diff options
Diffstat (limited to 'config')
32 files changed, 681 insertions, 77 deletions
diff --git a/config/application.rb b/config/application.rb index cddd91f267a..c5ef6a2c60d 100644 --- a/config/application.rb +++ b/config/application.rb @@ -47,6 +47,19 @@ module Gitlab config.generators.templates.push("#{config.root}/generator_templates") + ee_paths = config.eager_load_paths.each_with_object([]) do |path, memo| + ee_path = config.root.join('ee', Pathname.new(path).relative_path_from(config.root)) + memo << ee_path.to_s if ee_path.exist? + end + + # Eager load should load CE first + config.eager_load_paths.push(*ee_paths) + config.helpers_paths.push "#{config.root}/ee/app/helpers" + + # Other than Ruby modules we load EE first + config.paths['lib/tasks'].unshift "#{config.root}/ee/lib/tasks" + config.paths['app/views'].unshift "#{config.root}/ee/app/views" + # Rake tasks ignore the eager loading settings, so we need to set the # autoload paths explicitly config.autoload_paths = config.eager_load_paths.dup @@ -153,6 +166,7 @@ module Gitlab # Import gitlab-svgs directly from vendored directory config.assets.paths << "#{config.root}/node_modules/@gitlab/svgs/dist" + config.assets.paths << "#{config.root}/node_modules" config.assets.precompile << "icons.svg" config.assets.precompile << "icons.json" config.assets.precompile << "illustrations/*.svg" @@ -161,6 +175,23 @@ module Gitlab config.assets.paths << "#{config.root}/node_modules/xterm/src/" config.assets.precompile << "xterm.css" + %w[images javascripts stylesheets].each do |path| + config.assets.paths << "#{config.root}/ee/app/assets/#{path}" + config.assets.precompile << "jira_connect.js" + config.assets.precompile << "pages/jira_connect.css" + end + + config.assets.paths << "#{config.root}/vendor/assets/javascripts/" + config.assets.precompile << "snowplow/sp.js" + + # Compile non-JS/CSS assets in the ee/app/assets folder by default + # Mimic sprockets-rails default: https://github.com/rails/sprockets-rails/blob/v3.2.1/lib/sprockets/railtie.rb#L84-L87 + LOOSE_EE_APP_ASSETS = lambda do |logical_path, filename| + filename.start_with?(config.root.join("ee/app/assets").to_s) && + !['.js', '.css', ''].include?(File.extname(logical_path)) + end + config.assets.precompile << LOOSE_EE_APP_ASSETS + # Version of your assets, change this if you want to expire all your assets config.assets.version = '1.0' diff --git a/config/boot.rb b/config/boot.rb index 2811f0e6188..b76b26a5e75 100644 --- a/config/boot.rb +++ b/config/boot.rb @@ -3,7 +3,7 @@ ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__) # Set up gems listed in the Gemfile. require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE']) begin - require 'bootsnap/setup' + require 'bootsnap/setup' unless ENV['DISABLE_BOOTSNAP'] rescue LoadError # bootsnap is an optional dependency, so if we don't have it, it's fine end diff --git a/config/database.yml.example b/config/database.yml.example deleted file mode 100644 index e69de29bb2d..00000000000 --- a/config/database.yml.example +++ /dev/null diff --git a/config/database.yml.postgresql b/config/database.yml.postgresql index baded682e46..5b3b35c9226 100644 --- a/config/database.yml.postgresql +++ b/config/database.yml.postgresql @@ -9,6 +9,15 @@ production: username: git password: "secure password" host: localhost + # load_balancing: + # hosts: + # - host1.example.com + # - host2.example.com + # discover: + # nameserver: 1.2.3.4 + # port: 8600 + # record: secondary.postgresql.service.consul + # interval: 300 # # Development specific diff --git a/config/dependency_decisions.yml b/config/dependency_decisions.yml index af76bace577..40a80429afa 100644 --- a/config/dependency_decisions.yml +++ b/config/dependency_decisions.yml @@ -599,3 +599,10 @@ :why: https://github.com/apache/incubator-echarts/blob/master/LICENSE :versions: [] :when: 2018-12-07 20:46:12.421256000 Z +- - :license + - contracts + - BSD + - :who: Jarka Košanová + :why: https://github.com/egonSchiele/contracts.ruby/blob/master/LICENSE + :versions: [] + :when: 2019-04-01 11:29:39.361015000 Z diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example index c83f569d885..c82d9b5ceef 100644 --- a/config/gitlab.yml.example +++ b/config/gitlab.yml.example @@ -230,7 +230,45 @@ production: &base ## Packages (maven repository, npm registry, etc...) packages: - enabled: false + enabled: true + # The location where build packages are stored (default: shared/packages). + # storage_path: shared/packages + object_store: + enabled: false + remote_directory: packages # The bucket name + # direct_upload: false # Use Object Storage directly for uploads instead of background uploads if enabled (Default: false) + # background_upload: false # Temporary option to limit automatic upload (Default: true) + # proxy_download: false # Passthrough all downloads via GitLab instead of using Redirects to Object Storage + connection: + provider: AWS + aws_access_key_id: AWS_ACCESS_KEY_ID + aws_secret_access_key: AWS_SECRET_ACCESS_KEY + region: us-east-1 + # host: 'localhost' # default: s3.amazonaws.com + # endpoint: 'http://127.0.0.1:9000' # default: nil + # aws_signature_version: 4 # For creation of signed URLs. Set to 2 if provider does not support v4. + # path_style: true # Use 'host/bucket_name/object' instead of 'bucket_name.host/object' + + ## Dependency Proxy + dependency_proxy: + enabled: true + # The location where build packages are stored (default: shared/dependency_proxy). + # storage_path: shared/dependency_proxy + object_store: + enabled: false + remote_directory: dependency_proxy # The bucket name + # direct_upload: false # Use Object Storage directly for uploads instead of background uploads if enabled (Default: false) + # background_upload: false # Temporary option to limit automatic upload (Default: true) + # proxy_download: false # Passthrough all downloads via GitLab instead of using Redirects to Object Storage + connection: + provider: AWS + aws_access_key_id: AWS_ACCESS_KEY_ID + aws_secret_access_key: AWS_SECRET_ACCESS_KEY + region: us-east-1 + # host: 'localhost' # default: s3.amazonaws.com + # endpoint: 'http://127.0.0.1:9000' # default: nil + # aws_signature_version: 4 # For creation of signed URLs. Set to 2 if provider does not support v4. + # path_style: true # Use 'host/bucket_name/object' instead of 'bucket_name.host/object' ## GitLab Pages pages: @@ -306,6 +344,53 @@ production: &base schedule_migrate_external_diffs_worker: cron: "15 * * * *" + # GitLab EE only jobs. These jobs are automatically enabled for an EE + # installation, and ignored for a CE installation. + ee_cron_jobs: + # Snapshot active users statistics + historical_data_worker: + cron: "0 12 * * *" + + # In addition to refreshing users when they log in, + # periodically refresh LDAP users membership. + # NOTE: This will only take effect if LDAP is enabled + ldap_sync_worker: + cron: "30 1 * * *" + + # Periodically refresh LDAP groups membership. + # NOTE: This will only take effect if LDAP is enabled + ldap_group_sync_worker: + cron: "0 * * * *" + + # GitLab Geo metrics