diff options
| -rw-r--r-- | app/assets/stylesheets/framework/sidebar.scss | 7 | ||||
| -rw-r--r-- | app/assets/stylesheets/pages/builds.scss | 1 | ||||
| -rw-r--r-- | app/assets/stylesheets/pages/issuable.scss | 1 | ||||
| -rw-r--r-- | app/assets/stylesheets/pages/wiki.scss | 1 | ||||
| -rw-r--r-- | changelogs/unreleased/196226-rightsidebar-collapsed-always-on-scrollbar.yml | 5 | ||||
| -rw-r--r-- | changelogs/unreleased/212526-oauth-orphan-check.yml | 5 | ||||
| -rw-r--r-- | changelogs/unreleased/dockerfile_swift_template.yml | 5 | ||||
| -rw-r--r-- | danger/changelog/Dangerfile | 2 | ||||
| -rw-r--r-- | doc/api/templates/dockerfiles.md | 4 | ||||
| -rw-r--r-- | lib/gitlab/auth.rb | 6 | ||||
| -rw-r--r-- | qa/qa/specs/features/browser_ui/6_release/pipeline/parent_child_pipelines_dependent_relationship_spec.rb | 122 | ||||
| -rw-r--r-- | qa/qa/specs/features/browser_ui/6_release/pipeline/parent_child_pipelines_independent_relationship_spec.rb | 121 | ||||
| -rw-r--r-- | spec/lib/gitlab/auth_spec.rb | 18 | ||||
| -rw-r--r-- | vendor/Dockerfile/Swift.Dockerfile | 13 |
14 files changed, 299 insertions, 12 deletions
diff --git a/app/assets/stylesheets/framework/sidebar.scss b/app/assets/stylesheets/framework/sidebar.scss index bf1fd7fd29f..36f8bdbe611 100644 --- a/app/assets/stylesheets/framework/sidebar.scss +++ b/app/assets/stylesheets/framework/sidebar.scss @@ -84,6 +84,12 @@ .right-sidebar { border-left: 1px solid $border-color; + + .sidebar-container, + .issuable-sidebar { + // Add 100px so that potentially visible vertical scroll bar is hidden + width: calc(100% + 100px); + } } .with-performance-bar .right-sidebar.affix { @@ -129,7 +135,6 @@ .issuable-sidebar { padding: 0 3px; - width: calc(100% + 35px); } } diff --git a/app/assets/stylesheets/pages/builds.scss b/app/assets/stylesheets/pages/builds.scss index 0ecb38a1ea7..2ddab6c3065 100644 --- a/app/assets/stylesheets/pages/builds.scss +++ b/app/assets/stylesheets/pages/builds.scss @@ -176,7 +176,6 @@ } .sidebar-container { - width: calc(100% + 100px); padding-right: 100px; height: 100%; overflow-y: scroll; diff --git a/app/assets/stylesheets/pages/issuable.scss b/app/assets/stylesheets/pages/issuable.scss index fd56f655c0a..6de4dbfa8e5 100644 --- a/app/assets/stylesheets/pages/issuable.scss +++ b/app/assets/stylesheets/pages/issuable.scss @@ -309,7 +309,6 @@ } .issuable-sidebar { - width: 100%; height: 100%; overflow-y: scroll; overflow-x: hidden; diff --git a/app/assets/stylesheets/pages/wiki.scss b/app/assets/stylesheets/pages/wiki.scss index 0b65b915abf..640968ff678 100644 --- a/app/assets/stylesheets/pages/wiki.scss +++ b/app/assets/stylesheets/pages/wiki.scss @@ -80,7 +80,6 @@ .sidebar-container { padding: $gl-padding 0; - width: calc(100% + 100px); padding-right: 100px; height: 100%; overflow-y: scroll; diff --git a/changelogs/unreleased/196226-rightsidebar-collapsed-always-on-scrollbar.yml b/changelogs/unreleased/196226-rightsidebar-collapsed-always-on-scrollbar.yml new file mode 100644 index 00000000000..8c4623579cf --- /dev/null +++ b/changelogs/unreleased/196226-rightsidebar-collapsed-always-on-scrollbar.yml @@ -0,0 +1,5 @@ +--- +title: Fix right sidebar when scrollbars are always visible +merge_request: 27314 +author: Shawn @CasualBot +type: fixed diff --git a/changelogs/unreleased/212526-oauth-orphan-check.yml