 6d7ab4dcd2e..fbcc7ffdcb4 100644 --- a/qa/spec/runtime/rsa_key.rb +++ b/qa/spec/runtime/key/rsa_spec.rb @@ -1,9 +1,9 @@ -describe QA::Runtime::RSAKey do +describe QA::Runtime::Key::RSA do describe '#public_key' do subject { described_class.new.public_key } it 'generates a public RSA key' do - expect(subject).to match(%r{\Assh\-rsa AAAA[0-9A-Za-z+/]+={0,3}\z}) + expect(subject).to match(%r{\Assh\-rsa AAAA[0-9A-Za-z+/]+={0,3}}) end end end diff --git a/spec/features/groups/members/manage_access_requests_spec.rb b/spec/features/groups/members/manage_access_requests_spec.rb deleted file mode 100644 index b83cd657ef7..00000000000 --- a/spec/features/groups/members/manage_access_requests_spec.rb +++ /dev/null @@ -1,47 +0,0 @@ -require 'spec_helper' - -feature 'Groups > Members > Manage access requests' do - let(:user) { create(:user) } - let(:owner) { create(:user) } - let(:group) { create(:group, :public, :access_requestable) } - - background do - group.request_access(user) - group.add_owner(owner) - sign_in(owner) - end - - scenario 'owner can see access requests' do - visit group_group_members_path(group) - - expect_visible_access_request(group, user) - end - - scenario 'owner can grant access' do - visit group_group_members_path(group) - - expect_visible_access_request(group, user) - - perform_enqueued_jobs { click_on 'Grant access' } - - expect(ActionMailer::Base.deliveries.last.to).to eq [user.notification_email] - expect(ActionMailer::Base.deliveries.last.subject).to match "Access to the #{group.name} group was granted" - end - - scenario 'owner can deny access' do - visit group_group_members_path(group) - - expect_visible_access_request(group, user) - - perform_enqueued_jobs { click_on 'Deny access' } - - expect(ActionMailer::Base.deliveries.last.to).to eq [user.notification_email] - expect(ActionMailer::Base.deliveries.last.subject).to match "Access to the #{group.name} group was denied" - end - - def expect_visible_access_request(group, user) - expect(group.requesters.exists?(user_id: user)).to be_truthy - expect(page).to have_content "Users requesting access to #{group.name} 1" - expect(page).to have_content user.name - end -end diff --git a/spec/features/groups/members/master_manages_access_requests_spec.rb b/spec/features/groups/members/master_manages_access_requests_spec.rb new file mode 100644 index 00000000000..2fd6d1ec599 --- /dev/null +++ b/spec/features/groups/members/master_manages_access_requests_spec.rb @@ -0,0 +1,8 @@ +require 'spec_helper' + +feature 'Groups > Members > Master manages access requests' do + it_behaves_like 'Master manages access requests' do + let(:entity) { create(:group, :public, :access_requestable) } + let(:members_page_path) { group_group_members_path(entity) } + end +end diff --git a/spec/features/projects/members/master_manages_access_requests_spec.rb b/spec/features/projects/members/master_manages_access_requests_spec.rb index 1f4eec0a317..3ac6ca4fc86 100644 --- a/spec/features/projects/members/master_manages_access_requests_spec.rb +++ b/spec/features/projects/members/master_manages_access_requests_spec.rb @@ -1,47 +1,8 @@ require 'spec_helper' feature 'Projects > Members > Master manages access requests' do - let(:user) { create(:user) } - let(:master) { create(:user) } - let(:project) { create(:project, :public, :access_requestable) } - - background do - project.request_access(user) - project.add_master(master) - sign_in(master) - end - - scenario 'master can see access requests' do - visit project_project_members_path(project) - - expect_visible_access_request(project, user) - end - - scenario 'master can grant access' do - visit project_project_members_path(project) - - expect_visible_access_request(project, user) - - perform_enqueued_jobs { click_on 'Grant access' } - - expect(ActionMailer::Base.deliveries.last.to).to eq [user.notification_email] - expect(ActionMailer::Base.deliveries.last.subject).to match "Access to the #{project.full_name} project was granted" - end - - scenario 'master can deny access' do - visit project_project_members_path(project) - - expect_visible_access_request(project, user) - - perform_enqueued_jobs { click_on 'Deny access' } - - expect(ActionMailer::Base.deliveries.last.to).to eq [user.notification_email] - expect(ActionMailer::Base.deliveries.last.subject).to match "Access to the #{project.full_name} project was denied" - end - - def expect_visible_access_request(project, user) - expect(project.requesters.exists?