summaryrefslogtreecommitdiff
path: root/config
Commit message (Collapse)AuthorAgeFilesLines
* Fix help page paths to make sure shortcuts and the UI help page work.fix-help-pathsConnor Shea2016-07-191-5/+4
| | | | | | Add a test to make sure the help page UI path doesn't break in the future. Fix #19972 and #19889.
* Merge branch 'manual-actions' into 'master' Rémy Coutable2016-07-192-0/+17
|\ | | | | | | | | | | | | | | | | | | | | | | Add support for manual CI actions ## What does this MR do? This implements a `when: manual` which allows a jobs to be marked as manual actions. Manual actions have to be explicitly executed by developers. ## What are the relevant issue numbers? This is to solve: https://gitlab.com/gitlab-org/gitlab-ce/issues/17010 See merge request !5297
| * Improve manual actions code and add model, service and feature testsKamil Trzcinski2016-07-181-0/+16
| | | | | | | | | | | | | | | | Manual actions are accessible from: - Pipelines - Builds - Environments - Deployments
| * Add implementation of manual actionsKamil Trzcinski2016-07-181-0/+1
| |
* | Merge branch 'cs-gemojione-3' into 'master' Robert Speicher2016-07-181-1/+1
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Upgrade gemojione to 3.0.0 Upgrades gemojione to 3.0.0, see the Changelog: https://github.com/jonathanwiesel/gemojione/blob/b98aa8b07eef815d4d3f52ff3c8714b28932b0de/CHANGELOG.md#v300-2016-07-12 [Here are all the new 2016 emoji](http://emojione.com/releases/2.2.4/) :tada: This update has new emoji and more sensical categories. See merge request !5237
| * | Upgrade Gemojione from 2.6.1 to 3.0.1.Connor Shea2016-07-181-1/+1
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds the 2016 emoji as well as support for using SVG images instead of PNGs. It also fixes a number of incorrectly categorized emoji and other minor issues. Upgrade Rake task for Gemojione 3.0.0 and generate sprites. Upgrade aliases.json by pulling down index.json from the gemojione repository and running the generate_aliases.rb file. Changelog: https://github.com/jonathanwiesel/gemojione/blob/master/CHANGELOG.md#v301-2016-07-16 For the specific emoji added to the Unicode standard, see: http://emojione.com/releases/2.2.4/ Huge kudos to Jonathan Wiesel (@jonathanwiesel) for his work on the gemojione gem!
* | Improve cron_jobs loading error messagesGabriel Mazetto2016-07-181-1/+8
| |
* | Minor policy refinements.csp-basicsConnor Shea2016-07-181-8/+12
| |
* | Document the CSP file.Connor Shea2016-07-181-11/+38
| |
* | Only enable CSP policies when relevant features are enabled.Connor Shea2016-07-181-1/+27
| | | | | | | | Gravatar, Google Analytics, Piwik, Recaptcha, etc.
* | Remove background_jobs-specific headers.Connor Shea2016-07-181-5/+0
| |
* | Only report to Sentry when it's enabled.Connor Shea2016-07-181-2/+6
| |
* | Add Sidekiq-specific headers.Connor Shea2016-07-181-2/+10
| |
* | Add the CSP reporting URI of Sentry.Connor Shea2016-07-181-1/+8
| |
* | Update image policy to allow external images over HTTPS.Connor Shea2016-07-181-1/+1
| |
* | Remove unsafe eval directive from scripts.Connor Shea2016-07-181-1/+1
| |
* | Fix that which hath been broken. Except the sidekiq admin iframe.Connor Shea2016-07-181-0/+38
|/
* Merge branch '17341-firefox-u2f' into 'master' Robert Speicher2016-07-151-0/+1
|\ | | | | | | | | | | | | | | | | | | | | | | Allow U2F devices to be used in Firefox - Adds U2F support for Firefox - Improve U2F feature detection logic - Have authentication flow be closer to the spec (single challenge instead of a challenge for each `signRequest`) - Closes #17341 - Related to #15337 See merge request !5177
| * Load Javascript U2F library selectively.Timothy Andrew2016-07-141-0/+1
| | | | | | | | | | | | | | | | | | | | 1. Only on supported Chrome versions 2. Mainly, this lets us simplify the javascript-based U2F check to `window.u2f`, where `window.u2f` can either be loaded from the GitLab server (for Chrome) or from the Firefox extension. 3. This is a better way to provide browser detection for U2F.