update worker + # NOTE: This will only take effect if Geo is enabled + geo_metrics_update_worker: + cron: "*/1 * * * *" + + # GitLab Geo prune event log worker + # NOTE: This will only take effect if Geo is enabled (primary node only) + geo_prune_event_log_worker: + cron: "*/5 * * * *" + + # GitLab Geo repository sync worker + # NOTE: This will only take effect if Geo is enabled (secondary nodes only) + geo_repository_sync_worker: + cron: "*/1 * * * *" + + # GitLab Geo file download dispatch worker + # NOTE: This will only take effect if Geo is enabled (secondary nodes only) + geo_file_download_dispatch_worker: + cron: "*/1 * * * *" + + # GitLab Geo migrated local files clean up worker + # NOTE: This will only take effect if Geo is enabled (secondary nodes only) + geo_migrated_local_files_clean_up_worker: + cron: "15 */6 * * *" + + # Export pseudonymized data in CSV format for analysis + pseudonymizer_worker: + cron: "0 * * * *" + registry: # enabled: true # host: registry.example.com @@ -323,6 +408,16 @@ production: &base # clientside_dsn: https://<key>@sentry.io/<project> # environment: 'production' # e.g. development, staging, production + ## Geo + # NOTE: These settings will only take effect if Geo is enabled + geo: + # This is an optional identifier which Geo nodes can use to identify themselves. + # For example, if external_url is the same for two secondaries, you must specify + # a unique Geo node name for those secondaries. + # + # If it is blank, it defaults to external_url. + node_name: '' + # # 2. GitLab CI settings # ========================== @@ -349,6 +444,19 @@ production: &base # bundle exec rake gitlab:ldap:check RAILS_ENV=production ldap: enabled: false + + # This setting controls the number of seconds between LDAP permission checks + # for each user. After this time has expired for a given user, their next + # interaction with GitLab (a click in the web UI, a git pull, etc.) will be + # slower because the LDAP permission check is being performed. How much + # slower depends on your LDAP setup, but it is not uncommon for this check + # to add seconds of waiting time. The default value is to have a "slow + # click" once every 3600 seconds (i.e., once per hour). + # + # Warning: if you set this value too low, every click in GitLab will be a + # "slow click" for all of your LDAP users. + # sync_time: 3600 + servers: ########################################################################## # @@ -446,6 +554,10 @@ production: &base # A value of 0 means there is no timeout. timeout: 10 + # Enable smartcard authentication against the LDAP server. Valid values + # are "false", "optional", and "required". + smartcard_auth: false + # This setting specifies if LDAP server is Active Directory LDAP server. # For non AD servers it skips the AD specific queries. # If your LDAP server is not AD, set this to false. @@ -485,6 +597,31 @@ production: &base # user_filter: '' + # Base where we can search for groups + # + # Ex. ou=Groups,dc=gitlab,dc=example + # + group_base: '' + + # LDAP group of users who should be admins in GitLab + # + # Ex. GLAdmins + # + admin_group: '' + + # LDAP group of users who should be marked as external users in GitLab + # + # Ex. ['Contractors', 'Interns'] + # + external_groups: [] + + # Name of attribute which holds a ssh public key of the user object. + # If false or nil, SSH key syncronisation will be disabled. + # + # Ex. sshpublickey + # + sync_ssh_keys: false + # LDAP attributes that GitLab will use to create an account for the LDAP user. # The specified attribute can either be the attribute name as a string (e.g. 'mail'), # or an array of attribute names to try in order (e.g. ['mail', 'email']). @@ -516,6 +653,38 @@ production: &base # host: # .... + ## Smartcard authentication settings + smartcard: + # Allow smartcard authentication + enabled: false + + # Path to a file containing a CA certificate + ca_file: '/etc/ssl/certs/CA.pem' + + # Port where the client side certificate is requested by the webserver (NGINX/Apache) + # client_certificate_required_port: 3444 + + ## Kerberos settings + kerberos: + # Allow the HTTP Negotiate authentication method for Git clients + enabled: false + + # Kerberos 5 keytab file. The keytab file must be readable by the GitLab user, + # and should be different from other keytabs in the system. + # (default: use default keytab from Krb5 config) + # keytab: /etc/http.keytab + + # The Kerberos service name to be used by GitLab. + # (default: accept any service name in keytab file) + # service_principal_name: HTTP/gitlab.example.com@EXAMPLE.COM + + # Dedicated port: Git before 2.4 does not fall back to Basic authentication if Negotiate fails. + # To support both Basic and Negotiate methods with older versions of Git, configure + # nginx to proxy GitLab on an extra port (e.g. 8443) and uncomment the following lines + # to dedicate this port to Kerberos authentication. (default: false) + # use_dedicated_port: true + # port: 8443 + # https: true ## OmniAuth settings omniauth: @@ -635,6 +804,8 @@ production: &base # name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient' # } } # + # - { name: 'group_saml' } + # # - { name: 'crowd', # args: { # crowd_server_url: 'CROWD SERVER URL', @@ -707,6 +878,20 @@ production: &base # # Specifies Amazon S3 storage class to use for backups, this is optional # # storage_class: 'STANDARD' + ## Pseudonymizer exporter + pseudonymizer: + # Tables manifest that specifies the fields to extract and pseudonymize. + manifest: config/pseudonymizer.yml + upload: + remote_directory: 'gitlab-elt' + # Fog storage connection settings, see http://fog.io/storage/ . + connection: + # provider: AWS + # region: eu-west-1 + # aws_access_key_id: AKIAKIAKI + # aws_secret_access_key: 'secret123' + # # The remote 'directory' to store the CSV files. For S3, this would be the bucket name. + ## GitLab Shell settings gitlab_shell: path: /home/git/gitlab-shell/ @@ -872,6 +1057,17 @@ test: token: secret backup: path: tmp/tests/backups + pseudonymizer: + manifest: config/pseudonymizer.yml + upload: + # The remote 'directory' to store the CSV files. For S3, this would be the bucket name. + remote_directory: gitlab-elt.test + # Fog storage connection settings, see http://fog.io/storage/ + connection: + provider: AWS # Only AWS supported at the moment + aws_access_key_id: AWS_ACCESS_KEY_ID + aws_secret_access_key: AWS_SECRET_ACCESS_KEY + region: us-east-1 gitlab_shell: path: tmp/tests/gitlab-shell/ authorized_keys_file: tmp/tests/authorized_keys @@ -882,7 +1078,7 @@ test: issues_url: "http://redmine/:project_id/:issues_tracker_id/:id" new_issue_url: "http://redmine/projects/:issues_tracker_id/issues/new" jira: - title: "JIRA" + title: "Jira" url: https://sample_company.atlassian.net project_key: PROJECT diff --git a/config/initializers/0_inflections.rb b/config/initializers/0_inflections.rb index 1ad9ddca877..4d1f4917275 100644 --- a/config/initializers/0_inflections.rb +++ b/config/initializers/0_inflections.rb @@ -14,6 +14,14 @@ ActiveSupport::Inflector.inflections do |inflect| award_emoji