b/changelogs/unreleased/212526-oauth-orphan-check.yml new file mode 100644 index 00000000000..1f473f734ae --- /dev/null +++ b/changelogs/unreleased/212526-oauth-orphan-check.yml @@ -0,0 +1,5 @@ +--- +title: Fix Gitlab::Auth to handle orphaned oauth tokens +merge_request: 28159 +author: +type: fixed diff --git a/changelogs/unreleased/dockerfile_swift_template.yml b/changelogs/unreleased/dockerfile_swift_template.yml new file mode 100644 index 00000000000..7c5d5357637 --- /dev/null +++ b/changelogs/unreleased/dockerfile_swift_template.yml @@ -0,0 +1,5 @@ +--- +title: "Add Swift Dockerfile to GitLab templates" +merge_request: 28035 +author: +type: added diff --git a/danger/changelog/Dangerfile b/danger/changelog/Dangerfile index ae1a5bbac40..210fe24c1e3 100644 --- a/danger/changelog/Dangerfile +++ b/danger/changelog/Dangerfile @@ -28,7 +28,7 @@ def check_changelog_yaml(path) if yaml["merge_request"].nil? && !helper.security_mr? message "Consider setting `merge_request` to #{gitlab.mr_json["iid"]} in #{gitlab.html_link(path)}. #{SEE_DOC}" - elsif yaml["merge_request"] != gitlab.mr_json["iid"] + elsif yaml["merge_request"] != gitlab.mr_json["iid"] && !helper.security_mr? fail "Merge request ID was not set to #{gitlab.mr_json["iid"]}! #{SEE_DOC}" end rescue Psych::SyntaxError, Psych::DisallowedClass, Psych::BadAlias diff --git a/doc/api/templates/dockerfiles.md b/doc/api/templates/dockerfiles.md index 6e693a405b6..a2c21ada05b 100644 --- a/doc/api/templates/dockerfiles.md +++ b/doc/api/templates/dockerfiles.md @@ -91,6 +91,10 @@ Example response: { "key": "Ruby-alpine", "name": "Ruby-alpine" + }, + { + "key": "Swift", + "name": "Swift" } ] ``` diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb index 7f7bdda953f..8a68808d9fd 100644 --- a/lib/gitlab/auth.rb +++ b/lib/gitlab/auth.rb @@ -164,20 +164,18 @@ module Gitlab Gitlab::Auth::Result.new(user, nil, :gitlab_or_ldap, full_authentication_abilities) end - # rubocop: disable CodeReuse/ActiveRecord def oauth_access_token_check(login, password) if login == "oauth2" && password.present? token = Doorkeeper::AccessToken.by_token(password) if valid_oauth_token?(token) - user = User.find_by(id: token.resource_owner_id) - return unless user.can?(:log_in) + user = User.id_in(token.resource_owner_id).first + return unless user&.can?(:log_in) Gitlab::Auth::Result.new(user, nil, :oauth, full_authentication_abilities) end end end - # rubocop: enable CodeReuse/ActiveRecord def personal_access_token_check(password) return unless password.present? diff --git a/qa/qa/specs/features/browser_ui/6_release/pipeline/parent_child_pipelines_dependent_relationship_spec.rb b/qa/qa/specs/features/browser_ui/6_release/pipeline/parent_child_pipelines_dependent_relationship_spec.rb new file mode 100644 index 00000000000..9ff33698b0e --- /dev/null +++ b/qa/qa/specs/features/browser_ui/6_release/pipeline/parent_child_pipelines_dependent_relationship_spec.rb @@ -0,0 +1,122 @@ +# frozen_string_literal: true + +module QA + context 'Release', :docker, quarantine: { type: :new } do + describe 'Parent-child pipelines dependent relationship' do + let!(:project) do + Resource::Project.fabricate_via_api! do |project| + project.name = 'pipelines-dependent-relationship' + end + end + let!