summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--app/controllers/projects/issues_controller.rb4
-rw-r--r--app/controllers/projects/merge_requests_controller.rb4
-rw-r--r--app/models/namespace.rb3
-rw-r--r--app/views/projects/issues/show.html.haml3
-rw-r--r--app/views/projects/merge_requests/_awards_block.html.haml3
-rw-r--r--changelogs/unreleased/214218-feature-flag-enable-sort_discussions.yml5
-rw-r--r--config/pseudonymizer.yml1
-rw-r--r--doc/api/graphql/reference/gitlab_schema.graphql91
-rw-r--r--doc/api/graphql/reference/gitlab_schema.json314
-rw-r--r--doc/api/graphql/reference/index.md26
-rw-r--r--doc/ci/docker/using_docker_build.md46
-rw-r--r--doc/integration/elasticsearch.md6
-rw-r--r--doc/user/analytics/value_stream_analytics.md8
-rw-r--r--doc/user/application_security/container_scanning/index.md14
-rw-r--r--doc/user/application_security/dependency_scanning/index.md6
-rw-r--r--doc/user/application_security/sast/index.md6
-rw-r--r--doc/user/clusters/applications.md16
-rw-r--r--doc/user/packages/container_registry/index.md26
-rw-r--r--lib/gitlab/error_tracking.rb38
19 files changed, 553 insertions, 67 deletions
diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb
index 96650e2cae9..51ad8edb012 100644
--- a/app/controllers/projects/issues_controller.rb
+++ b/app/controllers/projects/issues_controller.rb
@@ -50,10 +50,6 @@ class Projects::IssuesController < Projects::ApplicationController
push_frontend_feature_flag(:save_issuable_health_status, project.group, default_enabled: true)
end
- before_action only: :show do
- push_frontend_feature_flag(:sort_discussions, @project)
- end
-
around_action :allow_gitaly_ref_name_caching, only: [:discussions]
respond_to :html
diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb
index 038b6146bab..89de40006ff 100644
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -31,10 +31,6 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
push_frontend_feature_flag(:vue_issuable_sidebar, @project.group)
end
- before_action only: :show do
- push_frontend_feature_flag(:sort_discussions, @project)
- end
-
around_action :allow_gitaly_ref_name_caching, only: [:index, :show, :discussions]
def index
diff --git a/app/models/namespace.rb b/app/models/namespace.rb
index 260ba9ea4a5..9e7589a1f18 100644
--- a/app/models/namespace.rb
+++ b/app/models/namespace.rb
@@ -11,6 +11,9 @@ class Namespace < ApplicationRecord
include FeatureGate
include FromUnion
include Gitlab::Utils::StrongMemoize
+ include IgnorableColumns
+
+ ignore_column :plan_id, remove_with: '13.1', remove_after: '2020-06-22'
# Prevent users from creating unreasonably deep level of nesting.
# The number 20 was taken based on maximum nesting level of
diff --git a/app/views/projects/issues/show.html.haml b/app/views/projects/issues/show.html.haml
index 1f499dbd0a2..4fc67884584 100644
--- a/app/views/projects/issues/show.html.haml
+++ b/app/views/projects/issues/show.html.haml
@@ -87,8 +87,7 @@
.col-md-12.col-lg-6.js-noteable-awards
= render 'award_emoji/awards_block', awardable: @issue, inline: true
.col-md-12.col-lg-6.new-branch-col
- - if Feature.enabled?(:sort_discussions, @project)
- #js-vue-sort-issue-discussions
+ #js-vue-sort-issue-discussions
#js-vue-discussion-filter{ data: { default_filter: current_user&.notes_filter_for(@issue), notes_filters: UserPreference.notes_filters.to_json } }
= render 'new_branch' if show_new_branch_button?
diff --git a/app/views/projects/merge_requests/_awards_block.html.haml b/app/views/projects/merge_requests/_awards_block.html.haml
index c1e92e22590..e4a7b9b7e62 100644
--- a/app/views/projects/merge_requests/_awards_block.html.haml
+++ b/app/views/projects/merge_requests/_awards_block.html.haml
@@ -2,6 +2,5 @@
= render 'award_emoji/awards_block', awardable: @merge_request, inline: true do
- if mr_tabs_position_enabled?
.ml-auto.mt-auto.mb-auto
- - if Feature.enabled?(:sort_discussions, @merge_request.target_project)
- #js-vue-sort-issue-discussions
+ #js-vue-sort-issue-discussions
= render "projects/merge_requests/discussion_filter"
diff --git a/changelogs/unreleased/214218-feature-flag-enable-sort_discussions.yml b/changelogs/unreleased/214218-feature-flag-enable-sort_discussions.yml
new file mode 100644
index 00000000000..4e76379c0fe
--- /dev/null
+++ b/changelogs/unreleased/214218-feature-flag-enable-sort_discussions.yml
@@ -0,0 +1,5 @@
+---
+title: Allow sorting of issue and MR discussions
+merge_request: 29492
+author:
+type: added
diff --git a/config/pseudonymizer.yml b/config/pseudonymizer.yml
index 7b5f8aad255..195506ac4a1 100644
--- a/config/pseudonymizer.yml
+++ b/config/pseudonymizer.yml
@@ -239,7 +239,6 @@ tables:
- repository_size_limit
- require_two_factor_authentication
- two_factor_grace_period
- - plan_id
- project_creation_level
members:
whitelist:
diff --git a/doc/api/graphql/reference/gitlab_schema.graphql b/doc/api/graphql/reference/gitlab_schema.graphql
index 4ce54a1b3fb..eb9b285803d 100644
--- a/doc/api/graphql/reference/gitlab_schema.graphql
+++ b/doc/api/graphql/reference/gitlab_schema.graphql
@@ -1832,6 +1832,46 @@ type DiscussionEdge {
node: Discussion
}
+"""
+Autogenerated input type of DismissVulnerability
+"""
+input DismissVulnerabilityInput {
+ """
+ A unique identifier for the client performing the mutation.
