diff options
33 files changed, 208 insertions, 99 deletions
diff --git a/.eslintrc.yml b/.eslintrc.yml index 524ce64118f..37499eff807 100644 --- a/.eslintrc.yml +++ b/.eslintrc.yml @@ -46,7 +46,6 @@ rules: promise/always-return: off promise/no-callback-in-promise: off promise/no-nesting: off - promise/param-names: off promise/valid-params: off overrides: files: diff --git a/app/models/concerns/routable.rb b/app/models/concerns/routable.rb index bdd87437e2a..129d0fbb2c0 100644 --- a/app/models/concerns/routable.rb +++ b/app/models/concerns/routable.rb @@ -51,14 +51,21 @@ module Routable # Klass.where_full_path_in(%w{gitlab-org/gitlab-foss gitlab-org/gitlab}) # # Returns an ActiveRecord::Relation. - def where_full_path_in(paths) + def where_full_path_in(paths, use_includes: true) return none if paths.empty? wheres = paths.map do |path| "(LOWER(routes.path) = LOWER(#{connection.quote(path)}))" end - includes(:route).where(wheres.join(' OR ')).references(:routes) + route = + if use_includes + includes(:route).references(:routes) + else + joins(:route) + end + + route.where(wheres.join(' OR ')) end end diff --git a/changelogs/unreleased/10904-insights-include-projects.yml b/changelogs/unreleased/10904-insights-include-projects.yml new file mode 100644 index 00000000000..224ae9b786f --- /dev/null +++ b/changelogs/unreleased/10904-insights-include-projects.yml @@ -0,0 +1,5 @@ +--- +title: Add projects.only option to Insights +merge_request: 15930 +author: +type: added diff --git a/changelogs/unreleased/sec-rep-mr-fixes.yml b/changelogs/unreleased/sec-rep-mr-fixes.yml new file mode 100644 index 00000000000..30e4a367552 --- /dev/null +++ b/changelogs/unreleased/sec-rep-mr-fixes.yml @@ -0,0 +1,5 @@ +--- +title: Fixes issues with the security reports migration +merge_request: 17519 +author: +type: fixed diff --git a/doc/administration/gitaly/index.md b/doc/administration/gitaly/index.md index d0c78031055..ef73b765745 100644 --- a/doc/administration/gitaly/index.md +++ b/doc/administration/gitaly/index.md @@ -3,7 +3,7 @@ [Gitaly](https://gitlab.com/gitlab-org/gitaly) is the service that provides high-level RPC access to Git repositories. Without it, no other components can read or write Git data. GitLab components that access Git -repositories (gitlab-rails, gitlab-shell, gitlab-workhorse, etc.) act as clients +repositories (GitLab Rails, GitLab Shell, GitLab Workhorse, etc.) act as clients to Gitaly. End users do not have direct access to Gitaly. In the rest of this page, Gitaly server is referred to the standalone node that @@ -47,8 +47,8 @@ But since 11.8 the indexer uses Gitaly for data access as well. NFS can still be leveraged for redudancy on block level of the Git data. But only has to be mounted on the Gitaly server. -Starting with GitLab 11.8, it is possible to use ElasticSearch in conjunction with -a Gitaly setup that isn't utilising NFS. In order to use ElasticSearch in this +Starting with GitLab 11.8, it is possible to use Elasticsearch in conjunction with +a Gitaly setup that isn't utilising NFS. In order to use Elasticsearch in this scenario, the [new repository indexer](../../integration/elasticsearch.md#elasticsearch-repository-indexer-beta) needs to be enabled in your GitLab configuration. @@ -71,8 +71,8 @@ The following list depicts what the network architecture of Gitaly is: - A GitLab server can use one or more Gitaly servers. - Gitaly addresses must be specified in such a way that they resolve correctly for ALL Gitaly clients. -- Gitaly clients are: Unicorn, Sidekiq, gitlab-workhorse, - gitlab-shell, Elasticsearch Indexer, and Gitaly itself. +- Gitaly clients are: Unicorn, Sidekiq, GitLab Workhorse, + GitLab Shell, Elasticsearch Indexer, and Gitaly itself. - A Gitaly server must be able to make RPC calls **to itself** via its own `(Gitaly address, Gitaly token)` pair as specified in `/config/gitlab.yml`. - Gitaly servers must not be exposed to the public internet as Gitaly's network @@ -576,7 +576,7 @@ machine. ### 1. Monitor current authentication behavior -Use prometheus to see what the current authentication behavior of your +Use Prometheus to see what the current authentication behavior of your GitLab installation is. ``` @@ -612,7 +612,7 @@ The second step is to temporarily disable authentication on the Gitaly servers. gitaly['auth_transitioning'] = true ``` -After you have applied this, your prometheus query should return +After you have applied this, your Prometheus query should return something like this: ``` @@ -631,10 +631,10 @@ gitaly['auth_token'] = 'my new secret token' ``` Remember to apply this on both your Gitaly clients *and* servers. If you -check your prometheus query while this change is being rolled out, you +check your Prometheus query while this change is being rolled out, you will see non-zero values for the `enforced="false",status="denied"` counter. -### 4. Use prometheus to ensure there are no authentication failures +### 4. Use Prometheus to ensure there are no authentication failures After you applied the Gitaly token change everywhere, and all services involved have been restarted, you should will temporarily see a mix of @@ -658,7 +658,7 @@ gitaly['auth_transitioning'] = false ### 6. Verify that authentication is enforced again -Refresh your prometheus query. You should now see the same kind of +Refresh your Prometheus query. You should now see the same kind of result as you did in the beginning: ``` diff --git a/doc/administration/integration/plantuml.md b/doc/administration/integration/plantuml.md index 67e1729e7fd..fe0b392c2d7 100644 --- a/doc/administration/integration/plantuml.md +++ b/doc/administration/integration/plantuml.md @@ -66,7 +66,13 @@ to the local PlantUML server `http://localhost:8080/plantuml`. To enable the redirection, add the following line in `/etc/gitlab/gitlab.rb`: ```ruby -nginx['custom_gitlab_server_config'] = "location /-/plantuml { \n proxy_cache off; \n proxy_pass http://127.0.0.1:8080; \n}\n" +nginx['custom_gitlab_server_config'] = "location /-/plantuml/ { \n proxy_cache off; \n proxy_pass http://127.0.0.1:8080/plantuml/; \n}\n" +``` + +To activate the changes, run the following command: + +```sh +sudo gitlab-ctl reconfigure ``` ## GitLab diff --git a/doc/administration/logs.md b/doc/administration/logs.md index 9ccfde58605..9263ab51dc9 100644 --- a/doc/administration/logs.md +++ b/doc/administration/logs.md @@ -233,7 +233,7 @@ This file lives in `/var/log/gitlab/gitlab-shell/gitlab-shell.log` for Omnibus GitLab packages or in `/home/git/gitlab-shell/gitlab-shell.log` for installations from source. -GitLab shell is used by GitLab for executing Git commands and provide +GitLab Shell is used by GitLab for executing Git commands and provide SSH access to Git repositories. For example: ``` @@ -241,7 +241,7 @@ I, [2015-02-13T06:17:00.671315 #9291] INFO -- : Adding project root/example.git I, [2015-02-13T06:17:00.679433 #9291] INFO -- : Moving existing hooks directory and symlinking global hooks directory for /var/opt/gitlab/git-data/repositories/root/example.git. ``` -User clone/fetch activity using ssh transport appears in this log as `executing git command <gitaly-upload-pack...`. +User clone/fetch activity using SSH transport appears in this log as `executing git command <gitaly-upload-pack...`. ## `unicorn_stderr.log` @@ -252,7 +252,7 @@ installations from source. Unicorn is a high-performance forking Web server which is used for serving the GitLab application. You can look at this log if, for example, your application does not respond. This log contains all -information about the state of unicorn processes at any given time. +information about the state of Unicorn processes at any given time. ``` I, [2015-02-13T06:14:46.680381 #9047] INFO -- : Refreshing Gem list diff --git a/doc/administration/monitoring/index.md b/doc/administration/monitoring/index.md index 2b3daec42bd..80e727f6a5c 100644 --- a/doc/administration/monitoring/index.md +++ b/doc/administration/monitoring/index.md @@ -10,4 +10,4 @@ Explore our features to monitor your GitLab instance: - [GitHub imports](github_imports.md): Monitor the health and progress of GitLab's GitHub importer with various Prometheus metrics. - [Monitoring uptime](../../user/admin_area/monitoring/health_check.md): Check the server status using the health check endpoint. - [IP whitelists](ip_whitelist.md): Configure GitLab for monitoring endpoints that provide health check information when probed. -- [nginx_status](https://docs.gitlab.com/omnibus/settings/nginx.html#enablingdisabling-nginx_status): Monitor your Nginx server status +- [`nginx_status`](https://docs.gitlab.com/omnibus/settings/nginx.html#enablingdisabling-nginx_status): Monitor your NGINX server status diff --git a/doc/administration/monitoring/performance/grafana_configuration.md b/doc/administration/monitoring/performance/grafana_configuration.md index d389c7c5003..323f955f598 100644 --- a/doc/administration/monitoring/performance/grafana_configuration.md +++ b/doc/administration/monitoring/performance/grafana_configuration.md @@ -32,14 +32,14 @@ in the top bar. Fill in the configuration details for the InfluxDB data source. Save and Test Connection to ensure the configuration is correct. -- **Name**: InfluxDB +- **Name**: `InfluxDB` - **Default**: Checked -- **Type**: InfluxDB 0.9.x (Even if you're using InfluxDB 0.10.x) +- **Type**: `InfluxDB 0.9.x` (Even if you're using InfluxDB 0.10.x) - **Url**: `https://localhost:8086` (Or the remote URL if you've installed InfluxDB on a separate server) -- **Access**: proxy -- **Database**: gitlab -- **User**: admin (Or the username configured when setting up InfluxDB) +- **Access**: `proxy` +- **Database**: `gitlab` +- **User**: `admin` (Or the username configured when setting up InfluxDB) - **Password**: The password configured when you set up InfluxDB  diff --git a/doc/administration/monitoring/performance/influxdb_configuration.md b/doc/administration/monitoring/performance/influxdb_configuration.md index cf6728510fe..90a7be19f90 100644 --- a/doc/administration/monitoring/performance/influxdb_configuration.md +++ b/doc/administration/monitoring/performance/influxdb_configuration.md @@ -95,7 +95,7 @@ UDP can be done using the following settings: This does the following: 1. Enable UDP and bind it to port 8089 for all addresses. -1. Store any data received in the "gitlab" database. +1. Store any data received in the `gitlab` database. 1. Define a batch of points to be 1000 points in size and allow a maximum of 5 batches _or_ flush them automatically after 1 second. 