(:runner) do + Resource::Runner.fabricate_via_api! do |runner| + runner.project = project + runner.name = project.name + runner.tags = ["#{project.name}"] + end + end + + before do + Flow::Login.sign_in + end + + after do + runner.remove_via_api! + end + + it 'parent pipelines passes if child passes' do + add_ci_files(success_child_ci_file) + view_pipelines + + Page::Project::Pipeline::Show.perform do |parent_pipeline| + parent_pipeline.click_linked_job(project.name) + + expect(parent_pipeline).to have_job("child_job") + expect(parent_pipeline).to be_passed + end + end + + it 'parent pipeline fails if child fails' do + add_ci_files(fail_child_ci_file) + view_pipelines + + Page::Project::Pipeline::Show.perform do |parent_pipeline| + parent_pipeline.click_linked_job(project.name) + + expect(parent_pipeline).to have_job("child_job") + expect(parent_pipeline).to be_failed + end + end + + private + + def view_pipelines + Page::Project::Menu.perform(&:click_ci_cd_pipelines) + Page::Project::Pipeline::Index.perform(&:wait_for_latest_pipeline_completion) + Page::Project::Pipeline::Index.perform(&:click_on_latest_pipeline) + end + + def success_child_ci_file + { + file_path: '.child-ci.yml', + content: <<~YAML + child_job: + stage: test + tags: ["#{project.name}"] + script: echo "Child job done!" + + YAML + } + end + + def fail_child_ci_file + { + file_path: '.child-ci.yml', + content: <<~YAML + child_job: + stage: test + tags: ["#{project.name}"] + script: exit 1 + + YAML + } + end + + def parent_ci_file + { + file_path: '.gitlab-ci.yml', + content: <<~YAML + stages: + - test + - deploy + + job1: + stage: test + trigger: + include: ".child-ci.yml" + strategy: depend + + job2: + stage: deploy + tags: ["#{project.name}"] + script: echo "parent deploy done" + + YAML + } + end + + def add_ci_files(child_ci_file) + Resource::Repository::Commit.fabricate_via_api! do |commit| + commit.project = project + commit.commit_message = 'Add parent and child pipelines CI files.' + commit.add_files( + [ + child_ci_file, + parent_ci_file + ] + ) + end.project.visit! + end + end + end +end diff --git a/qa/qa/specs/features/browser_ui/6_release/pipeline/parent_child_pipelines_independent_relationship_spec.rb b/qa/qa/specs/features/browser_ui/6_release/pipeline/parent_child_pipelines_independent_relationship_spec.rb new file mode 100644 index 00000000000..ec7af809cf6 --- /dev/null +++ b/qa/qa/specs/features/browser_ui/6_release/pipeline/parent_child_pipelines_independent_relationship_spec.rb @@ -0,0 +1,121 @@ +# frozen_string_literal: true + +module QA + context 'Release', :docker, quarantine: { type: :new } do + describe 'Parent-child pipelines independent relationship' do + let!(:project) do + Resource::Project.fabricate_via_api! do |project| + project.name = 'pipeline-independent-relationship' + end + end + let!(:runner) do + Resource::Runner.fabricate_via_api! do |runner| + runner.project = project + runner.name = project.name + runner.tags = ["#{project.name}"] + end + end + + before do + Flow::Login.sign_in + end + + after do + runner.remove_via_api! + end + + it 'parent pipelines passes if child passes' do + add_ci_files(success_child_ci_file) + view_pipelines + + Page::Project::Pipeline::Show.perform do |parent_pipeline| + parent_pipeline.click_linked_job(project.name) + + expect(parent_pipeline).to have_job("child_job") + expect(parent_pipeline).to be_passed + end + end + + it 'parent pipeline passes