+ """
+ clientMutationId: String
+
+ """
+ Reason why vulnerability should be dismissed
+ """
+ comment: String
+
+ """
+ ID of the vulnerability to be dismissed
+ """
+ id: ID!
+}
+
+"""
+Autogenerated return type of DismissVulnerability
+"""
+type DismissVulnerabilityPayload {
+ """
+ A unique identifier for the client performing the mutation.
+ """
+ clientMutationId: String
+
+ """
+ Reasons why the mutation failed.
+ """
+ errors: [String!]!
+
+ """
+ The vulnerability after dismissal
+ """
+ vulnerability: Vulnerability
+}
+
interface Entry {
"""
Flat path of the entry
@@ -5413,6 +5453,7 @@ type Mutation {
designManagementUpload(input: DesignManagementUploadInput!): DesignManagementUploadPayload
destroyNote(input: DestroyNoteInput!): DestroyNotePayload
destroySnippet(input: DestroySnippetInput!): DestroySnippetPayload
+ dismissVulnerability(input: DismissVulnerabilityInput!): DismissVulnerabilityPayload
epicAddIssue(input: EpicAddIssueInput!): EpicAddIssuePayload
epicSetSubscription(input: EpicSetSubscriptionInput!): EpicSetSubscriptionPayload
epicTreeReorder(input: EpicTreeReorderInput!): EpicTreeReorderPayload
@@ -9535,6 +9576,11 @@ type Vulnerability {
title: String
"""
+ Permissions for the current user on the resource
+ """
+ userPermissions: VulnerabilityPermissions!
+
+ """
URL to the vulnerability's details page
"""
vulnerabilityPath: String
@@ -9576,6 +9622,51 @@ type VulnerabilityEdge {
}
"""
+Check permissions for the current user on a vulnerability
+"""
+type VulnerabilityPermissions {
+ """
+ Indicates the user can perform `admin_vulnerability` on this resource
+ """
+ adminVulnerability: Boolean!
+
+ """
+ Indicates the user can perform `admin_vulnerability_issue_link` on this resource
+ """
+ adminVulnerabilityIssueLink: Boolean!
+
+ """
+ Indicates the user can perform `create_vulnerability` on this resource
+ """
+ createVulnerability: Boolean!
+
+ """
+ Indicates the user can perform `create_vulnerability_export` on this resource
+ """
+ createVulnerabilityExport: Boolean!
+
+ """
+ Indicates the user can perform `create_vulnerability_feedback` on this resource
+ """
+ createVulnerabilityFeedback: Boolean!
+
+ """
+ Indicates the user can perform `destroy_vulnerability_feedback` on this resource
+ """
+ destroyVulnerabilityFeedback: Boolean!
+
+ """
+ Indicates the user can perform `read_vulnerability_feedback` on this resource
+ """
+ readVulnerabilityFeedback: Boolean!
+
+ """
+ Indicates the user can perform `update_vulnerability_feedback` on this resource
+ """
+ updateVulnerabilityFeedback: Boolean!
+}
+
+"""
The type of the security scan that found the vulnerability.
