diff options
Diffstat (limited to 'config')
35 files changed, 261 insertions, 93 deletions
diff --git a/config/application.rb b/config/application.rb index d8f02277527..524827226e7 100644 --- a/config/application.rb +++ b/config/application.rb @@ -25,6 +25,7 @@ module Gitlab require_dependency Rails.root.join('lib/gitlab/middleware/read_only') require_dependency Rails.root.join('lib/gitlab/middleware/basic_health_check') require_dependency Rails.root.join('lib/gitlab/middleware/same_site_cookies') + require_dependency Rails.root.join('lib/gitlab/middleware/handle_ip_spoof_attack_error') require_dependency Rails.root.join('lib/gitlab/runtime') # Settings in config/environments/* take precedence over those specified here. @@ -163,6 +164,8 @@ module Gitlab config.assets.paths << Gemojione.images_path config.assets.paths << "#{config.root}/vendor/assets/fonts" + config.assets.precompile << "application_dark.css" + config.assets.precompile << "print.css" config.assets.precompile << "mailer.css" config.assets.precompile << "mailer_client_specific.css" @@ -235,6 +238,8 @@ module Gitlab config.middleware.insert_before ActionDispatch::Cookies, ::Gitlab::Middleware::SameSiteCookies + config.middleware.insert_before ActionDispatch::RemoteIp, ::Gitlab::Middleware::HandleIpSpoofAttackError + # Allow access to GitLab API from other domains config.middleware.insert_before Warden::Manager, Rack::Cors do headers_to_expose = %w[Link X-Total X-Total-Pages X-Per-Page X-Page X-Next-Page X-Prev-Page X-Gitlab-Blob-Id X-Gitlab-Commit-Id X-Gitlab-Content-Sha256 X-Gitlab-Encoding X-Gitlab-File-Name X-Gitlab-File-Path X-Gitlab-Last-Commit-Id X-Gitlab-Ref X-Gitlab-Size] @@ -298,7 +303,10 @@ module Gitlab end config.after_initialize do - Rails.application.reload_routes! + # Devise (see initializers/8_devise.rb) already reloads routes if + # eager loading is enabled, so don't do this twice since it's + # expensive. + Rails.application.reload_routes! unless config.eager_load project_url_helpers = Module.new do extend ActiveSupport::Concern @@ -316,7 +324,7 @@ module Gitlab # conflict with the methods defined in `project_url_helpers`, and we want # these methods available in the same places. Gitlab::Routing.add_helpers(project_url_helpers) - Gitlab::Routing.add_helpers(MilestonesRoutingHelper) + Gitlab::Routing.add_helpers(TimeboxesRoutingHelper) end end end diff --git a/config/dependency_decisions.yml b/config/dependency_decisions.yml index 84db15d6535..ff5ccbb3c1b 100644 --- a/config/dependency_decisions.yml +++ b/config/dependency_decisions.yml @@ -626,3 +626,9 @@ :why: :versions: [] :when: 2019-11-08 10:03:31.787226000 Z +- - :whitelist + - CC0-1.0 + - :who: Thomas Randolph + :why: This license is public domain + :versions: [] + :when: 2020-06-03 05:04:44.632875345 Z diff --git a/config/feature_categories.yml b/config/feature_categories.yml index 010d3d14fcb..7cbc90497a4 100644 --- a/config/feature_categories.yml +++ b/config/feature_categories.yml @@ -43,6 +43,7 @@ - digital_experience_management - disaster_recovery - dynamic_application_security_testing +- editor_extension - epics - error_tracking - feature_flags @@ -52,6 +53,7 @@ - geo_replication - git_lfs - gitaly +- gitlab_docs - gitlab_handbook - gitter - global_search @@ -82,6 +84,7 @@ - pages - pki_management - planning_analytics +- product_analytics - quality_management - release_evidence - release_orchestration @@ -100,7 +103,6 @@ - source_code_management - static_application_security_testing - static_site_editor -- status_page - subgroups - templates - time_tracking diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example index 9a2e470f852..bd328d9919a 100644 --- a/config/gitlab.yml.example +++ b/config/gitlab.yml.example @@ -469,6 +469,11 @@ production: &base geo_file_download_dispatch_worker: cron: "*/1 * * * *" + # GitLab Geo registry sync worker (for backfilling) + # NOTE: This will only take effect if Geo is enabled (secondary nodes only) + geo_registry_sync_worker: + cron: "*/1 * * * *" + # GitLab Geo migrated local files clean up worker # NOTE: This will only take effect if Geo is enabled (secondary nodes only) geo_migrated_local_files_clean_up_worker: @@ -482,6 +487,11 @@ production: &base # NOTE: This will only take effect if elasticsearch is enabled. elastic_index_bulk_cron_worker: cron: "*/1 * * * *" + + # Elasticsearch bulk updater for initial updates. + # NOTE: This will only take effect if elasticsearch is enabled. + elastic_index_initial_bulk_cron_worker: + cron: "*/1 * * * *" registry: # enabled: true @@ -1078,8 +1088,6 @@ production: &base monitoring: # Time between sampling of unicorn socket metrics, in seconds # unicorn_sampler_interval: 10 - # Time between sampling of Puma metrics, in seconds - # puma_sampler_interval: 5 # IP whitelist to access monitoring endpoints ip_whitelist: - 127.0.0.0/8 diff --git a/config/initializers/01_secret_token.rb b/config/initializers/01_secret_token.rb index e3fefeab81c..8b96727a2a1 100644 --- a/config/initializers/01_secret_token.rb +++ b/config/initializers/01_secret_token.rb @@ -61,6 +61,8 @@ def generate_new_rsa_private_key end def warn_missing_secret(secret) + return if Rails.env.test? + warn "Missing Rails.application.secrets.