1. Define a UDP read buffer size of 200 MB. diff --git a/doc/administration/monitoring/performance/prometheus.md b/doc/administration/monitoring/performance/prometheus.md index 2c5bab46dd9..f05a420fc19 100644 --- a/doc/administration/monitoring/performance/prometheus.md +++ b/doc/administration/monitoring/performance/prometheus.md @@ -2,4 +2,4 @@ redirect_to: '../prometheus/index.md' --- -This document was moved to [monitoring/prometheus](../prometheus/index.md). +This document was moved to [another location](../prometheus/index.md). diff --git a/doc/administration/monitoring/prometheus/gitlab_metrics.md b/doc/administration/monitoring/prometheus/gitlab_metrics.md index f78a3da2107..02920293daa 100644 --- a/doc/administration/monitoring/prometheus/gitlab_metrics.md +++ b/doc/administration/monitoring/prometheus/gitlab_metrics.md @@ -42,10 +42,10 @@ The following metrics are available: | `gitlab_transaction_cache_read_hit_count_total` | Counter | 10.2 | Counter for cache hits for Rails cache calls | controller, action | | `gitlab_transaction_cache_read_miss_count_total` | Counter | 10.2 | Counter for cache misses for Rails cache calls | controller, action | | `gitlab_transaction_duration_seconds` | Histogram | 10.2 | Duration for all transactions (gitlab_transaction_* metrics) | controller, action | -| `gitlab_transaction_event_build_found_total` | Counter | 9.4 | Counter for build found for api /jobs/request | | -| `gitlab_transaction_event_build_invalid_total` | Counter | 9.4 | Counter for build invalid due to concurrency conflict for api /jobs/request | | -| `gitlab_transaction_event_build_not_found_cached_total` | Counter | 9.4 | Counter for cached response of build not found for api /jobs/request | | -| `gitlab_transaction_event_build_not_found_total` | Counter | 9.4 | Counter for build not found for api /jobs/request | | +| `gitlab_transaction_event_build_found_total` | Counter | 9.4 | Counter for build found for API /jobs/request | | +| `gitlab_transaction_event_build_invalid_total` | Counter | 9.4 | Counter for build invalid due to concurrency conflict for API /jobs/request | | +| `gitlab_transaction_event_build_not_found_cached_total` | Counter | 9.4 | Counter for cached response of build not found for API /jobs/request | | +| `gitlab_transaction_event_build_not_found_total` | Counter | 9.4 | Counter for build not found for API /jobs/request | | | `gitlab_transaction_event_change_default_branch_total` | Counter | 9.4 | Counter when default branch is changed for any repository | | | `gitlab_transaction_event_create_repository_total` | Counter | 9.4 | Counter when any repository is created | | | `gitlab_transaction_event_etag_caching_cache_hit_total` | Counter | 9.4 | Counter for etag cache hit. | endpoint | @@ -66,10 +66,10 @@ The following metrics are available: | `gitlab_transaction_event_remove_branch_total` | Counter | 9.4 | Counter when a branch is removed for any repository | | | `gitlab_transaction_event_remove_repository_total` | Counter | 9.4 | Counter when a repository is removed | | | `gitlab_transaction_event_remove_tag_total` | Counter | 9.4 | Counter when a tag is remove for any repository | | -| `gitlab_transaction_event_sidekiq_exception_total` | Counter | 9.4 | Counter of sidekiq exceptions | | +| `gitlab_transaction_event_sidekiq_exception_total` | Counter | 9.4 | Counter of Sidekiq exceptions | | | `gitlab_transaction_event_stuck_import_jobs_total` | Counter | 9.4 | Count of stuck import jobs | projects_without_jid_count, projects_with_jid_count | -| `gitlab_transaction_event_update_build_total` | Counter | 9.4 | Counter for update build for api /jobs/request/:id | | -| `gitlab_transaction_new_redis_connections_total` | Counter | 9.4 | Counter for new redis connections | | +| `gitlab_transaction_event_update_build_total` | Counter | 9.4 | Counter for update build for API /jobs/request/:id | | +| `gitlab_transaction_new_redis_connections_total` | Counter | 9.4 | Counter for new Redis connections | | | `gitlab_transaction_queue_duration_total` | Counter | 9.4 | Duration jobs were enqueued before processing | | | `gitlab_transaction_rails_queue_duration_total` | Counter | 9.4 | Measures latency between GitLab Workhorse forwarding a request to Rails | controller, action | | `gitlab_transaction_view_duration_total` | Counter | 9.4 | Duration for views | controller, action, view | diff --git a/doc/administration/monitoring/prometheus/index.md b/doc/administration/monitoring/prometheus/index.md index 9228ebf4fed..07905e6fa3b 100644 --- a/doc/administration/monitoring/prometheus/index.md +++ b/doc/administration/monitoring/prometheus/index.md @@ -114,7 +114,7 @@ To use an external Prometheus server: gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '192.168.0.1'] ``` -1. To scrape nginx metrics, you'll also need to configure nginx to allow the Prometheus server +1. To scrape NGINX metrics, you'll also need to configure NGINX to allow the Prometheus server IP. For example: ```ruby diff --git a/doc/administration/operations/cleaning_up_redis_sessions.md b/doc/administration/operations/cleaning_up_redis_sessions.md index c9b5ab9d290..fd469ae23e3 100644 --- a/doc/administration/operations/cleaning_up_redis_sessions.md +++ b/doc/administration/operations/cleaning_up_redis_sessions.md @@ -11,8 +11,8 @@ start building up again after you clean up. In GitLab versions prior to 7.3.0, the session keys in Redis are 16-byte hexadecimal values such as '976aa289e2189b17d7ef525a6702ace9'. Starting with GitLab 7.3.0, the keys are -prefixed with 'session:gitlab:', so they would look like -'session:gitlab:976aa289e2189b17d7ef525a6702ace9'. Below we describe how to +prefixed with `session:gitlab:`, so they would look like +`session:gitlab:976aa289e2189b17d7ef525a6702ace9`. Below we describe how to remove the keys in the old format. **Note:** the instructions below must be modified in accordance with your diff --git a/doc/administration/operations/fast_ssh_key_lookup.md b/doc/administration/operations/fast_ssh_key_lookup.md index 16424c25a98..9a38e8ddd23 100644 --- a/doc/administration/operations/fast_ssh_key_lookup.md +++ b/doc/administration/operations/fast_ssh_key_lookup.md @@ -2,7 +2,7 @@ NOTE: **Note:** This document describes a