"""
enum VulnerabilityReportType {
diff --git a/doc/api/graphql/reference/gitlab_schema.json b/doc/api/graphql/reference/gitlab_schema.json
index bf8206e61cc..f6c3510d6dc 100644
--- a/doc/api/graphql/reference/gitlab_schema.json
+++ b/doc/api/graphql/reference/gitlab_schema.json
@@ -5394,6 +5394,118 @@
"possibleTypes": null
},
{
+ "kind": "INPUT_OBJECT",
+ "name": "DismissVulnerabilityInput",
+ "description": "Autogenerated input type of DismissVulnerability",
+ "fields": null,
+ "inputFields": [
+ {
+ "name": "id",
+ "description": "ID of the vulnerability to be dismissed",
+ "type": {
+ "kind": "NON_NULL",
+ "name": null,
+ "ofType": {
+ "kind": "SCALAR",
+ "name": "ID",
+ "ofType": null
+ }
+ },
+ "defaultValue": null
+ },
+ {
+ "name": "comment",
+ "description": "Reason why vulnerability should be dismissed",
+ "type": {
+ "kind": "SCALAR",
+ "name": "String",
+ "ofType": null
+ },
+ "defaultValue": null
+ },
+ {
+ "name": "clientMutationId",
+ "description": "A unique identifier for the client performing the mutation.",
+ "type": {
+ "kind": "SCALAR",
+ "name": "String",
+ "ofType": null
+ },
+ "defaultValue": null
+ }
+ ],
+ "interfaces": null,
+ "enumValues": null,
+ "possibleTypes": null
+ },
+ {
+ "kind": "OBJECT",
+ "name": "DismissVulnerabilityPayload",
+ "description": "Autogenerated return type of DismissVulnerability",
+ "fields": [
+ {
+ "name": "clientMutationId",
+ "description": "A unique identifier for the client performing the mutation.",
+ "args": [
+
+ ],
+ "type": {
+ "kind": "SCALAR",
+ "name": "String",
+ "ofType": null
+ },
+ "isDeprecated": false,
+ "deprecationReason": null
+ },
+ {
+ "name": "errors",
+ "description": "Reasons why the mutation failed.",
+ "args": [
+
+ ],
+ "type": {
+ "kind": "NON_NULL",
+ "name": null,
+ "ofType": {
+ "kind": "LIST",
+ "name": null,
+ "ofType": {
+ "kind": "NON_NULL",
+ "name": null,
+ "ofType": {
+ "kind": "SCALAR",
+ "name": "String",
+ "ofType": null
+ }
+ }
+ }
+ },
+ "isDeprecated": false,
+ "deprecationReason": null
+ },
+ {
+ "name": "vulnerability",
+ "description": "The vulnerability after dismissal",
+ "args": [
+
+ ],
+ "type": {
+ "kind": "OBJECT",
+ "name": "Vulnerability",
+ "ofType": null
+ },
+ "isDeprecated": false,
+ "deprecationReason": null
+ }
+ ],
+ "inputFields": null,
+ "interfaces": [
+
+ ],
+ "enumValues": null,
+ "possibleTypes": null
+ },
+ {
"kind": "INTERFACE",
"name": "Entry",
"description": null,
@@ -15822,6 +15934,33 @@
"deprecationReason": null
},
{
+ "name": "dismissVulnerability",
+ "description": null,
+ "args": [
+ {
+ "name": "input",
+ "description": null,
+ "type": {
+ "kind": "NON_NULL",
+ "name": null,
+ "ofType": {
+ "kind": "INPUT_OBJECT",
+ "name": "DismissVulnerabilityInput",
+ "ofType": null
+ }
+ },
+ "defaultValue": null
+ }
+ ],
+ "type": {
+ "kind": "OBJECT",
+ "name": "DismissVulnerabilityPayload",
+ "ofType": null
+ },
+ "isDeprecated": false,
+ "deprecationReason": null
+ },
+ {
"name": "epicAddIssue",
"description": null,
"args": [
@@ -28763,6 +28902,24 @@
"deprecationReason": null
},
{
+ "name": "userPermissions",
+ "description": "Permissions for the current user on the resource",
+ "args": [
+
+ ],
+ "type": {
+ "kind": "NON_NULL",
+ "name": null,
+ "ofType": {
+ "kind": "OBJECT",
+ "name": "VulnerabilityPermissions",
+ "ofType": null
+ }
+ },
+ "isDeprecated": false,
+ "deprecationReason": null
+ },
+ {
"name": "vulnerabilityPath",
"description": "URL to the vulnerability's details page",
"args": [
@@ -28897,6 +29054,163 @@
"possibleTypes": null
},
{
+ "kind": "OBJECT",
+ "name": "VulnerabilityPermissions",
+ "description": "Check permissions for the current user on a vulnerability",
+ "fields": [
+ {
+ "name": "adminVulnerability",
+ "description": "Indicates the user can perform `admin_vulnerability` on this resource",
+ "args": [
+
+ ],
+ "type": {
+ "kind": "NON_NULL",
+ "name": null,
+ "ofType": {
+ "kind": "SCALAR",
+ "name": "Boolean",
+ "ofType": null
+ }
+ },
+ "isDeprecated": false,
+ "deprecationReason": null
+ },
+ {
+ "name": "adminVulnerabilityIssueLink",
+ "description": "Indicates the user can perform `admin_vulnerability_issue_link` on this resource",
+ "args": [
+
+ ],
+ "type": {
+ "kind": "NON_NULL",
+ "name": null,
+ "ofType": {
+ "kind": "SCALAR",
+ "name": "Boolean",
+ "ofType": null
+ }
+ },
+ "isDeprecated": false,
+ "deprecationReason": null
+ },
+ {
+ "name": "createVulnerability",
+ "description": "Indicates the user can perform `create_vulnerability` on this resource",
+ "args": [
+
+ ],
+ "type": {
+ "kind": "NON_NULL",
+ "name": null,
+ "ofType": {
+ "kind": "SCALAR",
+ "name": "Boolean",
+ "ofType": null
+ }
+ },
+ "isDeprecated": false,
+ "deprecationReason": null
+ },
+ {
+ "name": "createVulnerabilityExport",
+ "description": "Indicates the user can perform `create_vulnerability_export` on this resource",