project_statistics system_note_metadata + event_log project_auto_devops + project_registry + file_registry + job_artifact_registry + vulnerability_feedback + vulnerabilities_feedback + group_view ) + inflect.acronym 'EE' end diff --git a/config/initializers/0_thread_cache.rb b/config/initializers/0_thread_cache.rb new file mode 100644 index 00000000000..feb8057132e --- /dev/null +++ b/config/initializers/0_thread_cache.rb @@ -0,0 +1,3 @@ +# frozen_string_literal: true + +Gitlab::ThreadMemoryCache.cache_backend diff --git a/config/initializers/1_postgresql_only.rb b/config/initializers/1_postgresql_only.rb new file mode 100644 index 00000000000..be771bebf47 --- /dev/null +++ b/config/initializers/1_postgresql_only.rb @@ -0,0 +1,4 @@ +# frozen_string_literal: true + +raise "PostgreSQL is the only supported database from GitLab 12.1" unless + Gitlab::Database.postgresql? diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb index 0c8d94ccaed..c803e4615b4 100644 --- a/config/initializers/1_settings.rb +++ b/config/initializers/1_settings.rb @@ -5,6 +5,13 @@ require_relative '../object_store_settings' Settings['ldap'] ||= Settingslogic.new({}) Settings.ldap['enabled'] = false if Settings.ldap['enabled'].nil? +Gitlab.ee do + Settings.ldap['sync_time'] = 3600 if Settings.ldap['sync_time'].nil? + Settings.ldap['schedule_sync_daily'] = 1 if Settings.ldap['schedule_sync_daily'].nil? + Settings.ldap['schedule_sync_hour'] = 1 if Settings.ldap['schedule_sync_hour'].nil? + Settings.ldap['schedule_sync_minute'] = 30 if Settings.ldap['schedule_sync_minute'].nil? +end + # backwards compatibility, we only have one host if Settings.ldap['enabled'] || Rails.env.test? if Settings.ldap['host'].present? @@ -23,11 +30,14 @@ if Settings.ldap['enabled'] || Rails.env.test? server['timeout'] ||= 10.seconds server['block_auto_created_users'] = false if server['block_auto_created_users'].nil? server['allow_username_or_email_login'] = false if server['allow_username_or_email_login'].nil? + server['smartcard_auth'] = false unless %w[optional required].include?(server['smartcard_auth']) server['active_directory'] = true if server['active_directory'].nil? server['attributes'] = {} if server['attributes'].nil? server['lowercase_usernames'] = false if server['lowercase_usernames'].nil? server['provider_name'] ||= "ldap#{key}".downcase server['provider_class'] = OmniAuth::Utils.camelize(server['provider_name']) + server['external_groups'] = [] if server['external_groups'].nil? + server['sync_ssh_keys'] = 'sshPublicKey' if server['sync_ssh_keys'].to_s == 'true' # For backwards compatibility server['encryption'] ||= server['method'] @@ -62,6 +72,12 @@ if Settings.ldap['enabled'] || Rails.env.test? end end +Gitlab.ee do + Settings['smartcard'] ||= Settingslogic.new({}) + Settings.smartcard['enabled'] = false if Settings.smartcard['enabled'].nil? + Settings.smartcard['client_certificate_required_port'] = 3444 if Settings.smartcard['client_certificate_required_port'].nil? +end + Settings['omniauth'] ||= Settingslogic.new({}) Settings.omniauth['enabled'] = true if Settings.omniauth['enabled'].nil? Settings.omniauth['auto_sign_in_with_provider'] = false if Settings.omniauth['auto_sign_in_with_provider'].nil? @@ -117,6 +133,15 @@ if github_settings end end +# SAML should be enabled for the tests automatically, but only for EE. +saml_provider_enabled = Settings.omniauth.providers.any? do |provider| + provider['name'] == 'group_saml' +end + +if Gitlab.ee? && Rails.env.test? && !saml_provider_enabled + Settings.omniauth.providers << Settingslogic.new({ 'name' => 'group_saml' }) +end + Settings['shared'] ||= Settingslogic.new({}) Settings.shared['path'] = Settings.absolute(Settings.shared['path'] || "shared") @@ -127,6 +152,7 @@ Settings['issues_tracker'] ||= {} # Settings['gitlab'] ||= Settingslogic.new({}) Settings.gitlab['default_project_creation'] ||= ::Gitlab::Access::DEVELOPER_MAINTAINER_PROJECT_ACCESS +Settings.gitlab['default_project_deletion_protection'] ||= false Settings.gitlab['default_projects_limit'] ||= 100000 Settings.gitlab['default_branch_protection'] ||= 2 Settings.gitlab['default_can_create_group'] = true if Settings.gitlab['default_can_create_group'].nil? @@ -177,6 +203,21 @@ Settings.gitlab['no_todos_messages'] ||= YAML.load_file(Rails.root.join('config' Settings.gitlab['impersonation_enabled'] ||= true if Settings.gitlab['impersonation_enabled'].nil? Settings.gitlab['usage_ping_enabled'] = true if Settings.gitlab['usage_ping_enabled'].nil? +Gitlab.ee do + Settings.gitlab['mirror_max_delay'] ||= 300 + Settings.gitlab['mirror_max_capacity'] ||= 30 + Settings.gitlab['mirror_capacity_threshold'] ||= 15 +end + +# +# Elasticseacrh +# +Gitlab.ee do + Settings['elasticsearch'] ||= Settingslogic.new({}) + Settings.elasticsearch['enabled'] = false if Settings.elasticsearch['enabled'].nil? + Settings.elasticsearch['url'] = ENV['ELASTIC_URL'] || "http://localhost:9200" +end + # # CI # @@ -246,6 +287,15 @@ Settings.pages['admin'] ||= Settingslogic.new({}) Settings.pages.admin['certificate'] ||= '' # +# Geo +# +Gitlab.ee do + Settings['geo'] ||= Settingslogic.new({}) + # For backwards compatibility, default to gitlab_url and if so, ensure it ends with "/" + Settings.geo['node_name'] = Settings.geo['node_name'].presence || Settings.gitlab['url'].chomp('/').concat('/') +end + +# # External merge request diffs # Settings['external_diffs'] ||= Settingslogic.new({}) @@ -272,6 +322,32 @@ Settings.uploads['object_store'] = ObjectStoreSettings.parse(Settings.uploads['o Settings.uploads['object_store']['remote_directory'] ||= 'uploads' # +# Packages +# +Gitlab.ee do + Settings['packages'] ||= Settingslogic.new({}) + Settings.packages['enabled'] = true if Settings.packages['enabled'].nil? + Settings.packages['storage_path'] = Settings.absolute(Settings.packages['storage_path'] || File.join(Settings.shared['path'], "packages")) + Settings.packages['object_store'] = ObjectStoreSettings.parse(Settings.packages['object_store']) +end + +# +# Dependency Proxy +# +Gitlab.ee do + Settings['dependency_proxy'] ||= Settingslogic.new({}) + Settings.dependency_proxy['enabled'] = true if Settings.dependency_proxy['enabled'].nil? + Settings.dependency_proxy['storage_path'] = Settings.absolute(Settings.dependency_proxy['storage_path'] || File.join(Settings.shared['path'], "dependency_proxy")) + Settings.dependency_proxy['object_store'] = ObjectStoreSettings.parse(Settings.dependency_proxy['object_store']) + + # For first iteration dependency proxy uses Rails server to download blobs. + # To ensure acceptable performance we only allow feature to be used with + # multithreaded web-server Puma. This will be removed once download logic is moved + # to GitLab workhorse + Settings.dependency_proxy['enabled'] = false unless defined?(::Puma) +end + +# # Mattermost # Settings['mattermost'] ||= Settingslogic.new({}) @@ -291,6 +367,11 @@ Settings.gravatar['host'] = Settings.host_without_www(Settings.gravatar[ # Cron Jobs # Settings['cron_jobs'] ||= Settingslogic.new({}) + +if Gitlab.ee? && Settings['ee_cron_jobs'] + Settings.cron_jobs.merge!