drop-in replacement for the `authorized_keys` file for normal (non-deploy key) users. Consider -using [ssh certificates](ssh_certificates.md), they are even faster, +using [SSH certificates](ssh_certificates.md), they are even faster, but are not a drop-in replacement. > [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/1631) in @@ -78,7 +78,7 @@ CAUTION: **Caution:** Do not disable writes until SSH is confirmed to be working perfectly, because the file will quickly become out-of-date. In the case of lookup failures (which are common), the `authorized_keys` -file will still be scanned. So git SSH performance will still be slow for many +file will still be scanned. So Git SSH performance will still be slow for many users as long as a large file exists. You can disable any more writes to the `authorized_keys` file by unchecking diff --git a/doc/administration/operations/moving_repositories.md b/doc/administration/operations/moving_repositories.md index ec11a92db1b..d54ffacd281 100644 --- a/doc/administration/operations/moving_repositories.md +++ b/doc/administration/operations/moving_repositories.md @@ -31,7 +31,7 @@ If you want to see progress, replace `-xf` with `-xvf`. ### Tar pipe to another server You can also use a tar pipe to copy data to another server. If your -'git' user has SSH access to the newserver as 'git@newserver', you +`git` user has SSH access to the newserver as `git@newserver`, you can pipe the data through SSH. ``` @@ -61,7 +61,7 @@ If you want to see progress, replace `-a` with `-av`. ### Single rsync to another server -If the 'git' user on your source system has SSH access to the target +If the `git` user on your source system has SSH access to the target server you can send the repositories over the network with rsync. ``` @@ -95,7 +95,7 @@ after switching to the new repository storage directory. This will sync repositories with 10 rsync processes at a time. We keep track of progress so that the transfer can be restarted if necessary. -First we create a new directory, owned by 'git', to hold transfer +First we create a new directory, owned by `git`, to hold transfer logs. We assume the directory is empty before we start the transfer procedure, and that we are the only ones writing files in it. diff --git a/doc/administration/operations/sidekiq_memory_killer.md b/doc/administration/operations/sidekiq_memory_killer.md index 509bc77a8c3..79e9fb778b6 100644 --- a/doc/administration/operations/sidekiq_memory_killer.md +++ b/doc/administration/operations/sidekiq_memory_killer.md @@ -2,7 +2,7 @@ The GitLab Rails application code suffers from memory leaks. For web requests this problem is made manageable using -[unicorn-worker-killer](https://github.com/kzk/unicorn-worker-killer) which +[`unicorn-worker-killer`](https://github.com/kzk/unicorn-worker-killer) which restarts Unicorn worker processes in between requests when needed. The Sidekiq MemoryKiller applies the same approach to the Sidekiq processes used by GitLab to process background jobs. @@ -10,8 +10,8 @@ to process background jobs. Unlike unicorn-worker-killer, which is enabled by default for all GitLab installations since GitLab 6.4, the Sidekiq MemoryKiller is enabled by default _only_ for Omnibus packages. The reason for this is that the MemoryKiller -relies on Runit to restart Sidekiq after a memory-induced shutdown and GitLab -installations from source do not all use Runit or an equivalent. +relies on runit to restart Sidekiq after a memory-induced shutdown and GitLab +installations from source do not all use runit or an equivalent. With the default settings, the MemoryKiller will cause a Sidekiq restart no more often than once every 15 minutes, with the restart causing about one @@ -49,7 +49,7 @@ The MemoryKiller is controlled using environment variables. the restart will be aborted. The default value for Omnibus packages is set - [in the omnibus-gitlab + [in the Omnibus GitLab repository](https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/attributes/default.rb). - `SIDEKIQ_MEMORY_KILLER_HARD_LIMIT_RSS`: is used by _daemon_ mode. If the Sidekiq @@ -72,4 +72,4 @@ The MemoryKiller is controlled using environment variables. If the process hard shutdown/restart is not performed by Sidekiq, the Sidekiq process will be forcefully terminated after `Sidekiq.options[:timeout] * 2` seconds. An external supervision mechanism - (e.g. Runit) must restart Sidekiq afterwards. + (e.g. runit) must restart Sidekiq afterwards. diff --git a/doc/administration/operations/ssh_certificates.md b/doc/administration/operations/ssh_certificates.md index 3792bcd3bca..2a9a4cff34e 100644 --- a/doc/administration/operations/ssh_certificates.md +++ b/doc/administration/operations/ssh_certificates.md @@ -3,7 +3,7 @@ > [Available in](https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/19911) GitLab > Community Edition 11.2. -GitLab's default SSH authentication requires users to upload their ssh +GitLab's default SSH authentication requires users to upload their SSH public keys before they can use the SSH transport. In centralized (e.g. corporate) environments this can be a hassle diff --git a/doc/administration/operations/unicorn.md b/doc/administration/operations/unicorn.md index 8178cb243f3..969f1211643 100644 --- a/doc/administration/operations/unicorn.md +++ b/doc/administration/operations/unicorn.md @@ -40,7 +40,7 @@ master process has PID 56227 below. The main tunables for Unicorn are the number of worker processes and the request timeout after which the Unicorn master terminates a worker process. -See the [omnibus-gitlab Unicorn settings +See the [Omnibus GitLab Unicorn settings documentation](https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/unicorn.md) if you want to adjust these settings. diff --git a/doc/administration/packages/container_registry.md b/doc/administration/packages/container_registry.md index 58a34607e2d..8b89c5e914e 100644 --- a/doc/administration/packages/container_registry.md +++ b/doc/administration/packages/container_registry.md @@ -360,9 +360,9 @@ The different supported drivers are: | Driver | Description | |------------|-------------------------------------| | filesystem | Uses a path on the local filesystem | -| azure | Microsoft Azure Blob Storage | +| Azure | Microsoft Azure Blob Storage | | gcs | Google Cloud Storage | -| s3 | Amazon Simple Storage Service. Be sure to configure your storage bucket with the correct [S3 Permission Scopes](https://docs.docker.com/registry/storage-drivers/s3/#s3-permission-scopes). | +| s3 | Amazon Simple Storage Service. Be sure to configure your storage bucket with the correct [S3 Permission Scopes](https://docs.docker.com/registry/storage-drivers/s3/#s3-permission-scopes). | | swift | OpenStack Swift Object Storage | | oss | Aliyun OSS | @@ -374,7 +374,7 @@ filesystem. Remember to enable backups with your object storage provider if desired. NOTE: **Note:** -`regionendpoint` is only required when configuring an S3 compatible service such as Minio. It takes a URL such as `http://127.0.0.1:9000`. +`regionendpoint` is only required when configuring an S3 compatible service such as MinIO. It takes a URL such as `http://127.0.0.1:9000`. **Omnibus GitLab installations** diff --git a/doc/administration/raketasks/check.md b/doc/administration/raketasks/check.md index d8f80965c21..eb230f02c0d 100644 --- a/doc/administration/raketasks/check.md +++ b/doc/administration/raketasks/check.md @@ -8,7 +8,7 @@ help GitLab administrators diagnose problem repositories so they can be fixed. There are 3 things that are checked to determine integrity. -1. Git repository file system check ([git fsck](https://git-scm.com/docs/git-fsck)). +1. Git repository file system check ([`git fsck`](https://git-scm.com/docs/git-fsck)). This step verifies the connectivity and validity of objects in the repository. 1. Check for `config.lock` in the repository directory. 1. Check for any branch/references lock files in `refs/heads`. diff --git a/doc/administration/raketasks/geo.md b/doc/administration/raketasks/geo.md index 387bc71965b..09f72c3411d 100644 --- a/doc/administration/raketasks/geo.md +++ b/doc/administration/raketasks/geo.md @@ -2,7 +2,7 @@ ## Git housekeeping -There are few tasks you can run to schedule a git housekeeping to start at the +There are few tasks you can run to schedule a Git housekeeping to start at the next repository sync in a **Secondary node**: ### Incremental Repack diff --git a/doc/administration/raketasks/maintenance.md b/doc/administration/raketasks/maintenance.md index 89335fcd2a8..e63e0c40393 100644 --- a/doc/administration/raketasks/maintenance.md +++ b/doc/administration/raketasks/maintenance.md @@ -62,7 +62,7 @@ It will check that each component was set up according to the installation guide You may also have a look at our Troubleshooting Guides: - [Troubleshooting Guide (GitLab)](../index.md#troubleshooting) -- [Troubleshooting Guide (Omnibus Gitlab)](https://docs.gitlab.com/omnibus/README.html#troubleshooting) +- [Troubleshooting Guide (Omnibus GitLab)](https://docs.gitlab.com/omnibus/README.html#troubleshooting) **Omnibus Installation** @@ -76,7 +76,7 @@ sudo gitlab-rake gitlab:check bundle exec rake gitlab:check RAILS_ENV=production ``` -NOTE: Use SANITIZE=true for gitlab:check if you want to omit project names from the output. +NOTE: Use `SANITIZE=true` for `gitlab:check` if you want to omit project names from the output. Example output: @@ -146,7 +146,7 @@ You will lose any data stored in authorized_keys file. Do you want to continue (yes/no)? yes ``` -## Clear redis cache +## Clear Redis cache If for some reason the dashboard shows wrong information you might want to clear Redis' cache. @@ -183,7 +183,7 @@ For omnibus versions, the unoptimized assets (JavaScript, CSS) are frozen at the release of upstream GitLab. The omnibus version includes optimized versions of those assets. Unless you are modifying the JavaScript / CSS code on your production machine after installing the package, there should be no reason to redo -rake gitlab:assets:compile on the production machine. If you suspect that assets +`rake gitlab:assets:compile` on the production machine. If you suspect that assets have been corrupted, you should reinstall the omnibus package. ## Tracking Deployments diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md index e87270f884a..1efda2f07eb 100644 --- a/doc/api/graphql/reference/index.md +++ b/doc/api/graphql/reference/index.md @@ -459,7 +459,7 @@ The API can be explored interactively using the [GraphiQL IDE](../index.md#graph | Name | Type | Description | | --- | ---- | ---------- | | `storageSize` | Int! | The total storage in Bytes | -| `repositorySize` | Int! | The git repository size in Bytes | +| `repositorySize` | Int! | The Git repository size in Bytes | | `lfsObjectsSize` | Int! | The LFS objects size in Bytes | | `buildArtifactsSize` | Int! | The CI artifacts size in Bytes | | `packagesSize` | Int! | The packages size in Bytes | diff --git a/doc/api/merge_requests.md b/doc/api/merge_requests.md index 21e24dc7934..738715d2dbf 100644 --- a/doc/api/merge_requests.md +++ b/doc/api/merge_requests.md @@ -823,7 +823,7 @@ Parameters: ## Create MR