+ "args": [
+
+ ],
+ "type": {
+ "kind": "NON_NULL",
+ "name": null,
+ "ofType": {
+ "kind": "SCALAR",
+ "name": "Boolean",
+ "ofType": null
+ }
+ },
+ "isDeprecated": false,
+ "deprecationReason": null
+ },
+ {
+ "name": "createVulnerabilityFeedback",
+ "description": "Indicates the user can perform `create_vulnerability_feedback` on this resource",
+ "args": [
+
+ ],
+ "type": {
+ "kind": "NON_NULL",
+ "name": null,
+ "ofType": {
+ "kind": "SCALAR",
+ "name": "Boolean",
+ "ofType": null
+ }
+ },
+ "isDeprecated": false,
+ "deprecationReason": null
+ },
+ {
+ "name": "destroyVulnerabilityFeedback",
+ "description": "Indicates the user can perform `destroy_vulnerability_feedback` on this resource",
+ "args": [
+
+ ],
+ "type": {
+ "kind": "NON_NULL",
+ "name": null,
+ "ofType": {
+ "kind": "SCALAR",
+ "name": "Boolean",
+ "ofType": null
+ }
+ },
+ "isDeprecated": false,
+ "deprecationReason": null
+ },
+ {
+ "name": "readVulnerabilityFeedback",
+ "description": "Indicates the user can perform `read_vulnerability_feedback` on this resource",
+ "args": [
+
+ ],
+ "type": {
+ "kind": "NON_NULL",
+ "name": null,
+ "ofType": {
+ "kind": "SCALAR",
+ "name": "Boolean",
+ "ofType": null
+ }
+ },
+ "isDeprecated": false,
+ "deprecationReason": null
+ },
+ {
+ "name": "updateVulnerabilityFeedback",
+ "description": "Indicates the user can perform `update_vulnerability_feedback` on this resource",
+ "args": [
+
+ ],
+ "type": {
+ "kind": "NON_NULL",
+ "name": null,
+ "ofType": {
+ "kind": "SCALAR",
+ "name": "Boolean",
+ "ofType": null
+ }
+ },
+ "isDeprecated": false,
+ "deprecationReason": null
+ }
+ ],
+ "inputFields": null,
+ "interfaces": [
+
+ ],
+ "enumValues": null,
+ "possibleTypes": null
+ },
+ {
"kind": "ENUM",
"name": "VulnerabilityReportType",
"description": "The type of the security scan that found the vulnerability.",
diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md
index e1375530bf4..082d7decbf9 100644
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -317,6 +317,16 @@ Autogenerated return type of DestroySnippet
| `id` | ID! | ID of this discussion |
| `replyId` | ID! | ID used to reply to this discussion |
+## DismissVulnerabilityPayload
+
+Autogenerated return type of DismissVulnerability
+
+| Name | Type | Description |
+| --- | ---- | ---------- |
+| `clientMutationId` | String | A unique identifier for the client performing the mutation. |
+| `errors` | String! => Array | Reasons why the mutation failed. |
+| `vulnerability` | Vulnerability | The vulnerability after dismissal |
+
## Environment
Describes where code is deployed for a project
@@ -1495,8 +1505,24 @@ Represents a vulnerability.
| `severity` | VulnerabilitySeverity | Severity of the vulnerability (INFO, UNKNOWN, LOW, MEDIUM, HIGH, CRITICAL) |
| `state` | VulnerabilityState | State of the vulnerability (DETECTED, DISMISSED, RESOLVED, CONFIRMED) |
| `title` | String | Title of the vulnerability |
+| `userPermissions` | VulnerabilityPermissions! | Permissions for the current user on the resource |
| `vulnerabilityPath` | String | URL to the vulnerability's details page |
+## VulnerabilityPermissions
+
+Check permissions for the current user on a vulnerability
+
+| Name | Type | Description |
+| --- | ---- | ---------- |
+| `adminVulnerability` | Boolean! | Indicates the user can perform `admin_vulnerability` on this resource |
+| `adminVulnerabilityIssueLink` | Boolean! | Indicates the user can perform `admin_vulnerability_issue_link` on this resource |
+| `createVulnerability` | Boolean! | Indicates the user can perform `create_vulnerability` on this resource |
+| `createVulnerabilityExport` | Boolean! | Indicates the user can perform `create_vulnerability_export` on this resource |
+| `createVulnerabilityFeedback` | Boolean! | Indicates the user can perform `create_vulnerability_feedback` on this resource |
+| `destroyVulnerabilityFeedback` | Boolean! | Indicates the user can perform `destroy_vulnerability_feedback` on this resource |
+| `readVulnerabilityFeedback` | Boolean! | Indicates the user can perform `read_vulnerability_feedback` on this resource |
+| `updateVulnerabilityFeedback` | Boolean! | Indicates the user can perform `update_vulnerability_feedback` on this resource |
+
## VulnerabilitySeveritiesCount
Represents vulnerability counts by severity
diff --git a/doc/ci/docker/using_docker_build.md b/doc/ci/docker/using_docker_build.md
index 69618cbd218..acdc61d008f 100644
--- a/doc/ci/docker/using_docker_build.md
+++ b/doc/ci/docker/using_docker_build.md
@@ -120,7 +120,7 @@ not without its own challenges:
- By default, Docker 17.09 and higher uses `--storage-driver overlay2` which is
the recommended storage driver. See [Using the overlayfs driver](#using-the-overlayfs-driver)
for details.