#{secret} for #{Rails.env} environment. The secret will be generated and stored in config/secrets.yml." end diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb index c0cd491547a..9d9f24183d5 100644 --- a/config/initializers/1_settings.rb +++ b/config/initializers/1_settings.rb @@ -451,9 +451,12 @@ Settings.cron_jobs['trending_projects_worker']['job_class'] = 'TrendingProjectsW Settings.cron_jobs['remove_unreferenced_lfs_objects_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['remove_unreferenced_lfs_objects_worker']['cron'] ||= '20 0 * * *' Settings.cron_jobs['remove_unreferenced_lfs_objects_worker']['job_class'] = 'RemoveUnreferencedLfsObjectsWorker' -Settings.cron_jobs['stuck_import_jobs_worker'] ||= Settingslogic.new({}) -Settings.cron_jobs['stuck_import_jobs_worker']['cron'] ||= '15 * * * *' -Settings.cron_jobs['stuck_import_jobs_worker']['job_class'] = 'StuckImportJobsWorker' +Settings.cron_jobs['import_stuck_project_import_jobs'] ||= Settingslogic.new({}) +Settings.cron_jobs['import_stuck_project_import_jobs']['cron'] ||= '15 * * * *' +Settings.cron_jobs['import_stuck_project_import_jobs']['job_class'] = 'Gitlab::Import::StuckProjectImportJobsWorker' +Settings.cron_jobs['jira_import_stuck_jira_import_jobs'] ||= Settingslogic.new({}) +Settings.cron_jobs['jira_import_stuck_jira_import_jobs']['cron'] ||= '* 0/15 * * *' +Settings.cron_jobs['jira_import_stuck_jira_import_jobs']['job_class'] = 'Gitlab::JiraImport::StuckJiraImportJobsWorker' Settings.cron_jobs['stuck_export_jobs_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['stuck_export_jobs_worker']['cron'] ||= '30 * * * *' Settings.cron_jobs['stuck_export_jobs_worker']['job_class'] = 'StuckExportJobsWorker' @@ -478,6 +481,9 @@ Settings.cron_jobs['issue_due_scheduler_worker']['job_class'] = 'IssueDueSchedul Settings.cron_jobs['prune_web_hook_logs_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['prune_web_hook_logs_worker']['cron'] ||= '0 */1 * * *' Settings.cron_jobs['prune_web_hook_logs_worker']['job_class'] = 'PruneWebHookLogsWorker' +Settings.cron_jobs['metrics_dashboard_schedule_annotations_prune_worker'] ||= Settingslogic.new({}) +Settings.cron_jobs['metrics_dashboard_schedule_annotations_prune_worker']['cron'] ||= '0 1 * * *' +Settings.cron_jobs['metrics_dashboard_schedule_annotations_prune_worker']['job_class'] = 'Metrics::Dashboard::ScheduleAnnotationsPruneWorker' Settings.cron_jobs['schedule_migrate_external_diffs_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['schedule_migrate_external_diffs_worker']['cron'] ||= '15 * * * *' Settings.cron_jobs['schedule_migrate_external_diffs_worker']['job_class'] = 'ScheduleMigrateExternalDiffsWorker' @@ -507,6 +513,9 @@ Gitlab.ee do Settings.cron_jobs['geo_file_download_dispatch_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['geo_file_download_dispatch_worker']['cron'] ||= '*/1 * * * *' Settings.cron_jobs['geo_file_download_dispatch_worker']['job_class'] ||= 'Geo::FileDownloadDispatchWorker' + Settings.cron_jobs['geo_registry_sync_worker'] ||= Settingslogic.new({}) + Settings.cron_jobs['geo_registry_sync_worker']['cron'] ||= '*/1 * * * *' + Settings.cron_jobs['geo_registry_sync_worker']['job_class'] ||= 'Geo::RegistrySyncWorker' Settings.cron_jobs['geo_metrics_update_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['geo_metrics_update_worker']['cron'] ||= '*/1 * * * *' Settings.cron_jobs['geo_metrics_update_worker']['job_class'] ||= 'Geo::MetricsUpdateWorker' @@ -552,9 +561,15 @@ Gitlab.ee do Settings.cron_jobs['elastic_index_bulk_cron_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['elastic_index_bulk_cron_worker']['cron'] ||= '*/1 * * * *' Settings.cron_jobs['elastic_index_bulk_cron_worker']['job_class'] ||= 'ElasticIndexBulkCronWorker' + Settings.cron_jobs['elastic_index_initial_bulk_cron_worker'] ||= Settingslogic.new({}) + Settings.cron_jobs['elastic_index_initial_bulk_cron_worker']['cron'] ||= '*/1 * * * *' + Settings.cron_jobs['elastic_index_initial_bulk_cron_worker']['job_class'] ||= 'ElasticIndexInitialBulkCronWorker' Settings.cron_jobs['sync_seat_link_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['sync_seat_link_worker']['cron'] ||= "#{rand(60)} 0 * * *" Settings.cron_jobs['sync_seat_link_worker']['job_class'] = 'SyncSeatLinkWorker' + Settings.cron_jobs['web_application_firewall_metrics_worker'] ||= Settingslogic.new({}) + Settings.cron_jobs['web_application_firewall_metrics_worker']['cron'] ||= '0 1 * * 0' + Settings.cron_jobs['web_application_firewall_metrics_worker']['job_class'] = 'IngressModsecurityCounterMetricsWorker' end # @@ -728,9 +743,6 @@ Settings.action_cable['worker_pool_size'] ||= 4 Settings['monitoring'] ||= Settingslogic.new({}) Settings.monitoring['ip_whitelist'] ||= ['127.0.0.1/8'] Settings.monitoring['unicorn_sampler_interval'] ||= 10 -Settings.monitoring['puma_sampler_interval'] ||= 5 -Settings.monitoring['ruby_sampler_interval'] ||= 60 -Settings.monitoring['global_search_sampler_interval'] ||= 60 Settings.monitoring['sidekiq_exporter'] ||= Settingslogic.new({}) Settings.monitoring.sidekiq_exporter['enabled'] ||= false Settings.monitoring.sidekiq_exporter['address'] ||= 'localhost' diff --git a/config/initializers/7_prometheus_metrics.rb b/config/initializers/7_prometheus_metrics.rb index 267a1f0b1a5..bb89850892e 100644 --- a/config/initializers/7_prometheus_metrics.rb +++ b/config/initializers/7_prometheus_metrics.rb @@ -42,14 +42,11 @@ if !Rails.env.test? && Gitlab::Metrics.prometheus_metrics_enabled? Gitlab::Cluster::LifecycleEvents.on_worker_start do defined?(::Prometheus::Client.reinitialize_on_pid_change) && Prometheus::Client.reinitialize_on_pid_change - Gitlab::Metrics::Samplers::RubySampler.initialize_instance(Settings.monitoring.ruby_sampler_interval).start - - if Gitlab::Utils.to_boolean(ENV['ENABLE_DATABASE_CONNECTION_POOL_METRICS']) - Gitlab::Metrics::Samplers::DatabaseSampler.initialize_instance(Gitlab::Metrics::Samplers::DatabaseSampler::SAMPLING_INTERVAL_SECONDS).start - end + Gitlab::Metrics::Samplers::RubySampler.initialize_instance.start + Gitlab::Metrics::Samplers::DatabaseSampler.initialize_instance.start if Gitlab.ee? && Gitlab::Runtime.sidekiq? - Gitlab::Metrics::Samplers::GlobalSearchSampler.instance(Settings.monitoring.global_search_sampler_interval).start + Gitlab::Metrics::Samplers::GlobalSearchSampler.instance.start end rescue IOError => e Gitlab::ErrorTracking.track_exception(e) @@ -62,7 +59,7 @@ if !Rails.env.test? && Gitlab::Metrics.prometheus_metrics_enabled? if Gitlab::Runtime.unicorn? Gitlab::Metrics::Samplers::UnicornSampler.instance(Settings.monitoring.unicorn_sampler_interval).start elsif Gitlab::Runtime.puma? - Gitlab::Metrics::Samplers::PumaSampler.instance(Settings.monitoring.puma_sampler_interval).start + Gitlab::Metrics::Samplers::PumaSampler.instance.start end Gitlab::Metrics.gauge(:deployments, 'GitLab Version', {}, :max).set({ version: Gitlab::VERSION }, 1) diff --git a/config/initializers/8_devise.rb b/config/initializers/8_devise.rb index 3daddb10b29..2be6e535fee 100644 --- a/config/initializers/8_devise.rb +++ b/config/initializers/8_devise.rb @@ -6,6 +6,11 @@ Devise.setup do |config| manager.default_strategies(scope: :user).unshift :two_factor_backupable end + # This is the default. This makes it explicit that Devise loads routes + # before eager loading. Disabling this seems to cause an error loading + # grape-entity `expose` for some reason. + config.reload_routes = true + # ==> Mailer Configuration # Configure the class responsible to send e-mails. config.mailer = "DeviseMailer" @@ -102,7 +107,7 @@ Devise.setup do |config| # config.remember_across_browsers = true # If true, extends the user's remember period when remembered via cookie. - # config.extend_remember_period = false + config.extend_remember_period = true # Options to be passed to the created cookie. For instance, you can set # secure: true in order to force SSL only cookies. diff --git a/config/initializers/action_cable.rb b/config/initializers/action_cable.rb index eb44ff00d09..c549dd45ad9 100644 --- a/config/initializers/action_cable.rb +++ b/config/initializers/action_cable.rb @@ -1,5 +1,7 @@ # frozen_string_literal: true +require 'action_cable/subscription_adapter/redis' + Rails.application.configure do # We only mount the ActionCable engine in tests where we run it in-app # For other environments, we run it on a standalone Puma server @@ -7,3 +9,11 @@ Rails.application.configure do config.action_cable.url = Gitlab::Utils.append_path(Gitlab.config.gitlab.relative_url_root, '/-/cable') config.action_cable.worker_pool_size = Gitlab.config.action_cable.worker_pool_size end + +# https://github.com/rails/rails/blob/bb5ac1623e8de08c1b7b62b1368758f0d3bb6379/actioncable/lib/action_cable/subscription_adapter/redis.rb#L18 +ActionCable::SubscriptionAdapter::Redis.redis_connector = lambda do |config| + args = config.except(:adapter, :channel_prefix) + .merge(instrumentation_class: ::Gitlab::Instrumentation::Redis::ActionCable) + + ::Redis.new(args) +end diff --git a/config/initializers/actionpack_generate_old_csrf_token.rb b/config/initializers/actionpack_generate_old_csrf_token.rb new file mode 100644 index 00000000000..6367a1d4d59 --- /dev/null +++ b/config/initializers/actionpack_generate_old_csrf_token.rb @@ -0,0 +1,33 @@ +# frozen_string_literal: true + +module Gitlab + module RequestForgeryProtectionPatch + private + + # Patch to generate 6.0.3 tokens so that we do not have CSRF errors while + # rolling out 6.0.3.1. This enables GitLab to have a mix of 6.0.3 and + # 6.0.3.1 Rails servers + # + # 1. Deploy this patch with :global_csrf_token FF disabled. + # 2. Once all Rails servers are on 6.0.3.1, enable :global_csrf_token FF. + # 3. On GitLab 13.2, remove this patch + def masked_authenticity_token(session, form_options: {}) + action, method = form_options.values_at(:action, :method) + + raw_token = if per_form_csrf_tokens && action && method + action_path = normalize_action_path(action) + per_form_csrf_token(session, action_path, method) + else + if Feature.enabled?