Pipeline -> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/31722) in Gitlab 12.3. +> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/31722) in GitLab 12.3. Create a new [pipeline for a merge request](../ci/merge_request_pipelines/index.md). A pipeline created via this endpoint will not run a regular branch/tag pipeline, it requires `.gitlab-ci.yml` to be configured with `only: [merge_requests]` to create jobs. diff --git a/doc/api/oauth2.md b/doc/api/oauth2.md index f9382361187..6b49a39b83a 100644 --- a/doc/api/oauth2.md +++ b/doc/api/oauth2.md @@ -102,7 +102,7 @@ CAUTION: **Important:** Avoid using this flow for applications that store data outside of the GitLab instance. If you do, make sure to verify `application id` associated with the access token before granting access to the data -(see [/oauth/token/info](https://github.com/doorkeeper-gem/doorkeeper/wiki/API-endpoint-descriptions-and-examples#get----oauthtokeninfo)). +(see [`/oauth/token/info`](https://github.com/doorkeeper-gem/doorkeeper/wiki/API-endpoint-descriptions-and-examples#get----oauthtokeninfo)). Unlike the web flow, the client receives an `access token` immediately as a result of the authorization request. The flow does not use the client secret diff --git a/doc/api/services.md b/doc/api/services.md index 5feb5b2196b..ece00d59b4b 100644 --- a/doc/api/services.md +++ b/doc/api/services.md @@ -10,7 +10,7 @@ Asana - Teamwork without email Set Asana service for a project. -> This service adds commit messages as comments to Asana tasks. Once enabled, commit messages are checked for Asana task URLs (for example, `https://app.asana.com/0/123456/987654`) or task IDs starting with # (for example, `#987654`). Every task ID found will get the commit comment added to it. You can also close a task with a message containing: `fix #123456`. You can find your Api Keys here: <https://asana.com/developers/documentation/getting-started/auth#api-key>. +> This service adds commit messages as comments to Asana tasks. Once enabled, commit messages are checked for Asana task URLs (for example, `https://app.asana.com/0/123456/987654`) or task IDs starting with # (for example, `#987654`). Every task ID found will get the commit comment added to it. You can also close a task with a message containing: `fix #123456`. You can find your API Keys here: <https://asana.com/developers/documentation/getting-started/auth#api-key>. ``` PUT /projects/:id/services/asana diff --git a/doc/api/settings.md b/doc/api/settings.md index f0d70b45d28..efb6809794f 100644 --- a/doc/api/settings.md +++ b/doc/api/settings.md @@ -179,8 +179,8 @@ are listed in the descriptions of the relevant settings. | `admin_notification_email` | string | no | Abuse reports will be sent to this address if it is set. Abuse reports are always available in the admin area. | | `after_sign_out_path` | string | no | Where to redirect users after logout. | | `after_sign_up_text` | string | no | Text shown to the user after signing up | -| `akismet_api_key` | string | required by: `akismet_enabled` | API key for akismet spam protection. | -| `akismet_enabled` | boolean | no | (**If enabled, requires:** `akismet_api_key`) Enable or disable akismet spam protection. | +| `akismet_api_key` | string | required by: `akismet_enabled` | API key for Akismet spam protection. | +| `akismet_enabled` | boolean | no | (**If enabled, requires:** `akismet_api_key`) Enable or disable Akismet spam protection. | | `allow_group_owners_to_manage_ldap` | boolean | no | **(PREMIUM)** Set to `true` to allow group owners to manage LDAP | | `allow_local_requests_from_hooks_and_services` | boolean | no | (Deprecated: Use `allow_local_requests_from_web_hooks_and_services` instead) Allow requests to the local network from hooks and services. | | `allow_local_requests_from_system_hooks` | boolean | no | Allow requests to the local network from system hooks. | @@ -214,7 +214,7 @@ are listed in the descriptions of the relevant settings. | `ed25519_key_restriction` | integer | no | The minimum allowed curve size (in bits) of an uploaded ED25519 key. Default is `0` (no restriction). `-1` disables ED25519 keys. | | `elasticsearch_aws_access_key` | string | no | **(PREMIUM)** AWS IAM access key | | `elasticsearch_aws` | boolean | no | **(PREMIUM)** Enable the use of AWS hosted Elasticsearch | -| `elasticsearch_aws_region` | string | no | **(PREMIUM)** The AWS region the elasticsearch domain is configured | +| `elasticsearch_aws_region` | string | no | **(PREMIUM)** The AWS region the Elasticsearch domain is configured | | `elasticsearch_aws_secret_access_key` | string | no | **(PREMIUM)** AWS IAM secret access key | | `elasticsearch_indexing` | boolean | no | **(PREMIUM)** Enable Elasticsearch indexing | | `elasticsearch_limit_indexing` | boolean | no | **(PREMIUM)** Limit Elasticsearch to index certain namespaces and projects | @@ -286,12 +286,12 @@ are listed in the descriptions of the relevant settings. | `plantuml_url` | string | required by: `plantuml_enabled` | The PlantUML instance URL for integration. | | `polling_interval_multiplier` | decimal | no | Interval multiplier used by endpoints that perform polling. Set to `0` to disable polling. | | `project_export_enabled` | boolean | no | Enable project export. | -| `prometheus_metrics_enabled` | boolean | no | Enable prometheus metrics. | +| `prometheus_metrics_enabled` | boolean | no | Enable Prometheus metrics. | | `protected_ci_variables` | boolean | no | Environment variables are protected by default. | | `pseudonymizer_enabled` | boolean | no | **(PREMIUM)** When enabled, GitLab