-- Since the `docker:19.03.1-dind` container and the Runner container don't share their
+- Since the `docker:19.03.8-dind` container and the Runner container don't share their
root filesystem, the job's working directory can be used as a mount point for
child containers. For example, if you have files you want to share with a
child container, you may create a subdirectory under `/builds/$CI_PROJECT_PATH`
@@ -139,7 +139,7 @@ not without its own challenges:
An example project using this approach can be found here: <https://gitlab.com/gitlab-examples/docker>.
In the examples below, we are using Docker images tags to specify a
-specific version, such as `docker:19.03.1`. If tags like `docker:stable`
+specific version, such as `docker:19.03.8`. If tags like `docker:stable`
are used, you have no control over what version is going to be used and this
can lead to unpredictable behavior, especially when new versions are
released.
@@ -150,7 +150,7 @@ NOTE: **Note**
This requires GitLab Runner 11.11 or higher.
The Docker daemon supports connection over TLS and it's done by default
-for Docker 19.03.1 or higher. This is the **suggested** way to use the
+for Docker 19.03.8 or higher. This is the **suggested** way to use the
docker-in-docker service and
[GitLab.com Shared Runners](../../user/gitlab_com/index.md#shared-runners)
support this.
@@ -166,13 +166,13 @@ support this.
--registration-token REGISTRATION_TOKEN \
--executor docker \
--description "My Docker Runner" \
- --docker-image "docker:19.03.1" \
+ --docker-image "docker:19.03.8" \
--docker-privileged \
--docker-volumes "/certs/client"
```
The above command will register a new Runner to use the special
- `docker:19.03.1` image, which is provided by Docker. **Notice that it's
+ `docker:19.03.8` image, which is provided by Docker. **Notice that it's
using the `privileged` mode to start the build and service
containers.** If you want to use [docker-in-docker](https://www.docker.com/blog/docker-can-now-run-within-docker/) mode, you always
have to use `privileged = true` in your Docker containers.
@@ -191,7 +191,7 @@ support this.
executor = "docker"
[runners.docker]
tls_verify = false
- image = "docker:19.03.1"
+ image = "docker:19.03.8"
privileged = true
disable_cache = false
volumes = ["/certs/client", "/cache"]
@@ -201,18 +201,18 @@ support this.
```
1. You can now use `docker` in the build script (note the inclusion of the
- `docker:19.03.1-dind` service):
+ `docker:19.03.8-dind` service):
```yaml
- image: docker:19.03.1
+ image: docker:19.03.8
variables:
# When using dind service, we need to instruct docker, to talk with
# the daemon started inside of the service. The daemon is available
# with a network connection instead of the default
- # /var/run/docker.sock socket. docker:19.03.1 does this automatically
+ # /var/run/docker.sock socket. Docker 19.03 does this automatically
# by setting the DOCKER_HOST in
- # https://github.com/docker-library/docker/blob/d45051476babc297257df490d22cbd806f1b11e4/19.03.1/docker-entrypoint.sh#L23-L29
+ # https://github.com/docker-library/docker/blob/d45051476babc297257df490d22cbd806f1b11e4/19.03/docker-entrypoint.sh#L23-L29
#
# The 'docker' hostname is the alias of the service container as described at
# https://docs.gitlab.com/ee/ci/docker/using_docker_images.html#accessing-the-services.
@@ -229,7 +229,7 @@ support this.
DOCKER_TLS_CERTDIR: "/certs"
services:
- - docker:19.03.1-dind
+ - docker:19.03.8-dind
before_script:
- docker info
@@ -256,7 +256,7 @@ Assuming that the Runner `config.toml` is similar to:
executor = "docker"
[runners.docker]
tls_verify = false
- image = "docker:19.03.1"
+ image = "docker:19.03.8"
privileged = true
disable_cache = false
volumes = ["/cache"]
@@ -266,10 +266,10 @@ Assuming that the Runner `config.toml` is similar to:
```
You can now use `docker` in the build script (note the inclusion of the
-`docker:19.03.1-dind` service):
+`docker:19.03.8-dind` service):
```yaml
-image: docker:19.03.1
+image: docker:19.03.8
variables:
# When using dind service we need to instruct docker, to talk with the
@@ -290,7 +290,7 @@ variables:
DOCKER_TLS_CERTDIR: ""
services:
- - docker:19.03.1-dind
+ - docker:19.03.8-dind
before_script:
- docker info
@@ -310,7 +310,7 @@ container so that Docker is available in the context of that image.
NOTE: **Note:**
If you bind the Docker socket [when using GitLab Runner 11.11 or
newer](https://gitlab.com/gitlab-org/gitlab-runner/-/merge_requests/1261),
-you can no longer use `docker:19.03.1-dind` as a service because volume bindings
+you can no longer use `docker:19.03.8-dind` as a service because volume bindings
are done to the services as well, making these incompatible.