(user_id: user)).to be_truthy - expect(page).to have_content "Users requesting access to #{project.name} 1" - expect(page).to have_content user.name + it_behaves_like 'Master manages access requests' do + let(:entity) { create(:project, :public, :access_requestable) } + let(:members_page_path) { project_project_members_path(entity) } end end diff --git a/spec/features/projects/tree/upload_file_spec.rb b/spec/features/projects/tree/upload_file_spec.rb index 8e53ae15700..4dfc325b37e 100644 --- a/spec/features/projects/tree/upload_file_spec.rb +++ b/spec/features/projects/tree/upload_file_spec.rb @@ -35,17 +35,4 @@ feature 'Multi-file editor upload file', :js do expect(page).to have_selector('.multi-file-tab', text: 'doc_sample.txt') expect(find('.blob-editor-container .lines-content')['innerText']).to have_content(File.open(txt_file, &:readline)) end - - it 'uploads image file' do - find('.add-to-tree').click - - # make the field visible so capybara can use it - execute_script('document.querySelector("#file-upload").classList.remove("hidden")') - attach_file('file-upload', img_file) - - find('.add-to-tree').click - - expect(page).to have_selector('.multi-file-tab', text: 'dk.png') - expect(page).not_to have_selector('.monaco-editor') - end end diff --git a/spec/finders/pipelines_finder_spec.rb b/spec/finders/pipelines_finder_spec.rb index 2b19cda35b0..d6253b605b9 100644 --- a/spec/finders/pipelines_finder_spec.rb +++ b/spec/finders/pipelines_finder_spec.rb @@ -203,5 +203,25 @@ describe PipelinesFinder do end end end + + context 'when sha is specified' do + let!(:pipeline) { create(:ci_pipeline, project: project, sha: '97de212e80737a608d939f648d959671fb0a0142') } + + context 'when sha exists' do + let(:params) { { sha: '97de212e80737a608d939f648d959671fb0a0142' } } + + it 'returns matched pipelines' do + is_expected.to eq([pipeline]) + end + end + + context 'when sha does not exist' do + let(:params) { { sha: 'invalid-sha' } } + + it 'returns empty' do + is_expected.to be_empty + end + end + end end end diff --git a/spec/javascripts/vue_mr_widget/components/states/mr_widget_failed_to_merge_spec.js b/spec/javascripts/vue_mr_widget/components/states/mr_widget_failed_to_merge_spec.js index dd1d62cd4ed..a0a74648328 100644 --- a/spec/javascripts/vue_mr_widget/components/states/mr_widget_failed_to_merge_spec.js +++ b/spec/javascripts/vue_mr_widget/components/states/mr_widget_failed_to_merge_spec.js @@ -4,21 +4,37 @@ import eventHub from '~/vue_merge_request_widget/event_hub'; import mountComponent from 'spec/helpers/vue_mount_component_helper'; describe('MRWidgetFailedToMerge', () => { + const dummyIntervalId = 1337; let Component; let vm; beforeEach(() => { Component = Vue.extend(failedToMergeComponent); spyOn(eventHub, '$emit'); - vm = mountComponent(Component, { mr: { - mergeError: 'Merge error happened.', - } }); + spyOn(window, 'setInterval').and.returnValue(dummyIntervalId); + spyOn(window, 'clearInterval').and.stub(); + vm = mountComponent(Component, { + mr: { + mergeError: 'Merge error happened.', + }, + }); }); afterEach(() => { vm.$destroy(); }); + it('sets interval to refresh', () => { + expect(window.setInterval).toHaveBeenCalledWith(vm.updateTimer, 1000); + expect(vm.intervalId).toBe(dummyIntervalId); + }); + + it('clears interval when destroying ', () => { + vm.$destroy(); + + expect(window.clearInterval).toHaveBeenCalledWith(dummyIntervalId); + }); + describe('computed', () => { describe('timerText', () => { it('should return correct timer text', () => { @@ -65,11 +81,13 @@ describe('MRWidgetFailedToMerge', () => { }); describe('while it is refreshing', () => { - it('renders Refresing now', (done) => { + it('renders Refresing now', done => { vm.isRefreshing = true; Vue.nextTick(() => { - expect(vm.$el.querySelector('.js-refresh-label').textContent.trim()).toEqual('Refreshing now'); + expect(vm.$el.querySelector('.js-refresh-label').textContent.trim()).toEqual( + 'Refreshing now', + ); done(); }); }); @@ -78,11 +96,15 @@ describe('MRWidgetFailedToMerge', () => { describe('while it is not regresing', () => { it('renders warning icon and disabled merge button', () => { expect(vm.$el.querySelector('.js-ci-status-icon-warning')).not.toBeNull(); - expect(vm.$el.querySelector('.js-disabled-merge-button').getAttribute('disabled')).toEqual('disabled'); + expect(vm.