diff options
-rw-r--r-- | app/views/shared/milestones/_top.html.haml | 2 | ||||
-rw-r--r-- | doc/user/application_security/index.md | 32 | ||||
-rw-r--r-- | doc/user/project/merge_requests/merge_request_approvals.md | 10 | ||||
-rw-r--r-- | package.json | 1 | ||||
-rw-r--r-- | rubocop/cop/rspec/top_level_describe_path.rb | 35 | ||||
-rw-r--r-- | rubocop/rubocop.rb | 1 | ||||
-rw-r--r-- | spec/features/groups/labels/user_sees_links_to_issuables_spec.rb (renamed from spec/features/groups/labels/user_sees_links_to_issuables.rb) | 6 | ||||
-rw-r--r-- | spec/features/instance_statistics/instance_statistics_spec.rb (renamed from spec/features/instance_statistics/instance_statistics.rb) | 0 | ||||
-rw-r--r-- | spec/features/projects/files/user_browses_a_tree_with_a_folder_containing_only_a_folder_spec.rb (renamed from spec/features/projects/files/user_browses_a_tree_with_a_folder_containing_only_a_folder.rb) | 3 | ||||
-rw-r--r-- | spec/features/projects/labels/user_sees_links_to_issuables_spec.rb (renamed from spec/features/projects/labels/user_sees_links_to_issuables.rb) | 36 | ||||
-rw-r--r-- | spec/features/snippets/user_sees_breadcrumb_links.rb | 19 | ||||
-rw-r--r-- | spec/features/user_opens_link_to_comment_spec.rb (renamed from spec/features/user_opens_link_to_comment.rb) | 0 | ||||
-rw-r--r-- | spec/features/users/add_email_to_existing_account_spec.rb (renamed from spec/features/users/add_email_to_existing_account.rb) | 0 | ||||
-rw-r--r-- | spec/rubocop/cop/rspec/top_level_describe_path_spec.rb | 67 | ||||
-rw-r--r-- | spec/tasks/gitlab/mail_google_schema_whitelisting.rb | 27 | ||||
-rw-r--r-- | spec/views/dashboard/projects/_blank_state_admin_welcome.haml_spec.rb (renamed from spec/views/dashboard/projects/_blank_state_admin_welcome.haml.rb) | 0 | ||||
-rw-r--r-- | spec/views/dashboard/projects/_nav.html.haml_spec.rb (renamed from spec/views/dashboard/projects/_nav.html.haml.rb) | 4 | ||||
-rw-r--r-- | spec/views/projects/deployments/_confirm_rollback_modal_spec.html_spec.rb (renamed from spec/views/projects/deployments/_confirm_rollback_modal_spec.html.rb) | 0 | ||||
-rw-r--r-- | spec/views/shared/_label_row.html.haml_spec.rb (renamed from spec/views/shared/_label_row.html.haml.rb) | 13 | ||||
-rw-r--r-- | spec/views/shared/milestones/_issuable.html.haml_spec.rb (renamed from spec/views/shared/milestones/_issuable.html.haml.rb) | 0 | ||||
-rw-r--r-- | spec/views/shared/milestones/_issuables.html.haml_spec.rb (renamed from spec/views/shared/milestones/_issuables.html.haml.rb) | 2 | ||||
-rw-r--r-- | spec/views/shared/milestones/_top.html.haml_spec.rb (renamed from spec/views/shared/milestones/_top.html.haml.rb) | 1 | ||||
-rw-r--r-- | yarn.lock | 16 |
23 files changed, 200 insertions, 75 deletions
diff --git a/app/views/shared/milestones/_top.html.haml b/app/views/shared/milestones/_top.html.haml index 43503e1d08a..fd3317341f6 100644 --- a/app/views/shared/milestones/_top.html.haml +++ b/app/views/shared/milestones/_top.html.haml @@ -53,7 +53,7 @@ - close_msg = group ? 'You may close the milestone now.' : 'Navigate to the project to close the milestone.' %span All issues for this milestone are closed. #{close_msg} -= render_if_exists 'shared/milestones/burndown', milestone: @milestone, project: @project += render_if_exists 'shared/milestones/burndown', milestone: milestone, project: @project - if is_dynamic_milestone .table-holder diff --git a/doc/user/application_security/index.md b/doc/user/application_security/index.md index 31f0b5a050c..4dcb416c110 100644 --- a/doc/user/application_security/index.md +++ b/doc/user/application_security/index.md @@ -148,6 +148,38 @@ Clicking on this button will create a merge request to apply the solution onto t ![Create merge request