In order to do that, follow the steps:
@@ -325,12 +325,12 @@ In order to do that, follow the steps:
--registration-token REGISTRATION_TOKEN \
--executor docker \
--description "My Docker Runner" \
- --docker-image "docker:19.03.1" \
+ --docker-image "docker:19.03.8" \
--docker-volumes /var/run/docker.sock:/var/run/docker.sock
```
The above command will register a new Runner to use the special
- `docker:19.03.1` image which is provided by Docker. **Notice that it's using
+ `docker:19.03.8` image which is provided by Docker. **Notice that it's using
the Docker daemon of the Runner itself, and any containers spawned by Docker
commands will be siblings of the Runner rather than children of the Runner.**
This may have complications and limitations that are unsuitable for your workflow.
@@ -344,7 +344,7 @@ In order to do that, follow the steps:
executor = "docker"
[runners.docker]
tls_verify = false
- image = "docker:19.03.1"
+ image = "docker:19.03.8"
privileged = false
disable_cache = false
volumes = ["/var/run/docker.sock:/var/run/docker.sock", "/cache"]
@@ -353,11 +353,11 @@ In order to do that, follow the steps:
```
1. You can now use `docker` in the build script (note that you don't need to
- include the `docker:19.03.1-dind` service as when using the Docker in Docker
+ include the `docker:19.03.8-dind` service as when using the Docker in Docker
executor):
```yaml
- image: docker:19.03.1
+ image: docker:19.03.8
before_script:
- docker info
@@ -411,10 +411,10 @@ any image that's used with the `--cache-from` argument must first be pulled
Here's a `.gitlab-ci.yml` file showing how Docker caching can be used:
```yaml
-image: docker:19.03.1
+image: docker:19.03.8
services:
- - docker:19.03.1-dind
+ - docker:19.03.8-dind
variables:
# Use TLS https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#tls-enabled
diff --git a/doc/integration/elasticsearch.md b/doc/integration/elasticsearch.md
index fe7c3855d9a..fcd1c03a556 100644
--- a/doc/integration/elasticsearch.md
+++ b/doc/integration/elasticsearch.md
@@ -361,7 +361,7 @@ or creating [extra Sidekiq processes](../administration/operations/extra_sidekiq
1. Enable replication and refreshing again after indexing (only if you previously disabled it):
```shell
- curl --request PUT localhost:9200/gitlab-production/_settings --header 'Content-Type: application/json' ---data '{
+ curl --request PUT localhost:9200/gitlab-production/_settings --header 'Content-Type: application/json' --data '{
"index" : {
"number_of_replicas" : 1,
"refresh_interval" : "1s"
@@ -373,7 +373,7 @@ or creating [extra Sidekiq processes](../administration/operations/extra_sidekiq
For Elasticsearch 6.x, the index should be in read-only mode before proceeding with the force merge:
```shell
- curl --request PUT localhost:9200/gitlab-production/_settings ---header 'Content-Type: application/json' --data '{
+ curl --request PUT localhost:9200/gitlab-production/_settings --header 'Content-Type: application/json' --data '{
"settings": {
"index.blocks.write": true
} }'
@@ -388,7 +388,7 @@ or creating [extra Sidekiq processes](../administration/operations/extra_sidekiq
After this, if your index is in read-only mode, switch back to read-write:
```shell
- curl --request PUT localhost:9200/gitlab-production/_settings ---header 'Content-Type: application/json' --data '{
+ curl --request PUT localhost:9200/gitlab-production/_settings --header 'Content-Type: application/json' --data '{
"settings": {
"index.blocks.write": false
} }'
diff --git a/doc/user/analytics/value_stream_analytics.md b/doc/user/analytics/value_stream_analytics.md
index 22af788b6f5..703b794981f 100644
--- a/doc/user/analytics/value_stream_analytics.md
+++ b/doc/user/analytics/value_stream_analytics.md
@@ -302,6 +302,14 @@ For Value Stream Analytics functionality introduced in GitLab 12.3 and later:
- Features are available only on
[Premium or Silver tiers](https://about.gitlab.com/pricing/) and above.
+## Troubleshooting
+
+If you see an error as listed in the following table, try the noted solution:
+
+| Error | Solution |
+|---------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| There was an error fetching the top labels. | Manually enable tasks by type feature in the [rails console](../../administration/troubleshooting/navigating_gitlab_via_rails_console.md#starting-a-rails-console-session), specifically `Feature.enable(:tasks_by_type_chart)`. |
+
## More resources
Learn more about Value Stream Analytics in the following resources:
diff --git a/doc/user/application_security/container_scanning/index.md b/doc/user/application_security/container_scanning/index.md
index 3d6c9e0b0ba..27b22fb925c 100644
--- a/doc/user/application_security/container_scanning/index.md
+++ b/doc/user/application_security/container_scanning/index.md
@@ -67,10 +67,10 @@ To enable Container Scanning in your pipeline, you need:
```yaml
build:
- image: docker:19.03.1
+ image: docker:19.03.8
stage: build
services:
- - docker:19.03.1-dind
+ - docker:19.03.8-dind
variables:
IMAGE_TAG: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG:$CI_COMMIT_SHA
script:
@@ -118,7 +118,7 @@ variables:
DOCKER_DRIVER: overlay2
services:
- - docker:19.03.5-dind
+ - docker:19.03.8-dind
stages:
- build
@@ -158,9 +158,9 @@ variables:
The `CLAIR_OUTPUT` variable defined in the main `gitlab-ci.yml` will overwrite what's
defined in `Container-Scanning.gitlab-ci.yml`, changing the Container Scanning behavior.