$el.querySelector('.js-disabled-merge-button').getAttribute('disabled')).toEqual( + 'disabled', + ); }); it('renders given error', () => { - expect(vm.$el.querySelector('.has-error-message').textContent.trim()).toEqual('Merge error happened..'); + expect(vm.$el.querySelector('.has-error-message').textContent.trim()).toEqual( + 'Merge error happened..', + ); }); it('renders refresh button', () => { @@ -90,13 +112,13 @@ describe('MRWidgetFailedToMerge', () => { }); it('renders remaining time', () => { - expect( - vm.$el.querySelector('.has-custom-error').textContent.trim(), - ).toEqual('Refreshing in 10 seconds to show the updated status...'); + expect(vm.$el.querySelector('.has-custom-error').textContent.trim()).toEqual( + 'Refreshing in 10 seconds to show the updated status...', + ); }); }); - it('should just generic merge failed message if merge_error is not available', (done) => { + it('should just generic merge failed message if merge_error is not available', done => { vm.mr.mergeError = null; Vue.nextTick(() => { @@ -106,7 +128,7 @@ describe('MRWidgetFailedToMerge', () => { }); }); - it('should show refresh label when refresh requested', (done) => { + it('should show refresh label when refresh requested', done => { vm.refresh(); Vue.nextTick(() => { expect(vm.$el.innerText).not.toContain('Merge failed. Refreshing'); diff --git a/spec/lib/gitlab/pages_client_spec.rb b/spec/lib/gitlab/pages_client_spec.rb new file mode 100644 index 00000000000..da6d26f4aee --- /dev/null +++ b/spec/lib/gitlab/pages_client_spec.rb @@ -0,0 +1,172 @@ +require 'spec_helper' + +describe Gitlab::PagesClient do + subject { described_class } + + describe '.token' do + it 'returns the token as it is on disk' do + pending 'add omnibus support for generating the secret file https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests/2466' + expect(subject.token).to eq(File.read('.gitlab_pages_secret')) + end + end + + describe '.read_or_create_token' do + subject { described_class.read_or_create_token } + let(:token_path) { 'tmp/tests/gitlab-pages-secret' } + before do + allow(described_class).to receive(:token_path).and_return(token_path) + FileUtils.rm_f(token_path) + end + + it 'uses the existing token file if it exists' do + secret = 'existing secret' + File.write(token_path, secret) + + subject + expect(described_class.token).to eq(secret) + end + + it 'creates one if none exists' do + pending 'add omnibus support for generating the secret file https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests/2466' + + old_token = described_class.token + # sanity check + expect(File.exist?(token_path)).to eq(false) + + subject + expect(described_class.token.bytesize).to eq(64) + expect(described_class.token).not_to eq(old_token) + end + end + + describe '.write_token' do + let(:token_path) { 'tmp/tests/gitlab-pages-secret' } + before do + allow(described_class).to receive(:token_path).and_return(token_path) + FileUtils.rm_f(token_path) + end + + it 'writes the secret' do + new_secret = 'hello new secret' + expect(File.exist?(token_path)).to eq(false) + + described_class.send(:write_token, new_secret) + + expect(File.read(token_path)).to eq(new_secret) + end + + it 'does nothing if the file already exists' do + existing_secret = 'hello secret' + File.write(token_path, existing_secret) + + described_class.send(:write_token, 'new secret') + + expect(File.read(token_path)).to eq(existing_secret) + end + end + + describe '.load_certificate' do + subject { described_class.load_certificate } + before do + allow(described_class).to receive(:config).and_return(config) + end + + context 'with no certificate in the config' do + let(:config) { double(:config, certificate: '') } + + it 'does not set @certificate' do + subject + + expect(described_class.certificate).to be_nil + end + end + + context 'with a certificate path in the config' do + let(:certificate_path) { 'tmp/tests/fake-certificate' } + let(:config) { double(:config, certificate: certificate_path) } + + it 'sets @certificate' do + certificate_data = "--- BEGIN CERTIFICATE ---\nbla\n--- END CERTIFICATE ---\n" + File.write(certificate_path, certificate_data) + subject + + expect(described_class.certificate).to eq(certificate_data) + end + end + end + + describe '.request_kwargs' do + let(:token) { 'secret token' } + let(:auth_header) { 'Bearer c2VjcmV0IHRva2Vu' } + before do + allow(described_class).to