from vulnerability](img/create_issue_with_list_hover.png) +## Security approvals in merge requests **(ULTIMATE)** + +> [Introduced](https://gitlab.com/gitlab-org/gitlab-ee/issues/9928) in [GitLab Ultimate](https://about.gitlab.com/pricing) 12.2. + +Merge Request Approvals can be configured to require approval from a member +of your security team when a vulnerability would be introduced by a merge request. + +This threshold is defined as `high`, `critical`, or `unknown` +severity. When any vulnerabilities are present within a merge request, an +approval will be required from the `Vulnerability-Check` approver group. + +### Enabling Security Approvals within a project + +To enable Security Approvals, a [project approval rule](../project/merge_requests/merge_request_approvals.md#multiple-approval-rules-premium) +must be created with the case-sensitive name `Vulnerability-Check`. This approval +group must be set with an "Approvals required" count greater than zero. + +Once this group has been added to your project, the approval rule will be enabled +for all Merge Requests. + +Any code changes made will cause the count of approvals required to reset. + +An approval will be required when a security report: + +- Contains a new vulnerability of `high`, `critical`, or `unknown` severity. +- Is not generated during pipeline execution. + +An approval will be optional when a security report: + +- Contains no new vulnerabilities. +- Contains only new vulnerabilities of `low` or `medium` severity. + <!-- ## Troubleshooting Include any troubleshooting steps that you can foresee. If you know beforehand what issues diff --git a/doc/user/project/merge_requests/merge_request_approvals.md b/doc/user/project/merge_requests/merge_request_approvals.md index 220795d6f15..656459b3b03 100644 --- a/doc/user/project/merge_requests/merge_request_approvals.md +++ b/doc/user/project/merge_requests/merge_request_approvals.md @@ -331,6 +331,16 @@ the dropdown) `approver` and select the user. ![Filter MRs by an approver](img/filter_approver_merge_requests.png) +## Security approvals in merge requests **(ULTIMATE)** + +> Introduced in [GitLab Ultimate](https://about.gitlab.com/pricing) 12.2. + +Merge Request Approvals can be configured to require approval from a member +of your security team when a vulnerability would be introduced by a merge request. + +For more information, see +[Security approvals in merge requests](../../application_security/index.md#security-approvals-in-merge-requests-ultimate). + <!-- ## Troubleshooting Include any troubleshooting steps that you can foresee. If you know beforehand what issues diff --git a/package.json b/package.json index 056f7616cde..f0a7f3e47af 100644 --- a/package.json +++ b/package.json @@ -76,7 +76,6 @@ "diff": "^3.4.0", "document-register-element": "1.13.1", "dropzone": "^4.2.0", - "echarts": "^4.2.0-rc.2", "emoji-regex": "^7.0.3", "emoji-unicode-version": "^0.2.1", "exports-loader": "^0.7.0", diff --git a/rubocop/cop/rspec/top_level_describe_path.rb b/rubocop/cop/rspec/top_level_describe_path.rb new file mode 100644 index 00000000000..61796e23af0 --- /dev/null +++ b/rubocop/cop/rspec/top_level_describe_path.rb @@ -0,0 +1,35 @@ +# frozen_string_literal: true + +require 'rubocop/rspec/top_level_describe' + +module RuboCop + module Cop + module RSpec + class TopLevelDescribePath < RuboCop::Cop::Cop + include RuboCop::RSpec::TopLevelDescribe + + MESSAGE = 'A file with a top-level `describe` must end in _spec.rb.' + SHARED_EXAMPLES = %i[shared_examples shared_examples_for].freeze + + def on_top_level_describe(node, args) + return if acceptable_file_path?(processed_source.buffer.name) + return if shared_example?(node) + + add_offense(node, message: MESSAGE) + end + + private + + def acceptable_file_path?