even if child fails' do + add_ci_files(fail_child_ci_file) + view_pipelines + + Page::Project::Pipeline::Show.perform do |parent_pipeline| + parent_pipeline.click_linked_job(project.name) + + expect(parent_pipeline).to have_job("child_job") + expect(parent_pipeline).to be_passed + end + end + + private + + def view_pipelines + Page::Project::Menu.perform(&:click_ci_cd_pipelines) + Page::Project::Pipeline::Index.perform(&:wait_for_latest_pipeline_completion) + Page::Project::Pipeline::Index.perform(&:click_on_latest_pipeline) + end + + def success_child_ci_file + { + file_path: '.child-ci.yml', + content: <<~YAML + child_job: + stage: test + tags: ["#{project.name}"] + script: echo "Child job done!" + + YAML + } + end + + def fail_child_ci_file + { + file_path: '.child-ci.yml', + content: <<~YAML + child_job: + stage: test + tags: ["#{project.name}"] + script: exit 1 + + YAML + } + end + + def parent_ci_file + { + file_path: '.gitlab-ci.yml', + content: <<~YAML + stages: + - test + - deploy + + job1: + stage: test + trigger: + include: ".child-ci.yml" + + job2: + stage: deploy + tags: ["#{project.name}"] + script: echo "parent deploy done" + + YAML + } + end + + def add_ci_files(child_ci_file) + Resource::Repository::Commit.fabricate_via_api! do |commit| + commit.project = project + commit.commit_message = 'Add parent and child pipelines CI files.' + commit.add_files( + [ + child_ci_file, + parent_ci_file + ] + ) + end.project.visit! + end + end + end +end diff --git a/spec/lib/gitlab/auth_spec.rb b/spec/lib/gitlab/auth_spec.rb index 528019bb9ff..dcc4d277f5c 100644 --- a/spec/lib/gitlab/auth_spec.rb +++ b/spec/lib/gitlab/auth_spec.rb @@ -250,6 +250,13 @@ describe Gitlab::Auth, :use_clean_rails_memory_store_caching do let(:token_w_api_scope) { Doorkeeper::AccessToken.create!(application_id: application.id, resource_owner_id: user.id, scopes: 'api') } let(:application) { Doorkeeper::Application.create!(name: 'MyApp', redirect_uri: 'https://app.com', owner: user) } + shared_examples 'an oauth failure' do + it 'fails' do + expect(gl_auth.find_for_git_client("oauth2", token_w_api_scope.token, project: nil, ip: 'ip')) + .to eq(Gitlab::Auth::Result.new(nil, nil, nil, nil)) + end + end + it 'succeeds for OAuth tokens with the `api` scope' do expect(gl_auth.find_for_git_client("oauth2", token_w_api_scope.token, project: nil, ip: 'ip')).to eq(Gitlab::Auth::Result.new(user, nil, :oauth, described_class.full_authentication_abilities)) end @@ -269,10 +276,15 @@ describe Gitlab::Auth, :use_clean_rails_memory_store_caching do context 'blocked user' do let(:user) { create(:user, :blocked) } - it 'fails' do - expect(gl_auth.find_for_git_client("oauth2", token_w_api_scope.token, project: nil, ip: 'ip')) - .to eq(Gitlab::Auth::Result.new(nil, nil, nil, nil)) + it_behaves_like 'an oauth failure' + end + + context 'orphaned token' do + before do + user.destroy end + + it_behaves_like 'an oauth failure' end end diff --git a/vendor/Dockerfile/Swift.Dockerfile b/vendor/Dockerfile/Swift.Dockerfile new file mode 100644 index 00000000000..a1a08c60b1e --- /dev/null +++ b/vendor/Dockerfile/Swift.Dockerfile @@ -0,0 +1,13 @@ +FROM swift:5.0 as builder + +WORKDIR /src +COPY . . +RUN swift build -c release + +FROM swift:5.0-slim + +WORKDIR /src +COPY --from=builder /src . +EXPOSE 8080 + +CMD [ ".build/release/app"] |