receive(:token).and_return(token) + end + + context 'without timeout' do + it { expect(subject.send(:request_kwargs, nil)[:metadata]['authorization']).to eq(auth_header) } + end + + context 'with timeout' do + let(:timeout) { 1.second } + + it 'still sets the authorization header' do + expect(subject.send(:request_kwargs, timeout)[:metadata]['authorization']).to eq(auth_header) + end + + it 'sets a deadline value' do + now = Time.now + deadline = subject.send(:request_kwargs, timeout)[:deadline] + + expect(deadline).to be_between(now, now + 2 * timeout) + end + end + end + + describe '.stub' do + before do + allow(described_class).to receive(:address).and_return('unix:/foo/bar') + end + + it { expect(subject.send(:stub, :health_check)).to be_a(Grpc::Health::V1::Health::Stub) } + end + + describe '.address' do + subject { described_class.send(:address) } + + before do + allow(described_class).to receive(:config).and_return(config) + end + + context 'with a unix: address' do + let(:config) { double(:config, address: 'unix:/foo/bar') } + + it { expect(subject).to eq('unix:/foo/bar') } + end + + context 'with a tcp:// address' do + let(:config) { double(:config, address: 'tcp://localhost:1234') } + + it { expect(subject).to eq('localhost:1234') } + end + end + + describe '.grpc_creds' do + subject { described_class.send(:grpc_creds) } + + before do + allow(described_class).to receive(:config).and_return(config) + end + + context 'with a unix: address' do + let(:config) { double(:config, address: 'unix:/foo/bar') } + + it { expect(subject).to eq(:this_channel_is_insecure) } + end + + context 'with a tcp:// address' do + let(:config) { double(:config, address: 'tcp://localhost:1234') } + + it { expect(subject).to be_a(GRPC::Core::ChannelCredentials) } + end + end +end diff --git a/spec/lib/omni_auth/strategies/jwt_spec.rb b/spec/lib/omni_auth/strategies/jwt_spec.rb new file mode 100644 index 00000000000..23485fbcb18 --- /dev/null +++ b/spec/lib/omni_auth/strategies/jwt_spec.rb @@ -0,0 +1,87 @@ +require 'spec_helper' + +describe OmniAuth::Strategies::Jwt do + include Rack::Test::Methods + include DeviseHelpers + + context '.decoded' do + let(:strategy) { described_class.new({}) } + let(:timestamp) { Time.now.to_i } + let(:jwt_config) { Devise.omniauth_configs[:jwt] } + let(:key) { JWT.encode(claims, jwt_config.strategy.secret) } + + let(:claims) do + { + id: 123, + name: "user_example", + email: "user@example.com", + iat: timestamp + } + end + + before do + allow_any_instance_of(OmniAuth::Strategy).to receive(:options).and_return(jwt_config.strategy) + allow_any_instance_of(Rack::Request).to receive(:params).and_return({ 'jwt' => key }) + end + + it 'decodes the user information' do + result = strategy.decoded + + expect(result["id"]).to eq(123) + expect(result["name"]).to eq("user_example") + expect(result["email"]).to eq("user@example.com") + expect(result["iat"]).to eq(timestamp) + end + + context 'required claims is missing' do + let(:claims) do + { + id: 123, + email: "user@example.com", + iat: timestamp + } + end + + it 'raises error' do + expect { strategy.decoded }.to raise_error(OmniAuth::Strategies::JWT::ClaimInvalid) + end + end + + context 'when valid_within is specified but iat attribute is missing in response' do + let(:claims) do + { + id: 123, + name: "user_example", + email: "user@example.com" + } + end + + before do + jwt_config.strategy.valid_within = Time.now.to_i + end + + it 'raises error' do + expect { strategy.decoded }.to raise_error(OmniAuth::Strategies::JWT::ClaimInvalid) + end + end + + context 'when timestamp claim is too skewed from present' do + let(:claims) do + { + id: 123, + name: "user_example", + email: "user@example.com", + iat: timestamp - 10.minutes.to_i + } + end + + before do + jwt_config.strategy.valid_within = 2.seconds + end + + it 'raises error' do + expect { strategy.decoded }.to raise_error(OmniAuth::Strategies::JWT::ClaimInvalid) + end + end + end +end diff --git a/spec/models/members/group_member_spec.rb b/spec/models/members/group_member_spec.rb index 5a3b5b1f517..ffc78015f94 100644 --- a/spec/models/members/group_member_spec.rb +++ b/spec/models/members/group_member_spec.rb @@ -28,52 +28,12 @@ describe GroupMember do end end - describe 'notifications' do - describe "#after_create" do - it "sends email to user" do - membership = build(:group_member) + it_behaves_like 'members