(path) + File.fnmatch?('*_spec.rb', path) || File.fnmatch?('*/frontend/fixtures/*', path) + end + + def shared_example?(node) + node.ancestors.any? do |node| + node.respond_to?(:method_name) && SHARED_EXAMPLES.include?(node.method_name) + end + end + end + end + end +end diff --git a/rubocop/rubocop.rb b/rubocop/rubocop.rb index ba61a634d97..58a7ead6f13 100644 --- a/rubocop/rubocop.rb +++ b/rubocop/rubocop.rb @@ -32,6 +32,7 @@ require_relative 'cop/migration/update_large_table' require_relative 'cop/project_path_helper' require_relative 'cop/rspec/env_assignment' require_relative 'cop/rspec/factories_in_migration_specs' +require_relative 'cop/rspec/top_level_describe_path' require_relative 'cop/qa/element_with_pattern' require_relative 'cop/sidekiq_options_queue' require_relative 'cop/destroy_all' diff --git a/spec/features/groups/labels/user_sees_links_to_issuables.rb b/spec/features/groups/labels/user_sees_links_to_issuables_spec.rb index e636f625b31..6199b566ebc 100644 --- a/spec/features/groups/labels/user_sees_links_to_issuables.rb +++ b/spec/features/groups/labels/user_sees_links_to_issuables_spec.rb @@ -11,7 +11,9 @@ describe 'Groups > Labels > User sees links to issuables' do end it 'shows links to MRs and issues' do - expect(page).to have_link('view merge requests') - expect(page).to have_link('view open issues') + page.within('.labels-container') do + expect(page).to have_link('Merge requests') + expect(page).to have_link('Issues') + end end end diff --git a/spec/features/instance_statistics/instance_statistics.rb b/spec/features/instance_statistics/instance_statistics_spec.rb index 40d0f1db207..40d0f1db207 100644 --- a/spec/features/instance_statistics/instance_statistics.rb +++ b/spec/features/instance_statistics/instance_statistics_spec.rb diff --git a/spec/features/projects/files/user_browses_a_tree_with_a_folder_containing_only_a_folder.rb b/spec/features/projects/files/user_browses_a_tree_with_a_folder_containing_only_a_folder_spec.rb index 934de2fde8f..c19e46da913 100644 --- a/spec/features/projects/files/user_browses_a_tree_with_a_folder_containing_only_a_folder.rb +++ b/spec/features/projects/files/user_browses_a_tree_with_a_folder_containing_only_a_folder_spec.rb @@ -3,7 +3,8 @@ require 'spec_helper' # This is a regression test for https://gitlab.com/gitlab-org/gitlab-ce/issues/37569 -describe 'Projects > Files > User browses a tree with a folder containing only a folder' do +# Quarantine: https://gitlab.com/gitlab-org/gitlab-ce/issues/65329 +describe 'Projects > Files > User browses a tree with a folder containing only a folder', :quarantine do let(:project) { create(:project, :empty_repo) } let(:user) { project.owner } diff --git a/spec/features/projects/labels/user_sees_links_to_issuables.rb b/spec/features/projects/labels/user_sees_links_to_issuables_spec.rb index fd2151a1f8e..7a9b9e6eac2 100644 --- a/spec/features/projects/labels/user_sees_links_to_issuables.rb +++ b/spec/features/projects/labels/user_sees_links_to_issuables_spec.rb @@ -19,8 +19,10 @@ describe 'Projects > Labels > User sees links to issuables' do let(:project) { create(:project, :public) } it 'shows links to MRs and issues' do - expect(page).to have_link('view merge requests') - expect(page).to have_link('view open issues') + page.within('.labels-container') do + expect(page).to have_link('Merge requests') + expect(page).to have_link('Issues') + end end end @@ -28,8 +30,10 @@ describe 'Projects > Labels > User sees links to issuables' do let(:project) { create(:project, :public, issues_access_level: ProjectFeature::DISABLED) } it 'shows links to MRs but not to issues' do - expect(page).to have_link('view merge requests') - expect(page).not_to