(:global_csrf_token) + global_csrf_token(session) + else + real_csrf_token(session) + end + end + + mask_token(raw_token) + end + end +end + +ActionController::Base.include Gitlab::RequestForgeryProtectionPatch diff --git a/config/initializers/bullet.rb b/config/initializers/bullet.rb index 0ade7109420..d1f72ca3ce7 100644 --- a/config/initializers/bullet.rb +++ b/config/initializers/bullet.rb @@ -1,10 +1,15 @@ -if defined?(Bullet) && ENV['ENABLE_BULLET'] +def bullet_enabled? + Gitlab::Utils.to_boolean(ENV['ENABLE_BULLET'].to_s) +end + +if defined?(Bullet) && (bullet_enabled? || Rails.env.development?) Rails.application.configure do config.after_initialize do Bullet.enable = true - Bullet.bullet_logger = true - Bullet.console = true + Bullet.bullet_logger = bullet_enabled? + Bullet.console = bullet_enabled? + Bullet.raise = Rails.env.test? end end diff --git a/config/initializers/database_config.rb b/config/initializers/database_config.rb index 52897ad549d..ce732677c74 100644 --- a/config/initializers/database_config.rb +++ b/config/initializers/database_config.rb @@ -30,7 +30,7 @@ if Gitlab::Runtime.multi_threaded? Rails.application.config.database_configuration[Rails.env] previous_db_pool_size = db_config['pool'] - db_config['pool'] = [db_config['pool'].to_i, max_threads].max + db_config['pool'] = [db_config['pool'].to_i, max_threads].max + ENV["DB_POOL_HEADROOM"].to_i ActiveRecord::Base.establish_connection(db_config) diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb index 4158bfec216..76e29fb6c02 100644 --- a/config/initializers/doorkeeper.rb +++ b/config/initializers/doorkeeper.rb @@ -106,10 +106,5 @@ Doorkeeper.configure do # WWW-Authenticate Realm (default "Doorkeeper"). # realm "Doorkeeper" - # Allow dynamic query parameters (disabled by default) - # Some applications require dynamic query parameters on their request_uri - # set to true if you want this to be allowed - # wildcard_redirect_uri false - base_controller '::Gitlab::BaseDoorkeeperController' end diff --git a/config/initializers/fill_shards.rb b/config/initializers/fill_shards.rb index 40a9a271953..90c0d63e4fe 100644 --- a/config/initializers/fill_shards.rb +++ b/config/initializers/fill_shards.rb @@ -1,8 +1,7 @@ -# The `table_exists?` check is needed because during our migration rollback testing, +# The explicit schema version check is needed because during our migration rollback testing, # `Shard.connected?` could be cached and return true even though the table doesn't exist return unless Shard.connected? -return unless Shard.table_exists? -return unless Shard.connection.index_exists?(:shards, :name, unique: true) +return unless ActiveRecord::Migrator.current_version >= 20190402150158 return if Gitlab::Database.read_only? Shard.populate! diff --git a/config/initializers/google_api_client.rb b/config/initializers/google_api_client.rb index 443bb29fb52..49a35e5bd7c 100644 --- a/config/initializers/google_api_client.rb +++ b/config/initializers/google_api_client.rb @@ -1,23 +1,12 @@ # frozen_string_literal: true -# -# google-api-client >= 0.26.0 supports enabling CloudRun and Istio during -# cluster creation, but fog-google currently hard deps on '~> 0.23.0', which -# prevents us from upgrading. We are injecting these options as hashes below -# as a workaround until this is resolved. -# -# This can be removed once fog-google and google-api-client can be upgraded. -# See https://gitlab.com/gitlab-org/gitlab/issues/31280 for more details. -# -require 'google/apis/container_v1beta1' require 'google/apis/options' +# these require solve load order issues (undefined constant Google::Apis::ServerError and Signet::RemoteServerError, rescued in multiple places) +require 'google/apis/errors' +require 'signet/errors' + # As stated in https://github.com/googleapis/google-api-ruby-client#errors--retries, # enabling retries is strongly encouraged but disabled by default. Large uploads # that may hit timeouts will mainly benefit from this. Google::Apis::RequestOptions.default.retries = 3 if Gitlab::Utils.to_boolean(ENV.fetch('ENABLE_GOOGLE_API_RETRIES', true)) - -Google::Apis::ContainerV1beta1::AddonsConfig::Representation.tap do |representation| - representation.hash :cloud_run_config, as: 'cloudRunConfig' - representation.hash :istio_config, as: 