notifications', :group - allow(membership).to receive(:notification_service) - .and_return(double('NotificationService').as_null_object) - expect(membership).to receive(:notification_service) + describe '#real_source_type' do + subject { create(:group_member).real_source_type } - membership.save - end - end - - describe "#after_update" do - before do - @group_member = create :group_member - allow(@group_member).to receive(:notification_service) - .and_return(double('NotificationService').as_null_object) - end - - it "sends email to user" do - expect(@group_member).to receive(:notification_service) - @group_member.update_attribute(:access_level, GroupMember::MASTER) - end - - it "does not send an email when the access level has not changed" do - expect(@group_member).not_to receive(:notification_service) - @group_member.update_attribute(:access_level, GroupMember::OWNER) - end - end - - describe '#after_accept_request' do - it 'calls NotificationService.accept_group_access_request' do - member = create(:group_member, user: build(:user), requested_at: Time.now) - - expect_any_instance_of(NotificationService).to receive(:new_group_member) - - member.__send__(:after_accept_request) - end - end - - describe '#real_source_type' do - subject { create(:group_member).real_source_type } - - it { is_expected.to eq 'Group' } - end + it { is_expected.to eq 'Group' } end describe '#update_two_factor_requirement' do diff --git a/spec/models/members/project_member_spec.rb b/spec/models/members/project_member_spec.rb index b8b0e63f92e..574eb468e4c 100644 --- a/spec/models/members/project_member_spec.rb +++ b/spec/models/members/project_member_spec.rb @@ -123,15 +123,5 @@ describe ProjectMember do it { expect(@project_2.users).to be_empty } end - describe 'notifications' do - describe '#after_accept_request' do - it 'calls NotificationService.new_project_member' do - member = create(:project_member, user: create(:user), requested_at: Time.now) - - expect_any_instance_of(NotificationService).to receive(:new_project_member) - - member.__send__(:after_accept_request) - end - end - end + it_behaves_like 'members notifications', :project end diff --git a/spec/models/repository_spec.rb b/spec/models/repository_spec.rb index e45fe7db1e7..630b9e0519f 100644 --- a/spec/models/repository_spec.rb +++ b/spec/models/repository_spec.rb @@ -1224,15 +1224,15 @@ describe Repository do end end - shared_examples 'repo exists check' do + describe '#exists?' do it 'returns true when a repository exists' do - expect(repository.exists?).to eq(true) + expect(repository.exists?).to be(true) end it 'returns false if no full path can be constructed' do allow(repository).to receive(:full_path).and_return(nil) - expect(repository.exists?).to eq(false) + expect(repository.exists?).to be(false) end context 'with broken storage', :broken_storage do @@ -1242,16 +1242,6 @@ describe Repository do end end - describe '#exists?' do - context 'when repository_exists is disabled' do - it_behaves_like 'repo exists check' - end - - context 'when repository_exists is enabled', :skip_gitaly_mock do - it_behaves_like 'repo exists check' - end - end - describe '#has_visible_content?' do before do # If raw_repository.has_visible_content? gets called more than once then diff --git a/spec/requests/openid_connect_spec.rb b/spec/requests/openid_connect_spec.rb index 6bed8e812c0..cd1a6cfc427 100644 --- a/spec/requests/openid_connect_spec.rb +++ b/spec/requests/openid_connect_spec.rb @@ -153,4 +153,13 @@ describe 'OpenID Connect requests' do end end end + + context 'OpenID configuration information' do + it 'correctly returns the configuration' do + get '/.well-known/openid-configuration' + + expect(response).to have_gitlab_http_status(200) + expect(json_response).to have_key('issuer') + end + end end diff --git a/spec/services/notification_service_spec.rb b/spec/services/notification_service_spec.rb index 55bbe954491..48ef5f3c115 100644 --- a/spec/services/notification_service_spec.rb +++ b/spec/services/notification_service_spec.rb @@ -96,6 +96,37 @@ describe NotificationService, :mailer do it_should_behave_like 'participating by assignee notification' end + describe '#async' do + let(:async) { notification.async } + set(:key) { create(:personal_key) } + + it 'returns an Async object with the correct parent' do + expect(async).to be_a(described_class::Async) + expect(async.parent).to eq(notification) + end + + context 'when receiving a public method' do + it 'schedules a MailScheduler::NotificationServiceWorker' do + expect(MailScheduler::NotificationServiceWorker) + .to receive(:perform_async).with('new_key', key) + + async.new_key(key) + end + end + + context 'when receiving a private method' do + it 'raises NoMethodError' do + expect { async.notifiable?