have_link('view open issues') + page.within('.labels-container') do + expect(page).to have_link('Merge requests') + expect(page).not_to have_link('Issues') + end end end @@ -37,8 +41,10 @@ describe 'Projects > Labels > User sees links to issuables' do let(:project) { create(:project, :public, merge_requests_access_level: ProjectFeature::DISABLED) } it 'shows links to issues but not to MRs' do - expect(page).not_to have_link('view merge requests') - expect(page).to have_link('view open issues') + page.within('.labels-container') do + expect(page).not_to have_link('Merge requests') + expect(page).to have_link('Issues') + end end end end @@ -51,8 +57,10 @@ describe 'Projects > Labels > User sees links to issuables' do let(:project) { create(:project, :public, namespace: group) } it 'shows links to MRs and issues' do - expect(page).to have_link('view merge requests') - expect(page).to have_link('view open issues') + page.within('.labels-container') do + expect(page).to have_link('Merge requests') + expect(page).to have_link('Issues') + end end end @@ -60,8 +68,10 @@ describe 'Projects > Labels > User sees links to issuables' do let(:project) { create(:project, :public, namespace: group, issues_access_level: ProjectFeature::DISABLED) } it 'shows links to MRs and issues' do - expect(page).to have_link('view merge requests') - expect(page).to have_link('view open issues') + page.within('.labels-container') do + expect(page).to have_link('Merge requests') + expect(page).to have_link('Issues') + end end end @@ -69,8 +79,10 @@ describe 'Projects > Labels > User sees links to issuables' do let(:project) { create(:project, :public, namespace: group, merge_requests_access_level: ProjectFeature::DISABLED) } it 'shows links to MRs and issues' do - expect(page).to have_link('view merge requests') - expect(page).to have_link('view open issues') + page.within('.labels-container') do + expect(page).to have_link('Merge requests') + expect(page).to have_link('Issues') + end end end end diff --git a/spec/features/snippets/user_sees_breadcrumb_links.rb b/spec/features/snippets/user_sees_breadcrumb_links.rb deleted file mode 100644 index 5b10984ce1d..00000000000 --- a/spec/features/snippets/user_sees_breadcrumb_links.rb +++ /dev/null @@ -1,19 +0,0 @@ -# frozen_string_literal: true - -require 'rails_helper' - -describe 'New user snippet breadcrumbs' do - let(:user) { create(:user) } - - before do - sign_in(user) - visit new_snippet_path - end - - it 'display a link to user snippets and new user snippet pages' do - page.within '.breadcrumbs' do - expect(find_link('Snippets')[:href]).to end_with(dashboard_snippets_path) - expect(find_link('New')[:href]).to end_with(new_snippet_path) - end - end -end diff --git a/spec/features/user_opens_link_to_comment.rb b/spec/features/user_opens_link_to_comment_spec.rb index f1e07e55799..f1e07e55799 100644 --- a/spec/features/user_opens_link_to_comment.rb +++ b/spec/features/user_opens_link_to_comment_spec.rb diff --git a/spec/features/users/add_email_to_existing_account.rb b/spec/features/users/add_email_to_existing_account_spec.rb index 42e352399a8..42e352399a8 100644 --- a/spec/features/users/add_email_to_existing_account.rb +++ b/spec/features/users/add_email_to_existing_account_spec.rb diff --git a/spec/rubocop/cop/rspec/top_level_describe_path_spec.rb b/spec/rubocop/cop/rspec/top_level_describe_path_spec.rb new file mode 100644 index 00000000000..258144d4000 --- /dev/null +++ b/spec/rubocop/cop/rspec/top_level_describe_path_spec.rb @@ -0,0 +1,67 @@ +# frozen_string_literal: true + +require 'fast_spec_helper' + +require 'rubocop' +require 'rubocop/rspec/support' + +require_relative '../../../../rubocop/cop/rspec/top_level_describe_path' + +describe