(Settings.ee_cron_jobs) +end + Settings.cron_jobs['stuck_ci_jobs_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['stuck_ci_jobs_worker']['cron'] ||= '0 * * * *' Settings.cron_jobs['stuck_ci_jobs_worker']['job_class'] = 'StuckCiJobsWorker' @@ -327,7 +408,6 @@ Settings.cron_jobs['remove_expired_group_links_worker']['job_class'] = 'RemoveEx Settings.cron_jobs['prune_old_events_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['prune_old_events_worker']['cron'] ||= '0 */6 * * *' Settings.cron_jobs['prune_old_events_worker']['job_class'] = 'PruneOldEventsWorker' - Settings.cron_jobs['trending_projects_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['trending_projects_worker']['cron'] = '0 1 * * *' Settings.cron_jobs['trending_projects_worker']['job_class'] = 'TrendingProjectsWorker' @@ -340,31 +420,70 @@ Settings.cron_jobs['stuck_import_jobs_worker']['job_class'] = 'StuckImportJobsWo Settings.cron_jobs['gitlab_usage_ping_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['gitlab_usage_ping_worker']['cron'] ||= Settings.__send__(:cron_for_usage_ping) Settings.cron_jobs['gitlab_usage_ping_worker']['job_class'] = 'GitlabUsagePingWorker' - Settings.cron_jobs['stuck_merge_jobs_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['stuck_merge_jobs_worker']['cron'] ||= '0 */2 * * *' Settings.cron_jobs['stuck_merge_jobs_worker']['job_class'] = 'StuckMergeJobsWorker' - Settings.cron_jobs['pages_domain_verification_cron_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['pages_domain_verification_cron_worker']['cron'] ||= '*/15 * * * *' Settings.cron_jobs['pages_domain_verification_cron_worker']['job_class'] = 'PagesDomainVerificationCronWorker' - Settings.cron_jobs['pages_domain_removal_cron_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['pages_domain_removal_cron_worker']['cron'] ||= '47 0 * * *' Settings.cron_jobs['pages_domain_removal_cron_worker']['job_class'] = 'PagesDomainRemovalCronWorker' - +Settings.cron_jobs['pages_domain_ssl_renewal_cron_worker'] ||= Settingslogic.new({}) +Settings.cron_jobs['pages_domain_ssl_renewal_cron_worker']['cron'] ||= '*/10 * * * *' +Settings.cron_jobs['pages_domain_ssl_renewal_cron_worker']['job_class'] = 'PagesDomainSslRenewalCronWorker' Settings.cron_jobs['issue_due_scheduler_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['issue_due_scheduler_worker']['cron'] ||= '50 00 * * *' Settings.cron_jobs['issue_due_scheduler_worker']['job_class'] = 'IssueDueSchedulerWorker' - Settings.cron_jobs['prune_web_hook_logs_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['prune_web_hook_logs_worker']['cron'] ||= '0 */1 * * *' Settings.cron_jobs['prune_web_hook_logs_worker']['job_class'] = 'PruneWebHookLogsWorker' - Settings.cron_jobs['schedule_migrate_external_diffs_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['schedule_migrate_external_diffs_worker']['cron'] ||= '15 * * * *' Settings.cron_jobs['schedule_migrate_external_diffs_worker']['job_class'] = 'ScheduleMigrateExternalDiffsWorker' +Gitlab.ee do + Settings.cron_jobs['clear_shared_runners_minutes_worker'] ||= Settingslogic.new({}) + Settings.cron_jobs['clear_shared_runners_minutes_worker']['cron'] ||= '0 0 1 * *' + Settings.cron_jobs['clear_shared_runners_minutes_worker']['job_class'] = 'ClearSharedRunnersMinutesWorker' + Settings.cron_jobs['geo_file_download_dispatch_worker'] ||= Settingslogic.new({}) + Settings.cron_jobs['geo_file_download_dispatch_worker']['cron'] ||= '*/1 * * * *' + Settings.cron_jobs['geo_file_download_dispatch_worker']['job_class'] ||= 'Geo::FileDownloadDispatchWorker' + Settings.cron_jobs['geo_metrics_update_worker'] ||= Settingslogic.new({}) + Settings.cron_jobs['geo_metrics_update_worker']['cron'] ||= '*/1 * * * *' + Settings.cron_jobs['geo_metrics_update_worker']['job_class'] ||= 'Geo::MetricsUpdateWorker' + Settings.cron_jobs['geo_migrated_local_files_clean_up_worker'] ||= Settingslogic.new({}) + Settings.cron_jobs['geo_migrated_local_files_clean_up_worker']['cron'] ||= '15 */6 * * *' + Settings.cron_jobs['geo_migrated_local_files_clean_up_worker']['job_class'] ||= 'Geo::MigratedLocalFilesCleanUpWorker' + Settings.cron_jobs['geo_prune_event_log_worker'] ||= Settingslogic.new({}) + Settings.cron_jobs['geo_prune_event_log_worker']['cron'] ||= '*/5 * * * *' + Settings.cron_jobs['geo_prune_event_log_worker']['job_class'] ||= 'Geo::PruneEventLogWorker' + Settings.cron_jobs['geo_repository_sync_worker'] ||= Settingslogic.new({}) + Settings.cron_jobs['geo_repository_sync_worker']['cron'] ||= '*/1 * * * *' + Settings.cron_jobs['geo_repository_sync_worker']['job_class'] ||= 'Geo::RepositorySyncWorker' + Settings.cron_jobs['geo_repository_verification_primary_batch_worker'] ||= Settingslogic.new({}) + Settings.cron_jobs['geo_repository_verification_primary_batch_worker']['cron'] ||= '*/1 * * * *' + Settings.cron_jobs['geo_repository_verification_primary_batch_worker']['job_class'] ||= 'Geo::RepositoryVerification::Primary::BatchWorker' + Settings.cron_jobs['geo_repository_verification_secondary_scheduler_worker'] ||= Settingslogic.new({}) + Settings.cron_jobs['geo_repository_verification_secondary_scheduler_worker']['cron'] ||= '*/1 * * * *' + Settings.cron_jobs['geo_repository_verification_secondary_scheduler_worker']['job_class'] ||= 'Geo::RepositoryVerification::Secondary::SchedulerWorker' + Settings.cron_jobs['historical_data_worker'] ||= Settingslogic.new({}) + Settings.cron_jobs['historical_data_worker']['cron'] ||= '0 12 * * *' + Settings.cron_jobs['historical_data_worker']['job_class'] = 'HistoricalDataWorker' + Settings.cron_jobs['ldap_group_sync_worker'] ||= Settingslogic.new({}) + Settings.cron_jobs['ldap_group_sync_worker']['cron'] ||= '0 * * * *' + Settings.cron_jobs['ldap_group_sync_worker']['job_class'] = 'LdapAllGroupsSyncWorker' + Settings.cron_jobs['ldap_sync_worker'] ||= Settingslogic.new({}) + Settings.cron_jobs['ldap_sync_worker']['cron'] ||= '30 1 * * *' + Settings.cron_jobs['ldap_sync_worker']['job_class'] = 'LdapSyncWorker' + Settings.cron_jobs['pseudonymizer_worker'] ||= Settingslogic.new({}) + Settings.cron_jobs['pseudonymizer_worker']['cron'] ||= '0 23 * * *' + Settings.cron_jobs['pseudonymizer_worker']['job_class'] ||= 'PseudonymizerWorker' + Settings.cron_jobs['update_max_seats_used_for_gitlab_com_subscriptions_worker'] ||= Settingslogic.new({}) + Settings.cron_jobs['update_max_seats_used_for_gitlab_com_subscriptions_worker']['cron'] ||= '0 12 * * *' + Settings.cron_jobs['update_max_seats_used_for_gitlab_com_subscriptions_worker']['job_class'] = 'UpdateMaxSeatsUsedForGitlabComSubscriptionsWorker' +end + # # Sidekiq # @@ -444,6 +563,16 @@ Settings.backup['upload']['encryption_key'] ||= ENV['GITLAB_BACKUP_ENCRYPTION_KE Settings.backup['upload']['storage_class'] ||= nil # +# Pseudonymizer +# +Gitlab.ee do + Settings['pseudonymizer'] ||= Settingslogic.new({}) + Settings.pseudonymizer['manifest'] = Settings.absolute(Settings.pseudonymizer['manifest'] || Rails.root.join("config/pseudonymizer.yml")) + Settings.pseudonymizer['upload'] ||= Settingslogic.new({ 'remote_directory' => nil, 'connection' => nil }) + # Settings.pseudonymizer['upload']['multipart_chunk_size'] ||= 104857600 +end + +# # Git # Settings['git'] ||= Settingslogic.new({}) @@ -456,6 +585,23 @@ Settings['satellites'] ||= Settingslogic.new({}) Settings.satellites['path'] = Settings.absolute(Settings.satellites['path'] || "tmp/repo_satellites/") # +# Kerberos +# +Gitlab.ee do + Settings['kerberos'] ||= Settingslogic.new({}) + Settings.kerberos['enabled'] = false if Settings.kerberos['enabled'].nil? + Settings.kerberos['keytab'] = nil if Settings.kerberos['keytab'].blank? # nil means use default keytab + Settings.kerberos['service_principal_name'] = nil if Settings.kerberos['service_principal_name'].blank? # nil means any SPN in keytab + Settings.kerberos['use_dedicated_port'] = false if Settings.kerberos['use_dedicated_port'].nil? + Settings.kerberos['https'] = Settings.gitlab.https if Settings.kerberos['https'].nil? + Settings.kerberos['port'] ||= Settings.kerberos.https ? 