| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
Remove the visual review toolbar code
in favor of using the NPM package.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds Distributed Tracing support for two new types of events
1. Redis Calls
1. ActiveSupport (Rails) Caching Operations
The intention is to help application developers and infrastructure
SREs to understand the pressure that caching operations can have on
the application when running at scale.
The Redis and Caching spans can be viewed in the Jaeger UI by clicking
the "Trace" link in the performance bar when running on GDK.
|
|\
| |
| |
| |
| |
| |
| | |
Fix "ERR value is not an integer or out of range" errors
Closes #66449
See merge request gitlab-org/gitlab-ce!32126
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
`ActiveSupport::Cache::RedisCacheStore` is not compatible with the
version of Rack Attack we are using (v4.4.1) per
https://github.com/kickstarter/rack-attack/issues/281. Users that had
rate limits enabled might see `Redis::CommandError: ERR value is not an
integer or out of range` because the `raw` parameter wasn't passed along
properly. As a result, the Rack Attack entry would be stored as an
`ActiveSupport::Cache::Entry` instead of a raw string holding an integer
value.
Let's partially revert the change in
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/30966 to use the
original cache store until we can update to Rack Attack v5.2.3 that has
support for `ActiveSupport::Cache::RedisCacheStore` via
https://github.com/kickstarter/rack-attack/pull/350.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/66449
|
|/
|
|
| |
This enables CSP in dev and CI
|
|\
| |
| |
| |
| | |
Fix typo in Content Security Policy example
See merge request gitlab-org/gitlab-ce!32103
|
| | |
|
|/ |
|
|\
| |
| |
| |
| | |
feat: smime signed notification emails
See merge request gitlab-org/gitlab-ce!30644
|
| |
| |
| |
| |
| |
| | |
- Add mail interceptor the signs outgoing email with SMIME
- Add lib and helpers to work with SMIME data
- New configuration params for setting up SMIME key and cert files
|
|\ \
| | |
| | |
| | |
| | | |
Port of EE "Elasticsearch versioned schema for other ActiveRecord models"
See merge request gitlab-org/gitlab-ce!31660
|
| | |
| | |
| | |
| | | |
Doc for multi-indices archtecture
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
Allow to interrupt running sidekiq jobs
See merge request gitlab-org/gitlab-ce!31818
|
| | | |
| | | |
| | | |
| | | | |
Transform `CancelledError` into `JobRetry::Skip`
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This makes:
- very shallow `Middleware::Monitor` to only request tracking
of sidekiq jobs,
- `SidekiqStatus::Monitor` to be responsible to maintain persistent
connection to receive messages,
- `SidekiqStatus::Monitor` to always use structured logging
and instance variables
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This adds a middleware to track all threads
for running jobs.
This makes sidekiq to watch for redis-delivered notifications.
This makes be able to send notification to interrupt
running sidekiq jobs.
This does not take into account any native code,
as `Thread.raise` generates exception once the control gets
back to Ruby.
The separate measure should be taken to interrupt gRPC, shellouts,
or anything else that escapes Ruby.
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Adds a time series component for line and area charts.
Displays new charts in the dashboard.
- Use dynamic components for line/area swapping
- Add new line charts to dashboard in 2 panels
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously we asked a user to enter a new slug before taking them to
the Create Page page.
As a UX improvement, we now take them to a randomly generated URI so
they can begin creating their new page.
https://gitlab.com/gitlab-org/gitlab-ce/issues/46299
|
| |
| |
| |
| |
| |
| |
| |
| | |
Current `auth.log` uses `fullpath` and `ip`, while `api_json.log` uses
`remote_ip` and `path` for the same fields. Let's standardize these
namings to make it easier for people working with the data.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/66167
|
| | |
|
| | |
|
|\ \
| | |
| | |
| | |
| | | |
Update qa/Dockerfile to be built from the project root context
See merge request gitlab-org/gitlab-ce!31533
|
| | |
| | |
| | |
| | |
| | | |
For the QA tests to use the new injection methods, we must require the
initializer and ensure that the "constantize" method is available.
|
|/ /
| |
| |
| |
| |
| |
| | |
After moving the multiproc dir cleanup into `config.ru`:`warmup`, we
stopped cleaning Sidekiq metrics dir which is not correct.