RuboCop::Cop::RSpec::TopLevelDescribePath do + include RuboCop::RSpec::ExpectOffense + include CopHelper + + subject(:cop) { described_class.new } + + context 'when the file ends in _spec.rb' do + it 'registers no offenses' do + expect_no_offenses(<<~SOURCE.strip_indent, 'spec/foo_spec.rb') + describe 'Foo' do + end + SOURCE + end + end + + context 'when the file is a frontend fixture' do + it 'registers no offenses' do + expect_no_offenses(<<~SOURCE.strip_indent, 'spec/frontend/fixtures/foo.rb') + describe 'Foo' do + end + SOURCE + end + end + + context 'when the describe is in a shared example' do + context 'with shared_examples' do + it 'registers no offenses' do + expect_no_offenses(<<~SOURCE.strip_indent, 'spec/foo.rb') + shared_examples 'Foo' do + describe '#bar' do + end + end + SOURCE + end + end + + context 'with shared_examples_for' do + it 'registers no offenses' do + expect_no_offenses(<<~SOURCE.strip_indent, 'spec/foo.rb') + shared_examples_for 'Foo' do + describe '#bar' do + end + end + SOURCE + end + end + end + + context 'when the describe is at the top level' do + it 'marks the describe as offending' do + expect_offense(<<~SOURCE.strip_indent, 'spec/foo.rb') + describe 'Foo' do + ^^^^^^^^^^^^^^ #{described_class::MESSAGE} + end + SOURCE + end + end +end diff --git a/spec/tasks/gitlab/mail_google_schema_whitelisting.rb b/spec/tasks/gitlab/mail_google_schema_whitelisting.rb deleted file mode 100644 index 8d1cff7a261..00000000000 --- a/spec/tasks/gitlab/mail_google_schema_whitelisting.rb +++ /dev/null @@ -1,27 +0,0 @@ -require 'spec_helper' -require 'rake' - -describe 'gitlab:mail_google_schema_whitelisting rake task' do - before :all do - Rake.application.rake_require "tasks/gitlab/helpers" - Rake.application.rake_require "tasks/gitlab/mail_google_schema_whitelisting" - # empty task as env is already loaded - Rake::Task.define_task :environment - end - - describe 'call' do - before do - # avoid writing task output to spec progress - allow($stdout).to receive :write - end - - let :run_rake_task do - Rake::Task["gitlab:mail_google_schema_whitelisting"].reenable - Rake.application.invoke_task "gitlab:mail_google_schema_whitelisting" - end - - it 'runs the task without errors' do - expect { run_rake_task }.not_to raise_error - end - end -end diff --git a/spec/views/dashboard/projects/_blank_state_admin_welcome.haml.rb b/spec/views/dashboard/projects/_blank_state_admin_welcome.haml_spec.rb index 2f58eec86dc..2f58eec86dc 100644 --- a/spec/views/dashboard/projects/_blank_state_admin_welcome.haml.rb +++ b/spec/views/dashboard/projects/_blank_state_admin_welcome.haml_spec.rb diff --git a/spec/views/dashboard/projects/_nav.html.haml.rb b/spec/views/dashboard/projects/_nav.html.haml_spec.rb index f6a8ca13040..cbdd3c0acc3 100644 --- a/spec/views/dashboard/projects/_nav.html.haml.rb +++ b/spec/views/dashboard/projects/_nav.html.haml_spec.rb @@ -4,7 +4,7 @@ describe 'dashboard/projects/_nav.html.haml' do it 'highlights All tab by default' do render - expect(rendered).to have_css('li.active a', text: 'All') + expect(rendered).to have_css('a.active', text: 'All') end it 'highlights Personal tab personal param is present' do @@ -12,6 +12,6 @@ describe 'dashboard/projects/_nav.html.haml' do render - expect(rendered).to have_css('li.active a', text: 'Personal') + expect(rendered).to have_css('a.active', text: 'Personal') end end diff --git a/spec/views/projects/deployments/_confirm_rollback_modal_spec.html.rb b/spec/views/projects/deployments/_confirm_rollback_modal_spec.html_spec.rb index 54ec4f32856..54ec4f32856 100644 --- a/spec/views/projects/deployments/_confirm_rollback_modal_spec.html.rb +++ b/spec/views/projects/deployments/_confirm_rollback_modal_spec.html_spec.rb diff --git a/spec/views/shared/_label_row.html.haml.rb b/spec/views/shared/_label_row.html.haml_spec.rb index a58d5efc1e3..4cce13aa37c 100644 --- a/spec/views/shared/_label_row.html.haml.rb +++ b/spec/views/shared/_label_row.html.haml_spec.rb @@ -7,9 +7,20 @@ describe 'shared/_label_row.html.haml' do } label_types.each do |label_type, label_factory| - let!