8443 : 8088 + + if Settings.kerberos['enabled'] && !Settings.omniauth.providers.map(&:name).include?('kerberos_spnego') + Settings.omniauth.providers << Settingslogic.new({ 'name' => 'kerberos_spnego' }) + end +end + +# # Extra customization # Settings['extra'] ||= Settingslogic.new({}) diff --git a/config/initializers/6_validations.rb b/config/initializers/6_validations.rb index bf9e5a50382..827b15e5c8d 100644 --- a/config/initializers/6_validations.rb +++ b/config/initializers/6_validations.rb @@ -1,24 +1,15 @@ -def storage_name_valid?(name) - !!(name =~ /\A[a-zA-Z0-9\-_]+\z/) -end - def storage_validation_error(message) raise "#{message}. Please fix this in your gitlab.yml before starting GitLab." end def validate_storages_config - storage_validation_error('No repository storage path defined') if Gitlab.config.repositories.storages.empty? - - Gitlab.config.repositories.storages.each do |name, repository_storage| - storage_validation_error("\"#{name}\" is not a valid storage name") unless storage_name_valid?(name) - - %w(failure_count_threshold failure_reset_time storage_timeout).each do |setting| - # Falling back to the defaults is fine! - next if repository_storage[setting].nil? + if Gitlab.config.repositories.storages.empty? + storage_validation_error('No repository storage path defined') + end - unless repository_storage[setting].to_f > 0 - storage_validation_error("`#{setting}` for storage `#{name}` needs to be greater than 0") - end + Gitlab.config.repositories.storages.keys.each do |name| + unless /\A[a-zA-Z0-9\-_]+\z/.match?(name) + storage_validation_error("\"#{name}\" is not a valid storage name") end end end diff --git a/config/initializers/7_prometheus_metrics.rb b/config/initializers/7_prometheus_metrics.rb index 4da683014d4..54cdefc2a10 100644 --- a/config/initializers/7_prometheus_metrics.rb +++ b/config/initializers/7_prometheus_metrics.rb @@ -19,6 +19,12 @@ Gitlab::Application.configure do |config| config.middleware.insert(1, Gitlab::Metrics::RequestsRackMiddleware) end +Sidekiq.configure_server do |config| + config.on(:startup) do + Gitlab::Metrics::SidekiqMetricsExporter.instance.start + end +end + if !Rails.env.test? && Gitlab::Metrics.prometheus_metrics_enabled? Gitlab::Cluster::LifecycleEvents.on_worker_start do defined?(::Prometheus::Client.reinitialize_on_pid_change) && Prometheus::Client.reinitialize_on_pid_change @@ -37,14 +43,21 @@ if !Rails.env.test? && Gitlab::Metrics.prometheus_metrics_enabled? end end -Gitlab::Cluster::LifecycleEvents.on_master_restart do +def cleanup_prometheus_multiproc_dir # The following is necessary to ensure stale Prometheus metrics don't # accumulate over time. It needs to be done in this hook as opposed to # inside an init script to ensure metrics files aren't deleted after new # unicorn workers start after a SIGUSR2 is received. - prometheus_multiproc_dir = ENV['prometheus_multiproc_dir'] - if prometheus_multiproc_dir - old_metrics = Dir[File.join(prometheus_multiproc_dir, '*.db')] + if dir = ::Prometheus::Client.configuration.multiprocess_files_dir + old_metrics = Dir[File.join(dir, '*.db')] FileUtils.rm_rf(old_metrics) end end + +Gitlab::Cluster::LifecycleEvents.on_master_start do + cleanup_prometheus_multiproc_dir +end + +Gitlab::Cluster::LifecycleEvents.on_master_restart do + cleanup_prometheus_multiproc_dir +end diff --git a/config/initializers/forbid_sidekiq_in_transactions.rb b/config/initializers/forbid_sidekiq_in_transactions.rb index deb94d7dbce..a69f1ba090e 100644 --- a/config/initializers/forbid_sidekiq_in_transactions.rb +++ b/config/initializers/forbid_sidekiq_in_transactions.rb @@ -17,7 +17,7 @@ module Sidekiq module NoEnqueueingFromTransactions %i(perform_async perform_at perform_in).each do |name| define_method(name) do |*args| - if !Sidekiq::Worker.skip_transaction_check && AfterCommitQueue.inside_transaction? + if !Sidekiq::Worker.skip_transaction_check && Gitlab::Database.inside_transaction? begin raise Sidekiq::Worker::EnqueueFromTransactionError, <<~MSG `#{self}.#{name}` cannot be called inside a transaction as this can lead to diff --git a/config/initializers/jira.rb b/config/initializers/jira.rb index 05f784a6a2a..664f9c87808 100644 --- a/config/initializers/jira.rb +++ b/config/initializers/jira.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -# Changes JIRA DVCS user agent requests in order to be successfully handled +# Changes Jira DVCS user agent requests in order to be successfully handled # by our API. # # Gitlab::Jira::Middleware is only defined on EE diff --git a/config/initializers/rack_timeout.rb b/config/initializers/rack_timeout.rb index 5c4f2dd708c..58f46b55725 100644 --- a/config/initializers/rack_timeout.rb +++ b/config/initializers/rack_timeout.rb @@ -18,6 +18,6 @@ if defined?(::Puma) && !Rails.env.test? wait_timeout: 90) end - observer = Gitlab::RackTimeoutObserver.new + observer = Gitlab::Cluster::RackTimeoutObserver.new Rack::Timeout.register_state_change_observer(:gitlab_rack_timeout, &observer.callback) end diff --git a/config/initializers/sentry.rb b/config/initializers/sentry.rb index e5589ce0ad1..fcc6bfa5c92 100644 --- a/config/initializers/sentry.rb +++ b/config/initializers/sentry.rb @@ -3,18 +3,11 @@ require 'gitlab/current_settings' def configure_sentry - # allow it to fail: it may do so when create_from_defaults is executed before migrations are actually done - begin - sentry_enabled = Gitlab::CurrentSettings.current_application_settings.sentry_enabled - rescue - sentry_enabled = false - end - - if sentry_enabled + if Gitlab::Sentry.enabled? Raven.configure do |config| - config.dsn = Gitlab::CurrentSettings.current_application_settings.sentry_dsn + config.dsn = Gitlab.config.sentry.dsn config.release = Gitlab.revision - config.current_environment = Gitlab.config.sentry.environment.presence + config.current_environment = Gitlab.config.sentry.environment # Sanitize fields based on those sanitized from Rails. config.sanitize_fields = Rails.application.config.filter_parameters.map(&:to_s) diff --git a/config/initializers/transaction_metrics.rb b/config/initializers/transaction_metrics.rb