will run a background job that will produce pseudonymized CSVs of the GitLab database that will be uploaded to your configured object storage directory. -| `recaptcha_enabled` | boolean | no | (**If enabled, requires:** `recaptcha_private_key` and `recaptcha_site_key`) Enable recaptcha. | -| `recaptcha_private_key` | string | required by: `recaptcha_enabled` | Private key for recaptcha. | -| `recaptcha_site_key` | string | required by: `recaptcha_enabled` | Site key for recaptcha. | +| `recaptcha_enabled` | boolean | no | (**If enabled, requires:** `recaptcha_private_key` and `recaptcha_site_key`) Enable reCAPTCHA. | +| `recaptcha_private_key` | string | required by: `recaptcha_enabled` | Private key for reCAPTCHA. | +| `recaptcha_site_key` | string | required by: `recaptcha_enabled` | Site key for reCAPTCHA. | | `receive_max_input_size` | integer | no | Maximum push size (MB). | | `repository_checks_enabled` | boolean | no | GitLab will periodically run `git fsck` in all project and wiki repositories to look for silent disk corruption issues. | | `repository_size_limit` | integer | no | **(PREMIUM)** Size limit per repository (MB) | diff --git a/doc/user/project/insights/index.md b/doc/user/project/insights/index.md index 76a6a96eec5..ec3831f2d27 100644 --- a/doc/user/project/insights/index.md +++ b/doc/user/project/insights/index.md @@ -58,9 +58,9 @@ For example, here's a single definition for Insights that will display one page ```yaml bugsCharts: - title: 'Charts for Bugs' + title: "Charts for bugs" charts: - - title: Monthly Bugs Created (bar) + - title: "Monthly bugs created" type: bar query: issuable_type: issue @@ -76,7 +76,7 @@ Each chart definition is made up of a hash composed of key-value pairs. For example, here's single chart definition: ```yaml -- title: Monthly Bugs Created (bar) +- title: "Monthly bugs created" type: bar query: issuable_type: issue @@ -111,7 +111,7 @@ For example: ```yaml monthlyBugsCreated: - title: Monthly Bugs Created (bar) + title: "Monthly bugs created" ``` ### `type` @@ -122,7 +122,7 @@ For example: ```yaml monthlyBugsCreated: - title: Monthly Bugs Created (bar) + title: "Monthly bugs created" type: bar ``` @@ -145,7 +145,7 @@ Example: ```yaml monthlyBugsCreated: - title: Monthly Bugs Created (bar) + title: "Monthly bugs created" type: bar query: issuable_type: issue @@ -174,7 +174,7 @@ Supported values are: Filter by the state of the queried "issuable". -If you omit it, the `opened` state filter will be applied. +By default, the `opened` state filter will be applied. Supported values are: @@ -188,14 +188,14 @@ Supported values are: Filter by labels applied to the queried "issuable". -If you omit it, no labels filter will be applied. All the defined labels must be +By default, no labels filter will be applied. All the defined labels must be applied to the "issuable" in order for it to be selected. Example: ```yaml monthlyBugsCreated: - title: Monthly regressions Created (bar) + title: "Monthly regressions created" type: bar query: issuable_type: issue @@ -209,14 +209,14 @@ monthlyBugsCreated: Group "issuable" by the configured labels. -If you omit it, no grouping will be done. When using this keyword, you need to +By default, no grouping will be done. When using this keyword, you need to set `type` to either `line` or `stacked-bar`. Example: ```yaml weeklyBugsBySeverity: - title: Weekly Bugs By Severity (stacked bar) + title: "Weekly bugs by severity" type: stacked-bar query: issuable_type: issue @@ -248,7 +248,7 @@ The unit is related to the `query.group_by` you defined. For instance if you defined `query.group_by: 'day'` then `query.period_limit: 365` would mean "Gather and display data for the last 365 days". -If you omit it, default values will be applied depending on the `query.group_by` +By default, default values will be applied depending on the `query.group_by` you defined. | `query.group_by` | Default value | @@ -257,14 +257,63 @@ you defined. | `week` | 4 | | `month` | 12 | +### `projects` + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/10904) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.4. + +You can limit where the "issuables" can be queried from: + +- If `.gitlab/insights.yml` is used for a [group's insights](../../group/insights/index.md#configure-your-insights), with `projects`, you can limit the projects to be queried. By default, all projects under the group will be used. +- If `.gitlab/insights.yml` is used for a project's insights, specifying any other projects will yield no results. By default, the project itself will be used. + +#### `projects.only` + +The `projects.only` option specifies the projects which the "issuables" +should be queried from. + +Projects listed here will be ignored when: + +- They don't exist. +- The current user doesn't have sufficient permissions to read them. +- They are outside of the group. + +In the following `insights.yml` example, we specify the projects +the queries will be used on. This example is useful when setting +a group's insights: + +```yaml +monthlyBugsCreated: + title: "Monthly bugs created" + type: bar + query: + issuable_type: issue + issuable_state: opened + filter_labels: + - bug + projects: + only: + - 3 # You can use the project ID + - groupA/projectA # Or full project path + - groupA/subgroupB/projectC # Projects in subgroups can be included + - groupB/project # Projects outside the group will be ignored +``` + ## Complete example ```yaml +.projectsOnly: &projectsOnly + projects: + only: + - 3 + - groupA/projectA + - groupA/subgroupB/projectC + bugsCharts: - title: 'Charts for