-[//]: # "NOTE: The container scanning tool references the following heading in the code, so if you"
-[//]: # " make a change to this heading, make sure to update the documentation URLs used in the"
-[//]: # " container scanning tool (https://gitlab.com/gitlab-org/security-products/analyzers/klar)"
+<!-- NOTE: The container scanning tool references the following heading in the code, so if you"
+ make a change to this heading, make sure to update the documentation URLs used in the"
+ container scanning tool (https://gitlab.com/gitlab-org/security-products/analyzers/klar)" -->
#### Available variables
@@ -240,7 +240,7 @@ It may be worthwhile to set up a [scheduled pipeline](../../../ci/pipelines/sche
image: docker:stable
services:
- - docker:19.03.5-dind
+ - docker:19.03.8-dind
stages:
- build
diff --git a/doc/user/application_security/dependency_scanning/index.md b/doc/user/application_security/dependency_scanning/index.md
index 799f3e1f629..ae006178945 100644
--- a/doc/user/application_security/dependency_scanning/index.md
+++ b/doc/user/application_security/dependency_scanning/index.md
@@ -46,7 +46,7 @@ this is enabled by default.
CAUTION: **Caution:**
If you use your own Runners, make sure that the Docker version you have installed
-is **not** `19.03.00`. See [troubleshooting information](#error-response-from-daemon-error-processing-tar-file-docker-tar-relocation-error) for details.
+is **not** `19.03.0`. See [troubleshooting information](#error-response-from-daemon-error-processing-tar-file-docker-tar-relocation-error) for details.
Privileged mode is not necessary if you've [disabled Docker in Docker for Dependency Scanning](#disabling-docker-in-docker-for-dependency-scanning)
@@ -419,7 +419,7 @@ You can also [submit new vulnerabilities](https://gitlab.com/gitlab-org/security
### Error response from daemon: error processing tar file: docker-tar: relocation error
-This error occurs when the Docker version used to run the SAST job is `19.03.00`.
-You are advised to update to Docker `19.03.01` or greater. Older versions are not
+This error occurs when the Docker version used to run the SAST job is `19.03.0`.
+You are advised to update to Docker `19.03.1` or greater. Older versions are not
affected. Read more in
[this issue](https://gitlab.com/gitlab-org/gitlab/issues/13830#note_211354992 "Current SAST container fails").
diff --git a/doc/user/application_security/sast/index.md b/doc/user/application_security/sast/index.md
index 75afdfb5cf5..011f95c7049 100644
--- a/doc/user/application_security/sast/index.md
+++ b/doc/user/application_security/sast/index.md
@@ -58,7 +58,7 @@ CAUTION: **Caution:** Our SAST jobs currently expect a Linux container type. Win
CAUTION: **Caution:**
If you use your own Runners, make sure that the Docker version you have installed
-is **not** `19.03.00`. See [troubleshooting information](#error-response-from-daemon-error-processing-tar-file-docker-tar-relocation-error) for details.
+is **not** `19.03.0`. See [troubleshooting information](#error-response-from-daemon-error-processing-tar-file-docker-tar-relocation-error) for details.
## Supported languages and frameworks
@@ -582,7 +582,7 @@ security reports without requiring internet access.
### Error response from daemon: error processing tar file: docker-tar: relocation error
-This error occurs when the Docker version used to run the SAST job is `19.03.00`.
-You are advised to update to Docker `19.03.01` or greater. Older versions are not
+This error occurs when the Docker version used to run the SAST job is `19.03.0`.
+You are advised to update to Docker `19.03.1` or greater. Older versions are not
affected. Read more in
[this issue](https://gitlab.com/gitlab-org/gitlab/issues/13830#note_211354992 "Current SAST container fails").
diff --git a/doc/user/clusters/applications.md b/doc/user/clusters/applications.md
index 73ef9482e71..cc7b5dcd5fb 100644
--- a/doc/user/clusters/applications.md
+++ b/doc/user/clusters/applications.md
@@ -298,6 +298,22 @@ Ingress with the recent changes.
![Disabling WAF](../../topics/web_application_firewall/img/guide_waf_ingress_save_changes_v12_10.png)
+##### Logging and blocking modes
+
+To help you tune your WAF rules, you can globally set your WAF to either
+**Logging** or **Blocking** mode:
+
+- **Logging mode** - Allows traffic matching the rule to pass, and logs the event.
+- **Blocking mode** - Prevents traffic matching the rule from passing, and logs the event.
+
+To change your WAF's mode:
+
+1. [Install ModSecurity](../../topics/web_application_firewall/quick_start_guide.md) if you have not already done so.
+1. Navigate to **{cloud-gear}** **Operations > Kubernetes**.
+1. In **Applications**, scroll to **Ingress**.
+1. Under **Global default**, select your desired mode.
+1. Click **Save changes**.