* | Merge branch 'remove-hound-config' into 'master' Stan Hu2016-07-121-87/+0
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove Hound CI and Teatro config ## What does this MR do? Since we moved to gitlab.com we don't use Hound CI and Teatro anymore. Instead we have rubocop. See merge request !5089
| * | Remove teatro configremove-hound-configRobert Schilling2016-07-051-87/+0
| | |
* | | Merge branch 'update-health-check-gem' into 'master' Rémy Coutable2016-07-121-13/+0
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update the health_check gem to the latest release ## What does this MR do? Update the health_check gem to the latest release, which allows us to drop some of our code for overwriting the email check ## Does this MR meet the acceptance criteria? - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [ ] ~~[Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)~~ - [ ] ~~API support added~~ - Tests - [ ] ~~Added for this feature/bug~~ - [ ] All builds are passing - [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [ ] Branch has no merge conflicts with `master` (if you do - rebase it please) - [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) See merge request !5186
| * | | Update the health_check gem to the latest releaseupdate-health-check-gemDJ Mountney2016-07-111-13/+0
| | |/ | |/| | | | | | | This allows us to drop our disable email config override
* | | Update the help_page_path route to accept paths directly instead of using ↵Connor Shea2016-07-111-2/+2
| | | | | | | | | | | | parameters.
* | | Make "Get started with Builds" Help Page link work properlyconnorshea2016-07-111-0/+1
| | | | | | | | | | | | | | | | | | | | | This is probably a horrible way of fixing this issue, but it does work. I can’t find much information on linking this deeply with Rails routes. Resolves #14872.
* | | Merge branch 'master' into single-file-diffsSean McGivern2016-07-111-0/+1
|\ \ \ | |/ /
| * | Merge branch 'cs-cropper' into 'master' Fatih Acet2016-07-081-0/+1
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Split Cropper.js from the main JavaScript manifest. ## What does this MR do? Splits Cropper.js from the main JavaScript file. ## Are there points in the code the reviewer needs to double check? That the avatar uploader works. (It did in my testing) ## Why was this MR needed? Smaller JS payload. ## What are the relevant issue numbers? #14372 ## Does this MR meet the acceptance criteria? - Tests - [x] All builds are passing - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) See merge request !4978
| | * | Split Cropper.js from the main JavaScript manifest.Connor Shea2016-06-291-0/+1
| | | |
* | | | Support renames in diff_for_path actionsSean McGivern2016-07-111-4/+4
| | | |
* | | | Collapse large diffs by defaultSean McGivern2016-07-081-4/+11
|/ / / | | | | | | | | | | | | When rendering a list of diff files, skip those where the diff is over 10 KB and provide an endpoint to render individually instead.