Bugs' + title: "Charts for bugs" charts: - - title: Monthly Bugs Created (bar) + - title: "Monthly bugs created" type: bar + <<: *projectsOnly query: issuable_type: issue issuable_state: opened @@ -272,8 +321,10 @@ bugsCharts: - bug group_by: month period_limit: 24 - - title: Weekly Bugs By Severity (stacked bar) + + - title: "Weekly bugs by severity" type: stacked-bar + <<: *projectsOnly query: issuable_type: issue issuable_state: opened @@ -286,8 +337,10 @@ bugsCharts: - S4 group_by: week period_limit: 104 - - title: Monthly Bugs By Team (line) + + - title: "Monthly bugs by team" type: line + <<: *projectsOnly query: issuable_type: merge_request issuable_state: opened diff --git a/spec/frontend/helpers/tracking_helper.js b/spec/frontend/helpers/tracking_helper.js new file mode 100644 index 00000000000..68c1bd2dbca --- /dev/null +++ b/spec/frontend/helpers/tracking_helper.js @@ -0,0 +1,25 @@ +import Tracking from '~/tracking'; + +export default Tracking; + +let document; +let handlers; + +export function mockTracking(category = '_category_', documentOverride, spyMethod) { + document = documentOverride || window.document; + window.snowplow = () => {}; + Tracking.bindDocument(category, document); + return spyMethod ? spyMethod(Tracking, 'event') : null; +} + +export function unmockTracking() { + window.snowplow = undefined; + handlers.forEach(event => document.removeEventListener(event.name, event.func)); +} + +export function triggerEvent(selectorOrEl, eventName = 'click') { + const event = new Event(eventName, { bubbles: true }); + const el = typeof selectorOrEl === 'string' ? document.querySelector(selectorOrEl) : selectorOrEl; + + el.dispatchEvent(event); +} diff --git a/spec/frontend/ide/components/error_message_spec.js b/spec/frontend/ide/components/error_message_spec.js index fd6d1a494d4..e995c64645e 100644 --- a/spec/frontend/ide/components/error_message_spec.js +++ b/spec/frontend/ide/components/error_message_spec.js @@ -95,18 +95,18 @@ describe('IDE error message component', () => { }); it('shows loading icon when loading', () => { - let resolve; + let resolveAction; actionMock.mockImplementation( () => - new Promise(ok => { - resolve = ok; + new Promise(resolve => { + resolveAction = resolve; }), ); wrapper.find('button').trigger('click'); return wrapper.vm.$nextTick(() => { expect(wrapper.find(GlLoadingIcon).isVisible()).toBe(true); - resolve(); + resolveAction(); }); }); diff --git a/spec/javascripts/sidebar/confidential_issue_sidebar_spec.js b/spec/frontend/sidebar/confidential_issue_sidebar_spec.js index 50374b8973f..549010075db 100644 --- a/spec/javascripts/sidebar/confidential_issue_sidebar_spec.js +++ b/spec/frontend/sidebar/confidential_issue_sidebar_spec.js @@ -1,6 +1,6 @@ import Vue from 'vue'; import confidentialIssueSidebar from '~/sidebar/components/confidential/confidential_issue_sidebar.vue'; -import { mockTracking, triggerEvent } from 'spec/helpers/tracking_helper'; +import { mockTracking, triggerEvent } from 'helpers/tracking_helper'; describe('Confidential Issue Sidebar Block', () => { let vm1; @@ -37,40 +37,36 @@ describe('Confidential Issue Sidebar Block', () => { expect(vm2.$el.innerHTML.includes('Not confidential')).toBe(true); }); - it('displays the edit form when editable', done => { + it('displays the edit form when editable', () => { expect(vm1.edit).toBe(false); vm1.$el.querySelector('.confidential-edit').click(); expect(vm1.edit).toBe(true); - setTimeout(() => { + return Vue.nextTick().then(() => { expect(vm1.$el.innerHTML.includes('You are going to turn off the confidentiality.')).toBe( true, ); - - done(); }); }); - it('displays the edit form when opened from collapsed state', done => { + it('displays the edit form when opened from collapsed state', () => { expect(vm1.edit).toBe(false); vm1.$el.querySelector('.sidebar-collapsed-icon').click(); expect(vm1.edit).toBe(true); - setTimeout(() => { + return Vue.nextTick().then(() => { expect(vm1.$el.innerHTML.includes('You are going to turn off the confidentiality.')).toBe( true, ); - - done(); }); }); it('tracks the event when "Edit" is clicked', () => { - const spy = mockTracking('_category_', vm1.$el, spyOn); + const spy = mockTracking('_category_', vm1.$el, jest.spyOn); triggerEvent('.confidential-edit'); expect(spy).toHaveBeenCalledWith('_category_', 'click_edit_button', { diff --git a/spec/lib/gitlab/ci/build/rules/rule/clause/exists_spec.rb b/spec/lib/gitlab/ci/build/rules/rule/clause/exists_spec.rb index c016216304a..3605bac7dfc 100644 --- a/spec/lib/gitlab/ci/build/rules/rule/clause/exists_spec.rb +++ b/spec/lib/gitlab/ci/build/rules/rule/clause/exists_spec.rb @@ -4,11 +4,24 @@ require 'spec_helper' describe Gitlab::Ci::Build::Rules::Rule::Clause::Exists do describe '#satisfied_by?' do + let(:pipeline) { build(:ci_pipeline, project: project, sha: project.repository.head_commit.sha) } + + subject { described_class.new(globs).satisfied_by?(pipeline, nil) } + it_behaves_like 'a glob matching rule' do let(:project) { create(:project, :custom_repo, files: files) } - let(:pipeline) { build(:ci_pipeline, project: project, sha: project.repository.head_commit.sha) } + end + + context 'after pattern comparision limit is reached' do + let(:globs) { ['*definitely_not_a_matching_glob*'] } + let(:project) { create(:project, :repository) } + + before do + stub_const('Gitlab::Ci::Build::Rules::Rule::Clause::Exists::MAX_PATTERN_COMPARISONS', 2) + expect(File).to receive(:fnmatch?).exactly(2).times.and_call_original + end - subject { described_class.new(globs).satisfied_by?(pipeline, nil) } + it { is_expected.to be_truthy } end end end |