new file mode 100644 index 00000000000..0175d487e66 --- /dev/null +++ b/config/initializers/transaction_metrics.rb @@ -0,0 +1,3 @@ +# frozen_string_literal: true + +Gitlab::Database.install_monkey_patches diff --git a/config/locales/doorkeeper.en.yml b/config/locales/doorkeeper.en.yml index 23bbc9f4035..a8234263275 100644 --- a/config/locales/doorkeeper.en.yml +++ b/config/locales/doorkeeper.en.yml @@ -73,7 +73,7 @@ en: read_user: Grants read-only access to the authenticated user's profile through the /user API endpoint, which includes username, public email, and full name. Also grants access to read-only API endpoints under /users. read_repository: - Grants read-only access to repositories on private projects using Git-over-HTTP (not using the API). + Grants read-only access to repositories on private projects using Git-over-HTTP or the Repository Files API. write_repository: Grants read-write access to repositories on private projects using Git-over-HTTP (not using the API). read_registry: diff --git a/config/prometheus/common_metrics.yml b/config/prometheus/common_metrics.yml index 3c67ca36791..f9ce5a6f365 100644 --- a/config/prometheus/common_metrics.yml +++ b/config/prometheus/common_metrics.yml @@ -171,7 +171,7 @@ panel_groups: weight: 2 metrics: - id: system_metrics_kubernetes_container_memory_average - query_range: 'avg(sum(container_memory_usage_bytes{container_name!="POD",pod_name=~"^%{ci_environment_slug}-(.*)",namespace="%{kube_namespace}"}) by (job)) without (job) / count(avg(container_memory_usage_bytes{container_name!="POD",pod_name=~"^%{ci_environment_slug}-(.*)",namespace="%{kube_namespace}"}) without (job)) /1024/1024' + query_range: 'avg(sum(container_memory_usage_bytes{container_name!="POD",pod_name=~"^%{ci_environment_slug}-([^c].*|c([^a]|a([^n]|n([^a]|a([^r]|r[^y])))).*|)-(.*)",namespace="%{kube_namespace}"}) by (job)) without (job) / count(avg(container_memory_usage_bytes{container_name!="POD",pod_name=~"^%{ci_environment_slug}-([^c].*|c([^a]|a([^n]|n([^a]|a([^r]|r[^y])))).*|)-(.*)",namespace="%{kube_namespace}"}) without (job)) /1024/1024' label: Pod average unit: MB - title: "Canary: Memory Usage (Pod Average)" @@ -190,7 +190,7 @@ panel_groups: weight: 1 metrics: - id: system_metrics_kubernetes_container_core_usage - query_range: 'avg(sum(rate(container_cpu_usage_seconds_total{container_name!="POD",pod_name=~"^%{ci_environment_slug}-(.*)",namespace="%{kube_namespace}"}[15m])) by (job)) without (job) / count(sum(rate(container_cpu_usage_seconds_total{container_name!="POD",pod_name=~"^%{ci_environment_slug}-(.*)",namespace="%{kube_namespace}"}[15m])) by (pod_name))' + query_range: 'avg(sum(rate(container_cpu_usage_seconds_total{container_name!="POD",pod_name=~"^%{ci_environment_slug}-([^c].*|c([^a]|a([^n]|n([^a]|a([^r]|r[^y])))).*|)-(.*)",namespace="%{kube_namespace}"}[15m])) by (job)) without (job) / count(sum(rate(container_cpu_usage_seconds_total{container_name!="POD",pod_name=~"^%{ci_environment_slug}-([^c].*|c([^a]|a([^n]|n([^a]|a([^r]|r[^y])))).*|)-(.*)",namespace="%{kube_namespace}"}[15m])) by (pod_name))' label: Pod average unit: "cores" - title: "Canary: Core Usage (Pod Average)" diff --git a/config/routes.rb b/config/routes.rb index cb90a0134c4..a42fc037227 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -27,10 +27,16 @@ Rails.application.routes.draw do authorizations: 'oauth/authorizations' end - # This is here so we can "reserve" the path for the Jira integration in GitLab EE - # Having a non-existent controller here does not affect the scope in any way since all possible routes - # get a 404 proc returned. It is written in this way to minimize merge conflicts with EE + # This prefixless path is required because Jira gets confused if we set it up with a path + # More information: https://gitlab.com/gitlab-org/gitlab-ee/issues/6752 scope path: '/login/oauth', controller: 'oauth/jira/authorizations', as: :oauth_jira do + Gitlab.ee do + get :authorize, action: :new + get :callback + post :access_token + end + + # This helps minimize merge conflicts with CE for this scope block match '*all', via: [:get, :post], to: proc { [404, {}, ['']] } end @@ -45,6 +51,10 @@ Rails.application.routes.draw do get '/autocomplete/award_emojis' => 'autocomplete#award_emojis' get '/autocomplete/merge_request_target_branches' => 'autocomplete#merge_request_target_branches' + Gitlab.ee do + get '/autocomplete/project_groups' => 'autocomplete#project_groups' + end + # Search get 'search' => 'search#show' get 'search/autocomplete' => 'search#autocomplete', as: :search_autocomplete @@ -73,6 +83,11 @@ Rails.application.routes.draw do end resources :issues, module: :boards, only: [:index, :update] + + Gitlab.ee do + resources :users, module: :boards, only: [:index] + resources :milestones, module: :boards, only: [:index] + end end get 'acme-challenge/' => 'acme_challenges#show' @@ -86,6 +101,11 @@ Rails.application.routes.draw do draw :operations draw :instance_statistics + Gitlab.ee do + draw :smartcard + draw :jira_connect + end + if ENV['GITLAB_ENABLE_CHAOS_ENDPOINTS'] get '/chaos/leakmem' => 'chaos#leakmem' get '/chaos/cpuspin' => 'chaos#cpuspin' @@ -102,6 +122,10 @@ Rails.application.routes.draw do end member do + Gitlab.ee do + get :metrics, format: :json + end + scope :applications do post '/:application', to: 'clusters/applications#create', as: :install_applications patch '/:application', to: 'clusters/applications#update', as: :update_applications diff --git a/config/routes/admin.rb b/config/routes/admin.rb index ae79beb1dba..f609739d9fd 100644 --- a/config/routes/admin.rb +++ b/config/routes/admin.rb @@ -110,7 +110,7 @@ namespace :admin do put :reset_registration_token put :reset_health_check_token put :clear_repository_check_states - get :integrations, :repository, :templates, :ci_cd, :reporting, :metrics_and_profiling, :network, :geo, :preferences + match :integrations, :repository, :templates, :ci_cd, :reporting, :metrics_and_profiling, :network, :geo, :preferences, via: [:get, :patch] get :lets_encrypt_terms_of_service end diff --git a/config/routes/api.rb b/config/routes/api.rb index 3719b7d3a1e..3ba9176d943 100644 --- a/config/routes/api.rb +++ b/config/routes/api.rb @@ -3,5 +3,5 @@ constraints(::Constraints::FeatureConstrainer.new(:graphql, default_enabled: tru mount GraphiQL::Rails::Engine, at: '/-/graphql-explorer', graphql_path: '/api/graphql' end -API::API.logger Rails.logger -mount API::API => '/' +::API::API.logger Rails.logger +mount ::API::API => '/' diff --git a/config/routes/group.rb b/config/routes/group.rb index b300fcb757f..2cf9eb82447 100644 --- a/config/routes/group.rb +++ b/config/routes/group.rb @@ -88,12 +88,4 @@ constraints(::Constraints::GroupUrlConstrainer.new) do put '/', action: :update delete '/', action: :destroy end - - # Legacy paths should be defined last, so they would be ignored if routes with - # one of the previously reserved words exist. - scope(path: 'groups/*group_id') do - Gitlab::Routing.redirect_legacy_paths(self, :labels, :milestones, :group_members, - :edit, :issues, :merge_requests, :projects, - :activity) - end