'istioConfig' -end diff --git a/config/initializers/grape_validators.rb b/config/initializers/grape_validators.rb index 9d2b6dc9bd1..22f2c9ecf92 100644 --- a/config/initializers/grape_validators.rb +++ b/config/initializers/grape_validators.rb @@ -7,3 +7,4 @@ Grape::Validations.register_validator(:git_sha, ::API::Validations::Validators:: Grape::Validations.register_validator(:integer_none_any, ::API::Validations::Validators::IntegerNoneAny) Grape::Validations.register_validator(:array_none_any, ::API::Validations::Validators::ArrayNoneAny) Grape::Validations.register_validator(:check_assignees_count, ::API::Validations::Validators::CheckAssigneesCount) +Grape::Validations.register_validator(:untrusted_regexp, ::API::Validations::Validators::UntrustedRegexp) diff --git a/config/initializers/kaminari_active_record_relation_methods_with_limit.rb b/config/initializers/kaminari_active_record_relation_methods_with_limit.rb index cc20b83b234..55b98cda520 100644 --- a/config/initializers/kaminari_active_record_relation_methods_with_limit.rb +++ b/config/initializers/kaminari_active_record_relation_methods_with_limit.rb @@ -5,9 +5,10 @@ module Kaminari # This is a modified version of # https://github.com/kaminari/kaminari/blob/c5186f5d9b7f23299d115408e62047447fd3189d/kaminari-activerecord/lib/kaminari/activerecord/active_record_relation_methods.rb#L17-L41 - # that limit the COUNT query to 10,000 to avoid query timeouts. + # that limit the COUNT query to a configurable value to avoid query timeouts. + # The default limit value is 10,000 records # rubocop: disable Gitlab/ModuleWithInstanceVariables - def total_count_with_limit(column_name = :all, _options = nil) #:nodoc: + def total_count_with_limit(column_name = :all, options = {}) #:nodoc: return @total_count if defined?(@total_count) && @total_count # There are some cases that total count can be deduced from loaded records @@ -18,13 +19,14 @@ module Kaminari return @total_count = (current_page - 1) * limit_value + @records.length if @records.any? && (@records.length < limit_value) end + limit = options.fetch(:limit, MAX_COUNT_LIMIT).to_i # #count overrides the #select which could include generated columns referenced in #order, so skip #order here, where it's irrelevant to the result anyway c = except(:offset, :limit, :order) # Remove includes only if they are irrelevant c = c.except(:includes) unless references_eager_loaded_tables? # .group returns an OrderedHash that responds to #count # The following line was modified from `c = c.count(:all)` - c = c.limit(MAX_COUNT_LIMIT + 1).count(column_name) + c = c.limit(limit + 1).count(column_name) @total_count = if c.is_a?(Hash) || c.is_a?(ActiveSupport::OrderedHash) c.count diff --git a/config/initializers/lograge.rb b/config/initializers/lograge.rb index e1e15d1870c..01353ad4ec1 100644 --- a/config/initializers/lograge.rb +++ b/config/initializers/lograge.rb @@ -12,9 +12,9 @@ unless Gitlab::Runtime.sidekiq? config.lograge.logger = ActiveSupport::Logger.new(filename) config.lograge.before_format = lambda do |data, payload| data.delete(:error) - data[:db_duration_s] = Gitlab::Utils.ms_to_round_sec(data.delete(:db)) - data[:view_duration_s] = Gitlab::Utils.ms_to_round_sec(data.delete(:view)) - data[:duration_s] = Gitlab::Utils.ms_to_round_sec(data.delete(:duration)) + data[:db_duration_s] = Gitlab::Utils.ms_to_round_sec(data.delete(:db)) if data[:db] + data[:view_duration_s] = Gitlab::Utils.ms_to_round_sec(data.delete(:view)) if data[:view] + data[:duration_s] = Gitlab::Utils.ms_to_round_sec(data.delete(:duration)) if data[:duration] data end diff --git a/config/initializers/peek.rb b/config/initializers/peek.rb index a3810be70b2..deac938c80b 100644 --- a/config/initializers/peek.rb +++ b/config/initializers/peek.rb @@ -9,6 +9,8 @@ Peek.into Peek::Views::Host Peek.into Peek::Views::ActiveRecord Peek.into Peek::Views::Gitaly Peek.into Peek::Views::RedisDetailed +Peek.into Peek::Views::Elasticsearch Peek.into Peek::Views::Rugged +Peek.into Peek::Views::BulletDetailed if defined?(Bullet) Peek.into Peek::Views::Tracing if Labkit::Tracing.tracing_url_enabled? diff --git a/config/initializers/rack_attack_new.rb b/config/initializers/rack_attack.rb index 51b49bec864..51b49bec864 100644 --- a/config/initializers/rack_attack_new.rb +++ b/config/initializers/rack_attack.rb diff --git a/config/initializers/zz_metrics.rb b/config/initializers/zz_metrics.rb index 26f6743f480..7e675e478cf 100644 --- a/config/initializers/zz_metrics.rb +++ b/config/initializers/zz_metrics.rb @@ -147,6 +147,8 @@ if Gitlab::Metrics.enabled? && !Rails.env.test? && !