* | | Merge branch '18627-wildcard-branch-protection' into 'master' Douwe Maan2016-07-071-1/+1
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow specifying protected branches using wildcards Closes #18627 # Tasks - [ ] #18627 !4665 Allow specifying protected branches using wildcards - [x] Find existing usages of protected branches - Protecting branches - `ProtectedBranchesController` is used to mark a branch protected/unprotected - `API::Branches` can be used to mark a branch protected/unprotected - Enforcing branch protection - `Gitlab::GitAccess` has helpers (`can_push_to_branch?`, `check`) that are used to deny pushes if a branch is protected - Over SSH: `gitlab-shell` receives a push, and calls `/allowed` on the GitLab API, which calls `GitAccess.check` - Over HTTP: - `gitlab-workhorse` receives the request, and forwards it to rails - Rails (in the `GitHttpController#git-recieve-pack`) runs basic checks (is the user logged in, not protected branch checks) and returns ok with `GL_ID` and `RepoPath` - `gitlab-workhorse` looks at the response, and calls the relevant `gitlab-shell` action from `git-http/handlePostRPC` - Rest of this flow is the same as the SSH flow above - [x] Implementation - [x] Backend - [x] Change `project#protected_branch?` to look at wildcard protected branches - [x] Change `project#developers_can_push_to_protected_branch?` - [x] Change `project#open_branches` - [x] Better error message when creating a disallowed branch from the Web UI - [x] Frontend - [x] Protected branches page should allow typing out a wildcard pattern - [x] Add help text explaining the use of wildcards - [x] Show matching branches for each protected branch - [x] ~~On the index page~~ - [x] On a show page - [x] Index? - [x] Can't have the "last commit" column for wildcard protected branches - [x] Fix / write tests - [x] What happens if a hook is missing in dev? - [x] Refactor - [x] Test workflows - Create a branch matching a wildcard pattern - Push to a branch matching a wildcard pattern - Force push to a branch matching a wildcard pattern - Delete a branch matching a wildcard pattern - [x] Test using Web UI - [x] Test over SSH - [x] Test over HTTP - [x] Test as developer and master - [x] Investigate performance - [x] Test with a large number of protected branches / branches - [x] Paginate list of protected branches - [x] ~~Possibly rewrite `open_branches`~~ - [x] Add `iid`s to existing `ProtectedBranch`es - [x] Add documentation - [x] Add CHANGELOG entry - [x] Add screenshots - [x] Make sure [build](https://gitlab.com/gitlab-org/gitlab-ce/commit/2f753e3ed2ce681b4444944d521f4419e8ed37f7/builds) passes - [x] Assign to endboss for review - [x] Address @DouweM's comments - [x] `protected_branch_params` - [x] `exact_match` instead of `explicit_match` - [x] When would self.name be blank? - [x] Move `protected_branches.each` to a partial - [x] Move `matching_branches.each` to a partial - [x] If the branch is in @matching_branches, it's not been removed - [x] move this regex to a method and memoize it - [x] `commit_sha` directly for exact matches - [x] Number of matches for wildcard matches, with a link - [x] Wait for [build](https://gitlab.com/gitlab-org/gitlab-ce/commit/43f9ce0e88194b8f719bb1c1e656b7fc13278d56/builds) to pass - [x] Respond to @DouweM's comments - [x] Don't use iid - [x] Controller should use `@project.protected_branches.new` - [x] move the memoization to `def wildcard_regex` - [x] render with `collection: @protected_branches` - [x] Wait for [build](https://gitlab.com/gitlab-org/gitlab-ce/commit/f7beedf122fa0c7aa89e86181fe7499321fb10ca/builds) to pass - [x] Wait for @DouweM's review - [x] Wait for @jschatz1's review - [x] Respond to @jschatz1's comments - [x] Use the new dropdown style - [x] description should be moved to the description section without the styling - [x] Protect button should be disabled when no branch is selected - [x] Update screenshots - [x] Merge conflicts - [x] Make sure [build](https://gitlab.com/gitlab-org/gitlab-ce/commit/20f3cfe8d5540eab64c2ba548043d600b28c61ba/builds) passes - [ ] Revisit performance, possibly with staging/production data - [ ] Get a dump of staging / run against staging live - [ ] Get SSH access to staging - [ ] Wait for review/merge # Screenshots ## Creating wildcard protected branches ![1](/uploads/9446afccfdf6fa381e00c800dd2cc82e/1.png) ![2](/uploads/0b154503b297a818d3577488c575d845/2.png) ![3](/uploads/36217f79df9e41cc1550601f02627fe8/3.png) ![4](/uploads/041ca9bd529bcfa5373fca67e917cbcb/4.png) ### Using the `GLDropdown` component ![2016-06-30_14-16-15](/uploads/508afc2a5e2463c2954641409a560d88/2016-06-30_14-16-15.gif) ## Enforcing wildcard protected branches ### From the Web UI ![Screen_Shot_2016-06-20_at_1.21.18_PM](/uploads/8b5d4b1911e9152698a0488daf1880bc/Screen_Shot_2016-06-20_at_1.21.18_PM.png) ### Over SSH ![SSH](/uploads/7365989d7e4c406ef37b6ae5106442c9/SSH.gif) ### Over HTTPS ![HTTPS](/uploads/a7c0f56ae58efcffc75e6700fa2f4ac0/HTTPS.gif) ## Listing matching branches ![Screen_Shot_2016-06-20_at_1.33.44_PM](/uploads/d054113022f5d7ec64c0e57e501ac104/Screen_Shot_2016-06-20_at_1.33.44_PM.png) See merge request !4665
| * | | Modify the frontend for wildcard protected branches.Timothy Andrew2016-07-051-1/+1
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1. Allow entering any branch name for a protected branch. - Either pick from a list of options, or enter it manually - You can enter wildcards. 2. Display branches matching a protected branch. - Add a `ProtectedBranches#show` page that displays the branches matching the given protected branch, or a message if there are no matches. - On the `index` page, display the last commit for an exact match, or the number of matching branches for a wildcard match. - Add an `iid` column to `protected_branches` - this is what we use for the `show` page URL. - On the off chance that this feature is unnecessary, this commit encapsulates it neatly, so it can be removed without affecting anything else. 3. Remove the "Last Commit" column from the list of protected branches. - There's no way to pull these for wildcard protected branches, so it's best left for the `show` page. - Rename the `@branches` instance variable to `@protected_branches` - Minor styling changes with the "Unprotect" button - floated right like the "Revoke" button for personal access tokens 4. Paginate the list of protected branches. 5. Move the instructions to the left side of the page.
* | | Instrument Rinku usage18593-autofilter-rinku-instrumentationPaco Guzman2016-07-041-0/+2
|/ /
* | Enable Style/EmptyLines cop, remove redundant onesrubocop/enable-cops-for-empty-linesGrzegorz Bizon2016-07-012-6/+0
| |
* | Merge branch 'upgrade-sprockets-rails' into 'master' Robert Speicher2016-07-011-0/+3
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Upgrade sprockets and sprockets rails, remove quiet_assets ## What does this MR do? Upgrade Sprockets from 3.6.0 to 3.6.2. Changelog: https://github.com/rails/sprockets/blob/3.x/CHANGELOG.md Upgrade Sprockets Rails from 3.0.4 to 3.1.1. Changelog: https://github.com/rails/sprockets-rails/compare/v3.0.4...v3.1.1 quiet_assets has been seemingly abandoned, and now sprockets-rails has the feature built-in! The config was added in this PR: https://github.com/rails/sprockets-rails/pull/355 Working towards #14286. See merge request !5029
| * | Remove quiet_assets in favor of built-in sprockets-rails config.upgrade-sprockets-railsConnor Shea2016-06-301-0/+3
| | | | | | | | | | | | | | | | | | quiet_assets has been seemingly abandoned, and now sprockets-rails has the feature built-in! From this PR: https://github.com/rails/sprockets-rails/pull/355
* | | Metrics for Rouge::Plugins::Redcarpet and Rouge::Formatters::HTMLGitlab18592-syntaxhighlighter-slowPaco Guzman2016-07-011-0/+3
|/ /
* | Import from Github using Personal Access Tokens.Eric K Idema2016-06-302-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | This stands as an alternative to using OAuth to access a user's Github repositories. This is setup in such a way that it can be used without OAuth configuration. From a UI perspective, the how to import modal has been replaced by a full page, which includes a form for posting a personal access token back to the Import::GithubController. If the user has logged in via GitHub, skip the Personal Access Token and go directly to Github for an access token via OAuth.