end diff --git a/config/routes/profile.rb b/config/routes/profile.rb index 0e213b0b989..83a2b33514b 100644 --- a/config/routes/profile.rb +++ b/config/routes/profile.rb @@ -40,6 +40,15 @@ resource :profile, only: [:show, :update] do put :resend_confirmation_instructions end end + + Gitlab.ee do + resource :slack, only: [:edit] do + member do + get :slack_link + end + end + end + resources :chat_names, only: [:index, :new, :create, :destroy] do collection do delete :deny @@ -63,5 +72,10 @@ resource :profile, only: [:show, :update] do end resources :u2f_registrations, only: [:destroy] + + Gitlab.ee do + resources :pipeline_quota, only: [:index] + resources :billings, only: [:index] + end end end diff --git a/config/routes/project.rb b/config/routes/project.rb index a1e769f6ca3..91613e3333f 100644 --- a/config/routes/project.rb +++ b/config/routes/project.rb @@ -79,12 +79,22 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do resource :operations, only: [:show, :update] resource :integrations, only: [:show] + Gitlab.ee do + resource :slack, only: [:destroy, :edit, :update] do + get :slack_auth + end + end + resource :repository, only: [:show], controller: :repository do post :create_deploy_token, path: 'deploy_token/create' post :cleanup end end + Gitlab.ee do + resources :feature_flags + end + resources :autocomplete_sources, only: [] do collection do get 'members' @@ -155,7 +165,11 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do end end - resources :boards, only: [:index, :show], constraints: { id: /\d+/ } + resources :boards, only: [:index, :show, :create, :update, :destroy], constraints: { id: /\d+/ } do + collection do + get :recent + end + end resources :releases, only: [:index] resources :forks, only: [:index, :new, :create] resources :group_links, only: [:index, :create, :update, :destroy], constraints: { id: /\d+/ } @@ -199,8 +213,18 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do resource :mattermost, only: [:new, :create] namespace :prometheus do - resources :metrics, constraints: { id: %r{[^\/]+} }, only: [] do + resources :metrics, constraints: { id: %r{[^\/]+} }, only: [:index, :new, :create, :edit, :update, :destroy] do get :active_common, on: :collection + + Gitlab.ee do + post :validate_query, on: :collection + end + end + + Gitlab.ee do + resources :alerts, constraints: { id: /\d+/ }, only: [:index, :create, :show, :update, :destroy] do + post :notify, on: :collection + end end end @@ -212,6 +236,15 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do get :pipeline_status get :ci_environments_status post :toggle_subscription + + Gitlab.ee do + get :approvals + post :approvals, action: :approve + delete :approvals, action: :unapprove + + post :rebase + end + post :remove_wip post :assign_related_issues get :discussions, format: :json @@ -228,6 +261,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do get :commits get :pipelines get :diffs, to: 'merge_requests/diffs#show' + get :widget, to: 'merge_requests/content#widget' end get :diff_for_path, controller: 'merge_requests/diffs' @@ -244,6 +278,21 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do post :bulk_update end + Gitlab.ee do + resources :approvers, only: :destroy + delete 'approvers', to: 'approvers#destroy_via_user_id', as: :approver_via_user_id + resources :approver_groups, only: :destroy + + scope module: :merge_requests do + resources :drafts, only: [:index, :update, :create, :destroy] do + collection do + post :publish + delete :discard + end + end + end + end + resources :discussions, only: [:show], constraints: { id: /\h{40}/ } do member do post :resolve @@ -274,6 +323,17 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do end end + Gitlab.ee do + resources :path_locks, only: [:index, :destroy] do + collection do + post :toggle + end + end + + get '/service_desk' => 'service_desk#show', as: :service_desk + put '/service_desk' => 'service_desk#update', as: :service_desk_refresh + end + resource :variables, only: [:show, :update] resources :triggers, only: [:index, :create, :edit, :update, :destroy] do @@ -289,6 +349,10 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do end end + Gitlab.ee do + resources :push_rules, constraints: { id: /\d+/ }, only: [:update] + end + resources :pipelines, only: [:index, :new, :create, :show] do collection do resource :pipelines_settings, path: 'settings', only: [:show, :update] @@ -303,6 +367,11 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do get :builds get :failures get :status + + Gitlab.ee do + get :security + get :licenses + end end member do @@ -331,6 +400,10 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do get '/terminal.ws/authorize', to: 'environments#terminal_websocket_authorize', constraints: { format: nil } get '/prometheus/api/v1/*proxy_path', to: 'environments/prometheus_api#proxy', as: :prometheus_api + + Gitlab.ee do + get :logs + end end collection do @@ -347,6 +420,14 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do end end + Gitlab.ee do + resources :protected_environments, only: [:create, :update, :destroy], constraints: { id: /\d+/ } do + collection do + get 'search' + end + end + end + resource :cycle_analytics, only: [:show] namespace :cycle_analytics do @@ -399,6 +480,14 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do end end + Gitlab.ee do + namespace :security do + resource :dashboard, only: [:show], controller: :dashboard + end + + resources :vulnerability_feedback, only: [:index, :create, :update, :destroy], constraints: { id: /\d+/ } + end + get :issues, to: 'issues#calendar', constraints: lambda { |req| req.format == :ics } resources :issues, concerns: :awardable, constraints: { id: /\d+/ } do @@ -406,6 +495,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do post :toggle_subscription post :mark_as_spam post :move + put :reorder get :related_branches get :can_create_branch get :realtime_changes @@ -416,6 +506,15 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do collection do post :bulk_update post :import_csv + + Gitlab.ee do + post :export_csv + get :service_desk + end + end + + Gitlab.ee do + resources :issue_links, only: [:index, :create, :destroy], as: 'links', path: 'links' end end @@ -450,6 +549,11 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do end end + Gitlab.ee do + resources :approvers, only: :destroy + resources :approver_groups, only: :destroy + end + resources :runner_projects, only: [:create, :destroy] resources :badges, only: [:index] do collection do @@ -464,6 +568,10 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do end end + Gitlab.ee do + resources :audit_events, only: [:index] + end + resources :error_tracking, only: [:index], controller: :error_tracking do collection do post :list_projects @@ -474,6 +582,10 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do # its preferable to keep it below all other project routes draw :wiki draw :repository + + Gitlab.ee do + resources :managed_licenses, only: [:index, :show, :new, :create, :edit, :update, :destroy] + end end