+
##### Viewing Web Application Firewall traffic
> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/14707) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.9.
diff --git a/doc/user/packages/container_registry/index.md b/doc/user/packages/container_registry/index.md
index d6c6767a8fd..5505a4503ca 100644
--- a/doc/user/packages/container_registry/index.md
+++ b/doc/user/packages/container_registry/index.md
@@ -240,10 +240,10 @@ should look similar to this:
```yaml
build:
- image: docker:19.03.1
+ image: docker:19.03.8
stage: build
services:
- - docker:19.03.1-dind
+ - docker:19.03.8-dind
script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker build -t $CI_REGISTRY/group/project/image:latest .
@@ -254,10 +254,10 @@ You can also make use of [other variables](../../../ci/variables/README.md) to a
```yaml
build:
- image: docker:19.03.1
+ image: docker:19.03.8
stage: build
services:
- - docker:19.03.1-dind
+ - docker:19.03.8-dind
variables:
IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
script:
@@ -280,9 +280,9 @@ when needed. Changes to `master` also get tagged as `latest` and deployed using
an application-specific deploy script:
```yaml
-image: docker:19.03.1
+image: docker:19.03.8
services:
- - docker:19.03.1-dind
+ - docker:19.03.8-dind
stages:
- build
@@ -355,9 +355,9 @@ Below is an example of what your `.gitlab-ci.yml` should look like:
```yaml
build:
- image: $CI_REGISTRY/group/project/docker:19.03.1
+ image: $CI_REGISTRY/group/project/docker:19.03.8
services:
- - name: $CI_REGISTRY/group/project/docker:19.03.1-dind
+ - name: $CI_REGISTRY/group/project/docker:19.03.8-dind
alias: docker
stage: build
script:
@@ -365,7 +365,7 @@ Below is an example of what your `.gitlab-ci.yml` should look like:
- docker run my-docker-image /script/to/run/tests
```
-If you forget to set the service alias, the `docker:19.03.1` image won't find the
+If you forget to set the service alias, the `docker:19.03.8` image won't find the
`dind` service, and an error like the following will be thrown:
```plaintext
@@ -435,10 +435,10 @@ stages:
- clean
build_image:
- image: docker:19.03.1
+ image: docker:19.03.8
stage: build
services:
- - docker:19.03.1-dind
+ - docker:19.03.8-dind
variables:
IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
script:
@@ -451,10 +451,10 @@ build_image:
- master
delete_image:
- image: docker:19.03.1
+ image: docker:19.03.8
stage: clean
services:
- - docker:19.03.1-dind
+ - docker:19.03.8-dind
variables:
IMAGE_TAG: $CI_PROJECT_PATH:$CI_COMMIT_REF_SLUG
REG_SHA256: ade837fc5224acd8c34732bf54a94f579b47851cc6a7fd5899a98386b782e228
diff --git a/lib/gitlab/error_tracking.rb b/lib/gitlab/error_tracking.rb
index d20324a613e..a6e49825fd0 100644
--- a/lib/gitlab/error_tracking.rb
+++ b/lib/gitlab/error_tracking.rb
@@ -2,6 +2,21 @@
module Gitlab
module ErrorTracking
+ # Exceptions in this group will receive custom Sentry fingerprinting
+ CUSTOM_FINGERPRINTING = %w[
+ Acme::Client::Error::BadNonce
+ Acme::Client::Error::NotFound
+ Acme::Client::Error::RateLimited
+ Acme::Client::Error::Timeout
+ Acme::Client::Error::UnsupportedOperation
+ ActiveRecord::ConnectionTimeoutError
+ ActiveRecord::QueryCanceled
+ Gitlab::RequestContext::RequestDeadlineExceeded
+ GRPC::DeadlineExceeded
+ JIRA::HTTPError
+ Rack::Timeout::RequestTimeoutException
+ ].freeze
+
class << self
def configure
Raven.configure do |config|
@@ -14,8 +29,7 @@ module Gitlab
# Sanitize authentication headers
config.sanitize_http_headers = %w[Authorization Private-Token]
config.tags = { program: Gitlab.process_name }
- # Debugging for https://gitlab.com/gitlab-org/gitlab-foss/issues/57727
- config.before_send = method(:add_context_from_exception_type)
+ config.before_send = method(:before_send)
end
end
@@ -92,6 +106,13 @@ module Gitlab
private
+ def before_send(event, hint)
+ event = add_context_from_exception_type(event, hint)
+ event = custom_fingerprinting(event, hint)
+
+ event
+ end
+
def process_exception(exception, sentry: false, logging: true, extra:)
exception.try(:sentry_extra_data)&.tap do |data|
extra = extra.merge(data) if data.is_a?(Hash)
@@ -142,6 +163,7 @@ module Gitlab
}
end
+ # Debugging for https://gitlab.com/gitlab-org/gitlab-foss/issues/57727
def add_context_from_exception_type(event, hint)
if ActiveModel::MissingAttributeError === hint[:exception]
columns_hash = ActiveRecord::Base
@@ -156,6 +178,18 @@ module Gitlab
event
end
+
+ # Group common, mostly non-actionable exceptions by type and message,
+ # rather than cause
+ def custom_fingerprinting(event, hint)
+ ex = hint[:exception]
+
+ return event unless CUSTOM_FINGERPRINTING.include?(ex.class.name)
+
+ event.fingerprint = ['{{ default }}', ex.class.name, ex.message]
+
+ event
+ end
end
end
end