(key) }.to raise_error(NoMethodError) + end + end + + context 'when recieving a non-existent method' do + it 'raises NoMethodError' do + expect { async.foo(key) }.to raise_error(NoMethodError) + end + end + end + describe 'Keys' do describe '#new_key' do let(:key_options) { {} } @@ -982,6 +1013,8 @@ describe NotificationService, :mailer do let(:merge_request) { create :merge_request, source_project: project, assignee: create(:user), description: 'cc @participant' } before do + project.add_master(merge_request.author) + project.add_master(merge_request.assignee) build_team(merge_request.target_project) add_users_with_subscription(merge_request.target_project, merge_request) update_custom_notification(:new_merge_request, @u_guest_custom, resource: project) @@ -1093,15 +1126,18 @@ describe NotificationService, :mailer do end describe '#reassigned_merge_request' do + let(:current_user) { create(:user) } + before do update_custom_notification(:reassign_merge_request, @u_guest_custom, resource: project) update_custom_notification(:reassign_merge_request, @u_custom_global) end it do - notification.reassigned_merge_request(merge_request, merge_request.author) + notification.reassigned_merge_request(merge_request, current_user, merge_request.author) should_email(merge_request.assignee) + should_email(merge_request.author) should_email(@u_watcher) should_email(@u_participant_mentioned) should_email(@subscriber) @@ -1116,7 +1152,7 @@ describe NotificationService, :mailer do end it 'adds "assigned" reason for new assignee' do - notification.reassigned_merge_request(merge_request, merge_request.author) + notification.reassigned_merge_request(merge_request, current_user, merge_request.author) email = find_email_for(merge_request.assignee) @@ -1126,7 +1162,7 @@ describe NotificationService, :mailer do it_behaves_like 'participating notifications' do let(:participant) { create(:user, username: 'user-participant') } let(:issuable) { merge_request } - let(:notification_trigger) { notification.reassigned_merge_request(merge_request, @u_disabled) } + let(:notification_trigger) { notification.reassigned_merge_request(merge_request, current_user, merge_request.author) } end end diff --git a/spec/services/projects/update_pages_service_spec.rb b/spec/services/projects/update_pages_service_spec.rb index 1b6caeab15d..a418808fd26 100644 --- a/spec/services/projects/update_pages_service_spec.rb +++ b/spec/services/projects/update_pages_service_spec.rb @@ -29,25 +29,10 @@ describe Projects::UpdatePagesService do end describe 'pages artifacts' do - context 'with expiry date' do - before do - build.artifacts_expire_in = "2 days" - build.save! - end - - it "doesn't delete artifacts" do - expect(execute).to eq(:success) - - expect(build.reload.artifacts?).to eq(true) - end - end - - context 'without expiry date' do - it "does delete artifacts" do - expect(execute).to eq(:success) + it "doesn't delete artifacts after deploying" do + expect(execute).to eq(:success) - expect(build.reload.artifacts?).to eq(false) - end + expect(build.reload.artifacts?).to eq(true) end end @@ -100,25 +85,10 @@ describe Projects::UpdatePagesService do end describe 'pages artifacts' do - context 'with expiry date' do - before do - build.artifacts_expire_in = "2 days" - build.save! - end - - it "doesn't delete artifacts" do - expect(execute).to eq(:success) - - expect(build.artifacts?).to eq(true) - end - end - - context 'without expiry date' do - it "does delete artifacts" do - expect(execute).to eq(:success) + it "doesn't delete artifacts after deploying" do + expect(execute).to eq(:success) - expect(build.reload.artifacts?).to eq(false) - end + expect(build.artifacts?).to eq(true) end end @@ -171,13 +141,12 @@ describe Projects::UpdatePagesService do build.reload expect(deploy_status).to be_failed - expect(build.artifacts?).to be_truthy end end context 'when failed to extract zip artifacts' do before do - allow_any_instance_of(described_class) + expect_any_instance_of(described_class) .to