* | Merge branch 'rack-request-trusted-proxies' into 'master' Douwe Maan2016-06-301-0/+13
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make Rack::Request use our trusted proxies when filtering IP addresses ## What does this MR do? This allows us to control the trusted proxies while deployed in a private network. ## Are there points in the code the reviewer needs to double check? If we want to limit what is impacted, we can do this specifically for the rack_attack request object. ## Why was this MR needed? Normally Rack::Request will trust all private IPs as trusted proxies, which can cause problems if your users are connection on you network via private IP ranges. Normally in a rails app this is handled by action_dispatch request, but rack_attack is specifically using the Rack::Request object instead. ## What are the relevant issue numbers? Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/17550 ## Does this MR meet the acceptance criteria? - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [ ] ~~[Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)~~ - [ ] ~~API support added~~ - Tests - [x] Added for this feature/bug - [x] All builds are passing - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [ ] Branch has no merge conflicts with `master` (if you do - rebase it please) - [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) \cc @stanhu See merge request !4958
| * | Make Rack::Request use our trusted proxies when filtering IP addressesrack-request-trusted-proxiesDJ Mountney2016-06-291-0/+13
| | | | | | | | | | | | | | | | | | This allows us to control the trusted proxies while deployed in a private network. Normally Rack::Request will trust all private IPs as trusted proxies, which can caue problems if your users are connection on you network via private IP ranges. Normally in a rails app this is handled by action_dispatch request, but rack_attack is specifically using the Rack::Request object instead.
* | | Merge branch 'issue-18886' into 'master' Dmitriy Zaporozhets2016-06-301-0/+6
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Loop all disks when displaying system info. Closes #18886 See merge request !4983
| * | | Loop all disks when displaying system infoissue-18886Josh Frye2016-06-291-0/+6
| | | |
* | | | Create (if necessary) and link the gitlab-shell secret file on the rake ↵shardsAlejandro Rodríguez2016-06-291-19/+1
| | | | | | | | | | | | | | | | install task
* | | | Refactor repository paths handling to allow multiple git mount pointsAlejandro Rodríguez2016-06-294-7/+46
| |/ / |/| |
* | | Enable Style/SpaceAfterComma Rubocop coprubocop/enable-space-after-copsGrzegorz Bizon2016-06-292-2/+2
| | |
* | | Enable Style/SpaceAfterColon Rubocop copsGrzegorz Bizon2016-06-291-1/+1
|/ /
* | Show basic system info on admin panel. Closes #18886Josh Frye2016-06-281-0/+1
|/
* Merge branch 'js-content-for' into 'master' Jacob Schatz2016-06-241-0/+2
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Re-implement page-specific JS in a better way. ## What does this MR do? This rebuilds the way we do page-specific JavaScript assets for a few reasons: - The current implementation does not work with Subresource Integrity (!4808) - The current implementation doesn't allow caching of libraries because each page we hook up with this system will have a separate application.js. Meaning that for every page that uses Ace Editor, we'd have to load Ace Editor plus any GitLab-specific scripts in the same file, making local caching of just Ace Editor impossible. - The current implementation is rather hacky. ## Are there points in the code the reviewer needs to double check? That Sprockets doesn't choke on this when we use precompiled assets. ## What are the relevant issue numbers? #14372 ## Does this MR meet the acceptance criteria? - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [x] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [x] API support added - Tests - [x] Added for this feature/bug - [x] All builds are passing - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) cc: @jschatz1 @pavelloz Thanks to @pavelloz for his example implementation which was very useful. See merge request !4883
| * Add precompilation for relevant assets.Connor Shea2016-06-231-0/+2
| |
* | Merge branch 'add-smtp-setting' into 'master' Stan Hu2016-06-241-0/+1
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | Add SMTP as default delivery method to match gitlab-org/omnibus-gitlab!826 Something happened after upgrading to 8.9RC5 that caused mail settings to be set to sendmail by default. gitlab-com/infrastructure#128 describes the issue in more detail. This MR mirrors the change in omnibus with gitlab-org/omnibus-gitlab!826. Closes #19132 See merge request !4915
View Lorry Controller Status