This MR intended to fix that. More details:
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/31668
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
'47003-user-onboarding-replace-current-email-confirmation-flow-with-a-soft-email-confirmation-flow' into 'master'
Soft email confirmation flow
Closes #47003
See merge request gitlab-org/gitlab-ce!31245
|
| | |
| | |
| | |
| | | |
to 30 days
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Resolve "Multi selection for delete on registry page"
Closes #24705
See merge request gitlab-org/gitlab-ce!30837
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
Remove duplicate -/users/terms routes
See merge request gitlab-org/gitlab-ce!31812
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
CE-specific changes for:
https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/15129
Co-Authored-By: Alex Kalderimis <akalderimis@gitlab.com>
Co-Authored-By: Luke Duncalfe <lduncalfe@eml.cc>
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
'46548-open-source-alternative-to-recaptcha-for-gitlab-com-registration' into 'master'
Open source alternative to reCAPTCHA for GitLab.com registration
See merge request gitlab-org/gitlab-ce!31625
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
With a time treshold of 4 seconds
and a firstname and lastname honeypot
input fields when signing up
|
|\ \ \ \ \ \
| |_|/ / / /
|/| | | | |
| | | | | |
| | | | | | |
Elasticsearch versioned schema for Snippet
See merge request gitlab-org/gitlab-ce!31465
|
| | | | | | |
|
| | | | | | |
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Remove concerns from eager load paths
See merge request gitlab-org/gitlab-ce!31649
|
| | |_|_|/ /
| |/| | | | |
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
'63942-remove-config-action_dispatch-use_authenticated_cookie_encryption-configuration' into 'master'
Remove `config.action_dispatch.use_authenticated_cookie_encryption` configuration
Closes #63942
See merge request gitlab-org/gitlab-ce!31463
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Old cookies are still valid and are automatically
upgraded by Rails
|
|/ / / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Querying all counts for the different search results in the same request
led to timeouts, so we now only calculate the count for the *current*
search results, and request the others in separate asynchronous calls.
|
| |/ / / /
|/| | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When we hit our app with the initial request, in `warmup`,
some metrics already being created as well as corresponding files.
If we do `multiproc_file_dir` cleanup after that, we delete the files
from the dir while keeping them in memory which leads to the incorrect
behavior: the metric is being updated in in-memory, while is not present
in the db, not sent to Prometheus as the result.
|
| |/ / /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Splits auto-refreshing of MR widget into 2 requests:
- the one which uses etag-caching and invalidates the fields on change
- the one without caching
The idea is to gradually move all the fields to etag-cached endpoint
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This will help identify Sidekiq jobs that invoke excessive number of
filesystem access.
The timing data is stored in `RequestStore`, but this is only active
within the middleware and is not directly accessible to the Sidekiq
logger. However, it is possible for the middleware to modify the job
hash to pass this data along to the logger.
|
|\ \ \ \
| |/ / /
|/| | |
| | | |
| | | |
| | | |
| | | | |
Filter title, description, and body from logs
Closes #64460 and #60365
See merge request gitlab-org/gitlab-ce!31274
|
| | | |
| | | |
| | | |
| | | | |
These can contain sensitive content.
|
| | | | |
|
| |_|/
|/| | |
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add support for Content-Security-Policy
Closes #65330
See merge request gitlab-org/gitlab-ce!31402
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
A nonce-based Content-Security-Policy thwarts XSS attacks by allowing
inline JavaScript to execute if the script nonce matches the header
value. Rails 5.2 supports nonce-based Content-Security-Policy headers,
so provide configuration to enable this and make it work.
To support this, we need to change all `:javascript` HAML filters to the
following form:
```
= javascript_tag nonce: true do
:plain
...
```
We use `%script` throughout our HAML to store JSON and other text, but
since this doesn't execute, browsers don't appear to block this content
from being used and require the nonce value to be present.
|