receive(:extract_zip_archive!) .and_raise(Projects::UpdatePagesService::FailedToExtractError) end @@ -188,21 +157,19 @@ describe Projects::UpdatePagesService do build.reload expect(deploy_status).to be_failed - expect(build.artifacts?).to be_truthy end end context 'when missing artifacts metadata' do before do - allow(build).to receive(:artifacts_metadata?).and_return(false) + expect(build).to receive(:artifacts_metadata?).and_return(false) end - it 'does not raise an error and remove artifacts as failed job' do + it 'does not raise an error as failed job' do execute build.reload expect(deploy_status).to be_failed - expect(build.artifacts?).to be_falsey end end end diff --git a/spec/services/system_note_service_spec.rb b/spec/services/system_note_service_spec.rb index 893804f1470..e28b0ea5cf2 100644 --- a/spec/services/system_note_service_spec.rb +++ b/spec/services/system_note_service_spec.rb @@ -909,13 +909,7 @@ describe SystemNoteService do it 'sets the note text' do noteable.update_attribute(:time_estimate, 277200) - expect(subject.note).to eq "changed time estimate to 1w 4d 5h," - end - - it 'appends a comma to separate the note from the update_at time' do - noteable.update_attribute(:time_estimate, 277200) - - expect(subject.note).to end_with(',') + expect(subject.note).to eq "changed time estimate to 1w 4d 5h" end end diff --git a/spec/support/shared_examples/features/master_manages_access_requests_shared_example.rb b/spec/support/shared_examples/features/master_manages_access_requests_shared_example.rb new file mode 100644 index 00000000000..b29bb3c2fc0 --- /dev/null +++ b/spec/support/shared_examples/features/master_manages_access_requests_shared_example.rb @@ -0,0 +1,52 @@ +RSpec.shared_examples 'Master manages access requests' do + let(:user) { create(:user) } + let(:master) { create(:user) } + + before do + entity.request_access(user) + entity.respond_to?(:add_owner) ? entity.add_owner(master) : entity.add_master(master) + sign_in(master) + end + + it 'master can see access requests' do + visit members_page_path + + expect_visible_access_request(entity, user) + end + + it 'master can grant access', :js do + visit members_page_path + + expect_visible_access_request(entity, user) + + accept_confirm { click_on 'Grant access' } + + expect_no_visible_access_request(entity, user) + + page.within('.members-list') do + expect(page).to have_content user.name + end + end + + it 'master can deny access', :js do + visit members_page_path + + expect_visible_access_request(entity, user) + + accept_confirm { click_on 'Deny access' } + + expect_no_visible_access_request(entity, user) + expect(page).not_to have_content user.name + end + + def expect_visible_access_request(entity, user) + expect(entity.requesters.exists?(user_id: user)).to be_truthy + expect(page).to have_content "Users requesting access to #{entity.name} 1" + expect(page).to have_content user.name + end + + def expect_no_visible_access_request(entity, user) + expect(entity.requesters.exists?(user_id: user)).to be_falsy + expect(page).not_to have_content "Users requesting access to #{entity.name}" + end +end diff --git a/spec/support/shared_examples/models/members_notifications_shared_example.rb b/spec/support/shared_examples/models/members_notifications_shared_example.rb new file mode 100644 index 00000000000..76611e54306 --- /dev/null +++ b/spec/support/shared_examples/models/members_notifications_shared_example.rb @@ -0,0 +1,63 @@ +RSpec.shared_examples 'members notifications' do |entity_type| + let(:notification_service) { double('NotificationService').as_null_object } + + before do + allow(member).to receive(:notification_service).and_return(notification_service) + end + + describe "#after_create" do + let(:member) { build(:"#{entity_type}_member") } + + it "sends email to user" do + expect(notification_service).to receive(:"new_#{entity_type}_member").with(member) + + member.save + end + end + + describe "#after_update" do + let(:member) { create(:"#{entity_type}_member", :developer) } + + it "calls NotificationService.update_#{entity_type}_member" do + expect(notification_service).to receive(:"update_#{entity_type}_member").with(member) + + member.update_attribute(:access_level, Member::MASTER) + end + + it "does not send an email when the access level has not changed" do + expect(notification_service).not_to receive(:"update_#{entity_type}_member") + + member.touch + end + end + + describe '#accept_request' do + let(:member) { create(:"#{entity_type}_member", :access_request) } + + it "calls NotificationService.new_#{entity_type}_member" do + expect(notification_service).to receive(:"new_#{entity_type}_member").with(member) + + member.accept_request + end + end + + describe "#accept_invite!" do + let(:member) { create(:"#{entity_type}_member", :invited) } + + it "calls NotificationService.accept_#{entity_type}_invite" do + expect(notification_service).to receive(:"accept_#{entity_type}_invite").with(member) + + member.accept_invite!