(Rails.env.development? && d Gitlab::Application.configure do |config| config.middleware.use(Gitlab::Metrics::RackMiddleware) config.middleware.use(Gitlab::Middleware::RailsQueueDuration) + config.middleware.use(Gitlab::Metrics::RedisRackMiddleware) + config.middleware.use(Gitlab::Metrics::ElasticsearchRackMiddleware) end Sidekiq.configure_server do |config| diff --git a/config/locales/doorkeeper.en.yml b/config/locales/doorkeeper.en.yml index 7c8dc2d0a32..8469b72c312 100644 --- a/config/locales/doorkeeper.en.yml +++ b/config/locales/doorkeeper.en.yml @@ -81,6 +81,8 @@ en: Grants read-write access to repositories on private projects using Git-over-HTTP (not using the API). read_registry: Grants read-only access to container registry images on private projects. + write_registry: + Grants write access to container registry images on private projects. openid: Grants permission to authenticate with GitLab using OpenID Connect. Also gives read-only access to the user's profile and group memberships. sudo: diff --git a/config/locales/en.yml b/config/locales/en.yml index c95232ae540..ed0552ab452 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -272,4 +272,5 @@ en: long: "%B %d, %Y %H:%M" short: "%d %b %H:%M" timeago_tooltip: "%b %-d, %Y %-l:%M%P" + with_timezone: "%Y-%m-%d %H:%M:%S %z" pm: pm diff --git a/config/prometheus/self_monitoring_default.yml b/config/prometheus/self_monitoring_default.yml index dc2361fb3bc..50e6f4585e4 100644 --- a/config/prometheus/self_monitoring_default.yml +++ b/config/prometheus/self_monitoring_default.yml @@ -1,6 +1,36 @@ dashboard: 'Default dashboard' priority: 1 + +templating: + variables: + instance: + type: 'text' + label: 'Instance label regex' + options: + default_value: '.+' + panel_groups: + +- group: 'Resource usage' + panels: + - title: "Memory usage" + type: "line-chart" + y_label: "% memory used" + metrics: + - id: node_memory_usage_percentage + query_range: '(1 - (node_memory_MemAvailable_bytes{instance=~"{{instance}}"} or (node_memory_MemFree_bytes{instance=~"{{instance}}"} + node_memory_Buffers_bytes{instance=~"{{instance}}"} + node_memory_Cached_bytes{instance=~"{{instance}}"} + node_memory_Slab_bytes{instance=~"{{instance}}"})) / node_memory_MemTotal_bytes{instance=~"{{instance}}"}) * 100' + unit: "%" + label: instance + + - title: "CPU usage" + type: "line-chart" + y_label: "% CPU used" + metrics: + - id: node_cpu_usage_percentage + query_range: '(avg without (mode,cpu) (1 - irate(node_cpu_seconds_total{mode="idle",instance=~"{{instance}}"}[5m]))) * 100' + unit: "%" + label: instance + - group: Web Service panels: - title: Web Service - Error Ratio diff --git a/config/pseudonymizer.yml b/config/pseudonymizer.yml index e9d5fd5623f..532fbe3b70f 100644 --- a/config/pseudonymizer.yml +++ b/config/pseudonymizer.yml @@ -465,7 +465,6 @@ tables: - auditor - require_two_factor_authentication_from_group - two_factor_grace_period - - ghost - last_activity_on - notified_of_own_activity - user_type diff --git a/config/routes.rb b/config/routes.rb index 86f42822299..598a52cddb3 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -45,12 +45,19 @@ Rails.application.routes.draw do use_doorkeeper_openid_connect # Sign up - get 'users/sign_up/welcome' => 'registrations#welcome' - patch 'users/sign_up/update_registration' => 'registrations#update_registration' + scope path: '/users/sign_up', module: :registrations, as: :users_sign_up do + get :welcome + patch :update_registration + resource :experience_level, only: [:show, :update] + + Gitlab.ee do + resources :groups, only: [:new, :create] + resources :projects, only: [:new, :create] + end + end # Search get 'search' => 'search#show' - get 'search/autocomplete' => 'search#autocomplete', as: :search_autocomplete get 'search/count' => 'search#count', as: :search_count # JSON Web Token diff --git a/config/routes/dashboard.rb b/config/routes/dashboard.rb index f1e8c2b9d82..7e29a36f020 100644 --- a/config/routes/dashboard.rb +++ b/config/routes/dashboard.rb @@ -5,13 +5,7 @@ resource :dashboard, controller: 'dashboard', only: [] do get :activity scope module: :dashboard do - resources :milestones, only: [:index, :show] do - member do - get :merge_requests - get :participants - get :labels - end - end + resources :milestones, only: [:index] resources :labels, only: [:index] resources :groups, only: [:index] diff --git a/config/routes/group.rb b/config/routes/group.rb index 9571d70d103..408c57eaa94 100644 --- a/config/routes/group.rb +++ b/config/routes/group.rb @@ -70,6 +70,7 @@ constraints(::Constraints::GroupUrlConstrainer.new) do end resource :avatar, only: [:destroy] + resource :import, only: [:show] concerns :clusterable @@ -78,7 +79,7 @@ constraints(::Constraints::GroupUrlConstrainer.new) do delete :leave, on: :collection end - resources :group_links, only: [:index, :create, :update, :destroy], constraints: { id: /\d+/ } + resources :group_links, only: [:create, :update, :destroy], constraints: { id: /\d+/ } resources :uploads, only: [:create] do collection do diff --git a/config/routes/import.rb b/config/routes/import.rb index 57a1fab48e9..cd8278f6fd0 100644 --- a/config/routes/import.rb +++ b/config/routes/import.rb @@ -25,12 +25,14 @@ namespace :import do get :status get :callback get :jobs + get :realtime_changes end resource :bitbucket, only: [:create], controller: :bitbucket do get :status get :callback get :jobs + get :realtime_changes end resource :bitbucket_server, only: [:create, :new], controller: :bitbucket_server do @@ -38,6 +40,7 @@ namespace :import do get :status get :callback get :jobs + get :realtime_changes end resource :google_code, only: [:create, :new], controller: :google_code do @@ -53,6 +56,7 @@ namespace :import do get :status post :callback get :jobs + get :realtime_changes get :new_user_map, path: :user_map post :create_user_map, path: :user_map @@ -63,6 +67,10 @@ namespace :import do post :authorize end + resource :gitlab_group, only: [:create] do + post :authorize + end + resource :manifest, only: [:create, :new], controller: :manifest do get :status get :jobs diff --git a/config/routes/merge_requests.rb b/config/routes/merge_requests.rb index f6c45081ce0..b2635a7fa74 100644 --- a/config/routes/merge_requests.rb +++ b/config/routes/merge_requests.rb @@ -55,6 +55,15 @@ resources :merge_requests, concerns: :awardable, except: [:new, :create, :show], delete :resolve, action: :unresolve end end + + scope module: :merge_requests do + resources :drafts, only: [:index, :update, :create, :destroy] do + collection do + post :publish + delete :discard + end + end + end end scope path: 'merge_requests', controller: 'merge_requests/creations' do diff --git a/config/routes/project.rb b/config/routes/project.rb index 020bfa7687d..78dcc189d5b 100644 --- a/config/routes/project.rb +++ b/config/routes/project.rb @@ -49,9 +49,11 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do get :trace, defaults: { format: 'json' } get :raw get :terminal + get :proxy - # This route is also defined in gitlab-workhorse. Make sure to update accordingly. + # These routes are also defined in gitlab-workhorse. Make sure to update accordingly. get '/terminal.ws/authorize', to: 'jobs#terminal_websocket_authorize', format: false + get '/proxy.ws/authorize', to: 'jobs#proxy_websocket_authorize', format: false end resource :artifacts, only: [] do @@ -65,12 +67,10 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do namespace :ci do resource :lint, only: [:show, :create] - resources :daily_build_group_report_results, only: [:index], constraints: { format: 'csv' } + resources :daily_build_group_report_results, only: [:index], constraints: { format: /(csv|json)/ } end namespace :settings do - get :members, to: redirect("%{namespace_id}/%{project_id}/-/project_members") - resource :ci_cd, only: [:show, :update], controller: 'ci_cd' do post :reset_cache put :reset_registration_token @@ -199,7 +199,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do resources :starrers, only: [:index] resources :forks, only: [:index, :new, :create] - resources :group_links, only: [:index, :create, :update, :destroy], constraints: { id: /\d+/ } + resources :group_links, only: [:create, :update, :destroy], constraints: { id: /\d+/ } resource :import, only: [:new, :create, :show] resource :avatar, only: [:show, :destroy] @@ -315,6 +315,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do draw :issues draw :merge_requests + draw :pipelines # The wiki and repository routing contains wildcard characters so # its preferable to keep it below all other project routes @@ -323,9 +324,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do draw :wiki namespace :import do - resource :jira, only: [:show], controller: :jira do - post :import - end + resource :jira, only: [:show], controller: :jira end end # End of the /-/ scope. @@ -380,17 +379,6 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do post 'alerts/notify', to: 'alerting/notifications#create' - # Unscoped route. It will be replaced with redirect to /-/pipelines/ - # Issue https://gitlab.com/gitlab-org/gitlab/issues/118849 - draw :pipelines - - # To ensure an old unscoped routing is used for the UI we need to - # add prefix 'as' to the scope routing and place it below original routing. - # Issue https://gitlab.com/gitlab-org/gitlab/issues/118849 - scope '-', as: 'scoped' do - draw :pipelines - end - draw :legacy_builds resources :hooks, only: [:index, :create, :edit, :update, :destroy], constraints: { id: /\d+/ } do # rubocop: disable Cop/PutProjectRoutesUnderScope @@ -472,9 +460,21 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do post :web_ide_pipelines_count end + resources :web_ide_terminals, path: :ide_terminals, only: [:create, :show], constraints: { id: /\d+/, format: :json } do # rubocop: disable Cop/PutProjectRoutesUnderScope + member do + post :cancel + post :retry + end + + collection do + post :check_config + end + end + # Deprecated unscoped routing. # Issue https://gitlab.com/gitlab-org/gitlab/issues/118849 scope as: 'deprecated' do + draw :pipelines draw :repository end diff --git a/config/settings.rb b/config/settings.rb index 144a068ef2a..99f1b85202e 100644 --- a/config/settings.rb +++ b/config/settings.rb @@ -66,6 +66,12 @@ class Settings < Settingslogic (base_url(gitlab) + [gitlab.relative_url_root]).join('') end + def build_gitlab_go_url + # "Go package paths are not URLs, and do not include port numbers" + # https://github.com/golang/go/issues/38213#issuecomment-607851460 + "#{gitlab.host}#{gitlab.relative_url_root}" + end + def kerberos_protocol kerberos.https ? "https" : "http" end diff --git a/config/sidekiq_queues.yml b/config/sidekiq_queues.yml index e6e0b4b4409..0052910b56e 100644 --- a/config/sidekiq_queues.yml +++ b/config/sidekiq_queues.yml @@ -82,10 +82,14 @@ - 1 - - elastic_commit_indexer - 1 +- - elastic_delete_project + - 1 - - elastic_full_index - 1 - - elastic_indexer - 1 +- - elastic_indexing_control + - 1 - - elastic_namespace_indexer - 1 - - elastic_namespace_rollout @@ -148,6 +152,8 @@ - 5 - - merge_request_mergeability_check - 1 +- - metrics_dashboard_prune_old_annotations + - 1 - - migrate_external_diffs - 1 - - namespaceless_project_destroy @@ -210,6 +216,8 @@ - 1 - - prometheus_create_default_alerts - 1 +- - propagate_integration + - 1 - - propagate_service_template - 1 - - reactive_caching @@ -236,6 +244,8 @@ - 1 - - repository_update_remote_mirror - 1 +- - requirements_management_process_requirements_reports + - 1 - - security_scans - 2 - - self_monitoring_project_create diff --git a/config/webpack.config.js b/config/webpack.config.js index 7c130b010b6..557db58b1b9 100644 --- a/config/webpack.config.js +++ b/config/webpack.config.js @@ -19,10 +19,11 @@ const IS_EE = require('./helpers/is_ee_env'); const DEV_SERVER_HOST = process.env.DEV_SERVER_HOST || 'localhost'; const DEV_SERVER_PORT = parseInt(process.env.DEV_SERVER_PORT, 10) || 3808; const DEV_SERVER_LIVERELOAD = IS_DEV_SERVER && process.env.DEV_SERVER_LIVERELOAD !== 'false'; -const WEBPACK_REPORT = process.env.WEBPACK_REPORT; -const WEBPACK_MEMORY_TEST = process.env.WEBPACK_MEMORY_TEST; -const NO_COMPRESSION = process.env.NO_COMPRESSION; -const NO_SOURCEMAPS = process.env.NO_SOURCEMAPS; +const WEBPACK_REPORT = process.env.WEBPACK_REPORT && process.env.WEBPACK_REPORT !== 'false'; +const WEBPACK_MEMORY_TEST = + process.env.WEBPACK_MEMORY_TEST && process.env.WEBPACK_MEMORY_TEST !== 'false'; +const NO_COMPRESSION = process.env.NO_COMPRESSION && process.env.NO_COMPRESSION !== 'false'; +const NO_SOURCEMAPS = process.env.NO_SOURCEMAPS && process.env.NO_SOURCEMAPS !== 'false'; const VUE_VERSION = require('vue/package.json').version; const VUE_LOADER_VERSION = require('vue-loader/package.json').version; @@ -244,6 +245,7 @@ module.exports = { loader: 'file-loader', options: { name: '[name].[contenthash:8].[ext]', + esModule: false, }, }, ], @@ -254,7 +256,7 @@ module.exports = { moduleIds: 'hashed', runtimeChunk: 'single', splitChunks: { - maxInitialRequests: 4, + maxInitialRequests: 20, cacheGroups: { default: false, common: () => ({ @@ -329,9 +331,6 @@ module.exports = { // automatically configure monaco editor web workers new MonacoWebpackPlugin(), - // prevent pikaday from including moment.js - new webpack.IgnorePlugin(/moment/, /pikaday/), - // fix legacy jQuery plugins which depend on globals new webpack.ProvidePlugin({ $: 'jquery', @@ -516,6 +515,14 @@ module.exports = { // This one is used to check against "EE" properly in application code IS_EE: IS_EE ? 'window.gon && window.gon.ee' : JSON.stringify(false), }), + + /* Pikaday has a optional dependency to moment. + We are currently not utilizing moment. + Ignoring this import removes warning from our development build. + Upstream reference: + https://github.com/Pikaday/Pikaday/blob/5c1a7559be/pikaday.js#L14 + */ + new webpack.IgnorePlugin(/moment/, /pikaday/), ].filter(Boolean), devServer: { diff --git a/config/webpack.vendor.config.js b/config/webpack.vendor.config.js index bebd1d656b5..548eca4200f 100644 --- a/config/webpack.vendor.config.js +++ b/config/webpack.vendor.config.js @@ -38,7 +38,7 @@ module.exports = { 'katex', 'three', 'select2', - 'moment', + 'moment-mini', 'aws-sdk', 'sanitize-html', 'bootstrap/dist/js/bootstrap.js', @@ -65,7 +65,23 @@ module.exports = { }), new YarnCheck({ rootDirectory: ROOT_PATH, - exclude: /ts-jest/, + exclude: new RegExp( + [ + /* + chokidar has a newer version which do not depend on fsevents, + is faster and only compatible with newer node versions (>=8) + + Their actual interface remains the same and we can safely _force_ + newer versions to get performance and security benefits. + + This can be removed once all dependencies are up to date: + https://gitlab.com/gitlab-org/gitlab/-/issues/219353 + */ + 'chokidar', + // We are ignoring ts-jest, because we force a newer version, compatible with our current jest version + 'ts-jest', + ].join('|'), + ), forceKill: true, }), ], |