(:label) { create(label_factory) } + let!(:label) do + label_record = create(label_factory) + label_record.present(issuable_subject: label_record.subject) + end context "for a #{label_type}" do + before do + if label.project_label? + @project = label.project + else + @group = label.group + end + end + it 'has a non-linked label title' do render 'shared/label_row', label: label diff --git a/spec/views/shared/milestones/_issuable.html.haml.rb b/spec/views/shared/milestones/_issuable.html.haml_spec.rb index 0a3f877cae0..0a3f877cae0 100644 --- a/spec/views/shared/milestones/_issuable.html.haml.rb +++ b/spec/views/shared/milestones/_issuable.html.haml_spec.rb diff --git a/spec/views/shared/milestones/_issuables.html.haml.rb b/spec/views/shared/milestones/_issuables.html.haml_spec.rb index cbbb984935f..24b55338db3 100644 --- a/spec/views/shared/milestones/_issuables.html.haml.rb +++ b/spec/views/shared/milestones/_issuables.html.haml_spec.rb @@ -6,7 +6,7 @@ describe 'shared/milestones/_issuables.html.haml' do before do allow(view).to receive_messages(title: nil, id: nil, show_project_name: nil, show_full_project_name: nil, dom_class: '', - issuables: double(size: issuables_size).as_null_object) + issuables: double(length: issuables_size).as_null_object) stub_template 'shared/milestones/_issuable.html.haml' => '' end diff --git a/spec/views/shared/milestones/_top.html.haml.rb b/spec/views/shared/milestones/_top.html.haml_spec.rb index 516d81c87ac..f2ee8be5857 100644 --- a/spec/views/shared/milestones/_top.html.haml.rb +++ b/spec/views/shared/milestones/_top.html.haml_spec.rb @@ -7,6 +7,7 @@ describe 'shared/milestones/_top.html.haml' do before do allow(milestone).to receive(:milestones) { [] } + allow(milestone).to receive(:milestone) { milestone } end it 'renders a deprecation message for a legacy milestone' do diff --git a/yarn.lock b/yarn.lock index 22145f5a5af..221ffa27f6c 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4310,11 +4310,11 @@ ecc-jsbn@~0.1.1: safer-buffer "^2.1.0" echarts@^4.2.0-rc.2: - version "4.2.0-rc.2" - resolved "https://registry.yarnpkg.com/echarts/-/echarts-4.2.0-rc.2.tgz#6a98397aafa81b65cbf0bc15d9afdbfb244df91e" - integrity sha512-5Y4Kyi4eNsRM9Cnl7Q8C6PFVjznBJv1VIiMm/VSQ9zyqeo+ce1695GqUd9v4zfVx+Ow1gnwMJX67h0FNvarScw== + version "4.2.1" + resolved "https://registry.yarnpkg.com/echarts/-/echarts-4.2.1.tgz#9a8ea3b03354f86f824d97625c334cf16965ef03" + integrity sha512-pw4xScRPsLegD/cqEcoXRKeA2SD4+s+Kyo0Na166NamOWhzNl2yI5RZ2rE97tBlAopNmhyMeBVpAeD5qb+ee1A== dependencies: - zrender "4.0.5" + zrender "4.0.7" editions@^1.3.3: version "1.3.4" @@ -13217,7 +13217,7 @@ zen-observable@^0.8.0: resolved "https://registry.yarnpkg.com/zen-observable/-/zen-observable-0.8.11.tgz#d3415885eeeb42ee5abb9821c95bb518fcd6d199" integrity sha512-N3xXQVr4L61rZvGMpWe8XoCGX8vhU35dPyQ4fm5CY/KDlG0F75un14hjbckPXTDuKUY6V0dqR2giT6xN8Y4GEQ== -zrender@4.0.5: - version "4.0.5" - resolved "https://registry.yarnpkg.com/zrender/-/zrender-4.0.5.tgz#6e8f738971ce2cd624aac82b2156729b1c0e5a82" - integrity sha512-SintgipGEJPT9Sz2ABRoE4ZD7Yzy7oR7j7KP6H+C9FlbHWnLUfGVK7E8UV27pGwlxAMB0EsnrqhXx5XjAfv/KA== +zrender@4.0.7: + version "4.0.7" + resolved "https://registry.yarnpkg.com/zrender/-/zrender-4.0.7.tgz#15ae960822f5efed410995d37e5107fe3de10e6d" + integrity sha512-TNloHe0ums6zxbHfnaCryM61J4IWDajZwNq6dHk9vfWhhysO/OeFvvR0drBs/nbXha2YxSzfQj2FiCd6RVBe+Q== |