resources(:projects, diff --git a/config/routes/repository.rb b/config/routes/repository.rb index b96315bfe8b..b89e1c7f9af 100644 --- a/config/routes/repository.rb +++ b/config/routes/repository.rb @@ -52,13 +52,16 @@ scope format: false do end get '/branches/:state', to: 'branches#index', as: :branches_filtered, constraints: { state: /active|stale|all/ } - resources :branches, only: [:index, :new, :create, :destroy] + resources :branches, only: [:index, :new, :create, :destroy] do + get :diverging_commit_counts, on: :collection + end + delete :merged_branches, controller: 'branches', action: :destroy_all_merged resources :tags, only: [:index, :show, :new, :create, :destroy] do resource :release, controller: 'tags/releases', only: [:edit, :update] end - resources :protected_branches, only: [:index, :show, :create, :update, :destroy] + resources :protected_branches, only: [:index, :show, :create, :update, :destroy, :patch], constraints: { id: Gitlab::PathRegex.git_reference_regex } resources :protected_tags, only: [:index, :show, :create, :update, :destroy] end diff --git a/config/routes/snippets.rb b/config/routes/snippets.rb index 81bc890d86b..ba6da3ac57e 100644 --- a/config/routes/snippets.rb +++ b/config/routes/snippets.rb @@ -17,5 +17,5 @@ resources :snippets, concerns: :awardable do end end -get '/s/:username', to: redirect('u/%{username}/snippets'), +get '/s/:username', to: redirect('users/%{username}/snippets'), constraints: { username: /[a-zA-Z.0-9_\-]+(?<!\.atom)/ } diff --git a/config/routes/user.rb b/config/routes/user.rb index e0ae264e2c0..80f266aa8f9 100644 --- a/config/routes/user.rb +++ b/config/routes/user.rb @@ -1,3 +1,8 @@ +Gitlab.ee do + get 'unsubscribes/:email', to: 'unsubscribes#show', as: :unsubscribe + post 'unsubscribes/:email', to: 'unsubscribes#create' +end + # Allows individual providers to be directed to a chosen controller # Call from inside devise_scope def override_omniauth(provider, controller, path_prefix = '/users/auth') @@ -25,6 +30,17 @@ devise_for :users, controllers: { omniauth_callbacks: :omniauth_callbacks, devise_scope :user do get '/users/auth/:provider/omniauth_error' => 'omniauth_callbacks#omniauth_error', as: :omniauth_error get '/users/almost_there' => 'confirmations#almost_there' + + Gitlab.ee do + get '/users/auth/kerberos_spnego/negotiate' => 'omniauth_kerberos_spnego#negotiate' + end +end + +scope '-/users', module: :users do + resources :terms, only: [:index] do + post :accept, on: :member + post :decline, on: :member + end end scope '-/users', module: :users do @@ -48,15 +64,6 @@ scope(constraints: { username: Gitlab::PathRegex.root_namespace_route_regex }) d get :activity get '/', to: redirect('%{username}'), as: nil end - - # Compatibility with old routing - # TODO (dzaporozhets): remove in 10.0 - get '/u/:username', to: redirect('%{username}') - # TODO (dzaporozhets): remove in 9.0 - get '/u/:username/groups', to: redirect('users/%{username}/groups') - get '/u/:username/projects', to: redirect('users/%{username}/projects') - get '/u/:username/snippets', to: redirect('users/%{username}/snippets') - get '/u/:username/contributed', to: redirect('users/%{username}/contributed') end constraints(::Constraints::UserUrlConstrainer.new) do diff --git a/config/settings.rb b/config/settings.rb index 1b94df785a7..6df2132332c 100644 --- a/config/settings.rb +++ b/config/settings.rb @@ -1,5 +1,11 @@ require 'settingslogic' +# We can not use `Rails.root` here, as this file might be loaded without the +# full Rails environment being loaded. We can not use `require_relative` either, +# as Rails uses `load` for `require_dependency` (used when loading the Rails +# environment). This could then lead to this file being loaded twice. +require_dependency File.expand_path('../lib/gitlab', __dir__) + class Settings < Settingslogic source ENV.fetch('GITLAB_CONFIG') { Pathname.new(File.expand_path('..', __dir__)).join('config/gitlab.yml') } namespace ENV.fetch('GITLAB_ENV') { Rails.env } diff --git a/config/sidekiq_queues.yml b/config/sidekiq_queues.yml index fd9ce4d3374..25fd65d8644 100644 --- a/config/sidekiq_queues.yml +++ b/config/sidekiq_queues.yml @@ -72,6 +72,7 @@ - [project_rollback_hashed_storage, 1] - [hashed_storage, 1] - [pages_domain_verification, 1] + - [pages_domain_ssl_renewal, 1] - [object_storage_upload, 1] - [object_storage, 1] - [plugin, 1] @@ -93,3 +94,20 @@ - [migrate_external_diffs, 1] - [update_project_statistics, 1] - [phabricator_import_import_tasks, 1] + + # EE-specific queues + - [ldap_group_sync, 2] + - [create_github_webhook, 2] + - [geo, 1] + - [repository_update_mirror, 1] + - [new_epic, 2] + - [project_import_schedule, 1] + - [project_update_repository_storage, 1] + - [admin_emails, 1] + - [elastic_batch_project_indexer, 1] + - [elastic_indexer, 1] + - [elastic_full_index, 1] + - [elastic_commit_indexer, 1] + - [elastic_namespace_indexer, 1] + - [export_csv, 1] + - [incident_management, 2] diff --git a/config/unicorn.rb.example b/config/unicorn.rb.example index 4637eb8bc6e..581fde84c95 100644 --- a/config/unicorn.rb.example +++ b/config/unicorn.rb.example @@ -88,9 +88,21 @@ before_exec do |server| Gitlab::Cluster::LifecycleEvents.do_master_restart end +run_once = true + before_fork do |server, worker| - # Signal application hooks that we're about to fork - Gitlab::Cluster::LifecycleEvents.do_before_fork + if run_once + # There is a difference between Puma and Unicorn: + # - Puma calls before_fork once when booting up master process + # - Unicorn runs before_fork whenever new work is spawned + # To unify this behavior we call before_fork only once (we use + # this callback for deleting Prometheus files so for our purposes + # it makes sense to align behavior with Puma) + run_once = false + + # Signal application hooks that we're about to fork + Gitlab::Cluster::LifecycleEvents.do_before_fork + end # The following is only recommended for memory/DB-constrained # installations. It is not needed if your system can house diff --git a/config/unicorn.rb.example.development b/config/unicorn.rb.example.development index ae3dc2e37e1..9a02d5f1007 100644 --- a/config/unicorn.rb.example.development +++ b/config/unicorn.rb.example.development @@ -21,9 +21,21 @@ before_exec do |server| Gitlab::Cluster::LifecycleEvents.do_master_restart end +run_once = true + before_fork do |server, worker| - # Signal application hooks that we're about to fork - Gitlab::Cluster::LifecycleEvents.do_before_fork + if run_once + # There is a difference between Puma and Unicorn: + # - Puma calls before_fork once when booting up master process + # - Unicorn runs before_fork whenever new work is spawned + # To unify this behavior we call before_fork only once (we use + # this callback for deleting Prometheus files so for our purposes + # it makes sense to align behavior with Puma) + run_once = false + + # Signal application hooks that we're about to fork + Gitlab::Cluster::LifecycleEvents.do_before_fork + end # The following is only recommended for memory/DB-constrained # installations. It is not needed if your system can house |