(build(:user)) + end + end + + describe "#decline_invite!" do + let(:member) { create(:"#{entity_type}_member", :invited) } + + it "calls NotificationService.decline_#{entity_type}_invite" do + expect(notification_service).to receive(:"decline_#{entity_type}_invite").with(member) + + member.decline_invite! + end + end +end diff --git a/spec/workers/mail_scheduler/issue_due_worker_spec.rb b/spec/workers/mail_scheduler/issue_due_worker_spec.rb index 48ac1b8a1a4..1026ae5b4bf 100644 --- a/spec/workers/mail_scheduler/issue_due_worker_spec.rb +++ b/spec/workers/mail_scheduler/issue_due_worker_spec.rb @@ -12,8 +12,8 @@ describe MailScheduler::IssueDueWorker do create(:issue, :opened, project: project, due_date: 2.days.from_now) # due on another day create(:issue, :opened, due_date: Date.tomorrow) # different project - expect_any_instance_of(NotificationService).to receive(:issue_due).with(issue1) - expect_any_instance_of(NotificationService).to receive(:issue_due).with(issue2) + expect(worker.notification_service).to receive(:issue_due).with(issue1) + expect(worker.notification_service).to receive(:issue_due).with(issue2) worker.perform(project.id) end diff --git a/spec/workers/mail_scheduler/notification_service_worker_spec.rb b/spec/workers/mail_scheduler/notification_service_worker_spec.rb new file mode 100644 index 00000000000..f725c8763a0 --- /dev/null +++ b/spec/workers/mail_scheduler/notification_service_worker_spec.rb @@ -0,0 +1,44 @@ +require 'spec_helper' + +describe MailScheduler::NotificationServiceWorker do + let(:worker) { described_class.new } + let(:method) { 'new_key' } + set(:key) { create(:personal_key) } + + def serialize(*args) + ActiveJob::Arguments.serialize(args) + end + + describe '#perform' do + it 'deserializes arguments from global IDs' do + expect(worker.notification_service).to receive(method).with(key) + + worker.perform(method, *serialize(key)) + end + + context 'when the arguments cannot be deserialized' do + it 'does nothing' do + expect(worker.notification_service).not_to receive(method) + + worker.perform(method, key.to_global_id.to_s.succ) + end + end + + context 'when the method is not a public method' do + it 'raises NoMethodError' do + expect { worker.perform('notifiable?', *serialize(key)) }.to raise_error(NoMethodError) + end + end + end + + describe '.perform_async' do + it 'serializes arguments as global IDs when scheduling' do + Sidekiq::Testing.fake! do + described_class.perform_async(method, key) + + expect(described_class.jobs.count).to eq(1) + expect(described_class.jobs.first).to include('args' => [method, *serialize(key)]) + end + end + end +end diff --git a/spec/workers/namespaceless_project_destroy_worker_spec.rb b/spec/workers/namespaceless_project_destroy_worker_spec.rb index 479d9396eca..eec110dfbfb 100644 --- a/spec/workers/namespaceless_project_destroy_worker_spec.rb +++ b/spec/workers/namespaceless_project_destroy_worker_spec.rb @@ -22,13 +22,11 @@ describe NamespacelessProjectDestroyWorker do end end - # Only possible with schema 20180222043024 and lower. - # Project#namespace_id has not null constraint since then - context 'project has no namespace', :migration, schema: 20180222043024 do - let!(:project) do - project = build(:project, namespace_id: nil) - project.save(validate: false) - project + context 'project has no namespace' do + let!(:project) { create(:project) } + + before do + allow_any_instance_of(Project).to receive(:namespace).and_return(nil) end context 'project not a fork of another project' do @@ -61,8 +59,7 @@ describe NamespacelessProjectDestroyWorker do let!(:parent_project) { create(:project) } let(:project) do namespaceless_project = fork_project(parent_project) - namespaceless_project.namespace_id = nil - namespaceless_project.save(validate: false) + namespaceless_project.save namespaceless_project end |
